Re: httpd 1.3 mod_cgi argv[0]
On 6/26/05, Joe Orton [EMAIL PROTECTED] wrote: On Thu, Jun 23, 2005 at 11:23:55AM +0200, David Welton wrote: 4763 execve(/usr/lib/cgi-bin/protect.cgi, [protect.cgi], [/* 25 vars */]) = 0 My question is this: why doesn't argv[0] get the full path of the file? It's not like the CGI can't figure it out from the cwd and the argv0 it does get. The Tcl folks are wondering why Apache does things this way, and I think it's a reasonable question. The problem for Tcl I think the current behaviour is actually just a fall-out from the way that the code checks whether the script is an nph- script or not (searching for the basename and then comparing against nph-). In 2.0 with mod_cgi, the argv[0] really is set to r-filename as you expect, though the same is not true of mod_cgid. I was sort of hoping one of the 'old timers' might have a recollection of a reason behind this, but I guess it may just be an artifact of how things were originally put together. The 'problem' is pretty obscure and apparently not many people have noticed it. So upgrading to 2.0 is one solution, at least. I'm not sure it would be a great idea to change something this subtle in 1.3 now. Could well be. In any case, Tcl also needs to be 'more liberal with what it accepts' even if that data is not ideal, so a fix should happen there as well. Thankyou, -- David N. Welton - http://www.dedasys.com/davidw/ Apache, Linux, Tcl Consulting - http://www.dedasys.com/
How can shared modules parse the configuration tree(ap_conftree)???
I see that the symbols ap_conftree and ap_top_module are not defined in any header but only in the source code. Mod_info uses this symbols. I need to do something similar to what mod_info does but in a shared module. Is there a way to do it?? The fact that ap_conftree and ap_top_module are not defined in any header does mean that the API is not stable and probably will change??? I need to parse the configuration tree because i would like to chance programmatically the value of a cookie in an input filter. However the right value for the cookie is directory - dependent and per directory configuration is not available in an input filter. So my idea whas to desume the right value parsing the per directory directives i was interested in at module startup. I would like anyway to do this in a shared module, because i would'nt like to distribute a different version of Apache. I have been digging very deeply in Apache source code and i am pretty clueless now. Thanks in advance for your attention. Luca Regini
Re: 2.1.6 is available for veto^H^H^H^Hvoting
In the announce, we should have; proxy HTTP: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length to eliminate an HTTP Request Smuggling vulnerability, and and don't reuse the connection, stopping some HTTP Request Spoofing attacks. The Apache httpd project thanks the Watchfire team of Linhart, Klein, Heled and Orrin for the responsible notification and disclosure of this information. Do we have an incident number for this report as it pertains to the Apache HTTP Server? I agree with Jeff after spending quite a few hours; patches to the proxy now diverge quite radically from 2.0's proxy_http.c. The band aids will land in slightly different places, but we should encourage folks to validate proper proxied header and body transmission. My goal is to tag and roll 2.0 by Friday for release early next week, unless the fixes are ready sooner. There is a list of already-accepted patches in status, if anyone wants to pick some low hanging fruit for 2.0. Bill At 01:08 PM 6/26/2005, Paul Querna wrote: +1 for Alpha from Joe Orton, Brad Nicholes, Wilfredo Sánchez Vega, and Paul Querna. Therefore, I consider 2.1.6-alpha to be released. I have moved the 2.1.6-alpha source files to the dist folder to be picked up by mirrors. I will add it to the download.xml and index.xml for httpd.apache.org later today, after giving the mirrors time to pick it up. Thanks to everyone who tested it, -Paul Paul Querna wrote: Please vote on releasing 2.1.6 as -alpha. Available at: http://httpd.apache.org/dev/dist/ http://people.apache.org/~pquerna/dev/httpd-2.1.6/ MD5 (httpd-2.1.6-alpha.tar.gz) = 4602f254693e64293bdf36c8d066c66b MD5 (httpd-2.1.6-alpha.tar.bz2) = 26f457e6ab945ff1db7378a06aee046a MD5 (httpd-2.1.6-alpha.tar.Z) = 39a7e0e084abc45e51a57a60cde3557b Thanks, Paul
current-testers, stable-testers
At this point both current and stable testers lists contain too little traffic to make them worthwhile to moderate both. I propose; * create a single testers@ list with unsubscribe/info footers. * accepts posts from @apache accounts only * munge reply-to to [EMAIL PROTECTED] where their results may be reacted to promptly. Even if they aren't dev@ subscribers, frequent reporters would be modded 'allow-from' and future moderation wouldn't be required. * initially merge/sort both stable and current testers subscript lists, pre-announce the change and announce it again after. * in the announce, remind folks this list is for pre-release candidate testing, and those that wish to stay abreast of only official releases should seek [EMAIL PROTECTED] Post a second reminder to [EMAIL PROTECTED] altering folks to [EMAIL PROTECTED] (and that there is nothing to do if they already were subscribed to current or stable testers). Thoughts? Bill
event MPM works with mod_ssl
my biggest hurdle in getting the event MPM to work with mod_ssl was learning how to create a self signed server cert with openssl. http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca is very good but refers to a sign.sh script that I couldn't find in httpd-2.x . I assume sign.sh was part of the 1.3 mod_ssl distro when it was separate from httpd. once I got past that, it just worked. my tests were fairly simple. I had pipelining enabled in mozilla and also created a script that did HTTP/1.1 pipelining. if anyone can think of other scenarios I should test with mod_ssl please let me know. here is a server-status: http://people.apache.org/~gregames/server-status.event-ssl.html we do have PR 34040 open which says event is broken on Solaris 10. does anyone have a Solaris 10 box where I can get an ID for testing? Greg
Re: event MPM works with mod_ssl
On Mon, 27 Jun 2005, Greg Ames wrote: my biggest hurdle in getting the event MPM to work with mod_ssl was learning how to create a self signed server cert with openssl. http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca is very good but refers to a sign.sh script that I couldn't find in httpd-2.x . I assume sign.sh was part of the 1.3 mod_ssl distro when it was separate from httpd. That is correct. It was removed intentionally (I think it was someone trying to discourage self-signed certificates?) but the docs were never updated to tell you how to do what it does, which is kind of a bummer. Personally I always just do a google search for sign.sh and use the old one anyway. --Cliff
Re: event MPM works with mod_ssl
Greg Ames wrote: my biggest hurdle in getting the event MPM to work with mod_ssl was learning how to create a self signed server cert with openssl. http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca is very good but refers to a sign.sh script that I couldn't find in httpd-2.x . I assume sign.sh was part of the 1.3 mod_ssl distro when it was separate from httpd. once I got past that, it just worked. my tests were fairly simple. I had pipelining enabled in mozilla and also created a script that did HTTP/1.1 pipelining. if anyone can think of other scenarios I should test with mod_ssl please let me know. Yes... I believe it will 'mostly' work, but the issue becomes tricky once you consider the SSL protocol. The problem is we might have an entire pipe-lined request buffered inside the SSL Packets, and therefore, never trigger the socket to come out of the poll(). For simple test cases, it might work, but I am pretty sure a malicious attack would be easy to create. here is a server-status: http://people.apache.org/~gregames/server-status.event-ssl.html we do have PR 34040 open which says event is broken on Solaris 10. does anyone have a Solaris 10 box where I can get an ID for testing? The ASF has Helios, a quad opteron running solaris 10. httpd has requested a Zone on there, but one has not been created yet... -paul
Re: mod_python docs appendix A - changes in 3.2
Nicolas Lehuen wrote: BTW, there's a new feature in JIRA, now : it looks like if a MODPYTHON-xx bug number is inserted into a subversion commit message, the commit is reference in a Subversion commit tab in the bug page. Example : http://issues.apache.org/jira/browse/MODPYTHON-48 You pointed that out previously, so I've been making a point of doing it with my commits. However, JIRA does not seem to send these commit comments to the mailing list in the same way it does regular comments. For some reason, the last couple of commits I've made have not been picked up by JIRA, in spite of referencing the issue in the commit message. eg. MODPYTHON-45 - JIRA picked up the commit message MODPYTHON-58 - JIRA missed it. Odd. JIRA was really slow or inaccessible last week. Over the weekend it was better, but it seems to me that the performance improvement coincided with it ignoring the subversion commits. Did something change? Jim
JIRA administration
Scott, How can we add users to the mod_python project ? I'd like to assign some fixes to Graham or Jim but only you and me are listed in the various combo boxes... Regards, Nicolas
Re: How can shared modules parse the configuration tree(ap_conftree)???
On 27-Jun-05, at 4:47 AM, luca regini wrote: I see that the symbols ap_conftree and ap_top_module are not defined in any header but only in the source code. Mod_info uses this symbols. I need to do something similar to what mod_info does but in a shared module. Is there a way to do it?? The fact that ap_conftree and ap_top_module are not defined in any header does mean that the API is not stable and probably will change??? I need to parse the configuration tree because i would like to chance programmatically the value of a cookie in an input filter. However the right value for the cookie is directory - dependent and per directory configuration is not available in an input filter. So my idea whas to desume the right value parsing the per directory directives i was interested in at module startup. That's a really bad idea. The fact that it is difficult should be a good hint that it is contrary to the design of Apache. I gather the problem you're running into is that the headers are read before the configuration merge is done (for reasons I think are pretty obvious). However, cookies are certainly not used until the configuration merge is done. So why not do whatever you want to do with the cookies in a hook which runs at an appropriate time? There are lots to choose from. The input filter could put whatever information it wanted to pass to the hook in the module's per-request structure.
Re: event MPM works with mod_ssl
Paul Querna wrote: Yes... I believe it will 'mostly' work, but the issue becomes tricky once you consider the SSL protocol. The problem is we might have an entire pipe-lined request buffered inside the SSL Packets, and therefore, never trigger the socket to come out of the poll(). For simple test cases, it might work, but I am pretty sure a malicious attack would be easy to create. hmmm...I assume the poll() on the listening socket works ok or worker would be busted too. then as long as we call the input filters to read the request without poll()ing first to see if the new SSL socket is readable, we should be ok. if we completely drain the input filters, we should be reading from the SSL input filters at the same time, so then it should be safe to poll(). or have I missed something? we do have PR 34040 open which says event is broken on Solaris 10. does anyone have a Solaris 10 box where I can get an ID for testing? The ASF has Helios, a quad opteron running solaris 10. httpd has requested a Zone on there, but one has not been created yet... could you let me/us know when this is set up? I unsubscribed from infrastructure@ due to the high volume of my id is broken posts. thanks, Greg
Re: event MPM works with mod_ssl
Joe Orton wrote: You can create a self-signed cert for mod_ssl testing with just one command: openssl req -x509 -nodes -new -out foo.cert -keyout foo.key the docs are a bit too helpful there really. thanks Joe! this looks like a time saver. Greg
Re: 2.1.6 is available for veto^H^H^H^Hvoting
On 6/27/05, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: My goal is to tag and roll 2.0 by Friday for release early next week, unless the fixes are ready sooner. There is a list of already-accepted patches in status, if anyone wants to pick some low hanging fruit for 2.0. I have a tested proxy smuggling patch for 2.0 which I'll upload to people.apache.org and add to STATUS. It is somewhere amidst the 2.1.5 or 2.1.6 messages.
Re: BUG: Apache::Cookie saving expired data
David Robins [EMAIL PROTECTED] writes: C programmers will probably see what's wrong here: copying a volatile pointer (aliasing bug). The char* comes from SvPV_nolen(), which points into the SV, in this case $v from the 'each'. When $v changes, so will the value of path. When $v goes out of scope and its PV gets freed, 'val' will be overwritten by whatever uses the space. The same problem occurs in the other generated char* functions, e.g. domain, port, comment, etc. Exactly- that's another bug we inherited from ExtUtils::XSBuilder, but our current svn trunk includes a fix for that. -- Joe Schaefer
2.0.55, WAS: Re: 2.1.6 is available for veto^H^H^H^Hvoting
William A. Rowe, Jr. wrote: [...] My goal is to tag and roll 2.0 by Friday for release early next week, unless the fixes are ready sooner. There is a list of already-accepted patches in status, if anyone wants to pick some low hanging fruit for 2.0. Bill, are you volunteering for RM? I'm happy to RM FWIW, and do the 2.0.55 TR on friday. Which, by the way, will imply release around wednesday the following week given our regular own dogfood test. Thanks, Sander
Re: Rev 1: [PATCH] 1.3 TraceEnable [on|off|extended]
Shouldn't set_allow_header be static?
error
A bit off-topic, but I posted the same e-mail to the users@ mailing list earlier last week... but nobody could help me there... and since most developers are here... anyways, here it goes: Does anybody know what is this error all about? I got the same error in all combinations of these: - freebsd 5.3 and 5.4. - apache 2.0.53 and 2.0.54 - freebsd make and gmake gmake[4]: Entering directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' /home/admin2/src/httpd-2.0.54/srclib/apr/libtool --silent --mode=compile cc -g -O2-D_REENTRANT -D_THREAD_SAFE -DAP_HAVE_DESIGNATED_INITIALIZER -I/home/admin2/src/httpd-2.0.54/srclib/apr/include -I/home/admin2/src/httpd-2.0.54/srclib/apr-util/include -I/usr/local/include -I. -I/home/admin2/src/httpd-2.0.54/os/unix -I/home/admin2/src/httpd-2.0.54/server/mpm/prefork -I/home/admin2/src/httpd-2.0.54/modules/http -I/home/admin2/src/httpd-2.0.54/modules/filters -I/home/admin2/src/httpd-2.0.54/modules/proxy -I/home/admin2/src/httpd-2.0.54/include -I/home/admin2/src/httpd-2.0.54/modules/generators -I/usr/include/openssl -I/home/admin2/src/httpd-2.0.54/modules/dav/main -prefer-non-pic -static -c prefork.c touch prefork.lo prefork.c:103: error: syntax error before '*' token prefork.c:103: warning: data definition has no type or storage class gmake[4]: *** [prefork.lo] Error 1 gmake[4]: Leaving directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' Thanks
Re: 2.0.55
At 01:12 PM 6/27/2005, Sander Striker wrote: William A. Rowe, Jr. wrote: [...] My goal is to tag and roll 2.0 by Friday for release early next week, unless the fixes are ready sooner. There is a list of already-accepted patches in status, if anyone wants to pick some low hanging fruit for 2.0. Bill, are you volunteering for RM? I'm happy to RM FWIW, and do the 2.0.55 TR on friday. Which, by the way, will imply release around wednesday the following week given our regular own dogfood test. Ack on the force-feeding. Yes I would RM - but would be happy to pass that half of the baton, if you would like to RM the source I'll handle the .zip's/.msi's etc, with you. Bill
Re: 2.0.55
At 12:20 PM 6/27/2005, Jeff Trawick wrote: On 6/27/05, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: My goal is to tag and roll 2.0 by Friday for release early next week, unless the fixes are ready sooner. There is a list of already-accepted patches in status, if anyone wants to pick some low hanging fruit for 2.0. I have a tested proxy smuggling patch for 2.0 which I'll upload to people.apache.org and add to STATUS. It is somewhere amidst the 2.1.5 or 2.1.6 messages. Thanks! The patch raised another question for me. We have the downgrade-1.0 and nokeepalive switches to force the CLIENT connection to skip any spoofing attack. But since 2.0/2.1 mod_proxy now uses keepalives for real, do we have any similar choice for administrators to 'work around' potentially broken back ends? It's certainly not a security hole in Apache. But it would help folks who have insecure back end applications to mitigate the damage. Bill
Re: event MPM works with mod_ssl
At 11:44 AM 6/27/2005, Greg Ames wrote: Paul Querna wrote: Yes... I believe it will 'mostly' work, but the issue becomes tricky once you consider the SSL protocol. The problem is we might have an entire pipe-lined request buffered inside the SSL Packets, and therefore, never trigger the socket to come out of the poll(). For simple test cases, it might work, but I am pretty sure a malicious attack would be easy to create. hmmm...I assume the poll() on the listening socket works ok or worker would be busted too. then as long as we call the input filters to read the request without poll()ing first to see if the new SSL socket is readable, we should be ok. if we completely drain the input filters, we should be reading from the SSL input filters at the same time, so then it should be safe to poll(). or have I missed something? Anyone trying to read from the input brigade better invoke a request non-blocking first, so that any filter down the chain gets a chance to answer. If it's would-block, then perhaps you can poll(), but that's still pretty dicey. I solved this with my bucket_poll suggestion a couple years ago, but it never did gain much traction. In fact; I think poll buckets are required before we can move alot further with the event-style mpm. Although you ***MIGHT*** be blocking on the socket (usually you are), there's another possibility that you are blocking on read from something else in an input filter. The poll meta-bucket was ment to be stackable, so that multiple poll events could percolate up. That way, external_filter sources, etc could all be added to the poll() event. Each filter could keep/drop the previous filters' poll bucket list, depending on if the filter believes there could be side-effects from more data above it. E.g. if the Z filter knows it has enough buffered to be called again, it would drop the poll bucket. When called again, it might finally percolate the poll bucket when it knows it can't return any more data without more input. Bill
Re: Rev 1: [PATCH] 1.3 TraceEnable [on|off|extended]
At 01:16 PM 6/27/2005, JimJag wrote: Shouldn't set_allow_header be static? ewww. so should have make_allow ... Wasn't defined in any header, so I don't suppose it's really breaking ABI to get it right :) Bill
Re: error
On Mon, 27 Jun 2005, Gustavo A. Baratto wrote: prefork.c:103: error: syntax error before '*' token prefork.c:103: warning: data definition has no type or storage class gmake[4]: *** [prefork.lo] Error 1 gmake[4]: Leaving directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' Hmm, I'm not really sure how this never came up before. prefork.c:103 says: static ap_pod_t *pod; struct ap_pod_t is defined in mpm_common.h but only if AP_MPM_USES_POD is defined. server/mpm/prefork/mpm.h does define this symbol. But prefork.c does not include mpm.h at all, whereas it would have to do so prior to including mpm_common.h to pick up the definition of this data type. Anybody have any clue how this compiles at all anywhere?
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
Do we need an entire request? Wouldn't a 'null request' be faster? At 01:40 PM 6/27/2005, [EMAIL PROTECTED] wrote: Author: pquerna Date: Mon Jun 27 11:40:56 2005 New Revision: 202027 URL: http://svn.apache.org/viewcvs?rev=202027view=rev Log: *) server/mpm_common.c: Send a simple HTTP 1.0 request to every listener socket, instead of just closing the socket. This fixes shutdown of the Worker MPM on FreeBSD, when Accept Filters are enabled. In the future, we need a method to send a simple request for all protocols. Currently this is very specific to HTTP and FreeBSD's Accept Filter. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/server/mpm_common.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=202027r1=202026r2=202027view=diff == --- httpd/httpd/trunk/CHANGES (original) +++ httpd/httpd/trunk/CHANGES Mon Jun 27 11:40:56 2005 @@ -1,6 +1,10 @@ Changes with Apache 2.1.7 [Remove entries to the current 2.0 section below, when backported] + *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of + just closing the socket, a HTTP request is made, to make sure the child is + always awakened. [Paul Querna] + Changes with Apache 2.1.6 *) Fix htdbm password validation for records which included comments. Modified: httpd/httpd/trunk/server/mpm_common.c URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/server/mpm_common.c?rev=202027r1=202026r2=202027view=diff == --- httpd/httpd/trunk/server/mpm_common.c (original) +++ httpd/httpd/trunk/server/mpm_common.c Mon Jun 27 11:40:56 2005 @@ -546,6 +546,7 @@ */ static apr_status_t dummy_connection(ap_pod_t *pod) { +const char* srequest = GET / HTTP/1.0\r\n\r\n; apr_status_t rv; apr_socket_t *sock; apr_pool_t *p; @@ -596,6 +597,16 @@ connect to listener on %pI, ap_listeners-bind_addr); } +/* Since some operating systems support buffering of data or entire + * requests in the kernel, we send a simple request, to make sure + * the server pops out of a blocking accept(). + */ +/* XXX: This is HTTP specific. We should look at the Protocol for each + * listener, and send the correct type of request to trigger any Accept + * Filters. + */ +apr_socket_send(sock, srequest, strlen(srequest)); +apr_socket_shutdown(sock, APR_SHUTDOWN_WRITE); apr_socket_close(sock); apr_pool_destroy(p);
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
William A. Rowe, Jr. wrote: Do we need an entire request? Wouldn't a 'null request' be faster? Define 'null request'. We need an entire request to trigger the Accept Filter. Just opening and closing the socket (old behavior) will not pop a child out of the Accept() when Accept Filters or TCP_DEFER_ACCEPT are active. -Paul At 01:40 PM 6/27/2005, [EMAIL PROTECTED] wrote: Author: pquerna Date: Mon Jun 27 11:40:56 2005 New Revision: 202027 URL: http://svn.apache.org/viewcvs?rev=202027view=rev Log: *) server/mpm_common.c: Send a simple HTTP 1.0 request to every listener socket, instead of just closing the socket. This fixes shutdown of the Worker MPM on FreeBSD, when Accept Filters are enabled. In the future, we need a method to send a simple request for all protocols. Currently this is very specific to HTTP and FreeBSD's Accept Filter. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/server/mpm_common.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=202027r1=202026r2=202027view=diff == --- httpd/httpd/trunk/CHANGES (original) +++ httpd/httpd/trunk/CHANGES Mon Jun 27 11:40:56 2005 @@ -1,6 +1,10 @@ Changes with Apache 2.1.7 [Remove entries to the current 2.0 section below, when backported] + *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of + just closing the socket, a HTTP request is made, to make sure the child is + always awakened. [Paul Querna] + Changes with Apache 2.1.6 *) Fix htdbm password validation for records which included comments. Modified: httpd/httpd/trunk/server/mpm_common.c URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/server/mpm_common.c?rev=202027r1=202026r2=202027view=diff == --- httpd/httpd/trunk/server/mpm_common.c (original) +++ httpd/httpd/trunk/server/mpm_common.c Mon Jun 27 11:40:56 2005 @@ -546,6 +546,7 @@ */ static apr_status_t dummy_connection(ap_pod_t *pod) { +const char* srequest = GET / HTTP/1.0\r\n\r\n; apr_status_t rv; apr_socket_t *sock; apr_pool_t *p; @@ -596,6 +597,16 @@ connect to listener on %pI, ap_listeners-bind_addr); } +/* Since some operating systems support buffering of data or entire + * requests in the kernel, we send a simple request, to make sure + * the server pops out of a blocking accept(). + */ +/* XXX: This is HTTP specific. We should look at the Protocol for each + * listener, and send the correct type of request to trigger any Accept + * Filters. + */ +apr_socket_send(sock, srequest, strlen(srequest)); +apr_socket_shutdown(sock, APR_SHUTDOWN_WRITE); apr_socket_close(sock); apr_pool_destroy(p);
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
At 02:10 PM 6/27/2005, Paul Querna wrote: William A. Rowe, Jr. wrote: Do we need an entire request? Wouldn't a 'null request' be faster? Define 'null request'. Would OPTIONS * HTTP/1.[0|1] be more efficient than an actual request? Bill
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
On Mon, Jun 27, 2005 at 06:40:59PM -, Paul Querna wrote: Author: pquerna Date: Mon Jun 27 11:40:56 2005 New Revision: 202027 URL: http://svn.apache.org/viewcvs?rev=202027view=rev Log: *) server/mpm_common.c: Send a simple HTTP 1.0 request to every listener socket, instead of just closing the socket. This fixes shutdown of the Worker MPM on FreeBSD, when Accept Filters are enabled. Yow, nice catch! --- httpd/httpd/trunk/server/mpm_common.c (original) +++ httpd/httpd/trunk/server/mpm_common.c Mon Jun 27 11:40:56 2005 @@ -546,6 +546,7 @@ */ static apr_status_t dummy_connection(ap_pod_t *pod) { +const char* srequest = GET / HTTP/1.0\r\n\r\n; Here's your favourite star-space trick ;) apr_status_t rv; apr_socket_t *sock; apr_pool_t *p; @@ -596,6 +597,16 @@ connect to listener on %pI, ap_listeners-bind_addr); } +/* Since some operating systems support buffering of data or entire + * requests in the kernel, we send a simple request, to make sure + * the server pops out of a blocking accept(). + */ +/* XXX: This is HTTP specific. We should look at the Protocol for each + * listener, and send the correct type of request to trigger any Accept + * Filters. + */ +apr_socket_send(sock, srequest, strlen(srequest)); +apr_socket_shutdown(sock, APR_SHUTDOWN_WRITE); Why call shutdown as well as close? close does an implicit shutdown anyway. apr_socket_close(sock); apr_pool_destroy(p);
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
William A. Rowe, Jr. wrote: At 02:10 PM 6/27/2005, Paul Querna wrote: William A. Rowe, Jr. wrote: Do we need an entire request? Wouldn't a 'null request' be faster? Define 'null request'. Would OPTIONS * HTTP/1.[0|1] be more efficient than an actual request? It would work, but it doesn't make any difference. The request is not actually served. The child pops out of accept(), and notices that it needs to die.
Re: event MPM works with mod_ssl
On Mon, Jun 27, 2005 at 08:05:27AM -0700, Paul Querna wrote: The ASF has Helios, a quad opteron running solaris 10. httpd has requested a Zone on there, but one has not been created yet... Unless I hear any complaints, I'll create a zone later today or tomorrow. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall
Re: error
On Mon, Jun 27, 2005 at 02:46:23PM -0400, Cliff Woolley wrote: On Mon, 27 Jun 2005, Gustavo A. Baratto wrote: prefork.c:103: error: syntax error before '*' token prefork.c:103: warning: data definition has no type or storage class gmake[4]: *** [prefork.lo] Error 1 gmake[4]: Leaving directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' Hmm, I'm not really sure how this never came up before. prefork.c:103 says: static ap_pod_t *pod; struct ap_pod_t is defined in mpm_common.h but only if AP_MPM_USES_POD is defined. server/mpm/prefork/mpm.h does define this symbol. But prefork.c does not include mpm.h at all, whereas it would have to do so prior to including mpm_common.h to pick up the definition of this data type. mpm_common.h does itself include mpm.h fortunately, otherwise the ceiling would indeed have fallen in ;) Gustova can you do: cd server/mpm/prefork make CFLAGS=-E prefork.lo and then upload the preprocessed output prefork.o somewhere? Possibly you're picking up an installed mpm.h which was generated for a different MPM, or something like that. joe
Re: error
On Mon, 27 Jun 2005, Joe Orton wrote: mpm_common.h does itself include mpm.h fortunately, otherwise the ceiling would indeed have fallen in ;) Naturally, the one place I didn't look. :) Yeah that explains the lack of cave-ins. ;) Thanks Joe.
Include Paths, was Re: error
Joe Orton wrote: On Mon, Jun 27, 2005 at 02:46:23PM -0400, Cliff Woolley wrote: On Mon, 27 Jun 2005, Gustavo A. Baratto wrote: prefork.c:103: error: syntax error before '*' token prefork.c:103: warning: data definition has no type or storage class gmake[4]: *** [prefork.lo] Error 1 gmake[4]: Leaving directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' Hmm, I'm not really sure how this never came up before. prefork.c:103 says: static ap_pod_t *pod; struct ap_pod_t is defined in mpm_common.h but only if AP_MPM_USES_POD is defined. server/mpm/prefork/mpm.h does define this symbol. But prefork.c does not include mpm.h at all, whereas it would have to do so prior to including mpm_common.h to pick up the definition of this data type. mpm_common.h does itself include mpm.h fortunately, otherwise the ceiling would indeed have fallen in ;) Gustova can you do: cd server/mpm/prefork make CFLAGS=-E prefork.lo and then upload the preprocessed output prefork.o somewhere? Possibly you're picking up an installed mpm.h which was generated for a different MPM, or something like that. Actually, I have been hitting this myself recently with trunk. I was picking up the an existing ap_listen.h. This is a problem, since the Listen directive was changed from 1 arg to argv, This happened since I was installing to the same prefix, and APR/APR-Util were also installed to this same prefix. We recently changed to using an installed APR/APR-Util by default, which means those directories now get added to the include path, and wham, it includes the installed ap_listen.h first. Should just be some build hackery to make sure our include directory is always first. -Paul
Re: Include Paths, was Re: error
On Mon, Jun 27, 2005 at 12:41:42PM -0700, Paul Querna wrote: Joe Orton wrote: and then upload the preprocessed output prefork.o somewhere? Possibly you're picking up an installed mpm.h which was generated for a different MPM, or something like that. Actually, I have been hitting this myself recently with trunk. I was picking up the an existing ap_listen.h. This is a problem, since the Listen directive was changed from 1 arg to argv, This happened since I was installing to the same prefix, and APR/APR-Util were also installed to this same prefix. We recently changed to using an installed APR/APR-Util by default, which means those directories now get added to the include path, and wham, it includes the installed ap_listen.h first. Should just be some build hackery to make sure our include directory is always first. A while back configure on the trunk was changed to add the `ap*-config --includes` output much later in the INCLUDES, which solved most cases like this. Certainly that much looks OK for me here with separate APR/util builds; -I$(top_srcdir)/include is much earlier than the external include directories; so if you're seeing that specific problem it needs further investigation - what does your INCLUDES look like? joe
Re: Include Paths, was Re: error
Yes. that's the problem. I removed all the apache's *.h files from the system's include directory, and recompiled apache. Works great now ;) And what Joe Orton said, is right. I had a mpm.h from worker in /usr/local/include, and I'm rebuilding apache with prefork now. I haven't set -I/usr/local/includes nor any other INCLUDES in my environment. This is what config.log and config.status show about INCLUDES: # grep INCLUDE config.log APR_INCLUDEDIR='/home/admin2/src/httpd-2.0.54/srclib/apr/include' APU_INCLUDEDIR='/home/admin2/src/httpd-2.0.54/srclib/apr-util/include' EXTRA_INCLUDES=' -I/home/admin2/src/httpd-2.0.54/srclib/apr/include -I/home/admin2/src/httpd-2.0.54/srclib/apr-util/include -I/usr/local/include -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I/usr/include/openssl -I$(top_srcdir)/modules/dav/main' INCLUDES='' # grep INCLUDE config.status s,@EXTRA_INCLUDES@, -I/home/admin2/src/httpd-2.0.54/srclib/apr/include -I/home/admin2/src/httpd-2.0.54/srclib/apr-util/include -I/usr/local/include -I. -I$(top_srcdir)/os/$(OS_DIR) -I$(top_srcdir)/server/mpm/$(MPM_SUBDIR_NAME) -I$(top_srcdir)/modules/http -I$(top_srcdir)/modules/filters -I$(top_srcdir)/modules/proxy -I$(top_srcdir)/include -I$(top_srcdir)/modules/generators -I/usr/include/openssl -I$(top_srcdir)/modules/dav/main,;t t s,@INCLUDES@,,;t t s,@APR_INCLUDEDIR@,/home/admin2/src/httpd-2.0.54/srclib/apr/include,;t t s,@APU_INCLUDEDIR@,/home/admin2/src/httpd-2.0.54/srclib/apr-util/include,;t t -- Thanks a lot for your help - Original Message - From: Paul Querna [EMAIL PROTECTED] To: dev@httpd.apache.org Sent: Monday, June 27, 2005 12:41 PM Subject: Include Paths, was Re: error Joe Orton wrote: On Mon, Jun 27, 2005 at 02:46:23PM -0400, Cliff Woolley wrote: On Mon, 27 Jun 2005, Gustavo A. Baratto wrote: prefork.c:103: error: syntax error before '*' token prefork.c:103: warning: data definition has no type or storage class gmake[4]: *** [prefork.lo] Error 1 gmake[4]: Leaving directory `/home/admin2/src/httpd-2.0.54/server/mpm/prefork' Hmm, I'm not really sure how this never came up before. prefork.c:103 says: static ap_pod_t *pod; struct ap_pod_t is defined in mpm_common.h but only if AP_MPM_USES_POD is defined. server/mpm/prefork/mpm.h does define this symbol. But prefork.c does not include mpm.h at all, whereas it would have to do so prior to including mpm_common.h to pick up the definition of this data type. mpm_common.h does itself include mpm.h fortunately, otherwise the ceiling would indeed have fallen in ;) Gustova can you do: cd server/mpm/prefork make CFLAGS=-E prefork.lo and then upload the preprocessed output prefork.o somewhere? Possibly you're picking up an installed mpm.h which was generated for a different MPM, or something like that. Actually, I have been hitting this myself recently with trunk. I was picking up the an existing ap_listen.h. This is a problem, since the Listen directive was changed from 1 arg to argv, This happened since I was installing to the same prefix, and APR/APR-Util were also installed to this same prefix. We recently changed to using an installed APR/APR-Util by default, which means those directories now get added to the include path, and wham, it includes the installed ap_listen.h first. Should just be some build hackery to make sure our include directory is always first. -Paul
protocol handler holding a connection patch
I sent an email to the list a little over a week ago about adding the ability for a protocol handler to keep a TCP connection open for notifications, but then free in the worker thread back to MPM. No one responded, so I have created a basic patch to allow this, and patched the event and worker mpm's to allow this. First, I added two new methods to the ap_mpm.h: AP_DECLARE(apr_status_t) ap_mpm_close_connection(conn_rec *connection); AP_DECLARE(apr_status_t) ap_mpm_reprocess_connection(conn_rec *connection); I made very few changes to event.c, but a couple more to worker.c, but all in all the patch set was relatively small. The behavior is slightly different between the two. I have also started working on the winnt mpm, but I haven't finished it for both code paths. I have _thought_ about changing the above methods to: AP_DECLARE(apr_status_t) ap_mpm_close_connection(conn_rec *connection); AP_DECLARE(apr_status_t) ap_mpm_reprocess_connection(conn_rec *connection); AP_DECLARE(apr_status_t) ap_mpm_requeue_connection(conn_rec *connection); Where the ap_mpm_requeue_connection would requeue, such as the event mpm, to be processed by another thread, but then have ap_mpm_reprocess_connection, use the current thread of execution. To make it clearer to a protocol modules what will happen in the mpm. I also added a really lame example module called mod_queue, that allows you to push and pop on a queue. I would really appreciate any feedback. I would like to get a change like this accepted into the main apache code. Thanks. -Joey Patch apache-trunk-proto-hold-conn level 1 Source: 3bcefa79-22fa-0310-8f51-eae9cfeca718:/apache-trunk:14965 Target: 13f79535-47bb-0310-9956-ffa450edef68:/httpd/httpd/trunk:202039 (http://svn.apache.org/repos/asf/httpd/httpd/trunk) Log: [EMAIL PROTECTED]: jce | 2005-06-22 16:42:24 -0600 starting. [EMAIL PROTECTED]: jce | 2005-06-22 16:47:48 -0600 Added connection hoding functionality and sample mod... === server/mpm/worker/fdqueue.c == --- server/mpm/worker/fdqueue.c (revision 202039) +++ server/mpm/worker/fdqueue.c (patch apache-trunk-proto-hold-conn level 1) @@ -80,12 +80,9 @@ return APR_SUCCESS; } -apr_status_t ap_queue_info_set_idle(fd_queue_info_t *queue_info, -apr_pool_t *pool_to_recycle) +void ap_queue_info_recycle_pool(fd_queue_info_t *queue_info, +apr_pool_t *pool_to_recycle) { -apr_status_t rv; -int prev_idlers; - /* If we have been given a pool to recycle, atomically link * it into the queue_info's list of recycled pools */ @@ -103,7 +100,16 @@ } } } +} +apr_status_t ap_queue_info_set_idle(fd_queue_info_t *queue_info, +apr_pool_t *pool_to_recycle) +{ +apr_status_t rv; +int prev_idlers; + +ap_queue_info_recycle_pool(queue_info, pool_to_recycle); + /* Atomically increment the count of idle workers */ for (;;) { prev_idlers = queue_info-idlers; === server/mpm/worker/fdqueue.h == --- server/mpm/worker/fdqueue.h (revision 202039) +++ server/mpm/worker/fdqueue.h (patch apache-trunk-proto-hold-conn level 1) @@ -38,6 +38,8 @@ apr_status_t ap_queue_info_wait_for_idler(fd_queue_info_t *queue_info, apr_pool_t **recycled_pool); apr_status_t ap_queue_info_term(fd_queue_info_t *queue_info); +void ap_queue_info_recycle_pool(fd_queue_info_t *queue_info, +apr_pool_t *pool_to_recycle); struct fd_queue_elem_t { apr_socket_t *sd; === server/mpm/worker/worker.c == --- server/mpm/worker/worker.c (revision 202039) +++ server/mpm/worker/worker.c (patch apache-trunk-proto-hold-conn level 1) @@ -30,6 +30,7 @@ #include apr_thread_mutex.h #include apr_proc_mutex.h #include apr_poll.h +#include apr_support.h #define APR_WANT_STRFUNC #include apr_want.h @@ -519,8 +520,20 @@ current_conn = ap_run_create_connection(p, ap_server_conf, sock, conn_id, sbh, bucket_alloc); if (current_conn) { -ap_process_connection(current_conn, sock); -ap_lingering_close(current_conn); + ap_process_connection(current_conn, sock); + if (!current_conn-cs || (current_conn-cs-state == CONN_STATE_LINGER)) { + /* Default/old mpm behavior */ + ap_mpm_close_connection(current_conn); + } else if (current_conn-cs-state == CONN_STATE_CHECK_REQUEST_LINE_READABLE) { + while (current_conn-cs-state == CONN_STATE_CHECK_REQUEST_LINE_READABLE) { + apr_interval_time_t old_timeout; + apr_socket_timeout_get(sock, old_timeout); + apr_socket_timeout_set(sock, current_conn-base_server-timeout); +
Re: JIRA administration
On 28/06/2005, at 2:27 AM, Nicolas Lehuen wrote: How can we add users to the mod_python project ? I'd like to assign some fixes to Graham or Jim but only you and me are listed in the various combo boxes... Hopefully you aren't intending to try and assign problems to me for fixing. I intentionally haven't accepted source repository access at this time as I have no additional time to do much and having repository access would be too tempting and I would then get nothing done on my own stuff. :-) Graham
Re: svn commit: r202027 - in /httpd/httpd/trunk: CHANGES server/mpm_common.c
At 02:26 PM 6/27/2005, Paul Querna wrote: It would work, but it doesn't make any difference. The request is not actually served. The child pops out of accept(), and notices that it needs to die. HUH? Perhaps true of shutdown, but if graceful works that way, we are screwed. Graceful expects all requests to serve without taking a hiccup. Once accept()ed, another listening child doesn't get a chance to play catch. Bill
Re: JIRA administration
No, I wanted to give you credit for a fix :). 2005/6/27, Graham Dumpleton [EMAIL PROTECTED]: On 28/06/2005, at 2:27 AM, Nicolas Lehuen wrote: How can we add users to the mod_python project ? I'd like to assign some fixes to Graham or Jim but only you and me are listed in the various combo boxes... Hopefully you aren't intending to try and assign problems to me for fixing. I intentionally haven't accepted source repository access at this time as I have no additional time to do much and having repository access would be too tempting and I would then get nothing done on my own stuff. :-) Graham
APR::* confusion in setting and retrieving cookies through libapreq2
Hello, I'm trying two simple functions i.e. to set a cookie and retrieve it. I'm using Apache2, mod_perl2 libapreq2-2.05 to do this. I read in the libapreq2 mail archives that using APR::* is recommended over the Apache2::Cookie modules and that there was debate over dumping the Apache2::* modules but were left behind only for backward compatibilities. Please check this thread: http://marc.theaimsgroup.com/?t=11169506303r=1w=2 So after reading the above thread and this one: http://marc.theaimsgroup.com/?t=11169448699r=1w=2 i'm in total confusion as to which is the right way to go about accomplishing 2 seemingly simple tasks of setting and retrieving cookies. I've read the documentation for APR::Request::Cookie and i'm unable to figure out how to send the cookie after creating one. So, i've basically got this: use APR::Request::Cookie; my $cookie = APR::Request::Cookie-new($req, name = foo, value = bar, domain = whatever.com); Now from here how do i bake the cookie or send it? using $r-headers_out... ? Also $req needs to be an object of type APR::Pool and in the documentation for APR::Pool it is suggested that it is good to use a request pool for these short scoped requests. So would $req be created like this ? $req = APR::Request::Apache2-handle($r) It's quite obvious that i'm pretty confused at this point with the new naming convention, so any help or advice would be greatly appreciated. Another question i have is this - I went through the code for APR::Request::Cookie and I don't see method definitions for most of the methods/subs listed in the documentation, even in the base class i.e. APR::Request. Are these methods implemented as functions in C code that is then dynamically linked and bootstrapped through the dynaLoader module? Thanks, Gokul P. Nair Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com