Use the F_CHECK_SENT and F_CHECK_DONE flags to determine whether a
previous attempt at running a check script has finished yet, so we
can avoid building up a backlog of check requests.

ok dlg@ tb@ giovanni@

use __func__ in log messages. fix some whitespace while here.
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio

Split "struct relayd" into two structs: "struct relayd" and "struct
relayd_config". This way we can send all the relevant global
configuration to the children, not just the flags and the opts.

With input from and
OK claudio@ benno@

In most cases we don't need all arguments of proc_compose*_imsg(),
so add a shortcut proc_compose*() that skips all of them. Only use the
full argument list if needed. The functions with full argument lists can
eventually be replaced with a nicer transaction-based approach later.

OK benno@

Clean up the relayd headers with help of include-what-you-use and some
manual review. Based on common practice, relayd.h now includes the
necessary headers for itself.

OK benno@

Adapt to <limits.h> universe.
ok millert

sync copyright to reality according to my last changes

Check strlcpy of the script path names for overflow and use the size of the
destination buffer instead of the source buffer as the argument.

Add additional check to prevent running scripts when not configured.

fix "check script" by sending all required information to the parent.

Reorganize the relayd code to use the proc.c privsep API/commodity
functions that are based on work for iked and smtpd. This simplifies
the setup of privsep processes and moves some redundant and repeated
code to a single place - which is always good from a quality and
security point of view. The relayd version of proc.c is different to
the current version in iked because it uses 1:N communications between
processes, eg. a single parent process is talking to many forked relay
children while iked only needs 1:1 communications.

ok sthen@ pyr@

If 'check script' doesn't exit(), treat the service as 'down' rather
than 'unknown'. Fixes a problem where the script is killed due to expiry
of the interval timer. ok pyr@ deraadt@

4 handed diff with eric:
Stop pushing event handling in the imsg framework.
Instead, provide a small glue layer on top of both imsg and libevent.
This finally clearly separates event handling and imsg construction.

Sidetrack bonus: remove the mega-ugly hack of having a dummy imsg_event_add
stub in relayctl.

This will make bgpd (and thus henning) happy. Next up are smtpd and ospfd.

ok eric@

Make imsg completely async model agnostic by not requiring an
imsg_event_add function to be provided (which ended up being a named
callback).
Instead provide a wrapper in the daemon and call that everywhere.
Previsously discussed with the usual suspects,
ok eric@ though not too happy about the function name
(imsg_compose_event).

close filedescriptors with closefrom(STDERR_FILENO + 1) before executing
the script to prevent access to internal processes.

From jacekm@

change the way relayd reports check results: instead of logging an
arbitrary string in debugging mode, it will store an error code
(HCE_*) for each host. the error code can be translated to a string
(in log.c) for debugging but it will also be passed to relayctl via
the control socket.

from a user point of view, this will print a human-readable error
message in the "relayctl show hosts" output if a host is down because
the check failed. the relayctl(8) manpage includes detailed
explanations of the error messages including mitigations for the
most-common problems.

ok jmc@ (manpages)
ok phessler@

bump copyright

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

sort includes, adjust to style(9)

avoid errno trashing in signal handler

put the fd passing from bgpd back in to hoststated's version of imsg,
needed for layer 7 reload support.

ok pyr@

add a new check method which allows to run external scripts/programs
for custom evaluations.

pyr agrees to put it in now but to do some improvements of the timeout
handling later.

use __func__ in log messages. fix some whitespace while here.
From Hiltjo Posthuma hiltjo -AT codemadness -DOT- org, thanks!
ok florian, claudio

Split "struct relayd" into two structs: "struct relayd" and "struct
relayd_config". This way we can send all the relevant global
configuration to the children, not just the flags and the opts.

With input from and
OK claudio@ benno@

In most cases we don't need all arguments of proc_compose*_imsg(),
so add a shortcut proc_compose*() that skips all of them. Only use the
full argument list if needed. The functions with full argument lists can
eventually be replaced with a nicer transaction-based approach later.

OK benno@

Clean up the relayd headers with help of include-what-you-use and some
manual review. Based on common practice, relayd.h now includes the
necessary headers for itself.

OK benno@

Adapt to <limits.h> universe.
ok millert

sync copyright to reality according to my last changes

Check strlcpy of the script path names for overflow and use the size of the
destination buffer instead of the source buffer as the argument.

Add additional check to prevent running scripts when not configured.

fix "check script" by sending all required information to the parent.

Reorganize the relayd code to use the proc.c privsep API/commodity
functions that are based on work for iked and smtpd. This simplifies
the setup of privsep processes and moves some redundant and repeated
code to a single place - which is always good from a quality and
security point of view. The relayd version of proc.c is different to
the current version in iked because it uses 1:N communications between
processes, eg. a single parent process is talking to many forked relay
children while iked only needs 1:1 communications.

ok sthen@ pyr@

If 'check script' doesn't exit(), treat the service as 'down' rather
than 'unknown'. Fixes a problem where the script is killed due to expiry
of the interval timer. ok pyr@ deraadt@

4 handed diff with eric:
Stop pushing event handling in the imsg framework.
Instead, provide a small glue layer on top of both imsg and libevent.
This finally clearly separates event handling and imsg construction.

Sidetrack bonus: remove the mega-ugly hack of having a dummy imsg_event_add
stub in relayctl.

This will make bgpd (and thus henning) happy. Next up are smtpd and ospfd.

ok eric@

Make imsg completely async model agnostic by not requiring an
imsg_event_add function to be provided (which ended up being a named
callback).
Instead provide a wrapper in the daemon and call that everywhere.
Previsously discussed with the usual suspects,
ok eric@ though not too happy about the function name
(imsg_compose_event).

close filedescriptors with closefrom(STDERR_FILENO + 1) before executing
the script to prevent access to internal processes.

From jacekm@

change the way relayd reports check results: instead of logging an
arbitrary string in debugging mode, it will store an error code
(HCE_*) for each host. the error code can be translated to a string
(in log.c) for debugging but it will also be passed to relayctl via
the control socket.

from a user point of view, this will print a human-readable error
message in the "relayctl show hosts" output if a host is down because
the check failed. the relayctl(8) manpage includes detailed
explanations of the error messages including mitigations for the
most-common problems.

ok jmc@ (manpages)
ok phessler@

bump copyright

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

sort includes, adjust to style(9)

avoid errno trashing in signal handler

put the fd passing from bgpd back in to hoststated's version of imsg,
needed for layer 7 reload support.

ok pyr@

add a new check method which allows to run external scripts/programs
for custom evaluations.

pyr agrees to put it in now but to do some improvements of the timeout
handling later.