Age | Commit message (Collapse) | Author | |
---|---|---|---|
2007-05-09 | fix potential NULL deref. | Pierre-Yves Ritschard | |
spotted by Ching-Feng Wang <cfw at telepaq.com>. ok reyk@ | |||
2007-05-02 | It is no longer needed to pass a cleared timeval to event_loopexit() NULL | Claudio Jeker | |
does the job just fine. OK reyk@ | |||
2007-04-12 | add a new relay 'path' action to filter the URL path and arguments. | Reyk Floeter | |
ok pyr@ | |||
2007-04-10 | sort entity types | Reyk Floeter | |
2007-04-10 | move the decoding of the URL, independent from the node lookups, we | Reyk Floeter | |
will need it later. | |||
2007-04-10 | it is a better idea to handle all enum values in the switch statement | Reyk Floeter | |
2007-04-10 | the relay filter action needs special handling to work correctly | Reyk Floeter | |
2007-03-21 | in addition to the host retry option in tables, add support for the | Reyk Floeter | |
optional connection "retry" to the forward to, service, and nat lookup options. for example, "nat lookup retry 3" is useful when running hoststated as a transparent proxy when connecting to unreliable frontend/backend servers. ok pyr@ | |||
2007-03-19 | do not signal "connection closed" upstream on EINTR/EAGAIN, from bgpd et al | Henning Brauer | |
2007-03-17 | remove a debug message | Reyk Floeter | |
2007-03-17 | fix a bug in the initial setup of the pfe2relay communication sockets | Reyk Floeter | |
which prevented the pfe to accept statistics updates and natlookups from any other process then the first one. in other words, this will show you the total relay statistics off _all_ preforked processes (hoststatectl show relays) and it will unbreak the natlookup mode with more than one running relay process. | |||
2007-03-17 | move some elements in the relay imsg ctl structures (just for the style) | Reyk Floeter | |
2007-03-17 | close unused relay2pfe privsep sockets correctly | Reyk Floeter | |
2007-03-17 | fix the natlook mode. | Reyk Floeter | |
2007-03-13 | allow to specify the IP_TTL and IP_MINTTL options for the relays to | Reyk Floeter | |
support the Generalized TTL Security Mechanism (GTSM) according to RFC 3682. this is especially useful with inbound connections and a fixed distance to the backend servers. ok pyr@ | |||
2007-03-12 | hoststated.conf is not a program. | Reyk Floeter | |
thanks to Sebastian Reitenbach, closes pr 5409 | |||
2007-03-07 | - fix the hoststatectl host disable/enable commands to work with relay | Reyk Floeter | |
layer 7 loadbalancing. - allow to run relays with tables without depending on services - show hosts and tables assigned to relays in hoststatectl show commands ok pyr@ deraadt@ with some input from mcbride@ | |||
2007-03-06 | fix the health checks when using the retry option | Reyk Floeter | |
2007-03-06 | add support for handling simple HTTP cookies (no per-path/domain | Reyk Floeter | |
cookies yet), for example: cookie hash "JSESSIONID" tested by some people ok pyr@ | |||
2007-03-05 | do not strip the header for expect, hash, and log actions. | Reyk Floeter | |
since we have a tristate in relay_handle_http(), use nicer return codes defined to make it better readble (no function change). | |||
2007-03-02 | when the http read callback changes and some data is still left in the | Reyk Floeter | |
input buffer, we call the new callback to handle the remaining data. this change makes sure that we only do this after the read callback was actually changed (read header -> read content, read content -> read header, read chunks...) to avoid a possible loop which could happen in some rare cases. | |||
2007-02-27 | replys -> replies; | Jason McIntyre | |
2007-02-27 | in addition to actions on request headers, allow to define relay | Reyk Floeter | |
actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@ | |||
2007-02-27 | manpage clarification for the "change" and "append" relay actions. | Reyk Floeter | |
from Tamas TEVESZ | |||
2007-02-27 | tweaks; | Jason McIntyre | |
2007-02-26 | kill the ``use ssl'' directive for consistency across parser directives. | Pierre-Yves Ritschard | |
another heads up for testers: you need to change configuration files. ok reyk@ | |||
2007-02-26 | remove HTTP and HTTPS tokens, makes for cleaner parser. | Pierre-Yves Ritschard | |
reorder other rules as well. ok reyk@ | |||
2007-02-26 | re-enable the -W flags except -Werror which behaves differently with | Reyk Floeter | |
different gcc versions (it previously broke the tree on sparc with gcc 2.95 when compiling sys/hash.h). -Werror removal suggested by deraadt@ | |||
2007-02-26 | sync the documentation with the latest change to require a 'header' | Reyk Floeter | |
keyword for default relay actions. ok pyr@ | |||
2007-02-26 | solve some conflicts in the configuration parser. | Pierre-Yves Ritschard | |
configuration will need to be updated as some directives have changed. manpage and examples bits coming up. ok reyk@ | |||
2007-02-26 | handle strlcpy return values, make lint happy | Reyk Floeter | |
2007-02-26 | better error handling for buffer I/O, fix the log action | Reyk Floeter | |
2007-02-26 | grammar; | Jason McIntyre | |
2007-02-26 | KNF | Pierre-Yves Ritschard | |
2007-02-26 | Change the ``virtual ip'' directive to ``virtual host''. | Pierre-Yves Ritschard | |
You will need to update your configuration files accordingly. "just do it", reyk@ | |||
2007-02-26 | handle requests with chunked transfer-encoding. | Reyk Floeter | |
2007-02-26 | tweak flushing of unwritten bytes on http mode changes | Reyk Floeter | |
2007-02-26 | spacing | Reyk Floeter | |
2007-02-26 | improve the relay bufferevent handler if one side closed the connection | Reyk Floeter | |
2007-02-26 | re-use the retry value from table host entries for inbound relay | Reyk Floeter | |
connections. the relay will retry to connect to the hosts for the specified number of times. this sounds bad, but is a useful "workaround" for unreliable backend servers... | |||
2007-02-26 | fix small memleaks | Reyk Floeter | |
2007-02-25 | one example (of two) of tree breaking the "other gcc" | Theo de Raadt | |
2007-02-25 | delete -W flags that reyk uses to break the tree | Theo de Raadt | |
2007-02-25 | remove unused variable | Reyk Floeter | |
2007-02-25 | tweaks; | Jason McIntyre | |
2007-02-24 | disable anonymous DH by default (cipher suite HIGH:!ADH instead of HIGH). | Reyk Floeter | |
2007-02-24 | disable SSLv2 and use "HIGH" crypto cipher suites by default. | Reyk Floeter | |
suggested by dlg@ | |||
2007-02-24 | - allow to specify the SSL cipher suite and the SSL protocols | Reyk Floeter | |
(as required by the PCI DSS) - increase the default listen backlog to 10, allow to modify the backlog as a per-protocol tcp option to improve the performance on busy systems (to get less connection failures on heavy load) - close the connection if SSL_accept returned an error - instead of logging _new_ relay sessions to syslog, log the sessions in relay_close() after they have been _finished_. this will allow to collect some additional information - add a new log keyword to log specified header/url entities (useful to track "bad guys" using many session ids or multiple user agents) - some minor fixes, manpage bits, and bump the copyright (by some reason, i didn't realize that we already have 2007...). | |||
2007-02-23 | i.e. -> e.g.; ok reyk | Jason McIntyre | |
2007-02-23 | knf | Theo de Raadt | |