#include "CachePeer.h"
#include "ChunkedCodingParser.h"
#include "client_db.h"
+#include "client_side.h"
#include "client_side_reply.h"
#include "client_side_request.h"
-#include "client_side.h"
#include "ClientRequestContext.h"
#include "clientStream.h"
#include "comm.h"
#if USE_DELAY_POOLS
#include "ClientInfo.h"
#endif
-#if USE_SSL
-#include "ssl/ProxyCerts.h"
+#if USE_OPENSSL
#include "ssl/context_storage.h"
+#include "ssl/gadgets.h"
#include "ssl/helper.h"
+#include "ssl/ProxyCerts.h"
#include "ssl/ServerBump.h"
#include "ssl/support.h"
-#include "ssl/gadgets.h"
#endif
#if USE_SSL_CRTD
-#include "ssl/crtd_message.h"
#include "ssl/certificate_db.h"
+#include "ssl/crtd_message.h"
#endif
-#if HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#if HAVE_MATH_H
-#include <math.h>
-#endif
-#if HAVE_LIMITS
+#include <climits>
+#include <cmath>
#include <limits>
-#endif
#include <set>
#if LINGERING_CLOSE
CBDATA_CLASS_INIT(ClientSocketContext);
/* Local functions */
-/* ClientSocketContext */
-static ClientSocketContext *ClientSocketContextNew(const Comm::ConnectionPointer &clientConn, ClientHttpRequest *);
-/* other */
static IOCB clientWriteComplete;
static IOCB clientWriteBodyComplete;
static IOACB httpAccept;
-#if USE_SSL
+#if USE_OPENSSL
static IOACB httpsAccept;
#endif
static IOACB ftpAccept;
char *skipLeadingSpace(char *aString);
static void connNoteUseOfBuffer(ConnStateData* conn, size_t byteCount);
+static void FtpChangeState(ConnStateData *connState, const ConnStateData::FtpState newState, const char *reason);
static IOACB FtpAcceptDataConnection;
static void FtpCloseDataConnection(ConnStateData *conn);
static ClientSocketContext *FtpParseRequest(ConnStateData *connState, HttpRequestMethod *method_p, Http::ProtocolVersion *http_ver);
debugs(33, 4, HERE << clientConnection << ": reading request...");
- if (!maybeMakeSpaceAvailable())
+ if (!in.maybeMakeSpaceAvailable())
return;
typedef CommCbMemFunT<ConnStateData, CommIoCbParams> Dialer;
reader = JobCallback(33, 5, Dialer, this, ConnStateData::clientReadRequest);
- comm_read(clientConnection, in.addressToReadInto(), getAvailableBufferLength(), reader);
+ comm_read(clientConnection, in.buf, reader);
}
void
clientStreamDetach(getTail(), http);
}
-ClientSocketContext::ClientSocketContext() : http(NULL), reply(NULL), next(NULL),
+ClientSocketContext::ClientSocketContext(const Comm::ConnectionPointer &aConn, ClientHttpRequest *aReq) :
+ clientConnection(aConn),
+ http(aReq),
+ reply(NULL),
+ next(NULL),
writtenToSocket(0),
mayUseConnection_ (false),
connRegistered_ (false)
{
+ assert(http != NULL);
memset (reqbuf, '\0', sizeof (reqbuf));
flags.deferred = 0;
flags.parsed_ok = 0;
deferredparams.rep = NULL;
}
-ClientSocketContext *
-ClientSocketContextNew(const Comm::ConnectionPointer &client, ClientHttpRequest * http)
-{
- ClientSocketContext *newContext;
- assert(http != NULL);
- newContext = new ClientSocketContext;
- newContext->http = http;
- newContext->clientConnection = client;
- return newContext;
-}
-
void
ClientSocketContext::writeControlMsg(HttpControlMsg &msg)
{
++ statCounter.client_http.errors;
clientUpdateStatHistCounters(logType,
- tvSubMsec(start_time, current_time));
+ tvSubMsec(al->cache.start_time, current_time));
clientUpdateHierCounters(&request->hier);
}
aLogEntry->http.version = request->http_ver;
aLogEntry->hier = request->hier;
if (request->content_length > 0) // negative when no body or unknown length
- aLogEntry->cache.requestSize += request->content_length;
+ aLogEntry->http.clientRequestSz.payloadData += request->content_length; // XXX: actually adaptedRequest payload size ??
aLogEntry->cache.extuser = request->extacl_user.termedBuf();
// Adapted request, if any, inherits and then collects all the stats, but
debugs(33, 9, "clientLogRequest: http.code='" << al->http.code << "'");
if (loggingEntry() && loggingEntry()->mem_obj && loggingEntry()->objectLen() >= 0)
- al->cache.objectSize = loggingEntry()->contentLen();
+ al->cache.objectSize = loggingEntry()->contentLen(); // payload duplicate ?? with or without TE ?
- al->cache.caddr.setNoAddr();
-
- if (getConn() != NULL) {
- al->cache.caddr = getConn()->log_addr;
- al->cache.port = cbdataReference(getConn()->port);
- }
-
- al->cache.requestSize = req_sz;
- al->cache.requestHeadersSize = req_sz;
-
- al->cache.replySize = out.size;
- al->cache.replyHeadersSize = out.headers_sz;
+ al->http.clientRequestSz.header = req_sz;
+ al->http.clientReplySz.header = out.headers_sz;
+ // XXX: calculate without payload encoding or headers !!
+ al->http.clientReplySz.payloadData = out.size - out.headers_sz; // pretend its all un-encoded data for now.
al->cache.highOffset = out.offset;
al->cache.code = logType;
- al->cache.msec = tvSubMsec(start_time, current_time);
+ al->cache.msec = tvSubMsec(al->cache.start_time, current_time);
if (request)
prepareLogWithRequestDetails(request, al);
if (getConn() != NULL && getConn()->clientConnection != NULL && getConn()->clientConnection->rfc931[0])
al->cache.rfc931 = getConn()->clientConnection->rfc931;
-#if USE_SSL && 0
+#if USE_OPENSSL && 0
/* This is broken. Fails if the connection has been closed. Needs
* to snarf the ssl details some place earlier..
/*Add notes*/
// The al->notes and request->notes must point to the same object.
- // Enable the following assertion to check for possible bugs.
- // assert(request->notes == al->notes);
+ (void)SyncNotes(*al, *request);
typedef Notes::iterator ACAMLI;
for (ACAMLI i = Config.notes.begin(); i != Config.notes.end(); ++i) {
- if (const char *value = (*i)->match(request, al->reply)) {
+ if (const char *value = (*i)->match(request, al->reply, NULL)) {
NotePairs ¬es = SyncNotes(*al, *request);
notes.add((*i)->key.termedBuf(), value);
debugs(33, 3, HERE << (*i)->key.termedBuf() << " " << value);
if (bodyPipe != NULL)
stopProducingFor(bodyPipe, false);
-#if USE_SSL
+#if USE_OPENSSL
delete sslServerBump;
#endif
}
* offset data, but we won't be requesting it.
* So, we can either re-request, or generate an error
*/
- debugs(33, 3, "clientBuildRangeHeader: will not do ranges: " << range_err << ".");
- delete http->request->range;
- http->request->range = NULL;
+ http->request->ignoreRange(range_err);
} else {
/* XXX: TODO: Review, this unconditional set may be wrong. */
rep->sline.set(rep->sline.version, Http::scPartialContent);
bool replyMatchRequest = rep->content_range != NULL ?
request->range->contains(rep->content_range->spec) :
true;
- const int spec_count = http->request->range->specs.count;
+ const int spec_count = http->request->range->specs.size();
int64_t actual_clen = -1;
debugs(33, 3, "clientBuildRangeHeader: range spec count: " <<
fd_note(clientConnection->fd, "Idle client: Waiting for next request");
/**
- * Set the timeout BEFORE calling clientReadRequest().
+ * Set the timeout BEFORE calling readSomeData().
*/
typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
AsyncCall::Pointer timeoutCall = JobCallback(33, 5,
if (!http->range_iter.debt()) {
debugs(33, 5, HERE << "At end of current range spec for " << clientConnection);
- if (http->range_iter.pos.incrementable())
+ if (http->range_iter.pos != http->range_iter.end)
++http->range_iter.pos;
http->range_iter.updateSpec();
int64_t
ClientSocketContext::getNextRangeOffset() const
{
+ debugs (33, 5, "range: " << http->request->range <<
+ "; http offset " << http->out.offset <<
+ "; reply " << reply);
+
+ // XXX: This method is called from many places, including pullData() which
+ // may be called before prepareReply() [on some Squid-generated errors].
+ // Hence, we may not even know yet whether we should honor/do ranges.
+
if (http->request->range) {
/* offset in range specs does not count the prefix of an http msg */
- debugs (33, 5, "ClientSocketContext::getNextRangeOffset: http offset " << http->out.offset);
/* check: reply was parsed and range iterator was initialized */
assert(http->range_iter.valid);
/* filter out data according to range specs */
void
ClientSocketContext::pullData()
{
- debugs(33, 5, HERE << clientConnection << " attempting to pull upstream data");
+ debugs(33, 5, reply << " written " << http->out.size << " into " << clientConnection);
/* More data will be coming from the stream. */
StoreIOBuffer readBuffer;
clientStreamRead(getTail(), http, readBuffer);
}
+/** Adapt stream status to account for Range cases
+ *
+ */
clientStream_status_t
ClientSocketContext::socketState()
{
if (!canPackMoreRanges()) {
debugs(33, 5, HERE << "Range request at end of returnable " <<
"range sequence on " << clientConnection);
-
- if (http->request->flags.proxyKeepalive)
- return STREAM_COMPLETE;
- else
- return STREAM_UNPLANNED_COMPLETE;
+ // we got everything we wanted from the store
+ return STREAM_COMPLETE;
}
} else if (reply && reply->content_range) {
/* reply has content-range, but Squid is not managing ranges */
// did we get at least what we expected, based on range specs?
- if (bytesSent == bytesExpected) { // got everything
- if (http->request->flags.proxyKeepalive)
- return STREAM_COMPLETE;
- else
- return STREAM_UNPLANNED_COMPLETE;
- }
-
- // The logic below is not clear: If we got more than we
- // expected why would persistency matter? Should not this
- // always be an error?
- if (bytesSent > bytesExpected) { // got extra
- if (http->request->flags.proxyKeepalive)
- return STREAM_COMPLETE;
- else
- return STREAM_UNPLANNED_COMPLETE;
- }
+ if (bytesSent == bytesExpected) // got everything
+ return STREAM_COMPLETE;
- // did not get enough yet, expecting more
+ if (bytesSent > bytesExpected) // Error: Sent more than expected
+ return STREAM_UNPLANNED_COMPLETE;
}
return STREAM_NONE;
if (!stoppedReceiving()) {
if (const int64_t expecting = mayNeedToReadMoreBody()) {
debugs(33, 5, HERE << "must still read " << expecting <<
- " request body bytes with " << in.notYetUsed << " unused");
+ " request body bytes with " << in.buf.length() << " unused");
return; // wait for the request receiver to finish reading
}
}
break;
case STREAM_COMPLETE:
- debugs(33, 5, HERE << conn << " Keeping Alive");
- keepaliveNextRequest();
+ debugs(33, 5, conn << "Stream complete, keepalive is " << http->request->flags.proxyKeepalive);
+ if (http->request->flags.proxyKeepalive)
+ keepaliveNextRequest();
+ else
+ initiateClose("STREAM_COMPLETE NOKEEPALIVE");
return;
case STREAM_UNPLANNED_COMPLETE:
ClientSocketContext *context;
StoreIOBuffer tempBuffer;
http = new ClientHttpRequest(csd);
- http->req_sz = csd->in.notYetUsed;
+ http->req_sz = csd->in.buf.length();
http->uri = xstrdup(uri);
setLogUri (http, uri);
- context = ClientSocketContextNew(csd->clientConnection, http);
+ context = new ClientSocketContext(csd->clientConnection, http);
tempBuffer.data = context->reqbuf;
tempBuffer.length = HTTP_REQBUF_SZ;
clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach,
strlen(host);
http->uri = (char *)xcalloc(url_sz, 1);
const char *protocol = switchedToHttps ?
- "https" : conn->port->protocol;
+ "https" : AnyP::UriScheme(conn->port->transport.protocol).c_str();
snprintf(http->uri, url_sz, "%s://%s%s", protocol, host, url);
debugs(33, 5, "ACCEL VHOST REWRITE: '" << http->uri << "'");
} else if (conn->port->defaultsite /* && !vhost */) {
snprintf(vportStr, sizeof(vportStr),":%d",vport);
}
snprintf(http->uri, url_sz, "%s://%s%s%s",
- conn->port->protocol, conn->port->defaultsite, vportStr, url);
+ AnyP::UriScheme(conn->port->transport.protocol).c_str(), conn->port->defaultsite, vportStr, url);
debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: '" << http->uri <<"'");
} else if (vport > 0 /* && (!vhost || no Host:) */) {
debugs(33, 5, "ACCEL VPORT REWRITE: http_port IP + vport=" << vport);
http->uri = (char *)xcalloc(url_sz, 1);
http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
snprintf(http->uri, url_sz, "%s://%s:%d%s",
- http->getConn()->port->protocol,
+ AnyP::UriScheme(conn->port->transport.protocol).c_str(),
ipbuf, vport, url);
debugs(33, 5, "ACCEL VPORT REWRITE: '" << http->uri << "'");
}
int url_sz = strlen(url) + 32 + Config.appendDomainLen +
strlen(host);
http->uri = (char *)xcalloc(url_sz, 1);
- snprintf(http->uri, url_sz, "%s://%s%s", conn->port->protocol, host, url);
+ snprintf(http->uri, url_sz, "%s://%s%s", AnyP::UriScheme(conn->port->transport.protocol).c_str(), host, url);
debugs(33, 5, "TRANSPARENT HOST REWRITE: '" << http->uri <<"'");
} else {
/* Put the local socket IP address as the hostname. */
http->uri = (char *)xcalloc(url_sz, 1);
http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN);
snprintf(http->uri, url_sz, "%s://%s:%d%s",
- http->getConn()->port->protocol,
+ AnyP::UriScheme(http->getConn()->port->transport.protocol).c_str(),
ipbuf, http->getConn()->clientConnection->local.port(), url);
debugs(33, 5, "TRANSPARENT REWRITE: '" << http->uri << "'");
}
/* deny CONNECT via accelerated ports */
if (*method_p == Http::METHOD_CONNECT && csd->port && csd->port->flags.accelSurrogate) {
- debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << csd->port->protocol << " Accelerator port " << csd->port->s.port() );
+ debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << csd->port->transport.protocol << " Accelerator port " << csd->port->s.port());
/* XXX need a way to say "this many character length string" */
debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
hp->request_parse_status = Http::scMethodNotAllowed;
http = new ClientHttpRequest(csd);
http->req_sz = HttpParserRequestLen(hp);
- result = ClientSocketContextNew(csd->clientConnection, http);
+ result = new ClientSocketContext(csd->clientConnection, http);
tempBuffer.data = result->reqbuf;
tempBuffer.length = HTTP_REQBUF_SZ;
return result;
}
-int
-ConnStateData::getAvailableBufferLength() const
-{
- assert (in.allocatedSize > in.notYetUsed); // allocated more than used
- const size_t result = in.allocatedSize - in.notYetUsed - 1;
- // huge request_header_max_size may lead to more than INT_MAX unused space
- assert (static_cast<ssize_t>(result) <= INT_MAX);
- return result;
-}
-
bool
-ConnStateData::maybeMakeSpaceAvailable()
+ConnStateData::In::maybeMakeSpaceAvailable()
{
- if (getAvailableBufferLength() < 2) {
- size_t newSize;
- if (in.allocatedSize >= Config.maxRequestBufferSize) {
+ if (buf.spaceSize() < 2) {
