-/* Copyright 2000-2004 Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
#include "apr.h"
#include "apr_strings.h"
-#define CORE_PRIVATE
#include "ap_config.h"
#include "httpd.h"
#include "http_connection.h"
#include "http_request.h"
#include "http_protocol.h"
#include "ap_mpm.h"
-#include "mpm_default.h"
#include "http_config.h"
#include "http_core.h"
#include "http_vhost.h"
APR_HOOK_STRUCT(
APR_HOOK_LINK(create_connection)
- APR_HOOK_LINK(process_connection)
- APR_HOOK_LINK(pre_connection)
+ APR_HOOK_LINK(process_connection)
+ APR_HOOK_LINK(pre_connection)
)
AP_IMPLEMENT_HOOK_RUN_FIRST(conn_rec *,create_connection,
(apr_pool_t *p, server_rec *server, apr_socket_t *csd, long conn_id, void *sbh, apr_bucket_alloc_t *alloc),
apr_bucket *b;
bb = apr_brigade_create(c->pool, c->bucket_alloc);
+
+ /* FLUSH bucket */
b = apr_bucket_flush_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
+
+ /* End Of Connection bucket */
+ b = ap_bucket_eoc_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
+
ap_pass_brigade(c->output_filters, bb);
}
AP_DECLARE(void) ap_lingering_close(conn_rec *c)
{
char dummybuf[512];
- apr_size_t nbytes = sizeof(dummybuf);
- apr_status_t rc;
- apr_int32_t timeout;
- apr_int32_t total_linger_time = 0;
+ apr_size_t nbytes;
+ apr_time_t timeup = 0;
apr_socket_t *csd = ap_get_module_config(c->conn_config, &core_module);
if (!csd) {
return;
}
- /* Read all data from the peer until we reach "end-of-file" (FIN
- * from peer) or we've exceeded our overall timeout. If the client does
- * not send us bytes within 2 seconds (a value pulled from Apache 1.3
- * which seems to work well), close the connection.
+ /* Read available data from the client whilst it continues sending
+ * it, for a maximum time of MAX_SECS_TO_LINGER. If the client
+ * does not send any data within 2 seconds (a value pulled from
+ * Apache 1.3 which seems to work well), give up.
*/
- timeout = apr_time_from_sec(SECONDS_TO_LINGER);
- apr_socket_timeout_set(csd, timeout);
+ apr_socket_timeout_set(csd, apr_time_from_sec(SECONDS_TO_LINGER));
apr_socket_opt_set(csd, APR_INCOMPLETE_READ, 1);
- while (1) {
+
+ /* The common path here is that the initial apr_socket_recv() call
+ * will return 0 bytes read; so that case must avoid the expensive
+ * apr_time_now() call and time arithmetic. */
+
+ do {
nbytes = sizeof(dummybuf);
- rc = apr_socket_recv(csd, dummybuf, &nbytes);
- if (rc != APR_SUCCESS || nbytes == 0)
+ if (apr_socket_recv(csd, dummybuf, &nbytes) || nbytes == 0)
break;
- total_linger_time += SECONDS_TO_LINGER;
- if (total_linger_time >= MAX_SECS_TO_LINGER) {
- break;
+ if (timeup == 0) {
+ /*
+ * First time through;
+ * calculate now + 30 seconds (MAX_SECS_TO_LINGER).
+ *
+ * If some module requested a shortened waiting period, only wait for
+ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain
+ * DoS attacks.
+ */
+ if (apr_table_get(c->notes, "short-lingering-close")) {
+ timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+ }
+ else {
+ timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ }
+ continue;
}
- }
+ } while (apr_time_now() < timeup);
apr_socket_close(csd);
return;
if (rc != OK && rc != DONE) {
c->aborted = 1;
}
-
+
if (!c->aborted) {
ap_run_process_connection(c);
}