blob: d9d989b60f03e73f676014e758d352d2232ad0e2 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01004 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreaub05405a2012-01-23 15:35:52 +010026#include <netinet/tcp.h>
27
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010029#include <common/base64.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020030#include <common/chunk.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/compat.h>
32#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010033#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/memory.h>
35#include <common/mini-clist.h>
36#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020037#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020038#include <common/time.h>
39#include <common/uri_auth.h>
40#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
42#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020043#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044
Willy Tarreau8797c062007-05-07 00:55:35 +020045#include <proto/acl.h>
Willy Tarreau61612d42012-04-19 18:42:05 +020046#include <proto/arg.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010047#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/backend.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020049#include <proto/channel.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010050#include <proto/checks.h>
William Lallemand82fe75c2012-10-23 10:25:10 +020051#include <proto/compression.h>
Willy Tarreau91861262007-10-17 17:06:05 +020052#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020054#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010056#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020057#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020058#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010059#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020060#include <proto/queue.h>
Willy Tarreaucd3b0942012-04-27 21:52:18 +020061#include <proto/sample.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010062#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020063#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010064#include <proto/stream_interface.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020065#include <proto/task.h>
66
Willy Tarreau522d6c02009-12-06 18:49:18 +010067const char HTTP_100[] =
68 "HTTP/1.1 100 Continue\r\n\r\n";
69
70const struct chunk http_100_chunk = {
71 .str = (char *)&HTTP_100,
72 .len = sizeof(HTTP_100)-1
73};
74
Willy Tarreaua9679ac2010-01-03 17:32:57 +010075/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020076const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010077 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010078 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020079 "Location: "; /* not terminated since it will be concatenated with the URL */
80
Willy Tarreau0f772532006-12-23 20:51:41 +010081const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010082 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010083 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010084 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010085 "Location: "; /* not terminated since it will be concatenated with the URL */
86
87/* same as 302 except that the browser MUST retry with the GET method */
88const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010089 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010090 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010091 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010092 "Location: "; /* not terminated since it will be concatenated with the URL */
93
Yves Lafon3e8d1ae2013-03-11 11:06:05 -040094
95/* same as 302 except that the browser MUST retry with the same method */
96const char *HTTP_307 =
97 "HTTP/1.1 307 Temporary Redirect\r\n"
98 "Cache-Control: no-cache\r\n"
99 "Content-length: 0\r\n"
100 "Location: "; /* not terminated since it will be concatenated with the URL */
101
102/* same as 301 except that the browser MUST retry with the same method */
103const char *HTTP_308 =
104 "HTTP/1.1 308 Permanent Redirect\r\n"
105 "Content-length: 0\r\n"
106 "Location: "; /* not terminated since it will be concatenated with the URL */
107
Willy Tarreaubaaee002006-06-26 02:48:02 +0200108/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
109const char *HTTP_401_fmt =
110 "HTTP/1.0 401 Unauthorized\r\n"
111 "Cache-Control: no-cache\r\n"
112 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200113 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200114 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
115 "\r\n"
116 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
117
Willy Tarreau844a7e72010-01-31 21:46:18 +0100118const char *HTTP_407_fmt =
119 "HTTP/1.0 407 Unauthorized\r\n"
120 "Cache-Control: no-cache\r\n"
121 "Connection: close\r\n"
122 "Content-Type: text/html\r\n"
123 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
124 "\r\n"
125 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
126
Willy Tarreau0f772532006-12-23 20:51:41 +0100127
128const int http_err_codes[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200129 [HTTP_ERR_200] = 200, /* used by "monitor-uri" */
Willy Tarreau0f772532006-12-23 20:51:41 +0100130 [HTTP_ERR_400] = 400,
131 [HTTP_ERR_403] = 403,
132 [HTTP_ERR_408] = 408,
133 [HTTP_ERR_500] = 500,
134 [HTTP_ERR_502] = 502,
135 [HTTP_ERR_503] = 503,
136 [HTTP_ERR_504] = 504,
137};
138
Willy Tarreau80587432006-12-24 17:47:20 +0100139static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200140 [HTTP_ERR_200] =
141 "HTTP/1.0 200 OK\r\n"
142 "Cache-Control: no-cache\r\n"
143 "Connection: close\r\n"
144 "Content-Type: text/html\r\n"
145 "\r\n"
146 "<html><body><h1>200 OK</h1>\nService ready.\n</body></html>\n",
147
Willy Tarreau0f772532006-12-23 20:51:41 +0100148 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100149 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100150 "Cache-Control: no-cache\r\n"
151 "Connection: close\r\n"
152 "Content-Type: text/html\r\n"
153 "\r\n"
154 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
155
156 [HTTP_ERR_403] =
157 "HTTP/1.0 403 Forbidden\r\n"
158 "Cache-Control: no-cache\r\n"
159 "Connection: close\r\n"
160 "Content-Type: text/html\r\n"
161 "\r\n"
162 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
163
164 [HTTP_ERR_408] =
165 "HTTP/1.0 408 Request Time-out\r\n"
166 "Cache-Control: no-cache\r\n"
167 "Connection: close\r\n"
168 "Content-Type: text/html\r\n"
169 "\r\n"
170 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
171
172 [HTTP_ERR_500] =
173 "HTTP/1.0 500 Server Error\r\n"
174 "Cache-Control: no-cache\r\n"
175 "Connection: close\r\n"
176 "Content-Type: text/html\r\n"
177 "\r\n"
178 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
179
180 [HTTP_ERR_502] =
181 "HTTP/1.0 502 Bad Gateway\r\n"
182 "Cache-Control: no-cache\r\n"
183 "Connection: close\r\n"
184 "Content-Type: text/html\r\n"
185 "\r\n"
186 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
187
188 [HTTP_ERR_503] =
189 "HTTP/1.0 503 Service Unavailable\r\n"
190 "Cache-Control: no-cache\r\n"
191 "Connection: close\r\n"
192 "Content-Type: text/html\r\n"
193 "\r\n"
194 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
195
196 [HTTP_ERR_504] =
197 "HTTP/1.0 504 Gateway Time-out\r\n"
198 "Cache-Control: no-cache\r\n"
199 "Connection: close\r\n"
200 "Content-Type: text/html\r\n"
201 "\r\n"
202 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
203
204};
205
Cyril Bonté19979e12012-04-04 12:57:21 +0200206/* status codes available for the stats admin page (strictly 4 chars length) */
207const char *stat_status_codes[STAT_STATUS_SIZE] = {
208 [STAT_STATUS_DENY] = "DENY",
209 [STAT_STATUS_DONE] = "DONE",
210 [STAT_STATUS_ERRP] = "ERRP",
211 [STAT_STATUS_EXCD] = "EXCD",
212 [STAT_STATUS_NONE] = "NONE",
213 [STAT_STATUS_PART] = "PART",
214 [STAT_STATUS_UNKN] = "UNKN",
215};
216
217
Willy Tarreau80587432006-12-24 17:47:20 +0100218/* We must put the messages here since GCC cannot initialize consts depending
219 * on strlen().
220 */
221struct chunk http_err_chunks[HTTP_ERR_SIZE];
222
Willy Tarreaua890d072013-04-02 12:01:06 +0200223/* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
224static struct hdr_ctx static_hdr_ctx;
225
Willy Tarreau42250582007-04-01 01:30:43 +0200226#define FD_SETS_ARE_BITFIELDS
227#ifdef FD_SETS_ARE_BITFIELDS
228/*
229 * This map is used with all the FD_* macros to check whether a particular bit
230 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
231 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
232 * byte should be encoded. Be careful to always pass bytes from 0 to 255
233 * exclusively to the macros.
234 */
235fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
236fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
237
238#else
239#error "Check if your OS uses bitfields for fd_sets"
240#endif
241
Willy Tarreau80587432006-12-24 17:47:20 +0100242void init_proto_http()
243{
Willy Tarreau42250582007-04-01 01:30:43 +0200244 int i;
245 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100246 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200247
Willy Tarreau80587432006-12-24 17:47:20 +0100248 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
249 if (!http_err_msgs[msg]) {
250 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
251 abort();
252 }
253
254 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
255 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
256 }
Willy Tarreau42250582007-04-01 01:30:43 +0200257
258 /* initialize the log header encoding map : '{|}"#' should be encoded with
259 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
260 * URL encoding only requires '"', '#' to be encoded as well as non-
261 * printable characters above.
262 */
263 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
264 memset(url_encode_map, 0, sizeof(url_encode_map));
265 for (i = 0; i < 32; i++) {
266 FD_SET(i, hdr_encode_map);
267 FD_SET(i, url_encode_map);
268 }
269 for (i = 127; i < 256; i++) {
270 FD_SET(i, hdr_encode_map);
271 FD_SET(i, url_encode_map);
272 }
273
274 tmp = "\"#{|}";
275 while (*tmp) {
276 FD_SET(*tmp, hdr_encode_map);
277 tmp++;
278 }
279
280 tmp = "\"#";
281 while (*tmp) {
282 FD_SET(*tmp, url_encode_map);
283 tmp++;
284 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200285
286 /* memory allocations */
287 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
William Lallemanda73203e2012-03-12 12:48:57 +0100288 pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100289}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200290
Willy Tarreau53b6c742006-12-17 13:37:46 +0100291/*
292 * We have 26 list of methods (1 per first letter), each of which can have
293 * up to 3 entries (2 valid, 1 null).
294 */
295struct http_method_desc {
296 http_meth_t meth;
297 int len;
298 const char text[8];
299};
300
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100301const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100302 ['C' - 'A'] = {
303 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
304 },
305 ['D' - 'A'] = {
306 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
307 },
308 ['G' - 'A'] = {
309 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
310 },
311 ['H' - 'A'] = {
312 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
313 },
314 ['P' - 'A'] = {
315 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
316 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
317 },
318 ['T' - 'A'] = {
319 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
320 },
321 /* rest is empty like this :
322 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
323 */
324};
325
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100326/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200327 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100328 * RFC2616 for those chars.
329 */
330
331const char http_is_spht[256] = {
332 [' '] = 1, ['\t'] = 1,
333};
334
335const char http_is_crlf[256] = {
336 ['\r'] = 1, ['\n'] = 1,
337};
338
339const char http_is_lws[256] = {
340 [' '] = 1, ['\t'] = 1,
341 ['\r'] = 1, ['\n'] = 1,
342};
343
344const char http_is_sep[256] = {
345 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
346 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
347 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
348 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
349 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
350};
351
352const char http_is_ctl[256] = {
353 [0 ... 31] = 1,
354 [127] = 1,
355};
356
357/*
358 * A token is any ASCII char that is neither a separator nor a CTL char.
359 * Do not overwrite values in assignment since gcc-2.95 will not handle
360 * them correctly. Instead, define every non-CTL char's status.
361 */
362const char http_is_token[256] = {
363 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
364 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
365 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
366 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
367 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
368 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
369 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
370 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
371 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
372 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
373 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
374 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
375 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
376 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
377 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
378 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
379 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
380 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
381 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
382 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
383 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
384 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
385 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
386 ['|'] = 1, ['}'] = 0, ['~'] = 1,
387};
388
389
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100390/*
391 * An http ver_token is any ASCII which can be found in an HTTP version,
392 * which includes 'H', 'T', 'P', '/', '.' and any digit.
393 */
394const char http_is_ver_token[256] = {
395 ['.'] = 1, ['/'] = 1,
396 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
397 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
398 ['H'] = 1, ['P'] = 1, ['T'] = 1,
399};
400
401
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100402/*
Willy Tarreaue988a792010-01-04 21:13:14 +0100403 * Silent debug that outputs only in strace, using fd #-1. Trash is modified.
404 */
405#if defined(DEBUG_FSM)
406static void http_silent_debug(int line, struct session *s)
407{
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100408 chunk_printf(&trash,
409 "[%04d] req: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld tf=%08x\n",
410 line,
411 s->si[0].state, s->si[0].fd, s->txn.req.msg_state, s->req->flags, s->req->analysers,
412 s->req->buf->data, s->req->buf->size, s->req->l, s->req->w, s->req->r, s->req->buf->p, s->req->buf->o, s->req->to_forward, s->txn.flags);
413 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100414
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100415 chunk_printf(&trash,
416 " %04d rep: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld\n",
417 line,
418 s->si[1].state, s->si[1].fd, s->txn.rsp.msg_state, s->rep->flags, s->rep->analysers,
419 s->rep->buf->data, s->rep->buf->size, s->rep->l, s->rep->w, s->rep->r, s->rep->buf->p, s->rep->buf->o, s->rep->to_forward);
420 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100421}
422#else
423#define http_silent_debug(l,s) do { } while (0)
424#endif
425
426/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100427 * Adds a header and its CRLF at the tail of the message's buffer, just before
428 * the last CRLF. Text length is measured first, so it cannot be NULL.
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100429 * The header is also automatically added to the index <hdr_idx>, and the end
430 * of headers is automatically adjusted. The number of bytes added is returned
431 * on success, otherwise <0 is returned indicating an error.
432 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100433int http_header_add_tail(struct http_msg *msg, struct hdr_idx *hdr_idx, const char *text)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100434{
435 int bytes, len;
436
437 len = strlen(text);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200438 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100439 if (!bytes)
440 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100441 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100442 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
443}
444
445/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100446 * Adds a header and its CRLF at the tail of the message's buffer, just before
447 * the last CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100448 * the buffer is only opened and the space reserved, but nothing is copied.
449 * The header is also automatically added to the index <hdr_idx>, and the end
450 * of headers is automatically adjusted. The number of bytes added is returned
451 * on success, otherwise <0 is returned indicating an error.
452 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100453int http_header_add_tail2(struct http_msg *msg,
454 struct hdr_idx *hdr_idx, const char *text, int len)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100455{
456 int bytes;
457
Willy Tarreau9b28e032012-10-12 23:49:43 +0200458 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100459 if (!bytes)
460 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100461 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100462 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
463}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200464
465/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100466 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
467 * If so, returns the position of the first non-space character relative to
468 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
469 * to return a pointer to the place after the first space. Returns 0 if the
470 * header name does not match. Checks are case-insensitive.
471 */
472int http_header_match2(const char *hdr, const char *end,
473 const char *name, int len)
474{
475 const char *val;
476
477 if (hdr + len >= end)
478 return 0;
479 if (hdr[len] != ':')
480 return 0;
481 if (strncasecmp(hdr, name, len) != 0)
482 return 0;
483 val = hdr + len + 1;
484 while (val < end && HTTP_IS_SPHT(*val))
485 val++;
486 if ((val >= end) && (len + 2 <= end - hdr))
487 return len + 2; /* we may replace starting from second space */
488 return val - hdr;
489}
490
Willy Tarreau04ff9f12013-06-10 18:39:42 +0200491/* Find the first or next occurrence of header <name> in message buffer <sol>
492 * using headers index <idx>, and return it in the <ctx> structure. This
493 * structure holds everything necessary to use the header and find next
494 * occurrence. If its <idx> member is 0, the header is searched from the
495 * beginning. Otherwise, the next occurrence is returned. The function returns
496 * 1 when it finds a value, and 0 when there is no more. It is very similar to
497 * http_find_header2() except that it is designed to work with full-line headers
498 * whose comma is not a delimiter but is part of the syntax. As a special case,
499 * if ctx->val is NULL when searching for a new values of a header, the current
500 * header is rescanned. This allows rescanning after a header deletion.
501 */
502int http_find_full_header2(const char *name, int len,
503 char *sol, struct hdr_idx *idx,
504 struct hdr_ctx *ctx)
505{
506 char *eol, *sov;
507 int cur_idx, old_idx;
508
509 cur_idx = ctx->idx;
510 if (cur_idx) {
511 /* We have previously returned a header, let's search another one */
512 sol = ctx->line;
513 eol = sol + idx->v[cur_idx].len;
514 goto next_hdr;
515 }
516
517 /* first request for this header */
518 sol += hdr_idx_first_pos(idx);
519 old_idx = 0;
520 cur_idx = hdr_idx_first_idx(idx);
521 while (cur_idx) {
522 eol = sol + idx->v[cur_idx].len;
523
524 if (len == 0) {
525 /* No argument was passed, we want any header.
526 * To achieve this, we simply build a fake request. */
527 while (sol + len < eol && sol[len] != ':')
528 len++;
529 name = sol;
530 }
531
532 if ((len < eol - sol) &&
533 (sol[len] == ':') &&
534 (strncasecmp(sol, name, len) == 0)) {
535 ctx->del = len;
536 sov = sol + len + 1;
537 while (sov < eol && http_is_lws[(unsigned char)*sov])
538 sov++;
539
540 ctx->line = sol;
541 ctx->prev = old_idx;
542 ctx->idx = cur_idx;
543 ctx->val = sov - sol;
544 ctx->tws = 0;
545 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
546 eol--;
547 ctx->tws++;
548 }
549 ctx->vlen = eol - sov;
550 return 1;
551 }
552 next_hdr:
553 sol = eol + idx->v[cur_idx].cr + 1;
554 old_idx = cur_idx;
555 cur_idx = idx->v[cur_idx].next;
556 }
557 return 0;
558}
559
Willy Tarreau68085d82010-01-18 14:54:04 +0100560/* Find the end of the header value contained between <s> and <e>. See RFC2616,
561 * par 2.2 for more information. Note that it requires a valid header to return
562 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200563 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100564char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200565{
566 int quoted, qdpair;
567
568 quoted = qdpair = 0;
569 for (; s < e; s++) {
570 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200571 else if (quoted) {
572 if (*s == '\\') qdpair = 1;
573 else if (*s == '"') quoted = 0;
574 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200575 else if (*s == '"') quoted = 1;
576 else if (*s == ',') return s;
577 }
578 return s;
579}
580
581/* Find the first or next occurrence of header <name> in message buffer <sol>
582 * using headers index <idx>, and return it in the <ctx> structure. This
583 * structure holds everything necessary to use the header and find next
584 * occurrence. If its <idx> member is 0, the header is searched from the
585 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100586 * 1 when it finds a value, and 0 when there is no more. It is designed to work
587 * with headers defined as comma-separated lists. As a special case, if ctx->val
588 * is NULL when searching for a new values of a header, the current header is
589 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200590 */
591int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100592 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200593 struct hdr_ctx *ctx)
594{
Willy Tarreau68085d82010-01-18 14:54:04 +0100595 char *eol, *sov;
596 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200597
Willy Tarreau68085d82010-01-18 14:54:04 +0100598 cur_idx = ctx->idx;
599 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200600 /* We have previously returned a value, let's search
601 * another one on the same line.
602 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200603 sol = ctx->line;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200604 ctx->del = ctx->val + ctx->vlen + ctx->tws;
Willy Tarreau68085d82010-01-18 14:54:04 +0100605 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200606 eol = sol + idx->v[cur_idx].len;
607
608 if (sov >= eol)
609 /* no more values in this header */
610 goto next_hdr;
611
Willy Tarreau68085d82010-01-18 14:54:04 +0100612 /* values remaining for this header, skip the comma but save it
613 * for later use (eg: for header deletion).
614 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200615 sov++;
616 while (sov < eol && http_is_lws[(unsigned char)*sov])
617 sov++;
618
619 goto return_hdr;
620 }
621
622 /* first request for this header */
623 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100624 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200625 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200626 while (cur_idx) {
627 eol = sol + idx->v[cur_idx].len;
628
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200629 if (len == 0) {
630 /* No argument was passed, we want any header.
631 * To achieve this, we simply build a fake request. */
632 while (sol + len < eol && sol[len] != ':')
633 len++;
634 name = sol;
635 }
636
Willy Tarreau33a7e692007-06-10 19:45:56 +0200637 if ((len < eol - sol) &&
638 (sol[len] == ':') &&
639 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100640 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200641 sov = sol + len + 1;
642 while (sov < eol && http_is_lws[(unsigned char)*sov])
643 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100644
Willy Tarreau33a7e692007-06-10 19:45:56 +0200645 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100646 ctx->prev = old_idx;
647 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200648 ctx->idx = cur_idx;
649 ctx->val = sov - sol;
650
651 eol = find_hdr_value_end(sov, eol);
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200652 ctx->tws = 0;
Willy Tarreau275600b2011-09-16 08:11:26 +0200653 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200654 eol--;
655 ctx->tws++;
656 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200657 ctx->vlen = eol - sov;
658 return 1;
659 }
660 next_hdr:
661 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100662 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200663 cur_idx = idx->v[cur_idx].next;
664 }
665 return 0;
666}
667
668int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100669 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200670 struct hdr_ctx *ctx)
671{
672 return http_find_header2(name, strlen(name), sol, idx, ctx);
673}
674
Willy Tarreau68085d82010-01-18 14:54:04 +0100675/* Remove one value of a header. This only works on a <ctx> returned by one of
676 * the http_find_header functions. The value is removed, as well as surrounding
677 * commas if any. If the removed value was alone, the whole header is removed.
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100678 * The ctx is always updated accordingly, as well as the buffer and HTTP
Willy Tarreau68085d82010-01-18 14:54:04 +0100679 * message <msg>. The new index is returned. If it is zero, it means there is
680 * no more header, so any processing may stop. The ctx is always left in a form
681 * that can be handled by http_find_header2() to find next occurrence.
682 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100683int http_remove_header2(struct http_msg *msg, struct hdr_idx *idx, struct hdr_ctx *ctx)
Willy Tarreau68085d82010-01-18 14:54:04 +0100684{
685 int cur_idx = ctx->idx;
686 char *sol = ctx->line;
687 struct hdr_idx_elem *hdr;
688 int delta, skip_comma;
689
690 if (!cur_idx)
691 return 0;
692
693 hdr = &idx->v[cur_idx];
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200694 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen + ctx->tws == hdr->len) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100695 /* This was the only value of the header, we must now remove it entirely. */
Willy Tarreau9b28e032012-10-12 23:49:43 +0200696 delta = buffer_replace2(msg->chn->buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
Willy Tarreau68085d82010-01-18 14:54:04 +0100697 http_msg_move_end(msg, delta);
698 idx->used--;
699 hdr->len = 0; /* unused entry */
700 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100701 if (idx->tail == ctx->idx)
702 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100703 ctx->idx = ctx->prev; /* walk back to the end of previous header */
704 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
705 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200706 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100707 return ctx->idx;
708 }
709
710 /* This was not the only value of this header. We have to remove between
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200711 * ctx->del+1 and ctx->val+ctx->vlen+ctx->tws+1 included. If it is the
712 * last entry of the list, we remove the last separator.
Willy Tarreau68085d82010-01-18 14:54:04 +0100713 */
714
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200715 skip_comma = (ctx->val + ctx->vlen + ctx->tws == hdr->len) ? 0 : 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200716 delta = buffer_replace2(msg->chn->buf, sol + ctx->del + skip_comma,
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200717 sol + ctx->val + ctx->vlen + ctx->tws + skip_comma,
Willy Tarreau68085d82010-01-18 14:54:04 +0100718 NULL, 0);
719 hdr->len += delta;
720 http_msg_move_end(msg, delta);
721 ctx->val = ctx->del;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200722 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100723 return ctx->idx;
724}
725
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100726/* This function handles a server error at the stream interface level. The
727 * stream interface is assumed to be already in a closed state. An optional
728 * message is copied into the input buffer, and an HTTP status code stored.
729 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100730 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200731 */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100732static void http_server_error(struct session *t, struct stream_interface *si,
733 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200734{
Willy Tarreau8263d2b2012-08-28 00:06:31 +0200735 channel_auto_read(si->ob);
736 channel_abort(si->ob);
737 channel_auto_close(si->ob);
738 channel_erase(si->ob);
739 channel_auto_close(si->ib);
740 channel_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100741 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100742 t->txn.status = status;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +0200743 bo_inject(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200744 }
745 if (!(t->flags & SN_ERR_MASK))
746 t->flags |= err;
747 if (!(t->flags & SN_FINST_MASK))
748 t->flags |= finst;
749}
750
Willy Tarreau80587432006-12-24 17:47:20 +0100751/* This function returns the appropriate error location for the given session
752 * and message.
753 */
754
Willy Tarreau783f2582012-09-04 12:19:04 +0200755struct chunk *http_error_message(struct session *s, int msgnum)
Willy Tarreau80587432006-12-24 17:47:20 +0100756{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200757 if (s->be->errmsg[msgnum].str)
758 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100759 else if (s->fe->errmsg[msgnum].str)
760 return &s->fe->errmsg[msgnum];
761 else
762 return &http_err_chunks[msgnum];
763}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200764
Willy Tarreau53b6c742006-12-17 13:37:46 +0100765/*
766 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
767 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
768 */
769static http_meth_t find_http_meth(const char *str, const int len)
770{
771 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100772 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100773
774 m = ((unsigned)*str - 'A');
775
776 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100777 for (h = http_methods[m]; h->len > 0; h++) {
778 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100779 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100780 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100781 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100782 };
783 return HTTP_METH_OTHER;
784 }
785 return HTTP_METH_NONE;
786
787}
788
Willy Tarreau21d2af32008-02-14 20:25:24 +0100789/* Parse the URI from the given transaction (which is assumed to be in request
790 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
791 * It is returned otherwise.
792 */
793static char *
794http_get_path(struct http_txn *txn)
795{
796 char *ptr, *end;
797
Willy Tarreau9b28e032012-10-12 23:49:43 +0200798 ptr = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100799 end = ptr + txn->req.sl.rq.u_l;
800
801 if (ptr >= end)
802 return NULL;
803
804 /* RFC2616, par. 5.1.2 :
805 * Request-URI = "*" | absuri | abspath | authority
806 */
807
808 if (*ptr == '*')
809 return NULL;
810
811 if (isalpha((unsigned char)*ptr)) {
812 /* this is a scheme as described by RFC3986, par. 3.1 */
813 ptr++;
814 while (ptr < end &&
815 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
816 ptr++;
817 /* skip '://' */
818 if (ptr == end || *ptr++ != ':')
819 return NULL;
820 if (ptr == end || *ptr++ != '/')
821 return NULL;
822 if (ptr == end || *ptr++ != '/')
823 return NULL;
824 }
825 /* skip [user[:passwd]@]host[:[port]] */
826
827 while (ptr < end && *ptr != '/')
828 ptr++;
829
830 if (ptr == end)
831 return NULL;
832
833 /* OK, we got the '/' ! */
834 return ptr;
835}
836
Willy Tarreau71241ab2012-12-27 11:30:54 +0100837/* Returns a 302 for a redirectable request that reaches a server working in
838 * in redirect mode. This may only be called just after the stream interface
839 * has moved to SI_ST_ASS. Unprocessable requests are left unchanged and will
840 * follow normal proxy processing. NOTE: this function is designed to support
841 * being called once data are scheduled for forwarding.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100842 */
Willy Tarreau71241ab2012-12-27 11:30:54 +0100843void http_perform_server_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100844{
845 struct http_txn *txn;
Willy Tarreau827aee92011-03-10 16:55:02 +0100846 struct server *srv;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100847 char *path;
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200848 int len, rewind;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100849
850 /* 1: create the response header */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100851 trash.len = strlen(HTTP_302);
852 memcpy(trash.str, HTTP_302, trash.len);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100853
Willy Tarreau3fdb3662012-11-12 00:42:33 +0100854 srv = objt_server(s->target);
Willy Tarreau827aee92011-03-10 16:55:02 +0100855
Willy Tarreauefb453c2008-10-26 20:49:47 +0100856 /* 2: add the server's prefix */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100857 if (trash.len + srv->rdr_len > trash.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100858 return;
859
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100860 /* special prefix "/" means don't change URL */
Willy Tarreau827aee92011-03-10 16:55:02 +0100861 if (srv->rdr_len != 1 || *srv->rdr_pfx != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100862 memcpy(trash.str + trash.len, srv->rdr_pfx, srv->rdr_len);
863 trash.len += srv->rdr_len;
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100864 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100865
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200866 /* 3: add the request URI. Since it was already forwarded, we need
867 * to temporarily rewind the buffer.
868 */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100869 txn = &s->txn;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200870 b_rew(s->req->buf, rewind = s->req->buf->o);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200871
Willy Tarreauefb453c2008-10-26 20:49:47 +0100872 path = http_get_path(txn);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200873 len = buffer_count(s->req->buf, path, b_ptr(s->req->buf, txn->req.sl.rq.u + txn->req.sl.rq.u_l));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200874
Willy Tarreau9b28e032012-10-12 23:49:43 +0200875 b_adv(s->req->buf, rewind);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200876
Willy Tarreauefb453c2008-10-26 20:49:47 +0100877 if (!path)
878 return;
879
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100880 if (trash.len + len > trash.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100881 return;
882
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100883 memcpy(trash.str + trash.len, path, len);
884 trash.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100885
886 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100887 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
888 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100889 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100890 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
891 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100892 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100893
894 /* prepare to return without error. */
Willy Tarreau73b013b2012-05-21 16:31:45 +0200895 si_shutr(si);
896 si_shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100897 si->err_type = SI_ET_NONE;
898 si->err_loc = NULL;
899 si->state = SI_ST_CLO;
900
901 /* send the message */
Willy Tarreau570f2212013-06-10 16:42:09 +0200902 http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100903
904 /* FIXME: we should increase a counter of redirects per server and per backend. */
Willy Tarreau4521ba62013-01-24 01:25:25 +0100905 srv_inc_sess_ctr(srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100906}
907
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100908/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100909 * that the server side is closed. Note that err_type is actually a
910 * bitmask, where almost only aborts may be cumulated with other
911 * values. We consider that aborted operations are more important
912 * than timeouts or errors due to the fact that nobody else in the
913 * logs might explain incomplete retries. All others should avoid
914 * being cumulated. It should normally not be possible to have multiple
915 * aborts at once, but just in case, the first one in sequence is reported.
916 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100917void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100918{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100919 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100920
921 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100922 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200923 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100924 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100925 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200926 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100927 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100928 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200929 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100930 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100931 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200932 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100933 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100934 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200935 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100936 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100937 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200938 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100939 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100940 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200941 500, http_error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100942}
943
Willy Tarreau42250582007-04-01 01:30:43 +0200944extern const char sess_term_cond[8];
945extern const char sess_fin_state[8];
946extern const char *monthname[12];
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200947struct pool_head *pool2_requri;
Willy Tarreau193b8c62012-11-22 00:17:38 +0100948struct pool_head *pool2_capture = NULL;
William Lallemanda73203e2012-03-12 12:48:57 +0100949struct pool_head *pool2_uniqueid;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100950
Willy Tarreau117f59e2007-03-04 18:17:17 +0100951/*
952 * Capture headers from message starting at <som> according to header list
953 * <cap_hdr>, and fill the <idx> structure appropriately.
954 */
955void capture_headers(char *som, struct hdr_idx *idx,
956 char **cap, struct cap_hdr *cap_hdr)
957{
958 char *eol, *sol, *col, *sov;
959 int cur_idx;
960 struct cap_hdr *h;
961 int len;
962
963 sol = som + hdr_idx_first_pos(idx);
964 cur_idx = hdr_idx_first_idx(idx);
965
966 while (cur_idx) {
967 eol = sol + idx->v[cur_idx].len;
968
969 col = sol;
970 while (col < eol && *col != ':')
971 col++;
972
973 sov = col + 1;
974 while (sov < eol && http_is_lws[(unsigned char)*sov])
975 sov++;
976
977 for (h = cap_hdr; h; h = h->next) {
978 if ((h->namelen == col - sol) &&
979 (strncasecmp(sol, h->name, h->namelen) == 0)) {
980 if (cap[h->index] == NULL)
981 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +0200982 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +0100983
984 if (cap[h->index] == NULL) {
985 Alert("HTTP capture : out of memory.\n");
986 continue;
987 }
988
989 len = eol - sov;
990 if (len > h->len)
991 len = h->len;
992
993 memcpy(cap[h->index], sov, len);
994 cap[h->index][len]=0;
995 }
996 }
997 sol = eol + idx->v[cur_idx].cr + 1;
998 cur_idx = idx->v[cur_idx].next;
999 }
1000}
1001
1002
Willy Tarreau42250582007-04-01 01:30:43 +02001003/* either we find an LF at <ptr> or we jump to <bad>.
1004 */
1005#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1006
1007/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1008 * otherwise to <http_msg_ood> with <state> set to <st>.
1009 */
1010#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1011 ptr++; \
1012 if (likely(ptr < end)) \
1013 goto good; \
1014 else { \
1015 state = (st); \
1016 goto http_msg_ood; \
1017 } \
1018 } while (0)
1019
1020
Willy Tarreaubaaee002006-06-26 02:48:02 +02001021/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001022 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001023 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1024 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1025 * will give undefined results.
1026 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1027 * and that msg->sol points to the beginning of the response.
1028 * If a complete line is found (which implies that at least one CR or LF is
1029 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1030 * returned indicating an incomplete line (which does not mean that parts have
1031 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1032 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1033 * upon next call.
1034 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001035 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001036 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1037 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001038 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001039 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001040const char *http_parse_stsline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +01001041 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +01001042 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001043{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001044 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001045
Willy Tarreau8973c702007-01-21 23:58:29 +01001046 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001047 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001048 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001049 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001050 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1051
1052 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001053 msg->sl.st.v_l = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001054 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1055 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001056 state = HTTP_MSG_ERROR;
1057 break;
1058
Willy Tarreau8973c702007-01-21 23:58:29 +01001059 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001060 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001061 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001062 msg->sl.st.c = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001063 goto http_msg_rpcode;
1064 }
1065 if (likely(HTTP_IS_SPHT(*ptr)))
1066 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1067 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001068 state = HTTP_MSG_ERROR;
1069 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001070
Willy Tarreau8973c702007-01-21 23:58:29 +01001071 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001072 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +01001073 if (likely(!HTTP_IS_LWS(*ptr)))
1074 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1075
1076 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001077 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001078 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1079 }
1080
1081 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001082 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001083 http_msg_rsp_reason:
1084 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001085 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001086 msg->sl.st.r_l = 0;
1087 goto http_msg_rpline_eol;
1088
Willy Tarreau8973c702007-01-21 23:58:29 +01001089 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001090 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001091 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001092 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001093 goto http_msg_rpreason;
1094 }
1095 if (likely(HTTP_IS_SPHT(*ptr)))
1096 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1097 /* so it's a CR/LF, so there is no reason phrase */
1098 goto http_msg_rsp_reason;
1099
Willy Tarreau8973c702007-01-21 23:58:29 +01001100 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001101 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001102 if (likely(!HTTP_IS_CRLF(*ptr)))
1103 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreauea1175a2012-03-05 15:52:30 +01001104 msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001105 http_msg_rpline_eol:
1106 /* We have seen the end of line. Note that we do not
1107 * necessarily have the \n yet, but at least we know that we
1108 * have EITHER \r OR \n, otherwise the response would not be
1109 * complete. We can then record the response length and return
1110 * to the caller which will be able to register it.
1111 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001112 msg->sl.st.l = ptr - msg_start - msg->sol;
Willy Tarreau8973c702007-01-21 23:58:29 +01001113 return ptr;
1114
1115#ifdef DEBUG_FULL
1116 default:
1117 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1118 exit(1);
1119#endif
1120 }
1121
1122 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001123 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001124 if (ret_state)
1125 *ret_state = state;
1126 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001127 *ret_ptr = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001128 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001129}
1130
Willy Tarreau8973c702007-01-21 23:58:29 +01001131/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001132 * This function parses a request line between <ptr> and <end>, starting with
1133 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1134 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1135 * will give undefined results.
1136 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1137 * and that msg->sol points to the beginning of the request.
1138 * If a complete line is found (which implies that at least one CR or LF is
1139 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1140 * returned indicating an incomplete line (which does not mean that parts have
1141 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1142 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1143 * upon next call.
1144 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001145 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001146 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1147 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001148 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001149 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001150const char *http_parse_reqline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +01001151 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +01001152 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001153{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001154 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001155
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001156 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001157 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001158 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001159 if (likely(HTTP_IS_TOKEN(*ptr)))
1160 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001161
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001162 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001163 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001164 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1165 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001166
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001167 if (likely(HTTP_IS_CRLF(*ptr))) {
1168 /* HTTP 0.9 request */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001169 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001170 http_msg_req09_uri:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001171 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001172 http_msg_req09_uri_e:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001173 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001174 http_msg_req09_ver:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001175 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001176 msg->sl.rq.v_l = 0;
1177 goto http_msg_rqline_eol;
1178 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001179 state = HTTP_MSG_ERROR;
1180 break;
1181
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001182 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001183 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001184 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001185 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001186 goto http_msg_rquri;
1187 }
1188 if (likely(HTTP_IS_SPHT(*ptr)))
1189 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1190 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1191 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001192
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001193 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001194 http_msg_rquri:
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001195 if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001196 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001197
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001198 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001199 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001200 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1201 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001202
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001203 if (likely((unsigned char)*ptr >= 128)) {
Willy Tarreau422246e2012-01-07 23:54:13 +01001204 /* non-ASCII chars are forbidden unless option
1205 * accept-invalid-http-request is enabled in the frontend.
1206 * In any case, we capture the faulty char.
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001207 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001208 if (msg->err_pos < -1)
1209 goto invalid_char;
1210 if (msg->err_pos == -1)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001211 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001212 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
1213 }
1214
1215 if (likely(HTTP_IS_CRLF(*ptr))) {
1216 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1217 goto http_msg_req09_uri_e;
1218 }
1219
1220 /* OK forbidden chars, 0..31 or 127 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001221 invalid_char:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001222 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001223 state = HTTP_MSG_ERROR;
1224 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001225
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001226 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001227 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001228 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001229 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001230 goto http_msg_rqver;
1231 }
1232 if (likely(HTTP_IS_SPHT(*ptr)))
1233 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1234 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1235 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001236
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001237 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001238 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001239 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001240 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001241
1242 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001243 msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001244 http_msg_rqline_eol:
1245 /* We have seen the end of line. Note that we do not
1246 * necessarily have the \n yet, but at least we know that we
1247 * have EITHER \r OR \n, otherwise the request would not be
1248 * complete. We can then record the request length and return
1249 * to the caller which will be able to register it.
1250 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001251 msg->sl.rq.l = ptr - msg_start - msg->sol;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001252 return ptr;
1253 }
1254
1255 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001256 state = HTTP_MSG_ERROR;
1257 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001258
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001259#ifdef DEBUG_FULL
1260 default:
1261 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1262 exit(1);
1263#endif
1264 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001265
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001266 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001267 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001268 if (ret_state)
1269 *ret_state = state;
1270 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001271 *ret_ptr = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001272 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001273}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001274
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001275/*
1276 * Returns the data from Authorization header. Function may be called more
1277 * than once so data is stored in txn->auth_data. When no header is found
1278 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
1279 * searching again for something we are unable to find anyway.
1280 */
1281
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001282char *get_http_auth_buff;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001283
1284int
1285get_http_auth(struct session *s)
1286{
1287
1288 struct http_txn *txn = &s->txn;
1289 struct chunk auth_method;
1290 struct hdr_ctx ctx;
1291 char *h, *p;
1292 int len;
1293
1294#ifdef DEBUG_AUTH
1295 printf("Auth for session %p: %d\n", s, txn->auth.method);
1296#endif
1297
1298 if (txn->auth.method == HTTP_AUTH_WRONG)
1299 return 0;
1300
1301 if (txn->auth.method)
1302 return 1;
1303
1304 txn->auth.method = HTTP_AUTH_WRONG;
1305
1306 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001307
1308 if (txn->flags & TX_USE_PX_CONN) {
1309 h = "Proxy-Authorization";
1310 len = strlen(h);
1311 } else {
1312 h = "Authorization";
1313 len = strlen(h);
1314 }
1315
Willy Tarreau9b28e032012-10-12 23:49:43 +02001316 if (!http_find_header2(h, len, s->req->buf->p, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001317 return 0;
1318
1319 h = ctx.line + ctx.val;
1320
1321 p = memchr(h, ' ', ctx.vlen);
1322 if (!p || p == h)
1323 return 0;
1324
1325 chunk_initlen(&auth_method, h, 0, p-h);
1326 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1327
1328 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1329
1330 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001331 get_http_auth_buff, global.tune.bufsize - 1);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001332
1333 if (len < 0)
1334 return 0;
1335
1336
1337 get_http_auth_buff[len] = '\0';
1338
1339 p = strchr(get_http_auth_buff, ':');
1340
1341 if (!p)
1342 return 0;
1343
1344 txn->auth.user = get_http_auth_buff;
1345 *p = '\0';
1346 txn->auth.pass = p+1;
1347
1348 txn->auth.method = HTTP_AUTH_BASIC;
1349 return 1;
1350 }
1351
1352 return 0;
1353}
1354
Willy Tarreau58f10d72006-12-04 02:26:12 +01001355
Willy Tarreau8973c702007-01-21 23:58:29 +01001356/*
1357 * This function parses an HTTP message, either a request or a response,
Willy Tarreau8b1323e2012-03-09 14:46:19 +01001358 * depending on the initial msg->msg_state. The caller is responsible for
1359 * ensuring that the message does not wrap. The function can be preempted
1360 * everywhere when data are missing and recalled at the exact same location
1361 * with no information loss. The message may even be realigned between two
1362 * calls. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001363 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau26927362012-05-18 23:22:52 +02001364 * fields. Note that msg->sol will be initialized after completing the first
1365 * state, so that none of the msg pointers has to be initialized prior to the
1366 * first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001367 */
Willy Tarreaua560c212012-03-09 13:50:57 +01001368void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001369{
Willy Tarreaue69eada2008-01-27 00:34:10 +01001370 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001371 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001372 struct buffer *buf;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001373
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001374 state = msg->msg_state;
Willy Tarreau9b28e032012-10-12 23:49:43 +02001375 buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001376 ptr = buf->p + msg->next;
1377 end = buf->p + buf->i;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001378
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001379 if (unlikely(ptr >= end))
1380 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001381
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001382 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001383 /*
1384 * First, states that are specific to the response only.
1385 * We check them first so that request and headers are
1386 * closer to each other (accessed more often).
1387 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001388 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001389 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001390 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001391 /* we have a start of message, but we have to check
1392 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001393 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001394 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001395 if (unlikely(ptr != buf->p)) {
1396 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001397 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001398 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001399 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8973c702007-01-21 23:58:29 +01001400 }
Willy Tarreau26927362012-05-18 23:22:52 +02001401 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001402 msg->sl.st.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001403 hdr_idx_init(idx);
1404 state = HTTP_MSG_RPVER;
1405 goto http_msg_rpver;
1406 }
1407
1408 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1409 goto http_msg_invalid;
1410
1411 if (unlikely(*ptr == '\n'))
1412 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1413 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1414 /* stop here */
1415
Willy Tarreau8973c702007-01-21 23:58:29 +01001416 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001417 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001418 EXPECT_LF_HERE(ptr, http_msg_invalid);
1419 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1420 /* stop here */
1421
Willy Tarreau8973c702007-01-21 23:58:29 +01001422 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001423 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001424 case HTTP_MSG_RPVER_SP:
1425 case HTTP_MSG_RPCODE:
1426 case HTTP_MSG_RPCODE_SP:
1427 case HTTP_MSG_RPREASON:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001428 ptr = (char *)http_parse_stsline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001429 state, ptr, end,
1430 &msg->next, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001431 if (unlikely(!ptr))
1432 return;
1433
1434 /* we have a full response and we know that we have either a CR
1435 * or an LF at <ptr>.
1436 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001437 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1438
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001439 msg->sol = ptr - buf->p;
Willy Tarreau8973c702007-01-21 23:58:29 +01001440 if (likely(*ptr == '\r'))
1441 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1442 goto http_msg_rpline_end;
1443
Willy Tarreau8973c702007-01-21 23:58:29 +01001444 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001445 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001446 /* msg->sol must point to the first of CR or LF. */
1447 EXPECT_LF_HERE(ptr, http_msg_invalid);
1448 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1449 /* stop here */
1450
1451 /*
1452 * Second, states that are specific to the request only
1453 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001454 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001455 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001456 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001457 /* we have a start of message, but we have to check
1458 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001459 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001460 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001461 if (likely(ptr != buf->p)) {
1462 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001463 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001464 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001465 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001466 }
Willy Tarreau26927362012-05-18 23:22:52 +02001467 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001468 msg->sl.rq.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001469 state = HTTP_MSG_RQMETH;
1470 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001471 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001472
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001473 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1474 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001475
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001476 if (unlikely(*ptr == '\n'))
1477 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1478 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001479 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001480
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001481 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001482 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001483 EXPECT_LF_HERE(ptr, http_msg_invalid);
1484 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001485 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001486
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001487 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001488 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001489 case HTTP_MSG_RQMETH_SP:
1490 case HTTP_MSG_RQURI:
1491 case HTTP_MSG_RQURI_SP:
1492 case HTTP_MSG_RQVER:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001493 ptr = (char *)http_parse_reqline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001494 state, ptr, end,
1495 &msg->next, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001496 if (unlikely(!ptr))
1497 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001498
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001499 /* we have a full request and we know that we have either a CR
1500 * or an LF at <ptr>.
1501 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001502 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001503
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001504 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001505 if (likely(*ptr == '\r'))
1506 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001507 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001508
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001509 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001510 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001511 /* check for HTTP/0.9 request : no version information available.
1512 * msg->sol must point to the first of CR or LF.
1513 */
1514 if (unlikely(msg->sl.rq.v_l == 0))
1515 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001516
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001517 EXPECT_LF_HERE(ptr, http_msg_invalid);
1518 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001519 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001520
Willy Tarreau8973c702007-01-21 23:58:29 +01001521 /*
1522 * Common states below
1523 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001524 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001525 http_msg_hdr_first:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001526 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001527 if (likely(!HTTP_IS_CRLF(*ptr))) {
1528 goto http_msg_hdr_name;
1529 }
1530
1531 if (likely(*ptr == '\r'))
1532 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1533 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001534
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001535 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001536 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001537 /* assumes msg->sol points to the first char */
1538 if (likely(HTTP_IS_TOKEN(*ptr)))
1539 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001540
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001541 if (likely(*ptr == ':'))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001542 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001543
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001544 if (likely(msg->err_pos < -1) || *ptr == '\n')
1545 goto http_msg_invalid;
1546
1547 if (msg->err_pos == -1) /* capture error pointer */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001548 msg->err_pos = ptr - buf->p; /* >= 0 now */
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001549
1550 /* and we still accept this non-token character */
1551 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001552
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001553 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001554 http_msg_hdr_l1_sp:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001555 /* assumes msg->sol points to the first char */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001556 if (likely(HTTP_IS_SPHT(*ptr)))
1557 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001558
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001559 /* header value can be basically anything except CR/LF */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001560 msg->sov = ptr - buf->p;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001561
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001562 if (likely(!HTTP_IS_CRLF(*ptr))) {
1563 goto http_msg_hdr_val;
1564 }
1565
1566 if (likely(*ptr == '\r'))
1567 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1568 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001569
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001570 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001571 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001572 EXPECT_LF_HERE(ptr, http_msg_invalid);
1573 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001574
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001575 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001576 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001577 if (likely(HTTP_IS_SPHT(*ptr))) {
1578 /* replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001579 for (; buf->p + msg->sov < ptr; msg->sov++)
1580 buf->p[msg->sov] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001581 goto http_msg_hdr_l1_sp;
1582 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001583 /* we had a header consisting only in spaces ! */
Willy Tarreau12e48b32012-03-05 16:57:34 +01001584 msg->eol = msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001585 goto http_msg_complete_header;
1586
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001587 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001588 http_msg_hdr_val:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001589 /* assumes msg->sol points to the first char, and msg->sov
1590 * points to the first character of the value.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001591 */
1592 if (likely(!HTTP_IS_CRLF(*ptr)))
1593 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001594
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001595 msg->eol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001596 /* Note: we could also copy eol into ->eoh so that we have the
1597 * real header end in case it ends with lots of LWS, but is this
1598 * really needed ?
1599 */
1600 if (likely(*ptr == '\r'))
1601 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1602 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001603
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001604 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001605 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001606 EXPECT_LF_HERE(ptr, http_msg_invalid);
1607 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001608
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001609 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001610 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001611 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1612 /* LWS: replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001613 for (; buf->p + msg->eol < ptr; msg->eol++)
1614 buf->p[msg->eol] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001615 goto http_msg_hdr_val;
1616 }
1617 http_msg_complete_header:
1618 /*
1619 * It was a new header, so the last one is finished.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001620 * Assumes msg->sol points to the first char, msg->sov points
1621 * to the first character of the value and msg->eol to the
1622 * first CR or LF so we know how the line ends. We insert last
1623 * header into the index.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001624 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001625 if (unlikely(hdr_idx_add(msg->eol - msg->sol, buf->p[msg->eol] == '\r',
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001626 idx, idx->tail) < 0))
1627 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001628
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001629 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001630 if (likely(!HTTP_IS_CRLF(*ptr))) {
1631 goto http_msg_hdr_name;
1632 }
1633
1634 if (likely(*ptr == '\r'))
1635 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1636 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001637
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001638 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001639 http_msg_last_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 /* Assumes msg->sol points to the first of either CR or LF */
1641 EXPECT_LF_HERE(ptr, http_msg_invalid);
1642 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001643 msg->sov = msg->next = ptr - buf->p;
Willy Tarreau3a215be2012-03-09 21:39:51 +01001644 msg->eoh = msg->sol;
1645 msg->sol = 0;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001646 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001647 return;
Willy Tarreaub56928a2012-04-16 14:51:55 +02001648
1649 case HTTP_MSG_ERROR:
1650 /* this may only happen if we call http_msg_analyser() twice with an error */
1651 break;
1652
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001653#ifdef DEBUG_FULL
1654 default:
1655 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1656 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001657#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001658 }
1659 http_msg_ood:
1660 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001661 msg->msg_state = state;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001662 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001663 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001664
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001665 http_msg_invalid:
1666 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001667 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001668 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001669 return;
1670}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001671
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001672/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1673 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1674 * nothing is done and 1 is returned.
1675 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001676static int http_upgrade_v09_to_v10(struct http_txn *txn)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001677{
1678 int delta;
1679 char *cur_end;
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001680 struct http_msg *msg = &txn->req;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001681
1682 if (msg->sl.rq.v_l != 0)
1683 return 1;
1684
Willy Tarreau9b28e032012-10-12 23:49:43 +02001685 cur_end = msg->chn->buf->p + msg->sl.rq.l;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001686 delta = 0;
1687
1688 if (msg->sl.rq.u_l == 0) {
1689 /* if no URI was set, add "/" */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001690 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " /", 2);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001691 cur_end += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001692 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001693 }
1694 /* add HTTP version */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001695 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001696 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001697 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001698 cur_end = (char *)http_parse_reqline(msg,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001699 HTTP_MSG_RQMETH,
Willy Tarreau9b28e032012-10-12 23:49:43 +02001700 msg->chn->buf->p, cur_end + 1,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001701 NULL, NULL);
1702 if (unlikely(!cur_end))
1703 return 0;
1704
1705 /* we have a full HTTP/1.0 request now and we know that
1706 * we have either a CR or an LF at <ptr>.
1707 */
1708 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1709 return 1;
1710}
1711
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001712/* Parse the Connection: header of an HTTP request, looking for both "close"
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001713 * and "keep-alive" values. If we already know that some headers may safely
1714 * be removed, we remove them now. The <to_del> flags are used for that :
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001715 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1716 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
Willy Tarreau50fc7772012-11-11 22:19:57 +01001717 * Presence of the "Upgrade" token is also checked and reported.
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001718 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1719 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1720 * harmless combinations may be removed. Do not call that after changes have
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001721 * been processed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001722 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001723void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001724{
Willy Tarreau5b154472009-12-21 20:11:07 +01001725 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001726 const char *hdr_val = "Connection";
1727 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001728
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001729 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001730 return;
1731
Willy Tarreau88d349d2010-01-25 12:15:43 +01001732 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1733 hdr_val = "Proxy-Connection";
1734 hdr_len = 16;
1735 }
1736
Willy Tarreau5b154472009-12-21 20:11:07 +01001737 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001738 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001739 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001740 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1741 txn->flags |= TX_HDR_CONN_KAL;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001742 if (to_del & 2)
1743 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001744 else
1745 txn->flags |= TX_CON_KAL_SET;
1746 }
1747 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1748 txn->flags |= TX_HDR_CONN_CLO;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001749 if (to_del & 1)
1750 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001751 else
1752 txn->flags |= TX_CON_CLO_SET;
1753 }
Willy Tarreau50fc7772012-11-11 22:19:57 +01001754 else if (ctx.vlen >= 7 && word_match(ctx.line + ctx.val, ctx.vlen, "upgrade", 7)) {
1755 txn->flags |= TX_HDR_CONN_UPG;
1756 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001757 }
1758
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001759 txn->flags |= TX_HDR_CONN_PRS;
1760 return;
1761}
Willy Tarreau5b154472009-12-21 20:11:07 +01001762
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001763/* Apply desired changes on the Connection: header. Values may be removed and/or
1764 * added depending on the <wanted> flags, which are exclusively composed of
1765 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
1766 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
1767 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001768void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, int wanted)
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001769{
1770 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001771 const char *hdr_val = "Connection";
1772 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001773
1774 ctx.idx = 0;
1775
Willy Tarreau88d349d2010-01-25 12:15:43 +01001776
1777 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1778 hdr_val = "Proxy-Connection";
1779 hdr_len = 16;
1780 }
1781
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001782 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001783 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001784 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1785 if (wanted & TX_CON_KAL_SET)
1786 txn->flags |= TX_CON_KAL_SET;
1787 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001788 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01001789 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001790 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1791 if (wanted & TX_CON_CLO_SET)
1792 txn->flags |= TX_CON_CLO_SET;
1793 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001794 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01001795 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001796 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001797
1798 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
1799 return;
1800
1801 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
1802 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001803 hdr_val = "Connection: close";
1804 hdr_len = 17;
1805 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1806 hdr_val = "Proxy-Connection: close";
1807 hdr_len = 23;
1808 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001809 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001810 }
1811
1812 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
1813 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001814 hdr_val = "Connection: keep-alive";
1815 hdr_len = 22;
1816 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1817 hdr_val = "Proxy-Connection: keep-alive";
1818 hdr_len = 28;
1819 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001820 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001821 }
1822 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01001823}
1824
Willy Tarreaua458b672012-03-05 11:17:50 +01001825/* Parse the chunk size at msg->next. Once done, it adjusts ->next to point to the
Willy Tarreaud98cf932009-12-27 22:54:55 +01001826 * first byte of body, and increments msg->sov by the number of bytes parsed,
Willy Tarreau26927362012-05-18 23:22:52 +02001827 * so that we know we can forward between ->sol and ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001828 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001829 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001830 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001831static inline int http_parse_chunk_size(struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001832{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001833 const struct buffer *buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001834 const char *ptr = b_ptr(buf, msg->next);
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001835 const char *ptr_old = ptr;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001836 const char *end = buf->data + buf->size;
1837 const char *stop = bi_end(buf);
Willy Tarreau115acb92009-12-26 13:56:06 +01001838 unsigned int chunk = 0;
1839
1840 /* The chunk size is in the following form, though we are only
1841 * interested in the size and CRLF :
1842 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1843 */
1844 while (1) {
1845 int c;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001846 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001847 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001848 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001849 if (c < 0) /* not a hex digit anymore */
1850 break;
Willy Tarreau0161d622013-04-02 01:26:55 +02001851 if (unlikely(++ptr >= end))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001852 ptr = buf->data;
Willy Tarreau431946e2012-02-24 19:20:12 +01001853 if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001854 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001855 chunk = (chunk << 4) + c;
1856 }
1857
Willy Tarreaud98cf932009-12-27 22:54:55 +01001858 /* empty size not allowed */
Willy Tarreau0161d622013-04-02 01:26:55 +02001859 if (unlikely(ptr == ptr_old))
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001860 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001861
1862 while (http_is_spht[(unsigned char)*ptr]) {
1863 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001864 ptr = buf->data;
Willy Tarreau0161d622013-04-02 01:26:55 +02001865 if (unlikely(ptr == stop))
Willy Tarreau115acb92009-12-26 13:56:06 +01001866 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001867 }
1868
Willy Tarreaud98cf932009-12-27 22:54:55 +01001869 /* Up to there, we know that at least one byte is present at *ptr. Check
1870 * for the end of chunk size.
1871 */
1872 while (1) {
1873 if (likely(HTTP_IS_CRLF(*ptr))) {
1874 /* we now have a CR or an LF at ptr */
1875 if (likely(*ptr == '\r')) {
1876 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001877 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001878 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001879 return 0;
1880 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001881
Willy Tarreaud98cf932009-12-27 22:54:55 +01001882 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001883 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001884 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001885 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001886 /* done */
1887 break;
1888 }
1889 else if (*ptr == ';') {
1890 /* chunk extension, ends at next CRLF */
1891 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001892 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001893 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001894 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001895
1896 while (!HTTP_IS_CRLF(*ptr)) {
1897 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001898 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001899 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001900 return 0;
1901 }
1902 /* we have a CRLF now, loop above */
1903 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001904 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001905 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001906 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001907 }
1908
Willy Tarreaud98cf932009-12-27 22:54:55 +01001909 /* OK we found our CRLF and now <ptr> points to the next byte,
Willy Tarreaua458b672012-03-05 11:17:50 +01001910 * which may or may not be present. We save that into ->next and
Willy Tarreaud98cf932009-12-27 22:54:55 +01001911 * ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001912 */
Willy Tarreau0161d622013-04-02 01:26:55 +02001913 if (unlikely(ptr < ptr_old))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001914 msg->sov += buf->size;
Willy Tarreaua458b672012-03-05 11:17:50 +01001915 msg->sov += ptr - ptr_old;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001916 msg->next = buffer_count(buf, buf->p, ptr);
Willy Tarreau124d9912011-03-01 20:30:48 +01001917 msg->chunk_len = chunk;
1918 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001919 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01001920 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001921 error:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001922 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001923 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01001924}
1925
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001926/* This function skips trailers in the buffer associated with HTTP
Willy Tarreaua458b672012-03-05 11:17:50 +01001927 * message <msg>. The first visited position is msg->next. If the end of
Willy Tarreaud98cf932009-12-27 22:54:55 +01001928 * the trailers is found, it is automatically scheduled to be forwarded,
1929 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
1930 * If not enough data are available, the function does not change anything
Willy Tarreaua458b672012-03-05 11:17:50 +01001931 * except maybe msg->next and msg->sov if it could parse some lines, and returns
Willy Tarreau638cd022010-01-03 07:42:04 +01001932 * zero. If a parse error is encountered, the function returns < 0 and does not
Willy Tarreaua458b672012-03-05 11:17:50 +01001933 * change anything except maybe msg->next and msg->sov. Note that the message
Willy Tarreau638cd022010-01-03 07:42:04 +01001934 * must already be in HTTP_MSG_TRAILERS state before calling this function,
1935 * which implies that all non-trailers data have already been scheduled for
Willy Tarreau26927362012-05-18 23:22:52 +02001936 * forwarding, and that the difference between msg->sol and msg->sov exactly
Willy Tarreau638cd022010-01-03 07:42:04 +01001937 * matches the length of trailers already parsed and not forwarded. It is also
1938 * important to note that this function is designed to be able to parse wrapped
1939 * headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001940 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001941static int http_forward_trailers(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001942{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001943 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001944
Willy Tarreaua458b672012-03-05 11:17:50 +01001945 /* we have msg->next which points to next line. Look for CRLF. */
Willy Tarreaud98cf932009-12-27 22:54:55 +01001946 while (1) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001947 const char *p1 = NULL, *p2 = NULL;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001948 const char *ptr = b_ptr(buf, msg->next);
1949 const char *stop = bi_end(buf);
Willy Tarreau638cd022010-01-03 07:42:04 +01001950 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001951
1952 /* scan current line and stop at LF or CRLF */
1953 while (1) {
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001954 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001955 return 0;
1956
1957 if (*ptr == '\n') {
1958 if (!p1)
1959 p1 = ptr;
1960 p2 = ptr;
1961 break;
1962 }
1963
1964 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001965 if (p1) {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001966 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001967 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001968 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001969 p1 = ptr;
1970 }
1971
1972 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001973 if (ptr >= buf->data + buf->size)
1974 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001975 }
1976
1977 /* after LF; point to beginning of next line */
1978 p2++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001979 if (p2 >= buf->data + buf->size)
1980 p2 = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001981
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001982 bytes = p2 - b_ptr(buf, msg->next);
Willy Tarreau638cd022010-01-03 07:42:04 +01001983 if (bytes < 0)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001984 bytes += buf->size;
Willy Tarreau638cd022010-01-03 07:42:04 +01001985
1986 /* schedule this line for forwarding */
1987 msg->sov += bytes;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001988 if (msg->sov >= buf->size)
1989 msg->sov -= buf->size;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001990
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001991 if (p1 == b_ptr(buf, msg->next)) {
Willy Tarreau638cd022010-01-03 07:42:04 +01001992 /* LF/CRLF at beginning of line => end of trailers at p2.
1993 * Everything was scheduled for forwarding, there's nothing
1994 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01001995 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001996 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001997 msg->msg_state = HTTP_MSG_DONE;
1998 return 1;
1999 }
2000 /* OK, next line then */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002001 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002002 }
2003}
2004
Willy Tarreau54d23df2012-10-25 19:04:45 +02002005/* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF or
Willy Tarreaud98cf932009-12-27 22:54:55 +01002006 * a possible LF alone at the end of a chunk. It automatically adjusts msg->sov,
Willy Tarreau26927362012-05-18 23:22:52 +02002007 * ->sol, ->next in order to include this part into the next forwarding phase.
Willy Tarreaua458b672012-03-05 11:17:50 +01002008 * Note that the caller must ensure that ->p points to the first byte to parse.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002009 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
2010 * not enough data are available, the function does not change anything and
2011 * returns zero. If a parse error is encountered, the function returns < 0 and
2012 * does not change anything. Note: this function is designed to parse wrapped
2013 * CRLF at the end of the buffer.
2014 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002015static inline int http_skip_chunk_crlf(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002016{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002017 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002018 const char *ptr;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002019 int bytes;
2020
2021 /* NB: we'll check data availabilty at the end. It's not a
2022 * problem because whatever we match first will be checked
2023 * against the correct length.
2024 */
2025 bytes = 1;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002026 ptr = buf->p;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002027 if (*ptr == '\r') {
2028 bytes++;
2029 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002030 if (ptr >= buf->data + buf->size)
2031 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002032 }
2033
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002034 if (bytes > buf->i)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002035 return 0;
2036
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002037 if (*ptr != '\n') {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002038 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002039 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002040 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002041
2042 ptr++;
Willy Tarreau0161d622013-04-02 01:26:55 +02002043 if (unlikely(ptr >= buf->data + buf->size))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002044 ptr = buf->data;
Willy Tarreau26927362012-05-18 23:22:52 +02002045 /* prepare the CRLF to be forwarded (between ->sol and ->sov) */
2046 msg->sol = 0;
Willy Tarreauea1175a2012-03-05 15:52:30 +01002047 msg->sov = msg->next = bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002048 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2049 return 1;
2050}
Willy Tarreau5b154472009-12-21 20:11:07 +01002051
William Lallemand82fe75c2012-10-23 10:25:10 +02002052
2053/*
2054 * Selects a compression algorithm depending on the client request.
Willy Tarreau05d84602012-10-26 02:11:25 +02002055 */
William Lallemand82fe75c2012-10-23 10:25:10 +02002056int select_compression_request_header(struct session *s, struct buffer *req)
2057{
2058 struct http_txn *txn = &s->txn;
Willy Tarreau70737d12012-10-27 00:34:28 +02002059 struct http_msg *msg = &txn->req;
William Lallemand82fe75c2012-10-23 10:25:10 +02002060 struct hdr_ctx ctx;
2061 struct comp_algo *comp_algo = NULL;
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002062 struct comp_algo *comp_algo_back = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002063
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002064 /* Disable compression for older user agents announcing themselves as "Mozilla/4"
2065 * unless they are known good (MSIE 6 with XP SP2, or MSIE 7 and later).
Willy Tarreau05d84602012-10-26 02:11:25 +02002066 * See http://zoompf.com/2012/02/lose-the-wait-http-compression for more details.
2067 */
2068 ctx.idx = 0;
2069 if (http_find_header2("User-Agent", 10, req->p, &txn->hdr_idx, &ctx) &&
2070 ctx.vlen >= 9 &&
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002071 memcmp(ctx.line + ctx.val, "Mozilla/4", 9) == 0 &&
2072 (ctx.vlen < 31 ||
2073 memcmp(ctx.line + ctx.val + 25, "MSIE ", 5) != 0 ||
2074 ctx.line[ctx.val + 30] < '6' ||
2075 (ctx.line[ctx.val + 30] == '6' &&
2076 (ctx.vlen < 54 || memcmp(ctx.line + 51, "SV1", 3) != 0)))) {
2077 s->comp_algo = NULL;
2078 return 0;
Willy Tarreau05d84602012-10-26 02:11:25 +02002079 }
2080
William Lallemand82fe75c2012-10-23 10:25:10 +02002081 /* search for the algo in the backend in priority or the frontend */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002082 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002083 ctx.idx = 0;
2084 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002085 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002086 if (word_match(ctx.line + ctx.val, ctx.vlen, comp_algo->name, comp_algo->name_len)) {
2087 s->comp_algo = comp_algo;
Willy Tarreau70737d12012-10-27 00:34:28 +02002088
2089 /* remove all occurrences of the header when "compression offload" is set */
2090
2091 if ((s->be->comp && s->be->comp->offload) ||
2092 (s->fe->comp && s->fe->comp->offload)) {
2093 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2094 ctx.idx = 0;
2095 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
2096 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2097 }
2098 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002099 return 1;
2100 }
2101 }
2102 }
2103 }
2104
2105 /* identity is implicit does not require headers */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002106 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
2107 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002108 if (comp_algo->add_data == identity_add_data) {
2109 s->comp_algo = comp_algo;
2110 return 1;
2111 }
2112 }
2113 }
2114
2115 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002116 return 0;
2117}
2118
2119/*
2120 * Selects a comression algorithm depending of the server response.
2121 */
2122int select_compression_response_header(struct session *s, struct buffer *res)
2123{
2124 struct http_txn *txn = &s->txn;
2125 struct http_msg *msg = &txn->rsp;
2126 struct hdr_ctx ctx;
2127 struct comp_type *comp_type;
William Lallemand82fe75c2012-10-23 10:25:10 +02002128
2129 /* no common compression algorithm was found in request header */
2130 if (s->comp_algo == NULL)
2131 goto fail;
2132
2133 /* HTTP < 1.1 should not be compressed */
2134 if (!(msg->flags & HTTP_MSGF_VER_11))
2135 goto fail;
2136
William Lallemandd3002612012-11-26 14:34:47 +01002137 /* 200 only */
2138 if (txn->status != 200)
2139 goto fail;
2140
William Lallemand82fe75c2012-10-23 10:25:10 +02002141 /* Content-Length is null */
2142 if (!(msg->flags & HTTP_MSGF_TE_CHNK) && msg->body_len == 0)
2143 goto fail;
2144
Willy Tarreau667c2a32013-04-09 08:13:58 +02002145 /* TEMPORARY WORKAROUND: do not compress if response is chunked !!!!!! */
2146 if (msg->flags & HTTP_MSGF_TE_CHNK)
2147 goto fail;
2148
William Lallemand82fe75c2012-10-23 10:25:10 +02002149 /* content is already compressed */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002150 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002151 if (http_find_header2("Content-Encoding", 16, res->p, &txn->hdr_idx, &ctx))
2152 goto fail;
2153
Willy Tarreau56e9ffa2013-01-05 16:20:35 +01002154 /* no compression when Cache-Control: no-transform is present in the message */
2155 ctx.idx = 0;
2156 while (http_find_header2("Cache-Control", 13, res->p, &txn->hdr_idx, &ctx)) {
2157 if (word_match(ctx.line + ctx.val, ctx.vlen, "no-transform", 12))
2158 goto fail;
2159 }
2160
William Lallemand82fe75c2012-10-23 10:25:10 +02002161 comp_type = NULL;
2162
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002163 /* we don't want to compress multipart content-types, nor content-types that are
2164 * not listed in the "compression type" directive if any. If no content-type was
2165 * found but configuration requires one, we don't compress either. Backend has
2166 * the priority.
William Lallemand82fe75c2012-10-23 10:25:10 +02002167 */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002168 ctx.idx = 0;
2169 if (http_find_header2("Content-Type", 12, res->p, &txn->hdr_idx, &ctx)) {
2170 if (ctx.vlen >= 9 && strncasecmp("multipart", ctx.line+ctx.val, 9) == 0)
2171 goto fail;
2172
2173 if ((s->be->comp && (comp_type = s->be->comp->types)) ||
2174 (s->fe->comp && (comp_type = s->fe->comp->types))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002175 for (; comp_type; comp_type = comp_type->next) {
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002176 if (ctx.vlen >= comp_type->name_len &&
2177 strncasecmp(ctx.line+ctx.val, comp_type->name, comp_type->name_len) == 0)
William Lallemand82fe75c2012-10-23 10:25:10 +02002178 /* this Content-Type should be compressed */
2179 break;
2180 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002181 /* this Content-Type should not be compressed */
2182 if (comp_type == NULL)
2183 goto fail;
William Lallemand82fe75c2012-10-23 10:25:10 +02002184 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002185 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002186 else { /* no content-type header */
2187 if ((s->be->comp && s->be->comp->types) || (s->fe->comp && s->fe->comp->types))
2188 goto fail; /* a content-type was required */
William Lallemandd3002612012-11-26 14:34:47 +01002189 }
2190
William Lallemandd85f9172012-11-09 17:05:39 +01002191 /* limit compression rate */
2192 if (global.comp_rate_lim > 0)
2193 if (read_freq_ctr(&global.comp_bps_in) > global.comp_rate_lim)
2194 goto fail;
2195
William Lallemand072a2bf2012-11-20 17:01:01 +01002196 /* limit cpu usage */
2197 if (idle_pct < compress_min_idle)
2198 goto fail;
2199
William Lallemand4c49fae2012-11-07 15:00:23 +01002200 /* initialize compression */
William Lallemandf3747832012-11-09 12:33:10 +01002201 if (s->comp_algo->init(&s->comp_ctx, global.tune.comp_maxlevel) < 0)
William Lallemand4c49fae2012-11-07 15:00:23 +01002202 goto fail;
2203
William Lallemandec3e3892012-11-12 17:02:18 +01002204 s->flags |= SN_COMP_READY;
2205
William Lallemand82fe75c2012-10-23 10:25:10 +02002206 /* remove Content-Length header */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002207 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002208 if ((msg->flags & HTTP_MSGF_CNT_LEN) && http_find_header2("Content-Length", 14, res->p, &txn->hdr_idx, &ctx))
2209 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2210
2211 /* add Transfer-Encoding header */
2212 if (!(msg->flags & HTTP_MSGF_TE_CHNK))
2213 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, "Transfer-Encoding: chunked", 26);
2214
2215 /*
2216 * Add Content-Encoding header when it's not identity encoding.
2217 * RFC 2616 : Identity encoding: This content-coding is used only in the
2218 * Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding
2219 * header.
2220 */
2221 if (s->comp_algo->add_data != identity_add_data) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002222 trash.len = 18;
2223 memcpy(trash.str, "Content-Encoding: ", trash.len);
2224 memcpy(trash.str + trash.len, s->comp_algo->name, s->comp_algo->name_len);
2225 trash.len += s->comp_algo->name_len;
2226 trash.str[trash.len] = '\0';
2227 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
William Lallemand82fe75c2012-10-23 10:25:10 +02002228 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002229 return 1;
2230
2231fail:
Willy Tarreaub97b6192012-11-19 14:55:02 +01002232 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002233 return 0;
2234}
2235
2236
Willy Tarreaud787e662009-07-07 10:14:51 +02002237/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2238 * processing can continue on next analysers, or zero if it either needs more
2239 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2240 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2241 * when it has nothing left to do, and may remove any analyser when it wants to
2242 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002243 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002244int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002245{
Willy Tarreau59234e92008-11-30 23:51:27 +01002246 /*
2247 * We will parse the partial (or complete) lines.
2248 * We will check the request syntax, and also join multi-line
2249 * headers. An index of all the lines will be elaborated while
2250 * parsing.
2251 *
2252 * For the parsing, we use a 28 states FSM.
2253 *
2254 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02002255 * req->buf->p = beginning of request
2256 * req->buf->p + msg->eoh = end of processed headers / start of current one
2257 * req->buf->p + req->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02002258 * msg->eol = end of current header or line (LF or CRLF)
2259 * msg->next = first non-visited byte
Willy Tarreaud787e662009-07-07 10:14:51 +02002260 *
2261 * At end of parsing, we may perform a capture of the error (if any), and
2262 * we will set a few fields (msg->sol, txn->meth, sn->flags/SN_REDIRECTABLE).
2263 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2264 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002265 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002266
Willy Tarreau59234e92008-11-30 23:51:27 +01002267 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002268 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002269 struct http_txn *txn = &s->txn;
2270 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002271 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002272
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002273 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau6bf17362009-02-24 10:48:35 +01002274 now_ms, __FUNCTION__,
2275 s,
2276 req,
2277 req->rex, req->wex,
2278 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002279 req->buf->i,
Willy Tarreau6bf17362009-02-24 10:48:35 +01002280 req->analysers);
2281
Willy Tarreau52a0c602009-08-16 22:45:38 +02002282 /* we're speaking HTTP here, so let's speak HTTP to the client */
2283 s->srv_error = http_return_srv_error;
2284
Willy Tarreau83e3af02009-12-28 17:39:57 +01002285 /* There's a protected area at the end of the buffer for rewriting
2286 * purposes. We don't want to start to parse the request if the
2287 * protected area is affected, because we may have to move processed
2288 * data later, which is much more complicated.
2289 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002290 if (buffer_not_empty(req->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02002291 if (txn->flags & TX_NOT_FIRST) {
2292 if (unlikely(!channel_reserved(req))) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002293 if (req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002294 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002295 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002296 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002297 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002298 return 0;
2299 }
Willy Tarreau379357a2013-06-08 12:55:46 +02002300 if (unlikely(bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2301 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite))
2302 buffer_slow_realign(req->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002303 }
2304
Willy Tarreau065e8332010-01-08 00:30:20 +01002305 /* Note that we have the same problem with the response ; we
2306 * may want to send a redirect, error or anything which requires
2307 * some spare space. So we'll ensure that we have at least
2308 * maxrewrite bytes available in the response buffer before
2309 * processing that one. This will only affect pipelined
2310 * keep-alive requests.
2311 */
2312 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau379357a2013-06-08 12:55:46 +02002313 unlikely(!channel_reserved(s->rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002314 bi_end(s->rep->buf) < b_ptr(s->rep->buf, txn->rsp.next) ||
2315 bi_end(s->rep->buf) > s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)) {
2316 if (s->rep->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002317 if (s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002318 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002319 /* don't let a connection request be initiated */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002320 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002321 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau0499e352010-12-17 07:13:42 +01002322 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002323 return 0;
2324 }
2325 }
2326
Willy Tarreau9b28e032012-10-12 23:49:43 +02002327 if (likely(msg->next < req->buf->i)) /* some unparsed data are available */
Willy Tarreaua560c212012-03-09 13:50:57 +01002328 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002329 }
2330
Willy Tarreau59234e92008-11-30 23:51:27 +01002331 /* 1: we might have to print this header in debug mode */
2332 if (unlikely((global.mode & MODE_DEBUG) &&
2333 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002334 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002335 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002336
Willy Tarreau9b28e032012-10-12 23:49:43 +02002337 sol = req->buf->p;
Willy Tarreaue92693a2012-09-24 21:13:39 +02002338 /* this is a bit complex : in case of error on the request line,
2339 * we know that rq.l is still zero, so we display only the part
2340 * up to the end of the line (truncated by debug_hdr).
2341 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002342 eol = sol + (msg->sl.rq.l ? msg->sl.rq.l : req->buf->i);
Willy Tarreau59234e92008-11-30 23:51:27 +01002343 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002344
Willy Tarreau59234e92008-11-30 23:51:27 +01002345 sol += hdr_idx_first_pos(&txn->hdr_idx);
2346 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002347
Willy Tarreau59234e92008-11-30 23:51:27 +01002348 while (cur_idx) {
2349 eol = sol + txn->hdr_idx.v[cur_idx].len;
2350 debug_hdr("clihdr", s, sol, eol);
2351 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2352 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002353 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002354 }
2355
Willy Tarreau58f10d72006-12-04 02:26:12 +01002356
Willy Tarreau59234e92008-11-30 23:51:27 +01002357 /*
2358 * Now we quickly check if we have found a full valid request.
