On Tue, Mar 08, 2011 at 01:00:48AM +0100, Alexander Bluhm wrote:
> On Mon, Mar 07, 2011 at 04:23:08PM -0700, Theo de Raadt wrote:
> > I do not think "splice" should be an option that is exposed to
> > users.
>
> That makes the diff much smaller.
Hmm, perhaps too small. There is a session timeout and relayctl
show sessions idle time. Relayd does not realize when the kernel
is transferring data automatically. It should check the splice
data length with getsockopt() periodically or when the timeout
fires.
bluhm
>
> ok?
>
>
> Index: usr.sbin/relayd/relay.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.128
> diff -u -p -r1.128 relay.c
> --- usr.sbin/relayd/relay.c 20 Dec 2010 12:38:06 -0000 1.128
> +++ usr.sbin/relayd/relay.c 7 Mar 2011 23:36:43 -0000
> @@ -2328,6 +2328,22 @@ relay_connect(struct rsession *con)
> return (-1);
> }
>
> + if (rlay->rl_proto->type == RELAY_PROTO_TCP &&
> + (rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) == 0) {
> + if (setsockopt(con->se_in.s, SOL_SOCKET, SO_SPLICE,
> + &con->se_out.s, sizeof(int)) == -1) {
> + log_debug("relay_connect: session %d: splice forward "
> + "failed: %s", con->se_id, strerror(errno));
> + return (-1);
> + }
> + if (setsockopt(con->se_out.s, SOL_SOCKET, SO_SPLICE,
> + &con->se_in.s, sizeof(int)) == -1) {
> + log_debug("relay_connect: session %d: splice backward "
> + "failed: %s", con->se_id, strerror(errno));
> + return (-1);
> + }
> + }
> +
> if (errno == EINPROGRESS)
> event_again(&con->se_ev, con->se_out.s, EV_WRITE|EV_TIMEOUT,
> relay_connected, &con->se_tv_start, &env->sc_timeout, con);
