aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/relayd/Makefile5
-rw-r--r--net/relayd/distinfo4
-rw-r--r--net/relayd/files/Makefile.relayctl9
-rw-r--r--net/relayd/files/Makefile.relayd16
-rw-r--r--net/relayd/files/patch-freebsd-relayctl75
-rw-r--r--net/relayd/files/patch-freebsd-relayd791
-rw-r--r--net/relayd/files/patch-relayctl-parser.c76
-rw-r--r--net/relayd/files/patch-relayctl-parser.h34
-rw-r--r--net/relayd/files/patch-relayctl-relayctl.817
-rw-r--r--net/relayd/files/patch-relayctl-relayctl.c132
-rw-r--r--net/relayd/files/patch-relayd-carp.c10
-rw-r--r--net/relayd/files/patch-relayd-check_icmp.c11
-rw-r--r--net/relayd/files/patch-relayd-check_tcp.c106
-rw-r--r--net/relayd/files/patch-relayd-config.c62
-rw-r--r--net/relayd/files/patch-relayd-control.c49
-rw-r--r--net/relayd/files/patch-relayd-hce.c101
-rw-r--r--net/relayd/files/patch-relayd-log.c72
-rw-r--r--net/relayd/files/patch-relayd-parse.y263
-rw-r--r--net/relayd/files/patch-relayd-pfe.c152
-rw-r--r--net/relayd/files/patch-relayd-pfe_filter.c284
-rw-r--r--net/relayd/files/patch-relayd-relay.c431
-rw-r--r--net/relayd/files/patch-relayd-relay_udp.c14
-rw-r--r--net/relayd/files/patch-relayd-relayd.820
-rw-r--r--net/relayd/files/patch-relayd-relayd.c274
-rw-r--r--net/relayd/files/patch-relayd-relayd.conf.5244
-rw-r--r--net/relayd/files/patch-relayd-relayd.h253
-rw-r--r--net/relayd/pkg-descr5
27 files changed, 1833 insertions, 1677 deletions
diff --git a/net/relayd/Makefile b/net/relayd/Makefile
index 04bc16f8473..f9f2d56d6f0 100644
--- a/net/relayd/Makefile
+++ b/net/relayd/Makefile
@@ -5,8 +5,7 @@
# $FreeBSD$
PORTNAME= relayd
-PORTVERSION= 4.6.20090813
-PORTREVISION= 5
+PORTVERSION= 4.9.20110522
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_LOCAL}
MASTER_SITE_SUBDIR= mm
@@ -16,7 +15,7 @@ COMMENT= OpenBSD relay daemon
LICENSE= BSD
-DISTNAME= ${PORTNAME}-${PORTVERSION}-1
+DISTNAME= ${PORTNAME}-${PORTVERSION}
USE_BZIP2= yes
MANCOMPRESSED= yes
diff --git a/net/relayd/distinfo b/net/relayd/distinfo
index b3e7053f5c2..c56d0af1915 100644
--- a/net/relayd/distinfo
+++ b/net/relayd/distinfo
@@ -1,2 +1,2 @@
-SHA256 (relayd-4.6.20090813-1.tar.bz2) = c4f2e2e48155117a73042c313f777b0f467640eea29bf2473eb9dba5bede0b9d
-SIZE (relayd-4.6.20090813-1.tar.bz2) = 77359
+SHA256 (relayd-4.9.20110522.tar.bz2) = 905ab2fa2296adc60b3552e50529dc69e906c4414b11ed125c4c6bd613765378
+SIZE (relayd-4.9.20110522.tar.bz2) = 85439
diff --git a/net/relayd/files/Makefile.relayctl b/net/relayd/files/Makefile.relayctl
index 24b5ab4d301..627ed1fe53c 100644
--- a/net/relayd/files/Makefile.relayctl
+++ b/net/relayd/files/Makefile.relayctl
@@ -2,10 +2,12 @@
PROG= relayctl
+.PATH: ${.CURDIR}/../../lib/libutil
+SRCS= imsg-buffer.c \
+ imsg.c
+
.PATH: ${.CURDIR}/../relayd
-SRCS= buffer.c \
- imsg.c \
- log.c
+SRCS+= log.c
.PATH: ${.CURDIR}
SRCS+= relayctl.c \
@@ -15,6 +17,7 @@ MAN= relayctl.8
CFLAGS+= -D__dead=''
CFLAGS+= -I${.CURDIR} \
+ -I${.CURDIR}/../../lib/libutil \
-I${.CURDIR}/../relayd \
-I${PREFIX}/include
diff --git a/net/relayd/files/Makefile.relayd b/net/relayd/files/Makefile.relayd
index f6aa3cf648a..58c7915913f 100644
--- a/net/relayd/files/Makefile.relayd
+++ b/net/relayd/files/Makefile.relayd
@@ -5,11 +5,14 @@ PROG= relayd
MAN= relayd.8 \
relayd.conf.5
-SRCS= parse.y \
+.PATH: ${.CURDIR}/../../lib/libutil
+SRCS= imsg-buffer.c \
+ imsg.c
+
+.PATH: ${.CURDIR}
+SRCS+= parse.y \
log.c \
control.c \
- buffer.c \
- imsg.c \
ssl.c \
ssl_privsep.c \
relayd.c \
@@ -23,13 +26,16 @@ SRCS= parse.y \
check_script.c \
name2id.c \
arc4random.c \
- shuffle.c
+ shuffle.c \
+ proc.c \
+ config.c
CFLAGS+= -DSHA1_DIGEST_LENGTH=SHA_DIGEST_LENGTH \
-DSHA1_DIGEST_STRING_LENGTH=SHA_DIGEST_LENGTH \
-DOPENSSL_NO_SHA -DOPENSSL_NO_MD5 \
-D__dead=''
-CFLAGS+= -I${.CURDIR} -I${PREFIX}/include
+CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libutil \
+ -I${PREFIX}/include
CLEANFILES+= y.tab.h
LDADD= -lmd -L${PREFIX}/lib ${LIBEVENT} -lssl -lcrypto
diff --git a/net/relayd/files/patch-freebsd-relayctl b/net/relayd/files/patch-freebsd-relayctl
deleted file mode 100644
index 774bf777a4a..00000000000
--- a/net/relayd/files/patch-freebsd-relayctl
+++ /dev/null
@@ -1,75 +0,0 @@
-diff -Naur relayctl.orig/parser.c relayctl/parser.c
---- relayctl.orig/parser.c 2007-12-20 21:15:43.000000000 +0100
-+++ relayctl/parser.c 2010-05-27 10:12:35.000000000 +0200
-@@ -18,7 +18,11 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#else
- #include <sys/types.h>
-+#endif
- #include <sys/socket.h>
- #include <sys/queue.h>
-
-@@ -124,6 +128,11 @@
-
- static struct parse_result res;
-
-+#ifdef __FreeBSD__
-+const struct token *match_token(const char *, const struct token []);
-+void show_valid_args(const struct token []);
-+#endif
-+
- struct parse_result *
- parse(int argc, char *argv[])
- {
-diff -Naur relayctl.orig/parser.h relayctl/parser.h
---- relayctl.orig/parser.h 2007-12-20 21:15:43.000000000 +0100
-+++ relayctl/parser.h 2010-05-27 10:12:03.000000000 +0200
-@@ -41,5 +41,7 @@
- };
-
- struct parse_result *parse(int, char *[]);
-+#ifndef __FreeBSD__
- const struct token *match_token(const char *, const struct token []);
- void show_valid_args(const struct token []);
-+#endif
-diff -Naur relayctl.orig/relayctl.c relayctl/relayctl.c
---- relayctl.orig/relayctl.c 2009-06-06 01:39:51.000000000 +0200
-+++ relayctl/relayctl.c 2010-05-27 10:11:39.000000000 +0200
-@@ -20,6 +20,9 @@
- */
-
- #include <sys/types.h>
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#endif
- #include <sys/socket.h>
- #include <sys/queue.h>
- #include <sys/un.h>
-@@ -290,7 +293,11 @@
- imn = monitor_lookup(imsg->hdr.type);
- printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
- imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
-+#ifdef __FreeBSD__
-+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
-+#else
- printf("\ttimestamp: %u, %s", now, ctime(&now));
-+#endif
- if (imn->type == -1)
- done = 1;
- if (imn->func != NULL)
-@@ -509,7 +516,11 @@
- printf("\t%8s\ttotal: %llu sessions\n"
- "\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
- "\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
-+#ifdef __FreeBSD__
-+ "", (long long unsigned)crs.cnt,
-+#else
- "", crs.cnt,
-+#endif
- "", crs.last, crs.interval,
- crs.last_hour, crs.last_day,
- "", crs.avg, crs.interval,
diff --git a/net/relayd/files/patch-freebsd-relayd b/net/relayd/files/patch-freebsd-relayd
deleted file mode 100644
index 5f2e80c11a9..00000000000
--- a/net/relayd/files/patch-freebsd-relayd
+++ /dev/null
@@ -1,791 +0,0 @@
-diff -Naur relayd.orig/carp.c relayd/carp.c
---- relayd.orig/carp.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/carp.c 2010-06-10 08:50:24.487544459 +0200
-@@ -19,6 +19,7 @@
- #include <sys/param.h>
- #include <sys/socket.h>
- #include <sys/ioctl.h>
-+#include <sys/queue.h>
-
- #include <net/if.h>
-
-diff -Naur relayd.orig/check_tcp.c relayd/check_tcp.c
---- relayd.orig/check_tcp.c 2010-06-10 08:50:20.371085750 +0200
-+++ relayd/check_tcp.c 2010-06-10 08:50:24.488548211 +0200
-@@ -31,7 +31,7 @@
- #include <stdlib.h>
- #include <errno.h>
- #include <fnmatch.h>
--#include <sha1.h>
-+#include <sha.h>
-
- #include <openssl/ssl.h>
-
-@@ -285,7 +285,11 @@
- if (b == NULL)
- fatal("out of memory");
- *b = '\0';
-+#ifndef __FreeBSD__
- if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
-+#else
-+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
-+#endif
- cte->host->he = HCE_SEND_EXPECT_OK;
- cte->host->up = HOST_UP;
- return (0);
-@@ -318,7 +322,11 @@
- fatal("out of memory");
- *b = '\0';
-
-+#ifndef __FreeBSD__
- head = cte->buf->buf;
-+#else
-+ head = (char *)cte->buf->buf;
-+#endif
- host = cte->host;
- host->he = HCE_HTTP_CODE_ERROR;
-
-@@ -370,7 +378,11 @@
- fatal("out of memory");
- *b = '\0';
-
-+#ifndef __FreeBSD__
- head = cte->buf->buf;
-+#else
-+ head = (char *)cte->buf->buf;
-+#endif
- host = cte->host;
- host->he = HCE_HTTP_DIGEST_ERROR;
-
-@@ -382,7 +394,11 @@
- }
- head += strlen("\r\n\r\n");
-
-+#ifndef __FreeBSD__
- digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
-+#else
-+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
-+#endif
-
- if (strcmp(cte->table->conf.digest, digest)) {
- log_warnx("check_http_digest: %s failed "
-diff -Naur relayd.orig/hce.c relayd/hce.c
---- relayd.orig/hce.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/hce.c 2010-06-10 08:50:24.489552523 +0200
-@@ -167,7 +167,7 @@
- struct timeval tv;
- struct table *table;
-
-- snmp_init(env, iev_main);
-+// snmp_init(env, iev_main);
-
- if (!TAILQ_EMPTY(env->sc_tables)) {
- evtimer_set(&env->sc_ev, hce_launch_checks, env);
-@@ -336,8 +336,10 @@
- print_availability(host->check_cnt, host->up_cnt));
- }
-
-+/*
- if (host->last_up != host->up)
- snmp_hosttrap(table, host);
-+*/
-
- host->last_up = host->up;
-
-diff -Naur relayd.orig/log.c relayd/log.c
---- relayd.orig/log.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/log.c 2010-06-10 08:50:24.489552523 +0200
-@@ -16,7 +16,11 @@
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#else
- #include <sys/types.h>
-+#endif
- #include <sys/queue.h>
- #include <sys/socket.h>
- #include <sys/tree.h>
-diff -Naur relayd.orig/parse.y relayd/parse.y
---- relayd.orig/parse.y 2010-06-10 08:50:20.372089782 +0200
-+++ relayd/parse.y 2010-06-10 08:50:24.490556275 +0200
-@@ -343,6 +343,7 @@
- }
- conf->sc_prefork_relay = $2;
- }
-+/* FreeBSD exclude
- | DEMOTE STRING {
- conf->sc_flags |= F_DEMOTE;
- if (strlcpy(conf->sc_demote_group, $2,
-@@ -360,6 +361,7 @@
- }
- }
- | SEND TRAP { conf->sc_flags |= F_TRAP; }
-+*/
- ;
-
- loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
-@@ -615,6 +617,7 @@
- bcopy(&$2, &table->conf.timeout,
- sizeof(struct timeval));
- }
-+/* FreeBSD exclude
- | DEMOTE STRING {
- table->conf.flags |= F_DEMOTE;
- if (strlcpy(table->conf.demote_group, $2,
-@@ -632,6 +635,7 @@
- YYERROR;
- }
- }
-+*/
- | INTERVAL NUMBER {
- if ($2 < conf->sc_interval.tv_sec ||
- $2 % conf->sc_interval.tv_sec) {
-@@ -1562,7 +1566,7 @@
- { "ciphers", CIPHERS },
- { "code", CODE },
- { "cookie", COOKIE },
-- { "demote", DEMOTE },
-+// FreeBSD { "demote", DEMOTE },
- { "digest", DIGEST },
- { "disable", DISABLE },
- { "error", ERROR },
-@@ -1625,7 +1629,7 @@
- { "timeout", TIMEOUT },
- { "to", TO },
- { "transparent", TRANSPARENT },
-- { "trap", TRAP },
-+// FreeBSD { "trap", TRAP },
- { "ttl", TTL },
- { "updates", UPDATES },
- { "url", URL },
-@@ -2260,7 +2264,8 @@
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
- error = getaddrinfo(s, NULL, &hints, &res0);
-- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
-+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
-+ if (error == EAI_AGAIN || error == EAI_NONAME)
- return (0);
- if (error) {
- log_warnx("host_dns: could not parse \"%s\": %s", s,
-diff -Naur relayd.orig/pfe.c relayd/pfe.c
---- relayd.orig/pfe.c 2010-06-10 08:50:20.369077965 +0200
-+++ relayd/pfe.c 2010-06-10 08:50:24.491560307 +0200
-@@ -17,6 +17,9 @@
- */
-
- #include <sys/param.h>
-+#ifdef __FreeBSD__
-+#include <sys/queue.h>
-+#endif
- #include <sys/stat.h>
- #include <sys/socket.h>
- #include <sys/un.h>
-@@ -859,7 +862,9 @@
- struct table *table;
- struct ctl_id id;
- struct imsg imsg;
-+#ifndef __FreeBSD__
- struct ctl_demote demote;
-+#endif
-
- bzero(&id, sizeof(id));
- bzero(&imsg, sizeof(imsg));
-@@ -920,6 +925,7 @@
- */
- table->conf.flags &= ~(F_CHANGED);
-
-+#ifndef __FreeBSD__
- /*
- * handle demotion.
