Re: sending data to output filter
On Tue, 10 Jun 2008 23:35:42 +0200 Tamas Palagyi [EMAIL PROTECTED] wrote: If the ap_pass_brigade() returned means that all my data has been sent successfully? Yes - to the next filter in the chain (if pass_brigade returned success). Is ap_pass_brigade going to block till all data sent (or gives back error)? That's out of your hands. A filter in the chain may or may not buffer some or all of the data, and may block or return to you while still processing. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: sending data to output filter
Thanks Nick, I am writing a module that have similar proxy functionality as mod_proxy_connect: proxying traffic from client nodes to internal nodes those speaking their unknown binary protocol. The difference that I use the bucket/brigades IO to be able to use the filter infrastructure. Mainly because of mod_ssl, letting Apache doing the SSL enc/decryption. My main concern was whether there already is a module that does this thing. But my research gave no useful results. Proxy modules either work at socket level (connect) or handle their own protocol only (like ajp). Have you heard a module that would do similar things what I described? Thanks, Tamas On Wed, 2008-06-11 at 11:53 +0100, Nick Kew wrote: On Tue, 10 Jun 2008 23:35:42 +0200 Tamas Palagyi [EMAIL PROTECTED] wrote: If the ap_pass_brigade() returned means that all my data has been sent successfully? Yes - to the next filter in the chain (if pass_brigade returned success). Is ap_pass_brigade going to block till all data sent (or gives back error)? That's out of your hands. A filter in the chain may or may not buffer some or all of the data, and may block or return to you while still processing.
Re: Response Time and mod_rt
On Tue, 10 Jun 2008 19:40:14 -0700 (PDT) N S [EMAIL PROTECTED] wrote: Where can I get the mod_rt module? Or can someone send it to me? Cause I want to know each request response time in my Apache access_log? Or any other way that I don't know? http://modules.apache.org/search.php Although I can't see personally where you would insert this sort of functionality myself... I'm sure a better person could tell you how to do this. There's nothing obvious for me in the request struct. -- The Teletype machine to the Death Star is making a weird noise because of BobaFett. Microsoft is trying to be EBITDA positive by the end of the year. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html signature.asc Description: PGP signature
Re: [VOTE] Release Apache HTTP Server 2.2.9
On Wed, Jun 11, 2008 at 5:22 AM, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: Jim Jagielski wrote: Your votes please; +/-1 [+1] Release httpd-2.2.9 as GA I'll rely on others to review linux, solaris, et al, but based on Win32 I'm very happy and just waiting for feedback from my prior questions to post up the various files. Yes, windows seems fine... didn't test with ssl though. -- ~Jorge
Re: [VOTE] Release Apache HTTP Server 2.2.9
Ok did a new build with openssl on vs 2008 on vista. It still give me hell over ipv6... there is a patch that fixes it! https://issues.apache.org/bugzilla/attachment.cgi?id=21320action=edit with this patch it works fine following the basic steps of converting the source (lineends.pl), perl cvtdsp.pl -2005 devenv Apache.dsw (to get command line building to work with vs2008) for that point on it compiles fine from command line. I've placed my binaries here for anyone that wants to do some heavier testing on them (will be gone tomorrow): *http://cygnus.gotdns.org/ (note: pdb's are included - very slow upload... home server)* I only tested the out of box config. Jorge On Wed, Jun 11, 2008 at 10:08 AM, Jorge Schrauwen [EMAIL PROTECTED] wrote: On Wed, Jun 11, 2008 at 9:16 AM, Issac Goldstand [EMAIL PROTECTED] wrote: Jim Jagielski wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ ] Release httpd-2.2.9 as GA +1 Tested prefork + worker on linux with no problems. If I get a chance to test win32 before the vote closes, I will, but based on Jorge's tests + Bill's satisfaction with win32, I'm happy as long as noone -1s it. I did have some problems with using vs 2008... I had to grab back to 2005. I'll give it a spin with ssl later this evening if I got time. Issac -- ~Jorge -- ~Jorge
Re: [VOTE] Release Apache HTTP Server 2.2.9
Jim Jagielski wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ ] Release httpd-2.2.9 as GA DO NOT begin distributing these in any manner whatsoever, please note that you can seriously mess up any user who installs these packages if they are ultimately rejected. On HP-UX (HP-UX dev25 B.11.23 U ia64) I have: +++ mkdir /home/jfclere/APACHE9_ia64_HP-UX/lib/apr-util-1 sh: Syntax error at line 1 : `;' is not expected. *** Error exit code 2 Stop. *** Error exit code 1 Stop. *** Error exit code 1 Stop. +++ It is fixed by r663499 in apr-util trunk. Otherwise It looks ok on other machines where I built it. HP-UX and Solaris. Cheers Jean-Frederic
Re: [VOTE] Release Apache HTTP Server 2.2.9
On Tue, 10 Jun 2008, Jim Jagielski wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; Out of curiosity, when does the voting close? /Nikke - a bit bogged down at the moment -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | [EMAIL PROTECTED] --- DIME: A dollar after taxes. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Re: [VOTE] Release Apache HTTP Server 2.2.9
Den Wednesday 11 June 2008 02:50:50 skrev Jim Jagielski: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ ] Release httpd-2.2.9 as GA DO NOT begin distributing these in any manner whatsoever, please note that you can seriously mess up any user who installs these packages if they are ultimately rejected. With latest perl-framework, apr/apu I get this on Mandriva Cooker x86_64: t/apache/limits.NOK 7/10# Failed test 7 in t/apache/limits.t at line 122 t/apache/limits.NOK 9/10# Failed test 9 in t/apache/limits.t at line 122 fail #2 t/apache/limits.FAILED tests 7, 9 Failed 2/10 tests, 80.00% okay The t/apache/limits tests passes on Mandriva Linux 2008.1 though. The openssl tests passed with the fix pointed out by Rainer Jung (2.2.9 testing with OpenSSL 0.9.8h). Thanks man. Funny enough I get this as well: t/security/CVE-2008-2364NOK 2/3# Failed test 2 in t/security/CVE-2008-2364.t at line 19 t/security/CVE-2008-2364NOK 3/3# Failed test 3 in t/security/CVE-2008-2364.t at line 22 t/security/CVE-2008-2364FAILED tests 2-3 Failed 2/3 tests, 33.33% okay -- Regards // Oden Eriksson
Re: 2.2.9 testing with OpenSSL 0.9.8h
Den Wednesday 11 June 2008 02:57:13 skrev Rainer Jung: This is only an info for others who might run into the same problem: I used the httpd test suite for httpd 2.2.9 in combination with OpenSSL 0.9.8h (the recent version). The test suite calls openssl \ req -new -key keys/client_revoked.pem -out csr/client_revoked.csr \ -passin pass:httpd -passout pass:httpd -config \ conf/client_revoked.cnf at the beginning. With OpenSSL 0.9.8h this crashes (Solaris) resp. gives a malloc error (Linux). This is not an httpd bug. If one uses an older openssl (e.g. 0.9.8g) in the PATH but still runs httpd/mod_ssl with 0.9.8h, there is no SSL test failure. The corresponding OpenSSL bug is already known and fixed in CVS: http://cvs.openssl.org/chngview?cn=17196 Regards, Rainer Works for me on Mandriva Cooker, thanks man. -- Regards // Oden Eriksson
Re: [VOTE] Release Apache HTTP Server 2.2.9
On Jun 11, 2008, at 6:24 AM, Niklas Edmundsson wrote: On Tue, 10 Jun 2008, Jim Jagielski wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; Out of curiosity, when does the voting close? I'd like to release Friday, noon eastern.
