inline C code and post data

Cal Heldenbrand cal at fbsdata.com
Thu Jan 7 16:34:51 CET 2010 

Poul-Henning,

I think I managed to get this working, without needing a modification on the
varnish source.  Here's a snippet of the important parts of how I
implemented this.  (I left out all of my error checking for readability)

void get_req_body(struct sess *sp)
{

   /* create a new shared memory file to store the request body in.
    * Make sure this is deleted after we're done or this will eat up memory!
    */
   int memfd = shm_open(pidstr, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);

   // read the body from the client HTTP connection,
   int rsize = read(sp->htc->fd, body, content_length);

   // write the body into shm
   int wsize = write(memfd, body, content_length);

   // seek the file descriptor back to the beginning of the file
   lseek(memfd, 0, SEEK_SET);

   /* set Varnish's HTTP file descriptor to this new shm file.
    * This fools varnish into reading the request body
    * later on when passing it to the backend
    *
    * Not sure WHY this works though... If it needs to write
    * to the client during vcl_deliver, wouldn't it just
    * write the contents to this shm file?  It must be a
    * different file descriptor for writing?
    */
   sp->htc->fd = memfd;
}

This method was sort of my last ditch effort, and I was surprised that it
worked.  I couldn't find exactly where the deliver code writes to the
socket, but the only explanation is that there is a separate socket for
writing to the client.  Is that correct?

Also, I'm not an expert on how licenses work -- if I want to distribute
this, do I need to license it the same as varnish if I include your headers?

Thanks!

--Cal


On Fri, Jan 1, 2010 at 2:02 PM, Cal Heldenbrand <cal at fbsdata.com> wrote:

> How difficult do you think it would be to provide this to the VRT level?
> I'd be happy to do the coding if you point me in the right direction of
> where the post data is handled in the source.
>
> I think it would be a useful tool for the rest of the community as well.
> (I remember some mailing list post on doing security matching, similar to
> Apache's mod_security)
>
> Thanks, and happy hangover day!
>
> --Cal
>
>
>
> On Fri, Jan 1, 2010 at 5:18 AM, Poul-Henning Kamp <phk at phk.freebsd.dk>wrote:
>
>> In message <6d0f643a0912311432v1e594e5cl601f1a5b19b59956 at mail.gmail.com>,
>> Cal H
>> eldenbrand writes:
>>
>> >I just started experimenting with the coolness of using inline C in VCL,
>> and
>> >I've run into a bit of a hurdle -- I can't find any VRT functions that
>> allow
>> >me to dig into the request body where the post data is at.
>>
>> The post data is not available at any point near VCL, it is transferred
>> to the backend as part of the backend fetch.
>>
>> Poul-Henning
>>
>> PS: Happy NewYear
>>
>> --
>> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> phk at FreeBSD.ORG         | TCP/IP since RFC 956
>> FreeBSD committer       | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by
>> incompetence.
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20100107/6fd79b7d/attachment-0002.html>

More information about the varnish-dev mailing list