summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd
diff options
context:
space:
mode:
authorPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-05-27 20:53:11 +0000
committerPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-05-27 20:53:11 +0000
commitc51554c18c6367c56e04251989f51d729fa69e0e (patch)
tree6a60ca92ab38f9cd73fb99348e05d9eab3a795b8 /usr.sbin/relayd
parent7d65dffdf7e6340950f4e6611d50dbd89dcfd1f5 (diff)
Second step towards hoststated reload:
First split out hosts, tables and services into to structs, one that contains the runtime fields and one (inside the runtime) that contains mostly static fields that will be sent over the socket during reload. Also move the demoted field of tables inside the flags field as its just a boolean. ok reyk@
Diffstat (limited to 'usr.sbin/relayd')
-rw-r--r--usr.sbin/relayd/check_icmp.c31
-rw-r--r--usr.sbin/relayd/check_tcp.c52
-rw-r--r--usr.sbin/relayd/hce.c28
-rw-r--r--usr.sbin/relayd/parse.y181
-rw-r--r--usr.sbin/relayd/pfe.c155
-rw-r--r--usr.sbin/relayd/pfe_filter.c38
-rw-r--r--usr.sbin/relayd/relay.c29
-rw-r--r--usr.sbin/relayd/relayd.c14
-rw-r--r--usr.sbin/relayd/relayd.h48
-rw-r--r--usr.sbin/relayd/ssl.c28
10 files changed, 323 insertions, 281 deletions
diff --git a/usr.sbin/relayd/check_icmp.c b/usr.sbin/relayd/check_icmp.c
index 1f2bf1e71e5..3bec6056d89 100644
--- a/usr.sbin/relayd/check_icmp.c
+++ b/usr.sbin/relayd/check_icmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: check_icmp.c,v 1.14 2007/02/23 00:28:06 deraadt Exp $ */
+/* $OpenBSD: check_icmp.c,v 1.15 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -78,7 +78,7 @@ schedule_icmp(struct hoststated *env, struct host *host)
host->last_up = host->up;
host->flags &= ~(F_CHECK_SENT|F_CHECK_DONE);
- if (((struct sockaddr *)&host->ss)->sa_family == AF_INET)
+ if (((struct sockaddr *)&host->conf.ss)->sa_family == AF_INET)
env->has_icmp = 1;
else
env->has_icmp6 = 1;
@@ -120,10 +120,11 @@ icmp_checks_done(struct ctl_icmp_event *cie)
struct host *host;
TAILQ_FOREACH(table, &cie->env->tables, entry) {
- if (table->flags & F_DISABLE || table->check != CHECK_ICMP)
+ if (table->conf.flags & F_DISABLE ||
+ table->conf.check != CHECK_ICMP)
continue;
TAILQ_FOREACH(host, &table->hosts, entry) {
- if (((struct sockaddr *)&host->ss)->sa_family !=
+ if (((struct sockaddr *)&host->conf.ss)->sa_family !=
cie->af)
continue;
if (!(host->flags & F_CHECK_DONE))
@@ -140,10 +141,11 @@ icmp_checks_timeout(struct ctl_icmp_event *cie, const char *msg)
struct host *host;
TAILQ_FOREACH(table, &cie->env->tables, entry) {
- if (table->flags & F_DISABLE || table->check != CHECK_ICMP)
+ if (table->conf.flags & F_DISABLE ||
+ table->conf.check != CHECK_ICMP)
continue;
TAILQ_FOREACH(host, &table->hosts, entry) {
- if (((struct sockaddr *)&host->ss)->sa_family !=
+ if (((struct sockaddr *)&host->conf.ss)->sa_family !=
cie->af)
continue;
if (!(host->flags & F_CHECK_DONE))
@@ -190,28 +192,29 @@ send_icmp(int s, short event, void *arg)
}
TAILQ_FOREACH(table, &cie->env->tables, entry) {
- if (table->check != CHECK_ICMP || table->flags & F_DISABLE)
+ if (table->conf.check != CHECK_ICMP ||
+ table->conf.flags & F_DISABLE)
continue;
TAILQ_FOREACH(host, &table->hosts, entry) {
if (host->flags & (F_DISABLE | F_CHECK_SENT))
continue;
- if (((struct sockaddr *)&host->ss)->sa_family !=
+ if (((struct sockaddr *)&host->conf.ss)->sa_family !=
cie->af)
continue;
i++;
- to = (struct sockaddr *)&host->ss;
+ to = (struct sockaddr *)&host->conf.ss;
if (cie->af == AF_INET) {
icp->icmp_seq = htons(i);
icp->icmp_cksum = 0;
- memcpy(icp->icmp_data, &host->id,
- sizeof(host->id));
+ memcpy(icp->icmp_data, &host->conf.id,
+ sizeof(host->conf.id));
icp->icmp_cksum = in_cksum((u_short *)icp,
sizeof(packet));
} else {
icp6->icmp6_seq = htons(i);
icp6->icmp6_cksum = 0;
- memcpy(packet + sizeof(*icp6), &host->id,
- sizeof(host->id));
+ memcpy(packet + sizeof(*icp6), &host->conf.id,
+ sizeof(host->conf.id));
icp6->icmp6_cksum = in_cksum((u_short *)icp6,
sizeof(packet));
}
@@ -281,7 +284,7 @@ recv_icmp(int s, short event, void *arg)
log_warn("recv_icmp: ping for unknown host received");
goto retry;
}
- if (bcmp(&ss, &host->ss, slen)) {
+ if (bcmp(&ss, &host->conf.ss, slen)) {
log_warnx("recv_icmp: forged icmp packet?");
goto retry;
}
diff --git a/usr.sbin/relayd/check_tcp.c b/usr.sbin/relayd/check_tcp.c
index 82bb01f7186..5b0b2521661 100644
--- a/usr.sbin/relayd/check_tcp.c
+++ b/usr.sbin/relayd/check_tcp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: check_tcp.c,v 1.23 2007/02/22 05:58:06 reyk Exp $ */
+/* $OpenBSD: check_tcp.c,v 1.24 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -56,20 +56,20 @@ check_tcp(struct ctl_tcp_event *cte)
struct timeval tv;
struct linger lng;
- switch (cte->host->ss.ss_family) {
+ switch (cte->host->conf.ss.ss_family) {
case AF_INET:
- ((struct sockaddr_in *)&cte->host->ss)->sin_port =
- cte->table->port;
+ ((struct sockaddr_in *)&cte->host->conf.ss)->sin_port =
+ cte->table->conf.port;
break;
case AF_INET6:
- ((struct sockaddr_in6 *)&cte->host->ss)->sin6_port =
- cte->table->port;
+ ((struct sockaddr_in6 *)&cte->host->conf.ss)->sin6_port =
+ cte->table->conf.port;
break;
}
- len = ((struct sockaddr *)&cte->host->ss)->sa_len;
+ len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len;
- if ((s = socket(cte->host->ss.ss_family, SOCK_STREAM, 0)) == -1)
+ if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1)
goto bad;
bzero(&lng, sizeof(lng));
@@ -83,8 +83,8 @@ check_tcp(struct ctl_tcp_event *cte)
if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
goto bad;
- bcopy(&cte->table->timeout, &tv, sizeof(tv));
- if (connect(s, (struct sockaddr *)&cte->host->ss, len) == -1) {
+ bcopy(&cte->table->conf.timeout, &tv, sizeof(tv));
+ if (connect(s, (struct sockaddr *)&cte->host->conf.ss, len) == -1) {
if (errno != EINPROGRESS)
goto bad;
}
@@ -133,9 +133,9 @@ tcp_host_up(int s, struct ctl_tcp_event *cte)
{
cte->s = s;
- switch (cte->table->check) {
+ switch (cte->table->conf.check) {
case CHECK_TCP:
- if (cte->table->flags & F_SSL)
+ if (cte->table->conf.flags & F_SSL)
break;
close(s);
hce_notify_done(cte->host, "tcp_host_up: connect successful");
@@ -154,7 +154,7 @@ tcp_host_up(int s, struct ctl_tcp_event *cte)
break;
}
- if (cte->table->flags & F_SSL) {
+ if (cte->table->conf.flags & F_SSL) {
ssl_transaction(cte);
return;
}
@@ -162,14 +162,14 @@ tcp_host_up(int s, struct ctl_tcp_event *cte)
if (cte->table->sendbuf != NULL) {
cte->req = cte->table->sendbuf;
event_again(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_send_req,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
if ((cte->buf = buf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("tcp_host_up: cannot create dynamic buffer");
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
void
@@ -202,12 +202,12 @@ tcp_send_req(int s, short event, void *arg)
if ((cte->buf = buf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("tcp_send_req: cannot create dynamic buffer");
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
retry:
event_again(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_send_req,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
void
@@ -267,7 +267,7 @@ tcp_read_buf(int s, short event, void *arg)
}
retry:
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
int
@@ -282,7 +282,7 @@ check_send_expect(struct ctl_tcp_event *cte)
if (b == NULL)
fatal("out of memory");
*b = '\0';
- if (fnmatch(cte->table->exbuf, cte->buf->buf, 0) == 0) {
+ if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
cte->host->up = HOST_UP;
return (0);
}
@@ -318,7 +318,7 @@ check_http_code(struct ctl_tcp_event *cte)
if (strncmp(head, "HTTP/1.1 ", strlen("HTTP/1.1 ")) &&
strncmp(head, "HTTP/1.0 ", strlen("HTTP/1.0 "))) {
log_debug("check_http_code: %s failed "
- "(cannot parse HTTP version)", host->name);
+ "(cannot parse HTTP version)", host->conf.name);
host->up = HOST_DOWN;
return (1);
}
@@ -331,13 +331,13 @@ check_http_code(struct ctl_tcp_event *cte)
code = strtonum(scode, 100, 999, &estr);
if (estr != NULL) {
log_debug("check_http_code: %s failed "
- "(cannot parse HTTP code)", host->name);
+ "(cannot parse HTTP code)", host->conf.name);
host->up = HOST_DOWN;
return (1);
}
- if (code != cte->table->retcode) {
+ if (code != cte->table->conf.retcode) {
log_debug("check_http_code: %s failed "
- "(invalid HTTP code returned)", host->name);
+ "(invalid HTTP code returned)", host->conf.name);
host->up = HOST_DOWN;
} else
host->up = HOST_UP;
@@ -364,16 +364,16 @@ check_http_digest(struct ctl_tcp_event *cte)
host = cte->host;
if ((head = strstr(head, "\r\n\r\n")) == NULL) {
log_debug("check_http_digest: %s failed "
- "(no end of headers)", host->name);
+ "(no end of headers)", host->conf.name);
host->up = HOST_DOWN;
return (1);
}
head += strlen("\r\n\r\n");
SHA1Data(head, strlen(head), digest);
- if (strcmp(cte->table->digest, digest)) {
+ if (strcmp(cte->table->conf.digest, digest)) {
log_warnx("check_http_digest: %s failed "
- "(wrong digest)", host->name);
+ "(wrong digest)", host->conf.name);
host->up = HOST_DOWN;
} else
host->up = HOST_UP;
diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c
index e8f48b11cf8..8ae3c42110d 100644
--- a/usr.sbin/relayd/hce.c
+++ b/usr.sbin/relayd/hce.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hce.c,v 1.19 2007/05/26 19:58:48 pyr Exp $ */
+/* $OpenBSD: hce.c,v 1.20 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -150,7 +150,7 @@ hce(struct hoststated *x_env, int pipe_parent2pfe[2], int pipe_parent2hce[2],
if (env->flags & F_SSL) {
ssl_init(env);
TAILQ_FOREACH(table, &env->tables, entry) {
- if (!(table->flags & F_SSL))
+ if (!(table->conf.flags & F_SSL))
continue;
table->ssl_ctx = ssl_ctx_create(env);
}
@@ -185,15 +185,15 @@ hce_launch_checks(int fd, short event, void *arg)
fatal("hce_launch_checks: gettimeofday");
TAILQ_FOREACH(table, &env->tables, entry) {
- if (table->flags & F_DISABLE)
+ if (table->conf.flags & F_DISABLE)
continue;
- if (table->check == CHECK_NOCHECK)
+ if (table->conf.check == CHECK_NOCHECK)
fatalx("hce_launch_checks: unknown check type");
TAILQ_FOREACH(host, &table->hosts, entry) {
if (host->flags & F_DISABLE)
continue;
- if (table->check == CHECK_ICMP) {
+ if (table->conf.check == CHECK_ICMP) {
schedule_icmp(env, host);
continue;
}
@@ -225,23 +225,23 @@ hce_notify_done(struct host *host, const char *msg)
if (host->up == HOST_DOWN && host->retry_cnt) {
log_debug("hce_notify_done: host %s retry %d",
- host->name, host->retry_cnt);
+ host->conf.name, host->retry_cnt);
host->up = host->last_up;
host->retry_cnt--;
} else
- host->retry_cnt = host->retry;
+ host->retry_cnt = host->conf.retry;
if (host->up != HOST_UNKNOWN) {
host->check_cnt++;
if (host->up == HOST_UP)
host->up_cnt++;
}
- st.id = host->id;
+ st.id = host->conf.id;
st.up = host->up;
st.check_cnt = host->check_cnt;
st.retry_cnt = host->retry_cnt;
host->flags |= (F_CHECK_SENT|F_CHECK_DONE);
if (msg)
- log_debug("hce_notify_done: %s (%s)", host->name, msg);
+ log_debug("hce_notify_done: %s (%s)", host->conf.name, msg);
imsg_compose(ibuf_pfe, IMSG_HOST_STATUS, 0, 0, &st, sizeof(st));
if (host->up != host->last_up)
@@ -257,14 +257,14 @@ hce_notify_done(struct host *host, const char *msg)
else
duration = 0;
- if ((table = table_find(env, host->tableid)) == NULL)
+ if ((table = table_find(env, host->conf.tableid)) == NULL)
fatalx("hce_notify_done: invalid table id");
if (env->opts & logopt) {
log_info("host %s, check %s%s (%lums), state %s -> %s, "
"availability %s",
- host->name, table_check(table->check),
- (table->flags & F_SSL) ? " use ssl" : "", duration,
+ host->conf.name, table_check(table->conf.check),
+ (table->conf.flags & F_SSL) ? " use ssl" : "", duration,
host_status(host->last_up), host_status(host->up),
print_availability(host->check_cnt, host->up_cnt));
}
@@ -333,7 +333,7 @@ hce_dispatch_imsg(int fd, short event, void *ptr)
memcpy(&id, imsg.data, sizeof(id));
if ((table = table_find(env, id)) == NULL)
fatalx("hce_dispatch_imsg: desynchronized");
- table->flags |= F_DISABLE;
+ table->conf.flags |= F_DISABLE;
TAILQ_FOREACH(host, &table->hosts, entry)
host->up = HOST_UNKNOWN;
break;
@@ -341,7 +341,7 @@ hce_dispatch_imsg(int fd, short event, void *ptr)
memcpy(&id, imsg.data, sizeof(id));
if ((table = table_find(env, id)) == NULL)
fatalx("hce_dispatch_imsg: desynchronized");
- table->flags &= ~(F_DISABLE);
+ table->conf.flags &= ~(F_DISABLE);
TAILQ_FOREACH(host, &table->hosts, entry)
host->up = HOST_UNKNOWN;
break;
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 2cdcce3fa7a..bc02cf5a59a 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.40 2007/05/27 19:21:15 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.41 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -213,11 +213,13 @@ varset : STRING '=' STRING {
sendbuf : NOTHING {
table->sendbuf = NULL;
+ table->sendbuf_len = 0;
}
| STRING {
table->sendbuf = strdup($1);
if (table->sendbuf == NULL)
fatal("out of memory");
