]> git.ipfire.org Git - thirdparty/squid.git/blame - src/client_side.cc
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Cleanup: zap CVS Id tags
[thirdparty/squid.git] / src / client_side.cc
CommitLineData
dd11e0b7 1/*
262a0e14 2 * $Id$
dd11e0b7 3 *
4 * DEBUG: section 33 Client-side Routines
5 * AUTHOR: Duane Wessels
6 *
2b6662ba 7 * SQUID Web Proxy Cache http://www.squid-cache.org/
e25c139f 8 * ----------------------------------------------------------
dd11e0b7 9 *
2b6662ba 10 * Squid is the result of efforts by numerous individuals from
11 * the Internet community; see the CONTRIBUTORS file for full
12 * details. Many organizations have provided support for Squid's
13 * development; see the SPONSORS file for full details. Squid is
14 * Copyrighted (C) 2001 by the Regents of the University of
15 * California; see the COPYRIGHT file for full details. Squid
16 * incorporates software developed and/or copyrighted by other
17 * sources; see the CREDITS file for full details.
dd11e0b7 18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
9e008dda 23 *
dd11e0b7 24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
9e008dda 28 *
dd11e0b7 29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
cbdec147 31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
e25c139f 32 *
dd11e0b7 33 */
f88bb09c 34
63be0a78 35/**
36 \defgroup ClientSide Client-Side Logics
37 *
38 \subsection cserrors Errors and client side
edce4d98 39 *
63be0a78 40 \par Problem the first:
41 * the store entry is no longer authoritative on the
edce4d98 42 * reply status. EBITTEST (E_ABORT) is no longer a valid test outside
43 * of client_side_reply.c.
44 * Problem the second: resources are wasted if we delay in cleaning up.
45 * Problem the third we can't depend on a connection close to clean up.
9e008dda 46 *
63be0a78 47 \par Nice thing the first:
9e008dda 48 * Any step in the stream can callback with data
edce4d98 49 * representing an error.
50 * Nice thing the second: once you stop requesting reads from upstream,
51 * upstream can be stopped too.
52 *
63be0a78 53 \par Solution #1:
54 * Error has a callback mechanism to hand over a membuf
9e008dda 55 * with the error content. The failing node pushes that back as the
edce4d98 56 * reply. Can this be generalised to reduce duplicate efforts?
57 * A: Possibly. For now, only one location uses this.
58 * How to deal with pre-stream errors?
59 * Tell client_side_reply that we *want* an error page before any
60 * stream calls occur. Then we simply read as normal.
63be0a78 61 *
62 *
63 \subsection pconn_logic Persistent connection logic:
64 *
65 \par
66 * requests (httpClientRequest structs) get added to the connection
67 * list, with the current one being chr
9e008dda 68 *
63be0a78 69 \par
70 * The request is *immediately* kicked off, and data flows through
71 * to clientSocketRecipient.
9e008dda 72 *
63be0a78 73 \par
74 * If the data that arrives at clientSocketRecipient is not for the current
75 * request, clientSocketRecipient simply returns, without requesting more
76 * data, or sending it.
77 *
78 \par
9e008dda
AJ		 79 * ClientKeepAliveNextRequest will then detect the presence of data in
80 * the next ClientHttpRequest, and will send it, restablishing the
63be0a78 81 * data flow.
edce4d98 82 */
83
f88bb09c 84#include "squid.h"
a46d2c0e 85#include "client_side.h"
c8be6d7b 86#include "clientStream.h"
ae7ff0b8 87#include "ProtoPort.h"
f5691f9c 88#include "AuthUserRequest.h"
e6ccf245 89#include "Store.h"
c4b7a5a9 90#include "comm.h"
25b6a907 91#include "HttpHdrContRange.h"
528b2c61 92#include "HttpReply.h"
93#include "HttpRequest.h"
5a7431b8 94#include "ident.h"
85944c1c 95#include "ip/IpIntercept.h"
528b2c61 96#include "MemObject.h"
97#include "fde.h"
98#include "client_side_request.h"
4fb35c3c 99#include "ACLChecklist.h"
ee0989f2 100#include "ConnectionDetail.h"
0655fa4d 101#include "client_side_reply.h"
de31d06f 102#include "ClientRequestContext.h"
0eb49b6d 103#include "MemBuf.h"
985c86bc 104#include "SquidTime.h"
5cafc1d6 105
5492ad1d 106#if LINGERING_CLOSE
107#define comm_close comm_lingering_close
108#endif
109
edce4d98 110/* our socket-related context */
62e76326 111
62e76326 112
0655fa4d 113CBDATA_CLASS_INIT(ClientSocketContext);
62e76326 114
0655fa4d 115void *
116ClientSocketContext::operator new (size_t byteCount)
117{
118 /* derived classes with different sizes must implement their own new */
119 assert (byteCount == sizeof (ClientSocketContext));
120 CBDATA_INIT_TYPE(ClientSocketContext);
121 return cbdataAlloc(ClientSocketContext);
122}
62e76326 123
0655fa4d 124void
125ClientSocketContext::operator delete (void *address)
126{
127 cbdataFree (address);
128}
7a2f978b 129
edce4d98 130/* Local functions */
528b2c61 131/* ClientSocketContext */
59a1efb2 132static ClientSocketContext *ClientSocketContextNew(ClientHttpRequest *);
edce4d98 133/* other */
2b663917 134static IOCB clientWriteComplete;
135static IOCB clientWriteBodyComplete;
1cf238db 136static bool clientParseRequest(ConnStateData * conn, bool &do_next_read);
b5c39993 137static PF clientLifetimeTimeout;
1cf238db 138static ClientSocketContext *parseHttpRequestAbort(ConnStateData * conn,
62e76326 139 const char *uri);
1cf238db 140static ClientSocketContext *parseHttpRequest(ConnStateData *, HttpParser *, HttpRequestMethod *, HttpVersion *);
3898f57f 141#if USE_IDENT
05832ae1 142static IDCB clientIdentDone;
3898f57f 143#endif
edce4d98 144static CSCB clientSocketRecipient;
145static CSD clientSocketDetach;
59a1efb2 146static void clientSetKeepaliveFlag(ClientHttpRequest *);
190154cf 147static int clientIsContentLengthValid(HttpRequest * r);
a46d2c0e 148static bool okToAccept();
47f6e231 149static int clientIsRequestBodyValid(int64_t bodyLength);
150static int clientIsRequestBodyTooLargeForPolicy(int64_t bodyLength);
50c09fc4 151
c8be6d7b 152static void clientUpdateStatHistCounters(log_type logType, int svc_time);
153static void clientUpdateStatCounters(log_type logType);
154static void clientUpdateHierCounters(HierarchyLogEntry *);
528b2c61 155static bool clientPingHasFinished(ping_data const *aPing);
190154cf 156static void clientPrepareLogWithRequestDetails(HttpRequest *, AccessLogEntry *);
e4a67a80 157#ifndef PURIFY
1cf238db 158static int connIsUsable(ConnStateData * conn);
e4a67a80 159#endif
2324cda2 160static int responseFinishedOrFailed(HttpReply * rep, StoreIOBuffer const &receivedData);
1cf238db 161static void ClientSocketContextPushDeferredIfNeeded(ClientSocketContext::Pointer deferredRequest, ConnStateData * conn);
c8be6d7b 162static void clientUpdateSocketStats(log_type logType, size_t size);
163
84cc2635 164char *skipLeadingSpace(char *aString);
3b299123 165static void connNoteUseOfBuffer(ConnStateData* conn, size_t byteCount);
1cf238db 166static int connKeepReadingIncompleteRequest(ConnStateData * conn);
167static void connCancelIncompleteRequests(ConnStateData * conn);
62e76326 168
23f6a720 169static ConnStateData *connStateCreate(const IpAddress &peer, const IpAddress &me, int fd, http_port_list *port);
528b2c61 170
ae7ff0b8 171
528b2c61 172int
173ClientSocketContext::fd() const
174{
175 assert (http);
94a396a3 176 assert (http->getConn() != NULL);
98242069 177 return http->getConn()->fd;
528b2c61 178}
c8be6d7b 179
180clientStreamNode *
528b2c61 181ClientSocketContext::getTail() const
c8be6d7b 182{
0655fa4d 183 if (http->client_stream.tail)
184 return (clientStreamNode *)http->client_stream.tail->data;
185
186 return NULL;
c8be6d7b 187}
188
189clientStreamNode *
528b2c61 190ClientSocketContext::getClientReplyContext() const
c8be6d7b 191{
528b2c61 192 return (clientStreamNode *)http->client_stream.tail->prev->data;
c8be6d7b 193}
194
63be0a78 195/**
c4b7a5a9 196 * This routine should be called to grow the inbuf and then
197 * call comm_read().
198 */
199void
a46d2c0e 200ConnStateData::readSomeData()
c4b7a5a9 201{
a46d2c0e 202 if (reading())
62e76326 203 return;
204
a46d2c0e 205 reading(true);
c4b7a5a9 206
bf8fe701 207 debugs(33, 4, "clientReadSomeData: FD " << fd << ": reading request...");
62e76326 208
a46d2c0e 209 makeSpaceAvailable();
62e76326 210
1cf238db 211 typedef CommCbMemFunT<ConnStateData, CommIoCbParams> Dialer;
212 AsyncCall::Pointer call = asyncCall(33, 5, "ConnStateData::clientReadRequest",
213 Dialer(this, &ConnStateData::clientReadRequest));
214 comm_read(fd, in.addressToReadInto(), getAvailableBufferLength(), call);
c4b7a5a9 215}
62e76326 216
c4b7a5a9 217
c8be6d7b 218void
1cf238db 219ClientSocketContext::removeFromConnectionList(ConnStateData * conn)
c8be6d7b 220{
0655fa4d 221 ClientSocketContext::Pointer *tempContextPointer;
1cf238db 222 assert(conn != NULL && cbdataReferenceValid(conn));
94a396a3 223 assert(conn->getCurrentContext() != NULL);
c8be6d7b 224 /* Unlink us from the connection request list */
0655fa4d 225 tempContextPointer = & conn->currentobject;
62e76326 226
0655fa4d 227 while (tempContextPointer->getRaw()) {
62e76326 228 if (*tempContextPointer == this)
229 break;
230
231 tempContextPointer = &(*tempContextPointer)->next;
c8be6d7b 232 }
62e76326 233
0655fa4d 234 assert(tempContextPointer->getRaw() != NULL);
528b2c61 235 *tempContextPointer = next;
236 next = NULL;
c8be6d7b 237}
ea6f43cd 238
0655fa4d 239ClientSocketContext::~ClientSocketContext()
f88bb09c 240{
0655fa4d 241 clientStreamNode *node = getTail();
242
243 if (node) {
244 ClientSocketContext *streamContext = dynamic_cast<ClientSocketContext *> (node->data.getRaw());
245
246 if (streamContext) {
247 /* We are *always* the tail - prevent recursive free */
248 assert(this == streamContext);
249 node->data = NULL;
250 }
251 }
252
253 if (connRegistered_)
254 deRegisterWithConn();
255
256 httpRequestFree(http);
257
edce4d98 258 /* clean up connection links to us */
c53577d9 259 assert(this != next.getRaw());
0655fa4d 260}
62e76326 261
0655fa4d 262void
263ClientSocketContext::registerWithConn()
264{
265 assert (!connRegistered_);
266 assert (http);
94a396a3 267 assert (http->getConn() != NULL);
0655fa4d 268 connRegistered_ = true;
98242069 269 http->getConn()->addContextToQueue(this);
0655fa4d 270}
271
272void
273ClientSocketContext::deRegisterWithConn()
274{
275 assert (connRegistered_);
98242069 276 removeFromConnectionList(http->getConn());
0655fa4d 277 connRegistered_ = false;
278}
279
280void
281ClientSocketContext::connIsFinished()
282{
283 assert (http);
94a396a3 284 assert (http->getConn() != NULL);
0655fa4d 285 deRegisterWithConn();
286 /* we can't handle any more stream data - detach */
287 clientStreamDetach(getTail(), http);
288}
289
fedd1531 290ClientSocketContext::ClientSocketContext() : http(NULL), reply(NULL), next(NULL),
0655fa4d 291 writtenToSocket(0),
292 mayUseConnection_ (false),
293 connRegistered_ (false)
294{
295 memset (reqbuf, '\0', sizeof (reqbuf));
296 flags.deferred = 0;
297 flags.parsed_ok = 0;
298 deferredparams.node = NULL;
299 deferredparams.rep = NULL;
f88bb09c 300}
301
528b2c61 302ClientSocketContext *
59a1efb2 303ClientSocketContextNew(ClientHttpRequest * http)
f88bb09c 304{
528b2c61 305 ClientSocketContext *newContext;
edce4d98 306 assert(http != NULL);
0655fa4d 307 newContext = new ClientSocketContext;
c8be6d7b 308 newContext->http = http;
309 return newContext;
4d55827a 310}
311
edce4d98 312#if USE_IDENT
4d55827a 313static void
edce4d98 314clientIdentDone(const char *ident, void *data)
4d55827a 315{
cc59d02a 316 ConnStateData *conn = (ConnStateData *)data;
edce4d98 317 xstrncpy(conn->rfc931, ident ? ident : dash_str, USER_IDENT_SZ);
e81957b7 318}
319
447e176b 320#endif
7a2f978b 321
c8be6d7b 322void
323clientUpdateStatCounters(log_type logType)
a7c05555 324{
83704487 325 statCounter.client_http.requests++;
62e76326 326
c8be6d7b 327 if (logTypeIsATcpHit(logType))
62e76326 328 statCounter.client_http.hits++;
329
c8be6d7b 330 if (logType == LOG_TCP_HIT)
62e76326 331 statCounter.client_http.disk_hits++;
c8be6d7b 332 else if (logType == LOG_TCP_MEM_HIT)
62e76326 333 statCounter.client_http.mem_hits++;
c8be6d7b 334}
335
336void
337clientUpdateStatHistCounters(log_type logType, int svc_time)
338{
83704487 339 statHistCount(&statCounter.client_http.all_svc_time, svc_time);
63be0a78 340 /**
ee1679df 341 * The idea here is not to be complete, but to get service times
342 * for only well-defined types. For example, we don't include
1d7ab0f4 343 * LOG_TCP_REFRESH_FAIL because its not really a cache hit
ee1679df 344 * (we *tried* to validate it, but failed).
345 */
62e76326 346
c8be6d7b 347 switch (logType) {
62e76326 348
1d7ab0f4 349 case LOG_TCP_REFRESH_UNMODIFIED:
62e76326 350 statHistCount(&statCounter.client_http.nh_svc_time, svc_time);
351 break;
352
ee1679df 353 case LOG_TCP_IMS_HIT:
62e76326 354 statHistCount(&statCounter.client_http.nm_svc_time, svc_time);
355 break;
356
ee1679df 357 case LOG_TCP_HIT:
62e76326 358
ee1679df 359 case LOG_TCP_MEM_HIT:
62e76326 360
b540e168 361 case LOG_TCP_OFFLINE_HIT:
62e76326 362 statHistCount(&statCounter.client_http.hit_svc_time, svc_time);
363 break;
364
ee1679df 365 case LOG_TCP_MISS:
62e76326 366
ee1679df 367 case LOG_TCP_CLIENT_REFRESH_MISS:
62e76326 368 statHistCount(&statCounter.client_http.miss_svc_time, svc_time);
369 break;
370
ee1679df 371 default:
62e76326 372 /* make compiler warnings go away */
373 break;
ee1679df 374 }
c8be6d7b 375}
376
528b2c61 377bool
c8be6d7b 378clientPingHasFinished(ping_data const *aPing)
379{
380 if (0 != aPing->stop.tv_sec && 0 != aPing->start.tv_sec)
62e76326 381 return true;
382
528b2c61 383 return false;
c8be6d7b 384}
385
386void
387clientUpdateHierCounters(HierarchyLogEntry * someEntry)
388{
389 ping_data *i;
62e76326 390
c8547a11 391 switch (someEntry->code) {
392#if USE_CACHE_DIGESTS
62e76326 393
c8547a11 394 case CD_PARENT_HIT:
62e76326 395
a196e1e4 396 case CD_SIBLING_HIT:
62e76326 397 statCounter.cd.times_used++;
398 break;
c8547a11 399#endif
62e76326 400
c8547a11 401 case SIBLING_HIT:
62e76326 402
c8547a11 403 case PARENT_HIT:
62e76326 404
c8547a11 405 case FIRST_PARENT_MISS:
62e76326 406
c8547a11 407 case CLOSEST_PARENT_MISS:
62e76326 408 statCounter.icp.times_used++;
409 i = &someEntry->ping;
410
411 if (clientPingHasFinished(i))
412 statHistCount(&statCounter.icp.query_svc_time,
413 tvSubUsec(i->start, i->stop));
414
415 if (i->timeout)
416 statCounter.icp.query_timeouts++;
417
418 break;
419
c8547a11 420 case CLOSEST_PARENT:
62e76326 421
c8547a11 422 case CLOSEST_DIRECT:
62e76326 423 statCounter.netdb.times_used++;
424
425 break;
426
69c95dd3 427 default:
62e76326 428 break;
17b6e784 429 }
a7c05555 430}
431
528b2c61 432void
433ClientHttpRequest::updateCounters()
c8be6d7b 434{
528b2c61 435 clientUpdateStatCounters(logType);
62e76326 436
528b2c61 437 if (request->errType != ERR_NONE)
62e76326 438 statCounter.client_http.errors++;
439
528b2c61 440 clientUpdateStatHistCounters(logType,
1cf238db 441 tvSubMsec(start_time, current_time));
62e76326 442
528b2c61 443 clientUpdateHierCounters(&request->hier);
c8be6d7b 444}
445
edce4d98 446void
190154cf 447clientPrepareLogWithRequestDetails(HttpRequest * request, AccessLogEntry * aLogEntry)
7a2f978b 448{
c8be6d7b 449 assert(request);
450 assert(aLogEntry);
7684c4b1 451
452 if (Config.onoff.log_mime_hdrs) {
453 Packer p;
454 MemBuf mb;
2fe7eff9 455 mb.init();
7684c4b1 456 packerToMemInit(&p, &mb);
a9925b40 457 request->header.packInto(&p);
7684c4b1 458 aLogEntry->headers.request = xstrdup(mb.buf);
459 packerClean(&p);
2fe7eff9 460 mb.clean();
7684c4b1 461 }
462
c8be6d7b 463 aLogEntry->http.method = request->method;
464 aLogEntry->http.version = request->http_ver;
c8be6d7b 465 aLogEntry->hier = request->hier;
1a86db31 466 aLogEntry->cache.requestSize += request->content_length;
30abd221 467 aLogEntry->cache.extuser = request->extacl_user.buf();
abb929f0 468
c8be6d7b 469 if (request->auth_user_request) {
f5691f9c 470
471 if (request->auth_user_request->username())
f5292c64 472 aLogEntry->cache.authuser =
f5691f9c 473 xstrdup(request->auth_user_request->username());
f5292c64 474
9e008dda 475 AUTHUSERREQUESTUNLOCK(request->auth_user_request, "request via clientPrepareLogWithRequestDetails");
7a2f978b 476 }
c8be6d7b 477}
478
479void
528b2c61 480ClientHttpRequest::logRequest()
481{
482 if (out.size || logType) {
62e76326 483 al.icp.opcode = ICP_INVALID;
484 al.url = log_uri;
bf8fe701 485 debugs(33, 9, "clientLogRequest: al.url='" << al.url << "'");
62e76326 486
90a8964c 487 if (al.reply) {
488 al.http.code = al.reply->sline.status;
30abd221 489 al.http.content_type = al.reply->content_type.buf();
90a8964c 490 } else if (loggingEntry() && loggingEntry()->mem_obj) {
0976f8db 491 al.http.code = loggingEntry()->mem_obj->getReply()->sline.status;
30abd221 492 al.http.content_type = loggingEntry()->mem_obj->getReply()->content_type.buf();
62e76326 493 }
494
bf8fe701 495 debugs(33, 9, "clientLogRequest: http.code='" << al.http.code << "'");
5f8252d2 496
90a8964c 497 if (loggingEntry() && loggingEntry()->mem_obj)
b37bde1e 498 al.cache.objectSize = loggingEntry()->contentLen();
90a8964c 499
cc192b50 500 al.cache.caddr.SetNoAddr();
501
9e008dda 502 if (getConn() != NULL) al.cache.caddr = getConn()->log_addr;
90a8964c 503
1a86db31
AJ		 504 al.cache.requestSize = req_sz;
505
506 al.cache.replySize = out.size;
90a8964c 507
0976f8db 508 al.cache.highOffset = out.offset;
90a8964c 509
62e76326 510 al.cache.code = logType;
90a8964c 511
1cf238db 512 al.cache.msec = tvSubMsec(start_time, current_time);
62e76326 513
514 if (request)
515 clientPrepareLogWithRequestDetails(request, &al);
516
94a396a3 517 if (getConn() != NULL && getConn()->rfc931[0])
98242069 518 al.cache.rfc931 = getConn()->rfc931;
62e76326 519
2ea1afad 520#if USE_SSL && 0
62e76326 521
9e008dda
AJ		 522 /* This is broken. Fails if the connection has been closed. Needs
523 * to snarf the ssl details some place earlier..
524 */
94a396a3 525 if (getConn() != NULL)
98242069 526 al.cache.ssluser = sslGetUserEmail(fd_table[getConn()->fd].ssl);
62e76326 527
a7ad6e4e 528#endif
62e76326 529
7684c4b1 530 ACLChecklist *checklist = clientAclChecklistCreate(Config.accessList.log, this);
62e76326 531
fe74b6a6 532 if (al.reply)
533 checklist->reply = HTTPMSGLOCK(al.reply);
62e76326 534
b448c119 535 if (!Config.accessList.log || checklist->fastCheck()) {
71aab4cc
AJ		 536 if(request)
537 al.request = HTTPMSGLOCK(request);
7684c4b1 538 accessLogLog(&al, checklist);
539 updateCounters();
62e76326 540
94a396a3 541 if (getConn() != NULL)
cc192b50 542 clientdbUpdate(getConn()->peer, logType, PROTO_HTTP, out.size);
7684c4b1 543 }
544
545 delete checklist;
546
547 accessLogFreeMemory(&al);
7a2f978b 548 }
c8be6d7b 549}
550
551void
528b2c61 552ClientHttpRequest::freeResources()
c8be6d7b 553{
528b2c61 554 safe_free(uri);
555 safe_free(log_uri);
556 safe_free(redirect.location);
30abd221 557 range_iter.boundary.clean();
6dd9f4bd 558 HTTPMSGUNLOCK(request);
62e76326 559
528b2c61 560 if (client_stream.tail)
62e76326 561 clientStreamAbort((clientStreamNode *)client_stream.tail->data, this);
c8be6d7b 562}
563
564void
565httpRequestFree(void *data)
566{
59a1efb2 567 ClientHttpRequest *http = (ClientHttpRequest *)data;
c8be6d7b 568 assert(http != NULL);
528b2c61 569 delete http;
7a2f978b 570}
571
a46d2c0e 572bool
573ConnStateData::areAllContextsForThisConnection() const
c8be6d7b 574{
a46d2c0e 575 assert(this != NULL);
0655fa4d 576 ClientSocketContext::Pointer context = getCurrentContext();
62e76326 577
0655fa4d 578 while (context.getRaw()) {
98242069 579 if (context->http->getConn() != this)
a46d2c0e 580 return false;
62e76326 581
582 context = context->next;
c8be6d7b 583 }
62e76326 584
a46d2c0e 585 return true;
c8be6d7b 586}
587
588void
a46d2c0e 589ConnStateData::freeAllContexts()
c8be6d7b 590{
0655fa4d 591 ClientSocketContext::Pointer context;
62e76326 592
c53577d9 593 while ((context = getCurrentContext()).getRaw() != NULL) {
0655fa4d 594 assert(getCurrentContext() !=
595 getCurrentContext()->next);
596 context->connIsFinished();
597 assert (context != currentobject);
c8be6d7b 598 }
599}
600
7a2f978b 601/* This is a handler normally called by comm_close() */
1cf238db 602void ConnStateData::connStateClosed(const CommCloseCbParams &io)
7a2f978b 603{
1cf238db 604 assert (fd == io.fd);
6e1d409c 605 deleteThis("ConnStateData::connStateClosed");
a46d2c0e 606}
62e76326 607
6e1d409c 608// cleans up before destructor is called
a2ac85d9 609void
6e1d409c 610ConnStateData::swanSong()
a46d2c0e 611{
6e1d409c 612 debugs(33, 2, "ConnStateData::swanSong: FD " << fd);
2e216b1d 613 fd = -1;
614 flags.readMoreRequests = false;
cc192b50 615 clientdbEstablished(peer, -1); /* decrement */
a46d2c0e 616 assert(areAllContextsForThisConnection());
617 freeAllContexts();
f5691f9c 618
6bf4f823 619 if (auth_user_request != NULL) {
6e1d409c 620 debugs(33, 4, "ConnStateData::swanSong: freeing auth_user_request '" << auth_user_request << "' (this is '" << this << "')");
f5691f9c 621 auth_user_request->onConnectionClose(this);
6bf4f823 622 }
6e1d409c 623
d67acb4e 624 if (pinning.fd >= 0)
9e008dda 625 comm_close(pinning.fd);
d67acb4e 626
6e1d409c
AR		 627 BodyProducer::swanSong();
628 flags.swanSang = true;
a2ac85d9 629}
630
631bool
632ConnStateData::isOpen() const
633{
10b06767 634 return cbdataReferenceValid(this) && // XXX: checking "this" in a method
9e008dda
AJ		 635 fd >= 0 &&
636 !fd_table[fd].closing();
a2ac85d9 637}
638
639ConnStateData::~ConnStateData()
640{
641 assert(this != NULL);
bf8fe701 642 debugs(33, 3, "ConnStateData::~ConnStateData: FD " << fd);
a2ac85d9 643
644 if (isOpen())
6e1d409c
AR		 645 debugs(33, 1, "BUG: ConnStateData did not close FD " << fd);
646
647 if (!flags.swanSang)
648 debugs(33, 1, "BUG: ConnStateData was not destroyed properly; FD " << fd);
62e76326 649
4f0ef8e8 650 AUTHUSERREQUESTUNLOCK(auth_user_request, "~conn");
62e76326 651
e0db3481 652 cbdataReferenceDone(port);
83fdd41a 653
279152e7
AJ		 654 if (bodyPipe != NULL)
655 stopProducingFor(bodyPipe, false);
7a2f978b 656}
657
63be0a78 658/**
c68e9c6b 659 * clientSetKeepaliveFlag() sets request->flags.proxy_keepalive.
660 * This is the client-side persistent connection flag. We need
661 * to set this relatively early in the request processing
662 * to handle hacks for broken servers and clients.
663 */
664static void
59a1efb2 665clientSetKeepaliveFlag(ClientHttpRequest * http)
c68e9c6b 666{
190154cf 667 HttpRequest *request = http->request;
c68e9c6b 668 const HttpHeader *req_hdr = &request->header;
f6329bc3 669
bf8fe701 670 debugs(33, 3, "clientSetKeepaliveFlag: http_ver = " <<
671 request->http_ver.major << "." << request->http_ver.minor);
672 debugs(33, 3, "clientSetKeepaliveFlag: method = " <<
60745f24 673 RequestMethodStr(request->method));
62e76326 674
f5e45ad8 675 HttpVersion http_ver(1,0);
676 /* we are HTTP/1.0, no matter what the client requests... */
62e76326 677
f5e45ad8 678 if (httpMsgIsPersistent(http_ver, req_hdr))
679 request->flags.proxy_keepalive = 1;
c68e9c6b 680}
681
31be8b80 682static int
190154cf 683clientIsContentLengthValid(HttpRequest * r)
31be8b80 684{
914b89a2 685 switch (r->method.id()) {
62e76326 686
ffc128c4 687 case METHOD_PUT:
62e76326 688
ffc128c4 689 case METHOD_POST:
62e76326 690 /* PUT/POST requires a request entity */
691 return (r->content_length >= 0);
692
ffc128c4 693 case METHOD_GET:
62e76326 694
ffc128c4 695 case METHOD_HEAD:
62e76326 696 /* We do not want to see a request entity on GET/HEAD requests */
697 return (r->content_length <= 0 || Config.onoff.request_entities);
698
ffc128c4 699 default:
62e76326 700 /* For other types of requests we don't care */
701 return 1;
ffc128c4 702 }
62e76326 703
ffc128c4 704 /* NOT REACHED */
31be8b80 705}
706
cf50a0af 707int
47f6e231 708clientIsRequestBodyValid(int64_t bodyLength)
7a2f978b 709{
c8be6d7b 710 if (bodyLength >= 0)
62e76326 711 return 1;
712
7a2f978b 713 return 0;
714}
715
c8be6d7b 716int
47f6e231 717clientIsRequestBodyTooLargeForPolicy(int64_t bodyLength)
efd900cb 718{
c8be6d7b 719 if (Config.maxRequestBodySize &&
62e76326 720 bodyLength > Config.maxRequestBodySize)
721 return 1; /* too large */
722
efd900cb 723 return 0;
724}
725
e4a67a80 726#ifndef PURIFY
c8be6d7b 727int
1cf238db 728connIsUsable(ConnStateData * conn)
c8be6d7b 729{
1cf238db 730 if (conn == NULL || !cbdataReferenceValid(conn) || conn->fd == -1)
62e76326 731 return 0;
732
c8be6d7b 733 return 1;
734}
735
e4a67a80 736#endif
737
0655fa4d 738ClientSocketContext::Pointer
739ConnStateData::getCurrentContext() const
c8be6d7b 740{
0655fa4d 741 assert(this);
742 return currentobject;
c8be6d7b 743}
744
745void
2324cda2 746ClientSocketContext::deferRecipientForLater(clientStreamNode * node, HttpReply * rep, StoreIOBuffer receivedData)
528b2c61 747{
bf8fe701 748 debugs(33, 2, "clientSocketRecipient: Deferring request " << http->uri);
528b2c61 749 assert(flags.deferred == 0);
750 flags.deferred = 1;
751 deferredparams.node = node;
752 deferredparams.rep = rep;
2324cda2 753 deferredparams.queuedBuffer = receivedData;
c8be6d7b 754 return;
755}
756
757int
2324cda2 758responseFinishedOrFailed(HttpReply * rep, StoreIOBuffer const & receivedData)
c8be6d7b 759{
2324cda2 760 if (rep == NULL && receivedData.data == NULL && receivedData.length == 0)
62e76326 761 return 1;
762
c8be6d7b 763 return 0;
764}
765
0655fa4d 766bool
767ClientSocketContext::startOfOutput() const
c8be6d7b 768{
0655fa4d 769 return http->out.size == 0;
c8be6d7b 770}
771
528b2c61 772size_t
47f6e231 773ClientSocketContext::lengthToSend(Range<int64_t> const &available)
528b2c61 774{
47f6e231 775 /*the size of available range can always fit in a size_t type*/
776 size_t maximum = (size_t)available.size();
2512d159 777
528b2c61 778 if (!http->request->range)
62e76326 779 return maximum;
780
528b2c61 781 assert (canPackMoreRanges());
62e76326 782
528b2c61 783 if (http->range_iter.debt() == -1)
62e76326 784 return maximum;
785
528b2c61 786 assert (http->range_iter.debt() > 0);
62e76326 787
2512d159 788 /* TODO this + the last line could be a range intersection calculation */
47f6e231 789 if (available.start < http->range_iter.currentSpec()->offset)
2512d159 790 return 0;
791
47f6e231 792 return XMIN(http->range_iter.debt(), (int64_t)maximum);
528b2c61 793}
794
c8be6d7b 795void
528b2c61 796ClientSocketContext::noteSentBodyBytes(size_t bytes)
797{
798 http->out.offset += bytes;
62e76326 799
528b2c61 800 if (!http->request->range)
62e76326 801 return;
802
528b2c61 803 if (http->range_iter.debt() != -1) {
62e76326 804 http->range_iter.debt(http->range_iter.debt() - bytes);
805 assert (http->range_iter.debt() >= 0);
528b2c61 806 }
62e76326 807
dd272b8e 808 /* debt() always stops at -1, below that is a bug */
809 assert (http->range_iter.debt() >= -1);
528b2c61 810}
62e76326 811
528b2c61 812bool
813ClientHttpRequest::multipartRangeRequest() const
814{
815 return request->multipartRangeRequest();
816}
817
818bool
819ClientSocketContext::multipartRangeRequest() const
820{
821 return http->multipartRangeRequest();
822}
823
824void
825ClientSocketContext::sendBody(HttpReply * rep, StoreIOBuffer bodyData)
c8be6d7b 826{
827 assert(rep == NULL);
528b2c61 828
829 if (!multipartRangeRequest()) {
2512d159 830 size_t length = lengthToSend(bodyData.range());
62e76326 831 noteSentBodyBytes (length);
9e008dda
AJ		 832 AsyncCall::Pointer call = commCbCall(33, 5, "clientWriteBodyComplete",
833 CommIoCbPtrFun(clientWriteBodyComplete, this));
834 comm_write(fd(), bodyData.data, length, call );
62e76326 835 return;
528b2c61 836 }
837
838 MemBuf mb;
2fe7eff9 839 mb.init();
2512d159 840 packRange(bodyData, &mb);
841
9e008dda 842 if (mb.contentSize()) {
2512d159 843 /* write */
9e008dda
AJ		 844 AsyncCall::Pointer call = commCbCall(33, 5, "clientWriteComplete",
845 CommIoCbPtrFun(clientWriteComplete, this));
846 comm_write_mbuf(fd(), &mb, call);
1cf238db 847 } else
2512d159 848 writeComplete(fd(), NULL, 0, COMM_OK);
c8be6d7b 849}
850
63be0a78 851/** put terminating boundary for multiparts */
528b2c61 852static void
30abd221 853clientPackTermBound(String boundary, MemBuf * mb)
528b2c61 854{
30abd221 855 mb->Printf("\r\n--%s--\r\n", boundary.buf());
4a7a3d56 856 debugs(33, 6, "clientPackTermBound: buf offset: " << mb->size);
528b2c61 857}
858
63be0a78 859/** appends a "part" HTTP header (as in a multi-part/range reply) to the buffer */
528b2c61 860static void
30abd221 861clientPackRangeHdr(const HttpReply * rep, const HttpHdrRangeSpec * spec, String boundary, MemBuf * mb)
528b2c61 862{
75faaa7a 863 HttpHeader hdr(hoReply);
528b2c61 864 Packer p;
865 assert(rep);
866 assert(spec);
867
868 /* put boundary */
30abd221 869 debugs(33, 5, "clientPackRangeHdr: appending boundary: " <<
870 boundary.buf());
528b2c61 871 /* rfc2046 requires to _prepend_ boundary with <crlf>! */
30abd221 872 mb->Printf("\r\n--%s\r\n", boundary.buf());
528b2c61 873
874 /* stuff the header with required entries and pack it */
62e76326 875
a9925b40 876 if (rep->header.has(HDR_CONTENT_TYPE))
877 hdr.putStr(HDR_CONTENT_TYPE, rep->header.getStr(HDR_CONTENT_TYPE));
62e76326 878
528b2c61 879 httpHeaderAddContRange(&hdr, *spec, rep->content_length);
62e76326 880
528b2c61 881 packerToMemInit(&p, mb);
62e76326 882
a9925b40 883 hdr.packInto(&p);
62e76326 884
528b2c61 885 packerClean(&p);
62e76326 886
519e0948 887 hdr.clean();
528b2c61 888
889 /* append <crlf> (we packed a header, not a reply) */
2fe7eff9 890 mb->Printf("\r\n");
528b2c61 891}
892
63be0a78 893/**
528b2c61 894 * extracts a "range" from *buf and appends them to mb, updating
895 * all offsets and such.
