pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/pen

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Thu Jan 10 14:58:56 UTC 2019

Modified Files:
        pkgsrc/net/pen: Makefile distinfo
Removed Files:
        pkgsrc/net/pen/patches: patch-pen.c

Log Message:
Update to 0.34.1. From the changelog:

- Corrected typo in pen.c per suggestion by Belinda Liu.
  This fixes issue #38.
- Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
  This fixes issue #28.
- Allow setting local address for upstream connections. This fixes issue #31.
- New penctl command "source" to set this option.
- Fixed issue #30: UDP not working in combination with a configuration file.
- In epoll.c: check for EPOLLHUP.
- In dsr.c: always use our real mac address, to avoid confusing switches.
- Cleaned up code residue surrounded by "#if 0".
- Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while.
- Bug in pending_and_closing: don't modify the list we're looping over.
- Updated pen manpage.
- Deprecated -Q option (it didn't do anything since kqueue was already the
  default where it was available).
- Fixed error handling in epoll support.
- Added transparent UDP test case to
- Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
  SSL decryption.
- Added tarpit test case to
- Tarpit functionality to be used with the DSR mode.
- pen.1: removed obsolete -S option, updated defaults for -x and -L.
- In failover_server: sanity checks to failover routine.
- In add_client: add the initial server to .client as well as .initial.
- In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server
  to EMERG_SERVER, to handle their default NO_SERVER values.
  See issue #19 on Github.
- At the suggestion from Marcos Vinicius Rogowski, the hash algorith
  will now include the client port number if the -r (roundrobin)
  option is used. See
- Fixed IP-based client tracking.
- Removed unnecessary #include <pen.h> in dlist.c
- Added UDP mode for Direct Server Return.
- Updated for compatibility with CentOS 6.
- Added #ifdef around SSLv3 initialization code in ssl, as
  suggested by
- Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.
- Allow the client table size to be updated on the fly. Default size still 2048.
- Allow the connection table size to be updated in the fly. Default still 500.
- See penctl.1, options clients_max and conn_max.
- Introduced the macro NO_SERVER to be used instead of -1 to signify
  error conditions and such.
- Removed the fixed server table size along with the -S option.
- Fixed cosmetic bug in startup code which required port to be specified
  on backend servers even if it was the same as the listening port.
- Numerous updates to support the madness that is Windows.
- Fix from Vincent Bernat: segfault when not using SSL.
- DSR support using Netmap on FreeBSD.
- Unbroke DSR on Linux.
- Replaced all calls to perror with debug(..., strerror(errno);
- Updated penlog and penlogd to use diag.[ch].
- More refactoring: broke out conn.[ch], client.[ch], server.[ch],
- Made a hash index such that the load balancer may balance load.
- Broke out Windows code from pen.c into windows.c. Added windows.h.
- Broke out public definitions for dsr into dsr.h.
- Broke out memory management into memory.[ch].
- Broke out dignostic and logging functions into diag.[ch].
- Broke out settings into settings.[ch].
- Broke out access lists into acl.[ch].
- Broke out event initialization into event.[ch].
- Added pen_epoll.h, pen_kqueue.h, pen_poll.h, pen_select.h.
- Broke out pen_aton et al into netconv.[ch].
- Added dsr.c
- Bug in copy_down affecting SSL connections fixed.
- Updated ocsp stapling to be compatible with server name indication.
- Added script.
- SSL code broken out into ssl.[ch]. SSL context creation broken
  out from ssl_init to ssl_create_context.
- Server Name Indication support. New command to enable:
  ssl_sni_path PATH
  where PATH is the name of a directory containing domain.key,
  domain.crt and files for each domain.
- OCSP stapling. New command ssl_ocsp_response filename
  specifies the location of the ocsp response to be stapled.
  The response must be pre-fetched. The idea was borrowed
  from Rob Stradling.
- New command ssl_client_renegotiation_interval specifies the
  minimum number of seconds the client must wait between
  renegotiation requests. Default 3600.
- Enabled SSL session resumption.
- In do_cmd: don't print "ignoring command" for comments starting
  with '#'.
- Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
  SSL 1.1 and 1.2 respectively.
- Added autoconf check that the ECDHE is available and not disabled.
- Bumped default max connections and listen queue to 500.
- Support for ECDHE cipher suites.
- New commands ssl_option and ssl_ciphers to individually disable
  insecure protocols and ciphers.
- Updated penctl.1 with the new command.
- New knob to tweak max number of pending nonblocking connection
  attempts: pending_max N (default 100).
- Moved dlist prototypes to dlist.h.
- Added check to close idle connections after a period of inactivity.
- Penctl: idle_timeout N (default 0 = never close idle connections).
- Moved git repository to GitHub..
- New feature: dummy server. Rather than acting as a proxy,
  Pen will pretend to be a web server with just barely enough
  functionality to work as a test target.
- Penctl: dummy|no dummy.
- Yet Another command: abort_on_error|no abort_on_error makes
  Pen call abort() (or not) when encountering a fatal error.
- New feature: "reliable idling". Pen will make and maintain a
  number of idle connections to the backend servers. When a connection
  closes, a new one is made (hence "reliable"). Penctl: idlers [N].
- In do_cmd: return diagnostics to penctl so the user can see them,
  instead of uselessly sending them to syslog.
- New penctl commands:
    - socket N (print which connection the socket belongs to)
    - connection N (print info on the specified connection)
    - close N (forcibly close connection N)
- In open_listener: check that the requested port is in range.
- Fixed bug in dlist_insert.
- Even load distribution when a server is unavailable.
- Let pen save the settings for tcp_nodelay and tcp_fastclose.
- Make flush_up and flush_down return the correct value on error.
- Added with reasonable settings for Windows.
- Better detection and blacklisting of unavailable servers.
- New penctl commands:
    - tcp_nodelay sets TCP_NODELAY on sockets. Turn off with no tcp_nodelay.
    - tcp_fastclose closes both upstream and downstream sockets if one of them
    - closes theirs. Will take the values up, down, both or off (default).
- Rather than making a table of pending connections every time through
  the main loop, keep them in a doubly linked list which is only updated
  as needed. O(n) -> O(1).
- A bug in udp mode: after successful "connect", do not event_add downfd,
  because it is equal to listenfd and epoll_ctl doesn't like that.
- Module kqueue.c updated.
- Module poll.c: set unused fd:s to -1, or Solaris will say ENOSYS.
- Enable diagnostic messages by default in
- Changed event bookkeeping from stateless to stateful.
- Made keepalive optional and added "keepalive / no keepalive" penctl command.
- Added windows.c and pen.h to the release tarball.
- More sensible autoconfiguration defaults: poll, kqueue, epoll, openssl and geoip
  are built if found unless explicitly excluded.
- New event management defaults: kqueue, epoll, poll, select in that order.
- New penctl commands: kqueue, epoll, poll, select.
- New command line option: -O cmd where cmd is any penctl command.
  E.g. -O select to use select instead of the compiled-in default.
- New penctl option "listen [address:]port" to allow listening address
  to be changed on the fly or via a configuration file.
- New pen options -i and -u to install and uninstall Pen as a Windows service.
- See pen manpage.
- Reduced default timeout to 3 seconds.
- New autoconf option --enable-debugging to enable debugging code.
- Lots of fixes for compatibility with Windows.
- Fixed bug in mainloop which kept trying to write 0 bytes.
- MinGW port. Use to compile.
- Event management code broken out into select.c, poll.c, kqueue.c and epoll.c.
- New command-line option -m to accept multiple incoming connections in a batch.
- New command-line option -q to set incoming pending connection queue length.
- Close upfd when failing over.
- Adjusted debug logging levels.
- Started on epoll support for Linux.
- Rewrote output_net and output_file to take a variable number of arguments.
- Handle timed out connection attempts in mainloop_kqueue.
- Fixed mainloop_kqueue.
- A lot of code broken out from mainloop_select into separate functions.
- Fixed mainloop_poll.
- Bugfixes related to the new backend connection logic.
- Cleaned up and simplified add_client() and associated circuitry.
- Connections to back end servers are now nonblocking and parallel.
- Removed the -n option and all code explicitly using blocking sockets.
- Removed the -D option and the "delayed forward" feature.
- Renamed server and client fields in the conn, client and server structures
  to better reflect what they are.
- Restructured the add_client, store_client, store_conn and try_server
- Allow write_cfg to save IPv6 and GeoIP access lists.
- Fixed a bug in write_cfg, where Pen would try to write to an unwritable
  file. Reported by Steven Myint
- Return UDP replies from the server to the client.
- UDP load balancing code restructured and bugfixed.
- In mainloop_select: When there is a pending connection, keep accepting
  up to multi_accept times *or* until EAGAIN *or* connection table is full.
  This improves performance under load.
- Updated GeoIP support for IPv6.
- Servers can have ipv6 addresses. It is possible to use a mix of ipv4
  and ipv6 servers:
  ./pen -df -S 2 -r :::2222 [::1]:22 []:22
- In order to allow server addresses with : in them (i.e. ipv6), it is now
  possible to use square brackets around the address part of the server
  specification: [address]:port (e.g. [::1]:8080).
- Pen can now listen on ipv6 sockets in addition to ipv4 and unix ones.
  I.e. things like "pen ::1:2222" are now possible.
- snprintf format errors reported by Christopher Meng fixed in
  pen.c and penctl.c.
- Updated pen manpage to clarify what the control socket does.
- Resist opening control socket running as root.
- Remove the default file name for web log.
- New feature: unix domain listening sockets.
- Redesigned server and client structs to allow ipv6 addresses and require
  less casting (yuck) in the code.
- Updated penctl man page with syntax for IPv6 and GeoIP access lists.
- Fixed cosmetic signedness compiler warnings.
- Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause.
  Otherwise pen won't compile without ssl.
- GeoIP access lists.
- Added "special exception" clause for linking with OpenSSL.
- Penlog ipv6 compatible.
- Modernized automake configuration.
- Penctl ipv6 compatible.
- Updated autoconf to 2.69.
- Updated SSL code. Protocol ssl2 removed. Default changed to tls1.
- Added UDP patch from Zen.
- Added patch from Debian that fixes some issues with penctl.cgi.
- Priority based server selection algorithm.
- Patch from Stephen P. Schaefer fixes several issues in write_cfg.
- In the server_by_weight function, multiply current connections
  by WEIGHT_FACTOR to make the selection mo fine grained when the
  number of connections is small.
- Patch from Dana Contreras: send stdio to /dev/null after forking.
- Fixed a bunch of cosmetic signedness compiler warnings.

To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/pen/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/pen/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/net/pen/patches/patch-pen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/pen/Makefile
diff -u pkgsrc/net/pen/Makefile:1.20 pkgsrc/net/pen/Makefile:1.21
--- pkgsrc/net/pen/Makefile:1.20        Tue Mar 29 22:01:13 2016
+++ pkgsrc/net/pen/Makefile     Thu Jan 10 14:58:56 2019
@@ -1,13 +1,13 @@
-# $NetBSD: Makefile,v 1.20 2016/03/29 22:01:13 joerg Exp $
+# $NetBSD: Makefile,v 1.21 2019/01/10 14:58:56 schmonz Exp $
-DISTNAME=      pen-0.17.2
+DISTNAME=      pen-0.34.1
 COMMENT=       Load balancer for "simple" tcp based protocols
+LICENSE=       gnu-gpl-v2

Index: pkgsrc/net/pen/distinfo
diff -u pkgsrc/net/pen/distinfo:1.12 pkgsrc/net/pen/distinfo:1.13
--- pkgsrc/net/pen/distinfo:1.12        Tue Mar 29 22:01:13 2016
+++ pkgsrc/net/pen/distinfo     Thu Jan 10 14:58:56 2019
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.12 2016/03/29 22:01:13 joerg Exp $
+$NetBSD: distinfo,v 1.13 2019/01/10 14:58:56 schmonz Exp $
-SHA1 (pen-0.17.2.tar.gz) = 7277259c552b659ece6fef1d4bc55ca9fd927488
-RMD160 (pen-0.17.2.tar.gz) = 3e7152cad72f3893c171db8e1c85cae37418aeb6
-SHA512 (pen-0.17.2.tar.gz) = c84057ab6226f84cc3f024cf25bfb941be297fff42b2d027ad738ea8e7aaa88fec18668152c8dc283b19c93cd8ef8766430ef865d75a701dc1117148751e200a
-Size (pen-0.17.2.tar.gz) = 129285 bytes
-SHA1 (patch-pen.c) = 6c5315d429d26577ebdb9689ff71d9b4512f63ea
+SHA1 (pen-0.34.1.tar.gz) = 7a1d8a86ab711e217e19bd8ef5c5fea07f3284e5
+RMD160 (pen-0.34.1.tar.gz) = 79ef42beebc32a9fcf25f3b59d52509650bfea42
+SHA512 (pen-0.34.1.tar.gz) = 5237e67ef2a8751cab0bbaf75bbd081f0c645830b20d94e5fab365def0692307f2e0c55158697fc79a197c624bd34bda590cf5ded229beea44da597d3344b263
+Size (pen-0.34.1.tar.gz) = 184622 bytes

Home | Main Index | Thread Index | Old Index