Re: [AOLSERVER] Critical filter failed
What would be even better is to just write the code right in the first place so that no error ever happens. (I tried that. I came close.) People make mistakes. Server software should do something reasonable. The problem with just closing the connection is: - the user will get connection has been reset by peer, which could be caused by several things - there will be nothing logged in the server log files, like 500 errors that would show up in log analysis, i.e., the people running the server don't even know something bad is happening Especially with complex code that may be dependent on a number of things, all code paths don't always get tested. Sure, it's bad - but it's a fact of life IMO. Yes. I am arguing that the server should always return a 500 if it reaches the end of a connection with no other results. I don't know the technical feasibility of this but it does not seem like correct behavior to return nothing to the user. Totally agree. In fact, I think there may be other cases where AS 3.4 doesn't log Bad Request errors that are internally generated by AS. I have had users do screen shots of Bad Request, yet I can't find them in my logs. Could be stupidity on my part...dunno yet. Jim I'm confused by the O/ACS is replacing the http protocol with the filter reference. The O/ACS is just using the documented ns_register_filter command for it's intended purpose. On Sunday 06 January 2002 10:52 pm, you wrote: David Walker wrote: When the error below appears wouldn't the proper response be a 500 server error? The 3.4 way of handling this is to return nothing. Error: tclop: invalid return code from filter proc 'Critical filter sec_read_security_info failed.': must be filter_ok, filter_return, or filter_break This is an uncaught error in a filter. Since the O/ACS is replacing the http protocol with the filter, you could argue that it should return 500. What would be better would be for the application to log an error that would let the developer determine if it was a bug or some other error. For instance url hacking could also give this error, or many other database errors as well. --Tom Jackson
[AOLSERVER] [ aolserver-Patches-500430 ] bug fix for ns_hostbyaddr
Patches item #500430, was opened at 2002-01-07 07:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=303152aid=500430group_id=3152 Category: other Group: None Status: Open Resolution: None Priority: 5 Submitted By: patrick o'leary (pjaol) Assigned to: Nobody/Anonymous (nobody) Summary: bug fix for ns_hostbyaddr Initial Comment: ns_hostbyaddr can cause a libthread crash on Sun OS 7+, under high load, with ip address's which cannot be resolved. This comes from NsTclGetByCmd (in tclsock.c) returning TCL_ERROR, which get pushed into ns_log. This solution returns TCL_OK for all events, replaces ns_hostbyaddr with ns_get_hostbyaddr. The result is pushed into the TCL result string. -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=303152aid=500430group_id=3152
Re: [AOLSERVER] Critical filter failed
Yes. I am arguing that the server should always return a 500 if it reaches the end of a connection with no other results. I don't know the technical feasibility of this but it does not seem like correct behavior to return nothing to the user. I think the problem is that a filter can return a complete response on its own, possibly using ns_write rather than ns_return. If it does do, and then fails (I have some filters that do some housekeeping after returning the request to the visitor), then the server might erroneously issue a 500 response after a perfectly well-formed (and possibly non-error, despite the failure of the filter) response. My opinion is that the behavior of the filters is reasonable; perhaps a better solution would be to enhance the documentation to point out that this is a common error. It might be better to prevent the possibility of this from occurring, but then I think we'd have to restrict some of the functionality of filters. You can accomplish a lot of what filters do with composition, so it may be that filters aren't the most appropriate choice of mechanism for this feature of your application. Pete.
Re: [AOLSERVER] Critical filter failed
Maybe there needs to be a flag in ns_write and friends to indicate that something has been written to the connection. If not, send out a 500 before closing the connection. To me, this seems like a general error condition not specific to filters. I imagine (but don't know for a fact) that there are other unusual error cases that may cause AS to close a connection with nothing being sent. Jim Yes. I am arguing that the server should always return a 500 if it reaches the end of a connection with no other results. I don't know the technical feasibility of this but it does not seem like correct behavior to return nothing to the user. I think the problem is that a filter can return a complete response on its own, possibly using ns_write rather than ns_return. If it does do, and then fails (I have some filters that do some housekeeping after returning the request to the visitor), then the server might erroneously issue a 500 response after a perfectly well-formed (and possibly non-error, despite the failure of the filter) response. My opinion is that the behavior of the filters is reasonable; perhaps a better solution would be to enhance the documentation to point out that this is a common error. It might be better to prevent the possibility of this from occurring, but then I think we'd have to restrict some of the functionality of filters. You can accomplish a lot of what filters do with composition, so it may be that filters aren't the most appropriate choice of mechanism for this feature of your application. Pete.
