summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd
diff options
context:
space:
mode:
authorSebastian Benoit <benno@cvs.openbsd.org>2013-04-27 16:39:31 +0000
committerSebastian Benoit <benno@cvs.openbsd.org>2013-04-27 16:39:31 +0000
commit2ede15cd56c58c354b4214916f8643dcc7405319 (patch)
treecd94c638ee5351aa0dbfd190f693e1df5d8581f4 /usr.sbin/relayd
parent0102d4c98e115230a27f56786e74fd0a9b3586f1 (diff)
time_t 64bit fixes for relayd and relayctl:
- fix statistics - set INT_MAX limit on session timeouts - make sure we dont use to large session timeouts in pf redirects and openssl tested with old and new time_t ok florian@
Diffstat (limited to 'usr.sbin/relayd')
-rw-r--r--usr.sbin/relayd/parse.y14
-rw-r--r--usr.sbin/relayd/pfe_filter.c4
-rw-r--r--usr.sbin/relayd/relayd.conf.56
-rw-r--r--usr.sbin/relayd/relayd.h4
4 files changed, 19 insertions, 9 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 4e709790b7d..7735d99409b 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.169 2013/03/04 08:41:32 sthen Exp $ */
+/* $OpenBSD: parse.y,v 1.170 2013/04/27 16:39:30 benno Exp $ */
/*
* Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org>
@@ -532,7 +532,11 @@ rdroptsl : forwardmode TO tablespec interface {
}
| SESSION TIMEOUT NUMBER {
if ((rdr->conf.timeout.tv_sec = $3) < 0) {
- yyerror("invalid timeout: %d", $3);
+ yyerror("invalid timeout: %lld", $3);
+ YYERROR;
+ }
+ if (rdr->conf.timeout.tv_sec > INT_MAX) {
+ yyerror("timeout too large: %lld", $3);
YYERROR;
}
}
@@ -1367,7 +1371,11 @@ relayoptsl : LISTEN ON STRING port optssl {
}
| SESSION TIMEOUT NUMBER {
if ((rlay->rl_conf.timeout.tv_sec = $3) < 0) {
- yyerror("invalid timeout: %d", $3);
+ yyerror("invalid timeout: %lld", $3);
+ YYERROR;
+ }
+ if (rlay->rl_conf.timeout.tv_sec > INT_MAX) {
+ yyerror("timeout too large: %lld", $3);
YYERROR;
}
}
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 1bdc302f22d..1bc11f38e4e 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfe_filter.c,v 1.52 2012/10/19 16:49:50 reyk Exp $ */
+/* $OpenBSD: pfe_filter.c,v 1.53 2013/04/27 16:39:30 benno Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -443,7 +443,7 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
if (rio.rule.proto == IPPROTO_TCP)
rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
- rdr->conf.timeout.tv_sec;
+ (u_int32_t)MIN(rdr->conf.timeout.tv_sec, INT_MAX);
if (strlen(rdr->conf.tag))
(void)strlcpy(rio.rule.tagname, rdr->conf.tag,
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index a55db691cde..3f0cc4e9b6d 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.132 2012/11/29 01:01:53 bluhm Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.133 2013/04/27 16:39:30 benno Exp $
.\"
.\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 29 2012 $
+.Dd $Mdocdate: April 27 2013 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
@@ -501,6 +501,7 @@ interface on the host with this address.
.It Ic session timeout Ar seconds
Specify the inactivity timeout in seconds for established redirections.
The default timeout is 600 seconds (10 minutes).
+The maximum is 2147483647 seconds (68 years).
.It Ic sticky-address
This has the same effect as specifying sticky-address
for an rdr-to rule in
@@ -677,6 +678,7 @@ section below.
.It Ic session timeout Ar seconds
Specify the inactivity timeout in seconds for accepted sessions.
The default timeout is 600 seconds (10 minutes).
+The maximum is 2147483647 seconds (68 years).
.El
.Sh PROTOCOLS
Protocols are templates defining actions and settings for relays.
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index e9c7f98003b..85934cb1b2e 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.167 2013/03/10 23:32:53 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.168 2013/04/27 16:39:30 benno Exp $ */
/*
* Copyright (c) 2006 - 2012 Reyk Floeter <reyk@openbsd.org>
@@ -230,7 +230,7 @@ struct ctl_stats {
objid_t id;
int proc;
- u_int interval;
+ u_int64_t interval;
u_int64_t cnt;
u_int32_t tick;
u_int32_t avg;