Hello,
I have a problem with relayd and redirects. If I disable a table, redirect
stays down only for a while.
After a few seconds, redirect gets active again and forwards to the disabled
table.
Same happens for redirect with a backup forward table.
Redirect points momentarily to backup table but after a while forwards to the
disabled table.
This happens only with a combination of a table with parent hosts.
patch at bottom
regards,
Giannis
table <dir> { dir1 retry 2, dir2 retry 2 }
table <dir_> { dir1 parent 1 retry 2, dir2 parent 2 retry 2 }
table <dir_backup> { foo1 retry 2, foo2 retry 2 }
redirect dir-imap {
listen on $dir_addr port imaps
pftag RELAYD_dir
sticky-address
forward to <dir> port 993 mode least-states check icmp
}
redirect dir-pop {
listen on $dir_addr port pop3s
pftag RELAYD_dir
sticky-address
forward to <dir_> port 995 mode least-states check icmp
}
redirect dir-lmtp {
listen on $dir_addr port 24
pftag RELAYD_dir
sticky-address
forward to <dir_> port 24 mode least-states check icmp
forward to <dir_backup> port 24 mode least-states check icmp
}
# relayctl show sum
Id Type Name Avlblty Status
1 redirect dir-imap active
1 table dir:993 active (2 hosts)
1 host dir1 100.00% up
2 host dir2 100.00% up
2 redirect dir-pop active
2 table dir_:995 active (2 hosts)
3 host dir1 parent 1 100.00% up
4 host dir2 parent 2 100.00% up
3 redirect dir-lmtp active
3 table dir_:24 active (2 hosts)
5 host dir1 parent 1 100.00% up
6 host dir2 parent 2 100.00% up
4 table dir_backup:24 active (2 hosts)
7 host foo1 100.00% up
8 host foo2 100.00% up
# relayctl table dis dir_:995
disable_table: table 2
flush_table: flushed table dir-pop
pfe_sync: disabling ruleset
sync_ruleset: rules removed
pfe_dispatch_hce: state 1 for host 4 dir2
pfe_dispatch_hce: state 1 for host 3 dir1
# relayctl show sum
Id Type Name Avlblty Status
2 redirect dir-pop down
2 table dir_:995 disabled
# pfctl -a 'relayd/*' -sr
anchor "dir-pop" all {
} // empty as it should
But after a while:
table dir-pop: 2 added, 0 deleted, 0 changed, 0 killed
pfe_sync: enabling ruleset
sync_ruleset: rule added to anchor "relayd/dir-pop"
# relayctl show sum
Id Type Name Avlblty Status
2 redirect dir-pop active
2 table dir_:995 disabled
Although table is disabled, redirect comes active,
pf rule in anchor is active and <dir-pop> table has dir1 and dir2 inside.
# pfctl -a 'relayd/*' -sr
anchor "dir-pop" all {
pass in quick on rdomain 0 inet proto tcp from any to $dir_addr port = 995
flags S/SA keep state (tcp.established 600) tag RELAYD_dir rdr-to <dir-pop>
port 995 least-states sticky-address
}
Same happens with the backup table on last dir-lmtp redirect.
Table is updated momentarily with the backup hosts,
but after a while traffic is forwarded back to primary hosts although their
table is disabled.
# relayctl show sum
Id Type Name Avlblty Status
3 redirect dir-lmtp active
3 table dir_:24 active (2 hosts)
5 host dir1 parent 1 100.00% up
6 host dir2 parent 2 100.00% up
4 table dir_backup:24 active (2 hosts)
7 host foo1 100.00% up
8 host foo2 100.00% up
# relayctl table dis dir_:24
disable_table: table 3
table dir-lmtp: 2 added, 2 deleted, 0 changed, 0 killed
pfe_dispatch_hce: state 1 for host 6 dir2
pfe_dispatch_hce: state 1 for host 5 dir1
# relayctl show sum
Id Type Name Avlblty Status
3 redirect dir-lmtp active (using
backup table)
3 table dir_:24 disabled
4 table dir_backup:24 active (2 hosts)
7 host foo1 100.00% up
8 host foo2 100.00% up
# pfctl -a relayd/dir-lmtp -t dir-lmtp -vTshow
lists correctly foo1 and foo2 which are the backup hosts.
But after a while:
table dir-lmtp: 2 added, 2 deleted, 0 changed, 0 killed
# relayctl show sum
Id Type Name Avlblty Status
3 redirect dir-lmtp active
3 table dir_:24 disabled
4 table dir_backup:24 active (2 hosts)
7 host foo1 100.00% up
8 host foo2 100.00% up
# pfctl -a relayd/dir-lmtp -t dir-lmtp -vTshow
lists dir1 and dir2 and NOT foo1, foo2
I believe the following diff fixes this problem:
Index: pfe.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/pfe.c,v
retrieving revision 1.90
diff -u -p -r1.90 pfe.c
--- pfe.c 14 Sep 2020 11:30:25 -0000 1.90
+++ pfe.c 10 Jul 2023 13:39:44 -0000
@@ -171,7 +171,8 @@ pfe_dispatch_hce(int fd, struct privsep_
*/
if (HOST_ISUP(st.up)) {
table->conf.flags |= F_CHANGED;
- table->up++;
+ if (!(table->conf.flags & F_DISABLE))
+ table->up++;
host->flags |= F_ADD;
host->flags &= ~(F_DEL);
} else if (HOST_ISUP(host->up)) {
