summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd
AgeCommit message (Collapse)Author
2007-05-09fix potential NULL deref.Pierre-Yves Ritschard
spotted by Ching-Feng Wang <cfw at telepaq.com>. ok reyk@
2007-05-02It is no longer needed to pass a cleared timeval to event_loopexit() NULLClaudio Jeker
does the job just fine. OK reyk@
2007-04-12add a new relay 'path' action to filter the URL path and arguments.Reyk Floeter
ok pyr@
2007-04-10sort entity typesReyk Floeter
2007-04-10move the decoding of the URL, independent from the node lookups, weReyk Floeter
will need it later.
2007-04-10it is a better idea to handle all enum values in the switch statementReyk Floeter
2007-04-10the relay filter action needs special handling to work correctlyReyk Floeter
2007-03-21in addition to the host retry option in tables, add support for theReyk Floeter
optional connection "retry" to the forward to, service, and nat lookup options. for example, "nat lookup retry 3" is useful when running hoststated as a transparent proxy when connecting to unreliable frontend/backend servers. ok pyr@
2007-03-19do not signal "connection closed" upstream on EINTR/EAGAIN, from bgpd et alHenning Brauer
2007-03-17remove a debug messageReyk Floeter
2007-03-17fix a bug in the initial setup of the pfe2relay communication socketsReyk Floeter
which prevented the pfe to accept statistics updates and natlookups from any other process then the first one. in other words, this will show you the total relay statistics off _all_ preforked processes (hoststatectl show relays) and it will unbreak the natlookup mode with more than one running relay process.
2007-03-17move some elements in the relay imsg ctl structures (just for the style)Reyk Floeter
2007-03-17close unused relay2pfe privsep sockets correctlyReyk Floeter
2007-03-17fix the natlook mode.Reyk Floeter
2007-03-13allow to specify the IP_TTL and IP_MINTTL options for the relays toReyk Floeter
support the Generalized TTL Security Mechanism (GTSM) according to RFC 3682. this is especially useful with inbound connections and a fixed distance to the backend servers. ok pyr@
2007-03-12hoststated.conf is not a program.Reyk Floeter
thanks to Sebastian Reitenbach, closes pr 5409
2007-03-07- fix the hoststatectl host disable/enable commands to work with relayReyk Floeter
layer 7 loadbalancing. - allow to run relays with tables without depending on services - show hosts and tables assigned to relays in hoststatectl show commands ok pyr@ deraadt@ with some input from mcbride@
2007-03-06fix the health checks when using the retry optionReyk Floeter
2007-03-06add support for handling simple HTTP cookies (no per-path/domainReyk Floeter
cookies yet), for example: cookie hash "JSESSIONID" tested by some people ok pyr@
2007-03-05do not strip the header for expect, hash, and log actions.Reyk Floeter
since we have a tristate in relay_handle_http(), use nicer return codes defined to make it better readble (no function change).
2007-03-02when the http read callback changes and some data is still left in theReyk Floeter
input buffer, we call the new callback to handle the remaining data. this change makes sure that we only do this after the read callback was actually changed (read header -> read content, read content -> read header, read chunks...) to avoid a possible loop which could happen in some rare cases.
2007-02-27replys -> replies;Jason McIntyre
2007-02-27in addition to actions on request headers, allow to define relayReyk Floeter
actions on response headers (the reply sent by backend HTTP servers). the default and slightly faster relay streaming mode will be used if no actions are defined. for example: response change "Server" to "OpenBSD-hoststated/4.1" ok pyr@
2007-02-27manpage clarification for the "change" and "append" relay actions.Reyk Floeter
from Tamas TEVESZ
2007-02-27tweaks;Jason McIntyre
2007-02-26kill the ``use ssl'' directive for consistency across parser directives.Pierre-Yves Ritschard
another heads up for testers: you need to change configuration files. ok reyk@
2007-02-26remove HTTP and HTTPS tokens, makes for cleaner parser.Pierre-Yves Ritschard
reorder other rules as well. ok reyk@
2007-02-26re-enable the -W flags except -Werror which behaves differently withReyk Floeter
different gcc versions (it previously broke the tree on sparc with gcc 2.95 when compiling sys/hash.h). -Werror removal suggested by deraadt@
2007-02-26sync the documentation with the latest change to require a 'header'Reyk Floeter
keyword for default relay actions. ok pyr@
2007-02-26solve some conflicts in the configuration parser.Pierre-Yves Ritschard
configuration will need to be updated as some directives have changed. manpage and examples bits coming up. ok reyk@
2007-02-26handle strlcpy return values, make lint happyReyk Floeter
2007-02-26better error handling for buffer I/O, fix the log actionReyk Floeter
2007-02-26grammar;Jason McIntyre
2007-02-26KNFPierre-Yves Ritschard
2007-02-26Change the ``virtual ip'' directive to ``virtual host''.Pierre-Yves Ritschard
You will need to update your configuration files accordingly. "just do it", reyk@
2007-02-26handle requests with chunked transfer-encoding.Reyk Floeter
2007-02-26tweak flushing of unwritten bytes on http mode changesReyk Floeter
2007-02-26spacingReyk Floeter
2007-02-26improve the relay bufferevent handler if one side closed the connectionReyk Floeter
2007-02-26re-use the retry value from table host entries for inbound relayReyk Floeter
connections. the relay will retry to connect to the hosts for the specified number of times. this sounds bad, but is a useful "workaround" for unreliable backend servers...
2007-02-26fix small memleaksReyk Floeter
2007-02-25one example (of two) of tree breaking the "other gcc"Theo de Raadt
2007-02-25delete -W flags that reyk uses to break the treeTheo de Raadt
2007-02-25remove unused variableReyk Floeter
2007-02-25tweaks;Jason McIntyre
2007-02-24disable anonymous DH by default (cipher suite HIGH:!ADH instead of HIGH).Reyk Floeter
2007-02-24disable SSLv2 and use "HIGH" crypto cipher suites by default.Reyk Floeter
suggested by dlg@
2007-02-24- allow to specify the SSL cipher suite and the SSL protocolsReyk Floeter
(as required by the PCI DSS) - increase the default listen backlog to 10, allow to modify the backlog as a per-protocol tcp option to improve the performance on busy systems (to get less connection failures on heavy load) - close the connection if SSL_accept returned an error - instead of logging _new_ relay sessions to syslog, log the sessions in relay_close() after they have been _finished_. this will allow to collect some additional information - add a new log keyword to log specified header/url entities (useful to track "bad guys" using many session ids or multiple user agents) - some minor fixes, manpage bits, and bump the copyright (by some reason, i didn't realize that we already have 2007...).
2007-02-23i.e. -> e.g.; ok reykJason McIntyre
2007-02-23knfTheo de Raadt