sslh: update to 2.3.0, add libproxyprotocol support

libs/libproxyprotocol/Makefile

@@ -0,0 +1,55 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libproxyprotocol
+PKG_VERSION:=1.2.1
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/kosmas-valianos/libproxyprotocol.git
+PKG_MIRROR_HASH:=b9df47965da23de7f266549d13af232190aafb5562b6f398bafc182be954fb31
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+
+PKG_LICENSE:=LGPL-3.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libproxyprotocol
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=PROXY Protocol v1/v2 parsing library
+  URL:=https://github.com/kosmas-valianos/libproxyprotocol
+endef
+
+define Package/libproxyprotocol/description
+  An ANSI C library to parse and create PROXY Protocol v1 and v2 headers.
+endef
+
+TARGET_CFLAGS += -fPIC
+MAKE_FLAGS += \
+	CC="$(TARGET_CC)" \
+	CFLAGS="$(TARGET_CFLAGS)"
+
+define Build/Compile
+	$(MAKE) build -C $(PKG_BUILD_DIR) $(MAKE_FLAGS)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/src/proxy_protocol.h $(1)/usr/include/
+	$(CP) $(PKG_BUILD_DIR)/libs/libproxyprotocol.so $(1)/usr/lib/
+endef
+
+define Package/libproxyprotocol/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/libs/libproxyprotocol.so $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libproxyprotocol))

net/sslh/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sslh
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.3.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://rutschle.net/tech/sslh/
-PKG_HASH:=dce8e1a77f48017b5164486084f000d9f20de2d54d293385aec18d606f9c61d9
+PKG_HASH:=09e9b572ca1e7fe2ccfb0de2bcfbc316638a8d82b86fedd253ddf81392e8fd38
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
 
 PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
@@ -28,7 +28,7 @@ define Package/sslh
   CATEGORY:=Network
   SUBMENU:=Routing and Redirection
   TITLE:=SSL/SSH multiplexer
-  DEPENDS:=+libconfig +libcap +libpcre2
+  DEPENDS:=+libconfig +libcap +libpcre2 +libproxyprotocol
   URL:=https://rutschle.net/tech/sslh/README.html
 endef
 

net/sslh/patches/002-segfault-fix.patch

@@ -0,0 +1,133 @@
+From 894eacfb421aac93ea2846b1404173f3c44b9a9e Mon Sep 17 00:00:00 2001
+From: yrutschle <git1@rutschle.net>
+Date: Wed, 29 Oct 2025 19:39:04 +0100
+Subject: [PATCH] Fix sslh-fork segmentation fault (Fix #508)
+
+---
+ ChangeLog     |  3 +++
+ common.h      |  2 +-
+ sslh-ev.c     |  2 +-
+ sslh-fork.c   | 21 +++++++++++++++++++--
+ sslh-main.c   |  5 +----
+ sslh-select.c |  2 +-
+ 6 files changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 4bd195a..0d1f94f 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,6 @@
++vNEXT:
++	Fix segmentation fault in sslh-fork.
++
+ v2.3.0:
+ 	Added `max_connections` setting to `listen` and
+ 	`protocol` configuration; see the
+diff --git a/common.h b/common.h
+index 0aac1d4..df58ebf 100644
+--- a/common.h
++++ b/common.h
+@@ -204,7 +204,7 @@ extern int hosts_ctl();
+ #endif
+
+ /* sslh-fork.c */
+-void start_shoveler(int);
++void main_inetd(void);
+
+ void main_loop(struct listen_endpoint *listen_sockets, int num_addr_listen);
+
+diff --git a/sslh-ev.c b/sslh-ev.c
+index 12a486e..f9b82ed 100644
+--- a/sslh-ev.c
++++ b/sslh-ev.c
+@@ -221,7 +221,7 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen)
+     ev_run(EV_A_ 0);
+ }
+
+-void start_shoveler(int listen_socket) {
++void main_inetd(void) {
+     print_message(msg_config_error, "inetd mode is not supported in libev mode\n");
+     exit(1);
+ }
+diff --git a/sslh-fork.c b/sslh-fork.c
+index 02db38c..eec6009 100644
+--- a/sslh-fork.c
++++ b/sslh-fork.c
+@@ -69,7 +69,7 @@ int shovel(struct connection *cnx)
+
+ /* Child process that finds out what to connect to and proxies 
+  */
+-void start_shoveler(int in_socket)
++static void start_shoveler(int in_socket, struct listen_endpoint* endpoint)
+ {
+    fd_set fds;
+    struct timeval tv;
+@@ -79,6 +79,7 @@ void start_shoveler(int in_socket)
+
+    init_cnx(&cnx);
+    cnx.q[0].fd = in_socket;
++   cnx.endpoint = endpoint;
+
+    FD_ZERO(&fds);
+    FD_SET(in_socket, &fds);
+@@ -130,6 +131,22 @@ void start_shoveler(int in_socket)
+    exit(0);
+ }
+
++
++void main_inetd(void)
++{
++    struct listen_endpoint endpoint = {0};
++    struct sslhcfg_listen_item endpoint_cfg = {0};
++
++    /* Empty configuration: no connection limits, not proxyprotocol... */
++    endpoint.endpoint_cfg = &endpoint_cfg;
++
++    close(fileno(stderr)); /* Make sure no error will go to client */
++    tcp_init();
++    start_shoveler(0, &endpoint);
++    exit(0);
++}
++
++
+ static pid_t *listener_pid;
+ static int listener_pid_number = 0;
+
+@@ -252,7 +269,7 @@ void tcp_listener(struct listen_endpoint* endpoint, int num_endpoints, int activ
+                  /* Shoveler processes don't need to hog file descriptors */
+                  for (i = 0; i < num_endpoints; i++)
+                      close(endpoint[i].socketfd);
+-                 start_shoveler(in_socket);
++                 start_shoveler(in_socket, endpoint);
+                  exit(0);
+
+         default: /* In parent process */
+diff --git a/sslh-main.c b/sslh-main.c
+index 94cd6c6..fd4a967 100644
+--- a/sslh-main.c
++++ b/sslh-main.c
+@@ -308,10 +308,7 @@ int main(int argc, char *argv[], char* envp[])
+
+    if (cfg.inetd)
+    {
+-       close(fileno(stderr)); /* Make sure no error will go to client */
+-       tcp_init();
+-       start_shoveler(0);
+-       exit(0);
++       main_inetd();  /* Does not return */
+    }
+
+    printsettings();
+diff --git a/sslh-select.c b/sslh-select.c
+index 5893123..376ff6a 100644
+--- a/sslh-select.c
++++ b/sslh-select.c
+@@ -292,7 +292,7 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen)
+ }
+
+
+-void start_shoveler(int listen_socket) {
++void main_inetd(void) {
+     print_message(msg_config_error, "inetd mode is not supported in select mode\n");
+     exit(1);
+ }