cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 4.9.20110522

Browse Source
This commit is contained in:
Martin Matuska 2011-05-22 22:14:35 +00:00
parent 55a37728af
commit 416c8b7511
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=274478
27 changed files with 1821 additions and 1665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/relayd/Makefile
View File

@ -5,8 +5,7 @@
# $FreeBSD$
PORTNAME= relayd
PORTVERSION= 4.6.20090813
PORTREVISION= 5
PORTVERSION= 4.9.20110522
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_LOCAL}
MASTER_SITE_SUBDIR= mm
@ -16,7 +15,7 @@ COMMENT= OpenBSD relay daemon
LICENSE= BSD
DISTNAME= ${PORTNAME}-${PORTVERSION}-1
DISTNAME= ${PORTNAME}-${PORTVERSION}
USE_BZIP2= yes
MANCOMPRESSED= yes

4
net/relayd/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (relayd-4.6.20090813-1.tar.bz2) = c4f2e2e48155117a73042c313f777b0f467640eea29bf2473eb9dba5bede0b9d
SIZE (relayd-4.6.20090813-1.tar.bz2) = 77359
SHA256 (relayd-4.9.20110522.tar.bz2) = 905ab2fa2296adc60b3552e50529dc69e906c4414b11ed125c4c6bd613765378
SIZE (relayd-4.9.20110522.tar.bz2) = 85439

9
net/relayd/files/Makefile.relayctl
View File

@ -2,10 +2,12 @@
PROG= relayctl
.PATH: ${.CURDIR}/../../lib/libutil
SRCS= imsg-buffer.c \
imsg.c
.PATH: ${.CURDIR}/../relayd
SRCS= buffer.c \
imsg.c \
log.c
SRCS+= log.c
.PATH: ${.CURDIR}
SRCS+= relayctl.c \
@ -15,6 +17,7 @@ MAN= relayctl.8
CFLAGS+= -D__dead=''
CFLAGS+= -I${.CURDIR} \
-I${.CURDIR}/../../lib/libutil \
-I${.CURDIR}/../relayd \
-I${PREFIX}/include

16
net/relayd/files/Makefile.relayd
View File

@ -5,11 +5,14 @@ PROG= relayd
MAN= relayd.8 \
relayd.conf.5
SRCS= parse.y \
.PATH: ${.CURDIR}/../../lib/libutil
SRCS= imsg-buffer.c \
imsg.c
.PATH: ${.CURDIR}
SRCS+= parse.y \
log.c \
control.c \
buffer.c \
imsg.c \
ssl.c \
ssl_privsep.c \
relayd.c \
@ -23,13 +26,16 @@ SRCS= parse.y \
check_script.c \
name2id.c \
arc4random.c \
shuffle.c
shuffle.c \
proc.c \
config.c
CFLAGS+= -DSHA1_DIGEST_LENGTH=SHA_DIGEST_LENGTH \
-DSHA1_DIGEST_STRING_LENGTH=SHA_DIGEST_LENGTH \
-DOPENSSL_NO_SHA -DOPENSSL_NO_MD5 \
-D__dead=''
CFLAGS+= -I${.CURDIR} -I${PREFIX}/include
CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libutil \
-I${PREFIX}/include
CLEANFILES+= y.tab.h
LDADD= -lmd -L${PREFIX}/lib ${LIBEVENT} -lssl -lcrypto

75
net/relayd/files/patch-freebsd-relayctl
View File

@ -1,75 +0,0 @@
diff -Naur relayctl.orig/parser.c relayctl/parser.c
--- relayctl.orig/parser.c 2007-12-20 21:15:43.000000000 +0100
+++ relayctl/parser.c 2010-05-27 10:12:35.000000000 +0200
@@ -18,7 +18,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/socket.h>
#include <sys/queue.h>
@@ -124,6 +128,11 @@
static struct parse_result res;
+#ifdef __FreeBSD__
+const struct token *match_token(const char *, const struct token []);
+void show_valid_args(const struct token []);
+#endif
+
struct parse_result *
parse(int argc, char *argv[])
{
diff -Naur relayctl.orig/parser.h relayctl/parser.h
--- relayctl.orig/parser.h 2007-12-20 21:15:43.000000000 +0100
+++ relayctl/parser.h 2010-05-27 10:12:03.000000000 +0200
@@ -41,5 +41,7 @@
};
struct parse_result *parse(int, char *[]);
+#ifndef __FreeBSD__
const struct token *match_token(const char *, const struct token []);
void show_valid_args(const struct token []);
+#endif
diff -Naur relayctl.orig/relayctl.c relayctl/relayctl.c
--- relayctl.orig/relayctl.c 2009-06-06 01:39:51.000000000 +0200
+++ relayctl/relayctl.c 2010-05-27 10:11:39.000000000 +0200
@@ -20,6 +20,9 @@
*/
#include <sys/types.h>
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#endif
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/un.h>
@@ -290,7 +293,11 @@
imn = monitor_lookup(imsg->hdr.type);
printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
+#ifdef __FreeBSD__
+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
+#else
printf("\ttimestamp: %u, %s", now, ctime(&now));
+#endif
if (imn->type == -1)
done = 1;
if (imn->func != NULL)
@@ -509,7 +516,11 @@
printf("\t%8s\ttotal: %llu sessions\n"
"\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
"\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
+#ifdef __FreeBSD__
+ "", (long long unsigned)crs.cnt,
+#else
"", crs.cnt,
+#endif
"", crs.last, crs.interval,
crs.last_hour, crs.last_day,
"", crs.avg, crs.interval,

791
net/relayd/files/patch-freebsd-relayd
View File

@ -1,791 +0,0 @@
diff -Naur relayd.orig/carp.c relayd/carp.c
--- relayd.orig/carp.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/carp.c 2010-06-10 08:50:24.487544459 +0200
@@ -19,6 +19,7 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
+#include <sys/queue.h>
#include <net/if.h>
diff -Naur relayd.orig/check_tcp.c relayd/check_tcp.c
--- relayd.orig/check_tcp.c 2010-06-10 08:50:20.371085750 +0200
+++ relayd/check_tcp.c 2010-06-10 08:50:24.488548211 +0200
@@ -31,7 +31,7 @@
#include <stdlib.h>
#include <errno.h>
#include <fnmatch.h>
-#include <sha1.h>
+#include <sha.h>
#include <openssl/ssl.h>
@@ -285,7 +285,11 @@
if (b == NULL)
fatal("out of memory");
*b = '\0';
+#ifndef __FreeBSD__
if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
+#else
+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
+#endif
cte->host->he = HCE_SEND_EXPECT_OK;
cte->host->up = HOST_UP;
return (0);
@@ -318,7 +322,11 @@
fatal("out of memory");
*b = '\0';
+#ifndef __FreeBSD__
head = cte->buf->buf;
+#else
+ head = (char *)cte->buf->buf;
+#endif
host = cte->host;
host->he = HCE_HTTP_CODE_ERROR;
@@ -370,7 +378,11 @@
fatal("out of memory");
*b = '\0';
+#ifndef __FreeBSD__
head = cte->buf->buf;
+#else
+ head = (char *)cte->buf->buf;
+#endif
host = cte->host;
host->he = HCE_HTTP_DIGEST_ERROR;
@@ -382,7 +394,11 @@
}
head += strlen("\r\n\r\n");
+#ifndef __FreeBSD__
digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
+#else
+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
+#endif
if (strcmp(cte->table->conf.digest, digest)) {
log_warnx("check_http_digest: %s failed "
diff -Naur relayd.orig/hce.c relayd/hce.c
--- relayd.orig/hce.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/hce.c 2010-06-10 08:50:24.489552523 +0200
@@ -167,7 +167,7 @@
struct timeval tv;
struct table *table;
- snmp_init(env, iev_main);
+// snmp_init(env, iev_main);
if (!TAILQ_EMPTY(env->sc_tables)) {
evtimer_set(&env->sc_ev, hce_launch_checks, env);
@@ -336,8 +336,10 @@
print_availability(host->check_cnt, host->up_cnt));
}
+/*
if (host->last_up != host->up)
snmp_hosttrap(table, host);
+*/
host->last_up = host->up;
diff -Naur relayd.orig/log.c relayd/log.c
--- relayd.orig/log.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/log.c 2010-06-10 08:50:24.489552523 +0200
@@ -16,7 +16,11 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/tree.h>
diff -Naur relayd.orig/parse.y relayd/parse.y
--- relayd.orig/parse.y 2010-06-10 08:50:20.372089782 +0200
+++ relayd/parse.y 2010-06-10 08:50:24.490556275 +0200
@@ -343,6 +343,7 @@
}
conf->sc_prefork_relay = $2;
}
+/* FreeBSD exclude
| DEMOTE STRING {
conf->sc_flags |= F_DEMOTE;
if (strlcpy(conf->sc_demote_group, $2,
@@ -360,6 +361,7 @@
}
}
| SEND TRAP { conf->sc_flags |= F_TRAP; }
+*/
;
loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
@@ -615,6 +617,7 @@
bcopy(&$2, &table->conf.timeout,
sizeof(struct timeval));
}
+/* FreeBSD exclude
| DEMOTE STRING {
table->conf.flags |= F_DEMOTE;
if (strlcpy(table->conf.demote_group, $2,
@@ -632,6 +635,7 @@
YYERROR;
}
}
+*/
| INTERVAL NUMBER {
if ($2 < conf->sc_interval.tv_sec ||
$2 % conf->sc_interval.tv_sec) {
@@ -1562,7 +1566,7 @@
{ "ciphers", CIPHERS },
{ "code", CODE },
{ "cookie", COOKIE },
- { "demote", DEMOTE },
+// FreeBSD { "demote", DEMOTE },
{ "digest", DIGEST },
{ "disable", DISABLE },
{ "error", ERROR },
@@ -1625,7 +1629,7 @@
{ "timeout", TIMEOUT },
{ "to", TO },
{ "transparent", TRANSPARENT },
- { "trap", TRAP },
+// FreeBSD { "trap", TRAP },
{ "ttl", TTL },
{ "updates", UPDATES },
{ "url", URL },
@@ -2260,7 +2264,8 @@
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
error = getaddrinfo(s, NULL, &hints, &res0);
- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
+ if (error == EAI_AGAIN || error == EAI_NONAME)
return (0);
if (error) {
log_warnx("host_dns: could not parse \"%s\": %s", s,
diff -Naur relayd.orig/pfe.c relayd/pfe.c
--- relayd.orig/pfe.c 2010-06-10 08:50:20.369077965 +0200
+++ relayd/pfe.c 2010-06-10 08:50:24.491560307 +0200
@@ -17,6 +17,9 @@
*/
#include <sys/param.h>
+#ifdef __FreeBSD__
+#include <sys/queue.h>
+#endif
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
@@ -859,7 +862,9 @@
struct table *table;
struct ctl_id id;
struct imsg imsg;
+#ifndef __FreeBSD__
struct ctl_demote demote;
+#endif
bzero(&id, sizeof(id));
bzero(&imsg, sizeof(imsg));
@@ -920,6 +925,7 @@
*/
table->conf.flags &= ~(F_CHANGED);
+#ifndef __FreeBSD__
/*
* handle demotion.
*/
@@ -942,6 +948,7 @@
sizeof(demote.group));
imsg_compose_event(iev_main, IMSG_DEMOTE, 0, 0, -1,
&demote, sizeof(demote));
+#endif
}
}
diff -Naur relayd.orig/pfe_filter.c relayd/pfe_filter.c
--- relayd.orig/pfe_filter.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/pfe_filter.c 2010-06-10 08:51:10.599999014 +0200
@@ -97,6 +97,10 @@
sizeof(tables[i].pfrt_name))
goto toolong;
tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
+#ifdef __FreeBSD__
+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
+#endif
+ tables[i].pfrt_anchor, tables[i].pfrt_name);
i++;
}
if (i != env->sc_rdrcount)
@@ -280,12 +284,11 @@
}
psnk.psnk_af = host->conf.ss.ss_family;
- psnk.psnk_killed = 0;
if (ioctl(env->sc_pf->dev,
DIOCKILLSRCNODES, &psnk) == -1)
fatal("kill_srcnodes: cannot kill src nodes");
- cnt += psnk.psnk_killed;
+ cnt += psnk.psnk_af;
}
return (cnt);
@@ -370,7 +373,11 @@
struct sockaddr_in6 *sain6;
struct address *address;
char anchor[PF_ANCHOR_NAME_SIZE];
+#ifndef __FreeBSD__
int rs;
+#else
+ int rs = 0;
+#endif
struct table *t = rdr->table;
if (!(env->sc_flags & F_NEEDPF))
@@ -418,7 +425,9 @@
/* Use sloppy state handling for half connections */
rio.rule.keep_state = PF_STATE_NORMAL;
+#ifdef PFRULE_STATESLOPPY
rio.rule.rule_flag = PFRULE_STATESLOPPY;
+#endif
break;
default:
fatalx("sync_ruleset: invalid forward mode");
@@ -437,7 +446,9 @@
rio.rule.dst.port_op = address->port.op;
rio.rule.dst.port[0] = address->port.val[0];
rio.rule.dst.port[1] = address->port.val[1];
+#if 0
rio.rule.rtableid = -1; /* stay in the main routing table */
+#endif
if (rio.rule.proto == IPPROTO_TCP)
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
diff -Naur relayd.orig/relay.c relayd/relay.c
--- relayd.orig/relay.c 2010-06-10 08:50:20.371085750 +0200
+++ relayd/relay.c 2010-06-10 08:50:24.492564339 +0200
@@ -16,7 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/time.h>
#include <sys/stat.h>
@@ -683,6 +687,7 @@
&val, sizeof(val)) == -1)
goto bad;
}
+#ifndef __FreeBSD__
if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
if (proto->tcpflags & TCPFLAG_NSACK)
val = 0;
@@ -692,6 +697,7 @@
&val, sizeof(val)) == -1)
goto bad;
}
+#endif
return (s);
@@ -1027,7 +1033,11 @@
}
if (strstr(val, "$TIMEOUT") != NULL) {
snprintf(ibuf, sizeof(ibuf), "%lu",
+#ifdef __FreeBSD__
+ (unsigned long)rlay->rl_conf.timeout.tv_sec);
+#else
rlay->rl_conf.timeout.tv_sec);
+#endif
if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
return (NULL);
}
@@ -1624,7 +1634,11 @@
switch (type) {
case DIGEST_SHA1:
case DIGEST_MD5:
+#ifdef __FreeBSD__
+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
+#else
if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
+#endif
relay_close_http(con, 500,
"failed to allocate digest", 0);
goto fail;
@@ -2642,8 +2656,12 @@
goto err;
/* Set session context to the local relay name */
- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
- strlen(rlay->rl_conf.name)))
+ if (!SSL_CTX_set_session_id_context(ctx,
+#ifdef __FreeBSD__
+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
+#else
+ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
+#endif
goto err;
return (ctx);
@@ -3104,7 +3122,11 @@
if (fstat(fd, &st) != 0)
goto fail;
size = st.st_size;
+#ifndef __FreeBSD__
if ((buf = (char *)calloc(1, size + 1)) == NULL)
+#else
+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
+#endif
goto fail;
if (read(fd, buf, size) != size)
goto fail;
@@ -3112,7 +3134,11 @@
close(fd);
*len = size + 1;
+#ifndef __FreeBSD__
return (buf);
+#else
+ return (char *)(buf);
+#endif
fail:
if (buf != NULL)
@@ -3142,7 +3168,7 @@
return (-1);
if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/%s.crt", hbuf) == -1)
+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
return (-1);
if ((rlay->rl_ssl_cert = relay_load_file(certfile,
&rlay->rl_ssl_cert_len)) == NULL)
@@ -3150,7 +3176,7 @@
log_debug("relay_load_certfiles: using certificate %s", certfile);
if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/private/%s.key", hbuf) == -1)
+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
return -1;
if ((rlay->rl_ssl_key = relay_load_file(certfile,
&rlay->rl_ssl_key_len)) == NULL)
diff -Naur relayd.orig/relay_udp.c relayd/relay_udp.c
--- relayd.orig/relay_udp.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/relay_udp.c 2010-06-10 08:50:24.493571444 +0200
@@ -16,7 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/time.h>
#include <sys/stat.h>
diff -Naur relayd.orig/relayd.8 relayd/relayd.8
--- relayd.orig/relayd.8 2010-06-10 08:50:20.371085750 +0200
+++ relayd/relayd.8 2010-06-10 08:50:24.493571444 +0200
@@ -117,7 +117,7 @@
.It Fl f Ar file
Specify an alternative configuration file.
The default is
-.Pa /etc/relayd.conf .
+.Pa %%PREFIX%%/etc/relayd.conf .
.It Fl n
Configtest mode.
Only check the configuration file for validity.
@@ -126,7 +126,7 @@
.El
.Sh FILES
.Bl -tag -width "/var/run/relayd.sockXX" -compact
-.It /etc/relayd.conf
+.It %%PREFIX%%/etc/relayd.conf
Default configuration file.
.It /var/run/relayd.sock
Unix-domain socket used for communication with
diff -Naur relayd.orig/relayd.c relayd/relayd.c
--- relayd.orig/relayd.c 2010-06-10 08:50:20.370081718 +0200
+++ relayd/relayd.c 2010-06-10 08:50:24.494572682 +0200
@@ -17,7 +17,12 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#include <openssl/rand.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/wait.h>
@@ -37,7 +42,11 @@
#include <unistd.h>
#include <ctype.h>
#include <pwd.h>
+#ifdef __FreeBSD__
+#include <sha.h>
+#else
#include <sha1.h>
+#endif
#include <md5.h>
#include <openssl/ssl.h>
@@ -126,6 +135,11 @@
int c;
int debug;
u_int32_t opts;
+#ifdef __FreeBSD__
+#if __FreeBSD_version > 800040
+ u_int32_t rnd[256];
+#endif
+#endif
struct relayd *env;
const char *conffile;
struct event ev_sigint;
@@ -196,6 +210,16 @@
log_info("startup");
+#ifdef __FreeBSD__
+#if __FreeBSD_version > 800040
+ arc4random_stir();
+ arc4random_buf(rnd, sizeof(rnd));
+ RAND_seed(rnd, sizeof(rnd));
+#else
+ RAND_load_file("/dev/random",2048);
+#endif
+#endif
+
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC,
pipe_parent2pfe) == -1)
fatal("socketpair");
@@ -292,9 +316,10 @@
iev_hce->handler, iev_hce);
event_add(&iev_hce->ev, NULL);
+#ifndef __FreeBSD__
if (env->sc_flags & F_DEMOTE)
carp_demote_reset(env->sc_demote_group, 0);
-
+#endif
event_dispatch();
return (0);
@@ -319,9 +344,11 @@
} while (pid != -1 || (pid == -1 && errno == EINTR));
control_cleanup();
+#ifndef __FreeBSD__
carp_demote_shutdown();
if (env->sc_flags & F_DEMOTE)
carp_demote_reset(env->sc_demote_group, 128);
+#endif
log_info("terminating");
exit(0);
}
@@ -383,8 +410,10 @@
memcpy(&env->sc_proto_default, &new_env->sc_proto_default,
sizeof(env->sc_proto_default));
env->sc_prefork_relay = new_env->sc_prefork_relay;
+#ifndef __FreeBSD__
(void)strlcpy(env->sc_demote_group, new_env->sc_demote_group,
sizeof(env->sc_demote_group));
+#endif
env->sc_tables = new_env->sc_tables;
env->sc_rdrs = new_env->sc_rdrs;
@@ -610,7 +639,9 @@
struct imsgbuf *ibuf;
struct imsg imsg;
ssize_t n;
+#ifndef __FreeBSD__
struct ctl_demote demote;
+#endif
iev = ptr;
ibuf = &iev->ibuf;
@@ -638,6 +669,7 @@
break;
switch (imsg.hdr.type) {
+#ifndef __FreeBSD__
case IMSG_DEMOTE:
if (imsg.hdr.len - IMSG_HEADER_SIZE !=
sizeof(demote))
@@ -646,6 +678,7 @@
memcpy(&demote, imsg.data, sizeof(demote));
carp_demote_set(demote.group, demote.level);
break;
+#endif
case IMSG_CTL_RELOAD:
/*
* so far we only get here if no L7 (relay) is done.
@@ -709,9 +742,11 @@
imsg_compose_event(iev_hce, IMSG_SCRIPT,
0, 0, -1, &scr, sizeof(scr));
break;
+/*
case IMSG_SNMPSOCK:
(void)snmp_sendsock(iev);
break;
+*/
default:
log_debug("main_dispatch_hce: unexpected imsg %d",
imsg.hdr.type);
@@ -1021,7 +1056,11 @@
{
switch (type) {
case DIGEST_SHA1:
+#ifdef __FreeBSD__
+ return (SHA1_Data(data, len, buf));
+#else
return (SHA1Data(data, len, buf));
+#endif
break;
case DIGEST_MD5:
return (MD5Data(data, len, buf));
@@ -1258,9 +1297,17 @@
bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
bnd->bnd_proto)) == -1)
goto fail;
+#ifdef SO_BINDANY
if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
&v, sizeof(v)) == -1)
goto fail;
+#else
+#ifdef IP_BINDANY
+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
+ &v, sizeof(v)) == -1)
+ goto fail;
+#endif
+#endif
if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
bnd->bnd_ss.ss_len) == -1)
goto fail;
diff -Naur relayd.orig/relayd.conf.5 relayd/relayd.conf.5
--- relayd.orig/relayd.conf.5 2010-06-10 08:50:20.371085750 +0200
+++ relayd/relayd.conf.5 2010-06-10 08:50:24.495576434 +0200
@@ -78,7 +78,7 @@
.Ic include
keyword, for example:
.Bd -literal -offset indent
-include "/etc/relayd.conf.local"
+include "%%PREFIX%%/etc/relayd.conf.local"
.Ed
.Sh MACROS
Macros can be defined that will later be expanded in context.
@@ -103,17 +103,6 @@
.Sh GLOBAL CONFIGURATION
Here are the settings that can be set globally:
.Bl -tag -width Ds
-.It Ic demote Ar group
-Enable the global
-.Xr carp 4
-demotion option, resetting the carp demotion counter for the
-specified interface group to zero on startup and to 128 on shutdown of
-the daemon.
-For more information on interface groups,
-see the
-.Ic group
-keyword in
-.Xr ifconfig 8 .
.It Ic interval Ar number
Set the interval in seconds at which the hosts will be checked.
The default interval is 10 seconds.
@@ -143,15 +132,6 @@
.Xr relayd 8
runs 5 relay processes by default and every process will handle
all configured relays.
-.It Ic send trap
-Send an SNMP trap when the state of a host changes.
-.Xr relayd 8
-will try to connect to
-.Xr snmpd 8
-and request it send a trap to the registered trap receivers;
-see
-.Xr snmpd.conf 5
-for more information about the configuration.
.It Ic timeout Ar number
Set the global timeout in milliseconds for checks.
This can be overridden by the timeout value in the table definitions.
@@ -349,17 +329,6 @@
.Pp
The following general table options are available:
.Bl -tag -width Ds
-.It Ic demote Ar group
-Enable the per-table
-.Xr carp 4
-demotion option.
-This will increment the carp demotion counter for the
-specified interface group if all hosts in the table are down.
-For more information on interface groups,
-see the
-.Ic group
-keyword in
-.Xr ifconfig 8 .
.It Ic interval Ar number
Override the global interval and specify one for this table.
It must be a multiple of the global interval.
@@ -604,9 +573,9 @@
keyword is present, the relay will accept connections using the
encrypted SSL protocol.
The relay will look up a private key in
-.Pa /etc/ssl/private/address.key
+.Pa %%PREFIX%%/etc/ssl/private/address.key
and a public certificate in
-.Pa /etc/ssl/address.crt ,
+.Pa %%PREFIX%%/etc/ssl/address.crt ,
where
.Ar address
is the specified IP address of the relay to listen on.
@@ -955,9 +924,6 @@
This option enables CA verification in SSL client mode.
The daemon will load the CA (Certificate Authority) certificates from
the specified path to verify the server certificates.
-.Ox
-provides a default CA bundle in
-.Pa /etc/ssl/cert.pem .
.It Ic ciphers Ar string
Set the string defining the SSL cipher suite.
If not specified, the default value
@@ -1036,22 +1002,19 @@
.El
.El
.Sh FILES
-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
-.It Pa /etc/relayd.conf
+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
+.It Pa %%PREFIX%%/etc/relayd.conf
.Xr relayd 8
configuration file.
.Pp
.It Pa /etc/services
Service name database.
.Pp
-.It Pa /etc/ssl/address.crt
-.It Pa /etc/ssl/private/address.key
+.It Pa %%PREFIX%%/etc/ssl/address.crt
+.It Pa %%PREFIX%%/etc/ssl/private/address.key
Location of the relay SSL server certificates, where
.Ar address
is the configured IP address of the relay.
-.It Pa /etc/ssl/cert.pem
-Default location of the CA bundle that can be used with
-.Xr relayd 8 .
.El
.Sh EXAMPLES
This configuration file would create a redirection service
@@ -1146,7 +1109,6 @@
.Sh SEE ALSO
.Xr relayctl 8 ,
.Xr relayd 8 ,
-.Xr snmpd 8 ,
.Xr ssl 8
.Sh HISTORY
The
diff -Naur relayd.orig/relayd.h relayd/relayd.h
--- relayd.orig/relayd.h 2010-06-10 08:50:20.372089782 +0200
+++ relayd/relayd.h 2010-06-10 08:50:24.496580466 +0200
@@ -19,10 +19,18 @@
*/
#include <sys/tree.h>
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#include <sys/queue.h>
+#endif
#include <imsg.h>
+#ifdef __FreeBSD__
+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
+#else
#define CONF_FILE "/etc/relayd.conf"
+#endif
#define RELAYD_SOCKET "/var/run/relayd.sock"
#define PF_SOCKET "/dev/pf"
#define RELAYD_USER "_relayd"
@@ -57,7 +65,18 @@
#define PURGE_PROTOS 0x08
#define PURGE_EVERYTHING 0xff
+#ifndef __FreeBSD__
#define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
+#else
+#define SIMPLEQ_HEAD STAILQ_HEAD
+#define SIMPLEQ_FIRST STAILQ_FIRST
+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
+#define SIMPLEQ_ENTRY STAILQ_ENTRY
+#define SIMPLEQ_INIT STAILQ_INIT
+#define SIMPLEQ_EMPTY STAILQ_EMPTY
+#define SIMPLEQ_NEXT STAILQ_NEXT
+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
+#endif
#if DEBUG > 1
#define DPRINTF log_debug
@@ -607,10 +626,11 @@
struct event sc_statev;
struct timeval sc_statinterval;
+#ifndef __FreeBSD__
int sc_snmp;
struct event sc_snmpto;
struct event sc_snmpev;
-
+#endif
int sc_has_icmp;
int sc_has_icmp6;
struct ctl_icmp_event sc_icmp_send;
@@ -688,7 +708,9 @@
IMSG_HOST_STATUS, /* notifies from hce to pfe */
IMSG_SYNC,
IMSG_NATLOOK,
+#ifndef __FreeBSD__
IMSG_DEMOTE,
+#endif
IMSG_STATISTICS,
IMSG_RECONF, /* reconfiguration notifies */
IMSG_RECONF_TABLE,
@@ -704,7 +726,9 @@
IMSG_RECONF_RELAY,
IMSG_RECONF_END,
IMSG_SCRIPT,
+#ifndef __FreeBSD__
IMSG_SNMPSOCK,
+#endif
IMSG_BINDANY
};
@@ -857,10 +881,16 @@
void pn_unref(u_int16_t);
void pn_ref(u_int16_t);
+#ifndef __FreeBSD__
/* snmp.c */
void snmp_init(struct relayd *, struct imsgev *);
int snmp_sendsock(struct imsgev *);
void snmp_hosttrap(struct table *, struct host *);
+#else
+#if __FreeBSD_version < 800041
+u_int32_t arc4random_uniform(u_int32_t upper_bound);
+#endif
+#endif
/* shuffle.c */
void shuffle_init(struct shuffle *);

74
net/relayd/files/patch-relayctl-parser.c
View File

@ -1,56 +1,24 @@
--- relayctl/parser.c.orig 2010-05-31 07:38:49.928320202 +0000
+++ relayctl/parser.c 2010-05-31 07:41:05.348576930 +0000
@@ -68,6 +68,7 @@
static const struct token t_rdr_id[];
static const struct token t_table_id[];
static const struct token t_host_id[];
+static const struct token t_log[];
--- relayctl/parser.c.orig 2011-05-19 10:56:49.000000000 +0200
+++ relayctl/parser.c 2011-05-22 10:51:26.683383150 +0200
@@ -18,7 +18,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
static const struct token t_main[] = {
{KEYWORD, "monitor", MONITOR, NULL},
@@ -78,6 +79,7 @@
{KEYWORD, "redirect", NONE, t_rdr},
{KEYWORD, "table", NONE, t_table},
{KEYWORD, "host", NONE, t_host},
+ {KEYWORD, "log", NONE, t_log},
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/socket.h>
#include <sys/queue.h>
@@ -87,7 +91,9 @@
{KEYWORD, "hosts", SHOW_HOSTS, NULL},
{KEYWORD, "redirects", SHOW_RDRS, NULL},
{KEYWORD, "relays", SHOW_RELAYS, NULL},
+#ifndef __FreeBSD__
{KEYWORD, "routers", SHOW_ROUTERS, NULL},
+#endif
{KEYWORD, "sessions", SHOW_SESSIONS, NULL},
{ENDTOKEN, "", NONE, NULL}
};
@@ -126,11 +128,17 @@
{ENDTOKEN, "", NONE, NULL}
};
+static const struct token t_log[] = {
+ {KEYWORD, "verbose", LOG_VERBOSE, NULL},
+ {KEYWORD, "brief", LOG_BRIEF, NULL},
+ {ENDTOKEN, "", NONE, NULL}
+};
+
static struct parse_result res;
#ifdef __FreeBSD__
-const struct token *match_token(const char *, const struct token []);
-void show_valid_args(const struct token []);
+const struct token *match_token(const char *, const struct token *);
+void show_valid_args(const struct token *);
#endif
struct parse_result *
@@ -166,7 +174,7 @@
}
const struct token *
-match_token(const char *word, const struct token table[])
+match_token(const char *word, const struct token *table)
{
u_int i, match;
const struct token *t = NULL;
@@ -243,7 +251,7 @@
}
void
-show_valid_args(const struct token table[])
+show_valid_args(const struct token *table)
{
int i;

34
net/relayd/files/patch-relayctl-parser.h
View File

@ -1,22 +1,12 @@
--- relayctl/parser.h.orig 2010-05-31 07:38:49.934576348 +0000
+++ relayctl/parser.h 2010-05-31 07:40:47.494152077 +0000
@@ -32,7 +32,9 @@
SHUTDOWN,
POLL,
RELOAD,
- MONITOR
+ MONITOR,
+ LOG_VERBOSE,
+ LOG_BRIEF
};
struct parse_result {
@@ -42,6 +44,6 @@
struct parse_result *parse(int, char *[]);
#ifndef __FreeBSD__
-const struct token *match_token(const char *, const struct token []);
-void show_valid_args(const struct token []);
+const struct token *match_token(const char *, const struct token *);
+void show_valid_args(const struct token *);
#endif
--- relayctl/parser.h.orig 2011-05-22 10:56:33.769045780 +0200
+++ relayctl/parser.h 2011-05-22 10:56:46.122442873 +0200
@@ -23,7 +23,9 @@
SHOW_RDRS,
SHOW_RELAYS,
SHOW_SESSIONS,
+#ifndef __FreeBSD__
SHOW_ROUTERS,
+#endif
RDR_DISABLE,
RDR_ENABLE,
TABLE_DISABLE,

17
net/relayd/files/patch-relayctl-relayctl.8 Normal file
View File

@ -0,0 +1,17 @@
--- relayctl/relayctl.8.orig 2011-05-19 10:56:49.000000000 +0200
+++ relayctl/relayctl.8 2011-05-22 10:43:42.420854658 +0200
@@ -78,13 +78,10 @@
Show detailed status of relays including the current and average
access statistics.
The statistics will be updated every minute.
-.It Cm show routers
-Show detailed status of routers including the configured network
-routes.
.It Cm show sessions
Dump the complete list of running relay sessions.
.It Cm show summary
-Display a list of all relays, redirections, routers, tables, and hosts.
+Display a list of all relays, redirections, tables, and hosts.
.It Cm table disable Op Ar name | id
Disable a table.
Consider all hosts disabled.

132
net/relayd/files/patch-relayctl-relayctl.c
View File

@ -1,61 +1,83 @@
--- relayctl/relayctl.c.orig 2010-05-31 09:31:42.351734730 +0200
+++ relayctl/relayctl.c 2010-05-31 09:31:34.629284461 +0200
@@ -86,6 +86,7 @@
};
--- relayctl/relayctl.c.orig 2011-05-20 11:43:53.000000000 +0200
+++ relayctl/relayctl.c 2011-05-22 11:19:50.925707539 +0200
@@ -20,6 +20,9 @@
*/
struct imsgbuf *ibuf;
+int error = 0;
__dead void
usage(void)
@@ -104,7 +105,7 @@
struct imsg imsg;
int ctl_sock;
int done = 0;
- int n;
+ int n, verbose = 0;
/* parse options */
if ((res = parse(argc - 1, argv + 1)) == NULL)
@@ -185,6 +186,15 @@
case MONITOR:
imsg_compose(ibuf, IMSG_CTL_NOTIFY, 0, 0, -1, NULL, 0);
break;
+ case LOG_VERBOSE:
+ verbose = 2;
+ /* FALLTHROUGH */
+ case LOG_BRIEF:
+ imsg_compose(ibuf, IMSG_CTL_LOG_VERBOSE, 0, 0, -1,
+ &verbose, sizeof(verbose));
+ printf("logging request sent.\n");
+ done = 1;
+ break;
}
while (ibuf->w.queued)
@@ -224,6 +234,8 @@
done = show_command_output(&imsg);
#include <sys/types.h>
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#endif
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/un.h>
@@ -141,7 +144,9 @@
case SHOW_HOSTS:
case SHOW_RDRS:
case SHOW_RELAYS:
+#ifndef __FreeBSD__
case SHOW_ROUTERS:
+#endif
imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0);
printf("%-4s\t%-8s\t%-24s\t%-7s\tStatus\n",
"Id", "Type", "Name", "Avlblty");
@@ -222,7 +227,9 @@
case SHOW_HOSTS:
case SHOW_RDRS:
case SHOW_RELAYS:
+#ifndef __FreeBSD__
case SHOW_ROUTERS:
+#endif
done = show_summary_msg(&imsg, res->action);
break;
case NONE:
+ case LOG_VERBOSE:
+ case LOG_BRIEF:
break;
case MONITOR:
done = monitor(&imsg);
@@ -235,7 +247,7 @@
close(ctl_sock);
free(ibuf);
case SHOW_SESSIONS:
@@ -312,7 +319,11 @@
imn = monitor_lookup(imsg->hdr.type);
printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
+#ifdef __FreeBSD__
+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
+#else
printf("\ttimestamp: %u, %s", now, ctime(&now));
+#endif
if (imn->type == -1)
done = 1;
if (imn->func != NULL)
@@ -328,8 +339,10 @@
struct table *table;
struct host *host;
struct relay *rlay;
+#ifndef __FreeBSD__
struct router *rt;
struct netroute *nr;
+#endif
struct ctl_stats stats[RELAY_MAXPROC];
char name[MAXHOSTNAMELEN];
- return (0);
+ return (error ? 1 : 0);
}
struct imsgname *
@@ -431,6 +443,7 @@
@@ -394,6 +407,7 @@
bcopy(imsg->data, &stats, sizeof(stats));
print_statistics(stats);
break;
case IMSG_CTL_FAIL:
printf("command failed\n");
+ error++;
+#ifndef __FreeBSD__
case IMSG_CTL_ROUTER:
if (!(type == SHOW_SUM || type == SHOW_ROUTERS))
break;
@@ -416,6 +430,7 @@
printf("\t%8s\troute: %s/%d\n",
"", name, nr->nr_conf.prefixlen);
break;
+#endif
case IMSG_CTL_END:
return (1);
default:
errx(1, "wrong message in summary: %u", imsg->hdr.type);
@@ -557,7 +572,11 @@
printf("\t%8s\ttotal: %llu sessions\n"
"\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
"\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
+#ifdef __FreeBSD__
+ "", (long long unsigned)crs.cnt,
+#else
"", crs.cnt,
+#endif
"", crs.last, crs.interval,
crs.last_hour, crs.last_day,
"", crs.avg, crs.interval,

10
net/relayd/files/patch-relayd-carp.c Normal file
View File

@ -0,0 +1,10 @@
--- relayd.orig/carp.c 2011-05-22 01:06:39.463154237 +0200
+++ relayd/carp.c 2011-05-22 01:06:54.671017027 +0200
@@ -19,6 +19,7 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
+#include <sys/queue.h>
#include <net/if.h>

11
net/relayd/files/patch-relayd-check_icmp.c
View File

@ -1,11 +0,0 @@
--- relayd/check_icmp.c.orig 2009-08-07 13:32:54.000000000 +0200
+++ relayd/check_icmp.c 2010-05-27 11:22:12.631744485 +0200
@@ -150,7 +150,7 @@
if (((struct sockaddr *)&host->conf.ss)->sa_family !=
cie->af)
continue;
- if (!(host->flags & F_CHECK_DONE)) {
+ if (!(host->flags & (F_CHECK_DONE|F_DISABLE))) {
host->up = HOST_DOWN;
hce_notify_done(host, he);
}

94
net/relayd/files/patch-relayd-check_tcp.c
View File

@ -1,47 +1,59 @@
--- relayd/check_tcp.c.orig 2011-01-15 00:27:09.011450590 +0100
+++ relayd/check_tcp.c 2011-01-15 00:42:05.271822942 +0100
@@ -50,11 +50,10 @@
check_tcp(struct ctl_tcp_event *cte)
{
int s;
- int type;
socklen_t len;
struct timeval tv;
struct linger lng;
- int he = HCE_TCP_CONNECT_ERROR;
+ int he = HCE_TCP_SOCKET_OPTION;
--- relayd.orig/check_tcp.c 2011-05-22 01:06:39.463154237 +0200
+++ relayd/check_tcp.c 2011-05-22 01:06:54.673025092 +0200
@@ -31,7 +31,7 @@
#include <stdlib.h>
#include <errno.h>
#include <fnmatch.h>
-#include <sha1.h>
+#include <sha.h>
switch (cte->host->conf.ss.ss_family) {
case AF_INET:
@@ -69,17 +68,18 @@
#include <openssl/ssl.h>
len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len;
@@ -287,7 +287,11 @@
if (b == NULL)
fatal("out of memory");
*b = '\0';
+#ifndef __FreeBSD__
if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
+#else
+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
+#endif
cte->host->he = HCE_SEND_EXPECT_OK;
cte->host->up = HOST_UP;
return (0);
@@ -320,7 +324,11 @@
fatal("out of memory");
*b = '\0';
- if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1)
+ if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) {
+ if (errno == EMFILE || errno == ENFILE)
+ he = HCE_TCP_SOCKET_LIMIT;
+ else
+ he = HCE_TCP_SOCKET_ERROR;
goto bad;
+ }
+#ifndef __FreeBSD__
head = cte->buf->buf;
+#else
+ head = (char *)cte->buf->buf;
+#endif
host = cte->host;
host->he = HCE_HTTP_CODE_ERROR;
bzero(&lng, sizeof(lng));
if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
goto bad;
@@ -372,7 +380,11 @@
fatal("out of memory");
*b = '\0';
- type = 1;
- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &type, sizeof(type)) == -1)
- goto bad;
-
if (cte->host->conf.ttl > 0) {
if (setsockopt(s, IPPROTO_IP, IP_TTL,
&cte->host->conf.ttl, sizeof(int)) == -1)
@@ -99,6 +99,7 @@
+#ifndef __FreeBSD__
head = cte->buf->buf;
+#else
+ head = (char *)cte->buf->buf;
+#endif
host = cte->host;
host->he = HCE_HTTP_DIGEST_ERROR;
cte->buf = NULL;
cte->host->up = HOST_UP;
+ event_del(&cte->ev);
event_set(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_write, cte);
event_add(&cte->ev, &tv);
return;
@@ -384,7 +396,11 @@
}
head += strlen("\r\n\r\n");
+#ifndef __FreeBSD__
digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
+#else
+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
+#endif
if (strcmp(cte->table->conf.digest, digest)) {
log_warnx("%s: %s failed (wrong digest)",

62
net/relayd/files/patch-relayd-config.c Normal file
View File

@ -0,0 +1,62 @@
--- relayd.orig/config.c 2011-05-22 01:06:39.463154237 +0200
+++ relayd/config.c 2011-05-22 01:18:41.041076104 +0200
@@ -118,6 +118,7 @@
RB_INIT(&env->sc_proto_default.request_tree);
RB_INIT(&env->sc_proto_default.response_tree);
}
+#ifndef __FreeBSD__
if (what & CONFIG_RTS) {
if ((env->sc_rts =
calloc(1, sizeof(*env->sc_rts))) == NULL)
@@ -130,7 +131,7 @@
return (-1);
TAILQ_INIT(env->sc_routes);
}
-
+#endif
return (0);
}
@@ -143,8 +144,10 @@
struct address *virt;
struct protocol *proto;
struct relay *rlay;
+#ifndef __FreeBSD__
struct netroute *nr;
struct router *rt;
+#endif
u_int what;
what = ps->ps_what[privsep_process] & reset;
@@ -181,6 +184,7 @@
}
env->sc_protocount = 0;
}
+#ifndef __FreeBSD__
if (what & CONFIG_RTS && env->sc_rts != NULL) {
while ((rt = TAILQ_FIRST(env->sc_rts)) != NULL) {
TAILQ_REMOVE(env->sc_rts, rt, rt_entry);
@@ -203,6 +207,7 @@
}
env->sc_routecount = 0;
}
+#endif
}
int
@@ -476,6 +481,7 @@
return (0);
}
+#ifndef __FreeBSD__
int
config_setrt(struct relayd *env, struct router *rt)
{
@@ -570,6 +576,7 @@
return (0);
}
+#endif
int
config_setproto(struct relayd *env, struct protocol *proto)

49
net/relayd/files/patch-relayd-control.c
View File

@ -1,49 +0,0 @@
--- relayd/control.c.orig 2010-05-31 09:31:24.548916055 +0000
+++ relayd/control.c 2010-05-31 09:31:09.036333394 +0000
@@ -136,13 +136,13 @@
if ((connfd = accept(listenfd,
(struct sockaddr *)&sun, &len)) == -1) {
if (errno != EWOULDBLOCK && errno != EINTR)
- log_warn("control_accept");
+ log_warn("control_accept: accept");
return;
}
session_socket_blockmode(connfd, BM_NONBLOCK);
- if ((c = malloc(sizeof(struct ctl_conn))) == NULL) {
+ if ((c = calloc(1, sizeof(struct ctl_conn))) == NULL) {
close(connfd);
log_warn("control_accept");
return;
@@ -196,6 +196,7 @@
struct imsg imsg;
struct ctl_id id;
int n;
+ int verbose;
struct relayd *env = arg;
if ((c = control_connbyfd(fd)) == NULL) {
@@ -356,6 +357,22 @@
}
c->flags |= CTL_CONN_NOTIFY;
break;
+ case IMSG_CTL_LOG_VERBOSE:
+ if (imsg.hdr.len != IMSG_HEADER_SIZE +
+ sizeof(verbose))
+ break;
+
+ memcpy(&verbose, imsg.data, sizeof(verbose));
+
+ imsg_compose_event(iev_hce, IMSG_CTL_LOG_VERBOSE,
+ 0, 0, -1, &verbose, sizeof(verbose));
+ imsg_compose_event(iev_main, IMSG_CTL_LOG_VERBOSE,
+ 0, 0, -1, &verbose, sizeof(verbose));
+ memcpy(imsg.data, &verbose, sizeof(verbose));
+ control_imsg_forward(&imsg);
+
+ log_verbose(verbose);
+ break;
default:
log_debug("control_dispatch_imsg: "
"error handling imsg %d", imsg.hdr.type);

103
net/relayd/files/patch-relayd-hce.c
View File

@ -1,76 +1,35 @@
--- relayd/hce.c.orig 2011-01-15 00:27:09.012456298 +0100
+++ relayd/hce.c 2011-01-15 00:40:15.058397878 +0100
@@ -62,6 +62,11 @@
case SIGTERM:
hce_shutdown();
break;
+ case SIGCHLD:
+ case SIGHUP:
+ case SIGPIPE:
+ /* ignore */
+ break;
default:
fatalx("hce_sig_handler: unexpected signal");
--- relayd.orig/hce.c 2011-05-22 01:06:39.461146172 +0200
+++ relayd/hce.c 2011-05-22 01:08:01.230992828 +0200
@@ -80,7 +80,9 @@
/* Allow maximum available sockets for TCP checks */
socket_rlimit(-1);
+#ifndef __FreeBSD__
snmp_init(env, PROC_PARENT);
+#endif
}
void
@@ -263,8 +265,10 @@
print_availability(host->check_cnt, host->up_cnt));
}
@@ -75,8 +80,6 @@
pid_t pid;
struct passwd *pw;
int i;
- struct event ev_sigint;
- struct event ev_sigterm;
switch (pid = fork()) {
case -1:
@@ -117,6 +120,9 @@
+#ifndef __FreeBSD__
if (host->last_up != host->up)
snmp_hosttrap(env, table, host);
+#endif
event_init();
host->last_up = host->up;
+ /* Allow maximum available sockets for TCP checks */
+ socket_rlimit(-1);
+
if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL ||
(iev_main = calloc(1, sizeof(struct imsgev))) == NULL)
fatal("hce");
@@ -135,12 +141,17 @@
iev_main->handler, iev_main);
event_add(&iev_main->ev, NULL);
- signal_set(&ev_sigint, SIGINT, hce_sig_handler, NULL);
- signal_set(&ev_sigterm, SIGTERM, hce_sig_handler, NULL);
- signal_add(&ev_sigint, NULL);
- signal_add(&ev_sigterm, NULL);
- signal(SIGPIPE, SIG_IGN);
- signal(SIGHUP, SIG_IGN);
+ signal_set(&env->sc_evsigint, SIGINT, hce_sig_handler, env);
+ signal_set(&env->sc_evsigterm, SIGTERM, hce_sig_handler, env);
+ signal_set(&env->sc_evsigchld, SIGCHLD, hce_sig_handler, env);
+ signal_set(&env->sc_evsighup, SIGHUP, hce_sig_handler, env);
+ signal_set(&env->sc_evsigpipe, SIGPIPE, hce_sig_handler, env);
+
+ signal_add(&env->sc_evsigint, NULL);
+ signal_add(&env->sc_evsigterm, NULL);
+ signal_add(&env->sc_evsigchld, NULL);
+ signal_add(&env->sc_evsighup, NULL);
+ signal_add(&env->sc_evsigpipe, NULL);
/* setup pipes */
close(pipe_pfe2hce[1]);
@@ -370,6 +381,7 @@
objid_t id;
struct host *host;
struct table *table;
+ int verbose;
iev = ptr;
ibuf = &iev->ibuf;
@@ -437,6 +449,10 @@
table->skipped = 0;
hce_launch_checks(-1, EV_TIMEOUT, env);
break;
+ case IMSG_CTL_LOG_VERBOSE:
+ memcpy(&verbose, imsg.data, sizeof(verbose));
+ log_verbose(verbose);
+ break;
default:
log_debug("hce_dispatch_msg: unexpected imsg %d",
imsg.hdr.type);
@@ -350,9 +354,11 @@
case IMSG_CFG_HOST:
config_gethost(env, imsg);
break;
+#ifndef __FreeBSD__
case IMSG_SNMPSOCK:
snmp_getsock(env, imsg);
break;
+#endif
case IMSG_CFG_DONE:
config_getcfg(env, imsg);
hce_setup_events();

70
net/relayd/files/patch-relayd-log.c
View File

@ -1,58 +1,14 @@
--- relayd/log.c.orig 2011-01-15 00:27:09.012456298 +0100
+++ relayd/log.c 2011-01-15 00:39:01.553947279 +0100
@@ -45,6 +45,7 @@
#include "relayd.h"
--- relayd.orig/log.c 2011-05-22 01:06:39.461146172 +0200
+++ relayd/log.c 2011-05-22 01:06:54.680052759 +0200
@@ -16,7 +16,11 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
int debug;
+int verbose;
void vlog(int, const char *, va_list);
void logit(int, const char *, ...);
@@ -55,6 +56,7 @@
extern char *__progname;
debug = n_debug;
+ verbose = n_debug;
if (!debug)
openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
@@ -63,6 +65,12 @@
}
void
+log_verbose(int v)
+{
+ verbose = v;
+}
+
+void
logit(int pri, const char *fmt, ...)
{
va_list ap;
@@ -141,7 +149,7 @@
{
va_list ap;
- if (debug > 1) {
+ if (verbose > 1) {
va_start(ap, emsg);
vlog(LOG_DEBUG, emsg, ap);
va_end(ap);
@@ -192,9 +200,15 @@
case HCE_ICMP_WRITE_TIMEOUT:
return ("icmp write timeout");
break;
- case HCE_TCP_CONNECT_ERROR:
- return ("tcp connect error");
+ case HCE_TCP_SOCKET_ERROR:
+ return ("tcp socket error");
+ break;
+ case HCE_TCP_SOCKET_LIMIT:
+ return ("tcp socket limit");
break;
+ case HCE_TCP_SOCKET_OPTION:
+ return ("tcp socket option");
+ break;
case HCE_TCP_CONNECT_FAIL:
return ("tcp connect failed");
break;
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/tree.h>

263
net/relayd/files/patch-relayd-parse.y
View File

@ -1,14 +1,249 @@
--- relayd/parse.y.orig 2010-05-31 09:00:51.007686324 +0200
+++ relayd/parse.y 2010-05-31 09:00:42.736791085 +0200
@@ -2003,6 +2006,11 @@
bzero(&conf->sc_proto_default, sizeof(conf->sc_proto_default));
conf->sc_proto_default.flags = F_USED;
conf->sc_proto_default.cache = RELAY_CACHESIZE;
+ conf->sc_proto_default.tcpflags = TCPFLAG_DEFAULT;
+ conf->sc_proto_default.tcpbacklog = RELAY_BACKLOG;
+ conf->sc_proto_default.sslflags = SSLFLAG_DEFAULT;
+ (void)strlcpy(conf->sc_proto_default.sslciphers, SSLCIPHERS_DEFAULT,
+ sizeof(conf->sc_proto_default.sslciphers));
conf->sc_proto_default.type = RELAY_PROTO_TCP;
(void)strlcpy(conf->sc_proto_default.name, "default",
sizeof(conf->sc_proto_default.name));
--- relayd.orig/parse.y 2011-05-22 01:06:39.462150204 +0200
+++ relayd/parse.y 2011-05-22 01:06:54.687080706 +0200
@@ -35,7 +35,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
-#include <net/route.h>
+// FreeBSD #include <net/route.h>
#include <ctype.h>
#include <unistd.h>
@@ -93,8 +93,10 @@
objid_t last_host_id = 0;
objid_t last_relay_id = 0;
objid_t last_proto_id = 0;
+/* FreeBSD exclude
objid_t last_rt_id = 0;
objid_t last_nr_id = 0;
+*/
static struct rdr *rdr = NULL;
static struct table *table = NULL;
@@ -103,7 +105,9 @@
struct relaylist relays;
static struct protocol *proto = NULL;
static struct protonode node;
+/* FreeBSD exclude
static struct router *router = NULL;
+*/
static u_int16_t label = 0;
static in_port_t tableport = 0;
static int nodedirection;
@@ -148,12 +152,20 @@
%token CIPHERS CODE COOKIE DEMOTE DIGEST DISABLE ERROR EXPECT
%token EXTERNAL FILENAME FILTER FORWARD FROM HASH HEADER HOST ICMP
%token INCLUDE INET INET6 INTERFACE INTERVAL IP LABEL LISTEN
-%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
-%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
+// FreeBSD exclude %token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
+%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO
+// FreeBSD exclude %token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
+%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PROTO
%token QUERYSTR REAL REDIRECT RELAY REMOVE REQUEST RESPONSE RETRY
%token RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SOCKET SPLICE
+/* FreeBSD exclude
%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ROUTER RTLABEL
%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH
+*/
+// Start FreeBSD include
+%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO
+%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL
+// End FreeBSD include
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.string> hostname interface table
@@ -179,7 +191,7 @@
| grammar tabledef '\n'
| grammar relay '\n'
| grammar proto '\n'
- | grammar router '\n'
+// FreeBSD | grammar router '\n'
| grammar error '\n' { file->errors++; }
;
@@ -363,6 +375,7 @@
}
conf->sc_prefork_relay = $2;
}
+/* FreeBSD exclude
| DEMOTE STRING {
if (loadcfg)
break;
@@ -386,6 +399,7 @@
break;
conf->sc_flags |= F_TRAP;
}
+*/
;
loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
@@ -658,6 +672,7 @@
bcopy(&$2, &table->conf.timeout,
sizeof(struct timeval));
}
+/* FreeBSD exclude
| DEMOTE STRING {
table->conf.flags |= F_DEMOTE;
if (strlcpy(table->conf.demote_group, $2,
@@ -675,6 +690,7 @@
YYERROR;
}
}
+*/
| INTERVAL NUMBER {
if ($2 < conf->sc_interval.tv_sec ||
$2 % conf->sc_interval.tv_sec) {
@@ -1261,6 +1277,8 @@
rlay->rl_conf.name);
YYERROR;
}
+ if ((rlay->rl_conf.flags & F_NATLOOK) == 0 &&
+/* FreeBSD exclude
if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) ==
(F_NATLOOK|F_DIVERT)) {
yyerror("relay %s with conflicting nat lookup "
@@ -1268,6 +1286,7 @@
YYERROR;
}
if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) == 0 &&
+*/
rlay->rl_conf.dstss.ss_family == AF_UNSPEC &&
rlay->rl_conf.dsttable == EMPTY_ID) {
yyerror("relay %s has no target, rdr, "
@@ -1430,11 +1449,13 @@
rlay->rl_conf.flags |= F_NATLOOK;
rlay->rl_conf.dstretry = $3;
}
+/* FreeBSD exclude
| DESTINATION retry {
conf->sc_flags |= F_NEEDPF;
rlay->rl_conf.flags |= F_DIVERT;
rlay->rl_conf.dstretry = $2;
}
+*/
| tablespec {
if (rlay->rl_backuptable) {
yyerror("only one backup table is allowed");
@@ -1459,6 +1480,7 @@
| HASH { $$ = RELAY_DSTMODE_HASH; }
;
+/* FreeBSD exclude
router : ROUTER STRING {
struct router *rt = NULL;
@@ -1594,7 +1616,7 @@
| DISABLE { rlay->rl_conf.flags |= F_DISABLE; }
| include
;
-
+*/
dstaf : /* empty */ {
rlay->rl_conf.dstaf.ss_family = AF_UNSPEC;
}
@@ -1670,6 +1692,7 @@
}
hst->conf.parentid = $2;
}
+/* FreeBSD exclude
| PRIORITY NUMBER {
if (hst->conf.priority) {
yyerror("priority already set");
@@ -1681,6 +1704,7 @@
}
hst->conf.priority = $2;
}
+*/
| IP TTL NUMBER {
if (hst->conf.ttl) {
yyerror("ttl value already set");
@@ -1794,8 +1818,10 @@
{ "ciphers", CIPHERS },
{ "code", CODE },
{ "cookie", COOKIE },
+/* FreeBSD exclude
{ "demote", DEMOTE },
{ "destination", DESTINATION },
+*/
{ "digest", DIGEST },
{ "disable", DISABLE },
{ "error", ERROR },
@@ -1833,7 +1859,7 @@
{ "path", PATH },
{ "port", PORT },
{ "prefork", PREFORK },
- { "priority", PRIORITY },
+// FreeBSD { "priority", PRIORITY },
{ "protocol", PROTO },
{ "query", QUERYSTR },
{ "real", REAL },
@@ -1846,9 +1872,11 @@
{ "return", RETURN },
{ "roundrobin", ROUNDROBIN },
{ "route", ROUTE },
+/* FreeBSD exclude
{ "router", ROUTER },
{ "rtable", RTABLE },
{ "rtlabel", RTLABEL },
+*/
{ "sack", SACK },
{ "script", SCRIPT },
{ "send", SEND },
@@ -1864,7 +1892,7 @@
{ "timeout", TIMEOUT },
{ "to", TO },
{ "transparent", TRANSPARENT },
- { "trap", TRAP },
+// FreeBSD { "trap", TRAP },
{ "ttl", TTL },
{ "updates", UPDATES },
{ "url", URL },
@@ -2096,7 +2124,8 @@
(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
x != '{' && x != '}' && x != '<' && x != '>' && \
x != '!' && x != '=' && x != '#' && \
- x != ',' && x != '/'))
+ x != ','))
+// FreeBSD exclude x != ',' && x != '/'))
if (isalnum(c) || c == ':' || c == '_') {
do {
@@ -2240,13 +2269,14 @@
loadcfg = 1;
errors = 0;
last_host_id = last_table_id = last_rdr_id = last_proto_id =
- last_relay_id = last_rt_id = last_nr_id = 0;
+// FreeBSD last_relay_id = last_rt_id = last_nr_id = 0;
+ last_relay_id = 0;
rdr = NULL;
table = NULL;
rlay = NULL;
proto = NULL;
- router = NULL;
+// FreeBSD router = NULL;
if ((file = pushfile(filename, 0)) == NULL)
return (-1);
@@ -2276,8 +2306,8 @@
}
if (TAILQ_EMPTY(conf->sc_rdrs) &&
- TAILQ_EMPTY(conf->sc_relays) &&
- TAILQ_EMPTY(conf->sc_rts)) {
+ TAILQ_EMPTY(conf->sc_relays) /* FreeBSD exclude &&
+ TAILQ_EMPTY(conf->sc_rts) */ ) {
log_warnx("no actions, nothing to do");
errors++;
}
@@ -2493,7 +2523,8 @@
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
error = getaddrinfo(s, NULL, &hints, &res0);
- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
+ if (error == EAI_AGAIN || error == EAI_NONAME)
return (0);
if (error) {
log_warnx("%s: could not parse \"%s\": %s", __func__, s,

