pool performance in the worker mpm

[Brian Pane]

The worker MPM currently creates and destroys a
ptrans pool for each connection.  This is somewhat
of a performance bottleneck due to the mutex locking
in apr_pool_destroy().

We could avoid this problem by creating a persistent
pool per worker thread and doing apr_pool_clear() instead
of apr_pool_destroy.  But I'm guessing that there's a
reason why the code doesn't do that already.  Can
anyone comment on the rationale for the current design?

If we created a persistent pool in each worker thread,
we might also be able to eliminate the locking in
new_block() by enhancing the pool code to use a
thread-private free block list.  This would eliminate
essentially all the mutex operations during request
processing.

--Brian

Re: Current CVS on Win32

[Sebastian Bergmann]

Sebastian Bergmann wrote:
>   I'm getting hundreds of errors, all referring to the following

dso.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
dir.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
fileacc.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
mktemp.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
filedup.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
filepath.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
filestat.c
filesys.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax error: Identifier 'rpcLOGPALETTE'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(883) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(884) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(978) : error
C2143: Syntax error: Missing '{' before '*'
flock.c
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(872) : error
C2061: Syntax error: Identifier 'PALETTEENTRY'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(873) : error
C2059: Syntax error: '}'
C:\Programme\Microsoft Visual Studio\VC98\INCLUDE\wtypes.h(881) : error
C2061: Syntax

RE: SSL and certficates script

[MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)]

Okay.. here's a more refined version of the script - including features for
client / ca certificate generation.. I've tried to keep it simple and
modular - pl. let me know if you have any feedback..

-Madhu

-Original Message-
From: Gomez Henri [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 21, 2001 3:30 PM
To: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
Cc: '[EMAIL PROTECTED]'
Subject: RE: SSL and certficates script


En réponse à "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
<[EMAIL PROTECTED]>:

> The script is pretty similar to what we had for Apache 1.3.x.. You can
> get
> the usage details by "./mkcert.sh --help".. Pl. do let me know if the
> Usage
> details provided are not sufficient - I'll try to put in more details
> there..

I just want to say that this script is a SUPERB tool and everything
is present to have the graal of SSL certs.

We need a tool to generate :

1) a custom CA cert
2) custom server certs signed with that CA
3) client (browser) certs signed all with that CA

What will give Apache 2.0 a decent simple "PKI" and which will
be very usefull for small companies...


> The creation of a self-signed CA and a certificate are both linked
> together
> - it can be created by "./mkcert.sh --custom" or "./mkcert.sh
> --type=custom"..
> 
> Did you want to just create the self-signed CA certificate only, and
> NOT
> the
> server certificate ?.. If yes, then it's not possible with the current
> script.. I'm trying to make it more modular, so that you can have a
> mix-n-match of the functions.. 
> Also, I've changed the layout of the files to a certain extent - the
> .csr
> files now go into the conf/ssl.crt/ directory itself -if this is not
> okay, I
> can change it back to go to conf/ssl.csr/

The scripts I sent previously included code to generate the client
cert (PKCS12 format). I feel you have now everything to give AP2.0
its own little Cert Agency :)

Hope you could do that for us :)


-
Henri Gomez ___[_]
EMAIL : [EMAIL PROTECTED](. .) 
PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 



#!/bin/sh
##
##  mkcert.sh -- SSL Certificate Generation Utility
##

export certdir=/opt/apache2s
export PATH=$certdir/ssl/bin:$PATH

## Some local variables used
openssl=`whence openssl`
type=
algo=
crt=
key=
view=

## Terminal Sequences
case $TERM in
  xterm|xterm*|vt220|vt220*)
BB=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
BE=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
;;
  vt100|vt100*)
BB=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
BE=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
;;
  default)
BB=''
BE=''
;;
esac


## Utility Functions :
function Usage
{
echo "+-+";
echo "| |";
echo "| USAGE   |";
echo "| |";
echo "| Before you use the mod_ssl you should prepare the SSL certificate   |";
echo "| system by running the 'mkcert.sh' command.  |";
echo "| For different situations the following variants are provided:   |";
echo "| |";
echo "| To view a certificate (displays the generated data) |";
echo "| % mkcert.sh --view  |"; 
echo "| |";
echo "| To generate a Client certificate (signed by own CA) |";
echo "| % mkcert.sh --client|"; 
echo "| |";
echo "| To generate a custom CA certificate |";
echo "| % mkcert.sh --ca|"; 
echo "| |";
echo "| To generate a custom certificate (signed by own CA) |";
echo "| % mkcert.sh --custom|"; 
echo "| |";
echo "| To generate a dummy certificate (dummy self-signed Snake Oil cert)  |";
echo "| % mkcert.sh --dummy |";
echo "| |";
echo "| To generate a test certificate (test self-signed Snake Oil CA)  |";
echo "| % mkcert.sh --test  |";
echo "| |";
echo "| Use type=dummywhen you're a  vendor package maintainer, |"

Re: cvs commit: httpd-2.0/modules/cache mod_file_cache.c

[Cliff Woolley]

On Thu, 22 Nov 2001, Brian Pane wrote:

> I agree; doing the dup when we first mmap the file is better because
> it will save us a dup per request.

Can somebody tell me how it is that cleanup_file_cache() _isn't_ closing
the fd's/deleting the mmap's a _second_ time?  Or in fact why that
function needs to be there at all?  Each fd/mmap already has its own
cleanup registered, so why are we registering another one for them?

--Cliff

--
   Cliff Woolley
   [EMAIL PROTECTED]
   Charlottesville, VA

Re: Apache 2.0.27 and 2.0.28 RPM available

[Daniel Stone]

On Tue, Nov 20, 2001 at 09:29:19AM +0100, GOMEZ Henri wrote:
> >Comparing with my Debian packages, the patches from which I will post
> >after my exam:
> 
> Hope you'll be successfull :)

Thanks; I actually prepared for something much harder, so I was very
much relieved (it was Physics). Now I'm finished, and have holidays for
3 months! Whoohoo!

> >On Mon, Nov 19, 2001 at 01:40:55PM +0100, GOMEZ Henri wrote:
> >> BTW: From my RPM works I detect many stuff which could (should)
> >>  be added :
> >> 
> >>  - Modify apachectl and apxs to use @sbindir@/@progname@ instead
> >>of @prefix@/bin/@progname@. A security concert on 
> >many distrib 
> >>(ie Redhat which use /usr/sbin for httpd)
> >
> >Check.   
> 
> Ditto, but borred...

Sorry? Borred?

Anyway, ours is a much more stupid and less generic hack - we hardcode
paths.

> >>  - add a --with-ssl-port as we have --with-port
> >
> >Nope, could you please send this to dev@httpd?
> 
> Requirement sent yesterday.

Cool :)

> >>  - have httpd-std.conf supporting datadir and config.layout.
> >>For example, htdocs location in conf file, still 
> >didn't follow what
> >> has
> >>been set in config.layout.
> >
> >Hm, I just have a very minimalistic apache2.conf that I distribute,
> >users can make changes in httpd.conf (simplifies packaging).
> 
> Do you put your own copy of apache2.conf (we're using httpd2.conf) or
> do you put a patched version from distro ? The latest release expand
> nicely with @@LoadModule@@, and I'd like if they could add a @@AddModule@@
> to make  works.

I stripped down the base config. Here's how the modules work:
Every module puts a .load file in /etc/apache2/modules. If
it has module-specific configuration directives (i.e. ),
they go in .conf. To enable a module, a small shell script
just symlinks the .load file (and the .conf file, if it exists) to
/etc/apache2/mods-enabled. That way, we just have to include
/etc/apache2/mods-enabled from apache2.conf - much easier!

Anyway, we have a very stripped-down version of the httpd.conf-dist
called apache2.conf, hopefully users should not need to change this. One
of the main issues with the apache package is dpkg prompting you every
time because httpd.conf changed, even though you had to. This way,
apache2.conf should only get upgraded when upstream makes a large
change. httpd.conf is empty by default, and just gets Include'd from
apache2.conf - users and packages put their changes in httpd.conf.

> >>  The general goal is to try to have Apache 2.0 more FHS compliant
> >> without having 
> >>  to make huge patchs (or perl replace) at each release ;)
> >
> >Well, my package manages to fit into Debian FHS, and only has 
> >11 patches
> >all up.
> 
> FYI, here is a part of what should be patched or change via perl to make
> apache 2 fit better on FHS from my spec file :

I've included my debian/rules (and it does ;) file below - I've
commented here where necessary.

> # set ssl port to 8093
> perl -pi -e "s|443|%{ssllport}|g;" docs/conf/ssl-std.conf

I believe this is a major difference between Debian and RedHat. You guys
aren't allowed to have your packages interacting with the user, no? In
Debian, we have Debconf, which asks questions, remembers them for next
time, has priorities (so you can say you only want to see critical
questions if you want), etc.

