miniupnpd stale EXTIP

Miniupnpd comes with the script iptables_init.sh, which among other things adds an iptables rule:

#adding the rule to MINIUPNPD
$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD

Unfortunately, this rule isn’t replaced when the connection is dropped (and the router gets a new dynamic IP). OpenWRT does have a hotplug script:

[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && \
/etc/init.d/miniupnpd enabled && \
/etc/init.d/miniupnpd restart

Problem here is that /etc/init.d/miniupnpd enabled returns false! It’s a function defined in /etc/rc.common that checks for /etc/rc.d/S95miniupnpd. So the solution is:

ln -s /etc/init.d/miniupnpd ./S95miniupnpd

Realistically, the ipkg should come with this file (effectively enabling miniupnpd by default). A more robust solution would be to modify the hotplug script so that it restarts the daemon without the enabled check, and rely on the restart function not to start the daemon if it wasn’t already running.

PHP array references

Hit this one at work, where we use RHEL4’s PHP 4.3.9.

The online documentation doesn’t mention it any more, but there’s a history of PHP not dealing well with array references.

PHP segfaults. Unfortunately it’s quite hard to reproduce artificially; we don’t see the segfault until way after the reference was taken (presumably after the GC has done its rounds). It’s 100% reproducible in our program, but I’m still working on a minimal test case.

Apache 304s and mod_deflate

The deflate output filter in Apache breaks Apache’s handling of the HTTP cache validation model. It won’t send an HTTP 304 status if mod_deflate is actively filtering the response, even if the Etag and Last-Modified allow it to. I asked, and apparently this is a known issue. I might have to wait until after exams before making a patch for this one.

In its current state, this introduces a tradeoff for large, uncompressed static files (like CSS and Javascript):

  • gzip stuff, and you improve site performance the first time someone visits, but it never gets any faster.
  • allow Apache to send 304 statuses, let the user have a slow load on their first visit, but celebrate as they hit their cache thereafter

The second option looks more attractive.