fnord - yet another small httpd
(Note: This is no longer actively being worked on. Go look at gatling for my more recent work)
If you want to take part in fnord, please subscribe
to the fnord mailing list (send an empty email to email@example.com).
Here is a comparison to other tiny web
servers. If you are interested in platform specific performance
hacks, please see my event notification framework.
fnord 1.6 contained a buffer overrun in the CGI code. However, since
the function does not return, this does not appear to be exploitable.
The bug was found by Ralf Wildenhues. Thanks, Ralf!
Fnord was always meant to run chrooted. Starting with 1.8, the internal
chroot code is enabled (which means you don't have to do the chroot
externally); if you run fnord as root, it will chroot to the
current working directory and drop privileges to $UID and $GID (need to
Here is the tarball: fnord-1.11.tar.bz2 [GPG sig], or
you can get the sources per anonymous CVS:
$ cvs -d :pserver:firstname.lastname@example.org:/cvs -z9 co httpd
- Small! (13k static Linux-x86 binary without CGI, 18k with CGI)
- Fast! (see this document), uses mmap (and on Linux, sendfile)
- Scalable! (see this plot from Linux
2.5.50, measured using this Linux 2.4+ specific
hack. The fnord plot ends at 8000 connections because I couldn't
open more connections before fnord kept timing out the old ones)
- connection keep-alive
- el-cheapo virtual domains (similar to thttpd)
- IPv6 support (through tcpserver)
- CGI (through pipes, not temp files like Apache)
- Content-Range (not the full specs, just a-b or a- byte ranges)
- transparent content negotiation (will serve foo.html.gz if foo.html
was asked for and browser indicates it understands deflate, same for
foo.png for foo.gif and image/png)
- Now also with directory index generation (-DDIR_LIST).
(in no particular order)
- keep-alive for CGIs
- on-the-fly gzip for CGI, as wrapper