| Age | Commit message (Collapse) | Author |
|---|
|
protocols.
ok pyr@
|
|
meaningful message if a HTTP/HTTPS relay closes the connection for
some reason. for example, a "403 Forbidden" if the request was
rejected by a filter. this will be enabled with the "return error"
option and is disabled by default, the standard behaviour is to
silently drop the connection; the browser may display an empty page in
this case. the look+feel of the HTTP error page can be customized with
a CSS style sheet, but we do not intend to allow customization of the
error page contents (hoststated is not a webserver!).
ok pyr@
|
|
Table specific intervals must be multiples of the global interval.
help and ok reyk@
|
|
|
|
|
|
- allow to use a key for multiple times by appending a queue of
additional matches to the tree node. for example, this allows to
specify multiple "expect" or "filter" actions to white-/black-list
a list of HTTP-headers, URLs, ..
- prevent specifing an HTTP header for multiple times when using the
expect action.
- minor code shuffling
|
|
action has been specified for the protocol. late connect mode first
reads the complete request (HTTP header) before opening the inbound
connection instead of relaying it line-by-line.
|
|
Handle it as a special case in the one place where it actually matters
instead.
|
|
|
|
|
|
it with a simple filter in the yylex() loop.
The compression in lgetc() didn't happen for quoted strings,
thus creating a regression when tabs were used in variables.
Some testing by todd@ and pyr@
OK deraadt@
|
|
but start anyway. OK reyk@
|
|
this separation will ease reload a bit more.
ok reyk@ who spotted a stupid mistake again...
|
|
based on the existing hostapd/pfctl code.
ok pyr@
|
|
enforce the file ownership and permissions to root:wheel 0400 because
we have nothing to hide.
ok pyr@
|
|
|
|
This removes the double warn/log_warn madness i introduced yesterday.
This also keeps messages on stderr at startup and when running with -n.
|
|
This syncs it with other hoststated entities and will make reload easier.
This is step 1 out of 7 for reload.
|
|
|
|
|
|
|
|
|
|
Requested and OK deraadt@
|
|
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
pointed out by mpf, discussed with pyr
|
|
yylex implementation and the code which interacts with yylex. this also
brings the future potential for include support to all of the parsers.
in the future please do not silly modifications to one of these files
without checking if you are de-unifying the code.
checked by developers in all these areas.
|
|
as found in hoststated, and make all the code diff as clean as possible. a
few issues remain mostly surrounding include support, which will likely be
added to more of the grammers soon.
ok norby pyr, others
|
|
|
|
|
|
instead move some of the logic in yylex and do hoststated specific
translations into hoststated.c
ok gilles@
|
|
|
|
in the other daemons recently. Prompted and based on work by deraadt@
proofread and ok gilles@
|
|
|
|
|
|
header randomization). this adds an infrastructure to support
UDP-based protocols.
ok gilles@, tested by some
|
|
|
|
be used for faster lookups of sessions based on different criteria.
ok pyr@
|
|
Prodded by me, done by Gille Chehade <veins@evilkittens.org>
ok reyk, jmc for the manpage bits.
|
|
sync usage() to the man page.
format string fixes.
complain about failed calloc()'s instead of exiting silently.
ok pry@,reyk@
|
|
configuration struct.
|
|
again.
|
|
split the code to start the event loop in two functions.
introduce merge_config which will be used later on.
|
|
ok reyk@
|
|
for custom evaluations.
pyr agrees to put it in now but to do some improvements of the timeout
handling later.
|
|
this will make it easier to send the struct over the socket.
|
|
this time around, include hoststatectl changes too.
|
|
|
|
First split out hosts, tables and services into to structs, one that
contains the runtime fields and one (inside the runtime) that contains
mostly static fields that will be sent over the socket during reload.
Also move the demoted field of tables inside the flags field as its
just a boolean.
ok reyk@
|
|
inherit them from multiple services or relays. this is useful if you
want to use a table with the same list of hosts but different ports as
specified in the relay or service section.
this makes mcbride more happy
ok pyr@
|
|
* make parse_config allocate the hoststated function by itself
* make as many sockets as necessary to talk to the relay children
* add send_all for talking to all children
with advise and ok reyk@
|
|
ok pyr@
|
