You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2016/12/26 21:42:26 UTC
svn commit: r1776076 - in /httpd/httpd/trunk:
docs/manual/mod/mod_proxy_protocol.xml modules/filters/mod_proxy_protocol.c
Author: jim
Date: Mon Dec 26 21:42:26 2016
New Revision: 1776076
URL: http://svn.apache.org/viewvc?rev=1776076&view=rev
Log:
revert back... no conflict w/ name
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml
httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c
Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml?rev=1776076&r1=1776075&r2=1776076&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml Mon Dec 26 21:42:26 2016
@@ -52,14 +52,14 @@
<seealso><a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">Proxy Protocol Spec</a></seealso>
<directivesynopsis>
-<name>ProxyProtocolFilter </name>
+<name>ProxyProtocol </name>
<description>Enable or disable the proxy protocol handling</description>
-<syntax>ProxyProtocolFilter On|Off</syntax>
+<syntax>ProxyProtocol On|Off</syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<usage>
- <p>The <directive>ProxyProtocolFilter</directive> enables or disables the
+ <p>The <directive>ProxyProtocol</directive> enables or disables the
reading and handling of the proxy protocol connection header. If enabled
the upstream client <em>must</em> send the header every time it opens a
connection or the connection will get aborted.</p>
@@ -75,7 +75,7 @@
notice will be logged indicating which setting was being overridden.</p>
<highlight language="config">
- ProxyProtocolFilter On
+ ProxyProtocol On
</highlight>
</usage>
</directivesynopsis>
Modified: httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c?rev=1776076&r1=1776075&r2=1776076&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c Mon Dec 26 21:42:26 2016
@@ -128,7 +128,7 @@ static void pp_warn_enable_conflict(pp_a
apr_sockaddr_ip_getbuf(buf, sizeof(buf), prev->addr);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, new,
- "ProxyProtocolFilter: previous setting for %s:%hu from virtual "
+ "ProxyProtocol: previous setting for %s:%hu from virtual "
"host {%s:%hu in %s} is being overriden by virtual host "
"{%s:%hu in %s}; new setting is '%s'",
buf, prev->addr->port, prev->source->server_hostname,
@@ -202,19 +202,19 @@ static int pp_hook_post_config(apr_pool_
for (info = conf->enabled; info; info = info->next) {
apr_sockaddr_ip_getbuf(buf, sizeof(buf), info->addr);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "ProxyProtocolFilter: enabled on %s:%hu", buf, info->addr->port);
+ "ProxyProtocol: enabled on %s:%hu", buf, info->addr->port);
}
for (info = conf->disabled; info; info = info->next) {
apr_sockaddr_ip_getbuf(buf, sizeof(buf), info->addr);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "ProxyProtocolFilter: disabled on %s:%hu", buf, info->addr->port);
+ "ProxyProtocol: disabled on %s:%hu", buf, info->addr->port);
}
return OK;
}
static const command_rec proxy_protocol_cmds[] = {
- AP_INIT_FLAG("ProxyProtocolFilter", pp_enable_proxy_protocol, NULL, RSRC_CONF,
+ AP_INIT_FLAG("ProxyProtocol", pp_enable_proxy_protocol, NULL, RSRC_CONF,
"Enable proxy-protocol handling (`on', `off')"),
{ NULL }
};
@@ -321,7 +321,7 @@ static int pp_hook_pre_connection(conn_r
}
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
- "ProxyProtocolFilter: enabled on connection to %s:%hu",
+ "ProxyProtocol: enabled on connection to %s:%hu",
c->local_ip, c->local_addr->port);
/* this holds the resolved proxy info for this connection */
@@ -370,7 +370,7 @@ static pp_parse_status_t pp_process_v1_h
word = apr_strtok(NULL, " ", &saveptr); \
if (!word) { \
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, \
- "ProxyProtocolFilter: no " field " found in header '%s'", \
+ "ProxyProtocol: no " field " found in header '%s'", \
hdr->v1.line); \
return HDR_ERROR; \
}
@@ -405,7 +405,7 @@ static pp_parse_status_t pp_process_v1_h
}
else {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
- "ProxyProtocolFilter: unknown family '%s' in header '%s'",
+ "ProxyProtocol: unknown family '%s' in header '%s'",
word, hdr->v1.line);
return HDR_ERROR;
}
@@ -415,7 +415,7 @@ static pp_parse_status_t pp_process_v1_h
if (strspn(word, valid_addr_chars) != strlen(word)) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
- "ProxyProtocolFilter: invalid client-address '%s' found in "
+ "ProxyProtocol: invalid client-address '%s' found in "
"header '%s'", word, hdr->v1.line);
return HDR_ERROR;
}
@@ -429,7 +429,7 @@ static pp_parse_status_t pp_process_v1_h
GET_NEXT_WORD("client-port")
if (sscanf(word, "%hu", &port) != 1) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
- "ProxyProtocolFilter: error parsing port '%s' in header '%s'",
+ "ProxyProtocol: error parsing port '%s' in header '%s'",
word, hdr->v1.line);
return HDR_ERROR;
}
@@ -443,7 +443,7 @@ static pp_parse_status_t pp_process_v1_h
if (ret != APR_SUCCESS) {
conn_conf->client_addr = NULL;
ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, c,
- "ProxyProtocolFilter: error converting family '%d', host '%s',"
+ "ProxyProtocol: error converting family '%d', host '%s',"
" and port '%hu' to sockaddr; header was '%s'",
family, host, port, hdr->v1.line);
return HDR_ERROR;
@@ -483,7 +483,7 @@ static pp_parse_status_t pp_process_v2_h
if (ret != APR_SUCCESS) {
conn_conf->client_addr = NULL;
ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, c,
- "ProxyProtocolFilter: error creating sockaddr");
+ "ProxyProtocol: error creating sockaddr");
return HDR_ERROR;
}
@@ -499,7 +499,7 @@ static pp_parse_status_t pp_process_v2_h
if (ret != APR_SUCCESS) {
conn_conf->client_addr = NULL;
ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, c,
- "ProxyProtocolFilter: error creating sockaddr");
+ "ProxyProtocol: error creating sockaddr");
return HDR_ERROR;
}
@@ -520,7 +520,7 @@ static pp_parse_status_t pp_process_v2_h
default:
/* not a supported command */
ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, c,
- "ProxyProtocolFilter: unsupported command %.2hx",
+ "ProxyProtocol: unsupported command %.2hx",
hdr->v2.ver_cmd);
return HDR_ERROR;
}
@@ -530,7 +530,7 @@ static pp_parse_status_t pp_process_v2_h
if (ret != APR_SUCCESS) {
conn_conf->client_addr = NULL;
ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, c,
- "ProxyProtocolFilter: error converting address to string");
+ "ProxyProtocol: error converting address to string");
return HDR_ERROR;
}
@@ -554,7 +554,7 @@ static int pp_determine_version(conn_rec
}
else {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
- "ProxyProtocolFilter: no valid header found");
+ "ProxyProtocol: no valid header found");
return -1;
}
}
@@ -664,7 +664,7 @@ static apr_status_t pp_input_filter(ap_f
}
else {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c,
- "ProxyProtocolFilter: internal error: unknown version "
+ "ProxyProtocol: internal error: unknown version "
"%d", ctx->version);
f->c->aborted = 1;
apr_brigade_destroy(ctx->bb);
@@ -689,12 +689,12 @@ static apr_status_t pp_input_filter(ap_f
/* we only get here when done == 1 */
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c,
- "ProxyProtocolFilter: received valid header: %s:%hu",
+ "ProxyProtocol: received valid header: %s:%hu",
conn_conf->client_ip, conn_conf->client_addr->port);
if (ctx->rcvd > ctx->need || !APR_BRIGADE_EMPTY(ctx->bb)) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c,
- "ProxyProtocolFilter: internal error: have data left over; "
+ "ProxyProtocol: internal error: have data left over; "
" need=%lu, rcvd=%lu, brigade-empty=%d", ctx->need,
ctx->rcvd, APR_BRIGADE_EMPTY(ctx->bb));
f->c->aborted = 1;
Re: svn commit: r1776076 - in /httpd/httpd/trunk:
docs/manual/mod/mod_proxy_protocol.xml modules/filters/mod_proxy_protocol.c
Posted by Jim Jagielski <ji...@jaguNET.com>.
I would simply add a note to the header of mod_remoteip
> On Dec 28, 2016, at 12:23 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
>
> On 12/28/2016 7:49 AM, Jim Jagielski wrote:
>> Sounds good... We could simply move the filter aspects over to
>> mod_remoteip and save us a module :)
>
> This may be a naive question, but how would the copyright for such mixed
> copyright sources be handled in the file for such a case?
>
> --
> Daniel Ruggeri
>
Re: svn commit: r1776076 - in /httpd/httpd/trunk:
docs/manual/mod/mod_proxy_protocol.xml modules/filters/mod_proxy_protocol.c
Posted by Daniel Ruggeri <DR...@primary.net>.
On 12/28/2016 7:49 AM, Jim Jagielski wrote:
> Sounds good... We could simply move the filter aspects over to
> mod_remoteip and save us a module :)
This may be a naive question, but how would the copyright for such mixed
copyright sources be handled in the file for such a case?
--
Daniel Ruggeri
Re: svn commit: r1776076 - in /httpd/httpd/trunk:
docs/manual/mod/mod_proxy_protocol.xml modules/filters/mod_proxy_protocol.c
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Dec 26, 2016, at 10:30 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
>
> On 12/26/2016 3:42 PM, jim@apache.org wrote:
>> Author: jim
>> Date: Mon Dec 26 21:42:26 2016
>> New Revision: 1776076
>>
>> URL: http://svn.apache.org/viewvc?rev=1776076&view=rev
>> Log:
>> revert back... no conflict w/ name
>>
>> Modified:
>> httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml
>> httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c
>> ...
>
> I feel a little dissonance toward this being a separate module versus
> being folded into mod_remoteip. This is mostly since mod_remoteip
> already has a bit more of a comprehensive suite of access checks for
> internal/trusted proxies and is (what I would expect) users would look
> toward first to enable this kind of functionality. The other part is
> that it could also help avoid namespace confusion with the many
> server-side proxy modules since they their module names with mod_proxy_*
> and their directives with Proxy*.
>
> Thoughts?
>
Sounds good... We could simply move the filter aspects over to
mod_remoteip and save us a module :)
Re: svn commit: r1776076 - in /httpd/httpd/trunk:
docs/manual/mod/mod_proxy_protocol.xml modules/filters/mod_proxy_protocol.c
Posted by Daniel Ruggeri <DR...@primary.net>.
On 12/26/2016 3:42 PM, jim@apache.org wrote:
> Author: jim
> Date: Mon Dec 26 21:42:26 2016
> New Revision: 1776076
>
> URL: http://svn.apache.org/viewvc?rev=1776076&view=rev
> Log:
> revert back... no conflict w/ name
>
> Modified:
> httpd/httpd/trunk/docs/manual/mod/mod_proxy_protocol.xml
> httpd/httpd/trunk/modules/filters/mod_proxy_protocol.c
> ...
I feel a little dissonance toward this being a separate module versus
being folded into mod_remoteip. This is mostly since mod_remoteip
already has a bit more of a comprehensive suite of access checks for
internal/trusted proxies and is (what I would expect) users would look
toward first to enable this kind of functionality. The other part is
that it could also help avoid namespace confusion with the many
server-side proxy modules since they their module names with mod_proxy_*
and their directives with Proxy*.
Thoughts?
As a side note, this should probably have checks for APR_HAVE_IPV6
scattered here and there during the address parsing stuff.
--
Daniel Ruggeri
Re: svn commit: r1776076 - in /httpd/httpd/trunk: docs/manual/mod/mod_proxy_protocol.xml
modules/filters/mod_proxy_protocol.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Mon, Dec 26, 2016 at 10:42 PM, <ji...@apache.org> wrote:
> Author: jim
> Date: Mon Dec 26 21:42:26 2016
> New Revision: 1776076
>
> URL: http://svn.apache.org/viewvc?rev=1776076&view=rev
> Log:
> revert back... no conflict w/ name
I think I'd prefer another name than "ProxyProtocol" (on/off...), still.
It may be misleading wrt to named protocols we may handle later for
things like Upgrade forwarding or ALPN on the backend side (even if
we'll/d use something like ProxyUpgradeProtocols or ProxyALPNProtocols
then, booking the simple/generic ProxyProtocol name by now is not
evolutive enough, IMHO).
How about "ProxyProtocolLine on/off"?