You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2016/11/14 10:26:34 UTC
svn commit: r1769588 [16/17] - in
/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat: ./ docs/conf/
docs/manual/ docs/manual/howto/ docs/manual/mod/ docs/manual/platform/
docs/manual/programs/ docs/manual/rewrite/ include/ modules/ modules/aaa/
modules/a...
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/http2/mod_proxy_http2.c Mon Nov 14 10:26:31 2016
@@ -44,9 +44,10 @@ static apr_status_t (*req_engine_push)(c
http2_req_engine_init *einit);
static apr_status_t (*req_engine_pull)(h2_req_engine *engine,
apr_read_type_e block,
- apr_uint32_t capacity,
+ int capacity,
request_rec **pr);
-static void (*req_engine_done)(h2_req_engine *engine, conn_rec *r_conn);
+static void (*req_engine_done)(h2_req_engine *engine, conn_rec *r_conn,
+ apr_status_t status);
typedef struct h2_proxy_ctx {
conn_rec *owner;
@@ -63,9 +64,9 @@ typedef struct h2_proxy_ctx {
const char *engine_id;
const char *engine_type;
apr_pool_t *engine_pool;
- apr_uint32_t req_buffer_size;
+ apr_size_t req_buffer_size;
request_rec *next;
- apr_size_t capacity;
+ int capacity;
unsigned standalone : 1;
unsigned is_ssl : 1;
@@ -168,7 +169,7 @@ static int proxy_http2_canon(request_rec
path = url; /* this is the raw path */
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url),
+ path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
}
@@ -210,7 +211,7 @@ static apr_status_t proxy_engine_init(h2
const char *id,
const char *type,
apr_pool_t *pool,
- apr_uint32_t req_buffer_size,
+ apr_size_t req_buffer_size,
request_rec *r,
http2_output_consumed **pconsumed,
void **pctx)
@@ -270,46 +271,45 @@ static apr_status_t add_request(h2_proxy
}
static void request_done(h2_proxy_session *session, request_rec *r,
- int complete, int touched)
+ apr_status_t status, int touched)
{
h2_proxy_ctx *ctx = session->user_data;
const char *task_id = apr_table_get(r->connection->notes, H2_TASK_ID_NOTE);
-
- if (!complete && !touched) {
- /* untouched request, need rescheduling */
- if (req_engine_push && is_h2 && is_h2(ctx->owner)) {
- if (req_engine_push(ctx->engine_type, r, NULL) == APR_SUCCESS) {
- /* push to engine */
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection,
- APLOGNO(03369)
- "h2_proxy_session(%s): rescheduled request %s",
- ctx->engine_id, task_id);
- return;
+
+ if (status != APR_SUCCESS) {
+ if (!touched) {
+ /* untouched request, need rescheduling */
+ if (req_engine_push && is_h2 && is_h2(ctx->owner)) {
+ if (req_engine_push(ctx->engine_type, r, NULL) == APR_SUCCESS) {
+ /* push to engine */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection,
+ APLOGNO(03369)
+ "h2_proxy_session(%s): rescheduled request %s",
+ ctx->engine_id, task_id);
+ return;
+ }
}
}
+ else {
+ const char *uri;
+ uri = apr_uri_unparse(r->pool, &r->parsed_uri, 0);
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, r->connection,
+ APLOGNO(03471) "h2_proxy_session(%s): request %s -> %s "
+ "not complete, was touched",
+ ctx->engine_id, task_id, uri);
+ }
}
- if (r == ctx->rbase && complete) {
- ctx->r_status = APR_SUCCESS;
+ if (r == ctx->rbase) {
+ ctx->r_status = (status == APR_SUCCESS)? APR_SUCCESS : HTTP_SERVICE_UNAVAILABLE;
}
- if (complete) {
- if (req_engine_done && ctx->engine) {
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection,
- APLOGNO(03370)
- "h2_proxy_session(%s): finished request %s",
- ctx->engine_id, task_id);
- req_engine_done(ctx->engine, r->connection);
- }
- }
- else {
- if (req_engine_done && ctx->engine) {
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection,
- APLOGNO(03371)
- "h2_proxy_session(%s): failed request %s",
- ctx->engine_id, task_id);
- req_engine_done(ctx->engine, r->connection);
- }
+ if (req_engine_done && ctx->engine) {
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, r->connection,
+ APLOGNO(03370)
+ "h2_proxy_session(%s): finished request %s",
+ ctx->engine_id, task_id);
+ req_engine_done(ctx->engine, r->connection, status);
}
}
@@ -323,7 +323,7 @@ static apr_status_t next_request(h2_prox
status = req_engine_pull(ctx->engine, before_leave?
APR_BLOCK_READ: APR_NONBLOCK_READ,
ctx->capacity, &ctx->next);
- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, ctx->owner,
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE3, status, ctx->owner,
"h2_proxy_engine(%s): pulled request (%s) %s",
ctx->engine_id,
before_leave? "before leave" : "regular",
@@ -342,7 +342,7 @@ static apr_status_t proxy_engine_run(h2_
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctx->owner,
"eng(%s): setup session", ctx->engine_id);
ctx->session = h2_proxy_session_setup(ctx->engine_id, ctx->p_conn, ctx->conf,
- 30, h2_log2(ctx->req_buffer_size),
+ 30, h2_proxy_log2((int)ctx->req_buffer_size),
request_done);
if (!ctx->session) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->owner,
@@ -367,7 +367,7 @@ static apr_status_t proxy_engine_run(h2_
/* ongoing processing, call again */
if (ctx->session->remote_max_concurrent > 0
&& ctx->session->remote_max_concurrent != ctx->capacity) {
- ctx->capacity = ctx->session->remote_max_concurrent;
+ ctx->capacity = (int)ctx->session->remote_max_concurrent;
}
s2 = next_request(ctx, 0);
if (s2 == APR_ECONNABORTED) {
@@ -375,10 +375,15 @@ static apr_status_t proxy_engine_run(h2_
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, s2, ctx->owner,
APLOGNO(03374) "eng(%s): pull request",
ctx->engine_id);
- status = s2;
+ /* give notice that we're leaving and cancel all ongoing
+ * streams. */
+ next_request(ctx, 1);
+ h2_proxy_session_cancel_all(ctx->session);
+ h2_proxy_session_process(ctx->session);
+ status = ctx->r_status = APR_SUCCESS;
break;
}
- if (!ctx->next && h2_ihash_empty(ctx->session->streams)) {
+ if (!ctx->next && h2_proxy_ihash_empty(ctx->session->streams)) {
break;
}
}
@@ -561,7 +566,7 @@ run_connect:
* backend->hostname. */
if (ap_proxy_connect_backend(ctx->proxy_func, ctx->p_conn, ctx->worker,
ctx->server)) {
- ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctx->owner, APLOGNO(03352)
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctx->owner, APLOGNO(03352)
"H2: failed to make connection to backend: %s",
ctx->p_conn->hostname);
goto cleanup;
@@ -569,29 +574,27 @@ run_connect:
/* Step Three: Create conn_rec for the socket we have open now. */
if (!ctx->p_conn->connection) {
- ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, ctx->owner, APLOGNO(03353)
- "setup new connection: is_ssl=%d %s %s %s",
- ctx->p_conn->is_ssl, ctx->p_conn->ssl_hostname,
- locurl, ctx->p_conn->hostname);
if ((status = ap_proxy_connection_create(ctx->proxy_func, ctx->p_conn,
ctx->owner,
ctx->server)) != OK) {
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, ctx->owner, APLOGNO(03353)
+ "setup new connection: is_ssl=%d %s %s %s",
+ ctx->p_conn->is_ssl, ctx->p_conn->ssl_hostname,
+ locurl, ctx->p_conn->hostname);
goto cleanup;
}
- /*
- * On SSL connections set a note on the connection what CN is
- * requested, such that mod_ssl can check if it is requested to do
- * so.
- */
- if (ctx->p_conn->ssl_hostname) {
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-hostname", ctx->p_conn->ssl_hostname);
- }
-
- if (ctx->is_ssl) {
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-alpn-protos", "h2");
+ if (!ctx->p_conn->data) {
+ /* New conection: set a note on the connection what CN is
+ * requested and what protocol we want */
+ if (ctx->p_conn->ssl_hostname) {
+ apr_table_setn(ctx->p_conn->connection->notes,
+ "proxy-request-hostname", ctx->p_conn->ssl_hostname);
+ }
+ if (ctx->is_ssl) {
+ apr_table_setn(ctx->p_conn->connection->notes,
+ "proxy-request-alpn-protos", "h2");
+ }
}
}
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ldap/util_ldap_cache_mgr.c Mon Nov 14 10:26:31 2016
@@ -497,7 +497,7 @@ void *util_ald_cache_insert(util_ald_cac
}
}
- /* Take a copy of the payload before proceeeding. */
+ /* Take a copy of the payload before proceeding. */
tmp_payload = (*cache->copy)(cache, payload);
if (tmp_payload == NULL) {
/*
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/loggers/mod_log_config.c Mon Nov 14 10:26:31 2016
@@ -39,7 +39,7 @@
* the request will be logged to the log file(s) defined outside
* the virtual host section. If a TransferLog or CustomLog directive
* appears in the VirtualHost section, the log files defined outside
- * the VirtualHost will _not_ be used. This makes this module compatable
+ * the VirtualHost will _not_ be used. This makes this module compatible
* with the CLF and config log modules, where the use of TransferLog
* inside the VirtualHost section overrides its use outside.
*
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/lua/mod_lua.c Mon Nov 14 10:26:31 2016
@@ -905,7 +905,7 @@ typedef struct cr_ctx
} cr_ctx;
-/* Okay, this deserves a little explaination -- in order for the errors that lua
+/* Okay, this deserves a little explanation -- in order for the errors that lua
* generates to be 'accuarate', including line numbers, we basically inject
* N line number new lines into the 'top' of the chunk reader.....
*
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_actions.c Mon Nov 14 10:26:31 2016
@@ -118,7 +118,7 @@ static const char *set_script(cmd_parms
}
else {
/* ap_method_register recognizes already registered methods,
- * so don't bother to check its previous existence explicitely.
+ * so don't bother to check its previous existence explicitly.
*/
methnum = ap_method_register(cmd->pool, method);
}
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_negotiation.c Mon Nov 14 10:26:31 2016
@@ -2252,7 +2252,7 @@ static int variant_has_language(var_rec
}
/* check for environment variables 'no-gzip' and
- * 'gzip-only-text/html' to get a behaviour similiar
+ * 'gzip-only-text/html' to get a behaviour similar
* to mod_deflate
*/
static int discard_variant_by_env(var_rec *variant, int discard)
@@ -2775,7 +2775,7 @@ static int setup_choice_response(request
* see that Vary header yet at this point in the control flow.
* This won't cause any cache consistency problems _unless_ the
* CGI script also returns a Cache-Control header marking the
- * response as cachable. This needs to be fixed, also there are
+ * response as cacheable. This needs to be fixed, also there are
* problems if a CGI returns an Etag header which also need to be
* fixed.
*/
@@ -3127,7 +3127,7 @@ static int handle_multi(request_rec *r)
ap_internal_fast_redirect(sub_req, r);
/* give no advise for time on this subrequest. Perhaps we
- * should tally the last mtime amoung all variants, and date
+ * should tally the last mtime among all variants, and date
* the most recent, but that could confuse the proxies.
*/
r->mtime = 0;
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/mappers/mod_rewrite.c Mon Nov 14 10:26:31 2016
@@ -4077,7 +4077,7 @@ static int apply_rewrite_rule(rewriterul
/* Ok, we already know the pattern has matched, but we now
* additionally have to check for all existing preconditions
* (RewriteCond) which have to be also true. We do this at
- * this very late stage to avoid unnessesary checks which
+ * this very late stage to avoid unnecessary checks which
* would slow down the rewriting engine.
*/
rewriteconds = p->rewriteconds;
@@ -4871,7 +4871,7 @@ static int hook_fixup(request_rec *r)
/*
* Do the Options check after engine check, so
- * the user is able to explicitely turn RewriteEngine Off.
+ * the user is able to explicitly turn RewriteEngine Off.
*/
if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
/* FollowSymLinks is mandatory! */
@@ -4886,7 +4886,7 @@ static int hook_fixup(request_rec *r)
/*
* remember the current filename before rewriting for later check
* to prevent deadlooping because of internal redirects
- * on final URL/filename which can be equal to the inital one.
+ * on final URL/filename which can be equal to the initial one.
* also, we'll restore original r->filename if we decline this
* request
*/
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_env.c Mon Nov 14 10:26:31 2016
@@ -63,7 +63,7 @@ static void *merge_env_dir_configs(apr_p
* table_set( res->vars, $element.key, $element.val );
*
* add->unsetenv already removed the vars from add->vars,
- * if they preceeded the UnsetEnv directive.
+ * if they preceded the UnsetEnv directive.
*/
res->vars = apr_table_copy(p, base->vars);
res->unsetenv = NULL;
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_mime_magic.c Mon Nov 14 10:26:31 2016
@@ -161,7 +161,7 @@ struct magic {
unsigned char hl[4]; /* 2 bytes of a fixed-endian "long" */
} value; /* either number or string */
unsigned long mask; /* mask before comparison with value */
- char nospflag; /* supress space character */
+ char nospflag; /* suppress space character */
/* NOTE: this string is suspected of overrunning - find it! */
char desc[MAXDESC]; /* description */
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_remoteip.c Mon Nov 14 10:26:31 2016
@@ -255,7 +255,7 @@ static int remoteip_modify_request(reque
}
remote = apr_pstrdup(r->pool, remote);
- temp_sa = c->client_addr;
+ temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr;
while (remote) {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/metadata/mod_version.c Mon Nov 14 10:26:31 2016
@@ -49,7 +49,7 @@
* = / == match; regex must be surrounded by slashes
* ~ match; regex MAY NOT be surrounded by slashes
*
- * Note that all operators may be preceeded by an exclamation mark
+ * Note that all operators may be preceded by an exclamation mark
* (without spaces) in order to reverse their meaning.
*
*/
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/NWGNUproxy Mon Nov 14 10:26:31 2016
@@ -256,6 +256,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
@echo $(DL)# Exports of mod_proxy$(DL)> $@
@echo $(DL) (AP$(VERSION_MAJMIN))$(DL)>> $@
@echo $(DL) proxy_module,$(DL)>> $@
+ @echo $(DL) proxy_hcmethods,$(DL)>> $@
@echo $(DL) proxy_hook_canon_handler,$(DL)>> $@
@echo $(DL) proxy_hook_get_canon_handler,$(DL)>> $@
@echo $(DL) proxy_hook_get_post_request,$(DL)>> $@
@@ -277,6 +278,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
@echo $(DL) ap_proxy_c2hex,$(DL)>> $@
@echo $(DL) ap_proxy_canon_netloc,$(DL)>> $@
@echo $(DL) ap_proxy_canonenc,$(DL)>> $@
+ @echo $(DL) ap_proxy_check_connection,$(DL)>> $@
@echo $(DL) ap_proxy_checkproxyblock,$(DL)>> $@
@echo $(DL) ap_proxy_checkproxyblock2,$(DL)>> $@
@echo $(DL) ap_proxy_conn_is_https,$(DL)>> $@
@@ -312,6 +314,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy
@echo $(DL) ap_proxy_set_wstatus,$(DL)>> $@
@echo $(DL) ap_proxy_share_balancer,$(DL)>> $@
@echo $(DL) ap_proxy_share_worker,$(DL)>> $@
+ @echo $(DL) ap_proxy_show_hcmethod,$(DL)>> $@
@echo $(DL) ap_proxy_ssl_connection_cleanup,$(DL)>> $@
@echo $(DL) ap_proxy_ssl_disable,$(DL)>> $@
@echo $(DL) ap_proxy_ssl_enable,$(DL)>> $@
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.c Mon Nov 14 10:26:31 2016
@@ -649,9 +649,18 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
fake = ent->fake;
real = ent->real;
}
+
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, APLOGNO(03461)
+ "attempting to match URI path '%s' against %s '%s' for "
+ "proxying", r->uri, (ent->regex ? "pattern" : "prefix"),
+ fake);
+
if (ent->regex) {
if (!ap_regexec(ent->regex, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
if ((real[0] == '!') && (real[1] == '\0')) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03462)
+ "proxying is explicitly disabled for URI path "
+ "'%s'; declining", r->uri);
return DECLINED;
}
/* test that we haven't reduced the URI */
@@ -695,6 +704,9 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
if (len != 0) {
if ((real[0] == '!') && (real[1] == '\0')) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03463)
+ "proxying is explicitly disabled for URI path "
+ "'%s'; declining", r->uri);
return DECLINED;
}
if (nocanon && len != alias_match(r->unparsed_uri, ent->fake)) {
@@ -723,6 +735,11 @@ PROXY_DECLARE(int) ap_proxy_trans_match(
if (ent->flags & PROXYPASS_NOQUERY) {
apr_table_setn(r->notes, "proxy-noquery", "1");
}
+
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
+ "URI path '%s' matches proxy handler '%s'", r->uri,
+ found);
+
return OK;
}
@@ -1255,16 +1272,24 @@ cleanup:
* the error page on the proxy or if the error was not generated by the
* backend itself but by the proxy e.g. a bad gateway) in order to give
* ap_proxy_post_request a chance to act correctly on the status code.
+ * But only do the above if access_status is not OK and not DONE, because
+ * in this case r->status might contain the true status and overwriting
+ * it with OK or DONE would be wrong.
*/
- saved_status = r->status;
- r->status = access_status;
- ap_proxy_post_request(worker, balancer, r, conf);
- /*
- * Only restore r->status if it has not been changed by
- * ap_proxy_post_request as we assume that this change was intentional.
- */
- if (r->status == access_status) {
- r->status = saved_status;
+ if ((access_status != OK) && (access_status != DONE)) {
+ saved_status = r->status;
+ r->status = access_status;
+ ap_proxy_post_request(worker, balancer, r, conf);
+ /*
+ * Only restore r->status if it has not been changed by
+ * ap_proxy_post_request as we assume that this change was intentional.
+ */
+ if (r->status == access_status) {
+ r->status = saved_status;
+ }
+ }
+ else {
+ ap_proxy_post_request(worker, balancer, r, conf);
}
proxy_run_request_status(&access_status, r);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy.h Mon Nov 14 10:26:31 2016
@@ -271,6 +271,10 @@ typedef struct {
unsigned int inreslist:1; /* connection in apr_reslist? */
const char *uds_path; /* Unix domain socket path */
const char *ssl_hostname;/* Hostname (SNI) in use by SSL connection */
+ apr_bucket_brigade *tmp_bb;/* Temporary brigade created with the connection
+ * and its scpool/bucket_alloc (NULL before),
+ * must be left cleaned when used (locally).
+ */
} proxy_conn_rec;
typedef struct {
@@ -374,7 +378,7 @@ typedef struct {
unsigned int fnv;
} proxy_hashes ;
-/* Runtime worker status informations. Shared in scoreboard */
+/* Runtime worker status information. Shared in scoreboard */
/* The addition of member uds_path in 2.4.7 was an incompatible API change. */
typedef struct {
char name[PROXY_WORKER_MAX_NAME_SIZE];
@@ -580,7 +584,7 @@ APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY,
/**
* pre request hook.
* It will return the most suitable worker at the moment
- * and coresponding balancer.
+ * and corresponding balancer.
* The url is rewritten from balancer://cluster/uri to scheme://host:port/uri
* and then the scheme_handler is called.
*
@@ -632,6 +636,7 @@ PROXY_DECLARE(int) ap_proxy_checkproxybl
PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r);
/* DEPRECATED (will be replaced with ap_proxy_connect_backend */
PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, request_rec *);
+/* DEPRECATED (will be replaced with ap_proxy_check_connection */
PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
request_rec *r);
PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c);
@@ -763,7 +768,7 @@ PROXY_DECLARE(char *) ap_proxy_update_ba
* @param url url containing balancer name
* @param alias alias/fake-path to this balancer
* @param do_malloc true if shared struct should be malloced
- * @return error message or NULL if successfull
+ * @return error message or NULL if successful
*/
PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p,
proxy_balancer **balancer,
@@ -916,6 +921,28 @@ PROXY_DECLARE(int) ap_proxy_acquire_conn
PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function,
proxy_conn_rec *conn,
server_rec *s);
+
+#define PROXY_CHECK_CONN_EMPTY (1 << 0)
+/**
+ * Check a connection to the backend
+ * @param scheme calling proxy scheme (http, ajp, ...)
+ * @param conn acquired connection
+ * @param server current server record
+ * @param max_blank_lines how many blank lines to consume,
+ * or zero for none (considered data)
+ * @param flags PROXY_CHECK_* bitmask
+ * @return APR_SUCCESS: connection established,
+ * APR_ENOTEMPTY: connection established with data,
+ * APR_ENOSOCKET: not connected,
+ * APR_EINVAL: worker in error state (unusable),
+ * other: connection closed/aborted (remotely)
+ */
+PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
+ proxy_conn_rec *conn,
+ server_rec *server,
+ unsigned max_blank_lines,
+ int flags);
+
/**
* Make a connection to the backend
* @param proxy_function calling proxy scheme (http, ajp, ...)
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_ajp.c Mon Nov 14 10:26:31 2016
@@ -141,7 +141,7 @@ static apr_off_t get_content_length(requ
* XXX: AJP Auto Flushing
*
* When processing CMD_AJP13_SEND_BODY_CHUNK AJP messages we will do a poll
- * with FLUSH_WAIT miliseconds timeout to determine if more data is currently
+ * with FLUSH_WAIT milliseconds timeout to determine if more data is currently
* available at the backend. If there is no more data available, we flush
* the data to the client by adding a flush bucket to the brigade we pass
* up the filter chain.
@@ -358,7 +358,7 @@ static int ap_proxy_ajp_request(apr_pool
}
return HTTP_INTERNAL_SERVER_ERROR;
}
- /* parse the reponse */
+ /* parse the response */
result = ajp_parse_type(r, conn->data);
output_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
@@ -769,7 +769,10 @@ static int proxy_ajp_handler(request_rec
break;
/* Step Two: Make the Connection */
- if (ap_proxy_connect_backend(scheme, backend, worker, r->server)) {
+ if (ap_proxy_check_connection(scheme, backend, r->server, 0,
+ PROXY_CHECK_CONN_EMPTY)
+ && ap_proxy_connect_backend(scheme, backend, worker,
+ r->server)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00896)
"failed to make connection to backend: %s",
backend->hostname);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_balancer.c Mon Nov 14 10:26:31 2016
@@ -212,7 +212,8 @@ static char *get_cookie_param(request_re
/* Find the worker that has the 'route' defined
*/
static proxy_worker *find_route_worker(proxy_balancer *balancer,
- const char *route, request_rec *r)
+ const char *route, request_rec *r,
+ int recursion)
{
int i;
int checking_standby;
@@ -249,10 +250,15 @@ static proxy_worker *find_route_worker(p
* This enables to safely remove the member from the
* balancer. Of course you will need some kind of
* session replication between those two remote.
+ * Also check that we haven't gone thru all the
+ * balancer members by means of redirects.
+ * This should avoid redirect cycles.
*/
- if (*worker->s->redirect) {
+ if ((*worker->s->redirect)
+ && (recursion < balancer->workers->nelts)) {
proxy_worker *rworker = NULL;
- rworker = find_route_worker(balancer, worker->s->redirect, r);
+ rworker = find_route_worker(balancer, worker->s->redirect,
+ r, recursion + 1);
/* Check if the redirect worker is usable */
if (rworker && !PROXY_WORKER_IS_USABLE(rworker)) {
/*
@@ -315,7 +321,7 @@ static proxy_worker *find_session_route(
/* We have a route in path or in cookie
* Find the worker that has this route defined.
*/
- worker = find_route_worker(balancer, *route, r);
+ worker = find_route_worker(balancer, *route, r, 1);
if (worker && strcmp(*route, worker->s->route)) {
/*
* Notice that the route of the worker chosen is different from
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_connect.c Mon Nov 14 10:26:31 2016
@@ -119,7 +119,7 @@ static int allowed_port(connect_conf *co
int i;
port_range *list = (port_range *) conf->allowed_connect_ports->elts;
- if (apr_is_empty_array(conf->allowed_connect_ports)){
+ if (apr_is_empty_array(conf->allowed_connect_ports)) {
return port == APR_URI_HTTPS_DEFAULT_PORT
|| port == APR_URI_SNEWS_DEFAULT_PORT;
}
@@ -158,7 +158,7 @@ static int proxy_connect_handler(request
conn_rec *backconn;
int done = 0;
- apr_bucket_brigade *bb_front = apr_brigade_create(p, c->bucket_alloc);
+ apr_bucket_brigade *bb_front;
apr_bucket_brigade *bb_back;
apr_status_t rv;
apr_size_t nbytes;
@@ -227,9 +227,9 @@ static int proxy_connect_handler(request
connectname, connectport);
/* Check if it is an allowed port */
- if(!allowed_port(c_conf, uri.port)) {
- return ap_proxyerror(r, HTTP_FORBIDDEN,
- "Connect to remote machine blocked");
+ if (!allowed_port(c_conf, uri.port)) {
+ return ap_proxyerror(r, HTTP_FORBIDDEN,
+ "Connect to remote machine blocked");
}
/*
@@ -315,6 +315,7 @@ static int proxy_connect_handler(request
backconn->local_addr->port));
+ bb_front = apr_brigade_create(p, c->bucket_alloc);
bb_back = apr_brigade_create(p, backconn->bucket_alloc);
/* If we are connecting through a remote proxy, we need to pass
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_fcgi.c Mon Nov 14 10:26:31 2016
@@ -658,22 +658,32 @@ recv_again:
rv = ap_pass_brigade(r->output_filters, ob);
if (rv != APR_SUCCESS) {
*err = "passing headers brigade to output filters";
+ break;
}
- else if (status == HTTP_NOT_MODIFIED) {
- /* The 304 response MUST NOT contain
- * a message-body, ignore it. */
+ else if (status == HTTP_NOT_MODIFIED
+ || status == HTTP_PRECONDITION_FAILED) {
+ /* Special 'status' cases handled:
+ * 1) HTTP 304 response MUST NOT contain
+ * a message-body, ignore it.
+ * 2) HTTP 412 response.
+ * The break is not added since there might
+ * be more bytes to read from the FCGI
+ * connection. Even if the message-body is
+ * ignored (and the EOS bucket has already
+ * been sent) we want to avoid subsequent
+ * bogus reads. */
ignore_body = 1;
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
"Error parsing script headers");
rv = APR_EINVAL;
+ break;
}
- break;
}
- if (conf->error_override &&
- ap_is_HTTP_ERROR(r->status)) {
+ if (conf->error_override
+ && ap_is_HTTP_ERROR(r->status) && ap_is_initial_req(r)) {
/*
* set script_error_status to discard
* everything after the headers
@@ -943,7 +953,10 @@ static int proxy_fcgi_handler(request_re
}
/* Step Two: Make the Connection */
- if (ap_proxy_connect_backend(FCGI_SCHEME, backend, worker, r->server)) {
+ if (ap_proxy_check_connection(FCGI_SCHEME, backend, r->server, 0,
+ PROXY_CHECK_CONN_EMPTY)
+ && ap_proxy_connect_backend(FCGI_SCHEME, backend, worker,
+ r->server)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01079)
"failed to make connection to backend: %s",
backend->hostname);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_hcheck.c Mon Nov 14 10:26:31 2016
@@ -426,6 +426,8 @@ static proxy_worker *hc_get_hcworker(sct
PROXY_STRNCPY(hc->s->name, wptr);
PROXY_STRNCPY(hc->s->hostname, worker->s->hostname);
PROXY_STRNCPY(hc->s->scheme, worker->s->scheme);
+ PROXY_STRNCPY(hc->s->hcuri, worker->s->hcuri);
+ PROXY_STRNCPY(hc->s->hcexpr, worker->s->hcexpr);
hc->hash.def = hc->s->hash.def = ap_proxy_hashfunc(hc->s->name, PROXY_HASHFUNC_DEFAULT);
hc->hash.fnv = hc->s->hash.fnv = ap_proxy_hashfunc(hc->s->name, PROXY_HASHFUNC_FNV);
hc->s->port = port;
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/mod_proxy_http.c Mon Nov 14 10:26:31 2016
@@ -1188,7 +1188,7 @@ apr_status_t ap_proxy_http_process_respo
const char *buf;
char keepchar;
apr_bucket *e;
- apr_bucket_brigade *bb, *tmp_bb;
+ apr_bucket_brigade *bb;
apr_bucket_brigade *pass_bb;
int len, backasswards;
int interim_response = 0; /* non-zero whilst interim 1xx responses
@@ -1244,16 +1244,17 @@ apr_status_t ap_proxy_http_process_respo
backend->r->proxyreq = PROXYREQ_RESPONSE;
apr_table_setn(r->notes, "proxy-source-port", apr_psprintf(r->pool, "%hu",
origin->local_addr->port));
- tmp_bb = apr_brigade_create(p, c->bucket_alloc);
do {
apr_status_t rc;
apr_brigade_cleanup(bb);
- rc = ap_proxygetline(tmp_bb, buffer, sizeof(buffer), backend->r, 0, &len);
+ rc = ap_proxygetline(backend->tmp_bb, buffer, sizeof(buffer),
+ backend->r, 0, &len);
if (len == 0) {
/* handle one potential stray CRLF */
- rc = ap_proxygetline(tmp_bb, buffer, sizeof(buffer), backend->r, 0, &len);
+ rc = ap_proxygetline(backend->tmp_bb, buffer, sizeof(buffer),
+ backend->r, 0, &len);
}
if (len <= 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r, APLOGNO(01102)
@@ -1908,13 +1909,8 @@ static int proxy_http_handler(request_re
worker, r->server)) != OK)
goto cleanup;
-
backend->is_ssl = is_ssl;
- if (is_ssl) {
- ap_proxy_ssl_connection_cleanup(backend, r);
- }
-
/*
* In the case that we are handling a reverse proxy connection and this
* is not a request that is coming over an already kept alive connection
@@ -1939,7 +1935,10 @@ static int proxy_http_handler(request_re
break;
/* Step Two: Make the Connection */
- if (ap_proxy_connect_backend(proxy_function, backend, worker, r->server)) {
+ if (ap_proxy_check_connection(proxy_function, backend, r->server, 1,
+ PROXY_CHECK_CONN_EMPTY)
+ && ap_proxy_connect_backend(proxy_function, backend, worker,
+ r->server)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01114)
"HTTP: failed to make connection to backend: %s",
backend->hostname);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/proxy/proxy_util.c Mon Nov 14 10:26:31 2016
@@ -1305,6 +1305,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ini
static void socket_cleanup(proxy_conn_rec *conn)
{
conn->sock = NULL;
+ conn->tmp_bb = NULL;
conn->connection = NULL;
conn->ssl_hostname = NULL;
apr_pool_clear(conn->scpool);
@@ -1405,10 +1406,10 @@ static apr_status_t connection_cleanup(v
return APR_SUCCESS;
}
+/* DEPRECATED */
PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
request_rec *r)
{
- apr_bucket_brigade *bb;
apr_status_t rv;
/*
@@ -1420,22 +1421,21 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ssl
* processed. We don't expect any data to be in the returned brigade.
*/
if (conn->sock && conn->connection) {
- bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
- rv = ap_get_brigade(conn->connection->input_filters, bb,
+ rv = ap_get_brigade(conn->connection->input_filters, conn->tmp_bb,
AP_MODE_READBYTES, APR_NONBLOCK_READ,
HUGE_STRING_LEN);
- if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
- socket_cleanup(conn);
- }
- if (!APR_BRIGADE_EMPTY(bb)) {
+ if (!APR_BRIGADE_EMPTY(conn->tmp_bb)) {
apr_off_t len;
- rv = apr_brigade_length(bb, 0, &len);
+ rv = apr_brigade_length(conn->tmp_bb, 0, &len);
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, rv, r,
"SSL cleanup brigade contained %"
APR_OFF_T_FMT " bytes of data.", len);
+ apr_brigade_cleanup(conn->tmp_bb);
+ }
+ if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
+ socket_cleanup(conn);
}
- apr_brigade_destroy(bb);
}
return APR_SUCCESS;
}
@@ -1798,13 +1798,13 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ini
if (worker->s->smax == -1 || worker->s->smax > worker->s->hmax) {
worker->s->smax = worker->s->hmax;
}
- /* Set min to be lower then smax */
+ /* Set min to be lower than smax */
if (worker->s->min > worker->s->smax) {
worker->s->min = worker->s->smax;
}
}
else {
- /* This will supress the apr_reslist creation */
+ /* This will suppress the apr_reslist creation */
worker->s->min = worker->s->smax = worker->s->hmax = 0;
}
}
@@ -2328,7 +2328,7 @@ ap_proxy_determine_connection(apr_pool_t
}
/*
- * Worker can have the single constant backend adress.
+ * Worker can have the single constant backend address.
* The single DNS lookup is used once per worker.
* If dynamic change is needed then set the addr to NULL
* inside dynamic config to force the lookup.
@@ -2638,13 +2638,103 @@ PROXY_DECLARE(apr_status_t) ap_proxy_con
#endif
}
+PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
+ proxy_conn_rec *conn,
+ server_rec *server,
+ unsigned max_blank_lines,
+ int flags)
+{
+ apr_status_t rv = APR_SUCCESS;
+ proxy_worker *worker = conn->worker;
+
+ if (!PROXY_WORKER_IS_USABLE(worker)) {
+ /*
+ * The worker is in error likely done by a different thread / process
+ * e.g. for a timeout or bad status. We should respect this and should
+ * not continue with a connection via this worker even if we got one.
+ */
+ rv = APR_EINVAL;
+ }
+ else if (conn->connection) {
+ /* We have a conn_rec, check the full filter stack for things like
+ * SSL alert/shutdown, filters aside data...
+ */
+ rv = ap_check_pipeline(conn->connection, conn->tmp_bb,
+ max_blank_lines);
+ apr_brigade_cleanup(conn->tmp_bb);
+ if (rv == APR_SUCCESS) {
+ /* Some data available, the caller might not want them. */
+ if (flags & PROXY_CHECK_CONN_EMPTY) {
+ rv = APR_ENOTEMPTY;
+ }
+ }
+ else if (APR_STATUS_IS_EAGAIN(rv)) {
+ /* Filter chain is OK and empty, yet we can't determine from
+ * ap_check_pipeline (actually ap_core_input_filter) whether
+ * an empty non-blocking read is EAGAIN or EOF on the socket
+ * side (it's always SUCCESS), so check it explicitely here.
+ */
+ if (ap_proxy_is_socket_connected(conn->sock)) {
+ rv = APR_SUCCESS;
+ }
+ else {
+ rv = APR_EPIPE;
+ }
+ }
+ }
+ else if (conn->sock) {
+ /* For modules working with sockets directly, check it. */
+ if (!ap_proxy_is_socket_connected(conn->sock)) {
+ rv = APR_EPIPE;
+ }
+ }
+ else {
+ rv = APR_ENOSOCKET;
+ }
+
+ if (rv == APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, server,
+ "%s: reusing backend connection %pI<>%pI",
+ scheme, conn->connection->local_addr,
+ conn->connection->client_addr);
+ }
+ else if (conn->sock) {
+ /* This clears conn->scpool (and associated data), so backup and
+ * restore any ssl_hostname for this connection set earlier by
+ * ap_proxy_determine_connection().
+ */
+ char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
+ if (rv == APR_EINVAL
+ || !conn->ssl_hostname
+ || PROXY_STRNCPY(ssl_hostname, conn->ssl_hostname)) {
+ ssl_hostname[0] = '\0';
+ }
+
+ socket_cleanup(conn);
+ if (rv != APR_ENOTEMPTY) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, server, APLOGNO(00951)
+ "%s: backend socket is disconnected.", scheme);
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, server, APLOGNO(03408)
+ "%s: reusable backend connection is not empty: "
+ "forcibly closed", scheme);
+ }
+
+ if (ssl_hostname[0]) {
+ conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
+ }
+ }
+
+ return rv;
+}
+
PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
proxy_conn_rec *conn,
proxy_worker *worker,
server_rec *s)
{
apr_status_t rv;
- int connected = 0;
int loglevel;
apr_sockaddr_t *backend_addr = conn->addr;
/* the local address to use for the outgoing connection */
@@ -2654,29 +2744,12 @@ PROXY_DECLARE(int) ap_proxy_connect_back
proxy_server_conf *conf =
(proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
- if (conn->sock) {
- if (!(connected = ap_proxy_is_socket_connected(conn->sock))) {
- /* This clears conn->scpool (and associated data), so backup and
- * restore any ssl_hostname for this connection set earlier by
- * ap_proxy_determine_connection().
- */
- char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
- if (!conn->ssl_hostname || PROXY_STRNCPY(ssl_hostname,
- conn->ssl_hostname)) {
- ssl_hostname[0] = '\0';
- }
-
- socket_cleanup(conn);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
- "%s: backend socket is disconnected.",
- proxy_function);
-
- if (ssl_hostname[0]) {
- conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
- }
- }
+ rv = ap_proxy_check_connection(proxy_function, conn, s, 0, 0);
+ if (rv == APR_EINVAL) {
+ return DECLINED;
}
- while ((backend_addr || conn->uds_path) && !connected) {
+
+ while (rv != APR_SUCCESS && (backend_addr || conn->uds_path)) {
#if APR_HAVE_SYS_UN_H
if (conn->uds_path)
{
@@ -2848,9 +2921,8 @@ PROXY_DECLARE(int) ap_proxy_connect_back
}
}
}
-
- connected = 1;
}
+
if (PROXY_WORKER_IS_USABLE(worker)) {
/*
* Put the entire worker to error state if
@@ -2858,7 +2930,7 @@ PROXY_DECLARE(int) ap_proxy_connect_back
* Although some connections may be alive
* no further connections to the worker could be made
*/
- if (!connected) {
+ if (rv != APR_SUCCESS) {
if (!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) {
worker->s->error_time = apr_time_now();
worker->s->status |= PROXY_WORKER_IN_ERROR;
@@ -2879,7 +2951,6 @@ PROXY_DECLARE(int) ap_proxy_connect_back
worker->s->error_time = 0;
worker->s->retries = 0;
}
- return connected ? OK : DECLINED;
}
else {
/*
@@ -2887,11 +2958,13 @@ PROXY_DECLARE(int) ap_proxy_connect_back
* e.g. for a timeout or bad status. We should respect this and should
* not continue with a connection via this worker even if we got one.
*/
- if (connected) {
+ if (rv == APR_SUCCESS) {
socket_cleanup(conn);
}
- return DECLINED;
+ rv = APR_EINVAL;
}
+
+ return rv == APR_SUCCESS ? OK : DECLINED;
}
static apr_status_t connection_shutdown(void *theconn)
@@ -2936,6 +3009,7 @@ PROXY_DECLARE(int) ap_proxy_connection_c
}
bucket_alloc = apr_bucket_alloc_create(conn->scpool);
+ conn->tmp_bb = apr_brigade_create(conn->scpool, bucket_alloc);
/*
* The socket is now open, create a new backend server connection
*/
@@ -3469,7 +3543,7 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbr
*
* The HTTP/1.1 Via: header is designed for passing client
* information through proxies to a server, and should be used in
- * a forward proxy configuation instead of X-Forwarded-*. See the
+ * a forward proxy configuration instead of X-Forwarded-*. See the
* ProxyVia option for details.
*/
if (dconf->add_forwarded_headers) {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/slotmem/mod_slotmem_shm.c Mon Nov 14 10:26:31 2016
@@ -753,7 +753,7 @@ static const ap_slotmem_provider_t stora
&slotmem_fgrab
};
-/* make the storage usuable from outside */
+/* make the storage usable from outside */
static const ap_slotmem_provider_t *slotmem_shm_getstorage(void)
{
return (&storage);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/README Mon Nov 14 10:26:31 2016
@@ -59,7 +59,7 @@ DATA STRUCTURES
For an overview how these are related and chained together have a look at the
page in README.dsov.{fig,ps}. It contains overview diagrams for those data
structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
+ a smaller version inside XFig by specifying a magnification on the Export
panel.
INCOMPATIBILITIES
@@ -81,7 +81,7 @@ MAJOR CHANGES
o The DBM based session cache is now based on APR's DBM API only.
o The shared memory based session cache is now based on APR's APIs.
o SSL I/O is now implemented in terms of filters rather than BUFF
- o Eliminated ap_global_ctx. Storing Persistant information in
+ o Eliminated ap_global_ctx. Storing Persistent information in
process_rec->pool->user_data. The ssl_pphrase_Handle_CB() and
ssl_config_global_* () functions have an extra parameter now -
"server_rec *" - which is used to retrieve the SSLModConfigRec.
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_init.c Mon Nov 14 10:26:31 2016
@@ -1005,7 +1005,7 @@ static apr_status_t ssl_init_ctx_cert_ch
* SSLCACertificateFile and also use client authentication mod_ssl
* would accept all clients also issued by this CA. Obviously this
* isn't what we want in this situation. So this feature here exists
- * to allow one to explicity configure CA certificates which are
+ * to allow one to explicitly configure CA certificates which are
* used only for the server certificate chain.
*/
if (!chain) {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_io.c Mon Nov 14 10:26:31 2016
@@ -224,7 +224,7 @@ static int bio_filter_out_write(BIO *bio
*
* Historically, this flush call was performed only for an SSLv2
* connection or for a proxy connection. Calling _out_flush can
- * be expensive in cases where requests/reponses are pipelined,
+ * be expensive in cases where requests/responses are pipelined,
* so limit the performance impact to handshake time.
*/
#if OPENSSL_VERSION_NUMBER < 0x0009080df
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_kernel.c Mon Nov 14 10:26:31 2016
@@ -1021,7 +1021,7 @@ int ssl_hook_Access(request_rec *r)
return HTTP_FORBIDDEN;
}
- /* Full renegotiation successfull, we now have handshaken with
+ /* Full renegotiation successful, we now have handshaken with
* this server's parameters.
*/
sslconn->server = r->server;
@@ -1163,7 +1163,7 @@ int ssl_hook_Access(request_rec *r)
* Fake a Basic authentication from the X509 client certificate.
*
* This must be run fairly early on to prevent a real authentication from
- * occuring, in particular it must be run before anything else that
+ * occurring, in particular it must be run before anything else that
* authenticates a user. This means that the Module statement for this
* module should be LAST in the Configuration file.
*/
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/modules/ssl/ssl_engine_vars.c Mon Nov 14 10:26:31 2016
@@ -1090,7 +1090,7 @@ apr_array_header_t *ssl_ext_list(apr_poo
}
count = X509_get_ext_count(xs);
- /* Create an array large enough to accomodate every extension. This is
+ /* Create an array large enough to accommodate every extension. This is
* likely overkill, but safe.
*/
array = apr_array_make(p, count, sizeof(char *));
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/bs2000/ebcdic.c Mon Nov 14 10:26:31 2016
@@ -25,7 +25,7 @@ Within the POSIX subsystem, the same cha
"native BS2000", namely EBCDIC.
EBCDIC Table. (Yes, in EBCDIC, the letters 'a'..'z' are not contiguous!)
-This apr_table_t is bijective, i.e. there are no ambigous or duplicate characters
+This apr_table_t is bijective, i.e. there are no ambiguous or duplicate characters
00 00 01 02 03 85 09 86 7f 87 8d 8e 0b 0c 0d 0e 0f *................*
10 10 11 12 13 8f 0a 08 97 18 19 9c 9d 1c 1d 1e 1f *................*
20 80 81 82 83 84 92 17 1b 88 89 8a 8b 8c 05 06 07 *................*
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/netware/pre_nw.h Mon Nov 14 10:26:31 2016
@@ -55,7 +55,7 @@
#endif
#endif
-/* C9X defintion used by MSL C++ library */
+/* C9X definition used by MSL C++ library */
#define DECIMAL_DIG 17
/* some code may want to use the MS convention for long long */
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/os/win32/ap_regkey.c Mon Nov 14 10:26:31 2016
@@ -488,7 +488,7 @@ AP_DECLARE(apr_status_t) ap_regkey_value
#if APR_HAS_ANSI_FS
ELSE_WIN_OS_IS_ANSI
{
- /* Small possiblity the array is either unterminated
+ /* Small possibility the array is either unterminated
* or single NULL terminated. Avert.
*/
buf = (char *)value;
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/config.c Mon Nov 14 10:26:31 2016
@@ -15,7 +15,7 @@
*/
/*
- * http_config.c: once was auxillary functions for reading httpd's config
+ * http_config.c: once was auxiliary functions for reading httpd's config
* file and converting filenames into a namespace
*
* Rob McCool
@@ -737,7 +737,7 @@ AP_DECLARE(void) ap_remove_loaded_module
*
* Note: 1. We cannot determine if the module was successfully
* removed by ap_remove_module().
- * 2. We have not to complain explicity when the module
+ * 2. We have not to complain explicitly when the module
* is not found because ap_remove_module() did it
* for us already.
*/
@@ -1326,7 +1326,7 @@ static const char *ap_walk_config_sub(co
if (retval != NULL && strcmp(retval, DECLINE_CMD) != 0) {
/* If the directive in error has already been set, don't
* replace it. Otherwise, an error inside a container
- * will be reported as occuring on the first line of the
+ * will be reported as occurring on the first line of the
* container.
*/
if (!parms->err_directive) {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/core.c Mon Nov 14 10:26:31 2016
@@ -453,6 +453,10 @@ static void *create_core_server_config(a
#if APR_HAS_SO_ACCEPTFILTER
apr_table_setn(conf->accf_map, "http", ACCEPT_FILTER_NAME);
apr_table_setn(conf->accf_map, "https", "dataready");
+#elif defined(WIN32)
+ /* 'data' is disabled on Windows due to a DoS vuln (PR 59970) */
+ apr_table_setn(conf->accf_map, "http", "connect");
+ apr_table_setn(conf->accf_map, "https", "connect");
#else
apr_table_setn(conf->accf_map, "http", "data");
apr_table_setn(conf->accf_map, "https", "data");
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/gen_test_char.c Mon Nov 14 10:26:31 2016
@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
* since Win32/OS2 use carets or doubled-double quotes,
* and neither lf nor cr can be escaped. We escape unix
* specific as well, to assure that cross-compiled unix
- * applications behave similiarly when invoked on win32/os2.
+ * applications behave similarly when invoked on win32/os2.
*
* Rem please keep in-sync with apr's list in win32/filesys.c
*/
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/listen.c Mon Nov 14 10:26:31 2016
@@ -763,7 +763,7 @@ AP_DECLARE(void) ap_listen_pre_config(vo
/* Check once whether or not SO_REUSEPORT is supported. */
if (ap_have_so_reuseport < 0) {
/* This is limited to Linux with defined SO_REUSEPORT (ie. 3.9+) for
- * now since the implementation evenly distributes connections accross
+ * now since the implementation evenly distributes connections across
* all the listening threads/processes.
*
* *BSDs have SO_REUSEPORT too but with a different semantic: the first
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/event/event.c Mon Nov 14 10:26:31 2016
@@ -347,7 +347,7 @@ typedef struct event_retained_data {
#endif
int hold_off_on_exponential_spawning;
/*
- * Current number of listeners buckets and maximum reached accross
+ * Current number of listeners buckets and maximum reached across
* restarts (to size retained data according to dynamic num_buckets,
* eg. idle_spawn_rate).
*/
@@ -2065,7 +2065,7 @@ static void *APR_THREAD_FUNC start_threa
}
/* Create the main pollset */
- for (i = 0; i < sizeof(good_methods) / sizeof(void*); i++) {
+ for (i = 0; i < sizeof(good_methods) / sizeof(good_methods[0]); i++) {
rv = apr_pollset_create_ex(&event_pollset,
threads_per_child*2, /* XXX don't we need more, to handle
* connections in K-A or lingering
@@ -2830,7 +2830,7 @@ static int event_run(apr_pool_t * _pconf
if (ap_daemons_to_start < num_buckets)
ap_daemons_to_start = num_buckets;
/* We want to create as much children at a time as the number of buckets,
- * so to optimally accept connections (evenly distributed accross buckets).
+ * so to optimally accept connections (evenly distributed across buckets).
* Thus min_spare_threads should at least maintain num_buckets children,
* and max_spare_threads allow num_buckets more children w/o triggering
* immediately (e.g. num_buckets idle threads margin, one per bucket).
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/prefork/prefork.c Mon Nov 14 10:26:31 2016
@@ -703,7 +703,7 @@ static void child_main(int child_num_arg
SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */
if (status == APR_EGENERAL) {
- /* resource shortage or should-not-occur occured */
+ /* resource shortage or should-not-occur occurred */
clean_child_exit(APEXIT_CHILDSICK);
}
else if (status != APR_SUCCESS) {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/child.c Mon Nov 14 10:26:31 2016
@@ -136,10 +136,17 @@ static void mpm_recycle_completion_conte
* state so -don't- close it.
*/
if (context) {
+ HANDLE saved_event;
+
apr_pool_clear(context->ptrans);
context->ba = apr_bucket_alloc_create(context->ptrans);
context->next = NULL;
+
+ saved_event = context->overlapped.hEvent;
+ memset(&context->overlapped, 0, sizeof(context->overlapped));
+ context->overlapped.hEvent = saved_event;
ResetEvent(context->overlapped.hEvent);
+
apr_thread_mutex_lock(qlock);
if (qtail) {
qtail->next = context;
@@ -323,8 +330,13 @@ static unsigned int __stdcall winnt_acce
"no known accept filter. Using 'none' instead",
lr->protocol);
}
- else if (strcmp(accf_name, "data") == 0)
- accf = 2;
+ else if (strcmp(accf_name, "data") == 0) {
+ accf = 1;
+ accf_name = "connect";
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
+ APLOGNO(03458) "winnt_accept: 'data' accept filter is no "
+ "longer supported. Using 'connect' instead");
+ }
else if (strcmp(accf_name, "connect") == 0)
accf = 1;
else if (strcmp(accf_name, "none") == 0)
@@ -350,7 +362,7 @@ static unsigned int __stdcall winnt_acce
}
#endif
- if (accf > 0) /* 'data' or 'connect' */
+ if (accf > 0) /* 'connect' */
{
if (WSAIoctl(nlsd, SIO_GET_EXTENSION_FUNCTION_POINTER,
&GuidAcceptEx, sizeof GuidAcceptEx,
@@ -376,7 +388,7 @@ static unsigned int __stdcall winnt_acce
}
else /* accf == 0, 'none' */
{
-reinit: /* target of data or connect upon too many AcceptEx failures */
+reinit: /* target of connect upon too many AcceptEx failures */
/* last, low priority event is a not yet accepted connection */
events[0] = exit_event;
@@ -421,9 +433,8 @@ reinit: /* target of data or connect upo
}
}
- if (accf > 0) /* Either 'connect' or 'data' */
+ if (accf > 0) /* 'connect' */
{
- DWORD len;
char *buf;
/* Create and initialize the accept socket */
@@ -453,20 +464,12 @@ reinit: /* target of data or connect upo
continue;
}
- if (accf == 2) { /* 'data' */
- len = APR_BUCKET_BUFF_SIZE;
- buf = apr_bucket_alloc(len, context->ba);
- len -= PADDED_ADDR_SIZE * 2;
- }
- else /* (accf == 1) 'connect' */ {
- len = 0;
- buf = context->buff;
- }
+ buf = context->buff;
/* AcceptEx on the completion context. The completion context will be
* signaled when a connection is accepted.
*/
- if (!lpfnAcceptEx(nlsd, context->accept_socket, buf, len,
+ if (!lpfnAcceptEx(nlsd, context->accept_socket, buf, 0,
PADDED_ADDR_SIZE, PADDED_ADDR_SIZE, &BytesRead,
&context->overlapped)) {
rv = apr_get_netos_error();
@@ -476,8 +479,6 @@ reinit: /* target of data or connect upo
* 1) the client disconnects early
* 2) handshake was incomplete
*/
- if (accf == 2)
- apr_bucket_free(buf);
closesocket(context->accept_socket);
context->accept_socket = INVALID_SOCKET;
continue;
@@ -492,8 +493,6 @@ reinit: /* target of data or connect upo
* 3) the dynamic address / adapter has changed
* Give five chances, then fall back on AcceptFilter 'none'
*/
- if (accf == 2)
- apr_bucket_free(buf);
closesocket(context->accept_socket);
context->accept_socket = INVALID_SOCKET;
++err_count;
@@ -513,8 +512,6 @@ reinit: /* target of data or connect upo
}
else if ((rv != APR_FROM_OS_ERROR(ERROR_IO_PENDING)) &&
(rv != APR_FROM_OS_ERROR(WSA_IO_PENDING))) {
- if (accf == 2)
- apr_bucket_free(buf);
closesocket(context->accept_socket);
context->accept_socket = INVALID_SOCKET;
++err_count;
@@ -555,14 +552,10 @@ reinit: /* target of data or connect upo
/* exit_event triggered or event handle was closed */
closesocket(context->accept_socket);
context->accept_socket = INVALID_SOCKET;
- if (accf == 2)
- apr_bucket_free(buf);
break;
}
if (context->accept_socket == INVALID_SOCKET) {
- if (accf == 2)
- apr_bucket_free(buf);
continue;
}
}
@@ -585,28 +578,9 @@ reinit: /* target of data or connect upo
/* Get the local & remote address
* TODO; error check
*/
- lpfnGetAcceptExSockaddrs(buf, len, PADDED_ADDR_SIZE, PADDED_ADDR_SIZE,
+ lpfnGetAcceptExSockaddrs(buf, 0, PADDED_ADDR_SIZE, PADDED_ADDR_SIZE,
&context->sa_server, &context->sa_server_len,
&context->sa_client, &context->sa_client_len);
-
- /* For 'data', craft a bucket for our data result
- * and pass to worker_main as context->overlapped.Pointer
- */
- if (accf == 2 && BytesRead)
- {
- apr_bucket *b;
- b = apr_bucket_heap_create(buf, APR_BUCKET_BUFF_SIZE,
- apr_bucket_free, context->ba);
- /* Adjust the bucket to refer to the actual bytes read */
- b->length = BytesRead;
- context->overlapped.Pointer = b;
- }
- else {
- if (accf == 2) {
- apr_bucket_free(buf);
- }
- context->overlapped.Pointer = NULL;
- }
}
else /* (accf = 0) e.g. 'none' */
{
@@ -680,7 +654,6 @@ reinit: /* target of data or connect upo
* os_sock_make and os_sock_put that it does not query).
*/
WSAEventSelect(context->accept_socket, 0, 0);
- context->overlapped.Pointer = NULL;
err_count = 0;
context->sa_server_len = sizeof(context->buff) / 2;
@@ -785,24 +758,6 @@ static winnt_conn_ctx_t *winnt_get_conne
return context;
}
-apr_status_t winnt_insert_network_bucket(conn_rec *c,
- apr_bucket_brigade *bb,
- apr_socket_t *socket)
-{
- apr_bucket *e;
- winnt_conn_ctx_t *context = ap_get_module_config(c->conn_config,
- &mpm_winnt_module);
- if (context == NULL || (e = context->overlapped.Pointer) == NULL)
- return AP_DECLINED;
-
- /* seed the brigade with AcceptEx read heap bucket */
- APR_BRIGADE_INSERT_HEAD(bb, e);
- /* also seed the brigade with the client socket. */
- e = apr_bucket_socket_create(socket, c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
- return APR_SUCCESS;
-}
-
/*
* worker_main()
* Main entry point for the worker threads. Worker threads block in
@@ -816,8 +771,6 @@ static DWORD __stdcall worker_main(void
winnt_conn_ctx_t *context = NULL;
int thread_num = (int)thread_num_val;
ap_sb_handle_t *sbh;
- apr_bucket *e;
- int rc;
conn_rec *c;
apr_int32_t disconnected;
@@ -843,8 +796,6 @@ static DWORD __stdcall worker_main(void
}
}
- e = context->overlapped.Pointer;
-
ap_create_sb_handle(&sbh, context->ptrans, 0, thread_num);
c = ap_run_create_connection(context->ptrans, ap_server_conf,
context->sock, thread_num, sbh,
@@ -853,9 +804,6 @@ static DWORD __stdcall worker_main(void
if (!c) {
/* ap_run_create_connection closes the socket on failure */
context->accept_socket = INVALID_SOCKET;
- if (e) {
- apr_bucket_free(e);
- }
continue;
}
@@ -863,26 +811,7 @@ static DWORD __stdcall worker_main(void
apr_os_thread_put(&thd, &osthd, context->ptrans);
c->current_thread = thd;
- /* follow ap_process_connection(c, context->sock) logic
- * as it left us no chance to reinject our first data bucket.
- */
- ap_update_vhost_given_ip(c);
-
- rc = ap_run_pre_connection(c, context->sock);
- if (rc != OK && rc != DONE) {
- c->aborted = 1;
- }
-
- if (e && c->aborted) {
- apr_bucket_free(e);
- }
- else {
- ap_set_module_config(c->conn_config, &mpm_winnt_module, context);
- }
-
- if (!c->aborted) {
- ap_run_process_connection(c);
- }
+ ap_process_connection(c, context->sock);
apr_socket_opt_get(context->sock, APR_SO_DISCONNECTED, &disconnected);
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.c Mon Nov 14 10:26:31 2016
@@ -1004,7 +1004,7 @@ static void winnt_rewrite_args(process_r
* -k config
* -k uninstall
* -k stop
- * -k shutdown (same as -k stop). Maintained for backward compatability.
+ * -k shutdown (same as -k stop). Maintained for backward compatibility.
*
* We can't leave this phase until we know our identity
* and modify the command arguments appropriately.
@@ -1050,7 +1050,7 @@ static void winnt_rewrite_args(process_r
my_pid = GetCurrentProcessId();
parent_pid = (DWORD) atol(pid);
- /* Prevent holding open the (nonexistant) console */
+ /* Prevent holding open the (nonexistent) console */
ap_real_exit_code = 0;
/* The parent gave us stdin, we need to remember this
@@ -1769,8 +1769,6 @@ static void winnt_hooks(apr_pool_t *p)
ap_hook_mpm(winnt_run, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_mpm_query(winnt_query, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_mpm_get_name(winnt_get_name, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_insert_network_bucket(winnt_insert_network_bucket, NULL, NULL,
- APR_HOOK_MIDDLE);
}
AP_DECLARE_MODULE(mpm_winnt) = {
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/mpm_winnt.h Mon Nov 14 10:26:31 2016
@@ -91,9 +91,6 @@ void hold_console_open_on_error(void);
/* From child.c: */
void child_main(apr_pool_t *pconf, DWORD parent_pid);
-apr_status_t winnt_insert_network_bucket(conn_rec *c,
- apr_bucket_brigade *bb,
- apr_socket_t *socket);
#endif /* APACHE_MPM_WINNT_H */
/** @} */
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/winnt/service.c Mon Nov 14 10:26:31 2016
@@ -104,7 +104,7 @@ static APR_INLINE SC_HANDLE OpenSCManage
*
* If ap_real_exit_code is reset to 0, it will not be set or trigger this
* behavior on exit. All service and child processes are expected to
- * reset this flag to zero to avoid undesireable side effects.
+ * reset this flag to zero to avoid undesirable side effects.
*/
AP_DECLARE_DATA int ap_real_exit_code = 1;
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm/worker/worker.c Mon Nov 14 10:26:31 2016
@@ -168,7 +168,7 @@ typedef struct worker_retained_data {
#endif
int hold_off_on_exponential_spawning;
/*
- * Current number of listeners buckets and maximum reached accross
+ * Current number of listeners buckets and maximum reached across
* restarts (to size retained data according to dynamic num_buckets,
* eg. idle_spawn_rate).
*/
@@ -1837,7 +1837,7 @@ static int worker_run(apr_pool_t *_pconf
if (ap_daemons_to_start < num_buckets)
ap_daemons_to_start = num_buckets;
/* We want to create as much children at a time as the number of buckets,
- * so to optimally accept connections (evenly distributed accross buckets).
+ * so to optimally accept connections (evenly distributed across buckets).
* Thus min_spare_threads should at least maintain num_buckets children,
* and max_spare_threads allow num_buckets more children w/o triggering
* immediately (e.g. num_buckets idle threads margin, one per bucket).
Modified: httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c?rev=1769588&r1=1769587&r2=1769588&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c (original)
+++ httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/server/mpm_unix.c Mon Nov 14 10:26:31 2016
@@ -787,7 +787,10 @@ int ap_signal_server(int *exit_status, a
status = "httpd (no pid file) not running";
}
else {
- if (kill(otherpid, 0) == 0) {
+ /* With containerization, httpd may get the same PID at each startup,
+ * handle it as if it were not running (it obviously can't).
+ */
+ if (otherpid != getpid() && kill(otherpid, 0) == 0) {
running = 1;
status = apr_psprintf(pconf,
"httpd (pid %" APR_PID_T_FMT ") already "