Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.65 / (download) - annotate - [select for diffs], Thu Sep 14 09:54:31 2023 UTC (8 months, 3 weeks ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.64: +1 -15 lines
Diff to previous 1.64 (colored)
Revert the previous. It was committed by my mistake.
Revision 1.64 / (download) - annotate - [select for diffs], Thu Sep 14 09:51:14 2023 UTC (8 months, 3 weeks ago) by yasuoka
Branch: MAIN
Changes since 1.63: +15 -1 lines
Diff to previous 1.63 (colored)
Clarify the interval after 30sec.
Revision 1.63 / (download) - annotate - [select for diffs], Fri Jun 30 12:16:00 2023 UTC (11 months, 1 week ago) by sashan
Branch: MAIN
Changes since 1.62: +3 -2 lines
Diff to previous 1.62 (colored)
let check_table() also print table@anchor when it exits unexpectedly via call to fatal() OK claudio@
Revision 1.62 / (download) - annotate - [select for diffs], Sun May 28 10:39:15 2017 UTC (7 years ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.61: +23 -23 lines
Diff to previous 1.61 (colored)
use __func__ in log messages. fix some whitespace while here. From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks! ok florian, claudio
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jan 24 10:49:14 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.60: +1 -32 lines
Diff to previous 1.60 (colored)
move the opening of /dev/pf from the parent process to the pfe process where it is used. Currently pf is opened on every reload, that will no longer be possible in the future with pledged programms that do ioctls. This prepares relayd for that change. ok deraadt@, meinetwegen reyk@
Revision 1.60 / (download) - annotate - [select for diffs], Fri Sep 2 14:45:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.59: +10 -10 lines
Diff to previous 1.59 (colored)
Split "struct relayd" into two structs: "struct relayd" and "struct relayd_config". This way we can send all the relevant global configuration to the children, not just the flags and the opts. With input from and OK claudio@ benno@
Revision 1.59 / (download) - annotate - [select for diffs], Sun Nov 29 01:20:33 2015 UTC (8 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.58: +3 -2 lines
Diff to previous 1.58 (colored)
Use pledge("pf") in pfe.c. Move getrtable() from pfe to parent process, since its in the way of pledge. ok deraadt@, feedback from reyk@ on previous version.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jan 22 17:42:09 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.57: +3 -6 lines
Diff to previous 1.57 (colored)
Clean up the relayd headers with help of include-what-you-use and some manual review. Based on common practice, relayd.h now includes the necessary headers for itself. OK benno@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Jan 22 15:21:28 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.56: +3 -2 lines
Diff to previous 1.56 (colored)
spacing
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jan 21 21:50:33 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.55: +3 -3 lines
Diff to previous 1.55 (colored)
Include <netinet/in.h> before <net/pfvar.h>. In a future change when ports is ready, <net/pfvar.h> will stop including a pile of balony.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Jan 16 15:06:40 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.54: +4 -2 lines
Diff to previous 1.54 (colored)
Adapt to <limits.h> universe. ok millert
Revision 1.54 / (download) - annotate - [select for diffs], Tue Dec 23 13:18:23 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.53: +10 -1 lines
Diff to previous 1.53 (colored)
pf now supports source-hash and random with tables so we can allow it in redirections. Thanks for help and input from jsg and yasuoka who reminded me to dig out and update these old diffs for pf and relayd. ok jsg@
Revision 1.53 / (download) - annotate - [select for diffs], Sat Apr 27 16:39:30 2013 UTC (11 years, 1 month ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
time_t 64bit fixes for relayd and relayctl: - fix statistics - set INT_MAX limit on session timeouts - make sure we dont use to large session timeouts in pf redirects and openssl tested with old and new time_t ok florian@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Oct 19 16:49:50 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.51: +13 -2 lines
Diff to previous 1.51 (colored)
Support additional scheduling algorithms in the load balancer: least-states, random, source-hash. least-states is currently only supported for redirections and the other ones are currently only supported by relays. ok benno@
