[thirdparty/squid.git] / src / comm / ListenStateData.cc

/*
 * DEBUG: section 5     Listener Socket Handler
 * AUTHOR: Harvest Derived
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 *
 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
 */

#include "squid.h"
#include "CommCalls.h"
#include "comm/AcceptLimiter.h"
#include "comm/comm_internal.h"
#include "comm/ListenStateData.h"
#include "ConnectionDetail.h"
#include "fde.h"
#include "protos.h"
#include "SquidTime.h"

/**
 * New-style listen and accept routines
 *
 * Listen simply registers our interest in an FD for listening,
 * and accept takes a callback to call when an FD has been
 * accept()ed.
 */
void
Comm::ListenStateData::setListen()
{
    int x;

    if ((x = listen(fd, Squid_MaxFD >> 2)) < 0) {
        debugs(50, 0, HERE << "listen(FD " << fd << ", " << (Squid_MaxFD >> 2) << "): " << xstrerror());
        errcode = x;
        return;
    }

    if (Config.accept_filter && strcmp(Config.accept_filter, "none") != 0) {
#ifdef SO_ACCEPTFILTER
        struct accept_filter_arg afa;
        bzero(&afa, sizeof(afa));
        debugs(5, DBG_IMPORTANT, "Installing accept filter '" << Config.accept_filter << "' on FD " << fd);
        xstrncpy(afa.af_name, Config.accept_filter, sizeof(afa.af_name));
        x = setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
        if (x < 0)
            debugs(5, DBG_CRITICAL, "SO_ACCEPTFILTER '" << Config.accept_filter << "': '" << xstrerror());
#elif defined(TCP_DEFER_ACCEPT)
        int seconds = 30;
        if (strncmp(Config.accept_filter, "data=", 5) == 0)
            seconds = atoi(Config.accept_filter + 5);
        x = setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &seconds, sizeof(seconds));
        if (x < 0)
            debugs(5, DBG_CRITICAL, "TCP_DEFER_ACCEPT '" << Config.accept_filter << "': '" << xstrerror());
#else
        debugs(5, DBG_CRITICAL, "accept_filter not supported on your OS");
#endif
    }
}

Comm::ListenStateData::ListenStateData(int aFd, AsyncCall::Pointer &call, bool accept_many) :
    fd(aFd),
    theCallback(call),
    mayAcceptMore(accept_many)
{
    assert(aFd >= 0);
    debugs(5, 5, HERE << "FD " << fd << " AsyncCall: " << call);
    assert(isOpen(aFd));
    setListen();
    commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0);
}

Comm::ListenStateData::~ListenStateData()
{
    comm_close(fd);
    fd = -1;
}

/**
 * This private callback is called whenever a filedescriptor is ready
 * to dupe itself and fob off an accept()ed connection
 *
 * It will either do that accept operation. Or if there are not enough FD
 * available to do the clone safely will push the listening FD into a list
 * of deferred operations. The list gets kicked and the dupe/accept() actually
 * done later when enough sockets become available.
 */
void
Comm::ListenStateData::doAccept(int fd, void *data)
{
    debugs(5, 2, HERE << "New connection on FD " << fd);

    assert(isOpen(fd));
    ListenStateData *afd = static_cast<ListenStateData*>(data);

    if (!okToAccept()) {
        AcceptLimiter::Instance().defer(afd);
    }
    else {
        afd->acceptNext();
    }
    commSetSelect(fd, COMM_SELECT_READ, Comm::ListenStateData::doAccept, afd, 0);
}

bool
Comm::ListenStateData::okToAccept()
{
    static time_t last_warn = 0;

    if (fdNFree() >= RESERVED_FD)
        return true;

    if (last_warn + 15 < squid_curtime) {
        debugs(5, DBG_CRITICAL, "WARNING! Your cache is running out of filedescriptors");
        last_warn = squid_curtime;
    }

    return false;
}

bool
Comm::ListenStateData::acceptOne()
{
    /*
     * We don't worry about running low on FDs here.  Instead,
     * doAccept() will use AcceptLimiter if we reach the limit
     * there.
     */

