You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2010/11/05 15:09:55 UTC
Fwd: svn commit: r1031551 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_connect.c
any concern that these CONNECT tunnels, that look like one request to
the proxy, would hold open exiting children too long?
---------- Forwarded message ----------
From: <co...@apache.org>
Date: Fri, Nov 5, 2010 at 9:12 AM
Subject: svn commit: r1031551 - in /httpd/httpd/trunk: CHANGES
modules/proxy/mod_proxy_connect.c
To: cvs@httpd.apache.org
Author: covener
Date: Fri Nov 5 13:12:14 2010
New Revision: 1031551
URL: http://svn.apache.org/viewvc?rev=1031551&view=rev
Log:
PR50220: keep on chugging after EINTR in mod_proxy_connect
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1031551&r1=1031550&r2=1031551&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Nov 5 13:12:14 2010
@@ -6,6 +6,9 @@ Changes with Apache 2.3.9
Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]
+ *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
+ when the child process is starting to exit. PR50220. [Eric Covener]
+
*) mod_autoindex: Fix inheritance of mod_autoindex directives into
contexts that don't have any mod_autoindex directives. PR47766.
[Eric Covener]
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c?rev=1031551&r1=1031550&r2=1031551&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c Fri Nov 5 13:12:14 2010
@@ -438,6 +438,9 @@ static int proxy_connect_handler(request
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled))
!= APR_SUCCESS) {
+ if (APR_STATUS_IS_EINTR(rv)) {
+ continue;
+ }
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy:
CONNECT: error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
--
Eric Covener
covener@gmail.com
Re: svn commit: r1031551 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_connect.c
Posted by Rainer Jung <ra...@kippdata.de>.
On 05.11.2010 15:29, "Plüm, Rüdiger, VF-Group" wrote:
>
>
>> -----Original Message-----
>> From: Eric Covener
>> Sent: Freitag, 5. November 2010 15:10
>> To: dev@httpd.apache.org
>> Subject: Fwd: svn commit: r1031551 - in /httpd/httpd/trunk:
>> CHANGES modules/proxy/mod_proxy_connect.c
>>
>> any concern that these CONNECT tunnels, that look like one request to
>> the proxy, would hold open exiting children too long?
>
> IMHO this is the way it works and is designed.
... but an interesting remark for the so much improved docs ...
So it does mean the child will be killed in case of to many spares or
maxrequestperchild and thus any kind of long running tunnel will be
aborted. Right? Should not be a problem for CONNECT when used for https
proxy, but will be a problem for VPN or tunneling type of use.
Regards,
Rainer
RE: svn commit: r1031551 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_connect.c
Posted by "Plüm, Rüdiger, VF-Group" <ru...@vodafone.com>.
> -----Original Message-----
> From: Eric Covener
> Sent: Freitag, 5. November 2010 15:10
> To: dev@httpd.apache.org
> Subject: Fwd: svn commit: r1031551 - in /httpd/httpd/trunk:
> CHANGES modules/proxy/mod_proxy_connect.c
>
> any concern that these CONNECT tunnels, that look like one request to
> the proxy, would hold open exiting children too long?
IMHO this is the way it works and is designed.
Regards
Rüdiger