+ <chapter id="proxy">
+ <title>The YAZ Proxy</title>
+ <para>
+ The YAZ proxy is a transparent SRW/SRU/Z39.50-to-Z39.50 gateway.
+ That is, it is a SRW/SRU/Z39.50 server which has as its back-end a
+ Z39.50 client that forwards requests on to another server (known as
+ the <firstterm>backend target</firstterm>.)
+ </para>
+ <para>
+ -- All config directives --
+ -- SRW/SRU ..
+ -- Example config
+ -- Mention XSLT conversion
+ </para>
+ <para>
+ The YAZ Proxy is useful for debugging SRW/SRU/Z39.50 software, logging
+ APDUs, redirecting Z39.50 packages through firewalls, etc.
+ Furthermore, it offers facilities that often
+ boost performance for connectionless Z39.50 clients such
+ as web gateways.
+ </para>
+ <para>
+ Unlike most other server software, the proxy runs single-threaded,
+ single-process. Every I/O operation
+ is non-blocking so it is very lightweight and extremely fast.
+ It does not store any state information on the hard drive,
+ except any log files you ask for.
+ </para>
+
+ <section id="proxy-example">
+ <title>Example: Using the Proxy to Log APDUs</title>
+ <para>
+ Suppose you use a commercial Z39.50 client for which you do not
+ have source code, and it's not behaving how you think it should
+ when running against some specific server that you have no control
+ over. One way to diagnose the problem is to find out what packets
+ (APDUs) are being sent and received, but not all client
+ applications have facilities to do APDU logging.
+ </para>
+ <para>
+ No problem. Run the proxy on a friendly machine, get it to log
+ APDUs, and point the errant client at the proxy instead of
+ directly at the server that's causing it problems.
+ </para>
+ <para>
+ Suppose the server is running on <literal>foo.bar.com</literal>,
+ port 18398. Run the proxy on the machine of your choice, say
+ <literal>your.company.com</literal> like this:
+ </para>
+ <screen>
+ yaz-proxy -a - -t tcp:foo.bar.com:18398 tcp:@:9000
+ </screen>
+ <para>
+ (The <literal>-a -</literal> option requests APDU logging on
+ standard output, <literal>-t tcp:foo.bar.com:18398</literal>
+ specifies where the backend target is, and
+ <literal>tcp:@:9000</literal> tells the proxy to listen on port
+ 9000 and accept connections from any machine.)
+ </para>
+ <para>
+ Now change your client application's configuration so that instead
+ of connecting to <literal>foo.bar.com</literal> port 18398, it
+ connects to <literal>your.company.com</literal> port 9000, and
+ start it up. It will work exactly as usual, but all the packets
+ will be sent via the proxy, which will generate a log like this:
+ </para>
+ <screen><![CDATA[
+ decode choice
+ initRequest {
+ referenceId OCTETSTRING(len=4) 69 6E 69 74
+ protocolVersion BITSTRING(len=1)
+ options BITSTRING(len=2)
+ preferredMessageSize 1048576
+ maximumRecordSize 1048576
+ implementationId 'Mike Taylor (id=169)'
+ implementationName 'Net::Z3950.pm (Perl)'
+ implementationVersion '0.31'
+ }
+ encode choice
+ initResponse {
+ referenceId OCTETSTRING(len=4) 69 6E 69 74
+ protocolVersion BITSTRING(len=1)
+ options BITSTRING(len=2)
+ preferredMessageSize 1048576
+ maximumRecordSize 1048576
+ result TRUE
+ implementationId '81'
+ implementationName 'GFS/YAZ / Zebra Information Server'
+ implementationVersion 'YAZ 1.9.1 / Zebra 1.3.3'
+ }
+ decode choice
+ searchRequest {
+ referenceId OCTETSTRING(len=1) 30
+ smallSetUpperBound 0
+ largeSetLowerBound 1
+ mediumSetPresentNumber 0
+ replaceIndicator TRUE
+ resultSetName 'default'
+ databaseNames {
+ 'gils'
+ }
+ {
+ smallSetElementSetNames choice
+ generic 'F'
+ }
+ {
+ mediumSetElementSetNames choice
+ generic 'B'
+ }
+ preferredRecordSyntax OID: 1 2 840 10003 5 10
+ {
+ query choice
+ type_1 {
+ attributeSetId OID: 1 2 840 10003 3 1
+ RPNStructure choice
+ {
+ simple choice
+ attributesPlusTerm {
+ attributes {
+ }
+ term choice
+ general OCTETSTRING(len=7) 6D 69 6E 65 72 61 6C
+ }
+ }
+ }
+ }
+ }
+]]>
+ </screen>
+ </section>
+
+ <section id="proxy-target">
+ <title>Specifying the Backend Target</title>
+ <para>
+ When the proxy receives a Z39.50 Initialize Request from a Z39.50
+ client, it determines the backend target by the following rules:
+ <orderedlist>
+ <listitem>
+ <para>If the <literal>InitializeRequest</literal> PDU from the
+ client includes an
+ <link linkend="otherinfo-encoding"><literal>otherInfo</literal></link>
+ element with OID
+ <literal>1.2.840.10003.10.1000.81.1</literal>, then the
+ contents of that element specify the target to be used, in the
+ usual YAZ address format (typically
+ <literal>tcp:<parameter>hostname</parameter>:<parameter>port</parameter></literal>)
+ as described in
+ <ulink url="http://www.indexdata.dk/yaz/doc/comstack.addresses.tkl"
+ >the Addresses section of the YAZ manual</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>Otherwise, the Proxy uses the default target, if one was
+ specified on the command-line with the <literal>-t</literal>
+ option. A default target can also be specified in the
+ XML Config file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>Otherwise, the proxy closes the connection with
+ the client.
+ </para>
+ </listitem>
+ </orderedlist>
+ </para>
+ </section>
+ <section id="proxy-keepalive">
+ <title>Keep-alive Facility</title>
+ <para>
+ The keep-alive is a facility where the proxy keeps the connection to the
+ backend - even if the client closes the connection to the proxy.
+ </para>
+ <para>
+ If a new or another client connects to the proxy again and requests the
+ same backend it will be reassigned to this backend. In this case, the
+ proxy sends an initialize response directly to the client and an
+ initialize handshake with the backend is omitted.
+ </para>
+ <para>
+ When a client reconnects, query and record caching works better, if the
+ proxy assigns it to the same backend as before. And the result set
+ (if any) is re-used. To achieve this, Index Data defined a session
+ cookie which identifies the backend session.
+ </para>
+ <para>
+ The cookie is defined by the client and is sent as part of the
+ Initialize Request and passed in an
+ <link linkend="otherinfo-encoding"><literal>otherInfo</literal></link>
+ element with OID <literal>1.2.840.10003.10.1000.81.2</literal>.
+ </para>
+ <para>
+ Clients that do not send a cookie as part of the initialize request
+ may still better performance, since the init handshake is saved.
+ </para>
+ </section>
+
+ <section id="query-cache">
+ <title>Query Caching</title>
+ <para>
+ Simple stateless clients often send identical Z39.50 searches
+ in a relatively short period of time (e.g. in order to produce a
+ results-list page, the next page,
+ a single full-record, etc). And for many targets, it's
+ much more expensive to produce a new result set than to
+ reuse an existing one.
+ </para>
+ <para>
+ The proxy tries to solve that by remembering the last query for each
+ backend target, so that if an identical query is received next, it
+ is turned into Present Requests rather than new Search Requests.
+ </para>
+ <note>
+ <para>
+ In a future we release will will probably allows for
+ an arbitrary-sized cache for targets supporting named result sets.
+ </para>
+ </note>
+ <para>
+ You can enable/disable query caching using option -o.
+ </para>
+ </section>
+
+ <section id="record-cache">
+ <title>Record Caching</title>
+ <para>
+ As an option, the proxy may also cache result set records for the
+ last search.
+ The proxy takes into account the Record Syntax and CompSpec.
+ The CompSpec includes simple element set names as well.
+ By default the cache is 200000 bytes per session.
+ </para>
+ </section>
+
+ <section id="query-validation">
+ <title>Query Validation</title>
+ <para>
+ The Proxy may also be configured to trap particular attributes in
+ Type-1 queries and send Bib-1 diagnostics back to the client without
+ even consulting the backend target. This facility may be useful if
+ a target does not properly issue diagnostics when unsupported attributes
+ are send to it.
+ </para>
+ </section>
+
+ <section id="record-validation">
+ <title>Record Syntax Validation</title>
+ <para>
+ The proxy may be configured to accept, reject or convert records.
+ When accepted, the target passes search/present requests to the
+ backend target under the assumption that the target can honor the
+ request (In fact it may not do that). When a record is rejected because
+ the record syntax is "unsupported" the proxy returns a diagnostic to the
+ client. Finally, the proxy may convert records.
+ </para>
+ <para>
+ The proxy can convert from MARC to MARCXML and thereby offer an
+ XML version of any MARC record as long as it is ISO2709 encoded.
+ If the proxy is compiled with libXSLT support it can also
+ perform XSLT on XML.
+ </para>
+ </section>
+
+ <section id="other-optimizations">
+ <title>Other Optimizations</title>
+ <para>
+ We've had some plans to support global caching of result set records,
+ but this has not yet been implemented.
+ </para>
+ </section>
+
+ <section id="proxy-config-file">
+ <title>Proxy Configuration File</title>
+ <para>
+ The Proxy may read a configuration file using option
+ <literal>-c</literal> followed by the filename of a config file.
+ </para>
+ <para>
+ The config file is XML based. The YAZ proxy must be compiled
+ with <ulink url="http://www.xmlsoft.org/">libxml2</ulink> and
+ <ulink url="http://xmlsoft.org/XSLT/">libXSLT</ulink> support in
+ order for the config file facility to be enabled.
+ </para>
+ <tip>
+ <para>To check for a config file to be well-formed, the yaz-proxy may
+ be invoked without specifying a listening port, i.e.
+ <screen>
+ yaz-proxy -c myconfig.xml
+ </screen>
+ If this does not produce errors, the file is well-formed.
+ </para>
+ </tip>
+ <section id="proxy-config-header">
+ <title>Proxy Configuration Header</title>
+ <para>
+ The proxy config file must have a root element called
+ <literal>proxy</literal>. All information except an optional XML
+ header must be stored within the <literal>proxy</literal> element.
+ </para>
+ <screen>
+ <?xml version="1.0"?>
+ <proxy>
+ <!-- content here .. -->
+ </proxy>
+ </screen>
+ </section>
+ <section id="proxy-config-target">
+ <title>Configuration: target</title>
+ <para>
+ The element <literal>target</literal> which may be repeated zero
+ or more times with parent element <literal>proxy</literal> contains
+ information about each backend target.
+ The <literal>target</literal> element have two attributes:
+ <literal>name</literal> which holds the logical name of the backend
+ target (required) and <literal>default</literal> (optional) which
+ (when given) specifies that the backend target is the default target -
+ equivalent to command line option <literal>-t</literal>.
+ </para>
+ <para>
+ <screen>
+ <?xml version="1.0"?>
+ <proxy>
+ <target name="server1" default="1">
+ <!-- description of server1 .. -->
+ </target>
+ <target name="server2">
+ <!-- description of server2 .. -->
+ </target>
+ </proxy>
+ </screen>
+ </para>
+ </section>
+ <section id="proxy-config-url">
+ <title>Configuration:url</title>
+ <para>
+ The <literal>url</literal> which may be repeated one or more times
+ should be the child of the <literal>target</literal> element.
+ The CDATA of <literal>url</literal> is the Z-URL of the backend.
+ </para>
+ <para>
+ Multiple <literal>url</literal> element may be used. In that case, then
+ a client initiates a session, the proxy chooses the URL with the lowest
+ number of active sessions, thereby distributing the load. It is
+ assumed that each URL represents the same database (data).
+ </para>
+ </section>
+ <section id="proxy-config-keepalive">
+ <title>Configuration: keepalive</title>
+ <para>The <literal>keepalive</literal> element holds information about
+ the keepalive Z39.50 sessions. Keepalive sessions are proxy-to-backend
+ sessions that is no longer associated with a client session.
+ </para>
+ <para>The <literal>keepalive</literal> element which is the child of
+ the <literal>target</literal>holds two elements:
+ <literal>bandwidth</literal> and <literal>pdu</literal>.
+ The <literal>bandwidth</literal> is the maximum total bytes
+ transferred to/from the target. If a target session exceeds this
+ limit, it is shut down (and no longer kept alive).
+ The <literal>pdu</literal> is the maximum number of requests sent
+ to the target. If a target session exceeds this limit, it is
+ shut down. The idea of these two limits is that avoid very long
+ sessions that use resources in a backend (that leaks!).
+ </para>
+ <para>
+ The following sets maximum number of bytes transferred in a
+ target session to 1 MB and maxinum of requests to 400.
+ <screen>
+ <keepalive>
+ <bandwidth>1048576</bandwidth>
+ <retrieve>400</retrieve>
+ </keepalive>
+ </screen>
+ </para>
+ </section>
+ <section id="proxy-config-limit">
+ <title>Configuration: limit</title>
+ <para>
+ The <literal>limit</literal> section specifies bandwidth/pdu requests
+ limits for an active session.
+ The proxy records bandwidth/pdu requests during the last 60 seconds
+ (1 minute). The <literal>limit</literal> may include the
+ elements <literal>bandwidth</literal>, <literal>pdu</literal>,
+ and <literal>retrieve</literal>. The <literal>bandwidth</literal>
+ measures the number of bytes transferred within the last minute.
+ The <literal>pdu</literal> is the number of requests in the last
+ minute. The <literal>retrieve</literal> holds the maximum records to
+ be retrieved in one Present Request.
+ </para>
+ <para>
+ If a bandwidth/pdu limit is reached the proxy will postpone the
+ requests to the target and wait one or more seconds. The idea of the
+ limit is to ensure that clients that downloads hundreds or thousands of
+ records do not hurt other users.
+ </para>
+ <para>
+ The following sets maximum number of bytes transferred per minute to
+ 500Kbytes and maximum number of requests to 40.
+ <screen>
+ <limit>
+ <bandwidth>524288</bandwidth>
+ <retrieve>40</retrieve>
+ </limit>
+ </screen>
+ </para>
+ <note>
+ <para>
+ Typically the limits for keepalive are much higher than
+ those for session minute average.
+ </para>
+ </note>
+ </section>
+
+ <section id="proxy-config-attribute">
+ <title>Configuration: attribute</title>
+ <para>
+ The <literal>attribute</literal> element specifies accept or reject
+ or a particular attribute type, value pair.
+ Well-behaving targets will reject unsupported attributes on their
+ own. This feature is useful for targets that do not gracefully
+ handle unsupported attributes.
+ </para>
+ <para>
+ Attribute elements may be repeated. The proxy inspects the attribute
+ specifications in the order as specified in the configuration file.
+ When a given attribute specification matches a given attribute list
+ in a query, the proxy takes appropriate action (reject, accept).
+ </para>
+ <para>
+ If no attribute specifications matches the attribute list in a query,
+ it is accepted.
+ </para>
+ <para>
+ The <literal>attribute</literal> element has two required attributes:
+ <literal>type</literal> which is the Attribute Type-1 type, and
+ <literal>value</literal> which is the Attribute Type-1 value.
+ The special value/type <literal>*</literal> matches any attribute
+ type/value. A value may also be specified as a list with each
+ value separated by comma, a value may also be specified as a
+ list: low value - dash - high value.
+ </para>
+ <para>
+ If attribute <literal>error</literal> is given, that holds a
+ Bib-1 diagnostic which is sent to the client if the particular
+ type, value is part of a query.
+ </para>
+ <para>
+ If attribute <literal>error</literal> is not given, the attribute
+ type, value is accepted and passed to the backend target.
+ </para>
+ <para>
+ A target that supports use attributes 1,4, 1000 through 1003 and
+ no other use attributes, could use the following rules:
+ <screen>
+ <attribute type="1" value="1,4,1000-1003">
+ <attribute type="1" value="*" error="114"/>
+ </screen>
+ </para>
+ </section>
+
+ <section id="proxy-config-syntax">
+ <title>Configuration: syntax</title>
+ <para>
+ The <literal>syntax</literal> element specifies accept or reject
+ or a particular record syntax request from the client.
+ </para>
+ <para>
+ The <literal>syntax</literal> has one required attribute:
+ <literal>type</literal> which is the Preferred Record Syntax.
+ </para>
+ <para>
+ If attribute <literal>error</literal> is given, that holds a
+ Bib-1 diagnostic which is sent to the client if the particular
+ record syntax is part of a present - or search request.
+ </para>
+ <para>
+ If attribute <literal>error</literal> is not given, the record syntax
+ is accepted and passed to the backend target.
+ </para>
+ <para>
+ If attribute <literal>marcxml</literal> is given, the proxy will
+ perform MARC21 to MARCXML conversion. In this case the
+ <literal>type</literal> should be XML. The proxy will use
+ preferred record syntax USMARC/MARC21 against the backend target.
+ </para>
+ <para>To accept USMARC and offer MARCXML XML records but reject
+ all other requests the following configuration could be used:
+ <screen>
+ <proxy>
+ <target name="mytarget">
+ <syntax type="usmarc"/>
+ <syntax type="xml" marcxml="1"/>
+ <syntax type="*" error="238"/>
+ </target>
+ </proxy>
+ </screen>
+ </para>
+ </section>
+
+ <section id="proxy-config-target-timeout">
+ <title>Configuration: target-timeout</title>
+ <para>
+ The element <literal>target-timeout</literal> is the child of element
+ <literal>target</literal> and specifies the amount in seconds before
+ a target session is shut down.
+ </para>
+ <para>
+ This can also be specified on the command line by using option
+ <literal>-T</literal>. Refer to <xref linkend="proxy-usage"/>.
+ </para>
+ </section>
+
+ <section id="proxy-config-client-timeout">
+ <title>Configuration: client-timeout</title>
+ <para>
+ The element <literal>client-timeout</literal> is the child of element
+ <literal>target</literal> and specifies the amount in seconds before
+ a client session is shut down.
+ </para>
+ <para>
+ This can also be specified on the command line by using option
+ <literal>-i</literal>. Refer to <xref linkend="proxy-usage"/>.
+ </para>
+ </section>
+
+ <section id="proxy-config-preinit">
+ <title>Configuration: preinit</title>
+ <para>
+ The element <literal>preinit</literal> is the child of element
+ <literal>target</literal> and specifies the number of spare
+ connection to a target. By default no spare connection are
+ created by the proxy. If the proxy uses a target exclusive or
+ a lot, the preinit session will ensure that target sessions
+ have been made before the client makes a connection and will therefore
+ reduce the connect-init handshake dramatically. Never set this to
+ more than 5.
+ </para>
+ </section>
+
+ <section id="proxy-config-max-clients">
+ <title>Configuration: max-clients</title>
+ <para>
+ The element <literal>max-clients</literal> is the child of element
+ <literal>proxy</literal> and specifies the total number of
+ allowed connections to targets (all targets). If this limit
+ is reached the proxy will close the least recently used connection.
+ </para>
+ <para>
+ Note, that many Unix systems impose a system on the number of
+ open files allowed in a single process, typically in the
+ range 256 (Solaris) to 1024 (Linux).
+ The proxy uses 2 sockets per session + a few files
+ for logging. As a rule of thumb, ensure that 2*max-clients + 5
+ can be opened by the proxy process.
+ </para>
+ <tip>
+ <para>
+ Using the <ulink url="http://www.gnu.org/software/bash/bash.html">
+ bash</ulink> shell, you can set the limit with
+ <literal>ulimit -n</literal><replaceable>no</replaceable>.
+ Use <literal>ulimit -a</literal> to display limits.
+ </para>
+ </tip>
+ </section>
+
+ <section id="proxy-config-log">
+ <title>Configuration: log</title>
+ <para>
+ The element <literal>log</literal> is the child of element
+ <literal>proxy</literal> and specifies what to be logged by the
+ proxy.
+ </para>
+ <para>
+ Specify the log file with command-line option <literal>-l</literal>.
+ </para>
+ <para>
+ The text of the <literal>log</literal> element is a sequence of
+ options separated by white space. See the table below:
+ <table frame="top"><title>Logging options</title>
+ <tgroup cols="2">
+ <colspec colwidth="1*" colname="option"/>
+ <colspec colwidth="2*" colname="description"/>
+ <thead>
+ <row>
+ <entry>Option</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><literal>client-apdu</literal></entry>
+ <entry>
+ Log APDUs as reported by YAZ for the
+ communication between the client and the proxy.
+ This facility is equivalent to the APDU logging that
+ happens when using option <literal>-a</literal>, however
+ this tells the proxy to log in the same file as given
+ by <literal>-l</literal>.
+ </entry>
+ </row>
+ <row>
+ <entry><literal>server-apdu</literal></entry>
+ <entry>
+ Log APDUs as reported by YAZ for the
+ communication between the proxy and the server (backend).
+ </entry>
+ </row>
+ <row>
+ <entry><literal>clients-requests</literal></entry>
+ <entry>
+ Log a brief description about requests transferred between
+ the client and the proxy. The name of the request and the size
+ of the APDU is logged.
+ </entry>
+ </row>
+ <row>
+ <entry><literal>server-requests</literal></entry>
+ <entry>
+ Log a brief description about requests transferred between
+ the proxy and the server (backend). The name of the request
+ and the size of the APDU is logged.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </para>
+ <para>
+ To log communication in details between the proxy and the backend, th
+ following configuration could be used:
+ <screen><![CDATA[
+ <target name="mytarget">
+ <log>server-apdu server-requests</log>
+ </target>
+]]>
+ </screen>
+ </para>
+ </section>
+
+ </section>
+ <section id="proxy-usage">
+ <title>Proxy Usage</title>
+ <para>
+ </para>
+ <refentry id="yaz-proxy">
+ &yaz-proxy-ref;
+ </refentry>
+ </section>
+ <section id="otherinfo-encoding"><title>OtherInformation Encoding</title>
+ <para>
+ The proxy uses the OtherInformation definition to carry
+ information about the target address and cookie.
+ </para>
+ <screen>
+ OtherInformation ::= [201] IMPLICIT SEQUENCE OF SEQUENCE{
+ category [1] IMPLICIT InfoCategory OPTIONAL,
+ information CHOICE{
+ characterInfo [2] IMPLICIT InternationalString,
+ binaryInfo [3] IMPLICIT OCTET STRING,
+ externallyDefinedInfo [4] IMPLICIT EXTERNAL,
+ oid [5] IMPLICIT OBJECT IDENTIFIER}}
+--
+ InfoCategory ::= SEQUENCE{
+ categoryTypeId [1] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
+ categoryValue [2] IMPLICIT INTEGER}
+ </screen>
+ <para>
+ The <literal>categoryTypeId</literal> is either
+ OID 1.2.840.10003.10.1000.81.1, 1.2.840.10003.10.1000.81.2
+ for proxy target and proxy cookie respectively. The
+ integer element <literal>category</literal> is set to 0.
+ The value proxy and cookie is stored in element
+ <literal>characterInfo</literal> of the <literal>information</literal>
+ choice.
+ </para>
+ </section>
+ </chapter>