Installing and Demonstrating LACS version 0.1:
A Linux Application-level Content Switch

This web page contains the installation procedure, a demo script .

Install Openssl

Fetch and extract the distribution of OpenSSL
Build OpenSSL

Install SSL Proxy for Content Swtich

Download Dynamic forking and Pre-Forked versions of SSL and NON-SSL from http://archie.uccs.edu/~acsd/lcs03/lacs.tar.gz
 INSTALL
dyna_proxy.c            Dynamic forking version of NON-SSL Proxy for Linux Application-Level Content Switch
dyna_sslproxy.c        Dynamic forking version of SSL Proxy for Linux Application-Level Content Switch
prefork_sslproxy.c    Pre-forking version of SSL Proxy for Linux Application-Level Content Switch
prefork_proxy.c        Pre-forking version of NON--SSL Proxy for Linux Application-Level Content Switch

 

Configure SSL Proxy for Content Swtich

This is the configuration section u find in the Preforked Version of  SSL Proxy. The Editable section in Dynamic forking versions of SSL and NON-SSL Proxy Server
is similar but they may not be the same.

/********************* EDITABLE SECTION ********************/
#define CLIENT_TIMEOUT               30                                                                        /* time in seconds before we can reject a connection if we are receving no information */ 
#define SERVER_ROOT                    "/home/gkgodava/project/openssl-0.9.6b/apps"      /* location where the source file is existing */
#define LOG_FILE                             "log/ssl.log"                                                            /* location where the log file is existing with respect to SERVER_ROOT */
#define SESS_FILE                            "cache/scache"                                                        /* location for where the session file is located with respect to SERVER_ROOT */
#define SERVER_IP                           0x80c63c16                                                           /* IP address in hexadecimal notation */
#define SERVER_NAME                   "oblib.uccs.edu"                                                      /* Web Proxy Name */
#define CA_FILE                               "testssl/CA/cacert.pem"                                           /* location of the Certification Authority file with respect to SERVER_ROOT */
#define CA_PATH                             "testssl/CA"                                                             /* location where the Certification Authority directory with respect to SERVER_ROOT */
#define KEY_FILE                            "testssl/private/private.key"                                       /* location of the private key file with respect to SERVER_ROOT */
#define CERT_FILE                           "testssl/cert/newcert.pem"                                         /* location of the certificate file with respect to SERVER_ROOT */
#define RAND_FILE                          "testssl/random/random.pem"                                  /* random is a junk file that contains any data--ensure it is not repeated*/
#define SSL_SESSION_CACHE_TIMEOUT     300                                                        /* time in seconds before we can renegotiate a new connection with respect to SERVER_ROOT */ 
#define STICKY_SIZE                        20                                                                          /* allocation for maximum # of the sticky connection */

/*
** it does this by periodically checking how many servers are waiting
** for a request.  If there are fewer than MinSpareServers, it creates
** a new spare.  If there are more than MaxSpareServers, some of the
** spares die off.
**
*/
#define MinSpareServers 2
#define MaxSpareServers 5

/*
** Number of servers to start initially --- should be a reasonable ballpark
** figure.
*/
#define StartServers 5

/*
** Limit on total number of servers running, i.e., limit on the number
** of clients who can simultaneously connect --- if this limit is ever
** reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
** It is intended mainly as a brake to keep a runaway server from taking
** the system with it as it spirals down...
*/
#define MaxClients 25

/*
** MaxRequestsPerChild: the number of requests each child process is
** allowed to process before the child dies.  The child will exit so
** as to avoid problems after prolonged use
**
*/
#define MaxRequestsPerChild 50

/*
** Listen: Allows you to bind to a specific  Ports
*/
#define SERVER_PORT             443


/*****************End of Editable Section************/

Compile

Inorder to compile u need the ssl, crypto, dbm libraries.
if u are using Redhat Linux 7.2, replace ndbm with gdbm, u should not face a problem
u can download the makefile from http://archie.uccs.edu/~acsd/lcs03/Makefile 
#
# This is a simple make file written by Ganesh Godavari 
# if u have any problems with this Makefile please contact gkgodava@archie.uccs.edu
#

CC:=		gcc
INCLUDES=	-I./.

CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)

LDLIBS=-lssl -lcrypto -lndbm

all:	prefork_proxy dyna_sslproxy prefork_sslproxy dyna_proxy

prefork_proxy:		prefork_proxy.c
	$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS) 

dyna_sslproxy:		dyna_sslproxy.c
	$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS) 

prefork_sslproxy:	prefork_sslproxy.c 
	$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS) 

dyna_proxy:		dyna_proxy.c 
	$(CC) $(INCLUDES) $(CFLAG) -o $@ $< -L../ $(LDLIBS) 
clean:
	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak *.exe dyna_sslproxy dyna_proxy prefork_proxy prefork_sslproxy

Configure LCS routing rules

currently the rules are specified in a function called rule_configure. once u make changes to the rules in the rule_configure function, u need to recompile and execute the executable

Demo

        if (strstr(url,"cs522") != NULL) {   
            return route_to("frodo.uccs.edu",NON_STICKY,saddr);
        }   

        if (strstr(url,"cs301") != NULL) {
           return route_to("eca.uccs.edu",NON_STICKY,saddr);
        }

        if(strstr(url,"cs") != NULL) {
           return route_to("frodo.uccs.edu",NON_STICKY,saddr);
        }

        if (strstr(url,"keepalive") != NULL) {
           return route_to("eca.uccs.edu",NON_STICKY,saddr);
        }
       
        if (saddr == 0x80c6a2d9){
           return route_to("eca.uccs.edu",NON_STICKY,saddr);
        }
       
        if ((atoi(rule_fields[1].value) > 0) && (atoi(rule_fields[1].value) <50000)){
          return route_to("frodo.uccs.edu",NON_STICKY,saddr);
        }
       
        if (atoi(rule_fields[1].value) > 50000) {
           return route_to("eca.uccs.edu",NON_STICKY,saddr);
        }
       
        if (strstr(url,"lcs1") != NULL) {
           return route_to("frodo.uccs.edu",NON_STICKY,saddr);
        }
       
        if (strstr(url,"lcs2") != NULL) {
           return route_to("eca.uccs.edu",NON_STICKY,saddr);
        }
   
        return route_to("frodo.uccs.edu",NON_STICKY,saddr);

    where rule_fields is an array whose values are populated on receiving the request
,
     definition of rule_fields looks like this
       struct ip_vs_cb_rule_field rule_fields[] =
        {
        {"purchase:1.totalAmount:1.", "" },
        {"purchase:1.subTotal:1.", "" },
        {"purchase:1.subTotal:2.", "" },
        {"purchase:1.unitPrice:2.", "" }
        };

Routing based on XML content

         save the webpage on your local machine make changes to the webpage submit button and to the links  so that request is going to be routed to the server where you have installed the above Proxy server

Routing based on url pattern

Sticky connection

R1: if(saddr==0x80c6a2d9) {
return (route_to("ace",STICKY, saddr)); }

causes any further request from the browser to be served by a particular server.

Things to Do

Known Bugs

  1. <to be completed>

Related Literature

Feedback