On Tue, Sep 24, 2019 at 10:58:29AM +0200, Laslo Hunhold wrote:
> On Mon, 23 Sep 2019 13:07:47 -0700
> Anselm Garbe <garbeam_AT_gmail.com> wrote:
>
> Dear Anselm, Dear Richard,
>
> > Thanks for doing that and letting me know. So the reason you see this
> > performance penalty in contrast to the other web servers you mention
> > is, that quark is a fork() based web server (and current HEAD is still
> > fork() based). That's the whole reason ;)
>
> I also guessed that this might be the reason before the results came.
> Now it is pretty certain, especially when we also note that fork() has
> a higher penalty on OpenBSD compared to Linux.
>
> > https://git.suckless.org/quark/file/main.c.html#l376
> >
> > The decision for making it fork() based was on purpose, to keep its
> > implementation as simple as possible. However, I do see potential to
> > revise quark's current implementation and to consider dropping various
> > features, but up to Laslo. ;)
>
> Quark is actually very lean and offers 99% of the features you would
> expect for a static server. I personally am a big fan of OpenBSD's
> httpd and will use it on the server I am currently setting up.
>
> I see quark's role more like a "drop-in" server you can invoke
> literally in seconds from the command line to share some data on the
> network. In this form, it is not so trivial with other servers. For
> "settled" servers with a fixed configuration, OpenBSD httpd works
> flawlessly in my opinion!
>
> However, OpenBSD's httpd is not available for most Linux distributions,
> and that's why quark also has some features to set up simple servers
> with it that can even serve multiple hosts at once. Surely we can
> discuss if we need virtual host support and whatnot, but most
> "complexity" in quark is a deliberate focus on data structures to make
> modifications very easy. An example is the cgi-patch[0] that is pretty
> straightforward.
>
> With best regards
>
> Laslo
>
> [0]:https://tools.suckless.org/quark/patches/basecgi/quark-basecgi-20190317-4677877.diff
>
Hi,
Sorry to go a bit off-topic here, but I quickly tested and reviewed the CGI
patch. This CGI patch is broken. A basic `quark -h 127.0.0.1 -p 8080` serving
some page always returns HTTP 400 "Bad request".
A few bounds checks seem not to use good code practises like:
* all other data will be later passed to script */
sprintf(r->cgicont, "%s", p);
It seems it allows only a maximum of PATH_MAX bytes of POST data too.
and:
snprintf(realtarget, sizeof(tmptarget) + sizeof(s.cgi[i].dir) - 1, "%s%s", s.cgi[i].dir, tmptarget);
The patch filename is also named incorrectly on the wiki.
I CC'd the patch author.
--
Kind regards,
Hiltjo
Received on Tue Sep 24 2019 - 21:16:05 CEST