]> git.ipfire.org Git - thirdparty/squid.git/blame - src/client_side.cc
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
htcp-off patch by Miquel van Smoorenburg
[thirdparty/squid.git] / src / client_side.cc
CommitLineData
3c66d057 1
dd11e0b7 2/*
049d61bb 3 * $Id: client_side.cc,v 1.560 2001/12/01 18:03:10 hno Exp $
dd11e0b7 4 *
5 * DEBUG: section 33 Client-side Routines
6 * AUTHOR: Duane Wessels
7 *
2b6662ba 8 * SQUID Web Proxy Cache http://www.squid-cache.org/
e25c139f 9 * ----------------------------------------------------------
dd11e0b7 10 *
2b6662ba 11 * Squid is the result of efforts by numerous individuals from
12 * the Internet community; see the CONTRIBUTORS file for full
13 * details. Many organizations have provided support for Squid's
14 * development; see the SPONSORS file for full details. Squid is
15 * Copyrighted (C) 2001 by the Regents of the University of
16 * California; see the COPYRIGHT file for full details. Squid
17 * incorporates software developed and/or copyrighted by other
18 * sources; see the CREDITS file for full details.
dd11e0b7 19 *
20 * This program is free software; you can redistribute it and/or modify
21 * it under the terms of the GNU General Public License as published by
22 * the Free Software Foundation; either version 2 of the License, or
23 * (at your option) any later version.
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
29 *
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
cbdec147 32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
e25c139f 33 *
dd11e0b7 34 */
f88bb09c 35
36#include "squid.h"
37
5cafc1d6 38#if IPF_TRANSPARENT
39#if HAVE_SYS_IOCTL_H
40#include <sys/ioctl.h>
41#endif
42#include <netinet/tcp.h>
43#include <net/if.h>
42b51993 44#if HAVE_IP_FIL_COMPAT_H
45#include <ip_fil_compat.h>
46#elif HAVE_NETINET_IP_FIL_COMPAT_H
47#include <netinet/ip_fil_compat.h>
48#elif HAVE_IP_COMPAT_H
5cafc1d6 49#include <ip_compat.h>
9bc73deb 50#elif HAVE_NETINET_IP_COMPAT_H
51#include <netinet/ip_compat.h>
52#endif
53#if HAVE_IP_FIL_H
5cafc1d6 54#include <ip_fil.h>
9bc73deb 55#elif HAVE_NETINET_IP_FIL_H
56#include <netinet/ip_fil.h>
57#endif
58#if HAVE_IP_NAT_H
5cafc1d6 59#include <ip_nat.h>
9bc73deb 60#elif HAVE_NETINET_IP_NAT_H
61#include <netinet/ip_nat.h>
62#endif
5cafc1d6 63#endif
64
d852fbad 65#if LINUX_NETFILTER
66#include <linux/netfilter_ipv4.h>
67#endif
5cafc1d6 68
69
5492ad1d 70#if LINGERING_CLOSE
71#define comm_close comm_lingering_close
72#endif
73
7a2f978b 74static const char *const crlf = "\r\n";
75
7a2f978b 76#define FAILURE_MODE_TIME 300
77
78/* Local functions */
79
fc5d6f7f 80static CWCB clientWriteComplete;
f4f278b5 81static CWCB clientWriteBodyComplete;
7a2f978b 82static PF clientReadRequest;
83static PF connStateFree;
84static PF requestTimeout;
b5c39993 85static PF clientLifetimeTimeout;
1b02b5be 86static int clientCheckTransferDone(clientHttpRequest *);
80980266 87static int clientGotNotEnough(clientHttpRequest *);
88aad2e5 88static void checkFailureRatio(err_type, hier_code);
fb63215a 89static void clientProcessMiss(clientHttpRequest *);
eeb423fb 90static void clientBuildReplyHeader(clientHttpRequest * http, HttpReply * rep);
99edd1c3 91static clientHttpRequest *parseHttpRequestAbort(ConnStateData * conn, const char *uri);
7a2f978b 92static clientHttpRequest *parseHttpRequest(ConnStateData *, method_t *, int *, char **, size_t *);
582b6456 93static RH clientRedirectDone;
4d55827a 94static void clientCheckNoCache(clientHttpRequest *);
95static void clientCheckNoCacheDone(int answer, void *data);
1b02b5be 96static STCB clientHandleIMSReply;
f5b8bbc4 97static int clientGetsOldEntry(StoreEntry * new, StoreEntry * old, request_t * request);
98static int checkAccelOnly(clientHttpRequest *);
3898f57f 99#if USE_IDENT
05832ae1 100static IDCB clientIdentDone;
3898f57f 101#endif
7c1d4010 102static int clientOnlyIfCached(clientHttpRequest * http);
7a2f978b 103static STCB clientSendMoreData;
104static STCB clientCacheHit;
c68e9c6b 105static void clientSetKeepaliveFlag(clientHttpRequest *);
f6308664 106static void clientPackRangeHdr(const HttpReply * rep, const HttpHdrRangeSpec * spec, String boundary, MemBuf * mb);
107static void clientPackTermBound(String boundary, MemBuf * mb);
99edd1c3 108static void clientInterpretRequestHeaders(clientHttpRequest *);
fb63215a 109static void clientProcessRequest(clientHttpRequest *);
110static void clientProcessExpired(void *data);
038eb4ed 111static void clientProcessOnlyIfCachedMiss(clientHttpRequest * http);
50ddd7a4 112static int clientCachable(clientHttpRequest * http);
113static int clientHierarchical(clientHttpRequest * http);
efb9218c 114static int clientCheckContentLength(request_t * r);
d20b1cd0 115static DEFER httpAcceptDefer;
49d3fcb0 116static log_type clientProcessRequest2(clientHttpRequest * http);
32754419 117static int clientReplyBodyTooLarge(HttpReply *, ssize_t clen);
efd900cb 118static int clientRequestBodyTooLarge(int clen);
94439e4e 119static void clientProcessBody(ConnStateData * conn);
ea6f43cd 120
38d7734b 121static int
382d851a 122checkAccelOnly(clientHttpRequest * http)
38d7734b 123{
124 /* return TRUE if someone makes a proxy request to us and
125 * we are in httpd-accel only mode */
f1dc9b30 126 if (!Config2.Accel.on)
38d7734b 127 return 0;
17a0a4ee 128 if (Config.onoff.accel_with_proxy)
38d7734b 129 return 0;
382d851a 130 if (http->request->protocol == PROTO_CACHEOBJ)
38d7734b 131 return 0;
77ed547a 132 if (http->flags.accel)
38d7734b 133 return 0;
c01a01ea 134 if (http->request->method == METHOD_PURGE)
135 return 0;
38d7734b 136 return 1;
137}
138
3898f57f 139#if USE_IDENT
9bc73deb 140static void
05832ae1 141clientIdentDone(const char *ident, void *data)
142{
143 ConnStateData *conn = data;
94439e4e 144 xstrncpy(conn->rfc931, ident ? ident : dash_str, USER_IDENT_SZ);
05832ae1 145}
94439e4e 146
3898f57f 147#endif
05832ae1 148
4d55827a 149static aclCheck_t *
a4b8110e 150clientAclChecklistCreate(const acl_access * acl, const clientHttpRequest * http)
f88bb09c 151{
4d55827a 152 aclCheck_t *ch;
382d851a 153 ConnStateData *conn = http->conn;
364a0f3d 154 ch = aclChecklistCreate(acl,
382d851a 155 http->request,
94439e4e 156 conn->rfc931);
157
3898f57f 158 /*
159 * hack for ident ACL. It needs to get full addresses, and a
05832ae1 160 * place to store the ident result on persistent connections...
161 */
94439e4e 162 /* connection oriented auth also needs these two lines for it's operation. */
4d55827a 163 ch->conn = conn;
164 cbdataLock(ch->conn);
94439e4e 165
4d55827a 166 return ch;
167}
168
169void
170clientAccessCheck(void *data)
171{
172 clientHttpRequest *http = data;
173 if (checkAccelOnly(http)) {
307fb3c4 174 /* deny proxy requests in accel_only mode */
bdb313a1 175 debug(33, 1) ("clientAccessCheck: proxy request denied in accel_only mode\n");
307fb3c4 176 clientAccessCheckDone(ACCESS_DENIED, http);
4d55827a 177 return;
178 }
179 http->acl_checklist = clientAclChecklistCreate(Config.accessList.http, http);
382d851a 180 aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
f88bb09c 181}
182
7c1d4010 183/*
184 * returns true if client specified that the object must come from the cache
96e0684d 185 * without contacting origin server
7c1d4010 186 */
187static int
188clientOnlyIfCached(clientHttpRequest * http)
189{
190 const request_t *r = http->request;
191 assert(r);
ea285003 192 return r->cache_control &&
8e092300 193 EBIT_TEST(r->cache_control->mask, CC_ONLY_IF_CACHED);
7c1d4010 194}
195
23d92c64 196StoreEntry *
92695e5e 197clientCreateStoreEntry(clientHttpRequest * h, method_t m, request_flags flags)
79e0dc20 198{
199 StoreEntry *e;
40defb17 200 /*
201 * For erroneous requests, we might not have a h->request,
202 * so make a fake one.
203 */
99edd1c3 204 if (h->request == NULL)
eb824054 205 h->request = requestLink(requestCreate(m, PROTO_NONE, null_string));
23d92c64 206 e = storeCreateEntry(h->uri, h->log_uri, flags, m);
06d2839d 207 h->sc = storeClientListAdd(e, h);
447e176b 208#if DELAY_POOLS
b2585f7e 209 delaySetStoreClient(h->sc, delayClient(h->request));
447e176b 210#endif
06d2839d 211 storeClientCopy(h->sc, e, 0, 0, CLIENT_SOCK_SZ,
c68e9c6b 212 memAllocate(MEM_CLIENT_SOCK_BUF), clientSendMoreData, h);
79e0dc20 213 return e;
214}
215
b8d8561b 216void
75e88d56 217clientAccessCheckDone(int answer, void *data)
f88bb09c 218{
382d851a 219 clientHttpRequest *http = data;
1810dde6 220 err_type page_id;
1cfdbcf0 221 http_status status;
9b312a19 222 ErrorState *err = NULL;
066ed5c1 223 char *proxy_auth_msg = NULL;
badd8ff0 224 debug(33, 2) ("The request %s %s is %s, because it matched '%s'\n",
225 RequestMethodStr[http->request->method], http->uri,
9bc73deb 226 answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED",
60df005c 227 AclMatchedName ? AclMatchedName : "NO ACL's");
94439e4e 228 proxy_auth_msg = authenticateAuthUserRequestMessage(http->conn->auth_user_request ? http->conn->auth_user_request : http->request->auth_user_request);
382d851a 229 http->acl_checklist = NULL;
fc5d6f7f 230 if (answer == ACCESS_ALLOWED) {
9b5d1d21 231 safe_free(http->uri);
232 http->uri = xstrdup(urlCanonical(http->request));
ce66013b 233 assert(http->redirect_state == REDIRECT_NONE);
382d851a 234 http->redirect_state = REDIRECT_PENDING;
235 redirectStart(http, clientRedirectDone, http);
f88bb09c 236 } else {
23d92c64 237 debug(33, 5) ("Access Denied: %s\n", http->uri);
901e234d 238 debug(33, 5) ("AclMatchedName = %s\n",
6f47fbc7 239 AclMatchedName ? AclMatchedName : "<null>");
066ed5c1 240 debug(33, 5) ("Proxy Auth Message = %s\n",
241 proxy_auth_msg ? proxy_auth_msg : "<null>");
b6a2f15e 242 /*
243 * NOTE: get page_id here, based on AclMatchedName because
244 * if USE_DELAY_POOLS is enabled, then AclMatchedName gets
245 * clobbered in the clientCreateStoreEntry() call
246 * just below. Pedro Ribeiro <pribeiro@isel.pt>
247 */
248 page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName);
79a15e0a 249 http->log_type = LOG_TCP_DENIED;
c68e9c6b 250 http->entry = clientCreateStoreEntry(http, http->request->method,
251 null_request_flags);
1cfdbcf0 252 if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) {
253 if (!http->flags.accel) {
254 /* Proxy authorisation needed */
255 status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
256 } else {
257 /* WWW authorisation needed */
258 status = HTTP_UNAUTHORIZED;
259 }
1810dde6 260 if (page_id == ERR_NONE)
1cfdbcf0 261 page_id = ERR_CACHE_ACCESS_DENIED;
262 } else {
263 status = HTTP_FORBIDDEN;
1810dde6 264 if (page_id == ERR_NONE)
1cfdbcf0 265 page_id = ERR_ACCESS_DENIED;
266 }
267 err = errorCon(page_id, status);
02922e76 268 err->request = requestLink(http->request);
269 err->src_addr = http->conn->peer.sin_addr;
94439e4e 270 if (http->conn->auth_user_request)
271 err->auth_user_request = http->conn->auth_user_request;
272 else if (http->request->auth_user_request)
273 err->auth_user_request = http->request->auth_user_request;
274 /* lock for the error state */
275 if (err->auth_user_request)
276 authenticateAuthUserRequestLock(err->auth_user_request);
066ed5c1 277 err->callback_data = NULL;
02922e76 278 errorAppendEntry(http->entry, err);
f88bb09c 279 }
280}
281
b8d8561b 282static void
283clientRedirectDone(void *data, char *result)
f88bb09c 284{
382d851a 285 clientHttpRequest *http = data;
c0cdaf99 286 request_t *new_request = NULL;
382d851a 287 request_t *old_request = http->request;
23d92c64 288 debug(33, 5) ("clientRedirectDone: '%s' result=%s\n", http->uri,
f88bb09c 289 result ? result : "NULL");
ce66013b 290 assert(http->redirect_state == REDIRECT_PENDING);
382d851a 291 http->redirect_state = REDIRECT_DONE;
6d38ef86 292 if (result) {
6fd26c18 293 http_status status = (http_status) atoi(result);
1810dde6 294 if (status == HTTP_MOVED_PERMANENTLY || status == HTTP_MOVED_TEMPORARILY) {
6d38ef86 295 char *t = result;
296 if ((t = strchr(result, ':')) != NULL) {
297 http->redirect.status = status;
21f2031d 298 http->redirect.location = xstrdup(t + 1);
6d38ef86 299 } else {
21f2031d 300 debug(33, 1) ("clientRedirectDone: bad input: %s\n", result);
6d38ef86 301 }
302 }
303 if (strcmp(result, http->uri))
304 new_request = urlParse(old_request->method, result);
305 }
c0cdaf99 306 if (new_request) {
23d92c64 307 safe_free(http->uri);
9b5d1d21 308 http->uri = xstrdup(urlCanonical(new_request));
20cc1450 309 new_request->http_ver = old_request->http_ver;
2246b732 310 httpHeaderAppend(&new_request->header, &old_request->header);
77ed547a 311 new_request->client_addr = old_request->client_addr;
3c11d1f5 312 new_request->my_addr = old_request->my_addr;
7e3ce7b9 313 new_request->my_port = old_request->my_port;
92695e5e 314 new_request->flags.redirected = 1;
62085327 315 if (old_request->auth_user_request) {
316 new_request->auth_user_request = old_request->auth_user_request;
317 authenticateAuthUserRequestLock(new_request->auth_user_request);
318 }
94439e4e 319 if (old_request->body_connection) {
320 new_request->body_connection = old_request->body_connection;
321 old_request->body_connection = NULL;
6cf028ab 322 }
7e3ce7b9 323 new_request->content_length = old_request->content_length;
2045a403 324 new_request->flags.proxy_keepalive = old_request->flags.proxy_keepalive;
20cc1450 325 requestUnlink(old_request);
382d851a 326 http->request = requestLink(new_request);
f88bb09c 327 }
99edd1c3 328 clientInterpretRequestHeaders(http);
0421724f 329#if HEADERS_LOG
330 headersLog(0, 1, request->method, request);
331#endif
23d92c64 332 fd_note(http->conn->fd, http->uri);
4d55827a 333 clientCheckNoCache(http);
334}
335
336static void
337clientCheckNoCache(clientHttpRequest * http)
338{
339 if (Config.accessList.noCache && http->request->flags.cachable) {
340 http->acl_checklist = clientAclChecklistCreate(Config.accessList.noCache, http);
341 aclNBCheck(http->acl_checklist, clientCheckNoCacheDone, http);
342 } else {
343 clientCheckNoCacheDone(http->request->flags.cachable, http);
344 }
345}
346
347void
348clientCheckNoCacheDone(int answer, void *data)
349{
350 clientHttpRequest *http = data;
351 http->request->flags.cachable = answer;
352 http->acl_checklist = NULL;
fb63215a 353 clientProcessRequest(http);
e81957b7 354}
355
fb63215a 356static void
357clientProcessExpired(void *data)
620da955 358{
382d851a 359 clientHttpRequest *http = data;
23d92c64 360 char *url = http->uri;
620da955 361 StoreEntry *entry = NULL;
23d92c64 362 debug(33, 3) ("clientProcessExpired: '%s'\n", http->uri);
b9d34cc1 363 assert(http->entry->lastmod >= 0);
7c1d4010 364 /*
365 * check if we are allowed to contact other servers
366 * @?@: Instead of a 504 (Gateway Timeout) reply, we may want to return
6106c6fc 367 * a stale entry *if* it matches client requirements
7c1d4010 368 */
369 if (clientOnlyIfCached(http)) {
370 clientProcessOnlyIfCachedMiss(http);
371 return;
372 }
92695e5e 373 http->request->flags.refresh = 1;
382d851a 374 http->old_entry = http->entry;
57ec8214 375 http->old_sc = http->sc;
b6a2f15e 376 /*
377 * Assert that 'http' is already a client of old_entry. If
378 * it is not, then the beginning of the object data might get
379 * freed from memory before we need to access it.
380 */
57ec8214 381 assert(http->sc->callback_data == http);
620da955 382 entry = storeCreateEntry(url,
23d92c64 383 http->log_uri,
382d851a 384 http->request->flags,
385 http->request->method);
620da955 386 /* NOTE, don't call storeLockObject(), storeCreateEntry() does it */
06d2839d 387 http->sc = storeClientListAdd(entry, http);
447e176b 388#if DELAY_POOLS
59715b38 389 /* delay_id is already set on original store client */
b2585f7e 390 delaySetStoreClient(http->sc, delayClient(http->request));
447e176b 391#endif
9bc73deb 392 http->request->lastmod = http->old_entry->lastmod;
32754419 393 debug(33, 5) ("clientProcessExpired: lastmod %ld\n", (long int) entry->lastmod);
382d851a 394 http->entry = entry;
395 http->out.offset = 0;
7e3ce7b9 396 fwdStart(http->conn->fd, http->entry, http->request);
f990cccc 397 /* Register with storage manager to receive updates when data comes in. */
b7fe0ab0 398 if (EBIT_TEST(entry->flags, ENTRY_ABORTED))
399 debug(33, 0) ("clientProcessExpired: found ENTRY_ABORTED object\n");
06d2839d 400 storeClientCopy(http->sc, entry,
fe96bbe6 401 http->out.offset,
d89d1fb6 402 http->out.offset,
cc27d775 403 CLIENT_SOCK_SZ,
404 memAllocate(MEM_CLIENT_SOCK_BUF),
1b02b5be 405 clientHandleIMSReply,
d89d1fb6 406 http);
620da955 407}
408
91f4d519 409static int
410clientGetsOldEntry(StoreEntry * new_entry, StoreEntry * old_entry, request_t * request)
411{
71a8a965 412 const http_status status = new_entry->mem_obj->reply->sline.status;
413 if (0 == status) {
414 debug(33, 5) ("clientGetsOldEntry: YES, broken HTTP reply\n");
415 return 1;
416 }
a05cea5b 417 /* If the reply is a failure then send the old object as a last
418 * resort */
419 if (status >= 500 && status < 600) {
badd8ff0 420 debug(33, 3) ("clientGetsOldEntry: YES, failure reply=%d\n", status);
a05cea5b 421 return 1;
422 }
91f4d519 423 /* If the reply is anything but "Not Modified" then
424 * we must forward it to the client */
71a8a965 425 if (HTTP_NOT_MODIFIED != status) {
cb69b4c7 426 debug(33, 5) ("clientGetsOldEntry: NO, reply=%d\n", status);
91f4d519 427 return 0;
428 }
429 /* If the client did not send IMS in the request, then it
430 * must get the old object, not this "Not Modified" reply */
92695e5e 431 if (!request->flags.ims) {
a3d5953d 432 debug(33, 5) ("clientGetsOldEntry: YES, no client IMS\n");
91f4d519 433 return 1;
434 }
435 /* If the client IMS time is prior to the entry LASTMOD time we
436 * need to send the old object */
437 if (modifiedSince(old_entry, request)) {
32754419 438 debug(33, 5) ("clientGetsOldEntry: YES, modified since %ld\n",
439 (long int) request->ims);
91f4d519 440 return 1;
441 }
a3d5953d 442 debug(33, 5) ("clientGetsOldEntry: NO, new one is fine\n");
91f4d519 443 return 0;
444}
445
446
52d4522b 447static void
1b02b5be 448clientHandleIMSReply(void *data, char *buf, ssize_t size)
620da955 449{
382d851a 450 clientHttpRequest *http = data;
382d851a 451 StoreEntry *entry = http->entry;
b6a2f15e 452 MemObject *mem;
9fb13bb6 453 const char *url = storeUrl(entry);
e92d33a5 454 int unlink_request = 0;
76cff1d4 455 StoreEntry *oldentry;
49d3fcb0 456 int recopy = 1;
b6a2f15e 457 http_status status;
32754419 458 debug(33, 3) ("clientHandleIMSReply: %s, %ld bytes\n", url, (long int) size);
b6a2f15e 459 if (entry == NULL) {
460 memFree(buf, MEM_CLIENT_SOCK_BUF);
461 return;
462 }
b8890359 463 if (size < 0 && !EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
464 memFree(buf, MEM_CLIENT_SOCK_BUF);
77b32a34 465 return;
b8890359 466 }
b6a2f15e 467 mem = entry->mem_obj;
468 status = mem->reply->sline.status;
b7fe0ab0 469 if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
1b02b5be 470 debug(33, 3) ("clientHandleIMSReply: ABORTED '%s'\n", url);
c54e9052 471 /* We have an existing entry, but failed to validate it */
accc6d47 472 /* Its okay to send the old one anyway */
473 http->log_type = LOG_TCP_REFRESH_FAIL_HIT;
06d2839d 474 storeUnregister(http->sc, entry, http);
accc6d47 475 storeUnlockObject(entry);
476 entry = http->entry = http->old_entry;
57ec8214 477 http->sc = http->old_sc;
71a8a965 478 } else if (STORE_PENDING == entry->store_status && 0 == status) {
1b02b5be 479 debug(33, 3) ("clientHandleIMSReply: Incomplete headers for '%s'\n", url);
cc27d775 480 if (size >= CLIENT_SOCK_SZ) {
4455552a 481 /* will not get any bigger than that */
482 debug(33, 3) ("clientHandleIMSReply: Reply is too large '%s', using old entry\n", url);
878570db 483 /* use old entry, this repeats the code abovez */
4455552a 484 http->log_type = LOG_TCP_REFRESH_FAIL_HIT;
06d2839d 485 storeUnregister(http->sc, entry, http);
743eebfa 486 storeUnlockObject(entry);
4455552a 487 entry = http->entry = http->old_entry;
57ec8214 488 http->sc = http->old_sc;
878570db 489 /* continue */
4455552a 490 } else {
06d2839d 491 storeClientCopy(http->sc, entry,
4455552a 492 http->out.offset + size,
493 http->out.offset,
cc27d775 494 CLIENT_SOCK_SZ,
49d3fcb0 495 buf,
4455552a 496 clientHandleIMSReply,
497 http);
878570db 498 return;
4455552a 499 }
382d851a 500 } else if (clientGetsOldEntry(entry, http->old_entry, http->request)) {
620da955 501 /* We initiated the IMS request, the client is not expecting
76cff1d4 502 * 304, so put the good one back. First, make sure the old entry
503 * headers have been loaded from disk. */
382d851a 504 oldentry = http->old_entry;
382d851a 505 http->log_type = LOG_TCP_REFRESH_HIT;
d89d1fb6 506 if (oldentry->mem_obj->request == NULL) {
507 oldentry->mem_obj->request = requestLink(mem->request);
508 unlink_request = 1;
e92d33a5 509 }
64763c37 510 /* Don't memcpy() the whole reply structure here. For example,
511 * www.thegist.com (Netscape/1.13) returns a content-length for
512 * 304's which seems to be the length of the 304 HEADERS!!! and
513 * not the body they refer to. */
71a8a965 514 httpReplyUpdateOnNotModified(oldentry->mem_obj->reply, mem->reply);
d89d1fb6 515 storeTimestampsSet(oldentry);
06d2839d 516 storeUnregister(http->sc, entry, http);
57ec8214 517 http->sc = http->old_sc;
6d54aea8 518 storeUnlockObject(entry);
382d851a 519 entry = http->entry = oldentry;
41fad779 520 entry->timestamp = squid_curtime;
657266fe 521 if (unlink_request) {
e92d33a5 522 requestUnlink(entry->mem_obj->request);
657266fe 523 entry->mem_obj->request = NULL;
524 }
620da955 525 } else {
526 /* the client can handle this reply, whatever it is */
382d851a 527 http->log_type = LOG_TCP_REFRESH_MISS;
71a8a965 528 if (HTTP_NOT_MODIFIED == mem->reply->sline.status) {
cb4eb1ae 529 httpReplyUpdateOnNotModified(http->old_entry->mem_obj->reply,
530 mem->reply);
531 storeTimestampsSet(http->old_entry);
382d851a 532 http->log_type = LOG_TCP_REFRESH_HIT;
d1a43e28 533 }
57ec8214 534 storeUnregister(http->old_sc, http->old_entry, http);
382d851a 535 storeUnlockObject(http->old_entry);
49d3fcb0 536 recopy = 0;
620da955 537 }
382d851a 538 http->old_entry = NULL; /* done with old_entry */
57ec8214 539 http->old_sc = NULL;
b7fe0ab0 540 assert(!EBIT_TEST(entry->flags, ENTRY_ABORTED));
49d3fcb0 541 if (recopy) {
06d2839d 542 storeClientCopy(http->sc, entry,
49d3fcb0 543 http->out.offset,
544 http->out.offset,
cc27d775 545 CLIENT_SOCK_SZ,
49d3fcb0 546 buf,
547 clientSendMoreData,
548 http);
549 } else {
550 clientSendMoreData(data, buf, size);
6cf028ab 551 }
620da955 552}
91f4d519 553
554int
304d07cb 555modifiedSince(StoreEntry * entry, request_t * request)
91f4d519 556{
557 int object_length;
558 MemObject *mem = entry->mem_obj;
1c3e77cd 559 time_t mod_time = entry->lastmod;
9fb13bb6 560 debug(33, 3) ("modifiedSince: '%s'\n", storeUrl(entry));
1c3e77cd 561 if (mod_time < 0)
562 mod_time = entry->timestamp;
32754419 563 debug(33, 3) ("modifiedSince: mod_time = %ld\n", (long int) mod_time);
1c3e77cd 564 if (mod_time < 0)
91f4d519 565 return 1;
566 /* Find size of the object */
038eb4ed 567 object_length = mem->reply->content_length;
cb69b4c7 568 if (object_length < 0)
07304bf9 569 object_length = contentLen(entry);
1c3e77cd 570 if (mod_time > request->ims) {
a3d5953d 571 debug(33, 3) ("--> YES: entry newer than client\n");
91f4d519 572 return 1;
1c3e77cd 573 } else if (mod_time < request->ims) {
a3d5953d 574 debug(33, 3) ("--> NO: entry older than client\n");
91f4d519 575 return 0;
576 } else if (request->imslen < 0) {
a3d5953d 577 debug(33, 3) ("--> NO: same LMT, no client length\n");
91f4d519 578 return 0;
579 } else if (request->imslen == object_length) {
a3d5953d 580 debug(33, 3) ("--> NO: same LMT, same length\n");
91f4d519 581 return 0;
582 } else {
a3d5953d 583 debug(33, 3) ("--> YES: same LMT, different length\n");
91f4d519 584 return 1;
585 }
586}
b3b64e58 587
a90eae18 588void
382d851a 589clientPurgeRequest(clientHttpRequest * http)
a90eae18 590{
a90eae18 591 StoreEntry *entry;
9b312a19 592 ErrorState *err = NULL;
8d6da567 593 HttpReply *r;
f66a9ef4 594 http_status status = HTTP_NOT_FOUND;
ccf44862 595 http_version_t version;
d20b1cd0 596 debug(33, 3) ("Config2.onoff.enable_purge = %d\n", Config2.onoff.enable_purge);
53cb32a9 597 if (!Config2.onoff.enable_purge) {
79a15e0a 598 http->log_type = LOG_TCP_DENIED;
fe40a877 599 err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
9b312a19 600 err->request = requestLink(http->request);
601 err->src_addr = http->conn->peer.sin_addr;
92695e5e 602 http->entry = clientCreateStoreEntry(http, http->request->method, null_request_flags);
79e0dc20 603 errorAppendEntry(http->entry, err);
a90eae18 604 return;
605 }
f66a9ef4 606 /* Release both IP cache */
afc1e43f 607 ipcacheInvalidate(http->request->host);
f66a9ef4 608
609 if (!http->flags.purging) {
610 /* Try to find a base entry */
611 http->flags.purging = 1;
612 entry = storeGetPublicByRequestMethod(http->request, METHOD_GET);
613 if (!entry)
614 entry = storeGetPublicByRequestMethod(http->request, METHOD_HEAD);
615 if (entry) {
616 /* Swap in the metadata */
617 http->entry = entry;
618 storeLockObject(http->entry);
619 storeCreateMemObject(http->entry, http->uri, http->log_uri);
620 http->entry->mem_obj->method = http->request->method;
621 http->sc = storeClientListAdd(http->entry, http);
622 http->log_type = LOG_TCP_HIT;
623 storeClientCopy(http->sc, http->entry,
624 http->out.offset,
625 http->out.offset,
626 CLIENT_SOCK_SZ,
627 memAllocate(MEM_CLIENT_SOCK_BUF),
628 clientCacheHit,
629 http);
630 return;
631 }
632 }
633 http->log_type = LOG_TCP_MISS;
634 /* Release the cached URI */
635 entry = storeGetPublicByRequestMethod(http->request, METHOD_GET);
636 if (entry) {
637 debug(33, 4) ("clientPurgeRequest: GET '%s'\n",
638 storeUrl(entry));
639 storeRelease(entry);
640 status = HTTP_OK;
641 }
642 entry = storeGetPublicByRequestMethod(http->request, METHOD_HEAD);
643 if (entry) {
644 debug(33, 4) ("clientPurgeRequest: HEAD '%s'\n",
645 storeUrl(entry));
a90eae18 646 storeRelease(entry);
2addf420 647 status = HTTP_OK;
a90eae18 648 }
f66a9ef4 649 /* And for Vary, release the base URI if none of the headers was included in the request */
650 if (http->request->vary_headers && !strstr(http->request->vary_headers, "=")) {
651 entry = storeGetPublic(urlCanonical(http->request), METHOD_GET);
652 if (entry) {
653 debug(33, 4) ("clientPurgeRequest: Vary GET '%s'\n",
654 storeUrl(entry));
655 storeRelease(entry);
656 status = HTTP_OK;
657 }
658 entry = storeGetPublic(urlCanonical(http->request), METHOD_HEAD);
659 if (entry) {
660 debug(33, 4) ("clientPurgeRequest: Vary HEAD '%s'\n",
661 storeUrl(entry));
662 storeRelease(entry);
663 status = HTTP_OK;
664 }
665 }
afa9f1cd 666 /*
667 * Make a new entry to hold the reply to be written
668 * to the client.
669 */
92695e5e 670 http->entry = clientCreateStoreEntry(http, http->request->method, null_request_flags);
8d6da567 671 httpReplyReset(r = http->entry->mem_obj->reply);
bffee5af 672 httpBuildVersion(&version, 1, 0);
ccf44862 673 httpReplySetHeaders(r, version, status, NULL, NULL, 0, 0, -1);
8d6da567 674 httpReplySwapOut(r, http->entry);
afa9f1cd 675 storeComplete(http->entry);
a90eae18 676}
e33ba616 677
678int
ea3a2a69 679checkNegativeHit(StoreEntry * e)
e33ba616 680{
d46a87a8 681 if (!EBIT_TEST(e->flags, ENTRY_NEGCACHED))
ea3a2a69 682 return 0;
683 if (e->expires <= squid_curtime)
684 return 0;
685 if (e->store_status != STORE_OK)
686 return 0;
687 return 1;
e33ba616 688}
7a2f978b 689
2d72d4fd 690static void
0e473d70 691clientUpdateCounters(clientHttpRequest * http)
a7c05555 692{
ee1679df 693 int svc_time = tvSubMsec(http->start, current_time);
b4e7f82d 694 ping_data *i;
39edba21 695 HierarchyLogEntry *H;
83704487 696 statCounter.client_http.requests++;
d8b83480 697 if (isTcpHit(http->log_type))
83704487 698 statCounter.client_http.hits++;
4f4d1d6e 699 if (http->log_type == LOG_TCP_HIT)
83704487 700 statCounter.client_http.disk_hits++;
4f4d1d6e 701 else if (http->log_type == LOG_TCP_MEM_HIT)
83704487 702 statCounter.client_http.mem_hits++;
0e473d70 703 if (http->request->err_type != ERR_NONE)
83704487 704 statCounter.client_http.errors++;
705 statHistCount(&statCounter.client_http.all_svc_time, svc_time);
ee1679df 706 /*
707 * The idea here is not to be complete, but to get service times
708 * for only well-defined types. For example, we don't include
709 * LOG_TCP_REFRESH_FAIL_HIT because its not really a cache hit
710 * (we *tried* to validate it, but failed).
711 */
712 switch (http->log_type) {
7c9c84ad 713 case LOG_TCP_REFRESH_HIT:
83704487 714 statHistCount(&statCounter.client_http.nh_svc_time, svc_time);
7c9c84ad 715 break;
ee1679df 716 case LOG_TCP_IMS_HIT:
83704487 717 statHistCount(&statCounter.client_http.nm_svc_time, svc_time);
ee1679df 718 break;
719 case LOG_TCP_HIT:
720 case LOG_TCP_MEM_HIT:
b540e168 721 case LOG_TCP_OFFLINE_HIT:
83704487 722 statHistCount(&statCounter.client_http.hit_svc_time, svc_time);
ee1679df 723 break;
724 case LOG_TCP_MISS:
725 case LOG_TCP_CLIENT_REFRESH_MISS:
83704487 726 statHistCount(&statCounter.client_http.miss_svc_time, svc_time);
ee1679df 727 break;
728 default:
729 /* make compiler warnings go away */
730 break;
731 }
39edba21 732 H = &http->request->hier;
69c95dd3 733 switch (H->alg) {
734 case PEER_SA_DIGEST:
83704487 735 statCounter.cd.times_used++;
69c95dd3 736 break;
737 case PEER_SA_ICP:
83704487 738 statCounter.icp.times_used++;
b4e7f82d 739 i = &H->ping;
69c95dd3 740 if (0 != i->stop.tv_sec && 0 != i->start.tv_sec)
83704487 741 statHistCount(&statCounter.icp.query_svc_time,
69c95dd3 742 tvSubUsec(i->start, i->stop));
743 if (i->timeout)
83704487 744 statCounter.icp.query_timeouts++;
69c95dd3 745 break;
746 case PEER_SA_NETDB:
83704487 747 statCounter.netdb.times_used++;
69c95dd3 748 break;
749 default:
750 break;
17b6e784 751 }
a7c05555 752}
753
7a2f978b 754static void
755httpRequestFree(void *data)
756{
757 clientHttpRequest *http = data;
758 clientHttpRequest **H;
759 ConnStateData *conn = http->conn;
b6a2f15e 760 StoreEntry *e;
7a2f978b 761 request_t *request = http->request;
762 MemObject *mem = NULL;
b6a2f15e 763 debug(33, 3) ("httpRequestFree: %s\n", storeUrl(http->entry));
1b02b5be 764 if (!clientCheckTransferDone(http)) {
94439e4e 765 if (request && request->body_connection)
766 clientAbortBody(request); /* abort body transter */
28ee8ce5 767 /* HN: This looks a bit odd.. why should client_side care about
768 * the ICP selection status?
bbf5ef83 769 */
b6a2f15e 770 if (http->entry && http->entry->ping_status == PING_WAITING)
771 storeReleaseRequest(http->entry);
7a2f978b 772 }
773 assert(http->log_type < LOG_TYPE_MAX);
b6a2f15e 774 if (http->entry)
775 mem = http->entry->mem_obj;
7a2f978b 776 if (http->out.size || http->log_type) {
728da2ee 777 http->al.icp.opcode = ICP_INVALID;
ef65d6ca 778 http->al.url = http->log_uri;
779 debug(33, 9) ("httpRequestFree: al.url='%s'\n", http->al.url);
7a2f978b 780 if (mem) {
cb69b4c7 781 http->al.http.code = mem->reply->sline.status;
038eb4ed 782 http->al.http.content_type = strBuf(mem->reply->content_type);
7a2f978b 783 }
784 http->al.cache.caddr = conn->log_addr;
785 http->al.cache.size = http->out.size;
786 http->al.cache.code = http->log_type;
787 http->al.cache.msec = tvSubMsec(http->start, current_time);
7a2f978b 788 if (request) {
2246b732 789 Packer p;
790 MemBuf mb;
791 memBufDefInit(&mb);
792 packerToMemInit(&p, &mb);
793 httpHeaderPackInto(&request->header, &p);
7a2f978b 794 http->al.http.method = request->method;
c68e9c6b 795 http->al.http.version = request->http_ver;
2246b732 796 http->al.headers.request = xstrdup(mb.buf);
7a2f978b 797 http->al.hier = request->hier;
94439e4e 798 if (request->auth_user_request) {
799 http->al.cache.authuser = xstrdup(authenticateUserRequestUsername(request->auth_user_request));
800 authenticateAuthUserRequestUnlock(request->auth_user_request);
801 request->auth_user_request = NULL;
802 }
803 if (conn->rfc931[0])
804 http->al.cache.rfc931 = conn->rfc931;
2246b732 805 packerClean(&p);
806 memBufClean(&mb);
7a2f978b 807 }
808 accessLogLog(&http->al);
a7c05555 809 clientUpdateCounters(http);
6f47fbc7 810 clientdbUpdate(conn->peer.sin_addr, http->log_type, PROTO_HTTP, http->out.size);
7a2f978b 811 }
7a2f978b 812 if (http->acl_checklist)
813 aclChecklistFree(http->acl_checklist);
88aad2e5 814 if (request)
c24fca87 815 checkFailureRatio(request->err_type, http->al.hier.code);
23d92c64 816 safe_free(http->uri);
817 safe_free(http->log_uri);
2246b732 818 safe_free(http->al.headers.request);
7a2f978b 819 safe_free(http->al.headers.reply);
6d38ef86 820 safe_free(http->redirect.location);
d192d11f 821 stringClean(&http->range_iter.boundary);
b6a2f15e 822 if ((e = http->entry)) {
7a2f978b 823 http->entry = NULL;
06d2839d 824 storeUnregister(http->sc, e, http);
e1dcf02d 825 http->sc = NULL;
b6a2f15e 826 storeUnlockObject(e);
7a2f978b 827 }
828 /* old_entry might still be set if we didn't yet get the reply
1b02b5be 829 * code in clientHandleIMSReply() */
b6a2f15e 830 if ((e = http->old_entry)) {
7a2f978b 831 http->old_entry = NULL;
13f14b78 832 storeUnregister(http->old_sc, e, http);
e1dcf02d 833 http->old_sc = NULL;
b6a2f15e 834 storeUnlockObject(e);
7a2f978b 835 }
836 requestUnlink(http->request);
837 assert(http != http->next);
838 assert(http->conn->chr != NULL);
94439e4e 839 /* Unlink us from the clients request list */
7a2f978b 840 H = &http->conn->chr;
841 while (*H) {
842 if (*H == http)
843 break;
844 H = &(*H)->next;
845 }
846 assert(*H != NULL);
847 *H = http->next;
848 http->next = NULL;
0f1bc304 849 dlinkDelete(&http->active, &ClientActiveRequests);
7a2f978b 850 cbdataFree(http);
851}
852
853/* This is a handler normally called by comm_close() */
854static void
855connStateFree(int fd, void *data)
856{
857 ConnStateData *connState = data;
858 clientHttpRequest *http;
93f9abd0 859 debug(33, 3) ("connStateFree: FD %d\n", fd);
7a2f978b 860 assert(connState != NULL);
9bc73deb 861 clientdbEstablished(connState->peer.sin_addr, -1); /* decrement */
79d39a72 862 while ((http = connState->chr) != NULL) {
7a2f978b 863 assert(http->conn == connState);
864 assert(connState->chr != connState->chr->next);
865 httpRequestFree(http);
866 }
5d146f7d 867 if (connState->auth_user_request)
868 authenticateAuthUserRequestUnlock(connState->auth_user_request);
869 connState->auth_user_request = NULL;
870 authenticateOnCloseConnection(connState);
58cd5bbd 871 if (connState->in.size == CLIENT_REQ_BUF_SZ)
872 memFree(connState->in.buf, MEM_CLIENT_REQ_BUF);
873 else
874 safe_free(connState->in.buf);
59c4d35b 875 /* XXX account connState->in.buf */
7a2f978b 876 pconnHistCount(0, connState->nrequests);
877 cbdataFree(connState);
403028a9 878#ifdef _SQUID_LINUX_
879 /* prevent those nasty RST packets */
880 {
881 char buf[SQUID_TCP_SO_RCVBUF];
1f7c9178 882 while (FD_READ_METHOD(fd, buf, SQUID_TCP_SO_RCVBUF) > 0);
403028a9 883 }
884#endif
7a2f978b 885}
886
887static void
99edd1c3 888clientInterpretRequestHeaders(clientHttpRequest * http)
7a2f978b 889{
890 request_t *request = http->request;
99edd1c3 891 const HttpHeader *req_hdr = &request->header;
16f019f5 892 int no_cache = 0;
99edd1c3 893 const char *str;
99edd1c3 894 request->imslen = -1;
895 request->ims = httpHeaderGetTime(req_hdr, HDR_IF_MODIFIED_SINCE);
896 if (request->ims > 0)
92695e5e 897 request->flags.ims = 1;
99edd1c3 898 if (httpHeaderHas(req_hdr, HDR_PRAGMA)) {
899 String s = httpHeaderGetList(req_hdr, HDR_PRAGMA);
16f019f5 900 if (strListIsMember(&s, "no-cache", ','))
901 no_cache++;
902 stringClean(&s);
903 }
9bc73deb 904 request->cache_control = httpHeaderGetCc(req_hdr);
16f019f5 905 if (request->cache_control)
906 if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE))
907 no_cache++;
7613d09c 908 /* Work around for supporting the Reload button in IE browsers
909 * when Squid is used as an accelerator or transparent proxy,
910 * by turning accelerated IMS request to no-cache requests.