- */
-@@ -942,6 +948,7 @@
- sizeof(demote.group));
- imsg_compose_event(iev_main, IMSG_DEMOTE, 0, 0, -1,
- &demote, sizeof(demote));
-+#endif
- }
- }
-
-diff -Naur relayd.orig/pfe_filter.c relayd/pfe_filter.c
---- relayd.orig/pfe_filter.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/pfe_filter.c 2010-06-10 08:51:10.599999014 +0200
-@@ -97,6 +97,10 @@
- sizeof(tables[i].pfrt_name))
- goto toolong;
- tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
-+#ifdef __FreeBSD__
-+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
-+#endif
-+ tables[i].pfrt_anchor, tables[i].pfrt_name);
- i++;
- }
- if (i != env->sc_rdrcount)
-@@ -280,12 +284,11 @@
- }
-
- psnk.psnk_af = host->conf.ss.ss_family;
-- psnk.psnk_killed = 0;
-
- if (ioctl(env->sc_pf->dev,
- DIOCKILLSRCNODES, &psnk) == -1)
- fatal("kill_srcnodes: cannot kill src nodes");
-- cnt += psnk.psnk_killed;
-+ cnt += psnk.psnk_af;
- }
-
- return (cnt);
-@@ -370,7 +373,11 @@
- struct sockaddr_in6 *sain6;
- struct address *address;
- char anchor[PF_ANCHOR_NAME_SIZE];
-+#ifndef __FreeBSD__
- int rs;
-+#else
-+ int rs = 0;
-+#endif
- struct table *t = rdr->table;
-
- if (!(env->sc_flags & F_NEEDPF))
-@@ -418,7 +425,9 @@
-
- /* Use sloppy state handling for half connections */
- rio.rule.keep_state = PF_STATE_NORMAL;
-+#ifdef PFRULE_STATESLOPPY
- rio.rule.rule_flag = PFRULE_STATESLOPPY;
-+#endif
- break;
- default:
- fatalx("sync_ruleset: invalid forward mode");
-@@ -437,7 +446,9 @@
- rio.rule.dst.port_op = address->port.op;
- rio.rule.dst.port[0] = address->port.val[0];
- rio.rule.dst.port[1] = address->port.val[1];
-+#if 0
- rio.rule.rtableid = -1; /* stay in the main routing table */
-+#endif
-
- if (rio.rule.proto == IPPROTO_TCP)
- rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
-diff -Naur relayd.orig/relay.c relayd/relay.c
---- relayd.orig/relay.c 2010-06-10 08:50:20.371085750 +0200
-+++ relayd/relay.c 2010-06-10 08:50:24.492564339 +0200
-@@ -16,7 +16,11 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#else
- #include <sys/types.h>
-+#endif
- #include <sys/queue.h>
- #include <sys/time.h>
- #include <sys/stat.h>
-@@ -683,6 +687,7 @@
- &val, sizeof(val)) == -1)
- goto bad;
- }
-+#ifndef __FreeBSD__
- if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
- if (proto->tcpflags & TCPFLAG_NSACK)
- val = 0;
-@@ -692,6 +697,7 @@
- &val, sizeof(val)) == -1)
- goto bad;
- }
-+#endif
-
- return (s);
-
-@@ -1027,7 +1033,11 @@
- }
- if (strstr(val, "$TIMEOUT") != NULL) {
- snprintf(ibuf, sizeof(ibuf), "%lu",
-+#ifdef __FreeBSD__
-+ (unsigned long)rlay->rl_conf.timeout.tv_sec);
-+#else
- rlay->rl_conf.timeout.tv_sec);
-+#endif
- if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
- return (NULL);
- }
-@@ -1624,7 +1634,11 @@
- switch (type) {
- case DIGEST_SHA1:
- case DIGEST_MD5:
-+#ifdef __FreeBSD__
-+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
-+#else
- if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
-+#endif
- relay_close_http(con, 500,
- "failed to allocate digest", 0);
- goto fail;
-@@ -2642,8 +2656,12 @@
- goto err;
-
- /* Set session context to the local relay name */
-- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
-- strlen(rlay->rl_conf.name)))
-+ if (!SSL_CTX_set_session_id_context(ctx,
-+#ifdef __FreeBSD__
-+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
-+#else
-+ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
-+#endif
- goto err;
-
- return (ctx);
-@@ -3104,7 +3122,11 @@
- if (fstat(fd, &st) != 0)
- goto fail;
- size = st.st_size;
-+#ifndef __FreeBSD__
- if ((buf = (char *)calloc(1, size + 1)) == NULL)
-+#else
-+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
-+#endif
- goto fail;
- if (read(fd, buf, size) != size)
- goto fail;
-@@ -3112,7 +3134,11 @@
- close(fd);
-
- *len = size + 1;
-+#ifndef __FreeBSD__
- return (buf);
-+#else
-+ return (char *)(buf);
-+#endif
-
- fail:
- if (buf != NULL)
-@@ -3142,7 +3168,7 @@
- return (-1);
-
- if (snprintf(certfile, sizeof(certfile),
-- "/etc/ssl/%s.crt", hbuf) == -1)
-+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
- return (-1);
- if ((rlay->rl_ssl_cert = relay_load_file(certfile,
- &rlay->rl_ssl_cert_len)) == NULL)
-@@ -3150,7 +3176,7 @@
- log_debug("relay_load_certfiles: using certificate %s", certfile);
-
- if (snprintf(certfile, sizeof(certfile),
-- "/etc/ssl/private/%s.key", hbuf) == -1)
-+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
- return -1;
- if ((rlay->rl_ssl_key = relay_load_file(certfile,
- &rlay->rl_ssl_key_len)) == NULL)
-diff -Naur relayd.orig/relay_udp.c relayd/relay_udp.c
---- relayd.orig/relay_udp.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/relay_udp.c 2010-06-10 08:50:24.493571444 +0200
-@@ -16,7 +16,11 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#else
- #include <sys/types.h>
-+#endif
- #include <sys/queue.h>
- #include <sys/time.h>
- #include <sys/stat.h>
-diff -Naur relayd.orig/relayd.8 relayd/relayd.8
---- relayd.orig/relayd.8 2010-06-10 08:50:20.371085750 +0200
-+++ relayd/relayd.8 2010-06-10 08:50:24.493571444 +0200
-@@ -117,7 +117,7 @@
- .It Fl f Ar file
- Specify an alternative configuration file.
- The default is
--.Pa /etc/relayd.conf .
-+.Pa %%PREFIX%%/etc/relayd.conf .
- .It Fl n
- Configtest mode.
- Only check the configuration file for validity.
-@@ -126,7 +126,7 @@
- .El
- .Sh FILES
- .Bl -tag -width "/var/run/relayd.sockXX" -compact
--.It /etc/relayd.conf
-+.It %%PREFIX%%/etc/relayd.conf
- Default configuration file.
- .It /var/run/relayd.sock
- Unix-domain socket used for communication with
-diff -Naur relayd.orig/relayd.c relayd/relayd.c
---- relayd.orig/relayd.c 2010-06-10 08:50:20.370081718 +0200
-+++ relayd/relayd.c 2010-06-10 08:50:24.494572682 +0200
-@@ -17,7 +17,12 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#include <openssl/rand.h>
-+#else
- #include <sys/types.h>
-+#endif
- #include <sys/queue.h>
- #include <sys/socket.h>
- #include <sys/wait.h>
-@@ -37,7 +42,11 @@
- #include <unistd.h>
- #include <ctype.h>
- #include <pwd.h>
-+#ifdef __FreeBSD__
-+#include <sha.h>
-+#else
- #include <sha1.h>
-+#endif
- #include <md5.h>
-
- #include <openssl/ssl.h>
-@@ -126,6 +135,11 @@
- int c;
- int debug;
- u_int32_t opts;
-+#ifdef __FreeBSD__
-+#if __FreeBSD_version > 800040
-+ u_int32_t rnd[256];
-+#endif
-+#endif
- struct relayd *env;
- const char *conffile;
- struct event ev_sigint;
-@@ -196,6 +210,16 @@
-
- log_info("startup");
-
-+#ifdef __FreeBSD__
-+#if __FreeBSD_version > 800040
-+ arc4random_stir();
-+ arc4random_buf(rnd, sizeof(rnd));
-+ RAND_seed(rnd, sizeof(rnd));
-+#else
-+ RAND_load_file("/dev/random",2048);
-+#endif
-+#endif
-+
- if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC,
- pipe_parent2pfe) == -1)
- fatal("socketpair");
-@@ -292,9 +316,10 @@
- iev_hce->handler, iev_hce);
- event_add(&iev_hce->ev, NULL);
-
-+#ifndef __FreeBSD__
- if (env->sc_flags & F_DEMOTE)
- carp_demote_reset(env->sc_demote_group, 0);
--
-+#endif
- event_dispatch();
-
- return (0);
-@@ -319,9 +344,11 @@
- } while (pid != -1 || (pid == -1 && errno == EINTR));
-
- control_cleanup();
-+#ifndef __FreeBSD__
- carp_demote_shutdown();
- if (env->sc_flags & F_DEMOTE)
- carp_demote_reset(env->sc_demote_group, 128);
-+#endif
- log_info("terminating");
- exit(0);
- }
-@@ -383,8 +410,10 @@
- memcpy(&env->sc_proto_default, &new_env->sc_proto_default,
- sizeof(env->sc_proto_default));
- env->sc_prefork_relay = new_env->sc_prefork_relay;
-+#ifndef __FreeBSD__
- (void)strlcpy(env->sc_demote_group, new_env->sc_demote_group,
- sizeof(env->sc_demote_group));
-+#endif
-
- env->sc_tables = new_env->sc_tables;
- env->sc_rdrs = new_env->sc_rdrs;
-@@ -610,7 +639,9 @@
- struct imsgbuf *ibuf;
- struct imsg imsg;
- ssize_t n;
-+#ifndef __FreeBSD__
- struct ctl_demote demote;
-+#endif
-
- iev = ptr;
- ibuf = &iev->ibuf;
-@@ -638,6 +669,7 @@
- break;
-
- switch (imsg.hdr.type) {
-+#ifndef __FreeBSD__
- case IMSG_DEMOTE:
- if (imsg.hdr.len - IMSG_HEADER_SIZE !=
- sizeof(demote))
-@@ -646,6 +678,7 @@
- memcpy(&demote, imsg.data, sizeof(demote));
- carp_demote_set(demote.group, demote.level);
- break;
-+#endif
- case IMSG_CTL_RELOAD:
- /*
- * so far we only get here if no L7 (relay) is done.
-@@ -709,9 +742,11 @@
- imsg_compose_event(iev_hce, IMSG_SCRIPT,
- 0, 0, -1, &scr, sizeof(scr));
- break;
-+/*
- case IMSG_SNMPSOCK:
- (void)snmp_sendsock(iev);
- break;
-+*/
- default:
- log_debug("main_dispatch_hce: unexpected imsg %d",
- imsg.hdr.type);
-@@ -1021,7 +1056,11 @@
- {
- switch (type) {
- case DIGEST_SHA1:
-+#ifdef __FreeBSD__
-+ return (SHA1_Data(data, len, buf));
-+#else
- return (SHA1Data(data, len, buf));
-+#endif
- break;
- case DIGEST_MD5:
- return (MD5Data(data, len, buf));
-@@ -1258,9 +1297,17 @@
- bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
- bnd->bnd_proto)) == -1)
- goto fail;
-+#ifdef SO_BINDANY
- if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
- &v, sizeof(v)) == -1)
- goto fail;
-+#else
-+#ifdef IP_BINDANY
-+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
-+ &v, sizeof(v)) == -1)
-+ goto fail;
-+#endif
-+#endif
- if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
- bnd->bnd_ss.ss_len) == -1)
- goto fail;
-diff -Naur relayd.orig/relayd.conf.5 relayd/relayd.conf.5
---- relayd.orig/relayd.conf.5 2010-06-10 08:50:20.371085750 +0200
-+++ relayd/relayd.conf.5 2010-06-10 08:50:24.495576434 +0200
-@@ -78,7 +78,7 @@
- .Ic include
- keyword, for example:
- .Bd -literal -offset indent
--include "/etc/relayd.conf.local"
-+include "%%PREFIX%%/etc/relayd.conf.local"
- .Ed
- .Sh MACROS
- Macros can be defined that will later be expanded in context.
-@@ -103,17 +103,6 @@
- .Sh GLOBAL CONFIGURATION
- Here are the settings that can be set globally:
- .Bl -tag -width Ds
--.It Ic demote Ar group
--Enable the global
--.Xr carp 4
--demotion option, resetting the carp demotion counter for the
--specified interface group to zero on startup and to 128 on shutdown of
--the daemon.
--For more information on interface groups,
--see the
--.Ic group
--keyword in
--.Xr ifconfig 8 .
- .It Ic interval Ar number
- Set the interval in seconds at which the hosts will be checked.
- The default interval is 10 seconds.
-@@ -143,15 +132,6 @@
- .Xr relayd 8
- runs 5 relay processes by default and every process will handle
- all configured relays.
--.It Ic send trap
--Send an SNMP trap when the state of a host changes.
--.Xr relayd 8
--will try to connect to
--.Xr snmpd 8
--and request it send a trap to the registered trap receivers;
--see
--.Xr snmpd.conf 5
--for more information about the configuration.
- .It Ic timeout Ar number
- Set the global timeout in milliseconds for checks.
- This can be overridden by the timeout value in the table definitions.
-@@ -349,17 +329,6 @@
- .Pp
- The following general table options are available:
- .Bl -tag -width Ds
--.It Ic demote Ar group
--Enable the per-table
--.Xr carp 4
--demotion option.
--This will increment the carp demotion counter for the
--specified interface group if all hosts in the table are down.
--For more information on interface groups,
--see the
--.Ic group
--keyword in
--.Xr ifconfig 8 .
- .It Ic interval Ar number
- Override the global interval and specify one for this table.
- It must be a multiple of the global interval.
-@@ -604,9 +573,9 @@
- keyword is present, the relay will accept connections using the
- encrypted SSL protocol.
- The relay will look up a private key in
--.Pa /etc/ssl/private/address.key
-+.Pa %%PREFIX%%/etc/ssl/private/address.key
- and a public certificate in
--.Pa /etc/ssl/address.crt ,
-+.Pa %%PREFIX%%/etc/ssl/address.crt ,
- where
- .Ar address
- is the specified IP address of the relay to listen on.
-@@ -955,9 +924,6 @@
- This option enables CA verification in SSL client mode.
- The daemon will load the CA (Certificate Authority) certificates from
- the specified path to verify the server certificates.
--.Ox
--provides a default CA bundle in
--.Pa /etc/ssl/cert.pem .
- .It Ic ciphers Ar string
- Set the string defining the SSL cipher suite.
- If not specified, the default value
-@@ -1036,22 +1002,19 @@
- .El
- .El
- .Sh FILES
--.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
--.It Pa /etc/relayd.conf
-+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
-+.It Pa %%PREFIX%%/etc/relayd.conf
- .Xr relayd 8
- configuration file.
- .Pp
- .It Pa /etc/services
- Service name database.
- .Pp
--.It Pa /etc/ssl/address.crt
--.It Pa /etc/ssl/private/address.key
-+.It Pa %%PREFIX%%/etc/ssl/address.crt
-+.It Pa %%PREFIX%%/etc/ssl/private/address.key
- Location of the relay SSL server certificates, where
- .Ar address
- is the configured IP address of the relay.
--.It Pa /etc/ssl/cert.pem
--Default location of the CA bundle that can be used with
--.Xr relayd 8 .
- .El
- .Sh EXAMPLES
- This configuration file would create a redirection service
-@@ -1146,7 +1109,6 @@
- .Sh SEE ALSO
- .Xr relayctl 8 ,
- .Xr relayd 8 ,
--.Xr snmpd 8 ,
- .Xr ssl 8
- .Sh HISTORY
- The
-diff -Naur relayd.orig/relayd.h relayd/relayd.h
---- relayd.orig/relayd.h 2010-06-10 08:50:20.372089782 +0200
-+++ relayd/relayd.h 2010-06-10 08:50:24.496580466 +0200
-@@ -19,10 +19,18 @@
- */
-
- #include <sys/tree.h>
-+#ifdef __FreeBSD__
-+#include <sys/param.h>
-+#include <sys/queue.h>
-+#endif
-
- #include <imsg.h>
-
-+#ifdef __FreeBSD__
-+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
-+#else
- #define CONF_FILE "/etc/relayd.conf"
-+#endif
- #define RELAYD_SOCKET "/var/run/relayd.sock"
- #define PF_SOCKET "/dev/pf"
- #define RELAYD_USER "_relayd"
-@@ -57,7 +65,18 @@
- #define PURGE_PROTOS 0x08
- #define PURGE_EVERYTHING 0xff
-
-+#ifndef __FreeBSD__
- #define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
-+#else
-+#define SIMPLEQ_HEAD STAILQ_HEAD
-+#define SIMPLEQ_FIRST STAILQ_FIRST
-+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
-+#define SIMPLEQ_ENTRY STAILQ_ENTRY
-+#define SIMPLEQ_INIT STAILQ_INIT
-+#define SIMPLEQ_EMPTY STAILQ_EMPTY
-+#define SIMPLEQ_NEXT STAILQ_NEXT
-+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
-+#endif
-
- #if DEBUG > 1
- #define DPRINTF log_debug
-@@ -607,10 +626,11 @@
- struct event sc_statev;
- struct timeval sc_statinterval;
-
-+#ifndef __FreeBSD__
- int sc_snmp;
- struct event sc_snmpto;
- struct event sc_snmpev;
--
-+#endif
- int sc_has_icmp;
- int sc_has_icmp6;
- struct ctl_icmp_event sc_icmp_send;
-@@ -688,7 +708,9 @@
- IMSG_HOST_STATUS, /* notifies from hce to pfe */
- IMSG_SYNC,
- IMSG_NATLOOK,
-+#ifndef __FreeBSD__
- IMSG_DEMOTE,
-+#endif
- IMSG_STATISTICS,
- IMSG_RECONF, /* reconfiguration notifies */
- IMSG_RECONF_TABLE,
-@@ -704,7 +726,9 @@
- IMSG_RECONF_RELAY,
- IMSG_RECONF_END,
- IMSG_SCRIPT,
-+#ifndef __FreeBSD__
- IMSG_SNMPSOCK,
-+#endif
- IMSG_BINDANY
- };
-
-@@ -857,10 +881,16 @@
- void pn_unref(u_int16_t);
- void pn_ref(u_int16_t);
-
-+#ifndef __FreeBSD__
- /* snmp.c */
- void snmp_init(struct relayd *, struct imsgev *);
- int snmp_sendsock(struct imsgev *);
- void snmp_hosttrap(struct table *, struct host *);
-+#else
-+#if __FreeBSD_version < 800041
-+u_int32_t arc4random_uniform(u_int32_t upper_bound);
-+#endif
-+#endif
-
- /* shuffle.c */
- void shuffle_init(struct shuffle *);
diff --git a/net/relayd/files/patch-relayctl-parser.c b/net/relayd/files/patch-relayctl-parser.c
index 10f86df0f84..7b6b132e317 100644
--- a/net/relayd/files/patch-relayctl-parser.c
+++ b/net/relayd/files/patch-relayctl-parser.c
@@ -1,56 +1,24 @@
---- relayctl/parser.c.orig 2010-05-31 07:38:49.928320202 +0000
-+++ relayctl/parser.c 2010-05-31 07:41:05.348576930 +0000
-@@ -68,6 +68,7 @@
- static const struct token t_rdr_id[];
- static const struct token t_table_id[];
- static const struct token t_host_id[];
-+static const struct token t_log[];
-
- static const struct token t_main[] = {
- {KEYWORD, "monitor", MONITOR, NULL},
-@@ -78,6 +79,7 @@
- {KEYWORD, "redirect", NONE, t_rdr},
- {KEYWORD, "table", NONE, t_table},
- {KEYWORD, "host", NONE, t_host},
-+ {KEYWORD, "log", NONE, t_log},
+--- relayctl/parser.c.orig 2011-05-19 10:56:49.000000000 +0200
++++ relayctl/parser.c 2011-05-22 10:51:26.683383150 +0200
+@@ -18,7 +18,11 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#else
+ #include <sys/types.h>
++#endif
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+
+@@ -87,7 +91,9 @@
+ {KEYWORD, "hosts", SHOW_HOSTS, NULL},
+ {KEYWORD, "redirects", SHOW_RDRS, NULL},
+ {KEYWORD, "relays", SHOW_RELAYS, NULL},
++#ifndef __FreeBSD__
+ {KEYWORD, "routers", SHOW_ROUTERS, NULL},
++#endif
+ {KEYWORD, "sessions", SHOW_SESSIONS, NULL},
{ENDTOKEN, "", NONE, NULL}
};
-
-@@ -126,11 +128,17 @@
- {ENDTOKEN, "", NONE, NULL}
- };
-
-+static const struct token t_log[] = {
-+ {KEYWORD, "verbose", LOG_VERBOSE, NULL},
-+ {KEYWORD, "brief", LOG_BRIEF, NULL},
-+ {ENDTOKEN, "", NONE, NULL}
-+};
-+
- static struct parse_result res;
-
- #ifdef __FreeBSD__
--const struct token *match_token(const char *, const struct token []);
--void show_valid_args(const struct token []);
-+const struct token *match_token(const char *, const struct token *);
-+void show_valid_args(const struct token *);
- #endif
-
- struct parse_result *
-@@ -166,7 +174,7 @@
- }
-
- const struct token *
--match_token(const char *word, const struct token table[])
-+match_token(const char *word, const struct token *table)
- {
- u_int i, match;
- const struct token *t = NULL;
-@@ -243,7 +251,7 @@
- }
-
- void
--show_valid_args(const struct token table[])
-+show_valid_args(const struct token *table)
- {
- int i;
-
diff --git a/net/relayd/files/patch-relayctl-parser.h b/net/relayd/files/patch-relayctl-parser.h
index 3351bd23bec..44ceeee3aea 100644
--- a/net/relayd/files/patch-relayctl-parser.h
+++ b/net/relayd/files/patch-relayctl-parser.h
@@ -1,22 +1,12 @@
---- relayctl/parser.h.orig 2010-05-31 07:38:49.934576348 +0000
-+++ relayctl/parser.h 2010-05-31 07:40:47.494152077 +0000
-@@ -32,7 +32,9 @@
- SHUTDOWN,
- POLL,
- RELOAD,
-- MONITOR
-+ MONITOR,
-+ LOG_VERBOSE,
-+ LOG_BRIEF
- };
-
- struct parse_result {
-@@ -42,6 +44,6 @@
-
- struct parse_result *parse(int, char *[]);
- #ifndef __FreeBSD__
--const struct token *match_token(const char *, const struct token []);
--void show_valid_args(const struct token []);
-+const struct token *match_token(const char *, const struct token *);
-+void show_valid_args(const struct token *);
- #endif
+--- relayctl/parser.h.orig 2011-05-22 10:56:33.769045780 +0200
++++ relayctl/parser.h 2011-05-22 10:56:46.122442873 +0200
+@@ -23,7 +23,9 @@
+ SHOW_RDRS,
+ SHOW_RELAYS,
+ SHOW_SESSIONS,
++#ifndef __FreeBSD__
+ SHOW_ROUTERS,
++#endif
+ RDR_DISABLE,
+ RDR_ENABLE,
+ TABLE_DISABLE,
diff --git a/net/relayd/files/patch-relayctl-relayctl.8 b/net/relayd/files/patch-relayctl-relayctl.8
new file mode 100644
index 00000000000..0041d337ac1
--- /dev/null
+++ b/net/relayd/files/patch-relayctl-relayctl.8
@@ -0,0 +1,17 @@
+--- relayctl/relayctl.8.orig 2011-05-19 10:56:49.000000000 +0200
++++ relayctl/relayctl.8 2011-05-22 10:43:42.420854658 +0200
+@@ -78,13 +78,10 @@
+ Show detailed status of relays including the current and average
+ access statistics.
+ The statistics will be updated every minute.
+-.It Cm show routers
+-Show detailed status of routers including the configured network
+-routes.
+ .It Cm show sessions
+ Dump the complete list of running relay sessions.
+ .It Cm show summary
+-Display a list of all relays, redirections, routers, tables, and hosts.
++Display a list of all relays, redirections, tables, and hosts.
+ .It Cm table disable Op Ar name | id
+ Disable a table.
+ Consider all hosts disabled.
diff --git a/net/relayd/files/patch-relayctl-relayctl.c b/net/relayd/files/patch-relayctl-relayctl.c
index 04cd9b89038..0259881fc47 100644
--- a/net/relayd/files/patch-relayctl-relayctl.c
+++ b/net/relayd/files/patch-relayctl-relayctl.c
@@ -1,61 +1,83 @@
---- relayctl/relayctl.c.orig 2010-05-31 09:31:42.351734730 +0200
-+++ relayctl/relayctl.c 2010-05-31 09:31:34.629284461 +0200
-@@ -86,6 +86,7 @@
- };
+--- relayctl/relayctl.c.orig 2011-05-20 11:43:53.000000000 +0200
++++ relayctl/relayctl.c 2011-05-22 11:19:50.925707539 +0200
+@@ -20,6 +20,9 @@
+ */
- struct imsgbuf *ibuf;
-+int error = 0;
-
- __dead void
- usage(void)
-@@ -104,7 +105,7 @@
- struct imsg imsg;
- int ctl_sock;
- int done = 0;
-- int n;
-+ int n, verbose = 0;
-
- /* parse options */
- if ((res = parse(argc - 1, argv + 1)) == NULL)
-@@ -185,6 +186,15 @@
- case MONITOR:
- imsg_compose(ibuf, IMSG_CTL_NOTIFY, 0, 0, -1, NULL, 0);
- break;
-+ case LOG_VERBOSE:
-+ verbose = 2;
-+ /* FALLTHROUGH */
-+ case LOG_BRIEF:
-+ imsg_compose(ibuf, IMSG_CTL_LOG_VERBOSE, 0, 0, -1,
-+ &verbose, sizeof(verbose));
-+ printf("logging request sent.\n");
-+ done = 1;
-+ break;
- }
-
- while (ibuf->w.queued)
-@@ -224,6 +234,8 @@
- done = show_command_output(&imsg);
- break;
- case NONE:
-+ case LOG_VERBOSE:
-+ case LOG_BRIEF:
+ #include <sys/types.h>
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#endif
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+ #include <sys/un.h>
+@@ -141,7 +144,9 @@
+ case SHOW_HOSTS:
+ case SHOW_RDRS:
+ case SHOW_RELAYS:
++#ifndef __FreeBSD__
+ case SHOW_ROUTERS:
++#endif
+ imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0);
+ printf("%-4s\t%-8s\t%-24s\t%-7s\tStatus\n",
+ "Id", "Type", "Name", "Avlblty");
+@@ -222,7 +227,9 @@
+ case SHOW_HOSTS:
+ case SHOW_RDRS:
+ case SHOW_RELAYS:
++#ifndef __FreeBSD__
+ case SHOW_ROUTERS:
++#endif
+ done = show_summary_msg(&imsg, res->action);
break;
- case MONITOR:
- done = monitor(&imsg);
-@@ -235,7 +247,7 @@
- close(ctl_sock);
- free(ibuf);
-
-- return (0);
-+ return (error ? 1 : 0);
- }
+ case SHOW_SESSIONS:
+@@ -312,7 +319,11 @@
+ imn = monitor_lookup(imsg->hdr.type);
+ printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name,
+ imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid);
++#ifdef __FreeBSD__
++ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now));
++#else
+ printf("\ttimestamp: %u, %s", now, ctime(&now));
++#endif
+ if (imn->type == -1)
+ done = 1;
+ if (imn->func != NULL)
+@@ -328,8 +339,10 @@
+ struct table *table;
+ struct host *host;
+ struct relay *rlay;
++#ifndef __FreeBSD__
+ struct router *rt;
+ struct netroute *nr;
++#endif
+ struct ctl_stats stats[RELAY_MAXPROC];
+ char name[MAXHOSTNAMELEN];
- struct imsgname *
-@@ -431,6 +443,7 @@
+@@ -394,6 +407,7 @@
+ bcopy(imsg->data, &stats, sizeof(stats));
+ print_statistics(stats);
break;
- case IMSG_CTL_FAIL:
- printf("command failed\n");
-+ error++;
++#ifndef __FreeBSD__
+ case IMSG_CTL_ROUTER:
+ if (!(type == SHOW_SUM || type == SHOW_ROUTERS))
+ break;
+@@ -416,6 +430,7 @@
+ printf("\t%8s\troute: %s/%d\n",
+ "", name, nr->nr_conf.prefixlen);
break;
++#endif
+ case IMSG_CTL_END:
+ return (1);
default:
- errx(1, "wrong message in summary: %u", imsg->hdr.type);
+@@ -557,7 +572,11 @@
+ printf("\t%8s\ttotal: %llu sessions\n"
+ "\t%8s\tlast: %u/%us %u/h %u/d sessions\n"
+ "\t%8s\taverage: %u/%us %u/h %u/d sessions\n",
++#ifdef __FreeBSD__
++ "", (long long unsigned)crs.cnt,
++#else
+ "", crs.cnt,
++#endif
+ "", crs.last, crs.interval,
+ crs.last_hour, crs.last_day,
+ "", crs.avg, crs.interval,
diff --git a/net/relayd/files/patch-relayd-carp.c b/net/relayd/files/patch-relayd-carp.c
new file mode 100644
index 00000000000..ef02497845c
--- /dev/null
+++ b/net/relayd/files/patch-relayd-carp.c
@@ -0,0 +1,10 @@
+--- relayd.orig/carp.c 2011-05-22 01:06:39.463154237 +0200
++++ relayd/carp.c 2011-05-22 01:06:54.671017027 +0200
+@@ -19,6 +19,7 @@
+ #include <sys/param.h>
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
++#include <sys/queue.h>
+
+ #include <net/if.h>
+
diff --git a/net/relayd/files/patch-relayd-check_icmp.c b/net/relayd/files/patch-relayd-check_icmp.c
deleted file mode 100644
index 84013c12c89..00000000000
--- a/net/relayd/files/patch-relayd-check_icmp.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- relayd/check_icmp.c.orig 2009-08-07 13:32:54.000000000 +0200
-+++ relayd/check_icmp.c 2010-05-27 11:22:12.631744485 +0200
-@@ -150,7 +150,7 @@
- if (((struct sockaddr *)&host->conf.ss)->sa_family !=
- cie->af)
- continue;
-- if (!(host->flags & F_CHECK_DONE)) {
-+ if (!(host->flags & (F_CHECK_DONE|F_DISABLE))) {
- host->up = HOST_DOWN;
- hce_notify_done(host, he);
- }
diff --git a/net/relayd/files/patch-relayd-check_tcp.c b/net/relayd/files/patch-relayd-check_tcp.c
index d4697110327..b62d4572298 100644
--- a/net/relayd/files/patch-relayd-check_tcp.c
+++ b/net/relayd/files/patch-relayd-check_tcp.c
@@ -1,47 +1,59 @@
---- relayd/check_tcp.c.orig 2011-01-15 00:27:09.011450590 +0100
-+++ relayd/check_tcp.c 2011-01-15 00:42:05.271822942 +0100
-@@ -50,11 +50,10 @@
- check_tcp(struct ctl_tcp_event *cte)
- {
- int s;
-- int type;
- socklen_t len;
- struct timeval tv;
- struct linger lng;
-- int he = HCE_TCP_CONNECT_ERROR;
-+ int he = HCE_TCP_SOCKET_OPTION;
-
- switch (cte->host->conf.ss.ss_family) {
- case AF_INET:
-@@ -69,17 +68,18 @@
-
- len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len;
-
-- if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1)
-+ if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) {
-+ if (errno == EMFILE || errno == ENFILE)
-+ he = HCE_TCP_SOCKET_LIMIT;
-+ else
-+ he = HCE_TCP_SOCKET_ERROR;
- goto bad;
-+ }
-
- bzero(&lng, sizeof(lng));
- if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
- goto bad;
-
-- type = 1;
-- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &type, sizeof(type)) == -1)
-- goto bad;
--
- if (cte->host->conf.ttl > 0) {
- if (setsockopt(s, IPPROTO_IP, IP_TTL,
- &cte->host->conf.ttl, sizeof(int)) == -1)
-@@ -99,6 +99,7 @@
-
- cte->buf = NULL;
- cte->host->up = HOST_UP;
-+ event_del(&cte->ev);
- event_set(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_write, cte);
- event_add(&cte->ev, &tv);
- return;
+--- relayd.orig/check_tcp.c 2011-05-22 01:06:39.463154237 +0200
++++ relayd/check_tcp.c 2011-05-22 01:06:54.673025092 +0200
+@@ -31,7 +31,7 @@
+ #include <stdlib.h>
+ #include <errno.h>
+ #include <fnmatch.h>
+-#include <sha1.h>
++#include <sha.h>
+
+ #include <openssl/ssl.h>
+
+@@ -287,7 +287,11 @@
+ if (b == NULL)
+ fatal("out of memory");
+ *b = '\0';
++#ifndef __FreeBSD__
+ if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) {
++#else
++ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) {
++#endif
+ cte->host->he = HCE_SEND_EXPECT_OK;
+ cte->host->up = HOST_UP;
+ return (0);
+@@ -320,7 +324,11 @@
+ fatal("out of memory");
+ *b = '\0';
+
++#ifndef __FreeBSD__
+ head = cte->buf->buf;
++#else
++ head = (char *)cte->buf->buf;
++#endif
+ host = cte->host;
+ host->he = HCE_HTTP_CODE_ERROR;
+
+@@ -372,7 +380,11 @@
+ fatal("out of memory");
+ *b = '\0';
+
++#ifndef __FreeBSD__
+ head = cte->buf->buf;
++#else
++ head = (char *)cte->buf->buf;
++#endif
+ host = cte->host;
+ host->he = HCE_HTTP_DIGEST_ERROR;
+
+@@ -384,7 +396,11 @@
+ }
+ head += strlen("\r\n\r\n");
+
++#ifndef __FreeBSD__
+ digeststr(cte->table->conf.digest_type, head, strlen(head), digest);
++#else
++ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest);
++#endif
+
+ if (strcmp(cte->table->conf.digest, digest)) {
+ log_warnx("%s: %s failed (wrong digest)",
diff --git a/net/relayd/files/patch-relayd-config.c b/net/relayd/files/patch-relayd-config.c
new file mode 100644
index 00000000000..fb723684012
--- /dev/null
+++ b/net/relayd/files/patch-relayd-config.c
@@ -0,0 +1,62 @@
+--- relayd.orig/config.c 2011-05-22 01:06:39.463154237 +0200
++++ relayd/config.c 2011-05-22 01:18:41.041076104 +0200
+@@ -118,6 +118,7 @@
+ RB_INIT(&env->sc_proto_default.request_tree);
+ RB_INIT(&env->sc_proto_default.response_tree);
+ }
++#ifndef __FreeBSD__
+ if (what & CONFIG_RTS) {
+ if ((env->sc_rts =
+ calloc(1, sizeof(*env->sc_rts))) == NULL)
+@@ -130,7 +131,7 @@
+ return (-1);
+ TAILQ_INIT(env->sc_routes);
+ }
+-
++#endif
+ return (0);
+ }
+
+@@ -143,8 +144,10 @@
+ struct address *virt;
+ struct protocol *proto;
+ struct relay *rlay;
++#ifndef __FreeBSD__
+ struct netroute *nr;
+ struct router *rt;
++#endif
+ u_int what;
+
+ what = ps->ps_what[privsep_process] & reset;
+@@ -181,6 +184,7 @@
+ }
+ env->sc_protocount = 0;
+ }
++#ifndef __FreeBSD__
+ if (what & CONFIG_RTS && env->sc_rts != NULL) {
+ while ((rt = TAILQ_FIRST(env->sc_rts)) != NULL) {
+ TAILQ_REMOVE(env->sc_rts, rt, rt_entry);
+@@ -203,6 +207,7 @@
+ }
+ env->sc_routecount = 0;
+ }
++#endif
+ }
+
+ int
+@@ -476,6 +481,7 @@
+ return (0);
+ }
+
++#ifndef __FreeBSD__
+ int
+ config_setrt(struct relayd *env, struct router *rt)
+ {
+@@ -570,6 +576,7 @@
+
+ return (0);
+ }
++#endif
+
+ int
+ config_setproto(struct relayd *env, struct protocol *proto)
diff --git a/net/relayd/files/patch-relayd-control.c b/net/relayd/files/patch-relayd-control.c
deleted file mode 100644
index 63d50574278..00000000000
--- a/net/relayd/files/patch-relayd-control.c
+++ /dev/null
@@ -1,49 +0,0 @@
---- relayd/control.c.orig 2010-05-31 09:31:24.548916055 +0000
-+++ relayd/control.c 2010-05-31 09:31:09.036333394 +0000
-@@ -136,13 +136,13 @@
- if ((connfd = accept(listenfd,
- (struct sockaddr *)&sun, &len)) == -1) {
- if (errno != EWOULDBLOCK && errno != EINTR)
-- log_warn("control_accept");
-+ log_warn("control_accept: accept");
- return;
- }
-
- session_socket_blockmode(connfd, BM_NONBLOCK);
-
-- if ((c = malloc(sizeof(struct ctl_conn))) == NULL) {
-+ if ((c = calloc(1, sizeof(struct ctl_conn))) == NULL) {
- close(connfd);
- log_warn("control_accept");
- return;
-@@ -196,6 +196,7 @@
- struct imsg imsg;
- struct ctl_id id;
- int n;
-+ int verbose;
- struct relayd *env = arg;
-
- if ((c = control_connbyfd(fd)) == NULL) {
-@@ -356,6 +357,22 @@
- }
- c->flags |= CTL_CONN_NOTIFY;
- break;
-+ case IMSG_CTL_LOG_VERBOSE:
-+ if (imsg.hdr.len != IMSG_HEADER_SIZE +
-+ sizeof(verbose))
-+ break;
-+
-+ memcpy(&verbose, imsg.data, sizeof(verbose));
-+
-+ imsg_compose_event(iev_hce, IMSG_CTL_LOG_VERBOSE,
-+ 0, 0, -1, &verbose, sizeof(verbose));
-+ imsg_compose_event(iev_main, IMSG_CTL_LOG_VERBOSE,
-+ 0, 0, -1, &verbose, sizeof(verbose));
-+ memcpy(imsg.data, &verbose, sizeof(verbose));
-+ control_imsg_forward(&imsg);
-+
-+ log_verbose(verbose);
-+ break;
- default:
- log_debug("control_dispatch_imsg: "
- "error handling imsg %d", imsg.hdr.type);
diff --git a/net/relayd/files/patch-relayd-hce.c b/net/relayd/files/patch-relayd-hce.c
index 505edc8a2fe..385ea0eaf21 100644
--- a/net/relayd/files/patch-relayd-hce.c
+++ b/net/relayd/files/patch-relayd-hce.c
@@ -1,76 +1,35 @@
---- relayd/hce.c.orig 2011-01-15 00:27:09.012456298 +0100
-+++ relayd/hce.c 2011-01-15 00:40:15.058397878 +0100
-@@ -62,6 +62,11 @@
- case SIGTERM:
- hce_shutdown();
- break;
-+ case SIGCHLD:
-+ case SIGHUP:
-+ case SIGPIPE:
-+ /* ignore */
-+ break;
- default:
- fatalx("hce_sig_handler: unexpected signal");
- }
-@@ -75,8 +80,6 @@
- pid_t pid;
- struct passwd *pw;
- int i;
-- struct event ev_sigint;
-- struct event ev_sigterm;
-
- switch (pid = fork()) {
- case -1:
-@@ -117,6 +120,9 @@
+--- relayd.orig/hce.c 2011-05-22 01:06:39.461146172 +0200
++++ relayd/hce.c 2011-05-22 01:08:01.230992828 +0200
+@@ -80,7 +80,9 @@
+ /* Allow maximum available sockets for TCP checks */
+ socket_rlimit(-1);
- event_init();
++#ifndef __FreeBSD__
+ snmp_init(env, PROC_PARENT);
++#endif
+ }
-+ /* Allow maximum available sockets for TCP checks */
-+ socket_rlimit(-1);
-+
- if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL ||
- (iev_main = calloc(1, sizeof(struct imsgev))) == NULL)
- fatal("hce");
-@@ -135,12 +141,17 @@
- iev_main->handler, iev_main);
- event_add(&iev_main->ev, NULL);
+ void
+@@ -263,8 +265,10 @@
+ print_availability(host->check_cnt, host->up_cnt));
+ }
-- signal_set(&ev_sigint, SIGINT, hce_sig_handler, NULL);
-- signal_set(&ev_sigterm, SIGTERM, hce_sig_handler, NULL);
-- signal_add(&ev_sigint, NULL);
-- signal_add(&ev_sigterm, NULL);
-- signal(SIGPIPE, SIG_IGN);
-- signal(SIGHUP, SIG_IGN);
-+ signal_set(&env->sc_evsigint, SIGINT, hce_sig_handler, env);
-+ signal_set(&env->sc_evsigterm, SIGTERM, hce_sig_handler, env);
-+ signal_set(&env->sc_evsigchld, SIGCHLD, hce_sig_handler, env);
-+ signal_set(&env->sc_evsighup, SIGHUP, hce_sig_handler, env);
-+ signal_set(&env->sc_evsigpipe, SIGPIPE, hce_sig_handler, env);
-+
-+ signal_add(&env->sc_evsigint, NULL);
-+ signal_add(&env->sc_evsigterm, NULL);
-+ signal_add(&env->sc_evsigchld, NULL);
-+ signal_add(&env->sc_evsighup, NULL);
-+ signal_add(&env->sc_evsigpipe, NULL);
++#ifndef __FreeBSD__
+ if (host->last_up != host->up)
+ snmp_hosttrap(env, table, host);
++#endif
- /* setup pipes */
- close(pipe_pfe2hce[1]);
-@@ -370,6 +381,7 @@
- objid_t id;
- struct host *host;
- struct table *table;
-+ int verbose;
+ host->last_up = host->up;
- iev = ptr;
- ibuf = &iev->ibuf;
-@@ -437,6 +449,10 @@
- table->skipped = 0;
- hce_launch_checks(-1, EV_TIMEOUT, env);
- break;
-+ case IMSG_CTL_LOG_VERBOSE:
-+ memcpy(&verbose, imsg.data, sizeof(verbose));
-+ log_verbose(verbose);
-+ break;
- default:
- log_debug("hce_dispatch_msg: unexpected imsg %d",
- imsg.hdr.type);
+@@ -350,9 +354,11 @@
+ case IMSG_CFG_HOST:
+ config_gethost(env, imsg);
+ break;
++#ifndef __FreeBSD__
+ case IMSG_SNMPSOCK:
+ snmp_getsock(env, imsg);
+ break;
++#endif
+ case IMSG_CFG_DONE:
+ config_getcfg(env, imsg);
+ hce_setup_events();
diff --git a/net/relayd/files/patch-relayd-log.c b/net/relayd/files/patch-relayd-log.c
index 4921f977966..518d394c6df 100644
--- a/net/relayd/files/patch-relayd-log.c
+++ b/net/relayd/files/patch-relayd-log.c
@@ -1,58 +1,14 @@
---- relayd/log.c.orig 2011-01-15 00:27:09.012456298 +0100
-+++ relayd/log.c 2011-01-15 00:39:01.553947279 +0100
-@@ -45,6 +45,7 @@
- #include "relayd.h"
-
- int debug;
-+int verbose;
-
- void vlog(int, const char *, va_list);
- void logit(int, const char *, ...);
-@@ -55,6 +56,7 @@
- extern char *__progname;
-
- debug = n_debug;
-+ verbose = n_debug;
-
- if (!debug)
- openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
-@@ -63,6 +65,12 @@
- }
-
- void
-+log_verbose(int v)
-+{
-+ verbose = v;
-+}
-+
-+void
- logit(int pri, const char *fmt, ...)
- {
- va_list ap;
-@@ -141,7 +149,7 @@
- {
- va_list ap;
-
-- if (debug > 1) {
-+ if (verbose > 1) {
- va_start(ap, emsg);
- vlog(LOG_DEBUG, emsg, ap);
- va_end(ap);
-@@ -192,9 +200,15 @@
- case HCE_ICMP_WRITE_TIMEOUT:
- return ("icmp write timeout");
- break;
-- case HCE_TCP_CONNECT_ERROR:
-- return ("tcp connect error");
-+ case HCE_TCP_SOCKET_ERROR:
-+ return ("tcp socket error");
-+ break;
-+ case HCE_TCP_SOCKET_LIMIT:
-+ return ("tcp socket limit");
- break;
-+ case HCE_TCP_SOCKET_OPTION:
-+ return ("tcp socket option");
-+ break;
- case HCE_TCP_CONNECT_FAIL:
- return ("tcp connect failed");
- break;
+--- relayd.orig/log.c 2011-05-22 01:06:39.461146172 +0200
++++ relayd/log.c 2011-05-22 01:06:54.680052759 +0200
+@@ -16,7 +16,11 @@
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#else
+ #include <sys/types.h>
++#endif
+ #include <sys/queue.h>
+ #include <sys/socket.h>
+ #include <sys/tree.h>
diff --git a/net/relayd/files/patch-relayd-parse.y b/net/relayd/files/patch-relayd-parse.y
index ed465f9549f..aef89333a2e 100644
--- a/net/relayd/files/patch-relayd-parse.y
+++ b/net/relayd/files/patch-relayd-parse.y
@@ -1,14 +1,249 @@
---- relayd/parse.y.orig 2010-05-31 09:00:51.007686324 +0200
-+++ relayd/parse.y 2010-05-31 09:00:42.736791085 +0200
-@@ -2003,6 +2006,11 @@
- bzero(&conf->sc_proto_default, sizeof(conf->sc_proto_default));
- conf->sc_proto_default.flags = F_USED;
- conf->sc_proto_default.cache = RELAY_CACHESIZE;
-+ conf->sc_proto_default.tcpflags = TCPFLAG_DEFAULT;
-+ conf->sc_proto_default.tcpbacklog = RELAY_BACKLOG;
-+ conf->sc_proto_default.sslflags = SSLFLAG_DEFAULT;
-+ (void)strlcpy(conf->sc_proto_default.sslciphers, SSLCIPHERS_DEFAULT,
-+ sizeof(conf->sc_proto_default.sslciphers));
- conf->sc_proto_default.type = RELAY_PROTO_TCP;
- (void)strlcpy(conf->sc_proto_default.name, "default",
- sizeof(conf->sc_proto_default.name));
+--- relayd.orig/parse.y 2011-05-22 01:06:39.462150204 +0200
++++ relayd/parse.y 2011-05-22 01:06:54.687080706 +0200
+@@ -35,7 +35,7 @@
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <arpa/nameser.h>
+-#include <net/route.h>
++// FreeBSD #include <net/route.h>
+
+ #include <ctype.h>
+ #include <unistd.h>
+@@ -93,8 +93,10 @@
+ objid_t last_host_id = 0;
+ objid_t last_relay_id = 0;
+ objid_t last_proto_id = 0;
++/* FreeBSD exclude
+ objid_t last_rt_id = 0;
+ objid_t last_nr_id = 0;
++*/
+
+ static struct rdr *rdr = NULL;
+ static struct table *table = NULL;
+@@ -103,7 +105,9 @@
+ struct relaylist relays;
+ static struct protocol *proto = NULL;
+ static struct protonode node;
++/* FreeBSD exclude
+ static struct router *router = NULL;
++*/
+ static u_int16_t label = 0;
+ static in_port_t tableport = 0;
+ static int nodedirection;
+@@ -148,12 +152,20 @@
+ %token CIPHERS CODE COOKIE DEMOTE DIGEST DISABLE ERROR EXPECT
+ %token EXTERNAL FILENAME FILTER FORWARD FROM HASH HEADER HOST ICMP
+ %token INCLUDE INET INET6 INTERFACE INTERVAL IP LABEL LISTEN
+-%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
+-%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
++// FreeBSD exclude %token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION
++%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO
++// FreeBSD exclude %token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO
++%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PROTO
+ %token QUERYSTR REAL REDIRECT RELAY REMOVE REQUEST RESPONSE RETRY
+ %token RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SOCKET SPLICE
++/* FreeBSD exclude
+ %token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ROUTER RTLABEL
+ %token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH
++*/
++// Start FreeBSD include
++%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO
++%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL
++// End FreeBSD include
+ %token <v.string> STRING
+ %token <v.number> NUMBER
+ %type <v.string> hostname interface table
+@@ -179,7 +191,7 @@
+ | grammar tabledef '\n'
+ | grammar relay '\n'
+ | grammar proto '\n'
+- | grammar router '\n'
++// FreeBSD | grammar router '\n'
+ | grammar error '\n' { file->errors++; }
+ ;
+
+@@ -363,6 +375,7 @@
+ }
+ conf->sc_prefork_relay = $2;
+ }
++/* FreeBSD exclude
+ | DEMOTE STRING {
+ if (loadcfg)
+ break;
+@@ -386,6 +399,7 @@
+ break;
+ conf->sc_flags |= F_TRAP;
+ }
++*/
+ ;
+
+ loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; }
+@@ -658,6 +672,7 @@
+ bcopy(&$2, &table->conf.timeout,
+ sizeof(struct timeval));
+ }
++/* FreeBSD exclude
+ | DEMOTE STRING {
+ table->conf.flags |= F_DEMOTE;
+ if (strlcpy(table->conf.demote_group, $2,
+@@ -675,6 +690,7 @@
+ YYERROR;
+ }
+ }
++*/
+ | INTERVAL NUMBER {
+ if ($2 < conf->sc_interval.tv_sec ||
+ $2 % conf->sc_interval.tv_sec) {
+@@ -1261,6 +1277,8 @@
+ rlay->rl_conf.name);
+ YYERROR;
+ }
++ if ((rlay->rl_conf.flags & F_NATLOOK) == 0 &&
++/* FreeBSD exclude
+ if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) ==
+ (F_NATLOOK|F_DIVERT)) {
+ yyerror("relay %s with conflicting nat lookup "
+@@ -1268,6 +1286,7 @@
+ YYERROR;
+ }
+ if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) == 0 &&
++*/
+ rlay->rl_conf.dstss.ss_family == AF_UNSPEC &&
+ rlay->rl_conf.dsttable == EMPTY_ID) {
+ yyerror("relay %s has no target, rdr, "
+@@ -1430,11 +1449,13 @@
+ rlay->rl_conf.flags |= F_NATLOOK;
+ rlay->rl_conf.dstretry = $3;
+ }
++/* FreeBSD exclude
+ | DESTINATION retry {
+ conf->sc_flags |= F_NEEDPF;
+ rlay->rl_conf.flags |= F_DIVERT;
+ rlay->rl_conf.dstretry = $2;
+ }
++*/
+ | tablespec {
+ if (rlay->rl_backuptable) {
+ yyerror("only one backup table is allowed");
+@@ -1459,6 +1480,7 @@
+ | HASH { $$ = RELAY_DSTMODE_HASH; }
+ ;
+
++/* FreeBSD exclude
+ router : ROUTER STRING {
+ struct router *rt = NULL;
+
+@@ -1594,7 +1616,7 @@
+ | DISABLE { rlay->rl_conf.flags |= F_DISABLE; }
+ | include
+ ;
+-
++*/
+ dstaf : /* empty */ {
+ rlay->rl_conf.dstaf.ss_family = AF_UNSPEC;
+ }
+@@ -1670,6 +1692,7 @@
+ }
+ hst->conf.parentid = $2;
+ }
++/* FreeBSD exclude
+ | PRIORITY NUMBER {
+ if (hst->conf.priority) {
+ yyerror("priority already set");
+@@ -1681,6 +1704,7 @@
