Re: Port httpd(8) 'strip' directive to relayd(8)
On Thu, Jan 07, 2021 at 04:56:14PM +0100, Denis Fondras wrote:
> Le Thu, Jan 07, 2021 at 12:03:54PM +0100, Hiltjo Posthuma a écrit :
> > Hi Denis,
> >
> > I like this feature. For example it would be useful for using relayd as a
> > reverse-proxy to forward it to an internal network running a httpd with some
> > service. Then the path can be stripped without having to touch this service
> > configuration.
> >
> > Like: https://example.com/myservice/ -> http://192.168.0.2/ .
> >
> > I've noticed a small thing while testing the patch. When the path is "/" and
> > "strip 1" is used it becomes "", the request becomes: "GET HTTP/1.0". Maybe
> > this should be instead: "/". The same thing happens with a "strip number"
> > higher than the amount of sub paths.
> >
> > It could be worked-around by prefiltering with a match rule, but maybe it is
> > more obvious to make the root "/" ? The way the function
> > server_root_strip() is
> > used by OpenBSD httpd is that it first does a filesystem path check/open(2).
> >
> >
>
Hi Denis,
Awesome, tested the patch below and it looks good to me!
> Thank you for testing.
>
> Here is an update:
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.250
> diff -u -p -r1.250 parse.y
> --- parse.y 29 Dec 2020 19:48:06 - 1.250
> +++ parse.y 7 Jan 2021 15:08:28 -
> @@ -175,7 +175,7 @@ typedef struct {
> %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT
> PATH
> %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY
> REMOVE
> %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK
> SCRIPT SEND
> -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
> +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG
> TAGGED TCP
> %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
> %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE
> PASSWORD ECDHE
> %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES
> CHECKS
> @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING
> {
> rule->rule_kv[keytype].kv_option = $2;
> rule->rule_kv[keytype].kv_type = keytype;
> }
> + | PATH STRIP NUMBER {
> + char*strip = NULL;
> +
> + if ($3 < 0 || $3 > INT_MAX) {
> + yyerror("invalid strip number");
> + YYERROR;
> + }
> + if (asprintf(, "%lld", $3) <= 0)
> + fatal("can't parse strip");
> + keytype = KEY_TYPE_PATH;
> + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
> + rule->rule_kv[keytype].kv_value = strip;
> + rule->rule_kv[keytype].kv_type = keytype;
> + }
> | QUERYSTR key_option STRING value {
> switch ($2) {
> case KEY_OPTION_APPEND:
> @@ -2481,6 +2495,7 @@ lookup(char *s)
> { "ssl",SSL },
> { "state", STATE },
> { "sticky-address", STICKYADDR },
> + { "strip", STRIP },
> { "style", STYLE },
> { "table", TABLE },
> { "tag",TAG },
> Index: relay.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.251
> diff -u -p -r1.251 relay.c
> --- relay.c 14 May 2020 17:27:38 - 1.251
> +++ relay.c 7 Jan 2021 15:08:28 -
> @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
> case KEY_OPTION_LOG:
> fprintf(stderr, "log ");
> break;
> + case KEY_OPTION_STRIP:
> + fprintf(stderr, "strip ");
> + break;
> case KEY_OPTION_NONE:
> break;
> }
> @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
> break;
> }
>
> + int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
> + kv->kv_value == NULL);
> fprintf(stderr, "%s%s%s%s%s%s ",
> kv->kv_key == NULL ? "" : "\"",
> kv->kv_key == NULL ? "" : kv->kv_key,
> kv->kv_key == NULL ? "" : "\"",
> - kv->kv_value == NULL ? "" : " value \"",
> + kvv ? "" : " value \"",
> kv->kv_value == NULL ? "" : kv->kv_value,
> - kv->kv_value == NULL ? "" : "\"");
> +
Re: Port httpd(8) 'strip' directive to relayd(8)
Le Thu, Jan 07, 2021 at 12:03:54PM +0100, Hiltjo Posthuma a écrit :
> Hi Denis,
>
> I like this feature. For example it would be useful for using relayd as a
> reverse-proxy to forward it to an internal network running a httpd with some
> service. Then the path can be stripped without having to touch this service
> configuration.
>
> Like: https://example.com/myservice/ -> http://192.168.0.2/ .
>
> I've noticed a small thing while testing the patch. When the path is "/" and
> "strip 1" is used it becomes "", the request becomes: "GET HTTP/1.0". Maybe
> this should be instead: "/". The same thing happens with a "strip number"
> higher than the amount of sub paths.
>
> It could be worked-around by prefiltering with a match rule, but maybe it is
> more obvious to make the root "/" ? The way the function server_root_strip()
> is
> used by OpenBSD httpd is that it first does a filesystem path check/open(2).
>
>
Thank you for testing.
Here is an update:
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.250
diff -u -p -r1.250 parse.y
--- parse.y 29 Dec 2020 19:48:06 - 1.250
+++ parse.y 7 Jan 2021 15:08:28 -
@@ -175,7 +175,7 @@ typedef struct {
%token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH
%token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE
%token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND
-%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
+%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED TCP
%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
@@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING
{
rule->rule_kv[keytype].kv_option = $2;
rule->rule_kv[keytype].kv_type = keytype;
}
+ | PATH STRIP NUMBER {
+ char*strip = NULL;
+
+ if ($3 < 0 || $3 > INT_MAX) {
+ yyerror("invalid strip number");
+ YYERROR;
+ }
+ if (asprintf(, "%lld", $3) <= 0)
+ fatal("can't parse strip");
+ keytype = KEY_TYPE_PATH;
+ rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
+ rule->rule_kv[keytype].kv_value = strip;
+ rule->rule_kv[keytype].kv_type = keytype;
+ }
| QUERYSTR key_option STRING value {
switch ($2) {
case KEY_OPTION_APPEND:
@@ -2481,6 +2495,7 @@ lookup(char *s)
{ "ssl",SSL },
{ "state", STATE },
{ "sticky-address", STICKYADDR },
+ { "strip", STRIP },
{ "style", STYLE },
{ "table", TABLE },
{ "tag",TAG },
Index: relay.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.251
diff -u -p -r1.251 relay.c
--- relay.c 14 May 2020 17:27:38 - 1.251
+++ relay.c 7 Jan 2021 15:08:28 -
@@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
case KEY_OPTION_LOG:
fprintf(stderr, "log ");
break;
+ case KEY_OPTION_STRIP:
+ fprintf(stderr, "strip ");
+ break;
case KEY_OPTION_NONE:
break;
}
@@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
break;
}
+ int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
+kv->kv_value == NULL);
fprintf(stderr, "%s%s%s%s%s%s ",
kv->kv_key == NULL ? "" : "\"",
kv->kv_key == NULL ? "" : kv->kv_key,
kv->kv_key == NULL ? "" : "\"",
- kv->kv_value == NULL ? "" : " value \"",
+ kvv ? "" : " value \"",
kv->kv_value == NULL ? "" : kv->kv_value,
- kv->kv_value == NULL ? "" : "\"");
+ kvv ? "" : "\"");
}
if (rule->rule_tablename[0])
Index: relay_http.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v
retrieving revision 1.79
diff -u -p -r1.79 relay_http.c
--- relay_http.c4 Sep 2020 13:09:14
Re: Port httpd(8) 'strip' directive to relayd(8)
On Sun, Jan 03, 2021 at 11:40:42AM +0100, Denis Fondras wrote:
> Le Fri, Dec 11, 2020 at 10:53:56AM +, Olivier Cherrier a écrit :
> >
> > Hello tech@,
> >
> > Is there any interest for this feature to be commited?
> > I find it very useful. Thank you Denis!
> >
>
> Here is an up to date diff, looking for OKs.
>
Hi Denis,
I like this feature. For example it would be useful for using relayd as a
reverse-proxy to forward it to an internal network running a httpd with some
service. Then the path can be stripped without having to touch this service
configuration.
Like: https://example.com/myservice/ -> http://192.168.0.2/ .
I've noticed a small thing while testing the patch. When the path is "/" and
"strip 1" is used it becomes "", the request becomes: "GET HTTP/1.0". Maybe
this should be instead: "/". The same thing happens with a "strip number"
higher than the amount of sub paths.