911 * Now knows about IE 5.5 fix (is actually only fixed in SP1,
912 * but we can't tell whether we are talking to SP1 or not so
913 * all 5.5 versions are treated 'normally').
f0debecb 914 */
7613d09c 915 if (Config.onoff.ie_refresh) {
f0debecb 916 if (http->flags.accel && request->flags.ims) {
917 if ((str = httpHeaderGetStr(req_hdr, HDR_USER_AGENT))) {
918 if (strstr(str, "MSIE 5.01") != NULL)
919 no_cache++;
920 else if (strstr(str, "MSIE 5.0") != NULL)
921 no_cache++;
922 else if (strstr(str, "MSIE 4.") != NULL)
923 no_cache++;
924 else if (strstr(str, "MSIE 3.") != NULL)
925 no_cache++;
926 }
927 }
7613d09c 928 }
16f019f5 929 if (no_cache) {
9f60cfdf 930#if HTTP_VIOLATIONS
16f019f5 931 if (Config.onoff.reload_into_ims)
932 request->flags.nocache_hack = 1;
933 else if (refresh_nocache_hack)
934 request->flags.nocache_hack = 1;
935 else
9f60cfdf 936#endif
16f019f5 937 request->flags.nocache = 1;
7a2f978b 938 }
4b315324 939 /* ignore range header in non-GETs */
940 if (request->method == METHOD_GET) {
941 request->range = httpHeaderGetRange(req_hdr);
942 if (request->range)
92695e5e 943 request->flags.range = 1;
4b315324 944 }
99edd1c3 945 if (httpHeaderHas(req_hdr, HDR_AUTHORIZATION))
92695e5e 946 request->flags.auth = 1;
7a2f978b 947 if (request->login[0] != '\0')
92695e5e 948 request->flags.auth = 1;
99edd1c3 949 if (httpHeaderHas(req_hdr, HDR_VIA)) {
950 String s = httpHeaderGetList(req_hdr, HDR_VIA);
38a6c74e 951 /*
952 * ThisCache cannot be a member of Via header, "1.0 ThisCache" can.
953 * Note ThisCache2 has a space prepended to the hostname so we don't
954 * accidentally match super-domains.
955 */
956 if (strListIsSubstr(&s, ThisCache2, ',')) {
c68e9c6b 957 debugObj(33, 1, "WARNING: Forwarding loop detected for:\n",
958 request, (ObjPackMethod) & httpRequestPack);
92695e5e 959 request->flags.loopdetect = 1;
7a2f978b 960 }
d21f1c54 961#if FORW_VIA_DB
ea285003 962 fvdbCountVia(strBuf(s));
d21f1c54 963#endif
99edd1c3 964 stringClean(&s);
d21f1c54 965 }
7a2f978b 966#if USE_USERAGENT_LOG
99edd1c3 967 if ((str = httpHeaderGetStr(req_hdr, HDR_USER_AGENT)))
968 logUserAgent(fqdnFromAddr(http->conn->peer.sin_addr), str);
d21f1c54 969#endif
fd2c5549 970#if USE_REFERER_LOG
971 if ((str = httpHeaderGetStr(req_hdr, HDR_REFERER)))
972 logReferer(fqdnFromAddr(http->conn->peer.sin_addr), str,
973 http->log_uri);
974#endif
d21f1c54 975#if FORW_VIA_DB
99edd1c3 976 if (httpHeaderHas(req_hdr, HDR_X_FORWARDED_FOR)) {
977 String s = httpHeaderGetList(req_hdr, HDR_X_FORWARDED_FOR);
978 fvdbCountForw(strBuf(s));
979 stringClean(&s);
980 }
7a2f978b 981#endif
7a2f978b 982 if (request->method == METHOD_TRACE) {
99edd1c3 983 request->max_forwards = httpHeaderGetInt(req_hdr, HDR_MAX_FORWARDS);
7a2f978b 984 }
50ddd7a4 985 if (clientCachable(http))
92695e5e 986 request->flags.cachable = 1;
50ddd7a4 987 if (clientHierarchical(http))
92695e5e 988 request->flags.hierarchical = 1;
99edd1c3 989 debug(33, 5) ("clientInterpretRequestHeaders: REQ_NOCACHE = %s\n",
92695e5e 990 request->flags.nocache ? "SET" : "NOT SET");
99edd1c3 991 debug(33, 5) ("clientInterpretRequestHeaders: REQ_CACHABLE = %s\n",
92695e5e 992 request->flags.cachable ? "SET" : "NOT SET");
99edd1c3 993 debug(33, 5) ("clientInterpretRequestHeaders: REQ_HIERARCHICAL = %s\n",
92695e5e 994 request->flags.hierarchical ? "SET" : "NOT SET");
7a2f978b 995}
996
c68e9c6b 997/*
998 * clientSetKeepaliveFlag() sets request->flags.proxy_keepalive.
999 * This is the client-side persistent connection flag. We need
1000 * to set this relatively early in the request processing
1001 * to handle hacks for broken servers and clients.
1002 */
1003static void
1004clientSetKeepaliveFlag(clientHttpRequest * http)
1005{
1006 request_t *request = http->request;
1007 const HttpHeader *req_hdr = &request->header;
ccf44862 1008 debug(33, 3) ("clientSetKeepaliveFlag: http_ver = %d.%d\n",
1009 request->http_ver.major, request->http_ver.minor);
c68e9c6b 1010 debug(33, 3) ("clientSetKeepaliveFlag: method = %s\n",
1011 RequestMethodStr[request->method]);
efd900cb 1012 if (!Config.onoff.client_pconns)
1013 request->flags.proxy_keepalive = 0;
1014 else if (httpMsgIsPersistent(request->http_ver, req_hdr))
c68e9c6b 1015 request->flags.proxy_keepalive = 1;
c68e9c6b 1016}
1017
31be8b80 1018static int
efb9218c 1019clientCheckContentLength(request_t * r)
31be8b80 1020{
ffc128c4 1021 switch (r->method) {
1022 case METHOD_PUT:
1023 case METHOD_POST:
1024 /* PUT/POST requires a request entity */
2a6b906c 1025 return (r->content_length >= 0);
ffc128c4 1026 case METHOD_GET:
1027 case METHOD_HEAD:
1028 /* We do not want to see a request entity on GET/HEAD requests */
2a6b906c 1029 return (r->content_length <= 0);
ffc128c4 1030 default:
1031 /* For other types of requests we don't care */
0cdcddb9 1032 return 1;
ffc128c4 1033 }
1034 /* NOT REACHED */
31be8b80 1035}
1036
7a2f978b 1037static int
50ddd7a4 1038clientCachable(clientHttpRequest * http)
7a2f978b 1039{
23d92c64 1040 const char *url = http->uri;
7a2f978b 1041 request_t *req = http->request;
1042 method_t method = req->method;
7a2f978b 1043 if (req->protocol == PROTO_HTTP)
1044 return httpCachable(method);
1045 /* FTP is always cachable */
7a2f978b 1046 if (req->protocol == PROTO_WAIS)
1047 return 0;
1048 if (method == METHOD_CONNECT)
1049 return 0;
1050 if (method == METHOD_TRACE)
1051 return 0;
94439e4e 1052 if (method == METHOD_PUT)
1053 return 0;
1054 if (method == METHOD_POST)
1055 return 0; /* XXX POST may be cached sometimes.. ignored for now */
1056 if (req->protocol == PROTO_GOPHER)
1057 return gopherCachable(url);
7a2f978b 1058 if (req->protocol == PROTO_CACHEOBJ)
1059 return 0;
1060 return 1;
1061}
1062
1063/* Return true if we can query our neighbors for this object */
1064static int
50ddd7a4 1065clientHierarchical(clientHttpRequest * http)
7a2f978b 1066{
23d92c64 1067 const char *url = http->uri;
7a2f978b 1068 request_t *request = http->request;
1069 method_t method = request->method;
1070 const wordlist *p = NULL;
1071
1072 /* IMS needs a private key, so we can use the hierarchy for IMS only
1073 * if our neighbors support private keys */
92695e5e 1074 if (request->flags.ims && !neighbors_do_private_keys)
7a2f978b 1075 return 0;
92695e5e 1076 if (request->flags.auth)
7a2f978b 1077 return 0;
1078 if (method == METHOD_TRACE)
1079 return 1;
1080 if (method != METHOD_GET)
1081 return 0;
1082 /* scan hierarchy_stoplist */
1083 for (p = Config.hierarchy_stoplist; p; p = p->next)
1084 if (strstr(url, p->key))
1085 return 0;
92695e5e 1086 if (request->flags.loopdetect)
7a2f978b 1087 return 0;
1088 if (request->protocol == PROTO_HTTP)
1089 return httpCachable(method);
1090 if (request->protocol == PROTO_GOPHER)
1091 return gopherCachable(url);
1092 if (request->protocol == PROTO_WAIS)
1093 return 0;
1094 if (request->protocol == PROTO_CACHEOBJ)
1095 return 0;
1096 return 1;
1097}
1098
cf50a0af 1099int
7a2f978b 1100isTcpHit(log_type code)
1101{
1102 /* this should be a bitmap for better optimization */
1103 if (code == LOG_TCP_HIT)
1104 return 1;
1105 if (code == LOG_TCP_IMS_HIT)
1106 return 1;
1107 if (code == LOG_TCP_REFRESH_FAIL_HIT)
1108 return 1;
1109 if (code == LOG_TCP_REFRESH_HIT)
1110 return 1;
1111 if (code == LOG_TCP_NEGATIVE_HIT)
1112 return 1;
1113 if (code == LOG_TCP_MEM_HIT)
1114 return 1;
b540e168 1115 if (code == LOG_TCP_OFFLINE_HIT)
1116 return 1;
7a2f978b 1117 return 0;
1118}
1119
1c3e77cd 1120/*
1121 * returns true if If-Range specs match reply, false otherwise
1122 */
a9771e51 1123static int
1124clientIfRangeMatch(clientHttpRequest * http, HttpReply * rep)
1125{
1126 const TimeOrTag spec = httpHeaderGetTimeOrTag(&http->request->header, HDR_IF_RANGE);
1127 /* check for parsing falure */
1128 if (!spec.valid)
1129 return 0;
1130 /* got an ETag? */
1131 if (spec.tag.str) {
1132 ETag rep_tag = httpHeaderGetETag(&rep->header, HDR_ETAG);
ebb6e9a0 1133 debug(33, 3) ("clientIfRangeMatch: ETags: %s and %s\n",
a9771e51 1134 spec.tag.str, rep_tag.str ? rep_tag.str : "<none>");
1135 if (!rep_tag.str)
ebb6e9a0 1136 return 0; /* entity has no etag to compare with! */
a9771e51 1137 if (spec.tag.weak || rep_tag.weak) {
9834a631 1138 debug(33, 1) ("clientIfRangeMatch: Weak ETags are not allowed in If-Range: %s ? %s\n",
a9771e51 1139 spec.tag.str, rep_tag.str);
ebb6e9a0 1140 return 0; /* must use strong validator for sub-range requests */
a9771e51 1141 }
1142 return etagIsEqual(&rep_tag, &spec.tag);
1143 }
1144 /* got modification time? */
1145 if (spec.time >= 0) {
1146 return http->entry->lastmod <= spec.time;
1147 }
ebb6e9a0 1148 assert(0); /* should not happen */
a9771e51 1149 return 0;
1150}
1151
71540aeb 1152/* returns expected content length for multi-range replies
1153 * note: assumes that httpHdrRangeCanonize has already been called
1154 * warning: assumes that HTTP headers for individual ranges at the
1155 * time of the actuall assembly will be exactly the same as
1156 * the headers when clientMRangeCLen() is called */
1157static int
f6308664 1158clientMRangeCLen(clientHttpRequest * http)
1159{
71540aeb 1160 int clen = 0;
1161 HttpHdrRangePos pos = HttpHdrRangeInitPos;
1162 const HttpHdrRangeSpec *spec;
1163 MemBuf mb;
1164
1165 assert(http->entry->mem_obj);
1166
1167 memBufDefInit(&mb);
1168 while ((spec = httpHdrRangeGetSpec(http->request->range, &pos))) {
1169
1170 /* account for headers for this range */
1171 memBufReset(&mb);
1172 clientPackRangeHdr(http->entry->mem_obj->reply,
1173 spec, http->range_iter.boundary, &mb);
1174 clen += mb.size;
1175
1176 /* account for range content */
1177 clen += spec->length;
1178
32754419 1179 debug(33, 6) ("clientMRangeCLen: (clen += %ld + %ld) == %d\n",
1180 (long int) mb.size, (long int) spec->length, clen);
71540aeb 1181 }
1182 /* account for the terminating boundary */
1183 memBufReset(&mb);
1184 clientPackTermBound(http->range_iter.boundary, &mb);
1185 clen += mb.size;
1186
1187 memBufClean(&mb);
1188 return clen;
1189}
1190
e17d81d3 1191/* adds appropriate Range headers if needed */
1192static void
1193clientBuildRangeHeader(clientHttpRequest * http, HttpReply * rep)
1194{
5e2dba16 1195 HttpHeader *hdr = rep ? &rep->header : 0;
e17d81d3 1196 const char *range_err = NULL;
288c06ce 1197 request_t *request = http->request;
623bfa4c 1198 int is_hit = isTcpHit(http->log_type);
288c06ce 1199 assert(request->range);
e17d81d3 1200 /* check if we still want to do ranges */
9834a631 1201 if (!rep)
1202 range_err = "no [parse-able] reply";
1203 else if (rep->sline.status != HTTP_OK)
e17d81d3 1204 range_err = "wrong status code";
ebb6e9a0 1205 else if (httpHeaderHas(hdr, HDR_CONTENT_RANGE))
e17d81d3 1206 range_err = "origin server does ranges";
ebb6e9a0 1207 else if (rep->content_length < 0)
e17d81d3 1208 range_err = "unknown length";
ebb6e9a0 1209 else if (rep->content_length != http->entry->mem_obj->reply->content_length)
1210 range_err = "INCONSISTENT length"; /* a bug? */
1211 else if (httpHeaderHas(&http->request->header, HDR_IF_RANGE) && !clientIfRangeMatch(http, rep))
a9771e51 1212 range_err = "If-Range match failed";
ebb6e9a0 1213 else if (!httpHdrRangeCanonize(http->request->range, rep->content_length))
e17d81d3 1214 range_err = "canonization failed";
ebb6e9a0 1215 else if (httpHdrRangeIsComplex(http->request->range))
e17d81d3 1216 range_err = "too complex range header";
a4b8110e 1217 else if (!request->flags.cachable) /* from we_do_ranges in http.c */
288c06ce 1218 range_err = "non-cachable request";
623bfa4c 1219 else if (!is_hit && httpHdrRangeOffsetLimit(http->request->range))
1220 range_err = "range outside range_offset_limit";
e17d81d3 1221 /* get rid of our range specs on error */
1222 if (range_err) {
badd8ff0 1223 debug(33, 3) ("clientBuildRangeHeader: will not do ranges: %s.\n", range_err);
e17d81d3 1224 httpHdrRangeDestroy(http->request->range);
1225 http->request->range = NULL;
1226 } else {
1227 const int spec_count = http->request->range->specs.count;
71540aeb 1228 int actual_clen = -1;
1229
badd8ff0 1230 debug(33, 3) ("clientBuildRangeHeader: range spec count: %d virgin clen: %d\n",
e17d81d3 1231 spec_count, rep->content_length);
1232 assert(spec_count > 0);
a9771e51 1233 /* ETags should not be returned with Partial Content replies? */
1234 httpHeaderDelById(hdr, HDR_ETAG);
ebb6e9a0 1235 /* append appropriate header(s) */
e17d81d3 1236 if (spec_count == 1) {
1237 HttpHdrRangePos pos = HttpHdrRangeInitPos;
889b534a 1238 const HttpHdrRangeSpec *spec = httpHdrRangeGetSpec(http->request->range, &pos);
1239 assert(spec);
e17d81d3 1240 /* append Content-Range */
889b534a 1241 httpHeaderAddContRange(hdr, *spec, rep->content_length);
71540aeb 1242 /* set new Content-Length to the actual number of bytes
e17d81d3 1243 * transmitted in the message-body */
71540aeb 1244 actual_clen = spec->length;
e17d81d3 1245 } else {
1246 /* multipart! */
1247 /* generate boundary string */
1248 http->range_iter.boundary = httpHdrRangeBoundaryStr(http);
1249 /* delete old Content-Type, add ours */
1250 httpHeaderDelById(hdr, HDR_CONTENT_TYPE);
1251 httpHeaderPutStrf(hdr, HDR_CONTENT_TYPE,
1252 "multipart/byteranges; boundary=\"%s\"",
1253 strBuf(http->range_iter.boundary));
71540aeb 1254 /* Content-Length is not required in multipart responses
1255 * but it is always nice to have one */
1256 actual_clen = clientMRangeCLen(http);
e17d81d3 1257 }
71540aeb 1258
1259 /* replace Content-Length header */
1260 assert(actual_clen >= 0);
1261 httpHeaderDelById(hdr, HDR_CONTENT_LENGTH);
1262 httpHeaderPutInt(hdr, HDR_CONTENT_LENGTH, actual_clen);
badd8ff0 1263 debug(33, 3) ("clientBuildRangeHeader: actual content length: %d\n", actual_clen);
e17d81d3 1264 }
1265}
1266
35282fbf 1267/*
1268 * filters out unwanted entries from original reply header
d192d11f 1269 * adds extra entries if we have more info than origin server
35282fbf 1270 * adds Squid specific entries
1271 */
2246b732 1272static void
eeb423fb 1273clientBuildReplyHeader(clientHttpRequest * http, HttpReply * rep)
2246b732 1274{
1275 HttpHeader *hdr = &rep->header;
1276 int is_hit = isTcpHit(http->log_type);
7673173d 1277 request_t *request = http->request;
2246b732 1278#if DONT_FILTER_THESE
1279 /* but you might want to if you run Squid as an HTTP accelerator */
d192d11f 1280 /* httpHeaderDelById(hdr, HDR_ACCEPT_RANGES); */
2246b732 1281 httpHeaderDelById(hdr, HDR_ETAG);
1282#endif
1283 httpHeaderDelById(hdr, HDR_PROXY_CONNECTION);
1284 /* here: Keep-Alive is a field-name, not a connection directive! */
1285 httpHeaderDelByName(hdr, "Keep-Alive");
1286 /* remove Set-Cookie if a hit */
1287 if (is_hit)
1288 httpHeaderDelById(hdr, HDR_SET_COOKIE);
1289 /* handle Connection header */
1290 if (httpHeaderHas(hdr, HDR_CONNECTION)) {
1291 /* anything that matches Connection list member will be deleted */
1292 String strConnection = httpHeaderGetList(hdr, HDR_CONNECTION);
1293 const HttpHeaderEntry *e;
1294 HttpHeaderPos pos = HttpHeaderInitPos;
7673173d 1295 /*
1296 * think: on-average-best nesting of the two loops (hdrEntry
1297 * and strListItem) @?@
1298 */
1299 /*
1300 * maybe we should delete standard stuff ("keep-alive","close")
1301 * from strConnection first?
1302 */
2246b732 1303 while ((e = httpHeaderGetEntry(hdr, &pos))) {
1304 if (strListIsMember(&strConnection, strBuf(e->name), ','))
1305 httpHeaderDelAt(hdr, pos);
1306 }
1307 httpHeaderDelById(hdr, HDR_CONNECTION);
1308 stringClean(&strConnection);
1309 }
d192d11f 1310 /* Handle Ranges */
7673173d 1311 if (request->range)
e17d81d3 1312 clientBuildRangeHeader(http, rep);
7673173d 1313 /*
efd900cb 1314 * Add a estimated Age header on cache hits.
7673173d 1315 */
efd900cb 1316 if (is_hit) {
1317 /*
1318 * Remove any existing Age header sent by upstream caches
1319 * (note that the existing header is passed along unmodified
1320 * on cache misses)
1321 */
cc66f616 1322 httpHeaderDelById(hdr, HDR_AGE);
7673173d 1323 /*
efd900cb 1324 * This adds the calculated object age. Note that the details of the
1325 * age calculation is performed by adjusting the timestamp in
1326 * storeTimestampsSet(), not here.
1327 *
1328 * BROWSER WORKAROUND: IE sometimes hangs when receiving a 0 Age
1329 * header, so don't use it unless there is a age to report. Please
1330 * note that Age is only used to make a conservative estimation of
1331 * the objects age, so a Age: 0 header does not add any useful
1332 * information to the reply in any case.
7673173d 1333 */
6fd26c18 1334 if (NULL == http->entry)
1335 (void) 0;
1336 else if (http->entry->timestamp < 0)
1337 (void) 0;
15eab38b 1338 else if (http->entry->timestamp < squid_curtime)
6fd26c18 1339 httpHeaderPutInt(hdr, HDR_AGE,
1340 squid_curtime - http->entry->timestamp);
cc66f616 1341 }
94439e4e 1342 /* Handle authentication headers */
1343 if (request->auth_user_request)
721b0310 1344 authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel, 0);
2246b732 1345 /* Append X-Cache */
1346 httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s",
1347 is_hit ? "HIT" : "MISS", getMyHostname());
1348#if USE_CACHE_DIGESTS
1349 /* Append X-Cache-Lookup: -- temporary hack, to be removed @?@ @?@ */
1350 httpHeaderPutStrf(hdr, HDR_X_CACHE_LOOKUP, "%s from %s:%d",
1351 http->lookup_type ? http->lookup_type : "NONE",
7e3ce7b9 1352 getMyHostname(), ntohs(Config.Sockaddr.http->s.sin_port));
2246b732 1353#endif
9bc73deb 1354 if (httpReplyBodySize(request->method, rep) < 0) {
2d5a59cd 1355 debug(33, 3) ("clientBuildReplyHeader: can't keep-alive, unknown body size\n");
35282fbf 1356 request->flags.proxy_keepalive = 0;
1357 }
2246b732 1358 /* Signal keep-alive if needed */
7673173d 1359 httpHeaderPutStr(hdr,
1360 http->flags.accel ? HDR_CONNECTION : HDR_PROXY_CONNECTION,
92695e5e 1361 request->flags.proxy_keepalive ? "keep-alive" : "close");
2246b732 1362#if ADD_X_REQUEST_URI
1363 /*
1364 * Knowing the URI of the request is useful when debugging persistent
1365 * connections in a client; we cannot guarantee the order of http headers,
1366 * but X-Request-URI is likely to be the very last header to ease use from a
1367 * debugger [hdr->entries.count-1].
1368 */
eeb423fb 1369 httpHeaderPutStr(hdr, HDR_X_REQUEST_URI,
2246b732 1370 http->entry->mem_obj->url ? http->entry->mem_obj->url : http->uri);
1371#endif
6bccf575 1372 httpHdrMangleList(hdr, request);
2246b732 1373}
1374
eeb423fb 1375static HttpReply *
2246b732 1376clientBuildReply(clientHttpRequest * http, const char *buf, size_t size)
1377{
1378 HttpReply *rep = httpReplyCreate();
9bc73deb 1379 size_t k = headersEnd(buf, size);
1380 if (k && httpReplyParse(rep, buf, k)) {
2246b732 1381 /* enforce 1.0 reply version */
bffee5af 1382 httpBuildVersion(&rep->sline.version, 1, 0);
2246b732 1383 /* do header conversions */
1384 clientBuildReplyHeader(http, rep);
d192d11f 1385 /* if we do ranges, change status to "Partial Content" */
1386 if (http->request->range)
9bc73deb 1387 httpStatusLineSet(&rep->sline, rep->sline.version,
1388 HTTP_PARTIAL_CONTENT, NULL);
2246b732 1389 } else {
1390 /* parsing failure, get rid of the invalid reply */
1391 httpReplyDestroy(rep);
1392 rep = NULL;
9834a631 1393 /* if we were going to do ranges, backoff */
9bc73deb 1394 if (http->request->range) {
1395 /* this will fail and destroy request->range */
1396 clientBuildRangeHeader(http, rep);
1397 }
2246b732 1398 }
1399 return rep;
1400}
7a2f978b 1401
85071fe3 1402/*
1403 * clientCacheHit should only be called until the HTTP reply headers
1404 * have been parsed. Normally this should be a single call, but
1405 * it might take more than one. As soon as we have the headers,
1406 * we hand off to clientSendMoreData, clientProcessExpired, or
1407 * clientProcessMiss.
1408 */
4c323c5f 1409static void
7a2f978b 1410clientCacheHit(void *data, char *buf, ssize_t size)
1411{
1412 clientHttpRequest *http = data;
49d3fcb0 1413 StoreEntry *e = http->entry;
1414 MemObject *mem;
1415 request_t *r = http->request;
93f9abd0 1416 debug(33, 3) ("clientCacheHit: %s, %d bytes\n", http->uri, (int) size);
49d3fcb0 1417 if (http->entry == NULL) {
db1cd23c 1418 memFree(buf, MEM_CLIENT_SOCK_BUF);
93f9abd0 1419 debug(33, 3) ("clientCacheHit: request aborted\n");
49d3fcb0 1420 return;
1421 } else if (size < 0) {
7a2f978b 1422 /* swap in failure */
db1cd23c 1423 memFree(buf, MEM_CLIENT_SOCK_BUF);
93f9abd0 1424 debug(33, 3) ("clientCacheHit: swapin failure for %s\n", http->uri);
7a2f978b 1425 http->log_type = LOG_TCP_SWAPFAIL_MISS;
fdfc0d63 1426 if ((e = http->entry)) {
1427 http->entry = NULL;
06d2839d 1428 storeUnregister(http->sc, e, http);
e1dcf02d 1429 http->sc = NULL;
fdfc0d63 1430 storeUnlockObject(e);
1431 }
fb63215a 1432 clientProcessMiss(http);
49d3fcb0 1433 return;
1434 }
1435 assert(size > 0);
1436 mem = e->mem_obj;
b7fe0ab0 1437 assert(!EBIT_TEST(e->flags, ENTRY_ABORTED));
49d3fcb0 1438 if (mem->reply->sline.status == 0) {
1439 /*
1440 * we don't have full reply headers yet; either wait for more or
1441 * punt to clientProcessMiss.
1442 */
25944e56 1443 if (e->mem_status == IN_MEMORY || e->store_status == STORE_OK) {
db1cd23c 1444 memFree(buf, MEM_CLIENT_SOCK_BUF);
49d3fcb0 1445 clientProcessMiss(http);
cc27d775 1446 } else if (size == CLIENT_SOCK_SZ && http->out.offset == 0) {
db1cd23c 1447 memFree(buf, MEM_CLIENT_SOCK_BUF);
49d3fcb0 1448 clientProcessMiss(http);
1449 } else {
1450 debug(33, 3) ("clientCacheHit: waiting for HTTP reply headers\n");
06d2839d 1451 storeClientCopy(http->sc, e,
49d3fcb0 1452 http->out.offset + size,
1453 http->out.offset,
cc27d775 1454 CLIENT_SOCK_SZ,
49d3fcb0 1455 buf,
1456 clientCacheHit,
1457 http);
1458 }
1459 return;
1460 }
1461 /*
1462 * Got the headers, now grok them
1463 */
1464 assert(http->log_type == LOG_TCP_HIT);
f66a9ef4 1465 switch (varyEvaluateMatch(e, r)) {
1466 case VARY_NONE:
1467 /* No variance detected. Continue as normal */
1468 break;
1469 case VARY_MATCH:
1470 /* This is the correct entity for this request. Continue */
1471 debug(33, 2) ("clientProcessHit: Vary MATCH!\n");
1472 break;
1473 case VARY_OTHER:
1474 /* This is not the correct entity for this request. We need
1475 * to requery the cache.
1476 */
1477 memFree(buf, MEM_CLIENT_SOCK_BUF);
1478 http->entry = NULL;
1479 storeUnregister(http->sc, e, http);
1480 http->sc = NULL;
1481 storeUnlockObject(e);
1482 /* Note: varyEvalyateMatch updates the request with vary information
1483 * so we only get here once. (it also takes care of cancelling loops)
1484 */
1485 debug(33, 2) ("clientProcessHit: Vary detected!\n");
1486 clientProcessRequest(http);
1487 return;
1488 case VARY_CANCEL:
1489 /* varyEvaluateMatch found a object loop. Process as miss */
1490 debug(33, 1) ("clientProcessHit: Vary object loop!\n");
1491 memFree(buf, MEM_CLIENT_SOCK_BUF);
1492 clientProcessMiss(http);
1493 return;
1494 }
1495 if (r->method == METHOD_PURGE) {
1496 memFree(buf, MEM_CLIENT_SOCK_BUF);
1497 http->entry = NULL;
1498 storeUnregister(http->sc, e, http);
1499 http->sc = NULL;
1500 storeUnlockObject(e);
1501 clientPurgeRequest(http);
1502 return;
1503 }
49d3fcb0 1504 if (checkNegativeHit(e)) {
1505 http->log_type = LOG_TCP_NEGATIVE_HIT;
1506 clientSendMoreData(data, buf, size);
d657ffad 1507 } else if (r->method == METHOD_HEAD) {
1508 /*
1509 * RFC 2068 seems to indicate there is no "conditional HEAD"
1510 * request. We cannot validate a cached object for a HEAD
1511 * request, nor can we return 304.
1512 */
1513 if (e->mem_status == IN_MEMORY)
1514 http->log_type = LOG_TCP_MEM_HIT;
1515 clientSendMoreData(data, buf, size);
829a9357 1516 } else if (refreshCheckHTTP(e, r) && !http->flags.internal) {
5dd13cf3 1517 debug(33, 5) ("clientCacheHit: in refreshCheck() block\n");
49d3fcb0 1518 /*
1519 * We hold a stale copy; it needs to be validated
1520 */
9689d97c 1521 /*
1522 * The 'need_validation' flag is used to prevent forwarding
1523 * loops between siblings. If our copy of the object is stale,
1524 * then we should probably only use parents for the validation
1525 * request. Otherwise two siblings could generate a loop if
1526 * both have a stale version of the object.
1527 */
1528 r->flags.need_validation = 1;
0cdcddb9 1529 if (e->lastmod < 0) {
1530 /*
1c3e77cd 1531 * Previous reply didn't have a Last-Modified header,
1532 * we cannot revalidate it.
1533 */
1534 http->log_type = LOG_TCP_MISS;
1535 clientProcessMiss(http);
92695e5e 1536 } else if (r->flags.nocache) {
cbe3a719 1537 /*
1538 * This did not match a refresh pattern that overrides no-cache
1539 * we should honour the client no-cache header.
1540 */
1541 http->log_type = LOG_TCP_CLIENT_REFRESH_MISS;
1542 clientProcessMiss(http);
1c3e77cd 1543 } else if (r->protocol == PROTO_HTTP) {
cbe3a719 1544 /*
1545 * Object needs to be revalidated
1546 * XXX This could apply to FTP as well, if Last-Modified is known.
1547 */
49d3fcb0 1548 http->log_type = LOG_TCP_REFRESH_MISS;
1549 clientProcessExpired(http);
1550 } else {
cbe3a719 1551 /*
1552 * We don't know how to re-validate other protocols. Handle
1553 * them as if the object has expired.
1554 */
49d3fcb0 1555 http->log_type = LOG_TCP_MISS;
1556 clientProcessMiss(http);
1557 }
db1cd23c 1558 memFree(buf, MEM_CLIENT_SOCK_BUF);
92695e5e 1559 } else if (r->flags.ims) {
49d3fcb0 1560 /*
1561 * Handle If-Modified-Since requests from the client
1562 */
1563 if (mem->reply->sline.status != HTTP_OK) {
1564 debug(33, 4) ("clientCacheHit: Reply code %d != 200\n",
1565 mem->reply->sline.status);
db1cd23c 1566 memFree(buf, MEM_CLIENT_SOCK_BUF);
1ecaa0a0 1567 http->log_type = LOG_TCP_MISS;
49d3fcb0 1568 clientProcessMiss(http);
1569 } else if (modifiedSince(e, http->request)) {
815ef411 1570 http->log_type = LOG_TCP_IMS_HIT;
49d3fcb0 1571 clientSendMoreData(data, buf, size);
1572 } else {
d20b1cd0 1573 time_t timestamp = e->timestamp;
49d3fcb0 1574 MemBuf mb = httpPacked304Reply(e->mem_obj->reply);
1575 http->log_type = LOG_TCP_IMS_HIT;
db1cd23c 1576 memFree(buf, MEM_CLIENT_SOCK_BUF);
06d2839d 1577 storeUnregister(http->sc, e, http);
e1dcf02d 1578 http->sc = NULL;
49d3fcb0 1579 storeUnlockObject(e);
92695e5e 1580 e = clientCreateStoreEntry(http, http->request->method, null_request_flags);
d20b1cd0 1581 /*
1582 * Copy timestamp from the original entry so the 304
1583 * reply has a meaningful Age: header.
1584 */
1585 e->timestamp = timestamp;
49d3fcb0 1586 http->entry = e;
9bc73deb 1587 httpReplyParse(e->mem_obj->reply, mb.buf, mb.size);
49d3fcb0 1588 storeAppend(e, mb.buf, mb.size);
1589 memBufClean(&mb);
1590 storeComplete(e);
1591 }
1592 } else {
1593 /*
1594 * plain ol' cache hit
1595 */
1596 if (e->mem_status == IN_MEMORY)
1597 http->log_type = LOG_TCP_MEM_HIT;
b540e168 1598 else if (Config.onoff.offline)
1599 http->log_type = LOG_TCP_OFFLINE_HIT;
49d3fcb0 1600 clientSendMoreData(data, buf, size);
7a2f978b 1601 }
1602}
1603
71540aeb 1604/* put terminating boundary for multiparts */
1605static void
f6308664 1606clientPackTermBound(String boundary, MemBuf * mb)
71540aeb 1607{
1608 memBufPrintf(mb, "\r\n--%s--\r\n", strBuf(boundary));
32754419 1609 debug(33, 6) ("clientPackTermBound: buf offset: %ld\n", (long int) mb->size);
71540aeb 1610}
d192d11f 1611
aa42ceac 1612/* appends a "part" HTTP header (as in a multi-part/range reply) to the buffer */
1613static void
f6308664 1614clientPackRangeHdr(const HttpReply * rep, const HttpHdrRangeSpec * spec, String boundary, MemBuf * mb)
aa42ceac 1615{
1616 HttpHeader hdr;
1617 Packer p;
1618 assert(rep);
1619 assert(spec);
1620
1621 /* put boundary */
1622 debug(33, 5) ("clientPackRangeHdr: appending boundary: %s\n", strBuf(boundary));
aa42ceac 1623 /* rfc2046 requires to _prepend_ boundary with <crlf>! */
1624 memBufPrintf(mb, "\r\n--%s\r\n", strBuf(boundary));
1625
1626 /* stuff the header with required entries and pack it */
1627 httpHeaderInit(&hdr, hoReply);
1628 if (httpHeaderHas(&rep->header, HDR_CONTENT_TYPE))
f6308664 1629 httpHeaderPutStr(&hdr, HDR_CONTENT_TYPE, httpHeaderGetStr(&rep->header, HDR_CONTENT_TYPE));
aa42ceac 1630 httpHeaderAddContRange(&hdr, *spec, rep->content_length);
1631 packerToMemInit(&p, mb);
1632 httpHeaderPackInto(&hdr, &p);
1633 packerClean(&p);
1634 httpHeaderClean(&hdr);
1635
71540aeb 1636 /* append <crlf> (we packed a header, not a reply) */
aa42ceac 1637 memBufPrintf(mb, crlf);
1638}
1639
9bc73deb 1640/*
1641 * extracts a "range" from *buf and appends them to mb, updating
1642 * all offsets and such.
1643 */
d192d11f 1644static void
9bc73deb 1645clientPackRange(clientHttpRequest * http,
1646 HttpHdrRangeIter * i,
1647 const char **buf,
1648 ssize_t * size,
1649 MemBuf * mb)
d192d11f 1650{
9bc73deb 1651 const ssize_t copy_sz = i->debt_size <= *size ? i->debt_size : *size;
d192d11f 1652 off_t body_off = http->out.offset - i->prefix_size;
1653 assert(*size > 0);
889b534a 1654 assert(i->spec);
9bc73deb 1655 /*
1656 * intersection of "have" and "need" ranges must not be empty
1657 */
889b534a 1658 assert(body_off < i->spec->offset + i->spec->length);
1659 assert(body_off + *size > i->spec->offset);
9bc73deb 1660 /*
1661 * put boundary and headers at the beginning of a range in a
1662 * multi-range
1663 */
889b534a 1664 if (http->request->range->specs.count > 1 && i->debt_size == i->spec->length) {
aa42ceac 1665 assert(http->entry->mem_obj);
1666 clientPackRangeHdr(
f6308664 1667 http->entry->mem_obj->reply, /* original reply */
1668 i->spec, /* current range */
1669 i->boundary, /* boundary, the same for all */
aa42ceac 1670 mb
f6308664 1671 );
d192d11f 1672 }
9bc73deb 1673 /*
1674 * append content
1675 */
32754419 1676 debug(33, 3) ("clientPackRange: appending %ld bytes\n", (long int) copy_sz);
d192d11f 1677 memBufAppend(mb, *buf, copy_sz);
9bc73deb 1678 /*
1679 * update offsets
1680 */
d192d11f 1681 *size -= copy_sz;
1682 i->debt_size -= copy_sz;
1683 body_off += copy_sz;
1684 *buf += copy_sz;
ebb6e9a0 1685 http->out.offset = body_off + i->prefix_size; /* sync */
9bc73deb 1686 /*
1687 * paranoid check
1688 */
d192d11f 1689 assert(*size >= 0 && i->debt_size >= 0);
1690}
1691
889b534a 1692/* returns true if there is still data available to pack more ranges
1693 * increments iterator "i"
1694 * used by clientPackMoreRanges */
1695static int
ebb6e9a0 1696clientCanPackMoreRanges(const clientHttpRequest * http, HttpHdrRangeIter * i, ssize_t size)
889b534a 1697{
1698 /* first update "i" if needed */
1699 if (!i->debt_size) {
1700 if ((i->spec = httpHdrRangeGetSpec(http->request->range, &i->pos)))
1701 i->debt_size = i->spec->length;
1702 }
ebb6e9a0 1703 assert(!i->debt_size == !i->spec); /* paranoid sync condition */
889b534a 1704 /* continue condition: need_more_data && have_more_data */
1705 return i->spec && size > 0;
1706}
d192d11f 1707
1708/* extracts "ranges" from buf and appends them to mb, updating all offsets and such */
1709/* returns true if we need more data */
1710static int
ebb6e9a0 1711clientPackMoreRanges(clientHttpRequest * http, const char *buf, ssize_t size, MemBuf * mb)
d192d11f 1712{
1713 HttpHdrRangeIter *i = &http->range_iter;
d192d11f 1714 /* offset in range specs does not count the prefix of an http msg */
1715 off_t body_off = http->out.offset - i->prefix_size;
1716 assert(size >= 0);
9834a631 1717 /* check: reply was parsed and range iterator was initialized */
1718 assert(i->prefix_size > 0);
d192d11f 1719 /* filter out data according to range specs */
889b534a 1720 while (clientCanPackMoreRanges(http, i, size)) {
ebb6e9a0 1721 off_t start; /* offset of still missing data */
889b534a 1722 assert(i->spec);
1723 start = i->spec->offset + i->spec->length - i->debt_size;
32754419 1724 debug(33, 3) ("clientPackMoreRanges: in: offset: %ld size: %ld\n",
1725 (long int) body_off, (long int) size);
1726 debug(33, 3) ("clientPackMoreRanges: out: start: %ld spec[%ld]: [%ld, %ld), len: %ld debt: %ld\n",
1727 (long int) start, (long int) i->pos, (long int) i->spec->offset, (long int) (i->spec->offset + i->spec->length), (long int) i->spec->length, (long int) i->debt_size);
ebb6e9a0 1728 assert(body_off <= start); /* we did not miss it */
d192d11f 1729 /* skip up to start */
1730 if (body_off + size > start) {
1731 const size_t skip_size = start - body_off;
1732 body_off = start;
1733 size -= skip_size;
1734 buf += skip_size;
1735 } else {
1736 /* has not reached start yet */
1737 body_off += size;
1738 size = 0;
1739 buf = NULL;
1740 }
1741 /* put next chunk if any */
1742 if (size) {
ebb6e9a0 1743 http->out.offset = body_off + i->prefix_size; /* sync */
d192d11f 1744 clientPackRange(http, i, &buf, &size, mb);
ebb6e9a0 1745 body_off = http->out.offset - i->prefix_size; /* sync */
d192d11f 1746 }
1747 }
ebb6e9a0 1748 assert(!i->debt_size == !i->spec); /* paranoid sync condition */
32754419 1749 debug(33, 3) ("clientPackMoreRanges: buf exhausted: in: offset: %ld size: %ld need_more: %ld\n",
1750 (long int) body_off, (long int) size, (long int) i->debt_size);
889b534a 1751 if (i->debt_size) {
32754419 1752 debug(33, 3) ("clientPackMoreRanges: need more: spec[%ld]: [%ld, %ld), len: %ld\n",
1753 (long int) i->pos, (long int) i->spec->offset, (long int) (i->spec->offset + i->spec->length), (long int) i->spec->length);
889b534a 1754 /* skip the data we do not need if possible */
ebb6e9a0 1755 if (i->debt_size == i->spec->length) /* at the start of the cur. spec */
889b534a 1756 body_off = i->spec->offset;
d192d11f 1757 else
889b534a 1758 assert(body_off == i->spec->offset + i->spec->length - i->debt_size);
ebb6e9a0 1759 } else if (http->request->range->specs.count > 1) {
d192d11f 1760 /* put terminating boundary for multiparts */
71540aeb 1761 clientPackTermBound(i->boundary, mb);
d192d11f 1762 }
ebb6e9a0 1763 http->out.offset = body_off + i->prefix_size; /* sync */
889b534a 1764 return i->debt_size > 0;
d192d11f 1765}
1766
0483b991 1767static int
32754419 1768clientReplyBodyTooLarge(HttpReply * rep, ssize_t clen)
0483b991 1769{
a560ee93 1770 if (0 == rep->maxBodySize)
0483b991 1771 return 0; /* disabled */
1772 if (clen < 0)
1773 return 0; /* unknown */
a560ee93 1774 if (clen > rep->maxBodySize)
0483b991 1775 return 1; /* too large */
1776 return 0;
1777}
1778
efd900cb 1779static int
1780clientRequestBodyTooLarge(int clen)
1781{
1782 if (0 == Config.maxRequestBodySize)
1783 return 0; /* disabled */
1784 if (clen < 0)
1785 return 0; /* unknown, bug? */
1786 if (clen > Config.maxRequestBodySize)
1787 return 1; /* too large */
1788 return 0;
1789}
1790
ab874fd0 1791
1792/* Responses with no body will not have a content-type header,
1793 * which breaks the rep_mime_type acl, which
1794 * coincidentally, is the most common acl for reply access lists.
1795 * A better long term fix for this is to allow acl matchs on the various
1796 * status codes, and then supply a default ruleset that puts these
1797 * codes before any user defines access entries. That way the user
1798 * can choose to block these responses where appropriate, but won't get
1799 * mysterious breakages.
