![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.255 / (download) - annotate - [select for diffs], Sun Oct 29 11:27:11 2023 UTC (7 months, 1 week ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.254: +7 -17 lines
Diff to previous 1.254 (colored)
Unmention/don't explain SSL, drop 9y old "ssl" keyword/deprecation warning Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in the last ten years, "ssl" is now an error. Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS section. OK benno
Revision 1.254 / (download) - annotate - [select for diffs], Mon Jul 3 09:38:08 2023 UTC (11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.253: +2 -2 lines
Diff to previous 1.253 (colored)
Use ibuf_data() instead of accessing ibuf->buf directly. OK tb@
Revision 1.253 / (download) - annotate - [select for diffs], Fri Oct 15 15:01:28 2021 UTC (2 years, 7 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.252: +6 -6 lines
Diff to previous 1.252 (colored)
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char. For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain. With help from millert@ ok benno@ deraadt@
Revision 1.252 / (download) - annotate - [select for diffs], Sun Jan 17 15:17:13 2021 UTC (3 years, 4 months ago) by rob
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.251: +2 -1 lines
Diff to previous 1.251 (colored)
Don't leak host address. Found with clang static analyzer. OK tb@
Revision 1.251 / (download) - annotate - [select for diffs], Sat Jan 9 08:53:57 2021 UTC (3 years, 4 months ago) by denis
Branch: MAIN
Changes since 1.250: +17 -2 lines
Diff to previous 1.250 (colored)
Add 'strip' directive Feedback by Olivier Cherrier, Hiltjo Posthuma, Mischa OK benno@
Revision 1.250 / (download) - annotate - [select for diffs], Tue Dec 29 19:48:06 2020 UTC (3 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.249: +3 -2 lines
Diff to previous 1.249 (colored)
getifaddrs() can return entries where ifa_addr is NULL. Check for this before accessing anything in ifa_addr. ok claudio@
Revision 1.249 / (download) - annotate - [select for diffs], Fri Oct 30 09:45:03 2020 UTC (3 years, 7 months ago) by martijn
Branch: MAIN
Changes since 1.248: +5 -31 lines
Diff to previous 1.248 (colored)
Remove deprecated snmp keyword. OK denis@
Revision 1.248 / (download) - annotate - [select for diffs], Mon Oct 26 16:52:06 2020 UTC (3 years, 7 months ago) by martijn
Branch: MAIN
Changes since 1.247: +3 -3 lines
Diff to previous 1.247 (colored)
Let relayd make use of libagentx. No functional change intended. OK tb@ Enthousiasm from Mischa Peters
Revision 1.247 / (download) - annotate - [select for diffs], Sun Oct 25 10:17:49 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.246: +2 -2 lines
Diff to previous 1.246 (colored)
Remove trailing spaces & tabs
Revision 1.246 / (download) - annotate - [select for diffs], Mon Sep 14 11:30:25 2020 UTC (3 years, 8 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.245: +58 -23 lines
Diff to previous 1.245 (colored)
Rewrite the agentx code of relayd. This new framework should allow us
to add new objects easier if so desired and should handle a lot more
corner-cases.
This commit should also fix the following:
- On most (all) tables it omits the *Entry elements, making it not map to
OPENBSD-RELAYD-MIB.txt.
- sstolen returns the size of the sockaddr_in{,6}, instead of the
sin{,6}_addr resulting in garbage data to be put in the ip-field.
- relaydSessionPortIn and relaydSessionPortOut are swapped
- relaydSessions only uses relaydSessionIndex, while
OPENBSD-RELAYD-MIB.txt says it should have 2 indices
- miscellaneous minor things related to the AGENTX-protocol, like wonky
index handeling and returning NOSUCHINSTANCE where NOSUCHOBJECT
should be returned, etc.
This commit does remove traps, but it's large enough as is and I intent
on adding it soon(tm). It also deprecates the snmp keyword in favour of
an agentx keyword. The snmp keyword is still available, but will be
removed in the future.
Tweaks and OK denis@ on the relayd parts
Tweaks and OK claudio@ on the agentx parts
"Get it in" deraadt@
Revision 1.245 / (download) - annotate - [select for diffs], Thu May 14 17:27:38 2020 UTC (4 years ago) by pvk
Branch: MAIN
Changes since 1.244: +3 -1 lines
Diff to previous 1.244 (colored)
Enable TLSv1.3 support in relayd(8) with the help from tb@ jsing@; ok tb@
Revision 1.244 / (download) - annotate - [select for diffs], Wed Feb 12 21:15:44 2020 UTC (4 years, 3 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.243: +38 -6 lines
Diff to previous 1.243 (colored)
improve parsing of relay {} sections:
- Do not accept multiple protocol statements, as only one will be
used, it is better to error out if more arespecified.
- do not allow tcp and http options in dns protocol definitions, they
are ignored anyway.
Suggested by Nick (nick -AT- kousu -DOT- ca) thanks.
ok claudio@
Revision 1.243 / (download) - annotate - [select for diffs], Wed Sep 18 20:27:53 2019 UTC (4 years, 8 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.242: +4 -18 lines
Diff to previous 1.242 (colored)
remove old log options 'log update/all' that were replaced with 'log state changes/host checks/connection' some time ago. ok reyk@ claudio@ on first version, kn@ noticed that the tokens could be removed too.
Revision 1.242 / (download) - annotate - [select for diffs], Sun Sep 15 19:23:29 2019 UTC (4 years, 8 months ago) by rob
Branch: MAIN
Changes since 1.241: +54 -2 lines
Diff to previous 1.241 (colored)
Add support for binary protocol health checking. Feedback and guidance from benno@ and reky@. Man page tweaks from jmc@. ok benno@
Revision 1.241 / (download) - annotate - [select for diffs], Sat Jul 13 06:54:45 2019 UTC (4 years, 10 months ago) by chrisz
Branch: MAIN
Changes since 1.240: +2 -2 lines
Diff to previous 1.240 (colored)
fix error description on invalid forward ip. OK benno@
Revision 1.240 / (download) - annotate - [select for diffs], Fri Jul 5 06:49:27 2019 UTC (4 years, 11 months ago) by patrick
Branch: MAIN
Changes since 1.239: +20 -18 lines
Diff to previous 1.239 (colored)
Fix integer sizes in format strings and enable formatting warnings for yyerror. From Moritz Buhl ok claudio@
Revision 1.239 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:50 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.238: +2 -2 lines
Diff to previous 1.238 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.238 / (download) - annotate - [select for diffs], Fri May 31 15:25:57 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.237: +34 -5 lines
Diff to previous 1.237 (colored)
Add support for SNI with new "tls keypair" option to load additional certs. Tested by many (thanks!) Feedback & OK rob@
Revision 1.237 / (download) - annotate - [select for diffs], Fri May 31 15:15:37 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.236: +1 -5 lines
Diff to previous 1.236 (colored)
Move the relay keys/certs into a separate global list and look them up by id. Moving the certs out of the relay struct will help to add multiple SNI certs. Tested by many users (thanks!) Feedback & OK rob@
Revision 1.236 / (download) - annotate - [select for diffs], Wed May 29 11:52:56 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.235: +17 -14 lines
Diff to previous 1.235 (colored)
Fix the check if a relay has been specified twice Relays cannot have the same name or listen address. If a listen address is specified multiple times, the parser expands the configuration into multiple relays automatically. OK rob@
Revision 1.235 / (download) - annotate - [select for diffs], Wed May 29 11:48:28 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.234: +3 -3 lines
Diff to previous 1.234 (colored)
Move relay_load_*() functions into relayd.c Pass the *env as an explicit argument instead of using the global pointer: The relay_load_certfiles() function is called early before the *env is set up. This does not change anything in the current code as *env is not used by anything in the function (not even ssl_load_key() that is taking it as an argument) but it will be needed by upcoming changes for SNI. Ok rob@
Revision 1.234 / (download) - annotate - [select for diffs], Fri May 10 09:15:00 2019 UTC (5 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.233: +51 -14 lines
Diff to previous 1.233 (colored)
Add support for from/to in relay filter rules. For example, pass from 10.0.0.0/8 path "/hello/*" forward to <b> Ok benno@
Revision 1.233 / (download) - annotate - [select for diffs], Wed Mar 13 23:29:32 2019 UTC (5 years, 2 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.232: +2 -3 lines
Diff to previous 1.232 (colored)
remove unused keyword "virtual". ok gcc, claudio@ agrees
Revision 1.232 / (download) - annotate - [select for diffs], Mon Mar 4 21:25:03 2019 UTC (5 years, 3 months ago) by benno
Branch: MAIN
Changes since 1.231: +19 -8 lines
Diff to previous 1.231 (colored)
Support for rfc 6455 Websockets connection upgrade. Add a new protocol
option 'http { [no] websockets }' to allow such connections (default
is no). Original diff from Daniel Lamando (dan AT danopia DOT net),
option and header checks by me. suggestions and ok bluhm@ and earlier
diff claudio@
Revision 1.231 / (download) - annotate - [select for diffs], Wed Feb 13 22:57:08 2019 UTC (5 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.230: +3 -3 lines
Diff to previous 1.230 (colored)
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
Revision 1.230 / (download) - annotate - [select for diffs], Thu Nov 1 00:18:44 2018 UTC (5 years, 7 months ago) by sashan
Branch: MAIN
Changes since 1.229: +3 -2 lines
Diff to previous 1.229 (colored)
- odd condition/test in PF lexer
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
Revision 1.229 / (download) - annotate - [select for diffs], Mon Oct 22 07:08:01 2018 UTC (5 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.228: +32 -80 lines
Diff to previous 1.228 (colored)
Make host_*() AF-agnostic
Merge host_v{4,6}() into much simpler host_ip() using just getaddrinfo().
With input & test by kn@ and benno@
OK benno@ kn@
Revision 1.228 / (download) - annotate - [select for diffs], Fri Sep 7 07:35:31 2018 UTC (5 years, 9 months ago) by miko
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.227: +4 -9 lines
Diff to previous 1.227 (colored)
replace malloc()+strlcpy() with strndup() in cmdline_symset(). "looks good" gilles@ halex@
Revision 1.227 / (download) - annotate - [select for diffs], Mon Aug 6 17:31:31 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.226: +24 -4 lines
Diff to previous 1.226 (colored)
replace the current log options log updates|all with log state changes log host checks log connection [errors] The first two control the logging of host check results: either changes in host state only or all checks. The third option controls logging of connections in relay mode: Either log all connections, or only errors. Additionaly, errors will be logged with LOG_WARN and good connections will be logged with LOG_INFO, so they can be differentiated in syslog. ok and feedback from claudio@
Revision 1.226 / (download) - annotate - [select for diffs], Wed Jul 11 07:39:22 2018 UTC (5 years, 10 months ago) by krw
Branch: MAIN
Changes since 1.225: +4 -4 lines
Diff to previous 1.225 (colored)
Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
Revision 1.225 / (download) - annotate - [select for diffs], Mon Jul 9 12:05:11 2018 UTC (5 years, 11 months ago) by krw
Branch: MAIN
Changes since 1.224: +4 -4 lines
Diff to previous 1.224 (colored)
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function. Recommended by florian@ and deraadt@ ok benno@ henning@ tb@
Revision 1.224 / (download) - annotate - [select for diffs], Mon Jun 11 18:18:00 2018 UTC (5 years, 11 months ago) by denis
Branch: MAIN
Changes since 1.223: +82 -49 lines
Diff to previous 1.223 (colored)
Fix an off-by-one line count when using include statements. Thanks to otto@ for the initial diff. OK benno@
Revision 1.223 / (download) - annotate - [select for diffs], Thu Apr 26 14:12:19 2018 UTC (6 years, 1 month ago) by krw
Branch: MAIN
Changes since 1.222: +3 -1 lines
Diff to previous 1.222 (colored)
Plug leak in error case of the common 'varset' implementations. ok benno@
Revision 1.222 / (download) - annotate - [select for diffs], Wed Apr 18 12:10:54 2018 UTC (6 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.221: +2 -2 lines
Diff to previous 1.221 (colored)
Remove RELAY_MAX_SESSIONS from relayd, there is no reason to limit relays to 1024 session per process (esp. with keep-alive). Now the fd limit is the new maximum and relayd will make sure to not accept too many sessions. The tcp backlog config maximum is now 512, adjust manpage accordingly. OK benno@ deraadt@
Revision 1.221 / (download) - annotate - [select for diffs], Wed Nov 29 15:24:50 2017 UTC (6 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.220: +4 -1 lines
Diff to previous 1.220 (colored)
add options to specify the control socket in relayd and relayctl. From Kapetanakis Giannis, thanks. ok claudio@
Revision 1.220 / (download) - annotate - [select for diffs], Mon Nov 27 23:21:16 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.219: +17 -26 lines
Diff to previous 1.219 (colored)
Change the ecdhe curve configuration to the same way httpd is doing it. This removes 'no ecdh' and renames 'ecdh curve auto' to ecdhe default. The code uses now tls_config_set_ecdhecurves(3) so it is possible to specify multiple curves now. If people specified curves in their config they need to adjust their config now. OK beck@
Revision 1.219 / (download) - annotate - [select for diffs], Mon Nov 27 21:06:26 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.218: +8 -7 lines
Diff to previous 1.218 (colored)
Use file descriptor passing to load certificates into the relays. Especially the ca file (having all the trusted certs in them) can be so big that loading via imsg fails. OK beck@
Revision 1.218 / (download) - annotate - [select for diffs], Thu Nov 16 14:24:34 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.217: +6 -1 lines
Diff to previous 1.217 (colored)
Check that http options are only configured in http protocols. OK benno@
Revision 1.217 / (download) - annotate - [select for diffs], Wed Nov 15 19:03:26 2017 UTC (6 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.216: +40 -15 lines
Diff to previous 1.216 (colored)
make the maximum size of http headers configurable in the protocol. ok bluhm@, >8k makes sense claudio@
Revision 1.216 / (download) - annotate - [select for diffs], Mon Aug 28 06:00:05 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.215: +2 -2 lines
Diff to previous 1.215 (colored)
65535 is a valid port to listen on. Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT gmail, thanks! chris@ pointed out that more than httpd(8) is effected. OK gilles@
Revision 1.215 / (download) - annotate - [select for diffs], Sat May 27 08:33:25 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.214: +65 -35 lines
Diff to previous 1.214 (colored)
Migrate relayd to use libtls for TLS. Still does the TLS privsep via the engine but at least we can use a sane API for new features. Going in now so it is possible to work with this in tree. General agreement at d2k17.
Revision 1.214 / (download) - annotate - [select for diffs], Thu Jan 5 13:53:09 2017 UTC (7 years, 5 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.213: +2 -3 lines
Diff to previous 1.213 (colored)
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE(). No intentional functional change. ok millert@ bluhm@ gilles@
Revision 1.213 / (download) - annotate - [select for diffs], Thu Jan 5 12:42:18 2017 UTC (7 years, 5 months ago) by krw
Branch: MAIN
Changes since 1.212: +7 -5 lines
Diff to previous 1.212 (colored)
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
Revision 1.212 / (download) - annotate - [select for diffs], Mon Sep 26 16:25:16 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.211: +3 -2 lines
Diff to previous 1.211 (colored)
spacing
Revision 1.211 / (download) - annotate - [select for diffs], Sat Sep 3 14:44:21 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.210: +2 -2 lines
Diff to previous 1.210 (colored)
Replace [RELAY|SERVER]_MAXPROC with the new PROC_MAX_INSTANCES variable and limit it from 128 to 32 instances (the old value). While here, move a few PROC_ defines around. OK rzalamena@
Revision 1.210 / (download) - annotate - [select for diffs], Fri Sep 2 16:14:09 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.209: +15 -18 lines
Diff to previous 1.209 (colored)
Move snmp options into struct relayd_config and delay start of the snmp subsystem until the configuration is done. OK benno@ claudio@
Revision 1.209 / (download) - annotate - [select for diffs], Fri Sep 2 14:45:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.208: +27 -26 lines
Diff to previous 1.208 (colored)
Split "struct relayd" into two structs: "struct relayd" and "struct relayd_config". This way we can send all the relevant global configuration to the children, not just the flags and the opts. With input from and OK claudio@ benno@
Revision 1.208 / (download) - annotate - [select for diffs], Thu Sep 1 10:49:48 2016 UTC (7 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.207: +6 -15 lines
Diff to previous 1.207 (colored)
Switch from the not really working session cache (because of the multiprocess nature of relayd) to tls session tickets to do TLS session resumption. TLS session tickets do not need to store SSL session data in the server but instead send an encrypted ticket to the clients that allows to resume the session. This is mostly stateless (apart from the encryption keys). relayd now ensures that all relay processes use the same key to encrypt the tickets. Keys are rotated every 2h and there is a primary and backup key. The tls session timeout is set to 2h to hint to the clients how long the session tickets is supposed to be alive. Input and OK benno@, reyk@
Revision 1.207 / (download) - annotate - [select for diffs], Tue Jun 21 21:35:25 2016 UTC (7 years, 11 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.206: +9 -1 lines
Diff to previous 1.206 (colored)
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
Revision 1.206 / (download) - annotate - [select for diffs], Sun Nov 22 13:27:13 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.205: +4 -4 lines
Diff to previous 1.205 (colored)
Update log.c: change fatal() and fatalx() into variadic functions, include the process name, and replace all calls of fatal*(NULL) with fatal(__func__) for better debugging. OK benno@
Revision 1.203.2.1 / (download) - annotate - [select for diffs], Sun Sep 20 11:20:16 2015 UTC (8 years, 8 months ago) by benno
Branch: OPENBSD_5_7
Changes since 1.203: +6 -6 lines
Diff to previous 1.203 (colored) next main 1.204 (colored)
maintainance diff for relayd MFC the following changes - Missing free(3) in error path (ssl.c,v 1.29) - fix a memory leak. (pfe.c,v 1.80) - allocate se_log evbuffer before loging errors with relay_close() (relay.c,v 1.192) - fix a file descriptor leak in http protocol handling (relay.c,v 1.193 and relay_http.c,v 1.44) - Fix obvious problems with relayd config reload (ca.c,v 1.13; config.c,v 1.25; parse.y,v 1.204; relayd.c,v 1.139; relayd.h,v 1.209) - http protocol: you cannot append to the previous key-value before line three of a request (relay_http.c,v 1.45) - fix a crash / use after free (relay.c,v 1.194; relay_http.c,v 1.46) - fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE (relay_http.c,v 1.47) - Plug a memory leak by simplifying kv_free() (relayd.c,v 1.141) - Fix memory leak in error case (relay_http.c,v 1.48) - track the connection state of a session and stops doing double opens in certain situations (relay.c,v 1.195; relay_http.c,v 1.49; relayd.h,v 1.210) - coding style (relay.c,v 1.196; relay_http.c,v 1.50; relayd.h,v 1.212) ok claudio@, sthen@ and feedback tedu@
Revision 1.205 / (download) - annotate - [select for diffs], Thu Aug 20 22:39:29 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.204: +3 -4 lines
Diff to previous 1.204 (colored)
stdlib.h is in scope; do not cast malloc/calloc/realloc* ok millert krw
Revision 1.204 / (download) - annotate - [select for diffs], Sat May 2 13:15:24 2015 UTC (9 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.203: +6 -6 lines
Diff to previous 1.203 (colored)
Fix obvious problems with relayd config reload. - fix a TAILQ corruption because of a use after free - do not reinit the SSL engine since that fails OK sthen, benno
Revision 1.203 / (download) - annotate - [select for diffs], Sun Feb 8 04:50:32 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.202: +2 -1 lines
Diff to previous 1.202 (colored)
Use AI_ADDRCONFIG when resolv hosts on startup. OK henning@
Revision 1.202 / (download) - annotate - [select for diffs], Thu Jan 22 17:42:09 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.201: +9 -8 lines
Diff to previous 1.201 (colored)
Clean up the relayd headers with help of include-what-you-use and some manual review. Based on common practice, relayd.h now includes the necessary headers for itself. OK benno@
Revision 1.201 / (download) - annotate - [select for diffs], Wed Jan 21 21:50:33 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.200: +3 -4 lines
Diff to previous 1.200 (colored)
Include <netinet/in.h> before <net/pfvar.h>. In a future change when ports is ready, <net/pfvar.h> will stop including a pile of balony.
Revision 1.200 / (download) - annotate - [select for diffs], Fri Jan 16 15:06:40 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
Adapt to <limits.h> universe. ok millert
Revision 1.199 / (download) - annotate - [select for diffs], Tue Dec 23 13:18:23 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.198: +6 -3 lines
Diff to previous 1.198 (colored)
pf now supports source-hash and random with tables so we can allow it in redirections. Thanks for help and input from jsg and yasuoka who reminded me to dig out and update these old diffs for pf and relayd. ok jsg@
Revision 1.198 / (download) - annotate - [select for diffs], Sun Dec 21 00:54:49 2014 UTC (9 years, 5 months ago) by guenther
Branch: MAIN
Changes since 1.197: +1 -2 lines
Diff to previous 1.197 (colored)
Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
Revision 1.197 / (download) - annotate - [select for diffs], Thu Dec 18 20:55:01 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.196: +94 -3 lines
Diff to previous 1.196 (colored)
Update relayd to use siphash instead of sys/hash. The source-hash, loadbalance and hash modes use a random key by default that can be forced to be a static key with a new configuration argument. With input from Max Fillinger. ok tedu@
Revision 1.196 / (download) - annotate - [select for diffs], Fri Dec 12 10:05:09 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.195: +94 -84 lines
Diff to previous 1.195 (colored)
Change the keyword "ssl" to "tls" to reflect reality since we effectively disabled support for the SSL protocols. SSL remains a common term describing SSL/TLS, there is some controvery about this change, and the name really doesn't matter, but I feel confident about it now. (btw., sthen@ pointed out some historical context: http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html) OK benno@, with input from tedu@
Revision 1.195 / (download) - annotate - [select for diffs], Thu Nov 20 05:51:20 2014 UTC (9 years, 6 months ago) by jsg
Branch: MAIN
Changes since 1.194: +4 -1 lines
Diff to previous 1.194 (colored)
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
Revision 1.194 / (download) - annotate - [select for diffs], Wed Nov 19 10:24:40 2014 UTC (9 years, 6 months ago) by blambert
Branch: MAIN
Changes since 1.193: +2 -1 lines
Diff to previous 1.193 (colored)
Support exporting relayd statistics via AgentX/snmpd This should be equivalent to the statistics available via the various relaydctl show commands okay benno@ reyk@
Revision 1.193 / (download) - annotate - [select for diffs], Fri Nov 7 13:48:06 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.192: +2 -4 lines
Diff to previous 1.192 (colored)
Remove the sslv2 option since LibreSSL has no SSLv2 support (however retain SSL_OP_NO_SSLv2 in case you happen to be running relayd on another platform with another SSL library). Also fix the SSLv3 handling so that 'no sslv3' actually works as intended. ok reyk@
Revision 1.192 / (download) - annotate - [select for diffs], Sun Nov 2 13:59:40 2014 UTC (9 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.191: +6 -6 lines
Diff to previous 1.191 (colored)
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK deraadt@
Revision 1.191 / (download) - annotate - [select for diffs], Mon Oct 20 14:50:41 2014 UTC (9 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.190: +4 -25 lines
Diff to previous 1.190 (colored)
Remove the "interface" option from the "transparent forward" directive. It was mandatory in the grammar but never used in the code. A fully transparent relay can now be specified with the following directive in a relay block: "transparent forward to destination". OK sthen@
Revision 1.190 / (download) - annotate - [select for diffs], Wed Oct 15 11:06:16 2014 UTC (9 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.189: +7 -1 lines
Diff to previous 1.189 (colored)
Disable SSLv3 by default. OK sthen@ jsing@
Revision 1.189 / (download) - annotate - [select for diffs], Fri Sep 5 10:19:26 2014 UTC (9 years, 9 months ago) by blambert
Branch: MAIN
Changes since 1.188: +4 -15 lines
Diff to previous 1.188 (colored)
revert previous; was based on a work-in-progress, as well as being an incomplete and therefore incorrect adaptation apologies to anybody who got bitten by this mistake ok reyk@
Revision 1.188 / (download) - annotate - [select for diffs], Fri Aug 29 09:03:36 2014 UTC (9 years, 9 months ago) by blambert
Branch: MAIN
Changes since 1.187: +15 -4 lines
Diff to previous 1.187 (colored)
Implement consistent host hashing for relayd, based on work done by andre@ Re-add a randomized hash seed (which had apparently gotten inadvertently removed in the past). Allows for multiple relayd instances to be configured to forward traffic to the same host, falling back to the random seed when not explicitly configured to do so. ok reyk@
Revision 1.187 / (download) - annotate - [select for diffs], Fri Jul 11 17:35:16 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.186: +12 -12 lines
Diff to previous 1.186 (colored)
Sometimes I just sort the tokens in parse.y
Revision 1.186 / (download) - annotate - [select for diffs], Fri Jul 11 16:59:38 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.185: +45 -12 lines
Diff to previous 1.185 (colored)
Add support for EDH to provide perfect forward secrecy for older SSL clients. Additionally, add options for disallowing client-initiated renegotiations and to prefer the server's cipher list over the client's preferences. This work is based on a diff by Markus Gebert at hostpoint.ch, and was discussed with jsing@ resulting in a few different defaults. ok benno@
Revision 1.185 / (download) - annotate - [select for diffs], Fri Jul 11 11:48:50 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.184: +2 -4 lines
Diff to previous 1.184 (colored)
Simplify the code that handles the HTTP headers by using an RB tree with associated lists instead of the complicated lookup table and "others" list. This might add a little malloc overhead for common headers but also fixes some issues like the handling of repeated headers - for example, handling of multiple "Set-Cookie" headers. ok bluhm@ (regress part) ok benno@
Revision 1.184 / (download) - annotate - [select for diffs], Wed Jul 9 16:42:05 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.183: +380 -244 lines
Diff to previous 1.183 (colored)
Replace the protocol directives for HTTP with a new generic filtering language. The grammar is inspired by pf and allows to write versatile last-matching filter rules in protocol sections starting with the "pass", "block" or "match" keywords. This work was started almost two years ago and replaces large parts of relayd(8)'s HTTP and filtering code. The initial version reimplements and extends HTTP filtering, but will be improved to support generic TCP and other protocols later. With some testing, feedback, and help from benno@ and andre@. OK benno@
Revision 1.183 / (download) - annotate - [select for diffs], Wed Jun 25 11:05:15 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.182: +2 -2 lines
Diff to previous 1.182 (colored)
sync copyright to reality according to my last changes
Revision 1.182 / (download) - annotate - [select for diffs], Mon May 12 14:28:22 2014 UTC (10 years ago) by andre
Branch: MAIN
Changes since 1.181: +2 -1 lines
Diff to previous 1.181 (colored)
Fix a leak from a recent added mark/marked keywords check. ok reyk
Revision 1.181 / (download) - annotate - [select for diffs], Thu May 8 16:11:06 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.180: +26 -1 lines
Diff to previous 1.180 (colored)
fail for unsupported node action/type combinations. Also fail for the unsupported mark/marked combination in a single rule. ok andre@
Revision 1.180 / (download) - annotate - [select for diffs], Tue Apr 22 08:04:23 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.179: +22 -4 lines
Diff to previous 1.179 (colored)
Support the CA key for SSL inspection in the ca process. Instead of looking up the keys by relay id, add all keys to a list and look them up by key id. ok benno@
Revision 1.179 / (download) - annotate - [select for diffs], Mon Apr 21 17:33:31 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.178: +6 -1 lines
Diff to previous 1.178 (colored)
Add a few missing free's in the grammar.
Revision 1.178 / (download) - annotate - [select for diffs], Sun Apr 20 18:16:11 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.177: +43 -11 lines
Diff to previous 1.177 (colored)
Add a few more overflow checks for strlc* functions in parse.y
Revision 1.177 / (download) - annotate - [select for diffs], Mon Apr 14 14:39:18 2014 UTC (10 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.176: +2 -2 lines
Diff to previous 1.176 (colored)
remove 'restricted' symbol from yacc parser, overlooked in previous commit found by andre@
Revision 1.176 / (download) - annotate - [select for diffs], Mon Apr 14 12:58:04 2014 UTC (10 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.175: +22 -6 lines
Diff to previous 1.175 (colored)
Adapt relayd to use AgentX protocol to send traps ok reyk@ benno@
Revision 1.175 / (download) - annotate - [select for diffs], Wed Jan 22 00:21:16 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.174: +2 -2 lines
Diff to previous 1.174 (colored)
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
Revision 1.174 / (download) - annotate - [select for diffs], Tue Jan 21 21:38:40 2014 UTC (10 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.173: +7 -1 lines
Diff to previous 1.173 (colored)
fix a a double free caused by a config with two listen on statements in a relay (the first one with ssl). found and fixed by Erik Lax <erik AT halon DOT se> ok phessler
Revision 1.173 / (download) - annotate - [select for diffs], Mon Nov 25 13:00:07 2013 UTC (10 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.172: +7 -7 lines
Diff to previous 1.172 (colored)
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
Revision 1.172 / (download) - annotate - [select for diffs], Mon Sep 9 17:57:44 2013 UTC (10 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.171: +15 -2 lines
Diff to previous 1.171 (colored)
Add support for ECDHE (Elliptic curve Diffie-Hellman) to enable TLS/SSL Perfect Forward Secrecy (PFS). ok djm@
Revision 1.171 / (download) - annotate - [select for diffs], Thu May 30 20:17:12 2013 UTC (11 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.170: +33 -2 lines
Diff to previous 1.170 (colored)
Support SSL inspection, the ability to transparently filter in SSL/TLS connections (eg. HTTPS) by using a local CA that is accepted by the clients. See the "SSL RELAYS" and "EXAMPLES" sections in the relayd.conf(5) manpage for more details. ok benno@, manpage bits jmc@
Revision 1.170 / (download) - annotate - [select for diffs], Sat Apr 27 16:39:30 2013 UTC (11 years, 1 month ago) by benno
Branch: MAIN
Changes since 1.169: +11 -3 lines
Diff to previous 1.169 (colored)
time_t 64bit fixes for relayd and relayctl: - fix statistics - set INT_MAX limit on session timeouts - make sure we dont use to large session timeouts in pf redirects and openssl tested with old and new time_t ok florian@
Revision 1.169 / (download) - annotate - [select for diffs], Mon Mar 4 08:41:32 2013 UTC (11 years, 3 months ago) by sthen
Branch: MAIN
Changes since 1.168: +7 -4 lines
Diff to previous 1.168 (colored)
sync yyerror() with bgpd; use vlog() to log parser errors so they show in logs if they occur when reloading. ok benno@
Revision 1.168 / (download) - annotate - [select for diffs], Fri Oct 19 16:49:50 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.167: +25 -1 lines
Diff to previous 1.167 (colored)
Support additional scheduling algorithms in the load balancer: least-states, random, source-hash. least-states is currently only supported for redirections and the other ones are currently only supported by relays. ok benno@
Revision 1.167 / (download) - annotate - [select for diffs], Thu Oct 4 20:53:30 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.166: +30 -28 lines
Diff to previous 1.166 (colored)
spacing
Revision 1.166 / (download) - annotate - [select for diffs], Wed Oct 3 08:40:40 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.165: +2 -1 lines
Diff to previous 1.165 (colored)
Inherit and pass the relay table flags correctly.
Revision 1.165 / (download) - annotate - [select for diffs], Wed Oct 3 08:33:31 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.164: +45 -26 lines
Diff to previous 1.164 (colored)
Support more than one relay backup table. Instead of duplicating the code for main and backup table all over the place, turn the relay tables into a list attached to the relay. This improves the code and allows some other tricks with multiple tables later.
Revision 1.164 / (download) - annotate - [select for diffs], Tue May 29 23:46:50 2012 UTC (12 years ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.163: +4 -2 lines
Diff to previous 1.163 (colored)
do not overwrite the table timeout with the global timeout when a table timeout is set. ok sthen@ giovanni@ henning@
Revision 1.163 / (download) - annotate - [select for diffs], Tue May 8 15:10:15 2012 UTC (12 years, 1 month ago) by benno
Branch: MAIN
Changes since 1.162: +2 -1 lines
Diff to previous 1.162 (colored)
fix "label string" in http protocol. problem found by giovanni. ok giovanni@, henning@
Revision 1.162 / (download) - annotate - [select for diffs], Sun Apr 15 03:12:30 2012 UTC (12 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.161: +2 -1 lines
Diff to previous 1.161 (colored)
fix some leaks ok krw@
Revision 1.161 / (download) - annotate - [select for diffs], Sat Jan 21 13:40:48 2012 UTC (12 years, 4 months ago) by camield
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.160: +1 -4 lines
Diff to previous 1.160 (colored)
Only start the child processes after all of them reported to have loaded the config. Solves a race at startup time where processes can send status messages about hosts that other processes don't know about yet. (and have relayd abort with "desynchronized" or "invalid host id") ok henning pyr deraadt solves the problem ok from benno todd
Revision 1.160 / (download) - annotate - [select for diffs], Fri Jan 20 12:16:41 2012 UTC (12 years, 4 months ago) by camield
Branch: MAIN
Changes since 1.159: +1 -19 lines
Diff to previous 1.159 (colored)
Remove global carp demote option. It is currently broken, but also flawed by design. ok henning pyr
Revision 1.159 / (download) - annotate - [select for diffs], Wed Sep 21 18:45:40 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.158: +1 -8 lines
Diff to previous 1.158 (colored)
During socket splicing the relayd session timeouts could not be measured exactly in user land. Use the new idle timeout for socket splicing in the kernel to make it correct. Also do splicing with http if relayd does not check headers. ok mikeb
Revision 1.158 / (download) - annotate - [select for diffs], Thu May 26 14:48:20 2011 UTC (13 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.157: +4 -1 lines
Diff to previous 1.157 (colored)
Add additional check to prevent running scripts when not configured.
Revision 1.157 / (download) - annotate - [select for diffs], Mon May 23 10:44:59 2011 UTC (13 years ago) by reyk
Branch: MAIN
Changes since 1.156: +51 -7 lines
Diff to previous 1.156 (colored)
Support interface groups in address specifications for tables or directives like "listen on egress". Based on gilles@' code for smtpd and an idea from Mikolaj Kucharski.
Revision 1.156 / (download) - annotate - [select for diffs], Thu May 19 08:56:49 2011 UTC (13 years ago) by reyk
Branch: MAIN
Changes since 1.155: +134 -99 lines
Diff to previous 1.155 (colored)
Fix reload support in relayd(8) by reimplementing large parts of the daemon infrastructure. The previous design made it fairly hard to reload the complex data structures, especially relays and protocols. One of the reasons was that the privsep'd relayd processes had two ways of getting their configuration: 1) from memory after forking from the parent process and 2) and (partially) via imsgs after reload. The new implementation first forks the privsep'd children before the parents loads the configuration and sends it via imsgs to them; so it is only like 2) before. It is based on an approach that I first implemented for iked(8) and I also fixed many bugs in the code. Thanks to many testers including dlg@ sthen@ phessler@ ok pyr@ dlg@ sthen@
Revision 1.155 / (download) - annotate - [select for diffs], Mon May 9 12:08:47 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.154: +2 -1 lines
Diff to previous 1.154 (colored)
Reorganize the relayd code to use the proc.c privsep API/commodity functions that are based on work for iked and smtpd. This simplifies the setup of privsep processes and moves some redundant and repeated code to a single place - which is always good from a quality and security point of view. The relayd version of proc.c is different to the current version in iked because it uses 1:N communications between processes, eg. a single parent process is talking to many forked relay children while iked only needs 1:1 communications. ok sthen@ pyr@
Revision 1.154 / (download) - annotate - [select for diffs], Thu May 5 12:01:43 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.153: +14 -11 lines
Diff to previous 1.153 (colored)
Update all logging and debug functions to use the __func__ macro
instead of static function names. __func__ is C99 and perfectly fine
to use. It also avoids printing errors; for example if a statement
log_debug("foo:"..) was moved or copied from function foo() to bar()
and the log message was not updated...
Revision 1.153 / (download) - annotate - [select for diffs], Thu May 5 10:20:24 2011 UTC (13 years, 1 month ago) by phessler
Branch: MAIN
Changes since 1.152: +15 -2 lines
Diff to previous 1.152 (colored)
Allow a user to specify the route priority OK reyk@ claudio@ sthen@
Revision 1.152 / (download) - annotate - [select for diffs], Tue Apr 12 12:43:13 2011 UTC (13 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.151: +8 -1 lines
Diff to previous 1.151 (colored)
Splicing is currently only supported for TCP relays, not for HTTP or others (HTTP will need a more complicated splicing mechanism to switch between headers and bodies in userland and kernel). Add the "no splice" flag for non-TCP relays by default to indicate it in the debug and status output.
Revision 1.151 / (download) - annotate - [select for diffs], Tue Apr 12 12:37:22 2011 UTC (13 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.150: +5 -2 lines
Diff to previous 1.150 (colored)
update flags and printing of flags in debug mode, handle splicing flag.
Revision 1.150 / (download) - annotate - [select for diffs], Thu Apr 7 13:22:29 2011 UTC (13 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.149: +15 -3 lines
Diff to previous 1.149 (colored)
Add support for divert-to which provides some benefits over rdr-to. ok mikeb@
Revision 1.149 / (download) - annotate - [select for diffs], Tue Oct 26 15:04:37 2010 UTC (13 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.148: +14 -7 lines
Diff to previous 1.148 (colored)
redirects are loaded as "pass in quick ... rdr-to" pf rules by default. In some cases it is desired to load the rules as "match in" without "quick" to allow additional filtering or applying additional rule/state options, eg. to add an overload table for DOS mitigation. Add the optional "match" keyword for the redirect "tag" option to change the pf rule type accordingly. ok jsg@ mikeb@
Revision 1.148 / (download) - annotate - [select for diffs], Mon Oct 18 11:51:22 2010 UTC (13 years, 7 months ago) by sthen
Branch: MAIN
Changes since 1.147: +2 -1 lines
Diff to previous 1.147 (colored)
Missing semicolon, ok henning@
Revision 1.147 / (download) - annotate - [select for diffs], Thu Sep 2 14:03:22 2010 UTC (13 years, 9 months ago) by sobrado
Branch: MAIN
Changes since 1.146: +3 -3 lines
Diff to previous 1.146 (colored)
remove trailing spaces and tabs from source code; no binary changes (verified by both sthen@ and me). ok sthen@; "just commit it" claudio@
Revision 1.146 / (download) - annotate - [select for diffs], Sat Aug 7 17:59:02 2010 UTC (13 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.145: +4 -5 lines
Diff to previous 1.145 (colored)
Fix carp demotion on tables. For some reason the default values were inherited from the table definition even though these values could not be changed there. While there fix a memory leak in a rather strange case. OK phessler, jsg, pyr, sthen, deraadt
Revision 1.145 / (download) - annotate - [select for diffs], Tue Aug 3 18:42:41 2010 UTC (13 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.144: +4 -3 lines
Diff to previous 1.144 (colored)
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
Revision 1.144 / (download) - annotate - [select for diffs], Sun Aug 1 22:18:35 2010 UTC (13 years, 10 months ago) by sthen
Branch: MAIN
Changes since 1.143: +18 -8 lines
Diff to previous 1.143 (colored)
Allow fallback tables for relays, not just redirections. Seems reasonable to jsg, ok phessler, no response from reyk or pyr
Revision 1.143 / (download) - annotate - [select for diffs], Wed Feb 24 15:44:18 2010 UTC (14 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.142: +6 -1 lines
Diff to previous 1.142 (colored)
Sync the list of initialisation steps done for the default relay protocol with that done for specified relay protocols. Makes it possible to use SSL for the default relay protocol. From boudewijn@indes.com in pr 6316
Revision 1.142 / (download) - annotate - [select for diffs], Thu Aug 27 09:26:53 2009 UTC (14 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.141: +78 -1 lines
Diff to previous 1.141 (colored)
allow to specify interface names as addresses, for example "listen on em0". the implementation will lookup the first IPv4 address of an interface before any other IPv4 and IPv6 addresses. ok gilles@ (i got inspired by smtpd)
Revision 1.141 / (download) - annotate - [select for diffs], Thu Aug 13 13:51:21 2009 UTC (14 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.140: +152 -7 lines
Diff to previous 1.140 (colored)
add new 'router' functionality to dynamically add or remove routes based on health check results, using the existing table syntax. this allows to maintain multiple (uplink) gateways to implement link balancing or WAN link failover if no routing protocol or other keepalive method is available. works fine with or without net.inet.ip.multipath enabled. ok pyr@, jmc@ for manpages
Revision 1.140 / (download) - annotate - [select for diffs], Fri Aug 7 11:10:23 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.139: +14 -2 lines
Diff to previous 1.139 (colored)
allow to modify the IP TTL value for host checks. this can be used to check if the host is only n hops away and not re-routed over a longer path.
Revision 1.139 / (download) - annotate - [select for diffs], Fri Aug 7 09:44:38 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.138: +2 -1 lines
Diff to previous 1.138 (colored)
add missing line
Revision 1.138 / (download) - annotate - [select for diffs], Fri Aug 7 08:45:58 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.137: +46 -21 lines
Diff to previous 1.137 (colored)
allow to specify host attributes in an arbitrary order (parent, retry) by making the grammar a bit more flexible.
Revision 1.137 / (download) - annotate - [select for diffs], Fri Aug 7 08:19:37 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.136: +41 -28 lines
Diff to previous 1.136 (colored)
cosmetic change - move address into an own element
Revision 1.136 / (download) - annotate - [select for diffs], Wed Aug 5 13:46:13 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.135: +3 -2 lines
Diff to previous 1.135 (colored)
prevent configuration of relays listening to a single addr:port tuple twice
Revision 1.135 / (download) - annotate - [select for diffs], Wed Aug 5 13:37:06 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.134: +76 -9 lines
Diff to previous 1.134 (colored)
support multiple 'listen on' lines in a single relay block
Revision 1.134 / (download) - annotate - [select for diffs], Wed Aug 5 12:55:43 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.133: +0 -1 lines
Diff to previous 1.133 (colored)
tables don't need pf if running in "l7" relay mode
Revision 1.133 / (download) - annotate - [select for diffs], Fri Apr 24 14:20:24 2009 UTC (15 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.132: +40 -17 lines
Diff to previous 1.132 (colored)
Allow UDP and/or TCP redirections instead of just TCP. Thanks to Marek Grzybowski for feedback and testing. ok jmc@ (manpage bits)
Revision 1.132 / (download) - annotate - [select for diffs], Fri Apr 17 09:37:25 2009 UTC (15 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.131: +3 -2 lines
Diff to previous 1.131 (colored)
add "Connection: close" to HTTP check headers to deconfuse HTTP/1.1 servers claiming keepalive sessions. From Camiel Dobbelaar
Revision 1.131 / (download) - annotate - [select for diffs], Thu Apr 2 14:30:51 2009 UTC (15 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.130: +12 -3 lines
Diff to previous 1.130 (colored)
add support to specify a ca file (eg. /etc/ssl/cert.pem) to verify ssl server certificates when connecting as an SSL client from relays. it works so far, but needs more testing and is currently lacking support for certificate revocation (like CRL or OCSP). the file ssl_privsep.c is extended to implement more code that should be in openssl to allow loading the ca from chroot...
Revision 1.130 / (download) - annotate - [select for diffs], Wed Apr 1 15:07:38 2009 UTC (15 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
fix an incorrect flag in route mode. From Padcal Lalonde, closes PR 6114
Revision 1.129 / (download) - annotate - [select for diffs], Wed Apr 1 14:56:38 2009 UTC (15 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.128: +32 -23 lines
Diff to previous 1.128 (colored)
Add support for client-side SSL connections from relays. relayd can now sit between two SSL connections (Oitm - OpenBSD-in-the-middle), accept SSL connections and forward to TCP, accept TCP connections and forward to SSL, and do TCP to TCP of course. This was tested by some people a while ago.
Revision 1.128 / (download) - annotate - [select for diffs], Tue Mar 31 21:03:49 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
Changes since 1.127: +18 -3 lines
Diff to previous 1.127 (colored)
Fixed memory leaks which would occur if the second of two memory allocations fails. looks right deraadt, krw ok henning
Revision 1.127 / (download) - annotate - [select for diffs], Fri Dec 5 16:53:07 2008 UTC (15 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.126: +5 -3 lines
Diff to previous 1.126 (colored)
use HTTP/1.1 instead of HTTP/1.0 if a host header is specified. spotted by phessler@
Revision 1.126 / (download) - annotate - [select for diffs], Fri Oct 17 13:02:55 2008 UTC (15 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.125: +5 -3 lines
Diff to previous 1.125 (colored)
bring in the findeol() fix from pfctl. list of affected parsers by sthen
Revision 1.125 / (download) - annotate - [select for diffs], Mon Sep 29 14:53:35 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.124: +67 -26 lines
Diff to previous 1.124 (colored)
allow to load expect, filter, log, and remove keys from external files just containing on key per line. this allows easier use of URL white/blacklists from external sources.
Revision 1.124 / (download) - annotate - [select for diffs], Mon Sep 29 12:07:59 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.123: +14 -12 lines
Diff to previous 1.123 (colored)
sort tokens for better readability
Revision 1.123 / (download) - annotate - [select for diffs], Mon Sep 29 09:58:51 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.122: +85 -23 lines
Diff to previous 1.122 (colored)
allow to listen on a port range for redirections. this fixes stickyness with web applications that cannot do the clustering on their own and require stickyness with HTTP to HTTPS migration. this is required in many cases; it is a true fact that we cannot always fix the backend application in the real world. Tested and requested by many
Revision 1.122 / (download) - annotate - [select for diffs], Tue Jul 22 23:17:37 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.121: +27 -3 lines
Diff to previous 1.121 (colored)
Add dynamic IPv6-to-IPv4 and IPv4-to-IPv6 translation inspired by faithd(8) by doing a similar mapping of IPv4/6 addresses with relayd(8) and pf(4) redirections without the need of the faith(4) interface. The trick works in both directions, it can accept IPv6 connections and relay them to IPv4 hosts by extracting the last 4 octets from the IPv6 destination (like faithd(8)), and it can accept IPv4 connections and relay them to IPv6 hosts by prepending the 4 octets of the original IPv4 destination to a configured IPv6 prefix. An access list is not needed because the classification is done in pf.conf(5). It helps to get more faith in relayd. manpage bits ok jmc@ yes, sounds good todd@
Revision 1.121 / (download) - annotate - [select for diffs], Sat Jul 19 11:38:54 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.120: +4 -4 lines
Diff to previous 1.120 (colored)
no need for using a TAILQ queue for the host children list, use a singly-linked SLIST instead. the only noticeable change is the reversed order to notify the children but it does not really matter here. also only walk through the children host list if the host itself is a potential parent.
Revision 1.120 / (download) - annotate - [select for diffs], Sat Jul 19 10:52:32 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.119: +38 -5 lines
Diff to previous 1.119 (colored)
If the new 'parent' keyword is specified for a host in a table, inherit the state from another host with the specified Id; no additional check will be for the inheriting host. This helps in scenarios with lots of IP aliases that all point to the same service on the same host (like web hosting with many SSL domains). discussed with pyr, tested in different setups
Revision 1.119 / (download) - annotate - [select for diffs], Thu Jul 17 16:41:06 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.118: +5 -5 lines
Diff to previous 1.118 (colored)
final reorder diff to use TAILQ_INSERT_TAIL instead of TAILQ_INSERT_HEAD. now tables and relays are also matching the order in the config file. ok pyr@
Revision 1.118 / (download) - annotate - [select for diffs], Thu Jul 17 16:28:07 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.117: +6 -5 lines
Diff to previous 1.117 (colored)
add the hosts in order to get host ids that match the order in the config file. ok pyr@
Revision 1.117 / (download) - annotate - [select for diffs], Thu Jul 17 16:12:04 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.116: +8 -18 lines
Diff to previous 1.116 (colored)
give sane ids to hosts, tables, redirections, relays, etc. - start counting at 1 and do not assign an id before inheriting a real table. makes more sense in the relayctl output. ok pyr@
Revision 1.116 / (download) - annotate - [select for diffs], Thu Jul 17 15:10:15 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.115: +22 -14 lines
Diff to previous 1.115 (colored)
use getaddrinfo/getnameinfo to parse ipv6 addresses instead of inet_pton/inet_ntop to allow specifing and printing the IPv6 scope identifier. synced host_v6() with ntpd's version to use getaddrinfo() instead of inet_pton() - host_v4, host_v6, and host_dns could all use getaddrinfo in a single function by specifing different flags but this would diverge from the other daemons using this common interface so we keep this little overhead. discussed with henning@ ok pyr@
Revision 1.115 / (download) - annotate - [select for diffs], Wed Jun 11 18:21:19 2008 UTC (16 years ago) by reyk
Branch: MAIN
Changes since 1.114: +45 -12 lines
Diff to previous 1.114 (colored)
add support for "transparent" forwarding in relays: normally the l7 relay will connect to the target host with its own ip address, but this mode will let it use the address of the client that is connecting from the other side. for example, there is no need to add the X-Forwarded-For HTTP headers for internal webservers in this mode anymore since they magically see the remote client ip address in the connection. it also allows to build fully-transparent ssl encapsulation for tcp sessions and many other things... based on an initial idea from dlg@ and pascoe@ (dlg's talk at opencon) using the new BINDANY and divert-reply interfaces from markus@ (since n2k8) ok markus@ pyr@
Revision 1.114 / (download) - annotate - [select for diffs], Thu May 8 02:15:34 2008 UTC (16 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.113: +2 -1 lines
Diff to previous 1.113 (colored)
missed to set the default for tables to round-robin, so it was loadbalance after the grammar change. make it round-robin again.
