If you refer to BUG 19954:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19954
This looks like the issue I was trying to patch. In the current 2.x
codebase, the reverse proxy will effectively cache traffic until it has 8000
bytes to send. According to Jeff Trawick, the caching effect is not an
intended behavior, rather it is a network optimization that just happens to
break tunneling of non-http traffic.

I've been swamped at work for the last few months, and have not had time yet
to rework my proposed patch based on the feedback in the bugzilla report;
but I believe the patch as proposed will solve your immediate issue. Of
course, feel free to rework the patch if you feel up to it!


---------------------------------------------------------
Chris Conti
mailto://***@mindspring.com
mailto://***@xcellenet.com


If at first you do succeed, try not to look astonished.


-----Original Message-----
From: Jim Duda [mailto:***@duda.tzo.com]
Sent: Thursday, March 04, 2004 9:41 PM
To: modproxy-***@apache.org
Subject: reverseproxy using httptunnel

I'm trying to use GNU httptunnel
(http://www.nocrew.org/software/httptunnel.html)
behind apache using the reverseproxy feature. Apache version 2.0.48

I have reverseproxy working, as I have another machine behind apache using
this feature serving up html pages properly. Works great.

I have apache running on my firewall. I only have 1 single common port
between my firewall and my client. I only have port 443 to work with.
I'm using port 443 with basic http. I need apache to server web pages, but
I also need other non-web services. At first, I just want to get a telnet
client working, but hope to migrate to ssh later. I'm aware of the security
issues this imposes. My firewall is setup to only allow a client connection
on port 443 from the allowable location.

My httpd.conf has the following - among other things (-:

Listen 443
<VirtualHost *>
ServerName <myserver>.com
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/ </VirtualHost>

I run the httptunnel server on the firewall machine.
hts -F localhost:23

I run the httptunnel client on the client side.
htc -F localhost:8000 <myserver>.com:443

On the client, I issue:
telnet localhost 8000.

On the server, I've used ethereal to watch the traffic.
I see the client open a connection with apache on 443.
I see apache open a connection with the hts server on port 8888.
I see the hts server open a connection on port 23.
I see the client send a POST and GET through apache to the httptunnel server
on port 8888.
The telnet port sends stuff to the httptunnel server port.

The httptunnel server responds to the GET command with
15 bytes using 3 separate TCP packets back to the apache server.

0 (0000 02 .) putline
0 (0000 00 0c ..) putline
0 (0000 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ..... ..#..')
putline

I believe these 15 bytes are the beginning of the telnet negotiation.

I never see the 15 bytes comes out of the apache server on the otherside of
the firewall towards the client. The client side is stopped waiting for a
response.

I've turned on apache debugging and then used the printf debugging approach
and found I'm stuck inside proxy_http.

I get the debug message
"proxy: start body send" in logs/error_log

I'm stuck in proxy_http.c, line 928
while (ap_get_brigade(rp->input_filters,
bb,
AP_MODE_READBYTES,
APR_BLOCK_READ,
conf->io_buffer_size) == APR_SUCCESS)
{

The ap_get_brigade function never returns, and I'm stuck here.

I get through this loop three times, before the httptunnel stops sending
data, then I'm stuck. The client needs to receive these bytes and transmit
to the server again before the server will send any more data.

Am what I'm attempting completely wacked?

Can anyone offer any pointers on what to look for next?

I will continue to debug further.

Thanks,

Jim