Revision 1.51 / (download) - annotate - [select for diffs], Thu Oct 4 20:53:30 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
spacing
Revision 1.50 / (download) - annotate - [select for diffs], Tue Sep 18 10:11:53 2012 UTC (11 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.49: +1 -2 lines
Diff to previous 1.49 (colored)
prio 0 is valid, therefore, I chose an "impossible" value for prio meaning "not set" and used a PF_PRIO_NOTSET define for it. now that means that everything that creates a struct pf_rule doesn't get away with bzero'ing it, which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead, make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio should be set. ok benno claudio mikeb
Revision 1.49 / (download) - annotate - [select for diffs], Sat Jul 7 16:24:32 2012 UTC (11 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.48: +1 -1 lines
Diff to previous 1.48 (colored)
rename prio in struct pf_rule and related structs to set_prio so it is utterly clear this is not a filter criteria but a packet modification thing. also preparation for upcoming changes, including one to unscrew this mess (I should not have to touch half the tree for this - ifixitlater) not user visible, ok gcc
Revision 1.48 / (download) - annotate - [select for diffs], Fri Mar 9 13:50:07 2012 UTC (12 years, 3 months ago) by benno
Branch: MAIN
Changes since 1.47: +3 -1 lines
Diff to previous 1.47 (colored)
set onrdomain and prio when creating pf rules, found by Gabriel Linder. ok henning@ phessler@ camield@ "looks good to me" mkb@
Revision 1.47 / (download) - annotate - [select for diffs], Thu May 19 08:56:49 2011 UTC (13 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.46: +12 -7 lines
Diff to previous 1.46 (colored)
Fix reload support in relayd(8) by reimplementing large parts of the daemon infrastructure. The previous design made it fairly hard to reload the complex data structures, especially relays and protocols. One of the reasons was that the privsep'd relayd processes had two ways of getting their configuration: 1) from memory after forking from the parent process and 2) and (partially) via imsgs after reload. The new implementation first forks the privsep'd children before the parents loads the configuration and sends it via imsgs to them; so it is only like 2) before. It is based on an approach that I first implemented for iked(8) and I also fixed many bugs in the code. Thanks to many testers including dlg@ sthen@ phessler@ ok pyr@ dlg@ sthen@
Revision 1.46 / (download) - annotate - [select for diffs], Thu May 5 12:01:44 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.45: +16 -17 lines
Diff to previous 1.45 (colored)
Update all logging and debug functions to use the __func__ macro instead of static function names. __func__ is C99 and perfectly fine to use. It also avoids printing errors; for example if a statement log_debug("foo:"..) was moved or copied from function foo() to bar() and the log message was not updated...
Revision 1.45 / (download) - annotate - [select for diffs], Tue Oct 26 15:04:37 2010 UTC (13 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.44: +8 -3 lines
Diff to previous 1.44 (colored)
redirects are loaded as "pass in quick ... rdr-to" pf rules by default. In some cases it is desired to load the rules as "match in" without "quick" to allow additional filtering or applying additional rule/state options, eg. to add an overload table for DOS mitigation. Add the optional "match" keyword for the redirect "tag" option to change the pf rule type accordingly. ok jsg@ mikeb@
Revision 1.44 / (download) - annotate - [select for diffs], Thu Sep 2 14:03:22 2010 UTC (13 years, 9 months ago) by sobrado
Branch: MAIN
Changes since 1.43: +5 -5 lines
Diff to previous 1.43 (colored)
remove trailing spaces and tabs from source code; no binary changes (verified by both sthen@ and me). ok sthen@; "just commit it" claudio@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Mar 24 16:29:37 2010 UTC (14 years, 2 months ago) by pyr
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.42: +7 -1 lines
Diff to previous 1.42 (colored)
DSR got broken with the move towards the new pf. This fixes it. Found out by Laurent Lavaud & myself. "looks olrite" henning@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jan 12 23:27:23 2010 UTC (14 years, 4 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.41: +1 -0 lines
Diff to previous 1.41 (colored)
when generating rdr rules, ensure the nat address is PF_ADDR_NONE to avoid confusing pf.
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jan 12 03:20:51 2010 UTC (14 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.40: +7 -15 lines
Diff to previous 1.40 (colored)
First pass at removing the 'pf_pool' mechanism for translation and routing actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
Revision 1.40 / (download) - annotate - [select for diffs], Mon Nov 23 00:45:41 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Unbreak tree, rs_num is now type and while there use PF_TRANS_RULESET instead of the hardcoded 0. OK henning@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Sep 1 13:43:36 2009 UTC (14 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.38: +37 -41 lines
Diff to previous 1.38 (colored)
sync with new pf ok henning@
Revision 1.38 / (download) - annotate - [select for diffs], Fri Apr 24 14:20:24 2009 UTC (15 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.37: +6 -4 lines
Diff to previous 1.37 (colored)
Allow UDP and/or TCP redirections instead of just TCP. Thanks to Marek Grzybowski for feedback and testing. ok jmc@ (manpage bits)
Revision 1.37 / (download) - annotate - [select for diffs], Wed Apr 1 14:08:53 2009 UTC (15 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.36: +8 -5 lines
Diff to previous 1.36 (colored)
terminate and cleanup properly by setting the pf anchor names correctly (anchor names with characters after the terminating NUL byte are considered invalid). Thanks to camield@
Revision 1.36 / (download) - annotate - [select for diffs], Mon Dec 8 10:59:44 2008 UTC (15 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.35: +56 -10 lines
Diff to previous 1.35 (colored)
change the handling of redirections with the sticky-address option set: instead of flushing the complete source tracking table (sticky addresses) in pf on host state changes, just flush the entries for hosts that have been marked as down in the relayd table. this fixes ugly problems with users loosing their sessions if another host or redirection was going down. ok cloder@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Dec 4 17:13:20 2008 UTC (15 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.34: +7 -5 lines
Diff to previous 1.34 (colored)
cosmetic changes: - log table changes in sync_table() if "log updates" is enabled. before we only logged these changes in debug mode when running relayd in foreground. - type in a log message
Revision 1.34 / (download) - annotate - [select for diffs], Mon Sep 29 15:12:22 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
spacing
Revision 1.33 / (download) - annotate - [select for diffs], Mon Sep 29 09:58:51 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.32: +10 -5 lines
Diff to previous 1.32 (colored)
allow to listen on a port range for redirections. this fixes stickyness with web applications that cannot do the clustering on their own and require stickyness with HTTP to HTTPS migration. this is required in many cases; it is a true fact that we cannot always fix the backend application in the real world. Tested and requested by many
Revision 1.32 / (download) - annotate - [select for diffs], Wed Jul 16 14:38:33 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.31: +10 -11 lines
Diff to previous 1.31 (colored)
fix nat lookup to use the correct pf_addr offset. now it also works with ipv6.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Jul 9 14:57:01 2008 UTC (15 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
also set the protocol, either TCP or UDP, in the NAT lookup. this unbreaks NAT lookups with UDP; tested as a transparent DNS relay.
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jun 11 18:21:19 2008 UTC (16 years ago) by reyk
Branch: MAIN
Changes since 1.29: +11 -4 lines
Diff to previous 1.29 (colored)
add support for "transparent" forwarding in relays: normally the l7 relay will connect to the target host with its own ip address, but this mode will let it use the address of the client that is connecting from the other side. for example, there is no need to add the X-Forwarded-For HTTP headers for internal webservers in this mode anymore since they magically see the remote client ip address in the connection. it also allows to build fully-transparent ssl encapsulation for tcp sessions and many other things... based on an initial idea from dlg@ and pascoe@ (dlg's talk at opencon) using the new BINDANY and divert-reply interfaces from markus@ (since n2k8) ok markus@ pyr@
Revision 1.29 / (download) - annotate - [select for diffs], Tue Jun 10 23:12:36 2008 UTC (16 years ago) by reyk
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
set the inactivity timeout of redirections to a shorter timeout of 600 seconds by default (pf's default is 86400s), they can be cranked with the "session timeout" directive and it is consistent to relay session timeouts. also remove the hack to modify the closing timeout because pf's sloppy state handling is taking care about half connection closing now.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jun 10 22:02:28 2008 UTC (16 years ago) by reyk
Branch: MAIN
Changes since 1.27: +4 -3 lines
Diff to previous 1.27 (colored)
use sloppy pf state keeping for routed sessions (direct server return) where we only see the client side of the TCP session; this removes the timeout limitations that we had before. document "route to" in the manpage since it is fully working now.
Revision 1.27 / (download) - annotate - [select for diffs], Fri May 16 14:47:58 2008 UTC (16 years ago) by pyr
Branch: MAIN
Changes since 1.26: +6 -2 lines
Diff to previous 1.26 (colored)
Clear source nodes on table changes in sticky mode. This has the disadvantage of removing valid src nodes, but the advantage of not sending out traffic to hosts that are not up anymore. From a diff by <mkoc@prime.pl>, ok reyk@
Revision 1.26 / (download) - annotate - [select for diffs], Wed May 7 01:49:29 2008 UTC (16 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.25: +53 -18 lines
Diff to previous 1.25 (colored)
add an alternative "route to" mode to relayd redirections which maps to pf route-to instead of the default rdr. it is a first steps towards support for "direct server return" (dsr), an asynchronous mode where the load balanced servers send the replies to a different gateway like a l3 switch/router to handle higher amounts of return traffic. because the state handling in pf isn't optimal for this case yet, it just sees half of the TCP connection, the sessions are forced to time out after fixed number of seconds. discussed with many, thought about in the onsen
Revision 1.25 / (download) - annotate - [select for diffs], Tue May 6 11:52:49 2008 UTC (16 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.24: +6 -1 lines
Diff to previous 1.24 (colored)
fix the table stats clr ioctl
Revision 1.24 / (download) - annotate - [select for diffs], Tue May 6 06:09:48 2008 UTC (16 years, 1 month ago) by pyr
Branch: MAIN
Changes since 1.23: +25 -1 lines
Diff to previous 1.23 (colored)
Do not unconditionnaly load pf. If pf isn't required by the configuration the initialisation isn't done properly.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Jan 31 09:33:39 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.22: +33 -33 lines
Diff to previous 1.22 (colored)
add prefixes to names of structure elements to make it easier to grep for code, start with struct relayd. finally. ok thib@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Dec 20 20:15:43 2007 UTC (16 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.21: +38 -2 lines
Diff to previous 1.21 (colored)
implement statistics for redirections, like the existing statistics for relays. they can be viewed with the new "relayctl show redirects" command. (uses the previous change to pf_table.c to get the statistics) looks good pyr@
Revision 1.21 / (download) - annotate - [select for diffs], Sat Dec 8 20:36:36 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.20: +33 -33 lines
Diff to previous 1.20 (colored)
Rename everything which reffered to services refer to rdr for internals (for instance: rename struct service to struct rdr), refer to redirects otherwise (hoststatectl output). ok reyk@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Dec 7 17:17:00 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.19: +24 -24 lines
Diff to previous 1.19 (colored)
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
Revision 1.19 / (download) - annotate - [select for diffs], Sat Nov 24 17:07:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)
sort includes, adjust to style(9)
Revision 1.18 / (download) - annotate - [select for diffs], Fri Sep 28 13:29:56 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Correct my mail address.
