Re: mod_cache with Cache-Control no-cache= or private=

2013-03-06 Thread Yann Ylavic
Hi, On Mon, Mar 4, 2013 at 7:22 PM, ylavic dev ylavic@gmail.com wrote: I've been working on a patch for mod_cache to deal (fully) with the response header Cache-Control and the no-cache=header or private=header directives. I realize that, maybe, the patch should have been included in the

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-11 Thread Yann Ylavic
On Sun, Mar 10, 2013 at 1:55 AM, Graham Leggett minf...@sharp.fm wrote: On 04 Mar 2013, at 8:22 PM, ylavic dev ylavic@gmail.com wrote: For what I understand, mod_cache is allowed to serve its cached entity (though without the specified header(s)). I read this through again, this time

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-13 Thread Yann Ylavic
Here is the patch that strips the no-cache= or private= specified headers after the origin server's validation, leaving the only headers updated by the origin. Regards, Yann. Index: modules/cache/cache_storage.c === ---

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-13 Thread Yann Ylavic
On Wed, Mar 13, 2013 at 6:20 PM, Graham Leggett minf...@sharp.fm wrote: On 11 Mar 2013, at 12:50 PM, Yann Ylavic ylavic@gmail.com wrote: The way I read the spec, the specified field-name(s) MUST NOT be sent in the response to a subsequent request without successful revalidation

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-13 Thread Yann Ylavic
On Wed, Mar 13, 2013 at 6:30 PM, Graham Leggett minf...@sharp.fm wrote: On 13 Mar 2013, at 7:27 PM, Yann Ylavic ylavic@gmail.com wrote: How would the origin invalidate a Set-Cookie, with an empty one ? I would imagine with a 200 OK. Roy would be able to confirm. Well, I can't see

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-13 Thread Yann Ylavic
On Wed, Mar 13, 2013 at 6:35 PM, Tom Evans tevans...@googlemail.com wrote: On Wed, Mar 13, 2013 at 5:27 PM, Yann Ylavic ylavic@gmail.com wrote: How would the origin invalidate a Set-Cookie, with an empty one ? Regards, Yann. Set it again, with an in the past expiry date. Well, that's

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-13 Thread Yann Ylavic
On Wed, Mar 13, 2013 at 9:28 PM, Tim Bannister is...@jellybaby.net wrote: Is this the situation you're worried about: ClientA: GET /foo HTTP/1.1 ReverseProxy: GET /foo HTTP/1.1 Origin: HTTP/1.1 200 OK Origin: Set-Cookie: data=AA Origin: Cache-Control: private=Set-Cookie ReverseProxy:

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
On Mon, Mar 25, 2013 at 11:58 PM, Roy T. Fielding field...@gbiv.com wrote: On Mar 13, 2013, at 10:20 AM, Graham Leggett wrote: I don't read it that way from the spec, I think it all comes down to the phrase without successful revalidation with the origin server. I read it as without

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
I have already created the bugzilla issue #54706 nearly 2 weeks ago, about mod_cache that may serve cached private= or no-cache= response headers. Should I link something discussion from here or the patch to this issue ? Regards, Yann.

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
On Wed, Mar 27, 2013 at 5:44 PM, Graham Leggett minf...@sharp.fm wrote: Been snowed under and haven't had a chance to look at this in detail, but one quick thing - we would definitely want to be able to backport this to v2.4 so as to get it into people's hands, and to do that, we cannot

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
In fact this patch is probably better since it does not change h-resp_hdrs before calling cache_accept_headers() which uses them. Regars, Yann. Index: modules/cache/cache_util.c === --- modules/cache/cache_util.c (revision 1461557)

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
Sorry for my precipitation, the Content-Type is stripped from the validated (stale) headers with the previous patch, we have to do a copy like below. Regards, Yann. Index: modules/cache/cache_util.c === ---

Re: mod_cache with Cache-Control no-cache= or private=

2013-03-27 Thread Yann Ylavic
The latest patch is attached to bugzilla #54706. Regards, Yann.

Re: svn commit: r1480058 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_ftp.c modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c

2013-05-17 Thread Yann Ylavic
Sorry to interfere in the debate with a non-RFC argument but there may be aftermath by changing a long standing mod_proxy 502 error for almost any non-recoverable problem with the upstream server. On Wed, May 8, 2013 at 10:06 AM, Graham Leggett minf...@sharp.fm wrote: Arbitrarily changing a 502

Re: svn commit: r1482522 - in /httpd/httpd/trunk: ./ docs/log-message-tags/ include/ modules/dav/main/ modules/generators/ modules/http/ modules/proxy/ server/

2013-05-17 Thread Yann Ylavic
I am currently working in frontporting some patches I use for a while in the 2.2.x branch and I'd like to propose for trunk (at least, my goal is to upgrade to 2.4 of course). The reason I talk about this in this thread is that 2 of these patches may collide with your current work/review on

Re: svn commit: r1482522 - in /httpd/httpd/trunk: ./ docs/log-message-tags/ include/ modules/dav/main/ modules/generators/ modules/http/ modules/proxy/ server/

2013-05-19 Thread Yann Ylavic
Here are the 3 patches attached as files (without spurious line breakage). Regards, Yann. On Fri, May 17, 2013 at 7:27 PM, Yann Ylavic ylavic@gmail.com wrote: I am currently working in frontporting some patches I use for a while in the 2.2.x branch and I'd like to propose for trunk

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
On 05/14/2013 08:58 PM, minf...@apache.org wrote: Author: minfrin Date: Tue May 21 16:10:02 2013 New Revision: 1484852 URL: http://svn.apache.org/r1484852 Log: core: Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
]; +ap_xlate_proto_from_ascii(c, 1); } +if (c != LF) { +/* [CR]LF expected! */ +return APR_EGENERAL; +} +ctx-state = BODY_CHUNK; i++; continue; } Regards, Yann. On Wed, May 22, 2013 at 1:06 PM, Yann Ylavic

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
Sorry, linelimit is an int and compared to an int. Only i should be a size_t... Index: modules/http/http_filters.c === --- modules/http/http_filters.c(revision 1485126) +++ modules/http/http_filters.c(working copy) @@ -91,7

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
, at 1:06 PM, Yann Ylavic ylavic@gmail.com wrote: On 05/14/2013 08:58 PM, minf...@apache.org wrote: Author: minfrin Date: Tue May 21 16:10:02 2013 New Revision: 1484852 URL: http://svn.apache.org/r1484852 Log: core: Remove apr_brigade_flatten(), buffering and duplicated code from

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
On Wed, May 22, 2013 at 2:07 PM, Graham Leggett minf...@sharp.fm wrote: On 22 May 2013, at 1:48 PM, Yann Ylavic ylavic@gmail.com wrote: I am not saying that the filter should not tolerate LF only as sperator, but that after the chunk (ie. in the BODY_CHUNK_END state) it should only

Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

2013-05-22 Thread Yann Ylavic
On Wed, May 22, 2013 at 3:04 PM, Graham Leggett minf...@sharp.fm wrote: All line lengths including the one you're referring to are constrained by LimitRequestFieldSize, so to say that the protocol is unconstrained is false. Indeed I am wrong about the absence of constraint, which is not

Re: svn commit: r1524161 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number modules/http/http_filters.c server/protocol.c

2013-09-17 Thread Yann Ylavic
On Tue, Sep 17, 2013 at 10:42 PM, Yann Ylavic ylavic@gmail.com wrote: On Tue, Sep 17, 2013 at 9:34 PM, Jim Jagielski j...@jagunet.com wrote: Ahh... So none of this is really needed then. At least, it should be reverted. Well, as I understand the new rfc, the old code is broken too

ProxySourceAddress leak

2013-09-25 Thread Yann Ylavic
Hi devs, I suspect a memory leak in the following code/patch related to ProxySourceAddress. Since the local_addr is associated with the socket, it should have the same pool (lifetime), which is conn-scpool and not conn-pool. The less the socket is reused

Re: Increasing mod_ssl's minimum required OpenSSL version for trunk/2.4.x to 0.9.8a

2013-09-25 Thread Yann Ylavic
On Wed, Sep 25, 2013 at 1:03 PM, Plüm, Rüdiger, Vodafone Group ruediger.pl...@vodafone.com wrote: This was less a question to you then to other especially older guys here, such that we don't miss anything here :-). Do you mean guys v0.9.8 ? :p Regards

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-01 Thread Yann Ylavic
Hi devs, I was about to propose the following patch to allow mod_proxy_http to flush all data received from the client to the backend immediatly (as it does already for response data), based on the env proxy-flushall. It should address this issue, and in the same time allow protocols like MS

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-01 Thread Yann Ylavic
On Tue, Oct 1, 2013 at 3:39 PM, Yann Ylavic ylavic@gmail.com wrote: It should address this issue, and in the same time allow protocols like MS RPC-over-HTTP to work with : SetEnvIf Request_Method ^RPC_IN_DATA proxy-flushall See PR40029 for RPC-over-HTTP debate, it was finally

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-01 Thread Yann Ylavic
On Tue, Oct 1, 2013 at 4:53 PM, Micha Lenk mi...@lenk.info wrote: As far as I understand the issue, the main point of prefetch was to fix CVE-2005-2088, a HTTP Request Smuggling attack (see also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088). This is discussed in PR40029 and is

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
On Wed, Oct 2, 2013 at 9:40 AM, Thomas Eckert thomas.r.w.eck...@gmail.comwrote: Yann, although I do expect it to solve the issue discussed here, I don't think simply flushing everything instantly is the right way to go. For example, how do the proposed changes work with modules which scan

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
A late (little) fix below... On Thu, Oct 3, 2013 at 12:14 AM, Yann Ylavic ylavic@gmail.com wrote: Index: modules/proxy/proxy_util.c === --- modules/proxy/proxy_util.c(revision 1528615) +++ modules/proxy/proxy_util.c

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
at 12:38 AM, Yann Ylavic ylavic@gmail.com wrote: A late (little) fix below... On Thu, Oct 3, 2013 at 12:14 AM, Yann Ylavic ylavic@gmail.com wrote: Index: modules/proxy/proxy_util.c === --- modules/proxy/proxy_util.c

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-03 Thread Yann Ylavic
Having a look at MPM event's doc ( http://httpd.apache.org/docs/current/mod/event.html#asyncrequestworkerfactor), I found this : [...] if all workers are busy, [mpm_event] will close connections in keep-alive state even if the keep-alive timeout has not expired . On Fri, Aug 2, 2013 at 2:33

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-03 Thread Yann Ylavic
Hi Micha, On Thu, Oct 3, 2013 at 2:07 PM, Micha Lenk mi...@lenk.info wrote: Independent from how the HRS issue (CVE-2005-2088) was fixed at that time, I still believe that it is a bad idea in terms of security to flush the buffer and forward its content to the backend before the *whole*

Dependencies on include files

2013-10-04 Thread Yann Ylavic
Helo, on my linux box, latest trunk, when I touch/modify an include file (touch server/*.h modules/*/*.h), the concerned .c do not recompile with make (exports and httpd binary are rebuilt, but no .c recompiled). I first though it was my autotools broken (automake-1.11.1-1+squeeze1,

Re: Dependencies on include files

2013-10-04 Thread Yann Ylavic
Forgot to say, touch srclib/apr/include/apr_poll.h will cause apr related .c to recompile, but still not httpd dependant things. On Fri, Oct 4, 2013 at 3:58 PM, Yann Ylavic ylavic@gmail.com wrote: Helo, on my linux box, latest trunk, when I touch/modify an include file (touch server/*.h

Re: Dependencies on include files

2013-10-04 Thread Yann Ylavic
On Fri, Oct 4, 2013 at 3:58 PM, Yann Ylavic ylavic@gmail.com wrote: You never know, one can reproduce ? If one can *not* reproduce I'm interested too... Regards, Yann.

Re: Dependencies on include files

2013-10-04 Thread Yann Ylavic
On Fri, Oct 4, 2013 at 4:37 PM, Eric Covener cove...@gmail.com wrote: On Fri, Oct 4, 2013 at 10:28 AM, Yann Ylavic ylavic@gmail.com wrote: On Fri, Oct 4, 2013 at 3:58 PM, Yann Ylavic ylavic@gmail.com wrote: You never know, one can reproduce ? If one can *not* reproduce I'm

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-07 Thread Yann Ylavic
Sorry to insist about this issue but I don't see how the current mod_proxy_http's behaviour of connecting the backend (or checking established connection reusability) before prefetching the client's body is not a problem. Pre-fetching 16K (or waiting for input filters to provide these) is not

Re: svn commit: r1516930 - in /httpd/httpd/trunk: docs/manual/mod/mod_proxy.xml modules/proxy/mod_proxy.c modules/proxy/mod_proxy.h modules/proxy/mod_proxy_ajp.c modules/proxy/mod_proxy_http.c modules

2013-10-08 Thread Yann Ylavic
Hi, Some code in trunk still only check for ping_timeout_set without ping_timeout positive value to handle the heavy ping (CPING/Expect: 100-continue), see patch below. Regards, Yann. Index: modules/proxy/mod_proxy_ajp.c === ---

Re: svn commit: r1516930 - in /httpd/httpd/trunk: docs/manual/mod/mod_proxy.xml modules/proxy/mod_proxy.c modules/proxy/mod_proxy.h modules/proxy/mod_proxy_ajp.c modules/proxy/mod_proxy_http.c modules

2013-10-08 Thread Yann Ylavic
a new request when the heavy ping is off (light ping on)? For ap_proxy_create_hdrbrgd and ap_proxy_process_response, the 100 continue things have nothing to do with light ping only, have they? Regards. On Oct 8, 2013, at 11:53 AM, Yann Ylavic ylavic@gmail.com wrote: Hi, Some code

mod_proxy ping and r-expecting_100

2013-10-08 Thread Yann Ylavic
Helo, in the case where a ping is configured in a worker to check backend's connection (re)usability, ap_proxy_create_hdrbrgd will force r-expecting_100 (r1516930). As I understand it, r-expecting_100 relates to the client's connection, and is used by ap_http_filter to deal with client's

Re: mod_proxy ping and r-expecting_100

2013-10-08 Thread Yann Ylavic
On Tue, Oct 8, 2013 at 7:25 PM, Yann Ylavic ylavic@gmail.com wrote: Helo, in the case where a ping is configured in a worker to check backend's connection (re)usability, ap_proxy_create_hdrbrgd will force r-expecting_100 (r1516930). The original commit for is not r1516930 but r986090

Re: svn commit: r1516930 - in /httpd/httpd/trunk: docs/manual/mod/mod_proxy.xml modules/proxy/mod_proxy.c modules/proxy/mod_proxy.h modules/proxy/mod_proxy_ajp.c modules/proxy/mod_proxy_http.c modules

2013-10-08 Thread Yann Ylavic
(needlessly, IMHO) when light ping is configured and the connection is reused. Thank you for taking that into account. On Tue, Oct 8, 2013 at 8:52 PM, Jim Jagielski j...@jagunet.com wrote: OK, I gotcha now... Do you have a patch file? tia! On Oct 8, 2013, at 12:56 PM, Yann Ylavic ylavic

Re: mod_proxy ping and r-expecting_100

2013-10-09 Thread Yann Ylavic
On Tue, Oct 8, 2013 at 9:01 PM, Jim Jagielski j...@jagunet.com wrote: On Oct 8, 2013, at 1:25 PM, Yann Ylavic ylavic@gmail.com wrote: Helo, in the case where a ping is configured in a worker to check backend's connection (re)usability, ap_proxy_create_hdrbrgd will force r

Re: mod_proxy ping and r-expecting_100

2013-10-10 Thread Yann Ylavic
On Thu, Oct 10, 2013 at 1:10 AM, Yann Ylavic ylavic@gmail.com wrote: RFC2616 10.1 (above above) states that Proxies MUST forward 1xx responses [unless client's connection closed]. But with the current implementation, the client as nothing to Continue at that point, its whole body

Re: svn commit: r1524770 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c server/protocol.c

2013-10-10 Thread Yann Ylavic
@@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding + TE/CL conflicts. [Yann Ylavic ylavic.dev gmail com, Jim Jagielski] + *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard

ap_proxy_share_worker/balancer possible use of freed mem

2013-10-15 Thread Yann Ylavic
Helo, these functions may try to log malloc()ed worker/balancer's shared data freed just earlier. Yet, mod_proxy does not seem to set the ap_proxy_define_worker/balancer()'s do_malloc flag anywhere, so malloc()ed shared data should not occur. However that's allowed by the API... A possible

Re: mod_proxy ping and r-expecting_100

2013-10-15 Thread Yann Ylavic
the 100-continue expectation is supported./p hr addressApache Server at localhost Port 80/address /body/html With the patch proposed, it works as expected, regards. On Thu, Oct 10, 2013 at 1:10 AM, Yann Ylavic ylavic@gmail.com wrote: On Tue, Oct 8, 2013 at 9:01 PM, Jim Jagielski j

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 11:36 AM, Thomas Eckert thomas.r.w.eck...@gmail.com wrote: Hence, why cannot mod_proxy_http prefetch the client's body *before* trying anything with the backend connection, and only if it's all good, connect (or reuse a connection to) the backend and then start

Re: svn commit: r1533100 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 5:02 PM, j...@apache.org wrote: Author: jim Date: Thu Oct 17 15:02:04 2013 New Revision: 1533100 URL: http://svn.apache.org/r1533100 Log: ap_proxy_strncpy should correctly handle src being NULL. Actually, apr_cpystrn() should as well... Modified:

Re: svn commit: r1533087 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h mod_proxy_balancer.c proxy_util.c

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 6:21 PM, Jim Jagielski j...@jagunet.com wrote: This is uglier than creating a subpool... :) Possibly ;) but with the pool being destroyed then... Regards.

Re: svn commit: r1533087 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h mod_proxy_balancer.c proxy_util.c

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 6:25 PM, Yann Ylavic ylavic@gmail.com wrote: On Thu, Oct 17, 2013 at 6:21 PM, Jim Jagielski j...@jagunet.com wrote: This is uglier than creating a subpool... :) Possibly ;) but with the pool being destroyed then... Something like : PROXY_DECLARE(char

Re: svn commit: r1533100 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

2013-10-17 Thread Yann Ylavic
:33 AM, Yann Ylavic ylavic@gmail.com wrote: Maybe ap_proxy_strncpy() could aso have no slow path with this change : Index: modules/proxy/proxy_util.c === --- modules/proxy/proxy_util.c(revision 1533118) +++ modules

Re: svn commit: r1533100 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 6:43 PM, Yann Ylavic ylavic@gmail.com wrote: On Thu, Oct 17, 2013 at 6:19 PM, Jim Jagielski j...@jagunet.com wrote: Need to look, but at 1st blush it looks like an off-by-1 error there. When source length = dlen, apr_cpystrn() ensures dst[0:dlen - 1] == src[0

Re: svn commit: r1533100 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

2013-10-17 Thread Yann Ylavic
, then we're fine. So the check SHOULD be if ((thelen dlen-1) || !src[thelen]) { using dlen we could blow past the actual bounds of src. The above is safe since we know that src is at least thelen chars (since that's how many we've copied) On Oct 17, 2013, at 12:43 PM, Yann Ylavic ylavic

Re: svn commit: r1533087 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h mod_proxy_balancer.c proxy_util.c

2013-10-17 Thread Yann Ylavic
On Thu, Oct 17, 2013 at 4:10 PM, j...@apache.org wrote: Author: jim Date: Thu Oct 17 14:10:43 2013 New Revision: 1533087 @@ -2087,12 +2089,9 @@ PROXY_DECLARE(int) ap_proxy_acquire_conn (*conn)-close = 0; (*conn)-inreslist = 0; -if (worker-s-uds) { +if

Re: svn commit: r1533169 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

2013-10-18 Thread Yann Ylavic
On Fri, Oct 18, 2013 at 1:11 PM, Ruediger Pluem rpl...@apache.org wrote: j...@apache.org wrote: +if ((thelen dlen-1) || (src[thelen] == '\0') { Can't this be reduced to just if (src[thelen] == '\0') { ? Not if src and dlen are zero? IMHO the underflow (in the original code) should

Non-blocking read and input filters / ap_get_brigade callers

2013-10-18 Thread Yann Ylavic
Helo, while looking at builtin modules' use of ap_get_brigade(), it seems to me that some don't behave correctly with non-blocking calls which would block. I must say that the core filter's behaviour to return APR_SUCCESS with an empty brigade, which may be turned to APR_EAGAIN if

Re: Non-blocking read and input filters / ap_get_brigade callers

2013-10-19 Thread Yann Ylavic
On Sat, Oct 19, 2013 at 1:16 AM, Yann Ylavic ylavic@gmail.com wrote: If it breaks things, take a look at the second patch httpd-trunk-util_filter_wouldblock.patch (attached) +/* + * Was the previous call to : + * rv = ap_get_brigade(., bb, .., block, ..) + * a non-blocking read which

Re: svn commit: r1534015 - /httpd/httpd/trunk/server/main.c

2013-10-22 Thread Yann Ylavic
On Mon, Oct 21, 2013 at 2:30 AM, n...@apache.org wrote: Author: niq Date: Mon Oct 21 00:30:26 2013 New Revision: 1534015 URL: http://svn.apache.org/r1534015 Log: Fix r55670. Not a great idea to dereference process after pool destroy! Modified: httpd/httpd/trunk/server/main.c

Re: svn commit: r1534015 - /httpd/httpd/trunk/server/main.c

2013-10-23 Thread Yann Ylavic
On Wed, Oct 23, 2013 at 1:27 AM, William A. Rowe Jr. wmr...@gmail.comwrote: On Oct 22, 2013 5:14 PM, Yann Ylavic ylavic@gmail.com wrote: Shouldn't this be safe from terminal controls, eg : const char *name = process-short_name; if (!name || !*name || ap_has_cntrl(name

Re: stop copying footers to r-headers_in?

2013-10-23 Thread Yann Ylavic
Should I continue this way? Simply to propose patches? On Sat, Oct 19, 2013 at 4:13 PM, Eric Covener cove...@gmail.com wrote: Currently, when the body is consumed by a handler, a side effect is reading footers that might be present and copying them to r-headers_in. This presents a series of

Re: stop copying footers to r-headers_in?

2013-10-25 Thread Yann Ylavic
On Thu, Oct 24, 2013 at 7:42 PM, Eric Covener cove...@gmail.com wrote: On Wed, Oct 23, 2013 at 8:04 AM, Yann Ylavic ylavic@gmail.com wrote: 1) add r-footers_in and use it in 2.2 and up by default Do that mean no API/ABI change ? In the sense that it needs to be backportable, yes

Re: Exposing more loggable data from the proxy

2013-10-25 Thread Yann Ylavic
How about setting backend-r to r-backend (when applyable)? For now backend-r is pooled to backend's connection, and has a different lifetime than r but maybe it worth having it destroyed with r (setting things related to the origin's connection to NULL, when released, to avoid invalid

deflate_in_filter double ap_get_brigade() call

2013-10-25 Thread Yann Ylavic
Helo, The deflate_in_filter() (in trunk) currently does : rv = ap_get_brigade(f-next, ctx-bb, AP_MODE_READBYTES, block, 10); if (rv != APR_SUCCESS) { return rv; } /* zero length body? step aside */ bkt = APR_BRIGADE_FIRST(ctx-bb); if

Re: deflate_in_filter double ap_get_brigade() call

2013-10-25 Thread Yann Ylavic
On Fri, Oct 25, 2013 at 4:38 PM, Yann Ylavic ylavic@gmail.com wrote: The deflate_in_filter() (in trunk) currently does : Same in 2.4.x.

Re: stop copying footers to r-headers_in?

2013-10-27 Thread Yann Ylavic
On Mon, Oct 28, 2013 at 2:23 AM, Eric Covener cove...@gmail.com wrote: On Tue, Oct 22, 2013 at 2:18 PM, Yann Ylavic ylavic@gmail.com wrote: -AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) +struct ap_mime_headers_ctx_t { +int fields_read

Re: stop copying footers to r-headers_in?

2013-10-28 Thread Yann Ylavic
The declaration of ap_get_mime_headers_from() is falsy in the previous patch, you should read instead : +AP_DECLARE(apr_status_t) +ap_get_mime_headers_from(request_rec *r, apr_bucket_brigade *bb, + ap_filter_t *from, apr_read_type_e block, +

Re: http_filter.c r1524770 open issue?

2013-11-13 Thread Yann Ylavic
On Wed, Nov 13, 2013 at 8:25 AM, William A. Rowe Jr. wr...@rowe-clan.netwrote: Looking at the (f-r-proxyreq == PROXYREQ_RESPONSE) code path, the comments note; * http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23 * Section 3.3.3.3: If a Transfer-Encoding header field is *

Re: http_filter.c r1524770 open issue?

2013-11-13 Thread Yann Ylavic
On Wed, Nov 13, 2013 at 5:16 PM, William A. Rowe Jr. wmr...@gmail.comwrote: On Nov 13, 2013 8:22 AM, Yann Ylavic ylavic@gmail.com wrote: On Wed, Nov 13, 2013 at 8:25 AM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Looking at the (f-r-proxyreq == PROXYREQ_RESPONSE) code path

Re: http_filter.c r1524770 open issue?

2013-11-13 Thread Yann Ylavic
On Thu, Nov 14, 2013 at 12:05 AM, William A. Rowe Jr. wr...@rowe-clan.netwrote: On Wed, 13 Nov 2013 17:14:15 -0500 Jim Jagielski j...@jagunet.com wrote: On Nov 13, 2013, at 2:25 AM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Here we've unset C-L and T-E. but it makes no sense

mod_proxy ping and 100-continue (was Re: NOTE: Intent to TR 2.2.6 tomorrow)

2013-11-14 Thread Yann Ylavic
I peek this message from another thread and create a new one, since details may not be relevant in the TR note. On 11/12/2013 06:56 PM, William A. Rowe Jr. wrote: On Tue, 12 Nov 2013 11:48:16 -0500 Jim Jagielski j...@jagunet.com wrote: I intend to TR 2.2.26 tomorrow... post now if that's an

mod_proxy ping and 100-continue (was Re: NOTE: Intent to TR 2.2.6 tomorrow)

2013-11-14 Thread Yann Ylavic
I peek this message from another thread and create a new one, since details may not be relevant in the TR note. On 11/12/2013 06:56 PM, William A. Rowe Jr. wrote: On Tue, 12 Nov 2013 11:48:16 -0500 Jim Jagielski j...@jagunet.com wrote: I intend to TR 2.2.26 tomorrow... post now if that's

Re: http_filter.c r1524770 open issue?

2013-11-19 Thread Yann Ylavic
On Mon, Nov 18, 2013 at 6:28 PM, William A. Rowe Jr. wr...@rowe-clan.netwrote: On Thu, 14 Nov 2013 00:22:55 +0100 Yann Ylavic ylavic@gmail.com wrote: On Thu, Nov 14, 2013 at 12:05 AM, William A. Rowe Jr. wr...@rowe-clan.netwrote: On Wed, 13 Nov 2013 17:14:15 -0500 Jim Jagielski

Re: ssl_die() and pool cleanup

2013-11-22 Thread Yann Ylavic
Maybe sk_X509_NAME_pop_free(ca_list, X509_NAME_free) should be called too before returning NULL in ssl_init_FindCAList() (so to avoid a leak in case of failure). Regards; Yann. On Fri, Nov 22, 2013 at 4:20 PM, Jeff Trawick traw...@gmail.com wrote: On Wed, Nov 20, 2013 at 5:19 AM, Kaspar Brand

Re: http_filter.c r1524770 open issue?

2013-11-23 Thread Yann Ylavic
On Tue, Nov 19, 2013 at 3:27 PM, Yann Ylavic ylavic@gmail.com wrote: On Mon, Nov 18, 2013 at 6:28 PM, William A. Rowe Jr. wr...@rowe-clan.netwrote: By closing our write-end of the connection, we can signal to the server that we can't efficiently forward their response to the client

Re: http_filter.c r1524770 open issue?

2013-11-23 Thread Yann Ylavic
On Sat, Nov 23, 2013 at 6:52 PM, Yann Ylavic ylavic@gmail.com wrote: On Tue, Nov 19, 2013 at 3:27 PM, Yann Ylavic ylavic@gmail.com wrote: On Mon, Nov 18, 2013 at 6:28 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: By closing our write-end of the connection, we can signal

Re: svn commit: r1410459 - in /httpd/httpd/trunk: docs/log-message-tags/next-number server/mpm/event/event.c server/mpm/eventopt/eventopt.c

2013-11-23 Thread Yann Ylavic
Couldn't ap_queue_info_try_get_idler() and the event_pre_config() check use : prev_idlers = apr_atomic_add32((apr_uint32_t *)(queue_info-idlers), -1); like ap_queue_info_wait_for_idler() does ? Or maybe queue_info-idlers be declared uint32_t and negatives computed relative to 2^31 ?

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 2:59 PM, j...@apache.org wrote: Author: jim Date: Mon Nov 25 13:59:06 2013 New Revision: 1545286 URL: http://svn.apache.org/r1545286 Log: Use a normalized offset point for idlers... still need to worry that atomics work as expected, in this case that a add32 of a

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 4:24 PM, Yann Ylavic ylavic@gmail.com wrote: Index: server/mpm/event/fdqueue.c === --- server/mpm/event/fdqueue.c(revision 1545301) +++ server/mpm/event/fdqueue.c(working copy) @@ -17,7 +17,7

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 4:53 PM, Jim Jagielski j...@jagunet.com wrote: On Nov 25, 2013, at 10:24 AM, Yann Ylavic ylavic@gmail.com wrote: As Jeff said in the other thread, I think the test here should be : if (prev_idlers = 1) that's because dec32 was returning the new value

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 4:24 PM, Yann Ylavic ylavic@gmail.com wrote: (Note the int prev_idlers = apr_int32_t prev_idlers too in the patch, should int be larger than int32_t, eg. with 64bits int, prev_idlers would not become negative is this case...). Just to illustrate, suppose sizeof

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 7:10 PM, Jim Jagielski j...@jagunet.com wrote: On Nov 25, 2013, at 11:53 AM, Yann Ylavic ylavic@gmail.com wrote: Indeed, that was not consistent! This is a second fix then, the check was doubly broken... I'm not sure... Yes, APR_EAGAIN is all workers busy

Re: svn commit: r1545286 - in /httpd/httpd/trunk/server/mpm/event: event.c fdqueue.c

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 7:40 PM, Jim Jagielski j...@jagunet.com wrote: On Nov 25, 2013, at 1:09 PM, Jim Jagielski j...@jagunet.com wrote: On Nov 25, 2013, at 11:53 AM, Yann Ylavic ylavic@gmail.com wrote: On Mon, Nov 25, 2013 at 4:53 PM, Jim Jagielski j...@jagunet.com wrote

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

2013-11-25 Thread Yann Ylavic
On Mon, Nov 25, 2013 at 10:55 PM, William A. Rowe Jr. wr...@rowe-clan.netwrote: It appears that our SNI hostname comparison is invalid for forward proxy applications, specifically proxy CONNECT. RFC 2616 states; 14.23 Host The Host request-header field specifies the Internet host and

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

2013-11-26 Thread Yann Ylavic
On Tue, Nov 26, 2013 at 6:31 AM, Kaspar Brand httpd-dev.2...@velox.chwrote: On 26.11.2013 00:46, Yann Ylavic wrote: Ideas for the appropriate patch to httpd? Scope this fix to CONNECT requests alone, or all forward proxy requests? Maybe all forward proxy modules are concerned

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

2013-11-26 Thread Yann Ylavic
On Tue, Nov 26, 2013 at 9:29 AM, Yann Ylavic ylavic@gmail.com wrote: On Tue, Nov 26, 2013 at 6:31 AM, Kaspar Brand httpd-dev.2...@velox.chwrote: On 26.11.2013 00:46, Yann Ylavic wrote: Ideas for the appropriate patch to httpd? Scope this fix to CONNECT requests alone, or all forward

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

2013-11-26 Thread Yann Ylavic
On Tue, Nov 26, 2013 at 6:31 AM, Kaspar Brand httpd-dev.2...@velox.chwrote: On 26.11.2013 00:46, Yann Ylavic wrote: Ideas for the appropriate patch to httpd? Scope this fix to CONNECT requests alone, or all forward proxy requests? Maybe all forward proxy modules are concerned

Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests

2013-11-26 Thread Yann Ylavic
On Tue, Nov 26, 2013 at 6:18 PM, Kaspar Brand httpd-dev.2...@velox.chwrote: On 26.11.2013 09:29, Yann Ylavic wrote: Another point is that SNI can not be an IP address according to the RFC 6066 : 3. Server Name Indication [...] Literal IPv4 and IPv6 addresses are not permitted

Re: time caching in util_time.c and mod_log_config.c

2013-12-03 Thread Yann Ylavic
On Tue, Dec 3, 2013 at 12:13 AM, Daniel Lescohier daniel.lescoh...@cbsinteractive.com wrote: The current time caching implementation in util_time.c and mod_log_config.c is not guaranteed to work with all compilers and cpu architectures. I have some proposed code I've written, that I want to

Re: time caching in util_time.c and mod_log_config.c

2013-12-03 Thread Yann Ylavic
I personnally like this solution better (IMHO) since it does not rely on apr_thread_mutex_trylock() to be wait-free/userspace (eg. natively implements the compare and swap). On the other hand, apr_atomic_cas32() may itself be implemented using apr_thread_mutex_lock() when USE_ATOMICS_GENERIC is

Fwd: nonportable-atomics configure.in setting

2013-12-04 Thread Yann Ylavic
Sorry, I had no intention to send this offlist. -- Forwarded message -- From: Yann Ylavic ylavic@gmail.com Date: Wed, Dec 4, 2013 at 10:37 AM Subject: Re: nonportable-atomics configure.in setting To: Daniel Lescohier daniel.lescoh...@cbsi.com On Wed, Dec 4, 2013 at 1:22 AM

Re: nonportable-atomics configure.in setting

2013-12-04 Thread Yann Ylavic
On Wed, Dec 4, 2013 at 10:40 AM, Yann Ylavic ylavic@gmail.com wrote: On Wed, Dec 4, 2013 at 1:22 AM, Daniel Lescohier daniel.lescoh...@cbsi.com wrote: I see this in configure.in: AC_ARG_ENABLE(nonportable-atomics, [ --enable-nonportable-atomics Use optimized atomic code which may

Re: nonportable-atomics configure.in setting

2013-12-04 Thread Yann Ylavic
On Wed, Dec 4, 2013 at 11:02 AM, Yann Ylavic ylavic@gmail.com wrote: After r64861: native atomics are disabled (forcibly) on those CPUs, whatever --enable-nonportable-atomics is. Sorry, --enable-nonportable-atomics is still honored, I misread the code.

Re: nonportable-atomics configure.in setting

2013-12-04 Thread Yann Ylavic
On Wed, Dec 4, 2013 at 11:11 AM, Yann Ylavic ylavic@gmail.com wrote: On Wed, Dec 4, 2013 at 11:02 AM, Yann Ylavic ylavic@gmail.com wrote: After r64861: native atomics are disabled (forcibly) on those CPUs, whatever --enable-nonportable-atomics is. Sorry, --enable-nonportable

Re: nonportable-atomics configure.in setting

2013-12-04 Thread Yann Ylavic
On Wed, Dec 4, 2013 at 10:40 AM, Yann Ylavic ylavic@gmail.com wrote: Sorry, I had no intention to send this offlist. Well, I really strayed here, I just realize now this is the wrong list. Sorry again Daniel and httpd folks, I'll now restate all that to the apr list :)

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-12-05 Thread Yann Ylavic
ideas Yann, but I'm not sure if they address this particular problem too. Jan Kaluza On 10/17/2013 04:52 PM, Yann Ylavic wrote: On Thu, Oct 17, 2013 at 11:36 AM, Thomas Eckert thomas.r.w.eck...@gmail.com mailto:thomas.r.w.eck...@gmail.com wrote: Hence, why cannot mod_proxy_http

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-12-05 Thread Yann Ylavic
On Thu, Dec 5, 2013 at 4:05 PM, Jim Jagielski j...@jagunet.com wrote: There hardly seemed any consensus on the patch... It also seems that it adds more cycles to Apache on the front to reduce a race condition that can't really be removed. I don't think more cycles are added by this patch.

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-12-05 Thread Yann Ylavic
On Thu, Dec 5, 2013 at 5:04 PM, Thomas Eckert thomas.r.w.eck...@gmail.comwrote: It also seems that it adds more cycles to Apache on the front to reduce a race condition that can't really be removed. While it's true that the race condition itself cannot be avoided we can definitely work

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-12-05 Thread Yann Ylavic
On Thu, Dec 5, 2013 at 5:07 PM, Yann Ylavic ylavic@gmail.com wrote: On Thu, Dec 5, 2013 at 4:05 PM, Jim Jagielski j...@jagunet.com wrote: There hardly seemed any consensus on the patch... It also seems that it adds more cycles to Apache on the front to reduce a race condition that can't

  1   2   3   4   5   6   7   8   9   10   >