Share data between servers

[Sébastien Bonnegent]

Hi,

Is there a way to share data (in my case a apr_array_header_t)
between all the httpd process ?

I have to use it to provide single sign-on functionality with
the proxy module. I have to store some informations about old 
requests from all httpd process (true and virtual).

Thank you and best regards.

seß - sinad
PS: Congratulations at all the Apache Team for his work
-- 
GPG uid: 0xCB92591D  ICQ: 60143970
LINUX - because life is too short to reboot !
-- Fortune:
Your object is to save the world, while still leading a pleasant life.



msg11412/pgp0.pgp
Description: PGP signature

Re: HTTP headers on 'trailing slash' redirects?

[Phil Stoneman]

Monday, August 12, 2002, 9:09:01 AM, you wrote:

 Phil Stoneman says:
 
 Now, my problem is this: Apache(1.3.26) is sending 301
 (HTTP_MOVED_PERMANENTLY) when it does the 'trailing slash' redirects
 to contruct a valid URI for a directory. This is technically not
 against the RFC from what I can see. It is a bit annoying, though,
 since when tinkering with UseCanonicalName in the config file, the
 browser cached the redirect and made me think apache wasn't getting
 its own hostname correctly.
 I've tested IIS 5.0, and this does seem to send 302
 (HTTP_MOVED_TEMPORARILY), which is what I'd imagine should be done.
 Also, I've found a reference on google groups to apache 1.2b8 where
 this behaviour was changed as I'm looking for:
 http://groups.google.com/groups?selm=334AF61F.26A5%40DECUS.Orgoutput=gplain
 (The bit in question was written by Markus Gyger, and is about halfway
 down)

 Seems to me that a URL pointing to a directory always has to end with a 
 slash, and therefor it is permanent. Why would it be temporary?

Hmm... I'm not entirely sure, to be honest. I wouldn't really
consider myself experienced in any way with the inner workings of web
servers.
However.
It does strike me that the object could concievably change between
being a directory and being a file, for example, meaning that a cached
redirect (Which is what seems to happen with a permanent redirect) is
an annoyance.

Also, it appears that IIS (at least 5.0, which I've tested for this)
and Apache 1.2b8 (from that changelog I found) do respond with a 302
(temporary redirect). I'm wondering why the current Apache's behaviour
is different, that's all.

Also, is there any way to persuade apache to do this right with
mod_rewrite?

Thanks

Phil

-- 
 Phil Stonemanmailto:[EMAIL PROTECTED]

user field of conn-rec in change from apache 13 to 20

[Harrie Hazewinkel]

HI,

Can someone point me to the equivalent in the Apache 2.0.x versions
of the user field that was in the Apache 1.3.x in hte conn_rec??

thanks by advance,

Harrie

server push CGI problem

[Michael Weiser]

Hi,

I've got an update problem regarding apache 1.3.24/2.0.39 and a home-grown
server-push webcam CGI. The CGI continuously reads images from the cam,
compresses them into JPEGs and puts them together into a
multipart/x-mixed-replace stream to produce a poor-man's video with
netscape-browsers.

With apache-1.3.x the CGI detected that the connection to the browser was
closed by getting an error back when writing to standard output because
apache automatically closed down the pipe to the CGI as well.

Now after upgrading to apache-2.0.39 the cgi never gets the error and
therefore never stops delivering pictures to nowhere. My guess is that
apache tries to discard all remaining script output by reading until EOF
before closing the pipe which in my case results in the script carrying on
forever.

I've tried to install the script as nph- but that resulted in the browser
showing the data literally because it somehow got the MIME type wrong/not
at all.

Now my questions are:
Is my guess regarding the discard of remaining output right?
Can it be switched off?
How can I get the nph- approach get to work properly?

