]> git.ipfire.org Git - thirdparty/squid.git/blob - src/http.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix compile errors detected by clang++
[thirdparty/squid.git] / src / http.cc
1
2 /*
3 * $Id$
4 *
5 * DEBUG: section 11 Hypertext Transfer Protocol (HTTP)
6 * AUTHOR: Harvest Derived
7 *
8 * SQUID Web Proxy Cache http://www.squid-cache.org/
9 * ----------------------------------------------------------
10 *
11 * Squid is the result of efforts by numerous individuals from
12 * the Internet community; see the CONTRIBUTORS file for full
13 * details. Many organizations have provided support for Squid's
14 * development; see the SPONSORS file for full details. Squid is
15 * Copyrighted (C) 2001 by the Regents of the University of
16 * California; see the COPYRIGHT file for full details. Squid
17 * incorporates software developed and/or copyrighted by other
18 * sources; see the CREDITS file for full details.
19 *
20 * This program is free software; you can redistribute it and/or modify
21 * it under the terms of the GNU General Public License as published by
22 * the Free Software Foundation; either version 2 of the License, or
23 * (at your option) any later version.
24 *
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
29 *
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 *
34 */
35
36 /*
37 * Anonymizing patch by lutz@as-node.jena.thur.de
38 * have a look into http-anon.c to get more informations.
39 */
40
41 #include "squid.h"
42
43 #include "acl/FilledChecklist.h"
44 #if USE_AUTH
45 #include "auth/UserRequest.h"
46 #endif
47 #include "base/AsyncJobCalls.h"
48 #include "base/TextException.h"
49 #include "base64.h"
50 #include "comm/Connection.h"
51 #include "comm/Write.h"
52 #if USE_DELAY_POOLS
53 #include "DelayPools.h"
54 #endif
55 #include "err_detail_type.h"
56 #include "errorpage.h"
57 #include "http.h"
58 #include "HttpControlMsg.h"
59 #include "HttpHdrContRange.h"
60 #include "HttpHdrSc.h"
61 #include "HttpHdrScTarget.h"
62 #include "HttpReply.h"
63 #include "HttpRequest.h"
64 #include "MemBuf.h"
65 #include "MemObject.h"
66 #include "protos.h"
67 #include "rfc1738.h"
68 #include "SquidTime.h"
69 #include "Store.h"
70
71
72 #define SQUID_ENTER_THROWING_CODE() try {
73 #define SQUID_EXIT_THROWING_CODE(status) \
74 status = true; \
75 } \
76 catch (const std::exception &e) { \
77 debugs (11, 1, "Exception error:" << e.what()); \
78 status = false; \
79 }
80
81 CBDATA_CLASS_INIT(HttpStateData);
82
83 static const char *const crlf = "\r\n";
84
85 static void httpMaybeRemovePublic(StoreEntry *, http_status);
86 static void copyOneHeaderFromClientsideRequestToUpstreamRequest(const HttpHeaderEntry *e, const String strConnection, const HttpRequest * request,
87 HttpHeader * hdr_out, const int we_do_ranges, const http_state_flags);
88
89 HttpStateData::HttpStateData(FwdState *theFwdState) : AsyncJob("HttpStateData"), ServerStateData(theFwdState),
90 lastChunk(0), header_bytes_read(0), reply_bytes_read(0),
91 body_bytes_truncated(0), httpChunkDecoder(NULL)
92 {
93 debugs(11,5,HERE << "HttpStateData " << this << " created");
94 ignoreCacheControl = false;
95 surrogateNoStore = false;
96 serverConnection = fwd->serverConnection();
97 readBuf = new MemBuf;
98 readBuf->init(16*1024, 256*1024);
99
100 // reset peer response time stats for %<pt
101 request->hier.peer_http_request_sent.tv_sec = 0;
102 request->hier.peer_http_request_sent.tv_usec = 0;
103
104 if (fwd->serverConnection() != NULL)
105 _peer = cbdataReference(fwd->serverConnection()->getPeer()); /* might be NULL */
106
107 if (_peer) {
108 request->flags.proxying = 1;
109 /*
110 * This NEIGHBOR_PROXY_ONLY check probably shouldn't be here.
111 * We might end up getting the object from somewhere else if,
112 * for example, the request to this neighbor fails.
113 */
114 if (_peer->options.proxy_only)
115 entry->releaseRequest();
116
117 #if USE_DELAY_POOLS
118 entry->setNoDelay(_peer->options.no_delay);
119 #endif
120 }
121
122 /*
123 * register the handler to free HTTP state data when the FD closes
124 */
125 typedef CommCbMemFunT<HttpStateData, CommCloseCbParams> Dialer;
126 closeHandler = JobCallback(9, 5, Dialer, this, HttpStateData::httpStateConnClosed);
127 comm_add_close_handler(serverConnection->fd, closeHandler);
128 }
129
130 HttpStateData::~HttpStateData()
131 {
132 /*
133 * don't forget that ~ServerStateData() gets called automatically
134 */
135
136 if (!readBuf->isNull())
137 readBuf->clean();
138
139 delete readBuf;
140
141 if (httpChunkDecoder)
142 delete httpChunkDecoder;
143
144 cbdataReferenceDone(_peer);
145
146 debugs(11,5, HERE << "HttpStateData " << this << " destroyed; " << serverConnection);
147 }
148
149 const Comm::ConnectionPointer &
150 HttpStateData::dataConnection() const
151 {
152 return serverConnection;
153 }
154
155 /*
156 static void
157 httpStateFree(int fd, void *data)
158 {
159 HttpStateData *httpState = static_cast<HttpStateData *>(data);
160 debugs(11, 5, "httpStateFree: FD " << fd << ", httpState=" << data);
161 delete httpState;
162 }*/
163
164 void
165 HttpStateData::httpStateConnClosed(const CommCloseCbParams &params)
166 {
167 debugs(11, 5, "httpStateFree: FD " << params.fd << ", httpState=" << params.data);
168 deleteThis("HttpStateData::httpStateConnClosed");
169 }
170
171 int
172 httpCachable(const HttpRequestMethod& method)
173 {
174 /* GET and HEAD are cachable. Others are not. */
175
176 // TODO: replase to HttpRequestMethod::isCachable() ?
177 if (method != METHOD_GET && method != METHOD_HEAD)
178 return 0;
179
180 /* else cachable */
181 return 1;
182 }
183
184 void
185 HttpStateData::httpTimeout(const CommTimeoutCbParams &params)
186 {
187 debugs(11, 4, HERE << serverConnection << ": '" << entry->url() << "'" );
188
189 if (entry->store_status == STORE_PENDING) {
190 fwd->fail(errorCon(ERR_READ_TIMEOUT, HTTP_GATEWAY_TIMEOUT, fwd->request));
191 }
192
193 serverConnection->close();
194 }
195
196 static void
197 httpMaybeRemovePublic(StoreEntry * e, http_status status)
198 {
199 int remove = 0;
200 int forbidden = 0;
201 StoreEntry *pe;
202
203 if (!EBIT_TEST(e->flags, KEY_PRIVATE))
204 return;
205
206 switch (status) {
207
208 case HTTP_OK:
209
210 case HTTP_NON_AUTHORITATIVE_INFORMATION:
211
212 case HTTP_MULTIPLE_CHOICES:
213
214 case HTTP_MOVED_PERMANENTLY:
215
216 case HTTP_MOVED_TEMPORARILY:
217
218 case HTTP_GONE:
219
220 case HTTP_NOT_FOUND:
221 remove = 1;
222
223 break;
224
225 case HTTP_FORBIDDEN:
226
227 case HTTP_METHOD_NOT_ALLOWED:
228 forbidden = 1;
229
230 break;
231
232 #if WORK_IN_PROGRESS
233
234 case HTTP_UNAUTHORIZED:
235 forbidden = 1;
236
237 break;
238
239 #endif
240
241 default:
242 #if QUESTIONABLE
243 /*
244 * Any 2xx response should eject previously cached entities...
245 */
246
247 if (status >= 200 && status < 300)
248 remove = 1;
249
250 #endif
251
252 break;
253 }
254
255 if (!remove && !forbidden)
256 return;
257
258 assert(e->mem_obj);
259
260 if (e->mem_obj->request)
261 pe = storeGetPublicByRequest(e->mem_obj->request);
262 else
263 pe = storeGetPublic(e->mem_obj->url, e->mem_obj->method);
264
265 if (pe != NULL) {
266 assert(e != pe);
267 #if USE_HTCP
268 neighborsHtcpClear(e, NULL, e->mem_obj->request, e->mem_obj->method, HTCP_CLR_INVALIDATION);
269 #endif
270 pe->release();
271 }
272
273 /** \par
274 * Also remove any cached HEAD response in case the object has
275 * changed.
276 */
277 if (e->mem_obj->request)
278 pe = storeGetPublicByRequestMethod(e->mem_obj->request, METHOD_HEAD);
279 else
280 pe = storeGetPublic(e->mem_obj->url, METHOD_HEAD);
281
282 if (pe != NULL) {
283 assert(e != pe);
284 #if USE_HTCP
285 neighborsHtcpClear(e, NULL, e->mem_obj->request, HttpRequestMethod(METHOD_HEAD), HTCP_CLR_INVALIDATION);
286 #endif
287 pe->release();
288 }
289 }
290
291 void
292 HttpStateData::processSurrogateControl(HttpReply *reply)
293 {
294 if (request->flags.accelerated && reply->surrogate_control) {
295 HttpHdrScTarget *sctusable = httpHdrScGetMergedTarget(reply->surrogate_control, Config.Accel.surrogate_id);
296
297 if (sctusable) {
298 if (EBIT_TEST(sctusable->mask, SC_NO_STORE) ||
299 (Config.onoff.surrogate_is_remote
300 && EBIT_TEST(sctusable->mask, SC_NO_STORE_REMOTE))) {
301 surrogateNoStore = true;
302 entry->makePrivate();
303 }
304
305 /* The HttpHeader logic cannot tell if the header it's parsing is a reply to an
306 * accelerated request or not...
307 * Still, this is an abstraction breach. - RC
308 */
309 if (sctusable->max_age != -1) {
310 if (sctusable->max_age < sctusable->max_stale)
311 reply->expires = reply->date + sctusable->max_age;
312 else
313 reply->expires = reply->date + sctusable->max_stale;
314
315 /* And update the timestamps */
316 entry->timestampsSet();
317 }
318
319 /* We ignore cache-control directives as per the Surrogate specification */
320 ignoreCacheControl = true;
321
322 httpHdrScTargetDestroy(sctusable);
323 }
324 }
325 }
326
327 int
328 HttpStateData::cacheableReply()
329 {
330 HttpReply const *rep = finalReply();
331 HttpHeader const *hdr = &rep->header;
332 const int cc_mask = (rep->cache_control) ? rep->cache_control->mask : 0;
333 const char *v;
334 #if USE_HTTP_VIOLATIONS
335
336 const refresh_t *R = NULL;
337
338 /* This strange looking define first looks up the refresh pattern
339 * and then checks if the specified flag is set. The main purpose
340 * of this is to simplify the refresh pattern lookup and USE_HTTP_VIOLATIONS
341 * condition
342 */
343 #define REFRESH_OVERRIDE(flag) \
344 ((R = (R ? R : refreshLimits(entry->mem_obj->url))) , \
345 (R && R->flags.flag))
346 #else
347 #define REFRESH_OVERRIDE(flag) 0
348 #endif
349
350 if (surrogateNoStore)
351 return 0;
352
353 // RFC 2616: do not cache replies to responses with no-store CC directive
354 if (request && request->cache_control &&
355 EBIT_TEST(request->cache_control->mask, CC_NO_STORE) &&
356 !REFRESH_OVERRIDE(ignore_no_store))
357 return 0;
358
359 if (!ignoreCacheControl) {
360 if (EBIT_TEST(cc_mask, CC_PRIVATE)) {
361 if (!REFRESH_OVERRIDE(ignore_private))
362 return 0;
363 }
364
365 if (EBIT_TEST(cc_mask, CC_NO_CACHE)) {
366 if (!REFRESH_OVERRIDE(ignore_no_cache))
367 return 0;
368 }
369
370 if (EBIT_TEST(cc_mask, CC_NO_STORE)) {
371 if (!REFRESH_OVERRIDE(ignore_no_store))
372 return 0;
373 }
374 }
375
376 if (request->flags.auth || request->flags.auth_sent) {
377 /*
378 * Responses to requests with authorization may be cached
379 * only if a Cache-Control: public reply header is present.
380 * RFC 2068, sec 14.9.4
381 */
382
383 if (!EBIT_TEST(cc_mask, CC_PUBLIC)) {
384 if (!REFRESH_OVERRIDE(ignore_auth))
385 return 0;
386 }
387 }
388
389 /* Pragma: no-cache in _replies_ is not documented in HTTP,
390 * but servers like "Active Imaging Webcast/2.0" sure do use it */
391 if (hdr->has(HDR_PRAGMA)) {
392 String s = hdr->getList(HDR_PRAGMA);
393 const int no_cache = strListIsMember(&s, "no-cache", ',');
394 s.clean();
395
396 if (no_cache) {
397 if (!REFRESH_OVERRIDE(ignore_no_cache))
398 return 0;
399 }
400 }
401
402 /*
403 * The "multipart/x-mixed-replace" content type is used for
404 * continuous push replies. These are generally dynamic and
405 * probably should not be cachable
406 */
407 if ((v = hdr->getStr(HDR_CONTENT_TYPE)))
408 if (!strncasecmp(v, "multipart/x-mixed-replace", 25))
409 return 0;
410
411 switch (rep->sline.status) {
412 /* Responses that are cacheable */
413
414 case HTTP_OK:
415
416 case HTTP_NON_AUTHORITATIVE_INFORMATION:
417
418 case HTTP_MULTIPLE_CHOICES:
419
420 case HTTP_MOVED_PERMANENTLY:
421
422 case HTTP_GONE:
423 /*
424 * Don't cache objects that need to be refreshed on next request,
425 * unless we know how to refresh it.
426 */
427
428 if (!refreshIsCachable(entry) && !REFRESH_OVERRIDE(store_stale)) {
429 debugs(22, 3, "refreshIsCachable() returned non-cacheable..");
430 return 0;
431 } else
432 return 1;
433
434 /* NOTREACHED */
435 break;
436
437 /* Responses that only are cacheable if the server says so */
438
439 case HTTP_MOVED_TEMPORARILY:
440 case HTTP_TEMPORARY_REDIRECT:
441 if (rep->expires > rep->date && rep->date > 0)
442 return 1;
443 else
444 return 0;
445
446 /* NOTREACHED */
447 break;
448
449 /* Errors can be negatively cached */
450
451 case HTTP_NO_CONTENT:
452
453 case HTTP_USE_PROXY:
454
455 case HTTP_BAD_REQUEST:
456
457 case HTTP_FORBIDDEN:
458
459 case HTTP_NOT_FOUND:
460
461 case HTTP_METHOD_NOT_ALLOWED:
462
463 case HTTP_REQUEST_URI_TOO_LARGE:
464
465 case HTTP_INTERNAL_SERVER_ERROR:
466
467 case HTTP_NOT_IMPLEMENTED:
468
469 case HTTP_BAD_GATEWAY:
470
471 case HTTP_SERVICE_UNAVAILABLE:
472
473 case HTTP_GATEWAY_TIMEOUT:
474 return -1;
475
476 /* NOTREACHED */
477 break;
478
479 /* Some responses can never be cached */
480
481 case HTTP_PARTIAL_CONTENT: /* Not yet supported */
482
483 case HTTP_SEE_OTHER:
484
485 case HTTP_NOT_MODIFIED:
486
487 case HTTP_UNAUTHORIZED:
488
489 case HTTP_PROXY_AUTHENTICATION_REQUIRED:
490
491 case HTTP_INVALID_HEADER: /* Squid header parsing error */
492
493 case HTTP_HEADER_TOO_LARGE:
494
495 case HTTP_PAYMENT_REQUIRED:
496 case HTTP_NOT_ACCEPTABLE:
497 case HTTP_REQUEST_TIMEOUT:
498 case HTTP_CONFLICT:
499 case HTTP_LENGTH_REQUIRED:
500 case HTTP_PRECONDITION_FAILED:
501 case HTTP_REQUEST_ENTITY_TOO_LARGE:
502 case HTTP_UNSUPPORTED_MEDIA_TYPE:
503 case HTTP_UNPROCESSABLE_ENTITY:
504 case HTTP_LOCKED:
505 case HTTP_FAILED_DEPENDENCY:
506 case HTTP_INSUFFICIENT_STORAGE:
507 case HTTP_REQUESTED_RANGE_NOT_SATISFIABLE:
508 case HTTP_EXPECTATION_FAILED:
509
510 return 0;
511
512 default:
513 /* RFC 2616 section 6.1.1: an unrecognized response MUST NOT be cached. */
514 debugs (11, 3, HERE << "Unknown HTTP status code " << rep->sline.status << ". Not cacheable.");
515
516 return 0;
517
518 /* NOTREACHED */
519 break;
520 }
521
522 /* NOTREACHED */
523 }
524
525 /*
526 * For Vary, store the relevant request headers as
527 * virtual headers in the reply
528 * Returns false if the variance cannot be stored
529 */
530 const char *
531 httpMakeVaryMark(HttpRequest * request, HttpReply const * reply)
532 {
533 String vary, hdr;
534 const char *pos = NULL;
535 const char *item;
536 const char *value;
537 int ilen;
538 static String vstr;
539
540 vstr.clean();
541 vary = reply->header.getList(HDR_VARY);
542
543 while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
544 char *name = (char *)xmalloc(ilen + 1);
545 xstrncpy(name, item, ilen + 1);
546 Tolower(name);
547
548 if (strcmp(name, "*") == 0) {
549 /* Can not handle "Vary: *" withtout ETag support */
550 safe_free(name);
551 vstr.clean();
552 break;
553 }
554
555 strListAdd(&vstr, name, ',');
556 hdr = request->header.getByName(name);
557 safe_free(name);
558 value = hdr.termedBuf();
559
560 if (value) {
561 value = rfc1738_escape_part(value);
562 vstr.append("=\"", 2);
563 vstr.append(value);
564 vstr.append("\"", 1);
565 }
566
567 hdr.clean();
568 }
569
570 vary.clean();
571 #if X_ACCELERATOR_VARY
572
573 pos = NULL;
574 vary = reply->header.getList(HDR_X_ACCELERATOR_VARY);
575
576 while (strListGetItem(&vary, ',', &item, &ilen, &pos)) {
577 char *name = (char *)xmalloc(ilen + 1);
578 xstrncpy(name, item, ilen + 1);
579 Tolower(name);
580 strListAdd(&vstr, name, ',');
581 hdr = request->header.getByName(name);
582 safe_free(name);
583 value = hdr.termedBuf();
584
585 if (value) {
586 value = rfc1738_escape_part(value);
587 vstr.append("=\"", 2);
588 vstr.append(value);
589 vstr.append("\"", 1);
590 }
591
592 hdr.clean();
593 }
594
595 vary.clean();
596 #endif
597
598 debugs(11, 3, "httpMakeVaryMark: " << vstr);
599 return vstr.termedBuf();
600 }
601
602 void
603 HttpStateData::keepaliveAccounting(HttpReply *reply)
604 {
605 if (flags.keepalive)
606 if (_peer)
607 _peer->stats.n_keepalives_sent++;
608
609 if (reply->keep_alive) {
610 if (_peer)
611 _peer->stats.n_keepalives_recv++;
612
613 if (Config.onoff.detect_broken_server_pconns
614 && reply->bodySize(request->method) == -1 && !flags.chunked) {
615 debugs(11, 1, "keepaliveAccounting: Impossible keep-alive header from '" << entry->url() << "'" );
616 // debugs(11, 2, "GOT HTTP REPLY HDR:\n---------\n" << readBuf->content() << "\n----------" );
617 flags.keepalive_broken = 1;
618 }
619 }
620 }
621
622 void
623 HttpStateData::checkDateSkew(HttpReply *reply)
624 {
625 if (reply->date > -1 && !_peer) {
626 int skew = abs((int)(reply->date - squid_curtime));
627
628 if (skew > 86400)
629 debugs(11, 3, "" << request->GetHost() << "'s clock is skewed by " << skew << " seconds!");
630 }
631 }
632
633 /**
634 * This creates the error page itself.. its likely
635 * that the forward ported reply header max size patch
636 * generates non http conformant error pages - in which
637 * case the errors where should be 'BAD_GATEWAY' etc
638 */
639 void
640 HttpStateData::processReplyHeader()
641 {
642 /** Creates a blank header. If this routine is made incremental, this will not do */
643
644 /* NP: all exit points to this function MUST call ctx_exit(ctx) */
645 Ctx ctx = ctx_enter(entry->mem_obj->url);
646
647 debugs(11, 3, "processReplyHeader: key '" << entry->getMD5Text() << "'");
648
649 assert(!flags.headers_parsed);
650
651 if (!readBuf->hasContent()) {
652 ctx_exit(ctx);
653 return;
654 }
655
656 http_status error = HTTP_STATUS_NONE;
657
658 HttpReply *newrep = new HttpReply;
659 const bool parsed = newrep->parse(readBuf, eof, &error);
660
661 if (!parsed && readBuf->contentSize() > 5 && strncmp(readBuf->content(), "HTTP/", 5) != 0 && strncmp(readBuf->content(), "ICY", 3) != 0) {
662 MemBuf *mb;
663 HttpReply *tmprep = new HttpReply;
664 tmprep->setHeaders(HTTP_OK, "Gatewaying", NULL, -1, -1, -1);
665 tmprep->header.putExt("X-Transformed-From", "HTTP/0.9");
666 mb = tmprep->pack();
667 newrep->parse(mb, eof, &error);
668 delete mb;
669 delete tmprep;
670 } else {
671 if (!parsed && error > 0) { // unrecoverable parsing error
672 debugs(11, 3, "processReplyHeader: Non-HTTP-compliant header: '" << readBuf->content() << "'");
673 flags.headers_parsed = 1;
674 newrep->sline.version = HttpVersion(1,1);
675 newrep->sline.status = error;
676 HttpReply *vrep = setVirginReply(newrep);
677 entry->replaceHttpReply(vrep);
678 ctx_exit(ctx);
679 return;
680 }
681
682 if (!parsed) { // need more data
683 assert(!error);
684 assert(!eof);
685 delete newrep;
686 ctx_exit(ctx);
687 return;
688 }
689
690 debugs(11, 2, "HTTP Server " << serverConnection);
691 debugs(11, 2, "HTTP Server REPLY:\n---------\n" << readBuf->content() << "\n----------");
692
693 header_bytes_read = headersEnd(readBuf->content(), readBuf->contentSize());
694 readBuf->consume(header_bytes_read);
695 }
696
697 newrep->removeStaleWarnings();
698
699 if (newrep->sline.protocol == AnyP::PROTO_HTTP && newrep->sline.status >= 100 && newrep->sline.status < 200) {
700 handle1xx(newrep);
701 ctx_exit(ctx);
702 return;
703 }
704
705 flags.chunked = 0;
706 if (newrep->sline.protocol == AnyP::PROTO_HTTP && newrep->header.chunked()) {
707 flags.chunked = 1;
708 httpChunkDecoder = new ChunkedCodingParser;
709 }
710
711 if (!peerSupportsConnectionPinning())
712 request->flags.connection_auth_disabled = 1;
713
714 HttpReply *vrep = setVirginReply(newrep);
715 flags.headers_parsed = 1;
716
717 keepaliveAccounting(vrep);
718
719 checkDateSkew(vrep);
720
721 processSurrogateControl (vrep);
722
723 /** \todo IF the reply is a 1.0 reply, AND it has a Connection: Header
724 * Parse the header and remove all referenced headers
725 */
726
727 request->hier.peer_reply_status = newrep->sline.status;
728
729 ctx_exit(ctx);
730 }
731
732 /// ignore or start forwarding the 1xx response (a.k.a., control message)
733 void
734 HttpStateData::handle1xx(HttpReply *reply)
735 {
736 HttpMsgPointerT<HttpReply> msg(reply); // will destroy reply if unused
737
738 // one 1xx at a time: we must not be called while waiting for previous 1xx
739 Must(!flags.handling1xx);
740 flags.handling1xx = true;
741
742 if (!request->canHandle1xx()) {
743 debugs(11, 2, HERE << "ignoring client-unsupported 1xx");
744 proceedAfter1xx();
745 return;
746 }
747
748 #if USE_HTTP_VIOLATIONS
749 // check whether the 1xx response forwarding is allowed by squid.conf
750 if (Config.accessList.reply) {
751 ACLFilledChecklist ch(Config.accessList.reply, originalRequest(), NULL);
752 ch.reply = HTTPMSGLOCK(reply);
753 if (!ch.fastCheck()) { // TODO: support slow lookups?
754 debugs(11, 3, HERE << "ignoring denied 1xx");
755 proceedAfter1xx();
756 return;
757 }
758 }
759 #endif // USE_HTTP_VIOLATIONS
760
761 debugs(11, 2, HERE << "forwarding 1xx to client");
762
763 // the Sink will use this to call us back after writing 1xx to the client
764 typedef NullaryMemFunT<HttpStateData> CbDialer;
765 const AsyncCall::Pointer cb = JobCallback(11, 3, CbDialer, this,
766 HttpStateData::proceedAfter1xx);
767 CallJobHere1(11, 4, request->clientConnectionManager, ConnStateData,
768 ConnStateData::sendControlMsg, HttpControlMsg(msg, cb));
769 // If the call is not fired, then the Sink is gone, and HttpStateData
770 // will terminate due to an aborted store entry or another similar error.
771 // If we get stuck, it is not handle1xx fault if we could get stuck
772 // for similar reasons without a 1xx response.
773 }
774
775 /// restores state and resumes processing after 1xx is ignored or forwarded
776 void
777 HttpStateData::proceedAfter1xx()
778 {
779 Must(flags.handling1xx);
780
781 debugs(11, 2, HERE << "consuming " << header_bytes_read <<
782 " header and " << reply_bytes_read << " body bytes read after 1xx");
783 header_bytes_read = 0;
784 reply_bytes_read = 0;
785
786 CallJobHere(11, 3, this, HttpStateData, HttpStateData::processReply);
787 }
788
789
790 /**
791 * returns true if the peer can support connection pinning
792 */
793 bool HttpStateData::peerSupportsConnectionPinning() const
794 {
795 const HttpReply *rep = entry->mem_obj->getReply();
796 const HttpHeader *hdr = &rep->header;
797 bool rc;
798 String header;
799
800 if (!_peer)
801 return true;
802
803 /*If this peer does not support connection pinning (authenticated
804 connections) return false
805 */
806 if (!_peer->connection_auth)
807 return false;
808
809 /*The peer supports connection pinning and the http reply status
810 is not unauthorized, so the related connection can be pinned
811 */
812 if (rep->sline.status != HTTP_UNAUTHORIZED)
813 return true;
814
815 /*The server respond with HTTP_UNAUTHORIZED and the peer configured
816 with "connection-auth=on" we know that the peer supports pinned
817 connections
818 */
819 if (_peer->connection_auth == 1)
820 return true;
821
822 /*At this point peer has configured with "connection-auth=auto"
823 parameter so we need some extra checks to decide if we are going
824 to allow pinned connections or not
825 */
826
827 /*if the peer configured with originserver just allow connection
828 pinning (squid 2.6 behaviour)
829 */
830 if (_peer->options.originserver)
831 return true;
832
833 /*if the connections it is already pinned it is OK*/
834 if (request->flags.pinned)
835 return true;
836
837 /*Allow pinned connections only if the Proxy-support header exists in
838 reply and has in its list the "Session-Based-Authentication"
839 which means that the peer supports connection pinning.
840 */
841 if (!hdr->has(HDR_PROXY_SUPPORT))
842 return false;
843
844 header = hdr->getStrOrList(HDR_PROXY_SUPPORT);
845 /* XXX This ought to be done in a case-insensitive manner */
846 rc = (strstr(header.termedBuf(), "Session-Based-Authentication") != NULL);
847
848 return rc;
849 }
850
851 // Called when we parsed (and possibly adapted) the headers but
852 // had not starting storing (a.k.a., sending) the body yet.
853 void
854 HttpStateData::haveParsedReplyHeaders()
855 {
856 ServerStateData::haveParsedReplyHeaders();
857
858 Ctx ctx = ctx_enter(entry->mem_obj->url);
859 HttpReply *rep = finalReply();
860
861 if (rep->sline.status == HTTP_PARTIAL_CONTENT &&
862 rep->content_range)
863 currentOffset = rep->content_range->spec.offset;
864
865 entry->timestampsSet();
866
867 /* Check if object is cacheable or not based on reply code */
868 debugs(11, 3, "haveParsedReplyHeaders: HTTP CODE: " << rep->sline.status);
869
870 if (neighbors_do_private_keys)
871 httpMaybeRemovePublic(entry, rep->sline.status);
872
873 if (rep->header.has(HDR_VARY)
874 #if X_ACCELERATOR_VARY
875 || rep->header.has(HDR_X_ACCELERATOR_VARY)
876 #endif
877 ) {
878 const char *vary = httpMakeVaryMark(request, rep);
879
880 if (!vary) {
881 entry->makePrivate();
882 if (!fwd->reforwardableStatus(rep->sline.status))
883 EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
884 goto no_cache;
885 }
886
887 entry->mem_obj->vary_headers = xstrdup(vary);
888 }
889
890 /*
891 * If its not a reply that we will re-forward, then
892 * allow the client to get it.
893 */
894 if (!fwd->reforwardableStatus(rep->sline.status))
895 EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
896
897 switch (cacheableReply()) {
898
899 case 1:
900 entry->makePublic();
901 break;
902
903 case 0:
904 entry->makePrivate();
905 break;
906
907 case -1:
908
909 #if USE_HTTP_VIOLATIONS
910 if (Config.negativeTtl > 0)
911 entry->cacheNegatively();
912 else
913 #endif
914 entry->makePrivate();
915
916 break;
917
918 default:
919 assert(0);
920
921 break;
922 }
923
924 no_cache:
925
926 if (!ignoreCacheControl && rep->cache_control) {
927 if (EBIT_TEST(rep->cache_control->mask, CC_PROXY_REVALIDATE) ||
928 EBIT_TEST(rep->cache_control->mask, CC_MUST_REVALIDATE) ||
929 EBIT_TEST(rep->cache_control->mask, CC_S_MAXAGE))
930 EBIT_SET(entry->flags, ENTRY_REVALIDATE);
931 }
932
933 #if HEADERS_LOG
934 headersLog(1, 0, request->method, rep);
935
936 #endif
937
938 ctx_exit(ctx);
939 }
940
941 HttpStateData::ConnectionStatus
942 HttpStateData::statusIfComplete() const
943 {
944 const HttpReply *rep = virginReply();
945 /** \par
946 * If the reply wants to close the connection, it takes precedence */
947
948 if (httpHeaderHasConnDir(&rep->header, "close"))
949 return COMPLETE_NONPERSISTENT_MSG;
950
951 /** \par
952 * If we didn't send a keep-alive request header, then this
953 * can not be a persistent connection.
954 */
955 if (!flags.keepalive)
956 return COMPLETE_NONPERSISTENT_MSG;
957
958 /** \par
959 * If we haven't sent the whole request then this can not be a persistent
960 * connection.
961 */
962 if (!flags.request_sent) {
963 debugs(11, 2, "statusIfComplete: Request not yet fully sent \"" << RequestMethodStr(request->method) << " " << entry->url() << "\"" );
964 return COMPLETE_NONPERSISTENT_MSG;
965 }
966
967 /** \par
968 * What does the reply have to say about keep-alive?
969 */
970 /**
971 \bug XXX BUG?
972 * If the origin server (HTTP/1.0) does not send a keep-alive
973 * header, but keeps the connection open anyway, what happens?
