# HG changeset patch # User Matthias Förste # Date 1372422664 -7200 # Node ID 1e6203fa0ddea6651bee46ec0a42a2690676ad19 # Parent fe030dbfb46b7540e1eb34086d73691e3708840d pound packaging uses quilt now diff -r fe030dbfb46b -r 1e6203fa0dde pound/2.6/dynamic-backends.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pound/2.6/dynamic-backends.patch Fri Jun 28 14:31:04 2013 +0200 @@ -0,0 +1,268 @@ +diff --git a/debian/changelog b/debian/changelog +index 689c84b..67ebb35 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,10 @@ ++pound (2.6-2.1) wheezy; urgency=low ++ ++ * Non-maintainer upload. ++ * patched to deal with backend addresses on dynamic ips ++ ++ -- Matthias Förste Fri, 28 Jun 2013 13:20:21 +0200 ++ + pound (2.6-2) unstable; urgency=low + + * Update anti_beast patch +diff --git a/debian/patches/dyn_addr.patch b/debian/patches/dyn_addr.patch +new file mode 100644 +index 0000000..c96b3c0 +--- /dev/null ++++ b/debian/patches/dyn_addr.patch +@@ -0,0 +1,239 @@ ++diff --git a/config.c b/config.c ++index 731b022..b19c78a 100755 ++--- a/config.c +++++ b/config.c ++@@ -77,7 +77,7 @@ static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteL ++ static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; ++ static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; ++ static regex_t ClientCert, AddHeader, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers, CAlist, VerifyList, CRLlist, NoHTTPS11; ++-static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, Disabled, Threads, CNName; +++static regex_t Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert, Disabled, Threads, CNName, DynamicAddress, DynamicHAAddress; ++ ++ static regmatch_t matches[5]; ++ ++@@ -183,7 +183,7 @@ parse_be(const int is_emergency) ++ if((res = (BACKEND *)malloc(sizeof(BACKEND))) == NULL) ++ conf_err("BackEnd config: out of memory - aborted"); ++ memset(res, 0, sizeof(BACKEND)); ++- res->be_type = 0; +++ res->be_type = res->dyn_addr = res->dyn_ha_addr = 0; ++ res->addr.ai_socktype = SOCK_STREAM; ++ res->to = is_emergency? 120: be_to; ++ res->conn_to = is_emergency? 120: be_connto; ++@@ -200,6 +200,9 @@ parse_be(const int is_emergency) ++ lin[strlen(lin) - 1] = '\0'; ++ if(!regexec(&Address, lin, 4, matches, 0)) { ++ lin[matches[1].rm_eo] = '\0'; +++ if((res->hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) +++ conf_err("out of memory"); +++ memcpy(res->hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); ++ if(get_host(lin + matches[1].rm_so, &res->addr)) { ++ /* if we can't resolve it assume this is a UNIX domain socket */ ++ res->addr.ai_socktype = SOCK_STREAM; ++@@ -243,6 +246,7 @@ parse_be(const int is_emergency) ++ if(is_emergency) ++ conf_err("HAport is not supported for Emergency back-ends"); ++ res->ha_addr = res->addr; +++ res->ha_hostname = res->hostname; ++ if((res->ha_addr.ai_addr = (struct sockaddr *)malloc(res->addr.ai_addrlen)) == NULL) ++ conf_err("out of memory"); ++ memcpy(res->ha_addr.ai_addr, res->addr.ai_addr, res->addr.ai_addrlen); ++@@ -264,6 +268,9 @@ parse_be(const int is_emergency) ++ if(is_emergency) ++ conf_err("HAportAddr is not supported for Emergency back-ends"); ++ lin[matches[1].rm_eo] = '\0'; +++ if((res->ha_hostname = (char *)malloc(matches[1].rm_eo - matches[1].rm_so + 1)) == NULL) +++ conf_err("out of memory"); +++ memcpy(res->ha_hostname, lin + matches[1].rm_so, matches[1].rm_eo - matches[1].rm_so + 1); ++ if(get_host(lin + matches[1].rm_so, &res->ha_addr)) { ++ /* if we can't resolve it assume this is a UNIX domain socket */ ++ res->addr.ai_socktype = SOCK_STREAM; ++@@ -321,6 +328,10 @@ parse_be(const int is_emergency) ++ SSL_CTX_set_tmp_dh_callback(res->ctx, DH_tmp_callback); ++ } else if(!regexec(&Disabled, lin, 4, matches, 0)) { ++ res->disabled = atoi(lin + matches[1].rm_so); +++ } else if(!regexec(&DynamicAddress, lin, 4, matches, 0)) { +++ res->dyn_addr = 1; +++ } else if(!regexec(&DynamicHAAddress, lin, 4, matches, 0)) { +++ res->dyn_ha_addr = 1; ++ } else if(!regexec(&End, lin, 4, matches, 0)) { ++ if(!has_addr) ++ conf_err("BackEnd missing Address - aborted"); ++@@ -1348,6 +1359,8 @@ config_parse(const int argc, char **const argv) ++ || regcomp(&IgnoreCase, "^[ \t]*IgnoreCase[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ++ || regcomp(&HTTPS, "^[ \t]*HTTPS[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ++ || regcomp(&HTTPSCert, "^[ \t]*HTTPS[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) +++ || regcomp(&DynamicAddress, "^[ \t]*DynamicAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) +++ || regcomp(&DynamicHAAddress, "^[ \t]*DynamicHAAddress[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ++ || regcomp(&Disabled, "^[ \t]*Disabled[ \t]+[01][ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ++ || regcomp(&CNName, ".