-/* ====================================================================
- * Copyright (c) 1995-2000 The Apache Software Foundation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the Apache Software Foundation
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Software Foundation" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- * nor may "Apache" appear in their names without prior written
- * permission of the Apache Software Foundation.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the Apache Software Foundation
- * for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE Apache Software Foundation ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE Apache Software Foundation OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Software Foundation and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-#define CORE_PRIVATE
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr.h"
+#include "apr_strings.h"
+
#include "ap_config.h"
#include "httpd.h"
#include "http_connection.h"
#include "http_request.h"
#include "http_protocol.h"
#include "ap_mpm.h"
-#include "mpm_status.h"
#include "http_config.h"
+#include "http_core.h"
#include "http_vhost.h"
-
-HOOK_STRUCT(
- HOOK_LINK(pre_connection)
- HOOK_LINK(process_connection)
+#include "scoreboard.h"
+#include "http_log.h"
+#include "util_filter.h"
+
+APR_HOOK_STRUCT(
+ APR_HOOK_LINK(create_connection)
+ APR_HOOK_LINK(process_connection)
+ APR_HOOK_LINK(pre_connection)
)
-
-IMPLEMENT_HOOK_VOID(pre_connection,(conn_rec *c),(c))
-IMPLEMENT_HOOK_RUN_FIRST(int,process_connection,(conn_rec *c),(c),DECLINED)
-
-/* TODO: reimplement the lingering close stuff */
-#define NO_LINGCLOSE
-
+AP_IMPLEMENT_HOOK_RUN_FIRST(conn_rec *,create_connection,
+ (apr_pool_t *p, server_rec *server, apr_socket_t *csd, long conn_id, void *sbh, apr_bucket_alloc_t *alloc),
+ (p, server, csd, conn_id, sbh, alloc), NULL)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int,process_connection,(conn_rec *c),(c),DECLINED)
+AP_IMPLEMENT_HOOK_RUN_ALL(int,pre_connection,(conn_rec *c, void *csd),(c, csd),OK,DECLINED)
/*
* More machine-dependent networking gooo... on some systems,
* you've got to be *really* sure that all the packets are acknowledged
#define MAX_SECS_TO_LINGER 30
#endif
-#ifdef USE_SO_LINGER
-#define NO_LINGCLOSE /* The two lingering options are exclusive */
-
-static void sock_enable_linger(int s)
+AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
{
- struct linger li;
+ apr_bucket_brigade *bb;
+ apr_bucket *b;
- li.l_onoff = 1;
- li.l_linger = MAX_SECS_TO_LINGER;
+ bb = apr_brigade_create(c->pool, c->bucket_alloc);
- if (setsockopt(s, SOL_SOCKET, SO_LINGER,
- (char *) &li, sizeof(struct linger)) < 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
- "setsockopt: (SO_LINGER)");
- /* not a fatal error */
- }
-}
+ /* FLUSH bucket */
+ b = apr_bucket_flush_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
-#else
-#define sock_enable_linger(s) /* NOOP */
-#endif /* USE_SO_LINGER */
+ /* End Of Connection bucket */
+ b = ap_bucket_eoc_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
-#ifndef NO_LINGCLOSE
+ ap_pass_brigade(c->output_filters, bb);
+}
-/* Since many clients will abort a connection instead of closing it,
- * attempting to log an error message from this routine will only
- * confuse the webmaster. There doesn't seem to be any portable way to
- * distinguish between a dropped connection and something that might be
- * worth logging.
+/* we now proceed to read from the client until we get EOF, or until
+ * MAX_SECS_TO_LINGER has passed. the reasons for doing this are
+ * documented in a draft:
+ *
+ * http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt
+ *
+ * in a nutshell -- if we don't make this effort we risk causing
+ * TCP RST packets to be sent which can tear down a connection before
+ * all the response data has been sent to the client.
*/
-static void lingering_close(request_rec *r)
+#define SECONDS_TO_LINGER 2
+AP_DECLARE(void) ap_lingering_close(conn_rec *c)
{
- /*TODO remove the hardwired 512. This is an IO Buffer Size */
- char dummybuf[512];
- struct pollfd pd;
- int lsd;
- int max_wait;
-
- /* Prevent a slow-drip client from holding us here indefinitely */
+ char dummybuf[512];
+ apr_size_t nbytes;
+ apr_time_t timeup = 0;
+ apr_socket_t *csd = ap_get_module_config(c->conn_config, &core_module);
- max_wait = 30;
- ap_bsetopt(r->connection->client, BO_TIMEOUT, &max_wait);
-
- /* Send any leftover data to the client, but never try to again */
-
- if (ap_bflush(r->connection->client) != APR_SUCCESS) {
- ap_bclose(r->connection->client);
- return;
- }
- ap_bsetflag(r->connection->client, B_EOUT, 1);
-
- /* Close our half of the connection --- send the client a FIN */
-
- lsd = r->connection->client->fd;
-
- if ((shutdown(lsd, 1) != 0)
- || ap_is_aborted(r->connection)) {
- ap_bclose(r->connection->client);
- return;
+ if (!csd) {
+ return;
}
- /* Set up to wait for readable data on socket... */
- pd.fd = lsd;
- pd.events = POLLIN;
-
- /* Wait for readable data or error condition on socket;
- * slurp up any data that arrives... We exit when we go for an
- * interval of tv length without getting any more data, get an error
- * from poll(), get an error or EOF on a read, or the timer expires.
- */
- /* We use a 2 second timeout because current (Feb 97) browsers
- * fail to close a connection after the server closes it. Thus,
- * to avoid keeping the child busy, we are only lingering long enough
- * for a client that is actively sending data on a connection.
- * This should be sufficient unless the connection is massively
- * losing packets, in which case we might have missed the RST anyway.
- * These parameters are reset on each pass, since they might be
- * changed by poll.
- */
- do {
- pd.revents = 0;
- } while ((poll(&pd, 1, 2) == 1)
- && read(lsd, dummybuf, sizeof(dummybuf)));
- /* && (time() = epoch) < max_wait); */
-
- /* Should now have seen final ack. Safe to finally kill socket */
- ap_bclose(r->connection->client);
-}
-#endif /* ndef NO_LINGCLOSE */
-
-CORE_EXPORT(void) ap_process_connection(conn_rec *c)
-{
- ap_update_vhost_given_ip(c);
-
- ap_run_pre_connection(c);
+ ap_update_child_status(c->sbh, SERVER_CLOSING, NULL);
- ap_run_process_connection(c);
+#ifdef NO_LINGCLOSE
+ ap_flush_conn(c); /* just close it */
+ apr_socket_close(csd);
+ return;
+#endif
- /*
- * Close the connection, being careful to send out whatever is still
+ /* Close the connection, being careful to send out whatever is still
* in our buffers. If possible, try to avoid a hard close until the
* client has ACKed our FIN and/or has stopped sending us data.
*/
-#ifdef NO_LINGCLOSE
- ap_bclose(c->client); /* just close it */
-#else
- if (r && r->connection
- && !r->connection->aborted
- && r->connection->client
- && (r->connection->client->fd >= 0)) {
+ /* Send any leftover data to the client, but never try to again */
+ ap_flush_conn(c);
- lingering_close(r);
+ if (c->aborted) {
+ apr_socket_close(csd);
+ return;
}
- else {
- ap_bsetflag(c->client, B_EOUT, 1);
- ap_bclose(c->client);
- }
-#endif
-}
-
-int ap_process_http_connection(conn_rec *c)
- {
- request_rec *r;
- /*
- * Read and process each request found on our connection
- * until no requests are left or we decide to close.
+ /* Shut down the socket for write, which will send a FIN
+ * to the peer.
*/
-
- ap_update_connection_status(c->id, "Status", "Reading");
- while ((r = ap_read_request(c)) != NULL) {
-
- /* process the request if it was read without error */
-
- ap_update_connection_status(c->id, "Status", "Writing");
- if (r->status == HTTP_OK)
- ap_process_request(r);
-
- if (!c->keepalive || c->aborted)
- break;
-
- ap_update_connection_status(c->id, "Status", "Keepalive");
- ap_destroy_pool(r->pool);
-
- if (ap_graceful_stop_signalled()) {
- /* XXX: hey wait, this should do a lingering_close! */
- ap_bclose(c->client);
- return OK;
- }
+ if (apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS
+ || c->aborted) {
+ apr_socket_close(csd);
+ return;
}
- ap_reset_connection_status(c->id);
- return OK;
-}
-
-/* Clearly some of this stuff doesn't belong in a generalised connection
- structure, but for now...
-*/
-
-conn_rec *ap_new_connection(ap_context_t *p, server_rec *server, BUFF *inout,
- const struct sockaddr_in *remaddr,
- const struct sockaddr_in *saddr, long id)
-{
- conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
-
- /* Got a connection structure, so initialize what fields we can
- * (the rest are zeroed out by pcalloc).
+ /* Read available data from the client whilst it continues sending
+ * it, for a maximum time of MAX_SECS_TO_LINGER. If the client
+ * does not send any data within 2 seconds (a value pulled from
+ * Apache 1.3 which seems to work well), give up.
*/
+ apr_socket_timeout_set(csd, apr_time_from_sec(SECONDS_TO_LINGER));
+ apr_socket_opt_set(csd, APR_INCOMPLETE_READ, 1);
- conn->conn_config=ap_create_conn_config(p);
-
- conn->pool = p;
- conn->local_addr = *saddr;
- conn->local_ip = ap_pstrdup(conn->pool,
- inet_ntoa(conn->local_addr.sin_addr));
- conn->base_server = server;
- conn->client = inout;
+ /* The common path here is that the initial apr_socket_recv() call
+ * will return 0 bytes read; so that case must avoid the expensive
+ * apr_time_now() call and time arithmetic. */
- conn->remote_addr = *remaddr;
- conn->remote_ip = ap_pstrdup(conn->pool,
- inet_ntoa(conn->remote_addr.sin_addr));
-
- conn->id = id;
-
- return conn;
+ do {
+ nbytes = sizeof(dummybuf);
+ if (apr_socket_recv(csd, dummybuf, &nbytes) || nbytes == 0)
+ break;
+
+ if (timeup == 0) {
+ /*
+ * First time through;
+ * calculate now + 30 seconds (MAX_SECS_TO_LINGER).
+ *
+ * If some module requested a shortened waiting period, only wait for
+ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain
+ * DoS attacks.
+ */
+ if (apr_table_get(c->notes, "short-lingering-close")) {
+ timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+ }
+ else {
+ timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ }
+ continue;
+ }
+ } while (apr_time_now() < timeup);
+
+ apr_socket_close(csd);
+ return;
}
-
-
-conn_rec *ap_new_apr_connection(ap_context_t *p, server_rec *server, BUFF *inout,
- const ap_socket_t *conn_socket, long id)
+AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd)
{
- struct sockaddr_in *sa_local, *sa_remote;
+ int rc;
+ ap_update_vhost_given_ip(c);
- ap_get_local_name(&sa_local, conn_socket);
- ap_get_remote_name(&sa_remote, conn_socket);
- return ap_new_connection(p, server, inout, sa_remote, sa_local, id);
+ rc = ap_run_pre_connection(c, csd);
+ if (rc != OK && rc != DONE) {
+ c->aborted = 1;
+ }
+
+ if (!c->aborted) {
+ ap_run_process_connection(c);
+ }
}
+
projects / apache / blobdiff