1800 */
1801static int
3d15e2d7 1802clientAlwaysAllowResponse(http_status sline)
1803{
ab874fd0 1804 switch (sline) {
3d15e2d7 1805 case HTTP_CONTINUE:
1806 case HTTP_SWITCHING_PROTOCOLS:
1807 case HTTP_PROCESSING:
1808 case HTTP_NO_CONTENT:
1809 case HTTP_NOT_MODIFIED:
1810 return 1;
1811 /* unreached */
1812 break;
1813 default:
1814 return 0;
ab874fd0 1815 }
1816}
1817
1818
2246b732 1819/*
1820 * accepts chunk of a http message in buf, parses prefix, filters headers and
1821 * such, writes processed message to the client's socket
1822 */
4c323c5f 1823static void
7a2f978b 1824clientSendMoreData(void *data, char *buf, ssize_t size)
1825{
1826 clientHttpRequest *http = data;
1827 StoreEntry *entry = http->entry;
1828 ConnStateData *conn = http->conn;
1829 int fd = conn->fd;
2246b732 1830 HttpReply *rep = NULL;
2246b732 1831 const char *body_buf = buf;
1832 ssize_t body_size = size;
9f086470 1833 MemBuf mb;
bcd3b08a 1834 ssize_t check_size = 0;
93f9abd0 1835 debug(33, 5) ("clientSendMoreData: %s, %d bytes\n", http->uri, (int) size);
cc27d775 1836 assert(size <= CLIENT_SOCK_SZ);
40defb17 1837 assert(http->request != NULL);
0f1bc304 1838 dlinkDelete(&http->active, &ClientActiveRequests);
1839 dlinkAdd(http, &http->active, &ClientActiveRequests);
32754419 1840 debug(33, 5) ("clientSendMoreData: FD %d '%s', out.offset=%ld \n",
1841 fd, storeUrl(entry), (long int) http->out.offset);
7a2f978b 1842 if (conn->chr != http) {
1843 /* there is another object in progress, defer this one */
aebbcd07 1844 debug(33, 1) ("clientSendMoreData: Deferring %s\n", storeUrl(entry));
db1cd23c 1845 memFree(buf, MEM_CLIENT_SOCK_BUF);
7a2f978b 1846 return;
b7fe0ab0 1847 } else if (entry && EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
d6e928c9 1848 /* call clientWriteComplete so the client socket gets closed */
1849 clientWriteComplete(fd, NULL, 0, COMM_OK, http);
db1cd23c 1850 memFree(buf, MEM_CLIENT_SOCK_BUF);
7a2f978b 1851 return;
1852 } else if (size < 0) {
d6e928c9 1853 /* call clientWriteComplete so the client socket gets closed */
1854 clientWriteComplete(fd, NULL, 0, COMM_OK, http);
db1cd23c 1855 memFree(buf, MEM_CLIENT_SOCK_BUF);
7a2f978b 1856 return;
1857 } else if (size == 0) {
d6e928c9 1858 /* call clientWriteComplete so the client socket gets closed */
1859 clientWriteComplete(fd, NULL, 0, COMM_OK, http);
db1cd23c 1860 memFree(buf, MEM_CLIENT_SOCK_BUF);
7a2f978b 1861 return;
1862 }
40defb17 1863 if (http->out.offset == 0) {
7a2f978b 1864 if (Config.onoff.log_mime_hdrs) {
2334c194 1865 size_t k;
1866 if ((k = headersEnd(buf, size))) {
7a2f978b 1867 safe_free(http->al.headers.reply);
1afe05c5 1868 http->al.headers.reply = xcalloc(k + 1, 1);
2334c194 1869 xstrncpy(http->al.headers.reply, buf, k);
7a2f978b 1870 }
1871 }
2246b732 1872 rep = clientBuildReply(http, buf, size);
a560ee93 1873 if (rep) {
c4ab8329 1874 aclCheck_t *ch;
1875 int rv;
a560ee93 1876 httpReplyBodyBuildSize(http->request, rep, &Config.ReplyBodySize);
1877 if (clientReplyBodyTooLarge(rep, rep->content_length)) {
6fbf8998 1878 ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN);
1879 err->request = requestLink(http->request);
1880 storeUnregister(http->sc, http->entry, http);
1881 http->sc = NULL;
1882 storeUnlockObject(http->entry);
1883 http->entry = clientCreateStoreEntry(http, http->request->method,
a560ee93 1884 null_request_flags);
6fbf8998 1885 errorAppendEntry(http->entry, err);
1886 httpReplyDestroy(rep);
1887 return;
a560ee93 1888 }
3d15e2d7 1889 body_size = size - rep->hdr_sz;
2246b732 1890 assert(body_size >= 0);
1f7e91a1 1891 body_buf = buf + rep->hdr_sz;
d192d11f 1892 http->range_iter.prefix_size = rep->hdr_sz;
2246b732 1893 debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n",
32754419 1894 (int) body_size, rep->hdr_sz);
c4ab8329 1895 ch = aclChecklistCreate(Config.accessList.reply, http->request, NULL);
1896 ch->reply = rep;
1897 rv = aclCheckFast(Config.accessList.reply, ch);
1898 debug(33, 2) ("The reply for %s %s is %s, because it matched '%s'\n",
1899 RequestMethodStr[http->request->method], http->uri,
1900 rv ? "ALLOWED" : "DENIED",
1901 AclMatchedName ? AclMatchedName : "NO ACL's");
3d15e2d7 1902 if (!rv && rep->sline.status != HTTP_FORBIDDEN
ab874fd0 1903 && !clientAlwaysAllowResponse(rep->sline.status)) {
1904 /* the if above is slightly broken, but there is no way
1905 * to tell if this is a squid generated error page, or one from
c4ab8329 1906 * upstream at this point. */
1907 ErrorState *err;
1908 err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
1909 err->request = requestLink(http->request);
1910 storeUnregister(http->sc, http->entry, http);
1911 http->sc = NULL;
1912 storeUnlockObject(http->entry);
1913 http->entry = clientCreateStoreEntry(http, http->request->method,
1914 null_request_flags);
1915 errorAppendEntry(http->entry, err);
1916 httpReplyDestroy(rep);
1917 return;
1918 }
1919 aclChecklistFree(ch);
cc27d775 1920 } else if (size < CLIENT_SOCK_SZ && entry->store_status == STORE_PENDING) {
9f086470 1921 /* wait for more to arrive */
06d2839d 1922 storeClientCopy(http->sc, entry,
9f086470 1923 http->out.offset + size,
1924 http->out.offset,
cc27d775 1925 CLIENT_SOCK_SZ,
9f086470 1926 buf,
1927 clientSendMoreData,
1928 http);
1929 return;
7a2f978b 1930 }
d192d11f 1931 /* reset range iterator */
1932 http->range_iter.pos = HttpHdrRangeInitPos;
f4f278b5 1933 } else if (!http->request->range) {
1934 /* Avoid copying to MemBuf for non-range requests */
1935 /* Note, if we're here, then 'rep' is known to be NULL */
1936 http->out.offset += body_size;
1937 comm_write(fd, buf, size, clientWriteBodyComplete, http, NULL);
1938 /* NULL because clientWriteBodyComplete frees it */
1939 return;
7a2f978b 1940 }
7a2f978b 1941 if (http->request->method == METHOD_HEAD) {
9f086470 1942 if (rep) {
1943 /* do not forward body for HEAD replies */
1944 body_size = 0;
9f086470 1945 http->flags.done_copying = 1;
1946 } else {
782b5f40 1947 /*
1948 * If we are here, then store_status == STORE_OK and it
1949 * seems we have a HEAD repsponse which is missing the
1950 * empty end-of-headers line (home.mira.net, phttpd/0.99.72
1951 * does this). Because clientBuildReply() fails we just
1952 * call this reply a body, set the done_copying flag and
1953 * continue...
1954 */
1955 http->flags.done_copying = 1;
7a2f978b 1956 }
1957 }
d192d11f 1958 /* write headers and/or body if any */
1f7e91a1 1959 assert(rep || (body_buf && body_size));
9f086470 1960 /* init mb; put status line and headers if any */
1961 if (rep) {
1962 mb = httpReplyPack(rep);
bcd3b08a 1963 http->out.offset += rep->hdr_sz;
1964 check_size += rep->hdr_sz;
c3609322 1965#if HEADERS_LOG
1966 headersLog(0, 0, http->request->method, rep);
1967#endif
5e060348 1968 httpReplyDestroy(rep);
9f086470 1969 rep = NULL;
1970 } else {
b8890359 1971 memBufDefInit(&mb);
9f086470 1972 }
1973 /* append body if any */
e42d5181 1974 if (http->request->range) {
1975 /* Only GET requests should have ranges */
1976 assert(http->request->method == METHOD_GET);
1977 /* clientPackMoreRanges() updates http->out.offset */
1978 /* force the end of the transfer if we are done */
1979 if (!clientPackMoreRanges(http, body_buf, body_size, &mb))
1980 http->flags.done_copying = 1;
1981 } else if (body_buf && body_size) {
1982 http->out.offset += body_size;
1983 check_size += body_size;
1984 memBufAppend(&mb, body_buf, body_size);
2246b732 1985 }
bbe3cbdc 1986 if (!http->request->range && http->request->method == METHOD_GET)
bcd3b08a 1987 assert(check_size == size);
9f086470 1988 /* write */
1989 comm_write_mbuf(fd, mb, clientWriteComplete, http);
2246b732 1990 /* if we don't do it, who will? */
db1cd23c 1991 memFree(buf, MEM_CLIENT_SOCK_BUF);
7a2f978b 1992}
1993
f4f278b5 1994/*
1995 * clientWriteBodyComplete is called for MEM_CLIENT_SOCK_BUF's
1996 * written directly to the client socket, versus copying to a MemBuf
1997 * and going through comm_write_mbuf. Most non-range responses after
1998 * the headers probably go through here.
1999 */
2000static void
2001clientWriteBodyComplete(int fd, char *buf, size_t size, int errflag, void *data)
2002{
2003 /*
2004 * NOTE: clientWriteComplete doesn't currently use its "buf"
2005 * (second) argument, so we pass in NULL.
2006 */
2007 clientWriteComplete(fd, NULL, size, errflag, data);
2008 memFree(buf, MEM_CLIENT_SOCK_BUF);
2009}
2010
21f2031d 2011static void
1a92a1e2 2012clientKeepaliveNextRequest(clientHttpRequest * http)
2013{
2014 ConnStateData *conn = http->conn;
2015 StoreEntry *entry;
ebb6e9a0 2016 debug(33, 3) ("clientKeepaliveNextRequest: FD %d\n", conn->fd);
1a92a1e2 2017 conn->defer.until = 0; /* Kick it to read a new request */
2018 httpRequestFree(http);
21f2031d 2019 if ((http = conn->chr) == NULL) {
2020 debug(33, 5) ("clientKeepaliveNextRequest: FD %d reading next req\n",
2021 conn->fd);
94439e4e 2022 fd_note(conn->fd, "Waiting for next request");
21f2031d 2023 /*
2024 * Set the timeout BEFORE calling clientReadRequest().
2025 */
049d61bb 2026 commSetTimeout(conn->fd, Config.Timeout.persistent_request, requestTimeout, conn);
7f6ffd15 2027 /*
2028 * CYGWIN has a problem and is blocking on read() requests when there
2029 * is no data present.
2030 * This hack may hit performance a little, but it's better than
2031 * blocking!.
2032 */
b05490a8 2033#ifdef _SQUID_CYGWIN_
7f6ffd15 2034 commSetSelect(conn->fd, COMM_SELECT_READ, clientReadRequest, conn, 0);
b05490a8 2035#else
21f2031d 2036 clientReadRequest(conn->fd, conn); /* Read next request */
b05490a8 2037#endif
21f2031d 2038 /*
2039 * Note, the FD may be closed at this point.
2040 */
2041 } else if ((entry = http->entry) == NULL) {
2042 /*
2043 * this request is in progress, maybe doing an ACL or a redirect,
2044 * execution will resume after the operation completes.
2045 */
2046 } else {
1a92a1e2 2047 debug(33, 1) ("clientKeepaliveNextRequest: FD %d Sending next\n",
2048 conn->fd);
7ddc902f 2049 assert(entry);
06d2839d 2050 if (0 == storeClientCopyPending(http->sc, entry, http)) {
b7fe0ab0 2051 if (EBIT_TEST(entry->flags, ENTRY_ABORTED))
2052 debug(33, 0) ("clientKeepaliveNextRequest: ENTRY_ABORTED\n");
06d2839d 2053 storeClientCopy(http->sc, entry,
1a92a1e2 2054 http->out.offset,
2055 http->out.offset,
cc27d775 2056 CLIENT_SOCK_SZ,
2057 memAllocate(MEM_CLIENT_SOCK_BUF),
1a92a1e2 2058 clientSendMoreData,
2059 http);
2060 }
1a92a1e2 2061 }
2062}
2063
fc5d6f7f 2064static void
79a15e0a 2065clientWriteComplete(int fd, char *bufnotused, size_t size, int errflag, void *data)
7a2f978b 2066{
2067 clientHttpRequest *http = data;
7a2f978b 2068 StoreEntry *entry = http->entry;
b34ed725 2069 int done;
7a2f978b 2070 http->out.size += size;
32754419 2071 debug(33, 5) ("clientWriteComplete: FD %d, sz %ld, err %d, off %ld, len %d\n",
2072 fd, (long int) size, errflag, (long int) http->out.offset, entry ? objectLen(entry) : 0);
d8b83480 2073 if (size > 0) {
83704487 2074 kb_incr(&statCounter.client_http.kbytes_out, size);
ea285003 2075 if (isTcpHit(http->log_type))
83704487 2076 kb_incr(&statCounter.client_http.hit_kbytes_out, size);
d8b83480 2077 }
7a2f978b 2078 if (errflag) {
e55650e3 2079 /*
2080 * just close the socket, httpRequestFree will abort if needed
2081 */
7a2f978b 2082 comm_close(fd);
fdfc0d63 2083 } else if (NULL == entry) {
2084 comm_close(fd); /* yuk */
b7fe0ab0 2085 } else if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
7a2f978b 2086 comm_close(fd);
a200bbd2 2087 } else if ((done = clientCheckTransferDone(http)) != 0 || size == 0) {
93f9abd0 2088 debug(33, 5) ("clientWriteComplete: FD %d transfer is DONE\n", fd);
7a2f978b 2089 /* We're finished case */
efd900cb 2090 if (httpReplyBodySize(http->request->method, entry->mem_obj->reply) < 0) {
ebb6e9a0 2091 debug(33, 5) ("clientWriteComplete: closing, content_length < 0\n");
c07aed63 2092 comm_close(fd);
2093 } else if (!done) {
ebb6e9a0 2094 debug(33, 5) ("clientWriteComplete: closing, !done\n");
c07aed63 2095 comm_close(fd);
80980266 2096 } else if (clientGotNotEnough(http)) {
2097 debug(33, 5) ("clientWriteComplete: client didn't get all it expected\n");
7a2f978b 2098 comm_close(fd);
92695e5e 2099 } else if (http->request->flags.proxy_keepalive) {
93f9abd0 2100 debug(33, 5) ("clientWriteComplete: FD %d Keeping Alive\n", fd);
1a92a1e2 2101 clientKeepaliveNextRequest(http);
7a2f978b 2102 } else {
2103 comm_close(fd);
2104 }
32754419 2105 } else if (clientReplyBodyTooLarge(entry->mem_obj->reply, http->out.offset)) {
0483b991 2106 comm_close(fd);
7a2f978b 2107 } else {
2108 /* More data will be coming from primary server; register with
2109 * storage manager. */
b7fe0ab0 2110 if (EBIT_TEST(entry->flags, ENTRY_ABORTED))
2111 debug(33, 0) ("clientWriteComplete 2: ENTRY_ABORTED\n");
06d2839d 2112 storeClientCopy(http->sc, entry,
7a2f978b 2113 http->out.offset,
2114 http->out.offset,
cc27d775 2115 CLIENT_SOCK_SZ,
2116 memAllocate(MEM_CLIENT_SOCK_BUF),
7a2f978b 2117 clientSendMoreData,
2118 http);
2119 }
2120}
2121
038eb4ed 2122/*
99edd1c3 2123 * client issued a request with an only-if-cached cache-control directive;
038eb4ed 2124 * we did not find a cached object that can be returned without
99edd1c3 2125 * contacting other servers;
038eb4ed 2126 * respond with a 504 (Gateway Timeout) as suggested in [RFC 2068]
2127 */
2128static void
2129clientProcessOnlyIfCachedMiss(clientHttpRequest * http)
2130{
2131 char *url = http->uri;
2132 request_t *r = http->request;
2133 ErrorState *err = NULL;
2134 debug(33, 4) ("clientProcessOnlyIfCachedMiss: '%s %s'\n",
2135 RequestMethodStr[r->method], url);
038eb4ed 2136 http->al.http.code = HTTP_GATEWAY_TIMEOUT;
2137 err = errorCon(ERR_ONLY_IF_CACHED_MISS, HTTP_GATEWAY_TIMEOUT);
2138 err->request = requestLink(r);
2139 err->src_addr = http->conn->peer.sin_addr;
d173c77d 2140 if (http->entry) {
06d2839d 2141 storeUnregister(http->sc, http->entry, http);
e1dcf02d 2142 http->sc = NULL;
d173c77d 2143 storeUnlockObject(http->entry);
2144 }
92695e5e 2145 http->entry = clientCreateStoreEntry(http, r->method, null_request_flags);
038eb4ed 2146 errorAppendEntry(http->entry, err);
2147}
2148
cd7a423d 2149/*
7b1e21ff 2150 * Return true if we should force a cache miss on this range request.
2151 * entry must be non-NULL.
cd7a423d 2152 */
2153static int
7b1e21ff 2154clientCheckRangeForceMiss(StoreEntry * entry, HttpHdrRange * range)
cd7a423d 2155{
cd7a423d 2156 /*
7b1e21ff 2157 * If the range_offset_limit is NOT in effect, there
2158 * is no reason to force a miss.
cd7a423d 2159 */
7b1e21ff 2160 if (0 == httpHdrRangeOffsetLimit(range))
cd7a423d 2161 return 0;
2162 /*
7b1e21ff 2163 * Here, we know it's possibly a hit. If we already have the
cd7a423d 2164 * whole object cached, we won't force a miss.
2165 */
2166 if (STORE_OK == entry->store_status)
2167 return 0; /* we have the whole object */
2168 /*
2169 * Now we have a hit on a PENDING object. We need to see
2170 * if the part we want is already cached. If so, we don't
2171 * force a miss.
2172 */
2173 assert(NULL != entry->mem_obj);
7b1e21ff 2174 if (httpHdrRangeFirstOffset(range) <= entry->mem_obj->inmem_hi)
cd7a423d 2175 return 0;
2176 /*
2177 * Even though we have a PENDING copy of the object, we
2178 * don't want to wait to reach the first range offset,
2179 * so we force a miss for a new range request to the
2180 * origin.
