src - OpenBSD base system

diff options


context:
space:
mode:

author	Reyk Floeter <reyk@cvs.openbsd.org>	2016-09-02 14:45:52 +0000
committer	Reyk Floeter <reyk@cvs.openbsd.org>	2016-09-02 14:45:52 +0000
commit	5df48ec7695e3e3ee17aae5782223e8396487c64 (patch)
tree	73fc1a635f663aaa93af2bed0f47b4538a3af3ae /usr.sbin
parent	99ad30b370f86389430ffeb784ef6788f371e7db (diff)

Split "struct relayd" into two structs: "struct relayd" and "struct

relayd_config". This way we can send all the relevant global configuration to the children, not just the flags and the opts. With input from and OK claudio@ benno@

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/relayd/ca.c

-rw-r--r--

usr.sbin/relayd/check_icmp.c

-rw-r--r--

usr.sbin/relayd/check_script.c

-rw-r--r--

usr.sbin/relayd/config.c

-rw-r--r--

usr.sbin/relayd/hce.c

-rw-r--r--

usr.sbin/relayd/parse.y

-rw-r--r--

usr.sbin/relayd/pfe.c

-rw-r--r--

usr.sbin/relayd/pfe_filter.c

-rw-r--r--

usr.sbin/relayd/pfe_route.c

-rw-r--r--

usr.sbin/relayd/relay.c

-rw-r--r--

usr.sbin/relayd/relayd.c

-rw-r--r--

usr.sbin/relayd/relayd.h

-rw-r--r--

usr.sbin/relayd/snmp.c

13 files changed, 121 insertions, 123 deletions

diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c
index 148b33f6520..ed82e2197f0 100644
--- a/usr.sbin/relayd/ca.c
+++ b/usr.sbin/relayd/ca.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ca.c,v 1.20 2016/09/02 14:31:47 reyk Exp $ */

+/* $OpenBSD: ca.c,v 1.21 2016/09/02 14:45:51 reyk Exp $ */

@@ -180,7 +180,7 @@ ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)

case IMSG_CA_PRIVDEC:

IMSG_SIZE_CHECK(imsg, (&cko));

bcopy(imsg->data, &cko, sizeof(cko));

- if (cko.cko_proc > env->sc_prefork_relay)

+ if (cko.cko_proc > env->sc_conf.prefork_relay)

fatalx("ca_dispatch_relay: "

"invalid relay proc");

if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))

diff --git a/usr.sbin/relayd/check_icmp.c b/usr.sbin/relayd/check_icmp.c
index 05e8fa8fd63..3ba5179856d 100644
--- a/usr.sbin/relayd/check_icmp.c
+++ b/usr.sbin/relayd/check_icmp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: check_icmp.c,v 1.43 2015/11/28 09:52:07 reyk Exp $ */

+/* $OpenBSD: check_icmp.c,v 1.44 2016/09/02 14:45:51 reyk Exp $ */

@@ -91,7 +91,7 @@ check_icmp_add(struct ctl_icmp_event *cie, int flags, struct timeval *start,

if (start != NULL)

bcopy(start, &cie->tv_start, sizeof(cie->tv_start));

- bcopy(&cie->env->sc_timeout, &tv, sizeof(tv));

+ bcopy(&cie->env->sc_conf.timeout, &tv, sizeof(tv));

getmonotime(&cie->tv_start);

event_del(&cie->ev);

event_set(&cie->ev, cie->s, EV_TIMEOUT|flags, fn, cie);

@@ -250,7 +250,7 @@ send_icmp(int s, short event, void *arg)

retry:

event_again(&cie->ev, s, EV_TIMEOUT|EV_WRITE, send_icmp,

- &cie->tv_start, &cie->env->sc_timeout, cie);

+ &cie->tv_start, &cie->env->sc_conf.timeout, cie);

}

void

@@ -315,7 +315,7 @@ recv_icmp(int s, short event, void *arg)

retry:

event_again(&cie->ev, s, EV_TIMEOUT|EV_READ, recv_icmp,

- &cie->tv_start, &cie->env->sc_timeout, cie);

+ &cie->tv_start, &cie->env->sc_conf.timeout, cie);

}

/* in_cksum from ping.c --

diff --git a/usr.sbin/relayd/check_script.c b/usr.sbin/relayd/check_script.c
index c9990e0add0..9bb494c7275 100644
--- a/usr.sbin/relayd/check_script.c
+++ b/usr.sbin/relayd/check_script.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: check_script.c,v 1.19 2015/12/02 13:41:27 reyk Exp $ */

+/* $OpenBSD: check_script.c,v 1.20 2016/09/02 14:45:51 reyk Exp $ */

@@ -95,7 +95,7 @@ script_exec(struct relayd *env, struct ctl_script *scr)

const char *file, *arg;

struct passwd *pw;

- if ((env->sc_flags & F_SCRIPT) == 0) {

+ if ((env->sc_conf.flags & F_SCRIPT) == 0) {

log_warnx("%s: script disabled", __func__);

return (-1);

}

diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c
index db6ac05ea4c..326f3efa31f 100644
--- a/usr.sbin/relayd/config.c
+++ b/usr.sbin/relayd/config.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: config.c,v 1.29 2016/09/02 13:09:21 reyk Exp $ */

+/* $OpenBSD: config.c,v 1.30 2016/09/02 14:45:51 reyk Exp $ */

@@ -38,12 +38,12 @@ config_init(struct relayd *env)

/* Global configuration */

if (privsep_process == PROC_PARENT) {

- env->sc_timeout.tv_sec = CHECK_TIMEOUT / 1000;

- env->sc_timeout.tv_usec = (CHECK_TIMEOUT % 1000) * 1000;

- env->sc_interval.tv_sec = CHECK_INTERVAL;

- env->sc_interval.tv_usec = 0;

- env->sc_prefork_relay = RELAY_NUMPROC;

- env->sc_statinterval.tv_sec = RELAY_STATINTERVAL;

+ env->sc_conf.timeout.tv_sec = CHECK_TIMEOUT / 1000;

+ env->sc_conf.timeout.tv_usec = (CHECK_TIMEOUT % 1000) * 1000;

+ env->sc_conf.interval.tv_sec = CHECK_INTERVAL;

+ env->sc_conf.interval.tv_usec = 0;

+ env->sc_conf.prefork_relay = RELAY_NUMPROC;

+ env->sc_conf.statinterval.tv_sec = RELAY_STATINTERVAL;

}

ps->ps_what[PROC_PARENT] = CONFIG_ALL;

@@ -242,16 +242,13 @@ config_getcfg(struct relayd *env, struct imsg *imsg)

struct privsep *ps = env->sc_ps;

struct table *tb;

struct host *h, *ph;

- struct ctl_flags cf;

u_int what;

- if (IMSG_DATA_SIZE(imsg) != sizeof(cf))

+ if (IMSG_DATA_SIZE(imsg) != sizeof(struct relayd_config))

return (0); /* ignore */

/* Update runtime flags */

- memcpy(&cf, imsg->data, sizeof(cf));

- env->sc_opts = cf.cf_opts;

- env->sc_flags = cf.cf_flags;

+ memcpy(&env->sc_conf, imsg->data, sizeof(env->sc_conf));

what = ps->ps_what[privsep_process];

@@ -268,7 +265,7 @@ config_getcfg(struct relayd *env, struct imsg *imsg)

}

- if (env->sc_flags & (F_TLS|F_TLSCLIENT)) {

+ if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT)) {

ssl_init(env);

if (what & CONFIG_CA_ENGINE)

ca_engine_init(env);

diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c
index 84b81154574..e99ff18fbd4 100644
--- a/usr.sbin/relayd/hce.c
+++ b/usr.sbin/relayd/hce.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: hce.c,v 1.73 2016/09/02 11:51:49 reyk Exp $ */

+/* $OpenBSD: hce.c,v 1.74 2016/09/02 14:45:51 reyk Exp $ */

@@ -87,7 +87,7 @@ hce_setup_events(void)

evtimer_add(&env->sc_ev, &tv);

}

- if (env->sc_flags & F_TLS) {

+ if (env->sc_conf.flags & F_TLS) {

TAILQ_FOREACH(table, env->sc_tables, entry) {

if (!(table->conf.flags & F_TLS) ||

table->ssl_ctx != NULL)

@@ -185,7 +185,7 @@ hce_launch_checks(int fd, short event, void *arg)

}

check_icmp(env, &tv);

- bcopy(&env->sc_interval, &tv, sizeof(tv));

+ bcopy(&env->sc_conf.interval, &tv, sizeof(tv));

evtimer_add(&env->sc_ev, &tv);

}

@@ -209,7 +209,7 @@ hce_notify_done(struct host *host, enum host_error he)

fatalx("hce_notify_done: invalid table id");

if (hostnst->flags & F_DISABLE) {

- if (env->sc_opts & RELAYD_OPT_LOGUPDATE) {

+ if (env->sc_conf.opts & RELAYD_OPT_LOGUPDATE) {

log_info("host %s, check %s%s (ignoring result, "

"host disabled)",

host->conf.name, table_check(table->conf.check),

@@ -257,7 +257,7 @@ hce_notify_done(struct host *host, enum host_error he)

else

duration = 0;

- if (env->sc_opts & logopt) {

+ if (env->sc_conf.opts & logopt) {

if (host->code > 0)

asprintf(&codemsg, ",%d", host->code);

log_info("host %s, check %s%s (%lums,%s%s), state %s -> %s, "

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index a69ef4fb1a0..ecadc739982 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.208 2016/09/01 10:49:48 claudio Exp $ */

+/* $OpenBSD: parse.y,v 1.209 2016/09/02 14:45:51 reyk Exp $ */

@@ -378,7 +378,7 @@ sendbuf : NOTHING {

main : INTERVAL NUMBER {

if (loadcfg)

break;

- if ((conf->sc_interval.tv_sec = $2) < 0) {

+ if ((conf->sc_conf.interval.tv_sec = $2) < 0) {

yyerror("invalid interval: %d", $2);

YYERROR;

}

@@ -386,12 +386,12 @@ main : INTERVAL NUMBER {

| LOG loglevel {

if (loadcfg)

break;

- conf->sc_opts |= $2;

+ conf->sc_conf.opts |= $2;

}

| TIMEOUT timeout {

if (loadcfg)

break;

- bcopy(&$2, &conf->sc_timeout, sizeof(struct timeval));

+ bcopy(&$2, &conf->sc_conf.timeout, sizeof(struct timeval));

}

| PREFORK NUMBER {

if (loadcfg)

@@ -401,12 +401,12 @@ main : INTERVAL NUMBER {

"relays: %d", $2);

YYERROR;

}

- conf->sc_prefork_relay = $2;

+ conf->sc_conf.prefork_relay = $2;

}

| SNMP trap optstring {

if (loadcfg)

break;

- conf->sc_flags |= F_SNMP;

+ conf->sc_conf.flags |= F_SNMP;

if ($2)

conf->sc_snmp_flags |= FSNMP_TRAPONLY;

if ($3)

@@ -428,7 +428,7 @@ loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }

rdr : REDIRECT STRING {

struct rdr *srv;

- conf->sc_flags |= F_NEEDPF;

+ conf->sc_conf.flags |= F_NEEDPF;

if (!loadcfg) {

free($2);

@@ -581,7 +581,7 @@ rdroptsl : forwardmode TO tablespec interface {

| DISABLE { rdr->conf.flags |= F_DISABLE; }

| STICKYADDR { rdr->conf.flags |= F_STICKY; }

| match PFTAG STRING {

- conf->sc_flags |= F_NEEDPF;

+ conf->sc_conf.flags |= F_NEEDPF;

if (strlcpy(rdr->conf.tag, $3,

sizeof(rdr->conf.tag)) >=

sizeof(rdr->conf.tag)) {

@@ -654,7 +654,7 @@ tabledef : TABLE table {

free($2);

tb->conf.id = 0; /* will be set later */

- bcopy(&conf->sc_timeout, &tb->conf.timeout,

+ bcopy(&conf->sc_conf.timeout, &tb->conf.timeout,

sizeof(struct timeval));

TAILQ_INIT(&tb->hosts);

table = tb;

@@ -750,14 +750,14 @@ tableopts : CHECK tablecheck

}

| INTERVAL NUMBER {

- if ($2 < conf->sc_interval.tv_sec ||

- $2 % conf->sc_interval.tv_sec) {

+ if ($2 < conf->sc_conf.interval.tv_sec ||

+ $2 % conf->sc_conf.interval.tv_sec) {

yyerror("table interval must be "

"divisible by global interval");

YYERROR;

}

table->conf.skip_cnt =

- ($2 / conf->sc_interval.tv_sec) - 1;

+ ($2 / conf->sc_conf.interval.tv_sec) - 1;

}

| MODE dstmode hashkey {

switch ($2) {

@@ -857,12 +857,12 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; }

| TCP { table->conf.check = CHECK_TCP; }

| ssltls {

table->conf.check = CHECK_TCP;

- conf->sc_flags |= F_TLS;

+ conf->sc_conf.flags |= F_TLS;

table->conf.flags |= F_TLS;

}

| http_type STRING hostname CODE NUMBER {

if ($1) {

- conf->sc_flags |= F_TLS;

+ conf->sc_conf.flags |= F_TLS;

table->conf.flags |= F_TLS;

}

table->conf.check = CHECK_HTTP_CODE;

@@ -883,7 +883,7 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; }

}

| http_type STRING hostname digest {

if ($1) {

- conf->sc_flags |= F_TLS;

+ conf->sc_conf.flags |= F_TLS;

table->conf.flags |= F_TLS;

}

table->conf.check = CHECK_HTTP_DIGEST;

@@ -908,7 +908,7 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; }

| SEND sendbuf EXPECT STRING opttls {

table->conf.check = CHECK_SEND_EXPECT;

if ($5) {

- conf->sc_flags |= F_TLS;

+ conf->sc_conf.flags |= F_TLS;

table->conf.flags |= F_TLS;

}

if (strlcpy(table->conf.exbuf, $4,

@@ -930,7 +930,7 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; }

free($2);

YYERROR;

}

- conf->sc_flags |= F_SCRIPT;

+ conf->sc_conf.flags |= F_SCRIPT;

free($2);

}

;

@@ -1700,7 +1700,7 @@ relayoptsl : LISTEN ON STRING port opttls {

r->rl_conf.port = h->port.val[0];

if ($5) {

r->rl_conf.flags |= F_TLS;

- conf->sc_flags |= F_TLS;

+ conf->sc_conf.flags |= F_TLS;

}

tableport = h->port.val[0];

host_free(&al);

@@ -1713,7 +1713,7 @@ relayoptsl : LISTEN ON STRING port opttls {

}

if ($2) {

rlay->rl_conf.flags |= F_TLSCLIENT;

- conf->sc_flags |= F_TLSCLIENT;

+ conf->sc_conf.flags |= F_TLSCLIENT;

}

| SESSION TIMEOUT NUMBER {

@@ -1777,12 +1777,12 @@ forwardspec : STRING port retry {

host_free(&al);

}

| NAT LOOKUP retry {

- conf->sc_flags |= F_NEEDPF;

+ conf->sc_conf.flags |= F_NEEDPF;

rlay->rl_conf.flags |= F_NATLOOK;

rlay->rl_conf.dstretry = $3;

}

| DESTINATION retry {

- conf->sc_flags |= F_NEEDPF;

+ conf->sc_conf.flags |= F_NEEDPF;

rlay->rl_conf.flags |= F_DIVERT;

rlay->rl_conf.dstretry = $2;

}

@@ -1831,7 +1831,7 @@ router : ROUTER STRING {

YYACCEPT;

}

- conf->sc_flags |= F_NEEDRT;

+ conf->sc_conf.flags |= F_NEEDRT;

TAILQ_FOREACH(rt, conf->sc_rts, rt_entry)

if (!strcmp(rt->rt_conf.name, $2))

break;

@@ -2630,7 +2630,7 @@ load_config(const char *filename, struct relayd *x_conf)

struct relay_table *rlt;

conf = x_conf;

- conf->sc_flags = 0;

+ conf->sc_conf.flags = 0;

loadcfg = 1;

errors = 0;

@@ -2659,7 +2659,7 @@ load_config(const char *filename, struct relayd *x_conf)

/* Free macros and check which have not been used. */

for (sym = TAILQ_FIRST(&symhead); sym != NULL; sym = next) {

next = TAILQ_NEXT(sym, entry);

- if ((conf->sc_opts & RELAYD_OPT_VERBOSE) && !sym->used)

+ if ((conf->sc_conf.opts & RELAYD_OPT_VERBOSE) && !sym->used)

fprintf(stderr, "warning: macro '%s' not "

"used\n", sym->nam);

if (!sym->persist) {

@@ -2687,7 +2687,7 @@ load_config(const char *filename, struct relayd *x_conf)

free(rlay);

}

- if (timercmp(&conf->sc_timeout, &conf->sc_interval, >=)) {

+ if (timercmp(&conf->sc_conf.timeout, &conf->sc_conf.interval, >=)) {

log_warnx("global timeout exceeds interval");

errors++;

}

@@ -2731,7 +2731,8 @@ load_config(const char *filename, struct relayd *x_conf)

log_warnx("unused table: %s", table->conf.name);

errors++;

}

- if (timercmp(&table->conf.timeout, &conf->sc_interval, >=)) {

+ if (timercmp(&table->conf.timeout,

+ &conf->sc_conf.interval, >=)) {

log_warnx("table timeout exceeds interval: %s",

table->conf.name);

errors++;

diff --git a/usr.sbin/relayd/pfe.c b/usr.sbin/relayd/pfe.c
index 265b3cc12dd..9c039c66b2a 100644
--- a/usr.sbin/relayd/pfe.c
+++ b/usr.sbin/relayd/pfe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfe.c,v 1.85 2016/09/02 12:12:51 reyk Exp $ */

+/* $OpenBSD: pfe.c,v 1.86 2016/09/02 14:45:51 reyk Exp $ */

@@ -85,7 +85,7 @@ pfe_setup_events(void)

/* Schedule statistics timer */

if (!event_initialized(&env->sc_statev)) {

evtimer_set(&env->sc_statev, pfe_statistics, NULL);

- bcopy(&env->sc_statinterval, &tv, sizeof(tv));

+ bcopy(&env->sc_conf.statinterval, &tv, sizeof(tv));

evtimer_add(&env->sc_statev, &tv);

}

@@ -240,7 +240,7 @@ pfe_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)

case IMSG_NATLOOK:

IMSG_SIZE_CHECK(imsg, &cnl);

bcopy(imsg->data, &cnl, sizeof(cnl));

- if (cnl.proc > env->sc_prefork_relay)

+ if (cnl.proc > env->sc_conf.prefork_relay)

fatalx("pfe_dispatch_relay: "

"invalid relay proc");

if (natlook(env, &cnl) != 0)

@@ -251,14 +251,14 @@ pfe_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)

case IMSG_STATISTICS:

IMSG_SIZE_CHECK(imsg, &crs);

bcopy(imsg->data, &crs, sizeof(crs));

- if (crs.proc > env->sc_prefork_relay)

+ if (crs.proc > env->sc_conf.prefork_relay)

fatalx("pfe_dispatch_relay: "

"invalid relay proc");

if ((rlay = relay_find(env, crs.id)) == NULL)

fatalx("pfe_dispatch_relay: invalid relay id");

bcopy(&crs, &rlay->rl_stats[crs.proc], sizeof(crs));

rlay->rl_stats[crs.proc].interval =

- env->sc_statinterval.tv_sec;

+ env->sc_conf.statinterval.tv_sec;

break;

case IMSG_CTL_SESSION:

IMSG_SIZE_CHECK(imsg, &con);

@@ -369,7 +369,7 @@ relays:

if (env->sc_relays == NULL)

goto routers;

TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {

- rlay->rl_stats[env->sc_prefork_relay].id = EMPTY_ID;

+ rlay->rl_stats[env->sc_conf.prefork_relay].id = EMPTY_ID;

imsg_compose_event(&c->iev, IMSG_CTL_RELAY, 0, 0, -1,

rlay, sizeof(*rlay));

imsg_compose_event(&c->iev, IMSG_CTL_RELAY_STATS, 0, 0, -1,

@@ -416,7 +416,7 @@ show_sessions(struct ctl_conn *c)

{

int proc, cid;

- for (proc = 0; proc < env->sc_prefork_relay; proc++) {

+ for (proc = 0; proc < env->sc_conf.prefork_relay; proc++) {

cid = c->iev.ibuf.fd;

@@ -782,12 +782,14 @@ pfe_statistics(int fd, short events, void *arg)

cur->tick++;

cur->avg = (cur->last + cur->avg) / 2;

cur->last_hour += cur->last;

- if ((cur->tick % (3600 / env->sc_statinterval.tv_sec)) == 0) {

+ if ((cur->tick %

+ (3600 / env->sc_conf.statinterval.tv_sec)) == 0) {

cur->avg_hour = (cur->last_hour + cur->avg_hour) / 2;

resethour++;

}

cur->last_day += cur->last;

- if ((cur->tick % (86400 / env->sc_statinterval.tv_sec)) == 0) {

+ if ((cur->tick %

+ (86400 / env->sc_conf.statinterval.tv_sec)) == 0) {

cur->avg_day = (cur->last_day + cur->avg_day) / 2;

resethour++;

}

@@ -796,11 +798,11 @@ pfe_statistics(int fd, short events, void *arg)

if (resetday)

cur->last_day = 0;

- rdr->stats.interval = env->sc_statinterval.tv_sec;

+ rdr->stats.interval = env->sc_conf.statinterval.tv_sec;

}

/* Schedule statistics timer */

evtimer_set(&env->sc_statev, pfe_statistics, NULL);

- bcopy(&env->sc_statinterval, &tv, sizeof(tv));

+ bcopy(&env->sc_conf.statinterval, &tv, sizeof(tv));

evtimer_add(&env->sc_statev, &tv);

}

diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index f76c5aba445..add0bf8b4d9 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfe_filter.c,v 1.59 2015/11/29 01:20:33 benno Exp $ */

+/* $OpenBSD: pfe_filter.c,v 1.60 2016/09/02 14:45:51 reyk Exp $ */

@@ -57,7 +57,7 @@ init_filter(struct relayd *env, int s)

{

struct pf_status status;

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

if (s == -1)

@@ -83,7 +83,7 @@ init_tables(struct relayd *env)

struct pfr_table *tables;

struct pfioc_table io;

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

if ((tables = calloc(env->sc_rdrcount, sizeof(*tables))) == NULL)

@@ -140,7 +140,7 @@ kill_tables(struct relayd *env)

struct rdr *rdr;

int cnt = 0;

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

TAILQ_FOREACH(rdr, env->sc_rdrs, entry) {

@@ -172,7 +172,7 @@ sync_table(struct relayd *env, struct rdr *rdr, struct table *table)

struct sockaddr_in6 *sain6;

struct host *host;

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

if (table == NULL)

@@ -237,7 +237,7 @@ sync_table(struct relayd *env, struct rdr *rdr, struct table *table)

cnt = kill_srcnodes(env, table);

free(addlist);

- if (env->sc_opts & RELAYD_OPT_LOGUPDATE)

+ if (env->sc_conf.opts & RELAYD_OPT_LOGUPDATE)

log_info("table %s: %d added, %d deleted, "

"%d changed, %d killed", io.pfrio_table.pfrt_name,

io.pfrio_nadd, io.pfrio_ndel, io.pfrio_nchange, cnt);

@@ -301,7 +301,7 @@ flush_table(struct relayd *env, struct rdr *rdr)

{

struct pfioc_table io;

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

memset(&io, 0, sizeof(io));

@@ -370,7 +370,7 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)

char anchor[PF_ANCHOR_NAME_SIZE];

struct table *t = rdr->table;

- if ((env->sc_flags & F_NEEDPF) == 0)

+ if ((env->sc_conf.flags & F_NEEDPF) == 0)

return;

bzero(anchor, sizeof(anchor));

@@ -532,7 +532,7 @@ flush_rulesets(struct relayd *env)

struct rdr *rdr;

char anchor[PF_ANCHOR_NAME_SIZE];

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return;

kill_tables(env);

@@ -570,7 +570,7 @@ natlook(struct relayd *env, struct ctl_natlook *cnl)

struct sockaddr_in6 *in6, *out6;

char ibuf[BUFSIZ], obuf[BUFSIZ];

- if (!(env->sc_flags & F_NEEDPF))

+ if (!(env->sc_conf.flags & F_NEEDPF))

return (0);

bzero(&pnl, sizeof(pnl));

diff --git a/usr.sbin/relayd/pfe_route.c b/usr.sbin/relayd/pfe_route.c
index 731060e2746..f7382ef514c 100644
--- a/usr.sbin/relayd/pfe_route.c
+++ b/usr.sbin/relayd/pfe_route.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfe_route.c,v 1.10 2015/12/02 13:41:27 reyk Exp $ */

+/* $OpenBSD: pfe_route.c,v 1.11 2016/09/02 14:45:51 reyk Exp $ */

@@ -55,7 +55,7 @@ init_routes(struct relayd *env)

{

u_int rtfilter;

- if (!(env->sc_flags & F_NEEDRT))

+ if (!(env->sc_conf.flags & F_NEEDRT))

return;

if ((env->sc_rtsock = socket(AF_ROUTE, SOCK_RAW, 0)) == -1)

@@ -75,7 +75,7 @@ sync_routes(struct relayd *env, struct router *rt)

char buf[HOST_NAME_MAX+1];

struct ctl_netroute crt;

- if (!(env->sc_flags & F_NEEDRT))

+ if (!(env->sc_conf.flags & F_NEEDRT))

return;

TAILQ_FOREACH(nr, &rt->rt_netroutes, nr_entry) {

diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 55e27911448..89254b4d6f9 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: relay.c,v 1.210 2016/09/02 14:31:47 reyk Exp $ */

+/* $OpenBSD: relay.c,v 1.211 2016/09/02 14:45:51 reyk Exp $ */

@@ -335,7 +335,7 @@ relay_init(struct privsep *ps, struct privsep_proc *p, void *arg)

/* Schedule statistics timer */

evtimer_set(&env->sc_statev, relay_statistics, ps);

- bcopy(&env->sc_statinterval, &tv, sizeof(tv));

+ bcopy(&env->sc_conf.statinterval, &tv, sizeof(tv));

evtimer_add(&env->sc_statev, &tv);

}

@@ -379,12 +379,14 @@ relay_statistics(int fd, short events, void *arg)

cur->tick++;

cur->avg = (cur->last + cur->avg) / 2;

cur->last_hour += cur->last;

- if ((cur->tick % (3600 / env->sc_statinterval.tv_sec)) == 0) {

+ if ((cur->tick %

+ (3600 / env->sc_conf.statinterval.tv_sec)) == 0) {

cur->avg_hour = (cur->last_hour + cur->avg_hour) / 2;

resethour++;

}

cur->last_day += cur->last;

- if ((cur->tick % (86400 / env->sc_statinterval.tv_sec)) == 0) {

+ if ((cur->tick %

+ (86400 / env->sc_conf.statinterval.tv_sec)) == 0) {

cur->avg_day = (cur->last_day + cur->avg_day) / 2;

resethour++;

}

@@ -413,7 +415,7 @@ relay_statistics(int fd, short events, void *arg)

/* Schedule statistics timer */

evtimer_set(&env->sc_statev, relay_statistics, ps);

- bcopy(&env->sc_statinterval, &tv, sizeof(tv));

+ bcopy(&env->sc_conf.statinterval, &tv, sizeof(tv));

evtimer_add(&env->sc_statev, &tv);

}

@@ -1663,7 +1665,7 @@ relay_close(struct rsession *con, const char *msg)

if (con->se_out.bev != NULL)

bufferevent_disable(con->se_out.bev, EV_READ|EV_WRITE);

- if ((env->sc_opts & RELAYD_OPT_LOGUPDATE) && msg != NULL) {

+ if ((env->sc_conf.opts & RELAYD_OPT_LOGUPDATE) && msg != NULL) {

bzero(&ibuf, sizeof(ibuf));

bzero(&obuf, sizeof(obuf));

(void)print_host(&con->se_in.ss, ibuf, sizeof(ibuf));

@@ -2162,8 +2164,8 @@ relay_tls_ctx_create(struct relay *rlay)

* Set session ID context to a random value. It needs to be the

* same accross all relay processes or session caching will fail.

- if (!SSL_CTX_set_session_id_context(ctx, env->sc_tls_sid,

- sizeof(env->sc_tls_sid)))

+ if (!SSL_CTX_set_session_id_context(ctx, env->sc_conf.tls_sid,

+ sizeof(env->sc_conf.tls_sid)))

goto err;

/* The text versions of the keys/certs are not needed anymore */

diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c
index 8a8ca2852c5..7c9dd6ed996 100644
--- a/usr.sbin/relayd/relayd.c
+++ b/usr.sbin/relayd/relayd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: relayd.c,v 1.158 2016/09/02 12:12:51 reyk Exp $ */

+/* $OpenBSD: relayd.c,v 1.159 2016/09/02 14:45:51 reyk Exp $ */

@@ -164,18 +164,18 @@ main(int argc, char *argv[])

ps->ps_env = env;

TAILQ_INIT(&ps->ps_rcsocks);

env->sc_conffile = conffile;

- env->sc_opts = opts;

+ env->sc_conf.opts = opts;

TAILQ_INIT(&env->sc_hosts);

TAILQ_INIT(&env->sc_sessions);

env->sc_rtable = getrtable();

/* initialize the TLS session id to a random key for all relay procs */

- arc4random_buf(env->sc_tls_sid, sizeof(env->sc_tls_sid));

+ arc4random_buf(env->sc_conf.tls_sid, sizeof(env->sc_conf.tls_sid));

if (parse_config(env->sc_conffile, env) == -1)

exit(1);

if (debug)

- env->sc_opts |= RELAYD_OPT_LOGUPDATE;

+ env->sc_conf.opts |= RELAYD_OPT_LOGUPDATE;

if (geteuid())

errx(1, "need root privileges");

@@ -192,13 +192,13 @@ main(int argc, char *argv[])

if (!debug && daemon(1, 0) == -1)

err(1, "failed to daemonize");

- if (env->sc_opts & RELAYD_OPT_NOACTION)

+ if (env->sc_conf.opts & RELAYD_OPT_NOACTION)

ps->ps_noaction = 1;

else

log_info("startup");

- ps->ps_instances[PROC_RELAY] = env->sc_prefork_relay;

- ps->ps_instances[PROC_CA] = env->sc_prefork_relay;

+ ps->ps_instances[PROC_RELAY] = env->sc_conf.prefork_relay;

+ ps->ps_instances[PROC_CA] = env->sc_conf.prefork_relay;

proc_init(ps, procs, nitems(procs));

log_procinit("parent");

@@ -224,13 +224,13 @@ main(int argc, char *argv[])

exit(1);

}

- if (env->sc_opts & RELAYD_OPT_NOACTION) {

+ if (env->sc_conf.opts & RELAYD_OPT_NOACTION) {

fprintf(stderr, "configuration OK\n");

proc_kill(env->sc_ps);

exit(0);

}

- if (env->sc_flags & (F_TLS|F_TLSCLIENT))

+ if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT))

ssl_init(env);

/* rekey the TLS tickets before pushing the config */

@@ -257,7 +257,6 @@ parent_configure(struct relayd *env)

struct protocol *proto;

struct relay *rlay;

int id;

- struct ctl_flags cf;

int s, ret = -1;

TAILQ_FOREACH(tb, env->sc_tables, entry)

@@ -282,15 +281,13 @@ parent_configure(struct relayd *env)

}

/* HCE, PFE, CA and the relays need to reload their config. */

- env->sc_reload = 2 + (2 * env->sc_prefork_relay);

+ env->sc_reload = 2 + (2 * env->sc_conf.prefork_relay);

for (id = 0; id < PROC_MAX; id++) {

if (id == privsep_process)

continue;

- cf.cf_opts = env->sc_opts;

- cf.cf_flags = env->sc_flags;

- if ((env->sc_flags & F_NEEDPF) && id == PROC_PFE) {

+ if ((env->sc_conf.flags & F_NEEDPF) && id == PROC_PFE) {

/* Send pf socket to the pf engine */

if ((s = open(PF_SOCKET, O_RDWR)) == -1) {

log_debug("%s: cannot open pf socket",

@@ -301,7 +298,7 @@ parent_configure(struct relayd *env)

s = -1;

proc_compose_imsg(env->sc_ps, id, -1, IMSG_CFG_DONE, -1,

- s, &cf, sizeof(cf));

+ s, &env->sc_conf, sizeof(env->sc_conf));

}

ret = 0;

@@ -466,7 +463,7 @@ parent_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)

case IMSG_BINDANY:

IMSG_SIZE_CHECK(imsg, &bnd);

bcopy(imsg->data, &bnd, sizeof(bnd));

- if (bnd.bnd_proc > env->sc_prefork_relay)

+ if (bnd.bnd_proc > env->sc_conf.prefork_relay)

fatalx("pfe_dispatch_relay: "

"invalid relay proc");

switch (bnd.bnd_proto) {

diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 0d5c07ac9fb..8427454c530 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: relayd.h,v 1.229 2016/09/02 12:12:51 reyk Exp $ */

+/* $OpenBSD: relayd.h,v 1.230 2016/09/02 14:45:51 reyk Exp $ */

@@ -110,11 +110,6 @@ struct shuffle {

typedef u_int32_t objid_t;

-struct ctl_flags {

- u_int8_t cf_opts;

- u_int32_t cf_flags;

-};

struct ctl_status {

objid_t id;

int up;

@@ -1034,9 +1029,18 @@ struct privsep_proc {

struct relayd *p_env;

};

+struct relayd_config {

+ char tls_sid[SSL_MAX_SID_CTX_LENGTH];

+ struct timeval interval;

+ struct timeval timeout;

+ struct timeval statinterval;

+ u_int16_t prefork_relay;

+ u_int16_t opts;

+ u_int32_t flags;

+};

struct relayd {

- u_int8_t sc_opts;

- u_int32_t sc_flags;

+ struct relayd_config sc_conf;

const char *sc_conffile;

struct pfdata *sc_pf;

int sc_rtsock;

@@ -1047,8 +1051,6 @@ struct relayd {

int sc_relaycount;

int sc_routercount;

int sc_routecount;

- struct timeval sc_interval;

- struct timeval sc_timeout;

struct table sc_empty_table;

struct protocol sc_proto_default;

struct event sc_ev;

@@ -1061,13 +1063,11 @@ struct relayd {

struct netroutelist *sc_routes;

struct ca_pkeylist *sc_pkeys;

struct sessionlist sc_sessions;

- u_int16_t sc_prefork_relay;

char sc_demote_group[IFNAMSIZ];

u_int16_t sc_id;

int sc_rtable;

struct event sc_statev;

- struct timeval sc_statinterval;

int sc_snmp;

const char *sc_snmp_path;

@@ -1085,7 +1085,6 @@ struct relayd {

struct privsep *sc_ps;

int sc_reload;

- char sc_tls_sid[SSL_MAX_SID_CTX_LENGTH];

struct tls_ticket sc_tls_ticket;

struct tls_ticket sc_tls_ticket_bak;

};

diff --git a/usr.sbin/relayd/snmp.c b/usr.sbin/relayd/snmp.c
index 22a8e9633fc..6b16d5f836d 100644
--- a/usr.sbin/relayd/snmp.c
+++ b/usr.sbin/relayd/snmp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: snmp.c,v 1.26 2015/12/05 10:59:03 blambert Exp $ */

+/* $OpenBSD: snmp.c,v 1.27 2016/09/02 14:45:51 reyk Exp $ */

@@ -127,7 +127,7 @@ snmp_init(struct relayd *env, enum privsep_procid id)

env->sc_snmp = -1;

}

- if ((env->sc_flags & F_SNMP) == 0)

+ if ((env->sc_conf.flags & F_SNMP) == 0)

return;

snmp_procid = id;

@@ -1221,7 +1221,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

u_int instanceidx, objectidx;

u_int32_t status, value = 0;

u_int64_t value64 = 0;

- int i;

+ int i, nrelay = env->sc_conf.prefork_relay;

instanceidx = oid->o_id[OIDIDX_relaydInfo + 2];

objectidx = oid->o_id[OIDIDX_relaydInfo + 1];

@@ -1260,7 +1260,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 4: /* count */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value64 += rly->rl_stats[i].cnt;

if (snmp_agentx_varbind(resp, oid,

AGENTX_COUNTER64, &value64,

@@ -1268,7 +1268,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 5: /* average */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].avg;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,

@@ -1276,7 +1276,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 6: /* last */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].last;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,

@@ -1284,7 +1284,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 7: /* average hour */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].avg_hour;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,

@@ -1292,7 +1292,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 8: /* last hour */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].last_hour;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,

@@ -1300,7 +1300,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 9: /* average day */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].avg_day;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,

@@ -1308,7 +1308,7 @@ snmp_relay(struct relayd *env, struct snmp_oid *oid, struct agentx_pdu *resp,

return (-1);

break;

case 10: /* last day */

- for (i = 0; i < env->sc_prefork_relay; i++)

+ for (i = 0; i < nrelay; i++)

value += rly->rl_stats[i].last_day;

if (snmp_agentx_varbind(resp, oid,

AGENTX_INTEGER, &value,