response handling inside ap_hook_create_request cb function
Hi, Here is a quick background on what I am trying to do(basically adding support for websockets - in a slightly customised manner as needed for my app): - Handle the initial handshake inside a cb function registered as a handler hook(from here, I compute checksums required and return the response headers as needed). Also, the socket from which the request was read is stored in a cache. - For subsequent message reception(on the same connection), i have a function cb registered using ap_hook_create_request(since this is a different protocol format message). Here, I read and parse the messages/requests which are coming in from the cached list of sockets(this is working). However, once I return from this cb, the connection/socket seems to be closed. I guess the request is further passed down to hooks down the line and the connection is closed since the req format is not known. What would be the best way to handle this scenario? I have the following in mind: - let the request not be processed any further(and keep the connection on). - create a req structure with dummy http headers that i can later recognise and handle inside my handler hook to just ignore later on are there any examples/notes on how these can be achieved? Regards, Umapathy
Re: ProxyPassReverse and regex
Given something like this LocationMatch ^/(foo|bar) ProxyPass balancer://abc123/ ProxyPassReverse balancer://abc123/ ... LocationMatch it is obvious the regexp ^/(foo|bar) is used to determine the correct location container to use for a given request. But after this, what is it's value for ProxyPassReverse ? The path usually given in Location and passed on to ProxyPassReverse by putting it inside the location container is no real path - it is only an evaluation statement. If a request was matched into the location above we know that the request's path is now equivalent to the path in a normal location container. For example, compare the above LocationMatch with this Location /other ProxyPass balancer://abc123/ ProxyPassReverse balancer://abc123/ ... /Location both can be used to catch request with paths along the line of /other. The second example will pass on the path information to ProxyPassReverse directly while the first will not. However, for the mod_proxy logic we still have that information in the request structure. So as long as we can translate an origin server's name to the one used by the client to query the reverse proxy and have access to the original request's path we are fine. 'proof of concept' below works for me: diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 4fa53dc..febb581 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -895,7 +895,8 @@ PROXY_DECLARE(const char *) ap_proxy_location_reverse_map(request_rec *r, } else if (l1 = l2 strncasecmp((*worker)-s-name, url, l2) == 0) { /* edge case where fake is just /... avoid double slash */ -if ((ent[i].fake[0] == '/') (ent[i].fake[1] == 0) (url[l2] == '/')) { +if (((ent[i].fake[0] == '/') (ent[i].fake[1] == 0) (url[l2] == '/')) || +apr_fnmatch_test(ent[i].fake) { u = apr_pstrdup(r-pool, url[l2]); } else { u = apr_pstrcat(r-pool, ent[i].fake, url[l2], NULL); I'm using ProxyPassReverse in a rather limited fashion. Do you see situations where the above fails ? On Wed, Sep 25, 2013 at 12:31 PM, Nick Kew n...@webthing.com wrote: On 25 Sep 2013, at 10:06, Thomas Eckert wrote: I'm facing the problem that I have to use ProxyPassReverse inside a LocationMatch Just a thought: could you hack a workaround with Header Edit? In my concrete situation I have a LocationMatch container with a negative lookahead which I need to have ProxyPassReverse understand somehow. I'm thinking of patching ProxyPassReverse using the ProxyPassMatch code so it understands regexps correctly. However, this has surely been considered before and I'm wondering why it was not put in - after all similar code exists for ProxyPassMatch. Are there pitfalls which I haven't seen yet ? ProxyPass(Match) applies to the Request, ProxyPassReverse to the Response. From memory and without looking in the code, the missing link is per-request memory of how a regexp was expanded in the ProxyPass so that ProxyPassReverse can apply an equivalent rule. It just requires someone to do the work. If you hack it, you might give some consideration to making an API for the ProxyPassReverse regexp expansion, so output filters like mod_proxy_html can use it. -- Nick Kew
mod_fcgid: consolidate command and vhost comparison
We would like to propose the attached patch. It is inspired by the several iterations of changing the respective checks. use macros for the code that checks for command and virtual host sameness That code consists of several lines which were duplicated in several places. Now the code is slightly more compact and all the logic is in a single place. We use macros as opposed to inline functions because we use them with different argument types. The only requirement on the types is that the field names must follow a common convention. Possibly the next logical step could be to introduce a new struct that would hold all the ID fields and then use that struct as a member in all other structs that currently keep the ID information as an assortment of the fields. In other words, to make the following public (and with a better name): +struct last_id { +apr_ino_t inode; +apr_dev_t deviceid; +const char *cmdline; +gid_t gid; +uid_t uid; +int vhost_id; +} last_id; -- Andriy Gapon commit 60b1c2d2662da6ecc04c03b99c485292f4c3df50 Author: Andriy Gapon andriy.ga...@hybridcluster.com Date: Mon Sep 2 14:54:11 2013 +0300 use macros for the code that checks for command and virtual host sameness That code consists of several lines which were duplicated in several places. Now the code is slightly more compact and all the logic is in a single place. We use macros as opposed to inline functions because we use them with different argument types. The only requirement on the types is that the field names must follow a common convention. diff --git a/modules/fcgid/fcgid_bridge.c b/modules/fcgid/fcgid_bridge.c index f863008..adf355b 100644 --- a/modules/fcgid/fcgid_bridge.c +++ b/modules/fcgid/fcgid_bridge.c @@ -56,11 +56,8 @@ static fcgid_procnode *apply_free_procnode(request_rec *r, while (current_node != proc_table) { next_node = proc_table[current_node-next_index]; -if (current_node-inode == inode - current_node-deviceid == deviceid - !strcmp(current_node-cmdline, cmdline) - current_node-vhost_id == command-vhost_id - current_node-uid == uid current_node-gid == gid) { +if (IS_SAME_COMMAND(current_node, command) + IS_SAME_VHOST(current_node, command)) { /* Unlink from idle list */ previous_node-next_index = current_node-next_index; @@ -136,12 +133,8 @@ static int count_busy_processes(request_rec *r, fcgid_command *command) previous_node = busy_list_header; current_node = proc_table[previous_node-next_index]; while (current_node != proc_table) { -if (current_node-inode == command-inode - current_node-deviceid == command-deviceid - !strcmp(current_node-cmdline, command-cmdline) - current_node-vhost_id == command-vhost_id - current_node-uid == command-uid - current_node-gid == command-gid) { +if (IS_SAME_COMMAND(current_node, command) + IS_SAME_VHOST(current_node, command)) { result++; } next_node = proc_table[current_node-next_index]; diff --git a/modules/fcgid/fcgid_global.h b/modules/fcgid/fcgid_global.h index d52a2fb..1ae0745 100644 --- a/modules/fcgid/fcgid_global.h +++ b/modules/fcgid/fcgid_global.h @@ -57,4 +57,14 @@ APLOG_USE_MODULE(fcgid); #define fcgid_min(a,b)(((a) (b)) ? (a) : (b)) +#define IS_SAME_COMMAND(x, y) \ +((x)-inode == (y)-inode \ + (x)-deviceid == (y)-deviceid \ + !strcmp((x)-cmdline, (y)-cmdline)\ + (x)-uid == (y)-uid \ + (x)-gid == (y)-gid) + +#define IS_SAME_VHOST(x, y)\ +((x)-vhost_id == (y)-vhost_id) + #endif diff --git a/modules/fcgid/fcgid_spawn_ctl.c b/modules/fcgid/fcgid_spawn_ctl.c index 2d0b39c..1b561dc 100644 --- a/modules/fcgid/fcgid_spawn_ctl.c +++ b/modules/fcgid/fcgid_spawn_ctl.c @@ -58,12 +58,8 @@ register_life_death(server_rec * main_server, previous_node = g_stat_list_header; for (current_node = previous_node; current_node != NULL; current_node = current_node-next) { -if (current_node-inode == procnode-inode - current_node-deviceid == procnode-deviceid - !strcmp(current_node-cmdline, procnode-cmdline) - current_node-vhost_id == procnode-vhost_id - current_node-uid == procnode-uid - current_node-gid == procnode-gid) +if (IS_SAME_COMMAND(current_node, procnode) + IS_SAME_VHOST(current_node, procnode)) break; previous_node = current_node; } @@ -175,12 +171,8 @@ int is_spawn_allowed(server_rec * main_server, fcgid_command * command) /* Can I find the node base on inode, device id and cmdline? */ for (current_node = g_stat_list_header;
Re: [PATCH] Make error logging modular