896 */
c8be6d7b 897void
2512d159 898ClientSocketContext::packRange(StoreIOBuffer const &source, MemBuf * mb)
528b2c61 899{
900 HttpHdrRangeIter * i = &http->range_iter;
47f6e231 901 Range<int64_t> available (source.range());
b65351fa 902 char const *buf = source.data;
62e76326 903
2512d159 904 while (i->currentSpec() && available.size()) {
62e76326 905 const size_t copy_sz = lengthToSend(available);
62e76326 906
2512d159 907 if (copy_sz) {
908 /*
909 * intersection of "have" and "need" ranges must not be empty
910 */
911 assert(http->out.offset < i->currentSpec()->offset + i->currentSpec()->length);
ed013b6c 912 assert(http->out.offset + available.size() > i->currentSpec()->offset);
2512d159 913
914 /*
915 * put boundary and headers at the beginning of a range in a
916 * multi-range
917 */
918
919 if (http->multipartRangeRequest() && i->debt() == i->currentSpec()->length) {
920 assert(http->memObject());
921 clientPackRangeHdr(
922 http->memObject()->getReply(), /* original reply */
923 i->currentSpec(), /* current range */
924 i->boundary, /* boundary, the same for all */
925 mb);
926 }
62e76326 927
2512d159 928 /*
929 * append content
930 */
4a7a3d56 931 debugs(33, 3, "clientPackRange: appending " << copy_sz << " bytes");
62e76326 932
2512d159 933 noteSentBodyBytes (copy_sz);
62e76326 934
2fe7eff9 935 mb->append(buf, copy_sz);
62e76326 936
2512d159 937 /*
938 * update offsets
939 */
940 available.start += copy_sz;
62e76326 941
2512d159 942 buf += copy_sz;
62e76326 943
2512d159 944 }
62e76326 945
946 /*
947 * paranoid check
948 */
871899ca 949 assert((available.size() >= 0 && i->debt() >= 0) || i->debt() == -1);
62e76326 950
c7329b75 951 if (!canPackMoreRanges()) {
bf8fe701 952 debugs(33, 3, "clientPackRange: Returning because !canPackMoreRanges.");
c7329b75 953
954 if (i->debt() == 0)
955 /* put terminating boundary for multiparts */
956 clientPackTermBound(i->boundary, mb);
62e76326 957
62e76326 958 return;
c7329b75 959 }
62e76326 960
47f6e231 961 int64_t next = getNextRangeOffset();
62e76326 962
963 assert (next >= http->out.offset);
964
ed013b6c 965 int64_t skip = next - http->out.offset;
62e76326 966
2512d159 967 /* adjust for not to be transmitted bytes */
968 http->out.offset = next;
969
970 if (available.size() <= skip)
62e76326 971 return;
972
2512d159 973 available.start += skip;
62e76326 974
2512d159 975 buf += skip;
976
977 if (copy_sz == 0)
978 return;
528b2c61 979 }
980}
981
63be0a78 982/** returns expected content length for multi-range replies
528b2c61 983 * note: assumes that httpHdrRangeCanonize has already been called
984 * warning: assumes that HTTP headers for individual ranges at the
985 * time of the actuall assembly will be exactly the same as
986 * the headers when clientMRangeCLen() is called */
987int
988ClientHttpRequest::mRangeCLen()
c8be6d7b 989{
47f6e231 990 int64_t clen = 0;
c8be6d7b 991 MemBuf mb;
528b2c61 992
86a2f789 993 assert(memObject());
528b2c61 994
2fe7eff9 995 mb.init();
528b2c61 996 HttpHdrRange::iterator pos = request->range->begin();
62e76326 997
528b2c61 998 while (pos != request->range->end()) {
62e76326 999 /* account for headers for this range */
2fe7eff9 1000 mb.reset();
86a2f789 1001 clientPackRangeHdr(memObject()->getReply(),
62e76326 1002 *pos, range_iter.boundary, &mb);
1003 clen += mb.size;
528b2c61 1004
62e76326 1005 /* account for range content */
1006 clen += (*pos)->length;
528b2c61 1007
4a7a3d56 1008 debugs(33, 6, "clientMRangeCLen: (clen += " << mb.size << " + " << (*pos)->length << ") == " << clen);
62e76326 1009 ++pos;
528b2c61 1010 }
62e76326 1011
528b2c61 1012 /* account for the terminating boundary */
2fe7eff9 1013 mb.reset();
62e76326 1014
528b2c61 1015 clientPackTermBound(range_iter.boundary, &mb);
62e76326 1016
528b2c61 1017 clen += mb.size;
1018
2fe7eff9 1019 mb.clean();
62e76326 1020
528b2c61 1021 return clen;
1022}
1023
63be0a78 1024/**
528b2c61 1025 * returns true if If-Range specs match reply, false otherwise
1026 */
1027static int
59a1efb2 1028clientIfRangeMatch(ClientHttpRequest * http, HttpReply * rep)
528b2c61 1029{
a9925b40 1030 const TimeOrTag spec = http->request->header.getTimeOrTag(HDR_IF_RANGE);
528b2c61 1031 /* check for parsing falure */
62e76326 1032
528b2c61 1033 if (!spec.valid)
62e76326 1034 return 0;
1035
528b2c61 1036 /* got an ETag? */
1037 if (spec.tag.str) {
a9925b40 1038 ETag rep_tag = rep->header.getETag(HDR_ETAG);
bf8fe701 1039 debugs(33, 3, "clientIfRangeMatch: ETags: " << spec.tag.str << " and " <<
1040 (rep_tag.str ? rep_tag.str : "<none>"));
62e76326 1041
1042 if (!rep_tag.str)
1043 return 0; /* entity has no etag to compare with! */
1044
1045 if (spec.tag.weak || rep_tag.weak) {
bf8fe701 1046 debugs(33, 1, "clientIfRangeMatch: Weak ETags are not allowed in If-Range: " << spec.tag.str << " ? " << rep_tag.str);
62e76326 1047 return 0; /* must use strong validator for sub-range requests */
1048 }
1049
1050 return etagIsEqual(&rep_tag, &spec.tag);
528b2c61 1051 }
62e76326 1052
528b2c61 1053 /* got modification time? */
1054 if (spec.time >= 0) {
86a2f789 1055 return http->storeEntry()->lastmod <= spec.time;
528b2c61 1056 }
62e76326 1057
528b2c61 1058 assert(0); /* should not happen */
1059 return 0;
1060}
1061
63be0a78 1062/**
1063 * generates a "unique" boundary string for multipart responses
528b2c61 1064 * the caller is responsible for cleaning the string */
30abd221 1065String
528b2c61 1066ClientHttpRequest::rangeBoundaryStr() const
1067{
1068 assert(this);
1069 const char *key;
7dbca7a4
AJ		 1070 String b(APP_FULLNAME);
1071 b.append(":",1);
86a2f789 1072 key = storeEntry()->getMD5Text();
528b2c61 1073 b.append(key, strlen(key));
1074 return b;
1075}
1076
63be0a78 1077/** adds appropriate Range headers if needed */
528b2c61 1078void
1079ClientSocketContext::buildRangeHeader(HttpReply * rep)
1080{
1081 HttpHeader *hdr = rep ? &rep->header : 0;
1082 const char *range_err = NULL;
190154cf 1083 HttpRequest *request = http->request;
528b2c61 1084 assert(request->range);
1085 /* check if we still want to do ranges */
62e76326 1086
528b2c61 1087 if (!rep)
62e76326 1088 range_err = "no [parse-able] reply";
528b2c61 1089 else if ((rep->sline.status != HTTP_OK) && (rep->sline.status != HTTP_PARTIAL_CONTENT))
62e76326 1090 range_err = "wrong status code";
a9925b40 1091 else if (hdr->has(HDR_CONTENT_RANGE))
62e76326 1092 range_err = "origin server does ranges";
528b2c61 1093 else if (rep->content_length < 0)
62e76326 1094 range_err = "unknown length";
86a2f789 1095 else if (rep->content_length != http->memObject()->getReply()->content_length)
62e76326 1096 range_err = "INCONSISTENT length"; /* a bug? */
96cbbe03 1097
1098 /* hits only - upstream peer determines correct behaviour on misses, and client_side_reply determines
9e008dda 1099 * hits candidates
96cbbe03 1100 */
a9925b40 1101 else if (logTypeIsATcpHit(http->logType) && http->request->header.has(HDR_IF_RANGE) && !clientIfRangeMatch(http, rep))
62e76326 1102 range_err = "If-Range match failed";
528b2c61 1103 else if (!http->request->range->canonize(rep))
62e76326 1104 range_err = "canonization failed";
528b2c61 1105 else if (http->request->range->isComplex())
62e76326 1106 range_err = "too complex range header";
86f6a21f 1107 else if (!logTypeIsATcpHit(http->logType) && http->request->range->offsetLimitExceeded())
62e76326 1108 range_err = "range outside range_offset_limit";
1109
528b2c61 1110 /* get rid of our range specs on error */
1111 if (range_err) {
b631f31c 1112 /* XXX We do this here because we need canonisation etc. However, this current
9e008dda 1113 * code will lead to incorrect store offset requests - the store will have the
b631f31c 1114 * offset data, but we won't be requesting it.
1115 * So, we can either re-request, or generate an error
1116 */
bf8fe701 1117 debugs(33, 3, "clientBuildRangeHeader: will not do ranges: " << range_err << ".");
00d77d6b 1118 delete http->request->range;
62e76326 1119 http->request->range = NULL;
c8be6d7b 1120 } else {
3cff087f 1121 /* XXX: TODO: Review, this unconditional set may be wrong. - TODO: review. */
1122 httpStatusLineSet(&rep->sline, rep->sline.version,
1123 HTTP_PARTIAL_CONTENT, NULL);
fedd1531 1124 // web server responded with a valid, but unexpected range.
1125 // will (try-to) forward as-is.
1126 //TODO: we should cope with multirange request/responses
1127 bool replyMatchRequest = rep->content_range != NULL ?
1128 request->range->contains(rep->content_range->spec) :
1129 true;
62e76326 1130 const int spec_count = http->request->range->specs.count;
47f6e231 1131 int64_t actual_clen = -1;
62e76326 1132
47f6e231 1133 debugs(33, 3, "clientBuildRangeHeader: range spec count: " <<
9e008dda 1134 spec_count << " virgin clen: " << rep->content_length);
62e76326 1135 assert(spec_count > 0);
1136 /* ETags should not be returned with Partial Content replies? */
a9925b40 1137 hdr->delById(HDR_ETAG);
62e76326 1138 /* append appropriate header(s) */
1139
1140 if (spec_count == 1) {
fedd1531 1141 if (!replyMatchRequest) {
1142 hdr->delById(HDR_CONTENT_RANGE);
1143 hdr->putContRange(rep->content_range);
1144 actual_clen = rep->content_length;
1145 //http->range_iter.pos = rep->content_range->spec.begin();
1146 (*http->range_iter.pos)->offset = rep->content_range->spec.offset;
1147 (*http->range_iter.pos)->length = rep->content_range->spec.length;
1148
1149 } else {
1150 HttpHdrRange::iterator pos = http->request->range->begin();
1151 assert(*pos);
1152 /* append Content-Range */
1153
1154 if (!hdr->has(HDR_CONTENT_RANGE)) {
1155 /* No content range, so this was a full object we are
1156 * sending parts of.
1157 */
1158 httpHeaderAddContRange(hdr, **pos, rep->content_length);
1159 }
1160
1161 /* set new Content-Length to the actual number of bytes
1162 * transmitted in the message-body */
1163 actual_clen = (*pos)->length;
62e76326 1164 }
62e76326 1165 } else {
1166 /* multipart! */
1167 /* generate boundary string */
1168 http->range_iter.boundary = http->rangeBoundaryStr();
1169 /* delete old Content-Type, add ours */
a9925b40 1170 hdr->delById(HDR_CONTENT_TYPE);
62e76326 1171 httpHeaderPutStrf(hdr, HDR_CONTENT_TYPE,
1172 "multipart/byteranges; boundary=\"%s\"",
30abd221 1173 http->range_iter.boundary.buf());
62e76326 1174 /* Content-Length is not required in multipart responses
1175 * but it is always nice to have one */
1176 actual_clen = http->mRangeCLen();
2512d159 1177 /* http->out needs to start where we want data at */
1178 http->out.offset = http->range_iter.currentSpec()->offset;
62e76326 1179 }
1180
1181 /* replace Content-Length header */
1182 assert(actual_clen >= 0);
1183
a9925b40 1184 hdr->delById(HDR_CONTENT_LENGTH);
62e76326 1185
47f6e231 1186 hdr->putInt64(HDR_CONTENT_LENGTH, actual_clen);
62e76326 1187
bf8fe701 1188 debugs(33, 3, "clientBuildRangeHeader: actual content length: " << actual_clen);
62e76326 1189
1190 /* And start the range iter off */
1191 http->range_iter.updateSpec();
c8be6d7b 1192 }
528b2c61 1193}
1194
1195void
1196ClientSocketContext::prepareReply(HttpReply * rep)
1197{
fedd1531 1198 reply = rep;
1199
528b2c61 1200 if (http->request->range)
62e76326 1201 buildRangeHeader(rep);
528b2c61 1202}
1203
1204void
1205ClientSocketContext::sendStartOfMessage(HttpReply * rep, StoreIOBuffer bodyData)
1206{
1207 prepareReply(rep);
528b2c61 1208 assert (rep);
06a5ae20 1209 MemBuf *mb = rep->pack();
528b2c61 1210 /* Save length of headers for persistent conn checks */
032785bf 1211 http->out.headers_sz = mb->contentSize();
528b2c61 1212#if HEADERS_LOG
62e76326 1213
528b2c61 1214 headersLog(0, 0, http->request->method, rep);
1215#endif
62e76326 1216
c8be6d7b 1217 if (bodyData.data && bodyData.length) {
62e76326 1218 if (!multipartRangeRequest()) {
2512d159 1219 size_t length = lengthToSend(bodyData.range());
62e76326 1220 noteSentBodyBytes (length);
1221
2fe7eff9 1222 mb->append(bodyData.data, length);
62e76326 1223 } else {
032785bf 1224 packRange(bodyData, mb);
62e76326 1225 }
c8be6d7b 1226 }
62e76326 1227
c8be6d7b 1228 /* write */
425802c8 1229 debugs(33,7, HERE << "sendStartOfMessage schedules clientWriteComplete");
9e008dda
AJ		 1230 AsyncCall::Pointer call = commCbCall(33, 5, "clientWriteComplete",
1231 CommIoCbPtrFun(clientWriteComplete, this));
1cf238db 1232 comm_write_mbuf(fd(), mb, call);
62e76326 1233
032785bf 1234 delete mb;
c8be6d7b 1235}
1236
63be0a78 1237/**
7dc5f514 1238 * Write a chunk of data to a client socket. If the reply is present,
1239 * send the reply headers down the wire too, and clean them up when
1240 * finished.
9e008dda 1241 * Pre-condition:
edce4d98 1242 * The request is one backed by a connection, not an internal request.
1243 * data context is not NULL
1244 * There are no more entries in the stream chain.
2246b732 1245 */
edce4d98 1246static void
59a1efb2 1247clientSocketRecipient(clientStreamNode * node, ClientHttpRequest * http,
2324cda2 1248 HttpReply * rep, StoreIOBuffer receivedData)
edce4d98 1249{
1250 int fd;
edce4d98 1251 /* Test preconditions */
1252 assert(node != NULL);
559da936 1253 PROF_start(clientSocketRecipient);
62e76326 1254 /* TODO: handle this rather than asserting
9e008dda
AJ		 1255 * - it should only ever happen if we cause an abort and
1256 * the callback chain loops back to here, so we can simply return.
1257 * However, that itself shouldn't happen, so it stays as an assert for now.
edce4d98 1258 */
1259 assert(cbdataReferenceValid(node));
edce4d98 1260 assert(node->node.next == NULL);
0655fa4d 1261 ClientSocketContext::Pointer context = dynamic_cast<ClientSocketContext *>(node->data.getRaw());
94a396a3 1262 assert(context != NULL);
98242069 1263 assert(connIsUsable(http->getConn()));
1264 fd = http->getConn()->fd;
528b2c61 1265 /* TODO: check offset is what we asked for */
62e76326 1266
98242069 1267 if (context != http->getConn()->getCurrentContext()) {
2324cda2 1268 context->deferRecipientForLater(node, rep, receivedData);
559da936 1269 PROF_stop(clientSocketRecipient);
62e76326 1270 return;
edce4d98 1271 }
62e76326 1272
2324cda2 1273 if (responseFinishedOrFailed(rep, receivedData)) {
0655fa4d 1274 context->writeComplete(fd, NULL, 0, COMM_OK);
559da936 1275 PROF_stop(clientSocketRecipient);
62e76326 1276 return;
edce4d98 1277 }
62e76326 1278
0655fa4d 1279 if (!context->startOfOutput())
2324cda2 1280 context->sendBody(rep, receivedData);
7684c4b1 1281 else {
a4785954 1282 assert(rep);
90a8964c 1283 http->al.reply = HTTPMSGLOCK(rep);
2324cda2 1284 context->sendStartOfMessage(rep, receivedData);
7684c4b1 1285 }
fc68f6b1 1286
559da936 1287 PROF_stop(clientSocketRecipient);
edce4d98 1288}
1289
63be0a78 1290/**
1291 * Called when a downstream node is no longer interested in
edce4d98 1292 * our data. As we are a terminal node, this means on aborts
1293 * only
1294 */
1295void
59a1efb2 1296clientSocketDetach(clientStreamNode * node, ClientHttpRequest * http)
edce4d98 1297{
edce4d98 1298 /* Test preconditions */
1299 assert(node != NULL);
62e76326 1300 /* TODO: handle this rather than asserting
9e008dda
AJ		 1301 * - it should only ever happen if we cause an abort and
1302 * the callback chain loops back to here, so we can simply return.
edce4d98 1303 * However, that itself shouldn't happen, so it stays as an assert for now.
1304 */
1305 assert(cbdataReferenceValid(node));
1306 /* Set null by ContextFree */
edce4d98 1307 assert(node->node.next == NULL);
0655fa4d 1308 /* this is the assert discussed above */
e4a67a80 1309 assert(NULL == dynamic_cast<ClientSocketContext *>(node->data.getRaw()));
edce4d98 1310 /* We are only called when the client socket shutsdown.
1311 * Tell the prev pipeline member we're finished
1312 */
1313 clientStreamDetach(node, http);
7a2f978b 1314}
1315
f4f278b5 1316static void
25f651c1 1317clientWriteBodyComplete(int fd, char *buf, size_t size, comm_err_t errflag, int xerrno, void *data)
f4f278b5 1318{
425802c8 1319 debugs(33,7, HERE << "clientWriteBodyComplete schedules clientWriteComplete");
2b663917 1320 clientWriteComplete(fd, NULL, size, errflag, xerrno, data);
c8be6d7b 1321}
1322
1323void
a46d2c0e 1324ConnStateData::readNextRequest()
c8be6d7b 1325{
bf8fe701 1326 debugs(33, 5, "ConnStateData::readNextRequest: FD " << fd << " reading next req");
1327
a46d2c0e 1328 fd_note(fd, "Waiting for next request");
63be0a78 1329 /**
c8be6d7b 1330 * Set the timeout BEFORE calling clientReadRequest().
1331 */
1cf238db 1332 typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
1333 AsyncCall::Pointer timeoutCall = asyncCall(33, 5, "ConnStateData::requestTimeout",
9e008dda 1334 TimeoutDialer(this, &ConnStateData::requestTimeout));
1cf238db 1335 commSetTimeout(fd, Config.Timeout.persistent_request, timeoutCall);
1336
a46d2c0e 1337 readSomeData();
63be0a78 1338 /** Please don't do anything with the FD past here! */
c8be6d7b 1339}
1340
1341void
1cf238db 1342ClientSocketContextPushDeferredIfNeeded(ClientSocketContext::Pointer deferredRequest, ConnStateData * conn)
c8be6d7b 1343{
bf8fe701 1344 debugs(33, 2, "ClientSocketContextPushDeferredIfNeeded: FD " << conn->fd << " Sending next");
1345
63be0a78 1346 /** If the client stream is waiting on a socket write to occur, then */
62e76326 1347
c8be6d7b 1348 if (deferredRequest->flags.deferred) {
63be0a78 1349 /** NO data is allowed to have been sent. */
62e76326 1350 assert(deferredRequest->http->out.size == 0);
63be0a78 1351 /** defer now. */
62e76326 1352 clientSocketRecipient(deferredRequest->deferredparams.node,
1353 deferredRequest->http,
1354 deferredRequest->deferredparams.rep,
1355 deferredRequest->deferredparams.queuedBuffer);
c8be6d7b 1356 }
62e76326 1357
63be0a78 1358 /** otherwise, the request is still active in a callbacksomewhere,
c8be6d7b 1359 * and we are done
f4f278b5 1360 */
f4f278b5 1361}
1362
0655fa4d 1363void
1364ClientSocketContext::keepaliveNextRequest()
1a92a1e2 1365{
1cf238db 1366 ConnStateData * conn = http->getConn();
f900210a 1367 bool do_next_read = false;
bd4e6ec8 1368
bf8fe701 1369 debugs(33, 3, "ClientSocketContext::keepaliveNextRequest: FD " << conn->fd);
0655fa4d 1370 connIsFinished();
1371
d67acb4e
AJ		 1372 if (conn->pinning.pinned && conn->pinning.fd == -1) {
1373 debugs(33, 2, "clientKeepaliveNextRequest: FD " << conn->fd << " Connection was pinned but server side gone. Terminating client connection");
1374 comm_close(conn->fd);
1375 return;
1376 }
1377
63be0a78 1378 /** \par
f900210a 1379 * Attempt to parse a request from the request buffer.
1380 * If we've been fed a pipelined request it may already
1381 * be in our read buffer.
1382 *
63be0a78 1383 \par
f900210a 1384 * This needs to fall through - if we're unlucky and parse the _last_ request
1385 * from our read buffer we may never re-register for another client read.
1386 */
1387
1388 if (clientParseRequest(conn, do_next_read)) {
bf8fe701 1389 debugs(33, 3, "clientSocketContext::keepaliveNextRequest: FD " << conn->fd << ": parsed next request from buffer");
f900210a 1390 }
1391
63be0a78 1392 /** \par
f900210a 1393 * Either we need to kick-start another read or, if we have
1394 * a half-closed connection, kill it after the last request.
1395 * This saves waiting for half-closed connections to finished being
1396 * half-closed _AND_ then, sometimes, spending "Timeout" time in
1397 * the keepalive "Waiting for next request" state.
1398 */
1399 if (commIsHalfClosed(conn->fd) && (conn->getConcurrentRequestCount() == 0)) {
bf8fe701 1400 debugs(33, 3, "ClientSocketContext::keepaliveNextRequest: half-closed client with no pending requests, closing");
f900210a 1401 comm_close(conn->fd);
1402 return;
1403 }
1404
0655fa4d 1405 ClientSocketContext::Pointer deferredRequest;
62e76326 1406
63be0a78 1407 /** \par
f900210a 1408 * At this point we either have a parsed request (which we've
1409 * kicked off the processing for) or not. If we have a deferred
1410 * request (parsed but deferred for pipeling processing reasons)
1411 * then look at processing it. If not, simply kickstart
1412 * another read.
1413 */
1414
1415 if ((deferredRequest = conn->getCurrentContext()).getRaw()) {
bf8fe701 1416 debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling PushDeferredIfNeeded");
62e76326 1417 ClientSocketContextPushDeferredIfNeeded(deferredRequest, conn);
f900210a 1418 } else {
bf8fe701 1419 debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling conn->readNextRequest()");
f900210a 1420 conn->readNextRequest();
1421 }
1a92a1e2 1422}
1423
c8be6d7b 1424void
1425clientUpdateSocketStats(log_type logType, size_t size)
1426{
1427 if (size == 0)
62e76326 1428 return;
1429
c8be6d7b 1430 kb_incr(&statCounter.client_http.kbytes_out, size);
62e76326 1431
c8be6d7b 1432 if (logTypeIsATcpHit(logType))
62e76326 1433 kb_incr(&statCounter.client_http.hit_kbytes_out, size);
c8be6d7b 1434}
1435
63be0a78 1436/**
528b2c61 1437 * increments iterator "i"
63be0a78 1438 * used by clientPackMoreRanges
1439 *
1440 \retval true there is still data available to pack more ranges
9e008dda 1441 \retval false
63be0a78 1442 */
528b2c61 1443bool
1444ClientSocketContext::canPackMoreRanges() const
1445{
63be0a78 1446 /** first update iterator "i" if needed */
62e76326 1447
528b2c61 1448 if (!http->range_iter.debt()) {
63be0a78 1449 debugs(33, 5, "ClientSocketContext::canPackMoreRanges: At end of current range spec for FD " << fd());
62e76326 1450
1451 if (http->range_iter.pos.incrementable())
1452 ++http->range_iter.pos;
1453
1454 http->range_iter.updateSpec();
528b2c61 1455 }
62e76326 1456
528b2c61 1457 assert(!http->range_iter.debt() == !http->range_iter.currentSpec());
63be0a78 1458
528b2c61 1459 /* paranoid sync condition */
1460 /* continue condition: need_more_data */
bf8fe701 1461 debugs(33, 5, "ClientSocketContext::canPackMoreRanges: returning " << (http->range_iter.currentSpec() ? true : false));
528b2c61 1462 return http->range_iter.currentSpec() ? true : false;
1463}
1464
47f6e231 1465int64_t
528b2c61 1466ClientSocketContext::getNextRangeOffset() const
1467{
1468 if (http->request->range) {
62e76326 1469 /* offset in range specs does not count the prefix of an http msg */
47f6e231 1470 debugs (33, 5, "ClientSocketContext::getNextRangeOffset: http offset " << http->out.offset);
62e76326 1471 /* check: reply was parsed and range iterator was initialized */
1472 assert(http->range_iter.valid);
1473 /* filter out data according to range specs */
1474 assert (canPackMoreRanges());
1475 {
47f6e231 1476 int64_t start; /* offset of still missing data */
62e76326 1477 assert(http->range_iter.currentSpec());
1478 start = http->range_iter.currentSpec()->offset + http->range_iter.currentSpec()->length - http->range_iter.debt();
47f6e231 1479 debugs(33, 3, "clientPackMoreRanges: in: offset: " << http->out.offset);
1480 debugs(33, 3, "clientPackMoreRanges: out:"
9e008dda
AJ		 1481 " start: " << start <<
1482 " spec[" << http->range_iter.pos - http->request->range->begin() << "]:" <<
1483 " [" << http->range_iter.currentSpec()->offset <<
1484 ", " << http->range_iter.currentSpec()->offset + http->range_iter.currentSpec()->length << "),"
1485 " len: " << http->range_iter.currentSpec()->length <<
1486 " debt: " << http->range_iter.debt());
62e76326 1487 if (http->range_iter.currentSpec()->length != -1)
1488 assert(http->out.offset <= start); /* we did not miss it */
1489
1490 return start;
1491 }
1492
fedd1531 1493 } else if (reply && reply->content_range) {
1494 /* request does not have ranges, but reply does */
63be0a78 1495 /** \todo FIXME: should use range_iter_pos on reply, as soon as reply->content_range
1496 * becomes HttpHdrRange rather than HttpHdrRangeSpec.
1497 */
fedd1531 1498 return http->out.offset + reply->content_range->spec.offset;
528b2c61 1499 }
1500
1501 return http->out.offset;
1502}
1503
c8be6d7b 1504void
528b2c61 1505ClientSocketContext::pullData()
c8be6d7b 1506{
ec69c304 1507 debugs(33, 5, "ClientSocketContext::pullData: FD " << fd() <<
9e008dda 1508 " attempting to pull upstream data");
bf8fe701 1509
c8be6d7b 1510 /* More data will be coming from the stream. */
528b2c61 1511 StoreIOBuffer readBuffer;
1512 /* XXX: Next requested byte in the range sequence */
1513 /* XXX: length = getmaximumrangelenfgth */
1514 readBuffer.offset = getNextRangeOffset();
c8be6d7b 1515 readBuffer.length = HTTP_REQBUF_SZ;
528b2c61 1516 readBuffer.data = reqbuf;
1517 /* we may note we have reached the end of the wanted ranges */
1518 clientStreamRead(getTail(), http, readBuffer);
1519}
1520
62e76326 1521clientStream_status_t
528b2c61 1522ClientSocketContext::socketState()
1523{
1524 switch (clientStreamStatus(getTail(), http)) {
62e76326 1525
1526 case STREAM_NONE:
528b2c61 1527 /* check for range support ending */
62e76326 1528
528b2c61 1529 if (http->request->range) {
62e76326 1530 /* check: reply was parsed and range iterator was initialized */
1531 assert(http->range_iter.valid);
1532 /* filter out data according to range specs */
1533
1534 if (!canPackMoreRanges()) {
920ba08d 1535 debugs(33, 5, HERE << "Range request at end of returnable " <<
9e008dda 1536 "range sequence on FD " << fd());
62e76326 1537
1538 if (http->request->flags.proxy_keepalive)
1539 return STREAM_COMPLETE;
1540 else
1541 return STREAM_UNPLANNED_COMPLETE;
1542 }
fedd1531 1543 } else if (reply && reply->content_range) {
425802c8 1544 /* reply has content-range, but Squid is not managing ranges */
1545 const int64_t &bytesSent = http->out.offset;
1546 const int64_t &bytesExpected = reply->content_range->spec.length;
fedd1531 1547
425802c8 1548 debugs(33, 7, HERE << "body bytes sent vs. expected: " <<
9e008dda
AJ		 1549 bytesSent << " ? " << bytesExpected << " (+" <<
1550 reply->content_range->spec.offset << ")");
425802c8 1551
1552 // did we get at least what we expected, based on range specs?
1553
1554 if (bytesSent == bytesExpected) // got everything
1555 return STREAM_COMPLETE;
1556
1557 // The logic below is not clear: If we got more than we
1558 // expected why would persistency matter? Should not this
1559 // always be an error?
1560 if (bytesSent > bytesExpected) { // got extra
fedd1531 1561 if (http->request->flags.proxy_keepalive)
1562 return STREAM_COMPLETE;
1563 else
1564 return STREAM_UNPLANNED_COMPLETE;
1565 }
425802c8 1566
1567 // did not get enough yet, expecting more
62e76326 1568 }
1569
1570 return STREAM_NONE;
1571
1572 case STREAM_COMPLETE:
528b2c61 1573 return STREAM_COMPLETE;
62e76326 1574
1575 case STREAM_UNPLANNED_COMPLETE:
1576 return STREAM_UNPLANNED_COMPLETE;
1577
1578 case STREAM_FAILED:
1579 return STREAM_FAILED;
528b2c61 1580 }
62e76326 1581
528b2c61 1582 fatal ("unreachable code\n");
1583 return STREAM_NONE;
c8be6d7b 1584}
edce4d98 1585
63be0a78 1586/**
1587 * A write has just completed to the client, or we have just realised there is
edce4d98 1588 * no more data to send.
1589 */
e6ccf245 1590void
2b663917 1591clientWriteComplete(int fd, char *bufnotused, size_t size, comm_err_t errflag, int xerrno, void *data)
7a2f978b 1592{
528b2c61 1593 ClientSocketContext *context = (ClientSocketContext *)data;
0655fa4d 1594 context->writeComplete (fd, bufnotused, size, errflag);
1595}
1596
55e44db9 1597void
1598ClientSocketContext::doClose()
1599{
1600 comm_close(fd());
1601}
1602
6e1d409c
AR		 1603/** Called to initiate (and possibly complete) closing of the context.
1604 * The underlying socket may be already closed */
55e44db9 1605void
5f8252d2 1606ClientSocketContext::initiateClose(const char *reason)
55e44db9 1607{
5f8252d2 1608 debugs(33, 5, HERE << "initiateClose: closing for " << reason);
fc68f6b1 1609
3b299123 1610 if (http != NULL) {
1cf238db 1611 ConnStateData * conn = http->getConn();
3b299123 1612
1613 if (conn != NULL) {
3e62bd58 1614 if (const int64_t expecting = conn->bodySizeLeft()) {
5f8252d2 1615 debugs(33, 5, HERE << "ClientSocketContext::initiateClose: " <<
1616 "closing, but first " << conn << " needs to read " <<
1617 expecting << " request body bytes with " <<
1618 conn->in.notYetUsed << " notYetUsed");
1619
1620 if (conn->closing()) {
1621 debugs(33, 2, HERE << "avoiding double-closing " << conn);
1622 return;
1623 }
fc68f6b1 1624
3b299123 1625 /*
1626 * XXX We assume the reply fits in the TCP transmit
1627 * window. If not the connection may stall while sending
1628 * the reply (before reaching here) if the client does not
1629 * try to read the response while sending the request body.
1630 * As of yet we have not received any complaints indicating
1631 * this may be an issue.
55e44db9 1632 */
5f8252d2 1633 conn->startClosing(reason);
fc68f6b1 1634
3b299123 1635 return;
1636 }
1637 }
55e44db9 1638 }
1639
1640 doClose();
1641}
1642
0655fa4d 1643void
1644ClientSocketContext::writeComplete(int fd, char *bufnotused, size_t size, comm_err_t errflag)
1645{
86a2f789 1646 StoreEntry *entry = http->storeEntry();
7a2f978b 1647 http->out.size += size;
c8be6d7b 1648 assert(fd > -1);
e4049756 1649 debugs(33, 5, "clientWriteComplete: FD " << fd << ", sz " << size <<
1650 ", err " << errflag << ", off " << http->out.size << ", len " <<
707fdc47 1651 entry ? entry->objectLen() : 0);
c8be6d7b 1652 clientUpdateSocketStats(http->logType, size);
55e44db9 1653 assert (this->fd() == fd);
62e76326 1654
5f8252d2 1655 /* Bail out quickly on COMM_ERR_CLOSING - close handlers will tidy up */
fc68f6b1 1656
5f8252d2 1657 if (errflag == COMM_ERR_CLOSING)
1658 return;
1659
c8be6d7b 1660 if (errflag || clientHttpRequestStatus(fd, http)) {
5f8252d2 1661 initiateClose("failure or true request status");
62e76326 1662 /* Do we leak here ? */
1663 return;
edce4d98 1664 }
62e76326 1665
0655fa4d 1666 switch (socketState()) {
62e76326 1667
edce4d98 1668 case STREAM_NONE:
0655fa4d 1669 pullData();
62e76326 1670 break;
1671
edce4d98 1672 case STREAM_COMPLETE:
bf8fe701 1673 debugs(33, 5, "clientWriteComplete: FD " << fd << " Keeping Alive");
0655fa4d 1674 keepaliveNextRequest();
62e76326 1675 return;
1676
edce4d98 1677 case STREAM_UNPLANNED_COMPLETE:
6e1d409c
AR		 1678 initiateClose("STREAM_UNPLANNED_COMPLETE");
1679 return;
62e76326 1680
edce4d98 1681 case STREAM_FAILED:
6e1d409c 1682 initiateClose("STREAM_FAILED");
62e76326 1683 return;
1684
edce4d98 1685 default:
62e76326 1686 fatal("Hit unreachable code in clientWriteComplete\n");
7a2f978b 1687 }
1688}
1689
e6ccf245 1690extern "C" CSR clientGetMoreData;
1691extern "C" CSS clientReplyStatus;
1692extern "C" CSD clientReplyDetach;
edce4d98 1693
528b2c61 1694static ClientSocketContext *
1cf238db 1695parseHttpRequestAbort(ConnStateData * conn, const char *uri)
038eb4ed 1696{
59a1efb2 1697 ClientHttpRequest *http;
528b2c61 1698 ClientSocketContext *context;
1699 StoreIOBuffer tempBuffer;
a0355e95 1700 http = new ClientHttpRequest(conn);
c8be6d7b 1701 http->req_sz = conn->in.notYetUsed;
edce4d98 1702 http->uri = xstrdup(uri);
c4b7a5a9 1703 setLogUri (http, uri);
528b2c61 1704 context = ClientSocketContextNew(http);
c8be6d7b 1705 tempBuffer.data = context->reqbuf;
1706 tempBuffer.length = HTTP_REQBUF_SZ;
edce4d98 1707 clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach,
0655fa4d 1708 clientReplyStatus, new clientReplyContext(http), clientSocketRecipient,
62e76326 1709 clientSocketDetach, context, tempBuffer);
edce4d98 1710 return context;
038eb4ed 1711}
1712
c8be6d7b 1713char *
1714skipLeadingSpace(char *aString)
1715{
1716 char *result = aString;
62e76326 1717
c8be6d7b 1718 while (xisspace(*aString))
62e76326 1719 ++aString;
1720
c8be6d7b 1721 return result;
1722}
1723
63be0a78 1724/**
d4a04ed5 1725 * 'end' defaults to NULL for backwards compatibility
1726 * remove default value if we ever get rid of NULL-terminated
1727 * request buffers.
1728 */
1729const char *
1730findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end)
c8be6d7b 1731{
d4a04ed5 1732 if (NULL == end) {
1733 end = uriAndHTTPVersion + strcspn(uriAndHTTPVersion, "\r\n");
1734 assert(end);
1735 }
62e76326 1736
d4a04ed5 1737 for (; end > uriAndHTTPVersion; end--) {
1738 if (*end == '\n' || *end == '\r')
62e76326 1739 continue;
1740
d4a04ed5 1741 if (xisspace(*end)) {
1742 if (strncasecmp(end + 1, "HTTP/", 5) == 0)
1743 return end + 1;
62e76326 1744 else
1745 break;
1746 }
c8be6d7b 1747 }
62e76326 1748
3f38a55e 1749 return NULL;
c8be6d7b 1750}
1751
c8be6d7b 1752void
59a1efb2 1753setLogUri(ClientHttpRequest * http, char const *uri)
c8be6d7b 1754{
a46d0227 1755 safe_free(http->log_uri);
62e76326 1756
c8be6d7b 1757 if (!stringHasCntl(uri))
62e76326 1758 http->log_uri = xstrndup(uri, MAX_URL);
c8be6d7b 1759 else
62e76326 1760 http->log_uri = xstrndup(rfc1738_escape_unescaped(uri), MAX_URL);
c8be6d7b 1761}
1762
3f38a55e 1763static void
1cf238db 1764prepareAcceleratedURL(ConnStateData * conn, ClientHttpRequest *http, char *url, const char *req_hdr)
62e76326 1765{
3f38a55e 1766 int vhost = conn->port->vhost;
1767 int vport = conn->port->vport;
1768 char *host;
cc192b50 1769 char ntoabuf[MAX_IPSTRLEN];
c8be6d7b 1770
3f38a55e 1771 http->flags.accel = 1;
c8be6d7b 1772
3f38a55e 1773 /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */
c8be6d7b 1774
34399323 1775 if (strncasecmp(url, "cache_object://", 15) == 0)
1776 return; /* already in good shape */
1777
3f38a55e 1778 if (*url != '/') {
62e76326 1779 if (conn->port->vhost)
1780 return; /* already in good shape */
1781
1782 /* else we need to ignore the host name */
1783 url = strstr(url, "//");
1784
3f38a55e 1785#if SHOULD_REJECT_UNKNOWN_URLS
62e76326 1786
1787 if (!url)
1788 return parseHttpRequestAbort(conn, "error:invalid-request");
1789
c8be6d7b 1790#endif
62e76326 1791
1792 if (url)
1793 url = strchr(url + 2, '/');
1794
1795 if (!url)
1796 url = (char *) "/";
3f38a55e 1797 }
1798
1799 if (internalCheck(url)) {
62e76326 1800 /* prepend our name & port */
1801 http->uri = xstrdup(internalLocalUri(NULL, url));
ae7ff0b8 1802 return;
1803 }
1804
1805 const bool switchedToHttps = conn->switchedToHttps();
1806 const bool tryHostHeader = vhost || switchedToHttps;
1807 if (tryHostHeader && (host = mime_get_header(req_hdr, "Host")) != NULL) {
62e76326 1808 int url_sz = strlen(url) + 32 + Config.appendDomainLen +
1809 strlen(host);
1810 http->uri = (char *)xcalloc(url_sz, 1);
ae7ff0b8 1811 const char *protocol = switchedToHttps ?
9e008dda 1812 "https" : conn->port->protocol;
ae7ff0b8 1813 snprintf(http->uri, url_sz, "%s://%s%s", protocol, host, url);
bf8fe701 1814 debugs(33, 5, "ACCEL VHOST REWRITE: '" << http->uri << "'");
3f38a55e 1815 } else if (conn->port->defaultsite) {
62e76326 1816 int url_sz = strlen(url) + 32 + Config.appendDomainLen +
1817 strlen(conn->port->defaultsite);
1818 http->uri = (char *)xcalloc(url_sz, 1);
1819 snprintf(http->uri, url_sz, "%s://%s%s",
1820 conn->port->protocol, conn->port->defaultsite, url);
bf8fe701 1821 debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: '" << http->uri <<"'");
3f38a55e 1822 } else if (vport == -1) {
62e76326 1823 /* Put the local socket IP address as the hostname. */
1824 int url_sz = strlen(url) + 32 + Config.appendDomainLen;
1825 http->uri = (char *)xcalloc(url_sz, 1);
1826 snprintf(http->uri, url_sz, "%s://%s:%d%s",
98242069 1827 http->getConn()->port->protocol,
cc192b50 1828 http->getConn()->me.NtoA(ntoabuf,MAX_IPSTRLEN),
1829 http->getConn()->me.GetPort(), url);
bf8fe701 1830 debugs(33, 5, "ACCEL VPORT REWRITE: '" << http->uri << "'");
3f38a55e 1831 } else if (vport > 0) {
62e76326 1832 /* Put the local socket IP address as the hostname, but static port */
1833 int url_sz = strlen(url) + 32 + Config.appendDomainLen;
1834 http->uri = (char *)xcalloc(url_sz, 1);
1835 snprintf(http->uri, url_sz, "%s://%s:%d%s",
98242069 1836 http->getConn()->port->protocol,
cc192b50 1837 http->getConn()->me.NtoA(ntoabuf,MAX_IPSTRLEN),
62e76326 1838 vport, url);
bf8fe701 1839 debugs(33, 5, "ACCEL VPORT REWRITE: '" << http->uri << "'");
3f38a55e 1840 }
1841}
1842
1843static void
1cf238db 1844prepareTransparentURL(ConnStateData * conn, ClientHttpRequest *http, char *url, const char *req_hdr)
62e76326 1845{
3f38a55e 1846 char *host;
cc192b50 1847 char ntoabuf[MAX_IPSTRLEN];
3f38a55e 1848
3f38a55e 1849 if (*url != '/')
62e76326 1850 return; /* already in good shape */
3f38a55e 1851
1852 /* BUG: Squid cannot deal with '*' URLs (RFC2616 5.1.2) */
1853
f024c970 1854 if ((host = mime_get_header(req_hdr, "Host")) != NULL) {
62e76326 1855 int url_sz = strlen(url) + 32 + Config.appendDomainLen +
1856 strlen(host);
1857 http->uri = (char *)xcalloc(url_sz, 1);
1858 snprintf(http->uri, url_sz, "%s://%s%s",
1859 conn->port->protocol, host, url);
bf8fe701 1860 debugs(33, 5, "TRANSPARENT HOST REWRITE: '" << http->uri <<"'");
c8be6d7b 1861 } else {
62e76326 1862 /* Put the local socket IP address as the hostname. */
1863 int url_sz = strlen(url) + 32 + Config.appendDomainLen;
1864 http->uri = (char *)xcalloc(url_sz, 1);
1865 snprintf(http->uri, url_sz, "%s://%s:%d%s",
98242069 1866 http->getConn()->port->protocol,
cc192b50 1867 http->getConn()->me.NtoA(ntoabuf,MAX_IPSTRLEN),
1868 http->getConn()->me.GetPort(), url);
bf8fe701 1869 debugs(33, 5, "TRANSPARENT REWRITE: '" << http->uri << "'");
c8be6d7b 1870 }
c8be6d7b 1871}
1872
63be0a78 1873/**
7a2f978b 1874 * parseHttpRequest()
9e008dda 1875 *
7a2f978b 1876 * Returns
c4b7a5a9 1877 * NULL on incomplete requests
528b2c61 1878 * a ClientSocketContext structure on success or failure.
c4b7a5a9 1879 * Sets result->flags.parsed_ok to 0 if failed to parse the request.
1880 * Sets result->flags.parsed_ok to 1 if we have a good request.
7a2f978b 1881 */
528b2c61 1882static ClientSocketContext *
1cf238db 1883parseHttpRequest(ConnStateData *conn, HttpParser *hp, HttpRequestMethod * method_p, HttpVersion *http_ver)
7a2f978b 1884{
7a2f978b 1885 char *url = NULL;
1886 char *req_hdr = NULL;
2334c194 1887 char *end;
c68e9c6b 1888 size_t req_sz;
59a1efb2 1889 ClientHttpRequest *http;
528b2c61 1890 ClientSocketContext *result;
1891 StoreIOBuffer tempBuffer;
84cc2635 1892 int r;
7a2f978b 1893
6792f0d3 1894 /* pre-set these values to make aborting simpler */
6792f0d3 1895 *method_p = METHOD_NONE;
6792f0d3 1896
84cc2635 1897 /* Attempt to parse the first line; this'll define the method, url, version and header begin */
1898 r = HttpParserParseReqLine(hp);
fc68f6b1 1899
84cc2635 1900 if (r == 0) {
bf8fe701 1901 debugs(33, 5, "Incomplete request, waiting for end of request line");
fc68f6b1 1902 return NULL;
7a2f978b 1903 }
fc68f6b1 1904
84cc2635 1905 if (r == -1) {
1906 return parseHttpRequestAbort(conn, "error:invalid-request");
1907 }
fc68f6b1 1908
84cc2635 1909 /* Request line is valid here .. */
1910 *http_ver = HttpVersion(hp->v_maj, hp->v_min);
62e76326 1911
52512f28 1912 /* This call scans the entire request, not just the headers */
84cc2635 1913 if (hp->v_maj > 0) {
a5baffba 1914 if ((req_sz = headersEnd(hp->buf, hp->bufsiz)) == 0) {
bf8fe701 1915 debugs(33, 5, "Incomplete request, waiting for end of headers");
62e76326 1916 return NULL;
1917 }
3f38a55e 1918 } else {
bf8fe701 1919 debugs(33, 3, "parseHttpRequest: Missing HTTP identifier");
84cc2635 1920 req_sz = HttpParserReqSz(hp);
3f38a55e 1921 }
1922
52512f28 1923 /* We know the whole request is in hp->buf now */
1924
a5baffba 1925 assert(req_sz <= (size_t) hp->bufsiz);
fc68f6b1 1926
a5baffba 1927 /* Will the following be true with HTTP/0.9 requests? probably not .. */
1928 /* So the rest of the code will need to deal with '0'-byte headers (ie, none, so don't try parsing em) */
1929 assert(req_sz > 0);
fc68f6b1 1930
a5baffba 1931 hp->hdr_end = req_sz - 1;
fc68f6b1 1932
a5baffba 1933 hp->hdr_start = hp->req_end + 1;
3f38a55e 1934
5b648f60 1935 /* Enforce max_request_size */
5b648f60 1936 if (req_sz >= Config.maxRequestHeaderSize) {
bf8fe701 1937 debugs(33, 5, "parseHttpRequest: Too large request");
5b648f60 1938 return parseHttpRequestAbort(conn, "error:request-too-large");
1939 }
1940
84cc2635 1941 /* Set method_p */
60745f24 1942 *method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]+1);
fc68f6b1 1943
84cc2635 1944 if (*method_p == METHOD_NONE) {
fc68f6b1 1945 /* XXX need a way to say "this many character length string" */
bf8fe701 1946 debugs(33, 1, "clientParseRequestMethod: Unsupported method in request '" << hp->buf << "'");
1947
fc68f6b1 1948 /* XXX where's the method set for this error? */
84cc2635 1949 return parseHttpRequestAbort(conn, "error:unsupported-request-method");
3f38a55e 1950 }
7a2f978b 1951
84cc2635 1952 /* set url */
1953 /*
1954 * XXX this should eventually not use a malloc'ed buffer; the transformation code
1955 * below needs to be modified to not expect a mutable nul-terminated string.
1956 */
1957 url = (char *)xmalloc(hp->u_end - hp->u_start + 16);
fc68f6b1 1958
84cc2635 1959 memcpy(url, hp->buf + hp->u_start, hp->u_end - hp->u_start + 1);
fc68f6b1 1960
84cc2635 1961 url[hp->u_end - hp->u_start + 1] = '\0';
62e76326 1962
c68e9c6b 1963 /*
1964 * Process headers after request line
c8be6d7b 1965 * TODO: Use httpRequestParse here.
c68e9c6b 1966 */
84cc2635 1967 /* XXX this code should be modified to take a const char * later! */
1968 req_hdr = (char *) hp->buf + hp->req_end + 1;
fc68f6b1 1969
bf8fe701 1970 debugs(33, 3, "parseHttpRequest: req_hdr = {" << req_hdr << "}");
fc68f6b1 1971
52512f28 1972 end = (char *) hp->buf + hp->hdr_end;
fc68f6b1 1973
bf8fe701 1974 debugs(33, 3, "parseHttpRequest: end = {" << end << "}");
99edd1c3 1975
3e83e8b2
AJ		 1976 /*
1977 * Check that the headers don't have double-CR.
1978 * NP: strnstr is required so we don't search any possible binary body blobs.
1979 */
cee08cbc 1980 if ( squid_strnstr(req_hdr, "\r\r\n", req_sz) ) {
bf8fe701 1981 debugs(33, 1, "WARNING: suspicious HTTP request contains double CR");
fc68f6b1 1982 xfree(url);
47ac2ebe 1983 return parseHttpRequestAbort(conn, "error:double-CR");
1984 }
1985
bf8fe701 1986 debugs(33, 3, "parseHttpRequest: prefix_sz = " <<
1987 (int) HttpParserRequestLen(hp) << ", req_line_sz = " <<
1988 HttpParserReqSz(hp));
62e76326 1989
7a2f978b 1990 /* Ok, all headers are received */
a0355e95 1991 http = new ClientHttpRequest(conn);
62e76326 1992
a5baffba 1993 http->req_sz = HttpParserRequestLen(hp);
528b2c61 1994 result = ClientSocketContextNew(http);
c8be6d7b 1995 tempBuffer.data = result->reqbuf;
1996 tempBuffer.length = HTTP_REQBUF_SZ;
62e76326 1997
0655fa4d 1998 ClientStreamData newServer = new clientReplyContext(http);
0655fa4d 1999 ClientStreamData newClient = result;
edce4d98 2000 clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach,
0655fa4d 2001 clientReplyStatus, newServer, clientSocketRecipient,
2002 clientSocketDetach, newClient, tempBuffer);
62e76326 2003
bf8fe701 2004 debugs(33, 5, "parseHttpRequest: Request Header is\n" <<(hp->buf) + hp->hdr_start);
3f38a55e 2005
ba9ebd0a 2006#if THIS_VIOLATES_HTTP_SPECS_ON_URL_TRANSFORMATION
62e76326 2007
7a2f978b 2008 if ((t = strchr(url, '#'))) /* remove HTML anchors */
62e76326 2009 *t = '\0';
2010
ba9ebd0a 2011#endif
7a2f978b 2012
3f38a55e 2013 /* Rewrite the URL in transparent or accelerator mode */
89272111
AJ		 2014 /* NP: there are several cases to traverse here:
2015 * - standard mode (forward proxy)
2016 * - transparent mode (TPROXY)
2017 * - transparent mode with failures
2018 * - intercept mode (NAT)
2019 * - intercept mode with failures
2020 * - accelerator mode (reverse proxy)
2021 * - internal URL
2022 * - mixed combos of the above with internal URL
2023 */
a46d2c0e 2024 if (conn->transparent()) {
89272111 2025 /* intercept or transparent mode, properly working with no failures */
891de1fe
AJ		 2026 http->flags.intercepted = conn->port->intercepted;
2027 http->flags.spoof_client_ip = conn->port->spoof_client_ip;
89272111
AJ		 2028 prepareTransparentURL(conn, http, url, req_hdr);
2029
2030 } else if (conn->port->intercepted || conn->port->spoof_client_ip) {
2031 /* transparent or intercept mode with failures */
62e76326 2032 prepareTransparentURL(conn, http, url, req_hdr);
89272111 2033
ae7ff0b8 2034 } else if (conn->port->accel || conn->switchedToHttps()) {
89272111 2035 /* accelerator mode */
62e76326 2036 prepareAcceleratedURL(conn, http, url, req_hdr);
89272111 2037
2f2749d7 2038 } else if (internalCheck(url)) {
89272111 2039 /* internal URL mode */
2f2749d7 2040 /* prepend our name & port */
2041 http->uri = xstrdup(internalLocalUri(NULL, url));
2f2749d7 2042 http->flags.accel = 1;
3f38a55e 2043 }
2044
2045 if (!http->uri) {
62e76326 2046 /* No special rewrites have been applied above, use the
2047 * requested url. may be rewritten later, so make extra room */
2048 int url_sz = strlen(url) + Config.appendDomainLen + 5;
2049 http->uri = (char *)xcalloc(url_sz, 1);
2050 strcpy(http->uri, url);
3f38a55e 2051 }
62e76326 2052
c8be6d7b 2053 setLogUri(http, http->uri);
bf8fe701 2054 debugs(33, 5, "parseHttpRequest: Complete request received");
c4b7a5a9 2055 result->flags.parsed_ok = 1;
84cc2635 2056 xfree(url);
c8be6d7b 2057 return result;
7a2f978b 2058}
2059
c8be6d7b 2060int
a46d2c0e 2061ConnStateData::getAvailableBufferLength() const
c8be6d7b 2062{
1a419b96 2063 int result = in.allocatedSize - in.notYetUsed - 1;
2064 assert (result >= 0);
2065 return result;
c8be6d7b 2066}
2067
2068void
a46d2c0e 2069ConnStateData::makeSpaceAvailable()
c8be6d7b 2070{
a46d2c0e 2071 if (getAvailableBufferLength() < 2) {
2072 in.buf = (char *)memReallocBuf(in.buf, in.allocatedSize * 2, &in.allocatedSize);
4a7a3d56 2073 debugs(33, 2, "growing request buffer: notYetUsed=" << in.notYetUsed << " size=" << in.allocatedSize);
c8be6d7b 2074 }
2075}
2076
2077void
0655fa4d 2078ConnStateData::addContextToQueue(ClientSocketContext * context)
c8be6d7b 2079{
0655fa4d 2080 ClientSocketContext::Pointer *S;
62e76326 2081
0655fa4d 2082 for (S = (ClientSocketContext::Pointer *) & currentobject; S->getRaw();
3d0ac046 2083 S = &(*S)->next);
c8be6d7b 2084 *S = context;
62e76326 2085
0655fa4d 2086 ++nrequests;
c8be6d7b 2087}
2088
2089int
0655fa4d 2090ConnStateData::getConcurrentRequestCount() const
c8be6d7b 2091{
2092 int result = 0;
0655fa4d 2093 ClientSocketContext::Pointer *T;
62e76326 2094
0655fa4d 2095 for (T = (ClientSocketContext::Pointer *) &currentobject;
3d0ac046 2096 T->getRaw(); T = &(*T)->next, ++result);
c8be6d7b 2097 return result;
2098}
2099
2100int
1cf238db 2101ConnStateData::connReadWasError(comm_err_t flag, int size, int xerrno)
c8be6d7b 2102{
c4b7a5a9 2103 if (flag != COMM_OK) {
1cf238db 2104 debugs(33, 2, "connReadWasError: FD " << fd << ": got flag " << flag);
62e76326 2105 return 1;
c4b7a5a9 2106 }
62e76326 2107
c8be6d7b 2108 if (size < 0) {
f3400a93 2109 if (!ignoreErrno(xerrno)) {
1cf238db 2110 debugs(33, 2, "connReadWasError: FD " << fd << ": " << xstrerr(xerrno));
62e76326 2111 return 1;
1cf238db 2112 } else if (in.notYetUsed == 0) {
2113 debugs(33, 2, "connReadWasError: FD " << fd << ": no data to process (" << xstrerr(xerrno) << ")");
62e76326 2114 }
c8be6d7b 2115 }
62e76326 2116
c8be6d7b 2117 return 0;
2118}
2119
2120int
1cf238db 2121ConnStateData::connFinishedWithConn(int size)
c8be6d7b 2122{
2123 if (size == 0) {
1cf238db 2124 if (getConcurrentRequestCount() == 0 && in.notYetUsed == 0) {
62e76326 2125 /* no current or pending requests */
1cf238db 2126 debugs(33, 4, "connFinishedWithConn: FD " << fd << " closed");
62e76326 2127 return 1;
2128 } else if (!Config.onoff.half_closed_clients) {
2129 /* admin doesn't want to support half-closed client sockets */
1cf238db 2130 debugs(33, 3, "connFinishedWithConn: FD " << fd << " aborted (half_closed_clients disabled)");
62e76326 2131 return 1;
2132 }
c8be6d7b 2133 }
62e76326 2134
c8be6d7b 2135 return 0;
2136}
2137
2138void
3b299123 2139connNoteUseOfBuffer(ConnStateData* conn, size_t byteCount)
c8be6d7b 2140{
2141 assert(byteCount > 0 && byteCount <= conn->in.notYetUsed);
2142 conn->in.notYetUsed -= byteCount;
d5fa7219 2143 debugs(33, 5, HERE << "conn->in.notYetUsed = " << conn->in.notYetUsed);
c8be6d7b 2144 /*
9e008dda 2145 * If there is still data that will be used,
c8be6d7b 2146 * move it to the beginning.
2147 */
62e76326 2148
c8be6d7b 2149 if (conn->in.notYetUsed > 0)
62e76326 2150 xmemmove(conn->in.buf, conn->in.buf + byteCount,
2151 conn->in.notYetUsed);
c8be6d7b 2152}
2153
2154int
1cf238db 2155connKeepReadingIncompleteRequest(ConnStateData * conn)
c8be6d7b 2156{
2157 return conn->in.notYetUsed >= Config.maxRequestHeaderSize ? 0 : 1;
2158}
2159
2160void
1cf238db 2161connCancelIncompleteRequests(ConnStateData * conn)
c8be6d7b 2162{
528b2c61 2163 ClientSocketContext *context = parseHttpRequestAbort(conn, "error:request-too-large");
2164 clientStreamNode *node = context->getClientReplyContext();
c8be6d7b 2165 assert(!connKeepReadingIncompleteRequest(conn));
4a7a3d56 2166 debugs(33, 1, "Request header is too large (" << conn->in.notYetUsed << " bytes)");
2167 debugs(33, 1, "Config 'request_header_max_size'= " << Config.maxRequestHeaderSize << " bytes.");
0655fa4d 2168 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2169 assert (repContext);
2170 repContext->setReplyToError(ERR_TOO_BIG,
2171 HTTP_REQUEST_ENTITY_TOO_LARGE, METHOD_NONE, NULL,
cc192b50 2172 conn->peer, NULL, NULL, NULL);
0655fa4d 2173 context->registerWithConn();
528b2c61 2174 context->pullData();
c8be6d7b 2175}
2176
1cf238db 2177void
2178ConnStateData::clientMaybeReadData(int do_next_read)
7a2f978b 2179{
c4b7a5a9 2180 if (do_next_read) {
1cf238db 2181 flags.readMoreRequests = true;
2182 readSomeData();
c4b7a5a9 2183 }
2184}
2185
1cf238db 2186void
2187ConnStateData::clientAfterReadingRequests(int do_next_read)
c4b7a5a9 2188{
3b299123 2189 /*
2190 * If (1) we are reading a message body, (2) and the connection
2191 * is half-closed, and (3) we didn't get the entire HTTP request
2192 * yet, then close this connection.
2193 */
62e76326 2194
3b299123 2195 if (fd_table[fd].flags.socket_eof) {
1cf238db 2196 if ((int64_t)in.notYetUsed < bodySizeLeft()) {
62e76326 2197 /* Partial request received. Abort client connection! */
bf8fe701 2198 debugs(33, 3, "clientAfterReadingRequests: FD " << fd << " aborted, partial request");
62e76326 2199 comm_close(fd);
2200 return;
2201 }
c4b7a5a9 2202 }
2203
1cf238db 2204 clientMaybeReadData (do_next_read);
c4b7a5a9 2205}
2206
c4b7a5a9 2207static void
1cf238db 2208clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, HttpVersion http_ver)
c4b7a5a9 2209{
59a1efb2 2210 ClientHttpRequest *http = context->http;
190154cf 2211 HttpRequest *request = NULL;
5f8252d2 2212 bool notedUseOfBuffer = false;
2213
c4b7a5a9 2214 /* We have an initial client stream in place should it be needed */
2215 /* setup our private context */
0655fa4d 2216 context->registerWithConn();
c4b7a5a9 2217
2218 if (context->flags.parsed_ok == 0) {
62e76326 2219 clientStreamNode *node = context->getClientReplyContext();
bf8fe701 2220 debugs(33, 1, "clientProcessRequest: Invalid Request");
0655fa4d 2221 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2222 assert (repContext);
cc192b50 2223 repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, NULL, conn->peer, NULL, conn->in.buf, NULL);
62e76326 2224 assert(context->http->out.offset == 0);
2225 context->pullData();
48962ba8 2226 conn->flags.readMoreRequests = false;
fc68f6b1 2227 goto finish;
c4b7a5a9 2228 }
2229
c21ad0f5 2230 if ((request = HttpRequest::CreateFromUrlAndMethod(http->uri, method)) == NULL) {
62e76326 2231 clientStreamNode *node = context->getClientReplyContext();
bf8fe701 2232 debugs(33, 5, "Invalid URL: " << http->uri);
0655fa4d 2233 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2234 assert (repContext);
cc192b50 2235 repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
62e76326 2236 assert(context->http->out.offset == 0);
2237 context->pullData();
48962ba8 2238 conn->flags.readMoreRequests = false;
fc68f6b1 2239 goto finish;
62e76326 2240 }
c4b7a5a9 2241
528b2c61 2242 /* compile headers */
2243 /* we should skip request line! */
666f514b 2244 /* XXX should actually know the damned buffer size here */
a5baffba 2245 if (!request->parseHeader(HttpParserHdrBuf(hp), HttpParserHdrSz(hp))) {
47ac2ebe 2246 clientStreamNode *node = context->getClientReplyContext();
bf8fe701 2247 debugs(33, 5, "Failed to parse request headers:\n" << HttpParserHdrBuf(hp));
47ac2ebe 2248 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2249 assert (repContext);
cc192b50 2250 repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
47ac2ebe 2251 assert(context->http->out.offset == 0);
2252 context->pullData();
48962ba8 2253 conn->flags.readMoreRequests = false;
fc68f6b1 2254 goto finish;
47ac2ebe 2255 }
c4b7a5a9 2256
2257 request->flags.accelerated = http->flags.accel;
2ad20b4f
AJ		 2258
2259 /** \par
2260 * If transparent or interception mode is working clone the transparent and interception flags
2261 * from the port settings to the request.
2262 */
85944c1c 2263 if (IpInterceptor.InterceptActive()) {
2ad20b4f
AJ		 2264 request->flags.intercepted = http->flags.intercepted;
2265 }
85944c1c 2266 if (IpInterceptor.TransparentActive()) {
f165d2fb 2267 request->flags.spoof_client_ip = conn->port->spoof_client_ip;
2ad20b4f 2268 }
fc68f6b1 2269
30abd221 2270 if (internalCheck(request->urlpath.buf())) {
cc192b50 2271 if (internalHostnameIs(request->GetHost()) &&
f024c970 2272 request->port == getMyPort()) {
2273 http->flags.internal = 1;
30abd221 2274 } else if (Config.onoff.global_internal_static && internalStaticCheck(request->urlpath.buf())) {
cc192b50 2275 request->SetHost(internalHostname());
f024c970 2276 request->port = getMyPort();
2277 http->flags.internal = 1;
62e76326 2278 }
f024c970 2279 }
e72a0ec0 2280
f024c970 2281 if (http->flags.internal) {
2282 request->protocol = PROTO_HTTP;
2283 request->login[0] = '\0';
c4b7a5a9 2284 }
2285
c4b7a5a9 2286 request->flags.internal = http->flags.internal;
2287 setLogUri (http, urlCanonicalClean(request));
cc192b50 2288 request->client_addr = conn->peer;
3d674977
AJ		 2289#if FOLLOW_X_FORWARDED_FOR
2290 request->indirect_client_addr = conn->peer;
2291#endif /* FOLLOW_X_FORWARDED_FOR */
cc192b50 2292 request->my_addr = conn->me;
8ae66e43 2293 request->http_ver = http_ver;
62e76326 2294
c4b7a5a9 2295 if (!urlCheckRequest(request) ||
a9925b40 2296 request->header.has(HDR_TRANSFER_ENCODING)) {
62e76326 2297 clientStreamNode *node = context->getClientReplyContext();
0655fa4d 2298 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2299 assert (repContext);
2300 repContext->setReplyToError(ERR_UNSUP_REQ,
2301 HTTP_NOT_IMPLEMENTED, request->method, NULL,
cc192b50 2302 conn->peer, request, NULL, NULL);
62e76326 2303 assert(context->http->out.offset == 0);
2304 context->pullData();
48962ba8 2305 conn->flags.readMoreRequests = false;
fc68f6b1 2306 goto finish;
c4b7a5a9 2307 }
2308
2309
2310 if (!clientIsContentLengthValid(request)) {
62e76326 2311 clientStreamNode *node = context->getClientReplyContext();
0655fa4d 2312 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2313 assert (repContext);
2314 repContext->setReplyToError(ERR_INVALID_REQ,
2315 HTTP_LENGTH_REQUIRED, request->method, NULL,
cc192b50 2316 conn->peer, request, NULL, NULL);
62e76326 2317 assert(context->http->out.offset == 0);
2318 context->pullData();
48962ba8 2319 conn->flags.readMoreRequests = false;
fc68f6b1 2320 goto finish;
c4b7a5a9 2321 }
2322
6dd9f4bd 2323 http->request = HTTPMSGLOCK(request);
c4b7a5a9 2324 clientSetKeepaliveFlag(http);
62e76326 2325
b66e0e86 2326 /* If this is a CONNECT, don't schedule a read - ssl.c will handle it */
2327 if (http->request->method == METHOD_CONNECT)
2328 context->mayUseConnection(true);
fc68f6b1 2329
b66e0e86 2330 /* Do we expect a request-body? */
2331 if (!context->mayUseConnection() && request->content_length > 0) {
5f8252d2 2332 request->body_pipe = conn->expectRequestBody(request->content_length);
2333
2334 // consume header early so that body pipe gets just the body
1cf238db 2335 connNoteUseOfBuffer(conn, http->req_sz);
5f8252d2 2336 notedUseOfBuffer = true;
2337
10b06767 2338 conn->handleRequestBodyData(); // may comm_close and stop producing
3b299123 2339
62e76326 2340 /* Is it too large? */
2341
2342 if (!clientIsRequestBodyValid(request->content_length) ||
2343 clientIsRequestBodyTooLargeForPolicy(request->content_length)) {
2344 clientStreamNode *node = context->getClientReplyContext();
0655fa4d 2345 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2346 assert (repContext);
2347 repContext->setReplyToError(ERR_TOO_BIG,
2348 HTTP_REQUEST_ENTITY_TOO_LARGE, METHOD_NONE, NULL,
cc192b50 2349 conn->peer, http->request, NULL, NULL);
62e76326 2350 assert(context->http->out.offset == 0);
2351 context->pullData();
5f8252d2 2352 goto finish;
62e76326 2353 }
2354
10b06767
AJ		 2355 if (!request->body_pipe->productionEnded())
2356 conn->readSomeData();
2357
2358 context->mayUseConnection(!request->body_pipe->productionEnded());
c4b7a5a9 2359 }
2360
de31d06f 2361 http->calloutContext = new ClientRequestContext(http);
2362
2363 http->doCallouts();
9e008dda 2364
4c29340e 2365finish:
5f8252d2 2366 if (!notedUseOfBuffer)
1cf238db 2367 connNoteUseOfBuffer(conn, http->req_sz);
52c2c8a8 2368
2369 /*
2370 * DPW 2007-05-18
2371 * Moved the TCP_RESET feature from clientReplyContext::sendMoreData
2372 * to here because calling comm_reset_close() causes http to
2373 * be freed and the above connNoteUseOfBuffer() would hit an
2374 * assertion, not to mention that we were accessing freed memory.
2375 */
2376 if (http->request->flags.resetTCP() && conn->fd > -1) {
9e008dda
AJ		 2377 debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd);
2378 conn->flags.readMoreRequests = false;
2379 comm_reset_close(conn->fd);
2380 return;
52c2c8a8 2381 }
c4b7a5a9 2382}
2383
2384static void
1cf238db 2385connStripBufferWhitespace (ConnStateData * conn)
c4b7a5a9 2386{
2387 while (conn->in.notYetUsed > 0 && xisspace(conn->in.buf[0])) {
62e76326 2388 xmemmove(conn->in.buf, conn->in.buf + 1, conn->in.notYetUsed - 1);
2389 --conn->in.notYetUsed;
c4b7a5a9 2390 }
2391}
2392
2393static int
1cf238db 2394connOkToAddRequest(ConnStateData * conn)
c4b7a5a9 2395{
0655fa4d 2396 int result = conn->getConcurrentRequestCount() < (Config.onoff.pipeline_prefetch ? 2 : 1);
62e76326 2397
c4b7a5a9 2398 if (!result) {
bf8fe701 2399 debugs(33, 3, "connOkToAddRequest: FD " << conn->fd <<
2400 " max concurrent requests reached");
2401 debugs(33, 5, "connOkToAddRequest: FD " << conn->fd <<
2402 " defering new request until one is done");
c4b7a5a9 2403 }
62e76326 2404
c4b7a5a9 2405 return result;
2406}
2407
63be0a78 2408/**
3b299123 2409 * bodySizeLeft
2410 *
2411 * Report on the number of bytes of body content that we
2412 * know are yet to be read on this connection.
2413 */
3e62bd58 2414int64_t
3b299123 2415ConnStateData::bodySizeLeft()
2416{
5f8252d2 2417 // XXX: this logic will not work for chunked requests with unknown sizes
fc68f6b1 2418
5f8252d2 2419 if (bodyPipe != NULL)
2420 return bodyPipe->unproducedSize();
3b299123 2421
2422 return 0;
2423}
2424
63be0a78 2425/**
f900210a 2426 * Attempt to parse one or more requests from the input buffer.
2427 * If a request is successfully parsed, even if the next request
2428 * is only partially parsed, it will return TRUE.
2429 * do_next_read is updated to indicate whether a read should be
2430 * scheduled.
2431 */
2432static bool
1cf238db 2433clientParseRequest(ConnStateData * conn, bool &do_next_read)
f900210a 2434{
60745f24 2435 HttpRequestMethod method;
f900210a 2436 ClientSocketContext *context;
2437 bool parsed_req = false;
8ae66e43 2438 HttpVersion http_ver;
a5baffba 2439 HttpParser hp;
f900210a 2440
bf8fe701 2441 debugs(33, 5, "clientParseRequest: FD " << conn->fd << ": attempting to parse");
f900210a 2442
3b299123 2443 while (conn->in.notYetUsed > 0 && conn->bodySizeLeft() == 0) {
f900210a 2444 connStripBufferWhitespace (conn);
2445
fc68f6b1 2446 /* Don't try to parse if the buffer is empty */
2447
2448 if (conn->in.notYetUsed == 0)
2449 break;
4681057e 2450
f900210a 2451 /* Limit the number of concurrent requests to 2 */
2452
2453 if (!connOkToAddRequest(conn)) {
2454 break;
2455 }
2456
2457 /* Should not be needed anymore */
2458 /* Terminate the string */
2459 conn->in.buf[conn->in.notYetUsed] = '\0';
2460
fc68f6b1 2461 /* Begin the parsing */
2462 HttpParserInit(&hp, conn->in.buf, conn->in.notYetUsed);
a5baffba 2463
f900210a 2464 /* Process request */
fc68f6b1 2465 PROF_start(parseHttpRequest);
2466
a5baffba 2467 context = parseHttpRequest(conn, &hp, &method, &http_ver);
fc68f6b1 2468
2469 PROF_stop(parseHttpRequest);
f900210a 2470
2471 /* partial or incomplete request */
2472 if (!context) {
f900210a 2473
2474 if (!connKeepReadingIncompleteRequest(conn))
2475 connCancelIncompleteRequests(conn);
2476
2477 break;
2478 }
2479
2480 /* status -1 or 1 */
2481 if (context) {
bf8fe701 2482 debugs(33, 5, "clientParseRequest: FD " << conn->fd << ": parsed a request");
f900210a 2483 commSetTimeout(conn->fd, Config.Timeout.lifetime, clientLifetimeTimeout,
2484 context->http);
2485
a5baffba 2486 clientProcessRequest(conn, &hp, context, method, http_ver);
f900210a 2487
f900210a 2488 parsed_req = true;
2489
2490 if (context->mayUseConnection()) {
bf8fe701 2491 debugs(33, 3, "clientParseRequest: Not reading, as this request may need the connection");
f900210a 2492 do_next_read = 0;
2493 break;
2494 }
2495
2496 if (!conn->flags.readMoreRequests) {
48962ba8 2497 conn->flags.readMoreRequests = true;
f900210a 2498 break;
2499 }
2500
3b299123 2501 continue; /* while offset > 0 && conn->bodySizeLeft() == 0 */
f900210a 2502 }
3b299123 2503 } /* while offset > 0 && conn->bodySizeLeft() == 0 */
fc68f6b1 2504
a5baffba 2505 /* XXX where to 'finish' the parsing pass? */
f900210a 2506
2507 return parsed_req;
2508}
2509
1cf238db 2510void
2511ConnStateData::clientReadRequest(const CommIoCbParams &io)
c4b7a5a9 2512{
1cf238db 2513 debugs(33,5,HERE << "clientReadRequest FD " << io.fd << " size " << io.size);
2514 reading(false);
a46d2c0e 2515 bool do_next_read = 1; /* the default _is_ to read data! - adrian */
c4b7a5a9 2516
1cf238db 2517 assert (io.fd == fd);
c4b7a5a9 2518
2519 /* Bail out quickly on COMM_ERR_CLOSING - close handlers will tidy up */
62e76326 2520
1cf238db 2521 if (io.flag == COMM_ERR_CLOSING) {
cc192b50 2522 debugs(33,5, HERE << " FD " << fd << " closing Bailout.");
c4b7a5a9 2523 return;
2524 }
62e76326 2525
44db45e8 2526 /*
2527 * Don't reset the timeout value here. The timeout value will be
2528 * set to Config.Timeout.request by httpAccept() and
2529 * clientWriteComplete(), and should apply to the request as a
2530 * whole, not individual read() calls. Plus, it breaks our
2531 * lame half-close detection
2532 */
1cf238db 2533 if (connReadWasError(io.flag, io.size, io.xerrno)) {
62e76326 2534 comm_close(fd);
2535 return;
7a2f978b 2536 }
c4b7a5a9 2537
1cf238db 2538 if (io.flag == COMM_OK) {
2539 if (io.size > 0) {
2540 kb_incr(&statCounter.client_http.kbytes_in, io.size);
3b299123 2541
1cf238db 2542 handleReadData(io.buf, io.size);
95ac44e6 2543
9e008dda
AJ		 2544 /* The above may close the connection under our feets */
2545 if (!isOpen())
2546 return;
a31a78fb 2547
1cf238db 2548 } else if (io.size == 0) {
bf8fe701 2549 debugs(33, 5, "clientReadRequest: FD " << fd << " closed?");
62e76326 2550
1cf238db 2551 if (connFinishedWithConn(io.size)) {
62e76326 2552 comm_close(fd);
2553 return;
2554 }
2555
2556 /* It might be half-closed, we can't tell */
2557 fd_table[fd].flags.socket_eof = 1;
2558
a46d2c0e 2559 commMarkHalfClosed(fd);
2560
2561 do_next_read = 0;
62e76326 2562
2563 fd_note(fd, "half-closed");
2564
2565 /* There is one more close check at the end, to detect aborted
2566 * (partial) requests. At this point we can't tell if the request
2567 * is partial.
2568 */
2569 /* Continue to process previously read data */
2570 }
c4b7a5a9 2571 }
2572
94439e4e 2573 /* Process next request */
1cf238db 2574 if (getConcurrentRequestCount() == 0)
2575 fd_note(fd, "Reading next request");
c8be6d7b 2576
1cf238db 2577 if (! clientParseRequest(this, do_next_read)) {
9e008dda
AJ		 2578 if (!isOpen())
2579 return;
f900210a 2580 /*
2581 * If the client here is half closed and we failed
2582 * to parse a request, close the connection.
2583 * The above check with connFinishedWithConn() only
2584 * succeeds _if_ the buffer is empty which it won't
2585 * be if we have an incomplete request.
6e1d409c 2586 * XXX: This duplicates ClientSocketContext::keepaliveNextRequest
f900210a 2587 */
1cf238db 2588 if (getConcurrentRequestCount() == 0 && commIsHalfClosed(fd)) {
bf8fe701 2589 debugs(33, 5, "clientReadRequest: FD " << fd << ": half-closed connection, no completed request parsed, connection closing.");
f900210a 2590 comm_close(fd);
ee6f0213 2591 return;
62e76326 2592 }
f900210a 2593 }
ee6f0213 2594
1cf238db 2595 if (!isOpen())
2e216b1d 2596 return;
2597
1cf238db 2598 clientAfterReadingRequests(do_next_read);
94439e4e 2599}
2600
63be0a78 2601/**
2602 * called when new request data has been read from the socket
2603 */
5f8252d2 2604void
2605ConnStateData::handleReadData(char *buf, size_t size)
94439e4e 2606{
5f8252d2 2607 char *current_buf = in.addressToReadInto();
62e76326 2608
5f8252d2 2609 if (buf != current_buf)
2610 xmemmove(current_buf, buf, size);
3b299123 2611
5f8252d2 2612 in.notYetUsed += size;
fc68f6b1 2613
5f8252d2 2614 in.buf[in.notYetUsed] = '\0'; /* Terminate the string */
3b299123 2615
5f8252d2 2616 // if we are reading a body, stuff data into the body pipe
2617 if (bodyPipe != NULL)
2618 handleRequestBodyData();
94439e4e 2619}
2620
63be0a78 2621/**
2622 * called when new request body data has been buffered in in.buf
2623 * may close the connection if we were closing and piped everything out
2624 */
5f8252d2 2625void
2626ConnStateData::handleRequestBodyData()
94439e4e 2627{
5f8252d2 2628 assert(bodyPipe != NULL);
2629
2630 if (const size_t putSize = bodyPipe->putMoreData(in.buf, in.notYetUsed))
2631 connNoteUseOfBuffer(this, putSize);
2632
2633 if (!bodyPipe->mayNeedMoreData()) {
2634 // BodyPipe will clear us automagically when we produced everything
2635 bodyPipe = NULL;
2636
2637 debugs(33,5, HERE << "produced entire request body for FD " << fd);
62e76326 2638
5f8252d2 2639 if (closing()) {
2640 /* we've finished reading like good clients,
2641 * now do the close that initiateClose initiated.
