remove --verbose option

Author: yrutschle

ChangeLog

@@ -1,3 +1,14 @@
+vNEXT:
+	New log system: instead of --verbose with arbitrary
+	levels, there are now several message classes. Each
+	message class can be set to go to stderr, syslog, or
+	both. Classes are documented in example.cfg.
+
+	inetd merges stderr output to what is sent to the
+	client, which is a security issue as it might give
+	information to an attacker. When inetd is activated,
+	stderr is forcibly closed.
+
 v1.22: 17AUG2021
 	sslh-select now supports UDP protocols.
 	Probes specified in the `protocols`

example.cfg

@@ -12,11 +12,21 @@ user: "nobody";
 pidfile: "/var/run/sslh.pid";
 chroot: "/var/empty";
 
-verbose: 0;
-
 # Logging configuration
 # Value: 1: stdout; 2: syslog; 3: both
-verbose-config: 0; # config: print configuration at startup
+# Defaults are indicated here, and should be sensible. Generally, you want *-error
+# to be always enabled, to know if something is going wrong.
+verbose-config: 0; #  print configuration at startup
+verbose-config-error: 3;  # print configuration errors
+verbose-connections: 3; # trace established incoming address to forward address
+verbose-connections-error: 3; # connection errors
+verbose-connections-try: 0; # connection attempts towards targets
+verbose-fd: 0; # file descriptor activity, open/close/whatnot
+verbose-packets: 0; # hexdump packets on which probing is done
+verbose-probe-info: 0; # what's happening during the probe process
+verbose-probe-error: 3; # failures and problems during probing
+verbose-system-error: 3; # system call problem, i.e.  malloc, fork, failing
+verbose-int-error: 3; # internal errors, the kind that should never happen
 
 
 # Specify which syslog facility to use (names for your

probe.c

@@ -350,10 +350,8 @@ int probe_buffer(char* buf, int len, struct sslhcfg_protocols_item** proto)
     struct sslhcfg_protocols_item* p;
     int i, res, again = 0;
 
-    if (cfg.verbose > 1) {
-        print_message(msg_packets, "hexdump of incoming packet:\n");
-        hexdump(msg_packets, buf, len);
-    }
+    print_message(msg_packets, "hexdump of incoming packet:\n");
+    hexdump(msg_packets, buf, len);
 
     *proto = NULL;
     for (i = 0; i < cfg.protocols_len; i++) {

sslh-conf.c

@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Sep 26 16:54:06 2021. 
+ * on Mon Sep 27 13:21:48 2021. 
 
 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
@@ -454,7 +454,6 @@ struct arg_file* sslhcfg_conffile;
  struct arg_int* sslhcfg_verbose_probe_error;
  struct arg_int* sslhcfg_verbose_system_error;
  struct arg_int* sslhcfg_verbose_int_error;
- struct arg_int* sslhcfg_verbose;
  struct arg_lit* sslhcfg_version;
  struct arg_lit* sslhcfg_foreground;
  struct arg_lit* sslhcfg_inetd;
@@ -794,7 +793,7 @@ static struct config_desc table_sslhcfg_listen[] = {
         },
 	{ 0 }
 };
-                                                                                                                                                                                                                         
+                                                                                                                                                                                                                
 static struct config_desc table_sslhcfg[] = {
 
 
@@ -974,22 +973,6 @@ static struct config_desc table_sslhcfg[] = {
             /* default_val*/    .default_val.def_int = 3 
         },
 
-        { 
-            /* name */          "verbose", 
-            /* type */          CFG_INT, 
-            /* sub_group*/      NULL,
-            /* arg_cl */        & sslhcfg_verbose,
-            /* base_addr */     NULL,
-            /* offset */        offsetof(struct sslhcfg_item, verbose),
-            /* offset_len */    0,
-            /* offset_present */ 0,
-            /* size */          sizeof(int), 
-            /* array_type */    -1,
-            /* mandatory */     1, 
-            /* optional */      0, 
-            /* default_val*/    .default_val.def_int = 0 
-        },
-
         { 
             /* name */          "version", 
             /* type */          CFG_BOOL, 
@@ -1310,7 +1293,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: listen */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_listen,
-            .base_entry =      & table_sslhcfg [24],
+            .base_entry =      & table_sslhcfg [23],
             .targets =         sslhcfg_listen_targets,
 
 
@@ -1322,7 +1305,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: ssh */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_ssh,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_ssh_targets,
 
 
@@ -1334,7 +1317,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: tls */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_tls,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_tls_targets,
 
 
@@ -1346,7 +1329,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: openvpn */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_openvpn,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_openvpn_targets,
 
 
@@ -1358,7 +1341,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: tinc */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_tinc,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_tinc_targets,
 
 
@@ -1370,7 +1353,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: xmpp */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_xmpp,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_xmpp_targets,
 
 
@@ -1382,7 +1365,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: http */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_http,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_http_targets,
 
 
@@ -1394,7 +1377,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: adb */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_adb,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_adb_targets,
 
 
@@ -1406,7 +1389,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: socks5 */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_socks5,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_socks5_targets,
 
 
@@ -1418,7 +1401,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: syslog */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_syslog,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_syslog_targets,
 
 
@@ -1430,7 +1413,7 @@ static struct compound_cl_arg compound_cl_args[] = {
         {   /* arg: anyprot */
             .regex =           "(.+):(\\w+)",
             .arg_cl =          & sslhcfg_anyprot,
-            .base_entry =      & table_sslhcfg [25],
+            .base_entry =      & table_sslhcfg [24],
             .targets =         sslhcfg_anyprot_targets,
 
 
@@ -2106,7 +2089,6 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg)
          sslhcfg_verbose_probe_error = arg_intn(NULL, "verbose-probe-error", "<n>", 0, 1, ""),
          sslhcfg_verbose_system_error = arg_intn(NULL, "verbose-system-error", "<n>", 0, 1, ""),
          sslhcfg_verbose_int_error = arg_intn(NULL, "verbose-int-error", "<n>", 0, 1, ""),
-         sslhcfg_verbose = arg_intn("v", "verbose", "<n>", 0, 1, ""),
          sslhcfg_version = arg_litn("V", "version", 0, 1, "Print version information and exit"),
          sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"),
          sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"),
@@ -2308,9 +2290,6 @@ void sslhcfg_fprint(
         fprintf(out, "verbose_int_error: %d", sslhcfg->verbose_int_error);
         fprintf(out, "\n");
         indent(out, depth);
-        fprintf(out, "verbose: %d", sslhcfg->verbose);
-        fprintf(out, "\n");
-        indent(out, depth);
         fprintf(out, "version: %d", sslhcfg->version);
         fprintf(out, "\n");
         indent(out, depth);

sslh-conf.h

@@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Sep 26 16:54:06 2021. 
+ * on Mon Sep 27 13:21:48 2021. 
 
 # conf2struct: generate libconf parsers that read to structs
 # Copyright (C) 2018-2021  Yves Rutschle
@@ -85,7 +85,6 @@ struct sslhcfg_item {
 	int	verbose_probe_error;
 	int	verbose_system_error;
 	int	verbose_int_error;
-	int	verbose;
 	int	version;
 	int	foreground;
 	int	inetd;

sslh-main.c

@@ -196,7 +196,6 @@ int main(int argc, char *argv[], char* envp[])
 
    if (cfg.inetd)
    {
-       cfg.verbose = 0;
        close(fileno(stderr)); /* Make sure no error will go to client */
        start_shoveler(0);
        exit(0);

sslhconf.cfg

@@ -39,7 +39,6 @@ config: {
             { name: "verbose-system-error"; type: "int"; default: 3; },
             { name: "verbose-int-error"; type: "int"; default: 3; },
 
-            { name: "verbose"; type: "int"; short: "v" }, # to delete
             { name: "version"; type: "bool"; default: false;
               short: "V";
               description: "Print version information and exit"; },

test.cfg

@@ -1,7 +1,6 @@
 # Configuration file for testing (use both by sslh under
 # test and the test script `t`)
 
-verbose: 4;
 foreground: true;
 inetd: false;
 numeric: true;
@@ -15,16 +14,17 @@ syslog_facility: "auth";
 # Value: 1: stdout; 2: syslog; 3: both
 # Defaults should be sensible. Generally, you want *-error
 # to be always enabled, to know if something is going wrong.
-#verbose-config: 3; # config: print configuration at startup
-#verbose-config-error: 3;  #config-error: print configuration errors
-#verbose-connections: 3;  #config-connections: track connections
-#verbose-fd: 3; # file descriptor activity, open/close/whatnot
+verbose-config: 3; #  print configuration at startup
+verbose-config-error: 3;  # print configuration errors
+verbose-connections: 3; # trace established incoming address to forward address
+verbose-connections-error: 3; # connection errors
+verbose-connections-try: 3; # connection attempts towards targets
+verbose-fd: 3; # file descriptor activity, open/close/whatnot
 verbose-packets: 3; # hexdump packets on which probing is done
-#verbose-system-error: 3; # system call problem, i.e.  malloc, fork, failing
-#verbose-int-error: 3; # internal errors, the kind that should never happen
-#verbose-connections-try: 3; # connection attempts towards targets
-#verbose-connections: 3; # trace established incoming address to forward address
-# verbose-connections-error: 3; # connection errors
+verbose-probe-info: 3; # what's happening during the probe process
+verbose-probe-error: 3; # failures and problems during probing
+verbose-system-error: 3; # system call problem, i.e.  malloc, fork, failing
+verbose-int-error: 3; # internal errors, the kind that should never happen
 
 # List of interfaces on which we should listen
 # Options: