From 0be9d00a7cf298a2eea5813e8e14e6da3bb0dc02 Mon Sep 17 00:00:00 2001 From: benno Date: Mon, 6 Aug 2018 17:31:31 +0000 Subject: [PATCH] replace the current log options log updates|all with log state changes log host checks log connection [errors] The first two control the logging of host check results: either changes in host state only or all checks. The third option controls logging of connections in relay mode: Either log all connections, or only errors. Additionaly, errors will be logged with LOG_WARN and good connections will be logged with LOG_INFO, so they can be differentiated in syslog. ok and feedback from claudio@ --- usr.sbin/relayd/hce.c | 6 +-- usr.sbin/relayd/parse.y | 28 +++++++++-- usr.sbin/relayd/relay.c | 93 ++++++++++++++++++++--------------- usr.sbin/relayd/relay_http.c | 24 ++++----- usr.sbin/relayd/relay_udp.c | 20 ++++---- usr.sbin/relayd/relayd.c | 4 +- usr.sbin/relayd/relayd.conf.5 | 24 +++++---- usr.sbin/relayd/relayd.h | 9 ++-- 8 files changed, 122 insertions(+), 86 deletions(-) diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c index e4b50292d69..8fb7701d047 100644 --- a/usr.sbin/relayd/hce.c +++ b/usr.sbin/relayd/hce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hce.c,v 1.78 2017/12/18 21:45:57 benno Exp $ */ +/* $OpenBSD: hce.c,v 1.79 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -197,7 +197,7 @@ hce_notify_done(struct host *host, enum host_error he) struct ctl_status st; struct timeval tv_now, tv_dur; u_long duration; - u_int logopt; + u_int logopt = RELAYD_OPT_LOGHOSTCHECK; struct host *h, *hostnst; int hostup; const char *msg; @@ -248,8 +248,6 @@ hce_notify_done(struct host *host, enum host_error he) proc_compose(env->sc_ps, PROC_PFE, IMSG_HOST_STATUS, &st, sizeof(st)); if (host->up != host->last_up) logopt = RELAYD_OPT_LOGUPDATE; - else - logopt = RELAYD_OPT_LOGNOTIFY; getmonotime(&tv_now); timersub(&tv_now, &host->cte.tv_start, &tv_dur); diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 85b01d266b8..2af04c27bd9 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.226 2018/07/11 07:39:22 krw Exp $ */ +/* $OpenBSD: parse.y,v 1.227 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -176,7 +176,7 @@ typedef struct { %token SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP TIMEOUT TLS %token TO ROUTER RTLABEL TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE -%token EDH TICKETS +%token EDH TICKETS CONNECTION CONNECTIONS ERRORS STATE CHANGES CHECKS %token STRING %token NUMBER %type hostname interface table value optstring @@ -433,8 +433,23 @@ main : INTERVAL NUMBER { trap : /* nothing */ { $$ = 0; } | TRAP { $$ = 1; } -loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; } - | ALL { $$ = RELAYD_OPT_LOGALL; } +loglevel : UPDATES { /* remove 6.4-current */ + $$ = RELAYD_OPT_LOGUPDATE; + log_warnx("log updates deprecated, " + "update configuration"); + } + | STATE CHANGES { $$ = RELAYD_OPT_LOGUPDATE; } + | HOST CHECKS { $$ = RELAYD_OPT_LOGHOSTCHECK; } + | ALL { /* remove 6.4-current */ + $$ = (RELAYD_OPT_LOGHOSTCHECK| + RELAYD_OPT_LOGCON| + RELAYD_OPT_LOGCONERR); + log_warnx("log all deprecated, " + "update configuration"); + } + | CONNECTION { $$ = (RELAYD_OPT_LOGCON | + RELAYD_OPT_LOGCONERR); } + | CONNECTION ERRORS { $$ = RELAYD_OPT_LOGCONERR; } ; rdr : REDIRECT STRING { @@ -2223,9 +2238,12 @@ lookup(char *s) { "ca", CA }, { "cache", CACHE }, { "cert", CERTIFICATE }, + { "changes", CHANGES }, { "check", CHECK }, + { "checks", CHECKS }, { "ciphers", CIPHERS }, { "code", CODE }, + { "connection", CONNECTION }, { "cookie", COOKIE }, { "demote", DEMOTE }, { "destination", DESTINATION }, @@ -2234,6 +2252,7 @@ lookup(char *s) { "ecdhe", ECDHE }, { "edh", EDH }, { "error", ERROR }, + { "errors", ERRORS }, { "expect", EXPECT }, { "external", EXTERNAL }, { "file", FILENAME }, @@ -2302,6 +2321,7 @@ lookup(char *s) { "source-hash", SRCHASH }, { "splice", SPLICE }, { "ssl", SSL }, + { "state", STATE }, { "sticky-address", STICKYADDR }, { "style", STYLE }, { "table", TABLE }, diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 9a7f60d6f86..8ebd0bd1c14 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.239 2018/06/10 20:41:47 benno Exp $ */ +/* $OpenBSD: relay.c,v 1.240 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter @@ -397,7 +397,7 @@ relay_statistics(int fd, short events, void *arg) &rlay->rl_sessions, con); timersub(&tv_now, &con->se_tv_last, &tv); if (timercmp(&tv, &rlay->rl_conf.timeout, >=)) - relay_close(con, "hard timeout"); + relay_close(con, "hard timeout", 1); } } @@ -700,7 +700,7 @@ relay_connected(int fd, short sig, void *arg) case RELAY_PROTO_HTTP: if (relay_httpdesc_init(out) == -1) { relay_close(con, - "failed to allocate http descriptor"); + "failed to allocate http descriptor", 1); return; } con->se_out.toread = TOREAD_HTTP_HEADER; @@ -742,7 +742,7 @@ relay_connected(int fd, short sig, void *arg) bufferevent_enable(con->se_in.bev, EV_READ); if (relay_splice(&con->se_out) == -1) - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -757,7 +757,7 @@ relay_input(struct rsession *con) case RELAY_PROTO_HTTP: if (relay_httpdesc_init(&con->se_in) == -1) { relay_close(con, - "failed to allocate http descriptor"); + "failed to allocate http descriptor", 1); return; } con->se_in.toread = TOREAD_HTTP_HEADER; @@ -776,7 +776,7 @@ relay_input(struct rsession *con) con->se_in.bev = bufferevent_new(con->se_in.s, inrd, inwr, relay_error, &con->se_in); if (con->se_in.bev == NULL) { - relay_close(con, "failed to allocate input buffer event"); + relay_close(con, "failed to allocate input buffer event", 1); return; } @@ -791,7 +791,7 @@ relay_input(struct rsession *con) bufferevent_enable(con->se_in.bev, EV_READ|EV_WRITE); if (relay_splice(&con->se_in) == -1) - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -811,10 +811,10 @@ relay_write(struct bufferevent *bev, void *arg) return; done: - relay_close(con, "last write (done)"); + relay_close(con, "last write (done)", 0); return; fail: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -860,10 +860,10 @@ relay_read(struct bufferevent *bev, void *arg) return; done: - relay_close(con, "last read (done)"); + relay_close(con, "last read (done)", 0); return; fail: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } /* @@ -985,7 +985,7 @@ relay_error(struct bufferevent *bev, short error, void *arg) case -1: goto fail; case 0: - relay_close(con, "buffer event timeout"); + relay_close(con, "buffer event timeout", 1); break; case 1: cre->timedout = 1; @@ -993,7 +993,7 @@ relay_error(struct bufferevent *bev, short error, void *arg) break; } } else { - relay_close(con, "buffer event timeout"); + relay_close(con, "buffer event timeout", 1); } return; } @@ -1003,14 +1003,14 @@ relay_error(struct bufferevent *bev, short error, void *arg) case -1: goto fail; case 0: - relay_close(con, "splice timeout"); + relay_close(con, "splice timeout", 1); return; case 1: bufferevent_enable(bev, EV_READ); break; } } else if (cre->dst->timedout) { - relay_close(con, "splice timeout"); + relay_close(con, "splice timeout", 1); return; } if (relay_spliceadjust(cre) == -1) @@ -1036,13 +1036,13 @@ relay_error(struct bufferevent *bev, short error, void *arg) } else if (cre->toread == TOREAD_UNLIMITED || cre->toread == 0) return; - relay_close(con, "done"); + relay_close(con, "done", 0); return; } - relay_close(con, "buffer event error"); + relay_close(con, "buffer event error", 1); return; fail: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -1138,7 +1138,7 @@ relay_accept(int fd, short event, void *arg) /* Pre-allocate output buffer */ con->se_out.output = evbuffer_new(); if (con->se_out.output == NULL) { - relay_close(con, "failed to allocate output buffer"); + relay_close(con, "failed to allocate output buffer", 1); return; } @@ -1146,7 +1146,7 @@ relay_accept(int fd, short event, void *arg) slen = sizeof(con->se_out.ss); if (getsockname(s, (struct sockaddr *)&con->se_out.ss, &slen) == -1) { - relay_close(con, "peer lookup failed"); + relay_close(con, "peer lookup failed", 1); return; } con->se_out.port = relay_socket_getport(&con->se_out.ss); @@ -1158,7 +1158,7 @@ relay_accept(int fd, short event, void *arg) con->se_out.ss.ss_family = AF_UNSPEC; } else if (rlay->rl_conf.flags & F_NATLOOK) { if ((cnl = calloc(1, sizeof(*cnl))) == NULL) { - relay_close(con, "failed to allocate nat lookup"); + relay_close(con, "failed to allocate nat lookup", 1); return; } @@ -1173,7 +1173,7 @@ relay_accept(int fd, short event, void *arg) slen = sizeof(cnl->dst); if (getsockname(s, (struct sockaddr *)&cnl->dst, &slen) == -1) { - relay_close(con, "failed to get local address"); + relay_close(con, "failed to get local address", 1); return; } @@ -1368,7 +1368,7 @@ relay_natlook(int fd, short event, void *arg) if (con->se_out.ss.ss_family == AF_UNSPEC && cnl->in == -1 && rlay->rl_conf.dstss.ss_family == AF_UNSPEC && TAILQ_EMPTY(&rlay->rl_tables)) { - relay_close(con, "session NAT lookup failed"); + relay_close(con, "session NAT lookup failed", 1); return; } if (cnl->in != -1) { @@ -1390,7 +1390,7 @@ relay_session(struct rsession *con) if (bcmp(&rlay->rl_conf.ss, &out->ss, sizeof(out->ss)) == 0 && out->port == rlay->rl_conf.port) { log_debug("%s: session %d: looping", __func__, con->se_id); - relay_close(con, "session aborted"); + relay_close(con, "session aborted", 1); return; } @@ -1401,7 +1401,7 @@ relay_session(struct rsession *con) if (rlay->rl_proto->request == NULL) fatalx("invalide UDP session"); if ((*rlay->rl_proto->request)(con) == -1) - relay_close(con, "session failed"); + relay_close(con, "session failed", 1); return; } @@ -1414,7 +1414,7 @@ relay_session(struct rsession *con) if (rlay->rl_conf.fwdmode == FWD_TRANS) relay_bindanyreq(con, 0, IPPROTO_TCP); else if (relay_connect(con) == -1) { - relay_close(con, "session failed"); + relay_close(con, "session failed", 1); return; } } @@ -1451,11 +1451,11 @@ relay_bindany(int fd, short event, void *arg) struct rsession *con = arg; if (con->se_bnds == -1) { - relay_close(con, "bindany failed, invalid socket"); + relay_close(con, "bindany failed, invalid socket", 1); return; } if (relay_connect(con) == -1) - relay_close(con, "session failed"); + relay_close(con, "session failed", 1); } void @@ -1670,7 +1670,7 @@ relay_connect(struct rsession *con) } void -relay_close(struct rsession *con, const char *msg) +relay_close(struct rsession *con, const char *msg, int err) { char ibuf[128], obuf[128], *ptr = NULL; struct relay *rlay = con->se_relay; @@ -1685,7 +1685,8 @@ relay_close(struct rsession *con, const char *msg) if (con->se_out.bev != NULL) bufferevent_disable(con->se_out.bev, EV_READ|EV_WRITE); - if ((env->sc_conf.opts & RELAYD_OPT_LOGUPDATE) && msg != NULL) { + if ((env->sc_conf.opts & (RELAYD_OPT_LOGCON|RELAYD_OPT_LOGCONERR)) && + msg != NULL) { bzero(&ibuf, sizeof(ibuf)); bzero(&obuf, sizeof(obuf)); (void)print_host(&con->se_in.ss, ibuf, sizeof(ibuf)); @@ -1695,12 +1696,22 @@ relay_close(struct rsession *con, const char *msg) ptr = evbuffer_readln(con->se_log, NULL, EVBUFFER_EOL_CRLF); } - log_info("relay %s, " - "session %d (%d active), %s, %s -> %s:%d, " - "%s%s%s", rlay->rl_conf.name, con->se_id, relay_sessions, - con->se_tag != 0 ? tag_id2name(con->se_tag) : "0", ibuf, - obuf, ntohs(con->se_out.port), msg, ptr == NULL ? "" : ",", - ptr == NULL ? "" : ptr); + if (err == 0 && (env->sc_conf.opts & RELAYD_OPT_LOGCON)) + log_info("relay %s, " + "session %d (%d active), %s, %s -> %s:%d, " + "%s%s%s", rlay->rl_conf.name, con->se_id, + relay_sessions, con->se_tag != 0 ? + tag_id2name(con->se_tag) : "0", ibuf, obuf, + ntohs(con->se_out.port), msg, ptr == NULL ? + "" : ",", ptr == NULL ? "" : ptr); + if (err == 1 && (env->sc_conf.opts & RELAYD_OPT_LOGCONERR)) + log_warn("relay %s, " + "session %d (%d active), %s, %s -> %s:%d, " + "%s%s%s", rlay->rl_conf.name, con->se_id, + relay_sessions, con->se_tag != 0 ? + tag_id2name(con->se_tag) : "0", ibuf, obuf, + ntohs(con->se_out.port), msg, ptr == NULL ? + "" : ",", ptr == NULL ? "" : ptr); free(ptr); } @@ -2293,7 +2304,7 @@ relay_tls_transaction(struct rsession *con, struct ctl_relay_event *cre) return; err: - relay_close(con, errstr); + relay_close(con, errstr, 1); } void @@ -2307,7 +2318,7 @@ relay_tls_handshake(int fd, short event, void *arg) char *msg; if (event == EV_TIMEOUT) { - relay_close(con, "TLS handshake timeout"); + relay_close(con, "TLS handshake timeout", 1); return; } @@ -2344,7 +2355,7 @@ relay_tls_handshake(int fd, short event, void *arg) con->se_in.tlscert = NULL; if (con->se_in.tlscert == NULL) relay_close(con, - "could not create certificate"); + "could not create certificate", 1); else relay_session(con); return; @@ -2358,10 +2369,10 @@ relay_tls_handshake(int fd, short event, void *arg) } else { if (asprintf(&msg, "TLS handshake error: %s", tls_error(cre->tls)) >= 0) { - relay_close(con, msg); + relay_close(con, msg, 1); free(msg); } else { - relay_close(con, "TLS handshake error"); + relay_close(con, "TLS handshake error", 1); } return; } diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c index cf493f8c887..a9d27bfe605 100644 --- a/usr.sbin/relayd/relay_http.c +++ b/usr.sbin/relayd/relay_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay_http.c,v 1.70 2017/11/27 16:25:50 benno Exp $ */ +/* $OpenBSD: relay_http.c,v 1.71 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter @@ -406,7 +406,7 @@ relay_read_http(struct bufferevent *bev, void *arg) action = relay_test(proto, cre); switch (action) { case RES_FAIL: - relay_close(con, "filter rule failed"); + relay_close(con, "filter rule failed", 1); return; case RES_BAD: relay_abort_http(con, 400, "Bad Request", @@ -512,12 +512,12 @@ relay_read_http(struct bufferevent *bev, void *arg) } } if (con->se_done) { - relay_close(con, "last http read (done)"); + relay_close(con, "last http read (done)", 0); return; } switch (relay_splice(cre)) { case -1: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); case 1: return; case 0: @@ -589,10 +589,10 @@ relay_read_httpcontent(struct bufferevent *bev, void *arg) /* The callback readcb() might have freed the session. */ return; done: - relay_close(con, "last http content read"); + relay_close(con, "last http content read", 0); return; fail: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -652,7 +652,7 @@ relay_read_httpchunks(struct bufferevent *bev, void *arg) */ if (sscanf(line, "%llx", &llval) != 1 || llval < 0) { free(line); - relay_close(con, "invalid chunk size"); + relay_close(con, "invalid chunk size", 1); return; } @@ -713,10 +713,10 @@ relay_read_httpchunks(struct bufferevent *bev, void *arg) return; done: - relay_close(con, "last http chunk read (done)"); + relay_close(con, "last http chunk read (done)", 0); return; fail: - relay_close(con, strerror(errno)); + relay_close(con, strerror(errno), 1); } void @@ -991,7 +991,7 @@ relay_abort_http(struct rsession *con, u_int code, const char *msg, /* In some cases this function may be called from generic places */ if (rlay->rl_proto->type != RELAY_PROTO_HTTP || (rlay->rl_proto->flags & F_RETURN) == 0) { - relay_close(con, msg); + relay_close(con, msg, 0); return; } @@ -1060,9 +1060,9 @@ relay_abort_http(struct rsession *con, u_int code, const char *msg, done: free(body); if (asprintf(&httpmsg, "%s (%03d %s)", msg, code, httperr) == -1) - relay_close(con, msg); + relay_close(con, msg, 1); else { - relay_close(con, httpmsg); + relay_close(con, httpmsg, 1); free(httpmsg); } } diff --git a/usr.sbin/relayd/relay_udp.c b/usr.sbin/relayd/relay_udp.c index fe5a1d587ed..74d55feb794 100644 --- a/usr.sbin/relayd/relay_udp.c +++ b/usr.sbin/relayd/relay_udp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay_udp.c,v 1.48 2018/04/18 12:10:54 claudio Exp $ */ +/* $OpenBSD: relay_udp.c,v 1.49 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2007 - 2013 Reyk Floeter @@ -204,7 +204,7 @@ relay_udp_response(int fd, short sig, void *arg) (priv = (*proto->validate)(con, rlay, &ss, buf, len)) == NULL) return; - relay_close(con, "unknown response"); + relay_close(con, "unknown response", 1); free(priv); } @@ -281,7 +281,7 @@ relay_udp_server(int fd, short sig, void *arg) /* Pre-allocate output buffer */ con->se_out.output = evbuffer_new(); if (con->se_out.output == NULL) { - relay_close(con, "failed to allocate output buffer"); + relay_close(con, "failed to allocate output buffer", 1); return; } @@ -289,20 +289,20 @@ relay_udp_server(int fd, short sig, void *arg) con->se_haslog = 0; con->se_log = evbuffer_new(); if (con->se_log == NULL) { - relay_close(con, "failed to allocate log buffer"); + relay_close(con, "failed to allocate log buffer", 1); return; } if (rlay->rl_conf.flags & F_NATLOOK) { if ((cnl = calloc(1, sizeof(*cnl))) == NULL) { - relay_close(con, "failed to allocate natlookup"); + relay_close(con, "failed to allocate natlookup", 1); return; } } /* Save the received data */ if (evbuffer_add(con->se_out.output, buf, len) == -1) { - relay_close(con, "failed to store buffer"); + relay_close(con, "failed to store buffer", 1); free(cnl); return; } @@ -337,7 +337,7 @@ relay_udp_timeout(int fd, short sig, void *arg) if (sig != EV_TIMEOUT) fatalx("invalid timeout event"); - relay_close(con, "udp timeout"); + relay_close(con, "udp timeout", 1); } /* @@ -440,7 +440,7 @@ relay_dns_validate(struct rsession *con, struct relay *rlay, } else { priv = con->se_priv; if (priv == NULL || key != priv->dp_inkey) { - relay_close(con, "invalid response"); + relay_close(con, "invalid response", 1); return (NULL); } relay_dns_result(con, buf, len); @@ -531,11 +531,11 @@ relay_dns_result(struct rsession *con, u_int8_t *buf, size_t len) slen = con->se_out.ss.ss_len; if (sendto(rlay->rl_s, buf, len, 0, (struct sockaddr *)&con->se_in.ss, slen) == -1) { - relay_close(con, "response failed"); + relay_close(con, "response failed", 1); return; } - relay_close(con, "session closed"); + relay_close(con, "session closed", 0); } int diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index 0ce53b41d5d..c2e675adf67 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.171 2017/11/29 15:24:50 benno Exp $ */ +/* $OpenBSD: relayd.c,v 1.172 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2007 - 2016 Reyk Floeter @@ -558,7 +558,7 @@ purge_relay(struct relayd *env, struct relay *rlay) /* cleanup sessions */ while ((con = SPLAY_ROOT(&rlay->rl_sessions)) != NULL) - relay_close(con, NULL); + relay_close(con, NULL, 0); /* cleanup relay */ if (rlay->rl_bev != NULL) diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 125bd685bb2..dd40a50946b 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.185 2018/06/18 06:04:25 jmc Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.186 2018/08/06 17:31:31 benno Exp $ .\" .\" Copyright (c) 2006 - 2016 Reyk Floeter .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 18 2018 $ +.Dd $Mdocdate: August 6 2018 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -123,14 +123,14 @@ Set the interval in seconds at which the hosts will be checked. The default interval is 10 seconds. .It Xo .Ic log -.Pq Ic updates Ns | Ns Ic all +.Pq Ic state changes Ns | Ns Ic host checks .Xc -Log state notifications after completed host checks. -Either only log the -.Ic updates -to new states or log -.Ic all -state notifications, even if the state didn't change. +Log host checks: +Either log only the +.Ic state changes +of hosts or log all +.Ic host checks +that were run, even if the state didn't change. The host state can be .Dq up (the health check completed successfully), @@ -139,6 +139,12 @@ The host state can be or .Dq unknown (the host is disabled or has not been checked yet). +.It Xo +.Ic log connection Op Ic errors +.Xc +When using relays, log all TCP connections. +Optionally log only +.Ic connection errors. .It Ic prefork Ar number When using relays, run the specified number of processes to handle relayed connections. diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index bcf47a6f709..ac43aa50608 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.249 2018/04/18 12:10:54 claudio Exp $ */ +/* $OpenBSD: relayd.h,v 1.250 2018/08/06 17:31:31 benno Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter @@ -1107,8 +1107,9 @@ struct relayd { #define RELAYD_OPT_VERBOSE 0x01 #define RELAYD_OPT_NOACTION 0x04 #define RELAYD_OPT_LOGUPDATE 0x08 -#define RELAYD_OPT_LOGNOTIFY 0x10 -#define RELAYD_OPT_LOGALL 0x18 +#define RELAYD_OPT_LOGHOSTCHECK 0x10 +#define RELAYD_OPT_LOGCON 0x20 +#define RELAYD_OPT_LOGCONERR 0x40 /* control.c */ int control_init(struct privsep *, struct control_sock *); @@ -1173,7 +1174,7 @@ void relay_notify_done(struct host *, const char *); int relay_session_cmp(struct rsession *, struct rsession *); char *relay_load_fd(int, off_t *); int relay_load_certfiles(struct relay *); -void relay_close(struct rsession *, const char *); +void relay_close(struct rsession *, const char *, int); int relay_reset_event(struct ctl_relay_event *); void relay_natlook(int, short, void *); void relay_session(struct rsession *); -- 2.20.1