httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <>
Subject Accept Filters, was Re: Timeout for requests
Date Wed, 04 May 2005 01:13:58 GMT
Rasmus Lerdorf wrote:
>> Ya, I got messed up in my other email too.
>> SO_ACCEPTFILTER is in 2.0.xx.
>> TCP_DEFER_ACCEPT is in 2.1.xx.
>> -Paul
> By the way Paul, I have been meaning ask, are you falling back from
> httpready to dataready on SSL requests in 2.x?  I don't see it in
> server/listen.c, but I am not really up on the 2.x code.  We can't use
> httpready on an SSL request for obvious reasons.

Nope, it always tries to use accf_http.

In real life, I don't believe this is detrimental, since if the
accf_http filter sees data it doesn't understand, it acts just like
accf_data -- and mod_ssl reads the data just like normal.

There was a thread discussing refactoring of how accept filters and
TCP_DEFER_ACCEPT should be applied, but the root problem is that we do
not know that a socket is SSL, until after we have accept()'ed that
socket.  This thread was started when I committed support for

A proposed solution is a 'mod_acceptfilter':

Unfortunately, no one followed up with Rici's ideas on it.  I think the
longterm solution is to remove things like 'SSLEngine On', and fix HTTPD
to associate a single protocol with a single listening socket.

An alternative that was also proposed at the same time was  <Listen> Blocks:

This would allow something like:
# would imply the accf_data filter on FreeBSD...
Protocol https

Either way, we need a better method to know which protocol will at least
initially be ran on a socket.  Currently it is all runtime, but it must
be changed to be done at startup, to properly apply the accept filters.

In the real world, it is not a big issue, since most people are running
HTTP or HTTPS Servers with apache, but maybe someday httpd will fully
support SMTP, IMAP, and FTP :)


View raw message