blob: 9a1cdf4b28b9e1b5021f009ecccce753fcbb2e31 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreau7c669d72008-06-20 15:04:11 +02004 * Copyright 2000-2008 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
27#include <common/compat.h>
28#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010029#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020030#include <common/memory.h>
31#include <common/mini-clist.h>
32#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020033#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/time.h>
35#include <common/uri_auth.h>
36#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020037
38#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020039#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040
Willy Tarreau8797c062007-05-07 00:55:35 +020041#include <proto/acl.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020042#include <proto/backend.h>
43#include <proto/buffers.h>
Willy Tarreau91861262007-10-17 17:06:05 +020044#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020045#include <proto/fd.h>
46#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010047#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020048#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020049#include <proto/proto_http.h>
50#include <proto/queue.h>
Willy Tarreau91861262007-10-17 17:06:05 +020051#include <proto/senddata.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020052#include <proto/session.h>
53#include <proto/task.h>
54
Willy Tarreau6d1a9882007-01-07 02:03:04 +010055#ifdef CONFIG_HAP_TCPSPLICE
56#include <libtcpsplice.h>
57#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +020058
Willy Tarreau58f10d72006-12-04 02:26:12 +010059#define DEBUG_PARSE_NO_SPEEDUP
60#undef DEBUG_PARSE_NO_SPEEDUP
61
Willy Tarreau976f1ee2006-12-17 10:06:03 +010062/* This is used to perform a quick jump as an alternative to a break/continue
63 * instruction. The first argument is the label for normal operation, and the
64 * second one is the break/continue instruction in the no_speedup mode.
65 */
66
67#ifdef DEBUG_PARSE_NO_SPEEDUP
68#define QUICK_JUMP(x,y) y
69#else
70#define QUICK_JUMP(x,y) goto x
71#endif
72
Willy Tarreau1c47f852006-07-09 08:22:27 +020073/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010074const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020075 "HTTP/1.0 200 OK\r\n"
76 "Cache-Control: no-cache\r\n"
77 "Connection: close\r\n"
78 "Content-Type: text/html\r\n"
79 "\r\n"
80 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
81
Willy Tarreau0f772532006-12-23 20:51:41 +010082const struct chunk http_200_chunk = {
83 .str = (char *)&HTTP_200,
84 .len = sizeof(HTTP_200)-1
85};
86
Willy Tarreaub463dfb2008-06-07 23:08:56 +020087const char *HTTP_301 =
88 "HTTP/1.0 301 Moved Permantenly\r\n"
89 "Cache-Control: no-cache\r\n"
90 "Connection: close\r\n"
91 "Location: "; /* not terminated since it will be concatenated with the URL */
92
Willy Tarreau0f772532006-12-23 20:51:41 +010093const char *HTTP_302 =
94 "HTTP/1.0 302 Found\r\n"
95 "Cache-Control: no-cache\r\n"
96 "Connection: close\r\n"
97 "Location: "; /* not terminated since it will be concatenated with the URL */
98
99/* same as 302 except that the browser MUST retry with the GET method */
100const char *HTTP_303 =
101 "HTTP/1.0 303 See Other\r\n"
102 "Cache-Control: no-cache\r\n"
103 "Connection: close\r\n"
104 "Location: "; /* not terminated since it will be concatenated with the URL */
105
Willy Tarreaubaaee002006-06-26 02:48:02 +0200106/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
107const char *HTTP_401_fmt =
108 "HTTP/1.0 401 Unauthorized\r\n"
109 "Cache-Control: no-cache\r\n"
110 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200111 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200112 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
113 "\r\n"
114 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
115
Willy Tarreau0f772532006-12-23 20:51:41 +0100116
117const int http_err_codes[HTTP_ERR_SIZE] = {
118 [HTTP_ERR_400] = 400,
119 [HTTP_ERR_403] = 403,
120 [HTTP_ERR_408] = 408,
121 [HTTP_ERR_500] = 500,
122 [HTTP_ERR_502] = 502,
123 [HTTP_ERR_503] = 503,
124 [HTTP_ERR_504] = 504,
125};
126
Willy Tarreau80587432006-12-24 17:47:20 +0100127static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100128 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100129 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100130 "Cache-Control: no-cache\r\n"
131 "Connection: close\r\n"
132 "Content-Type: text/html\r\n"
133 "\r\n"
134 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
135
136 [HTTP_ERR_403] =
137 "HTTP/1.0 403 Forbidden\r\n"
138 "Cache-Control: no-cache\r\n"
139 "Connection: close\r\n"
140 "Content-Type: text/html\r\n"
141 "\r\n"
142 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
143
144 [HTTP_ERR_408] =
145 "HTTP/1.0 408 Request Time-out\r\n"
146 "Cache-Control: no-cache\r\n"
147 "Connection: close\r\n"
148 "Content-Type: text/html\r\n"
149 "\r\n"
150 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
151
152 [HTTP_ERR_500] =
153 "HTTP/1.0 500 Server Error\r\n"
154 "Cache-Control: no-cache\r\n"
155 "Connection: close\r\n"
156 "Content-Type: text/html\r\n"
157 "\r\n"
158 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
159
160 [HTTP_ERR_502] =
161 "HTTP/1.0 502 Bad Gateway\r\n"
162 "Cache-Control: no-cache\r\n"
163 "Connection: close\r\n"
164 "Content-Type: text/html\r\n"
165 "\r\n"
166 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
167
168 [HTTP_ERR_503] =
169 "HTTP/1.0 503 Service Unavailable\r\n"
170 "Cache-Control: no-cache\r\n"
171 "Connection: close\r\n"
172 "Content-Type: text/html\r\n"
173 "\r\n"
174 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
175
176 [HTTP_ERR_504] =
177 "HTTP/1.0 504 Gateway Time-out\r\n"
178 "Cache-Control: no-cache\r\n"
179 "Connection: close\r\n"
180 "Content-Type: text/html\r\n"
181 "\r\n"
182 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
183
184};
185
Willy Tarreau80587432006-12-24 17:47:20 +0100186/* We must put the messages here since GCC cannot initialize consts depending
187 * on strlen().
188 */
189struct chunk http_err_chunks[HTTP_ERR_SIZE];
190
Willy Tarreau42250582007-04-01 01:30:43 +0200191#define FD_SETS_ARE_BITFIELDS
192#ifdef FD_SETS_ARE_BITFIELDS
193/*
194 * This map is used with all the FD_* macros to check whether a particular bit
195 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
196 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
197 * byte should be encoded. Be careful to always pass bytes from 0 to 255
198 * exclusively to the macros.
199 */
200fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
201fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
202
203#else
204#error "Check if your OS uses bitfields for fd_sets"
205#endif
206
Willy Tarreau80587432006-12-24 17:47:20 +0100207void init_proto_http()
208{
Willy Tarreau42250582007-04-01 01:30:43 +0200209 int i;
210 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100211 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200212
Willy Tarreau80587432006-12-24 17:47:20 +0100213 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
214 if (!http_err_msgs[msg]) {
215 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
216 abort();
217 }
218
219 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
220 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
221 }
Willy Tarreau42250582007-04-01 01:30:43 +0200222
223 /* initialize the log header encoding map : '{|}"#' should be encoded with
224 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
225 * URL encoding only requires '"', '#' to be encoded as well as non-
226 * printable characters above.
227 */
228 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
229 memset(url_encode_map, 0, sizeof(url_encode_map));
230 for (i = 0; i < 32; i++) {
231 FD_SET(i, hdr_encode_map);
232 FD_SET(i, url_encode_map);
233 }
234 for (i = 127; i < 256; i++) {
235 FD_SET(i, hdr_encode_map);
236 FD_SET(i, url_encode_map);
237 }
238
239 tmp = "\"#{|}";
240 while (*tmp) {
241 FD_SET(*tmp, hdr_encode_map);
242 tmp++;
243 }
244
245 tmp = "\"#";
246 while (*tmp) {
247 FD_SET(*tmp, url_encode_map);
248 tmp++;
249 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200250
251 /* memory allocations */
252 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200253 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100254}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200255
Willy Tarreau53b6c742006-12-17 13:37:46 +0100256/*
257 * We have 26 list of methods (1 per first letter), each of which can have
258 * up to 3 entries (2 valid, 1 null).
259 */
260struct http_method_desc {
261 http_meth_t meth;
262 int len;
263 const char text[8];
264};
265
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100266const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100267 ['C' - 'A'] = {
268 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
269 },
270 ['D' - 'A'] = {
271 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
272 },
273 ['G' - 'A'] = {
274 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
275 },
276 ['H' - 'A'] = {
277 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
278 },
279 ['P' - 'A'] = {
280 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
281 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
282 },
283 ['T' - 'A'] = {
284 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
285 },
286 /* rest is empty like this :
287 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
288 */
289};
290
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100291/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200292 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100293 * RFC2616 for those chars.
294 */
295
296const char http_is_spht[256] = {
297 [' '] = 1, ['\t'] = 1,
298};
299
300const char http_is_crlf[256] = {
301 ['\r'] = 1, ['\n'] = 1,
302};
303
304const char http_is_lws[256] = {
305 [' '] = 1, ['\t'] = 1,
306 ['\r'] = 1, ['\n'] = 1,
307};
308
309const char http_is_sep[256] = {
310 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
311 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
312 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
313 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
314 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
315};
316
317const char http_is_ctl[256] = {
318 [0 ... 31] = 1,
319 [127] = 1,
320};
321
322/*
323 * A token is any ASCII char that is neither a separator nor a CTL char.
324 * Do not overwrite values in assignment since gcc-2.95 will not handle
325 * them correctly. Instead, define every non-CTL char's status.
326 */
327const char http_is_token[256] = {
328 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
329 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
330 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
331 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
332 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
333 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
334 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
335 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
336 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
337 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
338 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
339 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
340 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
341 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
342 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
343 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
344 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
345 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
346 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
347 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
348 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
349 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
350 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
351 ['|'] = 1, ['}'] = 0, ['~'] = 1,
352};
353
354
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100355/*
356 * An http ver_token is any ASCII which can be found in an HTTP version,
357 * which includes 'H', 'T', 'P', '/', '.' and any digit.
358 */
359const char http_is_ver_token[256] = {
360 ['.'] = 1, ['/'] = 1,
361 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
362 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
363 ['H'] = 1, ['P'] = 1, ['T'] = 1,
364};
365
366
Willy Tarreaubaaee002006-06-26 02:48:02 +0200367#ifdef DEBUG_FULL
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200368static char *cli_stnames[4] = { "DAT", "SHR", "SHW", "CLS" };
Willy Tarreauf5483bf2008-08-14 18:35:40 +0200369static char *srv_stnames[6] = { "IDL", "CON", "DAT", "SHR", "SHW", "CLS" };
Willy Tarreaubaaee002006-06-26 02:48:02 +0200370#endif
371
Willy Tarreau42250582007-04-01 01:30:43 +0200372static void http_sess_log(struct session *s);
373
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100374/*
375 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
376 * CRLF. Text length is measured first, so it cannot be NULL.
377 * The header is also automatically added to the index <hdr_idx>, and the end
378 * of headers is automatically adjusted. The number of bytes added is returned
379 * on success, otherwise <0 is returned indicating an error.
380 */
381int http_header_add_tail(struct buffer *b, struct http_msg *msg,
382 struct hdr_idx *hdr_idx, const char *text)
383{
384 int bytes, len;
385
386 len = strlen(text);
387 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
388 if (!bytes)
389 return -1;
390 msg->eoh += bytes;
391 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
392}
393
394/*
395 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
396 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
397 * the buffer is only opened and the space reserved, but nothing is copied.
398 * The header is also automatically added to the index <hdr_idx>, and the end
399 * of headers is automatically adjusted. The number of bytes added is returned
400 * on success, otherwise <0 is returned indicating an error.
401 */
402int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
403 struct hdr_idx *hdr_idx, const char *text, int len)
404{
405 int bytes;
406
407 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
408 if (!bytes)
409 return -1;
410 msg->eoh += bytes;
411 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
412}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200413
414/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100415 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
416 * If so, returns the position of the first non-space character relative to
417 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
418 * to return a pointer to the place after the first space. Returns 0 if the
419 * header name does not match. Checks are case-insensitive.
420 */
421int http_header_match2(const char *hdr, const char *end,
422 const char *name, int len)
423{
424 const char *val;
425
426 if (hdr + len >= end)
427 return 0;
428 if (hdr[len] != ':')
429 return 0;
430 if (strncasecmp(hdr, name, len) != 0)
431 return 0;
432 val = hdr + len + 1;
433 while (val < end && HTTP_IS_SPHT(*val))
434 val++;
435 if ((val >= end) && (len + 2 <= end - hdr))
436 return len + 2; /* we may replace starting from second space */
437 return val - hdr;
438}
439
Willy Tarreau33a7e692007-06-10 19:45:56 +0200440/* Find the end of the header value contained between <s> and <e>.
441 * See RFC2616, par 2.2 for more information. Note that it requires
442 * a valid header to return a valid result.
443 */
444const char *find_hdr_value_end(const char *s, const char *e)
445{
446 int quoted, qdpair;
447
448 quoted = qdpair = 0;
449 for (; s < e; s++) {
450 if (qdpair) qdpair = 0;
451 else if (quoted && *s == '\\') qdpair = 1;
452 else if (quoted && *s == '"') quoted = 0;
453 else if (*s == '"') quoted = 1;
454 else if (*s == ',') return s;
455 }
456 return s;
457}
458
459/* Find the first or next occurrence of header <name> in message buffer <sol>
460 * using headers index <idx>, and return it in the <ctx> structure. This
461 * structure holds everything necessary to use the header and find next
462 * occurrence. If its <idx> member is 0, the header is searched from the
463 * beginning. Otherwise, the next occurrence is returned. The function returns
464 * 1 when it finds a value, and 0 when there is no more.
465 */
466int http_find_header2(const char *name, int len,
467 const char *sol, struct hdr_idx *idx,
468 struct hdr_ctx *ctx)
469{
470 __label__ return_hdr, next_hdr;
471 const char *eol, *sov;
472 int cur_idx;
473
474 if (ctx->idx) {
475 /* We have previously returned a value, let's search
476 * another one on the same line.
477 */
478 cur_idx = ctx->idx;
479 sol = ctx->line;
480 sov = sol + ctx->val + ctx->vlen;
481 eol = sol + idx->v[cur_idx].len;
482
483 if (sov >= eol)
484 /* no more values in this header */
485 goto next_hdr;
486
487 /* values remaining for this header, skip the comma */
488 sov++;
489 while (sov < eol && http_is_lws[(unsigned char)*sov])
490 sov++;
491
492 goto return_hdr;
493 }
494
495 /* first request for this header */
496 sol += hdr_idx_first_pos(idx);
497 cur_idx = hdr_idx_first_idx(idx);
498
499 while (cur_idx) {
500 eol = sol + idx->v[cur_idx].len;
501
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200502 if (len == 0) {
503 /* No argument was passed, we want any header.
504 * To achieve this, we simply build a fake request. */
505 while (sol + len < eol && sol[len] != ':')
506 len++;
507 name = sol;
508 }
509
Willy Tarreau33a7e692007-06-10 19:45:56 +0200510 if ((len < eol - sol) &&
511 (sol[len] == ':') &&
512 (strncasecmp(sol, name, len) == 0)) {
513
514 sov = sol + len + 1;
515 while (sov < eol && http_is_lws[(unsigned char)*sov])
516 sov++;
517 return_hdr:
518 ctx->line = sol;
519 ctx->idx = cur_idx;
520 ctx->val = sov - sol;
521
522 eol = find_hdr_value_end(sov, eol);
523 ctx->vlen = eol - sov;
524 return 1;
525 }
526 next_hdr:
527 sol = eol + idx->v[cur_idx].cr + 1;
528 cur_idx = idx->v[cur_idx].next;
529 }
530 return 0;
531}
532
533int http_find_header(const char *name,
534 const char *sol, struct hdr_idx *idx,
535 struct hdr_ctx *ctx)
536{
537 return http_find_header2(name, strlen(name), sol, idx, ctx);
538}
539
Willy Tarreaubaaee002006-06-26 02:48:02 +0200540/* This function turns the server state into the SV_STCLOSE, and sets
Willy Tarreau0f772532006-12-23 20:51:41 +0100541 * indicators accordingly. Note that if <status> is 0, or if the message
542 * pointer is NULL, then no message is returned.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200543 */
544void srv_close_with_err(struct session *t, int err, int finst,
Willy Tarreau0f772532006-12-23 20:51:41 +0100545 int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200546{
547 t->srv_state = SV_STCLOSE;
Willy Tarreauadfb8562008-08-11 15:24:42 +0200548 t->rep->flags |= BF_MAY_FORWARD;
Willy Tarreauba392ce2008-08-16 21:13:23 +0200549 buffer_shutw(t->req);
550 buffer_shutr(t->rep);
Willy Tarreau0f772532006-12-23 20:51:41 +0100551 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100552 t->txn.status = status;
Willy Tarreau73de9892006-11-30 11:40:23 +0100553 if (t->fe->mode == PR_MODE_HTTP)
Willy Tarreau0f772532006-12-23 20:51:41 +0100554 client_return(t, msg);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200555 }
556 if (!(t->flags & SN_ERR_MASK))
557 t->flags |= err;
558 if (!(t->flags & SN_FINST_MASK))
559 t->flags |= finst;
560}
561
Willy Tarreau80587432006-12-24 17:47:20 +0100562/* This function returns the appropriate error location for the given session
563 * and message.
564 */
565
566struct chunk *error_message(struct session *s, int msgnum)
567{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200568 if (s->be->errmsg[msgnum].str)
569 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100570 else if (s->fe->errmsg[msgnum].str)
571 return &s->fe->errmsg[msgnum];
572 else
573 return &http_err_chunks[msgnum];
574}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200575
Willy Tarreau53b6c742006-12-17 13:37:46 +0100576/*
577 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
578 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
579 */
580static http_meth_t find_http_meth(const char *str, const int len)
581{
582 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100583 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100584
585 m = ((unsigned)*str - 'A');
586
587 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100588 for (h = http_methods[m]; h->len > 0; h++) {
589 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100590 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100591 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100592 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100593 };
594 return HTTP_METH_OTHER;
595 }
596 return HTTP_METH_NONE;
597
598}
599
Willy Tarreau21d2af32008-02-14 20:25:24 +0100600/* Parse the URI from the given transaction (which is assumed to be in request
601 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
602 * It is returned otherwise.
603 */
604static char *
605http_get_path(struct http_txn *txn)
606{
607 char *ptr, *end;
608
609 ptr = txn->req.sol + txn->req.sl.rq.u;
610 end = ptr + txn->req.sl.rq.u_l;
611
612 if (ptr >= end)
613 return NULL;
614
615 /* RFC2616, par. 5.1.2 :
616 * Request-URI = "*" | absuri | abspath | authority
617 */
618
619 if (*ptr == '*')
620 return NULL;
621
622 if (isalpha((unsigned char)*ptr)) {
623 /* this is a scheme as described by RFC3986, par. 3.1 */
624 ptr++;
625 while (ptr < end &&
626 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
627 ptr++;
628 /* skip '://' */
629 if (ptr == end || *ptr++ != ':')
630 return NULL;
631 if (ptr == end || *ptr++ != '/')
632 return NULL;
633 if (ptr == end || *ptr++ != '/')
634 return NULL;
635 }
636 /* skip [user[:passwd]@]host[:[port]] */
637
638 while (ptr < end && *ptr != '/')
639 ptr++;
640
641 if (ptr == end)
642 return NULL;
643
644 /* OK, we got the '/' ! */
645 return ptr;
646}
647
Willy Tarreaudafde432008-08-17 01:00:46 +0200648/* Processes the client, server, request and response jobs of a session task,
649 * then puts it back to the wait queue in a clean state, or cleans up its
650 * resources if it must be deleted. Returns in <next> the date the task wants
651 * to be woken up, or TICK_ETERNITY. In order not to call all functions for
652 * nothing too many times, the request and response buffers flags are monitored
653 * and each function is called only if at least another function has changed at
654 * least one flag. If one of the functions called returns non-zero, then it
655 * will be called once again after all other functions. This permits explicit
656 * external loops which may be useful for complex state machines.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200657 */
Willy Tarreaudafde432008-08-17 01:00:46 +0200658#define PROCESS_CLI 0x1
659#define PROCESS_SRV 0x2
660#define PROCESS_REQ 0x4
661#define PROCESS_RTR 0x8
662#define PROCESS_ALL (PROCESS_CLI|PROCESS_SRV|PROCESS_REQ|PROCESS_RTR)
663
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200664void process_session(struct task *t, int *next)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200665{
666 struct session *s = t->context;
Willy Tarreaudafde432008-08-17 01:00:46 +0200667 unsigned resync = PROCESS_ALL;
668 unsigned int rqf;
669 unsigned int rpf;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200670
671 do {
Willy Tarreaudafde432008-08-17 01:00:46 +0200672 if (resync & PROCESS_REQ) {
673 resync &= ~PROCESS_REQ;
674 if (s->analysis & AN_REQ_ANY) {
675 rqf = s->req->flags;
676 rpf = s->rep->flags;
677
678 if (process_request(s))
679 resync |= PROCESS_REQ;
680
681 if (!(s->analysis & AN_REQ_ANY) && !(s->req->flags & BF_MAY_FORWARD))
682 s->req->flags |= BF_MAY_FORWARD;
683
684 if (rqf != s->req->flags || rpf != s->rep->flags)
685 resync |= PROCESS_ALL & ~PROCESS_REQ;
686 }
687 }
688
689 if (resync & PROCESS_RTR) {
690 resync &= ~PROCESS_RTR;
691 if (s->analysis & AN_RTR_ANY) {
692 rqf = s->req->flags;
693 rpf = s->rep->flags;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200694
Willy Tarreaudafde432008-08-17 01:00:46 +0200695 if (process_response(s))
696 resync |= PROCESS_RTR;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200697
Willy Tarreaudafde432008-08-17 01:00:46 +0200698 if (!(s->analysis & AN_RTR_ANY) && !(s->rep->flags & BF_MAY_FORWARD))
699 s->rep->flags |= BF_MAY_FORWARD;
700
701 if (rqf != s->req->flags || rpf != s->rep->flags)
702 resync |= PROCESS_ALL & ~PROCESS_RTR;
703 }
704 }
705
706 if (resync & PROCESS_CLI) {
707 rqf = s->req->flags;
708 rpf = s->rep->flags;
709
710 resync &= ~PROCESS_CLI;
711 if (process_cli(s))
712 resync |= PROCESS_CLI;
713
714 if (rqf != s->req->flags || rpf != s->rep->flags)
715 resync |= PROCESS_ALL & ~PROCESS_CLI;
716 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200717
Willy Tarreaudafde432008-08-17 01:00:46 +0200718 if (resync & PROCESS_SRV) {
719 rqf = s->req->flags;
720 rpf = s->rep->flags;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200721
Willy Tarreaudafde432008-08-17 01:00:46 +0200722 resync &= ~PROCESS_SRV;
723 if (process_srv(s))
724 resync |= PROCESS_SRV;
Willy Tarreauf5483bf2008-08-14 18:35:40 +0200725
Willy Tarreaudafde432008-08-17 01:00:46 +0200726 if (rqf != s->req->flags || rpf != s->rep->flags)
727 resync |= PROCESS_ALL & ~PROCESS_SRV;
728 }
729 } while (resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200730
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200731 if (likely(s->cli_state != CL_STCLOSE || s->srv_state != SV_STCLOSE)) {
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100732
733 if ((s->fe->options & PR_O_CONTSTATS) && (s->flags & SN_BE_ASSIGNED))
734 session_process_counters(s);
735
Willy Tarreau0f9f5052006-07-29 17:39:25 +0200736 s->req->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
737 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200738
Willy Tarreau7f875f62008-08-11 17:35:01 +0200739 /* Trick: if a request is being waiting for the server to respond,
740 * and if we know the server can timeout, we don't want the timeout
741 * to expire on the client side first, but we're still interested
742 * in passing data from the client to the server (eg: POST). Thus,
743 * we can cancel the client's request timeout if the server's
744 * request timeout is set and the server has not yet sent a response.
745 */
746
Willy Tarreauba392ce2008-08-16 21:13:23 +0200747 if ((s->rep->flags & (BF_MAY_FORWARD|BF_SHUTR)) == 0 &&
Willy Tarreau26ed74d2008-08-17 12:11:14 +0200748 (tick_isset(s->req->wex) || tick_isset(s->rep->rex)))
Willy Tarreau7f875f62008-08-11 17:35:01 +0200749 s->req->rex = TICK_ETERNITY;
750
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200751 t->expire = tick_first(tick_first(s->req->rex, s->req->wex),
752 tick_first(s->rep->rex, s->rep->wex));
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200753 if (s->analysis & AN_REQ_ANY) {
754 if (s->analysis & AN_REQ_INSPECT)
755 t->expire = tick_first(t->expire, s->inspect_exp);
756 else if (s->analysis & AN_REQ_HTTP_HDR)
757 t->expire = tick_first(t->expire, s->txn.exp);
758 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200759
760 /* restore t to its place in the task list */
761 task_queue(t);
762
Willy Tarreaua7c52762008-08-16 18:40:18 +0200763#ifdef DEBUG_DEV
764 /* this may only happen when no timeout is set or in case of an FSM bug */
765 if (!t->expire)
766 ABORT_NOW();
767#endif
Willy Tarreaud825eef2007-05-12 22:35:00 +0200768 *next = t->expire;
769 return; /* nothing more to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +0200770 }
771
Willy Tarreauf1221aa2006-12-17 22:14:12 +0100772 s->fe->feconn--;
773 if (s->flags & SN_BE_ASSIGNED)
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200774 s->be->beconn--;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200775 actconn--;
776
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200777 if (unlikely((global.mode & MODE_DEBUG) &&
778 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
Willy Tarreaubaaee002006-06-26 02:48:02 +0200779 int len;
Willy Tarreau45e73e32006-12-17 00:05:15 +0100780 len = sprintf(trash, "%08x:%s.closed[%04x:%04x]\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200781 s->uniq_id, s->be->id,
Willy Tarreau45e73e32006-12-17 00:05:15 +0100782 (unsigned short)s->cli_fd, (unsigned short)s->srv_fd);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200783 write(1, trash, len);
784 }
785
Willy Tarreau42aae5c2007-04-29 17:43:56 +0200786 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100787 session_process_counters(s);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200788
789 /* let's do a final log if we need it */
Willy Tarreau1c47f852006-07-09 08:22:27 +0200790 if (s->logs.logwait &&
791 !(s->flags & SN_MONITOR) &&
Willy Tarreau42250582007-04-01 01:30:43 +0200792 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
793 if (s->fe->to_log & LW_REQ)
794 http_sess_log(s);
795 else
796 tcp_sess_log(s);
797 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200798
799 /* the task MUST not be in the run queue anymore */
800 task_delete(t);
801 session_free(s);
802 task_free(t);
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200803 *next = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200804}
805
806
Willy Tarreau42250582007-04-01 01:30:43 +0200807extern const char sess_term_cond[8];
808extern const char sess_fin_state[8];
809extern const char *monthname[12];
810const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */
811const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown,
812 Set-cookie seen and left unchanged (passive), Set-cookie Deleted,
813 unknown, Set-cookie Rewritten */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200814struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200815struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100816
Willy Tarreau42250582007-04-01 01:30:43 +0200817/*
818 * send a log for the session when we have enough info about it.
819 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100820 */
Willy Tarreau42250582007-04-01 01:30:43 +0200821static void http_sess_log(struct session *s)
822{
823 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
824 struct proxy *fe = s->fe;
825 struct proxy *be = s->be;
826 struct proxy *prx_log;
827 struct http_txn *txn = &s->txn;
828 int tolog;
829 char *uri, *h;
830 char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +0200831 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +0200832 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +0200833 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +0200834 int hdr;
835
836 if (fe->logfac1 < 0 && fe->logfac2 < 0)
837 return;
838 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100839
Willy Tarreau42250582007-04-01 01:30:43 +0200840 if (s->cli_addr.ss_family == AF_INET)
841 inet_ntop(AF_INET,
842 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
843 pn, sizeof(pn));
844 else
845 inet_ntop(AF_INET6,
846 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
847 pn, sizeof(pn));
848
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200849 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +0200850
851 /* FIXME: let's limit ourselves to frontend logging for now. */
852 tolog = fe->to_log;
853
854 h = tmpline;
855 if (fe->to_log & LW_REQHDR &&
856 txn->req.cap &&
857 (h < tmpline + sizeof(tmpline) - 10)) {
858 *(h++) = ' ';
859 *(h++) = '{';
860 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
861 if (hdr)
862 *(h++) = '|';
863 if (txn->req.cap[hdr] != NULL)
864 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
865 '#', hdr_encode_map, txn->req.cap[hdr]);
866 }
867 *(h++) = '}';
868 }
869
870 if (fe->to_log & LW_RSPHDR &&
871 txn->rsp.cap &&
872 (h < tmpline + sizeof(tmpline) - 7)) {
873 *(h++) = ' ';
874 *(h++) = '{';
875 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
876 if (hdr)
877 *(h++) = '|';
878 if (txn->rsp.cap[hdr] != NULL)
879 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
880 '#', hdr_encode_map, txn->rsp.cap[hdr]);
881 }
882 *(h++) = '}';
883 }
884
885 if (h < tmpline + sizeof(tmpline) - 4) {
886 *(h++) = ' ';
887 *(h++) = '"';
888 uri = txn->uri ? txn->uri : "<BADREQ>";
889 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
890 '#', url_encode_map, uri);
891 *(h++) = '"';
892 }
893 *h = '\0';
894
895 svid = (tolog & LW_SVID) ?
896 (s->data_source != DATA_SRC_STATS) ?
897 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
898
Willy Tarreau70089872008-06-13 21:12:51 +0200899 t_request = -1;
900 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
901 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
902
Willy Tarreau42250582007-04-01 01:30:43 +0200903 send_log(prx_log, LOG_INFO,
904 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
905 " %s %s/%s %d/%d/%d/%d/%s%d %d %s%lld"
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +0100906 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %d/%d%s\n",
Willy Tarreau42250582007-04-01 01:30:43 +0200907 pn,
908 (s->cli_addr.ss_family == AF_INET) ?
909 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
910 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +0200911 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200912 tm.tm_hour, tm.tm_min, tm.tm_sec, s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +0200913 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +0200914 t_request,
915 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +0200916 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
917 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
918 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
919 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +0100920 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +0200921 txn->cli_cookie ? txn->cli_cookie : "-",
922 txn->srv_cookie ? txn->srv_cookie : "-",
923 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
924 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
925 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
926 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
927 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +0100928 (s->flags & SN_REDISP)?"+":"",
929 (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +0200930 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
931
932 s->logs.logwait = 0;
933}
934
Willy Tarreau117f59e2007-03-04 18:17:17 +0100935
936/*
937 * Capture headers from message starting at <som> according to header list
938 * <cap_hdr>, and fill the <idx> structure appropriately.
939 */
940void capture_headers(char *som, struct hdr_idx *idx,
941 char **cap, struct cap_hdr *cap_hdr)
942{
943 char *eol, *sol, *col, *sov;
944 int cur_idx;
945 struct cap_hdr *h;
946 int len;
947
948 sol = som + hdr_idx_first_pos(idx);
949 cur_idx = hdr_idx_first_idx(idx);
950
951 while (cur_idx) {
952 eol = sol + idx->v[cur_idx].len;
953
954 col = sol;
955 while (col < eol && *col != ':')
956 col++;
957
958 sov = col + 1;
959 while (sov < eol && http_is_lws[(unsigned char)*sov])
960 sov++;
961
962 for (h = cap_hdr; h; h = h->next) {
963 if ((h->namelen == col - sol) &&
964 (strncasecmp(sol, h->name, h->namelen) == 0)) {
965 if (cap[h->index] == NULL)
966 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +0200967 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +0100968
969 if (cap[h->index] == NULL) {
970 Alert("HTTP capture : out of memory.\n");
971 continue;
972 }
973
974 len = eol - sov;
975 if (len > h->len)
976 len = h->len;
977
978 memcpy(cap[h->index], sov, len);
979 cap[h->index][len]=0;
980 }
981 }
982 sol = eol + idx->v[cur_idx].cr + 1;
983 cur_idx = idx->v[cur_idx].next;
984 }
985}
986
987
Willy Tarreau42250582007-04-01 01:30:43 +0200988/* either we find an LF at <ptr> or we jump to <bad>.
989 */
990#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
991
992/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
993 * otherwise to <http_msg_ood> with <state> set to <st>.
994 */
995#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
996 ptr++; \
997 if (likely(ptr < end)) \
998 goto good; \
999 else { \
1000 state = (st); \
1001 goto http_msg_ood; \
1002 } \
1003 } while (0)
1004
1005
Willy Tarreaubaaee002006-06-26 02:48:02 +02001006/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001007 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001008 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1009 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1010 * will give undefined results.
1011 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1012 * and that msg->sol points to the beginning of the response.
1013 * If a complete line is found (which implies that at least one CR or LF is
1014 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1015 * returned indicating an incomplete line (which does not mean that parts have
1016 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1017 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1018 * upon next call.
1019 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001020 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001021 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1022 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001023 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001024 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001025const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
1026 unsigned int state, const char *ptr, const char *end,
1027 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001028{
1029 __label__
1030 http_msg_rpver,
1031 http_msg_rpver_sp,
1032 http_msg_rpcode,
1033 http_msg_rpcode_sp,
1034 http_msg_rpreason,
1035 http_msg_rpline_eol,
1036 http_msg_ood, /* out of data */
1037 http_msg_invalid;
1038
1039 switch (state) {
1040 http_msg_rpver:
1041 case HTTP_MSG_RPVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001042 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001043 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1044
1045 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001046 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001047 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1048 }
1049 goto http_msg_invalid;
1050
1051 http_msg_rpver_sp:
1052 case HTTP_MSG_RPVER_SP:
1053 if (likely(!HTTP_IS_LWS(*ptr))) {
1054 msg->sl.st.c = ptr - msg_buf;
1055 goto http_msg_rpcode;
1056 }
1057 if (likely(HTTP_IS_SPHT(*ptr)))
1058 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1059 /* so it's a CR/LF, this is invalid */
1060 goto http_msg_invalid;
1061
1062 http_msg_rpcode:
1063 case HTTP_MSG_RPCODE:
1064 if (likely(!HTTP_IS_LWS(*ptr)))
1065 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1066
1067 if (likely(HTTP_IS_SPHT(*ptr))) {
1068 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1069 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1070 }
1071
1072 /* so it's a CR/LF, so there is no reason phrase */
1073 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1074 http_msg_rsp_reason:
1075 /* FIXME: should we support HTTP responses without any reason phrase ? */
1076 msg->sl.st.r = ptr - msg_buf;
1077 msg->sl.st.r_l = 0;
1078 goto http_msg_rpline_eol;
1079
1080 http_msg_rpcode_sp:
1081 case HTTP_MSG_RPCODE_SP:
1082 if (likely(!HTTP_IS_LWS(*ptr))) {
1083 msg->sl.st.r = ptr - msg_buf;
1084 goto http_msg_rpreason;
1085 }
1086 if (likely(HTTP_IS_SPHT(*ptr)))
1087 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1088 /* so it's a CR/LF, so there is no reason phrase */
1089 goto http_msg_rsp_reason;
1090
1091 http_msg_rpreason:
1092 case HTTP_MSG_RPREASON:
1093 if (likely(!HTTP_IS_CRLF(*ptr)))
1094 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
1095 msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r;
1096 http_msg_rpline_eol:
1097 /* We have seen the end of line. Note that we do not
1098 * necessarily have the \n yet, but at least we know that we
1099 * have EITHER \r OR \n, otherwise the response would not be
1100 * complete. We can then record the response length and return
1101 * to the caller which will be able to register it.
1102 */
1103 msg->sl.st.l = ptr - msg->sol;
1104 return ptr;
1105
1106#ifdef DEBUG_FULL
1107 default:
1108 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1109 exit(1);
1110#endif
1111 }
1112
1113 http_msg_ood:
1114 /* out of data */
1115 if (ret_state)
1116 *ret_state = state;
1117 if (ret_ptr)
1118 *ret_ptr = (char *)ptr;
1119 return NULL;
1120
1121 http_msg_invalid:
1122 /* invalid message */
1123 if (ret_state)
1124 *ret_state = HTTP_MSG_ERROR;
1125 return NULL;
1126}
1127
1128
1129/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001130 * This function parses a request line between <ptr> and <end>, starting with
1131 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1132 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1133 * will give undefined results.
1134 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1135 * and that msg->sol points to the beginning of the request.
1136 * If a complete line is found (which implies that at least one CR or LF is
1137 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1138 * returned indicating an incomplete line (which does not mean that parts have
1139 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1140 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1141 * upon next call.
1142 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001143 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001144 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1145 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001146 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001147 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001148const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1149 unsigned int state, const char *ptr, const char *end,
1150 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001151{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001152 __label__
1153 http_msg_rqmeth,
1154 http_msg_rqmeth_sp,
1155 http_msg_rquri,
1156 http_msg_rquri_sp,
1157 http_msg_rqver,
1158 http_msg_rqline_eol,
1159 http_msg_ood, /* out of data */
1160 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001161
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001162 switch (state) {
1163 http_msg_rqmeth:
1164 case HTTP_MSG_RQMETH:
1165 if (likely(HTTP_IS_TOKEN(*ptr)))
1166 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001167
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001168 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001169 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001170 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1171 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001172
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001173 if (likely(HTTP_IS_CRLF(*ptr))) {
1174 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001175 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001176 http_msg_req09_uri:
1177 msg->sl.rq.u = ptr - msg_buf;
1178 http_msg_req09_uri_e:
1179 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1180 http_msg_req09_ver:
1181 msg->sl.rq.v = ptr - msg_buf;
1182 msg->sl.rq.v_l = 0;
1183 goto http_msg_rqline_eol;
1184 }
1185 goto http_msg_invalid;
1186
1187 http_msg_rqmeth_sp:
1188 case HTTP_MSG_RQMETH_SP:
1189 if (likely(!HTTP_IS_LWS(*ptr))) {
1190 msg->sl.rq.u = ptr - msg_buf;
1191 goto http_msg_rquri;
1192 }
1193 if (likely(HTTP_IS_SPHT(*ptr)))
1194 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1195 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1196 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001197
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001198 http_msg_rquri:
1199 case HTTP_MSG_RQURI:
1200 if (likely(!HTTP_IS_LWS(*ptr)))
1201 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001202
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001203 if (likely(HTTP_IS_SPHT(*ptr))) {
1204 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1205 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1206 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001207
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001208 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1209 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001210
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001211 http_msg_rquri_sp:
1212 case HTTP_MSG_RQURI_SP:
1213 if (likely(!HTTP_IS_LWS(*ptr))) {
1214 msg->sl.rq.v = ptr - msg_buf;
1215 goto http_msg_rqver;
1216 }
1217 if (likely(HTTP_IS_SPHT(*ptr)))
1218 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1219 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1220 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001221
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001222 http_msg_rqver:
1223 case HTTP_MSG_RQVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001224 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001225 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001226
1227 if (likely(HTTP_IS_CRLF(*ptr))) {
1228 msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v;
1229 http_msg_rqline_eol:
1230 /* We have seen the end of line. Note that we do not
1231 * necessarily have the \n yet, but at least we know that we
1232 * have EITHER \r OR \n, otherwise the request would not be
1233 * complete. We can then record the request length and return
1234 * to the caller which will be able to register it.
1235 */
1236 msg->sl.rq.l = ptr - msg->sol;
1237 return ptr;
1238 }
1239
1240 /* neither an HTTP_VER token nor a CRLF */
1241 goto http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001242
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001243#ifdef DEBUG_FULL
1244 default:
1245 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1246 exit(1);
1247#endif
1248 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001249
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001250 http_msg_ood:
1251 /* out of data */
1252 if (ret_state)
1253 *ret_state = state;
1254 if (ret_ptr)
1255 *ret_ptr = (char *)ptr;
1256 return NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001257
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001258 http_msg_invalid:
1259 /* invalid message */
1260 if (ret_state)
1261 *ret_state = HTTP_MSG_ERROR;
1262 return NULL;
1263}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001264
1265
Willy Tarreau8973c702007-01-21 23:58:29 +01001266/*
1267 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001268 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001269 * when data are missing and recalled at the exact same location with no
1270 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001271 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
1272 * fields.
Willy Tarreau8973c702007-01-21 23:58:29 +01001273 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001274void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1275{
1276 __label__
1277 http_msg_rqbefore,
1278 http_msg_rqbefore_cr,
1279 http_msg_rqmeth,
1280 http_msg_rqline_end,
1281 http_msg_hdr_first,
1282 http_msg_hdr_name,
1283 http_msg_hdr_l1_sp,
1284 http_msg_hdr_l1_lf,
1285 http_msg_hdr_l1_lws,
1286 http_msg_hdr_val,
1287 http_msg_hdr_l2_lf,
1288 http_msg_hdr_l2_lws,
1289 http_msg_complete_header,
1290 http_msg_last_lf,
1291 http_msg_ood, /* out of data */
1292 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001293
Willy Tarreaue69eada2008-01-27 00:34:10 +01001294 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001295 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001296
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001297 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001298 ptr = buf->lr;
1299 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001300
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001301 if (unlikely(ptr >= end))
1302 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001303
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001304 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001305 /*
1306 * First, states that are specific to the response only.
1307 * We check them first so that request and headers are
1308 * closer to each other (accessed more often).
1309 */
1310 http_msg_rpbefore:
1311 case HTTP_MSG_RPBEFORE:
1312 if (likely(HTTP_IS_TOKEN(*ptr))) {
1313 if (likely(ptr == buf->data)) {
1314 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001315 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001316 } else {
1317#if PARSE_PRESERVE_EMPTY_LINES
1318 /* only skip empty leading lines, don't remove them */
1319 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001320 msg->som = ptr - buf->data;
Willy Tarreau8973c702007-01-21 23:58:29 +01001321#else
1322 /* Remove empty leading lines, as recommended by
1323 * RFC2616. This takes a lot of time because we
1324 * must move all the buffer backwards, but this
1325 * is rarely needed. The method above will be
1326 * cleaner when we'll be able to start sending
1327 * the request from any place in the buffer.
1328 */
1329 buf->lr = ptr;
1330 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001331 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001332 msg->sol = buf->data;
1333 ptr = buf->data;
1334 end = buf->r;
1335#endif
1336 }
1337 hdr_idx_init(idx);
1338 state = HTTP_MSG_RPVER;
1339 goto http_msg_rpver;
1340 }
1341
1342 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1343 goto http_msg_invalid;
1344
1345 if (unlikely(*ptr == '\n'))
1346 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1347 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1348 /* stop here */
1349
1350 http_msg_rpbefore_cr:
1351 case HTTP_MSG_RPBEFORE_CR:
1352 EXPECT_LF_HERE(ptr, http_msg_invalid);
1353 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1354 /* stop here */
1355
1356 http_msg_rpver:
1357 case HTTP_MSG_RPVER:
1358 case HTTP_MSG_RPVER_SP:
1359 case HTTP_MSG_RPCODE:
1360 case HTTP_MSG_RPCODE_SP:
1361 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001362 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001363 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001364 if (unlikely(!ptr))
1365 return;
1366
1367 /* we have a full response and we know that we have either a CR
1368 * or an LF at <ptr>.
1369 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001370 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001371 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1372
1373 msg->sol = ptr;
1374 if (likely(*ptr == '\r'))
1375 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1376 goto http_msg_rpline_end;
1377
1378 http_msg_rpline_end:
1379 case HTTP_MSG_RPLINE_END:
1380 /* msg->sol must point to the first of CR or LF. */
1381 EXPECT_LF_HERE(ptr, http_msg_invalid);
1382 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1383 /* stop here */
1384
1385 /*
1386 * Second, states that are specific to the request only
1387 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001388 http_msg_rqbefore:
1389 case HTTP_MSG_RQBEFORE:
1390 if (likely(HTTP_IS_TOKEN(*ptr))) {
1391 if (likely(ptr == buf->data)) {
1392 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001393 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001394 } else {
1395#if PARSE_PRESERVE_EMPTY_LINES
1396 /* only skip empty leading lines, don't remove them */
1397 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001398 msg->som = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001399#else
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001400 /* Remove empty leading lines, as recommended by
1401 * RFC2616. This takes a lot of time because we
1402 * must move all the buffer backwards, but this
1403 * is rarely needed. The method above will be
1404 * cleaner when we'll be able to start sending
1405 * the request from any place in the buffer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001406 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001407 buf->lr = ptr;
1408 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001409 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001410 msg->sol = buf->data;
1411 ptr = buf->data;
1412 end = buf->r;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001413#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001414 }
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001415 /* we will need this when keep-alive will be supported
1416 hdr_idx_init(idx);
1417 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001418 state = HTTP_MSG_RQMETH;
1419 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001420 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001421
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001422 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1423 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001424
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001425 if (unlikely(*ptr == '\n'))
1426 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1427 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001428 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001429
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001430 http_msg_rqbefore_cr:
1431 case HTTP_MSG_RQBEFORE_CR:
1432 EXPECT_LF_HERE(ptr, http_msg_invalid);
1433 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001434 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001435
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001436 http_msg_rqmeth:
1437 case HTTP_MSG_RQMETH:
1438 case HTTP_MSG_RQMETH_SP:
1439 case HTTP_MSG_RQURI:
1440 case HTTP_MSG_RQURI_SP:
1441 case HTTP_MSG_RQVER:
1442 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001443 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001444 if (unlikely(!ptr))
1445 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001446
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001447 /* we have a full request and we know that we have either a CR
1448 * or an LF at <ptr>.
1449 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001450 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001451 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001452
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001453 msg->sol = ptr;
1454 if (likely(*ptr == '\r'))
1455 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001456 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001457
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001458 http_msg_rqline_end:
1459 case HTTP_MSG_RQLINE_END:
1460 /* check for HTTP/0.9 request : no version information available.
1461 * msg->sol must point to the first of CR or LF.
1462 */
1463 if (unlikely(msg->sl.rq.v_l == 0))
1464 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001465
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001466 EXPECT_LF_HERE(ptr, http_msg_invalid);
1467 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001468 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001469
Willy Tarreau8973c702007-01-21 23:58:29 +01001470 /*
1471 * Common states below
1472 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001473 http_msg_hdr_first:
1474 case HTTP_MSG_HDR_FIRST:
1475 msg->sol = ptr;
1476 if (likely(!HTTP_IS_CRLF(*ptr))) {
1477 goto http_msg_hdr_name;
1478 }
1479
1480 if (likely(*ptr == '\r'))
1481 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1482 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001483
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001484 http_msg_hdr_name:
1485 case HTTP_MSG_HDR_NAME:
1486 /* assumes msg->sol points to the first char */
1487 if (likely(HTTP_IS_TOKEN(*ptr)))
1488 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001489
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001490 if (likely(*ptr == ':')) {
1491 msg->col = ptr - buf->data;
1492 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1493 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001494
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001495 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001496
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001497 http_msg_hdr_l1_sp:
1498 case HTTP_MSG_HDR_L1_SP:
1499 /* assumes msg->sol points to the first char and msg->col to the colon */
1500 if (likely(HTTP_IS_SPHT(*ptr)))
1501 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001502
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001503 /* header value can be basically anything except CR/LF */
1504 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001505
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001506 if (likely(!HTTP_IS_CRLF(*ptr))) {
1507 goto http_msg_hdr_val;
1508 }
1509
1510 if (likely(*ptr == '\r'))
1511 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1512 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001513
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001514 http_msg_hdr_l1_lf:
1515 case HTTP_MSG_HDR_L1_LF:
1516 EXPECT_LF_HERE(ptr, http_msg_invalid);
1517 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001518
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001519 http_msg_hdr_l1_lws:
1520 case HTTP_MSG_HDR_L1_LWS:
1521 if (likely(HTTP_IS_SPHT(*ptr))) {
1522 /* replace HT,CR,LF with spaces */
1523 for (; buf->data+msg->sov < ptr; msg->sov++)
1524 buf->data[msg->sov] = ' ';
1525 goto http_msg_hdr_l1_sp;
1526 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001527 /* we had a header consisting only in spaces ! */
1528 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001529 goto http_msg_complete_header;
1530
1531 http_msg_hdr_val:
1532 case HTTP_MSG_HDR_VAL:
1533 /* assumes msg->sol points to the first char, msg->col to the
1534 * colon, and msg->sov points to the first character of the
1535 * value.
1536 */
1537 if (likely(!HTTP_IS_CRLF(*ptr)))
1538 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001539
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001540 msg->eol = ptr;
1541 /* Note: we could also copy eol into ->eoh so that we have the
1542 * real header end in case it ends with lots of LWS, but is this
1543 * really needed ?
1544 */
1545 if (likely(*ptr == '\r'))
1546 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1547 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001548
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001549 http_msg_hdr_l2_lf:
1550 case HTTP_MSG_HDR_L2_LF:
1551 EXPECT_LF_HERE(ptr, http_msg_invalid);
1552 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001553
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001554 http_msg_hdr_l2_lws:
1555 case HTTP_MSG_HDR_L2_LWS:
1556 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1557 /* LWS: replace HT,CR,LF with spaces */
1558 for (; msg->eol < ptr; msg->eol++)
1559 *msg->eol = ' ';
1560 goto http_msg_hdr_val;
1561 }
1562 http_msg_complete_header:
1563 /*
1564 * It was a new header, so the last one is finished.
1565 * Assumes msg->sol points to the first char, msg->col to the
1566 * colon, msg->sov points to the first character of the value
1567 * and msg->eol to the first CR or LF so we know how the line
1568 * ends. We insert last header into the index.
1569 */
1570 /*
1571 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1572 write(2, msg->sol, msg->eol-msg->sol);
1573 fprintf(stderr,"\n");
1574 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001575
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001576 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1577 idx, idx->tail) < 0))
1578 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001579
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001580 msg->sol = ptr;
1581 if (likely(!HTTP_IS_CRLF(*ptr))) {
1582 goto http_msg_hdr_name;
1583 }
1584
1585 if (likely(*ptr == '\r'))
1586 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1587 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001588
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001589 http_msg_last_lf:
1590 case HTTP_MSG_LAST_LF:
1591 /* Assumes msg->sol points to the first of either CR or LF */
1592 EXPECT_LF_HERE(ptr, http_msg_invalid);
1593 ptr++;
1594 buf->lr = ptr;
1595 msg->eoh = msg->sol - buf->data;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001596 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001597 return;
1598#ifdef DEBUG_FULL
1599 default:
1600 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1601 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001602#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001603 }
1604 http_msg_ood:
1605 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001606 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001607 buf->lr = ptr;
1608 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001609
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001610 http_msg_invalid:
1611 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001612 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001613 return;
1614}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001615
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001616/* This function performs all the processing enabled for the current request.
Willy Tarreaudafde432008-08-17 01:00:46 +02001617 * It normally returns zero, but may return 1 if it absolutely needs to be
1618 * called again after other functions. It relies on buffers flags, and updates
1619 * t->analysis. It might make sense to explode it into several other functions.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001620 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001621int process_request(struct session *t)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001622{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001623 struct buffer *req = t->req;
1624 struct buffer *rep = t->rep;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001625
Willy Tarreaue46ab552008-08-13 19:19:37 +02001626 DPRINTF(stderr,"[%u] process_req: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x analysis=%02x\n",
1627 now_ms,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001628 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02001629 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
1630 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001631 req->rex, rep->wex, req->flags, rep->flags, t->analysis);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001632
Willy Tarreaudafde432008-08-17 01:00:46 +02001633 update_state:
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001634 if (t->analysis & AN_REQ_INSPECT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001635 struct tcp_rule *rule;
1636 int partial;
1637
1638 /* We will abort if we encounter a read error. In theory,
1639 * we should not abort if we get a close, it might be
1640 * valid, also very unlikely. FIXME: we'll abort for now,
1641 * this will be easier to change later.
1642 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001643 if (req->flags & BF_READ_ERROR) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001644 t->inspect_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001645 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001646 t->fe->failed_req++;
1647 if (!(t->flags & SN_ERR_MASK))
1648 t->flags |= SN_ERR_CLICL;
1649 if (!(t->flags & SN_FINST_MASK))
1650 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001651 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001652 }
1653
1654 /* Abort if client read timeout has expired */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001655 else if (req->flags & BF_READ_TIMEOUT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001656 t->inspect_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001657 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001658 t->fe->failed_req++;
1659 if (!(t->flags & SN_ERR_MASK))
1660 t->flags |= SN_ERR_CLITO;
1661 if (!(t->flags & SN_FINST_MASK))
1662 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001663 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001664 }
1665
1666 /* We don't know whether we have enough data, so must proceed
1667 * this way :
1668 * - iterate through all rules in their declaration order
1669 * - if one rule returns MISS, it means the inspect delay is
1670 * not over yet, then return immediately, otherwise consider
1671 * it as a non-match.
1672 * - if one rule returns OK, then return OK
1673 * - if one rule returns KO, then return KO
1674 */
1675
Willy Tarreauba392ce2008-08-16 21:13:23 +02001676 if (req->flags & (BF_READ_NULL | BF_SHUTR) ||
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001677 tick_is_expired(t->inspect_exp, now_ms))
Willy Tarreaub6866442008-07-14 23:54:42 +02001678 partial = 0;
1679 else
1680 partial = ACL_PARTIAL;
1681
1682 list_for_each_entry(rule, &t->fe->tcp_req.inspect_rules, list) {
1683 int ret = ACL_PAT_PASS;
1684
1685 if (rule->cond) {
1686 ret = acl_exec_cond(rule->cond, t->fe, t, NULL, ACL_DIR_REQ | partial);
1687 if (ret == ACL_PAT_MISS) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001688 /* just set the request timeout once at the beginning of the request */
1689 if (!tick_isset(t->inspect_exp))
1690 t->inspect_exp = tick_add_ifset(now_ms, t->fe->tcp_req.inspect_delay);
Willy Tarreaudafde432008-08-17 01:00:46 +02001691 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001692 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001693
Willy Tarreaub6866442008-07-14 23:54:42 +02001694 ret = acl_pass(ret);
1695 if (rule->cond->pol == ACL_COND_UNLESS)
1696 ret = !ret;
1697 }
1698
1699 if (ret) {
1700 /* we have a matching rule. */
1701 if (rule->action == TCP_ACT_REJECT) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02001702 buffer_shutr(req);
1703 buffer_shutw(rep);
Willy Tarreaub6866442008-07-14 23:54:42 +02001704 fd_delete(t->cli_fd);
1705 t->cli_state = CL_STCLOSE;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001706 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001707 t->fe->failed_req++;
1708 if (!(t->flags & SN_ERR_MASK))
1709 t->flags |= SN_ERR_PRXCOND;
1710 if (!(t->flags & SN_FINST_MASK))
1711 t->flags |= SN_FINST_R;
1712 t->inspect_exp = TICK_ETERNITY;
Willy Tarreaudafde432008-08-17 01:00:46 +02001713 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001714 }
1715 /* otherwise accept */
1716 break;
1717 }
1718 }
1719
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001720 /* if we get there, it means we have no rule which matches, or
1721 * we have an explicit accept, so we apply the default accept.
Willy Tarreaub6866442008-07-14 23:54:42 +02001722 */
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001723 t->analysis &= ~AN_REQ_INSPECT;
Willy Tarreaub6866442008-07-14 23:54:42 +02001724 t->inspect_exp = TICK_ETERNITY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001725 }
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001726
1727 if (t->analysis & AN_REQ_HTTP_HDR) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001728 /*
1729 * Now parse the partial (or complete) lines.
1730 * We will check the request syntax, and also join multi-line
1731 * headers. An index of all the lines will be elaborated while
1732 * parsing.
1733 *
Willy Tarreau8973c702007-01-21 23:58:29 +01001734 * For the parsing, we use a 28 states FSM.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001735 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001736 * Here is the information we currently have :
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001737 * req->data + req->som = beginning of request
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001738 * req->data + req->eoh = end of processed headers / start of current one
1739 * req->data + req->eol = end of current header or line (LF or CRLF)
1740 * req->lr = first non-visited byte
1741 * req->r = end of data
1742 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001743
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001744 int cur_idx;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001745 struct http_txn *txn = &t->txn;
1746 struct http_msg *msg = &txn->req;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001747 struct proxy *cur_proxy;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001748
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001749 if (likely(req->lr < req->r))
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001750 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001751
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001752 /* 1: we might have to print this header in debug mode */
1753 if (unlikely((global.mode & MODE_DEBUG) &&
1754 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001755 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001756 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001757
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001758 sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001759 eol = sol + msg->sl.rq.l;
1760 debug_hdr("clireq", t, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01001761
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001762 sol += hdr_idx_first_pos(&txn->hdr_idx);
1763 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001764
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001765 while (cur_idx) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001766 eol = sol + txn->hdr_idx.v[cur_idx].len;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001767 debug_hdr("clihdr", t, sol, eol);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001768 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
1769 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001770 }
1771 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001772
Willy Tarreau58f10d72006-12-04 02:26:12 +01001773
1774 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001775 * Now we quickly check if we have found a full valid request.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001776 * If not so, we check the FD and buffer states before leaving.
1777 * A full request is indicated by the fact that we have seen
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001778 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
1779 * requests are checked first.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001780 *
1781 */
1782
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001783 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001784 /*
1785 * First, let's catch bad requests.
1786 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001787 if (unlikely(msg->msg_state == HTTP_MSG_ERROR))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001788 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001789
1790 /* 1: Since we are in header mode, if there's no space
1791 * left for headers, we won't be able to free more
1792 * later, so the session will never terminate. We
1793 * must terminate it now.
1794 */
Willy Tarreaue393fe22008-08-16 22:18:07 +02001795 if (unlikely(req->flags & BF_FULL)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001796 /* FIXME: check if URI is set and return Status
1797 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001798 */
Willy Tarreau06619262006-12-17 08:37:22 +01001799 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001800 }
1801
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001802 /* 2: have we encountered a close ? */
1803 else if (req->flags & BF_READ_NULL) {
1804 txn->status = 400;
1805 client_retnclose(t, error_message(t, HTTP_ERR_400));
1806 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001807 t->analysis &= ~AN_REQ_ANY;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001808 t->fe->failed_req++;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001809
Willy Tarreau58f10d72006-12-04 02:26:12 +01001810 if (!(t->flags & SN_ERR_MASK))
1811 t->flags |= SN_ERR_CLICL;
1812 if (!(t->flags & SN_FINST_MASK))
1813 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001814 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001815 }
1816
1817 /* 3: has the read timeout expired ? */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001818 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(txn->exp, now_ms)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01001819 /* read timeout : give up with an error message. */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001820 txn->status = 408;
Willy Tarreau80587432006-12-24 17:47:20 +01001821 client_retnclose(t, error_message(t, HTTP_ERR_408));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001822 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001823 t->analysis &= ~AN_REQ_ANY;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001824 t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001825 if (!(t->flags & SN_ERR_MASK))
1826 t->flags |= SN_ERR_CLITO;
1827 if (!(t->flags & SN_FINST_MASK))
1828 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001829 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001830 }
1831
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001832 /* 4: have we encountered a read error or did we have to shutdown ? */
Willy Tarreauba392ce2008-08-16 21:13:23 +02001833 else if (req->flags & (BF_READ_ERROR | BF_SHUTR)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001834 /* we cannot return any message on error */
1835 msg->msg_state = HTTP_MSG_ERROR;
1836 t->analysis &= ~AN_REQ_ANY;
1837 t->fe->failed_req++;
1838 if (!(t->flags & SN_ERR_MASK))
1839 t->flags |= SN_ERR_CLICL;
1840 if (!(t->flags & SN_FINST_MASK))
1841 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001842 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001843 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001844
1845 /* just set the request timeout once at the beginning of the request */
1846 if (!tick_isset(t->txn.exp))
1847 t->txn.exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
1848
1849 /* we're not ready yet */
Willy Tarreaudafde432008-08-17 01:00:46 +02001850 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001851 }
1852
1853
1854 /****************************************************************
1855 * More interesting part now : we know that we have a complete *
1856 * request which at least looks like HTTP. We have an indicator *
1857 * of each header's length, so we can parse them quickly. *
1858 ****************************************************************/
1859
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001860 t->analysis &= ~AN_REQ_HTTP_HDR;
1861
Willy Tarreau9cdde232007-05-02 20:58:19 +02001862 /* ensure we keep this pointer to the beginning of the message */
1863 msg->sol = req->data + msg->som;
1864
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001865 /*
1866 * 1: identify the method
1867 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001868 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001869
1870 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001871 * 2: check if the URI matches the monitor_uri.
Willy Tarreau06619262006-12-17 08:37:22 +01001872 * We have to do this for every request which gets in, because
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001873 * the monitor-uri is defined by the frontend.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001874 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001875 if (unlikely((t->fe->monitor_uri_len != 0) &&
1876 (t->fe->monitor_uri_len == msg->sl.rq.u_l) &&
1877 !memcmp(&req->data[msg->sl.rq.u],
1878 t->fe->monitor_uri,
1879 t->fe->monitor_uri_len))) {
1880 /*
1881 * We have found the monitor URI
1882 */
Willy Tarreaub80c2302007-11-30 20:51:32 +01001883 struct acl_cond *cond;
1884 cur_proxy = t->fe;
1885
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001886 t->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01001887
1888 /* Check if we want to fail this monitor request or not */
1889 list_for_each_entry(cond, &cur_proxy->mon_fail_cond, list) {
1890 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02001891
1892 ret = acl_pass(ret);
Willy Tarreaub80c2302007-11-30 20:51:32 +01001893 if (cond->pol == ACL_COND_UNLESS)
1894 ret = !ret;
1895
1896 if (ret) {
1897 /* we fail this request, let's return 503 service unavail */
1898 txn->status = 503;
1899 client_retnclose(t, error_message(t, HTTP_ERR_503));
1900 goto return_prx_cond;
1901 }
1902 }
1903
1904 /* nothing to fail, let's reply normaly */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001905 txn->status = 200;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001906 client_retnclose(t, &http_200_chunk);
1907 goto return_prx_cond;
1908 }
1909
1910 /*
1911 * 3: Maybe we have to copy the original REQURI for the logs ?
1912 * Note: we cannot log anymore if the request has been
1913 * classified as invalid.
1914 */
1915 if (unlikely(t->logs.logwait & LW_REQ)) {
1916 /* we have a complete HTTP request that we must log */
Willy Tarreau332f8bf2007-05-13 21:36:56 +02001917 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001918 int urilen = msg->sl.rq.l;
1919
1920 if (urilen >= REQURI_LEN)
1921 urilen = REQURI_LEN - 1;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001922 memcpy(txn->uri, &req->data[msg->som], urilen);
1923 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001924
1925 if (!(t->logs.logwait &= ~LW_REQ))
Willy Tarreau42250582007-04-01 01:30:43 +02001926 http_sess_log(t);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001927 } else {
1928 Alert("HTTP logging : out of memory.\n");
1929 }
1930 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001931
Willy Tarreau06619262006-12-17 08:37:22 +01001932
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001933 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
1934 if (unlikely(msg->sl.rq.v_l == 0)) {
1935 int delta;
1936 char *cur_end;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001937 msg->sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001938 cur_end = msg->sol + msg->sl.rq.l;
1939 delta = 0;
Willy Tarreau06619262006-12-17 08:37:22 +01001940
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001941 if (msg->sl.rq.u_l == 0) {
1942 /* if no URI was set, add "/" */
1943 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
1944 cur_end += delta;
1945 msg->eoh += delta;
Willy Tarreau06619262006-12-17 08:37:22 +01001946 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001947 /* add HTTP version */
1948 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
1949 msg->eoh += delta;
1950 cur_end += delta;
1951 cur_end = (char *)http_parse_reqline(msg, req->data,
1952 HTTP_MSG_RQMETH,
1953 msg->sol, cur_end + 1,
1954 NULL, NULL);
1955 if (unlikely(!cur_end))
1956 goto return_bad_req;
1957
1958 /* we have a full HTTP/1.0 request now and we know that
1959 * we have either a CR or an LF at <ptr>.
1960 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001961 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
Willy Tarreau58f10d72006-12-04 02:26:12 +01001962 }
1963
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001964
1965 /* 5: we may need to capture headers */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001966 if (unlikely((t->logs.logwait & LW_REQHDR) && t->fe->req_cap))
Willy Tarreau117f59e2007-03-04 18:17:17 +01001967 capture_headers(req->data + msg->som, &txn->hdr_idx,
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001968 txn->req.cap, t->fe->req_cap);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001969
1970 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001971 * 6: we will have to evaluate the filters.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001972 * As opposed to version 1.2, now they will be evaluated in the
1973 * filters order and not in the header order. This means that
1974 * each filter has to be validated among all headers.
Willy Tarreau06619262006-12-17 08:37:22 +01001975 *
1976 * We can now check whether we want to switch to another
1977 * backend, in which case we will re-check the backend's
1978 * filters and various options. In order to support 3-level
1979 * switching, here's how we should proceed :
1980 *
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001981 * a) run be.
Willy Tarreau830ff452006-12-17 19:31:23 +01001982 * if (switch) then switch ->be to the new backend.
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001983 * b) run be if (be != fe).
Willy Tarreau06619262006-12-17 08:37:22 +01001984 * There cannot be any switch from there, so ->be cannot be
1985 * changed anymore.
1986 *
Willy Tarreau830ff452006-12-17 19:31:23 +01001987 * => filters always apply to ->be, then ->be may change.
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001988 *
Willy Tarreau830ff452006-12-17 19:31:23 +01001989 * The response path will be able to apply either ->be, or
1990 * ->be then ->fe filters in order to match the reverse of
1991 * the forward sequence.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001992 */
1993
Willy Tarreau06619262006-12-17 08:37:22 +01001994 do {
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02001995 struct acl_cond *cond;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02001996 struct redirect_rule *rule;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001997 struct proxy *rule_set = t->be;
Willy Tarreau830ff452006-12-17 19:31:23 +01001998 cur_proxy = t->be;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001999
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002000 /* first check whether we have some ACLs set to redirect this request */
2001 list_for_each_entry(rule, &cur_proxy->redirect_rules, list) {
2002 int ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002003
2004 ret = acl_pass(ret);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002005 if (rule->cond->pol == ACL_COND_UNLESS)
2006 ret = !ret;
2007
2008 if (ret) {
2009 struct chunk rdr = { trash, 0 };
2010 const char *msg_fmt;
2011
2012 /* build redirect message */
2013 switch(rule->code) {
2014 case 303:
2015 rdr.len = strlen(HTTP_303);
2016 msg_fmt = HTTP_303;
2017 break;
2018 case 301:
2019 rdr.len = strlen(HTTP_301);
2020 msg_fmt = HTTP_301;
2021 break;
2022 case 302:
2023 default:
2024 rdr.len = strlen(HTTP_302);
2025 msg_fmt = HTTP_302;
2026 break;
2027 }
2028
2029 if (unlikely(rdr.len > sizeof(trash)))
2030 goto return_bad_req;
2031 memcpy(rdr.str, msg_fmt, rdr.len);
2032
2033 switch(rule->type) {
2034 case REDIRECT_TYPE_PREFIX: {
2035 const char *path;
2036 int pathlen;
2037
2038 path = http_get_path(txn);
2039 /* build message using path */
2040 if (path) {
2041 pathlen = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
2042 } else {
2043 path = "/";
2044 pathlen = 1;
2045 }
2046
2047 if (rdr.len + rule->rdr_len + pathlen > sizeof(trash) - 4)
2048 goto return_bad_req;
2049
2050 /* add prefix */
2051 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2052 rdr.len += rule->rdr_len;
2053
2054 /* add path */
2055 memcpy(rdr.str + rdr.len, path, pathlen);
2056 rdr.len += pathlen;
2057 break;
2058 }
2059 case REDIRECT_TYPE_LOCATION:
2060 default:
2061 if (rdr.len + rule->rdr_len > sizeof(trash) - 4)
2062 goto return_bad_req;
2063
2064 /* add location */
2065 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2066 rdr.len += rule->rdr_len;
2067 break;
2068 }
2069
2070 /* add end of headers */
2071 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
2072 rdr.len += 4;
2073
2074 txn->status = rule->code;
2075 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002076 t->logs.tv_request = now;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002077 client_retnclose(t, &rdr);
2078 goto return_prx_cond;
2079 }
2080 }
2081
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002082 /* first check whether we have some ACLs set to block this request */
2083 list_for_each_entry(cond, &cur_proxy->block_cond, list) {
Willy Tarreaud41f8d82007-06-10 10:06:18 +02002084 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002085
2086 ret = acl_pass(ret);
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002087 if (cond->pol == ACL_COND_UNLESS)
2088 ret = !ret;
2089
2090 if (ret) {
2091 txn->status = 403;
2092 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002093 t->logs.tv_request = now;
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002094 client_retnclose(t, error_message(t, HTTP_ERR_403));
2095 goto return_prx_cond;
2096 }
2097 }
2098
Willy Tarreau06619262006-12-17 08:37:22 +01002099 /* try headers filters */
Willy Tarreau53b6c742006-12-17 13:37:46 +01002100 if (rule_set->req_exp != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002101 if (apply_filters_to_request(t, req, rule_set->req_exp) < 0)
2102 goto return_bad_req;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002103 }
2104
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002105 if (!(t->flags & SN_BE_ASSIGNED) && (t->be != cur_proxy)) {
2106 /* to ensure correct connection accounting on
2107 * the backend, we count the connection for the
2108 * one managing the queue.
2109 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002110 t->be->beconn++;
2111 if (t->be->beconn > t->be->beconn_max)
2112 t->be->beconn_max = t->be->beconn;
2113 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002114 t->flags |= SN_BE_ASSIGNED;
2115 }
2116
Willy Tarreau06619262006-12-17 08:37:22 +01002117 /* has the request been denied ? */
Willy Tarreau3d300592007-03-18 18:34:41 +01002118 if (txn->flags & TX_CLDENY) {
Willy Tarreau06619262006-12-17 08:37:22 +01002119 /* no need to go further */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002120 txn->status = 403;
Willy Tarreau06619262006-12-17 08:37:22 +01002121 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002122 t->logs.tv_request = now;
Willy Tarreau80587432006-12-24 17:47:20 +01002123 client_retnclose(t, error_message(t, HTTP_ERR_403));
Willy Tarreau06619262006-12-17 08:37:22 +01002124 goto return_prx_cond;
2125 }
2126
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002127 /* We might have to check for "Connection:" */
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002128 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002129 !(t->flags & SN_CONN_CLOSED)) {
2130 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002131 int cur_idx, old_idx, delta, val;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002132 struct hdr_idx_elem *cur_hdr;
Willy Tarreau06619262006-12-17 08:37:22 +01002133
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002134 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002135 old_idx = 0;
2136
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002137 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2138 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002139 cur_ptr = cur_next;
2140 cur_end = cur_ptr + cur_hdr->len;
2141 cur_next = cur_end + cur_hdr->cr + 1;
2142
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002143 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2144 if (val) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002145 /* 3 possibilities :
2146 * - we have already set Connection: close,
2147 * so we remove this line.
2148 * - we have not yet set Connection: close,
2149 * but this line indicates close. We leave
2150 * it untouched and set the flag.
2151 * - we have not yet set Connection: close,
2152 * and this line indicates non-close. We
2153 * replace it.
2154 */
2155 if (t->flags & SN_CONN_CLOSED) {
2156 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002157 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002158 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002159 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2160 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002161 cur_hdr->len = 0;
2162 } else {
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002163 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2164 delta = buffer_replace2(req, cur_ptr + val, cur_end,
2165 "close", 5);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002166 cur_next += delta;
2167 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002168 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002169 }
2170 t->flags |= SN_CONN_CLOSED;
2171 }
2172 }
2173 old_idx = cur_idx;
2174 }
Willy Tarreauf2f0ee82007-03-30 12:02:43 +02002175 }
2176 /* add request headers from the rule sets in the same order */
2177 for (cur_idx = 0; cur_idx < rule_set->nb_reqadd; cur_idx++) {
2178 if (unlikely(http_header_add_tail(req,
2179 &txn->req,
2180 &txn->hdr_idx,
2181 rule_set->req_add[cur_idx])) < 0)
2182 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01002183 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002184
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002185 /* check if stats URI was requested, and if an auth is needed */
Willy Tarreau0214c3a2007-01-07 13:47:30 +01002186 if (rule_set->uri_auth != NULL &&
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002187 (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002188 /* we have to check the URI and auth for this request.
2189 * FIXME!!! that one is rather dangerous, we want to
2190 * make it follow standard rules (eg: clear t->analysis).
2191 */
Willy Tarreaub2513902006-12-17 14:52:38 +01002192 if (stats_check_uri_auth(t, rule_set))
2193 return 1;
2194 }
2195
Willy Tarreau55ea7572007-06-17 19:56:27 +02002196 /* now check whether we have some switching rules for this request */
2197 if (!(t->flags & SN_BE_ASSIGNED)) {
2198 struct switching_rule *rule;
2199
2200 list_for_each_entry(rule, &cur_proxy->switching_rules, list) {
2201 int ret;
2202
2203 ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002204
2205 ret = acl_pass(ret);
Willy Tarreaua8cfa342008-07-09 11:23:31 +02002206 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreau55ea7572007-06-17 19:56:27 +02002207 ret = !ret;
2208
2209 if (ret) {
2210 t->be = rule->be.backend;
2211 t->be->beconn++;
2212 if (t->be->beconn > t->be->beconn_max)
2213 t->be->beconn_max = t->be->beconn;
2214 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002215
2216 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002217 t->rep->rto = t->req->wto = t->be->timeout.server;
2218 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002219 t->conn_retries = t->be->conn_retries;
Willy Tarreau55ea7572007-06-17 19:56:27 +02002220 t->flags |= SN_BE_ASSIGNED;
2221 break;
2222 }
2223 }
2224 }
2225
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002226 if (!(t->flags & SN_BE_ASSIGNED) && cur_proxy->defbe.be) {
2227 /* No backend was set, but there was a default
2228 * backend set in the frontend, so we use it and
2229 * loop again.
2230 */
2231 t->be = cur_proxy->defbe.be;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002232 t->be->beconn++;
2233 if (t->be->beconn > t->be->beconn_max)
2234 t->be->beconn_max = t->be->beconn;
2235 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002236
2237 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002238 t->rep->rto = t->req->wto = t->be->timeout.server;
2239 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002240 t->conn_retries = t->be->conn_retries;
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002241 t->flags |= SN_BE_ASSIGNED;
2242 }
2243 } while (t->be != cur_proxy); /* we loop only if t->be has changed */
Willy Tarreau2a324282006-12-05 00:05:46 +01002244
Willy Tarreau58f10d72006-12-04 02:26:12 +01002245
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002246 if (!(t->flags & SN_BE_ASSIGNED)) {
2247 /* To ensure correct connection accounting on
2248 * the backend, we count the connection for the
2249 * one managing the queue.
2250 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002251 t->be->beconn++;
2252 if (t->be->beconn > t->be->beconn_max)
2253 t->be->beconn_max = t->be->beconn;
2254 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002255 t->flags |= SN_BE_ASSIGNED;
2256 }
2257
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002258 /*
2259 * Right now, we know that we have processed the entire headers
Willy Tarreau2a324282006-12-05 00:05:46 +01002260 * and that unwanted requests have been filtered out. We can do
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002261 * whatever we want with the remaining request. Also, now we
Willy Tarreau830ff452006-12-17 19:31:23 +01002262 * may have separate values for ->fe, ->be.
Willy Tarreau2a324282006-12-05 00:05:46 +01002263 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002264
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01002265 /*
2266 * If HTTP PROXY is set we simply get remote server address
2267 * parsing incoming request.
2268 */
2269 if ((t->be->options & PR_O_HTTP_PROXY) && !(t->flags & SN_ADDR_SET)) {
2270 url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &t->srv_addr);
2271 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002272
Willy Tarreau2a324282006-12-05 00:05:46 +01002273 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002274 * 7: the appsession cookie was looked up very early in 1.2,
Willy Tarreau06619262006-12-17 08:37:22 +01002275 * so let's do the same now.
2276 */
2277
2278 /* It needs to look into the URI */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002279 if (t->be->appsession_name) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002280 get_srv_from_appsession(t, &req->data[msg->som], msg->sl.rq.l);
Willy Tarreau06619262006-12-17 08:37:22 +01002281 }
2282
2283
2284 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002285 * 8: Now we can work with the cookies.
Willy Tarreau2a324282006-12-05 00:05:46 +01002286 * Note that doing so might move headers in the request, but
2287 * the fields will stay coherent and the URI will not move.
Willy Tarreau06619262006-12-17 08:37:22 +01002288 * This should only be performed in the backend.
Willy Tarreau2a324282006-12-05 00:05:46 +01002289 */
Willy Tarreau396d2c62007-11-04 19:30:00 +01002290 if ((t->be->cookie_name || t->be->appsession_name || t->be->capture_name)
2291 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
Willy Tarreau2a324282006-12-05 00:05:46 +01002292 manage_client_side_cookies(t, req);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002293
Willy Tarreau58f10d72006-12-04 02:26:12 +01002294
Willy Tarreau2a324282006-12-05 00:05:46 +01002295 /*
Willy Tarreaubb046ac2007-03-03 19:17:03 +01002296 * 9: add X-Forwarded-For if either the frontend or the backend
2297 * asks for it.
Willy Tarreau2a324282006-12-05 00:05:46 +01002298 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002299 if ((t->fe->options | t->be->options) & PR_O_FWDFOR) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002300 if (t->cli_addr.ss_family == AF_INET) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002301 /* Add an X-Forwarded-For header unless the source IP is
2302 * in the 'except' network range.
2303 */
2304 if ((!t->fe->except_mask.s_addr ||
2305 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->fe->except_mask.s_addr)
2306 != t->fe->except_net.s_addr) &&
2307 (!t->be->except_mask.s_addr ||
2308 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->be->except_mask.s_addr)
2309 != t->be->except_net.s_addr)) {
2310 int len;
2311 unsigned char *pn;
2312 pn = (unsigned char *)&((struct sockaddr_in *)&t->cli_addr)->sin_addr;
Willy Tarreau45e73e32006-12-17 00:05:15 +01002313
Ross Westaf72a1d2008-08-03 10:51:45 +02002314 /* Note: we rely on the backend to get the header name to be used for
2315 * x-forwarded-for, because the header is really meant for the backends.
2316 * However, if the backend did not specify any option, we have to rely
2317 * on the frontend's header name.
2318 */
2319 if (t->be->fwdfor_hdr_len) {
2320 len = t->be->fwdfor_hdr_len;
2321 memcpy(trash, t->be->fwdfor_hdr_name, len);
2322 } else {
2323 len = t->fe->fwdfor_hdr_len;
2324 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2325 }
2326 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002327
Ross Westaf72a1d2008-08-03 10:51:45 +02002328 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002329 &txn->hdr_idx, trash, len)) < 0)
2330 goto return_bad_req;
2331 }
Willy Tarreau2a324282006-12-05 00:05:46 +01002332 }
2333 else if (t->cli_addr.ss_family == AF_INET6) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002334 /* FIXME: for the sake of completeness, we should also support
2335 * 'except' here, although it is mostly useless in this case.
2336 */
Willy Tarreau2a324282006-12-05 00:05:46 +01002337 int len;
2338 char pn[INET6_ADDRSTRLEN];
2339 inet_ntop(AF_INET6,
2340 (const void *)&((struct sockaddr_in6 *)(&t->cli_addr))->sin6_addr,
2341 pn, sizeof(pn));
Ross Westaf72a1d2008-08-03 10:51:45 +02002342
2343 /* Note: we rely on the backend to get the header name to be used for
2344 * x-forwarded-for, because the header is really meant for the backends.
2345 * However, if the backend did not specify any option, we have to rely
2346 * on the frontend's header name.
2347 */
2348 if (t->be->fwdfor_hdr_len) {
2349 len = t->be->fwdfor_hdr_len;
2350 memcpy(trash, t->be->fwdfor_hdr_name, len);
2351 } else {
2352 len = t->fe->fwdfor_hdr_len;
2353 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2354 }
2355 len += sprintf(trash + len, ": %s", pn);
2356
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002357 if (unlikely(http_header_add_tail2(req, &txn->req,
2358 &txn->hdr_idx, trash, len)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002359 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01002360 }
2361 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002362
Willy Tarreau2a324282006-12-05 00:05:46 +01002363 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002364 * 10: add "Connection: close" if needed and not yet set.
Willy Tarreau2807efd2007-03-25 23:47:23 +02002365 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaub2513902006-12-17 14:52:38 +01002366 */
Willy Tarreau2807efd2007-03-25 23:47:23 +02002367 if (!(t->flags & SN_CONN_CLOSED) &&
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002368 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
Willy Tarreau2807efd2007-03-25 23:47:23 +02002369 if ((unlikely(msg->sl.rq.v_l != 8) ||
2370 unlikely(req->data[msg->som + msg->sl.rq.v + 7] != '0')) &&
2371 unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx,
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002372 "Connection: close", 17)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002373 goto return_bad_req;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002374 t->flags |= SN_CONN_CLOSED;
Willy Tarreaue15d9132006-12-14 22:26:42 +01002375 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002376 /* Before we switch to data, was assignment set in manage_client_side_cookie?
2377 * If not assigned, perhaps we are balancing on url_param, but this is a
2378 * POST; and the parameters are in the body, maybe scan there to find our server.
2379 * (unless headers overflowed the buffer?)
2380 */
2381 if (!(t->flags & (SN_ASSIGNED|SN_DIRECT)) &&
2382 t->txn.meth == HTTP_METH_POST && t->be->url_param_name != NULL &&
Willy Tarreaue393fe22008-08-16 22:18:07 +02002383 t->be->url_param_post_limit != 0 && !(req->flags & BF_FULL) &&
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002384 memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
2385 /* are there enough bytes here? total == l || r || rlim ?
2386 * len is unsigned, but eoh is int,
2387 * how many bytes of body have we received?
2388 * eoh is the first empty line of the header
2389 */
2390 /* already established CRLF or LF at eoh, move to start of message, find message length in buffer */
Willy Tarreaufb0528b2008-08-11 00:21:56 +02002391 unsigned long len = req->l - (msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002392
2393 /* If we have HTTP/1.1 and Expect: 100-continue, then abort.
2394 * We can't assume responsibility for the server's decision,
2395 * on this URI and header set. See rfc2616: 14.20, 8.2.3,
2396 * We also can't change our mind later, about which server to choose, so round robin.
2397 */
2398 if ((likely(msg->sl.rq.v_l == 8) && req->data[msg->som + msg->sl.rq.v + 7] == '1')) {
2399 struct hdr_ctx ctx;
2400 ctx.idx = 0;
2401 /* Expect is allowed in 1.1, look for it */
2402 http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx);
2403 if (ctx.idx != 0 &&
Willy Tarreauadfb8562008-08-11 15:24:42 +02002404 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002405 /* We can't reliablly stall and wait for data, because of
2406 * .NET clients that don't conform to rfc2616; so, no need for
2407 * the next block to check length expectations.
2408 * We could send 100 status back to the client, but then we need to
2409 * re-write headers, and send the message. And this isn't the right
2410 * place for that action.
2411 * TODO: support Expect elsewhere and delete this block.
2412 */
2413 goto end_check_maybe_wait_for_body;
2414 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002415
2416 if (likely(len > t->be->url_param_post_limit)) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002417 /* nothing to do, we got enough */
2418 } else {
2419 /* limit implies we are supposed to need this many bytes
2420 * to find the parameter. Let's see how many bytes we can wait for.
2421 */
2422 long long hint = len;
2423 struct hdr_ctx ctx;
2424 ctx.idx = 0;
2425 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx);
Willy Tarreauadfb8562008-08-11 15:24:42 +02002426 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0)
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002427 t->analysis |= AN_REQ_HTTP_BODY;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002428 else {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002429 ctx.idx = 0;
2430 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx);
2431 /* now if we have a length, we'll take the hint */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002432 if (ctx.idx) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002433 /* We have Content-Length */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002434 if (strl2llrc(ctx.line+ctx.val,ctx.vlen, &hint))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002435 hint = 0; /* parse failure, untrusted client */
2436 else {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002437 if (hint > 0)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002438 msg->hdr_content_len = hint;
2439 else
2440 hint = 0; /* bad client, sent negative length */
2441 }
2442 }
2443 /* but limited to what we care about, maybe we don't expect any entity data (hint == 0) */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002444 if (t->be->url_param_post_limit < hint)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002445 hint = t->be->url_param_post_limit;
2446 /* now do we really need to buffer more data? */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002447 if (len < hint)
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002448 t->analysis |= AN_REQ_HTTP_BODY;
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002449 /* else... There are no body bytes to wait for */
2450 }
2451 }
2452 }
2453 end_check_maybe_wait_for_body:
Willy Tarreaubaaee002006-06-26 02:48:02 +02002454
Willy Tarreau2a324282006-12-05 00:05:46 +01002455 /*************************************************************
2456 * OK, that's finished for the headers. We have done what we *
2457 * could. Let's switch to the DATA state. *
2458 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02002459
Willy Tarreaue393fe22008-08-16 22:18:07 +02002460 buffer_set_rlim(req, BUFSIZE); /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02002461 t->logs.tv_request = now;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002462
Willy Tarreau1fa31262007-12-03 00:36:16 +01002463 /* When a connection is tarpitted, we use the tarpit timeout,
2464 * which may be the same as the connect timeout if unspecified.
2465 * If unset, then set it to zero because we really want it to
2466 * eventually expire.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002467 * FIXME: this part should be moved elsewhere (eg: on the server side)
Willy Tarreau2a324282006-12-05 00:05:46 +01002468 */
Willy Tarreau3d300592007-03-18 18:34:41 +01002469 if (txn->flags & TX_CLTARPIT) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02002470 buffer_flush(t->req);
Willy Tarreau2a324282006-12-05 00:05:46 +01002471 /* flush the request so that we can drop the connection early
2472 * if the client closes first.
2473 */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02002474 req->wex = tick_add_ifset(now_ms, t->be->timeout.tarpit);
2475 if (!req->wex)
2476 req->wex = now_ms;
Willy Tarreau2a324282006-12-05 00:05:46 +01002477 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002478
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002479 /* OK let's go on with the BODY now */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002480 goto end_of_headers;
Willy Tarreau06619262006-12-17 08:37:22 +01002481
2482 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002483 txn->req.msg_state = HTTP_MSG_ERROR;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002484 txn->status = 400;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002485 t->analysis &= ~AN_REQ_ANY;
Willy Tarreau80587432006-12-24 17:47:20 +01002486 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01002487 t->fe->failed_req++;
Willy Tarreau06619262006-12-17 08:37:22 +01002488 return_prx_cond:
2489 if (!(t->flags & SN_ERR_MASK))
2490 t->flags |= SN_ERR_PRXCOND;
2491 if (!(t->flags & SN_FINST_MASK))
2492 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002493 return 0;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002494 end_of_headers:
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002495 ; // to keep gcc happy
Willy Tarreauadfb8562008-08-11 15:24:42 +02002496 }
2497
2498 if (t->analysis & AN_REQ_HTTP_BODY) {
2499 /* We have to parse the HTTP request body to find any required data.
2500 * "balance url_param check_post" should have been the only way to get
2501 * into this. We were brought here after HTTP header analysis, so all
2502 * related structures are ready.
2503 */
2504 struct http_msg *msg = &t->txn.req;
2505 unsigned long body = msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1;
2506 long long limit = t->be->url_param_post_limit;
2507 struct hdr_ctx ctx;
2508
2509 ctx.idx = 0;
2510
2511 /* now if we have a length, we'll take the hint */
2512 http_find_header2("Transfer-Encoding", 17, msg->sol, &t->txn.hdr_idx, &ctx);
2513 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
2514 unsigned int chunk = 0;
2515 while (body < req->l && !HTTP_IS_CRLF(msg->sol[body])) {
2516 char c = msg->sol[body];
2517 if (ishex(c)) {
2518 unsigned int hex = toupper(c) - '0';
2519 if (hex > 9)
2520 hex -= 'A' - '9' - 1;
2521 chunk = (chunk << 4) | hex;
2522 } else
2523 break;
2524 body++;
2525 }
2526 if (body + 2 >= req->l) /* we want CRLF too */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002527 goto http_body_end; /* end of buffer? data missing! */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002528
2529 if (memcmp(msg->sol+body, "\r\n", 2) != 0)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002530 goto http_body_end; /* chunked encoding len ends with CRLF, and we don't have it yet */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002531
2532 body += 2; // skip CRLF
2533
2534 /* if we support more then one chunk here, we have to do it again when assigning server
2535 * 1. how much entity data do we have? new var
2536 * 2. should save entity_start, entity_cursor, elen & rlen in req; so we don't repeat scanning here
2537 * 3. test if elen > limit, or set new limit to elen if 0 (end of entity found)
2538 */
2539
2540 if (chunk < limit)
2541 limit = chunk; /* only reading one chunk */
2542 } else {
2543 if (msg->hdr_content_len < limit)
2544 limit = msg->hdr_content_len;
2545 }
2546
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002547 http_body_end:
2548 /* we leave once we know we have nothing left to do. This means that we have
2549 * enough bytes, or that we know we'll not get any more (buffer full, read
2550 * buffer closed).
2551 */
2552 if (req->l - body >= limit || /* enough bytes! */
Willy Tarreaue393fe22008-08-16 22:18:07 +02002553 req->flags & (BF_FULL | BF_READ_ERROR | BF_READ_NULL | BF_READ_TIMEOUT)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002554 /* The situation will not evolve, so let's give up on the analysis. */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002555 t->logs.tv_request = now; /* update the request timer to reflect full request */
2556 t->analysis &= ~AN_REQ_HTTP_BODY;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002557 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002558 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002559
Willy Tarreaudafde432008-08-17 01:00:46 +02002560 /* we want to leave with that clean */
2561 if (unlikely(t->analysis & AN_REQ_ANY))
2562 goto update_state;
2563 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002564}
Willy Tarreauadfb8562008-08-11 15:24:42 +02002565
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002566/* This function performs all the processing enabled for the current response.
Willy Tarreaudafde432008-08-17 01:00:46 +02002567 * It normally returns zero, but may return 1 if it absolutely needs to be
2568 * called again after other functions. It relies on buffers flags, and updates
2569 * t->analysis. It might make sense to explode it into several other functions.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002570 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002571int process_response(struct session *t)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002572{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002573 struct http_txn *txn = &t->txn;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002574 struct buffer *req = t->req;
2575 struct buffer *rep = t->rep;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002576
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002577 DPRINTF(stderr,"[%u] process_rep: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x analysis=%02x\n",
Willy Tarreaue46ab552008-08-13 19:19:37 +02002578 now_ms,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002579 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02002580 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_RD) : 0,
2581 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002582 req->rex, rep->wex, req->flags, rep->flags, t->analysis);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002583
Willy Tarreaudafde432008-08-17 01:00:46 +02002584 update_state:
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002585 if (t->analysis & AN_RTR_HTTP_HDR) { /* receiving server headers */
2586 /*
2587 * Now parse the partial (or complete) lines.
2588 * We will check the response syntax, and also join multi-line
2589 * headers. An index of all the lines will be elaborated while
2590 * parsing.
2591 *
2592 * For the parsing, we use a 28 states FSM.
2593 *
2594 * Here is the information we currently have :
Willy Tarreaue393fe22008-08-16 22:18:07 +02002595 * rep->data + rep->som = beginning of response
2596 * rep->data + rep->eoh = end of processed headers / start of current one
2597 * rep->data + rep->eol = end of current header or line (LF or CRLF)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002598 * rep->lr = first non-visited byte
2599 * rep->r = end of data
2600 */
Willy Tarreau7f875f62008-08-11 17:35:01 +02002601
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002602 int cur_idx;
2603 struct http_msg *msg = &txn->rsp;
2604 struct proxy *cur_proxy;
2605
2606 if (likely(rep->lr < rep->r))
2607 http_msg_analyzer(rep, msg, &txn->hdr_idx);
2608
2609 /* 1: we might have to print this header in debug mode */
2610 if (unlikely((global.mode & MODE_DEBUG) &&
2611 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
2612 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
2613 char *eol, *sol;
2614
2615 sol = rep->data + msg->som;
2616 eol = sol + msg->sl.rq.l;
2617 debug_hdr("srvrep", t, sol, eol);
2618
2619 sol += hdr_idx_first_pos(&txn->hdr_idx);
2620 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
2621
2622 while (cur_idx) {
2623 eol = sol + txn->hdr_idx.v[cur_idx].len;
2624 debug_hdr("srvhdr", t, sol, eol);
2625 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2626 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002627 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002628 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002629
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002630 /*
2631 * Now we quickly check if we have found a full valid response.
2632 * If not so, we check the FD and buffer states before leaving.
2633 * A full response is indicated by the fact that we have seen
2634 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
2635 * responses are checked first.
2636 *
2637 * Depending on whether the client is still there or not, we
2638 * may send an error response back or not. Note that normally
2639 * we should only check for HTTP status there, and check I/O
2640 * errors somewhere else.
2641 */
2642
2643 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002644 /* Invalid response */
2645 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
2646 hdr_response_bad:
Willy Tarreauba392ce2008-08-16 21:13:23 +02002647 buffer_shutr(rep);
2648 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002649 fd_delete(t->srv_fd);
2650 if (t->srv) {
2651 t->srv->cur_sess--;
2652 t->srv->failed_resp++;
2653 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002654 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002655 t->be->failed_resp++;
2656 t->srv_state = SV_STCLOSE;
2657 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002658 txn->status = 502;
2659 client_return(t, error_message(t, HTTP_ERR_502));
2660 if (!(t->flags & SN_ERR_MASK))
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002661 t->flags |= SN_ERR_PRXCOND;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002662 if (!(t->flags & SN_FINST_MASK))
2663 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002664
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002665 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2666 process_srv_queue(t->srv);
2667
Willy Tarreaudafde432008-08-17 01:00:46 +02002668 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002669 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002670 /* write error to client, read error or close from server */
2671 if (req->flags & BF_WRITE_ERROR ||
Willy Tarreauba392ce2008-08-16 21:13:23 +02002672 rep->flags & (BF_READ_ERROR | BF_READ_NULL | BF_SHUTW)) {
2673 buffer_shutr(rep);
2674 buffer_shutw(req);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002675 fd_delete(t->srv_fd);
2676 if (t->srv) {
2677 t->srv->cur_sess--;
2678 t->srv->failed_resp++;
2679 sess_change_server(t, NULL);
2680 }
2681 t->be->failed_resp++;
2682 t->srv_state = SV_STCLOSE;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002683 t->analysis &= ~AN_RTR_ANY;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002684 txn->status = 502;
2685 client_return(t, error_message(t, HTTP_ERR_502));
2686 if (!(t->flags & SN_ERR_MASK))
2687 t->flags |= SN_ERR_SRVCL;
2688 if (!(t->flags & SN_FINST_MASK))
2689 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002690
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002691 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2692 process_srv_queue(t->srv);
2693
Willy Tarreaudafde432008-08-17 01:00:46 +02002694 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002695 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002696 /* too large response does not fit in buffer. */
Willy Tarreaue393fe22008-08-16 22:18:07 +02002697 else if (rep->flags & BF_FULL) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002698 goto hdr_response_bad;
Willy Tarreau461f6622008-08-15 23:43:19 +02002699 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002700 /* read timeout : return a 504 to the client. */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002701 else if (rep->flags & BF_READ_TIMEOUT) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02002702 buffer_shutr(rep);
2703 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002704 fd_delete(t->srv_fd);
2705 if (t->srv) {
2706 t->srv->cur_sess--;
2707 t->srv->failed_resp++;
2708 sess_change_server(t, NULL);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002709 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002710 t->be->failed_resp++;
2711 t->srv_state = SV_STCLOSE;
2712 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002713 txn->status = 504;
2714 client_return(t, error_message(t, HTTP_ERR_504));
2715 if (!(t->flags & SN_ERR_MASK))
2716 t->flags |= SN_ERR_SRVTO;
2717 if (!(t->flags & SN_FINST_MASK))
2718 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002719
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002720 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2721 process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02002722 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002723 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002724 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002725 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002726
Willy Tarreau21d2af32008-02-14 20:25:24 +01002727
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002728 /*****************************************************************
2729 * More interesting part now : we know that we have a complete *
2730 * response which at least looks like HTTP. We have an indicator *
2731 * of each header's length, so we can parse them quickly. *
2732 ****************************************************************/
Willy Tarreau21d2af32008-02-14 20:25:24 +01002733
Willy Tarreaua7c52762008-08-16 18:40:18 +02002734 t->analysis &= ~AN_RTR_HTTP_HDR;
2735
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002736 /* ensure we keep this pointer to the beginning of the message */
2737 msg->sol = rep->data + msg->som;
Willy Tarreau21d2af32008-02-14 20:25:24 +01002738
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002739 /*
2740 * 1: get the status code and check for cacheability.
2741 */
Willy Tarreau21d2af32008-02-14 20:25:24 +01002742
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002743 t->logs.logwait &= ~LW_RESP;
2744 txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreau21d2af32008-02-14 20:25:24 +01002745
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002746 switch (txn->status) {
2747 case 200:
2748 case 203:
2749 case 206:
2750 case 300:
2751 case 301:
2752 case 410:
2753 /* RFC2616 @13.4:
2754 * "A response received with a status code of
2755 * 200, 203, 206, 300, 301 or 410 MAY be stored
2756 * by a cache (...) unless a cache-control
2757 * directive prohibits caching."
2758 *
2759 * RFC2616 @9.5: POST method :
2760 * "Responses to this method are not cacheable,
2761 * unless the response includes appropriate
2762 * Cache-Control or Expires header fields."
2763 */
2764 if (likely(txn->meth != HTTP_METH_POST) &&
2765 (t->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
2766 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
2767 break;
2768 default:
2769 break;
2770 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01002771
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002772 /*
2773 * 2: we may need to capture headers
2774 */
2775 if (unlikely((t->logs.logwait & LW_RSPHDR) && t->fe->rsp_cap))
2776 capture_headers(rep->data + msg->som, &txn->hdr_idx,
2777 txn->rsp.cap, t->fe->rsp_cap);
2778
2779 /*
2780 * 3: we will have to evaluate the filters.
2781 * As opposed to version 1.2, now they will be evaluated in the
2782 * filters order and not in the header order. This means that
2783 * each filter has to be validated among all headers.
2784 *
2785 * Filters are tried with ->be first, then with ->fe if it is
2786 * different from ->be.
2787 */
2788
2789 t->flags &= ~SN_CONN_CLOSED; /* prepare for inspection */
2790
2791 cur_proxy = t->be;
2792 while (1) {
2793 struct proxy *rule_set = cur_proxy;
2794
2795 /* try headers filters */
2796 if (rule_set->rsp_exp != NULL) {
2797 if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) {
2798 return_bad_resp:
2799 if (t->srv) {
2800 t->srv->cur_sess--;
2801 t->srv->failed_resp++;
2802 sess_change_server(t, NULL);
2803 }
2804 cur_proxy->failed_resp++;
2805 return_srv_prx_502:
Willy Tarreauba392ce2008-08-16 21:13:23 +02002806 buffer_shutr(rep);
2807 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002808 fd_delete(t->srv_fd);
2809 t->srv_state = SV_STCLOSE;
2810 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002811 txn->status = 502;
2812 client_return(t, error_message(t, HTTP_ERR_502));
2813 if (!(t->flags & SN_ERR_MASK))
2814 t->flags |= SN_ERR_PRXCOND;
2815 if (!(t->flags & SN_FINST_MASK))
2816 t->flags |= SN_FINST_H;
2817 /* We used to have a free connection slot. Since we'll never use it,
2818 * we have to inform the server that it may be used by another session.
2819 */
2820 if (t->srv && may_dequeue_tasks(t->srv, cur_proxy))
2821 process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02002822 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01002823 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002824 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01002825
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002826 /* has the response been denied ? */
2827 if (txn->flags & TX_SVDENY) {
Willy Tarreauf899b942008-03-28 18:09:38 +01002828 if (t->srv) {
2829 t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002830 t->srv->failed_secu++;
Willy Tarreau7c669d72008-06-20 15:04:11 +02002831 sess_change_server(t, NULL);
Willy Tarreauf899b942008-03-28 18:09:38 +01002832 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002833 cur_proxy->denied_resp++;
2834 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01002835 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002836
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002837 /* We might have to check for "Connection:" */
2838 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
2839 !(t->flags & SN_CONN_CLOSED)) {
2840 char *cur_ptr, *cur_end, *cur_next;
2841 int cur_idx, old_idx, delta, val;
2842 struct hdr_idx_elem *cur_hdr;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002843
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002844 cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
2845 old_idx = 0;
Willy Tarreau541b5c22008-01-06 23:34:21 +01002846
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002847 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2848 cur_hdr = &txn->hdr_idx.v[cur_idx];
2849 cur_ptr = cur_next;
2850 cur_end = cur_ptr + cur_hdr->len;
2851 cur_next = cur_end + cur_hdr->cr + 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002852
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002853 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2854 if (val) {
2855 /* 3 possibilities :
2856 * - we have already set Connection: close,
2857 * so we remove this line.
2858 * - we have not yet set Connection: close,
2859 * but this line indicates close. We leave
2860 * it untouched and set the flag.
2861 * - we have not yet set Connection: close,
2862 * and this line indicates non-close. We
2863 * replace it.
2864 */
2865 if (t->flags & SN_CONN_CLOSED) {
2866 delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0);
2867 txn->rsp.eoh += delta;
2868 cur_next += delta;
2869 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2870 txn->hdr_idx.used--;
2871 cur_hdr->len = 0;
2872 } else {
2873 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2874 delta = buffer_replace2(rep, cur_ptr + val, cur_end,
2875 "close", 5);
2876 cur_next += delta;
2877 cur_hdr->len += delta;
2878 txn->rsp.eoh += delta;
2879 }
2880 t->flags |= SN_CONN_CLOSED;
2881 }
2882 }
2883 old_idx = cur_idx;
Willy Tarreau541b5c22008-01-06 23:34:21 +01002884 }
2885 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002886
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002887 /* add response headers from the rule sets in the same order */
2888 for (cur_idx = 0; cur_idx < rule_set->nb_rspadd; cur_idx++) {
2889 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx,
2890 rule_set->rsp_add[cur_idx])) < 0)
2891 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02002892 }
2893
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002894 /* check whether we're already working on the frontend */
2895 if (cur_proxy == t->fe)
2896 break;
2897 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002898 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002899
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002900 /*
2901 * 4: check for server cookie.
2902 */
2903 if (t->be->cookie_name || t->be->appsession_name || t->be->capture_name
2904 || (t->be->options & PR_O_CHK_CACHE))
2905 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002906
Willy Tarreaubaaee002006-06-26 02:48:02 +02002907
Willy Tarreaua15645d2007-03-18 16:22:39 +01002908 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002909 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002910 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002911 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
2912 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01002913
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002914 /*
2915 * 6: add server cookie in the response if needed
2916 */
2917 if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) &&
2918 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) {
2919 int len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002920
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002921 /* the server is known, it's not the one the client requested, we have to
2922 * insert a set-cookie here, except if we want to insert only on POST
2923 * requests and this one isn't. Note that servers which don't have cookies
2924 * (eg: some backup servers) will return a full cookie removal request.
2925 */
2926 len = sprintf(trash, "Set-Cookie: %s=%s; path=/",
2927 t->be->cookie_name,
2928 t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
Willy Tarreaubaaee002006-06-26 02:48:02 +02002929
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002930 if (t->be->cookie_domain)
2931 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002932
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002933 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2934 trash, len)) < 0)
2935 goto return_bad_resp;
2936 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002937
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002938 /* Here, we will tell an eventual cache on the client side that we don't
2939 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
2940 * Some caches understand the correct form: 'no-cache="set-cookie"', but
2941 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
2942 */
2943 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02002944
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002945 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
2946
2947 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2948 "Cache-control: private", 22)) < 0)
2949 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002950 }
2951 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002952
Willy Tarreaubaaee002006-06-26 02:48:02 +02002953
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002954 /*
2955 * 7: check if result will be cacheable with a cookie.
2956 * We'll block the response if security checks have caught
2957 * nasty things such as a cacheable cookie.
2958 */
2959 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
2960 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
2961 (t->be->options & PR_O_CHK_CACHE)) {
2962
2963 /* we're in presence of a cacheable response containing
2964 * a set-cookie header. We'll block it as requested by
2965 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002966 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002967 if (t->srv) {
2968 t->srv->cur_sess--;
2969 t->srv->failed_secu++;
2970 sess_change_server(t, NULL);
2971 }
2972 t->be->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002973
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002974 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
2975 t->be->id, t->srv?t->srv->id:"<dispatch>");
2976 send_log(t->be, LOG_ALERT,
2977 "Blocking cacheable cookie in response from instance %s, server %s.\n",
2978 t->be->id, t->srv?t->srv->id:"<dispatch>");
2979 goto return_srv_prx_502;
2980 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01002981
2982 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002983 * 8: add "Connection: close" if needed and not yet set.
2984 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002985 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002986 if (!(t->flags & SN_CONN_CLOSED) &&
2987 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
2988 if ((unlikely(msg->sl.st.v_l != 8) ||
2989 unlikely(req->data[msg->som + 7] != '0')) &&
2990 unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2991 "Connection: close", 17)) < 0)
2992 goto return_bad_resp;
2993 t->flags |= SN_CONN_CLOSED;
2994 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01002995
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002996 /*************************************************************
2997 * OK, that's finished for the headers. We have done what we *
2998 * could. Let's switch to the DATA state. *
2999 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02003000
Willy Tarreaue393fe22008-08-16 22:18:07 +02003001 buffer_set_rlim(rep, BUFSIZE); /* no more rewrite needed */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003002 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003003
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003004#ifdef CONFIG_HAP_TCPSPLICE
3005 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3006 /* TCP splicing supported by both FE and BE */
3007 tcp_splice_splicefd(t->cli_fd, t->srv_fd, 0);
3008 }
3009#endif
3010 /* if the user wants to log as soon as possible, without counting
3011 * bytes from the server, then this is the right moment. We have
3012 * to temporarily assign bytes_out to log what we currently have.
3013 */
3014 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3015 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
3016 t->logs.bytes_out = txn->rsp.eoh;
3017 if (t->fe->to_log & LW_REQ)
3018 http_sess_log(t);
3019 else
3020 tcp_sess_log(t);
3021 t->logs.bytes_out = 0;
3022 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003023
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003024 /* Note: we must not try to cheat by jumping directly to DATA,
3025 * otherwise we would not let the client side wake up.
3026 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01003027
Willy Tarreaudafde432008-08-17 01:00:46 +02003028 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003029 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003030
3031 /* we want to leave with that clean */
3032 if (unlikely(t->analysis & AN_RTR_ANY))
3033 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003034 return 0;
3035}
Willy Tarreaua15645d2007-03-18 16:22:39 +01003036
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003037/*
Willy Tarreaudafde432008-08-17 01:00:46 +02003038 * Manages the client FSM and its socket. It normally returns zero, but may
3039 * return 1 if it absolutely wants to be called again.
3040 *
3041 * Note: process_cli is the ONLY function allowed to set cli_state to anything
Willy Tarreaua7c52762008-08-16 18:40:18 +02003042 * but CL_STCLOSE.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003043 */
3044int process_cli(struct session *t)
3045{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003046 struct buffer *req = t->req;
3047 struct buffer *rep = t->rep;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003048
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003049 DPRINTF(stderr,"[%u] process_cli: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003050 now_ms,
3051 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02003052 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
3053 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003054 req->rex, rep->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003055 req->flags, rep->flags,
3056 req->l, rep->l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003057
Willy Tarreaudafde432008-08-17 01:00:46 +02003058 update_state:
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003059 /* FIXME: we still have to check for CL_STSHUTR because client_retnclose
3060 * still set this state (and will do until unix sockets are converted).
3061 */
3062 if (t->cli_state == CL_STDATA || t->cli_state == CL_STSHUTR) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003063 /* read or write error */
3064 if (rep->flags & BF_WRITE_ERROR || req->flags & BF_READ_ERROR) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003065 buffer_shutr(req);
3066 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003067 fd_delete(t->cli_fd);
3068 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003069 trace_term(t, TT_HTTP_CLI_1);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003070 if (!(t->flags & SN_ERR_MASK))
3071 t->flags |= SN_ERR_CLICL;
3072 if (!(t->flags & SN_FINST_MASK)) {
3073 if (t->analysis & AN_REQ_ANY)
3074 t->flags |= SN_FINST_R;
3075 else if (t->pend_pos)
3076 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003077 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003078 t->flags |= SN_FINST_C;
3079 else
3080 t->flags |= SN_FINST_D;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003081 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003082 goto update_state;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003083 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003084 /* last read, or end of server write */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003085 else if (!(req->flags & BF_SHUTR) && /* already done */
3086 req->flags & (BF_READ_NULL | BF_SHUTW)) {
3087 buffer_shutr(req);
3088 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003089 EV_FD_CLR(t->cli_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003090 trace_term(t, TT_HTTP_CLI_2);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003091 } else {
3092 /* output was already closed */
3093 fd_delete(t->cli_fd);
3094 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003095 trace_term(t, TT_HTTP_CLI_3);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003096 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003097 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003098 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003099 /* last server read and buffer empty : we only check them when we're
3100 * allowed to forward the data.
3101 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003102 else if (!(rep->flags & BF_SHUTW) && /* already done */
Willy Tarreaue393fe22008-08-16 22:18:07 +02003103 rep->flags & BF_EMPTY && rep->flags & BF_MAY_FORWARD &&
Willy Tarreauba392ce2008-08-16 21:13:23 +02003104 rep->flags & BF_SHUTR && !(t->flags & SN_SELF_GEN)) {
3105 buffer_shutw(rep);
3106 if (!(req->flags & BF_SHUTR)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003107 EV_FD_CLR(t->cli_fd, DIR_WR);
3108 shutdown(t->cli_fd, SHUT_WR);
3109 /* We must ensure that the read part is still alive when switching to shutw */
3110 /* FIXME: is this still true ? */
3111 EV_FD_SET(t->cli_fd, DIR_RD);
3112 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauf8533202008-08-16 14:55:08 +02003113 trace_term(t, TT_HTTP_CLI_4);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003114 } else {
3115 fd_delete(t->cli_fd);
3116 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003117 trace_term(t, TT_HTTP_CLI_5);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003118 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003119 goto update_state;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003120 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003121 /* read timeout */
3122 else if (tick_is_expired(req->rex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003123 buffer_shutr(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003124 req->flags |= BF_READ_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003125 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003126 EV_FD_CLR(t->cli_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003127 trace_term(t, TT_HTTP_CLI_6);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003128 } else {
3129 /* output was already closed */
3130 fd_delete(t->cli_fd);
3131 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003132 trace_term(t, TT_HTTP_CLI_7);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003133 }
3134 if (!(t->flags & SN_ERR_MASK))
3135 t->flags |= SN_ERR_CLITO;
3136 if (!(t->flags & SN_FINST_MASK)) {
3137 if (t->analysis & AN_REQ_ANY)
3138 t->flags |= SN_FINST_R;
3139 else if (t->pend_pos)
3140 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003141 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003142 t->flags |= SN_FINST_C;
3143 else
3144 t->flags |= SN_FINST_D;
3145 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003146 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003147 }
3148 /* write timeout */
3149 else if (tick_is_expired(rep->wex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003150 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003151 rep->flags |= BF_WRITE_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003152 if (!(req->flags & BF_SHUTR)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003153 EV_FD_CLR(t->cli_fd, DIR_WR);
3154 shutdown(t->cli_fd, SHUT_WR);
3155 /* We must ensure that the read part is still alive when switching to shutw */
3156 /* FIXME: is this still true ? */
3157 EV_FD_SET(t->cli_fd, DIR_RD);
3158 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauf8533202008-08-16 14:55:08 +02003159 trace_term(t, TT_HTTP_CLI_8);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003160 } else {
3161 fd_delete(t->cli_fd);
3162 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003163 trace_term(t, TT_HTTP_CLI_9);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003164 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003165
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003166 if (!(t->flags & SN_ERR_MASK))
3167 t->flags |= SN_ERR_CLITO;
3168 if (!(t->flags & SN_FINST_MASK)) {
3169 if (t->analysis & AN_REQ_ANY)
3170 t->flags |= SN_FINST_R;
3171 else if (t->pend_pos)
3172 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003173 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003174 t->flags |= SN_FINST_C;
3175 else
3176 t->flags |= SN_FINST_D;
3177 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003178 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003179 }
3180
3181 /* manage read timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003182 if (!(req->flags & BF_SHUTR)) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02003183 if (req->flags & BF_FULL) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003184 /* no room to read more data */
3185 if (EV_FD_COND_C(t->cli_fd, DIR_RD)) {
3186 /* stop reading until we get some space */
3187 req->rex = TICK_ETERNITY;
3188 }
3189 } else {
3190 EV_FD_COND_S(t->cli_fd, DIR_RD);
3191 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
3192 }
3193 }
3194
3195 /* manage write timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003196 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003197 /* first, we may have to produce data (eg: stats).
3198 * right now, this is limited to the SHUTR state.
3199 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003200 if (req->flags & BF_SHUTR && t->flags & SN_SELF_GEN) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003201 produce_content(t);
Willy Tarreaue393fe22008-08-16 22:18:07 +02003202 if (rep->flags & BF_EMPTY) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003203 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003204 fd_delete(t->cli_fd);
3205 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003206 trace_term(t, TT_HTTP_CLI_10);
Willy Tarreaudafde432008-08-17 01:00:46 +02003207 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003208 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003209 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003210
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003211 /* we don't enable client write if the buffer is empty, nor if the server has to analyze it */
Willy Tarreaue393fe22008-08-16 22:18:07 +02003212 if ((rep->flags & BF_EMPTY) || !(rep->flags & BF_MAY_FORWARD)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003213 if (EV_FD_COND_C(t->cli_fd, DIR_WR)) {
3214 /* stop writing */
3215 rep->wex = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003216 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003217 } else {
3218 /* buffer not empty */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003219 EV_FD_COND_S(t->cli_fd, DIR_WR);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003220 if (!tick_isset(rep->wex)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003221 /* restart writing */
3222 rep->wex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauba392ce2008-08-16 21:13:23 +02003223 if (!(req->flags & BF_SHUTR) && tick_isset(rep->wex) && tick_isset(req->rex)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003224 /* FIXME: to prevent the client from expiring read timeouts during writes,
3225 * we refresh it, except if it was already infinite. */
3226 req->rex = rep->wex;
3227 }
3228 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003229 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003230 }
3231 return 0; /* other cases change nothing */
3232 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003233 else if (t->cli_state == CL_STCLOSE) { /* CL_STCLOSE: nothing to do */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003234 if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3235 int len;
3236 len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n", t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
3237 write(1, trash, len);
3238 }
3239 return 0;
3240 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003241#ifdef DEBUG_DEV
3242 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->cli_state);
3243 ABORT_NOW();
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003244#endif
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003245 return 0;
3246}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003247
Willy Tarreaubaaee002006-06-26 02:48:02 +02003248
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003249/*
Willy Tarreaudafde432008-08-17 01:00:46 +02003250 * Manages the server FSM and its socket. It normally returns zero, but may
3251 * return 1 if it absolutely wants to be called again.
3252 *
Willy Tarreaua7c52762008-08-16 18:40:18 +02003253 * Note: process_srv is the ONLY function allowed to set srv_state to anything
3254 * but SV_STCLOSE. The only exception is for functions called from this
3255 * one (eg: those in backend.c).
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003256 */
3257int process_srv(struct session *t)
3258{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003259 struct http_txn *txn = &t->txn;
3260 struct buffer *req = t->req;
3261 struct buffer *rep = t->rep;
3262 int conn_err;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003263
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003264 DPRINTF(stderr,"[%u] process_srv: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003265 now_ms,
3266 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02003267 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_RD) : 0,
3268 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003269 rep->rex, req->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003270 req->flags, rep->flags,
3271 req->l, rep->l);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003272
Willy Tarreaudafde432008-08-17 01:00:46 +02003273 update_state:
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003274 if (t->srv_state == SV_STIDLE) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003275 if ((rep->flags & BF_SHUTW) ||
3276 ((req->flags & BF_SHUTR) &&
Willy Tarreaue393fe22008-08-16 22:18:07 +02003277 (req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003278 req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003279 if (t->pend_pos)
3280 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3281 /* note that this must not return any error because it would be able to
3282 * overwrite the client_retnclose() output.
3283 */
3284 if (txn->flags & TX_CLTARPIT)
3285 srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_T, 0, NULL);
3286 else
3287 srv_close_with_err(t, SN_ERR_CLICL, t->pend_pos ? SN_FINST_Q : SN_FINST_C, 0, NULL);
3288
Willy Tarreauf8533202008-08-16 14:55:08 +02003289 trace_term(t, TT_HTTP_SRV_1);
Willy Tarreaudafde432008-08-17 01:00:46 +02003290 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003291 }
Willy Tarreaud9f48362008-08-16 16:39:26 +02003292 else if (req->flags & BF_MAY_FORWARD) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003293 /* the client allows the server to connect */
3294 if (txn->flags & TX_CLTARPIT) {
3295 /* This connection is being tarpitted. The CLIENT side has
3296 * already set the connect expiration date to the right
3297 * timeout. We just have to check that it has not expired.
3298 */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003299 if (!tick_is_expired(req->wex, now_ms))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003300 return 0;
3301
3302 /* We will set the queue timer to the time spent, just for
3303 * logging purposes. We fake a 500 server error, so that the
3304 * attacker will not suspect his connection has been tarpitted.
3305 * It will not cause trouble to the logs because we can exclude
3306 * the tarpitted connections by filtering on the 'PT' status flags.
3307 */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003308 req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003309 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3310 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_T,
3311 500, error_message(t, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02003312 trace_term(t, TT_HTTP_SRV_2);
Willy Tarreaudafde432008-08-17 01:00:46 +02003313 goto update_state;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003314 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003315
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003316 /* Right now, we will need to create a connection to the server.
3317 * We might already have tried, and got a connection pending, in
3318 * which case we will not do anything till it's pending. It's up
3319 * to any other session to release it and wake us up again.
3320 */
3321 if (t->pend_pos) {
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003322 if (!tick_is_expired(req->wex, now_ms)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003323 return 0;
3324 } else {
3325 /* we've been waiting too long here */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003326 req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003327 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3328 srv_close_with_err(t, SN_ERR_SRVTO, SN_FINST_Q,
3329 503, error_message(t, HTTP_ERR_503));
Willy Tarreauf8533202008-08-16 14:55:08 +02003330 trace_term(t, TT_HTTP_SRV_3);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003331 if (t->srv)
3332 t->srv->failed_conns++;
3333 t->be->failed_conns++;
Willy Tarreaudafde432008-08-17 01:00:46 +02003334 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003335 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003336 }
3337
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003338 do {
3339 /* first, get a connection */
3340 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
3341 t->flags |= SN_REDIRECTABLE;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003342
Willy Tarreaudafde432008-08-17 01:00:46 +02003343 if (srv_redispatch_connect(t)) {
3344 if (t->srv_state == SV_STIDLE)
3345 return 0;
3346 goto update_state;
3347 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003348
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003349 if ((t->flags & SN_REDIRECTABLE) && t->srv && t->srv->rdr_len) {
3350 /* Server supporting redirection and it is possible.
3351 * Invalid requests are reported as such. It concerns all
3352 * the largest ones.
3353 */
3354 struct chunk rdr;
3355 char *path;
3356 int len;
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003357
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003358 /* 1: create the response header */
3359 rdr.len = strlen(HTTP_302);
3360 rdr.str = trash;
3361 memcpy(rdr.str, HTTP_302, rdr.len);
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003362
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003363 /* 2: add the server's prefix */
3364 if (rdr.len + t->srv->rdr_len > sizeof(trash))
3365 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003366
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003367 memcpy(rdr.str + rdr.len, t->srv->rdr_pfx, t->srv->rdr_len);
3368 rdr.len += t->srv->rdr_len;
3369
3370 /* 3: add the request URI */
3371 path = http_get_path(txn);
3372 if (!path)
3373 goto cancel_redir;
3374 len = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
3375 if (rdr.len + len > sizeof(trash) - 4) /* 4 for CRLF-CRLF */
3376 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003377
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003378 memcpy(rdr.str + rdr.len, path, len);
3379 rdr.len += len;
3380 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
3381 rdr.len += 4;
Krzysztof Piotr Oledzkiefe3b6f2008-05-23 23:49:32 +02003382
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003383 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
Willy Tarreauf8533202008-08-16 14:55:08 +02003384 trace_term(t, TT_HTTP_SRV_3);
3385
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003386 /* FIXME: we should increase a counter of redirects per server and per backend. */
3387 if (t->srv)
3388 t->srv->cum_sess++;
Willy Tarreaudafde432008-08-17 01:00:46 +02003389 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003390 cancel_redir:
3391 txn->status = 400;
3392 t->fe->failed_req++;
3393 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C,
3394 400, error_message(t, HTTP_ERR_400));
Willy Tarreauf8533202008-08-16 14:55:08 +02003395 trace_term(t, TT_HTTP_SRV_4);
Willy Tarreaudafde432008-08-17 01:00:46 +02003396 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003397 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003398
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003399 /* try to (re-)connect to the server, and fail if we expire the
3400 * number of retries.
3401 */
3402 if (srv_retryable_connect(t)) {
3403 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaudafde432008-08-17 01:00:46 +02003404 if (t->srv_state == SV_STIDLE)
3405 return 0;
3406 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003407 }
3408 } while (1);
Willy Tarreaudafde432008-08-17 01:00:46 +02003409 } /* end if may_forward */
3410 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003411 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003412 else if (t->srv_state == SV_STCONN) { /* connection in progress */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003413 if ((rep->flags & BF_SHUTW) ||
3414 ((req->flags & BF_SHUTR) &&
Willy Tarreaue393fe22008-08-16 22:18:07 +02003415 ((req->flags & BF_EMPTY && !(req->flags & BF_WRITE_STATUS)) ||
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003416 t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003417 req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003418 if (!(t->flags & SN_CONN_TAR)) {
3419 /* if we are in turn-around, we have already closed the FD */
3420 fd_delete(t->srv_fd);
3421 if (t->srv) {
3422 t->srv->cur_sess--;
3423 sess_change_server(t, NULL);
3424 }
3425 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003426
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003427 /* note that this must not return any error because it would be able to
3428 * overwrite the client_retnclose() output.
3429 */
3430 srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_C, 0, NULL);
Willy Tarreauf8533202008-08-16 14:55:08 +02003431 trace_term(t, TT_HTTP_SRV_5);
Willy Tarreaudafde432008-08-17 01:00:46 +02003432 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003433 }
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003434 if (!(req->flags & BF_WRITE_STATUS) && !tick_is_expired(req->wex, now_ms)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003435 return 0; /* nothing changed */
3436 }
3437 else if (!(req->flags & BF_WRITE_STATUS) || (req->flags & BF_WRITE_ERROR)) {
3438 /* timeout, asynchronous connect error or first write error */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003439 if (t->flags & SN_CONN_TAR) {
3440 /* We are doing a turn-around waiting for a new connection attempt. */
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003441 if (!tick_is_expired(req->wex, now_ms))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003442 return 0;
3443 t->flags &= ~SN_CONN_TAR;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003444 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003445 else {
3446 fd_delete(t->srv_fd);
3447 if (t->srv) {
3448 t->srv->cur_sess--;
3449 sess_change_server(t, NULL);
3450 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003451
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003452 if (!(req->flags & BF_WRITE_STATUS))
3453 conn_err = SN_ERR_SRVTO; // it was a connect timeout.
3454 else
3455 conn_err = SN_ERR_SRVCL; // it was an asynchronous connect error.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003456
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003457 /* ensure that we have enough retries left */
Willy Tarreaudafde432008-08-17 01:00:46 +02003458 if (srv_count_retry_down(t, conn_err)) {
3459 goto update_state;
3460 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003461
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003462 if (req->flags & BF_WRITE_ERROR) {
3463 /* we encountered an immediate connection error, and we
3464 * will have to retry connecting to the same server, most
3465 * likely leading to the same result. To avoid this, we
3466 * fake a connection timeout to retry after a turn-around
3467 * time of 1 second. We will wait in the previous if block.
3468 */
3469 t->flags |= SN_CONN_TAR;
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003470 req->wex = tick_add(now_ms, MS_TO_TICKS(1000));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003471 return 0;
3472 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003473 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003474
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003475 if (t->srv && t->conn_retries == 0 && t->be->options & PR_O_REDISP) {
3476 /* We're on our last chance, and the REDISP option was specified.
3477 * We will ignore cookie and force to balance or use the dispatcher.
3478 */
3479 /* let's try to offer this slot to anybody */
3480 if (may_dequeue_tasks(t->srv, t->be))
3481 process_srv_queue(t->srv);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003482
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003483 /* it's left to the dispatcher to choose a server */
3484 t->flags &= ~(SN_DIRECT | SN_ASSIGNED | SN_ADDR_SET);
3485 t->prev_srv = t->srv;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003486
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003487 /* first, get a connection */
Willy Tarreaudafde432008-08-17 01:00:46 +02003488 if (srv_redispatch_connect(t)) {
3489 if (t->srv_state == SV_STCONN)
3490 return 0;
3491 goto update_state;
3492 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003493 } else {
3494 if (t->srv)
3495 t->srv->retries++;
3496 t->be->retries++;
3497 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003498
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003499 do {
3500 /* Now we will try to either reconnect to the same server or
3501 * connect to another server. If the connection gets queued
3502 * because all servers are saturated, then we will go back to
3503 * the SV_STIDLE state.
3504 */
3505 if (srv_retryable_connect(t)) {
3506 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaudafde432008-08-17 01:00:46 +02003507 if (t->srv_state == SV_STCONN)
3508 return 0;
3509 goto update_state;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003510 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003511
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003512 /* we need to redispatch the connection to another server */
Willy Tarreaudafde432008-08-17 01:00:46 +02003513 if (srv_redispatch_connect(t)) {
3514 if (t->srv_state == SV_STCONN)
3515 return 0;
3516 goto update_state;
3517 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003518 } while (1);
3519 }
3520 else { /* no error or write 0 */
3521 t->logs.t_connect = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003522
Willy Tarreaue393fe22008-08-16 22:18:07 +02003523 if (req->flags & BF_EMPTY) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003524 EV_FD_CLR(t->srv_fd, DIR_WR);
3525 req->wex = TICK_ETERNITY;
Willy Tarreaue393fe22008-08-16 22:18:07 +02003526 } else {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003527 EV_FD_SET(t->srv_fd, DIR_WR);
3528 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
3529 if (tick_isset(req->wex)) {
3530 /* FIXME: to prevent the server from expiring read timeouts during writes,
3531 * we refresh it. */
3532 rep->rex = req->wex;
3533 }
3534 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003535
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003536 if (t->be->mode == PR_MODE_TCP) { /* let's allow immediate data connection in this case */
3537 EV_FD_SET(t->srv_fd, DIR_RD);
3538 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreaue393fe22008-08-16 22:18:07 +02003539 buffer_set_rlim(rep, BUFSIZE); /* no rewrite needed */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003540
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003541 /* if the user wants to log as soon as possible, without counting
3542 bytes from the server, then this is the right moment. */
3543 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3544 t->logs.t_close = t->logs.t_connect; /* to get a valid end date */
3545 tcp_sess_log(t);
3546 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003547#ifdef CONFIG_HAP_TCPSPLICE
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003548 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3549 /* TCP splicing supported by both FE and BE */
3550 tcp_splice_splicefd(t->cli_fd, t->srv_fd, 0);
3551 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003552#endif
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003553 }
3554 else {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003555 t->analysis |= AN_RTR_HTTP_HDR;
Willy Tarreaue393fe22008-08-16 22:18:07 +02003556 buffer_set_rlim(rep, BUFSIZE - MAXREWRITE); /* rewrite needed */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003557 t->txn.rsp.msg_state = HTTP_MSG_RPBEFORE;
3558 /* reset hdr_idx which was already initialized by the request.
3559 * right now, the http parser does it.
3560 * hdr_idx_init(&t->txn.hdr_idx);
3561 */
3562 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003563
3564 t->srv_state = SV_STDATA;
3565 if (!(t->analysis & AN_RTR_ANY))
3566 t->rep->flags |= BF_MAY_FORWARD;
Willy Tarreau26ed74d2008-08-17 12:11:14 +02003567 req->wex = TICK_ETERNITY;
Willy Tarreaudafde432008-08-17 01:00:46 +02003568 goto update_state;
3569 } /* else no error or write 0 */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003570 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003571 else if (t->srv_state == SV_STDATA) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02003572 /* read or write error */
Willy Tarreau461f6622008-08-15 23:43:19 +02003573 /* FIXME: what happens when we have to deal with HTTP ??? */
Willy Tarreau0f9f5052006-07-29 17:39:25 +02003574 if (req->flags & BF_WRITE_ERROR || rep->flags & BF_READ_ERROR) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003575 buffer_shutr(rep);
3576 buffer_shutw(req);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003577 fd_delete(t->srv_fd);
3578 if (t->srv) {
3579 t->srv->cur_sess--;
3580 t->srv->failed_resp++;
Willy Tarreau7c669d72008-06-20 15:04:11 +02003581 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003582 }
Willy Tarreau73de9892006-11-30 11:40:23 +01003583 t->be->failed_resp++;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003584 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003585 trace_term(t, TT_HTTP_SRV_6);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003586 if (!(t->flags & SN_ERR_MASK))
3587 t->flags |= SN_ERR_SRVCL;
3588 if (!(t->flags & SN_FINST_MASK))
3589 t->flags |= SN_FINST_D;
Willy Tarreau461f6622008-08-15 23:43:19 +02003590
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003591 if (may_dequeue_tasks(t->srv, t->be))
Willy Tarreau7c669d72008-06-20 15:04:11 +02003592 process_srv_queue(t->srv);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003593
Willy Tarreaudafde432008-08-17 01:00:46 +02003594 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003595 }
3596 /* last read, or end of client write */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003597 else if (!(rep->flags & BF_SHUTR) && /* not already done */
3598 rep->flags & (BF_READ_NULL | BF_SHUTW)) {
3599 buffer_shutr(rep);
3600 if (!(req->flags & BF_SHUTW)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003601 EV_FD_CLR(t->srv_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003602 trace_term(t, TT_HTTP_SRV_7);
Willy Tarreau461f6622008-08-15 23:43:19 +02003603 } else {
3604 /* output was already closed */
3605 fd_delete(t->srv_fd);
3606 if (t->srv) {
3607 t->srv->cur_sess--;
3608 sess_change_server(t, NULL);
3609 }
3610 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003611 trace_term(t, TT_HTTP_SRV_8);
Willy Tarreau461f6622008-08-15 23:43:19 +02003612
3613 if (may_dequeue_tasks(t->srv, t->be))
3614 process_srv_queue(t->srv);
3615 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003616 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003617 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003618 /* end of client read and no more data to send. We can forward
3619 * the close when we're allowed to forward data (anytime right
3620 * now). If we're using option forceclose, then we may also
3621 * shutdown the outgoing write channel once the response starts
3622 * coming from the server.
3623 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003624 else if (!(req->flags & BF_SHUTW) && /* not already done */
Willy Tarreaue393fe22008-08-16 22:18:07 +02003625 req->flags & BF_EMPTY && req->flags & BF_MAY_FORWARD &&
Willy Tarreauba392ce2008-08-16 21:13:23 +02003626 (req->flags & BF_SHUTR ||
Willy Tarreau461f6622008-08-15 23:43:19 +02003627 (t->be->options & PR_O_FORCE_CLO && rep->flags & BF_READ_STATUS))) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003628 buffer_shutw(req);
3629 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003630 EV_FD_CLR(t->srv_fd, DIR_WR);
3631 shutdown(t->srv_fd, SHUT_WR);
Willy Tarreauf8533202008-08-16 14:55:08 +02003632 trace_term(t, TT_HTTP_SRV_9);
Willy Tarreau461f6622008-08-15 23:43:19 +02003633 /* We must ensure that the read part is still alive when switching to shutw */
3634 /* FIXME: is this still true ? */
3635 EV_FD_SET(t->srv_fd, DIR_RD);
3636 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau461f6622008-08-15 23:43:19 +02003637 } else {
3638 fd_delete(t->srv_fd);
3639 if (t->srv) {
3640 t->srv->cur_sess--;
3641 sess_change_server(t, NULL);
3642 }
3643 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003644 trace_term(t, TT_HTTP_SRV_10);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003645
Willy Tarreau461f6622008-08-15 23:43:19 +02003646 if (may_dequeue_tasks(t->srv, t->be))
3647 process_srv_queue(t->srv);
3648 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003649 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003650 }
3651 /* read timeout */
Willy Tarreau0c303ee2008-07-07 00:09:58 +02003652 else if (tick_is_expired(rep->rex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003653 buffer_shutr(rep);
Willy Tarreau461f6622008-08-15 23:43:19 +02003654 rep->flags |= BF_READ_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003655 if (!(req->flags & BF_SHUTW)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003656 EV_FD_CLR(t->srv_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003657 trace_term(t, TT_HTTP_SRV_11);
Willy Tarreau461f6622008-08-15 23:43:19 +02003658 } else {
3659 fd_delete(t->srv_fd);
3660 if (t->srv) {
3661 t->srv->cur_sess--;
3662 sess_change_server(t, NULL);
3663 }
3664 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003665 trace_term(t, TT_HTTP_SRV_12);
Willy Tarreau461f6622008-08-15 23:43:19 +02003666
3667 if (may_dequeue_tasks(t->srv, t->be))
3668 process_srv_queue(t->srv);
3669 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003670 if (!(t->flags & SN_ERR_MASK))
3671 t->flags |= SN_ERR_SRVTO;
3672 if (!(t->flags & SN_FINST_MASK))
3673 t->flags |= SN_FINST_D;
Willy Tarreaudafde432008-08-17 01:00:46 +02003674
3675 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003676 }
3677 /* write timeout */
Willy Tarreau0c303ee2008-07-07 00:09:58 +02003678 else if (tick_is_expired(req->wex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003679 buffer_shutw(req);
Willy Tarreau461f6622008-08-15 23:43:19 +02003680 req->flags |= BF_WRITE_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003681 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003682 EV_FD_CLR(t->srv_fd, DIR_WR);
3683 shutdown(t->srv_fd, SHUT_WR);
Willy Tarreauf8533202008-08-16 14:55:08 +02003684 trace_term(t, TT_HTTP_SRV_13);
Willy Tarreau461f6622008-08-15 23:43:19 +02003685 /* We must ensure that the read part is still alive when switching to shutw */
3686 /* FIXME: is this still needed ? */
3687 EV_FD_SET(t->srv_fd, DIR_RD);
3688 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau461f6622008-08-15 23:43:19 +02003689 } else {
3690 fd_delete(t->srv_fd);
3691 if (t->srv) {
3692 t->srv->cur_sess--;
3693 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003694 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003695 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003696 trace_term(t, TT_HTTP_SRV_14);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003697
Willy Tarreau461f6622008-08-15 23:43:19 +02003698 if (may_dequeue_tasks(t->srv, t->be))
3699 process_srv_queue(t->srv);
Willy Tarreau51406232008-03-10 22:04:20 +01003700 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003701 if (!(t->flags & SN_ERR_MASK))
3702 t->flags |= SN_ERR_SRVTO;
3703 if (!(t->flags & SN_FINST_MASK))
3704 t->flags |= SN_FINST_D;
Willy Tarreaudafde432008-08-17 01:00:46 +02003705
3706 goto update_state;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003707 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003708
Willy Tarreau461f6622008-08-15 23:43:19 +02003709 /* manage read timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003710 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02003711 if (rep->flags & BF_FULL) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003712 if (EV_FD_COND_C(t->srv_fd, DIR_RD))
3713 rep->rex = TICK_ETERNITY;
3714 } else {
3715 EV_FD_COND_S(t->srv_fd, DIR_RD);
3716 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau51406232008-03-10 22:04:20 +01003717 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003718 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003719
Willy Tarreau461f6622008-08-15 23:43:19 +02003720 /* manage write timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003721 if (!(req->flags & BF_SHUTW)) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02003722 if (req->flags & BF_EMPTY || !(req->flags & BF_MAY_FORWARD)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003723 /* stop writing */
3724 if (EV_FD_COND_C(t->srv_fd, DIR_WR))
3725 req->wex = TICK_ETERNITY;
3726 } else {
3727 /* buffer not empty, there are still data to be transferred */
3728 EV_FD_COND_S(t->srv_fd, DIR_WR);
3729 if (!tick_isset(req->wex)) {
3730 /* restart writing */
3731 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreauba392ce2008-08-16 21:13:23 +02003732 if (!(rep->flags & BF_SHUTR) && tick_isset(req->wex) && tick_isset(rep->rex)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003733 /* FIXME: to prevent the server from expiring read timeouts during writes,
3734 * we refresh it, except if it was already infinite.
3735 */
3736 rep->rex = req->wex;
3737 }
3738 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003739 }
3740 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003741 return 0; /* other cases change nothing */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003742 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003743 else if (t->srv_state == SV_STCLOSE) { /* SV_STCLOSE : nothing to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003744 if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3745 int len;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003746 len = sprintf(trash, "%08x:%s.srvcls[%04x:%04x]\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003747 t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003748 write(1, trash, len);
3749 }
3750 return 0;
3751 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003752#ifdef DEBUG_DEV
3753 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->srv_state);
3754 ABORT_NOW();
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003755#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +02003756 return 0;
3757}
3758
3759
3760/*
3761 * Produces data for the session <s> depending on its source. Expects to be
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003762 * called with client socket shut down on input. Right now, only statistics can
3763 * be produced. It stops by itself by unsetting the SN_SELF_GEN flag from the
Willy Tarreaubaaee002006-06-26 02:48:02 +02003764 * session, which it uses to keep on being called when there is free space in
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003765 * the buffer, or simply by letting an empty buffer upon return. It returns 1
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003766 * when it wants to stop sending data, otherwise 0.
Willy Tarreaubaaee002006-06-26 02:48:02 +02003767 */
3768int produce_content(struct session *s)
3769{
Willy Tarreaubaaee002006-06-26 02:48:02 +02003770 if (s->data_source == DATA_SRC_NONE) {
3771 s->flags &= ~SN_SELF_GEN;
3772 return 1;
3773 }
3774 else if (s->data_source == DATA_SRC_STATS) {
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003775 /* dump server statistics */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01003776 int ret = stats_dump_http(s, s->be->uri_auth);
Willy Tarreau91861262007-10-17 17:06:05 +02003777 if (ret >= 0)
3778 return ret;
3779 /* -1 indicates an error */
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003780 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003781
Willy Tarreau91861262007-10-17 17:06:05 +02003782 /* unknown data source or internal error */
3783 s->txn.status = 500;
3784 client_retnclose(s, error_message(s, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02003785 trace_term(s, TT_HTTP_CNT_1);
Willy Tarreau91861262007-10-17 17:06:05 +02003786 if (!(s->flags & SN_ERR_MASK))
3787 s->flags |= SN_ERR_PRXCOND;
3788 if (!(s->flags & SN_FINST_MASK))
3789 s->flags |= SN_FINST_R;
3790 s->flags &= ~SN_SELF_GEN;
3791 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003792}
3793
3794
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003795/* Iterate the same filter through all request headers.
3796 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003797 * Since it can manage the switch to another backend, it updates the per-proxy
3798 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003799 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003800int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01003801{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003802 char term;
3803 char *cur_ptr, *cur_end, *cur_next;
3804 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003805 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003806 struct hdr_idx_elem *cur_hdr;
3807 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01003808
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003809 last_hdr = 0;
3810
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003811 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003812 old_idx = 0;
3813
3814 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01003815 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003816 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01003817 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003818 (exp->action == ACT_ALLOW ||
3819 exp->action == ACT_DENY ||
3820 exp->action == ACT_TARPIT))
3821 return 0;
3822
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003823 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003824 if (!cur_idx)
3825 break;
3826
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003827 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003828 cur_ptr = cur_next;
3829 cur_end = cur_ptr + cur_hdr->len;
3830 cur_next = cur_end + cur_hdr->cr + 1;
3831
3832 /* Now we have one header between cur_ptr and cur_end,
3833 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003834 */
3835
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003836 /* The annoying part is that pattern matching needs
3837 * that we modify the contents to null-terminate all
3838 * strings before testing them.
3839 */
3840
3841 term = *cur_end;
3842 *cur_end = '\0';
3843
3844 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
3845 switch (exp->action) {
3846 case ACT_SETBE:
3847 /* It is not possible to jump a second time.
3848 * FIXME: should we return an HTTP/500 here so that
3849 * the admin knows there's a problem ?
3850 */
3851 if (t->be != t->fe)
3852 break;
3853
3854 /* Swithing Proxy */
3855 t->be = (struct proxy *) exp->replace;
3856
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003857 /* right now, the backend switch is not overly complicated
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003858 * because we have associated req_cap and rsp_cap to the
3859 * frontend, and the beconn will be updated later.
3860 */
3861
Willy Tarreaud7c30f92007-12-03 01:38:36 +01003862 t->rep->rto = t->req->wto = t->be->timeout.server;
3863 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003864 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003865 last_hdr = 1;
3866 break;
3867
3868 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01003869 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003870 last_hdr = 1;
3871 break;
3872
3873 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01003874 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003875 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003876 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003877 break;
3878
3879 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01003880 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003881 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003882 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003883 break;
3884
3885 case ACT_REPLACE:
3886 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
3887 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
3888 /* FIXME: if the user adds a newline in the replacement, the
3889 * index will not be recalculated for now, and the new line
3890 * will not be counted as a new header.
3891 */
3892
3893 cur_end += delta;
3894 cur_next += delta;
3895 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003896 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003897 break;
3898
3899 case ACT_REMOVE:
3900 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
3901 cur_next += delta;
3902
3903 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003904 txn->req.eoh += delta;
3905 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
3906 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003907 cur_hdr->len = 0;
3908 cur_end = NULL; /* null-term has been rewritten */
3909 break;
3910
3911 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003912 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003913 if (cur_end)
3914 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01003915
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003916 /* keep the link from this header to next one in case of later
3917 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003918 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003919 old_idx = cur_idx;
3920 }
3921 return 0;
3922}
3923
3924
3925/* Apply the filter to the request line.
3926 * Returns 0 if nothing has been done, 1 if the filter has been applied,
3927 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003928 * Since it can manage the switch to another backend, it updates the per-proxy
3929 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003930 */
3931int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
3932{
3933 char term;
3934 char *cur_ptr, *cur_end;
3935 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003936 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003937 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003938
Willy Tarreau58f10d72006-12-04 02:26:12 +01003939
Willy Tarreau3d300592007-03-18 18:34:41 +01003940 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003941 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01003942 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003943 (exp->action == ACT_ALLOW ||
3944 exp->action == ACT_DENY ||
3945 exp->action == ACT_TARPIT))
3946 return 0;
3947 else if (exp->action == ACT_REMOVE)
3948 return 0;
3949
3950 done = 0;
3951
Willy Tarreau9cdde232007-05-02 20:58:19 +02003952 cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003953 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003954
3955 /* Now we have the request line between cur_ptr and cur_end */
3956
3957 /* The annoying part is that pattern matching needs
3958 * that we modify the contents to null-terminate all
3959 * strings before testing them.
3960 */
3961
3962 term = *cur_end;
3963 *cur_end = '\0';
3964
3965 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
3966 switch (exp->action) {
3967 case ACT_SETBE:
3968 /* It is not possible to jump a second time.
3969 * FIXME: should we return an HTTP/500 here so that
3970 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01003971 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003972 if (t->be != t->fe)
3973 break;
3974
3975 /* Swithing Proxy */
3976 t->be = (struct proxy *) exp->replace;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003977
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003978 /* right now, the backend switch is not too much complicated
3979 * because we have associated req_cap and rsp_cap to the
3980 * frontend, and the beconn will be updated later.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003981 */
3982
Willy Tarreaud7c30f92007-12-03 01:38:36 +01003983 t->rep->rto = t->req->wto = t->be->timeout.server;
3984 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003985 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003986 done = 1;
3987 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003988
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003989 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01003990 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003991 done = 1;
3992 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01003993
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003994 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01003995 txn->flags |= TX_CLDENY;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003996 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003997 done = 1;
3998 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01003999
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004000 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004001 txn->flags |= TX_CLTARPIT;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004002 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004003 done = 1;
4004 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004005
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004006 case ACT_REPLACE:
4007 *cur_end = term; /* restore the string terminator */
4008 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4009 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4010 /* FIXME: if the user adds a newline in the replacement, the
4011 * index will not be recalculated for now, and the new line
4012 * will not be counted as a new header.
4013 */
Willy Tarreaua496b602006-12-17 23:15:24 +01004014
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004015 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004016 cur_end += delta;
Willy Tarreaua496b602006-12-17 23:15:24 +01004017
Willy Tarreau9cdde232007-05-02 20:58:19 +02004018 txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004019 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004020 HTTP_MSG_RQMETH,
4021 cur_ptr, cur_end + 1,
4022 NULL, NULL);
4023 if (unlikely(!cur_end))
4024 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01004025
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004026 /* we have a full request and we know that we have either a CR
4027 * or an LF at <ptr>.
4028 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004029 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
4030 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004031 /* there is no point trying this regex on headers */
4032 return 1;
4033 }
4034 }
4035 *cur_end = term; /* restore the string terminator */
4036 return done;
4037}
Willy Tarreau97de6242006-12-27 17:18:38 +01004038
Willy Tarreau58f10d72006-12-04 02:26:12 +01004039
Willy Tarreau58f10d72006-12-04 02:26:12 +01004040
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004041/*
4042 * Apply all the req filters <exp> to all headers in buffer <req> of session <t>.
4043 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01004044 * unparsable request. Since it can manage the switch to another backend, it
4045 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004046 */
4047int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
4048{
Willy Tarreau3d300592007-03-18 18:34:41 +01004049 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004050 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004051 while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004052 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004053
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004054 /*
4055 * The interleaving of transformations and verdicts
4056 * makes it difficult to decide to continue or stop
4057 * the evaluation.
4058 */
4059
Willy Tarreau3d300592007-03-18 18:34:41 +01004060 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004061 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4062 exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
4063 exp = exp->next;
4064 continue;
4065 }
4066
4067 /* Apply the filter to the request line. */
4068 ret = apply_filter_to_req_line(t, req, exp);
4069 if (unlikely(ret < 0))
4070 return -1;
4071
4072 if (likely(ret == 0)) {
4073 /* The filter did not match the request, it can be
4074 * iterated through all headers.
4075 */
4076 apply_filter_to_req_headers(t, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004077 }
4078 exp = exp->next;
4079 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004080 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004081}
4082
4083
Willy Tarreaua15645d2007-03-18 16:22:39 +01004084
Willy Tarreau58f10d72006-12-04 02:26:12 +01004085/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004086 * Manage client-side cookie. It can impact performance by about 2% so it is
4087 * desirable to call it only when needed.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004088 */
4089void manage_client_side_cookies(struct session *t, struct buffer *req)
4090{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004091 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004092 char *p1, *p2, *p3, *p4;
4093 char *del_colon, *del_cookie, *colon;
4094 int app_cookies;
4095
4096 appsess *asession_temp = NULL;
4097 appsess local_asession;
4098
4099 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004100 int cur_idx, old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004101
Willy Tarreau2a324282006-12-05 00:05:46 +01004102 /* Iterate through the headers.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004103 * we start with the start line.
4104 */
Willy Tarreau83969f42007-01-22 08:55:47 +01004105 old_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004106 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004107
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004108 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004109 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004110 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004111
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004112 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau58f10d72006-12-04 02:26:12 +01004113 cur_ptr = cur_next;
4114 cur_end = cur_ptr + cur_hdr->len;
4115 cur_next = cur_end + cur_hdr->cr + 1;
4116
4117 /* We have one full header between cur_ptr and cur_end, and the
4118 * next header starts at cur_next. We're only interested in
4119 * "Cookie:" headers.
4120 */
4121
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004122 val = http_header_match2(cur_ptr, cur_end, "Cookie", 6);
4123 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004124 old_idx = cur_idx;
4125 continue;
4126 }
4127
4128 /* Now look for cookies. Conforming to RFC2109, we have to support
4129 * attributes whose name begin with a '$', and associate them with
4130 * the right cookie, if we want to delete this cookie.
4131 * So there are 3 cases for each cookie read :
4132 * 1) it's a special attribute, beginning with a '$' : ignore it.
4133 * 2) it's a server id cookie that we *MAY* want to delete : save
4134 * some pointers on it (last semi-colon, beginning of cookie...)
4135 * 3) it's an application cookie : we *MAY* have to delete a previous
4136 * "special" cookie.
4137 * At the end of loop, if a "special" cookie remains, we may have to
4138 * remove it. If no application cookie persists in the header, we
4139 * *MUST* delete it
4140 */
4141
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004142 colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004143
Willy Tarreau58f10d72006-12-04 02:26:12 +01004144 /* del_cookie == NULL => nothing to be deleted */
4145 del_colon = del_cookie = NULL;
4146 app_cookies = 0;
4147
4148 while (p1 < cur_end) {
4149 /* skip spaces and colons, but keep an eye on these ones */
4150 while (p1 < cur_end) {
4151 if (*p1 == ';' || *p1 == ',')
4152 colon = p1;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004153 else if (!isspace((unsigned char)*p1))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004154 break;
4155 p1++;
4156 }
4157
4158 if (p1 == cur_end)
4159 break;
4160
4161 /* p1 is at the beginning of the cookie name */
4162 p2 = p1;
4163 while (p2 < cur_end && *p2 != '=')
4164 p2++;
4165
4166 if (p2 == cur_end)
4167 break;
4168
4169 p3 = p2 + 1; /* skips the '=' sign */
4170 if (p3 == cur_end)
4171 break;
4172
4173 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004174 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';' && *p4 != ',')
Willy Tarreau58f10d72006-12-04 02:26:12 +01004175 p4++;
4176
4177 /* here, we have the cookie name between p1 and p2,
4178 * and its value between p3 and p4.
4179 * we can process it :
4180 *
4181 * Cookie: NAME=VALUE;
4182 * | || || |
4183 * | || || +--> p4
4184 * | || |+-------> p3
4185 * | || +--------> p2
4186 * | |+------------> p1
4187 * | +-------------> colon
4188 * +--------------------> cur_ptr
4189 */
4190
4191 if (*p1 == '$') {
4192 /* skip this one */
4193 }
4194 else {
4195 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004196 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004197 txn->cli_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004198 (p4 - p1 >= t->fe->capture_namelen) &&
4199 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004200 int log_len = p4 - p1;
4201
Willy Tarreau086b3b42007-05-13 21:45:51 +02004202 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004203 Alert("HTTP logging : out of memory.\n");
4204 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004205 if (log_len > t->fe->capture_len)
4206 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004207 memcpy(txn->cli_cookie, p1, log_len);
4208 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004209 }
4210 }
4211
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004212 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4213 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004214 /* Cool... it's the right one */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004215 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004216 char *delim;
4217
4218 /* if we're in cookie prefix mode, we'll search the delimitor so that we
4219 * have the server ID betweek p3 and delim, and the original cookie between
4220 * delim+1 and p4. Otherwise, delim==p4 :
4221 *
4222 * Cookie: NAME=SRV~VALUE;
4223 * | || || | |
4224 * | || || | +--> p4
4225 * | || || +--------> delim
4226 * | || |+-----------> p3
4227 * | || +------------> p2
4228 * | |+----------------> p1
4229 * | +-----------------> colon
4230 * +------------------------> cur_ptr
4231 */
4232
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004233 if (t->be->options & PR_O_COOK_PFX) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004234 for (delim = p3; delim < p4; delim++)
4235 if (*delim == COOKIE_DELIM)
4236 break;
4237 }
4238 else
4239 delim = p4;
4240
4241
4242 /* Here, we'll look for the first running server which supports the cookie.
4243 * This allows to share a same cookie between several servers, for example
4244 * to dedicate backup servers to specific servers only.
4245 * However, to prevent clients from sticking to cookie-less backup server
4246 * when they have incidentely learned an empty cookie, we simply ignore
4247 * empty cookies and mark them as invalid.
4248 */
4249 if (delim == p3)
4250 srv = NULL;
4251
4252 while (srv) {
Willy Tarreau92f2ab12007-02-02 22:14:47 +01004253 if (srv->cookie && (srv->cklen == delim - p3) &&
4254 !memcmp(p3, srv->cookie, delim - p3)) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004255 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004256 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004257 txn->flags &= ~TX_CK_MASK;
4258 txn->flags |= TX_CK_VALID;
4259 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004260 t->srv = srv;
4261 break;
4262 } else {
4263 /* we found a server, but it's down */
Willy Tarreau3d300592007-03-18 18:34:41 +01004264 txn->flags &= ~TX_CK_MASK;
4265 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004266 }
4267 }
4268 srv = srv->next;
4269 }
4270
Willy Tarreau3d300592007-03-18 18:34:41 +01004271 if (!srv && !(txn->flags & TX_CK_DOWN)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004272 /* no server matched this cookie */
Willy Tarreau3d300592007-03-18 18:34:41 +01004273 txn->flags &= ~TX_CK_MASK;
4274 txn->flags |= TX_CK_INVALID;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004275 }
4276
4277 /* depending on the cookie mode, we may have to either :
4278 * - delete the complete cookie if we're in insert+indirect mode, so that
4279 * the server never sees it ;
4280 * - remove the server id from the cookie value, and tag the cookie as an
4281 * application cookie so that it does not get accidentely removed later,
4282 * if we're in cookie prefix mode
4283 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004284 if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004285 int delta; /* negative */
4286
4287 delta = buffer_replace2(req, p3, delim + 1, NULL, 0);
4288 p4 += delta;
4289 cur_end += delta;
4290 cur_next += delta;
4291 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004292 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004293
4294 del_cookie = del_colon = NULL;
4295 app_cookies++; /* protect the header from deletion */
4296 }
4297 else if (del_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004298 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004299 del_cookie = p1;
4300 del_colon = colon;
4301 }
4302 } else {
4303 /* now we know that we must keep this cookie since it's
4304 * not ours. But if we wanted to delete our cookie
4305 * earlier, we cannot remove the complete header, but we
4306 * can remove the previous block itself.
4307 */
4308 app_cookies++;
4309
4310 if (del_cookie != NULL) {
4311 int delta; /* negative */
4312
4313 delta = buffer_replace2(req, del_cookie, p1, NULL, 0);
4314 p4 += delta;
4315 cur_end += delta;
4316 cur_next += delta;
4317 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004318 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004319 del_cookie = del_colon = NULL;
4320 }
4321 }
4322
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004323 if ((t->be->appsession_name != NULL) &&
4324 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004325 /* first, let's see if the cookie is our appcookie*/
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004326
Willy Tarreau58f10d72006-12-04 02:26:12 +01004327 /* Cool... it's the right one */
4328
4329 asession_temp = &local_asession;
4330
Willy Tarreau63963c62007-05-13 21:29:55 +02004331 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004332 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4333 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4334 return;
4335 }
4336
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004337 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4338 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004339 asession_temp->serverid = NULL;
Willy Tarreau51041c72007-09-09 21:56:53 +02004340
Willy Tarreau58f10d72006-12-04 02:26:12 +01004341 /* only do insert, if lookup fails */
Willy Tarreau51041c72007-09-09 21:56:53 +02004342 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4343 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004344 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004345 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004346 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004347 Alert("Not enough memory process_cli():asession:calloc().\n");
4348 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4349 return;
4350 }
4351
4352 asession_temp->sessid = local_asession.sessid;
4353 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004354 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004355 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004356 } else {
4357 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004358 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004359 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004360 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004361 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004362 Alert("Found Application Session without matching server.\n");
4363 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004364 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004365 while (srv) {
4366 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004367 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004368 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004369 txn->flags &= ~TX_CK_MASK;
4370 txn->flags |= TX_CK_VALID;
4371 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004372 t->srv = srv;
4373 break;
4374 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01004375 txn->flags &= ~TX_CK_MASK;
4376 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004377 }
4378 }
4379 srv = srv->next;
4380 }/* end while(srv) */
4381 }/* end else if server == NULL */
4382
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004383 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004384 asession_temp->request_count++;
4385#if defined(DEBUG_HASH)
4386 Alert("manage_client_side_cookies\n");
4387 appsession_hash_dump(&(t->be->htbl_proxy));
4388#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01004389 }/* end if ((t->proxy->appsession_name != NULL) ... */
4390 }
4391
4392 /* we'll have to look for another cookie ... */
4393 p1 = p4;
4394 } /* while (p1 < cur_end) */
4395
4396 /* There's no more cookie on this line.
4397 * We may have marked the last one(s) for deletion.
4398 * We must do this now in two ways :
4399 * - if there is no app cookie, we simply delete the header ;
4400 * - if there are app cookies, we must delete the end of the
4401 * string properly, including the colon/semi-colon before
4402 * the cookie name.
4403 */
4404 if (del_cookie != NULL) {
4405 int delta;
4406 if (app_cookies) {
4407 delta = buffer_replace2(req, del_colon, cur_end, NULL, 0);
4408 cur_end = del_colon;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004409 cur_hdr->len += delta;
4410 } else {
4411 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004412
4413 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004414 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4415 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004416 cur_hdr->len = 0;
4417 }
Willy Tarreau45e73e32006-12-17 00:05:15 +01004418 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004419 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004420 }
4421
4422 /* keep the link from this header to next one */
4423 old_idx = cur_idx;
4424 } /* end of cookie processing on this header */
4425}
4426
4427
Willy Tarreaua15645d2007-03-18 16:22:39 +01004428/* Iterate the same filter through all response headers contained in <rtr>.
4429 * Returns 1 if this filter can be stopped upon return, otherwise 0.
4430 */
4431int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4432{
4433 char term;
4434 char *cur_ptr, *cur_end, *cur_next;
4435 int cur_idx, old_idx, last_hdr;
4436 struct http_txn *txn = &t->txn;
4437 struct hdr_idx_elem *cur_hdr;
4438 int len, delta;
4439
4440 last_hdr = 0;
4441
4442 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4443 old_idx = 0;
4444
4445 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004446 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004447 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004448 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004449 (exp->action == ACT_ALLOW ||
4450 exp->action == ACT_DENY))
4451 return 0;
4452
4453 cur_idx = txn->hdr_idx.v[old_idx].next;
4454 if (!cur_idx)
4455 break;
4456
4457 cur_hdr = &txn->hdr_idx.v[cur_idx];
4458 cur_ptr = cur_next;
4459 cur_end = cur_ptr + cur_hdr->len;
4460 cur_next = cur_end + cur_hdr->cr + 1;
4461
4462 /* Now we have one header between cur_ptr and cur_end,
4463 * and the next header starts at cur_next.
4464 */
4465
4466 /* The annoying part is that pattern matching needs
4467 * that we modify the contents to null-terminate all
4468 * strings before testing them.
4469 */
4470
4471 term = *cur_end;
4472 *cur_end = '\0';
4473
4474 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4475 switch (exp->action) {
4476 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004477 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004478 last_hdr = 1;
4479 break;
4480
4481 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004482 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004483 last_hdr = 1;
4484 break;
4485
4486 case ACT_REPLACE:
4487 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4488 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4489 /* FIXME: if the user adds a newline in the replacement, the
4490 * index will not be recalculated for now, and the new line
4491 * will not be counted as a new header.
4492 */
4493
4494 cur_end += delta;
4495 cur_next += delta;
4496 cur_hdr->len += delta;
4497 txn->rsp.eoh += delta;
4498 break;
4499
4500 case ACT_REMOVE:
4501 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4502 cur_next += delta;
4503
4504 /* FIXME: this should be a separate function */
4505 txn->rsp.eoh += delta;
4506 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4507 txn->hdr_idx.used--;
4508 cur_hdr->len = 0;
4509 cur_end = NULL; /* null-term has been rewritten */
4510 break;
4511
4512 }
4513 }
4514 if (cur_end)
4515 *cur_end = term; /* restore the string terminator */
4516
4517 /* keep the link from this header to next one in case of later
4518 * removal of next header.
4519 */
4520 old_idx = cur_idx;
4521 }
4522 return 0;
4523}
4524
4525
4526/* Apply the filter to the status line in the response buffer <rtr>.
4527 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4528 * or -1 if a replacement resulted in an invalid status line.
4529 */
4530int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4531{
4532 char term;
4533 char *cur_ptr, *cur_end;
4534 int done;
4535 struct http_txn *txn = &t->txn;
4536 int len, delta;
4537
4538
Willy Tarreau3d300592007-03-18 18:34:41 +01004539 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004540 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004541 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004542 (exp->action == ACT_ALLOW ||
4543 exp->action == ACT_DENY))
4544 return 0;
4545 else if (exp->action == ACT_REMOVE)
4546 return 0;
4547
4548 done = 0;
4549
Willy Tarreau9cdde232007-05-02 20:58:19 +02004550 cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004551 cur_end = cur_ptr + txn->rsp.sl.rq.l;
4552
4553 /* Now we have the status line between cur_ptr and cur_end */
4554
4555 /* The annoying part is that pattern matching needs
4556 * that we modify the contents to null-terminate all
4557 * strings before testing them.
4558 */
4559
4560 term = *cur_end;
4561 *cur_end = '\0';
4562
4563 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4564 switch (exp->action) {
4565 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004566 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004567 done = 1;
4568 break;
4569
4570 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004571 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004572 done = 1;
4573 break;
4574
4575 case ACT_REPLACE:
4576 *cur_end = term; /* restore the string terminator */
4577 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4578 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4579 /* FIXME: if the user adds a newline in the replacement, the
4580 * index will not be recalculated for now, and the new line
4581 * will not be counted as a new header.
4582 */
4583
4584 txn->rsp.eoh += delta;
4585 cur_end += delta;
4586
Willy Tarreau9cdde232007-05-02 20:58:19 +02004587 txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004588 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02004589 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01004590 cur_ptr, cur_end + 1,
4591 NULL, NULL);
4592 if (unlikely(!cur_end))
4593 return -1;
4594
4595 /* we have a full respnse and we know that we have either a CR
4596 * or an LF at <ptr>.
4597 */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004598 txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004599 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r');
4600 /* there is no point trying this regex on headers */
4601 return 1;
4602 }
4603 }
4604 *cur_end = term; /* restore the string terminator */
4605 return done;
4606}
4607
4608
4609
4610/*
4611 * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>.
4612 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
4613 * unparsable response.
4614 */
4615int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4616{
Willy Tarreau3d300592007-03-18 18:34:41 +01004617 struct http_txn *txn = &t->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004618 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004619 while (exp && !(txn->flags & TX_SVDENY)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004620 int ret;
4621
4622 /*
4623 * The interleaving of transformations and verdicts
4624 * makes it difficult to decide to continue or stop
4625 * the evaluation.
4626 */
4627
Willy Tarreau3d300592007-03-18 18:34:41 +01004628 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004629 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4630 exp->action == ACT_PASS)) {
4631 exp = exp->next;
4632 continue;
4633 }
4634
4635 /* Apply the filter to the status line. */
4636 ret = apply_filter_to_sts_line(t, rtr, exp);
4637 if (unlikely(ret < 0))
4638 return -1;
4639
4640 if (likely(ret == 0)) {
4641 /* The filter did not match the response, it can be
4642 * iterated through all headers.
4643 */
4644 apply_filter_to_resp_headers(t, rtr, exp);
4645 }
4646 exp = exp->next;
4647 }
4648 return 0;
4649}
4650
4651
4652
4653/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004654 * Manage server-side cookies. It can impact performance by about 2% so it is
4655 * desirable to call it only when needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004656 */
4657void manage_server_side_cookies(struct session *t, struct buffer *rtr)
4658{
4659 struct http_txn *txn = &t->txn;
4660 char *p1, *p2, *p3, *p4;
4661
4662 appsess *asession_temp = NULL;
4663 appsess local_asession;
4664
4665 char *cur_ptr, *cur_end, *cur_next;
4666 int cur_idx, old_idx, delta;
4667
Willy Tarreaua15645d2007-03-18 16:22:39 +01004668 /* Iterate through the headers.
4669 * we start with the start line.
4670 */
4671 old_idx = 0;
4672 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4673
4674 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
4675 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004676 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004677
4678 cur_hdr = &txn->hdr_idx.v[cur_idx];
4679 cur_ptr = cur_next;
4680 cur_end = cur_ptr + cur_hdr->len;
4681 cur_next = cur_end + cur_hdr->cr + 1;
4682
4683 /* We have one full header between cur_ptr and cur_end, and the
4684 * next header starts at cur_next. We're only interested in
4685 * "Cookie:" headers.
4686 */
4687
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004688 val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10);
4689 if (!val) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004690 old_idx = cur_idx;
4691 continue;
4692 }
4693
4694 /* OK, right now we know we have a set-cookie at cur_ptr */
Willy Tarreau3d300592007-03-18 18:34:41 +01004695 txn->flags |= TX_SCK_ANY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004696
4697
4698 /* maybe we only wanted to see if there was a set-cookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004699 if (t->be->cookie_name == NULL &&
4700 t->be->appsession_name == NULL &&
4701 t->be->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004702 return;
4703
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004704 p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004705
4706 while (p1 < cur_end) { /* in fact, we'll break after the first cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004707 if (p1 == cur_end || *p1 == ';') /* end of cookie */
4708 break;
4709
4710 /* p1 is at the beginning of the cookie name */
4711 p2 = p1;
4712
4713 while (p2 < cur_end && *p2 != '=' && *p2 != ';')
4714 p2++;
4715
4716 if (p2 == cur_end || *p2 == ';') /* next cookie */
4717 break;
4718
4719 p3 = p2 + 1; /* skip the '=' sign */
4720 if (p3 == cur_end)
4721 break;
4722
4723 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004724 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';')
Willy Tarreaua15645d2007-03-18 16:22:39 +01004725 p4++;
4726
4727 /* here, we have the cookie name between p1 and p2,
4728 * and its value between p3 and p4.
4729 * we can process it.
4730 */
4731
4732 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004733 if (t->be->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004734 txn->srv_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004735 (p4 - p1 >= t->be->capture_namelen) &&
4736 memcmp(p1, t->be->capture_name, t->be->capture_namelen) == 0) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004737 int log_len = p4 - p1;
4738
Willy Tarreau086b3b42007-05-13 21:45:51 +02004739 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004740 Alert("HTTP logging : out of memory.\n");
4741 }
4742
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004743 if (log_len > t->be->capture_len)
4744 log_len = t->be->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004745 memcpy(txn->srv_cookie, p1, log_len);
4746 txn->srv_cookie[log_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004747 }
4748
4749 /* now check if we need to process it for persistence */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004750 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4751 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004752 /* Cool... it's the right one */
Willy Tarreau3d300592007-03-18 18:34:41 +01004753 txn->flags |= TX_SCK_SEEN;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004754
4755 /* If the cookie is in insert mode on a known server, we'll delete
4756 * this occurrence because we'll insert another one later.
4757 * We'll delete it too if the "indirect" option is set and we're in
4758 * a direct access. */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004759 if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
4760 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004761 /* this header must be deleted */
4762 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4763 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4764 txn->hdr_idx.used--;
4765 cur_hdr->len = 0;
4766 cur_next += delta;
4767 txn->rsp.eoh += delta;
4768
Willy Tarreau3d300592007-03-18 18:34:41 +01004769 txn->flags |= TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004770 }
4771 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004772 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004773 /* replace bytes p3->p4 with the cookie name associated
4774 * with this server since we know it.
4775 */
4776 delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen);
4777 cur_hdr->len += delta;
4778 cur_next += delta;
4779 txn->rsp.eoh += delta;
4780
Willy Tarreau3d300592007-03-18 18:34:41 +01004781 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004782 }
4783 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004784 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004785 /* insert the cookie name associated with this server
4786 * before existing cookie, and insert a delimitor between them..
4787 */
4788 delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1);
4789 cur_hdr->len += delta;
4790 cur_next += delta;
4791 txn->rsp.eoh += delta;
4792
4793 p3[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreau3d300592007-03-18 18:34:41 +01004794 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004795 }
4796 }
4797 /* next, let's see if the cookie is our appcookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004798 else if ((t->be->appsession_name != NULL) &&
4799 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004800
4801 /* Cool... it's the right one */
4802
4803 size_t server_id_len = strlen(t->srv->id) + 1;
4804 asession_temp = &local_asession;
4805
Willy Tarreau63963c62007-05-13 21:29:55 +02004806 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004807 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
4808 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
4809 return;
4810 }
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004811 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4812 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004813 asession_temp->serverid = NULL;
4814
4815 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01004816 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4817 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004818 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004819 Alert("Not enough Memory process_srv():asession:calloc().\n");
4820 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
4821 return;
4822 }
4823 asession_temp->sessid = local_asession.sessid;
4824 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004825 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004826 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
4827 } else {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004828 /* free wasted memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004829 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau51041c72007-09-09 21:56:53 +02004830 }
4831
Willy Tarreaua15645d2007-03-18 16:22:39 +01004832 if (asession_temp->serverid == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004833 if ((asession_temp->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004834 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
4835 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
4836 return;
4837 }
4838 asession_temp->serverid[0] = '\0';
4839 }
4840
4841 if (asession_temp->serverid[0] == '\0')
4842 memcpy(asession_temp->serverid, t->srv->id, server_id_len);
4843
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004844 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004845 asession_temp->request_count++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004846#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004847 Alert("manage_server_side_cookies\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02004848 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreaua15645d2007-03-18 16:22:39 +01004849#endif
4850 }/* end if ((t->proxy->appsession_name != NULL) ... */
4851 break; /* we don't want to loop again since there cannot be another cookie on the same line */
4852 } /* we're now at the end of the cookie value */
4853
4854 /* keep the link from this header to next one */
4855 old_idx = cur_idx;
4856 } /* end of cookie processing on this header */
4857}
4858
4859
4860
4861/*
4862 * Check if response is cacheable or not. Updates t->flags.
4863 */
4864void check_response_for_cacheability(struct session *t, struct buffer *rtr)
4865{
4866 struct http_txn *txn = &t->txn;
4867 char *p1, *p2;
4868
4869 char *cur_ptr, *cur_end, *cur_next;
4870 int cur_idx;
4871
Willy Tarreau5df51872007-11-25 16:20:08 +01004872 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004873 return;
4874
4875 /* Iterate through the headers.
4876 * we start with the start line.
4877 */
4878 cur_idx = 0;
4879 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4880
4881 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
4882 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004883 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004884
4885 cur_hdr = &txn->hdr_idx.v[cur_idx];
4886 cur_ptr = cur_next;
4887 cur_end = cur_ptr + cur_hdr->len;
4888 cur_next = cur_end + cur_hdr->cr + 1;
4889
4890 /* We have one full header between cur_ptr and cur_end, and the
4891 * next header starts at cur_next. We're only interested in
4892 * "Cookie:" headers.
4893 */
4894
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004895 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
4896 if (val) {
4897 if ((cur_end - (cur_ptr + val) >= 8) &&
4898 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
4899 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
4900 return;
4901 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01004902 }
4903
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004904 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
4905 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004906 continue;
4907
4908 /* OK, right now we know we have a cache-control header at cur_ptr */
4909
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004910 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004911
4912 if (p1 >= cur_end) /* no more info */
4913 continue;
4914
4915 /* p1 is at the beginning of the value */
4916 p2 = p1;
4917
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004918 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004919 p2++;
4920
4921 /* we have a complete value between p1 and p2 */
4922 if (p2 < cur_end && *p2 == '=') {
4923 /* we have something of the form no-cache="set-cookie" */
4924 if ((cur_end - p1 >= 21) &&
4925 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
4926 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01004927 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004928 continue;
4929 }
4930
4931 /* OK, so we know that either p2 points to the end of string or to a comma */
4932 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
4933 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
4934 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
4935 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004936 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004937 return;
4938 }
4939
4940 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004941 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004942 continue;
4943 }
4944 }
4945}
4946
4947
Willy Tarreau58f10d72006-12-04 02:26:12 +01004948/*
4949 * Try to retrieve a known appsession in the URI, then the associated server.
4950 * If the server is found, it's assigned to the session.
4951 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004952void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004953{
Willy Tarreau3d300592007-03-18 18:34:41 +01004954 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004955 appsess *asession_temp = NULL;
4956 appsess local_asession;
4957 char *request_line;
4958
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004959 if (t->be->appsession_name == NULL ||
Willy Tarreaub326fcc2007-03-03 13:54:32 +01004960 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST) ||
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004961 (request_line = memchr(begin, ';', len)) == NULL ||
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004962 ((1 + t->be->appsession_name_len + 1 + t->be->appsession_len) > (begin + len - request_line)))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004963 return;
4964
4965 /* skip ';' */
4966 request_line++;
4967
4968 /* look if we have a jsessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004969 if (strncasecmp(request_line, t->be->appsession_name, t->be->appsession_name_len) != 0)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004970 return;
4971
4972 /* skip jsessionid= */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004973 request_line += t->be->appsession_name_len + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004974
4975 /* First try if we already have an appsession */
4976 asession_temp = &local_asession;
4977
Willy Tarreau63963c62007-05-13 21:29:55 +02004978 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004979 Alert("Not enough memory process_cli():asession_temp->sessid:calloc().\n");
4980 send_log(t->be, LOG_ALERT, "Not enough Memory process_cli():asession_temp->sessid:calloc().\n");
4981 return;
4982 }
4983
4984 /* Copy the sessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004985 memcpy(asession_temp->sessid, request_line, t->be->appsession_len);
4986 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004987 asession_temp->serverid = NULL;
4988
4989 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01004990 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4991 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004992 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004993 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004994 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004995 Alert("Not enough memory process_cli():asession:calloc().\n");
4996 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4997 return;
4998 }
4999 asession_temp->sessid = local_asession.sessid;
5000 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005001 asession_temp->request_count=0;
Willy Tarreau51041c72007-09-09 21:56:53 +02005002 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005003 }
5004 else {
5005 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005006 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005007 }
Willy Tarreau51041c72007-09-09 21:56:53 +02005008
Willy Tarreau0c303ee2008-07-07 00:09:58 +02005009 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005010 asession_temp->request_count++;
Willy Tarreau51041c72007-09-09 21:56:53 +02005011
Willy Tarreau58f10d72006-12-04 02:26:12 +01005012#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005013 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005014 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01005015#endif
5016 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005017 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005018 Alert("Found Application Session without matching server.\n");
5019 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005020 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005021 while (srv) {
5022 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005023 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005024 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01005025 txn->flags &= ~TX_CK_MASK;
5026 txn->flags |= TX_CK_VALID;
5027 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005028 t->srv = srv;
5029 break;
5030 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01005031 txn->flags &= ~TX_CK_MASK;
5032 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005033 }
5034 }
5035 srv = srv->next;
5036 }
5037 }
5038}
5039
5040
Willy Tarreaub2513902006-12-17 14:52:38 +01005041/*
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005042 * In a GET or HEAD request, check if the requested URI matches the stats uri
5043 * for the current backend, and if an authorization has been passed and is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01005044 *
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005045 * It is assumed that the request is either a HEAD or GET and that the
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005046 * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005047 * produce_content() can be called to start sending data.
Willy Tarreaub2513902006-12-17 14:52:38 +01005048 *
5049 * Returns 1 if the session's state changes, otherwise 0.
5050 */
5051int stats_check_uri_auth(struct session *t, struct proxy *backend)
5052{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005053 struct http_txn *txn = &t->txn;
Willy Tarreaub2513902006-12-17 14:52:38 +01005054 struct uri_auth *uri_auth = backend->uri_auth;
5055 struct user_auth *user;
5056 int authenticated, cur_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005057 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01005058
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005059 memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
5060
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005061 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005062 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01005063 return 0;
5064
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005065 h = t->req->data + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005066
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005067 /* the URI is in h */
5068 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01005069 return 0;
5070
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005071 h += uri_auth->uri_len;
5072 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
5073 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005074 t->data_ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005075 break;
5076 }
5077 h++;
5078 }
5079
5080 if (uri_auth->refresh) {
5081 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5082 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
5083 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005084 t->data_ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005085 break;
5086 }
5087 h++;
5088 }
5089 }
5090
Willy Tarreau55bb8452007-10-17 18:44:57 +02005091 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5092 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
5093 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005094 t->data_ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02005095 break;
5096 }
5097 h++;
5098 }
5099
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005100 t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
5101
Willy Tarreaub2513902006-12-17 14:52:38 +01005102 /* we are in front of a interceptable URI. Let's check
5103 * if there's an authentication and if it's valid.
5104 */
5105 user = uri_auth->users;
5106 if (!user) {
5107 /* no user auth required, it's OK */
5108 authenticated = 1;
5109 } else {
5110 authenticated = 0;
5111
5112 /* a user list is defined, we have to check.
5113 * skip 21 chars for "Authorization: Basic ".
5114 */
5115
5116 /* FIXME: this should move to an earlier place */
5117 cur_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005118 h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
5119 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5120 int len = txn->hdr_idx.v[cur_idx].len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005121 if (len > 14 &&
5122 !strncasecmp("Authorization:", h, 14)) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005123 txn->auth_hdr.str = h;
5124 txn->auth_hdr.len = len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005125 break;
5126 }
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005127 h += len + txn->hdr_idx.v[cur_idx].cr + 1;
Willy Tarreaub2513902006-12-17 14:52:38 +01005128 }
5129
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005130 if (txn->auth_hdr.len < 21 ||
5131 memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
Willy Tarreaub2513902006-12-17 14:52:38 +01005132 user = NULL;
5133
5134 while (user) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005135 if ((txn->auth_hdr.len == user->user_len + 14 + 7)
5136 && !memcmp(txn->auth_hdr.str + 14 + 7,
Willy Tarreaub2513902006-12-17 14:52:38 +01005137 user->user_pwd, user->user_len)) {
5138 authenticated = 1;
5139 break;
5140 }
5141 user = user->next;
5142 }
5143 }
5144
5145 if (!authenticated) {
Willy Tarreau0f772532006-12-23 20:51:41 +01005146 struct chunk msg;
Willy Tarreaub2513902006-12-17 14:52:38 +01005147
5148 /* no need to go further */
Willy Tarreau0f772532006-12-23 20:51:41 +01005149 msg.str = trash;
5150 msg.len = sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm);
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005151 txn->status = 401;
Willy Tarreau0f772532006-12-23 20:51:41 +01005152 client_retnclose(t, &msg);
Willy Tarreauf8533202008-08-16 14:55:08 +02005153 trace_term(t, TT_HTTP_URI_1);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005154 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub2513902006-12-17 14:52:38 +01005155 if (!(t->flags & SN_ERR_MASK))
5156 t->flags |= SN_ERR_PRXCOND;
5157 if (!(t->flags & SN_FINST_MASK))
5158 t->flags |= SN_FINST_R;
5159 return 1;
5160 }
5161
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005162 /* The request is valid, the user is authenticated. Let's start sending
Willy Tarreaub2513902006-12-17 14:52:38 +01005163 * data.
5164 */
Willy Tarreau284c7b32008-06-29 16:38:43 +02005165 EV_FD_CLR(t->cli_fd, DIR_RD);
5166 buffer_shutr(t->req);
5167 buffer_shutr(t->rep);
Willy Tarreaue393fe22008-08-16 22:18:07 +02005168 buffer_set_rlim(t->req, BUFSIZE); /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02005169 t->logs.tv_request = now;
Willy Tarreaub2513902006-12-17 14:52:38 +01005170 t->data_source = DATA_SRC_STATS;
5171 t->data_state = DATA_ST_INIT;
Willy Tarreau91e99932008-06-30 07:51:00 +02005172 t->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub2513902006-12-17 14:52:38 +01005173 produce_content(t);
5174 return 1;
5175}
5176
5177
Willy Tarreaubaaee002006-06-26 02:48:02 +02005178/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01005179 * Print a debug line with a header
5180 */
5181void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
5182{
5183 int len, max;
5184 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
5185 dir, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
5186 max = end - start;
5187 UBOUND(max, sizeof(trash) - len - 1);
5188 len += strlcpy2(trash + len, start, max + 1);
5189 trash[len++] = '\n';
5190 write(1, trash, len);
5191}
5192
5193
Willy Tarreau8797c062007-05-07 00:55:35 +02005194/************************************************************************/
5195/* The code below is dedicated to ACL parsing and matching */
5196/************************************************************************/
5197
5198
5199
5200
5201/* 1. Check on METHOD
5202 * We use the pre-parsed method if it is known, and store its number as an
5203 * integer. If it is unknown, we use the pointer and the length.
5204 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005205static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005206{
5207 int len, meth;
5208
Willy Tarreauae8b7962007-06-09 23:10:04 +02005209 len = strlen(*text);
5210 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02005211
5212 pattern->val.i = meth;
5213 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02005214 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005215 if (!pattern->ptr.str)
5216 return 0;
5217 pattern->len = len;
5218 }
5219 return 1;
5220}
5221
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005222static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005223acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
5224 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005225{
5226 int meth;
5227 struct http_txn *txn = l7;
5228
Willy Tarreaub6866442008-07-14 23:54:42 +02005229 if (!txn)
5230 return 0;
5231
Willy Tarreauc11416f2007-06-17 16:58:38 +02005232 if (txn->req.msg_state != HTTP_MSG_BODY)
5233 return 0;
5234
Willy Tarreau8797c062007-05-07 00:55:35 +02005235 meth = txn->meth;
5236 test->i = meth;
5237 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02005238 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5239 /* ensure the indexes are not affected */
5240 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02005241 test->len = txn->req.sl.rq.m_l;
5242 test->ptr = txn->req.sol;
5243 }
5244 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5245 return 1;
5246}
5247
5248static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
5249{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005250 int icase;
5251
Willy Tarreau8797c062007-05-07 00:55:35 +02005252 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02005253 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02005254
5255 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02005256 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005257
5258 /* Other method, we must compare the strings */
5259 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02005260 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005261
5262 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
5263 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
5264 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02005265 return ACL_PAT_FAIL;
5266 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005267}
5268
5269/* 2. Check on Request/Status Version
5270 * We simply compare strings here.
5271 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005272static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005273{
Willy Tarreauae8b7962007-06-09 23:10:04 +02005274 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005275 if (!pattern->ptr.str)
5276 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02005277 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005278 return 1;
5279}
5280
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005281static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005282acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
5283 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005284{
5285 struct http_txn *txn = l7;
5286 char *ptr;
5287 int len;
5288
Willy Tarreaub6866442008-07-14 23:54:42 +02005289 if (!txn)
5290 return 0;
5291
Willy Tarreauc11416f2007-06-17 16:58:38 +02005292 if (txn->req.msg_state != HTTP_MSG_BODY)
5293 return 0;
5294
Willy Tarreau8797c062007-05-07 00:55:35 +02005295 len = txn->req.sl.rq.v_l;
5296 ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som;
5297
5298 while ((len-- > 0) && (*ptr++ != '/'));
5299 if (len <= 0)
5300 return 0;
5301
5302 test->ptr = ptr;
5303 test->len = len;
5304
5305 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5306 return 1;
5307}
5308
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005309static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005310acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
5311 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005312{
5313 struct http_txn *txn = l7;
5314 char *ptr;
5315 int len;
5316
Willy Tarreaub6866442008-07-14 23:54:42 +02005317 if (!txn)
5318 return 0;
5319
Willy Tarreauc11416f2007-06-17 16:58:38 +02005320 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5321 return 0;
5322
Willy Tarreau8797c062007-05-07 00:55:35 +02005323 len = txn->rsp.sl.st.v_l;
5324 ptr = txn->rsp.sol;
5325
5326 while ((len-- > 0) && (*ptr++ != '/'));
5327 if (len <= 0)
5328 return 0;
5329
5330 test->ptr = ptr;
5331 test->len = len;
5332
5333 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5334 return 1;
5335}
5336
5337/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005338static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005339acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
5340 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005341{
5342 struct http_txn *txn = l7;
5343 char *ptr;
5344 int len;
5345
Willy Tarreaub6866442008-07-14 23:54:42 +02005346 if (!txn)
5347 return 0;
5348
Willy Tarreauc11416f2007-06-17 16:58:38 +02005349 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5350 return 0;
5351
Willy Tarreau8797c062007-05-07 00:55:35 +02005352 len = txn->rsp.sl.st.c_l;
5353 ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som;
5354
5355 test->i = __strl2ui(ptr, len);
5356 test->flags = ACL_TEST_F_VOL_1ST;
5357 return 1;
5358}
5359
5360/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005361static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005362acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
5363 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005364{
5365 struct http_txn *txn = l7;
5366
Willy Tarreaub6866442008-07-14 23:54:42 +02005367 if (!txn)
5368 return 0;
5369
Willy Tarreauc11416f2007-06-17 16:58:38 +02005370 if (txn->req.msg_state != HTTP_MSG_BODY)
5371 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005372
Willy Tarreauc11416f2007-06-17 16:58:38 +02005373 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5374 /* ensure the indexes are not affected */
5375 return 0;
5376
Willy Tarreau8797c062007-05-07 00:55:35 +02005377 test->len = txn->req.sl.rq.u_l;
5378 test->ptr = txn->req.sol + txn->req.sl.rq.u;
5379
Willy Tarreauf3d25982007-05-08 22:45:09 +02005380 /* we do not need to set READ_ONLY because the data is in a buffer */
5381 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02005382 return 1;
5383}
5384
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005385static int
5386acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
5387 struct acl_expr *expr, struct acl_test *test)
5388{
5389 struct http_txn *txn = l7;
5390
Willy Tarreaub6866442008-07-14 23:54:42 +02005391 if (!txn)
5392 return 0;
5393
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005394 if (txn->req.msg_state != HTTP_MSG_BODY)
5395 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005396
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005397 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5398 /* ensure the indexes are not affected */
5399 return 0;
5400
5401 /* Parse HTTP request */
5402 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5403 test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr;
5404 test->i = AF_INET;
5405
5406 /*
5407 * If we are parsing url in frontend space, we prepare backend stage
5408 * to not parse again the same url ! optimization lazyness...
5409 */
5410 if (px->options & PR_O_HTTP_PROXY)
5411 l4->flags |= SN_ADDR_SET;
5412
5413 test->flags = ACL_TEST_F_READ_ONLY;
5414 return 1;
5415}
5416
5417static int
5418acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
5419 struct acl_expr *expr, struct acl_test *test)
5420{
5421 struct http_txn *txn = l7;
5422
Willy Tarreaub6866442008-07-14 23:54:42 +02005423 if (!txn)
5424 return 0;
5425
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005426 if (txn->req.msg_state != HTTP_MSG_BODY)
5427 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005428
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005429 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5430 /* ensure the indexes are not affected */
5431 return 0;
5432
5433 /* Same optimization as url_ip */
5434 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5435 test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port);
5436
5437 if (px->options & PR_O_HTTP_PROXY)
5438 l4->flags |= SN_ADDR_SET;
5439
5440 test->flags = ACL_TEST_F_READ_ONLY;
5441 return 1;
5442}
5443
Willy Tarreauc11416f2007-06-17 16:58:38 +02005444/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
5445 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
5446 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02005447static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005448acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005449 struct acl_expr *expr, struct acl_test *test)
5450{
5451 struct http_txn *txn = l7;
5452 struct hdr_idx *idx = &txn->hdr_idx;
5453 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005454
Willy Tarreaub6866442008-07-14 23:54:42 +02005455 if (!txn)
5456 return 0;
5457
Willy Tarreau33a7e692007-06-10 19:45:56 +02005458 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5459 /* search for header from the beginning */
5460 ctx->idx = 0;
5461
Willy Tarreau33a7e692007-06-10 19:45:56 +02005462 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5463 test->flags |= ACL_TEST_F_FETCH_MORE;
5464 test->flags |= ACL_TEST_F_VOL_HDR;
5465 test->len = ctx->vlen;
5466 test->ptr = (char *)ctx->line + ctx->val;
5467 return 1;
5468 }
5469
5470 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5471 test->flags |= ACL_TEST_F_VOL_HDR;
5472 return 0;
5473}
5474
Willy Tarreau33a7e692007-06-10 19:45:56 +02005475static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005476acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
5477 struct acl_expr *expr, struct acl_test *test)
5478{
5479 struct http_txn *txn = l7;
5480
Willy Tarreaub6866442008-07-14 23:54:42 +02005481 if (!txn)
5482 return 0;
5483
Willy Tarreauc11416f2007-06-17 16:58:38 +02005484 if (txn->req.msg_state != HTTP_MSG_BODY)
5485 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005486
Willy Tarreauc11416f2007-06-17 16:58:38 +02005487 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5488 /* ensure the indexes are not affected */
5489 return 0;
5490
5491 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
5492}
5493
5494static int
5495acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
5496 struct acl_expr *expr, struct acl_test *test)
5497{
5498 struct http_txn *txn = l7;
5499
Willy Tarreaub6866442008-07-14 23:54:42 +02005500 if (!txn)
5501 return 0;
5502
Willy Tarreauc11416f2007-06-17 16:58:38 +02005503 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5504 return 0;
5505
5506 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
5507}
5508
5509/* 6. Check on HTTP header count. The number of occurrences is returned.
5510 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
5511 */
5512static int
5513acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005514 struct acl_expr *expr, struct acl_test *test)
5515{
5516 struct http_txn *txn = l7;
5517 struct hdr_idx *idx = &txn->hdr_idx;
5518 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005519 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02005520
Willy Tarreaub6866442008-07-14 23:54:42 +02005521 if (!txn)
5522 return 0;
5523
Willy Tarreau33a7e692007-06-10 19:45:56 +02005524 ctx.idx = 0;
5525 cnt = 0;
5526 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
5527 cnt++;
5528
5529 test->i = cnt;
5530 test->flags = ACL_TEST_F_VOL_HDR;
5531 return 1;
5532}
5533
Willy Tarreauc11416f2007-06-17 16:58:38 +02005534static int
5535acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5536 struct acl_expr *expr, struct acl_test *test)
5537{
5538 struct http_txn *txn = l7;
5539
Willy Tarreaub6866442008-07-14 23:54:42 +02005540 if (!txn)
5541 return 0;
5542
Willy Tarreauc11416f2007-06-17 16:58:38 +02005543 if (txn->req.msg_state != HTTP_MSG_BODY)
5544 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005545
Willy Tarreauc11416f2007-06-17 16:58:38 +02005546 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5547 /* ensure the indexes are not affected */
5548 return 0;
5549
5550 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
5551}
5552
5553static int
5554acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5555 struct acl_expr *expr, struct acl_test *test)
5556{
5557 struct http_txn *txn = l7;
5558
Willy Tarreaub6866442008-07-14 23:54:42 +02005559 if (!txn)
5560 return 0;
5561
Willy Tarreauc11416f2007-06-17 16:58:38 +02005562 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5563 return 0;
5564
5565 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
5566}
5567
Willy Tarreau33a7e692007-06-10 19:45:56 +02005568/* 7. Check on HTTP header's integer value. The integer value is returned.
5569 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02005570 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02005571 */
5572static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005573acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005574 struct acl_expr *expr, struct acl_test *test)
5575{
5576 struct http_txn *txn = l7;
5577 struct hdr_idx *idx = &txn->hdr_idx;
5578 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005579
Willy Tarreaub6866442008-07-14 23:54:42 +02005580 if (!txn)
5581 return 0;
5582
Willy Tarreau33a7e692007-06-10 19:45:56 +02005583 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5584 /* search for header from the beginning */
5585 ctx->idx = 0;
5586
Willy Tarreau33a7e692007-06-10 19:45:56 +02005587 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5588 test->flags |= ACL_TEST_F_FETCH_MORE;
5589 test->flags |= ACL_TEST_F_VOL_HDR;
5590 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
5591 return 1;
5592 }
5593
5594 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5595 test->flags |= ACL_TEST_F_VOL_HDR;
5596 return 0;
5597}
5598
Willy Tarreauc11416f2007-06-17 16:58:38 +02005599static int
5600acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5601 struct acl_expr *expr, struct acl_test *test)
5602{
5603 struct http_txn *txn = l7;
5604
Willy Tarreaub6866442008-07-14 23:54:42 +02005605 if (!txn)
5606 return 0;
5607
Willy Tarreauc11416f2007-06-17 16:58:38 +02005608 if (txn->req.msg_state != HTTP_MSG_BODY)
5609 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005610
Willy Tarreauc11416f2007-06-17 16:58:38 +02005611 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5612 /* ensure the indexes are not affected */
5613 return 0;
5614
5615 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
5616}
5617
5618static int
5619acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5620 struct acl_expr *expr, struct acl_test *test)
5621{
5622 struct http_txn *txn = l7;
5623
Willy Tarreaub6866442008-07-14 23:54:42 +02005624 if (!txn)
5625 return 0;
5626
Willy Tarreauc11416f2007-06-17 16:58:38 +02005627 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5628 return 0;
5629
5630 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
5631}
5632
Willy Tarreau737b0c12007-06-10 21:28:46 +02005633/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
5634 * the first '/' after the possible hostname, and ends before the possible '?'.
5635 */
5636static int
5637acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
5638 struct acl_expr *expr, struct acl_test *test)
5639{
5640 struct http_txn *txn = l7;
5641 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005642
Willy Tarreaub6866442008-07-14 23:54:42 +02005643 if (!txn)
5644 return 0;
5645
Willy Tarreauc11416f2007-06-17 16:58:38 +02005646 if (txn->req.msg_state != HTTP_MSG_BODY)
5647 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005648
Willy Tarreauc11416f2007-06-17 16:58:38 +02005649 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5650 /* ensure the indexes are not affected */
5651 return 0;
5652
Willy Tarreau21d2af32008-02-14 20:25:24 +01005653 end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
5654 ptr = http_get_path(txn);
5655 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02005656 return 0;
5657
5658 /* OK, we got the '/' ! */
5659 test->ptr = ptr;
5660
5661 while (ptr < end && *ptr != '?')
5662 ptr++;
5663
5664 test->len = ptr - test->ptr;
5665
5666 /* we do not need to set READ_ONLY because the data is in a buffer */
5667 test->flags = ACL_TEST_F_VOL_1ST;
5668 return 1;
5669}
5670
5671
Willy Tarreau8797c062007-05-07 00:55:35 +02005672
5673/************************************************************************/
5674/* All supported keywords must be declared here. */
5675/************************************************************************/
5676
5677/* Note: must not be declared <const> as its list will be overwritten */
5678static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005679 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
5680 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5681 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5682 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02005683
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005684 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5685 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5686 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5687 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5688 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5689 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5690 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5691 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
5692 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02005693
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005694 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
5695 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5696 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5697 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5698 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5699 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5700 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5701 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5702 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
5703 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreauc11416f2007-06-17 16:58:38 +02005704
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005705 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5706 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
5707 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
5708 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
5709 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
5710 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
5711 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
5712 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
5713 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005714
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005715 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5716 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5717 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5718 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5719 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5720 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5721 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005722
Willy Tarreauf3d25982007-05-08 22:45:09 +02005723 { NULL, NULL, NULL, NULL },
5724
5725#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02005726 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
5727 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
5728 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
5729 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
5730 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
5731 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
5732 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
5733
Willy Tarreau8797c062007-05-07 00:55:35 +02005734 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
5735 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
5736 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
5737 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
5738 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
5739 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
5740 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
5741 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
5742
5743 { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str },
5744 { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg },
5745 { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str },
5746 { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 },
5747 { NULL, NULL, NULL, NULL },
5748#endif
5749}};
5750
5751
5752__attribute__((constructor))
5753static void __http_protocol_init(void)
5754{
5755 acl_register_keywords(&acl_kws);
5756}
5757
5758
Willy Tarreau58f10d72006-12-04 02:26:12 +01005759/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02005760 * Local variables:
5761 * c-indent-level: 8
5762 * c-basic-offset: 8
5763 * End:
5764 */