Le Thu, Jan 07, 2021 at 12:03:54PM +0100, Hiltjo Posthuma a écrit : > Hi Denis, > > I like this feature. For example it would be useful for using relayd as a > reverse-proxy to forward it to an internal network running a httpd with some > service. Then the path can be stripped without having to touch this service > configuration. > > Like: https://example.com/myservice/ -> http://192.168.0.2/ . > > I've noticed a small thing while testing the patch. When the path is "/" and > "strip 1" is used it becomes "", the request becomes: "GET HTTP/1.0". Maybe > this should be instead: "/". The same thing happens with a "strip number" > higher than the amount of sub paths. > > It could be worked-around by prefiltering with a match rule, but maybe it is > more obvious to make the root "/" ? The way the function server_root_strip() > is > used by OpenBSD httpd is that it first does a filesystem path check/open(2). > >
Thank you for testing. Here is an update: Index: parse.y =================================================================== RCS file: /cvs/src/usr.sbin/relayd/parse.y,v retrieving revision 1.250 diff -u -p -r1.250 parse.y --- parse.y 29 Dec 2020 19:48:06 -0000 1.250 +++ parse.y 7 Jan 2021 15:08:28 -0000 @@ -175,7 +175,7 @@ typedef struct { %token LOOKUP METHOD MODE NAT NO DESTINATION NODELAY NOTHING ON PARENT PATH %token PFTAG PORT PREFORK PRIORITY PROTO QUERYSTR REAL REDIRECT RELAY REMOVE %token REQUEST RESPONSE RETRY QUICK RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND -%token SESSION SOCKET SPLICE SSL STICKYADDR STYLE TABLE TAG TAGGED TCP +%token SESSION SOCKET SPLICE SSL STICKYADDR STRIP STYLE TABLE TAG TAGGED TCP %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS @@ -1549,6 +1549,20 @@ ruleopts : METHOD STRING { rule->rule_kv[keytype].kv_option = $2; rule->rule_kv[keytype].kv_type = keytype; } + | PATH STRIP NUMBER { + char *strip = NULL; + + if ($3 < 0 || $3 > INT_MAX) { + yyerror("invalid strip number"); + YYERROR; + } + if (asprintf(&strip, "%lld", $3) <= 0) + fatal("can't parse strip"); + keytype = KEY_TYPE_PATH; + rule->rule_kv[keytype].kv_option = KEY_OPTION_STRIP; + rule->rule_kv[keytype].kv_value = strip; + rule->rule_kv[keytype].kv_type = keytype; + } | QUERYSTR key_option STRING value { switch ($2) { case KEY_OPTION_APPEND: @@ -2481,6 +2495,7 @@ lookup(char *s) { "ssl", SSL }, { "state", STATE }, { "sticky-address", STICKYADDR }, + { "strip", STRIP }, { "style", STYLE }, { "table", TABLE }, { "tag", TAG }, Index: relay.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.251 diff -u -p -r1.251 relay.c --- relay.c 14 May 2020 17:27:38 -0000 1.251 +++ relay.c 7 Jan 2021 15:08:28 -0000 @@ -214,6 +214,9 @@ relay_ruledebug(struct relay_rule *rule) case KEY_OPTION_LOG: fprintf(stderr, "log "); break; + case KEY_OPTION_STRIP: + fprintf(stderr, "strip "); + break; case KEY_OPTION_NONE: break; } @@ -227,13 +230,15 @@ relay_ruledebug(struct relay_rule *rule) break; } + int kvv = (kv->kv_option == KEY_OPTION_STRIP || + kv->kv_value == NULL); fprintf(stderr, "%s%s%s%s%s%s ", kv->kv_key == NULL ? "" : "\"", kv->kv_key == NULL ? "" : kv->kv_key, kv->kv_key == NULL ? "" : "\"", - kv->kv_value == NULL ? "" : " value \"", + kvv ? "" : " value \"", kv->kv_value == NULL ? "" : kv->kv_value, - kv->kv_value == NULL ? "" : "\""); + kvv ? "" : "\""); } if (rule->rule_tablename[0]) Index: relay_http.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.79 diff -u -p -r1.79 relay_http.c --- relay_http.c 4 Sep 2020 13:09:14 -0000 1.79 +++ relay_http.c 7 Jan 2021 15:08:28 -0000 @@ -77,6 +77,7 @@ int relay_match_actions(struct ctl_rel struct relay_rule *, struct kvlist *, struct kvlist *, struct relay_table **); void relay_httpdesc_free(struct http_descriptor *); +char * server_root_strip(char *, int); static struct relayd *env = NULL; @@ -1421,14 +1422,16 @@ relay_httppath_test(struct ctl_relay_eve if (cre->dir == RELAY_DIR_RESPONSE || kv->kv_type != KEY_TYPE_PATH) return (0); - else if (kv->kv_key == NULL) - return (0); - else if (fnmatch(kv->kv_key, desc->http_path, 0) == FNM_NOMATCH) - return (-1); - else if (kv->kv_value != NULL && kv->kv_option == KEY_OPTION_NONE) { - query = desc->http_query == NULL ? "" : desc->http_query; - if (fnmatch(kv->kv_value, query, FNM_CASEFOLD) == FNM_NOMATCH) + else if (kv->kv_option != KEY_OPTION_STRIP) { + if (kv->kv_key == NULL) + return (0); + else if (fnmatch(kv->kv_key, desc->http_path, 0) == FNM_NOMATCH) return (-1); + else if (kv->kv_value != NULL && kv->kv_option == KEY_OPTION_NONE) { + query = desc->http_query == NULL ? "" : desc->http_query; + if (fnmatch(kv->kv_value, query, FNM_CASEFOLD) == FNM_NOMATCH) + return (-1); + } } relay_match(actions, kv, match, NULL); @@ -1554,7 +1557,7 @@ relay_apply_actions(struct ctl_relay_eve struct kv *host = NULL; const char *value; struct kv *kv, *match, *kp, *mp, kvcopy, matchcopy, key; - int addkv, ret; + int addkv, ret, nstrip; char buf[IBUF_READ_SIZE], *ptr; char *msg = NULL; const char *meth = NULL; @@ -1655,6 +1658,15 @@ relay_apply_actions(struct ctl_relay_eve case KEY_OPTION_LOG: /* perform this later */ break; + case KEY_OPTION_STRIP: + nstrip = strtonum(kv->kv_value, 0, INT_MAX, NULL); + if (kv->kv_type == KEY_TYPE_PATH) { + if (kv_setkey(match, + server_root_strip(match->kv_key, + nstrip)) == -1) + goto fail; + } + break; default: fatalx("%s: invalid action", __func__); /* NOTREACHED */ @@ -1932,3 +1944,19 @@ relay_match(struct kvlist *actions, stru TAILQ_INSERT_TAIL(actions, kv, kv_match_entry); } } + +char * +server_root_strip(char *path, int n) +{ + char *p; + + /* Strip strip leading directories. Leading '/' is ignored. */ + for (; n > 0 && *path != '\0'; n--) + if ((p = strchr(++path, '/')) != NULL) + path = p; + else + path--; + + return (path); +} + Index: relayd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.202 diff -u -p -r1.202 relayd.conf.5 --- relayd.conf.5 30 Oct 2020 09:47:35 -0000 1.202 +++ relayd.conf.5 7 Jan 2021 15:08:28 -0000 @@ -1289,6 +1289,15 @@ for example: block path "/index.html" block path "/cgi-bin/t.cgi" value "foo=bar*" .Ed +.It Ic path strip Ar number +Strip +.Ar number +path components from the beginning of the path of the requested URL +when using the +.Ic http +protocol. +This type is only available with the direction +.Ic request . .It Ic query Ar option Oo Ar key Oo Ic value Ar value Oc Oc Look up the entity as a query variable in the URL when using the .Ic http Index: relayd.h =================================================================== RCS file: /cvs/src/usr.sbin/relayd/relayd.h,v retrieving revision 1.262 diff -u -p -r1.262 relayd.h --- relayd.h 14 Sep 2020 11:30:25 -0000 1.262 +++ relayd.h 7 Jan 2021 15:08:28 -0000 @@ -292,7 +292,8 @@ enum key_option { KEY_OPTION_SET, KEY_OPTION_REMOVE, KEY_OPTION_HASH, - KEY_OPTION_LOG + KEY_OPTION_LOG, + KEY_OPTION_STRIP }; enum key_type {