Resolves: RHEL-53632 - RFE: httpd, add IP_FREEBIND support for Listen
Resolves: RHEL-53722 - [RFE] ProxyWebsocketIdleTimeout from httpd mod_proxy_wstunnel
This commit is contained in:
parent
239a3e0f11
commit
a7f0464790
124
httpd-2.4.62-freebind.patch
Normal file
124
httpd-2.4.62-freebind.patch
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
diff --git a/docs/manual/mod/mpm_common.html.en b/docs/manual/mod/mpm_common.html.en
|
||||||
|
index d7a2fea..c911a4e 100644
|
||||||
|
--- a/docs/manual/mod/mpm_common.html.en
|
||||||
|
+++ b/docs/manual/mod/mpm_common.html.en
|
||||||
|
@@ -42,6 +42,7 @@ more than one multi-processing module (MPM)</td></tr>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#enableexceptionhook">EnableExceptionHook</a></li>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#gracefulshutdowntimeout">GracefulShutdownTimeout</a></li>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#listen">Listen</a></li>
|
||||||
|
+<li><img alt="" src="../images/down.gif" /> <a href="#listenfree">ListenFree</a></li>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#listenbacklog">ListenBackLog</a></li>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#listencoresbucketsratio">ListenCoresBucketsRatio</a></li>
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#maxconnectionsperchild">MaxConnectionsPerChild</a></li>
|
||||||
|
@@ -244,6 +245,31 @@ discussion of the <code>Address already in use</code> error message,
|
||||||
|
including other causes.</a></li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
+
|
||||||
|
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
||||||
|
+<div class="directive-section"><h2><a name="ListenFree" id="ListenFree">ListenFree</a> <a name="listenfree" id="listenfree">Directive</a></h2>
|
||||||
|
+<table class="directive">
|
||||||
|
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>IP addresses and ports that the server
|
||||||
|
+listens to. Doesn't require IP address to be up</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ListenFree [<var>IP-address</var>:]<var>portnumber</var> [<var>protocol</var>]</code></td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>MPM</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/event.html">event</a></code>, <code class="module"><a href="../mod/worker.html">worker</a></code>, <code class="module"><a href="../mod/prefork.html">prefork</a></code>, <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>, <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code></td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>This directive is currently available only in Red Hat Enterprise Linux</td></tr>
|
||||||
|
+</table>
|
||||||
|
+ <p>The <code class="directive">ListenFree</code> directive is
|
||||||
|
+ identical to the <code class="directive">Listen</code> directive.
|
||||||
|
+ The only difference is in the usage of the IP_FREEBIND socket
|
||||||
|
+ option, which is enabled by default with <code class="directive">ListenFree</code>.
|
||||||
|
+ If IP_FREEBIND is enabled, it allows httpd to bind to an IP
|
||||||
|
+ address that is nonlocal or does not (yet) exist. This allows httpd to
|
||||||
|
+ listen on a socket without requiring the underlying network interface
|
||||||
|
+ or the specified dynamic IP address to be up at the time when httpd
|
||||||
|
+ is trying to bind to it.
