]>
Commit | Line | Data |
---|---|---|
41462d93 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
e25c139f | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
41462d93 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 17 Request Forwarding */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
4bf68cfa | 12 | #include "AccessLogEntry.h" |
289848ca | 13 | #include "acl/Address.h" |
c0941a6a AR |
14 | #include "acl/FilledChecklist.h" |
15 | #include "acl/Gadgets.h" | |
5ae65581 | 16 | #include "anyp/PortCfg.h" |
25b481e6 | 17 | #include "CacheManager.h" |
602d9612 | 18 | #include "CachePeer.h" |
582c2af2 | 19 | #include "client_side.h" |
92ae4c86 | 20 | #include "clients/forward.h" |
f9b72e0c | 21 | #include "comm/Connection.h" |
aed188fd | 22 | #include "comm/ConnOpener.h" |
d841c88d | 23 | #include "comm/Loops.h" |
582c2af2 | 24 | #include "CommCalls.h" |
aa839030 | 25 | #include "errorpage.h" |
582c2af2 | 26 | #include "event.h" |
fc54b8d2 | 27 | #include "fd.h" |
aa839030 | 28 | #include "fde.h" |
eb13c21e | 29 | #include "FwdState.h" |
582c2af2 | 30 | #include "globals.h" |
fc54b8d2 | 31 | #include "gopher.h" |
bbaf2685 | 32 | #include "hier_code.h" |
fc54b8d2 | 33 | #include "http.h" |
d3dddfb5 | 34 | #include "http/Stream.h" |
924f73bc | 35 | #include "HttpReply.h" |
aa839030 | 36 | #include "HttpRequest.h" |
582c2af2 | 37 | #include "icmp/net_db.h" |
fc54b8d2 | 38 | #include "internal.h" |
582c2af2 | 39 | #include "ip/Intercept.h" |
425de4c8 | 40 | #include "ip/QosConfig.h" |
582c2af2 | 41 | #include "ip/tools.h" |
aa839030 | 42 | #include "MemObject.h" |
582c2af2 | 43 | #include "mgr/Registration.h" |
fc54b8d2 | 44 | #include "neighbors.h" |
781ce8ff | 45 | #include "pconn.h" |
e8dca475 | 46 | #include "PeerPoolMgr.h" |
a72b6e88 | 47 | #include "security/BlindPeerConnector.h" |
4d5904f7 | 48 | #include "SquidConfig.h" |
aa839030 | 49 | #include "SquidTime.h" |
32f1ca3f | 50 | #include "ssl/PeekingPeerConnector.h" |
aa839030 | 51 | #include "Store.h" |
e87137f1 | 52 | #include "StoreClient.h" |
5eb529cb | 53 | #include "urn.h" |
fc54b8d2 | 54 | #include "whois.h" |
cb4f4424 | 55 | #if USE_OPENSSL |
2cef0ca6 AR |
56 | #include "ssl/cert_validate_message.h" |
57 | #include "ssl/Config.h" | |
4d16918e | 58 | #include "ssl/ErrorDetail.h" |
602d9612 | 59 | #include "ssl/helper.h" |
fd4624d7 | 60 | #include "ssl/ServerBump.h" |
602d9612 | 61 | #include "ssl/support.h" |
fcfdf7f9 AJ |
62 | #else |
63 | #include "security/EncryptorAnswer.h" | |
4db984be | 64 | #endif |
1a30fdf5 AJ |
65 | |
66 | #include <cerrno> | |
cfd66529 | 67 | |
575d05c4 | 68 | static CLCB fwdServerClosedWrapper; |
b6b6f466 | 69 | static CNCB fwdConnectDoneWrapper; |
70 | ||
8ddcc35d | 71 | static OBJH fwdStats; |
72 | ||
73 | #define MAX_FWD_STATS_IDX 9 | |
955394ce | 74 | static int FwdReplyCodes[MAX_FWD_STATS_IDX + 1][Http::scInvalidHeader + 1]; |
db1cd23c | 75 | |
d5430dc8 | 76 | static PconnPool *fwdPconnPool = new PconnPool("server-peers", NULL); |
b6b6f466 | 77 | CBDATA_CLASS_INIT(FwdState); |
781ce8ff | 78 | |
a72b6e88 | 79 | class FwdStatePeerAnswerDialer: public CallDialer, public Security::PeerConnector::CbDialer |
a23223bf CT |
80 | { |
81 | public: | |
fcfdf7f9 | 82 | typedef void (FwdState::*Method)(Security::EncryptorAnswer &); |
a23223bf CT |
83 | |
84 | FwdStatePeerAnswerDialer(Method method, FwdState *fwd): | |
f53969cc | 85 | method_(method), fwd_(fwd), answer_() {} |
a23223bf CT |
86 | |
87 | /* CallDialer API */ | |
88 | virtual bool canDial(AsyncCall &call) { return fwd_.valid(); } | |
89 | void dial(AsyncCall &call) { ((&(*fwd_))->*method_)(answer_); } | |
90 | virtual void print(std::ostream &os) const { | |
e2849af8 A |
91 | os << '(' << fwd_.get() << ", " << answer_ << ')'; |
92 | } | |
a23223bf | 93 | |
a72b6e88 | 94 | /* Security::PeerConnector::CbDialer API */ |
fcfdf7f9 | 95 | virtual Security::EncryptorAnswer &answer() { return answer_; } |
a23223bf CT |
96 | |
97 | private: | |
98 | Method method_; | |
99 | CbcPointer<FwdState> fwd_; | |
fcfdf7f9 | 100 | Security::EncryptorAnswer answer_; |
a23223bf | 101 | }; |
a23223bf | 102 | |
429871db | 103 | void |
104 | FwdState::abort(void* d) | |
105 | { | |
106 | FwdState* fwd = (FwdState*)d; | |
6ecaf21a | 107 | Pointer tmp = fwd; // Grab a temporary pointer to keep the object alive during our scope. |
429871db | 108 | |
6b679a01 | 109 | if (Comm::IsConnOpen(fwd->serverConnection())) { |
e8dca475 | 110 | fwd->closeServerConnection("store entry aborted"); |
6dd9a2e4 AJ |
111 | } else { |
112 | debugs(17, 7, HERE << "store entry aborted; no connection to close"); | |
cff02fa6 | 113 | } |
c33a88ca | 114 | fwd->serverDestinations.clear(); |
6043e368 | 115 | fwd->stopAndDestroy("store entry aborted"); |
429871db | 116 | } |
117 | ||
e8dca475 CT |
118 | void |
119 | FwdState::closeServerConnection(const char *reason) | |
120 | { | |
121 | debugs(17, 3, "because " << reason << "; " << serverConn); | |
398bc066 CT |
122 | comm_remove_close_handler(serverConn->fd, closeHandler); |
123 | closeHandler = NULL; | |
e8dca475 CT |
124 | fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses); |
125 | serverConn->close(); | |
126 | } | |
127 | ||
b6b6f466 | 128 | /**** PUBLIC INTERFACE ********************************************************/ |
c7f9eb6d | 129 | |
4bf68cfa | 130 | FwdState::FwdState(const Comm::ConnectionPointer &client, StoreEntry * e, HttpRequest * r, const AccessLogEntryPointer &alp): |
cc8c4af2 AJ |
131 | entry(e), |
132 | request(r), | |
133 | al(alp), | |
134 | err(NULL), | |
135 | clientConn(client), | |
136 | start_t(squid_curtime), | |
137 | n_tries(0), | |
138 | pconnRace(raceImpossible) | |
db1cd23c | 139 | { |
cc8c4af2 | 140 | debugs(17, 2, "Forwarding client request " << client << ", url=" << e->url()); |
b248c2a3 | 141 | HTTPMSGLOCK(request); |
00ae51e4 | 142 | serverDestinations.reserve(Config.forward_max_tries); |
1bfe9ade | 143 | e->lock("FwdState"); |
b6b6f466 | 144 | EBIT_SET(e->flags, ENTRY_FWD_HDR_WAIT); |
cc8c4af2 AJ |
145 | flags.connected_okay = false; |
146 | flags.dont_retry = false; | |
147 | flags.forward_completed = false; | |
148 | debugs(17, 3, "FwdState constructed, this=" << this); | |
7a0fb323 | 149 | } |
150 | ||
151 | // Called once, right after object creation, when it is safe to set self | |
fc68f6b1 | 152 | void FwdState::start(Pointer aSelf) |
153 | { | |
7a0fb323 | 154 | // Protect ourselves from being destroyed when the only Server pointing |
155 | // to us is gone (while we expect to talk to more Servers later). | |
156 | // Once we set self, we are responsible for clearing it when we do not | |
157 | // expect to talk to any servers. | |
158 | self = aSelf; // refcounted | |
159 | ||
160 | // We hope that either the store entry aborts or peer is selected. | |
161 | // Otherwise we are going to leak our object. | |
34266cde | 162 | |
92cfc72f CT |
163 | // Ftp::Relay needs to preserve control connection on data aborts |
164 | // so it registers its own abort handler that calls ours when needed. | |
165 | if (!request->flags.ftpNative) | |
166 | entry->registerAbort(FwdState::abort, this); | |
bfe4e2fe | 167 | |
32c32865 | 168 | #if STRICT_ORIGINAL_DST |
bfe4e2fe AJ |
169 | // Bug 3243: CVE 2009-0801 |
170 | // Bypass of browser same-origin access control in intercepted communication | |
171 | // To resolve this we must force DIRECT and only to the original client destination. | |
0d901ef4 | 172 | const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.interceptTproxy); |
2962f8b8 AJ |
173 | const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified); |
174 | if (isIntercepted && useOriginalDst) { | |
d7ce0bcd | 175 | selectPeerForIntercepted(); |
7177edfb AJ |
176 | // 3.2 does not suppro re-wrapping inside CONNECT. |
177 | // our only alternative is to fake destination "found" and continue with the forwarding. | |
bfe4e2fe | 178 | startConnectionOrFail(); |
7177edfb | 179 | return; |
bfe4e2fe | 180 | } |
32c32865 AJ |
181 | #endif |
182 | ||
7177edfb | 183 | // do full route options selection |
6043e368 AR |
184 | startSelectingDestinations(request, al, entry); |
185 | } | |
186 | ||
187 | /// ends forwarding; relies on refcounting so the effect may not be immediate | |
188 | void | |
189 | FwdState::stopAndDestroy(const char *reason) | |
190 | { | |
191 | debugs(17, 3, "for " << reason); | |
192 | PeerSelectionInitiator::subscribed = false; // may already be false | |
193 | self = nullptr; // we hope refcounting destroys us soon; may already be nil | |
194 | /* do not place any code here as this object may be gone by now */ | |
db1cd23c | 195 | } |
196 | ||
32c32865 | 197 | #if STRICT_ORIGINAL_DST |
d7ce0bcd AR |
198 | /// bypasses peerSelect() when dealing with intercepted requests |
199 | void | |
200 | FwdState::selectPeerForIntercepted() | |
201 | { | |
202 | // use pinned connection if available | |
203 | Comm::ConnectionPointer p; | |
693cb033 | 204 | if (ConnStateData *client = request->pinnedConnection()) { |
d7ce0bcd | 205 | p = client->validatePinnedConnection(request, NULL); |
693cb033 CT |
206 | if (Comm::IsConnOpen(p)) { |
207 | /* duplicate peerSelectPinned() effects */ | |
208 | p->peerType = PINNED; | |
209 | entry->ping_status = PING_DONE; /* Skip ICP */ | |
d7ce0bcd | 210 | |
693cb033 CT |
211 | debugs(17, 3, "reusing a pinned conn: " << *p); |
212 | serverDestinations.push_back(p); | |
213 | } else { | |
214 | debugs(17,2, "Pinned connection is not valid: " << p); | |
955394ce | 215 | ErrorState *anErr = new ErrorState(ERR_ZERO_SIZE_OBJECT, Http::scServiceUnavailable, request); |
693cb033 CT |
216 | fail(anErr); |
217 | } | |
218 | // Either use the valid pinned connection or fail if it is invalid. | |
219 | return; | |
d7ce0bcd AR |
220 | } |
221 | ||
7177edfb AJ |
222 | // use client original destination as second preferred choice |
223 | p = new Comm::Connection(); | |
224 | p->peerType = ORIGINAL_DST; | |
225 | p->remote = clientConn->local; | |
226 | getOutgoingAddress(request, p); | |
227 | ||
228 | debugs(17, 3, HERE << "using client original destination: " << *p); | |
d7ce0bcd AR |
229 | serverDestinations.push_back(p); |
230 | } | |
32c32865 | 231 | #endif |
d7ce0bcd | 232 | |
802a8c1d | 233 | void |
234 | FwdState::completed() | |
41462d93 | 235 | { |
e857372a | 236 | if (flags.forward_completed) { |
e0236918 | 237 | debugs(17, DBG_IMPORTANT, HERE << "FwdState::completed called on a completed request! Bad!"); |
fc68f6b1 | 238 | return; |
239 | } | |
240 | ||
e857372a | 241 | flags.forward_completed = true; |
802a8c1d | 242 | |
16b70e2a CT |
243 | request->hier.stopPeerClock(false); |
244 | ||
c4a88a3e CT |
245 | if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { |
246 | debugs(17, 3, HERE << "entry aborted"); | |
247 | return ; | |
248 | } | |
249 | ||
bc87dc25 | 250 | #if URL_CHECKSUM_DEBUG |
62e76326 | 251 | |
b6b6f466 | 252 | entry->mem_obj->checkUrlChecksum(); |
225644d7 | 253 | #endif |
62e76326 | 254 | |
b6b6f466 | 255 | if (entry->store_status == STORE_PENDING) { |
256 | if (entry->isEmpty()) { | |
a04b7e6e | 257 | if (!err) // we quit (e.g., fd closed) before an error or content |
955394ce | 258 | fail(new ErrorState(ERR_READ_ERROR, Http::scBadGateway, request)); |
b6b6f466 | 259 | assert(err); |
260 | errorAppendEntry(entry, err); | |
261 | err = NULL; | |
cb4f4424 | 262 | #if USE_OPENSSL |
2cef0ca6 AR |
263 | if (request->flags.sslPeek && request->clientConnectionManager.valid()) { |
264 | CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, | |
801cfc26 | 265 | ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(Comm::ConnectionPointer(nullptr), request)); |
2cef0ca6 AR |
266 | } |
267 | #endif | |
62e76326 | 268 | } else { |
b6b6f466 | 269 | EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); |
270 | entry->complete(); | |
d88e3c49 | 271 | entry->releaseRequest(); |
62e76326 | 272 | } |
f563eea9 | 273 | } |
62e76326 | 274 | |
b6b6f466 | 275 | if (storePendingNClients(entry) > 0) |
276 | assert(!EBIT_TEST(entry->flags, ENTRY_FWD_HDR_WAIT)); | |
62e76326 | 277 | |
802a8c1d | 278 | } |
279 | ||
280 | FwdState::~FwdState() | |
281 | { | |
cc8c4af2 | 282 | debugs(17, 3, "FwdState destructor start"); |
fc68f6b1 | 283 | |
802a8c1d | 284 | if (! flags.forward_completed) |
fc68f6b1 | 285 | completed(); |
802a8c1d | 286 | |
9d2760b6 AR |
287 | doneWithRetries(); |
288 | ||
6dd9f4bd | 289 | HTTPMSGUNLOCK(request); |
62e76326 | 290 | |
913524f0 | 291 | delete err; |
62e76326 | 292 | |
3900307b | 293 | entry->unregisterAbort(); |
429871db | 294 | |
1bfe9ade | 295 | entry->unlock("FwdState"); |
62e76326 | 296 | |
b6b6f466 | 297 | entry = NULL; |
62e76326 | 298 | |
e3a4aecc AJ |
299 | if (calls.connector != NULL) { |
300 | calls.connector->cancel("FwdState destructed"); | |
301 | calls.connector = NULL; | |
302 | } | |
303 | ||
e8dca475 CT |
304 | if (Comm::IsConnOpen(serverConn)) |
305 | closeServerConnection("~FwdState"); | |
fc68f6b1 | 306 | |
c33a88ca | 307 | serverDestinations.clear(); |
cfd66529 | 308 | |
cc8c4af2 | 309 | debugs(17, 3, "FwdState destructed, this=" << this); |
b6b6f466 | 310 | } |
62e76326 | 311 | |
38413773 | 312 | /** |
b6b6f466 | 313 | * This is the entry point for client-side to start forwarding |
314 | * a transaction. It is a static method that may or may not | |
315 | * allocate a FwdState. | |
316 | */ | |
be0c6690 | 317 | void |
4bf68cfa | 318 | FwdState::Start(const Comm::ConnectionPointer &clientConn, StoreEntry *entry, HttpRequest *request, const AccessLogEntryPointer &al) |
b6b6f466 | 319 | { |
b50e327b | 320 | /** \note |
b6b6f466 | 321 | * client_addr == no_addr indicates this is an "internal" request |
322 | * from peer_digest.c, asn.c, netdb.c, etc and should always | |
323 | * be allowed. yuck, I know. | |
324 | */ | |
62e76326 | 325 | |
4dd643d5 | 326 | if ( Config.accessList.miss && !request->client_addr.isNoAddr() && |
4e3f4dc7 | 327 | !request->flags.internal && request->url.getScheme() != AnyP::PROTO_CACHE_OBJECT) { |
b50e327b | 328 | /** |
fbd3636b NR |
329 | * Check if this host is allowed to fetch MISSES from us (miss_access). |
330 | * Intentionally replace the src_addr automatically selected by the checklist code | |
331 | * we do NOT want the indirect client address to be tested here. | |
b6b6f466 | 332 | */ |
c0941a6a | 333 | ACLFilledChecklist ch(Config.accessList.miss, request, NULL); |
b6b6f466 | 334 | ch.src_addr = request->client_addr; |
06bf5384 | 335 | if (ch.fastCheck().denied()) { |
b6b6f466 | 336 | err_type page_id; |
9ce7856a | 337 | page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, 1); |
b6b6f466 | 338 | |
339 | if (page_id == ERR_NONE) | |
340 | page_id = ERR_FORWARDING_DENIED; | |
341 | ||
955394ce | 342 | ErrorState *anErr = new ErrorState(page_id, Http::scForbidden, request); |
f53969cc | 343 | errorAppendEntry(entry, anErr); // frees anErr |
be0c6690 | 344 | return; |
b6b6f466 | 345 | } |
346 | } | |
347 | ||
cfd66529 | 348 | debugs(17, 3, HERE << "'" << entry->url() << "'"); |
f4ef658f | 349 | /* |
350 | * This seems like an odd place to bind mem_obj and request. | |
351 | * Might want to assert that request is NULL at this point | |
352 | */ | |
b248c2a3 | 353 | entry->mem_obj->request = request; |
b6b6f466 | 354 | #if URL_CHECKSUM_DEBUG |
355 | ||
356 | entry->mem_obj->checkUrlChecksum(); | |
357 | #endif | |
358 | ||
359 | if (shutting_down) { | |
360 | /* more yuck */ | |
955394ce | 361 | ErrorState *anErr = new ErrorState(ERR_SHUTTING_DOWN, Http::scServiceUnavailable, request); |
f53969cc | 362 | errorAppendEntry(entry, anErr); // frees anErr |
be0c6690 | 363 | return; |
6801f8a8 | 364 | } |
62e76326 | 365 | |
4e3f4dc7 AJ |
366 | if (request->flags.internal) { |
367 | debugs(17, 2, "calling internalStart() due to request flag"); | |
e37bd29b | 368 | internalStart(clientConn, request, entry); |
be0c6690 | 369 | return; |
4e3f4dc7 AJ |
370 | } |
371 | ||
372 | switch (request->url.getScheme()) { | |
b6b6f466 | 373 | |
39a19cb7 | 374 | case AnyP::PROTO_CACHE_OBJECT: |
4e3f4dc7 | 375 | debugs(17, 2, "calling CacheManager due to request scheme " << request->url.getScheme()); |
5c336a3b | 376 | CacheManager::GetInstance()->Start(clientConn, request, entry); |
be0c6690 | 377 | return; |
b6b6f466 | 378 | |
0c3d3f65 | 379 | case AnyP::PROTO_URN: |
b6b6f466 | 380 | urnStart(request, entry); |
be0c6690 | 381 | return; |
b6b6f466 | 382 | |
383 | default: | |
4bf68cfa | 384 | FwdState::Pointer fwd = new FwdState(clientConn, entry, request, al); |
7a0fb323 | 385 | fwd->start(fwd); |
be0c6690 | 386 | return; |
b6b6f466 | 387 | } |
388 | ||
389 | /* NOTREACHED */ | |
41462d93 | 390 | } |
391 | ||
4bf68cfa AR |
392 | void |
393 | FwdState::fwdStart(const Comm::ConnectionPointer &clientConn, StoreEntry *entry, HttpRequest *request) | |
394 | { | |
395 | // Hides AccessLogEntry.h from code that does not supply ALE anyway. | |
396 | Start(clientConn, entry, request, NULL); | |
397 | } | |
398 | ||
0ce8e93b EB |
399 | /// subtracts time_t values, returning zero if smaller exceeds the larger value |
400 | /// time_t might be unsigned so we need to be careful when subtracting times... | |
401 | static inline time_t | |
402 | diffOrZero(const time_t larger, const time_t smaller) | |
403 | { | |
404 | return (larger > smaller) ? (larger - smaller) : 0; | |
405 | } | |
406 | ||
407 | /// time left to finish the whole forwarding process (which started at fwdStart) | |
408 | time_t | |
409 | FwdState::ForwardTimeout(const time_t fwdStart) | |
410 | { | |
411 | // time already spent on forwarding (0 if clock went backwards) | |
412 | const time_t timeSpent = diffOrZero(squid_curtime, fwdStart); | |
413 | return diffOrZero(Config.Timeout.forward, timeSpent); | |
414 | } | |
415 | ||
416 | bool | |
417 | FwdState::EnoughTimeToReForward(const time_t fwdStart) | |
418 | { | |
419 | return ForwardTimeout(fwdStart) > 0; | |
420 | } | |
421 | ||
cfd66529 | 422 | void |
6b679a01 | 423 | FwdState::startConnectionOrFail() |
cfd66529 | 424 | { |
8652f8e7 | 425 | debugs(17, 3, HERE << entry->url()); |
cfd66529 | 426 | |
00ae51e4 | 427 | if (serverDestinations.size() > 0) { |
8652f8e7 AJ |
428 | // Ditch error page if it was created before. |
429 | // A new one will be created if there's another problem | |
913524f0 AJ |
430 | delete err; |
431 | err = NULL; | |
8652f8e7 AJ |
432 | |
433 | // Update the logging information about this new server connection. | |
434 | // Done here before anything else so the errors get logged for | |
435 | // this server link regardless of what happens when connecting to it. | |
436 | // IF sucessfuly connected this top destination will become the serverConnection(). | |
7d1dac79 | 437 | syncHierNote(serverDestinations[0], request->url.host()); |
129fe2a1 | 438 | request->clearError(); |
8652f8e7 | 439 | |
cfd66529 AJ |
440 | connectStart(); |
441 | } else { | |
6043e368 AR |
442 | if (PeerSelectionInitiator::subscribed) { |
443 | debugs(17, 4, "wait for more destinations to try"); | |
444 | return; // expect a noteDestination*() call | |
445 | } | |
446 | ||
95b83010 CT |
447 | debugs(17, 3, HERE << "Connection failed: " << entry->url()); |
448 | if (!err) { | |
955394ce | 449 | ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, Http::scInternalServerError, request); |
95b83010 | 450 | fail(anErr); |
8652f8e7 | 451 | } // else use actual error from last connection attempt |
6043e368 AR |
452 | |
453 | stopAndDestroy("tried all destinations"); | |
cfd66529 AJ |
454 | } |
455 | } | |
456 | ||
b6b6f466 | 457 | void |
458 | FwdState::fail(ErrorState * errorState) | |
459 | { | |
9b769c67 | 460 | debugs(17, 3, err_type_str[errorState->type] << " \"" << Http::StatusCodeString(errorState->httpStatus) << "\"\n\t" << entry->url()); |
b6b6f466 | 461 | |
913524f0 | 462 | delete err; |
b6b6f466 | 463 | err = errorState; |
464 | ||
e2cc8c07 | 465 | if (!errorState->request) |
b248c2a3 | 466 | errorState->request = request; |
64b66b76 | 467 | |
693cb033 CT |
468 | if (err->type != ERR_ZERO_SIZE_OBJECT) |
469 | return; | |
470 | ||
471 | if (pconnRace == racePossible) { | |
bc81ee68 AR |
472 | debugs(17, 5, HERE << "pconn race happened"); |
473 | pconnRace = raceHappened; | |
474 | } | |
693cb033 CT |
475 | |
476 | if (ConnStateData *pinned_connection = request->pinnedConnection()) { | |
477 | pinned_connection->pinning.zeroReply = true; | |
478 | flags.dont_retry = true; // we want to propagate failure to the client | |
479 | debugs(17, 4, "zero reply on pinned connection"); | |
480 | } | |
b6b6f466 | 481 | } |
482 | ||
38413773 | 483 | /** |
b6b6f466 | 484 | * Frees fwdState without closing FD or generating an abort |
485 | */ | |
486 | void | |
00ae51e4 | 487 | FwdState::unregister(Comm::ConnectionPointer &conn) |
5229395c AJ |
488 | { |
489 | debugs(17, 3, HERE << entry->url() ); | |
490 | assert(serverConnection() == conn); | |
6b679a01 | 491 | assert(Comm::IsConnOpen(conn)); |
398bc066 CT |
492 | comm_remove_close_handler(conn->fd, closeHandler); |
493 | closeHandler = NULL; | |
00ae51e4 | 494 | serverConn = NULL; |
5229395c AJ |
495 | } |
496 | ||
d5430dc8 | 497 | // \deprecated use unregister(Comm::ConnectionPointer &conn) instead |
5229395c | 498 | void |
b6b6f466 | 499 | FwdState::unregister(int fd) |
500 | { | |
5229395c AJ |
501 | debugs(17, 3, HERE << entry->url() ); |
502 | assert(fd == serverConnection()->fd); | |
00ae51e4 | 503 | unregister(serverConn); |
b6b6f466 | 504 | } |
505 | ||
38413773 | 506 | /** |
d5430dc8 | 507 | * FooClient modules call fwdComplete() when they are done |
b6b6f466 | 508 | * downloading an object. Then, we either 1) re-forward the |
509 | * request somewhere else if needed, or 2) call storeComplete() | |
510 | * to finish it off | |
511 | */ | |
512 | void | |
513 | FwdState::complete() | |
514 | { | |
9b769c67 | 515 | debugs(17, 3, HERE << entry->url() << "\n\tstatus " << entry->getReply()->sline.status()); |
b6b6f466 | 516 | #if URL_CHECKSUM_DEBUG |
517 | ||
518 | entry->mem_obj->checkUrlChecksum(); | |
519 | #endif | |
520 | ||
9b769c67 | 521 | logReplyStatus(n_tries, entry->getReply()->sline.status()); |
b6b6f466 | 522 | |
523 | if (reforward()) { | |
9b769c67 | 524 | debugs(17, 3, HERE << "re-forwarding " << entry->getReply()->sline.status() << " " << entry->url()); |
b6b6f466 | 525 | |
