yahns 1.12.5 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b9e19ad9295dcdd4fb3423900a4061e9a4495597
-  data.tar.gz: e98ed154740a92a0378b0ddc255561bcda1ea391
+  metadata.gz: '0885938d8049ca0b240e7727bcf47c9558945997'
+  data.tar.gz: 0b2a81c5a297241967f3f184a755c80d51f90a34
 SHA512:
-  metadata.gz: 5e80a5f1d8ec22f04c7e80a1d128e18a6c05923ad2c850cafdae763c50e03c29242279160d73de267593789ab09b5e31beff797d177f5ff57aba7939de174480
-  data.tar.gz: 44fec12611e1e0f8f83868879b53c8fb9186e61c8be1bc5b020c4879ed25fdbbe5c1eb3aabe650e7b2270d7c4dcb6b77f1f21949926755987f1fe1bd05a37f0f
+  metadata.gz: a5fa096ca664e7f224f933a5c37b437a15617decfca04415aa8928d33cd733fe700b0544966392929568c5dcacb25016971d7aab294c5d33a9e4907c66b5d60a
+  data.tar.gz: 7dea50f747b2f7214c1de823fcb584b6da6738cb2c34ba8b5676a86636dddb322af50b22119a7a38b075fae692fb507feef3294e34538bd0ba0a88e6fb7a372a

data/Documentation/yahns-rackup.pod

@@ -159,16 +159,6 @@ The RACK_ENV variable is set by the aforementioned -E switch.
 If RACK_ENV is already set, it will be used unless -E is used.
 See rackup documentation for more details.
 
-=head1 CAVEATS
-
-yahns is strict about buggy, non-compliant Rack applications.
-Some existing servers work fine without "Content-Length" or
-"Transfer-Encoding: chunked" response headers enforced by Rack::Lint.
-Forgetting these headers with yahns causes clients to stall as they
-assume more data is coming.  Loading the Rack::ContentLength and/or
-Rack::Chunked middlewares will set the necessary response headers
-and fix your app.
-
 =head1 CONTACT
 
 All feedback welcome via plain-text mail to L<mailto:yahns-public@yhbt.net>

data/Documentation/yahns_config.pod

@@ -451,6 +451,9 @@ An example which seems to work is:
   # but disable client certificate verification as it is rare:
   ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
 
+  # Built-in session cache (only works if worker_processes is nil or 1)
+  ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
+
   app(:rack, "/path/to/my/app/config.ru") do
     listen 443, ssl_ctx: ssl_ctx
   end

data/GIT-VERSION-FILE

@@ -1 +1 @@
-VERSION = 1.12.5
+VERSION = 1.13.0

data/GIT-VERSION-GEN

@@ -5,7 +5,7 @@
 CONSTANT = "Yahns::VERSION"
 RVF = "lib/yahns/version.rb"
 GVF = "GIT-VERSION-FILE"
-DEF_VER = "v1.12.5"
+DEF_VER = "v1.13.0"
 vn = DEF_VER.dup
 
 # First see if there is a version file (included in release tarballs),

data/NEWS

@@ -1,3 +1,83 @@
+=== yahns 1.13.0 - some user-visible improvements... / 2016-08-05 07:26 UTC
+
+  And probably a billion new regressions!
+
+  yahns now allows users to skip the Rack::Head, Rack::Chunked and
+  Rack::ContentLength middlewares to ease migrating from/to other
+  real-world Rack HTTP servers.  Most notably, our chunked
+  encoding implementation is a bit faster than Rack::Chunked by
+  taking advantage of the writev(2) syscall:
+
+    https://yhbt.net/yahns-public/20160803031906.14553-4-e@80x24.org/
+
+  There's also rack 2.x fixes in the test case and extras/ section
+  (these incompatibilities did not affect existing users unless
+  they use the wonky extras/ section).
+
+  There's also some graceful shutdown fixes, the process title is
+  now changed to display the number of live FDs.
+
+  Of course, there's the usual round of documentation improvements
+  which are systemd and OpenSSL setup-related this time around.
+
+  However, the majority of changes (proxy_*, wbuf_lite), affect
+  currently-unadvertised functionality which is subject to removal
+  or incompatible config changes.  However, they are used to serve
+  our mailing list archives at:
+
+  	https://yhbt.net/yahns-public/
+
+  49 changes since yahns 1.12.5:
+        proxy_pass: simplify writing request bodies upstream
+        proxy_pass: hoist out proxy_res_headers method
+        proxy_pass: simplify proxy_http_response
+        proxy_pass: split out body and trailer reading in response
+        proxy_pass: trim down proxy_response_finish, too
+        proxy_pass: split out req_res into a separate file
+        proxy_pass: fix resumes after complete buffering is unblocked
+        proxy_pass: X-Forwarded-For appends to existing list
+        proxy_pass: pass entire object to proxy_http_response
+        proxy_pass: support "proxy_buffering: false"
+        proxy_pass: remove unnecessary rescue
+        req_res: store proxy_pass object here, instead
+        proxy_pass: redo "proxy_buffering: false"
+        wbuf: remove needless "busy" parameter
+        Merge branch 'maint'
+        extras/try_gzip_static: do not show backtrace on syscall errors
+        wbuf: remove tmpdir parameter
+        wbuf_lite: fix write retries for OpenSSL sockets
+        test_proxy_pass_no_buffering: fix racy test
+        queue_*: check for closed IO objects
+        cleanup graceful shutdown handling
+        proxy_pass: more descriptive error messages
+        proxy_pass: fix HTTP/1.0 backends on EOF w/o buffering
+        wbuf_common: reset offset counter when done
+        extras/try_gzip_static: resolve symlinks
+        test_ssl: remove unnecessary priv_key DH parameter
+        openssl_client: wrap shutdown for graceful termination
+        proxy_pass: keep trailer buffer on blocked client writes
+        proxy_pass: avoid TOCTTOU race when unbuffering, too
+        proxy_pass: avoid accessing logger in env after hijacking
+        proxy_pass: avoid stuck responses in "proxy_buffering: false"
+        extras: include status messages in responses
+        update init and add systemd examples
+        test_proxy_pass_no_buffering: exclude rb/ru files, too
+        wbuf_lite: use StringIO instead of TmpIO
+        wbuf_lite: truncate StringIO when done
+        wbuf_lite: prevent clobbering responses
+        wbuf_lite: unify EOF error handling
+        wbuf_lite: reset sf_offset/sf_count consistently
+        wbuf_lite: clear @busy flag when re-arming
+        http_response: drop bodies for non-compliant responses
+        fix rack 2.x compatibility bugs
+        doc: add session cache usage to OpenSSL example
+        test: skip some buffering tests on non-default values
+        response: drop clients after HTTP responses of unknown length
+        response: reduce stack overhead for parameter passing
+        response: support auto-chunking for HTTP/1.1
+        Revert "document Rack::Chunked/ContentLength semi-requirements"
+        extras/exec_cgi: fix for HTTPoxy vulnerability
+
 === yahns 1.12.5 - proxy_pass + rack.hijack fixes / 2016-06-05 23:09 UTC
 
   Hopefully the last of the 1.12.x series, this release

data/examples/init.sh

@@ -2,8 +2,14 @@
 # To the extent possible under law, Eric Wong has waived all copyright and
 # related or neighboring rights to this examples
 set -e
-# Example init script, this can be used with nginx, too,
-# since nginx and yahns accept the same signals
+### BEGIN INIT INFO
+# Provides:          yahns
+# Required-Start:    $local_fs $network
+# Required-Stop:     $local_fs $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop yahns Ruby app server
+### END INIT INFO
 
 # Feel free to change any of the following variables for your app:
 TIMEOUT=${TIMEOUT-60}
@@ -11,21 +17,22 @@ APP_ROOT=/home/x/my_app/current
 PID=$APP_ROOT/tmp/pids/yahns.pid
 CMD="/usr/bin/yahns -D -c $APP_ROOT/config/yahns.rb"
 INIT_CONF=$APP_ROOT/config/init.conf
+UPGRADE_DELAY=${UPGRADE_DELAY-2}
 action="$1"
 set -u
 
 test -f "$INIT_CONF" && . $INIT_CONF
 
-old_pid="$PID.oldbin"
+OLD="$PID.oldbin"
 
 cd $APP_ROOT || exit 1
 
 sig () {
-	test -s "$PID" && kill -$1 `cat $PID`
+	test -s "$PID" && kill -$1 $(cat $PID)
 }
 
 oldsig () {
-	test -s $old_pid && kill -$1 `cat $old_pid`
+	test -s "$OLD" && kill -$1 $(cat $OLD)
 }
 
 case $action in
@@ -47,18 +54,36 @@ restart|reload)
 	$CMD
 	;;
 upgrade)
-	if sig USR2 && sleep 2 && sig 0 && oldsig QUIT
+	if oldsig 0
+	then
+		echo >&2 "Old upgraded process still running with $OLD"
+		exit 1
+	fi
+
+	cur_pid=
+	if test -s "$PID"
+	then
+		cur_pid=$(cat $PID)
+	fi
+
+	if test -n "$cur_pid" &&
+			kill -USR2 "$cur_pid" &&
+			sleep $UPGRADE_DELAY &&
+			new_pid=$(cat $PID) &&
+			test x"$new_pid" != x"$cur_pid" &&
+			kill -0 "$new_pid" &&
+			kill -QUIT "$cur_pid"
 	then
 		n=$TIMEOUT
-		while test -s $old_pid && test $n -ge 0
+		while kill -0 "$cur_pid" 2>/dev/null && test $n -ge 0
 		do
 			printf '.' && sleep 1 && n=$(( $n - 1 ))
 		done
 		echo
 
-		if test $n -lt 0 && test -s $old_pid
+		if test $n -lt 0 && kill -0 "$cur_pid" 2>/dev/null
 		then
-			echo >&2 "$old_pid still exists after $TIMEOUT seconds"
+			echo >&2 "$cur_pid still running after $TIMEOUT seconds"
 			exit 1
 		fi
 		exit 0

data/examples/logrotate.conf

@@ -25,6 +25,11 @@
 	# config.  yahns supports the USR1 signal and we send it
 	# as our "lastaction" action:
 	lastaction
+		# systemd users do not have PID files,
+		# only signal the @1 process since the @2 is short-lived
+		# and only runs while @1 is restarting.
+		systemctl kill -s SIGUSR1 yahns@1.service
+
 		# assuming your pid file is in /var/run/yahns_app/pid
 		pid=/var/run/yahns_app/pid
 		test -s $pid && kill -USR1 "$(cat $pid)"

data/examples/yahns.socket

@@ -0,0 +1,17 @@
+# ==> /etc/systemd/system/yahns.socket <==
+[Unit]
+Description = yahns sockets
+
+[Socket]
+
+# yahns can handle an arbitrary number of listen sockets,
+# so I prefer to keep listeners for IPv4 and IPv6 separate
+# to avoid ugly IPv4-mapped-IPv6 addresses for IPv4 clients:
+# (e.g ":ffff:10.0.0.1" instead of just "10.0.0.1").
+ListenStream = 0.0.0.0:443
+BindIPv6Only = ipv6-only
+ListenStream = [::]:443
+Service = yahns@1.service
+
+[Install]
+WantedBy = sockets.target

