Re: intro and question

[Aaron Bannert]

On Wed, Oct 03, 2001 at 12:40:13PM -0700, clayton cottingham wrote:
[...]
 unfortunately it doesnt compile!
 
 it looks for apr_uri.h and cant find it
 heck i cant find it either!!
 
 its no where to be found in the apr or httpd 2.0 tarballs include dir's
 
 am i missing something?

Some interfaces have changed since that tarball was released, so you'll
have to get the current HEAD from cvs of APR in order to get flood to
compile. Let us know if you have problems at that point.

-aaron

Re: intro and question

[clayton cottingham]

Aaron Bannert wrote:
 
 On Wed, Oct 03, 2001 at 12:40:13PM -0700, clayton cottingham wrote:
 [...]
  unfortunately it doesnt compile!
 
  it looks for apr_uri.h and cant find it
  heck i cant find it either!!
 
  its no where to be found in the apr or httpd 2.0 tarballs include dir's
 
  am i missing something?
 
 Some interfaces have changed since that tarball was released, so you'll
 have to get the current HEAD from cvs of APR in order to get flood to
 compile. Let us know if you have problems at that point.
 
 -aaron


ok after i 
retried on my home machine i got as far as this:

/bin/sh /home/drfrog/httpd-2.0//srclib/apr/libtool --silent --mode=link
gcc  -g -O2 -pthread-DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500
-D_BSD_SOURCE -D_SVID_SOURCE -I/home/drfrog/openssl-0.9.6b/include
-I/home/drfrog/httpd-2.0//srclib/apr/include/arch/unix
-DAP_HAVE_DESIGNATED_INITIALIZER   -I. -I/home/drfrog/httpd-2.0//os/unix
-I/home/drfrog/httpd-2.0//server/mpm/prefork
-I/home/drfrog/httpd-2.0//modules/http -I/home/drfrog/httpd-2.0//include
-I/home/drfrog/httpd-2.0//srclib/apr/include
-I/home/drfrog/httpd-2.0//srclib/apr-util/include
-I/home/drfrog/httpd-2.0//modules/dav/main -export-dynamic
-L/home/drfrog/openssl-0.9.6b/lib   -o flood flood.lo
flood_round_robin.lo flood_profile.lo flood_config.lo flood_net.lo
flood_net_ssl.lo flood_farmer.lo flood_simple_reports.lo
flood_easy_reports.lo flood_farm.lo flood_socket_generic.lo
flood_socket_keepalive.lo flood_report_relative_times.lo
-L/home/drfrog/openssl-0.9.6b/lib
/home/drfrog/httpd-2.0//srclib/apr-util/libaprutil.la
/home/drfrog/httpd-2.0//srclib/apr/libapr.la
/home/drfrog/httpd-2.0//srclib/apr-util/xml/expat/lib/libexpat.la -lm
-lcrypt -lnsl  -ldl
flood_net_ssl.o: In function `ssl_init_socket':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:153: undefined reference
to `SSL_library_init'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:154: undefined reference
to `SSL_library_init'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:155: undefined reference
to `SSL_load_error_strings'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:156: undefined reference
to `ERR_load_crypto_strings'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:157: undefined reference
to `RAND_load_file'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:160: undefined reference
to `CRYPTO_num_locks'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:173: undefined reference
to `CRYPTO_set_locking_callback'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:174: undefined reference
to `CRYPTO_set_id_callback'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:176: undefined reference
to `CRYPTO_set_dynlock_create_callback'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:177: undefined reference
to `CRYPTO_set_dynlock_lock_callback'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:178: undefined reference
to `CRYPTO_set_dynlock_destroy_callback'
flood_net_ssl.o: In function `ssl_open_socket':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:203: undefined reference
to `SSLv23_client_method'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:203: undefined reference
to `SSL_CTX_new'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:204: undefined reference
to `SSL_CTX_ctrl'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:207: undefined reference
to `SSL_CTX_ctrl'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:210: undefined reference
to `SSL_CTX_load_verify_locations'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:213: undefined reference
to `SSL_new'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:214: undefined reference
to `SSL_set_connect_state'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:217: undefined reference
to `SSL_set_fd'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:218: undefined reference
to `SSL_connect'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:222: undefined reference
to `SSL_get_error'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:232: undefined reference
to `ERR_print_errors_fp'
flood_net_ssl.o: In function `ssl_close_socket':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:243: undefined reference
to `SSL_free'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:244: undefined reference
to `SSL_CTX_free'
flood_net_ssl.o: In function `ssl_read_socket':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:260: undefined reference
to `SSL_read'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:261: undefined reference
to `SSL_get_error'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:275: undefined reference
to `ERR_print_errors_fp'
flood_net_ssl.o: In function `ssl_read_socket_handshake':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:290: undefined reference
to `SSL_read'
flood_net_ssl.o: In function `ssl_write_socket':
/home/drfrog/httpd-test/flood/flood_net_ssl.c:300: undefined reference
to `SSL_write'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:302: undefined reference
to `SSL_get_error'
/home/drfrog/httpd-test/flood/flood_net_ssl.c:314: undefined reference
to `ERR_print_errors_fp'
collect2: ld returned 1 exit status
make: *** [flood] Error 1

Re: [PATCH] adding xml output to mod_status -- [REPOST]

[Mark J Cox]

 - on Linux and NetWare I only get the data unformated back, looks as
 there are problems with the scoreboard.xsl or so. Any ideas what's

Yeah, Mozilla isn't very stable at doing the rendering.  Most of the
problems you mention are due to the XSLT being done inside the browser.
I'm not real worried about problems with the XSL because most of the time
you'll want the raw XML data instead, and these browsers will only get
better at XSLT over time.

 6.29982236431605997495353221893310546875kB

If you look in the XSLT I wanted to use xsl:format-number to round to one
decimal place, but Mozilla doesn't support format-number yet.  You could
probably negotiate the xsl file returned based on user-agent and have
several.

 you should really change the TZ to numerous expression as Sander
 already suggested:

Good plan.  I wanted to avoid timestamps that are offsets though so the
XML data is consistant (and can be compared) across platforms.

Cheers,
Mark

mod_ssl update...

[Justin Erenkrantz]

Yeah, mod_ssl's filtering model just isn't meshing well with the
rewrite to the input filtering.  Since I think most of us on
the list have come to the consensus that what I committed is
closer to the right thing (whatever that pie-in-the-sky may 
be), I think we need to consider altering mod_ssl's filtering 
model to fit with our new expectations.

I think it's doable, but it isn't going to be a trivial one-line 
patch.  I'll quote RSE here from the top of the ssl_engine_io.c:

/* XXX THIS STUFF NEEDS A MAJOR CLEANUP -RSE XXX */

So, I'm obviously not the first one to think this and that
was before the input filters change forced this issue.  =)

Anyway, I see that the input and output filters are handled
by one function - churn.  Is that dictated by the mechanics
of OpenSSL?  Can we separate input and output entirely or
do we need to have them coexist like they are now?

Basically, the root problem is that mod_ssl's input filtering
routines are expecting to get the socket back with the -1 length
and do a FOREACH until it is exhausted.  That's not how it works 
anymore, so mod_ssl is going to be broken until we teach it how 
to properly handle reading from the socket in little chunks (via
ap_get_brigade via CORE_IN).  But, I think we may have to jettison
CORE_IN when mod_ssl is used because we need to get enough data
to renegotiate, etc, etc, etc.  I also don't think OpenSSL will
like the idea of renegotiating via buckets.  =)  

So, I think we have to teach mod_ssl's input filter to standalone 
without the help of the core.  That means (I think) that we could 
use the SSL_* (i.e. SSL_read) functions when reading from the 
socket rather than ap_get_brigade/BIO_*.  Can we intermix calls to 
BIO_* and SSL_*?  Are they separate?  When do we want to use BIO_* 
and not SSL_*?

There is just a lot of stuff here.  And, I think Ralf nailed it
on the head.  =)  I'm not sure that I see a simple way around
this, but I'm open to suggestions.  Thoughts?  -- justin

BaseAddress.ref needed?

[Günter Knauf]

Hi Bill,
can you please explain if every module really needs an entry in BaseAddress.ref? I 
tested with many modules without an entry and it seems to work with the linker 
defaults...
If it is needed how should it be done then with 3rd party modules?
Guenter.

RE: mod_ssl update...

[MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)]

Hi,
  Pl. find my comments below :

-Original Message-
From: Justin Erenkrantz

[..snip..]
/* XXX THIS STUFF NEEDS A MAJOR CLEANUP -RSE XXX */
So, I'm obviously not the first one to think this and that
was before the input filters change forced this issue.  =)
[..snip..]

True.. it's known that the ssl filtering is to be stabilized. That's the
reason the comment still exists in the file - else it would have gone long
time ago :-).

[..snip..]
Anyway, I see that the input and output filters are handled
by one function - churn.  Is that dictated by the mechanics
of OpenSSL?  Can we separate input and output entirely or
do we need to have them coexist like they are now?
[..snip..]

You're right.. the bulk of the SSL communication logic is done in churn()..
The logic basically reads the user data from the filter, gives it to OpenSSL
thru' the BIO routines, and whatever is output by openssl is picked up thru'
the BIO interfaces and put on to the output queue.. I'm not clear what you
mean by separate input and output..

[..snip..]
I also don't think OpenSSL will like the idea of renegotiating via buckets.
=)  
[..snip..]

I don't think so..As long as we can gather the *full client data* and pass
it across, OpenSSL is happy.. The catch here is to capture all the data
that's sent by the client, and not to break it into small chunks/pieces.

[..snip..]
So, I think we have to teach mod_ssl's input filter to standalone 
without the help of the core.  That means (I think) that we could 
use the SSL_* (i.e. SSL_read) functions when reading from the 
socket rather than ap_get_brigade/BIO_*.  Can we intermix calls to 
BIO_* and SSL_*?  Are they separate?  When do we want to use BIO_* 
and not SSL_*?
[..snip..]

It's definitely possible to use the SSL_* functions - but, then we'll have
to expose the socketfd's et al.. Also, it'd be deviating from the other
modules of apache, where the filters are *almost* forced to be used. I'd
prefer to have the ap_get_brigade_* functionality to read/write the data
from the socket.

[..snip..]
There is just a lot of stuff here.  And, I think Ralf nailed it
on the head.  =) 
[..snip..]

shameless plugI picked up the SSL filtering logic from tls, and modified
it to work for mod-ssl /shameless plug.. OtherBill, Doug, Cliff added some
real valuable stuff to the filter code.

-Madhu

[PATCH] httpd-2.0: main.c corrects -h on Win32 - update

[Günter Knauf]

sorry, I forgot the first usage output...
Guenter.

 main.c.patch

Re: BaseAddress.ref needed?

[Greg Stein]

On Wed, Oct 03, 2001 at 09:56:40AM +0200, Günter Knauf wrote:
 Hi Bill,
 can you please explain if every module really needs an entry in BaseAddress.ref? I 
tested with many modules without an entry and it seems to work with the linker 
defaults...
 If it is needed how should it be done then with 3rd party modules?

Yes, it is needed. Without it, the linker will assign the same, fixed
address to every module. At runtime, those modules will then need to be
relocated to some address.

Using BaseAddress.ref, we can effectively do the relocation at link time.
Sure, it is possible some other code is present and a relocation is forced,
but that will be atypical.

Relocation is expensive. Doing it at link time rather than load time is a
huge win.

3rd party modules can do whatever they want. Invariably, they will probably
get relocated and/or clash with other 3rd party modules. But we *do* have
control over Apache itself and can help those.

There are further optimizations with assigning addresses that we probably
don't do. Specifically, if there are gaps in the address space, then you
end up wasting space in the processor's mapping tables. As a result, you
want to pack the modules as tightly as possible.

Of course, that tight-packing is at odds with the optional loading of
modules. If we do the packing, then decide not to load something, then we
end up with a hole.

[ and you can extend that to third party modules if we attempt to act as a
  registry for them. it goes without saying that people won't have every
  third party module, so each apache process would have *huge* holes, thus
  wasting significant processor tables ]


Does that answer your questions? :-)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

[PATCH] proxy_http.c fixed type of pragma var

[Günter Knauf]

Hi,
with recent changes to mod_proxy now compilition breaks with CW6, CW5 and gcc give 
warnings.
If defining pragma as const char is a problem on other platforms at least a cast it 
needed.

In adddition Pavel told me that gcc warns about this:
src/modules/proxy/proxy_http.c:477:4: warning: /* within comment

both issues fixed in attached patch2 and tested for NetWare with CW, gcc and for Win32 
with MSVC6.

Guenter.

 proxy_http.c.patch
 proxy_http.c.patch2

Re: [PROPOSAL] Apache for NetWare status change...

[Rodent of Unusual Size]

Well, if Novell (who support it) feel that way, I'm inclined
to say 'provide replacement text to be checked in.'
-- 
#kenP-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

All right everyone!  Step away from the glowing hamburger!

Re: ssl is broken

[Ryan Bloom]

On Tuesday 02 October 2001 10:11 pm, Justin Erenkrantz wrote:
 On Wed, Oct 03, 2001 at 12:51:09AM -0400, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) 
wrote:
  I'm running into all sorts of filter problems. The initial client request
  is itself not received completely.. For ex., the apr_bucket_read
  (ssl_engine_io.c:218) returns 20 bytes when the client has sent 103
  bytes.
 
  The ssl_hook_process_connection (mod_ssl.c:360) returns with a error to
  read more (which is not being handled right now). This is a problem as
  the SSL filter expects that *all* the data sent by the client is received
  in one complete chunk..
 
  If I try forcing the bucket_read again (incase of a SSL_WANT_READ error),
  it's still not able to read the full data.

 Whenever mod_ssl is handling the request, it needs to remove CORE_IN
 and be able to match CORE_IN's functionality (i.e. handle the same
 modes as CORE_IN).  This is how I would expect it to work given the
 new implementation.

This is bogus.  The whole point of the SSL module being written to use BIO's,
was that it doesn't need to replace CORE_IN.

Ryan
__
Ryan Bloom  [EMAIL PROTECTED]
Covalent Technologies   [EMAIL PROTECTED]
--

Re: BaseAddress.ref needed?

[William A. Rowe, Jr.]

From: Günter Knauf [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 9:32 AM


 Hi Greg, Bill,
 thanks for the detailed information.
 Now I'm asking me why I did not ask you earlier because I have ~20 modules
 which then better be recompiled...
 I assume that this also applies to Cygwin and perhaps OS2, or? If so then
 there's a common interest to have a BaseAddress2.ref for 3rd party modules;
 can we perhaps place it on a Apache server so that everyone has access to?
 I've already started with this and will now put in all modules I got compiled
 for Win32 and post it here if you agree...

My only problem is that I don't want to even try maintaining such a beast.
IMHO, it's better if they express their /BASE:0x directly.  Of course
I don't mind if an 'installer' were to tack their base entry into BaseAddr.ref
directly when merging their sources into the build tree (not such a common act
on Win32, since we have so few 'compilers'.)

One problem is the size argument.  If you build in full debugging mode, your
binaries are much larger.  I've taken that into account for the current list.
Sometimes modules grow, and the entire table must be rearranged.  I don't much
like trying that for umpteen modules.

Look at the rebase.exe utility (provided in the PlatformSDK and with the MSVC
products, amoungst other places) which will let you reorder .dll's wrt each
other's load addresses.  You would specify any 'predictable' modules (those
with well established load addresses, such as libraries or the Apache modules
we hand-ordered) by the -N opt, then list out the other 'undefined' modules
with the -O opt.  Use -d to order these modules top-down, and -b 0x6FFF
or some such as the starting point.

cygwin might benefit from rebasing the entire list at once.

Bill

--enable-ssl=shared

[Doug MacEachern]

autoconf guru help needed:

-lssl and -lcrypto are linked with httpd rather than mod_ssl.so
since httpd does not reference any ssl symbols they are all tossed out and
mod_ssl.so falls flat on its face:

Cannot load /home/dougm/ap/prefork/modules/mod_ssl.so into
server: /home/dougm/ap/prefork/modules/mod_ssl.so: undefined
symbol: X509_free

Apache 1.3.21 tag this evening....

[Bill Stoddard]

...after porting Bill Rowe's last mod_negotiation patch to 1.3.

These showstoppers are in the STATUS file...

Netware, OS2, and MPE may require gettid() and tid_t definitions in
those platforms' os.h headers for mod_unique_id.
  Status: Win32 OK.  Netware ??.  OS2 ??.  MPE ??.

Security issues posted to the appropriate list.
  Status: some applied


I believe both have been taken care of and will remove these from the STATUS file 
before
tag if someone doesn;t beat me to it first.

Will roll the tarball 24 hours from the tag to give time for some testing.

Bill

Re: mod_ssl update...

[Justin Erenkrantz]

On Wed, Oct 03, 2001 at 01:30:02AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) 
wrote:
 You're right.. the bulk of the SSL communication logic is done in churn()..
 The logic basically reads the user data from the filter, gives it to OpenSSL
 thru' the BIO routines, and whatever is output by openssl is picked up thru'
 the BIO interfaces and put on to the output queue.. I'm not clear what you
 mean by separate input and output..

Most of the other filters have their logic separated by input and
output.  mod_ssl combines them into one function.  I think that
it makes sense to split it out so that input is only handled by
one function and output is handled by another function.  I'm not
sure why we have one function attempting to handle input/output.
Is there a reason why churn() must exist?  Input and output are
not related to each other.

I'm not familiar with the BIO_* routines (when I was writing the
SSL code for flood, the BIO_* routines did not work for me).  So,
I had it handle reading from the socket itself - and that seemed
to work out well.

 I don't think so..As long as we can gather the *full client data* and pass
 it across, OpenSSL is happy.. The catch here is to capture all the data
 that's sent by the client, and not to break it into small chunks/pieces.

What the real deal is that OpenSSL was assumming that it'd get the
socket bucket back from the core filter and it'd be able to do whatever
it wanted with it.  That's not possible anymore.

If it is possible to have the core do the heavy lifting (i.e. reading
from the socket), that is preferred.  I'm just not sure how mod_ssl
is reading from the socket at all.  It calls ap_get_brigade *and*
SSL_read - that is a violation of the input filter semantics.  Either
it reads from the socket on its own or it relies on the core for all
of the input.

 It's definitely possible to use the SSL_* functions - but, then we'll have
 to expose the socketfd's et al.. Also, it'd be deviating from the other
 modules of apache, where the filters are *almost* forced to be used. I'd
 prefer to have the ap_get_brigade_* functionality to read/write the data
 from the socket.

Yes, I'd prefer it to rely on core, but there are things like *readbytes
0 that are completely bogus in the core with SSL.  That's why I'm not 
sure we can use the core filter anymore.  

Since all of the data in the socket is encrypted, if readbytes == 0 is 
sent, it means to read a line of input data which is now bogus because 
the core (since it can't read the actual socket information) can't
determine when a line of input data is read.  Only mod_ssl has the
logic to decrypt the packet information.  

(And look at flood to see how you get the socketfd back from the
apr_socket_t...)  -- justin

Re: --enable-ssl=shared

[Aaron Bannert]

On Wed, Oct 03, 2001 at 08:18:30AM -0700, Doug MacEachern wrote:
 autoconf guru help needed:
 
 -lssl and -lcrypto are linked with httpd rather than mod_ssl.so
 since httpd does not reference any ssl symbols they are all tossed out and
 mod_ssl.so falls flat on its face:
 
 Cannot load /home/dougm/ap/prefork/modules/mod_ssl.so into
 server: /home/dougm/ap/prefork/modules/mod_ssl.so: undefined
 symbol: X509_free

So you're saying that libssl.so and libcrypto.so aren't showing up
when you run ldd on either httpd or mod_ssl.so? Just for reference,
what is ldd giving you for httpd and mod_ssl.so? (You may not want to
copy it here, but ldd -v is interesting too).

-aaron

Re: Apache 1.3.21 tag this evening....

[Brian Havard]

On Wed, 3 Oct 2001 11:27:56 -0400, Bill Stoddard wrote:

...after porting Bill Rowe's last mod_negotiation patch to 1.3.

These showstoppers are in the STATUS file...

Netware, OS2, and MPE may require gettid() and tid_t definitions in
those platforms' os.h headers for mod_unique_id.
  Status: Win32 OK.  Netware ??.  OS2 ??.  MPE ??.

gettid()? 1.3 on OS/2 is NOT multi-threaded.

-- 
 __
 |  Brian Havard |  He is not the messiah!   |
 |  [EMAIL PROTECTED]  |  He's a very naughty boy! - Life of Brian |
 --

Re: --enable-ssl=shared

[Doug MacEachern]

On Wed, 3 Oct 2001, Aaron Bannert wrote:
 
 So you're saying that libssl.so and libcrypto.so aren't showing up
 when you run ldd on either httpd or mod_ssl.so? Just for reference,
 what is ldd giving you for httpd and mod_ssl.so? (You may not want to
 copy it here, but ldd -v is interesting too).

no, mine is linked against lib{crypto,ssl}.a
there are no .so's in /usr/local/ssl/lib
i'm just noticing now for the first time lib{crypto,ssl}.so in /usr/lib

but if mod_ssl is built shared, -lssl -lcrypto should get linked against
mod_ssl.so rather than httpd, right?

% ldd bin/httpd
libaprutil.so.0 = /home/dougm/ap/prefork/lib/libaprutil.so.0 (0x40017000)
libapr.so.0 = /home/dougm/ap/prefork/lib/libapr.so.0 (0x40028000)
libm.so.6 = /lib/libm.so.6 (0x40052000)
libcrypt.so.1 = /lib/libcrypt.so.1 (0x40071000)
libnsl.so.1 = /lib/libnsl.so.1 (0x400a)
libdl.so.2 = /lib/libdl.so.2 (0x400b7000)
libexpat.so.0 = /home/dougm/ap/prefork/lib/libexpat.so.0 (0x400ba000)
libpthread.so.0 = /lib/libpthread.so.0 (0x400e1000)
libc.so.6 = /lib/libc.so.6 (0x400f7000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000)

% ldd modules/mod_ssl.so 
libc.so.6 = /lib/libc.so.6 (0x40032000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)

Re: Apache 1.3.21 tag this evening....

[Brad Nicholes]

#define for gettid() and tid_t have been added to os.h for NetWare

Brad

 [EMAIL PROTECTED] Wednesday, October 03, 2001 9:27:56 AM 
..after porting Bill Rowe's last mod_negotiation patch to 1.3.

These showstoppers are in the STATUS file...

Netware, OS2, and MPE may require gettid() and tid_t definitions in
those platforms' os.h headers for mod_unique_id.
  Status: Win32 OK.  Netware ??.  OS2 ??.  MPE ??.

Security issues posted to the appropriate list.
  Status: some applied


I believe both have been taken care of and will remove these from the STATUS file 
before
tag if someone doesn;t beat me to it first.

Will roll the tarball 24 hours from the tag to give time for some testing.

Bill

Re: Apache 1.3.21 tag this evening....

[Mark J Cox]

I've written an Announcement file for 1.3.21 and will commit within the
hour (just got back from dentist)

Mark

Re: ssl is broken

[Justin Erenkrantz]

On Wed, Oct 03, 2001 at 08:10:11AM -0500, William A. Rowe, Jr. wrote:
 Now ... the core input filter can't decide where to break input, it has to allow
 connection filters to insert themselves and decode whatever is read.
 
 That means that the core filter needs to be split, and another line input
 dequeue filter needs to be inserted as the last 'connection' filter.  That
 leaves us ready for the request filter to read 'lines' or 'bytes' and make
 decisions based on the lines and bytes read, and fall back on the line input
 dequeue to keep the 'next' request's input set-aside for the next request.

Yes and no.  You are kind of right here - I see why you might want to
do that, but that was the previous architecture with HTTP_IN and
CORE_IN.  (HTTP_IN was an admittedly bad name for it, but that is 
what it tried to do - do readlines.)

A lot of the complexity was removed by assuming that only one filter
has the -1 brigade.  And, Greg and Ryan have commented that they 
would rather see CORE_IN not deal with socket buckets at all but 
read directly from the socket.  

Ryan and Greg, how do you guys see this working?  I yield to
your wisdom here...  If the CORE_IN read from the socket 
directly as you both have suggested, how would (or should) 
mod_ssl interact?  

I see it being a much simpler task to write a module that
replaces CORE_IN than trying to work around it.  It's not
that much code - and I think mod_ssl could even ditch
some of the lesser-supported modes (readbytes==-1 and PEEK 
which it already doesn't support).  We'll probably end up
removing them in core at some point.  -- justin

Re: Apache 1.3.21 tag this evening....

[William A. Rowe, Jr.]

Doh --- sorry :)  I'll pull that note.

Could all platforms crosscheck the mod_vhost_alias/mod_unique_id changes that
went in?  The changes vhost_alias changes _should_ have no discernable effect 
on any straight unix ('/' rooted) platform, and the unique_id changes should
only affect MULTITHREAD platforms.

Don't want to discover that I've broken this -after- the tag, I'd like to
fix any snafus beforehand.

Bill

- Original Message - 
From: Brian Havard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 10:41 AM
Subject: Re: Apache 1.3.21 tag this evening


 On Wed, 3 Oct 2001 11:27:56 -0400, Bill Stoddard wrote:
 
 ...after porting Bill Rowe's last mod_negotiation patch to 1.3.
 
 These showstoppers are in the STATUS file...
 
 Netware, OS2, and MPE may require gettid() and tid_t definitions in
 those platforms' os.h headers for mod_unique_id.
   Status: Win32 OK.  Netware ??.  OS2 ??.  MPE ??.
 
 gettid()? 1.3 on OS/2 is NOT multi-threaded.
 
 -- 
  __
  |  Brian Havard |  He is not the messiah!   |
  |  [EMAIL PROTECTED]  |  He's a very naughty boy! - Life of Brian |
  --
 
 

Re: [PATCH] mod_negotiation, suffix order

[Rodent of Unusual Size]

William A. Rowe, Jr. wrote:
 
  That is, if the URI is index.bak, we can only negociate
  amongst variants matching index.bak* -- NOT index.*.bak*.
 
 What's your rational?  I agree that index[.*].bak[.*] is broader
 than index.bak[.*] --- but I'm wondering why you feel this way?
 
 Say that we want to point the user to the english index page.
 Why shouldn't a request for index.en discover index.html.en or
 index.cgi.en?

Negociation is done using the header field values, NOT the
URI.  index.en is NOT a request for an English variant
of index, it is a request for [possibly some variant of]
an object named index.en -- period.  That a portion of the
specified URI happens to match a value that has meaning in
negociation is completely coincidental -- and irrelevant.  We
cannot co-opt nor interpret nor decompose the value of the
URI in negociation; all we can use are the parameters in the
header and the resource (read: file) names.

If it were meant to be used as a negociation axis, it would
be in the header fields and absent from the URI.  That it is
explicit in the URI removes it from participation in any
negociation axes.

If the URI is index.en, an explicitly English variant must
match index.en*.en*.

Ordering is an issue for sure, but playing games, by decomposing
the URI and trying to guess what it means, only complicates
matters and is not on.

All IM[NS?]HO..  although Roy may have something to say on
this.
-- 
#kenP-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

All right everyone!  Step away from the glowing hamburger!

RE: --enable-ssl=shared

[MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)]

You're right.. libcrypto/ssl.a should get linked with mod_ssl.so rather than
httpd. I did try it out initially - with a small hack into the ssl makefile,
but then gave up - as it involved modifying the autoconf script(something
which i don't know).

Thx
-Madhu

-Original Message-
From: Doug MacEachern [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 03, 2001 8:47 AM
To: [EMAIL PROTECTED]
Subject: Re: --enable-ssl=shared


On Wed, 3 Oct 2001, Aaron Bannert wrote:
 
 So you're saying that libssl.so and libcrypto.so aren't showing up
 when you run ldd on either httpd or mod_ssl.so? Just for reference,
 what is ldd giving you for httpd and mod_ssl.so? (You may not want to
 copy it here, but ldd -v is interesting too).

no, mine is linked against lib{crypto,ssl}.a
there are no .so's in /usr/local/ssl/lib
i'm just noticing now for the first time lib{crypto,ssl}.so in /usr/lib

but if mod_ssl is built shared, -lssl -lcrypto should get linked against
mod_ssl.so rather than httpd, right?

% ldd bin/httpd
libaprutil.so.0 = /home/dougm/ap/prefork/lib/libaprutil.so.0
(0x40017000)
libapr.so.0 = /home/dougm/ap/prefork/lib/libapr.so.0 (0x40028000)
libm.so.6 = /lib/libm.so.6 (0x40052000)
libcrypt.so.1 = /lib/libcrypt.so.1 (0x40071000)
libnsl.so.1 = /lib/libnsl.so.1 (0x400a)
libdl.so.2 = /lib/libdl.so.2 (0x400b7000)
libexpat.so.0 = /home/dougm/ap/prefork/lib/libexpat.so.0
(0x400ba000)
libpthread.so.0 = /lib/libpthread.so.0 (0x400e1000)
libc.so.6 = /lib/libc.so.6 (0x400f7000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000)

% ldd modules/mod_ssl.so 
libc.so.6 = /lib/libc.so.6 (0x40032000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000)

Re: Apache 1.3.21 tag this evening....

[William A. Rowe, Jr.]

Is MPE actually a threaded server, or am I simply confused?

Are there any MULTITHREAD unix ports, or is this only Win32 and Netware?

Bill

- Original Message - 
From: Brad Nicholes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 10:51 AM
Subject: Re: Apache 1.3.21 tag this evening


#define for gettid() and tid_t have been added to os.h for NetWare

Brad

 [EMAIL PROTECTED] Wednesday, October 03, 2001 9:27:56 AM 
..after porting Bill Rowe's last mod_negotiation patch to 1.3.

These showstoppers are in the STATUS file...

Netware, OS2, and MPE may require gettid() and tid_t definitions in
those platforms' os.h headers for mod_unique_id.
  Status: Win32 OK.  Netware ??.  OS2 ??.  MPE ??.

Security issues posted to the appropriate list.
  Status: some applied


I believe both have been taken care of and will remove these from the STATUS file 
before
tag if someone doesn;t beat me to it first.

Will roll the tarball 24 hours from the tag to give time for some testing.

Bill

CGI -C++ Library

[Madhu Dasu]

Dear All,
I am a new joinee in this group. I am now working on
CGI-C++ development. I would like to know the C++
libraries, if any, that are supported by Apache 1.3
for this development. I loaded Apache on HP-Unix
version 11 box.

Regards,
Madhu. 

 
--- William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
 Is MPE actually a threaded server, or am I simply
 confused?
 
 Are there any MULTITHREAD unix ports, or is this
 only Win32 and Netware?
 
 Bill
 
 - Original Message - 
 From: Brad Nicholes [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Wednesday, October 03, 2001 10:51 AM
 Subject: Re: Apache 1.3.21 tag this evening
 
 
 #define for gettid() and tid_t have been added to
 os.h for NetWare
 
 Brad
 
  [EMAIL PROTECTED] Wednesday, October 03, 2001
 9:27:56 AM 
 ..after porting Bill Rowe's last mod_negotiation
 patch to 1.3.
 
 These showstoppers are in the STATUS file...
 
 Netware, OS2, and MPE may require gettid() and
 tid_t definitions in
 those platforms' os.h headers for mod_unique_id.
   Status: Win32 OK.  Netware ??.  OS2 ??.  MPE
 ??.
 
 Security issues posted to the appropriate list.
   Status: some applied
 
 
 I believe both have been taken care of and will
 remove these from the STATUS file before
 tag if someone doesn;t beat me to it first.
 
 Will roll the tarball 24 hours from the tag to give
 time for some testing.
 
 Bill
 
 
 
 


__
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

Re: [PATCH] fix --enable-mods-shared=most for compiled-in modules

[Ryan Bloom]

On Tuesday 02 October 2001 11:29 am, Aaron Bannert wrote:

Committed.

Thanks,

Ryan

 On Mon, Oct 01, 2001 at 09:20:41PM -0700, Ryan Bloom wrote:
  We should fix the configure script so that it automatically adds the
  LoadModule line, just like it did in 1.3.

 This patch fixes the problem described in the STATUS file whereby modules
 that are compiled-in by default would not be enabled as DSOs when the
 --enable-mods-shared=most parameter was passed to configure.

 A new enable state was invented: static. This is specified as a param
 to the APACHE_MODULE() macro to specify that a particular module shall
 not be compiled as a DSO (unless specifically overridden by name). mod_so
 and mod_http have been set to static in this patch.

 This patch should not affect anyone who normally omits
 --enable-mods-shared from their configure parameters.

 I will follow up this patch in a few days with a patch to have configure
 properly build the LoadModule directives for httpd.conf at install time
 (as noted by Ryan above and in the STATUS diff below)...

 -aaron


 Index: STATUS
 ===
 RCS file: /home/cvspublic/httpd-2.0/STATUS,v
 retrieving revision 1.297
 diff -u -r1.297 STATUS
 --- STATUS2001/09/28 17:53:02 1.297
 +++ STATUS2001/10/02 18:17:28
 @@ -95,12 +95,9 @@
to make it agree with the operation of the StartServers
directive.

 -* configure --enable-mods-shared=most option has issues.  Example:
 -
 -  ./configure --enable-mods-shared=most
 -
 -This builds mod_headers as a DSO (good) but builds mod_mime
 -as a compiled-in module (bad).
 +* Fix the configure script to add a LoadModule directive to
 +  the default httpd.conf for any module that was compiled
 +  as a DSO.

  * revamp the input filter semantics, per discussions since
February (and especially at the hackathon last
 Index: acinclude.m4
 ===
 RCS file: /home/cvspublic/httpd-2.0/acinclude.m4,v
 retrieving revision 1.101
 diff -u -r1.101 acinclude.m4
 --- acinclude.m4  2001/09/30 07:57:14 1.101
 +++ acinclude.m4  2001/10/02 18:17:29
 @@ -199,6 +199,7 @@
  dnl   yes  -- enabled by default. user must explicitly disable.
  dnl   no   -- disabled under default, most, all. user must explicitly
 enable. dnl   most -- disabled by default. enabled explicitly or with most
 or all. +dnl   static -- enabled as static by default, must be explicitly
 changed. dnl  -- disabled under default, most. enabled explicitly or
 with all. dnl
  dnl basically: yes/no is a hard setting. most means follow the most
 @@ -218,11 +219,16 @@
else
  _apmod_error_fatal=yes
fi
 -  if test $enable_$1 = most; then
 +  if test $enable_$1 = static; then
 +enable_$1=yes
 +  elif test $enable_$1 = yes; then
 +enable_$1=$module_default
 +_apmod_extra_msg= ($module_selection)
 +  elif test $enable_$1 = most; then
  if test $module_selection = most -o $module_selection = all;
 then enable_$1=$module_default
_apmod_extra_msg= ($module_selection)
 -else
 +elif test $enable_$1 != yes; then
enable_$1=no
  fi
elif test $enable_$1 = maybe-all; then
 Index: modules/http/config2.m4
 ===
 RCS file: /home/cvspublic/httpd-2.0/modules/http/config2.m4,v
 retrieving revision 1.1
 diff -u -r1.1 config2.m4
 --- modules/http/config2.m4   2001/04/18 20:56:04 1.1
 +++ modules/http/config2.m4   2001/10/02 18:17:29
 @@ -4,7 +4,8 @@

  http_objects=http_core.lo http_protocol.lo http_request.lo

 -APACHE_MODULE(http, HTTP protocol handling, $http_objects, , yes)
 +dnl mod_http freaks out when built as a DSO
 +APACHE_MODULE(http, HTTP protocol handling, $http_objects, , static)
  APACHE_MODULE(mime, mapping of file-extension to MIME, , , yes)

  APACHE_MODPATH_FINISH
 Index: modules/mappers/config9.m4
 ===
 RCS file: /home/cvspublic/httpd-2.0/modules/mappers/config9.m4,v
 retrieving revision 1.3
 diff -u -r1.3 config9.m4
 --- modules/mappers/config9.m42001/04/29 05:24:10 1.3
 +++ modules/mappers/config9.m42001/10/02 18:17:29
 @@ -23,7 +23,7 @@
  dnl ### it here. we need to shift *this* config.m4 to be last or we
  dnl ### need to find a different way to set up this default and module
 spec. if test $sharedobjs = yes; then
 -APACHE_MODULE(so, DSO capability, , , yes)
 +APACHE_MODULE(so, DSO capability, , , static)
  else
  APACHE_MODULE(so, DSO capability, , , no)
  fi

-- 

__
Ryan Bloom  [EMAIL PROTECTED]
Covalent Technologies   [EMAIL PROTECTED]
--

RE: Apache 1.3.21 tag this evening....

[BIXBY,MARK (HP-Cupertino,ex1)]

MPE is still 1.3.x pre-fork only.

As part of my day job, I will start a project in December to update the
bundled Apache server within the MPE OS to the latest  greatest 1.3.x
version.  If I have time, I may also investigate 2.x and threading.  So far
nobody has yet played with Apache 2.x on MPE to the best of my knowledge.

- Mark B. (aka [EMAIL PROTECTED])

 -Original Message-
 From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, October 03, 2001 9:45 AM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: Re: Apache 1.3.21 tag this evening
 
 
 Is MPE actually a threaded server, or am I simply confused?

[PATCH] Build Apache 1.3 on Darwin 1.4.1, MacOS X 10.1

[Sander Temme]

All,

The following patch lets Apache build on the MacOSX 10.1 platform:

===
RCS file: /home/cvspublic/apache-1.3/src/Configure,v
retrieving revision 1.433
diff -u -r1.433 Configure
--- Configure   2001/10/03 12:59:03 1.433
+++ Configure   2001/10/03 18:27:19
@@ -1149,7 +1149,14 @@
*-apple-rhapsody* | *-apple-darwin* )
LD_SHLIB=cc
CFLAGS_SHLIB=
-   LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress'
+   case $PLAT in
+   *-apple-darwin1.4 )
+   LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined
suppress -flat_namespace'
+   ;;
+   * )
+   LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined
suppress'
+   ;;
+   esac
LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
LDFLAGS_SHLIB_EXPORT=
SHLIB_SUFFIX_DEPTH=0
===

Discussion: 
On 10.1 (Darwin 1.4.1), Apple introduced a feature called Two-Level
Namespace Executables where symbols are recorded along with the library they
are to be loaded from. Cool feature, but it breaks the Apache build because
it doesn't allow leaving symbols undefined. My patch moves us back to the
flat namespace. 

Apple themselves attempt to fix this the correct way (from the src/Configure
in the package that the MacOSX/Darwin apache is built with):

LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -bundle_loader /usr/sbin/httpd'

...where they provide the file that contains the missing symbols. However,
this has two disadvantages: 1) hard-coding a path to the executable 2)
expects to find an executable already compiled, so this will only build on
systems that already have a httpd in that place. Chicken and egg. If my
impression from the make output is correct, httpd gets linked *last* so will
not be available for its modules to link against. So, I suggest to go back
to the old ways for now.

Test status: Works On My Laptop. (:

S.

-- 
Covalent Technologies [EMAIL PROTECTED]
Engineering groupVoice: (415) 536 5214
645 Howard St. Fax: (415) 536 5210
San Francisco CA 94105

   PGP Fingerprint: 1E74 4E58 DFAC 2CF5 6A03  5531 AFB1 96AF B584 0AB1

===
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message
===

RE: Apache 1.3.21 tag this evening....

[David McCreedy]

I'm hitting a fatal compilation error on TPF with some accept mutex code
what was added.
I was unaware of these changes but believe it was part of the
make-accept-mutex-method-runtime patch.
(I didn't realize the changes affected TPF-specific code until today.)

I think I have a fix but won't be able to test it for several hours (7pm
Eastern Time).
Can the tag wait until I've tested and submitted this fix?

-David

input filter changes/breaking in proxy

[Ian Holsman]

hey guys.
I'm trying to debug a problem with the reverse proxy in the
latest CVS HEAD.
It seems to be handing in ap_proxy_read_string, while doing a blocking
read with 'ap_get_brigade'

Is anyone else having this problem? I'm not doing anything 'smart'
just a plain ProxyPass /test/ http://foo/test/ 

..Ian

Re: [PATCH] mod_negotiation, suffix order

[Francis Daly]

On Tue, Oct 02, 2001 at 08:33:21PM -0500, William A.  Rowe, Jr.  wrote:

   I am very impressed by this idea for Apache 2.0.  But I don't like the
 many to many mapping.  If we change your underlying rule here to require
 that each filename extension is passed in sequence, I would be _very_ 
 happy to commit this patch :)  E.g. index.en _could_ match index.html.en.
 But index.en.html would _not_ match index.html.en.

By that, I take it you mean something like a requirement (5), or
perhaps (3b), to be added to the description below, along the lines of
(3b)each .suffix in r-filename must exist in the real filename, in
the same sequence as they were in r-filename?  (r-filename here
means the bit of it after the final /)

 The requirements are (1)r-filename up to the first dot must match the
 real filename up to the first dot; (2)r-filename may not be longer
 than the real filename; (3)each .suffix in r-filename must exist
 (string match) in the real filename; (4)the real filename must
 correspond to a known mime-type, encoding, etc -- which I think means
 that the final suffix must be known, and only suffixes followed by
 known suffixes are considered.

[ I note that others feel that (1) above should be replaced with
something more like all of r-filename must match the start of the
real filename, which would make the remainder of this mail
irrelevant.  I'll continue anyway, but feel free to bin it if this is
the Wrong Thing ]

In case my interpretation of (3b) is unclear: as a (hopefully)
complete example, given the file name.a.b.x.cd.e.f, and presuming
that x is the only suffix which is _not_ a recognised mime extension
(type, language, encoding, whatever) then which of the following
requests should be accepted, and which not?

name
name.a
name.a.b
name.a.c
name.a.cd
name.b.c.e
name.b.x.e.f
name.e
name.x.c
name.x.f
name.a.b...f

name.b.a
name.a.b.f.c
name.x.b
name.c.x
name.f.e

name.e.
name.e.e
name.f.

(my understanding is that the first group should all be passed down as
possibilities, the second group shouldn't, and the third group could
be anything.  I'd plump for yes for all three, probably.)

And for extra fun, which would be different if the file were called
name.a.b.x.cd.e.f.e.

(my understanding is that the third group definitely becomes yes,
name.f.e from the second group becomes yes, and the rest stay as
they were.)

As mentioned in the earlier mail, this patch just decides whether or
not to allow the file as a possibility -- later code gets a shot at
deciding how to handle the suffixes, so if any of the trailing
not-explicitly-listed-in-r-filename suffixes aren't actually
recognised, the only way to get the file would be to request it
by the full name, and therefore bypass mod_negotiation.

For the specific example above, this means that the only requests that
would actually return the file would be name.b.x.e.f, name.x.c, and
name.x.f

The change to the patch to limit the matches as described above is
mostly straightforward -- instead of starting each strstr() at the
start of name, start it at the point of the previous match (either
the start or the end -- it'd presumably make a difference if someone
requests file.html.html).

A new const char * which points into dirent.name is the only addition
over the previous patch.  However, unless someone has a
case-insensitive strstr() lying around, the CASE_BLIND_FILESYSTEM
cases won't work sensibly -- the name part would match
insensitively, but each suffix won't.

I'm including the reworked patch below, in case it's considered
useful.  Written and somewhat tested against mod_negotiation.c from
httpd-2.0.25; it applies cleanly to CVS version 1.84.

f
-- 
Francis Daly[EMAIL PROTECTED]

=

--- mod_negotiation.c.orig  Tue Aug 28 04:08:31 2001
+++ mod_negotiation.c   Wed Oct  3 21:44:12 2001
@@ -1019,6 +1019,11 @@
 struct var_rec mime_info;
 struct accept_rec accept_info;
 void *new_var;
+char *pos;
+int pos_len;
+int not_this_dirent;/* actually, boolean. */
+int dots_in_request = 0;/* 1 == one dot, 2 == some dots */
+const char *dpos;   /* points into the dirent.name */
 int anymatch = 0;
 
 clean_var_rec(mime_info);
@@ -1041,20 +1046,92 @@
 return HTTP_FORBIDDEN;
 }
 
+if ((pos = strchr(filp, '.'))) {
+dots_in_request = 1;
+if (strchr(++pos, '.')) {
+dots_in_request = 2;
+}
+}
+
 while (apr_dir_read(dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) {
 apr_array_header_t *exception_list;
 request_rec *sub_req;
 
-/* Do we have a match? */
+if (!dots_in_request) {
+
+/* Given name, check for name. */
 #ifdef CASE_BLIND_FILESYSTEM
-if (strncasecmp(dirent.name, filp, prefix_len)) {
+if (strncasecmp(dirent.name, filp, prefix_len)) {
 #else
-if (strncmp(dirent.name, filp, prefix_len)) {
+if 

Recent Input Filter changes breaking reverse proxy --repost

[Ian Holsman]

hey guys.
I'm trying to debug a problem with the reverse proxy in the
latest CVS HEAD.
It seems to be handing in ap_proxy_read_string, while doing a blocking
read with 'ap_get_brigade'

Is anyone else having this problem? I'm not doing anything 'smart'
just a plain ProxyPass /test/ http://foo/test/

..Ian

Re: BaseAddress.ref needed?

[Günter Knauf]

Hi Bill,
 My only problem is that I don't want to even try maintaining such a beast.
 IMHO, it's better if they express their /BASE:0x directly.  
I'm also too lazy, so I made a quick hack in perl which could do the beast for us. 
My idea is using a file modules.def which defines the Apache shipping modules, and a 
second mymodules.def which is appended when present. modules.def ships with Apache and 
everyone who is using own modules has only to maintain a small mymodules.def with the 
modules he uses. So you can reorder, comment out, insert modules and make a gap just 
as you like, the script does the rest. The module definition is simply the name and 
the bytes separated by comma.

What do you think? 

Guenter.

 mkbaseref.zip

Re: Apache 1.3.21 tag this evening....

[Bill Stoddard]

I'll hold off on the tag for a few hours more.

Bill

- Original Message - 
From: David McCreedy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 3:17 PM
Subject: RE: Apache 1.3.21 tag this evening


 
 I'm hitting a fatal compilation error on TPF with some accept mutex code
 what was added.
 I was unaware of these changes but believe it was part of the
 make-accept-mutex-method-runtime patch.
 (I didn't realize the changes affected TPF-specific code until today.)
 
 I think I have a fix but won't be able to test it for several hours (7pm
 Eastern Time).
 Can the tag wait until I've tested and submitted this fix?
 
 -David
 
 

1.3 src/Configure

[Rodent of Unusual Size]

I know I was one of the last holdouts that used the old
src/Configure method, before being converted to APACI.
Which suddenly makes me wonder.. is there *anyone* that
still uses src/Configure?  Does anyone know if it still
works? :-)
-- 
#kenP-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

All right everyone!  Step away from the glowing hamburger!

Re: 1.3 src/Configure

[David McCreedy]

Yes... src/Configure is used on TPF.
And it still works.

-David



   

Rodent of  

Unusual Size To: Apache Developers 
[EMAIL PROTECTED]  
Ken.Coar@Golu   cc:   

x.Com   Subject: 1.3 src/Configure

   

10/03/2001 

05:53 PM   

Please respond 

to dev 

   

   




I know I was one of the last holdouts that used the old
src/Configure method, before being converted to APACI.
Which suddenly makes me wonder.. is there *anyone* that
still uses src/Configure?  Does anyone know if it still
works? :-)
--
#ken   P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

All right everyone!  Step away from the glowing hamburger!

[PATCH] TPF http_main.c change for 1.3.21

[David McCreedy]

Here is the http_main.c change to fix the compilation error on TPF.
It's change is within an #if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)
block of code so it should not affect any other platforms.

Thank you,

David McCreedy

[PATCH (again)] TPF http_main.c change for 1.3.21

[David McCreedy]

Here is the http_main.c change to fix the compilation error on TPF.
(I omitted the actual patch on my first note.)
It's change is within an #if defined(HAVE_TPF_CORE_SERIALIZED_ACCEPT)
block of code so it should not affect any other platforms.

Thank you,

David McCreedy



diff -ru3 before/src/main/http_main.c after/src/main/http_main.c
--- before/src/main/http_main.c Wed Oct  3 19:30:29 2001
+++ after/src/main/http_main.c  Wed Oct  3 19:28:44 2001
@@ -1074,7 +1074,9 @@
 coruc(RESOURCE_KEY);
 }
 
-#define accept_mutex_init_tpfcore(x)
+static void accept_mutex_init_tpfcore(pool *foo)
+{
+}
 
 static void accept_mutex_child_init_tpfcore(pool *p)
 {

Re: 1.3 src/Configure

[Sander Temme]

on 10/3/01 4:53 PM, Rodent of Unusual Size at [EMAIL PROTECTED] wrote:

 I know I was one of the last holdouts that used the old
 src/Configure method, before being converted to APACI.
 Which suddenly makes me wonder.. is there *anyone* that
 still uses src/Configure?  Does anyone know if it still
 works? :-)

Isn't apache-1.3/src/Configure called by apache-1.3/configure ? At least,
when I fixed my build in src/Configure, things started working. See my patch
of earlier today. 

S.

-- 
Covalent Technologies [EMAIL PROTECTED]
Engineering groupVoice: (415) 536 5214
645 Howard St. Fax: (415) 536 5210
San Francisco CA 94105

   PGP Fingerprint: 1E74 4E58 DFAC 2CF5 6A03  5531 AFB1 96AF B584 0AB1

===
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message
===

Re: BaseAddress.ref needed?

[William A. Rowe, Jr.]

Nope.

Maintaining a list of base addresses implies some intimate knowledge of the size
of the code segment, which we aren't privy to, and will change over a modules'
lifetime based on the type of compilation and whether it draws in static or
dynamic libraries.

It also presumes perl is installed - something others have criticized me before.
That's why we've settled on awk.

Bill

- Original Message -
From: Günter Knauf [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 4:52 PM
Subject: Re: BaseAddress.ref needed?


Hi Bill,
 My only problem is that I don't want to even try maintaining such a beast.
 IMHO, it's better if they express their /BASE:0x directly.
I'm also too lazy, so I made a quick hack in perl which could do the beast for us.
My idea is using a file modules.def which defines the Apache shipping modules, and a 
second mymodules.def which is appended when
present. modules.def ships with Apache and everyone who is using own modules has only 
to maintain a small mymodules.def with the
modules he uses. So you can reorder, comment out, insert modules and make a gap just 
as you like, the script does the rest. The
module definition is simply the name and the bytes separated by comma.

What do you think?

Guenter.

[PATCH] Remove the Port directive.

[Ryan Bloom]

This patch completely deprectates the Port directive.  The ServerName
directive is now overloaded, so that admins specify the port and name on
the same directive.  It also makes Listen a required directive.  Pay attention
to that.  There are no default ports with this patch.  If your config doesn't have
a Listen directive, the server doesn't start, and it emits an error.

I am a bit hesitant to commit this without some feedback, because it is a pretty
major change.  Before I commit this, I will update all of the docs.

Thoughts?

Ryan

? build.log
? build.err
? modules/httpd-pop3
? srclib/apr/build.log
? srclib/apr/build.err
? srclib/apr/test/build.log
? srclib/apr/test/build.err
Index: docs/conf/httpd-std.conf
===
RCS file: /home/cvs/httpd-2.0/docs/conf/httpd-std.conf,v
retrieving revision 1.52
diff -u -d -b -w -u -r1.52 httpd-std.conf
--- docs/conf/httpd-std.conf2001/10/03 18:56:38 1.52
+++ docs/conf/httpd-std.conf2001/10/04 02:49:00
@@ -231,12 +231,6 @@
 #
 
 #
-# Port: The port to which the standalone server listens. For
-# ports  1023, you will need httpd to be run as root initially.
-#
-Port @@Port@@
-
-#
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.  
 #
@@ -270,7 +264,7 @@
 # You will have to access it by its address (e.g., http://123.45.67.89/)
 # anyway, and this will make redirections work in a sensible way.
 #
-#ServerName new.host.name
+#ServerName new.host.name:80
 
 #
 # DocumentRoot: The directory out of which you will serve your
Index: server/core.c
===
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.64
diff -u -d -b -w -u -r1.64 core.c
--- server/core.c   2001/09/29 08:33:02 1.64
+++ server/core.c   2001/10/04 02:49:02
@@ -1603,15 +1603,27 @@
 return NULL;
 }
 
-static const char *server_port(cmd_parms *cmd, void *dummy, const char *arg)
+static const char *server_hostname_port(cmd_parms *cmd, void *dummy, const char *arg)
 {
 const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+const char *portstr;
+const char *server;
 int port;
 
 if (err != NULL) {
return err;
 }
-port = atoi(arg);
+portstr = ap_strchr_c(arg, ':');
+if (portstr) {
+cmd-server-server_hostname = apr_pstrndup(cmd-pool, arg, 
+portstr - arg);
+portstr++;
+port = atoi(portstr);
+}
+else {
+cmd-server-server_hostname = apr_pstrdup(cmd-pool, arg);
+port = 80;
+}
 if (port = 0 || port = 65536) { /* 65536 == 116 */
return apr_pstrcat(cmd-temp_pool, The port number \, arg, 
  \ is outside the appropriate range 
@@ -2411,7 +2423,8 @@
 
 /* Old server config file commands */
 
-AP_INIT_TAKE1(Port, server_port, NULL, RSRC_CONF, A TCP port number),
+AP_INIT_TAKE1(Port, ap_set_deprecated, NULL, RSRC_CONF, 
+  Port was replaced with Listen in Apache 2.0),
 AP_INIT_TAKE1(HostnameLookups, set_hostname_lookups, NULL,
   ACCESS_CONF|RSRC_CONF,
   \on\ to enable, \off\ to disable reverse DNS lookups, or \double\ to 
@@ -2419,9 +2432,8 @@
 AP_INIT_TAKE1(ServerAdmin, set_server_string_slot,
   (void *)APR_XtOffsetOf (server_rec, server_admin), RSRC_CONF,
   The email address of the server administrator),
-AP_INIT_TAKE1(ServerName, set_server_string_slot,
-  (void *)APR_XtOffsetOf (server_rec, server_hostname), RSRC_CONF,
-  The hostname of the server),
+AP_INIT_TAKE1(ServerName, server_hostname_port, NULL, RSRC_CONF,
+  The hostname and port of the server),
 AP_INIT_TAKE1(ServerSignature, set_signature_flag, NULL, OR_ALL,
   En-/disable server signature (on|off|email)),
 AP_INIT_TAKE1(ServerRoot, set_server_root, NULL, RSRC_CONF,
Index: server/listen.c
===
RCS file: /home/cvs/httpd-2.0/server/listen.c,v
retrieving revision 1.61
diff -u -d -b -w -u -r1.61 listen.c
--- server/listen.c 2001/08/13 04:57:34 1.61
+++ server/listen.c 2001/10/04 02:49:03
@@ -273,11 +273,10 @@
 ap_listen_rec *next;
 int num_open;
 
-/* allocate a default listener if necessary */
-if (ap_listeners == NULL) {
-   alloc_listener(process, NULL, (apr_port_t)(port ? port : DEFAULT_HTTP_PORT));
-}
-
+/* Don't allocate a default listener.  If we need to listen to a
+ * port, then the user needs to have a Listen directive in their
+ * config file.
+ */
 num_open = 0;
 for (lr = ap_listeners; lr; lr = lr-next) {
if (lr-active) {


__
Ryan Bloom  [EMAIL PROTECTED]
Covalent Technologies   [EMAIL PROTECTED]
--

Re: [PATCH] Remove the Port directive.

[Cliff Woolley]

On Wed, 3 Oct 2001, Ryan Bloom wrote:

 This patch completely deprectates the Port directive.  The ServerName
 directive is now overloaded, so that admins specify the port and name
 on the same directive.  It also makes Listen a required directive.
 Pay attention to that.  There are no default ports with this patch.
 If your config doesn't have a Listen directive, the server doesn't
 start, and it emits an error.

+1.  Port vs. Listen has always been one of the things people just can't
seem to figure out no matter how carefully we try to explain it.  Doing it
through ServerName makes it much more clear what's going on.

--Cliff

--
   Cliff Woolley
   [EMAIL PROTECTED]
   Charlottesville, VA

Re: [PATCH] Remove the Port directive.

[Aaron Bannert]

On Wed, Oct 03, 2001 at 08:35:04PM -0700, Ryan Bloom wrote:
 The thing that concerns me the most, is that there is no default Port.  If people
 can accept that change, then I think this is the right way to go.

I think you meant there is no default listener.

So what happens with this patch if you don't specify a listener?

-aaron

Re: [PATCH] Remove the Port directive.

[William A. Rowe, Jr.]

From: Ryan Bloom [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 10:24 PM


 
 This patch completely deprectates the Port directive.  The ServerName
 directive is now overloaded, so that admins specify the port and name on
 the same directive.  It also makes Listen a required directive.  Pay attention
 to that.  There are no default ports with this patch.  If your config doesn't have
 a Listen directive, the server doesn't start, and it emits an error.
 
 I am a bit hesitant to commit this without some feedback, because it is a pretty
 major change.  Before I commit this, I will update all of the docs.

++1, that's the way :)

 Thoughts?

We've already killed BindAddress, no?  If not, we need to :) 

[STATUS] (apache-1.3) Wed Oct 3 23:45:07 EDT 2001

[Rodent of Unusual Size]

APACHE 1.3 STATUS:  -*-text-*-
  Last modified at [$Date: 2001/10/03 18:39:38 $]

Release:

   1.3.21: In development - Bill Stoddard has proposed a TR soon,
 (tag scheduled 10/3 2330Z or thereabouts)
   1.3.20: Tagged and rolled May 15, 2001. Announced May 21, 2001.
   1.3.19: Tagged and rolled Feb 26, 2001. Announced Mar 01, 2001.
   1.3.18: Not released.
 (Pulled because of an incorrect unescaping fix. t/r Feb 19, 2001)
   1.3.17: Tagged and rolled Jan 26, 2001. Announced Jan 29, 2001.
   1.3.16: Not released.
 (Pulled because of vhosting bug. t/r Jan 20, 2001)
   1.3.15: Not released.
 (Pulled due to CVS dumping core during the tagging when it
  reached src/os/win32/)
   1.3.14: Tagged and Rolled Oct 10, 2000.  Released/announced on the 13th.
   1.3.13: Not released.
 (Pulled in the first minutes due to a Netware build bug)
   1.3.12: Tagged and rolled Feb. 23, 2000. Released/announced on the 25th.
   1.3.11: Tagged and rolled Jan. 19, 2000. Released/announced on the 21st.
   1.3.10: Not released.
 (Pulled at last minute due to a build bug in the MPE port)
1.3.9: Tagged and rolled on Aug. 16. Released and announced on 19th.
1.3.8: Not released.
1.3.7: Not released.
1.3.6: Tagged and rolled on Mar. 22. Released and announced on 24th.
1.3.5: Not released.
1.3.4: Tagged and rolled on Jan. 9.  Released on 11th, announced on 12th.
1.3.3: Tagged and rolled on Oct. 7.  Released on 9th, announced on 10th.
1.3.2: Tagged and rolled on Sep. 21. Announced and released on 23rd.
1.3.1: Tagged and rolled on July 19. Announced and released.
1.3.0: Tagged and rolled on June 1.  Announced and released on the 6th.
   
2.0  : In alpha development, see httpd-2.0 repository

RELEASE SHOWSTOPPERS:

Security issues posted to the appropriate list.
  Status: backport of httpd-2.0/modules/mappers/mod_negotation.c 1.83
  fixes the only remaining negotiation bugaboo.

RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:

* htpasswd.c and htdigest.c use tmpnam()... consider using
  mkstemp() when available.
Message-ID: [EMAIL PROTECTED]
Status:

* Dean's unescaping hell (unescaping the various URI components
  at the right time and place, esp. unescaping the host name).
Message-ID: [EMAIL PROTECTED]
Status:

* Martin observed a core dump because a ipaddr_chain struct contains
  a NULL-server pointer when being dereferenced by invoking httpd -S.
Message-ID: [EMAIL PROTECTED]
Status: Workaround enabled. Clean solution can come after 1.3.19

* long pathnames with many components and no AllowOverride None
  Workaround is to define Directory / with AllowOverride None,
  which is something all sites should do in any case.
Status: Marc was looking at it.

* Ronald Tschalär's patch to mod_proxy to allow other modules to
  set headers too (needed by mod_auth_digest)
Message-ID: [EMAIL PROTECTED]
Status:


Documentation that needs writing:


Available Patches (Most likely, these will not be added to the official
1.3 tree, but instead should be ported to 2.0):

   *  A rewrite of ap_unparse_uri_components() by Jeffrey W. Baker
 [EMAIL PROTECTED] to more fully close some segfault potential.
Message-ID: Pine.LNX.4.21.0102102350060.6815-20@desktop
Status:  Jim +1 (for 1.3.19), Martin +0

* Patch from C. Bottelier [EMAIL PROTECTED] to run
Apache without daemonizing the parent process. PR#7040
Status: fanf +1 (except it needs docs)

* Andrew Ford's patch (1999/12/05) to add absolute times to mod_expires
Message-ID: [EMAIL PROTECTED]
Status: Martin +1, Jim +1, Ken +1 (on concept)

* Raymond S Brand's path to mod_autoindex to fix the header/readme
  include processing so the envariables are correct for the included
  documents.  (Actually, there are two variants in the patch message,
  for two different ways of doing it.)
Message-ID: [EMAIL PROTECTED]
Status: Martin +1(concept)

* Jayaram's patch (10/27/99) for changes to mod_autoindex
 
Problem 1:

AddIcon (alttext,icon) ^^DIRECTORY^^ 
and 
AddIcon (alttext,icon) ^^BLANKICON^^ 
should be able to set the alternate text and icon file for any
directory/blankicon in a directory listing. This was not happening
because the alternate text for ^^DIRECTORY^^ and ^^BLANKICON^^ were
hardcoded to  DIR and respectively.
  Status: resolved in Apache 2.0

Problem 2:
-
IndexIgnore file-extension should hide the files with this file-
extension in directory listings. This was NOT happening because the 
total filename 

[STATUS] (httpd-2.0) Wed Oct 3 23:45:14 EDT 2001

[Rodent of Unusual Size]

APACHE 2.0 STATUS:  -*-text-*-
Last modified at [$Date: 2001/10/03 17:47:50 $]

Release:

2.0.25  : rolled August 29, 2001
2.0.24  : rolled August 18, 2001
2.0.23  : rolled August 9, 2001
2.0.22  : rolled July 29, 2001
2.0.21  : rolled July 20, 2001
2.0.20  : rolled July 8, 2001
2.0.19  : rolled June 27, 2001
2.0.18  : rolled May 18, 2001
2.0.17  : rolled April 17, 2001
2.0.16  : rolled April 4, 2001
2.0.15  : rolled March 21, 2001
2.0.14  : rolled March 7, 2001
2.0a9   : released December 12, 2000
2.0a8   : released November 20, 2000
2.0a7   : released October 8, 2000
2.0a6   : released August 18, 2000
2.0a5   : released August 4, 2000
2.0a4   : released June 7, 2000
2.0a3   : released April 28, 2000
2.0a2   : released March 31, 2000
2.0a1   : released March 10, 2000

Please consult the following STATUS files for information
on related projects:

* srclib/apr/STATUS
* srclib/apr-util/STATUS
* docs/STATUS

RELEASE SHOWSTOPPERS:

* Revert to a 1.3 behavior and allow a non-file request to travel
  through the request cycle.  If any request gets to the core handler,
  without a flag that this r-filename was tested by dir/file_walk,
  then we 500 at the very end of the request cycle.  This provides
  authors of older modules better compatibility, while still improving
  the security and robustness of 2.0.  This does not remove the new
  map_to_storage hook itself, but makes it optional for some cases.
Status: still need to decide where this goes, OtherBill comments...
Message-ID: 065701c14526$495203b0$[EMAIL PROTECTED]
we need to look at halting this in the 'default handler' case,
and that implies pushing the 'handler election' into the request
internal processing phase from the run request phase.

* There is a bug in how we sort some hooks, at least the pre-config
  hook.  The first time we call the hooks, they are in the correct 
  order, but the second time, we don't sort them correctly.  Currently,
  the modules/http/config.m4 file has been renamed to 
  modules/http/config2.m4 to work around this problem, it should moved
  back when this is fixed.rbb

* The Add...Filter and Set...Filter directives do not allow the
  administrator to order filters, beyond the order of filename (mime)
  extensions.  It isn't clear if Set...Filter(s) should be inserted 
  before or after the Add...Filter(s) which are ordered by sequence of
  filename extensions.  Add...FilterByType will add to this quandry.
  Some sort of resolution needs to be proposed, 

* mod_dir should normally redirect ALL directory requests which do
  not include a trailing slash on the URI. However, if a notes
  flag is set (say, via BrowserMatch), this behavior will be
  disabled for non-GET requests.
Status: Greg volunteers
MsgId: [EMAIL PROTECTED]
MsgId: [EMAIL PROTECTED]

* mod_negotiation will not serve a request when an early extention
  is understood, but a later extention is not.  e.g. if the request
  index.html.bak is recieved, and negotition could find the file
  index.html.bak.en, it still won't be served because the 
  ap-mime-exception-list will contain index and bak, and the
  string index.bak doesn't match index.html.bak.  Need to
  review the ap-mime-exception-list component by component to be
  allow these cases.  [This could be part of a patch to allow the
  name index.bak in the case above to match index.html.bak.en]

* mod_negotiation needs a new option or directive, something like
  ForceLanguagePriority, to fall back to the LanguagePriority
  directive instead of returning a no acceptable variant error.
Status: Bill has some code in his tree that accomplishes
this, and will commit it Friday after it's tested.

* Usability: Sanitize the MPM config directives.  MaxClients in 
  the threaded MPM is totally misleading now as it has little to
  do with limiting the number of clients (it limits the number
  of child processes). Bill proposed nomenclature change to
  something like StartWorkers, MaxWorkers, etc. that could 
  apply to most all the MPMs (with some notable exceptions).
  Bill would be happy with changing MaxClients to MaxServers
  to make it agree with the operation of the StartServers
  directive.

* Fix the configure script to add a LoadModule directive to
  the default httpd.conf for any module that was compiled
  as a DSO.

* revamp the input filter semantics, per discussions since
  February (and especially at the hackathon last
  April). Specifically, ap_get_brigade will return a brigade with
  *up to* a specific number of bytes, or a line of data. The
  read may be blocking or 

Re: [Patch 1.3] mod_usertrack backport

[William A. Rowe, Jr.]

Last chance, going once... going twice - need two +1's before I'm willing
to commit this before 1.3.21 rolls.  Sure looks BDSS to me.

- Original Message - 
From: William A. Rowe, Jr. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 02, 2001 12:19 PM
Subject: [Patch 1.3] mod_usertrack backport


 When I was fixing mod_usertrack in 2.0, I was referring back to the
 1.3 behavior and discovered two bits;
 
 1. we waste a ton of time expanding dates that don't need expanding
 
 2. there is still the 'millenial hack' that should be unneccessary now
 
 Any opinions on committing this patch for 1.3.21's release?  I'm +1.
 If concensus says 'yea', I'm happy to apply, or FirstBill is welcome to 
 beat me to it.
 
 Bill
 
 
 

 mod_usertrack.patch

RE: [PATCH] Remove the Port directive.

[MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)]

That's really cool.. I was just thinking about it today, and there's already
a solution for it.. Especially with httpd-ssl.conf, it'd have been rally
confusing for the user to configure the port number for http in 2 places..

-Madhu

-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 03, 2001 8:38 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PATCH] Remove the Port directive.


From: Ryan Bloom [EMAIL PROTECTED]
Sent: Wednesday, October 03, 2001 10:24 PM


 
 This patch completely deprectates the Port directive.  The ServerName
 directive is now overloaded, so that admins specify the port and name on
 the same directive.  It also makes Listen a required directive.  Pay
attention
 to that.  There are no default ports with this patch.  If your config
doesn't have
 a Listen directive, the server doesn't start, and it emits an error.
 
 I am a bit hesitant to commit this without some feedback, because it is a
pretty
 major change.  Before I commit this, I will update all of the docs.

++1, that's the way :)

 Thoughts?

We've already killed BindAddress, no?  If not, we need to :)