Revision 1.113 / (download) - annotate - [select for diffs], Wed May 7 01:49:29 2008 UTC (16 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.112: +30 -5 lines
Diff to previous 1.112 (colored)
add an alternative "route to" mode to relayd redirections which maps to pf route-to instead of the default rdr. it is a first steps towards support for "direct server return" (dsr), an asynchronous mode where the load balanced servers send the replies to a different gateway like a l3 switch/router to handle higher amounts of return traffic. because the state handling in pf isn't optimal for this case yet, it just sees half of the TCP connection, the sessions are forced to time out after fixed number of seconds. discussed with many, thought about in the onsen
Revision 1.112 / (download) - annotate - [select for diffs], Tue May 6 12:58:00 2008 UTC (16 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
the manpage mentioned "timeout" in relay sections, while the grammar expected the keywords "forward timeout". rename it to "session timeout" and sync the documentation with reality.
Revision 1.111 / (download) - annotate - [select for diffs], Tue May 6 06:09:48 2008 UTC (16 years, 1 month ago) by pyr
Branch: MAIN
Changes since 1.110: +5 -1 lines
Diff to previous 1.110 (colored)
Do not unconditionnaly load pf. If pf isn't required by the configuration the initialisation isn't done properly.
Revision 1.110 / (download) - annotate - [select for diffs], Mon Mar 3 16:47:28 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.109: +7 -1 lines
Diff to previous 1.109 (colored)
Inherit global table options. From Armin Wolfermann ok pyr@ deraadt@
Revision 1.109 / (download) - annotate - [select for diffs], Wed Feb 27 15:36:42 2008 UTC (16 years, 3 months ago) by mpf
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
Unbreak parser by initializing topfile correctly. I got fooled by patch(1). Sorry.
Revision 1.108 / (download) - annotate - [select for diffs], Tue Feb 26 10:09:58 2008 UTC (16 years, 3 months ago) by mpf
Branch: MAIN
Changes since 1.107: +13 -13 lines
Diff to previous 1.107 (colored)
Have popfile() also close the main config file, but only do the final popfile call after yyparse() is done. This also fixes config reload on SIGHUP for some daemons. Spotted by otto@. OK deraadt@
Revision 1.107 / (download) - annotate - [select for diffs], Wed Feb 13 11:32:59 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.106: +2 -1 lines
Diff to previous 1.106 (colored)
bump copyright
Revision 1.106 / (download) - annotate - [select for diffs], Wed Feb 13 11:02:37 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.105: +6 -91 lines
Diff to previous 1.105 (colored)
stylistic change: move code to add protonodes from the BNF into seperate functions in relayd.c (protonode_add/protonode_header). this code got to big to look nice in the BNF statements...
Revision 1.105 / (download) - annotate - [select for diffs], Mon Feb 11 10:53:12 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.104: +1 -2 lines
Diff to previous 1.104 (colored)
unbreak the dns protocol handler, closes pr 5717 Thanks to Nigel Taylor
Revision 1.104 / (download) - annotate - [select for diffs], Mon Feb 11 10:42:50 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.103: +4 -2 lines
Diff to previous 1.103 (colored)
Marry relayd with snmpd using new "send trap" option: Request to send a SNMP trap when the state of a host changes. relayd(8) will try to (re-)connect to snmpd(8) and request it to send a trap to the registered trap receivers, see snmpd.conf(5) for more information about the configuration. ok pyr@ thib@
Revision 1.103 / (download) - annotate - [select for diffs], Thu Jan 31 09:56:28 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.102: +46 -46 lines
Diff to previous 1.102 (colored)
add prefixes to names of structure elements to make it easier to grep for code, next struct relay. knf long line fixes will follow later. ok thib@
Revision 1.102 / (download) - annotate - [select for diffs], Thu Jan 31 09:33:39 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.101: +84 -84 lines
Diff to previous 1.101 (colored)
add prefixes to names of structure elements to make it easier to grep for code, start with struct relayd. finally. ok thib@
Revision 1.101 / (download) - annotate - [select for diffs], Tue Jan 29 10:30:10 2008 UTC (16 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.100: +10 -1 lines
Diff to previous 1.100 (colored)
Free resources now that we don't always exit after an unsuccessful parsing of the configuration. From Igor Zinovik <zinovik at cs.karelia.ru> ok thib@ and me.
Revision 1.100 / (download) - annotate - [select for diffs], Sat Dec 8 20:36:36 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.99: +52 -52 lines
Diff to previous 1.99 (colored)
Rename everything which reffered to services refer to rdr for internals (for instance: rename struct service to struct rdr), refer to redirects otherwise (hoststatectl output). ok reyk@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Dec 8 17:14:26 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.98: +3 -2 lines
Diff to previous 1.98 (colored)
make the generic handler for TCP-based protocols the default (allows to use "protocol foo" without defining a type).
Revision 1.98 / (download) - annotate - [select for diffs], Sat Dec 8 17:07:08 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.97: +253 -261 lines
Diff to previous 1.97 (colored)
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
Revision 1.97 / (download) - annotate - [select for diffs], Fri Dec 7 17:17:00 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.96: +7 -7 lines
Diff to previous 1.96 (colored)
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
Revision 1.96 / (download) - annotate - [select for diffs], Mon Nov 26 09:38:25 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.95: +16 -2 lines
Diff to previous 1.95 (colored)
allow to add labels to protocol actions, they will be printed in http error pages and can be used to refer to additional information. ok pyr@
Revision 1.95 / (download) - annotate - [select for diffs], Sat Nov 24 17:07:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.94: +3 -2 lines
Diff to previous 1.94 (colored)
sort includes, adjust to style(9)
Revision 1.94 / (download) - annotate - [select for diffs], Fri Nov 23 09:39:42 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.93: +39 -14 lines
Diff to previous 1.93 (colored)
re-implement the "mark" action and document it in the manpage: it is possible to attach a mark to a session based on matching an entity (header, url, cookie, ...) and add conditional action for this mark. it works a bit like the tag/tagged keywords in pf, but i decided to pick a different name to avoid confusion. ok pyr@ gilles@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Nov 22 10:09:53 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.92: +45 -2 lines
Diff to previous 1.92 (colored)
add (new) "url" protocol action, this can be used to match/filter URL suffix/prefix expressions like "example.com/index.html?args". a digest mode allows to match against anonymized SHA1/MD5 digests of suffix/prefix expressions.
Revision 1.92 / (download) - annotate - [select for diffs], Wed Nov 21 20:31:03 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
spacing
Revision 1.91 / (download) - annotate - [select for diffs], Wed Nov 21 20:24:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.90: +19 -1 lines
Diff to previous 1.90 (colored)
extend action grammar with "filter value" and "expect value" as a short form for "filter * from value" or "expect * from value".
Revision 1.90 / (download) - annotate - [select for diffs], Wed Nov 21 20:13:20 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.89: +30 -20 lines
Diff to previous 1.89 (colored)
move digest string handling into an extra function.
Revision 1.89 / (download) - annotate - [select for diffs], Wed Nov 21 14:12:04 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.88: +6 -6 lines
Diff to previous 1.88 (colored)
rename the "url" filter action to "query" to use the correct term. please update your hoststated.conf configurations. also add more examples to the manpage. alright pyr@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Nov 21 13:04:42 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.87: +15 -5 lines
Diff to previous 1.87 (colored)
allow the http digest type to be either SHA1 or MD5 determined by the digest string length; it is compatible to any existing SHA1-only configurations. ok pyr@ gilles@
Revision 1.87 / (download) - annotate - [select for diffs], Tue Nov 20 17:08:44 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.86: +5 -1 lines
Diff to previous 1.86 (colored)
allow to use the "include" directive in tables, services, relays, and protocols. ok pyr@
Revision 1.86 / (download) - annotate - [select for diffs], Tue Nov 20 15:54:55 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.85: +23 -2 lines
Diff to previous 1.85 (colored)
it may be desirable to send a HTTP error page with error code and a meaningful message if a HTTP/HTTPS relay closes the connection for some reason. for example, a "403 Forbidden" if the request was rejected by a filter. this will be enabled with the "return error" option and is disabled by default, the standard behaviour is to silently drop the connection; the browser may display an empty page in this case. the look+feel of the HTTP error page can be customized with a CSS style sheet, but we do not intend to allow customization of the error page contents (hoststated is not a webserver!). ok pyr@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Nov 20 15:44:21 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.84: +10 -1 lines
Diff to previous 1.84 (colored)
Allow overriding the global interval in a table. Table specific intervals must be multiples of the global interval. help and ok reyk@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Nov 19 15:31:36 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.83: +10 -9 lines
Diff to previous 1.83 (colored)
spacing
Revision 1.83 / (download) - annotate - [select for diffs], Mon Nov 19 15:20:18 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
knf (replace some ';;' with a single ';')
Revision 1.82 / (download) - annotate - [select for diffs], Mon Nov 19 14:48:19 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.81: +13 -8 lines
Diff to previous 1.81 (colored)
rework the internal handling of protocol actions a little bit: - allow to use a key for multiple times by appending a queue of additional matches to the tree node. for example, this allows to specify multiple "expect" or "filter" actions to white-/black-list a list of HTTP-headers, URLs, .. - prevent specifing an HTTP header for multiple times when using the expect action. - minor code shuffling
Revision 1.81 / (download) - annotate - [select for diffs], Mon Nov 19 14:41:05 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.80: +3 -1 lines
Diff to previous 1.80 (colored)
always enable "late connect" relay mode if an "expect" or "filter" action has been specified for the protocol. late connect mode first reads the complete request (HTTP header) before opening the inbound connection instead of relaying it line-by-line.
