diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/relayd/parse.y | 33 | ||||
| -rw-r--r-- | usr.sbin/relayd/pfe.c | 5 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.h | 11 | ||||
| -rw-r--r-- | usr.sbin/relayd/snmp.c | 6 |
4 files changed, 25 insertions, 30 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index ecadc739982..e6ea30da60a 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.209 2016/09/02 14:45:51 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.210 2016/09/02 16:14:09 reyk Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -376,26 +376,18 @@ sendbuf : NOTHING { ; main : INTERVAL NUMBER { - if (loadcfg) - break; if ((conf->sc_conf.interval.tv_sec = $2) < 0) { yyerror("invalid interval: %d", $2); YYERROR; } } | LOG loglevel { - if (loadcfg) - break; conf->sc_conf.opts |= $2; } | TIMEOUT timeout { - if (loadcfg) - break; bcopy(&$2, &conf->sc_conf.timeout, sizeof(struct timeval)); } | PREFORK NUMBER { - if (loadcfg) - break; if ($2 <= 0 || $2 > RELAY_MAXPROC) { yyerror("invalid number of preforked " "relays: %d", $2); @@ -404,17 +396,22 @@ main : INTERVAL NUMBER { conf->sc_conf.prefork_relay = $2; } | SNMP trap optstring { - if (loadcfg) - break; conf->sc_conf.flags |= F_SNMP; if ($2) - conf->sc_snmp_flags |= FSNMP_TRAPONLY; - if ($3) - conf->sc_snmp_path = $3; - else - conf->sc_snmp_path = strdup(AGENTX_SOCKET); - if (conf->sc_snmp_path == NULL) - fatal("out of memory"); + conf->sc_conf.flags |= F_SNMP_TRAPONLY; + if ($3) { + if (strlcpy(conf->sc_conf.snmp_path, + $3, sizeof(conf->sc_conf.snmp_path)) >= + sizeof(conf->sc_conf.snmp_path)) { + yyerror("snmp path truncated"); + free($3); + YYERROR; + } + free($3); + } else + (void)strlcpy(conf->sc_conf.snmp_path, + AGENTX_SOCKET, + sizeof(conf->sc_conf.snmp_path)); } ; diff --git a/usr.sbin/relayd/pfe.c b/usr.sbin/relayd/pfe.c index 9c039c66b2a..012b49f24e8 100644 --- a/usr.sbin/relayd/pfe.c +++ b/usr.sbin/relayd/pfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe.c,v 1.86 2016/09/02 14:45:51 reyk Exp $ */ +/* $OpenBSD: pfe.c,v 1.87 2016/09/02 16:14:09 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -62,8 +62,6 @@ pfe_init(struct privsep *ps, struct privsep_proc *p, void *arg) if (config_init(ps->ps_env) == -1) fatal("failed to initialize configuration"); - snmp_init(env, PROC_PARENT); - if (pledge("stdio recvfd unix pf", NULL) == -1) fatal("pledge"); @@ -207,6 +205,7 @@ pfe_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) config_getcfg(env, imsg); init_filter(env, imsg->fd); init_tables(env); + snmp_init(env, PROC_PARENT); break; case IMSG_CTL_START: pfe_setup_events(); diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 8427454c530..ddbcc8d255a 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.230 2016/09/02 14:45:51 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.231 2016/09/02 16:14:09 reyk Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -384,13 +384,15 @@ union hashkey { #define F_SCRIPT 0x02000000 #define F_TLSINSPECT 0x04000000 #define F_HASHKEY 0x08000000 +#define F_SNMP_TRAPONLY 0x10000000 #define F_BITS \ "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ "\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ "\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT" \ - "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" + "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" \ + "\35SNMP_TRAPONLY" enum forwardmode { FWD_NORMAL = 0, @@ -1031,6 +1033,7 @@ struct privsep_proc { struct relayd_config { char tls_sid[SSL_MAX_SID_CTX_LENGTH]; + char snmp_path[PATH_MAX]; struct timeval interval; struct timeval timeout; struct timeval statinterval; @@ -1070,8 +1073,6 @@ struct relayd { struct event sc_statev; int sc_snmp; - const char *sc_snmp_path; - int sc_snmp_flags; struct event sc_snmpto; struct event sc_snmpev; @@ -1089,8 +1090,6 @@ struct relayd { struct tls_ticket sc_tls_ticket_bak; }; -#define FSNMP_TRAPONLY 0x01 - #define RELAYD_OPT_VERBOSE 0x01 #define RELAYD_OPT_NOACTION 0x04 #define RELAYD_OPT_LOGUPDATE 0x08 diff --git a/usr.sbin/relayd/snmp.c b/usr.sbin/relayd/snmp.c index 6b16d5f836d..719f470a002 100644 --- a/usr.sbin/relayd/snmp.c +++ b/usr.sbin/relayd/snmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snmp.c,v 1.27 2016/09/02 14:45:51 reyk Exp $ */ +/* $OpenBSD: snmp.c,v 1.28 2016/09/02 16:14:09 reyk Exp $ */ /* * Copyright (c) 2008 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -146,7 +146,7 @@ snmp_setsock(struct relayd *env, enum privsep_procid id) bzero(&sun, sizeof(sun)); sun.sun_family = AF_UNIX; - if (strlcpy(sun.sun_path, env->sc_snmp_path, + if (strlcpy(sun.sun_path, env->sc_conf.snmp_path, sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) fatalx("invalid socket path"); @@ -521,7 +521,7 @@ snmp_agentx_process(struct agentx_handle *h, struct agentx_pdu *pdu, void *arg) if (snmp_agentx_open_response(h, pdu) == -1) break; /* Open AgentX socket; register MIB if not trap-only */ - if (!(env->sc_snmp_flags & FSNMP_TRAPONLY)) + if (!(env->sc_conf.flags & F_SNMP_TRAPONLY)) if (snmp_register(env) == -1) { log_warn("failed to register MIB"); break; |