commit 1cc8f22e8ff7f5bcbe7a7745c73a49725de46e90 parent 35fa8d2fb4e5abaa8acb1b54969707face8604c4 Author: finwo <finwo@pm.me> Date: Sat, 3 Jan 2026 19:33:41 +0100 1.61 Diffstat:
123 files changed, 441 insertions(+), 332 deletions(-)
diff --git a/ChangeLog b/ChangeLog @@ -1,6 +1,10 @@ ChangeLog for Crossroads ------------------------------------------------------------------------------ +1.61 [KK 2007-10-02] + - Added messaging to allowfrom/denyfrom rule handling. Bugfixes + in the parsing and handling of allow/deny rules. + 1.60 [KK 2007-08-29] - upped c-conf to 1.10 - Support for __progname_full in systems that have it, see setproctitle() diff --git a/doc/crossroads.conf.7 b/doc/crossroads.conf.7 @@ -508,9 +508,13 @@ own key, based on the service name\&. Crossroads can allow or deny connections based on the IP address of a client\&. There are four directives that are relevant: \f(CWallowfrom\fP, \f(CWallowfile\fP, -\f(CWdenyfrom\fP and \f(CWdenyfile\fP\&. When using \f(CWallowfrom\fP and +\f(CWdenyfrom\fP and \f(CWdenyfile\fP\&. +.IP +When using \f(CWallowfrom\fP and \f(CWdenyfrom\fP then the IP addresses to allow or deny connections are -stated in /etc/crossroads\&.conf\&. +stated in /etc/crossroads\&.conf\&. When using \f(CWallowfile\fP and +\f(CWdenyfile\fP the allow or deny connections are stated in a +separate file\&. .IP When \f(CWallow*\fP directives are used, then all connections are denied unless they match the stated allowed IP\&'s\&. When \f(CWdeny*\fP directives @@ -528,11 +532,12 @@ specifying filters in /etc/crossroads\&.conf or in external files, is that Crossroads will reload the external files when it receives signal 1 (\f(CWSIGHUP\fP), as in \f(CWkillall -1 crossroads\fP\&. .IP -The filter specifications must obey the following syntax: it -consists of up to +The filter specifications must obey the following syntax: they +are series of space-separated strings, consisting of up to four numbers ranging from 0 to 255 and separated by a decimal sign\&. Optionally a slash follows, with a bitmask which is also a -decimal number\&. +decimal number\&. For example, \f(CW127\&.0\&.0/24 10/8 192\&.168\&.2\&.1\fP is a +setting that consists of three specifiers\&. .IP This is probably best explained by a few examples: .IP @@ -546,7 +551,8 @@ from e\&.g\&. 10\&.1\&.1\&.1 and 10\&.2\&.3\&.4 will be allowed\&. .IP .IP o \f(CWallowfrom 10\&.3/16;\fP will allow all IP addresses that -start with \f(CW10\&.3\fP\&. +start with \f(CW10\&.3\fP\&. The first 16 bits (i\&.e\&., the first 2 +numbers) are significant, the rest doesn\&'t matter\&. .IP .IP o \f(CWallowfrom 10\&.3\&.1/16;\fP is the same as above\&. The third @@ -568,6 +574,20 @@ IP address \f(CW10\&.3\&.1\&.15\fP or from a complete Class B network \f(CWallowfile /tmp/myfile\&.txt;\fP in combination with a file \f(CW/tmp/myfile\&.txt\fP, with the contents \f(CW10\&.3\&.1\&.15 10\&.2/16\fP, is the same as above\&. +.IP +When using ttt(allowfrom) and \f(CWdenyfrom\fP, separate specifiers +can be stated in one statement (separated by whitespace), or the +whole statement can be repeated\&. E\&.g\&., the following two +alternatives have the same effect: +.IP +.nf +/* Alternative 1: */ +allowfrom 10/8 192\&.168\&.1/24; + +/* Alternative 2: */ +allowfrom 10/8; +allowfrom 192\&.168\&.1\&.24; +.fi .IP "Syntax:" .IP o \f(CWallowfrom\fP \fIfilter-specificication(s)\fP diff --git a/doc/crossroads.html b/doc/crossroads.html @@ -1,12 +1,12 @@ <a name="../crossroads-defs"></a><a name="defs"></a><html><head> -<title>Crossroads 1.60</title> +<title>Crossroads 1.61</title> <link rel="stylesheet" type="text/css" href="http://www.e-tunity.com/css/yodl.css"> <link rel="stylesheet" type="text/css" href="http://www.e-tunity.com/css/yodl.css"> <link rev="made" href="mailto:info@e-tunity.com"> </head> <body> <hr> -<h1>Crossroads 1.60</h1> +<h1>Crossroads 1.61</h1> <h2>Karel Kubat <br> Maintained by Karel Kubat (karel@kubat.nl)</h2> @@ -1181,9 +1181,13 @@ The actual key value doesn't matter much, as long as it's unique <p><dt><strong>Description:</strong><dd> Crossroads can allow or deny connections based on the IP address of a client. There are four directives that are relevant: <code>allowfrom</code>, <code>allowfile</code>, - <code>denyfrom</code> and <code>denyfile</code>. When using <code>allowfrom</code> and + <code>denyfrom</code> and <code>denyfile</code>. +<p> +When using <code>allowfrom</code> and <code>denyfrom</code> then the IP addresses to allow or deny connections are - stated in /etc/crossroads.conf. + stated in /etc/crossroads.conf. When using <code>allowfile</code> and + <code>denyfile</code> the allow or deny connections are stated in a + separate file. <p> When <code>allow*</code> directives are used, then all connections are denied unless they match the stated allowed IP's. When <code>deny*</code> directives @@ -1201,11 +1205,12 @@ The statements <code>allowfrom</code> and <code>denyfrom</code> are followed by files, is that Crossroads will reload the external files when it receives signal 1 (<code>SIGHUP</code>), as in <code>killall -1 crossroads</code>. <p> -The filter specifications must obey the following syntax: it - consists of up to +The filter specifications must obey the following syntax: they + are series of space-separated strings, consisting of up to four numbers ranging from 0 to 255 and separated by a decimal sign. Optionally a slash follows, with a bitmask which is also a - decimal number. + decimal number. For example, <code>127.0.0/24 10/8 192.168.2.1</code> is a + setting that consists of three specifiers. <p> This is probably best explained by a few examples: <p> @@ -1218,7 +1223,8 @@ This is probably best explained by a few examples: from e.g. 10.1.1.1 and 10.2.3.4 will be allowed. <p> <li> <code>allowfrom 10.3/16;</code> will allow all IP addresses that - start with <code>10.3</code>. + start with <code>10.3</code>. The first 16 bits (i.e., the first 2 + numbers) are significant, the rest doesn't matter. <p> <li> <code>allowfrom 10.3.1/16;</code> is the same as above. The third byte of the IP address is superfluous because the netmask @@ -1236,6 +1242,21 @@ This is probably best explained by a few examples: <li> <code>allowfile /tmp/myfile.txt;</code> in combination with a file <code>/tmp/myfile.txt</code>, with the contents <code>10.3.1.15 10.2/16</code>, is the same as above.</ul> +<p> +When using ttt(allowfrom) and <code>denyfrom</code>, separate specifiers + can be stated in one statement (separated by whitespace), or the + whole statement can be repeated. E.g., the following two + alternatives have the same effect: +<p> +<pre> +/* Alternative 1: */ +allowfrom 10/8 192.168.1/24; + +/* Alternative 2: */ +allowfrom 10/8; +allowfrom 192.168.1.24; +</pre> + <p><dt><strong>Syntax:</strong><dd> <ul> <li> <code>allowfrom</code> <em>filter-specificication(s)</em> <li> <code>denyfrom</code> <em>filter-specificication(s)</em> diff --git a/doc/crossroads.pdf b/doc/crossroads.pdf Binary files differ. diff --git a/doc/main/conf/allow.yo b/doc/main/conf/allow.yo @@ -2,9 +2,13 @@ conf(allow* and deny* - Allowing or denying connections) (Crossroads can allow or deny connections based on the IP address of a client. There are four directives that are relevant: tt(allowfrom), tt(allowfile), - tt(denyfrom) and tt(denyfile). When using tt(allowfrom) and + tt(denyfrom) and tt(denyfile). + + When using tt(allowfrom) and tt(denyfrom) then the IP addresses to allow or deny connections are - stated in DEFAULTCONF(). + stated in DEFAULTCONF(). When using tt(allowfile) and + tt(denyfile) the allow or deny connections are stated in a + separate file. When tt(allow*) directives are used, then all connections are denied unless they match the stated allowed IP's. When tt(deny*) directives @@ -22,11 +26,12 @@ conf(allow* and deny* - Allowing or denying connections) files, is that Crossroads will reload the external files when it receives signal 1 (tt(SIGHUP)), as in tt(killall -1 crossroads). - The filter specifications must obey the following syntax: it - consists of up to + The filter specifications must obey the following syntax: they + are series of space-separated strings, consisting of up to four numbers ranging from 0 to 255 and separated by a decimal sign. Optionally a slash follows, with a bitmask which is also a - decimal number. + decimal number. For example, tt(127.0.0/24 10/8 192.168.2.1) is a + setting that consists of three specifiers. This is probably best explained by a few examples: @@ -39,7 +44,8 @@ conf(allow* and deny* - Allowing or denying connections) from e.g. 10.1.1.1 and 10.2.3.4 will be allowed. it() tt(allowfrom 10.3/16;) will allow all IP addresses that - start with tt(10.3). + start with tt(10.3). The first 16 bits (i.e., the first 2 + numbers) are significant, the rest doesn't matter. it() tt(allowfrom 10.3.1/16;) is the same as above. The third byte of the IP address is superfluous because the netmask @@ -56,7 +62,20 @@ conf(allow* and deny* - Allowing or denying connections) it() tt(allowfile /tmp/myfile.txt;) in combination with a file tt(/tmp/myfile.txt), with the contents tt(10.3.1.15 10.2/16), - is the same as above.)) + is the same as above.) + + When using ttt(allowfrom) and tt(denyfrom), separate specifiers + can be stated in one statement (separated by whitespace), or the + whole statement can be repeated. E.g., the following two + alternatives have the same effect: + + verb(\ +/* Alternative 1: */ +allowfrom 10/8 192.168.1/24; + +/* Alternative 2: */ +allowfrom 10/8; +allowfrom 192.168.1.24;)) (itemization( it() tt(allowfrom) em(filter-specificication(s)) it() tt(denyfrom) em(filter-specificication(s)) diff --git a/etc/Makefile.def b/etc/Makefile.def @@ -6,7 +6,7 @@ # Versioning. This defines the overall version ID and must match the topmost # entry in the ChangeLog. -VER = 1.60 +VER = 1.61 # Years that Crossroads has been 'round. YEARS = 2005-2007 diff --git a/etc/svnrev.txt b/etc/svnrev.txt @@ -1 +1 @@ -198 +200 diff --git a/src/crossroads-daemon/main.c b/src/crossroads-daemon/main.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/crossroads.h b/src/crossroads.h @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ @@ -305,6 +305,7 @@ EXTERN Service *activeservice; /* target service of a daemon */ EXTERN unsigned char *clbuf; /* client socket input buffer */ EXTERN int clbufpos, clbufmax; /* .. position & bytes */ EXTERN char *client_ip; /* connected client */ +EXTERN unsigned client_ip_nr; /* .. and in reversed octets form */ EXTERN char *config_file; /* config to parse */ EXTERN int current_backend; /* of a given service */ EXTERN int daemonized; /* are we forked off yet */ diff --git a/src/crossroads/main.c b/src/crossroads/main.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/allocreporter.c b/src/lib/allocreporter.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/ansistamp.c b/src/lib/ansistamp.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/backendavailable.c b/src/lib/backendavailable.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/backendconnect.c b/src/lib/backendconnect.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/backendcount.c b/src/lib/backendcount.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/choosebackend.c b/src/lib/choosebackend.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/configread.c b/src/lib/configread.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/configtest.c b/src/lib/configtest.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/configwrite.c b/src/lib/configwrite.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/copysockets.c b/src/lib/copysockets.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/createcommandlinespace.c b/src/lib/createcommandlinespace.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/data.c b/src/lib/data.