![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / hoststated
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.97, Fri Dec 7 17:27:07 2007 UTC (16 years, 5 months ago) by deraadt
Branch: MAIN
CVS Tags: HEAD
Changes since 1.96: +1 -1 lines
FILE REMOVED
hoststated/hoststatectl get repository copied (and de-tagged) into relayd/relayctl. This is a more suitable place for a daemon that has grown out of it's initial roots of "monitoring and redirecting services at various layers", into one that is "a full featured proxy, which happens to know what is up/down"
Revision 1.96 / (download) - annotate - [select for diffs], Mon Nov 26 09:38:25 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.95: +16 -2 lines
Diff to previous 1.95 (colored)
allow to add labels to protocol actions, they will be printed in http error pages and can be used to refer to additional information. ok pyr@
Revision 1.95 / (download) - annotate - [select for diffs], Sat Nov 24 17:07:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.94: +3 -2 lines
Diff to previous 1.94 (colored)
sort includes, adjust to style(9)
Revision 1.94 / (download) - annotate - [select for diffs], Fri Nov 23 09:39:42 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.93: +39 -14 lines
Diff to previous 1.93 (colored)
re-implement the "mark" action and document it in the manpage: it is possible to attach a mark to a session based on matching an entity (header, url, cookie, ...) and add conditional action for this mark. it works a bit like the tag/tagged keywords in pf, but i decided to pick a different name to avoid confusion. ok pyr@ gilles@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Nov 22 10:09:53 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.92: +45 -2 lines
Diff to previous 1.92 (colored)
add (new) "url" protocol action, this can be used to match/filter URL suffix/prefix expressions like "example.com/index.html?args". a digest mode allows to match against anonymized SHA1/MD5 digests of suffix/prefix expressions.
Revision 1.92 / (download) - annotate - [select for diffs], Wed Nov 21 20:31:03 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
spacing
Revision 1.91 / (download) - annotate - [select for diffs], Wed Nov 21 20:24:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.90: +19 -1 lines
Diff to previous 1.90 (colored)
extend action grammar with "filter value" and "expect value" as a short form for "filter * from value" or "expect * from value".
Revision 1.90 / (download) - annotate - [select for diffs], Wed Nov 21 20:13:20 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.89: +30 -20 lines
Diff to previous 1.89 (colored)
move digest string handling into an extra function.
Revision 1.89 / (download) - annotate - [select for diffs], Wed Nov 21 14:12:04 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.88: +6 -6 lines
Diff to previous 1.88 (colored)
rename the "url" filter action to "query" to use the correct term. please update your hoststated.conf configurations. also add more examples to the manpage. alright pyr@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Nov 21 13:04:42 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.87: +15 -5 lines
Diff to previous 1.87 (colored)
allow the http digest type to be either SHA1 or MD5 determined by the digest string length; it is compatible to any existing SHA1-only configurations. ok pyr@ gilles@
Revision 1.87 / (download) - annotate - [select for diffs], Tue Nov 20 17:08:44 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.86: +5 -1 lines
Diff to previous 1.86 (colored)
allow to use the "include" directive in tables, services, relays, and protocols. ok pyr@
Revision 1.86 / (download) - annotate - [select for diffs], Tue Nov 20 15:54:55 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.85: +23 -2 lines
Diff to previous 1.85 (colored)
it may be desirable to send a HTTP error page with error code and a meaningful message if a HTTP/HTTPS relay closes the connection for some reason. for example, a "403 Forbidden" if the request was rejected by a filter. this will be enabled with the "return error" option and is disabled by default, the standard behaviour is to silently drop the connection; the browser may display an empty page in this case. the look+feel of the HTTP error page can be customized with a CSS style sheet, but we do not intend to allow customization of the error page contents (hoststated is not a webserver!). ok pyr@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Nov 20 15:44:21 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.84: +10 -1 lines
Diff to previous 1.84 (colored)
Allow overriding the global interval in a table. Table specific intervals must be multiples of the global interval. help and ok reyk@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Nov 19 15:31:36 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.83: +10 -9 lines
Diff to previous 1.83 (colored)
spacing
Revision 1.83 / (download) - annotate - [select for diffs], Mon Nov 19 15:20:18 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
knf (replace some ';;' with a single ';')
Revision 1.82 / (download) - annotate - [select for diffs], Mon Nov 19 14:48:19 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.81: +13 -8 lines
Diff to previous 1.81 (colored)
rework the internal handling of protocol actions a little bit: - allow to use a key for multiple times by appending a queue of additional matches to the tree node. for example, this allows to specify multiple "expect" or "filter" actions to white-/black-list a list of HTTP-headers, URLs, .. - prevent specifing an HTTP header for multiple times when using the expect action. - minor code shuffling
Revision 1.81 / (download) - annotate - [select for diffs], Mon Nov 19 14:41:05 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.80: +3 -1 lines
Diff to previous 1.80 (colored)
always enable "late connect" relay mode if an "expect" or "filter" action has been specified for the protocol. late connect mode first reads the complete request (HTTP header) before opening the inbound connection instead of relaying it line-by-line.
