]> git.ipfire.org Git - thirdparty/squid.git/blob - src/client_side_reply.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Source Format Enforcement (#763)
[thirdparty/squid.git] / src / client_side_reply.cc
1 /*
2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 88 Client-side Reply Routines */
10
11 #include "squid.h"
12 #include "acl/FilledChecklist.h"
13 #include "acl/Gadgets.h"
14 #include "anyp/PortCfg.h"
15 #include "client_side_reply.h"
16 #include "errorpage.h"
17 #include "ETag.h"
18 #include "fd.h"
19 #include "fde.h"
20 #include "format/Token.h"
21 #include "FwdState.h"
22 #include "globals.h"
23 #include "http/Stream.h"
24 #include "HttpHeaderTools.h"
25 #include "HttpReply.h"
26 #include "HttpRequest.h"
27 #include "ip/QosConfig.h"
28 #include "ipcache.h"
29 #include "log/access_log.h"
30 #include "MemObject.h"
31 #include "mime_header.h"
32 #include "neighbors.h"
33 #include "refresh.h"
34 #include "RequestFlags.h"
35 #include "SquidConfig.h"
36 #include "SquidTime.h"
37 #include "Store.h"
38 #include "StrList.h"
39 #include "tools.h"
40 #if USE_AUTH
41 #include "auth/UserRequest.h"
42 #endif
43 #if USE_DELAY_POOLS
44 #include "DelayPools.h"
45 #endif
46 #if USE_SQUID_ESI
47 #include "esi/Esi.h"
48 #endif
49
50 #include <memory>
51
52 CBDATA_CLASS_INIT(clientReplyContext);
53
54 /* Local functions */
55 extern "C" CSS clientReplyStatus;
56 ErrorState *clientBuildError(err_type, Http::StatusCode, char const *, const ConnStateData *, HttpRequest *, const AccessLogEntry::Pointer &);
57
58 /* privates */
59
60 clientReplyContext::~clientReplyContext()
61 {
62 deleting = true;
63 /* This may trigger a callback back into SendMoreData as the cbdata
64 * is still valid
65 */
66 removeClientStoreReference(&sc, http);
67 /* old_entry might still be set if we didn't yet get the reply
68 * code in HandleIMSReply() */
69 removeStoreReference(&old_sc, &old_entry);
70 safe_free(tempBuffer.data);
71 cbdataReferenceDone(http);
72 HTTPMSGUNLOCK(reply);
73 }
74
75 clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) :
76 purgeStatus(Http::scNone),
77 http(cbdataReference(clientContext)),
78 headers_sz(0),
79 sc(NULL),
80 old_reqsize(0),
81 reqsize(0),
82 reqofs(0),
83 ourNode(NULL),
84 reply(NULL),
85 old_entry(NULL),
86 old_sc(NULL),
87 old_lastmod(-1),
88 deleting(false),
89 collapsedRevalidation(crNone)
90 {
91 *tempbuf = 0;
92 }
93
94 /** Create an error in the store awaiting the client side to read it.
95 *
96 * This may be better placed in the clientStream logic, but it has not been
97 * relocated there yet
98 */
99 void
100 clientReplyContext::setReplyToError(
101 err_type err, Http::StatusCode status, const HttpRequestMethod& method, char const *uri,
102 const ConnStateData *conn, HttpRequest *failedrequest, const char *unparsedrequest,
103 #if USE_AUTH
104 Auth::UserRequest::Pointer auth_user_request
105 #else
106 void*
107 #endif
108 )
109 {
110 auto errstate = clientBuildError(err, status, uri, conn, failedrequest, http->al);
111
112 if (unparsedrequest)
113 errstate->request_hdrs = xstrdup(unparsedrequest);
114
115 #if USE_AUTH
116 errstate->auth_user_request = auth_user_request;
117 #endif
118 setReplyToError(method, errstate);
119 }
120
121 void clientReplyContext::setReplyToError(const HttpRequestMethod& method, ErrorState *errstate)
122 {
123 if (errstate->httpStatus == Http::scNotImplemented && http->request)
124 /* prevent confusion over whether we default to persistent or not */
125 http->request->flags.proxyKeepalive = false;
126
127 http->al->http.code = errstate->httpStatus;
128
129 if (http->request)
130 http->request->ignoreRange("responding with a Squid-generated error");
131
132 createStoreEntry(method, RequestFlags());
133 assert(errstate->callback_data == NULL);
134 errorAppendEntry(http->storeEntry(), errstate);
135 /* Now the caller reads to get this */
136 }
137
138 void
139 clientReplyContext::setReplyToReply(HttpReply *futureReply)
140 {
141 Must(futureReply);
142 http->al->http.code = futureReply->sline.status();
143
144 HttpRequestMethod method;
145 if (http->request) { // nil on responses to unparsable requests
146 http->request->ignoreRange("responding with a Squid-generated reply");
147 method = http->request->method;
148 }
149
150 createStoreEntry(method, RequestFlags());
151
152 http->storeEntry()->storeErrorResponse(futureReply);
153 /* Now the caller reads to get futureReply */
154 }
155
156 // Assumes that the entry contains an error response without Content-Range.
157 // To use with regular entries, make HTTP Range header removal conditional.
158 void clientReplyContext::setReplyToStoreEntry(StoreEntry *entry, const char *reason)
159 {
160 entry->lock("clientReplyContext::setReplyToStoreEntry"); // removeClientStoreReference() unlocks
161 sc = storeClientListAdd(entry, this);
162 #if USE_DELAY_POOLS
163 sc->setDelayId(DelayId::DelayClient(http));
164 #endif
165 reqofs = 0;
166 reqsize = 0;
167 if (http->request)
168 http->request->ignoreRange(reason);
169 flags.storelogiccomplete = 1;
170 http->storeEntry(entry);
171 }
172
173 void
174 clientReplyContext::removeStoreReference(store_client ** scp,
175 StoreEntry ** ep)
176 {
177 StoreEntry *e;
178 store_client *sc_tmp = *scp;
179
180 if ((e = *ep) != NULL) {
181 *ep = NULL;
182 storeUnregister(sc_tmp, e, this);
183 *scp = NULL;
184 e->unlock("clientReplyContext::removeStoreReference");
185 }
186 }
187
188 void
189 clientReplyContext::removeClientStoreReference(store_client **scp, ClientHttpRequest *aHttpRequest)
190 {
191 StoreEntry *reference = aHttpRequest->storeEntry();
192 removeStoreReference(scp, &reference);
193 aHttpRequest->storeEntry(reference);
194 }
195
196 void
197 clientReplyContext::saveState()
198 {
199 assert(old_sc == NULL);
200 debugs(88, 3, "clientReplyContext::saveState: saving store context");
201 old_entry = http->storeEntry();
202 old_sc = sc;
203 old_lastmod = http->request->lastmod;
204 old_etag = http->request->etag;
205 old_reqsize = reqsize;
206 tempBuffer.offset = reqofs;
207 /* Prevent accessing the now saved entries */
208 http->storeEntry(NULL);
209 sc = NULL;
210 reqsize = 0;
211 reqofs = 0;
212 }
213
214 void
215 clientReplyContext::restoreState()
216 {
217 assert(old_sc != NULL);
218 debugs(88, 3, "clientReplyContext::restoreState: Restoring store context");
219 removeClientStoreReference(&sc, http);
220 http->storeEntry(old_entry);
221 sc = old_sc;
222 reqsize = old_reqsize;
223 reqofs = tempBuffer.offset;
224 http->request->lastmod = old_lastmod;
225 http->request->etag = old_etag;
226 /* Prevent accessed the old saved entries */
227 old_entry = NULL;
228 old_sc = NULL;
229 old_lastmod = -1;
230 old_etag.clean();
231 old_reqsize = 0;
232 tempBuffer.offset = 0;
233 }
234
235 void
236 clientReplyContext::startError(ErrorState * err)
237 {
238 createStoreEntry(http->request->method, RequestFlags());
239 triggerInitialStoreRead();
240 errorAppendEntry(http->storeEntry(), err);
241 }
242
243 clientStreamNode *
244 clientReplyContext::getNextNode() const
245 {
246 return (clientStreamNode *)ourNode->node.next->data;
247 }
248
249 /* This function is wrong - the client parameters don't include the
250 * header offset
251 */
252 void
253 clientReplyContext::triggerInitialStoreRead()
254 {
255 /* when confident, 0 becomes reqofs, and then this factors into
256 * startSendProcess
257 */
258 assert(reqofs == 0);
259 StoreIOBuffer localTempBuffer (next()->readBuffer.length, 0, next()->readBuffer.data);
260 storeClientCopy(sc, http->storeEntry(), localTempBuffer, SendMoreData, this);
261 }
262
263 /* there is an expired entry in the store.
264 * setup a temporary buffer area and perform an IMS to the origin
265 */
266 void
267 clientReplyContext::processExpired()
268 {
269 const char *url = storeId();
270 debugs(88, 3, "clientReplyContext::processExpired: '" << http->uri << "'");
271 const time_t lastmod = http->storeEntry()->lastModified();
272 assert(lastmod >= 0);
273 /*
274 * check if we are allowed to contact other servers
275 * @?@: Instead of a 504 (Gateway Timeout) reply, we may want to return
276 * a stale entry *if* it matches client requirements
277 */
278
279 if (http->onlyIfCached()) {
280 processOnlyIfCachedMiss();
281 return;
282 }
283
284 http->logType.update(LOG_TCP_REFRESH);
285 http->request->flags.refresh = true;
286 #if STORE_CLIENT_LIST_DEBUG
287 /* Prevent a race with the store client memory free routines
288 */
289 assert(storeClientIsThisAClient(sc, this));
290 #endif
291 /* Prepare to make a new temporary request */
292 saveState();
293
294 // TODO: Consider also allowing regular (non-collapsed) revalidation hits.
295 // TODO: support collapsed revalidation for Vary-controlled entries
296 bool collapsingAllowed = Config.onoff.collapsed_forwarding &&
297 !Store::Controller::SmpAware() &&
298 http->request->vary_headers.isEmpty();
299
300 StoreEntry *entry = nullptr;
301 if (collapsingAllowed) {
302 if (const auto e = storeGetPublicByRequest(http->request, ksRevalidation)) {
303 if (e->hittingRequiresCollapsing() && startCollapsingOn(*e, true)) {
304 entry = e;
305 entry->lock("clientReplyContext::processExpired#alreadyRevalidating");
306 } else {
307 e->abandon(__FUNCTION__);
308 // assume mayInitiateCollapsing() would fail too
309 collapsingAllowed = false;
310 }
311 }
312 }
313
314 if (entry) {
315 entry->ensureMemObject(url, http->log_uri, http->request->method);
316 debugs(88, 5, "collapsed on existing revalidation entry: " << *entry);
317 collapsedRevalidation = crSlave;
318 } else {
319 entry = storeCreateEntry(url,
320 http->log_uri, http->request->flags, http->request->method);
321 /* NOTE, don't call StoreEntry->lock(), storeCreateEntry() does it */
322
323 if (collapsingAllowed && mayInitiateCollapsing() &&
324 Store::Root().allowCollapsing(entry, http->request->flags, http->request->method)) {
325 debugs(88, 5, "allow other revalidation requests to collapse on " << *entry);
326 collapsedRevalidation = crInitiator;
327 } else {
328 collapsedRevalidation = crNone;
329 }
330 }
331
332 sc = storeClientListAdd(entry, this);
333 #if USE_DELAY_POOLS
334 /* delay_id is already set on original store client */
335 sc->setDelayId(DelayId::DelayClient(http));
336 #endif
337
338 http->request->lastmod = lastmod;
339
340 if (!http->request->header.has(Http::HdrType::IF_NONE_MATCH)) {
341 ETag etag = {NULL, -1}; // TODO: make that a default ETag constructor
342 if (old_entry->hasEtag(etag) && !etag.weak)
343 http->request->etag = etag.str;
344 }
345
346 debugs(88, 5, "lastmod " << entry->lastModified());
347 http->storeEntry(entry);
348 assert(http->out.offset == 0);
349 assert(http->request->clientConnectionManager == http->getConn());
350
351 if (collapsedRevalidation != crSlave) {
352 /*
353 * A refcounted pointer so that FwdState stays around as long as
354 * this clientReplyContext does
355 */
356 Comm::ConnectionPointer conn = http->getConn() != NULL ? http->getConn()->clientConnection : NULL;
357 FwdState::Start(conn, http->storeEntry(), http->request, http->al);
358 }
359 /* Register with storage manager to receive updates when data comes in. */
360
361 if (EBIT_TEST(entry->flags, ENTRY_ABORTED))
362 debugs(88, DBG_CRITICAL, "clientReplyContext::processExpired: Found ENTRY_ABORTED object");
363
364 {
365 /* start counting the length from 0 */
366 StoreIOBuffer localTempBuffer(HTTP_REQBUF_SZ, 0, tempbuf);
367 storeClientCopy(sc, entry, localTempBuffer, HandleIMSReply, this);
368 }
369 }
370
371 void
372 clientReplyContext::sendClientUpstreamResponse()
373 {
374 StoreIOBuffer tempresult;
375 removeStoreReference(&old_sc, &old_entry);
376
377 if (collapsedRevalidation)
378 http->storeEntry()->clearPublicKeyScope();
379
380 /* here the data to send is the data we just received */
381 tempBuffer.offset = 0;
382 old_reqsize = 0;
383 /* sendMoreData tracks the offset as well.
384 * Force it back to zero */
385 reqofs = 0;
386 assert(!EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED));
387 /* TODO: provide sendMoreData with the ready parsed reply */
388 tempresult.length = reqsize;
389 tempresult.data = tempbuf;
390 sendMoreData(tempresult);
391 }
392
393 void
394 clientReplyContext::HandleIMSReply(void *data, StoreIOBuffer result)
395 {
396 clientReplyContext *context = (clientReplyContext *)data;
397 context->handleIMSReply(result);
398 }
399
400 void
401 clientReplyContext::sendClientOldEntry()
402 {
403 /* Get the old request back */
404 restoreState();
405 /* here the data to send is in the next nodes buffers already */
406 assert(!EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED));
407 /* sendMoreData tracks the offset as well.
408 * Force it back to zero */
409 reqofs = 0;
410 StoreIOBuffer tempresult (reqsize, reqofs, next()->readBuffer.data);
411 sendMoreData(tempresult);
412 }
413
414 /* This is the workhorse of the HandleIMSReply callback.
415 *
416 * It is called when we've got data back from the origin following our
417 * IMS request to revalidate a stale entry.
418 */
419 void
420 clientReplyContext::handleIMSReply(StoreIOBuffer result)
421 {
422 if (deleting)
423 return;
424
425 debugs(88, 3, http->storeEntry()->url() << ", " << (long unsigned) result.length << " bytes");
426
427 if (http->storeEntry() == NULL)
428 return;
429
430 if (result.flags.error && !EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED))
431 return;
432
433 if (collapsedRevalidation == crSlave && !http->storeEntry()->mayStartHitting()) {
434 debugs(88, 3, "CF slave hit private non-shareable " << *http->storeEntry() << ". MISS");
435 // restore context to meet processMiss() expectations
436 restoreState();
437 http->logType.update(LOG_TCP_MISS);
438 processMiss();
439 return;
440 }
441
442 /* update size of the request */
443 reqsize = result.length + reqofs;
444
445 // request to origin was aborted
446 if (EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) {
447 debugs(88, 3, "request to origin aborted '" << http->storeEntry()->url() << "', sending old entry to client");
448 http->logType.update(LOG_TCP_REFRESH_FAIL_OLD);
449 sendClientOldEntry();
450 return;
451 }
452
453 const auto oldStatus = old_entry->mem().freshestReply().sline.status();
454 const auto &new_rep = http->storeEntry()->mem().freshestReply();
455 const auto status = new_rep.sline.status();
456
457 // XXX: Disregard stale incomplete (i.e. still being written) borrowed (i.e.
458 // not caused by our request) IMS responses. That new_rep may be very old!
459
460 // origin replied 304
461 if (status == Http::scNotModified) {
462 http->logType.update(LOG_TCP_REFRESH_UNMODIFIED);
463 http->request->flags.staleIfHit = false; // old_entry is no longer stale
464
465 // TODO: The update may not be instantaneous. Should we wait for its
466 // completion to avoid spawning too much client-disassociated work?
467 Store::Root().updateOnNotModified(old_entry, *http->storeEntry());
468
469 // if client sent IMS
470 if (http->request->flags.ims && !old_entry->modifiedSince(http->request->ims, http->request->imslen)) {
471 // forward the 304 from origin
472 debugs(88, 3, "origin replied 304, revalidated existing entry and forwarding 304 to client");
473 sendClientUpstreamResponse();
474 return;
475 }
476
477 // send existing entry, it's still valid
478 debugs(88, 3, "origin replied 304, revalidated existing entry and sending " << oldStatus << " to client");
479 sendClientOldEntry();
480 return;
481 }
482
483 // origin replied with a non-error code
484 if (status > Http::scNone && status < Http::scInternalServerError) {
485 // RFC 7234 section 4: a cache MUST use the most recent response
486 // (as determined by the Date header field)
487 if (new_rep.olderThan(&old_entry->mem().freshestReply())) {
488 http->logType.err.ignored = true;
489 debugs(88, 3, "origin replied " << status << " but with an older date header, sending old entry (" << oldStatus << ") to client");
490 sendClientOldEntry();
491 return;
492 }
493
494 http->logType.update(LOG_TCP_REFRESH_MODIFIED);
495 debugs(88, 3, "origin replied " << status << ", forwarding to client");
496 sendClientUpstreamResponse();
497 return;
498 }
499
500 // origin replied with an error
501 if (http->request->flags.failOnValidationError) {
502 http->logType.update(LOG_TCP_REFRESH_FAIL_ERR);
503 debugs(88, 3, "origin replied with error " << status << ", forwarding to client due to fail_on_validation_err");
504 sendClientUpstreamResponse();
505 return;
506 }
507
508 // ignore and let client have old entry
509 http->logType.update(LOG_TCP_REFRESH_FAIL_OLD);
510 debugs(88, 3, "origin replied with error " << status << ", sending old entry (" << oldStatus << ") to client");
511 sendClientOldEntry();
512 }
513
514 SQUIDCEXTERN CSR clientGetMoreData;
515 SQUIDCEXTERN CSD clientReplyDetach;
516
517 /**
518 * clientReplyContext::cacheHit Should only be called until the HTTP reply headers
519 * have been parsed. Normally this should be a single call, but
520 * it might take more than one. As soon as we have the headers,
521 * we hand off to clientSendMoreData, processExpired, or
522 * processMiss.
523 */
524 void
525 clientReplyContext::CacheHit(void *data, StoreIOBuffer result)
526 {
527 clientReplyContext *context = (clientReplyContext *)data;
528 context->cacheHit(result);
529 }
530
531 /**
532 * Process a possible cache HIT.
533 */
534 void
535 clientReplyContext::cacheHit(StoreIOBuffer result)
536 {
537 /** Ignore if the HIT object is being deleted. */
538 if (deleting) {
539 debugs(88, 3, "HIT object being deleted. Ignore the HIT.");
540 return;
541 }
542
543 StoreEntry *e = http->storeEntry();
544
545 HttpRequest *r = http->request;
546
547 debugs(88, 3, "clientCacheHit: " << http->uri << ", " << result.length << " bytes");
548
549 if (http->storeEntry() == NULL) {
550 debugs(88, 3, "clientCacheHit: request aborted");
551 return;
552 } else if (result.flags.error) {
553 /* swap in failure */
554 debugs(88, 3, "clientCacheHit: swapin failure for " << http->uri);
555 http->logType.update(LOG_TCP_SWAPFAIL_MISS);
556 removeClientStoreReference(&sc, http);
557 processMiss();
558 return;
559 }
560
561 // The previously identified hit suddenly became unshareable!
562 // This is common for collapsed forwarding slaves but might also
563 // happen to regular hits because we are called asynchronously.
564 if (!e->mayStartHitting()) {
565 debugs(88, 3, "unshareable " << *e << ". MISS");
566 http->logType.update(LOG_TCP_MISS);
567 processMiss();
568 return;
569 }
570
571 if (result.length == 0) {
572 debugs(88, 5, "store IO buffer has no content. MISS");
573 /* the store couldn't get enough data from the file for us to id the
574 * object
575 */
576 /* treat as a miss */
577 http->logType.update(LOG_TCP_MISS);
578 processMiss();
579 return;
580 }
581
582 assert(!EBIT_TEST(e->flags, ENTRY_ABORTED));
583 /* update size of the request */
584 reqsize = result.length + reqofs;
585
586 /*
587 * Got the headers, now grok them
588 */
589 assert(http->logType.oldType == LOG_TCP_HIT);
590
591 if (http->request->storeId().cmp(e->mem_obj->storeId()) != 0) {
592 debugs(33, DBG_IMPORTANT, "clientProcessHit: URL mismatch, '" << e->mem_obj->storeId() << "' != '" << http->request->storeId() << "'");
593 http->logType.update(LOG_TCP_MISS); // we lack a more precise LOG_*_MISS code
594 processMiss();
595 return;
596 }
597
598 switch (varyEvaluateMatch(e, r)) {
599
600 case VARY_NONE:
601 /* No variance detected. Continue as normal */
602 break;
603
604 case VARY_MATCH:
605 /* This is the correct entity for this request. Continue */
606 debugs(88, 2, "clientProcessHit: Vary MATCH!");
607 break;
608
609 case VARY_OTHER:
610 /* This is not the correct entity for this request. We need
611 * to requery the cache.