2642 *
2643 * XXX: do we have to close? why not check keepalive et.
2644 *
2645 * XXX: To support chunked requests safely, we need to handle
2646 * the case of an endless request. This if-statement does not,
2647 * because mayNeedMoreData is true if request size is not known.
2648 */
2649 comm_close(fd);
2650 }
94439e4e 2651 }
5f8252d2 2652}
55e44db9 2653
5f8252d2 2654void
1cf238db 2655ConnStateData::noteMoreBodySpaceAvailable(BodyPipe::Pointer )
5f8252d2 2656{
2657 handleRequestBodyData();
2658}
2659
2660void
1cf238db 2661ConnStateData::noteBodyConsumerAborted(BodyPipe::Pointer )
5f8252d2 2662{
2663 if (!closing())
2664 startClosing("body consumer aborted");
94439e4e 2665}
2666
63be0a78 2667/** general lifetime handler for HTTP requests */
1cf238db 2668void
2669ConnStateData::requestTimeout(const CommTimeoutCbParams &io)
7a2f978b 2670{
ad63ceea 2671#if THIS_CONFUSES_PERSISTENT_CONNECTION_AWARE_BROWSERS_AND_USERS
1cf238db 2672 debugs(33, 3, "requestTimeout: FD " << io.fd << ": lifetime is expired.");
62e76326 2673
1cf238db 2674 if (COMMIO_FD_WRITECB(io.fd)->active) {
dec5db5d 2675 /* FIXME: If this code is reinstated, check the conn counters,
2676 * not the fd table state
2677 */
62e76326 2678 /*
2679 * Some data has been sent to the client, just close the FD
2680 */
1cf238db 2681 comm_close(io.fd);
2682 } else if (nrequests) {
62e76326 2683 /*
2684 * assume its a persistent connection; just close it
2685 */
1cf238db 2686 comm_close(io.fd);
7a2f978b 2687 } else {
62e76326 2688 /*
2689 * Generate an error
2690 */
59a1efb2 2691 ClientHttpRequest **H;
62e76326 2692 clientStreamNode *node;
59a1efb2 2693 ClientHttpRequest *http =
1cf238db 2694 parseHttpRequestAbort(this, "error:Connection%20lifetime%20expired");
62e76326 2695 node = http->client_stream.tail->prev->data;
0655fa4d 2696 clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
2697 assert (repContext);
2698 repContext->setReplyToError(ERR_LIFETIME_EXP,
1cf238db 2699 HTTP_REQUEST_TIMEOUT, METHOD_NONE, "N/A", &peer.sin_addr,
0655fa4d 2700 NULL, NULL, NULL);
62e76326 2701 /* No requests can be outstanded */
1cf238db 2702 assert(chr == NULL);
62e76326 2703 /* add to the client request queue */
2704
3d0ac046 2705 for (H = &chr; *H; H = &(*H)->next);
62e76326 2706 *H = http;
2707
2708 clientStreamRead(http->client_stream.tail->data, http, 0,
2709 HTTP_REQBUF_SZ, context->reqbuf);
2710
2711 /*
2712 * if we don't close() here, we still need a timeout handler!
2713 */
9e008dda
AJ		 2714 typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
2715 AsyncCall::Pointer timeoutCall = asyncCall(33, 5, "ConnStateData::requestTimeout",
2716 TimeoutDialer(this,&ConnStateData::requestTimeout));
2717 commSetTimeout(io.fd, 30, timeoutCall);
62e76326 2718
2719 /*
2720 * Aha, but we don't want a read handler!
2721 */
1cf238db 2722 commSetSelect(io.fd, COMM_SELECT_READ, NULL, NULL, 0);
7a2f978b 2723 }
62e76326 2724
af57a2e3 2725#else
2726 /*
62e76326 2727 * Just close the connection to not confuse browsers
2728 * using persistent connections. Some browsers opens
2729 * an connection and then does not use it until much
2730 * later (presumeably because the request triggering
2731 * the open has already been completed on another
2732 * connection)
2733 */
1cf238db 2734 debugs(33, 3, "requestTimeout: FD " << io.fd << ": lifetime is expired.");
62e76326 2735
1cf238db 2736 comm_close(io.fd);
62e76326 2737
af57a2e3 2738#endif
7a2f978b 2739}
2740
1cf238db 2741
2742
b5c39993 2743static void
2744clientLifetimeTimeout(int fd, void *data)
2745{
59a1efb2 2746 ClientHttpRequest *http = (ClientHttpRequest *)data;
cc192b50 2747 debugs(33, 1, "WARNING: Closing client " << http->getConn()->peer << " connection due to lifetime timeout");
bf8fe701 2748 debugs(33, 1, "\t" << http->uri);
b5c39993 2749 comm_close(fd);
2750}
2751
a46d2c0e 2752static bool
2753okToAccept()
7a2f978b 2754{
3d6629c6 2755 static time_t last_warn = 0;
62e76326 2756
3d6629c6 2757 if (fdNFree() >= RESERVED_FD)
a46d2c0e 2758 return true;
62e76326 2759
3d6629c6 2760 if (last_warn + 15 < squid_curtime) {
aefecdd3 2761 debugs(33, 0, HERE << "WARNING! Your cache is running out of filedescriptors");
62e76326 2762 last_warn = squid_curtime;
3d6629c6 2763 }
62e76326 2764
a46d2c0e 2765 return false;
7a2f978b 2766}
2767
c8be6d7b 2768ConnStateData *
23f6a720 2769connStateCreate(const IpAddress &peer, const IpAddress &me, int fd, http_port_list *port)
c8be6d7b 2770{
a46d2c0e 2771 ConnStateData *result = new ConnStateData;
2ad20b4f 2772
cc192b50 2773 result->peer = peer;
2774 result->log_addr = peer;
2775 result->log_addr.ApplyMask(Config.Addrs.client_netmask.GetCIDR());
2776 result->me = me;
c8be6d7b 2777 result->fd = fd;
e6ccf245 2778 result->in.buf = (char *)memAllocBuf(CLIENT_REQ_BUF_SZ, &result->in.allocatedSize);
3f38a55e 2779 result->port = cbdataReference(port);
62e76326 2780
9e008dda 2781 if (port->intercepted || port->spoof_client_ip) {
ad61a2b4 2782 IpAddress client, dst;
62e76326 2783
85944c1c 2784 if (IpInterceptor.NatLookup(fd, me, peer, client, dst) == 0) {
482a5c64
AJ		 2785 result->me = client;
2786 result->peer = dst;
a46d2c0e 2787 result->transparent(true);
62e76326 2788 }
3f38a55e 2789 }
62e76326 2790
5529ca8a 2791 if (port->disable_pmtu_discovery != DISABLE_PMTU_OFF &&
9e008dda 2792 (result->transparent() || port->disable_pmtu_discovery == DISABLE_PMTU_ALWAYS)) {
5529ca8a 2793#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
2794 int i = IP_PMTUDISC_DONT;
2795 setsockopt(fd, SOL_IP, IP_MTU_DISCOVER, &i, sizeof i);
2796
2797#else
2798
2799 static int reported = 0;
2800
2801 if (!reported) {
bf8fe701 2802 debugs(33, 1, "Notice: httpd_accel_no_pmtu_disc not supported on your platform");
5529ca8a 2803 reported = 1;
2804 }
2805
2806#endif
2807
2808 }
2809
48962ba8 2810 result->flags.readMoreRequests = true;
c8be6d7b 2811 return result;
2812}
2813
63be0a78 2814/** Handle a new connection on HTTP socket. */
7a2f978b 2815void
ee0989f2 2816httpAccept(int sock, int newfd, ConnectionDetail *details,
62e76326 2817 comm_err_t flag, int xerrno, void *data)
7a2f978b 2818{
3f38a55e 2819 http_port_list *s = (http_port_list *)data;
7a2f978b 2820 ConnStateData *connState = NULL;
02d1422b 2821
2822 if (flag == COMM_ERR_CLOSING) {
2823 return;
2824 }
2825
a46d2c0e 2826 if (!okToAccept())
2827 AcceptLimiter::Instance().defer (sock, httpAccept, data);
2828 else
2829 /* kick off another one for later */
2830 comm_accept(sock, httpAccept, data);
c4b7a5a9 2831
62e76326 2832 if (flag != COMM_OK) {
bf8fe701 2833 debugs(33, 1, "httpAccept: FD " << sock << ": accept failure: " << xstrerr(xerrno));
62e76326 2834 return;
2835 }
2836
bf8fe701 2837 debugs(33, 4, "httpAccept: FD " << newfd << ": accepted");
62e76326 2838 fd_note(newfd, "client http connect");
1cf238db 2839 connState = connStateCreate(&details->peer, &details->me, newfd, s);
2840
2841 typedef CommCbMemFunT<ConnStateData, CommCloseCbParams> Dialer;
2842 AsyncCall::Pointer call = asyncCall(33, 5, "ConnStateData::connStateClosed",
9e008dda 2843 Dialer(connState, &ConnStateData::connStateClosed));
1cf238db 2844 comm_add_close_handler(newfd, call);
62e76326 2845
2846 if (Config.onoff.log_fqdn)
cc192b50 2847 fqdncache_gethostbyaddr(details->peer, FQDN_LOOKUP_IF_MISS);
62e76326 2848
9e008dda
AJ		 2849 typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
2850 AsyncCall::Pointer timeoutCall = asyncCall(33, 5, "ConnStateData::requestTimeout",
2851 TimeoutDialer(connState,&ConnStateData::requestTimeout));
2852 commSetTimeout(newfd, Config.Timeout.read, timeoutCall);
62e76326 2853
3898f57f 2854#if USE_IDENT
62e76326 2855
2856 ACLChecklist identChecklist;
2857
cc192b50 2858 identChecklist.src_addr = details->peer;
62e76326 2859
cc192b50 2860 identChecklist.my_addr = details->me;
62e76326 2861
506768d9 2862 identChecklist.accessList = cbdataReference(Config.accessList.identLookup);
b448c119 2863
108d65b2 2864 /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */
2865
b448c119 2866 if (identChecklist.fastCheck())
cc192b50 2867 identStart(details->me, details->peer, clientIdentDone, connState);
b448c119 2868
3898f57f 2869#endif
62e76326 2870
b2130d58 2871 if (s->tcp_keepalive.enabled) {
9e008dda 2872 commSetTcpKeepalive(newfd, s->tcp_keepalive.idle, s->tcp_keepalive.interval, s->tcp_keepalive.timeout);
b2130d58 2873 }
2874
a46d2c0e 2875 connState->readSomeData();
62e76326 2876
cc192b50 2877 clientdbEstablished(details->peer, 1);
62e76326 2878
2879 incoming_sockets_accepted++;
7a2f978b 2880}
2881
1f7c9178 2882#if USE_SSL
2883
63be0a78 2884/** Create SSL connection structure and update fd_table */
ae7ff0b8 2885static SSL *
2886httpsCreate(int newfd, ConnectionDetail *details, SSL_CTX *sslContext)
2887{
2888 SSL *ssl = SSL_new(sslContext);
2889
2890 if (!ssl) {
2891 const int ssl_error = ERR_get_error();
2892 debugs(83, 1, "httpsAccept: Error allocating handle: " << ERR_error_string(ssl_error, NULL) );
2893 comm_close(newfd);
2894 return NULL;
2895 }
2896
2897 SSL_set_fd(ssl, newfd);
2898 fd_table[newfd].ssl = ssl;
2899 fd_table[newfd].read_method = &ssl_read_method;
2900 fd_table[newfd].write_method = &ssl_write_method;
2901
2902 debugs(33, 5, "httpsCreate: will negotate SSL on FD " << newfd);
2903 fd_note(newfd, "client https start");
2904
2905 return ssl;
2906}
2907
63be0a78 2908/** negotiate an SSL connection */
1f7c9178 2909static void
2910clientNegotiateSSL(int fd, void *data)
2911{
e6ccf245 2912 ConnStateData *conn = (ConnStateData *)data;
1f7c9178 2913 X509 *client_cert;
a7ad6e4e 2914 SSL *ssl = fd_table[fd].ssl;
1f7c9178 2915 int ret;
2916
a7ad6e4e 2917 if ((ret = SSL_accept(ssl)) <= 0) {
62e76326 2918 int ssl_error = SSL_get_error(ssl, ret);
2919
2920 switch (ssl_error) {
2921
2922 case SSL_ERROR_WANT_READ:
2923 commSetSelect(fd, COMM_SELECT_READ, clientNegotiateSSL, conn, 0);
2924 return;
2925
2926 case SSL_ERROR_WANT_WRITE:
2927 commSetSelect(fd, COMM_SELECT_WRITE, clientNegotiateSSL, conn, 0);
2928 return;
2929
6de9e64b 2930 case SSL_ERROR_SYSCALL:
2931
2932 if (ret == 0) {
bf8fe701 2933 debugs(83, 2, "clientNegotiateSSL: Error negotiating SSL connection on FD " << fd << ": Aborted by client");
6de9e64b 2934 comm_close(fd);
2935 return;
2936 } else {
2937 int hard = 1;
2938
2939 if (errno == ECONNRESET)
2940 hard = 0;
2941
9e008dda 2942 debugs(83, hard ? 1 : 2, "clientNegotiateSSL: Error negotiating SSL connection on FD " <<
bf8fe701 2943 fd << ": " << strerror(errno) << " (" << errno << ")");
6de9e64b 2944
2945 comm_close(fd);
2946
2947 return;
2948 }
2949
2950 case SSL_ERROR_ZERO_RETURN:
bf8fe701 2951 debugs(83, 1, "clientNegotiateSSL: Error negotiating SSL connection on FD " << fd << ": Closed by client");
6de9e64b 2952 comm_close(fd);
2953 return;
2954
62e76326 2955 default:
9e008dda
AJ		 2956 debugs(83, 1, "clientNegotiateSSL: Error negotiating SSL connection on FD " <<
2957 fd << ": " << ERR_error_string(ERR_get_error(), NULL) <<
2958 " (" << ssl_error << "/" << ret << ")");
62e76326 2959 comm_close(fd);
2960 return;
2961 }
2962
2963 /* NOTREACHED */
1f7c9178 2964 }
62e76326 2965
6de9e64b 2966 if (SSL_session_reused(ssl)) {
bf8fe701 2967 debugs(83, 2, "clientNegotiateSSL: Session " << SSL_get_session(ssl) <<
2968 " reused on FD " << fd << " (" << fd_table[fd].ipaddr << ":" << (int)fd_table[fd].remote_port << ")");
6de9e64b 2969 } else {
2970 if (do_debug(83, 4)) {
2971 /* Write out the SSL session details.. actually the call below, but
2972 * OpenSSL headers do strange typecasts confusing GCC.. */
2973 /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */
afdd443f 2974#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L
9f3de01a 2975 PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *)SSL_get_session(ssl), NULL,NULL,0,NULL,NULL);
2930f303 2976
0fd2205b 2977#elif (ALLOW_ALWAYS_SSL_SESSION_DETAIL == 1)
2930f303 2978
0fd2205b 2979 /* When using gcc 3.3.x and OpenSSL 0.9.7x sometimes a compile error can occur here.
2980 * This is caused by an unpredicatble gcc behaviour on a cast of the first argument
2981 * of PEM_ASN1_write(). For this reason this code section is disabled. To enable it,
2982 * define ALLOW_ALWAYS_SSL_SESSION_DETAIL=1.
2983 * Because there are two possible usable cast, if you get an error here, try the other
2984 * commented line. */
2985
2986 PEM_ASN1_write((int(*)())i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *)SSL_get_session(ssl), NULL,NULL,0,NULL,NULL);
2987 /* PEM_ASN1_write((int(*)(...))i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *)SSL_get_session(ssl), NULL,NULL,0,NULL,NULL); */
2930f303 2988
0e33d58c 2989#else
2990
bf8fe701 2991 debugs(83, 4, "With " OPENSSL_VERSION_TEXT ", session details are available only defining ALLOW_ALWAYS_SSL_SESSION_DETAIL=1 in the source." );
0fd2205b 2992
0e33d58c 2993#endif
6de9e64b 2994 /* Note: This does not automatically fflush the log file.. */
2995 }
2996
bf8fe701 2997 debugs(83, 2, "clientNegotiateSSL: New session " <<
2998 SSL_get_session(ssl) << " on FD " << fd << " (" <<
2999 fd_table[fd].ipaddr << ":" << (int)fd_table[fd].remote_port <<
3000 ")");
6de9e64b 3001 }
3002
bf8fe701 3003 debugs(83, 3, "clientNegotiateSSL: FD " << fd << " negotiated cipher " <<
3004 SSL_get_cipher(ssl));
1f7c9178 3005
6de9e64b 3006 client_cert = SSL_get_peer_certificate(ssl);
62e76326 3007
1f7c9178 3008 if (client_cert != NULL) {
bf8fe701 3009 debugs(83, 3, "clientNegotiateSSL: FD " << fd <<
3010 " client certificate: subject: " <<
3011 X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0));
3012
3013 debugs(83, 3, "clientNegotiateSSL: FD " << fd <<
3014 " client certificate: issuer: " <<
3015 X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0));
1f7c9178 3016
1f7c9178 3017
62e76326 3018 X509_free(client_cert);
1f7c9178 3019 } else {
bf8fe701 3020 debugs(83, 5, "clientNegotiateSSL: FD " << fd <<
3021 " has no certificate.");
1f7c9178 3022 }
3023
a46d2c0e 3024 conn->readSomeData();
1f7c9178 3025}
3026
63be0a78 3027/** handle a new HTTPS connection */
1f7c9178 3028static void
15595aab 3029httpsAccept(int sock, int newfd, ConnectionDetail *details,
62e76326 3030 comm_err_t flag, int xerrno, void *data)
1f7c9178 3031{
3f38a55e 3032 https_port_list *s = (https_port_list *)data;
3033 SSL_CTX *sslContext = s->sslContext;
c4b7a5a9 3034
02d1422b 3035 if (flag == COMM_ERR_CLOSING) {
3036 return;
3037 }
3038
a46d2c0e 3039 if (!okToAccept())
3040 AcceptLimiter::Instance().defer (sock, httpsAccept, data);
3041 else
3042 /* kick off another one for later */
3043 comm_accept(sock, httpsAccept, data);
3044
c4b7a5a9 3045 if (flag != COMM_OK) {
62e76326 3046 errno = xerrno;
bf8fe701 3047 debugs(33, 1, "httpsAccept: FD " << sock << ": accept failure: " << xstrerr(xerrno));
62e76326 3048 return;
c4b7a5a9 3049 }
62e76326 3050
ae7ff0b8 3051 SSL *ssl = NULL;
3052 if (!(ssl = httpsCreate(newfd, details, sslContext)))
62e76326 3053 return;
94c3d66f 3054
1cf238db 3055 debugs(33, 5, "httpsAccept: FD " << newfd << " accepted, starting SSL negotiation.");
3056 fd_note(newfd, "client https connect");
ae7ff0b8 3057 ConnStateData *connState = connStateCreate(details->peer, details->me,
9e008dda 3058 newfd, &s->http);
1cf238db 3059 typedef CommCbMemFunT<ConnStateData, CommCloseCbParams> Dialer;
3060 AsyncCall::Pointer call = asyncCall(33, 5, "ConnStateData::connStateClosed",
9e008dda 3061 Dialer(connState, &ConnStateData::connStateClosed));
1cf238db 3062 comm_add_close_handler(newfd, call);
62e76326 3063
c4b7a5a9 3064 if (Config.onoff.log_fqdn)
cc192b50 3065 fqdncache_gethostbyaddr(details->peer, FQDN_LOOKUP_IF_MISS);
62e76326 3066
9e008dda
AJ		 3067 typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
3068 AsyncCall::Pointer timeoutCall = asyncCall(33, 5, "ConnStateData::requestTimeout",
3069 TimeoutDialer(connState,&ConnStateData::requestTimeout));
3070 commSetTimeout(newfd, Config.Timeout.request, timeoutCall);
62e76326 3071
1f7c9178 3072#if USE_IDENT
62e76326 3073
8000a965 3074 ACLChecklist identChecklist;
62e76326 3075
cc192b50 3076 identChecklist.src_addr = details->peer;
62e76326 3077
cc192b50 3078 identChecklist.my_addr = details->me;
62e76326 3079
506768d9 3080 identChecklist.accessList = cbdataReference(Config.accessList.identLookup);
010af6e6 3081
108d65b2 3082 /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */
3083
010af6e6 3084 if (identChecklist.fastCheck())
cc192b50 3085 identStart(details->me, details->peer, clientIdentDone, connState);
62e76326 3086
1f7c9178 3087#endif
62e76326 3088
b2130d58 3089 if (s->http.tcp_keepalive.enabled) {
9e008dda 3090 commSetTcpKeepalive(newfd, s->http.tcp_keepalive.idle, s->http.tcp_keepalive.interval, s->http.tcp_keepalive.timeout);
b2130d58 3091 }
3092
c4b7a5a9 3093 commSetSelect(newfd, COMM_SELECT_READ, clientNegotiateSSL, connState, 0);
62e76326 3094
cc192b50 3095 clientdbEstablished(details->peer, 1);
62e76326 3096
3f38a55e 3097 incoming_sockets_accepted++;
1f7c9178 3098}
3099
ae7ff0b8 3100bool
3101ConnStateData::switchToHttps()
3102{
3103 assert(!switchedToHttps_);
3104
3105 //HTTPMSGLOCK(currentobject->http->request);
3106 assert(areAllContextsForThisConnection());
3107 freeAllContexts();
3108 //currentobject->connIsFinished();
3109
3110 debugs(33, 5, HERE << "converting FD " << fd << " to SSL");
3111
3112 // fake a ConnectionDetail object; XXX: make ConnState a ConnectionDetail?
3113 ConnectionDetail detail;
3114 detail.me = me;
3115 detail.peer = peer;
3116
3117 SSL_CTX *sslContext = port->sslContext;
3118 SSL *ssl = NULL;
3119 if (!(ssl = httpsCreate(fd, &detail, sslContext)))
3120 return false;
3121
3122 // commSetTimeout() was called for this request before we switched.
3123
3124 // Disable the client read handler until peer selection is complete
3125 commSetSelect(fd, COMM_SELECT_READ, NULL, NULL, 0);
3126
3127 commSetSelect(fd, COMM_SELECT_READ, clientNegotiateSSL, this, 0);
3128
3129 switchedToHttps_ = true;
3130 return true;
3131}
3132
1f7c9178 3133#endif /* USE_SSL */
3134
15df8349 3135
d193a436 3136static void
15df8349 3137clientHttpConnectionsOpen(void)
3138{
cc192b50 3139 http_port_list *s = NULL;
3140 int fd = -1;
ae7ff0b8 3141#if USE_SSL
3142 int bumpCount = 0; // counts http_ports with sslBump option
3143#endif
62e76326 3144
7e3ce7b9 3145 for (s = Config.Sockaddr.http; s; s = s->next) {
62e76326 3146 if (MAXHTTPPORTS == NHttpSockets) {
bf8fe701 3147 debugs(1, 1, "WARNING: You have too many 'http_port' lines.");
3148 debugs(1, 1, " The limit is " << MAXHTTPPORTS);
62e76326 3149 continue;
3150 }
3151
ae7ff0b8 3152#if USE_SSL
3153 if (s->sslBump && s->sslContext == NULL) {
3154 debugs(1, 1, "Will not bump SSL at http_port " <<
3155 s->http.s << " due to SSL initialization failure.");
3156 s->sslBump = 0;
3157 }
3158 if (s->sslBump)
3159 ++bumpCount;
3160#endif
3161
62e76326 3162 enter_suid();
c303f6e3 3163
9e008dda 3164 if (s->spoof_client_ip) {
c303f6e3 3165 fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, s->s, (COMM_NONBLOCKING|COMM_TRANSPARENT), 0, "HTTP Socket");
2ad20b4f 3166 } else {
c303f6e3
AJ		 3167 fd = comm_open(SOCK_STREAM, IPPROTO_TCP, s->s, COMM_NONBLOCKING, "HTTP Socket");
3168 }
3169
62e76326 3170 leave_suid();
3171
3172 if (fd < 0)
3173 continue;
3174
3175 comm_listen(fd);
3176
3177 comm_accept(fd, httpAccept, s);
3178
bf8fe701 3179 debugs(1, 1, "Accepting " <<
2ad20b4f 3180 (s->intercepted ? " intercepted" : "") <<
f165d2fb 3181 (s->spoof_client_ip ? " spoofing" : "") <<
2ad20b4f 3182 (s->sslBump ? " bumpy" : "") <<
9e008dda 3183 (s->accel ? " accelerated" : "")
cc192b50 3184 << " HTTP connections at " << s->s
3185 << ", FD " << fd << "." );
62e76326 3186
3187 HttpSockets[NHttpSockets++] = fd;
15df8349 3188 }
ae7ff0b8 3189
3190#if USE_SSL
3191 if (bumpCount && !Config.accessList.ssl_bump)
3192 debugs(33, 1, "WARNING: http_port(s) with SslBump found, but no " <<
9e008dda
AJ		 3193 std::endl << "\tssl_bump ACL configured. No requests will be " <<
3194 "bumped.");
ae7ff0b8 3195#endif
d193a436 3196}
3197
3198#if USE_SSL
3199static void
3200clientHttpsConnectionsOpen(void)
3201{
3202 https_port_list *s;
d193a436 3203 int fd;
62e76326 3204
3f38a55e 3205 for (s = Config.Sockaddr.https; s; s = (https_port_list *)s->http.next) {
62e76326 3206 if (MAXHTTPPORTS == NHttpSockets) {
ae7ff0b8 3207 debugs(1, 1, "Ignoring 'https_port' lines exceeding the limit.");
3208 debugs(1, 1, "The limit is " << MAXHTTPPORTS << " HTTPS ports.");
62e76326 3209 continue;
3210 }
3211
f9ad0106 3212 if (s->sslContext == NULL) {
ae7ff0b8 3213 debugs(1, 1, "Ignoring https_port " << s->http.s <<
3214 " due to SSL initialization failure.");
3215 continue;
f9ad0106 3216 }
3217
62e76326 3218 enter_suid();
3219 fd = comm_open(SOCK_STREAM,
bdb741f4 3220 IPPROTO_TCP,
cc192b50 3221 s->http.s,
3222 COMM_NONBLOCKING, "HTTPS Socket");
62e76326 3223 leave_suid();
3224
3225 if (fd < 0)
3226 continue;
3227
3228 comm_listen(fd);
3229
3230 comm_accept(fd, httpsAccept, s);
3231
cc192b50 3232 debugs(1, 1, "Accepting HTTPS connections at " << s->http.s << ", FD " << fd << ".");
62e76326 3233
3234 HttpSockets[NHttpSockets++] = fd;
1f7c9178 3235 }
d193a436 3236}
3237
3238#endif
3239
3240void
3241clientOpenListenSockets(void)
3242{
3243 clientHttpConnectionsOpen();
3244#if USE_SSL
62e76326 3245
d193a436 3246 clientHttpsConnectionsOpen();
1f7c9178 3247#endif
62e76326 3248
15df8349 3249 if (NHttpSockets < 1)
62e76326 3250 fatal("Cannot open HTTP Port");
15df8349 3251}
edce4d98 3252
c0fbae16 3253void
3254clientHttpConnectionsClose(void)
3255{
3256 int i;
62e76326 3257
c0fbae16 3258 for (i = 0; i < NHttpSockets; i++) {
62e76326 3259 if (HttpSockets[i] >= 0) {
bf8fe701 3260 debugs(1, 1, "FD " << HttpSockets[i] <<
3261 " Closing HTTP connection");
62e76326 3262 comm_close(HttpSockets[i]);
3263 HttpSockets[i] = -1;
3264 }
c0fbae16 3265 }
62e76326 3266
c0fbae16 3267 NHttpSockets = 0;
3268}
f66a9ef4 3269
3270int
190154cf 3271varyEvaluateMatch(StoreEntry * entry, HttpRequest * request)
f66a9ef4 3272{
3273 const char *vary = request->vary_headers;
a9925b40 3274 int has_vary = entry->getReply()->header.has(HDR_VARY);
f66a9ef4 3275#if X_ACCELERATOR_VARY
62e76326 3276
edce4d98 3277 has_vary |=
a9925b40 3278 entry->getReply()->header.has(HDR_X_ACCELERATOR_VARY);
f66a9ef4 3279#endif
62e76326 3280
f66a9ef4 3281 if (!has_vary || !entry->mem_obj->vary_headers) {
62e76326 3282 if (vary) {
3283 /* Oops... something odd is going on here.. */
9e008dda
AJ		 3284 debugs(33, 1, "varyEvaluateMatch: Oops. Not a Vary object on second attempt, '" <<
3285 entry->mem_obj->url << "' '" << vary << "'");
62e76326 3286 safe_free(request->vary_headers);
3287 return VARY_CANCEL;
3288 }
3289
3290 if (!has_vary) {
3291 /* This is not a varying object */
3292 return VARY_NONE;
3293 }
3294
3295 /* virtual "vary" object found. Calculate the vary key and
3296 * continue the search
3297 */
3298 vary = httpMakeVaryMark(request, entry->getReply());
3299
3300 if (vary) {
3301 request->vary_headers = xstrdup(vary);
3302 return VARY_OTHER;
3303 } else {
3304 /* Ouch.. we cannot handle this kind of variance */
3305 /* XXX This cannot really happen, but just to be complete */
3306 return VARY_CANCEL;
3307 }
f66a9ef4 3308 } else {
62e76326 3309 if (!vary) {
3310 vary = httpMakeVaryMark(request, entry->getReply());
3311
3312 if (vary)
3313 request->vary_headers = xstrdup(vary);
3314 }
3315
3316 if (!vary) {
3317 /* Ouch.. we cannot handle this kind of variance */
3318 /* XXX This cannot really happen, but just to be complete */
3319 return VARY_CANCEL;
3320 } else if (strcmp(vary, entry->mem_obj->vary_headers) == 0) {
3321 return VARY_MATCH;
3322 } else {
3323 /* Oops.. we have already been here and still haven't
3324 * found the requested variant. Bail out
3325 */
bf8fe701 3326 debugs(33, 1, "varyEvaluateMatch: Oops. Not a Vary match on second attempt, '" <<
9e008dda 3327 entry->mem_obj->url << "' '" << vary << "'");
62e76326 3328 return VARY_CANCEL;
3329 }
f66a9ef4 3330 }
3331}
28d4805a 3332
4fb35c3c 3333ACLChecklist *
59a1efb2 3334clientAclChecklistCreate(const acl_access * acl, ClientHttpRequest * http)
28d4805a 3335{
4fb35c3c 3336 ACLChecklist *ch;
1cf238db 3337 ConnStateData * conn = http->getConn();
3338 ch = aclChecklistCreate(acl, http->request, cbdataReferenceValid(conn) && conn != NULL ? conn->rfc931 : dash_str);
28d4805a 3339
3340 /*
3341 * hack for ident ACL. It needs to get full addresses, and a place to store
3342 * the ident result on persistent connections...
3343 */
3344 /* connection oriented auth also needs these two lines for it's operation. */
3345 /*
3346 * Internal requests do not have a connection reference, because: A) their
3347 * byte count may be transformed before being applied to an outbound
3348 * connection B) they are internal - any limiting on them should be done on
3349 * the server end.
3350 */
62e76326 3351
1cf238db 3352 if (conn != NULL)
a2ac85d9 3353 ch->conn(conn); /* unreferenced in acl.cc */
28d4805a 3354
3355 return ch;
3356}
a46d2c0e 3357
3358CBDATA_CLASS_INIT(ConnStateData);
3359
1cf238db 3360ConnStateData::ConnStateData() :AsyncJob("ConnStateData"), transparent_ (false), reading_ (false), closing_ (false)
b65351fa 3361{
d67acb4e
AJ		 3362 pinning.fd = -1;
3363 pinning.pinned = false;
3364 pinning.auth = false;
b65351fa 3365}
a46d2c0e 3366
3367bool
3368ConnStateData::transparent() const
3369{
3370 return transparent_;
3371}
3372
3373void
3374ConnStateData::transparent(bool const anInt)
3375{
3376 transparent_ = anInt;
3377}
3378
3379bool
3380ConnStateData::reading() const
3381{
3382 return reading_;
3383}
3384
3385void
3386ConnStateData::reading(bool const newBool)
3387{
3388 assert (reading() != newBool);
3389 reading_ = newBool;
3390}
3391
5f8252d2 3392
3393BodyPipe::Pointer
3e62bd58 3394ConnStateData::expectRequestBody(int64_t size)
5f8252d2 3395{
3396 bodyPipe = new BodyPipe(this);
3397 bodyPipe->setBodySize(size);
3398 return bodyPipe;
3399}
3400
55e44db9 3401bool
3402ConnStateData::closing() const
3403{
3404 return closing_;
3405}
3406
63be0a78 3407/**
3408 * Called by ClientSocketContext to give the connection a chance to read
3409 * the entire body before closing the socket.
3410 */
55e44db9 3411void
5f8252d2 3412ConnStateData::startClosing(const char *reason)
55e44db9 3413{
5f8252d2 3414 debugs(33, 5, HERE << "startClosing " << this << " for " << reason);
3415 assert(!closing());
3416 closing_ = true;
3417
3418 assert(bodyPipe != NULL);
3419 assert(bodySizeLeft() > 0);
3420
3421 // We do not have to abort the body pipeline because we are going to
3422 // read the entire body anyway.
3423 // Perhaps an ICAP server wants to log the complete request.
3424
3425 // If a consumer abort have caused this closing, we may get stuck
3426 // as nobody is consuming our data. Allow auto-consumption.
3427 bodyPipe->enableAutoConsumption();
55e44db9 3428}
3429
a46d2c0e 3430char *
3431ConnStateData::In::addressToReadInto() const
3432{
3433 return buf + notYetUsed;
3434}
3435
3436ConnStateData::In::In() : buf (NULL), notYetUsed (0), allocatedSize (0)
3437{}
3438
3439ConnStateData::In::~In()
3440{
3441 if (allocatedSize)
3442 memFreeBuf(allocatedSize, buf);
3443}
d67acb4e
AJ		 3444
3445/* This is a comm call normally scheduled by comm_close() */
3446void
3447ConnStateData::clientPinnedConnectionClosed(const CommCloseCbParams &io)
3448{
3449 pinning.fd = -1;
3450 if (pinning.peer) {
9e008dda 3451 cbdataReferenceDone(pinning.peer);
d67acb4e
AJ		 3452 }
3453 safe_free(pinning.host);
3454 /* NOTE: pinning.pinned should be kept. This combined with fd == -1 at the end of a request indicates that the host
3455 * connection has gone away */
3456}
3457
9e008dda
AJ		 3458void ConnStateData::pinConnection(int pinning_fd, HttpRequest *request, struct peer *peer, bool auth)
3459{
d67acb4e
AJ		 3460 fde *f;
3461 char desc[FD_DESC_SZ];
3462
3463 if (pinning.fd == pinning_fd)
9e008dda 3464 return;
d67acb4e 3465 else if (pinning.fd != -1)
9e008dda
AJ		 3466 comm_close(pinning.fd);
3467
3468 if (pinning.host)
3469 safe_free(pinning.host);
3470
d67acb4e
AJ		 3471 pinning.fd = pinning_fd;
3472 pinning.host = xstrdup(request->GetHost());
3473 pinning.port = request->port;
3474 pinning.pinned = true;
3475 if (pinning.peer)
9e008dda 3476 cbdataReferenceDone(pinning.peer);
d67acb4e 3477 if (peer)
9e008dda 3478 pinning.peer = cbdataReference(peer);
d67acb4e
AJ		 3479 pinning.auth = auth;
3480 f = &fd_table[fd];
3481 snprintf(desc, FD_DESC_SZ, "%s pinned connection for %s:%d (%d)",
9e008dda 3482 (auth || !peer) ? request->GetHost() : peer->name, f->ipaddr, (int) f->remote_port, fd);
d67acb4e 3483 fd_note(pinning_fd, desc);
9e008dda 3484
d67acb4e
AJ		 3485 typedef CommCbMemFunT<ConnStateData, CommCloseCbParams> Dialer;
3486 pinning.closeHandler = asyncCall(33, 5, "ConnStateData::clientPinnedConnectionClosed",
9e008dda 3487 Dialer(this, &ConnStateData::clientPinnedConnectionClosed));
d67acb4e
AJ		 3488 comm_add_close_handler(pinning_fd, pinning.closeHandler);
3489
3490}
3491
3492int ConnStateData::validatePinnedConnection(HttpRequest *request, const struct peer *peer)
3493{
3494 bool valid = true;
3495 if (pinning.fd < 0)
9e008dda
AJ		 3496 return -1;
3497
d67acb4e 3498 if (pinning.auth && request && strcasecmp(pinning.host, request->GetHost()) != 0) {
9e008dda 3499 valid = false;
d67acb4e 3500 }
9e008dda
AJ		 3501 if (request && pinning.port != request->port) {
3502 valid = false;
d67acb4e 3503 }
9e008dda
AJ		 3504 if (pinning.peer && !cbdataReferenceValid(pinning.peer)) {
3505 valid = false;
d67acb4e 3506 }
9e008dda
AJ		 3507 if (peer != pinning.peer) {
3508 valid = false;
d67acb4e
AJ		 3509 }
3510
9e008dda
AJ		 3511 if (!valid) {
3512 int pinning_fd=pinning.fd;
3513 /* The pinning info is not safe, remove any pinning info*/
3514 unpinConnection();
d67acb4e 3515
9e008dda
AJ		 3516 /* also close the server side socket, we should not use it for invalid/unauthenticated
3517 requests...
3518 */
3519 comm_close(pinning_fd);
3520 return -1;
d67acb4e
AJ		 3521 }
3522
3523 return pinning.fd;
3524}
3525
3526void ConnStateData::unpinConnection()
3527{
9e008dda
AJ		 3528 if (pinning.peer)
3529 cbdataReferenceDone(pinning.peer);
d67acb4e 3530
9e008dda
AJ		 3531 if (pinning.closeHandler != NULL) {
3532 comm_remove_close_handler(pinning.fd, pinning.closeHandler);
3533 pinning.closeHandler = NULL;
d67acb4e
AJ		 3534 }
3535 pinning.fd = -1;
3536 safe_free(pinning.host);
3537}
Mirror of https://github.com/squid-cache/squid.git