blob: cd130494c992b1f80f7d0db43326fdb6be2788c4 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01004 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreaub05405a2012-01-23 15:35:52 +010026#include <netinet/tcp.h>
27
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010029#include <common/base64.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020030#include <common/chunk.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/compat.h>
32#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010033#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/memory.h>
35#include <common/mini-clist.h>
36#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020037#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020038#include <common/time.h>
39#include <common/uri_auth.h>
40#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
42#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020043#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044
Willy Tarreau8797c062007-05-07 00:55:35 +020045#include <proto/acl.h>
Willy Tarreau61612d42012-04-19 18:42:05 +020046#include <proto/arg.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010047#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/backend.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020049#include <proto/channel.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010050#include <proto/checks.h>
William Lallemand82fe75c2012-10-23 10:25:10 +020051#include <proto/compression.h>
Willy Tarreau91861262007-10-17 17:06:05 +020052#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020054#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010056#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020057#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020058#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010059#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020060#include <proto/queue.h>
Willy Tarreaucd3b0942012-04-27 21:52:18 +020061#include <proto/sample.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010062#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020063#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010064#include <proto/stream_interface.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020065#include <proto/task.h>
66
Willy Tarreau522d6c02009-12-06 18:49:18 +010067const char HTTP_100[] =
68 "HTTP/1.1 100 Continue\r\n\r\n";
69
70const struct chunk http_100_chunk = {
71 .str = (char *)&HTTP_100,
72 .len = sizeof(HTTP_100)-1
73};
74
Willy Tarreaua9679ac2010-01-03 17:32:57 +010075/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020076const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010077 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020078 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010079 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020080 "Location: "; /* not terminated since it will be concatenated with the URL */
81
Willy Tarreau0f772532006-12-23 20:51:41 +010082const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010083 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010084 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010085 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010086 "Location: "; /* not terminated since it will be concatenated with the URL */
87
88/* same as 302 except that the browser MUST retry with the GET method */
89const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010090 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010091 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010092 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010093 "Location: "; /* not terminated since it will be concatenated with the URL */
94
Willy Tarreaubaaee002006-06-26 02:48:02 +020095/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
96const char *HTTP_401_fmt =
97 "HTTP/1.0 401 Unauthorized\r\n"
98 "Cache-Control: no-cache\r\n"
99 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200100 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200101 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
102 "\r\n"
103 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
104
Willy Tarreau844a7e72010-01-31 21:46:18 +0100105const char *HTTP_407_fmt =
106 "HTTP/1.0 407 Unauthorized\r\n"
107 "Cache-Control: no-cache\r\n"
108 "Connection: close\r\n"
109 "Content-Type: text/html\r\n"
110 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
111 "\r\n"
112 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
113
Willy Tarreau0f772532006-12-23 20:51:41 +0100114
115const int http_err_codes[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200116 [HTTP_ERR_200] = 200, /* used by "monitor-uri" */
Willy Tarreau0f772532006-12-23 20:51:41 +0100117 [HTTP_ERR_400] = 400,
118 [HTTP_ERR_403] = 403,
119 [HTTP_ERR_408] = 408,
120 [HTTP_ERR_500] = 500,
121 [HTTP_ERR_502] = 502,
122 [HTTP_ERR_503] = 503,
123 [HTTP_ERR_504] = 504,
124};
125
Willy Tarreau80587432006-12-24 17:47:20 +0100126static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200127 [HTTP_ERR_200] =
128 "HTTP/1.0 200 OK\r\n"
129 "Cache-Control: no-cache\r\n"
130 "Connection: close\r\n"
131 "Content-Type: text/html\r\n"
132 "\r\n"
133 "<html><body><h1>200 OK</h1>\nService ready.\n</body></html>\n",
134
Willy Tarreau0f772532006-12-23 20:51:41 +0100135 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100136 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100137 "Cache-Control: no-cache\r\n"
138 "Connection: close\r\n"
139 "Content-Type: text/html\r\n"
140 "\r\n"
141 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
142
143 [HTTP_ERR_403] =
144 "HTTP/1.0 403 Forbidden\r\n"
145 "Cache-Control: no-cache\r\n"
146 "Connection: close\r\n"
147 "Content-Type: text/html\r\n"
148 "\r\n"
149 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
150
151 [HTTP_ERR_408] =
152 "HTTP/1.0 408 Request Time-out\r\n"
153 "Cache-Control: no-cache\r\n"
154 "Connection: close\r\n"
155 "Content-Type: text/html\r\n"
156 "\r\n"
157 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
158
159 [HTTP_ERR_500] =
160 "HTTP/1.0 500 Server Error\r\n"
161 "Cache-Control: no-cache\r\n"
162 "Connection: close\r\n"
163 "Content-Type: text/html\r\n"
164 "\r\n"
165 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
166
167 [HTTP_ERR_502] =
168 "HTTP/1.0 502 Bad Gateway\r\n"
169 "Cache-Control: no-cache\r\n"
170 "Connection: close\r\n"
171 "Content-Type: text/html\r\n"
172 "\r\n"
173 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
174
175 [HTTP_ERR_503] =
176 "HTTP/1.0 503 Service Unavailable\r\n"
177 "Cache-Control: no-cache\r\n"
178 "Connection: close\r\n"
179 "Content-Type: text/html\r\n"
180 "\r\n"
181 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
182
183 [HTTP_ERR_504] =
184 "HTTP/1.0 504 Gateway Time-out\r\n"
185 "Cache-Control: no-cache\r\n"
186 "Connection: close\r\n"
187 "Content-Type: text/html\r\n"
188 "\r\n"
189 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
190
191};
192
Cyril Bonté19979e12012-04-04 12:57:21 +0200193/* status codes available for the stats admin page (strictly 4 chars length) */
194const char *stat_status_codes[STAT_STATUS_SIZE] = {
195 [STAT_STATUS_DENY] = "DENY",
196 [STAT_STATUS_DONE] = "DONE",
197 [STAT_STATUS_ERRP] = "ERRP",
198 [STAT_STATUS_EXCD] = "EXCD",
199 [STAT_STATUS_NONE] = "NONE",
200 [STAT_STATUS_PART] = "PART",
201 [STAT_STATUS_UNKN] = "UNKN",
202};
203
204
Willy Tarreau80587432006-12-24 17:47:20 +0100205/* We must put the messages here since GCC cannot initialize consts depending
206 * on strlen().
207 */
208struct chunk http_err_chunks[HTTP_ERR_SIZE];
209
Willy Tarreau42250582007-04-01 01:30:43 +0200210#define FD_SETS_ARE_BITFIELDS
211#ifdef FD_SETS_ARE_BITFIELDS
212/*
213 * This map is used with all the FD_* macros to check whether a particular bit
214 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
215 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
216 * byte should be encoded. Be careful to always pass bytes from 0 to 255
217 * exclusively to the macros.
218 */
219fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
220fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
221
222#else
223#error "Check if your OS uses bitfields for fd_sets"
224#endif
225
Willy Tarreau80587432006-12-24 17:47:20 +0100226void init_proto_http()
227{
Willy Tarreau42250582007-04-01 01:30:43 +0200228 int i;
229 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100230 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200231
Willy Tarreau80587432006-12-24 17:47:20 +0100232 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
233 if (!http_err_msgs[msg]) {
234 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
235 abort();
236 }
237
238 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
239 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
240 }
Willy Tarreau42250582007-04-01 01:30:43 +0200241
242 /* initialize the log header encoding map : '{|}"#' should be encoded with
243 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
244 * URL encoding only requires '"', '#' to be encoded as well as non-
245 * printable characters above.
246 */
247 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
248 memset(url_encode_map, 0, sizeof(url_encode_map));
249 for (i = 0; i < 32; i++) {
250 FD_SET(i, hdr_encode_map);
251 FD_SET(i, url_encode_map);
252 }
253 for (i = 127; i < 256; i++) {
254 FD_SET(i, hdr_encode_map);
255 FD_SET(i, url_encode_map);
256 }
257
258 tmp = "\"#{|}";
259 while (*tmp) {
260 FD_SET(*tmp, hdr_encode_map);
261 tmp++;
262 }
263
264 tmp = "\"#";
265 while (*tmp) {
266 FD_SET(*tmp, url_encode_map);
267 tmp++;
268 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200269
270 /* memory allocations */
271 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200272 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
William Lallemanda73203e2012-03-12 12:48:57 +0100273 pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100274}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200275
Willy Tarreau53b6c742006-12-17 13:37:46 +0100276/*
277 * We have 26 list of methods (1 per first letter), each of which can have
278 * up to 3 entries (2 valid, 1 null).
279 */
280struct http_method_desc {
281 http_meth_t meth;
282 int len;
283 const char text[8];
284};
285
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100286const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100287 ['C' - 'A'] = {
288 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
289 },
290 ['D' - 'A'] = {
291 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
292 },
293 ['G' - 'A'] = {
294 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
295 },
296 ['H' - 'A'] = {
297 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
298 },
299 ['P' - 'A'] = {
300 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
301 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
302 },
303 ['T' - 'A'] = {
304 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
305 },
306 /* rest is empty like this :
307 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
308 */
309};
310
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100311/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200312 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100313 * RFC2616 for those chars.
314 */
315
316const char http_is_spht[256] = {
317 [' '] = 1, ['\t'] = 1,
318};
319
320const char http_is_crlf[256] = {
321 ['\r'] = 1, ['\n'] = 1,
322};
323
324const char http_is_lws[256] = {
325 [' '] = 1, ['\t'] = 1,
326 ['\r'] = 1, ['\n'] = 1,
327};
328
329const char http_is_sep[256] = {
330 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
331 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
332 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
333 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
334 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
335};
336
337const char http_is_ctl[256] = {
338 [0 ... 31] = 1,
339 [127] = 1,
340};
341
342/*
343 * A token is any ASCII char that is neither a separator nor a CTL char.
344 * Do not overwrite values in assignment since gcc-2.95 will not handle
345 * them correctly. Instead, define every non-CTL char's status.
346 */
347const char http_is_token[256] = {
348 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
349 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
350 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
351 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
352 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
353 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
354 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
355 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
356 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
357 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
358 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
359 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
360 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
361 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
362 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
363 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
364 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
365 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
366 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
367 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
368 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
369 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
370 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
371 ['|'] = 1, ['}'] = 0, ['~'] = 1,
372};
373
374
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100375/*
376 * An http ver_token is any ASCII which can be found in an HTTP version,
377 * which includes 'H', 'T', 'P', '/', '.' and any digit.
378 */
379const char http_is_ver_token[256] = {
380 ['.'] = 1, ['/'] = 1,
381 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
382 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
383 ['H'] = 1, ['P'] = 1, ['T'] = 1,
384};
385
386
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100387/*
Willy Tarreaue988a792010-01-04 21:13:14 +0100388 * Silent debug that outputs only in strace, using fd #-1. Trash is modified.
389 */
390#if defined(DEBUG_FSM)
391static void http_silent_debug(int line, struct session *s)
392{
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100393 chunk_printf(&trash,
394 "[%04d] req: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld tf=%08x\n",
395 line,
396 s->si[0].state, s->si[0].fd, s->txn.req.msg_state, s->req->flags, s->req->analysers,
397 s->req->buf->data, s->req->buf->size, s->req->l, s->req->w, s->req->r, s->req->buf->p, s->req->buf->o, s->req->to_forward, s->txn.flags);
398 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100399
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100400 chunk_printf(&trash,
401 " %04d rep: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld\n",
402 line,
403 s->si[1].state, s->si[1].fd, s->txn.rsp.msg_state, s->rep->flags, s->rep->analysers,
404 s->rep->buf->data, s->rep->buf->size, s->rep->l, s->rep->w, s->rep->r, s->rep->buf->p, s->rep->buf->o, s->rep->to_forward);
405 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100406}
407#else
408#define http_silent_debug(l,s) do { } while (0)
409#endif
410
411/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100412 * Adds a header and its CRLF at the tail of the message's buffer, just before
413 * the last CRLF. Text length is measured first, so it cannot be NULL.
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100414 * The header is also automatically added to the index <hdr_idx>, and the end
415 * of headers is automatically adjusted. The number of bytes added is returned
416 * on success, otherwise <0 is returned indicating an error.
417 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100418int http_header_add_tail(struct http_msg *msg, struct hdr_idx *hdr_idx, const char *text)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100419{
420 int bytes, len;
421
422 len = strlen(text);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200423 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100424 if (!bytes)
425 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100426 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100427 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
428}
429
430/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100431 * Adds a header and its CRLF at the tail of the message's buffer, just before
432 * the last CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100433 * the buffer is only opened and the space reserved, but nothing is copied.
434 * The header is also automatically added to the index <hdr_idx>, and the end
435 * of headers is automatically adjusted. The number of bytes added is returned
436 * on success, otherwise <0 is returned indicating an error.
437 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100438int http_header_add_tail2(struct http_msg *msg,
439 struct hdr_idx *hdr_idx, const char *text, int len)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100440{
441 int bytes;
442
Willy Tarreau9b28e032012-10-12 23:49:43 +0200443 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100444 if (!bytes)
445 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100446 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100447 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
448}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200449
450/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100451 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
452 * If so, returns the position of the first non-space character relative to
453 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
454 * to return a pointer to the place after the first space. Returns 0 if the
455 * header name does not match. Checks are case-insensitive.
456 */
457int http_header_match2(const char *hdr, const char *end,
458 const char *name, int len)
459{
460 const char *val;
461
462 if (hdr + len >= end)
463 return 0;
464 if (hdr[len] != ':')
465 return 0;
466 if (strncasecmp(hdr, name, len) != 0)
467 return 0;
468 val = hdr + len + 1;
469 while (val < end && HTTP_IS_SPHT(*val))
470 val++;
471 if ((val >= end) && (len + 2 <= end - hdr))
472 return len + 2; /* we may replace starting from second space */
473 return val - hdr;
474}
475
Willy Tarreau68085d82010-01-18 14:54:04 +0100476/* Find the end of the header value contained between <s> and <e>. See RFC2616,
477 * par 2.2 for more information. Note that it requires a valid header to return
478 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200479 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100480char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200481{
482 int quoted, qdpair;
483
484 quoted = qdpair = 0;
485 for (; s < e; s++) {
486 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200487 else if (quoted) {
488 if (*s == '\\') qdpair = 1;
489 else if (*s == '"') quoted = 0;
490 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200491 else if (*s == '"') quoted = 1;
492 else if (*s == ',') return s;
493 }
494 return s;
495}
496
497/* Find the first or next occurrence of header <name> in message buffer <sol>
498 * using headers index <idx>, and return it in the <ctx> structure. This
499 * structure holds everything necessary to use the header and find next
500 * occurrence. If its <idx> member is 0, the header is searched from the
501 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100502 * 1 when it finds a value, and 0 when there is no more. It is designed to work
503 * with headers defined as comma-separated lists. As a special case, if ctx->val
504 * is NULL when searching for a new values of a header, the current header is
505 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200506 */
507int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100508 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200509 struct hdr_ctx *ctx)
510{
Willy Tarreau68085d82010-01-18 14:54:04 +0100511 char *eol, *sov;
512 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200513
Willy Tarreau68085d82010-01-18 14:54:04 +0100514 cur_idx = ctx->idx;
515 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200516 /* We have previously returned a value, let's search
517 * another one on the same line.
518 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200519 sol = ctx->line;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200520 ctx->del = ctx->val + ctx->vlen + ctx->tws;
Willy Tarreau68085d82010-01-18 14:54:04 +0100521 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200522 eol = sol + idx->v[cur_idx].len;
523
524 if (sov >= eol)
525 /* no more values in this header */
526 goto next_hdr;
527
Willy Tarreau68085d82010-01-18 14:54:04 +0100528 /* values remaining for this header, skip the comma but save it
529 * for later use (eg: for header deletion).
530 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200531 sov++;
532 while (sov < eol && http_is_lws[(unsigned char)*sov])
533 sov++;
534
535 goto return_hdr;
536 }
537
538 /* first request for this header */
539 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100540 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200541 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200542 while (cur_idx) {
543 eol = sol + idx->v[cur_idx].len;
544
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200545 if (len == 0) {
546 /* No argument was passed, we want any header.
547 * To achieve this, we simply build a fake request. */
548 while (sol + len < eol && sol[len] != ':')
549 len++;
550 name = sol;
551 }
552
Willy Tarreau33a7e692007-06-10 19:45:56 +0200553 if ((len < eol - sol) &&
554 (sol[len] == ':') &&
555 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100556 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200557 sov = sol + len + 1;
558 while (sov < eol && http_is_lws[(unsigned char)*sov])
559 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100560
Willy Tarreau33a7e692007-06-10 19:45:56 +0200561 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100562 ctx->prev = old_idx;
563 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200564 ctx->idx = cur_idx;
565 ctx->val = sov - sol;
566
567 eol = find_hdr_value_end(sov, eol);
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200568 ctx->tws = 0;
Willy Tarreau275600b2011-09-16 08:11:26 +0200569 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200570 eol--;
571 ctx->tws++;
572 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200573 ctx->vlen = eol - sov;
574 return 1;
575 }
576 next_hdr:
577 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100578 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200579 cur_idx = idx->v[cur_idx].next;
580 }
581 return 0;
582}
583
584int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100585 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200586 struct hdr_ctx *ctx)
587{
588 return http_find_header2(name, strlen(name), sol, idx, ctx);
589}
590
Willy Tarreau68085d82010-01-18 14:54:04 +0100591/* Remove one value of a header. This only works on a <ctx> returned by one of
592 * the http_find_header functions. The value is removed, as well as surrounding
593 * commas if any. If the removed value was alone, the whole header is removed.
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100594 * The ctx is always updated accordingly, as well as the buffer and HTTP
Willy Tarreau68085d82010-01-18 14:54:04 +0100595 * message <msg>. The new index is returned. If it is zero, it means there is
596 * no more header, so any processing may stop. The ctx is always left in a form
597 * that can be handled by http_find_header2() to find next occurrence.
598 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100599int http_remove_header2(struct http_msg *msg, struct hdr_idx *idx, struct hdr_ctx *ctx)
Willy Tarreau68085d82010-01-18 14:54:04 +0100600{
601 int cur_idx = ctx->idx;
602 char *sol = ctx->line;
603 struct hdr_idx_elem *hdr;
604 int delta, skip_comma;
605
606 if (!cur_idx)
607 return 0;
608
609 hdr = &idx->v[cur_idx];
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200610 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen + ctx->tws == hdr->len) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100611 /* This was the only value of the header, we must now remove it entirely. */
Willy Tarreau9b28e032012-10-12 23:49:43 +0200612 delta = buffer_replace2(msg->chn->buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
Willy Tarreau68085d82010-01-18 14:54:04 +0100613 http_msg_move_end(msg, delta);
614 idx->used--;
615 hdr->len = 0; /* unused entry */
616 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100617 if (idx->tail == ctx->idx)
618 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100619 ctx->idx = ctx->prev; /* walk back to the end of previous header */
620 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
621 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200622 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100623 return ctx->idx;
624 }
625
626 /* This was not the only value of this header. We have to remove between
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200627 * ctx->del+1 and ctx->val+ctx->vlen+ctx->tws+1 included. If it is the
628 * last entry of the list, we remove the last separator.
Willy Tarreau68085d82010-01-18 14:54:04 +0100629 */
630
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200631 skip_comma = (ctx->val + ctx->vlen + ctx->tws == hdr->len) ? 0 : 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200632 delta = buffer_replace2(msg->chn->buf, sol + ctx->del + skip_comma,
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200633 sol + ctx->val + ctx->vlen + ctx->tws + skip_comma,
Willy Tarreau68085d82010-01-18 14:54:04 +0100634 NULL, 0);
635 hdr->len += delta;
636 http_msg_move_end(msg, delta);
637 ctx->val = ctx->del;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200638 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100639 return ctx->idx;
640}
641
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100642/* This function handles a server error at the stream interface level. The
643 * stream interface is assumed to be already in a closed state. An optional
644 * message is copied into the input buffer, and an HTTP status code stored.
645 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100646 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200647 */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100648static void http_server_error(struct session *t, struct stream_interface *si,
649 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200650{
Willy Tarreau8263d2b2012-08-28 00:06:31 +0200651 channel_auto_read(si->ob);
652 channel_abort(si->ob);
653 channel_auto_close(si->ob);
654 channel_erase(si->ob);
655 channel_auto_close(si->ib);
656 channel_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100657 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100658 t->txn.status = status;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +0200659 bo_inject(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200660 }
661 if (!(t->flags & SN_ERR_MASK))
662 t->flags |= err;
663 if (!(t->flags & SN_FINST_MASK))
664 t->flags |= finst;
665}
666
Willy Tarreau80587432006-12-24 17:47:20 +0100667/* This function returns the appropriate error location for the given session
668 * and message.
669 */
670
Willy Tarreau783f2582012-09-04 12:19:04 +0200671struct chunk *http_error_message(struct session *s, int msgnum)
Willy Tarreau80587432006-12-24 17:47:20 +0100672{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200673 if (s->be->errmsg[msgnum].str)
674 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100675 else if (s->fe->errmsg[msgnum].str)
676 return &s->fe->errmsg[msgnum];
677 else
678 return &http_err_chunks[msgnum];
679}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200680
Willy Tarreau53b6c742006-12-17 13:37:46 +0100681/*
682 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
683 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
684 */
685static http_meth_t find_http_meth(const char *str, const int len)
686{
687 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100688 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100689
690 m = ((unsigned)*str - 'A');
691
692 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100693 for (h = http_methods[m]; h->len > 0; h++) {
694 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100695 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100696 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100697 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100698 };
699 return HTTP_METH_OTHER;
700 }
701 return HTTP_METH_NONE;
702
703}
704
Willy Tarreau21d2af32008-02-14 20:25:24 +0100705/* Parse the URI from the given transaction (which is assumed to be in request
706 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
707 * It is returned otherwise.
708 */
709static char *
710http_get_path(struct http_txn *txn)
711{
712 char *ptr, *end;
713
Willy Tarreau9b28e032012-10-12 23:49:43 +0200714 ptr = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100715 end = ptr + txn->req.sl.rq.u_l;
716
717 if (ptr >= end)
718 return NULL;
719
720 /* RFC2616, par. 5.1.2 :
721 * Request-URI = "*" | absuri | abspath | authority
722 */
723
724 if (*ptr == '*')
725 return NULL;
726
727 if (isalpha((unsigned char)*ptr)) {
728 /* this is a scheme as described by RFC3986, par. 3.1 */
729 ptr++;
730 while (ptr < end &&
731 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
732 ptr++;
733 /* skip '://' */
734 if (ptr == end || *ptr++ != ':')
735 return NULL;
736 if (ptr == end || *ptr++ != '/')
737 return NULL;
738 if (ptr == end || *ptr++ != '/')
739 return NULL;
740 }
741 /* skip [user[:passwd]@]host[:[port]] */
742
743 while (ptr < end && *ptr != '/')
744 ptr++;
745
746 if (ptr == end)
747 return NULL;
748
749 /* OK, we got the '/' ! */
750 return ptr;
751}
752
Willy Tarreauefb453c2008-10-26 20:49:47 +0100753/* Returns a 302 for a redirectable request. This may only be called just after
754 * the stream interface has moved to SI_ST_ASS. Unprocessable requests are
755 * left unchanged and will follow normal proxy processing.
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200756 * NOTE: this function is designed to support being called once data are scheduled
757 * for forwarding.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100758 */
Willy Tarreau55a8d0e2008-11-30 18:47:21 +0100759void perform_http_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100760{
761 struct http_txn *txn;
Willy Tarreau827aee92011-03-10 16:55:02 +0100762 struct server *srv;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100763 char *path;
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200764 int len, rewind;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100765
766 /* 1: create the response header */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100767 trash.len = strlen(HTTP_302);
768 memcpy(trash.str, HTTP_302, trash.len);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100769
Willy Tarreau827aee92011-03-10 16:55:02 +0100770 srv = target_srv(&s->target);
771
Willy Tarreauefb453c2008-10-26 20:49:47 +0100772 /* 2: add the server's prefix */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100773 if (trash.len + srv->rdr_len > trash.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100774 return;
775
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100776 /* special prefix "/" means don't change URL */
Willy Tarreau827aee92011-03-10 16:55:02 +0100777 if (srv->rdr_len != 1 || *srv->rdr_pfx != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100778 memcpy(trash.str + trash.len, srv->rdr_pfx, srv->rdr_len);
779 trash.len += srv->rdr_len;
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100780 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100781
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200782 /* 3: add the request URI. Since it was already forwarded, we need
783 * to temporarily rewind the buffer.
784 */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100785 txn = &s->txn;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200786 b_rew(s->req->buf, rewind = s->req->buf->o);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200787
Willy Tarreauefb453c2008-10-26 20:49:47 +0100788 path = http_get_path(txn);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200789 len = buffer_count(s->req->buf, path, b_ptr(s->req->buf, txn->req.sl.rq.u + txn->req.sl.rq.u_l));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200790
Willy Tarreau9b28e032012-10-12 23:49:43 +0200791 b_adv(s->req->buf, rewind);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200792
Willy Tarreauefb453c2008-10-26 20:49:47 +0100793 if (!path)
794 return;
795
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100796 if (trash.len + len > trash.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100797 return;
798
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100799 memcpy(trash.str + trash.len, path, len);
800 trash.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100801
802 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100803 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
804 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100805 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100806 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
807 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100808 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100809
810 /* prepare to return without error. */
Willy Tarreau73b013b2012-05-21 16:31:45 +0200811 si_shutr(si);
812 si_shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100813 si->err_type = SI_ET_NONE;
814 si->err_loc = NULL;
815 si->state = SI_ST_CLO;
816
817 /* send the message */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100818 http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100819
820 /* FIXME: we should increase a counter of redirects per server and per backend. */
Willy Tarreau827aee92011-03-10 16:55:02 +0100821 if (srv)
822 srv_inc_sess_ctr(srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100823}
824
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100825/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100826 * that the server side is closed. Note that err_type is actually a
827 * bitmask, where almost only aborts may be cumulated with other
828 * values. We consider that aborted operations are more important
829 * than timeouts or errors due to the fact that nobody else in the
830 * logs might explain incomplete retries. All others should avoid
831 * being cumulated. It should normally not be possible to have multiple
832 * aborts at once, but just in case, the first one in sequence is reported.
833 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100834void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100835{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100836 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100837
838 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100839 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200840 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100841 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100842 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200843 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100844 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100845 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200846 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100847 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100848 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200849 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100850 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100851 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200852 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100853 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100854 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200855 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100856 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100857 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200858 500, http_error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100859}
860
Willy Tarreau42250582007-04-01 01:30:43 +0200861extern const char sess_term_cond[8];
862extern const char sess_fin_state[8];
863extern const char *monthname[12];
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200864struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200865struct pool_head *pool2_capture;
William Lallemanda73203e2012-03-12 12:48:57 +0100866struct pool_head *pool2_uniqueid;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100867
Willy Tarreau117f59e2007-03-04 18:17:17 +0100868/*
869 * Capture headers from message starting at <som> according to header list
870 * <cap_hdr>, and fill the <idx> structure appropriately.
871 */
872void capture_headers(char *som, struct hdr_idx *idx,
873 char **cap, struct cap_hdr *cap_hdr)
874{
875 char *eol, *sol, *col, *sov;
876 int cur_idx;
877 struct cap_hdr *h;
878 int len;
879
880 sol = som + hdr_idx_first_pos(idx);
881 cur_idx = hdr_idx_first_idx(idx);
882
883 while (cur_idx) {
884 eol = sol + idx->v[cur_idx].len;
885
886 col = sol;
887 while (col < eol && *col != ':')
888 col++;
889
890 sov = col + 1;
891 while (sov < eol && http_is_lws[(unsigned char)*sov])
892 sov++;
893
894 for (h = cap_hdr; h; h = h->next) {
895 if ((h->namelen == col - sol) &&
896 (strncasecmp(sol, h->name, h->namelen) == 0)) {
897 if (cap[h->index] == NULL)
898 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +0200899 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +0100900
901 if (cap[h->index] == NULL) {
902 Alert("HTTP capture : out of memory.\n");
903 continue;
904 }
905
906 len = eol - sov;
907 if (len > h->len)
908 len = h->len;
909
910 memcpy(cap[h->index], sov, len);
911 cap[h->index][len]=0;
912 }
913 }
914 sol = eol + idx->v[cur_idx].cr + 1;
915 cur_idx = idx->v[cur_idx].next;
916 }
917}
918
919
Willy Tarreau42250582007-04-01 01:30:43 +0200920/* either we find an LF at <ptr> or we jump to <bad>.
921 */
922#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
923
924/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
925 * otherwise to <http_msg_ood> with <state> set to <st>.
926 */
927#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
928 ptr++; \
929 if (likely(ptr < end)) \
930 goto good; \
931 else { \
932 state = (st); \
933 goto http_msg_ood; \
934 } \
935 } while (0)
936
937
Willy Tarreaubaaee002006-06-26 02:48:02 +0200938/*
Willy Tarreaua15645d2007-03-18 16:22:39 +0100939 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +0100940 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
941 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
942 * will give undefined results.
943 * Note that it is upon the caller's responsibility to ensure that ptr < end,
944 * and that msg->sol points to the beginning of the response.
945 * If a complete line is found (which implies that at least one CR or LF is
946 * found before <end>, the updated <ptr> is returned, otherwise NULL is
947 * returned indicating an incomplete line (which does not mean that parts have
948 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
949 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
950 * upon next call.
951 *
Willy Tarreau9cdde232007-05-02 20:58:19 +0200952 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +0100953 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
954 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +0200955 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +0100956 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +0200957const char *http_parse_stsline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +0100958 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +0100959 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +0100960{
Willy Tarreau9b28e032012-10-12 23:49:43 +0200961 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +0100962
Willy Tarreau8973c702007-01-21 23:58:29 +0100963 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +0100964 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +0200965 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100966 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +0100967 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
968
969 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +0100970 msg->sl.st.v_l = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +0100971 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
972 }
Willy Tarreau7552c032009-03-01 11:10:40 +0100973 state = HTTP_MSG_ERROR;
974 break;
975
Willy Tarreau8973c702007-01-21 23:58:29 +0100976 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +0200977 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +0100978 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +0100979 msg->sl.st.c = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +0100980 goto http_msg_rpcode;
981 }
982 if (likely(HTTP_IS_SPHT(*ptr)))
983 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
984 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +0100985 state = HTTP_MSG_ERROR;
986 break;
Willy Tarreau8973c702007-01-21 23:58:29 +0100987
Willy Tarreau8973c702007-01-21 23:58:29 +0100988 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +0200989 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +0100990 if (likely(!HTTP_IS_LWS(*ptr)))
991 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
992
993 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +0100994 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +0100995 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
996 }
997
998 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreauea1175a2012-03-05 15:52:30 +0100999 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001000 http_msg_rsp_reason:
1001 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001002 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001003 msg->sl.st.r_l = 0;
1004 goto http_msg_rpline_eol;
1005
Willy Tarreau8973c702007-01-21 23:58:29 +01001006 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001007 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001008 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001009 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001010 goto http_msg_rpreason;
1011 }
1012 if (likely(HTTP_IS_SPHT(*ptr)))
1013 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1014 /* so it's a CR/LF, so there is no reason phrase */
1015 goto http_msg_rsp_reason;
1016
Willy Tarreau8973c702007-01-21 23:58:29 +01001017 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001018 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001019 if (likely(!HTTP_IS_CRLF(*ptr)))
1020 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreauea1175a2012-03-05 15:52:30 +01001021 msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001022 http_msg_rpline_eol:
1023 /* We have seen the end of line. Note that we do not
1024 * necessarily have the \n yet, but at least we know that we
1025 * have EITHER \r OR \n, otherwise the response would not be
1026 * complete. We can then record the response length and return
1027 * to the caller which will be able to register it.
1028 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001029 msg->sl.st.l = ptr - msg_start - msg->sol;
Willy Tarreau8973c702007-01-21 23:58:29 +01001030 return ptr;
1031
1032#ifdef DEBUG_FULL
1033 default:
1034 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1035 exit(1);
1036#endif
1037 }
1038
1039 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001040 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001041 if (ret_state)
1042 *ret_state = state;
1043 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001044 *ret_ptr = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001045 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001046}
1047
Willy Tarreau8973c702007-01-21 23:58:29 +01001048/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001049 * This function parses a request line between <ptr> and <end>, starting with
1050 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1051 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1052 * will give undefined results.
1053 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1054 * and that msg->sol points to the beginning of the request.
1055 * If a complete line is found (which implies that at least one CR or LF is
1056 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1057 * returned indicating an incomplete line (which does not mean that parts have
1058 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1059 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1060 * upon next call.
1061 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001062 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001063 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1064 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001065 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001066 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001067const char *http_parse_reqline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +01001068 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +01001069 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001070{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001071 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001072
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001073 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001074 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001075 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001076 if (likely(HTTP_IS_TOKEN(*ptr)))
1077 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001078
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001079 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001080 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001081 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1082 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001083
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001084 if (likely(HTTP_IS_CRLF(*ptr))) {
1085 /* HTTP 0.9 request */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001086 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001087 http_msg_req09_uri:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001088 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001089 http_msg_req09_uri_e:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001090 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001091 http_msg_req09_ver:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001092 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001093 msg->sl.rq.v_l = 0;
1094 goto http_msg_rqline_eol;
1095 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001096 state = HTTP_MSG_ERROR;
1097 break;
1098
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001099 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001100 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001101 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001102 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001103 goto http_msg_rquri;
1104 }
1105 if (likely(HTTP_IS_SPHT(*ptr)))
1106 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1107 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1108 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001109
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001110 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001111 http_msg_rquri:
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001112 if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001113 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001114
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001115 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001116 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001117 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1118 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001119
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001120 if (likely((unsigned char)*ptr >= 128)) {
Willy Tarreau422246e2012-01-07 23:54:13 +01001121 /* non-ASCII chars are forbidden unless option
1122 * accept-invalid-http-request is enabled in the frontend.
1123 * In any case, we capture the faulty char.
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001124 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001125 if (msg->err_pos < -1)
1126 goto invalid_char;
1127 if (msg->err_pos == -1)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001128 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001129 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
1130 }
1131
1132 if (likely(HTTP_IS_CRLF(*ptr))) {
1133 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1134 goto http_msg_req09_uri_e;
1135 }
1136
1137 /* OK forbidden chars, 0..31 or 127 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001138 invalid_char:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001139 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001140 state = HTTP_MSG_ERROR;
1141 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001142
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001143 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001144 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001145 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001146 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001147 goto http_msg_rqver;
1148 }
1149 if (likely(HTTP_IS_SPHT(*ptr)))
1150 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1151 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1152 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001153
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001154 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001155 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001156 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001157 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001158
1159 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001160 msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001161 http_msg_rqline_eol:
1162 /* We have seen the end of line. Note that we do not
1163 * necessarily have the \n yet, but at least we know that we
1164 * have EITHER \r OR \n, otherwise the request would not be
1165 * complete. We can then record the request length and return
1166 * to the caller which will be able to register it.
1167 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001168 msg->sl.rq.l = ptr - msg_start - msg->sol;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001169 return ptr;
1170 }
1171
1172 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001173 state = HTTP_MSG_ERROR;
1174 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001175
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001176#ifdef DEBUG_FULL
1177 default:
1178 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1179 exit(1);
1180#endif
1181 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001182
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001183 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001184 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001185 if (ret_state)
1186 *ret_state = state;
1187 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001188 *ret_ptr = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001189 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001190}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001191
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001192/*
1193 * Returns the data from Authorization header. Function may be called more
1194 * than once so data is stored in txn->auth_data. When no header is found
1195 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
1196 * searching again for something we are unable to find anyway.
1197 */
1198
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001199char *get_http_auth_buff;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001200
1201int
1202get_http_auth(struct session *s)
1203{
1204
1205 struct http_txn *txn = &s->txn;
1206 struct chunk auth_method;
1207 struct hdr_ctx ctx;
1208 char *h, *p;
1209 int len;
1210
1211#ifdef DEBUG_AUTH
1212 printf("Auth for session %p: %d\n", s, txn->auth.method);
1213#endif
1214
1215 if (txn->auth.method == HTTP_AUTH_WRONG)
1216 return 0;
1217
1218 if (txn->auth.method)
1219 return 1;
1220
1221 txn->auth.method = HTTP_AUTH_WRONG;
1222
1223 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001224
1225 if (txn->flags & TX_USE_PX_CONN) {
1226 h = "Proxy-Authorization";
1227 len = strlen(h);
1228 } else {
1229 h = "Authorization";
1230 len = strlen(h);
1231 }
1232
Willy Tarreau9b28e032012-10-12 23:49:43 +02001233 if (!http_find_header2(h, len, s->req->buf->p, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001234 return 0;
1235
1236 h = ctx.line + ctx.val;
1237
1238 p = memchr(h, ' ', ctx.vlen);
1239 if (!p || p == h)
1240 return 0;
1241
1242 chunk_initlen(&auth_method, h, 0, p-h);
1243 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1244
1245 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1246
1247 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001248 get_http_auth_buff, global.tune.bufsize - 1);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001249
1250 if (len < 0)
1251 return 0;
1252
1253
1254 get_http_auth_buff[len] = '\0';
1255
1256 p = strchr(get_http_auth_buff, ':');
1257
1258 if (!p)
1259 return 0;
1260
1261 txn->auth.user = get_http_auth_buff;
1262 *p = '\0';
1263 txn->auth.pass = p+1;
1264
1265 txn->auth.method = HTTP_AUTH_BASIC;
1266 return 1;
1267 }
1268
1269 return 0;
1270}
1271
Willy Tarreau58f10d72006-12-04 02:26:12 +01001272
Willy Tarreau8973c702007-01-21 23:58:29 +01001273/*
1274 * This function parses an HTTP message, either a request or a response,
Willy Tarreau8b1323e2012-03-09 14:46:19 +01001275 * depending on the initial msg->msg_state. The caller is responsible for
1276 * ensuring that the message does not wrap. The function can be preempted
1277 * everywhere when data are missing and recalled at the exact same location
1278 * with no information loss. The message may even be realigned between two
1279 * calls. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001280 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau26927362012-05-18 23:22:52 +02001281 * fields. Note that msg->sol will be initialized after completing the first
1282 * state, so that none of the msg pointers has to be initialized prior to the
1283 * first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001284 */
Willy Tarreaua560c212012-03-09 13:50:57 +01001285void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001286{
Willy Tarreaue69eada2008-01-27 00:34:10 +01001287 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001288 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001289 struct buffer *buf;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001290
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001291 state = msg->msg_state;
Willy Tarreau9b28e032012-10-12 23:49:43 +02001292 buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001293 ptr = buf->p + msg->next;
1294 end = buf->p + buf->i;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001295
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001296 if (unlikely(ptr >= end))
1297 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001298
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001299 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001300 /*
1301 * First, states that are specific to the response only.
1302 * We check them first so that request and headers are
1303 * closer to each other (accessed more often).
1304 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001305 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001306 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001307 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001308 /* we have a start of message, but we have to check
1309 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001310 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001311 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001312 if (unlikely(ptr != buf->p)) {
1313 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001314 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001315 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001316 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8973c702007-01-21 23:58:29 +01001317 }
Willy Tarreau26927362012-05-18 23:22:52 +02001318 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001319 msg->sl.st.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001320 hdr_idx_init(idx);
1321 state = HTTP_MSG_RPVER;
1322 goto http_msg_rpver;
1323 }
1324
1325 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1326 goto http_msg_invalid;
1327
1328 if (unlikely(*ptr == '\n'))
1329 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1330 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1331 /* stop here */
1332
Willy Tarreau8973c702007-01-21 23:58:29 +01001333 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001334 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001335 EXPECT_LF_HERE(ptr, http_msg_invalid);
1336 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1337 /* stop here */
1338
Willy Tarreau8973c702007-01-21 23:58:29 +01001339 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001340 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001341 case HTTP_MSG_RPVER_SP:
1342 case HTTP_MSG_RPCODE:
1343 case HTTP_MSG_RPCODE_SP:
1344 case HTTP_MSG_RPREASON:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001345 ptr = (char *)http_parse_stsline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001346 state, ptr, end,
1347 &msg->next, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001348 if (unlikely(!ptr))
1349 return;
1350
1351 /* we have a full response and we know that we have either a CR
1352 * or an LF at <ptr>.
1353 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001354 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1355
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001356 msg->sol = ptr - buf->p;
Willy Tarreau8973c702007-01-21 23:58:29 +01001357 if (likely(*ptr == '\r'))
1358 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1359 goto http_msg_rpline_end;
1360
Willy Tarreau8973c702007-01-21 23:58:29 +01001361 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001362 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001363 /* msg->sol must point to the first of CR or LF. */
1364 EXPECT_LF_HERE(ptr, http_msg_invalid);
1365 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1366 /* stop here */
1367
1368 /*
1369 * Second, states that are specific to the request only
1370 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001371 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001372 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001373 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001374 /* we have a start of message, but we have to check
1375 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001376 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001377 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001378 if (likely(ptr != buf->p)) {
1379 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001380 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001381 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001382 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001383 }
Willy Tarreau26927362012-05-18 23:22:52 +02001384 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001385 msg->sl.rq.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001386 state = HTTP_MSG_RQMETH;
1387 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001388 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001389
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001390 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1391 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001392
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001393 if (unlikely(*ptr == '\n'))
1394 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1395 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001396 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001397
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001398 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001399 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001400 EXPECT_LF_HERE(ptr, http_msg_invalid);
1401 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001402 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001403
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001404 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001405 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001406 case HTTP_MSG_RQMETH_SP:
1407 case HTTP_MSG_RQURI:
1408 case HTTP_MSG_RQURI_SP:
1409 case HTTP_MSG_RQVER:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001410 ptr = (char *)http_parse_reqline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001411 state, ptr, end,
1412 &msg->next, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001413 if (unlikely(!ptr))
1414 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001415
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001416 /* we have a full request and we know that we have either a CR
1417 * or an LF at <ptr>.
1418 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001419 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001420
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001421 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001422 if (likely(*ptr == '\r'))
1423 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001424 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001425
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001426 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001427 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001428 /* check for HTTP/0.9 request : no version information available.
1429 * msg->sol must point to the first of CR or LF.
1430 */
1431 if (unlikely(msg->sl.rq.v_l == 0))
1432 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001433
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001434 EXPECT_LF_HERE(ptr, http_msg_invalid);
1435 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001436 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001437
Willy Tarreau8973c702007-01-21 23:58:29 +01001438 /*
1439 * Common states below
1440 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001441 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001442 http_msg_hdr_first:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001443 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001444 if (likely(!HTTP_IS_CRLF(*ptr))) {
1445 goto http_msg_hdr_name;
1446 }
1447
1448 if (likely(*ptr == '\r'))
1449 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1450 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001451
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001452 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001453 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001454 /* assumes msg->sol points to the first char */
1455 if (likely(HTTP_IS_TOKEN(*ptr)))
1456 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001457
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001458 if (likely(*ptr == ':'))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001459 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001460
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001461 if (likely(msg->err_pos < -1) || *ptr == '\n')
1462 goto http_msg_invalid;
1463
1464 if (msg->err_pos == -1) /* capture error pointer */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001465 msg->err_pos = ptr - buf->p; /* >= 0 now */
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001466
1467 /* and we still accept this non-token character */
1468 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001469
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001470 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001471 http_msg_hdr_l1_sp:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001472 /* assumes msg->sol points to the first char */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001473 if (likely(HTTP_IS_SPHT(*ptr)))
1474 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001475
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001476 /* header value can be basically anything except CR/LF */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001477 msg->sov = ptr - buf->p;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001478
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001479 if (likely(!HTTP_IS_CRLF(*ptr))) {
1480 goto http_msg_hdr_val;
1481 }
1482
1483 if (likely(*ptr == '\r'))
1484 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1485 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001486
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001487 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001488 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001489 EXPECT_LF_HERE(ptr, http_msg_invalid);
1490 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001491
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001492 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001493 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001494 if (likely(HTTP_IS_SPHT(*ptr))) {
1495 /* replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001496 for (; buf->p + msg->sov < ptr; msg->sov++)
1497 buf->p[msg->sov] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001498 goto http_msg_hdr_l1_sp;
1499 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001500 /* we had a header consisting only in spaces ! */
Willy Tarreau12e48b32012-03-05 16:57:34 +01001501 msg->eol = msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001502 goto http_msg_complete_header;
1503
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001504 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001505 http_msg_hdr_val:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001506 /* assumes msg->sol points to the first char, and msg->sov
1507 * points to the first character of the value.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001508 */
1509 if (likely(!HTTP_IS_CRLF(*ptr)))
1510 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001511
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001512 msg->eol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001513 /* Note: we could also copy eol into ->eoh so that we have the
1514 * real header end in case it ends with lots of LWS, but is this
1515 * really needed ?
1516 */
1517 if (likely(*ptr == '\r'))
1518 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1519 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001520
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001521 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001522 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001523 EXPECT_LF_HERE(ptr, http_msg_invalid);
1524 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001525
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001526 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001527 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001528 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1529 /* LWS: replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001530 for (; buf->p + msg->eol < ptr; msg->eol++)
1531 buf->p[msg->eol] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001532 goto http_msg_hdr_val;
1533 }
1534 http_msg_complete_header:
1535 /*
1536 * It was a new header, so the last one is finished.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001537 * Assumes msg->sol points to the first char, msg->sov points
1538 * to the first character of the value and msg->eol to the
1539 * first CR or LF so we know how the line ends. We insert last
1540 * header into the index.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001541 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001542 if (unlikely(hdr_idx_add(msg->eol - msg->sol, buf->p[msg->eol] == '\r',
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001543 idx, idx->tail) < 0))
1544 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001545
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001546 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001547 if (likely(!HTTP_IS_CRLF(*ptr))) {
1548 goto http_msg_hdr_name;
1549 }
1550
1551 if (likely(*ptr == '\r'))
1552 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1553 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001554
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001555 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001556 http_msg_last_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001557 /* Assumes msg->sol points to the first of either CR or LF */
1558 EXPECT_LF_HERE(ptr, http_msg_invalid);
1559 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001560 msg->sov = msg->next = ptr - buf->p;
Willy Tarreau3a215be2012-03-09 21:39:51 +01001561 msg->eoh = msg->sol;
1562 msg->sol = 0;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001563 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001564 return;
Willy Tarreaub56928a2012-04-16 14:51:55 +02001565
1566 case HTTP_MSG_ERROR:
1567 /* this may only happen if we call http_msg_analyser() twice with an error */
1568 break;
1569
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001570#ifdef DEBUG_FULL
1571 default:
1572 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1573 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001574#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001575 }
1576 http_msg_ood:
1577 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001578 msg->msg_state = state;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001579 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001580 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001581
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001582 http_msg_invalid:
1583 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001584 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001585 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001586 return;
1587}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001588
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001589/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1590 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1591 * nothing is done and 1 is returned.
1592 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001593static int http_upgrade_v09_to_v10(struct http_txn *txn)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001594{
1595 int delta;
1596 char *cur_end;
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001597 struct http_msg *msg = &txn->req;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001598
1599 if (msg->sl.rq.v_l != 0)
1600 return 1;
1601
Willy Tarreau9b28e032012-10-12 23:49:43 +02001602 cur_end = msg->chn->buf->p + msg->sl.rq.l;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001603 delta = 0;
1604
1605 if (msg->sl.rq.u_l == 0) {
1606 /* if no URI was set, add "/" */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001607 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " /", 2);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001608 cur_end += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001609 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001610 }
1611 /* add HTTP version */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001612 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001613 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001614 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001615 cur_end = (char *)http_parse_reqline(msg,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001616 HTTP_MSG_RQMETH,
Willy Tarreau9b28e032012-10-12 23:49:43 +02001617 msg->chn->buf->p, cur_end + 1,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001618 NULL, NULL);
1619 if (unlikely(!cur_end))
1620 return 0;
1621
1622 /* we have a full HTTP/1.0 request now and we know that
1623 * we have either a CR or an LF at <ptr>.
1624 */
1625 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1626 return 1;
1627}
1628
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001629/* Parse the Connection: header of an HTTP request, looking for both "close"
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001630 * and "keep-alive" values. If we already know that some headers may safely
1631 * be removed, we remove them now. The <to_del> flags are used for that :
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001632 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1633 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
1634 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1635 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1636 * harmless combinations may be removed. Do not call that after changes have
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001637 * been processed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001638 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001639void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001640{
Willy Tarreau5b154472009-12-21 20:11:07 +01001641 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001642 const char *hdr_val = "Connection";
1643 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001644
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001645 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001646 return;
1647
Willy Tarreau88d349d2010-01-25 12:15:43 +01001648 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1649 hdr_val = "Proxy-Connection";
1650 hdr_len = 16;
1651 }
1652
Willy Tarreau5b154472009-12-21 20:11:07 +01001653 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001654 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001655 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001656 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1657 txn->flags |= TX_HDR_CONN_KAL;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001658 if (to_del & 2)
1659 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001660 else
1661 txn->flags |= TX_CON_KAL_SET;
1662 }
1663 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1664 txn->flags |= TX_HDR_CONN_CLO;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001665 if (to_del & 1)
1666 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001667 else
1668 txn->flags |= TX_CON_CLO_SET;
1669 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001670 }
1671
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001672 txn->flags |= TX_HDR_CONN_PRS;
1673 return;
1674}
Willy Tarreau5b154472009-12-21 20:11:07 +01001675
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001676/* Apply desired changes on the Connection: header. Values may be removed and/or
1677 * added depending on the <wanted> flags, which are exclusively composed of
1678 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
1679 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
1680 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001681void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, int wanted)
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001682{
1683 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001684 const char *hdr_val = "Connection";
1685 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001686
1687 ctx.idx = 0;
1688
Willy Tarreau88d349d2010-01-25 12:15:43 +01001689
1690 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1691 hdr_val = "Proxy-Connection";
1692 hdr_len = 16;
1693 }
1694
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001695 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001696 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001697 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1698 if (wanted & TX_CON_KAL_SET)
1699 txn->flags |= TX_CON_KAL_SET;
1700 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001701 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01001702 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001703 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1704 if (wanted & TX_CON_CLO_SET)
1705 txn->flags |= TX_CON_CLO_SET;
1706 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001707 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01001708 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001709 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001710
1711 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
1712 return;
1713
1714 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
1715 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001716 hdr_val = "Connection: close";
1717 hdr_len = 17;
1718 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1719 hdr_val = "Proxy-Connection: close";
1720 hdr_len = 23;
1721 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001722 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001723 }
1724
1725 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
1726 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001727 hdr_val = "Connection: keep-alive";
1728 hdr_len = 22;
1729 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1730 hdr_val = "Proxy-Connection: keep-alive";
1731 hdr_len = 28;
1732 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001733 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001734 }
1735 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01001736}
1737
Willy Tarreaua458b672012-03-05 11:17:50 +01001738/* Parse the chunk size at msg->next. Once done, it adjusts ->next to point to the
Willy Tarreaud98cf932009-12-27 22:54:55 +01001739 * first byte of body, and increments msg->sov by the number of bytes parsed,
Willy Tarreau26927362012-05-18 23:22:52 +02001740 * so that we know we can forward between ->sol and ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001741 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001742 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001743 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001744static inline int http_parse_chunk_size(struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001745{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001746 const struct buffer *buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001747 const char *ptr = b_ptr(buf, msg->next);
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001748 const char *ptr_old = ptr;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001749 const char *end = buf->data + buf->size;
1750 const char *stop = bi_end(buf);
Willy Tarreau115acb92009-12-26 13:56:06 +01001751 unsigned int chunk = 0;
1752
1753 /* The chunk size is in the following form, though we are only
1754 * interested in the size and CRLF :
1755 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1756 */
1757 while (1) {
1758 int c;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001759 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001760 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001761 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001762 if (c < 0) /* not a hex digit anymore */
1763 break;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001764 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001765 ptr = buf->data;
Willy Tarreau431946e2012-02-24 19:20:12 +01001766 if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001767 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001768 chunk = (chunk << 4) + c;
1769 }
1770
Willy Tarreaud98cf932009-12-27 22:54:55 +01001771 /* empty size not allowed */
Willy Tarreaua458b672012-03-05 11:17:50 +01001772 if (ptr == ptr_old)
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001773 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001774
1775 while (http_is_spht[(unsigned char)*ptr]) {
1776 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001777 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001778 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001779 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001780 }
1781
Willy Tarreaud98cf932009-12-27 22:54:55 +01001782 /* Up to there, we know that at least one byte is present at *ptr. Check
1783 * for the end of chunk size.
1784 */
1785 while (1) {
1786 if (likely(HTTP_IS_CRLF(*ptr))) {
1787 /* we now have a CR or an LF at ptr */
1788 if (likely(*ptr == '\r')) {
1789 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001790 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001791 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001792 return 0;
1793 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001794
Willy Tarreaud98cf932009-12-27 22:54:55 +01001795 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001796 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001797 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001798 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001799 /* done */
1800 break;
1801 }
1802 else if (*ptr == ';') {
1803 /* chunk extension, ends at next CRLF */
1804 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001805 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001806 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001807 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001808
1809 while (!HTTP_IS_CRLF(*ptr)) {
1810 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001811 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001812 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001813 return 0;
1814 }
1815 /* we have a CRLF now, loop above */
1816 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001817 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001818 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001819 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001820 }
1821
Willy Tarreaud98cf932009-12-27 22:54:55 +01001822 /* OK we found our CRLF and now <ptr> points to the next byte,
Willy Tarreaua458b672012-03-05 11:17:50 +01001823 * which may or may not be present. We save that into ->next and
Willy Tarreaud98cf932009-12-27 22:54:55 +01001824 * ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001825 */
Willy Tarreaub8ffd372012-09-27 15:08:56 +02001826 if (ptr < ptr_old)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001827 msg->sov += buf->size;
Willy Tarreaua458b672012-03-05 11:17:50 +01001828 msg->sov += ptr - ptr_old;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001829 msg->next = buffer_count(buf, buf->p, ptr);
Willy Tarreau124d9912011-03-01 20:30:48 +01001830 msg->chunk_len = chunk;
1831 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001832 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01001833 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001834 error:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001835 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001836 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01001837}
1838
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001839/* This function skips trailers in the buffer associated with HTTP
Willy Tarreaua458b672012-03-05 11:17:50 +01001840 * message <msg>. The first visited position is msg->next. If the end of
Willy Tarreaud98cf932009-12-27 22:54:55 +01001841 * the trailers is found, it is automatically scheduled to be forwarded,
1842 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
1843 * If not enough data are available, the function does not change anything
Willy Tarreaua458b672012-03-05 11:17:50 +01001844 * except maybe msg->next and msg->sov if it could parse some lines, and returns
Willy Tarreau638cd022010-01-03 07:42:04 +01001845 * zero. If a parse error is encountered, the function returns < 0 and does not
Willy Tarreaua458b672012-03-05 11:17:50 +01001846 * change anything except maybe msg->next and msg->sov. Note that the message
Willy Tarreau638cd022010-01-03 07:42:04 +01001847 * must already be in HTTP_MSG_TRAILERS state before calling this function,
1848 * which implies that all non-trailers data have already been scheduled for
Willy Tarreau26927362012-05-18 23:22:52 +02001849 * forwarding, and that the difference between msg->sol and msg->sov exactly
Willy Tarreau638cd022010-01-03 07:42:04 +01001850 * matches the length of trailers already parsed and not forwarded. It is also
1851 * important to note that this function is designed to be able to parse wrapped
1852 * headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001853 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001854static int http_forward_trailers(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001855{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001856 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001857
Willy Tarreaua458b672012-03-05 11:17:50 +01001858 /* we have msg->next which points to next line. Look for CRLF. */
Willy Tarreaud98cf932009-12-27 22:54:55 +01001859 while (1) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001860 const char *p1 = NULL, *p2 = NULL;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001861 const char *ptr = b_ptr(buf, msg->next);
1862 const char *stop = bi_end(buf);
Willy Tarreau638cd022010-01-03 07:42:04 +01001863 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001864
1865 /* scan current line and stop at LF or CRLF */
1866 while (1) {
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001867 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001868 return 0;
1869
1870 if (*ptr == '\n') {
1871 if (!p1)
1872 p1 = ptr;
1873 p2 = ptr;
1874 break;
1875 }
1876
1877 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001878 if (p1) {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001879 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001880 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001881 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001882 p1 = ptr;
1883 }
1884
1885 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001886 if (ptr >= buf->data + buf->size)
1887 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001888 }
1889
1890 /* after LF; point to beginning of next line */
1891 p2++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001892 if (p2 >= buf->data + buf->size)
1893 p2 = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001894
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001895 bytes = p2 - b_ptr(buf, msg->next);
Willy Tarreau638cd022010-01-03 07:42:04 +01001896 if (bytes < 0)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001897 bytes += buf->size;
Willy Tarreau638cd022010-01-03 07:42:04 +01001898
1899 /* schedule this line for forwarding */
1900 msg->sov += bytes;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001901 if (msg->sov >= buf->size)
1902 msg->sov -= buf->size;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001903
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001904 if (p1 == b_ptr(buf, msg->next)) {
Willy Tarreau638cd022010-01-03 07:42:04 +01001905 /* LF/CRLF at beginning of line => end of trailers at p2.
1906 * Everything was scheduled for forwarding, there's nothing
1907 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01001908 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001909 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001910 msg->msg_state = HTTP_MSG_DONE;
1911 return 1;
1912 }
1913 /* OK, next line then */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001914 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001915 }
1916}
1917
Willy Tarreau54d23df2012-10-25 19:04:45 +02001918/* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF or
Willy Tarreaud98cf932009-12-27 22:54:55 +01001919 * a possible LF alone at the end of a chunk. It automatically adjusts msg->sov,
Willy Tarreau26927362012-05-18 23:22:52 +02001920 * ->sol, ->next in order to include this part into the next forwarding phase.
Willy Tarreaua458b672012-03-05 11:17:50 +01001921 * Note that the caller must ensure that ->p points to the first byte to parse.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001922 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
1923 * not enough data are available, the function does not change anything and
1924 * returns zero. If a parse error is encountered, the function returns < 0 and
1925 * does not change anything. Note: this function is designed to parse wrapped
1926 * CRLF at the end of the buffer.
1927 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001928static inline int http_skip_chunk_crlf(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001929{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001930 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001931 const char *ptr;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001932 int bytes;
1933
1934 /* NB: we'll check data availabilty at the end. It's not a
1935 * problem because whatever we match first will be checked
1936 * against the correct length.
1937 */
1938 bytes = 1;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001939 ptr = buf->p;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001940 if (*ptr == '\r') {
1941 bytes++;
1942 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001943 if (ptr >= buf->data + buf->size)
1944 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001945 }
1946
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001947 if (bytes > buf->i)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001948 return 0;
1949
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001950 if (*ptr != '\n') {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001951 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001952 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001953 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001954
1955 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001956 if (ptr >= buf->data + buf->size)
1957 ptr = buf->data;
Willy Tarreau26927362012-05-18 23:22:52 +02001958 /* prepare the CRLF to be forwarded (between ->sol and ->sov) */
1959 msg->sol = 0;
Willy Tarreauea1175a2012-03-05 15:52:30 +01001960 msg->sov = msg->next = bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001961 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
1962 return 1;
1963}
Willy Tarreau5b154472009-12-21 20:11:07 +01001964
William Lallemand82fe75c2012-10-23 10:25:10 +02001965
1966/*
1967 * Selects a compression algorithm depending on the client request.
Willy Tarreau05d84602012-10-26 02:11:25 +02001968 */
William Lallemand82fe75c2012-10-23 10:25:10 +02001969int select_compression_request_header(struct session *s, struct buffer *req)
1970{
1971 struct http_txn *txn = &s->txn;
Willy Tarreau70737d12012-10-27 00:34:28 +02001972 struct http_msg *msg = &txn->req;
William Lallemand82fe75c2012-10-23 10:25:10 +02001973 struct hdr_ctx ctx;
1974 struct comp_algo *comp_algo = NULL;
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02001975 struct comp_algo *comp_algo_back = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02001976
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01001977 /* Disable compression for older user agents announcing themselves as "Mozilla/4"
1978 * unless they are known good (MSIE 6 with XP SP2, or MSIE 7 and later).
Willy Tarreau05d84602012-10-26 02:11:25 +02001979 * See http://zoompf.com/2012/02/lose-the-wait-http-compression for more details.
1980 */
1981 ctx.idx = 0;
1982 if (http_find_header2("User-Agent", 10, req->p, &txn->hdr_idx, &ctx) &&
1983 ctx.vlen >= 9 &&
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01001984 memcmp(ctx.line + ctx.val, "Mozilla/4", 9) == 0 &&
1985 (ctx.vlen < 31 ||
1986 memcmp(ctx.line + ctx.val + 25, "MSIE ", 5) != 0 ||
1987 ctx.line[ctx.val + 30] < '6' ||
1988 (ctx.line[ctx.val + 30] == '6' &&
1989 (ctx.vlen < 54 || memcmp(ctx.line + 51, "SV1", 3) != 0)))) {
1990 s->comp_algo = NULL;
1991 return 0;
Willy Tarreau05d84602012-10-26 02:11:25 +02001992 }
1993
William Lallemand82fe75c2012-10-23 10:25:10 +02001994 ctx.idx = 0;
1995 /* no compression when Cache-Control: no-transform found */
1996 while (http_find_header2("Cache-Control", 13, req->p, &txn->hdr_idx, &ctx)) {
1997 if (word_match(ctx.line + ctx.val, ctx.vlen, "no-transform", 12)) {
1998 s->comp_algo = NULL;
1999 return 0;
2000 }
2001 }
2002
2003 /* search for the algo in the backend in priority or the frontend */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002004 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002005 ctx.idx = 0;
2006 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002007 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002008 if (word_match(ctx.line + ctx.val, ctx.vlen, comp_algo->name, comp_algo->name_len)) {
2009 s->comp_algo = comp_algo;
Willy Tarreau70737d12012-10-27 00:34:28 +02002010
2011 /* remove all occurrences of the header when "compression offload" is set */
2012
2013 if ((s->be->comp && s->be->comp->offload) ||
2014 (s->fe->comp && s->fe->comp->offload)) {
2015 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2016 ctx.idx = 0;
2017 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
2018 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2019 }
2020 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002021 return 1;
2022 }
2023 }
2024 }
2025 }
2026
2027 /* identity is implicit does not require headers */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002028 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
2029 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002030 if (comp_algo->add_data == identity_add_data) {
2031 s->comp_algo = comp_algo;
2032 return 1;
2033 }
2034 }
2035 }
2036
2037 s->comp_algo = NULL;
2038
2039 return 0;
2040}
2041
2042/*
2043 * Selects a comression algorithm depending of the server response.
2044 */
2045int select_compression_response_header(struct session *s, struct buffer *res)
2046{
2047 struct http_txn *txn = &s->txn;
2048 struct http_msg *msg = &txn->rsp;
2049 struct hdr_ctx ctx;
2050 struct comp_type *comp_type;
William Lallemand82fe75c2012-10-23 10:25:10 +02002051
2052 /* no common compression algorithm was found in request header */
2053 if (s->comp_algo == NULL)
2054 goto fail;
2055
2056 /* HTTP < 1.1 should not be compressed */
2057 if (!(msg->flags & HTTP_MSGF_VER_11))
2058 goto fail;
2059
William Lallemand82fe75c2012-10-23 10:25:10 +02002060 ctx.idx = 0;
2061
2062 /* Content-Length is null */
2063 if (!(msg->flags & HTTP_MSGF_TE_CHNK) && msg->body_len == 0)
2064 goto fail;
2065
2066 /* content is already compressed */
2067 if (http_find_header2("Content-Encoding", 16, res->p, &txn->hdr_idx, &ctx))
2068 goto fail;
2069
2070 comp_type = NULL;
2071
2072 /* if there was a compression content-type option in the backend or the frontend
2073 * The backend have priority.
2074 */
2075 if ((s->be->comp && (comp_type = s->be->comp->types)) || (s->fe->comp && (comp_type = s->fe->comp->types))) {
2076 if (http_find_header2("Content-Type", 12, res->p, &txn->hdr_idx, &ctx)) {
2077 for (; comp_type; comp_type = comp_type->next) {
2078 if (strncmp(ctx.line+ctx.val, comp_type->name, comp_type->name_len) == 0)
2079 /* this Content-Type should be compressed */
2080 break;
2081 }
2082 }
2083 /* this Content-Type should not be compressed */
2084 if (comp_type == NULL)
2085 goto fail;
2086 }
2087
2088 ctx.idx = 0;
2089
William Lallemand4c49fae2012-11-07 15:00:23 +01002090 /* initialize compression */
2091 if (s->comp_algo->init(&s->comp_ctx, 1) < 0)
2092 goto fail;
2093
William Lallemand82fe75c2012-10-23 10:25:10 +02002094 /* remove Content-Length header */
2095 if ((msg->flags & HTTP_MSGF_CNT_LEN) && http_find_header2("Content-Length", 14, res->p, &txn->hdr_idx, &ctx))
2096 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2097
2098 /* add Transfer-Encoding header */
2099 if (!(msg->flags & HTTP_MSGF_TE_CHNK))
2100 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, "Transfer-Encoding: chunked", 26);
2101
2102 /*
2103 * Add Content-Encoding header when it's not identity encoding.
2104 * RFC 2616 : Identity encoding: This content-coding is used only in the
2105 * Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding
2106 * header.
2107 */
2108 if (s->comp_algo->add_data != identity_add_data) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002109 trash.len = 18;
2110 memcpy(trash.str, "Content-Encoding: ", trash.len);
2111 memcpy(trash.str + trash.len, s->comp_algo->name, s->comp_algo->name_len);
2112 trash.len += s->comp_algo->name_len;
2113 trash.str[trash.len] = '\0';
2114 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
William Lallemand82fe75c2012-10-23 10:25:10 +02002115 }
2116
William Lallemand82fe75c2012-10-23 10:25:10 +02002117 return 1;
2118
2119fail:
2120 if (s->comp_algo) {
William Lallemand1c2d6222012-10-30 15:52:53 +01002121 s->comp_algo->end(&s->comp_ctx);
William Lallemand82fe75c2012-10-23 10:25:10 +02002122 s->comp_algo = NULL;
2123 }
2124 return 0;
2125}
2126
2127
Willy Tarreaud787e662009-07-07 10:14:51 +02002128/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2129 * processing can continue on next analysers, or zero if it either needs more
2130 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2131 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2132 * when it has nothing left to do, and may remove any analyser when it wants to
2133 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002134 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002135int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002136{
Willy Tarreau59234e92008-11-30 23:51:27 +01002137 /*
2138 * We will parse the partial (or complete) lines.
2139 * We will check the request syntax, and also join multi-line
2140 * headers. An index of all the lines will be elaborated while
2141 * parsing.
2142 *
2143 * For the parsing, we use a 28 states FSM.
2144 *
2145 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02002146 * req->buf->p = beginning of request
2147 * req->buf->p + msg->eoh = end of processed headers / start of current one
2148 * req->buf->p + req->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02002149 * msg->eol = end of current header or line (LF or CRLF)
2150 * msg->next = first non-visited byte
Willy Tarreaud787e662009-07-07 10:14:51 +02002151 *
2152 * At end of parsing, we may perform a capture of the error (if any), and
2153 * we will set a few fields (msg->sol, txn->meth, sn->flags/SN_REDIRECTABLE).
2154 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2155 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002156 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002157
Willy Tarreau59234e92008-11-30 23:51:27 +01002158 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002159 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002160 struct http_txn *txn = &s->txn;
2161 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002162 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002163
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002164 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau6bf17362009-02-24 10:48:35 +01002165 now_ms, __FUNCTION__,
2166 s,
2167 req,
2168 req->rex, req->wex,
2169 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002170 req->buf->i,
Willy Tarreau6bf17362009-02-24 10:48:35 +01002171 req->analysers);
2172
Willy Tarreau52a0c602009-08-16 22:45:38 +02002173 /* we're speaking HTTP here, so let's speak HTTP to the client */
2174 s->srv_error = http_return_srv_error;
2175
Willy Tarreau83e3af02009-12-28 17:39:57 +01002176 /* There's a protected area at the end of the buffer for rewriting
2177 * purposes. We don't want to start to parse the request if the
2178 * protected area is affected, because we may have to move processed
2179 * data later, which is much more complicated.
2180 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002181 if (buffer_not_empty(req->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau065e8332010-01-08 00:30:20 +01002182 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02002183 unlikely(channel_full(req) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002184 bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2185 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite)) {
2186 if (req->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002187 if (req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002188 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002189 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002190 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002191 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002192 return 0;
2193 }
Willy Tarreau9b28e032012-10-12 23:49:43 +02002194 if (bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2195 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite)
2196 buffer_slow_realign(msg->chn->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002197 }
2198
Willy Tarreau065e8332010-01-08 00:30:20 +01002199 /* Note that we have the same problem with the response ; we
2200 * may want to send a redirect, error or anything which requires
2201 * some spare space. So we'll ensure that we have at least
2202 * maxrewrite bytes available in the response buffer before
2203 * processing that one. This will only affect pipelined
2204 * keep-alive requests.
2205 */
2206 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02002207 unlikely(channel_full(s->rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002208 bi_end(s->rep->buf) < b_ptr(s->rep->buf, txn->rsp.next) ||
2209 bi_end(s->rep->buf) > s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)) {
2210 if (s->rep->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002211 if (s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002212 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002213 /* don't let a connection request be initiated */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002214 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002215 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau0499e352010-12-17 07:13:42 +01002216 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002217 return 0;
2218 }
2219 }
2220
Willy Tarreau9b28e032012-10-12 23:49:43 +02002221 if (likely(msg->next < req->buf->i)) /* some unparsed data are available */
Willy Tarreaua560c212012-03-09 13:50:57 +01002222 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002223 }
2224
Willy Tarreau59234e92008-11-30 23:51:27 +01002225 /* 1: we might have to print this header in debug mode */
2226 if (unlikely((global.mode & MODE_DEBUG) &&
2227 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002228 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002229 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002230
Willy Tarreau9b28e032012-10-12 23:49:43 +02002231 sol = req->buf->p;
Willy Tarreaue92693a2012-09-24 21:13:39 +02002232 /* this is a bit complex : in case of error on the request line,
2233 * we know that rq.l is still zero, so we display only the part
2234 * up to the end of the line (truncated by debug_hdr).
2235 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002236 eol = sol + (msg->sl.rq.l ? msg->sl.rq.l : req->buf->i);
Willy Tarreau59234e92008-11-30 23:51:27 +01002237 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002238
Willy Tarreau59234e92008-11-30 23:51:27 +01002239 sol += hdr_idx_first_pos(&txn->hdr_idx);
2240 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002241
Willy Tarreau59234e92008-11-30 23:51:27 +01002242 while (cur_idx) {
2243 eol = sol + txn->hdr_idx.v[cur_idx].len;
2244 debug_hdr("clihdr", s, sol, eol);
2245 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2246 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002247 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002248 }
2249
Willy Tarreau58f10d72006-12-04 02:26:12 +01002250
Willy Tarreau59234e92008-11-30 23:51:27 +01002251 /*
2252 * Now we quickly check if we have found a full valid request.
2253 * If not so, we check the FD and buffer states before leaving.
2254 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002255 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002256 * requests are checked first. When waiting for a second request
2257 * on a keep-alive session, if we encounter and error, close, t/o,
2258 * we note the error in the session flags but don't set any state.
2259 * Since the error will be noted there, it will not be counted by
2260 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002261 * Last, we may increase some tracked counters' http request errors on
2262 * the cases that are deliberately the client's fault. For instance,
2263 * a timeout or connection reset is not counted as an error. However
2264 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002265 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002266
Willy Tarreau655dce92009-11-08 13:10:58 +01002267 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002268 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002269 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002270 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002271 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002272 session_inc_http_req_ctr(s);
2273 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002274 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002275 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002276 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002277
Willy Tarreau59234e92008-11-30 23:51:27 +01002278 /* 1: Since we are in header mode, if there's no space
2279 * left for headers, we won't be able to free more
2280 * later, so the session will never terminate. We
2281 * must terminate it now.
2282 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002283 if (unlikely(buffer_full(req->buf, global.tune.maxrewrite))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002284 /* FIXME: check if URI is set and return Status
2285 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002286 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002287 session_inc_http_req_ctr(s);
2288 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002289 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreaufec4d892011-09-02 20:04:57 +02002290 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02002291 msg->err_pos = req->buf->i;
Willy Tarreau59234e92008-11-30 23:51:27 +01002292 goto return_bad_req;
2293 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002294
Willy Tarreau59234e92008-11-30 23:51:27 +01002295 /* 2: have we encountered a read error ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002296 else if (req->flags & CF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002297 if (!(s->flags & SN_ERR_MASK))
2298 s->flags |= SN_ERR_CLICL;
2299
Willy Tarreaufcffa692010-01-10 14:21:19 +01002300 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002301 goto failed_keep_alive;
2302
Willy Tarreau59234e92008-11-30 23:51:27 +01002303 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002304 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002305 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002306 session_inc_http_err_ctr(s);
2307 }
2308
Willy Tarreau59234e92008-11-30 23:51:27 +01002309 msg->msg_state = HTTP_MSG_ERROR;
2310 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002311
Willy Tarreauda7ff642010-06-23 11:44:09 +02002312 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002313 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002314 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002315 if (s->listener->counters)
2316 s->listener->counters->failed_req++;
2317
Willy Tarreau59234e92008-11-30 23:51:27 +01002318 if (!(s->flags & SN_FINST_MASK))
2319 s->flags |= SN_FINST_R;
2320 return 0;
2321 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002322
Willy Tarreau59234e92008-11-30 23:51:27 +01002323 /* 3: has the read timeout expired ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002324 else if (req->flags & CF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002325 if (!(s->flags & SN_ERR_MASK))
2326 s->flags |= SN_ERR_CLITO;
2327
Willy Tarreaufcffa692010-01-10 14:21:19 +01002328 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002329 goto failed_keep_alive;
2330
Willy Tarreau59234e92008-11-30 23:51:27 +01002331 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002332 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002333 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002334 session_inc_http_err_ctr(s);
2335 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002336 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02002337 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau59234e92008-11-30 23:51:27 +01002338 msg->msg_state = HTTP_MSG_ERROR;
2339 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002340
Willy Tarreauda7ff642010-06-23 11:44:09 +02002341 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002342 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002343 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002344 if (s->listener->counters)
2345 s->listener->counters->failed_req++;
2346
Willy Tarreau59234e92008-11-30 23:51:27 +01002347 if (!(s->flags & SN_FINST_MASK))
2348 s->flags |= SN_FINST_R;
2349 return 0;
2350 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002351
Willy Tarreau59234e92008-11-30 23:51:27 +01002352 /* 4: have we encountered a close ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002353 else if (req->flags & CF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002354 if (!(s->flags & SN_ERR_MASK))
2355 s->flags |= SN_ERR_CLICL;
2356
Willy Tarreaufcffa692010-01-10 14:21:19 +01002357 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002358 goto failed_keep_alive;
2359
Willy Tarreau4076a152009-04-02 15:18:36 +02002360 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002361 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002362 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002363 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau59234e92008-11-30 23:51:27 +01002364 msg->msg_state = HTTP_MSG_ERROR;
2365 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002366
Willy Tarreauda7ff642010-06-23 11:44:09 +02002367 session_inc_http_err_ctr(s);
2368 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002369 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002370 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002371 if (s->listener->counters)
2372 s->listener->counters->failed_req++;
2373
Willy Tarreau59234e92008-11-30 23:51:27 +01002374 if (!(s->flags & SN_FINST_MASK))
2375 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002376 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002377 }
2378
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002379 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002380 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
2381 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau5e205522011-12-17 16:34:27 +01002382#ifdef TCP_QUICKACK
Willy Tarreau9b28e032012-10-12 23:49:43 +02002383 if (s->listener->options & LI_O_NOQUICKACK && req->buf->i) {
Willy Tarreau5e205522011-12-17 16:34:27 +01002384 /* We need more data, we have to re-enable quick-ack in case we
2385 * previously disabled it, otherwise we might cause the client
2386 * to delay next data.
2387 */
Willy Tarreaufb7508a2012-05-21 16:47:54 +02002388 setsockopt(si_fd(&s->si[0]), IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01002389 }
2390#endif
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002391
Willy Tarreaufcffa692010-01-10 14:21:19 +01002392 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2393 /* If the client starts to talk, let's fall back to
2394 * request timeout processing.
2395 */
2396 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002397 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002398 }
2399
Willy Tarreau59234e92008-11-30 23:51:27 +01002400 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002401 if (!tick_isset(req->analyse_exp)) {
2402 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2403 (txn->flags & TX_WAIT_NEXT_RQ) &&
2404 tick_isset(s->be->timeout.httpka))
2405 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2406 else
2407 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2408 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002409
Willy Tarreau59234e92008-11-30 23:51:27 +01002410 /* we're not ready yet */
2411 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002412
2413 failed_keep_alive:
2414 /* Here we process low-level errors for keep-alive requests. In
2415 * short, if the request is not the first one and it experiences
2416 * a timeout, read error or shutdown, we just silently close so
2417 * that the client can try again.
2418 */
2419 txn->status = 0;
2420 msg->msg_state = HTTP_MSG_RQBEFORE;
2421 req->analysers = 0;
2422 s->logs.logwait = 0;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002423 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002424 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002425 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002426 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002427
Willy Tarreaud787e662009-07-07 10:14:51 +02002428 /* OK now we have a complete HTTP request with indexed headers. Let's
2429 * complete the request parsing by setting a few fields we will need
Willy Tarreau9b28e032012-10-12 23:49:43 +02002430 * later. At this point, we have the last CRLF at req->buf->data + msg->eoh.
Willy Tarreaufa355d42009-11-29 18:12:29 +01002431 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
Willy Tarreaua458b672012-03-05 11:17:50 +01002432 * points to the CRLF of the request line. msg->next points to the first
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01002433 * byte after the last LF. msg->sov points to the first byte of data.
2434 * msg->eol cannot be trusted because it may have been left uninitialized
2435 * (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002436 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002437
Willy Tarreauda7ff642010-06-23 11:44:09 +02002438 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002439 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2440
Willy Tarreaub16a5742010-01-10 14:46:16 +01002441 if (txn->flags & TX_WAIT_NEXT_RQ) {
2442 /* kill the pending keep-alive timeout */
2443 txn->flags &= ~TX_WAIT_NEXT_RQ;
2444 req->analyse_exp = TICK_ETERNITY;
2445 }
2446
2447
Willy Tarreaud787e662009-07-07 10:14:51 +02002448 /* Maybe we found in invalid header name while we were configured not
2449 * to block on that, so we have to capture it now.
2450 */
2451 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002452 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002453
Willy Tarreau59234e92008-11-30 23:51:27 +01002454 /*
2455 * 1: identify the method
2456 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002457 txn->meth = find_http_meth(req->buf->p, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002458
2459 /* we can make use of server redirect on GET and HEAD */
2460 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2461 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002462
Willy Tarreau59234e92008-11-30 23:51:27 +01002463 /*
2464 * 2: check if the URI matches the monitor_uri.
2465 * We have to do this for every request which gets in, because
2466 * the monitor-uri is defined by the frontend.
2467 */
2468 if (unlikely((s->fe->monitor_uri_len != 0) &&
2469 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002470 !memcmp(req->buf->p + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002471 s->fe->monitor_uri,
2472 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002473 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002474 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002475 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002476 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002477
Willy Tarreau59234e92008-11-30 23:51:27 +01002478 s->flags |= SN_MONITOR;
Willy Tarreaueabea072011-09-10 23:29:44 +02002479 s->fe->fe_counters.intercepted_req++;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002480
Willy Tarreau59234e92008-11-30 23:51:27 +01002481 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002482 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002483 int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau11382812008-07-09 16:18:21 +02002484
Willy Tarreau59234e92008-11-30 23:51:27 +01002485 ret = acl_pass(ret);
2486 if (cond->pol == ACL_COND_UNLESS)
2487 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002488
Willy Tarreau59234e92008-11-30 23:51:27 +01002489 if (ret) {
2490 /* we fail this request, let's return 503 service unavail */
2491 txn->status = 503;
Willy Tarreau783f2582012-09-04 12:19:04 +02002492 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
Willy Tarreau59234e92008-11-30 23:51:27 +01002493 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002494 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002495 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002496
Willy Tarreau59234e92008-11-30 23:51:27 +01002497 /* nothing to fail, let's reply normaly */
2498 txn->status = 200;
Willy Tarreau783f2582012-09-04 12:19:04 +02002499 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
Willy Tarreau59234e92008-11-30 23:51:27 +01002500 goto return_prx_cond;
2501 }
2502
2503 /*
2504 * 3: Maybe we have to copy the original REQURI for the logs ?
2505 * Note: we cannot log anymore if the request has been
2506 * classified as invalid.
2507 */
2508 if (unlikely(s->logs.logwait & LW_REQ)) {
2509 /* we have a complete HTTP request that we must log */
2510 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2511 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002512
Willy Tarreau59234e92008-11-30 23:51:27 +01002513 if (urilen >= REQURI_LEN)
2514 urilen = REQURI_LEN - 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +02002515 memcpy(txn->uri, req->buf->p, urilen);
Willy Tarreau59234e92008-11-30 23:51:27 +01002516 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002517
Willy Tarreau59234e92008-11-30 23:51:27 +01002518 if (!(s->logs.logwait &= ~LW_REQ))
2519 s->do_log(s);
2520 } else {
2521 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002522 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002523 }
Willy Tarreau06619262006-12-17 08:37:22 +01002524
William Lallemanda73203e2012-03-12 12:48:57 +01002525 if (!LIST_ISEMPTY(&s->fe->format_unique_id)) {
2526 s->unique_id = pool_alloc2(pool2_uniqueid);
2527 }
2528
Willy Tarreau59234e92008-11-30 23:51:27 +01002529 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01002530 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002531 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002532
Willy Tarreau5b154472009-12-21 20:11:07 +01002533 /* ... and check if the request is HTTP/1.1 or above */
2534 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002535 ((req->buf->p[msg->sl.rq.v + 5] > '1') ||
2536 ((req->buf->p[msg->sl.rq.v + 5] == '1') &&
2537 (req->buf->p[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002538 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01002539
2540 /* "connection" has not been parsed yet */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002541 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL);
Willy Tarreau5b154472009-12-21 20:11:07 +01002542
Willy Tarreau88d349d2010-01-25 12:15:43 +01002543 /* if the frontend has "option http-use-proxy-header", we'll check if
2544 * we have what looks like a proxied connection instead of a connection,
2545 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2546 * Note that this is *not* RFC-compliant, however browsers and proxies
2547 * happen to do that despite being non-standard :-(
2548 * We consider that a request not beginning with either '/' or '*' is
2549 * a proxied connection, which covers both "scheme://location" and
2550 * CONNECT ip:port.
2551 */
2552 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002553 req->buf->p[msg->sl.rq.u] != '/' && req->buf->p[msg->sl.rq.u] != '*')
Willy Tarreau88d349d2010-01-25 12:15:43 +01002554 txn->flags |= TX_USE_PX_CONN;
2555
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002556 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002557 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002558
Willy Tarreau59234e92008-11-30 23:51:27 +01002559 /* 5: we may need to capture headers */
Willy Tarreau42f7d892012-03-24 08:28:09 +01002560 if (unlikely((s->logs.logwait & LW_REQHDR) && txn->req.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02002561 capture_headers(req->buf->p, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002562 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002563
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002564 /* 6: determine the transfer-length.
2565 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2566 * the presence of a message-body in a REQUEST and its transfer length
2567 * must be determined that way (in order of precedence) :
2568 * 1. The presence of a message-body in a request is signaled by the
2569 * inclusion of a Content-Length or Transfer-Encoding header field
2570 * in the request's header fields. When a request message contains
2571 * both a message-body of non-zero length and a method that does
2572 * not define any semantics for that request message-body, then an
2573 * origin server SHOULD either ignore the message-body or respond
2574 * with an appropriate error message (e.g., 413). A proxy or
2575 * gateway, when presented the same request, SHOULD either forward
2576 * the request inbound with the message- body or ignore the
2577 * message-body when determining a response.
2578 *
2579 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2580 * and the "chunked" transfer-coding (Section 6.2) is used, the
2581 * transfer-length is defined by the use of this transfer-coding.
2582 * If a Transfer-Encoding header field is present and the "chunked"
2583 * transfer-coding is not present, the transfer-length is defined
2584 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002585 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002586 * 3. If a Content-Length header field is present, its decimal value in
2587 * OCTETs represents both the entity-length and the transfer-length.
2588 * If a message is received with both a Transfer-Encoding header
2589 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002590 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002591 * 4. By the server closing the connection. (Closing the connection
2592 * cannot be used to indicate the end of a request body, since that
2593 * would leave no possibility for the server to send back a response.)
2594 *
2595 * Whenever a transfer-coding is applied to a message-body, the set of
2596 * transfer-codings MUST include "chunked", unless the message indicates
2597 * it is terminated by closing the connection. When the "chunked"
2598 * transfer-coding is used, it MUST be the last transfer-coding applied
2599 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002600 */
2601
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002602 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002603 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002604 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002605 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002606 http_find_header2("Transfer-Encoding", 17, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002607 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002608 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
2609 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002610 /* bad transfer-encoding (chunked followed by something else) */
2611 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002612 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002613 break;
2614 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002615 }
2616
Willy Tarreau32b47f42009-10-18 20:55:02 +02002617 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002618 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002619 http_find_header2("Content-Length", 14, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau32b47f42009-10-18 20:55:02 +02002620 signed long long cl;
2621
Willy Tarreauad14f752011-09-02 20:33:27 +02002622 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002623 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002624 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002625 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002626
Willy Tarreauad14f752011-09-02 20:33:27 +02002627 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002628 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002629 goto return_bad_req; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02002630 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002631
Willy Tarreauad14f752011-09-02 20:33:27 +02002632 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002633 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002634 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002635 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002636
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002637 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002638 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002639 goto return_bad_req; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02002640 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002641
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002642 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002643 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002644 }
2645
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002646 /* bodyless requests have a known length */
2647 if (!use_close_only)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002648 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002649
Willy Tarreaud787e662009-07-07 10:14:51 +02002650 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002651 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002652 req->analyse_exp = TICK_ETERNITY;
2653 return 1;
2654
2655 return_bad_req:
2656 /* We centralize bad requests processing here */
2657 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2658 /* we detected a parsing error. We want to archive this request
2659 * in the dedicated proxy area for later troubleshooting.
2660 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002661 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002662 }
2663
2664 txn->req.msg_state = HTTP_MSG_ERROR;
2665 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002666 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002667
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002668 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002669 if (s->listener->counters)
2670 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002671
2672 return_prx_cond:
2673 if (!(s->flags & SN_ERR_MASK))
2674 s->flags |= SN_ERR_PRXCOND;
2675 if (!(s->flags & SN_FINST_MASK))
2676 s->flags |= SN_FINST_R;
2677
2678 req->analysers = 0;
2679 req->analyse_exp = TICK_ETERNITY;
2680 return 0;
2681}
2682
Cyril Bonté70be45d2010-10-12 00:14:35 +02002683/* We reached the stats page through a POST request.
2684 * Parse the posted data and enable/disable servers if necessary.
Cyril Bonté23b39d92011-02-10 22:54:44 +01002685 * Returns 1 if request was parsed or zero if it needs more data.
Cyril Bonté70be45d2010-10-12 00:14:35 +02002686 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002687int http_process_req_stat_post(struct stream_interface *si, struct http_txn *txn, struct channel *req)
Cyril Bonté70be45d2010-10-12 00:14:35 +02002688{
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002689 struct proxy *px = NULL;
2690 struct server *sv = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002691
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002692 char key[LINESIZE];
2693 int action = ST_ADM_ACTION_NONE;
2694 int reprocess = 0;
2695
2696 int total_servers = 0;
2697 int altered_servers = 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002698
2699 char *first_param, *cur_param, *next_param, *end_params;
Willy Tarreau46787ed2012-04-11 17:28:40 +02002700 char *st_cur_param = NULL;
2701 char *st_next_param = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002702
Willy Tarreau9b28e032012-10-12 23:49:43 +02002703 first_param = req->buf->p + txn->req.eoh + 2;
Willy Tarreau124d9912011-03-01 20:30:48 +01002704 end_params = first_param + txn->req.body_len;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002705
2706 cur_param = next_param = end_params;
2707
Willy Tarreau9b28e032012-10-12 23:49:43 +02002708 if (end_params >= req->buf->data + req->buf->size - global.tune.maxrewrite) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002709 /* Prevent buffer overflow */
Willy Tarreau295a8372011-03-10 11:25:07 +01002710 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002711 return 1;
2712 }
Willy Tarreau9b28e032012-10-12 23:49:43 +02002713 else if (end_params > req->buf->p + req->buf->i) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01002714 /* we need more data */
Willy Tarreau295a8372011-03-10 11:25:07 +01002715 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté23b39d92011-02-10 22:54:44 +01002716 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002717 }
2718
2719 *end_params = '\0';
2720
Willy Tarreau295a8372011-03-10 11:25:07 +01002721 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002722
2723 /*
2724 * Parse the parameters in reverse order to only store the last value.
2725 * From the html form, the backend and the action are at the end.
2726 */
2727 while (cur_param > first_param) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002728 char *value;
2729 int poffset, plen;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002730
2731 cur_param--;
2732 if ((*cur_param == '&') || (cur_param == first_param)) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002733 reprocess_servers:
Cyril Bonté70be45d2010-10-12 00:14:35 +02002734 /* Parse the key */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002735 poffset = (cur_param != first_param ? 1 : 0);
2736 plen = next_param - cur_param + (cur_param == first_param ? 1 : 0);
2737 if ((plen > 0) && (plen <= sizeof(key))) {
2738 strncpy(key, cur_param + poffset, plen);
2739 key[plen - 1] = '\0';
2740 } else {
2741 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
2742 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002743 }
2744
2745 /* Parse the value */
2746 value = key;
2747 while (*value != '\0' && *value != '=') {
2748 value++;
2749 }
2750 if (*value == '=') {
2751 /* Ok, a value is found, we can mark the end of the key */
2752 *value++ = '\0';
2753 }
2754
Willy Tarreaubf9c2fc2011-05-31 18:06:18 +02002755 if (!url_decode(key) || !url_decode(value))
2756 break;
2757
Cyril Bonté70be45d2010-10-12 00:14:35 +02002758 /* Now we can check the key to see what to do */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002759 if (!px && (strcmp(key, "b") == 0)) {
2760 if ((px = findproxy(value, PR_CAP_BE)) == NULL) {
2761 /* the backend name is unknown or ambiguous (duplicate names) */
2762 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2763 goto out;
2764 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02002765 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002766 else if (!action && (strcmp(key, "action") == 0)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002767 if (strcmp(value, "disable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002768 action = ST_ADM_ACTION_DISABLE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002769 }
2770 else if (strcmp(value, "enable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002771 action = ST_ADM_ACTION_ENABLE;
2772 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002773 else if (strcmp(value, "stop") == 0) {
2774 action = ST_ADM_ACTION_STOP;
2775 }
2776 else if (strcmp(value, "start") == 0) {
2777 action = ST_ADM_ACTION_START;
2778 }
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002779 else if (strcmp(value, "shutdown") == 0) {
2780 action = ST_ADM_ACTION_SHUTDOWN;
2781 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002782 else {
2783 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2784 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002785 }
2786 }
2787 else if (strcmp(key, "s") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002788 if (!(px && action)) {
2789 /*
2790 * Indicates that we'll need to reprocess the parameters
2791 * as soon as backend and action are known
2792 */
2793 if (!reprocess) {
2794 st_cur_param = cur_param;
2795 st_next_param = next_param;
2796 }
2797 reprocess = 1;
2798 }
2799 else if ((sv = findserver(px, value)) != NULL) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002800 switch (action) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002801 case ST_ADM_ACTION_DISABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002802 if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002803 /* Not already in maintenance, we can change the server state */
2804 sv->state |= SRV_MAINTAIN;
2805 set_server_down(sv);
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002806 altered_servers++;
2807 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002808 }
2809 break;
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002810 case ST_ADM_ACTION_ENABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002811 if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002812 /* Already in maintenance, we can change the server state */
2813 set_server_up(sv);
Willy Tarreau70461302010-10-22 14:39:02 +02002814 sv->health = sv->rise; /* up, but will fall down at first failure */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002815 altered_servers++;
2816 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002817 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002818 break;
2819 case ST_ADM_ACTION_STOP:
2820 case ST_ADM_ACTION_START:
2821 if (action == ST_ADM_ACTION_START)
2822 sv->uweight = sv->iweight;
2823 else
2824 sv->uweight = 0;
2825
2826 if (px->lbprm.algo & BE_LB_PROP_DYN) {
2827 /* we must take care of not pushing the server to full throttle during slow starts */
2828 if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN))
2829 sv->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - sv->last_change) + sv->slowstart - 1) / sv->slowstart;
2830 else
2831 sv->eweight = BE_WEIGHT_SCALE;
2832 sv->eweight *= sv->uweight;
2833 } else {
2834 sv->eweight = sv->uweight;
2835 }
2836
2837 /* static LB algorithms are a bit harder to update */
2838 if (px->lbprm.update_server_eweight)
2839 px->lbprm.update_server_eweight(sv);
2840 else if (sv->eweight) {
2841 if (px->lbprm.set_server_status_up)
2842 px->lbprm.set_server_status_up(sv);
2843 }
2844 else {
2845 if (px->lbprm.set_server_status_down)
2846 px->lbprm.set_server_status_down(sv);
2847 }
2848 altered_servers++;
2849 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002850 break;
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002851 case ST_ADM_ACTION_SHUTDOWN:
2852 if (px->state != PR_STSTOPPED) {
2853 struct session *sess, *sess_bck;
2854
2855 list_for_each_entry_safe(sess, sess_bck, &sv->actconns, by_srv)
2856 if (sess->srv_conn == sv)
2857 session_shutdown(sess, SN_ERR_KILLED);
2858
2859 altered_servers++;
2860 total_servers++;
2861 }
2862 break;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002863 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002864 } else {
2865 /* the server name is unknown or ambiguous (duplicate names) */
2866 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002867 }
2868 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002869 if (reprocess && px && action) {
2870 /* Now, we know the backend and the action chosen by the user.
2871 * We can safely restart from the first server parameter
2872 * to reprocess them
2873 */
2874 cur_param = st_cur_param;
2875 next_param = st_next_param;
2876 reprocess = 0;
2877 goto reprocess_servers;
2878 }
2879
Cyril Bonté70be45d2010-10-12 00:14:35 +02002880 next_param = cur_param;
2881 }
2882 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002883
2884 if (total_servers == 0) {
2885 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
2886 }
2887 else if (altered_servers == 0) {
2888 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2889 }
2890 else if (altered_servers == total_servers) {
2891 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
2892 }
2893 else {
2894 si->applet.ctx.stats.st_code = STAT_STATUS_PART;
2895 }
2896 out:
Cyril Bonté23b39d92011-02-10 22:54:44 +01002897 return 1;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002898}
2899
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002900/* returns a pointer to the first rule which forbids access (deny or http_auth),
2901 * or NULL if everything's OK.
2902 */
Willy Tarreauff011f22011-01-06 17:51:27 +01002903static inline struct http_req_rule *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002904http_check_access_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
2905{
Willy Tarreauff011f22011-01-06 17:51:27 +01002906 struct http_req_rule *rule;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002907
Willy Tarreauff011f22011-01-06 17:51:27 +01002908 list_for_each_entry(rule, rules, list) {
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002909 int ret = 1;
2910
Willy Tarreauff011f22011-01-06 17:51:27 +01002911 if (rule->action >= HTTP_REQ_ACT_MAX)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002912 continue;
2913
2914 /* check condition, but only if attached */
Willy Tarreauff011f22011-01-06 17:51:27 +01002915 if (rule->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002916 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002917 ret = acl_pass(ret);
2918
Willy Tarreauff011f22011-01-06 17:51:27 +01002919 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002920 ret = !ret;
2921 }
2922
2923 if (ret) {
Willy Tarreauff011f22011-01-06 17:51:27 +01002924 if (rule->action == HTTP_REQ_ACT_ALLOW)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002925 return NULL; /* no problem */
2926 else
Willy Tarreauff011f22011-01-06 17:51:27 +01002927 return rule; /* most likely a deny or auth rule */
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002928 }
2929 }
2930 return NULL;
2931}
2932
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002933/* This stream analyser runs all HTTP request processing which is common to
2934 * frontends and backends, which means blocking ACLs, filters, connection-close,
2935 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02002936 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002937 * either needs more data or wants to immediately abort the request (eg: deny,
2938 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02002939 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002940int http_process_req_common(struct session *s, struct channel *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02002941{
Willy Tarreaud787e662009-07-07 10:14:51 +02002942 struct http_txn *txn = &s->txn;
2943 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002944 struct acl_cond *cond;
Willy Tarreauff011f22011-01-06 17:51:27 +01002945 struct http_req_rule *http_req_last_rule = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002946 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01002947 struct cond_wordlist *wl;
Simon Horman70735c92011-06-07 11:07:50 +09002948 int do_stats;
Willy Tarreaud787e662009-07-07 10:14:51 +02002949
Willy Tarreau655dce92009-11-08 13:10:58 +01002950 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02002951 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002952 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02002953 return 0;
2954 }
2955
Willy Tarreau3a816292009-07-07 10:55:49 +02002956 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002957 req->analyse_exp = TICK_ETERNITY;
2958
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002959 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaud787e662009-07-07 10:14:51 +02002960 now_ms, __FUNCTION__,
2961 s,
2962 req,
2963 req->rex, req->wex,
2964 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002965 req->buf->i,
Willy Tarreaud787e662009-07-07 10:14:51 +02002966 req->analysers);
2967
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002968 /* first check whether we have some ACLs set to block this request */
2969 list_for_each_entry(cond, &px->block_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002970 int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002971
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002972 ret = acl_pass(ret);
2973 if (cond->pol == ACL_COND_UNLESS)
2974 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002975
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002976 if (ret) {
2977 txn->status = 403;
2978 /* let's log the request time */
2979 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02002980 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02002981 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002982 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01002983 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002984 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002985
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002986 /* evaluate http-request rules */
Willy Tarreauff011f22011-01-06 17:51:27 +01002987 http_req_last_rule = http_check_access_rule(px, &px->http_req_rules, s, txn);
Willy Tarreau51425942010-02-01 10:40:19 +01002988
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002989 /* evaluate stats http-request rules only if http-request is OK */
Willy Tarreauff011f22011-01-06 17:51:27 +01002990 if (!http_req_last_rule) {
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002991 do_stats = stats_check_uri(s->rep->prod, txn, px);
2992 if (do_stats)
Willy Tarreauff011f22011-01-06 17:51:27 +01002993 http_req_last_rule = http_check_access_rule(px, &px->uri_auth->http_req_rules, s, txn);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01002994 }
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002995 else
2996 do_stats = 0;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01002997
Willy Tarreauf68a15a2011-01-06 16:53:21 +01002998 /* return a 403 if either rule has blocked */
Willy Tarreauff011f22011-01-06 17:51:27 +01002999 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_DENY) {
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003000 txn->status = 403;
3001 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003002 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003003 session_inc_http_err_ctr(s);
Willy Tarreau6da0f6d2011-01-06 18:19:50 +01003004 s->fe->fe_counters.denied_req++;
3005 if (an_bit == AN_REQ_HTTP_PROCESS_BE)
3006 s->be->be_counters.denied_req++;
3007 if (s->listener->counters)
3008 s->listener->counters->denied_req++;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003009 goto return_prx_cond;
3010 }
3011
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003012 /* try headers filters */
3013 if (px->req_exp != NULL) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003014 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003015 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01003016
Willy Tarreau59234e92008-11-30 23:51:27 +01003017 /* has the request been denied ? */
3018 if (txn->flags & TX_CLDENY) {
3019 /* no need to go further */
3020 txn->status = 403;
3021 /* let's log the request time */
3022 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003023 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003024 session_inc_http_err_ctr(s);
Willy Tarreau59234e92008-11-30 23:51:27 +01003025 goto return_prx_cond;
3026 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003027
3028 /* When a connection is tarpitted, we use the tarpit timeout,
3029 * which may be the same as the connect timeout if unspecified.
3030 * If unset, then set it to zero because we really want it to
3031 * eventually expire. We build the tarpit as an analyser.
3032 */
3033 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003034 channel_erase(s->req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003035 /* wipe the request out so that we can drop the connection early
3036 * if the client closes first.
3037 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003038 channel_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003039 req->analysers = 0; /* remove switching rules etc... */
3040 req->analysers |= AN_REQ_HTTP_TARPIT;
3041 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3042 if (!req->analyse_exp)
3043 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003044 session_inc_http_err_ctr(s);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003045 return 1;
3046 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003047 }
Willy Tarreau06619262006-12-17 08:37:22 +01003048
Willy Tarreau5b154472009-12-21 20:11:07 +01003049 /* Until set to anything else, the connection mode is set as TUNNEL. It will
3050 * only change if both the request and the config reference something else.
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003051 * Option httpclose by itself does not set a mode, it remains a tunnel mode
3052 * in which headers are mangled. However, if another mode is set, it will
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003053 * affect it (eg: server-close/keep-alive + httpclose = close). Note that we
3054 * avoid to redo the same work if FE and BE have the same settings (common).
3055 * The method consists in checking if options changed between the two calls
3056 * (implying that either one is non-null, or one of them is non-null and we
3057 * are there for the first time.
Willy Tarreau42736642009-10-18 21:04:35 +02003058 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003059
Willy Tarreaudc008c52010-02-01 16:20:08 +01003060 if ((!(txn->flags & TX_HDR_CONN_PRS) &&
3061 (s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) ||
3062 ((s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) !=
3063 (s->be->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)))) {
Willy Tarreau5b154472009-12-21 20:11:07 +01003064 int tmp = TX_CON_WANT_TUN;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003065
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003066 if ((s->fe->options|s->be->options) & PR_O_KEEPALIVE ||
3067 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreau5b154472009-12-21 20:11:07 +01003068 tmp = TX_CON_WANT_KAL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01003069 if ((s->fe->options|s->be->options) & PR_O_SERVER_CLO)
3070 tmp = TX_CON_WANT_SCL;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003071 if ((s->fe->options|s->be->options) & PR_O_FORCE_CLO)
Willy Tarreau5b154472009-12-21 20:11:07 +01003072 tmp = TX_CON_WANT_CLO;
3073
Willy Tarreau5b154472009-12-21 20:11:07 +01003074 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3075 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003076
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003077 if (!(txn->flags & TX_HDR_CONN_PRS)) {
3078 /* parse the Connection header and possibly clean it */
3079 int to_del = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003080 if ((msg->flags & HTTP_MSGF_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003081 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3082 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003083 to_del |= 2; /* remove "keep-alive" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003084 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003085 to_del |= 1; /* remove "close" */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003086 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003087 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003088
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003089 /* check if client or config asks for explicit close in KAL/SCL */
3090 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3091 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3092 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003093 (!(msg->flags & HTTP_MSGF_VER_11) && !(txn->flags & TX_HDR_CONN_KAL)) || /* no "connection: k-a" in 1.0 */
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003094 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE) || /* httpclose+any = forceclose */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003095 !(msg->flags & HTTP_MSGF_XFER_LEN) || /* no length known => close */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003096 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003097 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3098 }
Willy Tarreau78599912009-10-17 20:12:21 +02003099
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003100 /* we can be blocked here because the request needs to be authenticated,
3101 * either to pass or to access stats.
3102 */
Willy Tarreauff011f22011-01-06 17:51:27 +01003103 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_HTTP_AUTH) {
Willy Tarreauff011f22011-01-06 17:51:27 +01003104 char *realm = http_req_last_rule->http_auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003105
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003106 if (!realm)
3107 realm = do_stats?STATS_DEFAULT_REALM:px->id;
3108
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003109 chunk_printf(&trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003110 txn->status = 401;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003111 stream_int_retnclose(req->prod, &trash);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003112 /* on 401 we still count one error, because normal browsing
3113 * won't significantly increase the counter but brute force
3114 * attempts will.
3115 */
3116 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003117 goto return_prx_cond;
3118 }
3119
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003120 /* add request headers from the rule sets in the same order */
3121 list_for_each_entry(wl, &px->req_add, list) {
3122 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003123 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003124 ret = acl_pass(ret);
3125 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3126 ret = !ret;
3127 if (!ret)
3128 continue;
3129 }
3130
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003131 if (unlikely(http_header_add_tail(&txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003132 goto return_bad_req;
3133 }
3134
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003135 if (do_stats) {
Cyril Bonté474be412010-10-12 00:14:36 +02003136 struct stats_admin_rule *stats_admin_rule;
3137
3138 /* We need to provide stats for this request.
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003139 * FIXME!!! that one is rather dangerous, we want to
3140 * make it follow standard rules (eg: clear req->analysers).
3141 */
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003142
Cyril Bonté474be412010-10-12 00:14:36 +02003143 /* now check whether we have some admin rules for this request */
3144 list_for_each_entry(stats_admin_rule, &s->be->uri_auth->admin_rules, list) {
3145 int ret = 1;
3146
3147 if (stats_admin_rule->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003148 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Cyril Bonté474be412010-10-12 00:14:36 +02003149 ret = acl_pass(ret);
3150 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3151 ret = !ret;
3152 }
3153
3154 if (ret) {
3155 /* no rule, or the rule matches */
Willy Tarreau295a8372011-03-10 11:25:07 +01003156 s->rep->prod->applet.ctx.stats.flags |= STAT_ADMIN;
Cyril Bonté474be412010-10-12 00:14:36 +02003157 break;
3158 }
3159 }
3160
Cyril Bonté70be45d2010-10-12 00:14:35 +02003161 /* Was the status page requested with a POST ? */
3162 if (txn->meth == HTTP_METH_POST) {
Willy Tarreau295a8372011-03-10 11:25:07 +01003163 if (s->rep->prod->applet.ctx.stats.flags & STAT_ADMIN) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01003164 if (msg->msg_state < HTTP_MSG_100_SENT) {
3165 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3166 * send an HTTP/1.1 100 Continue intermediate response.
3167 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003168 if (msg->flags & HTTP_MSGF_VER_11) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01003169 struct hdr_ctx ctx;
3170 ctx.idx = 0;
3171 /* Expect is allowed in 1.1, look for it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003172 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
Cyril Bonté23b39d92011-02-10 22:54:44 +01003173 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02003174 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
Cyril Bonté23b39d92011-02-10 22:54:44 +01003175 }
3176 }
3177 msg->msg_state = HTTP_MSG_100_SENT;
3178 s->logs.tv_request = now; /* update the request timer to reflect full request */
3179 }
Willy Tarreau295a8372011-03-10 11:25:07 +01003180 if (!http_process_req_stat_post(s->rep->prod, txn, req)) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01003181 /* we need more data */
3182 req->analysers |= an_bit;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003183 channel_dont_connect(req);
Cyril Bonté23b39d92011-02-10 22:54:44 +01003184 return 0;
3185 }
Cyril Bonté474be412010-10-12 00:14:36 +02003186 } else {
Willy Tarreau295a8372011-03-10 11:25:07 +01003187 s->rep->prod->applet.ctx.stats.st_code = STAT_STATUS_DENY;
Cyril Bonté474be412010-10-12 00:14:36 +02003188 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02003189 }
3190
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003191 s->logs.tv_request = now;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003192 s->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub24281b2011-02-13 13:16:36 +01003193 stream_int_register_handler(s->rep->prod, &http_stats_applet);
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003194 copy_target(&s->target, &s->rep->prod->conn->target); // for logging only
3195 s->rep->prod->conn->xprt_ctx = s;
Willy Tarreaubc4af052011-02-13 13:25:14 +01003196 s->rep->prod->applet.st0 = s->rep->prod->applet.st1 = 0;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003197 req->analysers = 0;
Willy Tarreaueabea072011-09-10 23:29:44 +02003198 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3199 s->fe->fe_counters.intercepted_req++;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003200
3201 return 0;
3202
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003203 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003204
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003205 /* check whether we have some ACLs set to redirect this request */
3206 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01003207 int ret = ACL_PAT_PASS;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003208
Willy Tarreauf285f542010-01-03 20:03:03 +01003209 if (rule->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003210 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf285f542010-01-03 20:03:03 +01003211 ret = acl_pass(ret);
3212 if (rule->cond->pol == ACL_COND_UNLESS)
3213 ret = !ret;
3214 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003215
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003216 if (ret) {
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003217 const char *msg_fmt;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003218
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003219 /* build redirect message */
3220 switch(rule->code) {
3221 case 303:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003222 msg_fmt = HTTP_303;
3223 break;
3224 case 301:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003225 msg_fmt = HTTP_301;
3226 break;
3227 case 302:
3228 default:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003229 msg_fmt = HTTP_302;
3230 break;
3231 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003232
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003233 if (unlikely(!chunk_strcpy(&trash, msg_fmt)))
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003234 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003235
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003236 switch(rule->type) {
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003237 case REDIRECT_TYPE_SCHEME: {
3238 const char *path;
3239 const char *host;
3240 struct hdr_ctx ctx;
3241 int pathlen;
3242 int hostlen;
3243
3244 host = "";
3245 hostlen = 0;
3246 ctx.idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02003247 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003248 host = ctx.line + ctx.val;
3249 hostlen = ctx.vlen;
3250 }
3251
3252 path = http_get_path(txn);
3253 /* build message using path */
3254 if (path) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003255 pathlen = txn->req.sl.rq.u_l + (req->buf->p + txn->req.sl.rq.u) - path;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003256 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3257 int qs = 0;
3258 while (qs < pathlen) {
3259 if (path[qs] == '?') {
3260 pathlen = qs;
3261 break;
3262 }
3263 qs++;
3264 }
3265 }
3266 } else {
3267 path = "/";
3268 pathlen = 1;
3269 }
3270
3271 /* check if we can add scheme + "://" + host + path */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003272 if (trash.len + rule->rdr_len + 3 + hostlen + pathlen > trash.size - 4)
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003273 goto return_bad_req;
3274
3275 /* add scheme */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003276 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3277 trash.len += rule->rdr_len;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003278
3279 /* add "://" */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003280 memcpy(trash.str + trash.len, "://", 3);
3281 trash.len += 3;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003282
3283 /* add host */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003284 memcpy(trash.str + trash.len, host, hostlen);
3285 trash.len += hostlen;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003286
3287 /* add path */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003288 memcpy(trash.str + trash.len, path, pathlen);
3289 trash.len += pathlen;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003290
3291 /* append a slash at the end of the location is needed and missing */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003292 if (trash.len && trash.str[trash.len - 1] != '/' &&
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003293 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003294 if (trash.len > trash.size - 5)
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003295 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003296 trash.str[trash.len] = '/';
3297 trash.len++;
Willy Tarreau2e1dca82012-09-12 08:43:15 +02003298 }
3299
3300 break;
3301 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003302 case REDIRECT_TYPE_PREFIX: {
3303 const char *path;
3304 int pathlen;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003305
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003306 path = http_get_path(txn);
3307 /* build message using path */
3308 if (path) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003309 pathlen = txn->req.sl.rq.u_l + (req->buf->p + txn->req.sl.rq.u) - path;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003310 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3311 int qs = 0;
3312 while (qs < pathlen) {
3313 if (path[qs] == '?') {
3314 pathlen = qs;
3315 break;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003316 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003317 qs++;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003318 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003319 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003320 } else {
3321 path = "/";
3322 pathlen = 1;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003323 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003324
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003325 if (trash.len + rule->rdr_len + pathlen > trash.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003326 goto return_bad_req;
3327
3328 /* add prefix. Note that if prefix == "/", we don't want to
3329 * add anything, otherwise it makes it hard for the user to
3330 * configure a self-redirection.
3331 */
3332 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003333 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3334 trash.len += rule->rdr_len;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003335 }
3336
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003337 /* add path */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003338 memcpy(trash.str + trash.len, path, pathlen);
3339 trash.len += pathlen;
Willy Tarreau81e3b4f2010-01-10 00:42:19 +01003340
3341 /* append a slash at the end of the location is needed and missing */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003342 if (trash.len && trash.str[trash.len - 1] != '/' &&
Willy Tarreau81e3b4f2010-01-10 00:42:19 +01003343 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003344 if (trash.len > trash.size - 5)
Willy Tarreau81e3b4f2010-01-10 00:42:19 +01003345 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003346 trash.str[trash.len] = '/';
3347 trash.len++;
Willy Tarreau81e3b4f2010-01-10 00:42:19 +01003348 }
3349
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003350 break;
3351 }
3352 case REDIRECT_TYPE_LOCATION:
3353 default:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003354 if (trash.len + rule->rdr_len > trash.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003355 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003356
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003357 /* add location */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003358 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3359 trash.len += rule->rdr_len;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003360 break;
3361 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003362
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003363 if (rule->cookie_len) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003364 memcpy(trash.str + trash.len, "\r\nSet-Cookie: ", 14);
3365 trash.len += 14;
3366 memcpy(trash.str + trash.len, rule->cookie_str, rule->cookie_len);
3367 trash.len += rule->cookie_len;
3368 memcpy(trash.str + trash.len, "\r\n", 2);
3369 trash.len += 2;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003370 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003371
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003372 /* add end of headers and the keep-alive/close status.
3373 * We may choose to set keep-alive if the Location begins
3374 * with a slash, because the client will come back to the
3375 * same server.
3376 */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003377 txn->status = rule->code;
3378 /* let's log the request time */
3379 s->logs.tv_request = now;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003380
3381 if (rule->rdr_len >= 1 && *rule->rdr_str == '/' &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003382 (msg->flags & HTTP_MSGF_XFER_LEN) &&
3383 !(msg->flags & HTTP_MSGF_TE_CHNK) && !txn->req.body_len &&
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003384 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3385 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3386 /* keep-alive possible */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003387 if (!(msg->flags & HTTP_MSGF_VER_11)) {
Willy Tarreau88d349d2010-01-25 12:15:43 +01003388 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003389 memcpy(trash.str + trash.len, "\r\nProxy-Connection: keep-alive", 30);
3390 trash.len += 30;
Willy Tarreau88d349d2010-01-25 12:15:43 +01003391 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003392 memcpy(trash.str + trash.len, "\r\nConnection: keep-alive", 24);
3393 trash.len += 24;
Willy Tarreau88d349d2010-01-25 12:15:43 +01003394 }
Willy Tarreau75661452010-01-10 10:35:01 +01003395 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003396 memcpy(trash.str + trash.len, "\r\n\r\n", 4);
3397 trash.len += 4;
3398 bo_inject(req->prod->ob, trash.str, trash.len);
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003399 /* "eat" the request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003400 bi_fast_delete(req->buf, msg->sov);
Willy Tarreau26927362012-05-18 23:22:52 +02003401 msg->sov = 0;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003402 req->analysers = AN_REQ_HTTP_XFER_BODY;
Willy Tarreau9300fb22010-01-05 00:58:24 +01003403 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3404 txn->req.msg_state = HTTP_MSG_CLOSED;
3405 txn->rsp.msg_state = HTTP_MSG_DONE;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003406 break;
3407 } else {
3408 /* keep-alive not possible */
Willy Tarreau88d349d2010-01-25 12:15:43 +01003409 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003410 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3411 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +01003412 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003413 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
3414 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +01003415 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003416 stream_int_retnclose(req->prod, &trash);
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003417 goto return_prx_cond;
3418 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003419 }
3420 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003421
Willy Tarreau2be39392010-01-03 17:24:51 +01003422 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
3423 * If this happens, then the data will not come immediately, so we must
3424 * send all what we have without waiting. Note that due to the small gain
3425 * in waiting for the body of the request, it's easier to simply put the
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003426 * CF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
Willy Tarreau2be39392010-01-03 17:24:51 +01003427 * itself once used.
3428 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003429 req->flags |= CF_SEND_DONTWAIT;
Willy Tarreau2be39392010-01-03 17:24:51 +01003430
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003431 /* that's OK for us now, let's move on to next analysers */
3432 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02003433
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003434 return_bad_req:
3435 /* We centralize bad requests processing here */
3436 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
3437 /* we detected a parsing error. We want to archive this request
3438 * in the dedicated proxy area for later troubleshooting.
3439 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01003440 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003441 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003442
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003443 txn->req.msg_state = HTTP_MSG_ERROR;
3444 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02003445 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003446
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003447 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003448 if (s->listener->counters)
3449 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003450
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003451 return_prx_cond:
3452 if (!(s->flags & SN_ERR_MASK))
3453 s->flags |= SN_ERR_PRXCOND;
3454 if (!(s->flags & SN_FINST_MASK))
3455 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01003456
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003457 req->analysers = 0;
3458 req->analyse_exp = TICK_ETERNITY;
3459 return 0;
3460}
Willy Tarreau58f10d72006-12-04 02:26:12 +01003461
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003462/* This function performs all the processing enabled for the current request.
3463 * It returns 1 if the processing can continue on next analysers, or zero if it
3464 * needs more data, encounters an error, or wants to immediately abort the
3465 * request. It relies on buffers flags, and updates s->req->analysers.
3466 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003467int http_process_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003468{
3469 struct http_txn *txn = &s->txn;
3470 struct http_msg *msg = &txn->req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003471
Willy Tarreau655dce92009-11-08 13:10:58 +01003472 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003473 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003474 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003475 return 0;
3476 }
3477
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003478 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003479 now_ms, __FUNCTION__,
3480 s,
3481 req,
3482 req->rex, req->wex,
3483 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003484 req->buf->i,
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003485 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01003486
William Lallemand82fe75c2012-10-23 10:25:10 +02003487 if (s->fe->comp || s->be->comp)
3488 select_compression_request_header(s, req->buf);
3489
Willy Tarreau59234e92008-11-30 23:51:27 +01003490 /*
3491 * Right now, we know that we have processed the entire headers
3492 * and that unwanted requests have been filtered out. We can do
3493 * whatever we want with the remaining request. Also, now we
3494 * may have separate values for ->fe, ->be.
3495 */
Willy Tarreau06619262006-12-17 08:37:22 +01003496
Willy Tarreau59234e92008-11-30 23:51:27 +01003497 /*
3498 * If HTTP PROXY is set we simply get remote server address
3499 * parsing incoming request.
3500 */
3501 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003502 url2sa(req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l, &s->req->cons->conn->addr.to);
Willy Tarreau59234e92008-11-30 23:51:27 +01003503 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003504
Willy Tarreau59234e92008-11-30 23:51:27 +01003505 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003506 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01003507 * Note that doing so might move headers in the request, but
3508 * the fields will stay coherent and the URI will not move.
3509 * This should only be performed in the backend.
3510 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02003511 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01003512 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
3513 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02003514
Willy Tarreau59234e92008-11-30 23:51:27 +01003515 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003516 * 8: the appsession cookie was looked up very early in 1.2,
3517 * so let's do the same now.
3518 */
3519
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003520 /* It needs to look into the URI unless persistence must be ignored */
3521 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003522 get_srv_from_appsession(s, req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01003523 }
3524
William Lallemanda73203e2012-03-12 12:48:57 +01003525 /* add unique-id if "header-unique-id" is specified */
3526
3527 if (!LIST_ISEMPTY(&s->fe->format_unique_id))
3528 build_logline(s, s->unique_id, UNIQUEID_LEN, &s->fe->format_unique_id);
3529
3530 if (s->fe->header_unique_id && s->unique_id) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003531 chunk_printf(&trash, "%s: %s", s->fe->header_unique_id, s->unique_id);
3532 if (trash.len < 0)
William Lallemanda73203e2012-03-12 12:48:57 +01003533 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003534 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len) < 0))
William Lallemanda73203e2012-03-12 12:48:57 +01003535 goto return_bad_req;
3536 }
3537
Cyril Bontéb21570a2009-11-29 20:04:48 +01003538 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01003539 * 9: add X-Forwarded-For if either the frontend or the backend
3540 * asks for it.
3541 */
3542 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003543 struct hdr_ctx ctx = { .idx = 0 };
Willy Tarreau87cf5142011-08-19 22:57:24 +02003544 if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
Cyril Bontéa32d2752012-05-29 23:27:41 +02003545 http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
3546 s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003547 req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003548 /* The header is set to be added only if none is present
3549 * and we found it, so don't do anything.
3550 */
3551 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003552 else if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003553 /* Add an X-Forwarded-For header unless the source IP is
3554 * in the 'except' network range.
3555 */
3556 if ((!s->fe->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003557 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003558 != s->fe->except_net.s_addr) &&
3559 (!s->be->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003560 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003561 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01003562 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01003563 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003564 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02003565
3566 /* Note: we rely on the backend to get the header name to be used for
3567 * x-forwarded-for, because the header is really meant for the backends.
3568 * However, if the backend did not specify any option, we have to rely
3569 * on the frontend's header name.
3570 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003571 if (s->be->fwdfor_hdr_len) {
3572 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003573 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02003574 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01003575 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003576 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003577 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003578 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01003579
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003580 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01003581 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01003582 }
3583 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003584 else if (s->req->prod->conn->addr.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003585 /* FIXME: for the sake of completeness, we should also support
3586 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003587 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003588 int len;
3589 char pn[INET6_ADDRSTRLEN];
3590 inet_ntop(AF_INET6,
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003591 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->conn->addr.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01003592 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003593
Willy Tarreau59234e92008-11-30 23:51:27 +01003594 /* Note: we rely on the backend to get the header name to be used for
3595 * x-forwarded-for, because the header is really meant for the backends.
3596 * However, if the backend did not specify any option, we have to rely
3597 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003598 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003599 if (s->be->fwdfor_hdr_len) {
3600 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003601 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Willy Tarreau59234e92008-11-30 23:51:27 +01003602 } else {
3603 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003604 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003605 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003606 len += sprintf(trash.str + len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02003607
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003608 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01003609 goto return_bad_req;
3610 }
3611 }
3612
3613 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02003614 * 10: add X-Original-To if either the frontend or the backend
3615 * asks for it.
3616 */
3617 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
3618
3619 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003620 if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02003621 /* Add an X-Original-To header unless the destination IP is
3622 * in the 'except' network range.
3623 */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003624 conn_get_to_addr(s->req->prod->conn);
Maik Broemme2850cb42009-04-17 18:53:21 +02003625
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003626 if (s->req->prod->conn->addr.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02003627 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003628 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02003629 != s->fe->except_to.s_addr) &&
3630 (!s->be->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003631 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02003632 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02003633 int len;
3634 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003635 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02003636
3637 /* Note: we rely on the backend to get the header name to be used for
3638 * x-original-to, because the header is really meant for the backends.
3639 * However, if the backend did not specify any option, we have to rely
3640 * on the frontend's header name.
3641 */
3642 if (s->be->orgto_hdr_len) {
3643 len = s->be->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003644 memcpy(trash.str, s->be->orgto_hdr_name, len);
Maik Broemme2850cb42009-04-17 18:53:21 +02003645 } else {
3646 len = s->fe->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003647 memcpy(trash.str, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003648 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003649 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Maik Broemme2850cb42009-04-17 18:53:21 +02003650
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003651 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02003652 goto return_bad_req;
3653 }
3654 }
3655 }
3656
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003657 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set. */
3658 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003659 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003660 unsigned int want_flags = 0;
3661
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003662 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02003663 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
3664 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) &&
3665 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003666 want_flags |= TX_CON_CLO_SET;
3667 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02003668 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
3669 !((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) ||
3670 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003671 want_flags |= TX_CON_KAL_SET;
3672 }
3673
3674 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003675 http_change_connection_header(txn, msg, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01003676 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003677
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003678
Willy Tarreau522d6c02009-12-06 18:49:18 +01003679 /* If we have no server assigned yet and we're balancing on url_param
3680 * with a POST request, we may be interested in checking the body for
3681 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01003682 */
3683 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
3684 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01003685 s->be->url_param_post_limit != 0 &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003686 (msg->flags & (HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK))) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003687 channel_dont_connect(req);
Willy Tarreau522d6c02009-12-06 18:49:18 +01003688 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01003689 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003690
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003691 if (msg->flags & HTTP_MSGF_XFER_LEN) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01003692 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau5e205522011-12-17 16:34:27 +01003693#ifdef TCP_QUICKACK
3694 /* We expect some data from the client. Unless we know for sure
3695 * we already have a full request, we have to re-enable quick-ack
3696 * in case we previously disabled it, otherwise we might cause
3697 * the client to delay further data.
3698 */
3699 if ((s->listener->options & LI_O_NOQUICKACK) &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003700 ((msg->flags & HTTP_MSGF_TE_CHNK) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02003701 (msg->body_len > req->buf->i - txn->req.eoh - 2)))
Willy Tarreaufb7508a2012-05-21 16:47:54 +02003702 setsockopt(si_fd(&s->si[0]), IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01003703#endif
3704 }
Willy Tarreau03945942009-12-22 16:50:27 +01003705
Willy Tarreau59234e92008-11-30 23:51:27 +01003706 /*************************************************************
3707 * OK, that's finished for the headers. We have done what we *
3708 * could. Let's switch to the DATA state. *
3709 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01003710 req->analyse_exp = TICK_ETERNITY;
3711 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003712
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02003713 /* if the server closes the connection, we want to immediately react
3714 * and close the socket to save packets and syscalls.
3715 */
3716 req->cons->flags |= SI_FL_NOHALF;
3717
Willy Tarreau59234e92008-11-30 23:51:27 +01003718 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01003719 /* OK let's go on with the BODY now */
3720 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01003721
Willy Tarreau59234e92008-11-30 23:51:27 +01003722 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02003723 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01003724 /* we detected a parsing error. We want to archive this request
3725 * in the dedicated proxy area for later troubleshooting.
3726 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01003727 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01003728 }
Willy Tarreau4076a152009-04-02 15:18:36 +02003729
Willy Tarreau59234e92008-11-30 23:51:27 +01003730 txn->req.msg_state = HTTP_MSG_ERROR;
3731 txn->status = 400;
3732 req->analysers = 0;
Willy Tarreau783f2582012-09-04 12:19:04 +02003733 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003734
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003735 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003736 if (s->listener->counters)
3737 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02003738
Willy Tarreau59234e92008-11-30 23:51:27 +01003739 if (!(s->flags & SN_ERR_MASK))
3740 s->flags |= SN_ERR_PRXCOND;
3741 if (!(s->flags & SN_FINST_MASK))
3742 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02003743 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02003744}
Willy Tarreauadfb8562008-08-11 15:24:42 +02003745
Willy Tarreau60b85b02008-11-30 23:28:40 +01003746/* This function is an analyser which processes the HTTP tarpit. It always
3747 * returns zero, at the beginning because it prevents any other processing
3748 * from occurring, and at the end because it terminates the request.
3749 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003750int http_process_tarpit(struct session *s, struct channel *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01003751{
3752 struct http_txn *txn = &s->txn;
3753
3754 /* This connection is being tarpitted. The CLIENT side has
3755 * already set the connect expiration date to the right
3756 * timeout. We just have to check that the client is still
3757 * there and that the timeout has not expired.
3758 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003759 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003760 if ((req->flags & (CF_SHUTR|CF_READ_ERROR)) == 0 &&
Willy Tarreau60b85b02008-11-30 23:28:40 +01003761 !tick_is_expired(req->analyse_exp, now_ms))
3762 return 0;
3763
3764 /* We will set the queue timer to the time spent, just for
3765 * logging purposes. We fake a 500 server error, so that the
3766 * attacker will not suspect his connection has been tarpitted.
3767 * It will not cause trouble to the logs because we can exclude
3768 * the tarpitted connections by filtering on the 'PT' status flags.
3769 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01003770 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
3771
3772 txn->status = 500;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003773 if (!(req->flags & CF_READ_ERROR))
Willy Tarreau783f2582012-09-04 12:19:04 +02003774 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau60b85b02008-11-30 23:28:40 +01003775
3776 req->analysers = 0;
3777 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003778
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003779 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003780 if (s->listener->counters)
3781 s->listener->counters->failed_req++;
Willy Tarreau60b85b02008-11-30 23:28:40 +01003782
Willy Tarreau60b85b02008-11-30 23:28:40 +01003783 if (!(s->flags & SN_ERR_MASK))
3784 s->flags |= SN_ERR_PRXCOND;
3785 if (!(s->flags & SN_FINST_MASK))
3786 s->flags |= SN_FINST_T;
3787 return 0;
3788}
3789
Willy Tarreaud34af782008-11-30 23:36:37 +01003790/* This function is an analyser which processes the HTTP request body. It looks
3791 * for parameters to be used for the load balancing algorithm (url_param). It
3792 * must only be called after the standard HTTP request processing has occurred,
3793 * because it expects the request to be parsed. It returns zero if it needs to
3794 * read more data, or 1 once it has completed its analysis.
3795 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003796int http_process_request_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01003797{
Willy Tarreau522d6c02009-12-06 18:49:18 +01003798 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01003799 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01003800 long long limit = s->be->url_param_post_limit;
Willy Tarreaud34af782008-11-30 23:36:37 +01003801
3802 /* We have to parse the HTTP request body to find any required data.
3803 * "balance url_param check_post" should have been the only way to get
3804 * into this. We were brought here after HTTP header analysis, so all
3805 * related structures are ready.
3806 */
3807
Willy Tarreau522d6c02009-12-06 18:49:18 +01003808 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
3809 goto missing_data;
3810
3811 if (msg->msg_state < HTTP_MSG_100_SENT) {
3812 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3813 * send an HTTP/1.1 100 Continue intermediate response.
3814 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003815 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003816 struct hdr_ctx ctx;
3817 ctx.idx = 0;
3818 /* Expect is allowed in 1.1, look for it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003819 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01003820 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02003821 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
Willy Tarreau522d6c02009-12-06 18:49:18 +01003822 }
3823 }
3824 msg->msg_state = HTTP_MSG_100_SENT;
3825 }
3826
3827 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01003828 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02003829 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02003830 * is still null. We must save the body in msg->next because it
3831 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01003832 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01003833 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01003834
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003835 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau522d6c02009-12-06 18:49:18 +01003836 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
3837 else
3838 msg->msg_state = HTTP_MSG_DATA;
3839 }
3840
3841 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01003842 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01003843 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01003844 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01003845 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01003846 int ret = http_parse_chunk_size(msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01003847
Willy Tarreau115acb92009-12-26 13:56:06 +01003848 if (!ret)
3849 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003850 else if (ret < 0) {
3851 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01003852 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003853 }
Willy Tarreaud34af782008-11-30 23:36:37 +01003854 }
3855
Willy Tarreaud98cf932009-12-27 22:54:55 +01003856 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01003857 * We have the first data byte is in msg->sov. We're waiting for at
3858 * least <url_param_post_limit> bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01003859 */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003860
Willy Tarreau124d9912011-03-01 20:30:48 +01003861 if (msg->body_len < limit)
3862 limit = msg->body_len;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003863
Willy Tarreau9b28e032012-10-12 23:49:43 +02003864 if (req->buf->i - msg->sov >= limit) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003865 goto http_end;
3866
3867 missing_data:
3868 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003869 if (buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02003870 session_inc_http_err_ctr(s);
Willy Tarreau115acb92009-12-26 13:56:06 +01003871 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003872 }
Willy Tarreau115acb92009-12-26 13:56:06 +01003873
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003874 if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003875 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02003876 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02003877
3878 if (!(s->flags & SN_ERR_MASK))
3879 s->flags |= SN_ERR_CLITO;
3880 if (!(s->flags & SN_FINST_MASK))
3881 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003882 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01003883 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003884
3885 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003886 if (!(req->flags & (CF_SHUTR | CF_READ_ERROR)) && !buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreaud34af782008-11-30 23:36:37 +01003887 /* Not enough data. We'll re-use the http-request
3888 * timeout here. Ideally, we should set the timeout
3889 * relative to the accept() date. We just set the
3890 * request timeout once at the beginning of the
3891 * request.
3892 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003893 channel_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01003894 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02003895 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01003896 return 0;
3897 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003898
3899 http_end:
3900 /* The situation will not evolve, so let's give up on the analysis. */
3901 s->logs.tv_request = now; /* update the request timer to reflect full request */
3902 req->analysers &= ~an_bit;
3903 req->analyse_exp = TICK_ETERNITY;
3904 return 1;
3905
3906 return_bad_req: /* let's centralize all bad requests */
3907 txn->req.msg_state = HTTP_MSG_ERROR;
3908 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02003909 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau522d6c02009-12-06 18:49:18 +01003910
Willy Tarreau79ebac62010-06-07 13:47:49 +02003911 if (!(s->flags & SN_ERR_MASK))
3912 s->flags |= SN_ERR_PRXCOND;
3913 if (!(s->flags & SN_FINST_MASK))
3914 s->flags |= SN_FINST_R;
3915
Willy Tarreau522d6c02009-12-06 18:49:18 +01003916 return_err_msg:
3917 req->analysers = 0;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003918 s->fe->fe_counters.failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003919 if (s->listener->counters)
3920 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003921 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01003922}
3923
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003924/* send a server's name with an outgoing request over an established connection.
3925 * Note: this function is designed to be called once the request has been scheduled
3926 * for being forwarded. This is the reason why it rewinds the buffer before
3927 * proceeding.
3928 */
Willy Tarreau45c0d982012-03-09 12:11:57 +01003929int http_send_name_header(struct http_txn *txn, struct proxy* be, const char* srv_name) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05003930
3931 struct hdr_ctx ctx;
3932
Mark Lamourinec2247f02012-01-04 13:02:01 -05003933 char *hdr_name = be->server_id_hdr_name;
3934 int hdr_name_len = be->server_id_hdr_len;
Willy Tarreau394db372012-10-12 22:40:39 +02003935 struct channel *chn = txn->req.chn;
Mark Lamourinec2247f02012-01-04 13:02:01 -05003936 char *hdr_val;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003937 unsigned int old_o, old_i;
Mark Lamourinec2247f02012-01-04 13:02:01 -05003938
William Lallemandd9e90662012-01-30 17:27:17 +01003939 ctx.idx = 0;
3940
Willy Tarreau9b28e032012-10-12 23:49:43 +02003941 old_o = chn->buf->o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003942 if (old_o) {
3943 /* The request was already skipped, let's restore it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003944 b_rew(chn->buf, old_o);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003945 }
3946
Willy Tarreau9b28e032012-10-12 23:49:43 +02003947 old_i = chn->buf->i;
3948 while (http_find_header2(hdr_name, hdr_name_len, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05003949 /* remove any existing values from the header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003950 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Mark Lamourinec2247f02012-01-04 13:02:01 -05003951 }
3952
3953 /* Add the new header requested with the server value */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003954 hdr_val = trash.str;
Mark Lamourinec2247f02012-01-04 13:02:01 -05003955 memcpy(hdr_val, hdr_name, hdr_name_len);
3956 hdr_val += hdr_name_len;
3957 *hdr_val++ = ':';
3958 *hdr_val++ = ' ';
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003959 hdr_val += strlcpy2(hdr_val, srv_name, trash.str + trash.size - hdr_val);
3960 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, hdr_val - trash.str);
Mark Lamourinec2247f02012-01-04 13:02:01 -05003961
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003962 if (old_o) {
3963 /* If this was a forwarded request, we must readjust the amount of
3964 * data to be forwarded in order to take into account the size
3965 * variations.
3966 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02003967 b_adv(chn->buf, old_o + chn->buf->i - old_i);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02003968 }
3969
Mark Lamourinec2247f02012-01-04 13:02:01 -05003970 return 0;
3971}
3972
Willy Tarreau610ecce2010-01-04 21:15:02 +01003973/* Terminate current transaction and prepare a new one. This is very tricky
3974 * right now but it works.
3975 */
3976void http_end_txn_clean_session(struct session *s)
3977{
3978 /* FIXME: We need a more portable way of releasing a backend's and a
3979 * server's connections. We need a safer way to reinitialize buffer
3980 * flags. We also need a more accurate method for computing per-request
3981 * data.
3982 */
3983 http_silent_debug(__LINE__, s);
3984
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02003985 s->req->cons->flags |= SI_FL_NOLINGER | SI_FL_NOHALF;
Willy Tarreau73b013b2012-05-21 16:31:45 +02003986 si_shutr(s->req->cons);
3987 si_shutw(s->req->cons);
Willy Tarreau610ecce2010-01-04 21:15:02 +01003988
3989 http_silent_debug(__LINE__, s);
3990
Willy Tarreau2d5cd472012-03-01 23:34:37 +01003991 if (s->flags & SN_BE_ASSIGNED) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01003992 s->be->beconn--;
Willy Tarreau2d5cd472012-03-01 23:34:37 +01003993 if (unlikely(s->srv_conn))
3994 sess_change_server(s, NULL);
3995 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01003996
3997 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
3998 session_process_counters(s);
Willy Tarreauf059a0f2010-08-03 16:29:52 +02003999 session_stop_backend_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004000
4001 if (s->txn.status) {
4002 int n;
4003
4004 n = s->txn.status / 100;
4005 if (n < 1 || n > 5)
4006 n = 0;
4007
4008 if (s->fe->mode == PR_MODE_HTTP)
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004009 s->fe->fe_counters.p.http.rsp[n]++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004010
Willy Tarreau24657792010-02-26 10:30:28 +01004011 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004012 (s->be->mode == PR_MODE_HTTP))
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004013 s->be->be_counters.p.http.rsp[n]++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004014 }
4015
4016 /* don't count other requests' data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004017 s->logs.bytes_in -= s->req->buf->i;
4018 s->logs.bytes_out -= s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004019
4020 /* let's do a final log if we need it */
4021 if (s->logs.logwait &&
4022 !(s->flags & SN_MONITOR) &&
4023 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
4024 s->do_log(s);
4025 }
4026
4027 s->logs.accept_date = date; /* user-visible date for logging */
4028 s->logs.tv_accept = now; /* corrected date for internal use */
4029 tv_zero(&s->logs.tv_request);
4030 s->logs.t_queue = -1;
4031 s->logs.t_connect = -1;
4032 s->logs.t_data = -1;
4033 s->logs.t_close = 0;
4034 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
4035 s->logs.srv_queue_size = 0; /* we will get this number soon */
4036
Willy Tarreau9b28e032012-10-12 23:49:43 +02004037 s->logs.bytes_in = s->req->total = s->req->buf->i;
4038 s->logs.bytes_out = s->rep->total = s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004039
4040 if (s->pend_pos)
4041 pendconn_free(s->pend_pos);
4042
Willy Tarreau827aee92011-03-10 16:55:02 +01004043 if (target_srv(&s->target)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004044 if (s->flags & SN_CURR_SESS) {
4045 s->flags &= ~SN_CURR_SESS;
Willy Tarreau827aee92011-03-10 16:55:02 +01004046 target_srv(&s->target)->cur_sess--;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004047 }
Willy Tarreau827aee92011-03-10 16:55:02 +01004048 if (may_dequeue_tasks(target_srv(&s->target), s->be))
4049 process_srv_queue(target_srv(&s->target));
Willy Tarreau610ecce2010-01-04 21:15:02 +01004050 }
4051
Willy Tarreau9e000c62011-03-10 14:03:36 +01004052 clear_target(&s->target);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004053
4054 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004055 s->req->cons->conn->t.sock.fd = -1; /* just to help with debugging */
4056 s->req->cons->conn->flags = CO_FL_NONE;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004057 s->req->cons->err_type = SI_ET_NONE;
Willy Tarreau0b3a4112011-03-27 19:16:56 +02004058 s->req->cons->conn_retries = 0; /* used for logging too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004059 s->req->cons->err_loc = NULL;
4060 s->req->cons->exp = TICK_ETERNITY;
4061 s->req->cons->flags = SI_FL_NONE;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004062 s->req->flags &= ~(CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CONNECT|CF_WRITE_ERROR|CF_STREAMER|CF_STREAMER_FAST|CF_NEVER_WAIT);
4063 s->rep->flags &= ~(CF_SHUTR|CF_SHUTR_NOW|CF_READ_ATTACHED|CF_READ_ERROR|CF_READ_NOEXP|CF_STREAMER|CF_STREAMER_FAST|CF_WRITE_PARTIAL|CF_NEVER_WAIT);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004064 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004065 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE);
4066 s->txn.meth = 0;
4067 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01004068 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreauee55dc02010-06-01 10:56:34 +02004069 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01004070 s->req->cons->flags |= SI_FL_INDEP_STR;
4071
Willy Tarreau96e31212011-05-30 18:10:30 +02004072 if (s->fe->options2 & PR_O2_NODELAY) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004073 s->req->flags |= CF_NEVER_WAIT;
4074 s->rep->flags |= CF_NEVER_WAIT;
Willy Tarreau96e31212011-05-30 18:10:30 +02004075 }
4076
Willy Tarreau610ecce2010-01-04 21:15:02 +01004077 /* if the request buffer is not empty, it means we're
4078 * about to process another request, so send pending
4079 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01004080 * Just don't do this if the buffer is close to be full,
4081 * because the request will wait for it to flush a little
4082 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004083 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004084 if (s->req->buf->i) {
4085 if (s->rep->buf->o &&
4086 !buffer_full(s->rep->buf, global.tune.maxrewrite) &&
4087 bi_end(s->rep->buf) <= s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004088 s->rep->flags |= CF_EXPECT_MORE;
Willy Tarreau065e8332010-01-08 00:30:20 +01004089 }
Willy Tarreau90deb182010-01-07 00:20:41 +01004090
4091 /* we're removing the analysers, we MUST re-enable events detection */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004092 channel_auto_read(s->req);
4093 channel_auto_close(s->req);
4094 channel_auto_read(s->rep);
4095 channel_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004096
Willy Tarreau342b11c2010-11-24 16:22:09 +01004097 s->req->analysers = s->listener->analysers;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004098 s->rep->analysers = 0;
4099
4100 http_silent_debug(__LINE__, s);
4101}
4102
4103
4104/* This function updates the request state machine according to the response
4105 * state machine and buffer flags. It returns 1 if it changes anything (flag
4106 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4107 * it is only used to find when a request/response couple is complete. Both
4108 * this function and its equivalent should loop until both return zero. It
4109 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4110 */
4111int http_sync_req_state(struct session *s)
4112{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004113 struct channel *chn = s->req;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004114 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004115 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004116 unsigned int old_state = txn->req.msg_state;
4117
4118 http_silent_debug(__LINE__, s);
4119 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4120 return 0;
4121
4122 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004123 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004124 * We can shut the read side unless we want to abort_on_close,
4125 * or we have a POST request. The issue with POST requests is
4126 * that some browsers still send a CRLF after the request, and
4127 * this CRLF must be read so that it does not remain in the kernel
4128 * buffers, otherwise a close could cause an RST on some systems
4129 * (eg: Linux).
Willy Tarreau90deb182010-01-07 00:20:41 +01004130 */
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004131 if (!(s->be->options & PR_O_ABRT_CLOSE) && txn->meth != HTTP_METH_POST)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004132 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004133
4134 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4135 goto wait_other_side;
4136
4137 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4138 /* The server has not finished to respond, so we
4139 * don't want to move in order not to upset it.
4140 */
4141 goto wait_other_side;
4142 }
4143
4144 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4145 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004146 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004147 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004148 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004149 goto wait_other_side;
4150 }
4151
4152 /* When we get here, it means that both the request and the
4153 * response have finished receiving. Depending on the connection
4154 * mode, we'll have to wait for the last bytes to leave in either
4155 * direction, and sometimes for a close to be effective.
4156 */
4157
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004158 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4159 /* Server-close mode : queue a connection close to the server */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004160 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW)))
4161 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004162 }
4163 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4164 /* Option forceclose is set, or either side wants to close,
4165 * let's enforce it now that we're not expecting any new
4166 * data to come. The caller knows the session is complete
4167 * once both states are CLOSED.
4168 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004169 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4170 channel_shutr_now(chn);
4171 channel_shutw_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004172 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004173 }
4174 else {
4175 /* The last possible modes are keep-alive and tunnel. Since tunnel
4176 * mode does not set the body analyser, we can't reach this place
4177 * in tunnel mode, so we're left with keep-alive only.
4178 * This mode is currently not implemented, we switch to tunnel mode.
4179 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004180 channel_auto_read(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004181 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004182 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004183 }
4184
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004185 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004186 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004187 chn->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004188
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004189 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004190 txn->req.msg_state = HTTP_MSG_CLOSING;
4191 goto http_msg_closing;
4192 }
4193 else {
4194 txn->req.msg_state = HTTP_MSG_CLOSED;
4195 goto http_msg_closed;
4196 }
4197 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004198 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004199 }
4200
4201 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4202 http_msg_closing:
4203 /* nothing else to forward, just waiting for the output buffer
4204 * to be empty and for the shutw_now to take effect.
4205 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004206 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004207 txn->req.msg_state = HTTP_MSG_CLOSED;
4208 goto http_msg_closed;
4209 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004210 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004211 txn->req.msg_state = HTTP_MSG_ERROR;
4212 goto wait_other_side;
4213 }
4214 }
4215
4216 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4217 http_msg_closed:
4218 goto wait_other_side;
4219 }
4220
4221 wait_other_side:
4222 http_silent_debug(__LINE__, s);
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004223 return txn->req.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004224}
4225
4226
4227/* This function updates the response state machine according to the request
4228 * state machine and buffer flags. It returns 1 if it changes anything (flag
4229 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4230 * it is only used to find when a request/response couple is complete. Both
4231 * this function and its equivalent should loop until both return zero. It
4232 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4233 */
4234int http_sync_res_state(struct session *s)
4235{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004236 struct channel *chn = s->rep;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004237 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004238 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004239 unsigned int old_state = txn->rsp.msg_state;
4240
4241 http_silent_debug(__LINE__, s);
4242 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4243 return 0;
4244
4245 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4246 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004247 * still monitor the server connection for a possible close
4248 * while the request is being uploaded, so we don't disable
4249 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004250 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004251 /* channel_dont_read(chn); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004252
4253 if (txn->req.msg_state == HTTP_MSG_ERROR)
4254 goto wait_other_side;
4255
4256 if (txn->req.msg_state < HTTP_MSG_DONE) {
4257 /* The client seems to still be sending data, probably
4258 * because we got an error response during an upload.
4259 * We have the choice of either breaking the connection
4260 * or letting it pass through. Let's do the later.
4261 */
4262 goto wait_other_side;
4263 }
4264
4265 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
4266 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004267 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004268 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004269 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004270 goto wait_other_side;
4271 }
4272
4273 /* When we get here, it means that both the request and the
4274 * response have finished receiving. Depending on the connection
4275 * mode, we'll have to wait for the last bytes to leave in either
4276 * direction, and sometimes for a close to be effective.
4277 */
4278
4279 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4280 /* Server-close mode : shut read and wait for the request
4281 * side to close its output buffer. The caller will detect
4282 * when we're in DONE and the other is in CLOSED and will
4283 * catch that for the final cleanup.
4284 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004285 if (!(chn->flags & (CF_SHUTR|CF_SHUTR_NOW)))
4286 channel_shutr_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004287 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004288 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4289 /* Option forceclose is set, or either side wants to close,
4290 * let's enforce it now that we're not expecting any new
4291 * data to come. The caller knows the session is complete
4292 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004293 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004294 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4295 channel_shutr_now(chn);
4296 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004297 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004298 }
4299 else {
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004300 /* The last possible modes are keep-alive and tunnel. Since tunnel
4301 * mode does not set the body analyser, we can't reach this place
4302 * in tunnel mode, so we're left with keep-alive only.
4303 * This mode is currently not implemented, we switch to tunnel mode.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004304 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004305 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004306 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004307 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004308 }
4309
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004310 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004311 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004312 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004313 txn->rsp.msg_state = HTTP_MSG_CLOSING;
4314 goto http_msg_closing;
4315 }
4316 else {
4317 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4318 goto http_msg_closed;
4319 }
4320 }
4321 goto wait_other_side;
4322 }
4323
4324 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
4325 http_msg_closing:
4326 /* nothing else to forward, just waiting for the output buffer
4327 * to be empty and for the shutw_now to take effect.
4328 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004329 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004330 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4331 goto http_msg_closed;
4332 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004333 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004334 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004335 s->be->be_counters.cli_aborts++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004336 if (target_srv(&s->target))
4337 target_srv(&s->target)->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004338 goto wait_other_side;
4339 }
4340 }
4341
4342 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
4343 http_msg_closed:
4344 /* drop any pending data */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004345 bi_erase(chn);
4346 channel_auto_close(chn);
4347 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004348 goto wait_other_side;
4349 }
4350
4351 wait_other_side:
4352 http_silent_debug(__LINE__, s);
Willy Tarreaufc47f912012-10-20 10:38:09 +02004353 /* We force the response to leave immediately if we're waiting for the
4354 * other side, since there is no pending shutdown to push it out.
4355 */
4356 if (!channel_is_empty(chn))
4357 chn->flags |= CF_SEND_DONTWAIT;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004358 return txn->rsp.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004359}
4360
4361
4362/* Resync the request and response state machines. Return 1 if either state
4363 * changes.
4364 */
4365int http_resync_states(struct session *s)
4366{
4367 struct http_txn *txn = &s->txn;
4368 int old_req_state = txn->req.msg_state;
4369 int old_res_state = txn->rsp.msg_state;
4370
4371 http_silent_debug(__LINE__, s);
4372 http_sync_req_state(s);
4373 while (1) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004374 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004375 if (!http_sync_res_state(s))
4376 break;
Willy Tarreau90deb182010-01-07 00:20:41 +01004377 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004378 if (!http_sync_req_state(s))
4379 break;
4380 }
4381 http_silent_debug(__LINE__, s);
4382 /* OK, both state machines agree on a compatible state.
4383 * There are a few cases we're interested in :
4384 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
4385 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
4386 * directions, so let's simply disable both analysers.
4387 * - HTTP_MSG_CLOSED on the response only means we must abort the
4388 * request.
4389 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
4390 * with server-close mode means we've completed one request and we
4391 * must re-initialize the server connection.
4392 */
4393
4394 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
4395 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
4396 (txn->req.msg_state == HTTP_MSG_CLOSED &&
4397 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
4398 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004399 channel_auto_close(s->req);
4400 channel_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004401 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004402 channel_auto_close(s->rep);
4403 channel_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004404 }
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004405 else if (txn->rsp.msg_state == HTTP_MSG_CLOSED ||
4406 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau4fe41902010-06-07 22:27:41 +02004407 txn->req.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004408 (s->rep->flags & CF_SHUTW)) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004409 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004410 channel_auto_close(s->rep);
4411 channel_auto_read(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01004412 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004413 channel_abort(s->req);
4414 channel_auto_close(s->req);
4415 channel_auto_read(s->req);
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004416 bi_erase(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004417 }
4418 else if (txn->req.msg_state == HTTP_MSG_CLOSED &&
4419 txn->rsp.msg_state == HTTP_MSG_DONE &&
4420 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)) {
4421 /* server-close: terminate this server connection and
4422 * reinitialize a fresh-new transaction.
4423 */
4424 http_end_txn_clean_session(s);
4425 }
4426
4427 http_silent_debug(__LINE__, s);
4428 return txn->req.msg_state != old_req_state ||
4429 txn->rsp.msg_state != old_res_state;
4430}
4431
Willy Tarreaud98cf932009-12-27 22:54:55 +01004432/* This function is an analyser which forwards request body (including chunk
4433 * sizes if any). It is called as soon as we must forward, even if we forward
4434 * zero byte. The only situation where it must not be called is when we're in
4435 * tunnel mode and we want to forward till the close. It's used both to forward
4436 * remaining data and to resync after end of body. It expects the msg_state to
4437 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4438 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01004439 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02004440 * bytes of pending data + the headers if not already done (between sol and sov).
4441 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004442 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004443int http_request_forward_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004444{
4445 struct http_txn *txn = &s->txn;
4446 struct http_msg *msg = &s->txn.req;
4447
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004448 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4449 return 0;
4450
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004451 if ((req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004452 ((req->flags & CF_SHUTW) && (req->to_forward || req->buf->o))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02004453 /* Output closed while we were sending data. We must abort and
4454 * wake the other side up.
4455 */
4456 msg->msg_state = HTTP_MSG_ERROR;
4457 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004458 return 1;
4459 }
4460
Willy Tarreau4fe41902010-06-07 22:27:41 +02004461 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004462 channel_auto_close(req);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004463
4464 /* Note that we don't have to send 100-continue back because we don't
4465 * need the data to complete our job, and it's up to the server to
4466 * decide whether to return 100, 417 or anything else in return of
4467 * an "Expect: 100-continue" header.
4468 */
4469
4470 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004471 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02004472 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02004473 * is still null. We must save the body in msg->next because it
4474 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004475 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004476 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004477
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004478 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004479 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02004480 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01004481 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004482 }
4483
Willy Tarreaud98cf932009-12-27 22:54:55 +01004484 while (1) {
Willy Tarreauea953162012-05-18 23:41:28 +02004485 unsigned int bytes;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004486
Willy Tarreau610ecce2010-01-04 21:15:02 +01004487 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02004488 /* we may have some data pending between sol and sov */
Willy Tarreau26927362012-05-18 23:22:52 +02004489 bytes = msg->sov - msg->sol;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004490 if (msg->chunk_len || bytes) {
Willy Tarreau26927362012-05-18 23:22:52 +02004491 msg->sol = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004492 msg->next -= bytes; /* will be forwarded */
Willy Tarreauea953162012-05-18 23:41:28 +02004493 msg->chunk_len += bytes;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004494 msg->chunk_len -= channel_forward(req, msg->chunk_len);
Willy Tarreau638cd022010-01-03 07:42:04 +01004495 }
Willy Tarreau5523b322009-12-29 12:05:52 +01004496
Willy Tarreaucaabe412010-01-03 23:08:28 +01004497 if (msg->msg_state == HTTP_MSG_DATA) {
4498 /* must still forward */
4499 if (req->to_forward)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004500 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004501
4502 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004503 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004504 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004505 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01004506 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004507 }
4508 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004509 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004510 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004511 * TRAILERS state.
4512 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004513 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004514
Willy Tarreau54d23df2012-10-25 19:04:45 +02004515 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004516 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004517 else if (ret < 0) {
4518 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004519 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004520 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004521 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004522 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004523 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004524 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02004525 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004526 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02004527 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004528
4529 if (ret == 0)
4530 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004531 else if (ret < 0) {
4532 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004533 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004534 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004535 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004536 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004537 /* we're in MSG_CHUNK_SIZE now */
4538 }
4539 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004540 int ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004541
4542 if (ret == 0)
4543 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004544 else if (ret < 0) {
4545 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004546 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004547 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004548 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004549 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004550 /* we're in HTTP_MSG_DONE now */
4551 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004552 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004553 int old_state = msg->msg_state;
4554
Willy Tarreau610ecce2010-01-04 21:15:02 +01004555 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02004556 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004557 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
4558 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004559 channel_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004560 if (http_resync_states(s)) {
4561 /* some state changes occurred, maybe the analyser
4562 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01004563 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004564 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004565 if (req->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004566 /* request errors are most likely due to
4567 * the server aborting the transfer.
4568 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004569 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004570 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004571 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004572 http_capture_bad_message(&s->fe->invalid_req, s, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004573 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004574 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004575 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004576 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02004577
4578 /* If "option abortonclose" is set on the backend, we
4579 * want to monitor the client's connection and forward
4580 * any shutdown notification to the server, which will
4581 * decide whether to close or to go on processing the
4582 * request.
4583 */
4584 if (s->be->options & PR_O_ABRT_CLOSE) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004585 channel_auto_read(req);
4586 channel_auto_close(req);
Willy Tarreau5c54c712010-07-17 08:02:58 +02004587 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004588 else if (s->txn.meth == HTTP_METH_POST) {
4589 /* POST requests may require to read extra CRLF
4590 * sent by broken browsers and which could cause
4591 * an RST to be sent upon close on some systems
4592 * (eg: Linux).
4593 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004594 channel_auto_read(req);
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004595 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02004596
Willy Tarreau610ecce2010-01-04 21:15:02 +01004597 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004598 }
4599 }
4600
Willy Tarreaud98cf932009-12-27 22:54:55 +01004601 missing_data:
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004602 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004603 if (req->flags & CF_SHUTR) {
Willy Tarreau79ebac62010-06-07 13:47:49 +02004604 if (!(s->flags & SN_ERR_MASK))
4605 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004606 if (!(s->flags & SN_FINST_MASK)) {
4607 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4608 s->flags |= SN_FINST_H;
4609 else
4610 s->flags |= SN_FINST_D;
4611 }
4612
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004613 s->fe->fe_counters.cli_aborts++;
4614 s->be->be_counters.cli_aborts++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004615 if (target_srv(&s->target))
4616 target_srv(&s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004617
4618 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02004619 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004620
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004621 /* waiting for the last bits to leave the buffer */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004622 if (req->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004623 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004624
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004625 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004626 * chunks even if the client has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004627 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004628 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004629 channel_dont_close(req);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004630
Willy Tarreau5c620922011-05-11 19:56:11 +02004631 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004632 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02004633 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01004634 * modes are already handled by the stream sock layer. We must not do
4635 * this in content-length mode because it could present the MSG_MORE
4636 * flag with the last block of forwarded data, which would cause an
4637 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02004638 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004639 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004640 req->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02004641
Willy Tarreau610ecce2010-01-04 21:15:02 +01004642 http_silent_debug(__LINE__, s);
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004643 return 0;
4644
Willy Tarreaud98cf932009-12-27 22:54:55 +01004645 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004646 s->fe->fe_counters.failed_req++;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004647 if (s->listener->counters)
4648 s->listener->counters->failed_req++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004649 return_bad_req_stats_ok:
4650 txn->req.msg_state = HTTP_MSG_ERROR;
4651 if (txn->status) {
4652 /* Note: we don't send any error if some data were already sent */
4653 stream_int_retnclose(req->prod, NULL);
4654 } else {
4655 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004656 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004657 }
4658 req->analysers = 0;
4659 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004660
4661 if (!(s->flags & SN_ERR_MASK))
4662 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004663 if (!(s->flags & SN_FINST_MASK)) {
4664 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4665 s->flags |= SN_FINST_H;
4666 else
4667 s->flags |= SN_FINST_D;
4668 }
4669 return 0;
4670
4671 aborted_xfer:
4672 txn->req.msg_state = HTTP_MSG_ERROR;
4673 if (txn->status) {
4674 /* Note: we don't send any error if some data were already sent */
4675 stream_int_retnclose(req->prod, NULL);
4676 } else {
4677 txn->status = 502;
Willy Tarreau783f2582012-09-04 12:19:04 +02004678 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_502));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004679 }
4680 req->analysers = 0;
4681 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
4682
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004683 s->fe->fe_counters.srv_aborts++;
4684 s->be->be_counters.srv_aborts++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004685 if (target_srv(&s->target))
4686 target_srv(&s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004687
4688 if (!(s->flags & SN_ERR_MASK))
4689 s->flags |= SN_ERR_SRVCL;
4690 if (!(s->flags & SN_FINST_MASK)) {
4691 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4692 s->flags |= SN_FINST_H;
4693 else
4694 s->flags |= SN_FINST_D;
4695 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004696 return 0;
4697}
4698
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004699/* This stream analyser waits for a complete HTTP response. It returns 1 if the
4700 * processing can continue on next analysers, or zero if it either needs more
4701 * data or wants to immediately abort the response (eg: timeout, error, ...). It
4702 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
4703 * when it has nothing left to do, and may remove any analyser when it wants to
4704 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004705 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004706int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004707{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004708 struct http_txn *txn = &s->txn;
4709 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004710 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004711 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004712 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004713 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004714
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01004715 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02004716 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004717 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02004718 rep,
4719 rep->rex, rep->wex,
4720 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02004721 rep->buf->i,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02004722 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02004723
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004724 /*
4725 * Now parse the partial (or complete) lines.
4726 * We will check the response syntax, and also join multi-line
4727 * headers. An index of all the lines will be elaborated while
4728 * parsing.
4729 *
4730 * For the parsing, we use a 28 states FSM.
4731 *
4732 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02004733 * rep->buf->p = beginning of response
4734 * rep->buf->p + msg->eoh = end of processed headers / start of current one
4735 * rep->buf->p + rep->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02004736 * msg->eol = end of current header or line (LF or CRLF)
4737 * msg->next = first non-visited byte
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004738 */
4739
Willy Tarreau83e3af02009-12-28 17:39:57 +01004740 /* There's a protected area at the end of the buffer for rewriting
4741 * purposes. We don't want to start to parse the request if the
4742 * protected area is affected, because we may have to move processed
4743 * data later, which is much more complicated.
4744 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004745 if (buffer_not_empty(rep->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02004746 if (unlikely(channel_full(rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004747 bi_end(rep->buf) < b_ptr(rep->buf, msg->next) ||
4748 bi_end(rep->buf) > rep->buf->data + rep->buf->size - global.tune.maxrewrite)) {
4749 if (rep->buf->o) {
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01004750 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004751 if (rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01004752 goto abort_response;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004753 channel_dont_close(rep);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004754 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01004755 return 0;
4756 }
Willy Tarreau9b28e032012-10-12 23:49:43 +02004757 if (rep->buf->i <= rep->buf->size - global.tune.maxrewrite)
4758 buffer_slow_realign(msg->chn->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01004759 }
4760
Willy Tarreau9b28e032012-10-12 23:49:43 +02004761 if (likely(msg->next < rep->buf->i))
Willy Tarreaua560c212012-03-09 13:50:57 +01004762 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01004763 }
4764
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004765 /* 1: we might have to print this header in debug mode */
4766 if (unlikely((global.mode & MODE_DEBUG) &&
4767 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01004768 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004769 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004770
Willy Tarreau9b28e032012-10-12 23:49:43 +02004771 sol = rep->buf->p;
4772 eol = sol + (msg->sl.st.l ? msg->sl.st.l : rep->buf->i);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004773 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004774
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004775 sol += hdr_idx_first_pos(&txn->hdr_idx);
4776 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004777
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004778 while (cur_idx) {
4779 eol = sol + txn->hdr_idx.v[cur_idx].len;
4780 debug_hdr("srvhdr", s, sol, eol);
4781 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
4782 cur_idx = txn->hdr_idx.v[cur_idx].next;
4783 }
4784 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004785
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004786 /*
4787 * Now we quickly check if we have found a full valid response.
4788 * If not so, we check the FD and buffer states before leaving.
4789 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01004790 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004791 * responses are checked first.
4792 *
4793 * Depending on whether the client is still there or not, we
4794 * may send an error response back or not. Note that normally
4795 * we should only check for HTTP status there, and check I/O
4796 * errors somewhere else.
4797 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004798
Willy Tarreau655dce92009-11-08 13:10:58 +01004799 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004800 /* Invalid response */
4801 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
4802 /* we detected a parsing error. We want to archive this response
4803 * in the dedicated proxy area for later troubleshooting.
4804 */
4805 hdr_response_bad:
4806 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004807 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004808
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004809 s->be->be_counters.failed_resp++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004810 if (target_srv(&s->target)) {
4811 target_srv(&s->target)->counters.failed_resp++;
4812 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_HDRRSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004813 }
Willy Tarreau64648412010-03-05 10:41:54 +01004814 abort_response:
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004815 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004816 rep->analysers = 0;
4817 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004818 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004819 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02004820 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004821
4822 if (!(s->flags & SN_ERR_MASK))
4823 s->flags |= SN_ERR_PRXCOND;
4824 if (!(s->flags & SN_FINST_MASK))
4825 s->flags |= SN_FINST_H;
4826
4827 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004828 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004829
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004830 /* too large response does not fit in buffer. */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004831 else if (buffer_full(rep->buf, global.tune.maxrewrite)) {
Willy Tarreaufec4d892011-09-02 20:04:57 +02004832 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02004833 msg->err_pos = rep->buf->i;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004834 goto hdr_response_bad;
4835 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004836
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004837 /* read error */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004838 else if (rep->flags & CF_READ_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004839 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004840 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02004841
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004842 s->be->be_counters.failed_resp++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004843 if (target_srv(&s->target)) {
4844 target_srv(&s->target)->counters.failed_resp++;
4845 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_READ_ERROR);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004846 }
Willy Tarreau461f6622008-08-15 23:43:19 +02004847
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004848 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004849 rep->analysers = 0;
4850 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004851 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004852 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02004853 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02004854
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004855 if (!(s->flags & SN_ERR_MASK))
4856 s->flags |= SN_ERR_SRVCL;
4857 if (!(s->flags & SN_FINST_MASK))
4858 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02004859 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004860 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004861
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004862 /* read timeout : return a 504 to the client. */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004863 else if (rep->flags & CF_READ_TIMEOUT) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004864 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004865 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01004866
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004867 s->be->be_counters.failed_resp++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004868 if (target_srv(&s->target)) {
4869 target_srv(&s->target)->counters.failed_resp++;
4870 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_READ_TIMEOUT);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004871 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004872
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004873 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004874 rep->analysers = 0;
4875 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004876 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004877 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02004878 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02004879
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004880 if (!(s->flags & SN_ERR_MASK))
4881 s->flags |= SN_ERR_SRVTO;
4882 if (!(s->flags & SN_FINST_MASK))
4883 s->flags |= SN_FINST_H;
4884 return 0;
4885 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02004886
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02004887 /* close from server, capture the response if the server has started to respond */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004888 else if (rep->flags & CF_SHUTR) {
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02004889 if (msg->msg_state >= HTTP_MSG_RPVER || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004890 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01004891
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004892 s->be->be_counters.failed_resp++;
Willy Tarreau827aee92011-03-10 16:55:02 +01004893 if (target_srv(&s->target)) {
4894 target_srv(&s->target)->counters.failed_resp++;
4895 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_BROKEN_PIPE);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004896 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004897
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004898 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004899 rep->analysers = 0;
4900 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004901 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004902 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02004903 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01004904
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004905 if (!(s->flags & SN_ERR_MASK))
4906 s->flags |= SN_ERR_SRVCL;
4907 if (!(s->flags & SN_FINST_MASK))
4908 s->flags |= SN_FINST_H;
4909 return 0;
4910 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004911
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004912 /* write error to client (we don't send any message then) */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004913 else if (rep->flags & CF_WRITE_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004914 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004915 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004916
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004917 s->be->be_counters.failed_resp++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004918 rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004919 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004920
4921 if (!(s->flags & SN_ERR_MASK))
4922 s->flags |= SN_ERR_CLICL;
4923 if (!(s->flags & SN_FINST_MASK))
4924 s->flags |= SN_FINST_H;
4925
4926 /* process_session() will take care of the error */
4927 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004928 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004929
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004930 channel_dont_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004931 return 0;
4932 }
4933
4934 /* More interesting part now : we know that we have a complete
4935 * response which at least looks like HTTP. We have an indicator
4936 * of each header's length, so we can parse them quickly.
4937 */
4938
4939 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004940 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004941
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004942 /*
4943 * 1: get the status code
4944 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004945 n = rep->buf->p[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004946 if (n < 1 || n > 5)
4947 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004948 /* when the client triggers a 4xx from the server, it's most often due
4949 * to a missing object or permission. These events should be tracked
4950 * because if they happen often, it may indicate a brute force or a
4951 * vulnerability scan.
4952 */
4953 if (n == 4)
4954 session_inc_http_err_ctr(s);
4955
Willy Tarreau827aee92011-03-10 16:55:02 +01004956 if (target_srv(&s->target))
4957 target_srv(&s->target)->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004958
Willy Tarreau5b154472009-12-21 20:11:07 +01004959 /* check if the response is HTTP/1.1 or above */
4960 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02004961 ((rep->buf->p[5] > '1') ||
4962 ((rep->buf->p[5] == '1') && (rep->buf->p[7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004963 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01004964
4965 /* "connection" has not been parsed yet */
Willy Tarreau60466522010-01-18 19:08:45 +01004966 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01004967
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004968 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004969 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004970
Willy Tarreau9b28e032012-10-12 23:49:43 +02004971 txn->status = strl2ui(rep->buf->p + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004972
Willy Tarreau39650402010-03-15 19:44:39 +01004973 /* Adjust server's health based on status code. Note: status codes 501
4974 * and 505 are triggered on demand by client request, so we must not
4975 * count them as server failures.
4976 */
Willy Tarreau827aee92011-03-10 16:55:02 +01004977 if (target_srv(&s->target)) {
Willy Tarreaud45b3d52010-05-20 11:49:03 +02004978 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
Willy Tarreau827aee92011-03-10 16:55:02 +01004979 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_OK);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02004980 else
Willy Tarreau827aee92011-03-10 16:55:02 +01004981 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_STS);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02004982 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004983
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004984 /*
4985 * 2: check for cacheability.
4986 */
4987
4988 switch (txn->status) {
4989 case 200:
4990 case 203:
4991 case 206:
4992 case 300:
4993 case 301:
4994 case 410:
4995 /* RFC2616 @13.4:
4996 * "A response received with a status code of
4997 * 200, 203, 206, 300, 301 or 410 MAY be stored
4998 * by a cache (...) unless a cache-control
4999 * directive prohibits caching."
5000 *
5001 * RFC2616 @9.5: POST method :
5002 * "Responses to this method are not cacheable,
5003 * unless the response includes appropriate
5004 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005005 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005006 if (likely(txn->meth != HTTP_METH_POST) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005007 ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005008 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
5009 break;
5010 default:
5011 break;
5012 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005013
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005014 /*
5015 * 3: we may need to capture headers
5016 */
5017 s->logs.logwait &= ~LW_RESP;
Willy Tarreau42f7d892012-03-24 08:28:09 +01005018 if (unlikely((s->logs.logwait & LW_RSPHDR) && txn->rsp.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02005019 capture_headers(rep->buf->p, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005020 txn->rsp.cap, s->fe->rsp_cap);
5021
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005022 /* 4: determine the transfer-length.
5023 * According to RFC2616 #4.4, amended by the HTTPbis working group,
5024 * the presence of a message-body in a RESPONSE and its transfer length
5025 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005026 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005027 * All responses to the HEAD request method MUST NOT include a
5028 * message-body, even though the presence of entity-header fields
5029 * might lead one to believe they do. All 1xx (informational), 204
5030 * (No Content), and 304 (Not Modified) responses MUST NOT include a
5031 * message-body. All other responses do include a message-body,
5032 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005033 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005034 * 1. Any response which "MUST NOT" include a message-body (such as the
5035 * 1xx, 204 and 304 responses and any response to a HEAD request) is
5036 * always terminated by the first empty line after the header fields,
5037 * regardless of the entity-header fields present in the message.
5038 *
5039 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
5040 * the "chunked" transfer-coding (Section 6.2) is used, the
5041 * transfer-length is defined by the use of this transfer-coding.
5042 * If a Transfer-Encoding header field is present and the "chunked"
5043 * transfer-coding is not present, the transfer-length is defined by
5044 * the sender closing the connection.
5045 *
5046 * 3. If a Content-Length header field is present, its decimal value in
5047 * OCTETs represents both the entity-length and the transfer-length.
5048 * If a message is received with both a Transfer-Encoding header
5049 * field and a Content-Length header field, the latter MUST be ignored.
5050 *
5051 * 4. If the message uses the media type "multipart/byteranges", and
5052 * the transfer-length is not otherwise specified, then this self-
5053 * delimiting media type defines the transfer-length. This media
5054 * type MUST NOT be used unless the sender knows that the recipient
5055 * can parse it; the presence in a request of a Range header with
5056 * multiple byte-range specifiers from a 1.1 client implies that the
5057 * client can parse multipart/byteranges responses.
5058 *
5059 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005060 */
5061
5062 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01005063 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005064 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005065 * FIXME: should we parse anyway and return an error on chunked encoding ?
5066 */
5067 if (txn->meth == HTTP_METH_HEAD ||
5068 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005069 txn->status == 204 || txn->status == 304) {
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005070 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005071 goto skip_content_length;
5072 }
5073
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005074 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005075 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005076 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005077 http_find_header2("Transfer-Encoding", 17, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005078 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005079 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
5080 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005081 /* bad transfer-encoding (chunked followed by something else) */
5082 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005083 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005084 break;
5085 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005086 }
5087
5088 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
5089 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005090 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005091 http_find_header2("Content-Length", 14, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005092 signed long long cl;
5093
Willy Tarreauad14f752011-09-02 20:33:27 +02005094 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005095 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005096 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005097 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005098
Willy Tarreauad14f752011-09-02 20:33:27 +02005099 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005100 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005101 goto hdr_response_bad; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02005102 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005103
Willy Tarreauad14f752011-09-02 20:33:27 +02005104 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005105 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005106 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005107 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005108
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005109 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005110 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005111 goto hdr_response_bad; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02005112 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005113
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005114 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005115 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005116 }
5117
William Lallemand82fe75c2012-10-23 10:25:10 +02005118 if (s->fe->comp || s->be->comp)
5119 select_compression_response_header(s, rep->buf);
5120
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005121 /* FIXME: we should also implement the multipart/byterange method.
5122 * For now on, we resort to close mode in this case (unknown length).
5123 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005124skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005125
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005126 /* end of job, return OK */
5127 rep->analysers &= ~an_bit;
5128 rep->analyse_exp = TICK_ETERNITY;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005129 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005130 return 1;
5131}
5132
5133/* This function performs all the processing enabled for the current response.
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005134 * It normally returns 1 unless it wants to break. It relies on buffers flags,
5135 * and updates t->rep->analysers. It might make sense to explode it into several
5136 * other functions. It works like process_request (see indications above).
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005137 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005138int http_process_res_common(struct session *t, struct channel *rep, int an_bit, struct proxy *px)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005139{
5140 struct http_txn *txn = &t->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005141 struct http_msg *msg = &txn->rsp;
5142 struct proxy *cur_proxy;
Willy Tarreauf4f04122010-01-28 18:10:50 +01005143 struct cond_wordlist *wl;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005144
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005145 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005146 now_ms, __FUNCTION__,
5147 t,
5148 rep,
5149 rep->rex, rep->wex,
5150 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005151 rep->buf->i,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005152 rep->analysers);
5153
Willy Tarreau655dce92009-11-08 13:10:58 +01005154 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005155 return 0;
5156
5157 rep->analysers &= ~an_bit;
5158 rep->analyse_exp = TICK_ETERNITY;
5159
Willy Tarreau5b154472009-12-21 20:11:07 +01005160 /* Now we have to check if we need to modify the Connection header.
5161 * This is more difficult on the response than it is on the request,
5162 * because we can have two different HTTP versions and we don't know
5163 * how the client will interprete a response. For instance, let's say
5164 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5165 * HTTP/1.1 response without any header. Maybe it will bound itself to
5166 * HTTP/1.0 because it only knows about it, and will consider the lack
5167 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5168 * the lack of header as a keep-alive. Thus we will use two flags
5169 * indicating how a request MAY be understood by the client. In case
5170 * of multiple possibilities, we'll fix the header to be explicit. If
5171 * ambiguous cases such as both close and keepalive are seen, then we
5172 * will fall back to explicit close. Note that we won't take risks with
5173 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005174 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005175 */
5176
Willy Tarreaudc008c52010-02-01 16:20:08 +01005177 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5178 txn->status == 101)) {
5179 /* Either we've established an explicit tunnel, or we're
5180 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005181 * to understand the next protocols. We have to switch to tunnel
5182 * mode, so that we transfer the request and responses then let
5183 * this protocol pass unmodified. When we later implement specific
5184 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005185 * header which contains information about that protocol for
5186 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005187 */
5188 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5189 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005190 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5191 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
5192 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005193 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005194
Willy Tarreau60466522010-01-18 19:08:45 +01005195 /* on unknown transfer length, we must close */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005196 if (!(msg->flags & HTTP_MSGF_XFER_LEN) &&
Willy Tarreau60466522010-01-18 19:08:45 +01005197 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5198 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005199
Willy Tarreau60466522010-01-18 19:08:45 +01005200 /* now adjust header transformations depending on current state */
5201 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5202 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5203 to_del |= 2; /* remove "keep-alive" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005204 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005205 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005206 }
Willy Tarreau60466522010-01-18 19:08:45 +01005207 else { /* SCL / KAL */
5208 to_del |= 1; /* remove "close" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005209 if (txn->req.flags & msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005210 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005211 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005212
Willy Tarreau60466522010-01-18 19:08:45 +01005213 /* Parse and remove some headers from the connection header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005214 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005215
Willy Tarreau60466522010-01-18 19:08:45 +01005216 /* Some keep-alive responses are converted to Server-close if
5217 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01005218 */
Willy Tarreau60466522010-01-18 19:08:45 +01005219 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
5220 if ((txn->flags & TX_HDR_CONN_CLO) ||
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005221 (!(txn->flags & TX_HDR_CONN_KAL) && !(msg->flags & HTTP_MSGF_VER_11)))
Willy Tarreau60466522010-01-18 19:08:45 +01005222 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005223 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005224 }
5225
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005226 if (1) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005227 /*
5228 * 3: we will have to evaluate the filters.
5229 * As opposed to version 1.2, now they will be evaluated in the
5230 * filters order and not in the header order. This means that
5231 * each filter has to be validated among all headers.
5232 *
5233 * Filters are tried with ->be first, then with ->fe if it is
5234 * different from ->be.
5235 */
5236
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005237 cur_proxy = t->be;
5238 while (1) {
5239 struct proxy *rule_set = cur_proxy;
5240
5241 /* try headers filters */
5242 if (rule_set->rsp_exp != NULL) {
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005243 if (apply_filters_to_response(t, rep, rule_set) < 0) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005244 return_bad_resp:
Willy Tarreau827aee92011-03-10 16:55:02 +01005245 if (target_srv(&t->target)) {
5246 target_srv(&t->target)->counters.failed_resp++;
5247 health_adjust(target_srv(&t->target), HANA_STATUS_HTTP_RSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005248 }
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005249 t->be->be_counters.failed_resp++;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005250 return_srv_prx_502:
Willy Tarreau2df28e82008-08-17 15:20:19 +02005251 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005252 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005253 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005254 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005255 stream_int_retnclose(rep->cons, http_error_message(t, HTTP_ERR_502));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005256 if (!(t->flags & SN_ERR_MASK))
5257 t->flags |= SN_ERR_PRXCOND;
5258 if (!(t->flags & SN_FINST_MASK))
5259 t->flags |= SN_FINST_H;
Willy Tarreaudafde432008-08-17 01:00:46 +02005260 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005261 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005262 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005263
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005264 /* has the response been denied ? */
5265 if (txn->flags & TX_SVDENY) {
Willy Tarreau827aee92011-03-10 16:55:02 +01005266 if (target_srv(&t->target))
5267 target_srv(&t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005268
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005269 t->be->be_counters.denied_resp++;
5270 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005271 if (t->listener->counters)
5272 t->listener->counters->denied_resp++;
5273
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005274 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01005275 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005276
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005277 /* add response headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01005278 list_for_each_entry(wl, &rule_set->rsp_add, list) {
Willy Tarreau816b9792009-09-15 21:25:21 +02005279 if (txn->status < 200)
5280 break;
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005281 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02005282 int ret = acl_exec_cond(wl->cond, px, t, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005283 ret = acl_pass(ret);
5284 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
5285 ret = !ret;
5286 if (!ret)
5287 continue;
5288 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005289 if (unlikely(http_header_add_tail(&txn->rsp, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005290 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02005291 }
5292
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005293 /* check whether we're already working on the frontend */
5294 if (cur_proxy == t->fe)
5295 break;
5296 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005297 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005298
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005299 /*
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005300 * We may be facing a 100-continue response, in which case this
5301 * is not the right response, and we're waiting for the next one.
5302 * Let's allow this response to go to the client and wait for the
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005303 * next one.
5304 */
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005305 if (unlikely(txn->status == 100)) {
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005306 hdr_idx_init(&txn->hdr_idx);
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005307 msg->next -= channel_forward(rep, msg->next);
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005308 msg->msg_state = HTTP_MSG_RPBEFORE;
5309 txn->status = 0;
5310 rep->analysers |= AN_RES_WAIT_HTTP | an_bit;
5311 return 1;
5312 }
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005313 else if (unlikely(txn->status < 200))
5314 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005315
5316 /* we don't have any 1xx status code now */
5317
5318 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005319 * 4: check for server cookie.
5320 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005321 if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name ||
5322 (t->be->options & PR_O_CHK_CACHE))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005323 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005324
Willy Tarreaubaaee002006-06-26 02:48:02 +02005325
Willy Tarreaua15645d2007-03-18 16:22:39 +01005326 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005327 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005328 */
Willy Tarreau67402132012-05-31 20:40:20 +02005329 if ((t->be->options & PR_O_CHK_CACHE) || (t->be->ck_opts & PR_CK_NOC))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005330 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005331
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005332 /*
5333 * 6: add server cookie in the response if needed
5334 */
Willy Tarreau67402132012-05-31 20:40:20 +02005335 if (target_srv(&t->target) && (t->be->ck_opts & PR_CK_INS) &&
5336 !((txn->flags & TX_SCK_FOUND) && (t->be->ck_opts & PR_CK_PSV)) &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02005337 (!(t->flags & SN_DIRECT) ||
5338 ((t->be->cookie_maxidle || txn->cookie_last_date) &&
5339 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
5340 (t->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
5341 (!t->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
Willy Tarreau67402132012-05-31 20:40:20 +02005342 (!(t->be->ck_opts & PR_CK_POST) || (txn->meth == HTTP_METH_POST)) &&
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02005343 !(t->flags & SN_IGNORE_PRST)) {
Willy Tarreauef4f3912010-10-07 21:00:29 +02005344 /* the server is known, it's not the one the client requested, or the
5345 * cookie's last seen date needs to be refreshed. We have to
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005346 * insert a set-cookie here, except if we want to insert only on POST
5347 * requests and this one isn't. Note that servers which don't have cookies
5348 * (eg: some backup servers) will return a full cookie removal request.
5349 */
Willy Tarreau827aee92011-03-10 16:55:02 +01005350 if (!target_srv(&t->target)->cookie) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005351 chunk_printf(&trash,
Willy Tarreauef4f3912010-10-07 21:00:29 +02005352 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
5353 t->be->cookie_name);
5354 }
5355 else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005356 chunk_printf(&trash, "Set-Cookie: %s=%s", t->be->cookie_name, target_srv(&t->target)->cookie);
Willy Tarreauef4f3912010-10-07 21:00:29 +02005357
5358 if (t->be->cookie_maxidle || t->be->cookie_maxlife) {
5359 /* emit last_date, which is mandatory */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005360 trash.str[trash.len++] = COOKIE_DELIM_DATE;
5361 s30tob64((date.tv_sec+3) >> 2, trash.str + trash.len);
5362 trash.len += 5;
5363
Willy Tarreauef4f3912010-10-07 21:00:29 +02005364 if (t->be->cookie_maxlife) {
5365 /* emit first_date, which is either the original one or
5366 * the current date.
5367 */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005368 trash.str[trash.len++] = COOKIE_DELIM_DATE;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005369 s30tob64(txn->cookie_first_date ?
5370 txn->cookie_first_date >> 2 :
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005371 (date.tv_sec+3) >> 2, trash.str + trash.len);
5372 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005373 }
5374 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005375 chunk_appendf(&trash, "; path=/");
Willy Tarreauef4f3912010-10-07 21:00:29 +02005376 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005377
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005378 if (t->be->cookie_domain)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005379 chunk_appendf(&trash, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005380
Willy Tarreau4992dd22012-05-31 21:02:17 +02005381 if (t->be->ck_opts & PR_CK_HTTPONLY)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005382 chunk_appendf(&trash, "; HttpOnly");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005383
5384 if (t->be->ck_opts & PR_CK_SECURE)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005385 chunk_appendf(&trash, "; Secure");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005386
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005387 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005388 goto return_bad_resp;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005389
Willy Tarreauf1348312010-10-07 15:54:11 +02005390 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau827aee92011-03-10 16:55:02 +01005391 if (target_srv(&t->target)->cookie && (t->flags & SN_DIRECT))
Willy Tarreauef4f3912010-10-07 21:00:29 +02005392 /* the server did not change, only the date was updated */
5393 txn->flags |= TX_SCK_UPDATED;
5394 else
5395 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005396
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005397 /* Here, we will tell an eventual cache on the client side that we don't
5398 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
5399 * Some caches understand the correct form: 'no-cache="set-cookie"', but
5400 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
5401 */
Willy Tarreau67402132012-05-31 20:40:20 +02005402 if ((t->be->ck_opts & PR_CK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02005403
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005404 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5405
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005406 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01005407 "Cache-control: private", 22) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005408 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005409 }
5410 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005411
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005412 /*
5413 * 7: check if result will be cacheable with a cookie.
5414 * We'll block the response if security checks have caught
5415 * nasty things such as a cacheable cookie.
5416 */
Willy Tarreauf1348312010-10-07 15:54:11 +02005417 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
5418 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005419 (t->be->options & PR_O_CHK_CACHE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005420
5421 /* we're in presence of a cacheable response containing
5422 * a set-cookie header. We'll block it as requested by
5423 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005424 */
Willy Tarreau827aee92011-03-10 16:55:02 +01005425 if (target_srv(&t->target))
5426 target_srv(&t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005427
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005428 t->be->be_counters.denied_resp++;
5429 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005430 if (t->listener->counters)
5431 t->listener->counters->denied_resp++;
5432
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005433 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau827aee92011-03-10 16:55:02 +01005434 t->be->id, target_srv(&t->target) ? target_srv(&t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005435 send_log(t->be, LOG_ALERT,
5436 "Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau827aee92011-03-10 16:55:02 +01005437 t->be->id, target_srv(&t->target) ? target_srv(&t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005438 goto return_srv_prx_502;
5439 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005440
5441 /*
Willy Tarreau60466522010-01-18 19:08:45 +01005442 * 8: adjust "Connection: close" or "Connection: keep-alive" if needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005443 */
Willy Tarreau60466522010-01-18 19:08:45 +01005444 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
5445 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE)) {
5446 unsigned int want_flags = 0;
5447
5448 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5449 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
5450 /* we want a keep-alive response here. Keep-alive header
5451 * required if either side is not 1.1.
5452 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005453 if (!(txn->req.flags & msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005454 want_flags |= TX_CON_KAL_SET;
5455 }
5456 else {
5457 /* we want a close response here. Close header required if
5458 * the server is 1.1, regardless of the client.
5459 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005460 if (msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005461 want_flags |= TX_CON_CLO_SET;
5462 }
5463
5464 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005465 http_change_connection_header(txn, msg, want_flags);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005466 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005467
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005468 skip_header_mangling:
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005469 if ((msg->flags & HTTP_MSGF_XFER_LEN) ||
Willy Tarreaudc008c52010-02-01 16:20:08 +01005470 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005471 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01005472
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005473 /*************************************************************
5474 * OK, that's finished for the headers. We have done what we *
5475 * could. Let's switch to the DATA state. *
5476 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02005477
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005478 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005479
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005480 /* if the user wants to log as soon as possible, without counting
5481 * bytes from the server, then this is the right moment. We have
5482 * to temporarily assign bytes_out to log what we currently have.
5483 */
5484 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
5485 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
5486 t->logs.bytes_out = txn->rsp.eoh;
Willy Tarreaua5555ec2008-11-30 19:02:32 +01005487 t->do_log(t);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005488 t->logs.bytes_out = 0;
5489 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005490
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005491 /* Note: we must not try to cheat by jumping directly to DATA,
5492 * otherwise we would not let the client side wake up.
5493 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005494
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005495 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005496 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005497 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005498}
Willy Tarreaua15645d2007-03-18 16:22:39 +01005499
Willy Tarreaud98cf932009-12-27 22:54:55 +01005500/* This function is an analyser which forwards response body (including chunk
5501 * sizes if any). It is called as soon as we must forward, even if we forward
5502 * zero byte. The only situation where it must not be called is when we're in
5503 * tunnel mode and we want to forward till the close. It's used both to forward
5504 * remaining data and to resync after end of body. It expects the msg_state to
5505 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
5506 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01005507 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02005508 * bytes of pending data + the headers if not already done (between sol and sov).
5509 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005510 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005511int http_response_forward_body(struct session *s, struct channel *res, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005512{
5513 struct http_txn *txn = &s->txn;
5514 struct http_msg *msg = &s->txn.rsp;
Willy Tarreauea953162012-05-18 23:41:28 +02005515 unsigned int bytes;
William Lallemand82fe75c2012-10-23 10:25:10 +02005516 static struct buffer *tmpbuf = NULL;
5517 int compressing = 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005518
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005519 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
5520 return 0;
5521
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005522 if ((res->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02005523 ((res->flags & CF_SHUTW) && (res->to_forward || res->buf->o)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01005524 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02005525 /* Output closed while we were sending data. We must abort and
5526 * wake the other side up.
5527 */
5528 msg->msg_state = HTTP_MSG_ERROR;
5529 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01005530 return 1;
5531 }
5532
Willy Tarreau4fe41902010-06-07 22:27:41 +02005533 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005534 channel_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005535
William Lallemand82fe75c2012-10-23 10:25:10 +02005536 /* no data */
5537 if (res->buf->i == 0)
5538 return 0;
5539
5540 /* this is the first time we need the compression buffer */
5541 if (s->comp_algo != NULL && tmpbuf == NULL) {
5542 if ((tmpbuf = pool_alloc2(pool2_buffer)) == NULL)
5543 goto aborted_xfer; /* no memory */
5544 }
5545
Willy Tarreaud98cf932009-12-27 22:54:55 +01005546 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01005547 /* we have msg->sov which points to the first byte of message body.
William Lallemand82fe75c2012-10-23 10:25:10 +02005548 * rep->buf.p still points to the beginning of the message and msg->sol
5549 * is still null. We forward the headers, we don't need them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005550 */
William Lallemand82fe75c2012-10-23 10:25:10 +02005551 channel_forward(res, msg->sov);
5552 msg->next = 0;
5553 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01005554
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005555 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005556 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02005557 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01005558 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005559 }
5560
William Lallemand82fe75c2012-10-23 10:25:10 +02005561 if (s->comp_algo != NULL) {
5562 int ret = http_compression_buffer_init(s, res->buf, tmpbuf); /* init a buffer with headers */
5563 if (ret < 0)
5564 goto missing_data; /* not enough spaces in buffers */
5565 compressing = 1;
5566 }
5567
Willy Tarreaud98cf932009-12-27 22:54:55 +01005568 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005569 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02005570 /* we may have some data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02005571 if (s->comp_algo == NULL) {
5572 bytes = msg->sov - msg->sol;
5573 if (msg->chunk_len || bytes) {
5574 msg->sol = msg->sov;
5575 msg->next -= bytes; /* will be forwarded */
5576 msg->chunk_len += bytes;
5577 msg->chunk_len -= channel_forward(res, msg->chunk_len);
5578 }
Willy Tarreau638cd022010-01-03 07:42:04 +01005579 }
5580
Willy Tarreaucaabe412010-01-03 23:08:28 +01005581 if (msg->msg_state == HTTP_MSG_DATA) {
5582 /* must still forward */
William Lallemand82fe75c2012-10-23 10:25:10 +02005583 if (compressing)
5584 http_compression_buffer_add_data(s, res->buf, tmpbuf);
5585
5586 if (res->to_forward || msg->chunk_len)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005587 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005588
5589 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005590 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005591 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005592 else
5593 msg->msg_state = HTTP_MSG_DONE;
5594 }
5595 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01005596 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01005597 * set ->sov and ->next to point to the body and switch to DATA or
5598 * TRAILERS state.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005599 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005600 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005601
Willy Tarreau54d23df2012-10-25 19:04:45 +02005602 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005603 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005604 else if (ret < 0) {
5605 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005606 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005607 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005608 }
William Lallemand82fe75c2012-10-23 10:25:10 +02005609 /* skipping data if we are in compression mode */
5610 if (compressing && msg->chunk_len > 0) {
5611 b_adv(res->buf, msg->next);
5612 msg->next = 0;
5613 msg->sov = 0;
5614 msg->sol = 0;
5615 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005616 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005617 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02005618 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01005619 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02005620 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005621
Willy Tarreau54d23df2012-10-25 19:04:45 +02005622 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005623 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005624 else if (ret < 0) {
5625 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005626 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_CRLF, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005627 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005628 }
William Lallemand82fe75c2012-10-23 10:25:10 +02005629 /* skipping data in buffer for compression */
5630 if (compressing) {
5631 b_adv(res->buf, msg->next);
5632 msg->next = 0;
5633 msg->sov = 0;
5634 msg->sol = 0;
5635 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005636 /* we're in MSG_CHUNK_SIZE now */
5637 }
5638 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005639 int ret = http_forward_trailers(msg);
Willy Tarreau5523b322009-12-29 12:05:52 +01005640
Willy Tarreaud98cf932009-12-27 22:54:55 +01005641 if (ret == 0)
5642 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005643 else if (ret < 0) {
5644 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005645 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005646 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005647 }
William Lallemand82fe75c2012-10-23 10:25:10 +02005648 if (compressing) {
5649 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
5650 compressing = 0;
5651 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005652 /* we're in HTTP_MSG_DONE now */
5653 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005654 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005655 int old_state = msg->msg_state;
5656
William Lallemand82fe75c2012-10-23 10:25:10 +02005657 if (compressing) {
5658 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
5659 compressing = 0;
5660 }
5661
Willy Tarreau610ecce2010-01-04 21:15:02 +01005662 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02005663 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005664 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5665 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005666 channel_dont_close(res);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005667 if (http_resync_states(s)) {
5668 http_silent_debug(__LINE__, s);
5669 /* some state changes occurred, maybe the analyser
5670 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01005671 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005672 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005673 if (res->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005674 /* response errors are most likely due to
5675 * the client aborting the transfer.
5676 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005677 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005678 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005679 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005680 http_capture_bad_message(&s->be->invalid_rep, s, msg, old_state, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005681 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005682 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005683 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01005684 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005685 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005686 }
5687 }
5688
Willy Tarreaud98cf932009-12-27 22:54:55 +01005689 missing_data:
William Lallemand82fe75c2012-10-23 10:25:10 +02005690 if (compressing) {
5691 http_compression_buffer_end(s, &res->buf, &tmpbuf, 0);
5692 compressing = 0;
5693 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005694 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005695 if (res->flags & CF_SHUTR) {
Willy Tarreau40dba092010-03-04 18:14:51 +01005696 if (!(s->flags & SN_ERR_MASK))
5697 s->flags |= SN_ERR_SRVCL;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005698 s->be->be_counters.srv_aborts++;
Willy Tarreau827aee92011-03-10 16:55:02 +01005699 if (target_srv(&s->target))
5700 target_srv(&s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005701 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01005702 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005703
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005704 if (res->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005705 goto aborted_xfer;
5706
Willy Tarreau40dba092010-03-04 18:14:51 +01005707 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01005708 if (!s->req->analysers)
5709 goto return_bad_res;
5710
Willy Tarreauea953162012-05-18 23:41:28 +02005711 /* forward any data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02005712 if (s->comp_algo == NULL) {
5713 bytes = msg->sov - msg->sol;
5714 if (msg->chunk_len || bytes) {
5715 msg->sol = msg->sov;
5716 msg->next -= bytes; /* will be forwarded */
5717 msg->chunk_len += bytes;
5718 msg->chunk_len -= channel_forward(res, msg->chunk_len);
5719 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005720 }
5721
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005722 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005723 * chunks even if the server has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005724 * Similarly, with keep-alive on the client side, we don't want to forward a
5725 * close.
5726 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02005727 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo ||
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005728 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5729 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005730 channel_dont_close(res);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005731
Willy Tarreau5c620922011-05-11 19:56:11 +02005732 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005733 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02005734 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01005735 * modes are already handled by the stream sock layer. We must not do
5736 * this in content-length mode because it could present the MSG_MORE
5737 * flag with the last block of forwarded data, which would cause an
5738 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02005739 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02005740 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005741 res->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02005742
Willy Tarreaud98cf932009-12-27 22:54:55 +01005743 /* the session handler will take care of timeouts and errors */
Willy Tarreau610ecce2010-01-04 21:15:02 +01005744 http_silent_debug(__LINE__, s);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005745 return 0;
5746
Willy Tarreau40dba092010-03-04 18:14:51 +01005747 return_bad_res: /* let's centralize all bad responses */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005748 s->be->be_counters.failed_resp++;
Willy Tarreau827aee92011-03-10 16:55:02 +01005749 if (target_srv(&s->target))
5750 target_srv(&s->target)->counters.failed_resp++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005751
5752 return_bad_res_stats_ok:
Willy Tarreaud98cf932009-12-27 22:54:55 +01005753 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01005754 /* don't send any error message as we're in the body */
5755 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005756 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005757 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreau827aee92011-03-10 16:55:02 +01005758 if (target_srv(&s->target))
5759 health_adjust(target_srv(&s->target), HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005760
5761 if (!(s->flags & SN_ERR_MASK))
5762 s->flags |= SN_ERR_PRXCOND;
5763 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01005764 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005765 return 0;
5766
5767 aborted_xfer:
5768 txn->rsp.msg_state = HTTP_MSG_ERROR;
5769 /* don't send any error message as we're in the body */
5770 stream_int_retnclose(res->cons, NULL);
5771 res->analysers = 0;
5772 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
5773
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005774 s->fe->fe_counters.cli_aborts++;
5775 s->be->be_counters.cli_aborts++;
Willy Tarreau827aee92011-03-10 16:55:02 +01005776 if (target_srv(&s->target))
5777 target_srv(&s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005778
5779 if (!(s->flags & SN_ERR_MASK))
5780 s->flags |= SN_ERR_CLICL;
5781 if (!(s->flags & SN_FINST_MASK))
5782 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005783 return 0;
5784}
5785
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005786/* Iterate the same filter through all request headers.
5787 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005788 * Since it can manage the switch to another backend, it updates the per-proxy
5789 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005790 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005791int apply_filter_to_req_headers(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005792{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005793 char term;
5794 char *cur_ptr, *cur_end, *cur_next;
5795 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005796 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005797 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005798 int delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01005799
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005800 last_hdr = 0;
5801
Willy Tarreau9b28e032012-10-12 23:49:43 +02005802 cur_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005803 old_idx = 0;
5804
5805 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005806 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005807 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005808 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005809 (exp->action == ACT_ALLOW ||
5810 exp->action == ACT_DENY ||
5811 exp->action == ACT_TARPIT))
5812 return 0;
5813
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005814 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005815 if (!cur_idx)
5816 break;
5817
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005818 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005819 cur_ptr = cur_next;
5820 cur_end = cur_ptr + cur_hdr->len;
5821 cur_next = cur_end + cur_hdr->cr + 1;
5822
5823 /* Now we have one header between cur_ptr and cur_end,
5824 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005825 */
5826
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005827 /* The annoying part is that pattern matching needs
5828 * that we modify the contents to null-terminate all
5829 * strings before testing them.
5830 */
5831
5832 term = *cur_end;
5833 *cur_end = '\0';
5834
5835 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5836 switch (exp->action) {
5837 case ACT_SETBE:
5838 /* It is not possible to jump a second time.
5839 * FIXME: should we return an HTTP/500 here so that
5840 * the admin knows there's a problem ?
5841 */
5842 if (t->be != t->fe)
5843 break;
5844
5845 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02005846 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005847 last_hdr = 1;
5848 break;
5849
5850 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005851 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005852 last_hdr = 1;
5853 break;
5854
5855 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005856 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005857 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005858
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005859 t->fe->fe_counters.denied_req++;
5860 if (t->fe != t->be)
5861 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005862 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005863 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005864
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005865 break;
5866
5867 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01005868 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005869 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005870
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005871 t->fe->fe_counters.denied_req++;
5872 if (t->fe != t->be)
5873 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005874 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005875 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005876
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005877 break;
5878
5879 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005880 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
5881 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005882 /* FIXME: if the user adds a newline in the replacement, the
5883 * index will not be recalculated for now, and the new line
5884 * will not be counted as a new header.
5885 */
5886
5887 cur_end += delta;
5888 cur_next += delta;
5889 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005890 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005891 break;
5892
5893 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02005894 delta = buffer_replace2(req->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005895 cur_next += delta;
5896
Willy Tarreaufa355d42009-11-29 18:12:29 +01005897 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005898 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
5899 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005900 cur_hdr->len = 0;
5901 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01005902 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005903 break;
5904
5905 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005906 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005907 if (cur_end)
5908 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005909
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005910 /* keep the link from this header to next one in case of later
5911 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005912 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005913 old_idx = cur_idx;
5914 }
5915 return 0;
5916}
5917
5918
5919/* Apply the filter to the request line.
5920 * Returns 0 if nothing has been done, 1 if the filter has been applied,
5921 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005922 * Since it can manage the switch to another backend, it updates the per-proxy
5923 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005924 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005925int apply_filter_to_req_line(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005926{
5927 char term;
5928 char *cur_ptr, *cur_end;
5929 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005930 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005931 int delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005932
Willy Tarreau3d300592007-03-18 18:34:41 +01005933 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005934 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005935 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005936 (exp->action == ACT_ALLOW ||
5937 exp->action == ACT_DENY ||
5938 exp->action == ACT_TARPIT))
5939 return 0;
5940 else if (exp->action == ACT_REMOVE)
5941 return 0;
5942
5943 done = 0;
5944
Willy Tarreau9b28e032012-10-12 23:49:43 +02005945 cur_ptr = req->buf->p;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005946 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005947
5948 /* Now we have the request line between cur_ptr and cur_end */
5949
5950 /* The annoying part is that pattern matching needs
5951 * that we modify the contents to null-terminate all
5952 * strings before testing them.
5953 */
5954
5955 term = *cur_end;
5956 *cur_end = '\0';
5957
5958 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5959 switch (exp->action) {
5960 case ACT_SETBE:
5961 /* It is not possible to jump a second time.
5962 * FIXME: should we return an HTTP/500 here so that
5963 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01005964 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005965 if (t->be != t->fe)
5966 break;
5967
5968 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02005969 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005970 done = 1;
5971 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005972
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005973 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005974 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005975 done = 1;
5976 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01005977
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005978 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005979 txn->flags |= TX_CLDENY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005980
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005981 t->fe->fe_counters.denied_req++;
5982 if (t->fe != t->be)
5983 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005984 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005985 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005986
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005987 done = 1;
5988 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01005989
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005990 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01005991 txn->flags |= TX_CLTARPIT;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005992
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005993 t->fe->fe_counters.denied_req++;
5994 if (t->fe != t->be)
5995 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005996 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005997 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005998
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005999 done = 1;
6000 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006001
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006002 case ACT_REPLACE:
6003 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006004 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6005 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006006 /* FIXME: if the user adds a newline in the replacement, the
6007 * index will not be recalculated for now, and the new line
6008 * will not be counted as a new header.
6009 */
Willy Tarreaua496b602006-12-17 23:15:24 +01006010
Willy Tarreaufa355d42009-11-29 18:12:29 +01006011 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006012 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006013 cur_end = (char *)http_parse_reqline(&txn->req,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006014 HTTP_MSG_RQMETH,
6015 cur_ptr, cur_end + 1,
6016 NULL, NULL);
6017 if (unlikely(!cur_end))
6018 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01006019
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006020 /* we have a full request and we know that we have either a CR
6021 * or an LF at <ptr>.
6022 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006023 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
6024 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006025 /* there is no point trying this regex on headers */
6026 return 1;
6027 }
6028 }
6029 *cur_end = term; /* restore the string terminator */
6030 return done;
6031}
Willy Tarreau97de6242006-12-27 17:18:38 +01006032
Willy Tarreau58f10d72006-12-04 02:26:12 +01006033
Willy Tarreau58f10d72006-12-04 02:26:12 +01006034
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006035/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01006036 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006037 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01006038 * unparsable request. Since it can manage the switch to another backend, it
6039 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006040 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006041int apply_filters_to_request(struct session *s, struct channel *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006042{
Willy Tarreau6c123b12010-01-28 20:22:06 +01006043 struct http_txn *txn = &s->txn;
6044 struct hdr_exp *exp;
6045
6046 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006047 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006048
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006049 /*
6050 * The interleaving of transformations and verdicts
6051 * makes it difficult to decide to continue or stop
6052 * the evaluation.
6053 */
6054
Willy Tarreau6c123b12010-01-28 20:22:06 +01006055 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
6056 break;
6057
Willy Tarreau3d300592007-03-18 18:34:41 +01006058 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006059 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01006060 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006061 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01006062
6063 /* if this filter had a condition, evaluate it now and skip to
6064 * next filter if the condition does not match.
6065 */
6066 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006067 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau6c123b12010-01-28 20:22:06 +01006068 ret = acl_pass(ret);
6069 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6070 ret = !ret;
6071
6072 if (!ret)
6073 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006074 }
6075
6076 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006077 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006078 if (unlikely(ret < 0))
6079 return -1;
6080
6081 if (likely(ret == 0)) {
6082 /* The filter did not match the request, it can be
6083 * iterated through all headers.
6084 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006085 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006086 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006087 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006088 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006089}
6090
6091
Willy Tarreaua15645d2007-03-18 16:22:39 +01006092
Willy Tarreau58f10d72006-12-04 02:26:12 +01006093/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006094 * Try to retrieve the server associated to the appsession.
6095 * If the server is found, it's assigned to the session.
6096 */
Cyril Bontéb21570a2009-11-29 20:04:48 +01006097void manage_client_side_appsession(struct session *t, const char *buf, int len) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006098 struct http_txn *txn = &t->txn;
6099 appsess *asession = NULL;
6100 char *sessid_temp = NULL;
6101
Cyril Bontéb21570a2009-11-29 20:04:48 +01006102 if (len > t->be->appsession_len) {
6103 len = t->be->appsession_len;
6104 }
6105
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006106 if (t->be->options2 & PR_O2_AS_REQL) {
6107 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006108 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006109 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006110 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006111 }
6112
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006113 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006114 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6115 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6116 return;
6117 }
6118
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006119 memcpy(txn->sessid, buf, len);
6120 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006121 }
6122
6123 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
6124 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6125 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6126 return;
6127 }
6128
Cyril Bontéb21570a2009-11-29 20:04:48 +01006129 memcpy(sessid_temp, buf, len);
6130 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006131
6132 asession = appsession_hash_lookup(&(t->be->htbl_proxy), sessid_temp);
6133 /* free previously allocated memory */
6134 pool_free2(apools.sessid, sessid_temp);
6135
6136 if (asession != NULL) {
6137 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
6138 if (!(t->be->options2 & PR_O2_AS_REQL))
6139 asession->request_count++;
6140
6141 if (asession->serverid != NULL) {
6142 struct server *srv = t->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02006143
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006144 while (srv) {
6145 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01006146 if ((srv->state & SRV_RUNNING) ||
6147 (t->be->options & PR_O_PERSIST) ||
6148 (t->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006149 /* we found the server and it's usable */
6150 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01006151 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006152 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau9e000c62011-03-10 14:03:36 +01006153 set_target_server(&t->target, srv);
Willy Tarreau664beb82011-03-10 11:38:29 +01006154
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006155 break;
6156 } else {
6157 txn->flags &= ~TX_CK_MASK;
6158 txn->flags |= TX_CK_DOWN;
6159 }
6160 }
6161 srv = srv->next;
6162 }
6163 }
6164 }
6165}
6166
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006167/* Find the end of a cookie value contained between <s> and <e>. It works the
6168 * same way as with headers above except that the semi-colon also ends a token.
6169 * See RFC2965 for more information. Note that it requires a valid header to
6170 * return a valid result.
6171 */
6172char *find_cookie_value_end(char *s, const char *e)
6173{
6174 int quoted, qdpair;
6175
6176 quoted = qdpair = 0;
6177 for (; s < e; s++) {
6178 if (qdpair) qdpair = 0;
6179 else if (quoted) {
6180 if (*s == '\\') qdpair = 1;
6181 else if (*s == '"') quoted = 0;
6182 }
6183 else if (*s == '"') quoted = 1;
6184 else if (*s == ',' || *s == ';') return s;
6185 }
6186 return s;
6187}
6188
6189/* Delete a value in a header between delimiters <from> and <next> in buffer
6190 * <buf>. The number of characters displaced is returned, and the pointer to
6191 * the first delimiter is updated if required. The function tries as much as
6192 * possible to respect the following principles :
6193 * - replace <from> delimiter by the <next> one unless <from> points to a
6194 * colon, in which case <next> is simply removed
6195 * - set exactly one space character after the new first delimiter, unless
6196 * there are not enough characters in the block being moved to do so.
6197 * - remove unneeded spaces before the previous delimiter and after the new
6198 * one.
6199 *
6200 * It is the caller's responsibility to ensure that :
6201 * - <from> points to a valid delimiter or the colon ;
6202 * - <next> points to a valid delimiter or the final CR/LF ;
6203 * - there are non-space chars before <from> ;
6204 * - there is a CR/LF at or after <next>.
6205 */
Willy Tarreauaf819352012-08-27 22:08:00 +02006206int del_hdr_value(struct buffer *buf, char **from, char *next)
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006207{
6208 char *prev = *from;
6209
6210 if (*prev == ':') {
6211 /* We're removing the first value, preserve the colon and add a
6212 * space if possible.
6213 */
6214 if (!http_is_crlf[(unsigned char)*next])
6215 next++;
6216 prev++;
6217 if (prev < next)
6218 *prev++ = ' ';
6219
6220 while (http_is_spht[(unsigned char)*next])
6221 next++;
6222 } else {
6223 /* Remove useless spaces before the old delimiter. */
6224 while (http_is_spht[(unsigned char)*(prev-1)])
6225 prev--;
6226 *from = prev;
6227
6228 /* copy the delimiter and if possible a space if we're
6229 * not at the end of the line.
6230 */
6231 if (!http_is_crlf[(unsigned char)*next]) {
6232 *prev++ = *next++;
6233 if (prev + 1 < next)
6234 *prev++ = ' ';
6235 while (http_is_spht[(unsigned char)*next])
6236 next++;
6237 }
6238 }
6239 return buffer_replace2(buf, prev, next, NULL, 0);
6240}
6241
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006242/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006243 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006244 * desirable to call it only when needed. This code is quite complex because
6245 * of the multiple very crappy and ambiguous syntaxes we have to support. it
6246 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01006247 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006248void manage_client_side_cookies(struct session *t, struct channel *req)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006249{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006250 struct http_txn *txn = &t->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006251 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006252 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006253 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
6254 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006255
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006256 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01006257 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02006258 hdr_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006259
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006260 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006261 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006262 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006263
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006264 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006265 hdr_beg = hdr_next;
6266 hdr_end = hdr_beg + cur_hdr->len;
6267 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006268
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006269 /* We have one full header between hdr_beg and hdr_end, and the
6270 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01006271 * "Cookie:" headers.
6272 */
6273
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006274 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006275 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006276 old_idx = cur_idx;
6277 continue;
6278 }
6279
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006280 del_from = NULL; /* nothing to be deleted */
6281 preserve_hdr = 0; /* assume we may kill the whole header */
6282
Willy Tarreau58f10d72006-12-04 02:26:12 +01006283 /* Now look for cookies. Conforming to RFC2109, we have to support
6284 * attributes whose name begin with a '$', and associate them with
6285 * the right cookie, if we want to delete this cookie.
6286 * So there are 3 cases for each cookie read :
6287 * 1) it's a special attribute, beginning with a '$' : ignore it.
6288 * 2) it's a server id cookie that we *MAY* want to delete : save
6289 * some pointers on it (last semi-colon, beginning of cookie...)
6290 * 3) it's an application cookie : we *MAY* have to delete a previous
6291 * "special" cookie.
6292 * At the end of loop, if a "special" cookie remains, we may have to
6293 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006294 * *MUST* delete it.
6295 *
6296 * Note: RFC2965 is unclear about the processing of spaces around
6297 * the equal sign in the ATTR=VALUE form. A careful inspection of
6298 * the RFC explicitly allows spaces before it, and not within the
6299 * tokens (attrs or values). An inspection of RFC2109 allows that
6300 * too but section 10.1.3 lets one think that spaces may be allowed
6301 * after the equal sign too, resulting in some (rare) buggy
6302 * implementations trying to do that. So let's do what servers do.
6303 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
6304 * allowed quoted strings in values, with any possible character
6305 * after a backslash, including control chars and delimitors, which
6306 * causes parsing to become ambiguous. Browsers also allow spaces
6307 * within values even without quotes.
6308 *
6309 * We have to keep multiple pointers in order to support cookie
6310 * removal at the beginning, middle or end of header without
6311 * corrupting the header. All of these headers are valid :
6312 *
6313 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
6314 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
6315 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
6316 * | | | | | | | | |
6317 * | | | | | | | | hdr_end <--+
6318 * | | | | | | | +--> next
6319 * | | | | | | +----> val_end
6320 * | | | | | +-----------> val_beg
6321 * | | | | +--------------> equal
6322 * | | | +----------------> att_end
6323 * | | +---------------------> att_beg
6324 * | +--------------------------> prev
6325 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01006326 */
6327
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006328 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
6329 /* Iterate through all cookies on this line */
6330
6331 /* find att_beg */
6332 att_beg = prev + 1;
6333 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6334 att_beg++;
6335
6336 /* find att_end : this is the first character after the last non
6337 * space before the equal. It may be equal to hdr_end.
6338 */
6339 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006340
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006341 while (equal < hdr_end) {
6342 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01006343 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006344 if (http_is_spht[(unsigned char)*equal++])
6345 continue;
6346 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006347 }
6348
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006349 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6350 * is between <att_beg> and <equal>, both may be identical.
6351 */
6352
6353 /* look for end of cookie if there is an equal sign */
6354 if (equal < hdr_end && *equal == '=') {
6355 /* look for the beginning of the value */
6356 val_beg = equal + 1;
6357 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6358 val_beg++;
6359
6360 /* find the end of the value, respecting quotes */
6361 next = find_cookie_value_end(val_beg, hdr_end);
6362
6363 /* make val_end point to the first white space or delimitor after the value */
6364 val_end = next;
6365 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
6366 val_end--;
6367 } else {
6368 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01006369 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006370
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006371 /* We have nothing to do with attributes beginning with '$'. However,
6372 * they will automatically be removed if a header before them is removed,
6373 * since they're supposed to be linked together.
6374 */
6375 if (*att_beg == '$')
6376 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006377
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006378 /* Ignore cookies with no equal sign */
6379 if (equal == next) {
6380 /* This is not our cookie, so we must preserve it. But if we already
6381 * scheduled another cookie for removal, we cannot remove the
6382 * complete header, but we can remove the previous block itself.
6383 */
6384 preserve_hdr = 1;
6385 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006386 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006387 val_end += delta;
6388 next += delta;
6389 hdr_end += delta;
6390 hdr_next += delta;
6391 cur_hdr->len += delta;
6392 http_msg_move_end(&txn->req, delta);
6393 prev = del_from;
6394 del_from = NULL;
6395 }
6396 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01006397 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006398
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006399 /* if there are spaces around the equal sign, we need to
6400 * strip them otherwise we'll get trouble for cookie captures,
6401 * or even for rewrites. Since this happens extremely rarely,
6402 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006403 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006404 if (unlikely(att_end != equal || val_beg > equal + 1)) {
6405 int stripped_before = 0;
6406 int stripped_after = 0;
6407
6408 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006409 stripped_before = buffer_replace2(req->buf, att_end, equal, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006410 equal += stripped_before;
6411 val_beg += stripped_before;
6412 }
6413
6414 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006415 stripped_after = buffer_replace2(req->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006416 val_beg += stripped_after;
6417 stripped_before += stripped_after;
6418 }
6419
6420 val_end += stripped_before;
6421 next += stripped_before;
6422 hdr_end += stripped_before;
6423 hdr_next += stripped_before;
6424 cur_hdr->len += stripped_before;
6425 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006426 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006427 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006428
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006429 /* First, let's see if we want to capture this cookie. We check
6430 * that we don't already have a client side cookie, because we
6431 * can only capture one. Also as an optimisation, we ignore
6432 * cookies shorter than the declared name.
6433 */
6434 if (t->fe->capture_name != NULL && txn->cli_cookie == NULL &&
6435 (val_end - att_beg >= t->fe->capture_namelen) &&
6436 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
6437 int log_len = val_end - att_beg;
6438
6439 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
6440 Alert("HTTP logging : out of memory.\n");
6441 } else {
6442 if (log_len > t->fe->capture_len)
6443 log_len = t->fe->capture_len;
6444 memcpy(txn->cli_cookie, att_beg, log_len);
6445 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006446 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006447 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006448
Willy Tarreaubca99692010-10-06 19:25:55 +02006449 /* Persistence cookies in passive, rewrite or insert mode have the
6450 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006451 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006452 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006453 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006454 * For cookies in prefix mode, the form is :
6455 *
6456 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006457 */
6458 if ((att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
6459 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
6460 struct server *srv = t->be->srv;
6461 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006462
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006463 /* if we're in cookie prefix mode, we'll search the delimitor so that we
6464 * have the server ID between val_beg and delim, and the original cookie between
6465 * delim+1 and val_end. Otherwise, delim==val_end :
6466 *
6467 * Cookie: NAME=SRV; # in all but prefix modes
6468 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
6469 * | || || | |+-> next
6470 * | || || | +--> val_end
6471 * | || || +---------> delim
6472 * | || |+------------> val_beg
6473 * | || +-------------> att_end = equal
6474 * | |+-----------------> att_beg
6475 * | +------------------> prev
6476 * +-------------------------> hdr_beg
6477 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006478
Willy Tarreau67402132012-05-31 20:40:20 +02006479 if (t->be->ck_opts & PR_CK_PFX) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006480 for (delim = val_beg; delim < val_end; delim++)
6481 if (*delim == COOKIE_DELIM)
6482 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02006483 } else {
6484 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006485 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02006486 /* Now check if the cookie contains a date field, which would
6487 * appear after a vertical bar ('|') just after the server name
6488 * and before the delimiter.
6489 */
6490 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
6491 if (vbar1) {
6492 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02006493 * right is the last seen date. It is a base64 encoded
6494 * 30-bit value representing the UNIX date since the
6495 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02006496 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02006497 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02006498 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02006499 if (val_end - vbar1 >= 5) {
6500 val = b64tos30(vbar1);
6501 if (val > 0)
6502 txn->cookie_last_date = val << 2;
6503 }
6504 /* look for a second vertical bar */
6505 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
6506 if (vbar1 && (val_end - vbar1 > 5)) {
6507 val = b64tos30(vbar1 + 1);
6508 if (val > 0)
6509 txn->cookie_first_date = val << 2;
6510 }
Willy Tarreaubca99692010-10-06 19:25:55 +02006511 }
6512 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006513
Willy Tarreauf64d1412010-10-07 20:06:11 +02006514 /* if the cookie has an expiration date and the proxy wants to check
6515 * it, then we do that now. We first check if the cookie is too old,
6516 * then only if it has expired. We detect strict overflow because the
6517 * time resolution here is not great (4 seconds). Cookies with dates
6518 * in the future are ignored if their offset is beyond one day. This
6519 * allows an admin to fix timezone issues without expiring everyone
6520 * and at the same time avoids keeping unwanted side effects for too
6521 * long.
6522 */
6523 if (txn->cookie_first_date && t->be->cookie_maxlife &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006524 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)t->be->cookie_maxlife) ||
6525 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006526 txn->flags &= ~TX_CK_MASK;
6527 txn->flags |= TX_CK_OLD;
6528 delim = val_beg; // let's pretend we have not found the cookie
6529 txn->cookie_first_date = 0;
6530 txn->cookie_last_date = 0;
6531 }
6532 else if (txn->cookie_last_date && t->be->cookie_maxidle &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006533 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)t->be->cookie_maxidle) ||
6534 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006535 txn->flags &= ~TX_CK_MASK;
6536 txn->flags |= TX_CK_EXPIRED;
6537 delim = val_beg; // let's pretend we have not found the cookie
6538 txn->cookie_first_date = 0;
6539 txn->cookie_last_date = 0;
6540 }
6541
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006542 /* Here, we'll look for the first running server which supports the cookie.
6543 * This allows to share a same cookie between several servers, for example
6544 * to dedicate backup servers to specific servers only.
6545 * However, to prevent clients from sticking to cookie-less backup server
6546 * when they have incidentely learned an empty cookie, we simply ignore
6547 * empty cookies and mark them as invalid.
6548 * The same behaviour is applied when persistence must be ignored.
6549 */
Willy Tarreau4a5cade2012-04-05 21:09:48 +02006550 if ((delim == val_beg) || (t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006551 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006552
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006553 while (srv) {
6554 if (srv->cookie && (srv->cklen == delim - val_beg) &&
6555 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
6556 if ((srv->state & SRV_RUNNING) ||
6557 (t->be->options & PR_O_PERSIST) ||
6558 (t->flags & SN_FORCE_PRST)) {
6559 /* we found the server and we can use it */
6560 txn->flags &= ~TX_CK_MASK;
6561 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
6562 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau9e000c62011-03-10 14:03:36 +01006563 set_target_server(&t->target, srv);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006564 break;
6565 } else {
6566 /* we found a server, but it's down,
6567 * mark it as such and go on in case
6568 * another one is available.
6569 */
6570 txn->flags &= ~TX_CK_MASK;
6571 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006572 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006573 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006574 srv = srv->next;
6575 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006576
Willy Tarreauf64d1412010-10-07 20:06:11 +02006577 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreauc89ccb62012-04-05 21:18:22 +02006578 /* no server matched this cookie or we deliberately skipped it */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006579 txn->flags &= ~TX_CK_MASK;
Willy Tarreauc89ccb62012-04-05 21:18:22 +02006580 if ((t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
6581 txn->flags |= TX_CK_UNUSED;
6582 else
6583 txn->flags |= TX_CK_INVALID;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006584 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006585
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006586 /* depending on the cookie mode, we may have to either :
6587 * - delete the complete cookie if we're in insert+indirect mode, so that
6588 * the server never sees it ;
6589 * - remove the server id from the cookie value, and tag the cookie as an
6590 * application cookie so that it does not get accidentely removed later,
6591 * if we're in cookie prefix mode
6592 */
Willy Tarreau67402132012-05-31 20:40:20 +02006593 if ((t->be->ck_opts & PR_CK_PFX) && (delim != val_end)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006594 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006595
Willy Tarreau9b28e032012-10-12 23:49:43 +02006596 delta = buffer_replace2(req->buf, val_beg, delim + 1, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006597 val_end += delta;
6598 next += delta;
6599 hdr_end += delta;
6600 hdr_next += delta;
6601 cur_hdr->len += delta;
6602 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006603
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006604 del_from = NULL;
6605 preserve_hdr = 1; /* we want to keep this cookie */
6606 }
6607 else if (del_from == NULL &&
Willy Tarreau67402132012-05-31 20:40:20 +02006608 (t->be->ck_opts & (PR_CK_INS | PR_CK_IND)) == (PR_CK_INS | PR_CK_IND)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006609 del_from = prev;
6610 }
6611 } else {
6612 /* This is not our cookie, so we must preserve it. But if we already
6613 * scheduled another cookie for removal, we cannot remove the
6614 * complete header, but we can remove the previous block itself.
6615 */
6616 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006617
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006618 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006619 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01006620 if (att_beg >= del_from)
6621 att_beg += delta;
6622 if (att_end >= del_from)
6623 att_end += delta;
6624 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006625 val_end += delta;
6626 next += delta;
6627 hdr_end += delta;
6628 hdr_next += delta;
6629 cur_hdr->len += delta;
6630 http_msg_move_end(&txn->req, delta);
6631 prev = del_from;
6632 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006633 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006634 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006635
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006636 /* Look for the appsession cookie unless persistence must be ignored */
6637 if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
6638 int cmp_len, value_len;
6639 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02006640
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006641 if (t->be->options2 & PR_O2_AS_PFX) {
6642 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
6643 value_begin = att_beg + t->be->appsession_name_len;
6644 value_len = val_end - att_beg - t->be->appsession_name_len;
6645 } else {
6646 cmp_len = att_end - att_beg;
6647 value_begin = val_beg;
6648 value_len = val_end - val_beg;
6649 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01006650
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006651 /* let's see if the cookie is our appcookie */
6652 if (cmp_len == t->be->appsession_name_len &&
6653 memcmp(att_beg, t->be->appsession_name, cmp_len) == 0) {
6654 manage_client_side_appsession(t, value_begin, value_len);
6655 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006656 }
6657
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006658 /* continue with next cookie on this header line */
6659 att_beg = next;
6660 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006661
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006662 /* There are no more cookies on this line.
6663 * We may still have one (or several) marked for deletion at the
6664 * end of the line. We must do this now in two ways :
6665 * - if some cookies must be preserved, we only delete from the
6666 * mark to the end of line ;
6667 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01006668 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006669 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006670 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006671 if (preserve_hdr) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006672 delta = del_hdr_value(req->buf, &del_from, hdr_end);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006673 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006674 cur_hdr->len += delta;
6675 } else {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006676 delta = buffer_replace2(req->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006677
6678 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006679 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6680 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006681 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01006682 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006683 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006684 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006685 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006686 }
6687
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006688 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006689 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006690 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006691}
6692
6693
Willy Tarreaua15645d2007-03-18 16:22:39 +01006694/* Iterate the same filter through all response headers contained in <rtr>.
6695 * Returns 1 if this filter can be stopped upon return, otherwise 0.
6696 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006697int apply_filter_to_resp_headers(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006698{
6699 char term;
6700 char *cur_ptr, *cur_end, *cur_next;
6701 int cur_idx, old_idx, last_hdr;
6702 struct http_txn *txn = &t->txn;
6703 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006704 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006705
6706 last_hdr = 0;
6707
Willy Tarreau9b28e032012-10-12 23:49:43 +02006708 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006709 old_idx = 0;
6710
6711 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006712 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01006713 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006714 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006715 (exp->action == ACT_ALLOW ||
6716 exp->action == ACT_DENY))
6717 return 0;
6718
6719 cur_idx = txn->hdr_idx.v[old_idx].next;
6720 if (!cur_idx)
6721 break;
6722
6723 cur_hdr = &txn->hdr_idx.v[cur_idx];
6724 cur_ptr = cur_next;
6725 cur_end = cur_ptr + cur_hdr->len;
6726 cur_next = cur_end + cur_hdr->cr + 1;
6727
6728 /* Now we have one header between cur_ptr and cur_end,
6729 * and the next header starts at cur_next.
6730 */
6731
6732 /* The annoying part is that pattern matching needs
6733 * that we modify the contents to null-terminate all
6734 * strings before testing them.
6735 */
6736
6737 term = *cur_end;
6738 *cur_end = '\0';
6739
6740 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6741 switch (exp->action) {
6742 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006743 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006744 last_hdr = 1;
6745 break;
6746
6747 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006748 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006749 last_hdr = 1;
6750 break;
6751
6752 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006753 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6754 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006755 /* FIXME: if the user adds a newline in the replacement, the
6756 * index will not be recalculated for now, and the new line
6757 * will not be counted as a new header.
6758 */
6759
6760 cur_end += delta;
6761 cur_next += delta;
6762 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006763 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006764 break;
6765
6766 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02006767 delta = buffer_replace2(rtr->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006768 cur_next += delta;
6769
Willy Tarreaufa355d42009-11-29 18:12:29 +01006770 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006771 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6772 txn->hdr_idx.used--;
6773 cur_hdr->len = 0;
6774 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006775 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006776 break;
6777
6778 }
6779 }
6780 if (cur_end)
6781 *cur_end = term; /* restore the string terminator */
6782
6783 /* keep the link from this header to next one in case of later
6784 * removal of next header.
6785 */
6786 old_idx = cur_idx;
6787 }
6788 return 0;
6789}
6790
6791
6792/* Apply the filter to the status line in the response buffer <rtr>.
6793 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6794 * or -1 if a replacement resulted in an invalid status line.
6795 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006796int apply_filter_to_sts_line(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006797{
6798 char term;
6799 char *cur_ptr, *cur_end;
6800 int done;
6801 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006802 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006803
6804
Willy Tarreau3d300592007-03-18 18:34:41 +01006805 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01006806 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006807 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006808 (exp->action == ACT_ALLOW ||
6809 exp->action == ACT_DENY))
6810 return 0;
6811 else if (exp->action == ACT_REMOVE)
6812 return 0;
6813
6814 done = 0;
6815
Willy Tarreau9b28e032012-10-12 23:49:43 +02006816 cur_ptr = rtr->buf->p;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02006817 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006818
6819 /* Now we have the status line between cur_ptr and cur_end */
6820
6821 /* The annoying part is that pattern matching needs
6822 * that we modify the contents to null-terminate all
6823 * strings before testing them.
6824 */
6825
6826 term = *cur_end;
6827 *cur_end = '\0';
6828
6829 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6830 switch (exp->action) {
6831 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006832 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006833 done = 1;
6834 break;
6835
6836 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006837 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006838 done = 1;
6839 break;
6840
6841 case ACT_REPLACE:
6842 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006843 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6844 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006845 /* FIXME: if the user adds a newline in the replacement, the
6846 * index will not be recalculated for now, and the new line
6847 * will not be counted as a new header.
6848 */
6849
Willy Tarreaufa355d42009-11-29 18:12:29 +01006850 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006851 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006852 cur_end = (char *)http_parse_stsline(&txn->rsp,
Willy Tarreau02785762007-04-03 14:45:44 +02006853 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01006854 cur_ptr, cur_end + 1,
6855 NULL, NULL);
6856 if (unlikely(!cur_end))
6857 return -1;
6858
6859 /* we have a full respnse and we know that we have either a CR
6860 * or an LF at <ptr>.
6861 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02006862 txn->status = strl2ui(rtr->buf->p + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02006863 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01006864 /* there is no point trying this regex on headers */
6865 return 1;
6866 }
6867 }
6868 *cur_end = term; /* restore the string terminator */
6869 return done;
6870}
6871
6872
6873
6874/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006875 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006876 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
6877 * unparsable response.
6878 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006879int apply_filters_to_response(struct session *s, struct channel *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006880{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006881 struct http_txn *txn = &s->txn;
6882 struct hdr_exp *exp;
6883
6884 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01006885 int ret;
6886
6887 /*
6888 * The interleaving of transformations and verdicts
6889 * makes it difficult to decide to continue or stop
6890 * the evaluation.
6891 */
6892
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006893 if (txn->flags & TX_SVDENY)
6894 break;
6895
Willy Tarreau3d300592007-03-18 18:34:41 +01006896 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006897 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
6898 exp->action == ACT_PASS)) {
6899 exp = exp->next;
6900 continue;
6901 }
6902
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006903 /* if this filter had a condition, evaluate it now and skip to
6904 * next filter if the condition does not match.
6905 */
6906 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006907 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006908 ret = acl_pass(ret);
6909 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6910 ret = !ret;
6911 if (!ret)
6912 continue;
6913 }
6914
Willy Tarreaua15645d2007-03-18 16:22:39 +01006915 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006916 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006917 if (unlikely(ret < 0))
6918 return -1;
6919
6920 if (likely(ret == 0)) {
6921 /* The filter did not match the response, it can be
6922 * iterated through all headers.
6923 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006924 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006925 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006926 }
6927 return 0;
6928}
6929
6930
Willy Tarreaua15645d2007-03-18 16:22:39 +01006931/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006932 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02006933 * desirable to call it only when needed. This function is also used when we
6934 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01006935 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006936void manage_server_side_cookies(struct session *t, struct channel *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006937{
6938 struct http_txn *txn = &t->txn;
Willy Tarreau827aee92011-03-10 16:55:02 +01006939 struct server *srv;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006940 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006941 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006942 char *hdr_beg, *hdr_end, *hdr_next;
6943 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006944
Willy Tarreaua15645d2007-03-18 16:22:39 +01006945 /* Iterate through the headers.
6946 * we start with the start line.
6947 */
6948 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02006949 hdr_next = res->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006950
6951 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
6952 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006953 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006954
6955 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02006956 hdr_beg = hdr_next;
6957 hdr_end = hdr_beg + cur_hdr->len;
6958 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006959
Willy Tarreau24581ba2010-08-31 22:39:35 +02006960 /* We have one full header between hdr_beg and hdr_end, and the
6961 * next header starts at hdr_next. We're only interested in
6962 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006963 */
6964
Willy Tarreau24581ba2010-08-31 22:39:35 +02006965 is_cookie2 = 0;
6966 prev = hdr_beg + 10;
6967 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006968 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02006969 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
6970 if (!val) {
6971 old_idx = cur_idx;
6972 continue;
6973 }
6974 is_cookie2 = 1;
6975 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006976 }
6977
Willy Tarreau24581ba2010-08-31 22:39:35 +02006978 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
6979 * <prev> points to the colon.
6980 */
Willy Tarreauf1348312010-10-07 15:54:11 +02006981 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006982
Willy Tarreau24581ba2010-08-31 22:39:35 +02006983 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
6984 * check-cache is enabled) and we are not interested in checking
6985 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02006986 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02006987 if (t->be->cookie_name == NULL &&
6988 t->be->appsession_name == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02006989 t->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006990 return;
6991
Willy Tarreau24581ba2010-08-31 22:39:35 +02006992 /* OK so now we know we have to process this response cookie.
6993 * The format of the Set-Cookie header is slightly different
6994 * from the format of the Cookie header in that it does not
6995 * support the comma as a cookie delimiter (thus the header
6996 * cannot be folded) because the Expires attribute described in
6997 * the original Netscape's spec may contain an unquoted date
6998 * with a comma inside. We have to live with this because
6999 * many browsers don't support Max-Age and some browsers don't
7000 * support quoted strings. However the Set-Cookie2 header is
7001 * clean.
7002 *
7003 * We have to keep multiple pointers in order to support cookie
7004 * removal at the beginning, middle or end of header without
7005 * corrupting the header (in case of set-cookie2). A special
7006 * pointer, <scav> points to the beginning of the set-cookie-av
7007 * fields after the first semi-colon. The <next> pointer points
7008 * either to the end of line (set-cookie) or next unquoted comma
7009 * (set-cookie2). All of these headers are valid :
7010 *
7011 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
7012 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7013 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7014 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
7015 * | | | | | | | | | |
7016 * | | | | | | | | +-> next hdr_end <--+
7017 * | | | | | | | +------------> scav
7018 * | | | | | | +--------------> val_end
7019 * | | | | | +--------------------> val_beg
7020 * | | | | +----------------------> equal
7021 * | | | +------------------------> att_end
7022 * | | +----------------------------> att_beg
7023 * | +------------------------------> prev
7024 * +-----------------------------------------> hdr_beg
7025 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007026
Willy Tarreau24581ba2010-08-31 22:39:35 +02007027 for (; prev < hdr_end; prev = next) {
7028 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007029
Willy Tarreau24581ba2010-08-31 22:39:35 +02007030 /* find att_beg */
7031 att_beg = prev + 1;
7032 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7033 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007034
Willy Tarreau24581ba2010-08-31 22:39:35 +02007035 /* find att_end : this is the first character after the last non
7036 * space before the equal. It may be equal to hdr_end.
7037 */
7038 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007039
Willy Tarreau24581ba2010-08-31 22:39:35 +02007040 while (equal < hdr_end) {
7041 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
7042 break;
7043 if (http_is_spht[(unsigned char)*equal++])
7044 continue;
7045 att_end = equal;
7046 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007047
Willy Tarreau24581ba2010-08-31 22:39:35 +02007048 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7049 * is between <att_beg> and <equal>, both may be identical.
7050 */
7051
7052 /* look for end of cookie if there is an equal sign */
7053 if (equal < hdr_end && *equal == '=') {
7054 /* look for the beginning of the value */
7055 val_beg = equal + 1;
7056 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7057 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007058
Willy Tarreau24581ba2010-08-31 22:39:35 +02007059 /* find the end of the value, respecting quotes */
7060 next = find_cookie_value_end(val_beg, hdr_end);
7061
7062 /* make val_end point to the first white space or delimitor after the value */
7063 val_end = next;
7064 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7065 val_end--;
7066 } else {
7067 /* <equal> points to next comma, semi-colon or EOL */
7068 val_beg = val_end = next = equal;
7069 }
7070
7071 if (next < hdr_end) {
7072 /* Set-Cookie2 supports multiple cookies, and <next> points to
7073 * a colon or semi-colon before the end. So skip all attr-value
7074 * pairs and look for the next comma. For Set-Cookie, since
7075 * commas are permitted in values, skip to the end.
7076 */
7077 if (is_cookie2)
7078 next = find_hdr_value_end(next, hdr_end);
7079 else
7080 next = hdr_end;
7081 }
7082
7083 /* Now everything is as on the diagram above */
7084
7085 /* Ignore cookies with no equal sign */
7086 if (equal == val_end)
7087 continue;
7088
7089 /* If there are spaces around the equal sign, we need to
7090 * strip them otherwise we'll get trouble for cookie captures,
7091 * or even for rewrites. Since this happens extremely rarely,
7092 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007093 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007094 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7095 int stripped_before = 0;
7096 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007097
Willy Tarreau24581ba2010-08-31 22:39:35 +02007098 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007099 stripped_before = buffer_replace2(res->buf, att_end, equal, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007100 equal += stripped_before;
7101 val_beg += stripped_before;
7102 }
7103
7104 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007105 stripped_after = buffer_replace2(res->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007106 val_beg += stripped_after;
7107 stripped_before += stripped_after;
7108 }
7109
7110 val_end += stripped_before;
7111 next += stripped_before;
7112 hdr_end += stripped_before;
7113 hdr_next += stripped_before;
7114 cur_hdr->len += stripped_before;
Willy Tarreau1fc1f452011-04-07 22:35:37 +02007115 http_msg_move_end(&txn->rsp, stripped_before);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007116 }
7117
7118 /* First, let's see if we want to capture this cookie. We check
7119 * that we don't already have a server side cookie, because we
7120 * can only capture one. Also as an optimisation, we ignore
7121 * cookies shorter than the declared name.
7122 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007123 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01007124 txn->srv_cookie == NULL &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007125 (val_end - att_beg >= t->fe->capture_namelen) &&
7126 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
7127 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02007128 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007129 Alert("HTTP logging : out of memory.\n");
7130 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01007131 else {
7132 if (log_len > t->fe->capture_len)
7133 log_len = t->fe->capture_len;
7134 memcpy(txn->srv_cookie, att_beg, log_len);
7135 txn->srv_cookie[log_len] = 0;
7136 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007137 }
7138
Willy Tarreau827aee92011-03-10 16:55:02 +01007139 srv = target_srv(&t->target);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007140 /* now check if we need to process it for persistence */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007141 if (!(t->flags & SN_IGNORE_PRST) &&
7142 (att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
7143 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02007144 /* assume passive cookie by default */
7145 txn->flags &= ~TX_SCK_MASK;
7146 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007147
7148 /* If the cookie is in insert mode on a known server, we'll delete
7149 * this occurrence because we'll insert another one later.
7150 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02007151 * a direct access.
7152 */
Willy Tarreau67402132012-05-31 20:40:20 +02007153 if (t->be->ck_opts & PR_CK_PSV) {
Willy Tarreauba4c5be2010-10-23 12:46:42 +02007154 /* The "preserve" flag was set, we don't want to touch the
7155 * server's cookie.
7156 */
7157 }
Willy Tarreau67402132012-05-31 20:40:20 +02007158 else if ((srv && (t->be->ck_opts & PR_CK_INS)) ||
7159 ((t->flags & SN_DIRECT) && (t->be->ck_opts & PR_CK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007160 /* this cookie must be deleted */
7161 if (*prev == ':' && next == hdr_end) {
7162 /* whole header */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007163 delta = buffer_replace2(res->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007164 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7165 txn->hdr_idx.used--;
7166 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007167 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007168 hdr_next += delta;
7169 http_msg_move_end(&txn->rsp, delta);
7170 /* note: while both invalid now, <next> and <hdr_end>
7171 * are still equal, so the for() will stop as expected.
7172 */
7173 } else {
7174 /* just remove the value */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007175 int delta = del_hdr_value(res->buf, &prev, next);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007176 next = prev;
7177 hdr_end += delta;
7178 hdr_next += delta;
7179 cur_hdr->len += delta;
7180 http_msg_move_end(&txn->rsp, delta);
7181 }
Willy Tarreauf1348312010-10-07 15:54:11 +02007182 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01007183 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007184 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007185 }
Willy Tarreau67402132012-05-31 20:40:20 +02007186 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007187 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01007188 * with this server since we know it.
7189 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007190 delta = buffer_replace2(res->buf, val_beg, val_end, srv->cookie, srv->cklen);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007191 next += delta;
7192 hdr_end += delta;
7193 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007194 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007195 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007196
Willy Tarreauf1348312010-10-07 15:54:11 +02007197 txn->flags &= ~TX_SCK_MASK;
7198 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007199 }
Willy Tarreaua0590312012-06-06 16:07:00 +02007200 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007201 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02007202 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01007203 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007204 delta = buffer_replace2(res->buf, val_beg, val_beg, srv->cookie, srv->cklen + 1);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007205 next += delta;
7206 hdr_end += delta;
7207 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007208 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007209 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007210
Willy Tarreau827aee92011-03-10 16:55:02 +01007211 val_beg[srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02007212 txn->flags &= ~TX_SCK_MASK;
7213 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007214 }
7215 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02007216 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
7217 else if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007218 int cmp_len, value_len;
7219 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007220
Cyril Bontéb21570a2009-11-29 20:04:48 +01007221 if (t->be->options2 & PR_O2_AS_PFX) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007222 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7223 value_begin = att_beg + t->be->appsession_name_len;
7224 value_len = MIN(t->be->appsession_len, val_end - att_beg - t->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01007225 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007226 cmp_len = att_end - att_beg;
7227 value_begin = val_beg;
7228 value_len = MIN(t->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007229 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007230
Cyril Bonté17530c32010-04-06 21:11:10 +02007231 if ((cmp_len == t->be->appsession_name_len) &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007232 (memcmp(att_beg, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7233 /* free a possibly previously allocated memory */
7234 pool_free2(apools.sessid, txn->sessid);
7235
Cyril Bontéb21570a2009-11-29 20:04:48 +01007236 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007237 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007238 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7239 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7240 return;
7241 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007242 memcpy(txn->sessid, value_begin, value_len);
7243 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007244 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02007245 }
7246 /* that's done for this cookie, check the next one on the same
7247 * line when next != hdr_end (only if is_cookie2).
7248 */
7249 }
7250 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007251 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007252 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007253
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007254 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007255 appsess *asession = NULL;
7256 /* only do insert, if lookup fails */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007257 asession = appsession_hash_lookup(&(t->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007258 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01007259 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007260 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
7261 Alert("Not enough Memory process_srv():asession:calloc().\n");
7262 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
7263 return;
7264 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007265 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
7266
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007267 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
7268 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7269 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007270 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007271 return;
7272 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007273 memcpy(asession->sessid, txn->sessid, t->be->appsession_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007274 asession->sessid[t->be->appsession_len] = 0;
7275
Willy Tarreau827aee92011-03-10 16:55:02 +01007276 server_id_len = strlen(target_srv(&t->target)->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007277 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007278 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007279 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007280 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007281 return;
7282 }
7283 asession->serverid[0] = '\0';
Willy Tarreau827aee92011-03-10 16:55:02 +01007284 memcpy(asession->serverid, target_srv(&t->target)->id, server_id_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007285
7286 asession->request_count = 0;
7287 appsession_hash_insert(&(t->be->htbl_proxy), asession);
7288 }
7289
7290 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
7291 asession->request_count++;
7292 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007293}
7294
7295
Willy Tarreaua15645d2007-03-18 16:22:39 +01007296/*
7297 * Check if response is cacheable or not. Updates t->flags.
7298 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007299void check_response_for_cacheability(struct session *t, struct channel *rtr)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007300{
7301 struct http_txn *txn = &t->txn;
7302 char *p1, *p2;
7303
7304 char *cur_ptr, *cur_end, *cur_next;
7305 int cur_idx;
7306
Willy Tarreau5df51872007-11-25 16:20:08 +01007307 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007308 return;
7309
7310 /* Iterate through the headers.
7311 * we start with the start line.
7312 */
7313 cur_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007314 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007315
7316 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
7317 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007318 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007319
7320 cur_hdr = &txn->hdr_idx.v[cur_idx];
7321 cur_ptr = cur_next;
7322 cur_end = cur_ptr + cur_hdr->len;
7323 cur_next = cur_end + cur_hdr->cr + 1;
7324
7325 /* We have one full header between cur_ptr and cur_end, and the
7326 * next header starts at cur_next. We're only interested in
7327 * "Cookie:" headers.
7328 */
7329
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007330 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
7331 if (val) {
7332 if ((cur_end - (cur_ptr + val) >= 8) &&
7333 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
7334 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
7335 return;
7336 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007337 }
7338
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007339 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
7340 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007341 continue;
7342
7343 /* OK, right now we know we have a cache-control header at cur_ptr */
7344
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007345 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007346
7347 if (p1 >= cur_end) /* no more info */
7348 continue;
7349
7350 /* p1 is at the beginning of the value */
7351 p2 = p1;
7352
Willy Tarreau8f8e6452007-06-17 21:51:38 +02007353 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007354 p2++;
7355
7356 /* we have a complete value between p1 and p2 */
7357 if (p2 < cur_end && *p2 == '=') {
7358 /* we have something of the form no-cache="set-cookie" */
7359 if ((cur_end - p1 >= 21) &&
7360 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
7361 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01007362 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007363 continue;
7364 }
7365
7366 /* OK, so we know that either p2 points to the end of string or to a comma */
7367 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
7368 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
7369 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
7370 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007371 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007372 return;
7373 }
7374
7375 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007376 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007377 continue;
7378 }
7379 }
7380}
7381
7382
Willy Tarreau58f10d72006-12-04 02:26:12 +01007383/*
7384 * Try to retrieve a known appsession in the URI, then the associated server.
7385 * If the server is found, it's assigned to the session.
7386 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007387void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01007388{
Cyril Bontéb21570a2009-11-29 20:04:48 +01007389 char *end_params, *first_param, *cur_param, *next_param;
7390 char separator;
7391 int value_len;
7392
7393 int mode = t->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007394
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007395 if (t->be->appsession_name == NULL ||
Cyril Bonté17530c32010-04-06 21:11:10 +02007396 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST && t->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007397 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007398 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007399
Cyril Bontéb21570a2009-11-29 20:04:48 +01007400 first_param = NULL;
7401 switch (mode) {
7402 case PR_O2_AS_M_PP:
7403 first_param = memchr(begin, ';', len);
7404 break;
7405 case PR_O2_AS_M_QS:
7406 first_param = memchr(begin, '?', len);
7407 break;
7408 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007409
Cyril Bontéb21570a2009-11-29 20:04:48 +01007410 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007411 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007412 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007413
Cyril Bontéb21570a2009-11-29 20:04:48 +01007414 switch (mode) {
7415 case PR_O2_AS_M_PP:
7416 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
7417 end_params = (char *) begin + len;
7418 }
7419 separator = ';';
7420 break;
7421 case PR_O2_AS_M_QS:
7422 end_params = (char *) begin + len;
7423 separator = '&';
7424 break;
7425 default:
7426 /* unknown mode, shouldn't happen */
7427 return;
7428 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007429
Cyril Bontéb21570a2009-11-29 20:04:48 +01007430 cur_param = next_param = end_params;
7431 while (cur_param > first_param) {
7432 cur_param--;
7433 if ((cur_param[0] == separator) || (cur_param == first_param)) {
7434 /* let's see if this is the appsession parameter */
7435 if ((cur_param + t->be->appsession_name_len + 1 < next_param) &&
7436 ((t->be->options2 & PR_O2_AS_PFX) || cur_param[t->be->appsession_name_len + 1] == '=') &&
7437 (strncasecmp(cur_param + 1, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7438 /* Cool... it's the right one */
7439 cur_param += t->be->appsession_name_len + (t->be->options2 & PR_O2_AS_PFX ? 1 : 2);
7440 value_len = MIN(t->be->appsession_len, next_param - cur_param);
7441 if (value_len > 0) {
7442 manage_client_side_appsession(t, cur_param, value_len);
7443 }
7444 break;
7445 }
7446 next_param = cur_param;
7447 }
7448 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007449#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007450 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02007451 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01007452#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01007453}
7454
Willy Tarreaub2513902006-12-17 14:52:38 +01007455/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02007456 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007457 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01007458 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02007459 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01007460 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01007461 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007462 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01007463 */
Willy Tarreau295a8372011-03-10 11:25:07 +01007464int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01007465{
7466 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007467 struct http_msg *msg = &txn->req;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007468 const char *uri = msg->chn->buf->p+ msg->sl.rq.u;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007469 const char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01007470
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007471 if (!uri_auth)
7472 return 0;
7473
Cyril Bonté70be45d2010-10-12 00:14:35 +02007474 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007475 return 0;
7476
Willy Tarreau295a8372011-03-10 11:25:07 +01007477 memset(&si->applet.ctx.stats, 0, sizeof(si->applet.ctx.stats));
Cyril Bonté19979e12012-04-04 12:57:21 +02007478 si->applet.ctx.stats.st_code = STAT_STATUS_INIT;
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007479
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007480 /* check URI size */
Willy Tarreau3a215be2012-03-09 21:39:51 +01007481 if (uri_auth->uri_len > msg->sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01007482 return 0;
7483
Willy Tarreau3a215be2012-03-09 21:39:51 +01007484 h = uri;
Willy Tarreau0214c3a2007-01-07 13:47:30 +01007485 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01007486 return 0;
7487
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007488 h += uri_auth->uri_len;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007489 while (h <= uri + msg->sl.rq.u_l - 3) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007490 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007491 si->applet.ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007492 break;
7493 }
7494 h++;
7495 }
7496
7497 if (uri_auth->refresh) {
Willy Tarreau3a215be2012-03-09 21:39:51 +01007498 h = uri + uri_auth->uri_len;
7499 while (h <= uri + msg->sl.rq.u_l - 10) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007500 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007501 si->applet.ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007502 break;
7503 }
7504 h++;
7505 }
7506 }
7507
Willy Tarreau3a215be2012-03-09 21:39:51 +01007508 h = uri + uri_auth->uri_len;
7509 while (h <= uri + msg->sl.rq.u_l - 4) {
Willy Tarreau55bb8452007-10-17 18:44:57 +02007510 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007511 si->applet.ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02007512 break;
7513 }
7514 h++;
7515 }
7516
Willy Tarreau3a215be2012-03-09 21:39:51 +01007517 h = uri + uri_auth->uri_len;
7518 while (h <= uri + msg->sl.rq.u_l - 8) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02007519 if (memcmp(h, ";st=", 4) == 0) {
Cyril Bonté19979e12012-04-04 12:57:21 +02007520 int i;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007521 h += 4;
Cyril Bonté20a804a2012-05-10 19:42:52 +02007522 si->applet.ctx.stats.st_code = STAT_STATUS_UNKN;
Cyril Bonté19979e12012-04-04 12:57:21 +02007523 for (i = STAT_STATUS_INIT + 1; i < STAT_STATUS_SIZE; i++) {
7524 if (strncmp(stat_status_codes[i], h, 4) == 0) {
7525 si->applet.ctx.stats.st_code = i;
7526 break;
7527 }
7528 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02007529 break;
7530 }
7531 h++;
7532 }
7533
Willy Tarreau295a8372011-03-10 11:25:07 +01007534 si->applet.ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007535
Willy Tarreaub2513902006-12-17 14:52:38 +01007536 return 1;
7537}
7538
Willy Tarreau4076a152009-04-02 15:18:36 +02007539/*
7540 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007541 * By default it tries to report the error position as msg->err_pos. However if
7542 * this one is not set, it will then report msg->next, which is the last known
7543 * parsing point. The function is able to deal with wrapping buffers. It always
Willy Tarreaucdbdd522012-10-12 22:51:15 +02007544 * displays buffers as a contiguous area starting at buf->p.
Willy Tarreau4076a152009-04-02 15:18:36 +02007545 */
7546void http_capture_bad_message(struct error_snapshot *es, struct session *s,
Willy Tarreau8a0cef22012-03-09 13:39:23 +01007547 struct http_msg *msg,
Willy Tarreau078272e2010-12-12 12:46:33 +01007548 int state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02007549{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02007550 struct channel *chn = msg->chn;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007551 int len1, len2;
Willy Tarreau8a0cef22012-03-09 13:39:23 +01007552
Willy Tarreau9b28e032012-10-12 23:49:43 +02007553 es->len = MIN(chn->buf->i, sizeof(es->buf));
7554 len1 = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007555 len1 = MIN(len1, es->len);
7556 len2 = es->len - len1; /* remaining data if buffer wraps */
7557
Willy Tarreau9b28e032012-10-12 23:49:43 +02007558 memcpy(es->buf, chn->buf->p, len1);
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007559 if (len2)
Willy Tarreau9b28e032012-10-12 23:49:43 +02007560 memcpy(es->buf + len1, chn->buf->data, len2);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007561
Willy Tarreau4076a152009-04-02 15:18:36 +02007562 if (msg->err_pos >= 0)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007563 es->pos = msg->err_pos;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007564 else
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007565 es->pos = msg->next;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007566
Willy Tarreau4076a152009-04-02 15:18:36 +02007567 es->when = date; // user-visible date
7568 es->sid = s->uniq_id;
Willy Tarreau827aee92011-03-10 16:55:02 +01007569 es->srv = target_srv(&s->target);
Willy Tarreau4076a152009-04-02 15:18:36 +02007570 es->oe = other_end;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02007571 es->src = s->req->prod->conn->addr.from;
Willy Tarreau078272e2010-12-12 12:46:33 +01007572 es->state = state;
Willy Tarreau10479e42010-12-12 14:00:34 +01007573 es->ev_id = error_snapshot_id++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02007574 es->b_flags = chn->flags;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02007575 es->s_flags = s->flags;
7576 es->t_flags = s->txn.flags;
7577 es->m_flags = msg->flags;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007578 es->b_out = chn->buf->o;
7579 es->b_wrap = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02007580 es->b_tot = chn->total;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02007581 es->m_clen = msg->chunk_len;
7582 es->m_blen = msg->body_len;
Willy Tarreau4076a152009-04-02 15:18:36 +02007583}
Willy Tarreaub2513902006-12-17 14:52:38 +01007584
Willy Tarreau294c4732011-12-16 21:35:50 +01007585/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
7586 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
7587 * performed over the whole headers. Otherwise it must contain a valid header
7588 * context, initialised with ctx->idx=0 for the first lookup in a series. If
7589 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
7590 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
7591 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
7592 * -1.
7593 * The return value is 0 if nothing was found, or non-zero otherwise.
Willy Tarreaubce70882009-09-07 11:51:47 +02007594 */
Willy Tarreau185b5c42012-04-26 15:11:51 +02007595unsigned int http_get_hdr(const struct http_msg *msg, const char *hname, int hlen,
Willy Tarreau294c4732011-12-16 21:35:50 +01007596 struct hdr_idx *idx, int occ,
7597 struct hdr_ctx *ctx, char **vptr, int *vlen)
Willy Tarreaubce70882009-09-07 11:51:47 +02007598{
Willy Tarreau294c4732011-12-16 21:35:50 +01007599 struct hdr_ctx local_ctx;
7600 char *ptr_hist[MAX_HDR_HISTORY];
7601 int len_hist[MAX_HDR_HISTORY];
Willy Tarreaubce70882009-09-07 11:51:47 +02007602 unsigned int hist_ptr;
Willy Tarreau294c4732011-12-16 21:35:50 +01007603 int found;
Willy Tarreaubce70882009-09-07 11:51:47 +02007604
Willy Tarreau294c4732011-12-16 21:35:50 +01007605 if (!ctx) {
7606 local_ctx.idx = 0;
7607 ctx = &local_ctx;
7608 }
7609
Willy Tarreaubce70882009-09-07 11:51:47 +02007610 if (occ >= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01007611 /* search from the beginning */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007612 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreaubce70882009-09-07 11:51:47 +02007613 occ--;
7614 if (occ <= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01007615 *vptr = ctx->line + ctx->val;
7616 *vlen = ctx->vlen;
7617 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02007618 }
7619 }
Willy Tarreau294c4732011-12-16 21:35:50 +01007620 return 0;
Willy Tarreaubce70882009-09-07 11:51:47 +02007621 }
7622
7623 /* negative occurrence, we scan all the list then walk back */
7624 if (-occ > MAX_HDR_HISTORY)
7625 return 0;
7626
Willy Tarreau294c4732011-12-16 21:35:50 +01007627 found = hist_ptr = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007628 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreau294c4732011-12-16 21:35:50 +01007629 ptr_hist[hist_ptr] = ctx->line + ctx->val;
7630 len_hist[hist_ptr] = ctx->vlen;
7631 if (++hist_ptr >= MAX_HDR_HISTORY)
Willy Tarreaubce70882009-09-07 11:51:47 +02007632 hist_ptr = 0;
7633 found++;
7634 }
7635 if (-occ > found)
7636 return 0;
7637 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
7638 * find occurrence -occ, so we have to check [hist_ptr+occ].
7639 */
7640 hist_ptr += occ;
7641 if (hist_ptr >= MAX_HDR_HISTORY)
7642 hist_ptr -= MAX_HDR_HISTORY;
Willy Tarreau294c4732011-12-16 21:35:50 +01007643 *vptr = ptr_hist[hist_ptr];
7644 *vlen = len_hist[hist_ptr];
7645 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02007646}
7647
Willy Tarreaubaaee002006-06-26 02:48:02 +02007648/*
Willy Tarreaue92693a2012-09-24 21:13:39 +02007649 * Print a debug line with a header. Always stop at the first CR or LF char,
7650 * so it is safe to pass it a full buffer if needed. If <err> is not NULL, an
7651 * arrow is printed after the line which contains the pointer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01007652 */
7653void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
7654{
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007655 int max;
7656 chunk_printf(&trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreaufb7508a2012-05-21 16:47:54 +02007657 dir, (unsigned short)si_fd(t->req->prod), (unsigned short)si_fd(t->req->cons));
Willy Tarreaue92693a2012-09-24 21:13:39 +02007658
7659 for (max = 0; start + max < end; max++)
7660 if (start[max] == '\r' || start[max] == '\n')
7661 break;
7662
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007663 UBOUND(max, trash.size - trash.len - 3);
7664 trash.len += strlcpy2(trash.str + trash.len, start, max + 1);
7665 trash.str[trash.len++] = '\n';
7666 if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007667}
7668
Willy Tarreau0937bc42009-12-22 15:03:09 +01007669/*
7670 * Initialize a new HTTP transaction for session <s>. It is assumed that all
7671 * the required fields are properly allocated and that we only need to (re)init
7672 * them. This should be used before processing any new request.
7673 */
7674void http_init_txn(struct session *s)
7675{
7676 struct http_txn *txn = &s->txn;
7677 struct proxy *fe = s->fe;
7678
7679 txn->flags = 0;
7680 txn->status = -1;
7681
William Lallemand5f232402012-04-05 18:02:55 +02007682 global.req_count++;
7683
Willy Tarreauf64d1412010-10-07 20:06:11 +02007684 txn->cookie_first_date = 0;
7685 txn->cookie_last_date = 0;
7686
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01007687 txn->req.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02007688 txn->req.sol = txn->req.eol = txn->req.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01007689 txn->req.next = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01007690 txn->rsp.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02007691 txn->rsp.sol = txn->rsp.eol = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01007692 txn->rsp.next = 0;
Willy Tarreau124d9912011-03-01 20:30:48 +01007693 txn->req.chunk_len = 0LL;
7694 txn->req.body_len = 0LL;
7695 txn->rsp.chunk_len = 0LL;
7696 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007697 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
7698 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Willy Tarreau394db372012-10-12 22:40:39 +02007699 txn->req.chn = s->req;
7700 txn->rsp.chn = s->rep;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01007701
7702 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007703
7704 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
7705 if (fe->options2 & PR_O2_REQBUG_OK)
7706 txn->req.err_pos = -1; /* let buggy requests pass */
7707
Willy Tarreau46023632010-01-07 22:51:47 +01007708 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01007709 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
7710
Willy Tarreau46023632010-01-07 22:51:47 +01007711 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01007712 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
7713
7714 if (txn->hdr_idx.v)
7715 hdr_idx_init(&txn->hdr_idx);
7716}
7717
7718/* to be used at the end of a transaction */
7719void http_end_txn(struct session *s)
7720{
7721 struct http_txn *txn = &s->txn;
7722
7723 /* these ones will have been dynamically allocated */
7724 pool_free2(pool2_requri, txn->uri);
7725 pool_free2(pool2_capture, txn->cli_cookie);
7726 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007727 pool_free2(apools.sessid, txn->sessid);
William Lallemanda73203e2012-03-12 12:48:57 +01007728 pool_free2(pool2_uniqueid, s->unique_id);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01007729
William Lallemanda73203e2012-03-12 12:48:57 +01007730 s->unique_id = NULL;
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007731 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007732 txn->uri = NULL;
7733 txn->srv_cookie = NULL;
7734 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01007735
7736 if (txn->req.cap) {
7737 struct cap_hdr *h;
7738 for (h = s->fe->req_cap; h; h = h->next)
7739 pool_free2(h->pool, txn->req.cap[h->index]);
7740 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
7741 }
7742
7743 if (txn->rsp.cap) {
7744 struct cap_hdr *h;
7745 for (h = s->fe->rsp_cap; h; h = h->next)
7746 pool_free2(h->pool, txn->rsp.cap[h->index]);
7747 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
7748 }
7749
Willy Tarreau0937bc42009-12-22 15:03:09 +01007750}
7751
7752/* to be used at the end of a transaction to prepare a new one */
7753void http_reset_txn(struct session *s)
7754{
7755 http_end_txn(s);
7756 http_init_txn(s);
7757
7758 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007759 s->logs.logwait = s->fe->to_log;
Simon Hormanaf514952011-06-21 14:34:57 +09007760 session_del_srv_conn(s);
Willy Tarreau9e000c62011-03-10 14:03:36 +01007761 clear_target(&s->target);
Emeric Brunb982a3d2010-01-04 15:45:53 +01007762 /* re-init store persistence */
7763 s->store_count = 0;
7764
Willy Tarreau0937bc42009-12-22 15:03:09 +01007765 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007766
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02007767 s->req->flags |= CF_READ_DONTWAIT; /* one read is usually enough */
Willy Tarreau0937bc42009-12-22 15:03:09 +01007768
Willy Tarreau739cfba2010-01-25 23:11:14 +01007769 /* We must trim any excess data from the response buffer, because we
7770 * may have blocked an invalid response from a server that we don't
7771 * want to accidentely forward once we disable the analysers, nor do
7772 * we want those data to come along with next response. A typical
7773 * example of such data would be from a buggy server responding to
7774 * a HEAD with some data, or sending more than the advertised
7775 * content-length.
7776 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007777 if (unlikely(s->rep->buf->i))
7778 s->rep->buf->i = 0;
Willy Tarreau739cfba2010-01-25 23:11:14 +01007779
Willy Tarreau0937bc42009-12-22 15:03:09 +01007780 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02007781 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007782
Willy Tarreaud04e8582010-05-31 12:31:35 +02007783 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007784 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007785
7786 s->req->rex = TICK_ETERNITY;
7787 s->req->wex = TICK_ETERNITY;
7788 s->req->analyse_exp = TICK_ETERNITY;
7789 s->rep->rex = TICK_ETERNITY;
7790 s->rep->wex = TICK_ETERNITY;
7791 s->rep->analyse_exp = TICK_ETERNITY;
7792}
Willy Tarreau58f10d72006-12-04 02:26:12 +01007793
Willy Tarreauff011f22011-01-06 17:51:27 +01007794void free_http_req_rules(struct list *r) {
7795 struct http_req_rule *tr, *pr;
7796
7797 list_for_each_entry_safe(pr, tr, r, list) {
7798 LIST_DEL(&pr->list);
7799 if (pr->action == HTTP_REQ_ACT_HTTP_AUTH)
7800 free(pr->http_auth.realm);
7801
7802 free(pr);
7803 }
7804}
7805
7806struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
7807{
7808 struct http_req_rule *rule;
7809 int cur_arg;
7810
7811 rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
7812 if (!rule) {
7813 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
7814 return NULL;
7815 }
7816
7817 if (!*args[0]) {
7818 goto req_error_parsing;
7819 } else if (!strcmp(args[0], "allow")) {
7820 rule->action = HTTP_REQ_ACT_ALLOW;
7821 cur_arg = 1;
7822 } else if (!strcmp(args[0], "deny")) {
7823 rule->action = HTTP_REQ_ACT_DENY;
7824 cur_arg = 1;
7825 } else if (!strcmp(args[0], "auth")) {
7826 rule->action = HTTP_REQ_ACT_HTTP_AUTH;
7827 cur_arg = 1;
7828
7829 while(*args[cur_arg]) {
7830 if (!strcmp(args[cur_arg], "realm")) {
7831 rule->http_auth.realm = strdup(args[cur_arg + 1]);
7832 cur_arg+=2;
7833 continue;
7834 } else
7835 break;
7836 }
7837 } else {
7838req_error_parsing:
7839 Alert("parsing [%s:%d]: %s '%s', expects 'allow', 'deny', 'auth'.\n",
7840 file, linenum, *args[1]?"unknown parameter":"missing keyword in", args[*args[1]?1:0]);
7841 return NULL;
7842 }
7843
7844 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
7845 struct acl_cond *cond;
Willy Tarreaub7451bb2012-04-27 12:38:15 +02007846 char *errmsg = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01007847
Willy Tarreaub7451bb2012-04-27 12:38:15 +02007848 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
7849 Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
7850 file, linenum, args[0], errmsg);
7851 free(errmsg);
Willy Tarreauff011f22011-01-06 17:51:27 +01007852 return NULL;
7853 }
7854 rule->cond = cond;
7855 }
7856 else if (*args[cur_arg]) {
7857 Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
7858 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
7859 file, linenum, args[0], args[cur_arg]);
7860 return NULL;
7861 }
7862
7863 return rule;
7864}
7865
Willy Tarreau8797c062007-05-07 00:55:35 +02007866/************************************************************************/
7867/* The code below is dedicated to ACL parsing and matching */
7868/************************************************************************/
7869
7870
Willy Tarreau14174bc2012-04-16 14:34:04 +02007871/* This function ensures that the prerequisites for an L7 fetch are ready,
7872 * which means that a request or response is ready. If some data is missing,
7873 * a parsing attempt is made. This is useful in TCP-based ACLs which are able
Willy Tarreau24e32d82012-04-23 23:55:44 +02007874 * to extract data from L7. If <req_vol> is non-null during a request prefetch,
7875 * another test is made to ensure the required information is not gone.
Willy Tarreau14174bc2012-04-16 14:34:04 +02007876 *
7877 * The function returns :
7878 * 0 if some data is missing or if the requested data cannot be fetched
7879 * -1 if it is certain that we'll never have any HTTP message there
7880 * 1 if an HTTP message is ready
7881 */
7882static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007883acl_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02007884 const struct arg *args, struct sample *smp, int req_vol)
Willy Tarreau14174bc2012-04-16 14:34:04 +02007885{
7886 struct http_txn *txn = l7;
7887 struct http_msg *msg = &txn->req;
7888
7889 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
7890 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
7891 */
7892
7893 if (unlikely(!s || !txn))
7894 return 0;
7895
7896 /* Check for a dependency on a request */
Willy Tarreauf853c462012-04-23 18:53:56 +02007897 smp->type = SMP_T_BOOL;
Willy Tarreau14174bc2012-04-16 14:34:04 +02007898
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007899 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02007900 if (unlikely(!s->req))
7901 return 0;
7902
7903 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02007904 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02007905 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau197e10a2012-04-23 19:18:42 +02007906 smp->data.uint = 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02007907 return -1;
7908 }
7909
7910 /* Try to decode HTTP request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007911 if (likely(msg->next < s->req->buf->i))
Willy Tarreau14174bc2012-04-16 14:34:04 +02007912 http_msg_analyzer(msg, &txn->hdr_idx);
7913
7914 /* Still no valid request ? */
7915 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02007916 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02007917 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau197e10a2012-04-23 19:18:42 +02007918 smp->data.uint = 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02007919 return -1;
7920 }
7921 /* wait for final state */
Willy Tarreau37406352012-04-23 16:16:37 +02007922 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02007923 return 0;
7924 }
7925
7926 /* OK we just got a valid HTTP request. We have some minor
7927 * preparation to perform so that further checks can rely
7928 * on HTTP tests.
7929 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007930 txn->meth = find_http_meth(msg->chn->buf->p, msg->sl.rq.m_l);
Willy Tarreau14174bc2012-04-16 14:34:04 +02007931 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
7932 s->flags |= SN_REDIRECTABLE;
7933
7934 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn)) {
Willy Tarreau197e10a2012-04-23 19:18:42 +02007935 smp->data.uint = 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02007936 return -1;
7937 }
7938 }
7939
Willy Tarreau24e32d82012-04-23 23:55:44 +02007940 if (req_vol && txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
Willy Tarreau14174bc2012-04-16 14:34:04 +02007941 return 0; /* data might have moved and indexes changed */
7942
7943 /* otherwise everything's ready for the request */
7944 }
Willy Tarreau24e32d82012-04-23 23:55:44 +02007945 else {
7946 /* Check for a dependency on a response */
Willy Tarreau14174bc2012-04-16 14:34:04 +02007947 if (txn->rsp.msg_state < HTTP_MSG_BODY)
7948 return 0;
7949 }
7950
7951 /* everything's OK */
7952 return 1;
7953}
Willy Tarreau8797c062007-05-07 00:55:35 +02007954
Willy Tarreauc0239e02012-04-16 14:42:55 +02007955#define CHECK_HTTP_MESSAGE_FIRST() \
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007956 do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
Willy Tarreauc0239e02012-04-16 14:42:55 +02007957
Willy Tarreau24e32d82012-04-23 23:55:44 +02007958#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007959 do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
Willy Tarreau24e32d82012-04-23 23:55:44 +02007960
Willy Tarreau8797c062007-05-07 00:55:35 +02007961
7962/* 1. Check on METHOD
7963 * We use the pre-parsed method if it is known, and store its number as an
7964 * integer. If it is unknown, we use the pointer and the length.
7965 */
Willy Tarreau7dcb6482012-04-27 17:52:25 +02007966static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02007967{
7968 int len, meth;
7969
Willy Tarreauae8b7962007-06-09 23:10:04 +02007970 len = strlen(*text);
7971 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02007972
7973 pattern->val.i = meth;
7974 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02007975 pattern->ptr.str = strdup(*text);
Willy Tarreau7dcb6482012-04-27 17:52:25 +02007976 if (!pattern->ptr.str) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007977 memprintf(err, "out of memory while loading pattern");
Willy Tarreau8797c062007-05-07 00:55:35 +02007978 return 0;
Willy Tarreau7dcb6482012-04-27 17:52:25 +02007979 }
Willy Tarreau8797c062007-05-07 00:55:35 +02007980 pattern->len = len;
7981 }
7982 return 1;
7983}
7984
Willy Tarreau8e5e9552011-12-16 15:38:49 +01007985/* This function fetches the method of current HTTP request and stores
7986 * it in the global pattern struct as a chunk. There are two possibilities :
7987 * - if the method is known (not HTTP_METH_OTHER), its identifier is stored
7988 * in <len> and <ptr> is NULL ;
7989 * - if the method is unknown (HTTP_METH_OTHER), <ptr> points to the text and
7990 * <len> to its length.
7991 * This is intended to be used with acl_match_meth() only.
7992 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007993static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007994acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02007995 const struct arg *args, struct sample *smp)
Willy Tarreau8797c062007-05-07 00:55:35 +02007996{
7997 int meth;
7998 struct http_txn *txn = l7;
7999
Willy Tarreau24e32d82012-04-23 23:55:44 +02008000 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008001
Willy Tarreau8797c062007-05-07 00:55:35 +02008002 meth = txn->meth;
Willy Tarreauf853c462012-04-23 18:53:56 +02008003 smp->type = SMP_T_UINT;
8004 smp->data.uint = meth;
Willy Tarreau8797c062007-05-07 00:55:35 +02008005 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02008006 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
8007 /* ensure the indexes are not affected */
8008 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02008009 smp->type = SMP_T_CSTR;
8010 smp->data.str.len = txn->req.sl.rq.m_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008011 smp->data.str.str = txn->req.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02008012 }
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02008013 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008014 return 1;
8015}
8016
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008017/* See above how the method is stored in the global pattern */
Willy Tarreau37406352012-04-23 16:16:37 +02008018static int acl_match_meth(struct sample *smp, struct acl_pattern *pattern)
Willy Tarreau8797c062007-05-07 00:55:35 +02008019{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02008020 int icase;
8021
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008022
Willy Tarreauf853c462012-04-23 18:53:56 +02008023 if (smp->type == SMP_T_UINT) {
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008024 /* well-known method */
Willy Tarreauf853c462012-04-23 18:53:56 +02008025 if (smp->data.uint == pattern->val.i)
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008026 return ACL_PAT_PASS;
Willy Tarreau11382812008-07-09 16:18:21 +02008027 return ACL_PAT_FAIL;
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008028 }
Willy Tarreau8797c062007-05-07 00:55:35 +02008029
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008030 /* Uncommon method, only HTTP_METH_OTHER is accepted now */
8031 if (pattern->val.i != HTTP_METH_OTHER)
8032 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02008033
8034 /* Other method, we must compare the strings */
Willy Tarreauf853c462012-04-23 18:53:56 +02008035 if (pattern->len != smp->data.str.len)
Willy Tarreau11382812008-07-09 16:18:21 +02008036 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02008037
8038 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
Willy Tarreauf853c462012-04-23 18:53:56 +02008039 if ((icase && strncasecmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0) ||
8040 (!icase && strncmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02008041 return ACL_PAT_FAIL;
8042 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02008043}
8044
8045/* 2. Check on Request/Status Version
8046 * We simply compare strings here.
8047 */
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008048static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02008049{
Willy Tarreauae8b7962007-06-09 23:10:04 +02008050 pattern->ptr.str = strdup(*text);
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008051 if (!pattern->ptr.str) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008052 memprintf(err, "out of memory while loading pattern");
Willy Tarreau8797c062007-05-07 00:55:35 +02008053 return 0;
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008054 }
Willy Tarreauae8b7962007-06-09 23:10:04 +02008055 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02008056 return 1;
8057}
8058
Willy Tarreaud41f8d82007-06-10 10:06:18 +02008059static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008060acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008061 const struct arg *args, struct sample *smp)
Willy Tarreau8797c062007-05-07 00:55:35 +02008062{
8063 struct http_txn *txn = l7;
8064 char *ptr;
8065 int len;
8066
Willy Tarreauc0239e02012-04-16 14:42:55 +02008067 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008068
Willy Tarreau8797c062007-05-07 00:55:35 +02008069 len = txn->req.sl.rq.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008070 ptr = txn->req.chn->buf->p + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02008071
8072 while ((len-- > 0) && (*ptr++ != '/'));
8073 if (len <= 0)
8074 return 0;
8075
Willy Tarreauf853c462012-04-23 18:53:56 +02008076 smp->type = SMP_T_CSTR;
8077 smp->data.str.str = ptr;
8078 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02008079
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02008080 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008081 return 1;
8082}
8083
Willy Tarreaud41f8d82007-06-10 10:06:18 +02008084static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008085acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008086 const struct arg *args, struct sample *smp)
Willy Tarreau8797c062007-05-07 00:55:35 +02008087{
8088 struct http_txn *txn = l7;
8089 char *ptr;
8090 int len;
8091
Willy Tarreauc0239e02012-04-16 14:42:55 +02008092 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008093
Willy Tarreau8797c062007-05-07 00:55:35 +02008094 len = txn->rsp.sl.st.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008095 ptr = txn->rsp.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02008096
8097 while ((len-- > 0) && (*ptr++ != '/'));
8098 if (len <= 0)
8099 return 0;
8100
Willy Tarreauf853c462012-04-23 18:53:56 +02008101 smp->type = SMP_T_CSTR;
8102 smp->data.str.str = ptr;
8103 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02008104
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02008105 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008106 return 1;
8107}
8108
8109/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02008110static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008111acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008112 const struct arg *args, struct sample *smp)
Willy Tarreau8797c062007-05-07 00:55:35 +02008113{
8114 struct http_txn *txn = l7;
8115 char *ptr;
8116 int len;
8117
Willy Tarreauc0239e02012-04-16 14:42:55 +02008118 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008119
Willy Tarreau8797c062007-05-07 00:55:35 +02008120 len = txn->rsp.sl.st.c_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008121 ptr = txn->rsp.chn->buf->p + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02008122
Willy Tarreauf853c462012-04-23 18:53:56 +02008123 smp->type = SMP_T_UINT;
8124 smp->data.uint = __strl2ui(ptr, len);
Willy Tarreau37406352012-04-23 16:16:37 +02008125 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008126 return 1;
8127}
8128
8129/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02008130static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008131smp_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008132 const struct arg *args, struct sample *smp)
Willy Tarreau8797c062007-05-07 00:55:35 +02008133{
8134 struct http_txn *txn = l7;
8135
Willy Tarreauc0239e02012-04-16 14:42:55 +02008136 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008137
Willy Tarreauf853c462012-04-23 18:53:56 +02008138 smp->type = SMP_T_CSTR;
8139 smp->data.str.len = txn->req.sl.rq.u_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008140 smp->data.str.str = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau37406352012-04-23 16:16:37 +02008141 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008142 return 1;
8143}
8144
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008145static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008146smp_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008147 const struct arg *args, struct sample *smp)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008148{
8149 struct http_txn *txn = l7;
8150
Willy Tarreauc0239e02012-04-16 14:42:55 +02008151 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008152
8153 /* Parse HTTP request */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008154 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
8155 if (((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_family != AF_INET)
Willy Tarreauf4362b32011-12-16 17:49:52 +01008156 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02008157 smp->type = SMP_T_IPV4;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008158 smp->data.ipv4 = ((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008159
8160 /*
8161 * If we are parsing url in frontend space, we prepare backend stage
8162 * to not parse again the same url ! optimization lazyness...
8163 */
8164 if (px->options & PR_O_HTTP_PROXY)
8165 l4->flags |= SN_ADDR_SET;
8166
Willy Tarreau37406352012-04-23 16:16:37 +02008167 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008168 return 1;
8169}
8170
8171static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008172smp_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008173 const struct arg *args, struct sample *smp)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008174{
8175 struct http_txn *txn = l7;
8176
Willy Tarreauc0239e02012-04-16 14:42:55 +02008177 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008178
8179 /* Same optimization as url_ip */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008180 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
Willy Tarreauf853c462012-04-23 18:53:56 +02008181 smp->type = SMP_T_UINT;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008182 smp->data.uint = ntohs(((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_port);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008183
8184 if (px->options & PR_O_HTTP_PROXY)
8185 l4->flags |= SN_ADDR_SET;
8186
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02008187 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01008188 return 1;
8189}
8190
Willy Tarreau185b5c42012-04-26 15:11:51 +02008191/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
8192 * Accepts an optional argument of type string containing the header field name,
8193 * and an optional argument of type signed or unsigned integer to request an
8194 * explicit occurrence of the header. Note that in the event of a missing name,
8195 * headers are considered from the first one.
Willy Tarreauc11416f2007-06-17 16:58:38 +02008196 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02008197static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02008198smp_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008199 const struct arg *args, struct sample *smp)
Willy Tarreau33a7e692007-06-10 19:45:56 +02008200{
8201 struct http_txn *txn = l7;
8202 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreau37406352012-04-23 16:16:37 +02008203 struct hdr_ctx *ctx = (struct hdr_ctx *)smp->ctx.a;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008204 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau185b5c42012-04-26 15:11:51 +02008205 int occ = 0;
8206 const char *name_str = NULL;
8207 int name_len = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02008208
Willy Tarreau185b5c42012-04-26 15:11:51 +02008209 if (args) {
8210 if (args[0].type != ARGT_STR)
8211 return 0;
8212 name_str = args[0].data.str.str;
8213 name_len = args[0].data.str.len;
8214
8215 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
8216 occ = args[1].data.uint;
8217 }
Willy Tarreau34db1082012-04-19 17:16:54 +02008218
Willy Tarreaue333ec92012-04-16 16:26:40 +02008219 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau33a7e692007-06-10 19:45:56 +02008220
Willy Tarreau185b5c42012-04-26 15:11:51 +02008221 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
Willy Tarreau33a7e692007-06-10 19:45:56 +02008222 /* search for header from the beginning */
8223 ctx->idx = 0;
8224
Willy Tarreau185b5c42012-04-26 15:11:51 +02008225 if (!occ && !(opt & SMP_OPT_ITERATE))
8226 /* no explicit occurrence and single fetch => last header by default */
8227 occ = -1;
8228
8229 if (!occ)
8230 /* prepare to report multiple occurrences for ACL fetches */
Willy Tarreau37406352012-04-23 16:16:37 +02008231 smp->flags |= SMP_F_NOT_LAST;
Willy Tarreau664092c2011-12-16 19:11:42 +01008232
Willy Tarreau185b5c42012-04-26 15:11:51 +02008233 smp->type = SMP_T_CSTR;
8234 smp->flags |= SMP_F_VOL_HDR;
8235 if (http_get_hdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
Willy Tarreau33a7e692007-06-10 19:45:56 +02008236 return 1;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008237
Willy Tarreau37406352012-04-23 16:16:37 +02008238 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008239 return 0;
8240}
8241
Willy Tarreauc11416f2007-06-17 16:58:38 +02008242/* 6. Check on HTTP header count. The number of occurrences is returned.
Willy Tarreau34db1082012-04-19 17:16:54 +02008243 * Accepts exactly 1 argument of type string.
Willy Tarreauc11416f2007-06-17 16:58:38 +02008244 */
8245static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02008246smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008247 const struct arg *args, struct sample *smp)
Willy Tarreau33a7e692007-06-10 19:45:56 +02008248{
8249 struct http_txn *txn = l7;
8250 struct hdr_idx *idx = &txn->hdr_idx;
8251 struct hdr_ctx ctx;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008252 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008253 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02008254
Willy Tarreau24e32d82012-04-23 23:55:44 +02008255 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02008256 return 0;
8257
Willy Tarreaue333ec92012-04-16 16:26:40 +02008258 CHECK_HTTP_MESSAGE_FIRST();
8259
Willy Tarreau33a7e692007-06-10 19:45:56 +02008260 ctx.idx = 0;
8261 cnt = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008262 while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
Willy Tarreau33a7e692007-06-10 19:45:56 +02008263 cnt++;
8264
Willy Tarreauf853c462012-04-23 18:53:56 +02008265 smp->type = SMP_T_UINT;
8266 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02008267 smp->flags = SMP_F_VOL_HDR;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008268 return 1;
8269}
8270
Willy Tarreau185b5c42012-04-26 15:11:51 +02008271/* Fetch an HTTP header's integer value. The integer value is returned. It
8272 * takes a mandatory argument of type string and an optional one of type int
8273 * to designate a specific occurrence. It returns an unsigned integer, which
8274 * may or may not be appropriate for everything.
Willy Tarreau33a7e692007-06-10 19:45:56 +02008275 */
8276static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02008277smp_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008278 const struct arg *args, struct sample *smp)
Willy Tarreau33a7e692007-06-10 19:45:56 +02008279{
Willy Tarreau185b5c42012-04-26 15:11:51 +02008280 int ret = smp_fetch_hdr(px, l4, l7, opt, args, smp);
Willy Tarreaue333ec92012-04-16 16:26:40 +02008281
Willy Tarreauf853c462012-04-23 18:53:56 +02008282 if (ret > 0) {
8283 smp->type = SMP_T_UINT;
8284 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
8285 }
Willy Tarreau33a7e692007-06-10 19:45:56 +02008286
Willy Tarreaud53e2422012-04-16 17:21:11 +02008287 return ret;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008288}
8289
Cyril Bonté69fa9922012-10-25 00:01:06 +02008290/* Fetch an HTTP header's IP value. takes a mandatory argument of type string
8291 * and an optional one of type int to designate a specific occurrence.
8292 * It returns an IPv4 or IPv6 address.
Willy Tarreau106f9792009-09-19 07:54:16 +02008293 */
8294static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02008295smp_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008296 const struct arg *args, struct sample *smp)
Willy Tarreau106f9792009-09-19 07:54:16 +02008297{
Willy Tarreaud53e2422012-04-16 17:21:11 +02008298 int ret;
Willy Tarreaue333ec92012-04-16 16:26:40 +02008299
Willy Tarreau185b5c42012-04-26 15:11:51 +02008300 while ((ret = smp_fetch_hdr(px, l4, l7, opt, args, smp)) > 0) {
Cyril Bonté69fa9922012-10-25 00:01:06 +02008301 if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) {
8302 smp->type = SMP_T_IPV4;
Willy Tarreaud53e2422012-04-16 17:21:11 +02008303 break;
Cyril Bonté69fa9922012-10-25 00:01:06 +02008304 } else {
8305 struct chunk *temp = sample_get_trash_chunk();
8306 if (smp->data.str.len < temp->size - 1) {
8307 memcpy(temp->str, smp->data.str.str, smp->data.str.len);
8308 temp->str[smp->data.str.len] = '\0';
8309 if (inet_pton(AF_INET6, temp->str, &smp->data.ipv6)) {
8310 smp->type = SMP_T_IPV6;
8311 break;
8312 }
8313 }
8314 }
8315
Willy Tarreaud53e2422012-04-16 17:21:11 +02008316 /* if the header doesn't match an IP address, fetch next one */
Willy Tarreau185b5c42012-04-26 15:11:51 +02008317 if (!(smp->flags & SMP_F_NOT_LAST))
8318 return 0;
Willy Tarreau106f9792009-09-19 07:54:16 +02008319 }
Willy Tarreaud53e2422012-04-16 17:21:11 +02008320 return ret;
Willy Tarreau106f9792009-09-19 07:54:16 +02008321}
8322
Willy Tarreau737b0c12007-06-10 21:28:46 +02008323/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
8324 * the first '/' after the possible hostname, and ends before the possible '?'.
8325 */
8326static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008327smp_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008328 const struct arg *args, struct sample *smp)
Willy Tarreau737b0c12007-06-10 21:28:46 +02008329{
8330 struct http_txn *txn = l7;
8331 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008332
Willy Tarreauc0239e02012-04-16 14:42:55 +02008333 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008334
Willy Tarreau9b28e032012-10-12 23:49:43 +02008335 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01008336 ptr = http_get_path(txn);
8337 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02008338 return 0;
8339
8340 /* OK, we got the '/' ! */
Willy Tarreauf853c462012-04-23 18:53:56 +02008341 smp->type = SMP_T_CSTR;
8342 smp->data.str.str = ptr;
Willy Tarreau737b0c12007-06-10 21:28:46 +02008343
8344 while (ptr < end && *ptr != '?')
8345 ptr++;
8346
Willy Tarreauf853c462012-04-23 18:53:56 +02008347 smp->data.str.len = ptr - smp->data.str.str;
Willy Tarreau37406352012-04-23 16:16:37 +02008348 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau737b0c12007-06-10 21:28:46 +02008349 return 1;
8350}
8351
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008352/* This produces a concatenation of the first occurrence of the Host header
8353 * followed by the path component if it begins with a slash ('/'). This means
8354 * that '*' will not be added, resulting in exactly the first Host entry.
8355 * If no Host header is found, then the path is returned as-is. The returned
8356 * value is stored in the trash so it does not need to be marked constant.
8357 */
8358static int
8359smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8360 const struct arg *args, struct sample *smp)
8361{
8362 struct http_txn *txn = l7;
8363 char *ptr, *end, *beg;
8364 struct hdr_ctx ctx;
8365
8366 CHECK_HTTP_MESSAGE_FIRST();
8367
8368 ctx.idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008369 if (!http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx) ||
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008370 !ctx.vlen)
8371 return smp_fetch_path(px, l4, l7, opt, args, smp);
8372
8373 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008374 memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008375 smp->type = SMP_T_STR;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008376 smp->data.str.str = trash.str;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008377 smp->data.str.len = ctx.vlen;
8378
8379 /* now retrieve the path */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008380 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008381 beg = http_get_path(txn);
8382 if (!beg)
8383 beg = end;
8384
8385 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
8386
8387 if (beg < ptr && *beg == '/') {
8388 memcpy(smp->data.str.str + smp->data.str.len, beg, ptr - beg);
8389 smp->data.str.len += ptr - beg;
8390 }
8391
8392 smp->flags = SMP_F_VOL_1ST;
8393 return 1;
8394}
8395
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008396static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008397acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008398 const struct arg *args, struct sample *smp)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008399{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008400 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
8401 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
8402 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008403
Willy Tarreau24e32d82012-04-23 23:55:44 +02008404 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008405
Willy Tarreauf853c462012-04-23 18:53:56 +02008406 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02008407 smp->data.uint = 1;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008408 return 1;
8409}
8410
Willy Tarreau7f18e522010-10-22 20:04:13 +02008411/* return a valid test if the current request is the first one on the connection */
8412static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008413acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008414 const struct arg *args, struct sample *smp)
Willy Tarreau7f18e522010-10-22 20:04:13 +02008415{
8416 if (!s)
8417 return 0;
8418
Willy Tarreauf853c462012-04-23 18:53:56 +02008419 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02008420 smp->data.uint = !(s->txn.flags & TX_NOT_FIRST);
Willy Tarreau7f18e522010-10-22 20:04:13 +02008421 return 1;
8422}
8423
Willy Tarreau34db1082012-04-19 17:16:54 +02008424/* Accepts exactly 1 argument of type userlist */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008425static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008426acl_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008427 const struct arg *args, struct sample *smp)
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008428{
8429
Willy Tarreau24e32d82012-04-23 23:55:44 +02008430 if (!args || args->type != ARGT_USR)
Willy Tarreau34db1082012-04-19 17:16:54 +02008431 return 0;
8432
Willy Tarreauc0239e02012-04-16 14:42:55 +02008433 CHECK_HTTP_MESSAGE_FIRST();
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008434
Willy Tarreauc0239e02012-04-16 14:42:55 +02008435 if (!get_http_auth(l4))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008436 return 0;
8437
Willy Tarreauf853c462012-04-23 18:53:56 +02008438 smp->type = SMP_T_BOOL;
Willy Tarreau24e32d82012-04-23 23:55:44 +02008439 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008440 return 1;
8441}
Willy Tarreau8797c062007-05-07 00:55:35 +02008442
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02008443/* Accepts exactly 1 argument of type userlist */
8444static int
8445acl_fetch_http_auth_grp(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8446 const struct arg *args, struct sample *smp)
8447{
8448
8449 if (!args || args->type != ARGT_USR)
8450 return 0;
8451
8452 CHECK_HTTP_MESSAGE_FIRST();
8453
8454 if (!get_http_auth(l4))
8455 return 0;
8456
8457 /* acl_match_auth() will need several information at once */
8458 smp->ctx.a[0] = args->data.usr; /* user list */
8459 smp->ctx.a[1] = l4->txn.auth.user; /* user name */
8460 smp->ctx.a[2] = l4->txn.auth.pass; /* password */
8461
8462 /* if the user does not belong to the userlist or has a wrong password,
8463 * report that it unconditionally does not match. Otherwise we return
8464 * a non-zero integer which will be ignored anyway since all the params
8465 * that acl_match_auth() will use are in test->ctx.a[0,1,2].
8466 */
8467 smp->type = SMP_T_BOOL;
8468 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
8469 if (smp->data.uint)
8470 smp->type = SMP_T_UINT;
8471
8472 return 1;
8473}
8474
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008475/* Try to find the next occurrence of a cookie name in a cookie header value.
8476 * The lookup begins at <hdr>. The pointer and size of the next occurrence of
8477 * the cookie value is returned into *value and *value_l, and the function
8478 * returns a pointer to the next pointer to search from if the value was found.
8479 * Otherwise if the cookie was not found, NULL is returned and neither value
8480 * nor value_l are touched. The input <hdr> string should first point to the
8481 * header's value, and the <hdr_end> pointer must point to the first character
8482 * not part of the value. <list> must be non-zero if value may represent a list
8483 * of values (cookie headers). This makes it faster to abort parsing when no
8484 * list is expected.
8485 */
8486static char *
8487extract_cookie_value(char *hdr, const char *hdr_end,
8488 char *cookie_name, size_t cookie_name_l, int list,
Willy Tarreau3fb818c2012-04-11 17:21:08 +02008489 char **value, int *value_l)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008490{
8491 char *equal, *att_end, *att_beg, *val_beg, *val_end;
8492 char *next;
8493
8494 /* we search at least a cookie name followed by an equal, and more
8495 * generally something like this :
8496 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
8497 */
8498 for (att_beg = hdr; att_beg + cookie_name_l + 1 < hdr_end; att_beg = next + 1) {
8499 /* Iterate through all cookies on this line */
8500
8501 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
8502 att_beg++;
8503
8504 /* find att_end : this is the first character after the last non
8505 * space before the equal. It may be equal to hdr_end.
8506 */
8507 equal = att_end = att_beg;
8508
8509 while (equal < hdr_end) {
8510 if (*equal == '=' || *equal == ';' || (list && *equal == ','))
8511 break;
8512 if (http_is_spht[(unsigned char)*equal++])
8513 continue;
8514 att_end = equal;
8515 }
8516
8517 /* here, <equal> points to '=', a delimitor or the end. <att_end>
8518 * is between <att_beg> and <equal>, both may be identical.
8519 */
8520
8521 /* look for end of cookie if there is an equal sign */
8522 if (equal < hdr_end && *equal == '=') {
8523 /* look for the beginning of the value */
8524 val_beg = equal + 1;
8525 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
8526 val_beg++;
8527
8528 /* find the end of the value, respecting quotes */
8529 next = find_cookie_value_end(val_beg, hdr_end);
8530
8531 /* make val_end point to the first white space or delimitor after the value */
8532 val_end = next;
8533 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
8534 val_end--;
8535 } else {
8536 val_beg = val_end = next = equal;
8537 }
8538
8539 /* We have nothing to do with attributes beginning with '$'. However,
8540 * they will automatically be removed if a header before them is removed,
8541 * since they're supposed to be linked together.
8542 */
8543 if (*att_beg == '$')
8544 continue;
8545
8546 /* Ignore cookies with no equal sign */
8547 if (equal == next)
8548 continue;
8549
8550 /* Now we have the cookie name between att_beg and att_end, and
8551 * its value between val_beg and val_end.
8552 */
8553
8554 if (att_end - att_beg == cookie_name_l &&
8555 memcmp(att_beg, cookie_name, cookie_name_l) == 0) {
8556 /* let's return this value and indicate where to go on from */
8557 *value = val_beg;
8558 *value_l = val_end - val_beg;
8559 return next + 1;
8560 }
8561
8562 /* Set-Cookie headers only have the name in the first attr=value part */
8563 if (!list)
8564 break;
8565 }
8566
8567 return NULL;
8568}
8569
Willy Tarreaue333ec92012-04-16 16:26:40 +02008570/* Iterate over all cookies present in a message. The context is stored in
Willy Tarreau37406352012-04-23 16:16:37 +02008571 * smp->ctx.a[0] for the in-header position, smp->ctx.a[1] for the
8572 * end-of-header-value, and smp->ctx.a[2] for the hdr_idx. Depending on
Willy Tarreaue333ec92012-04-16 16:26:40 +02008573 * the direction, multiple cookies may be parsed on the same line or not.
Willy Tarreau24e32d82012-04-23 23:55:44 +02008574 * The cookie name is in args and the name length in args->data.str.len.
Willy Tarreau28376d62012-04-26 21:26:10 +02008575 * Accepts exactly 1 argument of type string. If the input options indicate
8576 * that no iterating is desired, then only last value is fetched if any.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008577 */
8578static int
Willy Tarreau51539362012-05-08 12:46:28 +02008579smp_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8580 const struct arg *args, struct sample *smp)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008581{
8582 struct http_txn *txn = l7;
8583 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreau37406352012-04-23 16:16:37 +02008584 struct hdr_ctx *ctx = (struct hdr_ctx *)&smp->ctx.a[2];
Willy Tarreaue333ec92012-04-16 16:26:40 +02008585 const struct http_msg *msg;
8586 const char *hdr_name;
8587 int hdr_name_len;
8588 char *sol;
Willy Tarreau28376d62012-04-26 21:26:10 +02008589 int occ = 0;
8590 int found = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02008591
Willy Tarreau24e32d82012-04-23 23:55:44 +02008592 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02008593 return 0;
8594
Willy Tarreaue333ec92012-04-16 16:26:40 +02008595 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008596
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008597 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02008598 msg = &txn->req;
8599 hdr_name = "Cookie";
8600 hdr_name_len = 6;
8601 } else {
8602 msg = &txn->rsp;
8603 hdr_name = "Set-Cookie";
8604 hdr_name_len = 10;
8605 }
8606
Willy Tarreau28376d62012-04-26 21:26:10 +02008607 if (!occ && !(opt & SMP_OPT_ITERATE))
8608 /* no explicit occurrence and single fetch => last cookie by default */
8609 occ = -1;
8610
8611 /* OK so basically here, either we want only one value and it's the
8612 * last one, or we want to iterate over all of them and we fetch the
8613 * next one.
8614 */
8615
Willy Tarreau9b28e032012-10-12 23:49:43 +02008616 sol = msg->chn->buf->p;
Willy Tarreau37406352012-04-23 16:16:37 +02008617 if (!(smp->flags & SMP_F_NOT_LAST)) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008618 /* search for the header from the beginning, we must first initialize
8619 * the search parameters.
8620 */
Willy Tarreau37406352012-04-23 16:16:37 +02008621 smp->ctx.a[0] = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008622 ctx->idx = 0;
8623 }
8624
Willy Tarreau28376d62012-04-26 21:26:10 +02008625 smp->flags |= SMP_F_VOL_HDR;
8626
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008627 while (1) {
Willy Tarreau37406352012-04-23 16:16:37 +02008628 /* Note: smp->ctx.a[0] == NULL every time we need to fetch a new header */
8629 if (!smp->ctx.a[0]) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008630 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, ctx))
8631 goto out;
8632
Willy Tarreau24e32d82012-04-23 23:55:44 +02008633 if (ctx->vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008634 continue;
8635
Willy Tarreau37406352012-04-23 16:16:37 +02008636 smp->ctx.a[0] = ctx->line + ctx->val;
8637 smp->ctx.a[1] = smp->ctx.a[0] + ctx->vlen;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008638 }
8639
Willy Tarreauf853c462012-04-23 18:53:56 +02008640 smp->type = SMP_T_CSTR;
Willy Tarreau37406352012-04-23 16:16:37 +02008641 smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
Willy Tarreau24e32d82012-04-23 23:55:44 +02008642 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008643 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02008644 &smp->data.str.str,
8645 &smp->data.str.len);
Willy Tarreau37406352012-04-23 16:16:37 +02008646 if (smp->ctx.a[0]) {
Willy Tarreau28376d62012-04-26 21:26:10 +02008647 found = 1;
8648 if (occ >= 0) {
8649 /* one value was returned into smp->data.str.{str,len} */
8650 smp->flags |= SMP_F_NOT_LAST;
8651 return 1;
8652 }
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008653 }
Willy Tarreau28376d62012-04-26 21:26:10 +02008654 /* if we're looking for last occurrence, let's loop */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008655 }
Willy Tarreau28376d62012-04-26 21:26:10 +02008656 /* all cookie headers and values were scanned. If we're looking for the
8657 * last occurrence, we may return it now.
8658 */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008659 out:
Willy Tarreau37406352012-04-23 16:16:37 +02008660 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau28376d62012-04-26 21:26:10 +02008661 return found;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008662}
8663
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008664/* Iterate over all cookies present in a request to count how many occurrences
Willy Tarreau24e32d82012-04-23 23:55:44 +02008665 * match the name in args and args->data.str.len. If <multi> is non-null, then
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008666 * multiple cookies may be parsed on the same line.
Willy Tarreau34db1082012-04-19 17:16:54 +02008667 * Accepts exactly 1 argument of type string.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008668 */
8669static int
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008670acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008671 const struct arg *args, struct sample *smp)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008672{
8673 struct http_txn *txn = l7;
8674 struct hdr_idx *idx = &txn->hdr_idx;
8675 struct hdr_ctx ctx;
Willy Tarreaue333ec92012-04-16 16:26:40 +02008676 const struct http_msg *msg;
8677 const char *hdr_name;
8678 int hdr_name_len;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008679 int cnt;
8680 char *val_beg, *val_end;
Willy Tarreaue333ec92012-04-16 16:26:40 +02008681 char *sol;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008682
Willy Tarreau24e32d82012-04-23 23:55:44 +02008683 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02008684 return 0;
8685
Willy Tarreaue333ec92012-04-16 16:26:40 +02008686 CHECK_HTTP_MESSAGE_FIRST();
8687
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008688 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02008689 msg = &txn->req;
8690 hdr_name = "Cookie";
8691 hdr_name_len = 6;
8692 } else {
8693 msg = &txn->rsp;
8694 hdr_name = "Set-Cookie";
8695 hdr_name_len = 10;
8696 }
8697
Willy Tarreau9b28e032012-10-12 23:49:43 +02008698 sol = msg->chn->buf->p;
Willy Tarreau46787ed2012-04-11 17:28:40 +02008699 val_end = val_beg = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008700 ctx.idx = 0;
8701 cnt = 0;
8702
8703 while (1) {
8704 /* Note: val_beg == NULL every time we need to fetch a new header */
8705 if (!val_beg) {
8706 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, &ctx))
8707 break;
8708
Willy Tarreau24e32d82012-04-23 23:55:44 +02008709 if (ctx.vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008710 continue;
8711
8712 val_beg = ctx.line + ctx.val;
8713 val_end = val_beg + ctx.vlen;
8714 }
8715
Willy Tarreauf853c462012-04-23 18:53:56 +02008716 smp->type = SMP_T_CSTR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008717 while ((val_beg = extract_cookie_value(val_beg, val_end,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008718 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008719 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02008720 &smp->data.str.str,
8721 &smp->data.str.len))) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008722 cnt++;
8723 }
8724 }
8725
Willy Tarreauf853c462012-04-23 18:53:56 +02008726 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02008727 smp->flags |= SMP_F_VOL_HDR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02008728 return 1;
8729}
8730
Willy Tarreau51539362012-05-08 12:46:28 +02008731/* Fetch an cookie's integer value. The integer value is returned. It
8732 * takes a mandatory argument of type string. It relies on smp_fetch_cookie().
8733 */
8734static int
8735smp_fetch_cookie_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8736 const struct arg *args, struct sample *smp)
8737{
8738 int ret = smp_fetch_cookie(px, l4, l7, opt, args, smp);
8739
8740 if (ret > 0) {
8741 smp->type = SMP_T_UINT;
8742 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
8743 }
8744
8745 return ret;
8746}
8747
Willy Tarreau8797c062007-05-07 00:55:35 +02008748/************************************************************************/
Willy Tarreau12785782012-04-27 21:37:17 +02008749/* The code below is dedicated to sample fetches */
Willy Tarreau4a568972010-05-12 08:08:50 +02008750/************************************************************************/
8751
David Cournapeau16023ee2010-12-23 20:55:41 +09008752/*
8753 * Given a path string and its length, find the position of beginning of the
8754 * query string. Returns NULL if no query string is found in the path.
8755 *
8756 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
8757 *
8758 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
8759 */
bedis4c75cca2012-10-05 08:38:24 +02008760static inline char *find_param_list(char *path, size_t path_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09008761{
8762 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +02008763
bedis4c75cca2012-10-05 08:38:24 +02008764 p = memchr(path, delim, path_l);
David Cournapeau16023ee2010-12-23 20:55:41 +09008765 return p ? p + 1 : NULL;
8766}
8767
bedis4c75cca2012-10-05 08:38:24 +02008768static inline int is_param_delimiter(char c, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09008769{
bedis4c75cca2012-10-05 08:38:24 +02008770 return c == '&' || c == ';' || c == delim;
David Cournapeau16023ee2010-12-23 20:55:41 +09008771}
8772
8773/*
8774 * Given a url parameter, find the starting position of the first occurence,
8775 * or NULL if the parameter is not found.
8776 *
8777 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
8778 * the function will return query_string+8.
8779 */
8780static char*
8781find_url_param_pos(char* query_string, size_t query_string_l,
bedis4c75cca2012-10-05 08:38:24 +02008782 char* url_param_name, size_t url_param_name_l,
8783 char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09008784{
8785 char *pos, *last;
8786
8787 pos = query_string;
8788 last = query_string + query_string_l - url_param_name_l - 1;
8789
8790 while (pos <= last) {
8791 if (pos[url_param_name_l] == '=') {
8792 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
8793 return pos;
8794 pos += url_param_name_l + 1;
8795 }
bedis4c75cca2012-10-05 08:38:24 +02008796 while (pos <= last && !is_param_delimiter(*pos, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +09008797 pos++;
8798 pos++;
8799 }
8800 return NULL;
8801}
8802
8803/*
8804 * Given a url parameter name, returns its value and size into *value and
8805 * *value_l respectively, and returns non-zero. If the parameter is not found,
8806 * zero is returned and value/value_l are not touched.
8807 */
8808static int
8809find_url_param_value(char* path, size_t path_l,
8810 char* url_param_name, size_t url_param_name_l,
bedis4c75cca2012-10-05 08:38:24 +02008811 char** value, int* value_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09008812{
8813 char *query_string, *qs_end;
8814 char *arg_start;
8815 char *value_start, *value_end;
8816
bedis4c75cca2012-10-05 08:38:24 +02008817 query_string = find_param_list(path, path_l, delim);
David Cournapeau16023ee2010-12-23 20:55:41 +09008818 if (!query_string)
8819 return 0;
8820
8821 qs_end = path + path_l;
8822 arg_start = find_url_param_pos(query_string, qs_end - query_string,
bedis4c75cca2012-10-05 08:38:24 +02008823 url_param_name, url_param_name_l,
8824 delim);
David Cournapeau16023ee2010-12-23 20:55:41 +09008825 if (!arg_start)
8826 return 0;
8827
8828 value_start = arg_start + url_param_name_l + 1;
8829 value_end = value_start;
8830
bedis4c75cca2012-10-05 08:38:24 +02008831 while ((value_end < qs_end) && !is_param_delimiter(*value_end, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +09008832 value_end++;
8833
8834 *value = value_start;
8835 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +01008836 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +09008837}
8838
8839static int
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008840smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8841 const struct arg *args, struct sample *smp)
David Cournapeau16023ee2010-12-23 20:55:41 +09008842{
bedis4c75cca2012-10-05 08:38:24 +02008843 char delim = '?';
David Cournapeau16023ee2010-12-23 20:55:41 +09008844 struct http_txn *txn = l7;
8845 struct http_msg *msg = &txn->req;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008846
bedis4c75cca2012-10-05 08:38:24 +02008847 if (!args || args[0].type != ARGT_STR ||
8848 (args[1].type && args[1].type != ARGT_STR))
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008849 return 0;
8850
8851 CHECK_HTTP_MESSAGE_FIRST();
David Cournapeau16023ee2010-12-23 20:55:41 +09008852
bedis4c75cca2012-10-05 08:38:24 +02008853 if (args[1].type)
8854 delim = *args[1].data.str.str;
8855
Willy Tarreau9b28e032012-10-12 23:49:43 +02008856 if (!find_url_param_value(msg->chn->buf->p + msg->sl.rq.u, msg->sl.rq.u_l,
bedis4c75cca2012-10-05 08:38:24 +02008857 args->data.str.str, args->data.str.len,
8858 &smp->data.str.str, &smp->data.str.len,
8859 delim))
David Cournapeau16023ee2010-12-23 20:55:41 +09008860 return 0;
8861
Willy Tarreaub8c8f1f2012-04-23 22:38:26 +02008862 smp->type = SMP_T_CSTR;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008863 smp->flags = SMP_F_VOL_1ST;
David Cournapeau16023ee2010-12-23 20:55:41 +09008864 return 1;
8865}
8866
Willy Tarreaua9fddca2012-07-31 07:51:48 +02008867/* Return the signed integer value for the specified url parameter (see url_param
8868 * above).
8869 */
8870static int
8871smp_fetch_url_param_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
8872 const struct arg *args, struct sample *smp)
8873{
8874 int ret = smp_fetch_url_param(px, l4, l7, opt, args, smp);
8875
8876 if (ret > 0) {
8877 smp->type = SMP_T_UINT;
8878 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
8879 }
8880
8881 return ret;
8882}
8883
Willy Tarreau185b5c42012-04-26 15:11:51 +02008884/* This function is used to validate the arguments passed to any "hdr" fetch
8885 * keyword. These keywords support an optional positive or negative occurrence
8886 * number. We must ensure that the number is greater than -MAX_HDR_HISTORY. It
8887 * is assumed that the types are already the correct ones. Returns 0 on error,
8888 * non-zero if OK. If <err> is not NULL, it will be filled with a pointer to an
8889 * error message in case of error, that the caller is responsible for freeing.
8890 * The initial location must either be freeable or NULL.
8891 */
8892static int val_hdr(struct arg *arg, char **err_msg)
8893{
8894 if (arg && arg[1].type == ARGT_SINT && arg[1].data.sint < -MAX_HDR_HISTORY) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008895 memprintf(err_msg, "header occurrence must be >= %d", -MAX_HDR_HISTORY);
Willy Tarreau185b5c42012-04-26 15:11:51 +02008896 return 0;
8897 }
8898 return 1;
8899}
8900
Willy Tarreau4a568972010-05-12 08:08:50 +02008901/************************************************************************/
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008902/* All supported ACL keywords must be declared here. */
8903/************************************************************************/
8904
8905/* Note: must not be declared <const> as its list will be overwritten.
8906 * Please take care of keeping this list alphabetically sorted.
8907 */
8908static struct acl_kw_list acl_kws = {{ },{
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02008909 { "base", acl_parse_str, smp_fetch_base, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
8910 { "base_beg", acl_parse_str, smp_fetch_base, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
8911 { "base_dir", acl_parse_str, smp_fetch_base, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
8912 { "base_dom", acl_parse_str, smp_fetch_base, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
8913 { "base_end", acl_parse_str, smp_fetch_base, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
8914 { "base_len", acl_parse_int, smp_fetch_base, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
8915 { "base_reg", acl_parse_reg, smp_fetch_base, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
8916 { "base_sub", acl_parse_str, smp_fetch_base, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
8917
Willy Tarreau51539362012-05-08 12:46:28 +02008918 { "cook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
8919 { "cook_beg", acl_parse_str, smp_fetch_cookie, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008920 { "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
Willy Tarreau51539362012-05-08 12:46:28 +02008921 { "cook_dir", acl_parse_str, smp_fetch_cookie, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8922 { "cook_dom", acl_parse_str, smp_fetch_cookie, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8923 { "cook_end", acl_parse_str, smp_fetch_cookie, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8924 { "cook_len", acl_parse_int, smp_fetch_cookie, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8925 { "cook_reg", acl_parse_reg, smp_fetch_cookie, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8926 { "cook_sub", acl_parse_str, smp_fetch_cookie, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8927 { "cook_val", acl_parse_int, smp_fetch_cookie_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008928
Willy Tarreau185b5c42012-04-26 15:11:51 +02008929 { "hdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr },
8930 { "hdr_beg", acl_parse_str, smp_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8931 { "hdr_cnt", acl_parse_int, smp_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
8932 { "hdr_dir", acl_parse_str, smp_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8933 { "hdr_dom", acl_parse_str, smp_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8934 { "hdr_end", acl_parse_str, smp_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8935 { "hdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr },
8936 { "hdr_len", acl_parse_int, smp_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8937 { "hdr_reg", acl_parse_reg, smp_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8938 { "hdr_sub", acl_parse_str, smp_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8939 { "hdr_val", acl_parse_int, smp_fetch_hdr_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008940
8941 { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_nothing, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02008942 { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth_grp, acl_match_auth, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008943 { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
8944
8945 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 },
8946
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008947 { "path", acl_parse_str, smp_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
8948 { "path_beg", acl_parse_str, smp_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
8949 { "path_dir", acl_parse_str, smp_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
8950 { "path_dom", acl_parse_str, smp_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
8951 { "path_end", acl_parse_str, smp_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
8952 { "path_len", acl_parse_int, smp_fetch_path, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
8953 { "path_reg", acl_parse_reg, smp_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
8954 { "path_sub", acl_parse_str, smp_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008955
8956 { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
8957 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
8958 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 },
8959
Willy Tarreau51539362012-05-08 12:46:28 +02008960 { "scook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
8961 { "scook_beg", acl_parse_str, smp_fetch_cookie, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008962 { "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
Willy Tarreau51539362012-05-08 12:46:28 +02008963 { "scook_dir", acl_parse_str, smp_fetch_cookie, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8964 { "scook_dom", acl_parse_str, smp_fetch_cookie, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8965 { "scook_end", acl_parse_str, smp_fetch_cookie, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8966 { "scook_len", acl_parse_int, smp_fetch_cookie, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8967 { "scook_reg", acl_parse_reg, smp_fetch_cookie, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8968 { "scook_sub", acl_parse_str, smp_fetch_cookie, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8969 { "scook_val", acl_parse_int, smp_fetch_cookie_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008970
Willy Tarreau185b5c42012-04-26 15:11:51 +02008971 { "shdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr },
8972 { "shdr_beg", acl_parse_str, smp_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8973 { "shdr_cnt", acl_parse_int, smp_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
8974 { "shdr_dir", acl_parse_str, smp_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8975 { "shdr_dom", acl_parse_str, smp_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8976 { "shdr_end", acl_parse_str, smp_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8977 { "shdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr },
8978 { "shdr_len", acl_parse_int, smp_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8979 { "shdr_reg", acl_parse_reg, smp_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8980 { "shdr_sub", acl_parse_str, smp_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
8981 { "shdr_val", acl_parse_int, smp_fetch_hdr_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008982
8983 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 },
8984
Willy Tarreau6812bcf2012-04-29 09:28:50 +02008985 { "url", acl_parse_str, smp_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
8986 { "url_beg", acl_parse_str, smp_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
8987 { "url_dir", acl_parse_str, smp_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
8988 { "url_dom", acl_parse_str, smp_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
8989 { "url_end", acl_parse_str, smp_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
8990 { "url_ip", acl_parse_ip, smp_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
8991 { "url_len", acl_parse_int, smp_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
8992 { "url_port", acl_parse_int, smp_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 },
8993 { "url_reg", acl_parse_reg, smp_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
8994 { "url_sub", acl_parse_str, smp_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02008995
8996 { "urlp", acl_parse_str, smp_fetch_url_param, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) },
8997 { "urlp_beg", acl_parse_str, smp_fetch_url_param, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
8998 { "urlp_dir", acl_parse_str, smp_fetch_url_param, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
8999 { "urlp_dom", acl_parse_str, smp_fetch_url_param, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
9000 { "urlp_end", acl_parse_str, smp_fetch_url_param, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
9001 { "urlp_ip", acl_parse_ip, smp_fetch_url_param, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) },
9002 { "urlp_len", acl_parse_int, smp_fetch_url_param, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
9003 { "urlp_reg", acl_parse_reg, smp_fetch_url_param, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
9004 { "urlp_sub", acl_parse_str, smp_fetch_url_param, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
Willy Tarreaua9fddca2012-07-31 07:51:48 +02009005 { "urlp_val", acl_parse_int, smp_fetch_url_param_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02009006
9007 { NULL, NULL, NULL, NULL },
9008}};
9009
9010/************************************************************************/
9011/* All supported pattern keywords must be declared here. */
Willy Tarreau4a568972010-05-12 08:08:50 +02009012/************************************************************************/
9013/* Note: must not be declared <const> as its list will be overwritten */
Willy Tarreau12785782012-04-27 21:37:17 +02009014static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{
Willy Tarreau1b6c00c2012-10-05 22:41:26 +02009015 { "hdr", smp_fetch_hdr, ARG2(1,STR,SINT), val_hdr, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ },
9016 { "base", smp_fetch_base, 0, NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ },
9017 { "path", smp_fetch_path, 0, NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ },
9018 { "url", smp_fetch_url, 0, NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ },
9019 { "url_ip", smp_fetch_url_ip, 0, NULL, SMP_T_IPV4, SMP_CAP_L7|SMP_CAP_REQ },
9020 { "url_port", smp_fetch_url_port, 0, NULL, SMP_T_UINT, SMP_CAP_L7|SMP_CAP_REQ },
9021 { "url_param", smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ },
9022 { "cookie", smp_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_REQ|SMP_CAP_RES },
9023 { "set-cookie", smp_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_L7|SMP_CAP_RES }, /* deprecated */
Willy Tarreau9fcb9842012-04-20 14:45:49 +02009024 { NULL, NULL, 0, 0, 0 },
Willy Tarreau4a568972010-05-12 08:08:50 +02009025}};
9026
Willy Tarreau8797c062007-05-07 00:55:35 +02009027
9028__attribute__((constructor))
9029static void __http_protocol_init(void)
9030{
9031 acl_register_keywords(&acl_kws);
Willy Tarreau12785782012-04-27 21:37:17 +02009032 sample_register_fetches(&sample_fetch_keywords);
Willy Tarreau8797c062007-05-07 00:55:35 +02009033}
9034
9035
Willy Tarreau58f10d72006-12-04 02:26:12 +01009036/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02009037 * Local variables:
9038 * c-indent-level: 8
9039 * c-basic-offset: 8
9040 * End:
9041 */