]>
Commit | Line | Data |
---|---|---|
04f55905 AJ |
1 | /* |
2 | * DEBUG: section 5 Listener Socket Handler | |
3 | * AUTHOR: Harvest Derived | |
4 | * | |
5 | * SQUID Web Proxy Cache http://www.squid-cache.org/ | |
6 | * ---------------------------------------------------------- | |
7 | * | |
8 | * Squid is the result of efforts by numerous individuals from | |
9 | * the Internet community; see the CONTRIBUTORS file for full | |
10 | * details. Many organizations have provided support for Squid's | |
11 | * development; see the SPONSORS file for full details. Squid is | |
12 | * Copyrighted (C) 2001 by the Regents of the University of | |
13 | * California; see the COPYRIGHT file for full details. Squid | |
14 | * incorporates software developed and/or copyrighted by other | |
15 | * sources; see the CREDITS file for full details. | |
16 | * | |
17 | * This program is free software; you can redistribute it and/or modify | |
18 | * it under the terms of the GNU General Public License as published by | |
19 | * the Free Software Foundation; either version 2 of the License, or | |
20 | * (at your option) any later version. | |
21 | * | |
22 | * This program is distributed in the hope that it will be useful, | |
23 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
24 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
25 | * GNU General Public License for more details. | |
26 | * | |
27 | * You should have received a copy of the GNU General Public License | |
28 | * along with this program; if not, write to the Free Software | |
29 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
30 | * | |
31 | * | |
32 | * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org> | |
33 | */ | |
34 | ||
35 | #include "squid.h" | |
36 | #include "CommCalls.h" | |
37 | #include "comm/AcceptLimiter.h" | |
38 | #include "comm/comm_internal.h" | |
39 | #include "comm/ListenStateData.h" | |
40 | #include "ConnectionDetail.h" | |
41 | #include "fde.h" | |
5511c78a | 42 | #include "protos.h" |
04f55905 AJ |
43 | #include "SquidTime.h" |
44 | ||
04f55905 AJ |
45 | /** |
46 | * New-style listen and accept routines | |
47 | * | |
48 | * Listen simply registers our interest in an FD for listening, | |
49 | * and accept takes a callback to call when an FD has been | |
50 | * accept()ed. | |
51 | */ | |
273f66c4 AJ |
52 | void |
53 | Comm::ListenStateData::setListen() | |
04f55905 AJ |
54 | { |
55 | int x; | |
56 | ||
273f66c4 AJ |
57 | if ((x = listen(fd, Squid_MaxFD >> 2)) < 0) { |
58 | debugs(50, 0, HERE << "listen(FD " << fd << ", " << (Squid_MaxFD >> 2) << "): " << xstrerror()); | |
59 | errcode = x; | |
60 | return; | |
04f55905 AJ |
61 | } |
62 | ||
63 | if (Config.accept_filter && strcmp(Config.accept_filter, "none") != 0) { | |
64 | #ifdef SO_ACCEPTFILTER | |
65 | struct accept_filter_arg afa; | |
66 | bzero(&afa, sizeof(afa)); | |
273f66c4 | 67 | debugs(5, DBG_IMPORTANT, "Installing accept filter '" << Config.accept_filter << "' on FD " << fd); |
04f55905 | 68 | xstrncpy(afa.af_name, Config.accept_filter, sizeof(afa.af_name)); |
273f66c4 | 69 | x = setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)); |
04f55905 AJ |
70 | if (x < 0) |
71 | debugs(5, DBG_CRITICAL, "SO_ACCEPTFILTER '" << Config.accept_filter << "': '" << xstrerror()); | |
72 | #elif defined(TCP_DEFER_ACCEPT) | |
73 | int seconds = 30; | |
74 | if (strncmp(Config.accept_filter, "data=", 5) == 0) | |
75 | seconds = atoi(Config.accept_filter + 5); | |
273f66c4 | 76 | x = setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &seconds, sizeof(seconds)); |
04f55905 AJ |
77 | if (x < 0) |
78 | debugs(5, DBG_CRITICAL, "TCP_DEFER_ACCEPT '" << Config.accept_filter << "': '" << xstrerror()); | |
79 | #else | |
80 | debugs(5, DBG_CRITICAL, "accept_filter not supported on your OS"); | |
81 | #endif | |
82 | } | |
04f55905 AJ |
83 | } |
84 | ||
85 | Comm::ListenStateData::ListenStateData(int aFd, AsyncCall::Pointer &call, bool accept_many) : | |
86 | fd(aFd), | |
87 | theCallback(call), | |
88 | mayAcceptMore(accept_many) | |
89 | { | |
90 | assert(aFd >= 0); | |
91 | debugs(5, 5, HERE << "FD " << fd << " AsyncCall: " << call); | |
92 | assert(isOpen(aFd)); | |
273f66c4 | 93 | setListen(); |
04f55905 AJ |
94 | commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0); |
95 | } | |
96 | ||
97 | Comm::ListenStateData::~ListenStateData() | |
98 | { | |
04f55905 AJ |
99 | comm_close(fd); |
100 | fd = -1; | |
101 | } | |
102 | ||
103 | /** | |
104 | * This private callback is called whenever a filedescriptor is ready | |
105 | * to dupe itself and fob off an accept()ed connection | |
106 | * | |
107 | * It will either do that accept operation. Or if there are not enough FD | |
108 | * available to do the clone safely will push the listening FD into a list | |
109 | * of deferred operations. The list gets kicked and the dupe/accept() actually | |
110 | * done later when enough sockets become available. | |
111 | */ | |
112 | void | |
113 | Comm::ListenStateData::doAccept(int fd, void *data) | |
114 | { | |
115 | debugs(5, 2, HERE << "New connection on FD " << fd); | |
116 | ||
117 | assert(isOpen(fd)); | |
118 | ListenStateData *afd = static_cast<ListenStateData*>(data); | |
119 | ||
120 | if (!okToAccept()) { | |
121 | AcceptLimiter::Instance().defer(afd); | |
122 | } | |
123 | else { | |
124 | afd->acceptNext(); | |
125 | } | |
126 | commSetSelect(fd, COMM_SELECT_READ, Comm::ListenStateData::doAccept, afd, 0); | |
127 | } | |
128 | ||
129 | bool | |
130 | Comm::ListenStateData::okToAccept() | |
131 | { | |
132 | static time_t last_warn = 0; | |
133 | ||
134 | if (fdNFree() >= RESERVED_FD) | |
135 | return true; | |
136 | ||
137 | if (last_warn + 15 < squid_curtime) { | |
138 | debugs(5, DBG_CRITICAL, "WARNING! Your cache is running out of filedescriptors"); | |
139 | last_warn = squid_curtime; | |
140 | } | |
141 | ||
142 | return false; | |
143 | } | |
144 | ||
145 | bool | |
146 | Comm::ListenStateData::acceptOne() | |
147 | { | |
148 | /* | |
149 | * We don't worry about running low on FDs here. Instead, | |
150 | * doAccept() will use AcceptLimiter if we reach the limit | |
151 | * there. | |
152 | */ | |
153 | ||
154 | /* Accept a new connection */ | |
155 | ConnectionDetail connDetails; | |
156 | int newfd = oldAccept(connDetails); | |
157 | ||
158 | /* Check for errors */ | |
159 | if (newfd < 0) { | |
160 | ||
161 | if (newfd == COMM_NOMESSAGE) { | |
162 | /* register interest again */ | |
163 | debugs(5, 5, HERE << "try later: FD " << fd << " handler: " << *theCallback); | |
164 | commSetSelect(fd, COMM_SELECT_READ, doAccept, this, 0); | |
165 | return false; | |
166 | } | |
167 | ||
168 | // A non-recoverable error; notify the caller */ | |
169 | debugs(5, 5, HERE << "non-recoverable error: FD " << fd << " handler: " << *theCallback); | |
170 | notify(-1, COMM_ERROR, errno, connDetails); | |
171 | return false; | |
172 | } | |
173 | ||
174 | debugs(5, 5, HERE << "accepted: FD " << fd << | |
175 | " newfd: " << newfd << " from: " << connDetails.peer << | |
176 | " handler: " << *theCallback); | |
177 | notify(newfd, COMM_OK, 0, connDetails); | |
178 | return true; | |
179 | } | |
180 | ||
181 | void | |
182 | Comm::ListenStateData::acceptNext() | |
183 | { | |
184 | assert(isOpen(fd)); | |
185 | debugs(5, 2, HERE << "connection on FD " << fd); | |
186 | mayAcceptMore = acceptOne(); | |
187 | } | |
188 | ||
189 | void | |
190 | Comm::ListenStateData::notify(int newfd, comm_err_t errcode, int xerrno, const ConnectionDetail &connDetails) | |
191 | { | |
192 | // listener socket handlers just abandon the port with COMM_ERR_CLOSING | |
193 | // it should only happen when this object is deleted... | |
194 | if (errcode == COMM_ERR_CLOSING) { | |
195 | return; | |
196 | } | |
197 | ||
198 | if (theCallback != NULL) { | |
199 | typedef CommAcceptCbParams Params; | |
200 | Params ¶ms = GetCommParams<Params>(theCallback); | |
201 | params.fd = fd; | |
202 | params.nfd = newfd; | |
203 | params.details = connDetails; | |
204 | params.flag = errcode; | |
205 | params.xerrno = xerrno; | |
206 | ScheduleCallHere(theCallback); | |
207 | if (!mayAcceptMore) | |
208 | theCallback = NULL; | |
209 | } | |
210 | } | |
211 | ||
212 | /** | |
213 | * accept() and process | |
273f66c4 AJ |
214 | * Wait for an incoming connection on FD. |
215 | */ | |
04f55905 AJ |
216 | int |
217 | Comm::ListenStateData::oldAccept(ConnectionDetail &details) | |
218 | { | |
219 | PROF_start(comm_accept); | |
220 | statCounter.syscalls.sock.accepts++; | |
221 | int sock; | |
222 | struct addrinfo *gai = NULL; | |
223 | details.me.InitAddrInfo(gai); | |
224 | ||
225 | if ((sock = accept(fd, gai->ai_addr, &gai->ai_addrlen)) < 0) { | |
226 | ||
227 | details.me.FreeAddrInfo(gai); | |
228 | ||
229 | PROF_stop(comm_accept); | |
230 | ||
231 | if (ignoreErrno(errno)) { | |
232 | debugs(50, 5, HERE << "FD " << fd << ": " << xstrerror()); | |
233 | return COMM_NOMESSAGE; | |
234 | } else if (ENFILE == errno || EMFILE == errno) { | |
235 | debugs(50, 3, HERE << "FD " << fd << ": " << xstrerror()); | |
236 | return COMM_ERROR; | |
237 | } else { | |
238 | debugs(50, 1, HERE << "FD " << fd << ": " << xstrerror()); | |
239 | return COMM_ERROR; | |
240 | } | |
241 | } | |
242 | ||
243 | details.peer = *gai; | |
244 | ||
5511c78a AJ |
245 | if ( Config.client_ip_max_connections >= 0) { |
246 | if (clientdbEstablished(details.peer, 0) > Config.client_ip_max_connections) { | |
247 | debugs(50, DBG_IMPORTANT, "WARNING: " << details.peer << " attempting more than " << Config.client_ip_max_connections << " connections."); | |
248 | details.me.FreeAddrInfo(gai); | |
249 | return COMM_ERROR; | |
250 | } | |
251 | } | |
252 | ||
04f55905 AJ |
253 | details.me.InitAddrInfo(gai); |
254 | ||
255 | details.me.SetEmpty(); | |
256 | getsockname(sock, gai->ai_addr, &gai->ai_addrlen); | |
257 | details.me = *gai; | |
258 | ||
259 | commSetCloseOnExec(sock); | |
260 | ||
261 | /* fdstat update */ | |
262 | fd_open(sock, FD_SOCKET, "HTTP Request"); | |
263 | ||
264 | fdd_table[sock].close_file = NULL; | |
265 | fdd_table[sock].close_line = 0; | |
266 | ||
267 | fde *F = &fd_table[sock]; | |
268 | details.peer.NtoA(F->ipaddr,MAX_IPSTRLEN); | |
269 | F->remote_port = details.peer.GetPort(); | |
270 | F->local_addr.SetPort(details.me.GetPort()); | |
271 | #if USE_IPV6 | |
272 | F->sock_family = AF_INET; | |
273 | #else | |
274 | F->sock_family = details.me.IsIPv4()?AF_INET:AF_INET6; | |
275 | #endif | |
276 | details.me.FreeAddrInfo(gai); | |
277 | ||
278 | commSetNonBlocking(sock); | |
279 | ||
280 | /* IFF the socket is (tproxy) transparent, pass the flag down to allow spoofing */ | |
281 | F->flags.transparent = fd_table[fd].flags.transparent; | |
282 | ||
283 | PROF_stop(comm_accept); | |
284 | return sock; | |
285 | } |