On 09/18/2013 02:19 PM, Ivan Zhakov wrote: On Wed, Sep 18, 2013 at 4:01 PM, Jan Kaluža jkal...@redhat.com wrote: On 07/22/2013 08:02 AM, Jan Kaluza wrote: - Original Message - Hello Jan, Is there any reason we shouldn't do this in trunk? I don't see any reason. This patch was intended for trunk, but I don't have svn commit access, so I'm sending patches to this list :). It's also better that someone reviews my code, because I don't have so long experience with httpd development. If there's nobody against this change, I will commit the first two patches (+ documentation) to trunk in the end of the week. I think we should wait with mod_journald a bit until journald's performance gets better, but if you think it would be useful to have mod_journald in trunk too, let me know. It would be also nice to have option for log provider to declare whether multiline log messages are supported. It will be very use full for logging complex error message to Windows Event Log, like dav_log_err() does. Currently on Subversion error it writes three log messages to event log like: [[[ Provider encountered an error while streaming a REPORT response. [500, #0] A failure occurred while driving the update report editor [500, #620018] Error writing base64 data: APR does not understand this error code [500, #620018] ]]] That should be possible now. You just have to add another AP_ERRORLOG_PROVIDER flag for that. If you are going to code Windows Event log support, I think you can do it this way. But it will much more convenient to have only one event log entry logged with these three lines. Jan Kaluza
Re: event MPM (Was: Re: Planning for 2.4.7 in Oct)
On Sep 25, 2013, at 8:07 PM, William A. Rowe Jr. wmr...@gmail.com wrote: Before we incorporate it... can we have some sense of the impact of the optimization? So far we don't have much data to go on. From the orig post: My benchmarks show decreased latency and a performance boost of ~5% (on avg) There is talk of releasing some apr 1.5 enhancements. I'd personally favor adding skip list to apr rather than -util or httpd, since it could be useful core functionality, and 2.0 drops the distinction anyways. Fine, in fact, I agree that it really belongs in apr, but it means that 2.4.7 will be required apr 1.5. Is the httpd PMC OK with that?
building trunk with VS2012
Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic
Re: building trunk with VS2012
On Thu, Sep 26, 2013 at 8:47 AM, jean-frederic clere jfcl...@gmail.comwrote: Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic Use cmake :) http://people.apache.org/~trawick/cmake/ for sample invocations... -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: building trunk with VS2012
On Thu, Sep 26, 2013 at 8:49 AM, Jeff Trawick traw...@gmail.com wrote: On Thu, Sep 26, 2013 at 8:47 AM, jean-frederic clere jfcl...@gmail.comwrote: Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic Use cmake :) http://people.apache.org/~trawick/cmake/ for sample invocations... Perhaps r1526473 is what you were trying to get to. When I switched over to my Windows VM it was stuck at that point. -- Born in Roswell... married an alien... http://emptyhammock.com/ -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: building trunk with VS2012
On 09/26/2013 03:14 PM, Jeff Trawick wrote: On Thu, Sep 26, 2013 at 8:49 AM, Jeff Trawick traw...@gmail.com mailto:traw...@gmail.com wrote: On Thu, Sep 26, 2013 at 8:47 AM, jean-frederic clere jfcl...@gmail.com mailto:jfcl...@gmail.com wrote: Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic Use cmake :) http://people.apache.org/~trawick/cmake/ for sample invocations... Perhaps r1526473 is what you were trying to get to. When I switched over to my Windows VM it was stuck at that point. No it is worse... I need to fix :-( Cheers Jean-Frederic
Re: event MPM (Was: Re: Planning for 2.4.7 in Oct)
On Thu, 26 Sep 2013 08:25:46 -0400 Jim Jagielski j...@jagunet.com wrote: On Sep 25, 2013, at 8:07 PM, William A. Rowe Jr. wmr...@gmail.com wrote: Before we incorporate it... can we have some sense of the impact of the optimization? So far we don't have much data to go on. From the orig post: My benchmarks show decreased latency and a performance boost of ~5% (on avg) I remember that... so we are strictly speaking of response latency and response fulfillment metrics (as opposed to load?) 'Performance' was a little ambiguous, just want to confirm what we are measuring here :) There is talk of releasing some apr 1.5 enhancements. I'd personally favor adding skip list to apr rather than -util or httpd, since it could be useful core functionality, and 2.0 drops the distinction anyways. Fine, in fact, I agree that it really belongs in apr, but it means that 2.4.7 will be required apr 1.5. Is the httpd PMC OK with that? I made the comment earlier that mod_ssl requiring openssl 0.9.8 in moving forward was fine. APR is a similar dependency. That said, we are maintaining binary compatibility because APR assures us that 1.5.x will maintain compatibility with 1.3.x/1.4.x. Plus we pick up apr unix domain socket support in the process for httpd. So I'm +1, I thought we did this during 2.2 (can't remember for certain) and throughout 2.0's lifespan we did this a number of times relative to apr 0.9. Others' thoughts?
