Hello community, here is the log from the commit of package pound for openSUSE:Factory checked in at 2018-01-31 19:54:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pound (Old) and /work/SRC/openSUSE:Factory/.pound.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pound" Wed Jan 31 19:54:41 2018 rev:25 rq:571411 version:2.8a Changes: -------- --- /work/SRC/openSUSE:Factory/pound/pound.changes 2016-08-10 19:55:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pound.new/pound.changes 2018-01-31 19:54:41.581660801 +0100 @@ -1,0 +2,19 @@ +Wed Jan 31 12:45:19 UTC 2018 - idonmez@suse.com + +- Depend on openssl 1.0 + +------------------------------------------------------------------- +Tue Jan 30 21:53:06 UTC 2018 - jengelh@inai.de + +- Do not ignore errors from useradd +- Fix grammar errors in description + +------------------------------------------------------------------- +Tue Jan 30 13:25:35 UTC 2018 - kbabioch@suse.com + +- Update to version 2.8a + * removed DynScale flag and support + * fixed potential request smuggling via fudged headers (CVE-2016-10711 + boo#1078298) + +------------------------------------------------------------------- Old: ---- Pound-2.7.tgz New: ---- Pound-2.8a.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pound.spec ++++++ --- /var/tmp/diff_new_pack.XemFtv/_old 2018-01-31 19:54:42.193632341 +0100 +++ /var/tmp/diff_new_pack.XemFtv/_new 2018-01-31 19:54:42.197632155 +0100 @@ -1,7 +1,7 @@ # # spec file for package pound # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %if 0%{?suse_version} > 1230 %bcond_without systemd %else @@ -22,12 +23,12 @@ %endif Name: pound -BuildRequires: openssl-devel -Summary: Reverse-Proxy and Load-Balancer +BuildRequires: libopenssl-1_0_0-devel +Summary: Reverse proxy and load balancer License: SUSE-GPL-3.0+-with-openssl-exception Group: Productivity/Networking/Web/Proxy Url: http://www.apsis.ch/pound/ -Version: 2.7 +Version: 2.8a Release: 0 Source0: http://www.apsis.ch/pound/Pound-%version.tgz Source1: pound.cfg @@ -46,8 +47,8 @@ %description The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load -among several Web-servers and to allow for a convenient SSL wrapper for -those Web servers that do not offer it natively. +among several web servers and to allow for a convenient SSL wrapper for +those web servers that do not offer it natively. %package doc Summary: Doumentation for pound @@ -55,9 +56,9 @@ %description doc The Pound program is a reverse proxy, load balancer and HTTPS front-end -for Web server(s). Pound was developed to enable distributing the load -among several Web-servers and to allow for a convenient SSL wrapper for -those Web servers that do not offer it natively. +for web server(s). Pound was developed to enable distributing the load +among several web servers and to allow for a convenient SSL wrapper for +those web servers that do not offer it natively. This package contains the documentation for pound. @@ -71,7 +72,7 @@ --with-ssl=/usr/include/openssl \ --with-owner=pound \ --with-group=pound -make %{?jobs:-j%jobs} +make %{?_smp_mflags} %install %makeinstall @@ -90,8 +91,9 @@ %pre # Add the "pound" user and group -%{_sbindir}/groupadd -r pound 2> /dev/null || : -%{_sbindir}/useradd -c "Pound" -g pound -r -d /var/lib/pound pound 2> /dev/null || : +getent group pound >/dev/null || %{_sbindir}/groupadd -r pound +getent passwd pound >/dev/null || \ + %{_sbindir}/useradd -c "Pound" -g pound -r -d /var/lib/pound pound %if %{with systemd} %service_add_pre %{name}.service %endif ++++++ Pound-2.7.tgz -> Pound-2.8a.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/CHANGELOG new/Pound-2.8a/CHANGELOG --- old/Pound-2.7/CHANGELOG 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/CHANGELOG 2016-10-23 16:59:47.000000000 +0200 @@ -1,4 +1,15 @@ ------------------------------------------------------------------------ +r82 | roseg | 2016-10-23 16:59:47 +0200 (Sun, 23 Oct 2016) | 8 lines + +Release 2.8a + +Enhancements: + - removed DynScale flag and support + +Bug fixes: + - fixed potential request smuggling via fudged headers + +------------------------------------------------------------------------ r81 | roseg | 2015-01-26 17:47:53 +0100 (Mon, 26 Jan 2015) | 30 lines Release 2.7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/config.c new/Pound-2.8a/config.c --- old/Pound-2.7/config.c 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/config.c 2016-10-23 16:59:47.000000000 +0200 @@ -77,7 +77,7 @@ static regex_t ListenHTTP, ListenHTTPS, End, Address, Port, Cert, xHTTP, Client, CheckURL; static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; -static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; +static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID; static regex_t ClientCert, AddHeader, DisableProto, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS; static regex_t Disabled, Threads, CNName, Anonymise, ECDHCurve; @@ -97,7 +97,6 @@ static int clnt_to = 10; static int be_to = 15; static int be_connto = 15; -static int dynscale = 0; static int ignore_case = 0; #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH @@ -563,7 +562,6 @@ conf_err("Service config: out of memory - aborted"); memset(res, 0, sizeof(SERVICE)); res->sess_type = SESS_NONE; - res->dynscale = dynscale; pthread_mutex_init(&res->mut, NULL); if(svc_name) strncpy(res->name, svc_name, KEY_SIZE); @@ -688,8 +686,6 @@ res->emergency = parse_be(1); } else if(!regexec(&Session, lin, 4, matches, 0)) { parse_sess(res); - } else if(!regexec(&DynScale, lin, 4, matches, 0)) { - res->dynscale = atoi(lin + matches[1].rm_so); } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { ign_case = atoi(lin + matches[1].rm_so); } else if(!regexec(&Disabled, lin, 4, matches, 0)) { @@ -1342,8 +1338,6 @@ clnt_to = atoi(lin + matches[1].rm_so); } else if(!regexec(&Alive, lin, 4, matches, 0)) { alive_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&DynScale, lin, 4, matches, 0)) { - dynscale = atoi(lin + matches[1].rm_so); } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { be_to = atoi(lin + matches[1].rm_so); } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { @@ -1481,7 +1475,6 @@ || regcomp(&Type, "^[ \t]*Type[ \t]+([^ \t]+)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&TTL, "^[ \t]*TTL[ \t]+([1-9-][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&ID, "^[ \t]*ID[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&DynScale, "^[ \t]*DynScale[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&ClientCert, "^[ \t]*ClientCert[ \t]+([0-3])[ \t]+([1-9])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&AddHeader, "^[ \t]*AddHeader[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) @@ -1651,7 +1644,6 @@ regfree(&Type); regfree(&TTL); regfree(&ID); - regfree(&DynScale); regfree(&ClientCert); regfree(&AddHeader); regfree(&SSLAllowClientRenegotiation); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/configure new/Pound-2.8a/configure --- old/Pound-2.7/configure 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/configure 2016-10-23 16:59:47.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pound 2.7. +# Generated by GNU Autoconf 2.69 for pound 2.8a. # # Report bugs to <roseg@apsis.ch>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='pound' PACKAGE_TARNAME='pound' -PACKAGE_VERSION='2.7' -PACKAGE_STRING='pound 2.7' +PACKAGE_VERSION='2.8a' +PACKAGE_STRING='pound 2.8a' PACKAGE_BUGREPORT='roseg@apsis.ch' PACKAGE_URL='' @@ -683,6 +683,7 @@ docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -764,6 +765,7 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1016,6 +1018,15 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1153,7 +1164,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1266,7 +1277,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pound 2.7 to adapt to many kinds of systems. +\`configure' configures pound 2.8a to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1306,6 +1317,7 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1332,7 +1344,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pound 2.7:";; + short | recursive ) echo "Configuration of pound 2.8a:";; esac cat <<\_ACEOF @@ -1439,7 +1451,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pound configure 2.7 +pound configure 2.8a generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1862,7 +1874,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pound $as_me 2.7, which was +It was created by pound $as_me 2.8a, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -6171,7 +6183,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pound $as_me 2.7, which was +This file was extended by pound $as_me 2.8a, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6233,7 +6245,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pound config.status 2.7 +pound config.status 2.8a configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/http.c new/Pound-2.8a/http.c --- old/Pound-2.7/http.c 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/http.c 2016-10-23 16:59:47.000000000 +0200 @@ -31,7 +31,8 @@ static char *h500 = "500 Internal Server Error", *h501 = "501 Not Implemented", *h503 = "503 Service Unavailable", - *h414 = "414 Request URI too long"; + *h414 = "414 Request URI too long", + *h400 = "Bad Request"; static char *err_response = "HTTP/1.0 %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\n%s"; @@ -83,7 +84,7 @@ safe_url, safe_url); snprintf(rep, sizeof(rep), "HTTP/1.0 %d %s\r\nLocation: %s\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n", - code, code_msg, safe_url, strlen(cont)); + code, code_msg, safe_url, (int)strlen(cont)); BIO_write(c, rep, strlen(rep)); BIO_write(c, cont, strlen(cont)); BIO_flush(c); @@ -126,11 +127,11 @@ get_line(BIO *const in, char *const buf, const int bufsize) { char tmp; - int i, n_read; + int i, n_read, seen_cr; memset(buf, 0, bufsize); - for(n_read = 0;;) - switch(BIO_gets(in, buf + n_read, bufsize - n_read - 1)) { + for(i = 0, seen_cr = 0; i < bufsize - 1; i++) + switch(BIO_read(in, &tmp, 1)) { case -2: /* BIO_gets not implemented */ return -1; @@ -138,24 +139,49 @@ case -1: return 1; default: - for(i = n_read; i < bufsize && buf[i]; i++) - if(buf[i] == '\n' || buf[i] == '\r') { - buf[i] = '\0'; + if(seen_cr) + if(tmp != '\n') { + /* we have CR not followed by NL */ + do { + if(BIO_read(in, &tmp, 1) < 0) + return 1; + } while(tmp != '\n'); + return 1; + } else { + buf[i - 1] = '\0'; return 0; } - if(i < bufsize) { - n_read = i; + + if(!iscntrl(tmp) || tmp == '\t') { + buf[i] = tmp; + continue; + } + + if(tmp == '\r') { + seen_cr = 1; continue; } - logmsg(LOG_NOTICE, "(%lx) line too long: %s", pthread_self(), buf); - /* skip rest of "line" */ - tmp = '\0'; - while(tmp != '\n') - if(BIO_read(in, &tmp, 1) != 1) + + if(tmp == '\n') { + /* line ends in NL only (no CR) */ + buf[i] = 0; + return 0; + } + + /* all other control characters cause an error */ + do { + if(BIO_read(in, &tmp, 1) < 0) return 1; - break; + } while(tmp != '\n'); + return 1; } - return 0; + + /* line too long */ + do { + if(BIO_read(in, &tmp, 1) < 0) + return 1; + } while(tmp != '\n'); + return 1; } /* @@ -393,22 +419,16 @@ /* HTTP/1.1 allows leading CRLF */ memset(buf, 