| Age | Commit message (Collapse) | Author |
|---|
|
for relays. they can be viewed with the new "relayctl show redirects"
command.
(uses the previous change to pf_table.c to get the statistics)
looks good pyr@
|
|
(for instance: rename struct service to struct rdr), refer to redirects
otherwise (hoststatectl output).
ok reyk@
|
|
the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
error pages and can be used to refer to additional information.
ok pyr@
|
|
possible suffix/prefix combinations by stripping subdomains, path
components, and the query args.
ok and tested by gilles@
|
|
it is possible to attach a mark to a session based on matching an
entity (header, url, cookie, ...) and add conditional action for this
mark. it works a bit like the tag/tagged keywords in pf, but i decided
to pick a different name to avoid confusion.
ok pyr@ gilles@
|
|
|
|
table are down.
Thanks to Preston Norvell at serialssolutions dot com for reporting
the problem.
|
|
suffix/prefix expressions like "example.com/index.html?args". a digest
mode allows to match against anonymized SHA1/MD5 digests of
suffix/prefix expressions.
|
|
|
|
|
|
please update your hoststated.conf configurations. also add more
examples to the manpage.
alright pyr@
|
|
digest string length; it is compatible to any existing SHA1-only
configurations.
ok pyr@ gilles@
|
|
meaningful message if a HTTP/HTTPS relay closes the connection for
some reason. for example, a "403 Forbidden" if the request was
rejected by a filter. this will be enabled with the "return error"
option and is disabled by default, the standard behaviour is to
silently drop the connection; the browser may display an empty page in
this case. the look+feel of the HTTP error page can be customized with
a CSS style sheet, but we do not intend to allow customization of the
error page contents (hoststated is not a webserver!).
ok pyr@
|
|
Table specific intervals must be multiples of the global interval.
help and ok reyk@
|
|
ok reyk@
|
|
- allow to use a key for multiple times by appending a queue of
additional matches to the tree node. for example, this allows to
specify multiple "expect" or "filter" actions to white-/black-list
a list of HTTP-headers, URLs, ..
- prevent specifing an HTTP header for multiple times when using the
expect action.
- minor code shuffling
|
|
|
|
this separation will ease reload a bit more.
ok reyk@ who spotted a stupid mistake again...
|
|
This syncs it with other hoststated entities and will make reload easier.
This is step 1 out of 7 for reload.
|
|
Especially useful when interval is rather long.
I was supposed to commit this before 4.2.
|
|
ok pyr@
|
|
|
|
|
|
instead move some of the logic in yylex and do hoststated specific
translations into hoststated.c
ok gilles@
|
|
|
|
The fd based code introduced weirdness since all children were accessing
the same fd at once. This will also greatly facilitate reloading, no
fd-passing will be involved between the parent and relay children.
While there, cleanup the code diverting from the original ssl_rsa.c code
a bit more.
Weird behavior discovery by pascoe@.
|
|
equivalent openssl functions.
|
|
already chrooted and with privileges dropped.
This is the very first step in being able to reload a
layer 7 configuration.
not ok reyk who's away but should be glad to see this in.
|
|
header randomization). this adds an infrastructure to support
UDP-based protocols.
ok gilles@, tested by some
|
|
|
|
|
|
|
|
|
|
be used for faster lookups of sessions based on different criteria.
ok pyr@
|
|
this unbreaks some configurations that worked when sslciphers was a
dynamic charbuf.
ok pyr@
|
|
promote the field to u_int32_t.
no impact on hoststatectl.
|
|
needed for layer 7 reload support.
ok pyr@
|
|
split the code to start the event loop in two functions.
introduce merge_config which will be used later on.
|
|
forward IMSG_CTL_RELOAD which ends up not doing anything for now.
|
|
|
|
for custom evaluations.
pyr agrees to put it in now but to do some improvements of the timeout
handling later.
|
|
this will make it easier to send the struct over the socket.
|
|
this time around, include hoststatectl changes too.
|
|
allow purging of parts of the hoststated environment structure.
start using this function now to only keep vital information in
hoststated children processes.
ok reyk@
|
|
|
|
First split out hosts, tables and services into to structs, one that
contains the runtime fields and one (inside the runtime) that contains
mostly static fields that will be sent over the socket during reload.
Also move the demoted field of tables inside the flags field as its
just a boolean.
ok reyk@
|
|
* make parse_config allocate the hoststated function by itself
* make as many sockets as necessary to talk to the relay children
* add send_all for talking to all children
with advise and ok reyk@
|
|
ok pyr@
|
