| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
|
|
|
|
|
- Corrected typo in pen.c per suggestion by Belinda Liu.
This fixes issue #38.
- Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
This fixes issue #28.
- Allow setting local address for upstream connections. This fixes issue #31.
- New penctl command "source" to set this option.
- Fixed issue #30: UDP not working in combination with a configuration file.
- In epoll.c: check for EPOLLHUP.
- In dsr.c: always use our real mac address, to avoid confusing switches.
- Cleaned up code residue surrounded by "#if 0".
- Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while.
- Bug in pending_and_closing: don't modify the list we're looping over.
- Updated pen manpage.
- Deprecated -Q option (it didn't do anything since kqueue was already the
default where it was available).
- Fixed error handling in epoll support.
- Added transparent UDP test case to testsuite.sh.
- Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
SSL decryption.
- Added tarpit test case to testsuite.sh.
- Tarpit functionality to be used with the DSR mode.
- pen.1: removed obsolete -S option, updated defaults for -x and -L.
- In failover_server: sanity checks to failover routine.
- In add_client: add the initial server to .client as well as .initial.
- In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server
to EMERG_SERVER, to handle their default NO_SERVER values.
See issue #19 on Github.
- At the suggestion from Marcos Vinicius Rogowski, the hash algorith
will now include the client port number if the -r (roundrobin)
option is used. See https://github.com/UlricE/pen/pull/18
- Fixed IP-based client tracking.
- Removed unnecessary #include <pen.h> in dlist.c
- Added UDP mode for Direct Server Return.
- Updated configure.ac for compatibility with CentOS 6.
- Added #ifdef around SSLv3 initialization code in ssl, as
suggested by jca@openbsd.org.
- Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.
- Allow the client table size to be updated on the fly. Default size still 2048.
- Allow the connection table size to be updated in the fly. Default still 500.
- See penctl.1, options clients_max and conn_max.
- Introduced the macro NO_SERVER to be used instead of -1 to signify
error conditions and such.
- Removed the fixed server table size along with the -S option.
- Fixed cosmetic bug in startup code which required port to be specified
on backend servers even if it was the same as the listening port.
- Numerous updates to support the madness that is Windows.
- Fix from Vincent Bernat: segfault when not using SSL.
- DSR support using Netmap on FreeBSD.
- Unbroke DSR on Linux.
- Replaced all calls to perror with debug(..., strerror(errno);
- Updated penlog and penlogd to use diag.[ch].
- More refactoring: broke out conn.[ch], client.[ch], server.[ch],
idler.[ch].
- Made a hash index such that the load balancer may balance load.
- Broke out Windows code from pen.c into windows.c. Added windows.h.
- Broke out public definitions for dsr into dsr.h.
- Broke out memory management into memory.[ch].
- Broke out dignostic and logging functions into diag.[ch].
- Broke out settings into settings.[ch].
- Broke out access lists into acl.[ch].
- Broke out event initialization into event.[ch].
- Added pen_epoll.h, pen_kqueue.h, pen_poll.h, pen_select.h.
- Broke out pen_aton et al into netconv.[ch].
- Added dsr.c
- Bug in copy_down affecting SSL connections fixed.
- Updated ocsp stapling to be compatible with server name indication.
- Added pen-ocsp.sh script.
- SSL code broken out into ssl.[ch]. SSL context creation broken
out from ssl_init to ssl_create_context.
- Server Name Indication support. New command to enable:
ssl_sni_path PATH
where PATH is the name of a directory containing domain.key,
domain.crt and domain.ca files for each domain.
- OCSP stapling. New command ssl_ocsp_response filename
specifies the location of the ocsp response to be stapled.
The response must be pre-fetched. The idea was borrowed
from Rob Stradling.
- New command ssl_client_renegotiation_interval specifies the
minimum number of seconds the client must wait between
renegotiation requests. Default 3600.
- Enabled SSL session resumption.
- In do_cmd: don't print "ignoring command" for comments starting
with '#'.
- Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
SSL 1.1 and 1.2 respectively.
- Added autoconf check that the ECDHE is available and not disabled.
- Bumped default max connections and listen queue to 500.
- Support for ECDHE cipher suites.
- New commands ssl_option and ssl_ciphers to individually disable
insecure protocols and ciphers.
- Updated penctl.1 with the new command.
- New knob to tweak max number of pending nonblocking connection
attempts: pending_max N (default 100).
- Moved dlist prototypes to dlist.h.
- Added check to close idle connections after a period of inactivity.
- Penctl: idle_timeout N (default 0 = never close idle connections).
- Moved git repository to GitHub..
- New feature: dummy server. Rather than acting as a proxy,
Pen will pretend to be a web server with just barely enough
functionality to work as a test target.
- Penctl: dummy|no dummy.
- Yet Another command: abort_on_error|no abort_on_error makes
Pen call abort() (or not) when encountering a fatal error.
- New feature: "reliable idling". Pen will make and maintain a
number of idle connections to the backend servers. When a connection
closes, a new one is made (hence "reliable"). Penctl: idlers [N].
- In do_cmd: return diagnostics to penctl so the user can see them,
instead of uselessly sending them to syslog.
- New penctl commands:
- socket N (print which connection the socket belongs to)
- connection N (print info on the specified connection)
- close N (forcibly close connection N)
- In open_listener: check that the requested port is in range.
- Fixed bug in dlist_insert.
- Even load distribution when a server is unavailable.
- Let pen save the settings for tcp_nodelay and tcp_fastclose.
- Make flush_up and flush_down return the correct value on error.
- Added config.h.win with reasonable settings for Windows.
- Better detection and blacklisting of unavailable servers.
- New penctl commands:
- tcp_nodelay sets TCP_NODELAY on sockets. Turn off with no tcp_nodelay.
- tcp_fastclose closes both upstream and downstream sockets if one of them
- closes theirs. Will take the values up, down, both or off (default).
- Rather than making a table of pending connections every time through
the main loop, keep them in a doubly linked list which is only updated
as needed. O(n) -> O(1).
- A bug in udp mode: after successful "connect", do not event_add downfd,
because it is equal to listenfd and epoll_ctl doesn't like that.
- Module kqueue.c updated.
- Module poll.c: set unused fd:s to -1, or Solaris will say ENOSYS.
- Enable diagnostic messages by default in configure.ac.
- Changed event bookkeeping from stateless to stateful.
- Made keepalive optional and added "keepalive / no keepalive" penctl command.
- Added windows.c and pen.h to the release tarball.
- More sensible autoconfiguration defaults: poll, kqueue, epoll, openssl and geoip
are built if found unless explicitly excluded.
- New event management defaults: kqueue, epoll, poll, select in that order.
- New penctl commands: kqueue, epoll, poll, select.
- New command line option: -O cmd where cmd is any penctl command.
E.g. -O select to use select instead of the compiled-in default.
- New penctl option "listen [address:]port" to allow listening address
to be changed on the fly or via a configuration file.
- New pen options -i and -u to install and uninstall Pen as a Windows service.
- See pen manpage.
- Reduced default timeout to 3 seconds.
- New autoconf option --enable-debugging to enable debugging code.
- Lots of fixes for compatibility with Windows.
- Fixed bug in mainloop which kept trying to write 0 bytes.
- MinGW port. Use Makefile.win to compile.
- Event management code broken out into select.c, poll.c, kqueue.c and epoll.c.
- New command-line option -m to accept multiple incoming connections in a batch.
- New command-line option -q to set incoming pending connection queue length.
- Close upfd when failing over.
- Adjusted debug logging levels.
- Started on epoll support for Linux.
- Rewrote output_net and output_file to take a variable number of arguments.
- Handle timed out connection attempts in mainloop_kqueue.
- Fixed mainloop_kqueue.
- A lot of code broken out from mainloop_select into separate functions.
- Fixed mainloop_poll.
- Bugfixes related to the new backend connection logic.
- Cleaned up and simplified add_client() and associated circuitry.
- Connections to back end servers are now nonblocking and parallel.
- Removed the -n option and all code explicitly using blocking sockets.
- Removed the -D option and the "delayed forward" feature.
- Renamed server and client fields in the conn, client and server structures
to better reflect what they are.
- Restructured the add_client, store_client, store_conn and try_server
functions.
- Allow write_cfg to save IPv6 and GeoIP access lists.
- Fixed a bug in write_cfg, where Pen would try to write to an unwritable
file. Reported by Steven Myint
- Return UDP replies from the server to the client.
- UDP load balancing code restructured and bugfixed.
- In mainloop_select: When there is a pending connection, keep accepting
up to multi_accept times *or* until EAGAIN *or* connection table is full.
This improves performance under load.
- Updated GeoIP support for IPv6.
- Servers can have ipv6 addresses. It is possible to use a mix of ipv4
and ipv6 servers:
./pen -df -S 2 -r :::2222 [::1]:22 [127.0.0.1]:22
- In order to allow server addresses with : in them (i.e. ipv6), it is now
possible to use square brackets around the address part of the server
specification: [address]:port (e.g. [::1]:8080).
- Pen can now listen on ipv6 sockets in addition to ipv4 and unix ones.
I.e. things like "pen ::1:2222 127.0.0.1:22" are now possible.
- snprintf format errors reported by Christopher Meng fixed in
pen.c and penctl.c.
- Updated pen manpage to clarify what the control socket does.
- Resist opening control socket running as root.
- Remove the default file name for web log.
- New feature: unix domain listening sockets.
- Redesigned server and client structs to allow ipv6 addresses and require
less casting (yuck) in the code.
- Updated penctl man page with syntax for IPv6 and GeoIP access lists.
- Fixed cosmetic signedness compiler warnings.
- Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause.
Otherwise pen won't compile without ssl.
- GeoIP access lists.
- Added "special exception" clause for linking with OpenSSL.
- Penlog ipv6 compatible.
- Modernized automake configuration.
- Penctl ipv6 compatible.
- Updated autoconf to 2.69.
- Updated SSL code. Protocol ssl2 removed. Default changed to tls1.
- Added UDP patch from Zen.
- Added patch from Debian that fixes some issues with penctl.cgi.
- Priority based server selection algorithm.
- Patch from Stephen P. Schaefer fixes several issues in write_cfg.
- In the server_by_weight function, multiply current connections
by WEIGHT_FACTOR to make the selection mo fine grained when the
number of connections is small.
- Patch from Dana Contreras: send stdio to /dev/null after forking.
- Fixed a bunch of cosmetic signedness compiler warnings.
|
|
|
|
|
|
|
|
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
070912 Added sanity check to init() to make sure that servers_max
is large enough for the number of servers specified on the
command line.
Released 0.17.2.
070829 Faster string duplication courtesy of Nigel Horne.
070502 Updated automake links.
070212 Updated INSTALL with instructions for increasing the number
of connections on Windows.
061204 Include server weight in response to "penctl servers" command.
Set server weight on command line. Server is specified as
host:port:maxconn:hard:weight.
060627 Bugfix by Chris Elsworth: server_by_weight would never
consider blacklisted servers, which kept them blacklisted
indefinitely.
Released 0.17.1.
051230 Added code by Chris Elsworth for kqueue support. Configure
with --with-kqueue to enable.
Released 0.17.0.
051215 Changed the configure option for ssl to
--with-experimental-only-ssl.
Released 0.16.0.
040709 Added an "abuse server" for naughty clients that have been
denied access by an acl. Works similar to the emergency server,
use command-line option "-B host:port" to enable.
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
|
|
CONFIGURE_ARGS.
|
|
* Servers can be assigned different weights to account for
differing capacity. New -W command-line option. New penctl
commands:
server S weight W (assign weight to server)
weight (use weight for server selection)
no weight (do not use weight for server selection)
Cleaned up the logic in add_client so the weighted server
selection can be used without client tracking.
* Some performance enhancing changes:
New variable connections_used remembers the number of used
slots in conns[]. It is incremented by store_conn and
decremented by close_conn. This allows the main loop to
only accept new connections if there are empty slots in
conns[], which is much better than accepting the connection
only to immediately close it because we can't handle it.
New variable connections_last remembers the last used slot
in conns[]. This allows us to scan for empty slots much faster
in store_conn when there are many simultaneous connections.
* Documented the procedure to change FD_SETSIZE on Linux
in INSTALL.
* Documented the include command in the penctl manpage.
* Fixed SSL so it works in nonblocking mode, except that
it doesn't work anyway.
Moved listenfd and ctrlfd out of main.
* Highly experimental SSL code in pen.c. Updated manpage
with the new options. Added https example to HOWTO.
|
|
|
|
Update provided by Andreas Wrede <andreas@planix.com> via PR pkg/23319.
Changes:
031023 Released 0.12.0.
Penlogd: sscanf would read 100 bytes + terminating nul into
a buffer of size 100. Now reads 99+nul. Spotted by Oezguer Kesim.
Let tracking time be set through penctl.cgi.
In do_cmd, "no log": only close the logfile if it is open.
New penctl command, "write [FILE]" writes current configuration
to a file. If FILE is omitted, overwrite the original
configuration file (-F option).
Pen: Time based expiration of tracked clients. Default is
0 seconds = never expire. Added -T option to control expiry
time. Also added penctl command "tracking N".
Penlogd: zero-terminate results from recvfrom.
In penlogd.c: don't complain if recvfrom is interrupted by signal.
More bugfixes, etc.
|
|
|
|
|
|
Changes since 0.10.0:
030407 Bugs uncovered by Charlie Reitsma <reitsmac@denison.edu>:
HOWTO incorrectly specified penctl in place of penlog
in Apache configuration example, and using penctl to
redirect log to penlogd didn't work.
Avoid bogus header rewriting in rewrite_request.
Released 0.10.1.
Also increase FN_SETSIZE for our package.
From PR#21075 (Andreas Wrede). Thanks!
|
|
Relevant portion of the Changelog :
030208 New option -H adds X-Forwarded-For header to http requests.
020717 Patches from Patroklos G. Argyroudis <argp@ieee.org>:
- check getopt() calls against -1 and not EOF
- fix for a possible format string in pen.c
020711 Ported to Darwin/MacOS X.
Released 0.9.4.
020705 New penctl command: recent [seconds] displays clients that have
connected recently (default five minutes), along with number of
connects, transmitted and received data.
020702 Buffer overflow in netlog. See comment in pen.c.
Added options -j (for chroot) and -u (for setuid) to pen and
penlogd. See manpages.
020627 Fixed an error which could throw penlogd into an endless loop
if a udp packet was lost at the crucial moment.
020626 Pedantic checking of memory allocations and buffer sizes.
020618 Penlogd: added option -n to adjust the number of cached log
entries from Pen.
020614 Added options -d, -f, -l and -p to penlogd. They do the same
as in pen. Also added signal handlers for TERM and HUP; these
too do the same as in pen. Updated penlogd manpage.
Updated www section in HOWTO to use penlog rather than mergelogs.
020613 Added penlog.c to log over a network using Apaches reliable
piped logs. A companion log server, penlogd.c, consolidates
logs from Pen and from all web servers into a single file.
Added the necessary code to Pen log over the network.
020610 Wrote penctl.cgi, a web wrapper for penctl.
020609 Wrote a new version of the main loop, using poll() instead of
select(). Added configuration option --with-poll to enable.
Also turned redefinition of FD_SETSIZE into a configuration
option --with-fd_setsize=N.
Updated installation instructions in INSTALL.
020605 Added optional hard limit to the number of connections to each
server.
Timestamps in debug log entries.
Released 0.8.0.
020604 Added "server of last resort" (-e option) which is only used
when all other servers are unavailable. (Andreas Wrede)
020528 Several enhancements and bugfixes by Andreas Wrede:
In webstats: changed CLIENTS_MAX to clients_max and
CONNECTIONS_MAX to connections_max.
Show time in human-readable format rather than seconds since 1970.
Changed byte counters from unsigned long to unsigned long long.
Fixed file descriptor leak: The connection wasn't closed when
the connection table was full.
Moved stats generation and log restart out of the signal handlers
and into the main loop.
If a client went away before receiving all its data (large files),
the remaining portion would be sent to the next client occupying
the same slot.
Added pointers in connection structure to avoid having to memcpy
the buffers in flush_up/flush_down.
Released 0.7.0.
020507 Updated the penctl manpage to reflect reality.
Released 0.6.3.
020417 Added -D switch to make copy_up and copy_down *always* store data
in a temporary buffer and wait for the next round through the
main loop before passing it on to the receiving end.
The penctl command for this is "delayed_forward".
When making sockets nonblocking (through fcntl(..., O_NONBLOCK)),
make sure that any existing flags are not reset in the process.
Important bugfix: each failed connection attempt in try_server
would result in one socket leaked because we returned without
closing it.
020413 Figured out why nonblocking mode was slower than blocking. Fixed.
020411 Added penctl, a simple user interface to the control protocol.
020324 Cancel timeout if it isn't needed.
020115 Added LDAP info in the HOWTO.
Added the flush_up/flush_down bugfix from 0.5.0 again.
Released 0.6.1.
020111 Moved #include <sys/types.h> before #include <netinet/in.h>
Replaced the call to setpgrp with setsid.
Transformed mergelogs into ultimately portable ANSI C (almost).
Thanks to Mike Dugas <mad@phobia.net> for help with porting
Removed the -r (rejects) option, since we no longer reject anything.
to FreeBSD 4.4-RELEASE.
020110 Rewrote mergelogs completely. It will now never discard a web
server log entry, and it tries much harder to locate a good
match in the pen log. It deals with log entries that are out
of order and servers with unsynchronized clocks and/or
different time zones. The -l (lag) option is no more.
Released 0.6.0
010915 Made the use of daemon() optional.
Added the cgi script penstats to update and display statistics.
Set current in store_conn.
Released 0.5.0.
010914 Statistics in HTML format (Riccard Ã…kerman).
Tested pen on HP-UX 10.20.
|
|
|
|
|
|
010912 When storing part of the buffer for a renewed attempt,
store the *end*, not the beginning. Affects copy_up and copy_down.
Autoconf. Use daemon() if available. Make sure that we don't try
to close uninitialized file handles in add_client.
New option -n to not make sockets nonblocking (mainly useful
for debugging).
010911 Make sure that remaining data is stored away when we get EAGAIN
in copy_up.
Released 0.3.3.
010909 Added -p argument to store process id in a file (Andreas Wrede).
Made the sockets nonblocking. Handle EAGAIN in copy_up/down.
Released 0.3.2.
010908 Ignore SIGPIPE. Released 0.3.1.
010827 Option -h uses a hash on the client IP address for the initial
server selection. Option -s ("stubborn") prevents failover to
another server if the initial choice is unavailable.
010824 Use getport for the local port as well.
|
|
manager.
|
