Installing and Demonstrating LACS version 0.1:
A Linux Application-level Content Switch
This web page contains the installation procedure,
a demo script
.
Install Openssl
Fetch and extract the distribution of OpenSSL
Build OpenSSL
- cd openssl-0.9.6b
- ./config
- make
- cd ..
Install SSL Proxy for Content Swtich
Download Dynamic forking and Pre-Forked versions of SSL and NON-SSL
from http://archie.uccs.edu/~acsd/lcs03/lacs.tar.gz
INSTALL
- tar -xvzf lacs.tar.gz
- cd lacs
dyna_proxy.c Dynamic
forking version of NON-SSL Proxy for Linux Application-Level Content Switch
dyna_sslproxy.c Dynamic forking version
of SSL Proxy for Linux Application-Level Content Switch
prefork_sslproxy.c Pre-forking version of SSL Proxy
for Linux Application-Level Content Switch
prefork_proxy.c Pre-forking version
of NON--SSL Proxy for Linux Application-Level Content Switch
Configure SSL Proxy for Content Swtich
This is the configuration section u find in the Preforked Version of
SSL Proxy. The Editable section in Dynamic forking versions of SSL
and NON-SSL Proxy Server
is similar but they may not be the same.
/********************* EDITABLE SECTION ********************/
#define CLIENT_TIMEOUT
30
/* time in seconds before
we can reject a connection if we are receving no information */
#define SERVER_ROOT
"/home/gkgodava/project/openssl-0.9.6b/apps"
/* location where the source file is existing */
#define LOG_FILE
"log/ssl.log"
/* location where the log file is existing with respect to SERVER_ROOT
*/
#define SESS_FILE
"cache/scache"
/* location for
where the session file is located with respect to SERVER_ROOT */
#define SERVER_IP
0x80c63c16
/* IP address in hexadecimal notation
*/
#define SERVER_NAME
"oblib.uccs.edu"
/* Web
Proxy Name */
#define CA_FILE
"testssl/CA/cacert.pem"
/* location of the Certification Authority file with respect to SERVER_ROOT
*/
#define CA_PATH
"testssl/CA"
/* location
where the Certification Authority directory with respect to SERVER_ROOT
*/
#define KEY_FILE
"testssl/private/private.key"
/* location of the
private key file with respect to SERVER_ROOT */
#define CERT_FILE
"testssl/cert/newcert.pem"
/* location of
the certificate file with respect to SERVER_ROOT */
#define RAND_FILE
"testssl/random/random.pem"
/* random is a junk file that contains any data--ensure it is not repeated*/
#define SSL_SESSION_CACHE_TIMEOUT 300
/* time in seconds before we can renegotiate a new
connection with respect to SERVER_ROOT */
#define STICKY_SIZE
20
/* allocation for maximum # of the sticky connection
*/
/*
** it does this by periodically checking how many servers are waiting
** for a request. If there are fewer than MinSpareServers, it
creates
** a new spare. If there are more than MaxSpareServers, some
of the
** spares die off.
**
*/
#define MinSpareServers 2
#define MaxSpareServers 5
/*
** Number of servers to start initially --- should be a reasonable
ballpark
** figure.
*/
#define StartServers 5
/*
** Limit on total number of servers running, i.e., limit on the number
** of clients who can simultaneously connect --- if this limit is ever
** reached, clients will be LOCKED OUT, so it should NOT BE SET TOO
LOW.
** It is intended mainly as a brake to keep a runaway server from taking
** the system with it as it spirals down...
*/
#define MaxClients 25
/*
** MaxRequestsPerChild: the number of requests each child process is
** allowed to process before the child dies. The child will exit
so
** as to avoid problems after prolonged use
**
*/
#define MaxRequestsPerChild 50
/*
** Listen: Allows you to bind to a specific Ports
*/
#define SERVER_PORT
443
/*****************End of Editable Section************/
Compile
Inorder to compile u need the ssl, crypto, dbm libraries.
if u are using Redhat Linux 7.2, replace ndbm with gdbm, u should
not face a problem
u can download the makefile from
http://archie.uccs.edu/~acsd/lcs03/Makefile
#
# This is a simple make file written by Ganesh Godavari
# if u have any problems with this Makefile please contact gkgodava@archie.uccs.edu
#
CC:= gcc
INCLUDES= -I./.
