inline C code and post data

Cal Heldenbrand cal at
Thu Jan 7 16:34:51 CET 2010


I think I managed to get this working, without needing a modification on the
varnish source.  Here's a snippet of the important parts of how I
implemented this.  (I left out all of my error checking for readability)

void get_req_body(struct sess *sp)

   /* create a new shared memory file to store the request body in.
    * Make sure this is deleted after we're done or this will eat up memory!
   int memfd = shm_open(pidstr, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);

   // read the body from the client HTTP connection,
   int rsize = read(sp->htc->fd, body, content_length);

   // write the body into shm
   int wsize = write(memfd, body, content_length);

   // seek the file descriptor back to the beginning of the file
   lseek(memfd, 0, SEEK_SET);

   /* set Varnish's HTTP file descriptor to this new shm file.
    * This fools varnish into reading the request body
    * later on when passing it to the backend
    * Not sure WHY this works though... If it needs to write
    * to the client during vcl_deliver, wouldn't it just
    * write the contents to this shm file?  It must be a
    * different file descriptor for writing?
   sp->htc->fd = memfd;

This method was sort of my last ditch effort, and I was surprised that it
worked.  I couldn't find exactly where the deliver code writes to the
socket, but the only explanation is that there is a separate socket for
writing to the client.  Is that correct?

Also, I'm not an expert on how licenses work -- if I want to distribute
this, do I need to license it the same as varnish if I include your headers?



On Fri, Jan 1, 2010 at 2:02 PM, Cal Heldenbrand <cal at> wrote:

> How difficult do you think it would be to provide this to the VRT level?
> I'd be happy to do the coding if you point me in the right direction of
> where the post data is handled in the source.
> I think it would be a useful tool for the rest of the community as well.
> (I remember some mailing list post on doing security matching, similar to
> Apache's mod_security)
> Thanks, and happy hangover day!
> --Cal
> On Fri, Jan 1, 2010 at 5:18 AM, Poul-Henning Kamp <phk at>wrote:
>> In message <6d0f643a0912311432v1e594e5cl601f1a5b19b59956 at>,
>> Cal H
>> eldenbrand writes:
>> >I just started experimenting with the coolness of using inline C in VCL,
>> and
>> >I've run into a bit of a hurdle -- I can't find any VRT functions that
>> allow
>> >me to dig into the request body where the post data is at.
>> The post data is not available at any point near VCL, it is transferred
>> to the backend as part of the backend fetch.
>> Poul-Henning
>> PS: Happy NewYear
>> --
>> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> phk at FreeBSD.ORG         | TCP/IP since RFC 956
>> FreeBSD committer       | BSD since 4.3-tahoe
>> Never attribute to malice what can adequately be explained by
>> incompetence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the varnish-dev mailing list