util_pcre: Add a thread local subpool cache for when stack does not suffice.
When AP_HAS_THREAD_LOCAL is available, use a thread-local match_thread_state to
save per-thread data in a subpool of the thread's pool.
If private_malloc() gets out of the stack buffer and the current thread has a
pool (i.e. ap_thread_current() != NULL), it will apr_palloc()ate and return
memory from the subpool.
When the match is complete and the match_data are freed, the thread subpool is
cleared thus giving back the memory to the allocator, which itself will give
back the memory or recycle it depending on its max_free setting.
* util_pcre.c:
Restore POSIX_MALLOC_THRESHOLDsince this is part of the user API.
* util_pcre.c(match_data_pt):
Type not used (explicitely) anymore, axe.
* util_pcre.c(struct match_data_state):
Put the stack buffer there to simplify code (the state is allocated on
stack anyway).
If APREG_USE_THREAD_LOCAL, add the apr_thread_t* and match_thread_state*
fields that track the thread local data for the match.
* util_pcre.c(alloc_match_data, free_match):
Renamed to setup_state() and cleanup_state(), simplified (no stack buffer
parameters anymore).
cleanup_state() now clears the thread local subpool if used during the match.
setup_state() set state->thd to ap_thread_current(), thus NULL if it's not a
suitable thread for using thread local data.
* util_pcre.c(private_malloc):
Fix a possible buf_used overflow (size <= avail < APR_ALIGN_DEFAULT(size)).
Create the thread local subpool (once per thread) and allocate from there
when stack space is missing and state->thd != NULL, otherwise fall back to
malloc() still.
* util_pcre.c(private_free):
Do nothing for thread local subpool memory, will be freed in cleanup_state
eventually.
core: Apply ap_max_mem_free to created threads' pool allocator.
Since APR does not set the threshold above which the allocator of the thread's
starts returning its memory to the system, so set ap_max_mem_free from
ap_thread_create(), ap_thread_main_create() and ap_thread_current_create().
* include/httpd.h:
Provide our own ap_thread_create() in any case (but !APR_HAS_THREADS).
Simplify #ifdef-ery.
* server/util.c(thread_start, ap_thread_main_create, ap_thread_current_create):
Set ap_max_mem_free to the thread's pool allocator.
Simplify #ifdef-ery.
Stefan Eissing [Sat, 2 Jul 2022 09:39:22 +0000 (09:39 +0000)]
*) mod_http2: fixed trailer handling. Empty response bodies
prevented trailers from being sent to a client. See
<https://github.com/icing/mod_h2/issues/233> for how
this affected gRPC use.
Stefan Eissing [Sat, 2 Jul 2022 09:11:31 +0000 (09:11 +0000)]
*) test/modules/http2: adding tests for response trailers with
or without a body. This reproduces a bug reported in
<https://github.com/icing/mod_h2/issues/233>
where trailers are not sent on an empty response
body. This is used in gRPC.
Stefan Eissing [Fri, 17 Jun 2022 09:24:57 +0000 (09:24 +0000)]
*) mod_http2: new implementation of h2 worker pool.
- O(1) cost at registration of connection processing producers
- no limit on registered producers
- join of ongoing work on unregister
- callbacks to unlink dependencies into other h2 code
- memory cleanup on workers deactivation (on idle timeouts)
- idle_limit as apr_time_t instead of seconds
Eric Covener [Sat, 4 Jun 2022 15:37:33 +0000 (15:37 +0000)]
-qinitauto=FE conflicts with -qcheck=unset
maintainer mode only
causes a warning for every compiler invocation. If automatics are initialized
by -qinitauto, use before being assigned cannot be detected with -qcheck=unset
(part of all)
Yann Ylavic [Wed, 1 Jun 2022 09:56:43 +0000 (09:56 +0000)]
mod_proxy: Let fixup hooks know about the Host header (and eventually overwrite it).
If proxy_run_fixups() sets a Host header there will be two ones sent to the
origin server.
Instead, let the hooks know about the Host by setting it in the r->headers_in
passed to proxy_run_fixups(), and use the actual value afterwards.
Note: if proxy_run_fixups() unsets the Host we'll keep ours.
Yann Ylavic [Tue, 31 May 2022 23:01:24 +0000 (23:01 +0000)]
mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.
* modules/ssl/ssl_private.h():
#define modssl_fips_is_enabled() and modssl_fips_enable() to wrap the
native OpenSSL FIPS functions available on OPENSSL_VERSION_NUMBER.
* modules/ssl/ssl_engine_init.c(ssl_init_Module, modssl_fips_cleanup):
Use the new wrappers instead of the OPENSSL_VERSION_NUMBER < 3.0 functions.
Submitted by: Petr Sumbera <petr.sumbera oracle.com>, ylavic
Yann Ylavic [Tue, 31 May 2022 15:06:13 +0000 (15:06 +0000)]
mod_proxy: Align ap_proxy_create_hdrbrgd() with 2.4.x's.
In 2.4.x, the copy of r->headers_in is left in r->headers_in for the whole
function, while the original r->headers_in are restored at the end. This
is simpler and avoids the r->headers_in <=> saved_headers_in danse when
calling a function that modifies r->headers_in in place.
Yann Ylavic [Mon, 30 May 2022 15:54:34 +0000 (15:54 +0000)]
mod_proxy_http: Avoid 417 responses for non forwardable 100-continue. PR 65666.
Stop returning 417 when mod_proxy has to forward an HTTP/1.1 request with both
"Expect: 100-continue" and "force-proxy-request-1.0" set, mod_proxy can instead
handle the 100-continue by itself before forwarding the request, like in the
"Proxy100Continue Off" case.
Note that this does not change the behaviour of httpd receiving an HTTP/1.0
request with an Expect header, ap_check_request_header() will still correctly
return 417 in this case.
Stefan Eissing [Thu, 26 May 2022 08:43:13 +0000 (08:43 +0000)]
Merge of PR 318:
*) core: the conf/mime.types has been updated in conformance with RFC 9239:
- .js moved from 'application/javascript' to 'text/javascript'
- .mjs was added as 'text/javascript'
[Mathias Bynens <@mathiasbynens> via PR 318]
Stefan Eissing [Wed, 25 May 2022 11:32:52 +0000 (11:32 +0000)]
*) mod_md: a logic bug in sending long OCSP HTTP request bodies was fixed.
This did not happen in normal use as request sizes for OSCP queries
never exceed that length.
Ruediger Pluem [Fri, 20 May 2022 15:15:24 +0000 (15:15 +0000)]
* Port r546128 to mod_proxy_connect to ensure that core_pre_connection does not
succeed in resetting the timeout of our socket to base_server->timeout.
Stefan Eissing [Fri, 13 May 2022 11:03:51 +0000 (11:03 +0000)]
*) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
This allows for multiple CPUs to handle the load, the number of requests and
concurrency level asked are distributed over the configured number of workers,
allowing for as much parallelism.
On unixes (only for now), -W0 will use all the CPUs available on the system.
To avoid synchronization during runtime, the stats and requests times are
gathered per worker and consolidated at the end of the run before being
printed.
Connection closes, keepalives and errors are now handled in a single place,
namely cleanup_connection(), which takes care of the good/bad state of each
request based on the response fully received or not.
When multiple workers are running, SIGINT is handled by the main thread only
and masked in workers, workers are asked to stop and woken up if waiting in
poll().
A single worker is started first to determine the connectivity with the peer,
if that fails (10 tries) ab will stop early still without starting the other
workers, otherwise the first worker will signal the main thread to start the
others.
projects / thirdparty / apache / httpd.git / log