+ table->sendbuf_len = strlen(table->sendbuf);
free($1);
}
;
@@ -261,7 +263,7 @@ service : SERVICE STRING {
struct service *srv;
TAILQ_FOREACH(srv, &conf->services, entry)
- if (!strcmp(srv->name, $2))
+ if (!strcmp(srv->conf.name, $2))
break;
if (srv != NULL) {
yyerror("service %s defined twice", $2);
@@ -271,13 +273,14 @@ service : SERVICE STRING {
if ((srv = calloc(1, sizeof (*srv))) == NULL)
fatal("out of memory");
- if (strlcpy(srv->name, $2, sizeof(srv->name)) >=
- sizeof(srv->name)) {
+ if (strlcpy(srv->conf.name, $2,
+ sizeof(srv->conf.name)) >=
+ sizeof(srv->conf.name)) {
yyerror("service name truncated");
YYERROR;
}
free($2);
- srv->id = last_service_id++;
+ srv->conf.id = last_service_id++;
if (last_service_id == INT_MAX) {
yyerror("too many services defined");
YYERROR;
@@ -286,27 +289,29 @@ service : SERVICE STRING {
} '{' optnl serviceopts_l '}' {
if (service->table == NULL) {
yyerror("service %s has no table",
- service->name);
+ service->conf.name);
YYERROR;
}
if (TAILQ_EMPTY(&service->virts)) {
yyerror("service %s has no virtual ip",
- service->name);
+ service->conf.name);
YYERROR;
}
conf->servicecount++;
- if (service->backup == NULL)
+ if (service->backup == NULL) {
+ service->conf.backup_id =
+ conf->empty_table.conf.id;
service->backup = &conf->empty_table;
- else if (service->backup->port !=
- service->table->port) {
+ } else if (service->backup->conf.port !=
+ service->table->conf.port) {
yyerror("service %s uses two different ports "
"for its table and backup table",
- service->name);
+ service->conf.name);
YYERROR;
}
- if (!(service->flags & F_DISABLE))
- service->flags |= F_ADD;
+ if (!(service->conf.flags & F_DISABLE))
+ service->conf.flags |= F_ADD;
TAILQ_INSERT_HEAD(&conf->services, service, entry);
}
;
@@ -321,7 +326,7 @@ serviceoptsl : TABLE STRING dstport {
port = $3;
if (port == 0)
- port = service->port;
+ port = service->conf.port;
if ((tb = table_inherit($2, port)) == NULL) {
free($2);
YYERROR;
@@ -329,8 +334,8 @@ serviceoptsl : TABLE STRING dstport {
free($2);
service->table = tb;
- service->table->serviceid = service->id;
- service->table->flags |= F_USED;
+ service->table->conf.serviceid = service->conf.id;
+ service->table->conf.flags |= F_USED;
}
| BACKUP TABLE STRING dstport {
struct table *tb;
@@ -344,7 +349,7 @@ serviceoptsl : TABLE STRING dstport {
port = $4;
if (port == 0)
- port = service->port;
+ port = service->conf.port;
if ((tb = table_inherit($3, port)) == NULL) {
free($3);
YYERROR;
@@ -352,8 +357,8 @@ serviceoptsl : TABLE STRING dstport {
free($3);
service->backup = tb;
- service->backup->serviceid = service->id;
- service->backup->flags |= (F_USED|F_BACKUP);
+ service->backup->conf.serviceid = service->conf.id;
+ service->backup->conf.flags |= (F_USED|F_BACKUP);
}
| VIRTUAL HOST STRING port interface {
if (host($3, &service->virts,
@@ -365,14 +370,15 @@ serviceoptsl : TABLE STRING dstport {
}
free($3);
free($5);
- if (service->port == 0)
- service->port = $4;
+ if (service->conf.port == 0)
+ service->conf.port = $4;
}
- | DISABLE { service->flags |= F_DISABLE; }
- | STICKYADDR { service->flags |= F_STICKY; }
+ | DISABLE { service->conf.flags |= F_DISABLE; }
+ | STICKYADDR { service->conf.flags |= F_STICKY; }
| TAG STRING {
- if (strlcpy(service->tag, $2, sizeof(service->tag)) >=
- sizeof(service->tag)) {
+ if (strlcpy(service->conf.tag, $2,
+ sizeof(service->conf.tag)) >=
+ sizeof(service->conf.tag)) {
yyerror("service tag name truncated");
free($2);
YYERROR;
@@ -385,7 +391,7 @@ table : TABLE STRING {
struct table *tb;
TAILQ_FOREACH(tb, &conf->tables, entry)
- if (!strcmp(tb->name, $2))
+ if (!strcmp(tb->conf.name, $2))
break;
if (tb != NULL) {
yyerror("table %s defined twice");
@@ -396,13 +402,13 @@ table : TABLE STRING {
if ((tb = calloc(1, sizeof (*tb))) == NULL)
fatal("out of memory");
- if (strlcpy(tb->name, $2, sizeof(tb->name)) >=
- sizeof(tb->name)) {
+ if (strlcpy(tb->conf.name, $2, sizeof(tb->conf.name)) >=
+ sizeof(tb->conf.name)) {
yyerror("table name truncated");
YYERROR;
}
- tb->id = last_table_id++;
- bcopy(&conf->timeout, &tb->timeout,
+ tb->conf.id = last_table_id++;
+ bcopy(&conf->timeout, &tb->conf.timeout,
sizeof(struct timeval));
if (last_table_id == INT_MAX) {
yyerror("too many tables defined");
@@ -412,11 +418,13 @@ table : TABLE STRING {
table = tb;
} '{' optnl tableopts_l '}' {
if (TAILQ_EMPTY(&table->hosts)) {
- yyerror("table %s has no hosts", table->name);
+ yyerror("table %s has no hosts",
+ table->conf.name);
YYERROR;
}
- if (table->check == CHECK_NOCHECK) {
- yyerror("table %s has no check", table->name);
+ if (table->conf.check == CHECK_NOCHECK) {
+ yyerror("table %s has no check",
+ table->conf.name);
YYERROR;
}
conf->tablecount++;
@@ -429,52 +437,56 @@ tableopts_l : tableopts_l tableoptsl nl
;
tableoptsl : host {
- $1->tableid = table->id;
- $1->tablename = table->name;
+ $1->conf.tableid = table->conf.id;
+ $1->tablename = table->conf.name;
TAILQ_INSERT_HEAD(&table->hosts, $1, entry);
}
| TIMEOUT timeout {
- bcopy(&$2, &table->timeout, sizeof(struct timeval));
+ bcopy(&$2, &table->conf.timeout,
+ sizeof(struct timeval));
}
| CHECK ICMP {
- table->check = CHECK_ICMP;
+ table->conf.check = CHECK_ICMP;
}
| CHECK TCP {
- table->check = CHECK_TCP;
+ table->conf.check = CHECK_TCP;
}
| CHECK SSL {
- table->check = CHECK_TCP;
+ table->conf.check = CHECK_TCP;
conf->flags |= F_SSL;
- table->flags |= F_SSL;
+ table->conf.flags |= F_SSL;
}
| CHECK http_type STRING CODE number {
if ($2) {
conf->flags |= F_SSL;
- table->flags |= F_SSL;
+ table->conf.flags |= F_SSL;
}
- table->check = CHECK_HTTP_CODE;
- table->retcode = $5;
+ table->conf.check = CHECK_HTTP_CODE;
+ table->conf.retcode = $5;
if (asprintf(&table->sendbuf,
"HEAD %s HTTP/1.0\r\n\r\n", $3) == -1)
fatal("asprintf");
free($3);
if (table->sendbuf == NULL)
fatal("out of memory");
+ table->sendbuf_len = strlen(table->sendbuf);
}
| CHECK http_type STRING DIGEST STRING {
if ($2) {
conf->flags |= F_SSL;
- table->flags |= F_SSL;
+ table->conf.flags |= F_SSL;
}
- table->check = CHECK_HTTP_DIGEST;
+ table->conf.check = CHECK_HTTP_DIGEST;
if (asprintf(&table->sendbuf,
"GET %s HTTP/1.0\r\n\r\n", $3) == -1)
fatal("asprintf");
free($3);
if (table->sendbuf == NULL)
fatal("out of memory");
- if (strlcpy(table->digest, $5,
- sizeof(table->digest)) >= sizeof(table->digest)) {
+ table->sendbuf_len = strlen(table->sendbuf);
+ if (strlcpy(table->conf.digest, $5,
+ sizeof(table->conf.digest)) >=
+ sizeof(table->conf.digest)) {
