Distributed Development Research

[Carl Gutwin]

(Sorry for the off-topic post - it was suggested to me that I post here 
and see if there was any interest...)

Hi - I'm a CS researcher who does research in groupware and distributed 
systems. I'm writing because I would like to interview some httpd 
developers to find out how people in distributed open-source projects 
manage to stay aware of others on the project. By 'awareness' I mean 
things like who is on the project, who is the person to talk to for 
particular issues, who to inform when you want to make a particular 
change, and so forth.

I've found some surprising things so far talking with some people from 
the NetBSD project - I'd like to see how things are done here on httpd. 
There's a longer description of my project below - if you would be 
willing to talk about your experiences with me, please send email to 
[EMAIL PROTECTED] (or reply to this message, or whatever).

Thanks,
Carl
  Group awareness in distributed development projects ==

 It is not obvious how open-source projects manage to coordinate the
 efforts of numerous developers, all with write access to the code.
 Although projects are usually partitioned to reduce the people
 working in any one area, there are still many cases where one person's
 actions are dependent on, or will affect, another person's work. I am
 trying to find out how developers stay aware of who's doing what - e.g.:
  - who is in charge of (or is currently working on) piece X?
  - who should I inform before making a change?
  - is anyone already working on change Z?
  - is person Y nearly finished their work on change Z?
  - how do new developers 'learn the ropes' of who does what on the
 project?
  - are there situations where work is duplicated or people work at
 cross purposes (i.e. where there was inadequate awareness)?
 I would like to collect information from you about these issues, about
 other awareness problems, or about how things work on this project. If
 you would be willing to discuss it further, please contact me at
 [EMAIL PROTECTED]
 ===
--
Carl Gutwin, Associate Professor,   Department of Computer Science
University of Saskatchewan, 57 Campus Drive, Saskatoon SK  S7N 5A9
Tel: (306) 966-8646   Fax: (306) 966-4884WWW: hci.usask.ca

Re: 1.x: byte-range with ErrorDocuments returns incorrect status code

[Geoffrey Young]

Will Lowe wrote:
> Thanks for the quick response -- sorry I've been slow getting back to
> you. Yes, the attached patch does seem to fix 1.3.X.  It'd be great if
> it got rolled into the next point release.

ok, I'll try and guide it through the process.

--Geoff

mod_ssl TLS/SSL upgrade...

[Brad Nicholes]

   I would like to resurrect an old discussion.  About a year and half
ago rbb and wrowe committed a patch for mod_ssl to provide the SSLEngine
upgrade capability.  It seems that one of the reasons for not back
porting it to the 2.0 tree was because there weren't really any clients
that supported it.  Well I know of at least one now which is Novell's
iPrint client and I suspect that there may be others out there.  Does
anyone see any major issues with backporting this functionality to 2.0? 
If not then I would like to propose it for back port and see if we can
get it done.  The attached patch can be applied to the 2.0 branch.  HEAD
already contains all of the patches.  Here
(http://www.apache.org/~bnicholes/wget_tls_prelim-1.8.2.tar.gz)is a
hacked version of wget that is able to test the functionality.  Invoke
wget with the -u parameter to allow it to request the TLS/SSL upgraded
connection.

Brad



At 11:46 AM 10/15/2002, [EMAIL PROTECTED] wrote:
[snip]
>The second is SSL upgrade.  I have the patches, they haven't been
>committed yet.  I have attached them at the bottom of this message. 
The
>reason they haven't been committed, is that I don't have a client to
test
>them with, and I haven't had time to create one.  The responses are
>correct I have checked them in plain text.  The place that bugs most
>likely exist, is the actual upgrade code that does the handshake. 
This is
>an important feature, and I would really like to see it in 2.0.

I see a couple of very important aspects to this patch:

1) we must have an implementation of connection: upgrade for libwww,
since
   that is the mechanism we use for httpd-test/perl-framework.  I don't
have 
   such a fix, so I'm just asking the community if anyone has explored
that 
   avenue.

2) it has to be maintained.  I've looked at this patch, it appears
quite correct.
   I'm going to begin working on applying it to cvs HEAD.  I'm not
concerned
   about it quickly appearing in 2.0 since there are no clients right
now.  I'm
   much more concerned about it's availability once clients can support
it.

3) right now, the ssl code (ssl_engine_io) was already pretty heavily
refactored.
   The patch wasn't easy to apply.  We are discussing other
refactorings that
   will make SSL much simpler to follow and far less error-prone. 
Those will
   effectively invalidate the effort Ryan has already invested.

My proposed solution is to review the patch and apply it to cvs HEAD. 
Get it
committed.  Of course there are no test suites right now, and there
won't be
for a little while yet.  But once the code exists, it will be simpler
to keep the
SSL upgrade facility maintained, and debug it as the clients become
available
(most especially, libwww exercises through perl-framework.)

Any disagreement?

The current patch that applies to cvs HEAD is attached.

Bill


Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 


ssl-upgrade.patch
Description: Binary data

Re: patch bug # 19271

[Joe Orton]

On Thu, Mar 04, 2004 at 01:48:15PM -0500, Aryeh Katz wrote:
> I'm not quite sure how to submit a patch to bugzilla, so can someone 
> please take care of the following for me.
> In addition, and corrections/better ways would be greatly appreciated.

That one is actually fixed on HEAD though ab's SSL support is still
pretty... unreliable.  The diff between ab.c in 2.0.48 and HEAD is here:
 
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/support/ab.c?r1=1.137&r2=1.121.2.4

joe

Re: 1.x: byte-range with ErrorDocuments returns incorrect status code

[Will Lowe]

Thanks for the quick response -- sorry I've been slow getting back to
you. Yes, the attached patch does seem to fix 1.3.X.  It'd be great if
it got rolled into the next point release.

On Thu, Feb 26, 2004 at 09:18:02AM -0500, Geoffrey Young wrote:
> 
> 
> Will Lowe wrote:
> > It looks like byte-range requests on non-existant files returns 206
> > instead of 404 if ErrorDocument is set.  
> 
> I was able to verify this - it looks like there's some simple logic in 2.0
> that wasn't carried over to 1.3.
> 
> so, try this patch.  all the byterange tests in the perl-framework pass with
> it, in addition to my own ErrorDocument tests that I used to reproduce the
> problem.
> 
> if anyone on 1.3 support is paying attention, what's the proper course for
> insertion into the stable tree once things are verified - add to STATUS and
> wait for reviews/votes?
> 
> --Geoff

> Index: src/main/http_protocol.c
> ===
> RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
> retrieving revision 1.332
> diff -u -r1.332 http_protocol.c
> --- src/main/http_protocol.c  16 Feb 2004 22:29:33 -  1.332
> +++ src/main/http_protocol.c  26 Feb 2004 14:14:21 -
> @@ -260,7 +260,7 @@
>  if (!(range = ap_table_get(r->headers_in, "Range")))
>  range = ap_table_get(r->headers_in, "Request-Range");
>  
> -if (!range || strncasecmp(range, "bytes=", 6)) {
> +if (!range || strncasecmp(range, "bytes=", 6) || r->status != HTTP_OK) {
>  return 0;
>  }
>  range += 6;


-- 
thanks,

Will

Re: cvs commit: httpd-2.0 libhttpd.dsp

[Greg Marr]

At 01:33 PM 3/4/2004, William A. Rowe, Jr. wrote:
At 12:04 PM 3/4/2004, Greg Marr wrote:
>At 12:00 PM 3/4/2004, William A. Rowe, Jr. wrote:
>>At 09:55 AM 3/4/2004, Greg Marr wrote:
>>
>>>/incremental:no is the default, and MSDev will at times remove 
flags that it finds redundant, even ones that it added 
itself.  It's a bit schizophrenic like that.
>>
>>uh wrong.  with /debug incremental yes is the default but you 
have
>>to pound it into the msdev's head.  please fix/revert.
>>
>   -# ... /dll /incremental:no /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>   +# ... /dll /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
...
>
>Odd, I thought non-incremental was the default, but the help says 
otherwise.  Incremental is the default, for regular and debug, at 
least in VC6.
>
>Why would you not want incremental for a debug build anyway?

Greg we are creating the release build there - we create a pdb for 
unwinding core dumps.
Oh, duh.  Yeah.

It is an optimized binary - incremental is not a healthy way to 
release a final image.  Again, please revert.
I would if I could... I was just commenting on why I thought it 
happened.

Re: buffer overflow in ab.c

[Aryeh Katz]

Sander Temme wrote:

One more thing.
Can someone explain this SSL bit for me?
This seems to be an uninit var invocation for pollresults?
 const apr_pollfd_t *pollresults;
-snip
  if (ssl == 1)
  status = APR_SUCCESS;
  else
#endif
status = apr_pollset_poll(readbits, aprtimeout, &n, &pollresults);


You mean this one? You're passing the pointer by reference, so
apr_pollset_poll() can fill it in. It should return a valid array of n
apr_pollfd_t structures.
I see that my snipping was too effective :).
Actually, this was bug 19271, which I've submitted a patch for.
In the ssl case, pollresults was never initialized, and we'd then try to 
set next_fd to the value of pollresults[i], which causes ab to crash.
Aryeh
S.



--
Aryeh Katz
SecureD Services
http://www.secured-services.com/
410 653 0700 x 2

Re: making filters more efficient

[Stas Bekman]

Greg Stein wrote:
On Tue, Mar 02, 2004 at 10:11:06AM -0800, Stas Bekman wrote:

Justin Erenkrantz wrote:
...
Correct.  Because the EOS is generated by the request-level protocol 
handler (HTTP_IN).  That's exactly how it is designed.  If a connection 
input filter saw EOS, it'd signal end-of-connection not end-of-request.  
But, we don't even have EOC yet - Madhu's adding it for mod_ssl's 
purposes for the output chain.
That sounds very incosistent. Why connection output filters do get the EOS 
bucket at the end of every HTTP request (which makes them HTTP aware, no?),
but their brother input filters don't? Why it is not a problem with connection 
output filters?


The output filters see EOS as "end of response", and that information is
useful at all levels.
The input filters see EOS in different ways because of where they are in
the semantic level of parsing. At the connection level, there is no such
thing as a request, so EOS can only mean "end of connection". At the
request level, an EOS has the meaning of "end of request".
Any chance someone can document all that? The current state of the filters 
internals documentation at http://httpd.apache.org/docs-2.0/ is 'nada'. Please 
correct me if I'm wrong.

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: making filters more efficient

[Stas Bekman]

Geoffrey Young wrote:
If you have a concrete example of something that needs to query the state,
then we can examine whether it should hook into the processing
differently. I bet there is a different hook or approach that can avoid a
query of the state.


I think where stas is headed are cases like ryan's mod_apachecon

  http://rkbloom.net/rbb/mod_apachecon.c

which seems to be to be a valid example - you want to manipulate part of the
HTTP request, such as the request line or incoming headers, and post-read is
too late. but simply scaning input for GET .* HTTP/1.0 isn't sufficient,
since it's not foolproof, so it would be nice to have something that
signaled the start of a request.
Yes, that's exactly the case I'm talking about. Thanks Geoff.

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: buffer overflow in ab.c

[Sander Temme]

> One more thing.
> Can someone explain this SSL bit for me?
> This seems to be an uninit var invocation for pollresults?
> 
>   const apr_pollfd_t *pollresults;
> -snip
>if (ssl == 1)
>status = APR_SUCCESS;
>else
> #endif
> status = apr_pollset_poll(readbits, aprtimeout, &n, &pollresults);

You mean this one? You're passing the pointer by reference, so
apr_pollset_poll() can fill it in. It should return a valid array of n
apr_pollfd_t structures.

S.

-- 
[EMAIL PROTECTED]  http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

patch bug # 19271

[Aryeh Katz]

I'm not quite sure how to submit a patch to bugzilla, so can someone 
please take care of the following for me.
In addition, and corrections/better ways would be greatly appreciated.

# diff -u ab.old.c ab.c
--- ab.old.cThu Mar  4 12:32:21 2004
+++ ab.cThu Mar  4 13:44:39 2004
@@ -1699,8 +1699,13 @@
}
for (i = 0; i < n; i++) {
+#ifdef USE_SSL
+const apr_pollfd_t *next_fd;/* unint - INTENTIONAL */
+struct connection *c = &con[i];
+#else
 const apr_pollfd_t *next_fd = &(pollresults[i]);
 struct connection *c = next_fd->client_data;
+#endif
--
Aryeh Katz
SecureD Services
http://www.secured-services.com/
410 653 0700 x 2

Re: cvs commit: httpd-2.0 libhttpd.dsp

[William A. Rowe, Jr.]

At 12:04 PM 3/4/2004, Greg Marr wrote:
>At 12:00 PM 3/4/2004, William A. Rowe, Jr. wrote:
>>At 09:55 AM 3/4/2004, Greg Marr wrote:
>>
>>>/incremental:no is the default, and MSDev will at times remove flags that it finds 
>>>redundant, even ones that it added itself.  It's a bit schizophrenic like that.
>>
>>uh wrong.  with /debug incremental yes is the default but you have
>>to pound it into the msdev's head.  please fix/revert.
>>
>   -# ... /dll /incremental:no /debug /machine:I386 
> /base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>   +# ... /dll /debug /machine:I386 /base:@"os\win32\BaseAddr.ref",libhttpd.dll 
> /opt:ref
...
>
>Odd, I thought non-incremental was the default, but the help says otherwise.  
>Incremental is the default, for regular and debug, at least in VC6.
>
>Why would you not want incremental for a debug build anyway?

Greg we are creating the release build there - we create a pdb for unwinding
core dumps.  It is an optimized binary - incremental is not a healthy way
to release a final image.  Again, please revert.

Bill

Re: cvs commit: httpd-2.0 libhttpd.dsp

[Greg Marr]

At 12:00 PM 3/4/2004, William A. Rowe, Jr. wrote:
At 09:55 AM 3/4/2004, Greg Marr wrote:

>/incremental:no is the default, and MSDev will at times remove 
flags that it finds redundant, even ones that it added 
itself.  It's a bit schizophrenic like that.

uh wrong.  with /debug incremental yes is the default but you have
to pound it into the msdev's head.  please fix/revert.
>>>   -# ... /dll /incremental:no /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>>>   +# ... /dll /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>>...
Odd, I thought non-incremental was the default, but the help says 
otherwise.  Incremental is the default, for regular and debug, at 
least in VC6.

Why would you not want incremental for a debug build anyway?

Re: buffer overflow in ab.c

[Aryeh Katz]

One more thing.
Can someone explain this SSL bit for me?
This seems to be an uninit var invocation for pollresults?
   const apr_pollfd_t *pollresults;
-snip
if (ssl == 1)
status = APR_SUCCESS;
else
#endif
status = apr_pollset_poll(readbits, aprtimeout, &n, &pollresults);
if (status != APR_SUCCESS)
apr_err("apr_poll", status);
if (!n) {
err("\nServer timed out\n\n");
}
for (i = 0; i < n; i++) {
const apr_pollfd_t *next_fd = &(pollresults[i]);
# diff -u ab.old.c ab.c


--
Aryeh Katz
SecureD Services
http://www.secured-services.com/
410 653 0700 x 2

Re: mod_jk / mod_jk2 : help from specialists welcome

[jean-frederic clere]

Henri Gomez wrote:
> Justin Erenkrantz wrote:
> 
>> --On Wednesday, March 3, 2004 12:24 PM +0100 Henri Gomez
>> <[EMAIL PROTECTED]> wrote:
>>
>>> To resume you :
>>>
>>> - remove translate
>>>
>>> - move translate code to map_storage
>>>
>>> Did I understand correctly ?
>>
>>
>>
>> Yes, I think that'll work.  -- justin
> 
> 
> Ok, Jean-Frederic is working on what you suggest, but still have problems :
> 
> jfclere 2004/03/03 09:55:32
> 
>   Modified:jk/native2/server/apache2 mod_jk2.c
>   Log:
>   Remove jk2_translate... It is still not 100% OK:
>   - LocationMatch does not work.
>   - Some _not_found ends in Tomcat when using mod_dav.
> 
> 

And now mod_dav off httpd-2.1 tells:
+++
[Thu Mar 04 18:45:18 2004] [crit] [client 172.25.182.35] configuration error:
couldn't check access.  No groups file?: /examples/jsp-source/
+++

I have in httpd.conf:
+++
  
Dav On

AuthType Basic
AuthName DAV
AuthUserFile user.passwd
AuthGroupFile user.group

# ForceType text/plain


  #require user admin
  Require valid-user

  
+++
Is there something wrong in my configuration?

Cheers

Jean-Frederic



signature.asc
Description: OpenPGP digital signature

buffer overflow in ab.c

[Aryeh Katz]

Not to mention the k&r calling convention...

# diff -u ab.old.c ab.c
--- ab.old.cThu Mar  4 12:32:21 2004
+++ ab.cThu Mar  4 12:32:52 2004
@@ -558,6 +558,7 @@
 BIO *bio;
 X509 *x509cert;
 {
+#define BUFSIZE 64
 X509_NAME *dn;
 char buf[64];
 dn=X509_get_issuer_name(x509cert);
-X509_NAME_oneline(dn, buf, BUFSIZ);
+X509_NAME_oneline(dn, buf, BUFSIZE-1);
 BIO_printf(bio,"The issuer name is %s\n", buf);
 dn=X509_get_subject_name(x509cert);
-X509_NAME_oneline(dn, buf, BUFSIZ);
+X509_NAME_oneline(dn, buf, BUFSIZE-1);
 BIO_printf(bio,"The subject name is %s\n", buf);
--
Aryeh Katz
SecureD Services
http://www.secured-services.com/
410 653 0700 x 2

Re: cvs commit: httpd-2.0 libhttpd.dsp

[William A. Rowe, Jr.]

At 09:55 AM 3/4/2004, Greg Marr wrote:

>/incremental:no is the default, and MSDev will at times remove flags that it finds 
>redundant, even ones that it added itself.  It's a bit schizophrenic like that.

uh wrong.  with /debug incremental yes is the default but you have
to pound it into the msdev's head.  please fix/revert.

>>>   -# ... /dll /incremental:no /debug /machine:I386 
>>> /base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>>>   +# ... /dll /debug /machine:I386 /base:@"os\win32\BaseAddr.ref",libhttpd.dll 
>>> /opt:ref
>>...

Re: "(97)Address family not supported by protocol" causes "disk ticking"?

[Joe Orton]

On Sat, Feb 21, 2004 at 11:00:25AM +, Alexis Huxley wrote:
> I'm running apache 2.1dev, and I've posted to the -user list with
> no response, so now I'm a bit stuck as to where next to try, so I'm
> posting here.  Apologies if this is the wrong place.

The bug is that the POD code is doing a name lookup on the first bound
address, which doesn't seem to make much sense since the addresses of
bound listeners are determined just before the POD is opened.

It breaks on Linux systems where getaddrinfo will return AF_INET6
addresses but socket(AF_INET6...) fails.  There's also some interaction
with the new alloc_listener logic on HEAD I presume since nobody has
complained about this with 2.0, not quite sure there.

One-liner is below, proper fix is to remove the sa field from ap_pod_t
and always use ap_listeners->bind_addr in its place, which I'll do
unless anyone can think of a good reason to do a name lookup here.

Index: server/mpm_common.c
===
RCS file: /home/cvs/httpd-2.0/server/mpm_common.c,v
retrieving revision 1.117
diff -u -r1.117 mpm_common.c
--- server/mpm_common.c 25 Feb 2004 11:55:31 -  1.117
+++ server/mpm_common.c 4 Mar 2004 16:39:48 -
@@ -366,8 +366,7 @@
 apr_file_pipe_timeout_set((*pod)->pod_in, 0);
 (*pod)->p = p;
 
-apr_sockaddr_info_get(&(*pod)->sa, ap_listeners->bind_addr->hostname,
-  APR_UNSPEC, ap_listeners->bind_addr->port, 0, p);
+(*pod)->sa = ap_listeners->bind_addr;
 
 /* close these before exec. */
 apr_file_inherit_unset((*pod)->pod_in);

RE: [PATCH] RewriteCond and SSL environment variables

[Mathihalli, Madhusudan]

> -Original Message-
> From: Geoffrey Young [mailto:[EMAIL PROTECTED]
[SNIP]
> 
> I'm not familiar with mod_ssl internals, but is there any 
> reason we can't
> move subprocess_env population to something early like 
> post-read-request?
> as a per-connection thingy, HTTPS ought to be know before the 
> request cycle
> begins, right?  maybe not for other things, though...

+1. I don't see any harm in making the HTTPS available in the subprocess_env soon 
after read_request.
(Infact, I think we *should* do it that way)

-Madhu

Re: cvs commit: httpd-2.0 libhttpd.dsp

[Greg Marr]

At 09:09 AM 3/4/2004, Joe Orton wrote:
On Mon, Mar 01, 2004 at 05:49:52PM -, [EMAIL PROTECTED] wrote:
> ake 2004/03/01 09:49:52
>
>   Modified:.libhttpd.dsp
>   Log:
>   add eoc_bucket.c to project
I'm not qualified to review Win32 changes but did you mean to remove
/incremental:no from the linker flags here as well as adding
eoc_bucket.c?  Can you add this change to the list of changes to 
include
in the EOC bucket backport if it is really OK to backport for 2.0?
/incremental:no is the default, and MSDev will at times remove flags 
that it finds redundant, even ones that it added itself.  It's a bit 
schizophrenic like that.

>   -# ... /dll /incremental:no /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>   +# ... /dll /debug /machine:I386 
/base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
...

Re: making filters more efficient

[Geoffrey Young]

> If you have a concrete example of something that needs to query the state,
> then we can examine whether it should hook into the processing
> differently. I bet there is a different hook or approach that can avoid a
> query of the state.

I think where stas is headed are cases like ryan's mod_apachecon

  http://rkbloom.net/rbb/mod_apachecon.c

which seems to be to be a valid example - you want to manipulate part of the
HTTP request, such as the request line or incoming headers, and post-read is
too late. but simply scaning input for GET .* HTTP/1.0 isn't sufficient,
since it's not foolproof, so it would be nice to have something that
signaled the start of a request.

--Geoff

Re: [PATCH] RewriteCond and SSL environment variables

[Geoffrey Young]

> Maybe
> we should put the HTTPS check into an own function (we could use %{HTTPS} in
> mod_rewrite then). That way, other modules, that want to check (only) HTTPS,
> also don't need to run though all the mess of ssl_var_lookup.

I'm not familiar with mod_ssl internals, but is there any reason we can't
move subprocess_env population to something early like post-read-request?
as a per-connection thingy, HTTPS ought to be know before the request cycle
begins, right?  maybe not for other things, though...

anyway, this same thing came up recently with mod_env

  http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=107655981117848&w=2

in that case I did trace the code and couldn't see any reason that the
population couldn't appear sooner, other than perhaps the history of
subprocess_env (but I haven't been around _that_ long :)

--Geoff

Re: cvs commit: httpd-2.0 libhttpd.dsp

[Joe Orton]

On Mon, Mar 01, 2004 at 05:49:52PM -, [EMAIL PROTECTED] wrote:
> ake 2004/03/01 09:49:52
> 
>   Modified:.libhttpd.dsp
>   Log:
>   add eoc_bucket.c to project

I'm not qualified to review Win32 changes but did you mean to remove
/incremental:no from the linker flags here as well as adding
eoc_bucket.c?  Can you add this change to the list of changes to include
in the EOC bucket backport if it is really OK to backport for 2.0?

>   -# ... /dll /incremental:no /debug /machine:I386 
> /base:@"os\win32\BaseAddr.ref",libhttpd.dll /opt:ref
>   +# ... /dll /debug /machine:I386 /base:@"os\win32\BaseAddr.ref",libhttpd.dll 
> /opt:ref

...

Re: making filters more efficient

[Greg Stein]

On Tue, Mar 02, 2004 at 10:11:06AM -0800, Stas Bekman wrote:
> Justin Erenkrantz wrote:
>...
> > Correct.  Because the EOS is generated by the request-level protocol 
> > handler (HTTP_IN).  That's exactly how it is designed.  If a connection 
> > input filter saw EOS, it'd signal end-of-connection not end-of-request.  
> > But, we don't even have EOC yet - Madhu's adding it for mod_ssl's 
> > purposes for the output chain.
> 
> That sounds very incosistent. Why connection output filters do get the EOS 
> bucket at the end of every HTTP request (which makes them HTTP aware, no?),
> but their brother input filters don't? Why it is not a problem with connection 
> output filters?

The output filters see EOS as "end of response", and that information is
useful at all levels.

The input filters see EOS in different ways because of where they are in
the semantic level of parsing. At the connection level, there is no such
thing as a request, so EOS can only mean "end of connection". At the
request level, an EOS has the meaning of "end of request".

>...
> > There's been no data written by the time the response handler is 
> > called.  So, the handler can always set the headers before it does the 
> > first write.  Once a write is triggered, you must assume that the 
> > headers are sent.  And, that's (almost) how it was in 1.3 as well.  -- 
> > justin

Agreed. [and with Justin's other responses on this thread]

> There are more complicated setups than just one simple script or a handler, 
> where it could be hard to know whether the output headers set has been sent 
> already or not. Granted that setup could write their own flag, which the rest 
> of the application could use, but it sounds ideal for Apache to provide a set 
> of state functions, which can tell you what exactly Apache is doing, whether 
> it has completed something (sent headers) or has not completed (e.g. still 
> parsing headers).

If code needs to *query* to figure out what is going on, then I would
posit that it has not been correctly hooked into the Apache processing.

If you have a concrete example of something that needs to query the state,
then we can examine whether it should hook into the processing
differently. I bet there is a different hook or approach that can avoid a
query of the state.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Re: [PATCH] RewriteCond and SSL environment variables

[Joe Orton]

On Thu, Mar 04, 2004 at 11:08:25AM +0100, André Malo wrote:
> * Joe Orton <[EMAIL PROTECTED]> wrote:
> 
> > I'm not really convinced about using ssl_var_lookup_ssl: that function
> > does not handle the "HTTPS" variable, and it would be potentially
> > confusing to users and hard to document since only some subset of the
> > SSL variables could be used.  (it would also need a new optional
> > function in mod_ssl)
> > 
> > I'll commit the original patch with Madhu's fix to check
> > rewrite_ssl_lookup unless there are any strong objections.
> 
> Then it's time to change it. The ssl_var_lookup function is totally messy
> and _slow_.
> We want SSL variables, so let's only grab them.
> 
> I'm -1 (vote not veto) on using the generic ssl_var_lookup function. Maybe
> we should put the HTTPS check into an own function (we could use %{HTTPS} in
> mod_rewrite then). That way, other modules, that want to check (only) HTTPS,
> also don't need to run though all the mess of ssl_var_lookup.

That sounds like a great idea.  I still think that %{SSL:..} should use
ssl_var_lookup for consistency; sure, the function is messy and does
lots of nasty strcasecmp's but I'd really think that the overhead is
lost in the noise for an SSL connection.  It's easy to optimise a few
out anyway...

Index: modules/mappers/mod_rewrite.c
===
RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.252
diff -u -r1.252 mod_rewrite.c
--- modules/mappers/mod_rewrite.c   9 Feb 2004 20:29:20 -   1.252
+++ modules/mappers/mod_rewrite.c   4 Mar 2004 12:27:41 -
@@ -89,6 +89,8 @@
 #include "http_protocol.h"
 #include "http_vhost.h"
 
+#include "mod_ssl.h"
+
 #include "mod_rewrite.h"
 
 #if !defined(OS2) && !defined(WIN32) && !defined(BEOS)  && !defined(NETWARE)
@@ -380,6 +382,9 @@
 static apr_global_mutex_t *rewrite_log_lock = NULL;
 #endif
 
+/* Optional functions imported from mod_ssl when loaded: */
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
 
 /*
  * +---+
@@ -1610,6 +1615,10 @@
 result = getenv(var);
 }
 }
+else if (var[4] && !strncasecmp(var, "SSL", 3) && rewrite_ssl_lookup) {
+result = rewrite_ssl_lookup(r->pool, r->server, r->connection, r,
+var + 4);
+}
 }
 else if (var[4] == ':') {
 if (var[5]) {
@@ -1693,6 +1702,13 @@
 return (char *)result;
 }
 break;
+
+case  5:
+if (!strcmp(var, "HTTPS")) {
+int flag = rewrite_is_https && rewrite_is_https(r->connection);
+return apr_pstrdup(r->pool, flag ? "on" : "off");
+}
+break;
 
 case  8:
 switch (var[6]) {
@@ -3995,6 +4011,9 @@
 }
 }
 }
+
+rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
 
 return OK;
 }

Re: [PATCH] RewriteCond and SSL environment variables

[André Malo]

* Joe Orton <[EMAIL PROTECTED]> wrote:

> I'm not really convinced about using ssl_var_lookup_ssl: that function
> does not handle the "HTTPS" variable, and it would be potentially
> confusing to users and hard to document since only some subset of the
> SSL variables could be used.  (it would also need a new optional
> function in mod_ssl)
> 
> I'll commit the original patch with Madhu's fix to check
> rewrite_ssl_lookup unless there are any strong objections.

Then it's time to change it. The ssl_var_lookup function is totally messy
and _slow_.
We want SSL variables, so let's only grab them.

I'm -1 (vote not veto) on using the generic ssl_var_lookup function. Maybe
we should put the HTTPS check into an own function (we could use %{HTTPS} in
mod_rewrite then). That way, other modules, that want to check (only) HTTPS,
also don't need to run though all the mess of ssl_var_lookup.

nd

Re: mod_jk / mod_jk2 : help from specialists welcome

[Henri Gomez]

Justin Erenkrantz wrote:

--On Wednesday, March 3, 2004 12:24 PM +0100 Henri Gomez 
<[EMAIL PROTECTED]> wrote:

To resume you :

- remove translate

- move translate code to map_storage

Did I understand correctly ?


Yes, I think that'll work.  -- justin
Ok, Jean-Frederic is working on what you suggest, but still have problems :

jfclere 2004/03/03 09:55:32

  Modified:jk/native2/server/apache2 mod_jk2.c
  Log:
  Remove jk2_translate... It is still not 100% OK:
  - LocationMatch does not work.
  - Some _not_found ends in Tomcat when using mod_dav.

Re: [PATCH] RewriteCond and SSL environment variables

[Joe Orton]

On Thu, Mar 04, 2004 at 07:41:54AM +0100, André Malo wrote:
> * "Mathihalli, Madhusudan" <[EMAIL PROTECTED]> wrote:
> 
> > 
> > Here's a slightly modified version of Joe's patch to 
> > - not segfault if rewrite_ssl_var_lookup is not available (mod_ssl not
> > loaded)- use SSL environment variables as %{ENV:HTTPS} or
> > %{ENV:SSL_PROTOCOL}
> 
> I'd prefer the %{SSL:...} variant and using ssl_var_lookup_ssl. All other
> stuff is already available in mod_rewrite. All the "logic" in ssl_var_lookup
> is just not necessary for this purpose.

I'm not really convinced about using ssl_var_lookup_ssl: that function
does not handle the "HTTPS" variable, and it would be potentially
confusing to users and hard to document since only some subset of the
SSL variables could be used.  (it would also need a new optional
function in mod_ssl)

I'll commit the original patch with Madhu's fix to check
rewrite_ssl_lookup unless there are any strong objections.

joe

Re: [PATCH] RewriteCond and SSL environment variables

[Mads Toftum]

On Thu, Mar 04, 2004 at 07:41:54AM +0100, André Malo wrote:
> I'd prefer the %{SSL:...} variant and using ssl_var_lookup_ssl. All other

Agreed. It makes sense to me to make a specific point out of where those
variables came from.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall