| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-11-13 | handle msgbuf_write() returning EAGAIN | Sebastian Benoit | |
| 2013-09-09 | Add support for ECDHE (Elliptic curve Diffie-Hellman) to enable | Reyk Floeter | |
| TLS/SSL Perfect Forward Secrecy (PFS). ok djm@ | |||
| 2013-09-07 | update man page with the new default HIGH:!aNULL | Reyk Floeter | |
| 2013-09-07 | Change default ciphers to HIGH:!aNULL. | Federico G. Schwindt | |
| reyk@ ok | |||
| 2013-09-04 | Handling of HTTP requests with a body like POST were broken in | Alexander Bluhm | |
| relayd. Instead of checking for the direction RELAY_DIR_RESPONSE, set toread to 0 if we don't expect a body. OK reyk@ | |||
| 2013-07-16 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | Ingo Schwarze | |
| 2013-07-04 | have FILES format a bit better; | Jason McIntyre | |
| 2013-06-29 | do not use Sx for sections outwith the page; | Jason McIntyre | |
| man4 still to go... | |||
| 2013-06-02 | With HTTP keepalive, relayd only filtered the first request and | Reyk Floeter | |
| switched to pass-through mode for subsequent requests from the client. Make sure to stay in HTTP header mode. ok benno@ | |||
| 2013-05-31 | unset cte->buf after free, fix double free via tcp_close(). | Sebastian Benoit | |
| ok reyk@ | |||
| 2013-05-30 | Support SSL inspection, the ability to transparently filter in SSL/TLS | Reyk Floeter | |
| connections (eg. HTTPS) by using a local CA that is accepted by the clients. See the "SSL RELAYS" and "EXAMPLES" sections in the relayd.conf(5) manpage for more details. ok benno@, manpage bits jmc@ | |||
| 2013-05-30 | Safari doesn't like HTTP/1.x in the generated error messages (return error), | Reyk Floeter | |
| so change it to HTTP/1.0. This also makes it RFC-compliant which only allows digits in the version number. ok bluhm@ | |||
| 2013-05-07 | - Add a simple check to prevent that the client-provided hex HTTP chunk size | Reyk Floeter | |
| turns our signed input variable into a negative number. This prevents that a chunked HTTP connection could break its own state machine and turn into a stalled state. The bug doesn't harm other connections or relayd itself. - Use a 64bit variable to allow theoretical large chunks. - Fix a comment. ok tedu@ | |||
| 2013-04-27 | time_t 64bit fixes for relayd and relayctl: | Sebastian Benoit | |
| - fix statistics - set INT_MAX limit on session timeouts - make sure we dont use to large session timeouts in pf redirects and openssl tested with old and new time_t ok florian@ | |||
| 2013-04-20 | SSL_CTX_set_timeout only handles long for the delta timeval, so constrain | Theo de Raadt | |
| it with MIN and LONG_MAX. It is only an interval, so it is fine. suggestion by djm, ok benno | |||
| 2013-04-20 | print large time_t nicely; ok benno | Theo de Raadt | |
| 2013-03-11 | handle ECONNABORTED errors from accept(). In many code blocks they can be | Theo de Raadt | |
| ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories... | |||
| 2013-03-10 | This diff changes relayd to use the monotonic clock instead of | Reyk Floeter | |
| gettimeofday(). It was also bugging me for some time to have all these checks of gettimeofday()'s return value: it should not fail. So this diff introduces a void getmonotime(struct timeval *tv) that calls clock_gettime(CLOCK_MONOTONIC, &ts) and converts the output to a struct timeval that can be used with the existing code and the timeval-specific timer functions (timerclear, timersub, ...). It does not return a status but calls fatal() on error-that-should-not-happen. ok sthen@ chris@ | |||
| 2013-03-09 | Enable TCP socket splicing for HTTP persistent connection and chunked | Alexander Bluhm | |
| transfer encoding. This speeds up relayd for more protocol modes by zero-copy TCP forwarding. OK reyk@ benno@ | |||
| 2013-03-04 | sync yyerror() with bgpd; use vlog() to log parser errors so they show in | Stuart Henderson | |
| logs if they occur when reloading. ok benno@ | |||
| 2013-02-15 | Fix the toread check in the lateconnect case. This allows | Alexander Bluhm | |
| Content-Length: 0 in HTTP GET request when a request filter is used. This was broken by my previous commit. OK reyk@ benno@ | |||
| 2013-02-05 | Rework http content and chunk handling in relayd. Use special | Alexander Bluhm | |
| toread values to track the current http header or chunk state. This allows to handle an optional chunk trailer properly. Tracking the http state is also a prerequisite for splicing persistent http connections. OK and test reyk@ benno@ | |||
| 2013-01-29 | use correct function name in fatal error message | Stuart Henderson | |
| 2013-01-22 | Only send a single CRLF between chunks. A second CRLF seemed to be | Reyk Floeter | |
| optional, and it worked fine with Firefox, but it didn't work with some browsers/clients like Chrome or CURL that implement the specification strictly. See RFC 2616, Section 3.6.1, for more information about Chunked Transfer Encoding. ok bluhm@ benno@ | |||
| 2013-01-17 | Remove unnecessary pointer casts. No binary diff. | Alexander Bluhm | |
| OK benno@ | |||
| 2012-12-18 | reorder some variables and move large buffers to the top of the stack. | Reyk Floeter | |
| 2012-12-18 | remove unused variable | Reyk Floeter | |
| 2012-12-18 | no nead to touch argv later since we don't support non-getopt arguments. | Reyk Floeter | |
| 2012-12-18 | doin't complain if the child processes exited cleanly. | Reyk Floeter | |
| 2012-12-18 | cnl is only allocated if F_NATLOOK was specified before, so skip the | Reyk Floeter | |
| extra check for F_NATLOOK and check if cnl is not NULL only. no functional change, but this might make it clear that there is no and was no memleak here. | |||
| 2012-12-18 | reorder the variables a bit, no functionaly change. | Reyk Floeter | |
| 2012-11-29 | Fix white spaces in relayd. No binary diff. | Alexander Bluhm | |
| 2012-11-27 | Add format attributes to the proper functions and then fix the warnings | Philip Guenthe | |
| that gcc then reports when compiling with -DDEBUG=2 ok reyk@ benno@ | |||
| 2012-11-21 | strtonum() can only handle a maximum of LLONG_MAX | Sebastian Benoit | |
| fixes bug reported by Bogdan Andu, thanks ok reyk@ deraadt@ sthen@ | |||
| 2012-10-19 | Support additional scheduling algorithms in the load balancer: | Reyk Floeter | |
| least-states, random, source-hash. least-states is currently only supported for redirections and the other ones are currently only supported by relays. ok benno@ | |||
| 2012-10-10 | Fix the hash http filter action to initialize the hash key correctly after | Reyk Floeter | |
| the multiple relay tables commit. | |||
| 2012-10-04 | spacing | Reyk Floeter | |
| 2012-10-03 | Only show "inflight" debugging message if compiled with DEBUG > 1. | Reyk Floeter | |
| 2012-10-03 | Inherit and pass the relay table flags correctly. | Reyk Floeter | |
| 2012-10-03 | Support more than one relay backup table. Instead of duplicating the | Reyk Floeter | |
| code for main and backup table all over the place, turn the relay tables into a list attached to the relay. This improves the code and allows some other tricks with multiple tables later. | |||
| 2012-09-21 | file descriptor accounting for relays: track how many connections to | Sebastian Benoit | |
| backend servers are unopened and reserve fds for them. ok reyk@, "don't wait" deraadt@ | |||
| 2012-09-20 | Move the HTTP code into an extra file to make future changes easier to | Reyk Floeter | |
| follow. No functional changes, only one function got renamed. ok benno@ | |||
| 2012-09-19 | Copy the host id value to the ICMP echo payload in network byte order and | Reyk Floeter | |
| in a nicer way that silences the compiler. ok benno@ | |||
| 2012-09-19 | Fix ICMP checks by setting the socklen correctly before calling recvfrom(). | Reyk Floeter | |
| ok benno@ | |||
| 2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer | |
| "not set" and used a PF_PRIO_NOTSET define for it. now that means that everything that creates a struct pf_rule doesn't get away with bzero'ing it, which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead, make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio should be set. ok benno claudio mikeb | |||
| 2012-09-17 | Fix relay statistics. Found and fix by Erik Lax (erik -at- halon -dot- se) | Sebastian Benoit | |
| ok reyk | |||
| 2012-08-24 | - rfc 5082 replaces rfc 3682; ok claudio | Jason McIntyre | |
| - flesh out SEE ALSO in bgpd.8 - fix a formatting warning in relayd.conf.5 | |||
| 2012-07-13 | after connect() returns EINPROGRESS the connection can still fail, | Sebastian Benoit | |
| so check with getsockopt if the socket is open. ok mikeb@ | |||
| 2012-07-09 | Allow relayd to handle transactions > 2GB in size | Theo de Raadt | |
| tested by snapshot users and benno for a while ok benno | |||
| 2012-07-09 | need a private copy of nitems() | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |