relayd(8): transparent forward

Tue, 05 Nov 2019 08:39:56 -0800 


The configuration below works fine as soon as I remove the 'transparent'
keyword but times out when running as transparent forwarder.

What am I missing?

Any help is being appreciated.


-----------------------------------------------------
# relayd.conf

http protocol "httpsfilter" {
        tcp { nodelay, sack }
        return error
        pass
        tls keypair test-site
}
relay "httpsinspect" {
        listen on 127.0.0.1 port 8443 tls
        protocol "httpsfilter"
        transparent forward with tls to destination
}
------------------------------------------------------

------------------------------------------------------
# pf.conf

set skip on lo
block return
pass
pass in on egress inet proto tcp to port https \
        divert-to 127.0.0.1 port 8443
------------------------------------------------------


Here's some debug output:

root:/root:2# relayd -dvv
startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
pfe: filter init done
socket_rlimit: max open files 1024
relay_load_certfiles: using certificate /etc/ssl/test-site.crt
relay_load_certfiles: using private key /etc/ssl/private/test-site.key
parent_tls_ticket_rekey: rekeying tickets
relay_privinit: adding relay httpsinspect
protocol 1: name httpsfilter
        flags: used, return, relay flags: tls, tls client, divert
        tcp flags: nodelay, sack
        tls flags: tlsv1.2, cipher-server-preference
        tls session tickets: disabled
        type: http
                pass request
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
init_tables: created 0 tables
relay_tls_ctx_create: loading certificate
relay_tls_ctx_create: loading certificate
relay_tls_ctx_create: loading certificate
relay_launch: running relay httpsinspect
relay_launch: running relay httpsinspect
relay_launch: running relay httpsinspect
relay_tls_transaction: session 1: scheduling on EV_READ
relay httpsinspect, tls session 1 established (1 active)
relay_connect: session 1: forward failed: Operation timed out
relay_close: sessions inflight decremented, now 0
relay_tls_transaction: session 2: scheduling on EV_READ
relay httpsinspect, tls session 2 established (1 active)
relay_connect: session 2: forward failed: Operation timed out
relay_close: sessions inflight decremented, now 0
^Ckill_tables: deleted 0 tables
hce exiting, pid 46061
ca exiting, pid 45725
flush_rulesets: flushed rules
ca exiting, pid 26171
ca exiting, pid 87096
pfe exiting, pid 63649
relay exiting, pid 69039
relay exiting, pid 56446
relay exiting, pid 69591
parent terminating, pid 49439
root:/root:3#























					Reply via email to