httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <fua...@apache.org>
Subject Re: svn commit: r1365001 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h modules/proxy/mod_proxy.h modules/proxy/mod_proxy_connect.c modules/proxy/mod_proxy_ftp.c modules/proxy/proxy_util.c
Date Mon, 20 Aug 2012 08:38:14 GMT
Hi Joe,
your commit is missing a log number ...

mod_proxy_connect.c
.\mod_proxy_connect.c(257) : warning C4003: not enough actual parameters 
for macro 'APLOGNO'


Am 24.07.2012 14:17, schrieb jorton@apache.org:
> Author: jorton
> Date: Tue Jul 24 12:17:00 2012
> New Revision: 1365001
>
> URL: http://svn.apache.org/viewvc?rev=1365001&view=rev
> Log:
> Fix handling of ProxyBlock if a forward proxy is configured, and fix
> mod_proxy_connect to avoid an inappropriate DNS lookup:
>
> * modules/proxy/proxy_util.c (ap_proxy_checkproxyblock): Take hostname
>    argument, make address argument optional.  Check names against
>    hostname arg, omit if addr not given.
>    (ap_proxy_determine_connection): Adjust for the above; pass hostname
>    from URI not the next hop.
>
> * modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler): Adjust for
>    ap_proxy_checkproxyblock change.
>
> * modules/proxy/mod_proxy_connect.c (proxy_connect_handler): Adjust
>    similarly, and avoid the DNS lookup on the request-URI hostname if a
>    proxy is used.
>
> * include/ap_mmn.h: Bump MMN.
>
> PR: 43697
>
> Modified:
>      httpd/httpd/trunk/CHANGES
>      httpd/httpd/trunk/include/ap_mmn.h
>      httpd/httpd/trunk/modules/proxy/mod_proxy.h
>      httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c
>      httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c
>      httpd/httpd/trunk/modules/proxy/proxy_util.c
>
...

> Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c?rev=1365001&r1=1365000&r2=1365001&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c (original)
> +++ httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c Tue Jul 24 12:17:00 2012
> @@ -205,7 +205,7 @@ static int proxy_connect_handler(request
>       conn_rec *backconn;
>
>       apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
> -    apr_status_t err, rv;
> +    apr_status_t rv;
>       apr_size_t nbytes;
>       char buffer[HUGE_STRING_LEN];
>       apr_socket_t *client_socket = ap_get_conn_socket(c);
> @@ -216,7 +216,7 @@ static int proxy_connect_handler(request
>       const apr_pollfd_t *signalled;
>       apr_int32_t pollcnt, pi;
>       apr_int16_t pollevent;
> -    apr_sockaddr_t *uri_addr, *connect_addr;
> +    apr_sockaddr_t *nexthop;
>
>       apr_uri_t uri;
>       const char *connectname;
> @@ -246,37 +246,32 @@ static int proxy_connect_handler(request
>       ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01019)
>                     "connecting %s to %s:%d", url, uri.hostname, uri.port);
>
> -    /* do a DNS lookup for the destination host */
> -    err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port,
> -                                0, p);
> -    if (APR_SUCCESS != err) {
> +    /* Determine host/port of next hop; from request URI or of a proxy. */
> +    connectname = proxyname ? proxyname : uri.hostname;
> +    connectport = proxyname ? proxyport : uri.port;
> +
> +    /* Do a DNS lookup for the next hop */
> +    rv = apr_sockaddr_info_get(&nexthop, connectname, APR_UNSPEC,
> +                               connectport, 0, p);
> +    if (rv != APR_SUCCESS) {
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO()
                                                        ^^^^^^^^^
> +                      "failed to resolve hostname '%s'", connectname);
>           return ap_proxyerror(r, HTTP_BAD_GATEWAY,
>                                apr_pstrcat(p, "DNS lookup failure for: ",
> -                                         uri.hostname, NULL));
> +                                         connectname, NULL));
>       }
>
> -    /* are we connecting directly, or via a proxy? */
> -    if (proxyname) {
> -        connectname = proxyname;
> -        connectport = proxyport;
> -        err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC,
> -                                    proxyport, 0, p);
> -    }
> -    else {
> -        connectname = uri.hostname;
> -        connectport = uri.port;
> -        connect_addr = uri_addr;
> +    /* Check ProxyBlock directive on the hostname/address.  */
> +    if (ap_proxy_checkproxyblock(r, conf, uri.hostname,
> +                                 proxyname ? NULL : nexthop) != OK) {
> +        return ap_proxyerror(r, HTTP_FORBIDDEN,
> +                             "Connect to remote machine blocked");
>       }
> +
>       ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
>                     "connecting to remote proxy %s on port %d",
>                     connectname, connectport);
>
> -    /* check if ProxyBlock directive on this host */
> -    if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) {
> -        return ap_proxyerror(r, HTTP_FORBIDDEN,
> -                             "Connect to remote machine blocked");
> -    }
> -
>       /* Check if it is an allowed port */
>       if(!allowed_port(c_conf, uri.port)) {
>                 return ap_proxyerror(r, HTTP_FORBIDDEN,
> @@ -289,15 +284,6 @@ static int proxy_connect_handler(request
>        * We have determined who to connect to. Now make the connection.
>        */
>
> -    /* get all the possible IP addresses for the destname and loop through them
> -     * until we get a successful connection
> -     */
> -    if (APR_SUCCESS != err) {
> -        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
> -                             apr_pstrcat(p, "DNS lookup failure for: ",
> -                                         connectname, NULL));
> -    }
> -
>       /*
>        * At this point we have a list of one or more IP addresses of
>        * the machine to connect to. If configured, reorder this
> @@ -308,7 +294,7 @@ static int proxy_connect_handler(request
>        * For now we do nothing, ie we get DNS round robin.
>        * XXX FIXME
>        */
> -    failed = ap_proxy_connect_to_backend(&sock, "CONNECT", connect_addr,
> +    failed = ap_proxy_connect_to_backend(&sock, "CONNECT", nexthop,
>                                            connectname, conf, r);
>
>       /* handle a permanent error from the above loop */
> @@ -355,7 +341,7 @@ static int proxy_connect_handler(request
>           /* peer reset */
>           ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01021)
>                         "an error occurred creating a new connection "
> -                      "to %pI (%s)", connect_addr, connectname);
> +                      "to %pI (%s)", nexthop, connectname);
>           apr_socket_close(sock);
>           return HTTP_INTERNAL_SERVER_ERROR;
>       }
> @@ -370,7 +356,7 @@ static int proxy_connect_handler(request
>
>       ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
>                     "connection complete to %pI (%s)",
> -                  connect_addr, connectname);
> +                  nexthop, connectname);
>       apr_table_setn(r->notes, "proxy-source-port", apr_psprintf(r->pool, "%hu",
>                      backconn->local_addr->port));
>
>

Gün.


Mime
View raw message