Update to 4.9.20110522
This commit is contained in:
parent
55a37728af
commit
416c8b7511
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=274478
@ -5,8 +5,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= relayd
|
||||
PORTVERSION= 4.6.20090813
|
||||
PORTREVISION= 5
|
||||
PORTVERSION= 4.9.20110522
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= ${MASTER_SITE_LOCAL}
|
||||
MASTER_SITE_SUBDIR= mm
|
||||
@ -16,7 +15,7 @@ COMMENT= OpenBSD relay daemon
|
||||
|
||||
LICENSE= BSD
|
||||
|
||||
DISTNAME= ${PORTNAME}-${PORTVERSION}-1
|
||||
DISTNAME= ${PORTNAME}-${PORTVERSION}
|
||||
USE_BZIP2= yes
|
||||
MANCOMPRESSED= yes
|
||||
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (relayd-4.6.20090813-1.tar.bz2) = c4f2e2e48155117a73042c313f777b0f467640eea29bf2473eb9dba5bede0b9d
|
||||
SIZE (relayd-4.6.20090813-1.tar.bz2) = 77359
|
||||
SHA256 (relayd-4.9.20110522.tar.bz2) = 905ab2fa2296adc60b3552e50529dc69e906c4414b11ed125c4c6bd613765378
|
||||
SIZE (relayd-4.9.20110522.tar.bz2) = 85439
|
||||
|
@ -2,10 +2,12 @@
|
||||
|
||||
PROG= relayctl
|
||||
|
||||
.PATH: ${.CURDIR}/../../lib/libutil
|
||||
SRCS= imsg-buffer.c \
|
||||
imsg.c
|
||||
|
||||
.PATH: ${.CURDIR}/../relayd
|
||||
SRCS= buffer.c \
|
||||
imsg.c \
|
||||
log.c
|
||||
SRCS+= log.c
|
||||
|
||||
.PATH: ${.CURDIR}
|
||||
SRCS+= relayctl.c \
|
||||
@ -15,6 +17,7 @@ MAN= relayctl.8
|
||||
|
||||
CFLAGS+= -D__dead=''
|
||||
CFLAGS+= -I${.CURDIR} \
|
||||
-I${.CURDIR}/../../lib/libutil \
|
||||
-I${.CURDIR}/../relayd \
|
||||
-I${PREFIX}/include
|
||||
|
||||
|
@ -5,11 +5,14 @@ PROG= relayd
|
||||
MAN= relayd.8 \
|
||||
relayd.conf.5
|
||||
|
||||
SRCS= parse.y \
|
||||
.PATH: ${.CURDIR}/../../lib/libutil
|
||||
SRCS= imsg-buffer.c \
|
||||
imsg.c
|
||||
|
||||
.PATH: ${.CURDIR}
|
||||
SRCS+= parse.y \
|
||||
log.c \
|
||||
control.c \
|
||||
buffer.c \
|
||||
imsg.c \
|
||||
ssl.c \
|
||||
ssl_privsep.c \
|
||||
relayd.c \
|
||||
@ -23,13 +26,16 @@ SRCS= parse.y \
|
||||
check_script.c \
|
||||
name2id.c \
|
||||
arc4random.c \
|
||||
shuffle.c
|
||||
shuffle.c \
|
||||
proc.c \
|
||||
config.c
|
||||
|
||||
CFLAGS+= -DSHA1_DIGEST_LENGTH=SHA_DIGEST_LENGTH \
|
||||
-DSHA1_DIGEST_STRING_LENGTH=SHA_DIGEST_LENGTH \
|
||||
-DOPENSSL_NO_SHA -DOPENSSL_NO_MD5 \
|
||||
-D__dead=''
|
||||
CFLAGS+= -I${.CURDIR} -I${PREFIX}/include
|
||||
CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libutil \
|
||||
-I${PREFIX}/include
|
||||
CLEANFILES+= y.tab.h
|
||||
|
||||
LDADD= -lmd -L${PREFIX}/lib ${LIBEVENT} -lssl -lcrypto
|
||||
|
@ -1,75 +0,0 @@
|
||||
diff -Naur relayctl.orig/parser.c relayctl/parser.c
|
||||
--- relayctl.orig/parser.c 2007-12-20 21:15:43.000000000 +0100
|
||||
+++ relayctl/parser.c 2010-05-27 10:12:35.000000000 +0200
|
||||
@@ -18,7 +18,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
|
||||
@@ -124,6 +128,11 @@
|
||||
|
||||
static struct parse_result res;
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+const struct token *match_token(const char *, const struct token []);
|
||||
+void show_valid_args(const struct token []);
|
||||
+#endif
|
||||
+
|
||||
struct parse_result *
|
||||
parse(int argc, char *argv[])
|
||||
{
|
||||
diff -Naur relayctl.orig/parser.h relayctl/parser.h
|
||||
--- relayctl.orig/parser.h 2007-12-20 21:15:43.000000000 +0100
|
||||
+++ relayctl/parser.h 2010-05-27 10:12:03.000000000 +0200
|
||||
@@ -41,5 +41,7 @@
|
||||
};
|
||||
|
||||
struct parse_result *parse(int, char *[]);
|
||||
+#ifndef __FreeBSD__
|
||||
const struct token *match_token(const char *, const struct token []);
|
||||
void show_valid_args(const struct token []);
|
||||
+#endif
|
||||
diff -Naur relayctl.orig/relayctl.c relayctl/relayctl.c
|
||||
--- relayctl.orig/relayctl.c 2009-06-06 01:39:51.000000000 +0200
|
||||
+++ relayctl/relayctl.c 2010-05-27 10:11:39.000000000 +0200
|
||||
@@ -20,6 +20,9 @@
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#endif
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/un.h>
|
||||
@@ -290,7 +293,11 @@
|
||||
imn = monitor_lookup(imsg->hdr.type);
|
||||
printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
|
||||
imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
|
||||
+#ifdef __FreeBSD__
|
||||
+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
|
||||
+#else
|
||||
printf("\ttimestamp: %u, %s", now, ctime(&now));
|
||||
+#endif
|
||||
if (imn->type == -1)
|
||||
done = 1;
|
||||
if (imn->func != NULL)
|
||||
@@ -509,7 +516,11 @@
|
||||
printf("\t%8s\ttotal: %llu sessions\n"
|
||||
"\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
|
||||
"\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
|
||||
+#ifdef __FreeBSD__
|
||||
+ "", (long long unsigned)crs.cnt,
|
||||
+#else
|
||||
"", crs.cnt,
|
||||
+#endif
|
||||
"", crs.last, crs.interval,
|
||||
crs.last_hour, crs.last_day,
|
||||
"", crs.avg, crs.interval,
|
@ -1,791 +0,0 @@
|
||||
diff -Naur relayd.orig/carp.c relayd/carp.c
|
||||
--- relayd.orig/carp.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/carp.c 2010-06-10 08:50:24.487544459 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
+#include <sys/queue.h>
|
||||
|
||||
#include <net/if.h>
|
||||
|
||||
diff -Naur relayd.orig/check_tcp.c relayd/check_tcp.c
|
||||
--- relayd.orig/check_tcp.c 2010-06-10 08:50:20.371085750 +0200
|
||||
+++ relayd/check_tcp.c 2010-06-10 08:50:24.488548211 +0200
|
||||
@@ -31,7 +31,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <fnmatch.h>
|
||||
-#include <sha1.h>
|
||||
+#include <sha.h>
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
@@ -285,7 +285,11 @@
|
||||
if (b == NULL)
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
+#ifndef __FreeBSD__
|
||||
if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
|
||||
+#else
|
||||
+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
|
||||
+#endif
|
||||
cte->host->he = HCE_SEND_EXPECT_OK;
|
||||
cte->host->up = HOST_UP;
|
||||
return (0);
|
||||
@@ -318,7 +322,11 @@
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
head = cte->buf->buf;
|
||||
+#else
|
||||
+ head = (char *)cte->buf->buf;
|
||||
+#endif
|
||||
host = cte->host;
|
||||
host->he = HCE_HTTP_CODE_ERROR;
|
||||
|
||||
@@ -370,7 +378,11 @@
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
head = cte->buf->buf;
|
||||
+#else
|
||||
+ head = (char *)cte->buf->buf;
|
||||
+#endif
|
||||
host = cte->host;
|
||||
host->he = HCE_HTTP_DIGEST_ERROR;
|
||||
|
||||
@@ -382,7 +394,11 @@
|
||||
}
|
||||
head += strlen("\r\n\r\n");
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
|
||||
+#else
|
||||
+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
|
||||
+#endif
|
||||
|
||||
if (strcmp(cte->table->conf.digest, digest)) {
|
||||
log_warnx("check_http_digest: %s failed "
|
||||
diff -Naur relayd.orig/hce.c relayd/hce.c
|
||||
--- relayd.orig/hce.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/hce.c 2010-06-10 08:50:24.489552523 +0200
|
||||
@@ -167,7 +167,7 @@
|
||||
struct timeval tv;
|
||||
struct table *table;
|
||||
|
||||
- snmp_init(env, iev_main);
|
||||
+// snmp_init(env, iev_main);
|
||||
|
||||
if (!TAILQ_EMPTY(env->sc_tables)) {
|
||||
evtimer_set(&env->sc_ev, hce_launch_checks, env);
|
||||
@@ -336,8 +336,10 @@
|
||||
print_availability(host->check_cnt, host->up_cnt));
|
||||
}
|
||||
|
||||
+/*
|
||||
if (host->last_up != host->up)
|
||||
snmp_hosttrap(table, host);
|
||||
+*/
|
||||
|
||||
host->last_up = host->up;
|
||||
|
||||
diff -Naur relayd.orig/log.c relayd/log.c
|
||||
--- relayd.orig/log.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/log.c 2010-06-10 08:50:24.489552523 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/tree.h>
|
||||
diff -Naur relayd.orig/parse.y relayd/parse.y
|
||||
--- relayd.orig/parse.y 2010-06-10 08:50:20.372089782 +0200
|
||||
+++ relayd/parse.y 2010-06-10 08:50:24.490556275 +0200
|
||||
@@ -343,6 +343,7 @@
|
||||
}
|
||||
conf->sc_prefork_relay = $2;
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| DEMOTE STRING {
|
||||
conf->sc_flags |= F_DEMOTE;
|
||||
if (strlcpy(conf->sc_demote_group, $2,
|
||||
@@ -360,6 +361,7 @@
|
||||
}
|
||||
}
|
||||
| SEND TRAP { conf->sc_flags |= F_TRAP; }
|
||||
+*/
|
||||
;
|
||||
|
||||
loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
|
||||
@@ -615,6 +617,7 @@
|
||||
bcopy(&$2, &table->conf.timeout,
|
||||
sizeof(struct timeval));
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| DEMOTE STRING {
|
||||
table->conf.flags |= F_DEMOTE;
|
||||
if (strlcpy(table->conf.demote_group, $2,
|
||||
@@ -632,6 +635,7 @@
|
||||
YYERROR;
|
||||
}
|
||||
}
|
||||
+*/
|
||||
| INTERVAL NUMBER {
|
||||
if ($2 < conf->sc_interval.tv_sec ||
|
||||
$2 % conf->sc_interval.tv_sec) {
|
||||
@@ -1562,7 +1566,7 @@
|
||||
{ "ciphers", CIPHERS },
|
||||
{ "code", CODE },
|
||||
{ "cookie", COOKIE },
|
||||
- { "demote", DEMOTE },
|
||||
+// FreeBSD { "demote", DEMOTE },
|
||||
{ "digest", DIGEST },
|
||||
{ "disable", DISABLE },
|
||||
{ "error", ERROR },
|
||||
@@ -1625,7 +1629,7 @@
|
||||
{ "timeout", TIMEOUT },
|
||||
{ "to", TO },
|
||||
{ "transparent", TRANSPARENT },
|
||||
- { "trap", TRAP },
|
||||
+// FreeBSD { "trap", TRAP },
|
||||
{ "ttl", TTL },
|
||||
{ "updates", UPDATES },
|
||||
{ "url", URL },
|
||||
@@ -2260,7 +2264,8 @@
|
||||
hints.ai_family = PF_UNSPEC;
|
||||
hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
|
||||
error = getaddrinfo(s, NULL, &hints, &res0);
|
||||
- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
|
||||
+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
|
||||
+ if (error == EAI_AGAIN || error == EAI_NONAME)
|
||||
return (0);
|
||||
if (error) {
|
||||
log_warnx("host_dns: could not parse \"%s\": %s", s,
|
||||
diff -Naur relayd.orig/pfe.c relayd/pfe.c
|
||||
--- relayd.orig/pfe.c 2010-06-10 08:50:20.369077965 +0200
|
||||
+++ relayd/pfe.c 2010-06-10 08:50:24.491560307 +0200
|
||||
@@ -17,6 +17,9 @@
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/queue.h>
|
||||
+#endif
|
||||
#include <sys/stat.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
@@ -859,7 +862,9 @@
|
||||
struct table *table;
|
||||
struct ctl_id id;
|
||||
struct imsg imsg;
|
||||
+#ifndef __FreeBSD__
|
||||
struct ctl_demote demote;
|
||||
+#endif
|
||||
|
||||
bzero(&id, sizeof(id));
|
||||
bzero(&imsg, sizeof(imsg));
|
||||
@@ -920,6 +925,7 @@
|
||||
*/
|
||||
table->conf.flags &= ~(F_CHANGED);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
/*
|
||||
* handle demotion.
|
||||
*/
|
||||
@@ -942,6 +948,7 @@
|
||||
sizeof(demote.group));
|
||||
imsg_compose_event(iev_main, IMSG_DEMOTE, 0, 0, -1,
|
||||
&demote, sizeof(demote));
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
diff -Naur relayd.orig/pfe_filter.c relayd/pfe_filter.c
|
||||
--- relayd.orig/pfe_filter.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/pfe_filter.c 2010-06-10 08:51:10.599999014 +0200
|
||||
@@ -97,6 +97,10 @@
|
||||
sizeof(tables[i].pfrt_name))
|
||||
goto toolong;
|
||||
tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
|
||||
+#ifdef __FreeBSD__
|
||||
+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
|
||||
+#endif
|
||||
+ tables[i].pfrt_anchor, tables[i].pfrt_name);
|
||||
i++;
|
||||
}
|
||||
if (i != env->sc_rdrcount)
|
||||
@@ -280,12 +284,11 @@
|
||||
}
|
||||
|
||||
psnk.psnk_af = host->conf.ss.ss_family;
|
||||
- psnk.psnk_killed = 0;
|
||||
|
||||
if (ioctl(env->sc_pf->dev,
|
||||
DIOCKILLSRCNODES, &psnk) == -1)
|
||||
fatal("kill_srcnodes: cannot kill src nodes");
|
||||
- cnt += psnk.psnk_killed;
|
||||
+ cnt += psnk.psnk_af;
|
||||
}
|
||||
|
||||
return (cnt);
|
||||
@@ -370,7 +373,11 @@
|
||||
struct sockaddr_in6 *sain6;
|
||||
struct address *address;
|
||||
char anchor[PF_ANCHOR_NAME_SIZE];
|
||||
+#ifndef __FreeBSD__
|
||||
int rs;
|
||||
+#else
|
||||
+ int rs = 0;
|
||||
+#endif
|
||||
struct table *t = rdr->table;
|
||||
|
||||
if (!(env->sc_flags & F_NEEDPF))
|
||||
@@ -418,7 +425,9 @@
|
||||
|
||||
/* Use sloppy state handling for half connections */
|
||||
rio.rule.keep_state = PF_STATE_NORMAL;
|
||||
+#ifdef PFRULE_STATESLOPPY
|
||||
rio.rule.rule_flag = PFRULE_STATESLOPPY;
|
||||
+#endif
|
||||
break;
|
||||
default:
|
||||
fatalx("sync_ruleset: invalid forward mode");
|
||||
@@ -437,7 +446,9 @@
|
||||
rio.rule.dst.port_op = address->port.op;
|
||||
rio.rule.dst.port[0] = address->port.val[0];
|
||||
rio.rule.dst.port[1] = address->port.val[1];
|
||||
+#if 0
|
||||
rio.rule.rtableid = -1; /* stay in the main routing table */
|
||||
+#endif
|
||||
|
||||
if (rio.rule.proto == IPPROTO_TCP)
|
||||
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
|
||||
diff -Naur relayd.orig/relay.c relayd/relay.c
|
||||
--- relayd.orig/relay.c 2010-06-10 08:50:20.371085750 +0200
|
||||
+++ relayd/relay.c 2010-06-10 08:50:24.492564339 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
@@ -683,6 +687,7 @@
|
||||
&val, sizeof(val)) == -1)
|
||||
goto bad;
|
||||
}
|
||||
+#ifndef __FreeBSD__
|
||||
if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
|
||||
if (proto->tcpflags & TCPFLAG_NSACK)
|
||||
val = 0;
|
||||
@@ -692,6 +697,7 @@
|
||||
&val, sizeof(val)) == -1)
|
||||
goto bad;
|
||||
}
|
||||
+#endif
|
||||
|
||||
return (s);
|
||||
|
||||
@@ -1027,7 +1033,11 @@
|
||||
}
|
||||
if (strstr(val, "$TIMEOUT") != NULL) {
|
||||
snprintf(ibuf, sizeof(ibuf), "%lu",
|
||||
+#ifdef __FreeBSD__
|
||||
+ (unsigned long)rlay->rl_conf.timeout.tv_sec);
|
||||
+#else
|
||||
rlay->rl_conf.timeout.tv_sec);
|
||||
+#endif
|
||||
if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
|
||||
return (NULL);
|
||||
}
|
||||
@@ -1624,7 +1634,11 @@
|
||||
switch (type) {
|
||||
case DIGEST_SHA1:
|
||||
case DIGEST_MD5:
|
||||
+#ifdef __FreeBSD__
|
||||
+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
|
||||
+#else
|
||||
if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
|
||||
+#endif
|
||||
relay_close_http(con, 500,
|
||||
"failed to allocate digest", 0);
|
||||
goto fail;
|
||||
@@ -2642,8 +2656,12 @@
|
||||
goto err;
|
||||
|
||||
/* Set session context to the local relay name */
|
||||
- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
|
||||
- strlen(rlay->rl_conf.name)))
|
||||
+ if (!SSL_CTX_set_session_id_context(ctx,
|
||||
+#ifdef __FreeBSD__
|
||||
+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
|
||||
+#else
|
||||
+ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
|
||||
+#endif
|
||||
goto err;
|
||||
|
||||
return (ctx);
|
||||
@@ -3104,7 +3122,11 @@
|
||||
if (fstat(fd, &st) != 0)
|
||||
goto fail;
|
||||
size = st.st_size;
|
||||
+#ifndef __FreeBSD__
|
||||
if ((buf = (char *)calloc(1, size + 1)) == NULL)
|
||||
+#else
|
||||
+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
|
||||
+#endif
|
||||
goto fail;
|
||||
if (read(fd, buf, size) != size)
|
||||
goto fail;
|
||||
@@ -3112,7 +3134,11 @@
|
||||
close(fd);
|
||||
|
||||
*len = size + 1;
|
||||
+#ifndef __FreeBSD__
|
||||
return (buf);
|
||||
+#else
|
||||
+ return (char *)(buf);
|
||||
+#endif
|
||||
|
||||
fail:
|
||||
if (buf != NULL)
|
||||
@@ -3142,7 +3168,7 @@
|
||||
return (-1);
|
||||
|
||||
if (snprintf(certfile, sizeof(certfile),
|
||||
- "/etc/ssl/%s.crt", hbuf) == -1)
|
||||
+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
|
||||
return (-1);
|
||||
if ((rlay->rl_ssl_cert = relay_load_file(certfile,
|
||||
&rlay->rl_ssl_cert_len)) == NULL)
|
||||
@@ -3150,7 +3176,7 @@
|
||||
log_debug("relay_load_certfiles: using certificate %s", certfile);
|
||||
|
||||
if (snprintf(certfile, sizeof(certfile),
|
||||
- "/etc/ssl/private/%s.key", hbuf) == -1)
|
||||
+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
|
||||
return -1;
|
||||
if ((rlay->rl_ssl_key = relay_load_file(certfile,
|
||||
&rlay->rl_ssl_key_len)) == NULL)
|
||||
diff -Naur relayd.orig/relay_udp.c relayd/relay_udp.c
|
||||
--- relayd.orig/relay_udp.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/relay_udp.c 2010-06-10 08:50:24.493571444 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
diff -Naur relayd.orig/relayd.8 relayd/relayd.8
|
||||
--- relayd.orig/relayd.8 2010-06-10 08:50:20.371085750 +0200
|
||||
+++ relayd/relayd.8 2010-06-10 08:50:24.493571444 +0200
|
||||
@@ -117,7 +117,7 @@
|
||||
.It Fl f Ar file
|
||||
Specify an alternative configuration file.
|
||||
The default is
|
||||
-.Pa /etc/relayd.conf .
|
||||
+.Pa %%PREFIX%%/etc/relayd.conf .
|
||||
.It Fl n
|
||||
Configtest mode.
|
||||
Only check the configuration file for validity.
|
||||
@@ -126,7 +126,7 @@
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width "/var/run/relayd.sockXX" -compact
|
||||
-.It /etc/relayd.conf
|
||||
+.It %%PREFIX%%/etc/relayd.conf
|
||||
Default configuration file.
|
||||
.It /var/run/relayd.sock
|
||||
Unix-domain socket used for communication with
|
||||
diff -Naur relayd.orig/relayd.c relayd/relayd.c
|
||||
--- relayd.orig/relayd.c 2010-06-10 08:50:20.370081718 +0200
|
||||
+++ relayd/relayd.c 2010-06-10 08:50:24.494572682 +0200
|
||||
@@ -17,7 +17,12 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#include <openssl/rand.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/wait.h>
|
||||
@@ -37,7 +42,11 @@
|
||||
#include <unistd.h>
|
||||
#include <ctype.h>
|
||||
#include <pwd.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sha.h>
|
||||
+#else
|
||||
#include <sha1.h>
|
||||
+#endif
|
||||
#include <md5.h>
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
@@ -126,6 +135,11 @@
|
||||
int c;
|
||||
int debug;
|
||||
u_int32_t opts;
|
||||
+#ifdef __FreeBSD__
|
||||
+#if __FreeBSD_version > 800040
|
||||
+ u_int32_t rnd[256];
|
||||
+#endif
|
||||
+#endif
|
||||
struct relayd *env;
|
||||
const char *conffile;
|
||||
struct event ev_sigint;
|
||||
@@ -196,6 +210,16 @@
|
||||
|
||||
log_info("startup");
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#if __FreeBSD_version > 800040
|
||||
+ arc4random_stir();
|
||||
+ arc4random_buf(rnd, sizeof(rnd));
|
||||
+ RAND_seed(rnd, sizeof(rnd));
|
||||
+#else
|
||||
+ RAND_load_file("/dev/random",2048);
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC,
|
||||
pipe_parent2pfe) == -1)
|
||||
fatal("socketpair");
|
||||
@@ -292,9 +316,10 @@
|
||||
iev_hce->handler, iev_hce);
|
||||
event_add(&iev_hce->ev, NULL);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
if (env->sc_flags & F_DEMOTE)
|
||||
carp_demote_reset(env->sc_demote_group, 0);
|
||||
-
|
||||
+#endif
|
||||
event_dispatch();
|
||||
|
||||
return (0);
|
||||
@@ -319,9 +344,11 @@
|
||||
} while (pid != -1 || (pid == -1 && errno == EINTR));
|
||||
|
||||
control_cleanup();
|
||||
+#ifndef __FreeBSD__
|
||||
carp_demote_shutdown();
|
||||
if (env->sc_flags & F_DEMOTE)
|
||||
carp_demote_reset(env->sc_demote_group, 128);
|
||||
+#endif
|
||||
log_info("terminating");
|
||||
exit(0);
|
||||
}
|
||||
@@ -383,8 +410,10 @@
|
||||
memcpy(&env->sc_proto_default, &new_env->sc_proto_default,
|
||||
sizeof(env->sc_proto_default));
|
||||
env->sc_prefork_relay = new_env->sc_prefork_relay;
|
||||
+#ifndef __FreeBSD__
|
||||
(void)strlcpy(env->sc_demote_group, new_env->sc_demote_group,
|
||||
sizeof(env->sc_demote_group));
|
||||
+#endif
|
||||
|
||||
env->sc_tables = new_env->sc_tables;
|
||||
env->sc_rdrs = new_env->sc_rdrs;
|
||||
@@ -610,7 +639,9 @@
|
||||
struct imsgbuf *ibuf;
|
||||
struct imsg imsg;
|
||||
ssize_t n;
|
||||
+#ifndef __FreeBSD__
|
||||
struct ctl_demote demote;
|
||||
+#endif
|
||||
|
||||
iev = ptr;
|
||||
ibuf = &iev->ibuf;
|
||||
@@ -638,6 +669,7 @@
|
||||
break;
|
||||
|
||||
switch (imsg.hdr.type) {
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_DEMOTE:
|
||||
if (imsg.hdr.len - IMSG_HEADER_SIZE !=
|
||||
sizeof(demote))
|
||||
@@ -646,6 +678,7 @@
|
||||
memcpy(&demote, imsg.data, sizeof(demote));
|
||||
carp_demote_set(demote.group, demote.level);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CTL_RELOAD:
|
||||
/*
|
||||
* so far we only get here if no L7 (relay) is done.
|
||||
@@ -709,9 +742,11 @@
|
||||
imsg_compose_event(iev_hce, IMSG_SCRIPT,
|
||||
0, 0, -1, &scr, sizeof(scr));
|
||||
break;
|
||||
+/*
|
||||
case IMSG_SNMPSOCK:
|
||||
(void)snmp_sendsock(iev);
|
||||
break;
|
||||
+*/
|
||||
default:
|
||||
log_debug("main_dispatch_hce: unexpected imsg %d",
|
||||
imsg.hdr.type);
|
||||
@@ -1021,7 +1056,11 @@
|
||||
{
|
||||
switch (type) {
|
||||
case DIGEST_SHA1:
|
||||
+#ifdef __FreeBSD__
|
||||
+ return (SHA1_Data(data, len, buf));
|
||||
+#else
|
||||
return (SHA1Data(data, len, buf));
|
||||
+#endif
|
||||
break;
|
||||
case DIGEST_MD5:
|
||||
return (MD5Data(data, len, buf));
|
||||
@@ -1258,9 +1297,17 @@
|
||||
bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
|
||||
bnd->bnd_proto)) == -1)
|
||||
goto fail;
|
||||
+#ifdef SO_BINDANY
|
||||
if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
|
||||
&v, sizeof(v)) == -1)
|
||||
goto fail;
|
||||
+#else
|
||||
+#ifdef IP_BINDANY
|
||||
+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
|
||||
+ &v, sizeof(v)) == -1)
|
||||
+ goto fail;
|
||||
+#endif
|
||||
+#endif
|
||||
if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
|
||||
bnd->bnd_ss.ss_len) == -1)
|
||||
goto fail;
|
||||
diff -Naur relayd.orig/relayd.conf.5 relayd/relayd.conf.5
|
||||
--- relayd.orig/relayd.conf.5 2010-06-10 08:50:20.371085750 +0200
|
||||
+++ relayd/relayd.conf.5 2010-06-10 08:50:24.495576434 +0200
|
||||
@@ -78,7 +78,7 @@
|
||||
.Ic include
|
||||
keyword, for example:
|
||||
.Bd -literal -offset indent
|
||||
-include "/etc/relayd.conf.local"
|
||||
+include "%%PREFIX%%/etc/relayd.conf.local"
|
||||
.Ed
|
||||
.Sh MACROS
|
||||
Macros can be defined that will later be expanded in context.
|
||||
@@ -103,17 +103,6 @@
|
||||
.Sh GLOBAL CONFIGURATION
|
||||
Here are the settings that can be set globally:
|
||||
.Bl -tag -width Ds
|
||||
-.It Ic demote Ar group
|
||||
-Enable the global
|
||||
-.Xr carp 4
|
||||
-demotion option, resetting the carp demotion counter for the
|
||||
-specified interface group to zero on startup and to 128 on shutdown of
|
||||
-the daemon.
|
||||
-For more information on interface groups,
|
||||
-see the
|
||||
-.Ic group
|
||||
-keyword in
|
||||
-.Xr ifconfig 8 .
|
||||
.It Ic interval Ar number
|
||||
Set the interval in seconds at which the hosts will be checked.
|
||||
The default interval is 10 seconds.
|
||||
@@ -143,15 +132,6 @@
|
||||
.Xr relayd 8
|
||||
runs 5 relay processes by default and every process will handle
|
||||
all configured relays.
|
||||
-.It Ic send trap
|
||||
-Send an SNMP trap when the state of a host changes.
|
||||
-.Xr relayd 8
|
||||
-will try to connect to
|
||||
-.Xr snmpd 8
|
||||
-and request it send a trap to the registered trap receivers;
|
||||
-see
|
||||
-.Xr snmpd.conf 5
|
||||
-for more information about the configuration.
|
||||
.It Ic timeout Ar number
|
||||
Set the global timeout in milliseconds for checks.
|
||||
This can be overridden by the timeout value in the table definitions.
|
||||
@@ -349,17 +329,6 @@
|
||||
.Pp
|
||||
The following general table options are available:
|
||||
.Bl -tag -width Ds
|
||||
-.It Ic demote Ar group
|
||||
-Enable the per-table
|
||||
-.Xr carp 4
|
||||
-demotion option.
|
||||
-This will increment the carp demotion counter for the
|
||||
-specified interface group if all hosts in the table are down.
|
||||
-For more information on interface groups,
|
||||
-see the
|
||||
-.Ic group
|
||||
-keyword in
|
||||
-.Xr ifconfig 8 .
|
||||
.It Ic interval Ar number
|
||||
Override the global interval and specify one for this table.
|
||||
It must be a multiple of the global interval.
|
||||
@@ -604,9 +573,9 @@
|
||||
keyword is present, the relay will accept connections using the
|
||||
encrypted SSL protocol.
|
||||
The relay will look up a private key in
|
||||
-.Pa /etc/ssl/private/address.key
|
||||
+.Pa %%PREFIX%%/etc/ssl/private/address.key
|
||||
and a public certificate in
|
||||
-.Pa /etc/ssl/address.crt ,
|
||||
+.Pa %%PREFIX%%/etc/ssl/address.crt ,
|
||||
where
|
||||
.Ar address
|
||||
is the specified IP address of the relay to listen on.
|
||||
@@ -955,9 +924,6 @@
|
||||
This option enables CA verification in SSL client mode.
|
||||
The daemon will load the CA (Certificate Authority) certificates from
|
||||
the specified path to verify the server certificates.
|
||||
-.Ox
|
||||
-provides a default CA bundle in
|
||||
-.Pa /etc/ssl/cert.pem .
|
||||
.It Ic ciphers Ar string
|
||||
Set the string defining the SSL cipher suite.
|
||||
If not specified, the default value
|
||||
@@ -1036,22 +1002,19 @@
|
||||
.El
|
||||
.El
|
||||
.Sh FILES
|
||||
-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
|
||||
-.It Pa /etc/relayd.conf
|
||||
+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
|
||||
+.It Pa %%PREFIX%%/etc/relayd.conf
|
||||
.Xr relayd 8
|
||||
configuration file.
|
||||
.Pp
|
||||
.It Pa /etc/services
|
||||
Service name database.
|
||||
.Pp
|
||||
-.It Pa /etc/ssl/address.crt
|
||||
-.It Pa /etc/ssl/private/address.key
|
||||
+.It Pa %%PREFIX%%/etc/ssl/address.crt
|
||||
+.It Pa %%PREFIX%%/etc/ssl/private/address.key
|
||||
Location of the relay SSL server certificates, where
|
||||
.Ar address
|
||||
is the configured IP address of the relay.
|
||||
-.It Pa /etc/ssl/cert.pem
|
||||
-Default location of the CA bundle that can be used with
|
||||
-.Xr relayd 8 .
|
||||
.El
|
||||
.Sh EXAMPLES
|
||||
This configuration file would create a redirection service
|
||||
@@ -1146,7 +1109,6 @@
|
||||
.Sh SEE ALSO
|
||||
.Xr relayctl 8 ,
|
||||
.Xr relayd 8 ,
|
||||
-.Xr snmpd 8 ,
|
||||
.Xr ssl 8
|
||||
.Sh HISTORY
|
||||
The
|
||||
diff -Naur relayd.orig/relayd.h relayd/relayd.h
|
||||
--- relayd.orig/relayd.h 2010-06-10 08:50:20.372089782 +0200
|
||||
+++ relayd/relayd.h 2010-06-10 08:50:24.496580466 +0200
|
||||
@@ -19,10 +19,18 @@
|
||||
*/
|
||||
|
||||
#include <sys/tree.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#include <sys/queue.h>
|
||||
+#endif
|
||||
|
||||
#include <imsg.h>
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
|
||||
+#else
|
||||
#define CONF_FILE "/etc/relayd.conf"
|
||||
+#endif
|
||||
#define RELAYD_SOCKET "/var/run/relayd.sock"
|
||||
#define PF_SOCKET "/dev/pf"
|
||||
#define RELAYD_USER "_relayd"
|
||||
@@ -57,7 +65,18 @@
|
||||
#define PURGE_PROTOS 0x08
|
||||
#define PURGE_EVERYTHING 0xff
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
#define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
|
||||
+#else
|
||||
+#define SIMPLEQ_HEAD STAILQ_HEAD
|
||||
+#define SIMPLEQ_FIRST STAILQ_FIRST
|
||||
+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
|
||||
+#define SIMPLEQ_ENTRY STAILQ_ENTRY
|
||||
+#define SIMPLEQ_INIT STAILQ_INIT
|
||||
+#define SIMPLEQ_EMPTY STAILQ_EMPTY
|
||||
+#define SIMPLEQ_NEXT STAILQ_NEXT
|
||||
+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
|
||||
+#endif
|
||||
|
||||
#if DEBUG > 1
|
||||
#define DPRINTF log_debug
|
||||
@@ -607,10 +626,11 @@
|
||||
struct event sc_statev;
|
||||
struct timeval sc_statinterval;
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
int sc_snmp;
|
||||
struct event sc_snmpto;
|
||||
struct event sc_snmpev;
|
||||
-
|
||||
+#endif
|
||||
int sc_has_icmp;
|
||||
int sc_has_icmp6;
|
||||
struct ctl_icmp_event sc_icmp_send;
|
||||
@@ -688,7 +708,9 @@
|
||||
IMSG_HOST_STATUS, /* notifies from hce to pfe */
|
||||
IMSG_SYNC,
|
||||
IMSG_NATLOOK,
|
||||
+#ifndef __FreeBSD__
|
||||
IMSG_DEMOTE,
|
||||
+#endif
|
||||
IMSG_STATISTICS,
|
||||
IMSG_RECONF, /* reconfiguration notifies */
|
||||
IMSG_RECONF_TABLE,
|
||||
@@ -704,7 +726,9 @@
|
||||
IMSG_RECONF_RELAY,
|
||||
IMSG_RECONF_END,
|
||||
IMSG_SCRIPT,
|
||||
+#ifndef __FreeBSD__
|
||||
IMSG_SNMPSOCK,
|
||||
+#endif
|
||||
IMSG_BINDANY
|
||||
};
|
||||
|
||||
@@ -857,10 +881,16 @@
|
||||
void pn_unref(u_int16_t);
|
||||
void pn_ref(u_int16_t);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
/* snmp.c */
|
||||
void snmp_init(struct relayd *, struct imsgev *);
|
||||
int snmp_sendsock(struct imsgev *);
|
||||
void snmp_hosttrap(struct table *, struct host *);
|
||||
+#else
|
||||
+#if __FreeBSD_version < 800041
|
||||
+u_int32_t arc4random_uniform(u_int32_t upper_bound);
|
||||
+#endif
|
||||
+#endif
|
||||
|
||||
/* shuffle.c */
|
||||
void shuffle_init(struct shuffle *);
|
@ -1,56 +1,24 @@
|
||||
--- relayctl/parser.c.orig 2010-05-31 07:38:49.928320202 +0000
|
||||
+++ relayctl/parser.c 2010-05-31 07:41:05.348576930 +0000
|
||||
@@ -68,6 +68,7 @@
|
||||
static const struct token t_rdr_id[];
|
||||
static const struct token t_table_id[];
|
||||
static const struct token t_host_id[];
|
||||
+static const struct token t_log[];
|
||||
--- relayctl/parser.c.orig 2011-05-19 10:56:49.000000000 +0200
|
||||
+++ relayctl/parser.c 2011-05-22 10:51:26.683383150 +0200
|
||||
@@ -18,7 +18,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
static const struct token t_main[] = {
|
||||
{KEYWORD, "monitor", MONITOR, NULL},
|
||||
@@ -78,6 +79,7 @@
|
||||
{KEYWORD, "redirect", NONE, t_rdr},
|
||||
{KEYWORD, "table", NONE, t_table},
|
||||
{KEYWORD, "host", NONE, t_host},
|
||||
+ {KEYWORD, "log", NONE, t_log},
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
|
||||
@@ -87,7 +91,9 @@
|
||||
{KEYWORD, "hosts", SHOW_HOSTS, NULL},
|
||||
{KEYWORD, "redirects", SHOW_RDRS, NULL},
|
||||
{KEYWORD, "relays", SHOW_RELAYS, NULL},
|
||||
+#ifndef __FreeBSD__
|
||||
{KEYWORD, "routers", SHOW_ROUTERS, NULL},
|
||||
+#endif
|
||||
{KEYWORD, "sessions", SHOW_SESSIONS, NULL},
|
||||
{ENDTOKEN, "", NONE, NULL}
|
||||
};
|
||||
|
||||
@@ -126,11 +128,17 @@
|
||||
{ENDTOKEN, "", NONE, NULL}
|
||||
};
|
||||
|
||||
+static const struct token t_log[] = {
|
||||
+ {KEYWORD, "verbose", LOG_VERBOSE, NULL},
|
||||
+ {KEYWORD, "brief", LOG_BRIEF, NULL},
|
||||
+ {ENDTOKEN, "", NONE, NULL}
|
||||
+};
|
||||
+
|
||||
static struct parse_result res;
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
-const struct token *match_token(const char *, const struct token []);
|
||||
-void show_valid_args(const struct token []);
|
||||
+const struct token *match_token(const char *, const struct token *);
|
||||
+void show_valid_args(const struct token *);
|
||||
#endif
|
||||
|
||||
struct parse_result *
|
||||
@@ -166,7 +174,7 @@
|
||||
}
|
||||
|
||||
const struct token *
|
||||
-match_token(const char *word, const struct token table[])
|
||||
+match_token(const char *word, const struct token *table)
|
||||
{
|
||||
u_int i, match;
|
||||
const struct token *t = NULL;
|
||||
@@ -243,7 +251,7 @@
|
||||
}
|
||||
|
||||
void
|
||||
-show_valid_args(const struct token table[])
|
||||
+show_valid_args(const struct token *table)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
@ -1,22 +1,12 @@
|
||||
--- relayctl/parser.h.orig 2010-05-31 07:38:49.934576348 +0000
|
||||
+++ relayctl/parser.h 2010-05-31 07:40:47.494152077 +0000
|
||||
@@ -32,7 +32,9 @@
|
||||
SHUTDOWN,
|
||||
POLL,
|
||||
RELOAD,
|
||||
- MONITOR
|
||||
+ MONITOR,
|
||||
+ LOG_VERBOSE,
|
||||
+ LOG_BRIEF
|
||||
};
|
||||
|
||||
struct parse_result {
|
||||
@@ -42,6 +44,6 @@
|
||||
|
||||
struct parse_result *parse(int, char *[]);
|
||||
#ifndef __FreeBSD__
|
||||
-const struct token *match_token(const char *, const struct token []);
|
||||
-void show_valid_args(const struct token []);
|
||||
+const struct token *match_token(const char *, const struct token *);
|
||||
+void show_valid_args(const struct token *);
|
||||
#endif
|
||||
--- relayctl/parser.h.orig 2011-05-22 10:56:33.769045780 +0200
|
||||
+++ relayctl/parser.h 2011-05-22 10:56:46.122442873 +0200
|
||||
@@ -23,7 +23,9 @@
|
||||
SHOW_RDRS,
|
||||
SHOW_RELAYS,
|
||||
SHOW_SESSIONS,
|
||||
+#ifndef __FreeBSD__
|
||||
SHOW_ROUTERS,
|
||||
+#endif
|
||||
RDR_DISABLE,
|
||||
RDR_ENABLE,
|
||||
TABLE_DISABLE,
|
||||
|
17
net/relayd/files/patch-relayctl-relayctl.8
Normal file
17
net/relayd/files/patch-relayctl-relayctl.8
Normal file
@ -0,0 +1,17 @@
|
||||
--- relayctl/relayctl.8.orig 2011-05-19 10:56:49.000000000 +0200
|
||||
+++ relayctl/relayctl.8 2011-05-22 10:43:42.420854658 +0200
|
||||
@@ -78,13 +78,10 @@
|
||||
Show detailed status of relays including the current and average
|
||||
access statistics.
|
||||
The statistics will be updated every minute.
|
||||
-.It Cm show routers
|
||||
-Show detailed status of routers including the configured network
|
||||
-routes.
|
||||
.It Cm show sessions
|
||||
Dump the complete list of running relay sessions.
|
||||
.It Cm show summary
|
||||
-Display a list of all relays, redirections, routers, tables, and hosts.
|
||||
+Display a list of all relays, redirections, tables, and hosts.
|
||||
.It Cm table disable Op Ar name | id
|
||||
Disable a table.
|
||||
Consider all hosts disabled.
|
@ -1,61 +1,83 @@
|
||||
--- relayctl/relayctl.c.orig 2010-05-31 09:31:42.351734730 +0200
|
||||
+++ relayctl/relayctl.c 2010-05-31 09:31:34.629284461 +0200
|
||||
@@ -86,6 +86,7 @@
|
||||
};
|
||||
--- relayctl/relayctl.c.orig 2011-05-20 11:43:53.000000000 +0200
|
||||
+++ relayctl/relayctl.c 2011-05-22 11:19:50.925707539 +0200
|
||||
@@ -20,6 +20,9 @@
|
||||
*/
|
||||
|
||||
struct imsgbuf *ibuf;
|
||||
+int error = 0;
|
||||
|
||||
__dead void
|
||||
usage(void)
|
||||
@@ -104,7 +105,7 @@
|
||||
struct imsg imsg;
|
||||
int ctl_sock;
|
||||
int done = 0;
|
||||
- int n;
|
||||
+ int n, verbose = 0;
|
||||
|
||||
/* parse options */
|
||||
if ((res = parse(argc - 1, argv + 1)) == NULL)
|
||||
@@ -185,6 +186,15 @@
|
||||
case MONITOR:
|
||||
imsg_compose(ibuf, IMSG_CTL_NOTIFY, 0, 0, -1, NULL, 0);
|
||||
break;
|
||||
+ case LOG_VERBOSE:
|
||||
+ verbose = 2;
|
||||
+ /* FALLTHROUGH */
|
||||
+ case LOG_BRIEF:
|
||||
+ imsg_compose(ibuf, IMSG_CTL_LOG_VERBOSE, 0, 0, -1,
|
||||
+ &verbose, sizeof(verbose));
|
||||
+ printf("logging request sent.\n");
|
||||
+ done = 1;
|
||||
+ break;
|
||||
}
|
||||
|
||||
while (ibuf->w.queued)
|
||||
@@ -224,6 +234,8 @@
|
||||
done = show_command_output(&imsg);
|
||||
#include <sys/types.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#endif
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
#include <sys/un.h>
|
||||
@@ -141,7 +144,9 @@
|
||||
case SHOW_HOSTS:
|
||||
case SHOW_RDRS:
|
||||
case SHOW_RELAYS:
|
||||
+#ifndef __FreeBSD__
|
||||
case SHOW_ROUTERS:
|
||||
+#endif
|
||||
imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0);
|
||||
printf("%-4s\t%-8s\t%-24s\t%-7s\tStatus\n",
|
||||
"Id", "Type", "Name", "Avlblty");
|
||||
@@ -222,7 +227,9 @@
|
||||
case SHOW_HOSTS:
|
||||
case SHOW_RDRS:
|
||||
case SHOW_RELAYS:
|
||||
+#ifndef __FreeBSD__
|
||||
case SHOW_ROUTERS:
|
||||
+#endif
|
||||
done = show_summary_msg(&imsg, res->action);
|
||||
break;
|
||||
case NONE:
|
||||
+ case LOG_VERBOSE:
|
||||
+ case LOG_BRIEF:
|
||||
break;
|
||||
case MONITOR:
|
||||
done = monitor(&imsg);
|
||||
@@ -235,7 +247,7 @@
|
||||
close(ctl_sock);
|
||||
free(ibuf);
|
||||
case SHOW_SESSIONS:
|
||||
@@ -312,7 +319,11 @@
|
||||
imn = monitor_lookup(imsg->hdr.type);
|
||||
printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
|
||||
imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
|
||||
+#ifdef __FreeBSD__
|
||||
+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
|
||||
+#else
|
||||
printf("\ttimestamp: %u, %s", now, ctime(&now));
|
||||
+#endif
|
||||
if (imn->type == -1)
|
||||
done = 1;
|
||||
if (imn->func != NULL)
|
||||
@@ -328,8 +339,10 @@
|
||||
struct table *table;
|
||||
struct host *host;
|
||||
struct relay *rlay;
|
||||
+#ifndef __FreeBSD__
|
||||
struct router *rt;
|
||||
struct netroute *nr;
|
||||
+#endif
|
||||
struct ctl_stats stats[RELAY_MAXPROC];
|
||||
char name[MAXHOSTNAMELEN];
|
||||
|
||||
- return (0);
|
||||
+ return (error ? 1 : 0);
|
||||
}
|
||||
|
||||
struct imsgname *
|
||||
@@ -431,6 +443,7 @@
|
||||
@@ -394,6 +407,7 @@
|
||||
bcopy(imsg->data, &stats, sizeof(stats));
|
||||
print_statistics(stats);
|
||||
break;
|
||||
case IMSG_CTL_FAIL:
|
||||
printf("command failed\n");
|
||||
+ error++;
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_CTL_ROUTER:
|
||||
if (!(type == SHOW_SUM || type == SHOW_ROUTERS))
|
||||
break;
|
||||
@@ -416,6 +430,7 @@
|
||||
printf("\t%8s\troute: %s/%d\n",
|
||||
"", name, nr->nr_conf.prefixlen);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CTL_END:
|
||||
return (1);
|
||||
default:
|
||||
errx(1, "wrong message in summary: %u", imsg->hdr.type);
|
||||
@@ -557,7 +572,11 @@
|
||||
printf("\t%8s\ttotal: %llu sessions\n"
|
||||
"\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
|
||||
"\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
|
||||
+#ifdef __FreeBSD__
|
||||
+ "", (long long unsigned)crs.cnt,
|
||||
+#else
|
||||
"", crs.cnt,
|
||||
+#endif
|
||||
"", crs.last, crs.interval,
|
||||
crs.last_hour, crs.last_day,
|
||||
"", crs.avg, crs.interval,
|
||||
|
10
net/relayd/files/patch-relayd-carp.c
Normal file
10
net/relayd/files/patch-relayd-carp.c
Normal file
@ -0,0 +1,10 @@
|
||||
--- relayd.orig/carp.c 2011-05-22 01:06:39.463154237 +0200
|
||||
+++ relayd/carp.c 2011-05-22 01:06:54.671017027 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
+#include <sys/queue.h>
|
||||
|
||||
#include <net/if.h>
|
||||
|
@ -1,11 +0,0 @@
|
||||
--- relayd/check_icmp.c.orig 2009-08-07 13:32:54.000000000 +0200
|
||||
+++ relayd/check_icmp.c 2010-05-27 11:22:12.631744485 +0200
|
||||
@@ -150,7 +150,7 @@
|
||||
if (((struct sockaddr *)&host->conf.ss)->sa_family !=
|
||||
cie->af)
|
||||
continue;
|
||||
- if (!(host->flags & F_CHECK_DONE)) {
|
||||
+ if (!(host->flags & (F_CHECK_DONE|F_DISABLE))) {
|
||||
host->up = HOST_DOWN;
|
||||
hce_notify_done(host, he);
|
||||
}
|
@ -1,47 +1,59 @@
|
||||
--- relayd/check_tcp.c.orig 2011-01-15 00:27:09.011450590 +0100
|
||||
+++ relayd/check_tcp.c 2011-01-15 00:42:05.271822942 +0100
|
||||
@@ -50,11 +50,10 @@
|
||||
check_tcp(struct ctl_tcp_event *cte)
|
||||
{
|
||||
int s;
|
||||
- int type;
|
||||
socklen_t len;
|
||||
struct timeval tv;
|
||||
struct linger lng;
|
||||
- int he = HCE_TCP_CONNECT_ERROR;
|
||||
+ int he = HCE_TCP_SOCKET_OPTION;
|
||||
--- relayd.orig/check_tcp.c 2011-05-22 01:06:39.463154237 +0200
|
||||
+++ relayd/check_tcp.c 2011-05-22 01:06:54.673025092 +0200
|
||||
@@ -31,7 +31,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <fnmatch.h>
|
||||
-#include <sha1.h>
|
||||
+#include <sha.h>
|
||||
|
||||
switch (cte->host->conf.ss.ss_family) {
|
||||
case AF_INET:
|
||||
@@ -69,17 +68,18 @@
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len;
|
||||
@@ -287,7 +287,11 @@
|
||||
if (b == NULL)
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
+#ifndef __FreeBSD__
|
||||
if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
|
||||
+#else
|
||||
+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
|
||||
+#endif
|
||||
cte->host->he = HCE_SEND_EXPECT_OK;
|
||||
cte->host->up = HOST_UP;
|
||||
return (0);
|
||||
@@ -320,7 +324,11 @@
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
|
||||
- if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1)
|
||||
+ if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) {
|
||||
+ if (errno == EMFILE || errno == ENFILE)
|
||||
+ he = HCE_TCP_SOCKET_LIMIT;
|
||||
+ else
|
||||
+ he = HCE_TCP_SOCKET_ERROR;
|
||||
goto bad;
|
||||
+ }
|
||||
+#ifndef __FreeBSD__
|
||||
head = cte->buf->buf;
|
||||
+#else
|
||||
+ head = (char *)cte->buf->buf;
|
||||
+#endif
|
||||
host = cte->host;
|
||||
host->he = HCE_HTTP_CODE_ERROR;
|
||||
|
||||
bzero(&lng, sizeof(lng));
|
||||
if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
|
||||
goto bad;
|
||||
@@ -372,7 +380,11 @@
|
||||
fatal("out of memory");
|
||||
*b = '\0';
|
||||
|
||||
- type = 1;
|
||||
- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &type, sizeof(type)) == -1)
|
||||
- goto bad;
|
||||
-
|
||||
if (cte->host->conf.ttl > 0) {
|
||||
if (setsockopt(s, IPPROTO_IP, IP_TTL,
|
||||
&cte->host->conf.ttl, sizeof(int)) == -1)
|
||||
@@ -99,6 +99,7 @@
|
||||
+#ifndef __FreeBSD__
|
||||
head = cte->buf->buf;
|
||||
+#else
|
||||
+ head = (char *)cte->buf->buf;
|
||||
+#endif
|
||||
host = cte->host;
|
||||
host->he = HCE_HTTP_DIGEST_ERROR;
|
||||
|
||||
cte->buf = NULL;
|
||||
cte->host->up = HOST_UP;
|
||||
+ event_del(&cte->ev);
|
||||
event_set(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_write, cte);
|
||||
event_add(&cte->ev, &tv);
|
||||
return;
|
||||
@@ -384,7 +396,11 @@
|
||||
}
|
||||
head += strlen("\r\n\r\n");
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
|
||||
+#else
|
||||
+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
|
||||
+#endif
|
||||
|
||||
if (strcmp(cte->table->conf.digest, digest)) {
|
||||
log_warnx("%s: %s failed (wrong digest)",
|
||||
|
62
net/relayd/files/patch-relayd-config.c
Normal file
62
net/relayd/files/patch-relayd-config.c
Normal file
@ -0,0 +1,62 @@
|
||||
--- relayd.orig/config.c 2011-05-22 01:06:39.463154237 +0200
|
||||
+++ relayd/config.c 2011-05-22 01:18:41.041076104 +0200
|
||||
@@ -118,6 +118,7 @@
|
||||
RB_INIT(&env->sc_proto_default.request_tree);
|
||||
RB_INIT(&env->sc_proto_default.response_tree);
|
||||
}
|
||||
+#ifndef __FreeBSD__
|
||||
if (what & CONFIG_RTS) {
|
||||
if ((env->sc_rts =
|
||||
calloc(1, sizeof(*env->sc_rts))) == NULL)
|
||||
@@ -130,7 +131,7 @@
|
||||
return (-1);
|
||||
TAILQ_INIT(env->sc_routes);
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -143,8 +144,10 @@
|
||||
struct address *virt;
|
||||
struct protocol *proto;
|
||||
struct relay *rlay;
|
||||
+#ifndef __FreeBSD__
|
||||
struct netroute *nr;
|
||||
struct router *rt;
|
||||
+#endif
|
||||
u_int what;
|
||||
|
||||
what = ps->ps_what[privsep_process] & reset;
|
||||
@@ -181,6 +184,7 @@
|
||||
}
|
||||
env->sc_protocount = 0;
|
||||
}
|
||||
+#ifndef __FreeBSD__
|
||||
if (what & CONFIG_RTS && env->sc_rts != NULL) {
|
||||
while ((rt = TAILQ_FIRST(env->sc_rts)) != NULL) {
|
||||
TAILQ_REMOVE(env->sc_rts, rt, rt_entry);
|
||||
@@ -203,6 +207,7 @@
|
||||
}
|
||||
env->sc_routecount = 0;
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
|
||||
int
|
||||
@@ -476,6 +481,7 @@
|
||||
return (0);
|
||||
}
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
int
|
||||
config_setrt(struct relayd *env, struct router *rt)
|
||||
{
|
||||
@@ -570,6 +576,7 @@
|
||||
|
||||
return (0);
|
||||
}
|
||||
+#endif
|
||||
|
||||
int
|
||||
config_setproto(struct relayd *env, struct protocol *proto)
|
@ -1,49 +0,0 @@
|
||||
--- relayd/control.c.orig 2010-05-31 09:31:24.548916055 +0000
|
||||
+++ relayd/control.c 2010-05-31 09:31:09.036333394 +0000
|
||||
@@ -136,13 +136,13 @@
|
||||
if ((connfd = accept(listenfd,
|
||||
(struct sockaddr *)&sun, &len)) == -1) {
|
||||
if (errno != EWOULDBLOCK && errno != EINTR)
|
||||
- log_warn("control_accept");
|
||||
+ log_warn("control_accept: accept");
|
||||
return;
|
||||
}
|
||||
|
||||
session_socket_blockmode(connfd, BM_NONBLOCK);
|
||||
|
||||
- if ((c = malloc(sizeof(struct ctl_conn))) == NULL) {
|
||||
+ if ((c = calloc(1, sizeof(struct ctl_conn))) == NULL) {
|
||||
close(connfd);
|
||||
log_warn("control_accept");
|
||||
return;
|
||||
@@ -196,6 +196,7 @@
|
||||
struct imsg imsg;
|
||||
struct ctl_id id;
|
||||
int n;
|
||||
+ int verbose;
|
||||
struct relayd *env = arg;
|
||||
|
||||
if ((c = control_connbyfd(fd)) == NULL) {
|
||||
@@ -356,6 +357,22 @@
|
||||
}
|
||||
c->flags |= CTL_CONN_NOTIFY;
|
||||
break;
|
||||
+ case IMSG_CTL_LOG_VERBOSE:
|
||||
+ if (imsg.hdr.len != IMSG_HEADER_SIZE +
|
||||
+ sizeof(verbose))
|
||||
+ break;
|
||||
+
|
||||
+ memcpy(&verbose, imsg.data, sizeof(verbose));
|
||||
+
|
||||
+ imsg_compose_event(iev_hce, IMSG_CTL_LOG_VERBOSE,
|
||||
+ 0, 0, -1, &verbose, sizeof(verbose));
|
||||
+ imsg_compose_event(iev_main, IMSG_CTL_LOG_VERBOSE,
|
||||
+ 0, 0, -1, &verbose, sizeof(verbose));
|
||||
+ memcpy(imsg.data, &verbose, sizeof(verbose));
|
||||
+ control_imsg_forward(&imsg);
|
||||
+
|
||||
+ log_verbose(verbose);
|
||||
+ break;
|
||||
default:
|
||||
log_debug("control_dispatch_imsg: "
|
||||
"error handling imsg %d", imsg.hdr.type);
|
@ -1,76 +1,35 @@
|
||||
--- relayd/hce.c.orig 2011-01-15 00:27:09.012456298 +0100
|
||||
+++ relayd/hce.c 2011-01-15 00:40:15.058397878 +0100
|
||||
@@ -62,6 +62,11 @@
|
||||
case SIGTERM:
|
||||
hce_shutdown();
|
||||
break;
|
||||
+ case SIGCHLD:
|
||||
+ case SIGHUP:
|
||||
+ case SIGPIPE:
|
||||
+ /* ignore */
|
||||
+ break;
|
||||
default:
|
||||
fatalx("hce_sig_handler: unexpected signal");
|
||||
--- relayd.orig/hce.c 2011-05-22 01:06:39.461146172 +0200
|
||||
+++ relayd/hce.c 2011-05-22 01:08:01.230992828 +0200
|
||||
@@ -80,7 +80,9 @@
|
||||
/* Allow maximum available sockets for TCP checks */
|
||||
socket_rlimit(-1);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
snmp_init(env, PROC_PARENT);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -263,8 +265,10 @@
|
||||
print_availability(host->check_cnt, host->up_cnt));
|
||||
}
|
||||
@@ -75,8 +80,6 @@
|
||||
pid_t pid;
|
||||
struct passwd *pw;
|
||||
int i;
|
||||
- struct event ev_sigint;
|
||||
- struct event ev_sigterm;
|
||||
|
||||
switch (pid = fork()) {
|
||||
case -1:
|
||||
@@ -117,6 +120,9 @@
|
||||
+#ifndef __FreeBSD__
|
||||
if (host->last_up != host->up)
|
||||
snmp_hosttrap(env, table, host);
|
||||
+#endif
|
||||
|
||||
event_init();
|
||||
host->last_up = host->up;
|
||||
|
||||
+ /* Allow maximum available sockets for TCP checks */
|
||||
+ socket_rlimit(-1);
|
||||
+
|
||||
if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL ||
|
||||
(iev_main = calloc(1, sizeof(struct imsgev))) == NULL)
|
||||
fatal("hce");
|
||||
@@ -135,12 +141,17 @@
|
||||
iev_main->handler, iev_main);
|
||||
event_add(&iev_main->ev, NULL);
|
||||
|
||||
- signal_set(&ev_sigint, SIGINT, hce_sig_handler, NULL);
|
||||
- signal_set(&ev_sigterm, SIGTERM, hce_sig_handler, NULL);
|
||||
- signal_add(&ev_sigint, NULL);
|
||||
- signal_add(&ev_sigterm, NULL);
|
||||
- signal(SIGPIPE, SIG_IGN);
|
||||
- signal(SIGHUP, SIG_IGN);
|
||||
+ signal_set(&env->sc_evsigint, SIGINT, hce_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigterm, SIGTERM, hce_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigchld, SIGCHLD, hce_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsighup, SIGHUP, hce_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigpipe, SIGPIPE, hce_sig_handler, env);
|
||||
+
|
||||
+ signal_add(&env->sc_evsigint, NULL);
|
||||
+ signal_add(&env->sc_evsigterm, NULL);
|
||||
+ signal_add(&env->sc_evsigchld, NULL);
|
||||
+ signal_add(&env->sc_evsighup, NULL);
|
||||
+ signal_add(&env->sc_evsigpipe, NULL);
|
||||
|
||||
/* setup pipes */
|
||||
close(pipe_pfe2hce[1]);
|
||||
@@ -370,6 +381,7 @@
|
||||
objid_t id;
|
||||
struct host *host;
|
||||
struct table *table;
|
||||
+ int verbose;
|
||||
|
||||
iev = ptr;
|
||||
ibuf = &iev->ibuf;
|
||||
@@ -437,6 +449,10 @@
|
||||
table->skipped = 0;
|
||||
hce_launch_checks(-1, EV_TIMEOUT, env);
|
||||
break;
|
||||
+ case IMSG_CTL_LOG_VERBOSE:
|
||||
+ memcpy(&verbose, imsg.data, sizeof(verbose));
|
||||
+ log_verbose(verbose);
|
||||
+ break;
|
||||
default:
|
||||
log_debug("hce_dispatch_msg: unexpected imsg %d",
|
||||
imsg.hdr.type);
|
||||
@@ -350,9 +354,11 @@
|
||||
case IMSG_CFG_HOST:
|
||||
config_gethost(env, imsg);
|
||||
break;
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_SNMPSOCK:
|
||||
snmp_getsock(env, imsg);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CFG_DONE:
|
||||
config_getcfg(env, imsg);
|
||||
hce_setup_events();
|
||||
|
@ -1,58 +1,14 @@
|
||||
--- relayd/log.c.orig 2011-01-15 00:27:09.012456298 +0100
|
||||
+++ relayd/log.c 2011-01-15 00:39:01.553947279 +0100
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "relayd.h"
|
||||
--- relayd.orig/log.c 2011-05-22 01:06:39.461146172 +0200
|
||||
+++ relayd/log.c 2011-05-22 01:06:54.680052759 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
int debug;
|
||||
+int verbose;
|
||||
|
||||
void vlog(int, const char *, va_list);
|
||||
void logit(int, const char *, ...);
|
||||
@@ -55,6 +56,7 @@
|
||||
extern char *__progname;
|
||||
|
||||
debug = n_debug;
|
||||
+ verbose = n_debug;
|
||||
|
||||
if (!debug)
|
||||
openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
|
||||
@@ -63,6 +65,12 @@
|
||||
}
|
||||
|
||||
void
|
||||
+log_verbose(int v)
|
||||
+{
|
||||
+ verbose = v;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
logit(int pri, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
@@ -141,7 +149,7 @@
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
- if (debug > 1) {
|
||||
+ if (verbose > 1) {
|
||||
va_start(ap, emsg);
|
||||
vlog(LOG_DEBUG, emsg, ap);
|
||||
va_end(ap);
|
||||
@@ -192,9 +200,15 @@
|
||||
case HCE_ICMP_WRITE_TIMEOUT:
|
||||
return ("icmp write timeout");
|
||||
break;
|
||||
- case HCE_TCP_CONNECT_ERROR:
|
||||
- return ("tcp connect error");
|
||||
+ case HCE_TCP_SOCKET_ERROR:
|
||||
+ return ("tcp socket error");
|
||||
+ break;
|
||||
+ case HCE_TCP_SOCKET_LIMIT:
|
||||
+ return ("tcp socket limit");
|
||||
break;
|
||||
+ case HCE_TCP_SOCKET_OPTION:
|
||||
+ return ("tcp socket option");
|
||||
+ break;
|
||||
case HCE_TCP_CONNECT_FAIL:
|
||||
return ("tcp connect failed");
|
||||
break;
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/tree.h>
|
||||
|
@ -1,14 +1,249 @@
|
||||
--- relayd/parse.y.orig 2010-05-31 09:00:51.007686324 +0200
|
||||
+++ relayd/parse.y 2010-05-31 09:00:42.736791085 +0200
|
||||
@@ -2003,6 +2006,11 @@
|
||||
bzero(&conf->sc_proto_default, sizeof(conf->sc_proto_default));
|
||||
conf->sc_proto_default.flags = F_USED;
|
||||
conf->sc_proto_default.cache = RELAY_CACHESIZE;
|
||||
+ conf->sc_proto_default.tcpflags = TCPFLAG_DEFAULT;
|
||||
+ conf->sc_proto_default.tcpbacklog = RELAY_BACKLOG;
|
||||
+ conf->sc_proto_default.sslflags = SSLFLAG_DEFAULT;
|
||||
+ (void)strlcpy(conf->sc_proto_default.sslciphers, SSLCIPHERS_DEFAULT,
|
||||
+ sizeof(conf->sc_proto_default.sslciphers));
|
||||
conf->sc_proto_default.type = RELAY_PROTO_TCP;
|
||||
(void)strlcpy(conf->sc_proto_default.name, "default",
|
||||
sizeof(conf->sc_proto_default.name));
|
||||
--- relayd.orig/parse.y 2011-05-22 01:06:39.462150204 +0200
|
||||
+++ relayd/parse.y 2011-05-22 01:06:54.687080706 +0200
|
||||
@@ -35,7 +35,7 @@
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <arpa/nameser.h>
|
||||
-#include <net/route.h>
|
||||
+// FreeBSD #include <net/route.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <unistd.h>
|
||||
@@ -93,8 +93,10 @@
|
||||
objid_t last_host_id = 0;
|
||||
objid_t last_relay_id = 0;
|
||||
objid_t last_proto_id = 0;
|
||||
+/* FreeBSD exclude
|
||||
objid_t last_rt_id = 0;
|
||||
objid_t last_nr_id = 0;
|
||||
+*/
|
||||
|
||||
static struct rdr *rdr = NULL;
|
||||
static struct table *table = NULL;
|
||||
@@ -103,7 +105,9 @@
|
||||
struct relaylist relays;
|
||||
static struct protocol *proto = NULL;
|
||||
static struct protonode node;
|
||||
+/* FreeBSD exclude
|
||||
static struct router *router = NULL;
|
||||
+*/
|
||||
static u_int16_t label = 0;
|
||||
static in_port_t tableport = 0;
|
||||
static int nodedirection;
|
||||
@@ -148,12 +152,20 @@
|
||||
%token CIPHERS CODE COOKIE DEMOTE DIGEST DISABLE ERROR EXPECT
|
||||
%token EXTERNAL FILENAME FILTER FORWARD FROM HASH HEADER HOST ICMP
|
||||
%token INCLUDE INET INET6 INTERFACE INTERVAL IP LABEL LISTEN
|
||||
-%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
|
||||
-%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
|
||||
+// FreeBSD exclude %token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
|
||||
+%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO
|
||||
+// FreeBSD exclude %token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
|
||||
+%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PROTO
|
||||
%token QUERYSTR REAL REDIRECT RELAY REMOVE REQUEST RESPONSE RETRY
|
||||
%token RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SOCKET SPLICE
|
||||
+/* FreeBSD exclude
|
||||
%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ROUTER RTLABEL
|
||||
%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH
|
||||
+*/
|
||||
+// Start FreeBSD include
|
||||
+%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO
|
||||
+%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL
|
||||
+// End FreeBSD include
|
||||
%token <v.string> STRING
|
||||
%token <v.number> NUMBER
|
||||
%type <v.string> hostname interface table
|
||||
@@ -179,7 +191,7 @@
|
||||
| grammar tabledef '\n'
|
||||
| grammar relay '\n'
|
||||
| grammar proto '\n'
|
||||
- | grammar router '\n'
|
||||
+// FreeBSD | grammar router '\n'
|
||||
| grammar error '\n' { file->errors++; }
|
||||
;
|
||||
|
||||
@@ -363,6 +375,7 @@
|
||||
}
|
||||
conf->sc_prefork_relay = $2;
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| DEMOTE STRING {
|
||||
if (loadcfg)
|
||||
break;
|
||||
@@ -386,6 +399,7 @@
|
||||
break;
|
||||
conf->sc_flags |= F_TRAP;
|
||||
}
|
||||
+*/
|
||||
;
|
||||
|
||||
loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
|
||||
@@ -658,6 +672,7 @@
|
||||
bcopy(&$2, &table->conf.timeout,
|
||||
sizeof(struct timeval));
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| DEMOTE STRING {
|
||||
table->conf.flags |= F_DEMOTE;
|
||||
if (strlcpy(table->conf.demote_group, $2,
|
||||
@@ -675,6 +690,7 @@
|
||||
YYERROR;
|
||||
}
|
||||
}
|
||||
+*/
|
||||
| INTERVAL NUMBER {
|
||||
if ($2 < conf->sc_interval.tv_sec ||
|
||||
$2 % conf->sc_interval.tv_sec) {
|
||||
@@ -1261,6 +1277,8 @@
|
||||
rlay->rl_conf.name);
|
||||
YYERROR;
|
||||
}
|
||||
+ if ((rlay->rl_conf.flags & F_NATLOOK) == 0 &&
|
||||
+/* FreeBSD exclude
|
||||
if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) ==
|
||||
(F_NATLOOK|F_DIVERT)) {
|
||||
yyerror("relay %s with conflicting nat lookup "
|
||||
@@ -1268,6 +1286,7 @@
|
||||
YYERROR;
|
||||
}
|
||||
if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) == 0 &&
|
||||
+*/
|
||||
rlay->rl_conf.dstss.ss_family == AF_UNSPEC &&
|
||||
rlay->rl_conf.dsttable == EMPTY_ID) {
|
||||
yyerror("relay %s has no target, rdr, "
|
||||
@@ -1430,11 +1449,13 @@
|
||||
rlay->rl_conf.flags |= F_NATLOOK;
|
||||
rlay->rl_conf.dstretry = $3;
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| DESTINATION retry {
|
||||
conf->sc_flags |= F_NEEDPF;
|
||||
rlay->rl_conf.flags |= F_DIVERT;
|
||||
rlay->rl_conf.dstretry = $2;
|
||||
}
|
||||
+*/
|
||||
| tablespec {
|
||||
if (rlay->rl_backuptable) {
|
||||
yyerror("only one backup table is allowed");
|
||||
@@ -1459,6 +1480,7 @@
|
||||
| HASH { $$ = RELAY_DSTMODE_HASH; }
|
||||
;
|
||||
|
||||
+/* FreeBSD exclude
|
||||
router : ROUTER STRING {
|
||||
struct router *rt = NULL;
|
||||
|
||||
@@ -1594,7 +1616,7 @@
|
||||
| DISABLE { rlay->rl_conf.flags |= F_DISABLE; }
|
||||
| include
|
||||
;
|
||||
-
|
||||
+*/
|
||||
dstaf : /* empty */ {
|
||||
rlay->rl_conf.dstaf.ss_family = AF_UNSPEC;
|
||||
}
|
||||
@@ -1670,6 +1692,7 @@
|
||||
}
|
||||
hst->conf.parentid = $2;
|
||||
}
|
||||
+/* FreeBSD exclude
|
||||
| PRIORITY NUMBER {
|
||||
if (hst->conf.priority) {
|
||||
yyerror("priority already set");
|
||||
@@ -1681,6 +1704,7 @@
|
||||
}
|
||||
hst->conf.priority = $2;
|
||||
}
|
||||
+*/
|
||||
| IP TTL NUMBER {
|
||||
if (hst->conf.ttl) {
|
||||
yyerror("ttl value already set");
|
||||
@@ -1794,8 +1818,10 @@
|
||||
{ "ciphers", CIPHERS },
|
||||
{ "code", CODE },
|
||||
{ "cookie", COOKIE },
|
||||
+/* FreeBSD exclude
|
||||
{ "demote", DEMOTE },
|
||||
{ "destination", DESTINATION },
|
||||
+*/
|
||||
{ "digest", DIGEST },
|
||||
{ "disable", DISABLE },
|
||||
{ "error", ERROR },
|
||||
@@ -1833,7 +1859,7 @@
|
||||
{ "path", PATH },
|
||||
{ "port", PORT },
|
||||
{ "prefork", PREFORK },
|
||||
- { "priority", PRIORITY },
|
||||
+// FreeBSD { "priority", PRIORITY },
|
||||
{ "protocol", PROTO },
|
||||
{ "query", QUERYSTR },
|
||||
{ "real", REAL },
|
||||
@@ -1846,9 +1872,11 @@
|
||||
{ "return", RETURN },
|
||||
{ "roundrobin", ROUNDROBIN },
|
||||
{ "route", ROUTE },
|
||||
+/* FreeBSD exclude
|
||||
{ "router", ROUTER },
|
||||
{ "rtable", RTABLE },
|
||||
{ "rtlabel", RTLABEL },
|
||||
+*/
|
||||
{ "sack", SACK },
|
||||
{ "script", SCRIPT },
|
||||
{ "send", SEND },
|
||||
@@ -1864,7 +1892,7 @@
|
||||
{ "timeout", TIMEOUT },
|
||||
{ "to", TO },
|
||||
{ "transparent", TRANSPARENT },
|
||||
- { "trap", TRAP },
|
||||
+// FreeBSD { "trap", TRAP },
|
||||
{ "ttl", TTL },
|
||||
{ "updates", UPDATES },
|
||||
{ "url", URL },
|
||||
@@ -2096,7 +2124,8 @@
|
||||
(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
|
||||
x != '{' && x != '}' && x != '<' && x != '>' && \
|
||||
x != '!' && x != '=' && x != '#' && \
|
||||
- x != ',' && x != '/'))
|
||||
+ x != ','))
|
||||
+// FreeBSD exclude x != ',' && x != '/'))
|
||||
|
||||
if (isalnum(c) || c == ':' || c == '_') {
|
||||
do {
|
||||
@@ -2240,13 +2269,14 @@
|
||||
loadcfg = 1;
|
||||
errors = 0;
|
||||
last_host_id = last_table_id = last_rdr_id = last_proto_id =
|
||||
- last_relay_id = last_rt_id = last_nr_id = 0;
|
||||
+// FreeBSD last_relay_id = last_rt_id = last_nr_id = 0;
|
||||
+ last_relay_id = 0;
|
||||
|
||||
rdr = NULL;
|
||||
table = NULL;
|
||||
rlay = NULL;
|
||||
proto = NULL;
|
||||
- router = NULL;
|
||||
+// FreeBSD router = NULL;
|
||||
|
||||
if ((file = pushfile(filename, 0)) == NULL)
|
||||
return (-1);
|
||||
@@ -2276,8 +2306,8 @@
|
||||
}
|
||||
|
||||
if (TAILQ_EMPTY(conf->sc_rdrs) &&
|
||||
- TAILQ_EMPTY(conf->sc_relays) &&
|
||||
- TAILQ_EMPTY(conf->sc_rts)) {
|
||||
+ TAILQ_EMPTY(conf->sc_relays) /* FreeBSD exclude &&
|
||||
+ TAILQ_EMPTY(conf->sc_rts) */ ) {
|
||||
log_warnx("no actions, nothing to do");
|
||||
errors++;
|
||||
}
|
||||
@@ -2493,7 +2523,8 @@
|
||||
hints.ai_family = PF_UNSPEC;
|
||||
hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
|
||||
error = getaddrinfo(s, NULL, &hints, &res0);
|
||||
- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
|
||||
+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
|
||||
+ if (error == EAI_AGAIN || error == EAI_NONAME)
|
||||
return (0);
|
||||
if (error) {
|
||||
log_warnx("%s: could not parse \"%s\": %s", __func__, s,
|
||||
|
@ -1,47 +1,109 @@
|
||||
--- relayd/pfe.c.orig 2010-05-31 09:07:56.755288041 +0200
|
||||
+++ relayd/pfe.c 2010-05-31 09:07:52.006100566 +0200
|
||||
@@ -62,6 +62,11 @@
|
||||
case SIGTERM:
|
||||
pfe_shutdown();
|
||||
--- relayd.orig/pfe.c 2011-05-22 01:06:39.464157989 +0200
|
||||
+++ relayd/pfe.c 2011-05-22 01:09:30.589288807 +0200
|
||||
@@ -17,6 +17,9 @@
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/queue.h>
|
||||
+#endif
|
||||
#include <sys/stat.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
@@ -185,12 +188,14 @@
|
||||
case IMSG_CFG_VIRT:
|
||||
config_getvirt(env, imsg);
|
||||
break;
|
||||
+ case SIGCHLD:
|
||||
+ case SIGHUP:
|
||||
+ case SIGPIPE:
|
||||
+ /* ignore */
|
||||
+ break;
|
||||
default:
|
||||
fatalx("pfe_sig_handler: unexpected signal");
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_CFG_ROUTER:
|
||||
config_getrt(env, imsg);
|
||||
break;
|
||||
case IMSG_CFG_ROUTE:
|
||||
config_getroute(env, imsg);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CFG_PROTO:
|
||||
config_getproto(env, imsg);
|
||||
break;
|
||||
@@ -292,8 +297,10 @@
|
||||
struct rdr *rdr;
|
||||
struct host *host;
|
||||
struct relay *rlay;
|
||||
+#ifndef __FreeBSD__
|
||||
struct router *rt;
|
||||
struct netroute *nr;
|
||||
+#endif
|
||||
|
||||
if (env->sc_rdrs == NULL)
|
||||
goto relays;
|
||||
@@ -324,7 +331,11 @@
|
||||
}
|
||||
relays:
|
||||
if (env->sc_relays == NULL)
|
||||
+#ifndef __FreeBSD__
|
||||
goto routers;
|
||||
+#else
|
||||
+ goto end;
|
||||
+#endif
|
||||
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
|
||||
rlay->rl_stats[env->sc_prefork_relay].id = EMPTY_ID;
|
||||
imsg_compose_event(&c->iev, IMSG_CTL_RELAY, 0, 0, -1,
|
||||
@@ -351,6 +362,7 @@
|
||||
0, 0, -1, host, sizeof(*host));
|
||||
}
|
||||
@@ -74,8 +79,6 @@
|
||||
{
|
||||
pid_t pid;
|
||||
struct passwd *pw;
|
||||
- struct event ev_sigint;
|
||||
- struct event ev_sigterm;
|
||||
int i;
|
||||
size_t size;
|
||||
|
||||
@@ -121,12 +124,17 @@
|
||||
+#ifndef __FreeBSD__
|
||||
routers:
|
||||
if (env->sc_rts == NULL)
|
||||
goto end;
|
||||
@@ -370,6 +382,7 @@
|
||||
imsg_compose_event(&c->iev, IMSG_CTL_HOST,
|
||||
0, 0, -1, host, sizeof(*host));
|
||||
}
|
||||
+#endif
|
||||
|
||||
event_init();
|
||||
end:
|
||||
imsg_compose_event(&c->iev, IMSG_CTL_END, 0, 0, -1, NULL, 0);
|
||||
@@ -622,8 +635,10 @@
|
||||
struct table *table;
|
||||
struct ctl_id id;
|
||||
struct imsg imsg;
|
||||
+#ifndef __FreeBSD__
|
||||
struct ctl_demote demote;
|
||||
struct router *rt;
|
||||
+#endif
|
||||
|
||||
- signal_set(&ev_sigint, SIGINT, pfe_sig_handler, NULL);
|
||||
- signal_set(&ev_sigterm, SIGTERM, pfe_sig_handler, NULL);
|
||||
- signal_add(&ev_sigint, NULL);
|
||||
- signal_add(&ev_sigterm, NULL);
|
||||
- signal(SIGPIPE, SIG_IGN);
|
||||
- signal(SIGHUP, SIG_IGN);
|
||||
+ signal_set(&env->sc_evsigint, SIGINT, pfe_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigterm, SIGTERM, pfe_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigchld, SIGCHLD, pfe_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsighup, SIGHUP, pfe_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigpipe, SIGPIPE, pfe_sig_handler, env);
|
||||
+
|
||||
+ signal_add(&env->sc_evsigint, NULL);
|
||||
+ signal_add(&env->sc_evsigterm, NULL);
|
||||
+ signal_add(&env->sc_evsigchld, NULL);
|
||||
+ signal_add(&env->sc_evsighup, NULL);
|
||||
+ signal_add(&env->sc_evsigpipe, NULL);
|
||||
bzero(&id, sizeof(id));
|
||||
bzero(&imsg, sizeof(imsg));
|
||||
@@ -678,6 +693,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
TAILQ_FOREACH(rt, env->sc_rts, rt_entry) {
|
||||
rt->rt_conf.flags &= ~(F_BACKUP);
|
||||
rt->rt_conf.flags &= ~(F_DOWN);
|
||||
@@ -685,6 +701,7 @@
|
||||
if ((rt->rt_gwtable->conf.flags & F_CHANGED))
|
||||
sync_routes(env, rt);
|
||||
}
|
||||
+#endif
|
||||
|
||||
TAILQ_FOREACH(table, env->sc_tables, entry) {
|
||||
if (table->conf.check == CHECK_NOCHECK)
|
||||
@@ -695,6 +712,7 @@
|
||||
*/
|
||||
table->conf.flags &= ~(F_CHANGED);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
/*
|
||||
* handle demotion.
|
||||
*/
|
||||
@@ -717,6 +735,7 @@
|
||||
sizeof(demote.group));
|
||||
proc_compose_imsg(env->sc_ps, PROC_PARENT, -1, IMSG_DEMOTE, -1,
|
||||
&demote, sizeof(demote));
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
/* setup pipes */
|
||||
close(pipe_pfe2hce[0]);
|
||||
|
284
net/relayd/files/patch-relayd-pfe_filter.c
Normal file
284
net/relayd/files/patch-relayd-pfe_filter.c
Normal file
@ -0,0 +1,284 @@
|
||||
--- relayd/pfe_filter.c.orig 2011-05-19 10:56:49.000000000 +0200
|
||||
+++ relayd/pfe_filter.c 2011-05-22 10:32:36.639918375 +0200
|
||||
@@ -24,7 +24,10 @@
|
||||
#include <net/if.h>
|
||||
#include <net/pfvar.h>
|
||||
#include <netinet/in.h>
|
||||
+#ifndef __FreeBSD__
|
||||
+/* New pf */
|
||||
#include <netinet/tcp.h>
|
||||
+#endif
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <limits.h>
|
||||
@@ -43,8 +46,14 @@
|
||||
struct pfdata {
|
||||
int dev;
|
||||
struct pf_anchor *anchor;
|
||||
+#ifndef __FreeBSD__
|
||||
struct pfioc_trans pft;
|
||||
struct pfioc_trans_e pfte;
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ struct pfioc_trans pft[PF_RULESET_MAX];
|
||||
+ struct pfioc_trans_e pfte[PF_RULESET_MAX];
|
||||
+#endif
|
||||
u_int8_t pfused;
|
||||
};
|
||||
|
||||
@@ -103,6 +112,10 @@
|
||||
sizeof(tables[i].pfrt_name))
|
||||
goto toolong;
|
||||
tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
|
||||
+#ifdef __FreeBSD__
|
||||
+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
|
||||
+ tables[i].pfrt_anchor, tables[i].pfrt_name);
|
||||
+#endif
|
||||
i++;
|
||||
}
|
||||
if (i != env->sc_rdrcount)
|
||||
@@ -286,12 +299,18 @@
|
||||
}
|
||||
|
||||
psnk.psnk_af = host->conf.ss.ss_family;
|
||||
+#ifndef __FreeBSD__
|
||||
psnk.psnk_killed = 0;
|
||||
+#endif
|
||||
|
||||
if (ioctl(env->sc_pf->dev,
|
||||
DIOCKILLSRCNODES, &psnk) == -1)
|
||||
fatal("kill_srcnodes: cannot kill src nodes");
|
||||
+#ifndef __FreeBSD__
|
||||
cnt += psnk.psnk_killed;
|
||||
+#else
|
||||
+ cnt += psnk.psnk_af;
|
||||
+#endif
|
||||
}
|
||||
|
||||
return (cnt);
|
||||
@@ -335,6 +354,7 @@
|
||||
int
|
||||
transaction_init(struct relayd *env, const char *anchor)
|
||||
{
|
||||
+#ifndef __FreeBSD__
|
||||
env->sc_pf->pft.size = 1;
|
||||
env->sc_pf->pft.esize = sizeof(env->sc_pf->pfte);
|
||||
env->sc_pf->pft.array = &env->sc_pf->pfte;
|
||||
@@ -347,17 +367,45 @@
|
||||
if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
|
||||
&env->sc_pf->pft) == -1)
|
||||
return (-1);
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < PF_RULESET_MAX; i++) {
|
||||
+ env->sc_pf->pft[i].size = 1;
|
||||
+ env->sc_pf->pft[i].esize = sizeof(env->sc_pf->pfte[i]);
|
||||
+ env->sc_pf->pft[i].array = &env->sc_pf->pfte[i];
|
||||
+
|
||||
+ bzero(&env->sc_pf->pfte[i], sizeof(env->sc_pf->pfte[i]));
|
||||
+ (void)strlcpy(env->sc_pf->pfte[i].anchor,
|
||||
+ anchor, PF_ANCHOR_NAME_SIZE);
|
||||
+ env->sc_pf->pfte[i].rs_num = i;
|
||||
|
||||
+ if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
|
||||
+ &env->sc_pf->pft[i]) == -1)
|
||||
+ return (-1);
|
||||
+ }
|
||||
+#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
transaction_commit(struct relayd *env)
|
||||
{
|
||||
+#ifndef __FreeBSD__
|
||||
if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
|
||||
&env->sc_pf->pft) == -1)
|
||||
return (-1);
|
||||
-
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < PF_RULESET_MAX; i++) {
|
||||
+ if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
|
||||
+ &env->sc_pf->pft[i]) == -1)
|
||||
+ return (-1);
|
||||
+ }
|
||||
+#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -365,10 +413,18 @@
|
||||
sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
|
||||
{
|
||||
struct pfioc_rule rio;
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ struct pfioc_pooladdr pio;
|
||||
+#endif
|
||||
struct sockaddr_in *sain;
|
||||
struct sockaddr_in6 *sain6;
|
||||
struct address *address;
|
||||
char anchor[PF_ANCHOR_NAME_SIZE];
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ int rs = 0;
|
||||
+#endif
|
||||
struct table *t = rdr->table;
|
||||
|
||||
if ((env->sc_flags & F_NEEDPF) == 0)
|
||||
@@ -397,8 +453,14 @@
|
||||
|
||||
TAILQ_FOREACH(address, &rdr->virts, entry) {
|
||||
memset(&rio, 0, sizeof(rio));
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ memset(&pio, 0, sizeof(pio));
|
||||
+#endif
|
||||
(void)strlcpy(rio.anchor, anchor, sizeof(rio.anchor));
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
+ /* New pf */
|
||||
if (rdr->conf.flags & F_MATCH) {
|
||||
rio.rule.action = PF_MATCH;
|
||||
rio.rule.quick = 0;
|
||||
@@ -409,28 +471,61 @@
|
||||
rio.rule.direction = PF_IN;
|
||||
rio.rule.keep_state = PF_STATE_NORMAL;
|
||||
|
||||
+#endif
|
||||
switch (t->conf.fwdmode) {
|
||||
case FWD_NORMAL:
|
||||
+#ifndef __FreeBSD__
|
||||
/* traditional redirection */
|
||||
if (address->ipproto == IPPROTO_TCP) {
|
||||
rio.rule.flags = TH_SYN;
|
||||
rio.rule.flagset = (TH_SYN|TH_ACK);
|
||||
}
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ /* traditional redirection in the rdr-anchor */
|
||||
+ rs = PF_RULESET_RDR;
|
||||
+ rio.rule.action = PF_RDR;
|
||||
+#endif
|
||||
break;
|
||||
case FWD_ROUTE:
|
||||
/* re-route with pf for DSR (direct server return) */
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ rs = PF_RULESET_FILTER;
|
||||
+ rio.rule.action = PF_PASS;
|
||||
+#endif
|
||||
rio.rule.rt = PF_ROUTETO;
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ rio.rule.direction = PF_IN;
|
||||
+ rio.rule.quick = 1; /* force first match */
|
||||
+#endif
|
||||
|
||||
/* Use sloppy state handling for half connections */
|
||||
+#ifdef __FreeBSD__
|
||||
+ /* Old pf */
|
||||
+ rio.rule.keep_state = PF_STATE_NORMAL;
|
||||
+#endif
|
||||
+#ifdef PFRULE_STATESLOPPY
|
||||
rio.rule.rule_flag = PFRULE_STATESLOPPY;
|
||||
+#endif
|
||||
break;
|
||||
default:
|
||||
fatalx("sync_ruleset: invalid forward mode");
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
rio.ticket = env->sc_pf->pfte.ticket;
|
||||
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ rio.ticket = env->sc_pf->pfte[rs].ticket;
|
||||
+ if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1)
|
||||
+ fatal("sync_ruleset: cannot initialise address pool");
|
||||
+
|
||||
+ rio.pool_ticket = pio.ticket;
|
||||
+#endif
|
||||
rio.rule.af = address->ss.ss_family;
|
||||
rio.rule.proto = address->ipproto;
|
||||
rio.rule.src.addr.type = PF_ADDR_ADDRMASK;
|
||||
@@ -438,7 +533,9 @@
|
||||
rio.rule.dst.port_op = address->port.op;
|
||||
rio.rule.dst.port[0] = address->port.val[0];
|
||||
rio.rule.dst.port[1] = address->port.val[1];
|
||||
+#ifndef __FreeBSD__
|
||||
rio.rule.rtableid = -1; /* stay in the main routing table */
|
||||
+#endif
|
||||
|
||||
if (rio.rule.proto == IPPROTO_TCP)
|
||||
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
|
||||
@@ -466,18 +563,36 @@
|
||||
memset(&rio.rule.dst.addr.v.a.mask.addr8, 0xff, 16);
|
||||
}
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
rio.rule.nat.addr.type = PF_ADDR_NONE;
|
||||
rio.rule.rdr.addr.type = PF_ADDR_TABLE;
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ pio.addr.addr.type = PF_ADDR_TABLE;
|
||||
+#endif
|
||||
if (strlen(t->conf.ifname))
|
||||
+#ifndef __FreeBSD__
|
||||
(void)strlcpy(rio.rule.rdr.ifname, t->conf.ifname,
|
||||
sizeof(rio.rule.rdr.ifname));
|
||||
if (strlcpy(rio.rule.rdr.addr.v.tblname, rdr->conf.name,
|
||||
sizeof(rio.rule.rdr.addr.v.tblname)) >=
|
||||
sizeof(rio.rule.rdr.addr.v.tblname))
|
||||
fatal("sync_ruleset: table name too long");
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ (void)strlcpy(pio.addr.ifname, t->conf.ifname,
|
||||
+ sizeof(pio.addr.ifname));
|
||||
+ if (strlcpy(pio.addr.addr.v.tblname, rdr->conf.name,
|
||||
+ sizeof(pio.addr.addr.v.tblname)) >=
|
||||
+ sizeof(pio.addr.addr.v.tblname))
|
||||
+ fatal("sync_ruleset: table name too long");
|
||||
+ if (ioctl(env->sc_pf->dev, DIOCADDADDR, &pio) == -1)
|
||||
+ fatal("sync_ruleset: cannot add address to pool");
|
||||
+#endif
|
||||
|
||||
if (address->port.op == PF_OP_EQ ||
|
||||
rdr->table->conf.flags & F_PORT) {
|
||||
+#ifndef __FreeBSD__
|
||||
rio.rule.rdr.proxy_port[0] =
|
||||
ntohs(rdr->table->conf.port);
|
||||
rio.rule.rdr.port_op = PF_OP_EQ;
|
||||
@@ -491,10 +606,27 @@
|
||||
sizeof(rio.rule.route));
|
||||
rio.rule.rdr.addr.type = PF_ADDR_NONE;
|
||||
}
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ rio.rule.rpool.proxy_port[0] =
|
||||
+ ntohs(rdr->table->conf.port);
|
||||
+ rio.rule.rpool.port_op = PF_OP_EQ;
|
||||
+ }
|
||||
+ rio.rule.rpool.opts = PF_POOL_ROUNDROBIN;
|
||||
+ if (rdr->conf.flags & F_STICKY)
|
||||
+ rio.rule.rpool.opts |= PF_POOL_STICKYADDR;
|
||||
+#endif
|
||||
|
||||
if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1)
|
||||
fatal("cannot add rule");
|
||||
+#ifndef __FreeBSD__
|
||||
log_debug("%s: rule added to anchor \"%s\"", __func__, anchor);
|
||||
+#else
|
||||
+ /* Old pf */
|
||||
+ log_debug("%s: rule added to %sanchor \"%s\"", __func__,
|
||||
+ rdr->table->conf.fwdmode == FWD_ROUTE ?
|
||||
+ "" : "rdr-", anchor);
|
||||
+#endif
|
||||
}
|
||||
if (transaction_commit(env) == -1)
|
||||
log_warn("%s: add rules transaction failed", __func__);
|
@ -1,214 +1,249 @@
|
||||
--- relayd/relay.c.orig 2011-01-15 01:22:35.236684399 +0100
|
||||
+++ relayd/relay.c 2011-01-15 01:24:07.864955572 +0100
|
||||
@@ -28,7 +28,6 @@
|
||||
#include <sys/un.h>
|
||||
#include <sys/tree.h>
|
||||
#include <sys/hash.h>
|
||||
-#include <sys/resource.h>
|
||||
--- relayd/relay.c.orig 2011-05-20 11:43:53.000000000 +0200
|
||||
+++ relayd/relay.c 2011-05-22 10:41:40.085208004 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
@@ -64,7 +63,7 @@
|
||||
void relay_init(void);
|
||||
void relay_launch(void);
|
||||
int relay_socket(struct sockaddr_storage *, in_port_t,
|
||||
- struct protocol *, int);
|
||||
+ struct protocol *, int, int);
|
||||
int relay_socket_listen(struct sockaddr_storage *, in_port_t,
|
||||
struct protocol *);
|
||||
int relay_socket_connect(struct sockaddr_storage *, in_port_t,
|
||||
@@ -105,6 +104,7 @@
|
||||
char *, size_t);
|
||||
void relay_close_http(struct rsession *, u_int, const char *,
|
||||
u_int16_t);
|
||||
+void relay_http_request_close(struct ctl_relay_event *);
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
@@ -77,7 +81,9 @@
|
||||
|
||||
SSL_CTX *relay_ssl_ctx_create(struct relay *);
|
||||
void relay_ssl_transaction(struct rsession *,
|
||||
@@ -148,6 +148,14 @@
|
||||
case SIGTERM:
|
||||
case SIGINT:
|
||||
(void)event_loopexit(NULL);
|
||||
+ break;
|
||||
+ case SIGCHLD:
|
||||
+ case SIGHUP:
|
||||
+ case SIGPIPE:
|
||||
+ /* ignore */
|
||||
+ break;
|
||||
+ default:
|
||||
+ fatalx("relay_sig_handler: unexpected signal");
|
||||
}
|
||||
void relay_write(struct bufferevent *, void *);
|
||||
void relay_read(struct bufferevent *, void *);
|
||||
+#ifndef __FreeBSD__
|
||||
int relay_splicelen(struct ctl_relay_event *);
|
||||
+#endif
|
||||
void relay_error(struct bufferevent *, short, void *);
|
||||
void relay_dump(struct ctl_relay_event *, const void *, size_t);
|
||||
|
||||
@@ -494,6 +500,7 @@
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -158,8 +166,6 @@
|
||||
+#ifndef __FreeBSD__
|
||||
in_port_t
|
||||
relay_socket_getport(struct sockaddr_storage *ss)
|
||||
{
|
||||
pid_t pid;
|
||||
struct passwd *pw;
|
||||
- struct event ev_sigint;
|
||||
- struct event ev_sigterm;
|
||||
int i;
|
||||
|
||||
switch (pid = fork()) {
|
||||
@@ -213,12 +219,17 @@
|
||||
/* Per-child initialization */
|
||||
relay_init();
|
||||
|
||||
- signal_set(&ev_sigint, SIGINT, relay_sig_handler, NULL);
|
||||
- signal_set(&ev_sigterm, SIGTERM, relay_sig_handler, NULL);
|
||||
- signal_add(&ev_sigint, NULL);
|
||||
- signal_add(&ev_sigterm, NULL);
|
||||
- signal(SIGHUP, SIG_IGN);
|
||||
- signal(SIGPIPE, SIG_IGN);
|
||||
+ signal_set(&env->sc_evsigint, SIGINT, relay_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigterm, SIGTERM, relay_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigchld, SIGCHLD, relay_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsighup, SIGHUP, relay_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigpipe, SIGPIPE, relay_sig_handler, env);
|
||||
+
|
||||
+ signal_add(&env->sc_evsigint, NULL);
|
||||
+ signal_add(&env->sc_evsigterm, NULL);
|
||||
+ signal_add(&env->sc_evsigchld, NULL);
|
||||
+ signal_add(&env->sc_evsighup, NULL);
|
||||
+ signal_add(&env->sc_evsigpipe, NULL);
|
||||
|
||||
/* setup pipes */
|
||||
close(pipe_pfe2hce[0]);
|
||||
@@ -452,19 +463,9 @@
|
||||
struct relay *rlay;
|
||||
struct host *host;
|
||||
struct timeval tv;
|
||||
- struct rlimit rl;
|
||||
|
||||
- if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
|
||||
- fatal("relay_init: failed to get resource limit");
|
||||
- log_debug("relay_init: max open files %d", rl.rlim_max);
|
||||
-
|
||||
- /*
|
||||
- * Allow the maximum number of open file descriptors for this
|
||||
- * login class (which should be the class "daemon" by default).
|
||||
- */
|
||||
- rl.rlim_cur = rl.rlim_max;
|
||||
- if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
|
||||
- fatal("relay_init: failed to set resource limit");
|
||||
+ /* Unlimited file descriptors (use system limits) */
|
||||
+ socket_rlimit(-1);
|
||||
|
||||
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
|
||||
if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) &&
|
||||
@@ -625,7 +626,7 @@
|
||||
@@ -509,6 +516,7 @@
|
||||
/* NOTREACHED */
|
||||
return (0);
|
||||
}
|
||||
+#endif
|
||||
|
||||
int
|
||||
relay_socket(struct sockaddr_storage *ss, in_port_t port,
|
||||
- struct protocol *proto, int fd)
|
||||
+ struct protocol *proto, int fd, int reuseport)
|
||||
{
|
||||
int s = -1, val;
|
||||
struct linger lng;
|
||||
@@ -643,9 +644,12 @@
|
||||
bzero(&lng, sizeof(lng));
|
||||
if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
|
||||
goto bad;
|
||||
- val = 1;
|
||||
- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1)
|
||||
- goto bad;
|
||||
+ if (reuseport) {
|
||||
+ val = 1;
|
||||
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val,
|
||||
+ sizeof(int)) == -1)
|
||||
+ goto bad;
|
||||
+ }
|
||||
if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
|
||||
goto bad;
|
||||
if (proto->tcpflags & TCPFLAG_BUFSIZ) {
|
||||
@@ -713,7 +717,7 @@
|
||||
{
|
||||
int s;
|
||||
@@ -577,6 +585,7 @@
|
||||
&val, sizeof(val)) == -1)
|
||||
goto bad;
|
||||
}
|
||||
+#ifndef __FreeBSD__
|
||||
if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
|
||||
if (proto->tcpflags & TCPFLAG_NSACK)
|
||||
val = 0;
|
||||
@@ -586,6 +595,7 @@
|
||||
&val, sizeof(val)) == -1)
|
||||
goto bad;
|
||||
}
|
||||
+#endif
|
||||
|
||||
- if ((s = relay_socket(ss, port, proto, fd)) == -1)
|
||||
+ if ((s = relay_socket(ss, port, proto, fd, 0)) == -1)
|
||||
return (-1);
|
||||
return (s);
|
||||
|
||||
if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) {
|
||||
@@ -734,7 +738,7 @@
|
||||
{
|
||||
int s;
|
||||
@@ -675,6 +685,7 @@
|
||||
}
|
||||
break;
|
||||
case RELAY_PROTO_TCP:
|
||||
+#ifndef __FreeBSD__
|
||||
if ((proto->tcpflags & TCPFLAG_NSPLICE) ||
|
||||
(rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)))
|
||||
break;
|
||||
@@ -692,6 +703,7 @@
|
||||
return;
|
||||
}
|
||||
con->se_out.splicelen = 0;
|
||||
+#endif
|
||||
break;
|
||||
default:
|
||||
fatalx("relay_input: unknown protocol");
|
||||
@@ -935,12 +947,20 @@
|
||||
}
|
||||
if (strstr(val, "$TIMEOUT") != NULL) {
|
||||
snprintf(ibuf, sizeof(ibuf), "%lu",
|
||||
+#ifdef __FreeBSD__
|
||||
+ (unsigned long)rlay->rl_conf.timeout.tv_sec);
|
||||
+#else
|
||||
rlay->rl_conf.timeout.tv_sec);
|
||||
+#endif
|
||||
if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
- if ((s = relay_socket(ss, port, proto, -1)) == -1)
|
||||
+ if ((s = relay_socket(ss, port, proto, -1, 1)) == -1)
|
||||
return (-1);
|
||||
|
||||
if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1)
|
||||
@@ -1312,6 +1316,29 @@
|
||||
+#ifndef __FreeBSD__
|
||||
return (buf);
|
||||
+#else
|
||||
+ return (char *)(buf);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
+relay_http_request_close(struct ctl_relay_event *cre)
|
||||
+{
|
||||
+ if (cre->path != NULL) {
|
||||
+ free(cre->path);
|
||||
+ cre->path = NULL;
|
||||
+ }
|
||||
+
|
||||
+ cre->args = NULL;
|
||||
+ cre->version = NULL;
|
||||
+
|
||||
+ if (cre->buf != NULL) {
|
||||
+ free(cre->buf);
|
||||
+ cre->buf = NULL;
|
||||
+ cre->buflen = 0;
|
||||
+ }
|
||||
+
|
||||
+ cre->line = 0;
|
||||
+ cre->method = 0;
|
||||
+ cre->done = 0;
|
||||
+ cre->chunked = 0;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
relay_read_http(struct bufferevent *bev, void *arg)
|
||||
{
|
||||
struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
|
||||
@@ -1580,10 +1607,7 @@
|
||||
if (relay_bufferevent_print(cre->dst, "\r\n") == -1)
|
||||
int
|
||||
@@ -1552,7 +1572,11 @@
|
||||
switch (type) {
|
||||
case DIGEST_SHA1:
|
||||
case DIGEST_MD5:
|
||||
+#ifdef __FreeBSD__
|
||||
+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
|
||||
+#else
|
||||
if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
|
||||
+#endif
|
||||
relay_close_http(con, 500,
|
||||
"failed to allocate digest", 0);
|
||||
goto fail;
|
||||
@@ -1841,6 +1865,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
- cre->line = 0;
|
||||
- cre->method = 0;
|
||||
- cre->done = 0;
|
||||
- cre->chunked = 0;
|
||||
+ relay_http_request_close(cre);
|
||||
+#ifndef __FreeBSD__
|
||||
int
|
||||
relay_splicelen(struct ctl_relay_event *cre)
|
||||
{
|
||||
@@ -1859,6 +1884,7 @@
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
+#endif
|
||||
|
||||
done:
|
||||
if (cre->dir == RELAY_DIR_REQUEST && !cre->toread &&
|
||||
@@ -2380,6 +2404,12 @@
|
||||
bufferevent_free(con->se_out.bev);
|
||||
else if (con->se_out.output != NULL)
|
||||
evbuffer_free(con->se_out.output);
|
||||
+ if (con->se_out.ssl != NULL) {
|
||||
+ /* XXX handle non-blocking shutdown */
|
||||
+ if (SSL_shutdown(con->se_out.ssl) == 0)
|
||||
+ SSL_shutdown(con->se_out.ssl);
|
||||
+ SSL_free(con->se_out.ssl);
|
||||
void
|
||||
relay_error(struct bufferevent *bev, short error, void *arg)
|
||||
@@ -1866,9 +1892,12 @@
|
||||
struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
|
||||
struct rsession *con = cre->con;
|
||||
struct evbuffer *dst;
|
||||
+#ifndef __FreeBSD__
|
||||
struct timeval tv, tv_now;
|
||||
+#endif
|
||||
|
||||
if (error & EVBUFFER_TIMEOUT) {
|
||||
+#ifndef __FreeBSD__
|
||||
if (gettimeofday(&tv_now, NULL) == -1) {
|
||||
relay_close(con, strerror(errno));
|
||||
return;
|
||||
@@ -1882,6 +1911,9 @@
|
||||
relay_close(con, "buffer event timeout");
|
||||
else
|
||||
bufferevent_enable(cre->bev, EV_READ);
|
||||
+#else
|
||||
+ relay_close(con, "buffer event timeout");
|
||||
+#endif
|
||||
return;
|
||||
}
|
||||
if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) {
|
||||
@@ -1934,8 +1966,10 @@
|
||||
con->se_out.dst = &con->se_in;
|
||||
con->se_in.con = con;
|
||||
con->se_out.con = con;
|
||||
+#ifndef __FreeBSD__
|
||||
con->se_in.splicelen = -1;
|
||||
con->se_out.splicelen = -1;
|
||||
+#endif
|
||||
con->se_relay = rlay;
|
||||
con->se_id = ++relay_conid;
|
||||
con->se_relayid = rlay->rl_conf.id;
|
||||
@@ -1981,6 +2015,7 @@
|
||||
return;
|
||||
}
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
if (rlay->rl_conf.flags & F_DIVERT) {
|
||||
slen = sizeof(con->se_out.ss);
|
||||
if (getsockname(s, (struct sockaddr *)&con->se_out.ss,
|
||||
@@ -1996,12 +2031,19 @@
|
||||
con->se_out.port == rlay->rl_conf.port)
|
||||
con->se_out.ss.ss_family = AF_UNSPEC;
|
||||
} else if (rlay->rl_conf.flags & F_NATLOOK) {
|
||||
+#else
|
||||
+ if (rlay->rl_conf.flags & F_NATLOOK) {
|
||||
+#endif
|
||||
if ((cnl = (struct ctl_natlook *)
|
||||
calloc(1, sizeof(struct ctl_natlook))) == NULL) {
|
||||
relay_close(con, "failed to allocate nat lookup");
|
||||
return;
|
||||
}
|
||||
+#ifdef __FreeBSD__
|
||||
+ }
|
||||
if (con->se_out.s != -1)
|
||||
close(con->se_out.s);
|
||||
if (con->se_out.path != NULL)
|
||||
@@ -2419,6 +2449,7 @@
|
||||
struct table *table;
|
||||
struct ctl_status st;
|
||||
objid_t id;
|
||||
+ int verbose;
|
||||
|
||||
iev = ptr;
|
||||
ibuf = &iev->ibuf;
|
||||
@@ -2522,6 +2553,10 @@
|
||||
imsg_compose_event(iev, IMSG_CTL_END,
|
||||
0, 0, -1, NULL, 0);
|
||||
break;
|
||||
+ case IMSG_CTL_LOG_VERBOSE:
|
||||
+ memcpy(&verbose, imsg.data, sizeof(verbose));
|
||||
+ log_verbose(verbose);
|
||||
+ break;
|
||||
default:
|
||||
log_debug("relay_dispatch_msg: unexpected imsg %d",
|
||||
imsg.hdr.type);
|
||||
+ if (rlay->rl_conf.flags & F_NATLOOK && cnl != NULL) {
|
||||
+#endif
|
||||
con->se_cnl = cnl;
|
||||
bzero(cnl, sizeof(*cnl));
|
||||
cnl->in = -1;
|
||||
@@ -2605,8 +2647,12 @@
|
||||
goto err;
|
||||
|
||||
/* Set session context to the local relay name */
|
||||
- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
|
||||
- strlen(rlay->rl_conf.name)))
|
||||
+ if (!SSL_CTX_set_session_id_context(ctx,
|
||||
+#ifdef __FreeBSD__
|
||||
+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
|
||||
+#else
|
||||
+ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
|
||||
+#endif
|
||||
goto err;
|
||||
|
||||
return (ctx);
|
||||
@@ -2623,7 +2669,7 @@
|
||||
{
|
||||
struct relay *rlay = (struct relay *)con->se_relay;
|
||||
SSL *ssl;
|
||||
- const SSL_METHOD *method;
|
||||
+ SSL_METHOD *method;
|
||||
void (*cb)(int, short, void *);
|
||||
u_int flags = EV_TIMEOUT;
|
||||
|
||||
@@ -3069,7 +3115,11 @@
|
||||
if (fstat(fd, &st) != 0)
|
||||
goto fail;
|
||||
size = st.st_size;
|
||||
+#ifndef __FreeBSD__
|
||||
if ((buf = (char *)calloc(1, size + 1)) == NULL)
|
||||
+#else
|
||||
+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
|
||||
+#endif
|
||||
goto fail;
|
||||
if (read(fd, buf, size) != size)
|
||||
goto fail;
|
||||
@@ -3077,7 +3127,11 @@
|
||||
close(fd);
|
||||
|
||||
*len = size;
|
||||
+#ifndef __FreeBSD__
|
||||
return (buf);
|
||||
+#else
|
||||
+ return (char *)(buf);
|
||||
+#endif
|
||||
|
||||
fail:
|
||||
if (buf != NULL)
|
||||
@@ -3107,7 +3161,7 @@
|
||||
return (-1);
|
||||
|
||||
if (snprintf(certfile, sizeof(certfile),
|
||||
- "/etc/ssl/%s.crt", hbuf) == -1)
|
||||
+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
|
||||
return (-1);
|
||||
if ((rlay->rl_ssl_cert = relay_load_file(certfile,
|
||||
&rlay->rl_conf.ssl_cert_len)) == NULL)
|
||||
@@ -3115,7 +3169,7 @@
|
||||
log_debug("%s: using certificate %s", __func__, certfile);
|
||||
|
||||
if (snprintf(certfile, sizeof(certfile),
|
||||
- "/etc/ssl/private/%s.key", hbuf) == -1)
|
||||
+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
|
||||
return -1;
|
||||
if ((rlay->rl_ssl_key = relay_load_file(certfile,
|
||||
&rlay->rl_conf.ssl_key_len)) == NULL)
|
||||
|
14
net/relayd/files/patch-relayd-relay_udp.c
Normal file
14
net/relayd/files/patch-relayd-relay_udp.c
Normal file
@ -0,0 +1,14 @@
|
||||
--- relayd.orig/relay_udp.c 2011-05-22 01:06:39.460142978 +0200
|
||||
+++ relayd/relay_udp.c 2011-05-22 01:06:54.703144104 +0200
|
||||
@@ -16,7 +16,11 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
20
net/relayd/files/patch-relayd-relayd.8
Normal file
20
net/relayd/files/patch-relayd-relayd.8
Normal file
@ -0,0 +1,20 @@
|
||||
--- relayd.orig/relayd.8 2011-05-22 01:06:39.464157989 +0200
|
||||
+++ relayd/relayd.8 2011-05-22 01:06:54.705151889 +0200
|
||||
@@ -114,7 +114,7 @@
|
||||
.It Fl f Ar file
|
||||
Specify an alternative configuration file.
|
||||
The default is
|
||||
-.Pa /etc/relayd.conf .
|
||||
+.Pa %%PREFIX%%/etc/relayd.conf .
|
||||
.It Fl n
|
||||
Configtest mode.
|
||||
Only check the configuration file for validity.
|
||||
@@ -123,7 +123,7 @@
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width "/var/run/relayd.sockXX" -compact
|
||||
-.It /etc/relayd.conf
|
||||
+.It %%PREFIX%%/etc/relayd.conf
|
||||
Default configuration file.
|
||||
.It /var/run/relayd.sock
|
||||
.Ux Ns -domain
|
@ -1,127 +1,181 @@
|
||||
--- relayd/relayd.c.orig 2011-01-15 00:27:09.020486320 +0100
|
||||
+++ relayd/relayd.c 2011-01-15 00:32:43.024188430 +0100
|
||||
@@ -26,6 +26,7 @@
|
||||
--- relayd/relayd.c.orig 2011-05-19 10:56:49.000000000 +0200
|
||||
+++ relayd/relayd.c 2011-05-22 10:34:12.913164741 +0200
|
||||
@@ -17,7 +17,12 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/param.h>
|
||||
+#include <openssl/rand.h>
|
||||
+#else
|
||||
#include <sys/types.h>
|
||||
+#endif
|
||||
#include <sys/queue.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/wait.h>
|
||||
+#include <sys/resource.h>
|
||||
@@ -39,7 +44,11 @@
|
||||
#include <unistd.h>
|
||||
#include <ctype.h>
|
||||
#include <pwd.h>
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sha.h>
|
||||
+#else
|
||||
#include <sha1.h>
|
||||
+#endif
|
||||
#include <md5.h>
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
@@ -113,6 +114,9 @@
|
||||
case SIGHUP:
|
||||
reconfigure();
|
||||
break;
|
||||
+ case SIGPIPE:
|
||||
+ /* ignore */
|
||||
+ break;
|
||||
default:
|
||||
fatalx("unexpected signal");
|
||||
}
|
||||
@@ -142,10 +146,6 @@
|
||||
#endif
|
||||
#include <openssl/ssl.h>
|
||||
@@ -150,6 +159,11 @@
|
||||
struct relayd *env;
|
||||
const char *conffile;
|
||||
- struct event ev_sigint;
|
||||
- struct event ev_sigterm;
|
||||
- struct event ev_sigchld;
|
||||
- struct event ev_sighup;
|
||||
struct imsgev *iev;
|
||||
struct privsep *ps;
|
||||
const char *conffile = CONF_FILE;
|
||||
+#ifdef __FreeBSD__
|
||||
+#if __FreeBSD_version > 800040
|
||||
+ u_int32_t rnd[256];
|
||||
+#endif
|
||||
+#endif
|
||||
|
||||
opts = 0;
|
||||
@@ -261,15 +261,17 @@
|
||||
while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
|
||||
switch (c) {
|
||||
@@ -220,6 +234,16 @@
|
||||
else
|
||||
log_info("startup");
|
||||
|
||||
event_init();
|
||||
|
||||
- signal_set(&ev_sigint, SIGINT, main_sig_handler, env);
|
||||
- signal_set(&ev_sigterm, SIGTERM, main_sig_handler, env);
|
||||
- signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, env);
|
||||
- signal_set(&ev_sighup, SIGHUP, main_sig_handler, env);
|
||||
- signal_add(&ev_sigint, NULL);
|
||||
- signal_add(&ev_sigterm, NULL);
|
||||
- signal_add(&ev_sigchld, NULL);
|
||||
- signal_add(&ev_sighup, NULL);
|
||||
- signal(SIGPIPE, SIG_IGN);
|
||||
+ signal_set(&env->sc_evsigint, SIGINT, main_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigterm, SIGTERM, main_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigchld, SIGCHLD, main_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsighup, SIGHUP, main_sig_handler, env);
|
||||
+ signal_set(&env->sc_evsigpipe, SIGPIPE, main_sig_handler, env);
|
||||
+#ifdef __FreeBSD__
|
||||
+#if __FreeBSD_version > 800040
|
||||
+ arc4random_stir();
|
||||
+ arc4random_buf(rnd, sizeof(rnd));
|
||||
+ RAND_seed(rnd, sizeof(rnd));
|
||||
+#else
|
||||
+ RAND_load_file("/dev/random",2048);
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
+ signal_add(&env->sc_evsigint, NULL);
|
||||
+ signal_add(&env->sc_evsigterm, NULL);
|
||||
+ signal_add(&env->sc_evsigchld, NULL);
|
||||
+ signal_add(&env->sc_evsighup, NULL);
|
||||
+ signal_add(&env->sc_evsigpipe, NULL);
|
||||
ps->ps_instances[PROC_RELAY] = env->sc_prefork_relay;
|
||||
proc_init(ps, procs, nitems(procs));
|
||||
|
||||
@@ -258,7 +282,9 @@
|
||||
if (parent_configure(env) == -1)
|
||||
fatalx("configuration failed");
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
init_routes(env);
|
||||
+#endif
|
||||
|
||||
close(pipe_parent2pfe[1]);
|
||||
close(pipe_parent2hce[1]);
|
||||
@@ -322,6 +324,8 @@
|
||||
#endif
|
||||
event_dispatch();
|
||||
|
||||
+ main_shutdown(env);
|
||||
+ /* NOTREACHED */
|
||||
return (0);
|
||||
}
|
||||
@@ -273,7 +299,9 @@
|
||||
{
|
||||
struct table *tb;
|
||||
struct rdr *rdr;
|
||||
+#ifndef __FreeBSD__
|
||||
struct router *rt;
|
||||
+#endif
|
||||
struct protocol *proto;
|
||||
struct relay *rlay;
|
||||
int id;
|
||||
@@ -284,8 +312,10 @@
|
||||
config_settable(env, tb);
|
||||
TAILQ_FOREACH(rdr, env->sc_rdrs, entry)
|
||||
config_setrdr(env, rdr);
|
||||
+#ifndef __FreeBSD__
|
||||
TAILQ_FOREACH(rt, env->sc_rts, rt_entry)
|
||||
config_setrt(env, rt);
|
||||
+#endif
|
||||
TAILQ_FOREACH(proto, env->sc_protos, entry)
|
||||
config_setproto(env, proto);
|
||||
TAILQ_FOREACH(rlay, env->sc_relays, rl_entry)
|
||||
@@ -359,9 +389,11 @@
|
||||
|
||||
@@ -642,6 +646,7 @@
|
||||
#ifndef __FreeBSD__
|
||||
proc_kill(env->sc_ps);
|
||||
control_cleanup(&env->sc_ps->ps_csock);
|
||||
+#ifndef __FreeBSD__
|
||||
carp_demote_shutdown();
|
||||
if (env->sc_flags & F_DEMOTE)
|
||||
carp_demote_reset(env->sc_demote_group, 128);
|
||||
+#endif
|
||||
|
||||
free(env->sc_ps);
|
||||
free(env);
|
||||
@@ -375,12 +407,15 @@
|
||||
parent_dispatch_pfe(int fd, struct privsep_proc *p, struct imsg *imsg)
|
||||
{
|
||||
struct relayd *env = p->p_env;
|
||||
+#ifndef __FreeBSD__
|
||||
struct ctl_demote demote;
|
||||
#endif
|
||||
+ int verbose;
|
||||
struct ctl_netroute crt;
|
||||
+#endif
|
||||
u_int v;
|
||||
char *str = NULL;
|
||||
|
||||
iev = ptr;
|
||||
ibuf = &iev->ibuf;
|
||||
@@ -685,6 +690,10 @@
|
||||
*/
|
||||
reconfigure();
|
||||
break;
|
||||
+ case IMSG_CTL_LOG_VERBOSE:
|
||||
+ memcpy(&verbose, imsg.data, sizeof(verbose));
|
||||
+ log_verbose(verbose);
|
||||
+ break;
|
||||
default:
|
||||
log_debug("main_dispatch_pfe: unexpected imsg %d",
|
||||
imsg.hdr.type);
|
||||
@@ -988,6 +997,7 @@
|
||||
if (timercmp(&tv_next, &tv, >))
|
||||
bcopy(&tv_next, &tv, sizeof(tv));
|
||||
|
||||
+ event_del(ev);
|
||||
event_set(ev, fd, event, fn, arg);
|
||||
event_add(ev, &tv);
|
||||
switch (imsg->hdr.type) {
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_DEMOTE:
|
||||
IMSG_SIZE_CHECK(imsg, &demote);
|
||||
memcpy(&demote, imsg->data, sizeof(demote));
|
||||
@@ -391,6 +426,7 @@
|
||||
memcpy(&crt, imsg->data, sizeof(crt));
|
||||
pfe_route(env, &crt);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CTL_RESET:
|
||||
IMSG_SIZE_CHECK(imsg, &v);
|
||||
memcpy(&v, imsg->data, sizeof(v));
|
||||
@@ -432,9 +468,11 @@
|
||||
proc_compose_imsg(ps, PROC_HCE, -1, IMSG_SCRIPT,
|
||||
-1, &scr, sizeof(scr));
|
||||
break;
|
||||
+#ifndef __FreeBSD__
|
||||
case IMSG_SNMPSOCK:
|
||||
(void)snmp_setsock(env, p->p_id);
|
||||
break;
|
||||
+#endif
|
||||
case IMSG_CFG_DONE:
|
||||
if (env->sc_reload)
|
||||
env->sc_reload--;
|
||||
@@ -645,6 +683,7 @@
|
||||
return (NULL);
|
||||
}
|
||||
@@ -1145,6 +1155,7 @@
|
||||
}
|
||||
pn->key = strdup(pk->key);
|
||||
if (pn->key == NULL) {
|
||||
+ free(pn);
|
||||
log_warn("out of memory");
|
||||
return (NULL);
|
||||
}
|
||||
@@ -1370,3 +1381,24 @@
|
||||
|
||||
return (0);
|
||||
+#ifndef __FreeBSD__
|
||||
struct netroute *
|
||||
route_find(struct relayd *env, objid_t id)
|
||||
{
|
||||
@@ -666,6 +705,7 @@
|
||||
return (rt);
|
||||
return (NULL);
|
||||
}
|
||||
+
|
||||
+void
|
||||
+socket_rlimit(int maxfd)
|
||||
+{
|
||||
+ struct rlimit rl;
|
||||
+
|
||||
+ if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
|
||||
+ fatal("socket_rlimit: failed to get resource limit");
|
||||
+ log_debug("socket_rlimit: max open files %d", rl.rlim_max);
|
||||
+
|
||||
+ /*
|
||||
+ * Allow the maximum number of open file descriptors for this
|
||||
+ * login class (which should be the class "daemon" by default).
|
||||
+ */
|
||||
+ if (maxfd == -1)
|
||||
+ rl.rlim_cur = rl.rlim_max;
|
||||
+ else
|
||||
+ rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd);
|
||||
+ if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
|
||||
+ fatal("socket_rlimit: failed to set resource limit");
|
||||
+}
|
||||
+#endif
|
||||
|
||||
struct host *
|
||||
host_findbyname(struct relayd *env, const char *name)
|
||||
@@ -840,7 +880,11 @@
|
||||
{
|
||||
switch (type) {
|
||||
case DIGEST_SHA1:
|
||||
+#ifdef __FreeBSD__
|
||||
+ return (SHA1_Data(data, len, buf));
|
||||
+#else
|
||||
return (SHA1Data(data, len, buf));
|
||||
+#endif
|
||||
break;
|
||||
case DIGEST_MD5:
|
||||
return (MD5Data(data, len, buf));
|
||||
@@ -1077,9 +1121,17 @@
|
||||
bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
|
||||
bnd->bnd_proto)) == -1)
|
||||
goto fail;
|
||||
+#ifdef SO_BINDANY
|
||||
if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
|
||||
&v, sizeof(v)) == -1)
|
||||
goto fail;
|
||||
+#else
|
||||
+#ifdef IP_BINDANY
|
||||
+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
|
||||
+ &v, sizeof(v)) == -1)
|
||||
+ goto fail;
|
||||
+#endif
|
||||
+#endif
|
||||
if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
|
||||
bnd->bnd_ss.ss_len) == -1)
|
||||
goto fail;
|
||||
|
244
net/relayd/files/patch-relayd-relayd.conf.5
Normal file
244
net/relayd/files/patch-relayd-relayd.conf.5
Normal file
@ -0,0 +1,244 @@
|
||||
--- relayd/relayd.conf.5.orig 2011-05-05 12:20:24.000000000 +0200
|
||||
+++ relayd/relayd.conf.5 2011-05-22 12:52:42.026190316 +0200
|
||||
@@ -43,7 +43,7 @@
|
||||
in a similar fashion to
|
||||
.Xr pf 4
|
||||
tables.
|
||||
-They are used for relay, redirection, and router target selection with
|
||||
+They are used for relay and redirection target selection with
|
||||
the described options and health checking on the host they contain.
|
||||
.It Sy Redirections
|
||||
Redirections are translated to
|
||||
@@ -55,9 +55,6 @@
|
||||
general purpose TCP proxying on layer 7.
|
||||
.It Sy Protocols
|
||||
Protocols are predefined protocol handlers and settings for relays.
|
||||
-.It Sy Routers
|
||||
-Routers are used to insert routes with health-checked gateways for
|
||||
-(WAN) link balancing.
|
||||
.El
|
||||
.Pp
|
||||
Within the sections,
|
||||
@@ -86,7 +83,7 @@
|
||||
.Ic include
|
||||
keyword, for example:
|
||||
.Bd -literal -offset indent
|
||||
-include "/etc/relayd.conf.local"
|
||||
+include "%%PREFIX%%/etc/relayd.conf.local"
|
||||
.Ed
|
||||
.Sh MACROS
|
||||
Macros can be defined that will later be expanded in context.
|
||||
@@ -111,17 +108,6 @@
|
||||
.Sh GLOBAL CONFIGURATION
|
||||
Here are the settings that can be set globally:
|
||||
.Bl -tag -width Ds
|
||||
-.It Ic demote Ar group
|
||||
-Enable the global
|
||||
-.Xr carp 4
|
||||
-demotion option, resetting the carp demotion counter for the
|
||||
-specified interface group to zero on startup and to 128 on shutdown of
|
||||
-the daemon.
|
||||
-For more information on interface groups,
|
||||
-see the
|
||||
-.Ic group
|
||||
-keyword in
|
||||
-.Xr ifconfig 8 .
|
||||
.It Ic interval Ar number
|
||||
Set the interval in seconds at which the hosts will be checked.
|
||||
The default interval is 10 seconds.
|
||||
@@ -151,15 +137,6 @@
|
||||
.Xr relayd 8
|
||||
runs 5 relay processes by default and every process will handle
|
||||
all configured relays.
|
||||
-.It Ic send trap
|
||||
-Send an SNMP trap when the state of a host changes.
|
||||
-.Xr relayd 8
|
||||
-will try to connect to
|
||||
-.Xr snmpd 8
|
||||
-and request it send a trap to the registered trap receivers;
|
||||
-see
|
||||
-.Xr snmpd.conf 5
|
||||
-for more information about the configuration.
|
||||
.It Ic timeout Ar number
|
||||
Set the global timeout in milliseconds for checks.
|
||||
This can be overridden by the timeout value in the table definitions.
|
||||
@@ -363,17 +340,6 @@
|
||||
.Pp
|
||||
The following general table options are available:
|
||||
.Bl -tag -width Ds
|
||||
-.It Ic demote Ar group
|
||||
-Enable the per-table
|
||||
-.Xr carp 4
|
||||
-demotion option.
|
||||
-This will increment the carp demotion counter for the
|
||||
-specified interface group if all hosts in the table are down.
|
||||
-For more information on interface groups,
|
||||
-see the
|
||||
-.Ic group
|
||||
-keyword in
|
||||
-.Xr ifconfig 8 .
|
||||
.It Ic interval Ar number
|
||||
Override the global interval and specify one for this table.
|
||||
It must be a multiple of the global interval.
|
||||
@@ -605,7 +571,7 @@
|
||||
.Ic destination
|
||||
.Ar options ...
|
||||
.Xc
|
||||
-When redirecting connections with a divert-to rule in
|
||||
+When redirecting connections with a rdr-to rule in
|
||||
.Xr pf.conf 5
|
||||
to a relay listening on localhost, this directive will
|
||||
look up the real destination address of the intended target host,
|
||||
@@ -613,14 +579,7 @@
|
||||
If an additional
|
||||
.Ic forward to
|
||||
directive to a specified address or table is present,
|
||||
-it will be used as a backup if the lookup failed.
|
||||
-.It Xo
|
||||
-.Ic forward to
|
||||
-.Ic nat lookup
|
||||
-.Ar options ...
|
||||
-.Xc
|
||||
-Like the previous directive, but for redirections with rdr-to in
|
||||
-.Xr pf.conf 5 .
|
||||
+it will be used as a backup if the NAT lookup failed.
|
||||
.It Xo
|
||||
.Ic listen on Ar address
|
||||
.Op Ic port Ar port
|
||||
@@ -639,9 +598,9 @@
|
||||
keyword is present, the relay will accept connections using the
|
||||
encrypted SSL protocol.
|
||||
The relay will look up a private key in
|
||||
-.Pa /etc/ssl/private/address.key
|
||||
+.Pa %%PREFIX%%/etc/ssl/private/address.key
|
||||
and a public certificate in
|
||||
-.Pa /etc/ssl/address.crt ,
|
||||
+.Pa %%PREFIX%%/etc/ssl/address.crt ,
|
||||
where
|
||||
.Ar address
|
||||
is the specified IP address of the relay to listen on.
|
||||
@@ -990,9 +949,6 @@
|
||||
This option enables CA verification in SSL client mode.
|
||||
The daemon will load the CA (Certificate Authority) certificates from
|
||||
the specified path to verify the server certificates.
|
||||
-.Ox
|
||||
-provides a default CA bundle in
|
||||
-.Pa /etc/ssl/cert.pem .
|
||||
.It Ic ciphers Ar string
|
||||
Set the string defining the SSL cipher suite.
|
||||
If not specified, the default value
|
||||
@@ -1068,89 +1024,22 @@
|
||||
Set the socket-level buffer size for input and output for this
|
||||
connection.
|
||||
This will affect the TCP window size.
|
||||
-.It Xo
|
||||
-.Op Ic no
|
||||
-.Ic splice
|
||||
-.Xc
|
||||
-Use socket splicing for zero-copy data transfer.
|
||||
-This option is enabled by default.
|
||||
.El
|
||||
.El
|
||||
-.Sh ROUTERS
|
||||
-Routers represent routing table entries in the kernel forwarding
|
||||
-database, see
|
||||
-.Xr route 4 ,
|
||||
-and a table of associated gateways.
|
||||
-They are used to dynamically insert or remove routes with gateways
|
||||
-based on their availability and health-check results.
|
||||
-A router can include multiple network statements and a single forward
|
||||
-statement with a table of one or more gateways.
|
||||
-All entries in a single router directive must match the same address
|
||||
-family, either IPv4 or IPv6.
|
||||
-.Pp
|
||||
-The kernel supports multipath routing when multiple gateways exist to
|
||||
-the same destination address.
|
||||
-The multipath routing behaviour can be changed globally using the
|
||||
-.Xr sysctl 8
|
||||
-variables
|
||||
-.Va net.inet.ip.multipath
|
||||
-and
|
||||
-.Va net.inet6.ip6.multipath .
|
||||
-With the default setting of 0,
|
||||
-the first route selected will be used for subsequent packets to that
|
||||
-destination regardless of source.
|
||||
-Setting it to 1 will enable load balancing based on the packet source
|
||||
-address across gateways; multiple routes with the same priority are
|
||||
-used equally.
|
||||
-The kernel will also check the link state of the related network
|
||||
-interface and try a different route if it is not active.
|
||||
-.Pp
|
||||
-The configuration directives that are valid in the
|
||||
-.Ic routers
|
||||
-context are described below:
|
||||
-.Bl -tag -width Ds
|
||||
-.It Xo
|
||||
-.Ic forward to
|
||||
-.Aq Ar table
|
||||
-.Ic port Ar number
|
||||
-.Ar options ...
|
||||
-.Xc
|
||||
-Specify the table of target gateways to be used; see the
|
||||
-.Sx TABLES
|
||||
-section above for information about table options.
|
||||
-This entry is mandatory and must be specified once.
|
||||
-.It Xo
|
||||
-.Ic route
|
||||
-.Ar address Ns Li / Ns Ar prefix
|
||||
-.Xc
|
||||
-Specify the network address and prefix length of a route destination
|
||||
-that is reachable via the active gateways.
|
||||
-This entry must be specified at least once in a router directive.
|
||||
-.It Ic rtable Ar id
|
||||
-Add the routes to the kernel routing table with the specified
|
||||
-.Ar id .
|
||||
-.It Ic rtlabel Ar label
|
||||
-Add the routes with the specified
|
||||
-.Ar label
|
||||
-to the kernel routing table.
|
||||
-.El
|
||||
.Sh FILES
|
||||
-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
|
||||
-.It Pa /etc/relayd.conf
|
||||
+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
|
||||
+.It Pa %%PREFIX%%/etc/relayd.conf
|
||||
.Xr relayd 8
|
||||
configuration file.
|
||||
.Pp
|
||||
.It Pa /etc/services
|
||||
Service name database.
|
||||
.Pp
|
||||
-.It Pa /etc/ssl/address.crt
|
||||
-.It Pa /etc/ssl/private/address.key
|
||||
+.It Pa %%PREFIX%%/etc/ssl/address.crt
|
||||
+.It Pa %%PREFIX%%/etc/ssl/private/address.key
|
||||
Location of the relay SSL server certificates, where
|
||||
.Ar address
|
||||
is the configured IP address of the relay.
|
||||
-.It Pa /etc/ssl/cert.pem
|
||||
-Default location of the CA bundle that can be used with
|
||||
-.Xr relayd 8 .
|
||||
.El
|
||||
.Sh EXAMPLES
|
||||
This configuration file would create a redirection service
|
||||
@@ -1242,20 +1131,9 @@
|
||||
forward to shell.example.com port 22
|
||||
}
|
||||
.Ed
|
||||
-.Pp
|
||||
-The next simple router configuration example can be used to run
|
||||
-redundant, health-checked WAN links:
|
||||
-.Bd -literal -offset indent
|
||||
-table \*(Ltgateways\*(Gt { $gw1 ip ttl 1, $gw2 ip ttl 1 }
|
||||
-router "uplinks" {
|
||||
- route 0.0.0.0/0
|
||||
- forward to \*(Ltgateways\*(Gt check icmp
|
||||
-}
|
||||
-.Ed
|
||||
.Sh SEE ALSO
|
||||
.Xr relayctl 8 ,
|
||||
.Xr relayd 8 ,
|
||||
-.Xr snmpd 8 ,
|
||||
.Xr ssl 8
|
||||
.Sh HISTORY
|
||||
The
|
@ -1,74 +1,199 @@
|
||||
--- relayd/relayd.h.orig 2011-01-15 00:27:09.022494663 +0100
|
||||
+++ relayd/relayd.h 2011-01-15 00:47:37.743251059 +0100
|
||||
@@ -19,11 +19,12 @@
|
||||
*/
|
||||
|
||||
--- relayd.orig/relayd.h 2011-05-22 01:06:39.465162022 +0200
|
||||
+++ relayd/relayd.h 2011-05-22 01:07:39.088200887 +0200
|
||||
@@ -21,10 +21,18 @@
|
||||
#include <sys/tree.h>
|
||||
+
|
||||
+#include <sys/param.h> /* MAXHOSTNAMELEN */
|
||||
+#include <limits.h>
|
||||
#ifdef __FreeBSD__
|
||||
-#include <sys/param.h>
|
||||
#include <sys/queue.h>
|
||||
#endif
|
||||
-
|
||||
|
||||
#include <sys/param.h> /* MAXHOSTNAMELEN */
|
||||
+#ifdef __FreeBSD__
|
||||
+#include <sys/queue.h>
|
||||
+#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
|
||||
+#endif
|
||||
#include <limits.h>
|
||||
#include <imsg.h>
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
@@ -299,7 +300,9 @@
|
||||
HCE_ICMP_OK,
|
||||
HCE_ICMP_READ_TIMEOUT,
|
||||
HCE_ICMP_WRITE_TIMEOUT,
|
||||
- HCE_TCP_CONNECT_ERROR,
|
||||
+ HCE_TCP_SOCKET_ERROR,
|
||||
+ HCE_TCP_SOCKET_LIMIT,
|
||||
+ HCE_TCP_SOCKET_OPTION,
|
||||
HCE_TCP_CONNECT_FAIL,
|
||||
HCE_TCP_CONNECT_TIMEOUT,
|
||||
HCE_TCP_CONNECT_OK,
|
||||
@@ -637,6 +640,13 @@
|
||||
struct ctl_icmp_event sc_icmp_recv;
|
||||
struct ctl_icmp_event sc_icmp6_send;
|
||||
struct ctl_icmp_event sc_icmp6_recv;
|
||||
+
|
||||
+ /* Event and signal handlers */
|
||||
+ struct event sc_evsigint;
|
||||
+ struct event sc_evsigterm;
|
||||
+ struct event sc_evsigchld;
|
||||
+ struct event sc_evsighup;
|
||||
+ struct event sc_evsigpipe;
|
||||
};
|
||||
+#ifdef __FreeBSD__
|
||||
+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
|
||||
+#else
|
||||
#define CONF_FILE "/etc/relayd.conf"
|
||||
+#endif
|
||||
#define RELAYD_SOCKET "/var/run/relayd.sock"
|
||||
#define PF_SOCKET "/dev/pf"
|
||||
#define RELAYD_USER "_relayd"
|
||||
@@ -63,7 +71,18 @@
|
||||
#define SMALL_READ_BUF_SIZE 1024
|
||||
#define ICMP_BUF_SIZE 64
|
||||
|
||||
#define RELAYD_OPT_VERBOSE 0x01
|
||||
@@ -699,6 +709,7 @@
|
||||
IMSG_CTL_NOTIFY,
|
||||
IMSG_CTL_RDR_STATS,
|
||||
IMSG_CTL_RELAY_STATS,
|
||||
+ IMSG_CTL_LOG_VERBOSE,
|
||||
IMSG_RDR_ENABLE, /* notifies from pfe to hce */
|
||||
IMSG_RDR_DISABLE,
|
||||
IMSG_TABLE_ENABLE,
|
||||
@@ -799,7 +810,6 @@
|
||||
+#ifndef __FreeBSD__
|
||||
#define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
|
||||
+#else
|
||||
+#define SIMPLEQ_HEAD STAILQ_HEAD
|
||||
+#define SIMPLEQ_FIRST STAILQ_FIRST
|
||||
+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
|
||||
+#define SIMPLEQ_ENTRY STAILQ_ENTRY
|
||||
+#define SIMPLEQ_INIT STAILQ_INIT
|
||||
+#define SIMPLEQ_EMPTY STAILQ_EMPTY
|
||||
+#define SIMPLEQ_NEXT STAILQ_NEXT
|
||||
+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
|
||||
+#endif
|
||||
|
||||
#if DEBUG > 1
|
||||
#define DPRINTF log_debug
|
||||
@@ -253,7 +272,9 @@
|
||||
#define F_SSLCLIENT 0x00200000
|
||||
#define F_NEEDRT 0x00400000
|
||||
#define F_MATCH 0x00800000
|
||||
+#ifndef __FreeBSD__
|
||||
#define F_DIVERT 0x01000000
|
||||
+#endif
|
||||
|
||||
#define F_BITS \
|
||||
"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \
|
||||
@@ -622,6 +643,7 @@
|
||||
};
|
||||
#define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
struct router;
|
||||
struct netroute_config {
|
||||
objid_t id;
|
||||
@@ -668,6 +690,7 @@
|
||||
struct netroute_config nr;
|
||||
struct router_config rt;
|
||||
};
|
||||
+#endif
|
||||
|
||||
/* initially control.h */
|
||||
struct control_sock {
|
||||
@@ -753,12 +776,18 @@
|
||||
IMSG_HOST_STATUS, /* notifies from hce to pfe */
|
||||
IMSG_SYNC,
|
||||
IMSG_NATLOOK,
|
||||
+#ifndef __FreeBSD__
|
||||
IMSG_DEMOTE,
|
||||
+#endif
|
||||
IMSG_STATISTICS,
|
||||
IMSG_SCRIPT,
|
||||
+#ifndef __FreeBSD__
|
||||
IMSG_SNMPSOCK,
|
||||
+#endif
|
||||
IMSG_BINDANY,
|
||||
+#ifndef __FreeBSD__
|
||||
IMSG_RTMSG, /* from pfe to parent */
|
||||
+#endif
|
||||
IMSG_CFG_TABLE, /* configuration from parent */
|
||||
IMSG_CFG_HOST,
|
||||
IMSG_CFG_RDR,
|
||||
@@ -826,14 +855,18 @@
|
||||
u_int32_t sc_flags;
|
||||
const char *sc_conffile;
|
||||
struct pfdata *sc_pf;
|
||||
+#ifndef __FreeBSD__
|
||||
int sc_rtsock;
|
||||
int sc_rtseq;
|
||||
+#endif
|
||||
int sc_tablecount;
|
||||
int sc_rdrcount;
|
||||
int sc_protocount;
|
||||
int sc_relaycount;
|
||||
+#ifndef __FreeBSD__
|
||||
int sc_routercount;
|
||||
int sc_routecount;
|
||||
+#endif
|
||||
struct timeval sc_interval;
|
||||
struct timeval sc_timeout;
|
||||
struct table sc_empty_table;
|
||||
@@ -843,8 +876,10 @@
|
||||
struct rdrlist *sc_rdrs;
|
||||
struct protolist *sc_protos;
|
||||
struct relaylist *sc_relays;
|
||||
+#ifndef __FreeBSD__
|
||||
struct routerlist *sc_rts;
|
||||
struct netroutelist *sc_routes;
|
||||
+#endif
|
||||
u_int16_t sc_prefork_relay;
|
||||
char sc_demote_group[IFNAMSIZ];
|
||||
u_int16_t sc_id;
|
||||
@@ -852,10 +887,11 @@
|
||||
struct event sc_statev;
|
||||
struct timeval sc_statinterval;
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
int sc_snmp;
|
||||
struct event sc_snmpto;
|
||||
struct event sc_snmpev;
|
||||
-
|
||||
+#endif
|
||||
int sc_has_icmp;
|
||||
int sc_has_icmp6;
|
||||
struct ctl_icmp_event sc_icmp_send;
|
||||
@@ -923,10 +959,12 @@
|
||||
u_int64_t
|
||||
check_table(struct relayd *, struct rdr *, struct table *);
|
||||
|
||||
+#ifndef __FreeBSD__
|
||||
/* pfe_route.c */
|
||||
void init_routes(struct relayd *);
|
||||
void sync_routes(struct relayd *, struct router *);
|
||||
int pfe_route(struct relayd *, struct ctl_netroute *);
|
||||
+#endif
|
||||
|
||||
/* hce.c */
|
||||
pid_t hce(struct privsep *, struct privsep_proc *);
|
||||
@@ -943,8 +981,10 @@
|
||||
void relay_session(struct rsession *);
|
||||
int relay_from_table(struct rsession *);
|
||||
int relay_socket_af(struct sockaddr_storage *, in_port_t);
|
||||
+#ifndef __FreeBSD__
|
||||
in_port_t
|
||||
relay_socket_getport(struct sockaddr_storage *);
|
||||
+#endif
|
||||
int relay_cmp_af(struct sockaddr_storage *,
|
||||
struct sockaddr_storage *);
|
||||
|
||||
-
|
||||
RB_PROTOTYPE(proto_tree, protonode, se_nodes, relay_proto_cmp);
|
||||
SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp);
|
||||
@@ -986,8 +1026,10 @@
|
||||
struct host *host_find(struct relayd *, objid_t);
|
||||
struct table *table_find(struct relayd *, objid_t);
|
||||
struct rdr *rdr_find(struct relayd *, objid_t);
|
||||
+#ifndef __FreeBSD__
|
||||
struct netroute *route_find(struct relayd *, objid_t);
|
||||
struct router *router_find(struct relayd *, objid_t);
|
||||
+#endif
|
||||
struct host *host_findbyname(struct relayd *, const char *);
|
||||
struct table *table_findbyname(struct relayd *, const char *);
|
||||
struct table *table_findbyconf(struct relayd *, struct table *);
|
||||
@@ -1035,11 +1077,13 @@
|
||||
void pn_unref(u_int16_t);
|
||||
void pn_ref(u_int16_t);
|
||||
|
||||
@@ -867,6 +877,7 @@
|
||||
void imsg_event_add(struct imsgev *);
|
||||
int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
|
||||
pid_t, int, void *, u_int16_t);
|
||||
+void socket_rlimit(int);
|
||||
+#ifndef __FreeBSD__
|
||||
/* snmp.c */
|
||||
void snmp_init(struct relayd *, enum privsep_procid);
|
||||
int snmp_setsock(struct relayd *, enum privsep_procid);
|
||||
int snmp_getsock(struct relayd *, struct imsg *);
|
||||
void snmp_hosttrap(struct relayd *, struct table *, struct host *);
|
||||
+#endif
|
||||
|
||||
/* carp.c */
|
||||
int carp_demote_init(char *, int);
|
||||
@@ -898,6 +909,7 @@
|
||||
|
||||
/* log.c */
|
||||
void log_init(int);
|
||||
+void log_verbose(int);
|
||||
void log_warn(const char *, ...);
|
||||
void log_warnx(const char *, ...);
|
||||
void log_info(const char *, ...);
|
||||
/* shuffle.c */
|
||||
void shuffle_init(struct shuffle *);
|
||||
@@ -1092,9 +1136,11 @@
|
||||
int config_setrdr(struct relayd *, struct rdr *);
|
||||
int config_getrdr(struct relayd *, struct imsg *);
|
||||
int config_getvirt(struct relayd *, struct imsg *);
|
||||
+#ifndef __FreeBSD__
|
||||
int config_setrt(struct relayd *, struct router *);
|
||||
int config_getrt(struct relayd *, struct imsg *);
|
||||
int config_getroute(struct relayd *, struct imsg *);
|
||||
+#endif
|
||||
int config_setproto(struct relayd *env, struct protocol *);
|
||||
int config_getproto(struct relayd *, struct imsg *);
|
||||
int config_setprotonode(struct relayd *, enum privsep_procid,
|
||||
@@ -1102,3 +1148,9 @@
|
||||
int config_getprotonode(struct relayd *, struct imsg *);
|
||||
int config_setrelay(struct relayd *env, struct relay *);
|
||||
int config_getrelay(struct relayd *, struct imsg *);
|
||||
+
|
||||
+#ifdef __FreeBSD__
|
||||
+#if __FreeBSD_version < 800041
|
||||
+u_int32_t arc4random_uniform(u_int32_t upper_bound);
|
||||
+#endif
|
||||
+#endif
|
||||
|
@ -8,4 +8,9 @@ firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd.
|
||||
Layer 3 redirection happens at the packet level; to configure it, relayd
|
||||
communicates with pf(4).
|
||||
|
||||
The following relayd functionality is not (yet) implemented in FreeBSD:
|
||||
carp
|
||||
routers
|
||||
snmp
|
||||
|
||||
WWW: http://spootnik.org/relayd/
|
||||
|
Loading…
Reference in New Issue
Block a user