![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.87 / (download) - annotate - [select for diffs], Fri Dec 1 16:48:40 2023 UTC (6 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.86: +34 -16 lines
Diff to previous 1.86 (colored)
relay_read_http: strip out Content-Length if we strip the body too We should not forward Content-Length if the body is not also forwarded.
Revision 1.86 / (download) - annotate - [select for diffs], Wed Nov 29 15:35:07 2023 UTC (6 months ago) by millert
Branch: MAIN
Changes since 1.85: +249 -223 lines
Diff to previous 1.85 (colored)
relay_read_http: defer header parsing until after line continuation Wait until we have a complete line before parsing the Content-Length, Transfer-Encoding and Host headers. This prevents potential request smuggling attacks. Filtering already happens after header line continuation has been performed. Reported by Ben Kallus. OK claudio@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Nov 28 18:36:55 2023 UTC (6 months ago) by millert
Branch: MAIN
Changes since 1.84: +66 -17 lines
Diff to previous 1.84 (colored)
relay_read_http: tighten up header parsing 1) reject headers with embedded NULs 2) reject headers with invalid characters in the name 3) reject Transfer-Encoding with values other than "chunked" 4) reject chunk values containing non-hex characters 5) reject Content-Length values of "+0" or "-0" 6) reject requests without a ' ' and headers without a ':' Reported by Ben Kallus, OK bluhm@
Revision 1.84 / (download) - annotate - [select for diffs], Wed Dec 28 21:38:29 2022 UTC (17 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.83: +3 -3 lines
Diff to previous 1.83 (colored)
{en,de}queing -> {en,de}queuing; from paul tagliamonte
Revision 1.83 / (download) - annotate - [select for diffs], Sat Oct 23 20:46:18 2021 UTC (2 years, 7 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.82: +14 -3 lines
Diff to previous 1.82 (colored)
do not duplicate "Connection: close" headers and only add it if its not a websockets response. Reported by Marcus MERIGHI and Jonathon Fletcher, this fix is by Jonathon, Thanks! ok claudio@
Revision 1.81.2.1 / (download) - annotate - [select for diffs], Sun Jul 25 20:37:23 2021 UTC (2 years, 10 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored) next main 1.82 (colored)
relayd(8), when using the the http protocol strip filter directive or http
protocol macro expansion, processes format strings.
Original commit in current:
Modified files:
usr.sbin/relayd: relay_http.c (1.82) relayd.h (1.268)
The output of server_root_strip() is a string. Use the correct format
"%s". Same for the output of relay_expand_http().
with and ok claudio@
Found by Cedric Tessier, thanks!
This is patches/6.9/common/010_relayd.patch.sig
Revision 1.82 / (download) - annotate - [select for diffs], Sun Jul 25 20:31:41 2021 UTC (2 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
The output of server_root_strip() is a string. Use the correct format "%s". Same for the output of relay_expand_http(). with and ok claudio@ Found by Cedric Tessier, thanks!
Revision 1.81 / (download) - annotate - [select for diffs], Wed Mar 24 20:59:54 2021 UTC (3 years, 2 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.80: +85 -11 lines
Diff to previous 1.80 (colored)
Responses to HEAD requests must not have a message body (even though they have a Content-Length header). HTTP RFC 7231 section 4.3.2. found by niklas@, claudio@ agrees.
Revision 1.80 / (download) - annotate - [select for diffs], Sat Jan 9 08:53:58 2021 UTC (3 years, 4 months ago) by denis
Branch: MAIN
Changes since 1.79: +37 -9 lines
Diff to previous 1.79 (colored)
Add 'strip' directive Feedback by Olivier Cherrier, Hiltjo Posthuma, Mischa OK benno@
Revision 1.79 / (download) - annotate - [select for diffs], Fri Sep 4 13:09:14 2020 UTC (3 years, 8 months ago) by bket
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.78: +3 -6 lines
Diff to previous 1.78 (colored)
Replace TAILQ concatenation loop with TAILQ_CONCAT OK millert@, florian@
Revision 1.78 / (download) - annotate - [select for diffs], Sat Jul 13 06:53:00 2019 UTC (4 years, 10 months ago) by chrisz
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.77: +4 -2 lines
Diff to previous 1.77 (colored)
Don't "forward to <table>" when a "forward to destination" address is set. This matches the documented behaviour. On matching "forward to <table>" filter rules the "forward to destination" address is unset, so that in that case the "forward to <table>" rule is still used. OK benno@, regression tests still passing.
