17 #ifdef HAVE_INTTYPES_H
18 # include <inttypes.h>
26 #include "sys-socket.h"
27 #include "splaytree.h"
31 #if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
33 # include <openssl/opensslconf.h>
34 # ifndef USE_OPENSSL_KERBEROS
35 # ifndef OPENSSL_NO_KRB5
36 # define OPENSSL_NO_KRB5
39 # include <openssl/ssl.h>
40 # if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
41 # define OPENSSL_NO_TLSEXT
54 # define O_LARGEFILE 0
59 # define SIZE_MAX SIZE_T_MAX
61 # define SIZE_MAX ((size_t)~0)
66 # define SSIZE_MAX ((size_t)~0 >> 1)
70 #include <crt_externs.h>
71 #define environ (* _NSGetEnviron())
73 extern char **environ
;
76 /* for solaris 2.5 and NetBSD 1.3.x */
77 #ifndef HAVE_SOCKLEN_T
78 typedef int socklen_t
;
81 /* solaris and NetBSD 1.3.x again */
82 #if (!defined(HAVE_STDINT_H)) && (!defined(HAVE_INTTYPES_H)) && (!defined(uint32_t))
83 # define uint32_t u_int32_t
91 typedef enum { T_CONFIG_UNSET
,
100 } config_values_type_t
;
102 typedef enum { T_CONFIG_SCOPE_UNSET
,
103 T_CONFIG_SCOPE_SERVER
,
104 T_CONFIG_SCOPE_CONNECTION
105 } config_scope_type_t
;
111 config_values_type_t type
;
112 config_scope_type_t scope
;
115 typedef enum { DIRECT
, EXTERNAL
} connection_type
;
119 connection_type type
;
134 struct sockaddr_in6 ipv6
;
136 struct sockaddr_in ipv4
;
138 struct sockaddr_un un
;
140 struct sockaddr plain
;
143 /* fcgi_response_header contains ... */
144 #define HTTP_STATUS BV(0)
145 #define HTTP_CONNECTION BV(1)
146 #define HTTP_CONTENT_LENGTH BV(2)
147 #define HTTP_DATE BV(3)
148 #define HTTP_LOCATION BV(4)
152 /* the request-line */
158 http_method_t http_method
;
159 http_version_t http_version
;
161 buffer
*request_line
;
163 /* strings to the header */
164 buffer
*http_host
; /* not alloced */
165 const char *http_range
;
166 const char *http_content_type
;
167 const char *http_if_modified_since
;
168 const char *http_if_none_match
;
173 off_t content_length
; /* returned by strtoll() */
176 /* internal representation */
184 off_t content_length
;
185 int keep_alive
; /* used by the subrequests in proxy, cgi and fcgi to say the subrequest was keep-alive or not */
190 HTTP_TRANSFER_ENCODING_IDENTITY
, HTTP_TRANSFER_ENCODING_CHUNKED
195 buffer
*scheme
; /* scheme without colon or slashes ( "http" or "https" ) */
197 /* authority with optional portnumber ("site.name" or "site.name:8080" ) NOTE: without "username:password@" */
200 /* path including leading slash ("/" or "/index.html") - urldecoded, and sanitized ( buffer_path_simplify() && buffer_urldecode_path() ) */
202 buffer
*path_raw
; /* raw path, as sent from client. no urldecoding or path simplifying */
203 buffer
*query
; /* querystring ( everything after "?", ie: in "/index.php?foo=1", query is "foo=1" ) */
208 buffer
*basedir
; /* path = "(basedir)(.*)" */
210 buffer
*doc_root
; /* path = doc_root + rel_path */
232 buffer
*content_type
;
236 splay_tree
*files
; /* the nodes of the tree are stat_cache_entry's */
238 buffer
*dir_name
; /* for building the dirname from the filename */
240 splay_tree
*dirs
; /* the nodes of the tree are fam_dir_entry */
245 buffer
*hash_key
; /* temp-store for the hash-key */
251 /* virtual-servers */
252 buffer
*document_root
;
254 buffer
*error_handler
;
255 buffer
*error_handler_404
;
257 buffer
*dirlist_encoding
;
258 buffer
*errorfile_prefix
;
260 unsigned short high_precision_timestamps
;
261 unsigned short max_keep_alive_requests
;
262 unsigned short max_keep_alive_idle
;
263 unsigned short max_read_idle
;
264 unsigned short max_write_idle
;
265 unsigned short use_xattr
;
266 unsigned short follow_symlink
;
267 unsigned short range_requests
;
268 unsigned short stream_request_body
;
269 unsigned short stream_response_body
;
273 unsigned short log_file_not_found
;
274 unsigned short log_request_header
;
275 unsigned short log_request_handling
;
276 unsigned short log_response_header
;
277 unsigned short log_condition_handling
;
278 unsigned short log_ssl_noise
;
279 unsigned short log_timeouts
;
285 buffer
*ssl_cipher_list
;
287 buffer
*ssl_ec_curve
;
288 unsigned short ssl_honor_cipher_order
; /* determine SSL cipher in server-preferred order, not client-order */
289 unsigned short ssl_empty_fragments
; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
290 unsigned short ssl_use_sslv2
;
291 unsigned short ssl_use_sslv3
;
292 unsigned short ssl_verifyclient
;
293 unsigned short ssl_verifyclient_enforce
;
294 unsigned short ssl_verifyclient_depth
;
295 buffer
*ssl_verifyclient_username
;
296 unsigned short ssl_verifyclient_export_cert
;
297 unsigned short ssl_disable_client_renegotiation
;
299 unsigned short use_ipv6
, set_v6only
; /* set_v6only is only a temporary option */
300 unsigned short defer_accept
;
301 unsigned short ssl_enabled
; /* only interesting for setting up listening sockets. don't use at runtime */
302 unsigned short allow_http11
;
303 unsigned short etag_use_inode
;
304 unsigned short etag_use_mtime
;
305 unsigned short etag_use_size
;
306 unsigned short force_lowercase_filenames
; /* if the FS is case-insensitive, force all files to lower-case */
307 unsigned int http_parseopts
;
308 unsigned int max_request_size
;
311 unsigned short kbytes_per_second
; /* connection kb/s limit */
314 unsigned short global_kbytes_per_second
; /* */
316 off_t global_bytes_per_second_cnt
;
317 /* server-wide traffic-shaper
319 * each context has the counter which is inited once
320 * a second by the global_kbytes_per_second config-var
322 * as soon as global_kbytes_per_second gets below 0
323 * the connected conns are "offline" a little bit
326 * we somehow have to loose our "we are writable" signal
330 off_t
*global_bytes_per_second_cnt_ptr
; /* */
332 #if defined(__FreeBSD__) || defined(__NetBSD__) \
333 || defined(__OpenBSD__) || defined(__DragonFly__)
334 buffer
*bsd_accept_filter
;
338 SSL_CTX
*ssl_ctx
; /* not patched */
339 /* SNI per host: with COMP_SERVER_SOCKET, COMP_HTTP_SCHEME, COMP_HTTP_HOST */
340 EVP_PKEY
*ssl_pemfile_pkey
;
341 X509
*ssl_pemfile_x509
;
342 STACK_OF(X509_NAME
) *ssl_ca_file_cert_names
;
346 /* the order of the items should be the same as they are processed
347 * read before write as we use this later */
350 CON_STATE_REQUEST_START
,
352 CON_STATE_REQUEST_END
,
354 CON_STATE_HANDLE_REQUEST
,
355 CON_STATE_RESPONSE_START
,
357 CON_STATE_RESPONSE_END
,
360 } connection_state_t
;
363 /* condition not active at the moment because itself or some
364 * pre-condition depends on data not available yet
368 /* special "unset" for branches not selected due to pre-conditions
369 * not met (but pre-conditions are not "unset" anymore)
373 /* actually evaluated the condition itself */
374 COND_RESULT_FALSE
, /* not active */
375 COND_RESULT_TRUE
, /* active */
379 /* current result (with preconditions) */
380 cond_result_t result
;
381 /* result without preconditions (must never be "skip") */
382 cond_result_t local_result
;
385 buffer
*comp_value
; /* just a pointer */
389 connection_state_t state
;
393 time_t close_timeout_ts
;
394 time_t write_request_ts
;
396 time_t connection_start
;
397 time_t request_start
;
398 struct timespec request_start_hp
;
400 size_t request_count
; /* number of requests handled in this connection */
401 size_t loops_per_request
; /* to catch endless loops in a single request
403 * used by mod_rewrite, mod_fastcgi, ... and others
404 * this is self-protection
407 int fd
; /* the FD for this connection */
408 int fde_ndx
; /* index for the fdevent-handler */
409 int ndx
; /* reverse mapping to server->connection[ndx] */
415 int keep_alive
; /* only request.c can enable it, all other just disable */
416 int keep_alive_idle
; /* remember max_keep_alive_idle from config */
421 chunkqueue
*write_queue
; /* a large queue for low-level write ( HTTP response ) [ file, mem ] */
422 chunkqueue
*read_queue
; /* a small queue for low-level read ( HTTP request ) [ mem ] */
423 chunkqueue
*request_content_queue
; /* takes request-content into tempfile if necessary [ tempfile, mem ]*/
425 int traffic_limit_reached
;
427 off_t bytes_written
; /* used by mod_accesslog, mod_rrd */
428 off_t bytes_written_cur_second
; /* used by mod_accesslog, mod_rrd */
429 off_t bytes_read
; /* used by mod_accesslog, mod_rrd */
435 buffer
*dst_addr_buf
;
438 buffer
*parse_request
;
439 unsigned int parsed_response
; /* bitfield which contains the important header-fields of the parsed response header */
448 array
*environment
; /* used to pass lighttpd internal stuff to the FastCGI/CGI apps, setenv does that */
455 connection_type mode
;
457 void **plugin_ctx
; /* plugin connection specific config */
459 specific_config conf
; /* global connection specific config */
460 cond_cache_t
*cond_cache
;
465 int error_handler_saved_status
;
466 http_method_t error_handler_saved_method
;
468 struct server_socket
*srv_socket
; /* reference to the server-socket */
472 # ifndef OPENSSL_NO_TLSEXT
473 buffer
*tlsext_server_name
;
475 unsigned int renegotiations
; /* count of SSL_CB_HANDSHAKE_START */
478 etag_flags_t etag_flags
;
480 int conditional_is_valid
[COMP_LAST_ELEMENT
];
494 struct in6_addr ipv6
;
497 char b2
[INET6_ADDRSTRLEN
+ 1];
499 } inet_ntop_cache_type
;
507 } realpath_cache_type
;
510 time_t mtime
; /* the key */
511 buffer
*str
; /* a buffer for the string represenation */
524 buffer
*errorlog_file
;
525 unsigned short errorlog_use_syslog
;
526 buffer
*breakagelog_file
;
528 unsigned short dont_daemonize
;
529 unsigned short preflight_check
;
536 buffer
*event_handler
;
539 buffer
*network_backend
;
541 array
*upload_tempdirs
;
542 unsigned int upload_temp_file_size
;
543 unsigned int max_request_field_size
;
545 unsigned short max_worker
;
546 unsigned short max_fds
;
547 unsigned short max_conns
;
549 unsigned short log_request_header_on_error
;
550 unsigned short log_state_handling
;
552 enum { STAT_CACHE_ENGINE_UNSET
,
553 STAT_CACHE_ENGINE_NONE
,
554 STAT_CACHE_ENGINE_SIMPLE
556 , STAT_CACHE_ENGINE_FAM
559 unsigned short enable_cores
;
560 unsigned short reject_expect_100_with_417
;
563 unsigned short http_header_strict
;
564 unsigned short http_host_strict
;
565 unsigned short http_host_normalize
;
566 unsigned short high_precision_timestamps
;
571 typedef struct server_socket
{
576 unsigned short is_ssl
;
590 } server_socket_array
;
592 typedef struct server
{
593 server_socket_array srv_sockets
;
597 enum { ERRORLOG_FILE
, ERRORLOG_FD
, ERRORLOG_SYSLOG
, ERRORLOG_PIPE
} errorlog_mode
;
598 buffer
*errorlog_buf
;
600 fdevents
*ev
, *ev_ins
;
602 buffer_plugin plugins
;
613 int max_fds
; /* max possible fds */
614 int cur_fds
; /* currently used fds */
615 int want_fds
; /* waiting fds */
616 int sockets_disabled
;
621 buffer
*parse_full_path
;
622 buffer
*response_header
;
623 buffer
*response_range
;
626 buffer
*tmp_chunk_len
;
628 buffer
*empty_string
; /* is necessary for cond_match */
630 buffer
*cond_check_buf
;
634 inet_ntop_cache_type inet_ntop_cache
[INET_NTOP_CACHE_MAX
];
636 mtime_cache_type mtime_cache
[FILE_CACHE_MAX
];
642 time_t last_generated_date_ts
;
643 time_t last_generated_debug_ts
;
646 buffer
*ts_debug_str
;
650 array
*config_touched
;
652 array
*config_context
;
653 specific_config
**config_storage
;
655 server_config srvconf
;
657 short int config_deprecated
;
658 short int config_unsupported
;
661 connections
*joblist
;
662 connections
*fdwaitqueue
;
664 stat_cache
*stat_cache
;
667 * The status array can carry all the status information you want
668 * the key to the array is <module-prefix>.<name>
669 * and the values are counters
672 * fastcgi.backends = 10
673 * fastcgi.active-backends = 6
674 * fastcgi.backend.<key>.load = 24
675 * fastcgi.backend.<key>....
677 * fastcgi.backend.<key>.disconnects = ...
681 fdevent_handler_t event_handler
;
683 int (* network_backend_write
)(struct server
*srv
, connection
*con
, int fd
, chunkqueue
*cq
, off_t max_bytes
);
685 int (* network_ssl_backend_write
)(struct server
*srv
, connection
*con
, SSL
*ssl
, chunkqueue
*cq
, off_t max_bytes
);