I'm happy to announce version 0.1.0 of mod_websocket:
https://github.com/jchampio/apache-websocket/releases/tag/0.1.0
mod_websocket is an Apache 2.x module that allows developers to write C-
and C++-based WebSocket services. The intent is for mod_websocket-plugin
writers to develop their WebSocket services completely independently of
the Apache server API. Currently, both httpd 2.2 and 2.4 are supported.
I am not the original author of mod_websocket; it's been orphaned for a
couple of years now, and I'm stepping in as a new primary maintainer. So
if you're interested in the development or use of this module, now is an
excellent time to get involved! Download and test the code, file issues
(or try your hand at fixing one), star/fork the repo on GitHub, etc. Any
and all feedback is appreciated.
= Major New Features/Fixes =
Since the last upstream commit in 2012, here are some of the major
changes in 0.1.0:
- Incoming handshakes are now validated and rejected if they do not
conform to the WebSocket specification. This is the primary focus of
the 0.1.0 release.
- Cross-origin connections are now rejected by default, and a new
WebSocketOriginCheck directive has been added to control this
behavior.
- A major rearchitecture of the threading model fixes occasional crashes
when using mod_ssl.
- Experimental CMake support has been added for Windows builds.
- An autotest harness has been added, which uses the Autobahn TestSuite.
A full changelist can be seen at the release description on GitHub.
= Major Known Issues =
This is a pre-release, zero-dot module. There are known issues that may
preclude its use in production systems. Please understand them and take
steps to avoid them if you decide to deploy mod_websocket.
- mod_reqtimeout will prematurely close idle WebSocket connections if it
is in use.
- Apache worker threads are completely monopolized by WebSocket
connections. This makes it possible for a large number of connections
to DoS the server.
- mod_websocket suffers from poor performance when receiving extremely
fragmented messages (i.e. a large number of small frames). In an
untrusted environment, this could also lead to a denial of service
condition.
A more complete (but not necessarily exhaustive) list is available at
the repo page on GitHub:
https://github.com/jchampio/apache-websocket/issues
= Binary Compatibility =
The plugin ABI is *not* yet stable, but the 0.1.x line is
binary-compatible with the original upstream fork. So if you already
have mod_websocket plugins based on the original repository, no changes
should be required for you to use them with this release. There *will*
eventually be an ABI bump (0.2.x) to fix some known issues with the
interfaces, but I'll do my best to consolidate those compatibility
breaks and drive towards a 1.0 as soon as possible.
Thanks for your interest!
--Jacob Champion
