2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 55 HTTP Header */
12 #include "base/EnumIterator.h"
15 #include "http/ContentLengthInterpreter.h"
16 #include "HttpHdrCc.h"
17 #include "HttpHdrContRange.h"
18 #include "HttpHdrScTarget.h" // also includes HttpHdrSc.h
19 #include "HttpHeader.h"
20 #include "HttpHeaderFieldInfo.h"
21 #include "HttpHeaderStat.h"
22 #include "HttpHeaderTools.h"
24 #include "mgr/Registration.h"
25 #include "profiler/Profiler.h"
27 #include "SquidConfig.h"
31 #include "TimeOrTag.h"
36 /* XXX: the whole set of API managing the entries vector should be rethought
37 * after the parse4r-ng effort is complete.
41 * On naming conventions:
43 * HTTP/1.1 defines message-header as
45 * message-header = field-name ":" [ field-value ] CRLF
47 * field-value = *( field-content | LWS )
49 * HTTP/1.1 does not give a name name a group of all message-headers in a message.
50 * Squid 1.1 seems to refer to that group _plus_ start-line as "headers".
52 * HttpHeader is an object that represents all message-headers in a message.
53 * HttpHeader does not manage start-line.
55 * HttpHeader is implemented as a collection of header "entries".
56 * An entry is a (field_id, field_name, field_value) triplet.
60 * local constants and vars
63 // statistics counters for headers. clients must not allow Http::HdrType::BAD_HDR to be counted
64 std::vector
<HttpHeaderFieldStat
> headerStatsTable(Http::HdrType::enumEnd_
);
66 /* request-only headers. Used for cachemgr */
67 static HttpHeaderMask RequestHeadersMask
; /* set run-time using RequestHeaders */
69 /* reply-only headers. Used for cachemgr */
70 static HttpHeaderMask ReplyHeadersMask
; /* set run-time using ReplyHeaders */
72 /* header accounting */
73 // NP: keep in sync with enum http_hdr_owner_type
74 static HttpHeaderStat HttpHeaderStats
[] = {
75 HttpHeaderStat(/*hoNone*/ "all", NULL
),
77 HttpHeaderStat(/*hoHtcpReply*/ "HTCP reply", &ReplyHeadersMask
),
79 HttpHeaderStat(/*hoRequest*/ "request", &RequestHeadersMask
),
80 HttpHeaderStat(/*hoReply*/ "reply", &ReplyHeadersMask
)
86 static int HttpHeaderStatCount
= countof(HttpHeaderStats
);
88 static int HeaderEntryParsedCount
= 0;
91 * forward declarations and local routines
96 // update parse statistics for header id; if error is true also account
97 // for errors and write to debug log what happened
98 static void httpHeaderNoteParsedEntry(Http::HdrType id
, String
const &value
, bool error
);
99 static void httpHeaderStatDump(const HttpHeaderStat
* hs
, StoreEntry
* e
);
100 /** store report about current header usage and other stats */
101 static void httpHeaderStoreReport(StoreEntry
* e
);
104 * Module initialization routines
108 httpHeaderRegisterWithCacheManager(void)
110 Mgr::RegisterAction("http_headers",
111 "HTTP Header Statistics",
112 httpHeaderStoreReport
, 0, 1);
116 httpHeaderInitModule(void)
118 /* check that we have enough space for masks */
119 assert(8 * sizeof(HttpHeaderMask
) >= Http::HdrType::enumEnd_
);
121 // masks are needed for stats page still
122 for (auto h
: WholeEnum
<Http::HdrType
>()) {
123 if (Http::HeaderLookupTable
.lookup(h
).request
)
124 CBIT_SET(RequestHeadersMask
,h
);
125 if (Http::HeaderLookupTable
.lookup(h
).reply
)
126 CBIT_SET(ReplyHeadersMask
,h
);
129 /* header stats initialized by class constructor */
130 assert(HttpHeaderStatCount
== hoReply
+ 1);
132 /* init dependent modules */
133 httpHdrCcInitModule();
134 httpHdrScInitModule();
136 httpHeaderRegisterWithCacheManager();
140 * HttpHeader Implementation
143 HttpHeader::HttpHeader() : owner (hoNone
), len (0), conflictingContentLength_(false)
145 httpHeaderMaskInit(&mask
, 0);
148 HttpHeader::HttpHeader(const http_hdr_owner_type anOwner
): owner(anOwner
), len(0), conflictingContentLength_(false)
150 assert(anOwner
> hoNone
&& anOwner
< hoEnd
);
151 debugs(55, 7, "init-ing hdr: " << this << " owner: " << owner
);
152 httpHeaderMaskInit(&mask
, 0);
155 HttpHeader::HttpHeader(const HttpHeader
&other
): owner(other
.owner
), len(other
.len
), conflictingContentLength_(false)
157 httpHeaderMaskInit(&mask
, 0);
158 update(&other
); // will update the mask as well
161 HttpHeader::~HttpHeader()
167 HttpHeader::operator =(const HttpHeader
&other
)
169 if (this != &other
) {
170 // we do not really care, but the caller probably does
171 assert(owner
== other
.owner
);
173 update(&other
); // will update the mask as well
175 conflictingContentLength_
= other
.conflictingContentLength_
;
184 assert(owner
> hoNone
&& owner
< hoEnd
);
185 debugs(55, 7, "cleaning hdr: " << this << " owner: " << owner
);
187 PROF_start(HttpHeaderClean
);
189 if (owner
<= hoReply
) {
191 * An unfortunate bug. The entries array is initialized
192 * such that count is set to zero. httpHeaderClean() seems to
193 * be called both when 'hdr' is created, and destroyed. Thus,
194 * we accumulate a large number of zero counts for 'hdr' before
195 * it is ever used. Can't think of a good way to fix it, except
196 * adding a state variable that indicates whether or not 'hdr'
197 * has been used. As a hack, just never count zero-sized header
200 if (!entries
.empty())
201 HttpHeaderStats
[owner
].hdrUCountDistr
.count(entries
.size());
203 ++ HttpHeaderStats
[owner
].destroyedCount
;
205 HttpHeaderStats
[owner
].busyDestroyedCount
+= entries
.size() > 0;
206 } // if (owner <= hoReply)
208 for (HttpHeaderEntry
*e
: entries
) {
211 if (!Http::any_valid_header(e
->id
)) {
212 debugs(55, DBG_CRITICAL
, "BUG: invalid entry (" << e
->id
<< "). Ignored.");
214 if (owner
<= hoReply
)
215 HttpHeaderStats
[owner
].fieldTypeDistr
.count(e
->id
);
221 httpHeaderMaskInit(&mask
, 0);
223 conflictingContentLength_
= false;
224 PROF_stop(HttpHeaderClean
);
227 /* append entries (also see httpHeaderUpdate) */
229 HttpHeader::append(const HttpHeader
* src
)
233 debugs(55, 7, "appending hdr: " << this << " += " << src
);
235 for (auto e
: src
->entries
) {
237 addEntry(e
->clone());
241 /// check whether the fresh header has any new/changed updatable fields
243 HttpHeader::needUpdate(HttpHeader
const *fresh
) const
245 for (const auto e
: fresh
->entries
) {
246 if (!e
|| skipUpdateHeader(e
->id
))
249 const char *name
= e
->name
.termedBuf();
250 if (!getByNameIfPresent(name
, strlen(name
), value
) ||
251 (value
!= fresh
->getByName(name
)))
258 HttpHeader::updateWarnings()
261 HttpHeaderPos pos
= HttpHeaderInitPos
;
263 // RFC 7234, section 4.3.4: delete 1xx warnings and retain 2xx warnings
264 while (HttpHeaderEntry
*e
= getEntry(&pos
)) {
265 if (e
->id
== Http::HdrType::WARNING
&& (e
->getInt()/100 == 1) )
271 HttpHeader::skipUpdateHeader(const Http::HdrType id
) const
273 // RFC 7234, section 4.3.4: use fields other from Warning for update
274 return id
== Http::HdrType::WARNING
;
278 HttpHeader::update(HttpHeader
const *fresh
)
281 assert(this != fresh
);
283 // Optimization: Finding whether a header field changed is expensive
284 // and probably not worth it except for collapsed revalidation needs.
285 if (Config
.onoff
.collapsed_forwarding
&& !needUpdate(fresh
))
290 const HttpHeaderEntry
*e
;
291 HttpHeaderPos pos
= HttpHeaderInitPos
;
293 while ((e
= fresh
->getEntry(&pos
))) {
294 /* deny bad guys (ok to check for Http::HdrType::OTHER) here */
296 if (skipUpdateHeader(e
->id
))
299 if (e
->id
!= Http::HdrType::OTHER
)
302 delByName(e
->name
.termedBuf());
305 pos
= HttpHeaderInitPos
;
306 while ((e
= fresh
->getEntry(&pos
))) {
307 /* deny bad guys (ok to check for Http::HdrType::OTHER) here */
309 if (skipUpdateHeader(e
->id
))
312 debugs(55, 7, "Updating header '" << Http::HeaderLookupTable
.lookup(e
->id
).name
<< "' in cached entry");
314 addEntry(e
->clone());
320 HttpHeader::parse(const char *header_start
, size_t hdrLen
)
322 const char *field_ptr
= header_start
;
323 const char *header_end
= header_start
+ hdrLen
; // XXX: remove
324 int warnOnError
= (Config
.onoff
.relaxed_header_parser
<= 0 ? DBG_IMPORTANT
: 2);
326 PROF_start(HttpHeaderParse
);
328 assert(header_start
&& header_end
);
329 debugs(55, 7, "parsing hdr: (" << this << ")" << std::endl
<< getStringPrefix(header_start
, hdrLen
));
330 ++ HttpHeaderStats
[owner
].parsedCount
;
333 if ((nulpos
= (char*)memchr(header_start
, '\0', hdrLen
))) {
334 debugs(55, DBG_IMPORTANT
, "WARNING: HTTP header contains NULL characters {" <<
335 getStringPrefix(header_start
, nulpos
-header_start
) << "}\nNULL\n{" << getStringPrefix(nulpos
+1, hdrLen
-(nulpos
-header_start
)-1));
336 PROF_stop(HttpHeaderParse
);
341 Http::ContentLengthInterpreter
clen(warnOnError
);
342 /* common format headers are "<name>:[ws]<value>" lines delimited by <CRLF>.
343 * continuation lines start with a (single) space or tab */
344 while (field_ptr
< header_end
) {
345 const char *field_start
= field_ptr
;
346 const char *field_end
;
349 const char *this_line
= field_ptr
;
350 field_ptr
= (const char *)memchr(field_ptr
, '\n', header_end
- field_ptr
);
354 PROF_stop(HttpHeaderParse
);
359 field_end
= field_ptr
;
361 ++field_ptr
; /* Move to next line */
363 if (field_end
> this_line
&& field_end
[-1] == '\r') {
364 --field_end
; /* Ignore CR LF */
366 if (owner
== hoRequest
&& field_end
> this_line
) {
368 for (const char *p
= this_line
; p
< field_end
&& cr_only
; ++p
) {
373 debugs(55, DBG_IMPORTANT
, "SECURITY WARNING: Rejecting HTTP request with a CR+ "
374 "header field to prevent request smuggling attacks: {" <<
375 getStringPrefix(header_start
, hdrLen
) << "}");
376 PROF_stop(HttpHeaderParse
);
383 /* Barf on stray CR characters */
384 if (memchr(this_line
, '\r', field_end
- this_line
)) {
385 debugs(55, warnOnError
, "WARNING: suspicious CR characters in HTTP header {" <<
386 getStringPrefix(field_start
, field_end
-field_start
) << "}");
388 if (Config
.onoff
.relaxed_header_parser
) {
389 char *p
= (char *) this_line
; /* XXX Warning! This destroys original header content and violates specifications somewhat */
391 while ((p
= (char *)memchr(p
, '\r', field_end
- p
)) != NULL
) {
396 PROF_stop(HttpHeaderParse
);
402 if (this_line
+ 1 == field_end
&& this_line
> field_start
) {
403 debugs(55, warnOnError
, "WARNING: Blank continuation line in HTTP header {" <<
404 getStringPrefix(header_start
, hdrLen
) << "}");
405 PROF_stop(HttpHeaderParse
);
409 } while (field_ptr
< header_end
&& (*field_ptr
== ' ' || *field_ptr
== '\t'));
411 if (field_start
== field_end
) {
412 if (field_ptr
< header_end
) {
413 debugs(55, warnOnError
, "WARNING: unparseable HTTP header field near {" <<
414 getStringPrefix(field_start
, hdrLen
-(field_start
-header_start
)) << "}");
415 PROF_stop(HttpHeaderParse
);
420 break; /* terminating blank line */
424 if ((e
= HttpHeaderEntry::parse(field_start
, field_end
)) == NULL
) {
425 debugs(55, warnOnError
, "WARNING: unparseable HTTP header field {" <<
426 getStringPrefix(field_start
, field_end
-field_start
) << "}");
427 debugs(55, warnOnError
, " in {" << getStringPrefix(header_start
, hdrLen
) << "}");
429 if (Config
.onoff
.relaxed_header_parser
)
432 PROF_stop(HttpHeaderParse
);
437 if (e
->id
== Http::HdrType::CONTENT_LENGTH
&& !clen
.checkField(e
->value
)) {
440 if (Config
.onoff
.relaxed_header_parser
)
441 continue; // clen has printed any necessary warnings
443 PROF_stop(HttpHeaderParse
);
448 if (e
->id
== Http::HdrType::OTHER
&& stringHasWhitespace(e
->name
.termedBuf())) {
449 debugs(55, warnOnError
, "WARNING: found whitespace in HTTP header name {" <<
450 getStringPrefix(field_start
, field_end
-field_start
) << "}");
452 if (!Config
.onoff
.relaxed_header_parser
) {
454 PROF_stop(HttpHeaderParse
);
463 if (clen
.headerWideProblem
) {
464 debugs(55, warnOnError
, "WARNING: " << clen
.headerWideProblem
<<
465 " Content-Length field values in" <<
466 Raw("header", header_start
, hdrLen
));
470 // RFC 2616 section 4.4: ignore Content-Length with Transfer-Encoding
471 // RFC 7230 section 3.3.3 #3: Transfer-Encoding overwrites Content-Length
472 delById(Http::HdrType::CONTENT_LENGTH
);
473 // and clen state becomes irrelevant
474 } else if (clen
.sawBad
) {
475 // ensure our callers do not accidentally see bad Content-Length values
476 delById(Http::HdrType::CONTENT_LENGTH
);
477 conflictingContentLength_
= true; // TODO: Rename to badContentLength_.
478 } else if (clen
.needsSanitizing
) {
479 // RFC 7230 section 3.3.2: MUST either reject or ... [sanitize];
480 // ensure our callers see a clean Content-Length value or none at all
481 delById(Http::HdrType::CONTENT_LENGTH
);
483 putInt64(Http::HdrType::CONTENT_LENGTH
, clen
.value
);
484 debugs(55, 5, "sanitized Content-Length to be " << clen
.value
);
488 PROF_stop(HttpHeaderParse
);
489 return 1; /* even if no fields where found, it is a valid header */
492 /* packs all the entries using supplied packer */
494 HttpHeader::packInto(Packable
* p
, bool mask_sensitive_info
) const
496 HttpHeaderPos pos
= HttpHeaderInitPos
;
497 const HttpHeaderEntry
*e
;
499 debugs(55, 7, this << " into " << p
<<
500 (mask_sensitive_info
? " while masking" : ""));
501 /* pack all entries one by one */
502 while ((e
= getEntry(&pos
))) {
503 if (!mask_sensitive_info
) {
508 bool maskThisEntry
= false;
510 case Http::HdrType::AUTHORIZATION
:
511 case Http::HdrType::PROXY_AUTHORIZATION
:
512 maskThisEntry
= true;
515 case Http::HdrType::FTP_ARGUMENTS
:
516 if (const HttpHeaderEntry
*cmd
= findEntry(Http::HdrType::FTP_COMMAND
))
517 maskThisEntry
= (cmd
->value
== "PASS");
524 p
->append(e
->name
.rawBuf(), e
->name
.size());
525 p
->append(": ** NOT DISPLAYED **\r\n", 23);
531 /* Pack in the "special" entries */
536 /* returns next valid entry */
538 HttpHeader::getEntry(HttpHeaderPos
* pos
) const
541 assert(*pos
>= HttpHeaderInitPos
&& *pos
< static_cast<ssize_t
>(entries
.size()));
543 for (++(*pos
); *pos
< static_cast<ssize_t
>(entries
.size()); ++(*pos
)) {
545 return static_cast<HttpHeaderEntry
*>(entries
[*pos
]);
552 * returns a pointer to a specified entry if any
553 * note that we return one entry so it does not make much sense to ask for
557 HttpHeader::findEntry(Http::HdrType id
) const
559 assert(any_registered_header(id
));
560 assert(!Http::HeaderLookupTable
.lookup(id
).list
);
562 /* check mask first */
564 if (!CBIT_TEST(mask
, id
))
567 /* looks like we must have it, do linear search */
568 for (auto e
: entries
) {
569 if (e
&& e
->id
== id
)
573 /* hm.. we thought it was there, but it was not found */
575 return nullptr; /* not reached */
579 * same as httpHeaderFindEntry
582 HttpHeader::findLastEntry(Http::HdrType id
) const
584 assert(any_registered_header(id
));
585 assert(!Http::HeaderLookupTable
.lookup(id
).list
);
587 /* check mask first */
588 if (!CBIT_TEST(mask
, id
))
591 for (auto e
= entries
.rbegin(); e
!= entries
.rend(); ++e
) {
592 if (*e
&& (*e
)->id
== id
)
596 /* hm.. we thought it was there, but it was not found */
598 return nullptr; /* not reached */
602 * deletes all fields with a given name if any, returns #fields deleted;
605 HttpHeader::delByName(const char *name
)
608 HttpHeaderPos pos
= HttpHeaderInitPos
;
610 httpHeaderMaskInit(&mask
, 0); /* temporal inconsistency */
611 debugs(55, 9, "deleting '" << name
<< "' fields in hdr " << this);
613 while ((e
= getEntry(&pos
))) {
614 if (!e
->name
.caseCmp(name
))
617 CBIT_SET(mask
, e
->id
);
623 /* deletes all entries with a given id, returns the #entries deleted */
625 HttpHeader::delById(Http::HdrType id
)
627 debugs(55, 8, this << " del-by-id " << id
);
628 assert(any_registered_header(id
));
630 if (!CBIT_TEST(mask
, id
))
635 HttpHeaderPos pos
= HttpHeaderInitPos
;
636 while (HttpHeaderEntry
*e
= getEntry(&pos
)) {
638 delAt(pos
, count
); // deletes e
647 * deletes an entry at pos and leaves a gap; leaving a gap makes it
648 * possible to iterate(search) and delete fields at the same time
649 * NOTE: Does not update the header mask. Caller must follow up with
650 * a call to refreshMask() if headers_deleted was incremented.
653 HttpHeader::delAt(HttpHeaderPos pos
, int &headers_deleted
)
656 assert(pos
>= HttpHeaderInitPos
&& pos
< static_cast<ssize_t
>(entries
.size()));
657 e
= static_cast<HttpHeaderEntry
*>(entries
[pos
]);
659 /* decrement header length, allow for ": " and crlf */
660 len
-= e
->name
.size() + 2 + e
->value
.size() + 2;
667 * Compacts the header storage
670 HttpHeader::compact()
672 // TODO: optimize removal, or possibly make it so that's not needed.
673 entries
.erase( std::remove(entries
.begin(), entries
.end(), nullptr),
678 * Refreshes the header mask. Required after delAt() calls.
681 HttpHeader::refreshMask()
683 httpHeaderMaskInit(&mask
, 0);
684 debugs(55, 7, "refreshing the mask in hdr " << this);
685 for (auto e
: entries
) {
687 CBIT_SET(mask
, e
->id
);
692 * does not call e->clone() so one should not reuse "*e"
695 HttpHeader::addEntry(HttpHeaderEntry
* e
)
698 assert(any_HdrType_enum_value(e
->id
));
699 assert(e
->name
.size());
701 debugs(55, 7, this << " adding entry: " << e
->id
<< " at " << entries
.size());
703 if (e
->id
!= Http::HdrType::BAD_HDR
) {
704 if (CBIT_TEST(mask
, e
->id
)) {
705 ++ headerStatsTable
[e
->id
].repCount
;
707 CBIT_SET(mask
, e
->id
);
711 entries
.push_back(e
);
713 /* increment header length, allow for ": " and crlf */
714 len
+= e
->name
.size() + 2 + e
->value
.size() + 2;
718 * does not call e->clone() so one should not reuse "*e"
721 HttpHeader::insertEntry(HttpHeaderEntry
* e
)
724 assert(any_valid_header(e
->id
));
726 debugs(55, 7, this << " adding entry: " << e
->id
<< " at " << entries
.size());
728 // Http::HdrType::BAD_HDR is filtered out by assert_any_valid_header
729 if (CBIT_TEST(mask
, e
->id
)) {
730 ++ headerStatsTable
[e
->id
].repCount
;
732 CBIT_SET(mask
, e
->id
);
735 entries
.insert(entries
.begin(),e
);
737 /* increment header length, allow for ": " and crlf */
738 len
+= e
->name
.size() + 2 + e
->value
.size() + 2;
742 HttpHeader::getList(Http::HdrType id
, String
*s
) const
744 debugs(55, 9, this << " joining for id " << id
);
745 /* only fields from ListHeaders array can be "listed" */
746 assert(Http::HeaderLookupTable
.lookup(id
).list
);
748 if (!CBIT_TEST(mask
, id
))
751 for (auto e
: entries
) {
752 if (e
&& e
->id
== id
)
753 strListAdd(s
, e
->value
.termedBuf(), ',');
757 * note: we might get an empty (size==0) string if there was an "empty"
758 * header. This results in an empty length String, which may have a NULL
761 /* temporary warning: remove it? (Is it useful for diagnostics ?) */
763 debugs(55, 3, "empty list header: " << Http::HeaderLookupTable
.lookup(id
).name
<< "(" << id
<< ")");
765 debugs(55, 6, this << ": joined for id " << id
<< ": " << s
);
770 /* return a list of entries with the same id separated by ',' and ws */
772 HttpHeader::getList(Http::HdrType id
) const
775 HttpHeaderPos pos
= HttpHeaderInitPos
;
776 debugs(55, 9, this << "joining for id " << id
);
777 /* only fields from ListHeaders array can be "listed" */
778 assert(Http::HeaderLookupTable
.lookup(id
).list
);
780 if (!CBIT_TEST(mask
, id
))
785 while ((e
= getEntry(&pos
))) {
787 strListAdd(&s
, e
->value
.termedBuf(), ',');
791 * note: we might get an empty (size==0) string if there was an "empty"
792 * header. This results in an empty length String, which may have a NULL
795 /* temporary warning: remove it? (Is it useful for diagnostics ?) */
797 debugs(55, 3, "empty list header: " << Http::HeaderLookupTable
.lookup(id
).name
<< "(" << id
<< ")");
799 debugs(55, 6, this << ": joined for id " << id
<< ": " << s
);
804 /* return a string or list of entries with the same id separated by ',' and ws */
806 HttpHeader::getStrOrList(Http::HdrType id
) const
810 if (Http::HeaderLookupTable
.lookup(id
).list
)
813 if ((e
= findEntry(id
)))
820 * Returns the value of the specified header and/or an undefined String.
823 HttpHeader::getByName(const char *name
) const
826 // ignore presence: return undefined string if an empty header is present
827 (void)getByNameIfPresent(name
, strlen(name
), result
);
832 HttpHeader::getByName(const SBuf
&name
) const
835 // ignore presence: return undefined string if an empty header is present
836 (void)getByNameIfPresent(name
, result
);
841 HttpHeader::getById(Http::HdrType id
) const
844 (void)getByIdIfPresent(id
,result
);
849 HttpHeader::getByNameIfPresent(const SBuf
&s
, String
&result
) const
851 return getByNameIfPresent(s
.rawContent(), s
.length(), result
);
855 HttpHeader::getByIdIfPresent(Http::HdrType id
, String
&result
) const
857 if (id
== Http::HdrType::BAD_HDR
)
861 result
= getStrOrList(id
);
866 HttpHeader::getByNameIfPresent(const char *name
, int namelen
, String
&result
) const
869 HttpHeaderPos pos
= HttpHeaderInitPos
;
874 /* First try the quick path */
875 id
= Http::HeaderLookupTable
.lookup(name
,namelen
).id
;
877 if (id
!= Http::HdrType::BAD_HDR
) {
878 if (getByIdIfPresent(id
, result
))
882 /* Sorry, an unknown header name. Do linear search */
884 while ((e
= getEntry(&pos
))) {
885 if (e
->id
== Http::HdrType::OTHER
&& e
->name
.caseCmp(name
, namelen
) == 0) {
887 strListAdd(&result
, e
->value
.termedBuf(), ',');
895 * Returns a the value of the specified list member, if any.
