Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Mon Oct 26 16:52:06 2020 UTC (3 years, 7 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
HEAD
Changes since 1.34: +7 -8 lines
Diff to previous 1.34 (colored)
Let relayd make use of libagentx. No functional change intended. OK tb@ Enthousiasm from Mischa Peters
Revision 1.34 / (download) - annotate - [select for diffs], Mon Sep 14 11:30:25 2020 UTC (3 years, 8 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.33: +5 -5 lines
Diff to previous 1.33 (colored)
Rewrite the agentx code of relayd. This new framework should allow us to add new objects easier if so desired and should handle a lot more corner-cases. This commit should also fix the following: - On most (all) tables it omits the *Entry elements, making it not map to OPENBSD-RELAYD-MIB.txt. - sstolen returns the size of the sockaddr_in{,6}, instead of the sin{,6}_addr resulting in garbage data to be put in the ip-field. - relaydSessionPortIn and relaydSessionPortOut are swapped - relaydSessions only uses relaydSessionIndex, while OPENBSD-RELAYD-MIB.txt says it should have 2 indices - miscellaneous minor things related to the AGENTX-protocol, like wonky index handeling and returning NOSUCHINSTANCE where NOSUCHOBJECT should be returned, etc. This commit does remove traps, but it's large enough as is and I intent on adding it soon(tm). It also deprecates the snmp keyword in favour of an agentx keyword. The snmp keyword is still available, but will be removed in the future. Tweaks and OK denis@ on the relayd parts Tweaks and OK claudio@ on the agentx parts "Get it in" deraadt@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jun 30 16:59:38 2020 UTC (3 years, 11 months ago) by martijn
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
Allow relayd to compile without reaching back into snmpd directory for agentx header. OK denis@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Jul 3 22:21:47 2017 UTC (6 years, 11 months ago) by espie
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h okay millert@
Revision 1.31 / (download) - annotate - [select for diffs], Sat May 27 08:33:25 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)
Migrate relayd to use libtls for TLS. Still does the TLS privsep via the engine but at least we can use a sane API for new features. Going in now so it is possible to work with this in tree. General agreement at d2k17.
Revision 1.30 / (download) - annotate - [select for diffs], Wed Sep 28 15:03:03 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
Add -Wcast-qual and cast away one false positive where we use a const u_char * variable for an iovec from within the libcrypto engine callback. OK millert@
Revision 1.29 / (download) - annotate - [select for diffs], Sat Nov 21 12:37:42 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Move local logging functions from log.c to new file util.c (that is also shared with relayctl). This allows us to unify common log.c with other daemons. It also clarifies the Copyright: log.c is by Henning, relayd's additions were from me. No functional or code changes, but it will make future updates easier.
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jan 22 09:26:05 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
LibreSSL now supports loading of CA certificates from memory, replace the internal and long-serving ssl_ctx_load_verify_memory() function with a call to the SSL_CTX_load_verify_mem() API function. The ssl_privsep.c file with hacks for using OpenSSL in privsep'ed processes can now go away; portable versions of smtpd and relayd should start depending on LibreSSL or they have to carry ssl_privsep.c in openbsd-compat to work with legacy OpenSSL. No functional change. Based on previous discussions with gilles@ bluhm@ and many others OK bluhm@ (as part of the libcrypto/libssl/libtls diff)
Revision 1.27 / (download) - annotate - [select for diffs], Mon Apr 21 14:57:17 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
The OpenSSL engine passes a "const u_char *" to the callback but relayd's RSA privsep engine uses an iovec that expects a non-cast "void *". Cast it and disable the -Wcast-qual warning because I don't want to copy the data and I didn't find a better way to implement it. ok guenther@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Apr 18 13:55:26 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.25: +7 -6 lines
Diff to previous 1.25 (colored)
Introduce privsep for private keys: - Move RSA private keys to a new separate process instead of copying them to the relays. A custom RSA engine is used by the SSL/TLS code of the relay processes to send RSA private key encryption/decryption (also used for sign/verify) requests to the new "ca" processes instead of operating on the private key directly. - Each relay process gets its own related ca process. Setting "prefork 5" in the config file will spawn 10 processes (5 relay, 5 ca). This diff also reduces the default number of relay processes from 5 to 3 which should be suitable in most installations without a very heavy load. - Don't keep text versions of the keys in memory, parse them once and keep the binary representation. This might still be the case in OpenSSL's internals but will be fixed in the library. This diff doesn't prevent something like "heartbleed" but adds an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS. With feedback from many ok benno@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Apr 14 12:58:04 2014 UTC (10 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.24: +3 -2 lines
Diff to previous 1.24 (colored)
Adapt relayd to use AgentX protocol to send traps ok reyk@ benno@
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jan 18 05:54:51 2014 UTC (10 years, 4 months ago) by martynas
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
Remove -Wbounded: it is now the compiler default.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Sep 20 12:30:20 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
Move the HTTP code into an extra file to make future changes easier to follow. No functional changes, only one function got renamed. ok benno@
Revision 1.22 / (download) - annotate - [select for diffs], Thu May 19 08:56:49 2011 UTC (13 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Fix reload support in relayd(8) by reimplementing large parts of the daemon infrastructure. The previous design made it fairly hard to reload the complex data structures, especially relays and protocols. One of the reasons was that the privsep'd relayd processes had two ways of getting their configuration: 1) from memory after forking from the parent process and 2) and (partially) via imsgs after reload. The new implementation first forks the privsep'd children before the parents loads the configuration and sends it via imsgs to them; so it is only like 2) before. It is based on an approach that I first implemented for iked(8) and I also fixed many bugs in the code. Thanks to many testers including dlg@ sthen@ phessler@ ok pyr@ dlg@ sthen@
Revision 1.21 / (download) - annotate - [select for diffs], Mon May 9 12:08:47 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
Reorganize the relayd code to use the proc.c privsep API/commodity functions that are based on work for iked and smtpd. This simplifies the setup of privsep processes and moves some redundant and repeated code to a single place - which is always good from a quality and security point of view. The relayd version of proc.c is different to the current version in iked because it uses 1:N communications between processes, eg. a single parent process is talking to many forked relay children while iked only needs 1:1 communications. ok sthen@ pyr@
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 26 16:44:32 2010 UTC (14 years ago) by nicm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
Move imsg into libutil and add a man page. Minor bump for libutil. Previous versions of this diff and man page looked at by various people. "you should just commit" deraadt
Revision 1.19 / (download) - annotate - [select for diffs], Thu Aug 13 13:51:21 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)
add new 'router' functionality to dynamically add or remove routes based on health check results, using the existing table syntax. this allows to maintain multiple (uplink) gateways to implement link balancing or WAN link failover if no routing protocol or other keepalive method is available. works fine with or without net.inet.ip.multipath enabled. ok pyr@, jmc@ for manpages
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jul 9 17:16:51 2008 UTC (15 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Use OpenBSD's knuth shuffle algorithm of random values from bind to produce the DNS request ids instead of a simple per-request arc4random(). This ensure randomness but also satisfies the non-repeating property we need. ok deraadt@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Feb 11 10:42:50 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.16: +4 -3 lines
Diff to previous 1.16 (colored)
Marry relayd with snmpd using new "send trap" option: Request to send a SNMP trap when the state of a host changes. relayd(8) will try to (re-)connect to snmpd(8) and request it to send a trap to the registered trap receivers, see snmpd.conf(5) for more information about the configuration. ok pyr@ thib@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Dec 7 17:17:00 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
Revision 1.15 / (download) - annotate - [select for diffs], Mon Nov 26 09:38:25 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
allow to add labels to protocol actions, they will be printed in http error pages and can be used to refer to additional information. ok pyr@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Sep 25 08:24:26 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)
Introduce two new functions to be able to load certificates while already chrooted and with privileges dropped. This is the very first step in being able to reload a layer 7 configuration. not ok reyk who's away but should be glad to see this in.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Sep 10 11:59:22 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
add support for relaying DNS traffic (with a little bit of packet header randomization). this adds an infrastructure to support UDP-based protocols. ok gilles@, tested by some
Revision 1.12 / (download) - annotate - [select for diffs], Tue May 29 17:12:04 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
add a new check method which allows to run external scripts/programs for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.
Revision 1.11 / (download) - annotate - [select for diffs], Mon Feb 26 19:35:43 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.10: +6 -6 lines
Diff to previous 1.10 (colored)
re-enable the -W flags except -Werror which behaves differently with different gcc versions (it previously broke the tree on sparc with gcc 2.95 when compiling sys/hash.h). -Werror removal suggested by deraadt@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Feb 25 18:15:37 2007 UTC (17 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +5 -5 lines
Diff to previous 1.9 (colored)
delete -W flags that reyk uses to break the tree
Revision 1.9 / (download) - annotate - [select for diffs], Fri Feb 23 00:28:06 2007 UTC (17 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)
knf
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 22 03:32:39 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
Add layer 7 functionality to hoststated used for layer 7 loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
Revision 1.7 / (download) - annotate - [select for diffs], Sat Feb 3 20:24:21 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
merge tcp-based checks into one file, no functional changes ok pyr@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 30 15:11:51 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
this diff changes "-lcrypto -lssl" to "-lssl -lcrypto" to let it compile on vax. on some architectures the order of the libraries matters for the linker. ok pyr@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 29 14:23:31 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)
Add SSL support to hoststated. with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 9 02:32:58 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
unbreak
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 9 00:45:32 2007 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
adapt to rename
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 8 13:37:26 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.1: +4 -3 lines
Diff to previous 1.1 (colored)
add a generic send/expect check using regular expression (see regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.1 / (download) - annotate - [select for diffs], Sat Dec 16 11:45:07 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Import hostated, the host status daemon. This daemon will monitor remote hosts and dynamically alter pf(4) tables and redirection rules for active server load balancing. The daemon has been written by Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as "slbd". The daemon is fully functional but it still needs some work and cleanup so we don't link it to the build yet. Some TODOs are a partial rewrite of the check_* routines (use libevent whenever we can), improvement of the manpages, and general knf and cleanup. ok deraadt@ claudio@