Index: modules/proxy/ajp.h =================================================================== --- modules/proxy/ajp.h (revision 556912) +++ modules/proxy/ajp.h (working copy) @@ -131,6 +131,8 @@ apr_size_t len; /** The current read position */ apr_size_t pos; + /** The size of the buffer */ + apr_size_t max_size; /** Flag indicating the origing of the message */ int server_side; }; @@ -141,8 +143,10 @@ #define AJP13_WS_HEADER 0x1234 #define AJP_HEADER_LEN 4 #define AJP_HEADER_SZ_LEN 2 -#define AJP_MSG_BUFFER_SZ (8*1024) -#define AJP13_MAX_SEND_BODY_SZ (AJP_MSG_BUFFER_SZ - 6) +#define AJP_HEADER_SZ 6 +#define AJP_MSG_BUFFER_SZ 8192 +#define AJP_MAX_BUFFER_SZ 16384 +#define AJP13_MAX_SEND_BODY_SZ (AJP_MAX_BUFFER_SZ - AJP_HEADER_SZ) /** Send a request from web server to container*/ #define CMD_AJP13_FORWARD_REQUEST (unsigned char)2 @@ -335,10 +339,11 @@ * Create an AJP Message from pool * * @param pool memory pool to allocate AJP message from + * @param size size of the buffer to create * @param rmsg Pointer to newly created AJP message * @return APR_SUCCESS or error */ -apr_status_t ajp_msg_create(apr_pool_t *pool, ajp_msg_t **rmsg); +apr_status_t ajp_msg_create(apr_pool_t *pool, apr_size_t size, ajp_msg_t **rmsg); /** * Recopy an AJP Message to another @@ -405,21 +410,25 @@ * Build the ajp header message and send it * @param sock backend socket * @param r current request + * @param buffsize max size of the AJP packet. * @uri uri requested uri * @return APR_SUCCESS or error */ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, apr_uri_t *uri); /** * Read the ajp message and return the type of the message. * @param sock backend socket * @param r current request + * @param buffsize size of the buffer. * @param msg returned AJP message * @return APR_SUCCESS or error */ apr_status_t ajp_read_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, ajp_msg_t **msg); /** Index: modules/proxy/mod_proxy_ajp.c =================================================================== --- modules/proxy/mod_proxy_ajp.c (revision 556912) +++ modules/proxy/mod_proxy_ajp.c (working copy) @@ -134,13 +134,24 @@ int rv = 0; apr_int32_t conn_poll_fd; apr_pollfd_t *conn_poll; + proxy_server_conf *psf = + ap_get_module_config(r->server->module_config, &proxy_module); + apr_size_t maxsize = AJP_MSG_BUFFER_SZ; + if (psf->io_buffer_size_set) + maxsize = psf->io_buffer_size; + if (maxsize > AJP_MAX_BUFFER_SZ) + maxsize = AJP_MAX_BUFFER_SZ; + else if (maxsize < AJP_MSG_BUFFER_SZ) + maxsize = AJP_MSG_BUFFER_SZ; + maxsize = APR_ALIGN(maxsize, 1024); + /* * Send the AJP request to the remote server */ /* send request headers */ - status = ajp_send_header(conn->sock, r, uri); + status = ajp_send_header(conn->sock, r, maxsize, uri); if (status != APR_SUCCESS) { conn->close++; ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, @@ -154,6 +165,7 @@ } /* allocate an AJP message to store the data of the buckets */ + bufsiz = maxsize; status = ajp_alloc_data_msg(r->pool, &buff, &bufsiz, &msg); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ @@ -173,7 +185,7 @@ } else { status = ap_get_brigade(r->input_filters, input_brigade, AP_MODE_READBYTES, APR_BLOCK_READ, - AJP13_MAX_SEND_BODY_SZ); + maxsize - AJP_HEADER_SZ); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ @@ -226,7 +238,7 @@ /* read the response */ conn->data = NULL; - status = ajp_read_header(conn->sock, r, + status = ajp_read_header(conn->sock, r, maxsize, (ajp_msg_t **)&(conn->data)); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ @@ -252,7 +264,7 @@ conn_poll->desc_type = APR_POLL_SOCKET; conn_poll->desc.s = conn->sock; - bufsiz = AJP13_MAX_SEND_BODY_SZ; + bufsiz = maxsize; for (;;) { switch (result) { case CMD_AJP13_GET_BODY_CHUNK: @@ -267,7 +279,7 @@ status = ap_get_brigade(r->input_filters, input_brigade, AP_MODE_READBYTES, APR_BLOCK_READ, - AJP13_MAX_SEND_BODY_SZ); + maxsize - AJP_HEADER_SZ); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, @@ -275,7 +287,7 @@ output_failed = 1; break; } - bufsiz = AJP13_MAX_SEND_BODY_SZ; + bufsiz = maxsize; status = apr_brigade_flatten(input_brigade, buff, &bufsiz); apr_brigade_cleanup(input_brigade); @@ -394,7 +406,7 @@ break; /* read the response */ - status = ajp_read_header(conn->sock, r, + status = ajp_read_header(conn->sock, r, maxsize, (ajp_msg_t **)&(conn->data)); if (status != APR_SUCCESS) { backend_failed = 1; Index: modules/proxy/ajp_msg.c =================================================================== --- modules/proxy/ajp_msg.c (revision 556912) +++ modules/proxy/ajp_msg.c (working copy) @@ -44,7 +44,7 @@ apr_snprintf(rv, bl, "ajp_msg_dump(): %s pos=%" APR_SIZE_T_FMT " len=%" APR_SIZE_T_FMT " max=%d\n", - err, msg->pos, msg->len, AJP_MSG_BUFFER_SZ); + err, msg->pos, msg->len, msg->max_size); bl -= strlen(rv); p = rv + strlen(rv); for (i = 0; i < len; i += 16) { @@ -109,11 +109,11 @@ msglen = ((head[2] & 0xff) << 8); msglen += (head[3] & 0xFF); - if (msglen > AJP_MSG_BUFFER_SZ) { + if (msglen > msg->max_size) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "ajp_check_msg_header() incoming message is " "too big %" APR_SIZE_T_FMT ", max is %d", - msglen, AJP_MSG_BUFFER_SZ); + msglen, msg->max_size); return AJP_ETOBIG; } @@ -147,10 +147,13 @@ apr_status_t ajp_msg_reuse(ajp_msg_t *msg) { apr_byte_t *buf; + apr_size_t max_size; buf = msg->buf; + max_size = msg->max_size; memset(msg, 0, sizeof(ajp_msg_t)); msg->buf = buf; + msg->max_size = max_size; msg->header_len = AJP_HEADER_LEN; ajp_msg_reset(msg); return APR_SUCCESS; @@ -201,7 +204,7 @@ { apr_size_t len = msg->len; - if ((len + 4) > AJP_MSG_BUFFER_SZ) { + if ((len + 4) > msg->max_size) { return ajp_log_overflow(msg, "ajp_msg_append_uint32"); } @@ -226,7 +229,7 @@ { apr_size_t len = msg->len; - if ((len + 2) > AJP_MSG_BUFFER_SZ) { + if ((len + 2) > msg->max_size) { return ajp_log_overflow(msg, "ajp_msg_append_uint16"); } @@ -249,7 +252,7 @@ { apr_size_t len = msg->len; - if ((len + 1) > AJP_MSG_BUFFER_SZ) { + if ((len + 1) > msg->max_size) { return ajp_log_overflow(msg, "ajp_msg_append_uint8"); } @@ -278,7 +281,7 @@ } len = strlen(value); - if ((msg->len + len + 2) > AJP_MSG_BUFFER_SZ) { + if ((msg->len + len + 2) > msg->max_size) { return ajp_log_overflow(msg, "ajp_msg_append_cvt_string"); } @@ -311,7 +314,7 @@ return APR_SUCCESS; /* Shouldn't we indicate an error ? */ } - if ((msg->len + valuelen) > AJP_MSG_BUFFER_SZ) { + if ((msg->len + valuelen) > msg->max_size) { return ajp_log_overflow(msg, "ajp_msg_append_bytes"); } @@ -445,7 +448,7 @@ status = ajp_msg_get_uint16(msg, &size); start = msg->pos; - if ((status != APR_SUCCESS) || (size + start > AJP_MSG_BUFFER_SZ)) { + if ((status != APR_SUCCESS) || (size + start > msg->max_size)) { return ajp_log_overflow(msg, "ajp_msg_get_string"); } @@ -476,7 +479,7 @@ /* save the current position */ start = msg->pos; - if ((status != APR_SUCCESS) || (size + start > AJP_MSG_BUFFER_SZ)) { + if ((status != APR_SUCCESS) || (size + start > msg->max_size)) { return ajp_log_overflow(msg, "ajp_msg_get_bytes"); } msg->pos += (apr_size_t)size; /* only bytes, no trailer */ @@ -492,10 +495,11 @@ * Create an AJP Message from pool * * @param pool memory pool to allocate AJP message from + * @param size size of the buffer to create * @param rmsg Pointer to newly created AJP message * @return APR_SUCCESS or error */ -apr_status_t ajp_msg_create(apr_pool_t *pool, ajp_msg_t **rmsg) +apr_status_t ajp_msg_create(apr_pool_t *pool, apr_size_t size, ajp_msg_t **rmsg) { ajp_msg_t *msg = (ajp_msg_t *)apr_pcalloc(pool, sizeof(ajp_msg_t)); @@ -507,7 +511,7 @@ msg->server_side = 0; - msg->buf = (apr_byte_t *)apr_palloc(pool, AJP_MSG_BUFFER_SZ); + msg->buf = (apr_byte_t *)apr_palloc(pool, size); /* XXX: This should never happen * In case if the OS cannont allocate 8K of data @@ -523,6 +527,7 @@ msg->len = 0; msg->header_len = AJP_HEADER_LEN; + msg->max_size = size; *rmsg = msg; return APR_SUCCESS; @@ -543,11 +548,11 @@ return AJP_EINVAL; } - if (smsg->len > AJP_MSG_BUFFER_SZ) { + if (smsg->len > smsg->max_size) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "ajp_msg_copy(): destination buffer too " "small %" APR_SIZE_T_FMT ", max size is %d", - smsg->len, AJP_MSG_BUFFER_SZ); + smsg->len, smsg->max_size); return AJP_ETOSMALL; } Index: modules/proxy/ajp_header.c =================================================================== --- modules/proxy/ajp_header.c (revision 556912) +++ modules/proxy/ajp_header.c (working copy) @@ -577,12 +577,13 @@ */ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, apr_uri_t *uri) { ajp_msg_t *msg; apr_status_t rc; - rc = ajp_msg_create(r->pool, &msg); + rc = ajp_msg_create(r->pool, buffsize, &msg); if (rc != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "ajp_send_header: ajp_msg_create failed"); @@ -611,6 +612,7 @@ */ apr_status_t ajp_read_header(apr_socket_t *sock, request_rec *r, + apr_size_t buffsize, ajp_msg_t **msg) { apr_byte_t result; @@ -625,7 +627,7 @@ } } else { - rc = ajp_msg_create(r->pool, msg); + rc = ajp_msg_create(r->pool, buffsize, msg); if (rc != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "ajp_read_header: ajp_msg_create failed"); @@ -728,11 +730,11 @@ { apr_status_t rc; - if ((rc = ajp_msg_create(pool, msg)) != APR_SUCCESS) + if ((rc = ajp_msg_create(pool, *len, msg)) != APR_SUCCESS) return rc; ajp_msg_reset(*msg); *ptr = (char *)&((*msg)->buf[6]); - *len = AJP_MSG_BUFFER_SZ-6; + *len = *len - 6; return APR_SUCCESS; } Index: modules/proxy/ajp_utils.c =================================================================== --- modules/proxy/ajp_utils.c (revision 556912) +++ modules/proxy/ajp_utils.c (working copy) @@ -31,7 +31,7 @@ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "Into ajp_handle_cping_cpong"); - rc = ajp_msg_create(r->pool, &msg); + rc = ajp_msg_create(r->pool, AJP_HEADER_SZ_LEN+1, &msg); if (rc != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "ajp_handle_cping_cpong: ajp_msg_create failed"); Index: modules/proxy/ajp_msg.c =================================================================== --- modules/proxy/ajp_msg.c 2007/02/22 14:10:41 510521 +++ modules/proxy/ajp_msg.c 2007/02/22 14:12:14 510522 @@ -43,7 +43,7 @@ rv = apr_palloc(pool, bl); apr_snprintf(rv, bl, "ajp_msg_dump(): %s pos=%" APR_SIZE_T_FMT - " len=%" APR_SIZE_T_FMT " max=%d\n", + " len=%" APR_SIZE_T_FMT " max=%" APR_SIZE_T_FMT "\n", err, msg->pos, msg->len, msg->max_size); bl -= strlen(rv); p = rv + strlen(rv); @@ -112,7 +112,7 @@ if (msglen > msg->max_size) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "ajp_check_msg_header() incoming message is " - "too big %" APR_SIZE_T_FMT ", max is %d", + "too big %" APR_SIZE_T_FMT ", max is %" APR_SIZE_T_FMT, msglen, msg->max_size); return AJP_ETOBIG; } @@ -551,7 +551,7 @@ if (smsg->len > smsg->max_size) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "ajp_msg_copy(): destination buffer too " - "small %" APR_SIZE_T_FMT ", max size is %d", + "small %" APR_SIZE_T_FMT ", max size is %" APR_SIZE_T_FMT, smsg->len, smsg->max_size); return AJP_ETOSMALL; }