Up to [local] / src / usr.sbin / relayd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.191 / (download) - annotate - [select for diffs], Sun Jun 25 08:07:38 2023 UTC (11 months, 2 weeks ago) by op
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.190: +1 -4 lines
Diff to previous 1.190 (colored)
remove ssl_init() it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything. ok tb
Revision 1.190 / (download) - annotate - [select for diffs], Thu Nov 10 00:00:11 2022 UTC (18 months, 4 weeks ago) by mbuhl
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.189: +9 -5 lines
Diff to previous 1.189 (colored)
always call va_end. ok tb
Revision 1.189 / (download) - annotate - [select for diffs], Sat Sep 3 20:07:31 2022 UTC (21 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.188: +1 -3 lines
Diff to previous 1.188 (colored)
Move the daemon() call in the parent process from after forking the children to just before. That way the parent disasociates from its controling terminal and shell, but not from its children. Remove the dup2() bits that were copied from daemon() to solve the problem that the children still had the stdio fds open. This is now done in the parent earlier. Remove the setsid() and setpgid(). It is unclear what their intent was, but they dont seem to make sense, as daemon() covers this as well and there seems to be no reason the cildren procs need to do that. ok claudio@ bluhm@
Revision 1.188 / (download) - annotate - [select for diffs], Wed Aug 31 16:17:18 2022 UTC (21 months, 1 week ago) by dv
Branch: MAIN
Changes since 1.187: +2 -2 lines
Diff to previous 1.187 (colored)
relayd(8): change agentx_getsock to return void Only has one return value and it's never checked. ok martijn@, tb@
Revision 1.187 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:21 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.186: +2 -2 lines
Diff to previous 1.186 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.186 / (download) - annotate - [select for diffs], Wed Jan 27 07:21:54 2021 UTC (3 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.185: +3 -1 lines
Diff to previous 1.185 (colored)
these programs (with common ancestry) had a -fno-common problem related to privsep_procid. ok mortimer
Revision 1.185 / (download) - annotate - [select for diffs], Mon Jan 11 10:24:08 2021 UTC (3 years, 4 months ago) by mestre
Branch: MAIN
Changes since 1.184: +1 -2 lines
Diff to previous 1.184 (colored)
Stop deleting the control socket on daemon shutdown, like we did on other daemons. This avoids giving an additional permission (in this case unveil(2) "c") to the daemon just to be able to delete the socket and we already discussed in the past that leaving that file behind doesn't cause any problems. Discussed with deraadt@ rob@ florian@ OK rob@ benno@ deraadt@
Revision 1.184 / (download) - annotate - [select for diffs], Mon Sep 14 11:30:25 2020 UTC (3 years, 8 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.183: +3 -4 lines
Diff to previous 1.183 (colored)
Rewrite the agentx code of relayd. This new framework should allow us to add new objects easier if so desired and should handle a lot more corner-cases. This commit should also fix the following: - On most (all) tables it omits the *Entry elements, making it not map to OPENBSD-RELAYD-MIB.txt. - sstolen returns the size of the sockaddr_in{,6}, instead of the sin{,6}_addr resulting in garbage data to be put in the ip-field. - relaydSessionPortIn and relaydSessionPortOut are swapped - relaydSessions only uses relaydSessionIndex, while OPENBSD-RELAYD-MIB.txt says it should have 2 indices - miscellaneous minor things related to the AGENTX-protocol, like wonky index handeling and returning NOSUCHINSTANCE where NOSUCHOBJECT should be returned, etc. This commit does remove traps, but it's large enough as is and I intent on adding it soon(tm). It also deprecates the snmp keyword in favour of an agentx keyword. The snmp keyword is still available, but will be removed in the future. Tweaks and OK denis@ on the relayd parts Tweaks and OK claudio@ on the agentx parts "Get it in" deraadt@
Revision 1.183 / (download) - annotate - [select for diffs], Wed Aug 19 14:23:26 2020 UTC (3 years, 9 months ago) by mestre
Branch: MAIN
Changes since 1.182: +6 -1 lines
Diff to previous 1.182 (colored)
add unveil(2) again this allows reading from anywhere in the filesystem (in order to read the config file and those ones included from it), but also executing, which I missed from my last attempt, because it's required for "check script(s)". even though it's a broad permission, and the main proc cannot be pledged due to forbidden ioctls, then this at least prevents it from creating/writing/deleting files which is not required here. OK benno@ a long time ago
Revision 1.182 / (download) - annotate - [select for diffs], Sun Sep 15 19:23:29 2019 UTC (4 years, 8 months ago) by rob
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.181: +2 -1 lines
Diff to previous 1.181 (colored)
Add support for binary protocol health checking. Feedback and guidance from benno@ and reky@. Man page tweaks from jmc@. ok benno@
Revision 1.181 / (download) - annotate - [select for diffs], Fri Aug 30 16:54:20 2019 UTC (4 years, 9 months ago) by sthen
Branch: MAIN
Changes since 1.180: +1 -6 lines
Diff to previous 1.180 (colored)
revert r1.175 which added unveil to relayd; "check script" needs access to the filesystem. "Well the first step is to back the commit out" deraadt@
Revision 1.180 / (download) - annotate - [select for diffs], Wed Jun 26 12:13:47 2019 UTC (4 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.179: +20 -2 lines
Diff to previous 1.179 (colored)
Add support for OCSP stapling Many thanks to Bruno Flueckiger who independently sent a very similar patch. He also tested the one I'm committing that it works as expected. OK tb@
Revision 1.179 / (download) - annotate - [select for diffs], Fri May 31 15:25:57 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.178: +8 -4 lines
Diff to previous 1.178 (colored)
Add support for SNI with new "tls keypair" option to load additional certs. Tested by many (thanks!) Feedback & OK rob@
Revision 1.178 / (download) - annotate - [select for diffs], Fri May 31 15:15:37 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.177: +83 -16 lines
Diff to previous 1.177 (colored)
Move the relay keys/certs into a separate global list and look them up by id. Moving the certs out of the relay struct will help to add multiple SNI certs. Tested by many users (thanks!) Feedback & OK rob@
Revision 1.177 / (download) - annotate - [select for diffs], Wed May 29 11:48:29 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.176: +101 -1 lines
Diff to previous 1.176 (colored)
Move relay_load_*() functions into relayd.c Pass the *env as an explicit argument instead of using the global pointer: The relay_load_certfiles() function is called early before the *env is set up. This does not change anything in the current code as *env is not used by anything in the function (not even ssl_load_key() that is taking it as an argument) but it will be needed by upcoming changes for SNI. Ok rob@
Revision 1.176 / (download) - annotate - [select for diffs], Wed May 8 23:22:19 2019 UTC (5 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.175: +43 -1 lines
Diff to previous 1.175 (colored)
Fix and tweak websocket upgrade handling. - Don't expect the Connection header to equal Upgrade, it may include Upgrade - Reshuffle the code to check the Upgrade/Connection headers in one place Reported and tested by Rivo Nurges OK and input from benno@ Cvs: ----------------------------------------------------------------------
Revision 1.175 / (download) - annotate - [select for diffs], Wed Apr 24 19:13:49 2019 UTC (5 years, 1 month ago) by mestre
Branch: MAIN
Changes since 1.174: +6 -1 lines
Diff to previous 1.174 (colored)
restrict filesystem access to read only on main process via unveil(2) ok benno@ deraadt@
Revision 1.174 / (download) - annotate - [select for diffs], Sun Sep 9 21:06:51 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.173: +2 -2 lines
Diff to previous 1.173 (colored)
During the fork+exec implementation, daemon(3) was moved after proc_init(). As a consequence httpd(8) and relayd(8) child processes did not detach from the terminal anymore. Dup /dev/null to the stdio file descriptors in the children. OK benno@
Revision 1.173 / (download) - annotate - [select for diffs], Sat Sep 1 18:09:14 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.172: +2 -1 lines
Diff to previous 1.172 (colored)
Accidentally relayd(8) closed file descriptor 0 in the pfe child process. If env->sc_snmp is initialized with 0, snmp_init() closes it. Set it to -1 to prevent the close(2). OK reyk@ benno@ millert@
Revision 1.172 / (download) - annotate - [select for diffs], Mon Aug 6 17:31:31 2018 UTC (5 years, 10 months ago) by benno
Branch: MAIN
Changes since 1.171: +2 -2 lines
Diff to previous 1.171 (colored)
replace the current log options log updates|all with log state changes log host checks log connection [errors] The first two control the logging of host check results: either changes in host state only or all checks. The third option controls logging of connections in relay mode: Either log all connections, or only errors. Additionaly, errors will be logged with LOG_WARN and good connections will be logged with LOG_INFO, so they can be differentiated in syslog. ok and feedback from claudio@
Revision 1.171 / (download) - annotate - [select for diffs], Wed Nov 29 15:24:50 2017 UTC (6 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.170: +1 -4 lines
Diff to previous 1.170 (colored)
add options to specify the control socket in relayd and relayctl. From Kapetanakis Giannis, thanks. ok claudio@
Revision 1.170 / (download) - annotate - [select for diffs], Mon Nov 27 21:06:26 2017 UTC (6 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.169: +2 -6 lines
Diff to previous 1.169 (colored)
Use file descriptor passing to load certificates into the relays. Especially the ca file (having all the trusted certs in them) can be so big that loading via imsg fails. OK beck@
Revision 1.169 / (download) - annotate - [select for diffs], Wed May 31 04:14:34 2017 UTC (7 years ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.168: +4 -2 lines
Diff to previous 1.168 (colored)
Fix a memory leak in pkey_add() error path. All current callers fatal if pkey_add() fails.
Revision 1.168 / (download) - annotate - [select for diffs], Sun May 28 10:39:15 2017 UTC (7 years ago) by benno
Branch: MAIN
Changes since 1.167: +8 -9 lines
Diff to previous 1.167 (colored)
use __func__ in log messages. fix some whitespace while here. From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks! ok florian, claudio
Revision 1.167 / (download) - annotate - [select for diffs], Sat May 27 08:33:25 2017 UTC (7 years ago) by claudio
Branch: MAIN
Changes since 1.166: +18 -21 lines
Diff to previous 1.166 (colored)
Migrate relayd to use libtls for TLS. Still does the TLS privsep via the engine but at least we can use a sane API for new features. Going in now so it is possible to work with this in tree. General agreement at d2k17.
Revision 1.166 / (download) - annotate - [select for diffs], Sat May 6 19:44:53 2017 UTC (7 years, 1 month ago) by fcambus
Branch: MAIN
Changes since 1.165: +4 -10 lines
Diff to previous 1.165 (colored)
Convert explicit_bzero() + free() to freezero(). OK reyk@, deraadt@ (previous version)
Revision 1.165 / (download) - annotate - [select for diffs], Tue Jan 24 10:49:14 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.164: +3 -15 lines
Diff to previous 1.164 (colored)
move the opening of /dev/pf from the parent process to the pfe process where it is used. Currently pf is opened on every reload, that will no longer be possible in the future with pledged programms that do ioctls. This prepares relayd for that change. ok deraadt@, meinetwegen reyk@
Revision 1.164 / (download) - annotate - [select for diffs], Mon Jan 9 14:49:21 2017 UTC (7 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.163: +2 -2 lines
Diff to previous 1.163 (colored)
Stop accessing verbose and debug variables from log.c directly. This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose(). Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
Revision 1.163 / (download) - annotate - [select for diffs], Thu Nov 24 21:01:18 2016 UTC (7 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.162: +1 -6 lines
Diff to previous 1.162 (colored)
The new fork+exec mode used too many fds in the parent process on startup, for a short time, so we needed a rlimit hack in relayd.c. Sync the fix from httpd: rzalamena@ has fixed proc.c and I added the proc_flush_imsg() mechanism that makes sure that each fd is immediately closed after forwarding it to a child process instead of queueing it up. OK rzalamena@ jca@ benno@
Revision 1.162 / (download) - annotate - [select for diffs], Wed Sep 28 12:16:44 2016 UTC (7 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.161: +9 -7 lines
Diff to previous 1.161 (colored)
sync proc.c incl. the p_env removal
Revision 1.161 / (download) - annotate - [select for diffs], Tue Sep 27 21:39:27 2016 UTC (7 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.160: +2 -1 lines
Diff to previous 1.160 (colored)
The fork+exec privsep commit broke the "block request method" http config option. Due to reordering of the code, the variable http_methods was initialized to late. Insert a relay_http() before load_config(). Found by make run-regress-args-http-filter-method.pl; OK reyk@
Revision 1.160 / (download) - annotate - [select for diffs], Sat Sep 3 14:09:04 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.159: +35 -9 lines
Diff to previous 1.159 (colored)
Use the fork+exec privsep model in relayd; based on rzalamena@'s work for httpd with some (current and previous) changes for relayd. Once again, both daemons now share the same proc.c where most of the privsep "magic" happens. OK benno@ rzalamena@
Revision 1.159 / (download) - annotate - [select for diffs], Fri Sep 2 14:45:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.158: +13 -16 lines
Diff to previous 1.158 (colored)
Split "struct relayd" into two structs: "struct relayd" and "struct relayd_config". This way we can send all the relevant global configuration to the children, not just the flags and the opts. With input from and OK claudio@ benno@
Revision 1.158 / (download) - annotate - [select for diffs], Fri Sep 2 12:12:51 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.157: +1 -2 lines
Diff to previous 1.157 (colored)
As done in httpd, remove ps_ninstances and p_instance. OK benno@ rzalamena@
Revision 1.157 / (download) - annotate - [select for diffs], Fri Sep 2 11:51:50 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.156: +2 -49 lines
Diff to previous 1.156 (colored)
Terminate relayd using the socket status instead of watching SIGCHLD or killing child processes. - Based on rzalamena@'s diff for httpd. OK deraadt@ rzalamena@
Revision 1.156 / (download) - annotate - [select for diffs], Thu Sep 1 10:49:48 2016 UTC (7 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.155: +30 -1 lines
Diff to previous 1.155 (colored)
Switch from the not really working session cache (because of the multiprocess nature of relayd) to tls session tickets to do TLS session resumption. TLS session tickets do not need to store SSL session data in the server but instead send an encrypted ticket to the clients that allows to resume the session. This is mostly stateless (apart from the encryption keys). relayd now ensures that all relay processes use the same key to encrypt the tickets. Keys are rotated every 2h and there is a primary and backup key. The tls session timeout is set to 2h to hint to the clients how long the session tickets is supposed to be alive. Input and OK benno@, reyk@
Revision 1.143.4.1 / (download) - annotate - [select for diffs], Sun Aug 7 07:54:42 2016 UTC (7 years, 10 months ago) by benno
Branch: OPENBSD_5_8
Changes since 1.143: +63 -12 lines
Diff to previous 1.143 (colored) next main 1.144 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.153.2.1 / (download) - annotate - [select for diffs], Sun Aug 7 07:54:07 2016 UTC (7 years, 10 months ago) by benno
Branch: OPENBSD_5_9
Changes since 1.153: +63 -12 lines
Diff to previous 1.153 (colored) next main 1.154 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.153.4.1 / (download) - annotate - [select for diffs], Sun Aug 7 07:53:45 2016 UTC (7 years, 10 months ago) by benno
Branch: OPENBSD_6_0
Changes since 1.153: +63 -12 lines
Diff to previous 1.153 (colored) next main 1.154 (colored)
Improve parsing of the Host-header by following RFC 7230 Section 5.4 more strictly. MFC relay_http.c v 1.57, relayd.c v 1.154, relayd.h v 1.224
Revision 1.155 / (download) - annotate - [select for diffs], Fri Jul 29 10:09:26 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.154: +2 -2 lines
Diff to previous 1.154 (colored)
Bump copyright in files that I touched last. (btw. hostated-hoststated-relayd's 10th birthday is on Dec 16.)
Revision 1.154 / (download) - annotate - [select for diffs], Wed Jul 27 06:55:44 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.153: +63 -12 lines
Diff to previous 1.153 (colored)
Improve parsing of the Host by following RFC 7230 Section 5.4 more strictly: - Respond with a 400 (Bad Request) if there is more than one Host: header to prevent ambiguities. - Make sure that the host in the optional absolute form of request-target (eg. GET http://www.target.com/ HTTP/1.1) matches the Host: value. Proxies are supposed to ignore the Host: value if the request-target exists, but relayd used to ignore the absolute request-target form instead. In HTTP terminology, relayd is a gateway and not a proxy, but it has to make sure that the host is validated consistently. OK benno@ bluhm@
Revision 1.153 / (download) - annotate - [select for diffs], Tue Feb 2 17:51:11 2016 UTC (8 years, 4 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_5_9_BASE
Branch point for: OPENBSD_6_0,
OPENBSD_5_9
Changes since 1.152: +1 -3 lines
Diff to previous 1.152 (colored)
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
Revision 1.152 / (download) - annotate - [select for diffs], Wed Dec 30 16:00:57 2015 UTC (8 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.151: +3 -5 lines
Diff to previous 1.151 (colored)
SSL_CTX_free() and SSL_free() check for null so dont do it in relayd ok jung@ tedu@ deraadt@
Revision 1.151 / (download) - annotate - [select for diffs], Wed Dec 30 12:08:34 2015 UTC (8 years, 5 months ago) by benno
Branch: MAIN
Changes since 1.150: +2 -3 lines
Diff to previous 1.150 (colored)
now that ibuf_free() checks for null, we can remove the check here. ok mmcc@ millert@
Revision 1.150 / (download) - annotate - [select for diffs], Mon Dec 7 04:03:27 2015 UTC (8 years, 6 months ago) by mmcc
Branch: MAIN
Changes since 1.149: +6 -11 lines
Diff to previous 1.149 (colored)
Remove NULL-checks before free(). No functional change.
Revision 1.149 / (download) - annotate - [select for diffs], Wed Dec 2 13:41:27 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.148: +6 -8 lines
Diff to previous 1.148 (colored)
In most cases we don't need all arguments of proc_compose*_imsg(), so add a shortcut proc_compose*() that skips all of them. Only use the full argument list if needed. The functions with full argument lists can eventually be replaced with a nicer transaction-based approach later. OK benno@
Revision 1.148 / (download) - annotate - [select for diffs], Sun Nov 29 01:20:33 2015 UTC (8 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.147: +2 -1 lines
Diff to previous 1.147 (colored)
Use pledge("pf") in pfe.c. Move getrtable() from pfe to parent process, since its in the way of pledge. ok deraadt@, feedback from reyk@ on previous version.
Revision 1.147 / (download) - annotate - [select for diffs], Sat Nov 28 09:52:07 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored)
Use SOCK_NONBLOCK in relayd as well. OK benno@
Revision 1.146 / (download) - annotate - [select for diffs], Sun Nov 22 13:27:13 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.145: +6 -3 lines
Diff to previous 1.145 (colored)
Update log.c: change fatal() and fatalx() into variadic functions, include the process name, and replace all calls of fatal*(NULL) with fatal(__func__) for better debugging. OK benno@
Revision 1.145 / (download) - annotate - [select for diffs], Thu Nov 19 21:32:53 2015 UTC (8 years, 6 months ago) by mmcc
Branch: MAIN
Changes since 1.144: +3 -8 lines
Diff to previous 1.144 (colored)
Simplify all instances of get_string() and get_data() using malloc() and strndup(). ok millert@
Revision 1.144 / (download) - annotate - [select for diffs], Wed Oct 14 07:58:14 2015 UTC (8 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.143: +4 -3 lines
Diff to previous 1.143 (colored)
More (unsigned char) casts for ctype functions. Pointed out by Michael McConville
Revision 1.138.2.1 / (download) - annotate - [select for diffs], Sun Sep 20 11:20:16 2015 UTC (8 years, 8 months ago) by benno
Branch: OPENBSD_5_7
Changes since 1.138: +10 -14 lines
Diff to previous 1.138 (colored) next main 1.139 (colored)
maintainance diff for relayd MFC the following changes - Missing free(3) in error path (ssl.c,v 1.29) - fix a memory leak. (pfe.c,v 1.80) - allocate se_log evbuffer before loging errors with relay_close() (relay.c,v 1.192) - fix a file descriptor leak in http protocol handling (relay.c,v 1.193 and relay_http.c,v 1.44) - Fix obvious problems with relayd config reload (ca.c,v 1.13; config.c,v 1.25; parse.y,v 1.204; relayd.c,v 1.139; relayd.h,v 1.209) - http protocol: you cannot append to the previous key-value before line three of a request (relay_http.c,v 1.45) - fix a crash / use after free (relay.c,v 1.194; relay_http.c,v 1.46) - fix a non safe use of TAILQ_FOREACH with TAILQ_REMOVE (relay_http.c,v 1.47) - Plug a memory leak by simplifying kv_free() (relayd.c,v 1.141) - Fix memory leak in error case (relay_http.c,v 1.48) - track the connection state of a session and stops doing double opens in certain situations (relay.c,v 1.195; relay_http.c,v 1.49; relayd.h,v 1.210) - coding style (relay.c,v 1.196; relay_http.c,v 1.50; relayd.h,v 1.212) ok claudio@, sthen@ and feedback tedu@
Revision 1.143 / (download) - annotate - [select for diffs], Wed Jul 29 20:55:43 2015 UTC (8 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE
Branch point for: OPENBSD_5_8
Changes since 1.142: +2 -5 lines
Diff to previous 1.142 (colored)
fix bug where other than the last of multiple forward rules in http protocols would be ignored, reported and fixed by J. Fischer (lists -AT- mistrust -DOT- net) and reminded by (trondd -AT- kagu-tsuchi -DOT- com), thanks! ok deraadt@
Revision 1.142 / (download) - annotate - [select for diffs], Wed Jun 3 02:24:36 2015 UTC (9 years ago) by millert
Branch: MAIN
Changes since 1.141: +10 -4 lines
Diff to previous 1.141 (colored)
Do not assume that asprintf() clears the pointer on failure, which is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
Revision 1.141 / (download) - annotate - [select for diffs], Sat May 30 09:47:25 2015 UTC (9 years ago) by claudio
Branch: MAIN
Changes since 1.140: +8 -13 lines
Diff to previous 1.140 (colored)
Plug a memory leak by simplifying kv_free(). By checking the type and returning early the key and value memory got leaked on HTTP header kvs since their type was never set. OK benno@
Revision 1.140 / (download) - annotate - [select for diffs], Thu May 28 17:08:09 2015 UTC (9 years ago) by florian
Branch: MAIN
Changes since 1.139: +2 -1 lines
Diff to previous 1.139 (colored)
Do not try to unlink the control socket in an unprivileged child process on shutdown. Found while working on tame(2). OK benno@
Revision 1.139 / (download) - annotate - [select for diffs], Sat May 2 13:15:24 2015 UTC (9 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.138: +3 -2 lines
Diff to previous 1.138 (colored)
Fix obvious problems with relayd config reload. - fix a TAILQ corruption because of a use after free - do not reinit the SSL engine since that fails OK sthen, benno
Revision 1.138 / (download) - annotate - [select for diffs], Thu Jan 22 17:42:09 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE
Branch point for: OPENBSD_5_7
Changes since 1.137: +1 -2 lines
Diff to previous 1.137 (colored)
Clean up the relayd headers with help of include-what-you-use and some manual review. Based on common practice, relayd.h now includes the necessary headers for itself. OK benno@
Revision 1.137 / (download) - annotate - [select for diffs], Thu Jan 22 15:21:28 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.136: +3 -3 lines
Diff to previous 1.136 (colored)
spacing
Revision 1.136 / (download) - annotate - [select for diffs], Fri Jan 16 15:06:40 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.135: +5 -2 lines
Diff to previous 1.135 (colored)
Adapt to <limits.h> universe. ok millert
Revision 1.135 / (download) - annotate - [select for diffs], Thu Dec 18 20:55:01 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.134: +1 -2 lines
Diff to previous 1.134 (colored)
Update relayd to use siphash instead of sys/hash. The source-hash, loadbalance and hash modes use a random key by default that can be forced to be a static key with a new configuration argument. With input from Max Fillinger. ok tedu@
Revision 1.134 / (download) - annotate - [select for diffs], Fri Dec 12 10:05:09 2014 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.133: +29 -29 lines
Diff to previous 1.133 (colored)
Change the keyword "ssl" to "tls" to reflect reality since we effectively disabled support for the SSL protocols. SSL remains a common term describing SSL/TLS, there is some controvery about this change, and the name really doesn't matter, but I feel confident about it now. (btw., sthen@ pointed out some historical context: http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html) OK benno@, with input from tedu@
Revision 1.133 / (download) - annotate - [select for diffs], Sat Nov 22 00:24:22 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.132: +2 -2 lines
Diff to previous 1.132 (colored)
use size_t where appropriate. ok deraadt reyk
Revision 1.132 / (download) - annotate - [select for diffs], Wed Nov 19 10:24:40 2014 UTC (9 years, 6 months ago) by blambert
Branch: MAIN
Changes since 1.131: +6 -4 lines
Diff to previous 1.131 (colored)
Support exporting relayd statistics via AgentX/snmpd This should be equivalent to the statistics available via the various relaydctl show commands okay benno@ reyk@
Revision 1.131 / (download) - annotate - [select for diffs], Mon Aug 18 12:59:00 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.130: +4 -1 lines
Diff to previous 1.130 (colored)
Sync proc.c with httpd. httpd needs SIGUSR1 but relayd will ignore it now instead of terminating the process. ok florian@
Revision 1.130 / (download) - annotate - [select for diffs], Sun Jul 13 00:32:08 2014 UTC (9 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.129: +10 -7 lines
Diff to previous 1.129 (colored)
improve log output for relays. adjust regress tests ok reyk
Revision 1.129 / (download) - annotate - [select for diffs], Fri Jul 11 11:48:50 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.128: +75 -24 lines
Diff to previous 1.128 (colored)
Simplify the code that handles the HTTP headers by using an RB tree with associated lists instead of the complicated lookup table and "others" list. This might add a little malloc overhead for common headers but also fixes some issues like the handling of repeated headers - for example, handling of multiple "Set-Cookie" headers. ok bluhm@ (regress part) ok benno@
Revision 1.128 / (download) - annotate - [select for diffs], Thu Jul 10 00:05:59 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.127: +3 -1 lines
Diff to previous 1.127 (colored)
Fix another free error. ok benno@
Revision 1.127 / (download) - annotate - [select for diffs], Wed Jul 9 22:10:15 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.126: +7 -7 lines
Diff to previous 1.126 (colored)
Don't assign garbage in kv_extend(). Found by clang.
Revision 1.126 / (download) - annotate - [select for diffs], Wed Jul 9 16:42:05 2014 UTC (9 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.125: +429 -191 lines
Diff to previous 1.125 (colored)
Replace the protocol directives for HTTP with a new generic filtering language. The grammar is inspired by pf and allows to write versatile last-matching filter rules in protocol sections starting with the "pass", "block" or "match" keywords. This work was started almost two years ago and replaces large parts of relayd(8)'s HTTP and filtering code. The initial version reimplements and extends HTTP filtering, but will be improved to support generic TCP and other protocols later. With some testing, feedback, and help from benno@ and andre@. OK benno@
Revision 1.125 / (download) - annotate - [select for diffs], Fri Jun 27 07:49:08 2014 UTC (9 years, 11 months ago) by andre
Branch: MAIN
Changes since 1.124: +4 -5 lines
Diff to previous 1.124 (colored)
knf, no functional change. ok reyk
Revision 1.124 / (download) - annotate - [select for diffs], Thu May 8 15:28:57 2014 UTC (10 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.123: +1 -3 lines
Diff to previous 1.123 (colored)
remove debug prints that snuck in; found by reyk@
Revision 1.123 / (download) - annotate - [select for diffs], Thu May 8 13:08:48 2014 UTC (10 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.122: +4 -1 lines
Diff to previous 1.122 (colored)
match relayd proc.c infrastructure with snmpd okay reyk@
Revision 1.122 / (download) - annotate - [select for diffs], Tue Apr 22 08:04:23 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.121: +39 -1 lines
Diff to previous 1.121 (colored)
Support the CA key for SSL inspection in the ca process. Instead of looking up the keys by relay id, add all keys to a list and look them up by key id. ok benno@
Revision 1.121 / (download) - annotate - [select for diffs], Sun Apr 20 14:48:29 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.120: +4 -2 lines
Diff to previous 1.120 (colored)
Reimplement the multi-dimensional arrays that are used to set up the process to process imsg communication. It became a maze after we added support for multiple relay processes and even worse with the ca processes. This change makes it easier to understand. Now it only opens socketpairs that are needed - the code previously wasted lots of fds. ok blambert@
Revision 1.120 / (download) - annotate - [select for diffs], Fri Apr 18 13:55:26 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.119: +54 -12 lines
Diff to previous 1.119 (colored)
Introduce privsep for private keys: - Move RSA private keys to a new separate process instead of copying them to the relays. A custom RSA engine is used by the SSL/TLS code of the relay processes to send RSA private key encryption/decryption (also used for sign/verify) requests to the new "ca" processes instead of operating on the private key directly. - Each relay process gets its own related ca process. Setting "prefork 5" in the config file will spawn 10 processes (5 relay, 5 ca). This diff also reduces the default number of relay processes from 5 to 3 which should be suitable in most installations without a very heavy load. - Don't keep text versions of the keys in memory, parse them once and keep the binary representation. This might still be the case in OpenSSL's internals but will be fixed in the library. This diff doesn't prevent something like "heartbleed" but adds an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS. With feedback from many ok benno@
Revision 1.119 / (download) - annotate - [select for diffs], Sun Mar 16 18:38:30 2014 UTC (10 years, 2 months ago) by guenther
Branch: MAIN
Changes since 1.118: +1 -2 lines
Diff to previous 1.118 (colored)
lint is dead (long live the lint!), so stop using it as a cpp conditional (namespace pollution!) or talking about its opinion on code. ok krw@
Revision 1.118 / (download) - annotate - [select for diffs], Tue Nov 26 13:27:20 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)
don't intentionally cast the argument to isprint() to the wrong type...
Revision 1.117 / (download) - annotate - [select for diffs], Thu May 30 20:17:12 2013 UTC (11 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.116: +10 -2 lines
Diff to previous 1.116 (colored)
Support SSL inspection, the ability to transparently filter in SSL/TLS connections (eg. HTTPS) by using a local CA that is accepted by the clients. See the "SSL RELAYS" and "EXAMPLES" sections in the relayd.conf(5) manpage for more details. ok benno@, manpage bits jmc@
Revision 1.116 / (download) - annotate - [select for diffs], Sun Mar 10 23:32:53 2013 UTC (11 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.115: +2 -4 lines
Diff to previous 1.115 (colored)
This diff changes relayd to use the monotonic clock instead of gettimeofday(). It was also bugging me for some time to have all these checks of gettimeofday()'s return value: it should not fail. So this diff introduces a void getmonotime(struct timeval *tv) that calls clock_gettime(CLOCK_MONOTONIC, &ts) and converts the output to a struct timeval that can be used with the existing code and the timeval-specific timer functions (timerclear, timersub, ...). It does not return a status but calls fatal() on error-that-should-not-happen. ok sthen@ chris@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Jan 17 20:34:18 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.114: +2 -2 lines
Diff to previous 1.114 (colored)
Remove unnecessary pointer casts. No binary diff. OK benno@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Dec 18 15:41:44 2012 UTC (11 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.113: +1 -2 lines
Diff to previous 1.113 (colored)
no nead to touch argv later since we don't support non-getopt arguments.
Revision 1.113 / (download) - annotate - [select for diffs], Tue Dec 18 15:39:42 2012 UTC (11 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.112: +4 -3 lines
Diff to previous 1.112 (colored)
doin't complain if the child processes exited cleanly.
Revision 1.112 / (download) - annotate - [select for diffs], Tue Nov 27 05:00:28 2012 UTC (11 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
Add format attributes to the proper functions and then fix the warnings that gcc then reports when compiling with -DDEBUG=2 ok reyk@ benno@
Revision 1.111 / (download) - annotate - [select for diffs], Wed Oct 3 08:46:05 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)
Only show "inflight" debugging message if compiled with DEBUG > 1.
Revision 1.110 / (download) - annotate - [select for diffs], Wed Oct 3 08:33:31 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.109: +7 -1 lines
Diff to previous 1.109 (colored)
Support more than one relay backup table. Instead of duplicating the code for main and backup table all over the place, turn the relay tables into a list attached to the relay. This improves the code and allows some other tricks with multiple tables later.
Revision 1.109 / (download) - annotate - [select for diffs], Fri Sep 21 09:56:27 2012 UTC (11 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.108: +20 -1 lines
Diff to previous 1.108 (colored)
file descriptor accounting for relays: track how many connections to backend servers are unopened and reserve fds for them. ok reyk@, "don't wait" deraadt@
Revision 1.108 / (download) - annotate - [select for diffs], Tue May 8 15:10:15 2012 UTC (12 years, 1 month ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.107: +6 -1 lines
Diff to previous 1.107 (colored)
fix "label string" in http protocol. problem found by giovanni. ok giovanni@, henning@
Revision 1.107 / (download) - annotate - [select for diffs], Sun Apr 15 03:12:30 2012 UTC (12 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.106: +3 -1 lines
Diff to previous 1.106 (colored)
fix some leaks ok krw@
Revision 1.106 / (download) - annotate - [select for diffs], Sat Jan 21 13:40:48 2012 UTC (12 years, 4 months ago) by camield
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.105: +30 -8 lines
Diff to previous 1.105 (colored)
Only start the child processes after all of them reported to have loaded the config. Solves a race at startup time where processes can send status messages about hosts that other processes don't know about yet. (and have relayd abort with "desynchronized" or "invalid host id") ok henning pyr deraadt solves the problem ok from benno todd
Revision 1.105 / (download) - annotate - [select for diffs], Fri Jan 20 12:16:41 2012 UTC (12 years, 4 months ago) by camield
Branch: MAIN
Changes since 1.104: +1 -3 lines
Diff to previous 1.104 (colored)
Remove global carp demote option. It is currently broken, but also flawed by design. ok henning pyr
Revision 1.104 / (download) - annotate - [select for diffs], Sun Sep 4 20:26:58 2011 UTC (12 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.103: +4 -3 lines
Diff to previous 1.103 (colored)
KNF, fix white spaces in relayd. No binary change. ok pyr@ sthen@
Revision 1.103 / (download) - annotate - [select for diffs], Thu May 19 08:56:49 2011 UTC (13 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.102: +295 -229 lines
Diff to previous 1.102 (colored)
Fix reload support in relayd(8) by reimplementing large parts of the daemon infrastructure. The previous design made it fairly hard to reload the complex data structures, especially relays and protocols. One of the reasons was that the privsep'd relayd processes had two ways of getting their configuration: 1) from memory after forking from the parent process and 2) and (partially) via imsgs after reload. The new implementation first forks the privsep'd children before the parents loads the configuration and sends it via imsgs to them; so it is only like 2) before. It is based on an approach that I first implemented for iked(8) and I also fixed many bugs in the code. Thanks to many testers including dlg@ sthen@ phessler@ ok pyr@ dlg@ sthen@
Revision 1.102 / (download) - annotate - [select for diffs], Mon May 9 12:08:47 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.101: +163 -417 lines
Diff to previous 1.101 (colored)
Reorganize the relayd code to use the proc.c privsep API/commodity functions that are based on work for iked and smtpd. This simplifies the setup of privsep processes and moves some redundant and repeated code to a single place - which is always good from a quality and security point of view. The relayd version of proc.c is different to the current version in iked because it uses 1:N communications between processes, eg. a single parent process is talking to many forked relay children while iked only needs 1:1 communications. ok sthen@ pyr@
Revision 1.101 / (download) - annotate - [select for diffs], Thu May 5 12:01:44 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.100: +17 -17 lines
Diff to previous 1.100 (colored)
Update all logging and debug functions to use the __func__ macro instead of static function names. __func__ is C99 and perfectly fine to use. It also avoids printing errors; for example if a statement log_debug("foo:"..) was moved or copied from function foo() to bar() and the log message was not updated...
Revision 1.100 / (download) - annotate - [select for diffs], Sun Feb 13 13:28:38 2011 UTC (13 years, 3 months ago) by okan
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.99: +4 -5 lines
Diff to previous 1.99 (colored)
fix from pr 6314: allow debug logging before daemonization to help identify configuration issues. ok sthen@ pyr@
Revision 1.99 / (download) - annotate - [select for diffs], Tue Nov 30 14:38:45 2010 UTC (13 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.98: +23 -1 lines
Diff to previous 1.98 (colored)
The relayd processes did already bump up the socket file descriptor resource limits to the maximum of the daemon class but the host check process (hce/health checks) didn't and was limited to a fairly low default of 128 open sockets (openfiles-cur=128 in login.conf). This was reached fairly quickly with "check tcp" of many hosts. This diff increases the maximum number of monitored hosts and concurrent health checks in relayd in a significant way and may fix issues for people that have around 100 or more hosts (or fewer hosts with multiple checked ports). tested by phessler@ ok jsg@
Revision 1.98 / (download) - annotate - [select for diffs], Thu Sep 2 14:03:22 2010 UTC (13 years, 9 months ago) by sobrado
Branch: MAIN
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
remove trailing spaces and tabs from source code; no binary changes (verified by both sthen@ and me). ok sthen@; "just commit it" claudio@
Revision 1.97 / (download) - annotate - [select for diffs], Fri May 14 11:13:36 2010 UTC (14 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.96: +15 -14 lines
Diff to previous 1.96 (colored)
allocate all struct event's on the heap, it looks cleaner, feels better and follows a suggestion in event.h. also don't mix signal() and signal_set()/signal_add(). ok jsg@ gilles@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Feb 17 14:39:30 2010 UTC (14 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.95: +3 -1 lines
Diff to previous 1.95 (colored)
Always call the shutdown code after returning from event_dispatch(). As the child processes now call event_loopexit() and signal handling is done through libevent if a child process died we wouldn't always cleanup properly and wouldn't do carp demote to failover either. This matches the way ospfd does things which is where the event_loopexit() in child processes change came from originally. ok claudio@ pyr@
Revision 1.95 / (download) - annotate - [select for diffs], Thu Feb 4 13:00:20 2010 UTC (14 years, 4 months ago) by jsg
Branch: MAIN
Changes since 1.94: +2 -1 lines
Diff to previous 1.94 (colored)
In event_again() call event_del() before calling event_set() so we don't get into a situation where we are calling event_set() on an event that was already added. ok claudio@
Revision 1.94 / (download) - annotate - [select for diffs], Mon Jan 11 06:40:14 2010 UTC (14 years, 5 months ago) by jsg
Branch: MAIN
Changes since 1.93: +6 -1 lines
Diff to previous 1.93 (colored)
add "log brief" and "log verbose" to change logging verbosity like several other things in the tree. ok reyk@ looks fine claudio@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Nov 11 13:09:39 2009 UTC (14 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.92: +2 -1 lines
Diff to previous 1.92 (colored)
don't leak memory in an error case. found by parfait.
Revision 1.92 / (download) - annotate - [select for diffs], Thu Aug 13 13:51:21 2009 UTC (14 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.91: +27 -1 lines
Diff to previous 1.91 (colored)
add new 'router' functionality to dynamically add or remove routes based on health check results, using the existing table syntax. this allows to maintain multiple (uplink) gateways to implement link balancing or WAN link failover if no routing protocol or other keepalive method is available. works fine with or without net.inet.ip.multipath enabled. ok pyr@, jmc@ for manpages
Revision 1.91 / (download) - annotate - [select for diffs], Fri Aug 7 11:21:53 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.90: +4 -4 lines
Diff to previous 1.90 (colored)
rename 'struct session' to 'struct rsession' because it conflicts with another 'struct session' in sys/sysctl.h.
Revision 1.90 / (download) - annotate - [select for diffs], Wed Aug 5 13:46:13 2009 UTC (14 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.89: +12 -0 lines
Diff to previous 1.89 (colored)
prevent configuration of relays listening to a single addr:port tuple twice
Revision 1.89 / (download) - annotate - [select for diffs], Fri Jun 5 23:39:51 2009 UTC (15 years ago) by pyr
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.88: +78 -68 lines
Diff to previous 1.88 (colored)
4 handed diff with eric: Stop pushing event handling in the imsg framework. Instead, provide a small glue layer on top of both imsg and libevent. This finally clearly separates event handling and imsg construction. Sidetrack bonus: remove the mega-ugly hack of having a dummy imsg_event_add stub in relayctl. This will make bgpd (and thus henning) happy. Next up are smtpd and ospfd. ok eric@
Revision 1.88 / (download) - annotate - [select for diffs], Fri Jun 5 00:20:50 2009 UTC (15 years ago) by pyr
Branch: MAIN
Changes since 1.87: +6 -4 lines
Diff to previous 1.87 (colored)
some KNF cleanup following the last sed.
Revision 1.87 / (download) - annotate - [select for diffs], Fri Jun 5 00:04:01 2009 UTC (15 years ago) by pyr
Branch: MAIN
Changes since 1.86: +29 -17 lines
Diff to previous 1.86 (colored)
Make imsg completely async model agnostic by not requiring an imsg_event_add function to be provided (which ended up being a named callback). Instead provide a wrapper in the daemon and call that everywhere. Previsously discussed with the usual suspects, ok eric@ though not too happy about the function name (imsg_compose_event).
Revision 1.86 / (download) - annotate - [select for diffs], Thu Jun 4 13:46:07 2009 UTC (15 years ago) by reyk
Branch: MAIN
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)
Keep around the SSL session for each checked host. This way SSL caching can kick in on subsequent checks, making them faster and lighter on the server. From camield, closes PR 6137 (modified diff)
Revision 1.85 / (download) - annotate - [select for diffs], Tue Jun 2 12:24:16 2009 UTC (15 years ago) by reyk
Branch: MAIN
Changes since 1.84: +1 -7 lines
Diff to previous 1.84 (colored)
remove extra imsg_event_add() after EV_WRITE checks - this is not required because it is called later and there is no return before. ok gilles@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Jun 2 11:33:06 2009 UTC (15 years ago) by reyk
Branch: MAIN
Changes since 1.83: +16 -19 lines
Diff to previous 1.83 (colored)
Libevent may do an upcall with both EV_READ and EV_WRITE set. So change the code accordingly to allow that. Found by claudio@ in ospfd
Revision 1.83 / (download) - annotate - [select for diffs], Mon Sep 29 15:12:22 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.82: +7 -4 lines
Diff to previous 1.82 (colored)
spacing
Revision 1.82 / (download) - annotate - [select for diffs], Mon Sep 29 15:06:52 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.81: +4 -4 lines
Diff to previous 1.81 (colored)
Change parsing of comments in external rule files. The hash mark may appear in URLs (eg. /index.html#anchor), so only allow full-line comments indicated by a hash mark # at the beginning of a line.
Revision 1.81 / (download) - annotate - [select for diffs], Mon Sep 29 14:53:35 2008 UTC (15 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.80: +42 -1 lines
Diff to previous 1.80 (colored)
allow to load expect, filter, log, and remove keys from external files just containing on key per line. this allows easier use of URL white/blacklists from external sources.
Revision 1.80 / (download) - annotate - [select for diffs], Fri Aug 8 08:51:21 2008 UTC (15 years, 10 months ago) by thib
Branch: MAIN
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
Check gettimeofday() against -1; Add a missing error check in one place. OK reyk@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jul 22 23:17:37 2008 UTC (15 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.78: +52 -1 lines
Diff to previous 1.78 (colored)
Add dynamic IPv6-to-IPv4 and IPv4-to-IPv6 translation inspired by faithd(8) by doing a similar mapping of IPv4/6 addresses with relayd(8) and pf(4) redirections without the need of the faith(4) interface. The trick works in both directions, it can accept IPv6 connections and relay them to IPv4 hosts by extracting the last 4 octets from the IPv6 destination (like faithd(8)), and it can accept IPv4 connections and relay them to IPv6 hosts by prepending the 4 octets of the original IPv4 destination to a configured IPv6 prefix. An access list is not needed because the classification is done in pf.conf(5). It helps to get more faith in relayd. manpage bits ok jmc@ yes, sounds good todd@
Revision 1.78 / (download) - annotate - [select for diffs], Wed Jul 9 14:06:44 2008 UTC (15 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.77: +3 -2 lines
Diff to previous 1.77 (colored)
only use SOCK_STREAM for TCP in bindany(), otherwise SOCK_DGRAM for UDP.
Revision 1.77 / (download) - annotate - [select for diffs], Wed Jun 11 18:21:20 2008 UTC (16 years ago) by reyk
Branch: MAIN
Changes since 1.76: +53 -1 lines
Diff to previous 1.76 (colored)
add support for "transparent" forwarding in relays: normally the l7 relay will connect to the target host with its own ip address, but this mode will let it use the address of the client that is connecting from the other side. for example, there is no need to add the X-Forwarded-For HTTP headers for internal webservers in this mode anymore since they magically see the remote client ip address in the connection. it also allows to build fully-transparent ssl encapsulation for tcp sessions and many other things... based on an initial idea from dlg@ and pascoe@ (dlg's talk at opencon) using the new BINDANY and divert-reply interfaces from markus@ (since n2k8) ok markus@ pyr@
Revision 1.76 / (download) - annotate - [select for diffs], Sat May 17 23:31:52 2008 UTC (16 years ago) by sobrado
Branch: MAIN
Changes since 1.75: +3 -2 lines
Diff to previous 1.75 (colored)
documentation tweaks. ok (some time ago) jmc@
Revision 1.75 / (download) - annotate - [select for diffs], Mon May 12 19:15:02 2008 UTC (16 years, 1 month ago) by pyr
Branch: MAIN
Changes since 1.74: +6 -1 lines
Diff to previous 1.74 (colored)
Error out with usage line if additional arguments are given after the option parsing. Found out the hard way by jdixon on ifstated. ok sobrado@, jdixon@, millert@
Revision 1.74 / (download) - annotate - [select for diffs], Tue May 6 09:52:47 2008 UTC (16 years, 1 month ago) by pyr
Branch: MAIN
Changes since 1.73: +10 -1 lines
Diff to previous 1.73 (colored)
do not attempt to reload a configuration if we come from a non pf requiring configuration to a pf requiring one. ok reyk@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Feb 13 11:32:59 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.72: +2 -1 lines
Diff to previous 1.72 (colored)
bump copyright
Revision 1.72 / (download) - annotate - [select for diffs], Wed Feb 13 11:20:08 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.71: +1 -4 lines
Diff to previous 1.71 (colored)
no need to set values after bcopying the complete struct
Revision 1.71 / (download) - annotate - [select for diffs], Wed Feb 13 11:02:37 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.70: +122 -1 lines
Diff to previous 1.70 (colored)
stylistic change: move code to add protonodes from the BNF into seperate functions in relayd.c (protonode_add/protonode_header). this code got to big to look nice in the BNF statements...
Revision 1.70 / (download) - annotate - [select for diffs], Mon Feb 11 10:42:50 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.69: +9 -1 lines
Diff to previous 1.69 (colored)
Marry relayd with snmpd using new "send trap" option: Request to send a SNMP trap when the state of a host changes. relayd(8) will try to (re-)connect to snmpd(8) and request it to send a trap to the registered trap receivers, see snmpd.conf(5) for more information about the configuration. ok pyr@ thib@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Jan 31 12:12:50 2008 UTC (16 years, 4 months ago) by thib
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
add prefixes to names of structure elements to make it easier to grep for code, next struct session; ok reyk@;
Revision 1.68 / (download) - annotate - [select for diffs], Thu Jan 31 09:56:28 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.67: +19 -19 lines
Diff to previous 1.67 (colored)
add prefixes to names of structure elements to make it easier to grep for code, next struct relay. knf long line fixes will follow later. ok thib@
Revision 1.67 / (download) - annotate - [select for diffs], Thu Jan 31 09:33:39 2008 UTC (16 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.66: +70 -70 lines
Diff to previous 1.66 (colored)
add prefixes to names of structure elements to make it easier to grep for code, start with struct relayd. finally. ok thib@
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jan 29 17:36:08 2008 UTC (16 years, 4 months ago) by thib
Branch: MAIN
Changes since 1.65: +2 -4 lines
Diff to previous 1.65 (colored)
When doing reconfigure() dont run a purge_config() on the new_env if parse_config() fails, it's NULL and parse_config() already freed it; Prevents segfaults when relayctl issues a reload and there's a syntax error in the configuration file. OK reyk@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Dec 10 20:31:56 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.64: +7 -3 lines
Diff to previous 1.64 (colored)
Warn the user when reloading a new configuration fails instead of killing the daemon. ok reyk@
Revision 1.64 / (download) - annotate - [select for diffs], Sat Dec 8 20:36:36 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.63: +31 -31 lines
Diff to previous 1.63 (colored)
Rename everything which reffered to services refer to rdr for internals (for instance: rename struct service to struct rdr), refer to redirects otherwise (hoststatectl output). ok reyk@
Revision 1.63 / (download) - annotate - [select for diffs], Sat Dec 8 17:07:09 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.62: +50 -17 lines
Diff to previous 1.62 (colored)
some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, "services" will become "redirections" (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example "virtual host" will become "listen on"), all target definitions will start with "forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@
Revision 1.62 / (download) - annotate - [select for diffs], Fri Dec 7 17:17:01 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.61: +31 -31 lines
Diff to previous 1.61 (colored)
hoststated gets renamed to relayd. easier to type, and actually says what the daemon does - it is a relayer that pays attention to the status of pools of hosts; not a status checkers that happens to do some relaying
Revision 1.61 / (download) - annotate - [select for diffs], Wed Nov 28 11:37:59 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.60: +3 -1 lines
Diff to previous 1.60 (colored)
unref the label when free'ing a protocol node
Revision 1.60 / (download) - annotate - [select for diffs], Sun Nov 25 20:01:10 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.59: +39 -5 lines
Diff to previous 1.59 (colored)
in addition to IPv4/6 addresses, canonicalize the hostname for "url", for example ".www...Example.com." will be translated to "www.example.com". ok gilles@
Revision 1.59 / (download) - annotate - [select for diffs], Sat Nov 24 17:07:28 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.58: +3 -2 lines
Diff to previous 1.58 (colored)
sort includes, adjust to style(9)
Revision 1.58 / (download) - annotate - [select for diffs], Sat Nov 24 16:13:50 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.57: +23 -1 lines
Diff to previous 1.57 (colored)
extend the url lookup algorithm to match the full URL and different possible suffix/prefix combinations by stripping subdomains, path components, and the query args. ok and tested by gilles@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Nov 23 09:22:18 2007 UTC (16 years, 6 months ago) by sthen
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
fix typo ok pyr@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Nov 21 20:13:20 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.55: +19 -1 lines
Diff to previous 1.55 (colored)
move digest string handling into an extra function.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Nov 20 15:54:55 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.54: +3 -1 lines
Diff to previous 1.54 (colored)
it may be desirable to send a HTTP error page with error code and a meaningful message if a HTTP/HTTPS relay closes the connection for some reason. for example, a "403 Forbidden" if the request was rejected by a filter. this will be enabled with the "return error" option and is disabled by default, the standard behaviour is to silently drop the connection; the browser may display an empty page in this case. the look+feel of the HTTP error page can be customized with a CSS style sheet, but we do not intend to allow customization of the error page contents (hoststated is not a webserver!). ok pyr@
Revision 1.54 / (download) - annotate - [select for diffs], Mon Nov 19 15:31:36 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored)
spacing
Revision 1.53 / (download) - annotate - [select for diffs], Mon Nov 19 14:48:19 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.52: +9 -1 lines
Diff to previous 1.52 (colored)
rework the internal handling of protocol actions a little bit: - allow to use a key for multiple times by appending a queue of additional matches to the tree node. for example, this allows to specify multiple "expect" or "filter" actions to white-/black-list a list of HTTP-headers, URLs, .. - prevent specifing an HTTP header for multiple times when using the expect action. - minor code shuffling
Revision 1.52 / (download) - annotate - [select for diffs], Mon Nov 19 11:39:49 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.51: +19 -22 lines
Diff to previous 1.51 (colored)
move repeated code to cleanup a protocol tree into a function.
Revision 1.51 / (download) - annotate - [select for diffs], Thu Nov 15 17:02:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.50: +1 -3 lines
Diff to previous 1.50 (colored)
Do not insert proto_default inside the dynamically alloced protocol queue. Handle it as a special case in the one place where it actually matters instead.
Revision 1.50 / (download) - annotate - [select for diffs], Wed Nov 14 11:01:52 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.49: +6 -2 lines
Diff to previous 1.49 (colored)
add some sanity, that will be useful later on.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Nov 14 10:59:01 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.48: +5 -4 lines
Diff to previous 1.48 (colored)
make protos dynamic too
Revision 1.48 / (download) - annotate - [select for diffs], Tue Nov 13 10:35:21 2007 UTC (16 years, 6 months ago) by pyr
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
relays are dynamic now.
Revision 1.47 / (download) - annotate - [select for diffs], Sun Nov 4 22:09:02 2007 UTC (16 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.46: +3 -3 lines
Diff to previous 1.46 (colored)
the last change to enable logging to stderr on startup also enabled annoying debugging messages on the console by default. since we do not want to see debugging messages unless specified by the "-d" flag, add an extra debugging level "debug > 1" to be checked in log_debug().
Revision 1.46 / (download) - annotate - [select for diffs], Fri Oct 19 14:40:51 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.45: +6 -3 lines
Diff to previous 1.45 (colored)
Do log initialisation correctly, like bgpd does. This removes the double warn/log_warn madness i introduced yesterday. This also keeps messages on stderr at startup and when running with -n.
Revision 1.45 / (download) - annotate - [select for diffs], Fri Oct 19 14:15:14 2007 UTC (16 years, 7 months ago) by pyr
Branch: MAIN
Changes since 1.44: +7 -6 lines
Diff to previous 1.44 (colored)
Move relays from static TAILQs to allocated ones. This syncs it with other hoststated entities and will make reload easier. This is step 1 out of 7 for reload.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Oct 12 12:50:59 2007 UTC (16 years, 8 months ago) by blambert
Branch: MAIN
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
Silence some lint(1) warnings ok pyr@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Oct 5 17:32:13 2007 UTC (16 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.42: +3 -3 lines
Diff to previous 1.42 (colored)
stylistic changes in the relay/relay_config structure.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Oct 2 21:04:13 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.41: +29 -1 lines
Diff to previous 1.41 (colored)
stop messing with lgetc to please hoststated's check/expect. instead move some of the logic in yylex and do hoststated specific translations into hoststated.c ok gilles@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Sep 28 20:23:38 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.40: +3 -2 lines
Diff to previous 1.40 (colored)
KNF
Revision 1.40 / (download) - annotate - [select for diffs], Fri Sep 28 13:29:56 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Correct my mail address.
Revision 1.39 / (download) - annotate - [select for diffs], Wed Sep 5 08:48:42 2007 UTC (16 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.38: +4 -4 lines
Diff to previous 1.38 (colored)
store relay sessions in SPLAY trees instead of TAILQ lists. this will be used for faster lookups of sessions based on different criteria. ok pyr@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Jul 5 09:42:26 2007 UTC (16 years, 11 months ago) by thib
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
use a more traditional while() instead of for() for getopt(). sync usage() to the man page. format string fixes. complain about failed calloc()'s instead of exiting silently. ok pry@,reyk@
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jun 19 06:29:20 2007 UTC (16 years, 11 months ago) by pyr
Branch: MAIN
Changes since 1.36: +19 -7 lines
Diff to previous 1.36 (colored)
Do not fatal out with ``pipe closed'' when a short read occurs on one of our socket pairs. Instead disable listening on the pipe, terminate the event loop, and let the parent process's SIGCHLD handler do a clean shutdown. from an ospfd diff by claudio, ok claudio@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jun 12 15:16:10 2007 UTC (17 years ago) by msf
Branch: MAIN
Changes since 1.35: +17 -16 lines
Diff to previous 1.35 (colored)
put the fd passing from bgpd back in to hoststated's version of imsg, needed for layer 7 reload support. ok pyr@
Revision 1.35 / (download) - annotate - [select for diffs], Thu Jun 7 07:19:50 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.34: +67 -5 lines
Diff to previous 1.34 (colored)
(finally) Enable reload support for layer 3 configurations. Hoststated can be reloaded either by sending SIGHUP to the parent process or by using ``hoststatectl reload'' discussed and ok reyk@
Revision 1.34 / (download) - annotate - [select for diffs], Thu May 31 03:24:05 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.33: +54 -23 lines
Diff to previous 1.33 (colored)
allocate table lists and service lists instead of using static structs. split the code to start the event loop in two functions. introduce merge_config which will be used later on.
Revision 1.33 / (download) - annotate - [select for diffs], Wed May 30 00:51:21 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
give ibuf to event_set
Revision 1.32 / (download) - annotate - [select for diffs], Wed May 30 00:19:25 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.31: +1 -41 lines
Diff to previous 1.31 (colored)
backout more code that shouldn't have gone in.
Revision 1.31 / (download) - annotate - [select for diffs], Wed May 30 00:12:21 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.30: +42 -4 lines
Diff to previous 1.30 (colored)
backout last diff which introduces problems and use the global environment instead.
Revision 1.30 / (download) - annotate - [select for diffs], Tue May 29 23:58:30 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.29: +7 -5 lines
Diff to previous 1.29 (colored)
make sure every dispatch function is fed the environment structure.
Revision 1.29 / (download) - annotate - [select for diffs], Tue May 29 23:19:18 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.28: +11 -5 lines
Diff to previous 1.28 (colored)
allow the control handling code to send messages back to the parent. forward IMSG_CTL_RELOAD which ends up not doing anything for now.
Revision 1.28 / (download) - annotate - [select for diffs], Tue May 29 18:59:53 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.27: +9 -5 lines
Diff to previous 1.27 (colored)
do not start relay processes when no L7 load balancing is needed. ok reyk@
Revision 1.27 / (download) - annotate - [select for diffs], Tue May 29 17:12:04 2007 UTC (17 years ago) by reyk
Branch: MAIN
Changes since 1.26: +18 -3 lines
Diff to previous 1.26 (colored)
add a new check method which allows to run external scripts/programs for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.
Revision 1.26 / (download) - annotate - [select for diffs], Tue May 29 00:58:06 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.25: +6 -1 lines
Diff to previous 1.25 (colored)
when purging relays, purge sessions as well. not needed for the initial purge since no sessions exist but will be necessary when reloading the relay process.
Revision 1.25 / (download) - annotate - [select for diffs], Tue May 29 00:21:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
move struct relay to the runtime + config scheme. this time around, include hoststatectl changes too.
Revision 1.24 / (download) - annotate - [select for diffs], Mon May 28 22:11:33 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.23: +81 -1 lines
Diff to previous 1.23 (colored)
another small step towards hoststated reloading. allow purging of parts of the hoststated environment structure. start using this function now to only keep vital information in hoststated children processes. ok reyk@
Revision 1.23 / (download) - annotate - [select for diffs], Sun May 27 20:53:10 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.22: +7 -7 lines
Diff to previous 1.22 (colored)
Second step towards hoststated reload: First split out hosts, tables and services into to structs, one that contains the runtime fields and one (inside the runtime) that contains mostly static fields that will be sent over the socket during reload. Also move the demoted field of tables inside the flags field as its just a boolean. ok reyk@
Revision 1.22 / (download) - annotate - [select for diffs], Sat May 26 19:58:49 2007 UTC (17 years ago) by pyr
Branch: MAIN
Changes since 1.21: +61 -39 lines
Diff to previous 1.21 (colored)
first steps for implementing reload: * make parse_config allocate the hoststated function by itself * make as many sockets as necessary to talk to the relay children * add send_all for talking to all children with advise and ok reyk@
Revision 1.21 / (download) - annotate - [select for diffs], Sat Mar 17 22:54:49 2007 UTC (17 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.20: +2 -4 lines
Diff to previous 1.20 (colored)
remove a debug message
Revision 1.20 / (download) - annotate - [select for diffs], Mon Feb 26 16:10:24 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
handle strlcpy return values, make lint happy
Revision 1.19 / (download) - annotate - [select for diffs], Fri Feb 23 00:28:06 2007 UTC (17 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)
knf
Revision 1.18 / (download) - annotate - [select for diffs], Thu Feb 22 05:58:06 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.17: +11 -7 lines
Diff to previous 1.17 (colored)
spacing
Revision 1.17 / (download) - annotate - [select for diffs], Thu Feb 22 03:32:39 2007 UTC (17 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.16: +178 -12 lines
Diff to previous 1.16 (colored)
Add layer 7 functionality to hoststated used for layer 7 loadbalancing, SSL acceleration, general-purpose TCP relaying, and transparent proxying. see hoststated.conf(5) and my upcoming article on undeadly.org for details. ok to commit deraadt@ pyr@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Feb 8 13:32:24 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.15: +5 -3 lines
Diff to previous 1.15 (colored)
carefully check some return values and make lint happier. never pass any truncated strings (table names/anchors/tags/...) to pf and the kernel. ok pyr@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Feb 7 13:30:17 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.14: +7 -2 lines
Diff to previous 1.14 (colored)
add the -D option to define macros on the command line (as found in bgpd(8), hostapd(8), ipsecctl(8), pfctl(8), ...).
Revision 1.14 / (download) - annotate - [select for diffs], Tue Feb 6 10:03:08 2007 UTC (17 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)
change fatal message to know where it happened
Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 29 14:23:31 2007 UTC (17 years, 4 months ago) by pyr
Branch: MAIN
Changes since 1.12: +3 -1 lines
Diff to previous 1.12 (colored)
Add SSL support to hoststated. with help and OK reyk@ with help and advice by claudio@ and Srebrenko Sehic
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 24 10:26:00 2007 UTC (17 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
Similar to ospfd and ripd ignore SIGPIPE in all processes to be able to do a nice exit in case one of the processes dies. OK pyr@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 11 18:28:28 2007 UTC (17 years, 5 months ago) by pyr
Branch: MAIN
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)
spacing
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jan 11 18:05:08 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.9: +22 -1 lines
Diff to previous 1.9 (colored)
use real async events for checks and improve the non-blocking socket usage. also modify the check_icmp code to use non-blocking raw sockets and merge the icmp4 and icmp6 functions. some other minor changes while i'm here. as discussed with pyr@ claudio@ deraadt@ ok pyr@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 9 13:50:11 2007 UTC (17 years, 5 months ago) by pyr
Branch: MAIN
Changes since 1.8: +13 -13 lines
Diff to previous 1.8 (colored)
Finish renaming hostated to hoststated. Note to testers: the user the daemon changes its id to is now _hoststated, don't forget to update master.passwd. ok reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 9 02:32:58 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
unbreak
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jan 8 20:46:18 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)
do NOT use the regexp interface. it is way to complicated, error-prone and we don't know about all the possible security problems. change the check send/expect code to use the fnmatch(3) interface using shell globbing rules instead. this allows simple patterns like "220 * ESMTP*" or "SSH-[12].??-*". suggested by deraadt@ and otto@ ok Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 8 13:37:26 2007 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
add a generic send/expect check using regular expression (see regex(3)). this allows to define additional checks for other TCP protocols. From Pierre-Yves Ritschard (pyr at spootnik dot org)
Revision 1.5 / (download) - annotate - [select for diffs], Mon Dec 25 18:40:38 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
knf
Revision 1.4 / (download) - annotate - [select for diffs], Sat Dec 16 18:50:33 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.3: +36 -1 lines
Diff to previous 1.3 (colored)
- allow to use host/service/table names instead of Ids in hostatectl. - minor change of the "hostatectl show" command output - increase the max service and tag names (max pf tag name size is 64 now!) thanks to pyr who found a bug in my initial diff
Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 16 14:07:29 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
knf (second level indents are four spaces)
Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 16 12:42:14 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.1: +63 -64 lines
Diff to previous 1.1 (colored)
knf, spacing please note that some editors will replace tabs with multiple spaces if you cut & paste code from other sections. please try to keep the tabs ;).
Revision 1.1 / (download) - annotate - [select for diffs], Sat Dec 16 11:45:07 2006 UTC (17 years, 5 months ago) by reyk
Branch: MAIN
Import hostated, the host status daemon. This daemon will monitor remote hosts and dynamically alter pf(4) tables and redirection rules for active server load balancing. The daemon has been written by Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as "slbd". The daemon is fully functional but it still needs some work and cleanup so we don't link it to the build yet. Some TODOs are a partial rewrite of the check_* routines (use libevent whenever we can), improvement of the manpages, and general knf and cleanup. ok deraadt@ claudio@