/* various session flags, bits values 0x01 to 0x20 (shift 0) */
#define SN_DIRECT 0x00000001 /* connection made on the server matching the client cookie */
-#define SN_CLDENY 0x00000002 /* a client header matches a deny regex */
-#define SN_CLALLOW 0x00000004 /* a client header matches an allow regex */
-#define SN_SVDENY 0x00000008 /* a server header matches a deny regex */
-#define SN_SVALLOW 0x00000010 /* a server header matches an allow regex */
-#define SN_BE_ASSIGNED 0x00000020 /* a backend was assigned. Conns are accounted. */
-
-/* session flags dedicated to cookies : bits values 0x40, 0x80 (0-3 shift 6) */
-#define SN_CK_NONE 0x00000000 /* this session had no cookie */
-#define SN_CK_INVALID 0x00000040 /* this session had a cookie which matches no server */
-#define SN_CK_DOWN 0x00000080 /* this session had cookie matching a down server */
-#define SN_CK_VALID 0x000000C0 /* this session had cookie matching a valid server */
-#define SN_CK_MASK 0x000000C0 /* mask to get this session's cookie flags */
-#define SN_CK_SHIFT 6 /* bit shift */
+#define SN_ASSIGNED 0x00000002 /* no need to assign a server to this session */
+#define SN_ADDR_SET 0x00000004 /* this session's server address has been set */
+#define SN_BE_ASSIGNED 0x00000008 /* a backend was assigned. Conns are accounted. */
+#define SN_CONN_CLOSED 0x00000010 /* "Connection: close" was present or added */
+#define SN_MONITOR 0x00000020 /* this session comes from a monitoring system */
+#define SN_SELF_GEN 0x00000040 /* the proxy generates data for the client (eg: stats) */
+/* unused: 0x00000080 */
/* session termination conditions, bits values 0x100 to 0x700 (0-7 shift 8) */
#define SN_ERR_NONE 0x00000000
#define SN_ERR_INTERNAL 0x00000700 /* the proxy encountered an internal error */
#define SN_ERR_MASK 0x00000700 /* mask to get only session error flags */
#define SN_ERR_SHIFT 8 /* bit shift */
+/* unused: 0x00000800 */
/* session state at termination, bits values 0x1000 to 0x7000 (0-7 shift 12) */
#define SN_FINST_R 0x00001000 /* session ended during client request */
#define SN_FINST_T 0x00007000 /* session ended tarpitted */
#define SN_FINST_MASK 0x00007000 /* mask to get only final session state flags */
#define SN_FINST_SHIFT 12 /* bit shift */
-
-/* cookie information, bits values 0x10000 to 0x80000 (0-8 shift 16) */
-#define SN_SCK_NONE 0x00000000 /* no set-cookie seen for the server cookie */
-#define SN_SCK_DELETED 0x00010000 /* existing set-cookie deleted or changed */
-#define SN_SCK_INSERTED 0x00020000 /* new set-cookie inserted or changed existing one */
-#define SN_SCK_SEEN 0x00040000 /* set-cookie seen for the server cookie */
-#define SN_SCK_MASK 0x00070000 /* mask to get the set-cookie field */
-#define SN_SCK_ANY 0x00080000 /* at least one set-cookie seen (not to be counted) */
-#define SN_SCK_SHIFT 16 /* bit shift */
-
-/* cacheability management, bits values 0x100000 to 0x300000 (0-3 shift 20) */
-#define SN_CACHEABLE 0x00100000 /* at least part of the response is cacheable */
-#define SN_CACHE_COOK 0x00200000 /* a cookie in the response is cacheable */
-#define SN_CACHE_SHIFT 20 /* bit shift */
-
-/* various other session flags, bits values 0x400000 and above */
-#define SN_CONN_CLOSED 0x00000800 /* "Connection: close" was present or added */
-#define SN_MONITOR 0x00400000 /* this session comes from a monitoring system */
-#define SN_ASSIGNED 0x00800000 /* no need to assign a server to this session */
-#define SN_ADDR_SET 0x01000000 /* this session's server address has been set */
-#define SN_SELF_GEN 0x02000000 /* the proxy generates data for the client (eg: stats) */
-#define SN_CLTARPIT 0x04000000 /* the session is tarpitted (anti-dos) */
+/* unused: 0x00008000 */
/* WARNING: if new fields are added, they must be initialized in event_accept()
}
/* has the request been denied ? */
- if (t->flags & SN_CLDENY) {
+ if (txn->flags & TX_CLDENY) {
/* no need to go further */
txn->status = 403;
/* let's log the request time */
* the fields will stay coherent and the URI will not move.
* This should only be performed in the backend.
*/
- if (!(t->flags & (SN_CLDENY|SN_CLTARPIT)))
+ if (!(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
manage_client_side_cookies(t, req);
* timeout. If unset, then set it to zero because we really want it
* to expire at one moment.
*/
- if (t->flags & SN_CLTARPIT) {
+ if (txn->flags & TX_CLTARPIT) {
t->req->l = 0;
/* flush the request so that we can drop the connection early
* if the client closes first.
{
int s = t->srv_state;
int c = t->cli_state;
+ struct http_txn *txn = &t->txn;
struct buffer *req = t->req;
struct buffer *rep = t->rep;
int conn_err;
/* note that this must not return any error because it would be able to
* overwrite the client_retnclose() output.
*/
- if (t->flags & SN_CLTARPIT)
+ if (txn->flags & TX_CLTARPIT)
srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_T, 0, NULL);
else
srv_close_with_err(t, SN_ERR_CLICL, t->pend_pos ? SN_FINST_Q : SN_FINST_C, 0, NULL);
return 1;
}
else {
- if (t->flags & SN_CLTARPIT) {
+ if (txn->flags & TX_CLTARPIT) {
/* This connection is being tarpitted. The CLIENT side has
* already set the connect expiration date to the right
* timeout. We just have to check that it has not expired.
t->flags &= ~(SN_DIRECT | SN_ASSIGNED | SN_ADDR_SET);
t->srv = NULL; /* it's left to the dispatcher to choose a server */
- if ((t->flags & SN_CK_MASK) == SN_CK_VALID) {
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_DOWN;
+ if ((txn->flags & TX_CK_MASK) == TX_CK_VALID) {
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_DOWN;
}
/* first, get a connection */
*/
int cur_idx;
- struct http_txn *txn = &t->txn;
struct http_msg *msg = &txn->rsp;
struct proxy *cur_proxy;
*/
if (likely(txn->meth != HTTP_METH_POST) &&
unlikely(t->be->beprm->options & PR_O_CHK_CACHE))
- t->flags |= SN_CACHEABLE | SN_CACHE_COOK;
+ txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
break;
default:
break;
}
/* has the response been denied ? */
- if (t->flags & SN_SVDENY) {
+ if (txn->flags & TX_SVDENY) {
if (t->srv) {
t->srv->cur_sess--;
t->srv->failed_secu++;
if (hdr_idx_add(len - 2, 1, &txn->hdr_idx, txn->hdr_idx.tail) < 0)
goto return_bad_resp;
- t->flags |= SN_SCK_INSERTED;
+ txn->flags |= TX_SCK_INSERTED;
/* Here, we will tell an eventual cache on the client side that we don't
* want it to cache this reply because HTTP/1.0 caches also cache cookies !
* We'll block the response if security checks have caught
* nasty things such as a cacheable cookie.
*/
- if (((t->flags & (SN_CACHEABLE | SN_CACHE_COOK | SN_SCK_ANY)) ==
- (SN_CACHEABLE | SN_CACHE_COOK | SN_SCK_ANY)) &&
+ if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
+ (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
(t->be->beprm->options & PR_O_CHK_CACHE)) {
/* we're in presence of a cacheable response containing
old_idx = 0;
while (!last_hdr) {
- if (unlikely(t->flags & (SN_CLDENY | SN_CLTARPIT)))
+ if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
return 1;
- else if (unlikely(t->flags & SN_CLALLOW) &&
+ else if (unlikely(txn->flags & TX_CLALLOW) &&
(exp->action == ACT_ALLOW ||
exp->action == ACT_DENY ||
exp->action == ACT_TARPIT))
break;
case ACT_ALLOW:
- t->flags |= SN_CLALLOW;
+ txn->flags |= TX_CLALLOW;
last_hdr = 1;
break;
case ACT_DENY:
- t->flags |= SN_CLDENY;
+ txn->flags |= TX_CLDENY;
last_hdr = 1;
t->be->beprm->denied_req++;
break;
case ACT_TARPIT:
- t->flags |= SN_CLTARPIT;
+ txn->flags |= TX_CLTARPIT;
last_hdr = 1;
t->be->beprm->denied_req++;
break;
int len, delta;
- if (unlikely(t->flags & (SN_CLDENY | SN_CLTARPIT)))
+ if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
return 1;
- else if (unlikely(t->flags & SN_CLALLOW) &&
+ else if (unlikely(txn->flags & TX_CLALLOW) &&
(exp->action == ACT_ALLOW ||
exp->action == ACT_DENY ||
exp->action == ACT_TARPIT))
break;
case ACT_ALLOW:
- t->flags |= SN_CLALLOW;
+ txn->flags |= TX_CLALLOW;
done = 1;
break;
case ACT_DENY:
- t->flags |= SN_CLDENY;
+ txn->flags |= TX_CLDENY;
t->be->beprm->denied_req++;
done = 1;
break;
case ACT_TARPIT:
- t->flags |= SN_CLTARPIT;
+ txn->flags |= TX_CLTARPIT;
t->be->beprm->denied_req++;
done = 1;
break;
*/
int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
{
+ struct http_txn *txn = &t->txn;
/* iterate through the filters in the outer loop */
- while (exp && !(t->flags & (SN_CLDENY|SN_CLTARPIT))) {
+ while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
int ret;
/*
* the evaluation.
*/
- if ((t->flags & SN_CLALLOW) &&
+ if ((txn->flags & TX_CLALLOW) &&
(exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
exp = exp->next;
!memcmp(p3, srv->cookie, delim - p3)) {
if (srv->state & SRV_RUNNING || t->be->beprm->options & PR_O_PERSIST) {
/* we found the server and it's usable */
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_VALID | SN_DIRECT | SN_ASSIGNED;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_VALID;
+ t->flags |= SN_DIRECT | SN_ASSIGNED;
t->srv = srv;
break;
} else {
/* we found a server, but it's down */
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_DOWN;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_DOWN;
}
}
srv = srv->next;
}
- if (!srv && !(t->flags & SN_CK_DOWN)) {
+ if (!srv && !(txn->flags & TX_CK_DOWN)) {
/* no server matched this cookie */
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_INVALID;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_INVALID;
}
/* depending on the cookie mode, we may have to either :
if (strcmp(srv->id, asession_temp->serverid) == 0) {
if (srv->state & SRV_RUNNING || t->be->beprm->options & PR_O_PERSIST) {
/* we found the server and it's usable */
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_VALID | SN_DIRECT | SN_ASSIGNED;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_VALID;
+ t->flags |= SN_DIRECT | SN_ASSIGNED;
t->srv = srv;
break;
} else {
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_DOWN;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_DOWN;
}
}
srv = srv->next;
old_idx = 0;
while (!last_hdr) {
- if (unlikely(t->flags & SN_SVDENY))
+ if (unlikely(txn->flags & TX_SVDENY))
return 1;
- else if (unlikely(t->flags & SN_SVALLOW) &&
+ else if (unlikely(txn->flags & TX_SVALLOW) &&
(exp->action == ACT_ALLOW ||
exp->action == ACT_DENY))
return 0;
if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
switch (exp->action) {
case ACT_ALLOW:
- t->flags |= SN_SVALLOW;
+ txn->flags |= TX_SVALLOW;
last_hdr = 1;
break;
case ACT_DENY:
- t->flags |= SN_SVDENY;
+ txn->flags |= TX_SVDENY;
last_hdr = 1;
break;
int len, delta;
- if (unlikely(t->flags & SN_SVDENY))
+ if (unlikely(txn->flags & TX_SVDENY))
return 1;
- else if (unlikely(t->flags & SN_SVALLOW) &&
+ else if (unlikely(txn->flags & TX_SVALLOW) &&
(exp->action == ACT_ALLOW ||
exp->action == ACT_DENY))
return 0;
if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
switch (exp->action) {
case ACT_ALLOW:
- t->flags |= SN_SVALLOW;
+ txn->flags |= TX_SVALLOW;
done = 1;
break;
case ACT_DENY:
- t->flags |= SN_SVDENY;
+ txn->flags |= TX_SVDENY;
done = 1;
break;
*/
int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
{
+ struct http_txn *txn = &t->txn;
/* iterate through the filters in the outer loop */
- while (exp && !(t->flags & SN_SVDENY)) {
+ while (exp && !(txn->flags & TX_SVDENY)) {
int ret;
/*
* the evaluation.
*/
- if ((t->flags & SN_SVALLOW) &&
+ if ((txn->flags & TX_SVALLOW) &&
(exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
exp->action == ACT_PASS)) {
exp = exp->next;
}
/* OK, right now we know we have a set-cookie at cur_ptr */
- t->flags |= SN_SCK_ANY;
+ txn->flags |= TX_SCK_ANY;
/* maybe we only wanted to see if there was a set-cookie */
if ((p2 - p1 == t->be->beprm->cookie_len) && (t->be->beprm->cookie_name != NULL) &&
(memcmp(p1, t->be->beprm->cookie_name, p2 - p1) == 0)) {
/* Cool... it's the right one */
- t->flags |= SN_SCK_SEEN;
+ txn->flags |= TX_SCK_SEEN;
/* If the cookie is in insert mode on a known server, we'll delete
* this occurrence because we'll insert another one later.
cur_next += delta;
txn->rsp.eoh += delta;
- t->flags |= SN_SCK_DELETED;
+ txn->flags |= TX_SCK_DELETED;
}
else if ((t->srv) && (t->srv->cookie) &&
(t->be->beprm->options & PR_O_COOK_RW)) {
cur_next += delta;
txn->rsp.eoh += delta;
- t->flags |= SN_SCK_INSERTED | SN_SCK_DELETED;
+ txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
}
else if ((t->srv) && (t->srv->cookie) &&
(t->be->beprm->options & PR_O_COOK_PFX)) {
txn->rsp.eoh += delta;
p3[t->srv->cklen] = COOKIE_DELIM;
- t->flags |= SN_SCK_INSERTED | SN_SCK_DELETED;
+ txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
}
}
/* next, let's see if the cookie is our appcookie */
char *cur_ptr, *cur_end, *cur_next;
int cur_idx;
- if (!t->flags & SN_CACHEABLE)
+ if (!txn->flags & TX_CACHEABLE)
return;
/* Iterate through the headers.
if ((cur_end - cur_ptr >= 16) &&
strncasecmp(cur_ptr, "Pragma: no-cache", 16) == 0) {
- t->flags &= ~SN_CACHEABLE & ~SN_CACHE_COOK;
+ txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
return;
}
if ((cur_end - p1 >= 21) &&
strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
&& (p1[20] == '"' || p1[20] == ','))
- t->flags &= ~SN_CACHE_COOK;
+ txn->flags &= ~TX_CACHE_COOK;
continue;
}
((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
- t->flags &= ~SN_CACHEABLE & ~SN_CACHE_COOK;
+ txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
return;
}
if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
- t->flags |= SN_CACHEABLE | SN_CACHE_COOK;
+ txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
continue;
}
}
*/
void get_srv_from_appsession(struct session *t, const char *begin, int len)
{
+ struct http_txn *txn = &t->txn;
appsess *asession_temp = NULL;
appsess local_asession;
char *request_line;
if (strcmp(srv->id, asession_temp->serverid) == 0) {
if (srv->state & SRV_RUNNING || t->be->beprm->options & PR_O_PERSIST) {
/* we found the server and it's usable */
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_VALID | SN_DIRECT | SN_ASSIGNED;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_VALID;
+ t->flags |= SN_DIRECT | SN_ASSIGNED;
t->srv = srv;
break;
} else {
- t->flags &= ~SN_CK_MASK;
- t->flags |= SN_CK_DOWN;
+ txn->flags &= ~TX_CK_MASK;
+ txn->flags |= TX_CK_DOWN;
}
}
srv = srv->next;
projects / thirdparty / haproxy.git / commitdiff
