pf now supports source-hash and random with tables so we can allow it

in redirections.  Thanks for help and input from jsg and yasuoka who
reminded me to dig out and update these old diffs for pf and relayd.

ok jsg@

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index bbf22f6..7b46db8 100644 (file)
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.198 2014/12/21 00:54:49 guenther Exp $    */
+/*     $OpenBSD: parse.y,v 1.199 2014/12/23 13:18:23 reyk Exp $        */
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -492,6 +492,9 @@ rdropts_l   : rdropts_l rdroptsl nl
 
 rdroptsl       : forwardmode TO tablespec interface    {
                        if (hashkey != NULL) {
+                               memcpy(&rdr->conf.key,
+                                   hashkey, sizeof(rdr->conf.key));
+                               rdr->conf.flags |= F_HASHKEY;
                                free(hashkey);
                                hashkey = NULL;
                        }
@@ -775,15 +778,15 @@ tableopts : CHECK tablecheck
                        switch ($2) {
                        case RELAY_DSTMODE_LOADBALANCE:
                        case RELAY_DSTMODE_HASH:
-                       case RELAY_DSTMODE_RANDOM:
-                       case RELAY_DSTMODE_SRCHASH:
                                if (rdr != NULL) {
                                        yyerror("mode not supported "
                                            "for redirections");
                                        YYERROR;
                                }
                                /* FALLTHROUGH */
+                       case RELAY_DSTMODE_RANDOM:
                        case RELAY_DSTMODE_ROUNDROBIN:
+                       case RELAY_DSTMODE_SRCHASH:
                                dstmode = $2;
                                break;
                        case RELAY_DSTMODE_LEASTSTATES:

diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 1bc11f3..d828f8e 100644 (file)
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfe_filter.c,v 1.53 2013/04/27 16:39:30 benno Exp $   */
+/*     $OpenBSD: pfe_filter.c,v 1.54 2014/12/23 13:18:23 reyk Exp $    */
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -485,9 +485,15 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
                }
 
                switch (rdr->conf.mode) {
+               case RELAY_DSTMODE_RANDOM:
+                       rio.rule.rdr.opts = PF_POOL_RANDOM;
+                       break;
                case RELAY_DSTMODE_ROUNDROBIN:
                        rio.rule.rdr.opts = PF_POOL_ROUNDROBIN;
                        break;
+               case RELAY_DSTMODE_SRCHASH:
+                       rio.rule.rdr.opts = PF_POOL_SRCHASH;
+                       break;
                case RELAY_DSTMODE_LEASTSTATES:
                        rio.rule.rdr.opts = PF_POOL_LEASTSTATES;
                        break;
@@ -497,6 +503,9 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
                }
                if (rdr->conf.flags & F_STICKY)
                        rio.rule.rdr.opts |= PF_POOL_STICKYADDR;
+               if (rdr->conf.flags & F_HASHKEY)
+                       memcpy(rio.rule.rdr.key.key32, rdr->conf.key.data,
+                           sizeof(rio.rule.rdr.key.key32));
 
                if (rio.rule.rt == PF_ROUTETO) {
                        memcpy(&rio.rule.route, &rio.rule.rdr,

diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index 5670aa5..5065dfe 100644 (file)
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: relayd.conf.5,v 1.155 2014/12/18 21:26:09 jmc Exp $
+.\"    $OpenBSD: relayd.conf.5,v 1.156 2014/12/23 13:18:23 reyk Exp $
 .\"
 .\" Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
 .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 18 2014 $
+.Dd $Mdocdate: December 23 2014 $
 .Dt RELAYD.CONF 5
 .Os
 .Sh NAME
@@ -413,7 +413,7 @@ the source IP address of the client, and the IP address and port of the relay.
 This mode is only supported by relays.
 .It Ic mode random
 Distributes the outgoing connections randomly through all active hosts.
-This mode is only supported by relays.
+This mode is supported by redirections and relays.
 .It Ic mode roundrobin
 Distributes the outgoing connections using a round-robin scheduler
 through all active hosts.
@@ -423,7 +423,7 @@ This mode is supported by redirections and relays.
 Balances the outgoing connections across the active hosts based on the
 .Ar key
 and the source IP address of the client.
-This mode is only supported by relays.
+This mode is supported by redirections and relays.
 .El
 .Pp
 The optional