Browse Source

[config] server.bsd-accept-filter option

BSD accept() filters

server.bsd-accept-filter = ""           (default)
server.bsd-accept-filter = "httpready"
server.bsd-accept-filter = "dataready"

Note: this is a behavior change from prior versions.
The default is now no additional accept() filter, whereas prior
versions unconditionally enabled "httpready" accept() filter

Additionally, server.defer-accept (Linux) is inherited from global scope
into $SERVER["socket"] blocks

github: closes #65
personal/stbuehler/mod-csrf-old
Glenn Strauss 6 years ago
parent
commit
4eeeb8fc76
  1. 9
      doc/outdated/configuration.txt
  2. 5
      src/base.h
  3. 13
      src/configfile.c
  4. 11
      src/network.c

9
doc/outdated/configuration.txt

@ -285,7 +285,14 @@ server.defer-accept
set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0
and TCP_DEFER_ACCEPT is available on the platform (linux2.4+)
default: 0
Default: 0
server.bsd-accept-filter
set SO_ACCEPTFILTER on listen sockets (*BSD systems, e.g. FreeBSD)
e.g. server.bsd-accept-filter = "httpready"
or server.bsd-accept-filter = "dataready"
Default: "" (none)
server.tag
set the string returned by the Server: response header

5
src/base.h

@ -325,6 +325,11 @@ typedef struct {
*/
off_t *global_bytes_per_second_cnt_ptr; /* */
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
buffer *bsd_accept_filter;
#endif
#ifdef USE_OPENSSL
SSL_CTX *ssl_ctx; /* not patched */
/* SNI per host: with COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */

13
src/configfile.c

@ -118,6 +118,7 @@ static int config_insert(server *srv) {
{ "server.http-parseopt-header-strict",NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 72 */
{ "server.http-parseopt-host-strict", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 73 */
{ "server.http-parseopt-host-normalize",NULL,T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 74 */
{ "server.bsd-accept-filter", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 75 */
{ "server.host",
"use server.bind instead",
@ -208,6 +209,12 @@ static int config_insert(server *srv) {
s->ssl_dh_file = buffer_init();
s->ssl_ec_curve = buffer_init();
s->errorfile_prefix = buffer_init();
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
s->bsd_accept_filter = (i == 0)
? buffer_init()
: buffer_init_buffer(srv->config_storage[0]->bsd_accept_filter);
#endif
s->max_keep_alive_requests = 16;
s->max_keep_alive_idle = 5;
s->max_read_idle = 60;
@ -220,7 +227,7 @@ static int config_insert(server *srv) {
s->ssl_use_sslv3 = 0;
s->use_ipv6 = 0;
s->set_v6only = 1;
s->defer_accept = 0;
s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept;
#ifdef HAVE_LSTAT
s->follow_symlink = 1;
#endif
@ -299,6 +306,10 @@ static int config_insert(server *srv) {
cv[67].destination = &(s->ssl_empty_fragments);
cv[70].destination = &(s->listen_backlog);
cv[71].destination = s->error_handler_404;
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
cv[75].destination = s->bsd_accept_filter;
#endif
srv->config_storage[i] = s;

11
src/network.c

@ -448,17 +448,22 @@ static int network_server_init(server *srv, buffer *host_token, specific_config
log_error_write(srv, __FILE__, __LINE__, "ss", "can't set TCP_DEFER_ACCEPT: ", strerror(errno));
}
#endif
} else {
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
} else if (!buffer_is_empty(s->bsd_accept_filter)
&& (buffer_is_equal_string(s->bsd_accept_filter, CONST_STR_LEN("httpready"))
|| buffer_is_equal_string(s->bsd_accept_filter, CONST_STR_LEN("dataready")))) {
#ifdef SO_ACCEPTFILTER
/* FreeBSD accf_http filter */
struct accept_filter_arg afa;
memset(&afa, 0, sizeof(afa));
strcpy(afa.af_name, "httpready");
strncpy(afa.af_name, s->bsd_accept_filter->ptr, sizeof(afa.af_name));
if (setsockopt(srv_socket->fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)) < 0) {
if (errno != ENOENT) {
log_error_write(srv, __FILE__, __LINE__, "ss", "can't set accept-filter 'httpready': ", strerror(errno));
log_error_write(srv, __FILE__, __LINE__, "SBss", "can't set accept-filter '", s->bsd_accept_filter, "':", strerror(errno));
}
}
#endif
#endif
}

Loading…
Cancel
Save