Hello community,
here is the log from the commit of package pound for openSUSE:Factory checked in at 2018-01-31 19:54:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pound (Old)
and /work/SRC/openSUSE:Factory/.pound.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pound"
Wed Jan 31 19:54:41 2018 rev:25 rq:571411 version:2.8a
Changes:
--------
--- /work/SRC/openSUSE:Factory/pound/pound.changes 2016-08-10 19:55:57.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pound.new/pound.changes 2018-01-31 19:54:41.581660801 +0100
@@ -1,0 +2,19 @@
+Wed Jan 31 12:45:19 UTC 2018 - idonmez@suse.com
+
+- Depend on openssl 1.0
+
+-------------------------------------------------------------------
+Tue Jan 30 21:53:06 UTC 2018 - jengelh@inai.de
+
+- Do not ignore errors from useradd
+- Fix grammar errors in description
+
+-------------------------------------------------------------------
+Tue Jan 30 13:25:35 UTC 2018 - kbabioch@suse.com
+
+- Update to version 2.8a
+ * removed DynScale flag and support
+ * fixed potential request smuggling via fudged headers (CVE-2016-10711
+ boo#1078298)
+
+-------------------------------------------------------------------
Old:
----
Pound-2.7.tgz
New:
----
Pound-2.8a.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pound.spec ++++++
--- /var/tmp/diff_new_pack.XemFtv/_old 2018-01-31 19:54:42.193632341 +0100
+++ /var/tmp/diff_new_pack.XemFtv/_new 2018-01-31 19:54:42.197632155 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pound
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,6 +15,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
%if 0%{?suse_version} > 1230
%bcond_without systemd
%else
@@ -22,12 +23,12 @@
%endif
Name: pound
-BuildRequires: openssl-devel
-Summary: Reverse-Proxy and Load-Balancer
+BuildRequires: libopenssl-1_0_0-devel
+Summary: Reverse proxy and load balancer
License: SUSE-GPL-3.0+-with-openssl-exception
Group: Productivity/Networking/Web/Proxy
Url: http://www.apsis.ch/pound/
-Version: 2.7
+Version: 2.8a
Release: 0
Source0: http://www.apsis.ch/pound/Pound-%version.tgz
Source1: pound.cfg
@@ -46,8 +47,8 @@
%description
The Pound program is a reverse proxy, load balancer and HTTPS front-end
for Web server(s). Pound was developed to enable distributing the load
-among several Web-servers and to allow for a convenient SSL wrapper for
-those Web servers that do not offer it natively.
+among several web servers and to allow for a convenient SSL wrapper for
+those web servers that do not offer it natively.
%package doc
Summary: Doumentation for pound
@@ -55,9 +56,9 @@
%description doc
The Pound program is a reverse proxy, load balancer and HTTPS front-end
-for Web server(s). Pound was developed to enable distributing the load
-among several Web-servers and to allow for a convenient SSL wrapper for
-those Web servers that do not offer it natively.
+for web server(s). Pound was developed to enable distributing the load
+among several web servers and to allow for a convenient SSL wrapper for
+those web servers that do not offer it natively.
This package contains the documentation for pound.
@@ -71,7 +72,7 @@
--with-ssl=/usr/include/openssl \
--with-owner=pound \
--with-group=pound
-make %{?jobs:-j%jobs}
+make %{?_smp_mflags}
%install
%makeinstall
@@ -90,8 +91,9 @@
%pre
# Add the "pound" user and group
-%{_sbindir}/groupadd -r pound 2> /dev/null || :
-%{_sbindir}/useradd -c "Pound" -g pound -r -d /var/lib/pound pound 2> /dev/null || :
+getent group pound >/dev/null || %{_sbindir}/groupadd -r pound
+getent passwd pound >/dev/null || \
+ %{_sbindir}/useradd -c "Pound" -g pound -r -d /var/lib/pound pound
%if %{with systemd}
%service_add_pre %{name}.service
%endif
++++++ Pound-2.7.tgz -> Pound-2.8a.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/CHANGELOG new/Pound-2.8a/CHANGELOG
--- old/Pound-2.7/CHANGELOG 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/CHANGELOG 2016-10-23 16:59:47.000000000 +0200
@@ -1,4 +1,15 @@
------------------------------------------------------------------------
+r82 | roseg | 2016-10-23 16:59:47 +0200 (Sun, 23 Oct 2016) | 8 lines
+
+Release 2.8a
+
+Enhancements:
+ - removed DynScale flag and support
+
+Bug fixes:
+ - fixed potential request smuggling via fudged headers
+
+------------------------------------------------------------------------
r81 | roseg | 2015-01-26 17:47:53 +0100 (Mon, 26 Jan 2015) | 30 lines
Release 2.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/config.c new/Pound-2.8a/config.c
--- old/Pound-2.7/config.c 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/config.c 2016-10-23 16:59:47.000000000 +0200
@@ -77,7 +77,7 @@
static regex_t ListenHTTP, ListenHTTPS, End, Address, Port, Cert, xHTTP, Client, CheckURL;
static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination;
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr;
-static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale;
+static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID;
static regex_t ClientCert, AddHeader, DisableProto, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers;
static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS;
static regex_t Disabled, Threads, CNName, Anonymise, ECDHCurve;
@@ -97,7 +97,6 @@
static int clnt_to = 10;
static int be_to = 15;
static int be_connto = 15;
-static int dynscale = 0;
static int ignore_case = 0;
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
@@ -563,7 +562,6 @@
conf_err("Service config: out of memory - aborted");
memset(res, 0, sizeof(SERVICE));
res->sess_type = SESS_NONE;
- res->dynscale = dynscale;
pthread_mutex_init(&res->mut, NULL);
if(svc_name)
strncpy(res->name, svc_name, KEY_SIZE);
@@ -688,8 +686,6 @@
res->emergency = parse_be(1);
} else if(!regexec(&Session, lin, 4, matches, 0)) {
parse_sess(res);
- } else if(!regexec(&DynScale, lin, 4, matches, 0)) {
- res->dynscale = atoi(lin + matches[1].rm_so);
} else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) {
ign_case = atoi(lin + matches[1].rm_so);
} else if(!regexec(&Disabled, lin, 4, matches, 0)) {
@@ -1342,8 +1338,6 @@
clnt_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&Alive, lin, 4, matches, 0)) {
alive_to = atoi(lin + matches[1].rm_so);
- } else if(!regexec(&DynScale, lin, 4, matches, 0)) {
- dynscale = atoi(lin + matches[1].rm_so);
} else if(!regexec(&TimeOut, lin, 4, matches, 0)) {
be_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&ConnTO, lin, 4, matches, 0)) {
@@ -1481,7 +1475,6 @@
|| regcomp(&Type, "^[ \t]*Type[ \t]+([^ \t]+)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&TTL, "^[ \t]*TTL[ \t]+([1-9-][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&ID, "^[ \t]*ID[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
- || regcomp(&DynScale, "^[ \t]*DynScale[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&ClientCert, "^[ \t]*ClientCert[ \t]+([0-3])[ \t]+([1-9])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&AddHeader, "^[ \t]*AddHeader[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
@@ -1651,7 +1644,6 @@
regfree(&Type);
regfree(&TTL);
regfree(&ID);
- regfree(&DynScale);
regfree(&ClientCert);
regfree(&AddHeader);
regfree(&SSLAllowClientRenegotiation);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/configure new/Pound-2.8a/configure
--- old/Pound-2.7/configure 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/configure 2016-10-23 16:59:47.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pound 2.7.
+# Generated by GNU Autoconf 2.69 for pound 2.8a.
#
# Report bugs to .
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='pound'
PACKAGE_TARNAME='pound'
-PACKAGE_VERSION='2.7'
-PACKAGE_STRING='pound 2.7'
+PACKAGE_VERSION='2.8a'
+PACKAGE_STRING='pound 2.8a'
PACKAGE_BUGREPORT='roseg@apsis.ch'
PACKAGE_URL=''
@@ -683,6 +683,7 @@
docdir
oldincludedir
includedir
+runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -764,6 +765,7 @@
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1016,6 +1018,15 @@
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
+
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1153,7 +1164,7 @@
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
+ libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -1266,7 +1277,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pound 2.7 to adapt to many kinds of systems.
+\`configure' configures pound 2.8a to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1306,6 +1317,7 @@
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1332,7 +1344,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pound 2.7:";;
+ short | recursive ) echo "Configuration of pound 2.8a:";;
esac
cat <<\_ACEOF
@@ -1439,7 +1451,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pound configure 2.7
+pound configure 2.8a
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1862,7 +1874,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pound $as_me 2.7, which was
+It was created by pound $as_me 2.8a, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -6171,7 +6183,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pound $as_me 2.7, which was
+This file was extended by pound $as_me 2.8a, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6233,7 +6245,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pound config.status 2.7
+pound config.status 2.8a
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/http.c new/Pound-2.8a/http.c
--- old/Pound-2.7/http.c 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/http.c 2016-10-23 16:59:47.000000000 +0200
@@ -31,7 +31,8 @@
static char *h500 = "500 Internal Server Error",
*h501 = "501 Not Implemented",
*h503 = "503 Service Unavailable",
- *h414 = "414 Request URI too long";
+ *h414 = "414 Request URI too long",
+ *h400 = "Bad Request";
static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s";
@@ -83,7 +84,7 @@
safe_url, safe_url);
snprintf(rep, sizeof(rep),
"HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n",
- code, code_msg, safe_url, strlen(cont));
+ code, code_msg, safe_url, (int)strlen(cont));
BIO_write(c, rep, strlen(rep));
BIO_write(c, cont, strlen(cont));
BIO_flush(c);
@@ -126,11 +127,11 @@
get_line(BIO *const in, char *const buf, const int bufsize)
{
char tmp;
- int i, n_read;
+ int i, n_read, seen_cr;
memset(buf, 0, bufsize);
- for(n_read = 0;;)
- switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) {
+ for(i = 0, seen_cr = 0; i < bufsize - 1; i++)
+ switch(BIO_read(in, &tmp, 1)) {
case -2:
/* BIO_gets not implemented */
return -1;
@@ -138,24 +139,49 @@
case -1:
return 1;
default:
- for(i = n_read; i < bufsize && buf[i]; i++)
- if(buf[i] == '\n' || buf[i] == '\r') {
- buf[i] = '\0';
+ if(seen_cr)
+ if(tmp != '\n') {
+ /* we have CR not followed by NL */
+ do {
+ if(BIO_read(in, &tmp, 1) < 0)
+ return 1;
+ } while(tmp != '\n');
+ return 1;
+ } else {
+ buf[i - 1] = '\0';
return 0;
}
- if(i < bufsize) {
- n_read = i;
+
+ if(!iscntrl(tmp) || tmp == '\t') {
+ buf[i] = tmp;
+ continue;
+ }
+
+ if(tmp == '\r') {
+ seen_cr = 1;
continue;
}
- logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf);
- /* skip rest of "line" */
- tmp = '\0';
- while(tmp != '\n')
- if(BIO_read(in, &tmp, 1) != 1)
+
+ if(tmp == '\n') {
+ /* line ends in NL only (no CR) */
+ buf[i] = 0;
+ return 0;
+ }
+
+ /* all other control characters cause an error */
+ do {
+ if(BIO_read(in, &tmp, 1) < 0)
return 1;
- break;
+ } while(tmp != '\n');
+ return 1;
}
- return 0;
+
+ /* line too long */
+ do {
+ if(BIO_read(in, &tmp, 1) < 0)
+ return 1;
+ } while(tmp != '\n');
+ return 1;
}
/*
@@ -393,22 +419,16 @@
/* HTTP/1.1 allows leading CRLF */
memset(buf, 0, MAXBUF);
- while((res = BIO_gets(in, buf, MAXBUF - 1)) > 0) {
- has_eol = strip_eol(buf);
+ while((res = get_line(in, buf, MAXBUF)) == 0)
if(buf[0])
break;
- }
- if(res <= 0) {
+ if(res < 0) {
/* this is expected to occur only on client reads */
/* logmsg(LOG_NOTICE, "headers: bad starting read"); */
return NULL;
- } else if(!has_eol) {
- /* check for request length limit */
- logmsg(LOG_WARNING, "(%lx) e414 headers: request URI too long", pthread_self());
- err_reply(cl, h414, lstn->err414);
- return NULL;
}
+
if((headers = (char **)calloc(MAXHEADERS, sizeof(char *))) == NULL) {
logmsg(LOG_WARNING, "(%lx) e500 headers: out of memory", pthread_self());
err_reply(cl, h500, lstn->err500);
@@ -426,8 +446,10 @@
for(n = 1; n < MAXHEADERS; n++) {
if(get_line(in, buf, MAXBUF)) {
free_headers(headers);
+ /* this is not necessarily an error, EOF/timeout are possible
logmsg(LOG_WARNING, "(%lx) e500 can't read header", pthread_self());
err_reply(cl, h500, lstn->err500);
+ */
return NULL;
}
if(!buf[0])
@@ -713,23 +735,39 @@
conn_closed = 1;
break;
case HEADER_TRANSFER_ENCODING:
- if(cont >= L0)
- headers_ok[n] = 0;
- else if(!strcasecmp("chunked", buf))
- if(chunked)
- headers_ok[n] = 0;
- else
- chunked = 1;
+ if(!strcasecmp("chunked", buf))
+ chunked = 1;
+ else {
+ addr2str(caddr, MAXBUF - 1, &from_host, 1);
+ logmsg(LOG_NOTICE, "(%lx) e400 multiple Transfer-encoding \"%s\" from %s", pthread_self(), url, caddr);
+ err_reply(cl, h400, "Bad request: multiple Transfer-encoding values");
+ free_headers(headers);
+ clean_all();
+ return;
+ }
break;
case HEADER_CONTENT_LENGTH:
- if(chunked || cont >= 0L)
- headers_ok[n] = 0;
- else {
- if((cont = ATOL(buf)) < 0L)
- headers_ok[n] = 0;
- if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L))
- is_rpc = -1;
+ if(cont != L_1 || strchr(buf, ',')) {
+ addr2str(caddr, MAXBUF - 1, &from_host, 1);
+ logmsg(LOG_NOTICE, "(%lx) e400 multiple Content-length \"%s\" from %s", pthread_self(), url, caddr);
+ err_reply(cl, h400, "Bad request: multiple Content-length values");
+ free_headers(headers);
+ clean_all();
+ return;
}
+ for(mh = buf; *mh; mh++)
+ if(!isdigit(*mh)) {
+ addr2str(caddr, MAXBUF - 1, &from_host, 1);
+ logmsg(LOG_NOTICE, "(%lx) e400 Content-length bad value \"%s\" from %s", pthread_self(), url, caddr);
+ err_reply(cl, h400, "Bad request: Content-length bad value");
+ free_headers(headers);
+ clean_all();
+ return;
+ }
+ if((cont = ATOL(buf)) < 0L)
+ headers_ok[n] = 0;
+ if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L))
+ is_rpc = -1;
break;
case HEADER_EXPECT:
/*
@@ -787,6 +825,16 @@
}
}
+ /* check for possible request smuggling attempt */
+ if(chunked != 0 && cont != L_1) {
+ addr2str(caddr, MAXBUF - 1, &from_host, 1);
+ logmsg(LOG_NOTICE, "(%lx) e501 Transfer-encoding and Content-length \"%s\" from %s", pthread_self(), url, caddr);
+ err_reply(cl, h400, "Bad request: Transfer-encoding and Content-length headers present");
+ free_headers(headers);
+ clean_all();
+ return;
+ }
+
/* possibly limited request size */
if(lstn->max_req > L0 && cont > L0 && cont > lstn->max_req && is_rpc != 1) {
addr2str(caddr, MAXBUF - 1, &from_host, 1);
@@ -1553,7 +1601,6 @@
}
}
end_req = cur_time();
- upd_be(svc, cur_backend, end_req - start_req);
/* log what happened */
memset(s_res_bytes, 0, LOG_BYTES_SIZE);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/pound.8 new/Pound-2.8a/pound.8
--- old/Pound-2.7/pound.8 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/pound.8 2016-10-23 16:59:47.000000000 +0200
@@ -257,13 +257,6 @@
Ignore case when matching URLs (default: 0). This value can be
overridden for specific services.
.TP
-\fBDynScale\fR 0|1
-Enable or disable the dynamic rescaling code (default: 0). If enabled
-.B Pound
-will periodically try to modify the back-end priorities in order to
-equalise the response times from the various back-ends.
-This value can be overridden for specific services.
-.TP
\fBAlive\fR value
Specify how often
.B Pound
@@ -610,10 +603,6 @@
.B before
the service matching is attempted.
.TP
-\fBDynScale\fR 0|1
-Enable or disable dynamic rescaling for the current service. This value will
-override the value globally defined.
-.TP
\fBDisabled\fR 0|1
Start
.B Pound
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/pound.h new/Pound-2.8a/pound.h
--- old/Pound-2.7/pound.h 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/pound.h 2016-10-23 16:59:47.000000000 +0200
@@ -368,7 +368,6 @@
#else
LHASH *sessions; /* currently active sessions */
#endif
- int dynscale; /* true if the back-ends should be dynamically rescaled */
int disabled; /* true if the service is disabled */
struct _service *next;
} SERVICE;
@@ -556,21 +555,6 @@
extern void kill_be(SERVICE *const, const BACKEND *, const int);
/*
- * Rescale back-end priorities if needed
- * runs every 5 minutes
- */
-#ifndef RESCALE_TO
-#define RESCALE_TO 300
-#endif
-
-/*
- * Dynamic rescaling constants
- */
-#define RESCALE_MAX 32000
-#define RESCALE_MIN 8000
-#define RESCALE_BOT 4000
-
-/*
* Update the number of requests and time to answer for a given back-end
*/
extern void upd_be(SERVICE *const svc, BACKEND *const be, const double);
@@ -630,7 +614,6 @@
/*
* run timed functions:
* - RSAgen every T_RSA_KEYS seconds
- * - rescale every RESCALE_TO seconds
* - resurrect every alive_to seconds
* - expire every EXPIRE_TO seconds
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/svc.c new/Pound-2.8a/svc.c
--- old/Pound-2.7/svc.c 2015-01-26 17:47:53.000000000 +0100
+++ new/Pound-2.8a/svc.c 2016-10-23 16:59:47.000000000 +0200
@@ -727,30 +727,6 @@
}
/*
- * Update the number of requests and time to answer for a given back-end
- */
-void
-upd_be(SERVICE *const svc, BACKEND *const be, const double elapsed)
-{
- int ret_val;
-
- if(svc->dynscale) {
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "upd_be() lock: %s", strerror(ret_val));
- be->t_requests += elapsed;
- if(++be->n_requests > RESCALE_MAX) {
- /* scale it down */
- be->n_requests /= 2;
- be->t_requests /= 2;
- }
- be->t_average = be->t_requests / be->n_requests;
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "upd_be() unlock: %s", strerror(ret_val));
- }
- return;
-}
-
-/*
* Search for a host name, return the addrinfo for it
*/
int
@@ -1265,140 +1241,6 @@
return;
}
-/*
- * Rescale back-end priorities if needed
- * runs every 5 minutes
- */
-static void
-do_rescale(void)
-{
- LISTENER *lstn;
- SERVICE *svc;
- BACKEND *be;
- int n, ret_val;
- double average, sq_average;
-
- /* scale the back-end priorities */
- for(lstn = listeners; lstn; lstn = lstn->next)
- for(svc = lstn->services; svc; svc = svc->next) {
- if(!svc->dynscale)
- continue;
- average = sq_average = 0.0;
- n = 0;
- for(be = svc->backends; be; be = be->next) {
- if(be->be_type || !be->alive || be->disabled)
- continue;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- average += be->t_average;
- sq_average += be->t_average * be->t_average;
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- n++;
- }
- if(n <= 1)
- continue;
- sq_average /= n;
- average /= n;
- sq_average = sqrt(sq_average - average * average); /* this is now the standard deviation */
- sq_average *= 3; /* we only want things outside of 3 standard deviations */
- if(ret_val = pthread_mutex_lock(&svc->mut)) {
- logmsg(LOG_WARNING, "thr_rescale() lock: %s", strerror(ret_val));
- continue;
- }
- for(be = svc->backends; be; be = be->next) {
- if(be->be_type || !be->alive || be->disabled || be->n_requests < RESCALE_MIN)
- continue;
- if(be->t_average < (average - sq_average)) {
- be->priority++;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- while(be->n_requests > RESCALE_BOT) {
- be->n_requests /= 2;
- be->t_requests /= 2;
- }
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- svc->tot_pri++;
- }
- if(be->t_average > (average + sq_average) && be->priority > 1) {
- be->priority--;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- while(be->n_requests > RESCALE_BOT) {
- be->n_requests /= 2;
- be->t_requests /= 2;
- }
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- svc->tot_pri--;
- }
- }
- if(ret_val = pthread_mutex_unlock(&svc->mut))
- logmsg(LOG_WARNING, "thr_rescale() unlock: %s", strerror(ret_val));
- }
-
- for(svc = services; svc; svc = svc->next) {
- if(!svc->dynscale)
- continue;
- average = sq_average = 0.0;
- n = 0;
- for(be = svc->backends; be; be = be->next) {
- if(be->be_type || !be->alive || be->disabled)
- continue;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- average += be->t_average;
- sq_average += be->t_average * be->t_average;
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- n++;
- }
- if(n <= 1)
- continue;
- sq_average /= n;
- average /= n;
- sq_average = sqrt(sq_average - average * average); /* this is now the standard deviation */
- sq_average *= 3; /* we only want things outside of 3 standard deviations */
- if(ret_val = pthread_mutex_lock(&svc->mut)) {
- logmsg(LOG_WARNING, "thr_rescale() lock: %s", strerror(ret_val));
- continue;
- }
- for(be = svc->backends; be; be = be->next) {
- if(be->be_type || !be->alive || be->disabled || be->n_requests < RESCALE_MIN)
- continue;
- if(be->t_average < (average - sq_average)) {
- be->priority++;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- while(be->n_requests > RESCALE_BOT) {
- be->n_requests /= 2;
- be->t_requests /= 2;
- }
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- svc->tot_pri++;
- }
- if(be->t_average > (average + sq_average) && be->priority > 1) {
- be->priority--;
- if(ret_val = pthread_mutex_lock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val));
- while(be->n_requests > RESCALE_BOT) {
- be->n_requests /= 2;
- be->t_requests /= 2;
- }
- if(ret_val = pthread_mutex_unlock(&be->mut))
- logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val));
- svc->tot_pri--;
- }
- }
- if(ret_val = pthread_mutex_unlock(&svc->mut))
- logmsg(LOG_WARNING, "thr_rescale() unlock: %s", strerror(ret_val));
- }
-
- return;
-}
-
static pthread_mutex_t RSA_mut; /* mutex for RSA keygen */
static RSA *RSA512_keys[N_RSA_KEYS]; /* ephemeral RSA keys */
static RSA *RSA1024_keys[N_RSA_KEYS]; /* ephemeral RSA keys */
@@ -1470,7 +1312,7 @@
}
#endif
-static time_t last_RSA, last_rescale, last_alive, last_expire;
+static time_t last_RSA, last_alive, last_expire;
/*
* initialise the timer functions:
@@ -1481,7 +1323,7 @@
{
int n;
- last_RSA = last_rescale = last_alive = last_expire = time(NULL);
+ last_RSA = last_alive = last_expire = time(NULL);
/*
* Pre-generate ephemeral RSA keys
@@ -1512,7 +1354,6 @@
/*
* run timed functions:
* - RSAgen every T_RSA_KEYS seconds
- * - rescale every RESCALE_TO seconds
* - resurect every alive_to seconds
* - expire every EXPIRE_TO seconds
*/
@@ -1525,8 +1366,6 @@
n_wait = EXPIRE_TO;
if(n_wait > alive_to)
n_wait = alive_to;
- if(n_wait > RESCALE_TO)
- n_wait = RESCALE_TO;
if(n_wait > T_RSA_KEYS)
n_wait = T_RSA_KEYS;
for(last_time = time(NULL) - n_wait;;) {
@@ -1538,10 +1377,6 @@
last_RSA = time(NULL);
do_RSAgen();
}
- if((last_time - last_rescale) >= RESCALE_TO) {
- last_rescale = time(NULL);
- do_rescale();
- }
if((last_time - last_alive) >= alive_to) {
last_alive = time(NULL);
do_resurect();