    /* Accept a new connection */
    ConnectionDetail connDetails;
    int newfd = oldAccept(connDetails);

    /* Check for errors */
    if (newfd < 0) {

        if (newfd == COMM_NOMESSAGE) {
            /* register interest again */
            debugs(5, 5, HERE << "try later: FD " << fd << " handler: " << *theCallback);
            commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0);
            return false;
        }

        // A non-recoverable error; notify the caller */
        debugs(5, 5, HERE << "non-recoverable error: FD " << fd << " handler: " << *theCallback);
        notify(-1, COMM_ERROR, errno, connDetails);
        return false;
    }

    debugs(5, 5, HERE << "accepted: FD " << fd <<
           " newfd: " << newfd << " from: " << connDetails.peer <<
           " handler: " << *theCallback);
    notify(newfd, COMM_OK, 0, connDetails);
    return true;
}

void
Comm::ListenStateData::acceptNext()
{
    assert(isOpen(fd));
    debugs(5, 2, HERE << "connection on FD " << fd);
    mayAcceptMore = acceptOne();
}

void
Comm::ListenStateData::notify(int newfd, comm_err_t errcode, int xerrno, const ConnectionDetail &connDetails)
{
    // listener socket handlers just abandon the port with COMM_ERR_CLOSING
    // it should only happen when this object is deleted...
    if (errcode == COMM_ERR_CLOSING) {
        return;
    }

    if (theCallback != NULL) {
        typedef CommAcceptCbParams Params;
        Params &params = GetCommParams<Params>(theCallback);
        params.fd = fd;
        params.nfd = newfd;
        params.details = connDetails;
        params.flag = errcode;
        params.xerrno = xerrno;
        ScheduleCallHere(theCallback);
        if (!mayAcceptMore)
            theCallback = NULL;
    }
}

/**
 * accept() and process 
 * Wait for an incoming connection on FD.
 */
int
Comm::ListenStateData::oldAccept(ConnectionDetail &details)
{
    PROF_start(comm_accept);
    statCounter.syscalls.sock.accepts++;
    int sock;
    struct addrinfo *gai = NULL;
    details.me.InitAddrInfo(gai);

    if ((sock = accept(fd, gai->ai_addr, &gai->ai_addrlen)) < 0) {

        details.me.FreeAddrInfo(gai);

        PROF_stop(comm_accept);

        if (ignoreErrno(errno)) {
            debugs(50, 5, HERE << "FD " << fd << ": " << xstrerror());
            return COMM_NOMESSAGE;
        } else if (ENFILE == errno || EMFILE == errno) {
            debugs(50, 3, HERE << "FD " << fd << ": " << xstrerror());
            return COMM_ERROR;
        } else {
            debugs(50, 1, HERE << "FD " << fd << ": " << xstrerror());
            return COMM_ERROR;
        }
    }

    details.peer = *gai;

    if ( Config.client_ip_max_connections >= 0) {
        if (clientdbEstablished(details.peer, 0) > Config.client_ip_max_connections) {
            debugs(50, DBG_IMPORTANT, "WARNING: " << details.peer << " attempting more than " << Config.client_ip_max_connections << " connections.");
            details.me.FreeAddrInfo(gai);
            return COMM_ERROR;
        }
    }

    details.me.InitAddrInfo(gai);

    details.me.SetEmpty();
    getsockname(sock, gai->ai_addr, &gai->ai_addrlen);
    details.me = *gai;

    commSetCloseOnExec(sock);

    /* fdstat update */
    fd_open(sock, FD_SOCKET, "HTTP Request");

    fdd_table[sock].close_file = NULL;
    fdd_table[sock].close_line = 0;

    fde *F = &fd_table[sock];
    details.peer.NtoA(F->ipaddr,MAX_IPSTRLEN);
    F->remote_port = details.peer.GetPort();
    F->local_addr.SetPort(details.me.GetPort());
#if USE_IPV6
    F->sock_family = AF_INET;
#else
    F->sock_family = details.me.IsIPv4()?AF_INET:AF_INET6;
#endif
    details.me.FreeAddrInfo(gai);

    commSetNonBlocking(sock);

