I have created a simple mod_perl module, which writes a 0-terminated string to the Flash-clients connecting to the port 843. It works ok, but uses 20m per httpd-child at my CentOS 5 Linux machine.
So I'm trying to rewrite my module in C, but I'm not sure how to access the client socket through the conn_rec struct that my protocol handler receives.
I've asked at a mailing list and tried adding #define CORE_PRIVATE and using ap_get_module_config(conn->conn_config, &core_module) but this breaks my web server: the string is served both to port 843 (which is ok), but also to the port 80 (which is not ok).
Does anybody please have a suggestion here?
Here is my SocketPolicy.pm (works ok, but needs mucho memory):
package SocketPolicy;
# Listen 843
# <VirtualHost _default_:843>
# PerlModule SocketPolicy
# PerlProcessConnectionHandler SocketPolicy
# </VirtualHost>
use strict;
use warnings FATAL => 'all';
use APR::Const(-compile => 'SO_NONBLOCK');
use APR::Socket();
use Apache2::ServerRec();
use Apache2::Connection();
use Apache2::Const(-compile => qw(OK DECLINED));
use constant POLICY =>
qq{<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="8080"/>
</cross-domain-policy>
\0};
sub handler {
my $conn = shift;
my $socket = $conn->client_socket();
my $offset = 0;
# set the socket to the blocking mode
$socket->opt_set(APR::Const::SO_NONBLOCK => 0);
do {
my $nbytes = $socket->send(substr(POLICY, $offset), length(POLICY) - $offset);
# client connection closed or interrupted
return Apache2::Const::DECLINED unless $nbytes;
$offset += $nbytes;
} while ($offset < length(POLICY));
my $slog = $conn->base_server()->log();
$slog->warn('served socket policy to: ', $conn->remote_ip());
return Apache2::Const::OK;
}
1;
Here is my broken mod_socket_policy.c (hijacks the port 80):
/*
LoadModule socket_policy_module modules/mod_socket_policy.so
Listen 843
<VirtualHost _default_:843>
SetHandler socket_policy
</VirtualHost>
*/
#include <httpd.h>
#include <http_protocol.h>
#include <http_connection.h>
#include <http_config.h>
#include <http_log.h>
#define CORE_PRIVATE
#include <http_core.h>
#define POLICY "<?xml version=\"1.0\"?>\n" \
"<!DOCTYPE cross-domain-policy SYSTEM\n" \
"\"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd\">\n" \
"<cross-domain-policy>\n" \
"<allow-access-from domain=\"*\" to-ports=\"8080\"/>\n" \
"</cross-domain-policy>\0"
static int socket_policy_handler(conn_rec *conn) {
apr_socket_t *socket = ap_get_module_config(conn->conn_config, &core_module);
apr_size_t len = strlen(POLICY);
apr_socket_send(socket, POLICY, &len);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, conn->base_server,
"served socket policy to %s", conn->remote_ip);
return OK;
}
static void register_hooks(apr_pool_t *pool) {
ap_hook_process_connection(socket_policy_handler, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA socket_policy_module = {
STANDARD20_MODULE_STUFF,
NULL,
NULL,
NULL,
NULL,
NULL,
register_hooks
};
Also, I've looked at mod_perl source and they seemingly use the same method to access the client socket:
static MP_INLINE
apr_socket_t *mpxs_Apache2__Connection_client_socket(pTHX_ conn_rec *c,
apr_socket_t *s)
{
apr_socket_t *socket =
ap_get_module_config(c->conn_config, &core_module);
if (s) {
ap_set_module_config(c->conn_config, &core_module, s);
}
return socket;
}
So why does my Perl module work and the C one not?
For content handlers the convention is to use SetHandler XXX in httpd.conf and then at the runtime they check for that string with
if (!r->handler || (strcmp(r->handler, "XXX") != 0))
return DECLINED;
But for protocol handlers there is no such convention. You have to introduce some keyword for httpd.conf and check for it. For example mod_echo (source code included with Apache) introduces ProtocolEcho On. Or in my case you could just check the port:
if (conn->base_server->port != 843)
return DECLINED;
Also below is the working module for the same purpose, but using bucket brigades, which is better than writing directly to client socket:
/*
LoadModule socket_policy_module modules/mod_socket_policy.so
Listen 843
<VirtualHost _default_:843>
</VirtualHost>
*/
#include <httpd.h>
#include <http_protocol.h>
#include <http_connection.h>
#include <http_config.h>
#include <http_log.h>
#define POLICY "<?xml version=\"1.0\"?>\n" \
"<!DOCTYPE cross-domain-policy SYSTEM\n" \
"\"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd\">\n" \
"<cross-domain-policy>\n" \
"<allow-access-from domain=\"*\" to-ports=\"8080\"/>\n" \
"</cross-domain-policy>\n"
static int socket_policy_handler(conn_rec *conn) {
apr_bucket_brigade *bb;
apr_bucket *b;
apr_status_t rv;
if (conn->base_server->port != 843)
return DECLINED;
bb = apr_brigade_create(conn->pool, conn->bucket_alloc);
/* this will send the terminating 0 as well */
b = apr_bucket_immortal_create(POLICY, sizeof(POLICY), bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
b = apr_bucket_eos_create(bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
rv = ap_pass_brigade(conn->output_filters, bb);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, conn->base_server, "output error");
return DECLINED;
}
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, conn->base_server,
"served socket policy to %s", conn->remote_ip);
return OK;
}
static void register_hooks(apr_pool_t *pool) {
ap_hook_process_connection(socket_policy_handler, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA socket_policy_module = {
STANDARD20_MODULE_STUFF,
NULL,
NULL,
NULL,
NULL,
NULL,
register_hooks
};