In apache2's config (no, I lie - vhost-base's, but I'll explain that in
a sec), we ask the user what port they want.

So, OK, that isn't entirely accurate. I'm aiming to get very
comprehensive and generic virtual host support in Debian, and apache2
was the first package I made that used it. So, apache2 has no hosts by
default, but virtual hosts *can* be added by means of vhost-base. But
that's beside the point, sort of. 

> # change userid from nobody to apache2
> perl -pi -e "s|nobody|%{name}|g;" docs/conf/httpd-std.conf

We have www-data.www-data standard across all webservers.

> CFLAGS="$RPM_OPT_FLAGS" ./configure \
>   --with-program-name=httpd2 \

We call ours "apache2", because if we followed that naming scheme,
postfix, sendmail, exim, etc, would all be called "smtpd". ;)

>   --with-port=8092 \

Prompted for.

>   --with-mpm=threaded \

Which one's the best to use? We're just running with prefork right now.

> --prefix=%{_prefix} \
> [a lot of stuff stripped]

Why not just use a layout?

>   --enable-layout=RedHat6 \

But wait, you do - why the duplication?

> The patches are attached :
> 
> 
> I'll be very interesting in getting your patches and build file (.apt ?)
> to see how I differ from Debian ;)

Our build file is debian/rules, which is just a Makefile. By default,
the .PHONY target gets used to build a package.

I've attached my .diff.gz, I recommend you apply that with a -p1, and
have a poke around the debian/* directory - that's what I use for my
package building.

> To be quick I use :
> 
> /etc/httpd2/conf 

Re: cvs commit: httpd-2.0/modules/cache mod_file_cache.c

[Brian Pane]

Cliff Woolley wrote:

>On 21 Nov 2001 [EMAIL PROTECTED] wrote:
>
>>ianh01/11/21 09:01:42
>>
>>  Modified:modules/cache mod_file_cache.c
>>  Log:
>>  let mod_file_cache use the new apr_mmap_dup function
>>  Submitted by:   Brian Pane
>>
>
>Thanks... I was going to commit the apr_mmap_dup thing myself today, but I
>see you beat me to it.  I have a better idea on the mod_file_cache part, I
>think.  All we have to do is call apr_mmap_dup when we first set up the
>apr_mmap_t, and cache the dup'ed (non-owner) apr_mmap_t, not the original.
>We don't even need to keep a reference to the original one--we'll never
>use it.
>

I agree; doing the dup when we first mmap the file is better because
it will save us a dup per request.

--Brian

Re: cvs commit: httpd-2.0/modules/cache mod_file_cache.c

[Cliff Woolley]

On 21 Nov 2001 [EMAIL PROTECTED] wrote:

> ianh01/11/21 09:01:42
>
>   Modified:modules/cache mod_file_cache.c
>   Log:
>   let mod_file_cache use the new apr_mmap_dup function
>   Submitted by:   Brian Pane

Thanks... I was going to commit the apr_mmap_dup thing myself today, but I
see you beat me to it.  I have a better idea on the mod_file_cache part, I
think.  All we have to do is call apr_mmap_dup when we first set up the
apr_mmap_t, and cache the dup'ed (non-owner) apr_mmap_t, not the original.
We don't even need to keep a reference to the original one--we'll never
use it.

Sound reasonable?

--Cliff

RE: Problem with user autehntication

[Angus Marshall]

 -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

You can associate a handler (custom program) with the
directory or document types and get that to do the 
checking transparently (no need to code a reference to it
anywhere other than in the config or .htaccess file)

Take a look at the AddHandler / SetHandler directives.


- -Original Message-
From:   Chandramouli Kharidehal [SMTP:[EMAIL PROTECTED]]
Sent:   Thursday, November 22, 2001 9:20 AM
To: [EMAIL PROTECTED]
Subject:Problem with user autehntication 






  
Hi 
I am new to apache as part of project we are using apache as the
web server and i really love apache Open software 
I have some problem with user authentication 
As part of our project we have to provide user authentication
when the user clicks on the download link of a file 
   each user is  mapped to set of roles internally and based on these
roles we protect and give permissions to the directory I mean which
role has access to which directory 

   Now I want this functionality that whent the user clicks on a
download link in the page ( which is our project based page) 

  a  c code   should take the information from the HTTP header we
are writing user role :password to the header check  compare it with
our configuration file that resides in the web server and give access
to the documents 

  See the problem comes because we have multiple user roles so
when a user logs in and he has multiple roles 
 we write role1,role2;password . So the problem is  before the
user gets a chance to download the document i wan tto authorize
wheter he can really do it or not in a customised way can i do it in
Apache if so please expalin 

  Thanks 

Mouli 


  


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBO/zkL262pemBalSAEQJmQQCg78lU7pIV8j74O8C0k8BAGTXJEMsAn0H8
uQtPjQQsqbuxvcdgIBLPeiXv
=129+
-END PGP SIGNATURE-

Re: [PATCH] Makefile.in

[Ryan Bloom]

On Wednesday 21 November 2001 05:26 pm, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> So, is the patch a "-1" ?..

Not from me.  I think the patch is important, but there are other bugs there as
well.

Ryan

>
> -Madhu
>
> -Original Message-
> From: Cliff Woolley [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 21, 2001 12:02 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PATCH] Makefile.in
>
> On Tue, 20 Nov 2001, Aaron Bannert wrote:
> > > Especially with all the linkages, if mod_ssl is an so, you have the
>
> massive
>
> > > overhead of resolving all the libssl/libeay sorts of symbols just to
>
> load
>
> > > a module that's never used.  That is brokenness.
> >
> > I can agree with this (it takes noticably long to start the server
> > with mod_ssl loaded).
>
> I'd wager that a good deal of that time is spent waiting for enough
> entropy to be gathered to seed the PRNG, not just in dynamic linking.
>
> --Cliff
>
> --
>Cliff Woolley
>[EMAIL PROTECTED]
>Charlottesville, VA

-- 

__
Ryan Bloom  [EMAIL PROTECTED]
Covalent Technologies   [EMAIL PROTECTED]
--

Re: cvs commit: httpd-dist .htaccess

[Rodent of Unusual Size]

* On 2001-11-22 at 10:38,
  [EMAIL PROTECTED] <[EMAIL PROTECTED]> excited the electrons to say:
> 
>   DO NOT MAKE CHANGES ON THE LIVE SITE!!!

Some things have to be checked/tested in situ.  If the
admonition is to not leave uncommitted changes on the live
site, that's a +1.
-- 
#kenP-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist  http://Apache-Server.Com/

"All right everyone!  Step away from the glowing hamburger!"

RE: sorry,cannot connect to CVS in WinCVS

[Mladen Turk]

> -Original Message-
> From: Liu Wen [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, November 22, 2001 2:57 PM
> To: new-httpd
> Subject: sorry,cannot connect to CVS in WinCVS
> 
> 
> the following message is displayed :
> 
> CVSROOT: :pserver:[EMAIL PROTECTED]:/home/cvspublic 
> (password authentication) TCL is *not* available, shell is 
> disabled cvs login 
> (Logging in to [EMAIL PROTECTED])
> 
> *CVS exited normally with code 0*
> 
> do I need to configure other key points in preferences?
> 

Go to the Create->Checkout Module and type in httpd-2.0
After that checkout apr and apr-util.

MT.

sorry,cannot connect to CVS in WinCVS

[Liu Wen]

the following message is displayed :

CVSROOT: :pserver:[EMAIL PROTECTED]:/home/cvspublic (password authentication)
TCL is *not* available, shell is disabled
cvs login 
(Logging in to [EMAIL PROTECTED])

*CVS exited normally with code 0*

do I need to configure other key points in preferences?

Cheers
Liu

Problem with user autehntication

[Chandramouli Kharidehal]

Title:  Problem with user autehntication 










 
Hi
    I am new to apache as part of project we are using apache as the web server and i really love apache Open software
    I have some problem with user authentication 
    As part of our project we have to provide user authentication when the user clicks on the download link of a file 
   each user is  mapped to set of roles internally and based on these roles we protect and give permissions to the directory I mean which role has access to which directory 

   Now I want this functionality that whent the user clicks on a download link in the page ( which is our project based page) 

  a  c code   should take the information from the HTTP header we are writing user role :password to the header check  compare it with our configuration file that resides in the web server and give access to the documents 

  See the problem comes because we have multiple user roles so when a user logs in and he has multiple roles 
 we write role1,role2;password . So the problem is  before the user gets a chance to download the document i wan tto authorize wheter he can really do it or not in a customised way can i do it in Apache if so please expalin 

  Thanks 


Mouli