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/deallocreporter.c b/src/lib/deallocreporter.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/decrclientcount.c b/src/lib/decrclientcount.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/dns.c b/src/lib/dns.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/error.c b/src/lib/error.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/forktcpservicer.c b/src/lib/forktcpservicer.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/hashpjw.c b/src/lib/hashpjw.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpcopy.c b/src/lib/httpcopy.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httperror.c b/src/lib/httperror.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderaddheader.c b/src/lib/httpheaderaddheader.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderappendheader.c b/src/lib/httpheaderappendheader.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderconnectiontype.c b/src/lib/httpheaderconnectiontype.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderfree.c b/src/lib/httpheaderfree.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderhascookie.c b/src/lib/httpheaderhascookie.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderhttpver.c b/src/lib/httpheaderhttpver.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheadernew.c b/src/lib/httpheadernew.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderread.c b/src/lib/httpheaderread.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderremoveheader.c b/src/lib/httpheaderremoveheader.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheadersetheader.c b/src/lib/httpheadersetheader.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderval.c b/src/lib/httpheaderval.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpheaderwrite.c b/src/lib/httpheaderwrite.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpinsertheader.c b/src/lib/httpinsertheader.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpserve.c b/src/lib/httpserve.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpserversocket.c b/src/lib/httpserversocket.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/httpwrite.c b/src/lib/httpwrite.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/incrclientcount.c b/src/lib/incrclientcount.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/initsockaddr.c b/src/lib/initsockaddr.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/interrupt.c b/src/lib/interrupt.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/ipfaddallow.c b/src/lib/ipfaddallow.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/ipfadddeny.c b/src/lib/ipfadddeny.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/ipfallowed.c b/src/lib/ipfallowed.c @@ -1,22 +1,33 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ + #include "../crossroads.h" int ipf_allowed () { int i; /* Always allow a connection when we ddon't have an allow list. */ - if (! activeservice->allowchain) + if (! activeservice->allowchain) { + msg ("Service %s: No allow chain (allowing client)", + activeservice->name); return (1); + } /* Try all in the chain. */ - for (i = 0; i < activeservice->nallowchain; i++) - if (ipf_match (activeservice->allowchain[i])) + for (i = 0; i < activeservice->nallowchain; i++) { + msg ("Service %s: Testing allow rule %d", activeservice->name, i); + if (ipf_match (activeservice->allowchain[i])) { + msg ("Service %s: Allowing client (rule %d)", + activeservice->name, i); return (1); + } + } /* Allow chain doesn't match */ + msg ("Service %s: Not allowing client due to non-match of allow chain", + activeservice->name); return (0); } diff --git a/src/lib/ipfdenied.c b/src/lib/ipfdenied.c @@ -1,22 +1,33 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ + #include "../crossroads.h" int ipf_denied () { int i; /* Never deny a connection when we don't have a deny list. */ - if (! activeservice->denychain) + if (! activeservice->denychain) { + msg ("Service %s: No deny chain (not denying client)", + activeservice->name); return (0); + } /* Try all in the chain. */ - for (i = 0; i < activeservice->ndenychain; i++) - if (ipf_match (activeservice->denychain[i])) + for (i = 0; i < activeservice->ndenychain; i++) { + msg ("Service %s: Testing deny rule %d", activeservice->name, i); + if (ipf_match (activeservice->denychain[i])) { + msg ("Service %s: Denying client (rule %d)", + activeservice->name, i); return (1); - + } + } + /* Deny chain doesn't match */ + msg ("Service %s: Not denying client, no deny rule matches", + activeservice->name); return (0); } diff --git a/src/lib/ipfloadfile.c b/src/lib/ipfloadfile.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/ipfmatch.c b/src/lib/ipfmatch.c @@ -1,43 +1,21 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ + #include "../crossroads.h" int ipf_match (IpFilter f) { - static int client_ip_nr; - int counter, val; - char *tmp, *cp; + unsigned f_ip_and_mask = f.ip & f.mask; + unsigned c_ip_and_mask = client_ip_nr & f.mask; + unsigned res = f_ip_and_mask == c_ip_and_mask; - /* Build up the actual client IP as an int. - * We need to do this in reverse order; e.g. 1.2.3.4 needs to become - * 4<<24 | 3<<16 | 2<<8 | 1. Reason is that when mask /16 applies, - * we can OR this value with 16, and we'll keep 2<<8 | 1, the only - * significant digits. */ - if (!client_ip_nr) { - tmp = xstrdup (client_ip); - counter = 0; - for (counter = 0, cp = strtok (tmp, "."); - cp; - counter += 8, cp = strtok (0, ".")) { - if (sscanf (cp, "%d", &val) < 1) { - free (tmp); - return (1); - } - val <<= counter; - client_ip_nr |= val; - /* msg ("ipf_match: val 0x%x, client_ip_nr 0x%x", - * val, client_ip_nr); */ - } - } - free (tmp); - - /* Here's the comparison. */ - /* msg ("ipf_match: filter ip/mask 0x%x/0x%x, " - * "filter res 0x%x, client res 0x%x", - * f.ip, f.mask, - * (f.ip & f.mask), (client_ip_nr & f.mask)); - */ - return ( (f.ip & f.mask) == (client_ip_nr & f.mask) ); + msg ("Service %s: IP match: filter IP 0x%8.8x/0x%8.8x (0x%8.8x), " + "client IP 0x%8.8x/0x%8.8x (0x%8.8x), comparison %d", + activeservice->name, + f.ip, f.mask, f_ip_and_mask, + client_ip_nr, f.mask, c_ip_and_mask, + res); + return (res); } diff --git a/src/lib/ipfparse.c b/src/lib/ipfparse.c @@ -1,20 +1,21 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ + #include "../crossroads.h" int ipf_parse (char const *val, IpFilter *res) { - char *str, *cp; + char *str, *cp, *last = (char *) ipf_parse; int counter, nr, i; memset (res, 0, sizeof(IpFilter)); str = xstrdup (val); - for (counter = 0, cp = strtok (str, "."); + for (counter = 0, cp = strtok_r (str, ".", &last); cp; - counter += 8, cp = strtok (0, ".")) { + counter += 8, cp = strtok_r (0, ".", &last)) { if (counter > 24) { warning ("Invalid IP filter specifier '%s' " "(too many network bytes)", val); diff --git a/src/lib/ishexdigit.c b/src/lib/ishexdigit.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/isspace.c b/src/lib/isspace.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/lexer.c b/src/lib/lexer.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/lockreporter.c b/src/lib/lockreporter.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/logactivityany.c b/src/lib/logactivityany.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/logactivitycontinuation.c b/src/lib/logactivitycontinuation.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/logactivityend.c b/src/lib/logactivityend.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/logactivitystart.c b/src/lib/logactivitystart.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/makesocket.c b/src/lib/makesocket.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/markactivity.c b/src/lib/markactivity.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/msg.c b/src/lib/msg.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/msgdumpbuf.c b/src/lib/msgdumpbuf.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/netbuffer.c b/src/lib/netbuffer.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/netbufread.c b/src/lib/netbufread.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/netcopy.c b/src/lib/netcopy.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/netread.c b/src/lib/netread.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/netwrite.c b/src/lib/netwrite.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parser.c b/src/lib/parser.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ @@ -164,9 +164,12 @@ static int portpart (char const *what) { /* Add a list of IP filters to the allowlist or the denylist */ static void add_any (char *what, int chain) { - char *item; + char *item, *last = (char*) add_any; int result; - for (item = strtok (what, " "); item; item = strtok (0, " ")) { + + for (item = strtok_r (what, " ", &last); + item; + item = strtok_r (0, " ", &last)) { if (chain) result = ipf_add_allow (&cur_service, item); else @@ -314,21 +317,21 @@ static const short yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const short yyrline[] = { - 0, 155, 158, 162, 222, 227, 238, 241, 245, 250, - 256, 262, 268, 278, 286, 293, 299, 305, 311, 317, - 323, 329, 335, 341, 347, 353, 360, 535, 547, 559, - 568, 575, 580, 593, 597, 603, 612, 614, 616, 620, - 637, 644, 654, 663, 667, 671, 675, 679, 683, 687, - 691, 697, 709, 718, 736, 754, 756, 760, 769, 781, - 793, 805, 817, 829, 834, 838, 844, 856, 861, 865, - 871, 883, 895, 907, 919, 928, 938, 950, 958, 964, - 971, 976, 981, 986, 991, 996, 1001, 1006, 1011, 1016, - 1021, 1026, 1031, 1036, 1041, 1046, 1051, 1056, 1061, 1066, - 1073, 1086, 1098, 1110, 1116, 1128, 1140, 1145, 1149, 1153, - 1159, 1171, 1183, 1195, 1207, 1219, 1228, 1237, 1249, 1258, - 1270, 1282, 1294, 1306, 1318, 1330, 1339, 1344, 1349, 1354, - 1359, 1364, 1369, 1374, 1379, 1384, 1389, 1394, 1399, 1404, - 1409, 1414, 1419, 1424, 1429, 1434 + 0, 158, 161, 165, 225, 230, 241, 244, 248, 253, + 259, 265, 271, 281, 289, 296, 302, 308, 314, 320, + 326, 332, 338, 344, 350, 356, 363, 538, 550, 562, + 571, 578, 583, 596, 600, 606, 615, 617, 619, 623, + 640, 647, 657, 666, 670, 674, 678, 682, 686, 690, + 694, 700, 712, 721, 739, 757, 759, 763, 772, 784, + 796, 808, 820, 832, 837, 841, 847, 859, 864, 868, + 874, 886, 898, 910, 922, 931, 941, 953, 961, 967, + 974, 979, 984, 989, 994, 999, 1004, 1009, 1014, 1019, + 1024, 1029, 1034, 1039, 1044, 1049, 1054, 1059, 1064, 1069, + 1076, 1089, 1101, 1113, 1119, 1131, 1143, 1148, 1152, 1156, + 1162, 1174, 1186, 1198, 1210, 1222, 1231, 1240, 1252, 1261, + 1273, 1285, 1297, 1309, 1321, 1333, 1342, 1347, 1352, 1357, + 1362, 1367, 1372, 1377, 1382, 1387, 1392, 1397, 1402, 1407, + 1412, 1417, 1422, 1427, 1432, 1437 }; #endif @@ -1265,7 +1268,7 @@ yyreduce: switch (yyn) { case 3: -#line 167 "parser.y" +#line 170 "parser.y" { /* Check for port duplicates, bindto duplicates */ for (i = 0; i < nservice; i++) { @@ -1321,7 +1324,7 @@ case 3: ; break;} case 5: -#line 229 "parser.y" +#line 232 "parser.y" { psmsg ("service:", SYMBOL); for (i = 0; i < nservice; i++) @@ -1331,7 +1334,7 @@ case 5: ; break;} case 9: -#line 251 "parser.y" +#line 254 "parser.y" { pimsg ("sevice port:", yyvsp[0].set[0].v.ival); cur_service.port = yyvsp[0].set[0].v.ival; @@ -1339,7 +1342,7 @@ case 9: ; break;} case 10: -#line 257 "parser.y" +#line 260 "parser.y" { psmsg ("service binding:", yyvsp[0].set[0].v.sval); cur_service.bind = yyvsp[0].set[0].v.sval; @@ -1347,7 +1350,7 @@ case 10: ; break;} case 11: -#line 263 "parser.y" +#line 266 "parser.y" { pimsg ("service verbosity:", yyvsp[0].set[0].v.ival); cur_service.verbosity = yyvsp[0].set[0].v.ival; @@ -1355,7 +1358,7 @@ case 11: ; break;} case 12: -#line 269 "parser.y" +#line 272 "parser.y" { pimsg ("service dispatch mode:", yyvsp[0].set[0].v.ival); pimsg ("service dispatch over:", lastovernr); @@ -1367,7 +1370,7 @@ case 12: ; break;} case 13: -#line 279 "parser.y" +#line 282 "parser.y" { pimsg ("service revival interval:", yyvsp[0].set[0].v.ival); psmsg ("service revival cmd:", yyvsp[0].set[1].v.sval); @@ -1377,7 +1380,7 @@ case 13: ; break;} case 14: -#line 287 "parser.y" +#line 290 "parser.y" { pimsg ("service check interval:", yyvsp[0].set[0].v.ival); psmsg ("service check cmd:", yyvsp[0].set[1].v.sval); @@ -1386,7 +1389,7 @@ case 14: ; break;} case 15: -#line 294 "parser.y" +#line 297 "parser.y" { pimsg ("service backlog:", yyvsp[0].set[0].v.ival); cur_service.backlog = yyvsp[0].set[0].v.ival; @@ -1394,7 +1397,7 @@ case 15: ; break;} case 16: -#line 300 "parser.y" +#line 303 "parser.y" { pimsg ("service shmkey:", yyvsp[0].set[0].v.ival); cur_service.shmkey = yyvsp[0].set[0].v.ival; @@ -1402,7 +1405,7 @@ case 16: ; break;} case 17: -#line 306 "parser.y" +#line 309 "parser.y" { pimsg ("connection timout:", yyvsp[0].set[0].v.ival); cur_service.connectiontimeout = yyvsp[0].set[0].v.ival; @@ -1410,7 +1413,7 @@ case 17: ; break;} case 18: -#line 312 "parser.y" +#line 315 "parser.y" { pimsg ("max clients in service:", yyvsp[0].set[0].v.ival); cur_service.maxconnections = yyvsp[0].set[0].v.ival; @@ -1418,7 +1421,7 @@ case 18: ; break;} case 19: -#line 318 "parser.y" +#line 321 "parser.y" { pimsg ("service type: ", yyvsp[0].set[0].v.ival); cur_service.type = yyvsp[0].set[0].v.ival; @@ -1426,7 +1429,7 @@ case 19: ; break;} case 20: -#line 324 "parser.y" +#line 327 "parser.y" { pimsg ("service header inspection: ", yyvsp[0].set[0].v.ival); cur_service.inspection = yyvsp[0].set[0].v.ival; @@ -1434,7 +1437,7 @@ case 20: ; break;} case 21: -#line 330 "parser.y" +#line 333 "parser.y" { psmsg ("allow from: ", yyvsp[0].set[0].v.sval); add_allowfrom (yyvsp[0].set[0].v.sval); @@ -1442,7 +1445,7 @@ case 21: ; break;} case 22: -#line 336 "parser.y" +#line 339 "parser.y" { psmsg ("allow file: ", yyvsp[0].set[0].v.sval); cur_service.allowfile = yyvsp[0].set[0].v.sval; @@ -1450,7 +1453,7 @@ case 22: ; break;} case 23: -#line 342 "parser.y" +#line 345 "parser.y" { psmsg ("deny from: ", yyvsp[0].set[0].v.sval); add_denyfrom (yyvsp[0].set[0].v.sval); @@ -1458,7 +1461,7 @@ case 23: ; break;} case 24: -#line 348 "parser.y" +#line 351 "parser.y" { psmsg ("deny file: ", yyvsp[0].set[0].v.sval); cur_service.denyfile = yyvsp[0].set[0].v.sval; @@ -1466,7 +1469,7 @@ case 24: ; break;} case 25: -#line 354 "parser.y" +#line 357 "parser.y" { psmsg ("user account: ", yyvsp[0].set[0].v.sval); setuseraccount (yyvsp[0].set[0].v.sval); @@ -1475,7 +1478,7 @@ case 25: ; break;} case 26: -#line 361 "parser.y" +#line 364 "parser.y" { pimsg ("converting backend statements, count is", yyvsp[0].n); for (i = 0; i < yyvsp[0].n; i++) @@ -1650,7 +1653,7 @@ case 26: ; break;} case 27: -#line 538 "parser.y" +#line 541 "parser.y" { pimsg ("port statement:", lastnr); yyval.n = 1; @@ -1660,7 +1663,7 @@ case 27: ; break;} case 28: -#line 550 "parser.y" +#line 553 "parser.y" { psmsg ("bindto statement:", laststr); yyval.n = 1; @@ -1670,7 +1673,7 @@ case 28: ; break;} case 29: -#line 561 "parser.y" +#line 564 "parser.y" { setlaststr (laststring); free (laststring); @@ -1678,13 +1681,13 @@ case 29: ; break;} case 30: -#line 570 "parser.y" +#line 573 "parser.y" { setlastnr (SYMBOL); ; break;} case 32: -#line 584 "parser.y" +#line 587 "parser.y" { pimsg ("verbosity statement:", lastnr); yyval.n = 1; @@ -1694,25 +1697,25 @@ case 32: ; break;} case 33: -#line 594 "parser.y" +#line 597 "parser.y" { lastnr = 1; ; break;} case 34: -#line 598 "parser.y" +#line 601 "parser.y" { lastnr = 0; ; break;} case 35: -#line 607 "parser.y" +#line 610 "parser.y" { yyval = yyvsp[-2]; ; break;} case 39: -#line 622 "parser.y" +#line 625 "parser.y" { pimsg ("dispatch mode statement:", lastnr); yyval.n = 1; @@ -1728,13 +1731,13 @@ case 39: ; break;} case 40: -#line 639 "parser.y" +#line 642 "parser.y" { setlastovernr (SYMBOL); ; break;} case 41: -#line 645 "parser.y" +#line 648 "parser.y" { psmsg ("external handler:", laststr); if (lastnr != ds_externalhandler) @@ -1744,7 +1747,7 @@ case 41: ; break;} case 42: -#line 656 "parser.y" +#line 659 "parser.y" { yyval.n = 1; yyval.set = xmalloc (sizeof(Confset)); @@ -1752,55 +1755,55 @@ case 42: ; break;} case 43: -#line 664 "parser.y" +#line 667 "parser.y" { lastnr = ds_roundrobin; ; break;} case 44: -#line 668 "parser.y" +#line 671 "parser.y" { lastnr = ds_random; ; break;} case 45: -#line 672 "parser.y" +#line 675 "parser.y" { lastnr = ds_byduration; ; break;} case 46: -#line 676 "parser.y" +#line 679 "parser.y" { lastnr = ds_bysize; ; break;} case 47: -#line 680 "parser.y" +#line 683 "parser.y" { lastnr = ds_byorder; ; break;} case 48: -#line 684 "parser.y" +#line 687 "parser.y" { lastnr = ds_byconnections; ; break;} case 49: -#line 688 "parser.y" +#line 691 "parser.y" { lastnr = ds_externalhandler; ; break;} case 50: -#line 692 "parser.y" +#line 695 "parser.y" { lastnr = ds_byclientip; ; break;} case 51: -#line 700 "parser.y" +#line 703 "parser.y" { psmsg ("user account statement:", laststr); yyval.n = 1; @@ -1810,7 +1813,7 @@ case 51: ; break;} case 52: -#line 711 "parser.y" +#line 714 "parser.y" { setlaststr (laststring); free (laststring); @@ -1818,7 +1821,7 @@ case 52: ; break;} case 53: -#line 722 "parser.y" +#line 725 "parser.y" { pimsg ("reviving interval statement:", lastnr); yyval.n = 2; @@ -1833,7 +1836,7 @@ case 53: ; break;} case 54: -#line 740 "parser.y" +#line 743 "parser.y" { pimsg ("check interval:", lastnr); yyval.n = 2; @@ -1848,7 +1851,7 @@ case 54: ; break;} case 57: -#line 762 "parser.y" +#line 765 "parser.y" { yyval.n = 1; yyval.set = xmalloc (sizeof(Confset)); @@ -1856,7 +1859,7 @@ case 57: ; break;} case 58: -#line 772 "parser.y" +#line 775 "parser.y" { pimsg ("backlog statement:", lastnr); yyval.n = 1; @@ -1866,7 +1869,7 @@ case 58: ; break;} case 59: -#line 784 "parser.y" +#line 787 "parser.y" { pimsg ("shmkey statement:", lastnr); yyval.n = 1; @@ -1876,7 +1879,7 @@ case 59: ; break;} case 60: -#line 796 "parser.y" +#line 799 "parser.y" { pimsg ("connection timeout statement:", lastnr); yyval.n = 1; @@ -1886,7 +1889,7 @@ case 60: ; break;} case 61: -#line 808 "parser.y" +#line 811 "parser.y" { pimsg ("max clients statement (service):", lastnr); yyval.n = 1; @@ -1896,7 +1899,7 @@ case 61: ; break;} case 62: -#line 820 "parser.y" +#line 823 "parser.y" { pimsg ("service type:", lastnr); yyval.n = 1; @@ -1906,19 +1909,19 @@ case 62: ; break;} case 64: -#line 835 "parser.y" +#line 838 "parser.y" { lastnr = type_any; ; break;} case 65: -#line 839 "parser.y" +#line 842 "parser.y" { lastnr = type_http; ; break;} case 66: -#line 847 "parser.y" +#line 850 "parser.y" { pimsg ("service header inspection: ", lastnr); yyval.n = 1; @@ -1928,19 +1931,19 @@ case 66: ; break;} case 68: -#line 862 "parser.y" +#line 865 "parser.y" { lastnr = ins_deep; ; break;} case 69: -#line 866 "parser.y" +#line 869 "parser.y" { lastnr = ins_shallow; ; break;} case 70: -#line 874 "parser.y" +#line 877 "parser.y" { psmsg ("allow from: ", laststr); yyval.n = 1; @@ -1950,7 +1953,7 @@ case 70: ; break;} case 71: -#line 886 "parser.y" +#line 889 "parser.y" { psmsg ("allow from: ", laststr); yyval.n = 1; @@ -1960,7 +1963,7 @@ case 71: ; break;} case 72: -#line 898 "parser.y" +#line 901 "parser.y" { psmsg ("allow file: ", laststr); yyval.n = 1; @@ -1970,7 +1973,7 @@ case 72: ; break;} case 73: -#line 910 "parser.y" +#line 913 "parser.y" { psmsg ("allow file: ", laststr); yyval.n = 1; @@ -1980,7 +1983,7 @@ case 73: ; break;} case 74: -#line 921 "parser.y" +#line 924 "parser.y" { setlaststr (laststring); free (laststring); @@ -1988,13 +1991,13 @@ case 74: ; break;} case 75: -#line 933 "parser.y" +#line 936 "parser.y" { yyval = yyvsp[-1]; ; break;} case 76: -#line 940 "parser.y" +#line 943 "parser.y" { psmsg ("backend name:", SYMBOL); for (i = 0; i < cur_service.nbackend; i++) @@ -2005,7 +2008,7 @@ case 76: ; break;} case 77: -#line 952 "parser.y" +#line 955 "parser.y" { yyvsp[-1].n++; yyvsp[-1].set = xrealloc (yyvsp[-1].set, yyvsp[-1].n * sizeof(Confset)); @@ -2014,159 +2017,159 @@ case 77: ; break;} case 78: -#line 959 "parser.y" +#line 962 "parser.y" { yyval = yyvsp[0]; ; break;} case 79: -#line 966 "parser.y" +#line 969 "parser.y" { yyval = yyvsp[0]; ; break;} case 80: -#line 972 "parser.y" +#line 975 "parser.y" { psmsg ("backend server:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 81: -#line 977 "parser.y" +#line 980 "parser.y" { pimsg ("backend port:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 82: -#line 982 "parser.y" +#line 985 "parser.y" { pimsg ("backend verbosity:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 83: -#line 987 "parser.y" +#line 990 "parser.y" { psmsg ("backend onstart:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 84: -#line 992 "parser.y" +#line 995 "parser.y" { psmsg ("backend onend:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 85: -#line 997 "parser.y" +#line 1000 "parser.y" { psmsg ("backend onfail:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 86: -#line 1002 "parser.y" +#line 1005 "parser.y" { psmsg ("backend trafficlog:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 87: -#line 1007 "parser.y" +#line 1010 "parser.y" { psmsg ("backend trafficlog:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 88: -#line 1012 "parser.y" +#line 1015 "parser.y" { pimsg ("backend weight:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 89: -#line 1017 "parser.y" +#line 1020 "parser.y" { pimsg ("backend decay:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 90: -#line 1022 "parser.y" +#line 1025 "parser.y" { pimsg ("backend maxconnections:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 91: -#line 1027 "parser.y" +#line 1030 "parser.y" { psmsg ("backend sticky cookie:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 92: -#line 1032 "parser.y" +#line 1035 "parser.y" { psmsg ("addclientheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 93: -#line 1037 "parser.y" +#line 1040 "parser.y" { psmsg ("setclientheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 94: -#line 1042 "parser.y" +#line 1045 "parser.y" { psmsg ("appendclientheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 95: -#line 1047 "parser.y" +#line 1050 "parser.y" { psmsg ("addserverheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 96: -#line 1052 "parser.y" +#line 1055 "parser.y" { psmsg ("setserverheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 97: -#line 1057 "parser.y" +#line 1060 "parser.y" { psmsg ("appendserverheader:", yyvsp[0].set[0].v.sval); yyval = yyvsp[0]; ; break;} case 98: -#line 1062 "parser.y" +#line 1065 "parser.y" { pimsg ("backend retries:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 99: -#line 1067 "parser.y" +#line 1070 "parser.y" { pimsg ("backend state:", yyvsp[0].set[0].v.ival); yyval = yyvsp[0]; ; break;} case 100: -#line 1077 "parser.y" +#line 1080 "parser.y" { psmsg ("server statement:", laststr); yyval.n = 1; @@ -2176,7 +2179,7 @@ case 100: ; break;} case 101: -#line 1089 "parser.y" +#line 1092 "parser.y" { pimsg ("weight statement", lastnr); yyval.n = 1; @@ -2186,7 +2189,7 @@ case 101: ; break;} case 102: -#line 1101 "parser.y" +#line 1104 "parser.y" { pimsg ("decay statement", lastnr); yyval.n = 1; @@ -2196,13 +2199,13 @@ case 102: ; break;} case 103: -#line 1111 "parser.y" +#line 1114 "parser.y" { setlaststr (laststring); ; break;} case 104: -#line 1119 "parser.y" +#line 1122 "parser.y" { pimsg ("retries:", lastnr); yyval.n = 1; @@ -2212,7 +2215,7 @@ case 104: ; break;} case 105: -#line 1131 "parser.y" +#line 1134 "parser.y" { pimsg ("state:", lastnr); yyval.n = 1; @@ -2222,25 +2225,25 @@ case 105: ; break;} case 107: -#line 1146 "parser.y" +#line 1149 "parser.y" { lastnr = st_available; ; break;} case 108: -#line 1150 "parser.y" +#line 1153 "parser.y" { lastnr = st_unavailable; ; break;} case 109: -#line 1154 "parser.y" +#line 1157 "parser.y" { lastnr = st_down; ; break;} case 110: -#line 1162 "parser.y" +#line 1165 "parser.y" { psmsg ("onstart statement:", laststr); yyval.n = 1; @@ -2250,7 +2253,7 @@ case 110: ; break;} case 111: -#line 1174 "parser.y" +#line 1177 "parser.y" { psmsg ("onfail statement:", laststr); yyval.n = 1; @@ -2260,7 +2263,7 @@ case 111: ; break;} case 112: -#line 1186 "parser.y" +#line 1189 "parser.y" { psmsg ("onend statement:", laststr); yyval.n = 1; @@ -2270,7 +2273,7 @@ case 112: ; break;} case 113: -#line 1198 "parser.y" +#line 1201 "parser.y" { psmsg ("trafficlog statement:", laststr); yyval.n = 1; @@ -2280,7 +2283,7 @@ case 113: ; break;} case 114: -#line 1210 "parser.y" +#line 1213 "parser.y" { psmsg ("throughputlog statement:", laststr); yyval.n = 1; @@ -2290,7 +2293,7 @@ case 114: ; break;} case 115: -#line 1221 "parser.y" +#line 1224 "parser.y" { setlaststr (laststring); free (laststring); @@ -2298,7 +2301,7 @@ case 115: ; break;} case 116: -#line 1230 "parser.y" +#line 1233 "parser.y" { setlaststr (laststring); free (laststring); @@ -2306,7 +2309,7 @@ case 116: ; break;} case 117: -#line 1240 "parser.y" +#line 1243 "parser.y" { psmsg ("insertcookie statement:", laststr); yyval.n = 1; @@ -2316,7 +2319,7 @@ case 117: ; break;} case 118: -#line 1251 "parser.y" +#line 1254 "parser.y" { setlaststr (laststring); free (laststring); @@ -2324,7 +2327,7 @@ case 118: ; break;} case 119: -#line 1261 "parser.y" +#line 1264 "parser.y" { psmsg ("addclientheader statement:", laststr); yyval.n = 1; @@ -2334,7 +2337,7 @@ case 119: ; break;} case 120: -#line 1273 "parser.y" +#line 1276 "parser.y" { psmsg ("setclientheader statement:", laststr); yyval.n = 1; @@ -2344,7 +2347,7 @@ case 120: ; break;} case 121: -#line 1285 "parser.y" +#line 1288 "parser.y" { psmsg ("appendclientheader statement:", laststr); yyval.n = 1; @@ -2354,7 +2357,7 @@ case 121: ; break;} case 122: -#line 1297 "parser.y" +#line 1300 "parser.y" { psmsg ("addserverheader statement:", laststr); yyval.n = 1; @@ -2364,7 +2367,7 @@ case 122: ; break;} case 123: -#line 1309 "parser.y" +#line 1312 "parser.y" { psmsg ("setserverheader statement:", laststr); yyval.n = 1; @@ -2374,7 +2377,7 @@ case 123: ; break;} case 124: -#line 1321 "parser.y" +#line 1324 "parser.y" { psmsg ("appendserverheader statement:", laststr); yyval.n = 1; @@ -2384,7 +2387,7 @@ case 124: ; break;} case 125: -#line 1332 "parser.y" +#line 1335 "parser.y" { setlaststr (laststring); free (laststring); @@ -2392,121 +2395,121 @@ case 125: ; break;} case 126: -#line 1339 "parser.y" +#line 1342 "parser.y" { yyerrmsg = "HTTP header specifier expected"; ; break;} case 127: -#line 1344 "parser.y" +#line 1347 "parser.y" { yyerrmsg = "cookie specifier expected"; ; break;} case 128: -#line 1349 "parser.y" +#line 1352 "parser.y" { yyerrmsg = "number expected"; ; break;} case 129: -#line 1354 "parser.y" +#line 1357 "parser.y" { yyerrmsg = "hostname or IP address expected"; ; break;} case 130: -#line 1359 "parser.y" +#line 1362 "parser.y" { yyerrmsg = "'service' expected"; ; break;} case 131: -#line 1364 "parser.y" +#line 1367 "parser.y" { yyerrmsg = "backend definition statement expected"; ; break;} case 132: -#line 1369 "parser.y" +#line 1372 "parser.y" { yyerrmsg = "service body statement expected"; ; break;} case 133: -#line 1374 "parser.y" +#line 1377 "parser.y" { yyerrmsg = "semicolon (;) expected"; ; break;} case 134: -#line 1379 "parser.y" +#line 1382 "parser.y" { yyerrmsg = "'on' or 'off' expetcted"; ; break;} case 135: -#line 1384 "parser.y" +#line 1387 "parser.y" { yyerrmsg = "dispatch method expected"; ; break;} case 136: -#line 1389 "parser.y" +#line 1392 "parser.y" { yyerrmsg = "command line expected"; ; break;} case 137: -#line 1394 "parser.y" +#line 1397 "parser.y" { yyerrmsg = "file name expected"; ; break;} case 138: -#line 1399 "parser.y" +#line 1402 "parser.y" { yyerrmsg = "service name (identifier) expected"; ; break;} case 139: -#line 1404 "parser.y" +#line 1407 "parser.y" { yyerrmsg = "backend name (identifier) expected"; ; break;} case 140: -#line 1409 "parser.y" +#line 1412 "parser.y" { yyerrmsg = "IP address such as 1.2.3.4 or 'any' expected"; ; break;} case 141: -#line 1414 "parser.y" +#line 1417 "parser.y" { yyerrmsg = "Service type expected ('any', 'stickyhttp', ...)"; ; break;} case 142: -#line 1419 "parser.y" +#line 1422 "parser.y" { yyerrmsg = "Header inspection mode mode expected ('shallow' or 'deep')"; ; break;} case 143: -#line 1424 "parser.y" +#line 1427 "parser.y" { yyerrmsg = "IP filter(s) expected"; ; break;} case 144: -#line 1429 "parser.y" +#line 1432 "parser.y" { yyerrmsg = "username expected"; ; break;} case 145: -#line 1434 "parser.y" +#line 1437 "parser.y" { yyerrmsg = "state definition expected"; ; @@ -2744,4 +2747,4 @@ yyreturn: #endif return yyresult; } -#line 1438 "parser.y" +#line 1441 "parser.y" diff --git a/src/lib/parser.y b/src/lib/parser.y @@ -97,9 +97,12 @@ static int portpart (char const *what) { /* Add a list of IP filters to the allowlist or the denylist */ static void add_any (char *what, int chain) { - char *item; + char *item, *last = (char*) add_any; int result; - for (item = strtok (what, " "); item; item = strtok (0, " ")) { + + for (item = strtok_r (what, " ", &last); + item; + item = strtok_r (0, " ", &last)) { if (chain) result = ipf_add_allow (&cur_service, item); else diff --git a/src/lib/parserclose.c b/src/lib/parserclose.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parserfilename.c b/src/lib/parserfilename.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parserinput.c b/src/lib/parserinput.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parseropen.c b/src/lib/parseropen.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parserrun.c b/src/lib/parserrun.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parserskipchar.c b/src/lib/parserskipchar.