    /* IFF the socket is (tproxy) transparent, pass the flag down to allow spoofing */
    F->flags.transparent = fd_table[fd].flags.transparent;

    PROF_stop(comm_accept);
    return sock;
}
Commit	Line	Data
04f55905 AJ	1	/*
	2	* DEBUG: section 5 Listener Socket Handler
	3	* AUTHOR: Harvest Derived
	4	*
	5	* SQUID Web Proxy Cache http://www.squid-cache.org/
	6	* ----------------------------------------------------------
	7	*
	8	* Squid is the result of efforts by numerous individuals from
	9	* the Internet community; see the CONTRIBUTORS file for full
	10	* details. Many organizations have provided support for Squid's
	11	* development; see the SPONSORS file for full details. Squid is
	12	* Copyrighted (C) 2001 by the Regents of the University of
	13	* California; see the COPYRIGHT file for full details. Squid
	14	* incorporates software developed and/or copyrighted by other
	15	* sources; see the CREDITS file for full details.
	16	*
	17	* This program is free software; you can redistribute it and/or modify
	18	* it under the terms of the GNU General Public License as published by
	19	* the Free Software Foundation; either version 2 of the License, or
	20	* (at your option) any later version.
	21	*
	22	* This program is distributed in the hope that it will be useful,
	23	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	24	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	25	* GNU General Public License for more details.
	26	*
	27	* You should have received a copy of the GNU General Public License
	28	* along with this program; if not, write to the Free Software
	29	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	30	*
	31	*
	32	* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
	33	*/
	34
	35	#include "squid.h"
	36	#include "CommCalls.h"
	37	#include "comm/AcceptLimiter.h"
	38	#include "comm/comm_internal.h"
	39	#include "comm/ListenStateData.h"
	40	#include "ConnectionDetail.h"
	41	#include "fde.h"
5511c78a	42	#include "protos.h"
04f55905 AJ	43	#include "SquidTime.h"
04f55905 AJ	44
04f55905 AJ	45	/**
	46	* New-style listen and accept routines
	47	*
	48	* Listen simply registers our interest in an FD for listening,
	49	* and accept takes a callback to call when an FD has been
	50	* accept()ed.
	51	*/
273f66c4 AJ	52	void
273f66c4 AJ	53	Comm::ListenStateData::setListen()
04f55905 AJ	54	{
	55	int x;
	56
273f66c4 AJ	57	if ((x = listen(fd, Squid_MaxFD >> 2)) < 0) {
	58	debugs(50, 0, HERE << "listen(FD " << fd << ", " << (Squid_MaxFD >> 2) << "): " << xstrerror());
	59	errcode = x;
	60	return;
04f55905 AJ	61	}
	62
	63	if (Config.accept_filter && strcmp(Config.accept_filter, "none") != 0) {
	64	#ifdef SO_ACCEPTFILTER
	65	struct accept_filter_arg afa;
	66	bzero(&afa, sizeof(afa));
273f66c4	67	debugs(5, DBG_IMPORTANT, "Installing accept filter '" << Config.accept_filter << "' on FD " << fd);
04f55905	68	xstrncpy(afa.af_name, Config.accept_filter, sizeof(afa.af_name));
273f66c4	69	x = setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
04f55905 AJ	70	if (x < 0)
	71	debugs(5, DBG_CRITICAL, "SO_ACCEPTFILTER '" << Config.accept_filter << "': '" << xstrerror());
	72	#elif defined(TCP_DEFER_ACCEPT)
	73	int seconds = 30;
