Debian Question posted in
The oficial documentation can be found here.

Debian – Varnish Cache 7.5 – Cannot enable inline C? All methods fail

I’m running a fresh Varnish 7.5 install together with Hitch as a proxy for a remote server. It works great. But I’m trying to port in a little bit of inline C from my old install and I can’t for the life of me get Varnish to allow it. The system is Debian 11 and Varnish was installed from the official packagecloud repo via their official install script.

Varnishadm tells me this:

Varnish> param.show vcc_feature
200
vcc_feature
Value is: none,+err_unref,+allow_inline_c,+unsafe_path
Default is: none,+err_unref,+unsafe_path

And my systemd execstart for varnish tells me this:

/usr/sbin/varnishd -a :80 -a localhost:8443,PROXY -p feature=+http2 -p vcc_feature=+allow_inline_c -f /etc/varnish/default.vcl -s file,/var/lib/varnish/varnish_storage.bin,32G -p nuke_limit=999

Which is also what shows in ‘systemctl status varnish’

But VCC tells me this:

Message from VCC-compiler:
Inline-C not allowed
('/etc/varnish/widget.vcl' Line 5 Pos 5)
    C{
----##

Running VCC-compiler failed, exited with 2
VCL compilation failed

I’ve tried using param.set from varnishadm but it makes no difference. I’ve altered and reverted the systemd service file a dozen times, trying the old syntaxes for enabling it. My only real guess at this point is that because the first param set for vcc_feature is "none" that it overrides and disables all further parameters? The docs don’t really explain anything and the context is muddy. I’ve played with it for several hours off and on, tried daemon-reload and full reboot (and crushed my backend media server for a minute thereby).

How in the heck do I get inline C working here? I can’t even begin porting and adjusting my modules because I can’t get permission from the compiler to try.

Edit 1: Following Mr Feryn’s example I added a simple include to the top of default.vcl just so see if it maybe didn’t like it being added from a different file. It now looks like:

vcl 4.1;

#Import optional Varnish Modules
import std;
import bodyaccess;
import vsthrottle;
import cookie;
import directors;
import proxy;
import geoip2;

C{
    #include <stdio.h>
}C


#Import Access Control Lists and special modules.

#ACL of known TOR exit nodes (updated by root cron 4/day)
#include "/etc/varnish/tornodes.vcl";

#ACL of known public VPN nodes and subnets (updated by root cron 1/week) EMERGENCY USE ONLY
#include "/etc/varnish/VPNs.vcl";

# Default backend definition. Set this to point to your content server.
backend default {


But running "sudo varnishd -C -f /etc/varnish/default.vcl" just returns:

> Message from VCC-compiler:
Inline-C not allowed
('/etc/varnish/default.vcl' Line 27 Pos 1)
C{
##
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I believe I figured it out. When running varnishd -C to test vcl compiling it doesn't read any of the set parameters in varnishadm or treat them as generic daemon settings like I was assuming they would. I had to explicitly enable inline c in the varnishd test compile in the same same way that Mr. Faryn launched his varnish daemon in his example.

    sudo varnishd -C -f default.vcl -p vcc_feature=+allow_inline_c

    And now it tells me that the code is good. This seems like a very minor but potentially frustrating usability oversight that should really be in the docs somewhere. I would have assumed that a param set via varnishadm would be persistent in every invocation of the daemon without the need to set explicit flags. Anyway thank you very much for the help!


  2. 0

    I’m not sure what’s going on, but you seem to be doing everything right.

    I’ve tested it and I can run some basic inline-C in Varnish Cache 7.5.

    The VCL code

    Here’s the VCL I’m using:

    vcl 4.1;

backend default none;

C{
    #include <stdio.h>
}C

sub vcl_recv {
    C{
        printf( "hello worldn" );
    }C
    return(synth(200));
}

    The code returns a synthetic HTTP 200 response and prints hello world on STDOUT.

    The Docker container

    I’m running this VCL code inside the official Varnish Docker container that I start as follows:

    docker pull varnish:7.5
docker run --rm -it -u0 varnish:7.5 bash

    The startup command

    Once I put the VCL code in /etc/varnish/default.vcl, I run the following command:

    /usr/sbin/varnishd -f default.vcl -p vcc_feature=+allow_inline_c -F

    This runs Varnish in the foreground, enables inline C and loads the default VCL file.

    Triggering inline C code via curl

    Once it’s running, you can simply run curl localhost to call Varnish, which returns a synthetic response, but thanks to the inline C there’s hello world appearing on STDOUT.

    You probably need to run apt-get update && apt-get install -y vim curl to have curl available for the HTTP request and vim to edit the VCL file.

    The output

    Here’s the output I get after running curl localhost:

    Debug: Version: varnish-7.5.0 revision eef25264e5ca5f96a77129308edb83ccf84cb1b1
Debug: Platform: Linux,6.4.16-linuxkit,aarch64,-junix,-sdefault,-sdefault,-hcritbit
Debug: Child (990) Started
Child launched OK
Info: Child (990) said Child starts
Info: Child (990) said hello world

    As you can see, most of the output is related to starting Varnish, however, the last line is the result of printf( "hello worldn" ); in the VCL file.

    Conclusion

    The -p vcc_feature=+allow_inline_c runtime parameter is definitely capable of enabling inline C code in Varnish.

    Even running your varnishd command works. I altered it slightly to work with the Docker container:

    /usr/sbin/varnishd -a :80 -a 127.0.0.1:8443,PROXY -p feature=+http2 -p vcc_feature=+allow_inline_c -f /etc/varnish/default.vcl -s file,/var/lib/varnish/varnish_storage.bin,10M -p nuke_limit=999 -F

    I’m not sure what’s causing the issue for you. All I can say is: it’s not related to inline C being blocked in Varnish Cache 7.5.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search