Changes with Apache 1.3.21
+ *) Added a directive: "AcceptFilter <on|off>". To control BSD
+ acccept filters when at compile time SO_ACCEPT_FILTER is
+ detected. The default is still 'on' except when AP_ACCEPT_FILTER_OFF
+ is defined. Also downgraded the fatal exit to a warning
+ when the associated setsocketopt() fails. This should make it
+ easier to move httpd binaries and config files across BSD
+ machines with varying acceptfilter support.
+ [Dirk-Willem van Gulik <dirkx@covalent.net>]
+
*) Fix the <Files ~ "^\.ht"> container to *really* deny all access.
Without the Satisfy All, .ht* files could still be fetched if
they were within the scope of a Satisfy Any directive.
extern API_VAR_EXPORT int ap_daemons_limit;
extern API_VAR_EXPORT int ap_suexec_enabled;
extern int ap_listenbacklog;
+#ifdef SO_ACCEPTFILTER
+extern int ap_acceptfilter;
+#endif
extern int ap_dump_settings;
extern API_VAR_EXPORT int ap_extended_status;
}
#endif
+/* Though the AcceptFilter functionality is not available across
+ * all platforms - we still allow the config directive to appear
+ * on all platforms and do intentionally not tie it to the compile
+ * time flag SO_ACCEPTFILTER. This makes configuration files significantly
+ * more portable; especially as an <IfModule http_core.c> or some
+ * other construct is not possible.
+ */
+static const char *set_acceptfilter(cmd_parms *cmd, void *dummy, int flag)
+{
+#ifdef SO_ACCEPTFILTER
+ ap_acceptfilter = flag;
+#endif
+ return NULL;
+}
+
static const char *set_listener(cmd_parms *cmd, void *dummy, char *ips)
{
listen_rec *new;
"to die." },
{ "ListenBacklog", set_listenbacklog, NULL, RSRC_CONF, TAKE1,
"Maximum length of the queue of pending connections, as used by listen(2)" },
+{ "AcceptFilter", set_acceptfilter, NULL, RSRC_CONF, FLAG,
+ "Switch AcceptFiltering on/off (default is "
+#ifdef AP_ACCEPTFILTER_OFF
+ "off"
+#else
+ "on"
+#endif
+ ")."
+#ifndef SO_ACCEPTFILTER
+ "This feature is currently not compiled in; so this directive "
+ "is ignored."
+#endif
+ },
{ "CoreDumpDirectory", set_coredumpdir, NULL, RSRC_CONF, TAKE1,
"The location of the directory Apache changes to before dumping core" },
{ "Include", include_config, NULL, (RSRC_CONF | ACCESS_CONF), TAKE1,
time_t ap_restart_time=0;
API_VAR_EXPORT int ap_suexec_enabled = 0;
int ap_listenbacklog;
+#ifdef SO_ACCEPTFILTER
+int ap_acceptfilter =
+#ifdef AP_ACCEPTFILTER_OFF
+ 0;
+#else
+ 1;
+#endif
+#endif
+
int ap_dump_settings = 0;
API_VAR_EXPORT int ap_extended_status = 0;
}
#ifdef SO_ACCEPTFILTER
- {
+ if (ap_acceptfilter) {
#ifndef ACCEPT_FILTER_NAME
#define ACCEPT_FILTER_NAME "dataready"
#endif
};
if (setsockopt(s, SOL_SOCKET, SO_ACCEPTFILTER, &af, sizeof(af)) < 0
&& errno != ENOENT) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
+ ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
"make_sock: for %s, setsockopt: (SO_ACCEPTFILTER)",
addr);
- close(s);
- ap_unblock_alarms();
- exit(1);
}
}
#endif
#ifdef SHARED_CORE
printf(" -D SHARED_CORE\n");
#endif
+#ifdef SO_ACCEPTFILTER
+ printf(" -D SO_ACCEPTFILTER\n");
+ printf(" -D ACCEPT_FILTER_NAME=\"" ACCEPT_FILTER_NAME "\"\n");
+#endif
+#ifdef AP_ACCEPTFILTER_OFF
+ printf(" -D AP_ACCEPTFILTER_OFF\n");
+#endif
/* This list displays the compiled-in default paths: */
#ifdef HTTPD_ROOT
projects / thirdparty / apache / httpd.git / commitdiff
