marc 97/06/28 16:57:59
Modified: htdocs/manual/mod core.html directives.html src http_conf_globals.h http_config.c http_core.c http_main.c httpd.h Log: Add ListenBacklog directive to control the backlog passed to listen(). Also change the default to 511 for platforms that use an 8-bit datatype to store it. A slightly different implementation than suggested by Taso Devetzis <[EMAIL PROTECTED]>, who submitted the PR. PR: 240 Reviewed by: Dean Gaudet, Jim Jagielski Revision Changes Path 1.59 +14 -0 apache/htdocs/manual/mod/core.html Index: core.html =================================================================== RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v retrieving revision 1.58 retrieving revision 1.59 diff -C3 -r1.58 -r1.59 *** core.html 1997/06/22 23:58:38 1.58 --- core.html 1997/06/28 23:57:53 1.59 *************** *** 43,48 **** --- 43,49 ---- <li><A HREF="#keepalivetimeout">KeepAliveTimeout</A> <li><A HREF="#limit"><Limit></A> <li><A HREF="#listen">Listen</A> + <li><A HREF="#listenbacklog">ListenBacklog</A> <li><A HREF="#location"><Location></A> <li><A HREF="#maxclients">MaxClients</A> <li><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</a> *************** *** 657,662 **** --- 658,676 ---- <strong>See Also:</strong> <a href="../misc/known_bugs.html#listenbug">Known Bugs</a></p> <hr> + + <A NAME="listenbacklog"<H2>ListenBacklog</H2></A> + <strong>Syntax:</strong> ListenBacklog <em>backlog</em><br> + <strong>Default:</strong> <code>ListenBacklog 511</code><br> + <strong>Context:</strong> server config<br> + <strong>Status:</strong> Core<br> + <strong>Compatibility:</strong> ListenBacklog is only available in Apache + versions after 1.2.0.<p> + + The maximum length of the queue of pending connections. Generally no + tuning is needed or desired, however on some systems it is desirable + to increase this when under a TCP SYN flood attack. See + the backlog parameter to the <code>listen(2)</code> system call. <A name="limit"><h2><Limit> directive</h2></A> <!--%plaintext <?INDEX {\tt Limit} section directive> --> 1.21 +1 -0 apache/htdocs/manual/mod/directives.html Index: directives.html =================================================================== RCS file: /export/home/cvs/apache/htdocs/manual/mod/directives.html,v retrieving revision 1.20 retrieving revision 1.21 diff -C3 -r1.20 -r1.21 *** directives.html 1997/06/04 16:14:14 1.20 --- directives.html 1997/06/28 23:57:54 1.21 *************** *** 103,108 **** --- 103,109 ---- <li><A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A> <li><A HREF="core.html#limit"><Limit></A> <li><A HREF="core.html#listen">Listen</A> + <li><A HREF="core.html#listenbacklog">ListenBacklog</A> <li><A HREF="mod_dld.html#loadfile">LoadFile</A> <li><A HREF="mod_dld.html#loadmodule">LoadModule</A> <li><A HREF="core.html#location"><Location></A> 1.12 +1 -0 apache/src/http_conf_globals.h Index: http_conf_globals.h =================================================================== RCS file: /export/home/cvs/apache/src/http_conf_globals.h,v retrieving revision 1.11 retrieving revision 1.12 diff -C3 -r1.11 -r1.12 *** http_conf_globals.h 1997/06/28 23:05:13 1.11 --- http_conf_globals.h 1997/06/28 23:57:55 1.12 *************** *** 71,76 **** --- 71,77 ---- extern int daemons_max_free; extern int daemons_limit; extern int suexec_enabled; + extern int listenbacklog; extern char *pid_fname; extern char *scoreboard_fname; 1.53 +1 -0 apache/src/http_config.c Index: http_config.c =================================================================== RCS file: /export/home/cvs/apache/src/http_config.c,v retrieving revision 1.52 retrieving revision 1.53 diff -C3 -r1.52 -r1.53 *** http_config.c 1997/06/28 23:05:13 1.52 --- http_config.c 1997/06/28 23:57:55 1.53 *************** *** 1044,1049 **** --- 1044,1050 ---- max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD; bind_address.s_addr = htonl(INADDR_ANY); listeners = NULL; + listenbacklog = DEFAULT_LISTENBACKLOG; } server_rec *init_server_config(pool *p) 1.87 +12 -0 apache/src/http_core.c Index: http_core.c =================================================================== RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.86 retrieving revision 1.87 diff -C3 -r1.86 -r1.87 *** http_core.c 1997/06/28 23:05:13 1.86 --- http_core.c 1997/06/28 23:57:55 1.87 *************** *** 1175,1180 **** --- 1175,1191 ---- return NULL; } + const char *set_listenbacklog (cmd_parms *cmd, void *dummy, char *arg) { + int b; + + if (cmd->server->is_virtual) + return "ListenBacklog not allowed in <VirtualHost>"; + b = atoi (arg); + if (b < 1) return "ListenBacklog must be > 0"; + listenbacklog = b; + return NULL; + } + /* Note --- ErrorDocument will now work from .htaccess files. * The AllowOverride of Fileinfo allows webmasters to turn it off */ *************** *** 1292,1297 **** --- 1303,1309 ---- { "ClearModuleList", clear_module_list_command, NULL, RSRC_CONF, NO_ARGS, NULL }, { "ThreadsPerChild", set_threads, NULL, RSRC_CONF, TAKE1, "Number of threads a child creates" }, { "ExcessRequestsPerChild", set_excess_requests, NULL, RSRC_CONF, TAKE1, "Maximum number of requests a particular child serves after it is ready to die." }, + { "ListenBacklog", set_listenbacklog, NULL, RSRC_CONF, TAKE1, "maximum length of the queue of pending connections, as used by listen(2)" }, { NULL }, }; 1.165 +2 -1 apache/src/http_main.c Index: http_main.c =================================================================== RCS file: /export/home/cvs/apache/src/http_main.c,v retrieving revision 1.164 retrieving revision 1.165 diff -C3 -r1.164 -r1.165 *** http_main.c 1997/06/28 23:05:14 1.164 --- http_main.c 1997/06/28 23:57:56 1.165 *************** *** 164,169 **** --- 164,170 ---- int daemons_limit; time_t restart_time; int suexec_enabled = 0; + int listenbacklog; char server_root[MAX_STRING_LEN]; char server_confname[MAX_STRING_LEN]; *************** *** 1882,1888 **** #ifdef MPE if (ntohs(server->sin_port) < 1024) GETUSERMODE(); #endif ! listen(s, 512); return s; } --- 1883,1889 ---- #ifdef MPE if (ntohs(server->sin_port) < 1024) GETUSERMODE(); #endif ! listen(s, listenbacklog); return s; } 1.118 +11 -0 apache/src/httpd.h Index: httpd.h =================================================================== RCS file: /export/home/cvs/apache/src/httpd.h,v retrieving revision 1.117 retrieving revision 1.118 diff -C3 -r1.117 -r1.118 *** httpd.h 1997/06/28 23:05:15 1.117 --- httpd.h 1997/06/28 23:57:57 1.118 *************** *** 241,246 **** --- 241,257 ---- #define DEFAULT_THREADS_PER_CHILD 50 #define DEFAULT_EXCESS_REQUESTS_PER_CHILD 0 + /* The maximum length of the queue of pending connections, as defined + * by listen(2). Under some systems, it should be increased if you + * are experiencing a heavy TCP SYN flood attack. + * + * It defaults to 511 instead of 512 because some systems store it + * as an 8-bit datatype; 512 truncated to 8-bits is 0, while 511 is + * 255 when truncated. + */ + + #define DEFAULT_LISTENBACKLOG 511 + /* If you have altered Apache and wish to change the SERVER_VERSION * identifier below, please keep to the HTTP specification. This states that * the identification string should consist of product tokens with an optional