Stage for upstream/v2.9a #18
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Based on a patch from the pound mailing list originally by Bussi Andrea <[email protected]> ----- If an IPv4 connection is made to an IPv6 socket then the local and remote network addresses will be represented as IPv4-mapped addresses. We try to print the IPv4 addresses in the usual format. From inet_ntop man page: BUGS AF_INET6 converts IPv4-mapped IPv6 addresses into an IPv6 format. So this patch can be considered as a workaround for an inet_ntop bug.
This patch introduces three new options, e.g.: ControlUser "pound" ControlGroup "pound" ControlMode 0600 The directives are read as part of the config, and when pound starts and creates the Control Socket, it will chown and chmod accordingly.
…s like 2048bit DHE
Original patch from http://hg.openpanel.com/pound-sslpatched/raw-rev/90a2b1ae6bf4 by Peter van Dijk <[email protected]> This patch adds two directives: ErrNoSSL "my_friendly_error.html" NoSSlRedirect "https://www.website.com" Primarily this patch is concerned with what happens when a user tries to connect to an SSL port with a non-SSL connection. For instance, http://www.website.com:443/ This cannot currently be controlled in pound, since the port is SSL, there's no way to redirect, and in fact the openssl library will fail negotiation so there's no opportunity for a friendly error unless we trap that case directly. Using the NoSslredirect directive you can redirect to a https url. Otherwise, ErrNoSSL will show in the browser window, alerting the user to the problem.
Implement a config option for pool (2.6 behavior) vs dynamic (2.5 behavior) Revise threadpool implementation to eliminate spurious wake-up issues and get_thr_arg NULL warnings. Thanks to Jacob Anderson <[email protected]> for pthread suggestions
…f.d) Increases the Include LIFO stack to 100 instead of 8 Includes all .cfg and .conf files within a given directory.
ForceHTTP10 will force the downgrading of HTTP/1.1 connections to 1.0 connections based on the UserAgent string. Similar to BrowserMatch and SetEnvIf from Apache. However, this allows forcing non-ssl connections, as well as SSL connections (noHTTPS11) and do it based on the browser regexes, so we can be more specific than .*MSIE.* SSLUncleanShutdown matches against the user agent, and if it matches, does the mod_ssl unclean shutdown behavior. Compliant behavior is now the default.
Each Backend has a BackendKey which uniquely identifies the backend. When BackendCookies are enabled, pound will inject a cookie into the response that will tag the browser to the specified backend. In this way session affinity is handled in pound, without any need for session support on the backend servers, and sessions will persist across pound restarts because they're stored on the browser side.
Redirects can now be specified as Redirect, RedirectAppend or RedirectDynamic.
Fixed a small error in the usage text which is initially confusing, as it suggests you can enable/disable service 'm' in service 'n'. However, the services are in listeners. Therefore, I have modified this text appropriately.
- Enable MKCALENDAR support as per #742488
(was introduced with dynscale in v2.2 ?)
(was introduced with dynscale in v2.2 ?)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have continued and rebased your patch-queue against your v2.8a import, as well as the v2.8 (final) import as I recently had need for that.
https://github.com/nyov/pound/tree/stage_for_upstream/v2.8b
https://github.com/nyov/pound/tree/stage_for_upstream/v2.9a
I'll open only the one PR though, and mostly FYI - not necessarily to trust and merge it.
Feel free to close.
I don't think there are any conflicts with the upstream changes in 2.8a's
http.c, but I don't guarantee it. Code built ok and runs though ;)Except for resolving the conflicts, here are the slight changes I did to the queue:
Retag release as 2.8+github; updated the configure lines obviouslyMake HTTP/HTTPS mismatch errors more friendly: upstream added*h400 = "Bad Request";but missed the error code*h400 = "400 Bad Request";your patch has.OrURLs block, with valid URLs: changedstatic char * parse_orurls()tostatic char * parse_orurls(void)to kill a 'function declaration is not a prototype' warning.libresolv,libmandlibdlwhich were apparently introduced with the -now removed- DynScale code. (Could be squashed)I'm not a 100% on libdl, though. Perhaps there is some code somewhere in private branches that makes use of
dlopenand it's been around longer than the others.I've tagged the v2.8 import in my repo; but perhaps you'll want to import (and gpg verify) it yourself instead. I did not update
pristine-tar, because I forgot the tool and workflow to do that.