description

See the main article from Adobe

"With the introduction of Adobe Flash Player 9,0,124,0, Flash Player will not make a socket connection directly to a server without first obtaining explicit permission from that server. This will require some systems and networks to open up ports or run new services in order to support granting permission."

This daemon handle this with performance in mind : it's written in C and with libev which permits use of KQUEUE (BSD) or EPOLL instead of SELECT/POLL.

Requirements

It has been tested successfully on the following systems :

process

Here's the engine's process :

  1. Tests which backend are available on host system (epoll / kqueue / select...) and select the best of them.
  2. Load policy file in memory
  3. Bind socket
  4. On event (ie. tcp connect()), start a loop
  5. Validate TCP handcheck and start another loop for each clients
  6. Clients are disconnected on :
    • input
    • timeout (5s)
  7. Only clients who told "<policy-file-request/>" received our answer

howto

To compile :
Run make and follow instructions...

To test it :
perl -e 'printf "<policy-file-request/>"' | nc MACHINE PORT

author(s)

Matthieu Guegan <matthieu.guegan AT virtua DOT ch> for Virtua SA