marc 97/06/28 16:57:59
Modified: htdocs/manual/mod core.html directives.html
src http_conf_globals.h http_config.c http_core.c
http_main.c httpd.h
Log:
Add ListenBacklog directive to control the backlog passed to listen().
Also change the default to 511 for platforms that use an 8-bit datatype
to store it.
A slightly different implementation than suggested by Taso Devetzis
<[EMAIL PROTECTED]>, who submitted the PR.
PR: 240
Reviewed by: Dean Gaudet, Jim Jagielski
Revision Changes Path
1.59 +14 -0 apache/htdocs/manual/mod/core.html
Index: core.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v
retrieving revision 1.58
retrieving revision 1.59
diff -C3 -r1.58 -r1.59
*** core.html 1997/06/22 23:58:38 1.58
--- core.html 1997/06/28 23:57:53 1.59
***************
*** 43,48 ****
--- 43,49 ----
<li><A HREF="#keepalivetimeout">KeepAliveTimeout</A>
<li><A HREF="#limit"><Limit></A>
<li><A HREF="#listen">Listen</A>
+ <li><A HREF="#listenbacklog">ListenBacklog</A>
<li><A HREF="#location"><Location></A>
<li><A HREF="#maxclients">MaxClients</A>
<li><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</a>
***************
*** 657,662 ****
--- 658,676 ----
<strong>See Also:</strong>
<a href="../misc/known_bugs.html#listenbug">Known Bugs</a></p>
<hr>
+
+ <A NAME="listenbacklog"<H2>ListenBacklog</H2></A>
+ <strong>Syntax:</strong> ListenBacklog <em>backlog</em><br>
+ <strong>Default:</strong> <code>ListenBacklog 511</code><br>
+ <strong>Context:</strong> server config<br>
+ <strong>Status:</strong> Core<br>
+ <strong>Compatibility:</strong> ListenBacklog is only available in Apache
+ versions after 1.2.0.<p>
+
+ The maximum length of the queue of pending connections. Generally no
+ tuning is needed or desired, however on some systems it is desirable
+ to increase this when under a TCP SYN flood attack. See
+ the backlog parameter to the <code>listen(2)</code> system call.
<A name="limit"><h2><Limit> directive</h2></A>
<!--%plaintext <?INDEX {\tt Limit} section directive> -->
1.21 +1 -0 apache/htdocs/manual/mod/directives.html
Index: directives.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/mod/directives.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -C3 -r1.20 -r1.21
*** directives.html 1997/06/04 16:14:14 1.20
--- directives.html 1997/06/28 23:57:54 1.21
***************
*** 103,108 ****
--- 103,109 ----
<li><A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>
<li><A HREF="core.html#limit"><Limit></A>
<li><A HREF="core.html#listen">Listen</A>
+ <li><A HREF="core.html#listenbacklog">ListenBacklog</A>
<li><A HREF="mod_dld.html#loadfile">LoadFile</A>
<li><A HREF="mod_dld.html#loadmodule">LoadModule</A>
<li><A HREF="core.html#location"><Location></A>
1.12 +1 -0 apache/src/http_conf_globals.h
Index: http_conf_globals.h
===================================================================
RCS file: /export/home/cvs/apache/src/http_conf_globals.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -C3 -r1.11 -r1.12
*** http_conf_globals.h 1997/06/28 23:05:13 1.11
--- http_conf_globals.h 1997/06/28 23:57:55 1.12
***************
*** 71,76 ****
--- 71,77 ----
extern int daemons_max_free;
extern int daemons_limit;
extern int suexec_enabled;
+ extern int listenbacklog;
extern char *pid_fname;
extern char *scoreboard_fname;
1.53 +1 -0 apache/src/http_config.c
Index: http_config.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_config.c,v
retrieving revision 1.52
retrieving revision 1.53
diff -C3 -r1.52 -r1.53
*** http_config.c 1997/06/28 23:05:13 1.52
--- http_config.c 1997/06/28 23:57:55 1.53
***************
*** 1044,1049 ****
--- 1044,1050 ----
max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
bind_address.s_addr = htonl(INADDR_ANY);
listeners = NULL;
+ listenbacklog = DEFAULT_LISTENBACKLOG;
}
server_rec *init_server_config(pool *p)
1.87 +12 -0 apache/src/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.86
retrieving revision 1.87
diff -C3 -r1.86 -r1.87
*** http_core.c 1997/06/28 23:05:13 1.86
--- http_core.c 1997/06/28 23:57:55 1.87
***************
*** 1175,1180 ****
--- 1175,1191 ----
return NULL;
}
+ const char *set_listenbacklog (cmd_parms *cmd, void *dummy, char *arg) {
+ int b;
+
+ if (cmd->server->is_virtual)
+ return "ListenBacklog not allowed in <VirtualHost>";
+ b = atoi (arg);
+ if (b < 1) return "ListenBacklog must be > 0";
+ listenbacklog = b;
+ return NULL;
+ }
+
/* Note --- ErrorDocument will now work from .htaccess files.