data/examples/yahns@.service

@@ -0,0 +1,50 @@
+# ==> /etc/systemd/system/yahns@.service <==
+# Since SIGUSR2 upgrades do not work under systemd, this service
+# file allows starting two (or more) simultaneous services
+# during upgrade (e.g. yahns@1 and yahns@2) with the intention
+# that they are both running during the upgrade process.
+#
+# This allows upgrading without downtime, using yahns@2 as a
+# temporary hot spare:
+#
+#   systemctl start yahns@2
+#   sleep 2 # wait for yahns@2 to boot, increase as necessary for big apps
+#   systemctl restart yahns@1
+#   sleep 2 # wait for yahns@1 to warmup
+#   systemctl stop yahns@2
+
+[Unit]
+Description = yahns Ruby server %i
+Wants = yahns.socket
+After = yahns.socket
+
+[Service]
+# yahns can handle lots of open files:
+LimitNOFILE = 32768
+LimitCORE = infinity
+
+# The listen socket we give yahns should be blocking for optimal
+# load distribution between processes under the Linux kernel.
+# NonBlocking is false by default in systemd, but we specify it
+# here anyways to discourage users from blindly changing it.
+Sockets = yahns.socket
+NonBlocking = false
+
+# bundler users must use the "--keep-file-descriptors" switch, here:
+# ExecStart = /path/to/bin/bundle exec --keep-file-descriptors yahns -c ...
+ExecStart = /path/to/bin/yahns -c /path/to/yahns.conf.rb
+KillSignal = SIGQUIT
+User = www-data
+Group = www-data
+ExecReload = /bin/kill -HUP $MAINPID
+
+# this should match the shutdown_timeout value in yahns_config(5)
+TimeoutStopSec = 600
+
+# Only kill the master process, it may be harmful to signal
+# workers via default "control-group" setting since some
+# Ruby extensions and applications misbehave on interrupts
+KillMode = process
+
+[Install]
+WantedBy = multi-user.target

data/examples/yahns_rack_basic.conf.rb

@@ -30,12 +30,6 @@ queue do
   worker_threads 50
 end
 
-# note: Rack requires responses set "Content-Length" or use
-# "Transfer-Encoding: chunked".  Some Rack servers tolerate
-# the lack of these, yahns does not.  Thus you should load
-# Rack::Chunked and/or Rack::ContentLength middleware in your
-# config.ru to ensure clients know when your application
-# responses terminate.
 app(:rack, "config.ru", preload: false) do
   listen 80
 

data/extras/autoindex.rb

@@ -168,8 +168,9 @@ class Autoindex
     if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(code)
       [ code, {}, [] ]
     else
-      h = { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }
-      [ code, h, [] ]
+      msg = "#{code} #{Rack::Utils::HTTP_STATUS_CODES[code.to_i]}\n"
+      h = { 'Content-Type' => 'text/plain', 'Content-Length' => msg.size.to_s }
+      [ code, h, [ msg ] ]
     end
   end
 

data/extras/exec_cgi.rb

@@ -86,6 +86,7 @@ class ExecCgi
 
   # Calls the app
   def call(env)
+    env.delete('HTTP_PROXY') # ref: https://httpoxy.org/
     cgi_env = { "GATEWAY_INTERFACE" => "CGI/1.1" }
     PASS_VARS.each { |key| val = env[key] and cgi_env[key] = val }
     env.each { |key,val| cgi_env[key] = val if key =~ /\AHTTP_/ }

data/extras/try_gzip_static.rb

@@ -49,7 +49,7 @@ class TryGzipStatic
     end
 
     size = st.size
-    ranges = Rack::Utils.byte_ranges(env, size)
+    ranges = byte_ranges(env, size)
     if ranges.nil? || ranges.length > 1
       [ 200 ] # serve the whole thing, possibly with static gzip \o/
     elsif ranges.empty?
@@ -92,7 +92,12 @@ class TryGzipStatic
   def stat_path(env)
     path = fspath(env) or return r(403)
     begin
-      st = File.stat(path)
+      st = File.lstat(path)
+      if st.symlink?
+        path = File.readlink(path)
+        path[0] == '/'.freeze or path = "#@root/#{path}"
+        st = File.stat(path)
+      end
       return r(404) unless st.file?
       return r(403) unless st.readable?
       [ path, st ]
@@ -203,7 +208,7 @@ class TryGzipStatic
       msg = msg.dump if /[[:cntrl:]]/ =~ msg # prevent code injection
       logger.warn("#{env['REQUEST_METHOD']} #{env['PATH_INFO']} " \
                   "#{code} #{msg}")
-      if exc.respond_to?(:backtrace)
+      if exc.respond_to?(:backtrace) && !(SystemCallError === exc)
         exc.backtrace.each { |line| logger.warn(line) }
       end
     end
@@ -211,8 +216,17 @@ class TryGzipStatic
     if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(code)
       [ code, {}, [] ]
     else
-      h = { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }
-      [ code, h, [] ]
+      msg = "#{code} #{Rack::Utils::HTTP_STATUS_CODES[code.to_i]}\n"
+      h = { 'Content-Type' => 'text/plain', 'Content-Length' => msg.size.to_s }
+      [ code, h, [ msg ] ]
+    end
+  end
+
+  if Rack::Utils.respond_to?(:get_byte_ranges) # rack 2.0+
+    def byte_ranges(env, size)
+      Rack::Utils.get_byte_ranges(env['HTTP_RANGE'], size)
     end
+  else # rack 1.x
+    def byte_ranges(env, size); Rack::Utils.byte_ranges(env, size); end
   end
 end

data/lib/yahns/chunk_body.rb

@@ -0,0 +1,27 @@
+# -*- encoding: binary -*-
+# Copyright (C) 2016 all contributors <yahns-public@yhbt.net>
+# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
+# frozen_string_literal: true
+class Yahns::ChunkBody
+  def initialize(body, vec)
+    @body = body
+    @vec = vec
+  end
+
+  def each
+    vec = @vec
+    vec[2] = "\r\n".freeze
+    @body.each do |chunk|
+      vec[0] = "#{chunk.bytesize.to_s(16)}\r\n"
+      vec[1] = chunk
+      # vec[2] never changes: "\r\n" above
+      yield vec
+    end
+    vec.clear
+    yield "0\r\n\r\n".freeze
+  end
+
+  def close
+    @body.close if @body.respond_to?(:close)
+  end
+end

data/lib/yahns/fdmap.rb

@@ -89,10 +89,10 @@ class Yahns::Fdmap # :nodoc:
   # We should not be calling this too frequently, it is expensive
   # This is called while @fdmap_mtx is held
   def __expire(timeout)
-    return if @count == 0
+    return 0 if @count == 0
     nr = 0
     now = Yahns.now
-    (now - @last_expire) >= 1.0 or return # don't expire too frequently
+    (now - @last_expire) >= 1.0 or return @count # don't expire too frequently
 
     # @fdmap_ary may be huge, so always expire a bunch at once to
     # avoid getting to this method too frequently
@@ -104,8 +104,11 @@ class Yahns::Fdmap # :nodoc:
     end
 
     @last_expire = Yahns.now
-    msg = timeout ? "timeout=#{timeout}" : "client_timeout"
-    @logger.info("dropping #{nr} of #@count clients for #{msg}")
+    if nr != 0
+      msg = timeout ? "timeout=#{timeout}" : "client_timeout"
+      @logger.info("dropping #{nr} of #@count clients for #{msg}")
+    end
+    @count
   end
 
   # used for graceful shutdown

data/lib/yahns/http_client.rb

@@ -2,6 +2,12 @@
 # Copyright (C) 2013-2016 all contributors <yahns-public@yhbt.net>
 # License: GPL-3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt)
 # frozen_string_literal: true
+begin
+  raise LoadError, 'SENDFILE_BROKEN env set' if ENV['SENDFILE_BROKEN']
+  require 'sendfile'
+rescue LoadError
+end
+
 class Yahns::HttpClient < Kgio::Socket # :nodoc:
   NULL_IO = StringIO.new(''.dup) # :nodoc:
 
@@ -183,9 +189,11 @@ class Yahns::HttpClient < Kgio::Socket # :nodoc:
       mkinput_preread # keep looping (@state == :body)
       true
     else # :lazy, false
-      status, headers, body = k.app.call(env = @hs.env)
-      return :ignore if app_hijacked?(env, body)
-      http_response_write(status, headers, body)
+      env = @hs.env
+      opt = http_response_prep(env)
+      res = k.app.call(env)
+      return :ignore if app_hijacked?(env, res)
+      http_response_write(res, opt)
     end
   end
 