Re: [AOLSERVER] Critical filter failed
Perhaps ns_atclose might fulfill some of your needs. Build a preauth filter with a ns_atclose myproc statement in it and myproc will be executed after everything else just before connection close. On Monday 07 January 2002 11:14 am, you wrote: On 2002.01.07, Jim Wilcoxson [EMAIL PROTECTED] wrote: Maybe there needs to be a flag in ns_write and friends to indicate that something has been written to the connection. If not, send out a 500 before closing the connection. Strangely, while I was implementing some stuff dealing with filters, I was really wishing for another kind of filter. Currently, there's a preauth, postauth, and trace filters. I was hoping for a preclose filter, something that gets executed after postauth, but before the trace filter -- basically, something that got executed after all of the preauth and postauth filters executed, and the HTML page (or ADP page, or whatever) got parsed and served, but before the connection was closed (and before the trace filters get executed). This way, if after all the preauth and postauth filters and the HTML/ADP pages get served, you'd have the chance to append some stuff to the output stream before the connection gets closed. Perhaps this could ALSO be used to send an error if nothing had been written to the connection up to that point, as well. I'm not sure how useful, or how difficult, this would be to implement, so I haven't bothered looking into it yet ... -- Dossy
Re: [AOLSERVER] Critical filter failed
On 2002.01.07, David Walker [EMAIL PROTECTED] wrote: Perhaps ns_atclose might fulfill some of your needs. Build a preauth filter with a ns_atclose myproc statement in it and myproc will be executed after everything else just before connection close. Registering a script with ns_atclose won't work. ns_atclose's timing is similar to a trace filter - after the connection is closed. ns_atclose doesn't require a connection, though -- it seems like it gets called when the thread it's registered in gets cleaned up or something. I'm not 100% sure, but I did experiment with this. The timing was too late. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] Critical filter failed
hmm. Under Linux I issued a ns_write command from a procedure called by ns_atclose and the output was appended to the previous ns_write output and displayed in my browser. The docs don't actually specify whether it should take place before or after the connection close. On Monday 07 January 2002 11:34 am, you wrote: On 2002.01.07, David Walker [EMAIL PROTECTED] wrote: Perhaps ns_atclose might fulfill some of your needs. Build a preauth filter with a ns_atclose myproc statement in it and myproc will be executed after everything else just before connection close. Registering a script with ns_atclose won't work. ns_atclose's timing is similar to a trace filter - after the connection is closed. ns_atclose doesn't require a connection, though -- it seems like it gets called when the thread it's registered in gets cleaned up or something. I'm not 100% sure, but I did experiment with this. The timing was too late. -- Dossy
Re: [AOLSERVER] Critical filter failed
Totally agree. In fact, I think there may be other cases where AS 3.4 doesn't log Bad Request errors that are internally generated by AS. I have had users do screen shots of Bad Request, yet I can't find them in my logs. Could be stupidity on my part...dunno yet. Jim I can confirm that uncaught errors will result in a connection that is not logged. And when I examine the logs of the reverse proxy master (aolserver running nsvhr), you can see the connections there that don't appear in an aolserver whose connection generated an error.) If I recall that's because access logging itself is implemented as a just another filter and the filter logic is such that an error in any filter results in the rest of the filters being skipped. It might be a good thing to have finally filters, that are run no matter what, and I wouldn't mind seeing finer grain control over which filter runs before which other filters (not just what phase they run in.) (As an aside, there is other information that may not get logged. As an example, anyone who returns their content with ns_write (I believe) and not ns_return, or not through an ADP page, will have erroneous logging of amount of content returned.) Jerry Jerry Asher [EMAIL PROTECTED] 1678 Shattuck Avenue Suite 161 Tel: (510) 549-2980 Berkeley, CA 94709 Fax: (877) 311-8688
Re: [AOLSERVER] And if you thought nsvhr was an inefficient virtual hosting mechanism...
as a chroot alternative it should very good. I'm not aware of any way to access the parent machine from the virtual machine. as a virtual server it might perform well if you give each vmware machine a dedicated partition and load up on memory (if you assign 128mb or whatever to a virtual machine it will always have that memory in use) it certainly is inefficient but it does provide a great way of segmenting services while still using a single piece of hardware. and you could run different OSs if you so desire. and with hardware getting cheaper and faster this idea becomes more and more viable. On Monday 07 January 2002 11:57 am, you wrote: VMware is a wonderful product. I am also amazed that these days a company with such a technically hard product, not hardware, to make or support could get funded. That said, I was surprised by their newsletter suggestion this morning: TECH TIP OF THE MONTH: HOSTING SERVICES ON VIRTUAL MACHINES BEHIND VMWARE NAT Our users and staff often discover hints and shortcuts that can help you get the most from VMware products. This month, our tech tip explains how to configure VMware NAT so that your virtual machines can provide network services (such as Web and FTP) on your public network. NAT enables guest operating systems to share the host operating system IP address(es). ... Read more about hosting services on virtual machines behind VMware NAT at: http://vmware1.m0.net/m/s.asp?HB5170575598X1186076X89440X This is not the solution I would choose if I was concerned about performance. I do wonder how well it might work as a chroot alternative. Jerry Jerry Asher [EMAIL PROTECTED] 1678 Shattuck Avenue Suite 161 Tel: (510) 549-2980 Berkeley, CA 94709 Fax: (877) 311-8688
Re: [AOLSERVER] Critical filter failed
On 2002.01.07, David Walker [EMAIL PROTECTED] wrote: hmm. Under Linux I issued a ns_write command from a procedure called by ns_atclose and the output was appended to the previous ns_write output and displayed in my browser. The docs don't actually specify whether it should take place before or after the connection close. Hmm. Maybe I did something dumb, then. Entirely possible. ;-) -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] And if you thought nsvhr was an inefficient virtual hosting mechanism...
