[stunnel-users] stunnel patch for extra logging

• Previous message (by thread): [stunnel-users] Infinite client timeout
• Next message (by thread): [stunnel-users] stunnel patch for extra logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

we use stunnel in server-mode where an SSL enabled client can connect to
our stunnel, and then stunnel connects to a non-SSL backend server.
The backend server logs incoming connections from stunnel (source IP and
port), but stunnel doesn't log the same information. This makes it
difficult to match logs between stunnel and the backend.

This patch solves exactly this problem.

I rewrote the patch so that it can be cleanly applied to any future (and
past) version of stunnel.

>From the website:
"How do I get a patch included into the release versions of Stunnel?
 Only patches released into the public domain stand a chance of getting into the actual Stunnel source. This means revised BSD patches are likely acceptable. Original BSD and GNU patches are not for example."

Since I would like very much that this patch makes it into the next release, I'll release it into the public domain or any other license that makes this possible.

kind regards,
Steven
-- 
My amazon wishlist:
http://www.amazon.com/gp/registry/1DB4XNEIEQBPB
-------------- next part --------------
diff -Naur stunnel-4.18/src/client.c stunnel-4.18-extra-logging/src/client.c
--- stunnel-4.18/src/client.c	2006-08-23 11:35:32.000000000 +0200
+++ stunnel-4.18-extra-logging/src/client.c	2006-10-05 10:20:03.672581056 +0200
@@ -928,6 +928,18 @@
 }
 #endif
 
+void connect_log_source(int s) {
+    struct sockaddr_in cliaddr;
+    socklen_t cliaddrlen = sizeof(struct sockaddr_in);
+
+    memset(&cliaddr, 0, sizeof(cliaddr));
+    if (getsockname(s, (struct sockaddr *) &cliaddr, &cliaddrlen)) {
+        sockerror("getsockname() error");
+    } else {
+        s_log(LOG_NOTICE,"connected to backend from %s:%d", inet_ntoa(cliaddr.sin_addr), ntohs(cliaddr.sin_port));
+    }
+}
+
 static int connect_remote(CLI *c) { /* connect to remote host */
     SOCKADDR_UNION bind_addr, addr;
     SOCKADDR_LIST resolved_list, *address_list;
@@ -975,6 +987,7 @@
         if(!connect(c->fd, &addr.sa, addr_len(addr))) {
             fd=c->fd;
             c->fd=-1;
+            connect_log_source(fd);
             return fd; /* no error -> success (should not be possible) */
         }
         error=get_last_socket_error();
@@ -989,6 +1002,7 @@
             longjmp(c->err, 1);
         fd=c->fd;
         c->fd=-1;
+        connect_log_source(fd);
         return fd; /* success! */
     }
     longjmp(c->err, 1);

• Previous message (by thread): [stunnel-users] Infinite client timeout
• Next message (by thread): [stunnel-users] stunnel patch for extra logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]