/*
- * DEBUG: section 17 Request Forwarding
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 17 Request Forwarding */
+
#include "squid.h"
#include "AccessLogEntry.h"
#include "acl/AclAddress.h"
#include "CacheManager.h"
#include "CachePeer.h"
#include "client_side.h"
+#include "clients/forward.h"
#include "comm/Connection.h"
#include "comm/ConnOpener.h"
#include "comm/Loops.h"
#include "event.h"
#include "fd.h"
#include "fde.h"
-#include "ftp.h"
#include "FwdState.h"
#include "globals.h"
#include "gopher.h"
#include "ssl/ServerBump.h"
#include "ssl/support.h"
#endif
-#if HAVE_ERRNO_H
-#include <errno.h>
-#endif
+
+#include <cerrno>
static PSC fwdPeerSelectionCompleteWrapper;
static CLCB fwdServerClosedWrapper;
#define MAX_FWD_STATS_IDX 9
static int FwdReplyCodes[MAX_FWD_STATS_IDX + 1][Http::scInvalidHeader + 1];
-static PconnPool *fwdPconnPool = new PconnPool("server-side", NULL);
+static PconnPool *fwdPconnPool = new PconnPool("server-peers", NULL);
CBDATA_CLASS_INIT(FwdState);
#if USE_OPENSSL
typedef void (FwdState::*Method)(Ssl::PeerConnectorAnswer &);
FwdStatePeerAnswerDialer(Method method, FwdState *fwd):
- method_(method), fwd_(fwd), answer_() {}
+ method_(method), fwd_(fwd), answer_() {}
/* CallDialer API */
virtual bool canDial(AsyncCall &call) { return fwd_.valid(); }
/**** PUBLIC INTERFACE ********************************************************/
FwdState::FwdState(const Comm::ConnectionPointer &client, StoreEntry * e, HttpRequest * r, const AccessLogEntryPointer &alp):
- al(alp)
+ al(alp)
{
debugs(17, 2, HERE << "Forwarding client request " << client << ", url=" << e->url() );
entry = e;
flags.forward_completed = true;
+ request->hier.stopPeerClock(false);
+
if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
debugs(17, 3, HERE << "entry aborted");
return ;
page_id = ERR_FORWARDING_DENIED;
ErrorState *anErr = new ErrorState(page_id, Http::scForbidden, request);
- errorAppendEntry(entry, anErr); // frees anErr
+ errorAppendEntry(entry, anErr); // frees anErr
return;
}
}
if (shutting_down) {
/* more yuck */
ErrorState *anErr = new ErrorState(ERR_SHUTTING_DOWN, Http::scServiceUnavailable, request);
- errorAppendEntry(entry, anErr); // frees anErr
+ errorAppendEntry(entry, anErr); // frees anErr
return;
}
serverConn = NULL;
}
-// Legacy method to be removed in favor of the above as soon as possible
+// \deprecated use unregister(Comm::ConnectionPointer &conn) instead
void
FwdState::unregister(int fd)
{
}
/**
- * server-side modules call fwdComplete() when they are done
+ * FooClient modules call fwdComplete() when they are done
* downloading an object. Then, we either 1) re-forward the
* request somewhere else if needed, or 2) call storeComplete()
* to finish it off
/**** CALLBACK WRAPPERS ************************************************************/
static void
-fwdPeerSelectionCompleteWrapper(Comm::ConnectionList * unused, ErrorState *err, void *data)
+fwdPeerSelectionCompleteWrapper(Comm::ConnectionList *, ErrorState *err, void *data)
{
FwdState *fwd = (FwdState *) data;
if (err)
}
void
-fwdConnectDoneWrapper(const Comm::ConnectionPointer &conn, comm_err_t status, int xerrno, void *data)
+fwdConnectDoneWrapper(const Comm::ConnectionPointer &conn, Comm::Flag status, int xerrno, void *data)
{
FwdState *fwd = (FwdState *) data;
fwd->connectDone(conn, status, xerrno);
*
* Return TRUE if the request SHOULD be retried. This method is
* called when the HTTP connection fails, or when the connection
- * is closed before server-side read the end of HTTP headers.
+ * is closed before reading the end of HTTP headers from the server.
*/
bool
FwdState::checkRetry()
// TODO: should we call completed() here and move doneWithRetries there?
doneWithRetries();
+ request->hier.stopPeerClock(false);
+
if (self != NULL && !err && shutting_down) {
ErrorState *anErr = new ErrorState(ERR_SHUTTING_DOWN, Http::scServiceUnavailable, request);
errorAppendEntry(entry, anErr);
}
- self = NULL; // refcounted
+ self = NULL; // refcounted
}
// If the Server quits before nibbling at the request body, the body sender
}
void
-FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, int xerrno)
+FwdState::connectDone(const Comm::ConnectionPointer &conn, Comm::Flag status, int xerrno)
{
- if (status != COMM_OK) {
+ if (status != Comm::OK) {
ErrorState *const anErr = makeConnectingError(ERR_CONNECT_FAIL);
anErr->xerrno = xerrno;
fail(anErr);
AsyncCall::Pointer callback = asyncCall(17,4,
"FwdState::ConnectedToPeer",
FwdStatePeerAnswerDialer(&FwdState::connectedToPeer, this));
+ // Use positive timeout when less than one second is left.
+ const time_t sslNegotiationTimeout = max(static_cast<time_t>(1), timeLeft());
Ssl::PeerConnector *connector =
- new Ssl::PeerConnector(requestPointer, serverConnection(), callback);
+ new Ssl::PeerConnector(requestPointer, serverConnection(), clientConn, callback, sslNegotiationTimeout);
AsyncJob::Start(connector); // will call our callback
return;
}
}
#endif
+ // should reach ConnStateData before the dispatched Client job starts
+ CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
+ ConnStateData::notePeerConnection, serverConnection());
+
dispatch();
}
}
}
-/**
- * Called after Forwarding path selection (via peer select) has taken place.
- * And whenever forwarding needs to attempt a new connection (routing failover)
- * We have a vector of possible localIP->remoteIP paths now ready to start being connected.
- */
-void
-FwdState::connectStart()
+time_t
+FwdState::timeLeft() const
{
- assert(serverDestinations.size() > 0);
-
- debugs(17, 3, "fwdConnectStart: " << entry->url());
-
- if (!request->hier.first_conn_start.tv_sec) // first attempt
- request->hier.first_conn_start = current_time;
-
/* connection timeout */
int ctimeout;
if (serverDestinations[0]->getPeer()) {
ftimeout = 5;
if (ftimeout < ctimeout)
- ctimeout = ftimeout;
+ return (time_t)ftimeout;
+ else
+ return (time_t)ctimeout;
+}
+
+/**
+ * Called after forwarding path selection (via peer select) has taken place
+ * and whenever forwarding needs to attempt a new connection (routing failover).
+ * We have a vector of possible localIP->remoteIP paths now ready to start being connected.
+ */
+void
+FwdState::connectStart()
+{
+ assert(serverDestinations.size() > 0);
+
+ debugs(17, 3, "fwdConnectStart: " << entry->url());
+
+ request->hier.startPeerClock();
if (serverDestinations[0]->getPeer() && request->flags.sslBumped) {
debugs(50, 4, "fwdConnectStart: Ssl bumped connections through parent proxy are not allowed");
debugs(17,7, "pinned peer connection: " << pinned_connection);
// pinned_connection may become nil after a pconn race
if (pinned_connection)
- serverConn = pinned_connection->validatePinnedConnection(request, serverDestinations[0]->getPeer());
+ serverConn = pinned_connection->borrowPinnedConnection(request, serverDestinations[0]->getPeer());
else
serverConn = NULL;
if (Comm::IsConnOpen(serverConn)) {
if (pinned_connection->pinnedAuth())
request->flags.auth = true;
comm_add_close_handler(serverConn->fd, fwdServerClosedWrapper, this);
+
+ /* Update server side TOS and Netfilter mark on the connection. */
+ if (Ip::Qos::TheConfig.isAclTosActive()) {
+ debugs(17, 3, HERE << "setting tos for pinned connection to " << (int)serverConn->tos );
+ serverConn->tos = GetTosToServer(request);
+ Ip::Qos::setSockTos(serverConn, serverConn->tos);
+ }
+#if SO_MARK
+ if (Ip::Qos::TheConfig.isAclNfmarkActive()) {
+ serverConn->nfmark = GetNfmarkToServer(request);
+ Ip::Qos::setSockNfmark(serverConn, serverConn->nfmark);
+ }
+#endif
+
// the server may close the pinned connection before this request
pconnRace = racePossible;
dispatch();
GetMarkingsToServer(request, *serverDestinations[0]);
calls.connector = commCbCall(17,3, "fwdConnectDoneWrapper", CommConnectCbPtrFun(fwdConnectDoneWrapper, this));
- Comm::ConnOpener *cs = new Comm::ConnOpener(serverDestinations[0], calls.connector, ctimeout);
+ Comm::ConnOpener *cs = new Comm::ConnOpener(serverDestinations[0], calls.connector, timeLeft());
if (host)
cs->setHost(host);
AsyncJob::Start(cs);
break;
case AnyP::PROTO_FTP:
- ftpStart(this);
+ if (request->flags.ftpNative)
+ Ftp::StartRelay(this);
+ else
+ Ftp::StartGateway(this);
break;
case AnyP::PROTO_CACHE_OBJECT:
whoisStart(this);
break;
- case AnyP::PROTO_WAIS: /* Not implemented */
+ case AnyP::PROTO_WAIS: /* Not implemented */
default:
debugs(17, DBG_IMPORTANT, "WARNING: Cannot retrieve '" << entry->url() << "'.");
*
* returns TRUE if the transaction SHOULD be re-forwarded to the
* next choice in the serverDestinations list. This method is called when
- * server-side communication completes normally, or experiences
+ * peer communication completes normally, or experiences
* some error after receiving the end of HTTP headers.
*/
int
conn.nfmark = 0;
#endif
}
+