I think a href=http://user-mode-linux.sourceforge.net/;User-Mode Linux (UML)/a is probably the best chroot alternative for Linux. On BSDs, I imagine jail is better. On Monday, January 7, 2002, at 12:57 PM, Jerry Asher wrote: I do wonder how well it might work as a chroot alternative.
[AOLSERVER] Sharing a socket between C and TCL
Hello. I've written a small C based daemon listening on 999 port. It doesn't do much, but I want to move some of the functions from C to TCL. I'm using Ns_SockListenCallback() and have SOCKET to work with. How do I allow Tcl to use this socket? -- WK
Re: [AOLSERVER] Sharing a socket between C and TCL
If you're creating the socket in your C module using Tcl channels, I think you just need to get the socket id back and use the standard puts, gets and so on. If you aren't using Tcl channels, you'll need to create your own Tcl commands and use them to read/write bytes. See nsopenssl for an example of using Tcl channels. I had to create my own new channels. You should only have to use the standard Tcl channel already defined for sockets. /s. Hello. I've written a small C based daemon listening on 999 port. It doesn't do much, but I want to move some of the functions from C to TCL. I'm using Ns_SockListenCallback() and have SOCKET to work with. How do I allow Tcl to use this socket? -- WK
Re: [AOLSERVER] And if you thought nsvhr was an inefficient virtual hosting mechanism...
This is a small ab test on VMware 3.0 on Windows on P3/850 and a P3/600: Server Software:AOLserver/3.4 -- this is the P3/600 Server Hostname:www.zoro.tcl.pl Server Port:80 Document Path: /ab/ab.adp Document Length:12 bytes Concurrency Level: 1 Time taken for tests: 15.304 seconds Complete requests: 1 Failed requests:0 Total transferred: 174 bytes HTML transferred: 12 bytes Requests per second:653.42 Transfer rate: 113.70 kb/s received Server Software:AOLserver/3.4-z1 -- this is the VM machine Server Hostname:www.ab.aol.hesus2.lan Server Port:80 Document Path: /ab.adp Document Length:12 bytes Concurrency Level: 1 Time taken for tests: 28.425 seconds Complete requests: 1 Failed requests:0 Broken pipe errors: 0 Total transferred: 177 bytes HTML transferred: 12 bytes Requests per second:351.80 [#/sec] (mean) Time per request: 2.84 [ms] (mean) Time per request: 2.84 [ms] (mean, across all concurrent requests) Transfer rate: 62.27 [Kbytes/sec] received I guess it isn't that slow. I used to emulate Mac on my Amiga and I learned that emulating can be useful. And I used a VMware Workstation 3.0 trial - and I suppose ESX/GSX servers are optimized for speed and workstation is optimized for desktop performance (after installing vmware_drv.o my XFree4 was almost as fast as on i810.o :). I suppose context switching is the bottleneck with AOLserver, even with threads... When I tried using tcllib's MIME for 15MB mail parsing, the VM Linux was actually faster (!) than real Win2000. About 5% faster. This was a nice thing to see. The PITA for emulating is the hardware required to emulate - like VGA graphics, soundcards and so on. Jerry Asher wrote: VMware is a wonderful product. I am also amazed that these days a company with such a technically hard product, not hardware, to make or support could get funded. That said, I was surprised by their newsletter suggestion this morning: TECH TIP OF THE MONTH: HOSTING SERVICES ON VIRTUAL MACHINES BEHIND VMWARE NAT Our users and staff often discover hints and shortcuts that can help you get the most from VMware products. This month, our tech tip explains how to configure VMware NAT so that your virtual machines can provide network services (such as Web and FTP) on your public network. NAT enables guest operating systems to share the host operating system IP address(es). ... Read more about hosting services on virtual machines behind VMware NAT at: http://vmware1.m0.net/m/s.asp?HB5170575598X1186076X89440X This is not the solution I would choose if I was concerned about performance. I do wonder how well it might work as a chroot alternative. Jerry Jerry Asher [EMAIL PROTECTED] 1678 Shattuck Avenue Suite 161 Tel: (510) 549-2980 Berkeley, CA 94709 Fax: (877) 311-8688
[AOLSERVER] Ns_SetCreate is thread safe?