It could be worked-around by prefiltering with a match rule, but maybe it is
more obvious to make the root "/" ? The way the function server_root_strip() is
used by OpenBSD httpd is that it first does a filesystem path check/open(2).
My test config:
Command:
printf 'GET / HTTP/1.0\r\nConnection: Close\r\nHost: 127.0.0.1\r\n\r\n'
| \
nc -v 127.0.0.1 80
relayd.conf:
table { 127.0.0.1 }
table { 127.0.0.1 }
http protocol "t" {
tcp { nodelay }
return error
match tag "notag"
match path strip 1 tag "ok"
block tagged "notag"
}
relay "r" {
listen on "127.0.0.1" port 80
protocol "t"
forward to port 8080
}
Netcat (fake server):
nc -k -v -l 127.0.0.1 8080
The incoming request is then:
Connection received on localhost 45510
GET HTTP/1.0
Connection: Close
Host: 127.0.0.1
I made no changes to the diff below.
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.250
> diff -u -p -r1.250 parse.y
> --- parse.y 29 Dec 2020 19:48:06 - 1.250
> +++ parse.y 3 Jan 2021 10:38:26 -
> @@ -175,7 +175,7 @@ typedef struct {
> %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT
> PATH
> %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY
> REMOVE
> %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK
> SCRIPT SEND
> -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
> +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG
> TAGGED TCP
> %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
> %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE
> PASSWORD ECDHE
> %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES
> CHECKS
> @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING
> {
> rule->rule_kv[keytype].kv_option = $2;
> rule->rule_kv[keytype].kv_type = keytype;
> }
> + | PATH STRIP NUMBER {
> + char*strip = NULL;
> +
> + if ($3 < 0 || $3 > INT_MAX) {
> + yyerror("invalid strip number");
> + YYERROR;
> + }
> + if (asprintf(, "%lld", $3) <= 0)
> + fatal("can't parse strip");
> + keytype = KEY_TYPE_PATH;
> + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
> + rule->rule_kv[keytype].kv_value = strip;
> + rule->rule_kv[keytype].kv_type = keytype;
> + }
> | QUERYSTR key_option STRING value {
> switch ($2) {
> case KEY_OPTION_APPEND:
> @@ -2481,6 +2495,7 @@ lookup(char *s)
> { "ssl",SSL },
> { "state", STATE },
> { "sticky-address", STICKYADDR },
> + { "strip", STRIP },
> { "style", STYLE },
> { "table", TABLE },
> { "tag",TAG },
> Index: relay.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.251
> diff -u -p -r1.251 relay.c
> --- relay.c 14 May 2020 17:27:38 - 1.251
> +++ relay.c 3 Jan 2021 10:38:27 -
> @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
> case KEY_OPTION_LOG:
> fprintf(stderr, "log ");
> break;
> + case KEY_OPTION_STRIP:
> + fprintf(stderr, "strip ");
> + break;
> case KEY_OPTION_NONE:
> break;
> }
Re: Port httpd(8) 'strip' directive to relayd(8)
By no means an official OK, but would love to see this in relayd!
Mischa
> On 3 Jan 2021, at 11:40, Denis Fondras wrote:
>
> Le Fri, Dec 11, 2020 at 10:53:56AM +, Olivier Cherrier a écrit :
>>
>> Hello tech@,
>>
>> Is there any interest for this feature to be commited?
>> I find it very useful. Thank you Denis!
>>
>
> Here is an up to date diff, looking for OKs.
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.250
> diff -u -p -r1.250 parse.y
> --- parse.y 29 Dec 2020 19:48:06 - 1.250
> +++ parse.y 3 Jan 2021 10:38:26 -
> @@ -175,7 +175,7 @@ typedef struct {
> %tokenLOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT
> PATH
> %tokenPFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY
> REMOVE
> %tokenREQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK
> SCRIPT SEND
> -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
> +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG
> TAGGED TCP
> %tokenTIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
> %tokenMATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE
> PASSWORD ECDHE
> %tokenEDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES
> CHECKS
> @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING
> {
> rule->rule_kv[keytype].kv_option = $2;
> rule->rule_kv[keytype].kv_type = keytype;
> }
> + | PATH STRIP NUMBER {
> + char*strip = NULL;
> +
> + if ($3 < 0 || $3 > INT_MAX) {
> + yyerror("invalid strip number");
> + YYERROR;
> + }
> + if (asprintf(, "%lld", $3) <= 0)
> + fatal("can't parse strip");
> + keytype = KEY_TYPE_PATH;
> + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
> + rule->rule_kv[keytype].kv_value = strip;
> + rule->rule_kv[keytype].kv_type = keytype;
> + }
> | QUERYSTR key_option STRING value {
> switch ($2) {
> case KEY_OPTION_APPEND:
> @@ -2481,6 +2495,7 @@ lookup(char *s)
> { "ssl",SSL },
> { "state", STATE },
> { "sticky-address", STICKYADDR },
> + { "strip", STRIP },
> { "style", STYLE },
> { "table", TABLE },
> { "tag",TAG },
> Index: relay.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.251
> diff -u -p -r1.251 relay.c
> --- relay.c 14 May 2020 17:27:38 - 1.251
> +++ relay.c 3 Jan 2021 10:38:27 -
> @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
> case KEY_OPTION_LOG:
> fprintf(stderr, "log ");
> break;
> + case KEY_OPTION_STRIP:
> + fprintf(stderr, "strip ");
> + break;
> case KEY_OPTION_NONE:
> break;
> }
> @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
> break;
> }
>
> + int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
> + kv->kv_value == NULL);
> fprintf(stderr, "%s%s%s%s%s%s ",
> kv->kv_key == NULL ? "" : "\"",
> kv->kv_key == NULL ? "" : kv->kv_key,
> kv->kv_key == NULL ? "" : "\"",
> - kv->kv_value == NULL ? "" : " value \"",
> + kvv ? "" : " value \"",
> kv->kv_value == NULL ? "" : kv->kv_value,
> - kv->kv_value == NULL ? "" : "\"");
> + kvv ? "" : "\"");
> }
>
> if (rule->rule_tablename[0])
> Index: relay_http.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 relay_http.c
> --- relay_http.c 4 Sep 2020 13:09:14 - 1.79
> +++ relay_http.c 3 Jan 2021 10:38:27 -
> @@ -77,6 +77,7 @@ int relay_match_actions(struct ctl_rel
> struct relay_rule *, struct kvlist *, struct kvlist *,
> struct relay_table **);
> void relay_httpdesc_free(struct http_descriptor *);
> +char *server_root_strip(char *, int);
>
> static struct relayd *env = NULL;
>
> @@ -1421,14 +1422,16 @@
Re: Port httpd(8) 'strip' directive to relayd(8)
Le Fri, Dec 11, 2020 at 10:53:56AM +, Olivier Cherrier a écrit :
>
> Hello tech@,
>
> Is there any interest for this feature to be commited?
> I find it very useful. Thank you Denis!
>
Here is an up to date diff, looking for OKs.
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.250
diff -u -p -r1.250 parse.y
--- parse.y 29 Dec 2020 19:48:06 - 1.250
+++ parse.y 3 Jan 2021 10:38:26 -
@@ -175,7 +175,7 @@ typedef struct {
%token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH
%token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE
%token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND
-%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
+%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED TCP
%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
@@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING
{
rule->rule_kv[keytype].kv_option = $2;
rule->rule_kv[keytype].kv_type = keytype;
}
+ | PATH STRIP NUMBER {
+ char*strip = NULL;
+
+ if ($3 < 0 || $3 > INT_MAX) {
+ yyerror("invalid strip number");
+ YYERROR;
+ }
+ if (asprintf(, "%lld", $3) <= 0)
+ fatal("can't parse strip");
+ keytype = KEY_TYPE_PATH;
+ rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
+ rule->rule_kv[keytype].kv_value = strip;
+ rule->rule_kv[keytype].kv_type = keytype;
+ }
| QUERYSTR key_option STRING value {
switch ($2) {
case KEY_OPTION_APPEND:
@@ -2481,6 +2495,7 @@ lookup(char *s)
{ "ssl",SSL },
{ "state", STATE },
{ "sticky-address", STICKYADDR },
+ { "strip", STRIP },
{ "style", STYLE },
{ "table", TABLE },
{ "tag",TAG },
Index: relay.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.251
diff -u -p -r1.251 relay.c
--- relay.c 14 May 2020 17:27:38 - 1.251
+++ relay.c 3 Jan 2021 10:38:27 -
@@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
case KEY_OPTION_LOG:
fprintf(stderr, "log ");
break;
+ case KEY_OPTION_STRIP:
+ fprintf(stderr, "strip ");
+ break;
case KEY_OPTION_NONE:
break;
}
@@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
break;
}
+ int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
+kv->kv_value == NULL);
fprintf(stderr, "%s%s%s%s%s%s ",
kv->kv_key == NULL ? "" : "\"",
kv->kv_key == NULL ? "" : kv->kv_key,
kv->kv_key == NULL ? "" : "\"",
- kv->kv_value == NULL ? "" : " value \"",
+ kvv ? "" : " value \"",
kv->kv_value == NULL ? "" : kv->kv_value,
- kv->kv_value == NULL ? "" : "\"");
+ kvv ? "" : "\"");
}
if (rule->rule_tablename[0])
Index: relay_http.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v
retrieving revision 1.79
diff -u -p -r1.79 relay_http.c
--- relay_http.c4 Sep 2020 13:09:14 - 1.79
+++ relay_http.c3 Jan 2021 10:38:27 -
@@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel
struct relay_rule *, struct kvlist *, struct kvlist *,
struct relay_table **);
voidrelay_httpdesc_free(struct http_descriptor *);
+char * server_root_strip(char *, int);
static struct relayd *env = NULL;
@@ -1421,14 +1422,16 @@ relay_httppath_test(struct ctl_relay_eve
if (cre->dir == RELAY_DIR_RESPONSE || kv->kv_type != KEY_TYPE_PATH)
return (0);
- else if (kv->kv_key == NULL)
- return (0);
- else if (fnmatch(kv->kv_key, desc->http_path, 0) == FNM_NOMATCH)
-
Re: Port httpd(8) 'strip' directive to relayd(8)
Hello tech@,
Is there any interest for this feature to be commited?
I find it very useful. Thank you Denis!
--
Olivier Cherrier
Phone: +352691570680
mailto:o...@symacx.com
On Sun, Oct 25, 2020 at 11:28:10AM +0100, open...@ledeuns.net wrote:
> Date: Sun, 25 Oct 2020 11:28:10 +0100
> From: Denis Fondras
> To: Hiltjo Posthuma
> Cc: tech@openbsd.org
> Subject: Re: Port httpd(8) 'strip' directive to relayd(8)
>
> Previous one had a typo... :/
>
> On Sat, Oct 24, 2020 at 08:01:36PM +0200, Hiltjo Posthuma wrote:
> > Thanks for working on this. I haven't tested the patch yet except
> > compiling,
> > but this feature would be very nice to have imho.
> >
> > I find the current "path replace" syntax confusing and it doesn't work for
> > this
> > use-case.
> >
> > Some comments below:
> >
>
> Thank you for the comments Hiltjo.
>
> Here is an updated diff :
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.246
> diff -u -p -r1.246 parse.y
> --- parse.y 14 Sep 2020 11:30:25 - 1.246
> +++ parse.y 25 Oct 2020 09:20:53 -
> @@ -175,8 +175,8 @@ typedef struct {
> %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT
> PATH
> %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY
> REMOVE
> %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK
> SCRIPT SEND
> -%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG
> TAGGED TCP
> -%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL
> RTABLE
> +%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG
> TAGGED
> +%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL
> RTABLE
> %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE
> PASSWORD ECDHE
> %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES
> CHECKS
> %token WEBSOCKETS
> @@ -1569,6 +1569,20 @@ ruleopts : METHOD STRING
> {
> rule->rule_kv[keytype].kv_option = $2;
> rule->rule_kv[keytype].kv_type = keytype;
> }
> + | PATH STRIP NUMBER {
> + char*strip = NULL;
> +
> + if ($3 < 0 || $3 > INT_MAX) {
> + yyerror("invalid strip number");
> + YYERROR;
> + }
> + if (asprintf(, "%lld", $3) <= 0)
> + fatal("can't parse strip");
> + keytype = KEY_TYPE_PATH;
> + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
> + rule->rule_kv[keytype].kv_value = strip;
> + rule->rule_kv[keytype].kv_type = keytype;
> + }
> | QUERYSTR key_option STRING value {
> switch ($2) {
> case KEY_OPTION_APPEND:
> @@ -2506,6 +2520,7 @@ lookup(char *s)
> { "ssl",SSL },
> { "state", STATE },
> { "sticky-address", STICKYADDR },
> + { "strip", STRIP },
> { "style", STYLE },
> { "table", TABLE },
> { "tag",TAG },
> Index: relay.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.251
> diff -u -p -r1.251 relay.c
> --- relay.c 14 May 2020 17:27:38 - 1.251
> +++ relay.c 25 Oct 2020 09:20:53 -
> @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
> case KEY_OPTION_LOG:
> fprintf(stderr, "log ");
> break;
> + case KEY_OPTION_STRIP:
> + fprintf(stderr, "strip ");
> + break;
> case KEY_OPTION_NONE:
> break;
> }
> @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
> break;
> }
>
> + int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
> + kv->kv_value == NULL);
> fprintf(stderr, "
Re: Port httpd(8) 'strip' directive to relayd(8)
Previous one had a typo... :/
On Sat, Oct 24, 2020 at 08:01:36PM +0200, Hiltjo Posthuma wrote:
> Thanks for working on this. I haven't tested the patch yet except compiling,
> but this feature would be very nice to have imho.
>
> I find the current "path replace" syntax confusing and it doesn't work for
> this
> use-case.
>
> Some comments below:
>
Thank you for the comments Hiltjo.
Here is an updated diff :
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.246
diff -u -p -r1.246 parse.y
--- parse.y 14 Sep 2020 11:30:25 - 1.246
+++ parse.y 25 Oct 2020 09:20:53 -
@@ -175,8 +175,8 @@ typedef struct {
%token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH
%token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE
%token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND
-%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
-%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE
+%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED
+%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
%token WEBSOCKETS
@@ -1569,6 +1569,20 @@ ruleopts : METHOD STRING
{
rule->rule_kv[keytype].kv_option = $2;
rule->rule_kv[keytype].kv_type = keytype;
}
+ | PATH STRIP NUMBER {
+ char*strip = NULL;
+
+ if ($3 < 0 || $3 > INT_MAX) {
+ yyerror("invalid strip number");
+ YYERROR;
+ }
+ if (asprintf(, "%lld", $3) <= 0)
+ fatal("can't parse strip");
+ keytype = KEY_TYPE_PATH;
+ rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
+ rule->rule_kv[keytype].kv_value = strip;
+ rule->rule_kv[keytype].kv_type = keytype;
+ }
| QUERYSTR key_option STRING value {
switch ($2) {
case KEY_OPTION_APPEND:
@@ -2506,6 +2520,7 @@ lookup(char *s)
{ "ssl",SSL },
{ "state", STATE },
{ "sticky-address", STICKYADDR },
+ { "strip", STRIP },
{ "style", STYLE },
{ "table", TABLE },
{ "tag",TAG },
Index: relay.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.251
diff -u -p -r1.251 relay.c
--- relay.c 14 May 2020 17:27:38 - 1.251
+++ relay.c 25 Oct 2020 09:20:53 -
@@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
case KEY_OPTION_LOG:
fprintf(stderr, "log ");
break;
+ case KEY_OPTION_STRIP:
+ fprintf(stderr, "strip ");
+ break;
case KEY_OPTION_NONE:
break;
}
@@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
break;
}
+ int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
+kv->kv_value == NULL);
fprintf(stderr, "%s%s%s%s%s%s ",
kv->kv_key == NULL ? "" : "\"",
kv->kv_key == NULL ? "" : kv->kv_key,
kv->kv_key == NULL ? "" : "\"",
- kv->kv_value == NULL ? "" : " value \"",
+ kvv ? "" : " value \"",
kv->kv_value == NULL ? "" : kv->kv_value,
- kv->kv_value == NULL ? "" : "\"");
+ kvv ? "" : "\"");
}
if (rule->rule_tablename[0])
Index: relay_http.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v
retrieving revision 1.79
diff -u -p -r1.79 relay_http.c
--- relay_http.c4 Sep 2020 13:09:14 - 1.79
+++ relay_http.c25 Oct 2020 09:20:53 -
@@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel
struct relay_rule *, struct kvlist *, struct kvlist *,
struct relay_table **);
voidrelay_httpdesc_free(struct http_descriptor *);
+char * server_root_strip(char *, int);
static struct relayd *env = NULL;
@@ -1421,14 +1422,16 @@
Re: Port httpd(8) 'strip' directive to relayd(8)
On Sat, Oct 24, 2020 at 08:01:36PM +0200, Hiltjo Posthuma wrote:
> Thanks for working on this. I haven't tested the patch yet except compiling,
> but this feature would be very nice to have imho.
>
> I find the current "path replace" syntax confusing and it doesn't work for
> this
> use-case.
>
> Some comments below:
>
Thank you for the comments Hiltjo.
Here is an updated diff :
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.246
diff -u -p -r1.246 parse.y
--- parse.y 14 Sep 2020 11:30:25 - 1.246
+++ parse.y 25 Oct 2020 09:20:53 -
@@ -175,8 +175,8 @@ typedef struct {
%token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH
%token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE
%token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND
-%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP
-%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE
+%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED
+%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL RTABLE
%token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE
%token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS
%token WEBSOCKETS
@@ -1569,6 +1569,20 @@ ruleopts : METHOD STRING
{
rule->rule_kv[keytype].kv_option = $2;
rule->rule_kv[keytype].kv_type = keytype;
}
+ | PATH STRIP NUMBER {
+ char*strip = NULL;
+
+ if ($3 < 0 || $3 > INT_MAX) {
+ yyerror("invalid strip number");
+ YYERROR;
+ }
+ if (asprintf(, "%lld", $3) <= 1)
+ fatal("can't parse strip");
+ keytype = KEY_TYPE_PATH;
+ rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
+ rule->rule_kv[keytype].kv_value = strip;
+ rule->rule_kv[keytype].kv_type = keytype;
+ }
| QUERYSTR key_option STRING value {
switch ($2) {
case KEY_OPTION_APPEND:
@@ -2506,6 +2520,7 @@ lookup(char *s)
{ "ssl",SSL },
{ "state", STATE },
{ "sticky-address", STICKYADDR },
+ { "strip", STRIP },
{ "style", STYLE },
{ "table", TABLE },
{ "tag",TAG },
Index: relay.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.251
diff -u -p -r1.251 relay.c
--- relay.c 14 May 2020 17:27:38 - 1.251
+++ relay.c 25 Oct 2020 09:20:53 -
@@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
case KEY_OPTION_LOG:
fprintf(stderr, "log ");
break;
+ case KEY_OPTION_STRIP:
+ fprintf(stderr, "strip ");
+ break;
case KEY_OPTION_NONE:
break;
}
@@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
break;
}
+ int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
+kv->kv_value == NULL);
fprintf(stderr, "%s%s%s%s%s%s ",
kv->kv_key == NULL ? "" : "\"",
kv->kv_key == NULL ? "" : kv->kv_key,
kv->kv_key == NULL ? "" : "\"",
- kv->kv_value == NULL ? "" : " value \"",
+ kvv ? "" : " value \"",
kv->kv_value == NULL ? "" : kv->kv_value,
- kv->kv_value == NULL ? "" : "\"");
+ kvv ? "" : "\"");
}
if (rule->rule_tablename[0])
Index: relay_http.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v
retrieving revision 1.79
diff -u -p -r1.79 relay_http.c
--- relay_http.c4 Sep 2020 13:09:14 - 1.79
+++ relay_http.c25 Oct 2020 09:20:53 -
@@ -77,6 +77,7 @@ intrelay_match_actions(struct ctl_rel
struct relay_rule *, struct kvlist *, struct kvlist *,
struct relay_table **);
voidrelay_httpdesc_free(struct http_descriptor *);
+char * server_root_strip(char *, int);
static struct relayd *env = NULL;
@@ -1421,14 +1422,16 @@ relay_httppath_test(struct
Re: Port httpd(8) 'strip' directive to relayd(8)
On Sat, Oct 24, 2020 at 05:04:20PM +0200, Denis Fondras wrote:
> The 'strip' directive from httpd(8) is useful when forwarding to another
> server.
>
> This diff adds the feature to relayd(8).
>
> With :
>
> match request path "/server/*" tag psonoserver
> match request tagged psonoserver path strip 1
> match request tagged psonoserver forward to
>
>
> https://psono.pw/server/info/ is forwarded as /info
>
> Comments ? OK ?
>
Hi Dennis,
Thanks for working on this. I haven't tested the patch yet except compiling,
but this feature would be very nice to have imho.
I find the current "path replace" syntax confusing and it doesn't work for this
use-case.
Some comments below:
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.246
> diff -u -p -r1.246 parse.y
> --- parse.y 14 Sep 2020 11:30:25 - 1.246
> +++ parse.y 24 Oct 2020 14:52:36 -
> @@ -175,8 +175,8 @@ typedef struct {
> %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT
> PATH
> %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY
> REMOVE
> %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK
> SCRIPT SEND
> -%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG
> TAGGED TCP
> -%token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL
> RTABLE
> +%token SESSION SNMP SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG
> TAGGED
> +%token TCP TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT TRAP URL WITH TTL
> RTABLE
> %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE
> PASSWORD ECDHE
> %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES
> CHECKS
> %token WEBSOCKETS
> @@ -1569,6 +1569,23 @@ ruleopts : METHOD STRING
> {
> rule->rule_kv[keytype].kv_option = $2;
> rule->rule_kv[keytype].kv_type = keytype;
> }
> + | PATH STRIP NUMBER {
> + char*strip = NULL;
> +
> + if ($3 < 0 || $3 > INT_MAX) {
> + yyerror("invalid strip number");
> + YYERROR;
> + }
> + if ((strip = calloc(11, sizeof(char))) == NULL) {
> + yyerror("calloc() failed");
> + YYERROR;
> + }
I think this could be a fatal("calloc"); call, like similar sections in this
file, because it is not a syntax error (YYERROR;).
> + sprintf(strip, "%lld", $3);
The calloc and sprintf could probably be rewritten to a single asprintf() call.
> + keytype = KEY_TYPE_PATH;
> + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP;
> + rule->rule_kv[keytype].kv_value = strip;
> + rule->rule_kv[keytype].kv_type = keytype;
> + }
> | QUERYSTR key_option STRING value {
> switch ($2) {
> case KEY_OPTION_APPEND:
> @@ -2506,6 +2523,7 @@ lookup(char *s)
> { "ssl",SSL },
> { "state", STATE },
> { "sticky-address", STICKYADDR },
> + { "strip", STRIP },
> { "style", STYLE },
> { "table", TABLE },
> { "tag",TAG },
> Index: relay.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.251
> diff -u -p -r1.251 relay.c
> --- relay.c 14 May 2020 17:27:38 - 1.251
> +++ relay.c 24 Oct 2020 14:52:36 -
> @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule)
> case KEY_OPTION_LOG:
> fprintf(stderr, "log ");
> break;
> + case KEY_OPTION_STRIP:
> + fprintf(stderr, "strip ");
> + break;
> case KEY_OPTION_NONE:
> break;
> }
> @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule)
> break;
> }
>
> + int kvv = (kv->kv_option == KEY_OPTION_STRIP ||
> + kv->kv_value == NULL);
> fprintf(stderr, "%s%s%s%s%s%s ",
> kv->kv_key == NULL ? "" : "\"",
> kv->kv_key == NULL ? "" : kv->kv_key,
> kv->kv_key == NULL ? "" : "\"",
> - kv->kv_value == NULL ? "" : " value \"",
> + kvv ? "" : " value \"",
> kv->kv_value == NULL ? "" : kv->kv_value,
> - kv->kv_value ==