974 * We'll return here and http.c waits for an EOF before changing
975 * store_status to STORE_OK. Combine this with ENTRY_FWD_HDR_WAIT
976 * and an error status code, and we might have to wait until
977 * the server times out the socket.
978 */
979 if (!rep->keep_alive)
980 return COMPLETE_NONPERSISTENT_MSG;
981
982 return COMPLETE_PERSISTENT_MSG;
983 }
984
985 HttpStateData::ConnectionStatus
986 HttpStateData::persistentConnStatus() const
987 {
988 debugs(11, 3, HERE << serverConnection << " eof=" << eof);
989 if (eof) // already reached EOF
990 return COMPLETE_NONPERSISTENT_MSG;
991
992 /* If server fd is closing (but we have not been notified yet), stop Comm
993 I/O to avoid assertions. TODO: Change Comm API to handle callers that
994 want more I/O after async closing (usually initiated by others). */
995 // XXX: add canReceive or s/canSend/canTalkToServer/
996 if (!Comm::IsConnOpen(serverConnection))
997 return COMPLETE_NONPERSISTENT_MSG;
998
999 /** \par
1000 * In chunked response we do not know the content length but we are absolutely
1001 * sure about the end of response, so we are calling the statusIfComplete to
1002 * decide if we can be persistant
1003 */
1004 if (lastChunk && flags.chunked)
1005 return statusIfComplete();
1006
1007 const HttpReply *vrep = virginReply();
1008 debugs(11, 5, "persistentConnStatus: content_length=" << vrep->content_length);
1009
1010 const int64_t clen = vrep->bodySize(request->method);
1011
1012 debugs(11, 5, "persistentConnStatus: clen=" << clen);
1013
1014 /* If the body size is unknown we must wait for EOF */
1015 if (clen < 0)
1016 return INCOMPLETE_MSG;
1017
1018 /** \par
1019 * If the body size is known, we must wait until we've gotten all of it. */
1020 if (clen > 0) {
1021 // old technique:
1022 // if (entry->mem_obj->endOffset() < vrep->content_length + vrep->hdr_sz)
1023 const int64_t body_bytes_read = reply_bytes_read - header_bytes_read;
1024 debugs(11,5, "persistentConnStatus: body_bytes_read=" <<
1025 body_bytes_read << " content_length=" << vrep->content_length);
1026
1027 if (body_bytes_read < vrep->content_length)
1028 return INCOMPLETE_MSG;
1029
1030 if (body_bytes_truncated > 0) // already read more than needed
1031 return COMPLETE_NONPERSISTENT_MSG; // disable pconns
1032 }
1033
1034 /** \par
1035 * If there is no message body or we got it all, we can be persistent */
1036 return statusIfComplete();
1037 }
1038
1039 /*
1040 * This is the callback after some data has been read from the network
1041 */
1042 /*
1043 void
1044 HttpStateData::ReadReplyWrapper(int fd, char *buf, size_t len, comm_err_t flag, int xerrno, void *data)
1045 {
1046 HttpStateData *httpState = static_cast<HttpStateData *>(data);
1047 assert (fd == httpState->serverConnection->fd);
1048 // assert(buf == readBuf->content());
1049 PROF_start(HttpStateData_readReply);
1050 httpState->readReply(len, flag, xerrno);
1051 PROF_stop(HttpStateData_readReply);
1052 }
1053 */
1054
1055 /* XXX this function is too long! */
1056 void
1057 HttpStateData::readReply(const CommIoCbParams &io)
1058 {
1059 int bin;
1060 int clen;
1061 int len = io.size;
1062
1063 flags.do_next_read = 0;
1064
1065 debugs(11, 5, HERE << io.conn << ": len " << len << ".");
1066
1067 // Bail out early on COMM_ERR_CLOSING - close handlers will tidy up for us
1068 if (io.flag == COMM_ERR_CLOSING) {
1069 debugs(11, 3, "http socket closing");
1070 return;
1071 }
1072
1073 if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
1074 // TODO: should we call abortTransaction() here?
1075 return;
1076 }
1077
1078 // handle I/O errors
1079 if (io.flag != COMM_OK || len < 0) {
1080 debugs(11, 2, HERE << io.conn << ": read failure: " << xstrerror() << ".");
1081
1082 if (ignoreErrno(io.xerrno)) {
1083 flags.do_next_read = 1;
1084 } else {
1085 ErrorState *err;
1086 err = errorCon(ERR_READ_ERROR, HTTP_BAD_GATEWAY, fwd->request);
1087 err->xerrno = io.xerrno;
1088 fwd->fail(err);
1089 flags.do_next_read = 0;
1090 serverConnection->close();
1091 }
1092
1093 return;
1094 }
1095
1096 // update I/O stats
1097 if (len > 0) {
1098 readBuf->appended(len);
1099 reply_bytes_read += len;
1100 #if USE_DELAY_POOLS
1101 DelayId delayId = entry->mem_obj->mostBytesAllowed();
1102 delayId.bytesIn(len);
1103 #endif
1104
1105 kb_incr(&statCounter.server.all.kbytes_in, len);
1106 kb_incr(&statCounter.server.http.kbytes_in, len);
1107 IOStats.Http.reads++;
1108
1109 for (clen = len - 1, bin = 0; clen; bin++)
1110 clen >>= 1;
1111
1112 IOStats.Http.read_hist[bin]++;
1113
1114 // update peer response time stats (%<pt)
1115 const timeval &sent = request->hier.peer_http_request_sent;
1116 request->hier.peer_response_time =
1117 sent.tv_sec ? tvSubMsec(sent, current_time) : -1;
1118 }
1119
1120 /** \par
1121 * Here the RFC says we should ignore whitespace between replies, but we can't as
1122 * doing so breaks HTTP/0.9 replies beginning with witespace, and in addition
1123 * the response splitting countermeasures is extremely likely to trigger on this,
1124 * not allowing connection reuse in the first place.
1125 */
1126 #if DONT_DO_THIS
1127 if (!flags.headers_parsed && len > 0 && fd_table[serverConnection->fd].uses > 1) {
1128 /* Skip whitespace between replies */
1129
1130 while (len > 0 && xisspace(*buf))
1131 memmove(buf, buf + 1, len--);
1132
1133 if (len == 0) {
1134 /* Continue to read... */
1135 /* Timeout NOT increased. This whitespace was from previous reply */
1136 flags.do_next_read = 1;
1137 maybeReadVirginBody();
1138 return;
1139 }
1140 }
1141
1142 #endif
1143
1144 if (len == 0) { // reached EOF?
1145 eof = 1;
1146 flags.do_next_read = 0;
1147
1148 /* Bug 2879: Replies may terminate with \r\n then EOF instead of \r\n\r\n
1149 * Ensure here that we have at minimum two \r\n when EOF is seen.
1150 * TODO: Add eof parameter to headersEnd() and move this hack there.
1151 */
1152 if (readBuf->contentSize() && !flags.headers_parsed) {
1153 /*
1154 * Yes Henrik, there is a point to doing this. When we
1155 * called httpProcessReplyHeader() before, we didn't find
1156 * the end of headers, but now we are definately at EOF, so
1157 * we want to process the reply headers.
1158 */
1159 /* Fake an "end-of-headers" to work around such broken servers */
1160 readBuf->append("\r\n", 2);
1161 }
1162 }
1163
1164 processReply();
1165 }
1166
1167 /// processes the already read and buffered response data, possibly after
1168 /// waiting for asynchronous 1xx control message processing
1169 void
1170 HttpStateData::processReply()
1171 {
1172
1173 if (flags.handling1xx) { // we came back after handling a 1xx response
1174 debugs(11, 5, HERE << "done with 1xx handling");
1175 flags.handling1xx = false;
1176 Must(!flags.headers_parsed);
1177 }
1178
1179 if (!flags.headers_parsed) { // have not parsed headers yet?
1180 PROF_start(HttpStateData_processReplyHeader);
1181 processReplyHeader();
1182 PROF_stop(HttpStateData_processReplyHeader);
1183
1184 if (!continueAfterParsingHeader()) // parsing error or need more data
1185 return; // TODO: send errors to ICAP
1186
1187 adaptOrFinalizeReply();
1188 }
1189
1190 // kick more reads if needed and/or process the response body, if any
1191 PROF_start(HttpStateData_processReplyBody);
1192 processReplyBody(); // may call serverComplete()
1193 PROF_stop(HttpStateData_processReplyBody);
1194 }
1195
1196 /**
1197 \retval true if we can continue with processing the body or doing ICAP.
1198 */
1199 bool
1200 HttpStateData::continueAfterParsingHeader()
1201 {
1202 if (flags.handling1xx) {
1203 debugs(11, 5, HERE << "wait for 1xx handling");
1204 Must(!flags.headers_parsed);
1205 return false;
1206 }
1207
1208 if (!flags.headers_parsed && !eof) {
1209 debugs(11, 9, HERE << "needs more at " << readBuf->contentSize());
1210 flags.do_next_read = 1;
1211 /** \retval false If we have not finished parsing the headers and may get more data.
1212 * Schedules more reads to retrieve the missing data.