Revision 1.77 / (download) - annotate - [select for diffs], Fri Jul 5 13:42:06 2019 UTC (4 years, 10 months ago) by robert
Branch: MAIN
Changes since 1.76: +21 -4 lines
Diff to previous 1.76 (colored)
Add a new macro called $HOST that expands to the Host header's value or falls back to the same value as $SERVER_ADDR in case the Host header is not available. ok reyk@
Revision 1.76 / (download) - annotate - [select for diffs], Mon May 13 15:19:16 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.75: +10 -1 lines
Diff to previous 1.75 (colored)
Add Connection: close when switching to "unlimited" reading mode. Ask the server to close the connection after the request since we don't read any further request headers. This fixes an issue with OPTIONS and optional body, as well as similar cases. Reported and tested by Rivo Nurges OK benno@
Revision 1.75 / (download) - annotate - [select for diffs], Mon May 13 09:54:07 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.74: +24 -12 lines
Diff to previous 1.74 (colored)
Fix filter rules with "forward to" statement in persistent connections. OK bentley@ mikeb@
Revision 1.74 / (download) - annotate - [select for diffs], Fri May 10 09:15:00 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.73: +5 -6 lines
Diff to previous 1.73 (colored)
Add support for from/to in relay filter rules. For example, pass from 10.0.0.0/8 path "/hello/*" forward to <b> Ok benno@
Revision 1.73 / (download) - annotate - [select for diffs], Wed May 8 23:22:19 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.72: +16 -41 lines
Diff to previous 1.72 (colored)
Fix and tweak websocket upgrade handling. - Don't expect the Connection header to equal Upgrade, it may include Upgrade - Reshuffle the code to check the Upgrade/Connection headers in one place Reported and tested by Rivo Nurges OK and input from benno@ Cvs: ----------------------------------------------------------------------
Revision 1.72 / (download) - annotate - [select for diffs], Mon Mar 4 21:25:03 2019 UTC (5 years, 2 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.71: +61 -1 lines
Diff to previous 1.71 (colored)
Support for rfc 6455 Websockets connection upgrade. Add a new protocol
option 'http { [no] websockets }' to allow such connections (default
is no). Original diff from Daniel Lamando (dan AT danopia DOT net),
option and header checks by me. suggestions and ok bluhm@ and earlier
diff claudio@
Revision 1.71 / (download) - annotate - [select for diffs], Mon Aug 6 17:31:31 2018 UTC (5 years, 9 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.70: +12 -12 lines
Diff to previous 1.70 (colored)
replace the current log options log updates|all with log state changes log host checks log connection [errors] The first two control the logging of host check results: either changes in host state only or all checks. The third option controls logging of connections in relay mode: Either log all connections, or only errors. Additionaly, errors will be logged with LOG_WARN and good connections will be logged with LOG_INFO, so they can be differentiated in syslog. ok and feedback from claudio@
Revision 1.70 / (download) - annotate - [select for diffs], Mon Nov 27 16:25:50 2017 UTC (6 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.69: +18 -14 lines
Diff to previous 1.69 (colored)
rfc 7230 mandates that a "204 No Content" http status must not come with a Content-Lenght Header. Of course some servers still so it and send Content-Lenght: 0. Adjust accordingly. ok claudio@
Revision 1.69 / (download) - annotate - [select for diffs], Mon Nov 27 03:19:58 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.68: +9 -13 lines
Diff to previous 1.68 (colored)
