Age | Commit message (Collapse) | Author |
|
it is possible to attach a mark to a session based on matching an
entity (header, url, cookie, ...) and add conditional action for this
mark. it works a bit like the tag/tagged keywords in pf, but i decided
to pick a different name to avoid confusion.
ok pyr@ gilles@
|
|
suffix/prefix expressions like "example.com/index.html?args". a digest
mode allows to match against anonymized SHA1/MD5 digests of
suffix/prefix expressions.
|
|
|
|
short form for "filter * from value" or "expect * from value".
|
|
|
|
please update your hoststated.conf configurations. also add more
examples to the manpage.
alright pyr@
|
|
digest string length; it is compatible to any existing SHA1-only
configurations.
ok pyr@ gilles@
|
|
protocols.
ok pyr@
|
|
meaningful message if a HTTP/HTTPS relay closes the connection for
some reason. for example, a "403 Forbidden" if the request was
rejected by a filter. this will be enabled with the "return error"
option and is disabled by default, the standard behaviour is to
silently drop the connection; the browser may display an empty page in
this case. the look+feel of the HTTP error page can be customized with
a CSS style sheet, but we do not intend to allow customization of the
error page contents (hoststated is not a webserver!).
ok pyr@
|
|
Table specific intervals must be multiples of the global interval.
help and ok reyk@
|
|
|
|
|
|
- allow to use a key for multiple times by appending a queue of
additional matches to the tree node. for example, this allows to
specify multiple "expect" or "filter" actions to white-/black-list
a list of HTTP-headers, URLs, ..
- prevent specifing an HTTP header for multiple times when using the
expect action.
- minor code shuffling
|
|
action has been specified for the protocol. late connect mode first
reads the complete request (HTTP header) before opening the inbound
connection instead of relaying it line-by-line.
|
|
Handle it as a special case in the one place where it actually matters
instead.
|
|
|
|
|
|
it with a simple filter in the yylex() loop.
The compression in lgetc() didn't happen for quoted strings,
thus creating a regression when tabs were used in variables.
Some testing by todd@ and pyr@
OK deraadt@
|
|
but start anyway. OK reyk@
|
|
this separation will ease reload a bit more.
ok reyk@ who spotted a stupid mistake again...
|
|
based on the existing hostapd/pfctl code.
ok pyr@
|
|
enforce the file ownership and permissions to root:wheel 0400 because
we have nothing to hide.
ok pyr@
|
|
|
|
This removes the double warn/log_warn madness i introduced yesterday.
This also keeps messages on stderr at startup and when running with -n.
|
|
This syncs it with other hoststated entities and will make reload easier.
This is step 1 out of 7 for reload.
|
|
|
|
|
|
|
|
|
|
Requested and OK deraadt@
|
|
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
pointed out by mpf, discussed with pyr
|
|
yylex implementation and the code which interacts with yylex. this also
brings the future potential for include support to all of the parsers.
in the future please do not silly modifications to one of these files
without checking if you are de-unifying the code.
checked by developers in all these areas.
|
|
as found in hoststated, and make all the code diff as clean as possible. a
few issues remain mostly surrounding include support, which will likely be
added to more of the grammers soon.
ok norby pyr, others
|
|
|
|
|
|
instead move some of the logic in yylex and do hoststated specific
translations into hoststated.c
ok gilles@
|
|
|
|
in the other daemons recently. Prompted and based on work by deraadt@
proofread and ok gilles@
|
|
|
|
|
|
header randomization). this adds an infrastructure to support
UDP-based protocols.
ok gilles@, tested by some
|
|
|
|
be used for faster lookups of sessions based on different criteria.
ok pyr@
|
|
Prodded by me, done by Gille Chehade <veins@evilkittens.org>
ok reyk, jmc for the manpage bits.
|
|
sync usage() to the man page.
format string fixes.
complain about failed calloc()'s instead of exiting silently.
ok pry@,reyk@
|
|
configuration struct.
|
|
again.
|
|
split the code to start the event loop in two functions.
introduce merge_config which will be used later on.
|
|
ok reyk@
|
|
for custom evaluations.
pyr agrees to put it in now but to do some improvements of the timeout
handling later.
|