|
||||||
|
+ </p>
|
||||||
|
+</div>
|
||||||
|
+
|
||||||
|
+
|
||||||
|
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
|
||||||
|
<div class="directive-section"><h2><a name="ListenBackLog" id="ListenBackLog">ListenBackLog</a> <a name="listenbacklog" id="listenbacklog">Directive</a></h2>
|
||||||
|
<table class="directive">
|
||||||
|
diff --git a/include/ap_listen.h b/include/ap_listen.h
|
||||||
|
index d5ed968..be1a60c 100644
|
||||||
|
--- a/include/ap_listen.h
|
||||||
|
+++ b/include/ap_listen.h
|
||||||
|
@@ -138,6 +138,9 @@ AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, void *dummy
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd, void *dummy, const char *arg);
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
|
||||||
|
int argc, char *const argv[]);
|
||||||
|
+AP_DECLARE_NONSTD(const char *) ap_set_freelistener(cmd_parms *cmd, void *dummy,
|
||||||
|
+ int argc, char *const argv[]);
|
||||||
|
+
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_send_buffer_size(cmd_parms *cmd, void *dummy,
|
||||||
|
const char *arg);
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_receive_buffer_size(cmd_parms *cmd,
|
||||||
|
@@ -160,6 +163,8 @@ AP_INIT_TAKE1("ListenCoresBucketsRatio", ap_set_listencbratio, NULL, RSRC_CONF,
|
||||||
|
"Ratio between the number of CPU cores (online) and the number of listeners buckets"), \
|
||||||
|
AP_INIT_TAKE_ARGV("Listen", ap_set_listener, NULL, RSRC_CONF, \
|
||||||
|
"A port number or a numeric IP address and a port number, and an optional protocol"), \
|
||||||
|
+AP_INIT_TAKE_ARGV("ListenFree", ap_set_freelistener, NULL, RSRC_CONF, \
|
||||||
|
+ "A port number or a numeric IP address and a port number, and an optional protocol"), \
|
||||||
|
AP_INIT_TAKE1("SendBufferSize", ap_set_send_buffer_size, NULL, RSRC_CONF, \
|
||||||
|
"Send buffer size in bytes"), \
|
||||||
|
AP_INIT_TAKE1("ReceiveBufferSize", ap_set_receive_buffer_size, NULL, \
|
||||||
|
diff --git a/server/listen.c b/server/listen.c
|
||||||
|
index 2a4e87a..280bbe7 100644
|
||||||
|
--- a/server/listen.c
|
||||||
|
+++ b/server/listen.c
|
||||||
|
@@ -60,6 +60,7 @@ static int ap_listenbacklog;
|
||||||
|
static int ap_listencbratio;
|
||||||
|
static int send_buffer_size;
|
||||||
|
static int receive_buffer_size;
|
||||||
|
+static int ap_listenfreebind;
|
||||||
|
#ifdef HAVE_SYSTEMD
|
||||||
|
static int use_systemd = -1;
|
||||||
|
#endif
|
||||||
|
@@ -159,6 +160,21 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+
|
||||||
|
+#if defined(APR_SO_FREEBIND)
|
||||||
|
+ if (ap_listenfreebind) {
|
||||||
|
+ if (apr_socket_opt_set(s, APR_SO_FREEBIND, one) < 0) {
|
||||||
|
+ stat = apr_get_netos_error();
|
||||||
|
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02182)
|
||||||
|
+ "make_sock: apr_socket_opt_set: "
|
||||||
|
+ "error setting APR_SO_FREEBIND");
|
||||||
|
+ apr_socket_close(s);
|
||||||
|
+ return stat;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if (do_bind_listen) {
|
||||||
|
#if APR_HAVE_IPV6
|
||||||
|
if (server->bind_addr->family == APR_INET6) {
|
||||||
|
@@ -971,6 +987,7 @@ AP_DECLARE(void) ap_listen_pre_config(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
|
||||||
|
int argc, char *const argv[])
|
||||||
|
{
|
||||||
|
@@ -1044,6 +1061,14 @@ AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
|
||||||
|
scope_id, NULL, cmd->temp_pool);
|
||||||
|
}
|
||||||
|
|
||||||
|
+AP_DECLARE_NONSTD(const char *) ap_set_freelistener(cmd_parms *cmd, void *dummy,
|
||||||
|
+ int argc,
|
||||||
|
+ char *const argv[])
|
||||||
|
+{
|
||||||
|
+ ap_listenfreebind = 1;
|
||||||
|
+ return ap_set_listener(cmd, dummy, argc, argv);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd,
|
||||||
|
void *dummy,
|
||||||
|
const char *arg)
|
109
httpd-2.4.62-proxy-ws-idle-timeout.patch
Normal file
109
httpd-2.4.62-proxy-ws-idle-timeout.patch
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
diff --git a/docs/manual/mod/mod_proxy_wstunnel.html.en b/docs/manual/mod/mod_proxy_wstunnel.html.en
|
||||||
|
index c5004b8..a0ae3c8 100644
|
||||||
|
--- a/docs/manual/mod/mod_proxy_wstunnel.html.en
|
||||||
|
+++ b/docs/manual/mod/mod_proxy_wstunnel.html.en
|
||||||
|
@@ -96,6 +96,7 @@ WebSocket always happens.
|
||||||
|
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3 class="directives">Directives</h3>
|
||||||
|
<ul id="toc">
|
||||||
|
<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketfallbacktoproxyhttp">ProxyWebsocketFallbackToProxyHttp</a></li>
|
||||||
|
+<li><img alt="" src="../images/down.gif" /> <a href="#proxywebsocketidletimeout">ProxyWebsocketIdleTimeout</a></li>
|
||||||
|
</ul>
|
||||||
|
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_proxy_wstunnel">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_proxy_wstunnel">Report a bug</a></li></ul><h3>See also</h3>
|
||||||
|
<ul class="seealso">
|
||||||
|
@@ -121,6 +122,23 @@ WebSocket always happens.
|
||||||
|
WebSocket requests as in httpd 2.4.46 and earlier.</p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
+
|
||||||
|
+<div class="directive-section"><h2><a name="ProxyWebsocketIdleTimeout" id="ProxyWebsocketIdleTimeout">ProxyWebsocketIdleTimeout</a> <a name="proxywebsocketidletimeout" id="proxywebsocketidletimeout">Directive</a> <a title="Permanent link" href="#proxywebsocketidletimeout" class="permalink">¶</a></h2>
|
||||||
|
+<table class="directive">
|
||||||
|
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the maximum amount of time to wait for data on the websockets tunnel</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyWebsocketIdleTimeout <var>num</var>[ms]</code></td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ProxyWebsocketIdleTimeout 0</code></td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
|
||||||
|
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy_wstunnel</td></tr>
|
||||||
|
+</table>
|
||||||
|
+ <p>This directive imposes a maximum amount of time for the tunnel to be
|
||||||
|
+ left open while idle. The timeout is considered in seconds by default, but
|
||||||
|
+ it is possible to increase the time resolution to milliseconds
|
||||||
|
+ adding the <em>ms</em> suffix.</p>
|
||||||
|
+
|
||||||
|
+</div>
|
||||||
|
+
|
||||||
|
</div>
|
||||||
|
<div class="bottomlang">
|
||||||
|
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_wstunnel.html" title="English"> en </a> |
|
||||||
|
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
|
||||||
|
index 30ba1b4..e27e6f8 100644
|
||||||
|
--- a/modules/proxy/mod_proxy_wstunnel.c
|
||||||
|
+++ b/modules/proxy/mod_proxy_wstunnel.c
|
||||||
|
@@ -22,6 +22,7 @@ module AP_MODULE_DECLARE_DATA proxy_wstunnel_module;
|
||||||
|
typedef struct {
|
||||||
|
unsigned int fallback_to_proxy_http :1,
|
||||||
|
fallback_to_proxy_http_set :1;
|
||||||
|
+ apr_time_t idle_timeout;
|
||||||
|
} proxyws_dir_conf;
|
||||||
|
|
||||||
|
static int can_fallback_to_proxy_http;
|
||||||
|
@@ -176,6 +177,8 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
|
||||||
|
conn_rec *c = r->connection;
|
||||||
|
apr_socket_t *sock = conn->sock;
|
||||||
|
conn_rec *backconn = conn->connection;
|
||||||
|
+ proxyws_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
|
||||||
|
+ &proxy_wstunnel_module);
|
||||||
|
char *buf;
|
||||||
|
apr_bucket_brigade *header_brigade;
|
||||||
|
apr_bucket *e;
|
||||||
|
@@ -253,10 +256,13 @@ static int proxy_wstunnel_request(apr_pool_t *p, request_rec *r,
|
||||||
|
c->keepalive = AP_CONN_CLOSE;
|
||||||
|
|
||||||
|
do { /* Loop until done (one side closes the connection, or an error) */
|
||||||
|
- rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled);
|
||||||
|
+ rv = apr_pollset_poll(pollset, dconf->idle_timeout, &pollcnt, &signalled);
|
||||||
|
if (rv != APR_SUCCESS) {
|
||||||
|
if (APR_STATUS_IS_EINTR(rv)) {
|
||||||
|
continue;
|
||||||
|
+ } else if(APR_STATUS_IS_TIMEUP(rv)){
|
||||||
|
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "RH: the connection has timed out");
|
||||||
|
+ return HTTP_REQUEST_TIME_OUT;
|
||||||
|
}
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02444) "error apr_poll()");
|
||||||
|
return HTTP_INTERNAL_SERVER_ERROR;
|
||||||
|
@@ -442,11 +448,26 @@ cleanup:
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const char * proxyws_set_idle(cmd_parms *cmd, void *conf, const char *val)
|
||||||
|
+{
|
||||||
|
+ proxyws_dir_conf *dconf = conf;
|
||||||
|
+ if (ap_timeout_parameter_parse(val, &(dconf->idle_timeout), "s") != APR_SUCCESS)
|
||||||
|
+ return "ProxyWebsocketIdleTimeout timeout has wrong format";
|
||||||
|
+
|
||||||
|
+ if (dconf->idle_timeout < 0)
|
||||||
|
+ return "ProxyWebsocketIdleTimeout timeout has to be a non-negative number";
|
||||||
|
+
|
||||||
|
+ if (!dconf->idle_timeout) dconf->idle_timeout = -1; /* loop indefinitely */
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void *create_proxyws_dir_config(apr_pool_t *p, char *dummy)
|
||||||
|
{
|
||||||
|
proxyws_dir_conf *new =
|
||||||
|
(proxyws_dir_conf *) apr_pcalloc(p, sizeof(proxyws_dir_conf));
|
||||||
|
|
||||||
|
+ new->idle_timeout = -1; /* no timeout */
|
||||||
|
new->fallback_to_proxy_http = 1;
|
||||||
|
|
||||||
|
return (void *) new;
|
||||||
|
@@ -489,7 +510,8 @@ static const command_rec ws_proxy_cmds[] =
|
||||||
|
proxyws_fallback_to_proxy_http, NULL, RSRC_CONF|ACCESS_CONF,
|
||||||
|
"whether to let mod_proxy_http handle the upgrade and tunneling, "
|
||||||
|
"On by default"),
|
||||||
|
-
|
||||||
|
+ AP_INIT_TAKE1("ProxyWebsocketIdleTimeout", proxyws_set_idle, NULL, RSRC_CONF|ACCESS_CONF,
|
||||||
|
+ "timeout for activity in either direction, unlimited by default."),
|
||||||
|
{NULL}
|
||||||
|
};
|
||||||
|
|
11
httpd.spec
11
httpd.spec
@ -25,7 +25,7 @@
|
|||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.62
|
Version: 2.4.62
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
||||||
@ -96,6 +96,10 @@ Patch30: httpd-2.4.43-logjournal.patch
|
|||||||
Patch31: httpd-2.4.53-separate-systemd-fns.patch
|
Patch31: httpd-2.4.53-separate-systemd-fns.patch
|
||||||
Patch32: httpd-2.4.58-r1912477+.patch
|
Patch32: httpd-2.4.58-r1912477+.patch
|
||||||
Patch33: httpd-2.4.54-selinux.patch
|
Patch33: httpd-2.4.54-selinux.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1949606
|
||||||
|
Patch34: httpd-2.4.62-freebind.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1947496
|
||||||
|
Patch35: httpd-2.4.62-proxy-ws-idle-timeout.patch
|
||||||
|
|
||||||
# Bug fixes
|
# Bug fixes
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
|
||||||
@ -827,6 +831,11 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 08 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-3
|
||||||
|
- Resolves: RHEL-53632 - RFE: httpd, add IP_FREEBIND support for Listen
|
||||||
|
- Resolves: RHEL-53722 - [RFE] ProxyWebsocketIdleTimeout from
|
||||||
|
httpd mod_proxy_wstunnel
|
||||||
|
|
||||||
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-2
|
* Sat Aug 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.62-2
|
||||||
- Resolves: RHEL-52722 - Regression introduced by CVE-2024-38474 fix
|
- Resolves: RHEL-52722 - Regression introduced by CVE-2024-38474 fix
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user