summaryrefslogtreecommitdiff
path: root/usr.sbin/hoststated/parse.y
AgeCommit message (Collapse)Author
2007-11-23re-implement the "mark" action and document it in the manpage:Reyk Floeter
it is possible to attach a mark to a session based on matching an entity (header, url, cookie, ...) and add conditional action for this mark. it works a bit like the tag/tagged keywords in pf, but i decided to pick a different name to avoid confusion. ok pyr@ gilles@
2007-11-22add (new) "url" protocol action, this can be used to match/filter URLReyk Floeter
suffix/prefix expressions like "example.com/index.html?args". a digest mode allows to match against anonymized SHA1/MD5 digests of suffix/prefix expressions.
2007-11-21spacingReyk Floeter
2007-11-21extend action grammar with "filter value" and "expect value" as aReyk Floeter
short form for "filter * from value" or "expect * from value".
2007-11-21move digest string handling into an extra function.Reyk Floeter
2007-11-21rename the "url" filter action to "query" to use the correct term.Reyk Floeter
please update your hoststated.conf configurations. also add more examples to the manpage. alright pyr@
2007-11-21allow the http digest type to be either SHA1 or MD5 determined by theReyk Floeter
digest string length; it is compatible to any existing SHA1-only configurations. ok pyr@ gilles@
2007-11-20allow to use the "include" directive in tables, services, relays, andReyk Floeter
protocols. ok pyr@
2007-11-20it may be desirable to send a HTTP error page with error code and aReyk Floeter
meaningful message if a HTTP/HTTPS relay closes the connection for some reason. for example, a "403 Forbidden" if the request was rejected by a filter. this will be enabled with the "return error" option and is disabled by default, the standard behaviour is to silently drop the connection; the browser may display an empty page in this case. the look+feel of the HTTP error page can be customized with a CSS style sheet, but we do not intend to allow customization of the error page contents (hoststated is not a webserver!). ok pyr@
2007-11-20Allow overriding the global interval in a table.Pierre-Yves Ritschard
Table specific intervals must be multiples of the global interval. help and ok reyk@
2007-11-19spacingReyk Floeter
2007-11-19knf (replace some ';;' with a single ';')Reyk Floeter
2007-11-19rework the internal handling of protocol actions a little bit:Reyk Floeter
- allow to use a key for multiple times by appending a queue of additional matches to the tree node. for example, this allows to specify multiple "expect" or "filter" actions to white-/black-list a list of HTTP-headers, URLs, .. - prevent specifing an HTTP header for multiple times when using the expect action. - minor code shuffling
2007-11-19always enable "late connect" relay mode if an "expect" or "filter"Reyk Floeter
action has been specified for the protocol. late connect mode first reads the complete request (HTTP header) before opening the inbound connection instead of relaying it line-by-line.
2007-11-15Do not insert proto_default inside the dynamically alloced protocol queue.Pierre-Yves Ritschard
Handle it as a special case in the one place where it actually matters instead.
2007-11-14reset global variables everytime we enter parse_config.Pierre-Yves Ritschard
2007-11-14make protos dynamic tooPierre-Yves Ritschard
2007-11-12Remove space/tab compression function from lgetc() and replaceMarco Pfatschbacher
it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@
2007-11-04Not using all defined protocols is not a hard error. Just print a warningClaudio Jeker
but start anyway. OK reyk@
2007-10-22load certificates text at parse time. then load them in relay processes.Pierre-Yves Ritschard
this separation will ease reload a bit more. ok reyk@ who spotted a stupid mistake again...
2007-10-22add support for the include directive to the configuration file parser,Reyk Floeter
based on the existing hostapd/pfctl code. ok pyr@
2007-10-22do not check the file secrecy of hoststated.conf, there is no need toReyk Floeter
enforce the file ownership and permissions to root:wheel 0400 because we have nothing to hide. ok pyr@
2007-10-19print system error when fopen fails.Pierre-Yves Ritschard
2007-10-19Do log initialisation correctly, like bgpd does.Pierre-Yves Ritschard
This removes the double warn/log_warn madness i introduced yesterday. This also keeps messages on stderr at startup and when running with -n.
2007-10-19Move relays from static TAILQs to allocated ones.Pierre-Yves Ritschard
This syncs it with other hoststated entities and will make reload easier. This is step 1 out of 7 for reload.
2007-10-19keep log_warn messages to be informed when a failure occurs during a reload.Pierre-Yves Ritschard
2007-10-18unbreak treeTheo de Raadt
2007-10-18extra arg to warn slipped through.Pierre-Yves Ritschard
2007-10-18repair file security warnings; ok pyrTheo de Raadt
2007-10-16Allow '=' to end a number in all lexers.Marco Pfatschbacher
Requested and OK deraadt@
2007-10-16in the lex... even inside quotes, a \ followed by space or tab shouldTheo de Raadt
expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas.
2007-10-11next step in the yylex unification: handle quoted strings in a nicer fashionTheo de Raadt
as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others
2007-10-09use macro argumentTheo de Raadt
2007-10-05cast to an intReyk Floeter
2007-10-02stop messing with lgetc to please hoststated's check/expect.Pierre-Yves Ritschard
instead move some of the logic in yylex and do hoststated specific translations into hoststated.c ok gilles@
2007-10-02clean up merged code.Pierre-Yves Ritschard
2007-10-01Add NUMBER to hoststated's lexer, very similar to what has gone inPierre-Yves Ritschard
in the other daemons recently. Prompted and based on work by deraadt@ proofread and ok gilles@
2007-10-01keep lines < 80.Pierre-Yves Ritschard
2007-09-28Correct my mail address.Pierre-Yves Ritschard
2007-09-10add support for relaying DNS traffic (with a little bit of packetReyk Floeter
header randomization). this adds an infrastructure to support UDP-based protocols. ok gilles@, tested by some
2007-09-07store the table's port as the relay's dstportReyk Floeter
2007-09-05store relay sessions in SPLAY trees instead of TAILQ lists. this willReyk Floeter
be used for faster lookups of sessions based on different criteria. ok pyr@
2007-09-04Add the ability to specify a host header when using http(s) check methods.Pierre-Yves Ritschard
Prodded by me, done by Gille Chehade <veins@evilkittens.org> ok reyk, jmc for the manpage bits.
2007-07-05use a more traditional while() instead of for() for getopt().Thordur I. Bjornsson
sync usage() to the man page. format string fixes. complain about failed calloc()'s instead of exiting silently. ok pry@,reyk@
2007-05-31do not forget to store table and backup table ids in the servicePierre-Yves Ritschard
configuration struct.
2007-05-31make sure object ids are reset before parsing the configuration filePierre-Yves Ritschard
again.
2007-05-31allocate table lists and service lists instead of using static structs.Pierre-Yves Ritschard
split the code to start the event loop in two functions. introduce merge_config which will be used later on.
2007-05-29do not start relay processes when no L7 load balancing is needed.Pierre-Yves Ritschard
ok reyk@
2007-05-29add a new check method which allows to run external scripts/programsReyk Floeter
for custom evaluations. pyr agrees to put it in now but to do some improvements of the timeout handling later.