1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_network_io.h"
18 #include "apr_strings.h"
20 #define APR_WANT_STRFUNC
23 #include "ap_config.h"
25 #include "http_config.h"
26 #include "http_core.h"
27 #include "ap_listen.h"
29 #include "mpm_common.h"
32 #include <systemd/sd-daemon.h>
35 /* we know core's module_index is 0 */
36 #undef APLOG_MODULE_INDEX
37 #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
39 AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL;
41 AP_DECLARE_DATA ap_listen_rec **mpm_listen = NULL;
42 AP_DECLARE_DATA int enable_default_listener = 1;
43 AP_DECLARE_DATA int num_buckets = 1;
44 AP_DECLARE_DATA int have_so_reuseport = 0;
46 static ap_listen_rec *old_listeners;
47 static int ap_listenbacklog;
48 static int send_buffer_size;
49 static int receive_buffer_size;
51 static int use_systemd;
54 /* TODO: make_sock is just begging and screaming for APR abstraction */
55 static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen)
57 apr_socket_t *s = server->sd;
60 #ifdef AP_ENABLE_V4_MAPPED
61 int v6only_setting = 0;
63 int v6only_setting = 1;
69 stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
70 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
71 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067)
72 "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
79 stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one);
80 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
81 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068)
82 "make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)",
89 * To send data over high bandwidth-delay connections at full
90 * speed we must force the TCP window to open wide enough to keep the
91 * pipe full. The default window size on many systems
92 * is only 4kB. Cross-country WAN connections of 100ms
93 * at 1Mb/s are not impossible for well connected sites.
94 * If we assume 100ms cross-country latency,
95 * a 4kB buffer limits throughput to 40kB/s.
97 * To avoid this problem I've added the SendBufferSize directive
98 * to allow the web master to configure send buffer size.
100 * The trade-off of larger buffers is that more kernel memory
101 * is consumed. YMMV, know your customers and your network!
103 * -John Heidemann <johnh@isi.edu> 25-Oct-96
105 * If no size is specified, use the kernel default.
107 if (send_buffer_size) {
108 stat = apr_socket_opt_set(s, APR_SO_SNDBUF, send_buffer_size);
109 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
110 ap_log_perror(APLOG_MARK, APLOG_WARNING, stat, p, APLOGNO(00070)
111 "make_sock: failed to set SendBufferSize for "
112 "address %pI, using default",
114 /* not a fatal error */
117 if (receive_buffer_size) {
118 stat = apr_socket_opt_set(s, APR_SO_RCVBUF, receive_buffer_size);
119 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
120 ap_log_perror(APLOG_MARK, APLOG_WARNING, stat, p, APLOGNO(00071)
121 "make_sock: failed to set ReceiveBufferSize for "
122 "address %pI, using default",
124 /* not a fatal error */
128 #if APR_TCP_NODELAY_INHERITED
129 ap_sock_disable_nagle(s);
135 apr_os_sock_get(&thesock, s);
136 if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT, (void *)&one, sizeof(int)) < 0) {
137 /* defined by not valid? */
138 if (errno == ENOPROTOOPT) {
139 have_so_reuseport = 0;
140 } /* Check if SO_REUSEPORT is supported by the running Linux Kernel.*/
142 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638)
143 "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEPORT)",
150 have_so_reuseport = 1;
155 if (do_bind_listen) {
157 if (server->bind_addr->family == APR_INET6) {
158 stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
159 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
160 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
161 "make_sock: for address %pI, apr_socket_opt_set: "
170 if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
171 ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
172 "make_sock: could not bind to address %pI",
178 if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
179 ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
180 "make_sock: unable to listen for connections "
189 /* I seriously doubt that this would work on Unix; I have doubts that
190 * it entirely solves the problem on Win32. However, since setting
191 * reuseaddr on the listener -prior- to binding the socket has allowed
192 * us to attach to the same port as an already running instance of
193 * Apache, or even another web server, we cannot identify that this
194 * port was exclusively granted to this instance of Apache.
196 * So set reuseaddr, but do not attempt to do so until we have the
197 * parent listeners successfully bound.
199 stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
200 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
201 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074)
202 "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
210 server->active = enable_default_listener;
212 server->accept_func = NULL;
217 static const char* find_accf_name(server_rec *s, const char *proto)
220 core_server_config *conf = ap_get_core_module_config(s->module_config);
225 accf = apr_table_get(conf->accf_map, proto);
227 if (accf && !strcmp("none", accf)) {
234 static void ap_apply_accept_filter(apr_pool_t *p, ap_listen_rec *lis,
237 apr_socket_t *s = lis->sd;
242 proto = lis->protocol;
245 proto = ap_get_server_protocol(server);
249 accf = find_accf_name(server, proto);
252 #if APR_HAS_SO_ACCEPTFILTER
253 /* In APR 1.x, the 2nd and 3rd parameters are char * instead of
254 * const char *, so make a copy of those args here.
256 rv = apr_socket_accept_filter(s, apr_pstrdup(p, accf),
258 if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) {
259 ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075)
260 "Failed to enable the '%s' Accept Filter",
264 rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30);
265 if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) {
266 ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076)
267 "Failed to enable APR_TCP_DEFER_ACCEPT");
273 static apr_status_t close_listeners_on_exec(void *v)
275 ap_close_listeners();
282 static apr_status_t alloc_systemd_listener(process_rec * process,
284 ap_listen_rec **out_rec)
289 apr_os_sock_info_t si;
293 memset(&si, 0, sizeof(si));
295 rv = getsockname(fd, &sa, &len);
298 rv = apr_get_netos_error();
299 ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489)
300 "getsockname on %d failed.", fd);
305 si.family = sa.sa_family;
306 si.type = SOCK_STREAM;
307 si.protocol = APR_PROTO_TCP;
309 rec = apr_palloc(process->pool, sizeof(ap_listen_rec));
314 rv = apr_os_sock_make(&rec->sd, &si, process->pool);
315 if (rv != APR_SUCCESS) {
316 ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490)
317 "apr_os_sock_make on %d failed.", fd);
321 rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd);
322 if (rv != APR_SUCCESS) {
323 ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491)
324 "apr_socket_addr_get on %d failed.", fd);
328 if (rec->bind_addr->port == 443) {
329 rec->protocol = apr_pstrdup(process->pool, "https");
331 rec->protocol = apr_pstrdup(process->pool, "http");
336 return make_sock(process->pool, rec, 0);
339 static int open_systemd_listeners(process_rec *process)
341 ap_listen_rec *last, *new;
345 const char *userdata_key = "ap_systemd_listeners";
346 int sdc = sd_listen_fds(0);
349 ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
350 "open_systemd_listeners: Error parsing enviroment, sd_listen_fds returned %d",
356 ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
357 "open_systemd_listeners: At least one socket must be set.");
362 while (last && last->next) {
366 fdcount = atoi(getenv("LISTEN_FDS"));
368 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
369 rv = alloc_systemd_listener(process, fd, &new);
371 if (rv != APR_SUCCESS) {
372 ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02488)
373 "open_systemd_listeners: failed to setup socket %d.", fd);
378 ap_listeners = last = new;
386 /* clear the enviroment on our second run
387 * so that none of our future children get confused.
389 apr_pool_userdata_get(&data, userdata_key, process->pool);
391 apr_pool_userdata_set((const void *)1, userdata_key,
392 apr_pool_cleanup_null, process->pool);
402 #endif /* HAVE_SYSTEMD */
404 static const char *alloc_listener(process_rec *process, char *addr,
405 apr_port_t port, const char* proto,
408 ap_listen_rec **walk, *last;
411 int found_listener = 0;
413 /* see if we've got an old listener for this address:port */
414 for (walk = &old_listeners; *walk;) {
415 sa = (*walk)->bind_addr;
416 /* Some listeners are not real so they will not have a bind_addr. */
422 /* If both ports are equivalent, then if their names are equivalent,
423 * then we will re-use the existing record.
425 if (port == oldport &&
426 ((!addr && !sa->hostname) ||
427 ((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) {
430 new->next = ap_listeners;
437 walk = &(*walk)->next;
440 if (found_listener) {
441 if (ap_listeners->slave != slave) {
442 return "Cannot define a slave on the same IP:port as a Listener";
447 if ((status = apr_sockaddr_info_get(&sa, addr, APR_UNSPEC, port, 0,
450 ap_log_perror(APLOG_MARK, APLOG_CRIT, status, process->pool, APLOGNO(00077)
451 "alloc_listener: failed to set up sockaddr for %s",
453 return "Listen setup failed";
456 /* Initialize to our last configured ap_listener. */
458 while (last && last->next) {
465 /* this has to survive restarts */
466 new = apr_palloc(process->pool, sizeof(ap_listen_rec));
470 new->protocol = apr_pstrdup(process->pool, proto);
472 /* Go to the next sockaddr. */
475 status = apr_socket_create(&new->sd, new->bind_addr->family,
476 SOCK_STREAM, 0, process->pool);
479 /* What could happen is that we got an IPv6 address, but this system
480 * doesn't actually support IPv6. Try the next address.
482 if (status != APR_SUCCESS && !addr &&
483 new->bind_addr->family == APR_INET6) {
487 if (status != APR_SUCCESS) {
488 ap_log_perror(APLOG_MARK, APLOG_CRIT, status, process->pool, APLOGNO(00078)
489 "alloc_listener: failed to get a socket for %s",
491 return "Listen setup failed";
494 /* We need to preserve the order returned by getaddrinfo() */
496 ap_listeners = last = new;
506 /* Evaluates to true if the (apr_sockaddr_t *) addr argument is the
507 * IPv4 match-any-address, 0.0.0.0. */
508 #define IS_INADDR_ANY(addr) ((addr)->family == APR_INET \
509 && (addr)->sa.sin.sin_addr.s_addr == INADDR_ANY)
511 /* Evaluates to true if the (apr_sockaddr_t *) addr argument is the
512 * IPv6 match-any-address, [::]. */
513 #define IS_IN6ADDR_ANY(addr) ((addr)->family == APR_INET6 \
514 && IN6_IS_ADDR_UNSPECIFIED(&(addr)->sa.sin6.sin6_addr))
517 * Create, open, listen, and bind all sockets.
518 * @param process The process record for the currently running server
519 * @return The number of open sockets
521 static int open_listeners(apr_pool_t *pool)
525 ap_listen_rec *previous;
527 const char *userdata_key = "ap_open_listeners";
529 #if AP_NONBLOCK_WHEN_MULTI_LISTEN
533 /* Don't allocate a default listener. If we need to listen to a
534 * port, then the user needs to have a Listen directive in their
539 for (lr = ap_listeners; lr; previous = lr, lr = lr->next) {
549 /* If we have the unspecified IPv4 address (0.0.0.0) and
550 * the unspecified IPv6 address (::) is next, we need to
551 * swap the order of these in the list. We always try to
552 * bind to IPv6 first, then IPv4, since an IPv6 socket
553 * might be able to receive IPv4 packets if V6ONLY is not
554 * enabled, but never the other way around.
555 * Note: In some configurations, the unspecified IPv6 address
556 * could be even later in the list. This logic only corrects
557 * the situation where it is next in the list, such as when
558 * apr_sockaddr_info_get() returns an IPv4 and an IPv6 address,
562 && IS_INADDR_ANY(lr->bind_addr)
563 && lr->bind_addr->port == lr->next->bind_addr->port
564 && IS_IN6ADDR_ANY(lr->next->bind_addr)) {
565 /* Exchange lr and lr->next */
567 lr->next = next->next;
570 previous->next = next;
578 /* If we are trying to bind to 0.0.0.0 and a previous listener
579 * was :: on the same port and in turn that socket does not have
580 * the IPV6_V6ONLY flag set; we must skip the current attempt to
581 * listen (which would generate an error). IPv4 will be handled
582 * on the established IPv6 socket.
584 if (IS_INADDR_ANY(lr->bind_addr) && previous) {
585 for (cur = ap_listeners; cur != lr; cur = cur->next) {
586 if (lr->bind_addr->port == cur->bind_addr->port
587 && IS_IN6ADDR_ANY(cur->bind_addr)
588 && apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY,
589 &v6only_setting) == APR_SUCCESS
590 && v6only_setting == 0) {
592 /* Remove the current listener from the list */
593 previous->next = lr->next;
594 lr = previous; /* maintain current value of previous after
595 * post-loop expression is evaluated
606 if (make_sock(pool, lr, enable_default_listener) == APR_SUCCESS) {
611 /* If we tried to bind to ::, and the next listener is
612 * on 0.0.0.0 with the same port, don't give a fatal
613 * error. The user will still get a warning from make_sock
617 && IS_IN6ADDR_ANY(lr->bind_addr)
618 && lr->bind_addr->port == lr->next->bind_addr->port
619 && IS_INADDR_ANY(lr->next->bind_addr)) {
621 /* Remove the current listener from the list */
623 previous->next = lr->next;
626 ap_listeners = lr->next;
629 /* Although we've removed ourselves from the list,
630 * we need to make sure that the next iteration won't
631 * consider "previous" a working IPv6 '::' socket.
632 * Changing the family is enough to make sure the
633 * conditions before make_sock() fail.
635 lr->bind_addr->family = AF_INET;
646 /* close the old listeners */
647 for (lr = old_listeners; lr; lr = next) {
648 apr_socket_close(lr->sd);
652 old_listeners = NULL;
654 #if AP_NONBLOCK_WHEN_MULTI_LISTEN
655 /* if multiple listening sockets, make them non-blocking so that
656 * if select()/poll() reports readability for a reset connection that
657 * is already forgotten about by the time we call accept, we won't
658 * be hung until another connection arrives on that port
660 use_nonblock = (ap_listeners && ap_listeners->next);
661 for (lr = ap_listeners; lr; lr = lr->next) {
664 status = apr_socket_opt_set(lr->sd, APR_SO_NONBLOCK, use_nonblock);
665 if (status != APR_SUCCESS) {
666 ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, status, pool, APLOGNO(00079)
667 "unable to control socket non-blocking status");
671 #endif /* AP_NONBLOCK_WHEN_MULTI_LISTEN */
673 /* we come through here on both passes of the open logs phase
674 * only register the cleanup once... otherwise we try to close
675 * listening sockets twice when cleaning up prior to exec
677 apr_pool_userdata_get(&data, userdata_key, pool);
679 apr_pool_userdata_set((const void *)1, userdata_key,
680 apr_pool_cleanup_null, pool);
681 apr_pool_cleanup_register(pool, NULL, apr_pool_cleanup_null,
682 close_listeners_on_exec);
685 return num_open ? 0 : -1;
688 AP_DECLARE(int) ap_setup_listeners(server_rec *s)
691 server_addr_rec *addr;
693 int num_listeners = 0;
697 for (ls = s; ls; ls = ls->next) {
698 proto = ap_get_server_protocol(ls);
701 /* No protocol was set for this vhost,
702 * use the default for this listener.
704 for (addr = ls->addrs; addr && !found; addr = addr->next) {
705 for (lr = ap_listeners; lr; lr = lr->next) {
706 if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
707 lr->bind_addr->port == addr->host_port) {
708 ap_set_server_protocol(ls, lr->protocol);
716 /* TODO: set protocol defaults per-Port, eg 25=smtp */
717 ap_set_server_protocol(ls, "http");
725 if (open_systemd_listeners(s->process) != 0) {
732 if (open_listeners(s->process->pool)) {
737 for (lr = ap_listeners; lr; lr = lr->next) {
740 for (ls = s; ls && !found; ls = ls->next) {
741 for (addr = ls->addrs; addr && !found; addr = addr->next) {
742 if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
743 lr->bind_addr->port == addr->host_port) {
745 ap_apply_accept_filter(s->process->pool, lr, ls);
751 ap_apply_accept_filter(s->process->pool, lr, s);
755 return num_listeners;
758 AP_DECLARE(apr_status_t) ap_duplicate_listeners(server_rec *s, apr_pool_t *p,
762 int use_nonblock = 0;
765 mpm_listen = apr_palloc(p, sizeof(ap_listen_rec*) * num_buckets);
766 for (i = 0; i < num_buckets; i++) {
767 ap_listen_rec *last = NULL;
770 ap_listen_rec *duplr;
774 duplr = apr_palloc(p, sizeof(ap_listen_rec));
776 duplr->protocol = apr_pstrdup(p, lr->protocol);
777 hostname = apr_pstrdup(p, lr->bind_addr->hostname);
778 port = lr->bind_addr->port;
779 apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p);
780 duplr->bind_addr = sa;
782 if ((stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family,
783 SOCK_STREAM, 0, p)) != APR_SUCCESS) {
784 ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640)
785 "ap_duplicate_socket: for address %pI, "
786 "cannot duplicate a new socket!",
790 make_sock(p, duplr, 1);
791 #if AP_NONBLOCK_WHEN_MULTI_LISTEN
792 use_nonblock = (ap_listeners && ap_listeners->next);
793 if ((stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock))
795 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641)
796 "unable to control socket non-blocking status");
800 ap_apply_accept_filter(p, duplr, s);
803 mpm_listen[i] = last = duplr;
815 AP_DECLARE_NONSTD(void) ap_close_listeners(void)
819 for (i = 0; i < num_buckets; i++) {
820 for (lr = mpm_listen[i]; lr; lr = lr->next) {
821 apr_socket_close(lr->sd);
827 AP_DECLARE_NONSTD(int) ap_close_selected_listeners(ap_slave_t *slave)
832 for (lr = ap_listeners; lr; lr = lr->next) {
833 if (lr->slave != slave) {
834 apr_socket_close(lr->sd);
844 AP_DECLARE(void) ap_listen_pre_config(void)
846 old_listeners = ap_listeners;
848 ap_listenbacklog = DEFAULT_LISTENBACKLOG;
851 AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
852 int argc, char *const argv[])
854 char *host, *scope_id, *proto;
857 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
863 if (argc < 1 || argc > 2) {
864 return "Listen requires 1 or 2 arguments.";
867 if (strcmp("systemd", argv[0]) == 0) {
870 if (ap_listeners != NULL) {
871 return "systemd socket activation support must be used exclusive of normal listeners.";
875 return "systemd support was not compiled in.";
881 return "systemd socket activation support must be used exclusive of normal listeners.";
885 rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
886 if (rv != APR_SUCCESS) {
887 return "Invalid address or port";
890 if (host && !strcmp(host, "*")) {
895 /* XXX scope id support is useful with link-local IPv6 addresses */
896 return "Scope id is not supported";
900 return "Port must be specified";
911 proto = apr_pstrdup(cmd->pool, argv[1]);
912 ap_str_tolower(proto);
915 return alloc_listener(cmd->server->process, host, port, proto, NULL);
918 AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd,
923 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
931 return "ListenBacklog must be > 0";
934 ap_listenbacklog = b;
938 AP_DECLARE_NONSTD(const char *) ap_set_send_buffer_size(cmd_parms *cmd,
943 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
949 if (s < 512 && s != 0) {
950 return "SendBufferSize must be >= 512 bytes, or 0 for system default.";
953 send_buffer_size = s;
957 AP_DECLARE_NONSTD(const char *) ap_set_receive_buffer_size(cmd_parms *cmd,
962 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
968 if (s < 512 && s != 0) {
969 return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
972 receive_buffer_size = s;