From: reyk Date: Tue, 23 Dec 2014 13:18:23 +0000 (+0000) Subject: pf now supports source-hash and random with tables so we can allow it X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6933853b1c18e53487e56a15bcd995516f679b61;p=openbsd pf now supports source-hash and random with tables so we can allow it in redirections. Thanks for help and input from jsg and yasuoka who reminded me to dig out and update these old diffs for pf and relayd. ok jsg@ --- diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index bbf22f6010c..7b46db8c344 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.198 2014/12/21 00:54:49 guenther Exp $ */ +/* $OpenBSD: parse.y,v 1.199 2014/12/23 13:18:23 reyk Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -492,6 +492,9 @@ rdropts_l : rdropts_l rdroptsl nl rdroptsl : forwardmode TO tablespec interface { if (hashkey != NULL) { + memcpy(&rdr->conf.key, + hashkey, sizeof(rdr->conf.key)); + rdr->conf.flags |= F_HASHKEY; free(hashkey); hashkey = NULL; } @@ -775,15 +778,15 @@ tableopts : CHECK tablecheck switch ($2) { case RELAY_DSTMODE_LOADBALANCE: case RELAY_DSTMODE_HASH: - case RELAY_DSTMODE_RANDOM: - case RELAY_DSTMODE_SRCHASH: if (rdr != NULL) { yyerror("mode not supported " "for redirections"); YYERROR; } /* FALLTHROUGH */ + case RELAY_DSTMODE_RANDOM: case RELAY_DSTMODE_ROUNDROBIN: + case RELAY_DSTMODE_SRCHASH: dstmode = $2; break; case RELAY_DSTMODE_LEASTSTATES: diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 1bc11f38e4e..d828f8e2c12 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.53 2013/04/27 16:39:30 benno Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.54 2014/12/23 13:18:23 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -485,9 +485,15 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) } switch (rdr->conf.mode) { + case RELAY_DSTMODE_RANDOM: + rio.rule.rdr.opts = PF_POOL_RANDOM; + break; case RELAY_DSTMODE_ROUNDROBIN: rio.rule.rdr.opts = PF_POOL_ROUNDROBIN; break; + case RELAY_DSTMODE_SRCHASH: + rio.rule.rdr.opts = PF_POOL_SRCHASH; + break; case RELAY_DSTMODE_LEASTSTATES: rio.rule.rdr.opts = PF_POOL_LEASTSTATES; break; @@ -497,6 +503,9 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) } if (rdr->conf.flags & F_STICKY) rio.rule.rdr.opts |= PF_POOL_STICKYADDR; + if (rdr->conf.flags & F_HASHKEY) + memcpy(rio.rule.rdr.key.key32, rdr->conf.key.data, + sizeof(rio.rule.rdr.key.key32)); if (rio.rule.rt == PF_ROUTETO) { memcpy(&rio.rule.route, &rio.rule.rdr, diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 5670aa55759..5065dfe90cd 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.155 2014/12/18 21:26:09 jmc Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.156 2014/12/23 13:18:23 reyk Exp $ .\" .\" Copyright (c) 2006 - 2014 Reyk Floeter .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 18 2014 $ +.Dd $Mdocdate: December 23 2014 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -413,7 +413,7 @@ the source IP address of the client, and the IP address and port of the relay. This mode is only supported by relays. .It Ic mode random Distributes the outgoing connections randomly through all active hosts. -This mode is only supported by relays. +This mode is supported by redirections and relays. .It Ic mode roundrobin Distributes the outgoing connections using a round-robin scheduler through all active hosts. @@ -423,7 +423,7 @@ This mode is supported by redirections and relays. Balances the outgoing connections across the active hosts based on the .Ar key and the source IP address of the client. -This mode is only supported by relays. +This mode is supported by redirections and relays. .El .Pp The optional