]>
Commit | Line | Data |
---|---|---|
3c66d057 | 1 | |
dd11e0b7 | 2 | /* |
d4cb310b | 3 | * $Id: client_side.cc,v 1.604 2002/10/21 14:00:01 adrian Exp $ |
dd11e0b7 | 4 | * |
5 | * DEBUG: section 33 Client-side Routines | |
6 | * AUTHOR: Duane Wessels | |
7 | * | |
2b6662ba | 8 | * SQUID Web Proxy Cache http://www.squid-cache.org/ |
e25c139f | 9 | * ---------------------------------------------------------- |
dd11e0b7 | 10 | * |
2b6662ba | 11 | * Squid is the result of efforts by numerous individuals from |
12 | * the Internet community; see the CONTRIBUTORS file for full | |
13 | * details. Many organizations have provided support for Squid's | |
14 | * development; see the SPONSORS file for full details. Squid is | |
15 | * Copyrighted (C) 2001 by the Regents of the University of | |
16 | * California; see the COPYRIGHT file for full details. Squid | |
17 | * incorporates software developed and/or copyrighted by other | |
18 | * sources; see the CREDITS file for full details. | |
dd11e0b7 | 19 | * |
20 | * This program is free software; you can redistribute it and/or modify | |
21 | * it under the terms of the GNU General Public License as published by | |
22 | * the Free Software Foundation; either version 2 of the License, or | |
23 | * (at your option) any later version. | |
24 | * | |
25 | * This program is distributed in the hope that it will be useful, | |
26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
28 | * GNU General Public License for more details. | |
29 | * | |
30 | * You should have received a copy of the GNU General Public License | |
31 | * along with this program; if not, write to the Free Software | |
cbdec147 | 32 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. |
e25c139f | 33 | * |
dd11e0b7 | 34 | */ |
f88bb09c | 35 | |
edce4d98 | 36 | /* Errors and client side |
37 | * | |
38 | * Problem the first: the store entry is no longer authoritative on the | |
39 | * reply status. EBITTEST (E_ABORT) is no longer a valid test outside | |
40 | * of client_side_reply.c. | |
41 | * Problem the second: resources are wasted if we delay in cleaning up. | |
42 | * Problem the third we can't depend on a connection close to clean up. | |
43 | * | |
44 | * Nice thing the first: Any step in the stream can callback with data | |
45 | * representing an error. | |
46 | * Nice thing the second: once you stop requesting reads from upstream, | |
47 | * upstream can be stopped too. | |
48 | * | |
49 | * Solution #1: Error has a callback mechanism to hand over a membuf | |
50 | * with the error content. The failing node pushes that back as the | |
51 | * reply. Can this be generalised to reduce duplicate efforts? | |
52 | * A: Possibly. For now, only one location uses this. | |
53 | * How to deal with pre-stream errors? | |
54 | * Tell client_side_reply that we *want* an error page before any | |
55 | * stream calls occur. Then we simply read as normal. | |
56 | */ | |
57 | ||
f88bb09c | 58 | #include "squid.h" |
c8be6d7b | 59 | #include "clientStream.h" |
60 | #include "IPInterception.h" | |
e6ccf245 | 61 | #include "authenticate.h" |
62 | #include "Store.h" | |
c4b7a5a9 | 63 | #include "comm.h" |
e6ccf245 | 64 | |
5cafc1d6 | 65 | |
5492ad1d | 66 | #if LINGERING_CLOSE |
67 | #define comm_close comm_lingering_close | |
68 | #endif | |
69 | ||
7a2f978b | 70 | #define FAILURE_MODE_TIME 300 |
71 | ||
edce4d98 | 72 | /* Persistent connection logic: |
73 | * | |
74 | * requests (httpClientRequest structs) get added to the connection | |
75 | * list, with the current one being chr | |
76 | * | |
77 | * The request is *immediately* kicked off, and data flows through | |
78 | * to clientSocketRecipient. | |
79 | * | |
80 | * If the data that arrives at clientSocketRecipient is not for the current | |
81 | * request, clientSocketRecipient simply returns, without requesting more | |
82 | * data, or sending it. | |
83 | * | |
84 | * ClientKeepAliveNextRequest will then detect the presence of data in | |
85 | * the next clientHttpRequest, and will send it, restablishing the | |
86 | * data flow. | |
87 | */ | |
88 | ||
89 | /* our socket-related context */ | |
90 | typedef struct _clientSocketContext { | |
91 | clientHttpRequest *http; /* we own this */ | |
92 | char reqbuf[HTTP_REQBUF_SZ]; | |
93 | struct _clientSocketContext *next; | |
94 | struct { | |
95 | int deferred:1; /* This is a pipelined request waiting for the | |
96 | * current object to complete */ | |
c4b7a5a9 | 97 | int parsed_ok:1; /* Was this parsed correctly? */ |
98 | int mayUseConnection:1; /* This request may use the connection - | |
99 | * don't read anymore requests for now | |
100 | */ | |
edce4d98 | 101 | } flags; |
102 | struct { | |
103 | clientStreamNode *node; | |
104 | HttpReply *rep; | |
c8be6d7b | 105 | StoreIOBuffer queuedBuffer; |
edce4d98 | 106 | } deferredparams; |
c8be6d7b | 107 | off_t writtenToSocket; |
edce4d98 | 108 | } clientSocketContext; |
109 | ||
110 | CBDATA_TYPE(clientSocketContext); | |
7a2f978b | 111 | |
edce4d98 | 112 | /* Local functions */ |
113 | /* clientSocketContext */ | |
114 | static FREE clientSocketContextFree; | |
115 | static clientSocketContext *clientSocketContextNew(clientHttpRequest *); | |
116 | /* other */ | |
fc5d6f7f | 117 | static CWCB clientWriteComplete; |
f4f278b5 | 118 | static CWCB clientWriteBodyComplete; |
c4b7a5a9 | 119 | static IOCB clientReadRequest; |
7a2f978b | 120 | static PF connStateFree; |
121 | static PF requestTimeout; | |
b5c39993 | 122 | static PF clientLifetimeTimeout; |
88aad2e5 | 123 | static void checkFailureRatio(err_type, hier_code); |
edce4d98 | 124 | static clientSocketContext *parseHttpRequestAbort(ConnStateData * conn, |
125 | const char *uri); | |
c4b7a5a9 | 126 | static clientSocketContext *parseHttpRequest(ConnStateData *, method_t *, |
edce4d98 | 127 | char **, size_t *); |
3898f57f | 128 | #if USE_IDENT |
05832ae1 | 129 | static IDCB clientIdentDone; |
3898f57f | 130 | #endif |
edce4d98 | 131 | static CSCB clientSocketRecipient; |
132 | static CSD clientSocketDetach; | |
c68e9c6b | 133 | static void clientSetKeepaliveFlag(clientHttpRequest *); |
c8be6d7b | 134 | static int clientIsContentLengthValid(request_t * r); |
d20b1cd0 | 135 | static DEFER httpAcceptDefer; |
c8be6d7b | 136 | static int clientIsRequestBodyValid(int bodyLength); |
e6ccf245 | 137 | static int clientIsRequestBodyTooLargeForPolicy(size_t bodyLength); |
94439e4e | 138 | static void clientProcessBody(ConnStateData * conn); |
c8be6d7b | 139 | static clientStreamNode *getTail(clientSocketContext *); |
140 | static void clientSocketRemoveThisFromConnectionList(clientSocketContext *, | |
141 | ConnStateData *); | |
142 | static void clientUpdateStatHistCounters(log_type logType, int svc_time); | |
143 | static void clientUpdateStatCounters(log_type logType); | |
144 | static void clientUpdateHierCounters(HierarchyLogEntry *); | |
145 | static int clientPingHasFinished(ping_data const *aPing); | |
146 | static MemObject *clientGetMemObject(clientHttpRequest * http); | |
147 | static void clientPrepareLogWithRequestDetails(request_t *, AccessLogEntry *); | |
148 | static void clientLogRequest(clientHttpRequest *); | |
149 | static void httpRequestFreeResources(clientHttpRequest *); | |
c8be6d7b | 150 | static int connIsUsable(ConnStateData * conn); |
151 | static clientSocketContext *connGetCurrentContext(ConnStateData * conn); | |
152 | static void contextDeferRecipientForLater(clientSocketContext * context, clientStreamNode * node, HttpReply * rep, StoreIOBuffer recievedData); | |
153 | static int responseFinishedOrFailed(HttpReply * rep, StoreIOBuffer recievedData); | |
154 | static int contextStartOfOutput(clientSocketContext * context); | |
155 | static void contextSendBody(clientSocketContext * context, HttpReply * rep, StoreIOBuffer bodyData); | |
156 | static void contextSendStartOfMessage(clientSocketContext * context, HttpReply * rep, StoreIOBuffer bodyData); | |
157 | static void connReadNextRequest(ConnStateData * conn); | |
158 | static void clientSocketContextPushDeferredIfNeeded(clientSocketContext * deferredRequest, ConnStateData * conn); | |
159 | static void clientUpdateSocketStats(log_type logType, size_t size); | |
160 | ||
161 | static clientSocketContext *clientCheckRequestLineIsParseable(char *inbuf, size_t req_sz, ConnStateData * conn); | |
162 | static clientSocketContext *clientParseRequestMethod(char *inbuf, method_t * method_p, ConnStateData * conn); | |
163 | static char *skipLeadingSpace(char *aString); | |
164 | static char *findTrailingHTTPVersion(char *uriAndHTTPVersion); | |
165 | static void trimTrailingSpaces(char *aString, size_t len); | |
166 | static clientSocketContext *parseURIandHTTPVersion(char **url_p, http_version_t * http_ver_p, ConnStateData * conn); | |
c4b7a5a9 | 167 | static void setLogUri(clientHttpRequest * http, char const *uri); |
c8be6d7b | 168 | static void prepareInternalUrl(clientHttpRequest * http, char *url); |
169 | static void prepareForwardProxyUrl(clientHttpRequest * http, char *url); | |
170 | static void prepareAcceleratedUrl(clientHttpRequest * http, char *url, char *req_hdr); | |
171 | static int connGetAvailableBufferLength(ConnStateData const *conn); | |
172 | static void connMakeSpaceAvailable(ConnStateData * conn); | |
173 | static void connAddContextToQueue(ConnStateData * conn, clientSocketContext * context); | |
174 | static int connGetConcurrentRequestCount(ConnStateData * conn); | |
c4b7a5a9 | 175 | static int connReadWasError(ConnStateData * conn, comm_err_t, int size); |
c8be6d7b | 176 | static int connFinishedWithConn(ConnStateData * conn, int size); |
e6ccf245 | 177 | static void connNoteUseOfBuffer(ConnStateData * conn, size_t byteCount); |
c8be6d7b | 178 | static int connKeepReadingIncompleteRequest(ConnStateData * conn); |
179 | static void connCancelIncompleteRequests(ConnStateData * conn); | |
c4b7a5a9 | 180 | static ConnStateData *connStateCreate(struct sockaddr_in *peer, struct sockaddr_in *me, int fd); |
0e3be1ea | 181 | static clientStreamNode *getClientReplyContext(clientSocketContext * context); |
bded68d8 | 182 | static int connAreAllContextsForThisConnection(ConnStateData * connState); |
183 | static void connFreeAllContexts(ConnStateData * connState); | |
184 | static void clientPullData(clientSocketContext * context); | |
c8be6d7b | 185 | |
186 | clientStreamNode * | |
187 | getTail(clientSocketContext * context) | |
188 | { | |
e6ccf245 | 189 | return (clientStreamNode *)context->http->client_stream.tail->data; |
c8be6d7b | 190 | } |
191 | ||
192 | clientStreamNode * | |
193 | getClientReplyContext(clientSocketContext * context) | |
194 | { | |
e6ccf245 | 195 | return (clientStreamNode *)context->http->client_stream.tail->prev->data; |
c8be6d7b | 196 | } |
197 | ||
c4b7a5a9 | 198 | /* |
199 | * This routine should be called to grow the inbuf and then | |
200 | * call comm_read(). | |
201 | */ | |
202 | void | |
203 | clientReadSomeData(ConnStateData *conn) | |
204 | { | |
205 | size_t len; | |
206 | ||
207 | debug(33, 4) ("clientReadSomeData: FD %d: reading request...\n", conn->fd); | |
208 | ||
209 | connMakeSpaceAvailable(conn); | |
210 | len = connGetAvailableBufferLength(conn) - 1; | |
211 | ||
212 | comm_read(conn->fd, conn->in.buf + conn->in.notYetUsed, len, clientReadRequest, conn); | |
213 | } | |
214 | ||
215 | ||
c8be6d7b | 216 | void |
217 | clientSocketRemoveThisFromConnectionList(clientSocketContext * context, | |
218 | ConnStateData * conn) | |
219 | { | |
220 | clientSocketContext **tempContextPointer; | |
221 | assert(conn); | |
222 | assert(connGetCurrentContext(conn) != NULL); | |
223 | /* Unlink us from the connection request list */ | |
224 | tempContextPointer = (clientSocketContext **) & conn->currentobject; | |
225 | while (*tempContextPointer) { | |
226 | if (*tempContextPointer == context) | |
227 | break; | |
228 | tempContextPointer = &(*tempContextPointer)->next; | |
229 | } | |
230 | assert(*tempContextPointer != NULL); | |
231 | *tempContextPointer = context->next; | |
232 | context->next = NULL; | |
233 | } | |
ea6f43cd | 234 | |
b8d8561b | 235 | void |
edce4d98 | 236 | clientSocketContextFree(void *data) |
f88bb09c | 237 | { |
e6ccf245 | 238 | clientSocketContext *context = (clientSocketContext *)data; |
edce4d98 | 239 | ConnStateData *conn = context->http->conn; |
c8be6d7b | 240 | clientStreamNode *node = getTail(context); |
edce4d98 | 241 | /* We are *always* the tail - prevent recursive free */ |
242 | assert(context == node->data); | |
243 | node->data = NULL; | |
244 | httpRequestFree(context->http); | |
245 | /* clean up connection links to us */ | |
246 | assert(context != context->next); | |
c8be6d7b | 247 | if (conn) |
248 | clientSocketRemoveThisFromConnectionList(context, conn); | |
f88bb09c | 249 | } |
250 | ||
edce4d98 | 251 | clientSocketContext * |
252 | clientSocketContextNew(clientHttpRequest * http) | |
f88bb09c | 253 | { |
c8be6d7b | 254 | clientSocketContext *newContext; |
edce4d98 | 255 | assert(http != NULL); |
256 | CBDATA_INIT_TYPE_FREECB(clientSocketContext, clientSocketContextFree); | |
c8be6d7b | 257 | newContext = cbdataAlloc(clientSocketContext); |
258 | newContext->http = http; | |
259 | return newContext; | |
4d55827a | 260 | } |
261 | ||
edce4d98 | 262 | #if USE_IDENT |
4d55827a | 263 | static void |
edce4d98 | 264 | clientIdentDone(const char *ident, void *data) |
4d55827a | 265 | { |
edce4d98 | 266 | ConnStateData *conn = data; |
267 | xstrncpy(conn->rfc931, ident ? ident : dash_str, USER_IDENT_SZ); | |
e81957b7 | 268 | } |
269 | ||
447e176b | 270 | #endif |
7a2f978b | 271 | |
c8be6d7b | 272 | void |
273 | clientUpdateStatCounters(log_type logType) | |
a7c05555 | 274 | { |
83704487 | 275 | statCounter.client_http.requests++; |
c8be6d7b | 276 | if (logTypeIsATcpHit(logType)) |
83704487 | 277 | statCounter.client_http.hits++; |
c8be6d7b | 278 | if (logType == LOG_TCP_HIT) |
83704487 | 279 | statCounter.client_http.disk_hits++; |
c8be6d7b | 280 | else if (logType == LOG_TCP_MEM_HIT) |
83704487 | 281 | statCounter.client_http.mem_hits++; |
c8be6d7b | 282 | } |
283 | ||
284 | void | |
285 | clientUpdateStatHistCounters(log_type logType, int svc_time) | |
286 | { | |
83704487 | 287 | statHistCount(&statCounter.client_http.all_svc_time, svc_time); |
ee1679df | 288 | /* |
289 | * The idea here is not to be complete, but to get service times | |
290 | * for only well-defined types. For example, we don't include | |
291 | * LOG_TCP_REFRESH_FAIL_HIT because its not really a cache hit | |
292 | * (we *tried* to validate it, but failed). | |
293 | */ | |
c8be6d7b | 294 | switch (logType) { |
7c9c84ad | 295 | case LOG_TCP_REFRESH_HIT: |
83704487 | 296 | statHistCount(&statCounter.client_http.nh_svc_time, svc_time); |
7c9c84ad | 297 | break; |
ee1679df | 298 | case LOG_TCP_IMS_HIT: |
83704487 | 299 | statHistCount(&statCounter.client_http.nm_svc_time, svc_time); |
ee1679df | 300 | break; |
301 | case LOG_TCP_HIT: | |
302 | case LOG_TCP_MEM_HIT: | |
b540e168 | 303 | case LOG_TCP_OFFLINE_HIT: |
83704487 | 304 | statHistCount(&statCounter.client_http.hit_svc_time, svc_time); |
ee1679df | 305 | break; |
306 | case LOG_TCP_MISS: | |
307 | case LOG_TCP_CLIENT_REFRESH_MISS: | |
83704487 | 308 | statHistCount(&statCounter.client_http.miss_svc_time, svc_time); |
ee1679df | 309 | break; |
310 | default: | |
311 | /* make compiler warnings go away */ | |
312 | break; | |
313 | } | |
c8be6d7b | 314 | } |
315 | ||
316 | int | |
317 | clientPingHasFinished(ping_data const *aPing) | |
318 | { | |
319 | if (0 != aPing->stop.tv_sec && 0 != aPing->start.tv_sec) | |
320 | return -1; | |
321 | return 0; | |
322 | } | |
323 | ||
324 | void | |
325 | clientUpdateHierCounters(HierarchyLogEntry * someEntry) | |
326 | { | |
327 | ping_data *i; | |
328 | switch (someEntry->alg) { | |
69c95dd3 | 329 | case PEER_SA_DIGEST: |
83704487 | 330 | statCounter.cd.times_used++; |
69c95dd3 | 331 | break; |
332 | case PEER_SA_ICP: | |
83704487 | 333 | statCounter.icp.times_used++; |
c8be6d7b | 334 | i = &someEntry->ping; |
335 | if (clientPingHasFinished(i)) | |
83704487 | 336 | statHistCount(&statCounter.icp.query_svc_time, |
69c95dd3 | 337 | tvSubUsec(i->start, i->stop)); |
338 | if (i->timeout) | |
83704487 | 339 | statCounter.icp.query_timeouts++; |
69c95dd3 | 340 | break; |
341 | case PEER_SA_NETDB: | |
83704487 | 342 | statCounter.netdb.times_used++; |
69c95dd3 | 343 | break; |
344 | default: | |
345 | break; | |
17b6e784 | 346 | } |
a7c05555 | 347 | } |
348 | ||
c8be6d7b | 349 | static void |
350 | clientUpdateCounters(clientHttpRequest * http) | |
351 | { | |
352 | clientUpdateStatCounters(http->logType); | |
353 | if (http->request->errType != ERR_NONE) | |
354 | statCounter.client_http.errors++; | |
355 | clientUpdateStatHistCounters(http->logType, | |
356 | tvSubMsec(http->start, current_time)); | |
357 | clientUpdateHierCounters(&http->request->hier); | |
358 | } | |
359 | ||
360 | MemObject * | |
361 | clientGetMemObject(clientHttpRequest * http) | |
362 | { | |
363 | if (http->entry) | |
364 | return http->entry->mem_obj; | |
365 | return NULL; | |
366 | } | |
367 | ||
edce4d98 | 368 | void |
c8be6d7b | 369 | clientPrepareLogWithRequestDetails(request_t * request, AccessLogEntry * aLogEntry) |
7a2f978b | 370 | { |
c8be6d7b | 371 | Packer p; |
372 | MemBuf mb; | |
373 | assert(request); | |
374 | assert(aLogEntry); | |
375 | memBufDefInit(&mb); | |
376 | packerToMemInit(&p, &mb); | |
377 | httpHeaderPackInto(&request->header, &p); | |
378 | aLogEntry->http.method = request->method; | |
379 | aLogEntry->http.version = request->http_ver; | |
380 | aLogEntry->headers.request = xstrdup(mb.buf); | |
381 | aLogEntry->hier = request->hier; | |
382 | if (request->auth_user_request) { | |
383 | aLogEntry->cache.authuser = | |
384 | xstrdup(authenticateUserRequestUsername(request-> | |
385 | auth_user_request)); | |
386 | authenticateAuthUserRequestUnlock(request->auth_user_request); | |
387 | request->auth_user_request = NULL; | |
7a2f978b | 388 | } |
c8be6d7b | 389 | packerClean(&p); |
390 | memBufClean(&mb); | |
391 | } | |
392 | ||
393 | void | |
394 | clientLogRequest(clientHttpRequest * http) | |
395 | { | |
29b8d8d6 | 396 | if (http->out.size || http->logType) { |
728da2ee | 397 | http->al.icp.opcode = ICP_INVALID; |
ef65d6ca | 398 | http->al.url = http->log_uri; |
c8be6d7b | 399 | debug(33, 9) ("clientLogRequest: al.url='%s'\n", http->al.url); |
400 | if (clientGetMemObject(http)) { | |
401 | http->al.http.code = clientGetMemObject(http)->reply->sline.status; | |
402 | http->al.http.content_type = strBuf(clientGetMemObject(http)->reply->content_type); | |
7a2f978b | 403 | } |
c8be6d7b | 404 | http->al.cache.caddr = http->conn ? http->conn->log_addr : no_addr; |
7a2f978b | 405 | http->al.cache.size = http->out.size; |
29b8d8d6 | 406 | http->al.cache.code = http->logType; |
7a2f978b | 407 | http->al.cache.msec = tvSubMsec(http->start, current_time); |
c8be6d7b | 408 | if (http->request) |
409 | clientPrepareLogWithRequestDetails(http->request, &http->al); | |
410 | if (http->conn && http->conn->rfc931[0]) | |
411 | http->al.cache.rfc931 = http->conn->rfc931; | |
7a2f978b | 412 | accessLogLog(&http->al); |
a7c05555 | 413 | clientUpdateCounters(http); |
c8be6d7b | 414 | if (http->conn) |
415 | clientdbUpdate(http->conn->peer.sin_addr, http->logType, PROTO_HTTP, | |
edce4d98 | 416 | http->out.size); |
7a2f978b | 417 | } |
c8be6d7b | 418 | } |
419 | ||
420 | void | |
421 | httpRequestFreeResources(clientHttpRequest * http) | |
422 | { | |
23d92c64 | 423 | safe_free(http->uri); |
424 | safe_free(http->log_uri); | |
6d38ef86 | 425 | safe_free(http->redirect.location); |
7a2f978b | 426 | requestUnlink(http->request); |
c8be6d7b | 427 | http->request = NULL; |
edce4d98 | 428 | if (http->client_stream.tail) |
e6ccf245 | 429 | clientStreamAbort((clientStreamNode *)http->client_stream.tail->data, http); |
c8be6d7b | 430 | } |
431 | ||
432 | void | |
433 | httpRequestFree(void *data) | |
434 | { | |
e6ccf245 | 435 | clientHttpRequest *http = (clientHttpRequest *)data; |
c8be6d7b | 436 | request_t *request = NULL; |
437 | assert(http != NULL); | |
438 | request = http->request; | |
439 | debug(33, 3) ("httpRequestFree: %s\n", http->uri); | |
0e3be1ea | 440 | /* if body_connection !NULL, then ProcessBody has not |
441 | * found the end of the body yet | |
442 | */ | |
443 | if (request && request->body_connection) | |
444 | clientAbortBody(request); /* abort body transter */ | |
445 | /* the ICP check here was erroneous | |
446 | * - storeReleaseRequest was always called if entry was valid | |
447 | */ | |
c8be6d7b | 448 | assert(http->logType < LOG_TYPE_MAX); |
449 | clientLogRequest(http); | |
450 | if (request) | |
451 | checkFailureRatio(request->errType, http->al.hier.code); | |
452 | httpRequestFreeResources(http); | |
edce4d98 | 453 | /* moving to the next connection is handled by the context free */ |
0f1bc304 | 454 | dlinkDelete(&http->active, &ClientActiveRequests); |
7a2f978b | 455 | cbdataFree(http); |
456 | } | |
457 | ||
c8be6d7b | 458 | int |
459 | connAreAllContextsForThisConnection(ConnStateData * connState) | |
460 | { | |
461 | clientSocketContext *context; | |
462 | assert(connState != NULL); | |
463 | context = connGetCurrentContext(connState); | |
464 | while (context) { | |
465 | if (context->http->conn != connState) | |
466 | return 0; | |
467 | context = context->next; | |
468 | } | |
469 | return -1; | |
470 | } | |
471 | ||
472 | void | |
473 | connFreeAllContexts(ConnStateData * connState) | |
474 | { | |
475 | clientSocketContext *context; | |
476 | while ((context = connGetCurrentContext(connState)) != NULL) { | |
477 | assert(connGetCurrentContext(connState) != | |
478 | connGetCurrentContext(connState)->next); | |
479 | cbdataFree(context); | |
480 | } | |
481 | } | |
482 | ||
7a2f978b | 483 | /* This is a handler normally called by comm_close() */ |
484 | static void | |
485 | connStateFree(int fd, void *data) | |
486 | { | |
e6ccf245 | 487 | ConnStateData *connState = (ConnStateData *)data; |
93f9abd0 | 488 | debug(33, 3) ("connStateFree: FD %d\n", fd); |
7a2f978b | 489 | assert(connState != NULL); |
9bc73deb | 490 | clientdbEstablished(connState->peer.sin_addr, -1); /* decrement */ |
c8be6d7b | 491 | assert(connAreAllContextsForThisConnection(connState)); |
492 | connFreeAllContexts(connState); | |
5d146f7d | 493 | if (connState->auth_user_request) |
494 | authenticateAuthUserRequestUnlock(connState->auth_user_request); | |
495 | connState->auth_user_request = NULL; | |
496 | authenticateOnCloseConnection(connState); | |
c8be6d7b | 497 | memFreeBuf(connState->in.allocatedSize, connState->in.buf); |
7a2f978b | 498 | pconnHistCount(0, connState->nrequests); |
499 | cbdataFree(connState); | |
500 | } | |
501 | ||
c68e9c6b | 502 | /* |
503 | * clientSetKeepaliveFlag() sets request->flags.proxy_keepalive. | |
504 | * This is the client-side persistent connection flag. We need | |
505 | * to set this relatively early in the request processing | |
506 | * to handle hacks for broken servers and clients. | |
507 | */ | |
508 | static void | |
509 | clientSetKeepaliveFlag(clientHttpRequest * http) | |
510 | { | |
511 | request_t *request = http->request; | |
512 | const HttpHeader *req_hdr = &request->header; | |
f6329bc3 | 513 | |
ccf44862 | 514 | debug(33, 3) ("clientSetKeepaliveFlag: http_ver = %d.%d\n", |
515 | request->http_ver.major, request->http_ver.minor); | |
c68e9c6b | 516 | debug(33, 3) ("clientSetKeepaliveFlag: method = %s\n", |
517 | RequestMethodStr[request->method]); | |
efd900cb | 518 | if (!Config.onoff.client_pconns) |
519 | request->flags.proxy_keepalive = 0; | |
f6329bc3 | 520 | else { |
521 | http_version_t http_ver; | |
edce4d98 | 522 | httpBuildVersion(&http_ver, 1, 0); |
523 | /* we are HTTP/1.0, no matter what the client requests... */ | |
f6329bc3 | 524 | if (httpMsgIsPersistent(http_ver, req_hdr)) |
525 | request->flags.proxy_keepalive = 1; | |
526 | } | |
c68e9c6b | 527 | } |
528 | ||
31be8b80 | 529 | static int |
c8be6d7b | 530 | clientIsContentLengthValid(request_t * r) |
31be8b80 | 531 | { |
ffc128c4 | 532 | switch (r->method) { |
533 | case METHOD_PUT: | |
534 | case METHOD_POST: | |
535 | /* PUT/POST requires a request entity */ | |
2a6b906c | 536 | return (r->content_length >= 0); |
ffc128c4 | 537 | case METHOD_GET: |
538 | case METHOD_HEAD: | |
539 | /* We do not want to see a request entity on GET/HEAD requests */ | |
2a6b906c | 540 | return (r->content_length <= 0); |
ffc128c4 | 541 | default: |
542 | /* For other types of requests we don't care */ | |
0cdcddb9 | 543 | return 1; |
ffc128c4 | 544 | } |
545 | /* NOT REACHED */ | |
31be8b80 | 546 | } |
547 | ||
cf50a0af | 548 | int |
c8be6d7b | 549 | clientIsRequestBodyValid(int bodyLength) |
7a2f978b | 550 | { |
c8be6d7b | 551 | if (bodyLength >= 0) |
b540e168 | 552 | return 1; |
7a2f978b | 553 | return 0; |
554 | } | |
555 | ||
c8be6d7b | 556 | int |
e6ccf245 | 557 | clientIsRequestBodyTooLargeForPolicy(size_t bodyLength) |
efd900cb | 558 | { |
c8be6d7b | 559 | if (Config.maxRequestBodySize && |
560 | bodyLength > Config.maxRequestBodySize) | |
efd900cb | 561 | return 1; /* too large */ |
562 | return 0; | |
563 | } | |
564 | ||
c8be6d7b | 565 | int |
566 | connIsUsable(ConnStateData * conn) | |
567 | { | |
568 | if (!conn || conn->fd == -1) | |
569 | return 0; | |
570 | return 1; | |
571 | } | |
572 | ||
573 | clientSocketContext * | |
574 | connGetCurrentContext(ConnStateData * conn) | |
575 | { | |
576 | assert(conn); | |
e6ccf245 | 577 | return (clientSocketContext *)conn->currentobject; |
c8be6d7b | 578 | } |
579 | ||
580 | void | |
581 | contextDeferRecipientForLater(clientSocketContext * context, clientStreamNode * node, HttpReply * rep, StoreIOBuffer recievedData) | |
582 | { | |
583 | debug(33, 2) ("clientSocketRecipient: Deferring %s\n", context->http->uri); | |
584 | assert(context->flags.deferred == 0); | |
585 | context->flags.deferred = 1; | |
586 | context->deferredparams.node = node; | |
587 | context->deferredparams.rep = rep; | |
588 | context->deferredparams.queuedBuffer = recievedData; | |
589 | return; | |
590 | } | |
591 | ||
592 | int | |
593 | responseFinishedOrFailed(HttpReply * rep, StoreIOBuffer recievedData) | |
594 | { | |
595 | if (rep == NULL && recievedData.data == NULL && recievedData.length == 0) | |
596 | return 1; | |
597 | return 0; | |
598 | } | |
599 | ||
600 | int | |
601 | contextStartOfOutput(clientSocketContext * context) | |
602 | { | |
b891193f | 603 | return context->http->out.size == 0 ? 1 : 0; |
c8be6d7b | 604 | } |
605 | ||
606 | void | |
607 | contextSendBody(clientSocketContext * context, HttpReply * rep, StoreIOBuffer bodyData) | |
608 | { | |
609 | assert(rep == NULL); | |
610 | context->http->out.offset += bodyData.length; | |
d4cb310b | 611 | comm_old_write(context->http->conn->fd, bodyData.data, bodyData.length, |
c8be6d7b | 612 | clientWriteBodyComplete, context, NULL); |
613 | return; | |
614 | } | |
615 | ||
616 | void | |
617 | contextSendStartOfMessage(clientSocketContext * context, HttpReply * rep, StoreIOBuffer bodyData) | |
618 | { | |
619 | MemBuf mb; | |
620 | /* write headers and/or body if any */ | |
621 | assert(rep || (bodyData.data && bodyData.length)); | |
622 | /* init mb; put status line and headers if any */ | |
623 | if (rep) { | |
624 | mb = httpReplyPack(rep); | |
0e3be1ea | 625 | /* Save length of headers for persistent conn checks */ |
626 | context->http->out.headers_sz = mb.size; | |
c8be6d7b | 627 | #if HEADERS_LOG |
628 | headersLog(0, 0, context->http->request->method, rep); | |
629 | #endif | |
630 | httpReplyDestroy(rep); | |
631 | rep = NULL; | |
632 | } else { | |
633 | memBufDefInit(&mb); | |
634 | } | |
635 | if (bodyData.data && bodyData.length) { | |
636 | context->http->out.offset += bodyData.length; | |
637 | memBufAppend(&mb, bodyData.data, bodyData.length); | |
638 | } | |
639 | /* write */ | |
d4cb310b | 640 | comm_old_write_mbuf(context->http->conn->fd, mb, clientWriteComplete, context); |
c8be6d7b | 641 | /* if we don't do it, who will? */ |
642 | } | |
643 | ||
2246b732 | 644 | /* |
edce4d98 | 645 | * Write a chunk of data to a client socket. If the reply is present, send the reply headers down the wire too, |
646 | * and clean them up when finished. | |
647 | * Pre-condition: | |
648 | * The request is one backed by a connection, not an internal request. | |
649 | * data context is not NULL | |
650 | * There are no more entries in the stream chain. | |
2246b732 | 651 | */ |
edce4d98 | 652 | static void |
653 | clientSocketRecipient(clientStreamNode * node, clientHttpRequest * http, | |
c8be6d7b | 654 | HttpReply * rep, StoreIOBuffer recievedData) |
edce4d98 | 655 | { |
656 | int fd; | |
657 | clientSocketContext *context; | |
658 | /* Test preconditions */ | |
659 | assert(node != NULL); | |
c8be6d7b | 660 | /* TODO: handle this rather than asserting |
661 | * - it should only ever happen if we cause an abort and | |
edce4d98 | 662 | * the callback chain loops back to here, so we can simply return. |
663 | * However, that itself shouldn't happen, so it stays as an assert for now. | |
664 | */ | |
665 | assert(cbdataReferenceValid(node)); | |
666 | assert(node->data != NULL); | |
667 | assert(node->node.next == NULL); | |
e6ccf245 | 668 | context = (clientSocketContext *)node->data; |
c8be6d7b | 669 | assert(connIsUsable(http->conn)); |
edce4d98 | 670 | fd = http->conn->fd; |
c8be6d7b | 671 | if (connGetCurrentContext(http->conn) != context) { |
672 | contextDeferRecipientForLater(context, node, rep, recievedData); | |
edce4d98 | 673 | return; |
674 | } | |
c8be6d7b | 675 | if (responseFinishedOrFailed(rep, recievedData)) { |
edce4d98 | 676 | clientWriteComplete(fd, NULL, 0, COMM_OK, context); |
677 | return; | |
678 | } | |
c8be6d7b | 679 | if (!contextStartOfOutput(context)) |
680 | contextSendBody(context, rep, recievedData); | |
681 | else | |
682 | contextSendStartOfMessage(context, rep, recievedData); | |
edce4d98 | 683 | } |
684 | ||
685 | /* Called when a downstream node is no longer interested in | |
686 | * our data. As we are a terminal node, this means on aborts | |
687 | * only | |
688 | */ | |
689 | void | |
690 | clientSocketDetach(clientStreamNode * node, clientHttpRequest * http) | |
691 | { | |
692 | clientSocketContext *context; | |
693 | /* Test preconditions */ | |
694 | assert(node != NULL); | |
c8be6d7b | 695 | /* TODO: handle this rather than asserting |
696 | * - it should only ever happen if we cause an abort and | |
edce4d98 | 697 | * the callback chain loops back to here, so we can simply return. |
698 | * However, that itself shouldn't happen, so it stays as an assert for now. | |
699 | */ | |
700 | assert(cbdataReferenceValid(node)); | |
701 | /* Set null by ContextFree */ | |
702 | assert(node->data == NULL); | |
703 | assert(node->node.next == NULL); | |
e6ccf245 | 704 | context = (clientSocketContext *)node->data; |
edce4d98 | 705 | /* We are only called when the client socket shutsdown. |
706 | * Tell the prev pipeline member we're finished | |
707 | */ | |
708 | clientStreamDetach(node, http); | |
7a2f978b | 709 | } |
710 | ||
f4f278b5 | 711 | static void |
e6ccf245 | 712 | clientWriteBodyComplete(int fd, char *buf, size_t size, comm_err_t errflag, void *data) |
f4f278b5 | 713 | { |
c8be6d7b | 714 | clientWriteComplete(fd, NULL, size, errflag, data); |
715 | } | |
716 | ||
717 | void | |
718 | connReadNextRequest(ConnStateData * conn) | |
719 | { | |
720 | debug(33, 5) ("clientReadNextRequest: FD %d reading next req\n", | |
721 | conn->fd); | |
722 | fd_note(conn->fd, "Waiting for next request"); | |
f4f278b5 | 723 | /* |
c8be6d7b | 724 | * Set the timeout BEFORE calling clientReadRequest(). |
725 | */ | |
726 | commSetTimeout(conn->fd, Config.Timeout.persistent_request, | |
727 | requestTimeout, conn); | |
c8be6d7b | 728 | conn->defer.until = 0; /* Kick it to read a new request */ |
c4b7a5a9 | 729 | /* Make sure we're still reading from the client side! */ |
730 | /* XXX this could take a bit of CPU time! aiee! -- adrian */ | |
731 | assert(comm_has_pending_read(conn->fd)); | |
732 | /* clientReadSomeData(conn); */ | |
733 | /* Please don't do anything with the FD past here! */ | |
c8be6d7b | 734 | } |
735 | ||
736 | void | |
737 | clientSocketContextPushDeferredIfNeeded(clientSocketContext * deferredRequest, ConnStateData * conn) | |
738 | { | |
739 | debug(33, 2) ("clientSocketContextPushDeferredIfNeeded: FD %d Sending next\n", | |
740 | conn->fd); | |
741 | /* If the client stream is waiting on a socket write to occur, then */ | |
742 | if (deferredRequest->flags.deferred) { | |
743 | /* NO data is allowed to have been sent */ | |
744 | assert(deferredRequest->http->out.size == 0); | |
745 | clientSocketRecipient(deferredRequest->deferredparams.node, | |
746 | deferredRequest->http, | |
747 | deferredRequest->deferredparams.rep, | |
748 | deferredRequest->deferredparams.queuedBuffer); | |
749 | } | |
750 | /* otherwise, the request is still active in a callbacksomewhere, | |
751 | * and we are done | |
f4f278b5 | 752 | */ |
f4f278b5 | 753 | } |
754 | ||
21f2031d | 755 | static void |
edce4d98 | 756 | clientKeepaliveNextRequest(clientSocketContext * context) |
1a92a1e2 | 757 | { |
edce4d98 | 758 | clientHttpRequest *http = context->http; |
1a92a1e2 | 759 | ConnStateData *conn = http->conn; |
c8be6d7b | 760 | clientSocketContext *deferredRequest; |
bd4e6ec8 | 761 | |
ebb6e9a0 | 762 | debug(33, 3) ("clientKeepaliveNextRequest: FD %d\n", conn->fd); |
edce4d98 | 763 | cbdataFree(context); |
c8be6d7b | 764 | if ((deferredRequest = connGetCurrentContext(conn)) == NULL) |
765 | connReadNextRequest(conn); | |
766 | else | |
767 | clientSocketContextPushDeferredIfNeeded(deferredRequest, conn); | |
1a92a1e2 | 768 | } |
769 | ||
c8be6d7b | 770 | void |
771 | clientUpdateSocketStats(log_type logType, size_t size) | |
772 | { | |
773 | if (size == 0) | |
774 | return; | |
775 | kb_incr(&statCounter.client_http.kbytes_out, size); | |
776 | if (logTypeIsATcpHit(logType)) | |
777 | kb_incr(&statCounter.client_http.hit_kbytes_out, size); | |
778 | } | |
779 | ||
780 | void | |
781 | clientPullData(clientSocketContext * context) | |
782 | { | |
783 | /* More data will be coming from the stream. */ | |
784 | StoreIOBuffer readBuffer = EMPTYIOBUFFER; | |
785 | readBuffer.offset = context->http->out.offset; | |
786 | readBuffer.length = HTTP_REQBUF_SZ; | |
787 | readBuffer.data = context->reqbuf; | |
788 | clientStreamRead(getTail(context), context->http, readBuffer); | |
789 | } | |
edce4d98 | 790 | |
791 | /* A write has just completed to the client, or we have just realised there is | |
792 | * no more data to send. | |
793 | */ | |
e6ccf245 | 794 | void |
795 | clientWriteComplete(int fd, char *bufnotused, size_t size, comm_err_t errflag, void *data) | |
7a2f978b | 796 | { |
e6ccf245 | 797 | clientSocketContext *context = (clientSocketContext *)data; |
edce4d98 | 798 | clientHttpRequest *http = context->http; |
7a2f978b | 799 | StoreEntry *entry = http->entry; |
c8be6d7b | 800 | clientStreamNode *node = getTail(context); |
7a2f978b | 801 | http->out.size += size; |
c8be6d7b | 802 | assert(fd > -1); |
32754419 | 803 | debug(33, 5) ("clientWriteComplete: FD %d, sz %ld, err %d, off %ld, len %d\n", |
edce4d98 | 804 | fd, (long int) size, errflag, (long int) http->out.size, entry ? objectLen(entry) : 0); |
c8be6d7b | 805 | clientUpdateSocketStats(http->logType, size); |
806 | if (errflag || clientHttpRequestStatus(fd, http)) { | |
7a2f978b | 807 | comm_close(fd); |
edce4d98 | 808 | /* Do we leak here ? */ |
809 | return; | |
810 | } | |
811 | switch (clientStreamStatus(node, http)) { | |
812 | case STREAM_NONE: | |
c8be6d7b | 813 | clientPullData(context); |
edce4d98 | 814 | break; |
815 | case STREAM_COMPLETE: | |
816 | debug(33, 5) ("clientWriteComplete: FD %d Keeping Alive\n", fd); | |
817 | clientKeepaliveNextRequest(context); | |
818 | return; | |
819 | case STREAM_UNPLANNED_COMPLETE: | |
820 | /* fallthrough */ | |
821 | case STREAM_FAILED: | |
c8be6d7b | 822 | comm_close(fd); |
edce4d98 | 823 | return; |
824 | default: | |
825 | fatal("Hit unreachable code in clientWriteComplete\n"); | |
7a2f978b | 826 | } |
827 | } | |
828 | ||
e6ccf245 | 829 | extern "C" CSR clientGetMoreData; |
830 | extern "C" CSS clientReplyStatus; | |
831 | extern "C" CSD clientReplyDetach; | |
edce4d98 | 832 | |
833 | static clientSocketContext * | |
834 | parseHttpRequestAbort(ConnStateData * conn, const char *uri) | |
038eb4ed | 835 | { |
edce4d98 | 836 | clientHttpRequest *http; |
837 | clientSocketContext *context; | |
c8be6d7b | 838 | StoreIOBuffer tempBuffer = EMPTYIOBUFFER; |
edce4d98 | 839 | http = cbdataAlloc(clientHttpRequest); |
840 | http->conn = conn; | |
841 | http->start = current_time; | |
c8be6d7b | 842 | http->req_sz = conn->in.notYetUsed; |
edce4d98 | 843 | http->uri = xstrdup(uri); |
c4b7a5a9 | 844 | setLogUri (http, uri); |
edce4d98 | 845 | context = clientSocketContextNew(http); |
c8be6d7b | 846 | tempBuffer.data = context->reqbuf; |
847 | tempBuffer.length = HTTP_REQBUF_SZ; | |
edce4d98 | 848 | clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach, |
849 | clientReplyStatus, clientReplyNewContext(http), clientSocketRecipient, | |
c8be6d7b | 850 | clientSocketDetach, context, tempBuffer); |
edce4d98 | 851 | dlinkAdd(http, &http->active, &ClientActiveRequests); |
852 | return context; | |
038eb4ed | 853 | } |
854 | ||
c8be6d7b | 855 | clientSocketContext * |
856 | clientCheckRequestLineIsParseable(char *inbuf, size_t req_sz, ConnStateData * conn) | |
50ddd7a4 | 857 | { |
edce4d98 | 858 | if (strlen(inbuf) != req_sz) { |
c8be6d7b | 859 | debug(33, 1) ("clientCheckRequestLineIsParseable: Requestheader contains NULL characters\n"); |
edce4d98 | 860 | return parseHttpRequestAbort(conn, "error:invalid-request"); |
1b95ce49 | 861 | } |
c8be6d7b | 862 | return NULL; |
863 | } | |
864 | ||
865 | clientSocketContext * | |
866 | clientParseRequestMethod(char *inbuf, method_t * method_p, ConnStateData * conn) | |
867 | { | |
868 | char *mstr = NULL; | |
edce4d98 | 869 | if ((mstr = strtok(inbuf, "\t ")) == NULL) { |
c8be6d7b | 870 | debug(33, 1) ("clientParseRequestMethod: Can't get request method\n"); |
edce4d98 | 871 | return parseHttpRequestAbort(conn, "error:invalid-request-method"); |
7ddc902f | 872 | } |
edce4d98 | 873 | *method_p = urlParseMethod(mstr); |
874 | if (*method_p == METHOD_NONE) { | |
c8be6d7b | 875 | debug(33, 1) ("clientParseRequestMethod: Unsupported method '%s'\n", mstr); |
edce4d98 | 876 | return parseHttpRequestAbort(conn, "error:unsupported-request-method"); |
50ddd7a4 | 877 | } |
c8be6d7b | 878 | debug(33, 5) ("clientParseRequestMethod: Method is '%s'\n", mstr); |
879 | return NULL; | |
880 | } | |
881 | ||
882 | char * | |
883 | skipLeadingSpace(char *aString) | |
884 | { | |
885 | char *result = aString; | |
886 | while (xisspace(*aString)) | |
887 | ++aString; | |
888 | return result; | |
889 | } | |
890 | ||
891 | char * | |
892 | findTrailingHTTPVersion(char *uriAndHTTPVersion) | |
893 | { | |
894 | char *token = uriAndHTTPVersion + strlen(uriAndHTTPVersion); | |
895 | assert(*token == '\0'); | |
896 | while (token > uriAndHTTPVersion) { | |
897 | --token; | |
898 | if (xisspace(*token) && !strncmp(token + 1, "HTTP/", 5)) | |
899 | return token + 1; | |
900 | } | |
901 | return uriAndHTTPVersion; | |
902 | } | |
903 | ||
904 | void | |
905 | trimTrailingSpaces(char *aString, size_t len) | |
906 | { | |
907 | char *endPointer = aString + len; | |
908 | while (endPointer > aString && xisspace(*endPointer)) | |
909 | *(endPointer--) = '\0'; | |
910 | } | |
50ddd7a4 | 911 | |
c8be6d7b | 912 | clientSocketContext * |
913 | parseURIandHTTPVersion(char **url_p, http_version_t * http_ver_p, | |
914 | ConnStateData * conn) | |
915 | { | |
916 | char *url; | |
917 | char *token; | |
edce4d98 | 918 | /* look for URL+HTTP/x.x */ |
919 | if ((url = strtok(NULL, "\n")) == NULL) { | |
920 | debug(33, 1) ("parseHttpRequest: Missing URL\n"); | |
921 | return parseHttpRequestAbort(conn, "error:missing-url"); | |
7a2f978b | 922 | } |
c8be6d7b | 923 | url = skipLeadingSpace(url); |
924 | token = findTrailingHTTPVersion(url); | |
925 | trimTrailingSpaces(url, token - url - 1); | |
926 | ||
edce4d98 | 927 | debug(33, 5) ("parseHttpRequest: URI is '%s'\n", url); |
928 | *url_p = url; | |
929 | if (token == NULL) { | |
930 | debug(33, 3) ("parseHttpRequest: Missing HTTP identifier\n"); | |
931 | #if RELAXED_HTTP_PARSER | |
932 | httpBuildVersion(http_ver_p, 0, 9); /* wild guess */ | |
933 | #else | |
934 | return parseHttpRequestAbort(conn, "error:missing-http-ident"); | |
2b906e48 | 935 | #endif |
49d3fcb0 | 936 | } else { |
edce4d98 | 937 | if (sscanf(token + 5, "%d.%d", &http_ver_p->major, |
938 | &http_ver_p->minor) != 2) { | |
939 | debug(33, 3) ("parseHttpRequest: Invalid HTTP identifier.\n"); | |
940 | return parseHttpRequestAbort(conn, "error: invalid HTTP-ident"); | |
d20b1cd0 | 941 | } |
edce4d98 | 942 | debug(33, 6) ("parseHttpRequest: Client HTTP version %d.%d.\n", |
943 | http_ver_p->major, http_ver_p->minor); | |
6d38ef86 | 944 | } |
c8be6d7b | 945 | return NULL; |
946 | } | |
947 | ||
948 | /* Utility function to perform part of request parsing */ | |
949 | static clientSocketContext * | |
950 | clientParseHttpRequestLine(char *inbuf, size_t req_sz, ConnStateData * conn, | |
951 | method_t * method_p, char **url_p, http_version_t * http_ver_p) | |
952 | { | |
953 | clientSocketContext *result = NULL; | |
954 | if ((result = clientCheckRequestLineIsParseable(inbuf, req_sz, conn)) | |
955 | || (result = clientParseRequestMethod(inbuf, method_p, conn)) | |
956 | || (result = parseURIandHTTPVersion(url_p, http_ver_p, conn))) | |
957 | return result; | |
7a2f978b | 958 | |
edce4d98 | 959 | return NULL; |
99edd1c3 | 960 | } |
961 | ||
c8be6d7b | 962 | void |
c4b7a5a9 | 963 | setLogUri(clientHttpRequest * http, char const *uri) |
c8be6d7b | 964 | { |
965 | if (!stringHasCntl(uri)) | |
966 | http->log_uri = xstrndup(uri, MAX_URL); | |
967 | else | |
968 | http->log_uri = xstrndup(rfc1738_escape_unescaped(uri), MAX_URL); | |
969 | } | |
970 | ||
971 | void | |
972 | prepareInternalUrl(clientHttpRequest * http, char *url) | |
973 | { | |
974 | http->uri = xstrdup(internalLocalUri(NULL, url)); | |
975 | http->flags.internal = 1; | |
976 | http->flags.accel = 1; | |
977 | } | |
978 | ||
979 | void | |
980 | prepareForwardProxyUrl(clientHttpRequest * http, char *url) | |
981 | { | |
982 | size_t url_sz; | |
983 | /* URL may be rewritten later, so make extra room */ | |
984 | url_sz = strlen(url) + Config.appendDomainLen + 5; | |
e6ccf245 | 985 | http->uri = (char *)xcalloc(url_sz, 1); |
c8be6d7b | 986 | strcpy(http->uri, url); |
987 | http->flags.accel = 0; | |
988 | } | |
989 | ||
990 | void | |
991 | prepareAcceleratedUrl(clientHttpRequest * http, char *url, char *req_hdr) | |
992 | { | |
993 | size_t url_sz; | |
994 | char *t; | |
995 | /* prepend the accel prefix */ | |
996 | if (opt_accel_uses_host && (t = mime_get_header(req_hdr, "Host"))) { | |
997 | int vport; | |
998 | char *q; | |
999 | const char *protocol_name = "http"; | |
1000 | if (vport_mode) | |
1001 | vport = (int) ntohs(http->conn->me.sin_port); | |
1002 | else | |
1003 | vport = (int) Config.Accel.port; | |
1004 | /* If a Host: header was specified, use it to build the URL | |
1005 | * instead of the one in the Config file. */ | |
1006 | /* | |
1007 | * XXX Use of the Host: header here opens a potential | |
1008 | * security hole. There are no checks that the Host: value | |
1009 | * corresponds to one of your servers. It might, for example, | |
1010 | * refer to www.playboy.com. The 'dst' and/or 'dst_domain' ACL | |
1011 | * types should be used to prevent httpd-accelerators | |
1012 | * handling requests for non-local servers */ | |
1013 | strtok(t, " /;@"); | |
1014 | if ((q = strchr(t, ':'))) { | |
1015 | *q++ = '\0'; | |
1016 | if (vport_mode) | |
1017 | vport = atoi(q); | |
1018 | } | |
1019 | url_sz = strlen(url) + 32 + Config.appendDomainLen + strlen(t); | |
e6ccf245 | 1020 | http->uri = (char *)xcalloc(url_sz, 1); |
c8be6d7b | 1021 | |
1022 | #if SSL_FORWARDING_NOT_YET_DONE | |
1023 | if (Config.Sockaddr.https->s.sin_port == http->conn->me.sin_port) { | |
1024 | protocol_name = "https"; | |
1025 | vport = ntohs(http->conn->me.sin_port); | |
1026 | } | |
1027 | #endif | |
1028 | snprintf(http->uri, url_sz, "%s://%s:%d%s", | |
1029 | protocol_name, t, vport, url); | |
1030 | } else if (vhost_mode) { | |
1031 | int vport; | |
1032 | /* Put the local socket IP address as the hostname */ | |
1033 | url_sz = strlen(url) + 32 + Config.appendDomainLen; | |
e6ccf245 | 1034 | http->uri = (char *)xcalloc(url_sz, 1); |
c8be6d7b | 1035 | if (vport_mode) |
1036 | vport = (int) ntohs(http->conn->me.sin_port); | |
1037 | else | |
1038 | vport = (int) Config.Accel.port; | |
f95db407 | 1039 | rewriteURIwithInterceptedDetails(url, http->uri, url_sz, http->conn->fd, |
c8be6d7b | 1040 | http->conn->me, http->conn->peer, vport); |
1041 | debug(33, 5) ("VHOST REWRITE: '%s'\n", http->uri); | |
1042 | } else { | |
1043 | url_sz = strlen(Config2.Accel.prefix) + strlen(url) + | |
1044 | Config.appendDomainLen + 1; | |
e6ccf245 | 1045 | http->uri = (char *)xcalloc(url_sz, 1); |
c8be6d7b | 1046 | snprintf(http->uri, url_sz, "%s%s", Config2.Accel.prefix, url); |
1047 | } | |
1048 | http->flags.accel = 1; | |
1049 | } | |
1050 | ||
7a2f978b | 1051 | /* |
1052 | * parseHttpRequest() | |
1053 | * | |
1054 | * Returns | |
c4b7a5a9 | 1055 | * NULL on incomplete requests |
1056 | * a clientSocketContext structure on success or failure. | |
1057 | * Sets result->flags.parsed_ok to 0 if failed to parse the request. | |
1058 | * Sets result->flags.parsed_ok to 1 if we have a good request. | |
7a2f978b | 1059 | */ |
edce4d98 | 1060 | static clientSocketContext * |
c4b7a5a9 | 1061 | parseHttpRequest(ConnStateData * conn, method_t * method_p, |
ea285003 | 1062 | char **prefix_p, size_t * req_line_sz_p) |
7a2f978b | 1063 | { |
1064 | char *inbuf = NULL; | |
7a2f978b | 1065 | char *url = NULL; |
1066 | char *req_hdr = NULL; | |
ccf44862 | 1067 | http_version_t http_ver; |
2334c194 | 1068 | char *end; |
7a2f978b | 1069 | size_t header_sz; /* size of headers, not including first line */ |
ea285003 | 1070 | size_t prefix_sz; /* size of whole request (req-line + headers) */ |
c68e9c6b | 1071 | size_t req_sz; |
edce4d98 | 1072 | clientHttpRequest *http; |
c8be6d7b | 1073 | clientSocketContext *result; |
1074 | StoreIOBuffer tempBuffer = EMPTYIOBUFFER; | |
7a2f978b | 1075 | |
6792f0d3 | 1076 | /* pre-set these values to make aborting simpler */ |
1077 | *prefix_p = NULL; | |
1078 | *method_p = METHOD_NONE; | |
6792f0d3 | 1079 | |
c8be6d7b | 1080 | if ((req_sz = headersEnd(conn->in.buf, conn->in.notYetUsed)) == 0) { |
c68e9c6b | 1081 | debug(33, 5) ("Incomplete request, waiting for end of headers\n"); |
7a2f978b | 1082 | return NULL; |
1083 | } | |
c8be6d7b | 1084 | assert(req_sz <= conn->in.notYetUsed); |
c68e9c6b | 1085 | /* Use memcpy, not strdup! */ |
e6ccf245 | 1086 | inbuf = (char *)xmalloc(req_sz + 1); |
c68e9c6b | 1087 | xmemcpy(inbuf, conn->in.buf, req_sz); |
1088 | *(inbuf + req_sz) = '\0'; | |
7a2f978b | 1089 | |
edce4d98 | 1090 | /* Is there a legitimate first line to the headers ? */ |
c8be6d7b | 1091 | if ((result = |
edce4d98 | 1092 | clientParseHttpRequestLine(inbuf, req_sz, conn, method_p, &url, |
1093 | &http_ver))) { | |
1094 | /* something wrong, abort */ | |
c797472e | 1095 | xfree(inbuf); |
c8be6d7b | 1096 | return result; |
99edd1c3 | 1097 | } |
c68e9c6b | 1098 | /* |
1099 | * Process headers after request line | |
c8be6d7b | 1100 | * TODO: Use httpRequestParse here. |
c68e9c6b | 1101 | */ |
1102 | req_hdr = strtok(NULL, null_string); | |
1103 | header_sz = req_sz - (req_hdr - inbuf); | |
2334c194 | 1104 | if (0 == header_sz) { |
1a92a1e2 | 1105 | debug(33, 3) ("parseHttpRequest: header_sz == 0\n"); |
c797472e | 1106 | xfree(inbuf); |
7a2f978b | 1107 | return NULL; |
1108 | } | |
754b9ce9 | 1109 | assert(header_sz > 0); |
1110 | debug(33, 3) ("parseHttpRequest: req_hdr = {%s}\n", req_hdr); | |
2334c194 | 1111 | end = req_hdr + header_sz; |
04990e2d | 1112 | debug(33, 3) ("parseHttpRequest: end = {%s}\n", end); |
99edd1c3 | 1113 | |
99edd1c3 | 1114 | prefix_sz = end - inbuf; |
1115 | *req_line_sz_p = req_hdr - inbuf; | |
ea285003 | 1116 | debug(33, 3) ("parseHttpRequest: prefix_sz = %d, req_line_sz = %d\n", |
99edd1c3 | 1117 | (int) prefix_sz, (int) *req_line_sz_p); |
c8be6d7b | 1118 | assert(prefix_sz <= conn->in.notYetUsed); |
7a2f978b | 1119 | |
1120 | /* Ok, all headers are received */ | |
72711e31 | 1121 | http = cbdataAlloc(clientHttpRequest); |
7a2f978b | 1122 | http->http_ver = http_ver; |
1123 | http->conn = conn; | |
1124 | http->start = current_time; | |
99edd1c3 | 1125 | http->req_sz = prefix_sz; |
c8be6d7b | 1126 | result = clientSocketContextNew(http); |
1127 | tempBuffer.data = result->reqbuf; | |
1128 | tempBuffer.length = HTTP_REQBUF_SZ; | |
edce4d98 | 1129 | clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach, |
1130 | clientReplyStatus, clientReplyNewContext(http), clientSocketRecipient, | |
c8be6d7b | 1131 | clientSocketDetach, result, tempBuffer); |
e6ccf245 | 1132 | *prefix_p = (char *)xmalloc(prefix_sz + 1); |
99edd1c3 | 1133 | xmemcpy(*prefix_p, conn->in.buf, prefix_sz); |
1134 | *(*prefix_p + prefix_sz) = '\0'; | |
0f1bc304 | 1135 | dlinkAdd(http, &http->active, &ClientActiveRequests); |
7a2f978b | 1136 | |
edce4d98 | 1137 | /* XXX this function is still way to long. here is a natural point for further simplification */ |
1138 | ||
1139 | debug(33, 5) ("parseHttpRequest: Request Header is\n%s\n", | |
1140 | (*prefix_p) + *req_line_sz_p); | |
ba9ebd0a | 1141 | #if THIS_VIOLATES_HTTP_SPECS_ON_URL_TRANSFORMATION |
7a2f978b | 1142 | if ((t = strchr(url, '#'))) /* remove HTML anchors */ |
1143 | *t = '\0'; | |
ba9ebd0a | 1144 | #endif |
7a2f978b | 1145 | |
c8be6d7b | 1146 | if (internalCheck(url)) |
1147 | prepareInternalUrl(http, url); | |
1148 | else if (Config2.Accel.on && *url == '/') | |
1149 | prepareAcceleratedUrl(http, url, req_hdr); | |
d548ee64 | 1150 | else |
c8be6d7b | 1151 | prepareForwardProxyUrl(http, url); |
1152 | setLogUri(http, http->uri); | |
93f9abd0 | 1153 | debug(33, 5) ("parseHttpRequest: Complete request received\n"); |
7a2f978b | 1154 | xfree(inbuf); |
c4b7a5a9 | 1155 | result->flags.parsed_ok = 1; |
c8be6d7b | 1156 | return result; |
7a2f978b | 1157 | } |
1158 | ||
1159 | static int | |
79d39a72 | 1160 | clientReadDefer(int fdnotused, void *data) |
7a2f978b | 1161 | { |
e6ccf245 | 1162 | ConnStateData *conn = (ConnStateData *)data; |
94439e4e | 1163 | if (conn->body.size_left) |
c8be6d7b | 1164 | return conn->in.notYetUsed >= conn->in.allocatedSize - 1; |
94439e4e | 1165 | else |
1166 | return conn->defer.until > squid_curtime; | |
7a2f978b | 1167 | } |
1168 | ||
c8be6d7b | 1169 | int |
1170 | connGetAvailableBufferLength(ConnStateData const *conn) | |
1171 | { | |
1172 | return conn->in.allocatedSize - conn->in.notYetUsed; | |
1173 | } | |
1174 | ||
1175 | void | |
1176 | connMakeSpaceAvailable(ConnStateData * conn) | |
1177 | { | |
1178 | if (connGetAvailableBufferLength(conn) < 2) { | |
e6ccf245 | 1179 | conn->in.buf = (char *)memReallocBuf(conn->in.buf, conn->in.allocatedSize * 2, &conn->in.allocatedSize); |
c8be6d7b | 1180 | debug(33, 2) ("growing request buffer: notYetUsed=%ld size=%ld\n", |
1181 | (long) conn->in.notYetUsed, (long) conn->in.allocatedSize); | |
1182 | } | |
1183 | } | |
1184 | ||
1185 | void | |
1186 | connAddContextToQueue(ConnStateData * conn, clientSocketContext * context) | |
1187 | { | |
1188 | clientSocketContext **S; | |
1189 | for (S = (clientSocketContext **) & conn->currentobject; *S; | |
1190 | S = &(*S)->next); | |
1191 | *S = context; | |
1192 | ++conn->nrequests; | |
1193 | } | |
1194 | ||
1195 | int | |
1196 | connGetConcurrentRequestCount(ConnStateData * conn) | |
1197 | { | |
1198 | int result = 0; | |
1199 | clientSocketContext **T; | |
1200 | for (T = (clientSocketContext **) & conn->currentobject; | |
1201 | *T; T = &(*T)->next, ++result); | |
1202 | return result; | |
1203 | } | |
1204 | ||
1205 | int | |
c4b7a5a9 | 1206 | connReadWasError(ConnStateData * conn, comm_err_t flag, int size) |
c8be6d7b | 1207 | { |
c4b7a5a9 | 1208 | if (flag != COMM_OK) { |
1209 | debug(50, 2) ("connReadWasError: FD %d: got flag %d\n", conn->fd, flag); | |
1210 | return 1; | |
1211 | } | |
c8be6d7b | 1212 | if (size < 0) { |
1213 | if (!ignoreErrno(errno)) { | |
1214 | debug(50, 2) ("connReadWasError: FD %d: %s\n", conn->fd, xstrerror()); | |
1215 | return 1; | |
1216 | } else if (conn->in.notYetUsed == 0) { | |
1217 | debug(50, 2) ("connReadWasError: FD %d: no data to process (%s)\n", | |
1218 | conn->fd, xstrerror()); | |
1219 | } | |
1220 | } | |
1221 | return 0; | |
1222 | } | |
1223 | ||
1224 | int | |
1225 | connFinishedWithConn(ConnStateData * conn, int size) | |
1226 | { | |
1227 | if (size == 0) { | |
1228 | if (connGetConcurrentRequestCount(conn) == 0 && conn->in.notYetUsed == 0) { | |
1229 | /* no current or pending requests */ | |
1230 | debug(33, 4) ("connFinishedWithConn: FD %d closed\n", conn->fd); | |
1231 | return 1; | |
1232 | } else if (!Config.onoff.half_closed_clients) { | |
1233 | /* admin doesn't want to support half-closed client sockets */ | |
1234 | debug(33, 3) ("connFinishedWithConn: FD %d aborted (half_closed_clients disabled)\n", conn->fd); | |
1235 | return 1; | |
1236 | } | |
1237 | } | |
1238 | return 0; | |
1239 | } | |
1240 | ||
1241 | void | |
e6ccf245 | 1242 | connNoteUseOfBuffer(ConnStateData * conn, size_t byteCount) |
c8be6d7b | 1243 | { |
1244 | assert(byteCount > 0 && byteCount <= conn->in.notYetUsed); | |
1245 | conn->in.notYetUsed -= byteCount; | |
e6ccf245 | 1246 | debug(33, 5) ("conn->in.notYetUsed = %u\n", (unsigned) conn->in.notYetUsed); |
c8be6d7b | 1247 | /* |
1248 | * If there is still data that will be used, | |
1249 | * move it to the beginning. | |
1250 | */ | |
1251 | if (conn->in.notYetUsed > 0) | |
1252 | xmemmove(conn->in.buf, conn->in.buf + byteCount, | |
1253 | conn->in.notYetUsed); | |
1254 | } | |
1255 | ||
1256 | int | |
1257 | connKeepReadingIncompleteRequest(ConnStateData * conn) | |
1258 | { | |
1259 | return conn->in.notYetUsed >= Config.maxRequestHeaderSize ? 0 : 1; | |
1260 | } | |
1261 | ||
1262 | void | |
1263 | connCancelIncompleteRequests(ConnStateData * conn) | |
1264 | { | |
1265 | clientSocketContext *context = parseHttpRequestAbort(conn, "error:request-too-large"); | |
1266 | clientStreamNode *node = getClientReplyContext(context); | |
1267 | assert(!connKeepReadingIncompleteRequest(conn)); | |
e6ccf245 | 1268 | debug(33, 1) ("Request header is too large (%u bytes)\n", |
1269 | (unsigned) conn->in.notYetUsed); | |
c8be6d7b | 1270 | debug(33, 1) ("Config 'request_header_max_size'= %ld bytes.\n", |
1271 | (long int) Config.maxRequestHeaderSize); | |
1272 | clientSetReplyToError(node->data, ERR_TOO_BIG, | |
1273 | HTTP_REQUEST_ENTITY_TOO_LARGE, METHOD_NONE, NULL, | |
1274 | &conn->peer.sin_addr, NULL, NULL, NULL); | |
1275 | connAddContextToQueue(conn, context); | |
1276 | clientPullData(context); | |
1277 | } | |
1278 | ||
7a2f978b | 1279 | static void |
c4b7a5a9 | 1280 | clientMaybeReadData(ConnStateData *conn, int do_next_read) |
7a2f978b | 1281 | { |
c4b7a5a9 | 1282 | if (do_next_read) { |
1283 | conn->flags.readMoreRequests = 1; | |
1284 | clientReadSomeData(conn); | |
1285 | } | |
1286 | } | |
1287 | ||
1288 | static void | |
1289 | clientAfterReadingRequests(int fd, ConnStateData *conn, int do_next_read) | |
1290 | { | |
1291 | fde *F = &fd_table[fd]; | |
1292 | ||
1293 | /* Check if a half-closed connection was aborted in the middle */ | |
1294 | if (F->flags.socket_eof) { | |
1295 | if (conn->in.notYetUsed != conn->body.size_left) { /* != 0 when no | |
1296 | request body */ | |
1297 | /* Partial request received. Abort client connection! */ | |
1298 | debug(33, 3) ("clientReadRequest: FD %d aborted, partial request\n",+ fd); | |
1299 | comm_close(fd); | |
1300 | return; | |
1301 | } | |
1302 | } | |
1303 | ||
1304 | clientMaybeReadData (conn, do_next_read); | |
1305 | } | |
1306 | ||
1307 | ||
1308 | static void | |
1309 | clientProcessRequest(ConnStateData *conn, clientSocketContext *context, method_t method, char *prefix, size_t req_line_sz) | |
1310 | { | |
1311 | clientHttpRequest *http = context->http; | |
7a2f978b | 1312 | request_t *request = NULL; |
c4b7a5a9 | 1313 | /* We have an initial client stream in place should it be needed */ |
1314 | /* setup our private context */ | |
1315 | connNoteUseOfBuffer(conn, http->req_sz); | |
1316 | ||
1317 | connAddContextToQueue(conn, context); | |
1318 | ||
1319 | if (context->flags.parsed_ok == 0) { | |
1320 | clientStreamNode *node = getClientReplyContext(context); | |
1321 | debug(33, 1) ("clientReadRequest: Invalid Request\n"); | |
1322 | clientSetReplyToError(node->data, | |
1323 | ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, NULL, | |
1324 | &conn->peer.sin_addr, NULL, conn->in.buf, NULL); | |
1325 | assert(context->http->out.offset == 0); | |
1326 | clientPullData(context); | |
1327 | conn->flags.readMoreRequests = 0; | |
1328 | return; | |
1329 | } | |
1330 | ||
1331 | if ((request = urlParse(method, http->uri)) == NULL) { | |
1332 | clientStreamNode *node = getClientReplyContext(context); | |
1333 | debug(33, 5) ("Invalid URL: %s\n", http->uri); | |
1334 | clientSetReplyToError(node->data, | |
1335 | ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, | |
1336 | &conn->peer.sin_addr, NULL, NULL, NULL); | |
1337 | assert(context->http->out.offset == 0); | |
1338 | clientPullData(context); | |
1339 | conn->flags.readMoreRequests = 0; | |
1340 | return; | |
1341 | } else { | |
1342 | ||
1343 | /* compile headers */ | |
1344 | /* we should skip request line! */ | |
1345 | if (!httpRequestParseHeader(request, prefix + req_line_sz)) | |
1346 | debug(33, 1) ("Failed to parse request headers: %s\n%s\n", | |
1347 | http->uri, prefix); | |
1348 | /* continue anyway? */ | |
1349 | } | |
1350 | ||
1351 | request->flags.accelerated = http->flags.accel; | |
1352 | if (!http->flags.internal) { | |
1353 | if (internalCheck(strBuf(request->urlpath))) { | |
1354 | if (internalHostnameIs(request->host) && | |
1355 | request->port == getMyPort()) { | |
1356 | http->flags.internal = 1; | |
1357 | } else if (internalStaticCheck(strBuf(request->urlpath))) { | |
1358 | xstrncpy(request->host, internalHostname(), | |
1359 | SQUIDHOSTNAMELEN); | |
1360 | request->port = getMyPort(); | |
1361 | http->flags.internal = 1; | |
1362 | } | |
1363 | } | |
1364 | } | |
1365 | ||
1366 | /* | |
1367 | * cache the Content-length value in request_t. | |
1368 | */ | |
1369 | request->content_length = httpHeaderGetInt(&request->header, | |
1370 | HDR_CONTENT_LENGTH); | |
1371 | request->flags.internal = http->flags.internal; | |
1372 | setLogUri (http, urlCanonicalClean(request)); | |
1373 | request->client_addr = conn->peer.sin_addr; | |
1374 | request->my_addr = conn->me.sin_addr; | |
1375 | request->my_port = ntohs(conn->me.sin_port); | |
1376 | request->http_ver = http->http_ver; | |
1377 | if (!urlCheckRequest(request) || | |
1378 | httpHeaderHas(&request->header, HDR_TRANSFER_ENCODING)) { | |
1379 | clientStreamNode *node = getClientReplyContext(context); | |
1380 | clientSetReplyToError(node->data, ERR_UNSUP_REQ, | |
1381 | HTTP_NOT_IMPLEMENTED, request->method, NULL, | |
1382 | &conn->peer.sin_addr, request, NULL, NULL); | |
1383 | assert(context->http->out.offset == 0); | |
1384 | clientPullData(context); | |
1385 | conn->flags.readMoreRequests = 0; | |
1386 | return; | |
1387 | } | |
1388 | ||
1389 | ||
1390 | if (!clientIsContentLengthValid(request)) { | |
1391 | clientStreamNode *node = getClientReplyContext(context); | |
1392 | clientSetReplyToError(node->data, ERR_INVALID_REQ, | |
1393 | HTTP_LENGTH_REQUIRED, request->method, NULL, | |
1394 | &conn->peer.sin_addr, request, NULL, NULL); | |
1395 | assert(context->http->out.offset == 0); | |
1396 | clientPullData(context); | |
1397 | conn->flags.readMoreRequests = 0; | |
1398 | return; | |
1399 | } | |
1400 | ||
1401 | http->request = requestLink(request); | |
1402 | clientSetKeepaliveFlag(http); | |
1403 | /* Do we expect a request-body? */ | |
1404 | if (request->content_length > 0) { | |
1405 | conn->body.size_left = request->content_length; | |
1406 | request->body_connection = conn; | |
1407 | /* Is it too large? */ | |
1408 | if (!clientIsRequestBodyValid(request->content_length) || | |
1409 | clientIsRequestBodyTooLargeForPolicy(request->content_length)) { | |
1410 | clientStreamNode *node = getClientReplyContext(context); | |
1411 | clientSetReplyToError(node->data, ERR_TOO_BIG, | |
1412 | HTTP_REQUEST_ENTITY_TOO_LARGE, METHOD_NONE, NULL, | |
1413 | &conn->peer.sin_addr, http->request, NULL, NULL); | |
1414 | assert(context->http->out.offset == 0); | |
1415 | clientPullData(context); | |
1416 | conn->flags.readMoreRequests = 0; | |
1417 | return; | |
1418 | } | |
1419 | } | |
1420 | ||
1421 | /* If this is a CONNECT, don't schedule a read - ssl.c will handle it */ | |
1422 | if (http->request->method == METHOD_CONNECT) | |
1423 | context->flags.mayUseConnection = 1; | |
1424 | clientAccessCheck(http); | |
1425 | } | |
1426 | ||
1427 | static void | |
1428 | connStripBufferWhitespace (ConnStateData *conn) | |
1429 | { | |
1430 | while (conn->in.notYetUsed > 0 && xisspace(conn->in.buf[0])) { | |
1431 | xmemmove(conn->in.buf, conn->in.buf + 1, conn->in.notYetUsed - 1); | |
1432 | --conn->in.notYetUsed; | |
1433 | } | |
1434 | } | |
1435 | ||
1436 | static int | |
1437 | connOkToAddRequest(ConnStateData *conn) | |
1438 | { | |
1439 | int result = connGetConcurrentRequestCount(conn) < (Config.onoff.pipeline_prefetch ? 2 : 1); | |
1440 | if (!result) { | |
1441 | debug(33, 3) ("clientReadRequest: FD %d max concurrent requests reached\n", | |
1442 | conn->fd); | |
1443 | debug(33, 5) ("clientReadRequest: FD %d defering new request until one is done\n", | |
1444 | conn->fd); | |
1445 | } | |
1446 | return result; | |
1447 | } | |
1448 | ||
1449 | static void | |
1450 | connSetDefer (ConnStateData *conn, size_t milliSeconds) | |
1451 | { | |
1452 | conn->defer.until = squid_curtime + milliSeconds; | |
1453 | conn->defer.n++; | |
1454 | } | |
1455 | ||
1456 | static void | |
1457 | clientReadRequest(int fd, char *buf, size_t size, comm_err_t flag, int xerrno, | |
1458 | void *data) | |
1459 | { | |
1460 | ConnStateData *conn = (ConnStateData *)data; | |
7a2f978b | 1461 | method_t method; |
08e70b8f | 1462 | char *prefix = NULL; |
edce4d98 | 1463 | clientSocketContext *context; |
c4b7a5a9 | 1464 | int do_next_read = 1; /* the default _is_ to read data! - adrian */ |
1465 | ||
1466 | assert (fd == conn->fd); | |
1467 | ||
1468 | /* Bail out quickly on COMM_ERR_CLOSING - close handlers will tidy up */ | |
1469 | if (flag == COMM_ERR_CLOSING) { | |
1470 | return; | |
1471 | } | |
44db45e8 | 1472 | /* |
1473 | * Don't reset the timeout value here. The timeout value will be | |
1474 | * set to Config.Timeout.request by httpAccept() and | |
1475 | * clientWriteComplete(), and should apply to the request as a | |
1476 | * whole, not individual read() calls. Plus, it breaks our | |
1477 | * lame half-close detection | |
1478 | */ | |
c4b7a5a9 | 1479 | if (connReadWasError(conn, flag, size)) { |
c8be6d7b | 1480 | comm_close(fd); |
1481 | return; | |
7a2f978b | 1482 | } |
c4b7a5a9 | 1483 | |
1484 | if (flag == COMM_OK) { | |
1485 | if (size > 0) { | |
1486 | kb_incr(&statCounter.client_http.kbytes_in, size); | |
1487 | conn->in.notYetUsed += size; | |
1488 | conn->in.buf[conn->in.notYetUsed] = '\0'; /* Terminate the string | |
1489 | */ | |
1490 | } else if (size == 0) { | |
1491 | debug(33, 5) ("clientReadRequest: FD %d closed?\n", fd); | |
1492 | if (connFinishedWithConn(conn, size)) { | |
1493 | comm_close(fd); | |
1494 | return; | |
1495 | } | |
1496 | /* It might be half-closed, we can't tell */ | |
1497 | fd_table[fd].flags.socket_eof = 1; | |
1498 | connSetDefer (conn, 1); | |
1499 | fd_note(fd, "half-closed"); | |
1500 | /* There is one more close check at the end, to detect aborted | |
1501 | * (partial) requests. At this point we can't tell if the request | |
1502 | * is partial. | |
1503 | */ | |
1504 | /* Continue to process previously read data */ | |
1505 | } | |
1506 | } | |
1507 | ||
1508 | ||
94439e4e | 1509 | /* Process request body if any */ |
c8be6d7b | 1510 | if (conn->in.notYetUsed > 0 && conn->body.callback != NULL) |
94439e4e | 1511 | clientProcessBody(conn); |
1512 | /* Process next request */ | |
c8be6d7b | 1513 | if (connGetConcurrentRequestCount(conn) == 0) |
1514 | fd_note(conn->fd, "Reading next request"); | |
1515 | ||
1516 | while (conn->in.notYetUsed > 0 && conn->body.size_left == 0) { | |
cff0c749 | 1517 | size_t req_line_sz; |
c4b7a5a9 | 1518 | connStripBufferWhitespace (conn); |
1519 | if (conn->in.notYetUsed == 0) { | |
1520 | clientAfterReadingRequests(fd, conn, do_next_read); | |
1521 | return; | |
9a6f98a5 | 1522 | } |
ebf4efff | 1523 | /* Limit the number of concurrent requests to 2 */ |
c4b7a5a9 | 1524 | if (!connOkToAddRequest(conn)) { |
1525 | /* Reset when a request is complete */ | |
1526 | connSetDefer (conn, 100); | |
1527 | clientMaybeReadData (conn, do_next_read); | |
380991a7 | 1528 | return; |
ebf4efff | 1529 | } |
c4b7a5a9 | 1530 | /* Should not be needed anymore */ |
1531 | /* Terminate the string */ | |
1532 | conn->in.buf[conn->in.notYetUsed] = '\0'; | |
ebf4efff | 1533 | /* Process request */ |
edce4d98 | 1534 | context = parseHttpRequest(conn, |
c4b7a5a9 | 1535 | &method, &prefix, &req_line_sz); |
1536 | /* partial or incomplete request */ | |
1537 | if (!context) { | |
13f11a4a | 1538 | safe_free(prefix); |
c4b7a5a9 | 1539 | if (!connKeepReadingIncompleteRequest(conn)) |
1540 | connCancelIncompleteRequests(conn); | |
1541 | break; /* conn->in.notYetUsed > 0 && conn->body.size_left == 0 */ | |
1542 | } | |
c8be6d7b | 1543 | |
c4b7a5a9 | 1544 | /* status -1 or 1 */ |
1545 | if (context) { | |
edce4d98 | 1546 | commSetTimeout(fd, Config.Timeout.lifetime, clientLifetimeTimeout, |
c4b7a5a9 | 1547 | context->http); |
1548 | ||
1549 | clientProcessRequest(conn, context, method, prefix, req_line_sz); | |
1550 | ||
13f11a4a | 1551 | safe_free(prefix); |
c4b7a5a9 | 1552 | if (!conn->flags.readMoreRequests) { |
1553 | conn->flags.readMoreRequests = 1; | |
31be8b80 | 1554 | break; |
1555 | } | |
c4b7a5a9 | 1556 | if (context->flags.mayUseConnection) |
1557 | do_next_read = 0; | |
94439e4e | 1558 | continue; /* while offset > 0 && body.size_left == 0 */ |
7a2f978b | 1559 | } |
94439e4e | 1560 | } /* while offset > 0 && conn->body.size_left == 0 */ |
c4b7a5a9 | 1561 | clientAfterReadingRequests(fd, conn, do_next_read); |
94439e4e | 1562 | } |
1563 | ||
1564 | /* file_read like function, for reading body content */ | |
1565 | void | |
edce4d98 | 1566 | clientReadBody(request_t * request, char *buf, size_t size, CBCB * callback, |
1567 | void *cbdata) | |
94439e4e | 1568 | { |
1569 | ConnStateData *conn = request->body_connection; | |
1570 | if (!conn) { | |
1571 | debug(33, 5) ("clientReadBody: no body to read, request=%p\n", request); | |
1572 | callback(buf, 0, cbdata); /* Signal end of body */ | |
1573 | return; | |
7a2f978b | 1574 | } |
c8be6d7b | 1575 | debug(33, 2) ("clientReadBody: start fd=%d body_size=%lu in.notYetUsed=%ld cb=%p req=%p\n", |
edce4d98 | 1576 | conn->fd, (unsigned long int) conn->body.size_left, |
e6ccf245 | 1577 | (unsigned long int) conn->in.notYetUsed, callback, request); |
94439e4e | 1578 | conn->body.callback = callback; |
1579 | conn->body.cbdata = cbdata; | |
1580 | conn->body.buf = buf; | |
1581 | conn->body.bufsize = size; | |
1582 | conn->body.request = requestLink(request); | |
28ee8ce5 | 1583 | clientProcessBody(conn); |
94439e4e | 1584 | } |
1585 | ||
1586 | /* Called by clientReadRequest to process body content */ | |
1587 | static void | |
1588 | clientProcessBody(ConnStateData * conn) | |
1589 | { | |
e6ccf245 | 1590 | size_t size; |
94439e4e | 1591 | char *buf = conn->body.buf; |
1592 | void *cbdata = conn->body.cbdata; | |
1593 | CBCB *callback = conn->body.callback; | |
1594 | request_t *request = conn->body.request; | |
1595 | /* Note: request is null while eating "aborted" transfers */ | |
e6ccf245 | 1596 | debug(33, 2) ("clientProcessBody: start fd=%d body_size=%lu in.notYetUsed=%lu cb=%p req=%p\n", |
edce4d98 | 1597 | conn->fd, (unsigned long int) conn->body.size_left, |
e6ccf245 | 1598 | (unsigned long int) conn->in.notYetUsed, callback, request); |
c8be6d7b | 1599 | if (conn->in.notYetUsed) { |
28ee8ce5 | 1600 | /* Some sanity checks... */ |
1601 | assert(conn->body.size_left > 0); | |
c8be6d7b | 1602 | assert(conn->in.notYetUsed > 0); |
28ee8ce5 | 1603 | assert(callback != NULL); |
1604 | assert(buf != NULL); | |
1605 | /* How much do we have to process? */ | |
c8be6d7b | 1606 | size = conn->in.notYetUsed; |
28ee8ce5 | 1607 | if (size > conn->body.size_left) /* only process the body part */ |
1608 | size = conn->body.size_left; | |
1609 | if (size > conn->body.bufsize) /* don't copy more than requested */ | |
1610 | size = conn->body.bufsize; | |
1611 | xmemcpy(buf, conn->in.buf, size); | |
1612 | conn->body.size_left -= size; | |
1613 | /* Move any remaining data */ | |
c8be6d7b | 1614 | conn->in.notYetUsed -= size; |
1615 | if (conn->in.notYetUsed > 0) | |
1616 | xmemmove(conn->in.buf, conn->in.buf + size, conn->in.notYetUsed); | |
28ee8ce5 | 1617 | /* Remove request link if this is the last part of the body, as |
1618 | * clientReadRequest automatically continues to process next request */ | |
1619 | if (conn->body.size_left <= 0 && request != NULL) | |
1620 | request->body_connection = NULL; | |
1621 | /* Remove clientReadBody arguments (the call is completed) */ | |
1622 | conn->body.request = NULL; | |
1623 | conn->body.callback = NULL; | |
1624 | conn->body.buf = NULL; | |
1625 | conn->body.bufsize = 0; | |
1626 | /* Remember that we have touched the body, not restartable */ | |
1627 | if (request != NULL) | |
1628 | request->flags.body_sent = 1; | |
1629 | /* Invoke callback function */ | |
1630 | callback(buf, size, cbdata); | |
1631 | if (request != NULL) | |
1632 | requestUnlink(request); /* Linked in clientReadBody */ | |
2167ca34 | 1633 | debug(33, 2) ("clientProcessBody: end fd=%d size=%lu body_size=%lu in.notYetUsed=%lu cb=%p req=%p\n", |
1634 | conn->fd, (unsigned long int)size, (unsigned long int) conn->body.size_left, | |
e6ccf245 | 1635 | (unsigned long) conn->in.notYetUsed, callback, request); |
28ee8ce5 | 1636 | } |
94439e4e | 1637 | } |
1638 | ||
1639 | /* A dummy handler that throws away a request-body */ | |
2d72d4fd | 1640 | static void |
e6ccf245 | 1641 | clientReadBodyAbortHandler(char *buf, ssize_t size, void *data) |
94439e4e | 1642 | { |
c8be6d7b | 1643 | static char bodyAbortBuf[SQUID_TCP_SO_RCVBUF]; |
94439e4e | 1644 | ConnStateData *conn = (ConnStateData *) data; |
e6ccf245 | 1645 | debug(33, 2) ("clientReadBodyAbortHandler: fd=%d body_size=%lu in.notYetUsed=%lu\n", |
edce4d98 | 1646 | conn->fd, (unsigned long int) conn->body.size_left, |
e6ccf245 | 1647 | (unsigned long) conn->in.notYetUsed); |
94439e4e | 1648 | if (size != 0 && conn->body.size_left != 0) { |
edce4d98 | 1649 | debug(33, 3) ("clientReadBodyAbortHandler: fd=%d shedule next read\n", |
1650 | conn->fd); | |
94439e4e | 1651 | conn->body.callback = clientReadBodyAbortHandler; |
1652 | conn->body.buf = bodyAbortBuf; | |
1653 | conn->body.bufsize = sizeof(bodyAbortBuf); | |
1654 | conn->body.cbdata = data; | |
1655 | } | |
1656 | } | |
1657 | ||
1658 | /* Abort a body request */ | |
1659 | int | |
1660 | clientAbortBody(request_t * request) | |
1661 | { | |
1662 | ConnStateData *conn = request->body_connection; | |
1663 | char *buf; | |
1664 | CBCB *callback; | |
1665 | void *cbdata; | |
1666 | request->body_connection = NULL; | |
1667 | if (!conn || conn->body.size_left <= 0) | |
1668 | return 0; /* No body to abort */ | |
1669 | if (conn->body.callback != NULL) { | |
1670 | buf = conn->body.buf; | |
1671 | callback = conn->body.callback; | |
1672 | cbdata = conn->body.cbdata; | |
1673 | assert(request == conn->body.request); | |
1674 | conn->body.buf = NULL; | |
1675 | conn->body.callback = NULL; | |
1676 | conn->body.cbdata = NULL; | |
1677 | conn->body.request = NULL; | |
1678 | callback(buf, -1, cbdata); /* Signal abort to clientReadBody caller */ | |
1679 | requestUnlink(request); | |
1680 | } | |
1681 | clientReadBodyAbortHandler(NULL, -1, conn); /* Install abort handler */ | |
1682 | /* clientProcessBody() */ | |
1683 | return 1; /* Aborted */ | |
7a2f978b | 1684 | } |
1685 | ||
1686 | /* general lifetime handler for HTTP requests */ | |
1687 | static void | |
1688 | requestTimeout(int fd, void *data) | |
1689 | { | |
ad63ceea | 1690 | #if THIS_CONFUSES_PERSISTENT_CONNECTION_AWARE_BROWSERS_AND_USERS |
7a2f978b | 1691 | ConnStateData *conn = data; |
badd8ff0 | 1692 | debug(33, 3) ("requestTimeout: FD %d: lifetime is expired.\n", fd); |
7a2f978b | 1693 | if (fd_table[fd].rwstate) { |
79e0dc20 | 1694 | /* |
1695 | * Some data has been sent to the client, just close the FD | |
1696 | */ | |
7a2f978b | 1697 | comm_close(fd); |
1698 | } else if (conn->nrequests) { | |
79e0dc20 | 1699 | /* |
1700 | * assume its a persistent connection; just close it | |
1701 | */ | |
7a2f978b | 1702 | comm_close(fd); |
1703 | } else { | |
79e0dc20 | 1704 | /* |
1705 | * Generate an error | |
1706 | */ | |
edce4d98 | 1707 | clientHttpRequest **H; |
1708 | clientStreamNode *node; | |
1709 | clientHttpRequest *http = | |
c8be6d7b | 1710 | parseHttpRequestAbort(conn, "error:Connection%20lifetime%20expired"); |
edce4d98 | 1711 | node = http->client_stream.tail->prev->data; |
1712 | clientSetReplyToError(node->data, ERR_LIFETIME_EXP, | |
1713 | HTTP_REQUEST_TIMEOUT, METHOD_NONE, "N/A", &conn->peer.sin_addr, | |
1714 | NULL, NULL, NULL); | |
1715 | /* No requests can be outstanded */ | |
79e0dc20 | 1716 | assert(conn->chr == NULL); |
edce4d98 | 1717 | /* add to the client request queue */ |
1718 | for (H = &conn->chr; *H; H = &(*H)->next); | |
1719 | *H = http; | |
1720 | clientStreamRead(http->client_stream.tail->data, http, 0, | |
1721 | HTTP_REQBUF_SZ, context->reqbuf); | |
79e0dc20 | 1722 | /* |
1723 | * if we don't close() here, we still need a timeout handler! | |
1724 | */ | |
7a2f978b | 1725 | commSetTimeout(fd, 30, requestTimeout, conn); |
7e3ce7b9 | 1726 | /* |
1727 | * Aha, but we don't want a read handler! | |
1728 | */ | |
1729 | commSetSelect(fd, COMM_SELECT_READ, NULL, NULL, 0); | |
7a2f978b | 1730 | } |
af57a2e3 | 1731 | #else |
1732 | /* | |
1733 | * Just close the connection to not confuse browsers | |
1734 | * using persistent connections. Some browsers opens | |
1735 | * an connection and then does not use it until much | |
1736 | * later (presumeably because the request triggering | |
1737 | * the open has already been completed on another | |
1738 | * connection) | |
1739 | */ | |
ad63ceea | 1740 | debug(33, 3) ("requestTimeout: FD %d: lifetime is expired.\n", fd); |
af57a2e3 | 1741 | comm_close(fd); |
1742 | #endif | |
7a2f978b | 1743 | } |
1744 | ||
b5c39993 | 1745 | static void |
1746 | clientLifetimeTimeout(int fd, void *data) | |
1747 | { | |
e6ccf245 | 1748 | clientHttpRequest *http = (clientHttpRequest *)data; |
7ec87701 | 1749 | ConnStateData *conn = http->conn; |
edce4d98 | 1750 | debug(33, |
1751 | 1) ("WARNING: Closing client %s connection due to lifetime timeout\n", | |
b5c39993 | 1752 | inet_ntoa(conn->peer.sin_addr)); |
1753 | debug(33, 1) ("\t%s\n", http->uri); | |
1754 | comm_close(fd); | |
1755 | } | |
1756 | ||
ba4f8e5a | 1757 | static int |
d20b1cd0 | 1758 | httpAcceptDefer(int fdunused, void *dataunused) |
7a2f978b | 1759 | { |
3d6629c6 | 1760 | static time_t last_warn = 0; |
1761 | if (fdNFree() >= RESERVED_FD) | |
1762 | return 0; | |
1763 | if (last_warn + 15 < squid_curtime) { | |
1764 | debug(33, 0) ("WARNING! Your cache is running out of filedescriptors\n"); | |
1765 | last_warn = squid_curtime; | |
1766 | } | |
1767 | return 1; | |
7a2f978b | 1768 | } |
1769 | ||
c8be6d7b | 1770 | ConnStateData * |
c4b7a5a9 | 1771 | connStateCreate(struct sockaddr_in *peer, struct sockaddr_in *me, int fd) |
c8be6d7b | 1772 | { |
1773 | ConnStateData *result = cbdataAlloc(ConnStateData); | |
c4b7a5a9 | 1774 | result->peer = *peer; |
1775 | result->log_addr = peer->sin_addr; | |
c8be6d7b | 1776 | result->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr; |
c4b7a5a9 | 1777 | result->me = *me; |
c8be6d7b | 1778 | result->fd = fd; |
e6ccf245 | 1779 | result->in.buf = (char *)memAllocBuf(CLIENT_REQ_BUF_SZ, &result->in.allocatedSize); |
c4b7a5a9 | 1780 | result->flags.readMoreRequests = 1; |
c8be6d7b | 1781 | return result; |
1782 | } | |
1783 | ||
bf8e5903 | 1784 | /* Handle a new connection on HTTP socket. */ |
7a2f978b | 1785 | void |
c4b7a5a9 | 1786 | httpAccept(int sock, int newfd, struct sockaddr_in *me, struct sockaddr_in *peer, |
1787 | comm_err_t flag, int xerrno, void *data) | |
7a2f978b | 1788 | { |
d193a436 | 1789 | int *N = &incoming_sockets_accepted; |
7a2f978b | 1790 | ConnStateData *connState = NULL; |
3898f57f | 1791 | #if USE_IDENT |
a40699cd | 1792 | static aclCheck_t identChecklist; |
3898f57f | 1793 | #endif |
02d1422b | 1794 | |
1795 | if (flag == COMM_ERR_CLOSING) { | |
1796 | return; | |
1797 | } | |
1798 | ||
c4b7a5a9 | 1799 | /* kick off another one for later */ |
1800 | comm_accept(sock, httpAccept, NULL); | |
1801 | ||
1802 | /* XXX we're not considering httpAcceptDefer yet! */ | |
1803 | ||
1804 | if (flag != COMM_OK) { | |
1805 | errno = xerrno; | |
1806 | debug(50, 1) ("httpAccept: FD %d: accept failure: %s\n", | |
e2525655 | 1807 | sock, xstrerror()); |
c4b7a5a9 | 1808 | return; |
e2525655 | 1809 | } |
c4b7a5a9 | 1810 | |
1811 | debug(33, 4) ("httpAccept: FD %d: accepted\n", newfd); | |
1812 | connState = connStateCreate(peer, me, newfd); | |
1813 | comm_add_close_handler(newfd, connStateFree, connState); | |
e2525655 | 1814 | if (Config.onoff.log_fqdn) |
c4b7a5a9 | 1815 | fqdncache_gethostbyaddr(peer->sin_addr, FQDN_LOOKUP_IF_MISS); |
1816 | commSetTimeout(newfd, Config.Timeout.request, requestTimeout, connState); | |
3898f57f | 1817 | #if USE_IDENT |
c4b7a5a9 | 1818 | identChecklist.src_addr = peer->sin_addr; |
1819 | identChecklist.my_addr = me->sin_addr; | |
1820 | identChecklist.my_port = ntohs(me->sin_port); | |
a40699cd | 1821 | if (aclCheckFast(Config.accessList.identLookup, &identChecklist)) |
c4b7a5a9 | 1822 | identStart(me, peer, clientIdentDone, connState); |
3898f57f | 1823 | #endif |
c4b7a5a9 | 1824 | clientReadSomeData(connState); |
1825 | commSetDefer(newfd, clientReadDefer, connState); | |
1826 | clientdbEstablished(peer->sin_addr, 1); | |
41292f79 | 1827 | assert(N); |
ba4f8e5a | 1828 | (*N)++; |
7a2f978b | 1829 | } |
1830 | ||
1f7c9178 | 1831 | #if USE_SSL |
1832 | ||
1833 | /* negotiate an SSL connection */ | |
1834 | static void | |
1835 | clientNegotiateSSL(int fd, void *data) | |
1836 | { | |
e6ccf245 | 1837 | ConnStateData *conn = (ConnStateData *)data; |
1f7c9178 | 1838 | X509 *client_cert; |
1839 | int ret; | |
1840 | ||
1841 | if ((ret = SSL_accept(fd_table[fd].ssl)) <= 0) { | |
1842 | if (BIO_sock_should_retry(ret)) { | |
1843 | commSetSelect(fd, COMM_SELECT_READ, clientNegotiateSSL, conn, 0); | |
1844 | return; | |
1845 | } | |
1846 | ret = ERR_get_error(); | |
a4a80ff0 | 1847 | if (ret) { |
edce4d98 | 1848 | debug(83, 1) |
1849 | ("clientNegotiateSSL: Error negotiating SSL connection on FD %d: %s\n", | |
a4a80ff0 | 1850 | fd, ERR_error_string(ret, NULL)); |
1851 | } | |
1f7c9178 | 1852 | comm_close(fd); |
1853 | return; | |
1854 | } | |
27d8545c | 1855 | debug(83, 5) ("clientNegotiateSSL: FD %d negotiated cipher %s\n", fd, |
1f7c9178 | 1856 | SSL_get_cipher(fd_table[fd].ssl)); |
1857 | ||
1858 | client_cert = SSL_get_peer_certificate(fd_table[fd].ssl); | |
1859 | if (client_cert != NULL) { | |
edce4d98 | 1860 | debug(83, 5) ("clientNegotiateSSL: FD %d client certificate: subject: %s\n", |
1861 | fd, X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0)); | |
1f7c9178 | 1862 | |
edce4d98 | 1863 | debug(83, 5) ("clientNegotiateSSL: FD %d client certificate: issuer: %s\n", |
1864 | fd, X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0)); | |
1f7c9178 | 1865 | |
1866 | X509_free(client_cert); | |
1867 | } else { | |
27d8545c | 1868 | debug(83, 5) ("clientNegotiateSSL: FD %d has no certificate.\n", fd); |
1f7c9178 | 1869 | } |
1870 | ||
c4b7a5a9 | 1871 | clientReadSomeData(conn); |
1f7c9178 | 1872 | } |
1873 | ||
d193a436 | 1874 | struct _https_port_data { |
1875 | SSL_CTX *sslContext; | |
1876 | }; | |
1877 | typedef struct _https_port_data https_port_data; | |
1878 | CBDATA_TYPE(https_port_data); | |
1879 | ||
1f7c9178 | 1880 | /* handle a new HTTPS connection */ |
1881 | static void | |
c4b7a5a9 | 1882 | httpsAccept(int sock, int newfd, struct sockaddr_in *me, struct sockaddr_in *peer, |
1883 | comm_err_t flag, int xerrno, void *data) | |
1f7c9178 | 1884 | { |
d193a436 | 1885 | int *N = &incoming_sockets_accepted; |
e6ccf245 | 1886 | https_port_data *https_port = (https_port_data *)data; |
d193a436 | 1887 | SSL_CTX *sslContext = https_port->sslContext; |
1f7c9178 | 1888 | ConnStateData *connState = NULL; |
1f7c9178 | 1889 | SSL *ssl; |
1890 | int ssl_error; | |
1891 | #if USE_IDENT | |
1892 | static aclCheck_t identChecklist; | |
1893 | #endif | |
c4b7a5a9 | 1894 | |
02d1422b | 1895 | if (flag == COMM_ERR_CLOSING) { |
1896 | return; | |
1897 | } | |
1898 | ||
c4b7a5a9 | 1899 | if (flag != COMM_OK) { |
1900 | errno = xerrno; | |
1901 | debug(50, 1) ("httpsAccept: FD %d: accept failure: %s\n", | |
1902 | sock, xstrerror()); | |
1903 | return; | |
1904 | } | |
1905 | ||
1906 | if ((ssl = SSL_new(sslContext)) == NULL) { | |
1907 | ssl_error = ERR_get_error(); | |
1908 | debug(83, 1) ("httpsAccept: Error allocating handle: %s\n", | |
1909 | ERR_error_string(ssl_error, NULL)); | |
1910 | return; | |
1911 | } | |
1912 | ||
1913 | SSL_set_fd(ssl, newfd); | |
1914 | fd_table[newfd].ssl = ssl; | |
1915 | fd_table[newfd].read_method = &ssl_read_method; | |
1916 | fd_table[newfd].write_method = &ssl_write_method; | |
1917 | debug(50, 5) ("httpsAccept: FD %d accepted, starting SSL negotiation.\n", newfd); | |
1918 | ||
1919 | connState = connStateCreate(peer, me, newfd); | |
1920 | /* XXX account connState->in.buf */ | |
1921 | comm_add_close_handler(newfd, connStateFree, connState); | |
1922 | if (Config.onoff.log_fqdn) | |
1923 | fqdncache_gethostbyaddr(peer->sin_addr, FQDN_LOOKUP_IF_MISS); | |
1924 | commSetTimeout(newfd, Config.Timeout.request, requestTimeout, connState); | |
1f7c9178 | 1925 | #if USE_IDENT |
c4b7a5a9 | 1926 | identChecklist.src_addr = peer->sin_addr; |
1927 | identChecklist.my_addr = me->sin_addr; | |
1928 | identChecklist.my_port = ntohs(me->sin_port); | |
1929 | if (aclCheckFast(Config.accessList.identLookup, &identChecklist)) | |
1930 | identStart(me, peer, clientIdentDone, connState); | |
1f7c9178 | 1931 | #endif |
c4b7a5a9 | 1932 | commSetSelect(newfd, COMM_SELECT_READ, clientNegotiateSSL, connState, 0); |
1933 | commSetDefer(newfd, clientReadDefer, connState); | |
1934 | clientdbEstablished(peer->sin_addr, 1); | |
1935 | (*N)++; | |
1f7c9178 | 1936 | } |
1937 | ||
1938 | #endif /* USE_SSL */ | |
1939 | ||
7a2f978b | 1940 | /* |
1941 | * This function is designed to serve a fairly specific purpose. | |
1942 | * Occasionally our vBNS-connected caches can talk to each other, but not | |
1943 | * the rest of the world. Here we try to detect frequent failures which | |
1944 | * make the cache unusable (e.g. DNS lookup and connect() failures). If | |
1945 | * the failure:success ratio goes above 1.0 then we go into "hit only" | |
1946 | * mode where we only return UDP_HIT or UDP_MISS_NOFETCH. Neighbors | |
1947 | * will only fetch HITs from us if they are using the ICP protocol. We | |
1948 | * stay in this mode for 5 minutes. | |
1949 | * | |
1950 | * Duane W., Sept 16, 1996 | |
1951 | */ | |
1952 | ||
1953 | static void | |
88aad2e5 | 1954 | checkFailureRatio(err_type etype, hier_code hcode) |
7a2f978b | 1955 | { |
88aad2e5 | 1956 | static double magic_factor = 100.0; |
7a2f978b | 1957 | double n_good; |
1958 | double n_bad; | |
1959 | if (hcode == HIER_NONE) | |
1960 | return; | |
88aad2e5 | 1961 | n_good = magic_factor / (1.0 + request_failure_ratio); |
7a2f978b | 1962 | n_bad = magic_factor - n_good; |
88aad2e5 | 1963 | switch (etype) { |
7a2f978b | 1964 | case ERR_DNS_FAIL: |
1965 | case ERR_CONNECT_FAIL: | |
1966 | case ERR_READ_ERROR: | |
1967 | n_bad++; | |
1968 | break; | |
1969 | default: | |
1970 | n_good++; | |
1971 | } | |
88aad2e5 | 1972 | request_failure_ratio = n_bad / n_good; |
7a2f978b | 1973 | if (hit_only_mode_until > squid_curtime) |
1974 | return; | |
88aad2e5 | 1975 | if (request_failure_ratio < 1.0) |
7a2f978b | 1976 | return; |
93f9abd0 | 1977 | debug(33, 0) ("Failure Ratio at %4.2f\n", request_failure_ratio); |
1978 | debug(33, 0) ("Going into hit-only-mode for %d minutes...\n", | |
7a2f978b | 1979 | FAILURE_MODE_TIME / 60); |
1980 | hit_only_mode_until = squid_curtime + FAILURE_MODE_TIME; | |
88aad2e5 | 1981 | request_failure_ratio = 0.8; /* reset to something less than 1.0 */ |
7a2f978b | 1982 | } |
15df8349 | 1983 | |
d193a436 | 1984 | static void |
15df8349 | 1985 | clientHttpConnectionsOpen(void) |
1986 | { | |
7e3ce7b9 | 1987 | sockaddr_in_list *s; |
15df8349 | 1988 | int fd; |
7e3ce7b9 | 1989 | for (s = Config.Sockaddr.http; s; s = s->next) { |
42b51993 | 1990 | if (MAXHTTPPORTS == NHttpSockets) { |
1991 | debug(1, 1) ("WARNING: You have too many 'http_port' lines.\n"); | |
1992 | debug(1, 1) (" The limit is %d\n", MAXHTTPPORTS); | |
1993 | continue; | |
1994 | } | |
8daca701 | 1995 | enter_suid(); |
1996 | fd = comm_open(SOCK_STREAM, | |
1997 | 0, | |
7e3ce7b9 | 1998 | s->s.sin_addr, |
edce4d98 | 1999 | ntohs(s->s.sin_port), COMM_NONBLOCKING, "HTTP Socket"); |
8daca701 | 2000 | leave_suid(); |
2001 | if (fd < 0) | |
2002 | continue; | |
2003 | comm_listen(fd); | |
c4b7a5a9 | 2004 | comm_accept(fd, httpAccept, NULL); |
d20b1cd0 | 2005 | /* |
2006 | * We need to set a defer handler here so that we don't | |
2007 | * peg the CPU with select() when we hit the FD limit. | |
2008 | */ | |
2009 | commSetDefer(fd, httpAcceptDefer, NULL); | |
7e3ce7b9 | 2010 | debug(1, 1) ("Accepting HTTP connections at %s, port %d, FD %d.\n", |
edce4d98 | 2011 | inet_ntoa(s->s.sin_addr), (int) ntohs(s->s.sin_port), fd); |
8daca701 | 2012 | HttpSockets[NHttpSockets++] = fd; |
15df8349 | 2013 | } |
d193a436 | 2014 | } |
2015 | ||
2016 | #if USE_SSL | |
2017 | static void | |
2018 | clientHttpsConnectionsOpen(void) | |
2019 | { | |
2020 | https_port_list *s; | |
2021 | https_port_data *https_port; | |
2022 | int fd; | |
1f7c9178 | 2023 | for (s = Config.Sockaddr.https; s; s = s->next) { |
17848833 | 2024 | if (MAXHTTPPORTS == NHttpSockets) { |
2025 | debug(1, 1) ("WARNING: You have too many 'https_port' lines.\n"); | |
2026 | debug(1, 1) (" The limit is %d\n", MAXHTTPPORTS); | |
2027 | continue; | |
2028 | } | |
1f7c9178 | 2029 | enter_suid(); |
2030 | fd = comm_open(SOCK_STREAM, | |
2031 | 0, | |
2032 | s->s.sin_addr, | |
edce4d98 | 2033 | ntohs(s->s.sin_port), COMM_NONBLOCKING, "HTTPS Socket"); |
1f7c9178 | 2034 | leave_suid(); |
2035 | if (fd < 0) | |
2036 | continue; | |
d193a436 | 2037 | CBDATA_INIT_TYPE(https_port_data); |
2038 | https_port = cbdataAlloc(https_port_data); | |
edce4d98 | 2039 | https_port->sslContext = |
2040 | sslCreateContext(s->cert, s->key, s->version, s->cipher, | |
2041 | s->options); | |
1f7c9178 | 2042 | comm_listen(fd); |
c4b7a5a9 | 2043 | comm_accept(fd, httpsAccept, NULL); |
d193a436 | 2044 | commSetDefer(fd, httpAcceptDefer, NULL); |
1f7c9178 | 2045 | debug(1, 1) ("Accepting HTTPS connections at %s, port %d, FD %d.\n", |
edce4d98 | 2046 | inet_ntoa(s->s.sin_addr), (int) ntohs(s->s.sin_port), fd); |
1f7c9178 | 2047 | HttpSockets[NHttpSockets++] = fd; |
2048 | } | |
d193a436 | 2049 | } |
2050 | ||
2051 | #endif | |
2052 | ||
2053 | void | |
2054 | clientOpenListenSockets(void) | |
2055 | { | |
2056 | clientHttpConnectionsOpen(); | |
2057 | #if USE_SSL | |
2058 | clientHttpsConnectionsOpen(); | |
1f7c9178 | 2059 | #endif |
15df8349 | 2060 | if (NHttpSockets < 1) |
8daca701 | 2061 | fatal("Cannot open HTTP Port"); |
15df8349 | 2062 | } |
edce4d98 | 2063 | |
c0fbae16 | 2064 | void |
2065 | clientHttpConnectionsClose(void) | |
2066 | { | |
2067 | int i; | |
2068 | for (i = 0; i < NHttpSockets; i++) { | |
2069 | if (HttpSockets[i] >= 0) { | |
2070 | debug(1, 1) ("FD %d Closing HTTP connection\n", HttpSockets[i]); | |
2071 | comm_close(HttpSockets[i]); | |
2072 | HttpSockets[i] = -1; | |
2073 | } | |
2074 | } | |
2075 | NHttpSockets = 0; | |
2076 | } | |
f66a9ef4 | 2077 | |
2078 | int | |
2079 | varyEvaluateMatch(StoreEntry * entry, request_t * request) | |
2080 | { | |
2081 | const char *vary = request->vary_headers; | |
2082 | int has_vary = httpHeaderHas(&entry->mem_obj->reply->header, HDR_VARY); | |
2083 | #if X_ACCELERATOR_VARY | |
edce4d98 | 2084 | has_vary |= |
2085 | httpHeaderHas(&entry->mem_obj->reply->header, HDR_X_ACCELERATOR_VARY); | |
f66a9ef4 | 2086 | #endif |
2087 | if (!has_vary || !entry->mem_obj->vary_headers) { | |
2088 | if (vary) { | |
2089 | /* Oops... something odd is going on here.. */ | |
edce4d98 | 2090 | debug(33, |
2091 | 1) | |
2092 | ("varyEvaluateMatch: Oops. Not a Vary object on second attempt, '%s' '%s'\n", | |
f66a9ef4 | 2093 | entry->mem_obj->url, vary); |
2094 | safe_free(request->vary_headers); | |
2095 | return VARY_CANCEL; | |
2096 | } | |
2097 | if (!has_vary) { | |
2098 | /* This is not a varying object */ | |
2099 | return VARY_NONE; | |
2100 | } | |
2101 | /* virtual "vary" object found. Calculate the vary key and | |
2102 | * continue the search | |
2103 | */ | |
a16efaa4 | 2104 | vary = httpMakeVaryMark(request, entry->mem_obj->reply); |
2105 | if (vary) { | |
2106 | request->vary_headers = xstrdup(vary); | |
f66a9ef4 | 2107 | return VARY_OTHER; |
a16efaa4 | 2108 | } else { |
f66a9ef4 | 2109 | /* Ouch.. we cannot handle this kind of variance */ |
2110 | /* XXX This cannot really happen, but just to be complete */ | |
2111 | return VARY_CANCEL; | |
2112 | } | |
2113 | } else { | |
a16efaa4 | 2114 | if (!vary) { |
2115 | vary = httpMakeVaryMark(request, entry->mem_obj->reply); | |
2116 | if (vary) | |
2117 | request->vary_headers = xstrdup(vary); | |
2118 | } | |
f66a9ef4 | 2119 | if (!vary) { |
2120 | /* Ouch.. we cannot handle this kind of variance */ | |
2121 | /* XXX This cannot really happen, but just to be complete */ | |
2122 | return VARY_CANCEL; | |
2123 | } else if (strcmp(vary, entry->mem_obj->vary_headers) == 0) { | |
2124 | return VARY_MATCH; | |
2125 | } else { | |
2126 | /* Oops.. we have already been here and still haven't | |
2127 | * found the requested variant. Bail out | |
2128 | */ | |
2129 | debug(33, 1) ("varyEvaluateMatch: Oops. Not a Vary match on second attempt, '%s' '%s'\n", | |
2130 | entry->mem_obj->url, vary); | |
2131 | return VARY_CANCEL; | |
2132 | } | |
2133 | } | |
2134 | } | |
28d4805a | 2135 | |
2136 | aclCheck_t * | |
2137 | clientAclChecklistCreate(const acl_access * acl, const clientHttpRequest * http) | |
2138 | { | |
2139 | aclCheck_t *ch; | |
2140 | ConnStateData *conn = http->conn; | |
2141 | ch = aclChecklistCreate(acl, http->request, conn ? conn->rfc931 : dash_str); | |
2142 | ||
2143 | /* | |
2144 | * hack for ident ACL. It needs to get full addresses, and a place to store | |
2145 | * the ident result on persistent connections... | |
2146 | */ | |
2147 | /* connection oriented auth also needs these two lines for it's operation. */ | |
2148 | /* | |
2149 | * Internal requests do not have a connection reference, because: A) their | |
2150 | * byte count may be transformed before being applied to an outbound | |
2151 | * connection B) they are internal - any limiting on them should be done on | |
2152 | * the server end. | |
2153 | */ | |
2154 | if (conn) | |
2155 | ch->conn = cbdataReference(conn); /* unreferenced in acl.c */ | |
2156 | ||
2157 | return ch; | |
2158 | } |