Perl framework 'server exited' on AIX

[Rodent of Unusual Size]

When trying to run vanilla 't/TEST' on AIX, with httpd-2.0 HEAD,
I'm getting a

waiting for server to start: 00:00
server has died with status 255 (please examine t/logs/error_log)

Checking the logfile, and the running system, reveals this to
be a canard.  The server *is* started.  I can't even get it
to return a non-zero exit status with a real startup failure
and -DONE_PROCESS -DNO_DETACH, so I don't know where the 255
is coming from..

Any thoughts?  Is there a switch I can pass to t/TEST, or
'perl t-TEST', that's the equivalent of bash's -xv?
-- 
#kenP-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

Millenium hand and shrimp!

Re: Perl framework 'server exited' on AIX

[john sachs]

same thing happens on HPUX.  dunno what the deal is.  i just 't/TEST -run' 
after that and go on testing...

On Fri, Jan 25, 2002 at 04:19:45PM -0500, Rodent of Unusual Size wrote:
+ When trying to run vanilla 't/TEST' on AIX, with httpd-2.0 HEAD,
+ I'm getting a
+ 
+ waiting for server to start: 00:00
+ server has died with status 255 (please examine t/logs/error_log)
+ 
+ Checking the logfile, and the running system, reveals this to
+ be a canard.  The server *is* started.  I can't even get it
+ to return a non-zero exit status with a real startup failure
+ and -DONE_PROCESS -DNO_DETACH, so I don't know where the 255
+ is coming from..
+ 
+ Any thoughts?  Is there a switch I can pass to t/TEST, or
+ 'perl t-TEST', that's the equivalent of bash's -xv?
+ -- 
+ #ken  P-)}
+ 
+ Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
+ Author, developer, opinionist  http://Apache-Server.Com/
+ 
+ Millenium hand and shrimp!

Re: Apache2 mod_auth_ldap

[Graham Leggett]

Günter Knauf wrote:

 can someone please explain how I can create apr_ldap.h on Win32 and
 what additional defines are needed in the project in order to build mod_auth_ldap?

I am not sure how to do this on win32, however you need to include
--with-ldap to switch on LDAP support in APR-util, then you need to
enable two modules: mod_ldap and mod_auth_ldap. If you only enable
mod_auth_ldap it won't work.

Regards,
Graham
-- 
-
[EMAIL PROTECTED]There's a moon
over Bourbon Street
tonight...


smime.p7s
Description: S/MIME Cryptographic Signature

Any way to return an error on the create_conn hook?

[Bill Stoddard]

I have a module that implements a create_conn hook that can detect error conditions
requiring the HTTP request to be failed.  If I return NULL from the create_conn hook 
in my
failure case, the default core hook gets run which is NOT what I want to happen. I'd 
like
to be able to return something like -1 to tell the hook code that the request failed 
and
to not attempt to run other create_conn hooks.

Thoughts?

Bill

client_socket bogosity...

[Bill Stoddard]

One Nov. 12, Ryan committed a patch creating the create_conn hook. The idea was to move
the client_socket out of the conn_rec presumably to make available only to the core_in 
and
core_out filters.  However, I just found a backdoor...

In core_create_conn() the socket is saved away thusly:
ap_set_module_config(net-c-conn_config, core_module, csd);

And whoever needs to access the socket does this:
apr_socket_t *csd = ap_get_module_config(f-c-conn_config, core_module);

So the goal of hiding the socket is completely blown.  The Nov. 11 change added a lot 
of
complexity to the server (hard to read/understand code) in pursuit of a goal that is 
then
immediately circumvented by the ap_get|set_module_config. So we made the server more
complex for no reason.

I am on the verge of vetoing the Nov. 12 patch in favor of moving the client_socket 
back
into the con_rec.

Comments?

Bill

RE: client_socket bogosity...

[Ryan Bloom]

 One Nov. 12, Ryan committed a patch creating the create_conn hook. The
 idea was to move
 the client_socket out of the conn_rec presumably to make available
only to
 the core_in and
 core_out filters.  However, I just found a backdoor...
 
 In core_create_conn() the socket is saved away thusly:
 ap_set_module_config(net-c-conn_config, core_module, csd);
 
 And whoever needs to access the socket does this:
 apr_socket_t *csd = ap_get_module_config(f-c-conn_config,
core_module);

That hack was added because the proxy does the completely wrong thing
with regard to handing sockets.  In order to finish the Nov. 12 patch, I
need to rip a lot of logic out of the proxy and re-implement, which I
haven't had time to do recently.  The only other module that should use
the get_module_config hack is the perchild module, which is also doing
to completely wrong thing with regard to sockets, but I haven't had time
to fix that one either.