0, MAXBUF); - while((res = BIO_gets(in, buf, MAXBUF - 1)) > 0) { - has_eol = strip_eol(buf); + while((res = get_line(in, buf, MAXBUF)) == 0) if(buf[0]) break; - } - if(res <= 0) { + if(res < 0) { /* this is expected to occur only on client reads */ /* logmsg(LOG_NOTICE, "headers: bad starting read"); */ return NULL; - } else if(!has_eol) { - /* check for request length limit */ - logmsg(LOG_WARNING, "(%lx) e414 headers: request URI too long", pthread_self()); - err_reply(cl, h414, lstn->err414); - return NULL; } + if((headers = (char **)calloc(MAXHEADERS, sizeof(char *))) == NULL) { logmsg(LOG_WARNING, "(%lx) e500 headers: out of memory", pthread_self()); err_reply(cl, h500, lstn->err500); @@ -426,8 +446,10 @@ for(n = 1; n < MAXHEADERS; n++) { if(get_line(in, buf, MAXBUF)) { free_headers(headers); + /* this is not necessarily an error, EOF/timeout are possible logmsg(LOG_WARNING, "(%lx) e500 can't read header", pthread_self()); err_reply(cl, h500, lstn->err500); + */ return NULL; } if(!buf[0]) @@ -713,23 +735,39 @@ conn_closed = 1; break; case HEADER_TRANSFER_ENCODING: - if(cont >= L0) - headers_ok[n] = 0; - else if(!strcasecmp("chunked", buf)) - if(chunked) - headers_ok[n] = 0; - else - chunked = 1; + if(!strcasecmp("chunked", buf)) + chunked = 1; + else { + addr2str(caddr, MAXBUF - 1, &from_host, 1); + logmsg(LOG_NOTICE, "(%lx) e400 multiple Transfer-encoding \"%s\" from %s", pthread_self(), url, caddr); + err_reply(cl, h400, "Bad request: multiple Transfer-encoding values"); + free_headers(headers); + clean_all(); + return; + } break; case HEADER_CONTENT_LENGTH: - if(chunked || cont >= 0L) - headers_ok[n] = 0; - else { - if((cont = ATOL(buf)) < 0L) - headers_ok[n] = 0; - if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L)) - is_rpc = -1; + if(cont != L_1 || strchr(buf, ',')) { + addr2str(caddr, MAXBUF - 1, &from_host, 1); + logmsg(LOG_NOTICE, "(%lx) e400 multiple Content-length \"%s\" from %s", pthread_self(), url, caddr); + err_reply(cl, h400, "Bad request: multiple Content-length values"); + free_headers(headers); + clean_all(); + return; } + for(mh = buf; *mh; mh++) + if(!isdigit(*mh)) { + addr2str(caddr, MAXBUF - 1, &from_host, 1); + logmsg(LOG_NOTICE, "(%lx) e400 Content-length bad value \"%s\" from %s", pthread_self(), url, caddr); + err_reply(cl, h400, "Bad request: Content-length bad value"); + free_headers(headers); + clean_all(); + return; + } + if((cont = ATOL(buf)) < 0L) + headers_ok[n] = 0; + if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L)) + is_rpc = -1; break; case HEADER_EXPECT: /* @@ -787,6 +825,16 @@ } } + /* check for possible request smuggling attempt */ + if(chunked != 0 && cont != L_1) { + addr2str(caddr, MAXBUF - 1, &from_host, 1); + logmsg(LOG_NOTICE, "(%lx) e501 Transfer-encoding and Content-length \"%s\" from %s", pthread_self(), url, caddr); + err_reply(cl, h400, "Bad request: Transfer-encoding and Content-length headers present"); + free_headers(headers); + clean_all(); + return; + } + /* possibly limited request size */ if(lstn->max_req > L0 && cont > L0 && cont > lstn->max_req && is_rpc != 1) { addr2str(caddr, MAXBUF - 1, &from_host, 1); @@ -1553,7 +1601,6 @@ } } end_req = cur_time(); - upd_be(svc, cur_backend, end_req - start_req); /* log what happened */ memset(s_res_bytes, 0, LOG_BYTES_SIZE); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/pound.8 new/Pound-2.8a/pound.8 --- old/Pound-2.7/pound.8 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/pound.8 2016-10-23 16:59:47.000000000 +0200 @@ -257,13 +257,6 @@ Ignore case when matching URLs (default: 0). This value can be overridden for specific services. .TP -\fBDynScale\fR 0|1 -Enable or disable the dynamic rescaling code (default: 0). If enabled -.B Pound -will periodically try to modify the back-end priorities in order to -equalise the response times from the various back-ends. -This value can be overridden for specific services. -.TP \fBAlive\fR value Specify how often .B Pound @@ -610,10 +603,6 @@ .B before the service matching is attempted. .TP -\fBDynScale\fR 0|1 -Enable or disable dynamic rescaling for the current service. This value will -override the value globally defined. -.TP \fBDisabled\fR 0|1 Start .B Pound diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/pound.h new/Pound-2.8a/pound.h --- old/Pound-2.7/pound.h 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/pound.h 2016-10-23 16:59:47.000000000 +0200 @@ -368,7 +368,6 @@ #else LHASH *sessions; /* currently active sessions */ #endif - int dynscale; /* true if the back-ends should be dynamically rescaled */ int disabled; /* true if the service is disabled */ struct _service *next; } SERVICE; @@ -556,21 +555,6 @@ extern void kill_be(SERVICE *const, const BACKEND *, const int); /* - * Rescale back-end priorities if needed - * runs every 5 minutes - */ -#ifndef RESCALE_TO -#define RESCALE_TO 300 -#endif - -/* - * Dynamic rescaling constants - */ -#define RESCALE_MAX 32000 -#define RESCALE_MIN 8000 -#define RESCALE_BOT 4000 - -/* * Update the number of requests and time to answer for a given back-end */ extern void upd_be(SERVICE *const svc, BACKEND *const be, const double); @@ -630,7 +614,6 @@ /* * run timed functions: * - RSAgen every T_RSA_KEYS seconds - * - rescale every RESCALE_TO seconds * - resurrect every alive_to seconds * - expire every EXPIRE_TO seconds */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Pound-2.7/svc.c new/Pound-2.8a/svc.c --- old/Pound-2.7/svc.c 2015-01-26 17:47:53.000000000 +0100 +++ new/Pound-2.8a/svc.c 2016-10-23 16:59:47.000000000 +0200 @@ -727,30 +727,6 @@ } /* - * Update the number of requests and time to answer for a given back-end - */ -void -upd_be(SERVICE *const svc, BACKEND *const be, const double elapsed) -{ - int ret_val; - - if(svc->dynscale) { - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "upd_be() lock: %s", strerror(ret_val)); - be->t_requests += elapsed; - if(++be->n_requests > RESCALE_MAX) { - /* scale it down */ - be->n_requests /= 2; - be->t_requests /= 2; - } - be->t_average = be->t_requests / be->n_requests; - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "upd_be() unlock: %s", strerror(ret_val)); - } - return; -} - -/* * Search for a host name, return the addrinfo for it */ int @@ -1265,140 +1241,6 @@ return; } -/* - * Rescale back-end priorities if needed - * runs every 5 minutes - */ -static void -do_rescale(void) -{ - LISTENER *lstn; - SERVICE *svc; - BACKEND *be; - int n, ret_val; - double average, sq_average; - - /* scale the back-end priorities */ - for(lstn = listeners; lstn; lstn = lstn->next) - for(svc = lstn->services; svc; svc = svc->next) { - if(!svc->dynscale) - continue; - average = sq_average = 0.0; - n = 0; - for(be = svc->backends; be; be = be->next) { - if(be->be_type || !be->alive || be->disabled) - continue; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - average += be->t_average; - sq_average += be->t_average * be->t_average; - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - n++; - } - if(n <= 1) - continue; - sq_average /= n; - average /= n; - sq_average = sqrt(sq_average - average * average); /* this is now the standard deviation */ - sq_average *= 3; /* we only want things outside of 3 standard deviations */ - if(ret_val = pthread_mutex_lock(&svc->mut)) { - logmsg(LOG_WARNING, "thr_rescale() lock: %s", strerror(ret_val)); - continue; - } - for(be = svc->backends; be; be = be->next) { - if(be->be_type || !be->alive || be->disabled || be->n_requests < RESCALE_MIN) - continue; - if(be->t_average < (average - sq_average)) { - be->priority++; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - while(be->n_requests > RESCALE_BOT) { - be->n_requests /= 2; - be->t_requests /= 2; - } - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - svc->tot_pri++; - } - if(be->t_average > (average + sq_average) && be->priority > 1) { - be->priority--; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - while(be->n_requests > RESCALE_BOT) { - be->n_requests /= 2; - be->t_requests /= 2; - } - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - svc->tot_pri--; - } - } - if(ret_val = pthread_mutex_unlock(&svc->mut)) - logmsg(LOG_WARNING, "thr_rescale() unlock: %s", strerror(ret_val)); - } - - for(svc = services; svc; svc = svc->next) { - if(!svc->dynscale) - continue; - average = sq_average = 0.0; - n = 0; - for(be = svc->backends; be; be = be->next) { - if(be->be_type || !be->alive || be->disabled) - continue; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - average += be->t_average; - sq_average += be->t_average * be->t_average; - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - n++; - } - if(n <= 1) - continue; - sq_average /= n; - average /= n; - sq_average = sqrt(sq_average - average * average); /* this is now the standard deviation */ - sq_average *= 3; /* we only want things outside of 3 standard deviations */ - if(ret_val = pthread_mutex_lock(&svc->mut)) { - logmsg(LOG_WARNING, "thr_rescale() lock: %s", strerror(ret_val)); - continue; - } - for(be = svc->backends; be; be = be->next) { - if(be->be_type || !be->alive || be->disabled || be->n_requests < RESCALE_MIN) - continue; - if(be->t_average < (average - sq_average)) { - be->priority++; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - while(be->n_requests > RESCALE_BOT) { - be->n_requests /= 2; - be->t_requests /= 2; - } - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - svc->tot_pri++; - } - if(be->t_average > (average + sq_average) && be->priority > 1) { - be->priority--; - if(ret_val = pthread_mutex_lock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() lock: %s", strerror(ret_val)); - while(be->n_requests > RESCALE_BOT) { - be->n_requests /= 2; - be->t_requests /= 2; - } - if(ret_val = pthread_mutex_unlock(&be->mut)) - logmsg(LOG_WARNING, "do_rescale() unlock: %s", strerror(ret_val)); - svc->tot_pri--; - } - } - if(ret_val = pthread_mutex_unlock(&svc->mut)) - logmsg(LOG_WARNING, "thr_rescale() unlock: %s", strerror(ret_val)); - } - - return; -} - static pthread_mutex_t RSA_mut; /* mutex for RSA keygen */ static RSA *RSA512_keys[N_RSA_KEYS]; /* ephemeral RSA keys */ static RSA *RSA1024_keys[N_RSA_KEYS]; /* ephemeral RSA keys */ @@ -1470,7 +1312,7 @@ } #endif -static time_t last_RSA, last_rescale, last_alive, last_expire; +static time_t last_RSA, last_alive, last_expire; /* * initialise the timer functions: @@ -1481,7 +1323,7 @@ { int n; - last_RSA = last_rescale = last_alive = last_expire = time(NULL); + last_RSA = last_alive = last_expire = time(NULL); /* * Pre-generate ephemeral RSA keys @@ -1512,7 +1354,6 @@ /* * run timed functions: * - RSAgen every T_RSA_KEYS seconds - * - rescale every RESCALE_TO seconds * - resurect every alive_to seconds * - expire every EXPIRE_TO seconds */ @@ -1525,8 +1366,6 @@ n_wait = EXPIRE_TO; if(n_wait > alive_to) n_wait = alive_to; - if(n_wait > RESCALE_TO) - n_wait = RESCALE_TO; if(n_wait > T_RSA_KEYS) n_wait = T_RSA_KEYS; for(last_time = time(NULL) - n_wait;;) { @@ -1538,10 +1377,6 @@ last_RSA = time(NULL); do_RSAgen(); } - if((last_time - last_rescale) >= RESCALE_TO) { - last_rescale = time(NULL); - do_rescale(); - } if((last_time - last_alive) >= alive_to) { last_alive = time(NULL); do_resurect();