Brian Pane [Sun, 9 Oct 2005 04:49:52 +0000 (04:49 +0000)]
Refactored ap_process_request() so that in async MPMs, the MPM (and not
the httpd core) is responsible for write completion.
Note that, with this commit, the Event MPM is still doing write
completion synchronously. I'll add async write completion as a
separate commit.
Note also that this commit breaks the (experimental) Leader/Followers
MPM on the (equally experimental) async-dev branch. The fix is to add
either synchronous or asynchronous write completion to that MPM. Rather
than hack in synchronous write completion, I'll revisit Leader/Followers
once I have async working in Event.
Brian Pane [Sun, 9 Oct 2005 01:37:11 +0000 (01:37 +0000)]
Redesign of request cleanup:
- A new End-Of-Request bucket is pushed through the output filter
chain after the last bucket of the response.
- This bucket gets destroyed by ap_core_output_filter() after the
buckets in front of it have been sent.
- The destroy callback of the EOR bucket invokes the access logger
and frees the request's pool.
With this change, the request logger now runs after the last byte of
the response is _sent_, rather than after the last byte of the response
is _generated_. This should make the bytes-sent count in the access
log more accurate in cases where the client closes the connection
midway through the sending of the response.
Brian Pane [Thu, 6 Oct 2005 06:19:12 +0000 (06:19 +0000)]
Forward-port of wrowe's NET_TIME filter removal/refactor into
the async-dev branch, in preparation for developing async write
completion in this branch on top of the new timeout design.
http://svn.apache.org/viewcvs.cgi?rev=306495&view=rev
Brian Pane [Sun, 25 Sep 2005 05:22:04 +0000 (05:22 +0000)]
New version of ap_core_output_filter...
The big change is that it now does nonblocking writes when possible. The
goal of this redesign is to more cleanly support asynchronous write completion
in MPMs such as Event or Leader. However, the nonblocking writes may also
help in Worker and Prefork by allowing more overlapping of handler and
output filter processing with network writes.
Brian Pane [Sun, 25 Sep 2005 01:35:18 +0000 (01:35 +0000)]
Ported fix for PR35330 forward from the trunk (This particular patch doesn't
interact with the async R&D, but I'm merging it into the async-dev branch
because there's now a test case specifically for this change in
httpd-test/perl-framework.)
Brian Pane [Mon, 12 Sep 2005 00:35:23 +0000 (00:35 +0000)]
Added asynchronous keep-alive support to the leader MPM...
the new io_multiplexer object is intended to provide a
foundation for async processing of the other connection
states.
Brian Pane [Mon, 12 Sep 2005 00:29:10 +0000 (00:29 +0000)]
Added new connection states CONN_STATE_HANDLER and CONN_STATE_WRITE_COMPLETION.
Also, core_create_conn() now initializes the conn_state within the newly
created connection.
Paul Querna [Mon, 5 Sep 2005 00:21:25 +0000 (00:21 +0000)]
*) Create an optional function and MPM Query to replace the core output filter.
*) Put an example of using it into the Event MPM, which just calls the original core output filter.
Joe Orton [Thu, 1 Sep 2005 11:58:58 +0000 (11:58 +0000)]
* modules/ssl/ssl_util_ssl.c (SSL_X509_STORE_create): Catch errors
returned by X509_LOOKUP_add_dir or X509_LOOKUP_load_file to detect
malformed or misconfigured CRLs. Clear error stack beforehand to
ensure reported errors are relevant.
Jim Jagielski [Wed, 31 Aug 2005 15:22:08 +0000 (15:22 +0000)]
Add ap_append_pid(); This is performed enough to warrant
a function I think, especially with the fact that
the mapping of getpid() to APR_PID_T_FMT isn't
consistant in some areas.
Joe Orton [Tue, 30 Aug 2005 15:57:38 +0000 (15:57 +0000)]
Fix CVE CAN-2005-2700:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".
The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).
Fix PR36410; Change how the get_suexec_identity hook is handled by CGID.
Instead of using mod_userdir and mod_suexec specific hacks, we now run the hook
on the httpd side of the handler.
If this is NULL, we pass on a magic empty_ugid constant, otherwise pass on the
real ugid.
On the cgid side of the equation, we add our own hook, with REALLY_FIRST, and
then order the hooks. This ensures that cgid's doer runs before any other
registered get_suexec_identity doers.
We use cgid's request config to store the ugid. If ugid == empty_ugid, we DON'T
call ap_os_create_privileged_process, because our doer would return the magic
empty_ugid constant. Having the doer return NULL is no good, because then
userdir and mod_suexec's doers would be called. Instead, we call plain old
apr_proc_create().
Noticed in the development of fips-enabled mod_ssl, when we are
configured to support exactly one protocol, use that explicit server
and client mechansim to handshake with the client or proxied machine,
rather than the generic SSLv23_[client|server]_method().
Update CHANGES to reflect that worker now supports graceful-stop, that Bill
wrote some of the graceful-stop code I stole from Ken, and to get rid of
exraneous `'`'s.
Implement a graceful-stop for the worker MPM. We close our listeners, and then
ask each child process to do the same. We then monitor until all children have
exited.
The change to ap_start_shutdown(void) to ap_start_shutdown(int) may look like
an external API change, but the function is defined static, and used only in
one place.
Remove as many ghastly scoreboard loops from the graceful-shutdown code, and
replace with the new ap_relieve_child_processes() call. Add a sleep() call now,
as we lost the timeout inherent in ap_wait_or_timeout(). 1 second seems a sane
choice.
Add ap_relieve_child_processess(), a non-infanticidal copy of
ap_reclaim_child_processes(). Allows us to waitpid() each process in the
scoreboard and each "extra" process with a single call.
Joshua Slive [Fri, 26 Aug 2005 17:58:39 +0000 (17:58 +0000)]
Clean up some problems in the recently committed background faqs;
Make the reference to the 1.3 FAQ a little more up-to-date; and
add a FAQ on SELinux.
Implement "de-listening" for graceful restarts with the prefork MPM. With this
change;
1.) httpd -k graceful sends SIGUSR1 to the parent pid, which in turn
sends SIGUSR1 to all of the active children,
2.) Active children each close their copy of listener fd's.
This means that the listening sockets are freed for re-use. In the ordinary
case, this makes no difference. However if for example admin changes "Listen
80" to "Listen 81" in the config, this rev makes port 80 immediately available
(no waiting for the graceful children to die).
Provide a function for closing all of the listeners.
* This is useful for properly implementing a graceful stop and restart
where we want child processess to be able to carry on serving a request
but "de-listen" from a port. So that another instance entirely can be
started in our place, or to unbind from a "Listen" directive an admin
has removed from the configuration.
Remove support for the threaded-mpm's on Linux 2.0, and de-autoconf the
graceful restart signal. Frees up SIGWINCH for implementing graceful stop.
See <20050727114058.GA3390@stdlib.net> and subsequent thread on httpd-dev.
Enhance CacheEnable/CacheDisable to control caching on a per-protocol, per-host
and per-path basis. Makes Cache(En|Dis)able useful for forward proxy servers.
Improve the cache hit/miss ratio by canonicalising the url key. hostname's
are matched case-insensitively, port-based vhosts are catered for and the
scheme included for future multi-scheme caching compatibility.
projects / thirdparty / apache / httpd.git / log
