I just relized that I did send out an outdated diff. This one has
an additional check for F_SSL and F_SSLCLIENT to avoid splicing ssl
connections.
The RELAY_NOSPLICE environment variable is only for testing and
will be removed in the final version.
bluhm
Index: usr.sbin/relayd/parse.y
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.149
diff -u -p -r1.149 parse.y
--- usr.sbin/relayd/parse.y 26 Oct 2010 15:04:37 -0000 1.149
+++ usr.sbin/relayd/parse.y 22 Feb 2011 22:54:05 -0000
@@ -796,6 +796,9 @@ proto : relay_proto PROTO STRING {
free($3);
p->id = ++last_proto_id;
p->type = $1;
+ if (p->type == RELAY_PROTO_TCP &&
+ !getenv("RELAY_NOSPLICE"))
+ p->flags |= F_SPLICE;
p->cache = RELAY_CACHESIZE;
p->tcpflags = TCPFLAG_DEFAULT;
p->sslflags = SSLFLAG_DEFAULT;
@@ -2170,6 +2173,8 @@ parse_config(const char *filename, int o
(void)strlcpy(conf->sc_proto_default.sslciphers, SSLCIPHERS_DEFAULT,
sizeof(conf->sc_proto_default.sslciphers));
conf->sc_proto_default.type = RELAY_PROTO_TCP;
+ if (!getenv("RELAY_NOSPLICE"))
+ conf->sc_proto_default.flags |= F_SPLICE;
(void)strlcpy(conf->sc_proto_default.name, "default",
sizeof(conf->sc_proto_default.name));
RB_INIT(&conf->sc_proto_default.request_tree);
Index: usr.sbin/relayd/relay.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.128
diff -u -p -r1.128 relay.c
--- usr.sbin/relayd/relay.c 20 Dec 2010 12:38:06 -0000 1.128
+++ usr.sbin/relayd/relay.c 22 Feb 2011 22:54:05 -0000
@@ -2328,6 +2328,22 @@ relay_connect(struct rsession *con)
return (-1);
}
+ if (rlay->rl_proto->flags & F_SPLICE &&
+ (rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) == 0) {
+ if (setsockopt(con->se_in.s, SOL_SOCKET, SO_SPLICE,
+ &con->se_out.s, sizeof(int)) == -1) {
+ log_debug("relay_connect: session %d: splice forward "
+ "failed: %s", con->se_id, strerror(errno));
+ return (-1);
+ }
+ if (setsockopt(con->se_out.s, SOL_SOCKET, SO_SPLICE,
+ &con->se_in.s, sizeof(int)) == -1) {
+ log_debug("relay_connect: session %d: splice backward "
+ "failed: %s", con->se_id, strerror(errno));
+ return (-1);
+ }
+ }
+
if (errno == EINPROGRESS)
event_again(&con->se_ev, con->se_out.s, EV_WRITE|EV_TIMEOUT,
relay_connected, &con->se_tv_start, &env->sc_timeout, con);
Index: usr.sbin/relayd/relayd.8
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relayd.8,v
retrieving revision 1.23
diff -u -p -r1.23 relayd.8
--- usr.sbin/relayd/relayd.8 24 May 2010 19:44:23 -0000 1.23
+++ usr.sbin/relayd/relayd.8 22 Feb 2011 23:00:20 -0000
@@ -121,6 +121,12 @@ Only check the configuration file for va
.It Fl v
Produce more verbose output.
.El
+.Sh ENVIRONMENT
+It is possible to disable support for socket splicing by setting
+the environment variable
+.Ev RELAY_NOSPLICE .
+Socket splicing is used by default to speed up plain TCP connections
+without ssl.
.Sh FILES
.Bl -tag -width "/var/run/relayd.sockXX" -compact
.It /etc/relayd.conf
Index: usr.sbin/relayd/relayd.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relayd.h,v
retrieving revision 1.140
diff -u -p -r1.140 relayd.h
--- usr.sbin/relayd/relayd.h 31 Dec 2010 21:22:42 -0000 1.140
+++ usr.sbin/relayd/relayd.h 22 Feb 2011 22:54:05 -0000
@@ -249,6 +249,7 @@ TAILQ_HEAD(addresslist, address);
#define F_SSLCLIENT 0x00200000
#define F_NEEDRT 0x00400000
#define F_MATCH 0x00800000
+#define F_SPLICE 0x01000000
enum forwardmode {
FWD_NORMAL = 0,