Revision 1.80 / (download) - annotate - [select for diffs], Thu Nov 15 17:02:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.79: +8 -5 lines
Diff to previous 1.79 (colored)
Do not insert proto_default inside the dynamically alloced protocol queue. Handle it as a special case in the one place where it actually matters instead.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Nov 14 15:58:04 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.78: +7 -1 lines
Diff to previous 1.78 (colored)
reset global variables everytime we enter parse_config.
Revision 1.78 / (download) - annotate - [select for diffs], Wed Nov 14 10:59:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.77: +8 -7 lines
Diff to previous 1.77 (colored)
make protos dynamic too
Revision 1.77 / (download) - annotate - [select for diffs], Mon Nov 12 23:59:41 2007 UTC (16 years, 6 months ago) by mpf
Branch: MAIN
Changes since 1.76: +2 -10 lines
Diff to previous 1.76 (colored)
Remove space/tab compression function from lgetc() and replace it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@
Revision 1.76 / (download) - annotate - [select for diffs], Sun Nov 4 18:47:17 2007 UTC (16 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.75: +1 -2 lines
Diff to previous 1.75 (colored)
Not using all defined protocols is not a hard error. Just print a warning but start anyway. OK reyk@
Revision 1.75 / (download) - annotate - [select for diffs], Mon Oct 22 16:53:30 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.74: +6 -1 lines
Diff to previous 1.74 (colored)
load certificates text at parse time. then load them in relay processes. this separation will ease reload a bit more. ok reyk@ who spotted a stupid mistake again...
Revision 1.74 / (download) - annotate - [select for diffs], Mon Oct 22 12:18:15 2007 UTC (16 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.73: +18 -2 lines
Diff to previous 1.73 (colored)
add support for the include directive to the configuration file parser, based on the existing hostapd/pfctl code. ok pyr@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Oct 22 08:52:19 2007 UTC (16 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
do not check the file secrecy of hoststated.conf, there is no need to enforce the file ownership and permissions to root:wheel 0400 because we have nothing to hide. ok pyr@
Revision 1.72 / (download) - annotate - [select for diffs], Fri Oct 19 17:33:35 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
print system error when fopen fails.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 19 14:40:51 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.70: +1 -7 lines
Diff to previous 1.70 (colored)
Do log initialisation correctly, like bgpd does. This removes the double warn/log_warn madness i introduced yesterday. This also keeps messages on stderr at startup and when running with -n.
Revision 1.70 / (download) - annotate - [select for diffs], Fri Oct 19 14:15:14 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.69: +7 -6 lines
Diff to previous 1.69 (colored)
Move relays from static TAILQs to allocated ones. This syncs it with other hoststated entities and will make reload easier. This is step 1 out of 7 for reload.
