reykfloeter – blog

From BSDCan to t2k13

Posted by
Reyk Floeter

Besides some discussions about PF and the networking stack itself, my main task for the hackathon turned out to be relayd(8). I finally finished the implementation to add support for SSL Inspection to relayd that allows to “transparently” intercept SSL connections and to filter them like normal unencrypted connections. This is especially useful for enforcing policies in a corporate network by running relayd as a transparent HTTP/HTTPS proxy.

I also worked with benno@ in the maintenance section by finding and fixing some known bugs. He is running relayd in production but is also doing a good job in handling bug reports from our lists and the OpenBSD community. I sometimes get some fame and talks for implementing new stuff, but benno@ deserves lots of fame for fixing all these tiny things in relayd and making it even more reliable. Regarding new stuff, during the n2k12 Hackathon in Starnberg, Bavaria, I started working on a new filtering subsystem for relayd and continued this work at t2k13. I basically ripped out the complete “protocol filters” that can filter and manipulate HTTP headers, and started reimplementing them from the beginning. The new filters will use a pf-like grammar and provide a much advanced flexibility. It will not even be limited to HTTP anymore as we are working on adding a few more application layer protocols to relayd. The reimplementation is also required to add some long demanded features, like support for path-based target selection on the load balancer - send all requests for /images to backend A, send all other requests to backend B.

The change is complex and quite intrusive but I’m doing it to move forward but not for the sake of changing things. Promised. You can watch my progress on the filters in an exported GIT repository outside of the OpenBSD tree. Also have a look at the example relayd.conf file that uses the new grammar and even the famous path-based target selection.

I had a great time at t2k13 and the location at the UofT (University of Toronto) was actually really good. Thanks to krw@ for being the host and organizing everything! Also lots of thanks to Ross from the UofT who supported us and even invited our bunch of wild developers to his house for the hackathon BBQ. That was amazing and even his whole family helped to have an excellent BBQ! After all, I spent almost a month in North America, far away from my home in Europe, and I enjoyed t2k13, the U.S. road trip, and BSDCan. It is always nice to meet other developers, users and the people from the BSD community. So see you at EuroBSDCon in Malta or at one of the next OpenBSD hackathons - If you want to get invited to a hackathon: simply stop slacking and contribute nice things for OpenBSD that interest other developers. OK?

Permalink, Source, Tags: blogOpenBSDt2k13hackathon