Add skiplist to APR 1.5 (Was: Re: event MPM (Was: Re: Planning for 2.4.7 in Oct))
On Sep 26, 2013, at 10:20 AM, William A. Rowe Jr. wr...@rowe-clan.net wrote: On Thu, 26 Sep 2013 08:25:46 -0400 Jim Jagielski j...@jagunet.com wrote: On Sep 25, 2013, at 8:07 PM, William A. Rowe Jr. wmr...@gmail.com wrote: Before we incorporate it... can we have some sense of the impact of the optimization? So far we don't have much data to go on. From the orig post: My benchmarks show decreased latency and a performance boost of ~5% (on avg) I remember that... so we are strictly speaking of response latency and response fulfillment metrics (as opposed to load?) 'Performance' was a little ambiguous, just want to confirm what we are measuring here :) rps. There is talk of releasing some apr 1.5 enhancements. I'd personally favor adding skip list to apr rather than -util or httpd, since it could be useful core functionality, and 2.0 drops the distinction anyways. Fine, in fact, I agree that it really belongs in apr, but it means that 2.4.7 will be required apr 1.5. Is the httpd PMC OK with that? I made the comment earlier that mod_ssl requiring openssl 0.9.8 in moving forward was fine. APR is a similar dependency. That said, we are maintaining binary compatibility because APR assures us that 1.5.x will maintain compatibility with 1.3.x/1.4.x. Plus we pick up apr unix domain socket support in the process for httpd. So I'm +1, I thought we did this during 2.2 (can't remember for certain) and throughout 2.0's lifespan we did this a number of times relative to apr 0.9. Others' thoughts? Like I said, I think that skiplist fits better in APR; in fact there are a few other things in httpd that would be better in APR, but APR and httpd are 2 sep projects and so we can't force things. In fact, I'm adding dev@apr to the To: line :)
Re: building trunk with VS2012
On 09/26/2013 02:49 PM, Jeff Trawick wrote: On Thu, Sep 26, 2013 at 8:47 AM, jean-frederic clere jfcl...@gmail.com mailto:jfcl...@gmail.com wrote: Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic Use cmake :) http://people.apache.org/~trawick/cmake/ for sample invocations... +++ -- Could NOT find LibXml2 (missing: LIBXML2_LIBRARIES LIBXML2_INCLUDE_DIR) -- Could NOT find Lua51 (missing: LUA_LIBRARIES LUA_INCLUDE_DIR) -- Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing: OPENSSL_LIBRARIES OPENSSL_INCLUDE_DIR) -- Could NOT find ZLIB (missing: ZLIB_LIBRARY ZLIB_INCLUDE_DIR) +++ How do I disable those? Cheers Jean-Frederic
Re: building trunk with VS2012
On Thu, Sep 26, 2013 at 11:45 AM, jean-frederic clere jfcl...@gmail.comwrote: On 09/26/2013 02:49 PM, Jeff Trawick wrote: On Thu, Sep 26, 2013 at 8:47 AM, jean-frederic clere jfcl...@gmail.com mailto:jfcl...@gmail.com wrote: Hi, It seems some files are missing in trunk from Makefile.win +++ !ELSEIF EXIST(httpd.mak) !defined(USEDSW) +++ Is that correct or do I miss something? Cheers Jean-Frederic Use cmake :) http://people.apache.org/~**trawick/cmake/http://people.apache.org/~trawick/cmake/for sample invocations... +++ -- Could NOT find LibXml2 (missing: LIBXML2_LIBRARIES LIBXML2_INCLUDE_DIR) -- Could NOT find Lua51 (missing: LUA_LIBRARIES LUA_INCLUDE_DIR) -- Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing: OPENSSL_LIBRARIES OPENSSL_INCLUDE_DIR) -- Could NOT find ZLIB (missing: ZLIB_LIBRARY ZLIB_INCLUDE_DIR) +++ How do I disable those? Cheers Jean-Frederic It isn't supposed to matter, unless you've unconditionally turned on some feature that requires it. Did the build bomb? (I will probably add -DWITHOUT_foolib at some point so that you can build certain software selections consistently whether or not a support library happens to be present.) -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: FYI... Planning to TR mod_fcgid 2.3.8 in 7-10 days
+1 with many thanks, Chris. -- GPG Key ID: 088335A9 GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9
Re: any interest in massaging the new error log provider to fit into 2.4.x?
On Tue, 24 Sep 2013 08:06:59 +0200 Jan Kaluža jkal...@redhat.com wrote: On 09/23/2013 09:30 PM, Ivan Zhakov wrote: On 23 September 2013 23:13, Jeff Trawick traw...@gmail.com wrote: On Mon, Sep 23, 2013 at 2:54 PM, Ivan Zhakov i...@visualsvn.com wrote: On 23 September 2013 22:35, Jeff Trawick traw...@gmail.com wrote: In 2.4 the syslog logging wouldn't be implemented as a provider, the ErrorLog directive parser would be different, new structure fields would be at the end, but otherwise it shouldn't be hard :) It could be theoretical backward compatibility issue if someone uses log named the same as some provider. Why not add new directive LogProvider? I've never seen a log file within the ServerRoot directory. The risk of such a configuration and it matching a provider actually loaded seems low enough (and with an easy enough workaround) to forgo having a different configuration directives between 2.4/next-major-release. But maybe ErrorLogProvider provider-name arg1-n would be nicer anyway (same in all applicable branches). Another option to use ':' to separate log provider and arguments. Like ErrorLog syslog:arg1-n. It could be useful when log destination specified in command line using '-E' option: httpd -E syslog: or httpd -E eventlog:Apache2 when Windows Event log provider will be implemented. That's what I use in my patch currently in trunk. You can even write ErrorLog file:logs/error_log, but for backward compatibility ErrorLog logs/error_log works too. Or do you mean you would force ':' suffix even when there are no arguments for log provider? You realize : is a problematic overload for Netware (and in theory for Win32 unless you dodge the X: single-char drive letter bullet)? What about a [provider]path syntax instead? Any other good ideas? A notoriously bad idea was the (size) overload of the SSLSessionCache directive.
Re: any interest in massaging the new error log provider to fit into 2.4.x?
You realize : is a problematic overload for Netware (and in theory for Win32 unless you dodge the X: single-char drive letter bullet)? What about a [provider]path syntax instead? Any other good ideas? A notoriously bad idea was the (size) overload of the SSLSessionCache directive. How about making these pairs of directives equivalent: ErrorLog /var/log/apache2/error.log ErrorLog file /var/log/apache2/error.log ErrorLog syslog:user ErrorLog syslog syslog:user ErrorLog |/usr/local/bin/loghandler -parameter foo ErrorLog pipe-with-shell /usr/local/bin/loghandler -parameter foo …and by analogy, these could be valid too: ErrorLog syslog 127.0.0.1:user ErrorLog syslog [::1]:user ErrorLog console ErrorLog relp remotehost.example ErrorLog compresslog /var/log/apache2/error.log.gz -- Tim Bannister – is...@jellybaby.net
Re: [PATCH 55593] Add SSLServerInfoFile directive
On Tue, Sep 24, 2013 at 10:39 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 25.09.2013 04:13, Trevor Perrin wrote: The feature is checked in to the 1.0.2 branch [1], so we'd like to expose it through Apache. The patch is pretty simple. I suppose more tests or docs might be needed (?), which I'm happy to write. Anyways, is this something Apache is interested it? Does the patch look correct? [2] I'd very much prefer to see this supported via SSLOpenSSLConfCmd (http://svn.apache.org/r1421323), and not code this into mod_ssl by adding yet another directive. For the authz_file / RFC 5878 stuff, I did some experiments at the time, and am attaching a[n untested] patch for SSL_CTX_use_serverinfo_file - could you give it a try? Thanks, I tried that. It doesn't work with filenames relative to the Apache root. The patch I submitted uses ssl_engine_config.c:ssl_cmd_check_file() to map relative to absolute filenames. I'm not sure how you'd do that with SSLOpenSSLConfCmd? (For context: the ServerInfo file is replacing the 5878/authz file, as it's more useful to be able to provide ServerHello extensions, instead of 5878 extensions. I think 5878 is somewhat falling out of favor - or at least I hope so... [1]). Trevor [1] http://www.ietf.org/mail-archive/web/tls/current/msg09913.html