]> Raphaƫl G. Git Repositories - ihttpd/blob - SOURCES/httpd-2.4.17-socket-activation.patch
Rapsys Git / ihttpd / blob
? search:


3d27742a03d71c31c05855b23aaecd633b3a42e3
[ihttpd] / SOURCES / httpd-2.4.17-socket-activation.patch
1 --- httpd-2.4.28/server/listen.c.socketactivation 2017-08-16 19:48:29.000000000 +0300
2 +++ httpd-2.4.28/server/listen.c 2017-10-14 18:48:36.275690612 +0300
3 @@ -17,114 +17,107 @@
4 #include "apr_network_io.h"
5 #include "apr_strings.h"
6
7 #define APR_WANT_STRFUNC
8 #include "apr_want.h"
9
10 #include "ap_config.h"
11 #include "httpd.h"
12 #include "http_main.h"
13 #include "http_config.h"
14 #include "http_core.h"
15 #include "ap_listen.h"
16 #include "http_log.h"
17 #include "mpm_common.h"
18
19 #include <stdlib.h>
20 #if APR_HAVE_UNISTD_H
21 #include <unistd.h>
22 #endif
23
24 +#ifdef HAVE_SYSTEMD
25 +#include <systemd/sd-daemon.h>
26 +#endif
27 +
28 /* we know core's module_index is 0 */
29 #undef APLOG_MODULE_INDEX
30 #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
31
32 AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL;
33
34 /* Let ap_num_listen_buckets be global so that it can
35 * be printed by ap_log_mpm_common(), but keep the listeners
36 * buckets static since it is used only here to close them
37 * all (including duplicated) with ap_close_listeners().
38 */
39 AP_DECLARE_DATA int ap_num_listen_buckets;
40 static ap_listen_rec **ap_listen_buckets;
41
42 /* Determine once, at runtime, whether or not SO_REUSEPORT
43 * is usable on this platform, and hence whether or not
44 * listeners can be duplicated (if configured).
45 */
46 AP_DECLARE_DATA int ap_have_so_reuseport = -1;
47
48 static ap_listen_rec *old_listeners;
49 static int ap_listenbacklog;
50 static int ap_listencbratio;
51 static int send_buffer_size;
52 static int receive_buffer_size;
53 +#ifdef HAVE_SYSTEMD
54 +static int use_systemd = -1;
55 +#endif
56
57 /* TODO: make_sock is just begging and screaming for APR abstraction */
58 -static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server)
59 +static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_listen)
60 {
61 apr_socket_t *s = server->sd;
62 int one = 1;
63 #if APR_HAVE_IPV6
64 #ifdef AP_ENABLE_V4_MAPPED
65 int v6only_setting = 0;
66 #else
67 int v6only_setting = 1;
68 #endif
69 #endif
70 apr_status_t stat;
71
72 #ifndef WIN32
73 stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
74 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
75 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00067)
76 "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
77 server->bind_addr);
78 apr_socket_close(s);
79 return stat;
80 }
81 #endif
82
83 stat = apr_socket_opt_set(s, APR_SO_KEEPALIVE, one);
84 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
85 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00068)
86 "make_sock: for address %pI, apr_socket_opt_set: (SO_KEEPALIVE)",
87 server->bind_addr);
88 apr_socket_close(s);
89 return stat;
90 }
91
92 -#if APR_HAVE_IPV6
93 - if (server->bind_addr->family == APR_INET6) {
94 - stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
95 - if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
96 - ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
97 - "make_sock: for address %pI, apr_socket_opt_set: "
98 - "(IPV6_V6ONLY)",
99 - server->bind_addr);
100 - apr_socket_close(s);
101 - return stat;
102 - }
103 - }
104 -#endif
105 -
106 /*
107 * To send data over high bandwidth-delay connections at full
108 * speed we must force the TCP window to open wide enough to keep the
109 * pipe full. The default window size on many systems
110 * is only 4kB. Cross-country WAN connections of 100ms
111 * at 1Mb/s are not impossible for well connected sites.
112 * If we assume 100ms cross-country latency,
113 * a 4kB buffer limits throughput to 40kB/s.
114 *
115 * To avoid this problem I've added the SendBufferSize directive
116 * to allow the web master to configure send buffer size.
117 *
118 * The trade-off of larger buffers is that more kernel memory
119 * is consumed. YMMV, know your customers and your network!
120 *
121 * -John Heidemann <johnh@isi.edu> 25-Oct-96
122 *
123 * If no size is specified, use the kernel default.
124 */
125 if (send_buffer_size) {
126 @@ -152,55 +145,71 @@
127 ap_sock_disable_nagle(s);
128 #endif
129
130 #if defined(SO_REUSEPORT)
131 if (ap_have_so_reuseport && ap_listencbratio > 0) {
132 int thesock;
133 apr_os_sock_get(&thesock, s);
134 if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT,
135 (void *)&one, sizeof(int)) < 0) {
136 stat = apr_get_netos_error();
137 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638)
138 "make_sock: for address %pI, apr_socket_opt_set: "
139 "(SO_REUSEPORT)",
140 server->bind_addr);
141 apr_socket_close(s);
142 return stat;
143 }
144 }
145 #endif
146
147 - if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
148 - ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
149 - "make_sock: could not bind to address %pI",
150 - server->bind_addr);
151 - apr_socket_close(s);
152 - return stat;
153 - }
154 + if (do_bind_listen) {
155 +#if APR_HAVE_IPV6
156 + if (server->bind_addr->family == APR_INET6) {
157 + stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
158 + if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
159 + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00069)
160 + "make_sock: for address %pI, apr_socket_opt_set: "
161 + "(IPV6_V6ONLY)",
162 + server->bind_addr);
163 + apr_socket_close(s);
164 + return stat;
165 + }
166 + }
167 +#endif
168
169 - if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
170 - ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
171 - "make_sock: unable to listen for connections "
172 - "on address %pI",
173 - server->bind_addr);
174 - apr_socket_close(s);
175 - return stat;
176 + if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) {
177 + ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072)
178 + "make_sock: could not bind to address %pI",
179 + server->bind_addr);
180 + apr_socket_close(s);
181 + return stat;
182 + }
183 +
184 + if ((stat = apr_socket_listen(s, ap_listenbacklog)) != APR_SUCCESS) {
185 + ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, stat, p, APLOGNO(00073)
186 + "make_sock: unable to listen for connections "
187 + "on address %pI",
188 + server->bind_addr);
189 + apr_socket_close(s);
190 + return stat;
191 + }
192 }
193
194 #ifdef WIN32
195 /* I seriously doubt that this would work on Unix; I have doubts that
196 * it entirely solves the problem on Win32. However, since setting
197 * reuseaddr on the listener -prior- to binding the socket has allowed
198 * us to attach to the same port as an already running instance of
199 * Apache, or even another web server, we cannot identify that this
200 * port was exclusively granted to this instance of Apache.
201 *
202 * So set reuseaddr, but do not attempt to do so until we have the
203 * parent listeners successfully bound.
204 */
205 stat = apr_socket_opt_set(s, APR_SO_REUSEADDR, one);
206 if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
207 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(00074)
208 "make_sock: for address %pI, apr_socket_opt_set: (SO_REUSEADDR)",
209 server->bind_addr);
210 apr_socket_close(s);
211 return stat;
212 @@ -260,40 +269,159 @@
213 ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00075)
214 "Failed to enable the '%s' Accept Filter",
215 accf);
216 }
217 #else
218 rv = apr_socket_opt_set(s, APR_TCP_DEFER_ACCEPT, 30);
219 if (rv != APR_SUCCESS && !APR_STATUS_IS_ENOTIMPL(rv)) {
220 ap_log_perror(APLOG_MARK, APLOG_WARNING, rv, p, APLOGNO(00076)
221 "Failed to enable APR_TCP_DEFER_ACCEPT");
222 }
223 #endif
224 }
225 }
226
227 static apr_status_t close_listeners_on_exec(void *v)
228 {
229 ap_close_listeners();
230 return APR_SUCCESS;
231 }
232
233 +
234 +#ifdef HAVE_SYSTEMD
235 +
236 +static int find_systemd_socket(process_rec * process, apr_port_t port) {
237 + int fdcount, fd;
238 + int sdc = sd_listen_fds(0);
239 +
240 + if (sdc < 0) {
241 + ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02486)
242 + "find_systemd_socket: Error parsing enviroment, sd_listen_fds returned %d",
243 + sdc);
244 + return -1;
245 + }
246 +
247 + if (sdc == 0) {
248 + ap_log_perror(APLOG_MARK, APLOG_CRIT, sdc, process->pool, APLOGNO(02487)
249 + "find_systemd_socket: At least one socket must be set.");
250 + return -1;
251 + }
252 +
253 + fdcount = atoi(getenv("LISTEN_FDS"));
254 + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + fdcount; fd++) {
255 + if (sd_is_socket_inet(fd, 0, 0, -1, port) > 0) {
256 + return fd;
257 + }
258 + }
259 +
260 + return -1;
261 +}
262 +
263 +static apr_status_t alloc_systemd_listener(process_rec * process,
264 + int fd, const char *proto,
265 + ap_listen_rec **out_rec)
266 +{
267 + apr_status_t rv;
268 + struct sockaddr sa;
269 + socklen_t len = sizeof(struct sockaddr);
270 + apr_os_sock_info_t si;
271 + ap_listen_rec *rec;
272 + *out_rec = NULL;
273 +
274 + memset(&si, 0, sizeof(si));
275 +
276 + rv = getsockname(fd, &sa, &len);
277 +
278 + if (rv != 0) {
279 + rv = apr_get_netos_error();
280 + ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02489)
281 + "getsockname on %d failed.", fd);
282 + return rv;
283 + }
284 +
285 + si.os_sock = &fd;
286 + si.family = sa.sa_family;
287 + si.local = &sa;
288 + si.type = SOCK_STREAM;
289 + si.protocol = APR_PROTO_TCP;
290 +
291 + rec = apr_palloc(process->pool, sizeof(ap_listen_rec));
292 + rec->active = 0;
293 + rec->next = 0;
294 +
295 +
296 + rv = apr_os_sock_make(&rec->sd, &si, process->pool);
297 + if (rv != APR_SUCCESS) {
298 + ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02490)
299 + "apr_os_sock_make on %d failed.", fd);
300 + return rv;
301 + }
302 +
303 + rv = apr_socket_addr_get(&rec->bind_addr, APR_LOCAL, rec->sd);
304 + if (rv != APR_SUCCESS) {
305 + ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, process->pool, APLOGNO(02491)
306 + "apr_socket_addr_get on %d failed.", fd);
307 + return rv;
308 + }
309 +
310 + rec->protocol = apr_pstrdup(process->pool, proto);
311 +
312 + *out_rec = rec;
313 +
314 + return make_sock(process->pool, rec, 0);
315 +}
316 +
317 +static const char *set_systemd_listener(process_rec *process, apr_port_t port,
318 + const char *proto)
319 +{
320 + ap_listen_rec *last, *new;
321 + apr_status_t rv;
322 + int fd = find_systemd_socket(process, port);
323 + if (fd < 0) {
324 + return "Systemd socket activation is used, but this port is not "
325 + "configured in systemd";
326 + }
327 +
328 + last = ap_listeners;
329 + while (last && last->next) {
330 + last = last->next;
331 + }
332 +
333 + rv = alloc_systemd_listener(process, fd, proto, &new);
334 + if (rv != APR_SUCCESS) {
335 + return "Failed to setup socket passed by systemd using socket activation";
336 + }
337 +
338 + if (last == NULL) {
339 + ap_listeners = last = new;
340 + }
341 + else {
342 + last->next = new;
343 + last = new;
344 + }
345 +
346 + return NULL;
347 +}
348 +
349 +#endif /* HAVE_SYSTEMD */
350 +
351 +
352 static int find_listeners(ap_listen_rec **from, ap_listen_rec **to,
353 const char *addr, apr_port_t port)
354 {
355 int found = 0;
356
357 while (*from) {
358 apr_sockaddr_t *sa = (*from)->bind_addr;
359
360 /* Some listeners are not real so they will not have a bind_addr. */
361 if (sa) {
362 ap_listen_rec *new;
363 apr_port_t oldport;
364
365 oldport = sa->port;
366 /* If both ports are equivalent, then if their names are equivalent,
367 * then we will re-use the existing record.
368 */
369 if (port == oldport &&
370 ((!addr && !sa->hostname) ||
371 ((addr && sa->hostname) && !strcmp(sa->hostname, addr)))) {
372 @@ -478,41 +606,41 @@
373 if (lr->bind_addr->port == cur->bind_addr->port
374 && IS_IN6ADDR_ANY(cur->bind_addr)
375 && apr_socket_opt_get(cur->sd, APR_IPV6_V6ONLY,
376 &v6only_setting) == APR_SUCCESS
377 && v6only_setting == 0) {
378
379 /* Remove the current listener from the list */
380 previous->next = lr->next;
381 lr = previous; /* maintain current value of previous after
382 * post-loop expression is evaluated
383 */
384 skip = 1;
385 break;
386 }
387 }
388 if (skip) {
389 continue;
390 }
391 }
392 #endif
393 - if (make_sock(pool, lr) == APR_SUCCESS) {
394 + if (make_sock(pool, lr, 1) == APR_SUCCESS) {
395 ++num_open;
396 }
397 else {
398 #if APR_HAVE_IPV6
399 /* If we tried to bind to ::, and the next listener is
400 * on 0.0.0.0 with the same port, don't give a fatal
401 * error. The user will still get a warning from make_sock
402 * though.
403 */
404 if (lr->next != NULL
405 && IS_IN6ADDR_ANY(lr->bind_addr)
406 && lr->bind_addr->port == lr->next->bind_addr->port
407 && IS_INADDR_ANY(lr->next->bind_addr)) {
408
409 /* Remove the current listener from the list */
410 if (previous) {
411 previous->next = lr->next;
412 }
413 else {
414 ap_listeners = lr->next;
415 @@ -590,42 +718,62 @@
416 * use the default for this listener.
417 */
418 for (addr = ls->addrs; addr && !found; addr = addr->next) {
419 for (lr = ap_listeners; lr; lr = lr->next) {
420 if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
421 lr->bind_addr->port == addr->host_port) {
422 ap_set_server_protocol(ls, lr->protocol);
423 found = 1;
424 break;
425 }
426 }
427 }
428
429 if (!found) {
430 /* TODO: set protocol defaults per-Port, eg 25=smtp */
431 ap_set_server_protocol(ls, "http");
432 }
433 }
434 }
435
436 - if (open_listeners(s->process->pool)) {
437 - return 0;
438 +#ifdef HAVE_SYSTEMD
439 + if (use_systemd) {
440 + const char *userdata_key = "ap_open_systemd_listeners";
441 + void *data;
442 + /* clear the enviroment on our second run
443 + * so that none of our future children get confused.
444 + */
445 + apr_pool_userdata_get(&data, userdata_key, s->process->pool);
446 + if (!data) {
447 + apr_pool_userdata_set((const void *)1, userdata_key,
448 + apr_pool_cleanup_null, s->process->pool);
449 + }
450 + else {
451 + sd_listen_fds(1);
452 + }
453 + }
454 + else
455 +#endif
456 + {
457 + if (open_listeners(s->process->pool)) {
458 + return 0;
459 + }
460 }
461
462 for (lr = ap_listeners; lr; lr = lr->next) {
463 num_listeners++;
464 found = 0;
465 for (ls = s; ls && !found; ls = ls->next) {
466 for (addr = ls->addrs; addr && !found; addr = addr->next) {
467 if (apr_sockaddr_equal(lr->bind_addr, addr->host_addr) &&
468 lr->bind_addr->port == addr->host_port) {
469 found = 1;
470 ap_apply_accept_filter(s->process->pool, lr, ls);
471 }
472 }
473 }
474
475 if (!found) {
476 ap_apply_accept_filter(s->process->pool, lr, s);
477 }
478 }
479
480 @@ -681,41 +829,41 @@
481 char *hostname;
482 apr_port_t port;
483 apr_sockaddr_t *sa;
484 duplr = apr_palloc(p, sizeof(ap_listen_rec));
485 duplr->slave = NULL;
486 duplr->protocol = apr_pstrdup(p, lr->protocol);
487 hostname = apr_pstrdup(p, lr->bind_addr->hostname);
488 port = lr->bind_addr->port;
489 apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p);
490 duplr->bind_addr = sa;
491 duplr->next = NULL;
492 stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family,
493 SOCK_STREAM, 0, p);
494 if (stat != APR_SUCCESS) {
495 ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640)
496 "ap_duplicate_listeners: for address %pI, "
497 "cannot duplicate a new socket!",
498 duplr->bind_addr);
499 return stat;
500 }
501 - make_sock(p, duplr);
502 + make_sock(p, duplr, 1);
503 #if AP_NONBLOCK_WHEN_MULTI_LISTEN
504 use_nonblock = (ap_listeners && ap_listeners->next);
505 stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock);
506 if (stat != APR_SUCCESS) {
507 ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641)
508 "unable to control socket non-blocking status");
509 return stat;
510 }
511 #endif
512 ap_apply_accept_filter(p, duplr, s);
513
514 if (last == NULL) {
515 (*buckets)[i] = last = duplr;
516 }
517 else {
518 last->next = duplr;
519 last = duplr;
520 }
521 lr = lr->next;
522 }
523 @@ -808,71 +956,82 @@
524 ap_have_so_reuseport = 0;
525
526 }
527 }
528
529 AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
530 int argc, char *const argv[])
531 {
532 char *host, *scope_id, *proto;
533 apr_port_t port;
534 apr_status_t rv;
535 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
536
537 if (err != NULL) {
538 return err;
539 }
540
541 if (argc < 1 || argc > 2) {
542 return "Listen requires 1 or 2 arguments.";
543 }
544 +#ifdef HAVE_SYSTEMD
545 + if (use_systemd == -1) {
546 + use_systemd = sd_listen_fds(0) > 0;
547 + }
548 +#endif
549
550 rv = apr_parse_addr_port(&host, &scope_id, &port, argv[0], cmd->pool);
551 if (rv != APR_SUCCESS) {
552 return "Invalid address or port";
553 }
554
555 if (host && !strcmp(host, "*")) {
556 host = NULL;
557 }
558
559 if (scope_id) {
560 /* XXX scope id support is useful with link-local IPv6 addresses */
561 return "Scope id is not supported";
562 }
563
564 if (!port) {
565 return "Port must be specified";
566 }
567
568 if (argc != 2) {
569 if (port == 443) {
570 proto = "https";
571 } else {
572 proto = "http";
573 }
574 }
575 else {
576 proto = apr_pstrdup(cmd->pool, argv[1]);
577 ap_str_tolower(proto);
578 }
579
580 +#ifdef HAVE_SYSTEMD
581 + if (use_systemd) {
582 + return set_systemd_listener(cmd->server->process, port, proto);
583 + }
584 +#endif
585 +
586 return alloc_listener(cmd->server->process, host, port, proto, NULL);
587 }
588
589 AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd,
590 void *dummy,
591 const char *arg)
592 {
593 int b;
594 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
595
596 if (err != NULL) {
597 return err;
598 }
599
600 b = atoi(arg);
601 if (b < 1) {
602 return "ListenBacklog must be > 0";
603 }
604
605 ap_listenbacklog = b;
Packaged apache, dracut module, index cgi, systemd service to unlock root luks fs