CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2011/09/28 06:38:59
Modified files:
libexec/tftp-proxy: tftp-proxy.8 tftp-proxy.c
Log message:
tweak tftp-proxy to:
1. use a BINDANY socket to connect from the proxy to the server using the
clients address.
2. fork a child to do the work so inetd doesnt keep trying to send more
packets to the proxy, as per doco in the inetd manpage for dgram wait
sockets.
because of 1 you now have to add a pass out divert-reply for the proxy to
server packet to your pf ruleset.
this allows a series of rapid tftp connections from the same host
to a server in my environment. without this diff there's several
minutes of waiting in between requests because of issues with the
rules from previous requests stealing packets but not forwarding
them combined with inetd giving too many packets to tftp-proxy that
only expects to handle one.
this is going in so i can hack on PFRULE_ONCE support.
ok mikeb@ sthen@
