httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Accept Filters, was Re: Timeout for requests
Date Wed, 04 May 2005 01:13:58 GMT
Rasmus Lerdorf wrote:
>>
>> Ya, I got messed up in my other email too.
>>
>> SO_ACCEPTFILTER is in 2.0.xx.
>>
>> TCP_DEFER_ACCEPT is in 2.1.xx.
>>
>> -Paul
> 
> 
> By the way Paul, I have been meaning ask, are you falling back from
> httpready to dataready on SSL requests in 2.x?  I don't see it in
> server/listen.c, but I am not really up on the 2.x code.  We can't use
> httpready on an SSL request for obvious reasons.

Nope, it always tries to use accf_http.

In real life, I don't believe this is detrimental, since if the
accf_http filter sees data it doesn't understand, it acts just like
accf_data -- and mod_ssl reads the data just like normal.

There was a thread discussing refactoring of how accept filters and
TCP_DEFER_ACCEPT should be applied, but the root problem is that we do
not know that a socket is SSL, until after we have accept()'ed that
socket.  This thread was started when I committed support for
TCP_DEFER_ACCEPT:
http://marc.theaimsgroup.com/?t=110275895100002&r=1&w=2

A proposed solution is a 'mod_acceptfilter':
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=110297187029584&w=2

Unfortunately, no one followed up with Rici's ideas on it.  I think the
longterm solution is to remove things like 'SSLEngine On', and fix HTTPD
to associate a single protocol with a single listening socket.

An alternative that was also proposed at the same time was  <Listen> Blocks:
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=110297188417604&w=2

This would allow something like:
<Listen 1.2.3.4:443>
# would imply the accf_data filter on FreeBSD...
Protocol https
<VirtualHost>
....
</VirtualHost>
</Listen>

Either way, we need a better method to know which protocol will at least
initially be ran on a socket.  Currently it is all runtime, but it must
be changed to be done at startup, to properly apply the accept filters.

In the real world, it is not a big issue, since most people are running
HTTP or HTTPS Servers with apache, but maybe someday httpd will fully
support SMTP, IMAP, and FTP :)

-Paul


Mime
View raw message