Import patches from upstream:

- fix open sockets limit for health check - only set SO_REUSEPORT for listening ports Feature safe: yes
author: Martin Matuska <mm@FreeBSD.org> 2011-01-15 00:26:39 +0000
committer: Martin Matuska <mm@FreeBSD.org> 2011-01-15 00:26:39 +0000
commit: 71db92a9dfbb89a42fbb97bf5f7a001d60733389 (patch)
tree: 4363ef3c431d3a11c3a72788d4464d328ab23c30 /net/relayd
parent: e0a1d111b9c41b64490730f8e500748a6b926f7c (diff)
download: ports-71db92a9dfbb89a42fbb97bf5f7a001d60733389.tar.gz
ports-71db92a9dfbb89a42fbb97bf5f7a001d60733389.zip
7 files changed, 264 insertions, 37 deletions
diff --git a/net/relayd/Makefile b/net/relayd/Makefile
index 7dc8889a32a2..229ae0a2f415 100644
--- a/net/relayd/Makefile
+++ b/net/relayd/Makefile
@@ -6,7 +6,7 @@
 
 PORTNAME=	relayd
 PORTVERSION=	4.6.20090813
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_LOCAL}
 MASTER_SITE_SUBDIR=	mm
diff --git a/net/relayd/files/patch-relayd-check_tcp.c b/net/relayd/files/patch-relayd-check_tcp.c
index eb4e13728c75..d46971103271 100644
--- a/net/relayd/files/patch-relayd-check_tcp.c
+++ b/net/relayd/files/patch-relayd-check_tcp.c
@@ -1,5 +1,42 @@
---- relayd/check_tcp.c.orig	2010-05-27 11:10:01.114202025 +0200
-+++ relayd/check_tcp.c	2010-05-27 11:22:55.453595437 +0200
+--- relayd/check_tcp.c.orig	2011-01-15 00:27:09.011450590 +0100
++++ relayd/check_tcp.c	2011-01-15 00:42:05.271822942 +0100
+@@ -50,11 +50,10 @@
+ check_tcp(struct ctl_tcp_event *cte)
+ {
+ 	int			 s;
+-	int			 type;
+ 	socklen_t		 len;
+ 	struct timeval		 tv;
+ 	struct linger		 lng;
+-	int			 he = HCE_TCP_CONNECT_ERROR;
++	int			 he = HCE_TCP_SOCKET_OPTION;
+ 
+ 	switch (cte->host->conf.ss.ss_family) {
+ 	case AF_INET:
+@@ -69,17 +68,18 @@
+ 
+ 	len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len;
+ 
+-	if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1)
++	if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) {
++		if (errno == EMFILE || errno == ENFILE)
++			he = HCE_TCP_SOCKET_LIMIT;
++		else
++			he = HCE_TCP_SOCKET_ERROR;
+ 		goto bad;
++	}
+ 
+ 	bzero(&lng, sizeof(lng));
+ 	if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
+ 		goto bad;
+ 
+-	type = 1;
+-	if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &type, sizeof(type)) == -1)
+-		goto bad;
+-
+ 	if (cte->host->conf.ttl > 0) {
+ 		if (setsockopt(s, IPPROTO_IP, IP_TTL,
+ 		    &cte->host->conf.ttl, sizeof(int)) == -1)
 @@ -99,6 +99,7 @@
  
  	cte->buf = NULL;
diff --git a/net/relayd/files/patch-relayd-hce.c b/net/relayd/files/patch-relayd-hce.c
index bea88b501c5c..505edc8a2fe0 100644
--- a/net/relayd/files/patch-relayd-hce.c
+++ b/net/relayd/files/patch-relayd-hce.c
@@ -1,5 +1,5 @@
---- relayd/hce.c.orig	2010-05-31 08:54:55.771055422 +0200
-+++ relayd/hce.c	2010-05-31 08:54:50.916277342 +0200
+--- relayd/hce.c.orig	2011-01-15 00:27:09.012456298 +0100
++++ relayd/hce.c	2011-01-15 00:40:15.058397878 +0100
 @@ -62,6 +62,11 @@
  	case SIGTERM:
  		hce_shutdown();
@@ -21,7 +21,17 @@
  
  	switch (pid = fork()) {
  	case -1:
-@@ -135,12 +138,17 @@
+@@ -117,6 +120,9 @@
+ 
+ 	event_init();
+ 
++	/* Allow maximum available sockets for TCP checks */
++	socket_rlimit(-1);
++
+ 	if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL ||
+ 	    (iev_main = calloc(1, sizeof(struct imsgev))) == NULL)
+ 		fatal("hce");
+@@ -135,12 +141,17 @@
  	    iev_main->handler, iev_main);
  	event_add(&iev_main->ev, NULL);
  
@@ -45,7 +55,7 @@
  
  	/* setup pipes */
  	close(pipe_pfe2hce[1]);
-@@ -370,6 +378,7 @@
+@@ -370,6 +381,7 @@
  	objid_t			 id;
  	struct host		*host;
  	struct table		*table;
@@ -53,7 +63,7 @@
  
  	iev = ptr;
  	ibuf = &iev->ibuf;
-@@ -437,6 +446,10 @@
+@@ -437,6 +449,10 @@
  				table->skipped = 0;
  			hce_launch_checks(-1, EV_TIMEOUT, env);
  			break;
diff --git a/net/relayd/files/patch-relayd-log.c b/net/relayd/files/patch-relayd-log.c
index 35c97fab94e8..4921f9779660 100644
--- a/net/relayd/files/patch-relayd-log.c
+++ b/net/relayd/files/patch-relayd-log.c
@@ -1,5 +1,5 @@
---- relayd/log.c.orig	2010-05-31 08:55:55.644112693 +0200
-+++ relayd/log.c	2010-05-31 08:55:50.789959404 +0200
+--- relayd/log.c.orig	2011-01-15 00:27:09.012456298 +0100
++++ relayd/log.c	2011-01-15 00:39:01.553947279 +0100
 @@ -45,6 +45,7 @@
  #include "relayd.h"
  
@@ -38,3 +38,21 @@
  		va_start(ap, emsg);
  		vlog(LOG_DEBUG, emsg, ap);
  		va_end(ap);
+@@ -192,9 +200,15 @@
+ 	case HCE_ICMP_WRITE_TIMEOUT:
+ 		return ("icmp write timeout");
+ 		break;
+-	case HCE_TCP_CONNECT_ERROR:
+-		return ("tcp connect error");
++	case HCE_TCP_SOCKET_ERROR:
++		return ("tcp socket error");
++		break;
++	case HCE_TCP_SOCKET_LIMIT:
++		return ("tcp socket limit");
+ 		break;
++	case HCE_TCP_SOCKET_OPTION:
++		return ("tcp socket option");
++ 		break;
+ 	case HCE_TCP_CONNECT_FAIL:
+ 		return ("tcp connect failed");
+ 		break;
diff --git a/net/relayd/files/patch-relayd-relay.c b/net/relayd/files/patch-relayd-relay.c
index db5614bfef0d..ac59ef482321 100644
--- a/net/relayd/files/patch-relayd-relay.c
+++ b/net/relayd/files/patch-relayd-relay.c
@@ -1,6 +1,23 @@
---- relayd/relay.c.orig	2010-05-31 09:13:05.908338459 +0200
-+++ relayd/relay.c	2010-05-31 09:12:54.131616372 +0200
-@@ -105,6 +105,7 @@
+--- relayd/relay.c.orig	2011-01-15 01:22:35.236684399 +0100
++++ relayd/relay.c	2011-01-15 01:24:07.864955572 +0100
+@@ -28,7 +28,6 @@
+ #include <sys/un.h>
+ #include <sys/tree.h>
+ #include <sys/hash.h>
+-#include <sys/resource.h>
+ 
+ #include <net/if.h>
+ #include <netinet/in_systm.h>
+@@ -64,7 +63,7 @@
+ void		 relay_init(void);
+ void		 relay_launch(void);
+ int		 relay_socket(struct sockaddr_storage *, in_port_t,
+-		    struct protocol *, int);
++		    struct protocol *, int, int);
+ int		 relay_socket_listen(struct sockaddr_storage *, in_port_t,
+ 		    struct protocol *);
+ int		 relay_socket_connect(struct sockaddr_storage *, in_port_t,
+@@ -105,6 +104,7 @@
  		    char *, size_t);
  void		 relay_close_http(struct rsession *, u_int, const char *,
  		    u_int16_t);
@@ -8,7 +25,7 @@
  
  SSL_CTX		*relay_ssl_ctx_create(struct relay *);
  void		 relay_ssl_transaction(struct rsession *,
-@@ -148,6 +149,14 @@
+@@ -148,6 +148,14 @@
  	case SIGTERM:
  	case SIGINT:
  		(void)event_loopexit(NULL);
@@ -23,7 +40,7 @@
  	}
  }
  
-@@ -158,8 +167,6 @@
+@@ -158,8 +166,6 @@
  {
  	pid_t		 pid;
  	struct passwd	*pw;
@@ -32,7 +49,7 @@
  	int		 i;
  
  	switch (pid = fork()) {
-@@ -213,12 +220,17 @@
+@@ -213,12 +219,17 @@
  	/* Per-child initialization */
  	relay_init();
  
@@ -56,7 +73,72 @@
  
  	/* setup pipes */
  	close(pipe_pfe2hce[0]);
-@@ -1312,6 +1324,29 @@
+@@ -452,19 +463,9 @@
+ 	struct relay	*rlay;
+ 	struct host	*host;
+ 	struct timeval	 tv;
+-	struct rlimit	 rl;
+ 
+-	if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
+-		fatal("relay_init: failed to get resource limit");
+-	log_debug("relay_init: max open files %d", rl.rlim_max);
+-
+-	/*
+-	 * Allow the maximum number of open file descriptors for this
+-	 * login class (which should be the class "daemon" by default).
+-	 */
+-	rl.rlim_cur = rl.rlim_max;
+-	if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
+-		fatal("relay_init: failed to set resource limit");
++	/* Unlimited file descriptors (use system limits) */
++	socket_rlimit(-1);
+ 
+ 	TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
+ 		if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) &&
+@@ -625,7 +626,7 @@
+ 
+ int
+ relay_socket(struct sockaddr_storage *ss, in_port_t port,
+-    struct protocol *proto, int fd)
++    struct protocol *proto, int fd, int reuseport)
+ {
+ 	int s = -1, val;
+ 	struct linger lng;
+@@ -643,9 +644,12 @@
+ 	bzero(&lng, sizeof(lng));
+ 	if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
+ 		goto bad;
+-	val = 1;
+-	if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1)
+-		goto bad;
++	if (reuseport) {
++		val = 1;
++		if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val,
++			sizeof(int)) == -1)
++			goto bad;
++	}
+ 	if (fcntl(s, F_SETFL, O_NONBLOCK) == -1)
+ 		goto bad;
+ 	if (proto->tcpflags & TCPFLAG_BUFSIZ) {
+@@ -713,7 +717,7 @@
+ {
+ 	int	s;
+ 
+-	if ((s = relay_socket(ss, port, proto, fd)) == -1)
++	if ((s = relay_socket(ss, port, proto, fd, 0)) == -1)
+ 		return (-1);
+ 
+ 	if (connect(s, (struct sockaddr *)ss, ss->ss_len) == -1) {
+@@ -734,7 +738,7 @@
+ {
+ 	int s;
+ 
+-	if ((s = relay_socket(ss, port, proto, -1)) == -1)
++	if ((s = relay_socket(ss, port, proto, -1, 1)) == -1)
+ 		return (-1);
+ 
+ 	if (bind(s, (struct sockaddr *)ss, ss->ss_len) == -1)
+@@ -1312,6 +1316,29 @@
  }
  
  void
@@ -86,7 +168,7 @@
  relay_read_http(struct bufferevent *bev, void *arg)
  {
  	struct ctl_relay_event	*cre = (struct ctl_relay_event *)arg;
-@@ -1580,10 +1615,7 @@
+@@ -1580,10 +1607,7 @@
  		if (relay_bufferevent_print(cre->dst, "\r\n") == -1)
  			goto fail;
  
@@ -98,7 +180,20 @@
  
   done:
  		if (cre->dir == RELAY_DIR_REQUEST && !cre->toread &&
-@@ -2419,6 +2451,7 @@
+@@ -2380,6 +2404,12 @@
+ 		bufferevent_free(con->se_out.bev);
+ 	else if (con->se_out.output != NULL)
+ 		evbuffer_free(con->se_out.output);
++	if (con->se_out.ssl != NULL) {
++		/* XXX handle non-blocking shutdown */
++		if (SSL_shutdown(con->se_out.ssl) == 0)
++			SSL_shutdown(con->se_out.ssl);
++		SSL_free(con->se_out.ssl);
++	}
+ 	if (con->se_out.s != -1)
+ 		close(con->se_out.s);
+ 	if (con->se_out.path != NULL)
+@@ -2419,6 +2449,7 @@
  	struct table		*table;
  	struct ctl_status	 st;
  	objid_t			 id;
@@ -106,7 +201,7 @@
  
  	iev = ptr;
  	ibuf = &iev->ibuf;
-@@ -2522,6 +2555,10 @@
+@@ -2522,6 +2553,10 @@
  			imsg_compose_event(iev, IMSG_CTL_END,
  			    0, 0, -1, NULL, 0);
  			break;
diff --git a/net/relayd/files/patch-relayd-relayd.c b/net/relayd/files/patch-relayd-relayd.c
index 87b994ed7d65..661c23251cc2 100644
--- a/net/relayd/files/patch-relayd-relayd.c
+++ b/net/relayd/files/patch-relayd-relayd.c
@@ -1,6 +1,14 @@
---- relayd/relayd.c.orig	2010-05-31 07:32:32.670912835 +0000
-+++ relayd/relayd.c	2010-05-31 07:35:25.223559078 +0000
-@@ -112,6 +112,9 @@
+--- relayd/relayd.c.orig	2011-01-15 00:27:09.020486320 +0100
++++ relayd/relayd.c	2011-01-15 00:32:43.024188430 +0100
+@@ -26,6 +26,7 @@
+ #include <sys/queue.h>
+ #include <sys/socket.h>
+ #include <sys/wait.h>
++#include <sys/resource.h>
+ 
+ #include <net/if.h>
+ #include <netinet/in.h>
+@@ -113,6 +114,9 @@
  	case SIGHUP:
  		reconfigure();
  		break;
@@ -10,8 +18,8 @@
  	default:
  		fatalx("unexpected signal");
  	}
-@@ -136,10 +139,6 @@
- 	u_int32_t		 opts;
+@@ -142,10 +146,6 @@
+ #endif
  	struct relayd		*env;
  	const char		*conffile;
 -	struct event		 ev_sigint;
@@ -21,7 +29,7 @@
  	struct imsgev		*iev;
  
  	opts = 0;
-@@ -245,15 +244,17 @@
+@@ -261,15 +261,17 @@
  
  	event_init();
  
@@ -48,7 +56,7 @@
  
  	close(pipe_parent2pfe[1]);
  	close(pipe_parent2hce[1]);
-@@ -306,6 +307,8 @@
+@@ -322,6 +324,8 @@
  #endif
  	event_dispatch();
  
@@ -57,7 +65,7 @@
  	return (0);
  }
  
-@@ -626,6 +629,7 @@
+@@ -642,6 +646,7 @@
  #ifndef __FreeBSD__
  	struct ctl_demote	 demote;
  #endif
@@ -65,7 +73,7 @@
  
  	iev = ptr;
  	ibuf = &iev->ibuf;
-@@ -669,6 +673,10 @@
+@@ -685,6 +690,10 @@
  			 */
  			reconfigure();
  			break;
@@ -76,7 +84,7 @@
  		default:
  			log_debug("main_dispatch_pfe: unexpected imsg %d",
  			    imsg.hdr.type);
-@@ -972,6 +980,7 @@
+@@ -988,6 +997,7 @@
  	if (timercmp(&tv_next, &tv, >))
  		bcopy(&tv_next, &tv, sizeof(tv));
  
@@ -84,7 +92,7 @@
  	event_set(ev, fd, event, fn, arg);
  	event_add(ev, &tv);
  }
-@@ -1129,6 +1138,7 @@
+@@ -1145,6 +1155,7 @@
  	}
  	pn->key = strdup(pk->key);
  	if (pn->key == NULL) {
@@ -92,3 +100,28 @@
  		log_warn("out of memory");
  		return (NULL);
  	}
+@@ -1370,3 +1381,24 @@
+ 
+ 	return (0);
+ }
++
++void
++socket_rlimit(int maxfd)
++{
++	struct rlimit	 rl;
++
++	if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
++		fatal("socket_rlimit: failed to get resource limit");
++	log_debug("socket_rlimit: max open files %d", rl.rlim_max);
++
++	/*
++	 * Allow the maximum number of open file descriptors for this
++	 * login class (which should be the class "daemon" by default).
++	 */
++	if (maxfd == -1)
++		rl.rlim_cur = rl.rlim_max;
++	else
++		rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd);
++	if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
++		fatal("socket_rlimit: failed to set resource limit");
++}
diff --git a/net/relayd/files/patch-relayd-relayd.h b/net/relayd/files/patch-relayd-relayd.h
index 100b072cd573..33ba4116ff26 100644
--- a/net/relayd/files/patch-relayd-relayd.h
+++ b/net/relayd/files/patch-relayd-relayd.h
@@ -1,6 +1,32 @@
---- relayd/relayd.h.orig	2010-05-31 09:21:12.676718667 +0200
-+++ relayd/relayd.h	2010-05-31 09:21:04.892410464 +0200
-@@ -637,6 +637,13 @@
+--- relayd/relayd.h.orig	2011-01-15 00:27:09.022494663 +0100
++++ relayd/relayd.h	2011-01-15 00:47:37.743251059 +0100
+@@ -19,11 +19,12 @@
+  */
+ 
+ #include <sys/tree.h>
++
++#include <sys/param.h>		/* MAXHOSTNAMELEN */
++#include <limits.h>
+ #ifdef __FreeBSD__
+-#include <sys/param.h>
+ #include <sys/queue.h>
+ #endif
+-
+ #include <imsg.h>
+ 
+ #ifdef __FreeBSD__
+@@ -299,7 +300,9 @@
+ 	HCE_ICMP_OK,
+ 	HCE_ICMP_READ_TIMEOUT,
+ 	HCE_ICMP_WRITE_TIMEOUT,
+-	HCE_TCP_CONNECT_ERROR,
++	HCE_TCP_SOCKET_ERROR,
++	HCE_TCP_SOCKET_LIMIT,
++	HCE_TCP_SOCKET_OPTION,
+ 	HCE_TCP_CONNECT_FAIL,
+ 	HCE_TCP_CONNECT_TIMEOUT,
+ 	HCE_TCP_CONNECT_OK,
+@@ -637,6 +640,13 @@
  	struct ctl_icmp_event	 sc_icmp_recv;
  	struct ctl_icmp_event	 sc_icmp6_send;
  	struct ctl_icmp_event	 sc_icmp6_recv;
@@ -14,7 +40,7 @@
  };
  
  #define RELAYD_OPT_VERBOSE		0x01
-@@ -699,6 +706,7 @@
+@@ -699,6 +709,7 @@
  	IMSG_CTL_NOTIFY,
  	IMSG_CTL_RDR_STATS,
  	IMSG_CTL_RELAY_STATS,
@@ -22,7 +48,7 @@
  	IMSG_RDR_ENABLE,	/* notifies from pfe to hce */
  	IMSG_RDR_DISABLE,
  	IMSG_TABLE_ENABLE,
-@@ -799,7 +807,6 @@
+@@ -799,7 +810,6 @@
  int	 relay_cmp_af(struct sockaddr_storage *,
  		 struct sockaddr_storage *);
  
@@ -30,7 +56,15 @@
  RB_PROTOTYPE(proto_tree, protonode, se_nodes, relay_proto_cmp);
  SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp);
  
-@@ -894,6 +901,7 @@
+@@ -867,6 +877,7 @@
+ void		 imsg_event_add(struct imsgev *);
+ int	 	 imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
+ 		    pid_t, int, void *, u_int16_t);
++void		 socket_rlimit(int);
+ 
+ /* carp.c */
+ int	 carp_demote_init(char *, int);
+@@ -898,6 +909,7 @@
  
  /* log.c */
  void	log_init(int);
author	Martin Matuska <mm@FreeBSD.org>	2011-01-15 00:26:39 +0000
committer	Martin Matuska <mm@FreeBSD.org>	2011-01-15 00:26:39 +0000
commit	71db92a9dfbb89a42fbb97bf5f7a001d60733389 (patch)
tree	4363ef3c431d3a11c3a72788d4464d328ab23c30 /net/relayd
parent	e0a1d111b9c41b64490730f8e500748a6b926f7c (diff)
download	ports-71db92a9dfbb89a42fbb97bf5f7a001d60733389.tar.gz ports-71db92a9dfbb89a42fbb97bf5f7a001d60733389.zip