612 */
613 removeClientStoreReference(&sc, http);
614 e = NULL;
615 /* Note: varyEvalyateMatch updates the request with vary information
616 * so we only get here once. (it also takes care of cancelling loops)
617 */
618 debugs(88, 2, "clientProcessHit: Vary detected!");
619 clientGetMoreData(ourNode, http);
620 return;
621
622 case VARY_CANCEL:
623 /* varyEvaluateMatch found a object loop. Process as miss */
624 debugs(88, DBG_IMPORTANT, "clientProcessHit: Vary object loop!");
625 http->logType.update(LOG_TCP_MISS); // we lack a more precise LOG_*_MISS code
626 processMiss();
627 return;
628 }
629
630 if (r->method == Http::METHOD_PURGE) {
631 debugs(88, 5, "PURGE gets a HIT");
632 removeClientStoreReference(&sc, http);
633 e = NULL;
634 purgeRequest();
635 return;
636 }
637
638 if (e->checkNegativeHit() && !r->flags.noCacheHack()) {
639 debugs(88, 5, "negative-HIT");
640 http->logType.update(LOG_TCP_NEGATIVE_HIT);
641 sendMoreData(result);
642 return;
643 } else if (blockedHit()) {
644 debugs(88, 5, "send_hit forces a MISS");
645 http->logType.update(LOG_TCP_MISS);
646 processMiss();
647 return;
648 } else if (!http->flags.internal && refreshCheckHTTP(e, r)) {
649 debugs(88, 5, "clientCacheHit: in refreshCheck() block");
650 /*
651 * We hold a stale copy; it needs to be validated
652 */
653 /*
654 * The 'needValidation' flag is used to prevent forwarding
655 * loops between siblings. If our copy of the object is stale,
656 * then we should probably only use parents for the validation
657 * request. Otherwise two siblings could generate a loop if
658 * both have a stale version of the object.
659 */
660 r->flags.needValidation = true;
661
662 if (e->lastModified() < 0) {
663 debugs(88, 3, "validate HIT object? NO. Can't calculate entry modification time. Do MISS.");
664 /*
665 * We cannot revalidate entries without knowing their
666 * modification time.
667 * XXX: BUG 1890 objects without Date do not get one added.
668 */
669 http->logType.update(LOG_TCP_MISS);
670 processMiss();
671 } else if (r->flags.noCache) {
672 debugs(88, 3, "validate HIT object? NO. Client sent CC:no-cache. Do CLIENT_REFRESH_MISS");
673 /*
674 * This did not match a refresh pattern that overrides no-cache
675 * we should honour the client no-cache header.
676 */
677 http->logType.update(LOG_TCP_CLIENT_REFRESH_MISS);
678 processMiss();
679 } else if (r->url.getScheme() == AnyP::PROTO_HTTP || r->url.getScheme() == AnyP::PROTO_HTTPS) {
680 debugs(88, 3, "validate HIT object? YES.");
681 /*
682 * Object needs to be revalidated
683 * XXX This could apply to FTP as well, if Last-Modified is known.
684 */
685 processExpired();
686 } else {
687 debugs(88, 3, "validate HIT object? NO. Client protocol non-HTTP. Do MISS.");
688 /*
689 * We don't know how to re-validate other protocols. Handle
690 * them as if the object has expired.
691 */
692 http->logType.update(LOG_TCP_MISS);
693 processMiss();
694 }
695 return;
696 } else if (r->conditional()) {
697 debugs(88, 5, "conditional HIT");
698 if (processConditional(result))
699 return;
700 }
701
702 /*
703 * plain ol' cache hit
704 */
705 debugs(88, 5, "plain old HIT");
706
707 #if USE_DELAY_POOLS
708 if (e->store_status != STORE_OK)
709 http->logType.update(LOG_TCP_MISS);
710 else
711 #endif
712 if (e->mem_status == IN_MEMORY)
713 http->logType.update(LOG_TCP_MEM_HIT);
714 else if (Config.onoff.offline)
715 http->logType.update(LOG_TCP_OFFLINE_HIT);
716
717 sendMoreData(result);
718 }
719
720 /**
721 * Prepare to fetch the object as it's a cache miss of some kind.
722 */
723 void
724 clientReplyContext::processMiss()
725 {
726 char *url = http->uri;
727 HttpRequest *r = http->request;
728 ErrorState *err = NULL;
729 debugs(88, 4, r->method << ' ' << url);
730
731 /**
732 * We might have a left-over StoreEntry from a failed cache hit
733 * or IMS request.
734 */
735 if (http->storeEntry()) {
736 if (EBIT_TEST(http->storeEntry()->flags, ENTRY_SPECIAL)) {
737 debugs(88, DBG_CRITICAL, "clientProcessMiss: miss on a special object (" << url << ").");
738 debugs(88, DBG_CRITICAL, "\tlog_type = " << http->logType.c_str());
739 http->storeEntry()->dump(1);
740 }
741
742 removeClientStoreReference(&sc, http);
743 }
744
745 /** Check if its a PURGE request to be actioned. */
746 if (r->method == Http::METHOD_PURGE) {
747 purgeRequest();
748 return;
749 }
750
751 /** Check if its an 'OTHER' request. Purge all cached entries if so and continue. */
752 if (r->method == Http::METHOD_OTHER) {
753 purgeAllCached();
754 }
755
756 /** Check if 'only-if-cached' flag is set. Action if so. */
757 if (http->onlyIfCached()) {
758 processOnlyIfCachedMiss();
759 return;
760 }
761
762 /// Deny loops
763 if (r->flags.loopDetected) {
764 http->al->http.code = Http::scForbidden;
765 err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, nullptr, http->getConn(), http->request, http->al);
766 createStoreEntry(r->method, RequestFlags());
767 errorAppendEntry(http->storeEntry(), err);
768 triggerInitialStoreRead();
769 return;
770 } else {
771 assert(http->out.offset == 0);
772 createStoreEntry(r->method, r->flags);
773 triggerInitialStoreRead();
774
775 if (http->redirect.status) {
776 const HttpReplyPointer rep(new HttpReply);
777 http->logType.update(LOG_TCP_REDIRECT);
778 http->storeEntry()->releaseRequest();
779 rep->redirect(http->redirect.status, http->redirect.location);
780 http->storeEntry()->replaceHttpReply(rep);
781 http->storeEntry()->complete();
782 return;
783 }
784
785 assert(r->clientConnectionManager == http->getConn());
786
787 Comm::ConnectionPointer conn = http->getConn() != nullptr ? http->getConn()->clientConnection : nullptr;
788 /** Start forwarding to get the new object from network */
789 FwdState::Start(conn, http->storeEntry(), r, http->al);
790 }
791 }
792
793 /**
794 * client issued a request with an only-if-cached cache-control directive;
795 * we did not find a cached object that can be returned without
796 * contacting other servers;
797 * respond with a 504 (Gateway Timeout) as suggested in [RFC 2068]
798 */
799 void
800 clientReplyContext::processOnlyIfCachedMiss()
801 {
802 debugs(88, 4, http->request->method << ' ' << http->uri);
803 http->al->http.code = Http::scGatewayTimeout;
804 ErrorState *err = clientBuildError(ERR_ONLY_IF_CACHED_MISS, Http::scGatewayTimeout, NULL,
805 http->getConn(), http->request, http->al);
806 removeClientStoreReference(&sc, http);
807 startError(err);
808 }
809
810 /// process conditional request from client
811 bool
812 clientReplyContext::processConditional(StoreIOBuffer &result)
813 {
814 StoreEntry *const e = http->storeEntry();
815
816 const auto replyStatusCode = e->mem().baseReply().sline.status();
817 if (replyStatusCode != Http::scOkay) {
818 debugs(88, 4, "miss because " << replyStatusCode << " != 200");
819 http->logType.update(LOG_TCP_MISS);
820 processMiss();
821 return true;
822 }
823
824 HttpRequest &r = *http->request;
825
826 if (r.header.has(Http::HdrType::IF_MATCH) && !e->hasIfMatchEtag(r)) {
827 // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
828 sendPreconditionFailedError();
829 return true;
830 }
831
832 if (r.header.has(Http::HdrType::IF_NONE_MATCH)) {
833 // RFC 7232: If-None-Match recipient MUST ignore IMS
834 r.flags.ims = false;
835 r.ims = -1;
836 r.imslen = 0;
837 r.header.delById(Http::HdrType::IF_MODIFIED_SINCE);
838
839 if (e->hasIfNoneMatchEtag(r)) {
840 sendNotModifiedOrPreconditionFailedError();
841 return true;
842 }
843
844 // None-Match is true (no ETag matched); treat as an unconditional hit
845 return false;
846 }
847
848 if (r.flags.ims) {
849 // handle If-Modified-Since requests from the client
850 if (e->modifiedSince(r.ims, r.imslen)) {
851 // Modified-Since is true; treat as an unconditional hit
852 return false;
853
854 } else {
855 // otherwise reply with 304 Not Modified
856 sendNotModified();
857 }
858 return true;
859 }
860
861 return false;
862 }
863
864 /// whether squid.conf send_hit prevents us from serving this hit
865 bool
866 clientReplyContext::blockedHit() const
867 {
868 if (!Config.accessList.sendHit)
869 return false; // hits are not blocked by default
870
871 if (http->flags.internal)
872 return false; // internal content "hits" cannot be blocked
873
874 const auto &rep = http->storeEntry()->mem().freshestReply();
875 {
876 std::unique_ptr<ACLFilledChecklist> chl(clientAclChecklistCreate(Config.accessList.sendHit, http));
877 chl->reply = const_cast<HttpReply*>(&rep); // ACLChecklist API bug
878 HTTPMSGLOCK(chl->reply);
879 return !chl->fastCheck().allowed(); // when in doubt, block
880 }
881 }
882
883 // Purges all entries with a given url
884 // TODO: move to SideAgent parent, when we have one
885 /*
886 * We probably cannot purge Vary-affected responses because their MD5
887 * keys depend on vary headers.
