You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ed Korthof <ed...@organic.com> on 1997/01/08 17:36:30 UTC
Patch for read timeout
A day or two ago we discussed a patch for a new read tiemout as
appropriate for the next release. This patch does that, setting the
default value to 180.
The directive is TimeoutRead, and operates like Timeout. How does this
look?
-- Ed Korthof | Web Server Engineer --
-- ed@organic.com | Organic Online, Inc --
-- (415) 278-5676 | Fax: (415) 284-6891 --
-----
*** /usr/local/src/apache/apache_1.2b2/src/http_main.c Mon Dec 9 17:11:58 1996
--- http_main.c Tue Jan 7 21:05:03 1997
***************
*** 461,466 ****
--- 461,468 ----
signal(SIGALRM,(void (*)())timeout);
if (r->connection->keptalive)
alarm (r->server->keep_alive_timeout);
+ else if (!strcmp(name, "read"))
+ alarm (r->server->read_timeout);
else
alarm (r->server->timeout);
}
*** /usr/local/src/apache/apache_1.2b2/src/httpd.h Mon Jan 6 18:16:39 1997
--- httpd.h Tue Jan 7 21:06:04 1997
***************
*** 183,188 ****
--- 183,191 ----
/* The timeout for waiting for messages */
#define DEFAULT_TIMEOUT 1200
+ /* The timeout to read a request */
+ #define DEFAULT_READ_TIMEOUT 180
+
/* The timeout for waiting for keepalive timeout until next request */
#define DEFAULT_KEEPALIVE_TIMEOUT 15
***************
*** 585,590 ****
--- 588,594 ----
server_addr_rec *addrs;
int timeout; /* Timeout, in seconds, before we give up */
+ int read_timeout; /* Timeout, in seconds, to read request */
int keep_alive_timeout; /* Seconds we'll wait for another request */
int keep_alive; /* Maximum requests per connection */
int send_buffer_size; /* size of TCP send buffer (in bytes) */
*** /usr/local/src/apache/apache_1.2b2/src/http_core.c Fri Dec 6 13:51:32 1996
--- http_core.c Tue Jan 7 20:52:13 1997
***************
*** 884,889 ****
--- 884,894 ----
return NULL;
}
+ const char *set_read_timeout (cmd_parms *cmd, void *dummy, char *arg) {
+ cmd->server->read_timeout = atoi(arg);
+ return NULL;
+ }
+
const char *set_keep_alive_timeout (cmd_parms *cmd, void *dummy, char *arg) {
cmd->server->keep_alive_timeout = atoi (arg);
return NULL;
***************
*** 1161,1166 ****
--- 1166,1172 ----
{ "ServerPath", set_serverpath, NULL, RSRC_CONF, TAKE1,
"The pathname the server can be reached at" },
{ "Timeout", set_timeout, NULL, RSRC_CONF, TAKE1, "Timeout duration (sec)"},
+ { "TimeoutRead", set_read_timeout, NULL, RSRC_CONF, TAKE1, "Timeout for reading a request, in seconds"},
{ "KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF, TAKE1, "Keep-Alive timeout duration (sec)"},
{ "KeepAlive", set_keep_alive, NULL, RSRC_CONF, TAKE1, "Maximum Keep-Alive requests per connection (0 to disable)" },
{ "IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF, FLAG, "Enable identd (RFC931) user lookups - SLOW" },
*** /usr/local/src/apache/apache_1.2b2/src/http_config.c Wed Dec 4 16:33:24 1996
--- http_config.c Tue Jan 7 21:03:16 1997
***************
*** 914,919 ****
--- 914,920 ----
s->srm_confname = NULL;
s->access_confname = NULL;
s->timeout = 0;
+ s->read_timeout = 0;
s->keep_alive_timeout = 0;
s->keep_alive = -1;
/* start the list of addreses */
***************
*** 1019,1024 ****
--- 1020,1026 ----
s->srm_confname = RESOURCE_CONFIG_FILE;
s->access_confname = ACCESS_CONFIG_FILE;
s->timeout = DEFAULT_TIMEOUT;
+ s->read_timeout = DEFAULT_READ_TIMEOUT;
s->keep_alive_timeout = DEFAULT_KEEPALIVE_TIMEOUT;
s->keep_alive = DEFAULT_KEEPALIVE;
s->next = NULL;
Re: Patch for read timeout
Posted by Dean Gaudet <dg...@arctic.org>.
Hey in the threaded server we should be able to avoid chewing a lot of
resources for accepted-but-no-request-yet sockets. If we spawn the thread
only after there's a request to receive then we're just chewing an fd and
some system memory. Of course then I suppose the attack becomes open the
socket and send 1 byte. Bleh.
Dean
On Wed, 8 Jan 1997, Ed Korthof wrote:
> A day or two ago we discussed a patch for a new read tiemout as
> appropriate for the next release. This patch does that, setting the
> default value to 180.
>
> The directive is TimeoutRead, and operates like Timeout. How does this
> look?
>
> -- Ed Korthof | Web Server Engineer --
> -- ed@organic.com | Organic Online, Inc --
> -- (415) 278-5676 | Fax: (415) 284-6891 --
>
> -----
> *** /usr/local/src/apache/apache_1.2b2/src/http_main.c Mon Dec 9 17:11:58 1996
> --- http_main.c Tue Jan 7 21:05:03 1997
> ***************
> *** 461,466 ****
> --- 461,468 ----
> signal(SIGALRM,(void (*)())timeout);
> if (r->connection->keptalive)
> alarm (r->server->keep_alive_timeout);
> + else if (!strcmp(name, "read"))
> + alarm (r->server->read_timeout);
> else
> alarm (r->server->timeout);
> }
> *** /usr/local/src/apache/apache_1.2b2/src/httpd.h Mon Jan 6 18:16:39 1997
> --- httpd.h Tue Jan 7 21:06:04 1997
> ***************
> *** 183,188 ****
> --- 183,191 ----
> /* The timeout for waiting for messages */
> #define DEFAULT_TIMEOUT 1200
>
> + /* The timeout to read a request */
> + #define DEFAULT_READ_TIMEOUT 180
> +
> /* The timeout for waiting for keepalive timeout until next request */
> #define DEFAULT_KEEPALIVE_TIMEOUT 15
>
> ***************
> *** 585,590 ****
> --- 588,594 ----
>
> server_addr_rec *addrs;
> int timeout; /* Timeout, in seconds, before we give up */
> + int read_timeout; /* Timeout, in seconds, to read request */
> int keep_alive_timeout; /* Seconds we'll wait for another request */
> int keep_alive; /* Maximum requests per connection */
> int send_buffer_size; /* size of TCP send buffer (in bytes) */
> *** /usr/local/src/apache/apache_1.2b2/src/http_core.c Fri Dec 6 13:51:32 1996
> --- http_core.c Tue Jan 7 20:52:13 1997
> ***************
> *** 884,889 ****
> --- 884,894 ----
> return NULL;
> }
>
> + const char *set_read_timeout (cmd_parms *cmd, void *dummy, char *arg) {
> + cmd->server->read_timeout = atoi(arg);
> + return NULL;
> + }
> +
> const char *set_keep_alive_timeout (cmd_parms *cmd, void *dummy, char *arg) {
> cmd->server->keep_alive_timeout = atoi (arg);
> return NULL;
> ***************
> *** 1161,1166 ****
> --- 1166,1172 ----
> { "ServerPath", set_serverpath, NULL, RSRC_CONF, TAKE1,
> "The pathname the server can be reached at" },
> { "Timeout", set_timeout, NULL, RSRC_CONF, TAKE1, "Timeout duration (sec)"},
> + { "TimeoutRead", set_read_timeout, NULL, RSRC_CONF, TAKE1, "Timeout for reading a request, in seconds"},
> { "KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF, TAKE1, "Keep-Alive timeout duration (sec)"},
> { "KeepAlive", set_keep_alive, NULL, RSRC_CONF, TAKE1, "Maximum Keep-Alive requests per connection (0 to disable)" },
> { "IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF, FLAG, "Enable identd (RFC931) user lookups - SLOW" },
> *** /usr/local/src/apache/apache_1.2b2/src/http_config.c Wed Dec 4 16:33:24 1996
> --- http_config.c Tue Jan 7 21:03:16 1997
> ***************
> *** 914,919 ****
> --- 914,920 ----
> s->srm_confname = NULL;
> s->access_confname = NULL;
> s->timeout = 0;
> + s->read_timeout = 0;
> s->keep_alive_timeout = 0;
> s->keep_alive = -1;
> /* start the list of addreses */
> ***************
> *** 1019,1024 ****
> --- 1020,1026 ----
> s->srm_confname = RESOURCE_CONFIG_FILE;
> s->access_confname = ACCESS_CONFIG_FILE;
> s->timeout = DEFAULT_TIMEOUT;
> + s->read_timeout = DEFAULT_READ_TIMEOUT;
> s->keep_alive_timeout = DEFAULT_KEEPALIVE_TIMEOUT;
> s->keep_alive = DEFAULT_KEEPALIVE;
> s->next = NULL;
>
>
>
Re: Patch for read timeout
Posted by Brian Behlendorf <br...@organic.com>.
On Wed, 8 Jan 1997, Ed Korthof wrote:
> A day or two ago we discussed a patch for a new read tiemout as
> appropriate for the next release. This patch does that, setting the
> default value to 180.
>
> The directive is TimeoutRead, and operates like Timeout. How does this
> look?
Is it the amount of time in between read packets, or the total amount of time
to receive a request after the first bits of data are received? If should be
the former in my opinion - folks expecting a lot of submitted POST or PUT data
would have a large TimeOut but a conservative TimeOutRead, whereas the rest of
us would have both be conservative.
Yes, Dean, a threaded server ameliorates the need for this, so long as spare
threads are cheap, but doesn't make it moot. How many 64K-in-memory threads
does it take to start a denial of service attack? 1000 on a moderate-memory
machine? Sure it takes a lot longer than currently, but the need is still
there it would seem to me.
Didn't someone also submit a patch reducing the default timeout from 1200 to
180 or something? +1 to that.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS