diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-01-03 09:42:31 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-01-03 09:42:31 +0000 |
commit | 875e2ef53f679775f21613b6e76ffea5074b0e06 (patch) | |
tree | b3749b24b4cb295c6c69557d56ec72f92511ad55 | |
parent | 2f5ecd5f468a31e4f5f0399a3c82f0b78c47c3cd (diff) |
allow the sticky-address option for round-robin pools.
From Pierre-Yves Ritschard (pyr at spootnik dot org)
-rw-r--r-- | usr.sbin/hostated/hostated.conf.5 | 8 | ||||
-rw-r--r-- | usr.sbin/hostated/hostated.h | 3 | ||||
-rw-r--r-- | usr.sbin/hostated/parse.y | 6 | ||||
-rw-r--r-- | usr.sbin/hostated/pfe_filter.c | 4 | ||||
-rw-r--r-- | usr.sbin/hoststated/hoststated.conf.5 | 8 | ||||
-rw-r--r-- | usr.sbin/hoststated/hoststated.h | 3 | ||||
-rw-r--r-- | usr.sbin/hoststated/parse.y | 6 | ||||
-rw-r--r-- | usr.sbin/hoststated/pfe_filter.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/parse.y | 6 | ||||
-rw-r--r-- | usr.sbin/relayd/pfe_filter.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 8 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 3 |
12 files changed, 48 insertions, 15 deletions
diff --git a/usr.sbin/hostated/hostated.conf.5 b/usr.sbin/hostated/hostated.conf.5 index 795595c6944..f0985ede244 100644 --- a/usr.sbin/hostated/hostated.conf.5 +++ b/usr.sbin/hostated/hostated.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: hostated.conf.5,v 1.7 2006/12/25 19:07:34 reyk Exp $ +.\" $OpenBSD: hostated.conf.5,v 1.8 2007/01/03 09:42:30 reyk Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -152,6 +152,12 @@ are seen as down or disabled. Set the service initially disabled. It can be later enabled through .Xr hostatectl 8 . +.It Ic sticky-address +This has the same effect than specifying sticky-address +for a rdr rule in +.Xr pf.conf 5 . +It will ensure that multiple connections from the same source are +mapped to the same redirection address. .It Ic table Ar name Specify the main table to be used. This is mandatory. diff --git a/usr.sbin/hostated/hostated.h b/usr.sbin/hostated/hostated.h index 4bc52a29f50..1706b3659ef 100644 --- a/usr.sbin/hostated/hostated.h +++ b/usr.sbin/hostated/hostated.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostated.h,v 1.6 2006/12/26 02:51:00 jsg Exp $ */ +/* $OpenBSD: hostated.h,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -159,6 +159,7 @@ TAILQ_HEAD(addresslist, address); #define F_ADD 0x10 #define F_DEL 0x20 #define F_CHANGED 0x40 +#define F_STICKY 0x80 struct host { u_int8_t flags; diff --git a/usr.sbin/hostated/parse.y b/usr.sbin/hostated/parse.y index 33a7ed336ed..bf414099696 100644 --- a/usr.sbin/hostated/parse.y +++ b/usr.sbin/hostated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.6 2006/12/25 19:05:41 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -100,7 +100,7 @@ typedef struct { %token SERVICE TABLE BACKUP HOST REAL %token CHECK HTTP HTTPS TCP ICMP EXTERNAL %token TIMEOUT CODE DIGEST PORT TAG INTERFACE -%token VIRTUAL IP INTERVAL DISABLE +%token VIRTUAL IP INTERVAL DISABLE STICKYADDR %token ERROR %token <v.string> STRING %type <v.string> interface @@ -264,6 +264,7 @@ serviceoptsl : TABLE STRING { free($6); } | DISABLE { service->flags |= F_DISABLE; } + | STICKYADDR { service->flags |= F_STICKY; } | TAG STRING { if (strlcpy(service->tag, $2, sizeof(service->tag)) >= sizeof(service->tag)) { @@ -480,6 +481,7 @@ lookup(char *s) { "port", PORT }, { "real", REAL }, { "service", SERVICE }, + { "sticky-address", STICKYADDR }, { "table", TABLE }, { "tag", TAG }, { "tcp", TCP }, diff --git a/usr.sbin/hostated/pfe_filter.c b/usr.sbin/hostated/pfe_filter.c index 89ea50b48c5..76ce3e015f8 100644 --- a/usr.sbin/hostated/pfe_filter.c +++ b/usr.sbin/hostated/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.2 2006/12/16 12:42:14 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.3 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -308,6 +308,8 @@ sync_ruleset(struct hostated *env, struct service *service, int enable) rio.rule.rpool.proxy_port[0] = service->table->port; rio.rule.rpool.port_op = PF_OP_EQ; rio.rule.rpool.opts = PF_POOL_ROUNDROBIN; + if (service->flags & F_STICKY) + rio.rule.rpool.opts |= PF_POOL_STICKYADDR; if (ioctl(env->pf->dev, DIOCADDRULE, &rio) == -1) fatal("cannot add rule"); diff --git a/usr.sbin/hoststated/hoststated.conf.5 b/usr.sbin/hoststated/hoststated.conf.5 index 85c49eb7a42..3a5e9a671a5 100644 --- a/usr.sbin/hoststated/hoststated.conf.5 +++ b/usr.sbin/hoststated/hoststated.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: hoststated.conf.5,v 1.7 2006/12/25 19:07:34 reyk Exp $ +.\" $OpenBSD: hoststated.conf.5,v 1.8 2007/01/03 09:42:30 reyk Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -152,6 +152,12 @@ are seen as down or disabled. Set the service initially disabled. It can be later enabled through .Xr hostatectl 8 . +.It Ic sticky-address +This has the same effect than specifying sticky-address +for a rdr rule in +.Xr pf.conf 5 . +It will ensure that multiple connections from the same source are +mapped to the same redirection address. .It Ic table Ar name Specify the main table to be used. This is mandatory. diff --git a/usr.sbin/hoststated/hoststated.h b/usr.sbin/hoststated/hoststated.h index ec611e5e7ad..6dbb46819e4 100644 --- a/usr.sbin/hoststated/hoststated.h +++ b/usr.sbin/hoststated/hoststated.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hoststated.h,v 1.6 2006/12/26 02:51:00 jsg Exp $ */ +/* $OpenBSD: hoststated.h,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -159,6 +159,7 @@ TAILQ_HEAD(addresslist, address); #define F_ADD 0x10 #define F_DEL 0x20 #define F_CHANGED 0x40 +#define F_STICKY 0x80 struct host { u_int8_t flags; diff --git a/usr.sbin/hoststated/parse.y b/usr.sbin/hoststated/parse.y index 33a7ed336ed..bf414099696 100644 --- a/usr.sbin/hoststated/parse.y +++ b/usr.sbin/hoststated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.6 2006/12/25 19:05:41 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -100,7 +100,7 @@ typedef struct { %token SERVICE TABLE BACKUP HOST REAL %token CHECK HTTP HTTPS TCP ICMP EXTERNAL %token TIMEOUT CODE DIGEST PORT TAG INTERFACE -%token VIRTUAL IP INTERVAL DISABLE +%token VIRTUAL IP INTERVAL DISABLE STICKYADDR %token ERROR %token <v.string> STRING %type <v.string> interface @@ -264,6 +264,7 @@ serviceoptsl : TABLE STRING { free($6); } | DISABLE { service->flags |= F_DISABLE; } + | STICKYADDR { service->flags |= F_STICKY; } | TAG STRING { if (strlcpy(service->tag, $2, sizeof(service->tag)) >= sizeof(service->tag)) { @@ -480,6 +481,7 @@ lookup(char *s) { "port", PORT }, { "real", REAL }, { "service", SERVICE }, + { "sticky-address", STICKYADDR }, { "table", TABLE }, { "tag", TAG }, { "tcp", TCP }, diff --git a/usr.sbin/hoststated/pfe_filter.c b/usr.sbin/hoststated/pfe_filter.c index 