Folks, with AOLserver 3.3+ad13 on Solaris (SunOS 5.*), in my own loadable module, I have a Tcl command implemented in C that creates a new ns_set and then does stuff with it, pretty much like this: setPtr = Ns_SetCreate(TclReceiveDataCmd); /* Do more C stuff - stick data into the set, etc. */ /* * We are using NS_TCL_SET_DYNAMIC, so presumably, we never need to * call Ns_SetFree. */ Ns_TclEnterSet(interp, setPtr, NS_TCL_SET_DYNAMIC); return TCL_OK; (Oh yeah, and I'm using '#define NS_TCL_SET_DYNAMIC 1' like in the AOLserver 4.x codebase, because it's more understandable than the old 3.x terms for the same thing.) Problem is, I'm sometimes getting a segfault during the malloc in the Ns_SetCreate (see below), and I don't understand why. Could someone give me advice on this, please? Thanks! Program received signal SIGSEGV, Segmentation fault. [Switching to LWP 7] 0xff14140c in _malloc_unlocked () from /lib/libc.so.1 (gdb) bt #0 0xff14140c in _malloc_unlocked () from /lib/libc.so.1 #1 0xff141294 in malloc () from /lib/libc.so.1 #2 0x1414b4 in ns_malloc (size=80) at memory.c:126 #3 0x5a1bc in Ns_SetCreate (name=0xfe6a94e8 BB_TclReceiveDataCmd) at set.c:91 #4 0xfe6a7e7c in BB_TclCmd (data=0x0, interp=0x189120, argc=3, argv=0xfddfd1e0) at nsbbapi.c:2251 -- Andrew Piskorski [EMAIL PROTECTED] http://www.piskorski.com
Re: [AOLSERVER] Critical filter failed
The OpenACS system implements a filter manager, ad_register_filter, that sits on top of ns_register_filter and lets you set a priority number for each filter you register with it. The master filter (registered with ns_register_filter) applies each registered filter in turn in the order you specify. You could use such a feature to force the order of trace filters. Perhaps that would address your need. Dave -Original Message- From: AOLserver Discussion [mailto:[EMAIL PROTECTED]]On Behalf Of Dossy Sent: Monday, January 07, 2002 12:14 PM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Critical filter failed On 2002.01.07, Jim Wilcoxson [EMAIL PROTECTED] wrote: Maybe there needs to be a flag in ns_write and friends to indicate that something has been written to the connection. If not, send out a 500 before closing the connection. Strangely, while I was implementing some stuff dealing with filters, I was really wishing for another kind of filter. Currently, there's a preauth, postauth, and trace filters. I was hoping for a preclose filter, something that gets executed after postauth, but before the trace filter -- basically, something that got executed after all of the preauth and postauth filters executed, and the HTML page (or ADP page, or whatever) got parsed and served, but before the connection was closed (and before the trace filters get executed). This way, if after all the preauth and postauth filters and the HTML/ADP pages get served, you'd have the chance to append some stuff to the output stream before the connection gets closed. Perhaps this could ALSO be used to send an error if nothing had been written to the connection up to that point, as well. I'm not sure how useful, or how difficult, this would be to implement, so I haven't bothered looking into it yet ... -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] Critical filter failed
On 2002.01.07, Dave Siktberg [EMAIL PROTECTED] wrote: You could use such a feature to force the order of trace filters. Perhaps that would address your need. I already said that trace filters aren't what I need. Trace filters are executed too late. Unless I'm wrong. My testing a while back made me believe that I wasn't ... -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: [AOLSERVER] Ns_SetCreate is thread safe?
+-- On Jan 7, Andrew Piskorski said: Problem is, I'm sometimes getting a segfault during the malloc in the Ns_SetCreate (see below), and I don't understand why. Could someone give me advice on this, please? Thanks! Program received signal SIGSEGV, Segmentation fault. [Switching to LWP 7] 0xff14140c in _malloc_unlocked () from /lib/libc.so.1 Looks like heap corruption. You are probably writing past the end of a block, or writing to a freed block, or freeing a block twice some time before this call. Yes, Ns_SetCreate is thread-safe.
Re: [AOLSERVER] Ns_SetCreate is thread safe?
On Mon, Jan 07, 2002 at 02:42:14PM -0600, Rob Mayoff wrote: Looks like heap corruption. You are probably writing past the end of a block, or writing to a freed block, or freeing a block twice some time before this call. Eeps. Any suggestions on how best to track down where in my code I'm causing this corruption? -- Andrew Piskorski [EMAIL PROTECTED] http://www.piskorski.com
