[config] server.bsd-accept-filter option
BSD accept() filters server.bsd-accept-filter = "" (default) server.bsd-accept-filter = "httpready" server.bsd-accept-filter = "dataready" Note: this is a behavior change from prior versions. The default is now no additional accept() filter, whereas prior versions unconditionally enabled "httpready" accept() filter Additionally, server.defer-accept (Linux) is inherited from global scope into $SERVER["socket"] blocks github: closes #65personal/stbuehler/mod-csrf-old
parent
f3e36ccdbb
commit
4eeeb8fc76
|
|
@ -285,7 +285,14 @@ server.defer-accept
|
|||
set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0
|
||||
and TCP_DEFER_ACCEPT is available on the platform (linux2.4+)
|
||||
|
||||
default: 0
|
||||
Default: 0
|
||||
|
||||
server.bsd-accept-filter
|
||||
set SO_ACCEPTFILTER on listen sockets (*BSD systems, e.g. FreeBSD)
|
||||
e.g. server.bsd-accept-filter = "httpready"
|
||||
or server.bsd-accept-filter = "dataready"
|
||||
|
||||
Default: "" (none)
|
||||
|
||||
server.tag
|
||||
set the string returned by the Server: response header
|
||||
|
|
|
|||
|
|
@ -325,6 +325,11 @@ typedef struct {
|
|||
*/
|
||||
off_t *global_bytes_per_second_cnt_ptr; /* */
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|
||||
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
|
||||
buffer *bsd_accept_filter;
|
||||
#endif
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
SSL_CTX *ssl_ctx; /* not patched */
|
||||
/* SNI per host: with COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ static int config_insert(server *srv) {
|
|||
{ "server.http-parseopt-header-strict",NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 72 */
|
||||
{ "server.http-parseopt-host-strict", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 73 */
|
||||
{ "server.http-parseopt-host-normalize",NULL,T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 74 */
|
||||
{ "server.bsd-accept-filter", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 75 */
|
||||
|
||||
{ "server.host",
|
||||
"use server.bind instead",
|
||||
|
|
@ -208,6 +209,12 @@ static int config_insert(server *srv) {
|
|||
s->ssl_dh_file = buffer_init();
|
||||
s->ssl_ec_curve = buffer_init();
|
||||
s->errorfile_prefix = buffer_init();
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|
||||
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
|
||||
s->bsd_accept_filter = (i == 0)
|
||||
? buffer_init()
|
||||
: buffer_init_buffer(srv->config_storage[0]->bsd_accept_filter);
|
||||
#endif
|
||||
s->max_keep_alive_requests = 16;
|
||||
s->max_keep_alive_idle = 5;
|
||||
s->max_read_idle = 60;
|
||||
|
|
@ -220,7 +227,7 @@ static int config_insert(server *srv) {
|
|||
s->ssl_use_sslv3 = 0;
|
||||
s->use_ipv6 = 0;
|
||||
s->set_v6only = 1;
|
||||
s->defer_accept = 0;
|
||||
s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept;
|
||||
#ifdef HAVE_LSTAT
|
||||
s->follow_symlink = 1;
|
||||
#endif
|
||||
|
|
@ -299,6 +306,10 @@ static int config_insert(server *srv) {
|
|||
cv[67].destination = &(s->ssl_empty_fragments);
|
||||
cv[70].destination = &(s->listen_backlog);
|
||||
cv[71].destination = s->error_handler_404;
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|
||||
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
|
||||
cv[75].destination = s->bsd_accept_filter;
|
||||
#endif
|
||||
|
||||
srv->config_storage[i] = s;
|
||||
|
||||
|
|
|
|||
|
|
@ -448,17 +448,22 @@ static int network_server_init(server *srv, buffer *host_token, specific_config
|
|||
log_error_write(srv, __FILE__, __LINE__, "ss", "can't set TCP_DEFER_ACCEPT: ", strerror(errno));
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) \
|
||||
|| defined(__OpenBSD__) || defined(__DragonflyBSD__)
|
||||
} else if (!buffer_is_empty(s->bsd_accept_filter)
|
||||
&& (buffer_is_equal_string(s->bsd_accept_filter, CONST_STR_LEN("httpready"))
|
||||
|| buffer_is_equal_string(s->bsd_accept_filter, CONST_STR_LEN("dataready")))) {
|
||||
#ifdef SO_ACCEPTFILTER
|
||||
/* FreeBSD accf_http filter */
|
||||
struct accept_filter_arg afa;
|
||||
memset(&afa, 0, sizeof(afa));
|
||||
strcpy(afa.af_name, "httpready");
|
||||
strncpy(afa.af_name, s->bsd_accept_filter->ptr, sizeof(afa.af_name));
|
||||
if (setsockopt(srv_socket->fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)) < 0) {
|
||||
if (errno != ENOENT) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "can't set accept-filter 'httpready': ", strerror(errno));
|
||||
log_error_write(srv, __FILE__, __LINE__, "SBss", "can't set accept-filter '", s->bsd_accept_filter, "':", strerror(errno));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue