From 788cbf28fbb00d5feea27a03e1363272fd864182 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 26 Jun 2017 12:11:13 +0000
Subject: [PATCH] Add an enable-accept-filter directive

Which allows to toggle accept filter support at
run time when compiled with FEATURE_ACCEPT_FILTER
support.

It makes testing more convenient and now that it's
optional we can emit an error message if enabling
the accept filter fails.

Sponsored by: Robert Klemme
---
 jbsockets.c | 18 +++++++++++++-----
 loadcfg.c   | 15 ++++++++++++++-
 project.h   |  5 ++++-
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/jbsockets.c b/jbsockets.c
index 72149790..fef395ab 100644
--- a/jbsockets.c
+++ b/jbsockets.c
@@ -1,4 +1,4 @@
-const char jbsockets_rcs[] = "$Id: jbsockets.c,v 1.144 2017/06/08 13:04:34 fabiankeil Exp $";
+const char jbsockets_rcs[] = "$Id: jbsockets.c,v 1.145 2017/06/08 13:04:56 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jbsockets.c,v $
@@ -1378,10 +1378,18 @@ int accept_connection(struct client_state * csp, jb_socket fds[])
    do
    {
 #if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
-      struct accept_filter_arg af_options;
-      bzero(&af_options, sizeof(af_options));
-      strlcpy(af_options.af_name, "httpready", sizeof(af_options.af_name));
-      setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &af_options, sizeof(af_options));
+      if (csp->config->enable_accept_filter)
+      {
+         struct accept_filter_arg af_options;
+         bzero(&af_options, sizeof(af_options));
+         strlcpy(af_options.af_name, "httpready", sizeof(af_options.af_name));
+         if (setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &af_options,
+            sizeof(af_options)))
+         {
+            log_error(LOG_LEVEL_ERROR,
+               "Enabling accept filter for socket %d failed: %E", fd);
+         }
+      }
 #endif
       afd = accept (fd, (struct sockaddr *) &client, &c_length);
    } while (afd < 0 && errno == EINTR);
diff --git a/loadcfg.c b/loadcfg.c
index f2541e2f..6c0f4643 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1,4 +1,4 @@
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.162 2017/06/04 14:42:32 fabiankeil Exp $";
+const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.163 2017/06/26 12:09:56 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
@@ -142,6 +142,7 @@ static struct file_list *current_configfile = NULL;
 #define hash_debug                            78263U /* "debug" */
 #define hash_default_server_timeout      2530089913U /* "default-server-timeout" */
 #define hash_deny_access                 1227333715U /* "deny-access" */
+#define hash_enable_accept_filter        2909040407U /* "enable-accept-filter" */
 #define hash_enable_edit_actions         2517097536U /* "enable-edit-actions" */
 #define hash_enable_compression          3943696946U /* "enable-compression" */
 #define hash_enable_proxy_authentication_forwarding 4040610791U /* enable-proxy-authentication-forwarding */
@@ -612,6 +613,9 @@ struct configuration_spec * load_config(void)
    config->client_tag_lifetime       = 60;
 #endif
    config->trust_x_forwarded_for     = 0;
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+   config->enable_accept_filter      = 0;
+#endif
    config->trusted_cgi_referrer      = NULL;
    /*
     * 128 client sockets ought to be enough for everybody who can't
@@ -976,6 +980,15 @@ struct configuration_spec * load_config(void)
             break;
 #endif /* def FEATURE_ACL */
 
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+/* *************************************************************************
+ * enable-accept-filter 0|1
+ * *************************************************************************/
+         case hash_enable_accept_filter :
+            config->enable_accept_filter = parse_toggle_state(cmd, arg);
+            break;
+#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */
+
 /* *************************************************************************
  * enable-edit-actions 0|1
  * *************************************************************************/
diff --git a/project.h b/project.h
index 65427e03..da8a3fef 100644
--- a/project.h
+++ b/project.h
@@ -1,7 +1,7 @@
 #ifndef PROJECT_H_INCLUDED
 #define PROJECT_H_INCLUDED
 /** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.220 2017/02/20 13:44:32 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.221 2017/05/29 10:02:11 fabiankeil Exp $"
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/project.h,v $
@@ -1351,6 +1351,9 @@ struct configuration_spec
    /** Size of the receive buffer */
    size_t receive_buffer_size;
 
+   /** Use accf_http(4) if available */
+   int enable_accept_filter;
+
 #ifdef FEATURE_TRUST
 
    /** The file name of the trust file. */
-- 
2.39.2