Yann Ylavic [Tue, 11 Oct 2022 09:53:04 +0000 (09:53 +0000)]
mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname
or port part of the URL.
Address or connection reuse can't work when the autority part of the URL is
dynamic (single origin server[:port] handled/assumed in the reslist). Detect
such cases and unset worker->s->is_address_reusable to disable reuse regardless
of enablereuse/disablereuse.
* modules/proxy/proxy_util.c(ap_proxy_define_worker_ex):
Lookup for $n substitution in the hostname[:port] when parsing the URL and
if present, set worker->->is_address_reusable=0 / worker->s->disablereuse=1.
* modules/proxy/proxy_util.c(ap_proxy_initialize_worker):
Don't overwrite worker->s->is_address_reusable from enablereuse/disablereuse
parameters, and set both consistently.
* docs/manual/mod/mod_proxy.xml:
Add ProxyPassMatch compatibility note about key=value parameters handled with
$n substitutions since 2.4.47.
Document the specificities of enablereuse/disablereuse w.r.t. $n subsitutions
in the different part of the URL.
Axe the note about unparsable URLs when the $n substitution happens in the
port, this has been addressed in 2.4.47 too (and works now).
Stefan Eissing [Mon, 26 Sep 2022 12:29:47 +0000 (12:29 +0000)]
*) mod_http2: new directive "H2HeaderStrictness" to control the compliance
level of header checks as defined in the HTTP/2 RFCs. Default is 7540.
9113 activates the checks for forbidden leading/trailing whitespace in
field values (available from nghttp2 v1.50.0 on).
- source sync with github version
- fix for keepalive idle wait in mpm_worker setup
- ensuring EOS when secondary connection has been handled
- fixed race in late input EOS arrival when stream was
already scheduled for execution.
Stefan Eissing [Wed, 21 Sep 2022 11:23:24 +0000 (11:23 +0000)]
*) mod_http2: removing bucket splitting into an extra recv brigade.
buckets are always received as a whole now, even if the total size
exceeds the receivers specified length. This simplifies the internal
handling and, since these buckets already exist, lead to less memory
consumption overall.
Stefan Eissing [Wed, 21 Sep 2022 11:03:44 +0000 (11:03 +0000)]
*) tests: load the top-level mod_aptest in all test suites.
- aptest logs the test name from the header 'AP-Test-Name' with
the request line. LogLevel aptest:info is switched on.
- pytest sets 'AP-Test-Name' for all curl/nghttp invocation
against the server.
Stefan Eissing [Tue, 20 Sep 2022 12:40:58 +0000 (12:40 +0000)]
*) mod_proxy_http2: use only the ':authority' header to forward 'Host'
information to a backend. Deduce ':authority' from what the client
sent when 'ProxyPreserveHost' is on.
Eric Covener [Fri, 2 Sep 2022 23:17:14 +0000 (23:17 +0000)]
emphasize a few things about authz_host
- "domain name" is not a good contrast for hostname unqualified, use "partial" as used earlier in the doc
- mention that DNS resolution [of the require line arguments] is done at runtime not startup. This may be
obvious to developers when you see it uses an ap_expr but the question was specifically asked on IRC.
Stefan Eissing [Thu, 25 Aug 2022 14:00:13 +0000 (14:00 +0000)]
mod_md v2.4.19 from github sync
*) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
Stefan Eissing [Mon, 1 Aug 2022 12:56:11 +0000 (12:56 +0000)]
*) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error. Fixed PR66190.
core: Follow up to r1902728: pools may have no allocator with APR_POOL_DEBUG.
With APR <= 1.7 and APR_POOL_DEBUG, thread's pools don't necessarily have an
allocator, so avoid apr_allocator_max_free_set(NULL) in ap_thread_create() and
ap_thread_main_create().
Also, always create an allocator in ap_thread_current_create().
util_pcre: Restore nmatch < ncaps behaviour with PCRE1 (only).
When the requested nmatch is below the number of captures for the regex (i.e.
nmatch is zero if the user does not care about the captures), with PCRE1 we can
pass a smaller ovector to pcre_exec() (or even NULL) which allows for somes
optimizations (less or even no recursion) internally in pcre.
This might avoid crashes due to stack usage/exhaustion with pathological
patterns (see BZ 66119).
util_pcre: Add a thread local subpool cache for when stack does not suffice.
When AP_HAS_THREAD_LOCAL is available, use a thread-local match_thread_state to
save per-thread data in a subpool of the thread's pool.
If private_malloc() gets out of the stack buffer and the current thread has a
pool (i.e. ap_thread_current() != NULL), it will apr_palloc()ate and return
memory from the subpool.
When the match is complete and the match_data are freed, the thread subpool is
cleared thus giving back the memory to the allocator, which itself will give
back the memory or recycle it depending on its max_free setting.
* util_pcre.c:
Restore POSIX_MALLOC_THRESHOLDsince this is part of the user API.
* util_pcre.c(match_data_pt):
Type not used (explicitely) anymore, axe.
* util_pcre.c(struct match_data_state):
Put the stack buffer there to simplify code (the state is allocated on
stack anyway).
If APREG_USE_THREAD_LOCAL, add the apr_thread_t* and match_thread_state*
fields that track the thread local data for the match.
* util_pcre.c(alloc_match_data, free_match):
Renamed to setup_state() and cleanup_state(), simplified (no stack buffer
parameters anymore).
cleanup_state() now clears the thread local subpool if used during the match.
setup_state() set state->thd to ap_thread_current(), thus NULL if it's not a
suitable thread for using thread local data.
* util_pcre.c(private_malloc):
Fix a possible buf_used overflow (size <= avail < APR_ALIGN_DEFAULT(size)).
Create the thread local subpool (once per thread) and allocate from there
when stack space is missing and state->thd != NULL, otherwise fall back to
malloc() still.
* util_pcre.c(private_free):
Do nothing for thread local subpool memory, will be freed in cleanup_state
eventually.
core: Apply ap_max_mem_free to created threads' pool allocator.
Since APR does not set the threshold above which the allocator of the thread's
starts returning its memory to the system, so set ap_max_mem_free from
ap_thread_create(), ap_thread_main_create() and ap_thread_current_create().
* include/httpd.h:
Provide our own ap_thread_create() in any case (but !APR_HAS_THREADS).
Simplify #ifdef-ery.
* server/util.c(thread_start, ap_thread_main_create, ap_thread_current_create):
Set ap_max_mem_free to the thread's pool allocator.
Simplify #ifdef-ery.
Stefan Eissing [Sat, 2 Jul 2022 09:39:22 +0000 (09:39 +0000)]
*) mod_http2: fixed trailer handling. Empty response bodies
prevented trailers from being sent to a client. See
<https://github.com/icing/mod_h2/issues/233> for how
this affected gRPC use.
Stefan Eissing [Sat, 2 Jul 2022 09:11:31 +0000 (09:11 +0000)]
*) test/modules/http2: adding tests for response trailers with
or without a body. This reproduces a bug reported in
<https://github.com/icing/mod_h2/issues/233>
where trailers are not sent on an empty response
body. This is used in gRPC.
Stefan Eissing [Fri, 17 Jun 2022 09:24:57 +0000 (09:24 +0000)]
*) mod_http2: new implementation of h2 worker pool.
- O(1) cost at registration of connection processing producers
- no limit on registered producers
- join of ongoing work on unregister
- callbacks to unlink dependencies into other h2 code
- memory cleanup on workers deactivation (on idle timeouts)
- idle_limit as apr_time_t instead of seconds
Eric Covener [Sat, 4 Jun 2022 15:37:33 +0000 (15:37 +0000)]
-qinitauto=FE conflicts with -qcheck=unset
maintainer mode only
causes a warning for every compiler invocation. If automatics are initialized
by -qinitauto, use before being assigned cannot be detected with -qcheck=unset
(part of all)
projects / thirdparty / apache / httpd.git / log