144
net/relayd/files/patch-relayd-pfe.c
View File

@ -1,47 +1,109 @@
--- relayd/pfe.c.orig 2010-05-31 09:07:56.755288041 +0200
+++ relayd/pfe.c 2010-05-31 09:07:52.006100566 +0200
@@ -62,6 +62,11 @@
case SIGTERM:
pfe_shutdown();
--- relayd.orig/pfe.c 2011-05-22 01:06:39.464157989 +0200
+++ relayd/pfe.c 2011-05-22 01:09:30.589288807 +0200
@@ -17,6 +17,9 @@
*/
#include <sys/param.h>
+#ifdef __FreeBSD__
+#include <sys/queue.h>
+#endif
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
@@ -185,12 +188,14 @@
case IMSG_CFG_VIRT:
config_getvirt(env, imsg);
break;
+ case SIGCHLD:
+ case SIGHUP:
+ case SIGPIPE:
+ /* ignore */
+ break;
default:
fatalx("pfe_sig_handler: unexpected signal");
+#ifndef __FreeBSD__
case IMSG_CFG_ROUTER:
config_getrt(env, imsg);
break;
case IMSG_CFG_ROUTE:
config_getroute(env, imsg);
break;
+#endif
case IMSG_CFG_PROTO:
config_getproto(env, imsg);
break;
@@ -292,8 +297,10 @@
struct rdr *rdr;
struct host *host;
struct relay *rlay;
+#ifndef __FreeBSD__
struct router *rt;
struct netroute *nr;
+#endif
if (env->sc_rdrs == NULL)
goto relays;
@@ -324,7 +331,11 @@
}
relays:
if (env->sc_relays == NULL)
+#ifndef __FreeBSD__
goto routers;
+#else
+ goto end;
+#endif
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
rlay->rl_stats[env->sc_prefork_relay].id = EMPTY_ID;
imsg_compose_event(&c->iev, IMSG_CTL_RELAY, 0, 0, -1,
@@ -351,6 +362,7 @@
0, 0, -1, host, sizeof(*host));
}
@@ -74,8 +79,6 @@
{
pid_t pid;
struct passwd *pw;
- struct event ev_sigint;
- struct event ev_sigterm;
int i;
size_t size;
@@ -121,12 +124,17 @@
+#ifndef __FreeBSD__
routers:
if (env->sc_rts == NULL)
goto end;
@@ -370,6 +382,7 @@
imsg_compose_event(&c->iev, IMSG_CTL_HOST,
0, 0, -1, host, sizeof(*host));
}
+#endif
event_init();
end:
imsg_compose_event(&c->iev, IMSG_CTL_END, 0, 0, -1, NULL, 0);
@@ -622,8 +635,10 @@
struct table *table;
struct ctl_id id;
struct imsg imsg;
+#ifndef __FreeBSD__
struct ctl_demote demote;
struct router *rt;
+#endif
- signal_set(&ev_sigint, SIGINT, pfe_sig_handler, NULL);
- signal_set(&ev_sigterm, SIGTERM, pfe_sig_handler, NULL);
- signal_add(&ev_sigint, NULL);
- signal_add(&ev_sigterm, NULL);
- signal(SIGPIPE, SIG_IGN);
- signal(SIGHUP, SIG_IGN);
+ signal_set(&env->sc_evsigint, SIGINT, pfe_sig_handler, env);
+ signal_set(&env->sc_evsigterm, SIGTERM, pfe_sig_handler, env);
+ signal_set(&env->sc_evsigchld, SIGCHLD, pfe_sig_handler, env);
+ signal_set(&env->sc_evsighup, SIGHUP, pfe_sig_handler, env);
+ signal_set(&env->sc_evsigpipe, SIGPIPE, pfe_sig_handler, env);
+
+ signal_add(&env->sc_evsigint, NULL);
+ signal_add(&env->sc_evsigterm, NULL);
+ signal_add(&env->sc_evsigchld, NULL);
+ signal_add(&env->sc_evsighup, NULL);
+ signal_add(&env->sc_evsigpipe, NULL);
bzero(&id, sizeof(id));
bzero(&imsg, sizeof(imsg));
@@ -678,6 +693,7 @@
}
}
+#ifndef __FreeBSD__
TAILQ_FOREACH(rt, env->sc_rts, rt_entry) {
rt->rt_conf.flags &= ~(F_BACKUP);
rt->rt_conf.flags &= ~(F_DOWN);
@@ -685,6 +701,7 @@
if ((rt->rt_gwtable->conf.flags & F_CHANGED))
sync_routes(env, rt);
}
+#endif
TAILQ_FOREACH(table, env->sc_tables, entry) {
if (table->conf.check == CHECK_NOCHECK)
@@ -695,6 +712,7 @@
*/
table->conf.flags &= ~(F_CHANGED);
+#ifndef __FreeBSD__
/*
* handle demotion.
*/
@@ -717,6 +735,7 @@
sizeof(demote.group));
proc_compose_imsg(env->sc_ps, PROC_PARENT, -1, IMSG_DEMOTE, -1,
&demote, sizeof(demote));
+#endif
}
}
/* setup pipes */
close(pipe_pfe2hce[0]);

284
net/relayd/files/patch-relayd-pfe_filter.c Normal file
View File

@ -0,0 +1,284 @@
--- relayd/pfe_filter.c.orig 2011-05-19 10:56:49.000000000 +0200
+++ relayd/pfe_filter.c 2011-05-22 10:32:36.639918375 +0200
@@ -24,7 +24,10 @@
#include <net/if.h>
#include <net/pfvar.h>
#include <netinet/in.h>
+#ifndef __FreeBSD__
+/* New pf */
#include <netinet/tcp.h>
+#endif
#include <arpa/inet.h>
#include <limits.h>
@@ -43,8 +46,14 @@
struct pfdata {
int dev;
struct pf_anchor *anchor;
+#ifndef __FreeBSD__
struct pfioc_trans pft;
struct pfioc_trans_e pfte;
+#else
+ /* Old pf */
+ struct pfioc_trans pft[PF_RULESET_MAX];
+ struct pfioc_trans_e pfte[PF_RULESET_MAX];
+#endif
u_int8_t pfused;
};
@@ -103,6 +112,10 @@
sizeof(tables[i].pfrt_name))
goto toolong;
tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
+#ifdef __FreeBSD__
+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
+ tables[i].pfrt_anchor, tables[i].pfrt_name);
+#endif
i++;
}
if (i != env->sc_rdrcount)
@@ -286,12 +299,18 @@
}
psnk.psnk_af = host->conf.ss.ss_family;
+#ifndef __FreeBSD__
psnk.psnk_killed = 0;
+#endif
if (ioctl(env->sc_pf->dev,
DIOCKILLSRCNODES, &psnk) == -1)
fatal("kill_srcnodes: cannot kill src nodes");
+#ifndef __FreeBSD__
cnt += psnk.psnk_killed;
+#else
+ cnt += psnk.psnk_af;
+#endif
}
return (cnt);
@@ -335,6 +354,7 @@
int
transaction_init(struct relayd *env, const char *anchor)
{
+#ifndef __FreeBSD__
env->sc_pf->pft.size = 1;
env->sc_pf->pft.esize = sizeof(env->sc_pf->pfte);
env->sc_pf->pft.array = &env->sc_pf->pfte;
@@ -347,17 +367,45 @@
if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
&env->sc_pf->pft) == -1)
return (-1);
+#else
+ /* Old pf */
+ int i;
+
+ for (i = 0; i < PF_RULESET_MAX; i++) {
+ env->sc_pf->pft[i].size = 1;
+ env->sc_pf->pft[i].esize = sizeof(env->sc_pf->pfte[i]);
+ env->sc_pf->pft[i].array = &env->sc_pf->pfte[i];
+
+ bzero(&env->sc_pf->pfte[i], sizeof(env->sc_pf->pfte[i]));
+ (void)strlcpy(env->sc_pf->pfte[i].anchor,
+ anchor, PF_ANCHOR_NAME_SIZE);
+ env->sc_pf->pfte[i].rs_num = i;
+ if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
+ &env->sc_pf->pft[i]) == -1)
+ return (-1);
+ }
+#endif
return (0);
}
int
transaction_commit(struct relayd *env)
{
+#ifndef __FreeBSD__
if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
&env->sc_pf->pft) == -1)
return (-1);
-
+#else
+ /* Old pf */
+ int i;
+
+ for (i = 0; i < PF_RULESET_MAX; i++) {
+ if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
+ &env->sc_pf->pft[i]) == -1)
+ return (-1);
+ }
+#endif
return (0);
}
@@ -365,10 +413,18 @@
sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
{
struct pfioc_rule rio;
+#ifdef __FreeBSD__
+ /* Old pf */
+ struct pfioc_pooladdr pio;
+#endif
struct sockaddr_in *sain;
struct sockaddr_in6 *sain6;
struct address *address;
char anchor[PF_ANCHOR_NAME_SIZE];
+#ifdef __FreeBSD__
+ /* Old pf */
+ int rs = 0;
+#endif
struct table *t = rdr->table;
if ((env->sc_flags & F_NEEDPF) == 0)
@@ -397,8 +453,14 @@
TAILQ_FOREACH(address, &rdr->virts, entry) {
memset(&rio, 0, sizeof(rio));
+#ifdef __FreeBSD__
+ /* Old pf */
+ memset(&pio, 0, sizeof(pio));
+#endif
(void)strlcpy(rio.anchor, anchor, sizeof(rio.anchor));
+#ifndef __FreeBSD__
+ /* New pf */
if (rdr->conf.flags & F_MATCH) {
rio.rule.action = PF_MATCH;
rio.rule.quick = 0;
@@ -409,28 +471,61 @@
rio.rule.direction = PF_IN;
rio.rule.keep_state = PF_STATE_NORMAL;
+#endif
switch (t->conf.fwdmode) {
case FWD_NORMAL:
+#ifndef __FreeBSD__
/* traditional redirection */
if (address->ipproto == IPPROTO_TCP) {
rio.rule.flags = TH_SYN;
rio.rule.flagset = (TH_SYN|TH_ACK);
}
+#else
+ /* Old pf */
+ /* traditional redirection in the rdr-anchor */
+ rs = PF_RULESET_RDR;
+ rio.rule.action = PF_RDR;
+#endif
break;
case FWD_ROUTE:
/* re-route with pf for DSR (direct server return) */
+#ifdef __FreeBSD__
+ /* Old pf */
+ rs = PF_RULESET_FILTER;
+ rio.rule.action = PF_PASS;
+#endif
rio.rule.rt = PF_ROUTETO;
+#ifdef __FreeBSD__
+ /* Old pf */
+ rio.rule.direction = PF_IN;
+ rio.rule.quick = 1; /* force first match */
+#endif
/* Use sloppy state handling for half connections */
+#ifdef __FreeBSD__
+ /* Old pf */
+ rio.rule.keep_state = PF_STATE_NORMAL;
+#endif
+#ifdef PFRULE_STATESLOPPY
rio.rule.rule_flag = PFRULE_STATESLOPPY;
+#endif
break;
default:
fatalx("sync_ruleset: invalid forward mode");
/* NOTREACHED */
}
+#ifndef __FreeBSD__
rio.ticket = env->sc_pf->pfte.ticket;
+#else
+ /* Old pf */
+ rio.ticket = env->sc_pf->pfte[rs].ticket;
+ if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1)
+ fatal("sync_ruleset: cannot initialise address pool");
+
+ rio.pool_ticket = pio.ticket;
+#endif
rio.rule.af = address->ss.ss_family;
rio.rule.proto = address->ipproto;
rio.rule.src.addr.type = PF_ADDR_ADDRMASK;
@@ -438,7 +533,9 @@
rio.rule.dst.port_op = address->port.op;
rio.rule.dst.port[0] = address->port.val[0];
rio.rule.dst.port[1] = address->port.val[1];
+#ifndef __FreeBSD__
rio.rule.rtableid = -1; /* stay in the main routing table */
+#endif
if (rio.rule.proto == IPPROTO_TCP)
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
@@ -466,18 +563,36 @@
memset(&rio.rule.dst.addr.v.a.mask.addr8, 0xff, 16);
}
+#ifndef __FreeBSD__
rio.rule.nat.addr.type = PF_ADDR_NONE;
rio.rule.rdr.addr.type = PF_ADDR_TABLE;
+#else
+ /* Old pf */
+ pio.addr.addr.type = PF_ADDR_TABLE;
+#endif
if (strlen(t->conf.ifname))
+#ifndef __FreeBSD__
(void)strlcpy(rio.rule.rdr.ifname, t->conf.ifname,
sizeof(rio.rule.rdr.ifname));
if (strlcpy(rio.rule.rdr.addr.v.tblname, rdr->conf.name,
sizeof(rio.rule.rdr.addr.v.tblname)) >=
sizeof(rio.rule.rdr.addr.v.tblname))
fatal("sync_ruleset: table name too long");
+#else
+ /* Old pf */
+ (void)strlcpy(pio.addr.ifname, t->conf.ifname,
+ sizeof(pio.addr.ifname));
+ if (strlcpy(pio.addr.addr.v.tblname, rdr->conf.name,
+ sizeof(pio.addr.addr.v.tblname)) >=
+ sizeof(pio.addr.addr.v.tblname))
+ fatal("sync_ruleset: table name too long");
+ if (ioctl(env->sc_pf->dev, DIOCADDADDR, &pio) == -1)
+ fatal("sync_ruleset: cannot add address to pool");
+#endif
if (address->port.op == PF_OP_EQ ||
rdr->table->conf.flags & F_PORT) {
+#ifndef __FreeBSD__
rio.rule.rdr.proxy_port[0] =
ntohs(rdr->table->conf.port);
rio.rule.rdr.port_op = PF_OP_EQ;
@@ -491,10 +606,27 @@
sizeof(rio.rule.route));
rio.rule.rdr.addr.type = PF_ADDR_NONE;
}
+#else
+ /* Old pf */
+ rio.rule.rpool.proxy_port[0] =
+ ntohs(rdr->table->conf.port);
+ rio.rule.rpool.port_op = PF_OP_EQ;
+ }
+ rio.rule.rpool.opts = PF_POOL_ROUNDROBIN;
+ if (rdr->conf.flags & F_STICKY)
+ rio.rule.rpool.opts |= PF_POOL_STICKYADDR;
+#endif
if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1)
fatal("cannot add rule");
+#ifndef __FreeBSD__
log_debug("%s: rule added to anchor \"%s\"", __func__, anchor);
+#else
+ /* Old pf */
+ log_debug("%s: rule added to %sanchor \"%s\"", __func__,
+ rdr->table->conf.fwdmode == FWD_ROUTE ?
+ "" : "rdr-", anchor);
+#endif
}
if (transaction_commit(env) == -1)
log_warn("%s: add rules transaction failed", __func__);

427
net/relayd/files/patch-relayd-relay.c
View File

@ -1,214 +1,249 @@
--- relayd/relay.c.orig 2011-01-15 01:22:35.236684399 +0100
+++ relayd/relay.c 2011-01-15 01:24:07.864955572 +0100
@@ -28,7 +28,6 @@
#include <sys/un.h>
#include <sys/tree.h>
#include <sys/hash.h>
-#include <sys/resource.h>
--- relayd/relay.c.orig 2011-05-20 11:43:53.000000000 +0200
+++ relayd/relay.c 2011-05-22 10:41:40.085208004 +0200
@@ -16,7 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <net/if.h>
#include <netinet/in_systm.h>
@@ -64,7 +63,7 @@
void relay_init(void);
void relay_launch(void);
int relay_socket(struct sockaddr_storage *, in_port_t,
- struct protocol *, int);
+ struct protocol *, int, int);
int relay_socket_listen(struct sockaddr_storage *, in_port_t,
struct protocol *);
int relay_socket_connect(struct sockaddr_storage *, in_port_t,
@@ -105,6 +104,7 @@
char *, size_t);
void relay_close_http(struct rsession *, u_int, const char *,
u_int16_t);
+void relay_http_request_close(struct ctl_relay_event *);
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/time.h>
#include <sys/stat.h>
@@ -77,7 +81,9 @@
SSL_CTX *relay_ssl_ctx_create(struct relay *);
void relay_ssl_transaction(struct rsession *,
@@ -148,6 +148,14 @@
case SIGTERM:
case SIGINT:
(void)event_loopexit(NULL);
+ break;
+ case SIGCHLD:
+ case SIGHUP:
+ case SIGPIPE:
+ /* ignore */
+ break;
+ default:
+ fatalx("relay_sig_handler: unexpected signal");
}
void relay_write(struct bufferevent *, void *);
void relay_read(struct bufferevent *, void *);
+#ifndef __FreeBSD__
int relay_splicelen(struct ctl_relay_event *);
+#endif
void relay_error(struct bufferevent *, short, void *);
void relay_dump(struct ctl_relay_event *, const void *, size_t);
@@ -494,6 +500,7 @@
return (0);
}
@@ -158,8 +166,6 @@
+#ifndef __FreeBSD__
in_port_t
relay_socket_getport(struct sockaddr_storage *ss)
{
pid_t pid;
struct passwd *pw;
- struct event ev_sigint;
- struct event ev_sigterm;
int i;
switch (pid = fork()) {
@@ -213,12 +219,17 @@
/* Per-child initialization */
relay_init();
- signal_set(&ev_sigint, SIGINT, relay_sig_handler, NULL);
- signal_set(&ev_sigterm, SIGTERM, relay_sig_handler, NULL);
- signal_add(&ev_sigint, NULL);
- signal_add(&ev_sigterm, NULL);
- signal(SIGHUP, SIG_IGN);
- signal(SIGPIPE, SIG_IGN);
+ signal_set(&env->sc_evsigint, SIGINT, relay_sig_handler, env);
+ signal_set(&env->sc_evsigterm, SIGTERM, relay_sig_handler, env);
+ signal_set(&env->sc_evsigchld, SIGCHLD, relay_sig_handler, env);
+ signal_set(&env->sc_evsighup, SIGHUP, relay_sig_handler, env);
+ signal_set(&env->sc_evsigpipe, SIGPIPE, relay_sig_handler, env);
+
+ signal_add(&env->sc_evsigint, NULL);
+ signal_add(&env->sc_evsigterm, NULL);
+ signal_add(&env->sc_evsigchld, NULL);
+ signal_add(&env->sc_evsighup, NULL);
+ signal_add(&env->sc_evsigpipe, NULL);
/* setup pipes */
close(pipe_pfe2hce[0]);
@@ -452,19 +463,9 @@
struct relay *rlay;
struct host *host;
struct timeval tv;
- struct rlimit rl;
- if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
- fatal("relay_init: failed to get resource limit");
- log_debug("relay_init: max open files %d", rl.rlim_max);
-
- /*
- * Allow the maximum number of open file descriptors for this
- * login class (which should be the class "daemon" by default).
- */
- rl.rlim_cur = rl.rlim_max;
- if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
- fatal("relay_init: failed to set resource limit");
+ /* Unlimited file descriptors (use system limits) */
+ socket_rlimit(-1);
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) &&
@@ -625,7 +626,7 @@
@@ -509,6 +516,7 @@
/* NOTREACHED */
return (0);
}
+#endif
int
relay_socket(struct sockaddr_storage *ss, in_port_t port,
- struct protocol *proto, int fd)
+ struct protocol *proto, int fd, int reuseport)
{
int s = -1, val;
struct linger lng;
@@ -643,9 +644,12 @@
bzero(&lng, sizeof(lng));
if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
goto bad;
- val = 1;
- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1)
- goto bad;
+ if (reuseport) {
+ val = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val,
+ sizeof(int)) == -1)
+ goto bad;
+ }
if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
goto bad;
if (proto->tcpflags & TCPFLAG_BUFSIZ) {
@@ -713,7 +717,7 @@
{
int s;
@@ -577,6 +585,7 @@
&val, sizeof(val)) == -1)
goto bad;
}
+#ifndef __FreeBSD__
if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
if (proto->tcpflags & TCPFLAG_NSACK)
val = 0;
@@ -586,6 +595,7 @@
&val, sizeof(val)) == -1)
goto bad;
}
+#endif
- if ((s = relay_socket(ss, port, proto, fd)) == -1)
+ if ((s = relay_socket(ss, port, proto, fd, 0)) == -1)
return (-1);
return (s);
if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) {
@@ -734,7 +738,7 @@
{
int s;
@@ -675,6 +685,7 @@
}
break;
case RELAY_PROTO_TCP:
+#ifndef __FreeBSD__
if ((proto->tcpflags & TCPFLAG_NSPLICE) ||
(rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)))
break;
@@ -692,6 +703,7 @@
return;
}
con->se_out.splicelen = 0;
+#endif
break;
default:
fatalx("relay_input: unknown protocol");
@@ -935,12 +947,20 @@
}
if (strstr(val, "$TIMEOUT") != NULL) {
snprintf(ibuf, sizeof(ibuf), "%lu",
+#ifdef __FreeBSD__
+ (unsigned long)rlay->rl_conf.timeout.tv_sec);
+#else
rlay->rl_conf.timeout.tv_sec);
+#endif
if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
return (NULL);
}
- if ((s = relay_socket(ss, port, proto, -1)) == -1)
+ if ((s = relay_socket(ss, port, proto, -1, 1)) == -1)
return (-1);
if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1)
@@ -1312,6 +1316,29 @@
+#ifndef __FreeBSD__
return (buf);
+#else
+ return (char *)(buf);
+#endif
}
void
+relay_http_request_close(struct ctl_relay_event *cre)
+{
+ if (cre->path != NULL) {
+ free(cre->path);
+ cre->path = NULL;
+ }
+
+ cre->args = NULL;
+ cre->version = NULL;
+
+ if (cre->buf != NULL) {
+ free(cre->buf);
+ cre->buf = NULL;
+ cre->buflen = 0;
+ }
+
+ cre->line = 0;
+ cre->method = 0;
+ cre->done = 0;
+ cre->chunked = 0;
+}
+
+void
relay_read_http(struct bufferevent *bev, void *arg)
{
struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
@@ -1580,10 +1607,7 @@
if (relay_bufferevent_print(cre->dst, "\r\n") == -1)
int
@@ -1552,7 +1572,11 @@
switch (type) {
case DIGEST_SHA1:
case DIGEST_MD5:
+#ifdef __FreeBSD__
+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
+#else
if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
+#endif
relay_close_http(con, 500,
"failed to allocate digest", 0);
goto fail;
@@ -1841,6 +1865,7 @@
}
}
- cre->line = 0;
- cre->method = 0;
- cre->done = 0;
- cre->chunked = 0;
+ relay_http_request_close(cre);
+#ifndef __FreeBSD__
int
relay_splicelen(struct ctl_relay_event *cre)
{
@@ -1859,6 +1884,7 @@
}
return (0);
}
+#endif
done:
if (cre->dir == RELAY_DIR_REQUEST && !cre->toread &&
@@ -2380,6 +2404,12 @@
bufferevent_free(con->se_out.bev);
else if (con->se_out.output != NULL)
evbuffer_free(con->se_out.output);
+ if (con->se_out.ssl != NULL) {
+ /* XXX handle non-blocking shutdown */
+ if (SSL_shutdown(con->se_out.ssl) == 0)
+ SSL_shutdown(con->se_out.ssl);
+ SSL_free(con->se_out.ssl);
void
relay_error(struct bufferevent *bev, short error, void *arg)
@@ -1866,9 +1892,12 @@
struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
struct rsession *con = cre->con;
struct evbuffer *dst;
+#ifndef __FreeBSD__
struct timeval tv, tv_now;
+#endif
if (error & EVBUFFER_TIMEOUT) {
+#ifndef __FreeBSD__
if (gettimeofday(&tv_now, NULL) == -1) {
relay_close(con, strerror(errno));
return;
@@ -1882,6 +1911,9 @@
relay_close(con, "buffer event timeout");
else
bufferevent_enable(cre->bev, EV_READ);
+#else
+ relay_close(con, "buffer event timeout");
+#endif
return;
}
if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) {
@@ -1934,8 +1966,10 @@
con->se_out.dst = &con->se_in;
con->se_in.con = con;
con->se_out.con = con;
+#ifndef __FreeBSD__
con->se_in.splicelen = -1;
con->se_out.splicelen = -1;
+#endif
con->se_relay = rlay;
con->se_id = ++relay_conid;
con->se_relayid = rlay->rl_conf.id;
@@ -1981,6 +2015,7 @@
return;
}
+#ifndef __FreeBSD__
if (rlay->rl_conf.flags & F_DIVERT) {
slen = sizeof(con->se_out.ss);
if (getsockname(s, (struct sockaddr *)&con->se_out.ss,
@@ -1996,12 +2031,19 @@
con->se_out.port == rlay->rl_conf.port)
con->se_out.ss.ss_family = AF_UNSPEC;
} else if (rlay->rl_conf.flags & F_NATLOOK) {
+#else
+ if (rlay->rl_conf.flags & F_NATLOOK) {
+#endif
if ((cnl = (struct ctl_natlook *)
calloc(1, sizeof(struct ctl_natlook))) == NULL) {
relay_close(con, "failed to allocate nat lookup");
return;
}
+#ifdef __FreeBSD__
+ }
if (con->se_out.s != -1)
close(con->se_out.s);
if (con->se_out.path != NULL)
@@ -2419,6 +2449,7 @@
struct table *table;
struct ctl_status st;
objid_t id;
+ int verbose;
iev = ptr;
ibuf = &iev->ibuf;
@@ -2522,6 +2553,10 @@
imsg_compose_event(iev, IMSG_CTL_END,
0, 0, -1, NULL, 0);
break;
+ case IMSG_CTL_LOG_VERBOSE:
+ memcpy(&verbose, imsg.data, sizeof(verbose));
+ log_verbose(verbose);
+ break;
default:
log_debug("relay_dispatch_msg: unexpected imsg %d",
imsg.hdr.type);
+ if (rlay->rl_conf.flags & F_NATLOOK && cnl != NULL) {
+#endif
con->se_cnl = cnl;
bzero(cnl, sizeof(*cnl));
cnl->in = -1;
@@ -2605,8 +2647,12 @@
goto err;
/* Set session context to the local relay name */
- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
- strlen(rlay->rl_conf.name)))
+ if (!SSL_CTX_set_session_id_context(ctx,
+#ifdef __FreeBSD__
+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
+#else
+ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
+#endif
goto err;
return (ctx);
@@ -2623,7 +2669,7 @@
{
struct relay *rlay = (struct relay *)con->se_relay;
SSL *ssl;
- const SSL_METHOD *method;
+ SSL_METHOD *method;
void (*cb)(int, short, void *);
u_int flags = EV_TIMEOUT;
@@ -3069,7 +3115,11 @@
if (fstat(fd, &st) != 0)
goto fail;
size = st.st_size;
+#ifndef __FreeBSD__
if ((buf = (char *)calloc(1, size + 1)) == NULL)
+#else
+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
+#endif
goto fail;
if (read(fd, buf, size) != size)
goto fail;
@@ -3077,7 +3127,11 @@
close(fd);
*len = size;
+#ifndef __FreeBSD__
return (buf);
+#else
+ return (char *)(buf);
+#endif
fail:
if (buf != NULL)
@@ -3107,7 +3161,7 @@
return (-1);
if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/%s.crt", hbuf) == -1)
+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
return (-1);
if ((rlay->rl_ssl_cert = relay_load_file(certfile,
&rlay->rl_conf.ssl_cert_len)) == NULL)
@@ -3115,7 +3169,7 @@
log_debug("%s: using certificate %s", __func__, certfile);
if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/private/%s.key", hbuf) == -1)
+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
return -1;
if ((rlay->rl_ssl_key = relay_load_file(certfile,
&rlay->rl_conf.ssl_key_len)) == NULL)

14
net/relayd/files/patch-relayd-relay_udp.c Normal file
View File

@ -0,0 +1,14 @@
--- relayd.orig/relay_udp.c 2011-05-22 01:06:39.460142978 +0200
+++ relayd/relay_udp.c 2011-05-22 01:06:54.703144104 +0200
@@ -16,7 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/time.h>
#include <sys/stat.h>

20
net/relayd/files/patch-relayd-relayd.8 Normal file
View File

@ -0,0 +1,20 @@
--- relayd.orig/relayd.8 2011-05-22 01:06:39.464157989 +0200
+++ relayd/relayd.8 2011-05-22 01:06:54.705151889 +0200
@@ -114,7 +114,7 @@
.It Fl f Ar file
Specify an alternative configuration file.
The default is
-.Pa /etc/relayd.conf .
+.Pa %%PREFIX%%/etc/relayd.conf .
.It Fl n
Configtest mode.
Only check the configuration file for validity.
@@ -123,7 +123,7 @@
.El
.Sh FILES
.Bl -tag -width "/var/run/relayd.sockXX" -compact
-.It /etc/relayd.conf
+.It %%PREFIX%%/etc/relayd.conf
Default configuration file.
.It /var/run/relayd.sock
.Ux Ns -domain

274
net/relayd/files/patch-relayd-relayd.c
View File

@ -1,127 +1,181 @@
--- relayd/relayd.c.orig 2011-01-15 00:27:09.020486320 +0100
+++ relayd/relayd.c 2011-01-15 00:32:43.024188430 +0100
@@ -26,6 +26,7 @@
--- relayd/relayd.c.orig 2011-05-19 10:56:49.000000000 +0200
+++ relayd/relayd.c 2011-05-22 10:34:12.913164741 +0200
@@ -17,7 +17,12 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include <sys/param.h>
+#include <openssl/rand.h>
+#else
#include <sys/types.h>
+#endif
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/wait.h>
+#include <sys/resource.h>
@@ -39,7 +44,11 @@
#include <unistd.h>
#include <ctype.h>
#include <pwd.h>
+#ifdef __FreeBSD__
+#include <sha.h>
+#else
#include <sha1.h>
+#endif
#include <md5.h>
#include <net/if.h>
#include <netinet/in.h>
@@ -113,6 +114,9 @@
case SIGHUP:
reconfigure();
break;
+ case SIGPIPE:
+ /* ignore */
+ break;
default:
fatalx("unexpected signal");
}
@@ -142,10 +146,6 @@
#endif
#include <openssl/ssl.h>
@@ -150,6 +159,11 @@
struct relayd *env;
const char *conffile;
- struct event ev_sigint;
- struct event ev_sigterm;
- struct event ev_sigchld;
- struct event ev_sighup;
struct imsgev *iev;
struct privsep *ps;
const char *conffile = CONF_FILE;
+#ifdef __FreeBSD__
+#if __FreeBSD_version > 800040
+ u_int32_t rnd[256];
+#endif
+#endif
opts = 0;
@@ -261,15 +261,17 @@
while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
switch (c) {
@@ -220,6 +234,16 @@
else
log_info("startup");
event_init();
- signal_set(&ev_sigint, SIGINT, main_sig_handler, env);
- signal_set(&ev_sigterm, SIGTERM, main_sig_handler, env);
- signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, env);
- signal_set(&ev_sighup, SIGHUP, main_sig_handler, env);
- signal_add(&ev_sigint, NULL);
- signal_add(&ev_sigterm, NULL);
- signal_add(&ev_sigchld, NULL);
- signal_add(&ev_sighup, NULL);
- signal(SIGPIPE, SIG_IGN);
+ signal_set(&env->sc_evsigint, SIGINT, main_sig_handler, env);
+ signal_set(&env->sc_evsigterm, SIGTERM, main_sig_handler, env);
+ signal_set(&env->sc_evsigchld, SIGCHLD, main_sig_handler, env);
+ signal_set(&env->sc_evsighup, SIGHUP, main_sig_handler, env);
+ signal_set(&env->sc_evsigpipe, SIGPIPE, main_sig_handler, env);
+#ifdef __FreeBSD__
+#if __FreeBSD_version > 800040
+ arc4random_stir();
+ arc4random_buf(rnd, sizeof(rnd));
+ RAND_seed(rnd, sizeof(rnd));
+#else
+ RAND_load_file("/dev/random",2048);
+#endif
+#endif
+
+ signal_add(&env->sc_evsigint, NULL);
+ signal_add(&env->sc_evsigterm, NULL);
+ signal_add(&env->sc_evsigchld, NULL);
+ signal_add(&env->sc_evsighup, NULL);
+ signal_add(&env->sc_evsigpipe, NULL);
ps->ps_instances[PROC_RELAY] = env->sc_prefork_relay;
proc_init(ps, procs, nitems(procs));
@@ -258,7 +282,9 @@
if (parent_configure(env) == -1)
fatalx("configuration failed");
+#ifndef __FreeBSD__
init_routes(env);
+#endif
close(pipe_parent2pfe[1]);
close(pipe_parent2hce[1]);
@@ -322,6 +324,8 @@
#endif
event_dispatch();
+ main_shutdown(env);
+ /* NOTREACHED */
return (0);
}
@@ -273,7 +299,9 @@
{
struct table *tb;
struct rdr *rdr;
+#ifndef __FreeBSD__
struct router *rt;
+#endif
struct protocol *proto;
struct relay *rlay;
int id;
@@ -284,8 +312,10 @@
config_settable(env, tb);
TAILQ_FOREACH(rdr, env->sc_rdrs, entry)
config_setrdr(env, rdr);
+#ifndef __FreeBSD__
TAILQ_FOREACH(rt, env->sc_rts, rt_entry)
config_setrt(env, rt);
+#endif
TAILQ_FOREACH(proto, env->sc_protos, entry)
config_setproto(env, proto);
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry)
@@ -359,9 +389,11 @@
@@ -642,6 +646,7 @@
#ifndef __FreeBSD__
proc_kill(env->sc_ps);
control_cleanup(&env->sc_ps->ps_csock);
+#ifndef __FreeBSD__
carp_demote_shutdown();
if (env->sc_flags & F_DEMOTE)
carp_demote_reset(env->sc_demote_group, 128);
+#endif
free(env->sc_ps);
free(env);
@@ -375,12 +407,15 @@
parent_dispatch_pfe(int fd, struct privsep_proc *p, struct imsg *imsg)
{
struct relayd *env = p->p_env;
+#ifndef __FreeBSD__
struct ctl_demote demote;
#endif
+ int verbose;
struct ctl_netroute crt;
+#endif
u_int v;
char *str = NULL;
iev = ptr;
ibuf = &iev->ibuf;
@@ -685,6 +690,10 @@
*/
reconfigure();
break;
+ case IMSG_CTL_LOG_VERBOSE:
+ memcpy(&verbose, imsg.data, sizeof(verbose));
+ log_verbose(verbose);
+ break;
default:
log_debug("main_dispatch_pfe: unexpected imsg %d",
imsg.hdr.type);
@@ -988,6 +997,7 @@
if (timercmp(&tv_next, &tv, >))
bcopy(&tv_next, &tv, sizeof(tv));
+ event_del(ev);
event_set(ev, fd, event, fn, arg);
event_add(ev, &tv);
switch (imsg->hdr.type) {
+#ifndef __FreeBSD__
case IMSG_DEMOTE:
IMSG_SIZE_CHECK(imsg, &demote);
memcpy(&demote, imsg->data, sizeof(demote));
@@ -391,6 +426,7 @@
memcpy(&crt, imsg->data, sizeof(crt));
pfe_route(env, &crt);
break;
+#endif
case IMSG_CTL_RESET:
IMSG_SIZE_CHECK(imsg, &v);
memcpy(&v, imsg->data, sizeof(v));
@@ -432,9 +468,11 @@
proc_compose_imsg(ps, PROC_HCE, -1, IMSG_SCRIPT,
-1, &scr, sizeof(scr));
break;
+#ifndef __FreeBSD__
case IMSG_SNMPSOCK:
(void)snmp_setsock(env, p->p_id);
break;
+#endif
case IMSG_CFG_DONE:
if (env->sc_reload)
env->sc_reload--;
@@ -645,6 +683,7 @@
return (NULL);
}
@@ -1145,6 +1155,7 @@
}
pn->key = strdup(pk->key);
if (pn->key == NULL) {
+ free(pn);
log_warn("out of memory");
return (NULL);
}
@@ -1370,3 +1381,24 @@
return (0);
+#ifndef __FreeBSD__
struct netroute *
route_find(struct relayd *env, objid_t id)
{
@@ -666,6 +705,7 @@
return (rt);
return (NULL);
}
+
+void
+socket_rlimit(int maxfd)
+{
+ struct rlimit rl;
+
+ if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
+ fatal("socket_rlimit: failed to get resource limit");
+ log_debug("socket_rlimit: max open files %d", rl.rlim_max);
+
+ /*
+ * Allow the maximum number of open file descriptors for this
+ * login class (which should be the class "daemon" by default).
+ */
+ if (maxfd == -1)
+ rl.rlim_cur = rl.rlim_max;
+ else
+ rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd);
+ if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
+ fatal("socket_rlimit: failed to set resource limit");
+}
+#endif
struct host *
host_findbyname(struct relayd *env, const char *name)
@@ -840,7 +880,11 @@
{
switch (type) {
case DIGEST_SHA1:
+#ifdef __FreeBSD__
+ return (SHA1_Data(data, len, buf));
+#else
return (SHA1Data(data, len, buf));
+#endif
break;
case DIGEST_MD5:
return (MD5Data(data, len, buf));
@@ -1077,9 +1121,17 @@
bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
bnd->bnd_proto)) == -1)
goto fail;
+#ifdef SO_BINDANY
if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
&v, sizeof(v)) == -1)
goto fail;
+#else
+#ifdef IP_BINDANY
+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
+ &v, sizeof(v)) == -1)
+ goto fail;
+#endif
+#endif
if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
bnd->bnd_ss.ss_len) == -1)
goto fail;

244
net/relayd/files/patch-relayd-relayd.conf.5 Normal file
View File

@ -0,0 +1,244 @@
--- relayd/relayd.conf.5.orig 2011-05-05 12:20:24.000000000 +0200
+++ relayd/relayd.conf.5 2011-05-22 12:52:42.026190316 +0200
@@ -43,7 +43,7 @@
in a similar fashion to
.Xr pf 4
tables.
-They are used for relay, redirection, and router target selection with
+They are used for relay and redirection target selection with
the described options and health checking on the host they contain.
.It Sy Redirections
Redirections are translated to
@@ -55,9 +55,6 @@
general purpose TCP proxying on layer 7.
.It Sy Protocols
Protocols are predefined protocol handlers and settings for relays.
-.It Sy Routers
-Routers are used to insert routes with health-checked gateways for
-(WAN) link balancing.
.El
.Pp
Within the sections,
@@ -86,7 +83,7 @@
.Ic include
keyword, for example:
.Bd -literal -offset indent
-include "/etc/relayd.conf.local"
+include "%%PREFIX%%/etc/relayd.conf.local"
.Ed
.Sh MACROS
Macros can be defined that will later be expanded in context.
@@ -111,17 +108,6 @@
.Sh GLOBAL CONFIGURATION
Here are the settings that can be set globally:
.Bl -tag -width Ds
-.It Ic demote Ar group
-Enable the global
-.Xr carp 4
-demotion option, resetting the carp demotion counter for the
-specified interface group to zero on startup and to 128 on shutdown of
-the daemon.
-For more information on interface groups,
-see the
-.Ic group
-keyword in
-.Xr ifconfig 8 .
.It Ic interval Ar number
Set the interval in seconds at which the hosts will be checked.
The default interval is 10 seconds.
@@ -151,15 +137,6 @@
.Xr relayd 8
runs 5 relay processes by default and every process will handle
all configured relays.
-.It Ic send trap
-Send an SNMP trap when the state of a host changes.
-.Xr relayd 8
-will try to connect to
-.Xr snmpd 8
-and request it send a trap to the registered trap receivers;
-see
-.Xr snmpd.conf 5
-for more information about the configuration.
.It Ic timeout Ar number
Set the global timeout in milliseconds for checks.
This can be overridden by the timeout value in the table definitions.
@@ -363,17 +340,6 @@
.Pp
The following general table options are available:
.Bl -tag -width Ds
-.It Ic demote Ar group
-Enable the per-table
-.Xr carp 4
-demotion option.
-This will increment the carp demotion counter for the
-specified interface group if all hosts in the table are down.
-For more information on interface groups,
-see the
-.Ic group
-keyword in
-.Xr ifconfig 8 .
.It Ic interval Ar number
Override the global interval and specify one for this table.
It must be a multiple of the global interval.
@@ -605,7 +571,7 @@
.Ic destination
.Ar options ...
.Xc
-When redirecting connections with a divert-to rule in
+When redirecting connections with a rdr-to rule in
.Xr pf.conf 5
to a relay listening on localhost, this directive will
look up the real destination address of the intended target host,
@@ -613,14 +579,7 @@
If an additional
.Ic forward to
directive to a specified address or table is present,
-it will be used as a backup if the lookup failed.
-.It Xo
-.Ic forward to
-.Ic nat lookup
-.Ar options ...
-.Xc
-Like the previous directive, but for redirections with rdr-to in
-.Xr pf.conf 5 .
+it will be used as a backup if the NAT lookup failed.
.It Xo
.Ic listen on Ar address
.Op Ic port Ar port
@@ -639,9 +598,9 @@
keyword is present, the relay will accept connections using the
encrypted SSL protocol.
The relay will look up a private key in
-.Pa /etc/ssl/private/address.key
+.Pa %%PREFIX%%/etc/ssl/private/address.key
and a public certificate in
-.Pa /etc/ssl/address.crt ,
+.Pa %%PREFIX%%/etc/ssl/address.crt ,
where
.Ar address
is the specified IP address of the relay to listen on.
@@ -990,9 +949,6 @@
This option enables CA verification in SSL client mode.
The daemon will load the CA (Certificate Authority) certificates from
the specified path to verify the server certificates.
-.Ox
-provides a default CA bundle in
-.Pa /etc/ssl/cert.pem .
.It Ic ciphers Ar string
Set the string defining the SSL cipher suite.
If not specified, the default value
@@ -1068,89 +1024,22 @@
Set the socket-level buffer size for input and output for this
connection.
This will affect the TCP window size.
-.It Xo
-.Op Ic no
-.Ic splice
-.Xc
-Use socket splicing for zero-copy data transfer.
-This option is enabled by default.
.El
.El
-.Sh ROUTERS
-Routers represent routing table entries in the kernel forwarding
-database, see
-.Xr route 4 ,
-and a table of associated gateways.
-They are used to dynamically insert or remove routes with gateways
-based on their availability and health-check results.
-A router can include multiple network statements and a single forward
-statement with a table of one or more gateways.
-All entries in a single router directive must match the same address
-family, either IPv4 or IPv6.
-.Pp
-The kernel supports multipath routing when multiple gateways exist to
-the same destination address.
-The multipath routing behaviour can be changed globally using the
-.Xr sysctl 8
-variables
-.Va net.inet.ip.multipath
-and
-.Va net.inet6.ip6.multipath .
-With the default setting of 0,
-the first route selected will be used for subsequent packets to that
-destination regardless of source.
-Setting it to 1 will enable load balancing based on the packet source
-address across gateways; multiple routes with the same priority are
-used equally.
-The kernel will also check the link state of the related network
-interface and try a different route if it is not active.
-.Pp
-The configuration directives that are valid in the
-.Ic routers
-context are described below:
-.Bl -tag -width Ds
-.It Xo
-.Ic forward to
-.Aq Ar table
-.Ic port Ar number
-.Ar options ...
-.Xc
-Specify the table of target gateways to be used; see the
-.Sx TABLES
-section above for information about table options.
-This entry is mandatory and must be specified once.
-.It Xo
-.Ic route
-.Ar address Ns Li / Ns Ar prefix
-.Xc
-Specify the network address and prefix length of a route destination
-that is reachable via the active gateways.
-This entry must be specified at least once in a router directive.
-.It Ic rtable Ar id
-Add the routes to the kernel routing table with the specified
-.Ar id .
-.It Ic rtlabel Ar label
-Add the routes with the specified
-.Ar label
-to the kernel routing table.
-.El
.Sh FILES
-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
-.It Pa /etc/relayd.conf
+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
+.It Pa %%PREFIX%%/etc/relayd.conf
.Xr relayd 8
configuration file.
.Pp
.It Pa /etc/services
Service name database.
.Pp
-.It Pa /etc/ssl/address.crt
-.It Pa /etc/ssl/private/address.key
+.It Pa %%PREFIX%%/etc/ssl/address.crt
+.It Pa %%PREFIX%%/etc/ssl/private/address.key
Location of the relay SSL server certificates, where
.Ar address
is the configured IP address of the relay.
-.It Pa /etc/ssl/cert.pem
-Default location of the CA bundle that can be used with
-.Xr relayd 8 .
.El
.Sh EXAMPLES
This configuration file would create a redirection service
@@ -1242,20 +1131,9 @@
forward to shell.example.com port 22
}
.Ed
-.Pp
-The next simple router configuration example can be used to run
-redundant, health-checked WAN links:
-.Bd -literal -offset indent
-table \*(Ltgateways\*(Gt { $gw1 ip ttl 1, $gw2 ip ttl 1 }
-router "uplinks" {
- route 0.0.0.0/0
- forward to \*(Ltgateways\*(Gt check icmp
-}
-.Ed
.Sh SEE ALSO
.Xr relayctl 8 ,
.Xr relayd 8 ,
-.Xr snmpd 8 ,
.Xr ssl 8
.Sh HISTORY
The

255
net/relayd/files/patch-relayd-relayd.h
View File

@ -1,74 +1,199 @@
--- relayd/relayd.h.orig 2011-01-15 00:27:09.022494663 +0100
+++ relayd/relayd.h 2011-01-15 00:47:37.743251059 +0100
@@ -19,11 +19,12 @@
*/
--- relayd.orig/relayd.h 2011-05-22 01:06:39.465162022 +0200
+++ relayd/relayd.h 2011-05-22 01:07:39.088200887 +0200
@@ -21,10 +21,18 @@
#include <sys/tree.h>
+
+#include <sys/param.h> /* MAXHOSTNAMELEN */
+#include <limits.h>
#ifdef __FreeBSD__
-#include <sys/param.h>
#include <sys/queue.h>
#endif
-
#include <sys/param.h> /* MAXHOSTNAMELEN */
+#ifdef __FreeBSD__
+#include <sys/queue.h>
+#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
+#endif
#include <limits.h>
#include <imsg.h>
#ifdef __FreeBSD__
@@ -299,7 +300,9 @@
HCE_ICMP_OK,
HCE_ICMP_READ_TIMEOUT,
HCE_ICMP_WRITE_TIMEOUT,
- HCE_TCP_CONNECT_ERROR,
+ HCE_TCP_SOCKET_ERROR,
+ HCE_TCP_SOCKET_LIMIT,
+ HCE_TCP_SOCKET_OPTION,
HCE_TCP_CONNECT_FAIL,
HCE_TCP_CONNECT_TIMEOUT,
HCE_TCP_CONNECT_OK,
@@ -637,6 +640,13 @@
struct ctl_icmp_event sc_icmp_recv;
struct ctl_icmp_event sc_icmp6_send;
struct ctl_icmp_event sc_icmp6_recv;
+
+ /* Event and signal handlers */
+ struct event sc_evsigint;
+ struct event sc_evsigterm;
+ struct event sc_evsigchld;
+ struct event sc_evsighup;
+ struct event sc_evsigpipe;
};
+#ifdef __FreeBSD__
+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
+#else
#define CONF_FILE "/etc/relayd.conf"
+#endif
#define RELAYD_SOCKET "/var/run/relayd.sock"
#define PF_SOCKET "/dev/pf"
#define RELAYD_USER "_relayd"
@@ -63,7 +71,18 @@
#define SMALL_READ_BUF_SIZE 1024
#define ICMP_BUF_SIZE 64
#define RELAYD_OPT_VERBOSE 0x01
@@ -699,6 +709,7 @@
IMSG_CTL_NOTIFY,
IMSG_CTL_RDR_STATS,
IMSG_CTL_RELAY_STATS,
+ IMSG_CTL_LOG_VERBOSE,
IMSG_RDR_ENABLE, /* notifies from pfe to hce */
IMSG_RDR_DISABLE,
IMSG_TABLE_ENABLE,
@@ -799,7 +810,6 @@
+#ifndef __FreeBSD__
#define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
+#else
+#define SIMPLEQ_HEAD STAILQ_HEAD
+#define SIMPLEQ_FIRST STAILQ_FIRST
+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
+#define SIMPLEQ_ENTRY STAILQ_ENTRY
+#define SIMPLEQ_INIT STAILQ_INIT
+#define SIMPLEQ_EMPTY STAILQ_EMPTY
+#define SIMPLEQ_NEXT STAILQ_NEXT
+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
+#endif
#if DEBUG > 1
#define DPRINTF log_debug
@@ -253,7 +272,9 @@
#define F_SSLCLIENT 0x00200000
#define F_NEEDRT 0x00400000
#define F_MATCH 0x00800000
+#ifndef __FreeBSD__
#define F_DIVERT 0x01000000
+#endif
#define F_BITS \
"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \
@@ -622,6 +643,7 @@
};
#define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN
+#ifndef __FreeBSD__
struct router;
struct netroute_config {
objid_t id;
@@ -668,6 +690,7 @@
struct netroute_config nr;
struct router_config rt;
};
+#endif
/* initially control.h */
struct control_sock {
@@ -753,12 +776,18 @@
IMSG_HOST_STATUS, /* notifies from hce to pfe */
IMSG_SYNC,
IMSG_NATLOOK,
+#ifndef __FreeBSD__
IMSG_DEMOTE,
+#endif
IMSG_STATISTICS,
IMSG_SCRIPT,
+#ifndef __FreeBSD__
IMSG_SNMPSOCK,
+#endif
IMSG_BINDANY,
+#ifndef __FreeBSD__
IMSG_RTMSG, /* from pfe to parent */
+#endif
IMSG_CFG_TABLE, /* configuration from parent */
IMSG_CFG_HOST,
IMSG_CFG_RDR,
@@ -826,14 +855,18 @@
u_int32_t sc_flags;
const char *sc_conffile;
struct pfdata *sc_pf;
+#ifndef __FreeBSD__
int sc_rtsock;
int sc_rtseq;
+#endif
int sc_tablecount;
int sc_rdrcount;
int sc_protocount;
int sc_relaycount;
+#ifndef __FreeBSD__
int sc_routercount;
int sc_routecount;
+#endif
struct timeval sc_interval;
struct timeval sc_timeout;
struct table sc_empty_table;
@@ -843,8 +876,10 @@
struct rdrlist *sc_rdrs;
struct protolist *sc_protos;
struct relaylist *sc_relays;
+#ifndef __FreeBSD__
struct routerlist *sc_rts;
struct netroutelist *sc_routes;
+#endif
u_int16_t sc_prefork_relay;
char sc_demote_group[IFNAMSIZ];
u_int16_t sc_id;
@@ -852,10 +887,11 @@
struct event sc_statev;
struct timeval sc_statinterval;
+#ifndef __FreeBSD__
int sc_snmp;
struct event sc_snmpto;
struct event sc_snmpev;
-
+#endif
int sc_has_icmp;
int sc_has_icmp6;
struct ctl_icmp_event sc_icmp_send;
@@ -923,10 +959,12 @@
u_int64_t
check_table(struct relayd *, struct rdr *, struct table *);
+#ifndef __FreeBSD__
/* pfe_route.c */
void init_routes(struct relayd *);
void sync_routes(struct relayd *, struct router *);
int pfe_route(struct relayd *, struct ctl_netroute *);
+#endif
/* hce.c */
pid_t hce(struct privsep *, struct privsep_proc *);
@@ -943,8 +981,10 @@
void relay_session(struct rsession *);
int relay_from_table(struct rsession *);
int relay_socket_af(struct sockaddr_storage *, in_port_t);
+#ifndef __FreeBSD__
in_port_t
relay_socket_getport(struct sockaddr_storage *);
+#endif
int relay_cmp_af(struct sockaddr_storage *,
struct sockaddr_storage *);
-
RB_PROTOTYPE(proto_tree, protonode, se_nodes, relay_proto_cmp);
SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp);
@@ -986,8 +1026,10 @@
struct host *host_find(struct relayd *, objid_t);
struct table *table_find(struct relayd *, objid_t);
struct rdr *rdr_find(struct relayd *, objid_t);
+#ifndef __FreeBSD__
struct netroute *route_find(struct relayd *, objid_t);
struct router *router_find(struct relayd *, objid_t);
+#endif
struct host *host_findbyname(struct relayd *, const char *);
struct table *table_findbyname(struct relayd *, const char *);
struct table *table_findbyconf(struct relayd *, struct table *);
@@ -1035,11 +1077,13 @@
void pn_unref(u_int16_t);
void pn_ref(u_int16_t);
@@ -867,6 +877,7 @@
void imsg_event_add(struct imsgev *);
int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
pid_t, int, void *, u_int16_t);
+void socket_rlimit(int);
+#ifndef __FreeBSD__
/* snmp.c */
void snmp_init(struct relayd *, enum privsep_procid);
int snmp_setsock(struct relayd *, enum privsep_procid);
int snmp_getsock(struct relayd *, struct imsg *);
void snmp_hosttrap(struct relayd *, struct table *, struct host *);
+#endif
/* carp.c */
int carp_demote_init(char *, int);
@@ -898,6 +909,7 @@
/* log.c */
void log_init(int);
+void log_verbose(int);
void log_warn(const char *, ...);
void log_warnx(const char *, ...);
void log_info(const char *, ...);
/* shuffle.c */
void shuffle_init(struct shuffle *);
@@ -1092,9 +1136,11 @@
int config_setrdr(struct relayd *, struct rdr *);
int config_getrdr(struct relayd *, struct imsg *);
int config_getvirt(struct relayd *, struct imsg *);
+#ifndef __FreeBSD__
int config_setrt(struct relayd *, struct router *);
int config_getrt(struct relayd *, struct imsg *);
int config_getroute(struct relayd *, struct imsg *);
+#endif
int config_setproto(struct relayd *env, struct protocol *);
int config_getproto(struct relayd *, struct imsg *);
int config_setprotonode(struct relayd *, enum privsep_procid,
@@ -1102,3 +1148,9 @@
int config_getprotonode(struct relayd *, struct imsg *);
int config_setrelay(struct relayd *env, struct relay *);
int config_getrelay(struct relayd *, struct imsg *);
+
+#ifdef __FreeBSD__
+#if __FreeBSD_version < 800041
+u_int32_t arc4random_uniform(u_int32_t upper_bound);
+#endif
+#endif

5
net/relayd/pkg-descr
View File

@ -8,4 +8,9 @@ firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd.
Layer 3 redirection happens at the packet level; to configure it, relayd
communicates with pf(4).
The following relayd functionality is not (yet) implemented in FreeBSD:
carp
routers
snmp
WWW: http://spootnik.org/relayd/