@@ -214,16 +222,17 @@ class Yahns::HttpClient < Kgio::Socket # :nodoc:
       env['SERVER_PORT'] = '443'.freeze
     end
 
+    opt = http_response_prep(env)
     # run the rack app
-    status, headers, body = k.app.call(env)
-    return :ignore if app_hijacked?(env, body)
-    if status.to_i == 100
+    res = k.app.call(env)
+    return :ignore if app_hijacked?(env, res)
+    if res[0].to_i == 100
       rv = http_100_response(env) and return rv
-      status, headers, body = k.app.call(env)
+      res = k.app.call(env)
     end
 
     # this returns :wait_readable, :wait_writable, :ignore, or nil:
-    http_response_write(status, headers, body)
+    http_response_write(res, opt)
   end
 
   # called automatically by kgio_write
@@ -299,9 +308,29 @@ class Yahns::HttpClient < Kgio::Socket # :nodoc:
     return # always drop the connection on uncaught errors
   end
 
-  def app_hijacked?(env, body)
+  def app_hijacked?(env, res)
     return false unless env.include?('rack.hijack_io'.freeze)
-    body.close if body.respond_to?(:close)
+    res[2].close if res && res[2].respond_to?(:close)
     true
   end
+
+  def trysendio(io, offset, count)
+    return 0 if count == 0
+    count = 0x4000 if count > 0x4000
+    buf = Thread.current[:yahns_sfbuf] ||= ''.dup
+    io.pos = offset
+    str = io.read(count, buf) or return # nil for EOF
+    n = 0
+    case rv = kgio_trywrite(str)
+    when String # partial write, keep trying
+      n += (str.size - rv.size)
+      str = rv
+    when :wait_writable, :wait_readable
+      return n > 0 ? n : rv
+    when nil
+      return n + str.size # yay!
+    end while true
+  end
+
+  alias trysendfile trysendio unless IO.instance_methods.include?(:trysendfile)
 end

data/lib/yahns/http_response.rb

@@ -4,12 +4,14 @@
 # frozen_string_literal: true
 require_relative 'stream_file'
 require_relative 'wbuf_str'
+require_relative 'chunk_body'
 
 # Writes a Rack response to your client using the HTTP/1.1 specification.
 # You use it by simply doing:
 #
-#   status, headers, body = rack_app.call(env)
-#   http_response_write(status, headers, body)
+#   opt = http_response_prep(env)
+#   res = rack_app.call(env)
+#   http_response_write(res, opt)
 #
 # Most header correctness (including Content-Length and Content-Type)
 # is the job of Rack, with the exception of the "Date" header.
@@ -57,12 +59,12 @@ module Yahns::HttpResponse # :nodoc:
     "#{response_start}#{code} #{Rack::Utils::HTTP_STATUS_CODES[code]}\r\n\r\n"
   end
 
-  def response_header_blocked(ret, header, body, alive, offset, count)
+  def response_header_blocked(header, body, alive, offset, count)
     if body.respond_to?(:to_path)
       alive = Yahns::StreamFile.new(body, alive, offset, count)
       body = nil
     end
-    wbuf = Yahns::Wbuf.new(body, alive, self.class.output_buffer_tmpdir, ret)
+    wbuf = Yahns::Wbuf.new(body, alive)
     rv = wbuf.wbuf_write(self, header)
     if body && ! alive.respond_to?(:call) # skip body.each if hijacked
       body.each { |chunk| rv = wbuf.wbuf_write(self, chunk) }
@@ -118,21 +120,20 @@ module Yahns::HttpResponse # :nodoc:
     end
   end
 
