Rasmus Lerdorf wrote: >> >> Ya, I got messed up in my other email too. >> >> SO_ACCEPTFILTER is in 2.0.xx. >> >> TCP_DEFER_ACCEPT is in 2.1.xx. >> >> -Paul > > > By the way Paul, I have been meaning ask, are you falling back from > httpready to dataready on SSL requests in 2.x? I don't see it in > server/listen.c, but I am not really up on the 2.x code. We can't use > httpready on an SSL request for obvious reasons.
Nope, it always tries to use accf_http. In real life, I don't believe this is detrimental, since if the accf_http filter sees data it doesn't understand, it acts just like accf_data -- and mod_ssl reads the data just like normal. There was a thread discussing refactoring of how accept filters and TCP_DEFER_ACCEPT should be applied, but the root problem is that we do not know that a socket is SSL, until after we have accept()'ed that socket. This thread was started when I committed support for TCP_DEFER_ACCEPT: http://marc.theaimsgroup.com/?t=110275895100002&r=1&w=2 A proposed solution is a 'mod_acceptfilter': http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=110297187029584&w=2 Unfortunately, no one followed up with Rici's ideas on it. I think the longterm solution is to remove things like 'SSLEngine On', and fix HTTPD to associate a single protocol with a single listening socket. An alternative that was also proposed at the same time was <Listen> Blocks: http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=110297188417604&w=2 This would allow something like: <Listen 1.2.3.4:443> # would imply the accf_data filter on FreeBSD... Protocol https <VirtualHost> .... </VirtualHost> </Listen> Either way, we need a better method to know which protocol will at least initially be ran on a socket. Currently it is all runtime, but it must be changed to be done at startup, to properly apply the accept filters. In the real world, it is not a big issue, since most people are running HTTP or HTTPS Servers with apache, but maybe someday httpd will fully support SMTP, IMAP, and FTP :) -Paul