+ const SBuf::size_type haveCapacity = buf.length() + buf.spaceSize();
+ if (haveCapacity >= Config.maxRequestBufferSize) {
debugs(33, 4, "request buffer full: client_request_buffer_max_size=" << Config.maxRequestBufferSize);
return false;
}
- if ((newSize=in.allocatedSize * 2) > Config.maxRequestBufferSize) {
- newSize=Config.maxRequestBufferSize;
- }
- in.buf = (char *)memReallocBuf(in.buf, newSize, &in.allocatedSize);
- debugs(33, 2, "growing request buffer: notYetUsed=" << in.notYetUsed << " size=" << in.allocatedSize);
+ const SBuf::size_type wantCapacity = min(static_cast<SBuf::size_type>(Config.maxRequestBufferSize), haveCapacity*2);
+ buf.reserveCapacity(wantCapacity);
+ debugs(33, 2, "growing request buffer: available=" << buf.spaceSize() << " used=" << buf.length());
}
- return true;
+ return (buf.spaceSize() >= 2);
}
void
if (!ignoreErrno(xerrno)) {
debugs(33, 2, "connReadWasError: FD " << clientConnection << ": " << xstrerr(xerrno));
return 1;
- } else if (in.notYetUsed == 0) {
+ } else if (in.buf.isEmpty()) {
debugs(33, 2, "connReadWasError: FD " << clientConnection << ": no data to process (" << xstrerr(xerrno) << ")");
}
}
ConnStateData::connFinishedWithConn(int size)
{
if (size == 0) {
- if (getConcurrentRequestCount() == 0 && in.notYetUsed == 0) {
+ if (getConcurrentRequestCount() == 0 && in.buf.isEmpty()) {
/* no current or pending requests */
debugs(33, 4, HERE << clientConnection << " closed");
return 1;
void
connNoteUseOfBuffer(ConnStateData* conn, size_t byteCount)
{
- assert(byteCount > 0 && byteCount <= conn->in.notYetUsed);
- conn->in.notYetUsed -= byteCount;
- debugs(33, 5, HERE << "conn->in.notYetUsed = " << conn->in.notYetUsed);
- /*
- * If there is still data that will be used,
- * move it to the beginning.
- */
-
- if (conn->in.notYetUsed > 0)
- memmove(conn->in.buf, conn->in.buf + byteCount, conn->in.notYetUsed);
+ assert(byteCount > 0 && byteCount <= conn->in.buf.length());
+ conn->in.buf.consume(byteCount);
+ debugs(33, 5, "conn->in.buf has " << conn->in.buf.length() << " bytes unused.");
}
/// respond with ERR_TOO_BIG if request header exceeds request_header_max_size
void
ConnStateData::checkHeaderLimits()
{
- if (in.notYetUsed < Config.maxRequestHeaderSize)
+ if (in.buf.length() < Config.maxRequestHeaderSize)
return; // can accumulte more header data
- debugs(33, 3, "Request header is too large (" << in.notYetUsed << " > " <<
+ debugs(33, 3, "Request header is too large (" << in.buf.length() << " > " <<
Config.maxRequestHeaderSize << " bytes)");
ClientSocketContext *context = parseHttpRequestAbort(this, "error:request-too-large");
debugs(33,4, HERE << "Will close after error: " << clientConnection);
}
-#if USE_SSL
+#if USE_OPENSSL
bool ConnStateData::serveDelayedError(ClientSocketContext *context)
{
ClientHttpRequest *http = context->http;
clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
assert(repContext);
debugs(33, 5, "Responding with delated error for " << http->uri);
- repContext->setReplyToStoreEntry(sslServerBump->entry);
+ repContext->setReplyToStoreEntry(sslServerBump->entry, "delayed SslBump error");
// save the original request for logging purposes
if (!context->http->al->request) {
return false;
}
-#endif // USE_SSL
+#endif // USE_OPENSSL
static void
clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *context, const HttpRequestMethod& method, Http::ProtocolVersion http_ver)
assert (repContext);
switch (hp->request_parse_status) {
case Http::scHeaderTooLarge:
- repContext->setReplyToError(ERR_TOO_BIG, Http::scBadRequest, method, http->uri, conn->clientConnection->remote, NULL, conn->in.buf, NULL);
+ repContext->setReplyToError(ERR_TOO_BIG, Http::scBadRequest, method, http->uri, conn->clientConnection->remote, NULL, conn->in.buf.c_str(), NULL);
break;
case Http::scMethodNotAllowed:
repContext->setReplyToError(ERR_UNSUP_REQ, Http::scMethodNotAllowed, method, http->uri,
- conn->clientConnection->remote, NULL, conn->in.buf, NULL);
+ conn->clientConnection->remote, NULL, conn->in.buf.c_str(), NULL);
break;
default:
repContext->setReplyToError(ERR_INVALID_REQ, hp->request_parse_status, method, http->uri,
- conn->clientConnection->remote, NULL, conn->in.buf, NULL);
+ conn->clientConnection->remote, NULL, conn->in.buf.c_str(), NULL);
}
assert(context->http->out.offset == 0);
context->pullData();
conn->flags.readMore = false;
}
-#if USE_SSL
+#if USE_OPENSSL
if (conn->switchedToHttps() && conn->serveDelayedError(context))
goto finish;
#endif
assert (repContext);
conn->quitAfterError(request.getRaw());
repContext->setReplyToError(ERR_TOO_BIG,
- Http::scRequestEntityTooLarge, Http::METHOD_NONE, NULL,
+ Http::scPayloadTooLarge, Http::METHOD_NONE, NULL,
conn->clientConnection->remote, http->request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
static void
connStripBufferWhitespace (ConnStateData * conn)
{
- while (conn->in.notYetUsed > 0 && xisspace(conn->in.buf[0])) {
- memmove(conn->in.buf, conn->in.buf + 1, conn->in.notYetUsed - 1);
- -- conn->in.notYetUsed;
+ // XXX: kill this whole function.