Revision 1.80 / (download) - annotate - [select for diffs], Thu Nov 15 17:02:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.79: +8 -5 lines
Diff to previous 1.79 (colored)
Do not insert proto_default inside the dynamically alloced protocol queue. Handle it as a special case in the one place where it actually matters instead.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Nov 14 15:58:04 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.78: +7 -1 lines
Diff to previous 1.78 (colored)
reset global variables everytime we enter parse_config.
Revision 1.78 / (download) - annotate - [select for diffs], Wed Nov 14 10:59:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.77: +8 -7 lines
Diff to previous 1.77 (colored)
make protos dynamic too
Revision 1.77 / (download) - annotate - [select for diffs], Mon Nov 12 23:59:41 2007 UTC (16 years, 6 months ago) by mpf
Branch: MAIN
Changes since 1.76: +2 -10 lines
Diff to previous 1.76 (colored)
Remove space/tab compression function from lgetc() and replace it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@
Revision 1.76 / (download) - annotate - [select for diffs], Sun Nov 4 18:47:17 2007 UTC (16 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.75: +1 -2 lines
Diff to previous 1.75 (colored)
Not using all defined protocols is not a hard error. Just print a warning but start anyway. OK reyk@
Revision 1.75 / (download) - annotate - [select for diffs], Mon Oct 22 16:53:30 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.74: +6 -1 lines
Diff to previous 1.74 (colored)
load certificates text at parse time. then load them in relay processes. this separation will ease reload a bit more. ok reyk@ who spotted a stupid mistake again...
Revision 1.74 / (download) - annotate - [select for diffs], Mon Oct 22 12:18:15 2007 UTC (16 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.73: +18 -2 lines
Diff to previous 1.73 (colored)
add support for the include directive to the configuration file parser, based on the existing hostapd/pfctl code. ok pyr@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Oct 22 08:52:19 2007 UTC (16 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
do not check the file secrecy of hoststated.conf, there is no need to enforce the file ownership and permissions to root:wheel 0400 because we have nothing to hide. ok pyr@
Revision 1.72 / (download) - annotate - [select for diffs], Fri Oct 19 17:33:35 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
print system error when fopen fails.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 19 14:40:51 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.70: +1 -7 lines
Diff to previous 1.70 (colored)
Do log initialisation correctly, like bgpd does. This removes the double warn/log_warn madness i introduced yesterday. This also keeps messages on stderr at startup and when running with -n.
Revision 1.70 / (download) - annotate - [select for diffs], Fri Oct 19 14:15:14 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.69: +7 -6 lines
Diff to previous 1.69 (colored)
Move relays from static TAILQs to allocated ones. This syncs it with other hoststated entities and will make reload easier. This is step 1 out of 7 for reload.
Revision 1.69 / (download) - annotate - [select for diffs], Fri Oct 19 09:08:05 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.68: +7 -1 lines
Diff to previous 1.68 (colored)
keep log_warn messages to be informed when a failure occurs during a reload.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Oct 18 20:52:12 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.67: +6 -9 lines
Diff to previous 1.67 (colored)
unbreak tree
Revision 1.67 / (download) - annotate - [select for diffs], Thu Oct 18 20:49:06 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.66: +11 -8 lines
Diff to previous 1.66 (colored)
extra arg to warn slipped through.
Revision 1.66 / (download) - annotate - [select for diffs], Thu Oct 18 20:32:38 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.65: +8 -6 lines
Diff to previous 1.65 (colored)
repair file security warnings; ok pyr
Revision 1.65 / (download) - annotate - [select for diffs], Tue Oct 16 20:01:23 2007 UTC (16 years, 7 months ago) by mpf
Branch: MAIN
Changes since 1.64: +2 -2 lines
Diff to previous 1.64 (colored)
Allow '=' to end a number in all lexers. Requested and OK deraadt@
Revision 1.64 / (download) - annotate - [select for diffs], Tue Oct 16 06:06:49 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.63: +4 -2 lines
Diff to previous 1.63 (colored)
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr
Revision 1.63 / (download) - annotate - [select for diffs], Sat Oct 13 16:35:21 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.62: +144 -64 lines
Diff to previous 1.62 (colored)
in all these programs using the same pfctl-derived parse.y, re-unify the yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas.
Revision 1.62 / (download) - annotate - [select for diffs], Thu Oct 11 14:39:17 2007 UTC (16 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.61: +21 -21 lines
Diff to previous 1.61 (colored)
next step in the yylex unification: handle quoted strings in a nicer fashion as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others
Revision 1.61 / (download) - annotate - [select for diffs], Tue Oct 9 22:32:52 2007 UTC (16 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
use macro argument
Revision 1.60 / (download) - annotate - [select for diffs], Fri Oct 5 15:50:56 2007 UTC (16 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)
cast to an int
Revision 1.59 / (download) - annotate - [select for diffs], Tue Oct 2 21:04:13 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.58: +28 -29 lines
Diff to previous 1.58 (colored)
stop messing with lgetc to please hoststated's check/expect. instead move some of the logic in yylex and do hoststated specific translations into hoststated.c ok gilles@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Oct 2 07:21:04 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.57: +11 -5 lines
Diff to previous 1.57 (colored)
clean up merged code.
Revision 1.57 / (download) - annotate - [select for diffs], Mon Oct 1 19:12:33 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.56: +103 -47 lines
Diff to previous 1.56 (colored)
Add NUMBER to hoststated's lexer, very similar to what has gone in in the other daemons recently. Prompted and based on work by deraadt@ proofread and ok gilles@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Oct 1 12:34:02 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
keep lines < 80.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Sep 28 13:29:56 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
Correct my mail address.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Sep 10 11:59:22 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.53: +3 -1 lines
Diff to previous 1.53 (colored)
add support for relaying DNS traffic (with a little bit of packet header randomization). this adds an infrastructure to support UDP-based protocols. ok gilles@, tested by some
Revision 1.53 / (download) - annotate - [select for diffs], Fri Sep 7 07:54:58 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
store the table's port as the relay's dstport
Revision 1.52 / (download) - annotate - [select for diffs], Wed Sep 5 08:48:42 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
store relay sessions in SPLAY trees instead of TAILQ lists. this will be used for faster lookups of sessions based on different criteria. ok pyr@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Sep 4 14:15:05 2007 UTC (16 years, 9 months ago) by pyr
Branch: MAIN
Changes since 1.50: +23 -10 lines
Diff to previous 1.50 (colored)
Add the ability to specify a host header when using http(s) check methods. Prodded by me, done by Gille Chehade <veins@evilkittens.org> ok reyk, jmc for the manpage bits.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Jul 5 09:42:26 2007 UTC (16 years, 11 months ago) by thib
Branch: MAIN
Changes since 1.49: +7 -5 lines
Diff to previous 1.49 (colored)
use a more traditional while() instead of for() for getopt(). sync usage() to the man page. format string fixes. complain about failed calloc()'s instead of exiting silently. ok pry@,reyk@
Revision 1.49 / (download) - annotate - [select for diffs], Thu May 31 18:58:09 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.48: +3 -1 lines
Diff to previous 1.48 (colored)
do not forget to store table and backup table ids in the service configuration struct.
Revision 1.48 / (download) - annotate - [select for diffs], Thu May 31 18:20:03 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.47: +4 -1 lines
Diff to previous 1.47 (colored)
make sure object ids are reset before parsing the configuration file again.
Revision 1.47 / (download) - annotate - [select for diffs], Thu May 31 03:24:05 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.46: +14 -12 lines
Diff to previous 1.46 (colored)
allocate table lists and service lists instead of using static structs. split the code to start the event loop in two functions. introduce merge_config which will be used later on.
Revision 1.46 / (download) - annotate - [select for diffs], Tue May 29 18:59:54 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.45: +4 -1 lines
Diff to previous 1.45 (colored)
do not start relay processes when no L7 load balancing is needed. ok reyk@
Revision 1.45 / (download) - annotate - [select for diffs], Tue May 29 17:12:04 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.44: +14 -2 lines
Diff to previous 1.44 (colored)
add a new check method which allows to run external scripts/programs for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.
Revision 1.44 / (download) - annotate - [select for diffs], Tue May 29 00:48:04 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.43: +10 -5 lines
Diff to previous 1.43 (colored)
move the ssl cipher suite string to a (small) static charbuf, this will make it easier to send the struct over the socket.
Revision 1.43 / (download) - annotate - [select for diffs], Tue May 29 00:21:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.42: +49 -41 lines
Diff to previous 1.42 (colored)
move struct relay to the runtime + config scheme. this time around, include hoststatectl changes too.
Revision 1.42 / (download) - annotate - [select for diffs], Mon May 28 17:37:16 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.41: +2 -1 lines
Diff to previous 1.41 (colored)
store the configuration file's path, this will be useful when reloading.
Revision 1.41 / (download) - annotate - [select for diffs], Sun May 27 20:53:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.40: +99 -82 lines
Diff to previous 1.40 (colored)
Second step towards hoststated reload: First split out hosts, tables and services into to structs, one that contains the runtime fields and one (inside the runtime) that contains mostly static fields that will be sent over the socket during reload. Also move the demoted field of tables inside the flags field as its just a boolean. ok reyk@
Revision 1.40 / (download) - annotate - [select for diffs], Sun May 27 19:21:15 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.39: +133 -42 lines
Diff to previous 1.39 (colored)
allow to specify table templates in the configuration file and to inherit them from multiple services or relays. this is useful if you want to use a table with the same list of hosts but different ports as specified in the relay or service section. this makes mcbride more happy ok pyr@
Revision 1.39 / (download) - annotate - [select for diffs], Sat May 26 19:58:49 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.38: +10 -8 lines
Diff to previous 1.38 (colored)
first steps for implementing reload: * make parse_config allocate the hoststated function by itself * make as many sockets as necessary to talk to the relay children * add send_all for talking to all children with advise and ok reyk@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Apr 12 14:45:45 2007 UTC (17 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.37: +7 -2 lines
Diff to previous 1.37 (colored)
add a new relay 'path' action to filter the URL path and arguments. ok pyr@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Mar 21 00:08:08 2007 UTC (17 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.36: +10 -4 lines
Diff to previous 1.36 (colored)
in addition to the host retry option in tables, add support for the optional connection "retry" to the forward to, service, and nat lookup options. for example, "nat lookup retry 3" is useful when running hoststated as a transparent proxy when connecting to unreliable frontend/backend servers. ok pyr@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Mar 13 12:04:52 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.35: +17 -2 lines
Diff to previous 1.35 (colored)
allow to specify the IP_TTL and IP_MINTTL options for the relays to support the Generalized TTL Security Mechanism (GTSM) according to RFC 3682. this is especially useful with inbound connections and a fixed distance to the backend servers. ok pyr@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Mar 7 17:40:32 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.34: +2 -1 lines
Diff to previous 1.34 (colored)
- fix the hoststatectl host disable/enable commands to work with relay layer 7 loadbalancing. - allow to run relays with tables without depending on services - show hosts and tables assigned to relays in hoststatectl show commands ok pyr@ deraadt@ with some input from mcbride@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Mar 6 19:26:46 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.33: +9 -4 lines
Diff to previous 1.33 (colored)
add support for handling simple HTTP cookies (no per-path/domain cookies yet), for example: cookie hash "JSESSIONID" tested by some people ok pyr@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Feb 27 13:38:58 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.32: +36 -18 lines
Diff to previous 1.32 (colored)
in addition to actions on request headers, allow to define relay actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@
Revision 1.32 / (download) - annotate - [select for diffs], Mon Feb 26 20:48:48 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.31: +17 -17 lines
Diff to previous 1.31 (colored)
kill the ``use ssl'' directive for consistency across parser directives. another heads up for testers: you need to change configuration files. ok reyk@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Feb 26 19:58:04 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.30: +32 -34 lines
Diff to previous 1.30 (colored)
remove HTTP and HTTPS tokens, makes for cleaner parser. reorder other rules as well. ok reyk@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 26 19:25:05 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.29: +42 -42 lines
Diff to previous 1.29 (colored)
solve some conflicts in the configuration parser. configuration will need to be updated as some directives have changed. manpage and examples bits coming up. ok reyk@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 26 13:31:21 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.28: +7 -7 lines
Diff to previous 1.28 (colored)
KNF
Revision 1.28 / (download) - annotate - [select for diffs], Mon Feb 26 13:03:30 2007 UTC (17 years, 3 months ago) by pyr
Branch: MAIN
Changes since 1.27: +3 -4 lines
Diff to previous 1.27 (colored)
Change the ``virtual ip'' directive to ``virtual host''. You will need to update your configuration files accordingly. "just do it", reyk@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 24 00:22:32 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.26: +95 -18 lines
Diff to previous 1.26 (colored)
- allow to specify the SSL cipher suite and the SSL protocols (as required by the PCI DSS) - increase the default listen backlog to 10, allow to modify the backlog as a per-protocol tcp option to improve the performance on busy systems (to get less connection failures on heavy load) - close the connection if SSL_accept returned an error - instead of logging _new_ relay sessions to syslog, log the sessions in relay_close() after they have been _finished_. this will allow to collect some additional information - add a new log keyword to log specified header/url entities (useful to track "bad guys" using many session ids or multiple user agents) - some minor fixes, manpage bits, and bump the copyright (by some reason, i didn't realize that we already have 2007...).
Revision 1.26 / (download) - annotate - [select for diffs], Thu Feb 22 03:32:39 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.25: +480 -9 lines
Diff to previous 1.25 (colored)
Add layer 7 functionality to hoststated used for layer 7 loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 9 17:55:49 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)
unbreak the symset function
Revision 1.24 / (download) - annotate - [select for diffs], Thu Feb 8 13:32:24 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.23: +9 -6 lines
Diff to previous 1.23 (colored)
carefully check some return values and make lint happier. never pass any truncated strings (table names/anchors/tags/...) to pf and the kernel. ok pyr@
Revision 1.23 / (download) - annotate - [select for diffs], Wed Feb 7 15:17:46 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.22: +11 -2 lines
Diff to previous 1.22 (colored)
add new "log (updates|all)" configuration option to log state notifications after completed host checks. either only log the "updates" to new states or log "all" state notifications, even if the state didn't change. the log messages will be reported to syslog or to stderr if the daemon is running in foreground mode. ok claudio@ pyr@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Feb 7 13:39:58 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.21: +1 -2 lines
Diff to previous 1.21 (colored)
remove unused functions and variables which have been copied from ospfd(8) (can be re-imported later if required).
Revision 1.21 / (download) - annotate - [select for diffs], Wed Feb 7 13:30:17 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.20: +1 -2 lines
Diff to previous 1.20 (colored)
add the -D option to define macros on the command line (as found in bgpd(8), hostapd(8), ipsecctl(8), pfctl(8), ...).
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jan 30 10:12:06 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.19: +15 -15 lines
Diff to previous 1.19 (colored)
small memleak plugged and style changes. ok reyk@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 29 14:23:31 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.18: +45 -9 lines
Diff to previous 1.18 (colored)
Add SSL support to hoststated. with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 25 19:40:08 2007 UTC (17 years, 4 months ago) by niallo
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
return 0, not NULL in a function returning int. ok pyr@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jan 24 06:31:09 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.16: +20 -12 lines
Diff to previous 1.16 (colored)
Better handling of escaped CR-LF in the configuration file, commenting them out was previously broken. This is needed for send/expect scripts. ok claudio@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 12 16:43:01 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.15: +15 -23 lines
Diff to previous 1.15 (colored)
eliminate duplicate tcp read/write code. ok claudio@, reyk@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jan 9 13:50:11 2007 UTC (17 years, 5 months ago) by pyr
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
Finish renaming hostated to hoststated. Note to testers: the user the daemon changes its id to is now _hoststated, don't forget to update master.passwd. ok reyk@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jan 9 00:45:32 2007 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
adapt to rename
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 8 20:46:18 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.12: +4 -10 lines
Diff to previous 1.12 (colored)
do NOT use the regexp interface. it is way to complicated, error-prone and we don't know about all the possible security problems. change the check send/expect code to use the fnmatch(3) interface using shell globbing rules instead. this allows simple patterns like "220 * ESMTP*" or "SSH-[12].??-*". suggested by deraadt@ and otto@ ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jan 8 17:10:23 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.11: +43 -18 lines
Diff to previous 1.11 (colored)
allow to use service names in addition to numerical port numbers in the configuration file, eg. "real port http". > From Pierre-Yves Ritschard (pyr at spootnik dot org) ok claudio@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 8 16:50:04 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.10: +16 -4 lines
Diff to previous 1.10 (colored)
the timeout values are not allowed to exceed the global interval (i figured this out while testing hostated against a stottering spamd where the send/expect timeout needs be > 10 seconds). also use another struct timeval to store the interval for easier handling in the code. ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jan 8 14:30:31 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.9: +2 -3 lines
Diff to previous 1.9 (colored)
remove unused token.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 8 13:37:26 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.8: +43 -3 lines
Diff to previous 1.8 (colored)
add a generic send/expect check using regular expression (see regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 3 09:45:29 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.7: +4 -3 lines
Diff to previous 1.7 (colored)
spacing
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jan 3 09:42:30 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.6: +4 -2 lines
Diff to previous 1.6 (colored)
allow the sticky-address option for round-robin pools. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.6 / (download) - annotate - [select for diffs], Mon Dec 25 19:05:41 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.5: +18 -6 lines
Diff to previous 1.5 (colored)
fix the conversion from milliseconds to struct timeval, which uses seconds (tv_sec) and microseconds (tv_usec), but the code assumed seconds and milliseconds...
Revision 1.5 / (download) - annotate - [select for diffs], Mon Dec 25 18:12:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.4: +4 -2 lines
Diff to previous 1.4 (colored)
partial rewrite of the check_* routines to use libevent everywhere instead of nested select() calls and to handle the non-blocking sockets properly. From Pierre-Yves Ritschard (pyr at spootnik dot org) (with a little help by me)
Revision 1.4 / (download) - annotate - [select for diffs], Sat Dec 16 18:05:35 2006 UTC (17 years, 5 months ago) by martin
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
typo
Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 16 17:48:27 2006 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +31 -32 lines
Diff to previous 1.2 (colored)
spacing
Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 16 12:42:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.1: +41 -41 lines
Diff to previous 1.1 (colored)
knf, spacing please note that some editors will replace tabs with multiple spaces if you cut & paste code from other sections. please try to keep the tabs ;).
Revision 1.1 / (download) - annotate - [select for diffs], Sat Dec 16 11:45:07 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Import hostated, the host status daemon. This daemon will monitor remote hosts and dynamically alter pf(4) tables and redirection rules for active server load balancing. The daemon has been written by Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as "slbd". The daemon is fully functional but it still needs some work and cleanup so we don't link it to the build yet. Some TODOs are a partial rewrite of the check_* routines (use libevent whenever we can), improvement of the manpages, and general knf and cleanup. ok deraadt@ claudio@