Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stage for upstream/v2.9a #18

Open
wants to merge 21 commits into
base: upstream/branch/v2.8
Choose a base branch
from

Conversation

nyov
Copy link

@nyov nyov commented Jul 4, 2018

I have continued and rebased your patch-queue against your v2.8a import, as well as the v2.8 (final) import as I recently had need for that.
https://github.com/nyov/pound/tree/stage_for_upstream/v2.8b
https://github.com/nyov/pound/tree/stage_for_upstream/v2.9a

I'll open only the one PR though, and mostly FYI - not necessarily to trust and merge it.
Feel free to close.

I don't think there are any conflicts with the upstream changes in 2.8a's http.c, but I don't guarantee it. Code built ok and runs though ;)

Except for resolving the conflicts, here are the slight changes I did to the queue:

  • Retag release as 2.8+github; updated the configure lines obviously
  • Make HTTP/HTTPS mismatch errors more friendly: upstream added *h400 = "Bad Request"; but missed the error code *h400 = "400 Bad Request"; your patch has.
  • OrURLs block, with valid URLs: changed static char * parse_orurls() to static char * parse_orurls(void) to kill a 'function declaration is not a prototype' warning.
  • On the "stage_for_upstream/v2.9a" branch, I added 3 commits to remove unneeded dependencies to libresolv, libm and libdl which were apparently introduced with the -now removed- DynScale code. (Could be squashed)
    I'm not a 100% on libdl, though. Perhaps there is some code somewhere in private branches that makes use of dlopen and it's been around longer than the others.

I've tagged the v2.8 import in my repo; but perhaps you'll want to import (and gpg verify) it yourself instead. I did not update pristine-tar, because I forgot the tool and workflow to do that.

nyov and others added 21 commits July 2, 2018 21:38
Based on a patch from the pound mailing list
originally by Bussi Andrea <[email protected]>

-----
If an IPv4 connection is made to an IPv6 socket then the local and
remote network addresses will be represented as IPv4-mapped addresses.
We try to print the IPv4 addresses in the usual format.

From inet_ntop man page:

BUGS
       AF_INET6 converts IPv4-mapped IPv6 addresses into an IPv6 format.

So this patch can be considered as a workaround for an inet_ntop bug.
This patch introduces three new options, e.g.:

ControlUser "pound"
ControlGroup "pound"
ControlMode 0600

The directives are read as part of the config, and when pound starts and creates the Control Socket, it will chown and chmod accordingly.
Original patch from http://hg.openpanel.com/pound-sslpatched/raw-rev/90a2b1ae6bf4 by Peter van Dijk <[email protected]>

This patch adds two directives:
ErrNoSSL "my_friendly_error.html"
NoSSlRedirect "https://www.website.com"

Primarily this patch is concerned with what happens when a user tries to connect to an SSL port with a non-SSL connection.  For instance, http://www.website.com:443/

This cannot currently be controlled in pound, since the port is SSL, there's no way to redirect, and in fact the openssl library will fail negotiation so there's no opportunity for a friendly error unless we trap that case directly.

Using the NoSslredirect directive you can redirect to a https url.  Otherwise, ErrNoSSL will show in the browser window, alerting the user to the problem.
Implement a config option for pool (2.6 behavior) vs dynamic (2.5 behavior)
Revise threadpool implementation to eliminate spurious wake-up issues and get_thr_arg NULL warnings.

Thanks to Jacob Anderson <[email protected]> for pthread suggestions
…f.d)

Increases the Include LIFO stack to 100 instead of 8
Includes all .cfg and .conf files within a given directory.
ForceHTTP10 will force the downgrading of HTTP/1.1 connections to 1.0 connections
based on the UserAgent string.  Similar to BrowserMatch and SetEnvIf from Apache.
However, this allows forcing non-ssl connections, as well as SSL connections (noHTTPS11)
and do it based on the browser regexes, so we can be more specific than .*MSIE.*

SSLUncleanShutdown matches against the user agent, and if it matches, does the
mod_ssl unclean shutdown behavior.  Compliant behavior is now the default.
Each Backend has a BackendKey which uniquely identifies the backend.
When BackendCookies are enabled, pound will inject a cookie into the response that will tag the browser to the specified backend.

In this way session affinity is handled in pound, without any need for session support on the backend servers, and sessions will persist across pound restarts because they're stored on the browser side.
Redirects can now be specified as Redirect, RedirectAppend or RedirectDynamic.
Fixed a small error in the usage text which is initially confusing, as
it suggests you can enable/disable service 'm' in service 'n'. However,
the services are in listeners.

Therefore, I have modified this text appropriately.
    - Enable MKCALENDAR support as per #742488
(was introduced with dynscale in v2.2 ?)
(was introduced with dynscale in v2.2 ?)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants