Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 1 | /* |
| 2 | * HTTP protocol analyzer |
| 3 | * |
Willy Tarreau | 7c669d7 | 2008-06-20 15:04:11 +0200 | [diff] [blame] | 4 | * Copyright 2000-2008 Willy Tarreau <w@1wt.eu> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | */ |
| 12 | |
| 13 | #include <ctype.h> |
| 14 | #include <errno.h> |
| 15 | #include <fcntl.h> |
| 16 | #include <stdio.h> |
| 17 | #include <stdlib.h> |
| 18 | #include <string.h> |
| 19 | #include <syslog.h> |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 20 | #include <time.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 21 | |
| 22 | #include <sys/socket.h> |
| 23 | #include <sys/stat.h> |
| 24 | #include <sys/types.h> |
| 25 | |
Willy Tarreau | 2dd0d47 | 2006-06-29 17:53:05 +0200 | [diff] [blame] | 26 | #include <common/appsession.h> |
| 27 | #include <common/compat.h> |
| 28 | #include <common/config.h> |
Willy Tarreau | a4cd1f5 | 2006-12-16 19:57:26 +0100 | [diff] [blame] | 29 | #include <common/debug.h> |
Willy Tarreau | 2dd0d47 | 2006-06-29 17:53:05 +0200 | [diff] [blame] | 30 | #include <common/memory.h> |
| 31 | #include <common/mini-clist.h> |
| 32 | #include <common/standard.h> |
Willy Tarreau | 0c303ee | 2008-07-07 00:09:58 +0200 | [diff] [blame] | 33 | #include <common/ticks.h> |
Willy Tarreau | 2dd0d47 | 2006-06-29 17:53:05 +0200 | [diff] [blame] | 34 | #include <common/time.h> |
| 35 | #include <common/uri_auth.h> |
| 36 | #include <common/version.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 37 | |
| 38 | #include <types/capture.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 39 | #include <types/global.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 40 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 41 | #include <proto/acl.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 42 | #include <proto/backend.h> |
| 43 | #include <proto/buffers.h> |
Willy Tarreau | 9186126 | 2007-10-17 17:06:05 +0200 | [diff] [blame] | 44 | #include <proto/dumpstats.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 45 | #include <proto/fd.h> |
| 46 | #include <proto/log.h> |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 47 | #include <proto/hdr_idx.h> |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 48 | #include <proto/proto_tcp.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 49 | #include <proto/proto_http.h> |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 50 | #include <proto/proxy.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 51 | #include <proto/queue.h> |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 52 | #include <proto/server.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 53 | #include <proto/session.h> |
Willy Tarreau | cff6411 | 2008-11-03 06:26:53 +0100 | [diff] [blame] | 54 | #include <proto/stream_interface.h> |
Willy Tarreau | 2d21279 | 2008-08-27 21:41:35 +0200 | [diff] [blame] | 55 | #include <proto/stream_sock.h> |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 56 | #include <proto/task.h> |
| 57 | |
Willy Tarreau | 6d1a988 | 2007-01-07 02:03:04 +0100 | [diff] [blame] | 58 | #ifdef CONFIG_HAP_TCPSPLICE |
| 59 | #include <libtcpsplice.h> |
| 60 | #endif |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 61 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 62 | #define DEBUG_PARSE_NO_SPEEDUP |
| 63 | #undef DEBUG_PARSE_NO_SPEEDUP |
| 64 | |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 65 | /* This is used to perform a quick jump as an alternative to a break/continue |
| 66 | * instruction. The first argument is the label for normal operation, and the |
| 67 | * second one is the break/continue instruction in the no_speedup mode. |
| 68 | */ |
| 69 | |
| 70 | #ifdef DEBUG_PARSE_NO_SPEEDUP |
| 71 | #define QUICK_JUMP(x,y) y |
| 72 | #else |
| 73 | #define QUICK_JUMP(x,y) goto x |
| 74 | #endif |
| 75 | |
Willy Tarreau | 1c47f85 | 2006-07-09 08:22:27 +0200 | [diff] [blame] | 76 | /* This is used by remote monitoring */ |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 77 | const char HTTP_200[] = |
Willy Tarreau | 1c47f85 | 2006-07-09 08:22:27 +0200 | [diff] [blame] | 78 | "HTTP/1.0 200 OK\r\n" |
| 79 | "Cache-Control: no-cache\r\n" |
| 80 | "Connection: close\r\n" |
| 81 | "Content-Type: text/html\r\n" |
| 82 | "\r\n" |
| 83 | "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n"; |
| 84 | |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 85 | const struct chunk http_200_chunk = { |
| 86 | .str = (char *)&HTTP_200, |
| 87 | .len = sizeof(HTTP_200)-1 |
| 88 | }; |
| 89 | |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 90 | const char *HTTP_301 = |
| 91 | "HTTP/1.0 301 Moved Permantenly\r\n" |
| 92 | "Cache-Control: no-cache\r\n" |
| 93 | "Connection: close\r\n" |
| 94 | "Location: "; /* not terminated since it will be concatenated with the URL */ |
| 95 | |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 96 | const char *HTTP_302 = |
| 97 | "HTTP/1.0 302 Found\r\n" |
| 98 | "Cache-Control: no-cache\r\n" |
| 99 | "Connection: close\r\n" |
| 100 | "Location: "; /* not terminated since it will be concatenated with the URL */ |
| 101 | |
| 102 | /* same as 302 except that the browser MUST retry with the GET method */ |
| 103 | const char *HTTP_303 = |
| 104 | "HTTP/1.0 303 See Other\r\n" |
| 105 | "Cache-Control: no-cache\r\n" |
| 106 | "Connection: close\r\n" |
| 107 | "Location: "; /* not terminated since it will be concatenated with the URL */ |
| 108 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 109 | /* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */ |
| 110 | const char *HTTP_401_fmt = |
| 111 | "HTTP/1.0 401 Unauthorized\r\n" |
| 112 | "Cache-Control: no-cache\r\n" |
| 113 | "Connection: close\r\n" |
Willy Tarreau | 791d66d | 2006-07-08 16:53:38 +0200 | [diff] [blame] | 114 | "Content-Type: text/html\r\n" |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 115 | "WWW-Authenticate: Basic realm=\"%s\"\r\n" |
| 116 | "\r\n" |
| 117 | "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n"; |
| 118 | |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 119 | |
| 120 | const int http_err_codes[HTTP_ERR_SIZE] = { |
| 121 | [HTTP_ERR_400] = 400, |
| 122 | [HTTP_ERR_403] = 403, |
| 123 | [HTTP_ERR_408] = 408, |
| 124 | [HTTP_ERR_500] = 500, |
| 125 | [HTTP_ERR_502] = 502, |
| 126 | [HTTP_ERR_503] = 503, |
| 127 | [HTTP_ERR_504] = 504, |
| 128 | }; |
| 129 | |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 130 | static const char *http_err_msgs[HTTP_ERR_SIZE] = { |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 131 | [HTTP_ERR_400] = |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 132 | "HTTP/1.0 400 Bad request\r\n" |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 133 | "Cache-Control: no-cache\r\n" |
| 134 | "Connection: close\r\n" |
| 135 | "Content-Type: text/html\r\n" |
| 136 | "\r\n" |
| 137 | "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n", |
| 138 | |
| 139 | [HTTP_ERR_403] = |
| 140 | "HTTP/1.0 403 Forbidden\r\n" |
| 141 | "Cache-Control: no-cache\r\n" |
| 142 | "Connection: close\r\n" |
| 143 | "Content-Type: text/html\r\n" |
| 144 | "\r\n" |
| 145 | "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n", |
| 146 | |
| 147 | [HTTP_ERR_408] = |
| 148 | "HTTP/1.0 408 Request Time-out\r\n" |
| 149 | "Cache-Control: no-cache\r\n" |
| 150 | "Connection: close\r\n" |
| 151 | "Content-Type: text/html\r\n" |
| 152 | "\r\n" |
| 153 | "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n", |
| 154 | |
| 155 | [HTTP_ERR_500] = |
| 156 | "HTTP/1.0 500 Server Error\r\n" |
| 157 | "Cache-Control: no-cache\r\n" |
| 158 | "Connection: close\r\n" |
| 159 | "Content-Type: text/html\r\n" |
| 160 | "\r\n" |
| 161 | "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n", |
| 162 | |
| 163 | [HTTP_ERR_502] = |
| 164 | "HTTP/1.0 502 Bad Gateway\r\n" |
| 165 | "Cache-Control: no-cache\r\n" |
| 166 | "Connection: close\r\n" |
| 167 | "Content-Type: text/html\r\n" |
| 168 | "\r\n" |
| 169 | "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n", |
| 170 | |
| 171 | [HTTP_ERR_503] = |
| 172 | "HTTP/1.0 503 Service Unavailable\r\n" |
| 173 | "Cache-Control: no-cache\r\n" |
| 174 | "Connection: close\r\n" |
| 175 | "Content-Type: text/html\r\n" |
| 176 | "\r\n" |
| 177 | "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n", |
| 178 | |
| 179 | [HTTP_ERR_504] = |
| 180 | "HTTP/1.0 504 Gateway Time-out\r\n" |
| 181 | "Cache-Control: no-cache\r\n" |
| 182 | "Connection: close\r\n" |
| 183 | "Content-Type: text/html\r\n" |
| 184 | "\r\n" |
| 185 | "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n", |
| 186 | |
| 187 | }; |
| 188 | |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 189 | /* We must put the messages here since GCC cannot initialize consts depending |
| 190 | * on strlen(). |
| 191 | */ |
| 192 | struct chunk http_err_chunks[HTTP_ERR_SIZE]; |
| 193 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 194 | #define FD_SETS_ARE_BITFIELDS |
| 195 | #ifdef FD_SETS_ARE_BITFIELDS |
| 196 | /* |
| 197 | * This map is used with all the FD_* macros to check whether a particular bit |
| 198 | * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes |
| 199 | * which should be encoded. When FD_ISSET() returns non-zero, it means that the |
| 200 | * byte should be encoded. Be careful to always pass bytes from 0 to 255 |
| 201 | * exclusively to the macros. |
| 202 | */ |
| 203 | fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))]; |
| 204 | fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))]; |
| 205 | |
| 206 | #else |
| 207 | #error "Check if your OS uses bitfields for fd_sets" |
| 208 | #endif |
| 209 | |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 210 | void init_proto_http() |
| 211 | { |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 212 | int i; |
| 213 | char *tmp; |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 214 | int msg; |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 215 | |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 216 | for (msg = 0; msg < HTTP_ERR_SIZE; msg++) { |
| 217 | if (!http_err_msgs[msg]) { |
| 218 | Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg); |
| 219 | abort(); |
| 220 | } |
| 221 | |
| 222 | http_err_chunks[msg].str = (char *)http_err_msgs[msg]; |
| 223 | http_err_chunks[msg].len = strlen(http_err_msgs[msg]); |
| 224 | } |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 225 | |
| 226 | /* initialize the log header encoding map : '{|}"#' should be encoded with |
| 227 | * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ). |
| 228 | * URL encoding only requires '"', '#' to be encoded as well as non- |
| 229 | * printable characters above. |
| 230 | */ |
| 231 | memset(hdr_encode_map, 0, sizeof(hdr_encode_map)); |
| 232 | memset(url_encode_map, 0, sizeof(url_encode_map)); |
| 233 | for (i = 0; i < 32; i++) { |
| 234 | FD_SET(i, hdr_encode_map); |
| 235 | FD_SET(i, url_encode_map); |
| 236 | } |
| 237 | for (i = 127; i < 256; i++) { |
| 238 | FD_SET(i, hdr_encode_map); |
| 239 | FD_SET(i, url_encode_map); |
| 240 | } |
| 241 | |
| 242 | tmp = "\"#{|}"; |
| 243 | while (*tmp) { |
| 244 | FD_SET(*tmp, hdr_encode_map); |
| 245 | tmp++; |
| 246 | } |
| 247 | |
| 248 | tmp = "\"#"; |
| 249 | while (*tmp) { |
| 250 | FD_SET(*tmp, url_encode_map); |
| 251 | tmp++; |
| 252 | } |
Willy Tarreau | 332f8bf | 2007-05-13 21:36:56 +0200 | [diff] [blame] | 253 | |
| 254 | /* memory allocations */ |
| 255 | pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED); |
Willy Tarreau | 086b3b4 | 2007-05-13 21:45:51 +0200 | [diff] [blame] | 256 | pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED); |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 257 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 258 | |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 259 | /* |
| 260 | * We have 26 list of methods (1 per first letter), each of which can have |
| 261 | * up to 3 entries (2 valid, 1 null). |
| 262 | */ |
| 263 | struct http_method_desc { |
| 264 | http_meth_t meth; |
| 265 | int len; |
| 266 | const char text[8]; |
| 267 | }; |
| 268 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 269 | const struct http_method_desc http_methods[26][3] = { |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 270 | ['C' - 'A'] = { |
| 271 | [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" }, |
| 272 | }, |
| 273 | ['D' - 'A'] = { |
| 274 | [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" }, |
| 275 | }, |
| 276 | ['G' - 'A'] = { |
| 277 | [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" }, |
| 278 | }, |
| 279 | ['H' - 'A'] = { |
| 280 | [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" }, |
| 281 | }, |
| 282 | ['P' - 'A'] = { |
| 283 | [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" }, |
| 284 | [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" }, |
| 285 | }, |
| 286 | ['T' - 'A'] = { |
| 287 | [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" }, |
| 288 | }, |
| 289 | /* rest is empty like this : |
| 290 | * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" }, |
| 291 | */ |
| 292 | }; |
| 293 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 294 | /* It is about twice as fast on recent architectures to lookup a byte in a |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 295 | * table than to perform a boolean AND or OR between two tests. Refer to |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 296 | * RFC2616 for those chars. |
| 297 | */ |
| 298 | |
| 299 | const char http_is_spht[256] = { |
| 300 | [' '] = 1, ['\t'] = 1, |
| 301 | }; |
| 302 | |
| 303 | const char http_is_crlf[256] = { |
| 304 | ['\r'] = 1, ['\n'] = 1, |
| 305 | }; |
| 306 | |
| 307 | const char http_is_lws[256] = { |
| 308 | [' '] = 1, ['\t'] = 1, |
| 309 | ['\r'] = 1, ['\n'] = 1, |
| 310 | }; |
| 311 | |
| 312 | const char http_is_sep[256] = { |
| 313 | ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1, |
| 314 | ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1, |
| 315 | ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1, |
| 316 | ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1, |
| 317 | [' '] = 1, ['\t'] = 1, ['\\'] = 1, |
| 318 | }; |
| 319 | |
| 320 | const char http_is_ctl[256] = { |
| 321 | [0 ... 31] = 1, |
| 322 | [127] = 1, |
| 323 | }; |
| 324 | |
| 325 | /* |
| 326 | * A token is any ASCII char that is neither a separator nor a CTL char. |
| 327 | * Do not overwrite values in assignment since gcc-2.95 will not handle |
| 328 | * them correctly. Instead, define every non-CTL char's status. |
| 329 | */ |
| 330 | const char http_is_token[256] = { |
| 331 | [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1, |
| 332 | ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1, |
| 333 | ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1, |
| 334 | [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0, |
| 335 | ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, |
| 336 | ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1, |
| 337 | ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0, |
| 338 | ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0, |
| 339 | ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1, |
| 340 | ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1, |
| 341 | ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1, |
| 342 | ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1, |
| 343 | ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1, |
| 344 | ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1, |
| 345 | ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0, |
| 346 | ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1, |
| 347 | ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1, |
| 348 | ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1, |
| 349 | ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1, |
| 350 | ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1, |
| 351 | ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1, |
| 352 | ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1, |
| 353 | ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0, |
| 354 | ['|'] = 1, ['}'] = 0, ['~'] = 1, |
| 355 | }; |
| 356 | |
| 357 | |
Willy Tarreau | 4b89ad4 | 2007-03-04 18:13:58 +0100 | [diff] [blame] | 358 | /* |
| 359 | * An http ver_token is any ASCII which can be found in an HTTP version, |
| 360 | * which includes 'H', 'T', 'P', '/', '.' and any digit. |
| 361 | */ |
| 362 | const char http_is_ver_token[256] = { |
| 363 | ['.'] = 1, ['/'] = 1, |
| 364 | ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1, |
| 365 | ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1, |
| 366 | ['H'] = 1, ['P'] = 1, ['T'] = 1, |
| 367 | }; |
| 368 | |
| 369 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 370 | #ifdef DEBUG_FULL |
Willy Tarreau | 67f0eea | 2008-08-10 22:55:22 +0200 | [diff] [blame] | 371 | static char *cli_stnames[4] = { "DAT", "SHR", "SHW", "CLS" }; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 372 | #endif |
| 373 | |
Willy Tarreau | 4af6f3a | 2007-03-18 22:36:26 +0100 | [diff] [blame] | 374 | /* |
| 375 | * Adds a header and its CRLF at the tail of buffer <b>, just before the last |
| 376 | * CRLF. Text length is measured first, so it cannot be NULL. |
| 377 | * The header is also automatically added to the index <hdr_idx>, and the end |
| 378 | * of headers is automatically adjusted. The number of bytes added is returned |
| 379 | * on success, otherwise <0 is returned indicating an error. |
| 380 | */ |
| 381 | int http_header_add_tail(struct buffer *b, struct http_msg *msg, |
| 382 | struct hdr_idx *hdr_idx, const char *text) |
| 383 | { |
| 384 | int bytes, len; |
| 385 | |
| 386 | len = strlen(text); |
| 387 | bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len); |
| 388 | if (!bytes) |
| 389 | return -1; |
| 390 | msg->eoh += bytes; |
| 391 | return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail); |
| 392 | } |
| 393 | |
| 394 | /* |
| 395 | * Adds a header and its CRLF at the tail of buffer <b>, just before the last |
| 396 | * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then |
| 397 | * the buffer is only opened and the space reserved, but nothing is copied. |
| 398 | * The header is also automatically added to the index <hdr_idx>, and the end |
| 399 | * of headers is automatically adjusted. The number of bytes added is returned |
| 400 | * on success, otherwise <0 is returned indicating an error. |
| 401 | */ |
| 402 | int http_header_add_tail2(struct buffer *b, struct http_msg *msg, |
| 403 | struct hdr_idx *hdr_idx, const char *text, int len) |
| 404 | { |
| 405 | int bytes; |
| 406 | |
| 407 | bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len); |
| 408 | if (!bytes) |
| 409 | return -1; |
| 410 | msg->eoh += bytes; |
| 411 | return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail); |
| 412 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 413 | |
| 414 | /* |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 415 | * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon. |
| 416 | * If so, returns the position of the first non-space character relative to |
| 417 | * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries |
| 418 | * to return a pointer to the place after the first space. Returns 0 if the |
| 419 | * header name does not match. Checks are case-insensitive. |
| 420 | */ |
| 421 | int http_header_match2(const char *hdr, const char *end, |
| 422 | const char *name, int len) |
| 423 | { |
| 424 | const char *val; |
| 425 | |
| 426 | if (hdr + len >= end) |
| 427 | return 0; |
| 428 | if (hdr[len] != ':') |
| 429 | return 0; |
| 430 | if (strncasecmp(hdr, name, len) != 0) |
| 431 | return 0; |
| 432 | val = hdr + len + 1; |
| 433 | while (val < end && HTTP_IS_SPHT(*val)) |
| 434 | val++; |
| 435 | if ((val >= end) && (len + 2 <= end - hdr)) |
| 436 | return len + 2; /* we may replace starting from second space */ |
| 437 | return val - hdr; |
| 438 | } |
| 439 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 440 | /* Find the end of the header value contained between <s> and <e>. |
| 441 | * See RFC2616, par 2.2 for more information. Note that it requires |
| 442 | * a valid header to return a valid result. |
| 443 | */ |
| 444 | const char *find_hdr_value_end(const char *s, const char *e) |
| 445 | { |
| 446 | int quoted, qdpair; |
| 447 | |
| 448 | quoted = qdpair = 0; |
| 449 | for (; s < e; s++) { |
| 450 | if (qdpair) qdpair = 0; |
| 451 | else if (quoted && *s == '\\') qdpair = 1; |
| 452 | else if (quoted && *s == '"') quoted = 0; |
| 453 | else if (*s == '"') quoted = 1; |
| 454 | else if (*s == ',') return s; |
| 455 | } |
| 456 | return s; |
| 457 | } |
| 458 | |
| 459 | /* Find the first or next occurrence of header <name> in message buffer <sol> |
| 460 | * using headers index <idx>, and return it in the <ctx> structure. This |
| 461 | * structure holds everything necessary to use the header and find next |
| 462 | * occurrence. If its <idx> member is 0, the header is searched from the |
| 463 | * beginning. Otherwise, the next occurrence is returned. The function returns |
| 464 | * 1 when it finds a value, and 0 when there is no more. |
| 465 | */ |
| 466 | int http_find_header2(const char *name, int len, |
| 467 | const char *sol, struct hdr_idx *idx, |
| 468 | struct hdr_ctx *ctx) |
| 469 | { |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 470 | const char *eol, *sov; |
| 471 | int cur_idx; |
| 472 | |
| 473 | if (ctx->idx) { |
| 474 | /* We have previously returned a value, let's search |
| 475 | * another one on the same line. |
| 476 | */ |
| 477 | cur_idx = ctx->idx; |
| 478 | sol = ctx->line; |
| 479 | sov = sol + ctx->val + ctx->vlen; |
| 480 | eol = sol + idx->v[cur_idx].len; |
| 481 | |
| 482 | if (sov >= eol) |
| 483 | /* no more values in this header */ |
| 484 | goto next_hdr; |
| 485 | |
| 486 | /* values remaining for this header, skip the comma */ |
| 487 | sov++; |
| 488 | while (sov < eol && http_is_lws[(unsigned char)*sov]) |
| 489 | sov++; |
| 490 | |
| 491 | goto return_hdr; |
| 492 | } |
| 493 | |
| 494 | /* first request for this header */ |
| 495 | sol += hdr_idx_first_pos(idx); |
| 496 | cur_idx = hdr_idx_first_idx(idx); |
| 497 | |
| 498 | while (cur_idx) { |
| 499 | eol = sol + idx->v[cur_idx].len; |
| 500 | |
Willy Tarreau | 1ad7c6d | 2007-06-10 21:42:55 +0200 | [diff] [blame] | 501 | if (len == 0) { |
| 502 | /* No argument was passed, we want any header. |
| 503 | * To achieve this, we simply build a fake request. */ |
| 504 | while (sol + len < eol && sol[len] != ':') |
| 505 | len++; |
| 506 | name = sol; |
| 507 | } |
| 508 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 509 | if ((len < eol - sol) && |
| 510 | (sol[len] == ':') && |
| 511 | (strncasecmp(sol, name, len) == 0)) { |
| 512 | |
| 513 | sov = sol + len + 1; |
| 514 | while (sov < eol && http_is_lws[(unsigned char)*sov]) |
| 515 | sov++; |
| 516 | return_hdr: |
| 517 | ctx->line = sol; |
| 518 | ctx->idx = cur_idx; |
| 519 | ctx->val = sov - sol; |
| 520 | |
| 521 | eol = find_hdr_value_end(sov, eol); |
| 522 | ctx->vlen = eol - sov; |
| 523 | return 1; |
| 524 | } |
| 525 | next_hdr: |
| 526 | sol = eol + idx->v[cur_idx].cr + 1; |
| 527 | cur_idx = idx->v[cur_idx].next; |
| 528 | } |
| 529 | return 0; |
| 530 | } |
| 531 | |
| 532 | int http_find_header(const char *name, |
| 533 | const char *sol, struct hdr_idx *idx, |
| 534 | struct hdr_ctx *ctx) |
| 535 | { |
| 536 | return http_find_header2(name, strlen(name), sol, idx, ctx); |
| 537 | } |
| 538 | |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 539 | /* This function handles a server error at the stream interface level. The |
| 540 | * stream interface is assumed to be already in a closed state. An optional |
| 541 | * message is copied into the input buffer, and an HTTP status code stored. |
| 542 | * The error flags are set to the values in arguments. Any pending request |
Willy Tarreau | 6f0aa47 | 2009-03-08 20:33:29 +0100 | [diff] [blame] | 543 | * in this buffer will be lost. |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 544 | */ |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 545 | static void http_server_error(struct session *t, struct stream_interface *si, |
| 546 | int err, int finst, int status, const struct chunk *msg) |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 547 | { |
Willy Tarreau | 6f0aa47 | 2009-03-08 20:33:29 +0100 | [diff] [blame] | 548 | buffer_erase(si->ob); |
| 549 | buffer_erase(si->ib); |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 550 | buffer_write_ena(si->ib); |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 551 | if (status > 0 && msg) { |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 552 | t->txn.status = status; |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 553 | buffer_write(si->ib, msg->str, msg->len); |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 554 | } |
| 555 | if (!(t->flags & SN_ERR_MASK)) |
| 556 | t->flags |= err; |
| 557 | if (!(t->flags & SN_FINST_MASK)) |
| 558 | t->flags |= finst; |
| 559 | } |
| 560 | |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 561 | /* This function returns the appropriate error location for the given session |
| 562 | * and message. |
| 563 | */ |
| 564 | |
| 565 | struct chunk *error_message(struct session *s, int msgnum) |
| 566 | { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 567 | if (s->be->errmsg[msgnum].str) |
| 568 | return &s->be->errmsg[msgnum]; |
Willy Tarreau | 8058743 | 2006-12-24 17:47:20 +0100 | [diff] [blame] | 569 | else if (s->fe->errmsg[msgnum].str) |
| 570 | return &s->fe->errmsg[msgnum]; |
| 571 | else |
| 572 | return &http_err_chunks[msgnum]; |
| 573 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 574 | |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 575 | /* |
| 576 | * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text |
| 577 | * string), HTTP_METH_OTHER for unknown methods, or the identified method. |
| 578 | */ |
| 579 | static http_meth_t find_http_meth(const char *str, const int len) |
| 580 | { |
| 581 | unsigned char m; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 582 | const struct http_method_desc *h; |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 583 | |
| 584 | m = ((unsigned)*str - 'A'); |
| 585 | |
| 586 | if (m < 26) { |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 587 | for (h = http_methods[m]; h->len > 0; h++) { |
| 588 | if (unlikely(h->len != len)) |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 589 | continue; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 590 | if (likely(memcmp(str, h->text, h->len) == 0)) |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 591 | return h->meth; |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 592 | }; |
| 593 | return HTTP_METH_OTHER; |
| 594 | } |
| 595 | return HTTP_METH_NONE; |
| 596 | |
| 597 | } |
| 598 | |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 599 | /* Parse the URI from the given transaction (which is assumed to be in request |
| 600 | * phase) and look for the "/" beginning the PATH. If not found, return NULL. |
| 601 | * It is returned otherwise. |
| 602 | */ |
| 603 | static char * |
| 604 | http_get_path(struct http_txn *txn) |
| 605 | { |
| 606 | char *ptr, *end; |
| 607 | |
| 608 | ptr = txn->req.sol + txn->req.sl.rq.u; |
| 609 | end = ptr + txn->req.sl.rq.u_l; |
| 610 | |
| 611 | if (ptr >= end) |
| 612 | return NULL; |
| 613 | |
| 614 | /* RFC2616, par. 5.1.2 : |
| 615 | * Request-URI = "*" | absuri | abspath | authority |
| 616 | */ |
| 617 | |
| 618 | if (*ptr == '*') |
| 619 | return NULL; |
| 620 | |
| 621 | if (isalpha((unsigned char)*ptr)) { |
| 622 | /* this is a scheme as described by RFC3986, par. 3.1 */ |
| 623 | ptr++; |
| 624 | while (ptr < end && |
| 625 | (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.')) |
| 626 | ptr++; |
| 627 | /* skip '://' */ |
| 628 | if (ptr == end || *ptr++ != ':') |
| 629 | return NULL; |
| 630 | if (ptr == end || *ptr++ != '/') |
| 631 | return NULL; |
| 632 | if (ptr == end || *ptr++ != '/') |
| 633 | return NULL; |
| 634 | } |
| 635 | /* skip [user[:passwd]@]host[:[port]] */ |
| 636 | |
| 637 | while (ptr < end && *ptr != '/') |
| 638 | ptr++; |
| 639 | |
| 640 | if (ptr == end) |
| 641 | return NULL; |
| 642 | |
| 643 | /* OK, we got the '/' ! */ |
| 644 | return ptr; |
| 645 | } |
| 646 | |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 647 | /* Returns a 302 for a redirectable request. This may only be called just after |
| 648 | * the stream interface has moved to SI_ST_ASS. Unprocessable requests are |
| 649 | * left unchanged and will follow normal proxy processing. |
| 650 | */ |
Willy Tarreau | 55a8d0e | 2008-11-30 18:47:21 +0100 | [diff] [blame] | 651 | void perform_http_redirect(struct session *s, struct stream_interface *si) |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 652 | { |
| 653 | struct http_txn *txn; |
| 654 | struct chunk rdr; |
| 655 | char *path; |
| 656 | int len; |
| 657 | |
| 658 | /* 1: create the response header */ |
| 659 | rdr.len = strlen(HTTP_302); |
| 660 | rdr.str = trash; |
| 661 | memcpy(rdr.str, HTTP_302, rdr.len); |
| 662 | |
| 663 | /* 2: add the server's prefix */ |
| 664 | if (rdr.len + s->srv->rdr_len > sizeof(trash)) |
| 665 | return; |
| 666 | |
| 667 | memcpy(rdr.str + rdr.len, s->srv->rdr_pfx, s->srv->rdr_len); |
| 668 | rdr.len += s->srv->rdr_len; |
| 669 | |
| 670 | /* 3: add the request URI */ |
| 671 | txn = &s->txn; |
| 672 | path = http_get_path(txn); |
| 673 | if (!path) |
| 674 | return; |
| 675 | |
| 676 | len = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path; |
| 677 | if (rdr.len + len > sizeof(trash) - 4) /* 4 for CRLF-CRLF */ |
| 678 | return; |
| 679 | |
| 680 | memcpy(rdr.str + rdr.len, path, len); |
| 681 | rdr.len += len; |
| 682 | memcpy(rdr.str + rdr.len, "\r\n\r\n", 4); |
| 683 | rdr.len += 4; |
| 684 | |
| 685 | /* prepare to return without error. */ |
Willy Tarreau | 99126c3 | 2008-11-27 10:30:51 +0100 | [diff] [blame] | 686 | si->shutr(si); |
| 687 | si->shutw(si); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 688 | si->err_type = SI_ET_NONE; |
| 689 | si->err_loc = NULL; |
| 690 | si->state = SI_ST_CLO; |
| 691 | |
| 692 | /* send the message */ |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 693 | http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 694 | |
| 695 | /* FIXME: we should increase a counter of redirects per server and per backend. */ |
| 696 | if (s->srv) |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 697 | srv_inc_sess_ctr(s->srv); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 698 | } |
| 699 | |
Willy Tarreau | 0cac36f | 2008-11-30 20:44:17 +0100 | [diff] [blame] | 700 | /* Return the error message corresponding to si->err_type. It is assumed |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 701 | * that the server side is closed. Note that err_type is actually a |
| 702 | * bitmask, where almost only aborts may be cumulated with other |
| 703 | * values. We consider that aborted operations are more important |
| 704 | * than timeouts or errors due to the fact that nobody else in the |
| 705 | * logs might explain incomplete retries. All others should avoid |
| 706 | * being cumulated. It should normally not be possible to have multiple |
| 707 | * aborts at once, but just in case, the first one in sequence is reported. |
| 708 | */ |
Willy Tarreau | 0cac36f | 2008-11-30 20:44:17 +0100 | [diff] [blame] | 709 | void http_return_srv_error(struct session *s, struct stream_interface *si) |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 710 | { |
Willy Tarreau | 0cac36f | 2008-11-30 20:44:17 +0100 | [diff] [blame] | 711 | int err_type = si->err_type; |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 712 | |
| 713 | if (err_type & SI_ET_QUEUE_ABRT) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 714 | http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q, |
| 715 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 716 | else if (err_type & SI_ET_CONN_ABRT) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 717 | http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C, |
| 718 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 719 | else if (err_type & SI_ET_QUEUE_TO) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 720 | http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q, |
| 721 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 722 | else if (err_type & SI_ET_QUEUE_ERR) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 723 | http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q, |
| 724 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 725 | else if (err_type & SI_ET_CONN_TO) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 726 | http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C, |
| 727 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 728 | else if (err_type & SI_ET_CONN_ERR) |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 729 | http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C, |
| 730 | 503, error_message(s, HTTP_ERR_503)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 731 | else /* SI_ET_CONN_OTHER and others */ |
Willy Tarreau | 2d3d94c | 2008-11-30 20:20:08 +0100 | [diff] [blame] | 732 | http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C, |
| 733 | 500, error_message(s, HTTP_ERR_500)); |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 734 | } |
| 735 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 736 | extern const char sess_term_cond[8]; |
| 737 | extern const char sess_fin_state[8]; |
| 738 | extern const char *monthname[12]; |
| 739 | const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */ |
| 740 | const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown, |
| 741 | Set-cookie seen and left unchanged (passive), Set-cookie Deleted, |
| 742 | unknown, Set-cookie Rewritten */ |
Willy Tarreau | 332f8bf | 2007-05-13 21:36:56 +0200 | [diff] [blame] | 743 | struct pool_head *pool2_requri; |
Willy Tarreau | 086b3b4 | 2007-05-13 21:45:51 +0200 | [diff] [blame] | 744 | struct pool_head *pool2_capture; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 745 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 746 | /* |
| 747 | * send a log for the session when we have enough info about it. |
| 748 | * Will not log if the frontend has no log defined. |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 749 | */ |
Willy Tarreau | 55a8d0e | 2008-11-30 18:47:21 +0100 | [diff] [blame] | 750 | void http_sess_log(struct session *s) |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 751 | { |
| 752 | char pn[INET6_ADDRSTRLEN + strlen(":65535")]; |
| 753 | struct proxy *fe = s->fe; |
| 754 | struct proxy *be = s->be; |
| 755 | struct proxy *prx_log; |
| 756 | struct http_txn *txn = &s->txn; |
| 757 | int tolog; |
| 758 | char *uri, *h; |
| 759 | char *svid; |
Willy Tarreau | fe94460 | 2007-10-25 10:34:16 +0200 | [diff] [blame] | 760 | struct tm tm; |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 761 | static char tmpline[MAX_SYSLOG_LEN]; |
Willy Tarreau | 7008987 | 2008-06-13 21:12:51 +0200 | [diff] [blame] | 762 | int t_request; |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 763 | int hdr; |
| 764 | |
| 765 | if (fe->logfac1 < 0 && fe->logfac2 < 0) |
| 766 | return; |
| 767 | prx_log = fe; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 768 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 769 | if (s->cli_addr.ss_family == AF_INET) |
| 770 | inet_ntop(AF_INET, |
| 771 | (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr, |
| 772 | pn, sizeof(pn)); |
| 773 | else |
| 774 | inet_ntop(AF_INET6, |
| 775 | (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr, |
| 776 | pn, sizeof(pn)); |
| 777 | |
Willy Tarreau | b7f694f | 2008-06-22 17:18:02 +0200 | [diff] [blame] | 778 | get_localtime(s->logs.accept_date.tv_sec, &tm); |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 779 | |
| 780 | /* FIXME: let's limit ourselves to frontend logging for now. */ |
| 781 | tolog = fe->to_log; |
| 782 | |
| 783 | h = tmpline; |
| 784 | if (fe->to_log & LW_REQHDR && |
| 785 | txn->req.cap && |
| 786 | (h < tmpline + sizeof(tmpline) - 10)) { |
| 787 | *(h++) = ' '; |
| 788 | *(h++) = '{'; |
| 789 | for (hdr = 0; hdr < fe->nb_req_cap; hdr++) { |
| 790 | if (hdr) |
| 791 | *(h++) = '|'; |
| 792 | if (txn->req.cap[hdr] != NULL) |
| 793 | h = encode_string(h, tmpline + sizeof(tmpline) - 7, |
| 794 | '#', hdr_encode_map, txn->req.cap[hdr]); |
| 795 | } |
| 796 | *(h++) = '}'; |
| 797 | } |
| 798 | |
| 799 | if (fe->to_log & LW_RSPHDR && |
| 800 | txn->rsp.cap && |
| 801 | (h < tmpline + sizeof(tmpline) - 7)) { |
| 802 | *(h++) = ' '; |
| 803 | *(h++) = '{'; |
| 804 | for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) { |
| 805 | if (hdr) |
| 806 | *(h++) = '|'; |
| 807 | if (txn->rsp.cap[hdr] != NULL) |
| 808 | h = encode_string(h, tmpline + sizeof(tmpline) - 4, |
| 809 | '#', hdr_encode_map, txn->rsp.cap[hdr]); |
| 810 | } |
| 811 | *(h++) = '}'; |
| 812 | } |
| 813 | |
| 814 | if (h < tmpline + sizeof(tmpline) - 4) { |
| 815 | *(h++) = ' '; |
| 816 | *(h++) = '"'; |
| 817 | uri = txn->uri ? txn->uri : "<BADREQ>"; |
| 818 | h = encode_string(h, tmpline + sizeof(tmpline) - 1, |
| 819 | '#', url_encode_map, uri); |
| 820 | *(h++) = '"'; |
| 821 | } |
| 822 | *h = '\0'; |
| 823 | |
| 824 | svid = (tolog & LW_SVID) ? |
| 825 | (s->data_source != DATA_SRC_STATS) ? |
| 826 | (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-"; |
| 827 | |
Willy Tarreau | 7008987 | 2008-06-13 21:12:51 +0200 | [diff] [blame] | 828 | t_request = -1; |
| 829 | if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept)) |
| 830 | t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request); |
| 831 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 832 | send_log(prx_log, LOG_INFO, |
| 833 | "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]" |
| 834 | " %s %s/%s %d/%d/%d/%d/%s%d %d %s%lld" |
Krzysztof Piotr Oledzki | 25b501a | 2008-01-06 16:36:16 +0100 | [diff] [blame] | 835 | " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %d/%d%s\n", |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 836 | pn, |
| 837 | (s->cli_addr.ss_family == AF_INET) ? |
| 838 | ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) : |
| 839 | ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port), |
Willy Tarreau | fe94460 | 2007-10-25 10:34:16 +0200 | [diff] [blame] | 840 | tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900, |
Willy Tarreau | b7f694f | 2008-06-22 17:18:02 +0200 | [diff] [blame] | 841 | tm.tm_hour, tm.tm_min, tm.tm_sec, s->logs.accept_date.tv_usec/1000, |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 842 | fe->id, be->id, svid, |
Willy Tarreau | 7008987 | 2008-06-13 21:12:51 +0200 | [diff] [blame] | 843 | t_request, |
| 844 | (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1, |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 845 | (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1, |
| 846 | (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1, |
| 847 | (tolog & LW_BYTES) ? "" : "+", s->logs.t_close, |
| 848 | txn->status, |
Willy Tarreau | 8b3977f | 2008-01-18 11:16:32 +0100 | [diff] [blame] | 849 | (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out, |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 850 | txn->cli_cookie ? txn->cli_cookie : "-", |
| 851 | txn->srv_cookie ? txn->srv_cookie : "-", |
| 852 | sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT], |
| 853 | sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT], |
| 854 | (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-', |
| 855 | (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-', |
| 856 | actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0, |
Krzysztof Piotr Oledzki | 25b501a | 2008-01-06 16:36:16 +0100 | [diff] [blame] | 857 | (s->flags & SN_REDISP)?"+":"", |
| 858 | (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries, |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 859 | s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline); |
| 860 | |
| 861 | s->logs.logwait = 0; |
| 862 | } |
| 863 | |
Willy Tarreau | 117f59e | 2007-03-04 18:17:17 +0100 | [diff] [blame] | 864 | |
| 865 | /* |
| 866 | * Capture headers from message starting at <som> according to header list |
| 867 | * <cap_hdr>, and fill the <idx> structure appropriately. |
| 868 | */ |
| 869 | void capture_headers(char *som, struct hdr_idx *idx, |
| 870 | char **cap, struct cap_hdr *cap_hdr) |
| 871 | { |
| 872 | char *eol, *sol, *col, *sov; |
| 873 | int cur_idx; |
| 874 | struct cap_hdr *h; |
| 875 | int len; |
| 876 | |
| 877 | sol = som + hdr_idx_first_pos(idx); |
| 878 | cur_idx = hdr_idx_first_idx(idx); |
| 879 | |
| 880 | while (cur_idx) { |
| 881 | eol = sol + idx->v[cur_idx].len; |
| 882 | |
| 883 | col = sol; |
| 884 | while (col < eol && *col != ':') |
| 885 | col++; |
| 886 | |
| 887 | sov = col + 1; |
| 888 | while (sov < eol && http_is_lws[(unsigned char)*sov]) |
| 889 | sov++; |
| 890 | |
| 891 | for (h = cap_hdr; h; h = h->next) { |
| 892 | if ((h->namelen == col - sol) && |
| 893 | (strncasecmp(sol, h->name, h->namelen) == 0)) { |
| 894 | if (cap[h->index] == NULL) |
| 895 | cap[h->index] = |
Willy Tarreau | cf7f320 | 2007-05-13 22:46:04 +0200 | [diff] [blame] | 896 | pool_alloc2(h->pool); |
Willy Tarreau | 117f59e | 2007-03-04 18:17:17 +0100 | [diff] [blame] | 897 | |
| 898 | if (cap[h->index] == NULL) { |
| 899 | Alert("HTTP capture : out of memory.\n"); |
| 900 | continue; |
| 901 | } |
| 902 | |
| 903 | len = eol - sov; |
| 904 | if (len > h->len) |
| 905 | len = h->len; |
| 906 | |
| 907 | memcpy(cap[h->index], sov, len); |
| 908 | cap[h->index][len]=0; |
| 909 | } |
| 910 | } |
| 911 | sol = eol + idx->v[cur_idx].cr + 1; |
| 912 | cur_idx = idx->v[cur_idx].next; |
| 913 | } |
| 914 | } |
| 915 | |
| 916 | |
Willy Tarreau | 4225058 | 2007-04-01 01:30:43 +0200 | [diff] [blame] | 917 | /* either we find an LF at <ptr> or we jump to <bad>. |
| 918 | */ |
| 919 | #define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0) |
| 920 | |
| 921 | /* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK, |
| 922 | * otherwise to <http_msg_ood> with <state> set to <st>. |
| 923 | */ |
| 924 | #define EAT_AND_JUMP_OR_RETURN(good, st) do { \ |
| 925 | ptr++; \ |
| 926 | if (likely(ptr < end)) \ |
| 927 | goto good; \ |
| 928 | else { \ |
| 929 | state = (st); \ |
| 930 | goto http_msg_ood; \ |
| 931 | } \ |
| 932 | } while (0) |
| 933 | |
| 934 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 935 | /* |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 936 | * This function parses a status line between <ptr> and <end>, starting with |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 937 | * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP, |
| 938 | * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others |
| 939 | * will give undefined results. |
| 940 | * Note that it is upon the caller's responsibility to ensure that ptr < end, |
| 941 | * and that msg->sol points to the beginning of the response. |
| 942 | * If a complete line is found (which implies that at least one CR or LF is |
| 943 | * found before <end>, the updated <ptr> is returned, otherwise NULL is |
| 944 | * returned indicating an incomplete line (which does not mean that parts have |
| 945 | * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are |
| 946 | * non-NULL, they are fed with the new <ptr> and <state> values to be passed |
| 947 | * upon next call. |
| 948 | * |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 949 | * This function was intentionally designed to be called from |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 950 | * http_msg_analyzer() with the lowest overhead. It should integrate perfectly |
| 951 | * within its state machine and use the same macros, hence the need for same |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 952 | * labels and variable names. Note that msg->sol is left unchanged. |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 953 | */ |
Willy Tarreau | e69eada | 2008-01-27 00:34:10 +0100 | [diff] [blame] | 954 | const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf, |
| 955 | unsigned int state, const char *ptr, const char *end, |
| 956 | char **ret_ptr, unsigned int *ret_state) |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 957 | { |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 958 | switch (state) { |
| 959 | http_msg_rpver: |
| 960 | case HTTP_MSG_RPVER: |
Willy Tarreau | 4b89ad4 | 2007-03-04 18:13:58 +0100 | [diff] [blame] | 961 | if (likely(HTTP_IS_VER_TOKEN(*ptr))) |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 962 | EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER); |
| 963 | |
| 964 | if (likely(HTTP_IS_SPHT(*ptr))) { |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 965 | msg->sl.st.v_l = (ptr - msg_buf) - msg->som; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 966 | EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP); |
| 967 | } |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 968 | state = HTTP_MSG_ERROR; |
| 969 | break; |
| 970 | |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 971 | http_msg_rpver_sp: |
| 972 | case HTTP_MSG_RPVER_SP: |
| 973 | if (likely(!HTTP_IS_LWS(*ptr))) { |
| 974 | msg->sl.st.c = ptr - msg_buf; |
| 975 | goto http_msg_rpcode; |
| 976 | } |
| 977 | if (likely(HTTP_IS_SPHT(*ptr))) |
| 978 | EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP); |
| 979 | /* so it's a CR/LF, this is invalid */ |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 980 | state = HTTP_MSG_ERROR; |
| 981 | break; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 982 | |
| 983 | http_msg_rpcode: |
| 984 | case HTTP_MSG_RPCODE: |
| 985 | if (likely(!HTTP_IS_LWS(*ptr))) |
| 986 | EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE); |
| 987 | |
| 988 | if (likely(HTTP_IS_SPHT(*ptr))) { |
| 989 | msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c; |
| 990 | EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP); |
| 991 | } |
| 992 | |
| 993 | /* so it's a CR/LF, so there is no reason phrase */ |
| 994 | msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c; |
| 995 | http_msg_rsp_reason: |
| 996 | /* FIXME: should we support HTTP responses without any reason phrase ? */ |
| 997 | msg->sl.st.r = ptr - msg_buf; |
| 998 | msg->sl.st.r_l = 0; |
| 999 | goto http_msg_rpline_eol; |
| 1000 | |
| 1001 | http_msg_rpcode_sp: |
| 1002 | case HTTP_MSG_RPCODE_SP: |
| 1003 | if (likely(!HTTP_IS_LWS(*ptr))) { |
| 1004 | msg->sl.st.r = ptr - msg_buf; |
| 1005 | goto http_msg_rpreason; |
| 1006 | } |
| 1007 | if (likely(HTTP_IS_SPHT(*ptr))) |
| 1008 | EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP); |
| 1009 | /* so it's a CR/LF, so there is no reason phrase */ |
| 1010 | goto http_msg_rsp_reason; |
| 1011 | |
| 1012 | http_msg_rpreason: |
| 1013 | case HTTP_MSG_RPREASON: |
| 1014 | if (likely(!HTTP_IS_CRLF(*ptr))) |
| 1015 | EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON); |
| 1016 | msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r; |
| 1017 | http_msg_rpline_eol: |
| 1018 | /* We have seen the end of line. Note that we do not |
| 1019 | * necessarily have the \n yet, but at least we know that we |
| 1020 | * have EITHER \r OR \n, otherwise the response would not be |
| 1021 | * complete. We can then record the response length and return |
| 1022 | * to the caller which will be able to register it. |
| 1023 | */ |
| 1024 | msg->sl.st.l = ptr - msg->sol; |
| 1025 | return ptr; |
| 1026 | |
| 1027 | #ifdef DEBUG_FULL |
| 1028 | default: |
| 1029 | fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| 1030 | exit(1); |
| 1031 | #endif |
| 1032 | } |
| 1033 | |
| 1034 | http_msg_ood: |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 1035 | /* out of valid data */ |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1036 | if (ret_state) |
| 1037 | *ret_state = state; |
| 1038 | if (ret_ptr) |
| 1039 | *ret_ptr = (char *)ptr; |
| 1040 | return NULL; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1041 | } |
| 1042 | |
| 1043 | |
| 1044 | /* |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1045 | * This function parses a request line between <ptr> and <end>, starting with |
| 1046 | * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP, |
| 1047 | * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others |
| 1048 | * will give undefined results. |
| 1049 | * Note that it is upon the caller's responsibility to ensure that ptr < end, |
| 1050 | * and that msg->sol points to the beginning of the request. |
| 1051 | * If a complete line is found (which implies that at least one CR or LF is |
| 1052 | * found before <end>, the updated <ptr> is returned, otherwise NULL is |
| 1053 | * returned indicating an incomplete line (which does not mean that parts have |
| 1054 | * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are |
| 1055 | * non-NULL, they are fed with the new <ptr> and <state> values to be passed |
| 1056 | * upon next call. |
| 1057 | * |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 1058 | * This function was intentionally designed to be called from |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1059 | * http_msg_analyzer() with the lowest overhead. It should integrate perfectly |
| 1060 | * within its state machine and use the same macros, hence the need for same |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 1061 | * labels and variable names. Note that msg->sol is left unchanged. |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 1062 | */ |
Willy Tarreau | e69eada | 2008-01-27 00:34:10 +0100 | [diff] [blame] | 1063 | const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf, |
| 1064 | unsigned int state, const char *ptr, const char *end, |
| 1065 | char **ret_ptr, unsigned int *ret_state) |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 1066 | { |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1067 | switch (state) { |
| 1068 | http_msg_rqmeth: |
| 1069 | case HTTP_MSG_RQMETH: |
| 1070 | if (likely(HTTP_IS_TOKEN(*ptr))) |
| 1071 | EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1072 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1073 | if (likely(HTTP_IS_SPHT(*ptr))) { |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1074 | msg->sl.rq.m_l = (ptr - msg_buf) - msg->som; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1075 | EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP); |
| 1076 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1077 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1078 | if (likely(HTTP_IS_CRLF(*ptr))) { |
| 1079 | /* HTTP 0.9 request */ |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1080 | msg->sl.rq.m_l = (ptr - msg_buf) - msg->som; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1081 | http_msg_req09_uri: |
| 1082 | msg->sl.rq.u = ptr - msg_buf; |
| 1083 | http_msg_req09_uri_e: |
| 1084 | msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u; |
| 1085 | http_msg_req09_ver: |
| 1086 | msg->sl.rq.v = ptr - msg_buf; |
| 1087 | msg->sl.rq.v_l = 0; |
| 1088 | goto http_msg_rqline_eol; |
| 1089 | } |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 1090 | state = HTTP_MSG_ERROR; |
| 1091 | break; |
| 1092 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1093 | http_msg_rqmeth_sp: |
| 1094 | case HTTP_MSG_RQMETH_SP: |
| 1095 | if (likely(!HTTP_IS_LWS(*ptr))) { |
| 1096 | msg->sl.rq.u = ptr - msg_buf; |
| 1097 | goto http_msg_rquri; |
| 1098 | } |
| 1099 | if (likely(HTTP_IS_SPHT(*ptr))) |
| 1100 | EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP); |
| 1101 | /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| 1102 | goto http_msg_req09_uri; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1103 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1104 | http_msg_rquri: |
| 1105 | case HTTP_MSG_RQURI: |
| 1106 | if (likely(!HTTP_IS_LWS(*ptr))) |
| 1107 | EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1108 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1109 | if (likely(HTTP_IS_SPHT(*ptr))) { |
| 1110 | msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u; |
| 1111 | EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP); |
| 1112 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1113 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1114 | /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| 1115 | goto http_msg_req09_uri_e; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1116 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1117 | http_msg_rquri_sp: |
| 1118 | case HTTP_MSG_RQURI_SP: |
| 1119 | if (likely(!HTTP_IS_LWS(*ptr))) { |
| 1120 | msg->sl.rq.v = ptr - msg_buf; |
| 1121 | goto http_msg_rqver; |
| 1122 | } |
| 1123 | if (likely(HTTP_IS_SPHT(*ptr))) |
| 1124 | EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP); |
| 1125 | /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| 1126 | goto http_msg_req09_ver; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1127 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1128 | http_msg_rqver: |
| 1129 | case HTTP_MSG_RQVER: |
Willy Tarreau | 4b89ad4 | 2007-03-04 18:13:58 +0100 | [diff] [blame] | 1130 | if (likely(HTTP_IS_VER_TOKEN(*ptr))) |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1131 | EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER); |
Willy Tarreau | 4b89ad4 | 2007-03-04 18:13:58 +0100 | [diff] [blame] | 1132 | |
| 1133 | if (likely(HTTP_IS_CRLF(*ptr))) { |
| 1134 | msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v; |
| 1135 | http_msg_rqline_eol: |
| 1136 | /* We have seen the end of line. Note that we do not |
| 1137 | * necessarily have the \n yet, but at least we know that we |
| 1138 | * have EITHER \r OR \n, otherwise the request would not be |
| 1139 | * complete. We can then record the request length and return |
| 1140 | * to the caller which will be able to register it. |
| 1141 | */ |
| 1142 | msg->sl.rq.l = ptr - msg->sol; |
| 1143 | return ptr; |
| 1144 | } |
| 1145 | |
| 1146 | /* neither an HTTP_VER token nor a CRLF */ |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 1147 | state = HTTP_MSG_ERROR; |
| 1148 | break; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1149 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1150 | #ifdef DEBUG_FULL |
| 1151 | default: |
| 1152 | fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| 1153 | exit(1); |
| 1154 | #endif |
| 1155 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1156 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1157 | http_msg_ood: |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 1158 | /* out of valid data */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1159 | if (ret_state) |
| 1160 | *ret_state = state; |
| 1161 | if (ret_ptr) |
| 1162 | *ret_ptr = (char *)ptr; |
| 1163 | return NULL; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1164 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1165 | |
| 1166 | |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1167 | /* |
| 1168 | * This function parses an HTTP message, either a request or a response, |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1169 | * depending on the initial msg->msg_state. It can be preempted everywhere |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1170 | * when data are missing and recalled at the exact same location with no |
| 1171 | * information loss. The header index is re-initialized when switching from |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 1172 | * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other |
| 1173 | * fields. |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1174 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1175 | void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx) |
| 1176 | { |
Willy Tarreau | e69eada | 2008-01-27 00:34:10 +0100 | [diff] [blame] | 1177 | unsigned int state; /* updated only when leaving the FSM */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1178 | register char *ptr, *end; /* request pointers, to avoid dereferences */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1179 | |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1180 | state = msg->msg_state; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1181 | ptr = buf->lr; |
| 1182 | end = buf->r; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1183 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1184 | if (unlikely(ptr >= end)) |
| 1185 | goto http_msg_ood; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1186 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1187 | switch (state) { |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1188 | /* |
| 1189 | * First, states that are specific to the response only. |
| 1190 | * We check them first so that request and headers are |
| 1191 | * closer to each other (accessed more often). |
| 1192 | */ |
| 1193 | http_msg_rpbefore: |
| 1194 | case HTTP_MSG_RPBEFORE: |
| 1195 | if (likely(HTTP_IS_TOKEN(*ptr))) { |
| 1196 | if (likely(ptr == buf->data)) { |
| 1197 | msg->sol = ptr; |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1198 | msg->som = 0; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1199 | } else { |
| 1200 | #if PARSE_PRESERVE_EMPTY_LINES |
| 1201 | /* only skip empty leading lines, don't remove them */ |
| 1202 | msg->sol = ptr; |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1203 | msg->som = ptr - buf->data; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1204 | #else |
| 1205 | /* Remove empty leading lines, as recommended by |
| 1206 | * RFC2616. This takes a lot of time because we |
| 1207 | * must move all the buffer backwards, but this |
| 1208 | * is rarely needed. The method above will be |
| 1209 | * cleaner when we'll be able to start sending |
| 1210 | * the request from any place in the buffer. |
| 1211 | */ |
| 1212 | buf->lr = ptr; |
| 1213 | buffer_replace2(buf, buf->data, buf->lr, NULL, 0); |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1214 | msg->som = 0; |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1215 | msg->sol = buf->data; |
| 1216 | ptr = buf->data; |
| 1217 | end = buf->r; |
| 1218 | #endif |
| 1219 | } |
| 1220 | hdr_idx_init(idx); |
| 1221 | state = HTTP_MSG_RPVER; |
| 1222 | goto http_msg_rpver; |
| 1223 | } |
| 1224 | |
| 1225 | if (unlikely(!HTTP_IS_CRLF(*ptr))) |
| 1226 | goto http_msg_invalid; |
| 1227 | |
| 1228 | if (unlikely(*ptr == '\n')) |
| 1229 | EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE); |
| 1230 | EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR); |
| 1231 | /* stop here */ |
| 1232 | |
| 1233 | http_msg_rpbefore_cr: |
| 1234 | case HTTP_MSG_RPBEFORE_CR: |
| 1235 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1236 | EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE); |
| 1237 | /* stop here */ |
| 1238 | |
| 1239 | http_msg_rpver: |
| 1240 | case HTTP_MSG_RPVER: |
| 1241 | case HTTP_MSG_RPVER_SP: |
| 1242 | case HTTP_MSG_RPCODE: |
| 1243 | case HTTP_MSG_RPCODE_SP: |
| 1244 | case HTTP_MSG_RPREASON: |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 1245 | ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end, |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1246 | &buf->lr, &msg->msg_state); |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1247 | if (unlikely(!ptr)) |
| 1248 | return; |
| 1249 | |
| 1250 | /* we have a full response and we know that we have either a CR |
| 1251 | * or an LF at <ptr>. |
| 1252 | */ |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1253 | //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr); |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1254 | hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r'); |
| 1255 | |
| 1256 | msg->sol = ptr; |
| 1257 | if (likely(*ptr == '\r')) |
| 1258 | EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END); |
| 1259 | goto http_msg_rpline_end; |
| 1260 | |
| 1261 | http_msg_rpline_end: |
| 1262 | case HTTP_MSG_RPLINE_END: |
| 1263 | /* msg->sol must point to the first of CR or LF. */ |
| 1264 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1265 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST); |
| 1266 | /* stop here */ |
| 1267 | |
| 1268 | /* |
| 1269 | * Second, states that are specific to the request only |
| 1270 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1271 | http_msg_rqbefore: |
| 1272 | case HTTP_MSG_RQBEFORE: |
| 1273 | if (likely(HTTP_IS_TOKEN(*ptr))) { |
| 1274 | if (likely(ptr == buf->data)) { |
| 1275 | msg->sol = ptr; |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1276 | msg->som = 0; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1277 | } else { |
| 1278 | #if PARSE_PRESERVE_EMPTY_LINES |
| 1279 | /* only skip empty leading lines, don't remove them */ |
| 1280 | msg->sol = ptr; |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1281 | msg->som = ptr - buf->data; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1282 | #else |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1283 | /* Remove empty leading lines, as recommended by |
| 1284 | * RFC2616. This takes a lot of time because we |
| 1285 | * must move all the buffer backwards, but this |
| 1286 | * is rarely needed. The method above will be |
| 1287 | * cleaner when we'll be able to start sending |
| 1288 | * the request from any place in the buffer. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1289 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1290 | buf->lr = ptr; |
| 1291 | buffer_replace2(buf, buf->data, buf->lr, NULL, 0); |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1292 | msg->som = 0; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1293 | msg->sol = buf->data; |
| 1294 | ptr = buf->data; |
| 1295 | end = buf->r; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1296 | #endif |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1297 | } |
Willy Tarreau | f0d058e | 2007-01-25 12:03:42 +0100 | [diff] [blame] | 1298 | /* we will need this when keep-alive will be supported |
| 1299 | hdr_idx_init(idx); |
| 1300 | */ |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1301 | state = HTTP_MSG_RQMETH; |
| 1302 | goto http_msg_rqmeth; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1303 | } |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1304 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1305 | if (unlikely(!HTTP_IS_CRLF(*ptr))) |
| 1306 | goto http_msg_invalid; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1307 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1308 | if (unlikely(*ptr == '\n')) |
| 1309 | EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE); |
| 1310 | EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR); |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1311 | /* stop here */ |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1312 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1313 | http_msg_rqbefore_cr: |
| 1314 | case HTTP_MSG_RQBEFORE_CR: |
| 1315 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1316 | EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE); |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1317 | /* stop here */ |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1318 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1319 | http_msg_rqmeth: |
| 1320 | case HTTP_MSG_RQMETH: |
| 1321 | case HTTP_MSG_RQMETH_SP: |
| 1322 | case HTTP_MSG_RQURI: |
| 1323 | case HTTP_MSG_RQURI_SP: |
| 1324 | case HTTP_MSG_RQVER: |
| 1325 | ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end, |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1326 | &buf->lr, &msg->msg_state); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1327 | if (unlikely(!ptr)) |
| 1328 | return; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1329 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1330 | /* we have a full request and we know that we have either a CR |
| 1331 | * or an LF at <ptr>. |
| 1332 | */ |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1333 | //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1334 | hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r'); |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1335 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1336 | msg->sol = ptr; |
| 1337 | if (likely(*ptr == '\r')) |
| 1338 | EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1339 | goto http_msg_rqline_end; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1340 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1341 | http_msg_rqline_end: |
| 1342 | case HTTP_MSG_RQLINE_END: |
| 1343 | /* check for HTTP/0.9 request : no version information available. |
| 1344 | * msg->sol must point to the first of CR or LF. |
| 1345 | */ |
| 1346 | if (unlikely(msg->sl.rq.v_l == 0)) |
| 1347 | goto http_msg_last_lf; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1348 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1349 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1350 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST); |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1351 | /* stop here */ |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1352 | |
Willy Tarreau | 8973c70 | 2007-01-21 23:58:29 +0100 | [diff] [blame] | 1353 | /* |
| 1354 | * Common states below |
| 1355 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1356 | http_msg_hdr_first: |
| 1357 | case HTTP_MSG_HDR_FIRST: |
| 1358 | msg->sol = ptr; |
| 1359 | if (likely(!HTTP_IS_CRLF(*ptr))) { |
| 1360 | goto http_msg_hdr_name; |
| 1361 | } |
| 1362 | |
| 1363 | if (likely(*ptr == '\r')) |
| 1364 | EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF); |
| 1365 | goto http_msg_last_lf; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1366 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1367 | http_msg_hdr_name: |
| 1368 | case HTTP_MSG_HDR_NAME: |
| 1369 | /* assumes msg->sol points to the first char */ |
| 1370 | if (likely(HTTP_IS_TOKEN(*ptr))) |
| 1371 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1372 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1373 | if (likely(*ptr == ':')) { |
| 1374 | msg->col = ptr - buf->data; |
| 1375 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP); |
| 1376 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1377 | |
Willy Tarreau | 32a4ec0 | 2009-04-02 11:35:18 +0200 | [diff] [blame^] | 1378 | if (likely(msg->err_pos < -1) || *ptr == '\n') |
| 1379 | goto http_msg_invalid; |
| 1380 | |
| 1381 | if (msg->err_pos == -1) /* capture error pointer */ |
| 1382 | msg->err_pos = ptr - buf->data; /* >= 0 now */ |
| 1383 | |
| 1384 | /* and we still accept this non-token character */ |
| 1385 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME); |
Willy Tarreau | 230fd0b | 2006-12-17 12:05:00 +0100 | [diff] [blame] | 1386 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1387 | http_msg_hdr_l1_sp: |
| 1388 | case HTTP_MSG_HDR_L1_SP: |
| 1389 | /* assumes msg->sol points to the first char and msg->col to the colon */ |
| 1390 | if (likely(HTTP_IS_SPHT(*ptr))) |
| 1391 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP); |
Willy Tarreau | 230fd0b | 2006-12-17 12:05:00 +0100 | [diff] [blame] | 1392 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1393 | /* header value can be basically anything except CR/LF */ |
| 1394 | msg->sov = ptr - buf->data; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1395 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1396 | if (likely(!HTTP_IS_CRLF(*ptr))) { |
| 1397 | goto http_msg_hdr_val; |
| 1398 | } |
| 1399 | |
| 1400 | if (likely(*ptr == '\r')) |
| 1401 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF); |
| 1402 | goto http_msg_hdr_l1_lf; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1403 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1404 | http_msg_hdr_l1_lf: |
| 1405 | case HTTP_MSG_HDR_L1_LF: |
| 1406 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1407 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS); |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1408 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1409 | http_msg_hdr_l1_lws: |
| 1410 | case HTTP_MSG_HDR_L1_LWS: |
| 1411 | if (likely(HTTP_IS_SPHT(*ptr))) { |
| 1412 | /* replace HT,CR,LF with spaces */ |
| 1413 | for (; buf->data+msg->sov < ptr; msg->sov++) |
| 1414 | buf->data[msg->sov] = ' '; |
| 1415 | goto http_msg_hdr_l1_sp; |
| 1416 | } |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 1417 | /* we had a header consisting only in spaces ! */ |
| 1418 | msg->eol = buf->data + msg->sov; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1419 | goto http_msg_complete_header; |
| 1420 | |
| 1421 | http_msg_hdr_val: |
| 1422 | case HTTP_MSG_HDR_VAL: |
| 1423 | /* assumes msg->sol points to the first char, msg->col to the |
| 1424 | * colon, and msg->sov points to the first character of the |
| 1425 | * value. |
| 1426 | */ |
| 1427 | if (likely(!HTTP_IS_CRLF(*ptr))) |
| 1428 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL); |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1429 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1430 | msg->eol = ptr; |
| 1431 | /* Note: we could also copy eol into ->eoh so that we have the |
| 1432 | * real header end in case it ends with lots of LWS, but is this |
| 1433 | * really needed ? |
| 1434 | */ |
| 1435 | if (likely(*ptr == '\r')) |
| 1436 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF); |
| 1437 | goto http_msg_hdr_l2_lf; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1438 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1439 | http_msg_hdr_l2_lf: |
| 1440 | case HTTP_MSG_HDR_L2_LF: |
| 1441 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1442 | EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS); |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1443 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1444 | http_msg_hdr_l2_lws: |
| 1445 | case HTTP_MSG_HDR_L2_LWS: |
| 1446 | if (unlikely(HTTP_IS_SPHT(*ptr))) { |
| 1447 | /* LWS: replace HT,CR,LF with spaces */ |
| 1448 | for (; msg->eol < ptr; msg->eol++) |
| 1449 | *msg->eol = ' '; |
| 1450 | goto http_msg_hdr_val; |
| 1451 | } |
| 1452 | http_msg_complete_header: |
| 1453 | /* |
| 1454 | * It was a new header, so the last one is finished. |
| 1455 | * Assumes msg->sol points to the first char, msg->col to the |
| 1456 | * colon, msg->sov points to the first character of the value |
| 1457 | * and msg->eol to the first CR or LF so we know how the line |
| 1458 | * ends. We insert last header into the index. |
| 1459 | */ |
| 1460 | /* |
| 1461 | fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol); |
| 1462 | write(2, msg->sol, msg->eol-msg->sol); |
| 1463 | fprintf(stderr,"\n"); |
| 1464 | */ |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1465 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1466 | if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r', |
| 1467 | idx, idx->tail) < 0)) |
| 1468 | goto http_msg_invalid; |
Willy Tarreau | 230fd0b | 2006-12-17 12:05:00 +0100 | [diff] [blame] | 1469 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1470 | msg->sol = ptr; |
| 1471 | if (likely(!HTTP_IS_CRLF(*ptr))) { |
| 1472 | goto http_msg_hdr_name; |
| 1473 | } |
| 1474 | |
| 1475 | if (likely(*ptr == '\r')) |
| 1476 | EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF); |
| 1477 | goto http_msg_last_lf; |
Willy Tarreau | 230fd0b | 2006-12-17 12:05:00 +0100 | [diff] [blame] | 1478 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1479 | http_msg_last_lf: |
| 1480 | case HTTP_MSG_LAST_LF: |
| 1481 | /* Assumes msg->sol points to the first of either CR or LF */ |
| 1482 | EXPECT_LF_HERE(ptr, http_msg_invalid); |
| 1483 | ptr++; |
| 1484 | buf->lr = ptr; |
| 1485 | msg->eoh = msg->sol - buf->data; |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1486 | msg->msg_state = HTTP_MSG_BODY; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1487 | return; |
| 1488 | #ifdef DEBUG_FULL |
| 1489 | default: |
| 1490 | fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| 1491 | exit(1); |
Willy Tarreau | 230fd0b | 2006-12-17 12:05:00 +0100 | [diff] [blame] | 1492 | #endif |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1493 | } |
| 1494 | http_msg_ood: |
| 1495 | /* out of data */ |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1496 | msg->msg_state = state; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1497 | buf->lr = ptr; |
| 1498 | return; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1499 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1500 | http_msg_invalid: |
| 1501 | /* invalid message */ |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 1502 | msg->msg_state = HTTP_MSG_ERROR; |
Willy Tarreau | 7552c03 | 2009-03-01 11:10:40 +0100 | [diff] [blame] | 1503 | buf->lr = ptr; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1504 | return; |
| 1505 | } |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 1506 | |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 1507 | /* This function performs all the processing enabled for the current request. |
Willy Tarreau | edcf668 | 2008-11-30 23:15:34 +0100 | [diff] [blame] | 1508 | * It returns 1 if the processing can continue on next analysers, or zero if it |
| 1509 | * needs more data, encounters an error, or wants to immediately abort the |
| 1510 | * request. It relies on buffers flags, and updates s->req->analysers. Its |
| 1511 | * behaviour is rather simple: |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 1512 | * - all enabled analysers are called in turn from the lower to the higher |
| 1513 | * bit. |
Willy Tarreau | edcf668 | 2008-11-30 23:15:34 +0100 | [diff] [blame] | 1514 | * - the analyser must check for errors and timeouts, and react as expected. |
| 1515 | * It does not have to close anything upon error, the caller will. |
| 1516 | * - if the analyser does not have enough data, it must return 0without calling |
| 1517 | * other ones. It should also probably do a buffer_write_dis() to ensure |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 1518 | * that unprocessed data will not be forwarded. But that probably depends on |
Willy Tarreau | edcf668 | 2008-11-30 23:15:34 +0100 | [diff] [blame] | 1519 | * the protocol. |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 1520 | * - if an analyser has enough data, it just has to pass on to the next |
Willy Tarreau | edcf668 | 2008-11-30 23:15:34 +0100 | [diff] [blame] | 1521 | * analyser without using buffer_write_dis() (enabled by default). |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 1522 | * - if an analyser thinks it has no added value anymore staying here, it must |
| 1523 | * reset its bit from the analysers flags in order not to be called anymore. |
| 1524 | * |
| 1525 | * In the future, analysers should be able to indicate that they want to be |
| 1526 | * called after XXX bytes have been received (or transfered), and the min of |
| 1527 | * all's wishes will be used to ring back (unless a special condition occurs). |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1528 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1529 | int http_process_request(struct session *s, struct buffer *req) |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1530 | { |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1531 | /* |
| 1532 | * We will parse the partial (or complete) lines. |
| 1533 | * We will check the request syntax, and also join multi-line |
| 1534 | * headers. An index of all the lines will be elaborated while |
| 1535 | * parsing. |
| 1536 | * |
| 1537 | * For the parsing, we use a 28 states FSM. |
| 1538 | * |
| 1539 | * Here is the information we currently have : |
Willy Tarreau | f073a83 | 2009-03-01 23:21:47 +0100 | [diff] [blame] | 1540 | * req->data + msg->som = beginning of request |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1541 | * req->data + req->eoh = end of processed headers / start of current one |
| 1542 | * req->data + req->eol = end of current header or line (LF or CRLF) |
| 1543 | * req->lr = first non-visited byte |
| 1544 | * req->r = end of data |
| 1545 | */ |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1546 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1547 | int cur_idx; |
| 1548 | struct http_txn *txn = &s->txn; |
| 1549 | struct http_msg *msg = &txn->req; |
| 1550 | struct proxy *cur_proxy; |
Willy Tarreau | 976f1ee | 2006-12-17 10:06:03 +0100 | [diff] [blame] | 1551 | |
Willy Tarreau | 6bf1736 | 2009-02-24 10:48:35 +0100 | [diff] [blame] | 1552 | DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n", |
| 1553 | now_ms, __FUNCTION__, |
| 1554 | s, |
| 1555 | req, |
| 1556 | req->rex, req->wex, |
| 1557 | req->flags, |
| 1558 | req->l, |
| 1559 | req->analysers); |
| 1560 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1561 | if (likely(req->lr < req->r)) |
| 1562 | http_msg_analyzer(req, msg, &txn->hdr_idx); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1563 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1564 | /* 1: we might have to print this header in debug mode */ |
| 1565 | if (unlikely((global.mode & MODE_DEBUG) && |
| 1566 | (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) && |
| 1567 | (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) { |
| 1568 | char *eol, *sol; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1569 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1570 | sol = req->data + msg->som; |
| 1571 | eol = sol + msg->sl.rq.l; |
| 1572 | debug_hdr("clireq", s, sol, eol); |
Willy Tarreau | 45e73e3 | 2006-12-17 00:05:15 +0100 | [diff] [blame] | 1573 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1574 | sol += hdr_idx_first_pos(&txn->hdr_idx); |
| 1575 | cur_idx = hdr_idx_first_idx(&txn->hdr_idx); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1576 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1577 | while (cur_idx) { |
| 1578 | eol = sol + txn->hdr_idx.v[cur_idx].len; |
| 1579 | debug_hdr("clihdr", s, sol, eol); |
| 1580 | sol = eol + txn->hdr_idx.v[cur_idx].cr + 1; |
| 1581 | cur_idx = txn->hdr_idx.v[cur_idx].next; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1582 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1583 | } |
| 1584 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1585 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1586 | /* |
| 1587 | * Now we quickly check if we have found a full valid request. |
| 1588 | * If not so, we check the FD and buffer states before leaving. |
| 1589 | * A full request is indicated by the fact that we have seen |
| 1590 | * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid |
| 1591 | * requests are checked first. |
| 1592 | * |
| 1593 | */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1594 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1595 | if (unlikely(msg->msg_state != HTTP_MSG_BODY)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1596 | /* |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1597 | * First, let's catch bad requests. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1598 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1599 | if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) |
| 1600 | goto return_bad_req; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1601 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1602 | /* 1: Since we are in header mode, if there's no space |
| 1603 | * left for headers, we won't be able to free more |
| 1604 | * later, so the session will never terminate. We |
| 1605 | * must terminate it now. |
| 1606 | */ |
| 1607 | if (unlikely(req->flags & BF_FULL)) { |
| 1608 | /* FIXME: check if URI is set and return Status |
| 1609 | * 414 Request URI too long instead. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1610 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1611 | goto return_bad_req; |
| 1612 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1613 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1614 | /* 2: have we encountered a read error ? */ |
| 1615 | else if (req->flags & BF_READ_ERROR) { |
| 1616 | /* we cannot return any message on error */ |
| 1617 | msg->msg_state = HTTP_MSG_ERROR; |
| 1618 | req->analysers = 0; |
| 1619 | s->fe->failed_req++; |
| 1620 | if (!(s->flags & SN_ERR_MASK)) |
| 1621 | s->flags |= SN_ERR_CLICL; |
| 1622 | if (!(s->flags & SN_FINST_MASK)) |
| 1623 | s->flags |= SN_FINST_R; |
| 1624 | return 0; |
| 1625 | } |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 1626 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1627 | /* 3: has the read timeout expired ? */ |
| 1628 | else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) { |
| 1629 | /* read timeout : give up with an error message. */ |
| 1630 | txn->status = 408; |
| 1631 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_408)); |
| 1632 | msg->msg_state = HTTP_MSG_ERROR; |
| 1633 | req->analysers = 0; |
| 1634 | s->fe->failed_req++; |
| 1635 | if (!(s->flags & SN_ERR_MASK)) |
| 1636 | s->flags |= SN_ERR_CLITO; |
| 1637 | if (!(s->flags & SN_FINST_MASK)) |
| 1638 | s->flags |= SN_FINST_R; |
| 1639 | return 0; |
| 1640 | } |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 1641 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1642 | /* 4: have we encountered a close ? */ |
| 1643 | else if (req->flags & BF_SHUTR) { |
| 1644 | txn->status = 400; |
| 1645 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400)); |
| 1646 | msg->msg_state = HTTP_MSG_ERROR; |
| 1647 | req->analysers = 0; |
| 1648 | s->fe->failed_req++; |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 1649 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1650 | if (!(s->flags & SN_ERR_MASK)) |
| 1651 | s->flags |= SN_ERR_CLICL; |
| 1652 | if (!(s->flags & SN_FINST_MASK)) |
| 1653 | s->flags |= SN_FINST_R; |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 1654 | return 0; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1655 | } |
| 1656 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1657 | buffer_write_dis(req); |
Willy Tarreau | 1b194fe | 2009-03-21 21:10:04 +0100 | [diff] [blame] | 1658 | req->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */ |
| 1659 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1660 | /* just set the request timeout once at the beginning of the request */ |
| 1661 | if (!tick_isset(req->analyse_exp)) |
| 1662 | req->analyse_exp = tick_add_ifset(now_ms, s->fe->timeout.httpreq); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1663 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1664 | /* we're not ready yet */ |
| 1665 | return 0; |
| 1666 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1667 | |
Willy Tarreau | 67f0eea | 2008-08-10 22:55:22 +0200 | [diff] [blame] | 1668 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1669 | /**************************************************************** |
| 1670 | * More interesting part now : we know that we have a complete * |
| 1671 | * request which at least looks like HTTP. We have an indicator * |
| 1672 | * of each header's length, so we can parse them quickly. * |
| 1673 | ****************************************************************/ |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 1674 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1675 | req->analysers &= ~AN_REQ_HTTP_HDR; |
| 1676 | req->analyse_exp = TICK_ETERNITY; |
| 1677 | |
| 1678 | /* ensure we keep this pointer to the beginning of the message */ |
| 1679 | msg->sol = req->data + msg->som; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1680 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1681 | /* |
| 1682 | * 1: identify the method |
| 1683 | */ |
| 1684 | txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l); |
| 1685 | |
| 1686 | /* we can make use of server redirect on GET and HEAD */ |
| 1687 | if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD) |
| 1688 | s->flags |= SN_REDIRECTABLE; |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 1689 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1690 | /* |
| 1691 | * 2: check if the URI matches the monitor_uri. |
| 1692 | * We have to do this for every request which gets in, because |
| 1693 | * the monitor-uri is defined by the frontend. |
| 1694 | */ |
| 1695 | if (unlikely((s->fe->monitor_uri_len != 0) && |
| 1696 | (s->fe->monitor_uri_len == msg->sl.rq.u_l) && |
| 1697 | !memcmp(&req->data[msg->sl.rq.u], |
| 1698 | s->fe->monitor_uri, |
| 1699 | s->fe->monitor_uri_len))) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1700 | /* |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1701 | * We have found the monitor URI |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1702 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1703 | struct acl_cond *cond; |
| 1704 | cur_proxy = s->fe; |
Willy Tarreau | b80c230 | 2007-11-30 20:51:32 +0100 | [diff] [blame] | 1705 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1706 | s->flags |= SN_MONITOR; |
Willy Tarreau | b80c230 | 2007-11-30 20:51:32 +0100 | [diff] [blame] | 1707 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1708 | /* Check if we want to fail this monitor request or not */ |
| 1709 | list_for_each_entry(cond, &cur_proxy->mon_fail_cond, list) { |
| 1710 | int ret = acl_exec_cond(cond, cur_proxy, s, txn, ACL_DIR_REQ); |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 1711 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1712 | ret = acl_pass(ret); |
| 1713 | if (cond->pol == ACL_COND_UNLESS) |
| 1714 | ret = !ret; |
Willy Tarreau | b80c230 | 2007-11-30 20:51:32 +0100 | [diff] [blame] | 1715 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1716 | if (ret) { |
| 1717 | /* we fail this request, let's return 503 service unavail */ |
| 1718 | txn->status = 503; |
| 1719 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_503)); |
| 1720 | goto return_prx_cond; |
Willy Tarreau | b80c230 | 2007-11-30 20:51:32 +0100 | [diff] [blame] | 1721 | } |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1722 | } |
Willy Tarreau | a5555ec | 2008-11-30 19:02:32 +0100 | [diff] [blame] | 1723 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1724 | /* nothing to fail, let's reply normaly */ |
| 1725 | txn->status = 200; |
| 1726 | stream_int_retnclose(req->prod, &http_200_chunk); |
| 1727 | goto return_prx_cond; |
| 1728 | } |
| 1729 | |
| 1730 | /* |
| 1731 | * 3: Maybe we have to copy the original REQURI for the logs ? |
| 1732 | * Note: we cannot log anymore if the request has been |
| 1733 | * classified as invalid. |
| 1734 | */ |
| 1735 | if (unlikely(s->logs.logwait & LW_REQ)) { |
| 1736 | /* we have a complete HTTP request that we must log */ |
| 1737 | if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) { |
| 1738 | int urilen = msg->sl.rq.l; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1739 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1740 | if (urilen >= REQURI_LEN) |
| 1741 | urilen = REQURI_LEN - 1; |
| 1742 | memcpy(txn->uri, &req->data[msg->som], urilen); |
| 1743 | txn->uri[urilen] = 0; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1744 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1745 | if (!(s->logs.logwait &= ~LW_REQ)) |
| 1746 | s->do_log(s); |
| 1747 | } else { |
| 1748 | Alert("HTTP logging : out of memory.\n"); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1749 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1750 | } |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1751 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1752 | /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */ |
| 1753 | if (unlikely(msg->sl.rq.v_l == 0)) { |
| 1754 | int delta; |
| 1755 | char *cur_end; |
| 1756 | msg->sol = req->data + msg->som; |
| 1757 | cur_end = msg->sol + msg->sl.rq.l; |
| 1758 | delta = 0; |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1759 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1760 | if (msg->sl.rq.u_l == 0) { |
| 1761 | /* if no URI was set, add "/" */ |
| 1762 | delta = buffer_replace2(req, cur_end, cur_end, " /", 2); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1763 | cur_end += delta; |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1764 | msg->eoh += delta; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1765 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1766 | /* add HTTP version */ |
| 1767 | delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11); |
| 1768 | msg->eoh += delta; |
| 1769 | cur_end += delta; |
| 1770 | cur_end = (char *)http_parse_reqline(msg, req->data, |
| 1771 | HTTP_MSG_RQMETH, |
| 1772 | msg->sol, cur_end + 1, |
| 1773 | NULL, NULL); |
| 1774 | if (unlikely(!cur_end)) |
| 1775 | goto return_bad_req; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1776 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1777 | /* we have a full HTTP/1.0 request now and we know that |
| 1778 | * we have either a CR or an LF at <ptr>. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1779 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1780 | hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r'); |
| 1781 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 1782 | |
| 1783 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1784 | /* 5: we may need to capture headers */ |
| 1785 | if (unlikely((s->logs.logwait & LW_REQHDR) && s->fe->req_cap)) |
| 1786 | capture_headers(req->data + msg->som, &txn->hdr_idx, |
| 1787 | txn->req.cap, s->fe->req_cap); |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 1788 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1789 | /* |
| 1790 | * 6: we will have to evaluate the filters. |
| 1791 | * As opposed to version 1.2, now they will be evaluated in the |
| 1792 | * filters order and not in the header order. This means that |
| 1793 | * each filter has to be validated among all headers. |
| 1794 | * |
| 1795 | * We can now check whether we want to switch to another |
| 1796 | * backend, in which case we will re-check the backend's |
| 1797 | * filters and various options. In order to support 3-level |
| 1798 | * switching, here's how we should proceed : |
| 1799 | * |
| 1800 | * a) run be. |
| 1801 | * if (switch) then switch ->be to the new backend. |
| 1802 | * b) run be if (be != fe). |
| 1803 | * There cannot be any switch from there, so ->be cannot be |
| 1804 | * changed anymore. |
| 1805 | * |
| 1806 | * => filters always apply to ->be, then ->be may change. |
| 1807 | * |
| 1808 | * The response path will be able to apply either ->be, or |
| 1809 | * ->be then ->fe filters in order to match the reverse of |
| 1810 | * the forward sequence. |
| 1811 | */ |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1812 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1813 | do { |
| 1814 | struct acl_cond *cond; |
| 1815 | struct redirect_rule *rule; |
| 1816 | struct proxy *rule_set = s->be; |
| 1817 | cur_proxy = s->be; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1818 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1819 | /* first check whether we have some ACLs set to redirect this request */ |
| 1820 | list_for_each_entry(rule, &cur_proxy->redirect_rules, list) { |
| 1821 | int ret = acl_exec_cond(rule->cond, cur_proxy, s, txn, ACL_DIR_REQ); |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1822 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1823 | ret = acl_pass(ret); |
| 1824 | if (rule->cond->pol == ACL_COND_UNLESS) |
| 1825 | ret = !ret; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1826 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1827 | if (ret) { |
| 1828 | struct chunk rdr = { trash, 0 }; |
| 1829 | const char *msg_fmt; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1830 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1831 | /* build redirect message */ |
| 1832 | switch(rule->code) { |
| 1833 | case 303: |
| 1834 | rdr.len = strlen(HTTP_303); |
| 1835 | msg_fmt = HTTP_303; |
| 1836 | break; |
| 1837 | case 301: |
| 1838 | rdr.len = strlen(HTTP_301); |
| 1839 | msg_fmt = HTTP_301; |
| 1840 | break; |
| 1841 | case 302: |
| 1842 | default: |
| 1843 | rdr.len = strlen(HTTP_302); |
| 1844 | msg_fmt = HTTP_302; |
| 1845 | break; |
| 1846 | } |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1847 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1848 | if (unlikely(rdr.len > sizeof(trash))) |
| 1849 | goto return_bad_req; |
| 1850 | memcpy(rdr.str, msg_fmt, rdr.len); |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1851 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1852 | switch(rule->type) { |
| 1853 | case REDIRECT_TYPE_PREFIX: { |
| 1854 | const char *path; |
| 1855 | int pathlen; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1856 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1857 | path = http_get_path(txn); |
| 1858 | /* build message using path */ |
| 1859 | if (path) { |
| 1860 | pathlen = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path; |
Willy Tarreau | 79da469 | 2008-11-19 20:03:04 +0100 | [diff] [blame] | 1861 | if (rule->flags & REDIRECT_FLAG_DROP_QS) { |
| 1862 | int qs = 0; |
| 1863 | while (qs < pathlen) { |
| 1864 | if (path[qs] == '?') { |
| 1865 | pathlen = qs; |
| 1866 | break; |
| 1867 | } |
| 1868 | qs++; |
| 1869 | } |
| 1870 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1871 | } else { |
| 1872 | path = "/"; |
| 1873 | pathlen = 1; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1874 | } |
| 1875 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1876 | if (rdr.len + rule->rdr_len + pathlen > sizeof(trash) - 4) |
| 1877 | goto return_bad_req; |
| 1878 | |
Willy Tarreau | fe651a5 | 2008-11-19 21:15:17 +0100 | [diff] [blame] | 1879 | /* add prefix. Note that if prefix == "/", we don't want to |
| 1880 | * add anything, otherwise it makes it hard for the user to |
| 1881 | * configure a self-redirection. |
| 1882 | */ |
| 1883 | if (rule->rdr_len != 1 || *rule->rdr_str != '/') { |
| 1884 | memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len); |
| 1885 | rdr.len += rule->rdr_len; |
| 1886 | } |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1887 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1888 | /* add path */ |
| 1889 | memcpy(rdr.str + rdr.len, path, pathlen); |
| 1890 | rdr.len += pathlen; |
| 1891 | break; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1892 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1893 | case REDIRECT_TYPE_LOCATION: |
| 1894 | default: |
| 1895 | if (rdr.len + rule->rdr_len > sizeof(trash) - 4) |
| 1896 | goto return_bad_req; |
Willy Tarreau | b463dfb | 2008-06-07 23:08:56 +0200 | [diff] [blame] | 1897 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1898 | /* add location */ |
| 1899 | memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len); |
| 1900 | rdr.len += rule->rdr_len; |
| 1901 | break; |
| 1902 | } |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 1903 | |
Willy Tarreau | 0140f25 | 2008-11-19 21:07:09 +0100 | [diff] [blame] | 1904 | if (rule->cookie_len) { |
| 1905 | memcpy(rdr.str + rdr.len, "\r\nSet-Cookie: ", 14); |
| 1906 | rdr.len += 14; |
| 1907 | memcpy(rdr.str + rdr.len, rule->cookie_str, rule->cookie_len); |
| 1908 | rdr.len += rule->cookie_len; |
| 1909 | memcpy(rdr.str + rdr.len, "\r\n", 2); |
| 1910 | rdr.len += 2; |
| 1911 | } |
| 1912 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1913 | /* add end of headers */ |
| 1914 | memcpy(rdr.str + rdr.len, "\r\n\r\n", 4); |
| 1915 | rdr.len += 4; |
Willy Tarreau | 5c8e3e0 | 2007-05-07 00:58:25 +0200 | [diff] [blame] | 1916 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1917 | txn->status = rule->code; |
| 1918 | /* let's log the request time */ |
| 1919 | s->logs.tv_request = now; |
| 1920 | stream_int_retnclose(req->prod, &rdr); |
| 1921 | goto return_prx_cond; |
Willy Tarreau | 5c8e3e0 | 2007-05-07 00:58:25 +0200 | [diff] [blame] | 1922 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1923 | } |
Willy Tarreau | 5c8e3e0 | 2007-05-07 00:58:25 +0200 | [diff] [blame] | 1924 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1925 | /* first check whether we have some ACLs set to block this request */ |
| 1926 | list_for_each_entry(cond, &cur_proxy->block_cond, list) { |
| 1927 | int ret = acl_exec_cond(cond, cur_proxy, s, txn, ACL_DIR_REQ); |
Willy Tarreau | 53b6c74 | 2006-12-17 13:37:46 +0100 | [diff] [blame] | 1928 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1929 | ret = acl_pass(ret); |
| 1930 | if (cond->pol == ACL_COND_UNLESS) |
| 1931 | ret = !ret; |
Willy Tarreau | f1221aa | 2006-12-17 22:14:12 +0100 | [diff] [blame] | 1932 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1933 | if (ret) { |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 1934 | txn->status = 403; |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1935 | /* let's log the request time */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1936 | s->logs.tv_request = now; |
| 1937 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403)); |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1938 | goto return_prx_cond; |
| 1939 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1940 | } |
| 1941 | |
| 1942 | /* try headers filters */ |
| 1943 | if (rule_set->req_exp != NULL) { |
| 1944 | if (apply_filters_to_request(s, req, rule_set->req_exp) < 0) |
| 1945 | goto return_bad_req; |
| 1946 | } |
| 1947 | |
| 1948 | if (!(s->flags & SN_BE_ASSIGNED) && (s->be != cur_proxy)) { |
| 1949 | /* to ensure correct connection accounting on |
| 1950 | * the backend, we count the connection for the |
| 1951 | * one managing the queue. |
| 1952 | */ |
| 1953 | s->be->beconn++; |
| 1954 | if (s->be->beconn > s->be->beconn_max) |
| 1955 | s->be->beconn_max = s->be->beconn; |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 1956 | proxy_inc_be_ctr(s->be); |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1957 | s->flags |= SN_BE_ASSIGNED; |
| 1958 | } |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1959 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1960 | /* has the request been denied ? */ |
| 1961 | if (txn->flags & TX_CLDENY) { |
| 1962 | /* no need to go further */ |
| 1963 | txn->status = 403; |
| 1964 | /* let's log the request time */ |
| 1965 | s->logs.tv_request = now; |
| 1966 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403)); |
| 1967 | goto return_prx_cond; |
| 1968 | } |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 1969 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1970 | /* We might have to check for "Connection:" */ |
| 1971 | if (((s->fe->options | s->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) && |
| 1972 | !(s->flags & SN_CONN_CLOSED)) { |
| 1973 | char *cur_ptr, *cur_end, *cur_next; |
| 1974 | int cur_idx, old_idx, delta, val; |
| 1975 | struct hdr_idx_elem *cur_hdr; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1976 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1977 | cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 1978 | old_idx = 0; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 1979 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 1980 | while ((cur_idx = txn->hdr_idx.v[old_idx].next)) { |
| 1981 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
| 1982 | cur_ptr = cur_next; |
| 1983 | cur_end = cur_ptr + cur_hdr->len; |
| 1984 | cur_next = cur_end + cur_hdr->cr + 1; |
| 1985 | |
| 1986 | val = http_header_match2(cur_ptr, cur_end, "Connection", 10); |
| 1987 | if (val) { |
| 1988 | /* 3 possibilities : |
| 1989 | * - we have already set Connection: close, |
| 1990 | * so we remove this line. |
| 1991 | * - we have not yet set Connection: close, |
| 1992 | * but this line indicates close. We leave |
| 1993 | * it untouched and set the flag. |
| 1994 | * - we have not yet set Connection: close, |
| 1995 | * and this line indicates non-close. We |
| 1996 | * replace it. |
| 1997 | */ |
| 1998 | if (s->flags & SN_CONN_CLOSED) { |
| 1999 | delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0); |
| 2000 | txn->req.eoh += delta; |
| 2001 | cur_next += delta; |
| 2002 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 2003 | txn->hdr_idx.used--; |
| 2004 | cur_hdr->len = 0; |
| 2005 | } else { |
| 2006 | if (strncasecmp(cur_ptr + val, "close", 5) != 0) { |
| 2007 | delta = buffer_replace2(req, cur_ptr + val, cur_end, |
| 2008 | "close", 5); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 2009 | cur_next += delta; |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2010 | cur_hdr->len += delta; |
| 2011 | txn->req.eoh += delta; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 2012 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2013 | s->flags |= SN_CONN_CLOSED; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 2014 | } |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 2015 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2016 | old_idx = cur_idx; |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2017 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2018 | } |
| 2019 | /* add request headers from the rule sets in the same order */ |
| 2020 | for (cur_idx = 0; cur_idx < rule_set->nb_reqadd; cur_idx++) { |
| 2021 | if (unlikely(http_header_add_tail(req, |
| 2022 | &txn->req, |
| 2023 | &txn->hdr_idx, |
| 2024 | rule_set->req_add[cur_idx])) < 0) |
| 2025 | goto return_bad_req; |
| 2026 | } |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 2027 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2028 | /* check if stats URI was requested, and if an auth is needed */ |
| 2029 | if (rule_set->uri_auth != NULL && |
| 2030 | (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) { |
| 2031 | /* we have to check the URI and auth for this request. |
| 2032 | * FIXME!!! that one is rather dangerous, we want to |
| 2033 | * make it follow standard rules (eg: clear req->analysers). |
| 2034 | */ |
| 2035 | if (stats_check_uri_auth(s, rule_set)) { |
| 2036 | req->analysers = 0; |
| 2037 | return 0; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 2038 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2039 | } |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 2040 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2041 | /* now check whether we have some switching rules for this request */ |
| 2042 | if (!(s->flags & SN_BE_ASSIGNED)) { |
| 2043 | struct switching_rule *rule; |
Willy Tarreau | 55ea757 | 2007-06-17 19:56:27 +0200 | [diff] [blame] | 2044 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2045 | list_for_each_entry(rule, &cur_proxy->switching_rules, list) { |
| 2046 | int ret; |
Willy Tarreau | 55ea757 | 2007-06-17 19:56:27 +0200 | [diff] [blame] | 2047 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2048 | ret = acl_exec_cond(rule->cond, cur_proxy, s, txn, ACL_DIR_REQ); |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 2049 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2050 | ret = acl_pass(ret); |
| 2051 | if (rule->cond->pol == ACL_COND_UNLESS) |
| 2052 | ret = !ret; |
Willy Tarreau | 55ea757 | 2007-06-17 19:56:27 +0200 | [diff] [blame] | 2053 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2054 | if (ret) { |
| 2055 | s->be = rule->be.backend; |
| 2056 | s->be->beconn++; |
| 2057 | if (s->be->beconn > s->be->beconn_max) |
| 2058 | s->be->beconn_max = s->be->beconn; |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 2059 | proxy_inc_be_ctr(s->be); |
Willy Tarreau | 6e4261e | 2007-09-18 18:36:05 +0200 | [diff] [blame] | 2060 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2061 | /* assign new parameters to the session from the new backend */ |
| 2062 | s->rep->rto = s->req->wto = s->be->timeout.server; |
| 2063 | s->req->cto = s->be->timeout.connect; |
| 2064 | s->conn_retries = s->be->conn_retries; |
Willy Tarreau | 32a4ec0 | 2009-04-02 11:35:18 +0200 | [diff] [blame^] | 2065 | if (s->be->options2 & PR_O2_RSPBUG_OK) |
| 2066 | s->txn.rsp.err_pos = -1; /* let buggy responses pass */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2067 | s->flags |= SN_BE_ASSIGNED; |
| 2068 | break; |
Willy Tarreau | 55ea757 | 2007-06-17 19:56:27 +0200 | [diff] [blame] | 2069 | } |
| 2070 | } |
Willy Tarreau | f1221aa | 2006-12-17 22:14:12 +0100 | [diff] [blame] | 2071 | } |
| 2072 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2073 | if (!(s->flags & SN_BE_ASSIGNED) && cur_proxy->defbe.be) { |
| 2074 | /* No backend was set, but there was a default |
| 2075 | * backend set in the frontend, so we use it and |
| 2076 | * loop again. |
| 2077 | */ |
| 2078 | s->be = cur_proxy->defbe.be; |
| 2079 | s->be->beconn++; |
| 2080 | if (s->be->beconn > s->be->beconn_max) |
| 2081 | s->be->beconn_max = s->be->beconn; |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 2082 | proxy_inc_be_ctr(s->be); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 2083 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2084 | /* assign new parameters to the session from the new backend */ |
| 2085 | s->rep->rto = s->req->wto = s->be->timeout.server; |
| 2086 | s->req->cto = s->be->timeout.connect; |
| 2087 | s->conn_retries = s->be->conn_retries; |
Willy Tarreau | 32a4ec0 | 2009-04-02 11:35:18 +0200 | [diff] [blame^] | 2088 | if (s->be->options2 & PR_O2_RSPBUG_OK) |
| 2089 | s->txn.rsp.err_pos = -1; /* let buggy responses pass */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2090 | s->flags |= SN_BE_ASSIGNED; |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 2091 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2092 | } while (s->be != cur_proxy); /* we loop only if s->be has changed */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 2093 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2094 | if (!(s->flags & SN_BE_ASSIGNED)) { |
| 2095 | /* To ensure correct connection accounting on |
| 2096 | * the backend, we count the connection for the |
| 2097 | * one managing the queue. |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2098 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2099 | s->be->beconn++; |
| 2100 | if (s->be->beconn > s->be->beconn_max) |
| 2101 | s->be->beconn_max = s->be->beconn; |
Willy Tarreau | 7f062c4 | 2009-03-05 18:43:00 +0100 | [diff] [blame] | 2102 | proxy_inc_be_ctr(s->be); |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2103 | s->flags |= SN_BE_ASSIGNED; |
| 2104 | } |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2105 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2106 | /* |
| 2107 | * Right now, we know that we have processed the entire headers |
| 2108 | * and that unwanted requests have been filtered out. We can do |
| 2109 | * whatever we want with the remaining request. Also, now we |
| 2110 | * may have separate values for ->fe, ->be. |
| 2111 | */ |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2112 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2113 | /* |
| 2114 | * If HTTP PROXY is set we simply get remote server address |
| 2115 | * parsing incoming request. |
| 2116 | */ |
| 2117 | if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) { |
| 2118 | url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &s->srv_addr); |
| 2119 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 2120 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2121 | /* |
| 2122 | * 7: the appsession cookie was looked up very early in 1.2, |
| 2123 | * so let's do the same now. |
| 2124 | */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 2125 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2126 | /* It needs to look into the URI */ |
| 2127 | if (s->be->appsession_name) { |
| 2128 | get_srv_from_appsession(s, &req->data[msg->som], msg->sl.rq.l); |
| 2129 | } |
Willy Tarreau | 45e73e3 | 2006-12-17 00:05:15 +0100 | [diff] [blame] | 2130 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2131 | /* |
| 2132 | * 8: Now we can work with the cookies. |
| 2133 | * Note that doing so might move headers in the request, but |
| 2134 | * the fields will stay coherent and the URI will not move. |
| 2135 | * This should only be performed in the backend. |
| 2136 | */ |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 2137 | if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name) |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2138 | && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) |
| 2139 | manage_client_side_cookies(s, req); |
Willy Tarreau | 7ac51f6 | 2007-03-25 16:00:04 +0200 | [diff] [blame] | 2140 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2141 | /* |
| 2142 | * 9: add X-Forwarded-For if either the frontend or the backend |
| 2143 | * asks for it. |
| 2144 | */ |
| 2145 | if ((s->fe->options | s->be->options) & PR_O_FWDFOR) { |
| 2146 | if (s->cli_addr.ss_family == AF_INET) { |
| 2147 | /* Add an X-Forwarded-For header unless the source IP is |
| 2148 | * in the 'except' network range. |
| 2149 | */ |
| 2150 | if ((!s->fe->except_mask.s_addr || |
| 2151 | (((struct sockaddr_in *)&s->cli_addr)->sin_addr.s_addr & s->fe->except_mask.s_addr) |
| 2152 | != s->fe->except_net.s_addr) && |
| 2153 | (!s->be->except_mask.s_addr || |
| 2154 | (((struct sockaddr_in *)&s->cli_addr)->sin_addr.s_addr & s->be->except_mask.s_addr) |
| 2155 | != s->be->except_net.s_addr)) { |
Willy Tarreau | 2a32428 | 2006-12-05 00:05:46 +0100 | [diff] [blame] | 2156 | int len; |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2157 | unsigned char *pn; |
| 2158 | pn = (unsigned char *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr; |
Ross West | af72a1d | 2008-08-03 10:51:45 +0200 | [diff] [blame] | 2159 | |
| 2160 | /* Note: we rely on the backend to get the header name to be used for |
| 2161 | * x-forwarded-for, because the header is really meant for the backends. |
| 2162 | * However, if the backend did not specify any option, we have to rely |
| 2163 | * on the frontend's header name. |
| 2164 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2165 | if (s->be->fwdfor_hdr_len) { |
| 2166 | len = s->be->fwdfor_hdr_len; |
| 2167 | memcpy(trash, s->be->fwdfor_hdr_name, len); |
Ross West | af72a1d | 2008-08-03 10:51:45 +0200 | [diff] [blame] | 2168 | } else { |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2169 | len = s->fe->fwdfor_hdr_len; |
| 2170 | memcpy(trash, s->fe->fwdfor_hdr_name, len); |
| 2171 | } |
| 2172 | len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]); |
Willy Tarreau | edcf668 | 2008-11-30 23:15:34 +0100 | [diff] [blame] | 2173 | |
Willy Tarreau | 4af6f3a | 2007-03-18 22:36:26 +0100 | [diff] [blame] | 2174 | if (unlikely(http_header_add_tail2(req, &txn->req, |
| 2175 | &txn->hdr_idx, trash, len)) < 0) |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2176 | goto return_bad_req; |
Willy Tarreau | 2a32428 | 2006-12-05 00:05:46 +0100 | [diff] [blame] | 2177 | } |
| 2178 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2179 | else if (s->cli_addr.ss_family == AF_INET6) { |
| 2180 | /* FIXME: for the sake of completeness, we should also support |
| 2181 | * 'except' here, although it is mostly useless in this case. |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2182 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2183 | int len; |
| 2184 | char pn[INET6_ADDRSTRLEN]; |
| 2185 | inet_ntop(AF_INET6, |
| 2186 | (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr, |
| 2187 | pn, sizeof(pn)); |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2188 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2189 | /* Note: we rely on the backend to get the header name to be used for |
| 2190 | * x-forwarded-for, because the header is really meant for the backends. |
| 2191 | * However, if the backend did not specify any option, we have to rely |
| 2192 | * on the frontend's header name. |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2193 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2194 | if (s->be->fwdfor_hdr_len) { |
| 2195 | len = s->be->fwdfor_hdr_len; |
| 2196 | memcpy(trash, s->be->fwdfor_hdr_name, len); |
| 2197 | } else { |
| 2198 | len = s->fe->fwdfor_hdr_len; |
| 2199 | memcpy(trash, s->fe->fwdfor_hdr_name, len); |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2200 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2201 | len += sprintf(trash + len, ": %s", pn); |
Willy Tarreau | adfb856 | 2008-08-11 15:24:42 +0200 | [diff] [blame] | 2202 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2203 | if (unlikely(http_header_add_tail2(req, &txn->req, |
| 2204 | &txn->hdr_idx, trash, len)) < 0) |
| 2205 | goto return_bad_req; |
| 2206 | } |
| 2207 | } |
| 2208 | |
| 2209 | /* |
| 2210 | * 10: add "Connection: close" if needed and not yet set. |
| 2211 | * Note that we do not need to add it in case of HTTP/1.0. |
| 2212 | */ |
| 2213 | if (!(s->flags & SN_CONN_CLOSED) && |
| 2214 | ((s->fe->options | s->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) { |
| 2215 | if ((unlikely(msg->sl.rq.v_l != 8) || |
| 2216 | unlikely(req->data[msg->som + msg->sl.rq.v + 7] != '0')) && |
| 2217 | unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx, |
| 2218 | "Connection: close", 17)) < 0) |
| 2219 | goto return_bad_req; |
| 2220 | s->flags |= SN_CONN_CLOSED; |
| 2221 | } |
| 2222 | /* Before we switch to data, was assignment set in manage_client_side_cookie? |
| 2223 | * If not assigned, perhaps we are balancing on url_param, but this is a |
| 2224 | * POST; and the parameters are in the body, maybe scan there to find our server. |
| 2225 | * (unless headers overflowed the buffer?) |
| 2226 | */ |
| 2227 | if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) && |
| 2228 | s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL && |
| 2229 | s->be->url_param_post_limit != 0 && !(req->flags & BF_FULL) && |
| 2230 | memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) { |
| 2231 | /* are there enough bytes here? total == l || r || rlim ? |
| 2232 | * len is unsigned, but eoh is int, |
| 2233 | * how many bytes of body have we received? |
| 2234 | * eoh is the first empty line of the header |
| 2235 | */ |
| 2236 | /* already established CRLF or LF at eoh, move to start of message, find message length in buffer */ |
| 2237 | unsigned long len = req->l - (msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1); |
| 2238 | |
| 2239 | /* If we have HTTP/1.1 and Expect: 100-continue, then abort. |
| 2240 | * We can't assume responsibility for the server's decision, |
| 2241 | * on this URI and header set. See rfc2616: 14.20, 8.2.3, |
| 2242 | * We also can't change our mind later, about which server to choose, so round robin. |
| 2243 | */ |
| 2244 | if ((likely(msg->sl.rq.v_l == 8) && req->data[msg->som + msg->sl.rq.v + 7] == '1')) { |
| 2245 | struct hdr_ctx ctx; |
| 2246 | ctx.idx = 0; |
| 2247 | /* Expect is allowed in 1.1, look for it */ |
| 2248 | http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx); |
| 2249 | if (ctx.idx != 0 && |
| 2250 | unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) |
| 2251 | /* We can't reliablly stall and wait for data, because of |
| 2252 | * .NET clients that don't conform to rfc2616; so, no need for |
| 2253 | * the next block to check length expectations. |
| 2254 | * We could send 100 status back to the client, but then we need to |
| 2255 | * re-write headers, and send the message. And this isn't the right |
| 2256 | * place for that action. |
| 2257 | * TODO: support Expect elsewhere and delete this block. |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2258 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2259 | goto end_check_maybe_wait_for_body; |
| 2260 | } |
| 2261 | |
| 2262 | if (likely(len > s->be->url_param_post_limit)) { |
| 2263 | /* nothing to do, we got enough */ |
| 2264 | } else { |
| 2265 | /* limit implies we are supposed to need this many bytes |
| 2266 | * to find the parameter. Let's see how many bytes we can wait for. |
| 2267 | */ |
| 2268 | long long hint = len; |
| 2269 | struct hdr_ctx ctx; |
| 2270 | ctx.idx = 0; |
| 2271 | http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx); |
| 2272 | if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) { |
| 2273 | buffer_write_dis(req); |
| 2274 | req->analysers |= AN_REQ_HTTP_BODY; |
| 2275 | } |
| 2276 | else { |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2277 | ctx.idx = 0; |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2278 | http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx); |
| 2279 | /* now if we have a length, we'll take the hint */ |
| 2280 | if (ctx.idx) { |
| 2281 | /* We have Content-Length */ |
| 2282 | if (strl2llrc(ctx.line+ctx.val,ctx.vlen, &hint)) |
| 2283 | hint = 0; /* parse failure, untrusted client */ |
| 2284 | else { |
| 2285 | if (hint > 0) |
| 2286 | msg->hdr_content_len = hint; |
| 2287 | else |
| 2288 | hint = 0; /* bad client, sent negative length */ |
| 2289 | } |
| 2290 | } |
| 2291 | /* but limited to what we care about, maybe we don't expect any entity data (hint == 0) */ |
| 2292 | if (s->be->url_param_post_limit < hint) |
| 2293 | hint = s->be->url_param_post_limit; |
| 2294 | /* now do we really need to buffer more data? */ |
| 2295 | if (len < hint) { |
Willy Tarreau | 3da77c5 | 2008-08-29 09:58:42 +0200 | [diff] [blame] | 2296 | buffer_write_dis(req); |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2297 | req->analysers |= AN_REQ_HTTP_BODY; |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 2298 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2299 | /* else... There are no body bytes to wait for */ |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 2300 | } |
| 2301 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2302 | } |
| 2303 | end_check_maybe_wait_for_body: |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2304 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2305 | /************************************************************* |
| 2306 | * OK, that's finished for the headers. We have done what we * |
| 2307 | * could. Let's switch to the DATA state. * |
| 2308 | ************************************************************/ |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2309 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2310 | buffer_set_rlim(req, BUFSIZE); /* no more rewrite needed */ |
| 2311 | s->logs.tv_request = now; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2312 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2313 | /* When a connection is tarpitted, we use the tarpit timeout, |
| 2314 | * which may be the same as the connect timeout if unspecified. |
| 2315 | * If unset, then set it to zero because we really want it to |
| 2316 | * eventually expire. We build the tarpit as an analyser. |
| 2317 | */ |
| 2318 | if (txn->flags & TX_CLTARPIT) { |
Willy Tarreau | 6f0aa47 | 2009-03-08 20:33:29 +0100 | [diff] [blame] | 2319 | buffer_erase(s->req); |
| 2320 | /* wipe the request out so that we can drop the connection early |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2321 | * if the client closes first. |
Willy Tarreau | 2a32428 | 2006-12-05 00:05:46 +0100 | [diff] [blame] | 2322 | */ |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2323 | buffer_write_dis(req); |
| 2324 | req->analysers |= AN_REQ_HTTP_TARPIT; |
| 2325 | req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit); |
| 2326 | if (!req->analyse_exp) |
Willy Tarreau | 2ab85e6 | 2009-03-29 10:24:15 +0200 | [diff] [blame] | 2327 | req->analyse_exp = tick_add(now_ms, 0); |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2328 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2329 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2330 | /* OK let's go on with the BODY now */ |
| 2331 | return 1; |
Willy Tarreau | 0661926 | 2006-12-17 08:37:22 +0100 | [diff] [blame] | 2332 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2333 | return_bad_req: /* let's centralize all bad requests */ |
Willy Tarreau | f073a83 | 2009-03-01 23:21:47 +0100 | [diff] [blame] | 2334 | if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) { |
| 2335 | /* we detected a parsing error. We want to archive this request |
| 2336 | * in the dedicated proxy area for later troubleshooting. |
| 2337 | */ |
| 2338 | struct error_snapshot *es = &s->fe->invalid_req; |
| 2339 | int maxlen = MIN(req->r - req->data + msg->som, sizeof(es->buf)); |
| 2340 | memcpy(es->buf, req->data + msg->som, maxlen); |
| 2341 | es->pos = req->lr - req->data + msg->som; |
| 2342 | es->len = req->r - req->data + msg->som; |
Willy Tarreau | defc52d | 2009-03-04 20:53:44 +0100 | [diff] [blame] | 2343 | es->when = date; // user-visible date |
Willy Tarreau | f073a83 | 2009-03-01 23:21:47 +0100 | [diff] [blame] | 2344 | es->sid = s->uniq_id; |
| 2345 | es->srv = s->srv; |
| 2346 | es->oe = s->be; |
| 2347 | es->src = s->cli_addr; |
| 2348 | } |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2349 | txn->req.msg_state = HTTP_MSG_ERROR; |
| 2350 | txn->status = 400; |
| 2351 | req->analysers = 0; |
| 2352 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400)); |
| 2353 | s->fe->failed_req++; |
Willy Tarreau | adfb856 | 2008-08-11 15:24:42 +0200 | [diff] [blame] | 2354 | |
Willy Tarreau | 59234e9 | 2008-11-30 23:51:27 +0100 | [diff] [blame] | 2355 | return_prx_cond: |
| 2356 | if (!(s->flags & SN_ERR_MASK)) |
| 2357 | s->flags |= SN_ERR_PRXCOND; |
| 2358 | if (!(s->flags & SN_FINST_MASK)) |
| 2359 | s->flags |= SN_FINST_R; |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2360 | return 0; |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 2361 | } |
Willy Tarreau | adfb856 | 2008-08-11 15:24:42 +0200 | [diff] [blame] | 2362 | |
Willy Tarreau | 60b85b0 | 2008-11-30 23:28:40 +0100 | [diff] [blame] | 2363 | /* This function is an analyser which processes the HTTP tarpit. It always |
| 2364 | * returns zero, at the beginning because it prevents any other processing |
| 2365 | * from occurring, and at the end because it terminates the request. |
| 2366 | */ |
| 2367 | int http_process_tarpit(struct session *s, struct buffer *req) |
| 2368 | { |
| 2369 | struct http_txn *txn = &s->txn; |
| 2370 | |
| 2371 | /* This connection is being tarpitted. The CLIENT side has |
| 2372 | * already set the connect expiration date to the right |
| 2373 | * timeout. We just have to check that the client is still |
| 2374 | * there and that the timeout has not expired. |
| 2375 | */ |
| 2376 | if ((req->flags & (BF_SHUTR|BF_READ_ERROR)) == 0 && |
| 2377 | !tick_is_expired(req->analyse_exp, now_ms)) |
| 2378 | return 0; |
| 2379 | |
| 2380 | /* We will set the queue timer to the time spent, just for |
| 2381 | * logging purposes. We fake a 500 server error, so that the |
| 2382 | * attacker will not suspect his connection has been tarpitted. |
| 2383 | * It will not cause trouble to the logs because we can exclude |
| 2384 | * the tarpitted connections by filtering on the 'PT' status flags. |
| 2385 | */ |
Willy Tarreau | 60b85b0 | 2008-11-30 23:28:40 +0100 | [diff] [blame] | 2386 | s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now); |
| 2387 | |
| 2388 | txn->status = 500; |
| 2389 | if (req->flags != BF_READ_ERROR) |
| 2390 | stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_500)); |
| 2391 | |
| 2392 | req->analysers = 0; |
| 2393 | req->analyse_exp = TICK_ETERNITY; |
| 2394 | |
| 2395 | s->fe->failed_req++; |
| 2396 | if (!(s->flags & SN_ERR_MASK)) |
| 2397 | s->flags |= SN_ERR_PRXCOND; |
| 2398 | if (!(s->flags & SN_FINST_MASK)) |
| 2399 | s->flags |= SN_FINST_T; |
| 2400 | return 0; |
| 2401 | } |
| 2402 | |
Willy Tarreau | d34af78 | 2008-11-30 23:36:37 +0100 | [diff] [blame] | 2403 | /* This function is an analyser which processes the HTTP request body. It looks |
| 2404 | * for parameters to be used for the load balancing algorithm (url_param). It |
| 2405 | * must only be called after the standard HTTP request processing has occurred, |
| 2406 | * because it expects the request to be parsed. It returns zero if it needs to |
| 2407 | * read more data, or 1 once it has completed its analysis. |
| 2408 | */ |
| 2409 | int http_process_request_body(struct session *s, struct buffer *req) |
| 2410 | { |
| 2411 | struct http_msg *msg = &s->txn.req; |
| 2412 | unsigned long body = msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1; |
| 2413 | long long limit = s->be->url_param_post_limit; |
| 2414 | struct hdr_ctx ctx; |
| 2415 | |
| 2416 | /* We have to parse the HTTP request body to find any required data. |
| 2417 | * "balance url_param check_post" should have been the only way to get |
| 2418 | * into this. We were brought here after HTTP header analysis, so all |
| 2419 | * related structures are ready. |
| 2420 | */ |
| 2421 | |
| 2422 | ctx.idx = 0; |
| 2423 | |
| 2424 | /* now if we have a length, we'll take the hint */ |
| 2425 | http_find_header2("Transfer-Encoding", 17, msg->sol, &s->txn.hdr_idx, &ctx); |
| 2426 | if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) { |
| 2427 | unsigned int chunk = 0; |
| 2428 | while (body < req->l && !HTTP_IS_CRLF(msg->sol[body])) { |
| 2429 | char c = msg->sol[body]; |
| 2430 | if (ishex(c)) { |
| 2431 | unsigned int hex = toupper(c) - '0'; |
| 2432 | if (hex > 9) |
| 2433 | hex -= 'A' - '9' - 1; |
| 2434 | chunk = (chunk << 4) | hex; |
| 2435 | } else |
| 2436 | break; |
| 2437 | body++; |
| 2438 | } |
| 2439 | if (body + 2 >= req->l) /* we want CRLF too */ |
| 2440 | goto http_body_end; /* end of buffer? data missing! */ |
| 2441 | |
| 2442 | if (memcmp(msg->sol+body, "\r\n", 2) != 0) |
| 2443 | goto http_body_end; /* chunked encoding len ends with CRLF, and we don't have it yet */ |
| 2444 | |
| 2445 | body += 2; // skip CRLF |
| 2446 | |
| 2447 | /* if we support more then one chunk here, we have to do it again when assigning server |
| 2448 | * 1. how much entity data do we have? new var |
| 2449 | * 2. should save entity_start, entity_cursor, elen & rlen in req; so we don't repeat scanning here |
| 2450 | * 3. test if elen > limit, or set new limit to elen if 0 (end of entity found) |
| 2451 | */ |
| 2452 | |
| 2453 | if (chunk < limit) |
| 2454 | limit = chunk; /* only reading one chunk */ |
| 2455 | } else { |
| 2456 | if (msg->hdr_content_len < limit) |
| 2457 | limit = msg->hdr_content_len; |
| 2458 | } |
| 2459 | |
| 2460 | http_body_end: |
| 2461 | /* we leave once we know we have nothing left to do. This means that we have |
| 2462 | * enough bytes, or that we know we'll not get any more (buffer full, read |
| 2463 | * buffer closed). |
| 2464 | */ |
| 2465 | if (req->l - body >= limit || /* enough bytes! */ |
| 2466 | req->flags & (BF_FULL | BF_READ_ERROR | BF_SHUTR | BF_READ_TIMEOUT) || |
| 2467 | tick_is_expired(req->analyse_exp, now_ms)) { |
| 2468 | /* The situation will not evolve, so let's give up on the analysis. */ |
| 2469 | s->logs.tv_request = now; /* update the request timer to reflect full request */ |
| 2470 | req->analysers &= ~AN_REQ_HTTP_BODY; |
| 2471 | req->analyse_exp = TICK_ETERNITY; |
| 2472 | return 1; |
| 2473 | } |
| 2474 | else { |
| 2475 | /* Not enough data. We'll re-use the http-request |
| 2476 | * timeout here. Ideally, we should set the timeout |
| 2477 | * relative to the accept() date. We just set the |
| 2478 | * request timeout once at the beginning of the |
| 2479 | * request. |
| 2480 | */ |
| 2481 | buffer_write_dis(req); |
| 2482 | if (!tick_isset(req->analyse_exp)) |
| 2483 | req->analyse_exp = tick_add_ifset(now_ms, s->fe->timeout.httpreq); |
| 2484 | return 0; |
| 2485 | } |
| 2486 | } |
| 2487 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2488 | /* This function performs all the processing enabled for the current response. |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2489 | * It normally returns zero, but may return 1 if it absolutely needs to be |
| 2490 | * called again after other functions. It relies on buffers flags, and updates |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2491 | * t->rep->analysers. It might make sense to explode it into several other |
Willy Tarreau | 41f40ed | 2008-08-21 10:05:00 +0200 | [diff] [blame] | 2492 | * functions. It works like process_request (see indications above). |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 2493 | */ |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2494 | int process_response(struct session *t) |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 2495 | { |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2496 | struct http_txn *txn = &t->txn; |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 2497 | struct buffer *req = t->req; |
| 2498 | struct buffer *rep = t->rep; |
Willy Tarreau | adfb856 | 2008-08-11 15:24:42 +0200 | [diff] [blame] | 2499 | |
Willy Tarreau | 3a16b2c | 2008-08-28 08:54:27 +0200 | [diff] [blame] | 2500 | DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n", |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 2501 | now_ms, __FUNCTION__, |
Willy Tarreau | 3a16b2c | 2008-08-28 08:54:27 +0200 | [diff] [blame] | 2502 | t, |
| 2503 | rep, |
| 2504 | rep->rex, rep->wex, |
| 2505 | rep->flags, |
| 2506 | rep->l, |
| 2507 | rep->analysers); |
Willy Tarreau | 67f0eea | 2008-08-10 22:55:22 +0200 | [diff] [blame] | 2508 | |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2509 | if (rep->analysers & AN_RTR_HTTP_HDR) { /* receiving server headers */ |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2510 | /* |
| 2511 | * Now parse the partial (or complete) lines. |
| 2512 | * We will check the response syntax, and also join multi-line |
| 2513 | * headers. An index of all the lines will be elaborated while |
| 2514 | * parsing. |
| 2515 | * |
| 2516 | * For the parsing, we use a 28 states FSM. |
| 2517 | * |
| 2518 | * Here is the information we currently have : |
Willy Tarreau | e393fe2 | 2008-08-16 22:18:07 +0200 | [diff] [blame] | 2519 | * rep->data + rep->som = beginning of response |
| 2520 | * rep->data + rep->eoh = end of processed headers / start of current one |
| 2521 | * rep->data + rep->eol = end of current header or line (LF or CRLF) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2522 | * rep->lr = first non-visited byte |
| 2523 | * rep->r = end of data |
| 2524 | */ |
Willy Tarreau | 7f875f6 | 2008-08-11 17:35:01 +0200 | [diff] [blame] | 2525 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2526 | int cur_idx; |
| 2527 | struct http_msg *msg = &txn->rsp; |
| 2528 | struct proxy *cur_proxy; |
| 2529 | |
| 2530 | if (likely(rep->lr < rep->r)) |
| 2531 | http_msg_analyzer(rep, msg, &txn->hdr_idx); |
| 2532 | |
| 2533 | /* 1: we might have to print this header in debug mode */ |
| 2534 | if (unlikely((global.mode & MODE_DEBUG) && |
| 2535 | (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) && |
| 2536 | (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) { |
| 2537 | char *eol, *sol; |
| 2538 | |
| 2539 | sol = rep->data + msg->som; |
| 2540 | eol = sol + msg->sl.rq.l; |
| 2541 | debug_hdr("srvrep", t, sol, eol); |
| 2542 | |
| 2543 | sol += hdr_idx_first_pos(&txn->hdr_idx); |
| 2544 | cur_idx = hdr_idx_first_idx(&txn->hdr_idx); |
| 2545 | |
| 2546 | while (cur_idx) { |
| 2547 | eol = sol + txn->hdr_idx.v[cur_idx].len; |
| 2548 | debug_hdr("srvhdr", t, sol, eol); |
| 2549 | sol = eol + txn->hdr_idx.v[cur_idx].cr + 1; |
| 2550 | cur_idx = txn->hdr_idx.v[cur_idx].next; |
Willy Tarreau | c65a3ba | 2008-08-11 23:42:50 +0200 | [diff] [blame] | 2551 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2552 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2553 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2554 | /* |
| 2555 | * Now we quickly check if we have found a full valid response. |
| 2556 | * If not so, we check the FD and buffer states before leaving. |
| 2557 | * A full response is indicated by the fact that we have seen |
| 2558 | * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid |
| 2559 | * responses are checked first. |
| 2560 | * |
| 2561 | * Depending on whether the client is still there or not, we |
| 2562 | * may send an error response back or not. Note that normally |
| 2563 | * we should only check for HTTP status there, and check I/O |
| 2564 | * errors somewhere else. |
| 2565 | */ |
| 2566 | |
| 2567 | if (unlikely(msg->msg_state != HTTP_MSG_BODY)) { |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2568 | /* Invalid response */ |
| 2569 | if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) { |
Willy Tarreau | f073a83 | 2009-03-01 23:21:47 +0100 | [diff] [blame] | 2570 | /* we detected a parsing error. We want to archive this response |
| 2571 | * in the dedicated proxy area for later troubleshooting. |
| 2572 | */ |
| 2573 | struct error_snapshot *es = &t->be->invalid_rep; |
| 2574 | int maxlen = MIN(rep->r - rep->data + msg->som, sizeof(es->buf)); |
| 2575 | memcpy(es->buf, rep->data + msg->som, maxlen); |
| 2576 | es->pos = rep->lr - rep->data + msg->som; |
| 2577 | es->len = rep->r - rep->data + msg->som; |
Willy Tarreau | defc52d | 2009-03-04 20:53:44 +0100 | [diff] [blame] | 2578 | es->when = date; // user-visible date |
Willy Tarreau | f073a83 | 2009-03-01 23:21:47 +0100 | [diff] [blame] | 2579 | es->sid = t->uniq_id; |
| 2580 | es->srv = t->srv; |
| 2581 | es->oe = t->fe; |
| 2582 | es->src = t->cli_addr; |
| 2583 | |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2584 | hdr_response_bad: |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 2585 | buffer_shutr_now(rep); |
| 2586 | buffer_shutw_now(req); |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2587 | if (t->srv) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2588 | t->srv->failed_resp++; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2589 | t->be->failed_resp++; |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2590 | rep->analysers = 0; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2591 | txn->status = 502; |
Willy Tarreau | 81acfab | 2008-11-30 19:22:53 +0100 | [diff] [blame] | 2592 | stream_int_return(rep->cons, error_message(t, HTTP_ERR_502)); |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2593 | if (!(t->flags & SN_ERR_MASK)) |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2594 | t->flags |= SN_ERR_PRXCOND; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2595 | if (!(t->flags & SN_FINST_MASK)) |
| 2596 | t->flags |= SN_FINST_H; |
Willy Tarreau | 461f662 | 2008-08-15 23:43:19 +0200 | [diff] [blame] | 2597 | |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2598 | return 0; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2599 | } |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2600 | /* too large response does not fit in buffer. */ |
| 2601 | else if (rep->flags & BF_FULL) { |
| 2602 | goto hdr_response_bad; |
| 2603 | } |
| 2604 | /* read error */ |
| 2605 | else if (rep->flags & BF_READ_ERROR) { |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 2606 | buffer_shutr_now(rep); |
| 2607 | buffer_shutw_now(req); |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2608 | if (t->srv) |
| 2609 | t->srv->failed_resp++; |
| 2610 | t->be->failed_resp++; |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2611 | rep->analysers = 0; |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2612 | txn->status = 502; |
Willy Tarreau | 81acfab | 2008-11-30 19:22:53 +0100 | [diff] [blame] | 2613 | stream_int_return(rep->cons, error_message(t, HTTP_ERR_502)); |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2614 | if (!(t->flags & SN_ERR_MASK)) |
| 2615 | t->flags |= SN_ERR_SRVCL; |
| 2616 | if (!(t->flags & SN_FINST_MASK)) |
| 2617 | t->flags |= SN_FINST_H; |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2618 | return 0; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2619 | } |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2620 | /* read timeout : return a 504 to the client. */ |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2621 | else if (rep->flags & BF_READ_TIMEOUT) { |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 2622 | buffer_shutr_now(rep); |
| 2623 | buffer_shutw_now(req); |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2624 | if (t->srv) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2625 | t->srv->failed_resp++; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2626 | t->be->failed_resp++; |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2627 | rep->analysers = 0; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2628 | txn->status = 504; |
Willy Tarreau | 81acfab | 2008-11-30 19:22:53 +0100 | [diff] [blame] | 2629 | stream_int_return(rep->cons, error_message(t, HTTP_ERR_504)); |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2630 | if (!(t->flags & SN_ERR_MASK)) |
| 2631 | t->flags |= SN_ERR_SRVTO; |
| 2632 | if (!(t->flags & SN_FINST_MASK)) |
| 2633 | t->flags |= SN_FINST_H; |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2634 | return 0; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2635 | } |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2636 | /* close from server */ |
| 2637 | else if (rep->flags & BF_SHUTR) { |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2638 | buffer_shutw_now(req); |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2639 | if (t->srv) |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2640 | t->srv->failed_resp++; |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2641 | t->be->failed_resp++; |
| 2642 | rep->analysers = 0; |
| 2643 | txn->status = 502; |
Willy Tarreau | 81acfab | 2008-11-30 19:22:53 +0100 | [diff] [blame] | 2644 | stream_int_return(rep->cons, error_message(t, HTTP_ERR_502)); |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2645 | if (!(t->flags & SN_ERR_MASK)) |
| 2646 | t->flags |= SN_ERR_SRVCL; |
| 2647 | if (!(t->flags & SN_FINST_MASK)) |
| 2648 | t->flags |= SN_FINST_H; |
Willy Tarreau | f9839bd | 2008-08-27 23:57:16 +0200 | [diff] [blame] | 2649 | return 0; |
| 2650 | } |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2651 | /* write error to client (we don't send any message then) */ |
| 2652 | else if (rep->flags & BF_WRITE_ERROR) { |
| 2653 | buffer_shutr_now(rep); |
| 2654 | t->be->failed_resp++; |
| 2655 | rep->analysers = 0; |
| 2656 | if (!(t->flags & SN_ERR_MASK)) |
| 2657 | t->flags |= SN_ERR_CLICL; |
| 2658 | if (!(t->flags & SN_FINST_MASK)) |
| 2659 | t->flags |= SN_FINST_H; |
| 2660 | return 0; |
| 2661 | } |
Willy Tarreau | 3da77c5 | 2008-08-29 09:58:42 +0200 | [diff] [blame] | 2662 | buffer_write_dis(rep); |
Willy Tarreau | cebf57e | 2008-08-15 18:16:37 +0200 | [diff] [blame] | 2663 | return 0; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2664 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2665 | |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2666 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2667 | /***************************************************************** |
| 2668 | * More interesting part now : we know that we have a complete * |
| 2669 | * response which at least looks like HTTP. We have an indicator * |
| 2670 | * of each header's length, so we can parse them quickly. * |
| 2671 | ****************************************************************/ |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2672 | |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2673 | rep->analysers &= ~AN_RTR_HTTP_HDR; |
Willy Tarreau | a7c5276 | 2008-08-16 18:40:18 +0200 | [diff] [blame] | 2674 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2675 | /* ensure we keep this pointer to the beginning of the message */ |
| 2676 | msg->sol = rep->data + msg->som; |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2677 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2678 | /* |
| 2679 | * 1: get the status code and check for cacheability. |
| 2680 | */ |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2681 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2682 | t->logs.logwait &= ~LW_RESP; |
| 2683 | txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l); |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2684 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2685 | switch (txn->status) { |
| 2686 | case 200: |
| 2687 | case 203: |
| 2688 | case 206: |
| 2689 | case 300: |
| 2690 | case 301: |
| 2691 | case 410: |
| 2692 | /* RFC2616 @13.4: |
| 2693 | * "A response received with a status code of |
| 2694 | * 200, 203, 206, 300, 301 or 410 MAY be stored |
| 2695 | * by a cache (...) unless a cache-control |
| 2696 | * directive prohibits caching." |
| 2697 | * |
| 2698 | * RFC2616 @9.5: POST method : |
| 2699 | * "Responses to this method are not cacheable, |
| 2700 | * unless the response includes appropriate |
| 2701 | * Cache-Control or Expires header fields." |
| 2702 | */ |
| 2703 | if (likely(txn->meth != HTTP_METH_POST) && |
| 2704 | (t->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC))) |
| 2705 | txn->flags |= TX_CACHEABLE | TX_CACHE_COOK; |
| 2706 | break; |
| 2707 | default: |
| 2708 | break; |
| 2709 | } |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2710 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2711 | /* |
| 2712 | * 2: we may need to capture headers |
| 2713 | */ |
| 2714 | if (unlikely((t->logs.logwait & LW_RSPHDR) && t->fe->rsp_cap)) |
| 2715 | capture_headers(rep->data + msg->som, &txn->hdr_idx, |
| 2716 | txn->rsp.cap, t->fe->rsp_cap); |
| 2717 | |
| 2718 | /* |
| 2719 | * 3: we will have to evaluate the filters. |
| 2720 | * As opposed to version 1.2, now they will be evaluated in the |
| 2721 | * filters order and not in the header order. This means that |
| 2722 | * each filter has to be validated among all headers. |
| 2723 | * |
| 2724 | * Filters are tried with ->be first, then with ->fe if it is |
| 2725 | * different from ->be. |
| 2726 | */ |
| 2727 | |
| 2728 | t->flags &= ~SN_CONN_CLOSED; /* prepare for inspection */ |
| 2729 | |
| 2730 | cur_proxy = t->be; |
| 2731 | while (1) { |
| 2732 | struct proxy *rule_set = cur_proxy; |
| 2733 | |
| 2734 | /* try headers filters */ |
| 2735 | if (rule_set->rsp_exp != NULL) { |
| 2736 | if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) { |
| 2737 | return_bad_resp: |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2738 | if (t->srv) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2739 | t->srv->failed_resp++; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2740 | cur_proxy->failed_resp++; |
| 2741 | return_srv_prx_502: |
Willy Tarreau | fa7e102 | 2008-10-19 07:30:41 +0200 | [diff] [blame] | 2742 | buffer_shutr_now(rep); |
| 2743 | buffer_shutw_now(req); |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2744 | rep->analysers = 0; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2745 | txn->status = 502; |
Willy Tarreau | 81acfab | 2008-11-30 19:22:53 +0100 | [diff] [blame] | 2746 | stream_int_return(rep->cons, error_message(t, HTTP_ERR_502)); |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2747 | if (!(t->flags & SN_ERR_MASK)) |
| 2748 | t->flags |= SN_ERR_PRXCOND; |
| 2749 | if (!(t->flags & SN_FINST_MASK)) |
| 2750 | t->flags |= SN_FINST_H; |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2751 | return 0; |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2752 | } |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2753 | } |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 2754 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2755 | /* has the response been denied ? */ |
| 2756 | if (txn->flags & TX_SVDENY) { |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2757 | if (t->srv) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2758 | t->srv->failed_secu++; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2759 | cur_proxy->denied_resp++; |
| 2760 | goto return_srv_prx_502; |
Willy Tarreau | 5140623 | 2008-03-10 22:04:20 +0100 | [diff] [blame] | 2761 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2762 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2763 | /* We might have to check for "Connection:" */ |
| 2764 | if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) && |
| 2765 | !(t->flags & SN_CONN_CLOSED)) { |
| 2766 | char *cur_ptr, *cur_end, *cur_next; |
| 2767 | int cur_idx, old_idx, delta, val; |
| 2768 | struct hdr_idx_elem *cur_hdr; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2769 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2770 | cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 2771 | old_idx = 0; |
Willy Tarreau | 541b5c2 | 2008-01-06 23:34:21 +0100 | [diff] [blame] | 2772 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2773 | while ((cur_idx = txn->hdr_idx.v[old_idx].next)) { |
| 2774 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
| 2775 | cur_ptr = cur_next; |
| 2776 | cur_end = cur_ptr + cur_hdr->len; |
| 2777 | cur_next = cur_end + cur_hdr->cr + 1; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2778 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2779 | val = http_header_match2(cur_ptr, cur_end, "Connection", 10); |
| 2780 | if (val) { |
| 2781 | /* 3 possibilities : |
| 2782 | * - we have already set Connection: close, |
| 2783 | * so we remove this line. |
| 2784 | * - we have not yet set Connection: close, |
| 2785 | * but this line indicates close. We leave |
| 2786 | * it untouched and set the flag. |
| 2787 | * - we have not yet set Connection: close, |
| 2788 | * and this line indicates non-close. We |
| 2789 | * replace it. |
| 2790 | */ |
| 2791 | if (t->flags & SN_CONN_CLOSED) { |
| 2792 | delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0); |
| 2793 | txn->rsp.eoh += delta; |
| 2794 | cur_next += delta; |
| 2795 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 2796 | txn->hdr_idx.used--; |
| 2797 | cur_hdr->len = 0; |
| 2798 | } else { |
| 2799 | if (strncasecmp(cur_ptr + val, "close", 5) != 0) { |
| 2800 | delta = buffer_replace2(rep, cur_ptr + val, cur_end, |
| 2801 | "close", 5); |
| 2802 | cur_next += delta; |
| 2803 | cur_hdr->len += delta; |
| 2804 | txn->rsp.eoh += delta; |
| 2805 | } |
| 2806 | t->flags |= SN_CONN_CLOSED; |
| 2807 | } |
| 2808 | } |
| 2809 | old_idx = cur_idx; |
Willy Tarreau | 541b5c2 | 2008-01-06 23:34:21 +0100 | [diff] [blame] | 2810 | } |
| 2811 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2812 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2813 | /* add response headers from the rule sets in the same order */ |
| 2814 | for (cur_idx = 0; cur_idx < rule_set->nb_rspadd; cur_idx++) { |
| 2815 | if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx, |
| 2816 | rule_set->rsp_add[cur_idx])) < 0) |
| 2817 | goto return_bad_resp; |
Willy Tarreau | 0bbc3cf | 2006-10-15 14:26:02 +0200 | [diff] [blame] | 2818 | } |
| 2819 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2820 | /* check whether we're already working on the frontend */ |
| 2821 | if (cur_proxy == t->fe) |
| 2822 | break; |
| 2823 | cur_proxy = t->fe; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2824 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2825 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2826 | /* |
| 2827 | * 4: check for server cookie. |
| 2828 | */ |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 2829 | if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2830 | || (t->be->options & PR_O_CHK_CACHE)) |
| 2831 | manage_server_side_cookies(t, rep); |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2832 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2833 | |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2834 | /* |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2835 | * 5: check for cache-control or pragma headers if required. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2836 | */ |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2837 | if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0) |
| 2838 | check_response_for_cacheability(t, rep); |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2839 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2840 | /* |
| 2841 | * 6: add server cookie in the response if needed |
| 2842 | */ |
| 2843 | if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) && |
| 2844 | (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) { |
| 2845 | int len; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2846 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2847 | /* the server is known, it's not the one the client requested, we have to |
| 2848 | * insert a set-cookie here, except if we want to insert only on POST |
| 2849 | * requests and this one isn't. Note that servers which don't have cookies |
| 2850 | * (eg: some backup servers) will return a full cookie removal request. |
| 2851 | */ |
| 2852 | len = sprintf(trash, "Set-Cookie: %s=%s; path=/", |
| 2853 | t->be->cookie_name, |
| 2854 | t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT"); |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2855 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2856 | if (t->be->cookie_domain) |
| 2857 | len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain); |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2858 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2859 | if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx, |
| 2860 | trash, len)) < 0) |
| 2861 | goto return_bad_resp; |
| 2862 | txn->flags |= TX_SCK_INSERTED; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2863 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2864 | /* Here, we will tell an eventual cache on the client side that we don't |
| 2865 | * want it to cache this reply because HTTP/1.0 caches also cache cookies ! |
| 2866 | * Some caches understand the correct form: 'no-cache="set-cookie"', but |
| 2867 | * others don't (eg: apache <= 1.3.26). So we use 'private' instead. |
| 2868 | */ |
| 2869 | if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) { |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2870 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2871 | txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK; |
| 2872 | |
| 2873 | if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx, |
| 2874 | "Cache-control: private", 22)) < 0) |
| 2875 | goto return_bad_resp; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2876 | } |
| 2877 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2878 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2879 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2880 | /* |
| 2881 | * 7: check if result will be cacheable with a cookie. |
| 2882 | * We'll block the response if security checks have caught |
| 2883 | * nasty things such as a cacheable cookie. |
| 2884 | */ |
| 2885 | if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) == |
| 2886 | (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) && |
| 2887 | (t->be->options & PR_O_CHK_CACHE)) { |
| 2888 | |
| 2889 | /* we're in presence of a cacheable response containing |
| 2890 | * a set-cookie header. We'll block it as requested by |
| 2891 | * the 'checkcache' option, and send an alert. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2892 | */ |
Willy Tarreau | 8365f93 | 2009-03-15 23:11:49 +0100 | [diff] [blame] | 2893 | if (t->srv) |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2894 | t->srv->failed_secu++; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2895 | t->be->denied_resp++; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2896 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2897 | Alert("Blocking cacheable cookie in response from instance %s, server %s.\n", |
| 2898 | t->be->id, t->srv?t->srv->id:"<dispatch>"); |
| 2899 | send_log(t->be, LOG_ALERT, |
| 2900 | "Blocking cacheable cookie in response from instance %s, server %s.\n", |
| 2901 | t->be->id, t->srv?t->srv->id:"<dispatch>"); |
| 2902 | goto return_srv_prx_502; |
| 2903 | } |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2904 | |
| 2905 | /* |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2906 | * 8: add "Connection: close" if needed and not yet set. |
| 2907 | * Note that we do not need to add it in case of HTTP/1.0. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2908 | */ |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2909 | if (!(t->flags & SN_CONN_CLOSED) && |
| 2910 | ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) { |
| 2911 | if ((unlikely(msg->sl.st.v_l != 8) || |
| 2912 | unlikely(req->data[msg->som + 7] != '0')) && |
| 2913 | unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx, |
| 2914 | "Connection: close", 17)) < 0) |
| 2915 | goto return_bad_resp; |
| 2916 | t->flags |= SN_CONN_CLOSED; |
| 2917 | } |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2918 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2919 | /************************************************************* |
| 2920 | * OK, that's finished for the headers. We have done what we * |
| 2921 | * could. Let's switch to the DATA state. * |
| 2922 | ************************************************************/ |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2923 | |
Willy Tarreau | e393fe2 | 2008-08-16 22:18:07 +0200 | [diff] [blame] | 2924 | buffer_set_rlim(rep, BUFSIZE); /* no more rewrite needed */ |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2925 | t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now); |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2926 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2927 | #ifdef CONFIG_HAP_TCPSPLICE |
| 2928 | if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) { |
| 2929 | /* TCP splicing supported by both FE and BE */ |
Willy Tarreau | 3a16b2c | 2008-08-28 08:54:27 +0200 | [diff] [blame] | 2930 | tcp_splice_splicefd(rep->cons->fd, rep->prod->fd, 0); |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2931 | } |
| 2932 | #endif |
| 2933 | /* if the user wants to log as soon as possible, without counting |
| 2934 | * bytes from the server, then this is the right moment. We have |
| 2935 | * to temporarily assign bytes_out to log what we currently have. |
| 2936 | */ |
| 2937 | if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) { |
| 2938 | t->logs.t_close = t->logs.t_data; /* to get a valid end date */ |
| 2939 | t->logs.bytes_out = txn->rsp.eoh; |
Willy Tarreau | a5555ec | 2008-11-30 19:02:32 +0100 | [diff] [blame] | 2940 | t->do_log(t); |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2941 | t->logs.bytes_out = 0; |
| 2942 | } |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2943 | |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2944 | /* Note: we must not try to cheat by jumping directly to DATA, |
| 2945 | * otherwise we would not let the client side wake up. |
| 2946 | */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2947 | |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2948 | return 0; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2949 | } |
Willy Tarreau | dafde43 | 2008-08-17 01:00:46 +0200 | [diff] [blame] | 2950 | |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 2951 | /* Note: eventhough nobody should set an unknown flag, clearing them right now will |
| 2952 | * probably reduce one day's debugging session. |
| 2953 | */ |
| 2954 | #ifdef DEBUG_DEV |
| 2955 | if (rep->analysers & ~(AN_RTR_HTTP_HDR)) { |
| 2956 | fprintf(stderr, "FIXME !!!! unknown analysers flags %s:%d = 0x%08X\n", |
| 2957 | __FILE__, __LINE__, rep->analysers); |
| 2958 | ABORT_NOW(); |
| 2959 | } |
| 2960 | #endif |
| 2961 | rep->analysers &= AN_RTR_HTTP_HDR; |
Willy Tarreau | f5483bf | 2008-08-14 18:35:40 +0200 | [diff] [blame] | 2962 | return 0; |
| 2963 | } |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 2964 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2965 | /* |
| 2966 | * Produces data for the session <s> depending on its source. Expects to be |
Willy Tarreau | 1ae3a05 | 2008-08-16 10:56:30 +0200 | [diff] [blame] | 2967 | * called with client socket shut down on input. Right now, only statistics can |
Willy Tarreau | 72b179a | 2008-08-28 16:01:32 +0200 | [diff] [blame] | 2968 | * be produced. It stops by itself by unsetting the BF_HIJACK flag from the |
| 2969 | * buffer, which it uses to keep on being called when there is free space in |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2970 | * the buffer, or simply by letting an empty buffer upon return. |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2971 | */ |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2972 | void produce_content(struct session *s, struct buffer *rep) |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2973 | { |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2974 | if (s->data_source == DATA_SRC_NONE) { |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2975 | buffer_stop_hijack(rep); |
| 2976 | return; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2977 | } |
| 2978 | else if (s->data_source == DATA_SRC_STATS) { |
Willy Tarreau | c0dde7a | 2007-01-01 21:38:07 +0100 | [diff] [blame] | 2979 | /* dump server statistics */ |
Willy Tarreau | 0a46489 | 2008-12-07 18:30:00 +0100 | [diff] [blame] | 2980 | int ret = stats_dump_http(s, rep, s->be->uri_auth); |
Willy Tarreau | 9186126 | 2007-10-17 17:06:05 +0200 | [diff] [blame] | 2981 | if (ret >= 0) |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2982 | return; |
Willy Tarreau | 9186126 | 2007-10-17 17:06:05 +0200 | [diff] [blame] | 2983 | /* -1 indicates an error */ |
Willy Tarreau | c0dde7a | 2007-01-01 21:38:07 +0100 | [diff] [blame] | 2984 | } |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2985 | |
Willy Tarreau | 9186126 | 2007-10-17 17:06:05 +0200 | [diff] [blame] | 2986 | /* unknown data source or internal error */ |
| 2987 | s->txn.status = 500; |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2988 | stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_500)); |
Willy Tarreau | 9186126 | 2007-10-17 17:06:05 +0200 | [diff] [blame] | 2989 | if (!(s->flags & SN_ERR_MASK)) |
| 2990 | s->flags |= SN_ERR_PRXCOND; |
| 2991 | if (!(s->flags & SN_FINST_MASK)) |
| 2992 | s->flags |= SN_FINST_R; |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 2993 | buffer_stop_hijack(rep); |
| 2994 | return; |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 2995 | } |
| 2996 | |
| 2997 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 2998 | /* Iterate the same filter through all request headers. |
| 2999 | * Returns 1 if this filter can be stopped upon return, otherwise 0. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3000 | * Since it can manage the switch to another backend, it updates the per-proxy |
| 3001 | * DENY stats. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3002 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3003 | int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp) |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3004 | { |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3005 | char term; |
| 3006 | char *cur_ptr, *cur_end, *cur_next; |
| 3007 | int cur_idx, old_idx, last_hdr; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3008 | struct http_txn *txn = &t->txn; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3009 | struct hdr_idx_elem *cur_hdr; |
| 3010 | int len, delta; |
Willy Tarreau | 0f7562b | 2007-01-07 15:46:13 +0100 | [diff] [blame] | 3011 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3012 | last_hdr = 0; |
| 3013 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3014 | cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3015 | old_idx = 0; |
| 3016 | |
| 3017 | while (!last_hdr) { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3018 | if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT))) |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3019 | return 1; |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3020 | else if (unlikely(txn->flags & TX_CLALLOW) && |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3021 | (exp->action == ACT_ALLOW || |
| 3022 | exp->action == ACT_DENY || |
| 3023 | exp->action == ACT_TARPIT)) |
| 3024 | return 0; |
| 3025 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3026 | cur_idx = txn->hdr_idx.v[old_idx].next; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3027 | if (!cur_idx) |
| 3028 | break; |
| 3029 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3030 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3031 | cur_ptr = cur_next; |
| 3032 | cur_end = cur_ptr + cur_hdr->len; |
| 3033 | cur_next = cur_end + cur_hdr->cr + 1; |
| 3034 | |
| 3035 | /* Now we have one header between cur_ptr and cur_end, |
| 3036 | * and the next header starts at cur_next. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3037 | */ |
| 3038 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3039 | /* The annoying part is that pattern matching needs |
| 3040 | * that we modify the contents to null-terminate all |
| 3041 | * strings before testing them. |
| 3042 | */ |
| 3043 | |
| 3044 | term = *cur_end; |
| 3045 | *cur_end = '\0'; |
| 3046 | |
| 3047 | if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) { |
| 3048 | switch (exp->action) { |
| 3049 | case ACT_SETBE: |
| 3050 | /* It is not possible to jump a second time. |
| 3051 | * FIXME: should we return an HTTP/500 here so that |
| 3052 | * the admin knows there's a problem ? |
| 3053 | */ |
| 3054 | if (t->be != t->fe) |
| 3055 | break; |
| 3056 | |
| 3057 | /* Swithing Proxy */ |
| 3058 | t->be = (struct proxy *) exp->replace; |
| 3059 | |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 3060 | /* right now, the backend switch is not overly complicated |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3061 | * because we have associated req_cap and rsp_cap to the |
| 3062 | * frontend, and the beconn will be updated later. |
| 3063 | */ |
| 3064 | |
Willy Tarreau | d7c30f9 | 2007-12-03 01:38:36 +0100 | [diff] [blame] | 3065 | t->rep->rto = t->req->wto = t->be->timeout.server; |
| 3066 | t->req->cto = t->be->timeout.connect; |
Willy Tarreau | 6e4261e | 2007-09-18 18:36:05 +0200 | [diff] [blame] | 3067 | t->conn_retries = t->be->conn_retries; |
Willy Tarreau | 32a4ec0 | 2009-04-02 11:35:18 +0200 | [diff] [blame^] | 3068 | if (t->be->options2 & PR_O2_RSPBUG_OK) |
| 3069 | t->txn.rsp.err_pos = -1; /* let buggy responses pass */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3070 | last_hdr = 1; |
| 3071 | break; |
| 3072 | |
| 3073 | case ACT_ALLOW: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3074 | txn->flags |= TX_CLALLOW; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3075 | last_hdr = 1; |
| 3076 | break; |
| 3077 | |
| 3078 | case ACT_DENY: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3079 | txn->flags |= TX_CLDENY; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3080 | last_hdr = 1; |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3081 | t->be->denied_req++; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3082 | break; |
| 3083 | |
| 3084 | case ACT_TARPIT: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3085 | txn->flags |= TX_CLTARPIT; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3086 | last_hdr = 1; |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3087 | t->be->denied_req++; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3088 | break; |
| 3089 | |
| 3090 | case ACT_REPLACE: |
| 3091 | len = exp_replace(trash, cur_ptr, exp->replace, pmatch); |
| 3092 | delta = buffer_replace2(req, cur_ptr, cur_end, trash, len); |
| 3093 | /* FIXME: if the user adds a newline in the replacement, the |
| 3094 | * index will not be recalculated for now, and the new line |
| 3095 | * will not be counted as a new header. |
| 3096 | */ |
| 3097 | |
| 3098 | cur_end += delta; |
| 3099 | cur_next += delta; |
| 3100 | cur_hdr->len += delta; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3101 | txn->req.eoh += delta; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3102 | break; |
| 3103 | |
| 3104 | case ACT_REMOVE: |
| 3105 | delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0); |
| 3106 | cur_next += delta; |
| 3107 | |
| 3108 | /* FIXME: this should be a separate function */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3109 | txn->req.eoh += delta; |
| 3110 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 3111 | txn->hdr_idx.used--; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3112 | cur_hdr->len = 0; |
| 3113 | cur_end = NULL; /* null-term has been rewritten */ |
| 3114 | break; |
| 3115 | |
| 3116 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3117 | } |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3118 | if (cur_end) |
| 3119 | *cur_end = term; /* restore the string terminator */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3120 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3121 | /* keep the link from this header to next one in case of later |
| 3122 | * removal of next header. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3123 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3124 | old_idx = cur_idx; |
| 3125 | } |
| 3126 | return 0; |
| 3127 | } |
| 3128 | |
| 3129 | |
| 3130 | /* Apply the filter to the request line. |
| 3131 | * Returns 0 if nothing has been done, 1 if the filter has been applied, |
| 3132 | * or -1 if a replacement resulted in an invalid request line. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3133 | * Since it can manage the switch to another backend, it updates the per-proxy |
| 3134 | * DENY stats. |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3135 | */ |
| 3136 | int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp) |
| 3137 | { |
| 3138 | char term; |
| 3139 | char *cur_ptr, *cur_end; |
| 3140 | int done; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3141 | struct http_txn *txn = &t->txn; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3142 | int len, delta; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3143 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3144 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3145 | if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT))) |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3146 | return 1; |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3147 | else if (unlikely(txn->flags & TX_CLALLOW) && |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3148 | (exp->action == ACT_ALLOW || |
| 3149 | exp->action == ACT_DENY || |
| 3150 | exp->action == ACT_TARPIT)) |
| 3151 | return 0; |
| 3152 | else if (exp->action == ACT_REMOVE) |
| 3153 | return 0; |
| 3154 | |
| 3155 | done = 0; |
| 3156 | |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 3157 | cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3158 | cur_end = cur_ptr + txn->req.sl.rq.l; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3159 | |
| 3160 | /* Now we have the request line between cur_ptr and cur_end */ |
| 3161 | |
| 3162 | /* The annoying part is that pattern matching needs |
| 3163 | * that we modify the contents to null-terminate all |
| 3164 | * strings before testing them. |
| 3165 | */ |
| 3166 | |
| 3167 | term = *cur_end; |
| 3168 | *cur_end = '\0'; |
| 3169 | |
| 3170 | if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) { |
| 3171 | switch (exp->action) { |
| 3172 | case ACT_SETBE: |
| 3173 | /* It is not possible to jump a second time. |
| 3174 | * FIXME: should we return an HTTP/500 here so that |
| 3175 | * the admin knows there's a problem ? |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3176 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3177 | if (t->be != t->fe) |
| 3178 | break; |
| 3179 | |
| 3180 | /* Swithing Proxy */ |
| 3181 | t->be = (struct proxy *) exp->replace; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3182 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3183 | /* right now, the backend switch is not too much complicated |
| 3184 | * because we have associated req_cap and rsp_cap to the |
| 3185 | * frontend, and the beconn will be updated later. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3186 | */ |
| 3187 | |
Willy Tarreau | d7c30f9 | 2007-12-03 01:38:36 +0100 | [diff] [blame] | 3188 | t->rep->rto = t->req->wto = t->be->timeout.server; |
| 3189 | t->req->cto = t->be->timeout.connect; |
Willy Tarreau | 6e4261e | 2007-09-18 18:36:05 +0200 | [diff] [blame] | 3190 | t->conn_retries = t->be->conn_retries; |
Willy Tarreau | 32a4ec0 | 2009-04-02 11:35:18 +0200 | [diff] [blame^] | 3191 | if (t->be->options2 & PR_O2_RSPBUG_OK) |
| 3192 | t->txn.rsp.err_pos = -1; /* let buggy responses pass */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3193 | done = 1; |
| 3194 | break; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3195 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3196 | case ACT_ALLOW: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3197 | txn->flags |= TX_CLALLOW; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3198 | done = 1; |
| 3199 | break; |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3200 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3201 | case ACT_DENY: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3202 | txn->flags |= TX_CLDENY; |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3203 | t->be->denied_req++; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3204 | done = 1; |
| 3205 | break; |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3206 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3207 | case ACT_TARPIT: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3208 | txn->flags |= TX_CLTARPIT; |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3209 | t->be->denied_req++; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3210 | done = 1; |
| 3211 | break; |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3212 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3213 | case ACT_REPLACE: |
| 3214 | *cur_end = term; /* restore the string terminator */ |
| 3215 | len = exp_replace(trash, cur_ptr, exp->replace, pmatch); |
| 3216 | delta = buffer_replace2(req, cur_ptr, cur_end, trash, len); |
| 3217 | /* FIXME: if the user adds a newline in the replacement, the |
| 3218 | * index will not be recalculated for now, and the new line |
| 3219 | * will not be counted as a new header. |
| 3220 | */ |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3221 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3222 | txn->req.eoh += delta; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3223 | cur_end += delta; |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3224 | |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 3225 | txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3226 | cur_end = (char *)http_parse_reqline(&txn->req, req->data, |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3227 | HTTP_MSG_RQMETH, |
| 3228 | cur_ptr, cur_end + 1, |
| 3229 | NULL, NULL); |
| 3230 | if (unlikely(!cur_end)) |
| 3231 | return -1; |
Willy Tarreau | a496b60 | 2006-12-17 23:15:24 +0100 | [diff] [blame] | 3232 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3233 | /* we have a full request and we know that we have either a CR |
| 3234 | * or an LF at <ptr>. |
| 3235 | */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3236 | txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l); |
| 3237 | hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r'); |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3238 | /* there is no point trying this regex on headers */ |
| 3239 | return 1; |
| 3240 | } |
| 3241 | } |
| 3242 | *cur_end = term; /* restore the string terminator */ |
| 3243 | return done; |
| 3244 | } |
Willy Tarreau | 97de624 | 2006-12-27 17:18:38 +0100 | [diff] [blame] | 3245 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3246 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3247 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3248 | /* |
| 3249 | * Apply all the req filters <exp> to all headers in buffer <req> of session <t>. |
| 3250 | * Returns 0 if everything is alright, or -1 in case a replacement lead to an |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3251 | * unparsable request. Since it can manage the switch to another backend, it |
| 3252 | * updates the per-proxy DENY stats. |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3253 | */ |
| 3254 | int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp) |
| 3255 | { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3256 | struct http_txn *txn = &t->txn; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3257 | /* iterate through the filters in the outer loop */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3258 | while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) { |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3259 | int ret; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3260 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3261 | /* |
| 3262 | * The interleaving of transformations and verdicts |
| 3263 | * makes it difficult to decide to continue or stop |
| 3264 | * the evaluation. |
| 3265 | */ |
| 3266 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3267 | if ((txn->flags & TX_CLALLOW) && |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3268 | (exp->action == ACT_ALLOW || exp->action == ACT_DENY || |
| 3269 | exp->action == ACT_TARPIT || exp->action == ACT_PASS)) { |
| 3270 | exp = exp->next; |
| 3271 | continue; |
| 3272 | } |
| 3273 | |
| 3274 | /* Apply the filter to the request line. */ |
| 3275 | ret = apply_filter_to_req_line(t, req, exp); |
| 3276 | if (unlikely(ret < 0)) |
| 3277 | return -1; |
| 3278 | |
| 3279 | if (likely(ret == 0)) { |
| 3280 | /* The filter did not match the request, it can be |
| 3281 | * iterated through all headers. |
| 3282 | */ |
| 3283 | apply_filter_to_req_headers(t, req, exp); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3284 | } |
| 3285 | exp = exp->next; |
| 3286 | } |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3287 | return 0; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3288 | } |
| 3289 | |
| 3290 | |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3291 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3292 | /* |
Willy Tarreau | 396d2c6 | 2007-11-04 19:30:00 +0100 | [diff] [blame] | 3293 | * Manage client-side cookie. It can impact performance by about 2% so it is |
| 3294 | * desirable to call it only when needed. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3295 | */ |
| 3296 | void manage_client_side_cookies(struct session *t, struct buffer *req) |
| 3297 | { |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3298 | struct http_txn *txn = &t->txn; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3299 | char *p1, *p2, *p3, *p4; |
| 3300 | char *del_colon, *del_cookie, *colon; |
| 3301 | int app_cookies; |
| 3302 | |
| 3303 | appsess *asession_temp = NULL; |
| 3304 | appsess local_asession; |
| 3305 | |
| 3306 | char *cur_ptr, *cur_end, *cur_next; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 3307 | int cur_idx, old_idx; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3308 | |
Willy Tarreau | 2a32428 | 2006-12-05 00:05:46 +0100 | [diff] [blame] | 3309 | /* Iterate through the headers. |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3310 | * we start with the start line. |
| 3311 | */ |
Willy Tarreau | 83969f4 | 2007-01-22 08:55:47 +0100 | [diff] [blame] | 3312 | old_idx = 0; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3313 | cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3314 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3315 | while ((cur_idx = txn->hdr_idx.v[old_idx].next)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3316 | struct hdr_idx_elem *cur_hdr; |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3317 | int val; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3318 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3319 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3320 | cur_ptr = cur_next; |
| 3321 | cur_end = cur_ptr + cur_hdr->len; |
| 3322 | cur_next = cur_end + cur_hdr->cr + 1; |
| 3323 | |
| 3324 | /* We have one full header between cur_ptr and cur_end, and the |
| 3325 | * next header starts at cur_next. We're only interested in |
| 3326 | * "Cookie:" headers. |
| 3327 | */ |
| 3328 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3329 | val = http_header_match2(cur_ptr, cur_end, "Cookie", 6); |
| 3330 | if (!val) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3331 | old_idx = cur_idx; |
| 3332 | continue; |
| 3333 | } |
| 3334 | |
| 3335 | /* Now look for cookies. Conforming to RFC2109, we have to support |
| 3336 | * attributes whose name begin with a '$', and associate them with |
| 3337 | * the right cookie, if we want to delete this cookie. |
| 3338 | * So there are 3 cases for each cookie read : |
| 3339 | * 1) it's a special attribute, beginning with a '$' : ignore it. |
| 3340 | * 2) it's a server id cookie that we *MAY* want to delete : save |
| 3341 | * some pointers on it (last semi-colon, beginning of cookie...) |
| 3342 | * 3) it's an application cookie : we *MAY* have to delete a previous |
| 3343 | * "special" cookie. |
| 3344 | * At the end of loop, if a "special" cookie remains, we may have to |
| 3345 | * remove it. If no application cookie persists in the header, we |
| 3346 | * *MUST* delete it |
| 3347 | */ |
| 3348 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3349 | colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3350 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3351 | /* del_cookie == NULL => nothing to be deleted */ |
| 3352 | del_colon = del_cookie = NULL; |
| 3353 | app_cookies = 0; |
| 3354 | |
| 3355 | while (p1 < cur_end) { |
| 3356 | /* skip spaces and colons, but keep an eye on these ones */ |
| 3357 | while (p1 < cur_end) { |
| 3358 | if (*p1 == ';' || *p1 == ',') |
| 3359 | colon = p1; |
Willy Tarreau | 8f8e645 | 2007-06-17 21:51:38 +0200 | [diff] [blame] | 3360 | else if (!isspace((unsigned char)*p1)) |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3361 | break; |
| 3362 | p1++; |
| 3363 | } |
| 3364 | |
| 3365 | if (p1 == cur_end) |
| 3366 | break; |
| 3367 | |
| 3368 | /* p1 is at the beginning of the cookie name */ |
| 3369 | p2 = p1; |
| 3370 | while (p2 < cur_end && *p2 != '=') |
| 3371 | p2++; |
| 3372 | |
| 3373 | if (p2 == cur_end) |
| 3374 | break; |
| 3375 | |
| 3376 | p3 = p2 + 1; /* skips the '=' sign */ |
| 3377 | if (p3 == cur_end) |
| 3378 | break; |
| 3379 | |
| 3380 | p4 = p3; |
Willy Tarreau | 8f8e645 | 2007-06-17 21:51:38 +0200 | [diff] [blame] | 3381 | while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';' && *p4 != ',') |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3382 | p4++; |
| 3383 | |
| 3384 | /* here, we have the cookie name between p1 and p2, |
| 3385 | * and its value between p3 and p4. |
| 3386 | * we can process it : |
| 3387 | * |
| 3388 | * Cookie: NAME=VALUE; |
| 3389 | * | || || | |
| 3390 | * | || || +--> p4 |
| 3391 | * | || |+-------> p3 |
| 3392 | * | || +--------> p2 |
| 3393 | * | |+------------> p1 |
| 3394 | * | +-------------> colon |
| 3395 | * +--------------------> cur_ptr |
| 3396 | */ |
| 3397 | |
| 3398 | if (*p1 == '$') { |
| 3399 | /* skip this one */ |
| 3400 | } |
| 3401 | else { |
| 3402 | /* first, let's see if we want to capture it */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3403 | if (t->fe->capture_name != NULL && |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 3404 | txn->cli_cookie == NULL && |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3405 | (p4 - p1 >= t->fe->capture_namelen) && |
| 3406 | memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3407 | int log_len = p4 - p1; |
| 3408 | |
Willy Tarreau | 086b3b4 | 2007-05-13 21:45:51 +0200 | [diff] [blame] | 3409 | if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3410 | Alert("HTTP logging : out of memory.\n"); |
| 3411 | } else { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3412 | if (log_len > t->fe->capture_len) |
| 3413 | log_len = t->fe->capture_len; |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 3414 | memcpy(txn->cli_cookie, p1, log_len); |
| 3415 | txn->cli_cookie[log_len] = 0; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3416 | } |
| 3417 | } |
| 3418 | |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3419 | if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) && |
| 3420 | (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3421 | /* Cool... it's the right one */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3422 | struct server *srv = t->be->srv; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3423 | char *delim; |
| 3424 | |
| 3425 | /* if we're in cookie prefix mode, we'll search the delimitor so that we |
| 3426 | * have the server ID betweek p3 and delim, and the original cookie between |
| 3427 | * delim+1 and p4. Otherwise, delim==p4 : |
| 3428 | * |
| 3429 | * Cookie: NAME=SRV~VALUE; |
| 3430 | * | || || | | |
| 3431 | * | || || | +--> p4 |
| 3432 | * | || || +--------> delim |
| 3433 | * | || |+-----------> p3 |
| 3434 | * | || +------------> p2 |
| 3435 | * | |+----------------> p1 |
| 3436 | * | +-----------------> colon |
| 3437 | * +------------------------> cur_ptr |
| 3438 | */ |
| 3439 | |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3440 | if (t->be->options & PR_O_COOK_PFX) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3441 | for (delim = p3; delim < p4; delim++) |
| 3442 | if (*delim == COOKIE_DELIM) |
| 3443 | break; |
| 3444 | } |
| 3445 | else |
| 3446 | delim = p4; |
| 3447 | |
| 3448 | |
| 3449 | /* Here, we'll look for the first running server which supports the cookie. |
| 3450 | * This allows to share a same cookie between several servers, for example |
| 3451 | * to dedicate backup servers to specific servers only. |
| 3452 | * However, to prevent clients from sticking to cookie-less backup server |
| 3453 | * when they have incidentely learned an empty cookie, we simply ignore |
| 3454 | * empty cookies and mark them as invalid. |
| 3455 | */ |
| 3456 | if (delim == p3) |
| 3457 | srv = NULL; |
| 3458 | |
| 3459 | while (srv) { |
Willy Tarreau | 92f2ab1 | 2007-02-02 22:14:47 +0100 | [diff] [blame] | 3460 | if (srv->cookie && (srv->cklen == delim - p3) && |
| 3461 | !memcmp(p3, srv->cookie, delim - p3)) { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3462 | if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3463 | /* we found the server and it's usable */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3464 | txn->flags &= ~TX_CK_MASK; |
| 3465 | txn->flags |= TX_CK_VALID; |
| 3466 | t->flags |= SN_DIRECT | SN_ASSIGNED; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3467 | t->srv = srv; |
| 3468 | break; |
| 3469 | } else { |
| 3470 | /* we found a server, but it's down */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3471 | txn->flags &= ~TX_CK_MASK; |
| 3472 | txn->flags |= TX_CK_DOWN; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3473 | } |
| 3474 | } |
| 3475 | srv = srv->next; |
| 3476 | } |
| 3477 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3478 | if (!srv && !(txn->flags & TX_CK_DOWN)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3479 | /* no server matched this cookie */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3480 | txn->flags &= ~TX_CK_MASK; |
| 3481 | txn->flags |= TX_CK_INVALID; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3482 | } |
| 3483 | |
| 3484 | /* depending on the cookie mode, we may have to either : |
| 3485 | * - delete the complete cookie if we're in insert+indirect mode, so that |
| 3486 | * the server never sees it ; |
| 3487 | * - remove the server id from the cookie value, and tag the cookie as an |
| 3488 | * application cookie so that it does not get accidentely removed later, |
| 3489 | * if we're in cookie prefix mode |
| 3490 | */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3491 | if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3492 | int delta; /* negative */ |
| 3493 | |
| 3494 | delta = buffer_replace2(req, p3, delim + 1, NULL, 0); |
| 3495 | p4 += delta; |
| 3496 | cur_end += delta; |
| 3497 | cur_next += delta; |
| 3498 | cur_hdr->len += delta; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3499 | txn->req.eoh += delta; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3500 | |
| 3501 | del_cookie = del_colon = NULL; |
| 3502 | app_cookies++; /* protect the header from deletion */ |
| 3503 | } |
| 3504 | else if (del_cookie == NULL && |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3505 | (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3506 | del_cookie = p1; |
| 3507 | del_colon = colon; |
| 3508 | } |
| 3509 | } else { |
| 3510 | /* now we know that we must keep this cookie since it's |
| 3511 | * not ours. But if we wanted to delete our cookie |
| 3512 | * earlier, we cannot remove the complete header, but we |
| 3513 | * can remove the previous block itself. |
| 3514 | */ |
| 3515 | app_cookies++; |
| 3516 | |
| 3517 | if (del_cookie != NULL) { |
| 3518 | int delta; /* negative */ |
| 3519 | |
| 3520 | delta = buffer_replace2(req, del_cookie, p1, NULL, 0); |
| 3521 | p4 += delta; |
| 3522 | cur_end += delta; |
| 3523 | cur_next += delta; |
| 3524 | cur_hdr->len += delta; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3525 | txn->req.eoh += delta; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3526 | del_cookie = del_colon = NULL; |
| 3527 | } |
| 3528 | } |
| 3529 | |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3530 | if ((t->be->appsession_name != NULL) && |
| 3531 | (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3532 | /* first, let's see if the cookie is our appcookie*/ |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 3533 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3534 | /* Cool... it's the right one */ |
| 3535 | |
| 3536 | asession_temp = &local_asession; |
| 3537 | |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 3538 | if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3539 | Alert("Not enough memory process_cli():asession->sessid:malloc().\n"); |
| 3540 | send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n"); |
| 3541 | return; |
| 3542 | } |
| 3543 | |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3544 | memcpy(asession_temp->sessid, p3, t->be->appsession_len); |
| 3545 | asession_temp->sessid[t->be->appsession_len] = 0; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3546 | asession_temp->serverid = NULL; |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 3547 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3548 | /* only do insert, if lookup fails */ |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 3549 | asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid); |
| 3550 | if (asession_temp == NULL) { |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 3551 | if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3552 | /* free previously allocated memory */ |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 3553 | pool_free2(apools.sessid, local_asession.sessid); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3554 | Alert("Not enough memory process_cli():asession:calloc().\n"); |
| 3555 | send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n"); |
| 3556 | return; |
| 3557 | } |
| 3558 | |
| 3559 | asession_temp->sessid = local_asession.sessid; |
| 3560 | asession_temp->serverid = local_asession.serverid; |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 3561 | asession_temp->request_count = 0; |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 3562 | appsession_hash_insert(&(t->be->htbl_proxy), asession_temp); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3563 | } else { |
| 3564 | /* free previously allocated memory */ |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 3565 | pool_free2(apools.sessid, local_asession.sessid); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3566 | } |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3567 | if (asession_temp->serverid == NULL) { |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 3568 | /* TODO redispatch request */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3569 | Alert("Found Application Session without matching server.\n"); |
| 3570 | } else { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3571 | struct server *srv = t->be->srv; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3572 | while (srv) { |
| 3573 | if (strcmp(srv->id, asession_temp->serverid) == 0) { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3574 | if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3575 | /* we found the server and it's usable */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3576 | txn->flags &= ~TX_CK_MASK; |
| 3577 | txn->flags |= TX_CK_VALID; |
| 3578 | t->flags |= SN_DIRECT | SN_ASSIGNED; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3579 | t->srv = srv; |
| 3580 | break; |
| 3581 | } else { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3582 | txn->flags &= ~TX_CK_MASK; |
| 3583 | txn->flags |= TX_CK_DOWN; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3584 | } |
| 3585 | } |
| 3586 | srv = srv->next; |
| 3587 | }/* end while(srv) */ |
| 3588 | }/* end else if server == NULL */ |
| 3589 | |
Willy Tarreau | 0c303ee | 2008-07-07 00:09:58 +0200 | [diff] [blame] | 3590 | asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession); |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 3591 | asession_temp->request_count++; |
| 3592 | #if defined(DEBUG_HASH) |
| 3593 | Alert("manage_client_side_cookies\n"); |
| 3594 | appsession_hash_dump(&(t->be->htbl_proxy)); |
| 3595 | #endif |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3596 | }/* end if ((t->proxy->appsession_name != NULL) ... */ |
| 3597 | } |
| 3598 | |
| 3599 | /* we'll have to look for another cookie ... */ |
| 3600 | p1 = p4; |
| 3601 | } /* while (p1 < cur_end) */ |
| 3602 | |
| 3603 | /* There's no more cookie on this line. |
| 3604 | * We may have marked the last one(s) for deletion. |
| 3605 | * We must do this now in two ways : |
| 3606 | * - if there is no app cookie, we simply delete the header ; |
| 3607 | * - if there are app cookies, we must delete the end of the |
| 3608 | * string properly, including the colon/semi-colon before |
| 3609 | * the cookie name. |
| 3610 | */ |
| 3611 | if (del_cookie != NULL) { |
| 3612 | int delta; |
| 3613 | if (app_cookies) { |
| 3614 | delta = buffer_replace2(req, del_colon, cur_end, NULL, 0); |
| 3615 | cur_end = del_colon; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3616 | cur_hdr->len += delta; |
| 3617 | } else { |
| 3618 | delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3619 | |
| 3620 | /* FIXME: this should be a separate function */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3621 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 3622 | txn->hdr_idx.used--; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3623 | cur_hdr->len = 0; |
| 3624 | } |
Willy Tarreau | 45e73e3 | 2006-12-17 00:05:15 +0100 | [diff] [blame] | 3625 | cur_next += delta; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 3626 | txn->req.eoh += delta; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 3627 | } |
| 3628 | |
| 3629 | /* keep the link from this header to next one */ |
| 3630 | old_idx = cur_idx; |
| 3631 | } /* end of cookie processing on this header */ |
| 3632 | } |
| 3633 | |
| 3634 | |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3635 | /* Iterate the same filter through all response headers contained in <rtr>. |
| 3636 | * Returns 1 if this filter can be stopped upon return, otherwise 0. |
| 3637 | */ |
| 3638 | int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp) |
| 3639 | { |
| 3640 | char term; |
| 3641 | char *cur_ptr, *cur_end, *cur_next; |
| 3642 | int cur_idx, old_idx, last_hdr; |
| 3643 | struct http_txn *txn = &t->txn; |
| 3644 | struct hdr_idx_elem *cur_hdr; |
| 3645 | int len, delta; |
| 3646 | |
| 3647 | last_hdr = 0; |
| 3648 | |
| 3649 | cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 3650 | old_idx = 0; |
| 3651 | |
| 3652 | while (!last_hdr) { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3653 | if (unlikely(txn->flags & TX_SVDENY)) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3654 | return 1; |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3655 | else if (unlikely(txn->flags & TX_SVALLOW) && |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3656 | (exp->action == ACT_ALLOW || |
| 3657 | exp->action == ACT_DENY)) |
| 3658 | return 0; |
| 3659 | |
| 3660 | cur_idx = txn->hdr_idx.v[old_idx].next; |
| 3661 | if (!cur_idx) |
| 3662 | break; |
| 3663 | |
| 3664 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
| 3665 | cur_ptr = cur_next; |
| 3666 | cur_end = cur_ptr + cur_hdr->len; |
| 3667 | cur_next = cur_end + cur_hdr->cr + 1; |
| 3668 | |
| 3669 | /* Now we have one header between cur_ptr and cur_end, |
| 3670 | * and the next header starts at cur_next. |
| 3671 | */ |
| 3672 | |
| 3673 | /* The annoying part is that pattern matching needs |
| 3674 | * that we modify the contents to null-terminate all |
| 3675 | * strings before testing them. |
| 3676 | */ |
| 3677 | |
| 3678 | term = *cur_end; |
| 3679 | *cur_end = '\0'; |
| 3680 | |
| 3681 | if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) { |
| 3682 | switch (exp->action) { |
| 3683 | case ACT_ALLOW: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3684 | txn->flags |= TX_SVALLOW; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3685 | last_hdr = 1; |
| 3686 | break; |
| 3687 | |
| 3688 | case ACT_DENY: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3689 | txn->flags |= TX_SVDENY; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3690 | last_hdr = 1; |
| 3691 | break; |
| 3692 | |
| 3693 | case ACT_REPLACE: |
| 3694 | len = exp_replace(trash, cur_ptr, exp->replace, pmatch); |
| 3695 | delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len); |
| 3696 | /* FIXME: if the user adds a newline in the replacement, the |
| 3697 | * index will not be recalculated for now, and the new line |
| 3698 | * will not be counted as a new header. |
| 3699 | */ |
| 3700 | |
| 3701 | cur_end += delta; |
| 3702 | cur_next += delta; |
| 3703 | cur_hdr->len += delta; |
| 3704 | txn->rsp.eoh += delta; |
| 3705 | break; |
| 3706 | |
| 3707 | case ACT_REMOVE: |
| 3708 | delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0); |
| 3709 | cur_next += delta; |
| 3710 | |
| 3711 | /* FIXME: this should be a separate function */ |
| 3712 | txn->rsp.eoh += delta; |
| 3713 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 3714 | txn->hdr_idx.used--; |
| 3715 | cur_hdr->len = 0; |
| 3716 | cur_end = NULL; /* null-term has been rewritten */ |
| 3717 | break; |
| 3718 | |
| 3719 | } |
| 3720 | } |
| 3721 | if (cur_end) |
| 3722 | *cur_end = term; /* restore the string terminator */ |
| 3723 | |
| 3724 | /* keep the link from this header to next one in case of later |
| 3725 | * removal of next header. |
| 3726 | */ |
| 3727 | old_idx = cur_idx; |
| 3728 | } |
| 3729 | return 0; |
| 3730 | } |
| 3731 | |
| 3732 | |
| 3733 | /* Apply the filter to the status line in the response buffer <rtr>. |
| 3734 | * Returns 0 if nothing has been done, 1 if the filter has been applied, |
| 3735 | * or -1 if a replacement resulted in an invalid status line. |
| 3736 | */ |
| 3737 | int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp) |
| 3738 | { |
| 3739 | char term; |
| 3740 | char *cur_ptr, *cur_end; |
| 3741 | int done; |
| 3742 | struct http_txn *txn = &t->txn; |
| 3743 | int len, delta; |
| 3744 | |
| 3745 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3746 | if (unlikely(txn->flags & TX_SVDENY)) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3747 | return 1; |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3748 | else if (unlikely(txn->flags & TX_SVALLOW) && |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3749 | (exp->action == ACT_ALLOW || |
| 3750 | exp->action == ACT_DENY)) |
| 3751 | return 0; |
| 3752 | else if (exp->action == ACT_REMOVE) |
| 3753 | return 0; |
| 3754 | |
| 3755 | done = 0; |
| 3756 | |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 3757 | cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3758 | cur_end = cur_ptr + txn->rsp.sl.rq.l; |
| 3759 | |
| 3760 | /* Now we have the status line between cur_ptr and cur_end */ |
| 3761 | |
| 3762 | /* The annoying part is that pattern matching needs |
| 3763 | * that we modify the contents to null-terminate all |
| 3764 | * strings before testing them. |
| 3765 | */ |
| 3766 | |
| 3767 | term = *cur_end; |
| 3768 | *cur_end = '\0'; |
| 3769 | |
| 3770 | if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) { |
| 3771 | switch (exp->action) { |
| 3772 | case ACT_ALLOW: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3773 | txn->flags |= TX_SVALLOW; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3774 | done = 1; |
| 3775 | break; |
| 3776 | |
| 3777 | case ACT_DENY: |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3778 | txn->flags |= TX_SVDENY; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3779 | done = 1; |
| 3780 | break; |
| 3781 | |
| 3782 | case ACT_REPLACE: |
| 3783 | *cur_end = term; /* restore the string terminator */ |
| 3784 | len = exp_replace(trash, cur_ptr, exp->replace, pmatch); |
| 3785 | delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len); |
| 3786 | /* FIXME: if the user adds a newline in the replacement, the |
| 3787 | * index will not be recalculated for now, and the new line |
| 3788 | * will not be counted as a new header. |
| 3789 | */ |
| 3790 | |
| 3791 | txn->rsp.eoh += delta; |
| 3792 | cur_end += delta; |
| 3793 | |
Willy Tarreau | 9cdde23 | 2007-05-02 20:58:19 +0200 | [diff] [blame] | 3794 | txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3795 | cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data, |
Willy Tarreau | 0278576 | 2007-04-03 14:45:44 +0200 | [diff] [blame] | 3796 | HTTP_MSG_RPVER, |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3797 | cur_ptr, cur_end + 1, |
| 3798 | NULL, NULL); |
| 3799 | if (unlikely(!cur_end)) |
| 3800 | return -1; |
| 3801 | |
| 3802 | /* we have a full respnse and we know that we have either a CR |
| 3803 | * or an LF at <ptr>. |
| 3804 | */ |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 3805 | txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l); |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3806 | hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r'); |
| 3807 | /* there is no point trying this regex on headers */ |
| 3808 | return 1; |
| 3809 | } |
| 3810 | } |
| 3811 | *cur_end = term; /* restore the string terminator */ |
| 3812 | return done; |
| 3813 | } |
| 3814 | |
| 3815 | |
| 3816 | |
| 3817 | /* |
| 3818 | * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>. |
| 3819 | * Returns 0 if everything is alright, or -1 in case a replacement lead to an |
| 3820 | * unparsable response. |
| 3821 | */ |
| 3822 | int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp) |
| 3823 | { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3824 | struct http_txn *txn = &t->txn; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3825 | /* iterate through the filters in the outer loop */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3826 | while (exp && !(txn->flags & TX_SVDENY)) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3827 | int ret; |
| 3828 | |
| 3829 | /* |
| 3830 | * The interleaving of transformations and verdicts |
| 3831 | * makes it difficult to decide to continue or stop |
| 3832 | * the evaluation. |
| 3833 | */ |
| 3834 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3835 | if ((txn->flags & TX_SVALLOW) && |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3836 | (exp->action == ACT_ALLOW || exp->action == ACT_DENY || |
| 3837 | exp->action == ACT_PASS)) { |
| 3838 | exp = exp->next; |
| 3839 | continue; |
| 3840 | } |
| 3841 | |
| 3842 | /* Apply the filter to the status line. */ |
| 3843 | ret = apply_filter_to_sts_line(t, rtr, exp); |
| 3844 | if (unlikely(ret < 0)) |
| 3845 | return -1; |
| 3846 | |
| 3847 | if (likely(ret == 0)) { |
| 3848 | /* The filter did not match the response, it can be |
| 3849 | * iterated through all headers. |
| 3850 | */ |
| 3851 | apply_filter_to_resp_headers(t, rtr, exp); |
| 3852 | } |
| 3853 | exp = exp->next; |
| 3854 | } |
| 3855 | return 0; |
| 3856 | } |
| 3857 | |
| 3858 | |
| 3859 | |
| 3860 | /* |
Willy Tarreau | 396d2c6 | 2007-11-04 19:30:00 +0100 | [diff] [blame] | 3861 | * Manage server-side cookies. It can impact performance by about 2% so it is |
| 3862 | * desirable to call it only when needed. |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3863 | */ |
| 3864 | void manage_server_side_cookies(struct session *t, struct buffer *rtr) |
| 3865 | { |
| 3866 | struct http_txn *txn = &t->txn; |
| 3867 | char *p1, *p2, *p3, *p4; |
| 3868 | |
| 3869 | appsess *asession_temp = NULL; |
| 3870 | appsess local_asession; |
| 3871 | |
| 3872 | char *cur_ptr, *cur_end, *cur_next; |
| 3873 | int cur_idx, old_idx, delta; |
| 3874 | |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3875 | /* Iterate through the headers. |
| 3876 | * we start with the start line. |
| 3877 | */ |
| 3878 | old_idx = 0; |
| 3879 | cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 3880 | |
| 3881 | while ((cur_idx = txn->hdr_idx.v[old_idx].next)) { |
| 3882 | struct hdr_idx_elem *cur_hdr; |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3883 | int val; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3884 | |
| 3885 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
| 3886 | cur_ptr = cur_next; |
| 3887 | cur_end = cur_ptr + cur_hdr->len; |
| 3888 | cur_next = cur_end + cur_hdr->cr + 1; |
| 3889 | |
| 3890 | /* We have one full header between cur_ptr and cur_end, and the |
| 3891 | * next header starts at cur_next. We're only interested in |
| 3892 | * "Cookie:" headers. |
| 3893 | */ |
| 3894 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3895 | val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10); |
| 3896 | if (!val) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3897 | old_idx = cur_idx; |
| 3898 | continue; |
| 3899 | } |
| 3900 | |
| 3901 | /* OK, right now we know we have a set-cookie at cur_ptr */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3902 | txn->flags |= TX_SCK_ANY; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3903 | |
| 3904 | |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 3905 | /* maybe we only wanted to see if there was a set-cookie. Note that |
| 3906 | * the cookie capture is declared in the fronend. |
| 3907 | */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3908 | if (t->be->cookie_name == NULL && |
| 3909 | t->be->appsession_name == NULL && |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 3910 | t->fe->capture_name == NULL) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3911 | return; |
| 3912 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 3913 | p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3914 | |
| 3915 | while (p1 < cur_end) { /* in fact, we'll break after the first cookie */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3916 | if (p1 == cur_end || *p1 == ';') /* end of cookie */ |
| 3917 | break; |
| 3918 | |
| 3919 | /* p1 is at the beginning of the cookie name */ |
| 3920 | p2 = p1; |
| 3921 | |
| 3922 | while (p2 < cur_end && *p2 != '=' && *p2 != ';') |
| 3923 | p2++; |
| 3924 | |
| 3925 | if (p2 == cur_end || *p2 == ';') /* next cookie */ |
| 3926 | break; |
| 3927 | |
| 3928 | p3 = p2 + 1; /* skip the '=' sign */ |
| 3929 | if (p3 == cur_end) |
| 3930 | break; |
| 3931 | |
| 3932 | p4 = p3; |
Willy Tarreau | 8f8e645 | 2007-06-17 21:51:38 +0200 | [diff] [blame] | 3933 | while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';') |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3934 | p4++; |
| 3935 | |
| 3936 | /* here, we have the cookie name between p1 and p2, |
| 3937 | * and its value between p3 and p4. |
| 3938 | * we can process it. |
| 3939 | */ |
| 3940 | |
| 3941 | /* first, let's see if we want to capture it */ |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 3942 | if (t->fe->capture_name != NULL && |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 3943 | txn->srv_cookie == NULL && |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 3944 | (p4 - p1 >= t->fe->capture_namelen) && |
| 3945 | memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3946 | int log_len = p4 - p1; |
| 3947 | |
Willy Tarreau | 086b3b4 | 2007-05-13 21:45:51 +0200 | [diff] [blame] | 3948 | if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3949 | Alert("HTTP logging : out of memory.\n"); |
| 3950 | } |
| 3951 | |
Willy Tarreau | fd39dda | 2008-10-17 12:01:58 +0200 | [diff] [blame] | 3952 | if (log_len > t->fe->capture_len) |
| 3953 | log_len = t->fe->capture_len; |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 3954 | memcpy(txn->srv_cookie, p1, log_len); |
| 3955 | txn->srv_cookie[log_len] = 0; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3956 | } |
| 3957 | |
| 3958 | /* now check if we need to process it for persistence */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3959 | if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) && |
| 3960 | (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3961 | /* Cool... it's the right one */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3962 | txn->flags |= TX_SCK_SEEN; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3963 | |
| 3964 | /* If the cookie is in insert mode on a known server, we'll delete |
| 3965 | * this occurrence because we'll insert another one later. |
| 3966 | * We'll delete it too if the "indirect" option is set and we're in |
| 3967 | * a direct access. */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3968 | if (((t->srv) && (t->be->options & PR_O_COOK_INS)) || |
| 3969 | ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3970 | /* this header must be deleted */ |
| 3971 | delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0); |
| 3972 | txn->hdr_idx.v[old_idx].next = cur_hdr->next; |
| 3973 | txn->hdr_idx.used--; |
| 3974 | cur_hdr->len = 0; |
| 3975 | cur_next += delta; |
| 3976 | txn->rsp.eoh += delta; |
| 3977 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3978 | txn->flags |= TX_SCK_DELETED; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3979 | } |
| 3980 | else if ((t->srv) && (t->srv->cookie) && |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3981 | (t->be->options & PR_O_COOK_RW)) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3982 | /* replace bytes p3->p4 with the cookie name associated |
| 3983 | * with this server since we know it. |
| 3984 | */ |
| 3985 | delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen); |
| 3986 | cur_hdr->len += delta; |
| 3987 | cur_next += delta; |
| 3988 | txn->rsp.eoh += delta; |
| 3989 | |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 3990 | txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3991 | } |
| 3992 | else if ((t->srv) && (t->srv->cookie) && |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 3993 | (t->be->options & PR_O_COOK_PFX)) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 3994 | /* insert the cookie name associated with this server |
| 3995 | * before existing cookie, and insert a delimitor between them.. |
| 3996 | */ |
| 3997 | delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1); |
| 3998 | cur_hdr->len += delta; |
| 3999 | cur_next += delta; |
| 4000 | txn->rsp.eoh += delta; |
| 4001 | |
| 4002 | p3[t->srv->cklen] = COOKIE_DELIM; |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4003 | txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4004 | } |
| 4005 | } |
| 4006 | /* next, let's see if the cookie is our appcookie */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4007 | else if ((t->be->appsession_name != NULL) && |
| 4008 | (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4009 | |
| 4010 | /* Cool... it's the right one */ |
| 4011 | |
| 4012 | size_t server_id_len = strlen(t->srv->id) + 1; |
| 4013 | asession_temp = &local_asession; |
| 4014 | |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4015 | if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4016 | Alert("Not enough Memory process_srv():asession->sessid:malloc().\n"); |
| 4017 | send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n"); |
| 4018 | return; |
| 4019 | } |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4020 | memcpy(asession_temp->sessid, p3, t->be->appsession_len); |
| 4021 | asession_temp->sessid[t->be->appsession_len] = 0; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4022 | asession_temp->serverid = NULL; |
| 4023 | |
| 4024 | /* only do insert, if lookup fails */ |
Ryan Warnick | 6d0b1fa | 2008-02-17 11:24:35 +0100 | [diff] [blame] | 4025 | asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid); |
| 4026 | if (asession_temp == NULL) { |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4027 | if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4028 | Alert("Not enough Memory process_srv():asession:calloc().\n"); |
| 4029 | send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n"); |
| 4030 | return; |
| 4031 | } |
| 4032 | asession_temp->sessid = local_asession.sessid; |
| 4033 | asession_temp->serverid = local_asession.serverid; |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4034 | asession_temp->request_count = 0; |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4035 | appsession_hash_insert(&(t->be->htbl_proxy), asession_temp); |
| 4036 | } else { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4037 | /* free wasted memory */ |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4038 | pool_free2(apools.sessid, local_asession.sessid); |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4039 | } |
| 4040 | |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4041 | if (asession_temp->serverid == NULL) { |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4042 | if ((asession_temp->serverid = pool_alloc2(apools.serverid)) == NULL) { |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4043 | Alert("Not enough Memory process_srv():asession->sessid:malloc().\n"); |
| 4044 | send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n"); |
| 4045 | return; |
| 4046 | } |
| 4047 | asession_temp->serverid[0] = '\0'; |
| 4048 | } |
| 4049 | |
| 4050 | if (asession_temp->serverid[0] == '\0') |
| 4051 | memcpy(asession_temp->serverid, t->srv->id, server_id_len); |
| 4052 | |
Willy Tarreau | 0c303ee | 2008-07-07 00:09:58 +0200 | [diff] [blame] | 4053 | asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession); |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4054 | asession_temp->request_count++; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4055 | #if defined(DEBUG_HASH) |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4056 | Alert("manage_server_side_cookies\n"); |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4057 | appsession_hash_dump(&(t->be->htbl_proxy)); |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4058 | #endif |
| 4059 | }/* end if ((t->proxy->appsession_name != NULL) ... */ |
| 4060 | break; /* we don't want to loop again since there cannot be another cookie on the same line */ |
| 4061 | } /* we're now at the end of the cookie value */ |
| 4062 | |
| 4063 | /* keep the link from this header to next one */ |
| 4064 | old_idx = cur_idx; |
| 4065 | } /* end of cookie processing on this header */ |
| 4066 | } |
| 4067 | |
| 4068 | |
| 4069 | |
| 4070 | /* |
| 4071 | * Check if response is cacheable or not. Updates t->flags. |
| 4072 | */ |
| 4073 | void check_response_for_cacheability(struct session *t, struct buffer *rtr) |
| 4074 | { |
| 4075 | struct http_txn *txn = &t->txn; |
| 4076 | char *p1, *p2; |
| 4077 | |
| 4078 | char *cur_ptr, *cur_end, *cur_next; |
| 4079 | int cur_idx; |
| 4080 | |
Willy Tarreau | 5df5187 | 2007-11-25 16:20:08 +0100 | [diff] [blame] | 4081 | if (!(txn->flags & TX_CACHEABLE)) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4082 | return; |
| 4083 | |
| 4084 | /* Iterate through the headers. |
| 4085 | * we start with the start line. |
| 4086 | */ |
| 4087 | cur_idx = 0; |
| 4088 | cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 4089 | |
| 4090 | while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) { |
| 4091 | struct hdr_idx_elem *cur_hdr; |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 4092 | int val; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4093 | |
| 4094 | cur_hdr = &txn->hdr_idx.v[cur_idx]; |
| 4095 | cur_ptr = cur_next; |
| 4096 | cur_end = cur_ptr + cur_hdr->len; |
| 4097 | cur_next = cur_end + cur_hdr->cr + 1; |
| 4098 | |
| 4099 | /* We have one full header between cur_ptr and cur_end, and the |
| 4100 | * next header starts at cur_next. We're only interested in |
| 4101 | * "Cookie:" headers. |
| 4102 | */ |
| 4103 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 4104 | val = http_header_match2(cur_ptr, cur_end, "Pragma", 6); |
| 4105 | if (val) { |
| 4106 | if ((cur_end - (cur_ptr + val) >= 8) && |
| 4107 | strncasecmp(cur_ptr + val, "no-cache", 8) == 0) { |
| 4108 | txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK; |
| 4109 | return; |
| 4110 | } |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4111 | } |
| 4112 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 4113 | val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13); |
| 4114 | if (!val) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4115 | continue; |
| 4116 | |
| 4117 | /* OK, right now we know we have a cache-control header at cur_ptr */ |
| 4118 | |
Willy Tarreau | aa9dce3 | 2007-03-18 23:50:16 +0100 | [diff] [blame] | 4119 | p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */ |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4120 | |
| 4121 | if (p1 >= cur_end) /* no more info */ |
| 4122 | continue; |
| 4123 | |
| 4124 | /* p1 is at the beginning of the value */ |
| 4125 | p2 = p1; |
| 4126 | |
Willy Tarreau | 8f8e645 | 2007-06-17 21:51:38 +0200 | [diff] [blame] | 4127 | while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2)) |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4128 | p2++; |
| 4129 | |
| 4130 | /* we have a complete value between p1 and p2 */ |
| 4131 | if (p2 < cur_end && *p2 == '=') { |
| 4132 | /* we have something of the form no-cache="set-cookie" */ |
| 4133 | if ((cur_end - p1 >= 21) && |
| 4134 | strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0 |
| 4135 | && (p1[20] == '"' || p1[20] == ',')) |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4136 | txn->flags &= ~TX_CACHE_COOK; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4137 | continue; |
| 4138 | } |
| 4139 | |
| 4140 | /* OK, so we know that either p2 points to the end of string or to a comma */ |
| 4141 | if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) || |
| 4142 | ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) || |
| 4143 | ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) || |
| 4144 | ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4145 | txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4146 | return; |
| 4147 | } |
| 4148 | |
| 4149 | if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4150 | txn->flags |= TX_CACHEABLE | TX_CACHE_COOK; |
Willy Tarreau | a15645d | 2007-03-18 16:22:39 +0100 | [diff] [blame] | 4151 | continue; |
| 4152 | } |
| 4153 | } |
| 4154 | } |
| 4155 | |
| 4156 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4157 | /* |
| 4158 | * Try to retrieve a known appsession in the URI, then the associated server. |
| 4159 | * If the server is found, it's assigned to the session. |
| 4160 | */ |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 4161 | void get_srv_from_appsession(struct session *t, const char *begin, int len) |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4162 | { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4163 | struct http_txn *txn = &t->txn; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4164 | appsess *asession_temp = NULL; |
| 4165 | appsess local_asession; |
| 4166 | char *request_line; |
| 4167 | |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4168 | if (t->be->appsession_name == NULL || |
Willy Tarreau | b326fcc | 2007-03-03 13:54:32 +0100 | [diff] [blame] | 4169 | (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST) || |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 4170 | (request_line = memchr(begin, ';', len)) == NULL || |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4171 | ((1 + t->be->appsession_name_len + 1 + t->be->appsession_len) > (begin + len - request_line))) |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4172 | return; |
| 4173 | |
| 4174 | /* skip ';' */ |
| 4175 | request_line++; |
| 4176 | |
| 4177 | /* look if we have a jsessionid */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4178 | if (strncasecmp(request_line, t->be->appsession_name, t->be->appsession_name_len) != 0) |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4179 | return; |
| 4180 | |
| 4181 | /* skip jsessionid= */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4182 | request_line += t->be->appsession_name_len + 1; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4183 | |
| 4184 | /* First try if we already have an appsession */ |
| 4185 | asession_temp = &local_asession; |
| 4186 | |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4187 | if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4188 | Alert("Not enough memory process_cli():asession_temp->sessid:calloc().\n"); |
| 4189 | send_log(t->be, LOG_ALERT, "Not enough Memory process_cli():asession_temp->sessid:calloc().\n"); |
| 4190 | return; |
| 4191 | } |
| 4192 | |
| 4193 | /* Copy the sessionid */ |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4194 | memcpy(asession_temp->sessid, request_line, t->be->appsession_len); |
| 4195 | asession_temp->sessid[t->be->appsession_len] = 0; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4196 | asession_temp->serverid = NULL; |
| 4197 | |
| 4198 | /* only do insert, if lookup fails */ |
Ryan Warnick | 6d0b1fa | 2008-02-17 11:24:35 +0100 | [diff] [blame] | 4199 | asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid); |
| 4200 | if (asession_temp == NULL) { |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4201 | if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4202 | /* free previously allocated memory */ |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4203 | pool_free2(apools.sessid, local_asession.sessid); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4204 | Alert("Not enough memory process_cli():asession:calloc().\n"); |
| 4205 | send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n"); |
| 4206 | return; |
| 4207 | } |
| 4208 | asession_temp->sessid = local_asession.sessid; |
| 4209 | asession_temp->serverid = local_asession.serverid; |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4210 | asession_temp->request_count=0; |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4211 | appsession_hash_insert(&(t->be->htbl_proxy), asession_temp); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4212 | } |
| 4213 | else { |
| 4214 | /* free previously allocated memory */ |
Willy Tarreau | 63963c6 | 2007-05-13 21:29:55 +0200 | [diff] [blame] | 4215 | pool_free2(apools.sessid, local_asession.sessid); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4216 | } |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4217 | |
Willy Tarreau | 0c303ee | 2008-07-07 00:09:58 +0200 | [diff] [blame] | 4218 | asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4219 | asession_temp->request_count++; |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4220 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4221 | #if defined(DEBUG_HASH) |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4222 | Alert("get_srv_from_appsession\n"); |
Willy Tarreau | 51041c7 | 2007-09-09 21:56:53 +0200 | [diff] [blame] | 4223 | appsession_hash_dump(&(t->be->htbl_proxy)); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4224 | #endif |
| 4225 | if (asession_temp->serverid == NULL) { |
Aleksandar Lazic | 697bbb0 | 2008-08-13 19:57:02 +0200 | [diff] [blame] | 4226 | /* TODO redispatch request */ |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4227 | Alert("Found Application Session without matching server.\n"); |
| 4228 | } else { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4229 | struct server *srv = t->be->srv; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4230 | while (srv) { |
| 4231 | if (strcmp(srv->id, asession_temp->serverid) == 0) { |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4232 | if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) { |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4233 | /* we found the server and it's usable */ |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4234 | txn->flags &= ~TX_CK_MASK; |
| 4235 | txn->flags |= TX_CK_VALID; |
| 4236 | t->flags |= SN_DIRECT | SN_ASSIGNED; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4237 | t->srv = srv; |
| 4238 | break; |
| 4239 | } else { |
Willy Tarreau | 3d30059 | 2007-03-18 18:34:41 +0100 | [diff] [blame] | 4240 | txn->flags &= ~TX_CK_MASK; |
| 4241 | txn->flags |= TX_CK_DOWN; |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4242 | } |
| 4243 | } |
| 4244 | srv = srv->next; |
| 4245 | } |
| 4246 | } |
| 4247 | } |
| 4248 | |
| 4249 | |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4250 | /* |
Willy Tarreau | 0214c3a | 2007-01-07 13:47:30 +0100 | [diff] [blame] | 4251 | * In a GET or HEAD request, check if the requested URI matches the stats uri |
| 4252 | * for the current backend, and if an authorization has been passed and is valid. |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4253 | * |
Willy Tarreau | 0214c3a | 2007-01-07 13:47:30 +0100 | [diff] [blame] | 4254 | * It is assumed that the request is either a HEAD or GET and that the |
Willy Tarreau | e2e27a5 | 2007-04-01 00:01:37 +0200 | [diff] [blame] | 4255 | * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or |
Willy Tarreau | 0214c3a | 2007-01-07 13:47:30 +0100 | [diff] [blame] | 4256 | * produce_content() can be called to start sending data. |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4257 | * |
| 4258 | * Returns 1 if the session's state changes, otherwise 0. |
| 4259 | */ |
| 4260 | int stats_check_uri_auth(struct session *t, struct proxy *backend) |
| 4261 | { |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4262 | struct http_txn *txn = &t->txn; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4263 | struct uri_auth *uri_auth = backend->uri_auth; |
| 4264 | struct user_auth *user; |
| 4265 | int authenticated, cur_idx; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 4266 | char *h; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4267 | |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4268 | memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats)); |
| 4269 | |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 4270 | /* check URI size */ |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4271 | if (uri_auth->uri_len > txn->req.sl.rq.u_l) |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4272 | return 0; |
| 4273 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4274 | h = t->req->data + txn->req.sl.rq.u; |
Willy Tarreau | 8d5d7f2 | 2007-01-21 19:16:41 +0100 | [diff] [blame] | 4275 | |
Willy Tarreau | 0214c3a | 2007-01-07 13:47:30 +0100 | [diff] [blame] | 4276 | /* the URI is in h */ |
| 4277 | if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0) |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4278 | return 0; |
| 4279 | |
Willy Tarreau | e7150cd | 2007-07-25 14:43:32 +0200 | [diff] [blame] | 4280 | h += uri_auth->uri_len; |
| 4281 | while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) { |
| 4282 | if (memcmp(h, ";up", 3) == 0) { |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4283 | t->data_ctx.stats.flags |= STAT_HIDE_DOWN; |
Willy Tarreau | e7150cd | 2007-07-25 14:43:32 +0200 | [diff] [blame] | 4284 | break; |
| 4285 | } |
| 4286 | h++; |
| 4287 | } |
| 4288 | |
| 4289 | if (uri_auth->refresh) { |
| 4290 | h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len; |
| 4291 | while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) { |
| 4292 | if (memcmp(h, ";norefresh", 10) == 0) { |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4293 | t->data_ctx.stats.flags |= STAT_NO_REFRESH; |
Willy Tarreau | e7150cd | 2007-07-25 14:43:32 +0200 | [diff] [blame] | 4294 | break; |
| 4295 | } |
| 4296 | h++; |
| 4297 | } |
| 4298 | } |
| 4299 | |
Willy Tarreau | 55bb845 | 2007-10-17 18:44:57 +0200 | [diff] [blame] | 4300 | h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len; |
| 4301 | while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) { |
| 4302 | if (memcmp(h, ";csv", 4) == 0) { |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4303 | t->data_ctx.stats.flags |= STAT_FMT_CSV; |
Willy Tarreau | 55bb845 | 2007-10-17 18:44:57 +0200 | [diff] [blame] | 4304 | break; |
| 4305 | } |
| 4306 | h++; |
| 4307 | } |
| 4308 | |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4309 | t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO; |
| 4310 | |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4311 | /* we are in front of a interceptable URI. Let's check |
| 4312 | * if there's an authentication and if it's valid. |
| 4313 | */ |
| 4314 | user = uri_auth->users; |
| 4315 | if (!user) { |
| 4316 | /* no user auth required, it's OK */ |
| 4317 | authenticated = 1; |
| 4318 | } else { |
| 4319 | authenticated = 0; |
| 4320 | |
| 4321 | /* a user list is defined, we have to check. |
| 4322 | * skip 21 chars for "Authorization: Basic ". |
| 4323 | */ |
| 4324 | |
| 4325 | /* FIXME: this should move to an earlier place */ |
| 4326 | cur_idx = 0; |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4327 | h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx); |
| 4328 | while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) { |
| 4329 | int len = txn->hdr_idx.v[cur_idx].len; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4330 | if (len > 14 && |
| 4331 | !strncasecmp("Authorization:", h, 14)) { |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4332 | txn->auth_hdr.str = h; |
| 4333 | txn->auth_hdr.len = len; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4334 | break; |
| 4335 | } |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4336 | h += len + txn->hdr_idx.v[cur_idx].cr + 1; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4337 | } |
| 4338 | |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4339 | if (txn->auth_hdr.len < 21 || |
| 4340 | memcmp(txn->auth_hdr.str + 14, " Basic ", 7)) |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4341 | user = NULL; |
| 4342 | |
| 4343 | while (user) { |
Willy Tarreau | 4dbc4a2 | 2007-03-03 16:23:22 +0100 | [diff] [blame] | 4344 | if ((txn->auth_hdr.len == user->user_len + 14 + 7) |
| 4345 | && !memcmp(txn->auth_hdr.str + 14 + 7, |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4346 | user->user_pwd, user->user_len)) { |
| 4347 | authenticated = 1; |
| 4348 | break; |
| 4349 | } |
| 4350 | user = user->next; |
| 4351 | } |
| 4352 | } |
| 4353 | |
| 4354 | if (!authenticated) { |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 4355 | struct chunk msg; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4356 | |
| 4357 | /* no need to go further */ |
Willy Tarreau | 0f77253 | 2006-12-23 20:51:41 +0100 | [diff] [blame] | 4358 | msg.str = trash; |
| 4359 | msg.len = sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm); |
Willy Tarreau | 3bac9ff | 2007-03-18 17:31:28 +0100 | [diff] [blame] | 4360 | txn->status = 401; |
Willy Tarreau | dded32d | 2008-11-30 19:48:07 +0100 | [diff] [blame] | 4361 | stream_int_retnclose(t->req->prod, &msg); |
Willy Tarreau | 2df28e8 | 2008-08-17 15:20:19 +0200 | [diff] [blame] | 4362 | t->req->analysers = 0; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4363 | if (!(t->flags & SN_ERR_MASK)) |
| 4364 | t->flags |= SN_ERR_PRXCOND; |
| 4365 | if (!(t->flags & SN_FINST_MASK)) |
| 4366 | t->flags |= SN_FINST_R; |
| 4367 | return 1; |
| 4368 | } |
| 4369 | |
Willy Tarreau | 39f7e6d | 2008-03-17 21:38:24 +0100 | [diff] [blame] | 4370 | /* The request is valid, the user is authenticated. Let's start sending |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4371 | * data. |
| 4372 | */ |
Willy Tarreau | efb453c | 2008-10-26 20:49:47 +0100 | [diff] [blame] | 4373 | buffer_write_dis(t->req); |
Willy Tarreau | 72b179a | 2008-08-28 16:01:32 +0200 | [diff] [blame] | 4374 | buffer_shutw_now(t->req); |
| 4375 | buffer_shutr_now(t->rep); |
Willy Tarreau | 7008987 | 2008-06-13 21:12:51 +0200 | [diff] [blame] | 4376 | t->logs.tv_request = now; |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4377 | t->data_source = DATA_SRC_STATS; |
| 4378 | t->data_state = DATA_ST_INIT; |
Willy Tarreau | 91e9993 | 2008-06-30 07:51:00 +0200 | [diff] [blame] | 4379 | t->task->nice = -32; /* small boost for HTTP statistics */ |
Willy Tarreau | 01bf867 | 2008-12-07 18:03:29 +0100 | [diff] [blame] | 4380 | buffer_install_hijacker(t, t->rep, produce_content); |
Willy Tarreau | b251390 | 2006-12-17 14:52:38 +0100 | [diff] [blame] | 4381 | return 1; |
| 4382 | } |
| 4383 | |
| 4384 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 4385 | /* |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4386 | * Print a debug line with a header |
| 4387 | */ |
| 4388 | void debug_hdr(const char *dir, struct session *t, const char *start, const char *end) |
| 4389 | { |
| 4390 | int len, max; |
| 4391 | len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id, |
Willy Tarreau | 3a16b2c | 2008-08-28 08:54:27 +0200 | [diff] [blame] | 4392 | dir, (unsigned short)t->req->prod->fd, (unsigned short)t->req->cons->fd); |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4393 | max = end - start; |
| 4394 | UBOUND(max, sizeof(trash) - len - 1); |
| 4395 | len += strlcpy2(trash + len, start, max + 1); |
| 4396 | trash[len++] = '\n'; |
| 4397 | write(1, trash, len); |
| 4398 | } |
| 4399 | |
| 4400 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4401 | /************************************************************************/ |
| 4402 | /* The code below is dedicated to ACL parsing and matching */ |
| 4403 | /************************************************************************/ |
| 4404 | |
| 4405 | |
| 4406 | |
| 4407 | |
| 4408 | /* 1. Check on METHOD |
| 4409 | * We use the pre-parsed method if it is known, and store its number as an |
| 4410 | * integer. If it is unknown, we use the pointer and the length. |
| 4411 | */ |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4412 | static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4413 | { |
| 4414 | int len, meth; |
| 4415 | |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4416 | len = strlen(*text); |
| 4417 | meth = find_http_meth(*text, len); |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4418 | |
| 4419 | pattern->val.i = meth; |
| 4420 | if (meth == HTTP_METH_OTHER) { |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4421 | pattern->ptr.str = strdup(*text); |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4422 | if (!pattern->ptr.str) |
| 4423 | return 0; |
| 4424 | pattern->len = len; |
| 4425 | } |
| 4426 | return 1; |
| 4427 | } |
| 4428 | |
Willy Tarreau | d41f8d8 | 2007-06-10 10:06:18 +0200 | [diff] [blame] | 4429 | static int |
Willy Tarreau | 97be145 | 2007-06-10 11:47:14 +0200 | [diff] [blame] | 4430 | acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4431 | struct acl_expr *expr, struct acl_test *test) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4432 | { |
| 4433 | int meth; |
| 4434 | struct http_txn *txn = l7; |
| 4435 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4436 | if (!txn) |
| 4437 | return 0; |
| 4438 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4439 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4440 | return 0; |
| 4441 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4442 | meth = txn->meth; |
| 4443 | test->i = meth; |
| 4444 | if (meth == HTTP_METH_OTHER) { |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4445 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4446 | /* ensure the indexes are not affected */ |
| 4447 | return 0; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4448 | test->len = txn->req.sl.rq.m_l; |
| 4449 | test->ptr = txn->req.sol; |
| 4450 | } |
| 4451 | test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST; |
| 4452 | return 1; |
| 4453 | } |
| 4454 | |
| 4455 | static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern) |
| 4456 | { |
Willy Tarreau | c8d7c96 | 2007-06-17 08:20:33 +0200 | [diff] [blame] | 4457 | int icase; |
| 4458 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4459 | if (test->i != pattern->val.i) |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 4460 | return ACL_PAT_FAIL; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4461 | |
| 4462 | if (test->i != HTTP_METH_OTHER) |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 4463 | return ACL_PAT_PASS; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4464 | |
| 4465 | /* Other method, we must compare the strings */ |
| 4466 | if (pattern->len != test->len) |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 4467 | return ACL_PAT_FAIL; |
Willy Tarreau | c8d7c96 | 2007-06-17 08:20:33 +0200 | [diff] [blame] | 4468 | |
| 4469 | icase = pattern->flags & ACL_PAT_F_IGNORE_CASE; |
| 4470 | if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) || |
| 4471 | (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0)) |
Willy Tarreau | 1138281 | 2008-07-09 16:18:21 +0200 | [diff] [blame] | 4472 | return ACL_PAT_FAIL; |
| 4473 | return ACL_PAT_PASS; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4474 | } |
| 4475 | |
| 4476 | /* 2. Check on Request/Status Version |
| 4477 | * We simply compare strings here. |
| 4478 | */ |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4479 | static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4480 | { |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4481 | pattern->ptr.str = strdup(*text); |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4482 | if (!pattern->ptr.str) |
| 4483 | return 0; |
Willy Tarreau | ae8b796 | 2007-06-09 23:10:04 +0200 | [diff] [blame] | 4484 | pattern->len = strlen(*text); |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4485 | return 1; |
| 4486 | } |
| 4487 | |
Willy Tarreau | d41f8d8 | 2007-06-10 10:06:18 +0200 | [diff] [blame] | 4488 | static int |
Willy Tarreau | 97be145 | 2007-06-10 11:47:14 +0200 | [diff] [blame] | 4489 | acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4490 | struct acl_expr *expr, struct acl_test *test) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4491 | { |
| 4492 | struct http_txn *txn = l7; |
| 4493 | char *ptr; |
| 4494 | int len; |
| 4495 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4496 | if (!txn) |
| 4497 | return 0; |
| 4498 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4499 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4500 | return 0; |
| 4501 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4502 | len = txn->req.sl.rq.v_l; |
| 4503 | ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som; |
| 4504 | |
| 4505 | while ((len-- > 0) && (*ptr++ != '/')); |
| 4506 | if (len <= 0) |
| 4507 | return 0; |
| 4508 | |
| 4509 | test->ptr = ptr; |
| 4510 | test->len = len; |
| 4511 | |
| 4512 | test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST; |
| 4513 | return 1; |
| 4514 | } |
| 4515 | |
Willy Tarreau | d41f8d8 | 2007-06-10 10:06:18 +0200 | [diff] [blame] | 4516 | static int |
Willy Tarreau | 97be145 | 2007-06-10 11:47:14 +0200 | [diff] [blame] | 4517 | acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4518 | struct acl_expr *expr, struct acl_test *test) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4519 | { |
| 4520 | struct http_txn *txn = l7; |
| 4521 | char *ptr; |
| 4522 | int len; |
| 4523 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4524 | if (!txn) |
| 4525 | return 0; |
| 4526 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4527 | if (txn->rsp.msg_state != HTTP_MSG_BODY) |
| 4528 | return 0; |
| 4529 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4530 | len = txn->rsp.sl.st.v_l; |
| 4531 | ptr = txn->rsp.sol; |
| 4532 | |
| 4533 | while ((len-- > 0) && (*ptr++ != '/')); |
| 4534 | if (len <= 0) |
| 4535 | return 0; |
| 4536 | |
| 4537 | test->ptr = ptr; |
| 4538 | test->len = len; |
| 4539 | |
| 4540 | test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST; |
| 4541 | return 1; |
| 4542 | } |
| 4543 | |
| 4544 | /* 3. Check on Status Code. We manipulate integers here. */ |
Willy Tarreau | d41f8d8 | 2007-06-10 10:06:18 +0200 | [diff] [blame] | 4545 | static int |
Willy Tarreau | 97be145 | 2007-06-10 11:47:14 +0200 | [diff] [blame] | 4546 | acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4547 | struct acl_expr *expr, struct acl_test *test) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4548 | { |
| 4549 | struct http_txn *txn = l7; |
| 4550 | char *ptr; |
| 4551 | int len; |
| 4552 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4553 | if (!txn) |
| 4554 | return 0; |
| 4555 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4556 | if (txn->rsp.msg_state != HTTP_MSG_BODY) |
| 4557 | return 0; |
| 4558 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4559 | len = txn->rsp.sl.st.c_l; |
| 4560 | ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som; |
| 4561 | |
| 4562 | test->i = __strl2ui(ptr, len); |
| 4563 | test->flags = ACL_TEST_F_VOL_1ST; |
| 4564 | return 1; |
| 4565 | } |
| 4566 | |
| 4567 | /* 4. Check on URL/URI. A pointer to the URI is stored. */ |
Willy Tarreau | d41f8d8 | 2007-06-10 10:06:18 +0200 | [diff] [blame] | 4568 | static int |
Willy Tarreau | 97be145 | 2007-06-10 11:47:14 +0200 | [diff] [blame] | 4569 | acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4570 | struct acl_expr *expr, struct acl_test *test) |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4571 | { |
| 4572 | struct http_txn *txn = l7; |
| 4573 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4574 | if (!txn) |
| 4575 | return 0; |
| 4576 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4577 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4578 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4579 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4580 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4581 | /* ensure the indexes are not affected */ |
| 4582 | return 0; |
| 4583 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4584 | test->len = txn->req.sl.rq.u_l; |
| 4585 | test->ptr = txn->req.sol + txn->req.sl.rq.u; |
| 4586 | |
Willy Tarreau | f3d2598 | 2007-05-08 22:45:09 +0200 | [diff] [blame] | 4587 | /* we do not need to set READ_ONLY because the data is in a buffer */ |
| 4588 | test->flags = ACL_TEST_F_VOL_1ST; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4589 | return 1; |
| 4590 | } |
| 4591 | |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 4592 | static int |
| 4593 | acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4594 | struct acl_expr *expr, struct acl_test *test) |
| 4595 | { |
| 4596 | struct http_txn *txn = l7; |
| 4597 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4598 | if (!txn) |
| 4599 | return 0; |
| 4600 | |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 4601 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4602 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4603 | |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 4604 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4605 | /* ensure the indexes are not affected */ |
| 4606 | return 0; |
| 4607 | |
| 4608 | /* Parse HTTP request */ |
| 4609 | url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr); |
| 4610 | test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr; |
| 4611 | test->i = AF_INET; |
| 4612 | |
| 4613 | /* |
| 4614 | * If we are parsing url in frontend space, we prepare backend stage |
| 4615 | * to not parse again the same url ! optimization lazyness... |
| 4616 | */ |
| 4617 | if (px->options & PR_O_HTTP_PROXY) |
| 4618 | l4->flags |= SN_ADDR_SET; |
| 4619 | |
| 4620 | test->flags = ACL_TEST_F_READ_ONLY; |
| 4621 | return 1; |
| 4622 | } |
| 4623 | |
| 4624 | static int |
| 4625 | acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4626 | struct acl_expr *expr, struct acl_test *test) |
| 4627 | { |
| 4628 | struct http_txn *txn = l7; |
| 4629 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4630 | if (!txn) |
| 4631 | return 0; |
| 4632 | |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 4633 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4634 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4635 | |
Alexandre Cassen | 5eb1a90 | 2007-11-29 15:43:32 +0100 | [diff] [blame] | 4636 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4637 | /* ensure the indexes are not affected */ |
| 4638 | return 0; |
| 4639 | |
| 4640 | /* Same optimization as url_ip */ |
| 4641 | url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr); |
| 4642 | test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port); |
| 4643 | |
| 4644 | if (px->options & PR_O_HTTP_PROXY) |
| 4645 | l4->flags |= SN_ADDR_SET; |
| 4646 | |
| 4647 | test->flags = ACL_TEST_F_READ_ONLY; |
| 4648 | return 1; |
| 4649 | } |
| 4650 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4651 | /* 5. Check on HTTP header. A pointer to the beginning of the value is returned. |
| 4652 | * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr(). |
| 4653 | */ |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4654 | static int |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4655 | acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol, |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4656 | struct acl_expr *expr, struct acl_test *test) |
| 4657 | { |
| 4658 | struct http_txn *txn = l7; |
| 4659 | struct hdr_idx *idx = &txn->hdr_idx; |
| 4660 | struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a; |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4661 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4662 | if (!txn) |
| 4663 | return 0; |
| 4664 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4665 | if (!(test->flags & ACL_TEST_F_FETCH_MORE)) |
| 4666 | /* search for header from the beginning */ |
| 4667 | ctx->idx = 0; |
| 4668 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4669 | if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) { |
| 4670 | test->flags |= ACL_TEST_F_FETCH_MORE; |
| 4671 | test->flags |= ACL_TEST_F_VOL_HDR; |
| 4672 | test->len = ctx->vlen; |
| 4673 | test->ptr = (char *)ctx->line + ctx->val; |
| 4674 | return 1; |
| 4675 | } |
| 4676 | |
| 4677 | test->flags &= ~ACL_TEST_F_FETCH_MORE; |
| 4678 | test->flags |= ACL_TEST_F_VOL_HDR; |
| 4679 | return 0; |
| 4680 | } |
| 4681 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4682 | static int |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4683 | acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4684 | struct acl_expr *expr, struct acl_test *test) |
| 4685 | { |
| 4686 | struct http_txn *txn = l7; |
| 4687 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4688 | if (!txn) |
| 4689 | return 0; |
| 4690 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4691 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4692 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4693 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4694 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4695 | /* ensure the indexes are not affected */ |
| 4696 | return 0; |
| 4697 | |
| 4698 | return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test); |
| 4699 | } |
| 4700 | |
| 4701 | static int |
| 4702 | acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4703 | struct acl_expr *expr, struct acl_test *test) |
| 4704 | { |
| 4705 | struct http_txn *txn = l7; |
| 4706 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4707 | if (!txn) |
| 4708 | return 0; |
| 4709 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4710 | if (txn->rsp.msg_state != HTTP_MSG_BODY) |
| 4711 | return 0; |
| 4712 | |
| 4713 | return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test); |
| 4714 | } |
| 4715 | |
| 4716 | /* 6. Check on HTTP header count. The number of occurrences is returned. |
| 4717 | * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*. |
| 4718 | */ |
| 4719 | static int |
| 4720 | acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol, |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4721 | struct acl_expr *expr, struct acl_test *test) |
| 4722 | { |
| 4723 | struct http_txn *txn = l7; |
| 4724 | struct hdr_idx *idx = &txn->hdr_idx; |
| 4725 | struct hdr_ctx ctx; |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4726 | int cnt; |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4727 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4728 | if (!txn) |
| 4729 | return 0; |
| 4730 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4731 | ctx.idx = 0; |
| 4732 | cnt = 0; |
| 4733 | while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx)) |
| 4734 | cnt++; |
| 4735 | |
| 4736 | test->i = cnt; |
| 4737 | test->flags = ACL_TEST_F_VOL_HDR; |
| 4738 | return 1; |
| 4739 | } |
| 4740 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4741 | static int |
| 4742 | acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4743 | struct acl_expr *expr, struct acl_test *test) |
| 4744 | { |
| 4745 | struct http_txn *txn = l7; |
| 4746 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4747 | if (!txn) |
| 4748 | return 0; |
| 4749 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4750 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4751 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4752 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4753 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4754 | /* ensure the indexes are not affected */ |
| 4755 | return 0; |
| 4756 | |
| 4757 | return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test); |
| 4758 | } |
| 4759 | |
| 4760 | static int |
| 4761 | acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4762 | struct acl_expr *expr, struct acl_test *test) |
| 4763 | { |
| 4764 | struct http_txn *txn = l7; |
| 4765 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4766 | if (!txn) |
| 4767 | return 0; |
| 4768 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4769 | if (txn->rsp.msg_state != HTTP_MSG_BODY) |
| 4770 | return 0; |
| 4771 | |
| 4772 | return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test); |
| 4773 | } |
| 4774 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4775 | /* 7. Check on HTTP header's integer value. The integer value is returned. |
| 4776 | * FIXME: the type is 'int', it may not be appropriate for everything. |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4777 | * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*. |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4778 | */ |
| 4779 | static int |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4780 | acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol, |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4781 | struct acl_expr *expr, struct acl_test *test) |
| 4782 | { |
| 4783 | struct http_txn *txn = l7; |
| 4784 | struct hdr_idx *idx = &txn->hdr_idx; |
| 4785 | struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a; |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4786 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4787 | if (!txn) |
| 4788 | return 0; |
| 4789 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4790 | if (!(test->flags & ACL_TEST_F_FETCH_MORE)) |
| 4791 | /* search for header from the beginning */ |
| 4792 | ctx->idx = 0; |
| 4793 | |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4794 | if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) { |
| 4795 | test->flags |= ACL_TEST_F_FETCH_MORE; |
| 4796 | test->flags |= ACL_TEST_F_VOL_HDR; |
| 4797 | test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen); |
| 4798 | return 1; |
| 4799 | } |
| 4800 | |
| 4801 | test->flags &= ~ACL_TEST_F_FETCH_MORE; |
| 4802 | test->flags |= ACL_TEST_F_VOL_HDR; |
| 4803 | return 0; |
| 4804 | } |
| 4805 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4806 | static int |
| 4807 | acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4808 | struct acl_expr *expr, struct acl_test *test) |
| 4809 | { |
| 4810 | struct http_txn *txn = l7; |
| 4811 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4812 | if (!txn) |
| 4813 | return 0; |
| 4814 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4815 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4816 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4817 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4818 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4819 | /* ensure the indexes are not affected */ |
| 4820 | return 0; |
| 4821 | |
| 4822 | return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test); |
| 4823 | } |
| 4824 | |
| 4825 | static int |
| 4826 | acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4827 | struct acl_expr *expr, struct acl_test *test) |
| 4828 | { |
| 4829 | struct http_txn *txn = l7; |
| 4830 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4831 | if (!txn) |
| 4832 | return 0; |
| 4833 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4834 | if (txn->rsp.msg_state != HTTP_MSG_BODY) |
| 4835 | return 0; |
| 4836 | |
| 4837 | return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test); |
| 4838 | } |
| 4839 | |
Willy Tarreau | 737b0c1 | 2007-06-10 21:28:46 +0200 | [diff] [blame] | 4840 | /* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at |
| 4841 | * the first '/' after the possible hostname, and ends before the possible '?'. |
| 4842 | */ |
| 4843 | static int |
| 4844 | acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir, |
| 4845 | struct acl_expr *expr, struct acl_test *test) |
| 4846 | { |
| 4847 | struct http_txn *txn = l7; |
| 4848 | char *ptr, *end; |
Willy Tarreau | 33a7e69 | 2007-06-10 19:45:56 +0200 | [diff] [blame] | 4849 | |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4850 | if (!txn) |
| 4851 | return 0; |
| 4852 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4853 | if (txn->req.msg_state != HTTP_MSG_BODY) |
| 4854 | return 0; |
Willy Tarreau | b686644 | 2008-07-14 23:54:42 +0200 | [diff] [blame] | 4855 | |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4856 | if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE) |
| 4857 | /* ensure the indexes are not affected */ |
| 4858 | return 0; |
| 4859 | |
Willy Tarreau | 21d2af3 | 2008-02-14 20:25:24 +0100 | [diff] [blame] | 4860 | end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l; |
| 4861 | ptr = http_get_path(txn); |
| 4862 | if (!ptr) |
Willy Tarreau | 737b0c1 | 2007-06-10 21:28:46 +0200 | [diff] [blame] | 4863 | return 0; |
| 4864 | |
| 4865 | /* OK, we got the '/' ! */ |
| 4866 | test->ptr = ptr; |
| 4867 | |
| 4868 | while (ptr < end && *ptr != '?') |
| 4869 | ptr++; |
| 4870 | |
| 4871 | test->len = ptr - test->ptr; |
| 4872 | |
| 4873 | /* we do not need to set READ_ONLY because the data is in a buffer */ |
| 4874 | test->flags = ACL_TEST_F_VOL_1ST; |
| 4875 | return 1; |
| 4876 | } |
| 4877 | |
| 4878 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4879 | |
| 4880 | /************************************************************************/ |
| 4881 | /* All supported keywords must be declared here. */ |
| 4882 | /************************************************************************/ |
| 4883 | |
| 4884 | /* Note: must not be declared <const> as its list will be overwritten */ |
| 4885 | static struct acl_kw_list acl_kws = {{ },{ |
Willy Tarreau | 0ceba5a | 2008-07-25 19:31:03 +0200 | [diff] [blame] | 4886 | { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT }, |
| 4887 | { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE }, |
| 4888 | { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE }, |
| 4889 | { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT }, |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4890 | |
Willy Tarreau | 0ceba5a | 2008-07-25 19:31:03 +0200 | [diff] [blame] | 4891 | { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE }, |
| 4892 | { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, |
| 4893 | { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE }, |
| 4894 | { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, |
| 4895 | { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, |
| 4896 | { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, |
| 4897 | { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, |
| 4898 | { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE }, |
| 4899 | { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE }, |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4900 | |
Willy Tarreau | 0ceba5a | 2008-07-25 19:31:03 +0200 | [diff] [blame] | 4901 | /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */ |
| 4902 | { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE }, |
| 4903 | { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, |
| 4904 | { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, |
| 4905 | { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE }, |
| 4906 | { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, |
| 4907 | { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, |
| 4908 | { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, |
| 4909 | { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE }, |
| 4910 | { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE }, |
Willy Tarreau | c11416f | 2007-06-17 16:58:38 +0200 | [diff] [blame] | 4911 | |
Willy Tarreau | 0ceba5a | 2008-07-25 19:31:03 +0200 | [diff] [blame] | 4912 | { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE }, |
| 4913 | { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE }, |
| 4914 | { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE }, |
| 4915 | { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE }, |
| 4916 | { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE }, |
| 4917 | { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE }, |
| 4918 | { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE }, |
| 4919 | { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE }, |
| 4920 | { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE }, |
Willy Tarreau | 737b0c1 | 2007-06-10 21:28:46 +0200 | [diff] [blame] | 4921 | |
Willy Tarreau | 0ceba5a | 2008-07-25 19:31:03 +0200 | [diff] [blame] | 4922 | { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE }, |
| 4923 | { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, |
| 4924 | { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, |
| 4925 | { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE }, |
| 4926 | { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, |
| 4927 | { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, |
| 4928 | { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, |
Willy Tarreau | 737b0c1 | 2007-06-10 21:28:46 +0200 | [diff] [blame] | 4929 | |
Willy Tarreau | f3d2598 | 2007-05-08 22:45:09 +0200 | [diff] [blame] | 4930 | { NULL, NULL, NULL, NULL }, |
| 4931 | |
| 4932 | #if 0 |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4933 | { "line", acl_parse_str, acl_fetch_line, acl_match_str }, |
| 4934 | { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg }, |
| 4935 | { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg }, |
| 4936 | { "line_end", acl_parse_str, acl_fetch_line, acl_match_end }, |
| 4937 | { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub }, |
| 4938 | { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir }, |
| 4939 | { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom }, |
| 4940 | |
Willy Tarreau | 8797c06 | 2007-05-07 00:55:35 +0200 | [diff] [blame] | 4941 | { "cook", acl_parse_str, acl_fetch_cook, acl_match_str }, |
| 4942 | { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg }, |
| 4943 | { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg }, |
| 4944 | { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end }, |
| 4945 | { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub }, |
| 4946 | { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir }, |
| 4947 | { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom }, |
| 4948 | { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst }, |
| 4949 | |
| 4950 | { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str }, |
| 4951 | { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg }, |
| 4952 | { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str }, |
| 4953 | { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 }, |
| 4954 | { NULL, NULL, NULL, NULL }, |
| 4955 | #endif |
| 4956 | }}; |
| 4957 | |
| 4958 | |
| 4959 | __attribute__((constructor)) |
| 4960 | static void __http_protocol_init(void) |
| 4961 | { |
| 4962 | acl_register_keywords(&acl_kws); |
| 4963 | } |
| 4964 | |
| 4965 | |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 4966 | /* |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 4967 | * Local variables: |
| 4968 | * c-indent-level: 8 |
| 4969 | * c-basic-offset: 8 |
| 4970 | * End: |
| 4971 | */ |