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
LDLIBS=-lssl -lcrypto -lndbm
all: prefork_proxy dyna_sslproxy prefork_sslproxy dyna_proxy
prefork_proxy: prefork_proxy.c
$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS)
dyna_sslproxy: dyna_sslproxy.c
$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS)
prefork_sslproxy: prefork_sslproxy.c
$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS)
dyna_proxy: dyna_proxy.c
$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak *.exe dyna_sslproxy dyna_proxy prefork_proxy prefork_sslproxy
Configure LCS routing rules
currently the rules are specified in a function called rule_configure.
once u make changes to the rules in the rule_configure function, u need
to recompile and execute the executable
Demo
- The rules specified in DemoRules are
if (strstr(url,"cs522") != NULL)
{
return route_to("frodo.uccs.edu",NON_STICKY,saddr);
}
if (strstr(url,"cs301") != NULL)
{
return route_to("eca.uccs.edu",NON_STICKY,saddr);
}
if(strstr(url,"cs") != NULL) {
return route_to("frodo.uccs.edu",NON_STICKY,saddr);
}
if (strstr(url,"keepalive") != NULL)
{
return route_to("eca.uccs.edu",NON_STICKY,saddr);
}
if (saddr == 0x80c6a2d9){
return route_to("eca.uccs.edu",NON_STICKY,saddr);
}
if ((atoi(rule_fields[1].value) >
0) && (atoi(rule_fields[1].value) <50000)){
return route_to("frodo.uccs.edu",NON_STICKY,saddr);
}
if (atoi(rule_fields[1].value) >
50000) {
return route_to("eca.uccs.edu",NON_STICKY,saddr);
}
if (strstr(url,"lcs1") != NULL) {
return route_to("frodo.uccs.edu",NON_STICKY,saddr);
}
if (strstr(url,"lcs2") != NULL) {
return route_to("eca.uccs.edu",NON_STICKY,saddr);
}
return route_to("frodo.uccs.edu",NON_STICKY,saddr);
where rule_fields is an array whose values are
populated on receiving the request
,
definition of rule_fields looks like this
struct ip_vs_cb_rule_field rule_fields[]
=
{
{"purchase:1.totalAmount:1.", ""
},
{"purchase:1.subTotal:1.", "" },
{"purchase:1.subTotal:2.", "" },
{"purchase:1.unitPrice:2.", "" }
};
- For demonstrating the routing based on XML document, there is a
web page that contain form for submitting the XML document to content switch.
- cd /home/httpd/html
- then download the web page from
http://archie.uccs.edu/~acsd/lcs03/xmldemo.htm
- Edit the xmldemo.html by replacing
<form method="POST" action="http://viva.uccs.edu/cgi-bin/cs622/purchase.pl">
with
<form method="POST" action="http://<your content switch
domain name>/cgi-bin/purchase.pl"> - purchase.pl
is a simple CGI perl script for replying the xml request.
#!/usr/bin/perl
use CGI qw(:standard);
$title = 'This is ace.ucs.edu. Thanks for Purchasing On-line with snoopy.com.
';
print header("text/html"),
start_html(-title=>, $title),
h1($title),
hr,
"<h1>Thanks for Using XML</h1>";
print end_html;
- In the "$titile=" line, replace eca.uccs.edu with the name of
your real server machine
- You can download it form
http://archie.uccs.edu/~acsd/lcs/cgi/purchase.pl
- You may create cs522 and cs301 subdirectory in the web document
directory (typically it is /home/httpd/html on Redhat6.2 and /var/www/html
on Redhat7.0) and create default index.html web page with <title>
or head line that clearly identify the real server that submits the
web page.
Routing based on XML content
save the webpage on your local machine
make changes to the webpage submit button and to the links so that
request is going to be routed to the server where you have installed the
above Proxy server
- If we use the DefaultRules rule set, it will be routed to
eca
- If you change the value of the first subTotal tag to a value
less than 50000 and greater than 0. it will be routed to frodo.
Routing based on url pattern
- type http://<weberserver>/~cs522/
to see if it routes to frodo. The browser window will show
"This is http://frodo.uccs.edu/~cs522/index.html
".
- type http://<weberserver>
/~cs301/
to see if it routes to eca The browser window will show
" This is http://eca.uccs.edu/~cs301/index.html
".
- replace viva.uccs.edu with your content switch domain name.
Sticky connection
- Always route requests from a machine to a specific server.
fot example a Rule like
R1: if(saddr==0x80c6a2d9) {
return (route_to("ace",STICKY, saddr));
}
causes any further request from the browser to be served by
a particular server.
Things to Do
- make the Preforked and Dynamic forking Versions of SSL and NON-SSL
robust
- Ensure that Keep Alive Sessions are Handled
- seperate the rule matching code from the other pieces of code,
so that rules can be changed dynamically without having to bring down the
system
- seperate the Editable Section from the other pieces of code
Known Bugs
- <to be completed>
Related Literature
Feedback
- Please email your feedback to chow@cs.uccs.edu.
- We will try to respond as quick as we can.