Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0D8F1200B2B for ; Tue, 28 Jun 2016 15:36:46 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 0C159160A56; Tue, 28 Jun 2016 13:36:46 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2B149160A28 for ; Tue, 28 Jun 2016 15:36:45 +0200 (CEST) Received: (qmail 1551 invoked by uid 500); 28 Jun 2016 13:36:44 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 1541 invoked by uid 99); 28 Jun 2016 13:36:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jun 2016 13:36:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BB0771878D1 for ; Tue, 28 Jun 2016 13:36:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.317 X-Spam-Level: X-Spam-Status: No, score=-1.317 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=greenbytes.de header.b=m4ijiSUD; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=greenbytes.de header.b=m4ijiSUD Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id yMXSbZTJ3QTG for ; Tue, 28 Jun 2016 13:36:42 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [5.10.171.186]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id B1EB45F1E5 for ; Tue, 28 Jun 2016 13:36:41 +0000 (UTC) Received: by mail.greenbytes.de (Postfix, from userid 117) id 9E24815A078C; Tue, 28 Jun 2016 15:36:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1467120999; bh=wvVe43Z//ZuVJnp0O6NMJ79Mg8dt38M5VAjXJjoYmC4=; h=Subject:From:In-Reply-To:Date:References:To:From; b=m4ijiSUD78/nGaX6glzyz3Unl3VbzRZ4yVaKL7Z1DWip/4UznFOXMyAlIZjl78pzM msINjOZh+RORngooJw7ygf98x4CgJJDBylSQZXYzMGOfmqMW96D4U/AMSqC3y7zUbd hl+LU/cu3MT6Tlco9Wyr87eYzK6VBcz2hiTzrhFg= Received: from [192.168.1.42] (unknown [192.168.1.1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 55ED415A0338 for ; Tue, 28 Jun 2016 15:36:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1467120999; bh=wvVe43Z//ZuVJnp0O6NMJ79Mg8dt38M5VAjXJjoYmC4=; h=Subject:From:In-Reply-To:Date:References:To:From; b=m4ijiSUD78/nGaX6glzyz3Unl3VbzRZ4yVaKL7Z1DWip/4UznFOXMyAlIZjl78pzM msINjOZh+RORngooJw7ygf98x4CgJJDBylSQZXYzMGOfmqMW96D4U/AMSqC3y7zUbd hl+LU/cu3MT6Tlco9Wyr87eYzK6VBcz2hiTzrhFg= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: svn commit: r1750301 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h proxy_util.c From: Stefan Eissing In-Reply-To: Date: Tue, 28 Jun 2016 15:36:39 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <29635005-6B25-4F25-B4A6-D30F752ACE78@greenbytes.de> References: <20160627080030.E862B3A0096@svn01-us-west.apache.org> <062A0516-985A-4FC2-B02A-1FCF403763AF@greenbytes.de> <896863B2-7B8E-4808-8606-3849E3F30796@greenbytes.de> <4AD4C532-FD57-4522-B332-48ED2409BE5C@greenbytes.de> <13E0E405-29B1-47CC-B236-F61FD9A96020@greenbytes.de> <93BA09A6-6623-4B72-A54A-2ADF1982E4B3@greenbytes.de> <82BF462D-48E8-41AA-B90D-3C5CFFC923B5@greenbytes.de> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.3124) archived-at: Tue, 28 Jun 2016 13:36:46 -0000 Commited in r1750505. > Am 28.06.2016 um 15:13 schrieb Yann Ylavic : >=20 > Jim didn't tag yet AFAICT, did he? > If not, since it's mod_proxy_http2 scope only, +1 for me. >=20 > On Tue, Jun 28, 2016 at 3:02 PM, Stefan Eissing > wrote: >> Thanks. I had to change from r-> to ctx->rbase, but otherwise works = fine. >>=20 >> Shall I commit this and potentially break Jim's tagging again? >>=20 >> -Stefan >>=20 >>=20 >>=20 >>> Am 28.06.2016 um 13:49 schrieb Yann Ylavic : >>>=20 >>> Patch as a file attached. >>>=20 >>> On Tue, Jun 28, 2016 at 1:48 PM, Yann Ylavic = wrote: >>>> Maybe if you can test current 2.4.x with this patch and it works as >>>> expected it could be backported... >>>>=20 >>>> On Tue, Jun 28, 2016 at 1:46 PM, Yann Ylavic = wrote: >>>>> Dunno, the issue is that reused TLS connections where data are >>>>> immediately available from the backend may be missing some = bytes... >>>>>=20 >>>>> On Tue, Jun 28, 2016 at 1:43 PM, Stefan Eissing >>>>> wrote: >>>>>> Ah, understood. Do you want to squeeze it into 2.4.23 or can it = wait? >>>>>>=20 >>>>>>> Am 28.06.2016 um 13:42 schrieb Yann Ylavic = : >>>>>>>=20 >>>>>>> I don't think trunk needs it because ap_proxy_connect_backend() = is >>>>>>> already doing this work (via ap_proxy_check_backend). >>>>>>>=20 >>>>>>> That's why I proposed a 2.4.x only patch, but I can commit it to = trunk >>>>>>> temporarily if that helps (and until) backport... >>>>>>>=20 >>>>>>>=20 >>>>>>> On Tue, Jun 28, 2016 at 12:36 PM, Stefan Eissing >>>>>>> wrote: >>>>>>>> We are talking about adding this to trunk first, right? ^^ >>>>>>>>=20 >>>>>>>>> Am 28.06.2016 um 12:34 schrieb Stefan Eissing = : >>>>>>>>>=20 >>>>>>>>> I believe so. Highly experimental and all such... >>>>>>>>>=20 >>>>>>>>>> Am 28.06.2016 um 12:23 schrieb Yann Ylavic = : >>>>>>>>>>=20 >>>>>>>>>> I can, but is mod_proxy_h2 CTR (Commit Then Review) like >>>>>>>>>> mod_h2 ? >>>>>>>>>>=20 >>>>>>>>>> On Tue, Jun 28, 2016 at 12:15 PM, Stefan Eissing >>>>>>>>>> wrote: >>>>>>>>>>> Looks good to me. Can you commit this, then I quickly run my = tests with it... >>>>>>>>>>>=20 >>>>>>>>>>>> Am 28.06.2016 um 09:50 schrieb Yann Ylavic = : >>>>>>>>>>>>=20 >>>>>>>>>>>> On Tue, Jun 28, 2016 at 12:23 AM, Yann Ylavic = wrote: >>>>>>>>>>>>>>=20 >>>>>>>>>>>>>> The possible issue if r1750414 were backported, is that = without >>>>>>>>>>>>>> r1750392 mod_proxy_http2 may not detect a TLS close = notify before >>>>>>>>>>>>>> reusing a backend connection. >>>>>>>>>>>>>> If it's not backported, it may close a legitimate backend = connection >>>>>>>>>>>>>> with (pre-)available data... >>>>>>>>>>>>>=20 >>>>>>>>>>>>> I meant: it may discard (pre-)available data (not closing = the connection). >>>>>>>>>>>>=20 >>>>>>>>>>>> A possible solution for 2.4.x (needed only there AFAICT), = could be: >>>>>>>>>>>>=20 >>>>>>>>>>>> Index: modules/http2/mod_proxy_http2.c >>>>>>>>>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>>>>>>>>>> --- modules/http2/mod_proxy_http2.c (revision 1750453) >>>>>>>>>>>> +++ modules/http2/mod_proxy_http2.c (working copy) >>>>>>>>>>>> @@ -520,11 +520,19 @@ run_connect: >>>>>>>>>>>> } >>>>>>>>>>>>=20 >>>>>>>>>>>> ctx->p_conn->is_ssl =3D ctx->is_ssl; >>>>>>>>>>>> - if (ctx->is_ssl) { >>>>>>>>>>>> - /* If there is still some data on an existing ssl = connection, now >>>>>>>>>>>> - * would be a good timne to get rid of it. */ >>>>>>>>>>>> - ap_proxy_ssl_connection_cleanup(ctx->p_conn, = ctx->rbase); >>>>>>>>>>>> - } >>>>>>>>>>>> + if (ctx->is_ssl && ctx->p_conn->connection) { >>>>>>>>>>>> + /* If there are some metadata on the connection = (e.g. TLS alert), >>>>>>>>>>>> + * let mod_ssl detect them, and create a new = connection below. >>>>>>>>>>>> + */ >>>>>>>>>>>> + apr_bucket_brigade *tmp_bb; >>>>>>>>>>>> + tmp_bb =3D apr_brigade_create(r->pool, = r->connection->bucket_alloc); >>>>>>>>>>>> + status =3D = ap_get_brigade(ctx->p_conn->connection->input_filters, tmp_bb, >>>>>>>>>>>> + AP_MODE_SPECULATIVE, = APR_NONBLOCK_READ, 1); >>>>>>>>>>>> + if (status !=3D APR_SUCCESS && = !APR_STATUS_IS_EAGAIN(status)) { >>>>>>>>>>>> + ctx->p_conn->close =3D 1; >>>>>>>>>>>> + } >>>>>>>>>>>> + apr_brigade_cleanup(tmp_bb); >>>>>>>>>>>> + } >>>>>>>>>>>>=20 >>>>>>>>>>>> /* Step One: Determine the URL to connect to (might be a = proxy), >>>>>>>>>>>> * initialize the backend accordingly and determine the = server >>>>>>>>>>>> _ >>>>>>>>>>>>=20 >>>>>>>>>>>> Stefan? >>>>>>>>>>>=20 >>>>>>>>>=20 >>>>>>>>=20 >>>>>>=20 >>> >>=20 >>=20