diff options
| author | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-09-04 14:15:06 +0000 |
|---|---|---|
| committer | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-09-04 14:15:06 +0000 |
| commit | 357197a12c46e9e2d9474fb3560e2876885c0cbd (patch) | |
| tree | 5904922689309db44269b84ac6cc617263c9f63a /usr.sbin/relayd | |
| parent | eceef9d706a085e93980fed0bc92de770d092fc3 (diff) | |
Add the ability to specify a host header when using http(s) check methods.
Prodded by me, done by Gille Chehade <veins@evilkittens.org>
ok reyk, jmc for the manpage bits.
Diffstat (limited to 'usr.sbin/relayd')
| -rw-r--r-- | usr.sbin/relayd/parse.y | 33 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 38 |
2 files changed, 55 insertions, 16 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 65be41149af..0e7d448fd63 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.50 2007/07/05 09:42:26 thib Exp $ */ +/* $OpenBSD: parse.y,v 1.51 2007/09/04 14:15:05 pyr Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -115,7 +115,7 @@ typedef struct { %token LOG UPDATES ALL DEMOTE NODELAY SACK SOCKET BUFFER URL RETRY IP %token ERROR %token <v.string> STRING -%type <v.string> interface +%type <v.string> interface hostname %type <v.number> number port http_type loglevel sslcache optssl dstport %type <v.number> proto_type dstmode docheck retry log flag direction %type <v.host> host @@ -166,6 +166,17 @@ http_type : STRING { } ; +hostname : /* empty */ { + $$ = strdup(""); + if ($$ == NULL) + fatal("calloc"); + } + | HOST STRING { + if (asprintf(&$$, "Host: %s\r\n", $2) == -1) + fatal("asprintf"); + } + ; + proto_type : TCP { $$ = RELAY_PROTO_TCP; } | STRING { if (strcmp("http", $1) == 0) { @@ -458,42 +469,44 @@ tableoptsl : host { conf->flags |= F_SSL; table->conf.flags |= F_SSL; } - | CHECK http_type STRING CODE number { + | CHECK http_type STRING hostname CODE number { if ($2) { conf->flags |= F_SSL; table->conf.flags |= F_SSL; } table->conf.check = CHECK_HTTP_CODE; - table->conf.retcode = $5; + table->conf.retcode = $6; if (asprintf(&table->sendbuf, - "HEAD %s HTTP/1.0\r\n\r\n", $3) == -1) + "HEAD %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1) fatal("asprintf"); free($3); + free($4); if (table->sendbuf == NULL) fatal("out of memory"); table->sendbuf_len = strlen(table->sendbuf); } - | CHECK http_type STRING DIGEST STRING { + | CHECK http_type STRING hostname DIGEST STRING { if ($2) { conf->flags |= F_SSL; table->conf.flags |= F_SSL; } table->conf.check = CHECK_HTTP_DIGEST; if (asprintf(&table->sendbuf, - "GET %s HTTP/1.0\r\n\r\n", $3) == -1) + "GET %s HTTP/1.0\r\n%s\r\n", $3, $4) == -1) fatal("asprintf"); free($3); + free($4); if (table->sendbuf == NULL) fatal("out of memory"); table->sendbuf_len = strlen(table->sendbuf); - if (strlcpy(table->conf.digest, $5, + if (strlcpy(table->conf.digest, $6, sizeof(table->conf.digest)) >= sizeof(table->conf.digest)) { yyerror("http digest truncated"); - free($5); + free($6); YYERROR; } - free($5); + free($6); } | CHECK SEND sendbuf EXPECT STRING optssl { table->conf.check = CHECK_SEND_EXPECT; diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 7f2629fa739..a273ebf74ba 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.46 2007/07/24 17:51:33 pyr Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.47 2007/09/04 14:15:05 pyr Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 24 2007 $ +.Dd $Mdocdate: September 4 2007 $ .Dt HOSTSTATED.CONF 5 .Os .Sh NAME @@ -149,18 +149,40 @@ method. Only one health-checking method can be used per table. Table specific configuration directives are described below. .Bl -tag -width Ds -.It Ic check http Ar path Ic code Ar number +.It Xo +.Ic check http Ar path +.Op Ic host Ar hostname +.Ic code Ar number +.Xc For each host in the table, verify that retrieving the URL .Ar path gives the HTTP return code .Ar number . -.It Ic check https Ar path Ic code Ar number +If +.Ar hostname +is specified, it is used as the +.Dq Host: +header to query a specific hostname at target host. +.It Xo +.Ic check https Ar path +.Op Ic host Ar hostname +.Ic code Ar number +.Xc This has the same effect as above but wraps the HTTP request in SSL. -.It Ic check http Ar path Ic digest Ar string +.It Xo +.Ic check http Ar path +.Op Ic host Ar hostname +.Ic digest Ar string +.Xc For each host in the table, verify that retrieving the URL .Ar path produces a content whose SHA1 digest is .Ar digest . +If +.Ar hostname +is specified, it is used as the +.Dq Host: +header to query a specific hostname at target host. The digest does not take the HTTP headers into account. To compute the digest, use this simple command: .Bd -literal -offset indent @@ -172,7 +194,11 @@ that can be used as is in a digest statement: .Bd -literal -offset indent a9993e36476816aba3e25717850c26c9cd0d89d .Ed -.It Ic check https Ar path Ic digest Ar string +.It Xo +.Ic check http Ar path +.Op Ic host Ar hostname +.Ic digest Ar string +.Xc This has the same effect as above but wraps the HTTP request in SSL. .It Ic check icmp Ping hosts in this table to determine whether they are up or not. |