reestablish relayd
-
Hi all,
I would like to have the relayd back for some purposes and stated to work on the existing code to port it to openssl1.1.1.
I already have a compilable version running on my machine (freebsd 12),
need to test some things to make sure ssl is working.
I also added support for socket option dont_fragment, which was asked for in the original github section.
Would someone be interested in reintroducing it as a separate package with the "old" integration ?
I am not very familiar with packaging, but I would work on the code to make it stable.
The php integration is already present in the pfsense code and should be extracted to be in a separate package.
I did not take a look how deep the relayd was integrated in the core classe, but most of the stuff should be present
and needs to be re-packaged only.Marcus
-
I'm not sure if we'd be interested in bringing it back in. There were a few edge cases where it was useful, but mostly it was a source of problems for people who have been much, much happier using HAProxy for that role.
If it were packaged up and isolated to where it didn't require any extra libraries, we could maybe consider it.
Most of the built-in relayd code was taken out in this commit: https://github.com/pfsense/pfsense/commit/586c623a943f59486a461c1af9873dd6cc11a3b3
That would be a good starting point for identifying the code needed for making it a package.
-
I've modified the relayd implementation that currently requires to be statically linked to libressl in order to work.
It now compiles with openssl 1.1.1 and seems to work on basic cases.I wanted to create a package to test it further, but it isn't in the ports tree, so how can I include its binaries into a pfsense package?
-
I've compiled relayd on
'12.2-STABLE FreeBSD 12.2-STABLE r369445 GENERIC amd64and copied to pfSense, however i get this error:[2.5.0-RELEASE][admin@pfSense25.home.arpa]/root: /usr/local/sbin/relayd -df /var/etc/relayd.conf startup unused protocol: dnsproto host 192.168.56.1, check icmp (0ms), state unknown -> up, availability 100.00% table prova: 1 added, 0 deleted, 0 changed, 0 killed fatal: cannot add rule: Operation not supported by device hce exiting, pid 94294 lost child: pfe exited abnormally relay exiting, pid 94345 relay exiting, pid 94785 relay exiting, pid 94763 ca exiting, pid 94813 ca exiting, pid 94437 parent terminating, pid 93818rdr-anchor "relayd/*" allandanchor "relayd/*" allpresent in pf config.Any idea on how to fix this?
-
@xeba pls post the config you are working with. I did not test all features. This might give us a hint what type of action is not supported.
-
Seems to be pfSense related, since the same config works on FreeBSD.
I've compiled it on 12.2-STABLE, I don't know if it is possible to compile directly on pfSense, maybe that would solve the issue.This is the config:
log updates timeout 1000 table <provapool> { 192.168.56.1 } dns protocol "dnsproto" { tcp { nodelay, sack, socket buffer 1024, backlog 1000 } } redirect "prova" { listen on 192.168.0.38 port 7777 forward to <provapool> port 7776 check icmp }EDIT: The error seems to be generated at
pfe_filter.c:if (ioctl(env->sc_pf->dev, DIOCADDRULE, &rio) == -1) fatal("cannot add rule"); -
I'll try to compile it using this guide:
https://github.com/Augustin-FL/building-pfsense-iso-from-sourcebut I'ld like to avoid to compile the entire system.
Has any of you tried to compile a single port? -
@jimp said in reestablish relayd:
I'm not sure if we'd be interested in bringing it back in. There were a few edge cases where it was useful, but mostly it was a source of problems for people who have been much, much happier using HAProxy for that role.
If it were packaged up and isolated to where it didn't require any extra libraries, we could maybe consider it.
Most of the built-in relayd code was taken out in this commit: https://github.com/pfsense/pfsense/commit/586c623a943f59486a461c1af9873dd6cc11a3b3
That would be a good starting point for identifying the code needed for making it a package.I totally support your comment!
To get back to funny things, last night I watched a really good movie, just in case somebody is interested :D
Best regards
