Define a new proxy_address struct holding the current/latest sockaddr in use
by each proxy worker and conn. Since backend addresses can be updated when
their TTL expires and while connections are being processed, each address is
refcounted and freed only when the last worker (or conn) using it grabs the
new one.
The lifetime of the addresses is handled at a single place by the new
ap_proxy_determine_address() function. It guarantees to bind the current/latest
backend address to the passed in conn (or do nothing if it's up to date already).
The function is called indirectly by ap_proxy_determine_connection() for the
proxy modules that use it, or directly by mod_proxy_ftp and mod_proxy_hcheck.
It also is called eventually by ap_proxy_connect_backend() when connect()ing all
the current addresses fails, to check (PROXY_DETERMINE_ADDRESS_CHECK) if some
new addrs are available.
This commit is also a rework of the lifetime of conn->addr, conn->hostname
and conn->forward, using the conn->uds_pool and conn->fwd_pool for the cases
where the backend is connected through a UDS socket and a remote CONNECT proxy
respectively.
* include/ap_mmn.h:
Minor bump for new function/fields.
* modules/proxy/mod_proxy.h (struct proxy_address,
ap_proxy_determine_addresss()):
Declare ap_proxy_determine_addresss() and opaque struct proxy_address,
new fields to structs proxy_conn_rec/proxy_worker_shared/proxy_worker.
* modules/proxy/mod_proxy.c (set_worker_param):
Parse/set the new worker->address_ttl parameter.
* modules/proxy/proxy_util.c (proxy_util_register_hooks(),
ap_proxy_initialize_worker(),
ap_proxy_connection_reusable(),
ap_proxyerror(), proxyerror_core(),
init_conn_pool(), make_conn_subpool(),
connection_make(), connection_cleanup(),
connection_constructor()):
Initialize *proxy_start_time in proxy_util_register_hooks() as the epoch
from which expiration times are relative (i.e. seconds stored in an uint32_t
for atomic changes).
Make sure worker->s->is_address_reusable and worker->s->disablereuse are
consistant in ap_proxy_initialize_worker(), thus no need to check for both
in ap_proxy_connection_reusable().
New proxyerror_core() helper taking an apr_status_t to log, wrap in
ap_proxyerror().
New make_conn_subpool() to create worker->cp->{pool,dns} with their own
allocator.
New connection_make() helper to factorize code in connection_cleanup() and
connection_constructor().
* modules/proxy/proxy_util.c (proxy_address_inc(), proxy_address_dec(),
proxy_address_cleanup(), proxy_address_set_expired(),
worker_address_get(), worker_address_set(),
worker_address_resolve(), proxy_addrs_equal(),
ap_proxy_determine_address(),
ap_proxy_determine_connection(),
ap_proxy_connect_backend()):
Implement ap_proxy_determine_address() using the above helpers for atomic changes,
and call it from ap_proxy_determine_connection() and ap_proxy_connect_backend().
* modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler):
Use ap_proxy_determine_address() and use the returned backend->addr.
* modules/proxy/mod_proxy_hcheck.c (hc_determine_connection, hc_get_backend,
hc_init_worker, hc_watchdog_callback):
Use ap_proxy_determine_address() in hc_determine_connection() and call the
latter from hc_get_backend(), replace hc_init_worker() by hc_init_baton()
which now calls hc_get_hcworker() and hc_get_backend() to resolve the first
address at init time.
* modules/proxy/mod_proxy_http.c (proxy_http_handler):
Use backend->addr and ->hostname instead of worker->cp->addr and
worker->s->hostname_ex respectively.
* modules/proxy/mod_proxy_ajp.c (ap_proxy_ajp_request):
Use backend->addr and ->hostname instead of worker->cp->addr and
worker->s->hostname_ex respectively.
Closes#367
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1912459 13f79535-47bb-0310-9956-ffa450edef68
In case that AllowEncodedSlashes is set to NoDecode do not double encode
encoded slashes in the URL sent by the reverse proxy to the backend.
* include/ap_mmn.h: Document the addition of ap_proxy_canonenc_ex to the API.
* modules/proxy/mod_proxy.h: Declare ap_proxy_canonenc_ex and define flag
values.
* modules/proxy/proxy_util.c: Implement ap_proxy_canonenc_ex by modifying
ap_proxy_canonenc accordingly and reimplement ap_proxy_canonenc to
use ap_proxy_canonenc_ex with the appropriate flag.
* modules/http2/mod_proxy_http2.c, modules/proxy/mod_proxy_*.c: Set the
correct flag based on the AllowEncodedSlashes configuration and use
ap_proxy_canonenc_ex instead of ap_proxy_canonenc.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908341 13f79535-47bb-0310-9956-ffa450edef68
c->outgoing shouldn't be set by mod_ssl, ap_create_connection() allows that
and this commit also replaces all the calls to ap_run_create_connection() in
mod_proxy modules (not in the MPMs which create incoming connections only).
