diff options
27 files changed, 1833 insertions, 1677 deletions
diff --git a/net/relayd/Makefile b/net/relayd/Makefile index 04bc16f8473..f9f2d56d6f0 100644 --- a/net/relayd/Makefile +++ b/net/relayd/Makefile @@ -5,8 +5,7 @@ # $FreeBSD$ PORTNAME= relayd -PORTVERSION= 4.6.20090813 -PORTREVISION= 5 +PORTVERSION= 4.9.20110522 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_LOCAL} MASTER_SITE_SUBDIR= mm @@ -16,7 +15,7 @@ COMMENT= OpenBSD relay daemon LICENSE= BSD -DISTNAME= ${PORTNAME}-${PORTVERSION}-1 +DISTNAME= ${PORTNAME}-${PORTVERSION} USE_BZIP2= yes MANCOMPRESSED= yes diff --git a/net/relayd/distinfo b/net/relayd/distinfo index b3e7053f5c2..c56d0af1915 100644 --- a/net/relayd/distinfo +++ b/net/relayd/distinfo @@ -1,2 +1,2 @@ -SHA256 (relayd-4.6.20090813-1.tar.bz2) = c4f2e2e48155117a73042c313f777b0f467640eea29bf2473eb9dba5bede0b9d -SIZE (relayd-4.6.20090813-1.tar.bz2) = 77359 +SHA256 (relayd-4.9.20110522.tar.bz2) = 905ab2fa2296adc60b3552e50529dc69e906c4414b11ed125c4c6bd613765378 +SIZE (relayd-4.9.20110522.tar.bz2) = 85439 diff --git a/net/relayd/files/Makefile.relayctl b/net/relayd/files/Makefile.relayctl index 24b5ab4d301..627ed1fe53c 100644 --- a/net/relayd/files/Makefile.relayctl +++ b/net/relayd/files/Makefile.relayctl @@ -2,10 +2,12 @@ PROG= relayctl +.PATH: ${.CURDIR}/../../lib/libutil +SRCS= imsg-buffer.c \ + imsg.c + .PATH: ${.CURDIR}/../relayd -SRCS= buffer.c \ - imsg.c \ - log.c +SRCS+= log.c .PATH: ${.CURDIR} SRCS+= relayctl.c \ @@ -15,6 +17,7 @@ MAN= relayctl.8 CFLAGS+= -D__dead='' CFLAGS+= -I${.CURDIR} \ + -I${.CURDIR}/../../lib/libutil \ -I${.CURDIR}/../relayd \ -I${PREFIX}/include diff --git a/net/relayd/files/Makefile.relayd b/net/relayd/files/Makefile.relayd index f6aa3cf648a..58c7915913f 100644 --- a/net/relayd/files/Makefile.relayd +++ b/net/relayd/files/Makefile.relayd @@ -5,11 +5,14 @@ PROG= relayd MAN= relayd.8 \ relayd.conf.5 -SRCS= parse.y \ +.PATH: ${.CURDIR}/../../lib/libutil +SRCS= imsg-buffer.c \ + imsg.c + +.PATH: ${.CURDIR} +SRCS+= parse.y \ log.c \ control.c \ - buffer.c \ - imsg.c \ ssl.c \ ssl_privsep.c \ relayd.c \ @@ -23,13 +26,16 @@ SRCS= parse.y \ check_script.c \ name2id.c \ arc4random.c \ - shuffle.c + shuffle.c \ + proc.c \ + config.c CFLAGS+= -DSHA1_DIGEST_LENGTH=SHA_DIGEST_LENGTH \ -DSHA1_DIGEST_STRING_LENGTH=SHA_DIGEST_LENGTH \ -DOPENSSL_NO_SHA -DOPENSSL_NO_MD5 \ -D__dead='' -CFLAGS+= -I${.CURDIR} -I${PREFIX}/include +CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libutil \ + -I${PREFIX}/include CLEANFILES+= y.tab.h LDADD= -lmd -L${PREFIX}/lib ${LIBEVENT} -lssl -lcrypto diff --git a/net/relayd/files/patch-freebsd-relayctl b/net/relayd/files/patch-freebsd-relayctl deleted file mode 100644 index 774bf777a4a..00000000000 --- a/net/relayd/files/patch-freebsd-relayctl +++ /dev/null @@ -1,75 +0,0 @@ -diff -Naur relayctl.orig/parser.c relayctl/parser.c ---- relayctl.orig/parser.c 2007-12-20 21:15:43.000000000 +0100 -+++ relayctl/parser.c 2010-05-27 10:12:35.000000000 +0200 -@@ -18,7 +18,11 @@ - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#else - #include <sys/types.h> -+#endif - #include <sys/socket.h> - #include <sys/queue.h> - -@@ -124,6 +128,11 @@ - - static struct parse_result res; - -+#ifdef __FreeBSD__ -+const struct token *match_token(const char *, const struct token []); -+void show_valid_args(const struct token []); -+#endif -+ - struct parse_result * - parse(int argc, char *argv[]) - { -diff -Naur relayctl.orig/parser.h relayctl/parser.h ---- relayctl.orig/parser.h 2007-12-20 21:15:43.000000000 +0100 -+++ relayctl/parser.h 2010-05-27 10:12:03.000000000 +0200 -@@ -41,5 +41,7 @@ - }; - - struct parse_result *parse(int, char *[]); -+#ifndef __FreeBSD__ - const struct token *match_token(const char *, const struct token []); - void show_valid_args(const struct token []); -+#endif -diff -Naur relayctl.orig/relayctl.c relayctl/relayctl.c ---- relayctl.orig/relayctl.c 2009-06-06 01:39:51.000000000 +0200 -+++ relayctl/relayctl.c 2010-05-27 10:11:39.000000000 +0200 -@@ -20,6 +20,9 @@ - */ - - #include <sys/types.h> -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#endif - #include <sys/socket.h> - #include <sys/queue.h> - #include <sys/un.h> -@@ -290,7 +293,11 @@ - imn = monitor_lookup(imsg->hdr.type); - printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name, - imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid); -+#ifdef __FreeBSD__ -+ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now)); -+#else - printf("\ttimestamp: %u, %s", now, ctime(&now)); -+#endif - if (imn->type == -1) - done = 1; - if (imn->func != NULL) -@@ -509,7 +516,11 @@ - printf("\t%8s\ttotal: %llu sessions\n" - "\t%8s\tlast: %u/%us %u/h %u/d sessions\n" - "\t%8s\taverage: %u/%us %u/h %u/d sessions\n", -+#ifdef __FreeBSD__ -+ "", (long long unsigned)crs.cnt, -+#else - "", crs.cnt, -+#endif - "", crs.last, crs.interval, - crs.last_hour, crs.last_day, - "", crs.avg, crs.interval, diff --git a/net/relayd/files/patch-freebsd-relayd b/net/relayd/files/patch-freebsd-relayd deleted file mode 100644 index 5f2e80c11a9..00000000000 --- a/net/relayd/files/patch-freebsd-relayd +++ /dev/null @@ -1,791 +0,0 @@ -diff -Naur relayd.orig/carp.c relayd/carp.c ---- relayd.orig/carp.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/carp.c 2010-06-10 08:50:24.487544459 +0200 -@@ -19,6 +19,7 @@ - #include <sys/param.h> - #include <sys/socket.h> - #include <sys/ioctl.h> -+#include <sys/queue.h> - - #include <net/if.h> - -diff -Naur relayd.orig/check_tcp.c relayd/check_tcp.c ---- relayd.orig/check_tcp.c 2010-06-10 08:50:20.371085750 +0200 -+++ relayd/check_tcp.c 2010-06-10 08:50:24.488548211 +0200 -@@ -31,7 +31,7 @@ - #include <stdlib.h> - #include <errno.h> - #include <fnmatch.h> --#include <sha1.h> -+#include <sha.h> - - #include <openssl/ssl.h> - -@@ -285,7 +285,11 @@ - if (b == NULL) - fatal("out of memory"); - *b = '\0'; -+#ifndef __FreeBSD__ - if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) { -+#else -+ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) { -+#endif - cte->host->he = HCE_SEND_EXPECT_OK; - cte->host->up = HOST_UP; - return (0); -@@ -318,7 +322,11 @@ - fatal("out of memory"); - *b = '\0'; - -+#ifndef __FreeBSD__ - head = cte->buf->buf; -+#else -+ head = (char *)cte->buf->buf; -+#endif - host = cte->host; - host->he = HCE_HTTP_CODE_ERROR; - -@@ -370,7 +378,11 @@ - fatal("out of memory"); - *b = '\0'; - -+#ifndef __FreeBSD__ - head = cte->buf->buf; -+#else -+ head = (char *)cte->buf->buf; -+#endif - host = cte->host; - host->he = HCE_HTTP_DIGEST_ERROR; - -@@ -382,7 +394,11 @@ - } - head += strlen("\r\n\r\n"); - -+#ifndef __FreeBSD__ - digeststr(cte->table->conf.digest_type, head, strlen(head), digest); -+#else -+ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest); -+#endif - - if (strcmp(cte->table->conf.digest, digest)) { - log_warnx("check_http_digest: %s failed " -diff -Naur relayd.orig/hce.c relayd/hce.c ---- relayd.orig/hce.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/hce.c 2010-06-10 08:50:24.489552523 +0200 -@@ -167,7 +167,7 @@ - struct timeval tv; - struct table *table; - -- snmp_init(env, iev_main); -+// snmp_init(env, iev_main); - - if (!TAILQ_EMPTY(env->sc_tables)) { - evtimer_set(&env->sc_ev, hce_launch_checks, env); -@@ -336,8 +336,10 @@ - print_availability(host->check_cnt, host->up_cnt)); - } - -+/* - if (host->last_up != host->up) - snmp_hosttrap(table, host); -+*/ - - host->last_up = host->up; - -diff -Naur relayd.orig/log.c relayd/log.c ---- relayd.orig/log.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/log.c 2010-06-10 08:50:24.489552523 +0200 -@@ -16,7 +16,11 @@ - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#else - #include <sys/types.h> -+#endif - #include <sys/queue.h> - #include <sys/socket.h> - #include <sys/tree.h> -diff -Naur relayd.orig/parse.y relayd/parse.y ---- relayd.orig/parse.y 2010-06-10 08:50:20.372089782 +0200 -+++ relayd/parse.y 2010-06-10 08:50:24.490556275 +0200 -@@ -343,6 +343,7 @@ - } - conf->sc_prefork_relay = $2; - } -+/* FreeBSD exclude - | DEMOTE STRING { - conf->sc_flags |= F_DEMOTE; - if (strlcpy(conf->sc_demote_group, $2, -@@ -360,6 +361,7 @@ - } - } - | SEND TRAP { conf->sc_flags |= F_TRAP; } -+*/ - ; - - loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; } -@@ -615,6 +617,7 @@ - bcopy(&$2, &table->conf.timeout, - sizeof(struct timeval)); - } -+/* FreeBSD exclude - | DEMOTE STRING { - table->conf.flags |= F_DEMOTE; - if (strlcpy(table->conf.demote_group, $2, -@@ -632,6 +635,7 @@ - YYERROR; - } - } -+*/ - | INTERVAL NUMBER { - if ($2 < conf->sc_interval.tv_sec || - $2 % conf->sc_interval.tv_sec) { -@@ -1562,7 +1566,7 @@ - { "ciphers", CIPHERS }, - { "code", CODE }, - { "cookie", COOKIE }, -- { "demote", DEMOTE }, -+// FreeBSD { "demote", DEMOTE }, - { "digest", DIGEST }, - { "disable", DISABLE }, - { "error", ERROR }, -@@ -1625,7 +1629,7 @@ - { "timeout", TIMEOUT }, - { "to", TO }, - { "transparent", TRANSPARENT }, -- { "trap", TRAP }, -+// FreeBSD { "trap", TRAP }, - { "ttl", TTL }, - { "updates", UPDATES }, - { "url", URL }, -@@ -2260,7 +2264,8 @@ - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ - error = getaddrinfo(s, NULL, &hints, &res0); -- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) -+// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) -+ if (error == EAI_AGAIN || error == EAI_NONAME) - return (0); - if (error) { - log_warnx("host_dns: could not parse \"%s\": %s", s, -diff -Naur relayd.orig/pfe.c relayd/pfe.c ---- relayd.orig/pfe.c 2010-06-10 08:50:20.369077965 +0200 -+++ relayd/pfe.c 2010-06-10 08:50:24.491560307 +0200 -@@ -17,6 +17,9 @@ - */ - - #include <sys/param.h> -+#ifdef __FreeBSD__ -+#include <sys/queue.h> -+#endif - #include <sys/stat.h> - #include <sys/socket.h> - #include <sys/un.h> -@@ -859,7 +862,9 @@ - struct table *table; - struct ctl_id id; - struct imsg imsg; -+#ifndef __FreeBSD__ - struct ctl_demote demote; -+#endif - - bzero(&id, sizeof(id)); - bzero(&imsg, sizeof(imsg)); -@@ -920,6 +925,7 @@ - */ - table->conf.flags &= ~(F_CHANGED); - -+#ifndef __FreeBSD__ - /* - * handle demotion. - */ -@@ -942,6 +948,7 @@ - sizeof(demote.group)); - imsg_compose_event(iev_main, IMSG_DEMOTE, 0, 0, -1, - &demote, sizeof(demote)); -+#endif - } - } - -diff -Naur relayd.orig/pfe_filter.c relayd/pfe_filter.c ---- relayd.orig/pfe_filter.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/pfe_filter.c 2010-06-10 08:51:10.599999014 +0200 -@@ -97,6 +97,10 @@ - sizeof(tables[i].pfrt_name)) - goto toolong; - tables[i].pfrt_flags |= PFR_TFLAG_PERSIST; -+#ifdef __FreeBSD__ -+ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"", -+#endif -+ tables[i].pfrt_anchor, tables[i].pfrt_name); - i++; - } - if (i != env->sc_rdrcount) -@@ -280,12 +284,11 @@ - } - - psnk.psnk_af = host->conf.ss.ss_family; -- psnk.psnk_killed = 0; - - if (ioctl(env->sc_pf->dev, - DIOCKILLSRCNODES, &psnk) == -1) - fatal("kill_srcnodes: cannot kill src nodes"); -- cnt += psnk.psnk_killed; -+ cnt += psnk.psnk_af; - } - - return (cnt); -@@ -370,7 +373,11 @@ - struct sockaddr_in6 *sain6; - struct address *address; - char anchor[PF_ANCHOR_NAME_SIZE]; -+#ifndef __FreeBSD__ - int rs; -+#else -+ int rs = 0; -+#endif - struct table *t = rdr->table; - - if (!(env->sc_flags & F_NEEDPF)) -@@ -418,7 +425,9 @@ - - /* Use sloppy state handling for half connections */ - rio.rule.keep_state = PF_STATE_NORMAL; -+#ifdef PFRULE_STATESLOPPY - rio.rule.rule_flag = PFRULE_STATESLOPPY; -+#endif - break; - default: - fatalx("sync_ruleset: invalid forward mode"); -@@ -437,7 +446,9 @@ - rio.rule.dst.port_op = address->port.op; - rio.rule.dst.port[0] = address->port.val[0]; - rio.rule.dst.port[1] = address->port.val[1]; -+#if 0 - rio.rule.rtableid = -1; /* stay in the main routing table */ -+#endif - - if (rio.rule.proto == IPPROTO_TCP) - rio.rule.timeout[PFTM_TCP_ESTABLISHED] = -diff -Naur relayd.orig/relay.c relayd/relay.c ---- relayd.orig/relay.c 2010-06-10 08:50:20.371085750 +0200 -+++ relayd/relay.c 2010-06-10 08:50:24.492564339 +0200 -@@ -16,7 +16,11 @@ - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#else - #include <sys/types.h> -+#endif - #include <sys/queue.h> - #include <sys/time.h> - #include <sys/stat.h> -@@ -683,6 +687,7 @@ - &val, sizeof(val)) == -1) - goto bad; - } -+#ifndef __FreeBSD__ - if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { - if (proto->tcpflags & TCPFLAG_NSACK) - val = 0; -@@ -692,6 +697,7 @@ - &val, sizeof(val)) == -1) - goto bad; - } -+#endif - - return (s); - -@@ -1027,7 +1033,11 @@ - } - if (strstr(val, "$TIMEOUT") != NULL) { - snprintf(ibuf, sizeof(ibuf), "%lu", -+#ifdef __FreeBSD__ -+ (unsigned long)rlay->rl_conf.timeout.tv_sec); -+#else - rlay->rl_conf.timeout.tv_sec); -+#endif - if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0) - return (NULL); - } -@@ -1624,7 +1634,11 @@ - switch (type) { - case DIGEST_SHA1: - case DIGEST_MD5: -+#ifdef __FreeBSD__ -+ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) { -+#else - if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) { -+#endif - relay_close_http(con, 500, - "failed to allocate digest", 0); - goto fail; -@@ -2642,8 +2656,12 @@ - goto err; - - /* Set session context to the local relay name */ -- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name, -- strlen(rlay->rl_conf.name))) -+ if (!SSL_CTX_set_session_id_context(ctx, -+#ifdef __FreeBSD__ -+ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name))) -+#else -+ rlay->rl_conf.name, strlen(rlay->rl_conf.name))) -+#endif - goto err; - - return (ctx); -@@ -3104,7 +3122,11 @@ - if (fstat(fd, &st) != 0) - goto fail; - size = st.st_size; -+#ifndef __FreeBSD__ - if ((buf = (char *)calloc(1, size + 1)) == NULL) -+#else -+ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL) -+#endif - goto fail; - if (read(fd, buf, size) != size) - goto fail; -@@ -3112,7 +3134,11 @@ - close(fd); - - *len = size + 1; -+#ifndef __FreeBSD__ - return (buf); -+#else -+ return (char *)(buf); -+#endif - - fail: - if (buf != NULL) -@@ -3142,7 +3168,7 @@ - return (-1); - - if (snprintf(certfile, sizeof(certfile), -- "/etc/ssl/%s.crt", hbuf) == -1) -+ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1) - return (-1); - if ((rlay->rl_ssl_cert = relay_load_file(certfile, - &rlay->rl_ssl_cert_len)) == NULL) -@@ -3150,7 +3176,7 @@ - log_debug("relay_load_certfiles: using certificate %s", certfile); - - if (snprintf(certfile, sizeof(certfile), -- "/etc/ssl/private/%s.key", hbuf) == -1) -+ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1) - return -1; - if ((rlay->rl_ssl_key = relay_load_file(certfile, - &rlay->rl_ssl_key_len)) == NULL) -diff -Naur relayd.orig/relay_udp.c relayd/relay_udp.c ---- relayd.orig/relay_udp.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/relay_udp.c 2010-06-10 08:50:24.493571444 +0200 -@@ -16,7 +16,11 @@ - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#else - #include <sys/types.h> -+#endif - #include <sys/queue.h> - #include <sys/time.h> - #include <sys/stat.h> -diff -Naur relayd.orig/relayd.8 relayd/relayd.8 ---- relayd.orig/relayd.8 2010-06-10 08:50:20.371085750 +0200 -+++ relayd/relayd.8 2010-06-10 08:50:24.493571444 +0200 -@@ -117,7 +117,7 @@ - .It Fl f Ar file - Specify an alternative configuration file. - The default is --.Pa /etc/relayd.conf . -+.Pa %%PREFIX%%/etc/relayd.conf . - .It Fl n - Configtest mode. - Only check the configuration file for validity. -@@ -126,7 +126,7 @@ - .El - .Sh FILES - .Bl -tag -width "/var/run/relayd.sockXX" -compact --.It /etc/relayd.conf -+.It %%PREFIX%%/etc/relayd.conf - Default configuration file. - .It /var/run/relayd.sock - Unix-domain socket used for communication with -diff -Naur relayd.orig/relayd.c relayd/relayd.c ---- relayd.orig/relayd.c 2010-06-10 08:50:20.370081718 +0200 -+++ relayd/relayd.c 2010-06-10 08:50:24.494572682 +0200 -@@ -17,7 +17,12 @@ - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#include <openssl/rand.h> -+#else - #include <sys/types.h> -+#endif - #include <sys/queue.h> - #include <sys/socket.h> - #include <sys/wait.h> -@@ -37,7 +42,11 @@ - #include <unistd.h> - #include <ctype.h> - #include <pwd.h> -+#ifdef __FreeBSD__ -+#include <sha.h> -+#else - #include <sha1.h> -+#endif - #include <md5.h> - - #include <openssl/ssl.h> -@@ -126,6 +135,11 @@ - int c; - int debug; - u_int32_t opts; -+#ifdef __FreeBSD__ -+#if __FreeBSD_version > 800040 -+ u_int32_t rnd[256]; -+#endif -+#endif - struct relayd *env; - const char *conffile; - struct event ev_sigint; -@@ -196,6 +210,16 @@ - - log_info("startup"); - -+#ifdef __FreeBSD__ -+#if __FreeBSD_version > 800040 -+ arc4random_stir(); -+ arc4random_buf(rnd, sizeof(rnd)); -+ RAND_seed(rnd, sizeof(rnd)); -+#else -+ RAND_load_file("/dev/random",2048); -+#endif -+#endif -+ - if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, - pipe_parent2pfe) == -1) - fatal("socketpair"); -@@ -292,9 +316,10 @@ - iev_hce->handler, iev_hce); - event_add(&iev_hce->ev, NULL); - -+#ifndef __FreeBSD__ - if (env->sc_flags & F_DEMOTE) - carp_demote_reset(env->sc_demote_group, 0); -- -+#endif - event_dispatch(); - - return (0); -@@ -319,9 +344,11 @@ - } while (pid != -1 || (pid == -1 && errno == EINTR)); - - control_cleanup(); -+#ifndef __FreeBSD__ - carp_demote_shutdown(); - if (env->sc_flags & F_DEMOTE) - carp_demote_reset(env->sc_demote_group, 128); -+#endif - log_info("terminating"); - exit(0); - } -@@ -383,8 +410,10 @@ - memcpy(&env->sc_proto_default, &new_env->sc_proto_default, - sizeof(env->sc_proto_default)); - env->sc_prefork_relay = new_env->sc_prefork_relay; -+#ifndef __FreeBSD__ - (void)strlcpy(env->sc_demote_group, new_env->sc_demote_group, - sizeof(env->sc_demote_group)); -+#endif - - env->sc_tables = new_env->sc_tables; - env->sc_rdrs = new_env->sc_rdrs; -@@ -610,7 +639,9 @@ - struct imsgbuf *ibuf; - struct imsg imsg; - ssize_t n; -+#ifndef __FreeBSD__ - struct ctl_demote demote; -+#endif - - iev = ptr; - ibuf = &iev->ibuf; -@@ -638,6 +669,7 @@ - break; - - switch (imsg.hdr.type) { -+#ifndef __FreeBSD__ - case IMSG_DEMOTE: - if (imsg.hdr.len - IMSG_HEADER_SIZE != - sizeof(demote)) -@@ -646,6 +678,7 @@ - memcpy(&demote, imsg.data, sizeof(demote)); - carp_demote_set(demote.group, demote.level); - break; -+#endif - case IMSG_CTL_RELOAD: - /* - * so far we only get here if no L7 (relay) is done. -@@ -709,9 +742,11 @@ - imsg_compose_event(iev_hce, IMSG_SCRIPT, - 0, 0, -1, &scr, sizeof(scr)); - break; -+/* - case IMSG_SNMPSOCK: - (void)snmp_sendsock(iev); - break; -+*/ - default: - log_debug("main_dispatch_hce: unexpected imsg %d", - imsg.hdr.type); -@@ -1021,7 +1056,11 @@ - { - switch (type) { - case DIGEST_SHA1: -+#ifdef __FreeBSD__ -+ return (SHA1_Data(data, len, buf)); -+#else - return (SHA1Data(data, len, buf)); -+#endif - break; - case DIGEST_MD5: - return (MD5Data(data, len, buf)); -@@ -1258,9 +1297,17 @@ - bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM, - bnd->bnd_proto)) == -1) - goto fail; -+#ifdef SO_BINDANY - if (setsockopt(s, SOL_SOCKET, SO_BINDANY, - &v, sizeof(v)) == -1) - goto fail; -+#else -+#ifdef IP_BINDANY -+ if (setsockopt(s, IPPROTO_IP, IP_BINDANY, -+ &v, sizeof(v)) == -1) -+ goto fail; -+#endif -+#endif - if (bind(s, (struct sockaddr *)&bnd->bnd_ss, - bnd->bnd_ss.ss_len) == -1) - goto fail; -diff -Naur relayd.orig/relayd.conf.5 relayd/relayd.conf.5 ---- relayd.orig/relayd.conf.5 2010-06-10 08:50:20.371085750 +0200 -+++ relayd/relayd.conf.5 2010-06-10 08:50:24.495576434 +0200 -@@ -78,7 +78,7 @@ - .Ic include - keyword, for example: - .Bd -literal -offset indent --include "/etc/relayd.conf.local" -+include "%%PREFIX%%/etc/relayd.conf.local" - .Ed - .Sh MACROS - Macros can be defined that will later be expanded in context. -@@ -103,17 +103,6 @@ - .Sh GLOBAL CONFIGURATION - Here are the settings that can be set globally: - .Bl -tag -width Ds --.It Ic demote Ar group --Enable the global --.Xr carp 4 --demotion option, resetting the carp demotion counter for the --specified interface group to zero on startup and to 128 on shutdown of --the daemon. --For more information on interface groups, --see the --.Ic group --keyword in --.Xr ifconfig 8 . - .It Ic interval Ar number - Set the interval in seconds at which the hosts will be checked. - The default interval is 10 seconds. -@@ -143,15 +132,6 @@ - .Xr relayd 8 - runs 5 relay processes by default and every process will handle - all configured relays. --.It Ic send trap --Send an SNMP trap when the state of a host changes. --.Xr relayd 8 --will try to connect to --.Xr snmpd 8 --and request it send a trap to the registered trap receivers; --see --.Xr snmpd.conf 5 --for more information about the configuration. - .It Ic timeout Ar number - Set the global timeout in milliseconds for checks. - This can be overridden by the timeout value in the table definitions. -@@ -349,17 +329,6 @@ - .Pp - The following general table options are available: - .Bl -tag -width Ds --.It Ic demote Ar group --Enable the per-table --.Xr carp 4 --demotion option. --This will increment the carp demotion counter for the --specified interface group if all hosts in the table are down. --For more information on interface groups, --see the --.Ic group --keyword in --.Xr ifconfig 8 . - .It Ic interval Ar number - Override the global interval and specify one for this table. - It must be a multiple of the global interval. -@@ -604,9 +573,9 @@ - keyword is present, the relay will accept connections using the - encrypted SSL protocol. - The relay will look up a private key in --.Pa /etc/ssl/private/address.key -+.Pa %%PREFIX%%/etc/ssl/private/address.key - and a public certificate in --.Pa /etc/ssl/address.crt , -+.Pa %%PREFIX%%/etc/ssl/address.crt , - where - .Ar address - is the specified IP address of the relay to listen on. -@@ -955,9 +924,6 @@ - This option enables CA verification in SSL client mode. - The daemon will load the CA (Certificate Authority) certificates from - the specified path to verify the server certificates. --.Ox --provides a default CA bundle in --.Pa /etc/ssl/cert.pem . - .It Ic ciphers Ar string - Set the string defining the SSL cipher suite. - If not specified, the default value -@@ -1036,22 +1002,19 @@ - .El - .El - .Sh FILES --.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact --.It Pa /etc/relayd.conf -+.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact -+.It Pa %%PREFIX%%/etc/relayd.conf - .Xr relayd 8 - configuration file. - .Pp - .It Pa /etc/services - Service name database. - .Pp --.It Pa /etc/ssl/address.crt --.It Pa /etc/ssl/private/address.key -+.It Pa %%PREFIX%%/etc/ssl/address.crt -+.It Pa %%PREFIX%%/etc/ssl/private/address.key - Location of the relay SSL server certificates, where - .Ar address - is the configured IP address of the relay. --.It Pa /etc/ssl/cert.pem --Default location of the CA bundle that can be used with --.Xr relayd 8 . - .El - .Sh EXAMPLES - This configuration file would create a redirection service -@@ -1146,7 +1109,6 @@ - .Sh SEE ALSO - .Xr relayctl 8 , - .Xr relayd 8 , --.Xr snmpd 8 , - .Xr ssl 8 - .Sh HISTORY - The -diff -Naur relayd.orig/relayd.h relayd/relayd.h ---- relayd.orig/relayd.h 2010-06-10 08:50:20.372089782 +0200 -+++ relayd/relayd.h 2010-06-10 08:50:24.496580466 +0200 -@@ -19,10 +19,18 @@ - */ - - #include <sys/tree.h> -+#ifdef __FreeBSD__ -+#include <sys/param.h> -+#include <sys/queue.h> -+#endif - - #include <imsg.h> - -+#ifdef __FreeBSD__ -+#define CONF_FILE "%%PREFIX%%/etc/relayd.conf" -+#else - #define CONF_FILE "/etc/relayd.conf" -+#endif - #define RELAYD_SOCKET "/var/run/relayd.sock" - #define PF_SOCKET "/dev/pf" - #define RELAYD_USER "_relayd" -@@ -57,7 +65,18 @@ - #define PURGE_PROTOS 0x08 - #define PURGE_EVERYTHING 0xff - -+#ifndef __FreeBSD__ - #define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ -+#else -+#define SIMPLEQ_HEAD STAILQ_HEAD -+#define SIMPLEQ_FIRST STAILQ_FIRST -+#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD -+#define SIMPLEQ_ENTRY STAILQ_ENTRY -+#define SIMPLEQ_INIT STAILQ_INIT -+#define SIMPLEQ_EMPTY STAILQ_EMPTY -+#define SIMPLEQ_NEXT STAILQ_NEXT -+#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL -+#endif - - #if DEBUG > 1 - #define DPRINTF log_debug -@@ -607,10 +626,11 @@ - struct event sc_statev; - struct timeval sc_statinterval; - -+#ifndef __FreeBSD__ - int sc_snmp; - struct event sc_snmpto; - struct event sc_snmpev; -- -+#endif - int sc_has_icmp; - int sc_has_icmp6; - struct ctl_icmp_event sc_icmp_send; -@@ -688,7 +708,9 @@ - IMSG_HOST_STATUS, /* notifies from hce to pfe */ - IMSG_SYNC, - IMSG_NATLOOK, -+#ifndef __FreeBSD__ - IMSG_DEMOTE, -+#endif - IMSG_STATISTICS, - IMSG_RECONF, /* reconfiguration notifies */ - IMSG_RECONF_TABLE, -@@ -704,7 +726,9 @@ - IMSG_RECONF_RELAY, - IMSG_RECONF_END, - IMSG_SCRIPT, -+#ifndef __FreeBSD__ - IMSG_SNMPSOCK, -+#endif - IMSG_BINDANY - }; - -@@ -857,10 +881,16 @@ - void pn_unref(u_int16_t); - void pn_ref(u_int16_t); - -+#ifndef __FreeBSD__ - /* snmp.c */ - void snmp_init(struct relayd *, struct imsgev *); - int snmp_sendsock(struct imsgev *); - void snmp_hosttrap(struct table *, struct host *); -+#else -+#if __FreeBSD_version < 800041 -+u_int32_t arc4random_uniform(u_int32_t upper_bound); -+#endif -+#endif - - /* shuffle.c */ - void shuffle_init(struct shuffle *); diff --git a/net/relayd/files/patch-relayctl-parser.c b/net/relayd/files/patch-relayctl-parser.c index 10f86df0f84..7b6b132e317 100644 --- a/net/relayd/files/patch-relayctl-parser.c +++ b/net/relayd/files/patch-relayctl-parser.c @@ -1,56 +1,24 @@ ---- relayctl/parser.c.orig 2010-05-31 07:38:49.928320202 +0000 -+++ relayctl/parser.c 2010-05-31 07:41:05.348576930 +0000 -@@ -68,6 +68,7 @@ - static const struct token t_rdr_id[]; - static const struct token t_table_id[]; - static const struct token t_host_id[]; -+static const struct token t_log[]; - - static const struct token t_main[] = { - {KEYWORD, "monitor", MONITOR, NULL}, -@@ -78,6 +79,7 @@ - {KEYWORD, "redirect", NONE, t_rdr}, - {KEYWORD, "table", NONE, t_table}, - {KEYWORD, "host", NONE, t_host}, -+ {KEYWORD, "log", NONE, t_log}, +--- relayctl/parser.c.orig 2011-05-19 10:56:49.000000000 +0200 ++++ relayctl/parser.c 2011-05-22 10:51:26.683383150 +0200 +@@ -18,7 +18,11 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#else + #include <sys/types.h> ++#endif + #include <sys/socket.h> + #include <sys/queue.h> + +@@ -87,7 +91,9 @@ + {KEYWORD, "hosts", SHOW_HOSTS, NULL}, + {KEYWORD, "redirects", SHOW_RDRS, NULL}, + {KEYWORD, "relays", SHOW_RELAYS, NULL}, ++#ifndef __FreeBSD__ + {KEYWORD, "routers", SHOW_ROUTERS, NULL}, ++#endif + {KEYWORD, "sessions", SHOW_SESSIONS, NULL}, {ENDTOKEN, "", NONE, NULL} }; - -@@ -126,11 +128,17 @@ - {ENDTOKEN, "", NONE, NULL} - }; - -+static const struct token t_log[] = { -+ {KEYWORD, "verbose", LOG_VERBOSE, NULL}, -+ {KEYWORD, "brief", LOG_BRIEF, NULL}, -+ {ENDTOKEN, "", NONE, NULL} -+}; -+ - static struct parse_result res; - - #ifdef __FreeBSD__ --const struct token *match_token(const char *, const struct token []); --void show_valid_args(const struct token []); -+const struct token *match_token(const char *, const struct token *); -+void show_valid_args(const struct token *); - #endif - - struct parse_result * -@@ -166,7 +174,7 @@ - } - - const struct token * --match_token(const char *word, const struct token table[]) -+match_token(const char *word, const struct token *table) - { - u_int i, match; - const struct token *t = NULL; -@@ -243,7 +251,7 @@ - } - - void --show_valid_args(const struct token table[]) -+show_valid_args(const struct token *table) - { - int i; - diff --git a/net/relayd/files/patch-relayctl-parser.h b/net/relayd/files/patch-relayctl-parser.h index 3351bd23bec..44ceeee3aea 100644 --- a/net/relayd/files/patch-relayctl-parser.h +++ b/net/relayd/files/patch-relayctl-parser.h @@ -1,22 +1,12 @@ ---- relayctl/parser.h.orig 2010-05-31 07:38:49.934576348 +0000 -+++ relayctl/parser.h 2010-05-31 07:40:47.494152077 +0000 -@@ -32,7 +32,9 @@ - SHUTDOWN, - POLL, - RELOAD, -- MONITOR -+ MONITOR, -+ LOG_VERBOSE, -+ LOG_BRIEF - }; - - struct parse_result { -@@ -42,6 +44,6 @@ - - struct parse_result *parse(int, char *[]); - #ifndef __FreeBSD__ --const struct token *match_token(const char *, const struct token []); --void show_valid_args(const struct token []); -+const struct token *match_token(const char *, const struct token *); -+void show_valid_args(const struct token *); - #endif +--- relayctl/parser.h.orig 2011-05-22 10:56:33.769045780 +0200 ++++ relayctl/parser.h 2011-05-22 10:56:46.122442873 +0200 +@@ -23,7 +23,9 @@ + SHOW_RDRS, + SHOW_RELAYS, + SHOW_SESSIONS, ++#ifndef __FreeBSD__ + SHOW_ROUTERS, ++#endif + RDR_DISABLE, + RDR_ENABLE, + TABLE_DISABLE, diff --git a/net/relayd/files/patch-relayctl-relayctl.8 b/net/relayd/files/patch-relayctl-relayctl.8 new file mode 100644 index 00000000000..0041d337ac1 --- /dev/null +++ b/net/relayd/files/patch-relayctl-relayctl.8 @@ -0,0 +1,17 @@ +--- relayctl/relayctl.8.orig 2011-05-19 10:56:49.000000000 +0200 ++++ relayctl/relayctl.8 2011-05-22 10:43:42.420854658 +0200 +@@ -78,13 +78,10 @@ + Show detailed status of relays including the current and average + access statistics. + The statistics will be updated every minute. +-.It Cm show routers +-Show detailed status of routers including the configured network +-routes. + .It Cm show sessions + Dump the complete list of running relay sessions. + .It Cm show summary +-Display a list of all relays, redirections, routers, tables, and hosts. ++Display a list of all relays, redirections, tables, and hosts. + .It Cm table disable Op Ar name | id + Disable a table. + Consider all hosts disabled. diff --git a/net/relayd/files/patch-relayctl-relayctl.c b/net/relayd/files/patch-relayctl-relayctl.c index 04cd9b89038..0259881fc47 100644 --- a/net/relayd/files/patch-relayctl-relayctl.c +++ b/net/relayd/files/patch-relayctl-relayctl.c @@ -1,61 +1,83 @@ ---- relayctl/relayctl.c.orig 2010-05-31 09:31:42.351734730 +0200 -+++ relayctl/relayctl.c 2010-05-31 09:31:34.629284461 +0200 -@@ -86,6 +86,7 @@ - }; +--- relayctl/relayctl.c.orig 2011-05-20 11:43:53.000000000 +0200 ++++ relayctl/relayctl.c 2011-05-22 11:19:50.925707539 +0200 +@@ -20,6 +20,9 @@ + */ - struct imsgbuf *ibuf; -+int error = 0; - - __dead void - usage(void) -@@ -104,7 +105,7 @@ - struct imsg imsg; - int ctl_sock; - int done = 0; -- int n; -+ int n, verbose = 0; - - /* parse options */ - if ((res = parse(argc - 1, argv + 1)) == NULL) -@@ -185,6 +186,15 @@ - case MONITOR: - imsg_compose(ibuf, IMSG_CTL_NOTIFY, 0, 0, -1, NULL, 0); - break; -+ case LOG_VERBOSE: -+ verbose = 2; -+ /* FALLTHROUGH */ -+ case LOG_BRIEF: -+ imsg_compose(ibuf, IMSG_CTL_LOG_VERBOSE, 0, 0, -1, -+ &verbose, sizeof(verbose)); -+ printf("logging request sent.\n"); -+ done = 1; -+ break; - } - - while (ibuf->w.queued) -@@ -224,6 +234,8 @@ - done = show_command_output(&imsg); - break; - case NONE: -+ case LOG_VERBOSE: -+ case LOG_BRIEF: + #include <sys/types.h> ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#endif + #include <sys/socket.h> + #include <sys/queue.h> + #include <sys/un.h> +@@ -141,7 +144,9 @@ + case SHOW_HOSTS: + case SHOW_RDRS: + case SHOW_RELAYS: ++#ifndef __FreeBSD__ + case SHOW_ROUTERS: ++#endif + imsg_compose(ibuf, IMSG_CTL_SHOW_SUM, 0, 0, -1, NULL, 0); + printf("%-4s\t%-8s\t%-24s\t%-7s\tStatus\n", + "Id", "Type", "Name", "Avlblty"); +@@ -222,7 +227,9 @@ + case SHOW_HOSTS: + case SHOW_RDRS: + case SHOW_RELAYS: ++#ifndef __FreeBSD__ + case SHOW_ROUTERS: ++#endif + done = show_summary_msg(&imsg, res->action); break; - case MONITOR: - done = monitor(&imsg); -@@ -235,7 +247,7 @@ - close(ctl_sock); - free(ibuf); - -- return (0); -+ return (error ? 1 : 0); - } + case SHOW_SESSIONS: +@@ -312,7 +319,11 @@ + imn = monitor_lookup(imsg->hdr.type); + printf("%s: imsg type %u len %u peerid %u pid %d\n", imn->name, + imsg->hdr.type, imsg->hdr.len, imsg->hdr.peerid, imsg->hdr.pid); ++#ifdef __FreeBSD__ ++ printf("\ttimestamp: %lu, %s", (unsigned long)now, ctime(&now)); ++#else + printf("\ttimestamp: %u, %s", now, ctime(&now)); ++#endif + if (imn->type == -1) + done = 1; + if (imn->func != NULL) +@@ -328,8 +339,10 @@ + struct table *table; + struct host *host; + struct relay *rlay; ++#ifndef __FreeBSD__ + struct router *rt; + struct netroute *nr; ++#endif + struct ctl_stats stats[RELAY_MAXPROC]; + char name[MAXHOSTNAMELEN]; - struct imsgname * -@@ -431,6 +443,7 @@ +@@ -394,6 +407,7 @@ + bcopy(imsg->data, &stats, sizeof(stats)); + print_statistics(stats); break; - case IMSG_CTL_FAIL: - printf("command failed\n"); -+ error++; ++#ifndef __FreeBSD__ + case IMSG_CTL_ROUTER: + if (!(type == SHOW_SUM || type == SHOW_ROUTERS)) + break; +@@ -416,6 +430,7 @@ + printf("\t%8s\troute: %s/%d\n", + "", name, nr->nr_conf.prefixlen); break; ++#endif + case IMSG_CTL_END: + return (1); default: - errx(1, "wrong message in summary: %u", imsg->hdr.type); +@@ -557,7 +572,11 @@ + printf("\t%8s\ttotal: %llu sessions\n" + "\t%8s\tlast: %u/%us %u/h %u/d sessions\n" + "\t%8s\taverage: %u/%us %u/h %u/d sessions\n", ++#ifdef __FreeBSD__ ++ "", (long long unsigned)crs.cnt, ++#else + "", crs.cnt, ++#endif + "", crs.last, crs.interval, + crs.last_hour, crs.last_day, + "", crs.avg, crs.interval, diff --git a/net/relayd/files/patch-relayd-carp.c b/net/relayd/files/patch-relayd-carp.c new file mode 100644 index 00000000000..ef02497845c --- /dev/null +++ b/net/relayd/files/patch-relayd-carp.c @@ -0,0 +1,10 @@ +--- relayd.orig/carp.c 2011-05-22 01:06:39.463154237 +0200 ++++ relayd/carp.c 2011-05-22 01:06:54.671017027 +0200 +@@ -19,6 +19,7 @@ + #include <sys/param.h> + #include <sys/socket.h> + #include <sys/ioctl.h> ++#include <sys/queue.h> + + #include <net/if.h> + diff --git a/net/relayd/files/patch-relayd-check_icmp.c b/net/relayd/files/patch-relayd-check_icmp.c deleted file mode 100644 index 84013c12c89..00000000000 --- a/net/relayd/files/patch-relayd-check_icmp.c +++ /dev/null @@ -1,11 +0,0 @@ ---- relayd/check_icmp.c.orig 2009-08-07 13:32:54.000000000 +0200 -+++ relayd/check_icmp.c 2010-05-27 11:22:12.631744485 +0200 -@@ -150,7 +150,7 @@ - if (((struct sockaddr *)&host->conf.ss)->sa_family != - cie->af) - continue; -- if (!(host->flags & F_CHECK_DONE)) { -+ if (!(host->flags & (F_CHECK_DONE|F_DISABLE))) { - host->up = HOST_DOWN; - hce_notify_done(host, he); - } diff --git a/net/relayd/files/patch-relayd-check_tcp.c b/net/relayd/files/patch-relayd-check_tcp.c index d4697110327..b62d4572298 100644 --- a/net/relayd/files/patch-relayd-check_tcp.c +++ b/net/relayd/files/patch-relayd-check_tcp.c @@ -1,47 +1,59 @@ ---- relayd/check_tcp.c.orig 2011-01-15 00:27:09.011450590 +0100 -+++ relayd/check_tcp.c 2011-01-15 00:42:05.271822942 +0100 -@@ -50,11 +50,10 @@ - check_tcp(struct ctl_tcp_event *cte) - { - int s; -- int type; - socklen_t len; - struct timeval tv; - struct linger lng; -- int he = HCE_TCP_CONNECT_ERROR; -+ int he = HCE_TCP_SOCKET_OPTION; - - switch (cte->host->conf.ss.ss_family) { - case AF_INET: -@@ -69,17 +68,18 @@ - - len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len; - -- if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) -+ if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) { -+ if (errno == EMFILE || errno == ENFILE) -+ he = HCE_TCP_SOCKET_LIMIT; -+ else -+ he = HCE_TCP_SOCKET_ERROR; - goto bad; -+ } - - bzero(&lng, sizeof(lng)); - if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) - goto bad; - -- type = 1; -- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &type, sizeof(type)) == -1) -- goto bad; -- - if (cte->host->conf.ttl > 0) { - if (setsockopt(s, IPPROTO_IP, IP_TTL, - &cte->host->conf.ttl, sizeof(int)) == -1) -@@ -99,6 +99,7 @@ - - cte->buf = NULL; - cte->host->up = HOST_UP; -+ event_del(&cte->ev); - event_set(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_write, cte); - event_add(&cte->ev, &tv); - return; +--- relayd.orig/check_tcp.c 2011-05-22 01:06:39.463154237 +0200 ++++ relayd/check_tcp.c 2011-05-22 01:06:54.673025092 +0200 +@@ -31,7 +31,7 @@ + #include <stdlib.h> + #include <errno.h> + #include <fnmatch.h> +-#include <sha1.h> ++#include <sha.h> + + #include <openssl/ssl.h> + +@@ -287,7 +287,11 @@ + if (b == NULL) + fatal("out of memory"); + *b = '\0'; ++#ifndef __FreeBSD__ + if (fnmatch(cte->table->conf.exbuf, cte->buf->buf, 0) == 0) { ++#else ++ if (fnmatch(cte->table->conf.exbuf, (char *)cte->buf->buf, 0) == 0) { ++#endif + cte->host->he = HCE_SEND_EXPECT_OK; + cte->host->up = HOST_UP; + return (0); +@@ -320,7 +324,11 @@ + fatal("out of memory"); + *b = '\0'; + ++#ifndef __FreeBSD__ + head = cte->buf->buf; ++#else ++ head = (char *)cte->buf->buf; ++#endif + host = cte->host; + host->he = HCE_HTTP_CODE_ERROR; + +@@ -372,7 +380,11 @@ + fatal("out of memory"); + *b = '\0'; + ++#ifndef __FreeBSD__ + head = cte->buf->buf; ++#else ++ head = (char *)cte->buf->buf; ++#endif + host = cte->host; + host->he = HCE_HTTP_DIGEST_ERROR; + +@@ -384,7 +396,11 @@ + } + head += strlen("\r\n\r\n"); + ++#ifndef __FreeBSD__ + digeststr(cte->table->conf.digest_type, head, strlen(head), digest); ++#else ++ digeststr(cte->table->conf.digest_type, (u_int8_t*)head, strlen(head), digest); ++#endif + + if (strcmp(cte->table->conf.digest, digest)) { + log_warnx("%s: %s failed (wrong digest)", diff --git a/net/relayd/files/patch-relayd-config.c b/net/relayd/files/patch-relayd-config.c new file mode 100644 index 00000000000..fb723684012 --- /dev/null +++ b/net/relayd/files/patch-relayd-config.c @@ -0,0 +1,62 @@ +--- relayd.orig/config.c 2011-05-22 01:06:39.463154237 +0200 ++++ relayd/config.c 2011-05-22 01:18:41.041076104 +0200 +@@ -118,6 +118,7 @@ + RB_INIT(&env->sc_proto_default.request_tree); + RB_INIT(&env->sc_proto_default.response_tree); + } ++#ifndef __FreeBSD__ + if (what & CONFIG_RTS) { + if ((env->sc_rts = + calloc(1, sizeof(*env->sc_rts))) == NULL) +@@ -130,7 +131,7 @@ + return (-1); + TAILQ_INIT(env->sc_routes); + } +- ++#endif + return (0); + } + +@@ -143,8 +144,10 @@ + struct address *virt; + struct protocol *proto; + struct relay *rlay; ++#ifndef __FreeBSD__ + struct netroute *nr; + struct router *rt; ++#endif + u_int what; + + what = ps->ps_what[privsep_process] & reset; +@@ -181,6 +184,7 @@ + } + env->sc_protocount = 0; + } ++#ifndef __FreeBSD__ + if (what & CONFIG_RTS && env->sc_rts != NULL) { + while ((rt = TAILQ_FIRST(env->sc_rts)) != NULL) { + TAILQ_REMOVE(env->sc_rts, rt, rt_entry); +@@ -203,6 +207,7 @@ + } + env->sc_routecount = 0; + } ++#endif + } + + int +@@ -476,6 +481,7 @@ + return (0); + } + ++#ifndef __FreeBSD__ + int + config_setrt(struct relayd *env, struct router *rt) + { +@@ -570,6 +576,7 @@ + + return (0); + } ++#endif + + int + config_setproto(struct relayd *env, struct protocol *proto) diff --git a/net/relayd/files/patch-relayd-control.c b/net/relayd/files/patch-relayd-control.c deleted file mode 100644 index 63d50574278..00000000000 --- a/net/relayd/files/patch-relayd-control.c +++ /dev/null @@ -1,49 +0,0 @@ ---- relayd/control.c.orig 2010-05-31 09:31:24.548916055 +0000 -+++ relayd/control.c 2010-05-31 09:31:09.036333394 +0000 -@@ -136,13 +136,13 @@ - if ((connfd = accept(listenfd, - (struct sockaddr *)&sun, &len)) == -1) { - if (errno != EWOULDBLOCK && errno != EINTR) -- log_warn("control_accept"); -+ log_warn("control_accept: accept"); - return; - } - - session_socket_blockmode(connfd, BM_NONBLOCK); - -- if ((c = malloc(sizeof(struct ctl_conn))) == NULL) { -+ if ((c = calloc(1, sizeof(struct ctl_conn))) == NULL) { - close(connfd); - log_warn("control_accept"); - return; -@@ -196,6 +196,7 @@ - struct imsg imsg; - struct ctl_id id; - int n; -+ int verbose; - struct relayd *env = arg; - - if ((c = control_connbyfd(fd)) == NULL) { -@@ -356,6 +357,22 @@ - } - c->flags |= CTL_CONN_NOTIFY; - break; -+ case IMSG_CTL_LOG_VERBOSE: -+ if (imsg.hdr.len != IMSG_HEADER_SIZE + -+ sizeof(verbose)) -+ break; -+ -+ memcpy(&verbose, imsg.data, sizeof(verbose)); -+ -+ imsg_compose_event(iev_hce, IMSG_CTL_LOG_VERBOSE, -+ 0, 0, -1, &verbose, sizeof(verbose)); -+ imsg_compose_event(iev_main, IMSG_CTL_LOG_VERBOSE, -+ 0, 0, -1, &verbose, sizeof(verbose)); -+ memcpy(imsg.data, &verbose, sizeof(verbose)); -+ control_imsg_forward(&imsg); -+ -+ log_verbose(verbose); -+ break; - default: - log_debug("control_dispatch_imsg: " - "error handling imsg %d", imsg.hdr.type); diff --git a/net/relayd/files/patch-relayd-hce.c b/net/relayd/files/patch-relayd-hce.c index 505edc8a2fe..385ea0eaf21 100644 --- a/net/relayd/files/patch-relayd-hce.c +++ b/net/relayd/files/patch-relayd-hce.c @@ -1,76 +1,35 @@ ---- relayd/hce.c.orig 2011-01-15 00:27:09.012456298 +0100 -+++ relayd/hce.c 2011-01-15 00:40:15.058397878 +0100 -@@ -62,6 +62,11 @@ - case SIGTERM: - hce_shutdown(); - break; -+ case SIGCHLD: -+ case SIGHUP: -+ case SIGPIPE: -+ /* ignore */ -+ break; - default: - fatalx("hce_sig_handler: unexpected signal"); - } -@@ -75,8 +80,6 @@ - pid_t pid; - struct passwd *pw; - int i; -- struct event ev_sigint; -- struct event ev_sigterm; - - switch (pid = fork()) { - case -1: -@@ -117,6 +120,9 @@ +--- relayd.orig/hce.c 2011-05-22 01:06:39.461146172 +0200 ++++ relayd/hce.c 2011-05-22 01:08:01.230992828 +0200 +@@ -80,7 +80,9 @@ + /* Allow maximum available sockets for TCP checks */ + socket_rlimit(-1); - event_init(); ++#ifndef __FreeBSD__ + snmp_init(env, PROC_PARENT); ++#endif + } -+ /* Allow maximum available sockets for TCP checks */ -+ socket_rlimit(-1); -+ - if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL || - (iev_main = calloc(1, sizeof(struct imsgev))) == NULL) - fatal("hce"); -@@ -135,12 +141,17 @@ - iev_main->handler, iev_main); - event_add(&iev_main->ev, NULL); + void +@@ -263,8 +265,10 @@ + print_availability(host->check_cnt, host->up_cnt)); + } -- signal_set(&ev_sigint, SIGINT, hce_sig_handler, NULL); -- signal_set(&ev_sigterm, SIGTERM, hce_sig_handler, NULL); -- signal_add(&ev_sigint, NULL); -- signal_add(&ev_sigterm, NULL); -- signal(SIGPIPE, SIG_IGN); -- signal(SIGHUP, SIG_IGN); -+ signal_set(&env->sc_evsigint, SIGINT, hce_sig_handler, env); -+ signal_set(&env->sc_evsigterm, SIGTERM, hce_sig_handler, env); -+ signal_set(&env->sc_evsigchld, SIGCHLD, hce_sig_handler, env); -+ signal_set(&env->sc_evsighup, SIGHUP, hce_sig_handler, env); -+ signal_set(&env->sc_evsigpipe, SIGPIPE, hce_sig_handler, env); -+ -+ signal_add(&env->sc_evsigint, NULL); -+ signal_add(&env->sc_evsigterm, NULL); -+ signal_add(&env->sc_evsigchld, NULL); -+ signal_add(&env->sc_evsighup, NULL); -+ signal_add(&env->sc_evsigpipe, NULL); ++#ifndef __FreeBSD__ + if (host->last_up != host->up) + snmp_hosttrap(env, table, host); ++#endif - /* setup pipes */ - close(pipe_pfe2hce[1]); -@@ -370,6 +381,7 @@ - objid_t id; - struct host *host; - struct table *table; -+ int verbose; + host->last_up = host->up; - iev = ptr; - ibuf = &iev->ibuf; -@@ -437,6 +449,10 @@ - table->skipped = 0; - hce_launch_checks(-1, EV_TIMEOUT, env); - break; -+ case IMSG_CTL_LOG_VERBOSE: -+ memcpy(&verbose, imsg.data, sizeof(verbose)); -+ log_verbose(verbose); -+ break; - default: - log_debug("hce_dispatch_msg: unexpected imsg %d", - imsg.hdr.type); +@@ -350,9 +354,11 @@ + case IMSG_CFG_HOST: + config_gethost(env, imsg); + break; ++#ifndef __FreeBSD__ + case IMSG_SNMPSOCK: + snmp_getsock(env, imsg); + break; ++#endif + case IMSG_CFG_DONE: + config_getcfg(env, imsg); + hce_setup_events(); diff --git a/net/relayd/files/patch-relayd-log.c b/net/relayd/files/patch-relayd-log.c index 4921f977966..518d394c6df 100644 --- a/net/relayd/files/patch-relayd-log.c +++ b/net/relayd/files/patch-relayd-log.c @@ -1,58 +1,14 @@ ---- relayd/log.c.orig 2011-01-15 00:27:09.012456298 +0100 -+++ relayd/log.c 2011-01-15 00:39:01.553947279 +0100 -@@ -45,6 +45,7 @@ - #include "relayd.h" - - int debug; -+int verbose; - - void vlog(int, const char *, va_list); - void logit(int, const char *, ...); -@@ -55,6 +56,7 @@ - extern char *__progname; - - debug = n_debug; -+ verbose = n_debug; - - if (!debug) - openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON); -@@ -63,6 +65,12 @@ - } - - void -+log_verbose(int v) -+{ -+ verbose = v; -+} -+ -+void - logit(int pri, const char *fmt, ...) - { - va_list ap; -@@ -141,7 +149,7 @@ - { - va_list ap; - -- if (debug > 1) { -+ if (verbose > 1) { - va_start(ap, emsg); - vlog(LOG_DEBUG, emsg, ap); - va_end(ap); -@@ -192,9 +200,15 @@ - case HCE_ICMP_WRITE_TIMEOUT: - return ("icmp write timeout"); - break; -- case HCE_TCP_CONNECT_ERROR: -- return ("tcp connect error"); -+ case HCE_TCP_SOCKET_ERROR: -+ return ("tcp socket error"); -+ break; -+ case HCE_TCP_SOCKET_LIMIT: -+ return ("tcp socket limit"); - break; -+ case HCE_TCP_SOCKET_OPTION: -+ return ("tcp socket option"); -+ break; - case HCE_TCP_CONNECT_FAIL: - return ("tcp connect failed"); - break; +--- relayd.orig/log.c 2011-05-22 01:06:39.461146172 +0200 ++++ relayd/log.c 2011-05-22 01:06:54.680052759 +0200 +@@ -16,7 +16,11 @@ + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#else + #include <sys/types.h> ++#endif + #include <sys/queue.h> + #include <sys/socket.h> + #include <sys/tree.h> diff --git a/net/relayd/files/patch-relayd-parse.y b/net/relayd/files/patch-relayd-parse.y index ed465f9549f..aef89333a2e 100644 --- a/net/relayd/files/patch-relayd-parse.y +++ b/net/relayd/files/patch-relayd-parse.y @@ -1,14 +1,249 @@ ---- relayd/parse.y.orig 2010-05-31 09:00:51.007686324 +0200 -+++ relayd/parse.y 2010-05-31 09:00:42.736791085 +0200 -@@ -2003,6 +2006,11 @@ - bzero(&conf->sc_proto_default, sizeof(conf->sc_proto_default)); - conf->sc_proto_default.flags = F_USED; - conf->sc_proto_default.cache = RELAY_CACHESIZE; -+ conf->sc_proto_default.tcpflags = TCPFLAG_DEFAULT; -+ conf->sc_proto_default.tcpbacklog = RELAY_BACKLOG; -+ conf->sc_proto_default.sslflags = SSLFLAG_DEFAULT; -+ (void)strlcpy(conf->sc_proto_default.sslciphers, SSLCIPHERS_DEFAULT, -+ sizeof(conf->sc_proto_default.sslciphers)); - conf->sc_proto_default.type = RELAY_PROTO_TCP; - (void)strlcpy(conf->sc_proto_default.name, "default", - sizeof(conf->sc_proto_default.name)); +--- relayd.orig/parse.y 2011-05-22 01:06:39.462150204 +0200 ++++ relayd/parse.y 2011-05-22 01:06:54.687080706 +0200 +@@ -35,7 +35,7 @@ + #include <netinet/in.h> + #include <arpa/inet.h> + #include <arpa/nameser.h> +-#include <net/route.h> ++// FreeBSD #include <net/route.h> + + #include <ctype.h> + #include <unistd.h> +@@ -93,8 +93,10 @@ + objid_t last_host_id = 0; + objid_t last_relay_id = 0; + objid_t last_proto_id = 0; ++/* FreeBSD exclude + objid_t last_rt_id = 0; + objid_t last_nr_id = 0; ++*/ + + static struct rdr *rdr = NULL; + static struct table *table = NULL; +@@ -103,7 +105,9 @@ + struct relaylist relays; + static struct protocol *proto = NULL; + static struct protonode node; ++/* FreeBSD exclude + static struct router *router = NULL; ++*/ + static u_int16_t label = 0; + static in_port_t tableport = 0; + static int nodedirection; +@@ -148,12 +152,20 @@ + %token CIPHERS CODE COOKIE DEMOTE DIGEST DISABLE ERROR EXPECT + %token EXTERNAL FILENAME FILTER FORWARD FROM HASH HEADER HOST ICMP + %token INCLUDE INET INET6 INTERFACE INTERVAL IP LABEL LISTEN +-%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION +-%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO ++// FreeBSD exclude %token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO DESTINATION ++%token LOADBALANCE LOG LOOKUP MARK MARKED MODE NAT NO ++// FreeBSD exclude %token NODELAY NOTHING ON PARENT PATH PORT PREFORK PRIORITY PROTO ++%token NODELAY NOTHING ON PARENT PATH PORT PREFORK PROTO + %token QUERYSTR REAL REDIRECT RELAY REMOVE REQUEST RESPONSE RETRY + %token RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SOCKET SPLICE ++/* FreeBSD exclude + %token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ROUTER RTLABEL + %token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH ++*/ ++// Start FreeBSD include ++%token SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ++%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL ++// End FreeBSD include + %token <v.string> STRING + %token <v.number> NUMBER + %type <v.string> hostname interface table +@@ -179,7 +191,7 @@ + | grammar tabledef '\n' + | grammar relay '\n' + | grammar proto '\n' +- | grammar router '\n' ++// FreeBSD | grammar router '\n' + | grammar error '\n' { file->errors++; } + ; + +@@ -363,6 +375,7 @@ + } + conf->sc_prefork_relay = $2; + } ++/* FreeBSD exclude + | DEMOTE STRING { + if (loadcfg) + break; +@@ -386,6 +399,7 @@ + break; + conf->sc_flags |= F_TRAP; + } ++*/ + ; + + loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; } +@@ -658,6 +672,7 @@ + bcopy(&$2, &table->conf.timeout, + sizeof(struct timeval)); + } ++/* FreeBSD exclude + | DEMOTE STRING { + table->conf.flags |= F_DEMOTE; + if (strlcpy(table->conf.demote_group, $2, +@@ -675,6 +690,7 @@ + YYERROR; + } + } ++*/ + | INTERVAL NUMBER { + if ($2 < conf->sc_interval.tv_sec || + $2 % conf->sc_interval.tv_sec) { +@@ -1261,6 +1277,8 @@ + rlay->rl_conf.name); + YYERROR; + } ++ if ((rlay->rl_conf.flags & F_NATLOOK) == 0 && ++/* FreeBSD exclude + if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) == + (F_NATLOOK|F_DIVERT)) { + yyerror("relay %s with conflicting nat lookup " +@@ -1268,6 +1286,7 @@ + YYERROR; + } + if ((rlay->rl_conf.flags & (F_NATLOOK|F_DIVERT)) == 0 && ++*/ + rlay->rl_conf.dstss.ss_family == AF_UNSPEC && + rlay->rl_conf.dsttable == EMPTY_ID) { + yyerror("relay %s has no target, rdr, " +@@ -1430,11 +1449,13 @@ + rlay->rl_conf.flags |= F_NATLOOK; + rlay->rl_conf.dstretry = $3; + } ++/* FreeBSD exclude + | DESTINATION retry { + conf->sc_flags |= F_NEEDPF; + rlay->rl_conf.flags |= F_DIVERT; + rlay->rl_conf.dstretry = $2; + } ++*/ + | tablespec { + if (rlay->rl_backuptable) { + yyerror("only one backup table is allowed"); +@@ -1459,6 +1480,7 @@ + | HASH { $$ = RELAY_DSTMODE_HASH; } + ; + ++/* FreeBSD exclude + router : ROUTER STRING { + struct router *rt = NULL; + +@@ -1594,7 +1616,7 @@ + | DISABLE { rlay->rl_conf.flags |= F_DISABLE; } + | include + ; +- ++*/ + dstaf : /* empty */ { + rlay->rl_conf.dstaf.ss_family = AF_UNSPEC; + } +@@ -1670,6 +1692,7 @@ + } + hst->conf.parentid = $2; + } ++/* FreeBSD exclude + | PRIORITY NUMBER { + if (hst->conf.priority) { + yyerror("priority already set"); +@@ -1681,6 +1704,7 @@ + } + hst->conf.priority = $2; + } ++*/ + | IP TTL NUMBER { + if (hst->conf.ttl) { + yyerror("ttl value already set"); +@@ -1794,8 +1818,10 @@ + { "ciphers", CIPHERS }, + { "code", CODE }, + { "cookie", COOKIE }, ++/* FreeBSD exclude + { "demote", DEMOTE }, + { "destination", DESTINATION }, ++*/ + { "digest", DIGEST }, + { "disable", DISABLE }, + { "error", ERROR }, +@@ -1833,7 +1859,7 @@ + { "path", PATH }, + { "port", PORT }, + { "prefork", PREFORK }, +- { "priority", PRIORITY }, ++// FreeBSD { "priority", PRIORITY }, + { "protocol", PROTO }, + { "query", QUERYSTR }, + { "real", REAL }, +@@ -1846,9 +1872,11 @@ + { "return", RETURN }, + { "roundrobin", ROUNDROBIN }, + { "route", ROUTE }, ++/* FreeBSD exclude + { "router", ROUTER }, + { "rtable", RTABLE }, + { "rtlabel", RTLABEL }, ++*/ + { "sack", SACK }, + { "script", SCRIPT }, + { "send", SEND }, +@@ -1864,7 +1892,7 @@ + { "timeout", TIMEOUT }, + { "to", TO }, + { "transparent", TRANSPARENT }, +- { "trap", TRAP }, ++// FreeBSD { "trap", TRAP }, + { "ttl", TTL }, + { "updates", UPDATES }, + { "url", URL }, +@@ -2096,7 +2124,8 @@ + (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ + x != '{' && x != '}' && x != '<' && x != '>' && \ + x != '!' && x != '=' && x != '#' && \ +- x != ',' && x != '/')) ++ x != ',')) ++// FreeBSD exclude x != ',' && x != '/')) + + if (isalnum(c) || c == ':' || c == '_') { + do { +@@ -2240,13 +2269,14 @@ + loadcfg = 1; + errors = 0; + last_host_id = last_table_id = last_rdr_id = last_proto_id = +- last_relay_id = last_rt_id = last_nr_id = 0; ++// FreeBSD last_relay_id = last_rt_id = last_nr_id = 0; ++ last_relay_id = 0; + + rdr = NULL; + table = NULL; + rlay = NULL; + proto = NULL; +- router = NULL; ++// FreeBSD router = NULL; + + if ((file = pushfile(filename, 0)) == NULL) + return (-1); +@@ -2276,8 +2306,8 @@ + } + + if (TAILQ_EMPTY(conf->sc_rdrs) && +- TAILQ_EMPTY(conf->sc_relays) && +- TAILQ_EMPTY(conf->sc_rts)) { ++ TAILQ_EMPTY(conf->sc_relays) /* FreeBSD exclude && ++ TAILQ_EMPTY(conf->sc_rts) */ ) { + log_warnx("no actions, nothing to do"); + errors++; + } +@@ -2493,7 +2523,8 @@ + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ + error = getaddrinfo(s, NULL, &hints, &res0); +- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) ++// if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) ++ if (error == EAI_AGAIN || error == EAI_NONAME) + return (0); + if (error) { + log_warnx("%s: could not parse \"%s\": %s", __func__, s, diff --git a/net/relayd/files/patch-relayd-pfe.c b/net/relayd/files/patch-relayd-pfe.c index a31e1eedbc0..2ccaccf556b 100644 --- a/net/relayd/files/patch-relayd-pfe.c +++ b/net/relayd/files/patch-relayd-pfe.c @@ -1,47 +1,109 @@ ---- relayd/pfe.c.orig 2010-05-31 09:07:56.755288041 +0200 -+++ relayd/pfe.c 2010-05-31 09:07:52.006100566 +0200 -@@ -62,6 +62,11 @@ - case SIGTERM: - pfe_shutdown(); +--- relayd.orig/pfe.c 2011-05-22 01:06:39.464157989 +0200 ++++ relayd/pfe.c 2011-05-22 01:09:30.589288807 +0200 +@@ -17,6 +17,9 @@ + */ + + #include <sys/param.h> ++#ifdef __FreeBSD__ ++#include <sys/queue.h> ++#endif + #include <sys/stat.h> + #include <sys/socket.h> + #include <sys/un.h> +@@ -185,12 +188,14 @@ + case IMSG_CFG_VIRT: + config_getvirt(env, imsg); + break; ++#ifndef __FreeBSD__ + case IMSG_CFG_ROUTER: + config_getrt(env, imsg); + break; + case IMSG_CFG_ROUTE: + config_getroute(env, imsg); break; -+ case SIGCHLD: -+ case SIGHUP: -+ case SIGPIPE: -+ /* ignore */ -+ break; - default: - fatalx("pfe_sig_handler: unexpected signal"); ++#endif + case IMSG_CFG_PROTO: + config_getproto(env, imsg); + break; +@@ -292,8 +297,10 @@ + struct rdr *rdr; + struct host *host; + struct relay *rlay; ++#ifndef __FreeBSD__ + struct router *rt; + struct netroute *nr; ++#endif + + if (env->sc_rdrs == NULL) + goto relays; +@@ -324,7 +331,11 @@ } -@@ -74,8 +79,6 @@ - { - pid_t pid; - struct passwd *pw; -- struct event ev_sigint; -- struct event ev_sigterm; - int i; - size_t size; - -@@ -121,12 +124,17 @@ - - event_init(); - -- signal_set(&ev_sigint, SIGINT, pfe_sig_handler, NULL); -- signal_set(&ev_sigterm, SIGTERM, pfe_sig_handler, NULL); -- signal_add(&ev_sigint, NULL); -- signal_add(&ev_sigterm, NULL); -- signal(SIGPIPE, SIG_IGN); -- signal(SIGHUP, SIG_IGN); -+ signal_set(&env->sc_evsigint, SIGINT, pfe_sig_handler, env); -+ signal_set(&env->sc_evsigterm, SIGTERM, pfe_sig_handler, env); -+ signal_set(&env->sc_evsigchld, SIGCHLD, pfe_sig_handler, env); -+ signal_set(&env->sc_evsighup, SIGHUP, pfe_sig_handler, env); -+ signal_set(&env->sc_evsigpipe, SIGPIPE, pfe_sig_handler, env); -+ -+ signal_add(&env->sc_evsigint, NULL); -+ signal_add(&env->sc_evsigterm, NULL); -+ signal_add(&env->sc_evsigchld, NULL); -+ signal_add(&env->sc_evsighup, NULL); -+ signal_add(&env->sc_evsigpipe, NULL); - - /* setup pipes */ - close(pipe_pfe2hce[0]); + relays: + if (env->sc_relays == NULL) ++#ifndef __FreeBSD__ + goto routers; ++#else ++ goto end; ++#endif + TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) { + rlay->rl_stats[env->sc_prefork_relay].id = EMPTY_ID; + imsg_compose_event(&c->iev, IMSG_CTL_RELAY, 0, 0, -1, +@@ -351,6 +362,7 @@ + 0, 0, -1, host, sizeof(*host)); + } + ++#ifndef __FreeBSD__ + routers: + if (env->sc_rts == NULL) + goto end; +@@ -370,6 +382,7 @@ + imsg_compose_event(&c->iev, IMSG_CTL_HOST, + 0, 0, -1, host, sizeof(*host)); + } ++#endif + + end: + imsg_compose_event(&c->iev, IMSG_CTL_END, 0, 0, -1, NULL, 0); +@@ -622,8 +635,10 @@ + struct table *table; + struct ctl_id id; + struct imsg imsg; ++#ifndef __FreeBSD__ + struct ctl_demote demote; + struct router *rt; ++#endif + + bzero(&id, sizeof(id)); + bzero(&imsg, sizeof(imsg)); +@@ -678,6 +693,7 @@ + } + } + ++#ifndef __FreeBSD__ + TAILQ_FOREACH(rt, env->sc_rts, rt_entry) { + rt->rt_conf.flags &= ~(F_BACKUP); + rt->rt_conf.flags &= ~(F_DOWN); +@@ -685,6 +701,7 @@ + if ((rt->rt_gwtable->conf.flags & F_CHANGED)) + sync_routes(env, rt); + } ++#endif + + TAILQ_FOREACH(table, env->sc_tables, entry) { + if (table->conf.check == CHECK_NOCHECK) +@@ -695,6 +712,7 @@ + */ + table->conf.flags &= ~(F_CHANGED); + ++#ifndef __FreeBSD__ + /* + * handle demotion. + */ +@@ -717,6 +735,7 @@ + sizeof(demote.group)); + proc_compose_imsg(env->sc_ps, PROC_PARENT, -1, IMSG_DEMOTE, -1, + &demote, sizeof(demote)); ++#endif + } + } + diff --git a/net/relayd/files/patch-relayd-pfe_filter.c b/net/relayd/files/patch-relayd-pfe_filter.c new file mode 100644 index 00000000000..26c2483ae2d --- /dev/null +++ b/net/relayd/files/patch-relayd-pfe_filter.c @@ -0,0 +1,284 @@ +--- relayd/pfe_filter.c.orig 2011-05-19 10:56:49.000000000 +0200 ++++ relayd/pfe_filter.c 2011-05-22 10:32:36.639918375 +0200 +@@ -24,7 +24,10 @@ + #include <net/if.h> + #include <net/pfvar.h> + #include <netinet/in.h> ++#ifndef __FreeBSD__ ++/* New pf */ + #include <netinet/tcp.h> ++#endif + #include <arpa/inet.h> + + #include <limits.h> +@@ -43,8 +46,14 @@ + struct pfdata { + int dev; + struct pf_anchor *anchor; ++#ifndef __FreeBSD__ + struct pfioc_trans pft; + struct pfioc_trans_e pfte; ++#else ++ /* Old pf */ ++ struct pfioc_trans pft[PF_RULESET_MAX]; ++ struct pfioc_trans_e pfte[PF_RULESET_MAX]; ++#endif + u_int8_t pfused; + }; + +@@ -103,6 +112,10 @@ + sizeof(tables[i].pfrt_name)) + goto toolong; + tables[i].pfrt_flags |= PFR_TFLAG_PERSIST; ++#ifdef __FreeBSD__ ++ log_debug("init_tables: prepare anchor \"%s\" and table \"%s\"", ++ tables[i].pfrt_anchor, tables[i].pfrt_name); ++#endif + i++; + } + if (i != env->sc_rdrcount) +@@ -286,12 +299,18 @@ + } + + psnk.psnk_af = host->conf.ss.ss_family; ++#ifndef __FreeBSD__ + psnk.psnk_killed = 0; ++#endif + + if (ioctl(env->sc_pf->dev, + DIOCKILLSRCNODES, &psnk) == -1) + fatal("kill_srcnodes: cannot kill src nodes"); ++#ifndef __FreeBSD__ + cnt += psnk.psnk_killed; ++#else ++ cnt += psnk.psnk_af; ++#endif + } + + return (cnt); +@@ -335,6 +354,7 @@ + int + transaction_init(struct relayd *env, const char *anchor) + { ++#ifndef __FreeBSD__ + env->sc_pf->pft.size = 1; + env->sc_pf->pft.esize = sizeof(env->sc_pf->pfte); + env->sc_pf->pft.array = &env->sc_pf->pfte; +@@ -347,17 +367,45 @@ + if (ioctl(env->sc_pf->dev, DIOCXBEGIN, + &env->sc_pf->pft) == -1) + return (-1); ++#else ++ /* Old pf */ ++ int i; ++ ++ for (i = 0; i < PF_RULESET_MAX; i++) { ++ env->sc_pf->pft[i].size = 1; ++ env->sc_pf->pft[i].esize = sizeof(env->sc_pf->pfte[i]); ++ env->sc_pf->pft[i].array = &env->sc_pf->pfte[i]; ++ ++ bzero(&env->sc_pf->pfte[i], sizeof(env->sc_pf->pfte[i])); ++ (void)strlcpy(env->sc_pf->pfte[i].anchor, ++ anchor, PF_ANCHOR_NAME_SIZE); ++ env->sc_pf->pfte[i].rs_num = i; + ++ if (ioctl(env->sc_pf->dev, DIOCXBEGIN, ++ &env->sc_pf->pft[i]) == -1) ++ return (-1); ++ } ++#endif + return (0); + } + + int + transaction_commit(struct relayd *env) + { ++#ifndef __FreeBSD__ + if (ioctl(env->sc_pf->dev, DIOCXCOMMIT, + &env->sc_pf->pft) == -1) + return (-1); +- ++#else ++ /* Old pf */ ++ int i; ++ ++ for (i = 0; i < PF_RULESET_MAX; i++) { ++ if (ioctl(env->sc_pf->dev, DIOCXCOMMIT, ++ &env->sc_pf->pft[i]) == -1) ++ return (-1); ++ } ++#endif + return (0); + } + +@@ -365,10 +413,18 @@ + sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) + { + struct pfioc_rule rio; ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ struct pfioc_pooladdr pio; ++#endif + struct sockaddr_in *sain; + struct sockaddr_in6 *sain6; + struct address *address; + char anchor[PF_ANCHOR_NAME_SIZE]; ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ int rs = 0; ++#endif + struct table *t = rdr->table; + + if ((env->sc_flags & F_NEEDPF) == 0) +@@ -397,8 +453,14 @@ + + TAILQ_FOREACH(address, &rdr->virts, entry) { + memset(&rio, 0, sizeof(rio)); ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ memset(&pio, 0, sizeof(pio)); ++#endif + (void)strlcpy(rio.anchor, anchor, sizeof(rio.anchor)); + ++#ifndef __FreeBSD__ ++ /* New pf */ + if (rdr->conf.flags & F_MATCH) { + rio.rule.action = PF_MATCH; + rio.rule.quick = 0; +@@ -409,28 +471,61 @@ + rio.rule.direction = PF_IN; + rio.rule.keep_state = PF_STATE_NORMAL; + ++#endif + switch (t->conf.fwdmode) { + case FWD_NORMAL: ++#ifndef __FreeBSD__ + /* traditional redirection */ + if (address->ipproto == IPPROTO_TCP) { + rio.rule.flags = TH_SYN; + rio.rule.flagset = (TH_SYN|TH_ACK); + } ++#else ++ /* Old pf */ ++ /* traditional redirection in the rdr-anchor */ ++ rs = PF_RULESET_RDR; ++ rio.rule.action = PF_RDR; ++#endif + break; + case FWD_ROUTE: + /* re-route with pf for DSR (direct server return) */ ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ rs = PF_RULESET_FILTER; ++ rio.rule.action = PF_PASS; ++#endif + rio.rule.rt = PF_ROUTETO; ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ rio.rule.direction = PF_IN; ++ rio.rule.quick = 1; /* force first match */ ++#endif + + /* Use sloppy state handling for half connections */ ++#ifdef __FreeBSD__ ++ /* Old pf */ ++ rio.rule.keep_state = PF_STATE_NORMAL; ++#endif ++#ifdef PFRULE_STATESLOPPY + rio.rule.rule_flag = PFRULE_STATESLOPPY; ++#endif + break; + default: + fatalx("sync_ruleset: invalid forward mode"); + /* NOTREACHED */ + } + ++#ifndef __FreeBSD__ + rio.ticket = env->sc_pf->pfte.ticket; + ++#else ++ /* Old pf */ ++ rio.ticket = env->sc_pf->pfte[rs].ticket; ++ if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1) ++ fatal("sync_ruleset: cannot initialise address pool"); ++ ++ rio.pool_ticket = pio.ticket; ++#endif + rio.rule.af = address->ss.ss_family; + rio.rule.proto = address->ipproto; + rio.rule.src.addr.type = PF_ADDR_ADDRMASK; +@@ -438,7 +533,9 @@ + rio.rule.dst.port_op = address->port.op; + rio.rule.dst.port[0] = address->port.val[0]; + rio.rule.dst.port[1] = address->port.val[1]; ++#ifndef __FreeBSD__ + rio.rule.rtableid = -1; /* stay in the main routing table */ ++#endif + + if (rio.rule.proto == IPPROTO_TCP) + rio.rule.timeout[PFTM_TCP_ESTABLISHED] = +@@ -466,18 +563,36 @@ + memset(&rio.rule.dst.addr.v.a.mask.addr8, 0xff, 16); + } + ++#ifndef __FreeBSD__ + rio.rule.nat.addr.type = PF_ADDR_NONE; + rio.rule.rdr.addr.type = PF_ADDR_TABLE; ++#else ++ /* Old pf */ ++ pio.addr.addr.type = PF_ADDR_TABLE; ++#endif + if (strlen(t->conf.ifname)) ++#ifndef __FreeBSD__ + (void)strlcpy(rio.rule.rdr.ifname, t->conf.ifname, + sizeof(rio.rule.rdr.ifname)); + if (strlcpy(rio.rule.rdr.addr.v.tblname, rdr->conf.name, + sizeof(rio.rule.rdr.addr.v.tblname)) >= + sizeof(rio.rule.rdr.addr.v.tblname)) + fatal("sync_ruleset: table name too long"); ++#else ++ /* Old pf */ ++ (void)strlcpy(pio.addr.ifname, t->conf.ifname, ++ sizeof(pio.addr.ifname)); ++ if (strlcpy(pio.addr.addr.v.tblname, rdr->conf.name, ++ sizeof(pio.addr.addr.v.tblname)) >= ++ sizeof(pio.addr.addr.v.tblname)) ++ fatal("sync_ruleset: table name too long"); ++ if (ioctl(env->sc_pf->dev, DIOCADDADDR, &pio) == -1) ++ fatal("sync_ruleset: cannot add address to pool"); ++#endif + + if (address->port.op == PF_OP_EQ || + rdr->table->conf.flags & F_PORT) { ++#ifndef __FreeBSD__ + rio.rule.rdr.proxy_port[0] = + ntohs(rdr->table->conf.port); + rio.rule.rdr.port_op = PF_OP_EQ; +@@ -491,10 +606,27 @@ + sizeof(rio.rule.route)); + rio.rule.rdr.addr.type = PF_ADDR_NONE; + } ++#else ++ /* Old pf */ ++ rio.rule.rpool.proxy_port[0] = ++ ntohs(rdr->table->conf.port); ++ rio.rule.rpool.port_op = PF_OP_EQ; ++ } ++ rio.rule.rpool.opts = PF_POOL_ROUNDROBIN; ++ if (rdr->conf.flags & F_STICKY) ++ rio.rule.rpool.opts |= PF_POOL_STICKYADDR; ++#endif + + if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1) + fatal("cannot add rule"); ++#ifndef __FreeBSD__ + log_debug("%s: rule added to anchor \"%s\"", __func__, anchor); ++#else ++ /* Old pf */ ++ log_debug("%s: rule added to %sanchor \"%s\"", __func__, ++ rdr->table->conf.fwdmode == FWD_ROUTE ? ++ "" : "rdr-", anchor); ++#endif + } + if (transaction_commit(env) == -1) + log_warn("%s: add rules transaction failed", __func__); diff --git a/net/relayd/files/patch-relayd-relay.c b/net/relayd/files/patch-relayd-relay.c index ac59ef48232..a395c33a659 100644 --- a/net/relayd/files/patch-relayd-relay.c +++ b/net/relayd/files/patch-relayd-relay.c @@ -1,214 +1,249 @@ ---- relayd/relay.c.orig 2011-01-15 01:22:35.236684399 +0100 -+++ relayd/relay.c 2011-01-15 01:24:07.864955572 +0100 -@@ -28,7 +28,6 @@ - #include <sys/un.h> - #include <sys/tree.h> - #include <sys/hash.h> --#include <sys/resource.h> - - #include <net/if.h> - #include <netinet/in_systm.h> -@@ -64,7 +63,7 @@ - void relay_init(void); - void relay_launch(void); - int relay_socket(struct sockaddr_storage *, in_port_t, -- struct protocol *, int); -+ struct protocol *, int, int); - int relay_socket_listen(struct sockaddr_storage *, in_port_t, - struct protocol *); - int relay_socket_connect(struct sockaddr_storage *, in_port_t, -@@ -105,6 +104,7 @@ - char *, size_t); - void relay_close_http(struct rsession *, u_int, const char *, - u_int16_t); -+void relay_http_request_close(struct ctl_relay_event *); - - SSL_CTX *relay_ssl_ctx_create(struct relay *); - void relay_ssl_transaction(struct rsession *, -@@ -148,6 +148,14 @@ - case SIGTERM: - case SIGINT: - (void)event_loopexit(NULL); -+ break; -+ case SIGCHLD: -+ case SIGHUP: -+ case SIGPIPE: -+ /* ignore */ -+ break; -+ default: -+ fatalx("relay_sig_handler: unexpected signal"); - } +--- relayd/relay.c.orig 2011-05-20 11:43:53.000000000 +0200 ++++ relayd/relay.c 2011-05-22 10:41:40.085208004 +0200 +@@ -16,7 +16,11 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#else + #include <sys/types.h> ++#endif + #include <sys/queue.h> + #include <sys/time.h> + #include <sys/stat.h> +@@ -77,7 +81,9 @@ + + void relay_write(struct bufferevent *, void *); + void relay_read(struct bufferevent *, void *); ++#ifndef __FreeBSD__ + int relay_splicelen(struct ctl_relay_event *); ++#endif + void relay_error(struct bufferevent *, short, void *); + void relay_dump(struct ctl_relay_event *, const void *, size_t); + +@@ -494,6 +500,7 @@ + return (0); } -@@ -158,8 +166,6 @@ ++#ifndef __FreeBSD__ + in_port_t + relay_socket_getport(struct sockaddr_storage *ss) { - pid_t pid; - struct passwd *pw; -- struct event ev_sigint; -- struct event ev_sigterm; - int i; - - switch (pid = fork()) { -@@ -213,12 +219,17 @@ - /* Per-child initialization */ - relay_init(); - -- signal_set(&ev_sigint, SIGINT, relay_sig_handler, NULL); -- signal_set(&ev_sigterm, SIGTERM, relay_sig_handler, NULL); -- signal_add(&ev_sigint, NULL); -- signal_add(&ev_sigterm, NULL); -- signal(SIGHUP, SIG_IGN); -- signal(SIGPIPE, SIG_IGN); -+ signal_set(&env->sc_evsigint, SIGINT, relay_sig_handler, env); -+ signal_set(&env->sc_evsigterm, SIGTERM, relay_sig_handler, env); -+ signal_set(&env->sc_evsigchld, SIGCHLD, relay_sig_handler, env); -+ signal_set(&env->sc_evsighup, SIGHUP, relay_sig_handler, env); -+ signal_set(&env->sc_evsigpipe, SIGPIPE, relay_sig_handler, env); -+ -+ signal_add(&env->sc_evsigint, NULL); -+ signal_add(&env->sc_evsigterm, NULL); -+ signal_add(&env->sc_evsigchld, NULL); -+ signal_add(&env->sc_evsighup, NULL); -+ signal_add(&env->sc_evsigpipe, NULL); - - /* setup pipes */ - close(pipe_pfe2hce[0]); -@@ -452,19 +463,9 @@ - struct relay *rlay; - struct host *host; - struct timeval tv; -- struct rlimit rl; - -- if (getrlimit(RLIMIT_NOFILE, &rl) == -1) -- fatal("relay_init: failed to get resource limit"); -- log_debug("relay_init: max open files %d", rl.rlim_max); -- -- /* -- * Allow the maximum number of open file descriptors for this -- * login class (which should be the class "daemon" by default). -- */ -- rl.rlim_cur = rl.rlim_max; -- if (setrlimit(RLIMIT_NOFILE, &rl) == -1) -- fatal("relay_init: failed to set resource limit"); -+ /* Unlimited file descriptors (use system limits) */ -+ socket_rlimit(-1); - - TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) { - if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) && -@@ -625,7 +626,7 @@ +@@ -509,6 +516,7 @@ + /* NOTREACHED */ + return (0); + } ++#endif int relay_socket(struct sockaddr_storage *ss, in_port_t port, -- struct protocol *proto, int fd) -+ struct protocol *proto, int fd, int reuseport) - { - int s = -1, val; - struct linger lng; -@@ -643,9 +644,12 @@ - bzero(&lng, sizeof(lng)); - if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) - goto bad; -- val = 1; -- if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1) -- goto bad; -+ if (reuseport) { -+ val = 1; -+ if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, -+ sizeof(int)) == -1) -+ goto bad; -+ } - if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) - goto bad; - if (proto->tcpflags & TCPFLAG_BUFSIZ) { -@@ -713,7 +717,7 @@ - { - int s; +@@ -577,6 +585,7 @@ + &val, sizeof(val)) == -1) + goto bad; + } ++#ifndef __FreeBSD__ + if (proto->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { + if (proto->tcpflags & TCPFLAG_NSACK) + val = 0; +@@ -586,6 +595,7 @@ + &val, sizeof(val)) == -1) + goto bad; + } ++#endif -- if ((s = relay_socket(ss, port, proto, fd)) == -1) -+ if ((s = relay_socket(ss, port, proto, fd, 0)) == -1) - return (-1); + return (s); - if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) { -@@ -734,7 +738,7 @@ - { - int s; +@@ -675,6 +685,7 @@ + } + break; + case RELAY_PROTO_TCP: ++#ifndef __FreeBSD__ + if ((proto->tcpflags & TCPFLAG_NSPLICE) || + (rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT))) + break; +@@ -692,6 +703,7 @@ + return; + } + con->se_out.splicelen = 0; ++#endif + break; + default: + fatalx("relay_input: unknown protocol"); +@@ -935,12 +947,20 @@ + } + if (strstr(val, "$TIMEOUT") != NULL) { + snprintf(ibuf, sizeof(ibuf), "%lu", ++#ifdef __FreeBSD__ ++ (unsigned long)rlay->rl_conf.timeout.tv_sec); ++#else + rlay->rl_conf.timeout.tv_sec); ++#endif + if (expand_string(buf, len, "$TIMEOUT", ibuf) != 0) + return (NULL); + } -- if ((s = relay_socket(ss, port, proto, -1)) == -1) -+ if ((s = relay_socket(ss, port, proto, -1, 1)) == -1) - return (-1); ++#ifndef __FreeBSD__ + return (buf); ++#else ++ return (char *)(buf); ++#endif + } + + int +@@ -1552,7 +1572,11 @@ + switch (type) { + case DIGEST_SHA1: + case DIGEST_MD5: ++#ifdef __FreeBSD__ ++ if ((md = digeststr(type, (u_int8_t*)val, strlen(val), NULL)) == NULL) { ++#else + if ((md = digeststr(type, val, strlen(val), NULL)) == NULL) { ++#endif + relay_close_http(con, 500, + "failed to allocate digest", 0); + goto fail; +@@ -1841,6 +1865,7 @@ + } + } - if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1) -@@ -1312,6 +1316,29 @@ ++#ifndef __FreeBSD__ + int + relay_splicelen(struct ctl_relay_event *cre) + { +@@ -1859,6 +1884,7 @@ + } + return (0); } ++#endif void -+relay_http_request_close(struct ctl_relay_event *cre) -+{ -+ if (cre->path != NULL) { -+ free(cre->path); -+ cre->path = NULL; -+ } -+ -+ cre->args = NULL; -+ cre->version = NULL; -+ -+ if (cre->buf != NULL) { -+ free(cre->buf); -+ cre->buf = NULL; -+ cre->buflen = 0; + relay_error(struct bufferevent *bev, short error, void *arg) +@@ -1866,9 +1892,12 @@ + struct ctl_relay_event *cre = (struct ctl_relay_event *)arg; + struct rsession *con = cre->con; + struct evbuffer *dst; ++#ifndef __FreeBSD__ + struct timeval tv, tv_now; ++#endif + + if (error & EVBUFFER_TIMEOUT) { ++#ifndef __FreeBSD__ + if (gettimeofday(&tv_now, NULL) == -1) { + relay_close(con, strerror(errno)); + return; +@@ -1882,6 +1911,9 @@ + relay_close(con, "buffer event timeout"); + else + bufferevent_enable(cre->bev, EV_READ); ++#else ++ relay_close(con, "buffer event timeout"); ++#endif + return; + } + if (error & (EVBUFFER_READ|EVBUFFER_WRITE|EVBUFFER_EOF)) { +@@ -1934,8 +1966,10 @@ + con->se_out.dst = &con->se_in; + con->se_in.con = con; + con->se_out.con = con; ++#ifndef __FreeBSD__ + con->se_in.splicelen = -1; + con->se_out.splicelen = -1; ++#endif + con->se_relay = rlay; + con->se_id = ++relay_conid; + con->se_relayid = rlay->rl_conf.id; +@@ -1981,6 +2015,7 @@ + return; + } + ++#ifndef __FreeBSD__ + if (rlay->rl_conf.flags & F_DIVERT) { + slen = sizeof(con->se_out.ss); + if (getsockname(s, (struct sockaddr *)&con->se_out.ss, +@@ -1996,12 +2031,19 @@ + con->se_out.port == rlay->rl_conf.port) + con->se_out.ss.ss_family = AF_UNSPEC; + } else if (rlay->rl_conf.flags & F_NATLOOK) { ++#else ++ if (rlay->rl_conf.flags & F_NATLOOK) { ++#endif + if ((cnl = (struct ctl_natlook *) + calloc(1, sizeof(struct ctl_natlook))) == NULL) { + relay_close(con, "failed to allocate nat lookup"); + return; + } ++#ifdef __FreeBSD__ + } -+ -+ cre->line = 0; -+ cre->method = 0; -+ cre->done = 0; -+ cre->chunked = 0; -+} -+ -+void - relay_read_http(struct bufferevent *bev, void *arg) + ++ if (rlay->rl_conf.flags & F_NATLOOK && cnl != NULL) { ++#endif + con->se_cnl = cnl; + bzero(cnl, sizeof(*cnl)); + cnl->in = -1; +@@ -2605,8 +2647,12 @@ + goto err; + + /* Set session context to the local relay name */ +- if (!SSL_CTX_set_session_id_context(ctx, rlay->rl_conf.name, +- strlen(rlay->rl_conf.name))) ++ if (!SSL_CTX_set_session_id_context(ctx, ++#ifdef __FreeBSD__ ++ (unsigned char*)rlay->rl_conf.name, strlen(rlay->rl_conf.name))) ++#else ++ rlay->rl_conf.name, strlen(rlay->rl_conf.name))) ++#endif + goto err; + + return (ctx); +@@ -2623,7 +2669,7 @@ { - struct ctl_relay_event *cre = (struct ctl_relay_event *)arg; -@@ -1580,10 +1607,7 @@ - if (relay_bufferevent_print(cre->dst, "\r\n") == -1) - goto fail; + struct relay *rlay = (struct relay *)con->se_relay; + SSL *ssl; +- const SSL_METHOD *method; ++ SSL_METHOD *method; + void (*cb)(int, short, void *); + u_int flags = EV_TIMEOUT; + +@@ -3069,7 +3115,11 @@ + if (fstat(fd, &st) != 0) + goto fail; + size = st.st_size; ++#ifndef __FreeBSD__ + if ((buf = (char *)calloc(1, size + 1)) == NULL) ++#else ++ if ((buf = (u_int8_t *)calloc(1, size + 1)) == NULL) ++#endif + goto fail; + if (read(fd, buf, size) != size) + goto fail; +@@ -3077,7 +3127,11 @@ + close(fd); + + *len = size; ++#ifndef __FreeBSD__ + return (buf); ++#else ++ return (char *)(buf); ++#endif + + fail: + if (buf != NULL) +@@ -3107,7 +3161,7 @@ + return (-1); -- cre->line = 0; -- cre->method = 0; -- cre->done = 0; -- cre->chunked = 0; -+ relay_http_request_close(cre); - - done: - if (cre->dir == RELAY_DIR_REQUEST && !cre->toread && -@@ -2380,6 +2404,12 @@ - bufferevent_free(con->se_out.bev); - else if (con->se_out.output != NULL) - evbuffer_free(con->se_out.output); -+ if (con->se_out.ssl != NULL) { -+ /* XXX handle non-blocking shutdown */ -+ if (SSL_shutdown(con->se_out.ssl) == 0) -+ SSL_shutdown(con->se_out.ssl); -+ SSL_free(con->se_out.ssl); -+ } - if (con->se_out.s != -1) - close(con->se_out.s); - if (con->se_out.path != NULL) -@@ -2419,6 +2449,7 @@ - struct table *table; - struct ctl_status st; - objid_t id; -+ int verbose; - - iev = ptr; - ibuf = &iev->ibuf; -@@ -2522,6 +2553,10 @@ - imsg_compose_event(iev, IMSG_CTL_END, - 0, 0, -1, NULL, 0); - break; -+ case IMSG_CTL_LOG_VERBOSE: -+ memcpy(&verbose, imsg.data, sizeof(verbose)); -+ log_verbose(verbose); -+ break; - default: - log_debug("relay_dispatch_msg: unexpected imsg %d", - imsg.hdr.type); + if (snprintf(certfile, sizeof(certfile), +- "/etc/ssl/%s.crt", hbuf) == -1) ++ "%%PREFIX%%/etc/ssl/%s.crt", hbuf) == -1) + return (-1); + if ((rlay->rl_ssl_cert = relay_load_file(certfile, + &rlay->rl_conf.ssl_cert_len)) == NULL) +@@ -3115,7 +3169,7 @@ + log_debug("%s: using certificate %s", __func__, certfile); + + if (snprintf(certfile, sizeof(certfile), +- "/etc/ssl/private/%s.key", hbuf) == -1) ++ "%%PREFIX%%/etc/ssl/private/%s.key", hbuf) == -1) + return -1; + if ((rlay->rl_ssl_key = relay_load_file(certfile, + &rlay->rl_conf.ssl_key_len)) == NULL) diff --git a/net/relayd/files/patch-relayd-relay_udp.c b/net/relayd/files/patch-relayd-relay_udp.c new file mode 100644 index 00000000000..6ac13dc49f4 --- /dev/null +++ b/net/relayd/files/patch-relayd-relay_udp.c @@ -0,0 +1,14 @@ +--- relayd.orig/relay_udp.c 2011-05-22 01:06:39.460142978 +0200 ++++ relayd/relay_udp.c 2011-05-22 01:06:54.703144104 +0200 +@@ -16,7 +16,11 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#else + #include <sys/types.h> ++#endif + #include <sys/queue.h> + #include <sys/time.h> + #include <sys/stat.h> diff --git a/net/relayd/files/patch-relayd-relayd.8 b/net/relayd/files/patch-relayd-relayd.8 new file mode 100644 index 00000000000..9034641d829 --- /dev/null +++ b/net/relayd/files/patch-relayd-relayd.8 @@ -0,0 +1,20 @@ +--- relayd.orig/relayd.8 2011-05-22 01:06:39.464157989 +0200 ++++ relayd/relayd.8 2011-05-22 01:06:54.705151889 +0200 +@@ -114,7 +114,7 @@ + .It Fl f Ar file + Specify an alternative configuration file. + The default is +-.Pa /etc/relayd.conf . ++.Pa %%PREFIX%%/etc/relayd.conf . + .It Fl n + Configtest mode. + Only check the configuration file for validity. +@@ -123,7 +123,7 @@ + .El + .Sh FILES + .Bl -tag -width "/var/run/relayd.sockXX" -compact +-.It /etc/relayd.conf ++.It %%PREFIX%%/etc/relayd.conf + Default configuration file. + .It /var/run/relayd.sock + .Ux Ns -domain diff --git a/net/relayd/files/patch-relayd-relayd.c b/net/relayd/files/patch-relayd-relayd.c index 661c23251cc..5a3e55dce18 100644 --- a/net/relayd/files/patch-relayd-relayd.c +++ b/net/relayd/files/patch-relayd-relayd.c @@ -1,127 +1,181 @@ ---- relayd/relayd.c.orig 2011-01-15 00:27:09.020486320 +0100 -+++ relayd/relayd.c 2011-01-15 00:32:43.024188430 +0100 -@@ -26,6 +26,7 @@ +--- relayd/relayd.c.orig 2011-05-19 10:56:49.000000000 +0200 ++++ relayd/relayd.c 2011-05-22 10:34:12.913164741 +0200 +@@ -17,7 +17,12 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#include <openssl/rand.h> ++#else + #include <sys/types.h> ++#endif #include <sys/queue.h> #include <sys/socket.h> #include <sys/wait.h> -+#include <sys/resource.h> +@@ -39,7 +44,11 @@ + #include <unistd.h> + #include <ctype.h> + #include <pwd.h> ++#ifdef __FreeBSD__ ++#include <sha.h> ++#else + #include <sha1.h> ++#endif + #include <md5.h> - #include <net/if.h> - #include <netinet/in.h> -@@ -113,6 +114,9 @@ - case SIGHUP: - reconfigure(); - break; -+ case SIGPIPE: -+ /* ignore */ -+ break; - default: - fatalx("unexpected signal"); - } -@@ -142,10 +146,6 @@ - #endif + #include <openssl/ssl.h> +@@ -150,6 +159,11 @@ struct relayd *env; - const char *conffile; -- struct event ev_sigint; -- struct event ev_sigterm; -- struct event ev_sigchld; -- struct event ev_sighup; - struct imsgev *iev; + struct privsep *ps; + const char *conffile = CONF_FILE; ++#ifdef __FreeBSD__ ++#if __FreeBSD_version > 800040 ++ u_int32_t rnd[256]; ++#endif ++#endif - opts = 0; -@@ -261,15 +261,17 @@ + while ((c = getopt(argc, argv, "dD:nf:v")) != -1) { + switch (c) { +@@ -220,6 +234,16 @@ + else + log_info("startup"); - event_init(); - -- signal_set(&ev_sigint, SIGINT, main_sig_handler, env); -- signal_set(&ev_sigterm, SIGTERM, main_sig_handler, env); -- signal_set(&ev_sigchld, SIGCHLD, main_sig_handler, env); -- signal_set(&ev_sighup, SIGHUP, main_sig_handler, env); -- signal_add(&ev_sigint, NULL); -- signal_add(&ev_sigterm, NULL); -- signal_add(&ev_sigchld, NULL); -- signal_add(&ev_sighup, NULL); -- signal(SIGPIPE, SIG_IGN); -+ signal_set(&env->sc_evsigint, SIGINT, main_sig_handler, env); -+ signal_set(&env->sc_evsigterm, SIGTERM, main_sig_handler, env); -+ signal_set(&env->sc_evsigchld, SIGCHLD, main_sig_handler, env); -+ signal_set(&env->sc_evsighup, SIGHUP, main_sig_handler, env); -+ signal_set(&env->sc_evsigpipe, SIGPIPE, main_sig_handler, env); ++#ifdef __FreeBSD__ ++#if __FreeBSD_version > 800040 ++ arc4random_stir(); ++ arc4random_buf(rnd, sizeof(rnd)); ++ RAND_seed(rnd, sizeof(rnd)); ++#else ++ RAND_load_file("/dev/random",2048); ++#endif ++#endif + -+ signal_add(&env->sc_evsigint, NULL); -+ signal_add(&env->sc_evsigterm, NULL); -+ signal_add(&env->sc_evsigchld, NULL); -+ signal_add(&env->sc_evsighup, NULL); -+ signal_add(&env->sc_evsigpipe, NULL); + ps->ps_instances[PROC_RELAY] = env->sc_prefork_relay; + proc_init(ps, procs, nitems(procs)); + +@@ -258,7 +282,9 @@ + if (parent_configure(env) == -1) + fatalx("configuration failed"); + ++#ifndef __FreeBSD__ + init_routes(env); ++#endif - close(pipe_parent2pfe[1]); - close(pipe_parent2hce[1]); -@@ -322,6 +324,8 @@ - #endif event_dispatch(); -+ main_shutdown(env); -+ /* NOTREACHED */ - return (0); - } +@@ -273,7 +299,9 @@ + { + struct table *tb; + struct rdr *rdr; ++#ifndef __FreeBSD__ + struct router *rt; ++#endif + struct protocol *proto; + struct relay *rlay; + int id; +@@ -284,8 +312,10 @@ + config_settable(env, tb); + TAILQ_FOREACH(rdr, env->sc_rdrs, entry) + config_setrdr(env, rdr); ++#ifndef __FreeBSD__ + TAILQ_FOREACH(rt, env->sc_rts, rt_entry) + config_setrt(env, rt); ++#endif + TAILQ_FOREACH(proto, env->sc_protos, entry) + config_setproto(env, proto); + TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) +@@ -359,9 +389,11 @@ -@@ -642,6 +646,7 @@ - #ifndef __FreeBSD__ - struct ctl_demote demote; - #endif -+ int verbose; + proc_kill(env->sc_ps); + control_cleanup(&env->sc_ps->ps_csock); ++#ifndef __FreeBSD__ + carp_demote_shutdown(); + if (env->sc_flags & F_DEMOTE) + carp_demote_reset(env->sc_demote_group, 128); ++#endif - iev = ptr; - ibuf = &iev->ibuf; -@@ -685,6 +690,10 @@ - */ - reconfigure(); - break; -+ case IMSG_CTL_LOG_VERBOSE: -+ memcpy(&verbose, imsg.data, sizeof(verbose)); -+ log_verbose(verbose); -+ break; - default: - log_debug("main_dispatch_pfe: unexpected imsg %d", - imsg.hdr.type); -@@ -988,6 +997,7 @@ - if (timercmp(&tv_next, &tv, >)) - bcopy(&tv_next, &tv, sizeof(tv)); + free(env->sc_ps); + free(env); +@@ -375,12 +407,15 @@ + parent_dispatch_pfe(int fd, struct privsep_proc *p, struct imsg *imsg) + { + struct relayd *env = p->p_env; ++#ifndef __FreeBSD__ + struct ctl_demote demote; + struct ctl_netroute crt; ++#endif + u_int v; + char *str = NULL; -+ event_del(ev); - event_set(ev, fd, event, fn, arg); - event_add(ev, &tv); + switch (imsg->hdr.type) { ++#ifndef __FreeBSD__ + case IMSG_DEMOTE: + IMSG_SIZE_CHECK(imsg, &demote); + memcpy(&demote, imsg->data, sizeof(demote)); +@@ -391,6 +426,7 @@ + memcpy(&crt, imsg->data, sizeof(crt)); + pfe_route(env, &crt); + break; ++#endif + case IMSG_CTL_RESET: + IMSG_SIZE_CHECK(imsg, &v); + memcpy(&v, imsg->data, sizeof(v)); +@@ -432,9 +468,11 @@ + proc_compose_imsg(ps, PROC_HCE, -1, IMSG_SCRIPT, + -1, &scr, sizeof(scr)); + break; ++#ifndef __FreeBSD__ + case IMSG_SNMPSOCK: + (void)snmp_setsock(env, p->p_id); + break; ++#endif + case IMSG_CFG_DONE: + if (env->sc_reload) + env->sc_reload--; +@@ -645,6 +683,7 @@ + return (NULL); } -@@ -1145,6 +1155,7 @@ - } - pn->key = strdup(pk->key); - if (pn->key == NULL) { -+ free(pn); - log_warn("out of memory"); - return (NULL); - } -@@ -1370,3 +1381,24 @@ - return (0); ++#ifndef __FreeBSD__ + struct netroute * + route_find(struct relayd *env, objid_t id) + { +@@ -666,6 +705,7 @@ + return (rt); + return (NULL); } -+ -+void -+socket_rlimit(int maxfd) -+{ -+ struct rlimit rl; -+ -+ if (getrlimit(RLIMIT_NOFILE, &rl) == -1) -+ fatal("socket_rlimit: failed to get resource limit"); -+ log_debug("socket_rlimit: max open files %d", rl.rlim_max); -+ -+ /* -+ * Allow the maximum number of open file descriptors for this -+ * login class (which should be the class "daemon" by default). -+ */ -+ if (maxfd == -1) -+ rl.rlim_cur = rl.rlim_max; -+ else -+ rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd); -+ if (setrlimit(RLIMIT_NOFILE, &rl) == -1) -+ fatal("socket_rlimit: failed to set resource limit"); -+} ++#endif + + struct host * + host_findbyname(struct relayd *env, const char *name) +@@ -840,7 +880,11 @@ + { + switch (type) { + case DIGEST_SHA1: ++#ifdef __FreeBSD__ ++ return (SHA1_Data(data, len, buf)); ++#else + return (SHA1Data(data, len, buf)); ++#endif + break; + case DIGEST_MD5: + return (MD5Data(data, len, buf)); +@@ -1077,9 +1121,17 @@ + bnd->bnd_proto == IPPROTO_TCP ? SOCK_STREAM : SOCK_DGRAM, + bnd->bnd_proto)) == -1) + goto fail; ++#ifdef SO_BINDANY + if (setsockopt(s, SOL_SOCKET, SO_BINDANY, + &v, sizeof(v)) == -1) + goto fail; ++#else ++#ifdef IP_BINDANY ++ if (setsockopt(s, IPPROTO_IP, IP_BINDANY, ++ &v, sizeof(v)) == -1) ++ goto fail; ++#endif ++#endif + if (bind(s, (struct sockaddr *)&bnd->bnd_ss, + bnd->bnd_ss.ss_len) == -1) + goto fail; diff --git a/net/relayd/files/patch-relayd-relayd.conf.5 b/net/relayd/files/patch-relayd-relayd.conf.5 new file mode 100644 index 00000000000..f9382742f2e --- /dev/null +++ b/net/relayd/files/patch-relayd-relayd.conf.5 @@ -0,0 +1,244 @@ +--- relayd/relayd.conf.5.orig 2011-05-05 12:20:24.000000000 +0200 ++++ relayd/relayd.conf.5 2011-05-22 12:52:42.026190316 +0200 +@@ -43,7 +43,7 @@ + in a similar fashion to + .Xr pf 4 + tables. +-They are used for relay, redirection, and router target selection with ++They are used for relay and redirection target selection with + the described options and health checking on the host they contain. + .It Sy Redirections + Redirections are translated to +@@ -55,9 +55,6 @@ + general purpose TCP proxying on layer 7. + .It Sy Protocols + Protocols are predefined protocol handlers and settings for relays. +-.It Sy Routers +-Routers are used to insert routes with health-checked gateways for +-(WAN) link balancing. + .El + .Pp + Within the sections, +@@ -86,7 +83,7 @@ + .Ic include + keyword, for example: + .Bd -literal -offset indent +-include "/etc/relayd.conf.local" ++include "%%PREFIX%%/etc/relayd.conf.local" + .Ed + .Sh MACROS + Macros can be defined that will later be expanded in context. +@@ -111,17 +108,6 @@ + .Sh GLOBAL CONFIGURATION + Here are the settings that can be set globally: + .Bl -tag -width Ds +-.It Ic demote Ar group +-Enable the global +-.Xr carp 4 +-demotion option, resetting the carp demotion counter for the +-specified interface group to zero on startup and to 128 on shutdown of +-the daemon. +-For more information on interface groups, +-see the +-.Ic group +-keyword in +-.Xr ifconfig 8 . + .It Ic interval Ar number + Set the interval in seconds at which the hosts will be checked. + The default interval is 10 seconds. +@@ -151,15 +137,6 @@ + .Xr relayd 8 + runs 5 relay processes by default and every process will handle + all configured relays. +-.It Ic send trap +-Send an SNMP trap when the state of a host changes. +-.Xr relayd 8 +-will try to connect to +-.Xr snmpd 8 +-and request it send a trap to the registered trap receivers; +-see +-.Xr snmpd.conf 5 +-for more information about the configuration. + .It Ic timeout Ar number + Set the global timeout in milliseconds for checks. + This can be overridden by the timeout value in the table definitions. +@@ -363,17 +340,6 @@ + .Pp + The following general table options are available: + .Bl -tag -width Ds +-.It Ic demote Ar group +-Enable the per-table +-.Xr carp 4 +-demotion option. +-This will increment the carp demotion counter for the +-specified interface group if all hosts in the table are down. +-For more information on interface groups, +-see the +-.Ic group +-keyword in +-.Xr ifconfig 8 . + .It Ic interval Ar number + Override the global interval and specify one for this table. + It must be a multiple of the global interval. +@@ -605,7 +571,7 @@ + .Ic destination + .Ar options ... + .Xc +-When redirecting connections with a divert-to rule in ++When redirecting connections with a rdr-to rule in + .Xr pf.conf 5 + to a relay listening on localhost, this directive will + look up the real destination address of the intended target host, +@@ -613,14 +579,7 @@ + If an additional + .Ic forward to + directive to a specified address or table is present, +-it will be used as a backup if the lookup failed. +-.It Xo +-.Ic forward to +-.Ic nat lookup +-.Ar options ... +-.Xc +-Like the previous directive, but for redirections with rdr-to in +-.Xr pf.conf 5 . ++it will be used as a backup if the NAT lookup failed. + .It Xo + .Ic listen on Ar address + .Op Ic port Ar port +@@ -639,9 +598,9 @@ + keyword is present, the relay will accept connections using the + encrypted SSL protocol. + The relay will look up a private key in +-.Pa /etc/ssl/private/address.key ++.Pa %%PREFIX%%/etc/ssl/private/address.key + and a public certificate in +-.Pa /etc/ssl/address.crt , ++.Pa %%PREFIX%%/etc/ssl/address.crt , + where + .Ar address + is the specified IP address of the relay to listen on. +@@ -990,9 +949,6 @@ + This option enables CA verification in SSL client mode. + The daemon will load the CA (Certificate Authority) certificates from + the specified path to verify the server certificates. +-.Ox +-provides a default CA bundle in +-.Pa /etc/ssl/cert.pem . + .It Ic ciphers Ar string + Set the string defining the SSL cipher suite. + If not specified, the default value +@@ -1068,89 +1024,22 @@ + Set the socket-level buffer size for input and output for this + connection. + This will affect the TCP window size. +-.It Xo +-.Op Ic no +-.Ic splice +-.Xc +-Use socket splicing for zero-copy data transfer. +-This option is enabled by default. + .El + .El +-.Sh ROUTERS +-Routers represent routing table entries in the kernel forwarding +-database, see +-.Xr route 4 , +-and a table of associated gateways. +-They are used to dynamically insert or remove routes with gateways +-based on their availability and health-check results. +-A router can include multiple network statements and a single forward +-statement with a table of one or more gateways. +-All entries in a single router directive must match the same address +-family, either IPv4 or IPv6. +-.Pp +-The kernel supports multipath routing when multiple gateways exist to +-the same destination address. +-The multipath routing behaviour can be changed globally using the +-.Xr sysctl 8 +-variables +-.Va net.inet.ip.multipath +-and +-.Va net.inet6.ip6.multipath . +-With the default setting of 0, +-the first route selected will be used for subsequent packets to that +-destination regardless of source. +-Setting it to 1 will enable load balancing based on the packet source +-address across gateways; multiple routes with the same priority are +-used equally. +-The kernel will also check the link state of the related network +-interface and try a different route if it is not active. +-.Pp +-The configuration directives that are valid in the +-.Ic routers +-context are described below: +-.Bl -tag -width Ds +-.It Xo +-.Ic forward to +-.Aq Ar table +-.Ic port Ar number +-.Ar options ... +-.Xc +-Specify the table of target gateways to be used; see the +-.Sx TABLES +-section above for information about table options. +-This entry is mandatory and must be specified once. +-.It Xo +-.Ic route +-.Ar address Ns Li / Ns Ar prefix +-.Xc +-Specify the network address and prefix length of a route destination +-that is reachable via the active gateways. +-This entry must be specified at least once in a router directive. +-.It Ic rtable Ar id +-Add the routes to the kernel routing table with the specified +-.Ar id . +-.It Ic rtlabel Ar label +-Add the routes with the specified +-.Ar label +-to the kernel routing table. +-.El + .Sh FILES +-.Bl -tag -width "/etc/ssl/private/address.keyXX" -compact +-.It Pa /etc/relayd.conf ++.Bl -tag -width "%%PREFIX%%/etc/ssl/private/address.keyXX" -compact ++.It Pa %%PREFIX%%/etc/relayd.conf + .Xr relayd 8 + configuration file. + .Pp + .It Pa /etc/services + Service name database. + .Pp +-.It Pa /etc/ssl/address.crt +-.It Pa /etc/ssl/private/address.key ++.It Pa %%PREFIX%%/etc/ssl/address.crt ++.It Pa %%PREFIX%%/etc/ssl/private/address.key + Location of the relay SSL server certificates, where + .Ar address + is the configured IP address of the relay. +-.It Pa /etc/ssl/cert.pem +-Default location of the CA bundle that can be used with +-.Xr relayd 8 . + .El + .Sh EXAMPLES + This configuration file would create a redirection service +@@ -1242,20 +1131,9 @@ + forward to shell.example.com port 22 + } + .Ed +-.Pp +-The next simple router configuration example can be used to run +-redundant, health-checked WAN links: +-.Bd -literal -offset indent +-table \*(Ltgateways\*(Gt { $gw1 ip ttl 1, $gw2 ip ttl 1 } +-router "uplinks" { +- route 0.0.0.0/0 +- forward to \*(Ltgateways\*(Gt check icmp +-} +-.Ed + .Sh SEE ALSO + .Xr relayctl 8 , + .Xr relayd 8 , +-.Xr snmpd 8 , + .Xr ssl 8 + .Sh HISTORY + The diff --git a/net/relayd/files/patch-relayd-relayd.h b/net/relayd/files/patch-relayd-relayd.h index 33ba4116ff2..dbefb9b926b 100644 --- a/net/relayd/files/patch-relayd-relayd.h +++ b/net/relayd/files/patch-relayd-relayd.h @@ -1,74 +1,199 @@ ---- relayd/relayd.h.orig 2011-01-15 00:27:09.022494663 +0100 -+++ relayd/relayd.h 2011-01-15 00:47:37.743251059 +0100 -@@ -19,11 +19,12 @@ - */ - +--- relayd.orig/relayd.h 2011-05-22 01:06:39.465162022 +0200 ++++ relayd/relayd.h 2011-05-22 01:07:39.088200887 +0200 +@@ -21,10 +21,18 @@ #include <sys/tree.h> -+ -+#include <sys/param.h> /* MAXHOSTNAMELEN */ -+#include <limits.h> - #ifdef __FreeBSD__ --#include <sys/param.h> - #include <sys/queue.h> - #endif -- + + #include <sys/param.h> /* MAXHOSTNAMELEN */ ++#ifdef __FreeBSD__ ++#include <sys/queue.h> ++#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) ++#endif + #include <limits.h> #include <imsg.h> - #ifdef __FreeBSD__ -@@ -299,7 +300,9 @@ - HCE_ICMP_OK, - HCE_ICMP_READ_TIMEOUT, - HCE_ICMP_WRITE_TIMEOUT, -- HCE_TCP_CONNECT_ERROR, -+ HCE_TCP_SOCKET_ERROR, -+ HCE_TCP_SOCKET_LIMIT, -+ HCE_TCP_SOCKET_OPTION, - HCE_TCP_CONNECT_FAIL, - HCE_TCP_CONNECT_TIMEOUT, - HCE_TCP_CONNECT_OK, -@@ -637,6 +640,13 @@ - struct ctl_icmp_event sc_icmp_recv; - struct ctl_icmp_event sc_icmp6_send; - struct ctl_icmp_event sc_icmp6_recv; -+ -+ /* Event and signal handlers */ -+ struct event sc_evsigint; -+ struct event sc_evsigterm; -+ struct event sc_evsigchld; -+ struct event sc_evsighup; -+ struct event sc_evsigpipe; ++#ifdef __FreeBSD__ ++#define CONF_FILE "%%PREFIX%%/etc/relayd.conf" ++#else + #define CONF_FILE "/etc/relayd.conf" ++#endif + #define RELAYD_SOCKET "/var/run/relayd.sock" + #define PF_SOCKET "/dev/pf" + #define RELAYD_USER "_relayd" +@@ -63,7 +71,18 @@ + #define SMALL_READ_BUF_SIZE 1024 + #define ICMP_BUF_SIZE 64 + ++#ifndef __FreeBSD__ + #define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ ++#else ++#define SIMPLEQ_HEAD STAILQ_HEAD ++#define SIMPLEQ_FIRST STAILQ_FIRST ++#define SIMPLEQ_REMOVE_HEAD STAILQ_REMOVE_HEAD ++#define SIMPLEQ_ENTRY STAILQ_ENTRY ++#define SIMPLEQ_INIT STAILQ_INIT ++#define SIMPLEQ_EMPTY STAILQ_EMPTY ++#define SIMPLEQ_NEXT STAILQ_NEXT ++#define SIMPLEQ_INSERT_TAIL STAILQ_INSERT_TAIL ++#endif + + #if DEBUG > 1 + #define DPRINTF log_debug +@@ -253,7 +272,9 @@ + #define F_SSLCLIENT 0x00200000 + #define F_NEEDRT 0x00400000 + #define F_MATCH 0x00800000 ++#ifndef __FreeBSD__ + #define F_DIVERT 0x01000000 ++#endif + + #define F_BITS \ + "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ +@@ -622,6 +643,7 @@ }; + #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN - #define RELAYD_OPT_VERBOSE 0x01 -@@ -699,6 +709,7 @@ - IMSG_CTL_NOTIFY, - IMSG_CTL_RDR_STATS, - IMSG_CTL_RELAY_STATS, -+ IMSG_CTL_LOG_VERBOSE, - IMSG_RDR_ENABLE, /* notifies from pfe to hce */ - IMSG_RDR_DISABLE, - IMSG_TABLE_ENABLE, -@@ -799,7 +810,6 @@ - int relay_cmp_af(struct sockaddr_storage *, - struct sockaddr_storage *); ++#ifndef __FreeBSD__ + struct router; + struct netroute_config { + objid_t id; +@@ -668,6 +690,7 @@ + struct netroute_config nr; + struct router_config rt; + }; ++#endif + /* initially control.h */ + struct control_sock { +@@ -753,12 +776,18 @@ + IMSG_HOST_STATUS, /* notifies from hce to pfe */ + IMSG_SYNC, + IMSG_NATLOOK, ++#ifndef __FreeBSD__ + IMSG_DEMOTE, ++#endif + IMSG_STATISTICS, + IMSG_SCRIPT, ++#ifndef __FreeBSD__ + IMSG_SNMPSOCK, ++#endif + IMSG_BINDANY, ++#ifndef __FreeBSD__ + IMSG_RTMSG, /* from pfe to parent */ ++#endif + IMSG_CFG_TABLE, /* configuration from parent */ + IMSG_CFG_HOST, + IMSG_CFG_RDR, +@@ -826,14 +855,18 @@ + u_int32_t sc_flags; + const char *sc_conffile; + struct pfdata *sc_pf; ++#ifndef __FreeBSD__ + int sc_rtsock; + int sc_rtseq; ++#endif + int sc_tablecount; + int sc_rdrcount; + int sc_protocount; + int sc_relaycount; ++#ifndef __FreeBSD__ + int sc_routercount; + int sc_routecount; ++#endif + struct timeval sc_interval; + struct timeval sc_timeout; + struct table sc_empty_table; +@@ -843,8 +876,10 @@ + struct rdrlist *sc_rdrs; + struct protolist *sc_protos; + struct relaylist *sc_relays; ++#ifndef __FreeBSD__ + struct routerlist *sc_rts; + struct netroutelist *sc_routes; ++#endif + u_int16_t sc_prefork_relay; + char sc_demote_group[IFNAMSIZ]; + u_int16_t sc_id; +@@ -852,10 +887,11 @@ + struct event sc_statev; + struct timeval sc_statinterval; + ++#ifndef __FreeBSD__ + int sc_snmp; + struct event sc_snmpto; + struct event sc_snmpev; - - RB_PROTOTYPE(proto_tree, protonode, se_nodes, relay_proto_cmp); - SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp); ++#endif + int sc_has_icmp; + int sc_has_icmp6; + struct ctl_icmp_event sc_icmp_send; +@@ -923,10 +959,12 @@ + u_int64_t + check_table(struct relayd *, struct rdr *, struct table *); + ++#ifndef __FreeBSD__ + /* pfe_route.c */ + void init_routes(struct relayd *); + void sync_routes(struct relayd *, struct router *); + int pfe_route(struct relayd *, struct ctl_netroute *); ++#endif -@@ -867,6 +877,7 @@ - void imsg_event_add(struct imsgev *); - int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, - pid_t, int, void *, u_int16_t); -+void socket_rlimit(int); + /* hce.c */ + pid_t hce(struct privsep *, struct privsep_proc *); +@@ -943,8 +981,10 @@ + void relay_session(struct rsession *); + int relay_from_table(struct rsession *); + int relay_socket_af(struct sockaddr_storage *, in_port_t); ++#ifndef __FreeBSD__ + in_port_t + relay_socket_getport(struct sockaddr_storage *); ++#endif + int relay_cmp_af(struct sockaddr_storage *, + struct sockaddr_storage *); - /* carp.c */ - int carp_demote_init(char *, int); -@@ -898,6 +909,7 @@ +@@ -986,8 +1026,10 @@ + struct host *host_find(struct relayd *, objid_t); + struct table *table_find(struct relayd *, objid_t); + struct rdr *rdr_find(struct relayd *, objid_t); ++#ifndef __FreeBSD__ + struct netroute *route_find(struct relayd *, objid_t); + struct router *router_find(struct relayd *, objid_t); ++#endif + struct host *host_findbyname(struct relayd *, const char *); + struct table *table_findbyname(struct relayd *, const char *); + struct table *table_findbyconf(struct relayd *, struct table *); +@@ -1035,11 +1077,13 @@ + void pn_unref(u_int16_t); + void pn_ref(u_int16_t); - /* log.c */ - void log_init(int); -+void log_verbose(int); - void log_warn(const char *, ...); - void log_warnx(const char *, ...); - void log_info(const char *, ...); ++#ifndef __FreeBSD__ + /* snmp.c */ + void snmp_init(struct relayd *, enum privsep_procid); + int snmp_setsock(struct relayd *, enum privsep_procid); + int snmp_getsock(struct relayd *, struct imsg *); + void snmp_hosttrap(struct relayd *, struct table *, struct host *); ++#endif + + /* shuffle.c */ + void shuffle_init(struct shuffle *); +@@ -1092,9 +1136,11 @@ + int config_setrdr(struct relayd *, struct rdr *); + int config_getrdr(struct relayd *, struct imsg *); + int config_getvirt(struct relayd *, struct imsg *); ++#ifndef __FreeBSD__ + int config_setrt(struct relayd *, struct router *); + int config_getrt(struct relayd *, struct imsg *); + int config_getroute(struct relayd *, struct imsg *); ++#endif + int config_setproto(struct relayd *env, struct protocol *); + int config_getproto(struct relayd *, struct imsg *); + int config_setprotonode(struct relayd *, enum privsep_procid, +@@ -1102,3 +1148,9 @@ + int config_getprotonode(struct relayd *, struct imsg *); + int config_setrelay(struct relayd *env, struct relay *); + int config_getrelay(struct relayd *, struct imsg *); ++ ++#ifdef __FreeBSD__ ++#if __FreeBSD_version < 800041 ++u_int32_t arc4random_uniform(u_int32_t upper_bound); ++#endif ++#endif diff --git a/net/relayd/pkg-descr b/net/relayd/pkg-descr index 734b5343510..a356fd4f73a 100644 --- a/net/relayd/pkg-descr +++ b/net/relayd/pkg-descr @@ -8,4 +8,9 @@ firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd. Layer 3 redirection happens at the packet level; to configure it, relayd communicates with pf(4). +The following relayd functionality is not (yet) implemented in FreeBSD: +carp +routers +snmp + WWW: http://spootnik.org/relayd/ |