Building v2.2.4 and systemd #505
Description
My setup
- Ubuntu 22.04
Makefile
VERSION=$(shell ./genver.sh -r)
# Configuration -- you probably need to `make clean` if you
# change any of these
# uncomment the following line to disable landlock
# override undefine HAVE_LANDLOCK
ENABLE_SANITIZER=false # Enable ASAN/LSAN/UBSAN
ENABLE_REGEX=1 # Enable regex probes
USELIBCONFIG=1 # Use libconfig? (necessary to use configuration files)
USELIBEV=1 # Use libev?
USESYSTEMD=1 # Make use of systemd socket activation
COV_TEST=false # Perform test coverage?
PREFIX?=/usr
BINDIR?=$(PREFIX)/sbin
MANDIR?=$(PREFIX)/share/man/man8
MAN=sslh.8.gz # man page name
# End of configuration -- the rest should take care of
# itself
ifneq ($(strip $(ENABLE_SANITIZER)),)
CFLAGS_SAN=-fsanitize=address -fsanitize=leak -fsanitize=undefined -fsanitize=alignment
endif
ifneq ($(strip $(COV_TEST)),)
CFLAGS_COV=-fprofile-arcs -ftest-coverage
endif
CC ?= gcc
AR ?= ar
CFLAGS +=-Wall -O2 -DLIBPCRE -g $(CFLAGS_COV) $(CFLAGS_SAN)
LIBS=-lm -lpcre2-8 -lwrap -lcap -lbsd
OBJS=sslh-conf.o common.o log.o sslh-main.o probe.o tls.o argtable3.o collection.o gap.o tcp-probe.o landlock.o proxyprotocol.o
OBJS_A=libsslh.a
FORK_OBJS=sslh-fork.o $(OBJS_A)
SELECT_OBJS=processes.o udp-listener.o sslh-select.o hash.o tcp-listener.o $(OBJS_A)
EV_OBJS=processes.o udp-listener.o sslh-ev.o hash.o tcp-listener.o $(OBJS_A)
CONDITIONAL_TARGETS=
ifneq ($(strip $(ENABLE_REGEX)),)
CPPFLAGS+=-DENABLE_REGEX
endif
ifneq ($(strip $(USELIBCONFIG)),)
LIBS:=$(LIBS) -lconfig
CPPFLAGS+=-DLIBCONFIG
endif
ifneq ($(strip $(USESYSTEMD)),)
LIBS:=$(LIBS) -lsystemd
CPPFLAGS+=-DSYSTEMD
CONDITIONAL_TARGETS+=systemd-sslh-generator
endif
ifneq ($(strip $(USELIBEV)),)
CONDITIONAL_TARGETS+=sslh-ev
endif
all: sslh-fork sslh-select $(MAN) echosrv $(CONDITIONAL_TARGETS)
%.o: %.c %.h version.h
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
$(OBJS_A): $(OBJS)
$(AR) rcs $(OBJS_A) $(OBJS)
version.h:
./genver.sh >version.h
$(OBJS) $(FORK_OBJS) $(SELECT_OBJS) $(EV_OBJS): argtable3.h collection.h common.h gap.h hash.h log.h probe.h processes.h sslh-conf.h tcp-listener.h tcp-probe.h tls.h udp-listener.h version.h
c2s:
conf2struct sslhconf.cfg
conf2struct echosrv.cfg
sslh-conf.c sslh-conf.h: sslhconf.cfg
$(warning "sslhconf.cfg is more recent than sslh-conf.[ch]. Use `make c2s` to rebuild using `conf2struct`")
sslh-fork: version.h Makefile $(FORK_OBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-fork $(FORK_OBJS) $(LIBS)
sslh-select: version.h $(SELECT_OBJS) Makefile
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-select $(SELECT_OBJS) $(LIBS)
sslh-ev: version.h $(EV_OBJS) Makefile
$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-ev $(EV_OBJS) $(LIBS) -lev
systemd-sslh-generator: systemd-sslh-generator.o
$(CC) $(CFLAGS) $(LDFLAGS) -o systemd-sslh-generator systemd-sslh-generator.o -lconfig
echosrv-conf.c echosrv-conf.h: echosrv.cfg
$(warning "echosrv.cfg is more recent than echosrv-conf.[ch]. Use `make c2s` to rebuild using `conf2struct`")
echosrv: version.h echosrv-conf.c echosrv.o echosrv-conf.o argtable3.o
$(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o echosrv-conf.o argtable3.o $(LIBS)
landlock.o: config.h
$(MAN): sslh.pod Makefile
pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip -9 - > $(MAN)
# Create release: export clean tree and tag current
# configuration
release:
git archive $(VERSION) --prefix="sslh-$(VERSION)/" | gzip > /tmp/sslh-$(VERSION).tar.gz
gpg --detach-sign --armor /tmp/sslh-$(VERSION).tar.gz
# Build docker image
docker:
docker image build -t "sslh:${VERSION}" .
docker image tag "sslh:${VERSION}" sslh:latest
docker-clean:
yes | docker image rm "sslh:${VERSION}" sslh:latest
yes | docker image prune
# generic install: install binary and man page
install: sslh-fork $(MAN)
mkdir -p $(DESTDIR)/$(BINDIR)
mkdir -p $(DESTDIR)/$(MANDIR)
install -p sslh-fork $(DESTDIR)/$(BINDIR)/sslh
install -p -m 0644 $(MAN) $(DESTDIR)/$(MANDIR)/$(MAN)
# "extended" install for Debian: install startup script
install-debian: install sslh $(MAN)
sed -e "s+^PREFIX=+PREFIX=$(PREFIX)+" scripts/etc.init.d.sslh > /etc/init.d/sslh
chmod 755 /etc/init.d/sslh
update-rc.d sslh defaults
uninstall:
rm -f $(DESTDIR)$(BINDIR)/sslh $(DESTDIR)$(MANDIR)/$(MAN) $(DESTDIR)/etc/init.d/sslh $(DESTDIR)/etc/default/sslh
update-rc.d sslh remove
distclean: clean
rm -f tags sslh-conf.[ch] echosrv-conf.[ch] cscope.*
clean:
rm -f sslh-fork sslh-select $(CONDITIONAL_TARGETS) echosrv version.h $(MAN) systemd-sslh-generator *.o *.gcov *.gcno *.gcda *.png *.html *.css *.info
tags: *.c *.h
ctags *.[ch]
cscope:
-find . -name "*.[chS]" >cscope.files
-cscope -b -R
test:
./t
systemd file
[Unit]
Description=SSLH Event Multiplexer
After=syslog.target network.target
[Service]
Type=simple
User=nobody
#Group=nobody
ExecStart=/usr/sbin/sslh-ev -F /etc/sslh.cfg
WorkingDirectory=/usr
TimeoutSec=30
RestartSec=2
StandardOutput=journal
StandardError=journal
SyslogIdentifier=sslh
Restart=always
### Modify these two values and uncomment them if you have repos with lots of files and get an HTTP error 500 because of that
LimitMEMLOCK=infinity
LimitNOFILE=65535
### If you want to bind Gitea to a port below 1024 uncomment the two values below
CapabilityBoundingSet=CAP_NET_BIND_SERVICE,CAP_NET_ADMIN=+ep
AmbientCapabilities=CAP_NET_BIND_SERVICE,CAP_NET_ADMIN=+ep
[Install]
WantedBy=multi-user.target
Error
When starting the service using sudo service sslh start, it starts, regurgitates this error
~/Gits/sslh-ev$ sudo /usr/sbin/sslh-ev -F /etc/sslh.cfg
=================================================================
==48250==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1d2c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
#1 0x7f72faf630d0 (/lib/x86_64-linux-gnu/libconfig.so.9+0x80d0)
Indirect leak of 3328 byte(s) in 24 object(s) allocated from:
#0 0x7f72fb1d2c38 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
#1 0x7f72faf5ea03 (/lib/x86_64-linux-gnu/libconfig.so.9+0x3a03)
Indirect leak of 1472 byte(s) in 23 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5e987 (/lib/x86_64-linux-gnu/libconfig.so.9+0x3987)
Indirect leak of 384 byte(s) in 24 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5ea1e (/lib/x86_64-linux-gnu/libconfig.so.9+0x3a1e)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1d2a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7f72faf5eada in config_init (/lib/x86_64-linux-gnu/libconfig.so.9+0x3ada)
Indirect leak of 17 byte(s) in 2 object(s) allocated from:
#0 0x7f72fb1799a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f72faf5e99b (/lib/x86_64-linux-gnu/libconfig.so.9+0x399b)
Indirect leak of 14 byte(s) in 1 object(s) allocated from:
#0 0x7f72fb1799a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f72faf63133 in scanctx_init (/lib/x86_64-linux-gnu/libconfig.so.9+0x8133)
SUMMARY: AddressSanitizer: 5535 byte(s) leaked in 76 allocation(s).
What am I missing here?
If I start it manually with /usr/sbin/sslh-ev -F /etc/sslh.cfg I get the error above, but sslh is running and multiplexes my traffic.