* include/http_connection.h, server/connection.c:
Declare and implement ap_create_connection().
* modules/proxy/proxy_util.c, modules/proxy/mod_proxy_connect.c,
modules/proxy/mod_proxy_ftp.c:
Use ap_create_connection() instead of ap_run_create_connection(), and don't
provide a connection_id a scoreboard handle for outgoing connection.
* server/log.c(do_errorlog_default):
Use c->outgoing instead of c->sbh to determine if it's a "client" or "remote"
connection.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893184 13f79535-47bb-0310-9956-ffa450edef68
Create a subpool of the connection pool for worker scoped DNS resolutions.
This is needed to avoid race conditions in using the connection pool by multiple
threads during ramp up.
Recheck after obtaining the lock if we still need to do things or if they
were already done by another thread while we were waiting on the lock.
* modules/proxy/proxy_util.c: Create a subpool of the connection pool for worker
scoped DNS resolutions and use it.
* modules/proxy/mod_proxy.h: Define AP_VOLATILIZE_T and add dns_pool to
struct proxy_conn_pool.
* modules/proxy/mod_proxy_ftp.c: Use dns_pool and consider that
worker->cp->addr is volatile in this location of the code.
PR: 63503
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868296 13f79535-47bb-0310-9956-ffa450edef68
This function now now handles SSL reuse as well as the "proxy-request-hostname"
note (SNI), so let's also call it unconditionnaly in all proxy modules.
On the mod_ssl side, since this note has the lifetime of the connection, don't
reset/unset it during handshake (ssl_io_filter_handshake).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1859422 13f79535-47bb-0310-9956-ffa450edef68
r808895 added `ServerTokens OFF` so some modules were
switched from ap_get_server_banner() to
ap_get_server_description() so they would never be empty.
But ap_get_server_description() is documnented as being for local
use only, so it was not really a suitable replacement much less
w/ `ServerTokens OFF` subsequently taken out.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1851954 13f79535-47bb-0310-9956-ffa450edef68
There is no need to copy, strchr, strcmp and modify a string which is only used for TRACE2 logging.
Note that the code that looks similar a few lines below can not be optimized the same way because it is also returned in 'pmessage'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838318 13f79535-47bb-0310-9956-ffa450edef68
504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1480058 13f79535-47bb-0310-9956-ffa450edef68
address handling to avoid overhead of unnecessary
binary->text->binary conversion, and ensuring the socket family
really matches the address used.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1420223 13f79535-47bb-0310-9956-ffa450edef68
mod_proxy_connect to avoid an inappropriate DNS lookup:
* modules/proxy/proxy_util.c (ap_proxy_checkproxyblock): Take hostname
argument, make address argument optional. Check names against
hostname arg, omit if addr not given.
(ap_proxy_determine_connection): Adjust for the above; pass hostname
from URI not the next hop.
* modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler): Adjust for
ap_proxy_checkproxyblock change.
* modules/proxy/mod_proxy_connect.c (proxy_connect_handler): Adjust
similarly, and avoid the DNS lookup on the request-URI hostname if a
proxy is used.
* include/ap_mmn.h: Bump MMN.
PR: 43697
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1365001 13f79535-47bb-0310-9956-ffa450edef68
modules/debugging/mod_firehose.c: Make some internal functions static
(to do: logs_cleanup() is unused)
modules/filters/mod_charset_lite.c: Remove dead assignments
modules/filters/mod_include.c: likewise
modules/metadata/mod_usertrack.c: likewise
modules/proxy/mod_proxy_ftp.c: likewise
modules/ssl/ssl_engine_pphrase.c: likewise
modules/proxy/mod_proxy_balancer.c: likewise;
Remove NULL check that can never happen
modules/proxy/proxy_util.c: Axe NULL-check that can never happen and if it
would, it would just mask another bug
os/unix/unixd.c: likewise
modules/http/http_filters.c: Remove sub-condition that is always true
modules/lua/mod_lua.c: Add default cases to switch statements
modules/generators/mod_autoindex.c: Unsigned value can never be < 0
server/util_expr_eval.c: Fix compiler warnings with VC and on OS2
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1220493 13f79535-47bb-0310-9956-ffa450edef68
* remove "proxy:", "FCGI", etc. prefixes and pid which are now
included in the error log format
* propagate frontend request's logconfig to backend request
* use ap_log_rerror where possible
* remove obsolete APLOG_NOERRNO
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1203859 13f79535-47bb-0310-9956-ffa450edef68
- use AP_MAX_REG_MATCH where appropriate
- in mod_proxy_ftp, compile the "ls -s1" regex only once instead of once per request
- add some coments
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1185898 13f79535-47bb-0310-9956-ffa450edef68
are allocated from the request pool and not modified later on.
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 51358
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135084 13f79535-47bb-0310-9956-ffa450edef68