*[Cc][Nn]=([-*.A-Za-z0-9]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) ++ ) { ++diff --git a/http.c b/http.c ++index f6f1b8b..3946977 100755 ++--- a/http.c +++++ b/http.c ++@@ -817,6 +817,13 @@ do_http(thr_arg *arg) ++ clean_all(); ++ return; ++ } +++ if (backend->dyn_addr && upd_addr(backend->hostname, &backend->addr)) { +++ logmsg(LOG_WARNING, "(%lx) e503 backend: failed to resolve hostname '%s': %s", pthread_self(), backend->hostname, strerror(errno)); +++ err_reply(cl, h503, lstn->err503); +++ free_headers(headers); +++ clean_all(); +++ pthread_exit(NULL); +++ } ++ if((sock = socket(sock_proto, SOCK_STREAM, 0)) < 0) { ++ str_be(buf, MAXBUF - 1, backend); ++ logmsg(LOG_WARNING, "(%lx) e503 backend %s socket create: %s", pthread_self(), buf, strerror(errno)); ++diff --git a/pound.8 b/pound.8 ++index b95e794..8fd3457 100755 ++--- a/pound.8 +++++ b/pound.8 ++@@ -744,6 +744,24 @@ with this back-end disabled (1) or enabled (0). If started as disabled, the ++ back-end can be later enabled with ++ .I poundctl ++ (8). +++.TP +++\fBDynamicAddress\fR +++If this directive is present then the +++.I Address +++given for this +++.I Backend +++is considered a dynamic address. It is resolved whenever a connection attempt +++to that +++.I Address +++is made. +++.TP +++\fBDynamicHAAddress\fR +++This is the same as +++.I DynamicAddress +++except that it applies to the address given in the +++.I HAPort +++directive if any. +++ ++ .SH "Emergency" ++ The emergency server will be used once all existing back-ends are "dead". ++ All configuration directives enclosed between ++diff --git a/pound.h b/pound.h ++index 5d0c880..a65a58c 100755 ++--- a/pound.h +++++ b/pound.h ++@@ -329,6 +329,10 @@ typedef struct _backend { ++ int alive; /* false if the back-end is dead */ ++ int resurrect; /* this back-end is to be resurrected */ ++ int disabled; /* true if the back-end is disabled */ +++ int dyn_addr; /* true if the address of the backend may change over time (dynamic ip for example) */ +++ char *hostname; /* in case of a dynamic address we need to keep the hostname too */ +++ int dyn_ha_addr; /* like dynaddr but for the ha addr */ +++ char *ha_hostname; /* in case of a dynamic ha address we need to keep the hostname too */ ++ struct _backend *next; ++ } BACKEND; ++ ++@@ -631,3 +635,6 @@ extern void *thr_timer(void *); ++ * listens to client requests and calls the appropriate functions ++ */ ++ extern void *thr_control(void *); +++ +++/* update address */ +++int upd_addr(char *hostname, struct addrinfo *ai); ++diff --git a/svc.c b/svc.c ++index 8c33a10..3551be3 100755 ++--- a/svc.c +++++ b/svc.c ++@@ -1022,6 +1022,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); +++ } ++ if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { ++ kill_be(svc, be, BE_KILL); ++ str_be(buf, MAXBUF - 1, be); ++@@ -1058,6 +1061,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); +++ } ++ if(connect_nb(sock, &be->ha_addr, be->conn_to) != 0) { ++ kill_be(svc, be, BE_KILL); ++ str_be(buf, MAXBUF - 1, be); ++@@ -1093,6 +1099,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); +++ } ++ addr = &be->addr; ++ } else { ++ switch(be->ha_addr.ai_family) { ++@@ -1111,6 +1120,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); +++ } ++ addr = &be->ha_addr; ++ } ++ if(connect_nb(sock, addr, be->conn_to) == 0) { ++@@ -1162,6 +1174,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_addr && upd_addr(be->hostname, &be->addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->hostname, strerror(errno)); +++ } ++ addr = &be->addr; ++ } else { ++ switch(be->ha_addr.ai_family) { ++@@ -1180,6 +1195,9 @@ do_resurect(void) ++ default: ++ continue; ++ } +++ if (be->dyn_ha_addr && upd_addr(be->ha_hostname, &be->ha_addr)) { +++ logmsg(LOG_NOTICE, "failed to resolve hostname '%s': %s", be->ha_hostname, strerror(errno)); +++ } ++ addr = &be->ha_addr; ++ } ++ if(connect_nb(sock, addr, be->conn_to) == 0) { ++@@ -1828,3 +1846,35 @@ SSLINFO_callback(const SSL *ssl, int where, int rc) ++ //else if (where & SSL_CB_ALERT) logmsg(LOG_DEBUG, "alert"); ++ } ++ +++/* update address */ +++int +++upd_addr(char *hostname, struct addrinfo *ai) +++{ +++ +++ int r; +++ in_port_t port; +++ +++ /* get_host will set the port to zero */ +++ switch(ai->ai_family) { +++ case AF_INET: +++ port = ((struct sockaddr_in *)ai->ai_addr)->sin_port; +++ break; +++ case AF_INET6: +++ port = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port; +++ break; +++ } +++ +++ r = get_host(hostname, ai); +++ +++ switch(ai->ai_family) { +++ case AF_INET: +++ ((struct sockaddr_in *)ai->ai_addr)->sin_port = port; +++ break; +++ case AF_INET6: +++ ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = port; +++ break; +++ } +++ +++ return r; +++ +++} +diff --git a/debian/patches/series b/debian/patches/series +index d9c96c5..ed63eb9 100644 +--- a/debian/patches/series ++++ b/debian/patches/series +@@ -1,2 +1,3 @@ + anti_beast.patch + xss_redirect_fix.patch ++dyn_addr.patch