Bring back the tcp/ip configuration options. This code was already

there and is from relayd.  We can decide later which options should
be added or removed, but it shouldn't do any harm.

2 files changed, 112 insertions, 7 deletions

diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5
index a0930d1c27a..95322803c9a 100644
--- a/usr.sbin/httpd/httpd.conf.5
+++ b/usr.sbin/httpd/httpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: httpd.conf.5,v 1.23 2014/08/05 15:36:59 reyk Exp $
+.\"	$OpenBSD: httpd.conf.5,v 1.24 2014/08/05 17:03:21 reyk Exp $
 .\"
 .\" Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -149,9 +149,10 @@ The
 argument will be matched against the URL path with shell globbing rules.
 A location section may include all of the server configuration rules
 except
-.Ic listen on
+.Ic listen on ,
+.Ic location
 and
-.Ic location .
+.Ic tcp .
 .It Ic log access Ar name
 Set the
 .Ar name
@@ -201,6 +202,45 @@ root directory of
 .Nm httpd .
 If not specified, it defaults to
 .Pa /htdocs .
+.It Ic tcp Ar option
+Enable or disable the specified TCP/IP options; see
+.Xr tcp 4
+and
+.Xr ip 4
+for more information about the options.
+Valid options are:
+.Bl -tag -width Ds
+.It Ic backlog Ar number
+Set the maximum length the queue of pending connections may grow to.
+The backlog option is 10 by default and is limited by the
+.Ic kern.somaxconn
+.Xr sysctl 8
+variable.
+.It Ic ip minttl Ar number
+This option for the underlying IP connection may be used to discard packets
+with a TTL lower than the specified value.
+This can be used to implement the
+.Ar Generalized TTL Security Mechanism (GTSM)
+according to RFC 5082.
+.It Ic ip ttl Ar number
+Change the default time-to-live value in the IP headers.
+.It Xo
+.Op Ic no
+.Ic nodelay
+.Xc
+Enable the TCP NODELAY option for this connection.
+This is recommended to avoid delays in the relayed data stream,
+e.g. for SSH connections.
+.It Xo
+.Op Ic no
+.Ic sack
+.Xc
+Use selective acknowledgements for this connection.
+.It Ic socket buffer Ar number
+Set the socket-level buffer size for input and output for this
+connection.
+This will affect the TCP window size.
+.El
 .El
 .Sh TYPES
 Configure the supported media types.
diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index 3a5e10f7727..ed3631c6b5d 100644
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.26 2014/08/05 16:46:35 reyk Exp $	*/
+/*	$OpenBSD: parse.y,v 1.27 2014/08/05 17:03:21 reyk Exp $	*/
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -125,9 +125,9 @@ typedef struct {
 
 %}
 
-%token	ACCESS AUTO CHROOT COMMON COMBINED CONNECTION DIRECTORY ERR FCGI
-%token	INDEX LISTEN LOCATION LOG NO ON PORT PREFORK ROOT SERVER SOCKET SSL
-%token	STYLE SYSLOG TYPES
+%token	ACCESS AUTO BACKLOG BUFFER CHROOT COMMON COMBINED CONNECTION
+%token	DIRECTORY ERR FCGI INDEX IP LISTEN LOCATION LOG NO NODELAY ON PORT
+%token	PREFORK ROOT SACK SERVER SOCKET SSL STYLE SYSLOG TCP TYPES
 %token	ERROR INCLUDE
 %token	<v.string>	STRING
 %token  <v.number>	NUMBER
@@ -297,6 +297,18 @@ serveroptsl	: LISTEN ON STRING port optssl {
 				s->srv_conf.flags |= SRVFLAG_SSL;
 			}
 		}
+		| TCP 			{
+			if (parentsrv != NULL) {
+				yyerror("tcp flags inside location");
+				YYERROR;
+			}
+		} tcpflags
+		| TCP 			{
+			if (parentsrv != NULL) {
+				yyerror("tcp flags inside location");
+				YYERROR;
+			}
+		} '{' tcpflags_l '}'
 		| ROOT STRING		{
 			if (strlcpy(srv->srv_conf.root, $2,
 			    sizeof(srv->srv_conf.root)) >=
@@ -518,6 +530,53 @@ logstyle	: COMMON		{
 		}
 		;
 
+tcpflags_l	: tcpflags comma tcpflags_l
+		| tcpflags
+		;
+
+tcpflags	: SACK			{ srv_conf->tcpflags |= TCPFLAG_SACK; }
+		| NO SACK		{ srv_conf->tcpflags |= TCPFLAG_NSACK; }
+		| NODELAY		{
+			srv_conf->tcpflags |= TCPFLAG_NODELAY;
+		}
+		| NO NODELAY		{
+			srv_conf->tcpflags |= TCPFLAG_NNODELAY;
+		}
+		| BACKLOG NUMBER	{
+			if ($2 < 0 || $2 > SERVER_MAX_CLIENTS) {
+				yyerror("invalid backlog: %d", $2);
+				YYERROR;
+			}
+			srv_conf->tcpbacklog = $2;
+		}
+		| SOCKET BUFFER NUMBER	{
+			srv_conf->tcpflags |= TCPFLAG_BUFSIZ;
+			if ((srv_conf->tcpbufsiz = $3) < 0) {
+				yyerror("invalid socket buffer size: %d", $3);
+				YYERROR;
+			}
+		}
+		| IP STRING NUMBER	{
+			if ($3 < 0) {
+				yyerror("invalid ttl: %d", $3);
+				free($2);
+				YYERROR;
+			}
+			if (strcasecmp("ttl", $2) == 0) {
+				srv_conf->tcpflags |= TCPFLAG_IPTTL;
+				srv_conf->tcpipttl = $3;
+			} else if (strcasecmp("minttl", $2) == 0) {
+				srv_conf->tcpflags |= TCPFLAG_IPMINTTL;
+				srv_conf->tcpipminttl = $3;
+			} else {
+				yyerror("invalid TCP/IP flag: %s", $2);
+				free($2);
+				YYERROR;
+			}
+			free($2);
+		}
+		;
+
 types		: TYPES	'{' optnl mediaopts_l '}'
 		;
 
@@ -647,6 +706,8 @@ lookup(char *s)
 	static const struct keywords keywords[] = {
 		{ "access",		ACCESS },
 		{ "auto",		AUTO },
+		{ "backlog",		BACKLOG },
+		{ "buffer",		BUFFER },
 		{ "chroot",		CHROOT },
 		{ "combined",		COMBINED },
 		{ "common",		COMMON },
@@ -656,19 +717,23 @@ lookup(char *s)
 		{ "fastcgi",		FCGI },
 		{ "include",		INCLUDE },
 		{ "index",		INDEX },
+		{ "ip",			IP },
 		{ "listen",		LISTEN },
 		{ "location",		LOCATION },
 		{ "log",		LOG },
 		{ "no",			NO },
+		{ "nodelay",		NODELAY },
 		{ "on",			ON },
 		{ "port",		PORT },
 		{ "prefork",		PREFORK },
 		{ "root",		ROOT },
+		{ "sack",		SACK },
 		{ "server",		SERVER },
 		{ "socket",		SOCKET },
 		{ "ssl",		SSL },
 		{ "style",		STYLE },
 		{ "syslog",		SYSLOG },
+		{ "tcp",		TCP },
 		{ "types",		TYPES }
 	};
 	const struct keywords	*p;