888 */
889 void
890 purgeEntriesByUrl(HttpRequest * req, const char *url)
891 {
892 for (HttpRequestMethod m(Http::METHOD_NONE); m != Http::METHOD_ENUM_END; ++m) {
893 if (m.respMaybeCacheable()) {
894 const cache_key *key = storeKeyPublic(url, m);
895 debugs(88, 5, m << ' ' << url << ' ' << storeKeyText(key));
896 #if USE_HTCP
897 neighborsHtcpClear(nullptr, req, m, HTCP_CLR_INVALIDATION);
898 #endif
899 Store::Root().evictIfFound(key);
900 }
901 }
902 }
903
904 void
905 clientReplyContext::purgeAllCached()
906 {
907 // XXX: performance regression, c_str() reallocates
908 SBuf url(http->request->effectiveRequestUri());
909 purgeEntriesByUrl(http->request, url.c_str());
910 }
911
912 LogTags *
913 clientReplyContext::loggingTags() const
914 {
915 // XXX: clientReplyContext code assumes that http cbdata is always valid.
916 // TODO: Either add cbdataReferenceValid(http) checks in all the relevant
917 // places, like this one, or remove cbdata protection of the http member.
918 return &http->logType;
919 }
920
921 void
922 clientReplyContext::purgeRequest()
923 {
924 debugs(88, 3, "Config2.onoff.enable_purge = " <<
925 Config2.onoff.enable_purge);
926
927 if (!Config2.onoff.enable_purge) {
928 http->logType.update(LOG_TCP_DENIED);
929 ErrorState *err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, NULL,
930 http->getConn(), http->request, http->al);
931 startError(err);
932 return;
933 }
934
935 /* Release both IP cache */
936 ipcacheInvalidate(http->request->url.host());
937
938 // TODO: can we use purgeAllCached() here instead?
939 purgeDoPurge();
940 }
941
942 void
943 clientReplyContext::purgeDoPurge()
944 {
945 auto firstFound = false;
946 if (const auto entry = storeGetPublicByRequestMethod(http->request, Http::METHOD_GET)) {
947 // special entries are only METHOD_GET entries without variance
948 if (EBIT_TEST(entry->flags, ENTRY_SPECIAL)) {
949 http->logType.update(LOG_TCP_DENIED);
950 const auto err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, nullptr,
951 http->getConn(), http->request, http->al);
952 startError(err);
953 entry->abandon(__FUNCTION__);
954 return;
955 }
956 firstFound = true;
957 if (!purgeEntry(*entry, Http::METHOD_GET))
958 return;
959 }
960
961 detailStoreLookup(storeLookupString(firstFound));
962
963 if (const auto entry = storeGetPublicByRequestMethod(http->request, Http::METHOD_HEAD)) {
964 if (!purgeEntry(*entry, Http::METHOD_HEAD))
965 return;
966 }
967
968 /* And for Vary, release the base URI if none of the headers was included in the request */
969 if (!http->request->vary_headers.isEmpty()
970 && http->request->vary_headers.find('=') != SBuf::npos) {
971 // XXX: performance regression, c_str() reallocates
972 SBuf tmp(http->request->effectiveRequestUri());
973
974 if (const auto entry = storeGetPublic(tmp.c_str(), Http::METHOD_GET)) {
975 if (!purgeEntry(*entry, Http::METHOD_GET, "Vary "))
976 return;
977 }
978
979 if (const auto entry = storeGetPublic(tmp.c_str(), Http::METHOD_HEAD)) {
980 if (!purgeEntry(*entry, Http::METHOD_HEAD, "Vary "))
981 return;
982 }
983 }
984
985 if (purgeStatus == Http::scNone)
986 purgeStatus = Http::scNotFound;
987
988 /*
989 * Make a new entry to hold the reply to be written
990 * to the client.
991 */
992 /* TODO: This doesn't need to go through the store. Simply
993 * push down the client chain
994 */
995 createStoreEntry(http->request->method, RequestFlags());
996
997 triggerInitialStoreRead();
998
999 const HttpReplyPointer rep(new HttpReply);
1000 rep->setHeaders(purgeStatus, NULL, NULL, 0, 0, -1);
1001 http->storeEntry()->replaceHttpReply(rep);
1002 http->storeEntry()->complete();
1003 }
1004
1005 bool
1006 clientReplyContext::purgeEntry(StoreEntry &entry, const Http::MethodType methodType, const char *descriptionPrefix)
1007 {
1008 debugs(88, 4, descriptionPrefix << Http::MethodStr(methodType) << " '" << entry.url() << "'" );
1009 #if USE_HTCP
1010 neighborsHtcpClear(&entry, http->request, HttpRequestMethod(methodType), HTCP_CLR_PURGE);
1011 #endif
1012 entry.release(true);
1013 purgeStatus = Http::scOkay;
1014 return true;
1015 }
1016
1017 void
1018 clientReplyContext::traceReply(clientStreamNode * node)
1019 {
1020 clientStreamNode *nextNode = (clientStreamNode *)node->node.next->data;
1021 StoreIOBuffer localTempBuffer;
1022 createStoreEntry(http->request->method, RequestFlags());
1023 localTempBuffer.offset = nextNode->readBuffer.offset + headers_sz;
1024 localTempBuffer.length = nextNode->readBuffer.length;
1025 localTempBuffer.data = nextNode->readBuffer.data;
1026 storeClientCopy(sc, http->storeEntry(),
1027 localTempBuffer, SendMoreData, this);
1028 http->storeEntry()->releaseRequest();
1029 http->storeEntry()->buffer();
1030 const HttpReplyPointer rep(new HttpReply);
1031 rep->setHeaders(Http::scOkay, NULL, "text/plain", http->request->prefixLen(), 0, squid_curtime);
1032 http->storeEntry()->replaceHttpReply(rep);
1033 http->request->swapOut(http->storeEntry());
1034 http->storeEntry()->complete();
1035 }
1036
1037 #define SENDING_BODY 0
1038 #define SENDING_HDRSONLY 1
1039 int
1040 clientReplyContext::checkTransferDone()
1041 {
1042 StoreEntry *entry = http->storeEntry();
1043
1044 if (entry == NULL)
1045 return 0;
1046
1047 /*
1048 * For now, 'done_copying' is used for special cases like
1049 * Range and HEAD requests.
1050 */
1051 if (http->flags.done_copying)
1052 return 1;
1053
1054 if (http->request->flags.chunkedReply && !flags.complete) {
1055 // last-chunk was not sent
1056 return 0;
1057 }
1058
1059 /*
1060 * Handle STORE_OK objects.
1061 * objectLen(entry) will be set proprely.
1062 * RC: Does objectLen(entry) include the Headers?
1063 * RC: Yes.
1064 */
1065 if (entry->store_status == STORE_OK) {
1066 return storeOKTransferDone();
1067 } else {
1068 return storeNotOKTransferDone();
1069 }
1070 }
1071
1072 int
1073 clientReplyContext::storeOKTransferDone() const
1074 {
1075 assert(http->storeEntry()->objectLen() >= 0);
1076 assert(http->storeEntry()->objectLen() >= headers_sz);
1077 if (http->out.offset >= http->storeEntry()->objectLen() - headers_sz) {
1078 debugs(88,3,HERE << "storeOKTransferDone " <<
1079 " out.offset=" << http->out.offset <<
1080 " objectLen()=" << http->storeEntry()->objectLen() <<
1081 " headers_sz=" << headers_sz);
1082 return 1;
1083 }
1084
1085 return 0;
1086 }
1087
1088 int
1089 clientReplyContext::storeNotOKTransferDone() const
1090 {
1091 /*
1092 * Now, handle STORE_PENDING objects
1093 */
1094 MemObject *mem = http->storeEntry()->mem_obj;
1095 assert(mem != NULL);
1096 assert(http->request != NULL);
1097
1098 /* mem->reply was wrong because it uses the UPSTREAM header length!!! */
1099 if (headers_sz == 0)
1100 /* haven't found end of headers yet */
1101 return 0;
1102
1103 // TODO: Use MemObject::expectedReplySize(method) after resolving XXX below.
1104 const auto expectedBodySize = mem->baseReply().content_length;
1105
1106 // XXX: The code below talks about sending data, and checks stats about
1107 // bytes written to the client connection, but this method must determine
1108 // whether we are done _receiving_ data from Store. This code should work OK
1109 // when expectedBodySize is unknown or matches written data, but it may
1110 // malfunction when we are writing ranges while receiving a full response.
1111
1112 /*
1113 * Figure out how much data we are supposed to send.
1114 * If we are sending a body and we don't have a content-length,
1115 * then we must wait for the object to become STORE_OK.
1116 */
1117 if (expectedBodySize < 0)
1118 return 0;
1119
1120 const uint64_t expectedLength = expectedBodySize + http->out.headers_sz;
1121
1122 if (http->out.size < expectedLength)
1123 return 0;
1124 else {
1125 debugs(88,3,HERE << "storeNotOKTransferDone " <<
1126 " out.size=" << http->out.size <<
1127 " expectedLength=" << expectedLength);
1128 return 1;
1129 }
1130 }
1131
1132 /* A write has completed, what is the next status based on the
1133 * canonical request data?
1134 * 1 something is wrong
1135 * 0 nothing is wrong.
1136 *
1137 */
1138 int
1139 clientHttpRequestStatus(int fd, ClientHttpRequest const *http)
1140 {
1141 #if SIZEOF_INT64_T == 4
1142 if (http->out.size > 0x7FFF0000) {
1143 debugs(88, DBG_IMPORTANT, "WARNING: closing FD " << fd << " to prevent out.size counter overflow");
1144 if (http->getConn())
1145 debugs(88, DBG_IMPORTANT, "\tclient " << http->getConn()->peer);
1146 debugs(88, DBG_IMPORTANT, "\treceived " << http->out.size << " bytes");
1147 debugs(88, DBG_IMPORTANT, "\tURI " << http->log_uri);
1148 return 1;
1149 }
1150
1151 if (http->out.offset > 0x7FFF0000) {
1152 debugs(88, DBG_IMPORTANT, "WARNING: closing FD " << fd < " to prevent out.offset counter overflow");
1153 if (http->getConn())
1154 debugs(88, DBG_IMPORTANT, "\tclient " << http->getConn()->peer);
1155 debugs(88, DBG_IMPORTANT, "\treceived " << http->out.size << " bytes, offset " << http->out.offset);
1156 debugs(88, DBG_IMPORTANT, "\tURI " << http->log_uri);
1157 return 1;
1158 }
1159
1160 #endif
1161 return 0;
1162 }
1163
1164 /* Preconditions:
1165 * *http is a valid structure.
1166 * fd is either -1, or an open fd.
1167 *
1168 * TODO: enumify this
1169 *
1170 * This function is used by any http request sink, to determine the status
1171 * of the object.
1172 */
1173 clientStream_status_t
1174 clientReplyStatus(clientStreamNode * aNode, ClientHttpRequest * http)
1175 {
1176 clientReplyContext *context = dynamic_cast<clientReplyContext *>(aNode->data.getRaw());
1177 assert (context);
1178 assert (context->http == http);
1179 return context->replyStatus();
1180 }
1181
1182 clientStream_status_t
1183 clientReplyContext::replyStatus()
1184 {
1185 int done;
1186 /* Here because lower nodes don't need it */
1187
1188 if (http->storeEntry() == NULL) {
1189 debugs(88, 5, "clientReplyStatus: no storeEntry");
1190 return STREAM_FAILED; /* yuck, but what can we do? */
1191 }
1192
1193 if (EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) {
1194 /* TODO: Could upstream read errors (result.flags.error) be
1195 * lost, and result in undersize requests being considered
1196 * complete. Should we tcp reset such connections ?
1197 */
1198 debugs(88, 5, "clientReplyStatus: aborted storeEntry");
1199 return STREAM_FAILED;
1200 }
1201
1202 if ((done = checkTransferDone()) != 0 || flags.complete) {
1203 debugs(88, 5, "clientReplyStatus: transfer is DONE: " << done << flags.complete);
1204 /* Ok we're finished, but how? */
1205
1206 if (EBIT_TEST(http->storeEntry()->flags, ENTRY_BAD_LENGTH)) {
1207 debugs(88, 5, "clientReplyStatus: truncated response body");
1208 return STREAM_UNPLANNED_COMPLETE;
1209 }
1210
1211 if (!done) {
1212 debugs(88, 5, "clientReplyStatus: closing, !done, but read 0 bytes");
1213 return STREAM_FAILED;
1214 }
1215
1216 // TODO: See also (and unify with) storeNotOKTransferDone() checks.
1217 const int64_t expectedBodySize =
1218 http->storeEntry()->mem().baseReply().bodySize(http->request->method);
1219 if (expectedBodySize >= 0 && !http->gotEnough()) {
1220 debugs(88, 5, "clientReplyStatus: client didn't get all it expected");
1221 return STREAM_UNPLANNED_COMPLETE;
1222 }
1223
1224 debugs(88, 5, "clientReplyStatus: stream complete; keepalive=" <<
1225 http->request->flags.proxyKeepalive);
1226 return STREAM_COMPLETE;
1227 }
1228
1229 // XXX: Should this be checked earlier? We could return above w/o checking.
1230 if (reply->receivedBodyTooLarge(*http->request, http->out.offset - 4096)) {
1231 /* 4096 is a margin for the HTTP headers included in out.offset */
1232 debugs(88, 5, "clientReplyStatus: client reply body is too large");
1233 return STREAM_FAILED;
1234 }
1235
1236 return STREAM_NONE;
1237 }
1238
1239 /* Responses with no body will not have a content-type header,
1240 * which breaks the rep_mime_type acl, which
1241 * coincidentally, is the most common acl for reply access lists.
1242 * A better long term fix for this is to allow acl matches on the various
1243 * status codes, and then supply a default ruleset that puts these
1244 * codes before any user defines access entries. That way the user
1245 * can choose to block these responses where appropriate, but won't get
1246 * mysterious breakages.
1247 */
1248 bool
1249 clientReplyContext::alwaysAllowResponse(Http::StatusCode sline) const
1250 {
1251 bool result;
1252
1253 switch (sline) {
1254
1255 case Http::scContinue:
1256
1257 case Http::scSwitchingProtocols:
1258
1259 case Http::scProcessing:
1260
1261 case Http::scNoContent:
1262
1263 case Http::scNotModified:
1264 result = true;
1265 break;
1266
1267 default:
1268 result = false;
1269 }
1270
1271 return result;
1272 }
1273
1274 /**
1275 * Generate the reply headers sent to client.
1276 *
1277 * Filters out unwanted entries and hop-by-hop from original reply header
1278 * then adds extra entries if we have more info than origin server
1279 * then adds Squid specific entries
1280 */
1281 void
1282 clientReplyContext::buildReplyHeader()
1283 {
1284 HttpHeader *hdr = &reply->header;
1285 const bool is_hit = http->logType.isTcpHit();
1286 HttpRequest *request = http->request;
1287 #if DONT_FILTER_THESE
1288 /* but you might want to if you run Squid as an HTTP accelerator */
1289 /* hdr->delById(HDR_ACCEPT_RANGES); */
1290 hdr->delById(HDR_ETAG);
1291 #endif
1292
1293 if (is_hit || collapsedRevalidation == crSlave)
1294 hdr->delById(Http::HdrType::SET_COOKIE);
1295 // TODO: RFC 2965 : Must honour Cache-Control: no-cache="set-cookie2" and remove header.
1296
1297 // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
1298 // remove the Proxy-Authenticate header
1299 if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0)) {
1300 #if USE_ADAPTATION
1301 // but allow adaptation services to authenticate clients
1302 // via request satisfaction
1303 if (!http->requestSatisfactionMode())
1304 #endif
1305 reply->header.delById(Http::HdrType::PROXY_AUTHENTICATE);
1306 }
1307
1308 reply->header.removeHopByHopEntries();
1309 // paranoid: ContentLengthInterpreter has cleaned non-generated replies
1310 reply->removeIrrelevantContentLength();
1311
1312 // if (request->range)
1313 // clientBuildRangeHeader(http, reply);
1314
1315 /*
1316 * Add a estimated Age header on cache hits.
1317 */
1318 if (is_hit) {
1319 /*
1320 * Remove any existing Age header sent by upstream caches
1321 * (note that the existing header is passed along unmodified
1322 * on cache misses)
1323 */
1324 hdr->delById(Http::HdrType::AGE);
1325 /*
1326 * This adds the calculated object age. Note that the details of the
1327 * age calculation is performed by adjusting the timestamp in
1328 * StoreEntry::timestampsSet(), not here.
1329 */
1330 if (EBIT_TEST(http->storeEntry()->flags, ENTRY_SPECIAL)) {
1331 hdr->delById(Http::HdrType::DATE);
1332 hdr->putTime(Http::HdrType::DATE, squid_curtime);
1333 } else if (http->getConn() && http->getConn()->port->actAsOrigin) {
1334 // Swap the Date: header to current time if we are simulating an origin
1335 HttpHeaderEntry *h = hdr->findEntry(Http::HdrType::DATE);
1336 if (h)
1337 hdr->putExt("X-Origin-Date", h->value.termedBuf());
1338 hdr->delById(Http::HdrType::DATE);
1339 hdr->putTime(Http::HdrType::DATE, squid_curtime);
1340 h = hdr->findEntry(Http::HdrType::EXPIRES);
1341 if (h && http->storeEntry()->expires >= 0) {
1342 hdr->putExt("X-Origin-Expires", h->value.termedBuf());
1343 hdr->delById(Http::HdrType::EXPIRES);
1344 hdr->putTime(Http::HdrType::EXPIRES, squid_curtime + http->storeEntry()->expires - http->storeEntry()->timestamp);
1345 }
1346 if (http->storeEntry()->timestamp <= squid_curtime) {
1347 // put X-Cache-Age: instead of Age:
1348 char age[64];
1349 snprintf(age, sizeof(age), "%" PRId64, static_cast<int64_t>(squid_curtime - http->storeEntry()->timestamp));
1350 hdr->putExt("X-Cache-Age", age);
1351 }
1352 } else if (http->storeEntry()->timestamp <= squid_curtime) {
1353 hdr->putInt(Http::HdrType::AGE,
1354 squid_curtime - http->storeEntry()->timestamp);
1355 /* Signal old objects. NB: rfc 2616 is not clear,
1356 * by implication, on whether we should do this to all
1357 * responses, or only cache hits.
1358 * 14.46 states it ONLY applies for heuristically calculated
1359 * freshness values, 13.2.4 doesn't specify the same limitation.
1360 * We interpret RFC 2616 under the combination.
1361 */
1362 /* TODO: if maxage or s-maxage is present, don't do this */
1363
1364 if (squid_curtime - http->storeEntry()->timestamp >= 86400)
1365 hdr->putWarning(113, "This cache hit is still fresh and more than 1 day old");
1366 }
1367 }
1368
1369 /* RFC 2616: Section 14.18
1370 *
1371 * Add a Date: header if missing.
1372 * We have access to a clock therefore are required to amend any shortcoming in servers.
1373 *
1374 * NP: done after Age: to prevent ENTRY_SPECIAL double-handling this header.
1375 */
1376 if ( !hdr->has(Http::HdrType::DATE) ) {
1377 if (!http->storeEntry())
1378 hdr->putTime(Http::HdrType::DATE, squid_curtime);
1379 else if (http->storeEntry()->timestamp > 0)
1380 hdr->putTime(Http::HdrType::DATE, http->storeEntry()->timestamp);
1381 else {
1382 debugs(88,DBG_IMPORTANT,"BUG 3279: HTTP reply without Date:");
1383 /* dump something useful about the problem */
1384 http->storeEntry()->dump(DBG_IMPORTANT);
1385 }
1386 }
1387
1388 // add Warnings required by RFC 2616 if serving a stale hit
1389 if (http->request->flags.staleIfHit && http->logType.isTcpHit()) {
1390 hdr->putWarning(110, "Response is stale");
1391 if (http->request->flags.needValidation)
1392 hdr->putWarning(111, "Revalidation failed");
1393 }
1394
1395 /* Filter unproxyable authentication types */
1396 if (http->logType.oldType != LOG_TCP_DENIED &&
1397 hdr->has(Http::HdrType::WWW_AUTHENTICATE)) {
1398 HttpHeaderPos pos = HttpHeaderInitPos;
1399 HttpHeaderEntry *e;
1400
1401 int connection_auth_blocked = 0;
1402 while ((e = hdr->getEntry(&pos))) {
1403 if (e->id == Http::HdrType::WWW_AUTHENTICATE) {
1404 const char *value = e->value.rawBuf();
1405
1406 if ((strncasecmp(value, "NTLM", 4) == 0 &&
1407 (value[4] == '\0' || value[4] == ' '))
1408 ||
1409 (strncasecmp(value, "Negotiate", 9) == 0 &&
1410 (value[9] == '\0' || value[9] == ' '))
1411 ||
1412 (strncasecmp(value, "Kerberos", 8) == 0 &&
1413 (value[8] == '\0' || value[8] == ' '))) {
1414 if (request->flags.connectionAuthDisabled) {
1415 hdr->delAt(pos, connection_auth_blocked);
1416 continue;
1417 }
1418 request->flags.mustKeepalive = true;
1419 if (!request->flags.accelerated && !request->flags.intercepted) {
1420 httpHeaderPutStrf(hdr, Http::HdrType::PROXY_SUPPORT, "Session-Based-Authentication");
1421 /*
1422 We send "Connection: Proxy-Support" header to mark
1423 Proxy-Support as a hop-by-hop header for intermediaries that do not
1424 understand the semantics of this header. The RFC should have included
1425 this recommendation.