-  def have_more?(value)
-    value.to_i > 0 && @hs.env['REQUEST_METHOD'] != 'HEAD'.freeze
-  end
-
   # writes the rack_response to socket as an HTTP response
   # returns :wait_readable, :wait_writable, :forget, or nil
-  def http_response_write(status, headers, body)
+  def http_response_write(res, opt)
+    status, headers, body = res
     offset = 0
     count = hijack = nil
-    k = self.class
-    alive = @hs.next? && k.persistent_connections
+    alive = @hs.next? && self.class.persistent_connections
     flags = MSG_DONTWAIT
+    term = false
+    hdr_only, chunk_ok = opt
 
     if @hs.headers?
       code = status.to_i
+      hdr_only ||= Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include?(code)
       msg = Rack::Utils::HTTP_STATUS_CODES[code]
       buf = "#{response_start}#{msg ? %Q(#{code} #{msg}) : status}\r\n" \
             "Date: #{httpdate}\r\n".dup
@@ -150,7 +151,11 @@ module Yahns::HttpResponse # :nodoc:
           # allow Rack apps to tell us they want to drop the client
           alive = false if value =~ /\bclose\b/i
         when %r{\AContent-Length\z}i
-          flags |= MSG_MORE if have_more?(value)
+          term = true
+          flags |= MSG_MORE if value.to_i > 0 && !hdr_only
+          kv_str(buf, key, value)
+        when %r{\ATransfer-Encoding\z}i
+          term = true if value =~ /\bchunked\b/i
           kv_str(buf, key, value)
         when "rack.hijack"
           hijack = value
@@ -158,6 +163,12 @@ module Yahns::HttpResponse # :nodoc:
           kv_str(buf, key, value)
         end
       end
+      if !term && chunk_ok
+        term = true
+        body = Yahns::ChunkBody.new(body, opt)
+        buf << "Transfer-Encoding: chunked\r\n".freeze
+      end
+      alive &&= term
       buf << (alive ? "Connection: keep-alive\r\n\r\n".freeze
                     : "Connection: close\r\n\r\n".freeze)
       case rv = kgio_syssend(buf, flags)
@@ -169,9 +180,9 @@ module Yahns::HttpResponse # :nodoc:
         flags = MSG_DONTWAIT
         buf = rv # unlikely, hope the skb grows
       when :wait_writable, :wait_readable # unlikely
-        if k.output_buffering
+        if self.class.output_buffering
           alive = hijack ? hijack : alive
-          rv = response_header_blocked(rv, buf, body, alive, offset, count)
+          rv = response_header_blocked(buf, body, alive, offset, count)
           body = nil # ensure we do not close body in ensure
           return rv
         else
@@ -181,6 +192,7 @@ module Yahns::HttpResponse # :nodoc:
     end
 
     return response_hijacked(hijack) if hijack
+    return http_response_done(alive) if hdr_only
 
     if body.respond_to?(:to_path)
       @state = body = Yahns::StreamFile.new(body, alive, offset, count)
@@ -188,19 +200,19 @@ module Yahns::HttpResponse # :nodoc:
     end
 
     wbuf = rv = nil
-    body.each do |chunk|
+    body.each do |x|
       if wbuf
-        rv = wbuf.wbuf_write(self, chunk)
+        rv = wbuf.wbuf_write(self, x)
       else
-        case rv = kgio_trywrite(chunk)
+        case rv = String === x ? kgio_trywrite(x) : kgio_trywritev(x)
         when nil # all done, likely and good!
           break
-        when String
-          chunk = rv # hope the skb grows when we loop into the trywrite
+        when String, Array
+          x = rv # hope the skb grows when we loop into the trywrite
         when :wait_writable, :wait_readable
-          if k.output_buffering
-            wbuf = Yahns::Wbuf.new(body, alive, k.output_buffer_tmpdir, rv)
-            rv = wbuf.wbuf_write(self, chunk)
+          if self.class.output_buffering
+            wbuf = Yahns::Wbuf.new(body, alive)
+            rv = wbuf.wbuf_write(self, x)
             break
           else
             response_wait_write(rv) or return :close
@@ -273,4 +285,11 @@ module Yahns::HttpResponse # :nodoc:
       return rv
     end while true
   end
+
+  # must be called before app dispatch, since the app can
+  # do all sorts of nasty things to env
+  def http_response_prep(env)
+    [ env['REQUEST_METHOD'] == 'HEAD'.freeze, # hdr_only
+      env['HTTP_VERSION'] == 'HTTP/1.1'.freeze ] # chunk_ok
+  end
 end