-/* ====================================================================
- * The Apache Software License, Version 1.1
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
#include "apr.h"
#include "apr_strings.h"
-#define CORE_PRIVATE
#include "ap_config.h"
#include "httpd.h"
#include "http_connection.h"
#include "http_request.h"
#include "http_protocol.h"
#include "ap_mpm.h"
-#include "mpm_default.h"
#include "http_config.h"
#include "http_core.h"
#include "http_vhost.h"
APR_HOOK_STRUCT(
APR_HOOK_LINK(create_connection)
- APR_HOOK_LINK(process_connection)
- APR_HOOK_LINK(pre_connection)
+ APR_HOOK_LINK(process_connection)
+ APR_HOOK_LINK(pre_connection)
)
AP_IMPLEMENT_HOOK_RUN_FIRST(conn_rec *,create_connection,
- (apr_pool_t *p, server_rec *server, apr_socket_t *csd, long conn_id, void *sbh),
- (p, server, csd, conn_id, sbh), NULL)
+ (apr_pool_t *p, server_rec *server, apr_socket_t *csd, long conn_id, void *sbh, apr_bucket_alloc_t *alloc),
+ (p, server, csd, conn_id, sbh, alloc), NULL)
AP_IMPLEMENT_HOOK_RUN_FIRST(int,process_connection,(conn_rec *c),(c),DECLINED)
AP_IMPLEMENT_HOOK_RUN_ALL(int,pre_connection,(conn_rec *c, void *csd),(c, csd),OK,DECLINED)
/*
#define MAX_SECS_TO_LINGER 30
#endif
-#ifdef USE_SO_LINGER
-#define NO_LINGCLOSE /* The two lingering options are exclusive */
-
-static void sock_enable_linger(int s)
-{
- struct linger li;
-
- li.l_onoff = 1;
- li.l_linger = MAX_SECS_TO_LINGER;
-
- if (setsockopt(s, SOL_SOCKET, SO_LINGER,
- (char *)&li, sizeof(struct linger)) < 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, errno, server_conf,
- "setsockopt: (SO_LINGER)");
- /* not a fatal error */
- }
-}
-
-#else
-#define sock_enable_linger(s) /* NOOP */
-#endif /* USE_SO_LINGER */
-
AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
{
apr_bucket_brigade *bb;
apr_bucket *b;
- bb = apr_brigade_create(c->pool);
- b = apr_bucket_flush_create();
+ bb = apr_brigade_create(c->pool, c->bucket_alloc);
+
+ /* FLUSH bucket */
+ b = apr_bucket_flush_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
+
+ /* End Of Connection bucket */
+ b = ap_bucket_eoc_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
+
ap_pass_brigade(c->output_filters, bb);
}
/* we now proceed to read from the client until we get EOF, or until
- * MAX_SECS_TO_LINGER has passed. the reasons for doing this are
+ * MAX_SECS_TO_LINGER has passed. The reasons for doing this are
* documented in a draft:
*
- * http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt
+ * http://tools.ietf.org/html/draft-ietf-http-connection-00.txt
*
* in a nutshell -- if we don't make this effort we risk causing
* TCP RST packets to be sent which can tear down a connection before
* all the response data has been sent to the client.
*/
#define SECONDS_TO_LINGER 2
-AP_DECLARE(void) ap_lingering_close(conn_rec *c)
+
+AP_DECLARE(int) ap_start_lingering_close(conn_rec *c)
{
- char dummybuf[512];
- apr_size_t nbytes = sizeof(dummybuf);
- apr_status_t rc;
- apr_int32_t timeout;
- apr_int32_t total_linger_time = 0;
- apr_socket_t *csd = ap_get_module_config(c->conn_config, &core_module);
+ apr_socket_t *csd = ap_get_conn_socket(c);
if (!csd) {
- return;
+ return 1;
}
- ap_update_child_status(c->sbh, SERVER_CLOSING, NULL);
+ if (c->sbh) {
+ ap_update_child_status(c->sbh, SERVER_CLOSING, NULL);
+ }
#ifdef NO_LINGCLOSE
ap_flush_conn(c); /* just close it */
apr_socket_close(csd);
- return;
+ return 1;
#endif
/* Close the connection, being careful to send out whatever is still
if (c->aborted) {
apr_socket_close(csd);
- return;
+ return 1;
}
/* Shut down the socket for write, which will send a FIN
* to the peer.
*/
- if (apr_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS
+ if (apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS
|| c->aborted) {
apr_socket_close(csd);
+ return 1;
+ }
+
+ return 0;
+}
+
+AP_DECLARE(void) ap_lingering_close(conn_rec *c)
+{
+ char dummybuf[512];
+ apr_size_t nbytes;
+ apr_time_t now, timeup = 0;
+ apr_socket_t *csd = ap_get_conn_socket(c);
+
+ if (ap_start_lingering_close(c)) {
return;
}
- /* Read all data from the peer until we reach "end-of-file" (FIN
- * from peer) or we've exceeded our overall timeout. If the client does
- * not send us bytes within 2 seconds (a value pulled from Apache 1.3
- * which seems to work well), close the connection.
+ /* Read available data from the client whilst it continues sending
+ * it, for a maximum time of MAX_SECS_TO_LINGER. If the client
+ * does not send any data within 2 seconds (a value pulled from
+ * Apache 1.3 which seems to work well), give up.
*/
- timeout = SECONDS_TO_LINGER * APR_USEC_PER_SEC;
- apr_setsocketopt(csd, APR_SO_TIMEOUT, timeout);
- apr_setsocketopt(csd, APR_INCOMPLETE_READ, 1);
- while (1) {
+ apr_socket_timeout_set(csd, apr_time_from_sec(SECONDS_TO_LINGER));
+ apr_socket_opt_set(csd, APR_INCOMPLETE_READ, 1);
+
+ /* The common path here is that the initial apr_socket_recv() call
+ * will return 0 bytes read; so that case must avoid the expensive
+ * apr_time_now() call and time arithmetic. */
+
+ do {
nbytes = sizeof(dummybuf);
- rc = apr_recv(csd, dummybuf, &nbytes);
- if (rc != APR_SUCCESS || nbytes == 0)
+ if (apr_socket_recv(csd, dummybuf, &nbytes) || nbytes == 0)
break;
- total_linger_time += SECONDS_TO_LINGER;
- if (total_linger_time >= MAX_SECS_TO_LINGER) {
- break;
+ now = apr_time_now();
+ if (timeup == 0) {
+ /*
+ * First time through;
+ * calculate now + 30 seconds (MAX_SECS_TO_LINGER).
+ *
+ * If some module requested a shortened waiting period, only wait for
+ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain
+ * DoS attacks.
+ */
+ if (apr_table_get(c->notes, "short-lingering-close")) {
+ timeup = now + apr_time_from_sec(SECONDS_TO_LINGER);
+ }
+ else {
+ timeup = now + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ }
+ continue;
}
- }
+ } while (now < timeup);
apr_socket_close(csd);
return;
AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd)
{
+ int rc;
ap_update_vhost_given_ip(c);
- ap_run_pre_connection(c, csd);
+ rc = ap_run_pre_connection(c, csd);
+ if (rc != OK && rc != DONE) {
+ c->aborted = 1;
+ }
if (!c->aborted) {
ap_run_process_connection(c);
projects / apache / blobdiff