Import sfw build 137
Bugs Fixed
----------
6926835 Wireshark cannot open files typed into the location bar
6930214 CVE-2010-0624: Heap-based buffer overflow in GNU Tar
6933424 Various sfw manual pages need to be adjusted to use the new OpenSolaris package names.
6937764 upgrade OpenSSL to 0.9.8n (and fix CVE-2010-0740)
1i\
'\\" t\
\.\\"\
\.\\" Modified for Solaris to to add the Solaris stability classification,\
\.\\" and to add a note about source availability.\
\.\\"
/^\.SH SEE ALSO$/ i\
.SH SMF PROPERTIES\
Configuration of properties for the /usr/bin/pen program is managed by\
the service management facility, \\fBsmf\\fR(5), under the service identifier:\
.sp\
.in +4\
.nf\
svc:/network/loadbalancer/pen\
.fi\
.in -4\
.sp\
Pen is a multiple instances service. The default instance is:\
.in +4\
.nf\
svc:/network/loadbalancer/pen:default\
.fi\
.in -4\
.sp\
Besides, an example of a http load balancer instance is also provided as:\
.in +4\
.nf\
svc:/network/loadbalancer/pen:http\
.fi\
.in -4\
.sp\
Users can create their own instances following the smf framework. So multiple\
pen processes can be executed separately in one machine at the same time.\
.TP\
Use \\fBsvccfg\\fR(1M) and \\fBsvcprop\\fR(1M) to change and display the\
configuration of this service.\
.TP\
The following properties must be set before starting the service:\
.TP\
.B\
pen/listenport\
(Type astring) The local address and port pen listens on. The value is set\
like \\fI[hostname:]port\\fR. If \\fRhostname\\fR is not specified, then\
all local address will be listened on.\
.TP\
.B\
pen/servers\
(Type astring) The address, the port and the maximum number of simultaneous\
connections for remote servers. The value is set like\
.nf\
\"\\fIhost1[:port1[:sconn1:hconn1]];host2[:port2[:sconn2:hconn2]];...\\fR\"\
.fi\
\\fIsconn\\fR and \\fIhconn\\fR are soft and hard limit of the number of\
connection. The default port value is the same as in\
\\fIpen/listenport\\fR.\
.TP\
The following properties are optional:\
.TP\
.B\
pen/blacklist\
(Type count) The blacklist time in seconds, default is 30.\
See also option \\fB-b\\fR above.\
.TP\
.B\
pen/timeout\
(Type count) The connection timeout in seconds. default is 5.\
See also option \\fB-t\\fR above.\
.TP\
.B\
pen/logfile\
(Type astring) The location of the log file, default is\
\\fB/var/log/pen.log\\fR.\
See also option \\fB-l\\fR above.\
.TP\
.B\
pen/cfgfile\
(Type astring) The location of the configuration file (penctl style).\
See also option \\fB-F\\fR above.\
.TP\
.B\
pen/pidfile\
(Type astring) The location of file into which the PID will be written.\
See also option \\fB-p\\fR above.\
.TP\
.B\
pen/statusfile\
(Type astring) The location of the report file (in html format).\
See also option \\fB-w\\fR above.\
.TP\
.B\
pen/tracking\
(Type count) The tracking time, default is 0 (never expire).\
See also option \\fB-T\\fR above.\
.TP\
.B\
pen/emergency\
(Type astring) The emergency server address to contact if all regular\
servers become unavailable.\
See also option \\fB-e\\fR above.\
.TP\
.B\
pen/maxserver\
(Type count) The max number of servers, default is 16.\
See also option \\fB-S\\fR above.\
.TP\
.B\
pen/maxclient\
(Type count) The max number of clients, default is 2048.\
See also option \\fB-c\\fR above.\
.TP\
.B\
pen/chroot\
(Type astring) The directory for the chroot environment.\
See also option \\fB-j\\fR above.\
.TP\
.B\
pen/user\
(Type astring) The different user to run pen.\
See also option \\fB-u\\fR above.\
.TP\
.B\
pen/maxconn\
(Type count) The max number of simultaneous connections, default is 256.\
See also option \\fB-x\\fR above.\
.TP\
.B\
pen/ctrlport\
(Type astring) The control port on which pen daemon listens for commands,\
in the format [host]:port, default is -1 (not use ctrlport).\
See also option \\fB-C\\fR above.\
.TP\
.B\
pen/Xforward\
(Type boolean) If X-Forwarded-For header will be added for http requests,\
default is false.\
See also option \\fB-H\\fR above.\
.TP\
.B\
pen/allowexit\
(Type boolean) If an exit command is added for the control interface,\
default is false.\
See also option \\fB-X\\fR above.\
.TP\
.B\
pen/certfile\
(Type astring) The certificate file (in PEM format) used by pen.\
See also option \\fB-E\\fR above.\
.TP\
.B\
pen/keyfile\
(Type astring) The key file (in PEM format, may be contained in cert)\
used by pen.\
See also option \\fB-K\\fR above.\
.TP\
.B\
pen/cacertfile\
(Type astring) The file containing the CA's certificate.\
See also option \\fB-G\\fR above.\
.TP\
.B\
pen/cacertdir\
(Type astring) The directory containing CA certificates in hashed format.\
See also option \\fB-A\\fR above.\
.TP\
.B\
pen/usessl\
(Type boolean) If SSL compatibility mode is used, default is false.\
See also option \\fB-Z\\fR above.\
.TP\
.B\
pen/peercert\
(Type boolean) If valid peer certificate is required, default is false.\
See also option \\fB-R\\fR above.\
.TP\
.B\
pen/protocol\
(Type astring) The ssl protocol version, default is ssl23.\
See also option \\fB-L\\fR above.\
.TP\
.B\
pen/weight\
(Type boolean) If weight way is used for server selection,\
default is false.\
See also option \\fB-W\\fR above.\
.TP\
.B\
pen/nonblock\
(Type boolean) If nonblocking mode is used, default is false.\
See also option \\fB-n\\fR above.\
.TP\
.B\
pen/hash\
(Type boolean) If hash way is used on client IP addresses for the initial\
server selection. Enabling it makes pen more predictable which server will\
be used when a client connects. Default is false.\
See also option \\fB-h\\fR above.\
.TP\
.B\
pen/roundrobin\
(Type boolean) If straight round-robin server selection is used without\
looking up which server the client used the last time, default is false.\
See also option \\fB-r\\fR above.\
.TP\
.B\
pen/stubborn\
(Type boolean) If stubborn server selection is used. If it's enabled,\
the client connection will be closed without trying another server if\
the first choice is unavailable. Default is false.\
See also option \\fB-s\\fR above.\
.TP\
The other command line options are not supported in SMF property.\
.SS \"Example 1: Start pen as a http load balancer\"\
.PP\
The following commands will start pen as a http load balancer for host\
\\fBfoo\\fR and \\fBbar\\fR, using \\fBpen:http\\fR instance:\
.sp\
.in +2\
.nf\
svccfg -s pen:http setprop pen/servers = \"foo:80;bar:80\"\
svcadm refresh svc:/network/loadbalancer/pen:http\
svcadm disable svc:/network/loadbalancer/pen:http\
svcadm enable svc:/network/loadbalancer/pen:http\
.fi\
.in -2\
.SS \"Example 2: Start pen with a different log file\"\
.PP\
The following commands will start pen at current host as a http load\
balancer for host \\fBfoo\\fR and \\fBbar\\fR, with log file at the\
location \\fB/var/tmp/my.log\\fR, using \\fBpen:default\\fR instance:\
.sp\
.in +2\
.nf\
svccfg -s pen:default setprop pen/listenport = 80\
svccfg -s pen:default setprop pen/servers = \"foo:80;bar:80\"\
svccfg -s pen:default setprop pen/logfile = \"/var/tmp/my.log\"\
svcadm refresh svc:/network/loadbalancer/pen:default\
svcadm disable svc:/network/loadbalancer/pen:default\
svcadm enable svc:/network/loadbalancer/pen:default\
.fi\
.in -2\
.sp
$a\
\.\\" Begin Sun update\
.SH ATTRIBUTES\
See\
.BR attributes (5)\
for descriptions of the following attributes:\
.sp\
.TS\
box;\
cbp-1 | cbp-1\
l | l .\
ATTRIBUTE TYPE ATTRIBUTE VALUE\
=\
Availability service/network/load-balancer/pen\
=\
Interface Stability Uncommitted\
.TE \
.PP\
.SH NOTES\
The Pen project is located at http://siag.nu/pen.\
.br\
Source for Pen is available on http://opensolaris.org.\
\.\\" End Sun update
s/^\(\.TH [^ ][^ ]* [0-9][a-zA-Z]* \)[^ ][^ ]*$/\1"25 Mar 2008" "SunOS 5.11" "User Commands"/g
s/, dwatch(1)/, svcadm(1M), svccfg(1M), svcprop(1M), svcs(1), smf(5), smf_method(5)/g
s/, webresolve(1)//g