Revision 1.69 / (download) - annotate - [select for diffs], Fri Oct 19 09:08:05 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.68: +7 -1 lines
Diff to previous 1.68 (colored)
keep log_warn messages to be informed when a failure occurs during a reload.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Oct 18 20:52:12 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.67: +6 -9 lines
Diff to previous 1.67 (colored)
unbreak tree
Revision 1.67 / (download) - annotate - [select for diffs], Thu Oct 18 20:49:06 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.66: +11 -8 lines
Diff to previous 1.66 (colored)
extra arg to warn slipped through.
Revision 1.66 / (download) - annotate - [select for diffs], Thu Oct 18 20:32:38 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.65: +8 -6 lines
Diff to previous 1.65 (colored)
repair file security warnings; ok pyr
Revision 1.65 / (download) - annotate - [select for diffs], Tue Oct 16 20:01:23 2007 UTC (16 years, 7 months ago) by mpf
Branch: MAIN
Changes since 1.64: +2 -2 lines
Diff to previous 1.64 (colored)
Allow '=' to end a number in all lexers. Requested and OK deraadt@
Revision 1.64 / (download) - annotate - [select for diffs], Tue Oct 16 06:06:49 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.63: +4 -2 lines
Diff to previous 1.63 (colored)
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr
Revision 1.63 / (download) - annotate - [select for diffs], Sat Oct 13 16:35:21 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.62: +144 -64 lines
Diff to previous 1.62 (colored)
in all these programs using the same pfctl-derived parse.y, re-unify the yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas.
Revision 1.62 / (download) - annotate - [select for diffs], Thu Oct 11 14:39:17 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.61: +21 -21 lines
Diff to previous 1.61 (colored)
next step in the yylex unification: handle quoted strings in a nicer fashion as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others
Revision 1.61 / (download) - annotate - [select for diffs], Tue Oct 9 22:32:52 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
use macro argument
Revision 1.60 / (download) - annotate - [select for diffs], Fri Oct 5 15:50:56 2007 UTC (16 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)
cast to an int
Revision 1.59 / (download) - annotate - [select for diffs], Tue Oct 2 21:04:13 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.58: +28 -29 lines
Diff to previous 1.58 (colored)
stop messing with lgetc to please hoststated's check/expect. instead move some of the logic in yylex and do hoststated specific translations into hoststated.c ok gilles@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Oct 2 07:21:04 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.57: +11 -5 lines
Diff to previous 1.57 (colored)
clean up merged code.
Revision 1.57 / (download) - annotate - [select for diffs], Mon Oct 1 19:12:33 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.56: +103 -47 lines
Diff to previous 1.56 (colored)
Add NUMBER to hoststated's lexer, very similar to what has gone in in the other daemons recently. Prompted and based on work by deraadt@ proofread and ok gilles@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Oct 1 12:34:02 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
keep lines < 80.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Sep 28 13:29:56 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
Correct my mail address.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Sep 10 11:59:22 2007 UTC (16 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.53: +3 -1 lines
Diff to previous 1.53 (colored)
add support for relaying DNS traffic (with a little bit of packet header randomization). this adds an infrastructure to support UDP-based protocols. ok gilles@, tested by some
Revision 1.53 / (download) - annotate - [select for diffs], Fri Sep 7 07:54:58 2007 UTC (16 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
store the table's port as the relay's dstport
Revision 1.52 / (download) - annotate - [select for diffs], Wed Sep 5 08:48:42 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
store relay sessions in SPLAY trees instead of TAILQ lists. this will be used for faster lookups of sessions based on different criteria. ok pyr@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Sep 4 14:15:05 2007 UTC (16 years, 9 months ago) by pyr
Branch: MAIN
Changes since 1.50: +23 -10 lines
Diff to previous 1.50 (colored)
Add the ability to specify a host header when using http(s) check methods. Prodded by me, done by Gille Chehade <veins@evilkittens.org> ok reyk, jmc for the manpage bits.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Jul 5 09:42:26 2007 UTC (16 years, 11 months ago) by thib
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.49: +7 -5 lines
Diff to previous 1.49 (colored)
use a more traditional while() instead of for() for getopt(). sync usage() to the man page. format string fixes. complain about failed calloc()'s instead of exiting silently. ok pry@,reyk@
Revision 1.49 / (download) - annotate - [select for diffs], Thu May 31 18:58:09 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.48: +3 -1 lines
Diff to previous 1.48 (colored)
do not forget to store table and backup table ids in the service configuration struct.
