| Age | Commit message (Collapse) | Author |
|---|
|
|
|
first spotted by Paulius Bulotas <paulius+openbsd-misc at devnull.lt>.
|
|
First split out hosts, tables and services into to structs, one that
contains the runtime fields and one (inside the runtime) that contains
mostly static fields that will be sent over the socket during reload.
Also move the demoted field of tables inside the flags field as its
just a boolean.
ok reyk@
|
|
|
|
any truncated strings (table names/anchors/tags/...) to pf and the
kernel.
ok pyr@
|
|
callbacks.
|
|
|
|
|
|
ok pyr@
|
|
debug noise from ssl.c.
|
|
in check_tcp.c, prototype them in check_tcp.c
ok reyk@
|
|
ok pyr@
|
|
|
|
ok reyk@
|
|
with help and OK reyk@
with help and advice by claudio@ and Srebrenko Sehic
|
|
ok reyk@
|
|
ok claudio@, reyk@
|
|
usage. also modify the check_icmp code to use non-blocking raw sockets
and merge the icmp4 and icmp6 functions. some other minor changes
while i'm here.
as discussed with pyr@ claudio@ deraadt@
ok pyr@
|
|
|
|
and we don't know about all the possible security problems.
change the check send/expect code to use the fnmatch(3) interface
using shell globbing rules instead. this allows simple patterns like
"220 * ESMTP*" or "SSH-[12].??-*".
suggested by deraadt@ and otto@
ok Pierre-Yves Ritschard (pyr at spootnik dot org)
|
|
the configuration file, eg. "real port http".
> From Pierre-Yves Ritschard (pyr at spootnik dot org)
ok claudio@
|
|
regex(3)). this allows to define additional checks for other TCP
protocols.
From Pierre-Yves Ritschard (pyr at spootnik dot org)
|
|
seconds (tv_sec) and microseconds (tv_usec), but the code assumed
seconds and milliseconds...
|
|
instead of nested select() calls and to handle the non-blocking
sockets properly.
From Pierre-Yves Ritschard (pyr at spootnik dot org)
(with a little help by me)
|
|
please note that some editors will replace tabs with multiple spaces
if you cut & paste code from other sections. please try to keep the
tabs ;).
|
|
remote hosts and dynamically alter pf(4) tables and redirection rules
for active server load balancing. The daemon has been written by
Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as
"slbd".
The daemon is fully functional but it still needs some work and
cleanup so we don't link it to the build yet. Some TODOs are a
partial rewrite of the check_* routines (use libevent whenever we
can), improvement of the manpages, and general knf and cleanup.
ok deraadt@ claudio@
|