1213 */
1214 maybeReadVirginBody(); // schedules all kinds of reads; TODO: rename
1215 return false;
1216 }
1217
1218 /** If we are done with parsing, check for errors */
1219
1220 err_type error = ERR_NONE;
1221
1222 if (flags.headers_parsed) { // parsed headers, possibly with errors
1223 // check for header parsing errors
1224 if (HttpReply *vrep = virginReply()) {
1225 const http_status s = vrep->sline.status;
1226 const HttpVersion &v = vrep->sline.version;
1227 if (s == HTTP_INVALID_HEADER && v != HttpVersion(0,9)) {
1228 debugs(11, DBG_IMPORTANT, "WARNING: HTTP: Invalid Response: Bad header encountered from " << entry->url() << " AKA " << request->GetHost() << request->urlpath.termedBuf() );
1229 error = ERR_INVALID_RESP;
1230 } else if (s == HTTP_HEADER_TOO_LARGE) {
1231 fwd->dontRetry(true);
1232 error = ERR_TOO_BIG;
1233 } else {
1234 return true; // done parsing, got reply, and no error
1235 }
1236 } else {
1237 // parsed headers but got no reply
1238 debugs(11, DBG_IMPORTANT, "WARNING: HTTP: Invalid Response: No reply at all for " << entry->url() << " AKA " << request->GetHost() << request->urlpath.termedBuf() );
1239 error = ERR_INVALID_RESP;
1240 }
1241 } else {
1242 assert(eof);
1243 if (readBuf->hasContent()) {
1244 error = ERR_INVALID_RESP;
1245 debugs(11, DBG_IMPORTANT, "WARNING: HTTP: Invalid Response: Headers did not parse at all for " << entry->url() << " AKA " << request->GetHost() << request->urlpath.termedBuf() );
1246 } else {
1247 error = ERR_ZERO_SIZE_OBJECT;
1248 debugs(11, (request->flags.accelerated?DBG_IMPORTANT:2), "WARNING: HTTP: Invalid Response: No object data received for " <<
1249 entry->url() << " AKA " << request->GetHost() << request->urlpath.termedBuf() );
1250 }
1251 }
1252
1253 assert(error != ERR_NONE);
1254 entry->reset();
1255 fwd->fail(errorCon(error, HTTP_BAD_GATEWAY, fwd->request));
1256 flags.do_next_read = 0;
1257 serverConnection->close();
1258 return false; // quit on error
1259 }
1260
1261 /** truncate what we read if we read too much so that writeReplyBody()
1262 writes no more than what we should have read */
1263 void
1264 HttpStateData::truncateVirginBody()
1265 {
1266 assert(flags.headers_parsed);
1267
1268 HttpReply *vrep = virginReply();
1269 int64_t clen = -1;
1270 if (!vrep->expectingBody(request->method, clen) || clen < 0)
1271 return; // no body or a body of unknown size, including chunked
1272
1273 const int64_t body_bytes_read = reply_bytes_read - header_bytes_read;
1274 if (body_bytes_read - body_bytes_truncated <= clen)
1275 return; // we did not read too much or already took care of the extras
1276
1277 if (const int64_t extras = body_bytes_read - body_bytes_truncated - clen) {
1278 // server sent more that the advertised content length
1279 debugs(11,5, HERE << "body_bytes_read=" << body_bytes_read <<
1280 " clen=" << clen << '/' << vrep->content_length <<
1281 " body_bytes_truncated=" << body_bytes_truncated << '+' << extras);
1282
1283 readBuf->truncate(extras);
1284 body_bytes_truncated += extras;
1285 }
1286 }
1287
1288 /**
1289 * Call this when there is data from the origin server
1290 * which should be sent to either StoreEntry, or to ICAP...
1291 */
1292 void
1293 HttpStateData::writeReplyBody()
1294 {
1295 truncateVirginBody(); // if needed
1296 const char *data = readBuf->content();
1297 int len = readBuf->contentSize();
1298 addVirginReplyBody(data, len);
1299 readBuf->consume(len);
1300 }
1301
1302 bool
1303 HttpStateData::decodeAndWriteReplyBody()
1304 {
1305 const char *data = NULL;
1306 int len;
1307 bool wasThereAnException = false;
1308 assert(flags.chunked);
1309 assert(httpChunkDecoder);
1310 SQUID_ENTER_THROWING_CODE();
1311 MemBuf decodedData;
1312 decodedData.init();
1313 const bool doneParsing = httpChunkDecoder->parse(readBuf,&decodedData);
1314 len = decodedData.contentSize();
1315 data=decodedData.content();
1316 addVirginReplyBody(data, len);
1317 if (doneParsing) {
1318 lastChunk = 1;
1319 flags.do_next_read = 0;
1320 }
1321 SQUID_EXIT_THROWING_CODE(wasThereAnException);
1322 return wasThereAnException;
1323 }
1324
1325 /**
1326 * processReplyBody has two purposes:
1327 * 1 - take the reply body data, if any, and put it into either
1328 * the StoreEntry, or give it over to ICAP.
1329 * 2 - see if we made it to the end of the response (persistent
1330 * connections and such)
1331 */
1332 void
1333 HttpStateData::processReplyBody()
1334 {
1335 Ip::Address client_addr;
1336 bool ispinned = false;
1337
1338 if (!flags.headers_parsed) {
1339 flags.do_next_read = 1;
1340 maybeReadVirginBody();
1341 return;
1342 }
1343
1344 #if USE_ADAPTATION
1345 debugs(11,5, HERE << "adaptationAccessCheckPending=" << adaptationAccessCheckPending);
1346 if (adaptationAccessCheckPending)
1347 return;
1348
1349 #endif
1350
1351 /*
1352 * At this point the reply headers have been parsed and consumed.
1353 * That means header content has been removed from readBuf and
1354 * it contains only body data.
1355 */
1356 if (flags.chunked) {
1357 if (!decodeAndWriteReplyBody()) {
1358 flags.do_next_read = 0;
1359 serverComplete();
1360 return;
1361 }
1362 } else
1363 writeReplyBody();
1364
1365 if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
1366 /*
1367 * The above writeReplyBody() call could ABORT this entry,
1368 * in that case, the server FD should already be closed.
1369 * there's nothing for us to do.
1370 */
1371 (void) 0;
1372 } else
1373 switch (persistentConnStatus()) {
1374 case INCOMPLETE_MSG: {
1375 debugs(11, 5, "processReplyBody: INCOMPLETE_MSG from " << serverConnection);
1376 /* Wait for more data or EOF condition */
1377 AsyncCall::Pointer nil;
1378 if (flags.keepalive_broken) {
1379 commSetConnTimeout(serverConnection, 10, nil);
1380 } else {
1381 commSetConnTimeout(serverConnection, Config.Timeout.read, nil);
1382 }
1383
1384 flags.do_next_read = 1;
1385 }
1386 break;
1387
1388 case COMPLETE_PERSISTENT_MSG:
1389 debugs(11, 5, "processReplyBody: COMPLETE_PERSISTENT_MSG from " << serverConnection);
1390 /* yes we have to clear all these! */
1391 commUnsetConnTimeout(serverConnection);
1392 flags.do_next_read = 0;
1393
1394 comm_remove_close_handler(serverConnection->fd, closeHandler);
1395 closeHandler = NULL;
1396 fwd->unregister(serverConnection);
1397
1398 if (request->flags.spoof_client_ip)
1399 client_addr = request->client_addr;
1400
1401
1402 if (request->flags.pinned) {
1403 ispinned = true;
1404 } else if (request->flags.connection_auth && request->flags.auth_sent) {
1405 ispinned = true;
1406 }
1407
1408 if (request->pinnedConnection() && ispinned) {
1409 request->pinnedConnection()->pinConnection(serverConnection, request, _peer,
1410 (request->flags.connection_auth != 0));
1411 } else {
1412 fwd->pconnPush(serverConnection, request->peer_host ? request->peer_host : request->GetHost());
1413 }
1414
1415 serverConnection = NULL;
1416 serverComplete();
1417 return;
1418
1419 case COMPLETE_NONPERSISTENT_MSG:
1420 debugs(11, 5, "processReplyBody: COMPLETE_NONPERSISTENT_MSG from " << serverConnection);
1421 serverComplete();
1422 return;
1423 }
1424
1425 maybeReadVirginBody();
1426 }
1427
1428 void
1429 HttpStateData::maybeReadVirginBody()
1430 {
1431 // we may need to grow the buffer if headers do not fit
1432 const int minRead = flags.headers_parsed ? 0 :1024;
1433 const int read_size = replyBodySpace(*readBuf, minRead);
1434
1435 debugs(11,9, HERE << (flags.do_next_read ? "may" : "wont") <<
1436 " read up to " << read_size << " bytes from " << serverConnection);
1437
1438 /*
1439 * why <2? Because delayAwareRead() won't actually read if
1440 * you ask it to read 1 byte. The delayed read request
1441 * just gets re-queued until the client side drains, then
1442 * the I/O thread hangs. Better to not register any read
1443 * handler until we get a notification from someone that
1444 * its okay to read again.
1445 */
1446 if (read_size < 2)
1447 return;
1448
1449 if (flags.do_next_read) {
1450 flags.do_next_read = 0;
1451 typedef CommCbMemFunT<HttpStateData, CommIoCbParams> Dialer;
1452 entry->delayAwareRead(serverConnection, readBuf->space(read_size), read_size,
1453 JobCallback(11, 5, Dialer, this, HttpStateData::readReply));
1454 }
1455 }
1456
1457 /// called after writing the very last request byte (body, last-chunk, etc)
1458 void
1459 HttpStateData::wroteLast(const CommIoCbParams &io)
1460 {
1461 debugs(11, 5, HERE << serverConnection << ": size " << io.size << ": errflag " << io.flag << ".");
1462 #if URL_CHECKSUM_DEBUG
1463
1464 entry->mem_obj->checkUrlChecksum();
1465 #endif
1466
1467 if (io.size > 0) {
1468 fd_bytes(io.fd, io.size, FD_WRITE);
1469 kb_incr(&statCounter.server.all.kbytes_out, io.size);
1470 kb_incr(&statCounter.server.http.kbytes_out, io.size);
1471 }
1472
1473 if (io.flag == COMM_ERR_CLOSING)
1474 return;
1475
1476 if (io.flag) {
1477 ErrorState *err;
1478 err = errorCon(ERR_WRITE_ERROR, HTTP_BAD_GATEWAY, fwd->request);
1479 err->xerrno = io.xerrno;
1480 fwd->fail(err);
1481 serverConnection->close();
1482 return;
1483 }
1484
1485 sendComplete();
1486 }
1487
1488 /// successfully wrote the entire request (including body, last-chunk, etc.)
1489 void
1490 HttpStateData::sendComplete()
1491 {
1492 /*
1493 * Set the read timeout here because it hasn't been set yet.
1494 * We only set the read timeout after the request has been
1495 * fully written to the server-side. If we start the timeout
1496 * after connection establishment, then we are likely to hit
1497 * the timeout for POST/PUT requests that have very large
1498 * request bodies.
1499 */
1500 typedef CommCbMemFunT<HttpStateData, CommTimeoutCbParams> TimeoutDialer;
1501 AsyncCall::Pointer timeoutCall = JobCallback(11, 5,
1502 TimeoutDialer, this, HttpStateData::httpTimeout);
1503
1504 commSetConnTimeout(serverConnection, Config.Timeout.read, timeoutCall);
1505
1506 flags.request_sent = 1;
1507
1508 request->hier.peer_http_request_sent = current_time;
1509 }
1510
1511 // Close the HTTP server connection. Used by serverComplete().
1512 void
1513 HttpStateData::closeServer()
1514 {
1515 debugs(11,5, HERE << "closing HTTP server " << serverConnection << " this " << this);
1516
1517 if (Comm::IsConnOpen(serverConnection)) {
1518 fwd->unregister(serverConnection);
1519 comm_remove_close_handler(serverConnection->fd, closeHandler);
1520 closeHandler = NULL;
1521 serverConnection->close();
1522 }
1523 }
1524
1525 bool
1526 HttpStateData::doneWithServer() const
1527 {
1528 return !Comm::IsConnOpen(serverConnection);
1529 }
1530
1531 /*
1532 * Fixup authentication request headers for special cases
1533 */
1534 static void
1535 httpFixupAuthentication(HttpRequest * request, const HttpHeader * hdr_in, HttpHeader * hdr_out, http_state_flags flags)
1536 {
1537 http_hdr_type header = flags.originpeer ? HDR_AUTHORIZATION : HDR_PROXY_AUTHORIZATION;
1538
1539 /* Nothing to do unless we are forwarding to a peer */
1540 if (!request->flags.proxying)
1541 return;
1542
1543 /* Needs to be explicitly enabled */
1544 if (!request->peer_login)
1545 return;
1546
1547 /* Maybe already dealt with? */
1548 if (hdr_out->has(header))
1549 return;
1550
1551 /* Nothing to do here for PASSTHRU */
1552 if (strcmp(request->peer_login, "PASSTHRU") == 0)
1553 return;
1554
1555 /* PROXYPASS is a special case, single-signon to servers with the proxy password (basic only) */
1556 if (flags.originpeer && strcmp(request->peer_login, "PROXYPASS") == 0 && hdr_in->has(HDR_PROXY_AUTHORIZATION)) {
1557 const char *auth = hdr_in->getStr(HDR_PROXY_AUTHORIZATION);
1558
1559 if (auth && strncasecmp(auth, "basic ", 6) == 0) {
1560 hdr_out->putStr(header, auth);
1561 return;
1562 }
1563 }
1564
1565 /* Special mode to pass the username to the upstream cache */
1566 if (*request->peer_login == '*') {
1567 char loginbuf[256];
1568 const char *username = "-";
1569
1570 if (request->extacl_user.size())
1571 username = request->extacl_user.termedBuf();
1572 #if USE_AUTH
1573 else if (request->auth_user_request != NULL)
1574 username = request->auth_user_request->username();
1575 #endif
1576
1577 snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, request->peer_login + 1);
1578
1579 httpHeaderPutStrf(hdr_out, header, "Basic %s",
1580 old_base64_encode(loginbuf));
1581 return;
1582 }
1583
1584 /* external_acl provided credentials */
1585 if (request->extacl_user.size() && request->extacl_passwd.size() &&
1586 (strcmp(request->peer_login, "PASS") == 0 ||
1587 strcmp(request->peer_login, "PROXYPASS") == 0)) {
1588 char loginbuf[256];
1589 snprintf(loginbuf, sizeof(loginbuf), SQUIDSTRINGPH ":" SQUIDSTRINGPH,
1590 SQUIDSTRINGPRINT(request->extacl_user),
1591 SQUIDSTRINGPRINT(request->extacl_passwd));
1592 httpHeaderPutStrf(hdr_out, header, "Basic %s",
1593 old_base64_encode(loginbuf));
1594 return;
1595 }
1596
1597 /* Kerberos login to peer */
1598 #if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI
1599 if (strncmp(request->peer_login, "NEGOTIATE",strlen("NEGOTIATE")) == 0) {
1600 char *Token=NULL;
1601 char *PrincipalName=NULL,*p;
1602 if ((p=strchr(request->peer_login,':')) != NULL ) {
1603 PrincipalName=++p;
1604 }
1605 Token = peer_proxy_negotiate_auth(PrincipalName, request->peer_host);
1606 if (Token) {
1607 httpHeaderPutStrf(hdr_out, header, "Negotiate %s",Token);
1608 }
1609 return;
1610 }
1611 #endif /* HAVE_KRB5 && HAVE_GSSAPI */
1612
1613 httpHeaderPutStrf(hdr_out, header, "Basic %s",
1614 old_base64_encode(request->peer_login));
1615 return;
1616 }
1617
1618 /*
1619 * build request headers and append them to a given MemBuf
1620 * used by buildRequestPrefix()
1621 * note: initialised the HttpHeader, the caller is responsible for Clean()-ing
1622 */
1623 void
1624 HttpStateData::httpBuildRequestHeader(HttpRequest * request,
1625 StoreEntry * entry,
1626 HttpHeader * hdr_out,
1627 const http_state_flags flags)
1628 {
1629 /* building buffer for complex strings */
1630 #define BBUF_SZ (MAX_URL+32)
1631 LOCAL_ARRAY(char, bbuf, BBUF_SZ);
1632 LOCAL_ARRAY(char, ntoabuf, MAX_IPSTRLEN);
1633 const HttpHeader *hdr_in = &request->header;
1634 const HttpHeaderEntry *e = NULL;
1635 HttpHeaderPos pos = HttpHeaderInitPos;
1636 assert (hdr_out->owner == hoRequest);
1637
1638 /* append our IMS header */
1639 if (request->lastmod > -1)
1640 hdr_out->putTime(HDR_IF_MODIFIED_SINCE, request->lastmod);
1641
1642 bool we_do_ranges = decideIfWeDoRanges (request);
1643
1644 String strConnection (hdr_in->getList(HDR_CONNECTION));
1645
1646 while ((e = hdr_in->getEntry(&pos)))
1647 copyOneHeaderFromClientsideRequestToUpstreamRequest(e, strConnection, request, hdr_out, we_do_ranges, flags);
1648
1649 /* Abstraction break: We should interpret multipart/byterange responses
1650 * into offset-length data, and this works around our inability to do so.
1651 */
1652 if (!we_do_ranges && request->multipartRangeRequest()) {
1653 /* don't cache the result */
1654 request->flags.cachable = 0;
1655 /* pretend it's not a range request */
1656 delete request->range;
1657 request->range = NULL;
1658 request->flags.range = 0;
1659 }
1660
1661 /* append Via */
1662 if (Config.onoff.via) {
1663 String strVia;
1664 strVia = hdr_in->getList(HDR_VIA);
1665 snprintf(bbuf, BBUF_SZ, "%d.%d %s",
1666 request->http_ver.major,
1667 request->http_ver.minor, ThisCache);
1668 strListAdd(&strVia, bbuf, ',');
1669 hdr_out->putStr(HDR_VIA, strVia.termedBuf());
1670 strVia.clean();
1671 }
1672
1673 if (request->flags.accelerated) {
1674 /* Append Surrogate-Capabilities */
1675 String strSurrogate(hdr_in->getList(HDR_SURROGATE_CAPABILITY));
1676 #if USE_SQUID_ESI
1677 snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"", Config.Accel.surrogate_id);
1678 #else
1679 snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0\"", Config.Accel.surrogate_id);
1680 #endif
1681 strListAdd(&strSurrogate, bbuf, ',');
1682 hdr_out->putStr(HDR_SURROGATE_CAPABILITY, strSurrogate.termedBuf());
1683 }
1684
1685 /** \pre Handle X-Forwarded-For */
1686 if (strcmp(opt_forwarded_for, "delete") != 0) {
1687
1688 String strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
1689
1690 if (strFwd.size() > 65536/2) {
1691 // There is probably a forwarding loop with Via detection disabled.
1692 // If we do nothing, String will assert on overflow soon.
1693 // TODO: Terminate all transactions with huge XFF?
1694 strFwd = "error";
1695
1696 static int warnedCount = 0;
1697 if (warnedCount++ < 100) {
1698 const char *url = entry ? entry->url() : urlCanonical(request);
1699 debugs(11, 1, "Warning: likely forwarding loop with " << url);
1700 }
1701 }
1702
1703 if (strcmp(opt_forwarded_for, "on") == 0) {
1704 /** If set to ON - append client IP or 'unknown'. */
1705 if ( request->client_addr.IsNoAddr() )
1706 strListAdd(&strFwd, "unknown", ',');
1707 else
1708 strListAdd(&strFwd, request->client_addr.NtoA(ntoabuf, MAX_IPSTRLEN), ',');
1709 } else if (strcmp(opt_forwarded_for, "off") == 0) {
1710 /** If set to OFF - append 'unknown'. */
1711 strListAdd(&strFwd, "unknown", ',');
1712 } else if (strcmp(opt_forwarded_for, "transparent") == 0) {
1713 /** If set to TRANSPARENT - pass through unchanged. */
1714 } else if (strcmp(opt_forwarded_for, "truncate") == 0) {
1715 /** If set to TRUNCATE - drop existing list and replace with client IP or 'unknown'. */
1716 if ( request->client_addr.IsNoAddr() )
1717 strFwd = "unknown";
1718 else
1719 strFwd = request->client_addr.NtoA(ntoabuf, MAX_IPSTRLEN);
1720 }
1721 if (strFwd.size() > 0)
1722 hdr_out->putStr(HDR_X_FORWARDED_FOR, strFwd.termedBuf());
1723 }
1724 /** If set to DELETE - do not copy through. */
1725
1726 /* append Host if not there already */
1727 if (!hdr_out->has(HDR_HOST)) {
1728 if (request->peer_domain) {
1729 hdr_out->putStr(HDR_HOST, request->peer_domain);
1730 } else if (request->port == urlDefaultPort(request->protocol)) {
1731 /* use port# only if not default */
1732 hdr_out->putStr(HDR_HOST, request->GetHost());
1733 } else {
1734 httpHeaderPutStrf(hdr_out, HDR_HOST, "%s:%d",
1735 request->GetHost(),
1736 (int) request->port);
1737 }
1738 }
1739
1740 /* append Authorization if known in URL, not in header and going direct */
1741 if (!hdr_out->has(HDR_AUTHORIZATION)) {
1742 if (!request->flags.proxying && request->login && *request->login) {
1743 httpHeaderPutStrf(hdr_out, HDR_AUTHORIZATION, "Basic %s",
1744 old_base64_encode(request->login));
1745 }
1746 }
1747
1748 /* Fixup (Proxy-)Authorization special cases. Plain relaying dealt with above */
1749 httpFixupAuthentication(request, hdr_in, hdr_out, flags);
1750
1751 /* append Cache-Control, add max-age if not there already */
1752 {
1753 HttpHdrCc *cc = hdr_in->getCc();
1754
1755 if (!cc)
1756 cc = httpHdrCcCreate();
1757
1758 #if 0 /* see bug 2330 */
1759 /* Set no-cache if determined needed but not found */
1760 if (request->flags.nocache)
1761 EBIT_SET(cc->mask, CC_NO_CACHE);
1762 #endif
1763
1764 /* Add max-age only without no-cache */
1765 if (!EBIT_TEST(cc->mask, CC_MAX_AGE) && !EBIT_TEST(cc->mask, CC_NO_CACHE)) {
1766 const char *url =
1767 entry ? entry->url() : urlCanonical(request);
1768 httpHdrCcSetMaxAge(cc, getMaxAge(url));
1769
1770 }
1771
1772 /* Enforce sibling relations */
1773 if (flags.only_if_cached)
1774 EBIT_SET(cc->mask, CC_ONLY_IF_CACHED);
1775
1776 hdr_out->putCc(cc);
1777
1778 httpHdrCcDestroy(cc);
1779 }
1780
1781 /* maybe append Connection: keep-alive */
1782 if (flags.keepalive) {
1783 hdr_out->putStr(HDR_CONNECTION, "keep-alive");
1784 }
1785
1786 /* append Front-End-Https */
1787 if (flags.front_end_https) {
1788 if (flags.front_end_https == 1 || request->protocol == AnyP::PROTO_HTTPS)
1789 hdr_out->putStr(HDR_FRONT_END_HTTPS, "On");
1790 }
1791
1792 if (flags.chunked_request) {
1793 // Do not just copy the original value so that if the client-side
1794 // starts decode other encodings, this code may remain valid.
1795 hdr_out->putStr(HDR_TRANSFER_ENCODING, "chunked");
1796 }
1797
1798 /* Now mangle the headers. */
1799 if (Config2.onoff.mangle_request_headers)
1800 httpHdrMangleList(hdr_out, request, ROR_REQUEST);
1801
1802 strConnection.clean();
1803 }
1804
1805 /**
1806 * Decides whether a particular header may be cloned from the received Clients request
1807 * to our outgoing fetch request.
1808 */
1809 void
1810 copyOneHeaderFromClientsideRequestToUpstreamRequest(const HttpHeaderEntry *e, const String strConnection, const HttpRequest * request, HttpHeader * hdr_out, const int we_do_ranges, const http_state_flags flags)
1811 {
1812 debugs(11, 5, "httpBuildRequestHeader: " << e->name << ": " << e->value );
1813
1814 switch (e->id) {
1815
1816 /** \par RFC 2616 sect 13.5.1 - Hop-by-Hop headers which Squid should not pass on. */
1817
1818 case HDR_PROXY_AUTHORIZATION:
1819 /** \par Proxy-Authorization:
1820 * Only pass on proxy authentication to peers for which
1821 * authentication forwarding is explicitly enabled
1822 */
1823 if (!flags.originpeer && flags.proxying && request->peer_login &&
1824 (strcmp(request->peer_login, "PASS") == 0 ||
1825 strcmp(request->peer_login, "PROXYPASS") == 0 ||
1826 strcmp(request->peer_login, "PASSTHRU") == 0)) {
1827 hdr_out->addEntry(e->clone());
1828 }
1829 break;
1830
1831 /** \par RFC 2616 sect 13.5.1 - Hop-by-Hop headers which Squid does not pass on. */
1832
1833 case HDR_CONNECTION: /** \par Connection: */
1834 case HDR_TE: /** \par TE: */
1835 case HDR_KEEP_ALIVE: /** \par Keep-Alive: */
1836 case HDR_PROXY_AUTHENTICATE: /** \par Proxy-Authenticate: */
1837 case HDR_TRAILER: /** \par Trailer: */
1838 case HDR_UPGRADE: /** \par Upgrade: */
1839 case HDR_TRANSFER_ENCODING: /** \par Transfer-Encoding: */
1840 break;
1841
1842
1843 /** \par OTHER headers I haven't bothered to track down yet. */
1844
1845 case HDR_AUTHORIZATION:
1846 /** \par WWW-Authorization:
1847 * Pass on WWW authentication */
1848
1849 if (!flags.originpeer) {
1850 hdr_out->addEntry(e->clone());
1851 } else {
1852 /** \note In accelerators, only forward authentication if enabled
1853 * (see also httpFixupAuthentication for special cases)
1854 */
1855 if (request->peer_login &&
1856 (strcmp(request->peer_login, "PASS") == 0 ||
1857 strcmp(request->peer_login, "PASSTHRU") == 0 ||
1858 strcmp(request->peer_login, "PROXYPASS") == 0)) {
1859 hdr_out->addEntry(e->clone());
1860 }
1861 }
1862
1863 break;
1864
1865 case HDR_HOST:
1866 /** \par Host:
1867 * Normally Squid rewrites the Host: header.
1868 * However, there is one case when we don't: If the URL
1869 * went through our redirector and the admin configured
1870 * 'redir_rewrites_host' to be off.
1871 */
1872 if (request->peer_domain)
1873 hdr_out->putStr(HDR_HOST, request->peer_domain);
1874 else if (request->flags.redirected && !Config.onoff.redir_rewrites_host)
1875 hdr_out->addEntry(e->clone());
1876 else {
1877 /* use port# only if not default */
1878
1879 if (request->port == urlDefaultPort(request->protocol)) {
1880 hdr_out->putStr(HDR_HOST, request->GetHost());
1881 } else {
1882 httpHeaderPutStrf(hdr_out, HDR_HOST, "%s:%d",
1883 request->GetHost(),
1884 (int) request->port);
1885 }
1886 }
1887
1888 break;
1889
1890 case HDR_IF_MODIFIED_SINCE:
1891 /** \par If-Modified-Since:
1892 * append unless we added our own;
1893 * \note at most one client's ims header can pass through */
1894
1895 if (!hdr_out->has(HDR_IF_MODIFIED_SINCE))
1896 hdr_out->addEntry(e->clone());
1897
1898 break;
1899
1900 case HDR_MAX_FORWARDS:
1901 /** \par Max-Forwards:
1902 * pass only on TRACE or OPTIONS requests */
1903 if (request->method == METHOD_TRACE || request->method == METHOD_OPTIONS) {
1904 const int64_t hops = e->getInt64();
1905
1906 if (hops > 0)
1907 hdr_out->putInt64(HDR_MAX_FORWARDS, hops - 1);
1908 }
1909
1910 break;
1911
1912 case HDR_VIA:
1913 /** \par Via:
1914 * If Via is disabled then forward any received header as-is.
1915 * Otherwise leave for explicit updated addition later. */
1916
1917 if (!Config.onoff.via)
1918 hdr_out->addEntry(e->clone());
1919
1920 break;
1921
1922 case HDR_RANGE:
1923
1924 case HDR_IF_RANGE:
1925
1926 case HDR_REQUEST_RANGE:
1927 /** \par Range:, If-Range:, Request-Range:
1928 * Only pass if we accept ranges */
1929 if (!we_do_ranges)
1930 hdr_out->addEntry(e->clone());
1931
1932 break;
1933
1934 case HDR_PROXY_CONNECTION: // SHOULD ignore. But doing so breaks things.
1935 break;
1936
1937 case HDR_CONTENT_LENGTH:
1938 // pass through unless we chunk; also, keeping this away from default
1939 // prevents request smuggling via Connection: Content-Length tricks
1940 if (!flags.chunked_request)
1941 hdr_out->addEntry(e->clone());
1942 break;
1943
1944 case HDR_X_FORWARDED_FOR:
1945
1946 case HDR_CACHE_CONTROL:
1947 /** \par X-Forwarded-For:, Cache-Control:
1948 * handled specially by Squid, so leave off for now.
1949 * append these after the loop if needed */
1950 break;
1951
1952 case HDR_FRONT_END_HTTPS:
1953 /** \par Front-End-Https:
1954 * Pass thru only if peer is configured with front-end-https */
1955 if (!flags.front_end_https)
1956 hdr_out->addEntry(e->clone());
1957
1958 break;
1959
1960 default:
1961 /** \par default.
1962 * pass on all other header fields
1963 * which are NOT listed by the special Connection: header. */
1964
1965 if (strConnection.size()>0 && strListIsMember(&strConnection, e->name.termedBuf(), ',')) {
1966 debugs(11, 2, "'" << e->name << "' header cropped by Connection: definition");
1967 return;
1968 }
1969
1970 hdr_out->addEntry(e->clone());
1971 }
1972 }
1973
1974 bool
1975 HttpStateData::decideIfWeDoRanges (HttpRequest * request)
1976 {
1977 bool result = true;
1978 /* decide if we want to do Ranges ourselves
1979 * and fetch the whole object now)
1980 * We want to handle Ranges ourselves iff
1981 * - we can actually parse client Range specs
1982 * - the specs are expected to be simple enough (e.g. no out-of-order ranges)
1983 * - reply will be cachable
1984 * (If the reply will be uncachable we have to throw it away after
1985 * serving this request, so it is better to forward ranges to
1986 * the server and fetch only the requested content)
1987 */
1988
1989 int64_t roffLimit = request->getRangeOffsetLimit();
1990
1991 if (NULL == request->range || !request->flags.cachable
1992 || request->range->offsetLimitExceeded(roffLimit) || request->flags.connection_auth)
1993 result = false;
1994
1995 debugs(11, 8, "decideIfWeDoRanges: range specs: " <<
1996 request->range << ", cachable: " <<
1997 request->flags.cachable << "; we_do_ranges: " << result);
1998
1999 return result;
2000 }
2001
2002 /* build request prefix and append it to a given MemBuf;
2003 * return the length of the prefix */
2004 mb_size_t
2005 HttpStateData::buildRequestPrefix(MemBuf * mb)
2006 {
2007 const int offset = mb->size;
2008 HttpVersion httpver(1,1);
2009 const char * url;
2010 if (_peer && !_peer->options.originserver)
2011 url = entry->url();
2012 else
2013 url = request->urlpath.termedBuf();
2014 mb->Printf("%s %s %s/%d.%d\r\n",
2015 RequestMethodStr(request->method),
2016 url && *url ? url : "/",
2017 AnyP::ProtocolType_str[httpver.protocol],
2018 httpver.major,httpver.minor);
2019 /* build and pack headers */
2020 {
2021 HttpHeader hdr(hoRequest);
2022 Packer p;
2023 httpBuildRequestHeader(request, entry, &hdr, flags);
2024
2025 if (request->flags.pinned && request->flags.connection_auth)
2026 request->flags.auth_sent = 1;
2027 else if (hdr.has(HDR_AUTHORIZATION))
2028 request->flags.auth_sent = 1;
2029
2030 packerToMemInit(&p, mb);
2031 hdr.packInto(&p);
2032 hdr.clean();
2033 packerClean(&p);
2034 }
2035 /* append header terminator */
2036 mb->append(crlf, 2);
2037 return mb->size - offset;
2038 }
2039
2040 /* This will be called when connect completes. Write request. */
2041 bool
2042 HttpStateData::sendRequest()
2043 {
2044 MemBuf mb;
2045
2046 debugs(11, 5, HERE << serverConnection << ", request " << request << ", this " << this << ".");
2047
2048 if (!Comm::IsConnOpen(serverConnection)) {
2049 debugs(11,3, HERE << "cannot send request to closing " << serverConnection);
2050 assert(closeHandler != NULL);
2051 return false;
2052 }
2053
2054 typedef CommCbMemFunT<HttpStateData, CommTimeoutCbParams> TimeoutDialer;
2055 AsyncCall::Pointer timeoutCall = JobCallback(11, 5,
2056 TimeoutDialer, this, HttpStateData::httpTimeout);
2057 commSetConnTimeout(serverConnection, Config.Timeout.lifetime, timeoutCall);
2058 flags.do_next_read = 1;
2059 maybeReadVirginBody();
2060
2061 if (request->body_pipe != NULL) {
2062 if (!startRequestBodyFlow()) // register to receive body data
2063 return false;
2064 typedef CommCbMemFunT<HttpStateData, CommIoCbParams> Dialer;
2065 requestSender = JobCallback(11,5,
2066 Dialer, this, HttpStateData::sentRequestBody);
2067
2068 Must(!flags.chunked_request);
2069 // use chunked encoding if we do not know the length
2070 if (request->content_length < 0)
2071 flags.chunked_request = 1;
2072 } else {
2073 assert(!requestBodySource);
2074 typedef CommCbMemFunT<HttpStateData, CommIoCbParams> Dialer;
2075 requestSender = JobCallback(11,5,
2076 Dialer, this, HttpStateData::wroteLast);
2077 }
2078
2079 if (_peer != NULL) {
2080 if (_peer->options.originserver) {
2081 flags.proxying = 0;
2082 flags.originpeer = 1;
2083 } else {
2084 flags.proxying = 1;
2085 flags.originpeer = 0;
2086 }
2087 } else {
2088 flags.proxying = 0;
2089 flags.originpeer = 0;
2090 }
2091
2092 /*
2093 * Is keep-alive okay for all request methods?
2094 */
2095 if (request->flags.must_keepalive)
2096 flags.keepalive = 1;
2097 else if (!Config.onoff.server_pconns)
2098 flags.keepalive = 0;
2099 else if (_peer == NULL)
2100 flags.keepalive = 1;
2101 else if (_peer->stats.n_keepalives_sent < 10)
2102 flags.keepalive = 1;
2103 else if ((double) _peer->stats.n_keepalives_recv /
2104 (double) _peer->stats.n_keepalives_sent > 0.50)
2105 flags.keepalive = 1;
2106
2107 if (_peer) {
2108 /*The old code here was
2109 if (neighborType(_peer, request) == PEER_SIBLING && ...
2110 which is equivalent to:
2111 if (neighborType(_peer, NULL) == PEER_SIBLING && ...
2112 or better:
2113 if (((_peer->type == PEER_MULTICAST && p->options.mcast_siblings) ||
2114 _peer->type == PEER_SIBLINGS ) && _peer->options.allow_miss)
2115 flags.only_if_cached = 1;
2116
2117 But I suppose it was a bug
2118 */
2119 if (neighborType(_peer, request) == PEER_SIBLING &&
2120 !_peer->options.allow_miss)
2121 flags.only_if_cached = 1;
2122
2123 flags.front_end_https = _peer->front_end_https;
2124 }
2125
2126 mb.init();
2127 request->peer_host=_peer?_peer->host:NULL;
2128 buildRequestPrefix(&mb);
2129
2130 debugs(11, 2, "HTTP Server " << serverConnection);
2131 debugs(11, 2, "HTTP Server REQUEST:\n---------\n" << mb.buf << "\n----------");
2132
2133 Comm::Write(serverConnection, &mb, requestSender);
2134 return true;
2135 }
2136
2137 bool
2138 HttpStateData::getMoreRequestBody(MemBuf &buf)
2139 {
2140 // parent's implementation can handle the no-encoding case
2141 if (!flags.chunked_request)
2142 return ServerStateData::getMoreRequestBody(buf);
2143
2144 MemBuf raw;
2145
2146 Must(requestBodySource != NULL);
2147 if (!requestBodySource->getMoreData(raw))
2148 return false; // no request body bytes to chunk yet
2149
2150 // optimization: pre-allocate buffer size that should be enough
2151 const mb_size_t rawDataSize = raw.contentSize();
2152 // we may need to send: hex-chunk-size CRLF raw-data CRLF last-chunk
2153 buf.init(16 + 2 + rawDataSize + 2 + 5, raw.max_capacity);
2154
2155 buf.Printf("%x\r\n", static_cast<unsigned int>(rawDataSize));
2156 buf.append(raw.content(), rawDataSize);
2157 buf.Printf("\r\n");
2158
2159 Must(rawDataSize > 0); // we did not accidently created last-chunk above
2160
2161 // Do not send last-chunk unless we successfully received everything
2162 if (receivedWholeRequestBody) {
2163 Must(!flags.sentLastChunk);
2164 flags.sentLastChunk = true;
2165 buf.append("0\r\n\r\n", 5);
2166 }
2167
2168 return true;
2169 }
2170
2171 void
2172 httpStart(FwdState *fwd)
2173 {
2174 debugs(11, 3, "httpStart: \"" << RequestMethodStr(fwd->request->method) << " " << fwd->entry->url() << "\"" );
2175 HttpStateData *httpState = new HttpStateData(fwd);
2176
2177 if (!httpState->sendRequest()) {
2178 debugs(11, 3, "httpStart: aborted");
2179 delete httpState;
2180 return;
2181 }
2182
2183 statCounter.server.all.requests++;
2184 statCounter.server.http.requests++;
2185
2186 /*
2187 * We used to set the read timeout here, but not any more.
2188 * Now its set in httpSendComplete() after the full request,
2189 * including request body, has been written to the server.
2190 */
2191 }
2192
2193 /// if broken posts are enabled for the request, try to fix and return true
2194 bool
2195 HttpStateData::finishingBrokenPost()
2196 {
2197 #if USE_HTTP_VIOLATIONS
2198 if (!Config.accessList.brokenPosts) {
2199 debugs(11, 5, HERE << "No brokenPosts list");
2200 return false;
2201 }
2202
2203 ACLFilledChecklist ch(Config.accessList.brokenPosts, originalRequest(), NULL);
2204 if (!ch.fastCheck()) {
2205 debugs(11, 5, HERE << "didn't match brokenPosts");
2206 return false;
2207 }
2208
2209 if (!Comm::IsConnOpen(serverConnection)) {
2210 debugs(11,2, HERE << "ignoring broken POST for closed " << serverConnection);
2211 assert(closeHandler != NULL);
2212 return true; // prevent caller from proceeding as if nothing happened
2213 }
2214
2215 debugs(11, 2, "finishingBrokenPost: fixing broken POST");
2216 typedef CommCbMemFunT<HttpStateData, CommIoCbParams> Dialer;
2217 requestSender = JobCallback(11,5,
2218 Dialer, this, HttpStateData::wroteLast);
2219 Comm::Write(serverConnection, "\r\n", 2, requestSender, NULL);
2220 return true;
2221 #else
2222 return false;
2223 #endif /* USE_HTTP_VIOLATIONS */
2224 }
2225
2226 /// if needed, write last-chunk to end the request body and return true
2227 bool
2228 HttpStateData::finishingChunkedRequest()
2229 {
2230 if (flags.sentLastChunk) {
2231 debugs(11, 5, HERE << "already sent last-chunk");
2232 return false;
2233 }
2234
2235 Must(receivedWholeRequestBody); // or we should not be sending last-chunk
2236 flags.sentLastChunk = true;
2237
2238 typedef CommCbMemFunT<HttpStateData, CommIoCbParams> Dialer;
2239 requestSender = JobCallback(11,5, Dialer, this, HttpStateData::wroteLast);
2240 Comm::Write(serverConnection, "0\r\n\r\n", 5, requestSender, NULL);
2241 return true;
2242 }
2243
2244 void
2245 HttpStateData::doneSendingRequestBody()
2246 {
2247 ServerStateData::doneSendingRequestBody();
2248 debugs(11,5, HERE << serverConnection);
2249
2250 // do we need to write something after the last body byte?
2251 if (flags.chunked_request && finishingChunkedRequest())
2252 return;
2253 if (!flags.chunked_request && finishingBrokenPost())
2254 return;
2255
2256 sendComplete();
2257 }
2258
2259 // more origin request body data is available
2260 void
2261 HttpStateData::handleMoreRequestBodyAvailable()
2262 {
2263 if (eof || !Comm::IsConnOpen(serverConnection)) {
2264 // XXX: we should check this condition in other callbacks then!
2265 // TODO: Check whether this can actually happen: We should unsubscribe
2266 // as a body consumer when the above condition(s) are detected.
2267 debugs(11, 1, HERE << "Transaction aborted while reading HTTP body");
2268 return;
2269 }
2270
2271 assert(requestBodySource != NULL);
2272
2273 if (requestBodySource->buf().hasContent()) {
2274 // XXX: why does not this trigger a debug message on every request?
2275
2276 if (flags.headers_parsed && !flags.abuse_detected) {
2277 flags.abuse_detected = 1;
2278 debugs(11, 1, "http handleMoreRequestBodyAvailable: Likely proxy abuse detected '" << request->client_addr << "' -> '" << entry->url() << "'" );
2279
2280 if (virginReply()->sline.status == HTTP_INVALID_HEADER) {
2281 serverConnection->close();
2282 return;
2283 }
2284 }
2285 }
2286
2287 HttpStateData::handleMoreRequestBodyAvailable();
2288 }
2289
2290 // premature end of the request body
2291 void
2292 HttpStateData::handleRequestBodyProducerAborted()
2293 {
2294 ServerStateData::handleRequestBodyProducerAborted();
2295 if (entry->isEmpty()) {
2296 debugs(11, 3, "request body aborted: " << serverConnection);
2297 ErrorState *err;
2298 // We usually get here when ICAP REQMOD aborts during body processing.
2299 // We might also get here if client-side aborts, but then our response
2300 // should not matter because either client-side will provide its own or
2301 // there will be no response at all (e.g., if the the client has left).
2302 err = errorCon(ERR_ICAP_FAILURE, HTTP_INTERNAL_SERVER_ERROR, fwd->request);
2303 err->xerrno = ERR_DETAIL_SRV_REQMOD_REQ_BODY;
2304 fwd->fail(err);
2305 }
2306
2307 abortTransaction("request body producer aborted");
2308 }
2309
2310 // called when we wrote request headers(!) or a part of the body
2311 void
2312 HttpStateData::sentRequestBody(const CommIoCbParams &io)
2313 {
2314 if (io.size > 0)
2315 kb_incr(&statCounter.server.http.kbytes_out, io.size);
2316
2317 ServerStateData::sentRequestBody(io);
2318 }
2319
2320 // Quickly abort the transaction
2321 // TODO: destruction should be sufficient as the destructor should cleanup,
2322 // including canceling close handlers
2323 void
2324 HttpStateData::abortTransaction(const char *reason)
2325 {
2326 debugs(11,5, HERE << "aborting transaction for " << reason <<
2327 "; " << serverConnection << ", this " << this);
2328
2329 if (Comm::IsConnOpen(serverConnection)) {
2330 serverConnection->close();
2331 return;
2332 }
2333
2334 fwd->handleUnregisteredServerEnd();
2335 deleteThis("HttpStateData::abortTransaction");
2336 }
Mirror of https://github.com/squid-cache/squid.git