From a syslog perspective it does not make sense to log fatal and
warn with the same severity. Switch log_warn() to LOG_ERR and keep
fatal() at LOG_CRIT.
OK reyk@ florian@

Stop accessing verbose and debug variables from log.c directly.

This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().

Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)

Sync log.c with the latest version from vmd/log.c that preserves errno
so it is safe calling log_* after an error without loosing the it.

copy updated log.c from vmd: for correctness, save errno when doing
additional actions before printing it. OK rzalamena@

sync with vmd

Update log.c: change fatal() and fatalx() into variadic functions,
include the process name, and replace all calls of fatal*(NULL) with
fatal(__func__) for better debugging.

OK benno@

Once again, fix the license text. After many years, we just cannot
get rid of the "LOSS OF MIND" joke. Haha. We keep on removing it and
it shows up again because it accidentally gets synced from somewhere
else. bgpd and ospfd don't have it anymore, but their offsprings
still carry it. If you see it, remove it, and, in the OpenBSD ISC
case, use the original text from /usr/share/misc/license.template.
All authors agree.

Move local logging functions from log.c to new file util.c (that is
also shared with relayctl). This allows us to unify common log.c with
other daemons. It also clarifies the Copyright: log.c is by Henning,
relayd's additions were from me. No functional or code changes, but
it will make future updates easier.

Clean up the relayd headers with help of include-what-you-use and some
manual review. Based on common practice, relayd.h now includes the
necessary headers for itself.

OK benno@

Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.

ok reyk@

Change the keyword "ssl" to "tls" to reflect reality since we
effectively disabled support for the SSL protocols. SSL remains a
common term describing SSL/TLS, there is some controvery about this
change, and the name really doesn't matter, but I feel confident about
it now.

(btw., sthen@ pointed out some historical context:
http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html)

OK benno@, with input from tedu@

Remove unnecessary netinet/in_systm.h include.

ok millert@

Move HTTP error codes into http.h.

ok benno@

fix previous

spacing

unsigned char for ctype

This diff changes relayd to use the monotonic clock instead of
gettimeofday(). It was also bugging me for some time to have all
these checks of gettimeofday()'s return value: it should not fail. So
this diff introduces a void getmonotime(struct timeval *tv) that calls
clock_gettime(CLOCK_MONOTONIC, &ts) and converts the output to a
struct timeval that can be used with the existing code and the
timeval-specific timer functions (timerclear, timersub, ...). It does
not return a status but calls fatal() on error-that-should-not-happen.

ok sthen@ chris@

Add format attributes to the proper functions and then fix the warnings
that gcc then reports when compiling with -DDEBUG=2

ok reyk@ benno@

update flags and printing of flags in debug mode, handle splicing flag.

The relayd processes did already bump up the socket file descriptor
resource limits to the maximum of the daemon class but the host check
process (hce/health checks) didn't and was limited to a fairly low
default of 128 open sockets (openfiles-cur=128 in login.conf). This
was reached fairly quickly with "check tcp" of many hosts. This diff
increases the maximum number of monitored hosts and concurrent health
checks in relayd in a significant way and may fix issues for people
that have around 100 or more hosts (or fewer hosts with multiple checked
ports).

tested by phessler@
ok jsg@

add "log brief" and "log verbose" to change logging verbosity
like several other things in the tree.

ok reyk@ looks fine claudio@

change the way relayd reports check results: instead of logging an
arbitrary string in debugging mode, it will store an error code
(HCE_*) for each host. the error code can be translated to a string
(in log.c) for debugging but it will also be passed to relayctl via
the control socket.

from a user point of view, this will print a human-readable error
message in the "relayctl show hosts" output if a host is down because
the check failed. the relayctl(8) manpage includes detailed
explanations of the error messages including mitigations for the
most-common problems.

ok jmc@ (manpages)
ok phessler@

terminate the input buffer on failure in print_host()

use getaddrinfo/getnameinfo to parse ipv6 addresses instead of
inet_pton/inet_ntop to allow specifing and printing the IPv6 scope
identifier. synced host_v6() with ntpd's version to use getaddrinfo()
instead of inet_pton() - host_v4, host_v6, and host_dns could all use
getaddrinfo in a single function by specifing different flags but this
would diverge from the other daemons using this common interface so we
keep this little overhead.

discussed with henning@
ok pyr@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

sort includes, adjust to style(9)

it may be desirable to send a HTTP error page with error code and a
meaningful message if a HTTP/HTTPS relay closes the connection for
some reason. for example, a "403 Forbidden" if the request was
rejected by a filter. this will be enabled with the "return error"
option and is disabled by default, the standard behaviour is to
silently drop the connection; the browser may display an empty page in
this case. the look+feel of the HTTP error page can be customized with
a CSS style sheet, but we do not intend to allow customization of the
error page contents (hoststated is not a webserver!).

ok pyr@

the last change to enable logging to stderr on startup also enabled
annoying debugging messages on the console by default. since we do
not want to see debugging messages unless specified by the "-d" flag,
add an extra debugging level "debug > 1" to be checked in log_debug().

add a function to print delays in hours, minutes, and seconds

rename relay_host to print_host in log.c

add a new check method which allows to run external scripts/programs
for custom evaluations.

pyr agrees to put it in now but to do some improvements of the timeout
handling later.

Add layer 7 functionality to hoststated used for layer 7
loadbalancing, SSL acceleration, general-purpose TCP relaying, and
transparent proxying.

see hoststated.conf(5) and my upcoming article on undeadly.org for
details.

ok to commit deraadt@ pyr@

add new "log (updates|all)" configuration option to log state
notifications after completed host checks. either only log the
"updates" to new states or log "all" state notifications, even if the
state didn't change. the log messages will be reported to syslog or to
stderr if the daemon is running in foreground mode.

ok claudio@ pyr@

spacing

Import hostated, the host status daemon. This daemon will monitor
remote hosts and dynamically alter pf(4) tables and redirection rules
for active server load balancing. The daemon has been written by
Pierre-Yves Ritschard (pyr at spootnik.org) and was formerly known as
"slbd".

The daemon is fully functional but it still needs some work and
cleanup so we don't link it to the build yet. Some TODOs are a
partial rewrite of the check_* routines (use libevent whenever we
can), improvement of the manpages, and general knf and cleanup.

ok deraadt@ claudio@