898 HttpHeader::getByNameListMember(const char *name
, const char *member
, const char separator
) const
901 const char *pos
= NULL
;
904 int mlen
= strlen(member
);
908 header
= getByName(name
);
912 while (strListGetItem(&header
, separator
, &item
, &ilen
, &pos
)) {
913 if (strncmp(item
, member
, mlen
) == 0 && item
[mlen
] == '=') {
914 result
.append(item
+ mlen
+ 1, ilen
- mlen
- 1);
923 * returns a the value of the specified list member, if any.
926 HttpHeader::getListMember(Http::HdrType id
, const char *member
, const char separator
) const
929 const char *pos
= NULL
;
932 int mlen
= strlen(member
);
934 assert(any_registered_header(id
));
936 header
= getStrOrList(id
);
939 while (strListGetItem(&header
, separator
, &item
, &ilen
, &pos
)) {
940 if (strncmp(item
, member
, mlen
) == 0 && item
[mlen
] == '=') {
941 result
.append(item
+ mlen
+ 1, ilen
- mlen
- 1);
950 /* test if a field is present */
952 HttpHeader::has(Http::HdrType id
) const
954 assert(any_registered_header(id
));
955 debugs(55, 9, this << " lookup for " << id
);
956 return CBIT_TEST(mask
, id
);
960 HttpHeader::putInt(Http::HdrType id
, int number
)
962 assert(any_registered_header(id
));
963 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftInt
); /* must be of an appropriate type */
965 addEntry(new HttpHeaderEntry(id
, NULL
, xitoa(number
)));
969 HttpHeader::putInt64(Http::HdrType id
, int64_t number
)
971 assert(any_registered_header(id
));
972 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftInt64
); /* must be of an appropriate type */
974 addEntry(new HttpHeaderEntry(id
, NULL
, xint64toa(number
)));
978 HttpHeader::putTime(Http::HdrType id
, time_t htime
)
980 assert(any_registered_header(id
));
981 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftDate_1123
); /* must be of an appropriate type */
983 addEntry(new HttpHeaderEntry(id
, NULL
, mkrfc1123(htime
)));
987 HttpHeader::putStr(Http::HdrType id
, const char *str
)
989 assert(any_registered_header(id
));
990 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftStr
); /* must be of an appropriate type */
992 addEntry(new HttpHeaderEntry(id
, NULL
, str
));
996 HttpHeader::putAuth(const char *auth_scheme
, const char *realm
)
998 assert(auth_scheme
&& realm
);
999 httpHeaderPutStrf(this, Http::HdrType::WWW_AUTHENTICATE
, "%s realm=\"%s\"", auth_scheme
, realm
);
1003 HttpHeader::putCc(const HttpHdrCc
* cc
)
1006 /* remove old directives if any */
1007 delById(Http::HdrType::CACHE_CONTROL
);
1013 addEntry(new HttpHeaderEntry(Http::HdrType::CACHE_CONTROL
, NULL
, mb
.buf
));
1019 HttpHeader::putContRange(const HttpHdrContRange
* cr
)
1022 /* remove old directives if any */
1023 delById(Http::HdrType::CONTENT_RANGE
);
1027 httpHdrContRangePackInto(cr
, &mb
);
1029 addEntry(new HttpHeaderEntry(Http::HdrType::CONTENT_RANGE
, NULL
, mb
.buf
));
1035 HttpHeader::putRange(const HttpHdrRange
* range
)
1038 /* remove old directives if any */
1039 delById(Http::HdrType::RANGE
);
1043 range
->packInto(&mb
);
1045 addEntry(new HttpHeaderEntry(Http::HdrType::RANGE
, NULL
, mb
.buf
));
1051 HttpHeader::putSc(HttpHdrSc
*sc
)
1054 /* remove old directives if any */
1055 delById(Http::HdrType::SURROGATE_CONTROL
);
1061 addEntry(new HttpHeaderEntry(Http::HdrType::SURROGATE_CONTROL
, NULL
, mb
.buf
));
1067 HttpHeader::putWarning(const int code
, const char *const text
)
1070 snprintf(buf
, sizeof(buf
), "%i %s \"%s\"", code
, visible_appname_string
, text
);
1071 putStr(Http::HdrType::WARNING
, buf
);
1074 /* add extension header (these fields are not parsed/analyzed/joined, etc.) */
1076 HttpHeader::putExt(const char *name
, const char *value
)
1078 assert(name
&& value
);
1079 debugs(55, 8, this << " adds ext entry " << name
<< " : " << value
);
1080 addEntry(new HttpHeaderEntry(Http::HdrType::OTHER
, name
, value
));
1084 HttpHeader::getInt(Http::HdrType id
) const
1086 assert(any_registered_header(id
));
1087 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftInt
); /* must be of an appropriate type */
1090 if ((e
= findEntry(id
)))
1097 HttpHeader::getInt64(Http::HdrType id
) const
1099 assert(any_registered_header(id
));
1100 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftInt64
); /* must be of an appropriate type */
1103 if ((e
= findEntry(id
)))
1104 return e
->getInt64();
1110 HttpHeader::getTime(Http::HdrType id
) const
1114 assert(any_registered_header(id
));
1115 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftDate_1123
); /* must be of an appropriate type */
1117 if ((e
= findEntry(id
))) {
1118 value
= parse_rfc1123(e
->value
.termedBuf());
1119 httpHeaderNoteParsedEntry(e
->id
, e
->value
, value
< 0);
1125 /* sync with httpHeaderGetLastStr */
1127 HttpHeader::getStr(Http::HdrType id
) const
1130 assert(any_registered_header(id
));
1131 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftStr
); /* must be of an appropriate type */
1133 if ((e
= findEntry(id
))) {
1134 httpHeaderNoteParsedEntry(e
->id
, e
->value
, false); /* no errors are possible */
1135 return e
->value
.termedBuf();
1143 HttpHeader::getLastStr(Http::HdrType id
) const
1146 assert(any_registered_header(id
));
1147 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftStr
); /* must be of an appropriate type */
1149 if ((e
= findLastEntry(id
))) {
1150 httpHeaderNoteParsedEntry(e
->id
, e
->value
, false); /* no errors are possible */
1151 return e
->value
.termedBuf();
1158 HttpHeader::getCc() const
1160 if (!CBIT_TEST(mask
, Http::HdrType::CACHE_CONTROL
))
1162 PROF_start(HttpHeader_getCc
);
1165 getList(Http::HdrType::CACHE_CONTROL
, &s
);
1167 HttpHdrCc
*cc
=new HttpHdrCc();
1169 if (!cc
->parse(s
)) {
1174 ++ HttpHeaderStats
[owner
].ccParsedCount
;
1177 httpHdrCcUpdateStats(cc
, &HttpHeaderStats
[owner
].ccTypeDistr
);
1179 httpHeaderNoteParsedEntry(Http::HdrType::CACHE_CONTROL
, s
, !cc
);
1181 PROF_stop(HttpHeader_getCc
);
1187 HttpHeader::getRange() const
1189 HttpHdrRange
*r
= NULL
;
1191 /* some clients will send "Request-Range" _and_ *matching* "Range"
1192 * who knows, some clients might send Request-Range only;
1193 * this "if" should work correctly in both cases;
1194 * hopefully no clients send mismatched headers! */
1196 if ((e
= findEntry(Http::HdrType::RANGE
)) ||
1197 (e
= findEntry(Http::HdrType::REQUEST_RANGE
))) {
1198 r
= HttpHdrRange::ParseCreate(&e
->value
);
1199 httpHeaderNoteParsedEntry(e
->id
, e
->value
, !r
);
1206 HttpHeader::getSc() const
1208 if (!CBIT_TEST(mask
, Http::HdrType::SURROGATE_CONTROL
))
1213 (void) getList(Http::HdrType::SURROGATE_CONTROL
, &s
);
1215 HttpHdrSc
*sc
= httpHdrScParseCreate(s
);
1217 ++ HttpHeaderStats
[owner
].ccParsedCount
;
1220 sc
->updateStats(&HttpHeaderStats
[owner
].scTypeDistr
);
1222 httpHeaderNoteParsedEntry(Http::HdrType::SURROGATE_CONTROL
, s
, !sc
);
1228 HttpHeader::getContRange() const
1230 HttpHdrContRange
*cr
= NULL
;
1233 if ((e
= findEntry(Http::HdrType::CONTENT_RANGE
))) {
1234 cr
= httpHdrContRangeParseCreate(e
->value
.termedBuf());
1235 httpHeaderNoteParsedEntry(e
->id
, e
->value
, !cr
);
1242 HttpHeader::getAuth(Http::HdrType id
, const char *auth_scheme
) const
1246 assert(auth_scheme
);
1249 if (!field
) /* no authorization field */
1252 l
= strlen(auth_scheme
);
1254 if (!l
|| strncasecmp(field
, auth_scheme
, l
)) /* wrong scheme */
1259 if (!xisspace(*field
)) /* wrong scheme */
1262 /* skip white space */
1263 for (; field
&& xisspace(*field
); ++field
);
1265 if (!*field
) /* no authorization cookie */
1268 static char decodedAuthToken
[8192];
1269 struct base64_decode_ctx ctx
;
1270 base64_decode_init(&ctx
);
1271 size_t decodedLen
= 0;
1272 if (!base64_decode_update(&ctx
, &decodedLen
, reinterpret_cast<uint8_t*>(decodedAuthToken
), strlen(field
), reinterpret_cast<const uint8_t*>(field
)) ||
1273 !base64_decode_final(&ctx
)) {
1276 decodedAuthToken
[decodedLen
] = '\0';
1277 return decodedAuthToken
;
1281 HttpHeader::getETag(Http::HdrType id
) const
1283 ETag etag
= {NULL
, -1};
1285 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftETag
); /* must be of an appropriate type */
1287 if ((e
= findEntry(id
)))
1288 etagParseInit(&etag
, e
->value
.termedBuf());
1294 HttpHeader::getTimeOrTag(Http::HdrType id
) const
1298 assert(Http::HeaderLookupTable
.lookup(id
).type
== Http::HdrFieldType::ftDate_1123_or_ETag
); /* must be of an appropriate type */
1299 memset(&tot
, 0, sizeof(tot
));
1301 if ((e
= findEntry(id
))) {
1302 const char *str
= e
->value
.termedBuf();
1303 /* try as an ETag */
1305 if (etagParseInit(&tot
.tag
, str
)) {
1306 tot
.valid
= tot
.tag
.str
!= NULL
;
1309 /* or maybe it is time? */
1310 tot
.time
= parse_rfc1123(str
);
1311 tot
.valid
= tot
.time
>= 0;
1316 assert(tot
.time
< 0 || !tot
.tag
.str
); /* paranoid */
1324 HttpHeaderEntry::HttpHeaderEntry(Http::HdrType anId
, const char *aName
, const char *aValue
)
1326 assert(any_HdrType_enum_value(anId
));
1329 if (id
!= Http::HdrType::OTHER
)
1330 name
= Http::HeaderLookupTable
.lookup(id
).name
;
1336 if (id
!= Http::HdrType::BAD_HDR
)
1337 ++ headerStatsTable
[id
].aliveCount
;
1339 debugs(55, 9, "created HttpHeaderEntry " << this << ": '" << name
<< " : " << value
);
1342 HttpHeaderEntry::~HttpHeaderEntry()
1344 debugs(55, 9, "destroying entry " << this << ": '" << name
<< ": " << value
<< "'");
1346 if (id
!= Http::HdrType::BAD_HDR
) {
1347 assert(headerStatsTable
[id
].aliveCount
);
1348 -- headerStatsTable
[id
].aliveCount
;
1349 id
= Http::HdrType::BAD_HDR
; // it already is BAD_HDR, no sense in resetting it
1354 /* parses and inits header entry, returns true/false */
1356 HttpHeaderEntry::parse(const char *field_start
, const char *field_end
)
1358 /* note: name_start == field_start */
1359 const char *name_end
= (const char *)memchr(field_start
, ':', field_end
- field_start
);
1360 int name_len
= name_end
? name_end
- field_start
:0;
1361 const char *value_start
= field_start
+ name_len
+ 1; /* skip ':' */
1362 /* note: value_end == field_end */
1364 ++ HeaderEntryParsedCount
;
1366 /* do we have a valid field name within this field? */
1368 if (!name_len
|| name_end
> field_end
)
1371 if (name_len
> 65534) {
1372 /* String must be LESS THAN 64K and it adds a terminating NULL */
1373 debugs(55, DBG_IMPORTANT
, "WARNING: ignoring header name of " << name_len
<< " bytes");
1377 if (Config
.onoff
.relaxed_header_parser
&& xisspace(field_start
[name_len
- 1])) {
1378 debugs(55, Config
.onoff
.relaxed_header_parser
<= 0 ? 1 : 2,
1379 "NOTICE: Whitespace after header name in '" << getStringPrefix(field_start
, field_end
-field_start
) << "'");
1381 while (name_len
> 0 && xisspace(field_start
[name_len
- 1]))
1388 /* now we know we can parse it */
1390 debugs(55, 9, "parsing HttpHeaderEntry: near '" << getStringPrefix(field_start
, field_end
-field_start
) << "'");
1392 /* is it a "known" field? */
1393 Http::HdrType id
= Http::HeaderLookupTable
.lookup(field_start
,name_len
).id
;
1394 debugs(55, 9, "got hdr-id=" << id
);
1400 if (id
== Http::HdrType::BAD_HDR
)
1401 id
= Http::HdrType::OTHER
;
1403 /* set field name */
1404 if (id
== Http::HdrType::OTHER
)
1405 name
.limitInit(field_start
, name_len
);
1407 name
= Http::HeaderLookupTable
.lookup(id
).name
;
1409 /* trim field value */
1410 while (value_start
< field_end
&& xisspace(*value_start
))
1413 while (value_start
< field_end
&& xisspace(field_end
[-1]))
1416 if (field_end
- value_start
> 65534) {
1417 /* String must be LESS THAN 64K and it adds a terminating NULL */
1418 debugs(55, DBG_IMPORTANT
, "WARNING: ignoring '" << name
<< "' header of " << (field_end
- value_start
) << " bytes");
1420 if (id
== Http::HdrType::OTHER
)
1426 /* set field value */
1427 value
.limitInit(value_start
, field_end
- value_start
);
1429 if (id
!= Http::HdrType::BAD_HDR
)
1430 ++ headerStatsTable
[id
].seenCount
;
1432 debugs(55, 9, "parsed HttpHeaderEntry: '" << name
<< ": " << value
<< "'");
1434 return new HttpHeaderEntry(id
, name
.termedBuf(), value
.termedBuf());
1438 HttpHeaderEntry::clone() const
1440 return new HttpHeaderEntry(id
, name
.termedBuf(), value
.termedBuf());
1444 HttpHeaderEntry::packInto(Packable
* p
) const
1447 p
->append(name
.rawBuf(), name
.size());
1449 p
->append(value
.rawBuf(), value
.size());
1450 p
->append("\r\n", 2);
1454 HttpHeaderEntry::getInt() const
1457 int ok
= httpHeaderParseInt(value
.termedBuf(), &val
);
1458 httpHeaderNoteParsedEntry(id
, value
, ok
== 0);
1459 /* XXX: Should we check ok - ie
1460 * return ok ? -1 : value;
1466 HttpHeaderEntry::getInt64() const
1469 const bool ok
= httpHeaderParseOffset(value
.termedBuf(), &val
);
1470 httpHeaderNoteParsedEntry(id
, value
, ok
);
1471 return val
; // remains -1 if !ok (XXX: bad method API)
1475 httpHeaderNoteParsedEntry(Http::HdrType id
, String
const &context
, bool error
)
1477 if (id
!= Http::HdrType::BAD_HDR
)
1478 ++ headerStatsTable
[id
].parsCount
;
1481 if (id
!= Http::HdrType::BAD_HDR
)
1482 ++ headerStatsTable
[id
].errCount
;
1483 debugs(55, 2, "cannot parse hdr field: '" << Http::HeaderLookupTable
.lookup(id
).name
<< ": " << context
<< "'");
1491 /* tmp variable used to pass stat info to dumpers */
1492 extern const HttpHeaderStat
*dump_stat
; /* argh! */
1493 const HttpHeaderStat
*dump_stat
= NULL
;
1496 httpHeaderFieldStatDumper(StoreEntry
* sentry
, int, double val
, double, int count
)
1498 const int id
= static_cast<int>(val
);
1499 const bool valid_id
= Http::any_valid_header(static_cast<Http::HdrType
>(id
));
1500 const char *name
= valid_id
? Http::HeaderLookupTable
.lookup(static_cast<Http::HdrType
>(id
)).name
: "INVALID";
1501 int visible
= count
> 0;
1502 /* for entries with zero count, list only those that belong to current type of message */
1504 if (!visible
&& valid_id
&& dump_stat
->owner_mask
)
1505 visible
= CBIT_TEST(*dump_stat
->owner_mask
, id
);
1508 storeAppendPrintf(sentry
, "%2d\t %-20s\t %5d\t %6.2f\n",
1509 id
, name
, count
, xdiv(count
, dump_stat
->busyDestroyedCount
));
1513 httpHeaderFldsPerHdrDumper(StoreEntry
* sentry
, int idx
, double val
, double, int count
)
1516 storeAppendPrintf(sentry
, "%2d\t %5d\t %5d\t %6.2f\n",
1517 idx
, (int) val
, count
,
1518 xpercent(count
, dump_stat
->destroyedCount
));
1522 httpHeaderStatDump(const HttpHeaderStat
* hs
, StoreEntry
* e
)
1528 storeAppendPrintf(e
, "\nHeader Stats: %s\n", hs
->label
);
1529 storeAppendPrintf(e
, "\nField type distribution\n");
1530 storeAppendPrintf(e
, "%2s\t %-20s\t %5s\t %6s\n",
1531 "id", "name", "count", "#/header");
1532 hs
->fieldTypeDistr
.dump(e
, httpHeaderFieldStatDumper
);
1533 storeAppendPrintf(e
, "\nCache-control directives distribution\n");
1534 storeAppendPrintf(e
, "%2s\t %-20s\t %5s\t %6s\n",
1535 "id", "name", "count", "#/cc_field");
1536 hs
->ccTypeDistr
.dump(e
, httpHdrCcStatDumper
);
1537 storeAppendPrintf(e
, "\nSurrogate-control directives distribution\n");
1538 storeAppendPrintf(e
, "%2s\t %-20s\t %5s\t %6s\n",
1539 "id", "name", "count", "#/sc_field");
1540 hs
->scTypeDistr
.dump(e
, httpHdrScStatDumper
);
1541 storeAppendPrintf(e
, "\nNumber of fields per header distribution\n");
1542 storeAppendPrintf(e
, "%2s\t %-5s\t %5s\t %6s\n",
1543 "id", "#flds", "count", "%total");
1544 hs
->hdrUCountDistr
.dump(e
, httpHeaderFldsPerHdrDumper
);
1545 storeAppendPrintf(e
, "\n");
1550 httpHeaderStoreReport(StoreEntry
* e
)
1555 HttpHeaderStats
[0].parsedCount
=
1556 HttpHeaderStats
[hoRequest
].parsedCount
+ HttpHeaderStats
[hoReply
].parsedCount
;
1557 HttpHeaderStats
[0].ccParsedCount
=
1558 HttpHeaderStats
[hoRequest
].ccParsedCount
+ HttpHeaderStats
[hoReply
].ccParsedCount
;
1559 HttpHeaderStats
[0].destroyedCount
=
1560 HttpHeaderStats
[hoRequest
].destroyedCount
+ HttpHeaderStats
[hoReply
].destroyedCount
;
1561 HttpHeaderStats
[0].busyDestroyedCount
=
1562 HttpHeaderStats
[hoRequest
].busyDestroyedCount
+ HttpHeaderStats
[hoReply
].busyDestroyedCount
;
1564 for (i
= 1; i
< HttpHeaderStatCount
; ++i
) {
1565 httpHeaderStatDump(HttpHeaderStats
+ i
, e
);
1568 /* field stats for all messages */
1569 storeAppendPrintf(e
, "\nHttp Fields Stats (replies and requests)\n");
1571 storeAppendPrintf(e
, "%2s\t %-25s\t %5s\t %6s\t %6s\n",
1572 "id", "name", "#alive", "%err", "%repeat");
1574 // scan heaaderTable and output
1575 for (auto h
: WholeEnum
<Http::HdrType
>()) {
1576 auto stats
= headerStatsTable
[h
];
1577 storeAppendPrintf(e
, "%2d\t %-25s\t %5d\t %6.3f\t %6.3f\n",
1578 Http::HeaderLookupTable
.lookup(h
).id
,
1579 Http::HeaderLookupTable
.lookup(h
).name
,
1581 xpercent(stats
.errCount
, stats
.parsCount
),
1582 xpercent(stats
.repCount
, stats
.seenCount
));
1585 storeAppendPrintf(e
, "Headers Parsed: %d + %d = %d\n",
1586 HttpHeaderStats
[hoRequest
].parsedCount
,
1587 HttpHeaderStats
[hoReply
].parsedCount
,
1588 HttpHeaderStats
[0].parsedCount
);
1589 storeAppendPrintf(e
, "Hdr Fields Parsed: %d\n", HeaderEntryParsedCount
);
1593 HttpHeader::hasListMember(Http::HdrType id
, const char *member
, const char separator
) const
1596 const char *pos
= NULL
;
1599 int mlen
= strlen(member
);
1601 assert(any_registered_header(id
));
1603 String
header (getStrOrList(id
));
1605 while (strListGetItem(&header
, separator
, &item
, &ilen
, &pos
)) {
1606 if (strncasecmp(item
, member
, mlen
) == 0
1607 && (item
[mlen
] == '=' || item
[mlen
] == separator
|| item
[mlen
] == ';' || item
[mlen
] == '\0')) {
1617 HttpHeader::hasByNameListMember(const char *name
, const char *member
, const char separator
) const
1620 const char *pos
= NULL
;
1623 int mlen
= strlen(member
);
1627 String
header (getByName(name
));
1629 while (strListGetItem(&header
, separator
, &item
, &ilen
, &pos
)) {
1630 if (strncasecmp(item
, member
, mlen
) == 0
1631 && (item
[mlen
] == '=' || item
[mlen
] == separator
|| item
[mlen
] == ';' || item
[mlen
] == '\0')) {
1641 HttpHeader::removeHopByHopEntries()
1643 removeConnectionHeaderEntries();
1645 const HttpHeaderEntry
*e
;
1646 HttpHeaderPos pos
= HttpHeaderInitPos
;
1647 int headers_deleted
= 0;
1648 while ((e
= getEntry(&pos
))) {
1649 Http::HdrType id
= e
->id
;
1650 if (Http::HeaderLookupTable
.lookup(id
).hopbyhop
) {
1651 delAt(pos
, headers_deleted
);
1658 HttpHeader::removeConnectionHeaderEntries()
1660 if (has(Http::HdrType::CONNECTION
)) {
1661 /* anything that matches Connection list member will be deleted */
1662 String strConnection
;
1664 (void) getList(Http::HdrType::CONNECTION
, &strConnection
);
1665 const HttpHeaderEntry
*e
;
1666 HttpHeaderPos pos
= HttpHeaderInitPos
;
1668 * think: on-average-best nesting of the two loops (hdrEntry
1669 * and strListItem) @?@
1672 * maybe we should delete standard stuff ("keep-alive","close")
1673 * from strConnection first?
1676 int headers_deleted
= 0;
1677 while ((e
= getEntry(&pos
))) {
1678 if (strListIsMember(&strConnection
, e
->name
.termedBuf(), ','))
1679 delAt(pos
, headers_deleted
);
1681 if (headers_deleted
)