2359 * If not so, we check the FD and buffer states before leaving.
2360 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002361 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002362 * requests are checked first. When waiting for a second request
2363 * on a keep-alive session, if we encounter and error, close, t/o,
2364 * we note the error in the session flags but don't set any state.
2365 * Since the error will be noted there, it will not be counted by
2366 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002367 * Last, we may increase some tracked counters' http request errors on
2368 * the cases that are deliberately the client's fault. For instance,
2369 * a timeout or connection reset is not counted as an error. However
2370 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002371 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002372
Willy Tarreau655dce92009-11-08 13:10:58 +01002373 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002374 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002375 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002376 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002377 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002378 session_inc_http_req_ctr(s);
2379 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002380 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002381 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002382 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002383
Willy Tarreau59234e92008-11-30 23:51:27 +01002384 /* 1: Since we are in header mode, if there's no space
2385 * left for headers, we won't be able to free more
2386 * later, so the session will never terminate. We
2387 * must terminate it now.
2388 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002389 if (unlikely(buffer_full(req->buf, global.tune.maxrewrite))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002390 /* FIXME: check if URI is set and return Status
2391 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002392 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002393 session_inc_http_req_ctr(s);
2394 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002395 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreaufec4d892011-09-02 20:04:57 +02002396 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02002397 msg->err_pos = req->buf->i;
Willy Tarreau59234e92008-11-30 23:51:27 +01002398 goto return_bad_req;
2399 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002400
Willy Tarreau59234e92008-11-30 23:51:27 +01002401 /* 2: have we encountered a read error ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002402 else if (req->flags & CF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002403 if (!(s->flags & SN_ERR_MASK))
2404 s->flags |= SN_ERR_CLICL;
2405
Willy Tarreaufcffa692010-01-10 14:21:19 +01002406 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002407 goto failed_keep_alive;
2408
Willy Tarreau59234e92008-11-30 23:51:27 +01002409 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002410 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002411 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002412 session_inc_http_err_ctr(s);
2413 }
2414
Willy Tarreaudc979f22012-12-04 10:39:01 +01002415 txn->status = 400;
2416 stream_int_retnclose(req->prod, NULL);
Willy Tarreau59234e92008-11-30 23:51:27 +01002417 msg->msg_state = HTTP_MSG_ERROR;
2418 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002419
Willy Tarreauda7ff642010-06-23 11:44:09 +02002420 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002421 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002422 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002423 if (s->listener->counters)
2424 s->listener->counters->failed_req++;
2425
Willy Tarreau59234e92008-11-30 23:51:27 +01002426 if (!(s->flags & SN_FINST_MASK))
2427 s->flags |= SN_FINST_R;
2428 return 0;
2429 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002430
Willy Tarreau59234e92008-11-30 23:51:27 +01002431 /* 3: has the read timeout expired ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002432 else if (req->flags & CF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002433 if (!(s->flags & SN_ERR_MASK))
2434 s->flags |= SN_ERR_CLITO;
2435
Willy Tarreaufcffa692010-01-10 14:21:19 +01002436 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002437 goto failed_keep_alive;
2438
Willy Tarreau59234e92008-11-30 23:51:27 +01002439 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002440 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002441 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002442 session_inc_http_err_ctr(s);
2443 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002444 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02002445 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau59234e92008-11-30 23:51:27 +01002446 msg->msg_state = HTTP_MSG_ERROR;
2447 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002448
Willy Tarreauda7ff642010-06-23 11:44:09 +02002449 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002450 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002451 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002452 if (s->listener->counters)
2453 s->listener->counters->failed_req++;
2454
Willy Tarreau59234e92008-11-30 23:51:27 +01002455 if (!(s->flags & SN_FINST_MASK))
2456 s->flags |= SN_FINST_R;
2457 return 0;
2458 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002459
Willy Tarreau59234e92008-11-30 23:51:27 +01002460 /* 4: have we encountered a close ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002461 else if (req->flags & CF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002462 if (!(s->flags & SN_ERR_MASK))
2463 s->flags |= SN_ERR_CLICL;
2464
Willy Tarreaufcffa692010-01-10 14:21:19 +01002465 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002466 goto failed_keep_alive;
2467
Willy Tarreau4076a152009-04-02 15:18:36 +02002468 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002469 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002470 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002471 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau59234e92008-11-30 23:51:27 +01002472 msg->msg_state = HTTP_MSG_ERROR;
2473 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002474
Willy Tarreauda7ff642010-06-23 11:44:09 +02002475 session_inc_http_err_ctr(s);
2476 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002477 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002478 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002479 if (s->listener->counters)
2480 s->listener->counters->failed_req++;
2481
Willy Tarreau59234e92008-11-30 23:51:27 +01002482 if (!(s->flags & SN_FINST_MASK))
2483 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002484 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002485 }
2486
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002487 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002488 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
2489 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau5e205522011-12-17 16:34:27 +01002490#ifdef TCP_QUICKACK
Willy Tarreau9b28e032012-10-12 23:49:43 +02002491 if (s->listener->options & LI_O_NOQUICKACK && req->buf->i) {
Willy Tarreau5e205522011-12-17 16:34:27 +01002492 /* We need more data, we have to re-enable quick-ack in case we
2493 * previously disabled it, otherwise we might cause the client
2494 * to delay next data.
2495 */
Willy Tarreau7f7ad912012-11-11 19:27:15 +01002496 setsockopt(s->si[0].conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01002497 }
2498#endif
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002499
Willy Tarreaufcffa692010-01-10 14:21:19 +01002500 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2501 /* If the client starts to talk, let's fall back to
2502 * request timeout processing.
2503 */
2504 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002505 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002506 }
2507
Willy Tarreau59234e92008-11-30 23:51:27 +01002508 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002509 if (!tick_isset(req->analyse_exp)) {
2510 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2511 (txn->flags & TX_WAIT_NEXT_RQ) &&
2512 tick_isset(s->be->timeout.httpka))
2513 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2514 else
2515 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2516 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002517
Willy Tarreau59234e92008-11-30 23:51:27 +01002518 /* we're not ready yet */
2519 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002520
2521 failed_keep_alive:
2522 /* Here we process low-level errors for keep-alive requests. In
2523 * short, if the request is not the first one and it experiences
2524 * a timeout, read error or shutdown, we just silently close so
2525 * that the client can try again.
2526 */
2527 txn->status = 0;
2528 msg->msg_state = HTTP_MSG_RQBEFORE;
2529 req->analysers = 0;
2530 s->logs.logwait = 0;
Willy Tarreauabcd5142013-06-11 17:18:02 +02002531 s->logs.level = 0;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002532 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002533 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002534 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002535 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002536
Willy Tarreaud787e662009-07-07 10:14:51 +02002537 /* OK now we have a complete HTTP request with indexed headers. Let's
2538 * complete the request parsing by setting a few fields we will need
Willy Tarreau9b28e032012-10-12 23:49:43 +02002539 * later. At this point, we have the last CRLF at req->buf->data + msg->eoh.
Willy Tarreaufa355d42009-11-29 18:12:29 +01002540 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
Willy Tarreaua458b672012-03-05 11:17:50 +01002541 * points to the CRLF of the request line. msg->next points to the first
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01002542 * byte after the last LF. msg->sov points to the first byte of data.
2543 * msg->eol cannot be trusted because it may have been left uninitialized
2544 * (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002545 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002546
Willy Tarreauda7ff642010-06-23 11:44:09 +02002547 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002548 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2549
Willy Tarreaub16a5742010-01-10 14:46:16 +01002550 if (txn->flags & TX_WAIT_NEXT_RQ) {
2551 /* kill the pending keep-alive timeout */
2552 txn->flags &= ~TX_WAIT_NEXT_RQ;
2553 req->analyse_exp = TICK_ETERNITY;
2554 }
2555
2556
Willy Tarreaud787e662009-07-07 10:14:51 +02002557 /* Maybe we found in invalid header name while we were configured not
2558 * to block on that, so we have to capture it now.
2559 */
2560 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002561 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002562
Willy Tarreau59234e92008-11-30 23:51:27 +01002563 /*
2564 * 1: identify the method
2565 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002566 txn->meth = find_http_meth(req->buf->p, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002567
2568 /* we can make use of server redirect on GET and HEAD */
2569 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2570 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002571
Willy Tarreau59234e92008-11-30 23:51:27 +01002572 /*
2573 * 2: check if the URI matches the monitor_uri.
2574 * We have to do this for every request which gets in, because
2575 * the monitor-uri is defined by the frontend.
2576 */
2577 if (unlikely((s->fe->monitor_uri_len != 0) &&
2578 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002579 !memcmp(req->buf->p + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002580 s->fe->monitor_uri,
2581 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002582 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002583 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002584 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002585 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002586
Willy Tarreau59234e92008-11-30 23:51:27 +01002587 s->flags |= SN_MONITOR;
Willy Tarreaueabea072011-09-10 23:29:44 +02002588 s->fe->fe_counters.intercepted_req++;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002589
Willy Tarreau59234e92008-11-30 23:51:27 +01002590 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002591 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002592 int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau11382812008-07-09 16:18:21 +02002593
Willy Tarreau59234e92008-11-30 23:51:27 +01002594 ret = acl_pass(ret);
2595 if (cond->pol == ACL_COND_UNLESS)
2596 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002597
Willy Tarreau59234e92008-11-30 23:51:27 +01002598 if (ret) {
2599 /* we fail this request, let's return 503 service unavail */
2600 txn->status = 503;
Willy Tarreau783f2582012-09-04 12:19:04 +02002601 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
Willy Tarreau570f2212013-06-10 16:42:09 +02002602 if (!(s->flags & SN_ERR_MASK))
2603 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002604 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002605 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002606 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002607
Willy Tarreau59234e92008-11-30 23:51:27 +01002608 /* nothing to fail, let's reply normaly */
2609 txn->status = 200;
Willy Tarreau783f2582012-09-04 12:19:04 +02002610 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
Willy Tarreau570f2212013-06-10 16:42:09 +02002611 if (!(s->flags & SN_ERR_MASK))
2612 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002613 goto return_prx_cond;
2614 }
2615
2616 /*
2617 * 3: Maybe we have to copy the original REQURI for the logs ?
2618 * Note: we cannot log anymore if the request has been
2619 * classified as invalid.
2620 */
2621 if (unlikely(s->logs.logwait & LW_REQ)) {
2622 /* we have a complete HTTP request that we must log */
2623 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2624 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002625
Willy Tarreau59234e92008-11-30 23:51:27 +01002626 if (urilen >= REQURI_LEN)
2627 urilen = REQURI_LEN - 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +02002628 memcpy(txn->uri, req->buf->p, urilen);
Willy Tarreau59234e92008-11-30 23:51:27 +01002629 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002630
Willy Tarreaud79a3b22012-12-28 09:40:16 +01002631 if (!(s->logs.logwait &= ~(LW_REQ|LW_INIT)))
Willy Tarreau59234e92008-11-30 23:51:27 +01002632 s->do_log(s);
2633 } else {
2634 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002635 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002636 }
Willy Tarreau06619262006-12-17 08:37:22 +01002637
Willy Tarreau59234e92008-11-30 23:51:27 +01002638 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01002639 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002640 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002641
Willy Tarreau5b154472009-12-21 20:11:07 +01002642 /* ... and check if the request is HTTP/1.1 or above */
2643 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002644 ((req->buf->p[msg->sl.rq.v + 5] > '1') ||
2645 ((req->buf->p[msg->sl.rq.v + 5] == '1') &&
2646 (req->buf->p[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002647 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01002648
2649 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01002650 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL | TX_HDR_CONN_UPG);
Willy Tarreau5b154472009-12-21 20:11:07 +01002651
Willy Tarreau88d349d2010-01-25 12:15:43 +01002652 /* if the frontend has "option http-use-proxy-header", we'll check if
2653 * we have what looks like a proxied connection instead of a connection,
2654 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2655 * Note that this is *not* RFC-compliant, however browsers and proxies
2656 * happen to do that despite being non-standard :-(
2657 * We consider that a request not beginning with either '/' or '*' is
2658 * a proxied connection, which covers both "scheme://location" and
2659 * CONNECT ip:port.
2660 */
2661 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002662 req->buf->p[msg->sl.rq.u] != '/' && req->buf->p[msg->sl.rq.u] != '*')
Willy Tarreau88d349d2010-01-25 12:15:43 +01002663 txn->flags |= TX_USE_PX_CONN;
2664
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002665 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002666 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002667
Willy Tarreau59234e92008-11-30 23:51:27 +01002668 /* 5: we may need to capture headers */
Willy Tarreau42f7d892012-03-24 08:28:09 +01002669 if (unlikely((s->logs.logwait & LW_REQHDR) && txn->req.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02002670 capture_headers(req->buf->p, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002671 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002672
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002673 /* 6: determine the transfer-length.
2674 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2675 * the presence of a message-body in a REQUEST and its transfer length
2676 * must be determined that way (in order of precedence) :
2677 * 1. The presence of a message-body in a request is signaled by the
2678 * inclusion of a Content-Length or Transfer-Encoding header field
2679 * in the request's header fields. When a request message contains
2680 * both a message-body of non-zero length and a method that does
2681 * not define any semantics for that request message-body, then an
2682 * origin server SHOULD either ignore the message-body or respond
2683 * with an appropriate error message (e.g., 413). A proxy or
2684 * gateway, when presented the same request, SHOULD either forward
2685 * the request inbound with the message- body or ignore the
2686 * message-body when determining a response.
2687 *
2688 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2689 * and the "chunked" transfer-coding (Section 6.2) is used, the
2690 * transfer-length is defined by the use of this transfer-coding.
2691 * If a Transfer-Encoding header field is present and the "chunked"
2692 * transfer-coding is not present, the transfer-length is defined
2693 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002694 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002695 * 3. If a Content-Length header field is present, its decimal value in
2696 * OCTETs represents both the entity-length and the transfer-length.
2697 * If a message is received with both a Transfer-Encoding header
2698 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002699 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002700 * 4. By the server closing the connection. (Closing the connection
2701 * cannot be used to indicate the end of a request body, since that
2702 * would leave no possibility for the server to send back a response.)
2703 *
2704 * Whenever a transfer-coding is applied to a message-body, the set of
2705 * transfer-codings MUST include "chunked", unless the message indicates
2706 * it is terminated by closing the connection. When the "chunked"
2707 * transfer-coding is used, it MUST be the last transfer-coding applied
2708 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002709 */
2710
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002711 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002712 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002713 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002714 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002715 http_find_header2("Transfer-Encoding", 17, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002716 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002717 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
2718 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002719 /* bad transfer-encoding (chunked followed by something else) */
2720 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002721 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002722 break;
2723 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002724 }
2725
Willy Tarreau32b47f42009-10-18 20:55:02 +02002726 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002727 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002728 http_find_header2("Content-Length", 14, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau32b47f42009-10-18 20:55:02 +02002729 signed long long cl;
2730
Willy Tarreauad14f752011-09-02 20:33:27 +02002731 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002732 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002733 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002734 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002735
Willy Tarreauad14f752011-09-02 20:33:27 +02002736 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002737 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002738 goto return_bad_req; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02002739 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002740
Willy Tarreauad14f752011-09-02 20:33:27 +02002741 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002742 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002743 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002744 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002745
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002746 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002747 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002748 goto return_bad_req; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02002749 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002750
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002751 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002752 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002753 }
2754
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002755 /* bodyless requests have a known length */
2756 if (!use_close_only)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002757 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002758
Willy Tarreaud787e662009-07-07 10:14:51 +02002759 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002760 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002761 req->analyse_exp = TICK_ETERNITY;
2762 return 1;
2763
2764 return_bad_req:
2765 /* We centralize bad requests processing here */
2766 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2767 /* we detected a parsing error. We want to archive this request
2768 * in the dedicated proxy area for later troubleshooting.
2769 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002770 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002771 }
2772
2773 txn->req.msg_state = HTTP_MSG_ERROR;
2774 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002775 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002776
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002777 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002778 if (s->listener->counters)
2779 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002780
2781 return_prx_cond:
2782 if (!(s->flags & SN_ERR_MASK))
2783 s->flags |= SN_ERR_PRXCOND;
2784 if (!(s->flags & SN_FINST_MASK))
2785 s->flags |= SN_FINST_R;
2786
2787 req->analysers = 0;
2788 req->analyse_exp = TICK_ETERNITY;
2789 return 0;
2790}
2791
Cyril Bonté70be45d2010-10-12 00:14:35 +02002792/* We reached the stats page through a POST request.
2793 * Parse the posted data and enable/disable servers if necessary.
Cyril Bonté23b39d92011-02-10 22:54:44 +01002794 * Returns 1 if request was parsed or zero if it needs more data.
Cyril Bonté70be45d2010-10-12 00:14:35 +02002795 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002796int http_process_req_stat_post(struct stream_interface *si, struct http_txn *txn, struct channel *req)
Cyril Bonté70be45d2010-10-12 00:14:35 +02002797{
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002798 struct proxy *px = NULL;
2799 struct server *sv = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002800
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002801 char key[LINESIZE];
2802 int action = ST_ADM_ACTION_NONE;
2803 int reprocess = 0;
2804
2805 int total_servers = 0;
2806 int altered_servers = 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002807
2808 char *first_param, *cur_param, *next_param, *end_params;
Willy Tarreau46787ed2012-04-11 17:28:40 +02002809 char *st_cur_param = NULL;
2810 char *st_next_param = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002811
Willy Tarreau9b28e032012-10-12 23:49:43 +02002812 first_param = req->buf->p + txn->req.eoh + 2;
Willy Tarreau124d9912011-03-01 20:30:48 +01002813 end_params = first_param + txn->req.body_len;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002814
2815 cur_param = next_param = end_params;
2816
Willy Tarreau9b28e032012-10-12 23:49:43 +02002817 if (end_params >= req->buf->data + req->buf->size - global.tune.maxrewrite) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002818 /* Prevent buffer overflow */
Willy Tarreau295a8372011-03-10 11:25:07 +01002819 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002820 return 1;
2821 }
Willy Tarreau9b28e032012-10-12 23:49:43 +02002822 else if (end_params > req->buf->p + req->buf->i) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01002823 /* we need more data */
Willy Tarreau295a8372011-03-10 11:25:07 +01002824 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté23b39d92011-02-10 22:54:44 +01002825 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002826 }
2827
2828 *end_params = '\0';
2829
Willy Tarreau295a8372011-03-10 11:25:07 +01002830 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002831
2832 /*
2833 * Parse the parameters in reverse order to only store the last value.
2834 * From the html form, the backend and the action are at the end.
2835 */
2836 while (cur_param > first_param) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002837 char *value;
2838 int poffset, plen;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002839
2840 cur_param--;
2841 if ((*cur_param == '&') || (cur_param == first_param)) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002842 reprocess_servers:
Cyril Bonté70be45d2010-10-12 00:14:35 +02002843 /* Parse the key */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002844 poffset = (cur_param != first_param ? 1 : 0);
2845 plen = next_param - cur_param + (cur_param == first_param ? 1 : 0);
2846 if ((plen > 0) && (plen <= sizeof(key))) {
2847 strncpy(key, cur_param + poffset, plen);
2848 key[plen - 1] = '\0';
2849 } else {
2850 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
2851 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002852 }
2853
2854 /* Parse the value */
2855 value = key;
2856 while (*value != '\0' && *value != '=') {
2857 value++;
2858 }
2859 if (*value == '=') {
2860 /* Ok, a value is found, we can mark the end of the key */
2861 *value++ = '\0';
2862 }
2863
Thierry FOURNIER5068d962013-10-04 16:27:27 +02002864 if (url_decode(key) < 0 || url_decode(value) < 0)
Willy Tarreaubf9c2fc2011-05-31 18:06:18 +02002865 break;
2866
Cyril Bonté70be45d2010-10-12 00:14:35 +02002867 /* Now we can check the key to see what to do */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002868 if (!px && (strcmp(key, "b") == 0)) {
2869 if ((px = findproxy(value, PR_CAP_BE)) == NULL) {
2870 /* the backend name is unknown or ambiguous (duplicate names) */
2871 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2872 goto out;
2873 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02002874 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002875 else if (!action && (strcmp(key, "action") == 0)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002876 if (strcmp(value, "disable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002877 action = ST_ADM_ACTION_DISABLE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002878 }
2879 else if (strcmp(value, "enable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002880 action = ST_ADM_ACTION_ENABLE;
2881 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002882 else if (strcmp(value, "stop") == 0) {
2883 action = ST_ADM_ACTION_STOP;
2884 }
2885 else if (strcmp(value, "start") == 0) {
2886 action = ST_ADM_ACTION_START;
2887 }
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002888 else if (strcmp(value, "shutdown") == 0) {
2889 action = ST_ADM_ACTION_SHUTDOWN;
2890 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002891 else {
2892 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2893 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002894 }
2895 }
2896 else if (strcmp(key, "s") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002897 if (!(px && action)) {
2898 /*
2899 * Indicates that we'll need to reprocess the parameters
2900 * as soon as backend and action are known
2901 */
2902 if (!reprocess) {
2903 st_cur_param = cur_param;
2904 st_next_param = next_param;
2905 }
2906 reprocess = 1;
2907 }
2908 else if ((sv = findserver(px, value)) != NULL) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002909 switch (action) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002910 case ST_ADM_ACTION_DISABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002911 if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002912 /* Not already in maintenance, we can change the server state */
2913 sv->state |= SRV_MAINTAIN;
Simon Horman4a741432013-02-23 15:35:38 +09002914 set_server_down(&sv->check);
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002915 altered_servers++;
2916 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002917 }
2918 break;
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002919 case ST_ADM_ACTION_ENABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002920 if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002921 /* Already in maintenance, we can change the server state */
Simon Horman4a741432013-02-23 15:35:38 +09002922 set_server_up(&sv->check);
Willy Tarreau70461302010-10-22 14:39:02 +02002923 sv->health = sv->rise; /* up, but will fall down at first failure */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002924 altered_servers++;
2925 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002926 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002927 break;
2928 case ST_ADM_ACTION_STOP:
2929 case ST_ADM_ACTION_START:
2930 if (action == ST_ADM_ACTION_START)
2931 sv->uweight = sv->iweight;
2932 else
2933 sv->uweight = 0;
2934
2935 if (px->lbprm.algo & BE_LB_PROP_DYN) {
2936 /* we must take care of not pushing the server to full throttle during slow starts */
2937 if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN))
2938 sv->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - sv->last_change) + sv->slowstart - 1) / sv->slowstart;
2939 else
2940 sv->eweight = BE_WEIGHT_SCALE;
2941 sv->eweight *= sv->uweight;
2942 } else {
2943 sv->eweight = sv->uweight;
2944 }
2945
2946 /* static LB algorithms are a bit harder to update */
2947 if (px->lbprm.update_server_eweight)
2948 px->lbprm.update_server_eweight(sv);
2949 else if (sv->eweight) {
2950 if (px->lbprm.set_server_status_up)
2951 px->lbprm.set_server_status_up(sv);
2952 }
2953 else {
2954 if (px->lbprm.set_server_status_down)
2955 px->lbprm.set_server_status_down(sv);
2956 }
2957 altered_servers++;
2958 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002959 break;
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002960 case ST_ADM_ACTION_SHUTDOWN:
2961 if (px->state != PR_STSTOPPED) {
2962 struct session *sess, *sess_bck;
2963
2964 list_for_each_entry_safe(sess, sess_bck, &sv->actconns, by_srv)
2965 if (sess->srv_conn == sv)
2966 session_shutdown(sess, SN_ERR_KILLED);
2967
2968 altered_servers++;
2969 total_servers++;
2970 }
2971 break;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002972 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002973 } else {
2974 /* the server name is unknown or ambiguous (duplicate names) */
2975 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002976 }
2977 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002978 if (reprocess && px && action) {
2979 /* Now, we know the backend and the action chosen by the user.
2980 * We can safely restart from the first server parameter
2981 * to reprocess them
2982 */
2983 cur_param = st_cur_param;
2984 next_param = st_next_param;
2985 reprocess = 0;
2986 goto reprocess_servers;
2987 }
2988
Cyril Bonté70be45d2010-10-12 00:14:35 +02002989 next_param = cur_param;
2990 }
2991 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002992
2993 if (total_servers == 0) {
2994 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
2995 }
2996 else if (altered_servers == 0) {
2997 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2998 }
2999 else if (altered_servers == total_servers) {
3000 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
3001 }
3002 else {
3003 si->applet.ctx.stats.st_code = STAT_STATUS_PART;
3004 }
3005 out:
Cyril Bonté23b39d92011-02-10 22:54:44 +01003006 return 1;
Cyril Bonté70be45d2010-10-12 00:14:35 +02003007}
3008
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003009/* This function checks whether we need to enable a POST analyser to parse a
3010 * stats request, and also registers the stats I/O handler. It returns zero
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003011 * if it needs to come back again, otherwise non-zero if it finishes. In the
3012 * latter case, it also clears the request analysers.
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003013 */
3014int http_handle_stats(struct session *s, struct channel *req)
3015{
3016 struct stats_admin_rule *stats_admin_rule;
3017 struct stream_interface *si = s->rep->prod;
3018 struct http_txn *txn = &s->txn;
3019 struct http_msg *msg = &txn->req;
3020 struct uri_auth *uri = s->be->uri_auth;
3021
3022 /* now check whether we have some admin rules for this request */
3023 list_for_each_entry(stats_admin_rule, &s->be->uri_auth->admin_rules, list) {
3024 int ret = 1;
3025
3026 if (stats_admin_rule->cond) {
3027 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
3028 ret = acl_pass(ret);
3029 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3030 ret = !ret;
3031 }
3032
3033 if (ret) {
3034 /* no rule, or the rule matches */
3035 s->rep->prod->applet.ctx.stats.flags |= STAT_ADMIN;
3036 break;
3037 }
3038 }
3039
3040 /* Was the status page requested with a POST ? */
3041 if (unlikely(txn->meth == HTTP_METH_POST)) {
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003042 char scope_txt[STAT_SCOPE_TXT_MAXLEN + sizeof STAT_SCOPE_PATTERN];
3043
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003044 if (si->applet.ctx.stats.flags & STAT_ADMIN) {
3045 if (msg->msg_state < HTTP_MSG_100_SENT) {
3046 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3047 * send an HTTP/1.1 100 Continue intermediate response.
3048 */
3049 if (msg->flags & HTTP_MSGF_VER_11) {
3050 struct hdr_ctx ctx;
3051 ctx.idx = 0;
3052 /* Expect is allowed in 1.1, look for it */
3053 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
3054 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3055 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
3056 }
3057 }
3058 msg->msg_state = HTTP_MSG_100_SENT;
3059 s->logs.tv_request = now; /* update the request timer to reflect full request */
3060 }
3061 if (!http_process_req_stat_post(si, txn, req))
3062 return 0; /* we need more data */
3063 }
3064 else
3065 si->applet.ctx.stats.st_code = STAT_STATUS_DENY;
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003066 /* scope_txt = search pattern + search query, si->applet.ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
3067 scope_txt[0] = 0;
3068 if (si->applet.ctx.stats.scope_len) {
3069 strcpy(scope_txt, STAT_SCOPE_PATTERN);
3070 memcpy(scope_txt + strlen(STAT_SCOPE_PATTERN), bo_ptr(req->buf) + si->applet.ctx.stats.scope_str, si->applet.ctx.stats.scope_len);
3071 scope_txt[strlen(STAT_SCOPE_PATTERN) + si->applet.ctx.stats.scope_len] = 0;
3072 }
3073
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003074
3075 /* We don't want to land on the posted stats page because a refresh will
3076 * repost the data. We don't want this to happen on accident so we redirect
3077 * the browse to the stats page with a GET.
3078 */
3079 chunk_printf(&trash,
Yves Lafon4e8ec502013-03-11 11:06:05 -04003080 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003081 "Cache-Control: no-cache\r\n"
3082 "Content-Type: text/plain\r\n"
3083 "Connection: close\r\n"
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003084 "Location: %s;st=%s%s%s%s\r\n"
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003085 "\r\n",
3086 uri->uri_prefix,
3087 ((si->applet.ctx.stats.st_code > STAT_STATUS_INIT) &&
3088 (si->applet.ctx.stats.st_code < STAT_STATUS_SIZE) &&
3089 stat_status_codes[si->applet.ctx.stats.st_code]) ?
3090 stat_status_codes[si->applet.ctx.stats.st_code] :
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003091 stat_status_codes[STAT_STATUS_UNKN],
3092 (si->applet.ctx.stats.flags & STAT_HIDE_DOWN) ? ";up" : "",
3093 (si->applet.ctx.stats.flags & STAT_NO_REFRESH) ? ";norefresh" : "",
3094 scope_txt);
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003095
3096 s->txn.status = 303;
3097 s->logs.tv_request = now;
3098 stream_int_retnclose(req->prod, &trash);
3099 s->target = &http_stats_applet.obj_type; /* just for logging the applet name */
3100
3101 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3102 s->fe->fe_counters.intercepted_req++;
3103
3104 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
Willy Tarreau570f2212013-06-10 16:42:09 +02003105 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003106 if (!(s->flags & SN_FINST_MASK))
3107 s->flags |= SN_FINST_R;
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003108 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003109 return 1;
3110 }
3111
3112 /* OK, let's go on now */
3113
3114 chunk_printf(&trash,
3115 "HTTP/1.0 200 OK\r\n"
3116 "Cache-Control: no-cache\r\n"
3117 "Connection: close\r\n"
3118 "Content-Type: %s\r\n",
Willy Tarreau354898b2012-12-23 18:15:23 +01003119 (si->applet.ctx.stats.flags & STAT_FMT_HTML) ? "text/html" : "text/plain");
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003120
3121 if (uri->refresh > 0 && !(si->applet.ctx.stats.flags & STAT_NO_REFRESH))
3122 chunk_appendf(&trash, "Refresh: %d\r\n",
3123 uri->refresh);
3124
3125 chunk_appendf(&trash, "\r\n");
3126
3127 s->txn.status = 200;
3128 s->logs.tv_request = now;
3129
3130 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3131 s->fe->fe_counters.intercepted_req++;
3132
3133 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
Willy Tarreau570f2212013-06-10 16:42:09 +02003134 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003135 if (!(s->flags & SN_FINST_MASK))
3136 s->flags |= SN_FINST_R;
3137
3138 if (s->txn.meth == HTTP_METH_HEAD) {
3139 /* that's all we return in case of HEAD request, so let's immediately close. */
3140 stream_int_retnclose(req->prod, &trash);
3141 s->target = &http_stats_applet.obj_type; /* just for logging the applet name */
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003142 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003143 return 1;
3144 }
3145
3146 /* OK, push the response and hand over to the stats I/O handler */
3147 bi_putchk(s->rep, &trash);
3148
3149 s->task->nice = -32; /* small boost for HTTP statistics */
3150 stream_int_register_handler(s->rep->prod, &http_stats_applet);
3151 s->target = s->rep->prod->conn->target; // for logging only
3152 s->rep->prod->conn->xprt_ctx = s;
3153 s->rep->prod->applet.st0 = s->rep->prod->applet.st1 = 0;
3154 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003155 return 1;
3156}
3157
Lukas Tribus67db8df2013-06-23 17:37:13 +02003158/* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
3159 * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
3160 */
3161static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
3162{
3163#ifdef IP_TOS
3164 if (from.ss_family == AF_INET)
3165 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3166#endif
3167#ifdef IPV6_TCLASS
3168 if (from.ss_family == AF_INET6) {
3169 if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
3170 /* v4-mapped addresses need IP_TOS */
3171 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3172 else
3173 setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
3174 }
3175#endif
3176}
3177
Willy Tarreau20b0de52012-12-24 15:45:22 +01003178/* Executes the http-request rules <rules> for session <s>, proxy <px> and
Willy Tarreau96257ec2012-12-27 10:46:37 +01003179 * transaction <txn>. Returns the first rule that prevents further processing
3180 * of the request (auth, deny, ...) or NULL if it executed all rules or stopped
3181 * on an allow. It may set the TX_CLDENY on txn->flags if it encounters a deny
3182 * rule.
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003183 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003184static struct http_req_rule *
Willy Tarreau96257ec2012-12-27 10:46:37 +01003185http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003186{
Willy Tarreauff011f22011-01-06 17:51:27 +01003187 struct http_req_rule *rule;
Willy Tarreau20b0de52012-12-24 15:45:22 +01003188 struct hdr_ctx ctx;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003189
Willy Tarreauff011f22011-01-06 17:51:27 +01003190 list_for_each_entry(rule, rules, list) {
Willy Tarreauff011f22011-01-06 17:51:27 +01003191 if (rule->action >= HTTP_REQ_ACT_MAX)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003192 continue;
3193
Willy Tarreau96257ec2012-12-27 10:46:37 +01003194 /* check optional condition */
Willy Tarreauff011f22011-01-06 17:51:27 +01003195 if (rule->cond) {
Willy Tarreau96257ec2012-12-27 10:46:37 +01003196 int ret;
3197
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003198 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003199 ret = acl_pass(ret);
3200
Willy Tarreauff011f22011-01-06 17:51:27 +01003201 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003202 ret = !ret;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003203
3204 if (!ret) /* condition not matched */
3205 continue;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003206 }
3207
Willy Tarreau20b0de52012-12-24 15:45:22 +01003208
Willy Tarreau96257ec2012-12-27 10:46:37 +01003209 switch (rule->action) {
3210 case HTTP_REQ_ACT_ALLOW:
3211 return NULL; /* "allow" rules are OK */
3212
3213 case HTTP_REQ_ACT_DENY:
3214 txn->flags |= TX_CLDENY;
3215 return rule;
3216
Willy Tarreauccbcc372012-12-27 12:37:57 +01003217 case HTTP_REQ_ACT_TARPIT:
3218 txn->flags |= TX_CLTARPIT;
3219 return rule;
3220
Willy Tarreau96257ec2012-12-27 10:46:37 +01003221 case HTTP_REQ_ACT_AUTH:
3222 return rule;
3223
Willy Tarreau81499eb2012-12-27 12:19:02 +01003224 case HTTP_REQ_ACT_REDIR:
3225 return rule;
3226
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003227 case HTTP_REQ_ACT_SET_NICE:
3228 s->task->nice = rule->arg.nice;
3229 break;
3230
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003231 case HTTP_REQ_ACT_SET_TOS:
Lukas Tribus67db8df2013-06-23 17:37:13 +02003232 inet_set_tos(s->req->prod->conn->t.sock.fd, s->req->prod->conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003233 break;
3234
Willy Tarreau51347ed2013-06-11 19:34:13 +02003235 case HTTP_REQ_ACT_SET_MARK:
3236#ifdef SO_MARK
3237 setsockopt(s->req->prod->conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
3238#endif
3239 break;
3240
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003241 case HTTP_REQ_ACT_SET_LOGL:
3242 s->logs.level = rule->arg.loglevel;
3243 break;
3244
Willy Tarreau96257ec2012-12-27 10:46:37 +01003245 case HTTP_REQ_ACT_SET_HDR:
3246 ctx.idx = 0;
3247 /* remove all occurrences of the header */
3248 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3249 txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
3250 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Willy Tarreau20b0de52012-12-24 15:45:22 +01003251 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003252 /* now fall through to header addition */
3253
3254 case HTTP_REQ_ACT_ADD_HDR:
3255 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3256 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3257 trash.len = rule->arg.hdr_add.name_len;
3258 trash.str[trash.len++] = ':';
3259 trash.str[trash.len++] = ' ';
3260 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3261 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len);
3262 break;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003263 }
3264 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003265
3266 /* we reached the end of the rules, nothing to report */
Willy Tarreau418c1a02012-12-25 20:52:58 +01003267 return NULL;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003268}
3269
Willy Tarreau71241ab2012-12-27 11:30:54 +01003270
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003271/* Executes the http-response rules <rules> for session <s>, proxy <px> and
3272 * transaction <txn>. Returns the first rule that prevents further processing
3273 * of the response (deny, ...) or NULL if it executed all rules or stopped
3274 * on an allow. It may set the TX_SVDENY on txn->flags if it encounters a deny
3275 * rule.
3276 */
3277static struct http_res_rule *
3278http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
3279{
3280 struct http_res_rule *rule;
3281 struct hdr_ctx ctx;
3282
3283 list_for_each_entry(rule, rules, list) {
3284 if (rule->action >= HTTP_RES_ACT_MAX)
3285 continue;
3286
3287 /* check optional condition */
3288 if (rule->cond) {
3289 int ret;
3290
3291 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
3292 ret = acl_pass(ret);
3293
3294 if (rule->cond->pol == ACL_COND_UNLESS)
3295 ret = !ret;
3296
3297 if (!ret) /* condition not matched */
3298 continue;
3299 }
3300
3301
3302 switch (rule->action) {
3303 case HTTP_RES_ACT_ALLOW:
3304 return NULL; /* "allow" rules are OK */
3305
3306 case HTTP_RES_ACT_DENY:
3307 txn->flags |= TX_SVDENY;
3308 return rule;
3309
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003310 case HTTP_RES_ACT_SET_NICE:
3311 s->task->nice = rule->arg.nice;
3312 break;
3313
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003314 case HTTP_RES_ACT_SET_TOS:
Lukas Tribus67db8df2013-06-23 17:37:13 +02003315 inet_set_tos(s->req->prod->conn->t.sock.fd, s->req->prod->conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003316 break;
3317
Willy Tarreau51347ed2013-06-11 19:34:13 +02003318 case HTTP_RES_ACT_SET_MARK:
3319#ifdef SO_MARK
3320 setsockopt(s->req->prod->conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
3321#endif
3322 break;
3323
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003324 case HTTP_RES_ACT_SET_LOGL:
3325 s->logs.level = rule->arg.loglevel;
3326 break;
3327
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003328 case HTTP_RES_ACT_SET_HDR:
3329 ctx.idx = 0;
3330 /* remove all occurrences of the header */
3331 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3332 txn->rsp.chn->buf->p, &txn->hdr_idx, &ctx)) {
3333 http_remove_header2(&txn->rsp, &txn->hdr_idx, &ctx);
3334 }
3335 /* now fall through to header addition */
3336
3337 case HTTP_RES_ACT_ADD_HDR:
3338 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3339 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3340 trash.len = rule->arg.hdr_add.name_len;
3341 trash.str[trash.len++] = ':';
3342 trash.str[trash.len++] = ' ';
3343 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3344 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
3345 break;
3346 }
3347 }
3348
3349 /* we reached the end of the rules, nothing to report */
3350 return NULL;
3351}
3352
3353
Willy Tarreau71241ab2012-12-27 11:30:54 +01003354/* Perform an HTTP redirect based on the information in <rule>. The function
3355 * returns non-zero on success, or zero in case of a, irrecoverable error such
3356 * as too large a request to build a valid response.
3357 */
3358static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *s, struct http_txn *txn)
3359{
3360 struct http_msg *msg = &txn->req;
3361 const char *msg_fmt;
3362
3363 /* build redirect message */
3364 switch(rule->code) {
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04003365 case 308:
3366 msg_fmt = HTTP_308;
3367 break;
3368 case 307:
3369 msg_fmt = HTTP_307;
3370 break;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003371 case 303:
3372 msg_fmt = HTTP_303;
3373 break;
3374 case 301:
3375 msg_fmt = HTTP_301;
3376 break;
3377 case 302:
3378 default:
3379 msg_fmt = HTTP_302;
3380 break;
3381 }
3382
3383 if (unlikely(!chunk_strcpy(&trash, msg_fmt)))
3384 return 0;
3385
3386 switch(rule->type) {
3387 case REDIRECT_TYPE_SCHEME: {
3388 const char *path;
3389 const char *host;
3390 struct hdr_ctx ctx;
3391 int pathlen;
3392 int hostlen;
3393
3394 host = "";
3395 hostlen = 0;
3396 ctx.idx = 0;
3397 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
3398 host = ctx.line + ctx.val;
3399 hostlen = ctx.vlen;
3400 }
3401
3402 path = http_get_path(txn);
3403 /* build message using path */
3404 if (path) {
3405 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3406 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3407 int qs = 0;
3408 while (qs < pathlen) {
3409 if (path[qs] == '?') {
3410 pathlen = qs;
3411 break;
3412 }
3413 qs++;
3414 }
3415 }
3416 } else {
3417 path = "/";
3418 pathlen = 1;
3419 }
3420
3421 /* check if we can add scheme + "://" + host + path */
3422 if (trash.len + rule->rdr_len + 3 + hostlen + pathlen > trash.size - 4)
3423 return 0;
3424
3425 /* add scheme */
3426 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3427 trash.len += rule->rdr_len;
3428
3429 /* add "://" */
3430 memcpy(trash.str + trash.len, "://", 3);
3431 trash.len += 3;
3432
3433 /* add host */
3434 memcpy(trash.str + trash.len, host, hostlen);
3435 trash.len += hostlen;
3436
3437 /* add path */
3438 memcpy(trash.str + trash.len, path, pathlen);
3439 trash.len += pathlen;
3440
3441 /* append a slash at the end of the location is needed and missing */
3442 if (trash.len && trash.str[trash.len - 1] != '/' &&
3443 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3444 if (trash.len > trash.size - 5)
3445 return 0;
3446 trash.str[trash.len] = '/';
3447 trash.len++;
3448 }
3449
3450 break;
3451 }
3452 case REDIRECT_TYPE_PREFIX: {
3453 const char *path;
3454 int pathlen;
3455
3456 path = http_get_path(txn);
3457 /* build message using path */
3458 if (path) {
3459 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3460 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3461 int qs = 0;
3462 while (qs < pathlen) {
3463 if (path[qs] == '?') {
3464 pathlen = qs;
3465 break;
3466 }
3467 qs++;
3468 }
3469 }
3470 } else {
3471 path = "/";
3472 pathlen = 1;
3473 }
3474
3475 if (trash.len + rule->rdr_len + pathlen > trash.size - 4)
3476 return 0;
3477
3478 /* add prefix. Note that if prefix == "/", we don't want to
3479 * add anything, otherwise it makes it hard for the user to
3480 * configure a self-redirection.
3481 */
3482 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
3483 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3484 trash.len += rule->rdr_len;
3485 }
3486
3487 /* add path */
3488 memcpy(trash.str + trash.len, path, pathlen);
3489 trash.len += pathlen;
3490
3491 /* append a slash at the end of the location is needed and missing */
3492 if (trash.len && trash.str[trash.len - 1] != '/' &&
3493 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3494 if (trash.len > trash.size - 5)
3495 return 0;
3496 trash.str[trash.len] = '/';
3497 trash.len++;
3498 }
3499
3500 break;
3501 }
3502 case REDIRECT_TYPE_LOCATION:
3503 default:
3504 if (trash.len + rule->rdr_len > trash.size - 4)
3505 return 0;
3506
3507 /* add location */
3508 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3509 trash.len += rule->rdr_len;
3510 break;
3511 }
3512
3513 if (rule->cookie_len) {
3514 memcpy(trash.str + trash.len, "\r\nSet-Cookie: ", 14);
3515 trash.len += 14;
3516 memcpy(trash.str + trash.len, rule->cookie_str, rule->cookie_len);
3517 trash.len += rule->cookie_len;
3518 memcpy(trash.str + trash.len, "\r\n", 2);
3519 trash.len += 2;
3520 }
3521
3522 /* add end of headers and the keep-alive/close status.
3523 * We may choose to set keep-alive if the Location begins
3524 * with a slash, because the client will come back to the
3525 * same server.
3526 */
3527 txn->status = rule->code;
3528 /* let's log the request time */
3529 s->logs.tv_request = now;
3530
3531 if (rule->rdr_len >= 1 && *rule->rdr_str == '/' &&
3532 (msg->flags & HTTP_MSGF_XFER_LEN) &&
3533 !(msg->flags & HTTP_MSGF_TE_CHNK) && !txn->req.body_len &&
3534 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3535 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3536 /* keep-alive possible */
3537 if (!(msg->flags & HTTP_MSGF_VER_11)) {
3538 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3539 memcpy(trash.str + trash.len, "\r\nProxy-Connection: keep-alive", 30);
3540 trash.len += 30;
3541 } else {
3542 memcpy(trash.str + trash.len, "\r\nConnection: keep-alive", 24);
3543 trash.len += 24;
3544 }
3545 }
3546 memcpy(trash.str + trash.len, "\r\n\r\n", 4);
3547 trash.len += 4;
3548 bo_inject(txn->rsp.chn, trash.str, trash.len);
3549 /* "eat" the request */
3550 bi_fast_delete(txn->req.chn->buf, msg->sov);
3551 msg->sov = 0;
3552 txn->req.chn->analysers = AN_REQ_HTTP_XFER_BODY;
3553 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3554 txn->req.msg_state = HTTP_MSG_CLOSED;
3555 txn->rsp.msg_state = HTTP_MSG_DONE;
3556 } else {
3557 /* keep-alive not possible */
3558 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3559 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3560 trash.len += 29;
3561 } else {
3562 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
3563 trash.len += 23;
3564 }
3565 stream_int_retnclose(txn->req.chn->prod, &trash);
3566 txn->req.chn->analysers = 0;
3567 }
3568
3569 if (!(s->flags & SN_ERR_MASK))
Willy Tarreau570f2212013-06-10 16:42:09 +02003570 s->flags |= SN_ERR_LOCAL;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003571 if (!(s->flags & SN_FINST_MASK))
3572 s->flags |= SN_FINST_R;
3573
3574 return 1;
3575}
3576
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003577/* This stream analyser runs all HTTP request processing which is common to
3578 * frontends and backends, which means blocking ACLs, filters, connection-close,
3579 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02003580 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003581 * either needs more data or wants to immediately abort the request (eg: deny,
3582 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02003583 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003584int http_process_req_common(struct session *s, struct channel *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02003585{
Willy Tarreaud787e662009-07-07 10:14:51 +02003586 struct http_txn *txn = &s->txn;
3587 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003588 struct acl_cond *cond;
Willy Tarreauff011f22011-01-06 17:51:27 +01003589 struct http_req_rule *http_req_last_rule = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003590 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01003591 struct cond_wordlist *wl;
Simon Horman70735c92011-06-07 11:07:50 +09003592 int do_stats;
Willy Tarreaud787e662009-07-07 10:14:51 +02003593
Willy Tarreau655dce92009-11-08 13:10:58 +01003594 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003595 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003596 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003597 return 0;
3598 }
3599
Willy Tarreau3a816292009-07-07 10:55:49 +02003600 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02003601 req->analyse_exp = TICK_ETERNITY;
3602
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003603 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaud787e662009-07-07 10:14:51 +02003604 now_ms, __FUNCTION__,
3605 s,
3606 req,
3607 req->rex, req->wex,
3608 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003609 req->buf->i,
Willy Tarreaud787e662009-07-07 10:14:51 +02003610 req->analysers);
3611
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003612 /* first check whether we have some ACLs set to block this request */
3613 list_for_each_entry(cond, &px->block_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003614 int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02003615
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003616 ret = acl_pass(ret);
3617 if (cond->pol == ACL_COND_UNLESS)
3618 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01003619
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003620 if (ret) {
3621 txn->status = 403;
3622 /* let's log the request time */
3623 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003624 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003625 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003626 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01003627 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003628 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003629
Willy Tarreau5d5b5d82012-12-09 12:00:04 +01003630 /* just in case we have some per-backend tracking */
3631 session_inc_be_http_req_ctr(s);
3632
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003633 /* evaluate http-request rules */
Willy Tarreau96257ec2012-12-27 10:46:37 +01003634 http_req_last_rule = http_req_get_intercept_rule(px, &px->http_req_rules, s, txn);
Willy Tarreau51425942010-02-01 10:40:19 +01003635
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003636 /* evaluate stats http-request rules only if http-request is OK */
Willy Tarreauff011f22011-01-06 17:51:27 +01003637 if (!http_req_last_rule) {
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003638 do_stats = stats_check_uri(s->rep->prod, txn, px);
3639 if (do_stats)
Willy Tarreau96257ec2012-12-27 10:46:37 +01003640 http_req_last_rule = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s, txn);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003641 }
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003642 else
3643 do_stats = 0;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003644
Willy Tarreau3b44e722013-11-16 10:28:23 +01003645 /* only apply req{,i}{rep/deny/tarpit} if the request was not yet
3646 * blocked by an http-request rule.
3647 */
3648 if (!(txn->flags & (TX_CLDENY|TX_CLTARPIT)) && (px->req_exp != NULL)) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003649 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003650 goto return_bad_req;
Willy Tarreau3b44e722013-11-16 10:28:23 +01003651 }
Willy Tarreau06619262006-12-17 08:37:22 +01003652
Willy Tarreau3b44e722013-11-16 10:28:23 +01003653 /* return a 403 if either rule has blocked */
3654 if (txn->flags & (TX_CLDENY|TX_CLTARPIT)) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003655 if (txn->flags & TX_CLDENY) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003656 txn->status = 403;
Willy Tarreau59234e92008-11-30 23:51:27 +01003657 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003658 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003659 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003660 s->fe->fe_counters.denied_req++;
3661 if (s->fe != s->be)
3662 s->be->be_counters.denied_req++;
3663 if (s->listener->counters)
3664 s->listener->counters->denied_req++;
Willy Tarreau59234e92008-11-30 23:51:27 +01003665 goto return_prx_cond;
3666 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003667
3668 /* When a connection is tarpitted, we use the tarpit timeout,
3669 * which may be the same as the connect timeout if unspecified.
3670 * If unset, then set it to zero because we really want it to
3671 * eventually expire. We build the tarpit as an analyser.
3672 */
3673 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003674 channel_erase(s->req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003675 /* wipe the request out so that we can drop the connection early
3676 * if the client closes first.
3677 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003678 channel_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003679 req->analysers = 0; /* remove switching rules etc... */
3680 req->analysers |= AN_REQ_HTTP_TARPIT;
3681 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3682 if (!req->analyse_exp)
3683 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003684 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003685 s->fe->fe_counters.denied_req++;
3686 if (s->fe != s->be)
3687 s->be->be_counters.denied_req++;
3688 if (s->listener->counters)
3689 s->listener->counters->denied_req++;
Willy Tarreauc465fd72009-08-31 00:17:18 +02003690 return 1;
3691 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003692 }
Willy Tarreau06619262006-12-17 08:37:22 +01003693
Willy Tarreau5b154472009-12-21 20:11:07 +01003694 /* Until set to anything else, the connection mode is set as TUNNEL. It will
3695 * only change if both the request and the config reference something else.
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003696 * Option httpclose by itself does not set a mode, it remains a tunnel mode
3697 * in which headers are mangled. However, if another mode is set, it will
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003698 * affect it (eg: server-close/keep-alive + httpclose = close). Note that we
3699 * avoid to redo the same work if FE and BE have the same settings (common).
3700 * The method consists in checking if options changed between the two calls
3701 * (implying that either one is non-null, or one of them is non-null and we
3702 * are there for the first time.
Willy Tarreau42736642009-10-18 21:04:35 +02003703 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003704
Willy Tarreaudc008c52010-02-01 16:20:08 +01003705 if ((!(txn->flags & TX_HDR_CONN_PRS) &&
3706 (s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) ||
3707 ((s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) !=
3708 (s->be->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)))) {
Willy Tarreau5b154472009-12-21 20:11:07 +01003709 int tmp = TX_CON_WANT_TUN;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003710
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003711 if ((s->fe->options|s->be->options) & PR_O_KEEPALIVE ||
3712 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreau5b154472009-12-21 20:11:07 +01003713 tmp = TX_CON_WANT_KAL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01003714 if ((s->fe->options|s->be->options) & PR_O_SERVER_CLO)
3715 tmp = TX_CON_WANT_SCL;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003716 if ((s->fe->options|s->be->options) & PR_O_FORCE_CLO)
Willy Tarreau5b154472009-12-21 20:11:07 +01003717 tmp = TX_CON_WANT_CLO;
3718
Willy Tarreau5b154472009-12-21 20:11:07 +01003719 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3720 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003721
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003722 if (!(txn->flags & TX_HDR_CONN_PRS)) {
3723 /* parse the Connection header and possibly clean it */
3724 int to_del = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003725 if ((msg->flags & HTTP_MSGF_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003726 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3727 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003728 to_del |= 2; /* remove "keep-alive" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003729 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003730 to_del |= 1; /* remove "close" */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003731 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003732 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003733
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003734 /* check if client or config asks for explicit close in KAL/SCL */
3735 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3736 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3737 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003738 (!(msg->flags & HTTP_MSGF_VER_11) && !(txn->flags & TX_HDR_CONN_KAL)) || /* no "connection: k-a" in 1.0 */
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003739 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE) || /* httpclose+any = forceclose */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003740 !(msg->flags & HTTP_MSGF_XFER_LEN) || /* no length known => close */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003741 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003742 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3743 }
Willy Tarreau78599912009-10-17 20:12:21 +02003744
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003745 /* we can be blocked here because the request needs to be authenticated,
3746 * either to pass or to access stats.
3747 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003748 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_AUTH) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01003749 char *realm = http_req_last_rule->arg.auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003750
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003751 if (!realm)
3752 realm = do_stats?STATS_DEFAULT_REALM:px->id;
3753
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003754 chunk_printf(&trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003755 txn->status = 401;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003756 stream_int_retnclose(req->prod, &trash);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003757 /* on 401 we still count one error, because normal browsing
3758 * won't significantly increase the counter but brute force
3759 * attempts will.
3760 */
3761 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003762 goto return_prx_cond;
3763 }
3764
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003765 /* add request headers from the rule sets in the same order */
3766 list_for_each_entry(wl, &px->req_add, list) {
3767 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003768 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003769 ret = acl_pass(ret);
3770 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3771 ret = !ret;
3772 if (!ret)
3773 continue;
3774 }
3775
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003776 if (unlikely(http_header_add_tail(&txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003777 goto return_bad_req;
Willy Tarreau81499eb2012-12-27 12:19:02 +01003778 }
3779
3780 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_REDIR) {
3781 if (!http_apply_redirect_rule(http_req_last_rule->arg.redir, s, txn))
3782 goto return_bad_req;
3783 req->analyse_exp = TICK_ETERNITY;
3784 return 1;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003785 }
3786
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003787 if (unlikely(do_stats)) {
3788 /* process the stats request now */
3789 if (!http_handle_stats(s, req)) {
3790 /* we need more data, let's come back here later */
3791 req->analysers |= an_bit;
3792 channel_dont_connect(req);
Willy Tarreau7fe33002013-04-21 08:04:22 +02003793 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02003794 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003795 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003796 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003797
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003798 /* check whether we have some ACLs set to redirect this request */
3799 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01003800 if (rule->cond) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01003801 int ret;
3802
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003803 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf285f542010-01-03 20:03:03 +01003804 ret = acl_pass(ret);
3805 if (rule->cond->pol == ACL_COND_UNLESS)
3806 ret = !ret;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003807 if (!ret)
3808 continue;
Willy Tarreauf285f542010-01-03 20:03:03 +01003809 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003810 if (!http_apply_redirect_rule(rule, s, txn))
3811 goto return_bad_req;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003812
Willy Tarreau71241ab2012-12-27 11:30:54 +01003813 req->analyse_exp = TICK_ETERNITY;
3814 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003815 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003816
Willy Tarreau2be39392010-01-03 17:24:51 +01003817 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
3818 * If this happens, then the data will not come immediately, so we must
3819 * send all what we have without waiting. Note that due to the small gain
3820 * in waiting for the body of the request, it's easier to simply put the
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003821 * CF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
Willy Tarreau2be39392010-01-03 17:24:51 +01003822 * itself once used.
3823 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003824 req->flags |= CF_SEND_DONTWAIT;
Willy Tarreau2be39392010-01-03 17:24:51 +01003825
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003826 /* that's OK for us now, let's move on to next analysers */
3827 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02003828
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003829 return_bad_req:
3830 /* We centralize bad requests processing here */
3831 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
3832 /* we detected a parsing error. We want to archive this request
3833 * in the dedicated proxy area for later troubleshooting.
3834 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01003835 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003836 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003837
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003838 txn->req.msg_state = HTTP_MSG_ERROR;
3839 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02003840 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003841
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003842 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003843 if (s->listener->counters)
3844 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003845
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003846 return_prx_cond:
3847 if (!(s->flags & SN_ERR_MASK))
3848 s->flags |= SN_ERR_PRXCOND;
3849 if (!(s->flags & SN_FINST_MASK))
3850 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01003851
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003852 req->analysers = 0;
3853 req->analyse_exp = TICK_ETERNITY;
3854 return 0;
3855}
Willy Tarreau58f10d72006-12-04 02:26:12 +01003856
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003857/* This function performs all the processing enabled for the current request.
3858 * It returns 1 if the processing can continue on next analysers, or zero if it
3859 * needs more data, encounters an error, or wants to immediately abort the
3860 * request. It relies on buffers flags, and updates s->req->analysers.
3861 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003862int http_process_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003863{
3864 struct http_txn *txn = &s->txn;
3865 struct http_msg *msg = &txn->req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003866
Willy Tarreau655dce92009-11-08 13:10:58 +01003867 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003868 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003869 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003870 return 0;
3871 }
3872
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003873 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003874 now_ms, __FUNCTION__,
3875 s,
3876 req,
3877 req->rex, req->wex,
3878 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003879 req->buf->i,
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003880 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01003881
William Lallemand82fe75c2012-10-23 10:25:10 +02003882 if (s->fe->comp || s->be->comp)
3883 select_compression_request_header(s, req->buf);
3884
Willy Tarreau59234e92008-11-30 23:51:27 +01003885 /*
3886 * Right now, we know that we have processed the entire headers
3887 * and that unwanted requests have been filtered out. We can do
3888 * whatever we want with the remaining request. Also, now we
3889 * may have separate values for ->fe, ->be.
3890 */
Willy Tarreau06619262006-12-17 08:37:22 +01003891
Willy Tarreau59234e92008-11-30 23:51:27 +01003892 /*
3893 * If HTTP PROXY is set we simply get remote server address
3894 * parsing incoming request.
3895 */
3896 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003897 url2sa(req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l, &s->req->cons->conn->addr.to);
Willy Tarreau59234e92008-11-30 23:51:27 +01003898 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003899
Willy Tarreau59234e92008-11-30 23:51:27 +01003900 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003901 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01003902 * Note that doing so might move headers in the request, but
3903 * the fields will stay coherent and the URI will not move.
3904 * This should only be performed in the backend.
3905 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02003906 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01003907 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
3908 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02003909
Willy Tarreau59234e92008-11-30 23:51:27 +01003910 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003911 * 8: the appsession cookie was looked up very early in 1.2,
3912 * so let's do the same now.
3913 */
3914
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003915 /* It needs to look into the URI unless persistence must be ignored */
3916 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003917 get_srv_from_appsession(s, req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01003918 }
3919
William Lallemanda73203e2012-03-12 12:48:57 +01003920 /* add unique-id if "header-unique-id" is specified */
3921
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003922 if (!LIST_ISEMPTY(&s->fe->format_unique_id)) {
3923 if ((s->unique_id = pool_alloc2(pool2_uniqueid)) == NULL)
3924 goto return_bad_req;
3925 s->unique_id[0] = '\0';
William Lallemanda73203e2012-03-12 12:48:57 +01003926 build_logline(s, s->unique_id, UNIQUEID_LEN, &s->fe->format_unique_id);
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003927 }
William Lallemanda73203e2012-03-12 12:48:57 +01003928
3929 if (s->fe->header_unique_id && s->unique_id) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003930 chunk_printf(&trash, "%s: %s", s->fe->header_unique_id, s->unique_id);
3931 if (trash.len < 0)
William Lallemanda73203e2012-03-12 12:48:57 +01003932 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003933 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len) < 0))
William Lallemanda73203e2012-03-12 12:48:57 +01003934 goto return_bad_req;
3935 }
3936
Cyril Bontéb21570a2009-11-29 20:04:48 +01003937 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01003938 * 9: add X-Forwarded-For if either the frontend or the backend
3939 * asks for it.
3940 */
3941 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003942 struct hdr_ctx ctx = { .idx = 0 };
Willy Tarreau87cf5142011-08-19 22:57:24 +02003943 if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
Cyril Bontéa32d2752012-05-29 23:27:41 +02003944 http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
3945 s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003946 req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003947 /* The header is set to be added only if none is present
3948 * and we found it, so don't do anything.
3949 */
3950 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003951 else if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003952 /* Add an X-Forwarded-For header unless the source IP is
3953 * in the 'except' network range.
3954 */
3955 if ((!s->fe->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003956 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003957 != s->fe->except_net.s_addr) &&
3958 (!s->be->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003959 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003960 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01003961 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01003962 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003963 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02003964
3965 /* Note: we rely on the backend to get the header name to be used for
3966 * x-forwarded-for, because the header is really meant for the backends.
3967 * However, if the backend did not specify any option, we have to rely
3968 * on the frontend's header name.
3969 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003970 if (s->be->fwdfor_hdr_len) {
3971 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003972 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02003973 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01003974 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003975 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003976 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003977 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01003978
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003979 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01003980 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01003981 }
3982 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003983 else if (s->req->prod->conn->addr.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003984 /* FIXME: for the sake of completeness, we should also support
3985 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003986 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003987 int len;
3988 char pn[INET6_ADDRSTRLEN];
3989 inet_ntop(AF_INET6,
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003990 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->conn->addr.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01003991 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003992
Willy Tarreau59234e92008-11-30 23:51:27 +01003993 /* Note: we rely on the backend to get the header name to be used for
3994 * x-forwarded-for, because the header is really meant for the backends.
3995 * However, if the backend did not specify any option, we have to rely
3996 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003997 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003998 if (s->be->fwdfor_hdr_len) {
3999 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004000 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Willy Tarreau59234e92008-11-30 23:51:27 +01004001 } else {
4002 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004003 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004004 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004005 len += sprintf(trash.str + len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02004006
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004007 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01004008 goto return_bad_req;
4009 }
4010 }
4011
4012 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02004013 * 10: add X-Original-To if either the frontend or the backend
4014 * asks for it.
4015 */
4016 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
4017
4018 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004019 if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004020 /* Add an X-Original-To header unless the destination IP is
4021 * in the 'except' network range.
4022 */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004023 conn_get_to_addr(s->req->prod->conn);
Maik Broemme2850cb42009-04-17 18:53:21 +02004024
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004025 if (s->req->prod->conn->addr.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02004026 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004027 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004028 != s->fe->except_to.s_addr) &&
4029 (!s->be->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004030 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004031 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004032 int len;
4033 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004034 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02004035
4036 /* Note: we rely on the backend to get the header name to be used for
4037 * x-original-to, because the header is really meant for the backends.
4038 * However, if the backend did not specify any option, we have to rely
4039 * on the frontend's header name.
4040 */
4041 if (s->be->orgto_hdr_len) {
4042 len = s->be->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004043 memcpy(trash.str, s->be->orgto_hdr_name, len);
Maik Broemme2850cb42009-04-17 18:53:21 +02004044 } else {
4045 len = s->fe->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004046 memcpy(trash.str, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004047 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004048 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Maik Broemme2850cb42009-04-17 18:53:21 +02004049
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004050 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02004051 goto return_bad_req;
4052 }
4053 }
4054 }
4055
Willy Tarreau50fc7772012-11-11 22:19:57 +01004056 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set.
4057 * If an "Upgrade" token is found, the header is left untouched in order not to have
4058 * to deal with some servers bugs : some of them fail an Upgrade if anything but
4059 * "Upgrade" is present in the Connection header.
4060 */
4061 if (!(txn->flags & TX_HDR_CONN_UPG) &&
4062 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
4063 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004064 unsigned int want_flags = 0;
4065
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004066 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02004067 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
4068 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) &&
4069 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004070 want_flags |= TX_CON_CLO_SET;
4071 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02004072 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
4073 !((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) ||
4074 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004075 want_flags |= TX_CON_KAL_SET;
4076 }
4077
4078 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004079 http_change_connection_header(txn, msg, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01004080 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004081
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004082
Willy Tarreau522d6c02009-12-06 18:49:18 +01004083 /* If we have no server assigned yet and we're balancing on url_param
4084 * with a POST request, we may be interested in checking the body for
4085 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01004086 */
4087 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
4088 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01004089 s->be->url_param_post_limit != 0 &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004090 (msg->flags & (HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK))) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004091 channel_dont_connect(req);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004092 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01004093 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004094
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004095 if (msg->flags & HTTP_MSGF_XFER_LEN) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004096 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau5e205522011-12-17 16:34:27 +01004097#ifdef TCP_QUICKACK
4098 /* We expect some data from the client. Unless we know for sure
4099 * we already have a full request, we have to re-enable quick-ack
4100 * in case we previously disabled it, otherwise we might cause
4101 * the client to delay further data.
4102 */
4103 if ((s->listener->options & LI_O_NOQUICKACK) &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004104 ((msg->flags & HTTP_MSGF_TE_CHNK) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004105 (msg->body_len > req->buf->i - txn->req.eoh - 2)))
Willy Tarreau7f7ad912012-11-11 19:27:15 +01004106 setsockopt(s->si[0].conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01004107#endif
4108 }
Willy Tarreau03945942009-12-22 16:50:27 +01004109
Willy Tarreau59234e92008-11-30 23:51:27 +01004110 /*************************************************************
4111 * OK, that's finished for the headers. We have done what we *
4112 * could. Let's switch to the DATA state. *
4113 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01004114 req->analyse_exp = TICK_ETERNITY;
4115 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004116
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004117 /* if the server closes the connection, we want to immediately react
4118 * and close the socket to save packets and syscalls.
4119 */
Willy Tarreau40f151a2012-12-20 12:10:09 +01004120 if (!(req->analysers & AN_REQ_HTTP_XFER_BODY))
4121 req->cons->flags |= SI_FL_NOHALF;
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004122
Willy Tarreau59234e92008-11-30 23:51:27 +01004123 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01004124 /* OK let's go on with the BODY now */
4125 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01004126
Willy Tarreau59234e92008-11-30 23:51:27 +01004127 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02004128 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01004129 /* we detected a parsing error. We want to archive this request
4130 * in the dedicated proxy area for later troubleshooting.
4131 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004132 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01004133 }
Willy Tarreau4076a152009-04-02 15:18:36 +02004134
Willy Tarreau59234e92008-11-30 23:51:27 +01004135 txn->req.msg_state = HTTP_MSG_ERROR;
4136 txn->status = 400;
4137 req->analysers = 0;
Willy Tarreau783f2582012-09-04 12:19:04 +02004138 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004139
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004140 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004141 if (s->listener->counters)
4142 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004143
Willy Tarreau59234e92008-11-30 23:51:27 +01004144 if (!(s->flags & SN_ERR_MASK))
4145 s->flags |= SN_ERR_PRXCOND;
4146 if (!(s->flags & SN_FINST_MASK))
4147 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02004148 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004149}
Willy Tarreauadfb8562008-08-11 15:24:42 +02004150
Willy Tarreau60b85b02008-11-30 23:28:40 +01004151/* This function is an analyser which processes the HTTP tarpit. It always
4152 * returns zero, at the beginning because it prevents any other processing
4153 * from occurring, and at the end because it terminates the request.
4154 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004155int http_process_tarpit(struct session *s, struct channel *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01004156{
4157 struct http_txn *txn = &s->txn;
4158
4159 /* This connection is being tarpitted. The CLIENT side has
4160 * already set the connect expiration date to the right
4161 * timeout. We just have to check that the client is still
4162 * there and that the timeout has not expired.
4163 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004164 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004165 if ((req->flags & (CF_SHUTR|CF_READ_ERROR)) == 0 &&
Willy Tarreau60b85b02008-11-30 23:28:40 +01004166 !tick_is_expired(req->analyse_exp, now_ms))
4167 return 0;
4168
4169 /* We will set the queue timer to the time spent, just for
4170 * logging purposes. We fake a 500 server error, so that the
4171 * attacker will not suspect his connection has been tarpitted.
4172 * It will not cause trouble to the logs because we can exclude
4173 * the tarpitted connections by filtering on the 'PT' status flags.
4174 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01004175 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
4176
4177 txn->status = 500;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004178 if (!(req->flags & CF_READ_ERROR))
Willy Tarreau783f2582012-09-04 12:19:04 +02004179 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau60b85b02008-11-30 23:28:40 +01004180
4181 req->analysers = 0;
4182 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004183
Willy Tarreau60b85b02008-11-30 23:28:40 +01004184 if (!(s->flags & SN_ERR_MASK))
4185 s->flags |= SN_ERR_PRXCOND;
4186 if (!(s->flags & SN_FINST_MASK))
4187 s->flags |= SN_FINST_T;
4188 return 0;
4189}
4190
Willy Tarreaud34af782008-11-30 23:36:37 +01004191/* This function is an analyser which processes the HTTP request body. It looks
4192 * for parameters to be used for the load balancing algorithm (url_param). It
4193 * must only be called after the standard HTTP request processing has occurred,
4194 * because it expects the request to be parsed. It returns zero if it needs to
4195 * read more data, or 1 once it has completed its analysis.
4196 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004197int http_process_request_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01004198{
Willy Tarreau522d6c02009-12-06 18:49:18 +01004199 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01004200 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01004201 long long limit = s->be->url_param_post_limit;
Willy Tarreaud34af782008-11-30 23:36:37 +01004202
4203 /* We have to parse the HTTP request body to find any required data.
4204 * "balance url_param check_post" should have been the only way to get
4205 * into this. We were brought here after HTTP header analysis, so all
4206 * related structures are ready.
4207 */
4208
Willy Tarreau522d6c02009-12-06 18:49:18 +01004209 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4210 goto missing_data;
4211
4212 if (msg->msg_state < HTTP_MSG_100_SENT) {
4213 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
4214 * send an HTTP/1.1 100 Continue intermediate response.
4215 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004216 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004217 struct hdr_ctx ctx;
4218 ctx.idx = 0;
4219 /* Expect is allowed in 1.1, look for it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004220 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01004221 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004222 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004223 }
4224 }
4225 msg->msg_state = HTTP_MSG_100_SENT;
4226 }
4227
4228 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004229 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02004230 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02004231 * is still null. We must save the body in msg->next because it
4232 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004233 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004234 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004235
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004236 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau522d6c02009-12-06 18:49:18 +01004237 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4238 else
4239 msg->msg_state = HTTP_MSG_DATA;
4240 }
4241
4242 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004243 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004244 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004245 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01004246 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004247 int ret = http_parse_chunk_size(msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01004248
Willy Tarreau115acb92009-12-26 13:56:06 +01004249 if (!ret)
4250 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004251 else if (ret < 0) {
4252 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004253 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004254 }
Willy Tarreaud34af782008-11-30 23:36:37 +01004255 }
4256
Willy Tarreaud98cf932009-12-27 22:54:55 +01004257 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004258 * We have the first data byte is in msg->sov. We're waiting for at
4259 * least <url_param_post_limit> bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01004260 */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004261
Willy Tarreau124d9912011-03-01 20:30:48 +01004262 if (msg->body_len < limit)
4263 limit = msg->body_len;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004264
Willy Tarreau9b28e032012-10-12 23:49:43 +02004265 if (req->buf->i - msg->sov >= limit) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004266 goto http_end;
4267
4268 missing_data:
4269 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004270 if (buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02004271 session_inc_http_err_ctr(s);
Willy Tarreau115acb92009-12-26 13:56:06 +01004272 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004273 }
Willy Tarreau115acb92009-12-26 13:56:06 +01004274
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004275 if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004276 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02004277 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02004278
4279 if (!(s->flags & SN_ERR_MASK))
4280 s->flags |= SN_ERR_CLITO;
4281 if (!(s->flags & SN_FINST_MASK))
4282 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004283 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01004284 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004285
4286 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004287 if (!(req->flags & (CF_SHUTR | CF_READ_ERROR)) && !buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreaud34af782008-11-30 23:36:37 +01004288 /* Not enough data. We'll re-use the http-request
4289 * timeout here. Ideally, we should set the timeout
4290 * relative to the accept() date. We just set the
4291 * request timeout once at the beginning of the
4292 * request.
4293 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004294 channel_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01004295 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02004296 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01004297 return 0;
4298 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004299
4300 http_end:
4301 /* The situation will not evolve, so let's give up on the analysis. */
4302 s->logs.tv_request = now; /* update the request timer to reflect full request */
4303 req->analysers &= ~an_bit;
4304 req->analyse_exp = TICK_ETERNITY;
4305 return 1;
4306
4307 return_bad_req: /* let's centralize all bad requests */
4308 txn->req.msg_state = HTTP_MSG_ERROR;
4309 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004310 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau522d6c02009-12-06 18:49:18 +01004311
Willy Tarreau79ebac62010-06-07 13:47:49 +02004312 if (!(s->flags & SN_ERR_MASK))
4313 s->flags |= SN_ERR_PRXCOND;
4314 if (!(s->flags & SN_FINST_MASK))
4315 s->flags |= SN_FINST_R;
4316
Willy Tarreau522d6c02009-12-06 18:49:18 +01004317 return_err_msg:
4318 req->analysers = 0;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004319 s->fe->fe_counters.failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004320 if (s->listener->counters)
4321 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004322 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01004323}
4324
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004325/* send a server's name with an outgoing request over an established connection.
4326 * Note: this function is designed to be called once the request has been scheduled
4327 * for being forwarded. This is the reason why it rewinds the buffer before
4328 * proceeding.
4329 */
Willy Tarreau45c0d982012-03-09 12:11:57 +01004330int http_send_name_header(struct http_txn *txn, struct proxy* be, const char* srv_name) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004331
4332 struct hdr_ctx ctx;
4333
Mark Lamourinec2247f02012-01-04 13:02:01 -05004334 char *hdr_name = be->server_id_hdr_name;
4335 int hdr_name_len = be->server_id_hdr_len;
Willy Tarreau394db372012-10-12 22:40:39 +02004336 struct channel *chn = txn->req.chn;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004337 char *hdr_val;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004338 unsigned int old_o, old_i;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004339
William Lallemandd9e90662012-01-30 17:27:17 +01004340 ctx.idx = 0;
4341
Willy Tarreau9b28e032012-10-12 23:49:43 +02004342 old_o = chn->buf->o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004343 if (old_o) {
4344 /* The request was already skipped, let's restore it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004345 b_rew(chn->buf, old_o);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004346 }
4347
Willy Tarreau9b28e032012-10-12 23:49:43 +02004348 old_i = chn->buf->i;
4349 while (http_find_header2(hdr_name, hdr_name_len, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004350 /* remove any existing values from the header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004351 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004352 }
4353
4354 /* Add the new header requested with the server value */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004355 hdr_val = trash.str;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004356 memcpy(hdr_val, hdr_name, hdr_name_len);
4357 hdr_val += hdr_name_len;
4358 *hdr_val++ = ':';
4359 *hdr_val++ = ' ';
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004360 hdr_val += strlcpy2(hdr_val, srv_name, trash.str + trash.size - hdr_val);
4361 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, hdr_val - trash.str);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004362
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004363 if (old_o) {
4364 /* If this was a forwarded request, we must readjust the amount of
4365 * data to be forwarded in order to take into account the size
Willy Tarreau2fef9b12013-03-26 01:08:21 +01004366 * variations. Note that if the request was already scheduled for
4367 * forwarding, it had its req->sol pointing to the body, which
4368 * must then be updated too.
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004369 */
Willy Tarreau2fef9b12013-03-26 01:08:21 +01004370 txn->req.sol += chn->buf->i - old_i;
Willy Tarreau9b28e032012-10-12 23:49:43 +02004371 b_adv(chn->buf, old_o + chn->buf->i - old_i);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004372 }
4373
Mark Lamourinec2247f02012-01-04 13:02:01 -05004374 return 0;
4375}
4376
Willy Tarreau610ecce2010-01-04 21:15:02 +01004377/* Terminate current transaction and prepare a new one. This is very tricky
4378 * right now but it works.
4379 */
4380void http_end_txn_clean_session(struct session *s)
4381{
4382 /* FIXME: We need a more portable way of releasing a backend's and a
4383 * server's connections. We need a safer way to reinitialize buffer
4384 * flags. We also need a more accurate method for computing per-request
4385 * data.
4386 */
4387 http_silent_debug(__LINE__, s);
4388
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004389 s->req->cons->flags |= SI_FL_NOLINGER | SI_FL_NOHALF;
Willy Tarreau73b013b2012-05-21 16:31:45 +02004390 si_shutr(s->req->cons);
4391 si_shutw(s->req->cons);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004392
4393 http_silent_debug(__LINE__, s);
4394
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004395 if (s->flags & SN_BE_ASSIGNED) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004396 s->be->beconn--;
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004397 if (unlikely(s->srv_conn))
4398 sess_change_server(s, NULL);
4399 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004400
4401 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
4402 session_process_counters(s);
Willy Tarreauf059a0f2010-08-03 16:29:52 +02004403 session_stop_backend_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004404
4405 if (s->txn.status) {
4406 int n;
4407
4408 n = s->txn.status / 100;
4409 if (n < 1 || n > 5)
4410 n = 0;
4411
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004412 if (s->fe->mode == PR_MODE_HTTP) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004413 s->fe->fe_counters.p.http.rsp[n]++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004414 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004415 s->fe->fe_counters.p.http.comp_rsp++;
4416 }
Willy Tarreau24657792010-02-26 10:30:28 +01004417 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004418 (s->be->mode == PR_MODE_HTTP)) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004419 s->be->be_counters.p.http.rsp[n]++;
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004420 s->be->be_counters.p.http.cum_req++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004421 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004422 s->be->be_counters.p.http.comp_rsp++;
4423 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004424 }
4425
4426 /* don't count other requests' data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004427 s->logs.bytes_in -= s->req->buf->i;
4428 s->logs.bytes_out -= s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004429
4430 /* let's do a final log if we need it */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01004431 if (!LIST_ISEMPTY(&s->fe->logformat) && s->logs.logwait &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004432 !(s->flags & SN_MONITOR) &&
4433 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
4434 s->do_log(s);
4435 }
4436
4437 s->logs.accept_date = date; /* user-visible date for logging */
4438 s->logs.tv_accept = now; /* corrected date for internal use */
4439 tv_zero(&s->logs.tv_request);
4440 s->logs.t_queue = -1;
4441 s->logs.t_connect = -1;
4442 s->logs.t_data = -1;
4443 s->logs.t_close = 0;
4444 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
4445 s->logs.srv_queue_size = 0; /* we will get this number soon */
4446
Willy Tarreau9b28e032012-10-12 23:49:43 +02004447 s->logs.bytes_in = s->req->total = s->req->buf->i;
4448 s->logs.bytes_out = s->rep->total = s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004449
4450 if (s->pend_pos)
4451 pendconn_free(s->pend_pos);
4452
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004453 if (objt_server(s->target)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004454 if (s->flags & SN_CURR_SESS) {
4455 s->flags &= ~SN_CURR_SESS;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004456 objt_server(s->target)->cur_sess--;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004457 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004458 if (may_dequeue_tasks(objt_server(s->target), s->be))
4459 process_srv_queue(objt_server(s->target));
Willy Tarreau610ecce2010-01-04 21:15:02 +01004460 }
4461
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004462 s->target = NULL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004463
4464 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004465 s->req->cons->conn->t.sock.fd = -1; /* just to help with debugging */
4466 s->req->cons->conn->flags = CO_FL_NONE;
Willy Tarreau14cba4b2012-11-30 17:33:05 +01004467 s->req->cons->conn->err_code = CO_ER_NONE;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004468 s->req->cons->err_type = SI_ET_NONE;
Willy Tarreau0b3a4112011-03-27 19:16:56 +02004469 s->req->cons->conn_retries = 0; /* used for logging too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004470 s->req->cons->err_loc = NULL;
4471 s->req->cons->exp = TICK_ETERNITY;
4472 s->req->cons->flags = SI_FL_NONE;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004473 s->req->flags &= ~(CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CONNECT|CF_WRITE_ERROR|CF_STREAMER|CF_STREAMER_FAST|CF_NEVER_WAIT);
4474 s->rep->flags &= ~(CF_SHUTR|CF_SHUTR_NOW|CF_READ_ATTACHED|CF_READ_ERROR|CF_READ_NOEXP|CF_STREAMER|CF_STREAMER_FAST|CF_WRITE_PARTIAL|CF_NEVER_WAIT);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004475 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004476 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE);
Willy Tarreau543db622012-11-15 16:41:22 +01004477
4478 if (s->flags & SN_COMP_READY)
4479 s->comp_algo->end(&s->comp_ctx);
4480 s->comp_algo = NULL;
4481 s->flags &= ~SN_COMP_READY;
4482
Willy Tarreau610ecce2010-01-04 21:15:02 +01004483 s->txn.meth = 0;
4484 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01004485 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreauee55dc02010-06-01 10:56:34 +02004486 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01004487 s->req->cons->flags |= SI_FL_INDEP_STR;
4488
Willy Tarreau96e31212011-05-30 18:10:30 +02004489 if (s->fe->options2 & PR_O2_NODELAY) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004490 s->req->flags |= CF_NEVER_WAIT;
4491 s->rep->flags |= CF_NEVER_WAIT;
Willy Tarreau96e31212011-05-30 18:10:30 +02004492 }
4493
Willy Tarreau610ecce2010-01-04 21:15:02 +01004494 /* if the request buffer is not empty, it means we're
4495 * about to process another request, so send pending
4496 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01004497 * Just don't do this if the buffer is close to be full,
4498 * because the request will wait for it to flush a little
4499 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004500 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004501 if (s->req->buf->i) {
4502 if (s->rep->buf->o &&
4503 !buffer_full(s->rep->buf, global.tune.maxrewrite) &&
4504 bi_end(s->rep->buf) <= s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004505 s->rep->flags |= CF_EXPECT_MORE;
Willy Tarreau065e8332010-01-08 00:30:20 +01004506 }
Willy Tarreau90deb182010-01-07 00:20:41 +01004507
4508 /* we're removing the analysers, we MUST re-enable events detection */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004509 channel_auto_read(s->req);
4510 channel_auto_close(s->req);
4511 channel_auto_read(s->rep);
4512 channel_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004513
Willy Tarreau342b11c2010-11-24 16:22:09 +01004514 s->req->analysers = s->listener->analysers;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004515 s->rep->analysers = 0;
4516
4517 http_silent_debug(__LINE__, s);
4518}
4519
4520
4521/* This function updates the request state machine according to the response
4522 * state machine and buffer flags. It returns 1 if it changes anything (flag
4523 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4524 * it is only used to find when a request/response couple is complete. Both
4525 * this function and its equivalent should loop until both return zero. It
4526 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4527 */
4528int http_sync_req_state(struct session *s)
4529{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004530 struct channel *chn = s->req;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004531 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004532 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004533 unsigned int old_state = txn->req.msg_state;
4534
4535 http_silent_debug(__LINE__, s);
4536 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4537 return 0;
4538
4539 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004540 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004541 * We can shut the read side unless we want to abort_on_close,
4542 * or we have a POST request. The issue with POST requests is
4543 * that some browsers still send a CRLF after the request, and
4544 * this CRLF must be read so that it does not remain in the kernel
4545 * buffers, otherwise a close could cause an RST on some systems
4546 * (eg: Linux).
Willy Tarreau90deb182010-01-07 00:20:41 +01004547 */
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004548 if (!(s->be->options & PR_O_ABRT_CLOSE) && txn->meth != HTTP_METH_POST)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004549 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004550
Willy Tarreau40f151a2012-12-20 12:10:09 +01004551 /* if the server closes the connection, we want to immediately react
4552 * and close the socket to save packets and syscalls.
4553 */
4554 chn->cons->flags |= SI_FL_NOHALF;
4555
Willy Tarreau610ecce2010-01-04 21:15:02 +01004556 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4557 goto wait_other_side;
4558
4559 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4560 /* The server has not finished to respond, so we
4561 * don't want to move in order not to upset it.
4562 */
4563 goto wait_other_side;
4564 }
4565
4566 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4567 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004568 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004569 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004570 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004571 goto wait_other_side;
4572 }
4573
4574 /* When we get here, it means that both the request and the
4575 * response have finished receiving. Depending on the connection
4576 * mode, we'll have to wait for the last bytes to leave in either
4577 * direction, and sometimes for a close to be effective.
4578 */
4579
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004580 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4581 /* Server-close mode : queue a connection close to the server */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004582 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW)))
4583 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004584 }
4585 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4586 /* Option forceclose is set, or either side wants to close,
4587 * let's enforce it now that we're not expecting any new
4588 * data to come. The caller knows the session is complete
4589 * once both states are CLOSED.
4590 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004591 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4592 channel_shutr_now(chn);
4593 channel_shutw_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004594 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004595 }
4596 else {
4597 /* The last possible modes are keep-alive and tunnel. Since tunnel
4598 * mode does not set the body analyser, we can't reach this place
4599 * in tunnel mode, so we're left with keep-alive only.
4600 * This mode is currently not implemented, we switch to tunnel mode.
4601 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004602 channel_auto_read(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004603 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004604 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004605 }
4606
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004607 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004608 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004609 chn->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004610
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004611 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004612 txn->req.msg_state = HTTP_MSG_CLOSING;
4613 goto http_msg_closing;
4614 }
4615 else {
4616 txn->req.msg_state = HTTP_MSG_CLOSED;
4617 goto http_msg_closed;
4618 }
4619 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004620 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004621 }
4622
4623 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4624 http_msg_closing:
4625 /* nothing else to forward, just waiting for the output buffer
4626 * to be empty and for the shutw_now to take effect.
4627 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004628 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004629 txn->req.msg_state = HTTP_MSG_CLOSED;
4630 goto http_msg_closed;
4631 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004632 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004633 txn->req.msg_state = HTTP_MSG_ERROR;
4634 goto wait_other_side;
4635 }
4636 }
4637
4638 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4639 http_msg_closed:
4640 goto wait_other_side;
4641 }
4642
4643 wait_other_side:
4644 http_silent_debug(__LINE__, s);
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004645 return txn->req.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004646}
4647
4648
4649/* This function updates the response state machine according to the request
4650 * state machine and buffer flags. It returns 1 if it changes anything (flag
4651 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4652 * it is only used to find when a request/response couple is complete. Both
4653 * this function and its equivalent should loop until both return zero. It
4654 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4655 */
4656int http_sync_res_state(struct session *s)
4657{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004658 struct channel *chn = s->rep;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004659 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004660 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004661 unsigned int old_state = txn->rsp.msg_state;
4662
4663 http_silent_debug(__LINE__, s);
4664 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4665 return 0;
4666
4667 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4668 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004669 * still monitor the server connection for a possible close
4670 * while the request is being uploaded, so we don't disable
4671 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004672 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004673 /* channel_dont_read(chn); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004674
4675 if (txn->req.msg_state == HTTP_MSG_ERROR)
4676 goto wait_other_side;
4677
4678 if (txn->req.msg_state < HTTP_MSG_DONE) {
4679 /* The client seems to still be sending data, probably
4680 * because we got an error response during an upload.
4681 * We have the choice of either breaking the connection
4682 * or letting it pass through. Let's do the later.
4683 */
4684 goto wait_other_side;
4685 }
4686
4687 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
4688 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004689 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004690 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004691 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004692 goto wait_other_side;
4693 }
4694
4695 /* When we get here, it means that both the request and the
4696 * response have finished receiving. Depending on the connection
4697 * mode, we'll have to wait for the last bytes to leave in either
4698 * direction, and sometimes for a close to be effective.
4699 */
4700
4701 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4702 /* Server-close mode : shut read and wait for the request
4703 * side to close its output buffer. The caller will detect
4704 * when we're in DONE and the other is in CLOSED and will
4705 * catch that for the final cleanup.
4706 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004707 if (!(chn->flags & (CF_SHUTR|CF_SHUTR_NOW)))
4708 channel_shutr_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004709 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004710 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4711 /* Option forceclose is set, or either side wants to close,
4712 * let's enforce it now that we're not expecting any new
4713 * data to come. The caller knows the session is complete
4714 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004715 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004716 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4717 channel_shutr_now(chn);
4718 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004719 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004720 }
4721 else {
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004722 /* The last possible modes are keep-alive and tunnel. Since tunnel
4723 * mode does not set the body analyser, we can't reach this place
4724 * in tunnel mode, so we're left with keep-alive only.
4725 * This mode is currently not implemented, we switch to tunnel mode.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004726 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004727 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004728 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004729 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004730 }
4731
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004732 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004733 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004734 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004735 txn->rsp.msg_state = HTTP_MSG_CLOSING;
4736 goto http_msg_closing;
4737 }
4738 else {
4739 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4740 goto http_msg_closed;
4741 }
4742 }
4743 goto wait_other_side;
4744 }
4745
4746 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
4747 http_msg_closing:
4748 /* nothing else to forward, just waiting for the output buffer
4749 * to be empty and for the shutw_now to take effect.
4750 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004751 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004752 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4753 goto http_msg_closed;
4754 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004755 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004756 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004757 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004758 if (objt_server(s->target))
4759 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004760 goto wait_other_side;
4761 }
4762 }
4763
4764 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
4765 http_msg_closed:
4766 /* drop any pending data */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004767 bi_erase(chn);
4768 channel_auto_close(chn);
4769 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004770 goto wait_other_side;
4771 }
4772
4773 wait_other_side:
4774 http_silent_debug(__LINE__, s);
Willy Tarreaufc47f912012-10-20 10:38:09 +02004775 /* We force the response to leave immediately if we're waiting for the
4776 * other side, since there is no pending shutdown to push it out.
4777 */
4778 if (!channel_is_empty(chn))
4779 chn->flags |= CF_SEND_DONTWAIT;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004780 return txn->rsp.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004781}
4782
4783
4784/* Resync the request and response state machines. Return 1 if either state
4785 * changes.
4786 */
4787int http_resync_states(struct session *s)
4788{
4789 struct http_txn *txn = &s->txn;
4790 int old_req_state = txn->req.msg_state;
4791 int old_res_state = txn->rsp.msg_state;
4792
4793 http_silent_debug(__LINE__, s);
4794 http_sync_req_state(s);
4795 while (1) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004796 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004797 if (!http_sync_res_state(s))
4798 break;
Willy Tarreau90deb182010-01-07 00:20:41 +01004799 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004800 if (!http_sync_req_state(s))
4801 break;
4802 }
4803 http_silent_debug(__LINE__, s);
4804 /* OK, both state machines agree on a compatible state.
4805 * There are a few cases we're interested in :
4806 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
4807 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
4808 * directions, so let's simply disable both analysers.
4809 * - HTTP_MSG_CLOSED on the response only means we must abort the
4810 * request.
4811 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
4812 * with server-close mode means we've completed one request and we
4813 * must re-initialize the server connection.
4814 */
4815
4816 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
4817 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
4818 (txn->req.msg_state == HTTP_MSG_CLOSED &&
4819 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
4820 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004821 channel_auto_close(s->req);
4822 channel_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004823 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004824 channel_auto_close(s->rep);
4825 channel_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004826 }
Willy Tarreau40f151a2012-12-20 12:10:09 +01004827 else if ((txn->req.msg_state >= HTTP_MSG_DONE &&
4828 (txn->rsp.msg_state == HTTP_MSG_CLOSED || (s->rep->flags & CF_SHUTW))) ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004829 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau40f151a2012-12-20 12:10:09 +01004830 txn->req.msg_state == HTTP_MSG_ERROR) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004831 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004832 channel_auto_close(s->rep);
4833 channel_auto_read(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01004834 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004835 channel_abort(s->req);
4836 channel_auto_close(s->req);
4837 channel_auto_read(s->req);
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004838 bi_erase(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004839 }
4840 else if (txn->req.msg_state == HTTP_MSG_CLOSED &&
4841 txn->rsp.msg_state == HTTP_MSG_DONE &&
4842 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)) {
4843 /* server-close: terminate this server connection and
4844 * reinitialize a fresh-new transaction.
4845 */
4846 http_end_txn_clean_session(s);
4847 }
4848
4849 http_silent_debug(__LINE__, s);
4850 return txn->req.msg_state != old_req_state ||
4851 txn->rsp.msg_state != old_res_state;
4852}
4853
Willy Tarreaud98cf932009-12-27 22:54:55 +01004854/* This function is an analyser which forwards request body (including chunk
4855 * sizes if any). It is called as soon as we must forward, even if we forward
4856 * zero byte. The only situation where it must not be called is when we're in
4857 * tunnel mode and we want to forward till the close. It's used both to forward
4858 * remaining data and to resync after end of body. It expects the msg_state to
4859 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4860 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01004861 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02004862 * bytes of pending data + the headers if not already done (between sol and sov).
4863 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004864 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004865int http_request_forward_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004866{
4867 struct http_txn *txn = &s->txn;
4868 struct http_msg *msg = &s->txn.req;
4869
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004870 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4871 return 0;
4872
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004873 if ((req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004874 ((req->flags & CF_SHUTW) && (req->to_forward || req->buf->o))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02004875 /* Output closed while we were sending data. We must abort and
4876 * wake the other side up.
4877 */
4878 msg->msg_state = HTTP_MSG_ERROR;
4879 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004880 return 1;
4881 }
4882
Willy Tarreau4fe41902010-06-07 22:27:41 +02004883 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004884 channel_auto_close(req);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004885
4886 /* Note that we don't have to send 100-continue back because we don't
4887 * need the data to complete our job, and it's up to the server to
4888 * decide whether to return 100, 417 or anything else in return of
4889 * an "Expect: 100-continue" header.
4890 */
4891
4892 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004893 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02004894 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02004895 * is still null. We must save the body in msg->next because it
4896 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004897 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004898 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004899
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004900 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004901 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02004902 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01004903 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004904 }
4905
Willy Tarreaud98cf932009-12-27 22:54:55 +01004906 while (1) {
Willy Tarreauea953162012-05-18 23:41:28 +02004907 unsigned int bytes;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004908
Willy Tarreau610ecce2010-01-04 21:15:02 +01004909 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02004910 /* we may have some data pending between sol and sov */
Willy Tarreau26927362012-05-18 23:22:52 +02004911 bytes = msg->sov - msg->sol;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004912 if (msg->chunk_len || bytes) {
Willy Tarreau26927362012-05-18 23:22:52 +02004913 msg->sol = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004914 msg->next -= bytes; /* will be forwarded */
Willy Tarreauea953162012-05-18 23:41:28 +02004915 msg->chunk_len += bytes;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004916 msg->chunk_len -= channel_forward(req, msg->chunk_len);
Willy Tarreau638cd022010-01-03 07:42:04 +01004917 }
Willy Tarreau5523b322009-12-29 12:05:52 +01004918
Willy Tarreaucaabe412010-01-03 23:08:28 +01004919 if (msg->msg_state == HTTP_MSG_DATA) {
4920 /* must still forward */
4921 if (req->to_forward)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004922 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004923
4924 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004925 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004926 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004927 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01004928 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004929 }
4930 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004931 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004932 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004933 * TRAILERS state.
4934 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004935 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004936
Willy Tarreau54d23df2012-10-25 19:04:45 +02004937 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004938 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004939 else if (ret < 0) {
4940 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004941 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004942 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004943 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004944 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004945 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004946 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02004947 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004948 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02004949 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004950
4951 if (ret == 0)
4952 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004953 else if (ret < 0) {
4954 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004955 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004956 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004957 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004958 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004959 /* we're in MSG_CHUNK_SIZE now */
4960 }
4961 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004962 int ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004963
4964 if (ret == 0)
4965 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004966 else if (ret < 0) {
4967 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004968 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004969 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004970 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004971 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004972 /* we're in HTTP_MSG_DONE now */
4973 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004974 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004975 int old_state = msg->msg_state;
4976
Willy Tarreau610ecce2010-01-04 21:15:02 +01004977 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02004978 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004979 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
4980 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004981 channel_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004982 if (http_resync_states(s)) {
4983 /* some state changes occurred, maybe the analyser
4984 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01004985 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004986 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004987 if (req->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004988 /* request errors are most likely due to
4989 * the server aborting the transfer.
4990 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004991 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004992 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004993 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004994 http_capture_bad_message(&s->fe->invalid_req, s, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004995 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004996 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004997 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004998 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02004999
5000 /* If "option abortonclose" is set on the backend, we
5001 * want to monitor the client's connection and forward
5002 * any shutdown notification to the server, which will
5003 * decide whether to close or to go on processing the
5004 * request.
5005 */
5006 if (s->be->options & PR_O_ABRT_CLOSE) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005007 channel_auto_read(req);
5008 channel_auto_close(req);
Willy Tarreau5c54c712010-07-17 08:02:58 +02005009 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005010 else if (s->txn.meth == HTTP_METH_POST) {
5011 /* POST requests may require to read extra CRLF
5012 * sent by broken browsers and which could cause
5013 * an RST to be sent upon close on some systems
5014 * (eg: Linux).
5015 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005016 channel_auto_read(req);
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005017 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005018
Willy Tarreau610ecce2010-01-04 21:15:02 +01005019 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005020 }
5021 }
5022
Willy Tarreaud98cf932009-12-27 22:54:55 +01005023 missing_data:
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005024 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005025 if (req->flags & CF_SHUTR) {
Willy Tarreau79ebac62010-06-07 13:47:49 +02005026 if (!(s->flags & SN_ERR_MASK))
5027 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005028 if (!(s->flags & SN_FINST_MASK)) {
5029 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5030 s->flags |= SN_FINST_H;
5031 else
5032 s->flags |= SN_FINST_D;
5033 }
5034
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005035 s->fe->fe_counters.cli_aborts++;
5036 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005037 if (objt_server(s->target))
5038 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005039
5040 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02005041 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005042
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005043 /* waiting for the last bits to leave the buffer */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005044 if (req->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005045 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005046
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005047 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005048 * chunks even if the client has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005049 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005050 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005051 channel_dont_close(req);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005052
Willy Tarreau5c620922011-05-11 19:56:11 +02005053 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005054 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02005055 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01005056 * modes are already handled by the stream sock layer. We must not do
5057 * this in content-length mode because it could present the MSG_MORE
5058 * flag with the last block of forwarded data, which would cause an
5059 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02005060 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005061 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005062 req->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02005063
Willy Tarreau610ecce2010-01-04 21:15:02 +01005064 http_silent_debug(__LINE__, s);
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005065 return 0;
5066
Willy Tarreaud98cf932009-12-27 22:54:55 +01005067 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005068 s->fe->fe_counters.failed_req++;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005069 if (s->listener->counters)
5070 s->listener->counters->failed_req++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005071 return_bad_req_stats_ok:
5072 txn->req.msg_state = HTTP_MSG_ERROR;
5073 if (txn->status) {
5074 /* Note: we don't send any error if some data were already sent */
5075 stream_int_retnclose(req->prod, NULL);
5076 } else {
5077 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02005078 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005079 }
5080 req->analysers = 0;
5081 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005082
5083 if (!(s->flags & SN_ERR_MASK))
5084 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005085 if (!(s->flags & SN_FINST_MASK)) {
5086 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5087 s->flags |= SN_FINST_H;
5088 else
5089 s->flags |= SN_FINST_D;
5090 }
5091 return 0;
5092
5093 aborted_xfer:
5094 txn->req.msg_state = HTTP_MSG_ERROR;
5095 if (txn->status) {
5096 /* Note: we don't send any error if some data were already sent */
5097 stream_int_retnclose(req->prod, NULL);
5098 } else {
5099 txn->status = 502;
Willy Tarreau783f2582012-09-04 12:19:04 +02005100 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_502));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005101 }
5102 req->analysers = 0;
5103 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
5104
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005105 s->fe->fe_counters.srv_aborts++;
5106 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005107 if (objt_server(s->target))
5108 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005109
5110 if (!(s->flags & SN_ERR_MASK))
5111 s->flags |= SN_ERR_SRVCL;
5112 if (!(s->flags & SN_FINST_MASK)) {
5113 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5114 s->flags |= SN_FINST_H;
5115 else
5116 s->flags |= SN_FINST_D;
5117 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005118 return 0;
5119}
5120
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005121/* This stream analyser waits for a complete HTTP response. It returns 1 if the
5122 * processing can continue on next analysers, or zero if it either needs more
5123 * data or wants to immediately abort the response (eg: timeout, error, ...). It
5124 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
5125 * when it has nothing left to do, and may remove any analyser when it wants to
5126 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005127 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005128int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005129{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005130 struct http_txn *txn = &s->txn;
5131 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005132 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005133 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005134 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005135 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02005136
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005137 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02005138 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005139 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005140 rep,
5141 rep->rex, rep->wex,
5142 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005143 rep->buf->i,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005144 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005145
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005146 /*
5147 * Now parse the partial (or complete) lines.
5148 * We will check the response syntax, and also join multi-line
5149 * headers. An index of all the lines will be elaborated while
5150 * parsing.
5151 *
5152 * For the parsing, we use a 28 states FSM.
5153 *
5154 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02005155 * rep->buf->p = beginning of response
5156 * rep->buf->p + msg->eoh = end of processed headers / start of current one
5157 * rep->buf->p + rep->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02005158 * msg->eol = end of current header or line (LF or CRLF)
5159 * msg->next = first non-visited byte
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005160 */
5161
Willy Tarreau83e3af02009-12-28 17:39:57 +01005162 /* There's a protected area at the end of the buffer for rewriting
5163 * purposes. We don't want to start to parse the request if the
5164 * protected area is affected, because we may have to move processed
5165 * data later, which is much more complicated.
5166 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005167 if (buffer_not_empty(rep->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02005168 if (unlikely(!channel_reserved(rep))) {
5169 /* some data has still not left the buffer, wake us once that's done */
5170 if (rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
5171 goto abort_response;
5172 channel_dont_close(rep);
5173 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
5174 return 0;
Willy Tarreau83e3af02009-12-28 17:39:57 +01005175 }
5176
Willy Tarreau379357a2013-06-08 12:55:46 +02005177 if (unlikely(bi_end(rep->buf) < b_ptr(rep->buf, msg->next) ||
5178 bi_end(rep->buf) > rep->buf->data + rep->buf->size - global.tune.maxrewrite))
5179 buffer_slow_realign(rep->buf);
5180
Willy Tarreau9b28e032012-10-12 23:49:43 +02005181 if (likely(msg->next < rep->buf->i))
Willy Tarreaua560c212012-03-09 13:50:57 +01005182 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01005183 }
5184
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005185 /* 1: we might have to print this header in debug mode */
5186 if (unlikely((global.mode & MODE_DEBUG) &&
5187 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01005188 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005189 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005190
Willy Tarreau9b28e032012-10-12 23:49:43 +02005191 sol = rep->buf->p;
5192 eol = sol + (msg->sl.st.l ? msg->sl.st.l : rep->buf->i);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005193 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005194
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005195 sol += hdr_idx_first_pos(&txn->hdr_idx);
5196 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005197
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005198 while (cur_idx) {
5199 eol = sol + txn->hdr_idx.v[cur_idx].len;
5200 debug_hdr("srvhdr", s, sol, eol);
5201 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
5202 cur_idx = txn->hdr_idx.v[cur_idx].next;
5203 }
5204 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005205
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005206 /*
5207 * Now we quickly check if we have found a full valid response.
