| Age | Commit message (Collapse) | Author |
|---|
|
OK reyk@
|
|
singly-linked SLIST instead. the only noticeable change is the
reversed order to notify the children but it does not really matter
here. also only walk through the children host list if the host
itself is a potential parent.
|
|
inherit the state from another host with the specified Id; no
additional check will be for the inheriting host. This helps in
scenarios with lots of IP aliases that all point to the same service
on the same host (like web hosting with many SSL domains).
discussed with pyr, tested in different setups
|
|
for code, next struct relay. knf long line fixes will follow later.
ok thib@
|
|
for code, start with struct relayd. finally.
ok thib@
|
|
for relays. they can be viewed with the new "relayctl show redirects"
command.
(uses the previous change to pf_table.c to get the statistics)
looks good pyr@
|
|
(for instance: rename struct service to struct rdr), refer to redirects
otherwise (hoststatectl output).
ok reyk@
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
|
|
|
|
Handle it as a special case in the one place where it actually matters
instead.
|
|
|
|
|
|
This syncs it with other hoststated entities and will make reload easier.
This is step 1 out of 7 for reload.
|
|
Especially useful when interval is rather long.
I was supposed to commit this before 4.2.
|
|
|
|
from being used by several services.
``looks fine'' reyk@
|
|
|
|
libevent just to ignore it, use SIG_IGN instead.
this syncs hoststated with bgpd and (soon) ospfd.
|
|
of our socket pairs. Instead disable listening on the pipe, terminate the
event loop, and let the parent process's SIGCHLD handler do a clean
shutdown.
from an ospfd diff by claudio, ok claudio@
|
|
needed for layer 7 reload support.
ok pyr@
|
|
Hoststated can be reloaded either by sending SIGHUP to the parent process
or by using ``hoststatectl reload''
discussed and ok reyk@
|
|
|
|
|
|
split the code to start the event loop in two functions.
introduce merge_config which will be used later on.
|
|
than one message.
|
|
forward IMSG_CTL_RELOAD which ends up not doing anything for now.
|
|
allow purging of parts of the hoststated environment structure.
start using this function now to only keep vital information in
hoststated children processes.
ok reyk@
|
|
First split out hosts, tables and services into to structs, one that
contains the runtime fields and one (inside the runtime) that contains
mostly static fields that will be sent over the socket during reload.
Also move the demoted field of tables inside the flags field as its
just a boolean.
ok reyk@
|
|
* make parse_config allocate the hoststated function by itself
* make as many sockets as necessary to talk to the relay children
* add send_all for talking to all children
with advise and ok reyk@
|
|
spotted by Ching-Feng Wang <cfw at telepaq.com>.
ok reyk@
|
|
which prevented the pfe to accept statistics updates and natlookups
from any other process then the first one. in other words, this will
show you the total relay statistics off _all_ preforked processes
(hoststatectl show relays) and it will unbreak the natlookup mode with
more than one running relay process.
|
|
layer 7 loadbalancing.
- allow to run relays with tables without depending on services
- show hosts and tables assigned to relays in hoststatectl show commands
ok pyr@ deraadt@ with some input from mcbride@
|
|
|
|
|
|
|
|
loadbalancing, SSL acceleration, general-purpose TCP relaying, and
transparent proxying.
see hoststated.conf(5) and my upcoming article on undeadly.org for
details.
ok to commit deraadt@ pyr@
|
|
any truncated strings (table names/anchors/tags/...) to pf and the
kernel.
ok pyr@
|
|
ok reyk@
|
|
ok reyk@
|
|
ok reyk@
|
|
hoststated.
ok reyk@, "looks nice and clean" niallo@
|
|
with help and OK reyk@
with help and advice by claudio@ and Srebrenko Sehic
|
|
a nice exit in case one of the processes dies. OK pyr@
|
|
Note to testers: the user the daemon changes its id to is now _hoststated,
don't forget to update master.passwd.
ok reyk@
|
|
|
|
and we don't know about all the possible security problems.
change the check send/expect code to use the fnmatch(3) interface
using shell globbing rules instead. this allows simple patterns like
"220 * ESMTP*" or "SSH-[12].??-*".
suggested by deraadt@ and otto@
ok Pierre-Yves Ritschard (pyr at spootnik dot org)
|
|
regex(3)). this allows to define additional checks for other TCP
protocols.
From Pierre-Yves Ritschard (pyr at spootnik dot org)
|
|
- minor change of the "hostatectl show" command output
- increase the max service and tag names (max pf tag name size is 64 now!)
thanks to pyr who found a bug in my initial diff
|
|
please note that some editors will replace tabs with multiple spaces
if you cut & paste code from other sections. please try to keep the
tabs ;).
|