Revision 1.48 / (download) - annotate - [select for diffs], Thu May 31 18:20:03 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.47: +4 -1 lines
Diff to previous 1.47 (colored)
make sure object ids are reset before parsing the configuration file again.
Revision 1.47 / (download) - annotate - [select for diffs], Thu May 31 03:24:05 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.46: +14 -12 lines
Diff to previous 1.46 (colored)
allocate table lists and service lists instead of using static structs. split the code to start the event loop in two functions. introduce merge_config which will be used later on.
Revision 1.46 / (download) - annotate - [select for diffs], Tue May 29 18:59:54 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.45: +4 -1 lines
Diff to previous 1.45 (colored)
do not start relay processes when no L7 load balancing is needed. ok reyk@
Revision 1.45 / (download) - annotate - [select for diffs], Tue May 29 17:12:04 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.44: +14 -2 lines
Diff to previous 1.44 (colored)
add a new check method which allows to run external scripts/programs for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.
Revision 1.44 / (download) - annotate - [select for diffs], Tue May 29 00:48:04 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.43: +10 -5 lines
Diff to previous 1.43 (colored)
move the ssl cipher suite string to a (small) static charbuf, this will make it easier to send the struct over the socket.
Revision 1.43 / (download) - annotate - [select for diffs], Tue May 29 00:21:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.42: +49 -41 lines
Diff to previous 1.42 (colored)
move struct relay to the runtime + config scheme. this time around, include hoststatectl changes too.
Revision 1.42 / (download) - annotate - [select for diffs], Mon May 28 17:37:16 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.41: +2 -1 lines
Diff to previous 1.41 (colored)
store the configuration file's path, this will be useful when reloading.
Revision 1.41 / (download) - annotate - [select for diffs], Sun May 27 20:53:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.40: +99 -82 lines
Diff to previous 1.40 (colored)
Second step towards hoststated reload: First split out hosts, tables and services into to structs, one that contains the runtime fields and one (inside the runtime) that contains mostly static fields that will be sent over the socket during reload. Also move the demoted field of tables inside the flags field as its just a boolean. ok reyk@
Revision 1.40 / (download) - annotate - [select for diffs], Sun May 27 19:21:15 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.39: +133 -42 lines
Diff to previous 1.39 (colored)
allow to specify table templates in the configuration file and to inherit them from multiple services or relays. this is useful if you want to use a table with the same list of hosts but different ports as specified in the relay or service section. this makes mcbride more happy ok pyr@
Revision 1.39 / (download) - annotate - [select for diffs], Sat May 26 19:58:49 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.38: +10 -8 lines
Diff to previous 1.38 (colored)
first steps for implementing reload: * make parse_config allocate the hoststated function by itself * make as many sockets as necessary to talk to the relay children * add send_all for talking to all children with advise and ok reyk@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Apr 12 14:45:45 2007 UTC (17 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.37: +7 -2 lines
Diff to previous 1.37 (colored)
add a new relay 'path' action to filter the URL path and arguments. ok pyr@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Mar 21 00:08:08 2007 UTC (17 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.36: +10 -4 lines
Diff to previous 1.36 (colored)
in addition to the host retry option in tables, add support for the optional connection "retry" to the forward to, service, and nat lookup options. for example, "nat lookup retry 3" is useful when running hoststated as a transparent proxy when connecting to unreliable frontend/backend servers. ok pyr@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Mar 13 12:04:52 2007 UTC (17 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.35: +17 -2 lines
Diff to previous 1.35 (colored)
allow to specify the IP_TTL and IP_MINTTL options for the relays to support the Generalized TTL Security Mechanism (GTSM) according to RFC 3682. this is especially useful with inbound connections and a fixed distance to the backend servers. ok pyr@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Mar 7 17:40:32 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.34: +2 -1 lines
Diff to previous 1.34 (colored)
- fix the hoststatectl host disable/enable commands to work with relay layer 7 loadbalancing. - allow to run relays with tables without depending on services - show hosts and tables assigned to relays in hoststatectl show commands ok pyr@ deraadt@ with some input from mcbride@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Mar 6 19:26:46 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.33: +9 -4 lines
Diff to previous 1.33 (colored)
add support for handling simple HTTP cookies (no per-path/domain cookies yet), for example: cookie hash "JSESSIONID" tested by some people ok pyr@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Feb 27 13:38:58 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.32: +36 -18 lines
Diff to previous 1.32 (colored)
in addition to actions on request headers, allow to define relay actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Feb 26 20:48:48 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.31: +17 -17 lines
Diff to previous 1.31 (colored)
kill the ``use ssl'' directive for consistency across parser directives. another heads up for testers: you need to change configuration files. ok reyk@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Feb 26 19:58:04 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.30: +32 -34 lines
Diff to previous 1.30 (colored)
remove HTTP and HTTPS tokens, makes for cleaner parser. reorder other rules as well. ok reyk@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 26 19:25:05 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.29: +42 -42 lines
Diff to previous 1.29 (colored)
solve some conflicts in the configuration parser. configuration will need to be updated as some directives have changed. manpage and examples bits coming up. ok reyk@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 26 13:31:21 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.28: +7 -7 lines
Diff to previous 1.28 (colored)
KNF
Revision 1.28 / (download) - annotate - [select for diffs], Mon Feb 26 13:03:30 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.27: +3 -4 lines
Diff to previous 1.27 (colored)
Change the ``virtual ip'' directive to ``virtual host''. You will need to update your configuration files accordingly. "just do it", reyk@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 24 00:22:32 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.26: +95 -18 lines
Diff to previous 1.26 (colored)
- allow to specify the SSL cipher suite and the SSL protocols (as required by the PCI DSS) - increase the default listen backlog to 10, allow to modify the backlog as a per-protocol tcp option to improve the performance on busy systems (to get less connection failures on heavy load) - close the connection if SSL_accept returned an error - instead of logging _new_ relay sessions to syslog, log the sessions in relay_close() after they have been _finished_. this will allow to collect some additional information - add a new log keyword to log specified header/url entities (useful to track "bad guys" using many session ids or multiple user agents) - some minor fixes, manpage bits, and bump the copyright (by some reason, i didn't realize that we already have 2007...).
Revision 1.26 / (download) - annotate - [select for diffs], Thu Feb 22 03:32:39 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.25: +480 -9 lines
Diff to previous 1.25 (colored)
Add layer 7 functionality to hoststated used for layer 7 loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 9 17:55:49 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)
unbreak the symset function
Revision 1.24 / (download) - annotate - [select for diffs], Thu Feb 8 13:32:24 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.23: +9 -6 lines
Diff to previous 1.23 (colored)
carefully check some return values and make lint happier. never pass any truncated strings (table names/anchors/tags/...) to pf and the kernel. ok pyr@
Revision 1.23 / (download) - annotate - [select for diffs], Wed Feb 7 15:17:46 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.22: +11 -2 lines
Diff to previous 1.22 (colored)
add new "log (updates|all)" configuration option to log state notifications after completed host checks. either only log the "updates" to new states or log "all" state notifications, even if the state didn't change. the log messages will be reported to syslog or to stderr if the daemon is running in foreground mode. ok claudio@ pyr@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Feb 7 13:39:58 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.21: +1 -2 lines
Diff to previous 1.21 (colored)
remove unused functions and variables which have been copied from ospfd(8) (can be re-imported later if required).
Revision 1.21 / (download) - annotate - [select for diffs], Wed Feb 7 13:30:17 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.20: +1 -2 lines
Diff to previous 1.20 (colored)
add the -D option to define macros on the command line (as found in bgpd(8), hostapd(8), ipsecctl(8), pfctl(8), ...).
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jan 30 10:12:06 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.19: +15 -15 lines
Diff to previous 1.19 (colored)
small memleak plugged and style changes. ok reyk@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 29 14:23:31 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.18: +45 -9 lines
Diff to previous 1.18 (colored)
Add SSL support to hoststated. with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 25 19:40:08 2007 UTC (17 years, 4 months ago) by niallo
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
return 0, not NULL in a function returning int. ok pyr@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jan 24 06:31:09 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.16: +20 -12 lines
Diff to previous 1.16 (colored)
Better handling of escaped CR-LF in the configuration file, commenting them out was previously broken. This is needed for send/expect scripts. ok claudio@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 12 16:43:01 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.15: +15 -23 lines
Diff to previous 1.15 (colored)
eliminate duplicate tcp read/write code. ok claudio@, reyk@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jan 9 13:50:11 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
Finish renaming hostated to hoststated. Note to testers: the user the daemon changes its id to is now _hoststated, don't forget to update master.passwd. ok reyk@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jan 9 00:45:32 2007 UTC (17 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
adapt to rename
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 8 20:46:18 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.12: +4 -10 lines
Diff to previous 1.12 (colored)
do NOT use the regexp interface. it is way to complicated, error-prone and we don't know about all the possible security problems. change the check send/expect code to use the fnmatch(3) interface using shell globbing rules instead. this allows simple patterns like "220 * ESMTP*" or "SSH-[12].??-*". suggested by deraadt@ and otto@ ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 8 17:10:23 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.11: +43 -18 lines
Diff to previous 1.11 (colored)
allow to use service names in addition to numerical port numbers in the configuration file, eg. "real port http". > From Pierre-Yves Ritschard (pyr at spootnik dot org) ok claudio@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 8 16:50:04 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.10: +16 -4 lines
Diff to previous 1.10 (colored)
the timeout values are not allowed to exceed the global interval (i figured this out while testing hostated against a stottering spamd where the send/expect timeout needs be > 10 seconds). also use another struct timeval to store the interval for easier handling in the code. ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jan 8 14:30:31 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.9: +2 -3 lines
Diff to previous 1.9 (colored)
remove unused token.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 8 13:37:26 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.8: +43 -3 lines
Diff to previous 1.8 (colored)
add a generic send/expect check using regular expression (see regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 3 09:45:29 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.7: +4 -3 lines
Diff to previous 1.7 (colored)
spacing
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jan 3 09:42:30 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.6: +4 -2 lines
Diff to previous 1.6 (colored)
allow the sticky-address option for round-robin pools. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.6 / (download) - annotate - [select for diffs], Mon Dec 25 19:05:41 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.5: +18 -6 lines
Diff to previous 1.5 (colored)
fix the conversion from milliseconds to struct timeval, which uses seconds (tv_sec) and microseconds (tv_usec), but the code assumed seconds and milliseconds...
Revision 1.5 / (download) - annotate - [select for diffs], Mon Dec 25 18:12:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.4: +4 -2 lines
Diff to previous 1.4 (colored)
partial rewrite of the check_* routines to use libevent everywhere instead of nested select() calls and to handle the non-blocking sockets properly. From Pierre-Yves Ritschard (pyr at spootnik dot org) (with a little help by me)
Revision 1.4 / (download) - annotate - [select for diffs], Sat Dec 16 18:05:35 2006 UTC (17 years, 5 months ago) by martin
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
typo
Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 16 17:48:27 2006 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +31 -32 lines
Diff to previous 1.2 (colored)
spacing
Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 16 12:42:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.1: +41 -41 lines
Diff to previous 1.1 (colored)
knf, spacing please note that some editors will replace tabs with multiple spaces if you cut & paste code from other sections. please try to keep the tabs ;).
Revision 1.1 / (download) - annotate - [select for diffs], Sat Dec 16 11:45:07 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Import hostated, the host status daemon. This daemon will monitor remote hosts and dynamically alter pf(4) tables and redirection rules for active server load balancing. The daemon has been written by Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as "slbd". The daemon is fully functional but it still needs some work and cleanup so we don't link it to the build yet. Some TODOs are a partial rewrite of the check_* routines (use libevent whenever we can), improvement of the manpages, and general knf and cleanup. ok deraadt@ claudio@