httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <i...@apache.org>
Subject Re: client_socket bogosity...
Date Sat, 26 Jan 2002 03:22:46 GMT
Bill Stoddard wrote:
> The create_connection hook has a fatal design flaw. create_conn is run before
> ap_update_vhost_given_ip(), which means that it is impossible to install input and output
> filters based on vhost info.
> 
> I want to install SSL_IN and SSL_OUT filters if the request is coming in to a vhost/port
> enabled for SSL and that can't be done with the create_connection hook.
> 
> Bill
> 

On that point.
I don't think there is any way of inserting a proxy specifc filter 
either, as their is now way for the hook to know what kind of request
is the connection is for.

> 
>>>One Nov. 12, Ryan committed a patch creating the create_conn hook. The
>>>idea was to move
>>>the client_socket out of the conn_rec presumably to make available
>>>
>>only to
>>
>>>the core_in and
>>>core_out filters.  However, I just found a backdoor...
>>>
>>>In core_create_conn() the socket is saved away thusly:
>>>ap_set_module_config(net->c->conn_config, &core_module, csd);
>>>
>>>And whoever needs to access the socket does this:
>>>apr_socket_t *csd = ap_get_module_config(f->c->conn_config,
>>>
>>&core_module);
>>
>>That hack was added because the proxy does the completely wrong thing
>>with regard to handing sockets.  In order to finish the Nov. 12 patch, I
>>need to rip a lot of logic out of the proxy and re-implement, which I
>>haven't had time to do recently.  The only other module that should use
>>the get_module_config hack is the perchild module, which is also doing
>>to completely wrong thing with regard to sockets, but I haven't had time
>>to fix that one either.
>>
>>
>>
>>>So the goal of hiding the socket is completely blown.  The Nov. 11
>>>
>>change
>>
>>>added a lot of
>>>complexity to the server (hard to read/understand code) in pursuit of
>>>
>>a
>>
>>>goal that is then
>>>immediately circumvented by the ap_get|set_module_config. So we made
>>>
>>the
>>
>>>server more
>>>complex for no reason.
>>>
>>It actually isn't blown.  Try writing a module that implements a non TCP
>>socket, and it will work as long as you don't use the proxy or the
>>perchild module.  As proof, look at the fact that the Unix MPMs have
>>been using that mechanism to handle the pipe_of_death.  This allowed me
>>to remove the ugly hacks at the beginning of the accept loop, which
>>checked for the POD.
>>
>>Also, a big portion of the Nov 12 patch was to consolidate the accept
>>functions for Unix and BeOS, which has meant far less duplicated code in
>>the server.
>>
>>
>>>I am on the verge of vetoing the Nov. 12 patch in favor of moving the
>>>client_socket back
>>>into the con_rec.
>>>
>>>Comments?
>>>
>>Please don't let two mis-behaved modules color your judgment on this.
>>Both proxy and perchild must be re-written if they are going to be
>>clean, and once that is done the stupid set_module_config can be
>>removed.  In fact, the server ran for over a day without the
>>set_module_config, but that broke the proxy, so I added the hack to
>>allow the proxy to continue to work, while I worked to solve the
>>underlying problem.  Unfortunately, work and some extracurricular
>>activities have stopped me from contributing much code recently.
>>Hopefully, I will have time to code again soon.
>>
>>Ryan
>>
>>
>>
> 
> 




Mime
View raw message