Re: [VOTE] Release Apache HTTP Server 2.2.9
Jim Jagielski schrieb: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ ] Release httpd-2.2.9 as GA +1 (non-binding) Tested on Solaris 8 Sparc with latest test framework (without -ssl). No failures, but a couple of tests skipped due to missing modules/filters (expected): t/filter/case...skipped all skipped: cannot find module 'case_filter' t/filter/case_inskipped all skipped: cannot find module 'case_filter_in' t/http11/chunked2...skipped all skipped: cannot find module 'bucketeer' t/modules/dav...skipped all skipped: cannot find module 'HTTP::DAV' 14/87 skipped: Skipping bucket boundary tests, no mod_bucketeer t/php/all...skipped all skipped: cannot find one of php4 or php5 or sapi_apache2.c t/protocol/echo.skipped all skipped: cannot find module 'mod_echo' t/security/CVE-2004-0958skipped all skipped: cannot find one of php4 or php5 or sapi_apache2.c t/security/CVE-2004-0959skipped all skipped: cannot find one of php4 or php5 or sapi_apache2.c, PHP not installed 1/3 skipped: server gave HTTP/0.9 response 1/2 skipped: server gave HTTP/0.9 response t/ssl/pr12355...ok 2/10 skipped: mod_case_filter_in not available All tests successful, 8 tests and 18 subtests skipped. Rainer
Re: apxs is missing -fPIC and ignores it
On Sunday 2008-06-08 20:59, Sander Temme wrote: On Jun 8, 2008, at 11:47 AM, Jan Engelhardt wrote: Sometimes you miss the wood for the trees :-) But still, should not apxs's libtool add -fPIC on its own, like the normal (GNU) libtool does? It should behave like GNU libtool, because it *is* GNU libtool. apxs uses the same libtool that was used to build APR and Apache, and is installed by apr in build-1 under normal configuration circumstances. [EMAIL PROTECTED] trunk $ /UserData/asf/apr-r664276/build-1/libtool --version ltmain.sh (GNU libtool) 1.5.26 (1.1220.2.492 2008/01/30 06:40:56) Well it seems like Ubuntu's 8.04 axps is at total fail; I do get -fPIC from apxs on SUSE. Case closed. [EMAIL PROTECTED]:~$ /usr/share/apr-1.0/build/libtool --version ltmain.sh (GNU libtool) 1.5.20 (1.1220.2.287 2005/08/31 18:54:15)
Re: [VOTE] Release Apache HTTP Server 2.2.9
On 6/10/2008 at 6:50 PM, in message [EMAIL PROTECTED], Jim Jagielski [EMAIL PROTECTED] wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ ] Release httpd-2.2.9 as GA DO NOT begin distributing these in any manner whatsoever, please note that you can seriously mess up any user who installs these packages if they are ultimately rejected. +1 NetWare
Re: [patch] Add IPV6 'specials' flag to mod_rewrite
Jeff Trawick [EMAIL PROTECTED] said: On Mon, Jun 9, 2008 at 9:19 PM, Ryan Phillips [EMAIL PROTECTED] wrote: Ryan Phillips [EMAIL PROTECTED] said: So I needed to create some mod_rewrite rules only for IPv6 when httpd is configured for both ipv4 and ipv6 modes. This patch adds 'RewriteCond IPV6 on' support to the ruleset. I initially tried to see if the incoming socket was APR_INET6, but couldn't find the right structure within the request to query. Should r-connection-local_addr or remote_addr have the correct socket family? If I try either of these over an IPv4 connection, I always get a socket family of IPv6. On most platforms, httpd will handle IPv4 connections on an IPv6 socket; the address family will be APR_INET6 and the socket address will have a special format which indicates that the client is IPv4 (http://en.wikipedia.org/wiki/IPv4_mapped_address). Replace Listen ## with the combination Listen 0.0.0.0:## + Listen [::]:## and you should be able to distinguish between client connection type by checking the address family (not a real solution). The system macro IN6_IS_ADDR_V4MAPPED() can check if an IPv6 socket address represents an IPv4 client connection. Apparently APR doesn't provide an equivalent. Jeff, Thanks for the detailed explanation. I wasn't aware of this. Regards, Ryan
[PATCH] suppress SUEXEC_BIN printfs when suexec disabled
mod_info and apachectl -V both output SUEXEC info, even if suexec has been explicitly turned off with --disable-suexec. example of current apachectl -V after running with ./configure --disable-suexec: bin/apachectl -V ... Server compiled with -D APACHE_MPM_DIR=server/mpm/worker -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D APR_CHARSET_EBCDIC -D HTTPD_ROOT=/apache *-D SUEXEC_BIN=/apache/bin/suexec *Note: some existing Apache and third party code assumes that SUEXEC_BIN is defined, so patch uses a new separate define (AP_HAS_SUEXEC) Question: Not sure if the expansion in ./configure sets enable_suexec=no for windows or other platforms as needed, or does there need to be a #if define(WIN32) || define(BEOS) || define(NETWARE) ... = #define AP_HAS_SUEXEC 0 someplace? Index: server/main.c === --- server/main.c (revision 60) +++ server/main.c (working copy) @@ -226,7 +226,7 @@ printf( -D HTTPD_ROOT=\ HTTPD_ROOT \\n); #endif -#ifdef SUEXEC_BIN +#if AP_HAS_SUEXEC printf( -D SUEXEC_BIN=\ SUEXEC_BIN \\n); #endif Index: modules/generators/mod_info.c === --- modules/generators/mod_info.c (revision 60) +++ modules/generators/mod_info.c (working copy) @@ -498,7 +498,7 @@ ap_rputs( -D HTTPD_ROOT=\ HTTPD_ROOT \\n, r); #endif -#ifdef SUEXEC_BIN +#if AP_HAS_SUEXEC ap_rputs( -D SUEXEC_BIN=\ SUEXEC_BIN \\n, r); #endif Index: configure.in === --- configure.in(revision 60) +++ configure.in(working copy) @@ -561,6 +561,13 @@ progname=httpd] ) # SuExec parameters +if test $enable_suexec = no; then +AC_DEFINE(AP_HAS_SUEXEC, 0, + [suexec is disabled]) +else +AC_DEFINE(AP_HAS_SUEXEC, 1, + [suexec is enabled]) +fi AC_ARG_WITH(suexec-bin, APACHE_HELP_STRING(--with-suexec-bin,Path to suexec binary),[ AC_DEFINE_UNQUOTED(SUEXEC_BIN, $withval, [Path to suexec binary] ) suexec.patch Description: Binary data
Re: [VOTE] Release Apache HTTP Server 2.2.9
On 06/11/2008 02:50 AM, Jim Jagielski wrote: Test tarballs for Apache httpd 2.2.9 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/-1 [ +1 ] Release httpd-2.2.9 as GA Here are my results: Summary: Solaris 8, 9 on SPARC, 32 bit build, gcc 3.3.2, using Solaris LDAP SDK: Worker MPM, compiles, installs and starts fine Solaris 10 on SPARC, 32 bit build, gcc 3.3.2: Prefork, worker and event compile and install fine. Prefork, worker and event pass all tests as far as the default perl installation of Solaris 10 permits. RedHat AS 3 32 bit: Prefork, worker and event compile and install fine. It does NOT compile with the RedHat included openldap 2.0.27-17. More details later. Event MPM does NOT start as epoll does not seem to work correctly. Although the appropriate functions seem to be present they do not seem to work. Configure from APR detected this and set epoll support to 0, but there is no build check on httpd side to detect this. Maybe a possible area of improvement. Prefork and worker pass all tests (not including WebDAV as the needed perl components are missing) RedHat As 4 32 bit: Prefork, worker and event compile and install fine. Prefork, worker and event pass all tests (not including WebDAV as the needed perl components are missing). Works fine with the included openldap 2.2.x. RedHat As 4 64 bit: Prefork, worker and event compile and install fine. Prefork, worker and event pass all tests (not including WebDAV as the needed perl components are missing). Works fine with the included openldap 2.2.x. SuSE Linux 10.2 32 bit: worker compiles and installs fine. worker passes all tests. Works fine with the included openldap 2.3.x. So all in all I am +1 for releasing. Details: Warnings reported on Solaris: Solaris 8: passwd/apr_getpass.c:97: warning: `get_password' defined but not used threadproc/unix/thread.c: In function `apr_thread_once_init': threadproc/unix/thread.c:306: warning: missing braces around initializer threadproc/unix/thread.c:306: warning: (near initialization for `once_init.__pthread_once_pad') xmlparse.c:7: warning: `RCSId' defined but not used xmltok.c:7: warning: `RCSId' defined but not used xmlrole.c:7: warning: `RCSId' defined but not used dbd/apr_dbd.c: In function `apr_dbd_prepare': dbd/apr_dbd.c:372: warning: subscript has type `char' dbd/apr_dbd.c:388: warning: subscript has type `char' ldap/apr_ldap_option.c: In function `option_set_cert': ldap/apr_ldap_option.c:401: warning: unused variable `ents' ldap/apr_ldap_option.c:402: warning: unused variable `i' ldap/apr_ldap_rebind.c:187: warning: `apr_ldap_rebind_lookup' defined but not used worker.c: In function `start_threads': worker.c:1033: warning: int format, pid_t arg (arg 7) worker.c: In function `make_child': worker.c:1358: warning: int format, pid_t arg (arg 7) worker.c: In function `ap_mpm_run': worker.c:1669: warning: int format, pid_t arg (arg 4) worker.c:1766: warning: int format, pid_t arg (arg 8) worker.c:1793: warning: int format, pid_t arg (arg 8) util.c: In function `ap_append_pid': util.c:2146: warning: int format, pid_t arg (arg 5) mpm_common.c: In function `reclaim_one_pid': mpm_common.c:151: warning: int format, pid_t arg (arg 7) mpm_common.c:161: warning: int format, pid_t arg (arg 7) mpm_common.c:186: warning: int format, pid_t arg (arg 7) mpm_common.c: In function `ap_process_child_status': mpm_common.c:440: warning: int format, pid_t arg (arg 7) mpm_common.c: In function `ap_signal_server': mpm_common.c:991: warning: int format, pid_t arg (arg 3) mpm_common.c:996: warning: int format, pid_t arg (arg 3) mod_authnz_ldap.c: In function `authn_ldap_check_password': mod_authnz_ldap.c:373: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:378: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:383: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:390: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:415: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:471: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:475: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c: In function `authz_ldap_check_user_access': mod_authnz_ldap.c:540: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:564: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:623: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:635: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:642: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:655: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:662: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:673: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:682: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:689: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:703: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:718: warning: int format, pid_t arg (arg 7) mod_authnz_ldap.c:724: warning: int format, pid_t arg (arg 7)
Virtualhost _default_:nnnn in test framework
Line 367 in t/conf/httpd.conf reads: VirtualHost _default_:8530 This causes a failure on Solaris, with Could not resolve address '255.255.255.255' -- check resolver configuration. The same thing happens in various other places in the test suite's config. Is _default_ supposed to do anything meaningful? Trying with localhost instead, I just got Failed TestStat Wstat Total Fail Failed List of Failed --- t/security/CVE-2004-0959.t2 512?? ?? % ?? t/security/CVE-2008-2364.t31 33.33% 3 Investigating those. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [patch] Add IPV6 'specials' flag to mod_rewrite - try 2
Ryan Phillips [EMAIL PROTECTED] said: Jeff Trawick [EMAIL PROTECTED] said: On Mon, Jun 9, 2008 at 9:19 PM, Ryan Phillips [EMAIL PROTECTED] wrote: Ryan Phillips [EMAIL PROTECTED] said: So I needed to create some mod_rewrite rules only for IPv6 when httpd is configured for both ipv4 and ipv6 modes. This patch adds 'RewriteCond IPV6 on' support to the ruleset. I initially tried to see if the incoming socket was APR_INET6, but couldn't find the right structure within the request to query. Should r-connection-local_addr or remote_addr have the correct socket family? If I try either of these over an IPv4 connection, I always get a socket family of IPv6. On most platforms, httpd will handle IPv4 connections on an IPv6 socket; the address family will be APR_INET6 and the socket address will have a special format which indicates that the client is IPv4 (http://en.wikipedia.org/wiki/IPv4_mapped_address). Replace Listen ## with the combination Listen 0.0.0.0:## + Listen [::]:## and you should be able to distinguish between client connection type by checking the address family (not a real solution). The system macro IN6_IS_ADDR_V4MAPPED() can check if an IPv6 socket address represents an IPv4 client connection. Apparently APR doesn't provide an equivalent. Jeff, Thanks for the detailed explanation. I wasn't aware of this. Attached is a patch which uses IN6_IS_ADDR_V4MAPPED to see if the client is from an IPv4 socket. Thanks, Ryan --- mod_rewrite.c.old 2008-06-09 16:50:04.0 -0500 +++ mod_rewrite.c 2008-06-11 12:09:50.0 -0500 @@ -1765,6 +1765,13 @@ rewritelog((r, 1, ctx-perdir, RESULT='%s', result)); return (char *)result; } +else if (!strcmp(var, IPV6)) { +apr_sockaddr_t *addr = r-connection-remote_addr; +int flag = (addr-family == AF_INET6 +!IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr-ipaddr_ptr)); +rewritelog((r, 1, ctx-perdir, IPV6='%s', flag ? on : off)); +return apr_pstrdup(r-pool, flag ? on : off); +} break; case 5: