/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#include "HttpHdrCc.h"
#include "HttpReply.h"
#include "HttpRequest.h"
+#include "ip/NfMarkConfig.h"
#include "ip/QosConfig.h"
#include "ipcache.h"
#include "log/access_log.h"
store_id_done(false),
no_cache_done(false),
interpreted_req_hdrs(false),
- tosToClientDone(false),
- nfmarkToClientDone(false),
+ toClientMarkingDone(false),
#if USE_OPENSSL
sslBumpCheckDone(false),
#endif
/* allow size for url rewriting */
url_sz = strlen(url) + Config.appendDomainLen + 5;
http->uri = (char *)xcalloc(url_sz, 1);
- strcpy(http->uri, url);
+ strcpy(http->uri, url); // XXX: polluting http->uri before parser validation
if ((request = HttpRequest::FromUrl(http->uri, mx, method)) == NULL) {
debugs(85, 5, "Invalid URL: " << http->uri);
* Ensure that the access log shows the indirect client
* instead of the direct client.
*/
- ConnStateData *conn = http->getConn();
- conn->log_addr = request->indirect_client_addr;
- http->al->cache.caddr = conn->log_addr;
+ http->al->cache.caddr = request->indirect_client_addr;
+ if (ConnStateData *conn = http->getConn())
+ conn->log_addr = request->indirect_client_addr;
}
request->x_forwarded_for_iterator.clean();
request->flags.done_follow_x_forwarded_for = true;
- if (!answer.someRuleMatched()) {
+ if (answer.conflicted()) {
debugs(28, DBG_CRITICAL, "ERROR: Processing X-Forwarded-For. Stopping at IP address: " << request->indirect_client_addr );
}
// note the DNS details for the transaction stats.
http->request->recordLookup(dns);
- if (ia != NULL && ia->count > 0) {
- // Is the NAT destination IP in DNS?
- for (int i = 0; i < ia->count; ++i) {
- if (clientConn->local.matchIPAddr(ia->in_addrs[i]) == 0) {
- debugs(85, 3, HERE << "validate IP " << clientConn->local << " possible from Host:");
- http->request->flags.hostVerified = true;
- http->doCallouts();
- return;
- }
- debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
- }
+ // Is the NAT destination IP in DNS?
+ if (ia && ia->have(clientConn->local)) {
+ debugs(85, 3, "validate IP " << clientConn->local << " possible from Host:");
+ http->request->flags.hostVerified = true;
+ http->doCallouts();
+ return;
}
debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
hostHeaderVerifyFailed("local IP", "any domain IP");
// prevent broken helpers causing too much damage. If old URL == new URL skip the re-write.
if (urlNote != NULL && strcmp(urlNote, http->uri)) {
URL tmpUrl;
- if (tmpUrl.parse(old_request->method, const_cast<char*>(urlNote))) {
+ if (tmpUrl.parse(old_request->method, urlNote)) {
HttpRequest *new_request = old_request->clone();
new_request->url = tmpUrl;
debugs(61, 2, "URL-rewriter diverts URL from " << old_request->effectiveRequestUri() << " to " << new_request->effectiveRequestUri());
*/
tos_t aclMapTOS (acl_tos * head, ACLChecklist * ch);
-nfmark_t aclMapNfmark (acl_nfmark * head, ACLChecklist * ch);
+Ip::NfMarkConfig aclFindNfMarkConfig (acl_nfmark * head, ACLChecklist * ch);
void
ClientHttpRequest::doCallouts()
}
} // if !calloutContext->error
- if (!calloutContext->tosToClientDone) {
- calloutContext->tosToClientDone = true;
- if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConnection)) {
- ACLFilledChecklist ch(NULL, request, NULL);
- ch.src_addr = request->client_addr;
- ch.my_addr = request->my_addr;
+ // Set appropriate MARKs and CONNMARKs if needed.
+ if (getConn() && Comm::IsConnOpen(getConn()->clientConnection)) {
+ ACLFilledChecklist ch(nullptr, request, nullptr);
+ ch.src_addr = request->client_addr;
+ ch.my_addr = request->my_addr;
+
+ if (!calloutContext->toClientMarkingDone) {
+ calloutContext->toClientMarkingDone = true;
tos_t tos = aclMapTOS(Ip::Qos::TheConfig.tosToClient, &ch);
if (tos)
Ip::Qos::setSockTos(getConn()->clientConnection, tos);
- }
- }
- if (!calloutContext->nfmarkToClientDone) {
- calloutContext->nfmarkToClientDone = true;
- if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConnection)) {
- ACLFilledChecklist ch(NULL, request, NULL);
- ch.src_addr = request->client_addr;
- ch.my_addr = request->my_addr;
- nfmark_t mark = aclMapNfmark(Ip::Qos::TheConfig.nfmarkToClient, &ch);
- if (mark)
- Ip::Qos::setSockNfmark(getConn()->clientConnection, mark);
+ const auto packetMark = aclFindNfMarkConfig(Ip::Qos::TheConfig.nfmarkToClient, &ch);
+ if (!packetMark.isEmpty())
+ Ip::Qos::setSockNfmark(getConn()->clientConnection, packetMark.mark);
+
+ const auto connmark = aclFindNfMarkConfig(Ip::Qos::TheConfig.nfConnmarkToClient, &ch);
+ if (!connmark.isEmpty())
+ Ip::Qos::setNfConnmark(getConn()->clientConnection, Ip::Qos::dirAccepted, connmark);
}
}