-/* $OpenBSD: parse.y,v 1.255 2023/10/29 11:27:11 kn Exp $ */
+/* $OpenBSD: parse.y,v 1.256 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
-%token WEBSOCKETS
+%token WEBSOCKETS PFLOG
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.string> context hostname interface table value path
%type <v.number> http_type loglevel quick
%type <v.number> dstmode flag forwardmode retry
%type <v.number> opttls opttlsclient
-%type <v.number> redirect_proto relay_proto match
+%type <v.number> redirect_proto relay_proto match pflog
%type <v.number> action ruleaf key_option
%type <v.port> port
%type <v.host> host
$3->conf.rdrid = rdr->conf.id;
$3->conf.flags |= F_USED;
}
- | LISTEN ON STRING redirect_proto port interface {
+ | LISTEN ON STRING redirect_proto port interface pflog {
if (host($3, &rdr->virts,
SRV_MAX_VIRTS, &$5, $6, $4) <= 0) {
yyerror("invalid virtual ip: %s", $3);
if (rdr->conf.port == 0)
rdr->conf.port = $5.val[0];
tableport = rdr->conf.port;
+ if ($7)
+ rdr->conf.flags |= F_PFLOG;
}
| DISABLE { rdr->conf.flags |= F_DISABLE; }
| STICKYADDR { rdr->conf.flags |= F_STICKY; }
| MATCH { $$ = 1; }
;
+pflog : /* empty */ { $$ = 0; }
+ | PFLOG { $$ = 1; }
+ ;
+
forwardmode : FORWARD { $$ = FWD_NORMAL; }
| ROUTE { $$ = FWD_ROUTE; }
| TRANSPARENT FORWARD { $$ = FWD_TRANS; }
{ "pass", PASS },
{ "password", PASSWORD },
{ "path", PATH },
+ { "pflog", PFLOG },
{ "pftag", PFTAG },
{ "port", PORT },
{ "prefork", PREFORK },
-/* $OpenBSD: pfe_filter.c,v 1.65 2023/09/14 09:54:31 yasuoka Exp $ */
+/* $OpenBSD: pfe_filter.c,v 1.66 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
rio.rule.direction = PF_IN;
rio.rule.keep_state = PF_STATE_NORMAL;
+ if (rdr->conf.flags & F_PFLOG)
+ rio.rule.log = 1;
+ else
+ rio.rule.log = 0; /* allow change via reload */
+
switch (t->conf.fwdmode) {
case FWD_NORMAL:
/* traditional redirection */
-.\" $OpenBSD: relayd.conf.5,v 1.207 2023/10/29 11:27:11 kn Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.208 2024/06/17 08:02:57 sashan Exp $
.\"
.\" Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: October 29 2023 $
+.Dd $Mdocdate: June 17 2024 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
.Op ip-proto
.Ic port Ar port
.Op Ic interface Ar name
+.Op Ic pflog
.Xc
Specify an
.Ar address
it defaults to
.Cm tcp .
The rule can be optionally restricted to a given interface name.
+The optional
+.Ic pflog
+keyword will add
+.Cm log
+to the rule. The logged packets are sent to
+.Xr pflog 4 .
.It Xo
.Op Ic match
.Ic pftag Ar name
-/* $OpenBSD: relayd.h,v 1.272 2024/05/18 06:34:46 jsg Exp $ */
+/* $OpenBSD: relayd.h,v 1.273 2024/06/17 08:02:57 sashan Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
#define F_TLSINSPECT 0x04000000
#define F_HASHKEY 0x08000000
#define F_AGENTX_TRAPONLY 0x10000000
+#define F_PFLOG 0x20000000
#define F_BITS \
"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \
projects / openbsd / commitdiff