|
1 diff -r 48d93349de4c config.c |
|
2 --- a/config.c Tue Jun 21 13:13:30 2016 +0200 |
|
3 +++ b/config.c Tue Jun 21 13:37:02 2016 +0200 |
|
4 @@ -77,7 +77,7 @@ |
|
5 static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; |
|
6 static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; |
|
7 static regex_t ClientCert, AddHeader, DisableSSLv2, DisableSSLv3, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11; |
|
8 -static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, Disabled, Threads, CNName; |
|
9 +static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, DynamicAddress, DynamicHAAddress, Disabled, Threads, CNName; |
|
10 |
|
11 static regmatch_t matches[5]; |
|
12 |
|
13 @@ -183,7 +183,7 @@ |
|
14 if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) |
|
15 conf_err("BackEnd config: out of memory - aborted"); |
|
16 memset(res, 0, sizeof(BACKEND)); |
|
17 - res->be_type = 0; |
|
18 + res->be_type = res->dyn_addr = res->dyn_ha_addr = 0; |
|
19 res->addr.ai_socktype = SOCK_STREAM; |
|
20 res->to = is_emergency? 120: be_to; |
|
21 res->conn_to = is_emergency? 120: be_connto; |
|
22 @@ -200,6 +200,9 @@ |
|
23 lin[strlen(lin) - 1] = '\0'; |
|
24 if(!regexec(&Address, lin, 4, matches, 0)) { |
|
25 lin[matches[1].rm_eo] = '\0'; |
|
26 + if((res->hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) |
|
27 + conf_err("out of memory"); |
|
28 + memcpy(res->hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); |
|
29 if(get_host(lin + matches[1].rm_so, &res->addr)) { |
|
30 /* if we can't resolve it assume this is a UNIX domain socket */ |
|
31 res->addr.ai_socktype = SOCK_STREAM; |
|
32 @@ -243,6 +246,7 @@ |
|
33 if(is_emergency) |
|
34 conf_err("HAport is not supported for Emergency back-ends"); |
|
35 res->ha_addr = res->addr; |
|
36 + res->ha_hostname = res->hostname; |
|
37 if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) |
|
38 conf_err("out of memory"); |
|
39 memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen); |
|
40 @@ -264,6 +268,9 @@ |
|
41 if(is_emergency) |
|
42 conf_err("HAportAddr is not supported for Emergency back-ends"); |
|
43 lin[matches[1].rm_eo] = '\0'; |
|
44 + if((res->ha_hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) |
|
45 + conf_err("out of memory"); |
|
46 + memcpy(res->ha_hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); |
|
47 if(get_host(lin + matches[1].rm_so, &res->ha_addr)) { |
|
48 /* if we can't resolve it assume this is a UNIX domain socket */ |
|
49 res->addr.ai_socktype = SOCK_STREAM; |
|
50 @@ -325,6 +332,10 @@ |
|
51 SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin)); |
|
52 SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback); |
|
53 SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); |
|
54 + } else if(!regexec(&DynamicAddress, lin, 4, matches, 0)) { |
|
55 + res->dyn_addr = 1; |
|
56 + } else if(!regexec(&DynamicHAAddress, lin, 4, matches, 0)) { |
|
57 + res->dyn_ha_addr = 1; |
|
58 } else if(!regexec(&Disabled, lin, 4, matches, 0)) { |
|
59 res->disabled = atoi(lin + matches[1].rm_so); |
|
60 } else if(!regexec(&End, lin, 4, matches, 0)) { |
|
61 @@ -1374,6 +1385,8 @@ |
|
62 || regcomp(&IgnoreCase, "^[ \t]*IgnoreCase[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
63 || regcomp(&HTTPS, "^[ \t]*HTTPS[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
64 || regcomp(&HTTPSCert, "^[ \t]*HTTPS[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
65 + || regcomp(&DynamicAddress, "^[ \t]*DynamicAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
66 + || regcomp(&DynamicHAAddress, "^[ \t]*DynamicHAAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
67 || regcomp(&Disabled, "^[ \t]*Disabled[ \t]+[01][ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
68 || regcomp(&CNName, ".*[Cc][Nn]=([-*.A-Za-z0-9]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) |
|
69 ) { |
|
70 diff -r 48d93349de4c http.c |
|
71 --- a/http.c Tue Jun 21 13:13:30 2016 +0200 |
|
72 +++ b/http.c Tue Jun 21 13:37:02 2016 +0200 |
|
73 @@ -846,6 +846,13 @@ |
|
74 clean_all(); |
|
75 return; |
|
76 } |
|
77 + if (backend->dyn_addr && upd_addr(backend->hostname, &backend->addr)) { |
|
78 + logmsg(LOG_WARNING, "(%lx) e503 backend: failed to resolve hostname '%s': %s", pthread_self(), backend->hostname, strerror(errno)); |
|
79 + err_reply(cl, h503, lstn->err503); |
|
80 + free_headers(headers); |
|
81 + clean_all(); |
|
82 + pthread_exit(NULL); |
|
83 + } |
|
84 if((sock = socket(sock_proto, SOCK_STREAM, 0)) < 0) { |
|
85 str_be(buf, MAXBUF - 1, backend); |
|
86 logmsg(LOG_WARNING, "(%lx) e503 backend %s socket create: %s", pthread_self(), buf, strerror(errno)); |
|
87 diff -r 48d93349de4c pound.8 |
|
88 --- a/pound.8 Tue Jun 21 13:13:30 2016 +0200 |
|
89 +++ b/pound.8 Tue Jun 21 13:37:02 2016 +0200 |
|
90 @@ -737,6 +737,24 @@ |
|
91 uses the same address as the back-end server, but you may use a separate address |
|
92 if you wish. This directive applies only to non Unix-domain servers. |
|
93 .TP |
|
94 +\fBDynamicAddress\fR |
|
95 +If this directive is present then the |
|
96 +.I Address |
|
97 +given for this |
|
98 +.I Backend |
|
99 +is considered a dynamic address. It is resolved whenever a connection attempt |
|
100 +to that |
|
101 +.I Address |
|
102 +is made. |
|
103 +.TP |
|
104 +\fBDynamicHAAddress\fR |
|
105 +This is the same as |
|
106 +.I DynamicAddress |
|
107 +except that it applies to the address given in the |
|
108 +.I HAPort |
|
109 +directive if any. |
|
110 + |
|
111 +.TP |
|
112 \fBDisabled\fR 0|1 |
|
113 Start |
|
114 .B Pound |
|
115 diff -r 48d93349de4c pound.h |
|
116 --- a/pound.h Tue Jun 21 13:13:30 2016 +0200 |
|
117 +++ b/pound.h Tue Jun 21 13:37:02 2016 +0200 |
|
118 @@ -329,6 +329,10 @@ |
|
119 int alive; /* false if the back-end is dead */ |
|
120 int resurrect; /* this back-end is to be resurrected */ |
|
121 int disabled; /* true if the back-end is disabled */ |
|
122 + int dyn_addr; /* true if the address of the backend may change over time (dynamic ip for example) */ |
|
123 + char *hostname; /* in case of a dynamic address we need to keep the hostname too */ |
|
124 + int dyn_ha_addr; /* like dynaddr but for the ha addr */ |
|
125 + char *ha_hostname; /* in case of a dynamic ha address we need to keep the hostname too */ |
|
126 struct _backend *next; |
|
127 } BACKEND; |
|
128 |
|
129 @@ -633,3 +637,6 @@ |
|
130 * listens to client requests and calls the appropriate functions |
|
131 */ |
|
132 extern void *thr_control(void *); |
|
133 + |
|
134 +/* update address */ |
|
135 +int upd_addr(char *hostname, struct addrinfo *ai); |
|
136 diff -r 48d93349de4c svc.c |
|
137 --- a/svc.c Tue Jun 21 13:13:30 2016 +0200 |
|
138 +++ b/svc.c Tue Jun 21 13:37:02 2016 +0200 |
|
139 @@ -1022,6 +1022,9 @@ |
|
140 default: |
|
141 continue; |
|
142 } |
|
143 + if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
144 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
145 + } |
|
146 if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { |
|
147 kill_be(svc, be, BE_KILL); |
|
148 str_be(buf, MAXBUF - 1, be); |
|
149 @@ -1058,6 +1061,9 @@ |
|
150 default: |
|
151 continue; |
|
152 } |
|
153 + if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
154 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
155 + } |
|
156 if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { |
|
157 kill_be(svc, be, BE_KILL); |
|
158 str_be(buf, MAXBUF - 1, be); |
|
159 @@ -1093,6 +1099,9 @@ |
|
160 default: |
|
161 continue; |
|
162 } |
|
163 + if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { |
|
164 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); |
|
165 + } |
|
166 addr = &be->addr; |
|
167 } else { |
|
168 switch(be->ha_addr.ai_family) { |
|
169 @@ -1111,6 +1120,9 @@ |
|
170 default: |
|
171 continue; |
|
172 } |
|
173 + if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
174 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
175 + } |
|
176 addr = &be->ha_addr; |
|
177 } |
|
178 if(connect_nb(sock, addr, be->conn_to) == 0) { |
|
179 @@ -1162,6 +1174,9 @@ |
|
180 default: |
|
181 continue; |
|
182 } |
|
183 + if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { |
|
184 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); |
|
185 + } |
|
186 addr = &be->addr; |
|
187 } else { |
|
188 switch(be->ha_addr.ai_family) { |
|
189 @@ -1180,6 +1195,9 @@ |
|
190 default: |
|
191 continue; |
|
192 } |
|
193 + if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { |
|
194 + logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); |
|
195 + } |
|
196 addr = &be->ha_addr; |
|
197 } |
|
198 if(connect_nb(sock, addr, be->conn_to) == 0) { |
|
199 @@ -1798,6 +1816,39 @@ |
|
200 } |
|
201 } |
|
202 |
|
203 +/* update address */ |
|
204 +int |
|
205 +upd_addr(char *hostname, struct addrinfo *ai) |
|
206 +{ |
|
207 + |
|
208 + int r; |
|
209 + in_port_t port; |
|
210 + |
|
211 + /* get_host will set the port to zero */ |
|
212 + switch(ai->ai_family) { |
|
213 + case AF_INET: |
|
214 + port = ((struct sockaddr_in *)ai->ai_addr)->sin_port; |
|
215 + break; |
|
216 + case AF_INET6: |
|
217 + port = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port; |
|
218 + break; |
|
219 + } |
|
220 + |
|
221 + r = get_host(hostname, ai); |
|
222 + |
|
223 + switch(ai->ai_family) { |
|
224 + case AF_INET: |
|
225 + ((struct sockaddr_in *)ai->ai_addr)->sin_port = port; |
|
226 + break; |
|
227 + case AF_INET6: |
|
228 + ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = port; |
|
229 + break; |
|
230 + } |
|
231 + |
|
232 + return r; |
|
233 + |
|
234 +} |
|
235 + |
|
236 void |
|
237 SSLINFO_callback(const SSL *ssl, int where, int rc) |
|
238 { |