Thanks in advance for your help.
-- 
bye, Micha

Re: Share data between servers

[Sébastien Bonnegent]

Graham Leggett wrote:
GL Sébastien Bonnegent wrote:
GL 
GL  Is there a way to share data (in my case a apr_array_header_t)
GL  between all the httpd process ?
GL  
GL  I have to use it to provide single sign-on functionality with
GL  the proxy module. I have to store some informations about old 
GL  requests from all httpd process (true and virtual).
GL 
GL Simply configuring an authentication module in Apache should provide 
GL single sign on for you using basic authentication without any code 
GL modification.

Oh ! I think that I have missed something. Could you give me an example
of this configuration please ?

GL What exactly are you trying to achieve?

I want to make a transparent proxy where the client only
have to give an authentification the first time for a domain
and after the proxy gives the authentification for the others
domains. In this system, the auth system must recognize the Basic 
and the Digest mecanisms.

For example:

 -- --- -
| a client |--| SSO-proxy |--| Server1 | for the domain: www.example1.com
 -- --- \   -
 \| Server2 | for the domain: www.example2.com
  \ -
   \ ...

A client connect to www.example1.com, and provide an authentification.
Later, the same client connect to www.example2.com without give again
an authentification.

In my opinion, I though to provide the auth header instead of the client
in the proxy module. The differents servers (Server1, Server2, ...) could
be of any type (Apache, IIS, ...).

Do you see what I mean ?

Best regards,
seß - sinad
-- 
GPG uid: 0xCB92591D  ICQ: 60143970
LINUX - because life is too short to reboot !
-- Fortune:
For a light heart lives long.
-- Shakespeare, Love's Labour's Lost



msg11417/pgp0.pgp
Description: PGP signature

Re: user field of conn-rec in change from apache 13 to 20

[Jeff Trawick]

Harrie Hazewinkel [EMAIL PROTECTED] writes:

 Can someone point me to the equivalent in the Apache 2.0.x versions
 of the user field that was in the Apache 1.3.x in hte conn_rec??

They were moved to the request_rec.

-- 
Jeff Trawick | [EMAIL PROTECTED]
Born in Roswell... married an alien...

Re: Share data between servers

[Graham Leggett]

Sébastien Bonnegent wrote:

 I want to make a transparent proxy where the client only
 have to give an authentification the first time for a domain
 and after the proxy gives the authentification for the others
 domains. In this system, the auth system must recognize the Basic 
 and the Digest mecanisms.

Hmmm... you're going to battle doing this, basically because you need to 
get the browsers to cooperate.

The Apache side is pretty easy, just configure one of the authentication 
modules and your browser will be forced to authenticate first.

But - your browser is going to ask for a username and password on each 
attempt to connect to a different website name (unless the browser bases 
it's decision to ask for a password based on the realm string, in which 
case it might work).

This is easy to try without any actual coding - set it up and see if it 
works...

Regards,
Graham
-- 
-
[EMAIL PROTECTED] 
There's a moon
over Bourbon Street
tonight...

Re: Share data between servers

[Sébastien Bonnegent]

Graham Leggett wrote:
GL Sébastien Bonnegent wrote:
GL  I want to make a transparent proxy where the client only
GL  have to give an authentification the first time for a domain
GL  and after the proxy gives the authentification for the others
GL  domains. In this system, the auth system must recognize the Basic 
GL  and the Digest mecanisms.
GL 
GL Hmmm... you're going to battle doing this, basically because you need to 
GL get the browsers to cooperate.

Not necessarily, because I can detect in the proxy module when the server
responds with a 401 (need authentification) and in this case, I re-send
a request with a authentification field if the user is already authentified
on the proxy. And this, without any browser's cooperation.
This is why I need to share some data between different servers. But, in 
another hand, this means more work for Apache and certainly taller
response time.

GL But - your browser is going to ask for a username and password on each 
GL attempt to connect to a different website name

Yes, I know. It is why I want to provide the authentification information
instead of the user. (because there is the same login/password for all
my websites)

GL (unless the browser bases 
GL it's decision to ask for a password based on the realm string, in which 
GL case it might work).
GL This is easy to try without any actual coding - set it up and see if it 
GL works...

I have already tested it with Netscape, Galeon, Mozilla, lynx, ... and it 
seems that it isn't a standard !

Regards,
seß - sinad
-- 
GPG uid: 0xCB92591D  ICQ: 60143970
LINUX - because life is too short to reboot !
-- Fortune:
You'd like to do it instantaneously, but that's too slow.



msg11420/pgp0.pgp
Description: PGP signature

[PATCH] handling ErrorDocument failures

[Greg Ames]

There have been a number of glitches with our canned error message support
(ap_send_error_response) which are caused by us trying to use two different
request_recs to send them, believe it or not.  We get into this situation when
an ErrorDocument specifies an internal redirect to a bad URI.  Current external
symptoms include the wrong Content-Type if the ErrorDocument URI points to a bad
CGI, and garbled canned error text on ebcdic boxes due to ascii data being sent
thru a charset-lite filter which expects ebcdic input. 

When ap_die detects a recursive error caused by an internal redirect to an
ErrorDocument, it saves and processes the recursive error status code, backs up
to the request_rec for the first error, and passes that to
ap_send_error_response.  We then initialize this request_rec as appropriate for
a canned error message.  But just before we start emitting the text of the
message, we switch to the newest request_rec by chasing r-next, which gets us
out of sync.  It looks like this code was added to be compatible with similar
code in ap_finalize_request_protocol.  

I can't tell from the commit logs why the code to chase r-next was added to
ap_finalize_request_protocol (rev 1.207 of modules/http/http_protocol.c).  It
takes away the caller's ability to back out to an earlier request_rec after an
internal redirect failure.  Is that important?  Dunno, but we support in 1.3 and
I see no reason to remove that support.  It's probably why the r-prev and
r-next pointers exist.

We need to send the canned error text on the same request_rec that we initialize
for that purpose in order to fix the glitches.  This patch chooses to
consistantly use the request_rec passed into ap_send_error_message to be
compatible with 1.3.  In order for that to work properly, the filter chains must
be updated to point to the earlier request_rec, backing out the changes done by
internal_internal_redirect.  

Comments?

Thanks,
Greg

Index: modules/http/http_protocol.c
===
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.453
diff -u -d -b -r1.453 http_protocol.c
--- modules/http/http_protocol.c8 Aug 2002 20:39:15 -   1.453
+++ modules/http/http_protocol.c12 Aug 2002 13:41:07 -
 -2301,16 +2301,6 
 const char *title = status_lines[idx];
 const char *h1;
 
-/* XXX This is a major hack that should be fixed cleanly.  The
- * problem is that we have the information we need in a previous
- * request, but the text of the page must be sent down the last
- * request_rec's filter stack.  rbb
- */
-request_rec *rlast = r;
-while (rlast-next) {
-rlast = rlast-next;
-}
-
 /* Accept a status_line set by a module, but only if it begins
  * with the 3 digit status code
  */
 -2331,24 +2321,24 
  * so do ebcdic-ascii translation explicitly (if needed)
  */
 
-ap_rvputs_proto_in_ascii(rlast,
+ap_rvputs_proto_in_ascii(r,
   DOCTYPE_HTML_2_0
   htmlhead\ntitle, title,
   /title\n/headbody\nh1, h1, /h1\n,
   NULL);
 
-ap_rvputs_proto_in_ascii(rlast,
+ap_rvputs_proto_in_ascii(r,
  get_canned_error_string(status, r, location),
  NULL);
 
 if (recursive_error) {
-ap_rvputs_proto_in_ascii(rlast, pAdditionally, a ,
+ap_rvputs_proto_in_ascii(r, pAdditionally, a ,
   status_lines[ap_index_of_response(recursive_error)],
   \nerror was encountered while trying to use an 
   ErrorDocument to handle the request./p\n, NULL);
 }
-ap_rvputs_proto_in_ascii(rlast, ap_psignature(hr /\n, r), NULL);
-ap_rvputs_proto_in_ascii(rlast, /body/html\n, NULL);
+ap_rvputs_proto_in_ascii(r, ap_psignature(hr /\n, r), NULL);
+ap_rvputs_proto_in_ascii(r, /body/html\n, NULL);
 }
 ap_finalize_request_protocol(r);
 }
Index: modules/http/http_request.c
===
RCS file: /home/cvs/httpd-2.0/modules/http/http_request.c,v
retrieving revision 1.151
diff -u -d -b -r1.151 http_request.c
--- modules/http/http_request.c 27 Jun 2002 04:40:47 -  1.151
+++ modules/http/http_request.c 12 Aug 2002 13:41:07 -
 -96,6 +96,23 
  * Mainline request processing...
  */
 
+/* XXX A cleaner and faster way to do this might be to pass the request_rec 
+ * down the filter chain as a parameter.  It would need to change for 
+ * subrequest vs. main request filters; perhaps the subrequest filter could 
+ * make the switch.
+ */
+static void update_r_in_filters(ap_filter_t *f, 
+request_rec *from,
+request_rec *to)
+{
+while 

Re: Share data between servers

[Cliff Woolley]

On Mon, 12 Aug 2002, Sbastien Bonnegent wrote:

 A client connect to www.example1.com, and provide an authentification.
 Later, the same client connect to www.example2.com without give again
 an authentification.

How is that not a security problem?

Let's say we then have www.example3.attacker.com who provides the same
Realm to the proxy.  The proxy hands over the user's password to the
attacker without the client even knowing anything happened.

--Cliff

Re: Share data between servers

[Sébastien Bonnegent]

Cliff Woolley wrote:
CW On Mon, 12 Aug 2002, Sbastien Bonnegent wrote:
CW 
CW  A client connect to www.example1.com, and provide an authentification.
CW  Later, the same client connect to www.example2.com without give again
CW  an authentification.
CW 
CW How is that not a security problem?
CW 
CW Let's say we then have www.example3.attacker.com who provides the same
CW Realm to the proxy.  The proxy hands over the user's password to the
CW attacker without the client even knowing anything happened.

In fact, my first schema was incomplete, whereis a firewall between
the client and the proxy. In addition, the proxy only serves a delimited number
of websites which are known in advance. It is the proxy that check if the
user is already known or not.

Obviously, hijacking and ip-spoofing must have special attention
in this system (maybe with a special nonce or something like that).

Regards,
seß - sinad
-- 
GPG uid: 0xCB92591D  ICQ: 60143970
LINUX - because life is too short to reboot !
-- Fortune:
There will be big changes for you but you will be happy.



msg11423/pgp0.pgp
Description: PGP signature

2.0.40 Win32 binary packages borked

[Cliff Woolley]

The .msi and .exe installers for 2.0.40 are borked... lots of default
stuff (license, etc), and the registry keys created are apparently for
2.0.39 instead of 2.0.40 (or so says one of the several PR's on the
matter).

How soon can these be rebuilt?  Should I pull the broken installers in the
meanwhile?

--Cliff

RE: 2.0.40 Win32 binary packages borked

[Bill Stoddard]

 The .msi and .exe installers for 2.0.40 are borked... lots of default
 stuff (license, etc), and the registry keys created are apparently for
 2.0.39 instead of 2.0.40 (or so says one of the several PR's on the
 matter).

 How soon can these be rebuilt?  Should I pull the broken installers in the
 meanwhile?

 --Cliff


Pull the broken Windows install. Bill Rowe generally does the Windows binary
builds. I have no idea how to do it nor the time to investigate now.  If no
one else can do the builds, we will be w/o Windows builds for a while.

Bill

RE: [PATCH] Workaround for bogobrowsers

[Bill Stoddard]

+1

 Some browsers have an unusual breakage: when they receive a
 redirect, and the redirect response's content-type includes a
 charset, they remember the charset and apply it to the target
 of the redirection -- overriding any charset the target's
 response specifies.
 
 This gets tickled when the redirect is coming out of any
 internal Apache mechanism, since we explicitly set the
 charset on those.  If the redirect is to a page in Greek,
 for instance, the browser is going to try to render it in
 iso-8859-1.
 
 This is a client bug to be sure, but in a widely-deployed
 browser: Netscape 4.
 
 The following patch allows this to be worked around using our
 standard BrowserMatch envariable mechanism.  It's against
 1.3, since that's the version with the most penetration at
 the moment and where the problem is most visible.
 
 Index: src/main/http_protocol.c
 ===
 RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
 retrieving revision 1.325
 diff -u -r1.325 http_protocol.c
 --- src/main/http_protocol.c9 Jul 2002 15:26:26 -   1.325
 +++ src/main/http_protocol.c12 Aug 2002 16:24:39 -
  -2834,7 +2834,13 
  r-content_languages = NULL;
  r-content_encoding = NULL;
  r-clength = 0;
 -r-content_type = text/html; charset=iso-8859-1;
 +if (ap_table_get(r-subprocess_env,
 + suppress-error-charset) != NULL) {
 +r-content_type = text/html;
 +}
 +else {
 +r-content_type = text/html; charset=iso-8859-1;
 +}
  
  if ((status == METHOD_NOT_ALLOWED) || (status == 
 NOT_IMPLEMENTED))
  ap_table_setn(r-headers_out, Allow, make_allow(r));
 
 -- 
 #ken  P-)}
 
 Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
 Author, developer, opinionist  http://Apache-Server.Com/
 
 Millennium hand and shrimp!
 

Re: [PATCH] Workaround for bogobrowsers

[Joshua Slive]

Jim Jagielski wrote:
 By the by, do we have a canonical list of such env-vars currently is use?
 Last I checked, the doccos were somewhat dated and sparse.

The canonical list is here:
http://httpd.apache.org/docs/env.html#special
(and similarly for 2.0)

But I believe that some of the recent additions have not made it into 
the right place.

Joshua.

Re: [PATCH] Workaround for bogobrowsers

[Jim Jagielski]

Joshua Slive wrote:
 
 Jim Jagielski wrote:
  By the by, do we have a canonical list of such env-vars currently is use?
  Last I checked, the doccos were somewhat dated and sparse.
 
 The canonical list is here:
 http://httpd.apache.org/docs/env.html#special
 (and similarly for 2.0)
 
 But I believe that some of the recent additions have not made it into 
 the right place.
 

Yeah, it looks like the page hasn't changed since last I peeked at it.
Wasn't sure if there was someplace else they were being maintained, but
it doesn't look like it :/

-- 
===
   Jim Jagielski   [|]   [EMAIL PROTECTED]   [|]   http://www.jaguNET.com/
  A society that will trade a little liberty for a little order
 will lose both and deserve neither - T.Jefferson

Re: user field of conn-rec in change from apache 13 to 20

[Ryan Bloom]

The user field is in the request_rec now, because users are a
request-based entity in HTTP.

Ryan

On Mon, 12 Aug 2002, Harrie Hazewinkel wrote:

 HI,
 
 Can someone point me to the equivalent in the Apache 2.0.x versions
 of the user field that was in the Apache 1.3.x in hte conn_rec??
 
 thanks by advance,
 
 Harrie
 

-- 

___
Ryan Bloom  [EMAIL PROTECTED]
550 Jean St
Oakland CA 94610
---

different module building semantics

[Aryeh Katz]

In order to build the non-standard modules, configure requires a command 
line option of the form --enable-module-name.
The problem with this (other than being unable to use the  --enable-module=) 
syntax, is that you can't choose to build as a shared library.
This causes much work in order add a non-standard module, because you 
have to rebuild the entire server just to get one more module enabled.
---
Aryeh Katz
VASCO   
www.vasco.com   

Re: different module building semantics

[Ian Holsman]

Aryeh Katz wrote:
 In order to build the non-standard modules, configure requires a command 
 line option of the form --enable-module-name.
 The problem with this (other than being unable to use the  --enable-module=) 
 syntax, is that you can't choose to build as a shared library.
 This causes much work in order add a non-standard module, because you 
 have to rebuild the entire server just to get one more module enabled.
 ---
 Aryeh Katz
 VASCO 
 www.vasco.com 
 
Hi Aryeh.
have a look at apxs.
this might be a better approach for your development, as all you require
are the header files and the libraries to create a module.

Re: different module building semantics

[Aryeh Katz]

 Aryeh Katz wrote:
  In order to build the non-standard modules, configure requires a
  command line option of the form --enable-module-name. The problem
  with this (other than being unable to use the  --enable-module=)
  syntax, is that you can't choose to build as a shared library. This
  causes much work in order add a non-standard module, because you
  have to rebuild the entire server just to get one more module
  enabled. --- Aryeh Katz VASCOwww.vasco.com  
  
 Hi Aryeh.
 have a look at apxs.
 this might be a better approach for your development, as all you
 require are the header files and the libraries to create a module.
I was referring to modules that are in the experimental directory...

---
Aryeh Katz
VASCO   
www.vasco.com   

Re: different module building semantics

[Ian Holsman]

Aryeh Katz wrote:
Aryeh Katz wrote:

In order to build the non-standard modules, configure requires a
command line option of the form --enable-module-name. The problem
with this (other than being unable to use the  --enable-module=)
syntax, is that you can't choose to build as a shared library. This
causes much work in order add a non-standard module, because you
have to rebuild the entire server just to get one more module
enabled. --- Aryeh Katz VASCO www.vasco.com  


Hi Aryeh.
have a look at apxs.
this might be a better approach for your development, as all you
require are the header files and the libraries to create a module.
 
 I was referring to modules that are in the experimental directory...
you mean something like
--enable-cache=shared
doesn't work for you?
 
 ---
 Aryeh Katz
 VASCO 
 www.vasco.com 
 

Why can't ap_send_error_response() count on charset?

[Carlo Perassi]

Hi all.
In modules/http/http_protocol.c
the comment say
ap_send_error_response is used for any response that can be generated by the
server from the request record. This includes all [snip] messages that have
not been redirected to another handler via the ErrorDocument feature.
On line 2331 I read:
/* can't count on a charset filter being in place here,
 * so do ebcdic-ascii translation explicitly (if needed)
 */

It's trivial to add on line 2336 to ap_rvputs_proto_in_ascii() a string like
meta http-equiv=Content-Type content=text/html; charset=utf-8
or so... but the comment about say can't count on a charset.

Anyway... with the actual code, the html generated by ap_send_error_response
can't pass the W3C Validator test (with the missing meta line it would be ok).

I'd like to see the html generated by ap_send_error_response to pass the W3C
Validator test in the default configuration (say without using external html
files for 404 and so on).

The patch is trivial but I don't understand why (we) can't count on a charset
filter being in place here.

Thank you.

-- 
Carlo Perassi - http://www.linux.it/~carlo/
Do only what only you can do (Edsger Wybe Dijkstra: 1930-2002)

Re: different module building semantics

[Aryeh Katz]

  
  I was referring to modules that are in the experimental directory...
 you mean something like
 --enable-cache=shared
 doesn't work for you?
I used --enable-shared=all to force shared libraries. That's what I meant in my 
original post about different module building semantics.
Once I set it to =shared, then it was in fact a shared module.

I would just prefer the ability to do --enable-module=... and --enable-shared 
once, whether it is a supported module or not.
Does it make sense to have duplicate logic that doesn't work across the 
board?
1) enable-my-module
2) enable-module=my_module
If I'm not mistaken, I can write --enable-shared=all, and case 2 will make it 
shared.
---
Aryeh Katz
VASCO   
www.vasco.com   

RE: [PATCH] Workaround for bogobrowsers

[Dirk-Willem van Gulik]

yes please !

+1


  redirect, and the redirect response's content-type includes a
  charset, they remember the charset and apply it to the target
  of the redirection -- overriding any charset the target's
  response specifies.
 
  This gets tickled when the redirect is coming out of any
  internal Apache mechanism, since we explicitly set the
  charset on those.  If the redirect is to a page in Greek,
  for instance, the browser is going to try to render it in
  iso-8859-1.
 
  This is a client bug to be sure, but in a widely-deployed
  browser: Netscape 4.
 
  The following patch allows this to be worked around using our
  standard BrowserMatch envariable mechanism.  It's against
  1.3, since that's the version with the most penetration at
  the moment and where the problem is most visible.
 
  Index: src/main/http_protocol.c
  ===
  RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
  retrieving revision 1.325
  diff -u -r1.325 http_protocol.c
  --- src/main/http_protocol.c9 Jul 2002 15:26:26 -   1.325
  +++ src/main/http_protocol.c12 Aug 2002 16:24:39 -
   -2834,7 +2834,13 
   r-content_languages = NULL;
   r-content_encoding = NULL;
   r-clength = 0;
  -r-content_type = text/html; charset=iso-8859-1;
  +if (ap_table_get(r-subprocess_env,
  + suppress-error-charset) != NULL) {
  +r-content_type = text/html;
  +}
  +else {
  +r-content_type = text/html; charset=iso-8859-1;
  +}
 
   if ((status == METHOD_NOT_ALLOWED) || (status ==
  NOT_IMPLEMENTED))
   ap_table_setn(r-headers_out, Allow, make_allow(r));
 
  --
  #kenP-)}
 
  Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
  Author, developer, opinionist  http://Apache-Server.Com/
 
  Millennium hand and shrimp!
 

Re: QNX 6.1a mod/peer review

[Igor Kovalenko]

Anyone? ping! Or should i resumbit once a week as Justin suggested once ;)

- Original Message -
From: Igor Kovalenko [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 07, 2002 2:24 PM
Subject: Re: QNX 6.1a mod/peer review


 Was that applied or not? Does not seem to be in 2.0.39...

 As for the content of patch, it appears to do 2 things: replace mmmap() of
 /dev/zero with mmap() of a regular file (which is not the best idea) and
 handle retuns of pthread_xxx() funcs differently (they return errno value
 rather than set errno on QNX6). This all applies to
 USE_PROC_PTHREAD_SERIALIZE code.

 However, USE_PROC_PTHREAD_SERIALIZE is not defined on QNX6. The
 USE_PTHREAD_SERIALIZE is defined, but useless since apache has no code for
 it beyond handling -V option. USE_POSIXSEM_SERIALIZE is defined too and
 SINGLE_LISTEN_UNSERIALIZED_ACCEPT is also defined.

 Which means (as far as i can tell) USE_POSIXSEM_SERIALIZE will be used if
 more than one Listen is present. That code looks somewhat strange to me
too.
 Is there a reason why named POSIX semaphores are used? Named ones add lot
of
 unnecessary trouble (there are even comments inline about joy of using
them)
 and on QNX they are also whole lot slower. Why not put unnamed ones into
 anon shared memory? Is this code used by any other platform which does
have
 named POSIX sems but does not have anon shared memory? The time_sem.c does
 not have code to test POSIXSEM_SERIALIZE performance. I did test
FLOCK/FCNTL
 and PTHREAD though and PTHREAD is 5-6 times faster on QNX6 (single CPU, 50
 children, 1 iterations).

 So here is what needs to be done I think:

 1. define USE_PROC_PTHREAD_SERIALIZE for QNX6
 2. patch USE_PROC_PTHREAD_SERIALIZE to use mmap(MAP_ANON) is available and
 fallback to mmap(/dev/zero) otherwise; also patch it to use QNX6
equivalent
 of pthread_mutex_setconsistent_np().
 3. patch for handling of pthread_xxx() returns.
 4. handle scoreboard code to use mmap() in similar way to (2)
 5. remove QNX6 from list of systems which don't have initgroups().

 Are there upfront objections to such patch before I bother doing it? There
 were objections when I tried to do (2) for apache1.3 - it was said to be
 non-QNX-specific. My arguments (that it actually should be
non-QNX-specific)
 were never answered and patch was summarily ignored.

 Regards,
 -- igor

 - Original Message -
 From: Davide Berti [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, May 23, 2002 12:28 PM
 Subject: QNX 6.1a mod/peer review


  Hello all
 
  httpd-2.0.36, QNX 6.1 RTOS
 
  I have made a modification to apache to get it to run
  on qnx.  It kept hanging.  I traced it down and made
  some changes to get it to run.  I wanted to proof
  these changes with the apache community and get some
  feedback as to the longterm consequences/ side effects
  of these changes.  I am attaching a diff of the
  changes that I made.
 
  I also noticed that SSL doesn't seem to work unless
  the -X flag is passed to httpd, any ideas.
 
  Thanks
  /Davide
 
  --- httpd-2.0.36/srclib/apr/locks/unix/proc_mutex.c
  Mon Apr  8 23:56:56 2002
  +++ ../httpd-2.0.36/srclib/apr/locks/unix/proc_mutex.c
  Wed May  8 16:04:51 2002
  @@ -318,7 +318,9 @@
   if (munmap((caddr_t)mutex-pthread_interproc,
  sizeof(pthread_mutex_t))){
   return errno;
   }
  -}
  +if(shm_unlink(/datapoints)) // DB
  +return errno;
  + }
   return APR_SUCCESS;
   }
 
  @@ -329,11 +331,15 @@
   int fd;
   pthread_mutexattr_t mattr;
 
  -fd = open(/dev/zero, O_RDWR);
  -if (fd  0) {
  -return errno;
  -}
  +fd=shm_open(/datapoints,O_RDWR|O_CREAT,0777);
  file://DB
  + if (fd  0)
  + return errno;
 
  + if(ftruncate(fd,sizeof(pthread_mutex_t))==-1)  file://DB
  + return errno;
  +
  +
  +
   new_mutex-pthread_interproc = (pthread_mutex_t
  *)mmap(
  (caddr_t) 0,
 
  sizeof(pthread_mutex_t),
  @@ -363,10 +369,11 @@
 
  PTHREAD_MUTEX_ROBUST_NP))) {
   #ifdef PTHREAD_SETS_ERRNO
   rv = errno;
  -#endif
  +#endif // DB
   proc_mutex_proc_pthread_cleanup(new_mutex);
   return rv;
   }
  +#endif
   if ((rv = pthread_mutexattr_setprotocol(mattr,
  PTHREAD_PRIO_INHERIT))) {
   #ifdef PTHREAD_SETS_ERRNO
   rv = errno;
  @@ -374,9 +381,15 @@
   proc_mutex_proc_pthread_cleanup(new_mutex);
   return rv;
   }
  +if ((rv =
  pthread_mutex_destroy(new_mutex-pthread_interproc)))
  { // DB
  +#ifdef PTHREAD_SETS_ERRNO
  +rv = errno;
   #endif
  +proc_mutex_proc_pthread_cleanup(new_mutex);
  +return rv;
  +}
 
  -if ((rv =
  pthread_mutex_init(new_mutex-pthread_interproc,
  mattr))) {
  + if ((rv =
  pthread_mutex_init(new_mutex-pthread_interproc,
  mattr))) {
   #ifdef PTHREAD_SETS_ERRNO
   rv = errno;
   #endif
 
  __
  Do You Yahoo!?