| Age | Commit message (Collapse) | Author |
|---|
|
ok benno
|
|
|
|
we would consume large ammounts of memory.
Found by Matthew Martin <matt DOT a DOT martin AT gmail DOT com> in
httpd, fixed in httpd by florian@
feedback from florian, reyk and bluhm, ok bluhm, reyk
|
|
the states that Claudio introduced. No functional change.
OK claudio@ benno@
|
|
to better track the connection state of a session and stops doing double
opens in certain situations using http relays. Using a state field to
simplify the logic since relay_connect() is called multiple times.
OK benno@, bluhm@ and running in production for more than a week
|
|
|
|
ok reyk@
|
|
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data. If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@
|
|
second line is a key-value header. So you cannot append to the
previous key-value before line three. Also reset the last header
when all headers are purged to avoid a use after free.
OK benno@ reyk@
|
|
parsig the HTTP header, the session was never destroyed. This
resulted in a file descriptor leak.
Add a check wether the protocol knows how much data to expect. If
relayd is reading unlimited data or is expecting nothing to read,
ignore the end-of-file. Otherwise it is a protocol violation, so
close the session immediately.
While there, make relayd compile with DEBUG defined.
Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@
|
|
manual review. Based on common practice, relayd.h now includes the
necessary headers for itself.
OK benno@
|
|
|
|
ok millert
|
|
|
|
Date: from asctime to the preferred HTTP/1.1 format, and use the
popular "Comic Sans" style (can be changed in the configuration).
|
|
OK validator.w3.org (This document was successfully checked as HTML5!)
|
|
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
|
|
loadbalance and hash modes use a random key by default that can be
forced to be a static key with a new configuration argument.
With input from Max Fillinger.
ok tedu@
|
|
ok millert@
|
|
|
|
happend with non-persistent PUT connections that had a very short
body. If the whole body was read from the client before the
connection to the server was set up, the event callback was not
called. Do the regular checks after relay_connect() succeeded.
OK reyk@
|
|
ok reyk benno
|
|
the other direction, the timeouts did not work. They were longer
than specified. Link the splicing and non-splicing timeouts.
Found by make run-regress-args-timeout-http.pl
OK reyk@
|
|
|
|
ok reyk
|
|
ok reyk
|
|
ok reyk
|
|
ok benno@
|
|
implicit ok reyk
|
|
common web servers). Add a related regress test.
OK benno@
|
|
with associated lists instead of the complicated lookup table and
"others" list. This might add a little malloc overhead for common
headers but also fixes some issues like the handling of repeated
headers - for example, handling of multiple "Set-Cookie" headers.
ok bluhm@ (regress part)
ok benno@
|
|
suggested by reyk@
|
|
ok benno@
|
|
language. The grammar is inspired by pf and allows to write versatile
last-matching filter rules in protocol sections starting with the
"pass", "block" or "match" keywords. This work was started almost two
years ago and replaces large parts of relayd(8)'s HTTP and filtering
code. The initial version reimplements and extends HTTP filtering,
but will be improved to support generic TCP and other protocols later.
With some testing, feedback, and help from benno@ and andre@.
OK benno@
|
|
|
|
|
|
Use log_debug() instead of log_info().
ok reyk@
|
|
relayd. Instead of checking for the direction RELAY_DIR_RESPONSE,
set toread to 0 if we don't expect a body.
OK reyk@
|
|
switched to pass-through mode for subsequent requests from the client.
Make sure to stay in HTTP header mode.
ok benno@
|
|
so change it to HTTP/1.0. This also makes it RFC-compliant which only allows
digits in the version number.
ok bluhm@
|
|
turns our signed input variable into a negative number. This prevents that
a chunked HTTP connection could break its own state machine and turn into
a stalled state. The bug doesn't harm other connections or relayd itself.
- Use a 64bit variable to allow theoretical large chunks.
- Fix a comment.
ok tedu@
|
|
|
|
gettimeofday(). It was also bugging me for some time to have all
these checks of gettimeofday()'s return value: it should not fail. So
this diff introduces a void getmonotime(struct timeval *tv) that calls
clock_gettime(CLOCK_MONOTONIC, &ts) and converts the output to a
struct timeval that can be used with the existing code and the
timeval-specific timer functions (timerclear, timersub, ...). It does
not return a status but calls fatal() on error-that-should-not-happen.
ok sthen@ chris@
|
|
transfer encoding. This speeds up relayd for more protocol modes
by zero-copy TCP forwarding.
OK reyk@ benno@
|
|
Content-Length: 0 in HTTP GET request when a request filter is used.
This was broken by my previous commit.
OK reyk@ benno@
|
|
toread values to track the current http header or chunk state. This
allows to handle an optional chunk trailer properly. Tracking the
http state is also a prerequisite for splicing persistent http
connections.
OK and test reyk@ benno@
|
|
optional, and it worked fine with Firefox, but it didn't work with
some browsers/clients like Chrome or CURL that implement the
specification strictly. See RFC 2616, Section 3.6.1, for more
information about Chunked Transfer Encoding.
ok bluhm@ benno@
|
|
OK benno@
|
|
that gcc then reports when compiling with -DDEBUG=2
ok reyk@ benno@
|
|
fixes bug reported by Bogdan Andu, thanks
ok reyk@ deraadt@ sthen@
|