Simplify relay_close_http(), make relay_httpdesc_free() accept and ignore a NULL pointer argument (like free()). Also switch a !size to size == 0. OK benno@
Revision 1.68 / (download) - annotate - [select for diffs], Wed Nov 15 19:03:26 2017 UTC (6 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.67: +4 -3 lines
Diff to previous 1.67 (colored)
make the maximum size of http headers configurable in the protocol. ok bluhm@, >8k makes sense claudio@
Revision 1.67 / (download) - annotate - [select for diffs], Sat Sep 23 11:56:57 2017 UTC (6 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.66: +12 -10 lines
Diff to previous 1.66 (colored)
The relayd regression tests for chunked HTTP traffic were failing sporadically. If the \r and \n were read in separate chunks, relayd got out of sync with the protocol as they were interpreted as two lines. Use evbuffer_readln() with EVBUFFER_EOL_CRLF instead of evbuffer_readline(). OK benno@
Revision 1.66 / (download) - annotate - [select for diffs], Sun May 28 10:39:15 2017 UTC (7 years ago) by benno
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
use __func__ in log messages. fix some whitespace while here. From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks! ok florian, claudio
Revision 1.65 / (download) - annotate - [select for diffs], Sat May 27 08:33:25 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.64: +1 -6 lines
Diff to previous 1.64 (colored)
Migrate relayd to use libtls for TLS. Still does the TLS privsep via the engine but at least we can use a sane API for new features. Going in now so it is possible to work with this in tree. General agreement at d2k17.
Revision 1.64 / (download) - annotate - [select for diffs], Fri Mar 10 21:04:35 2017 UTC (7 years, 2 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
DELETE can have a body. Fix by Rivo Nurges, fixes a problem with Atlassian JIRA OK benno@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Sep 26 16:25:16 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
spacing
Revision 1.52.4.2 / (download) - annotate - [select for diffs], Sun Aug 7 07:54:42 2016 UTC (7 years, 9 months ago) by benno
Branch: OPENBSD_5_8
Changes since 1.52.4.1: +31 -6 lines
Diff to previous 1.52.4.1 (colored) to branchpoint 1.52 (colored) next main 1.53 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.55.2.2 / (download) - annotate - [select for diffs], Sun Aug 7 07:54:07 2016 UTC (7 years, 9 months ago) by benno
Branch: OPENBSD_5_9
Changes since 1.55.2.1: +31 -6 lines
Diff to previous 1.55.2.1 (colored) to branchpoint 1.55 (colored) next main 1.56 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.56.2.1 / (download) - annotate - [select for diffs], Sun Aug 7 07:53:45 2016 UTC (7 years, 9 months ago) by benno
Branch: OPENBSD_6_0
Changes since 1.56: +31 -6 lines
Diff to previous 1.56 (colored) next main 1.57 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.62 / (download) - annotate - [select for diffs], Mon Aug 1 21:25:53 2016 UTC (7 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored)
whitespace and 80 columns, no binary change
Revision 1.61 / (download) - annotate - [select for diffs], Mon Aug 1 21:14:45 2016 UTC (7 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.60: +27 -6 lines
Diff to previous 1.60 (colored)
rfc 7230 3.3.3 says: response with a status code of 1xx (Informational) or 204 (No Content) MUST not have a Content-Length. Add a check for that. ok reyk@
Revision 1.60 / (download) - annotate - [select for diffs], Fri Jul 29 10:09:26 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)
Bump copyright in files that I touched last. (btw. hostated-hoststated-relayd's 10th birthday is on Dec 16.)
Revision 1.59 / (download) - annotate - [select for diffs], Fri Jul 29 10:00:12 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.58: +27 -2 lines
Diff to previous 1.58 (colored)
Add support for common WebDAV methods; from httpd. Found and tested by Michael Lechtermann OK benno@
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jul 27 11:02:41 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
According to RFC 7231 4.3.7, OPTIONS may have body. "Although this specification does not define any use for such a payload, future extensions to HTTP might use the OPTIONS body to make more detailed queries about the target resource." The future has arrived. Found and tested by Michael Lechtermann OK benno@
Revision 1.57 / (download) - annotate - [select for diffs], Wed Jul 27 06:55:44 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.56: +31 -6 lines
Diff to previous 1.56 (colored)
Improve parsing of the Host by following RFC 7230 Section 5.4 more strictly: - Respond with a 400 (Bad Request) if there is more than one Host: header to prevent ambiguities. - Make sure that the host in the optional absolute form of request-target (eg. GET http://www.target.com/ HTTP/1.1) matches the Host: value. Proxies are supposed to ignore the Host: value if the request-target exists, but relayd used to ignore the absolute request-target form instead. In HTTP terminology, relayd is a gateway and not a proxy, but it has to make sure that the host is validated consistently. OK benno@ bluhm@
Revision 1.55.2.1 / (download) - annotate - [select for diffs], Sat Jul 23 21:01:33 2016 UTC (7 years, 10 months ago) by benno
Branch: OPENBSD_5_9
Changes since 1.55: +44 -31 lines
Diff to previous 1.55 (colored)
reliability fix: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
Revision 1.52.4.1 / (download) - annotate - [select for diffs], Sat Jul 23 20:56:02 2016 UTC (7 years, 10 months ago) by benno
Branch: OPENBSD_5_8
Changes since 1.52: +44 -31 lines
Diff to previous 1.52 (colored)
reliability fix: When signaling an error to an HTTP relay client, the connection can be terminated prematurely, leading to a crash.
Revision 1.56 / (download) - annotate - [select for diffs], Fri Jul 22 09:30:36 2016 UTC (7 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE
Branch point for: OPENBSD_6_0
Changes since 1.55: +44 -31 lines
Diff to previous 1.55 (colored)
fix some cases where we relay_abort_http() the connection too soon. instead, pass a more specific error back and handle the errors in relay_test() instead. reported by Arto Jonsson and Hiltjo Posthuma, thanks! ok bluhm@ reyk@
Revision 1.55 / (download) - annotate - [select for diffs], Tue Dec 15 10:36:59 2015 UTC (8 years, 5 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE
Branch point for: OPENBSD_5_9
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
PATCH is like PUT, data is expected. From mxb at alumni chalmers se
Revision 1.54 / (download) - annotate - [select for diffs], Mon Dec 7 04:03:27 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.53: +13 -25 lines
Diff to previous 1.53 (colored)
Remove NULL-checks before free(). No functional change.
Revision 1.53 / (download) - annotate - [select for diffs], Sun Sep 27 20:21:04 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.52: +1 -3 lines
Diff to previous 1.52 (colored)
include <unistd.h> unconditionally ok benno
Revision 1.43.2.1 / (download) - annotate - [select for diffs], Sun Sep 20 11:20:16 2015 UTC (8 years, 8 months ago) by benno
Branch: OPENBSD_5_7
Changes since 1.43: +26 -11 lines
Diff to previous 1.43 (colored) next main 1.44 (colored)
maintainance diff for relayd MFC the following changes - Missing free(3) in error path (ssl.c,v 1.29) - fix a memory leak. (pfe.c,v 1.80) - allocate se_log evbuffer before loging errors with relay_close() (relay.c,v 1.192) - fix a file descriptor leak in http protocol handling (relay.c,v 1.193 and relay_http.c,v 1.44) - Fix obvious problems with relayd config reload (ca.c,v 1.13; config.c,v 1.25; parse.y,v 1.204; relayd.c,v 1.139; relayd.h,v 1.209) - http protocol: you cannot append to the previous key-value before line three of a request (relay_http.c,v 1.45) - fix a crash / use after free (relay.c,v 1.194; relay_http.c,v 1.46) - fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE (relay_http.c,v 1.47) - Plug a memory leak by simplifying kv_free() (relayd.c,v 1.141) - Fix memory leak in error case (relay_http.c,v 1.48) - track the connection state of a session and stops doing double opens in certain situations (relay.c,v 1.195; relay_http.c,v 1.49; relayd.h,v 1.210) - coding style (relay.c,v 1.196; relay_http.c,v 1.50; relayd.h,v 1.212) ok claudio@, sthen@ and feedback tedu@
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jul 28 10:24:26 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE
Branch point for: OPENBSD_5_8
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
spacing
Revision 1.51 / (download) - annotate - [select for diffs], Sat Jul 18 16:01:28 2015 UTC (8 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.50: +14 -1 lines
Diff to previous 1.50 (colored)
Fix unbounded buffer growth. In the case of a slow client reading large files, we would consume large ammounts of memory. Found by Matthew Martin <matt DOT a DOT martin AT gmail DOT com> in httpd, fixed in httpd by florian@ feedback from florian, reyk and bluhm, ok bluhm, reyk
Revision 1.50 / (download) - annotate - [select for diffs], Fri Jun 12 14:40:55 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
To match relayd's style, use an explicit enum with prefixed names for the states that Claudio introduced. No functional change. OK claudio@ benno@
Revision 1.49 / (download) - annotate - [select for diffs], Mon Jun 8 15:47:51 2015 UTC (8 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Introduce a state on the ctl_relay_event struct. This makes it possible to better track the connection state of a session and stops doing double opens in certain situations using http relays. Using a state field to simplify the logic since relay_connect() is called multiple times. OK benno@, bluhm@ and running in production for more than a week
Revision 1.48 / (download) - annotate - [select for diffs], Mon Jun 1 09:54:16 2015 UTC (9 years ago) by claudio
Branch: MAIN
Changes since 1.47: +4 -2 lines
Diff to previous 1.47 (colored)
Fix memory leak in error case. OK bluhm@ benno@
Revision 1.47 / (download) - annotate - [select for diffs], Fri May 22 01:34:13 2015 UTC (9 years ago) by jsg
Branch: MAIN
Changes since 1.46: +3 -3 lines
Diff to previous 1.46 (colored)
fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE ok reyk@
Revision 1.46 / (download) - annotate - [select for diffs], Mon May 18 16:57:20 2015 UTC (9 years ago) by bluhm
Branch: MAIN
Changes since 1.45: +15 -6 lines
Diff to previous 1.45 (colored)
Fix a crash reported and analyzed by Bertrand PROVOST. When a HTTP client or server writes multiple requests or chunks in a single transfer, relayd invokes the libevent callback manually for the next data. If the callback closes the session, this resulted in an use after free. Instead of the more complicated fix suggested by Bertrand PROVOST, just move the invocation of the callback to the end of the function. So in case the callback frees any structures, they are not accessed. OK benno@ reyk@
Revision 1.45 / (download) - annotate - [select for diffs], Mon May 18 16:45:16 2015 UTC (9 years ago) by bluhm
Branch: MAIN
Changes since 1.44: +3 -2 lines
Diff to previous 1.44 (colored)
The first line of a HTTP request is the method-url-version. The second line is a key-value header. So you cannot append to the previous key-value before line three. Also reset the last header when all headers are purged to avoid a use after free. OK benno@ reyk@
Revision 1.44 / (download) - annotate - [select for diffs], Wed Apr 29 08:41:24 2015 UTC (9 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.43: +4 -1 lines
Diff to previous 1.43 (colored)
When the HTTP client did close the connection while relayd was still parsig the HTTP header, the session was never destroyed. This resulted in a file descriptor leak. Add a check wether the protocol knows how much data to expect. If relayd is reading unlimited data or is expecting nothing to read, ignore the end-of-file. Otherwise it is a protocol violation, so close the session immediately. While there, make relayd compile with DEBUG defined. Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@
Revision 1.43 / (download) - annotate - [select for diffs], Thu Jan 22 17:42:09 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.42: +8 -14 lines
Diff to previous 1.42 (colored)
Clean up the relayd headers with help of include-what-you-use and some manual review. Based on common practice, relayd.h now includes the necessary headers for itself. OK benno@
Revision 1.42 / (download) - annotate - [select for diffs], Thu Jan 22 15:21:28 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.41: +6 -5 lines
Diff to previous 1.41 (colored)
spacing
Revision 1.41 / (download) - annotate - [select for diffs], Fri Jan 16 15:06:40 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
Adapt to <limits.h> universe. ok millert
Revision 1.40 / (download) - annotate - [select for diffs], Tue Jan 13 09:24:20 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
bump copyright year
Revision 1.39 / (download) - annotate - [select for diffs], Thu Jan 1 14:54:06 2015 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.38: +42 -22 lines
Diff to previous 1.38 (colored)
Merge error page changes from httpd: send Content-Length:, change Date: from asctime to the preferred HTTP/1.1 format, and use the popular "Comic Sans" style (can be changed in the configuration).
Revision 1.38 / (download) - annotate - [select for diffs], Thu Jan 1 14:21:06 2015 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.37: +2 -3 lines
Diff to previous 1.37 (colored)
Use the recommended HTML5 doctype in error pages. OK validator.w3.org (This document was successfully checked as HTML5!)
Revision 1.37 / (download) - annotate - [select for diffs], Sun Dec 21 00:54:49 2014 UTC (9 years, 5 months ago) by guenther
Branch: MAIN
Changes since 1.36: +1 -2 lines
Diff to previous 1.36 (colored)
Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
Revision 1.36 / (download) - annotate - [select for diffs], Thu Dec 18 20:55:01 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.35: +3 -8 lines
Diff to previous 1.35 (colored)
Update relayd to use siphash instead of sys/hash. The source-hash, loadbalance and hash modes use a random key by default that can be forced to be a static key with a new configuration argument. With input from Max Fillinger. ok tedu@
Revision 1.32.4.1 / (download) - annotate - [select for diffs], Mon Nov 17 16:53:24 2014 UTC (9 years, 6 months ago) by tedu
Branch: OPENBSD_5_6
Changes since 1.32: +8 -6 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
backport 1.34. Don't crash without HTTP version.
Revision 1.35 / (download) - annotate - [select for diffs], Sat Oct 25 03:23:49 2014 UTC (9 years, 7 months ago) by lteo
Branch: MAIN
Changes since 1.34: +1 -2 lines
Diff to previous 1.34 (colored)
Remove unnecessary netinet/in_systm.h include. ok millert@
Revision 1.34 / (download) - annotate - [select for diffs], Mon Sep 15 08:06:11 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.33: +8 -6 lines
Diff to previous 1.33 (colored)
Make the HTTP version mandatory and abort if it is missing in the request.
Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 10 21:55:17 2014 UTC (9 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.32: +4 -3 lines
Diff to previous 1.32 (colored)
There was a race in relayd that caused connections to hang. It happend with non-persistent PUT connections that had a very short body. If the whole body was read from the client before the connection to the server was set up, the event callback was not called. Do the regular checks after relay_connect() succeeded. OK reyk@
Revision 1.32 / (download) - annotate - [select for diffs], Thu Jul 17 11:35:26 2014 UTC (9 years, 10 months ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.31: +6 -5 lines
Diff to previous 1.31 (colored)
Move comment about strcasecmp() to a more suitable spot. ok reyk benno
Revision 1.31 / (download) - annotate - [select for diffs], Mon Jul 14 00:11:12 2014 UTC (9 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.30: +4 -1 lines
Diff to previous 1.30 (colored)
When a connection was spliced in one direction and in copy mode in the other direction, the timeouts did not work. They were longer than specified. Link the splicing and non-splicing timeouts. Found by make run-regress-args-timeout-http.pl OK reyk@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Jul 13 15:39:01 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)
Remove a debug message
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jul 13 00:32:08 2014 UTC (9 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.28: +15 -2 lines
Diff to previous 1.28 (colored)
improve log output for relays. adjust regress tests ok reyk
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jul 13 00:18:05 2014 UTC (9 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.27: +8 -1 lines
Diff to previous 1.27 (colored)
repair matching of headers, add regress test for this error ok reyk
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jul 12 15:47:18 2014 UTC (9 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.26: +3 -6 lines
Diff to previous 1.26 (colored)
fix relay "append header" action, add regression test for append ok reyk
Revision 1.26 / (download) - annotate - [select for diffs], Sat Jul 12 14:34:13 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.25: +33 -2 lines
Diff to previous 1.25 (colored)
Move HTTP error codes into http.h. ok benno@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Jul 11 23:11:54 2014 UTC (9 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
optimize a FALLTHROUGH implicit ok reyk
Revision 1.24 / (download) - annotate - [select for diffs], Fri Jul 11 22:28:44 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.23: +14 -3 lines
Diff to previous 1.23 (colored)
Limit HTTP header length to about 8K (based on the default of 4-8K in common web servers). Add a related regress test. OK benno@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jul 11 11:48:50 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.22: +77 -160 lines
Diff to previous 1.22 (colored)
Simplify the code that handles the HTTP headers by using an RB tree with associated lists instead of the complicated lookup table and "others" list. This might add a little malloc overhead for common headers but also fixes some issues like the handling of repeated headers - for example, handling of multiple "Set-Cookie" headers. ok bluhm@ (regress part) ok benno@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 10 20:02:32 2014 UTC (9 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Print "%s (removed)" into relayd log and test for that string. suggested by reyk@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jul 10 00:05:59 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)
Fix another free error. ok benno@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jul 9 16:42:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.19: +1098 -452 lines
Diff to previous 1.19 (colored)
Replace the protocol directives for HTTP with a new generic filtering language. The grammar is inspired by pf and allows to write versatile last-matching filter rules in protocol sections starting with the "pass", "block" or "match" keywords. This work was started almost two years ago and replaces large parts of relayd(8)'s HTTP and filtering code. The initial version reimplements and extends HTTP filtering, but will be improved to support generic TCP and other protocols later. With some testing, feedback, and help from benno@ and andre@. OK benno@
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jun 25 11:05:15 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
sync copyright to reality according to my last changes
Revision 1.18 / (download) - annotate - [select for diffs], Sun Apr 20 16:18:32 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.17: +3 -2 lines
Diff to previous 1.17 (colored)
Check for strlcpy overflow when expanding the HTTP input value.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 15 22:35:11 2014 UTC (10 years, 1 month ago) by andre
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
Print hashkey to debug output, this helps hash-action use cases to be tested. Use log_debug() instead of log_info(). ok reyk@
Revision 1.16 / (download) - annotate - [select for diffs], Wed Sep 4 22:21:32 2013 UTC (10 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.15: +5 -4 lines
Diff to previous 1.15 (colored)
Handling of HTTP requests with a body like POST were broken in relayd. Instead of checking for the direction RELAY_DIR_RESPONSE, set toread to 0 if we don't expect a body. OK reyk@
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Tue Jun 4 00:54:30 2013 UTC (11 years ago) by sthen
Branch: OPENBSD_5_3
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
MFC revision 1.15, requested by reyk@: -/---- date: 2013/06/02 18:02:45; author: reyk; state: Exp; lines: +3 -3 With HTTP keepalive, relayd only filtered the first request and switched to pass-through mode for subsequent requests from the client. Make sure to stay in HTTP header mode. ok benno@ -/----
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jun 2 18:02:45 2013 UTC (11 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
With HTTP keepalive, relayd only filtered the first request and switched to pass-through mode for subsequent requests from the client. Make sure to stay in HTTP header mode. ok benno@
Revision 1.14 / (download) - annotate - [select for diffs], Thu May 30 19:45:20 2013 UTC (11 years ago) by reyk
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Safari doesn't like HTTP/1.x in the generated error messages (return error), so change it to HTTP/1.0. This also makes it RFC-compliant which only allows digits in the version number. ok bluhm@
Revision 1.13 / (download) - annotate - [select for diffs], Tue May 7 16:19:58 2013 UTC (11 years ago) by reyk
Branch: MAIN
Changes since 1.12: +8 -5 lines
Diff to previous 1.12 (colored)
- Add a simple check to prevent that the client-provided hex HTTP chunk size turns our signed input variable into a negative number. This prevents that a chunked HTTP connection could break its own state machine and turn into a stalled state. The bug doesn't harm other connections or relayd itself. - Use a 64bit variable to allow theoretical large chunks. - Fix a comment. ok tedu@
Revision 1.12 / (download) - annotate - [select for diffs], Sat Apr 20 17:41:33 2013 UTC (11 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
print large time_t nicely; ok benno
Revision 1.11 / (download) - annotate - [select for diffs], Sun Mar 10 23:32:53 2013 UTC (11 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.10: +7 -7 lines
Diff to previous 1.10 (colored)
This diff changes relayd to use the monotonic clock instead of gettimeofday(). It was also bugging me for some time to have all these checks of gettimeofday()'s return value: it should not fail. So this diff introduces a void getmonotime(struct timeval *tv) that calls clock_gettime(CLOCK_MONOTONIC, &ts) and converts the output to a struct timeval that can be used with the existing code and the timeval-specific timer functions (timerclear, timersub, ...). It does not return a status but calls fatal() on error-that-should-not-happen. ok sthen@ chris@
Revision 1.10 / (download) - annotate - [select for diffs], Sat Mar 9 14:43:06 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.9: +7 -1 lines
Diff to previous 1.9 (colored)
Enable TCP socket splicing for HTTP persistent connection and chunked transfer encoding. This speeds up relayd for more protocol modes by zero-copy TCP forwarding. OK reyk@ benno@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Feb 15 12:15:12 2013 UTC (11 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE
Branch point for: OPENBSD_5_3
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
Fix the toread check in the lateconnect case. This allows Content-Length: 0 in HTTP GET request when a request filter is used. This was broken by my previous commit. OK reyk@ benno@
Revision 1.8 / (download) - annotate - [select for diffs], Tue Feb 5 21:36:33 2013 UTC (11 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.7: +83 -47 lines
Diff to previous 1.7 (colored)
Rework http content and chunk handling in relayd. Use special toread values to track the current http header or chunk state. This allows to handle an optional chunk trailer properly. Tracking the http state is also a prerequisite for splicing persistent http connections. OK and test reyk@ benno@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 22 08:26:34 2013 UTC (11 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
Only send a single CRLF between chunks. A second CRLF seemed to be optional, and it worked fine with Firefox, but it didn't work with some browsers/clients like Chrome or CURL that implement the specification strictly. See RFC 2616, Section 3.6.1, for more information about Chunked Transfer Encoding. ok bluhm@ benno@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jan 17 20:34:18 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.5: +7 -7 lines
Diff to previous 1.5 (colored)
Remove unnecessary pointer casts. No binary diff. OK benno@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Nov 27 05:00:28 2012 UTC (11 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.4: +6 -6 lines
Diff to previous 1.4 (colored)
Add format attributes to the proper functions and then fix the warnings that gcc then reports when compiling with -DDEBUG=2 ok reyk@ benno@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Nov 21 22:14:24 2012 UTC (11 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.3: +7 -7 lines
Diff to previous 1.3 (colored)
strtonum() can only handle a maximum of LLONG_MAX fixes bug reported by Bogdan Andu, thanks ok reyk@ deraadt@ sthen@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Oct 10 14:27:46 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.2: +4 -1 lines
Diff to previous 1.2 (colored)
Fix the hash http filter action to initialize the hash key correctly after the multiple relay tables commit.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Oct 4 20:53:30 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)
spacing
Revision 1.1 / (download) - annotate - [select for diffs], Thu Sep 20 12:30:20 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Move the HTTP code into an extra file to make future changes easier to follow. No functional changes, only one function got renamed. ok benno@