+ while (!conn->in.buf.isEmpty() && xisspace(conn->in.buf.at(0))) {
+ conn->in.buf.consume(1);
}
}
// Loop while we have read bytes that are not needed for producing the body
// On errors, bodyPipe may become nil, but readMore will be cleared
- while (in.notYetUsed > 0 && !bodyPipe && flags.readMore) {
+ while (!in.buf.isEmpty() && !bodyPipe && flags.readMore) {
connStripBufferWhitespace(this);
/* Don't try to parse if the buffer is empty */
- if (in.notYetUsed == 0)
+ if (in.buf.isEmpty())
break;
/* Limit the number of concurrent requests */
if (concurrentRequestQueueFilled())
break;
- /* Should not be needed anymore */
- /* Terminate the string */
- in.buf[in.notYetUsed] = '\0';
-
- Http::ProtocolVersion http_ver;
ClientSocketContext *context = NULL;
+ Http::ProtocolVersion http_ver;
if (!isFtp) {
/* Begin the parsing */
PROF_start(parseHttpRequest);
- HttpParserInit(&parser_, in.buf, in.notYetUsed);
+ HttpParserInit(&parser_, in.buf.c_str(), in.buf.length());
/* Process request */
context = parseHttpRequest(this, &parser_, &method, &http_ver);
kb_incr(&(statCounter.client_http.kbytes_in), io.size);
// may comm_close or setReplyToError
- if (!handleReadData(io.buf, io.size))
+ if (!handleReadData(io.buf2))
return;
} else if (io.size == 0) {
* \retval true we did not call comm_close or setReplyToError
*/
bool
-ConnStateData::handleReadData(char *buf, size_t size)
+ConnStateData::handleReadData(SBuf *buf)
{
- char *current_buf = in.addressToReadInto();
-
- if (buf != current_buf)
- memmove(current_buf, buf, size);
-
- in.notYetUsed += size;
-
- in.buf[in.notYetUsed] = '\0'; /* Terminate the string */
+ assert(buf == &in.buf); // XXX: make this abort the transaction if this fails
// if we are reading a body, stuff data into the body pipe
if (bodyPipe != NULL)
/**
* called when new request body data has been buffered in in.buf
* may close the connection if we were closing and piped everything out
-e *
+ *
* \retval false called comm_close or setReplyToError (the caller should bail)
* \retval true we did not call comm_close or setReplyToError
*/
}
} else { // identity encoding
debugs(33,5, HERE << "handling plain request body for " << clientConnection);
- putSize = bodyPipe->putMoreData(in.buf, in.notYetUsed);
+ putSize = bodyPipe->putMoreData(in.buf.c_str(), in.buf.length());
if (!bodyPipe->mayNeedMoreData()) {
// BodyPipe will clear us automagically when we produced everything
bodyPipe = NULL;
err_type
ConnStateData::handleChunkedRequestBody(size_t &putSize)
{
- debugs(33,7, HERE << "chunked from " << clientConnection << ": " << in.notYetUsed);
+ debugs(33, 7, "chunked from " << clientConnection << ": " << in.buf.length());
try { // the parser will throw on errors
- if (!in.notYetUsed) // nothing to do (MemBuf::init requires this check)
+ if (in.buf.isEmpty()) // nothing to do
return ERR_NONE;
MemBuf raw; // ChunkedCodingParser only works with MemBufs
// add one because MemBuf will assert if it cannot 0-terminate
- raw.init(in.notYetUsed, in.notYetUsed+1);
- raw.append(in.buf, in.notYetUsed);
+ raw.init(in.buf.length(), in.buf.length()+1);
+ raw.append(in.buf.c_str(), in.buf.length());
const mb_size_t wasContentSize = raw.contentSize();
BodyPipeCheckout bpc(*bodyPipe);
clientReplyContext *repContext = dynamic_cast<clientReplyContext*>(node->data.getRaw());
assert(repContext);
const Http::StatusCode scode = (error == ERR_TOO_BIG) ?
- Http::scRequestEntityTooLarge : HTTP_BAD_REQUEST;
+ Http::scPayloadTooLarge : HTTP_BAD_REQUEST;
repContext->setReplyToError(error, scode,
repContext->http->request->method,
repContext->http->uri,
ConnStateData::ConnStateData(const MasterXaction::Pointer &xact):
AsyncJob("ConnStateData"),
- isFtp(strcmp(xact->squidPort->protocol, "ftp") == 0), // TODO: convert into a method?
-#if USE_SSL
+ isFtp(xact->squidPort->transport.protocol == AnyP::PROTO_FTP), // TODO: convert into a method?
+#if USE_OPENSSL
sslBumpMode(Ssl::bumpEnd),
switchedToHttps_(false),
sslServerBump(NULL),
log_addr = xact->tcpClient->remote;
log_addr.applyMask(Config.Addrs.client_netmask);
- in.buf = (char *)memAllocBuf(CLIENT_REQ_BUF_SZ, &in.allocatedSize);
+ in.buf.reserveCapacity(CLIENT_REQ_BUF_SZ);
if (port->disable_pmtu_discovery != DISABLE_PMTU_OFF &&
(transparent() || port->disable_pmtu_discovery == DISABLE_PMTU_ALWAYS)) {
#endif
}
-#if USE_SSL
+#if USE_OPENSSL
/** Create SSL connection structure and update fd_table */
static SSL *
// fake a CONNECT request to force connState to tunnel
static char ip[MAX_IPSTRLEN];
- static char reqStr[MAX_IPSTRLEN + 80];
connState->clientConnection->local.toUrl(ip, sizeof(ip));
- snprintf(reqStr, sizeof(reqStr), "CONNECT %s HTTP/1.1\r\nHost: %s\r\n\r\n", ip, ip);
- bool ret = connState->handleReadData(reqStr, strlen(reqStr));
+ SBuf reqStr;
+ reqStr.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n");
+ bool ret = connState->handleReadData(&reqStr);
if (ret)
ret = connState->clientParseRequests();
void ConnStateData::buildSslCertGenerationParams(Ssl::CertificateProperties &certProperties)
{
- certProperties.commonName = sslCommonName.defined() ? sslCommonName.termedBuf() : sslConnectHostOrIp.termedBuf();
+ certProperties.commonName = sslCommonName.size() > 0 ? sslCommonName.termedBuf() : sslConnectHostOrIp.termedBuf();
// fake certificate adaptation requires bump-server-first mode
if (!sslServerBump) {
Ssl::CertificateProperties certProperties;
buildSslCertGenerationParams(certProperties);
sslBumpCertKey = certProperties.dbKey().c_str();
- assert(sslBumpCertKey.defined() && sslBumpCertKey[0] != '\0');
+ assert(sslBumpCertKey.size() > 0 && sslBumpCertKey[0] != '\0');
debugs(33, 5, HERE << "Finding SSL certificate for " << sslBumpCertKey << " in cache");
- Ssl::LocalContextStorage & ssl_ctx_cache(Ssl::TheGlobalContextStorage.getLocalStorage(port->s));
+ Ssl::LocalContextStorage *ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s);
SSL_CTX * dynCtx = NULL;
- Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache.get(sslBumpCertKey.termedBuf());
+ Ssl::SSL_CTX_Pointer *cachedCtx = ssl_ctx_cache ? ssl_ctx_cache->get(sslBumpCertKey.termedBuf()) : NULL;
if (cachedCtx && (dynCtx = cachedCtx->get())) {
debugs(33, 5, HERE << "SSL certificate for " << sslBumpCertKey << " have found in cache");
if (Ssl::verifySslCertificate(dynCtx, certProperties)) {
return;
} else {
debugs(33, 5, HERE << "Cached SSL certificate for " << sslBumpCertKey << " is out of date. Delete this certificate from cache");
- ssl_ctx_cache.del(sslBumpCertKey.termedBuf());
+ if (ssl_ctx_cache)
+ ssl_ctx_cache->del(sslBumpCertKey.termedBuf());
}
} else {
debugs(33, 5, HERE << "SSL certificate for " << sslBumpCertKey << " haven't found in cache");
// Try to add generated ssl context to storage.
if (port->generateHostCertificates && isNew) {
- if (signAlgorithm == Ssl::algSignTrusted)
+ if (signAlgorithm == Ssl::algSignTrusted) {
+ // Add signing certificate to the certificates chain
+ X509 *cert = port->signingCert.get();
+ if (SSL_CTX_add_extra_chain_cert(sslContext, cert)) {
+ // increase the certificate lock
+ CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509);
+ } else {
+ const int ssl_error = ERR_get_error();
+ debugs(33, DBG_IMPORTANT, "WARNING: can not add signing certificate to SSL context chain: " << ERR_error_string(ssl_error, NULL));
+ }
Ssl::addChainToSslContext(sslContext, port->certsToChain.get());
+ }
//else it is self-signed or untrusted do not attrach any certificate
- Ssl::LocalContextStorage & ssl_ctx_cache(Ssl::TheGlobalContextStorage.getLocalStorage(port->s));
- assert(sslBumpCertKey.defined() && sslBumpCertKey[0] != '\0');
+ Ssl::LocalContextStorage *ssl_ctx_cache = Ssl::TheGlobalContextStorage.getLocalStorage(port->s);
+ assert(sslBumpCertKey.size() > 0 && sslBumpCertKey[0] != '\0');
if (sslContext) {
- if (!ssl_ctx_cache.add(sslBumpCertKey.termedBuf(), new Ssl::SSL_CTX_Pointer(sslContext))) {
+ if (!ssl_ctx_cache || !ssl_ctx_cache->add(sslBumpCertKey.termedBuf(), new Ssl::SSL_CTX_Pointer(sslContext))) {
// If it is not in storage delete after using. Else storage deleted it.
fd_table[clientConnection->fd].dynamicSslContext = sslContext;
}
getSslContextStart();
}
-#endif /* USE_SSL */
+#endif /* USE_OPENSSL */
/// check FD after clientHttp[s]ConnectionOpened, adjust HttpSockets as needed
static bool
continue;
}
-#if USE_SSL
+#if USE_OPENSSL
if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) {
- debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << s->protocol << "_port " << s->s);
+ debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s);
s->flags.tunnelSslBumping = false;
}
}
}
-#if USE_SSL
+#if USE_OPENSSL
static void
clientHttpsConnectionsOpen(void)
{
// TODO: merge with similar code in clientHttpConnectionsOpen()
if (s->flags.tunnelSslBumping && !Config.accessList.ssl_bump) {
- debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << s->protocol << "_port " << s->s);
+ debugs(33, DBG_IMPORTANT, "WARNING: No ssl_bump configured. Disabling ssl-bump on " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s);
s->flags.tunnelSslBumping = false;
}
clientOpenListenSockets(void)
{
clientHttpConnectionsOpen();
-#if USE_SSL
+#if USE_OPENSSL
clientHttpsConnectionsOpen();
#endif
clientFtpConnectionsOpen();
}
}
-#if USE_SSL
+#if USE_OPENSSL
for (AnyP::PortCfg *s = Config.Sockaddr.https; s; s = s->next) {
if (s->listenConn != NULL) {
debugs(1, DBG_IMPORTANT, "Closing HTTPS port " << s->listenConn->local);
if (vary) {
/* Oops... something odd is going on here.. */
debugs(33, DBG_IMPORTANT, "varyEvaluateMatch: Oops. Not a Vary object on second attempt, '" <<
- entry->mem_obj->url << "' '" << vary << "'");
+ entry->mem_obj->urlXXX() << "' '" << vary << "'");
safe_free(request->vary_headers);
return VARY_CANCEL;
}
* found the requested variant. Bail out
*/
debugs(33, DBG_IMPORTANT, "varyEvaluateMatch: Oops. Not a Vary match on second attempt, '" <<
- entry->mem_obj->url << "' '" << vary << "'");
+ entry->mem_obj->urlXXX() << "' '" << vary << "'");
return VARY_CANCEL;
}
}
ConnStateData * conn = http->getConn();
ACLFilledChecklist *ch = new ACLFilledChecklist(acl, http->request,
cbdataReferenceValid(conn) && conn != NULL && conn->clientConnection != NULL ? conn->clientConnection->rfc931 : dash_str);
-
+ ch->al = http->al;
/*
* hack for ident ACL. It needs to get full addresses, and a place to store
* the ident result on persistent connections...
return -1; // probably need to read more, but we cannot be sure
const int64_t needToProduce = bodyPipe->unproducedSize();
- const int64_t haveAvailable = static_cast<int64_t>(in.notYetUsed);
+ const int64_t haveAvailable = static_cast<int64_t>(in.buf.length());
if (needToProduce <= haveAvailable)
return 0; // we have read what we need (but are waiting for pipe space)
in.bodyParser = NULL;
}
-char *
-ConnStateData::In::addressToReadInto() const
-{
- return buf + notYetUsed;
-}
-
-ConnStateData::In::In() : bodyParser(NULL),
- buf (NULL), notYetUsed (0), allocatedSize (0)
+ConnStateData::In::In() :
+ bodyParser(NULL),
+ buf()
{}
ConnStateData::In::~In()
{
- if (allocatedSize)
- memFreeBuf(allocatedSize, buf);
delete bodyParser; // TODO: pool
}
pinning.closeHandler = NULL; // Comm unregisters handlers before calling
const bool sawZeroReply = pinning.zeroReply; // reset when unpinning
unpinConnection(false);
- if (sawZeroReply) {
- debugs(33, 3, "Closing client connection on pinned zero reply.");
- clientConnection->close();
- }
+
if (isFtp) {
- // XXX
- /*
- debugs(33, 5, HERE << "FTP server connection closed, closing client "
- "connection.");
+ // if the server control connection is gone, reset state to login again
+ // TODO: merge with similar code in FtpHandleUserRequest()
+ debugs(33, 5, "will need to re-login due to FTP server closure");
+ ftp.readGreeting = false;
+ FtpChangeState(this, ConnStateData::FTP_BEGIN, "server closure");
+ // XXX: Not enough. Gateway::ServerStateData::sendCommand() will not
+ // re-login because clientState() is not ConnStateData::FTP_CONNECTED.
+ }
+
+ if (sawZeroReply && clientConnection != NULL) {
+ debugs(33, 3, "Closing client connection on pinned zero reply.");
clientConnection->close();
- */
}
+
}
void
-ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth)
+ConnStateData::pinConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth, bool monitor)
{
if (!Comm::IsConnOpen(pinning.serverConnection) ||
pinning.serverConnection->fd != pinServer->fd)
pinNewConnection(pinServer, request, aPeer, auth);
- startMonitoringPinnedConnection();
+ if (monitor)
+ startPinnedConnectionMonitoring();
}
void
comm_add_close_handler(pinning.serverConnection->fd, pinning.closeHandler);
}
+/// [re]start monitoring pinned connection for server closures so that we can
+/// propagate them to an _idle_ client pinned to the server
+void
+ConnStateData::startPinnedConnectionMonitoring()
+{
+ if (pinning.readHandler != NULL)
+ return; // already monitoring
+
+ typedef CommCbMemFunT<ConnStateData, CommIoCbParams> Dialer;
+ pinning.readHandler = JobCallback(33, 3,
+ Dialer, this, ConnStateData::clientPinnedConnectionRead);
+ static char unusedBuf[8];
+ comm_read(pinning.serverConnection, unusedBuf, sizeof(unusedBuf), pinning.readHandler);
+}
+
+void
+ConnStateData::stopPinnedConnectionMonitoring()
+{
+ if (pinning.readHandler != NULL) {
+ comm_read_cancel(pinning.serverConnection->fd, pinning.readHandler);
+ pinning.readHandler = NULL;
+ }
+}
+
+/// Our read handler called by Comm when the server either closes an idle pinned connection or
+/// perhaps unexpectedly sends something on that idle (from Squid p.o.v.) connection.
+void
+ConnStateData::clientPinnedConnectionRead(const CommIoCbParams &io)
+{
+ pinning.readHandler = NULL; // Comm unregisters handlers before calling
+
+ if (io.flag == COMM_ERR_CLOSING)
+ return; // close handler will clean up
+
+ // We could use getConcurrentRequestCount(), but this may be faster.
+ const bool clientIsIdle = !getCurrentContext();
+
+ debugs(33, 3, "idle pinned " << pinning.serverConnection << " read " <<
+ io.size << (clientIsIdle ? " with idle client" : ""));
+
+ assert(pinning.serverConnection == io.conn);
+ pinning.serverConnection->close();
+
+ // If we are still sending data to the client, do not close now. When we are done sending,
+ // ClientSocketContext::keepaliveNextRequest() checks pinning.serverConnection and will close.
+ // However, if we are idle, then we must close to inform the idle client and minimize races.
+ if (clientIsIdle && clientConnection != NULL)
+ clientConnection->close();
+}
+
const Comm::ConnectionPointer
ConnStateData::validatePinnedConnection(HttpRequest *request, const CachePeer *aPeer)
{
{
debugs(33, 7, pinning.serverConnection);
if (validatePinnedConnection(request, aPeer) != NULL)
- stopMonitoringPinnedConnection();
+ stopPinnedConnectionMonitoring();
return pinning.serverConnection; // closed if validation failed
}
-/// [re]start monitoring pinned connection for server closures so that we can
-/// propagate them to an _idle_ client pinned to the server
-void
-ConnStateData::startMonitoringPinnedConnection()
-{
- if (!pinning.reading) {
- pinning.reading = true;
- Comm::SetSelect(pinning.serverConnection->fd, COMM_SELECT_READ,
- &ConnStateData::ReadPinnedConnection,
- new Pointer(this), 0);
- }
-}
-
-/// stop or suspend monitoring pinned connection for server closures
-void
-ConnStateData::stopMonitoringPinnedConnection()
-{
- if (pinning.reading) {
- Comm::SetSelect(pinning.serverConnection->fd, COMM_SELECT_READ, NULL, NULL, 0);
- pinning.reading = false;
- }
-}
-
-/// read callback for the idle pinned server connection
-void
-ConnStateData::ReadPinnedConnection(int fd, void *data)
-{
- Pointer *ptr = static_cast<Pointer*>(data);
- if (ConnStateData *client = dynamic_cast<ConnStateData*>(ptr->valid())) {
- // get back inside job call protection
- typedef NullaryMemFunT<ConnStateData> Dialer;
- AsyncCall::Pointer call = JobCallback(33, 5, Dialer, client,
- ConnStateData::readPinnedConnection);
- ScheduleCallHere(call);
- }
- delete ptr;
-}
-
-void
-ConnStateData::readPinnedConnection()
-{
- pinning.reading = false; // select loop clears our subscription before cb
- mustStop("suspected pinned server eof");
-}
-
void
ConnStateData::unpinConnection(const bool andClose)
{
pinning.closeHandler = NULL;
}
- stopMonitoringPinnedConnection();
+ stopPinnedConnectionMonitoring();
// close the server side socket if requested
if (andClose)
{
*http_ver = Http::ProtocolVersion(1, 1);
+ // TODO: Use tokenizer for parsing instead of raw pointer manipulation.
+ const char *inBuf = connState->in.buf.rawContent();
+
const char *const eor =
- static_cast<const char *>(memchr(connState->in.buf, '\n',
- min(connState->in.notYetUsed, Config.maxRequestHeaderSize)));
- const size_t req_sz = eor + 1 - connState->in.buf;
+ static_cast<const char *>(memchr(inBuf, '\n',
+ min(static_cast<size_t>(connState->in.buf.length()), Config.maxRequestHeaderSize)));
- if (eor == NULL && connState->in.notYetUsed >= Config.maxRequestHeaderSize) {
+ if (eor == NULL && connState->in.buf.length() >= Config.maxRequestHeaderSize) {
FtpChangeState(connState, ConnStateData::FTP_ERROR, "huge req");
FtpWriteEarlyReply(connState, 421, "Too large request");
return NULL;
return NULL;
}
- connNoteUseOfBuffer(connState, req_sz);
+ const size_t req_sz = eor + 1 - inBuf;
// skip leading whitespaces
- const char *boc = connState->in.buf;
+ const char *boc = inBuf; // beginning of command
while (boc < eor && isspace(*boc)) ++boc;
if (boc >= eor) {
debugs(33, 5, HERE << "Empty request, ignoring");
+ connNoteUseOfBuffer(connState, req_sz);
return NULL;
}
- const char *eoc = boc;
+ const char *eoc = boc; // end of command
while (eoc < eor && !isspace(*eoc)) ++eoc;
- connState->in.buf[eoc - connState->in.buf] = '\0';
+ connState->in.buf.setAt(eoc - inBuf, '\0');
- const char *bop = eoc + 1;
+ const char *bop = eoc + 1; // beginning of parameter
while (bop < eor && isspace(*bop)) ++bop;
if (bop < eor) {
const char *eop = eor - 1;
while (isspace(*eop)) --eop;
assert(eop >= bop);
- connState->in.buf[eop + 1 - connState->in.buf] = '\0';
+ connState->in.buf.setAt(eop + 1 - inBuf, '\0');
} else
bop = NULL;
(bop == NULL ? "no " : "") << "parameters" <<
(bop != NULL ? ": " : "") << bop);
+ // TODO: Use SBuf instead of String
const String cmd = boc;
String params = bop;
+ connNoteUseOfBuffer(connState, req_sz);
+
if (!connState->ftp.readGreeting) {
// the first command must be USER
if (!connState->pinning.pinned && cmd.caseCmp("USER") != 0) {
http->uri = uri;
ClientSocketContext *const result =
- ClientSocketContextNew(connState->clientConnection, http);
+ new ClientSocketContext(connState->clientConnection, http);
StoreIOBuffer tempBuffer;
tempBuffer.data = result->reqbuf;
projects / thirdparty / squid.git / blobdiff