6b679a01 | 526 | if (Comm::IsConnOpen(serverConn)) |
00ae51e4 | 527 | unregister(serverConn); |
b6b6f466 | 528 | |
cfd66529 AJ |
529 | entry->reset(); |
530 | ||
8652f8e7 | 531 | // drop the last path off the selection list. try the next one. |
6043e368 AR |
532 | if (!serverDestinations.empty()) // paranoid |
533 | serverDestinations.erase(serverDestinations.begin()); | |
8652f8e7 AJ |
534 | startConnectionOrFail(); |
535 | ||
b6b6f466 | 536 | } else { |
6b679a01 | 537 | if (Comm::IsConnOpen(serverConn)) |
9b769c67 | 538 | debugs(17, 3, HERE << "server FD " << serverConnection()->fd << " not re-forwarding status " << entry->getReply()->sline.status()); |
6b679a01 | 539 | else |
9b769c67 | 540 | debugs(17, 3, HERE << "server (FD closed) not re-forwarding status " << entry->getReply()->sline.status()); |
9e5c22cf AJ |
541 | EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); |
542 | entry->complete(); | |
fc68f6b1 | 543 | |
6b679a01 | 544 | if (!Comm::IsConnOpen(serverConn)) |
fc68f6b1 | 545 | completed(); |
546 | ||
6043e368 | 547 | stopAndDestroy("forwarding completed"); |
b6b6f466 | 548 | } |
549 | } | |
550 | ||
6043e368 AR |
551 | void |
552 | FwdState::noteDestination(Comm::ConnectionPointer path) | |
553 | { | |
554 | const bool wasBlocked = serverDestinations.empty(); | |
555 | serverDestinations.push_back(path); | |
556 | if (wasBlocked) | |
557 | startConnectionOrFail(); | |
558 | // else continue to use one of the previously noted destinations; | |
559 | // if all of them fail, we may try this path | |
560 | } | |
b6b6f466 | 561 | |
6043e368 AR |
562 | void |
563 | FwdState::noteDestinationsEnd(ErrorState *selectionError) | |
b6b6f466 | 564 | { |
6043e368 | 565 | PeerSelectionInitiator::subscribed = false; |
7cbbf717 | 566 | if (serverDestinations.empty()) { // was blocked, waiting for more paths |
6043e368 AR |
567 | |
568 | if (selectionError) { | |
569 | debugs(17, 3, "Will abort forwarding because path selection has failed."); | |
570 | Must(!err); // if we tried to connect, then path selection succeeded | |
571 | fail(selectionError); | |
572 | } | |
573 | else if (err) | |
574 | debugs(17, 3, "Will abort forwarding because all found paths have failed."); | |
575 | else | |
576 | debugs(17, 3, "Will abort forwarding because path selection found no paths."); | |
577 | ||
578 | startConnectionOrFail(); // will choose the OrFail code path | |
579 | return; | |
580 | } | |
581 | // else continue to use one of the previously noted destinations; | |
582 | // if all of them fail, forwarding as whole will fail | |
583 | Must(!selectionError); // finding at least one path means selection succeeded | |
b6b6f466 | 584 | } |
585 | ||
6043e368 AR |
586 | /**** CALLBACK WRAPPERS ************************************************************/ |
587 | ||
b6b6f466 | 588 | static void |
575d05c4 | 589 | fwdServerClosedWrapper(const CommCloseCbParams ¶ms) |
b6b6f466 | 590 | { |
575d05c4 AJ |
591 | FwdState *fwd = (FwdState *)params.data; |
592 | fwd->serverClosed(params.fd); | |
b6b6f466 | 593 | } |
594 | ||
cfd66529 | 595 | void |
c8407295 | 596 | fwdConnectDoneWrapper(const Comm::ConnectionPointer &conn, Comm::Flag status, int xerrno, void *data) |
b6b6f466 | 597 | { |
598 | FwdState *fwd = (FwdState *) data; | |
aed188fd | 599 | fwd->connectDone(conn, status, xerrno); |
b6b6f466 | 600 | } |
601 | ||
602 | /**** PRIVATE *****************************************************************/ | |
603 | ||
545782b8 | 604 | /* |
605 | * FwdState::checkRetry | |
26ac0430 | 606 | * |
545782b8 | 607 | * Return TRUE if the request SHOULD be retried. This method is |
608 | * called when the HTTP connection fails, or when the connection | |
d5430dc8 | 609 | * is closed before reading the end of HTTP headers from the server. |
545782b8 | 610 | */ |
b6b6f466 | 611 | bool |
612 | FwdState::checkRetry() | |
68bd6892 | 613 | { |
d8fd0f18 | 614 | if (shutting_down) |
b6b6f466 | 615 | return false; |
62e76326 | 616 | |
9d2760b6 AR |
617 | if (!self) { // we have aborted before the server called us back |
618 | debugs(17, 5, HERE << "not retrying because of earlier abort"); | |
619 | // we will be destroyed when the server clears its Pointer to us | |
620 | return false; | |
621 | } | |
622 | ||
b6b6f466 | 623 | if (entry->store_status != STORE_PENDING) |
624 | return false; | |
62e76326 | 625 | |
b6b6f466 | 626 | if (!entry->isEmpty()) |
627 | return false; | |
62e76326 | 628 | |
23a1e39c | 629 | if (n_tries > Config.forward_max_tries) |
b6b6f466 | 630 | return false; |
4ed0e075 | 631 | |
0ce8e93b | 632 | if (!EnoughTimeToReForward(start_t)) |
b6b6f466 | 633 | return false; |
62e76326 | 634 | |
b6b6f466 | 635 | if (flags.dont_retry) |
636 | return false; | |
62e76326 | 637 | |
3b9899f7 AR |
638 | if (request->bodyNibbled()) |
639 | return false; | |
640 | ||
0bbd5532 AJ |
641 | // NP: not yet actually connected anywhere. retry is safe. |
642 | if (!flags.connected_okay) | |
643 | return true; | |
644 | ||
5d4989a8 | 645 | if (!checkRetriable()) |
646 | return false; | |
647 | ||
b6b6f466 | 648 | return true; |
68bd6892 | 649 | } |
650 | ||
afc753f3 | 651 | /// Whether we may try sending this request again after a failure. |
b6b6f466 | 652 | bool |
653 | FwdState::checkRetriable() | |
cb928909 | 654 | { |
ccbcff0e AR |
655 | // Optimize: A compliant proxy may retry PUTs, but Squid lacks the [rather |
656 | // complicated] code required to protect the PUT request body from being | |
657 | // nibbled during the first try. Thus, Squid cannot retry some PUTs today. | |
658 | if (request->body_pipe != NULL) | |
659 | return false; | |
660 | ||
c2a7cefd AJ |
661 | // RFC2616 9.1 Safe and Idempotent Methods |
662 | return (request->method.isHttpSafe() || request->method.isIdempotent()); | |
cb928909 | 663 | } |
664 | ||
b6b6f466 | 665 | void |
666 | FwdState::serverClosed(int fd) | |
910169e5 | 667 | { |
8ed21336 | 668 | // XXX: fd is often -1 here |
e8dca475 | 669 | debugs(17, 2, "FD " << fd << " " << entry->url() << " after " << |
8ed21336 AR |
670 | (fd >= 0 ? fd_table[fd].pconn.uses : -1) << " requests"); |
671 | if (fd >= 0 && serverConnection()->fd == fd) | |
e8dca475 | 672 | fwdPconnPool->noteUses(fd_table[fd].pconn.uses); |
3e8c047e | 673 | retryOrBail(); |
674 | } | |
675 | ||
676 | void | |
26ac0430 AJ |
677 | FwdState::retryOrBail() |
678 | { | |
b6b6f466 | 679 | if (checkRetry()) { |
cfd66529 | 680 | debugs(17, 3, HERE << "re-forwarding (" << n_tries << " tries, " << (squid_curtime - start_t) << " secs)"); |
bc81ee68 AR |
681 | // we should retry the same destination if it failed due to pconn race |
682 | if (pconnRace == raceHappened) | |
683 | debugs(17, 4, HERE << "retrying the same destination"); | |
684 | else | |
b181c1df | 685 | serverDestinations.erase(serverDestinations.begin()); // last one failed. try another. |
8652f8e7 AJ |
686 | startConnectionOrFail(); |
687 | return; | |
d8fd0f18 | 688 | } |
62e76326 | 689 | |
9d2760b6 AR |
690 | // TODO: should we call completed() here and move doneWithRetries there? |
691 | doneWithRetries(); | |
692 | ||
16b70e2a CT |
693 | request->hier.stopPeerClock(false); |
694 | ||
8f01bdfb | 695 | if (self != NULL && !err && shutting_down && entry->isEmpty()) { |
955394ce | 696 | ErrorState *anErr = new ErrorState(ERR_SHUTTING_DOWN, Http::scServiceUnavailable, request); |
f01d4b80 | 697 | errorAppendEntry(entry, anErr); |
f563eea9 | 698 | } |
62e76326 | 699 | |
6043e368 | 700 | stopAndDestroy("cannot retry"); |
910169e5 | 701 | } |
702 | ||
9d2760b6 AR |
703 | // If the Server quits before nibbling at the request body, the body sender |
704 | // will not know (so that we can retry). Call this if we will not retry. We | |
705 | // will notify the sender so that it does not get stuck waiting for space. | |
706 | void | |
707 | FwdState::doneWithRetries() | |
708 | { | |
709 | if (request && request->body_pipe != NULL) | |
710 | request->body_pipe->expectNoConsumption(); | |
711 | } | |
712 | ||
3e8c047e | 713 | // called by the server that failed after calling unregister() |
714 | void | |
715 | FwdState::handleUnregisteredServerEnd() | |
716 | { | |
cfd66529 | 717 | debugs(17, 2, HERE << "self=" << self << " err=" << err << ' ' << entry->url()); |
6b679a01 | 718 | assert(!Comm::IsConnOpen(serverConn)); |
3e8c047e | 719 | retryOrBail(); |
720 | } | |
721 | ||
b6b6f466 | 722 | void |
c8407295 | 723 | FwdState::connectDone(const Comm::ConnectionPointer &conn, Comm::Flag status, int xerrno) |
41462d93 | 724 | { |
c8407295 | 725 | if (status != Comm::OK) { |
9c8a6c3b | 726 | ErrorState *const anErr = makeConnectingError(ERR_CONNECT_FAIL); |
b6b6f466 | 727 | anErr->xerrno = xerrno; |
b6b6f466 | 728 | fail(anErr); |
62e76326 | 729 | |
2f538b78 | 730 | /* it might have been a timeout with a partially open link */ |
00ae51e4 AJ |
731 | if (conn != NULL) { |
732 | if (conn->getPeer()) | |
733 | peerConnectFailed(conn->getPeer()); | |
62e76326 | 734 | |
80463bb4 | 735 | conn->close(); |
2f538b78 | 736 | } |
aed188fd | 737 | retryOrBail(); |
2f538b78 AJ |
738 | return; |
739 | } | |
62e76326 | 740 | |
00ae51e4 | 741 | serverConn = conn; |
f01d4b80 | 742 | debugs(17, 3, HERE << serverConnection() << ": '" << entry->url() << "'" ); |
62e76326 | 743 | |
398bc066 | 744 | closeHandler = comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper, this); |
2f538b78 | 745 | |
693cb033 | 746 | if (!request->flags.pinned) { |
d9a7bc71 CT |
747 | const CachePeer *p = serverConnection()->getPeer(); |
748 | const bool peerWantsTls = p && p->secure.encryptTransport; | |
b53b9f8d | 749 | // userWillTlsToPeerForUs assumes CONNECT == HTTPS |
d9a7bc71 | 750 | const bool userWillTlsToPeerForUs = p && p->options.originserver && |
66c60bb0 | 751 | request->method == Http::METHOD_CONNECT; |
d9a7bc71 CT |
752 | const bool needTlsToPeer = peerWantsTls && !userWillTlsToPeerForUs; |
753 | const bool needTlsToOrigin = !p && request->url.getScheme() == AnyP::PROTO_HTTPS; | |
754 | if (needTlsToPeer || needTlsToOrigin || request->flags.sslPeek) { | |
a23223bf CT |
755 | HttpRequest::Pointer requestPointer = request; |
756 | AsyncCall::Pointer callback = asyncCall(17,4, | |
e2849af8 A |
757 | "FwdState::ConnectedToPeer", |
758 | FwdStatePeerAnswerDialer(&FwdState::connectedToPeer, this)); | |
8aec3e1b | 759 | // Use positive timeout when less than one second is left. |
0ce8e93b EB |
760 | const time_t connTimeout = serverDestinations[0]->connectTimeout(start_t); |
761 | const time_t sslNegotiationTimeout = positiveTimeout(connTimeout); | |
a72b6e88 AJ |
762 | Security::PeerConnector *connector = nullptr; |
763 | #if USE_OPENSSL | |
2e249337 | 764 | if (request->flags.sslPeek) |
d4ddb3e6 | 765 | connector = new Ssl::PeekingPeerConnector(requestPointer, serverConnection(), clientConn, callback, al, sslNegotiationTimeout); |
2e249337 | 766 | else |
a72b6e88 AJ |
767 | #endif |
768 | connector = new Security::BlindPeerConnector(requestPointer, serverConnection(), callback, al, sslNegotiationTimeout); | |
a23223bf | 769 | AsyncJob::Start(connector); // will call our callback |
39322eba J |
770 | return; |
771 | } | |
41462d93 | 772 | } |
2f538b78 | 773 | |
fcfdf7f9 AJ |
774 | // if not encrypting just run the post-connect actions |
775 | Security::EncryptorAnswer nil; | |
776 | connectedToPeer(nil); | |
41462d93 | 777 | } |
778 | ||
a23223bf | 779 | void |
fcfdf7f9 | 780 | FwdState::connectedToPeer(Security::EncryptorAnswer &answer) |
a23223bf CT |
781 | { |
782 | if (ErrorState *error = answer.error.get()) { | |
783 | fail(error); | |
784 | answer.error.clear(); // preserve error for errorSendComplete() | |
89d7efa5 CT |
785 | if (CachePeer *p = serverConnection()->getPeer()) |
786 | peerConnectFailed(p); | |
4e646287 | 787 | serverConnection()->close(); |
a23223bf CT |
788 | return; |
789 | } | |
790 | ||
56753478 CT |
791 | if (answer.tunneled) { |
792 | // TODO: When ConnStateData establishes tunnels, its state changes | |
793 | // [in ways that may affect logging?]. Consider informing | |
794 | // ConnStateData about our tunnel or otherwise unifying tunnel | |
795 | // establishment [side effects]. | |
796 | unregister(serverConn); // async call owns it now | |
797 | complete(); // destroys us | |
798 | return; | |
799 | } | |
800 | ||
fcfdf7f9 AJ |
801 | // should reach ConnStateData before the dispatched Client job starts |
802 | CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, | |
803 | ConnStateData::notePeerConnection, serverConnection()); | |
804 | ||
89d7efa5 CT |
805 | if (serverConnection()->getPeer()) |
806 | peerConnectSucceded(serverConnection()->getPeer()); | |
807 | ||
808 | flags.connected_okay = true; | |
a23223bf CT |
809 | dispatch(); |
810 | } | |
a23223bf | 811 | |
b6b6f466 | 812 | void |
813 | FwdState::connectTimeout(int fd) | |
41462d93 | 814 | { |
bf8fe701 | 815 | debugs(17, 2, "fwdConnectTimeout: FD " << fd << ": '" << entry->url() << "'" ); |
6b679a01 AJ |
816 | assert(serverDestinations[0] != NULL); |
817 | assert(fd == serverDestinations[0]->fd); | |
62e76326 | 818 | |
528b2c61 | 819 | if (entry->isEmpty()) { |
f11c8e2f | 820 | ErrorState *anErr = new ErrorState(ERR_CONNECT_FAIL, Http::scGatewayTimeout, request); |
b6b6f466 | 821 | anErr->xerrno = ETIMEDOUT; |
822 | fail(anErr); | |
62e76326 | 823 | |
cfd66529 | 824 | /* This marks the peer DOWN ... */ |
6b679a01 AJ |
825 | if (serverDestinations[0]->getPeer()) |
826 | peerConnectFailed(serverDestinations[0]->getPeer()); | |
41462d93 | 827 | } |
62e76326 | 828 | |
6b679a01 AJ |
829 | if (Comm::IsConnOpen(serverDestinations[0])) { |
830 | serverDestinations[0]->close(); | |
746beefe | 831 | } |
41462d93 | 832 | } |
833 | ||
4b77ea6b AR |
834 | /// called when serverConn is set to an _open_ to-peer connection |
835 | void | |
836 | FwdState::syncWithServerConn(const char *host) | |
837 | { | |
838 | if (Ip::Qos::TheConfig.isAclTosActive()) | |
839 | Ip::Qos::setSockTos(serverConn, GetTosToServer(request)); | |
840 | ||
841 | #if SO_MARK | |
842 | if (Ip::Qos::TheConfig.isAclNfmarkActive()) | |
843 | Ip::Qos::setSockNfmark(serverConn, GetNfmarkToServer(request)); | |
844 | #endif | |
845 | ||
7d1dac79 EB |
846 | syncHierNote(serverConn, host); |
847 | } | |
848 | ||
849 | void | |
850 | FwdState::syncHierNote(const Comm::ConnectionPointer &server, const char *host) | |
851 | { | |
1ce66e29 | 852 | if (request) |
d8165775 | 853 | request->hier.resetPeerNotes(server, host); |
1ce66e29 | 854 | if (al) |
d8165775 | 855 | al->hier.resetPeerNotes(server, host); |
4b77ea6b AR |
856 | } |
857 | ||
8aec3e1b CT |
858 | /** |
859 | * Called after forwarding path selection (via peer select) has taken place | |
860 | * and whenever forwarding needs to attempt a new connection (routing failover). | |
861 | * We have a vector of possible localIP->remoteIP paths now ready to start being connected. | |
862 | */ | |
863 | void | |
864 | FwdState::connectStart() | |
865 | { | |
866 | assert(serverDestinations.size() > 0); | |
867 | ||
868 | debugs(17, 3, "fwdConnectStart: " << entry->url()); | |
869 | ||
16b70e2a | 870 | request->hier.startPeerClock(); |
777831e0 | 871 | |
d9a7bc71 CT |
872 | // Do not fowrward bumped connections to parent proxy unless it is an |
873 | // origin server | |
874 | if (serverDestinations[0]->getPeer() && !serverDestinations[0]->getPeer()->options.originserver && request->flags.sslBumped) { | |
2cf8425b | 875 | debugs(50, 4, "fwdConnectStart: Ssl bumped connections through parent proxy are not allowed"); |
955394ce | 876 | ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, Http::scServiceUnavailable, request); |
b68415a1 | 877 | fail(anErr); |
6043e368 | 878 | stopAndDestroy("SslBump misconfiguration"); |
b68415a1 | 879 | return; |
985bfe6b | 880 | } |
d67acb4e | 881 | |
e857372a | 882 | request->flags.pinned = false; // XXX: what if the ConnStateData set this to flag existing credentials? |
2efeb0b7 AJ |
883 | // XXX: answer: the peer selection *should* catch it and give us only the pinned peer. so we reverse the =0 step below. |
884 | // XXX: also, logs will now lie if pinning is broken and leads to an error message. | |
6b679a01 | 885 | if (serverDestinations[0]->peerType == PINNED) { |
26ac0430 | 886 | ConnStateData *pinned_connection = request->pinnedConnection(); |
693cb033 | 887 | debugs(17,7, "pinned peer connection: " << pinned_connection); |
bc81ee68 | 888 | // pinned_connection may become nil after a pconn race |
60199bd7 CT |
889 | serverConn = pinned_connection ? pinned_connection->borrowPinnedConnection(request, serverDestinations[0]->getPeer()) : nullptr; |
890 | if (Comm::IsConnOpen(serverConn)) { | |
891 | flags.connected_okay = true; | |
892 | ++n_tries; | |
893 | request->flags.pinned = true; | |
894 | ||
895 | if (pinned_connection->pinnedAuth()) | |
896 | request->flags.auth = true; | |
897 | ||
898 | closeHandler = comm_add_close_handler(serverConn->fd, fwdServerClosedWrapper, this); | |
899 | ||
900 | syncWithServerConn(pinned_connection->pinning.host); | |
901 | ||
902 | // the server may close the pinned connection before this request | |
903 | pconnRace = racePossible; | |
904 | dispatch(); | |
905 | return; | |
906 | } | |
b410d563 | 907 | |
693cb033 | 908 | // Pinned connection failure. |
85563fd9 | 909 | debugs(17,2,HERE << "Pinned connection failed: " << pinned_connection); |
955394ce | 910 | ErrorState *anErr = new ErrorState(ERR_ZERO_SIZE_OBJECT, Http::scServiceUnavailable, request); |
693cb033 | 911 | fail(anErr); |
6043e368 | 912 | stopAndDestroy("pinned connection failure"); |
693cb033 | 913 | return; |
26ac0430 | 914 | } |
d67acb4e | 915 | |
642a305c | 916 | // Use pconn to avoid opening a new connection. |
7a150c71 AJ |
917 | const char *host = NULL; |
918 | if (!serverDestinations[0]->getPeer()) | |
5c51bffb | 919 | host = request->url.host(); |
bc81ee68 AR |
920 | |
921 | Comm::ConnectionPointer temp; | |
922 | // Avoid pconns after races so that the same client does not suffer twice. | |
923 | // This does not increase the total number of connections because we just | |
924 | // closed the connection that failed the race. And re-pinning assumes this. | |
925 | if (pconnRace != raceHappened) | |
e8dca475 | 926 | temp = pconnPop(serverDestinations[0], host); |
bbf706ff | 927 | |
bc81ee68 AR |
928 | const bool openedPconn = Comm::IsConnOpen(temp); |
929 | pconnRace = openedPconn ? racePossible : raceImpossible; | |
cfd66529 | 930 | |
6b679a01 | 931 | // if we found an open persistent connection to use. use it. |
bc81ee68 | 932 | if (openedPconn) { |
80463bb4 | 933 | serverConn = temp; |
3b9899f7 | 934 | flags.connected_okay = true; |
642a305c | 935 | debugs(17, 3, HERE << "reusing pconn " << serverConnection()); |
95dc7ff4 | 936 | ++n_tries; |
4ed0e075 | 937 | |
398bc066 | 938 | closeHandler = comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper, this); |
b5523edc | 939 | |
4b77ea6b | 940 | syncWithServerConn(request->url.host()); |
b5523edc | 941 | |
c8ceec27 | 942 | dispatch(); |
c8ceec27 | 943 | return; |
41462d93 | 944 | } |
62e76326 | 945 | |
bc81ee68 AR |
946 | // We will try to open a new connection, possibly to the same destination. |
947 | // We reset serverDestinations[0] in case we are using it again because | |
948 | // ConnOpener modifies its destination argument. | |
4dd643d5 | 949 | serverDestinations[0]->local.port(0); |
bc81ee68 AR |
950 | serverConn = NULL; |
951 | ||
bc87dc25 | 952 | #if URL_CHECKSUM_DEBUG |
b6b6f466 | 953 | entry->mem_obj->checkUrlChecksum(); |
bc87dc25 | 954 | #endif |
62e76326 | 955 | |
6ee88490 | 956 | GetMarkingsToServer(request, *serverDestinations[0]); |
b5523edc | 957 | |
e3a4aecc | 958 | calls.connector = commCbCall(17,3, "fwdConnectDoneWrapper", CommConnectCbPtrFun(fwdConnectDoneWrapper, this)); |
0ce8e93b EB |
959 | const time_t connTimeout = serverDestinations[0]->connectTimeout(start_t); |
960 | Comm::ConnOpener *cs = new Comm::ConnOpener(serverDestinations[0], calls.connector, connTimeout); | |
7a150c71 AJ |
961 | if (host) |
962 | cs->setHost(host); | |
855150a4 | 963 | AsyncJob::Start(cs); |
41462d93 | 964 | } |
965 | ||
b6b6f466 | 966 | void |
967 | FwdState::dispatch() | |
41462d93 | 968 | { |
7f06a3d8 | 969 | debugs(17, 3, clientConn << ": Fetching " << request->method << ' ' << entry->url()); |
e0ebe27c | 970 | /* |
971 | * Assert that server_fd is set. This is to guarantee that fwdState | |
972 | * is attached to something and will be deallocated when server_fd | |
973 | * is closed. | |
974 | */ | |
6b679a01 | 975 | assert(Comm::IsConnOpen(serverConn)); |
62e76326 | 976 | |
5229395c | 977 | fd_note(serverConnection()->fd, entry->url()); |
62e76326 | 978 | |
e8dca475 | 979 | fd_table[serverConnection()->fd].noteUse(); |
62e76326 | 980 | |
a7ad6e4e | 981 | /*assert(!EBIT_TEST(entry->flags, ENTRY_DISPATCHED)); */ |
982 | assert(entry->ping_status != PING_WAITING); | |
62e76326 | 983 | |
1bfe9ade | 984 | assert(entry->locked()); |
62e76326 | 985 | |
a7ad6e4e | 986 | EBIT_SET(entry->flags, ENTRY_DISPATCHED); |
62e76326 | 987 | |
5c51bffb | 988 | netdbPingSite(request->url.host()); |
62e76326 | 989 | |
425de4c8 | 990 | /* Retrieves remote server TOS or MARK value, and stores it as part of the |
7172612f | 991 | * original client request FD object. It is later used to forward |
425de4c8 | 992 | * remote server's TOS/MARK in the response to the client in case of a MISS. |
7172612f | 993 | */ |
425de4c8 | 994 | if (Ip::Qos::TheConfig.isHitNfmarkActive()) { |
b5523edc AJ |
995 | if (Comm::IsConnOpen(clientConn) && Comm::IsConnOpen(serverConnection())) { |
996 | fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos | |
425de4c8 | 997 | /* Get the netfilter mark for the connection */ |
b5523edc | 998 | Ip::Qos::getNfmarkFromServer(serverConnection(), clientFde); |
425de4c8 AJ |
999 | } |
1000 | } | |
1001 | ||
1002 | #if _SQUID_LINUX_ | |
1003 | /* Bug 2537: The TOS forward part of QOS only applies to patched Linux kernels. */ | |
1004 | if (Ip::Qos::TheConfig.isHitTosActive()) { | |
b5523edc AJ |
1005 | if (Comm::IsConnOpen(clientConn)) { |
1006 | fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos | |
425de4c8 | 1007 | /* Get the TOS value for the packet */ |
b5523edc | 1008 | Ip::Qos::getTosFromServer(serverConnection(), clientFde); |
7172612f | 1009 | } |
26ac0430 | 1010 | } |
7172612f AJ |
1011 | #endif |
1012 | ||
cb4f4424 | 1013 | #if USE_OPENSSL |
2c065fc8 | 1014 | if (request->flags.sslPeek) { |
d7ce0bcd | 1015 | CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData, |
801cfc26 | 1016 | ConnStateData::httpsPeeked, ConnStateData::PinnedIdleContext(serverConnection(), request)); |
d7ce0bcd AR |
1017 | unregister(serverConn); // async call owns it now |
1018 | complete(); // destroys us | |
1019 | return; | |
061bbdec | 1020 | } |
d7ce0bcd AR |
1021 | #endif |
1022 | ||
5229395c | 1023 | if (serverConnection()->getPeer() != NULL) { |
95dc7ff4 | 1024 | ++ serverConnection()->getPeer()->stats.fetches; |
5229395c AJ |
1025 | request->peer_login = serverConnection()->getPeer()->login; |
1026 | request->peer_domain = serverConnection()->getPeer()->domain; | |
9825b398 | 1027 | request->flags.auth_no_keytab = serverConnection()->getPeer()->options.auth_no_keytab; |
b6b6f466 | 1028 | httpStart(this); |
41462d93 | 1029 | } else { |
2c065fc8 | 1030 | assert(!request->flags.sslPeek); |
b6b6f466 | 1031 | request->peer_login = NULL; |
1032 | request->peer_domain = NULL; | |
9825b398 | 1033 | request->flags.auth_no_keytab = 0; |
62e76326 | 1034 | |
4e3f4dc7 | 1035 | switch (request->url.getScheme()) { |
62e76326 | 1036 | |
0c3d3f65 | 1037 | case AnyP::PROTO_HTTPS: |
b6b6f466 | 1038 | httpStart(this); |
62e76326 | 1039 | break; |
62e76326 | 1040 | |
0c3d3f65 | 1041 | case AnyP::PROTO_HTTP: |
b6b6f466 | 1042 | httpStart(this); |
62e76326 | 1043 | break; |
1044 | ||
0c3d3f65 | 1045 | case AnyP::PROTO_GOPHER: |
b6b6f466 | 1046 | gopherStart(this); |
62e76326 | 1047 | break; |
1048 | ||
0c3d3f65 | 1049 | case AnyP::PROTO_FTP: |
92ae4c86 | 1050 | if (request->flags.ftpNative) |
5517260a | 1051 | Ftp::StartRelay(this); |
434a79b0 | 1052 | else |
5517260a | 1053 | Ftp::StartGateway(this); |
62e76326 | 1054 | break; |
1055 | ||
39a19cb7 | 1056 | case AnyP::PROTO_CACHE_OBJECT: |
62e76326 | 1057 | |
0c3d3f65 | 1058 | case AnyP::PROTO_URN: |
62e76326 | 1059 | fatal_dump("Should never get here"); |
1060 | break; | |
1061 | ||
0c3d3f65 | 1062 | case AnyP::PROTO_WHOIS: |
b6b6f466 | 1063 | whoisStart(this); |
62e76326 | 1064 | break; |
1065 | ||
f53969cc | 1066 | case AnyP::PROTO_WAIS: /* Not implemented */ |
fc68f6b1 | 1067 | |
62e76326 | 1068 | default: |
7be06178 | 1069 | debugs(17, DBG_IMPORTANT, "WARNING: Cannot retrieve '" << entry->url() << "'."); |
955394ce | 1070 | ErrorState *anErr = new ErrorState(ERR_UNSUP_REQ, Http::scBadRequest, request); |
b6b6f466 | 1071 | fail(anErr); |
7be06178 | 1072 | // Set the dont_retry flag because this is not a transient (network) error. |
e857372a | 1073 | flags.dont_retry = true; |
6b679a01 | 1074 | if (Comm::IsConnOpen(serverConn)) { |
00ae51e4 | 1075 | serverConn->close(); |
746beefe | 1076 | } |
62e76326 | 1077 | break; |
1078 | } | |
41462d93 | 1079 | } |
1080 | } | |
1081 | ||
545782b8 | 1082 | /* |
1083 | * FwdState::reforward | |
1084 | * | |
1085 | * returns TRUE if the transaction SHOULD be re-forwarded to the | |
8bbb16e3 | 1086 | * next choice in the serverDestinations list. This method is called when |
d5430dc8 | 1087 | * peer communication completes normally, or experiences |
545782b8 | 1088 | * some error after receiving the end of HTTP headers. |
1089 | */ | |
b6b6f466 | 1090 | int |
1091 | FwdState::reforward() | |
db1cd23c | 1092 | { |
b6b6f466 | 1093 | StoreEntry *e = entry; |
c4a88a3e CT |
1094 | |
1095 | if (EBIT_TEST(e->flags, ENTRY_ABORTED)) { | |
1096 | debugs(17, 3, HERE << "entry aborted"); | |
1097 | return 0; | |
1098 | } | |
1099 | ||
db1cd23c | 1100 | assert(e->store_status == STORE_PENDING); |
1101 | assert(e->mem_obj); | |
bc87dc25 | 1102 | #if URL_CHECKSUM_DEBUG |
62e76326 | 1103 | |
528b2c61 | 1104 | e->mem_obj->checkUrlChecksum(); |
bc87dc25 | 1105 | #endif |
62e76326 | 1106 | |
cfd66529 | 1107 | debugs(17, 3, HERE << e->url() << "?" ); |
62e76326 | 1108 | |
d6eb18d6 | 1109 | if (!EBIT_TEST(e->flags, ENTRY_FWD_HDR_WAIT)) { |
cfd66529 | 1110 | debugs(17, 3, HERE << "No, ENTRY_FWD_HDR_WAIT isn't set"); |
62e76326 | 1111 | return 0; |
d6eb18d6 | 1112 | } |
62e76326 | 1113 | |
437823b4 | 1114 | if (n_tries > Config.forward_max_tries) |
62e76326 | 1115 | return 0; |
1116 | ||
58217e94 | 1117 | if (request->bodyNibbled()) |
62e76326 | 1118 | return 0; |
1119 | ||
6043e368 | 1120 | if (serverDestinations.size() <= 1 && !PeerSelectionInitiator::subscribed) { |
8652f8e7 | 1121 | // NP: <= 1 since total count includes the recently failed one. |
cfd66529 | 1122 | debugs(17, 3, HERE << "No alternative forwarding paths left"); |
62e76326 | 1123 | return 0; |
db1cd23c | 1124 | } |
62e76326 | 1125 | |
9b769c67 | 1126 | const Http::StatusCode s = e->getReply()->sline.status(); |
cfd66529 | 1127 | debugs(17, 3, HERE << "status " << s); |
b6b6f466 | 1128 | return reforwardableStatus(s); |
db1cd23c | 1129 | } |
1130 | ||
2ac4f6b5 AR |
1131 | /** |
1132 | * Create "503 Service Unavailable" or "504 Gateway Timeout" error depending | |
1133 | * on whether this is a validation request. RFC 2616 says that we MUST reply | |
1134 | * with "504 Gateway Timeout" if validation fails and cached reply has | |
1135 | * proxy-revalidate, must-revalidate or s-maxage Cache-Control directive. | |
1136 | */ | |
1137 | ErrorState * | |
1138 | FwdState::makeConnectingError(const err_type type) const | |
1139 | { | |
450fe1cb | 1140 | return new ErrorState(type, request->flags.needValidation ? |
f11c8e2f | 1141 | Http::scGatewayTimeout : Http::scServiceUnavailable, request); |
2ac4f6b5 AR |
1142 | } |
1143 | ||
b6b6f466 | 1144 | static void |
1145 | fwdStats(StoreEntry * s) | |
64d8034e | 1146 | { |
b6b6f466 | 1147 | int i; |
1148 | int j; | |
1149 | storeAppendPrintf(s, "Status"); | |
62e76326 | 1150 | |
95dc7ff4 FC |
1151 | for (j = 1; j < MAX_FWD_STATS_IDX; ++j) { |
1152 | storeAppendPrintf(s, "\ttry#%d", j); | |
64d8034e | 1153 | } |
64d8034e | 1154 | |
b6b6f466 | 1155 | storeAppendPrintf(s, "\n"); |
0185bd6f | 1156 | |
955394ce | 1157 | for (i = 0; i <= (int) Http::scInvalidHeader; ++i) { |
b6b6f466 | 1158 | if (FwdReplyCodes[0][i] == 0) |
1159 | continue; | |
0185bd6f | 1160 | |
b6b6f466 | 1161 | storeAppendPrintf(s, "%3d", i); |
0185bd6f | 1162 | |
95dc7ff4 | 1163 | for (j = 0; j <= MAX_FWD_STATS_IDX; ++j) { |
b6b6f466 | 1164 | storeAppendPrintf(s, "\t%d", FwdReplyCodes[j][i]); |
62e76326 | 1165 | } |
62e76326 | 1166 | |
b6b6f466 | 1167 | storeAppendPrintf(s, "\n"); |
e0ebe27c | 1168 | } |
7197b20d | 1169 | } |
1170 | ||
b6b6f466 | 1171 | /**** STATIC MEMBER FUNCTIONS *************************************************/ |
db1cd23c | 1172 | |
b6b6f466 | 1173 | bool |
955394ce | 1174 | FwdState::reforwardableStatus(const Http::StatusCode s) const |
db1cd23c | 1175 | { |
b6b6f466 | 1176 | switch (s) { |
62e76326 | 1177 | |
955394ce | 1178 | case Http::scBadGateway: |
62e76326 | 1179 | |
f11c8e2f | 1180 | case Http::scGatewayTimeout: |
b6b6f466 | 1181 | return true; |
62e76326 | 1182 | |
955394ce | 1183 | case Http::scForbidden: |
62e76326 | 1184 | |
955394ce | 1185 | case Http::scInternalServerError: |
62e76326 | 1186 | |
955394ce | 1187 | case Http::scNotImplemented: |
62e76326 | 1188 | |
955394ce | 1189 | case Http::scServiceUnavailable: |
b6b6f466 | 1190 | return Config.retry.onerror; |
62e76326 | 1191 | |
b6b6f466 | 1192 | default: |
1193 | return false; | |
db1cd23c | 1194 | } |
b6b6f466 | 1195 | |
1196 | /* NOTREACHED */ | |
