With more than one redirect relayd does not restart.
It works the first time I start it. But I have to reboot if I kill
relayd to get it to start again.
I tried pfctl -Fall -f /etc/pf.conf and if I use the patch below it works...
Index: pfe_filter.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/pfe_filter.c,v
retrieving revision 1.23
diff -u -r1.23 pfe_filter.c
--- pfe_filter.c 31 Jan 2008 09:33:39 -0000 1.23
+++ pfe_filter.c 2 May 2008 02:42:30 -0000
@@ -134,7 +134,7 @@
sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
goto toolong;
if (ioctl(env->sc_pf->dev, DIOCRCLRTABLES, &io) == -1)
- fatal("kill_tables: ioctl faile: ioctl failed");
+ log_warn("kill_tables: deleted %d tables",
io.pfrio_ndel);
}
log_debug("kill_tables: deleted %d tables", io.pfrio_ndel);
return;
@@ -242,7 +242,7 @@
if (ioctl(env->sc_pf->dev, DIOCRCLRADDRS, &io) == -1)
fatal("flush_table: cannot flush table addresses");
if (ioctl(env->sc_pf->dev, DIOCRCLRTSTATS, &io) == -1)
- fatal("flush_table: cannot flush table stats");
+ log_warn("flush_table: cannot flush table stats");
log_debug("flush_table: flushed table %s", rdr->conf.name);
return;
relayd.conf:
interval 5
timeout 1000
table <www> { 192.168.133.2 }
table <wwwssl> { 192.168.133.2 }
redirect www {
listen on 192.168.132.2 port http interface fxp0
forward to <www> check http "/check.html" code 200
}
redirect www_ssl {
listen on 192.168.133.3 port https interface fxp0
forward to <wwwssl> check https "/check.html" code 200
}
first start
# relayd -d -v
startup
init_filter: filter init done
init_tables: created 2 tables
hce_notify_done: 192.168.133.2 (tcp_read_buf: check succeeded)
host 192.168.133.2, check http code (2ms), state unknown -> up,
availability 100.00%
pfe_dispatch_imsg: state 1 for host 2 192.168.133.2
hce_notify_done: 192.168.133.2 (tcp_write: connect timed out)
host 192.168.133.2, check http code use ssl (1010ms), state unknown ->
down, availability 0.00%
pfe_dispatch_imsg: state -1 for host 3 192.168.133.2
sync_table: table www: 1 added, 0 deleted, 0 changed
pfe_sync: enabling ruleset
sync_ruleset: rule added
hce_notify_done: 192.168.133.2 (tcp_read_buf: check succeeded)
hce_notify_done: 192.168.133.2 (ssl_read: check succeeded)
host 192.168.133.2, check http code use ssl (211ms), state down -> up,
availability 50.00%
pfe_dispatch_imsg: state 1 for host 3 192.168.133.2
^Chost check engine exiting
fatal: kill_tables: ioctl faile: ioctl failed: Invalid argument
terminating
second try:
# relayd -d -v
startup
init_filter: filter init done
init_tables: created 1 tables
fatal: flush_table: cannot flush table stats: Operation not supported by device
hce_notify_done: 192.168.133.2 (tcp_read_buf: check succeeded)
check_child: lost child: pf update engine exited
host 192.168.133.2, check http code (24ms), state unknown -> up,
availability 100.00%
host check engine exiting
terminating
with patch:
# /home/alex/relayd -d -v
startup
init_filter: filter init done
init_tables: created 0 tables
flush_table: cannot flush table stats: Operation not supported by device
flush_table: flushed table wwwssl
flush_table: cannot flush table stats: Operation not supported by device
flush_table: flushed table www
hce_notify_done: 192.168.133.2 (tcp_read_buf: check succeeded)
host 192.168.133.2, check http code (16ms), state unknown -> up,
availability 100.00%
pfe_dispatch_imsg: state 1 for host 2 192.168.133.2
hce_notify_done: 192.168.133.2 (ssl_read: check succeeded)
host 192.168.133.2, check http code use ssl (105ms), state unknown ->
up, availability 100.00%
pfe_dispatch_imsg: state 1 for host 3 192.168.133.2
sync_table: table wwwssl: 1 added, 0 deleted, 0 changed
pfe_sync: enabling ruleset
...
Ideas on how to really fix this?