yyerror("http digest truncated");
free($5);
YYERROR;
@@ -482,13 +494,14 @@ tableoptsl : host {
free($5);
}
| CHECK SEND sendbuf EXPECT STRING optssl {
- table->check = CHECK_SEND_EXPECT;
+ table->conf.check = CHECK_SEND_EXPECT;
if ($6) {
conf->flags |= F_SSL;
- table->flags |= F_SSL;
+ table->conf.flags |= F_SSL;
}
- if (strlcpy(table->exbuf, $5, sizeof(table->exbuf))
- >= sizeof(table->exbuf)) {
+ if (strlcpy(table->conf.exbuf, $5,
+ sizeof(table->conf.exbuf))
+ >= sizeof(table->conf.exbuf)) {
yyerror("yyparse: expect buffer truncated");
free($5);
YYERROR;
@@ -496,25 +509,28 @@ tableoptsl : host {
free($5);
}
| REAL port {
- table->port = $2;
+ table->conf.port = $2;
}
| DEMOTE STRING {
- table->flags |= F_DEMOTE;
- if (strlcpy(table->demote_group, $2,
- sizeof(table->demote_group))
- >= sizeof(table->demote_group)) {
+ table->conf.flags |= F_DEMOTE;
+ if (strlcpy(table->conf.demote_group, $2,
+ sizeof(table->conf.demote_group))
+ >= sizeof(table->conf.demote_group)) {
yyerror("yyparse: demote group name too long");
free($2);
YYERROR;
}
free($2);
- if (carp_demote_init(table->demote_group, 1) == -1) {
+ if (carp_demote_init(table->conf.demote_group, 1)
+ == -1) {
yyerror("yyparse: error initializing group "
- "'%s'", table->demote_group);
+ "'%s'", table->conf.demote_group);
YYERROR;
}
}
- | DISABLE { table->flags |= F_DISABLE; }
+ | DISABLE {
+ table->conf.flags |= F_DISABLE;
+ }
;
proto : PROTO STRING {
@@ -951,7 +967,7 @@ relayoptsl : LISTEN ON STRING port optssl {
rlay->dsttable = tb;
rlay->dstmode = $4;
rlay->dstcheck = $5;
- rlay->dsttable->flags |= F_USED;
+ rlay->dsttable->conf.flags |= F_USED;
}
| PROTO STRING {
struct protocol *p;
@@ -1009,19 +1025,19 @@ host : HOST STRING retry {
YYERROR;
}
a = TAILQ_FIRST(&al);
- memcpy(&$$->ss, &a->ss, sizeof($$->ss));
+ memcpy(&$$->conf.ss, &a->ss, sizeof($$->conf.ss));
free(a);
- if (strlcpy($$->name, $2, sizeof($$->name)) >=
- sizeof($$->name)) {
+ if (strlcpy($$->conf.name, $2, sizeof($$->conf.name)) >=
+ sizeof($$->conf.name)) {
yyerror("host name truncated");
free($2);
free($$);
YYERROR;
}
free($2);
- $$->id = last_host_id++;
- $$->retry = $3;
+ $$->conf.id = last_host_id++;
+ $$->conf.retry = $3;
if (last_host_id == INT_MAX) {
yyerror("too many hosts defined");
free($$);
@@ -1379,10 +1395,10 @@ parse_config(const char *filename, int opts)
TAILQ_INIT(&conf->relays);
memset(&conf->empty_table, 0, sizeof(conf->empty_table));
- conf->empty_table.id = EMPTY_TABLE;
- conf->empty_table.flags |= F_DISABLE;
- (void)strlcpy(conf->empty_table.name, "empty",
- sizeof(conf->empty_table.name));
+ conf->empty_table.conf.id = EMPTY_TABLE;
+ conf->empty_table.conf.flags |= F_DISABLE;
+ (void)strlcpy(conf->empty_table.conf.name, "empty",
+ sizeof(conf->empty_table.conf.name));
bzero(&conf->proto_default, sizeof(conf->proto_default));
conf->proto_default.flags = F_USED;
@@ -1441,7 +1457,7 @@ parse_config(const char *filename, int opts)
for (table = TAILQ_FIRST(&conf->tables); table != NULL;
table = nexttb) {
nexttb = TAILQ_NEXT(table, entry);
- if (table->port == 0) {
+ if (table->conf.port == 0) {
TAILQ_REMOVE(&conf->tables, table, entry);
while ((h = TAILQ_FIRST(&table->hosts)) != NULL) {
TAILQ_REMOVE(&table->hosts, h, entry);
@@ -1452,13 +1468,13 @@ parse_config(const char *filename, int opts)
free(table);
continue;
}
- if (!(table->flags & F_USED)) {
- log_warnx("unused table: %s", table->name);
+ if (!(table->conf.flags & F_USED)) {
+ log_warnx("unused table: %s", table->conf.name);
errors++;
}
- if (timercmp(&table->timeout, &conf->interval, >=)) {
+ if (timercmp(&table->conf.timeout, &conf->interval, >=)) {
log_warnx("table timeout exceeds interval: %s",
- table->name);
+ table->conf.name);
errors++;
}
}
@@ -1696,7 +1712,7 @@ table_inherit(const char *name, in_port_t port)
yyerror("unknown table or template %s", name);
return (NULL);
}
- if (dsttb->port != 0)
+ if (dsttb->conf.port != 0)
return (dsttb);
if (port == 0) {
@@ -1707,7 +1723,7 @@ table_inherit(const char *name, in_port_t port)
/* Check if a matching table already exists */
snprintf(pname, sizeof(pname), "%s:%u", name, ntohs(port));
if ((tb = table_findbyname(conf, pname)) != NULL) {
- if (tb->port == 0) {
+ if (tb->conf.port == 0) {
yyerror("invalid table");
return (NULL);
}
@@ -1718,15 +1734,16 @@ table_inherit(const char *name, in_port_t port)
if ((tb = calloc(1, sizeof (*tb))) == NULL)
fatal("out of memory");
bcopy(dsttb, tb, sizeof(*tb));
- if (strlcpy(tb->name, pname, sizeof(tb->name)) >= sizeof(tb->name)) {
+ if (strlcpy(tb->conf.name, pname, sizeof(tb->conf.name))
+ >= sizeof(tb->conf.name)) {
yyerror("table name truncated");
return (NULL);
}
if (dsttb->sendbuf != NULL &&
(tb->sendbuf = strdup(dsttb->sendbuf)) == NULL)
fatal("out of memory");
- tb->port = port;
- tb->id = last_table_id++;
+ tb->conf.port = port;
+ tb->conf.id = last_table_id++;
if (last_table_id == INT_MAX) {
yyerror("too many tables defined");
return (NULL);
@@ -1739,13 +1756,13 @@ table_inherit(const char *name, in_port_t port)
calloc(1, sizeof (*h))) == NULL)
fatal("out of memory");
bcopy(dsth, h, sizeof(*h));
- h->id = last_host_id++;
+ h->conf.id = last_host_id++;
if (last_host_id == INT_MAX) {
yyerror("too many hosts defined");
return (NULL);
}
- h->tableid = tb->id;
- h->tablename = tb->name;
+ h->conf.tableid = tb->conf.id;
+ h->tablename = tb->conf.name;
TAILQ_INSERT_HEAD(&tb->hosts, h, entry);
}
diff --git a/usr.sbin/relayd/pfe.c b/usr.sbin/relayd/pfe.c
index 7af9476e231..738ffc1952c 100644
--- a/usr.sbin/relayd/pfe.c
+++ b/usr.sbin/relayd/pfe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfe.c,v 1.22 2007/05/26 19:58:49 pyr Exp $ */
+/* $OpenBSD: pfe.c,v 1.23 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -228,7 +228,7 @@ pfe_dispatch_imsg(int fd, short event, void *ptr)
}
if (host->check_cnt != st.check_cnt) {
log_debug("pfe_dispatch_imsg: host %d => %d",
- host->id, host->up);
+ host->conf.id, host->up);
fatalx("pfe_dispatch_imsg: desynchronized");
}
@@ -240,11 +240,12 @@ pfe_dispatch_imsg(int fd, short event, void *ptr)
imsg_compose(&ibuf_relay[n],
IMSG_HOST_STATUS, 0, 0, &st, sizeof(st));
- if ((table = table_find(env, host->tableid)) == NULL)
+ if ((table = table_find(env, host->conf.tableid))
+ == NULL)
fatalx("pfe_dispatch_imsg: invalid table id");
log_debug("pfe_dispatch_imsg: state %d for host %u %s",
- st.up, host->id, host->name);
+ st.up, host->conf.id, host->conf.name);
if ((st.up == HOST_UNKNOWN && !HOST_ISUP(host->up)) ||
(!HOST_ISUP(st.up) && host->up == HOST_UNKNOWN)) {
@@ -253,14 +254,14 @@ pfe_dispatch_imsg(int fd, short event, void *ptr)
}
if (st.up == HOST_UP) {
- table->flags |= F_CHANGED;
+ table->conf.flags |= F_CHANGED;
table->up++;
host->flags |= F_ADD;
host->flags &= ~(F_DEL);
host->up = HOST_UP;
} else {
table->up--;
- table->flags |= F_CHANGED;
+ table->conf.flags |= F_CHANGED;
host->flags |= F_DEL;
host->flags &= ~(F_ADD);
}
@@ -398,21 +399,21 @@ show(struct ctl_conn *c)
TAILQ_FOREACH(service, &env->services, entry) {
imsg_compose(&c->ibuf, IMSG_CTL_SERVICE, 0, 0,
service, sizeof(*service));
- if (service->flags & F_DISABLE)
+ if (service->conf.flags & F_DISABLE)
continue;
imsg_compose(&c->ibuf, IMSG_CTL_TABLE, 0, 0,
service->table, sizeof(*service->table));
- if (!(service->table->flags & F_DISABLE))
+ if (!(service->table->conf.flags & F_DISABLE))
TAILQ_FOREACH(host, &service->table->hosts, entry)
imsg_compose(&c->ibuf, IMSG_CTL_HOST, 0, 0,
host, sizeof(*host));
- if (service->backup->id == EMPTY_TABLE)
+ if (service->backup->conf.id == EMPTY_TABLE)
continue;
imsg_compose(&c->ibuf, IMSG_CTL_TABLE, 0, 0,
service->backup, sizeof(*service->backup));
- if (!(service->backup->flags & F_DISABLE))
+ if (!(service->backup->conf.flags & F_DISABLE))
TAILQ_FOREACH(host, &service->backup->hosts, entry)
imsg_compose(&c->ibuf, IMSG_CTL_HOST, 0, 0,
host, sizeof(*host));
@@ -428,7 +429,7 @@ show(struct ctl_conn *c)
continue;
imsg_compose(&c->ibuf, IMSG_CTL_TABLE, 0, 0,
rlay->dsttable, sizeof(*rlay->dsttable));
- if (!(rlay->dsttable->flags & F_DISABLE))
+ if (!(rlay->dsttable->conf.flags & F_DISABLE))
TAILQ_FOREACH(host, &rlay->dsttable->hosts, entry)
imsg_compose(&c->ibuf, IMSG_CTL_HOST, 0, 0,
host, sizeof(*host));
@@ -449,16 +450,16 @@ disable_service(struct ctl_conn *c, struct ctl_id *id)
service = service_find(env, id->id);
if (service == NULL)
return (-1);
- id->id = service->id;
+ id->id = service->conf.id;
- if (service->flags & F_DISABLE)
+ if (service->conf.flags & F_DISABLE)
return (0);
- service->flags |= F_DISABLE;
- service->flags &= ~(F_ADD);
- service->flags |= F_DEL;
- service->table->flags |= F_DISABLE;
- log_debug("disable_service: disabled service %d", service->id);
+ service->conf.flags |= F_DISABLE;
+ service->conf.flags &= ~(F_ADD);
+ service->conf.flags |= F_DEL;
+ service->table->conf.flags |= F_DISABLE;
+ log_debug("disable_service: disabled service %d", service->conf.id);
pfe_sync();
return (0);
}
@@ -475,25 +476,25 @@ enable_service(struct ctl_conn *c, struct ctl_id *id)
service = service_find(env, id->id);
if (service == NULL)
return (-1);
- id->id = service->id;
+ id->id = service->conf.id;
- if (!(service->flags & F_DISABLE))
+ if (!(service->conf.flags & F_DISABLE))
return (0);
- service->flags &= ~(F_DISABLE);
- service->flags &= ~(F_DEL);
- service->flags |= F_ADD;
- log_debug("enable_service: enabled service %d", service->id);
+ service->conf.flags &= ~(F_DISABLE);
+ service->conf.flags &= ~(F_DEL);
+ service->conf.flags |= F_ADD;
+ log_debug("enable_service: enabled service %d", service->conf.id);
bzero(&eid, sizeof(eid));
/* XXX: we're syncing twice */
- eid.id = service->table->id;
+ eid.id = service->table->conf.id;
if (enable_table(c, &eid) == -1)
return (-1);
- if (service->backup->id == EMPTY_ID)
+ if (service->backup->conf.id == EMPTY_ID)
return (0);
- eid.id = service->backup->id;
+ eid.id = service->backup->conf.id;
if (enable_table(c, &eid) == -1)
return (-1);
return (0);
@@ -512,19 +513,19 @@ disable_table(struct ctl_conn *c, struct ctl_id *id)
table = table_find(env, id->id);
if (table == NULL)
return (-1);
- id->id = table->id;
- if ((service = service_find(env, table->serviceid)) == NULL)
+ id->id = table->conf.id;
+ if ((service = service_find(env, table->conf.serviceid)) == NULL)
fatalx("disable_table: desynchronised");
- if (table->flags & F_DISABLE)
+ if (table->conf.flags & F_DISABLE)
return (0);
- table->flags |= (F_DISABLE|F_CHANGED);
+ table->conf.flags |= (F_DISABLE|F_CHANGED);
table->up = 0;
TAILQ_FOREACH(host, &table->hosts, entry)
host->up = HOST_UNKNOWN;
imsg_compose(ibuf_hce, IMSG_TABLE_DISABLE, 0, 0,
- &table->id, sizeof(table->id));
- log_debug("disable_table: disabled table %d", table->id);
+ &table->conf.id, sizeof(table->conf.id));
+ log_debug("disable_table: disabled table %d", table->conf.id);
pfe_sync();
return (0);
}
@@ -542,21 +543,21 @@ enable_table(struct ctl_conn *c, struct ctl_id *id)
table = table_find(env, id->id);
if (table == NULL)
return (-1);
- id->id = table->id;
+ id->id = table->conf.id;
- if ((service = service_find(env, table->serviceid)) == NULL)
+ if ((service = service_find(env, table->conf.serviceid)) == NULL)
fatalx("enable_table: desynchronised");
- if (!(table->flags & F_DISABLE))
+ if (!(table->conf.flags & F_DISABLE))
return (0);
- table->flags &= ~(F_DISABLE);
- table->flags |= F_CHANGED;
+ table->conf.flags &= ~(F_DISABLE);
+ table->conf.flags |= F_CHANGED;
table->up = 0;
TAILQ_FOREACH(host, &table->hosts, entry)
host->up = HOST_UNKNOWN;
imsg_compose(ibuf_hce, IMSG_TABLE_ENABLE, 0, 0,
- &table->id, sizeof(table->id));
- log_debug("enable_table: enabled table %d", table->id);
+ &table->conf.id, sizeof(table->conf.id));
+ log_debug("enable_table: enabled table %d", table->conf.id);
pfe_sync();
return (0);
}
@@ -574,16 +575,16 @@ disable_host(struct ctl_conn *c, struct ctl_id *id)
host = host_find(env, id->id);
if (host == NULL)
return (-1);
- id->id = host->id;
+ id->id = host->conf.id;
if (host->flags & F_DISABLE)
return (0);
if (host->up == HOST_UP) {
- if ((table = table_find(env, host->tableid)) == NULL)
+ if ((table = table_find(env, host->conf.tableid)) == NULL)
fatalx("disable_host: invalid table id");
table->up--;
- table->flags |= F_CHANGED;
+ table->conf.flags |= F_CHANGED;
}
host->up = HOST_UNKNOWN;
@@ -594,12 +595,13 @@ disable_host(struct ctl_conn *c, struct ctl_id *id)
host->up_cnt = 0;
imsg_compose(ibuf_hce, IMSG_HOST_DISABLE, 0, 0,
- &host->id, sizeof(host->id));
+ &host->conf.id, sizeof(host->conf.id));
/* Forward to relay engine(s) */
for (n = 0; n < env->prefork_relay; n++)
imsg_compose(&ibuf_relay[n],
- IMSG_HOST_DISABLE, 0, 0, &host->id, sizeof(host->id));
- log_debug("disable_host: disabled host %d", host->id);
+ IMSG_HOST_DISABLE, 0, 0,
+ &host->conf.id, sizeof(host->conf.id));
+ log_debug("disable_host: disabled host %d", host->conf.id);
pfe_sync();
return (0);
}
@@ -616,7 +618,7 @@ enable_host(struct ctl_conn *c, struct ctl_id *id)
host = host_find(env, id->id);
if (host == NULL)
return (-1);
- id->id = host->id;
+ id->id = host->conf.id;
if (!(host->flags & F_DISABLE))
return (0);
@@ -627,12 +629,13 @@ enable_host(struct ctl_conn *c, struct ctl_id *id)
host->flags &= ~(F_ADD);
imsg_compose(ibuf_hce, IMSG_HOST_ENABLE, 0, 0,
- &host->id, sizeof (host->id));
+ &host->conf.id, sizeof (host->conf.id));
/* Forward to relay engine(s) */
for (n = 0; n < env->prefork_relay; n++)
imsg_compose(&ibuf_relay[n],
- IMSG_HOST_ENABLE, 0, 0, &host->id, sizeof(host->id));
- log_debug("enable_host: enabled host %d", host->id);
+ IMSG_HOST_ENABLE, 0, 0,
+ &host->conf.id, sizeof(host->conf.id));
+ log_debug("enable_host: enabled host %d", host->conf.id);
pfe_sync();
return (0);
}
@@ -650,23 +653,25 @@ pfe_sync(void)
bzero(&id, sizeof(id));
bzero(&imsg, sizeof(imsg));
TAILQ_FOREACH(service, &env->services, entry) {
- service->flags &= ~(F_BACKUP);
- service->flags &= ~(F_DOWN);
+ service->conf.flags &= ~(F_BACKUP);
+ service->conf.flags &= ~(F_DOWN);
- if (service->flags & F_DISABLE ||
+ if (service->conf.flags & F_DISABLE ||
(service->table->up == 0 && service->backup->up == 0)) {
- service->flags |= F_DOWN;
+ service->conf.flags |= F_DOWN;
active = NULL;
} else if (service->table->up == 0 && service->backup->up > 0) {
- service->flags |= F_BACKUP;
+ service->conf.flags |= F_BACKUP;
active = service->backup;
- active->flags |= service->table->flags & F_CHANGED;
- active->flags |= service->backup->flags & F_CHANGED;
+ active->conf.flags |=
+ service->table->conf.flags & F_CHANGED;
+ active->conf.flags |=
+ service->backup->conf.flags & F_CHANGED;
} else
active = service->table;
- if (active != NULL && active->flags & F_CHANGED) {
- id.id = active->id;
+ if (active != NULL && active->conf.flags & F_CHANGED) {
+ id.id = active->conf.id;
imsg.hdr.type = IMSG_CTL_TABLE_CHANGED;
imsg.hdr.len = sizeof(id) + IMSG_HEADER_SIZE;
imsg.data = &id;
@@ -674,25 +679,25 @@ pfe_sync(void)
control_imsg_forward(&imsg);
}
- service->table->flags &= ~(F_CHANGED);
- service->backup->flags &= ~(F_CHANGED);
+ service->table->conf.flags &= ~(F_CHANGED);
+ service->backup->conf.flags &= ~(F_CHANGED);
- if (service->flags & F_DOWN) {
- if (service->flags & F_ACTIVE_RULESET) {
+ if (service->conf.flags & F_DOWN) {
+ if (service->conf.flags & F_ACTIVE_RULESET) {
flush_table(env, service);
log_debug("pfe_sync: disabling ruleset");
- service->flags &= ~(F_ACTIVE_RULESET);
- id.id = service->id;
+ service->conf.flags &= ~(F_ACTIVE_RULESET);
+ id.id = service->conf.id;
imsg.hdr.type = IMSG_CTL_PULL_RULESET;
imsg.hdr.len = sizeof(id) + IMSG_HEADER_SIZE;
imsg.data = &id;
sync_ruleset(env, service, 0);
control_imsg_forward(&imsg);
}
- } else if (!(service->flags & F_ACTIVE_RULESET)) {
+ } else if (!(service->conf.flags & F_ACTIVE_RULESET)) {
log_debug("pfe_sync: enabling ruleset");
- service->flags |= F_ACTIVE_RULESET;
- id.id = service->id;
+ service->conf.flags |= F_ACTIVE_RULESET;
+ id.id = service->conf.id;
imsg.hdr.type = IMSG_CTL_PUSH_RULESET;
imsg.hdr.len = sizeof(id) + IMSG_HEADER_SIZE;
imsg.data = &id;
@@ -702,22 +707,22 @@ pfe_sync(void)
}
TAILQ_FOREACH(table, &env->tables, entry) {
- if ((table->flags & F_DEMOTE) == 0)
+ if ((table->conf.flags & F_DEMOTE) == 0)
continue;
demote.level = 0;
- if (table->up && table->demoted) {
+ if (table->up && table->conf.flags & F_DEMOTED) {
demote.level = -1;
- table->demoted = 0;
+ table->conf.flags &= ~F_DEMOTED;
}
- else if (!table->up && !table->demoted) {
+ else if (!table->up && !(table->conf.flags & F_DEMOTED)) {
demote.level = 1;
- table->demoted = 1;
+ table->conf.flags |= F_DEMOTED;
}
if (demote.level == 0)
continue;
log_debug("pfe_sync: demote %d table '%s' group '%s'",
- demote.level, table->name, table->demote_group);
- (void)strlcpy(demote.group, table->demote_group,
+ demote.level, table->conf.name, table->conf.demote_group);
+ (void)strlcpy(demote.group, table->conf.demote_group,
sizeof(demote.group));
imsg_compose(ibuf_main, IMSG_DEMOTE, 0, 0,
&demote, sizeof(demote));
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 2688089c1fb..a71c7c1f2d4 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfe_filter.c,v 1.15 2007/02/22 05:58:06 reyk Exp $ */
+/* $OpenBSD: pfe_filter.c,v 1.16 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -82,10 +82,10 @@ init_tables(struct hoststated *env)
if (strlcpy(tables[i].pfrt_anchor, HOSTSTATED_ANCHOR "/",
sizeof(tables[i].pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(tables[i].pfrt_anchor, service->name,
+ if (strlcat(tables[i].pfrt_anchor, service->conf.name,
sizeof(tables[i].pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcpy(tables[i].pfrt_name, service->name,
+ if (strlcpy(tables[i].pfrt_name, service->conf.name,
sizeof(tables[i].pfrt_name)) >=
sizeof(tables[i].pfrt_name))
goto toolong;
@@ -131,7 +131,7 @@ kill_tables(struct hoststated *env) {
if (strlcpy(io.pfrio_table.pfrt_anchor, HOSTSTATED_ANCHOR "/",
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(io.pfrio_table.pfrt_anchor, service->name,
+ if (strlcat(io.pfrio_table.pfrt_anchor, service->conf.name,
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
if (ioctl(env->pf->dev, DIOCRCLRTABLES, &io) == -1)
@@ -173,10 +173,10 @@ sync_table(struct hoststated *env, struct service *service, struct table *table)
if (strlcpy(io.pfrio_table.pfrt_anchor, HOSTSTATED_ANCHOR "/",
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(io.pfrio_table.pfrt_anchor, service->name,
+ if (strlcat(io.pfrio_table.pfrt_anchor, service->conf.name,
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcpy(io.pfrio_table.pfrt_name, service->name,
+ if (strlcpy(io.pfrio_table.pfrt_name, service->conf.name,
sizeof(io.pfrio_table.pfrt_name)) >=
sizeof(io.pfrio_table.pfrt_name))
goto toolong;
@@ -186,16 +186,16 @@ sync_table(struct hoststated *env, struct service *service, struct table *table)
if (host->up != HOST_UP)
continue;
memset(&(addlist[i]), 0, sizeof(addlist[i]));
- switch (host->ss.ss_family) {
+ switch (host->conf.ss.ss_family) {
case AF_INET:
- sain = (struct sockaddr_in *)&host->ss;
+ sain = (struct sockaddr_in *)&host->conf.ss;
addlist[i].pfra_af = AF_INET;
memcpy(&(addlist[i].pfra_ip4addr), &sain->sin_addr,
sizeof(sain->sin_addr));
addlist[i].pfra_net = 32;
break;
case AF_INET6:
- sain6 = (struct sockaddr_in6 *)&host->ss;
+ sain6 = (struct sockaddr_in6 *)&host->conf.ss;
addlist[i].pfra_af = AF_INET6;
memcpy(&(addlist[i].pfra_ip6addr), &sain6->sin6_addr,
sizeof(sain6->sin6_addr));
@@ -233,16 +233,16 @@ flush_table(struct hoststated *env, struct service *service)
if (strlcpy(io.pfrio_table.pfrt_anchor, HOSTSTATED_ANCHOR "/",
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(io.pfrio_table.pfrt_anchor, service->name,
+ if (strlcat(io.pfrio_table.pfrt_anchor, service->conf.name,
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcpy(io.pfrio_table.pfrt_name, service->name,
+ if (strlcpy(io.pfrio_table.pfrt_name, service->conf.name,
sizeof(io.pfrio_table.pfrt_name)) >=
sizeof(io.pfrio_table.pfrt_name))
goto toolong;
if (ioctl(env->pf->dev, DIOCRCLRADDRS, &io) == -1)
fatal("flush_table: cannot flush table");
- log_debug("flush_table: flushed table %s", service->name);
+ log_debug("flush_table: flushed table %s", service->conf.name);
return;
toolong:
@@ -287,7 +287,7 @@ sync_ruleset(struct hoststated *env, struct service *service, int enable)
if (strlcpy(anchor, HOSTSTATED_ANCHOR "/", sizeof(anchor)) >=
PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(anchor, service->name, sizeof(anchor)) >=
+ if (strlcat(anchor, service->conf.name, sizeof(anchor)) >=
PF_ANCHOR_NAME_SIZE)
goto toolong;
if (transaction_init(env, anchor) == -1) {
@@ -322,8 +322,8 @@ sync_ruleset(struct hoststated *env, struct service *service, int enable)
rio.rule.dst.port[0] = address->port;
rio.rule.rtableid = -1; /* stay in the main routing table */
rio.rule.action = PF_RDR;
- if (strlen(service->tag))
- (void)strlcpy(rio.rule.tagname, service->tag,
+ if (strlen(service->conf.tag))
+ (void)strlcpy(rio.rule.tagname, service->conf.tag,
sizeof(rio.rule.tagname));
if (strlen(address->ifname))
(void)strlcpy(rio.rule.ifname, address->ifname,
@@ -346,17 +346,17 @@ sync_ruleset(struct hoststated *env, struct service *service, int enable)
}
pio.addr.addr.type = PF_ADDR_TABLE;
- if (strlcpy(pio.addr.addr.v.tblname, service->name,
+ if (strlcpy(pio.addr.addr.v.tblname, service->conf.name,
sizeof(pio.addr.addr.v.tblname)) >=
sizeof(pio.addr.addr.v.tblname))
fatal("sync_ruleset: table name too long");
if (ioctl(env->pf->dev, DIOCADDADDR, &pio) == -1)
fatal("sync_ruleset: cannot add address to pool");
- rio.rule.rpool.proxy_port[0] = ntohs(service->table->port);
+ rio.rule.rpool.proxy_port[0] = ntohs(service->table->conf.port);
rio.rule.rpool.port_op = PF_OP_EQ;
rio.rule.rpool.opts = PF_POOL_ROUNDROBIN;
- if (service->flags & F_STICKY)
+ if (service->conf.flags & F_STICKY)
rio.rule.rpool.opts |= PF_POOL_STICKYADDR;
if (ioctl(env->pf->dev, DIOCADDRULE, &rio) == -1)
@@ -382,7 +382,7 @@ flush_rulesets(struct hoststated *env)
if (strlcpy(anchor, HOSTSTATED_ANCHOR "/", sizeof(anchor)) >=
PF_ANCHOR_NAME_SIZE)
goto toolong;
- if (strlcat(anchor, service->name, sizeof(anchor)) >=
+ if (strlcat(anchor, service->conf.name, sizeof(anchor)) >=
PF_ANCHOR_NAME_SIZE)
goto toolong;
if (transaction_init(env, anchor) == -1 ||
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 1289b33a566..8b5fa3b1906 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.28 2007/05/26 19:58:49 pyr Exp $ */
+/* $OpenBSD: relay.c,v 1.29 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
@@ -391,7 +391,7 @@ relay_init(void)
rlay->dstkey =
hash32_str(rlay->name, HASHINIT);
rlay->dstkey =
- hash32_str(rlay->dsttable->name,
+ hash32_str(rlay->dsttable->conf.name,
rlay->dstkey);
break;
}
@@ -403,7 +403,7 @@ relay_init(void)
rlay->dsthost[rlay->dstnhosts++] = host;
}
log_info("adding %d hosts from table %s%s",
- rlay->dstnhosts, rlay->dsttable->name,
+ rlay->dstnhosts, rlay->dsttable->conf.name,
rlay->dstcheck ? "" : " (no check)");
}
}
@@ -1594,15 +1594,15 @@ relay_from_table(struct session *con)
}
host = rlay->dsthost[idx];
DPRINTF("relay_from_table: host %s, p 0x%08x, idx %d",
- host->name, p, idx);
+ host->conf.name, p, idx);
while (host != NULL) {
- DPRINTF("relay_from_table: host %s", host->name);
+ DPRINTF("relay_from_table: host %s", host->conf.name);
if (!rlay->dstcheck || host->up == HOST_UP)
goto found;
host = TAILQ_NEXT(host, entry);
}
TAILQ_FOREACH(host, &rlay->dsttable->hosts, entry) {
- DPRINTF("relay_from_table: next host %s", host->name);
+ DPRINTF("relay_from_table: next host %s", host->conf.name);
if (!rlay->dstcheck || host->up == HOST_UP)
goto found;
}
@@ -1611,9 +1611,9 @@ relay_from_table(struct session *con)
fatalx("relay_from_table: no active hosts, desynchronized");
found:
- con->retry = host->retry;
- con->out.port = table->port;
- bcopy(&host->ss, &con->out.ss, sizeof(con->out.ss));
+ con->retry = host->conf.retry;
+ con->out.port = table->conf.port;
+ bcopy(&host->conf.ss, &con->out.ss, sizeof(con->out.ss));
return (0);
}
@@ -1829,7 +1829,8 @@ relay_dispatch_pfe(int fd, short event, void *ptr)
memcpy(&id, imsg.data, sizeof(id));
if ((host = host_find(env, id)) == NULL)
fatalx("relay_dispatch_pfe: desynchronized");
- if ((table = table_find(env, host->tableid)) == NULL)
+ if ((table = table_find(env, host->conf.tableid)) ==
+ NULL)
fatalx("relay_dispatch_pfe: invalid table id");
if (host->up == HOST_UP)
table->up--;
@@ -1853,15 +1854,17 @@ relay_dispatch_pfe(int fd, short event, void *ptr)
break;
if (host->up == st.up) {
log_debug("relay_dispatch_pfe: host %d => %d",
- host->id, host->up);
+ host->conf.id, host->up);
fatalx("relay_dispatch_pfe: desynchronized");
}
- if ((table = table_find(env, host->tableid)) == NULL)
+ if ((table = table_find(env, host->conf.tableid))
+ == NULL)
fatalx("relay_dispatch_pfe: invalid table id");
DPRINTF("relay_dispatch_pfe: [%d] state %d for "
- "host %u %s", proc_id, st.up, host->id, host->name);
+ "host %u %s", proc_id, st.up,
+ host->conf.id, host->conf.name);
if ((st.up == HOST_UNKNOWN && host->up == HOST_DOWN) ||
(st.up == HOST_DOWN && host->up == HOST_UNKNOWN)) {
diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c
index 49af3c53ba7..cb444015483 100644
--- a/usr.sbin/relayd/relayd.c
+++ b/usr.sbin/relayd/relayd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.c,v 1.22 2007/05/26 19:58:49 pyr Exp $ */
+/* $OpenBSD: relayd.c,v 1.23 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -483,7 +483,7 @@ host_find(struct hoststated *env, objid_t id)
TAILQ_FOREACH(table, &env->tables, entry)
TAILQ_FOREACH(host, &table->hosts, entry)
- if (host->id == id)
+ if (host->conf.id == id)
return (host);
return (NULL);
}
@@ -494,7 +494,7 @@ table_find(struct hoststated *env, objid_t id)
struct table *table;
TAILQ_FOREACH(table, &env->tables, entry)
- if (table->id == id)
+ if (table->conf.id == id)
return (table);
return (NULL);
}
@@ -505,7 +505,7 @@ service_find(struct hoststated *env, objid_t id)
struct service *service;
TAILQ_FOREACH(service, &env->services, entry)
- if (service->id == id)
+ if (service->conf.id == id)
return (service);
return (NULL);
}
@@ -542,7 +542,7 @@ host_findbyname(struct hoststated *env, const char *name)
TAILQ_FOREACH(table, &env->tables, entry)
TAILQ_FOREACH(host, &table->hosts, entry)
- if (strcmp(host->name, name) == 0)
+ if (strcmp(host->conf.name, name) == 0)
return (host);
return (NULL);
}
@@ -553,7 +553,7 @@ table_findbyname(struct hoststated *env, const char *name)
struct table *table;
TAILQ_FOREACH(table, &env->tables, entry)
- if (strcmp(table->name, name) == 0)
+ if (strcmp(table->conf.name, name) == 0)
return (table);
return (NULL);
}
@@ -564,7 +564,7 @@ service_findbyname(struct hoststated *env, const char *name)
struct service *service;
TAILQ_FOREACH(service, &env->services, entry)
- if (strcmp(service->name, name) == 0)
+ if (strcmp(service->conf.name, name) == 0)
return (service);
return (NULL);
}
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 72866aec5bf..1f5a1ca3bd8 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.42 2007/05/26 19:58:49 pyr Exp $ */
+/* $OpenBSD: relayd.h,v 1.43 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -273,23 +273,27 @@ TAILQ_HEAD(addresslist, address);
#define F_NATLOOK 0x1000
#define F_DEMOTE 0x2000
#define F_LOOKUP_PATH 0x4000
+#define F_DEMOTED 0x8000
-struct host {
- u_int16_t flags;
+struct host_config {
objid_t id;
objid_t tableid;
- char *tablename;
+ int retry;
char name[MAXHOSTNAMELEN];
+ struct sockaddr_storage ss;
+};
+
+struct host {
+ TAILQ_ENTRY(host) entry;
+ struct host_config conf;
+ u_int16_t flags;
+ char *tablename;
int up;
int last_up;
u_long check_cnt;
u_long up_cnt;
int retry_cnt;
- int retry;
-
- struct sockaddr_storage ss;
struct ctl_tcp_event cte;
- TAILQ_ENTRY(host) entry;
};
TAILQ_HEAD(hostlist, host);
@@ -300,25 +304,29 @@ enum host_status {
};
#define HOST_ISUP(x) (x == HOST_UP)
-struct table {
+struct table_config {
objid_t id;
objid_t serviceid;
u_int16_t flags;
int check;
- int up;
- int demoted;
char demote_group[IFNAMSIZ];
+ struct timeval timeout;
in_port_t port;
int retcode;
- struct timeval timeout;
char name[TABLE_NAME_SIZE];
char path[MAXPATHLEN];
- char *sendbuf;
char exbuf[64];
char digest[41]; /* length of sha1 digest * 2 */
- SSL_CTX *ssl_ctx;
- struct hostlist hosts;
+};
+
+struct table {
TAILQ_ENTRY(table) entry;
+ struct table_config conf;
+ int up;
+ struct hostlist hosts;
+ SSL_CTX *ssl_ctx;
+ int sendbuf_len;
+ char *sendbuf;
};
TAILQ_HEAD(tablelist, table);
@@ -331,16 +339,22 @@ enum table_check {
CHECK_SEND_EXPECT = 5
};
-struct service {
+struct service_config {
objid_t id;
u_int16_t flags;
in_port_t port;
+ objid_t table_id;
+ objid_t backup_id;
char name[SRV_NAME_SIZE];
char tag[TAG_NAME_SIZE];
+};
+
+struct service {
+ TAILQ_ENTRY(service) entry;
+ struct service_config conf;
struct addresslist virts;
struct table *table;
struct table *backup; /* use this if no host up */
- TAILQ_ENTRY(service) entry;
};
TAILQ_HEAD(servicelist, service);
diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c
index c42e4b3e999..9c822d2984e 100644
--- a/usr.sbin/relayd/ssl.c
+++ b/usr.sbin/relayd/ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.c,v 1.8 2007/02/22 05:58:06 reyk Exp $ */
+/* $OpenBSD: ssl.c,v 1.9 2007/05/27 20:53:10 pyr Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org>
@@ -88,7 +88,7 @@ ssl_read(int s, short event, void *arg)
/* FALLTHROUGH */
default:
cte->host->up = HOST_DOWN;
- ssl_error(cte->host->name, "cannot read");
+ ssl_error(cte->host->conf.name, "cannot read");
ssl_cleanup(cte);
hce_notify_done(cte->host, "ssl_read: SSL error");
break;
@@ -111,7 +111,7 @@ ssl_read(int s, short event, void *arg)
retry:
event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_read,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
@@ -146,7 +146,7 @@ ssl_write(int s, short event, void *arg)
goto retry;
default:
cte->host->up = HOST_DOWN;
- ssl_error(cte->host->name, "cannot write");
+ ssl_error(cte->host->conf.name, "cannot write");
ssl_cleanup(cte);
hce_notify_done(cte->host, "ssl_write: SSL error");
return;
@@ -156,11 +156,11 @@ ssl_write(int s, short event, void *arg)
fatalx("ssl_write: cannot create dynamic buffer");
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, ssl_read,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
retry:
event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_write,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
void
@@ -191,14 +191,14 @@ ssl_connect(int s, short event, void *arg)
goto retry;
default:
cte->host->up = HOST_DOWN;
- ssl_error(cte->host->name, "cannot connect");
+ ssl_error(cte->host->conf.name, "cannot connect");
hce_notify_done(cte->host, "ssl_connect: SSL error");
ssl_cleanup(cte);
return;
}
}
- if (cte->table->check == CHECK_TCP) {
+ if (cte->table->conf.check == CHECK_TCP) {
cte->host->up = HOST_UP;
hce_notify_done(cte->host, "ssl_connect: connect successful");
ssl_cleanup(cte);
@@ -206,19 +206,19 @@ ssl_connect(int s, short event, void *arg)
}
if (cte->table->sendbuf != NULL) {
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_write,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
if ((cte->buf = buf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("ssl_connect: cannot create dynamic buffer");
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ, ssl_read,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
return;
retry:
event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_connect,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
void
@@ -262,13 +262,13 @@ ssl_transaction(struct ctl_tcp_event *cte)
{
cte->ssl = SSL_new(cte->table->ssl_ctx);
if (cte->ssl == NULL) {
- ssl_error(cte->host->name, "cannot create object");
+ ssl_error(cte->host->conf.name, "cannot create object");
fatal("cannot create SSL object");
}
if (SSL_set_fd(cte->ssl, cte->s) == 0) {
cte->host->up = HOST_UNKNOWN;
- ssl_error(cte->host->name, "cannot set fd");
+ ssl_error(cte->host->conf.name, "cannot set fd");
ssl_cleanup(cte);
hce_notify_done(cte->host,
"ssl_transaction: cannot set SSL fd");
@@ -277,7 +277,7 @@ ssl_transaction(struct ctl_tcp_event *cte)
SSL_set_connect_state(cte->ssl);
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_connect,
- &cte->tv_start, &cte->table->timeout, cte);
+ &cte->tv_start, &cte->table->conf.timeout, cte);
}
SSL_CTX *