1426 */
1427 httpHeaderPutStrf(hdr, Http::HdrType::CONNECTION, "Proxy-support");
1428 }
1429 break;
1430 }
1431 }
1432 }
1433
1434 if (connection_auth_blocked)
1435 hdr->refreshMask();
1436 }
1437
1438 #if USE_AUTH
1439 /* Handle authentication headers */
1440 if (http->logType.oldType == LOG_TCP_DENIED &&
1441 ( reply->sline.status() == Http::scProxyAuthenticationRequired ||
1442 reply->sline.status() == Http::scUnauthorized)
1443 ) {
1444 /* Add authentication header */
1445 /* TODO: alter errorstate to be accel on|off aware. The 0 on the next line
1446 * depends on authenticate behaviour: all schemes to date send no extra
1447 * data on 407/401 responses, and do not check the accel state on 401/407
1448 * responses
1449 */
1450 Auth::UserRequest::AddReplyAuthHeader(reply, request->auth_user_request, request, 0, 1);
1451 } else if (request->auth_user_request != NULL)
1452 Auth::UserRequest::AddReplyAuthHeader(reply, request->auth_user_request, request, http->flags.accel, 0);
1453 #endif
1454
1455 SBuf cacheStatus(uniqueHostname());
1456 if (const auto hitOrFwd = http->logType.cacheStatusSource())
1457 cacheStatus.append(hitOrFwd);
1458 if (firstStoreLookup_) {
1459 cacheStatus.append(";detail=");
1460 cacheStatus.append(firstStoreLookup_);
1461 }
1462 // TODO: Remove c_str() after converting HttpHeaderEntry::value to SBuf
1463 hdr->putStr(Http::HdrType::CACHE_STATUS, cacheStatus.c_str());
1464
1465 const bool maySendChunkedReply = !request->multipartRangeRequest() &&
1466 reply->sline.version.protocol == AnyP::PROTO_HTTP && // response is HTTP
1467 (request->http_ver >= Http::ProtocolVersion(1,1));
1468
1469 /* Check whether we should send keep-alive */
1470 if (!Config.onoff.error_pconns && reply->sline.status() >= 400 && !request->flags.mustKeepalive) {
1471 debugs(33, 3, "clientBuildReplyHeader: Error, don't keep-alive");
1472 request->flags.proxyKeepalive = false;
1473 } else if (!Config.onoff.client_pconns && !request->flags.mustKeepalive) {
1474 debugs(33, 2, "clientBuildReplyHeader: Connection Keep-Alive not requested by admin or client");
1475 request->flags.proxyKeepalive = false;
1476 } else if (request->flags.proxyKeepalive && shutting_down) {
1477 debugs(88, 3, "clientBuildReplyHeader: Shutting down, don't keep-alive.");
1478 request->flags.proxyKeepalive = false;
1479 } else if (request->flags.connectionAuth && !reply->keep_alive) {
1480 debugs(33, 2, "clientBuildReplyHeader: Connection oriented auth but server side non-persistent");
1481 request->flags.proxyKeepalive = false;
1482 } else if (reply->bodySize(request->method) < 0 && !maySendChunkedReply) {
1483 debugs(88, 3, "clientBuildReplyHeader: can't keep-alive, unknown body size" );
1484 request->flags.proxyKeepalive = false;
1485 } else if (fdUsageHigh()&& !request->flags.mustKeepalive) {
1486 debugs(88, 3, "clientBuildReplyHeader: Not many unused FDs, can't keep-alive");
1487 request->flags.proxyKeepalive = false;
1488 } else if (request->flags.sslBumped && !reply->persistent()) {
1489 // We do not really have to close, but we pretend we are a tunnel.
1490 debugs(88, 3, "clientBuildReplyHeader: bumped reply forces close");
1491 request->flags.proxyKeepalive = false;
1492 } else if (request->pinnedConnection() && !reply->persistent()) {
1493 // The peer wants to close the pinned connection
1494 debugs(88, 3, "pinned reply forces close");
1495 request->flags.proxyKeepalive = false;
1496 } else if (http->getConn()) {
1497 ConnStateData * conn = http->getConn();
1498 if (!Comm::IsConnOpen(conn->port->listenConn)) {
1499 // The listening port closed because of a reconfigure
1500 debugs(88, 3, "listening port closed");
1501 request->flags.proxyKeepalive = false;
1502 }
1503 }
1504
1505 // Decide if we send chunked reply
1506 if (maySendChunkedReply && reply->bodySize(request->method) < 0) {
1507 debugs(88, 3, "clientBuildReplyHeader: chunked reply");
1508 request->flags.chunkedReply = true;
1509 hdr->putStr(Http::HdrType::TRANSFER_ENCODING, "chunked");
1510 }
1511
1512 hdr->addVia(reply->sline.version);
1513
1514 /* Signal keep-alive or close explicitly */
1515 hdr->putStr(Http::HdrType::CONNECTION, request->flags.proxyKeepalive ? "keep-alive" : "close");
1516
1517 #if ADD_X_REQUEST_URI
1518 /*
1519 * Knowing the URI of the request is useful when debugging persistent
1520 * connections in a client; we cannot guarantee the order of http headers,
1521 * but X-Request-URI is likely to be the very last header to ease use from a
1522 * debugger [hdr->entries.count-1].
1523 */
1524 hdr->putStr(Http::HdrType::X_REQUEST_URI,
1525 http->memOjbect()->url ? http->memObject()->url : http->uri);
1526
1527 #endif
1528
1529 /* Surrogate-Control requires Surrogate-Capability from upstream to pass on */
1530 if ( hdr->has(Http::HdrType::SURROGATE_CONTROL) ) {
1531 if (!request->header.has(Http::HdrType::SURROGATE_CAPABILITY)) {
1532 hdr->delById(Http::HdrType::SURROGATE_CONTROL);
1533 }
1534 /* TODO: else case: drop any controls intended specifically for our surrogate ID */
1535 }
1536
1537 httpHdrMangleList(hdr, request, http->al, ROR_REPLY);
1538 }
1539
1540 void
1541 clientReplyContext::cloneReply()
1542 {
1543 assert(reply == NULL);
1544
1545 reply = http->storeEntry()->mem().freshestReply().clone();
1546 HTTPMSGLOCK(reply);
1547
1548 http->al->reply = reply;
1549
1550 if (reply->sline.version.protocol == AnyP::PROTO_HTTP) {
1551 /* RFC 2616 requires us to advertise our version (but only on real HTTP traffic) */
1552 reply->sline.version = Http::ProtocolVersion();
1553 }
1554
1555 /* do header conversions */
1556 buildReplyHeader();
1557 }
1558
1559 /// Safely disposes of an entry pointing to a cache hit that we do not want.
1560 /// We cannot just ignore the entry because it may be locking or otherwise
1561 /// holding an associated cache resource of some sort.
1562 void
1563 clientReplyContext::forgetHit()
1564 {
1565 StoreEntry *e = http->storeEntry();
1566 assert(e); // or we are not dealing with a hit
1567 // We probably have not locked the entry earlier, unfortunately. We lock it
1568 // now so that we can unlock two lines later (and trigger cleanup).
1569 // Ideally, ClientHttpRequest::storeEntry() should lock/unlock, but it is
1570 // used so inconsistently that simply adding locking there leads to bugs.
1571 e->lock("clientReplyContext::forgetHit");
1572 http->storeEntry(NULL);
1573 e->unlock("clientReplyContext::forgetHit"); // may delete e
1574 }
1575
1576 void
1577 clientReplyContext::identifyStoreObject()
1578 {
1579 HttpRequest *r = http->request;
1580
1581 // client sent CC:no-cache or some other condition has been
1582 // encountered which prevents delivering a public/cached object.
1583 if (!r->flags.noCache || r->flags.internal) {
1584 const auto e = storeGetPublicByRequest(r);
1585 identifyFoundObject(e, storeLookupString(bool(e)));
1586 } else {
1587 // "external" no-cache requests skip Store lookups
1588 identifyFoundObject(nullptr, "no-cache");
1589 }
1590 }
1591
1592 /**
1593 * Check state of the current StoreEntry object.
1594 * to see if we can determine the final status of the request.
1595 */
1596 void
1597 clientReplyContext::identifyFoundObject(StoreEntry *newEntry, const char *detail)
1598 {
1599 detailStoreLookup(detail);
1600
1601 HttpRequest *r = http->request;
1602 http->storeEntry(newEntry);
1603 const auto e = http->storeEntry();
1604
1605 /* Release IP-cache entries on reload */
1606 /** \li If the request has no-cache flag set or some no_cache HACK in operation we
1607 * 'invalidate' the cached IP entries for this request ???
1608 */
1609 if (r->flags.noCache || r->flags.noCacheHack())
1610 ipcacheInvalidateNegative(r->url.host());
1611
1612 if (!e) {
1613 /** \li If no StoreEntry object is current assume this object isn't in the cache set MISS*/
1614 debugs(85, 3, "StoreEntry is NULL - MISS");
1615 http->logType.update(LOG_TCP_MISS);
1616 doGetMoreData();
1617 return;
1618 }
1619
1620 if (Config.onoff.offline) {
1621 /** \li If we are running in offline mode set to HIT */
1622 debugs(85, 3, "offline HIT " << *e);
1623 http->logType.update(LOG_TCP_HIT);
1624 doGetMoreData();
1625 return;
1626 }
1627
1628 if (http->redirect.status) {
1629 /** \li If redirection status is True force this to be a MISS */
1630 debugs(85, 3, "REDIRECT status forced StoreEntry to NULL (no body on 3XX responses) " << *e);
1631 forgetHit();
1632 http->logType.update(LOG_TCP_REDIRECT);
1633 doGetMoreData();
1634 return;
1635 }
1636
1637 if (!e->validToSend()) {
1638 debugs(85, 3, "!storeEntryValidToSend MISS " << *e);
1639 forgetHit();
1640 http->logType.update(LOG_TCP_MISS);
1641 doGetMoreData();
1642 return;
1643 }
1644
1645 if (EBIT_TEST(e->flags, ENTRY_SPECIAL)) {
1646 /* \li Special entries are always hits, no matter what the client says */
1647 debugs(85, 3, "ENTRY_SPECIAL HIT " << *e);
1648 http->logType.update(LOG_TCP_HIT);
1649 doGetMoreData();
1650 return;
1651 }
1652
1653 if (r->flags.noCache) {
1654 debugs(85, 3, "no-cache REFRESH MISS " << *e);
1655 forgetHit();
1656 http->logType.update(LOG_TCP_CLIENT_REFRESH_MISS);
1657 doGetMoreData();
1658 return;
1659 }
1660
1661 if (e->hittingRequiresCollapsing() && !startCollapsingOn(*e, false)) {
1662 debugs(85, 3, "prohibited CF MISS " << *e);
1663 forgetHit();
1664 http->logType.update(LOG_TCP_MISS);
1665 doGetMoreData();
1666 return;
1667 }
1668
1669 debugs(85, 3, "default HIT " << *e);
1670 http->logType.update(LOG_TCP_HIT);
1671 doGetMoreData();
1672 }
1673
1674 /// remembers the very first Store lookup classification, ignoring the rest
1675 void
1676 clientReplyContext::detailStoreLookup(const char *detail)
1677 {
1678 if (!firstStoreLookup_) {
1679 debugs(85, 7, detail);
1680 firstStoreLookup_ = detail;
1681 } else {
1682 debugs(85, 7, "ignores " << detail << " after " << firstStoreLookup_);
1683 }
1684 }
1685
1686 /**
1687 * Request more data from the store for the client Stream
1688 * This is *the* entry point to this module.
1689 *
1690 * Preconditions:
1691 * - This is the head of the list.
1692 * - There is at least one more node.
1693 * - Data context is not null
1694 */
1695 void
1696 clientGetMoreData(clientStreamNode * aNode, ClientHttpRequest * http)
1697 {
1698 /* Test preconditions */
1699 assert(aNode != NULL);
1700 assert(cbdataReferenceValid(aNode));
1701 assert(aNode->node.prev == NULL);
1702 assert(aNode->node.next != NULL);
1703 clientReplyContext *context = dynamic_cast<clientReplyContext *>(aNode->data.getRaw());
1704 assert (context);
1705 assert(context->http == http);
1706
1707 clientStreamNode *next = ( clientStreamNode *)aNode->node.next->data;
1708
1709 if (!context->ourNode)
1710 context->ourNode = aNode;
1711
1712 /* no cbdatareference, this is only used once, and safely */
1713 if (context->flags.storelogiccomplete) {
1714 StoreIOBuffer tempBuffer;
1715 tempBuffer.offset = next->readBuffer.offset + context->headers_sz;
1716 tempBuffer.length = next->readBuffer.length;
1717 tempBuffer.data = next->readBuffer.data;
1718
1719 storeClientCopy(context->sc, http->storeEntry(),
1720 tempBuffer, clientReplyContext::SendMoreData, context);
1721 return;
1722 }
1723
1724 if (context->http->request->method == Http::METHOD_PURGE) {
1725 context->purgeRequest();
1726 return;
1727 }
1728
1729 // OPTIONS with Max-Forwards:0 handled in clientProcessRequest()
1730
1731 if (context->http->request->method == Http::METHOD_TRACE) {
1732 if (context->http->request->header.getInt64(Http::HdrType::MAX_FORWARDS) == 0) {
1733 context->traceReply(aNode);
1734 return;
1735 }
1736
1737 /* continue forwarding, not finished yet. */
1738 http->logType.update(LOG_TCP_MISS);
1739
1740 context->doGetMoreData();
1741 } else
1742 context->identifyStoreObject();
1743 }
1744
1745 void
1746 clientReplyContext::doGetMoreData()
1747 {
1748 /* We still have to do store logic processing - vary, cache hit etc */
1749 if (http->storeEntry() != NULL) {
1750 /* someone found the object in the cache for us */
1751 StoreIOBuffer localTempBuffer;
1752
1753 http->storeEntry()->lock("clientReplyContext::doGetMoreData");
1754
1755 http->storeEntry()->ensureMemObject(storeId(), http->log_uri, http->request->method);
1756
1757 sc = storeClientListAdd(http->storeEntry(), this);
1758 #if USE_DELAY_POOLS
1759 sc->setDelayId(DelayId::DelayClient(http));
1760 #endif
1761
1762 assert(http->logType.oldType == LOG_TCP_HIT);
1763 reqofs = 0;
1764 /* guarantee nothing has been sent yet! */
1765 assert(http->out.size == 0);
1766 assert(http->out.offset == 0);
1767
1768 if (ConnStateData *conn = http->getConn()) {
1769 if (Ip::Qos::TheConfig.isHitTosActive()) {
1770 Ip::Qos::doTosLocalHit(conn->clientConnection);
1771 }
1772
1773 if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
1774 Ip::Qos::doNfmarkLocalHit(conn->clientConnection);
1775 }
1776 }
1777
1778 localTempBuffer.offset = reqofs;
1779 localTempBuffer.length = getNextNode()->readBuffer.length;
1780 localTempBuffer.data = getNextNode()->readBuffer.data;
1781 storeClientCopy(sc, http->storeEntry(), localTempBuffer, CacheHit, this);
1782 } else {
1783 /* MISS CASE, http->logType is already set! */
1784 processMiss();
1785 }
1786 }
1787
1788 /** The next node has removed itself from the stream. */
1789 void
1790 clientReplyDetach(clientStreamNode * node, ClientHttpRequest * http)
1791 {
1792 /** detach from the stream */
1793 clientStreamDetach(node, http);
1794 }
1795
1796 /**
1797 * Accepts chunk of a http message in buf, parses prefix, filters headers and
1798 * such, writes processed message to the message recipient
1799 */
1800 void
1801 clientReplyContext::SendMoreData(void *data, StoreIOBuffer result)
1802 {
1803 clientReplyContext *context = static_cast<clientReplyContext *>(data);
1804 context->sendMoreData (result);
1805 }
1806
1807 void
1808 clientReplyContext::makeThisHead()
1809 {
1810 /* At least, I think that's what this does */
1811 dlinkDelete(&http->active, &ClientActiveRequests);
1812 dlinkAdd(http, &http->active, &ClientActiveRequests);
1813 }
1814
1815 bool
1816 clientReplyContext::errorInStream(StoreIOBuffer const &result, size_t const &sizeToProcess)const
1817 {
1818 return /* aborted request */
1819 (http->storeEntry() && EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) ||
1820 /* Upstream read error */ (result.flags.error) ||
1821 /* Upstream EOF */ (sizeToProcess == 0);
1822 }
1823
1824 void
1825 clientReplyContext::sendStreamError(StoreIOBuffer const &result)
1826 {
1827 /** call clientWriteComplete so the client socket gets closed
1828 *
1829 * We call into the stream, because we don't know that there is a
1830 * client socket!
1831 */
1832 debugs(88, 5, "A stream error has occurred, marking as complete and sending no data.");
1833 StoreIOBuffer localTempBuffer;
1834 flags.complete = 1;
1835 http->request->flags.streamError = true;
1836 localTempBuffer.flags.error = result.flags.error;
1837 clientStreamCallback((clientStreamNode*)http->client_stream.head->data, http, NULL,
1838 localTempBuffer);
1839 }
1840
1841 void
1842 clientReplyContext::pushStreamData(StoreIOBuffer const &result, char *source)
1843 {
1844 StoreIOBuffer localTempBuffer;
1845
1846 if (result.length == 0) {
1847 debugs(88, 5, "clientReplyContext::pushStreamData: marking request as complete due to 0 length store result");
1848 flags.complete = 1;
1849 }
1850
1851 assert(result.offset - headers_sz == next()->readBuffer.offset);
1852 localTempBuffer.offset = result.offset - headers_sz;
1853 localTempBuffer.length = result.length;
1854
1855 if (localTempBuffer.length)
1856 localTempBuffer.data = source;
1857
1858 clientStreamCallback((clientStreamNode*)http->client_stream.head->data, http, NULL,
1859 localTempBuffer);
1860 }
1861
1862 clientStreamNode *
1863 clientReplyContext::next() const
1864 {
1865 assert ( (clientStreamNode*)http->client_stream.head->next->data == getNextNode());
1866 return getNextNode();
1867 }
1868
1869 void
1870 clientReplyContext::sendBodyTooLargeError()
1871 {
1872 http->logType.update(LOG_TCP_DENIED_REPLY);
1873 ErrorState *err = clientBuildError(ERR_TOO_BIG, Http::scForbidden, NULL,
1874 http->getConn(), http->request, http->al);
1875 removeClientStoreReference(&(sc), http);
1876 HTTPMSGUNLOCK(reply);
1877 startError(err);
1878
1879 }
1880
1881 /// send 412 (Precondition Failed) to client
1882 void
1883 clientReplyContext::sendPreconditionFailedError()
1884 {
1885 http->logType.update(LOG_TCP_HIT);
1886 ErrorState *const err =
1887 clientBuildError(ERR_PRECONDITION_FAILED, Http::scPreconditionFailed,
1888 nullptr, http->getConn(), http->request, http->al);
1889 removeClientStoreReference(&sc, http);
1890 HTTPMSGUNLOCK(reply);
1891 startError(err);
1892 }
1893
1894 /// send 304 (Not Modified) to client
1895 void
1896 clientReplyContext::sendNotModified()
1897 {
1898 StoreEntry *e = http->storeEntry();
1899 const time_t timestamp = e->timestamp;
1900 const auto temprep = e->mem().freshestReply().make304();
1901 // log as TCP_INM_HIT if code 304 generated for
1902 // If-None-Match request
1903 if (!http->request->flags.ims)
1904 http->logType.update(LOG_TCP_INM_HIT);
1905 else
1906 http->logType.update(LOG_TCP_IMS_HIT);
1907 removeClientStoreReference(&sc, http);
1908 createStoreEntry(http->request->method, RequestFlags());
1909 e = http->storeEntry();
1910 // Copy timestamp from the original entry so the 304
1911 // reply has a meaningful Age: header.
1912 e->timestampsSet();
1913 e->timestamp = timestamp;
1914 e->replaceHttpReply(temprep);
1915 e->complete();
1916 /*
1917 * TODO: why put this in the store and then serialise it and
1918 * then parse it again. Simply mark the request complete in
1919 * our context and write the reply struct to the client side.
1920 */
1921 triggerInitialStoreRead();
1922 }
1923
1924 /// send 304 (Not Modified) or 412 (Precondition Failed) to client
1925 /// depending on request method
1926 void
1927 clientReplyContext::sendNotModifiedOrPreconditionFailedError()
1928 {
1929 if (http->request->method == Http::METHOD_GET ||
1930 http->request->method == Http::METHOD_HEAD)
1931 sendNotModified();
1932 else
1933 sendPreconditionFailedError();
1934 }
1935
1936 void
1937 clientReplyContext::processReplyAccess ()
1938 {
1939 /* NP: this should probably soft-fail to a zero-sized-reply error ?? */
1940 assert(reply);
1941
1942 /** Don't block our own responses or HTTP status messages */
1943 if (http->logType.oldType == LOG_TCP_DENIED ||
1944 http->logType.oldType == LOG_TCP_DENIED_REPLY ||
1945 alwaysAllowResponse(reply->sline.status())) {
1946 headers_sz = reply->hdr_sz;
1947 processReplyAccessResult(ACCESS_ALLOWED);
1948 return;
1949 }
1950
1951 /** Check for reply to big error */
1952 if (reply->expectedBodyTooLarge(*http->request)) {
1953 sendBodyTooLargeError();
1954 return;
1955 }
1956
1957 headers_sz = reply->hdr_sz;
1958
1959 /** check for absent access controls (permit by default) */
1960 if (!Config.accessList.reply) {
1961 processReplyAccessResult(ACCESS_ALLOWED);
1962 return;
1963 }
1964
1965 /** Process http_reply_access lists */
1966 ACLFilledChecklist *replyChecklist =
1967 clientAclChecklistCreate(Config.accessList.reply, http);
1968 replyChecklist->reply = reply;
1969 HTTPMSGLOCK(replyChecklist->reply);
1970 replyChecklist->nonBlockingCheck(ProcessReplyAccessResult, this);
1971 }
1972
1973 void
1974 clientReplyContext::ProcessReplyAccessResult(Acl::Answer rv, void *voidMe)
1975 {
1976 clientReplyContext *me = static_cast<clientReplyContext *>(voidMe);
1977 me->processReplyAccessResult(rv);
1978 }
1979
1980 void
1981 clientReplyContext::processReplyAccessResult(const Acl::Answer &accessAllowed)
1982 {
1983 debugs(88, 2, "The reply for " << http->request->method
1984 << ' ' << http->uri << " is " << accessAllowed << ", because it matched "
1985 << (AclMatchedName ? AclMatchedName : "NO ACL's"));
1986
1987 if (!accessAllowed.allowed()) {
1988 ErrorState *err;
1989 err_type page_id;
1990 page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, 1);
1991
1992 http->logType.update(LOG_TCP_DENIED_REPLY);
1993
1994 if (page_id == ERR_NONE)
1995 page_id = ERR_ACCESS_DENIED;
1996
1997 err = clientBuildError(page_id, Http::scForbidden, NULL,
1998 http->getConn(), http->request, http->al);
1999
2000 removeClientStoreReference(&sc, http);
2001
2002 HTTPMSGUNLOCK(reply);
2003
2004 startError(err);
2005
2006 return;
2007 }
2008
2009 /* Ok, the reply is allowed, */
2010 http->loggingEntry(http->storeEntry());
2011
2012 ssize_t body_size = reqofs - reply->hdr_sz;
2013 if (body_size < 0) {
2014 reqofs = reply->hdr_sz;
2015 body_size = 0;
2016 }
2017
2018 debugs(88, 3, "clientReplyContext::sendMoreData: Appending " <<
2019 (int) body_size << " bytes after " << reply->hdr_sz <<
2020 " bytes of headers");
2021
2022 #if USE_SQUID_ESI
2023
2024 if (http->flags.accel && reply->sline.status() != Http::scForbidden &&
2025 !alwaysAllowResponse(reply->sline.status()) &&
2026 esiEnableProcessing(reply)) {
2027 debugs(88, 2, "Enabling ESI processing for " << http->uri);
2028 clientStreamInsertHead(&http->client_stream, esiStreamRead,
2029 esiProcessStream, esiStreamDetach, esiStreamStatus, NULL);
2030 }
2031
2032 #endif
2033
2034 if (http->request->method == Http::METHOD_HEAD) {
2035 /* do not forward body for HEAD replies */
2036 body_size = 0;
2037 http->flags.done_copying = true;
2038 flags.complete = 1;
2039 }
2040
2041 assert (!flags.headersSent);
2042 flags.headersSent = true;
2043
2044 StoreIOBuffer localTempBuffer;
2045 char *buf = next()->readBuffer.data;
2046 char *body_buf = buf + reply->hdr_sz;
2047
2048 //Server side may disable ranges under some circumstances.
2049
2050 if ((!http->request->range))
2051 next()->readBuffer.offset = 0;
2052
2053 body_buf -= next()->readBuffer.offset;
2054
2055 if (next()->readBuffer.offset != 0) {
2056 if (next()->readBuffer.offset > body_size) {
2057 /* Can't use any of the body we received. send nothing */
2058 localTempBuffer.length = 0;
2059 localTempBuffer.data = NULL;
2060 } else {
2061 localTempBuffer.length = body_size - next()->readBuffer.offset;
2062 localTempBuffer.data = body_buf + next()->readBuffer.offset;
2063 }
2064 } else {
2065 localTempBuffer.length = body_size;
2066 localTempBuffer.data = body_buf;
2067 }
2068
2069 /* TODO??: move the data in the buffer back by the request header size */
2070 clientStreamCallback((clientStreamNode *)http->client_stream.head->data,
2071 http, reply, localTempBuffer);
2072
2073 return;
2074 }
2075
2076 void
2077 clientReplyContext::sendMoreData (StoreIOBuffer result)
2078 {
2079 if (deleting)
2080 return;
2081
2082 StoreEntry *entry = http->storeEntry();
2083
2084 if (ConnStateData * conn = http->getConn()) {
2085 if (!conn->isOpen()) {
2086 debugs(33,3, "not sending more data to closing connection " << conn->clientConnection);
2087 return;
2088 }
2089 if (conn->pinning.zeroReply) {
2090 debugs(33,3, "not sending more data after a pinned zero reply " << conn->clientConnection);
2091 return;
2092 }
2093
2094 if (reqofs==0 && !http->logType.isTcpHit()) {
2095 if (Ip::Qos::TheConfig.isHitTosActive()) {
2096 Ip::Qos::doTosLocalMiss(conn->clientConnection, http->request->hier.code);
2097 }
2098 if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
2099 Ip::Qos::doNfmarkLocalMiss(conn->clientConnection, http->request->hier.code);
2100 }
2101 }
2102
2103 debugs(88, 5, conn->clientConnection <<
2104 " '" << entry->url() << "'" <<
2105 " out.offset=" << http->out.offset);
2106 }
2107
2108 char *buf = next()->readBuffer.data;
2109
2110 if (buf != result.data) {
2111 /* we've got to copy some data */
2112 assert(result.length <= next()->readBuffer.length);
2113 memcpy(buf, result.data, result.length);
2114 }
2115
2116 /* We've got the final data to start pushing... */
2117 flags.storelogiccomplete = 1;
2118
2119 reqofs += result.length;
2120
2121 assert(reqofs <= HTTP_REQBUF_SZ || flags.headersSent);
2122
2123 assert(http->request != NULL);
2124
2125 /* ESI TODO: remove this assert once everything is stable */
2126 assert(http->client_stream.head->data
2127 && cbdataReferenceValid(http->client_stream.head->data));
2128
2129 makeThisHead();
2130
2131 debugs(88, 5, "clientReplyContext::sendMoreData: " << http->uri << ", " <<
2132 reqofs << " bytes (" << result.length <<
2133 " new bytes)");
2134
2135 /* update size of the request */
2136 reqsize = reqofs;
2137
2138 if (errorInStream(result, reqofs)) {
2139 sendStreamError(result);
2140 return;
2141 }
2142
2143 if (flags.headersSent) {
2144 pushStreamData (result, buf);
2145 return;
2146 }
2147
2148 cloneReply();
2149
2150 #if USE_DELAY_POOLS
2151 if (sc)
2152 sc->setDelayId(DelayId::DelayClient(http,reply));
2153 #endif
2154
2155 holdingBuffer = result;
2156 processReplyAccess();
2157 return;
2158 }
2159
2160 void
2161 clientReplyContext::fillChecklist(ACLFilledChecklist &checklist) const
2162 {
2163 clientAclChecklistFill(checklist, http);
2164 }
2165
2166 /* Using this breaks the client layering just a little!
2167 */
2168 void
2169 clientReplyContext::createStoreEntry(const HttpRequestMethod& m, RequestFlags reqFlags)
2170 {
2171 assert(http != NULL);
2172 /*
2173 * For erroneous requests, we might not have a h->request,
2174 * so make a fake one.
2175 */
2176
2177 if (http->request == NULL) {
2178 const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initClient);
2179 // XXX: These fake URI parameters shadow the real (or error:...) URI.
2180 // TODO: Either always set the request earlier and assert here OR use
2181 // http->uri (converted to Anyp::Uri) to create this catch-all request.
2182 const_cast<HttpRequest *&>(http->request) = new HttpRequest(m, AnyP::PROTO_NONE, "http", null_string, mx);
2183 HTTPMSGLOCK(http->request);
2184 }
2185
2186 StoreEntry *e = storeCreateEntry(storeId(), http->log_uri, reqFlags, m);
2187
2188 // Make entry collapsible ASAP, to increase collapsing chances for others,
2189 // TODO: every must-revalidate and similar request MUST reach the origin,
2190 // but do we have to prohibit others from collapsing on that request?
2191 if (reqFlags.cachable &&
2192 !reqFlags.needValidation &&
2193 (m == Http::METHOD_GET || m == Http::METHOD_HEAD) &&
2194 mayInitiateCollapsing()) {
2195 // make the entry available for future requests now
2196 (void)Store::Root().allowCollapsing(e, reqFlags, m);
2197 }
2198
2199 sc = storeClientListAdd(e, this);
2200
2201 #if USE_DELAY_POOLS
2202 sc->setDelayId(DelayId::DelayClient(http));
2203 #endif
2204
2205 reqofs = 0;
2206
2207 reqsize = 0;
2208
2209 /* I don't think this is actually needed! -- adrian */
2210 /* http->reqbuf = http->norm_reqbuf; */
2211 // assert(http->reqbuf == http->norm_reqbuf);
2212 /* The next line is illegal because we don't know if the client stream
2213 * buffers have been set up
2214 */
2215 // storeClientCopy(http->sc, e, 0, HTTP_REQBUF_SZ, http->reqbuf,
2216 // SendMoreData, this);
2217 /* So, we mark the store logic as complete */
2218 flags.storelogiccomplete = 1;
2219
2220 /* and get the caller to request a read, from wherever they are */
2221 /* NOTE: after ANY data flows down the pipe, even one step,
2222 * this function CAN NOT be used to manage errors
2223 */
2224 http->storeEntry(e);
2225 }
2226
2227 ErrorState *
2228 clientBuildError(err_type page_id, Http::StatusCode status, char const *url,
2229 const ConnStateData *conn, HttpRequest *request, const AccessLogEntry::Pointer &al)
2230 {
2231 const auto err = new ErrorState(page_id, status, request, al);
2232 err->src_addr = conn && conn->clientConnection ? conn->clientConnection->remote : Ip::Address::NoAddr();
2233
2234 if (url)
2235 err->url = xstrdup(url);
2236
2237 return err;
2238 }
2239
Mirror of https://github.com/squid-cache/squid.git