time_t 64bit fixes for relayd and relayctl:

- fix statistics
- set INT_MAX limit on session timeouts
- make sure we dont use to large session timeouts in pf redirects and
  openssl

tested with old and new time_t

ok florian@

5 files changed, 22 insertions, 12 deletions

diff --git a/usr.sbin/relayctl/relayctl.c b/usr.sbin/relayctl/relayctl.c
index ab66709ab38..7b97498f7f9 100644
--- a/usr.sbin/relayctl/relayctl.c
+++ b/usr.sbin/relayctl/relayctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayctl.c,v 1.47 2013/04/03 03:10:42 guenther Exp $	*/
+/*	$OpenBSD: relayctl.c,v 1.48 2013/04/27 16:39:29 benno Exp $	*/
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -554,8 +554,8 @@ print_statistics(struct ctl_stats stats[RELAY_MAXPROC + 1])
 	if (crs.cnt == 0)
 		return;
 	printf("\t%8s\ttotal: %llu sessions\n"
-	    "\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
-	    "\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
+	    "\t%8s\tlast: %u/%llus %u/h %u/d sessions\n"
+	    "\t%8s\taverage: %u/%llus %u/h %u/d sessions\n",
 	    "", crs.cnt,
 	    "", crs.last, crs.interval,
 	    crs.last_hour, crs.last_day,
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 4e709790b7d..7735d99409b 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.169 2013/03/04 08:41:32 sthen Exp $	*/
+/*	$OpenBSD: parse.y,v 1.170 2013/04/27 16:39:30 benno Exp $	*/
 
 /*
  * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org>
@@ -532,7 +532,11 @@ rdroptsl	: forwardmode TO tablespec interface	{
 		}
 		| SESSION TIMEOUT NUMBER		{
 			if ((rdr->conf.timeout.tv_sec = $3) < 0) {
-				yyerror("invalid timeout: %d", $3);
+				yyerror("invalid timeout: %lld", $3);
+				YYERROR;
+			}
+			if (rdr->conf.timeout.tv_sec > INT_MAX) {
+				yyerror("timeout too large: %lld", $3);
 				YYERROR;
 			}
 		}
@@ -1367,7 +1371,11 @@ relayoptsl	: LISTEN ON STRING port optssl {
 		}
 		| SESSION TIMEOUT NUMBER		{
 			if ((rlay->rl_conf.timeout.tv_sec = $3) < 0) {
-				yyerror("invalid timeout: %d", $3);
+				yyerror("invalid timeout: %lld", $3);
+				YYERROR;
+			}
+			if (rlay->rl_conf.timeout.tv_sec > INT_MAX) {
+				yyerror("timeout too large: %lld", $3);
 				YYERROR;
 			}
 		}
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 1bdc302f22d..1bc11f38e4e 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfe_filter.c,v 1.52 2012/10/19 16:49:50 reyk Exp $	*/
+/*	$OpenBSD: pfe_filter.c,v 1.53 2013/04/27 16:39:30 benno Exp $	*/
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -443,7 +443,7 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
 
 		if (rio.rule.proto == IPPROTO_TCP)
 			rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
-			    rdr->conf.timeout.tv_sec;
+			    (u_int32_t)MIN(rdr->conf.timeout.tv_sec, INT_MAX);
 
 		if (strlen(rdr->conf.tag))
 			(void)strlcpy(rio.rule.tagname, rdr->conf.tag,
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index a55db691cde..3f0cc4e9b6d 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: relayd.conf.5,v 1.132 2012/11/29 01:01:53 bluhm Exp $
+.\"	$OpenBSD: relayd.conf.5,v 1.133 2013/04/27 16:39:30 benno Exp $
 .\"
 .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
 .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 29 2012 $
+.Dd $Mdocdate: April 27 2013 $
 .Dt RELAYD.CONF 5
 .Os
 .Sh NAME
@@ -501,6 +501,7 @@ interface on the host with this address.
 .It Ic session timeout Ar seconds
 Specify the inactivity timeout in seconds for established redirections.
 The default timeout is 600 seconds (10 minutes).
+The maximum is 2147483647 seconds (68 years).
 .It Ic sticky-address
 This has the same effect as specifying sticky-address
 for an rdr-to rule in
@@ -677,6 +678,7 @@ section below.
 .It Ic session timeout Ar seconds
 Specify the inactivity timeout in seconds for accepted sessions.
 The default timeout is 600 seconds (10 minutes).
+The maximum is 2147483647 seconds (68 years).
 .El
 .Sh PROTOCOLS
 Protocols are templates defining actions and settings for relays.
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index e9c7f98003b..85934cb1b2e 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayd.h,v 1.167 2013/03/10 23:32:53 reyk Exp $	*/
+/*	$OpenBSD: relayd.h,v 1.168 2013/04/27 16:39:30 benno Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2012 Reyk Floeter <reyk@openbsd.org>
@@ -230,7 +230,7 @@ struct ctl_stats {
 	objid_t			 id;
 	int			 proc;
 
-	u_int			 interval;
+	u_int64_t		 interval;
 	u_int64_t		 cnt;
 	u_int32_t		 tick;
 	u_int32_t		 avg;