+ }
+ hst->conf.priority = $2;
+ }
++*/
+ | IP TTL NUMBER {
+ if (hst->conf.ttl) {
+ yyerror("ttl value already set");
+@@ -1794,8 +1818,10 @@
+ { "ciphers", CIPHERS },
+ { "code", CODE },
+ { "cookie", COOKIE },
++/* FreeBSD exclude
+ { "demote", DEMOTE },
+ { "destination", DESTINATION },
++*/
+ { "digest", DIGEST },
+ { "disable", DISABLE },
+ { "error", ERROR },
+@@ -1833,7 +1859,7 @@
+ { "path", PATH },
+ { "port", PORT },
+ { "prefork", PREFORK },
+- { "priority", PRIORITY },
++// FreeBSD { "priority", PRIORITY },
+ { "protocol", PROTO },
+ { "query", QUERYSTR },
+ { "real", REAL },
+@@ -1846,9 +1872,11 @@
+ { "return", RETURN },
+ { "roundrobin", ROUNDROBIN },
+ { "route", ROUTE },
++/* FreeBSD exclude
+ { "router", ROUTER },
+ { "rtable", RTABLE },
+ { "rtlabel", RTLABEL },
++*/
+ { "sack", SACK },
+ { "script", SCRIPT },
+ { "send", SEND },
+@@ -1864,7 +1892,7 @@
+ { "timeout", TIMEOUT },
+ { "to", TO },
+ { "transparent", TRANSPARENT },
+- { "trap", TRAP },
++// FreeBSD { "trap", TRAP },
+ { "ttl", TTL },
+ { "updates", UPDATES },
+ { "url", URL },
+@@ -2096,7 +2124,8 @@
+ (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
+ x != '{' && x != '}' && x != '<' && x != '>' && \
+ x != '!' && x != '=' && x != '#' && \
+- x != ',' && x != '/'))
++ x != ','))
++// FreeBSD exclude x != ',' && x != '/'))
+
+ if (isalnum(c) || c == ':' || c == '_') {
+ do {
+@@ -2240,13 +2269,14 @@
+ loadcfg = 1;
+ errors = 0;
+ last_host_id = last_table_id = last_rdr_id = last_proto_id =
+- last_relay_id = last_rt_id = last_nr_id = 0;
++// FreeBSD last_relay_id = last_rt_id = last_nr_id = 0;
++ last_relay_id = 0;
+
+ rdr = NULL;
+ table = NULL;
+ rlay = NULL;
+ proto = NULL;
+- router = NULL;
++// FreeBSD router = NULL;
+
+ if ((file = pushfile(filename, 0)) == NULL)
+ return (-1);
+@@ -2276,8 +2306,8 @@
+ }
+
+ if (TAILQ_EMPTY(conf->sc_rdrs) &&
+- TAILQ_EMPTY(conf->sc_relays) &&
+- TAILQ_EMPTY(conf->sc_rts)) {
++ TAILQ_EMPTY(conf->sc_relays) /* FreeBSD exclude &&
++ TAILQ_EMPTY(conf->sc_rts) */ ) {
+ log_warnx("no actions, nothing to do");
+ errors++;
+ }
+@@ -2493,7 +2523,8 @@
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_DGRAM; /* DUMMY */
+ error = getaddrinfo(s, NULL, &hints, &res0);
+- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
++// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
++ if (error == EAI_AGAIN || error == EAI_NONAME)
+ return (0);
+ if (error) {
+ log_warnx("%s: could not parse \"%s\": %s", __func__, s,
diff --git a/net/relayd/files/patch-relayd-pfe.c b/net/relayd/files/patch-relayd-pfe.c
index a31e1eedbc0..2ccaccf556b 100644
--- a/net/relayd/files/patch-relayd-pfe.c
+++ b/net/relayd/files/patch-relayd-pfe.c
@@ -1,47 +1,109 @@
---- relayd/pfe.c.orig 2010-05-31 09:07:56.755288041 +0200
-+++ relayd/pfe.c 2010-05-31 09:07:52.006100566 +0200
-@@ -62,6 +62,11 @@
- case SIGTERM:
- pfe_shutdown();
+--- relayd.orig/pfe.c 2011-05-22 01:06:39.464157989 +0200
++++ relayd/pfe.c 2011-05-22 01:09:30.589288807 +0200
+@@ -17,6 +17,9 @@
+ */
+
+ #include <sys/param.h>
++#ifdef __FreeBSD__
++#include <sys/queue.h>
++#endif
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+ #include <sys/un.h>
+@@ -185,12 +188,14 @@
+ case IMSG_CFG_VIRT:
+ config_getvirt(env, imsg);
+ break;
++#ifndef __FreeBSD__
+ case IMSG_CFG_ROUTER:
+ config_getrt(env, imsg);
+ break;
+ case IMSG_CFG_ROUTE:
+ config_getroute(env, imsg);
break;
-+ case SIGCHLD:
-+ case SIGHUP:
-+ case SIGPIPE:
-+ /* ignore */
-+ break;
- default:
- fatalx("pfe_sig_handler: unexpected signal");
++#endif
+ case IMSG_CFG_PROTO:
+ config_getproto(env, imsg);
+ break;
+@@ -292,8 +297,10 @@
+ struct rdr *rdr;
+ struct host *host;
+ struct relay *rlay;
++#ifndef __FreeBSD__
+ struct router *rt;
+ struct netroute *nr;
++#endif
+
+ if (env->sc_rdrs == NULL)
+ goto relays;
+@@ -324,7 +331,11 @@
}
-@@ -74,8 +79,6 @@
- {
- pid_t pid;
- struct passwd *pw;
-- struct event ev_sigint;
-- struct event ev_sigterm;
- int i;
- size_t size;
-
-@@ -121,12 +124,17 @@
-
- event_init();
-
-- signal_set(&ev_sigint, SIGINT, pfe_sig_handler, NULL);
-- signal_set(&ev_sigterm, SIGTERM, pfe_sig_handler, NULL);
-- signal_add(&ev_sigint, NULL);
-- signal_add(&ev_sigterm, NULL);
-- signal(SIGPIPE, SIG_IGN);
-- signal(SIGHUP, SIG_IGN);
-+ signal_set(&env->sc_evsigint, SIGINT, pfe_sig_handler, env);
-+ signal_set(&env->sc_evsigterm, SIGTERM, pfe_sig_handler, env);
-+ signal_set(&env->sc_evsigchld, SIGCHLD, pfe_sig_handler, env);
-+ signal_set(&env->sc_evsighup, SIGHUP, pfe_sig_handler, env);
-+ signal_set(&env->sc_evsigpipe, SIGPIPE, pfe_sig_handler, env);
-+
-+ signal_add(&env->sc_evsigint, NULL);
-+ signal_add(&env->sc_evsigterm, NULL);
-+ signal_add(&env->sc_evsigchld, NULL);
-+ signal_add(&env->sc_evsighup, NULL);
-+ signal_add(&env->sc_evsigpipe, NULL);
-
- /* setup pipes */
- close(pipe_pfe2hce[0]);
+ relays:
+ if (env->sc_relays == NULL)
++#ifndef __FreeBSD__
+ goto routers;
++#else
++ goto end;
++#endif
+ TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
+ rlay->rl_stats[env->sc_prefork_relay].id = EMPTY_ID;
+ imsg_compose_event(&c->iev, IMSG_CTL_RELAY, 0, 0, -1,
+@@ -351,6 +362,7 @@
+ 0, 0, -1, host, sizeof(*host));
+ }
+
++#ifndef __FreeBSD__
+ routers:
+ if (env->sc_rts == NULL)
+ goto end;
+@@ -370,6 +382,7 @@
+ imsg_compose_event(&c->iev, IMSG_CTL_HOST,
+ 0, 0, -1, host, sizeof(*host));
+ }
++#endif
+
+ end:
+ imsg_compose_event(&c->iev, IMSG_CTL_END, 0, 0, -1, NULL, 0);
+@@ -622,8 +635,10 @@
+ struct table *table;
+ struct ctl_id id;
+ struct imsg imsg;
++#ifndef __FreeBSD__
+ struct ctl_demote demote;
+ struct router *rt;
++#endif
+
+ bzero(&id, sizeof(id));
+ bzero(&imsg, sizeof(imsg));
+@@ -678,6 +693,7 @@
+ }
+ }
+
++#ifndef __FreeBSD__
+ TAILQ_FOREACH(rt, env->sc_rts, rt_entry) {
+ rt->rt_conf.flags &= ~(F_BACKUP);
+ rt->rt_conf.flags &= ~(F_DOWN);
+@@ -685,6 +701,7 @@
+ if ((rt->rt_gwtable->conf.flags & F_CHANGED))
+ sync_routes(env, rt);
+ }
++#endif
+
+ TAILQ_FOREACH(table, env->sc_tables, entry) {
+ if (table->conf.check == CHECK_NOCHECK)
+@@ -695,6 +712,7 @@
+ */
+ table->conf.flags &= ~(F_CHANGED);
+
++#ifndef __FreeBSD__
+ /*
+ * handle demotion.
+ */
+@@ -717,6 +735,7 @@
+ sizeof(demote.group));
+ proc_compose_imsg(env->sc_ps, PROC_PARENT, -1, IMSG_DEMOTE, -1,
+ &demote, sizeof(demote));
++#endif
+ }
+ }
+
diff --git a/net/relayd/files/patch-relayd-pfe_filter.c b/net/relayd/files/patch-relayd-pfe_filter.c
new file mode 100644
index 00000000000..26c2483ae2d
--- /dev/null
+++ b/net/relayd/files/patch-relayd-pfe_filter.c
@@ -0,0 +1,284 @@
+--- relayd/pfe_filter.c.orig 2011-05-19 10:56:49.000000000 +0200
++++ relayd/pfe_filter.c 2011-05-22 10:32:36.639918375 +0200
+@@ -24,7 +24,10 @@
+ #include <net/if.h>
+ #include <net/pfvar.h>
+ #include <netinet/in.h>
++#ifndef __FreeBSD__
++/* New pf */
+ #include <netinet/tcp.h>
++#endif
+ #include <arpa/inet.h>
+
+ #include <limits.h>
+@@ -43,8 +46,14 @@
+ struct pfdata {
+ int dev;
+ struct pf_anchor *anchor;
++#ifndef __FreeBSD__
+ struct pfioc_trans pft;
+ struct pfioc_trans_e pfte;
++#else
++ /* Old pf */
++ struct pfioc_trans pft[PF_RULESET_MAX];
++ struct pfioc_trans_e pfte[PF_RULESET_MAX];
++#endif
+ u_int8_t pfused;
+ };
+
+@@ -103,6 +112,10 @@
+ sizeof(tables[i].pfrt_name))
+ goto toolong;
+ tables[i].pfrt_flags |= PFR_TFLAG_PERSIST;
++#ifdef __FreeBSD__
++ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"",
++ tables[i].pfrt_anchor, tables[i].pfrt_name);
++#endif
+ i++;
+ }
+ if (i != env->sc_rdrcount)
+@@ -286,12 +299,18 @@
+ }
+
+ psnk.psnk_af = host->conf.ss.ss_family;
++#ifndef __FreeBSD__
+ psnk.psnk_killed = 0;
++#endif
+
+ if (ioctl(env->sc_pf->dev,
+ DIOCKILLSRCNODES, &psnk) == -1)
+ fatal("kill_srcnodes: cannot kill src nodes");
++#ifndef __FreeBSD__
+ cnt += psnk.psnk_killed;
++#else
++ cnt += psnk.psnk_af;
++#endif
+ }
+
+ return (cnt);
+@@ -335,6 +354,7 @@
+ int
+ transaction_init(struct relayd *env, const char *anchor)
+ {
++#ifndef __FreeBSD__
+ env->sc_pf->pft.size = 1;
+ env->sc_pf->pft.esize = sizeof(env->sc_pf->pfte);
+ env->sc_pf->pft.array = &env->sc_pf->pfte;
+@@ -347,17 +367,45 @@
+ if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
+ &env->sc_pf->pft) == -1)
+ return (-1);
++#else
++ /* Old pf */
++ int i;
++
++ for (i = 0; i < PF_RULESET_MAX; i++) {
++ env->sc_pf->pft[i].size = 1;
++ env->sc_pf->pft[i].esize = sizeof(env->sc_pf->pfte[i]);
++ env->sc_pf->pft[i].array = &env->sc_pf->pfte[i];
++
++ bzero(&env->sc_pf->pfte[i], sizeof(env->sc_pf->pfte[i]));
++ (void)strlcpy(env->sc_pf->pfte[i].anchor,
++ anchor, PF_ANCHOR_NAME_SIZE);
++ env->sc_pf->pfte[i].rs_num = i;
+
++ if (ioctl(env->sc_pf->dev, DIOCXBEGIN,
++ &env->sc_pf->pft[i]) == -1)
++ return (-1);
++ }
++#endif
+ return (0);
+ }
+
+ int
+ transaction_commit(struct relayd *env)
+ {
++#ifndef __FreeBSD__
+ if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
+ &env->sc_pf->pft) == -1)
+ return (-1);
+-
++#else
++ /* Old pf */
++ int i;
++
++ for (i = 0; i < PF_RULESET_MAX; i++) {
++ if (ioctl(env->sc_pf->dev, DIOCXCOMMIT,
++ &env->sc_pf->pft[i]) == -1)
++ return (-1);
++ }
++#endif
+ return (0);
+ }
+
+@@ -365,10 +413,18 @@
+ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
+ {
+ struct pfioc_rule rio;
++#ifdef __FreeBSD__
++ /* Old pf */
++ struct pfioc_pooladdr pio;
++#endif
+ struct sockaddr_in *sain;
+ struct sockaddr_in6 *sain6;
+ struct address *address;
+ char anchor[PF_ANCHOR_NAME_SIZE];
++#ifdef __FreeBSD__
++ /* Old pf */
++ int rs = 0;
++#endif
+ struct table *t = rdr->table;
+
+ if ((env->sc_flags & F_NEEDPF) == 0)
+@@ -397,8 +453,14 @@
+
+ TAILQ_FOREACH(address, &rdr->virts, entry) {
+ memset(&rio, 0, sizeof(rio));
++#ifdef __FreeBSD__
++ /* Old pf */
++ memset(&pio, 0, sizeof(pio));
++#endif
+ (void)strlcpy(rio.anchor, anchor, sizeof(rio.anchor));
+
++#ifndef __FreeBSD__
++ /* New pf */
+ if (rdr->conf.flags & F_MATCH) {
+ rio.rule.action = PF_MATCH;
+ rio.rule.quick = 0;
+@@ -409,28 +471,61 @@
+ rio.rule.direction = PF_IN;
+ rio.rule.keep_state = PF_STATE_NORMAL;
+
++#endif
+ switch (t->conf.fwdmode) {
+ case FWD_NORMAL:
++#ifndef __FreeBSD__
+ /* traditional redirection */
+ if (address->ipproto == IPPROTO_TCP) {
+ rio.rule.flags = TH_SYN;
+ rio.rule.flagset = (TH_SYN|TH_ACK);
+ }
++#else
++ /* Old pf */
++ /* traditional redirection in the rdr-anchor */
++ rs = PF_RULESET_RDR;
++ rio.rule.action = PF_RDR;
++#endif
+ break;
+ case FWD_ROUTE:
+ /* re-route with pf for DSR (direct server return) */
++#ifdef __FreeBSD__
++ /* Old pf */
++ rs = PF_RULESET_FILTER;
++ rio.rule.action = PF_PASS;
++#endif
+ rio.rule.rt = PF_ROUTETO;
++#ifdef __FreeBSD__
++ /* Old pf */
++ rio.rule.direction = PF_IN;
++ rio.rule.quick = 1; /* force first match */
++#endif
+
+ /* Use sloppy state handling for half connections */
++#ifdef __FreeBSD__
++ /* Old pf */
++ rio.rule.keep_state = PF_STATE_NORMAL;
++#endif
++#ifdef PFRULE_STATESLOPPY
+ rio.rule.rule_flag = PFRULE_STATESLOPPY;
++#endif
+ break;
+ default:
+ fatalx("sync_ruleset: invalid forward mode");
+ /* NOTREACHED */
+ }
+
++#ifndef __FreeBSD__
+ rio.ticket = env->sc_pf->pfte.ticket;
+
++#else
++ /* Old pf */
++ rio.ticket = env->sc_pf->pfte[rs].ticket;
++ if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1)
++ fatal("sync_ruleset: cannot initialise address pool");
++
++ rio.pool_ticket = pio.ticket;
++#endif
+ rio.rule.af = address->ss.ss_family;
+ rio.rule.proto = address->ipproto;
+ rio.rule.src.addr.type = PF_ADDR_ADDRMASK;
+@@ -438,7 +533,9 @@
+ rio.rule.dst.port_op = address->port.op;
+ rio.rule.dst.port[0] = address->port.val[0];
+ rio.rule.dst.port[1] = address->port.val[1];
++#ifndef __FreeBSD__
+ rio.rule.rtableid = -1; /* stay in the main routing table */
++#endif
+
+ if (rio.rule.proto == IPPROTO_TCP)
+ rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
+@@ -466,18 +563,36 @@
+ memset(&rio.rule.dst.addr.v.a.mask.addr8, 0xff, 16);
+ }
+
++#ifndef __FreeBSD__
+ rio.rule.nat.addr.type = PF_ADDR_NONE;
+ rio.rule.rdr.addr.type = PF_ADDR_TABLE;
++#else
++ /* Old pf */
++ pio.addr.addr.type = PF_ADDR_TABLE;
++#endif
+ if (strlen(t->conf.ifname))
++#ifndef __FreeBSD__
+ (void)strlcpy(rio.rule.rdr.ifname, t->conf.ifname,
+ sizeof(rio.rule.rdr.ifname));
+ if (strlcpy(rio.rule.rdr.addr.v.tblname, rdr->conf.name,
+ sizeof(rio.rule.rdr.addr.v.tblname)) >=
+ sizeof(rio.rule.rdr.addr.v.tblname))
+ fatal("sync_ruleset: table name too long");
++#else
++ /* Old pf */
++ (void)strlcpy(pio.addr.ifname, t->conf.ifname,
++ sizeof(pio.addr.ifname));
++ if (strlcpy(pio.addr.addr.v.tblname, rdr->conf.name,
++ sizeof(pio.addr.addr.v.tblname)) >=
++ sizeof(pio.addr.addr.v.tblname))
++ fatal("sync_ruleset: table name too long");
++ if (ioctl(env->sc_pf->dev, DIOCADDADDR, &pio) == -1)
++ fatal("sync_ruleset: cannot add address to pool");
++#endif
+
+ if (address->port.op == PF_OP_EQ ||
+ rdr->table->conf.flags & F_PORT) {
++#ifndef __FreeBSD__
+ rio.rule.rdr.proxy_port[0] =
+ ntohs(rdr->table->conf.port);
+ rio.rule.rdr.port_op = PF_OP_EQ;
+@@ -491,10 +606,27 @@
+ sizeof(rio.rule.route));
+ rio.rule.rdr.addr.type = PF_ADDR_NONE;
+ }
++#else
++ /* Old pf */
++ rio.rule.rpool.proxy_port[0] =
++ ntohs(rdr->table->conf.port);
++ rio.rule.rpool.port_op = PF_OP_EQ;
++ }
++ rio.rule.rpool.opts = PF_POOL_ROUNDROBIN;
++ if (rdr->conf.flags & F_STICKY)
++ rio.rule.rpool.opts |= PF_POOL_STICKYADDR;
++#endif
+
+ if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1)
+ fatal("cannot add rule");
++#ifndef __FreeBSD__
+ log_debug("%s: rule added to anchor \"%s\"", __func__, anchor);
++#else
++ /* Old pf */
++ log_debug("%s: rule added to %sanchor \"%s\"", __func__,
++ rdr->table->conf.fwdmode == FWD_ROUTE ?
++ "" : "rdr-", anchor);
++#endif
+ }
+ if (transaction_commit(env) == -1)
+ log_warn("%s: add rules transaction failed", __func__);
diff --git a/net/relayd/files/patch-relayd-relay.c b/net/relayd/files/patch-relayd-relay.c
index ac59ef48232..a395c33a659 100644
--- a/net/relayd/files/patch-relayd-relay.c
+++ b/net/relayd/files/patch-relayd-relay.c
@@ -1,214 +1,249 @@
---- relayd/relay.c.orig 2011-01-15 01:22:35.236684399 +0100
-+++ relayd/relay.c 2011-01-15 01:24:07.864955572 +0100
-@@ -28,7 +28,6 @@
- #include <sys/un.h>
- #include <sys/tree.h>
- #include <sys/hash.h>
--#include <sys/resource.h>
-
- #include <net/if.h>
- #include <netinet/in_systm.h>
-@@ -64,7 +63,7 @@
- void relay_init(void);
- void relay_launch(void);
- int relay_socket(struct sockaddr_storage *, in_port_t,
-- struct protocol *, int);
-+ struct protocol *, int, int);
- int relay_socket_listen(struct sockaddr_storage *, in_port_t,
- struct protocol *);
- int relay_socket_connect(struct sockaddr_storage *, in_port_t,
-@@ -105,6 +104,7 @@
- char *, size_t);
- void relay_close_http(struct rsession *, u_int, const char *,
- u_int16_t);
-+void relay_http_request_close(struct ctl_relay_event *);
-
- SSL_CTX *relay_ssl_ctx_create(struct relay *);
- void relay_ssl_transaction(struct rsession *,
-@@ -148,6 +148,14 @@
- case SIGTERM:
- case SIGINT:
- (void)event_loopexit(NULL);
-+ break;
-+ case SIGCHLD:
-+ case SIGHUP:
-+ case SIGPIPE:
-+ /* ignore */
-+ break;
-+ default:
-+ fatalx("relay_sig_handler: unexpected signal");
- }
+--- relayd/relay.c.orig 2011-05-20 11:43:53.000000000 +0200
++++ relayd/relay.c 2011-05-22 10:41:40.085208004 +0200
+@@ -16,7 +16,11 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#else
+ #include <sys/types.h>
++#endif
+ #include <sys/queue.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
+@@ -77,7 +81,9 @@
+
+ void relay_write(struct bufferevent *, void *);
+ void relay_read(struct bufferevent *, void *);
++#ifndef __FreeBSD__
+ int relay_splicelen(struct ctl_relay_event *);
++#endif
+ void relay_error(struct bufferevent *, short, void *);
+ void relay_dump(struct ctl_relay_event *, const void *, size_t);
+
+@@ -494,6 +500,7 @@
+ return (0);
}
-@@ -158,8 +166,6 @@
++#ifndef __FreeBSD__
+ in_port_t
+ relay_socket_getport(struct sockaddr_storage *ss)
{
- pid_t pid;
- struct passwd *pw;
-- struct event ev_sigint;
-- struct event ev_sigterm;
- int i;
-
- switch (pid = fork()) {
-@@ -213,12 +219,17 @@
- /* Per-child initialization */
- relay_init();
-
-- signal_set(&ev_sigint, SIGINT, relay_sig_handler, NULL);
-- signal_set(&ev_sigterm, SIGTERM, relay_sig_handler, NULL);
-- signal_add(&ev_sigint, NULL);
-- signal_add(&ev_sigterm, NULL);
-- signal(SIGHUP, SIG_IGN);
-- signal(SIGPIPE, SIG_IGN);
-+ signal_set(&env->sc_evsigint, SIGINT, relay_sig_handler, env);
-+ signal_set(&env->sc_evsigterm, SIGTERM, relay_sig_handler, env);
-+ signal_set(&env->sc_evsigchld, SIGCHLD, relay_sig_handler, env);
-+ signal_set(&env->sc_evsighup, SIGHUP, relay_sig_handler, env);
-+ signal_set(&env->sc_evsigpipe, SIGPIPE, relay_sig_handler, env);
-+
-+ signal_add(&env->sc_evsigint, NULL);
-+ signal_add(&env->sc_evsigterm, NULL);
-+ signal_add(&env->sc_evsigchld, NULL);
-+ signal_add(&env->sc_evsighup, NULL);
-+ signal_add(&env->sc_evsigpipe, NULL);
-
- /* setup pipes */
- close(pipe_pfe2hce[0]);
-@@ -452,19 +463,9 @@
- struct relay *rlay;
- struct host *host;
- struct timeval tv;
-- struct rlimit rl;
-
-- if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
-- fatal("relay_init: failed to get resource limit");
-- log_debug("relay_init: max open files %d", rl.rlim_max);
--
-- /*
-- * Allow the maximum number of open file descriptors for this
-- * login class (which should be the class "daemon" by default).
-- */
-- rl.rlim_cur = rl.rlim_max;
-- if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
-- fatal("relay_init: failed to set resource limit");
-+ /* Unlimited file descriptors (use system limits) */
-+ socket_rlimit(-1);
-
- TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
- if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) &&
-@@ -625,7 +626,7 @@
+@@ -509,6 +516,7 @@
+ /* NOTREACHED */
+ return (0);
+ }
++#endif
int
relay_socket(struct sockaddr_storage *ss, in_port_t port,
-- struct protocol *proto, int fd)
-+ struct protocol *proto, int fd, int reuseport)
- {
- int s = -1, val;
- struct linger lng;
-@@ -643,9 +644,12 @@
- bzero(&lng, sizeof(lng));
- if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
- goto bad;
-- val = 1;
-- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1)
-- goto bad;
-+ if (reuseport) {
-+ val = 1;
-+ if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val,
-+ sizeof(int)) == -1)
-+ goto bad;
-+ }
- if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
- goto bad;
- if (proto->tcpflags & TCPFLAG_BUFSIZ) {
-@@ -713,7 +717,7 @@
- {
- int s;
+@@ -577,6 +585,7 @@
+ &val, sizeof(val)) == -1)
+ goto bad;
+ }
++#ifndef __FreeBSD__
+ if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
+ if (proto->tcpflags & TCPFLAG_NSACK)
+ val = 0;
+@@ -586,6 +595,7 @@
+ &val, sizeof(val)) == -1)
+ goto bad;
+ }
++#endif
-- if ((s = relay_socket(ss, port, proto, fd)) == -1)
-+ if ((s = relay_socket(ss, port, proto, fd, 0)) == -1)
- return (-1);
+ return (s);
- if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) {
-@@ -734,7 +738,7 @@
- {
- int s;
+@@ -675,6 +685,7 @@
+ }
+ break;
+ case RELAY_PROTO_TCP:
++#ifndef __FreeBSD__
+ if ((proto->tcpflags & TCPFLAG_NSPLICE) ||
+ (rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)))
+ break;
+@@ -692,6 +703,7 @@
+ return;
+ }
+ con->se_out.splicelen = 0;
++#endif
+ break;
+ default:
+ fatalx("relay_input: unknown protocol");
+@@ -935,12 +947,20 @@
+ }
+ if (strstr(val, "$TIMEOUT") != NULL) {
+ snprintf(ibuf, sizeof(ibuf), "%lu",
++#ifdef __FreeBSD__
++ (unsigned long)rlay->rl_conf.timeout.tv_sec);
++#else
+ rlay->rl_conf.timeout.tv_sec);
++#endif
+ if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0)
+ return (NULL);
+ }
-- if ((s = relay_socket(ss, port, proto, -1)) == -1)
-+ if ((s = relay_socket(ss, port, proto, -1, 1)) == -1)
- return (-1);
++#ifndef __FreeBSD__
+ return (buf);
++#else
++ return (char *)(buf);
++#endif
+ }
+
+ int
+@@ -1552,7 +1572,11 @@
+ switch (type) {
+ case DIGEST_SHA1:
+ case DIGEST_MD5:
++#ifdef __FreeBSD__
++ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) {
++#else
+ if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) {
++#endif
+ relay_close_http(con, 500,
+ "failed to allocate digest", 0);
+ goto fail;
+@@ -1841,6 +1865,7 @@
+ }
+ }
- if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1)
-@@ -1312,6 +1316,29 @@
++#ifndef __FreeBSD__
+ int
+ relay_splicelen(struct ctl_relay_event *cre)
+ {
+@@ -1859,6 +1884,7 @@
+ }
+ return (0);
}
++#endif
void
-+relay_http_request_close(struct ctl_relay_event *cre)
-+{
-+ if (cre->path != NULL) {
-+ free(cre->path);
-+ cre->path = NULL;
-+ }
-+
-+ cre->args = NULL;
-+ cre->version = NULL;
-+
-+ if (cre->buf != NULL) {
-+ free(cre->buf);
-+ cre->buf = NULL;
-+ cre->buflen = 0;
+ relay_error(struct bufferevent *bev, short error, void *arg)
+@@ -1866,9 +1892,12 @@
+ struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
+ struct rsession *con = cre->con;
+ struct evbuffer *dst;
++#ifndef __FreeBSD__
+ struct timeval tv, tv_now;
++#endif
+
+ if (error & EVBUFFER_TIMEOUT) {
++#ifndef __FreeBSD__
+ if (gettimeofday(&tv_now, NULL) == -1) {
+ relay_close(con, strerror(errno));
+ return;
+@@ -1882,6 +1911,9 @@
+ relay_close(con, "buffer event timeout");
+ else
+ bufferevent_enable(cre->bev, EV_READ);
++#else
++ relay_close(con, "buffer event timeout");
++#endif
+ return;
+ }
+ if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) {
+@@ -1934,8 +1966,10 @@
+ con->se_out.dst = &con->se_in;
+ con->se_in.con = con;
+ con->se_out.con = con;
++#ifndef __FreeBSD__
+ con->se_in.splicelen = -1;
+ con->se_out.splicelen = -1;
++#endif
+ con->se_relay = rlay;
+ con->se_id = ++relay_conid;
+ con->se_relayid = rlay->rl_conf.id;
+@@ -1981,6 +2015,7 @@
+ return;
+ }
+
++#ifndef __FreeBSD__
+ if (rlay->rl_conf.flags & F_DIVERT) {
+ slen = sizeof(con->se_out.ss);
+ if (getsockname(s, (struct sockaddr *)&con->se_out.ss,
+@@ -1996,12 +2031,19 @@
+ con->se_out.port == rlay->rl_conf.port)
+ con->se_out.ss.ss_family = AF_UNSPEC;
+ } else if (rlay->rl_conf.flags & F_NATLOOK) {
++#else
++ if (rlay->rl_conf.flags & F_NATLOOK) {
++#endif
+ if ((cnl = (struct ctl_natlook *)
+ calloc(1, sizeof(struct ctl_natlook))) == NULL) {
+ relay_close(con, "failed to allocate nat lookup");
+ return;
+ }
++#ifdef __FreeBSD__
+ }
-+
-+ cre->line = 0;
-+ cre->method = 0;
-+ cre->done = 0;
-+ cre->chunked = 0;
-+}
-+
-+void
- relay_read_http(struct bufferevent *bev, void *arg)
+
++ if (rlay->rl_conf.flags & F_NATLOOK && cnl != NULL) {
++#endif
+ con->se_cnl = cnl;
+ bzero(cnl, sizeof(*cnl));
+ cnl->in = -1;
+@@ -2605,8 +2647,12 @@
+ goto err;
+
+ /* Set session context to the local relay name */
+- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name,
+- strlen(rlay->rl_conf.name)))
++ if (!SSL_CTX_set_session_id_context(ctx,
++#ifdef __FreeBSD__
++ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
++#else
++ rlay->rl_conf.name, strlen(rlay->rl_conf.name)))
++#endif
+ goto err;
+
+ return (ctx);
+@@ -2623,7 +2669,7 @@
{
- struct ctl_relay_event *cre = (struct ctl_relay_event *)arg;
-@@ -1580,10 +1607,7 @@
- if (relay_bufferevent_print(cre->dst, "\r\n") == -1)
- goto fail;
+ struct relay *rlay = (struct relay *)con->se_relay;
+ SSL *ssl;
+- const SSL_METHOD *method;
++ SSL_METHOD *method;
+ void (*cb)(int, short, void *);
+ u_int flags = EV_TIMEOUT;
+
+@@ -3069,7 +3115,11 @@
+ if (fstat(fd, &st) != 0)
+ goto fail;
+ size = st.st_size;
++#ifndef __FreeBSD__
+ if ((buf = (char *)calloc(1, size + 1)) == NULL)
++#else
++ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL)
++#endif
+ goto fail;
+ if (read(fd, buf, size) != size)
+ goto fail;
+@@ -3077,7 +3127,11 @@
+ close(fd);
+
+ *len = size;
++#ifndef __FreeBSD__
+ return (buf);
++#else
++ return (char *)(buf);
++#endif
+
+ fail:
+ if (buf != NULL)
+@@ -3107,7 +3161,7 @@
+ return (-1);
-- cre->line = 0;
-- cre->method = 0;
-- cre->done = 0;
-- cre->chunked = 0;
-+ relay_http_request_close(cre);
-
- done:
- if (cre->dir == RELAY_DIR_REQUEST && !cre->toread &&
-@@ -2380,6 +2404,12 @@
- bufferevent_free(con->se_out.bev);
- else if (con->se_out.output != NULL)
- evbuffer_free(con->se_out.output);
-+ if (con->se_out.ssl != NULL) {
-+ /* XXX handle non-blocking shutdown */
-+ if (SSL_shutdown(con->se_out.ssl) == 0)
-+ SSL_shutdown(con->se_out.ssl);
-+ SSL_free(con->se_out.ssl);
-+ }
- if (con->se_out.s != -1)
- close(con->se_out.s);
- if (con->se_out.path != NULL)
-@@ -2419,6 +2449,7 @@
- struct table *table;
- struct ctl_status st;
- objid_t id;
-+ int verbose;
-
- iev = ptr;
- ibuf = &iev->ibuf;
-@@ -2522,6 +2553,10 @@
- imsg_compose_event(iev, IMSG_CTL_END,
- 0, 0, -1, NULL, 0);
- break;
-+ case IMSG_CTL_LOG_VERBOSE:
-+ memcpy(&verbose, imsg.data, sizeof(verbose));
-+ log_verbose(verbose);
-+ break;
- default:
- log_debug("relay_dispatch_msg: unexpected imsg %d",
- imsg.hdr.type);
+ if (snprintf(certfile, sizeof(certfile),
+- "/etc/ssl/%s.crt", hbuf) == -1)
++ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1)
+ return (-1);
+ if ((rlay->rl_ssl_cert = relay_load_file(certfile,
+ &rlay->rl_conf.ssl_cert_len)) == NULL)
+@@ -3115,7 +3169,7 @@
+ log_debug("%s: using certificate %s", __func__, certfile);
+
+ if (snprintf(certfile, sizeof(certfile),
+- "/etc/ssl/private/%s.key", hbuf) == -1)
++ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1)
+ return -1;
+ if ((rlay->rl_ssl_key = relay_load_file(certfile,
+ &rlay->rl_conf.ssl_key_len)) == NULL)
diff --git a/net/relayd/files/patch-relayd-relay_udp.c b/net/relayd/files/patch-relayd-relay_udp.c
new file mode 100644
index 00000000000..6ac13dc49f4
--- /dev/null
+++ b/net/relayd/files/patch-relayd-relay_udp.c
@@ -0,0 +1,14 @@
+--- relayd.orig/relay_udp.c 2011-05-22 01:06:39.460142978 +0200
++++ relayd/relay_udp.c 2011-05-22 01:06:54.703144104 +0200
+@@ -16,7 +16,11 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#else
+ #include <sys/types.h>
++#endif
+ #include <sys/queue.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
diff --git a/net/relayd/files/patch-relayd-relayd.8 b/net/relayd/files/patch-relayd-relayd.8
new file mode 100644
index 00000000000..9034641d829
--- /dev/null
+++ b/net/relayd/files/patch-relayd-relayd.8
@@ -0,0 +1,20 @@
+--- relayd.orig/relayd.8 2011-05-22 01:06:39.464157989 +0200
++++ relayd/relayd.8 2011-05-22 01:06:54.705151889 +0200
+@@ -114,7 +114,7 @@
+ .It Fl f Ar file
+ Specify an alternative configuration file.
+ The default is
+-.Pa /etc/relayd.conf .
++.Pa %%PREFIX%%/etc/relayd.conf .
+ .It Fl n
+ Configtest mode.
+ Only check the configuration file for validity.
+@@ -123,7 +123,7 @@
+ .El
+ .Sh FILES
+ .Bl -tag -width "/var/run/relayd.sockXX" -compact
+-.It /etc/relayd.conf
++.It %%PREFIX%%/etc/relayd.conf
+ Default configuration file.
+ .It /var/run/relayd.sock
+ .Ux Ns -domain
diff --git a/net/relayd/files/patch-relayd-relayd.c b/net/relayd/files/patch-relayd-relayd.c
index 661c23251cc..5a3e55dce18 100644
--- a/net/relayd/files/patch-relayd-relayd.c
+++ b/net/relayd/files/patch-relayd-relayd.c
@@ -1,127 +1,181 @@
---- relayd/relayd.c.orig 2011-01-15 00:27:09.020486320 +0100
-+++ relayd/relayd.c 2011-01-15 00:32:43.024188430 +0100
-@@ -26,6 +26,7 @@
+--- relayd/relayd.c.orig 2011-05-19 10:56:49.000000000 +0200
++++ relayd/relayd.c 2011-05-22 10:34:12.913164741 +0200
+@@ -17,7 +17,12 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifdef __FreeBSD__
++#include <sys/param.h>
++#include <openssl/rand.h>
++#else
+ #include <sys/types.h>
++#endif
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/wait.h>
-+#include <sys/resource.h>
+@@ -39,7 +44,11 @@
+ #include <unistd.h>
+ #include <ctype.h>
+ #include <pwd.h>
++#ifdef __FreeBSD__
++#include <sha.h>
++#else
+ #include <sha1.h>
++#endif
+ #include <md5.h>
- #include <net/if.h>
- #include <netinet/in.h>
-@@ -113,6 +114,9 @@
- case SIGHUP:
- reconfigure();
- break;
-+ case SIGPIPE:
-+ /* ignore */
-+ break;
- default:
- fatalx("unexpected signal");
- }
-@@ -142,10 +146,6 @@
- #endif
+ #include <openssl/ssl.h>
+@@ -150,6 +159,11 @@
struct relayd *env;
- const char *conffile;
-- struct event ev_sigint;
-- struct event ev_sigterm;
-- struct event ev_sigchld;
-- struct event ev_sighup;
- struct imsgev *iev;
+ struct privsep *ps;
+ const char *conffile = CONF_FILE;
++#ifdef __FreeBSD__
++#if __FreeBSD_version > 800040
++ u_int32_t rnd[256];
++#endif
++#endif
- opts = 0;
-@@ -261,15 +261,17 @@
+ while ((c = getopt(argc, argv, "dD:nf:v")) != -1) {
+ switch (c) {
+@@ -220,6 +234,16 @@
+ else
+ log_info("startup");
- event_init();
-
-- signal_set(&ev_sigint, SIGINT, main_sig_handler, env);
-- signal_set(&ev_sigterm, SIGTERM, main_sig_handler, env);
-- signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, env);
-- signal_set(&ev_sighup, SIGHUP, main_sig_handler, env);
-- signal_add(&ev_sigint, NULL);
-- signal_add(&ev_sigterm, NULL);
-- signal_add(&ev_sigchld, NULL);
-- signal_add(&ev_sighup, NULL);
-- signal(SIGPIPE, SIG_IGN);
-+ signal_set(&env->sc_evsigint, SIGINT, main_sig_handler, env);
-+ signal_set(&env->sc_evsigterm, SIGTERM, main_sig_handler, env);
-+ signal_set(&env->sc_evsigchld, SIGCHLD, main_sig_handler, env);
-+ signal_set(&env->sc_evsighup, SIGHUP, main_sig_handler, env);
-+ signal_set(&env->sc_evsigpipe, SIGPIPE, main_sig_handler, env);
++#ifdef __FreeBSD__
++#if __FreeBSD_version > 800040
++ arc4random_stir();
++ arc4random_buf(rnd, sizeof(rnd));
++ RAND_seed(rnd, sizeof(rnd));
++#else
++ RAND_load_file("/dev/random",2048);
++#endif
++#endif
+
-+ signal_add(&env->sc_evsigint, NULL);
-+ signal_add(&env->sc_evsigterm, NULL);
-+ signal_add(&env->sc_evsigchld, NULL);
-+ signal_add(&env->sc_evsighup, NULL);
-+ signal_add(&env->sc_evsigpipe, NULL);
+ ps->ps_instances[PROC_RELAY] = env->sc_prefork_relay;
+ proc_init(ps, procs, nitems(procs));
+
+@@ -258,7 +282,9 @@
+ if (parent_configure(env) == -1)
+ fatalx("configuration failed");
+
++#ifndef __FreeBSD__
+ init_routes(env);
++#endif
- close(pipe_parent2pfe[1]);
- close(pipe_parent2hce[1]);
-@@ -322,6 +324,8 @@
- #endif
event_dispatch();
-+ main_shutdown(env);
-+ /* NOTREACHED */
- return (0);
- }
+@@ -273,7 +299,9 @@
+ {
+ struct table *tb;
+ struct rdr *rdr;
++#ifndef __FreeBSD__
+ struct router *rt;
++#endif
+ struct protocol *proto;
+ struct relay *rlay;
+ int id;
+@@ -284,8 +312,10 @@
+ config_settable(env, tb);
+ TAILQ_FOREACH(rdr, env->sc_rdrs, entry)
+ config_setrdr(env, rdr);
++#ifndef __FreeBSD__
+ TAILQ_FOREACH(rt, env->sc_rts, rt_entry)
+ config_setrt(env, rt);
++#endif
+ TAILQ_FOREACH(proto, env->sc_protos, entry)
+ config_setproto(env, proto);
+ TAILQ_FOREACH(rlay, env->sc_relays, rl_entry)
+@@ -359,9 +389,11 @@
-@@ -642,6 +646,7 @@
- #ifndef __FreeBSD__
- struct ctl_demote demote;
- #endif
-+ int verbose;
+ proc_kill(env->sc_ps);
+ control_cleanup(&env->sc_ps->ps_csock);
++#ifndef __FreeBSD__
+ carp_demote_shutdown();
+ if (env->sc_flags & F_DEMOTE)
+ carp_demote_reset(env->sc_demote_group, 128);
++#endif
- iev = ptr;
- ibuf = &iev->ibuf;
-@@ -685,6 +690,10 @@
- */
- reconfigure();
- break;
-+ case IMSG_CTL_LOG_VERBOSE:
-+ memcpy(&verbose, imsg.data, sizeof(verbose));
-+ log_verbose(verbose);
-+ break;
- default:
- log_debug("main_dispatch_pfe: unexpected imsg %d",
- imsg.hdr.type);
-@@ -988,6 +997,7 @@
- if (timercmp(&tv_next, &tv, >))
- bcopy(&tv_next, &tv, sizeof(tv));
+ free(env->sc_ps);
+ free(env);
+@@ -375,12 +407,15 @@
+ parent_dispatch_pfe(int fd, struct privsep_proc *p, struct imsg *imsg)
+ {
+ struct relayd *env = p->p_env;
++#ifndef __FreeBSD__
+ struct ctl_demote demote;
+ struct ctl_netroute crt;
++#endif
+ u_int v;
+ char *str = NULL;
-+ event_del(ev);
- event_set(ev, fd, event, fn, arg);
- event_add(ev, &tv);
+ switch (imsg->hdr.type) {
++#ifndef __FreeBSD__
+ case IMSG_DEMOTE:
+ IMSG_SIZE_CHECK(imsg, &demote);
+ memcpy(&demote, imsg->data, sizeof(demote));
+@@ -391,6 +426,7 @@
+ memcpy(&crt, imsg->data, sizeof(crt));
+ pfe_route(env, &crt);
+ break;
++#endif
+ case IMSG_CTL_RESET:
+ IMSG_SIZE_CHECK(imsg, &v);
+ memcpy(&v, imsg->data, sizeof(v));
+@@ -432,9 +468,11 @@
+ proc_compose_imsg(ps, PROC_HCE, -1, IMSG_SCRIPT,
+ -1, &scr, sizeof(scr));
+ break;
++#ifndef __FreeBSD__
+ case IMSG_SNMPSOCK:
+ (void)snmp_setsock(env, p->p_id);
+ break;
++#endif
+ case IMSG_CFG_DONE:
+ if (env->sc_reload)
+ env->sc_reload--;
+@@ -645,6 +683,7 @@
+ return (NULL);
}
-@@ -1145,6 +1155,7 @@
- }
- pn->key = strdup(pk->key);
- if (pn->key == NULL) {
-+ free(pn);
- log_warn("out of memory");
- return (NULL);
- }
-@@ -1370,3 +1381,24 @@
- return (0);
++#ifndef __FreeBSD__
+ struct netroute *
+ route_find(struct relayd *env, objid_t id)
+ {
+@@ -666,6 +705,7 @@
+ return (rt);
+ return (NULL);
}
-+
-+void
-+socket_rlimit(int maxfd)
-+{
-+ struct rlimit rl;
-+
-+ if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
-+ fatal("socket_rlimit: failed to get resource limit");
-+ log_debug("socket_rlimit: max open files %d", rl.rlim_max);
-+
-+ /*
-+ * Allow the maximum number of open file descriptors for this
-+ * login class (which should be the class "daemon" by default).
-+ */
-+ if (maxfd == -1)
-+ rl.rlim_cur = rl.rlim_max;
-+ else
-+ rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd);
-+ if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
-+ fatal("socket_rlimit: failed to set resource limit");
-+}
++#endif
+
+ struct host *
+ host_findbyname(struct relayd *env, const char *name)
+@@ -840,7 +880,11 @@
+ {
+ switch (type) {
+ case DIGEST_SHA1:
++#ifdef __FreeBSD__
++ return (SHA1_Data(data, len, buf));
++#else
+ return (SHA1Data(data, len, buf));
++#endif
+ break;
+ case DIGEST_MD5:
+ return (MD5Data(data, len, buf));
+@@ -1077,9 +1121,17 @@
+ bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM,
+ bnd->bnd_proto)) == -1)
+ goto fail;
++#ifdef SO_BINDANY
+ if (setsockopt(s, SOL_SOCKET, SO_BINDANY,
+ &v, sizeof(v)) == -1)
+ goto fail;
++#else
++#ifdef IP_BINDANY
++ if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
++ &v, sizeof(v)) == -1)
++ goto fail;
++#endif
++#endif
+ if (bind(s, (struct sockaddr *)&bnd->bnd_ss,
+ bnd->bnd_ss.ss_len) == -1)
+ goto fail;
diff --git a/net/relayd/files/patch-relayd-relayd.conf.5 b/net/relayd/files/patch-relayd-relayd.conf.5
new file mode 100644
index 00000000000..f9382742f2e
--- /dev/null
+++ b/net/relayd/files/patch-relayd-relayd.conf.5
@@ -0,0 +1,244 @@
+--- relayd/relayd.conf.5.orig 2011-05-05 12:20:24.000000000 +0200
++++ relayd/relayd.conf.5 2011-05-22 12:52:42.026190316 +0200
+@@ -43,7 +43,7 @@
+ in a similar fashion to
+ .Xr pf 4
+ tables.
+-They are used for relay, redirection, and router target selection with
++They are used for relay and redirection target selection with
+ the described options and health checking on the host they contain.
+ .It Sy Redirections
+ Redirections are translated to
+@@ -55,9 +55,6 @@
+ general purpose TCP proxying on layer 7.
+ .It Sy Protocols
+ Protocols are predefined protocol handlers and settings for relays.
+-.It Sy Routers
+-Routers are used to insert routes with health-checked gateways for
+-(WAN) link balancing.
+ .El
+ .Pp
+ Within the sections,
+@@ -86,7 +83,7 @@
+ .Ic include
+ keyword, for example:
+ .Bd -literal -offset indent
+-include "/etc/relayd.conf.local"
++include "%%PREFIX%%/etc/relayd.conf.local"
+ .Ed
+ .Sh MACROS
+ Macros can be defined that will later be expanded in context.
+@@ -111,17 +108,6 @@
+ .Sh GLOBAL CONFIGURATION
+ Here are the settings that can be set globally:
+ .Bl -tag -width Ds
+-.It Ic demote Ar group
+-Enable the global
+-.Xr carp 4
+-demotion option, resetting the carp demotion counter for the
+-specified interface group to zero on startup and to 128 on shutdown of
+-the daemon.
+-For more information on interface groups,
+-see the
+-.Ic group
+-keyword in
+-.Xr ifconfig 8 .
+ .It Ic interval Ar number
+ Set the interval in seconds at which the hosts will be checked.
+ The default interval is 10 seconds.
+@@ -151,15 +137,6 @@
+ .Xr relayd 8
+ runs 5 relay processes by default and every process will handle
+ all configured relays.
+-.It Ic send trap
+-Send an SNMP trap when the state of a host changes.
+-.Xr relayd 8
+-will try to connect to
+-.Xr snmpd 8
+-and request it send a trap to the registered trap receivers;
+-see
+-.Xr snmpd.conf 5
+-for more information about the configuration.
+ .It Ic timeout Ar number
+ Set the global timeout in milliseconds for checks.
+ This can be overridden by the timeout value in the table definitions.
+@@ -363,17 +340,6 @@
+ .Pp
+ The following general table options are available:
+ .Bl -tag -width Ds
+-.It Ic demote Ar group
+-Enable the per-table
+-.Xr carp 4
+-demotion option.
+-This will increment the carp demotion counter for the
+-specified interface group if all hosts in the table are down.
+-For more information on interface groups,
+-see the
+-.Ic group
+-keyword in
+-.Xr ifconfig 8 .
+ .It Ic interval Ar number
+ Override the global interval and specify one for this table.
+ It must be a multiple of the global interval.
+@@ -605,7 +571,7 @@
+ .Ic destination
+ .Ar options ...
+ .Xc
+-When redirecting connections with a divert-to rule in
++When redirecting connections with a rdr-to rule in
+ .Xr pf.conf 5
+ to a relay listening on localhost, this directive will
+ look up the real destination address of the intended target host,
+@@ -613,14 +579,7 @@
+ If an additional
+ .Ic forward to
+ directive to a specified address or table is present,
+-it will be used as a backup if the lookup failed.
+-.It Xo
+-.Ic forward to
+-.Ic nat lookup
+-.Ar options ...
+-.Xc
+-Like the previous directive, but for redirections with rdr-to in
+-.Xr pf.conf 5 .
++it will be used as a backup if the NAT lookup failed.
+ .It Xo
+ .Ic listen on Ar address
+ .Op Ic port Ar port
+@@ -639,9 +598,9 @@
+ keyword is present, the relay will accept connections using the
+ encrypted SSL protocol.
+ The relay will look up a private key in
+-.Pa /etc/ssl/private/address.key
++.Pa %%PREFIX%%/etc/ssl/private/address.key
+ and a public certificate in
+-.Pa /etc/ssl/address.crt ,
++.Pa %%PREFIX%%/etc/ssl/address.crt ,
+ where
+ .Ar address
+ is the specified IP address of the relay to listen on.
+@@ -990,9 +949,6 @@
+ This option enables CA verification in SSL client mode.
+ The daemon will load the CA (Certificate Authority) certificates from
+ the specified path to verify the server certificates.
+-.Ox
+-provides a default CA bundle in
+-.Pa /etc/ssl/cert.pem .
+ .It Ic ciphers Ar string
+ Set the string defining the SSL cipher suite.
+ If not specified, the default value
+@@ -1068,89 +1024,22 @@
+ Set the socket-level buffer size for input and output for this
+ connection.
+ This will affect the TCP window size.
+-.It Xo
+-.Op Ic no
+-.Ic splice
+-.Xc
+-Use socket splicing for zero-copy data transfer.
+-This option is enabled by default.
+ .El
+ .El
+-.Sh ROUTERS
+-Routers represent routing table entries in the kernel forwarding
+-database, see
+-.Xr route 4 ,
+-and a table of associated gateways.
+-They are used to dynamically insert or remove routes with gateways
+-based on their availability and health-check results.
+-A router can include multiple network statements and a single forward
+-statement with a table of one or more gateways.
+-All entries in a single router directive must match the same address
+-family, either IPv4 or IPv6.
+-.Pp
+-The kernel supports multipath routing when multiple gateways exist to
+-the same destination address.
+-The multipath routing behaviour can be changed globally using the
+-.Xr sysctl 8
+-variables
+-.Va net.inet.ip.multipath
+-and
+-.Va net.inet6.ip6.multipath .
+-With the default setting of 0,
+-the first route selected will be used for subsequent packets to that
+-destination regardless of source.
+-Setting it to 1 will enable load balancing based on the packet source
+-address across gateways; multiple routes with the same priority are
+-used equally.
+-The kernel will also check the link state of the related network
+-interface and try a different route if it is not active.
+-.Pp
+-The configuration directives that are valid in the
+-.Ic routers
+-context are described below:
+-.Bl -tag -width Ds
+-.It Xo
+-.Ic forward to
+-.Aq Ar table
+-.Ic port Ar number
+-.Ar options ...
+-.Xc
+-Specify the table of target gateways to be used; see the
+-.Sx TABLES
+-section above for information about table options.
+-This entry is mandatory and must be specified once.
+-.It Xo
+-.Ic route
+-.Ar address Ns Li / Ns Ar prefix
+-.Xc
+-Specify the network address and prefix length of a route destination
+-that is reachable via the active gateways.
+-This entry must be specified at least once in a router directive.
+-.It Ic rtable Ar id
+-Add the routes to the kernel routing table with the specified
+-.Ar id .
+-.It Ic rtlabel Ar label
+-Add the routes with the specified
+-.Ar label
+-to the kernel routing table.
+-.El
+ .Sh FILES
+-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact
+-.It Pa /etc/relayd.conf
++.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact
++.It Pa %%PREFIX%%/etc/relayd.conf
+ .Xr relayd 8
+ configuration file.
+ .Pp
+ .It Pa /etc/services
+ Service name database.
+ .Pp
+-.It Pa /etc/ssl/address.crt
+-.It Pa /etc/ssl/private/address.key
++.It Pa %%PREFIX%%/etc/ssl/address.crt
++.It Pa %%PREFIX%%/etc/ssl/private/address.key
+ Location of the relay SSL server certificates, where
+ .Ar address
+ is the configured IP address of the relay.
+-.It Pa /etc/ssl/cert.pem
+-Default location of the CA bundle that can be used with
+-.Xr relayd 8 .
+ .El
+ .Sh EXAMPLES
+ This configuration file would create a redirection service
+@@ -1242,20 +1131,9 @@
+ forward to shell.example.com port 22
+ }
+ .Ed
+-.Pp
+-The next simple router configuration example can be used to run
+-redundant, health-checked WAN links:
+-.Bd -literal -offset indent
+-table \*(Ltgateways\*(Gt { $gw1 ip ttl 1, $gw2 ip ttl 1 }
+-router "uplinks" {
+- route 0.0.0.0/0
+- forward to \*(Ltgateways\*(Gt check icmp
+-}
+-.Ed
+ .Sh SEE ALSO
+ .Xr relayctl 8 ,
+ .Xr relayd 8 ,
+-.Xr snmpd 8 ,
+ .Xr ssl 8
+ .Sh HISTORY
+ The
diff --git a/net/relayd/files/patch-relayd-relayd.h b/net/relayd/files/patch-relayd-relayd.h
index 33ba4116ff2..dbefb9b926b 100644
--- a/net/relayd/files/patch-relayd-relayd.h
+++ b/net/relayd/files/patch-relayd-relayd.h
@@ -1,74 +1,199 @@
---- relayd/relayd.h.orig 2011-01-15 00:27:09.022494663 +0100
-+++ relayd/relayd.h 2011-01-15 00:47:37.743251059 +0100
-@@ -19,11 +19,12 @@
- */
-
+--- relayd.orig/relayd.h 2011-05-22 01:06:39.465162022 +0200
++++ relayd/relayd.h 2011-05-22 01:07:39.088200887 +0200
+@@ -21,10 +21,18 @@
#include <sys/tree.h>
-+
-+#include <sys/param.h> /* MAXHOSTNAMELEN */
-+#include <limits.h>
- #ifdef __FreeBSD__
--#include <sys/param.h>
- #include <sys/queue.h>
- #endif
--
+
+ #include <sys/param.h> /* MAXHOSTNAMELEN */
++#ifdef __FreeBSD__
++#include <sys/queue.h>
++#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
++#endif
+ #include <limits.h>
#include <imsg.h>
- #ifdef __FreeBSD__
-@@ -299,7 +300,9 @@
- HCE_ICMP_OK,
- HCE_ICMP_READ_TIMEOUT,
- HCE_ICMP_WRITE_TIMEOUT,
-- HCE_TCP_CONNECT_ERROR,
-+ HCE_TCP_SOCKET_ERROR,
-+ HCE_TCP_SOCKET_LIMIT,
-+ HCE_TCP_SOCKET_OPTION,
- HCE_TCP_CONNECT_FAIL,
- HCE_TCP_CONNECT_TIMEOUT,
- HCE_TCP_CONNECT_OK,
-@@ -637,6 +640,13 @@
- struct ctl_icmp_event sc_icmp_recv;
- struct ctl_icmp_event sc_icmp6_send;
- struct ctl_icmp_event sc_icmp6_recv;
-+
-+ /* Event and signal handlers */
-+ struct event sc_evsigint;
-+ struct event sc_evsigterm;
-+ struct event sc_evsigchld;
-+ struct event sc_evsighup;
-+ struct event sc_evsigpipe;
++#ifdef __FreeBSD__
++#define CONF_FILE "%%PREFIX%%/etc/relayd.conf"
++#else
+ #define CONF_FILE "/etc/relayd.conf"
++#endif
+ #define RELAYD_SOCKET "/var/run/relayd.sock"
+ #define PF_SOCKET "/dev/pf"
+ #define RELAYD_USER "_relayd"
+@@ -63,7 +71,18 @@
+ #define SMALL_READ_BUF_SIZE 1024
+ #define ICMP_BUF_SIZE 64
+
++#ifndef __FreeBSD__
+ #define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */
++#else
++#define SIMPLEQ_HEAD STAILQ_HEAD
++#define SIMPLEQ_FIRST STAILQ_FIRST
++#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD
++#define SIMPLEQ_ENTRY STAILQ_ENTRY
++#define SIMPLEQ_INIT STAILQ_INIT
++#define SIMPLEQ_EMPTY STAILQ_EMPTY
++#define SIMPLEQ_NEXT STAILQ_NEXT
++#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL
++#endif
+
+ #if DEBUG > 1
+ #define DPRINTF log_debug
+@@ -253,7 +272,9 @@
+ #define F_SSLCLIENT 0x00200000
+ #define F_NEEDRT 0x00400000
+ #define F_MATCH 0x00800000
++#ifndef __FreeBSD__
+ #define F_DIVERT 0x01000000
++#endif
+
+ #define F_BITS \
+ "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \
+@@ -622,6 +643,7 @@
};
+ #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN
- #define RELAYD_OPT_VERBOSE 0x01
-@@ -699,6 +709,7 @@
- IMSG_CTL_NOTIFY,
- IMSG_CTL_RDR_STATS,
- IMSG_CTL_RELAY_STATS,
-+ IMSG_CTL_LOG_VERBOSE,
- IMSG_RDR_ENABLE, /* notifies from pfe to hce */
- IMSG_RDR_DISABLE,
- IMSG_TABLE_ENABLE,
-@@ -799,7 +810,6 @@
- int relay_cmp_af(struct sockaddr_storage *,
- struct sockaddr_storage *);
++#ifndef __FreeBSD__
+ struct router;
+ struct netroute_config {
+ objid_t id;
+@@ -668,6 +690,7 @@
+ struct netroute_config nr;
+ struct router_config rt;
+ };
++#endif
+ /* initially control.h */
+ struct control_sock {
+@@ -753,12 +776,18 @@
+ IMSG_HOST_STATUS, /* notifies from hce to pfe */
+ IMSG_SYNC,
+ IMSG_NATLOOK,
++#ifndef __FreeBSD__
+ IMSG_DEMOTE,
++#endif
+ IMSG_STATISTICS,
+ IMSG_SCRIPT,
++#ifndef __FreeBSD__
+ IMSG_SNMPSOCK,
++#endif
+ IMSG_BINDANY,
++#ifndef __FreeBSD__
+ IMSG_RTMSG, /* from pfe to parent */
++#endif
+ IMSG_CFG_TABLE, /* configuration from parent */
+ IMSG_CFG_HOST,
+ IMSG_CFG_RDR,
+@@ -826,14 +855,18 @@
+ u_int32_t sc_flags;
+ const char *sc_conffile;
+ struct pfdata *sc_pf;
++#ifndef __FreeBSD__
+ int sc_rtsock;
+ int sc_rtseq;
++#endif
+ int sc_tablecount;
+ int sc_rdrcount;
+ int sc_protocount;
+ int sc_relaycount;
++#ifndef __FreeBSD__
+ int sc_routercount;
+ int sc_routecount;
++#endif
+ struct timeval sc_interval;
+ struct timeval sc_timeout;
+ struct table sc_empty_table;
+@@ -843,8 +876,10 @@
+ struct rdrlist *sc_rdrs;
+ struct protolist *sc_protos;
+ struct relaylist *sc_relays;
++#ifndef __FreeBSD__
+ struct routerlist *sc_rts;
+ struct netroutelist *sc_routes;
++#endif
+ u_int16_t sc_prefork_relay;
+ char sc_demote_group[IFNAMSIZ];
+ u_int16_t sc_id;
+@@ -852,10 +887,11 @@
+ struct event sc_statev;
+ struct timeval sc_statinterval;
+
++#ifndef __FreeBSD__
+ int sc_snmp;
+ struct event sc_snmpto;
+ struct event sc_snmpev;
-
- RB_PROTOTYPE(proto_tree, protonode, se_nodes, relay_proto_cmp);
- SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp);
++#endif
+ int sc_has_icmp;
+ int sc_has_icmp6;
+ struct ctl_icmp_event sc_icmp_send;
+@@ -923,10 +959,12 @@
+ u_int64_t
+ check_table(struct relayd *, struct rdr *, struct table *);
+
++#ifndef __FreeBSD__
+ /* pfe_route.c */
+ void init_routes(struct relayd *);
+ void sync_routes(struct relayd *, struct router *);
+ int pfe_route(struct relayd *, struct ctl_netroute *);
++#endif
-@@ -867,6 +877,7 @@
- void imsg_event_add(struct imsgev *);
- int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
- pid_t, int, void *, u_int16_t);
-+void socket_rlimit(int);
+ /* hce.c */
+ pid_t hce(struct privsep *, struct privsep_proc *);
+@@ -943,8 +981,10 @@
+ void relay_session(struct rsession *);
+ int relay_from_table(struct rsession *);
+ int relay_socket_af(struct sockaddr_storage *, in_port_t);
++#ifndef __FreeBSD__
+ in_port_t
+ relay_socket_getport(struct sockaddr_storage *);
++#endif
+ int relay_cmp_af(struct sockaddr_storage *,
+ struct sockaddr_storage *);
- /* carp.c */
- int carp_demote_init(char *, int);
-@@ -898,6 +909,7 @@
+@@ -986,8 +1026,10 @@
+ struct host *host_find(struct relayd *, objid_t);
+ struct table *table_find(struct relayd *, objid_t);
+ struct rdr *rdr_find(struct relayd *, objid_t);
++#ifndef __FreeBSD__
+ struct netroute *route_find(struct relayd *, objid_t);
+ struct router *router_find(struct relayd *, objid_t);
++#endif
+ struct host *host_findbyname(struct relayd *, const char *);
+ struct table *table_findbyname(struct relayd *, const char *);
+ struct table *table_findbyconf(struct relayd *, struct table *);
+@@ -1035,11 +1077,13 @@
+ void pn_unref(u_int16_t);
+ void pn_ref(u_int16_t);
- /* log.c */
- void log_init(int);
-+void log_verbose(int);
- void log_warn(const char *, ...);
- void log_warnx(const char *, ...);
- void log_info(const char *, ...);
++#ifndef __FreeBSD__
+ /* snmp.c */
+ void snmp_init(struct relayd *, enum privsep_procid);
+ int snmp_setsock(struct relayd *, enum privsep_procid);
+ int snmp_getsock(struct relayd *, struct imsg *);
+ void snmp_hosttrap(struct relayd *, struct table *, struct host *);
++#endif
+
+ /* shuffle.c */
+ void shuffle_init(struct shuffle *);
+@@ -1092,9 +1136,11 @@
+ int config_setrdr(struct relayd *, struct rdr *);
+ int config_getrdr(struct relayd *, struct imsg *);
+ int config_getvirt(struct relayd *, struct imsg *);
++#ifndef __FreeBSD__
+ int config_setrt(struct relayd *, struct router *);
+ int config_getrt(struct relayd *, struct imsg *);
+ int config_getroute(struct relayd *, struct imsg *);
++#endif
+ int config_setproto(struct relayd *env, struct protocol *);
+ int config_getproto(struct relayd *, struct imsg *);
+ int config_setprotonode(struct relayd *, enum privsep_procid,
+@@ -1102,3 +1148,9 @@
+ int config_getprotonode(struct relayd *, struct imsg *);
+ int config_setrelay(struct relayd *env, struct relay *);
+ int config_getrelay(struct relayd *, struct imsg *);
++
++#ifdef __FreeBSD__
++#if __FreeBSD_version < 800041
++u_int32_t arc4random_uniform(u_int32_t upper_bound);
++#endif
++#endif
diff --git a/net/relayd/pkg-descr b/net/relayd/pkg-descr
index 734b5343510..a356fd4f73a 100644
--- a/net/relayd/pkg-descr
+++ b/net/relayd/pkg-descr
@@ -8,4 +8,9 @@ firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd.
Layer 3 redirection happens at the packet level; to configure it, relayd
communicates with pf(4).
+The following relayd functionality is not (yet) implemented in FreeBSD:
+carp
+routers
+snmp
+
WWW: http://spootnik.org/relayd/