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/parserskipline.c b/src/lib/parserskipline.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/restart.c b/src/lib/restart.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/runservice.c b/src/lib/runservice.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/serve.c b/src/lib/serve.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/setproctitle.c b/src/lib/setproctitle.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/showconfig.c b/src/lib/showconfig.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/showservices.c b/src/lib/showservices.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/showstatus.c b/src/lib/showstatus.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/stagetostring.c b/src/lib/stagetostring.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/statetostring.c b/src/lib/statetostring.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/stopdaemon.c b/src/lib/stopdaemon.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strcasestr.c b/src/lib/strcasestr.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strexpandformat.c b/src/lib/strexpandformat.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/stringtostate.c b/src/lib/stringtostate.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strlcat.c b/src/lib/strlcat.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strprintf.c b/src/lib/strprintf.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strupr.c b/src/lib/strupr.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/strvprintf.c b/src/lib/strvprintf.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/symtabend.c b/src/lib/symtabend.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/symtablookup.c b/src/lib/symtablookup.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/symtabset.c b/src/lib/symtabset.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/symtabstart.c b/src/lib/symtabstart.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/sysrun.c b/src/lib/sysrun.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/tcpserve.c b/src/lib/tcpserve.c @@ -1,18 +1,21 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ + #include "../crossroads.h" void tcpserve (int server_sock) { fd_set set; - int backend_sock, new, size, i, pid, backend_selected; + int backend_sock, new, size, i, pid, backend_selected, counter; + unsigned octet; + char *tmp, *cp, *last = (char *) tcpserve; struct sockaddr_in clientname; static int wakeup_started = 0; /* Set up our signal handlers. */ - if (!wakeup_started++) { + if (! wakeup_started++) { /* Interruption signals */ for (i = 0; relevant_sigs[i]; i++) signal (relevant_sigs[i], interrupt); @@ -107,6 +110,26 @@ void tcpserve (int server_sock) { client_ip = inet_ntoa (clientname.sin_addr); msg ("Service %s: connection from %s, socket %d", activeservice->name, client_ip, new); + /* Build up the actual client IP as an int. + * We need to do this in reverse order; e.g. 1.2.3.4 needs to become + * 4<<24 | 3<<16 | 2<<8 | 1. Reason is that when mask /16 applies, + * we can OR this value with 16, and we'll keep 2<<8 | 1, the only + * significant digits. */ + tmp = xstrdup (client_ip); + client_ip_nr = 0; + counter = 0; + for (counter = 0, cp = strtok_r (tmp, ".", &last); + cp; + counter += 8, cp = strtok_r (0, ".", &last)) { + if (sscanf (cp, "%u", &octet) > 0) { + client_ip_nr |= (octet << counter); + msg ("Service %s: Client IP part 0x%2.2x (%d), " + "hex client so far: 0x%8.8x", + activeservice->name, octet, octet, client_ip_nr); + } + } + free (tmp); + if (ipf_denied ()) { warning ("Service %s: %s matches deny list, " "terminating connection", activeservice->name, client_ip); diff --git a/src/lib/tellservice.c b/src/lib/tellservice.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/thruputlog.c b/src/lib/thruputlog.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/trafficlog.c b/src/lib/trafficlog.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/uidassume.c b/src/lib/uidassume.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/uidrestore.c b/src/lib/uidrestore.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/unlockreporter.c b/src/lib/unlockreporter.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/usage.c b/src/lib/usage.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/vsyslog.c b/src/lib/vsyslog.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/wakeuphandler.c b/src/lib/wakeuphandler.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/warning.c b/src/lib/warning.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/writelog.c b/src/lib/writelog.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xcalloc.c b/src/lib/xcalloc.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xmalloc.c b/src/lib/xmalloc.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xrealloc.c b/src/lib/xrealloc.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xstrcat.c b/src/lib/xstrcat.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xstrcatch.c b/src/lib/xstrcatch.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/src/lib/xstrdup.c b/src/lib/xstrdup.c @@ -1,5 +1,5 @@ /************************************************************************* - * This file is part of Crosroads 1.60, a load balancer and fail over + * This file is part of Crosroads 1.61, a load balancer and fail over * utility for TCP. Copyright (c) Karel Kubat, distributed under GPL. * Visit http://crossroads.e-tunity.com for information. *************************************************************************/ diff --git a/test/t20.conf b/test/t20.conf @@ -0,0 +1,14 @@ +/* Allow from test. Not used in the regression script, except that it must + * pass parsing. */ + +service ssh { + port 2222; + allowfrom 192.168.2.203 127/8; + // denyfrom 127.0.0.1; + verbose yes; + + backend a { + server localhost:22; + verbose yes; + } +}