tags:

views:

44

answers:

1
Q: 

Apache module in C: how to write data to client socket?

Hello,

I have created a simple mod_perl module, which writes a 0-terminated string to the Flash-clients connecting to the port 843. It works ok, but uses 20m per httpd-child at my CentOS 5 Linux machine.

So I'm trying to rewrite my module in C, but I'm not sure how to access the client socket through the conn_rec struct that my protocol handler receives.

I've asked at a mailing list and tried adding #define CORE_PRIVATE and using ap_get_module_config(conn->conn_config, &core_module) but this breaks my web server: the string is served both to port 843 (which is ok), but also to the port 80 (which is not ok).

Does anybody please have a suggestion here?

Here is my SocketPolicy.pm (works ok, but needs mucho memory):

package SocketPolicy;

# Listen 843
# <VirtualHost _default_:843>
#       PerlModule                   SocketPolicy
#       PerlProcessConnectionHandler SocketPolicy
# </VirtualHost>

use strict;
use warnings FATAL => 'all';
use APR::Const(-compile => 'SO_NONBLOCK');
use APR::Socket();
use Apache2::ServerRec();
use Apache2::Connection();
use Apache2::Const(-compile => qw(OK DECLINED));

use constant POLICY =>
qq{<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"&gt;

<cross-domain-policy>
<allow-access-from domain="*" to-ports="8080"/>
</cross-domain-policy>
\0};

sub handler {
        my $conn   = shift;
        my $socket = $conn->client_socket();
        my $offset = 0;

        # set the socket to the blocking mode
        $socket->opt_set(APR::Const::SO_NONBLOCK => 0);

        do {
                my $nbytes = $socket->send(substr(POLICY, $offset), length(POLICY) - $offset);
                # client connection closed or interrupted
                return Apache2::Const::DECLINED unless $nbytes;
                $offset += $nbytes;
        } while ($offset < length(POLICY));

        my $slog = $conn->base_server()->log();
        $slog->warn('served socket policy to: ', $conn->remote_ip());
        return Apache2::Const::OK;
}

1;

Here is my broken mod_socket_policy.c (hijacks the port 80):

/*
LoadModule socket_policy_module modules/mod_socket_policy.so
Listen 843
<VirtualHost _default_:843>
        SetHandler socket_policy
</VirtualHost>
*/

#include <httpd.h>
#include <http_protocol.h>
#include <http_connection.h>
#include <http_config.h>
#include <http_log.h>
#define CORE_PRIVATE
#include <http_core.h>

#define POLICY "<?xml version=\"1.0\"?>\n" \
               "<!DOCTYPE cross-domain-policy SYSTEM\n" \
               "\"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd\"&gt;\n" \
               "<cross-domain-policy>\n" \
               "<allow-access-from domain=\"*\" to-ports=\"8080\"/>\n" \
               "</cross-domain-policy>\0"

static int socket_policy_handler(conn_rec *conn) {
        apr_socket_t *socket = ap_get_module_config(conn->conn_config, &core_module);
        apr_size_t len = strlen(POLICY);

        apr_socket_send(socket, POLICY, &len);

        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, conn->base_server,
                "served socket policy to %s", conn->remote_ip);

        return OK;
}

static void register_hooks(apr_pool_t *pool) {
        ap_hook_process_connection(socket_policy_handler, NULL, NULL, APR_HOOK_MIDDLE);
}

module AP_MODULE_DECLARE_DATA socket_policy_module = {
        STANDARD20_MODULE_STUFF,
        NULL,
        NULL,
        NULL,
        NULL,
        NULL,
        register_hooks
};

Also, I've looked at mod_perl source and they seemingly use the same method to access the client socket:

static MP_INLINE
apr_socket_t *mpxs_Apache2__Connection_client_socket(pTHX_ conn_rec *c,
                                                    apr_socket_t *s)
{
    apr_socket_t *socket =
        ap_get_module_config(c->conn_config, &core_module);

    if (s) {
        ap_set_module_config(c->conn_config, &core_module, s);
    }

    return socket;
}

So why does my Perl module work and the C one not?

Thank you, Alex

A: 

For content handlers the convention is to use SetHandler XXX in httpd.conf and then at the runtime they check for that string with

if (!r->handler || (strcmp(r->handler, "XXX") != 0))
   return DECLINED;

But for protocol handlers there is no such convention. You have to introduce some keyword for httpd.conf and check for it. For example mod_echo (source code included with Apache) introduces ProtocolEcho On. Or in my case you could just check the port:

   if (conn->base_server->port != 843)
           return DECLINED;

Also below is the working module for the same purpose, but using bucket brigades, which is better than writing directly to client socket:

/*
LoadModule socket_policy_module modules/mod_socket_policy.so
Listen 843
<VirtualHost _default_:843>
</VirtualHost>
*/
#include <httpd.h>
#include <http_protocol.h>
#include <http_connection.h>
#include <http_config.h>
#include <http_log.h>

#define POLICY "<?xml version=\"1.0\"?>\n" \
               "<!DOCTYPE cross-domain-policy SYSTEM\n" \
               "\"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd\"&gt;\n" \
               "<cross-domain-policy>\n" \
               "<allow-access-from domain=\"*\" to-ports=\"8080\"/>\n" \
               "</cross-domain-policy>\n"

static int socket_policy_handler(conn_rec *conn) {
        apr_bucket_brigade *bb;
        apr_bucket *b;
        apr_status_t rv;

        if (conn->base_server->port != 843)
                return DECLINED;

        bb = apr_brigade_create(conn->pool, conn->bucket_alloc);
        /* this will send the terminating 0 as well */
        b = apr_bucket_immortal_create(POLICY, sizeof(POLICY), bb->bucket_alloc);
        APR_BRIGADE_INSERT_TAIL(bb, b);
        b = apr_bucket_eos_create(bb->bucket_alloc);
        APR_BRIGADE_INSERT_TAIL(bb, b);
        rv = ap_pass_brigade(conn->output_filters, bb);
        if (rv != APR_SUCCESS) {
                ap_log_error(APLOG_MARK, APLOG_ERR, 0, conn->base_server, "output error");
                return DECLINED;
        }

        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, conn->base_server,
            "served socket policy to %s", conn->remote_ip);
        return OK;
}

static void register_hooks(apr_pool_t *pool) {
        ap_hook_process_connection(socket_policy_handler, NULL, NULL, APR_HOOK_MIDDLE);
}

module AP_MODULE_DECLARE_DATA socket_policy_module = {
        STANDARD20_MODULE_STUFF,
        NULL,
        NULL,
        NULL,
        NULL,
        NULL,
        register_hooks
};
Alexander Farber  2010-10-24 15:11:00
And if SELinux is active, then you need this command or Apache won't be able to bind to the new port: semanage port -a -t http_port_t -p tcp 843
Alexander Farber  2010-10-24 15:24:07

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS