| Age | Commit message (Collapse) | Author |
|---|
|
others (HTTP will need a more complicated splicing mechanism to switch
between headers and bodies in userland and kernel). Add the "no
splice" flag for non-TCP relays by default to indicate it in the debug
and status output.
|
|
|
|
forwarding for plain tcp connections.
feedback and ok reyk@
|
|
|
|
ok mikeb@
|
|
server connection is set up, do not enable read events for the other
side.
|
|
the client to the server did always trigger the session timeout.
The reason for this behavior was that any read event reset the
client side timeout. A read event on one side must reset the timeout
for the other side instead.
ok deraadt@
|
|
than 'unknown'. Fixes a problem where the script is killed due to expiry
of the interval timer. ok pyr@ deraadt@
|
|
identify configuration issues.
ok sthen@ pyr@
|
|
ok pyr@
|
|
the needed bits
ok deraadt@, millert@
|
|
Fixes "Address already in use" errors seen on high load.
OK reyk@ pyr@
|
|
is const now, adjust the variable and silence a compiler warning.
|
|
resource limits to the maximum of the daemon class but the host check
process (hce/health checks) didn't and was limited to a fairly low
default of 128 open sockets (openfiles-cur=128 in login.conf). This
was reached fairly quickly with "check tcp" of many hosts. This diff
increases the maximum number of monitored hosts and concurrent health
checks in relayd in a significant way and may fix issues for people
that have around 100 or more hosts (or fewer hosts with multiple checked
ports).
tested by phessler@
ok jsg@
|
|
to zero, consistent with pfe and makes other parts of the code better
behaved. From Patrik Lundin.
ok reyk@
|
|
From Patrik Lundin and Linus Widstromer.
ok reyk@
|
|
|
|
some cases it is desired to load the rules as "match in" without "quick"
to allow additional filtering or applying additional rule/state options,
eg. to add an overload table for DOS mitigation. Add the optional "match"
keyword for the redirect "tag" option to change the pf rule type accordingly.
ok jsg@ mikeb@
|
|
|
|
ok claudio@, jsg@, phessler@
|
|
(verified by both sthen@ and me).
ok sthen@; "just commit it" claudio@
|
|
|
|
inherited from the table definition even though these values could
not be changed there. While there fix a memory leak in a rather strange
case.
OK phessler, jsg, pyr, sthen, deraadt
|
|
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?
|
|
Seems reasonable to jsg, ok phessler, no response from reyk or pyr
|
|
Minor bump for libutil.
Previous versions of this diff and man page looked at by various people.
"you should just commit" deraadt
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
more readable, and fixes a spacing bug we had in smtpd.8;
|
|
and "server".
fixes for bgplg(8) and relayd.conf(5) suggested by jmc@, good catch!
ok jmc@
|
|
and follows a suggestion in event.h. also don't mix signal() and
signal_set()/signal_add().
ok jsg@ gilles@
|
|
ok jsg@ gilles@
|
|
|
|
'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@
and tech@ postings, many by Brad Tilley.
|
|
ok eric
|
|
If this happens the imsg may no longer be usable as there may be queued
messages, but this is a) already the case with the code now, and b)
would be the case if recvmsg() fails anyway, so we can document that -1
from imsg_read() invalidates the struct imsgbuf.
discussed with and ok eric
|
|
This fixes it.
Found out by Laurent Lavaud & myself.
"looks olrite" henning@
|
|
relay protocol with that done for specified relay protocols.
Makes it possible to use SSL for the default relay protocol.
From boudewijn@indes.com in pr 6316
|
|
in these cases, is useless anyway.
Found by and fixing the build with mandoc;
still fine with both old and new groff.
ok jmc@
|
|
connection and while here create a seperate function for handling cleaning
up after a request; with suggestions from reyk and claudio.
ok claudio@
|
|
something here as well.
ok claudio@ phessler@
|
|
As the child processes now call event_loopexit() and signal handling
is done through libevent if a child process died we wouldn't always
cleanup properly and wouldn't do carp demote to failover either.
This matches the way ospfd does things which is where the event_loopexit()
in child processes change came from originally.
ok claudio@ pyr@
|
|
don't get into a situation where we are calling event_set() on an event
that was already added.
ok claudio@
|
|
confusing pf.
|
|
actions. Allow interfaces to be specified in special table entries for
the routing actions. Lists of addresses can now only be done using tables,
which pfctl will generate automatically from the existing syntax.
Functionally, this deprecates the use of multiple tables or dynamic
interfaces in a single nat or rdr rule.
ok henning dlg claudio
|
|
like several other things in the tree.
ok reyk@ looks fine claudio@
|
|
`OK' claudio
|
|
of the hardcoded 0. OK henning@
|
|
ok jmc
|
|
found by parfait.
|
|
elements first (this matches all the other structures). no functional
change.
|