2181 */
2182 return 1;
2183}
2184
50ddd7a4 2185static log_type
2186clientProcessRequest2(clientHttpRequest * http)
2187{
1b95ce49 2188 request_t *r = http->request;
50ddd7a4 2189 StoreEntry *e;
d08a99eb 2190 if (r->flags.cachable)
2191 e = http->entry = storeGetPublicByRequest(r);
2192 else
2193 e = http->entry = NULL;
afc1e43f 2194 /* Release negatively cached IP-cache entries on reload */
2195 if (r->flags.nocache)
ecc3091b 2196 ipcacheInvalidate(r->host);
afc1e43f 2197#if HTTP_VIOLATIONS
2198 else if (r->flags.nocache_hack)
ecc3091b 2199 ipcacheInvalidate(r->host);
afc1e43f 2200#endif
6cfa8966 2201#if USE_CACHE_DIGESTS
57b1ff70 2202 http->lookup_type = e ? "HIT" : "MISS";
1ca847dd 2203#endif
49d3fcb0 2204 if (NULL == e) {
50ddd7a4 2205 /* this object isn't in the cache */
ac18f51a 2206 debug(33, 3) ("clientProcessRequest2: storeGet() MISS\n");
50ddd7a4 2207 return LOG_TCP_MISS;
d87ebd78 2208 }
2209 if (Config.onoff.offline) {
ac18f51a 2210 debug(33, 3) ("clientProcessRequest2: offline HIT\n");
b540e168 2211 http->entry = e;
2212 return LOG_TCP_HIT;
d87ebd78 2213 }
40fd4e8d 2214 if (http->redirect.status) {
2215 /* force this to be a miss */
2216 http->entry = NULL;
2217 return LOG_TCP_MISS;
2218 }
d87ebd78 2219 if (!storeEntryValidToSend(e)) {
ac18f51a 2220 debug(33, 3) ("clientProcessRequest2: !storeEntryValidToSend MISS\n");
50ddd7a4 2221 http->entry = NULL;
2222 return LOG_TCP_MISS;
41587298 2223 }
2224 if (EBIT_TEST(e->flags, ENTRY_SPECIAL)) {
abe471ef 2225 /* Special entries are always hits, no matter what the client says */
ac18f51a 2226 debug(33, 3) ("clientProcessRequest2: ENTRY_SPECIAL HIT\n");
abe471ef 2227 http->entry = e;
2228 return LOG_TCP_HIT;
41587298 2229 }
9f60cfdf 2230#if HTTP_VIOLATIONS
92b74dd5 2231 if (e->store_status == STORE_PENDING) {
2232 if (r->flags.nocache || r->flags.nocache_hack) {
2233 debug(33, 3) ("Clearing no-cache for STORE_PENDING request\n\t%s\n",
2234 storeUrl(e));
2235 r->flags.nocache = 0;
2236 r->flags.nocache_hack = 0;
2237 }
1b95ce49 2238 }
9f60cfdf 2239#endif
41587298 2240 if (r->flags.nocache) {
ac18f51a 2241 debug(33, 3) ("clientProcessRequest2: no-cache REFRESH MISS\n");
50ddd7a4 2242 http->entry = NULL;
ee1679df 2243 return LOG_TCP_CLIENT_REFRESH_MISS;
7ddc902f 2244 }
60b8e0e5 2245 if (NULL == r->range) {
2246 (void) 0;
2247 } else if (httpHdrRangeWillBeComplex(r->range)) {
7ddc902f 2248 /*
2249 * Some clients break if we return "200 OK" for a Range
2250 * request. We would have to return "200 OK" for a _complex_
2251 * Range request that is also a HIT. Thus, let's prevent HITs
2252 * on complex Range requests
2253 */
ac18f51a 2254 debug(33, 3) ("clientProcessRequest2: complex range MISS\n");
5d679edb 2255 http->entry = NULL;
cd7a423d 2256 return LOG_TCP_MISS;
7b1e21ff 2257 } else if (clientCheckRangeForceMiss(e, r->range)) {
2a4506f1 2258 debug(33, 3) ("clientProcessRequest2: forcing miss due to range_offset_limit\n");
cd7a423d 2259 http->entry = NULL;
5d679edb 2260 return LOG_TCP_MISS;
50ddd7a4 2261 }
ac18f51a 2262 debug(33, 3) ("clientProcessRequest2: default HIT\n");
41587298 2263 http->entry = e;
2264 return LOG_TCP_HIT;
50ddd7a4 2265}
2266
4c323c5f 2267static void
fb63215a 2268clientProcessRequest(clientHttpRequest * http)
7a2f978b 2269{
23d92c64 2270 char *url = http->uri;
50ddd7a4 2271 request_t *r = http->request;
fb63215a 2272 int fd = http->conn->fd;
1bea1d83 2273 HttpReply *rep;
ccf44862 2274 http_version_t version;
93f9abd0 2275 debug(33, 4) ("clientProcessRequest: %s '%s'\n",
50ddd7a4 2276 RequestMethodStr[r->method],
7a2f978b 2277 url);
fb63215a 2278 if (r->method == METHOD_CONNECT) {
7a2f978b 2279 http->log_type = LOG_TCP_MISS;
974ba0ee 2280 sslStart(fd, url, r, &http->out.size, &http->al.http.code);
ea0efb98 2281 return;
fb63215a 2282 } else if (r->method == METHOD_PURGE) {
ea0efb98 2283 clientPurgeRequest(http);
2284 return;
fb63215a 2285 } else if (r->method == METHOD_TRACE) {
50ddd7a4 2286 if (r->max_forwards == 0) {
92695e5e 2287 http->entry = clientCreateStoreEntry(http, r->method, null_request_flags);
b17b22eb 2288 storeReleaseRequest(http->entry);
2289 storeBuffer(http->entry);
1bea1d83 2290 rep = httpReplyCreate();
bffee5af 2291 httpBuildVersion(&version, 1, 0);
ccf44862 2292 httpReplySetHeaders(rep, version, HTTP_OK, NULL, "text/plain",
2246b732 2293 httpRequestPrefixLen(r), 0, squid_curtime);
1bea1d83 2294 httpReplySwapOut(rep, http->entry);
2295 httpReplyDestroy(rep);
2246b732 2296 httpRequestSwapOut(r, http->entry);
b17b22eb 2297 storeComplete(http->entry);
7a2f978b 2298 return;
2299 }
2300 /* yes, continue */
6addbd81 2301 http->log_type = LOG_TCP_MISS;
31be8b80 2302 } else {
efb9218c 2303 http->log_type = clientProcessRequest2(http);
7a2f978b 2304 }
93f9abd0 2305 debug(33, 4) ("clientProcessRequest: %s for '%s'\n",
7a2f978b 2306 log_tags[http->log_type],
23d92c64 2307 http->uri);
7a2f978b 2308 http->out.offset = 0;
49d3fcb0 2309 if (NULL != http->entry) {
2310 storeLockObject(http->entry);
2311 storeCreateMemObject(http->entry, http->uri, http->log_uri);
2391a162 2312 http->entry->mem_obj->method = r->method;
06d2839d 2313 http->sc = storeClientListAdd(http->entry, http);
447e176b 2314#if DELAY_POOLS
b2585f7e 2315 delaySetStoreClient(http->sc, delayClient(r));
2b906e48 2316#endif
06d2839d 2317 storeClientCopy(http->sc, http->entry,
7a2f978b 2318 http->out.offset,
2319 http->out.offset,
cc27d775 2320 CLIENT_SOCK_SZ,
2321 memAllocate(MEM_CLIENT_SOCK_BUF),
7a2f978b 2322 clientCacheHit,
2323 http);
49d3fcb0 2324 } else {
05f18bd0 2325 /* MISS CASE, http->log_type is already set! */
fb63215a 2326 clientProcessMiss(http);
7a2f978b 2327 }
2328}
2329
2330/*
2331 * Prepare to fetch the object as it's a cache miss of some kind.
2332 */
2333static void
fb63215a 2334clientProcessMiss(clientHttpRequest * http)
7a2f978b 2335{
23d92c64 2336 char *url = http->uri;
f44af445 2337 request_t *r = http->request;
7a2f978b 2338 ErrorState *err = NULL;
93f9abd0 2339 debug(33, 4) ("clientProcessMiss: '%s %s'\n",
f44af445 2340 RequestMethodStr[r->method], url);
79e0dc20 2341 /*
2342 * We might have a left-over StoreEntry from a failed cache hit
2343 * or IMS request.
2344 */
2345 if (http->entry) {
d20b1cd0 2346 if (EBIT_TEST(http->entry->flags, ENTRY_SPECIAL)) {
12784378 2347 debug(33, 0) ("clientProcessMiss: miss on a special object (%s).\n", url);
d20b1cd0 2348 debug(33, 0) ("\tlog_type = %s\n", log_tags[http->log_type]);
2349 storeEntryDump(http->entry, 1);
2350 }
06d2839d 2351 storeUnregister(http->sc, http->entry, http);
e1dcf02d 2352 http->sc = NULL;
79e0dc20 2353 storeUnlockObject(http->entry);
2354 http->entry = NULL;
2355 }
f66a9ef4 2356 if (r->method == METHOD_PURGE) {
2357 clientPurgeRequest(http);
2358 return;
2359 }
7c1d4010 2360 if (clientOnlyIfCached(http)) {
2361 clientProcessOnlyIfCachedMiss(http);
2362 return;
2363 }
9330543e 2364 /*
2365 * Deny loops when running in accelerator/transproxy mode.
2366 */
92695e5e 2367 if (http->flags.accel && r->flags.loopdetect) {
9330543e 2368 http->al.http.code = HTTP_FORBIDDEN;
2369 err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
2370 err->request = requestLink(r);
2371 err->src_addr = http->conn->peer.sin_addr;
92695e5e 2372 http->entry = clientCreateStoreEntry(http, r->method, null_request_flags);
9330543e 2373 errorAppendEntry(http->entry, err);
2374 return;
2375 }
79e0dc20 2376 assert(http->out.offset == 0);
f44af445 2377 http->entry = clientCreateStoreEntry(http, r->method, r->flags);
6d38ef86 2378 if (http->redirect.status) {
2379 HttpReply *rep = httpReplyCreate();
efd900cb 2380#if LOG_TCP_REDIRECTS
2381 http->log_type = LOG_TCP_REDIRECT;
2382#endif
6d38ef86 2383 storeReleaseRequest(http->entry);
2384 httpRedirectReply(rep, http->redirect.status, http->redirect.location);
2385 httpReplySwapOut(rep, http->entry);
2386 httpReplyDestroy(rep);
2387 storeComplete(http->entry);
2388 return;
2389 }
1da5651f 2390 if (http->flags.internal)
2391 r->protocol = PROTO_INTERNAL;
7e3ce7b9 2392 fwdStart(http->conn->fd, http->entry, r);
7a2f978b 2393}
2394
99edd1c3 2395static clientHttpRequest *
2396parseHttpRequestAbort(ConnStateData * conn, const char *uri)
2397{
28c60158 2398 clientHttpRequest *http;
72711e31 2399 http = cbdataAlloc(clientHttpRequest);
99edd1c3 2400 http->conn = conn;
2401 http->start = current_time;
2402 http->req_sz = conn->in.offset;
2403 http->uri = xstrdup(uri);
c68e9c6b 2404 http->log_uri = xstrndup(uri, MAX_URL);
d192d11f 2405 http->range_iter.boundary = StringNull;
0f1bc304 2406 dlinkAdd(http, &http->active, &ClientActiveRequests);
99edd1c3 2407 return http;
2408}
2409
7a2f978b 2410/*
2411 * parseHttpRequest()
2412 *
2413 * Returns
2414 * NULL on error or incomplete request
2415 * a clientHttpRequest structure on success
2416 */
2417static clientHttpRequest *
2418parseHttpRequest(ConnStateData * conn, method_t * method_p, int *status,
ea285003 2419 char **prefix_p, size_t * req_line_sz_p)
7a2f978b 2420{
2421 char *inbuf = NULL;
2422 char *mstr = NULL;
2423 char *url = NULL;
2424 char *req_hdr = NULL;
ccf44862 2425 http_version_t http_ver;
7a2f978b 2426 char *token = NULL;
2427 char *t = NULL;
2334c194 2428 char *end;
7a2f978b 2429 size_t header_sz; /* size of headers, not including first line */
ea285003 2430 size_t prefix_sz; /* size of whole request (req-line + headers) */
7a2f978b 2431 size_t url_sz;
c68e9c6b 2432 size_t req_sz;
7a2f978b 2433 method_t method;
2434 clientHttpRequest *http = NULL;
5cafc1d6 2435#if IPF_TRANSPARENT
2436 struct natlookup natLookup;
2437 static int natfd = -1;
6efce75c 2438 static int siocgnatl_cmd = SIOCGNATL & 0xff;
2439 int x;
5cafc1d6 2440#endif
d852fbad 2441#if LINUX_NETFILTER
2442 size_t sock_sz = sizeof(conn->me);
2443#endif
7a2f978b 2444
6792f0d3 2445 /* pre-set these values to make aborting simpler */
2446 *prefix_p = NULL;
2447 *method_p = METHOD_NONE;
2448 *status = -1;
2449
c68e9c6b 2450 if ((req_sz = headersEnd(conn->in.buf, conn->in.offset)) == 0) {
2451 debug(33, 5) ("Incomplete request, waiting for end of headers\n");
7a2f978b 2452 *status = 0;
2453 return NULL;
2454 }
c68e9c6b 2455 assert(req_sz <= conn->in.offset);
2456 /* Use memcpy, not strdup! */
2457 inbuf = xmalloc(req_sz + 1);
2458 xmemcpy(inbuf, conn->in.buf, req_sz);
2459 *(inbuf + req_sz) = '\0';
7a2f978b 2460
c68e9c6b 2461 /* Barf on NULL characters in the headers */
2462 if (strlen(inbuf) != req_sz) {
2463 debug(33, 1) ("parseHttpRequest: Requestheader contains NULL characters\n");
c797472e 2464 xfree(inbuf);
c68e9c6b 2465 return parseHttpRequestAbort(conn, "error:invalid-request");
2466 }
7a2f978b 2467 /* Look for request method */
2468 if ((mstr = strtok(inbuf, "\t ")) == NULL) {
93f9abd0 2469 debug(33, 1) ("parseHttpRequest: Can't get request method\n");
c797472e 2470 xfree(inbuf);
99edd1c3 2471 return parseHttpRequestAbort(conn, "error:invalid-request-method");
7a2f978b 2472 }
2473 method = urlParseMethod(mstr);
2474 if (method == METHOD_NONE) {
93f9abd0 2475 debug(33, 1) ("parseHttpRequest: Unsupported method '%s'\n", mstr);
c797472e 2476 xfree(inbuf);
99edd1c3 2477 return parseHttpRequestAbort(conn, "error:unsupported-request-method");
7a2f978b 2478 }
93f9abd0 2479 debug(33, 5) ("parseHttpRequest: Method is '%s'\n", mstr);
3775d53c 2480 *method_p = method;
7a2f978b 2481
d548ee64 2482 /* look for URL+HTTP/x.x */
c68e9c6b 2483 if ((url = strtok(NULL, "\n")) == NULL) {
93f9abd0 2484 debug(33, 1) ("parseHttpRequest: Missing URL\n");
c797472e 2485 xfree(inbuf);
99edd1c3 2486 return parseHttpRequestAbort(conn, "error:missing-url");
7a2f978b 2487 }
b6a2f15e 2488 while (xisspace(*url))
c68e9c6b 2489 url++;
d548ee64 2490 t = url + strlen(url);
2491 assert(*t == '\0');
2492 token = NULL;
2493 while (t > url) {
2494 t--;
b6a2f15e 2495 if (xisspace(*t) && !strncmp(t + 1, "HTTP/", 5)) {
d548ee64 2496 token = t + 1;
2497 break;
2498 }
2499 }
b6a2f15e 2500 while (t > url && xisspace(*t))
d548ee64 2501 *(t--) = '\0';
2502 debug(33, 5) ("parseHttpRequest: URI is '%s'\n", url);
2503 if (token == NULL) {
93f9abd0 2504 debug(33, 3) ("parseHttpRequest: Missing HTTP identifier\n");
46052490 2505#if RELAXED_HTTP_PARSER
bffee5af 2506 httpBuildVersion(&http_ver, 0, 9); /* wild guess */
46052490 2507#else
c797472e 2508 xfree(inbuf);
99edd1c3 2509 return parseHttpRequestAbort(conn, "error:missing-http-ident");
7518fce5 2510#endif
99edd1c3 2511 } else {
bffee5af 2512 if (sscanf(token + 5, "%d.%d", &http_ver.major, &http_ver.minor) != 2) {
2513 debug(33, 3) ("parseHttpRequest: Invalid HTTP identifier.\n");
c797472e 2514 xfree(inbuf);
bffee5af 2515 return parseHttpRequestAbort(conn, "error: invalid HTTP-ident");
2516 }
2517 debug(33, 6) ("parseHttpRequest: Client HTTP version %d.%d.\n", http_ver.major, http_ver.minor);
99edd1c3 2518 }
7a2f978b 2519
c68e9c6b 2520 /*
2521 * Process headers after request line
2522 */
2523 req_hdr = strtok(NULL, null_string);
2524 header_sz = req_sz - (req_hdr - inbuf);
2334c194 2525 if (0 == header_sz) {
1a92a1e2 2526 debug(33, 3) ("parseHttpRequest: header_sz == 0\n");
7a2f978b 2527 *status = 0;
c797472e 2528 xfree(inbuf);
7a2f978b 2529 return NULL;
2530 }
754b9ce9 2531 assert(header_sz > 0);
2532 debug(33, 3) ("parseHttpRequest: req_hdr = {%s}\n", req_hdr);
2334c194 2533 end = req_hdr + header_sz;
04990e2d 2534 debug(33, 3) ("parseHttpRequest: end = {%s}\n", end);
99edd1c3 2535
99edd1c3 2536 prefix_sz = end - inbuf;
2537 *req_line_sz_p = req_hdr - inbuf;
ea285003 2538 debug(33, 3) ("parseHttpRequest: prefix_sz = %d, req_line_sz = %d\n",
99edd1c3 2539 (int) prefix_sz, (int) *req_line_sz_p);
2540 assert(prefix_sz <= conn->in.offset);
7a2f978b 2541
2542 /* Ok, all headers are received */
72711e31 2543 http = cbdataAlloc(clientHttpRequest);
7a2f978b 2544 http->http_ver = http_ver;
2545 http->conn = conn;
2546 http->start = current_time;
99edd1c3 2547 http->req_sz = prefix_sz;
d192d11f 2548 http->range_iter.boundary = StringNull;
99edd1c3 2549 *prefix_p = xmalloc(prefix_sz + 1);
2550 xmemcpy(*prefix_p, conn->in.buf, prefix_sz);
2551 *(*prefix_p + prefix_sz) = '\0';
0f1bc304 2552 dlinkAdd(http, &http->active, &ClientActiveRequests);
7a2f978b 2553
ea285003 2554 debug(33, 5) ("parseHttpRequest: Request Header is\n%s\n", (*prefix_p) + *req_line_sz_p);
ba9ebd0a 2555#if THIS_VIOLATES_HTTP_SPECS_ON_URL_TRANSFORMATION
7a2f978b 2556 if ((t = strchr(url, '#'))) /* remove HTML anchors */
2557 *t = '\0';
ba9ebd0a 2558#endif
7a2f978b 2559
4162ee3b 2560 /* handle internal objects */
1da5651f 2561 if (internalCheck(url)) {
4162ee3b 2562 /* prepend our name & port */
1da5651f 2563 http->uri = xstrdup(internalLocalUri(NULL, url));
77ed547a 2564 http->flags.internal = 1;
c68e9c6b 2565 http->flags.accel = 1;
4162ee3b 2566 }
7a2f978b 2567 /* see if we running in Config2.Accel.on, if so got to convert it to URL */
4162ee3b 2568 else if (Config2.Accel.on && *url == '/') {
7a2f978b 2569 /* prepend the accel prefix */
dbfed404 2570 if (opt_accel_uses_host && (t = mime_get_header(req_hdr, "Host"))) {
40457767 2571 int vport;
42b51993 2572 char *q;
a2c963ae 2573 const char *protocol_name = "http";
40457767 2574 if (vport_mode)
2575 vport = (int) ntohs(http->conn->me.sin_port);
2576 else
2577 vport = (int) Config.Accel.port;
7a2f978b 2578 /* If a Host: header was specified, use it to build the URL
2579 * instead of the one in the Config file. */
2580 /*
2581 * XXX Use of the Host: header here opens a potential
2582 * security hole. There are no checks that the Host: value
2583 * corresponds to one of your servers. It might, for example,
2584 * refer to www.playboy.com. The 'dst' and/or 'dst_domain' ACL
2585 * types should be used to prevent httpd-accelerators
2586 * handling requests for non-local servers */
42b51993 2587 strtok(t, " /;@");
2588 if ((q = strchr(t, ':'))) {
2589 *q++ = '\0';
40457767 2590 if (vport_mode)
2591 vport = atoi(q);
42b51993 2592 }
12fc602c 2593 url_sz = strlen(url) + 32 + Config.appendDomainLen +
2594 strlen(t);
23d92c64 2595 http->uri = xcalloc(url_sz, 1);
1f7c9178 2596
2597#if SSL_FORWARDING_NOT_YET_DONE
2598 if (Config.Sockaddr.https->s.sin_port == http->conn->me.sin_port) {
2599 protocol_name = "https";
2600 vport = ntohs(http->conn->me.sin_port);
2601 }
2602#endif
2603 snprintf(http->uri, url_sz, "%s://%s:%d%s",
2604 protocol_name, t, vport, url);
dbfed404 2605 } else if (vhost_mode) {
42b51993 2606 int vport;
dbfed404 2607 /* Put the local socket IP address as the hostname */
2608 url_sz = strlen(url) + 32 + Config.appendDomainLen;
2609 http->uri = xcalloc(url_sz, 1);
42b51993 2610 if (vport_mode)
2611 vport = (int) ntohs(http->conn->me.sin_port);
2612 else
2613 vport = (int) Config.Accel.port;
5cafc1d6 2614#if IPF_TRANSPARENT
135171fe 2615 natLookup.nl_inport = http->conn->me.sin_port;
2616 natLookup.nl_outport = http->conn->peer.sin_port;
2617 natLookup.nl_inip = http->conn->me.sin_addr;
2618 natLookup.nl_outip = http->conn->peer.sin_addr;
2619 natLookup.nl_flags = IPN_TCP;
68108ec5 2620 if (natfd < 0) {
2621 int save_errno;
2622 enter_suid();
135171fe 2623 natfd = open(IPL_NAT, O_RDONLY, 0);
68108ec5 2624 save_errno = errno;
2625 leave_suid();
2626 errno = save_errno;
2627 }
135171fe 2628 if (natfd < 0) {
2629 debug(50, 1) ("parseHttpRequest: NAT open failed: %s\n",
2630 xstrerror());
c797472e 2631 dlinkDelete(&http->active, &ClientActiveRequests);
2632 xfree(http->uri);
2633 cbdataFree(http);
2634 xfree(inbuf);
ac18f51a 2635 return parseHttpRequestAbort(conn, "error:nat-open-failed");
5cafc1d6 2636 }
6efce75c 2637 /*
2638 * IP-Filter changed the type for SIOCGNATL between
2639 * 3.3 and 3.4. It also changed the cmd value for
2640 * SIOCGNATL, so at least we can detect it. We could
2641 * put something in configure and use ifdefs here, but
2642 * this seems simpler.
2643 */
2644 if (63 == siocgnatl_cmd) {
2645 struct natlookup *nlp = &natLookup;
2646 x = ioctl(natfd, SIOCGNATL, &nlp);
2647 } else {
2648 x = ioctl(natfd, SIOCGNATL, &natLookup);
2649 }
2650 if (x < 0) {
ac18f51a 2651 if (errno != ESRCH) {
2652 debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n");
2653 close(natfd);
2654 natfd = -1;
c797472e 2655 dlinkDelete(&http->active, &ClientActiveRequests);
2656 xfree(http->uri);
2657 cbdataFree(http);
2658 xfree(inbuf);
ac18f51a 2659 return parseHttpRequestAbort(conn, "error:nat-lookup-failed");
2660 } else
2661 snprintf(http->uri, url_sz, "http://%s:%d%s",
2662 inet_ntoa(http->conn->me.sin_addr),
42b51993 2663 vport, url);
52ee8bdd 2664 } else {
2665 if (vport_mode)
2666 vport = natLookup.nl_realport;
2667 snprintf(http->uri, url_sz, "http://%s:%d%s",
2668 inet_ntoa(natLookup.nl_realip),
2669 vport, url);
2670 }
5cafc1d6 2671#else
d852fbad 2672#if LINUX_NETFILTER
f0debecb 2673 /* If the call fails the address structure will be unchanged */
2674 getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
2675 debug(33, 5) ("parseHttpRequest: addr = %s", inet_ntoa(conn->me.sin_addr));
40457767 2676 if (vport_mode)
2677 vport = (int) ntohs(http->conn->me.sin_port);
d852fbad 2678#endif
dbfed404 2679 snprintf(http->uri, url_sz, "http://%s:%d%s",
2680 inet_ntoa(http->conn->me.sin_addr),
42b51993 2681 vport, url);
5cafc1d6 2682#endif
93f9abd0 2683 debug(33, 5) ("VHOST REWRITE: '%s'\n", http->uri);
7a2f978b 2684 } else {
2685 url_sz = strlen(Config2.Accel.prefix) + strlen(url) +
2686 Config.appendDomainLen + 1;
23d92c64 2687 http->uri = xcalloc(url_sz, 1);
2688 snprintf(http->uri, url_sz, "%s%s", Config2.Accel.prefix, url);
7a2f978b 2689 }
77ed547a 2690 http->flags.accel = 1;
7a2f978b 2691 } else {
2692 /* URL may be rewritten later, so make extra room */
2693 url_sz = strlen(url) + Config.appendDomainLen + 5;
23d92c64 2694 http->uri = xcalloc(url_sz, 1);
2695 strcpy(http->uri, url);
77ed547a 2696 http->flags.accel = 0;
7a2f978b 2697 }
7e3ce7b9 2698 if (!stringHasCntl(http->uri))
c68e9c6b 2699 http->log_uri = xstrndup(http->uri, MAX_URL);
d548ee64 2700 else
9bc73deb 2701 http->log_uri = xstrndup(rfc1738_escape_unescaped(http->uri), MAX_URL);
93f9abd0 2702 debug(33, 5) ("parseHttpRequest: Complete request received\n");
7a2f978b 2703 xfree(inbuf);
7a2f978b 2704 *status = 1;
2705 return http;
2706}
2707
2708static int
79d39a72 2709clientReadDefer(int fdnotused, void *data)
7a2f978b 2710{
2711 ConnStateData *conn = data;
94439e4e 2712 if (conn->body.size_left)
ec7c5e3e 2713 return conn->in.offset >= conn->in.size - 1;
94439e4e 2714 else
2715 return conn->defer.until > squid_curtime;
7a2f978b 2716}
2717
2718static void
2719clientReadRequest(int fd, void *data)
2720{
2721 ConnStateData *conn = data;
2722 int parser_return_code = 0;
7a2f978b 2723 request_t *request = NULL;
7a2f978b 2724 int size;
58cd5bbd 2725 void *p;
7a2f978b 2726 method_t method;
2727 clientHttpRequest *http = NULL;
2728 clientHttpRequest **H = NULL;
08e70b8f 2729 char *prefix = NULL;
7a2f978b 2730 ErrorState *err = NULL;
2731 fde *F = &fd_table[fd];
44db45e8 2732 int len = conn->in.size - conn->in.offset - 1;
93f9abd0 2733 debug(33, 4) ("clientReadRequest: FD %d: reading request...\n", fd);
ec7c5e3e 2734 commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, conn, 0);
28ee8ce5 2735 if (len == 0) {
2736 /* Grow the request memory area to accomodate for a large request */
2737 conn->in.size += CLIENT_REQ_BUF_SZ;
2738 if (conn->in.size == 2 * CLIENT_REQ_BUF_SZ) {
2739 p = conn->in.buf; /* get rid of fixed size Pooled buffer */
2740 conn->in.buf = xcalloc(2, CLIENT_REQ_BUF_SZ);
2741 xmemcpy(conn->in.buf, p, CLIENT_REQ_BUF_SZ);
2742 memFree(p, MEM_CLIENT_REQ_BUF);
2743 } else
2744 conn->in.buf = xrealloc(conn->in.buf, conn->in.size);
2745 /* XXX account conn->in.buf */
2746 debug(33, 2) ("growing request buffer: offset=%ld size=%ld\n",
6fbf8998 2747 (long) conn->in.offset, (long) conn->in.size);
28ee8ce5 2748 len = conn->in.size - conn->in.offset - 1;
2749 }
83704487 2750 statCounter.syscalls.sock.reads++;
1f7c9178 2751 size = FD_READ_METHOD(fd, conn->in.buf + conn->in.offset, len);
d8b83480 2752 if (size > 0) {
ea285003 2753 fd_bytes(fd, size, FD_READ);
83704487 2754 kb_incr(&statCounter.client_http.kbytes_in, size);
d8b83480 2755 }
44db45e8 2756 /*
2757 * Don't reset the timeout value here. The timeout value will be
2758 * set to Config.Timeout.request by httpAccept() and
2759 * clientWriteComplete(), and should apply to the request as a
2760 * whole, not individual read() calls. Plus, it breaks our
2761 * lame half-close detection
2762 */
94439e4e 2763 if (size > 0) {
2764 conn->in.offset += size;
2765 conn->in.buf[conn->in.offset] = '\0'; /* Terminate the string */
28ee8ce5 2766 } else if (size == 0) {
94439e4e 2767 if (conn->chr == NULL && conn->in.offset == 0) {
7a2f978b 2768 /* no current or pending requests */
94439e4e 2769 debug(33, 4) ("clientReadRequest: FD %d closed\n", fd);
7a2f978b 2770 comm_close(fd);
2771 return;
ea285003 2772 } else if (!Config.onoff.half_closed_clients) {
2773 /* admin doesn't want to support half-closed client sockets */
94439e4e 2774 debug(33, 3) ("clientReadRequest: FD %d aborted (half_closed_clients disabled)\n", fd);
ea285003 2775 comm_close(fd);
2776 return;
7a2f978b 2777 }
2778 /* It might be half-closed, we can't tell */
93f9abd0 2779 debug(33, 5) ("clientReadRequest: FD %d closed?\n", fd);
58a6c186 2780 F->flags.socket_eof = 1;
7a2f978b 2781 conn->defer.until = squid_curtime + 1;
2782 conn->defer.n++;
44db45e8 2783 fd_note(fd, "half-closed");
94439e4e 2784 /* There is one more close check at the end, to detect aborted
2785 * (partial) requests. At this point we can't tell if the request
2786 * is partial.
2787 */
2788 /* Continue to process previously read data */
7a2f978b 2789 } else if (size < 0) {
6d3caf23 2790 if (!ignoreErrno(errno)) {
7a2f978b 2791 debug(50, 2) ("clientReadRequest: FD %d: %s\n", fd, xstrerror());
2792 comm_close(fd);
ebf4efff 2793 return;
47130615 2794 } else if (conn->in.offset == 0) {
7c1d4010 2795 debug(50, 2) ("clientReadRequest: FD %d: no data to process (%s)\n", fd, xstrerror());
7a2f978b 2796 }
ebf4efff 2797 /* Continue to process previously read data */
7a2f978b 2798 }
94439e4e 2799 /* Process request body if any */
2800 if (conn->in.offset > 0 && conn->body.callback != NULL)
2801 clientProcessBody(conn);
2802 /* Process next request */
2803 while (conn->in.offset > 0 && conn->body.size_left == 0) {
ebf4efff 2804 int nrequests;
cff0c749 2805 size_t req_line_sz;
94439e4e 2806 /* Skip leading (and trailing) whitespace */
b6a2f15e 2807 while (conn->in.offset > 0 && xisspace(conn->in.buf[0])) {
9a6f98a5 2808 xmemmove(conn->in.buf, conn->in.buf + 1, conn->in.offset - 1);
2809 conn->in.offset--;
2810 }
2811 conn->in.buf[conn->in.offset] = '\0'; /* Terminate the string */
2812 if (conn->in.offset == 0)
2813 break;
ebf4efff 2814 /* Limit the number of concurrent requests to 2 */
2815 for (H = &conn->chr, nrequests = 0; *H; H = &(*H)->next, nrequests++);
3d15e2d7 2816 if (nrequests >= (Config.onoff.pipeline_prefetch ? 2 : 1)) {
badd8ff0 2817 debug(33, 3) ("clientReadRequest: FD %d max concurrent requests reached\n", fd);
93f9abd0 2818 debug(33, 5) ("clientReadRequest: FD %d defering new request until one is done\n", fd);
47130615 2819 conn->defer.until = squid_curtime + 100; /* Reset when a request is complete */
ebf4efff 2820 break;
2821 }
94439e4e 2822 conn->in.buf[conn->in.offset] = '\0'; /* Terminate the string */
2823 if (nrequests == 0)
2824 fd_note(conn->fd, "Reading next request");
ebf4efff 2825 /* Process request */
7a2f978b 2826 http = parseHttpRequest(conn,
2827 &method,
2828 &parser_return_code,
99edd1c3 2829 &prefix,
2830 &req_line_sz);
13f11a4a 2831 if (!http)
2832 safe_free(prefix);
7a2f978b 2833 if (http) {
2834 assert(http->req_sz > 0);
2835 conn->in.offset -= http->req_sz;
2836 assert(conn->in.offset >= 0);
ebb6e9a0 2837 debug(33, 5) ("conn->in.offset = %d\n", (int) conn->in.offset);
6fa92aa2 2838 /*
2839 * If we read past the end of this request, move the remaining
2840 * data to the beginning
2841 */
2842 if (conn->in.offset > 0)
dbfed404 2843 xmemmove(conn->in.buf, conn->in.buf + http->req_sz, conn->in.offset);
ebf4efff 2844 /* add to the client request queue */
7a2f978b 2845 for (H = &conn->chr; *H; H = &(*H)->next);
2846 *H = http;
2847 conn->nrequests++;
7ec87701 2848 /*
2849 * I wanted to lock 'http' here since its callback data for
2850 * clientLifetimeTimeout(), but there's no logical place to
2851 * cbdataUnlock if the timeout never happens. Maybe its safe
2852 * enough to assume that if the FD is open, and the timeout
2853 * triggers, that 'http' is valid.
2854 */
b5c39993 2855 commSetTimeout(fd, Config.Timeout.lifetime, clientLifetimeTimeout, http);
3775d53c 2856 if (parser_return_code < 0) {
93f9abd0 2857 debug(33, 1) ("clientReadRequest: FD %d Invalid Request\n", fd);
3775d53c 2858 err = errorCon(ERR_INVALID_REQ, HTTP_BAD_REQUEST);
2859 err->request_hdrs = xstrdup(conn->in.buf);
92695e5e 2860 http->entry = clientCreateStoreEntry(http, method, null_request_flags);
3775d53c 2861 errorAppendEntry(http->entry, err);
13f11a4a 2862 safe_free(prefix);
3775d53c 2863 break;
2864 }
23d92c64 2865 if ((request = urlParse(method, http->uri)) == NULL) {
93f9abd0 2866 debug(33, 5) ("Invalid URL: %s\n", http->uri);
7a2f978b 2867 err = errorCon(ERR_INVALID_URL, HTTP_BAD_REQUEST);
2868 err->src_addr = conn->peer.sin_addr;
23d92c64 2869 err->url = xstrdup(http->uri);
7a2f978b 2870 http->al.http.code = err->http_status;
92695e5e 2871 http->entry = clientCreateStoreEntry(http, method, null_request_flags);
79e0dc20 2872 errorAppendEntry(http->entry, err);
99edd1c3 2873 safe_free(prefix);
7a2f978b 2874 break;
99edd1c3 2875 } else {
2876 /* compile headers */
2877 /* we should skip request line! */
ea285003 2878 if (!httpRequestParseHeader(request, prefix + req_line_sz))
99edd1c3 2879 debug(33, 1) ("Failed to parse request headers: %s\n%s\n",
2880 http->uri, prefix);
2881 /* continue anyway? */
7a2f978b 2882 }
c68e9c6b 2883 request->flags.accelerated = http->flags.accel;
ba26bca4 2884 if (!http->flags.internal) {
2885 if (internalCheck(strBuf(request->urlpath))) {
1f38f50a 2886 if (internalHostnameIs(request->host) &&
7e3ce7b9 2887 request->port == ntohs(Config.Sockaddr.http->s.sin_port)) {
b6a2f15e 2888 http->flags.internal = 1;
ba26bca4 2889 } else if (internalStaticCheck(strBuf(request->urlpath))) {
c68e9c6b 2890 xstrncpy(request->host, internalHostname(), SQUIDHOSTNAMELEN);
7e3ce7b9 2891 request->port = ntohs(Config.Sockaddr.http->s.sin_port);
5999b776 2892 http->flags.internal = 1;
ba26bca4 2893 }
2894 }
2895 }
1f38f50a 2896 /*
2897 * cache the Content-length value in request_t.
2898 */
2899 request->content_length = httpHeaderGetInt(&request->header,
2900 HDR_CONTENT_LENGTH);
c68e9c6b 2901 request->flags.internal = http->flags.internal;
13f11a4a 2902 safe_free(prefix);
23d92c64 2903 safe_free(http->log_uri);
2904 http->log_uri = xstrdup(urlCanonicalClean(request));
7a2f978b 2905 request->client_addr = conn->peer.sin_addr;
3c11d1f5 2906 request->my_addr = conn->me.sin_addr;
7e3ce7b9 2907 request->my_port = ntohs(conn->me.sin_port);
7a2f978b 2908 request->http_ver = http->http_ver;
7a2f978b 2909 if (!urlCheckRequest(request)) {
2910 err = errorCon(ERR_UNSUP_REQ, HTTP_NOT_IMPLEMENTED);
2911 err->src_addr = conn->peer.sin_addr;
7a2f978b 2912 err->request = requestLink(request);
df4ba4bf 2913 request->flags.proxy_keepalive = 0;
7a2f978b 2914 http->al.http.code = err->http_status;
92695e5e 2915 http->entry = clientCreateStoreEntry(http, request->method, null_request_flags);
79e0dc20 2916 errorAppendEntry(http->entry, err);
3775d53c 2917 break;
7a2f978b 2918 }
94439e4e 2919 if (!clientCheckContentLength(request)) {
db93e79c 2920 err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED);
31be8b80 2921 err->src_addr = conn->peer.sin_addr;
2922 err->request = requestLink(request);
2923 http->al.http.code = err->http_status;
92695e5e 2924 http->entry = clientCreateStoreEntry(http, request->method, null_request_flags);
31be8b80 2925 errorAppendEntry(http->entry, err);
2926 break;
2927 }
7a2f978b 2928 http->request = requestLink(request);
c68e9c6b 2929 clientSetKeepaliveFlag(http);
94439e4e 2930 /* Do we expect a request-body? */
2931 if (request->content_length > 0) {
2932 conn->body.size_left = request->content_length;
2933 request->body_connection = conn;
2934 /* Is it too large? */
2935 if (clientRequestBodyTooLarge(request->content_length)) {
321e06a6 2936 err = errorCon(ERR_TOO_BIG, HTTP_REQUEST_ENTITY_TOO_LARGE);
0483b991 2937 err->request = requestLink(request);
2938 http->entry = clientCreateStoreEntry(http,
2939 METHOD_NONE, null_request_flags);
2940 errorAppendEntry(http->entry, err);
2941 break;
2942 }
7a2f978b 2943 }
2aecf121 2944 clientAccessCheck(http);
94439e4e 2945 continue; /* while offset > 0 && body.size_left == 0 */
7a2f978b 2946 } else if (parser_return_code == 0) {
2947 /*
2948 * Partial request received; reschedule until parseHttpRequest()
2949 * is happy with the input
2950 */
28ee8ce5 2951 if (conn->in.offset >= Config.maxRequestHeaderSize) {
2952 /* The request is too large to handle */
2953 debug(33, 1) ("Request header is too large (%d bytes)\n",
2954 (int) conn->in.offset);
32754419 2955 debug(33, 1) ("Config 'request_header_max_size'= %ld bytes.\n",
2956 (long int) Config.maxRequestHeaderSize);
28ee8ce5 2957 err = errorCon(ERR_TOO_BIG, HTTP_REQUEST_ENTITY_TOO_LARGE);
2958 http = parseHttpRequestAbort(conn, "error:request-too-large");
2959 /* add to the client request queue */
2960 for (H = &conn->chr; *H; H = &(*H)->next);
2961 *H = http;
2962 http->entry = clientCreateStoreEntry(http, METHOD_NONE, null_request_flags);
2963 errorAppendEntry(http->entry, err);
2964 return;
7a2f978b 2965 }
7a2f978b 2966 break;
7a2f978b 2967 }
94439e4e 2968 } /* while offset > 0 && conn->body.size_left == 0 */
2969 /* Check if a half-closed connection was aborted in the middle */
2970 if (F->flags.socket_eof) {
2971 if (conn->in.offset != conn->body.size_left) { /* != 0 when no request body */
2972 /* Partial request received. Abort client connection! */
28ee8ce5 2973 debug(33, 3) ("clientReadRequest: FD %d aborted, partial request\n", fd);
94439e4e 2974 comm_close(fd);
2975 return;
2976 }
2977 }
2978}
2979
2980/* file_read like function, for reading body content */
2981void
2982clientReadBody(request_t * request, char *buf, size_t size, CBCB * callback, void *cbdata)
2983{
2984 ConnStateData *conn = request->body_connection;
2985 if (!conn) {
2986 debug(33, 5) ("clientReadBody: no body to read, request=%p\n", request);
2987 callback(buf, 0, cbdata); /* Signal end of body */
2988 return;
7a2f978b 2989 }
84f2d773 2990 debug(33, 2) ("clientReadBody: start fd=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
94439e4e 2991 conn->body.callback = callback;
2992 conn->body.cbdata = cbdata;
2993 conn->body.buf = buf;
2994 conn->body.bufsize = size;
2995 conn->body.request = requestLink(request);
28ee8ce5 2996 clientProcessBody(conn);
94439e4e 2997}
2998
2999/* Called by clientReadRequest to process body content */
3000static void
3001clientProcessBody(ConnStateData * conn)
3002{
3003 int size;
3004 char *buf = conn->body.buf;
3005 void *cbdata = conn->body.cbdata;
3006 CBCB *callback = conn->body.callback;
3007 request_t *request = conn->body.request;
3008 /* Note: request is null while eating "aborted" transfers */
84f2d773 3009 debug(33, 2) ("clientProcessBody: start fd=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
28ee8ce5 3010 if (conn->in.offset) {
3011 /* Some sanity checks... */
3012 assert(conn->body.size_left > 0);
3013 assert(conn->in.offset > 0);
3014 assert(callback != NULL);
3015 assert(buf != NULL);
3016 /* How much do we have to process? */
3017 size = conn->in.offset;
3018 if (size > conn->body.size_left) /* only process the body part */
3019 size = conn->body.size_left;
3020 if (size > conn->body.bufsize) /* don't copy more than requested */
3021 size = conn->body.bufsize;
3022 xmemcpy(buf, conn->in.buf, size);
3023 conn->body.size_left -= size;
3024 /* Move any remaining data */
3025 conn->in.offset -= size;
3026 if (conn->in.offset > 0)
3027 xmemmove(conn->in.buf, conn->in.buf + size, conn->in.offset);
3028 /* Remove request link if this is the last part of the body, as
3029 * clientReadRequest automatically continues to process next request */
3030 if (conn->body.size_left <= 0 && request != NULL)
3031 request->body_connection = NULL;
3032 /* Remove clientReadBody arguments (the call is completed) */
3033 conn->body.request = NULL;
3034 conn->body.callback = NULL;
3035 conn->body.buf = NULL;
3036 conn->body.bufsize = 0;
3037 /* Remember that we have touched the body, not restartable */
3038 if (request != NULL)
3039 request->flags.body_sent = 1;
3040 /* Invoke callback function */
3041 callback(buf, size, cbdata);
3042 if (request != NULL)
3043 requestUnlink(request); /* Linked in clientReadBody */
84f2d773 3044 debug(33, 2) ("clientProcessBody: end fd=%d size=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, size, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
28ee8ce5 3045 }
94439e4e 3046}
3047
3048/* A dummy handler that throws away a request-body */
3049static char bodyAbortBuf[SQUID_TCP_SO_RCVBUF];
2d72d4fd 3050static void
94439e4e 3051clientReadBodyAbortHandler(char *buf, size_t size, void *data)
3052{
3053 ConnStateData *conn = (ConnStateData *) data;
84f2d773 3054 debug(33, 2) ("clientReadBodyAbortHandler: fd=%d body_size=%lu in.offset=%ld\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset);
94439e4e 3055 if (size != 0 && conn->body.size_left != 0) {
3056 debug(33, 3) ("clientReadBodyAbortHandler: fd=%d shedule next read\n", conn->fd);
3057 conn->body.callback = clientReadBodyAbortHandler;
3058 conn->body.buf = bodyAbortBuf;
3059 conn->body.bufsize = sizeof(bodyAbortBuf);
3060 conn->body.cbdata = data;
3061 }
3062}
3063
3064/* Abort a body request */
3065int
3066clientAbortBody(request_t * request)
3067{
3068 ConnStateData *conn = request->body_connection;
3069 char *buf;
3070 CBCB *callback;
3071 void *cbdata;
3072 request->body_connection = NULL;
3073 if (!conn || conn->body.size_left <= 0)
3074 return 0; /* No body to abort */
3075 if (conn->body.callback != NULL) {
3076 buf = conn->body.buf;
3077 callback = conn->body.callback;
3078 cbdata = conn->body.cbdata;
3079 assert(request == conn->body.request);
3080 conn->body.buf = NULL;
3081 conn->body.callback = NULL;
3082 conn->body.cbdata = NULL;
3083 conn->body.request = NULL;
3084 callback(buf, -1, cbdata); /* Signal abort to clientReadBody caller */
3085 requestUnlink(request);
3086 }
3087 clientReadBodyAbortHandler(NULL, -1, conn); /* Install abort handler */
3088 /* clientProcessBody() */
3089 return 1; /* Aborted */
7a2f978b 3090}
3091
3092/* general lifetime handler for HTTP requests */
3093static void
3094requestTimeout(int fd, void *data)
3095{
ad63ceea 3096#if THIS_CONFUSES_PERSISTENT_CONNECTION_AWARE_BROWSERS_AND_USERS
7a2f978b 3097 ConnStateData *conn = data;
3098 ErrorState *err;
badd8ff0 3099 debug(33, 3) ("requestTimeout: FD %d: lifetime is expired.\n", fd);
7a2f978b 3100 if (fd_table[fd].rwstate) {
79e0dc20 3101 /*
3102 * Some data has been sent to the client, just close the FD
3103 */
7a2f978b 3104 comm_close(fd);
3105 } else if (conn->nrequests) {
79e0dc20 3106 /*
3107 * assume its a persistent connection; just close it
3108 */
7a2f978b 3109 comm_close(fd);
3110 } else {
79e0dc20 3111 /*
3112 * Generate an error
3113 */
7a2f978b 3114 err = errorCon(ERR_LIFETIME_EXP, HTTP_REQUEST_TIMEOUT);
7a2f978b 3115 err->url = xstrdup("N/A");
79e0dc20 3116 /*
3117 * Normally we shouldn't call errorSend() in client_side.c, but
3118 * it should be okay in this case. Presumably if we get here
3119 * this is the first request for the connection, and no data
3120 * has been written yet
3121 */
3122 assert(conn->chr == NULL);
7a2f978b 3123 errorSend(fd, err);
79e0dc20 3124 /*
3125 * if we don't close() here, we still need a timeout handler!
3126 */
7a2f978b 3127 commSetTimeout(fd, 30, requestTimeout, conn);
7e3ce7b9 3128 /*
3129 * Aha, but we don't want a read handler!
3130 */
3131 commSetSelect(fd, COMM_SELECT_READ, NULL, NULL, 0);
7a2f978b 3132 }
af57a2e3 3133#else
3134 /*
3135 * Just close the connection to not confuse browsers
3136 * using persistent connections. Some browsers opens
3137 * an connection and then does not use it until much
3138 * later (presumeably because the request triggering
3139 * the open has already been completed on another
3140 * connection)
3141 */
ad63ceea 3142 debug(33, 3) ("requestTimeout: FD %d: lifetime is expired.\n", fd);
af57a2e3 3143 comm_close(fd);
3144#endif
7a2f978b 3145}
3146
b5c39993 3147static void
3148clientLifetimeTimeout(int fd, void *data)
3149{
3150 clientHttpRequest *http = data;
7ec87701 3151 ConnStateData *conn = http->conn;
b5c39993 3152 debug(33, 1) ("WARNING: Closing client %s connection due to lifetime timeout\n",
3153 inet_ntoa(conn->peer.sin_addr));
3154 debug(33, 1) ("\t%s\n", http->uri);
3155 comm_close(fd);
3156}
3157
ba4f8e5a 3158static int
d20b1cd0 3159httpAcceptDefer(int fdunused, void *dataunused)
7a2f978b 3160{
3d6629c6 3161 static time_t last_warn = 0;
3162 if (fdNFree() >= RESERVED_FD)
3163 return 0;
3164 if (last_warn + 15 < squid_curtime) {
3165 debug(33, 0) ("WARNING! Your cache is running out of filedescriptors\n");
3166 last_warn = squid_curtime;
3167 }
3168 return 1;
7a2f978b 3169}
3170
bf8e5903 3171/* Handle a new connection on HTTP socket. */
7a2f978b 3172void
ba4f8e5a 3173httpAccept(int sock, void *data)
7a2f978b 3174{
d193a436 3175 int *N = &incoming_sockets_accepted;
7a2f978b 3176 int fd = -1;
3177 ConnStateData *connState = NULL;
3178 struct sockaddr_in peer;
3179 struct sockaddr_in me;
309ad3b6 3180 int max = INCOMING_HTTP_MAX;
3898f57f 3181#if USE_IDENT
a40699cd 3182 static aclCheck_t identChecklist;
3898f57f 3183#endif
c411b98a 3184 commSetSelect(sock, COMM_SELECT_READ, httpAccept, NULL, 0);
d20b1cd0 3185 while (max-- && !httpAcceptDefer(sock, NULL)) {
e2525655 3186 memset(&peer, '\0', sizeof(struct sockaddr_in));
3187 memset(&me, '\0', sizeof(struct sockaddr_in));
e2525655 3188 if ((fd = comm_accept(sock, &peer, &me)) < 0) {
3189 if (!ignoreErrno(errno))
eeb423fb 3190 debug(50, 1) ("httpAccept: FD %d: accept failure: %s\n",
e2525655 3191 sock, xstrerror());
3192 break;
3193 }
3194 debug(33, 4) ("httpAccept: FD %d: accepted\n", fd);
72711e31 3195 connState = cbdataAlloc(ConnStateData);
e2525655 3196 connState->peer = peer;
3197 connState->log_addr = peer.sin_addr;
3198 connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
3199 connState->me = me;
3200 connState->fd = fd;
58cd5bbd 3201 connState->in.size = CLIENT_REQ_BUF_SZ;
3202 connState->in.buf = memAllocate(MEM_CLIENT_REQ_BUF);
e2525655 3203 /* XXX account connState->in.buf */
3204 comm_add_close_handler(fd, connStateFree, connState);
3205 if (Config.onoff.log_fqdn)
3206 fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS);
3207 commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState);
3898f57f 3208#if USE_IDENT
a40699cd 3209 identChecklist.src_addr = peer.sin_addr;
b6a2f15e 3210 identChecklist.my_addr = me.sin_addr;
7e3ce7b9 3211 identChecklist.my_port = ntohs(me.sin_port);
a40699cd 3212 if (aclCheckFast(Config.accessList.identLookup, &identChecklist))
05832ae1 3213 identStart(&me, &peer, clientIdentDone, connState);
3898f57f 3214#endif
e2525655 3215 commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, connState, 0);
3216 commSetDefer(fd, clientReadDefer, connState);
9bc73deb 3217 clientdbEstablished(peer.sin_addr, 1);
41292f79 3218 assert(N);
ba4f8e5a 3219 (*N)++;
7a2f978b 3220 }
7a2f978b 3221}
3222
1f7c9178 3223#if USE_SSL
3224
3225/* negotiate an SSL connection */
3226static void
3227clientNegotiateSSL(int fd, void *data)
3228{
3229 ConnStateData *conn = data;
3230 X509 *client_cert;
3231 int ret;
3232
3233 if ((ret = SSL_accept(fd_table[fd].ssl)) <= 0) {
3234 if (BIO_sock_should_retry(ret)) {
3235 commSetSelect(fd, COMM_SELECT_READ, clientNegotiateSSL, conn, 0);
3236 return;
3237 }
3238 ret = ERR_get_error();
a4a80ff0 3239 if (ret) {
3240 debug(81, 1) ("clientNegotiateSSL: Error negotiating SSL connection on FD %d: %s\n",
3241 fd, ERR_error_string(ret, NULL));
3242 }
1f7c9178 3243 comm_close(fd);
3244 return;
3245 }
3246 debug(81, 5) ("clientNegotiateSSL: FD %d negotiated cipher %s\n", fd,
3247 SSL_get_cipher(fd_table[fd].ssl));
3248
3249 client_cert = SSL_get_peer_certificate(fd_table[fd].ssl);
3250 if (client_cert != NULL) {
3251 debug(81, 5) ("clientNegotiateSSL: FD %d client certificate: subject: %s\n", fd,
3252 X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0));
3253
3254 debug(81, 5) ("clientNegotiateSSL: FD %d client certificate: issuer: %s\n", fd,
3255 X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0));
3256
3257 X509_free(client_cert);
3258 } else {
3259 debug(81, 5) ("clientNegotiateSSL: FD %d has no certificate.\n", fd);
3260 }
3261
3262 commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, conn, 0);
3263}
3264
d193a436 3265struct _https_port_data {
3266 SSL_CTX *sslContext;
3267};
3268typedef struct _https_port_data https_port_data;
3269CBDATA_TYPE(https_port_data);
3270
1f7c9178 3271/* handle a new HTTPS connection */
3272static void
3273httpsAccept(int sock, void *data)
3274{
d193a436 3275 int *N = &incoming_sockets_accepted;
3276 https_port_data *https_port = data;
3277 SSL_CTX *sslContext = https_port->sslContext;
1f7c9178 3278 int fd = -1;
3279 ConnStateData *connState = NULL;
3280 struct sockaddr_in peer;
3281 struct sockaddr_in me;
3282 int max = INCOMING_HTTP_MAX;
3283 SSL *ssl;
3284 int ssl_error;
3285#if USE_IDENT
3286 static aclCheck_t identChecklist;
3287#endif
d193a436 3288 commSetSelect(sock, COMM_SELECT_READ, httpsAccept, https_port, 0);
1f7c9178 3289 while (max-- && !httpAcceptDefer(sock, NULL)) {
3290 memset(&peer, '\0', sizeof(struct sockaddr_in));
3291 memset(&me, '\0', sizeof(struct sockaddr_in));
3292 if ((fd = comm_accept(sock, &peer, &me)) < 0) {
3293 if (!ignoreErrno(errno))
3294 debug(50, 1) ("httpsAccept: FD %d: accept failure: %s\n",
3295 sock, xstrerror());
3296 break;
3297 }
3298 if ((ssl = SSL_new(sslContext)) == NULL) {
3299 ssl_error = ERR_get_error();
3300 debug(81, 1) ("httpsAccept: Error allocating handle: %s\n",
3301 ERR_error_string(ssl_error, NULL));
3302 break;
3303 }
3304 SSL_set_fd(ssl, fd);
3305 fd_table[fd].ssl = ssl;
3306 fd_table[fd].read_method = &ssl_read_method;
3307 fd_table[fd].write_method = &ssl_write_method;
3308 debug(50, 5) ("httpsAccept: FD %d accepted, starting SSL negotiation.\n", fd);
3309
3310 connState = cbdataAlloc(ConnStateData);
3311 connState->peer = peer;
3312 connState->log_addr = peer.sin_addr;
3313 connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
3314 connState->me = me;
3315 connState->fd = fd;
3316 connState->in.size = CLIENT_REQ_BUF_SZ;
3317 connState->in.buf = memAllocate(MEM_CLIENT_REQ_BUF);
3318 /* XXX account connState->in.buf */
3319 comm_add_close_handler(fd, connStateFree, connState);
3320 if (Config.onoff.log_fqdn)
3321 fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS);
3322 commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState);
3323#if USE_IDENT
3324 identChecklist.src_addr = peer.sin_addr;
3325 identChecklist.my_addr = me.sin_addr;
3326 identChecklist.my_port = ntohs(me.sin_port);
3327 if (aclCheckFast(Config.accessList.identLookup, &identChecklist))
3328 identStart(&me, &peer, clientIdentDone, connState);
3329#endif
3330 commSetSelect(fd, COMM_SELECT_READ, clientNegotiateSSL, connState, 0);
3331 commSetDefer(fd, clientReadDefer, connState);
3332 clientdbEstablished(peer.sin_addr, 1);
3333 (*N)++;
3334 }
3335}
3336
3337#endif /* USE_SSL */
3338
978e455f 3339#define SENDING_BODY 0
3340#define SENDING_HDRSONLY 1
7a2f978b 3341static int
1b02b5be 3342clientCheckTransferDone(clientHttpRequest * http)
7a2f978b 3343{
978e455f 3344 int sending = SENDING_BODY;
7a2f978b 3345 StoreEntry *entry = http->entry;
978e455f 3346 MemObject *mem;
3347 http_reply *reply;
3348 int sendlen;
7a2f978b 3349 if (entry == NULL)
3350 return 0;
9f086470 3351 /*
3352 * For now, 'done_copying' is used for special cases like
3353 * Range and HEAD requests.
3354 */
3355 if (http->flags.done_copying)
3356 return 1;
978e455f 3357 /*
b7fe0ab0 3358 * Handle STORE_OK objects.
07304bf9 3359 * objectLen(entry) will be set proprely.
978e455f 3360 */
b7fe0ab0 3361 if (entry->store_status == STORE_OK) {
07304bf9 3362 if (http->out.offset >= objectLen(entry))
7a2f978b 3363 return 1;
513f05a6 3364 else
3365 return 0;
3366 }
978e455f 3367 /*
3368 * Now, handle STORE_PENDING objects
3369 */
3370 mem = entry->mem_obj;
3371 assert(mem != NULL);
3372 assert(http->request != NULL);
3373 reply = mem->reply;
3374 if (reply->hdr_sz == 0)
b34ed725 3375 return 0; /* haven't found end of headers yet */
cb69b4c7 3376 else if (reply->sline.status == HTTP_OK)
b34ed725 3377 sending = SENDING_BODY;
cb69b4c7 3378 else if (reply->sline.status == HTTP_NO_CONTENT)
b34ed725 3379 sending = SENDING_HDRSONLY;
cb69b4c7 3380 else if (reply->sline.status == HTTP_NOT_MODIFIED)
b34ed725 3381 sending = SENDING_HDRSONLY;
cb69b4c7 3382 else if (reply->sline.status < HTTP_OK)
a3c60429 3383 sending = SENDING_HDRSONLY;
978e455f 3384 else if (http->request->method == METHOD_HEAD)
b34ed725 3385 sending = SENDING_HDRSONLY;
978e455f 3386 else
3387 sending = SENDING_BODY;
3388 /*
3389 * Figure out how much data we are supposed to send.
3390 * If we are sending a body and we don't have a content-length,
b7fe0ab0 3391 * then we must wait for the object to become STORE_OK.
978e455f 3392 */
3393 if (sending == SENDING_HDRSONLY)
3394 sendlen = reply->hdr_sz;
038eb4ed 3395 else if (reply->content_length < 0)
978e455f 3396 return 0;
3397 else
038eb4ed 3398 sendlen = reply->content_length + reply->hdr_sz;
978e455f 3399 /*
3400 * Now that we have the expected length, did we send it all?
3401 */
3402 if (http->out.offset < sendlen)
3403 return 0;
3404 else
b34ed725 3405 return 1;
7a2f978b 3406}
3407
80980266 3408static int
3409clientGotNotEnough(clientHttpRequest * http)
3410{
efd900cb 3411 int cl = httpReplyBodySize(http->request->method, http->entry->mem_obj->reply);
80980266 3412 int hs = http->entry->mem_obj->reply->hdr_sz;
3413 assert(cl >= 0);
3414 if (http->out.offset < cl + hs)
3415 return 1;
3416 return 0;
3417}
3418
7a2f978b 3419/*
3420 * This function is designed to serve a fairly specific purpose.
3421 * Occasionally our vBNS-connected caches can talk to each other, but not
3422 * the rest of the world. Here we try to detect frequent failures which
3423 * make the cache unusable (e.g. DNS lookup and connect() failures). If
3424 * the failure:success ratio goes above 1.0 then we go into "hit only"
3425 * mode where we only return UDP_HIT or UDP_MISS_NOFETCH. Neighbors
3426 * will only fetch HITs from us if they are using the ICP protocol. We
3427 * stay in this mode for 5 minutes.
3428 *
3429 * Duane W., Sept 16, 1996
3430 */
3431
3432static void
88aad2e5 3433checkFailureRatio(err_type etype, hier_code hcode)
7a2f978b 3434{
88aad2e5 3435 static double magic_factor = 100.0;
7a2f978b 3436 double n_good;
3437 double n_bad;
3438 if (hcode == HIER_NONE)
3439 return;
88aad2e5 3440 n_good = magic_factor / (1.0 + request_failure_ratio);
7a2f978b 3441 n_bad = magic_factor - n_good;
88aad2e5 3442 switch (etype) {
7a2f978b 3443 case ERR_DNS_FAIL:
3444 case ERR_CONNECT_FAIL:
3445 case ERR_READ_ERROR:
3446 n_bad++;
3447 break;
3448 default:
3449 n_good++;
3450 }
88aad2e5 3451 request_failure_ratio = n_bad / n_good;
7a2f978b 3452 if (hit_only_mode_until > squid_curtime)
3453 return;
88aad2e5 3454 if (request_failure_ratio < 1.0)
7a2f978b 3455 return;
93f9abd0 3456 debug(33, 0) ("Failure Ratio at %4.2f\n", request_failure_ratio);
3457 debug(33, 0) ("Going into hit-only-mode for %d minutes...\n",
7a2f978b 3458 FAILURE_MODE_TIME / 60);
3459 hit_only_mode_until = squid_curtime + FAILURE_MODE_TIME;
88aad2e5 3460 request_failure_ratio = 0.8; /* reset to something less than 1.0 */
7a2f978b 3461}
15df8349 3462
d193a436 3463static void
15df8349 3464clientHttpConnectionsOpen(void)
3465{
7e3ce7b9 3466 sockaddr_in_list *s;
15df8349 3467 int fd;
7e3ce7b9 3468 for (s = Config.Sockaddr.http; s; s = s->next) {
42b51993 3469 if (MAXHTTPPORTS == NHttpSockets) {
3470 debug(1, 1) ("WARNING: You have too many 'http_port' lines.\n");
3471 debug(1, 1) (" The limit is %d\n", MAXHTTPPORTS);
3472 continue;
3473 }
8daca701 3474 enter_suid();
3475 fd = comm_open(SOCK_STREAM,
3476 0,
7e3ce7b9 3477 s->s.sin_addr,
3478 ntohs(s->s.sin_port),
8daca701 3479 COMM_NONBLOCKING,
3480 "HTTP Socket");
3481 leave_suid();
3482 if (fd < 0)
3483 continue;
3484 comm_listen(fd);
3485 commSetSelect(fd, COMM_SELECT_READ, httpAccept, NULL, 0);
d20b1cd0 3486 /*
3487 * We need to set a defer handler here so that we don't
3488 * peg the CPU with select() when we hit the FD limit.
3489 */
3490 commSetDefer(fd, httpAcceptDefer, NULL);
7e3ce7b9 3491 debug(1, 1) ("Accepting HTTP connections at %s, port %d, FD %d.\n",
3492 inet_ntoa(s->s.sin_addr),
3493 (int) ntohs(s->s.sin_port),
3494 fd);
8daca701 3495 HttpSockets[NHttpSockets++] = fd;
15df8349 3496 }
d193a436 3497}
3498
3499#if USE_SSL
3500static void
3501clientHttpsConnectionsOpen(void)
3502{
3503 https_port_list *s;
3504 https_port_data *https_port;
3505 int fd;
1f7c9178 3506 for (s = Config.Sockaddr.https; s; s = s->next) {
3507 enter_suid();
3508 fd = comm_open(SOCK_STREAM,
3509 0,
3510 s->s.sin_addr,
3511 ntohs(s->s.sin_port),
3512 COMM_NONBLOCKING,
3513 "HTTPS Socket");
3514 leave_suid();
3515 if (fd < 0)
3516 continue;
d193a436 3517 CBDATA_INIT_TYPE(https_port_data);
3518 https_port = cbdataAlloc(https_port_data);
79d4ccdf 3519 https_port->sslContext = sslCreateContext(s->cert, s->key, s->version, s->cipher, s->options);
1f7c9178 3520 comm_listen(fd);
d193a436 3521 commSetSelect(fd, COMM_SELECT_READ, httpsAccept, https_port, 0);
3522 commSetDefer(fd, httpAcceptDefer, NULL);
1f7c9178 3523 debug(1, 1) ("Accepting HTTPS connections at %s, port %d, FD %d.\n",
3524 inet_ntoa(s->s.sin_addr),
3525 (int) ntohs(s->s.sin_port),
3526 fd);
3527 HttpSockets[NHttpSockets++] = fd;
3528 }
d193a436 3529}
3530
3531#endif
3532
3533void
3534clientOpenListenSockets(void)
3535{
3536 clientHttpConnectionsOpen();
3537#if USE_SSL
3538 clientHttpsConnectionsOpen();
1f7c9178 3539#endif
15df8349 3540 if (NHttpSockets < 1)
8daca701 3541 fatal("Cannot open HTTP Port");
15df8349 3542}
c0fbae16 3543void
3544clientHttpConnectionsClose(void)
3545{
3546 int i;
3547 for (i = 0; i < NHttpSockets; i++) {
3548 if (HttpSockets[i] >= 0) {
3549 debug(1, 1) ("FD %d Closing HTTP connection\n", HttpSockets[i]);
3550 comm_close(HttpSockets[i]);
3551 HttpSockets[i] = -1;
3552 }
3553 }
3554 NHttpSockets = 0;
3555}
f66a9ef4 3556
3557int
3558varyEvaluateMatch(StoreEntry * entry, request_t * request)
3559{
3560 const char *vary = request->vary_headers;
3561 int has_vary = httpHeaderHas(&entry->mem_obj->reply->header, HDR_VARY);
3562#if X_ACCELERATOR_VARY
3563 has_vary |= httpHeaderHas(&entry->mem_obj->reply->header, HDR_X_ACCELERATOR_VARY);
3564#endif
3565 if (!has_vary || !entry->mem_obj->vary_headers) {
3566 if (vary) {
3567 /* Oops... something odd is going on here.. */
3568 debug(33, 1) ("varyEvaluateMatch: Oops. Not a Vary object on second attempt, '%s' '%s'\n",
3569 entry->mem_obj->url, vary);
3570 safe_free(request->vary_headers);
3571 return VARY_CANCEL;
3572 }
3573 if (!has_vary) {
3574 /* This is not a varying object */
3575 return VARY_NONE;
3576 }
3577 /* virtual "vary" object found. Calculate the vary key and
3578 * continue the search
3579 */
3580 vary = request->vary_headers = xstrdup(httpMakeVaryMark(request, entry->mem_obj->reply));
3581 if (vary)
3582 return VARY_OTHER;
3583 else {
3584 /* Ouch.. we cannot handle this kind of variance */
3585 /* XXX This cannot really happen, but just to be complete */
3586 return VARY_CANCEL;
3587 }
3588 } else {
3589 if (!vary)
3590 vary = request->vary_headers = xstrdup(httpMakeVaryMark(request, entry->mem_obj->reply));
3591 if (!vary) {
3592 /* Ouch.. we cannot handle this kind of variance */
3593 /* XXX This cannot really happen, but just to be complete */
3594 return VARY_CANCEL;
3595 } else if (strcmp(vary, entry->mem_obj->vary_headers) == 0) {
3596 return VARY_MATCH;
3597 } else {
3598 /* Oops.. we have already been here and still haven't
3599 * found the requested variant. Bail out
3600 */
3601 debug(33, 1) ("varyEvaluateMatch: Oops. Not a Vary match on second attempt, '%s' '%s'\n",
3602 entry->mem_obj->url, vary);
3603 return VARY_CANCEL;
3604 }
3605 }
3606}
Mirror of https://github.com/squid-cache/squid.git