	74	if (strncmp(Config.accept_filter, "data=", 5) == 0)
	75	seconds = atoi(Config.accept_filter + 5);
273f66c4	76	x = setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &seconds, sizeof(seconds));
04f55905 AJ	77	if (x < 0)
	78	debugs(5, DBG_CRITICAL, "TCP_DEFER_ACCEPT '" << Config.accept_filter << "': '" << xstrerror());
	79	#else
	80	debugs(5, DBG_CRITICAL, "accept_filter not supported on your OS");
	81	#endif
	82	}
04f55905 AJ	83	}
	84
	85	Comm::ListenStateData::ListenStateData(int aFd, AsyncCall::Pointer &call, bool accept_many) :
	86	fd(aFd),
	87	theCallback(call),
	88	mayAcceptMore(accept_many)
	89	{
	90	assert(aFd >= 0);
	91	debugs(5, 5, HERE << "FD " << fd << " AsyncCall: " << call);
	92	assert(isOpen(aFd));
273f66c4	93	setListen();
04f55905 AJ	94	commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0);
	95	}
	96
	97	Comm::ListenStateData::~ListenStateData()
	98	{
04f55905 AJ	99	comm_close(fd);
	100	fd = -1;
	101	}
	102
	103	/**
	104	* This private callback is called whenever a filedescriptor is ready
	105	* to dupe itself and fob off an accept()ed connection
	106	*
	107	* It will either do that accept operation. Or if there are not enough FD
	108	* available to do the clone safely will push the listening FD into a list
	109	* of deferred operations. The list gets kicked and the dupe/accept() actually
	110	* done later when enough sockets become available.
	111	*/
	112	void
	113	Comm::ListenStateData::doAccept(int fd, void *data)
	114	{
	115	debugs(5, 2, HERE << "New connection on FD " << fd);
	116
	117	assert(isOpen(fd));
	118	ListenStateData afd = static_cast<ListenStateData>(data);
	119
	120	if (!okToAccept()) {
	121	AcceptLimiter::Instance().defer(afd);
	122	}
	123	else {
	124	afd->acceptNext();
	125	}
	126	commSetSelect(fd, COMM_SELECT_READ, Comm::ListenStateData::doAccept, afd, 0);
	127	}
	128
	129	bool
	130	Comm::ListenStateData::okToAccept()
	131	{
	132	static time_t last_warn = 0;
	133
	134	if (fdNFree() >= RESERVED_FD)
	135	return true;
	136
	137	if (last_warn + 15 < squid_curtime) {
	138	debugs(5, DBG_CRITICAL, "WARNING! Your cache is running out of filedescriptors");
	139	last_warn = squid_curtime;
	140	}
	141
	142	return false;
	143	}
	144
	145	bool
	146	Comm::ListenStateData::acceptOne()
	147	{
	148	/*
	149	* We don't worry about running low on FDs here. Instead,
	150	* doAccept() will use AcceptLimiter if we reach the limit
	151	* there.
	152	*/
	153
	154	/* Accept a new connection */
	155	ConnectionDetail connDetails;
	156	int newfd = oldAccept(connDetails);
	157
	158	/* Check for errors */
	159	if (newfd < 0) {
	160
	161	if (newfd == COMM_NOMESSAGE) {
	162	/* register interest again */
163	debugs(5, 5, HERE << "try later: FD " << fd << " handler: " << *theCallback);
164	commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0);
165	return false;
166	}
167
168	// A non-recoverable error; notify the caller */
169	debugs(5, 5, HERE << "non-recoverable error: FD " << fd << " handler: " << *theCallback);
170	notify(-1, COMM_ERROR, errno, connDetails);
171	return false;
172	}
173
174	debugs(5, 5, HERE << "accepted: FD " << fd <<
175	" newfd: " << newfd << " from: " << connDetails.peer <<
176	" handler: " << *theCallback);
177	notify(newfd, COMM_OK, 0, connDetails);
178	return true;
179	}
180
181	void
182	Comm::ListenStateData::acceptNext()
183	{
184	assert(isOpen(fd));
185	debugs(5, 2, HERE << "connection on FD " << fd);
186	mayAcceptMore = acceptOne();
187	}
188
189	void
190	Comm::ListenStateData::notify(int newfd, comm_err_t errcode, int xerrno, const ConnectionDetail &connDetails)
191	{
192	// listener socket handlers just abandon the port with COMM_ERR_CLOSING
193	// it should only happen when this object is deleted...
194	if (errcode == COMM_ERR_CLOSING) {
195	return;
196	}
197
198	if (theCallback != NULL) {
199	typedef CommAcceptCbParams Params;
200	Params &params = GetCommParams<Params>(theCallback);
201	params.fd = fd;
202	params.nfd = newfd;
203	params.details = connDetails;
204	params.flag = errcode;
205	params.xerrno = xerrno;
206	ScheduleCallHere(theCallback);
207	if (!mayAcceptMore)
208	theCallback = NULL;
209	}
210	}
211
212	/**
213	* accept() and process
273f66c4 AJ	214	* Wait for an incoming connection on FD.
273f66c4 AJ	215	*/
04f55905 AJ	216	int
	217	Comm::ListenStateData::oldAccept(ConnectionDetail &details)
	218	{
	219	PROF_start(comm_accept);
	220	statCounter.syscalls.sock.accepts++;
	221	int sock;
	222	struct addrinfo *gai = NULL;
	223	details.me.InitAddrInfo(gai);
	224
	225	if ((sock = accept(fd, gai->ai_addr, &gai->ai_addrlen)) < 0) {
	226
	227	details.me.FreeAddrInfo(gai);
	228
	229	PROF_stop(comm_accept);
	230
	231	if (ignoreErrno(errno)) {
	232	debugs(50, 5, HERE << "FD " << fd << ": " << xstrerror());
	233	return COMM_NOMESSAGE;
	234	} else if (ENFILE == errno \|\| EMFILE == errno) {
	235	debugs(50, 3, HERE << "FD " << fd << ": " << xstrerror());
	236	return COMM_ERROR;
	237	} else {
	238	debugs(50, 1, HERE << "FD " << fd << ": " << xstrerror());
	239	return COMM_ERROR;
	240	}
	241	}
	242
	243	details.peer = *gai;
	244
5511c78a AJ	245	if ( Config.client_ip_max_connections >= 0) {
	246	if (clientdbEstablished(details.peer, 0) > Config.client_ip_max_connections) {
	247	debugs(50, DBG_IMPORTANT, "WARNING: " << details.peer << " attempting more than " << Config.client_ip_max_connections << " connections.");
	248	details.me.FreeAddrInfo(gai);
	249	return COMM_ERROR;
	250	}
	251	}
	252
04f55905 AJ	253	details.me.InitAddrInfo(gai);
	254
	255	details.me.SetEmpty();
	256	getsockname(sock, gai->ai_addr, &gai->ai_addrlen);
	257	details.me = *gai;
	258
	259	commSetCloseOnExec(sock);
	260
	261	/* fdstat update */
	262	fd_open(sock, FD_SOCKET, "HTTP Request");
	263
	264	fdd_table[sock].close_file = NULL;
	265	fdd_table[sock].close_line = 0;
	266
	267	fde *F = &fd_table[sock];
	268	details.peer.NtoA(F->ipaddr,MAX_IPSTRLEN);
	269	F->remote_port = details.peer.GetPort();
	270	F->local_addr.SetPort(details.me.GetPort());
	271	#if USE_IPV6
	272	F->sock_family = AF_INET;
	273	#else
	274	F->sock_family = details.me.IsIPv4()?AF_INET:AF_INET6;
	275	#endif
	276	details.me.FreeAddrInfo(gai);
	277
	278	commSetNonBlocking(sock);
	279
	280	/* IFF the socket is (tproxy) transparent, pass the flag down to allow spoofing */
	281	F->flags.transparent = fd_table[fd].flags.transparent;
	282
	283	PROF_stop(comm_accept);
	284	return sock;
	285	}