* The AllowOverride of Fileinfo allows webmasters to turn it off
*/
***************
*** 1292,1297 ****
--- 1303,1309 ----
{ "ClearModuleList", clear_module_list_command, NULL, RSRC_CONF, NO_ARGS,
NULL },
{ "ThreadsPerChild", set_threads, NULL, RSRC_CONF, TAKE1, "Number of
threads a child creates" },
{ "ExcessRequestsPerChild", set_excess_requests, NULL, RSRC_CONF, TAKE1,
"Maximum number of requests a particular child serves after it is ready to
die." },
+ { "ListenBacklog", set_listenbacklog, NULL, RSRC_CONF, TAKE1, "maximum
length of the queue of pending connections, as used by listen(2)" },
{ NULL },
};
1.165 +2 -1 apache/src/http_main.c
Index: http_main.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_main.c,v
retrieving revision 1.164
retrieving revision 1.165
diff -C3 -r1.164 -r1.165
*** http_main.c 1997/06/28 23:05:14 1.164
--- http_main.c 1997/06/28 23:57:56 1.165
***************
*** 164,169 ****
--- 164,170 ----
int daemons_limit;
time_t restart_time;
int suexec_enabled = 0;
+ int listenbacklog;
char server_root[MAX_STRING_LEN];
char server_confname[MAX_STRING_LEN];
***************
*** 1882,1888 ****
#ifdef MPE
if (ntohs(server->sin_port) < 1024) GETUSERMODE();
#endif
! listen(s, 512);
return s;
}
--- 1883,1889 ----
#ifdef MPE
if (ntohs(server->sin_port) < 1024) GETUSERMODE();
#endif
! listen(s, listenbacklog);
return s;
}
1.118 +11 -0 apache/src/httpd.h
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache/src/httpd.h,v
retrieving revision 1.117
retrieving revision 1.118
diff -C3 -r1.117 -r1.118
*** httpd.h 1997/06/28 23:05:15 1.117
--- httpd.h 1997/06/28 23:57:57 1.118
***************
*** 241,246 ****
--- 241,257 ----
#define DEFAULT_THREADS_PER_CHILD 50
#define DEFAULT_EXCESS_REQUESTS_PER_CHILD 0
+ /* The maximum length of the queue of pending connections, as defined
+ * by listen(2). Under some systems, it should be increased if you
+ * are experiencing a heavy TCP SYN flood attack.
+ *
+ * It defaults to 511 instead of 512 because some systems store it
+ * as an 8-bit datatype; 512 truncated to 8-bits is 0, while 511 is
+ * 255 when truncated.
+ */
+
+ #define DEFAULT_LISTENBACKLOG 511
+
/* If you have altered Apache and wish to change the SERVER_VERSION
* identifier below, please keep to the HTTP specification. This states
that
* the identification string should consist of product tokens with an
optional
