Permalink
Browse files

tproxy: Two improvements of the captivity daemon: it now threads (to …

…handle many requests), and forcefully closes the connection once the redirection document is transferred. This way a badly-behaved HTTP client cannot lock up the captivity daemon.
  • Loading branch information...
1 parent 2c718d4 commit 0e3f133988056e30a0cdf5e1b51e56ba1449d125 @micolous committed Oct 20, 2012
Showing with 12 additions and 1 deletion.
  1. +12 −1 tollgate/captive_landing/tproxy.py
@@ -15,9 +15,11 @@
try:
# py3
from http.server import HTTPServer, BaseHTTPRequestHandler
+ from socketserver import ForkingMixIn
except ImportError:
# py2
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+ from SocketServer import ForkingMixIn
try:
from socket import IP_TRANSPARENT
@@ -27,6 +29,14 @@
IP_TRANSPARENT = 19
warn("Your version of Python doesn't support socket.IP_TRANSPARENT. It could also be that you're running this on a non-Linux platform, which probably won't work.")
+# http://stackoverflow.com/questions/10003866/http-server-hangs-while-accepting-packets
+class ForkingHTTPServer(ForkingMixIn, HTTPServer):
+ def finish_request(self, request, client_address):
+ request.settimeout(30)
+ # explicitly call HttpServer.finish_request
+ HTTPServer.finish_request(self, request, client_address)
+
+
class TProxyRequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
url = self.server.redirect % quote('http://' + self.headers['Host'] + self.path)
@@ -58,6 +68,7 @@ def do_GET(self):
page = bytes(page, 'UTF-8')
self.wfile.write(page)
+ self.wfile.close()
do_HEAD = do_POST = do_GET
@@ -71,7 +82,7 @@ def __init__(self, tollgate_uri, server_port, mark):
def run(self):
- self.httpd = HTTPServer(self.server_address, TProxyRequestHandler)
+ self.httpd = ForkingHTTPServer(self.server_address, TProxyRequestHandler)
self.httpd.server_version = 'tollgate'
self.httpd.redirect = '%s/captive_landing/?u=%%s' % self.tollgate_uri
self.httpd.socket.setsockopt(SOL_IP, IP_TRANSPARENT, self.mark)

0 comments on commit 0e3f133

Please sign in to comment.