diff options
| -rw-r--r-- | usr.sbin/relayd/parse.y | 93 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.c | 43 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 29 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.h | 4 |
4 files changed, 140 insertions, 29 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index bd7f5d2016f..efaedc4eaf4 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.124 2008/09/29 12:07:59 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.125 2008/09/29 14:53:35 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -97,6 +97,7 @@ static struct protocol *proto = NULL; static struct protonode node; static u_int16_t label = 0; static in_port_t tableport = 0; +static int nodedirection; struct address *host_v4(const char *); struct address *host_v6(const char *); @@ -128,7 +129,7 @@ typedef struct { %token ALL APPEND BACKLOG BACKUP BUFFER CACHE CHANGE CHECK %token CIPHERS CODE COOKIE DEMOTE DIGEST DISABLE ERROR EXPECT -%token EXTERNAL FILTER FORWARD FROM HASH HEADER HOST ICMP +%token EXTERNAL FILENAME FILTER FORWARD FROM HASH HEADER HOST ICMP %token INCLUDE INET INET6 INTERFACE INTERVAL IP LABEL LISTEN %token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO %token NODELAY NOTHING ON PARENT PATH PORT PREFORK PROTO @@ -140,7 +141,7 @@ typedef struct { %token <v.number> NUMBER %type <v.string> hostname interface table %type <v.number> http_type loglevel mark optssl parent sslcache -%type <v.number> direction dstmode flag forwardmode log proto_type retry +%type <v.number> direction dstmode flag forwardmode proto_type retry %type <v.port> port %type <v.host> host %type <v.tv> timeout @@ -801,11 +802,12 @@ protoptsl : SSL sslflags | NO LABEL { label = 0; } - | direction protonode log { - if ($3) - node.flags |= PNFLAG_LOG; + | direction { node.label = label; - if (protonode_add($1, proto, &node) == -1) { + nodedirection = $1; + } protonode { + if (nodedirection != -1 && + protonode_add(nodedirection, proto, &node) == -1) { yyerror("failed to add protocol node"); YYERROR; } @@ -897,7 +899,7 @@ flag : STRING { } ; -protonode : nodetype APPEND STRING TO STRING marked { +protonode : nodetype APPEND STRING TO STRING nodeopts { node.action = NODE_ACTION_APPEND; node.key = strdup($5); node.value = strdup($3); @@ -908,7 +910,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($5); free($3); } - | nodetype CHANGE STRING TO STRING marked { + | nodetype CHANGE STRING TO STRING nodeopts { node.action = NODE_ACTION_CHANGE; node.key = strdup($3); node.value = strdup($5); @@ -919,7 +921,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($5); free($3); } - | nodetype REMOVE STRING marked { + | nodetype REMOVE STRING nodeopts { node.action = NODE_ACTION_REMOVE; node.key = strdup($3); node.value = NULL; @@ -927,7 +929,12 @@ protonode : nodetype APPEND STRING TO STRING marked { fatal("out of memory"); free($3); } - | nodetype EXPECT STRING FROM STRING marked { + | nodetype REMOVE { + node.action = NODE_ACTION_REMOVE; + node.key = NULL; + node.value = NULL; + } nodefile + | nodetype EXPECT STRING FROM STRING nodeopts { node.action = NODE_ACTION_EXPECT; node.key = strdup($5); node.value = strdup($3); @@ -937,7 +944,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3); proto->lateconnect++; } - | nodetype EXPECT STRING marked { + | nodetype EXPECT STRING nodeopts { node.action = NODE_ACTION_EXPECT; node.key = strdup($3); node.value = strdup("*"); @@ -946,7 +953,13 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3); proto->lateconnect++; } - | nodetype EXPECT digest marked { + | nodetype EXPECT { + node.action = NODE_ACTION_EXPECT; + node.key = NULL; + node.value = "*"; + proto->lateconnect++; + } nodefile + | nodetype EXPECT digest nodeopts { if (node.type != NODE_TYPE_URL) { yyerror("digest not supported for this type"); free($3.digest); @@ -961,7 +974,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3.digest); proto->lateconnect++; } - | nodetype FILTER STRING FROM STRING marked { + | nodetype FILTER STRING FROM STRING nodeopts { node.action = NODE_ACTION_FILTER; node.key = strdup($5); node.value = strdup($3); @@ -971,7 +984,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3); proto->lateconnect++; } - | nodetype FILTER STRING marked { + | nodetype FILTER STRING nodeopts { node.action = NODE_ACTION_FILTER; node.key = strdup($3); node.value = strdup("*"); @@ -979,8 +992,14 @@ protonode : nodetype APPEND STRING TO STRING marked { fatal("out of memory"); free($3); proto->lateconnect++; - } - | nodetype FILTER digest marked { + } + | nodetype FILTER { + node.action = NODE_ACTION_FILTER; + node.key = NULL; + node.value = "*"; + proto->lateconnect++; + } nodefile + | nodetype FILTER digest nodeopts { if (node.type != NODE_TYPE_URL) { yyerror("digest not supported for this type"); free($3.digest); @@ -995,7 +1014,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3.digest); proto->lateconnect++; } - | nodetype HASH STRING marked { + | nodetype HASH STRING nodeopts { node.action = NODE_ACTION_HASH; node.key = strdup($3); node.value = NULL; @@ -1004,7 +1023,7 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3); proto->lateconnect++; } - | nodetype LOG STRING marked { + | nodetype LOG STRING nodeopts { node.action = NODE_ACTION_LOG; node.key = strdup($3); node.value = NULL; @@ -1013,7 +1032,13 @@ protonode : nodetype APPEND STRING TO STRING marked { fatal("out of memory"); free($3); } - | nodetype MARK STRING FROM STRING WITH mark { + | nodetype LOG { + node.action = NODE_ACTION_LOG; + node.key = NULL; + node.value = NULL; + node.flags |= PNFLAG_LOG; + } nodefile + | nodetype MARK STRING FROM STRING WITH mark log { node.action = NODE_ACTION_MARK; node.key = strdup($5); node.value = strdup($3); @@ -1023,21 +1048,40 @@ protonode : nodetype APPEND STRING TO STRING marked { free($3); free($5); } - | nodetype MARK STRING WITH mark { + | nodetype MARK STRING WITH mark nodeopts { node.action = NODE_ACTION_MARK; node.key = strdup($3); node.value = strdup("*"); - node.mark = $5; + node.mark = $5; /* overwrite */ if (node.key == NULL || node.value == NULL) fatal("out of memory"); free($3); } ; +nodefile : FILENAME STRING nodeopts { + if (protonode_load(nodedirection, + proto, &node, $2) == -1) { + yyerror("failed to load from file: %s", $2); + free($2); + YYERROR; + } + free($2); + nodedirection = -1; /* don't add template node */ + } + ; + +nodeopts : marked log + ; + marked : /* empty */ | MARKED mark { node.mark = $2; } ; +log : /* empty */ + | LOG { node.flags |= PNFLAG_LOG; } + ; + mark : NUMBER { if ($1 <= 0 || $1 >= (int)USHRT_MAX) { yyerror("invalid mark: %d", $1); @@ -1362,10 +1406,6 @@ timeout : NUMBER } ; -log : /* empty */ { $$ = 0; } - | LOG { $$ = 1; } - ; - comma : ',' | nl | /* empty */ @@ -1427,6 +1467,7 @@ lookup(char *s) { "error", ERROR }, { "expect", EXPECT }, { "external", EXTERNAL }, + { "file", FILENAME }, { "filter", FILTER }, { "forward", FORWARD }, { "from", FROM }, diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index 70c846d7e98..1e559e71f06 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.80 2008/08/08 08:51:21 thib Exp $ */ +/* $OpenBSD: relayd.c,v 1.81 2008/09/29 14:53:35 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -1172,6 +1172,47 @@ protonode_add(enum direction dir, struct protocol *proto, } int +protonode_load(enum direction dir, struct protocol *proto, + struct protonode *node, const char *name) +{ + FILE *fp; + char buf[BUFSIZ]; + int ret = -1; + struct protonode pn; + + bcopy(node, &pn, sizeof(pn)); + pn.key = pn.value = NULL; + + if ((fp = fopen(name, "r")) == NULL) + return (-1); + + while (fgets(buf, sizeof(buf), fp) != NULL) { + /* strip comment, whitespace, and newline characters */ + buf[strcspn(buf, "\r\n\t #")] = '\0'; + if (!strlen(buf)) + continue; + pn.key = strdup(buf); + if (node->value != NULL) + pn.value = strdup(node->value); + if (pn.key == NULL || + (node->value != NULL && pn.value == NULL)) + goto fail; + if (protonode_add(dir, proto, &pn) == -1) + goto fail; + pn.key = pn.value = NULL; + } + + ret = 0; + fail: + if (pn.key != NULL) + free(pn.key); + if (pn.value != NULL) + free(pn.value); + fclose(fp); + return (ret); +} + +int bindany(struct ctl_bindany *bnd) { int s, v; diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 94448097777..9985fc42a4e 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.94 2008/09/29 09:58:51 reyk Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.95 2008/09/29 14:53:35 reyk Exp $ .\" .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -823,6 +823,15 @@ To compute the digest, use this simple command: .Bd -literal -offset indent $ echo -n "example.com/path/?args" | sha1 .Ed +.It Ic expect file Ar path +Like the directive above, but load the non-digest keys from an +external file with the specified +.Ar path +containing one key per line. +Empty lines will be ingnored and lines will be stripped at any +whitespaces, newline characters, or hash marks +.Pq Sq # +indicating a comment. .It Ic filter Ar value Ic from Ar key Like the .Ic expect Ar .. Ic from @@ -842,6 +851,12 @@ directive above, but drop any connections with the specified entity and any possible value. This is the short form of .Ic filter Ar * Ic from Ar key . +.It Ic filter file Ar path +Like the directive above, but load the non-digest keys from +.Ar path . +See +.Ic expect file Ar path +for more information. .It Ic hash Ar key Feed the value of the selected entity into the load balancing hash to select the target host. @@ -852,6 +867,12 @@ keyword in the section above. .It Ic log Ar key Log the name and the value of the entity. +.It Ic log file Ar path +Like the directive above, but load the keys from +.Ar path . +See +.Ic expect file Ar path +for more information. .It Xo .Ic mark .Op Ar value Ic from @@ -880,6 +901,12 @@ no label Do not set a label for subsequently added actions; this is the default. .It Ic remove Ar key Remove the entity with the selected name. +.It Ic remove file Ar path +Like the directive above, but load the keys from +.Ar path . +See +.Ic expect file Ar path +for more information. .It Ic return error Op Ar option Return an error reponse to the client if an internal operation or the forward connection to the client failed. diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index ace783581ea..8c381aed172 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.111 2008/09/29 09:58:51 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.112 2008/09/29 14:53:36 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -871,6 +871,8 @@ struct protonode *protonode_header(enum direction, struct protocol *, struct protonode *); int protonode_add(enum direction, struct protocol *, struct protonode *); +int protonode_load(enum direction, struct protocol *, + struct protonode *, const char *); int map6to4(struct sockaddr_storage *); int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); |