Phase for controlling network input?
I'm hoping this is possible with mod_perl, since I'm already familiar with it and fairly allergic to c, but can't seem to figure out the right phase. I've been seeing log files recently that point to a certain DDOS attack brewing on apache servers. I want to write a module that keeps a timer for the interval from when the apache child gets a network connection to when the client request has been sent. I need a trigger when a network connection is established and a trigger when apache thinks it has received the request (before the response). PerlChildInitHandler seems too early, since the child may be a pre-forked child without a connection. PerlPostReadRequest seems too late since I can't be guaranteed of being called if the request isn't complete, which is the problem I'm trying to solve. I could clear a flag in PerlPostReadRequest, but that would imply something is persisting from before that would be able to read the flag. Maybe I'm think about this all wrong. Any suggestions? Thanks, -Bill
Backticks as fast as XS
Robin Berjon thought I should post this as a heads-up to anyone thinking what I thought: XS or pure perl code will always be faster than backticks or system() calls. Wrong. I spent some time converting some of our backtick programs to XS code here, and the result was absolutely zero difference in performance. I posted to c.l.p.moderated about this. The thread is here: http://groups.google.com/groups?hl=enframe=rightth=1cbfb00db194a925seekm= eb3031b9.0109100209.7c85168%40posting.google.com#link1 The OS was Linux (tested on kernel's 2.2 and 2.4). I think it's probably fairly OS dependant, but I figure most people are on linux. Matt. _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service.
Re: Phase for controlling network input?
I'm not sure that any mod_perl handlers are dispatched until the whole request is received, so you may have to deal with this at the core Apache level. I think the following is your best bet (from http://httpd.apache.org/docs/mod/core.html#timeout ) TimeOut directive Syntax: TimeOut number Default: TimeOut 300 Context: server config Status: core The TimeOut directive currently defines the amount of time Apache will wait for three things: 1.The total amount of time it takes to receive a GET request. 2.The amount of time between receipt of TCP packets on a POST or PUT request. 3.The amount of time between ACKs on transmissions of TCP packets in responses. We plan on making these separately configurable at some point down the road. The timer used to default to 1200 before 1.2, but has been lowered to 300 which is still far more than necessary in most situations. It is not set any lower by default because there may still be odd places in the code where the timer is not reset when a packet is sent. We've experienced this kind of attack inadvertently (as the result of a totally misconfigured HTTP client app which froze in the middle of sending an HTTP request ;=) but I wasn't aware that there were known attacks based on that. -Simon At 11:09 AM 9/26/2001, Bill McGonigle wrote: I'm hoping this is possible with mod_perl, since I'm already familiar with it and fairly allergic to c, but can't seem to figure out the right phase. I've been seeing log files recently that point to a certain DDOS attack brewing on apache servers. I want to write a module that keeps a timer for the interval from when the apache child gets a network connection to when the client request has been sent. I need a trigger when a network connection is established and a trigger when apache thinks it has received the request (before the response). PerlChildInitHandler seems too early, since the child may be a pre-forked child without a connection. PerlPostReadRequest seems too late since I can't be guaranteed of being called if the request isn't complete, which is the problem I'm trying to solve. I could clear a flag in PerlPostReadRequest, but that would imply something is persisting from before that would be able to read the flag. Maybe I'm think about this all wrong. Any suggestions? Thanks, -Bill - Simon Rosenthal ([EMAIL PROTECTED]) Web Systems Architect Northern Light Technology One Athenaeum Street. Suite 1700, Cambridge, MA 02142 Phone: (617)621-5296: URL: http://www.northernlight.com Northern Light - Just what you've been searching for
Re: Can't locate object method module via package Apache
[CC'ing mod_perl list]
Jason Shaw wrote:
Hi, I found the archive below, and am having the same problem. Mine
occurs whenever I try to start Apache. I just want to know where I
would put that fix that you posted below? Should I edit the DBI.pm
file, or somewhere in my configuration script for apache?
thanks for your time and any help that can be given,
-jason shaw.
http://hcst.com
On Thu, 21 Jun 2001, Surat Singh Bhati wrote:
I am getting the following error in my strartup.pl
perl -cx startup.pl
Can't locate object method module via package Apache at
/usr/local/lib/perl5
/site_perl/5.6.0/Apache/DBI.pm line 202.
Compilation failed in require at startup.pl line 11.
Line 11 of startup.pl
11 use Apache::DBI();
Line 202 of DBI.pm
202 ) if ($INC{'Apache.pm'} and Apache-module('Apache::Status'));
Can you pelase tell me the possible cause of this error.
Apache::DBI is up to date as perl CPAN.
this is fine. You are not running in mod_perl environment. A possible
remedy is to:
if ($ENV{MOD_PERL}){
# put all the staff that requires mod_perl in here
# e.g. Apache::DBI
}
This is not a fix, this just makes sure that you don't attempt to run
mod_perl modules if you haven't configured mod_perl.
This checking is placed into startup.pl. That's the file that you
PerlRequire from httpd.conf.
Another simpler approach is to put the following at the top of the
startup.pl file:
die no mod_perl :( unless $ENV{MOD_PERL};
You problem is that you probably haven't configured Apache to run
mod_perl or you may even not installed the mod_perl at all. The mod_perl
guide features a section with 1001 ways to check that mod_perl is
running. See the ttp://perl.apache.org/guide/install.html chapter
Hope this clear this issue.
_
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Authentication
I am new with Perl and particularly mod_perl. I am trying to setup web authentication with the expiration period based on inactivity. Is there an easy to use already written module with documentation? If so, could someone please point me in the right direction. Thanks, Ray
RE: Backticks as fast as XS
-Original Message- From: Doug MacEachern [mailto:[EMAIL PROTECTED]] On Wed, 26 Sep 2001, Matt Sergeant wrote: Robin Berjon thought I should post this as a heads-up to anyone thinking what I thought: XS or pure perl code will always be faster than backticks or system() calls. Wrong. matt your benchmark is severly flawed. for starters, your xs and external program do not do the same thing. your xs has the overhead of sv_catpv. As does backticks, surely? If you can tell me a way to make the code faster, damn I'll do it as we have a *lot* of emails to process :-) and who knows what else. Nothing else. I detailed this in the thread. if you want proof that there is overhead using backticks, compare the difference of calling an xsub that does _nothing_ vs. a backticked program that does _nothing_. That's not really what I was trying to say. Add some actual code to your test, and some printf's (and sv code to the XS) and the differences diminish fairly rapidly. I was trying to say don't make the _assumption_ that XS or pure Perl code will be faster. For example, I think a lot of people should re-evalute their fears of system calls to sendmail, especially where sendmail is qmail's implementation :-) [unfortunately this is one area not many people are willing to test, as they don't want to end up sending real emails, and a failed address path may be much quicker than a real one] There's also benefits of automatic cleanup with system calls, whereas XS can easily leak memory or leave files open (especially if it's not an external library - there's a lot of crap C coders around, and I include myself in that list :-). I just think it's something that needs less of a blanket statement. Matt. _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service.
Re: Backticks as fast as XS
On Wed, 26 Sep 2001, Matt Sergeant wrote:
Robin Berjon thought I should post this as a heads-up to anyone thinking
what I thought: XS or pure perl code will always be faster than backticks
or system() calls.
Wrong.
matt your benchmark is severly flawed. for starters, your xs and
external program do not do the same thing. your xs has the overhead of
sv_catpv. and who knows what else. if you want proof that there
is overhead using backticks, compare the difference of calling an
xsub that does _nothing_ vs. a backticked program that does _nothing_.
test.c:
int main(int argc, char **argv, char **env)
{
return 1;
}
TickTest.xs:
#include EXTERN.h
#include perl.h
#include XSUB.h
MODULE = TickTest PACKAGE = TickTest
void
foo()
CODE:
test.pl:
use blib;
use TickTest ();
use Benchmark;
timethese(100_000, {
backtick = sub { `./test` },
xs = sub { TickTest::foo() },
});
results:
Benchmark: timing 10 iterations of backtick, xs...
backtick: 292 wallclock secs (18.68 usr 43.93 sys + 142.43 cusr 84.00 csys = 289.04
CPU) @ 1597.19/s (n=10)
xs: -1 wallclock secs ( 0.25 usr + 0.00 sys = 0.25 CPU) @ 40.00/s
(n=10)
(warning: too few iterations for a reliable count)
Restricting cpu time for mod_perl scripts? AND Reevaluating perl scripts under mod_perl.
Hi
I am currently using Apache::Resource to limit the maximum amount of ram
the apache childs are allowed to use.
However, I can't really use PERL_RLIMIT_CPU because it is kind of pointless
to kill every apache child that reaches
this limit. I need a way to restrict cpu time on a per script or per run
basis. But I am not sure if this is possible as
far as I understand the mod_perl layout.
Anybody did this? Or any suggestions?
My second problem is related to this one. How can I add perlcode via
httpd.conf (PerlModule, ...) which is
reevaluated at EVERY request? I am thinking about adding some own perl code
which sets an alarm an
checks every now an than how much cpu time the currently running perl
script allready got (by substracting
the value of consumed cpu time at the start of the script from the current
value) and execute a die() when
a certain maximum is reached. In theorie (if there are no mod_perl related
problems with this, the user doesn't
use the alarm function in his scripts and doesn't specify any handlers for
the die signal) this could work.
Some other probleme here. How do I tell mod_perl to execute abc.pl inside
the current scope but without
saving the compiled code or any variables? I could do a system(abc.pl);
but that wouldn't allow me access to
the variables I need. A simple require abc.pl works but mod_perl then
caches everything in ram.
I thought maybe an eval { require abc.pl }; would do it but it seems to be
exactly the same as without the eval.
Is there a way to do this?
Example problem:
test.pl
...
$somepackage::somevar = 1;
...
system(abc.pl); #doesn't cache it but doesn't allow accessing the
var either
#OR
require abc.pl #caches and bloats the apache process but allows
accessing the var
#OR
eval {
require abc.pl;
}; #exactly the same as withoit eval
#OR
#what did I miss?
...
abc.pl
...
if ($somepackage::somevar == 1) {
...
Thanks!
BYe!
EXP
3DWARS.de - Your resource for 3Dimensional Warfare
http://www.3DWARS.de
PS: Big Brother IS Watching You!
RE: Backticks as fast as XS
On Wed, 26 Sep 2001, Matt Sergeant wrote:
As does backticks, surely? If you can tell me a way to make the code faster,
damn I'll do it as we have a *lot* of emails to process :-)
maybe, i don't know in what way your code uses sv_catpv.
and who knows what else.
Nothing else. I detailed this in the thread.
yeahbut, i have not seen the code.
That's not really what I was trying to say. Add some actual code to your
test, and some printf's (and sv code to the XS) and the differences diminish
fairly rapidly.
right, that's the flaw, you're benchmarking fprintf vs sv_catpv
I was trying to say don't make the _assumption_ that XS or pure Perl code
will be faster.
and what i'm trying to say is that if both the xs code and external
program are doing the same thing, xs will be heaps faster than backticking
a program. your xsub and external program are not doing the same thing.
i'm guessing part of the difference in your code is due to fprintf having
a pre-allocated buffer, whereas the SV's SvPVX has not been pre-allocated
and gets realloc-ed each time you call sv_catpv. have a look at the code
below, fprintf is faster than sv_catpvn, but if the SvPVX is preallocated,
sv_catpvn becomes faster than fprintf:
timethese(1_000, {
fprintf = sub { TickTest::fprintf() },
svcat = sub { TickTest::svcat() },
svcat_pre = sub { TickTest::svcat_pre() },
});
Benchmark: timing 1000 iterations of fprintf, svcat, svcat_pre...
fprintf: 9 wallclock secs ( 8.72 usr + 0.00 sys = 8.72 CPU) @ 114.68/s (n=1000)
svcat: 13 wallclock secs (12.82 usr + 0.00 sys = 12.82 CPU) @ 78.00/s (n=1000)
svcat_pre: 2 wallclock secs ( 2.75 usr + 0.00 sys = 2.75 CPU) @ 363.64/s (n=1000)
#include EXTERN.h
#include perl.h
#include XSUB.h
static FILE *devnull;
MODULE = TickTest PACKAGE = TickTest
BOOT:
devnull = fopen(/dev/null, w);
void
fprintf()
CODE:
{
int i;
char buffer[8292];
for (i=0; isizeof(buffer); i++) {
fprintf(devnull, a);
}
}
void
svcat()
CODE:
{
int i;
char buffer[8292];
SV *sv = newSV(0);
for (i=0; isizeof(buffer); i++) {
sv_catpvn(sv, a, 1);
}
SvREFCNT_dec(sv);
}
void
svcat_pre()
CODE:
{
int i;
char buffer[8292];
SV *sv = newSV(sizeof(buffer)+1);
for (i=0; isizeof(buffer); i++) {
sv_catpvn(sv, a, 1);
}
SvREFCNT_dec(sv);
}
Perl Scripting help
I am writing a script at the moment which among others things creates another process using the system call. What I need to do is capture the screen output of this process into a string variable so that it can latter be manipulaterd. ie. capture the STDOUT. Any help, suggestions or sample code would be appreciated. Thanks, Matthew
Re: Perl Scripting help
You'll need to use the backticks instead of the system call. $output = `command`; To get each line of the output, you'll need to split off of \n. -Ray Graham
Re: Perl Scripting help
On Thu, 27 Sep 2001, Matthew Blacklow wrote: Date: Thu, 27 Sep 2001 09:22:41 +1000 From: Matthew Blacklow [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Perl Scripting help I am writing a script at the moment which among others things creates another process using the system call. What I need to do is capture the screen output of this process into a string variable so that it can latter be manipulaterd. ie. capture the STDOUT. Any help, suggestions or sample code would be appreciated. Thanks, Matthew Matthew, This isn't the right forum for general Perl help. Generally speaking, you should only post mod_perl-specific questions. If your question is how best to capture STDOUT from an external program from within a mod_perl program, then I might suggest you examine something like Apache::SubProcess or just search The Guide (http://perl.apache.org/guide) or use Google to search the web for your answer -- all of which is not to say that you couldn't just backtick your program and capture the output in a scalar. There's lots of information on this. `perldoc perlop` and look for backtick, or, again, use Google to look for your answer. Or consider posting your question to an audience who will be more likely to answer your question, like comp.lang.perl.misc. ky
problems building mod_perl with apache: cannot find -lperl
Hi, I hope this is the right list. I can't seem to build apache with mod_perl. Is it just me? I must be dumm, or just a newbie. I eventually want ssl, php4, etc., but after problems developed, I went back to basics. I'm using apache_1.3.20 and mod_perl-1.25 from tarballs. I'm running debian. Any help advice muchly appreciated, thanks in advance. Here's the latest attempt: # perl Makefile.PL and then I've got errors: Error Output for sanity check cd ..; gcc -DLINUX=22 -DUSE_HSREGEX -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DMOD_PERL -o helpers/dummy helpers/dummy.c `perl /usr/local/src/mod_perl-1.25/src/modules/perl/ldopts ` -lm /usr/bin/ld: cannot find -lperl collect2: ld returned 1 exit status make: *** [dummy] Error 1 = End of Error Report = Aborting! output of perl -V: Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration: Platform: osname=linux, osvers=2.4.5-ac9, archname=i386-linux uname='linux duende 2.4.5-ac9 #1 thu jun 21 00:52:39 est 2001 i686 unknown ' config_args='-Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.6.1 -Darchlib=/usr/lib/perl/5.6.1 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.6.1 -Dsitearch=/usr/local/lib/perl/5.6.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Dotherlibdirs=/usr/lib/perl5/5.6:/usr/lib/perl5/5.005 -Duseshrplib -Dlibperl=libperl.so.5.6.1 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef Compiler: cc='cc', ccflags ='-DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2', cppflags='-DDEBIAN -fno-strict-aliasing -I/usr/local/include' ccversion='', gccversion='2.95.4 20010604 (Debian prerelease)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, usemymalloc=n, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lgdbm -ldbm -ldb -ldl -lm -lc -lcrypt perllibs=-ldl -lm -lc -lcrypt libc=/lib/libc-2.2.3.so, so=so, useshrplib=true, libperl=libperl.so.5.6.1 Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: USE_LARGE_FILES Built under linux Compiled at Jun 22 2001 18:52:37 @INC: /usr/local/lib/perl/5.6.1 /usr/local/share/perl/5.6.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.6.1 /usr/share/perl/5.6.1 /usr/local/lib/site_perl/i386-linux /usr/local/lib/site_perl /usr/lib/perl5/5.6 /usr/lib/perl5/5.005/i386-linux /usr/lib/perl5/5.005
Re: problems building mod_perl with apache: cannot find -lperl
On Wed, Sep 26, 2001 at 05:39:26PM -0700, [EMAIL PROTECTED] wrote: Hi, I hope this is the right list. I can't seem to build apache with mod_perl. Is it just me? I must be dumm, or just a newbie. I eventually want ssl, php4, etc., but after problems developed, I went back to basics. I'm using apache_1.3.20 and mod_perl-1.25 from tarballs. I'm running debian. Any help advice muchly appreciated, thanks in advance. Here's the latest attempt: # perl Makefile.PL and then I've got errors: Error Output for sanity check cd ..; gcc -DLINUX=22 -DUSE_HSREGEX -DUSE_EXPAT -I./lib/expat-lite -DNO_DL_NEEDED -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DMOD_PERL -o helpers/dummy helpers/dummy.c `perl /usr/local/src/mod_perl-1.25/src/modules/perl/ldopts ` -lm /usr/bin/ld: cannot find -lperl collect2: ld returned 1 exit status make: *** [dummy] Error 1 = End of Error Report = apt-get install libperl5.6 libperl-dev -- Thomas Eibner http://thomas.eibner.dk/ DnsZone http://dnszone.org/ mod_pointer http://stderr.net/mod_pointer
Re: Perl Scripting help
On Thu, Sep 27, 2001 at 09:22:41AM +1000, Matthew Blacklow wrote: I am writing a script at the moment which among others things creates another process using the system call. What I need to do is capture the screen output of this process into a string variable so that it can latter be manipulaterd. ie. capture the STDOUT. This isn't the right forum for this, really, but assuming you mean STDOUT/STDERR, consider this: http://www.cpan.org/authors/id/R/RE/REICHERT/System2-0.81.tar.gz Any help, suggestions or sample code would be appreciated. Thanks, Matthew -- Brian 'you Bastard' Reichert[EMAIL PROTECTED] 37 Crystal Ave. #303Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path
Re: Authentication
Ray and Lara Recendez wrote: I am new with Perl and particularly mod_perl. I am trying to setup web authentication with the expiration period based on inactivity. Is there an easy to use already written module with documentation? If so, could someone please point me in the right direction. Thanks, Ray id suggest looking at the Apache::Auth* modules i use the Apache::AuthCookie but some of the other ones might be handier for you
LaBrea
Something to keep Code Red probes busy ?? http://www.hackbusters.net/LaBrea/
cvs commit: modperl-site sites.html
stas01/09/26 10:01:24 Modified:.sites.html Log: - adding citysearch.com to the list of success sites - correcting some details for singleaheaven.com Revision ChangesPath 1.18 +13 -6 modperl-site/sites.html Index: sites.html === RCS file: /home/cvs/modperl-site/sites.html,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- sites.html2000/12/21 16:01:02 1.17 +++ sites.html2001/09/26 17:01:24 1.18 @@ -101,7 +101,15 @@ (and transmission time to the users) small. p +A HREF=http://www.citysearch.com/;CitySearch.com/A -- is +providing online city guides for more than 100 cities worldwide, +citysearch.com helps people find and plan what they want to do and +then lets them take action, offering local transactions such as buying +event tickets and making hotel and restaurant reservations online. Its +traffic exceeds 100,000,000 page views a month. Of course it's running +under mod_perl. + A HREF=http://perlmonth.com;PerlMonth/A is a site completely driven by mod_perl/mySQL. Every article is stored in the database. When a user makes a request, a module we wrote parses the uri and dynamically creates @@ -113,12 +121,11 @@ A HREF=http://singlesheaven.com;singlesheaven.com/A is a match maker site, that is written completely in Perl and is being driven by -mod_perl and mysql. Each request comprise a big number of Database -queries which makes the site very interactive. It even includes a Java -applet as a client side chat service, while the server side is driven -by the same mod_perl. The service runs under -CODEApache::Registry/CODE module which makes it super fast. The -site is written and maintaned by BStas Bekman/B. +Apache/mod_perl and mysql. Each request comprises a big number of +database queries to make the site very interactive, and it's still +very fast under mod_perl. The service runs under +CODEApache::Registry/CODE module. The site is written and +maintained by BStas Bekman/B. p a href=http://www.filepile.com/;filepile.com/a is an archive of
cvs commit: modperl-2.0/todo missing_old_features.txt
stas01/09/26 01:15:32 Modified:todo missing_old_features.txt Log: - log the missing env MOD_PERL_TRACE support Revision ChangesPath 1.6 +2 -0 modperl-2.0/todo/missing_old_features.txt Index: missing_old_features.txt === RCS file: /home/cvs/modperl-2.0/todo/missing_old_features.txt,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- missing_old_features.txt 2001/09/16 00:58:22 1.5 +++ missing_old_features.txt 2001/09/26 08:15:32 1.6 @@ -28,6 +28,8 @@ - die 404; +- env MOD_PERL_TRACE support + - ... others ... core modules:
