1 diff --git a/debian/changelog b/debian/changelog |
|
2 index 689c84b..67ebb35 100644 |
|
3 --- a/debian/changelog |
|
4 +++ b/debian/changelog |
|
5 @@ -1,3 +1,10 @@ |
|
6 +pound (2.6-2.1) wheezy; urgency=low |
|
7 + |
|
8 + * Non-maintainer upload. |
|
9 + * patched to deal with backend addresses on dynamic ips |
|
10 + |
|
11 + -- Matthias Förste <foerste@schlittermann.de> Fri, 28 Jun 2013 13:20:21 +0200 |
|
12 + |
|
13 pound (2.6-2) unstable; urgency=low |
|
14 |
|
15 * Update anti_beast patch |
|
16 diff --git a/debian/patches/dyn_addr.patch b/debian/patches/dyn_addr.patch |
|
17 new file mode 100644 |
|
18 index 0000000..c96b3c0 |
|
19 --- /dev/null |
|
20 +++ b/debian/patches/dyn_addr.patch |
|
21 @@ -0,0 +1,239 @@ |
|
22 +diff --git a/config.c b/config.c |
|
23 +index 731b022..b19c78a 100755 |
|
24 +--- a/config.c |
|
25 ++++ b/config.c |
|
26 +@@ -77,7 +77,7 @@ static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteL |
|
27 + static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; |
|
28 + static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; |
|
29 + static regex_t ClientCert, AddHeader, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11; |
|
30 +-static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, Disabled, Threads, CNName; |
|
31 ++static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, Disabled, Threads, CNName, DynamicAddress, DynamicHAAddress; |
|
32 + |
|
33 + static regmatch_t matches[5]; |
|
34 + |
|
35 +@@ -183,7 +183,7 @@ parse_be(const int is_emergency) |
|
36 + if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) |
|
37 + conf_err("BackEnd config: out of memory - aborted"); |
|
38 + memset(res, 0, sizeof(BACKEND)); |
|
39 +- res->be_type = 0; |
|
40 ++ res->be_type = res->dyn_addr = res->dyn_ha_addr = 0; |
|
41 + res->addr.ai_socktype = SOCK_STREAM; |
|
42 + res->to = is_emergency? 120: be_to; |
|
43 + res->conn_to = is_emergency? 120: be_connto; |
|
44 +@@ -200,6 +200,9 @@ parse_be(const int is_emergency) |
|
45 + lin[strlen(lin) - 1] = '\0'; |
|
46 + if(!regexec(&Address, lin, 4, matches, 0)) { |
|
47 + lin[matches[1].rm_eo] = '\0'; |
|
48 ++ if((res->hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) |
|
49 ++ conf_err("out of memory"); |
|
50 ++ memcpy(res->hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); |
|
51 + if(get_host(lin + matches[1].rm_so, &res->addr)) { |
|
52 + /* if we can't resolve it assume this is a UNIX domain socket */ |
|
53 + res->addr.ai_socktype = SOCK_STREAM; |
|
54 +@@ -243,6 +246,7 @@ parse_be(const int is_emergency) |
|
55 + if(is_emergency) |
|
56 + conf_err("HAport is not supported for Emergency back-ends"); |
|
57 + res->ha_addr = res->addr; |
|
58 ++ res->ha_hostname = res->hostname; |
|
59 + if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) |
|
60 + conf_err("out of memory"); |
|
61 + memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen); |
|
62 +@@ -264,6 +268,9 @@ parse_be(const int is_emergency) |
|
63 + if(is_emergency) |
|
64 + conf_err("HAportAddr is not supported for Emergency back-ends"); |
|
65 + lin[matches[1].rm_eo] = '\0'; |
|
66 ++ if((res->ha_hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) |
|
67 ++ conf_err("out of memory"); |
|
68 ++ memcpy(res->ha_hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); |
|
69 + if(get_host(lin + matches[1].rm_so, &res->ha_addr)) { |
|
70 + /* if we can't resolve it assume this is a UNIX domain socket */ |
|
71 + res->addr.ai_socktype = SOCK_STREAM; |
|
72 +@@ -321,6 +328,10 @@ parse_be(const int is_emergency) |
|
73 + SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); |
|
74 + } else if(!regexec(&Disabled, lin, 4, matches, 0)) { |
|
75 + res->disabled = atoi(lin + matches[1].rm_so); |
|
76 ++ } else if(!regexec(&DynamicAddress, lin, 4, matches, 0)) { |
|
77 ++ res->dyn_addr = 1; |
|
78 ++ } else if(!regexec(&DynamicHAAddress, lin, 4, matches, 0)) { |
|
79 ++ res->dyn_ha_addr = 1; |
|
80 + } else if(!regexec(&End, lin, 4, matches, 0)) { |
|
81 + if(!has_addr) |
|
82 + conf_err("BackEnd missing Address - aborted"); |
|
83 +@@ -1348,6 +1359,8 @@ config_parse(const int argc, char **const argv) |
|
84 + || regcomp(&IgnoreCase, "^[ \t]*IgnoreCase[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
85 + || regcomp(&HTTPS, "^[ \t]*HTTPS[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
86 + || regcomp(&HTTPSCert, "^[ \t]*HTTPS[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
87 ++ || regcomp(&DynamicAddress, "^[ \t]*DynamicAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
88 ++ || regcomp(&DynamicHAAddress, "^[ \t]*DynamicHAAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
89 + || regcomp(&Disabled, "^[ \t]*Disabled[ \t]+[01][ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
90 + || regcomp(&CNName, ".*[Cc][Nn]=([-*.A-Za-z0-9]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
91 + ) { |
|
92 +diff --git a/http.c b/http.c |
|
93 +index f6f1b8b..3946977 100755 |
|
94 +--- a/http.c |
|
95 ++++ b/http.c |
|
96 +@@ -817,6 +817,13 @@ do_http(thr_arg *arg) |
|
97 + clean_all(); |
|
98 + return; |
|
99 + } |
|
100 ++ if (backend->dyn_addr && upd_addr(backend->hostname, &backend->addr)) { |
|
101 ++ logmsg(LOG_WARNING, "(%lx) e503 backend: failed to resolve hostname '%s': %s", pthread_self(), backend->hostname, strerror(errno)); |
|
102 ++ err_reply(cl, h503, lstn->err503); |
|
103 ++ free_headers(headers); |
|
104 ++ clean_all(); |
|
105 ++ pthread_exit(NULL); |
|
106 ++ } |
|
107 + if((sock = socket(sock_proto, SOCK_STREAM, 0)) < 0) { |
|
108 + str_be(buf, MAXBUF - 1, backend); |
|
109 + logmsg(LOG_WARNING, "(%lx) e503 backend %s socket create: %s", pthread_self(), buf, strerror(errno)); |
|
110 +diff --git a/pound.8 b/pound.8 |
|
111 +index b95e794..8fd3457 100755 |
|
112 +--- a/pound.8 |
|
113 ++++ b/pound.8 |
|
114 +@@ -744,6 +744,24 @@ with this back-end disabled (1) or enabled (0). If started as disabled, the |
|
115 + back-end can be later enabled with |
|
116 + .I poundctl |
|
117 + (8). |
|
118 ++.TP |
|
119 ++\fBDynamicAddress\fR |
|
120 ++If this directive is present then the |
|
121 ++.I Address |
|
122 ++given for this |
|
123 ++.I Backend |
|
124 ++is considered a dynamic address. It is resolved whenever a connection attempt |
|
125 ++to that |
|
126 ++.I Address |
|
127 ++is made. |
|
128 ++.TP |
|
129 ++\fBDynamicHAAddress\fR |
|
130 ++This is the same as |
|
131 ++.I DynamicAddress |
|
132 ++except that it applies to the address given in the |
|
133 ++.I HAPort |
|
134 ++directive if any. |
|
135 ++ |
|
136 + .SH "Emergency" |
|
137 + The emergency server will be used once all existing back-ends are "dead". |
|
138 + All configuration directives enclosed between |
|
139 +diff --git a/pound.h b/pound.h |
|
140 +index 5d0c880..a65a58c 100755 |
|
141 +--- a/pound.h |
|
142 ++++ b/pound.h |
|
143 +@@ -329,6 +329,10 @@ typedef struct _backend { |
|
144 + int alive; /* false if the back-end is dead */ |
|
145 + int resurrect; /* this back-end is to be resurrected */ |
|
146 + int disabled; /* true if the back-end is disabled */ |
|
147 ++ int dyn_addr; /* true if the address of the backend may change over time (dynamic ip for example) */ |
|
148 ++ char *hostname; /* in case of a dynamic address we need to keep the hostname too */ |
|
149 ++ int dyn_ha_addr; /* like dynaddr but for the ha addr */ |
|
150 ++ char *ha_hostname; /* in case of a dynamic ha address we need to keep the hostname too */ |
|
151 + struct _backend *next; |
|
152 + } BACKEND; |
|
153 + |
|
154 +@@ -631,3 +635,6 @@ extern void *thr_timer(void *); |
|
155 + * listens to client requests and calls the appropriate functions |
|
156 + */ |
|
157 + extern void *thr_control(void *); |
|
158 ++ |
|
159 ++/* update address */ |
|
160 ++int upd_addr(char *hostname, struct addrinfo *ai); |
|
161 +diff --git a/svc.c b/svc.c |
|
162 +index 8c33a10..3551be3 100755 |
|
163 +--- a/svc.c |
|
164 ++++ b/svc.c |
|
165 +@@ -1022,6 +1022,9 @@ do_resurect(void) |
|
166 + default: |
|
167 + continue; |
|
168 + } |
|
169 ++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
170 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
171 ++ } |
|
172 + if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { |
|
173 + kill_be(svc, be, BE_KILL); |
|
174 + str_be(buf, MAXBUF - 1, be); |
|
175 +@@ -1058,6 +1061,9 @@ do_resurect(void) |
|
176 + default: |
|
177 + continue; |
|
178 + } |
|
179 ++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
180 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
181 ++ } |
|
182 + if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { |
|
183 + kill_be(svc, be, BE_KILL); |
|
184 + str_be(buf, MAXBUF - 1, be); |
|
185 +@@ -1093,6 +1099,9 @@ do_resurect(void) |
|
186 + default: |
|
187 + continue; |
|
188 + } |
|
189 ++ if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { |
|
190 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); |
|
191 ++ } |
|
192 + addr = &be->addr; |
|
193 + } else { |
|
194 + switch(be->ha_addr.ai_family) { |
|
195 +@@ -1111,6 +1120,9 @@ do_resurect(void) |
|
196 + default: |
|
197 + continue; |
|
198 + } |
|
199 ++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
200 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
201 ++ } |
|
202 + addr = &be->ha_addr; |
|
203 + } |
|
204 + if(connect_nb(sock, addr, be->conn_to) == 0) { |
|
205 +@@ -1162,6 +1174,9 @@ do_resurect(void) |
|
206 + default: |
|
207 + continue; |
|
208 + } |
|
209 ++ if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { |
|
210 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); |
|
211 ++ } |
|
212 + addr = &be->addr; |
|
213 + } else { |
|
214 + switch(be->ha_addr.ai_family) { |
|
215 +@@ -1180,6 +1195,9 @@ do_resurect(void) |
|
216 + default: |
|
217 + continue; |
|
218 + } |
|
219 ++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
220 ++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
221 ++ } |
|
222 + addr = &be->ha_addr; |
|
223 + } |
|
224 + if(connect_nb(sock, addr, be->conn_to) == 0) { |
|
225 +@@ -1828,3 +1846,35 @@ SSLINFO_callback(const SSL *ssl, int where, int rc) |
|
226 + //else if (where & SSL_CB_ALERT) logmsg(LOG_DEBUG, "alert"); |
|
227 + } |
|
228 + |
|
229 ++/* update address */ |
|
230 ++int |
|
231 ++upd_addr(char *hostname, struct addrinfo *ai) |
|
232 ++{ |
|
233 ++ |
|
234 ++ int r; |
|
235 ++ in_port_t port; |
|
236 ++ |
|
237 ++ /* get_host will set the port to zero */ |
|
238 ++ switch(ai->ai_family) { |
|
239 ++ case AF_INET: |
|
240 ++ port = ((struct sockaddr_in *)ai->ai_addr)->sin_port; |
|
241 ++ break; |
|
242 ++ case AF_INET6: |
|
243 ++ port = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port; |
|
244 ++ break; |
|
245 ++ } |
|
246 ++ |
|
247 ++ r = get_host(hostname, ai); |
|
248 ++ |
|
249 ++ switch(ai->ai_family) { |
|
250 ++ case AF_INET: |
|
251 ++ ((struct sockaddr_in *)ai->ai_addr)->sin_port = port; |
|
252 ++ break; |
|
253 ++ case AF_INET6: |
|
254 ++ ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = port; |
|
255 ++ break; |
|
256 ++ } |
|
257 ++ |
|
258 ++ return r; |
|
259 ++ |
|
260 ++} |
|
261 diff --git a/debian/patches/series b/debian/patches/series |
|
262 index d9c96c5..ed63eb9 100644 |
|
263 --- a/debian/patches/series |
|
264 +++ b/debian/patches/series |
|
265 @@ -1,2 +1,3 @@ |
|
266 anti_beast.patch |
|
267 xss_redirect_fix.patch |
|
268 +dyn_addr.patch |
|