Skip to content

Freebind #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 2.4.x
Choose a base branch
from
Open

Freebind #550

wants to merge 2 commits into from

Conversation

@bastien-roucaries
Copy link

@bastien-roucaries bastien-roucaries commented Aug 17, 2025

Hi,

Can you find a backport for 2.4x of freebind patches

On debian side we will like it

@notroj

covener and others added 2 commits August 17, 2025 15:27
@covener @bastien-roucaries
[PATCH] Add "AcceptErrorsNonFatal" directive
5fde11e 
This tweaks accept() failure processing by having ap_unixd_accept
pass more errors up, and having the MPM's check against a macro
to see if they are in a whitelist of non ENETDOWN/EMFILE kind
of potential process-wide errors.

Default behavior is still to exit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1820098 13f79535-47bb-0310-9956-ffa450edef68
backport: apache@98e9503
backport: apache@26bcd25
@notroj @bastien-roucaries
Add optional options= argument to Listen to add listener-specific
387c78b 
socket options.

Reimplement "use_specific_errors" listener flag under generic
ap_listen_rec flags field holding all listener-specific options.

* include/ap_listen.h: Add AP_LISTEN_* flags.
  (ap_listen_rec): Rename use_specific_errors to flags.

* server/listen.c (make_sock): Set APR_SO_FREEBIND if
  AP_LISTEN_FREEBIND flag is set on listener; set APR_SO_REUSEPORT
  unconditionally if AP_LISTEN_REUSEPORT is set.
  (alloc_listener): Take flags argument.
  (ap_setup_listeners): Set AP_LISTEN_SPECIFIC_ERRORS flag here.
  (ap_set_listener): Parse optional options=... argument, catch
  typos and fail if protocol name contains a "=".
  (ap_duplicate_listeners): Duplicate flags.

Submitted by: jkaluza, Lubos Uhliarik <luhliari redhat.com>, jorton
PR: 61865
Github: closes apache#114

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876865 13f79535-47bb-0310-9956-ffa450edef68
backport: apache@a42f369
backport: apache@b0b6448
@bastien-roucaries
Copy link
Author

bastien-roucaries commented Aug 17, 2025

I also believe that ECONNREFUSED, ECONNABORTED, or ECONNRESET should be extended to:

  • EPERM due to firewall and systemd filtering
  • ENOSYS (syscall filtering)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bastien-roucaries @covener @notroj