db1cd23c | 1197 | } |
8ddcc35d | 1198 | |
06093389 AJ |
1199 | /** |
1200 | * Decide where details need to be gathered to correctly describe a persistent connection. | |
1201 | * What is needed: | |
642a305c AJ |
1202 | * - the address/port details about this link |
1203 | * - domain name of server at other end of this link (either peer or requested host) | |
06093389 | 1204 | */ |
781ce8ff | 1205 | void |
642a305c | 1206 | FwdState::pconnPush(Comm::ConnectionPointer &conn, const char *domain) |
781ce8ff | 1207 | { |
642a305c | 1208 | if (conn->getPeer()) { |
7a150c71 | 1209 | fwdPconnPool->push(conn, NULL); |
06093389 | 1210 | } else { |
642a305c | 1211 | fwdPconnPool->push(conn, domain); |
06093389 | 1212 | } |
781ce8ff | 1213 | } |
1214 | ||
e8dca475 CT |
1215 | Comm::ConnectionPointer |
1216 | FwdState::pconnPop(const Comm::ConnectionPointer &dest, const char *domain) | |
1217 | { | |
afc753f3 EB |
1218 | bool retriable = checkRetriable(); |
1219 | if (!retriable && Config.accessList.serverPconnForNonretriable) { | |
1220 | ACLFilledChecklist ch(Config.accessList.serverPconnForNonretriable, request, NULL); | |
06bf5384 | 1221 | retriable = ch.fastCheck().allowed(); |
afc753f3 | 1222 | } |
e8dca475 CT |
1223 | // always call shared pool first because we need to close an idle |
1224 | // connection there if we have to use a standby connection. | |
afc753f3 | 1225 | Comm::ConnectionPointer conn = fwdPconnPool->pop(dest, domain, retriable); |
e8dca475 CT |
1226 | if (!Comm::IsConnOpen(conn)) { |
1227 | // either there was no pconn to pop or this is not a retriable xaction | |
1228 | if (CachePeer *peer = dest->getPeer()) { | |
1229 | if (peer->standby.pool) | |
1230 | conn = peer->standby.pool->pop(dest, domain, true); | |
1231 | } | |
1232 | } | |
1233 | return conn; // open, closed, or nil | |
1234 | } | |
1235 | ||
8ddcc35d | 1236 | void |
b6b6f466 | 1237 | FwdState::initModule() |
8ddcc35d | 1238 | { |
6852be71 | 1239 | RegisterWithCacheManager(); |
8ddcc35d | 1240 | } |
1241 | ||
62ee09ca | 1242 | void |
84f50787 | 1243 | FwdState::RegisterWithCacheManager(void) |
62ee09ca | 1244 | { |
8822ebee | 1245 | Mgr::RegisterAction("forward", "Request Forwarding Statistics", fwdStats, 0, 1); |
62ee09ca | 1246 | } |
1247 | ||
b6b6f466 | 1248 | void |
955394ce | 1249 | FwdState::logReplyStatus(int tries, const Http::StatusCode status) |
8ddcc35d | 1250 | { |
955394ce | 1251 | if (status > Http::scInvalidHeader) |
62e76326 | 1252 | return; |
1253 | ||
75eb730e | 1254 | assert(tries >= 0); |
62e76326 | 1255 | |
8ddcc35d | 1256 | if (tries > MAX_FWD_STATS_IDX) |
62e76326 | 1257 | tries = MAX_FWD_STATS_IDX; |
1258 | ||
95dc7ff4 | 1259 | ++ FwdReplyCodes[tries][status]; |
8ddcc35d | 1260 | } |
1261 | ||
b6b6f466 | 1262 | /**** PRIVATE NON-MEMBER FUNCTIONS ********************************************/ |
62e76326 | 1263 | |
057f5854 | 1264 | /* |
1265 | * DPW 2007-05-19 | |
1266 | * Formerly static, but now used by client_side_request.cc | |
1267 | */ | |
425de4c8 AJ |
1268 | /// Checks for a TOS value to apply depending on the ACL |
1269 | tos_t | |
b6b6f466 | 1270 | aclMapTOS(acl_tos * head, ACLChecklist * ch) |
b6a2f15e | 1271 | { |
60019fea | 1272 | for (acl_tos *l = head; l; l = l->next) { |
06bf5384 | 1273 | if (!l->aclList || ch->fastCheck(l->aclList).allowed()) |
b6b6f466 | 1274 | return l->tos; |
1275 | } | |
5894ad28 | 1276 | |
b6b6f466 | 1277 | return 0; |
1278 | } | |
5894ad28 | 1279 | |
425de4c8 AJ |
1280 | /// Checks for a netfilter mark value to apply depending on the ACL |
1281 | nfmark_t | |
1282 | aclMapNfmark(acl_nfmark * head, ACLChecklist * ch) | |
1283 | { | |
60019fea | 1284 | for (acl_nfmark *l = head; l; l = l->next) { |
06bf5384 | 1285 | if (!l->aclList || ch->fastCheck(l->aclList).allowed()) |
425de4c8 AJ |
1286 | return l->nfmark; |
1287 | } | |
1288 | ||
1289 | return 0; | |
1290 | } | |
1291 | ||
cfd66529 | 1292 | void |
f9b72e0c | 1293 | getOutgoingAddress(HttpRequest * request, Comm::ConnectionPointer conn) |
b6b6f466 | 1294 | { |
07f889c1 | 1295 | // skip if an outgoing address is already set. |
4dd643d5 | 1296 | if (!conn->local.isAnyAddr()) return; |
cfd66529 | 1297 | |
07f889c1 | 1298 | // ensure that at minimum the wildcard local matches remote protocol |
4dd643d5 AJ |
1299 | if (conn->remote.isIPv4()) |
1300 | conn->local.setIPv4(); | |
07f889c1 | 1301 | |
cfd66529 | 1302 | // maybe use TPROXY client address |
450fe1cb | 1303 | if (request && request->flags.spoofClientIp) { |
739b352a | 1304 | if (!conn->getPeer() || !conn->getPeer()->options.no_tproxy) { |
96d64448 AJ |
1305 | #if FOLLOW_X_FORWARDED_FOR && LINUX_NETFILTER |
1306 | if (Config.onoff.tproxy_uses_indirect_client) | |
45906573 | 1307 | conn->local = request->indirect_client_addr; |
96d64448 AJ |
1308 | else |
1309 | #endif | |
45906573 | 1310 | conn->local = request->client_addr; |
cfd66529 AJ |
1311 | // some flags need setting on the socket to use this address |
1312 | conn->flags |= COMM_DOBIND; | |
1313 | conn->flags |= COMM_TRANSPARENT; | |
1314 | return; | |
1315 | } | |
b0758e04 AJ |
1316 | // else no tproxy today ... |
1317 | } | |
c303f6e3 | 1318 | |
b50e327b | 1319 | if (!Config.accessList.outgoing_address) { |
cfd66529 | 1320 | return; // anything will do. |
b50e327b AJ |
1321 | } |
1322 | ||
c0941a6a | 1323 | ACLFilledChecklist ch(NULL, request, NULL); |
1b091aec | 1324 | ch.dst_peer_name = conn->getPeer() ? conn->getPeer()->name : NULL; |
cfd66529 AJ |
1325 | ch.dst_addr = conn->remote; |
1326 | ||
1327 | // TODO use the connection details in ACL. | |
1328 | // needs a bit of rework in ACLFilledChecklist to use Comm::Connection instead of ConnStateData | |
6db78a1a | 1329 | |
289848ca | 1330 | for (Acl::Address *l = Config.accessList.outgoing_address; l; l = l->next) { |
cfd66529 AJ |
1331 | |
1332 | /* check if the outgoing address is usable to the destination */ | |
4dd643d5 | 1333 | if (conn->remote.isIPv4() != l->addr.isIPv4()) continue; |
cfd66529 AJ |
1334 | |
1335 | /* check ACLs for this outgoing address */ | |
06bf5384 | 1336 | if (!l->aclList || ch.fastCheck(l->aclList).allowed()) { |
cfd66529 AJ |
1337 | conn->local = l->addr; |
1338 | return; | |
1339 | } | |
1340 | } | |
b6b6f466 | 1341 | } |
62e76326 | 1342 | |
425de4c8 AJ |
1343 | tos_t |
1344 | GetTosToServer(HttpRequest * request) | |
1345 | { | |
1346 | ACLFilledChecklist ch(NULL, request, NULL); | |
425de4c8 AJ |
1347 | return aclMapTOS(Ip::Qos::TheConfig.tosToServer, &ch); |
1348 | } | |
1349 | ||
1350 | nfmark_t | |
1351 | GetNfmarkToServer(HttpRequest * request) | |
b6b6f466 | 1352 | { |
c0941a6a | 1353 | ACLFilledChecklist ch(NULL, request, NULL); |
425de4c8 | 1354 | return aclMapNfmark(Ip::Qos::TheConfig.nfmarkToServer, &ch); |
b6a2f15e | 1355 | } |
6ee88490 CT |
1356 | |
1357 | void | |
1358 | GetMarkingsToServer(HttpRequest * request, Comm::Connection &conn) | |
1359 | { | |
1360 | // Get the server side TOS and Netfilter mark to be set on the connection. | |
1361 | if (Ip::Qos::TheConfig.isAclTosActive()) { | |
1362 | conn.tos = GetTosToServer(request); | |
1363 | debugs(17, 3, "from " << conn.local << " tos " << int(conn.tos)); | |
1364 | } | |
1365 | ||
1366 | #if SO_MARK && USE_LIBCAP | |
1367 | conn.nfmark = GetNfmarkToServer(request); | |
1368 | debugs(17, 3, "from " << conn.local << " netfilter mark " << conn.nfmark); | |
1369 | #else | |
1370 | conn.nfmark = 0; | |
1371 | #endif | |
1372 | } | |
f53969cc | 1373 |