 So the goal of hiding the socket is completely blown.  The Nov. 11
change
 added a lot of
 complexity to the server (hard to read/understand code) in pursuit of
a
 goal that is then
 immediately circumvented by the ap_get|set_module_config. So we made
the
 server more
 complex for no reason.

It actually isn't blown.  Try writing a module that implements a non TCP
socket, and it will work as long as you don't use the proxy or the
perchild module.  As proof, look at the fact that the Unix MPMs have
been using that mechanism to handle the pipe_of_death.  This allowed me
to remove the ugly hacks at the beginning of the accept loop, which
checked for the POD.

Also, a big portion of the Nov 12 patch was to consolidate the accept
functions for Unix and BeOS, which has meant far less duplicated code in
the server.

 I am on the verge of vetoing the Nov. 12 patch in favor of moving the
 client_socket back
 into the con_rec.
 
 Comments?

Please don't let two mis-behaved modules color your judgment on this.
Both proxy and perchild must be re-written if they are going to be
clean, and once that is done the stupid set_module_config can be
removed.  In fact, the server ran for over a day without the
set_module_config, but that broke the proxy, so I added the hack to
allow the proxy to continue to work, while I worked to solve the
underlying problem.  Unfortunately, work and some extracurricular
activities have stopped me from contributing much code recently.
Hopefully, I will have time to code again soon.

Ryan

Apache-1.3.23: [warn] module is already added, skipping

[Martin Kraemer]

Hi everyone,

Since changing to 1.3.23, I observe the following warnings
in the error log:

[Fri Jan 25 15:29:47 2002] [warn] module mod_dir.c is already added, skipping
[Fri Jan 25 15:29:47 2002] [warn] module mod_cgi.c is already added, skipping
[Fri Jan 25 15:29:47 2002] [warn] module mod_asis.c is already added, skipping

In my config file, I use

--httpd.conf--
  ...
  # Read the list of loadable modules from the configuration file dso.conf
  Include conf/dso.conf
  ...
--httpd.conf--

which includes an automatically generated dso.conf (by an AWK
script which reorders LoadModule and AddModule so that
maintenance becomes much easier -- you can easily comment
or uncomment an optional module):

--dso.conf--
ClearModuleList

# Built-in so Module:  (this module must be added first!)
AddModule mod_so.c

# MicrosoftFree Friday
#LoadModule msff_module libexec/mod_msff.so
#AddModule mod_msff.c

# Dynamically loaded mmap_static Module:
LoadModule mmap_static_module libexec/mod_mmap_static.so
AddModule mod_mmap_static.c

# Dynamically loaded vhost_alias Module:
LoadModule vhost_alias_module libexec/mod_vhost_alias.so
AddModule mod_vhost_alias.c

...etc...
--dso.conf--


None of these directives is present more than once (only empty
lines and empty comments occur more than once):
--sh--
% sort dso.conf | uniq -d

#
--sh--

Actually, I can also inline these shuffled module lines, and I get
the same warnings.

IMHO the double check code is coded incorrectly.

  Martin
-- 
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

[Apache-1.3]: Why is ScriptLog context only server config?

[Martin Kraemer]

Was there a reasoning behind the fact that the ScriptLog* directives
can only be set in the global scope? I cannot, for instance, say:

  Alias /cgi-bin /usr/local/apache/cgi-bin
  Alias /cgi-dbg /usr/local/apache/cgi-bin

  Location /cgi-dbg
ScriptLog /tmp/cgi-dbg.log
...

to enable debugging only for certain requests, and not for the 99% others.
Or think of Directory .../cgi-bin and Files debug*.

   Martin
-- 
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Apache-1.3: ftp proxy woes

[Martin Kraemer]

I am currently working on modifying the FTP proxy. Several things
do not work correctly:

* the proxy goes into TYPE I pretty quickly. However, binary transfers
  are inappropriate for directory listings, especially when you connect
  to an EBCDIC machine :-O
  IMO, TYPE I should be sent directly before trying RETR, and should
  be set back to TYPE A again when RETR failed and we are getting a
  LISTing instead. See RFC959.
  Also, the suffix ;type=[aid] could be extended to allow for ;type=e
  for forced EBCDIC transfer ;-)  Not that I know a client which uses it.

* The code path thru the proxy_ftp_handler is rather convoluted. My rewrite
  funnels each return() thru a common function which cleans up, closing
  BUFFs or sockets where needed. The current code has MANY returns which
  do not clean up properly. This led to my Apache server running out of
  children after a while (because each child kept an open FTP connection
  to the ftp server). Apachectl restart saved the day ;-)

* the so called %2F hack, which would allow a user of the proxy to
  selectively start with either her home dir (ftp://user@host/) or
  with the root dir of the system (by using ftp://user@host/%2f/)
  is implemented in squid. Wouldn't it be nice to have it in our proxy
  too?

* Speaking of %2f: Apache's verification checks for path components
  are not executed for the ftp proxy, it uses its own url encoding
  and decoding, and many security checks are missing there. You can
  go get ftp://user@host/%2fetc%2fpasswd or even
  ftp://user@host/%2fetc%2fdefaults%2f%2e%2e%2fgroup
  without any complaints by the proxy.

   Martin
-- 
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

[Apache-1.3]: URL-Escaping

[Martin Kraemer]

Hi again,

ap_os_escape_path() and its wrapper macro ap_escape_uri() fail to
escape a literal '%' in a path. I may be wrong, but IMHO a directory
called %dir should be url-encoded as:
  a href=%25dir/%dir/a

Or am I wrong? If I am right, then either a new T_ class must be defined in
gen_test_char, or
while ((c = *s)) {
if (TEST_CHAR(c, T_OS_ESCAPE_PATH)) {
d = c2x(c, d);
}
else {
*d++ = c;
}
should be using
if (c == '%' || TEST_CHAR(c, T_OS_ESCAPE_PATH)) {
instead.

Protocol gurus? Anyone?

   Martin
-- 
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Re: [Apache-1.3]: URL-Escaping

[Martin Kraemer]

On Fri, Jan 25, 2002 at 05:38:50PM +0100, Kraemer, Martin wrote:
 
 Or am I wrong? If I am right, then either a new T_ class must be defined in
 gen_test_char, or

Uh. I *AM* wrong.  T_OS_ESCAPE_PATH should cause a '%' to be escaped.
I must have been blind when I tried it.

   Martin
-- 
[EMAIL PROTECTED] | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Re: mod_negotiation/dir subrequest problem [was: Tagging .31 soon]

[Greg Ames]

William A. Rowe, Jr. wrote:

 
  * it looks like we might be triggering some 1.3 negotiation behavior, where any
  extention under the sun is a match.  We use MultiviewsMatch Handlers, so .asis
  and .cgi extentions do not need to be specified in the URI.
 
 Of course.  This is as-desired, no?

ooops, I wasn't clear.  We want extensions specified by AddLanguage to match,
and (since I code MultiviewsMatch Handlers) extentions specified by AddHandler. 
I think that's all the extensions we want to match implicitly.

But looking at that backtrace, it looks like mod_negotiation might be thinking
that .1, .3, etc are interesting extensions, which is what 1.3 would do, and
therefore thinking that v3.1 from URI might match v3.1.1 it found by reading the
builds/jakarta-tomcat/release/ directory.

Greg

Re: Tagging .31 soon

[Greg Ames]

William A. Rowe, Jr. wrote:

   I don't remember seeing a fix for the recursive subrequest loops involving
   mod_negotiation.  Did I miss it?
 
 Ok... this is the last priority issue I've put on my own plate prior to
 another beta release.  The other three issues seem closed.
 
 I'll fight on tommorow.  Hoping you are around, Greg, if I come up with
 any experimental solutions to try.

yep...I'm here.  My guess is that we can recreate this at will with .30 and the
right URLs.  I'm going to update my log replay input files to include the URLs
from the 4 coredumps, plus something like
http://www.apache.org/index/bogus_dir/bogus_file which has caused problems
before.  

Greg

RE: client_socket bogosity...

[Allan Edwards]

 Please don't let two mis-behaved modules color your judgment on this.
 Both proxy and perchild must be re-written if they are going to be
 clean, and once that is done the stupid set_module_config can be
 removed.  In fact, the server ran for over a day without the
 set_module_config, but that broke the proxy, so I added the hack to
 allow the proxy to continue to work, while I worked to solve the
 underlying problem.  

mmm... I'd be interested to know what the solution is for 
net_time_filter since it is using the ap_get_module_config 
hack also.

Allan

RE: client_socket bogosity...

[Ryan Bloom]

  Please don't let two mis-behaved modules color your judgment on
this.
  Both proxy and perchild must be re-written if they are going to be
  clean, and once that is done the stupid set_module_config can be
  removed.  In fact, the server ran for over a day without the
  set_module_config, but that broke the proxy, so I added the hack to
  allow the proxy to continue to work, while I worked to solve the
  underlying problem.
 
 mmm... I'd be interested to know what the solution is for
 net_time_filter since it is using the ap_get_module_config
 hack also.

The real solution is to pass the core_net_rec structure to the NET_TIME
filter as user-data for the filter, the same way we do for CORE_IN and
CORE_OUT.

Ryan

RE: client_socket bogosity...

[Allan Edwards]

 The real solution is to pass the core_net_rec structure to the NET_TIME
 filter as user-data for the filter, the same way we do for CORE_IN and
 CORE_OUT.

But you'll have to play some sort of trick to do that since the
NET_TIME filter is added from the create_request hook which does
not know about core_net_rec, only core_create_conn knows about that.
I suppose some core specific magic could be played but that would 
prevent any other module from running it's own net_time hook.

Allan  

RE: client_socket bogosity...

[Allan Edwards]

 prevent any other module from running it's own net_time hook.

I meant net_time filter...

CVS code on 1/25/02 | problem: segfault on startup

[David Ford]

This is my first foray into apache 2.0 land so I'm not familiar with things.

I built glibc 2.2.5 and apache broke.  I rebuilt apache and it still 
broke :)

(gdb) bt
#0  apr_palloc (pool=0x813e720, size=24) at apr_pools.c:438
#1  0x4003524f in apr_array_make (p=0x813e720, nelts=30, elt_size=20) at 
apr_tables.c:120
#2  0x08070e66 in parse_log_string (p=0x813e720, s=0x80c84e5 %h %l %u 
%t \%r\ %s %b, err=0xb4a8)
at mod_log_config.c:712
#3  0x08071738 in open_multi_logs (s=0x80fd0e0, p=0x813e720) at 
mod_log_config.c:1097
#4  0x0807176a in init_config_log (pc=0x80f6600, p=0x813e720, 
pt=0x8140728, s=0x80fd0e0) at mod_log_config.c:1174
#5  0x080aa5bf in ap_run_open_logs (pconf=0x80f6600, plog=0x813e720, 
ptemp=0x8140728, s=0x80fd0e0) at config.c:179
#6  0x080ae580 in main (argc=1, argv=0xb5d4) at main.c:446

(gdb) up
#1  0x4003524f in apr_array_make (p=0x813e720, nelts=30, elt_size=20) at 
apr_tables.c:120
120 res = (apr_array_header_t *) apr_palloc(p, 
sizeof(apr_array_header_t));
(gdb) l
115 APR_DECLARE(apr_array_header_t *) apr_array_make(apr_pool_t *p,
116 int nelts, int 
elt_size)
117 {
118 apr_array_header_t *res;
119
120 res = (apr_array_header_t *) apr_palloc(p, 
sizeof(apr_array_header_t));
121 make_array_core(res, p, nelts, elt_size, 1);
122 return res;
123 }
124

(gdb) p p
$4 = (apr_pool_t *) 0x813e720
(gdb) p *p
$5 = {parent = 0x80f45f8, child = 0x0, sibling = 0x813e848, ref = 0x5, 
cleanups = 0x813e7f0, subprocesses = 0x0, abort_fn = 0,
  user_data = 0x0, tag = 0x0, allocator = 0x2, active = 0x, self 
= 0x813e710,
  self_first_avail = 0x813e758 /usr/local/apache2/logs/error_log}

Any suggestions?

David

Re: Apache-1.3: ftp proxy woes

[Chuck Murcko]

Fantastic. FTP proxy has been funky for some time now (but was working 
if hobbling in 1.3.23 drop). When I do connect in the BillR way that 
might wrap up the thing mostly.

Chuck

On Friday, January 25, 2002, at 11:33 AM, Martin Kraemer wrote:

 I am currently working on modifying the FTP proxy. Several things
 do not work correctly:

 * the proxy goes into TYPE I pretty quickly. However, binary transfers
   are inappropriate for directory listings, especially when you connect
   to an EBCDIC machine :-O
   IMO, TYPE I should be sent directly before trying RETR, and should
   be set back to TYPE A again when RETR failed and we are getting a
   LISTing instead. See RFC959.
   Also, the suffix ;type=[aid] could be extended to allow for 
 ;type=e
   for forced EBCDIC transfer ;-)  Not that I know a client which uses 
 it.

 * The code path thru the proxy_ftp_handler is rather convoluted. My 
 rewrite
   funnels each return() thru a common function which cleans up, closing
   BUFFs or sockets where needed. The current code has MANY returns which
   do not clean up properly. This led to my Apache server running out of
   children after a while (because each child kept an open FTP connection
   to the ftp server). Apachectl restart saved the day ;-)

 * the so called %2F hack, which would allow a user of the proxy to
   selectively start with either her home dir (ftp://user@host/) or
   with the root dir of the system (by using ftp://user@host/%2f/)
   is implemented in squid. Wouldn't it be nice to have it in our proxy
   too?

 * Speaking of %2f: Apache's verification checks for path components
   are not executed for the ftp proxy, it uses its own url encoding
   and decoding, and many security checks are missing there. You can
   go get ftp://user@host/%2fetc%2fpasswd or even
   ftp://user@host/%2fetc%2fdefaults%2f%2e%2e%2fgroup
   without any complaints by the proxy.

RE: client_socket bogosity...

[Ryan Bloom]

 
  The real solution is to pass the core_net_rec structure to the
NET_TIME
  filter as user-data for the filter, the same way we do for CORE_IN
and
  CORE_OUT.
 
 But you'll have to play some sort of trick to do that since the
 NET_TIME filter is added from the create_request hook which does
 not know about core_net_rec, only core_create_conn knows about that.
 I suppose some core specific magic could be played but that would
 prevent any other module from running it's own net_time hook.

This is why I didn't do this originally, but it wouldn't be hard to add.
As long as it's just the core that knows about the core_net_rec, we are
okay.  I just ran out of time while doing the implementation.

Ryan

RE: client_socket bogosity...

[Ryan Bloom]

 On Fri, Jan 25, 2002 at 02:01:26PM -0800, Ryan Bloom wrote:
Please don't let two mis-behaved modules color your judgment on
  this.
Both proxy and perchild must be re-written if they are going to
be
clean, and once that is done the stupid set_module_config can be
removed.  In fact, the server ran for over a day without the
set_module_config, but that broke the proxy, so I added the hack
to
allow the proxy to continue to work, while I worked to solve the
underlying problem.
  
   mmm... I'd be interested to know what the solution is for
   net_time_filter since it is using the ap_get_module_config
   hack also.
 
  The real solution is to pass the core_net_rec structure to the
NET_TIME
  filter as user-data for the filter, the same way we do for CORE_IN
and
  CORE_OUT.
 
 You're kidding, right? The core_net_rec is private to the core. You
can't
 just start passing that around the server. That just breaks the
 abstraction
 that you've worked so hard to implement.
 
 No... something else needs to be figured out [for the
net_time_filter].

But the net_time_filter is implemented by the core.  If we really want
to abstract this more, we can create a function that, given a conn_rec
can set a timeout on the socket.  I think I see how that can be done.
Or, we can actually create a net_module, that has a spot in the
c-conf_vector that is the net_rec.  That module can implement the logic
to set a timeout on a connection.  Which is really what we want, to be
able to set a timeout on a connection, not on a socket.

Ryan

Re: client_socket bogosity...

[Bill Stoddard]

The create_connection hook has a fatal design flaw. create_conn is run before
ap_update_vhost_given_ip(), which means that it is impossible to install input and 
output
filters based on vhost info.

I want to install SSL_IN and SSL_OUT filters if the request is coming in to a 
vhost/port
enabled for SSL and that can't be done with the create_connection hook.

Bill

  One Nov. 12, Ryan committed a patch creating the create_conn hook. The
  idea was to move
  the client_socket out of the conn_rec presumably to make available
 only to
  the core_in and
  core_out filters.  However, I just found a backdoor...
 
  In core_create_conn() the socket is saved away thusly:
  ap_set_module_config(net-c-conn_config, core_module, csd);
 
  And whoever needs to access the socket does this:
  apr_socket_t *csd = ap_get_module_config(f-c-conn_config,
 core_module);

 That hack was added because the proxy does the completely wrong thing
 with regard to handing sockets.  In order to finish the Nov. 12 patch, I
 need to rip a lot of logic out of the proxy and re-implement, which I
 haven't had time to do recently.  The only other module that should use
 the get_module_config hack is the perchild module, which is also doing
 to completely wrong thing with regard to sockets, but I haven't had time
 to fix that one either.


  So the goal of hiding the socket is completely blown.  The Nov. 11
 change
  added a lot of
  complexity to the server (hard to read/understand code) in pursuit of
 a
  goal that is then
  immediately circumvented by the ap_get|set_module_config. So we made
 the
  server more
  complex for no reason.

 It actually isn't blown.  Try writing a module that implements a non TCP
 socket, and it will work as long as you don't use the proxy or the
 perchild module.  As proof, look at the fact that the Unix MPMs have
 been using that mechanism to handle the pipe_of_death.  This allowed me
 to remove the ugly hacks at the beginning of the accept loop, which
 checked for the POD.

 Also, a big portion of the Nov 12 patch was to consolidate the accept
 functions for Unix and BeOS, which has meant far less duplicated code in
 the server.

  I am on the verge of vetoing the Nov. 12 patch in favor of moving the
  client_socket back
  into the con_rec.
 
  Comments?

 Please don't let two mis-behaved modules color your judgment on this.
 Both proxy and perchild must be re-written if they are going to be
 clean, and once that is done the stupid set_module_config can be
 removed.  In fact, the server ran for over a day without the
 set_module_config, but that broke the proxy, so I added the hack to
 allow the proxy to continue to work, while I worked to solve the
 underlying problem.  Unfortunately, work and some extracurricular
 activities have stopped me from contributing much code recently.
 Hopefully, I will have time to code again soon.

 Ryan

Re: client_socket bogosity...

[Ian Holsman]

Bill Stoddard wrote:
 The create_connection hook has a fatal design flaw. create_conn is run before
 ap_update_vhost_given_ip(), which means that it is impossible to install input and 
output
 filters based on vhost info.
 
 I want to install SSL_IN and SSL_OUT filters if the request is coming in to a 
vhost/port
 enabled for SSL and that can't be done with the create_connection hook.
 
 Bill
 

On that point.
I don't think there is any way of inserting a proxy specifc filter 
either, as their is now way for the hook to know what kind of request
is the connection is for.

 
One Nov. 12, Ryan committed a patch creating the create_conn hook. The
idea was to move
the client_socket out of the conn_rec presumably to make available

only to

the core_in and
core_out filters.  However, I just found a backdoor...

In core_create_conn() the socket is saved away thusly:
ap_set_module_config(net-c-conn_config, core_module, csd);

And whoever needs to access the socket does this:
apr_socket_t *csd = ap_get_module_config(f-c-conn_config,

core_module);

That hack was added because the proxy does the completely wrong thing
with regard to handing sockets.  In order to finish the Nov. 12 patch, I
need to rip a lot of logic out of the proxy and re-implement, which I
haven't had time to do recently.  The only other module that should use
the get_module_config hack is the perchild module, which is also doing
to completely wrong thing with regard to sockets, but I haven't had time
to fix that one either.



So the goal of hiding the socket is completely blown.  The Nov. 11

change

added a lot of
complexity to the server (hard to read/understand code) in pursuit of

a

goal that is then
immediately circumvented by the ap_get|set_module_config. So we made

the

server more
complex for no reason.

It actually isn't blown.  Try writing a module that implements a non TCP
socket, and it will work as long as you don't use the proxy or the
perchild module.  As proof, look at the fact that the Unix MPMs have
been using that mechanism to handle the pipe_of_death.  This allowed me
to remove the ugly hacks at the beginning of the accept loop, which
checked for the POD.

Also, a big portion of the Nov 12 patch was to consolidate the accept
functions for Unix and BeOS, which has meant far less duplicated code in
the server.


I am on the verge of vetoing the Nov. 12 patch in favor of moving the
client_socket back
into the con_rec.

Comments?

Please don't let two mis-behaved modules color your judgment on this.
Both proxy and perchild must be re-written if they are going to be
clean, and once that is done the stupid set_module_config can be
removed.  In fact, the server ran for over a day without the
set_module_config, but that broke the proxy, so I added the hack to
allow the proxy to continue to work, while I worked to solve the
underlying problem.  Unfortunately, work and some extracurricular
activities have stopped me from contributing much code recently.
Hopefully, I will have time to code again soon.

Ryan



 
 

Re: client_socket bogosity...

[Bill Stoddard]

 The create_connection hook has a fatal design flaw. create_conn is run before
 ap_update_vhost_given_ip(), which means that it is impossible to install input and
output
 filters based on vhost info.

More concisely, it is now impossible to install filters in place of CORE_IN and 
CORE_OUT
based on vhost config.

Bill