summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-09-04 14:15:06 +0000
committerPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-09-04 14:15:06 +0000
commit357197a12c46e9e2d9474fb3560e2876885c0cbd (patch)
tree5904922689309db44269b84ac6cc617263c9f63a
parenteceef9d706a085e93980fed0bc92de770d092fc3 (diff)
Add the ability to specify a host header when using http(s) check methods.
Prodded by me, done by Gille Chehade <veins@evilkittens.org> ok reyk, jmc for the manpage bits.
-rw-r--r--usr.sbin/hoststated/hoststated.conf.538
-rw-r--r--usr.sbin/hoststated/parse.y33
-rw-r--r--usr.sbin/relayd/parse.y33
-rw-r--r--usr.sbin/relayd/relayd.conf.538
4 files changed, 110 insertions, 32 deletions
diff --git a/usr.sbin/hoststated/hoststated.conf.5 b/usr.sbin/hoststated/hoststated.conf.5
index d7b6c808dbc..68d03db2370 100644
--- a/usr.sbin/hoststated/hoststated.conf.5
+++ b/usr.sbin/hoststated/hoststated.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: hoststated.conf.5,v 1.46 2007/07/24 17:51:33 pyr Exp $
+.\" $OpenBSD: hoststated.conf.5,v 1.47 2007/09/04 14:15:05 pyr Exp $
.\"
.\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: July 24 2007 $
+.Dd $Mdocdate: September 4 2007 $
.Dt HOSTSTATED.CONF 5
.Os
.Sh NAME
@@ -149,18 +149,40 @@ method.
Only one health-checking method can be used per table.
Table specific configuration directives are described below.
.Bl -tag -width Ds
-.It Ic check http Ar path Ic code Ar number
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic code Ar number
+.Xc
For each host in the table, verify that retrieving the URL
.Ar path
gives the HTTP return code
.Ar number .
-.It Ic check https Ar path Ic code Ar number
+If
+.Ar hostname
+is specified, it is used as the
+.Dq Host:
+header to query a specific hostname at target host.
+.It Xo
+.Ic check https Ar path
+.Op Ic host Ar hostname
+.Ic code Ar number
+.Xc
This has the same effect as above but wraps the HTTP request in SSL.
-.It Ic check http Ar path Ic digest Ar string
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic digest Ar string
+.Xc
For each host in the table, verify that retrieving the URL
.Ar path
produces a content whose SHA1 digest is
.Ar digest .
+If
+.Ar hostname
+is specified, it is used as the
+.Dq Host:
+header to query a specific hostname at target host.
The digest does not take the HTTP headers into account.
To compute the digest, use this simple command:
.Bd -literal -offset indent
@@ -172,7 +194,11 @@ that can be used as is in a digest statement:
.Bd -literal -offset indent
a9993e36476816aba3e25717850c26c9cd0d89d
.Ed
-.It Ic check https Ar path Ic digest Ar string
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic digest Ar string
+.Xc
This has the same effect as above but wraps the HTTP request in SSL.
.It Ic check icmp
Ping hosts in this table to determine whether they are up or not.
diff --git a/usr.sbin/hoststated/parse.y b/usr.sbin/hoststated/parse.y
index 65be41149af..0e7d448fd63 100644
--- a/usr.sbin/hoststated/parse.y
+++ b/usr.sbin/hoststated/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.50 2007/07/05 09:42:26 thib Exp $ */
+/* $OpenBSD: parse.y,v 1.51 2007/09/04 14:15:05 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -115,7 +115,7 @@ typedef struct {
%token LOG UPDATES ALL DEMOTE NODELAY SACK SOCKET BUFFER URL RETRY IP
%token ERROR
%token <v.string> STRING
-%type <v.string> interface
+%type <v.string> interface hostname
%type <v.number> number port http_type loglevel sslcache optssl dstport
%type <v.number> proto_type dstmode docheck retry log flag direction
%type <v.host> host
@@ -166,6 +166,17 @@ http_type : STRING {
}
;
+hostname : /* empty */ {
+ $$ = strdup("");
+ if ($$ == NULL)
+ fatal("calloc");
+ }
+ | HOST STRING {
+ if (asprintf(&$$, "Host: %s\r\n", $2) == -1)
+ fatal("asprintf");
+ }
+ ;
+
proto_type : TCP { $$ = RELAY_PROTO_TCP; }
| STRING {
if (strcmp("http", $1) == 0) {
@@ -458,42 +469,44 @@ tableoptsl : host {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
- | CHECK http_type STRING CODE number {
+ | CHECK http_type STRING hostname CODE number {
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
table->conf.check = CHECK_HTTP_CODE;
- table->conf.retcode = $5;
+ table->conf.retcode = $6;
if (asprintf(&table->sendbuf,
- "HEAD %s HTTP/1.0\r\n\r\n", $3) == -1)
+ "HEAD %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1)
fatal("asprintf");
free($3);
+ free($4);
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
}
- | CHECK http_type STRING DIGEST STRING {
+ | CHECK http_type STRING hostname DIGEST STRING {
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
table->conf.check = CHECK_HTTP_DIGEST;
if (asprintf(&table->sendbuf,
- "GET %s HTTP/1.0\r\n\r\n", $3) == -1)
+ "GET %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1)
fatal("asprintf");
free($3);
+ free($4);
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
- if (strlcpy(table->conf.digest, $5,
+ if (strlcpy(table->conf.digest, $6,
sizeof(table->conf.digest)) >=
sizeof(table->conf.digest)) {
yyerror("http digest truncated");
- free($5);
+ free($6);
YYERROR;
}
- free($5);
+ free($6);
}
| CHECK SEND sendbuf EXPECT STRING optssl {
table->conf.check = CHECK_SEND_EXPECT;
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 65be41149af..0e7d448fd63 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.50 2007/07/05 09:42:26 thib Exp $ */
+/* $OpenBSD: parse.y,v 1.51 2007/09/04 14:15:05 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -115,7 +115,7 @@ typedef struct {
%token LOG UPDATES ALL DEMOTE NODELAY SACK SOCKET BUFFER URL RETRY IP
%token ERROR
%token <v.string> STRING
-%type <v.string> interface
+%type <v.string> interface hostname
%type <v.number> number port http_type loglevel sslcache optssl dstport
%type <v.number> proto_type dstmode docheck retry log flag direction
%type <v.host> host
@@ -166,6 +166,17 @@ http_type : STRING {
}
;
+hostname : /* empty */ {
+ $$ = strdup("");
+ if ($$ == NULL)
+ fatal("calloc");
+ }
+ | HOST STRING {
+ if (asprintf(&$$, "Host: %s\r\n", $2) == -1)
+ fatal("asprintf");
+ }
+ ;
+
proto_type : TCP { $$ = RELAY_PROTO_TCP; }
| STRING {
if (strcmp("http", $1) == 0) {
@@ -458,42 +469,44 @@ tableoptsl : host {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
- | CHECK http_type STRING CODE number {
+ | CHECK http_type STRING hostname CODE number {
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
table->conf.check = CHECK_HTTP_CODE;
- table->conf.retcode = $5;
+ table->conf.retcode = $6;
if (asprintf(&table->sendbuf,
- "HEAD %s HTTP/1.0\r\n\r\n", $3) == -1)
+ "HEAD %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1)
fatal("asprintf");
free($3);
+ free($4);
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
}
- | CHECK http_type STRING DIGEST STRING {
+ | CHECK http_type STRING hostname DIGEST STRING {
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
}
table->conf.check = CHECK_HTTP_DIGEST;
if (asprintf(&table->sendbuf,
- "GET %s HTTP/1.0\r\n\r\n", $3) == -1)
+ "GET %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1)
fatal("asprintf");
free($3);
+ free($4);
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
- if (strlcpy(table->conf.digest, $5,
+ if (strlcpy(table->conf.digest, $6,
sizeof(table->conf.digest)) >=
sizeof(table->conf.digest)) {
yyerror("http digest truncated");
- free($5);
+ free($6);
YYERROR;
}
- free($5);
+ free($6);
}
| CHECK SEND sendbuf EXPECT STRING optssl {
table->conf.check = CHECK_SEND_EXPECT;
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index 7f2629fa739..a273ebf74ba 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.46 2007/07/24 17:51:33 pyr Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.47 2007/09/04 14:15:05 pyr Exp $
.\"
.\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: July 24 2007 $
+.Dd $Mdocdate: September 4 2007 $
.Dt HOSTSTATED.CONF 5
.Os
.Sh NAME
@@ -149,18 +149,40 @@ method.
Only one health-checking method can be used per table.
Table specific configuration directives are described below.
.Bl -tag -width Ds
-.It Ic check http Ar path Ic code Ar number
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic code Ar number
+.Xc
For each host in the table, verify that retrieving the URL
.Ar path
gives the HTTP return code
.Ar number .
-.It Ic check https Ar path Ic code Ar number
+If
+.Ar hostname
+is specified, it is used as the
+.Dq Host:
+header to query a specific hostname at target host.
+.It Xo
+.Ic check https Ar path
+.Op Ic host Ar hostname
+.Ic code Ar number
+.Xc
This has the same effect as above but wraps the HTTP request in SSL.
-.It Ic check http Ar path Ic digest Ar string
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic digest Ar string
+.Xc
For each host in the table, verify that retrieving the URL
.Ar path
produces a content whose SHA1 digest is
.Ar digest .
+If
+.Ar hostname
+is specified, it is used as the
+.Dq Host:
+header to query a specific hostname at target host.
The digest does not take the HTTP headers into account.
To compute the digest, use this simple command:
.Bd -literal -offset indent
@@ -172,7 +194,11 @@ that can be used as is in a digest statement:
.Bd -literal -offset indent
a9993e36476816aba3e25717850c26c9cd0d89d
.Ed
-.It Ic check https Ar path Ic digest Ar string
+.It Xo
+.Ic check http Ar path
+.Op Ic host Ar hostname
+.Ic digest Ar string
+.Xc
This has the same effect as above but wraps the HTTP request in SSL.
.It Ic check icmp
Ping hosts in this table to determine whether they are up or not.