Hi,
I just committed a big change to relayd: the new filtering language.
tl;dr - I need your help! Please test the new filter rules in relayd
-current to eliminate any remaining issues in the new implementation.
When I wrote the HTTP support in relayd, I needed a way to filter and
manipulate HTTP headers, to add the X-Forwarded-For header for load
balancing or to select a backend server based on hashed cookies. So I
added the tree-based "protocol nodes". The code was extended to
support URLs, blacklists and many other HTTP options over the time. I
didn't like the implementation very much, because it extended the
intial red/black tree of HTTP headers into a forest of trees and
associated lists with multiple hooks for the filters.
One main missing feature of the old code was the possibility to select
a relay target based on the request path or URL, for example to send
requests to "/images" to a different backend than requests to "/". I
refused to cram it into the existing "protocol nodes" because it
didn't fit in the old implementation and grammar.
So I removed all the "protocol nodes" code from relayd and started to
reimplement it as a new filtering subsystem. The resulting
configuration language uses last-matching pf-like rules starting with
the "pass", "block" or "match" keywords. If you know how to use
OpenBSD's pf, you will quickly know how to use the filter rules;
otherwise it is a bit of a learning curve.
Good news: the new filter rules now support URL-based relaying.
http protocol www {
return error
pass
match request path "/images/*" forward to <imgservers>
}
relayd www {
listen on 10.1.1.1 port 80
protocol www
forward to <wwwservers> check tcp port 80
forward to <imgservers> check tcp port 80
}
andre@ helped me by writing a tool that ended up as a port in
sysutils/relayd-updateconf to convert old configuration files to the
new grammar. This tool is provided as a convenience, and you should
still review and adjust the configuration manually. He also updated
the regression tests in src/regress/usr.sbin/relayd to verify the
functionality of existing relayd features with the new grammar.
Now I need your help to test it in the real world! We will continue
to improve the code and add a few more features (like filtering based
on IP addresses, other protocols, and more), but we also want to make
sure that it does not break any existings setups.
Reyk
--
relayd - BSD plumbing since 2006: http://bsd.plumbing/