89ea50b48c5..76ce3e015f8 100644 --- a/usr.sbin/hoststated/pfe_filter.c +++ b/usr.sbin/hoststated/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.2 2006/12/16 12:42:14 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.3 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -308,6 +308,8 @@ sync_ruleset(struct hostated *env, struct service *service, int enable) rio.rule.rpool.proxy_port[0] = service->table->port; rio.rule.rpool.port_op = PF_OP_EQ; rio.rule.rpool.opts = PF_POOL_ROUNDROBIN; + if (service->flags & F_STICKY) + rio.rule.rpool.opts |= PF_POOL_STICKYADDR; if (ioctl(env->pf->dev, DIOCADDRULE, &rio) == -1) fatal("cannot add rule"); diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 33a7ed336ed..bf414099696 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.6 2006/12/25 19:05:41 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -100,7 +100,7 @@ typedef struct { %token SERVICE TABLE BACKUP HOST REAL %token CHECK HTTP HTTPS TCP ICMP EXTERNAL %token TIMEOUT CODE DIGEST PORT TAG INTERFACE -%token VIRTUAL IP INTERVAL DISABLE +%token VIRTUAL IP INTERVAL DISABLE STICKYADDR %token ERROR %token <v.string> STRING %type <v.string> interface @@ -264,6 +264,7 @@ serviceoptsl : TABLE STRING { free($6); } | DISABLE { service->flags |= F_DISABLE; } + | STICKYADDR { service->flags |= F_STICKY; } | TAG STRING { if (strlcpy(service->tag, $2, sizeof(service->tag)) >= sizeof(service->tag)) { @@ -480,6 +481,7 @@ lookup(char *s) { "port", PORT }, { "real", REAL }, { "service", SERVICE }, + { "sticky-address", STICKYADDR }, { "table", TABLE }, { "tag", TAG }, { "tcp", TCP }, diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 89ea50b48c5..76ce3e015f8 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.2 2006/12/16 12:42:14 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.3 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -308,6 +308,8 @@ sync_ruleset(struct hostated *env, struct service *service, int enable) rio.rule.rpool.proxy_port[0] = service->table->port; rio.rule.rpool.port_op = PF_OP_EQ; rio.rule.rpool.opts = PF_POOL_ROUNDROBIN; + if (service->flags & F_STICKY) + rio.rule.rpool.opts |= PF_POOL_STICKYADDR; if (ioctl(env->pf->dev, DIOCADDRULE, &rio) == -1) fatal("cannot add rule"); diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 1b9d935b5cc..48c805c0b2c 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.7 2006/12/25 19:07:34 reyk Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.8 2007/01/03 09:42:30 reyk Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -152,6 +152,12 @@ are seen as down or disabled. Set the service initially disabled. It can be later enabled through .Xr hostatectl 8 . +.It Ic sticky-address +This has the same effect than specifying sticky-address +for a rdr rule in +.Xr pf.conf 5 . +It will ensure that multiple connections from the same source are +mapped to the same redirection address. .It Ic table Ar name Specify the main table to be used. This is mandatory. diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 88f1df9abb8..d001ef0b09c 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.6 2006/12/26 02:51:00 jsg Exp $ */ +/* $OpenBSD: relayd.h,v 1.7 2007/01/03 09:42:30 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -159,6 +159,7 @@ TAILQ_HEAD(addresslist, address); #define F_ADD 0x10 #define F_DEL 0x20 #define F_CHANGED 0x40 +#define F_STICKY 0x80 struct host { u_int8_t flags; |