Revision 1.17 / (download) - annotate - [select for diffs], Thu May 31 03:24:05 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.16: +5 -5 lines
Diff to previous 1.16 (colored)
allocate table lists and service lists instead of using static structs. split the code to start the event loop in two functions. introduce merge_config which will be used later on.
Revision 1.16 / (download) - annotate - [select for diffs], Sun May 27 20:53:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.15: +19 -19 lines
Diff to previous 1.15 (colored)
Second step towards hoststated reload: First split out hosts, tables and services into to structs, one that contains the runtime fields and one (inside the runtime) that contains mostly static fields that will be sent over the socket during reload. Also move the demoted field of tables inside the flags field as its just a boolean. ok reyk@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 22 05:58:06 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.14: +9 -6 lines
Diff to previous 1.14 (colored)
spacing
Revision 1.14 / (download) - annotate - [select for diffs], Thu Feb 22 03:32:40 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.13: +73 -1 lines
Diff to previous 1.13 (colored)
Add layer 7 functionality to hoststated used for layer 7 loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Feb 20 04:06:17 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
use HOST_UP instead of an hard coded integer
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 8 13:32:24 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.11: +99 -39 lines
Diff to previous 1.11 (colored)
carefully check some return values and make lint happier. never pass any truncated strings (table names/anchors/tags/...) to pf and the kernel. ok pyr@
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 7 14:45:12 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
more log_debug() cleanup
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jan 29 14:23:31 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)
Add SSL support to hoststated. with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 9 13:50:11 2007 UTC (17 years, 5 months ago) by pyr
Branch: MAIN
Changes since 1.8: +20 -20 lines
Diff to previous 1.8 (colored)
Finish renaming hostated to hoststated. Note to testers: the user the daemon changes its id to is now _hoststated, don't forget to update master.passwd. ok reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 9 00:45:32 2007 UTC (17 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
adapt to rename
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jan 8 20:46:18 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)
do NOT use the regexp interface. it is way to complicated, error-prone and we don't know about all the possible security problems. change the check send/expect code to use the fnmatch(3) interface using shell globbing rules instead. this allows simple patterns like "220 * ESMTP*" or "SSH-[12].??-*". suggested by deraadt@ and otto@ ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 8 17:10:23 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
allow to use service names in addition to numerical port numbers in the configuration file, eg. "real port http". > From Pierre-Yves Ritschard (pyr at spootnik dot org) ok claudio@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 8 13:37:26 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
add a generic send/expect check using regular expression (see regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 5 16:39:23 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.3: +5 -1 lines
Diff to previous 1.3 (colored)
Fix two small memleaks From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jan 3 09:42:30 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)
allow the sticky-address option for round-robin pools. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 16 12:42:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.1: +34 -34 lines
Diff to previous 1.1 (colored)
knf, spacing please note that some editors will replace tabs with multiple spaces if you cut & paste code from other sections. please try to keep the tabs ;).
Revision 1.1 / (download) - annotate - [select for diffs], Sat Dec 16 11:45:07 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Import hostated, the host status daemon. This daemon will monitor remote hosts and dynamically alter pf(4) tables and redirection rules for active server load balancing. The daemon has been written by Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as "slbd". The daemon is fully functional but it still needs some work and cleanup so we don't link it to the build yet. Some TODOs are a partial rewrite of the check_* routines (use libevent whenever we can), improvement of the manpages, and general knf and cleanup. ok deraadt@ claudio@