5208 * If not so, we check the FD and buffer states before leaving.
5209 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01005210 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005211 * responses are checked first.
5212 *
5213 * Depending on whether the client is still there or not, we
5214 * may send an error response back or not. Note that normally
5215 * we should only check for HTTP status there, and check I/O
5216 * errors somewhere else.
5217 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005218
Willy Tarreau655dce92009-11-08 13:10:58 +01005219 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005220 /* Invalid response */
5221 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
5222 /* we detected a parsing error. We want to archive this response
5223 * in the dedicated proxy area for later troubleshooting.
5224 */
5225 hdr_response_bad:
5226 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005227 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005228
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005229 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005230 if (objt_server(s->target)) {
5231 objt_server(s->target)->counters.failed_resp++;
5232 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005233 }
Willy Tarreau64648412010-03-05 10:41:54 +01005234 abort_response:
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005235 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005236 rep->analysers = 0;
5237 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005238 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005239 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005240 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005241
5242 if (!(s->flags & SN_ERR_MASK))
5243 s->flags |= SN_ERR_PRXCOND;
5244 if (!(s->flags & SN_FINST_MASK))
5245 s->flags |= SN_FINST_H;
5246
5247 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005248 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005249
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005250 /* too large response does not fit in buffer. */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005251 else if (buffer_full(rep->buf, global.tune.maxrewrite)) {
Willy Tarreaufec4d892011-09-02 20:04:57 +02005252 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02005253 msg->err_pos = rep->buf->i;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005254 goto hdr_response_bad;
5255 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005256
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005257 /* read error */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005258 else if (rep->flags & CF_READ_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005259 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005260 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02005261
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005262 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005263 if (objt_server(s->target)) {
5264 objt_server(s->target)->counters.failed_resp++;
5265 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_ERROR);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005266 }
Willy Tarreau461f6622008-08-15 23:43:19 +02005267
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005268 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005269 rep->analysers = 0;
5270 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005271 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005272 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005273 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02005274
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005275 if (!(s->flags & SN_ERR_MASK))
5276 s->flags |= SN_ERR_SRVCL;
5277 if (!(s->flags & SN_FINST_MASK))
5278 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02005279 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005280 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005281
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005282 /* read timeout : return a 504 to the client. */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005283 else if (rep->flags & CF_READ_TIMEOUT) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005284 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005285 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01005286
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005287 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005288 if (objt_server(s->target)) {
5289 objt_server(s->target)->counters.failed_resp++;
5290 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_TIMEOUT);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005291 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005292
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005293 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005294 rep->analysers = 0;
5295 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005296 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005297 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005298 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02005299
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005300 if (!(s->flags & SN_ERR_MASK))
5301 s->flags |= SN_ERR_SRVTO;
5302 if (!(s->flags & SN_FINST_MASK))
5303 s->flags |= SN_FINST_H;
5304 return 0;
5305 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02005306
Willy Tarreauf003d372012-11-26 13:35:37 +01005307 /* client abort with an abortonclose */
5308 else if ((rep->flags & CF_SHUTR) && ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))) {
5309 s->fe->fe_counters.cli_aborts++;
5310 s->be->be_counters.cli_aborts++;
5311 if (objt_server(s->target))
5312 objt_server(s->target)->counters.cli_aborts++;
5313
5314 rep->analysers = 0;
5315 channel_auto_close(rep);
5316
5317 txn->status = 400;
5318 bi_erase(rep);
5319 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_400));
5320
5321 if (!(s->flags & SN_ERR_MASK))
5322 s->flags |= SN_ERR_CLICL;
5323 if (!(s->flags & SN_FINST_MASK))
5324 s->flags |= SN_FINST_H;
5325
5326 /* process_session() will take care of the error */
5327 return 0;
5328 }
5329
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005330 /* close from server, capture the response if the server has started to respond */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005331 else if (rep->flags & CF_SHUTR) {
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005332 if (msg->msg_state >= HTTP_MSG_RPVER || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005333 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01005334
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005335 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005336 if (objt_server(s->target)) {
5337 objt_server(s->target)->counters.failed_resp++;
5338 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_BROKEN_PIPE);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005339 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005340
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005341 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005342 rep->analysers = 0;
5343 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005344 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005345 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005346 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01005347
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005348 if (!(s->flags & SN_ERR_MASK))
5349 s->flags |= SN_ERR_SRVCL;
5350 if (!(s->flags & SN_FINST_MASK))
5351 s->flags |= SN_FINST_H;
5352 return 0;
5353 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005354
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005355 /* write error to client (we don't send any message then) */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005356 else if (rep->flags & CF_WRITE_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005357 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005358 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005359
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005360 s->be->be_counters.failed_resp++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005361 rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005362 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005363
5364 if (!(s->flags & SN_ERR_MASK))
5365 s->flags |= SN_ERR_CLICL;
5366 if (!(s->flags & SN_FINST_MASK))
5367 s->flags |= SN_FINST_H;
5368
5369 /* process_session() will take care of the error */
5370 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005371 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005372
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005373 channel_dont_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005374 return 0;
5375 }
5376
5377 /* More interesting part now : we know that we have a complete
5378 * response which at least looks like HTTP. We have an indicator
5379 * of each header's length, so we can parse them quickly.
5380 */
5381
5382 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005383 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005384
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005385 /*
5386 * 1: get the status code
5387 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005388 n = rep->buf->p[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005389 if (n < 1 || n > 5)
5390 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005391 /* when the client triggers a 4xx from the server, it's most often due
5392 * to a missing object or permission. These events should be tracked
5393 * because if they happen often, it may indicate a brute force or a
5394 * vulnerability scan.
5395 */
5396 if (n == 4)
5397 session_inc_http_err_ctr(s);
5398
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005399 if (objt_server(s->target))
5400 objt_server(s->target)->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005401
Willy Tarreau5b154472009-12-21 20:11:07 +01005402 /* check if the response is HTTP/1.1 or above */
5403 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005404 ((rep->buf->p[5] > '1') ||
5405 ((rep->buf->p[5] == '1') && (rep->buf->p[7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005406 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01005407
5408 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005409 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_HDR_CONN_UPG|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01005410
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005411 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005412 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005413
Willy Tarreau9b28e032012-10-12 23:49:43 +02005414 txn->status = strl2ui(rep->buf->p + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005415
Willy Tarreau39650402010-03-15 19:44:39 +01005416 /* Adjust server's health based on status code. Note: status codes 501
5417 * and 505 are triggered on demand by client request, so we must not
5418 * count them as server failures.
5419 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005420 if (objt_server(s->target)) {
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005421 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005422 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_OK);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005423 else
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005424 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_STS);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005425 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005426
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005427 /*
5428 * 2: check for cacheability.
5429 */
5430
5431 switch (txn->status) {
5432 case 200:
5433 case 203:
5434 case 206:
5435 case 300:
5436 case 301:
5437 case 410:
5438 /* RFC2616 @13.4:
5439 * "A response received with a status code of
5440 * 200, 203, 206, 300, 301 or 410 MAY be stored
5441 * by a cache (...) unless a cache-control
5442 * directive prohibits caching."
5443 *
5444 * RFC2616 @9.5: POST method :
5445 * "Responses to this method are not cacheable,
5446 * unless the response includes appropriate
5447 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005448 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005449 if (likely(txn->meth != HTTP_METH_POST) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005450 ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005451 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
5452 break;
5453 default:
5454 break;
5455 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005456
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005457 /*
5458 * 3: we may need to capture headers
5459 */
5460 s->logs.logwait &= ~LW_RESP;
Willy Tarreau42f7d892012-03-24 08:28:09 +01005461 if (unlikely((s->logs.logwait & LW_RSPHDR) && txn->rsp.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02005462 capture_headers(rep->buf->p, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005463 txn->rsp.cap, s->fe->rsp_cap);
5464
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005465 /* 4: determine the transfer-length.
5466 * According to RFC2616 #4.4, amended by the HTTPbis working group,
5467 * the presence of a message-body in a RESPONSE and its transfer length
5468 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005469 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005470 * All responses to the HEAD request method MUST NOT include a
5471 * message-body, even though the presence of entity-header fields
5472 * might lead one to believe they do. All 1xx (informational), 204
5473 * (No Content), and 304 (Not Modified) responses MUST NOT include a
5474 * message-body. All other responses do include a message-body,
5475 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005476 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005477 * 1. Any response which "MUST NOT" include a message-body (such as the
5478 * 1xx, 204 and 304 responses and any response to a HEAD request) is
5479 * always terminated by the first empty line after the header fields,
5480 * regardless of the entity-header fields present in the message.
5481 *
5482 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
5483 * the "chunked" transfer-coding (Section 6.2) is used, the
5484 * transfer-length is defined by the use of this transfer-coding.
5485 * If a Transfer-Encoding header field is present and the "chunked"
5486 * transfer-coding is not present, the transfer-length is defined by
5487 * the sender closing the connection.
5488 *
5489 * 3. If a Content-Length header field is present, its decimal value in
5490 * OCTETs represents both the entity-length and the transfer-length.
5491 * If a message is received with both a Transfer-Encoding header
5492 * field and a Content-Length header field, the latter MUST be ignored.
5493 *
5494 * 4. If the message uses the media type "multipart/byteranges", and
5495 * the transfer-length is not otherwise specified, then this self-
5496 * delimiting media type defines the transfer-length. This media
5497 * type MUST NOT be used unless the sender knows that the recipient
5498 * can parse it; the presence in a request of a Range header with
5499 * multiple byte-range specifiers from a 1.1 client implies that the
5500 * client can parse multipart/byteranges responses.
5501 *
5502 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005503 */
5504
5505 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01005506 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005507 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005508 * FIXME: should we parse anyway and return an error on chunked encoding ?
5509 */
5510 if (txn->meth == HTTP_METH_HEAD ||
5511 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005512 txn->status == 204 || txn->status == 304) {
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005513 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreau91015352012-11-27 07:31:33 +01005514 s->comp_algo = NULL;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005515 goto skip_content_length;
5516 }
5517
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005518 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005519 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005520 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005521 http_find_header2("Transfer-Encoding", 17, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005522 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005523 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
5524 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005525 /* bad transfer-encoding (chunked followed by something else) */
5526 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005527 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005528 break;
5529 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005530 }
5531
5532 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
5533 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005534 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005535 http_find_header2("Content-Length", 14, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005536 signed long long cl;
5537
Willy Tarreauad14f752011-09-02 20:33:27 +02005538 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005539 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005540 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005541 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005542
Willy Tarreauad14f752011-09-02 20:33:27 +02005543 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005544 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005545 goto hdr_response_bad; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02005546 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005547
Willy Tarreauad14f752011-09-02 20:33:27 +02005548 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005549 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005550 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005551 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005552
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005553 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005554 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005555 goto hdr_response_bad; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02005556 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005557
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005558 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005559 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005560 }
5561
William Lallemand82fe75c2012-10-23 10:25:10 +02005562 if (s->fe->comp || s->be->comp)
5563 select_compression_response_header(s, rep->buf);
5564
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005565 /* FIXME: we should also implement the multipart/byterange method.
5566 * For now on, we resort to close mode in this case (unknown length).
5567 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005568skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005569
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005570 /* end of job, return OK */
5571 rep->analysers &= ~an_bit;
5572 rep->analyse_exp = TICK_ETERNITY;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005573 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005574 return 1;
5575}
5576
5577/* This function performs all the processing enabled for the current response.
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005578 * It normally returns 1 unless it wants to break. It relies on buffers flags,
5579 * and updates t->rep->analysers. It might make sense to explode it into several
5580 * other functions. It works like process_request (see indications above).
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005581 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005582int http_process_res_common(struct session *t, struct channel *rep, int an_bit, struct proxy *px)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005583{
5584 struct http_txn *txn = &t->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005585 struct http_msg *msg = &txn->rsp;
5586 struct proxy *cur_proxy;
Willy Tarreauf4f04122010-01-28 18:10:50 +01005587 struct cond_wordlist *wl;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005588 struct http_res_rule *http_res_last_rule = NULL;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005589
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005590 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005591 now_ms, __FUNCTION__,
5592 t,
5593 rep,
5594 rep->rex, rep->wex,
5595 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005596 rep->buf->i,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005597 rep->analysers);
5598
Willy Tarreau655dce92009-11-08 13:10:58 +01005599 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005600 return 0;
5601
5602 rep->analysers &= ~an_bit;
5603 rep->analyse_exp = TICK_ETERNITY;
5604
Willy Tarreau5b154472009-12-21 20:11:07 +01005605 /* Now we have to check if we need to modify the Connection header.
5606 * This is more difficult on the response than it is on the request,
5607 * because we can have two different HTTP versions and we don't know
5608 * how the client will interprete a response. For instance, let's say
5609 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5610 * HTTP/1.1 response without any header. Maybe it will bound itself to
5611 * HTTP/1.0 because it only knows about it, and will consider the lack
5612 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5613 * the lack of header as a keep-alive. Thus we will use two flags
5614 * indicating how a request MAY be understood by the client. In case
5615 * of multiple possibilities, we'll fix the header to be explicit. If
5616 * ambiguous cases such as both close and keepalive are seen, then we
5617 * will fall back to explicit close. Note that we won't take risks with
5618 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005619 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005620 */
5621
Willy Tarreaudc008c52010-02-01 16:20:08 +01005622 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5623 txn->status == 101)) {
5624 /* Either we've established an explicit tunnel, or we're
5625 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005626 * to understand the next protocols. We have to switch to tunnel
5627 * mode, so that we transfer the request and responses then let
5628 * this protocol pass unmodified. When we later implement specific
5629 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005630 * header which contains information about that protocol for
5631 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005632 */
5633 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5634 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005635 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5636 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
5637 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005638 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005639
Willy Tarreau60466522010-01-18 19:08:45 +01005640 /* on unknown transfer length, we must close */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005641 if (!(msg->flags & HTTP_MSGF_XFER_LEN) &&
Willy Tarreau60466522010-01-18 19:08:45 +01005642 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5643 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005644
Willy Tarreau60466522010-01-18 19:08:45 +01005645 /* now adjust header transformations depending on current state */
5646 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5647 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5648 to_del |= 2; /* remove "keep-alive" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005649 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005650 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005651 }
Willy Tarreau60466522010-01-18 19:08:45 +01005652 else { /* SCL / KAL */
5653 to_del |= 1; /* remove "close" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005654 if (txn->req.flags & msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005655 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005656 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005657
Willy Tarreau60466522010-01-18 19:08:45 +01005658 /* Parse and remove some headers from the connection header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005659 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005660
Willy Tarreau60466522010-01-18 19:08:45 +01005661 /* Some keep-alive responses are converted to Server-close if
5662 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01005663 */
Willy Tarreau60466522010-01-18 19:08:45 +01005664 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
5665 if ((txn->flags & TX_HDR_CONN_CLO) ||
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005666 (!(txn->flags & TX_HDR_CONN_KAL) && !(msg->flags & HTTP_MSGF_VER_11)))
Willy Tarreau60466522010-01-18 19:08:45 +01005667 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005668 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005669 }
5670
Willy Tarreau7959a552013-09-23 16:44:27 +02005671 /* we want to have the response time before we start processing it */
5672 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
5673
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005674 if (1) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005675 /*
5676 * 3: we will have to evaluate the filters.
5677 * As opposed to version 1.2, now they will be evaluated in the
5678 * filters order and not in the header order. This means that
5679 * each filter has to be validated among all headers.
5680 *
5681 * Filters are tried with ->be first, then with ->fe if it is
5682 * different from ->be.
5683 */
5684
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005685 cur_proxy = t->be;
5686 while (1) {
5687 struct proxy *rule_set = cur_proxy;
5688
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005689 /* evaluate http-response rules */
5690 if (!http_res_last_rule)
5691 http_res_last_rule = http_res_get_intercept_rule(cur_proxy, &cur_proxy->http_res_rules, t, txn);
5692
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005693 /* try headers filters */
5694 if (rule_set->rsp_exp != NULL) {
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005695 if (apply_filters_to_response(t, rep, rule_set) < 0) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005696 return_bad_resp:
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005697 if (objt_server(t->target)) {
5698 objt_server(t->target)->counters.failed_resp++;
5699 health_adjust(objt_server(t->target), HANA_STATUS_HTTP_RSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005700 }
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005701 t->be->be_counters.failed_resp++;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005702 return_srv_prx_502:
Willy Tarreau2df28e82008-08-17 15:20:19 +02005703 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005704 txn->status = 502;
Willy Tarreau7959a552013-09-23 16:44:27 +02005705 t->logs.t_data = -1; /* was not a valid response */
Willy Tarreauc88ea682009-12-29 14:56:36 +01005706 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005707 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005708 stream_int_retnclose(rep->cons, http_error_message(t, HTTP_ERR_502));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005709 if (!(t->flags & SN_ERR_MASK))
5710 t->flags |= SN_ERR_PRXCOND;
5711 if (!(t->flags & SN_FINST_MASK))
5712 t->flags |= SN_FINST_H;
Willy Tarreaudafde432008-08-17 01:00:46 +02005713 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005714 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005715 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005716
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005717 /* has the response been denied ? */
5718 if (txn->flags & TX_SVDENY) {
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005719 if (objt_server(t->target))
5720 objt_server(t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005721
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005722 t->be->be_counters.denied_resp++;
5723 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005724 if (t->listener->counters)
5725 t->listener->counters->denied_resp++;
5726
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005727 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01005728 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005729
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005730 /* add response headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01005731 list_for_each_entry(wl, &rule_set->rsp_add, list) {
Willy Tarreau816b9792009-09-15 21:25:21 +02005732 if (txn->status < 200)
5733 break;
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005734 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02005735 int ret = acl_exec_cond(wl->cond, px, t, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005736 ret = acl_pass(ret);
5737 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
5738 ret = !ret;
5739 if (!ret)
5740 continue;
5741 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005742 if (unlikely(http_header_add_tail(&txn->rsp, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005743 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02005744 }
5745
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005746 /* check whether we're already working on the frontend */
5747 if (cur_proxy == t->fe)
5748 break;
5749 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005750 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005751
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005752 /*
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005753 * We may be facing a 100-continue response, in which case this
5754 * is not the right response, and we're waiting for the next one.
5755 * Let's allow this response to go to the client and wait for the
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005756 * next one.
5757 */
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005758 if (unlikely(txn->status == 100)) {
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005759 hdr_idx_init(&txn->hdr_idx);
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005760 msg->next -= channel_forward(rep, msg->next);
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005761 msg->msg_state = HTTP_MSG_RPBEFORE;
5762 txn->status = 0;
Willy Tarreau7959a552013-09-23 16:44:27 +02005763 t->logs.t_data = -1; /* was not a response yet */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005764 rep->analysers |= AN_RES_WAIT_HTTP | an_bit;
5765 return 1;
5766 }
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005767 else if (unlikely(txn->status < 200))
5768 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005769
5770 /* we don't have any 1xx status code now */
5771
5772 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005773 * 4: check for server cookie.
5774 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005775 if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name ||
5776 (t->be->options & PR_O_CHK_CACHE))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005777 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005778
Willy Tarreaubaaee002006-06-26 02:48:02 +02005779
Willy Tarreaua15645d2007-03-18 16:22:39 +01005780 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005781 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005782 */
Willy Tarreau67402132012-05-31 20:40:20 +02005783 if ((t->be->options & PR_O_CHK_CACHE) || (t->be->ck_opts & PR_CK_NOC))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005784 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005785
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005786 /*
5787 * 6: add server cookie in the response if needed
5788 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005789 if (objt_server(t->target) && (t->be->ck_opts & PR_CK_INS) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005790 !((txn->flags & TX_SCK_FOUND) && (t->be->ck_opts & PR_CK_PSV)) &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02005791 (!(t->flags & SN_DIRECT) ||
5792 ((t->be->cookie_maxidle || txn->cookie_last_date) &&
5793 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
5794 (t->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
5795 (!t->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
Willy Tarreau67402132012-05-31 20:40:20 +02005796 (!(t->be->ck_opts & PR_CK_POST) || (txn->meth == HTTP_METH_POST)) &&
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02005797 !(t->flags & SN_IGNORE_PRST)) {
Willy Tarreauef4f3912010-10-07 21:00:29 +02005798 /* the server is known, it's not the one the client requested, or the
5799 * cookie's last seen date needs to be refreshed. We have to
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005800 * insert a set-cookie here, except if we want to insert only on POST
5801 * requests and this one isn't. Note that servers which don't have cookies
5802 * (eg: some backup servers) will return a full cookie removal request.
5803 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005804 if (!objt_server(t->target)->cookie) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005805 chunk_printf(&trash,
Willy Tarreauef4f3912010-10-07 21:00:29 +02005806 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
5807 t->be->cookie_name);
5808 }
5809 else {
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005810 chunk_printf(&trash, "Set-Cookie: %s=%s", t->be->cookie_name, objt_server(t->target)->cookie);
Willy Tarreauef4f3912010-10-07 21:00:29 +02005811
5812 if (t->be->cookie_maxidle || t->be->cookie_maxlife) {
5813 /* emit last_date, which is mandatory */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005814 trash.str[trash.len++] = COOKIE_DELIM_DATE;
5815 s30tob64((date.tv_sec+3) >> 2, trash.str + trash.len);
5816 trash.len += 5;
5817
Willy Tarreauef4f3912010-10-07 21:00:29 +02005818 if (t->be->cookie_maxlife) {
5819 /* emit first_date, which is either the original one or
5820 * the current date.
5821 */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005822 trash.str[trash.len++] = COOKIE_DELIM_DATE;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005823 s30tob64(txn->cookie_first_date ?
5824 txn->cookie_first_date >> 2 :
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005825 (date.tv_sec+3) >> 2, trash.str + trash.len);
5826 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005827 }
5828 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005829 chunk_appendf(&trash, "; path=/");
Willy Tarreauef4f3912010-10-07 21:00:29 +02005830 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005831
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005832 if (t->be->cookie_domain)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005833 chunk_appendf(&trash, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005834
Willy Tarreau4992dd22012-05-31 21:02:17 +02005835 if (t->be->ck_opts & PR_CK_HTTPONLY)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005836 chunk_appendf(&trash, "; HttpOnly");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005837
5838 if (t->be->ck_opts & PR_CK_SECURE)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005839 chunk_appendf(&trash, "; Secure");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005840
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005841 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005842 goto return_bad_resp;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005843
Willy Tarreauf1348312010-10-07 15:54:11 +02005844 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005845 if (objt_server(t->target)->cookie && (t->flags & SN_DIRECT))
Willy Tarreauef4f3912010-10-07 21:00:29 +02005846 /* the server did not change, only the date was updated */
5847 txn->flags |= TX_SCK_UPDATED;
5848 else
5849 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005850
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005851 /* Here, we will tell an eventual cache on the client side that we don't
5852 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
5853 * Some caches understand the correct form: 'no-cache="set-cookie"', but
5854 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
5855 */
Willy Tarreau67402132012-05-31 20:40:20 +02005856 if ((t->be->ck_opts & PR_CK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02005857
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005858 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5859
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005860 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01005861 "Cache-control: private", 22) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005862 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005863 }
5864 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005865
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005866 /*
5867 * 7: check if result will be cacheable with a cookie.
5868 * We'll block the response if security checks have caught
5869 * nasty things such as a cacheable cookie.
5870 */
Willy Tarreauf1348312010-10-07 15:54:11 +02005871 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
5872 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005873 (t->be->options & PR_O_CHK_CACHE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005874
5875 /* we're in presence of a cacheable response containing
5876 * a set-cookie header. We'll block it as requested by
5877 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005878 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005879 if (objt_server(t->target))
5880 objt_server(t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005881
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005882 t->be->be_counters.denied_resp++;
5883 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005884 if (t->listener->counters)
5885 t->listener->counters->denied_resp++;
5886
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005887 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005888 t->be->id, objt_server(t->target) ? objt_server(t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005889 send_log(t->be, LOG_ALERT,
5890 "Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005891 t->be->id, objt_server(t->target) ? objt_server(t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005892 goto return_srv_prx_502;
5893 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005894
5895 /*
Willy Tarreau60466522010-01-18 19:08:45 +01005896 * 8: adjust "Connection: close" or "Connection: keep-alive" if needed.
Willy Tarreau50fc7772012-11-11 22:19:57 +01005897 * If an "Upgrade" token is found, the header is left untouched in order
5898 * not to have to deal with some client bugs : some of them fail an upgrade
5899 * if anything but "Upgrade" is present in the Connection header.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005900 */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005901 if (!(txn->flags & TX_HDR_CONN_UPG) &&
5902 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
5903 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005904 unsigned int want_flags = 0;
5905
5906 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5907 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
5908 /* we want a keep-alive response here. Keep-alive header
5909 * required if either side is not 1.1.
5910 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005911 if (!(txn->req.flags & msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005912 want_flags |= TX_CON_KAL_SET;
5913 }
5914 else {
5915 /* we want a close response here. Close header required if
5916 * the server is 1.1, regardless of the client.
5917 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005918 if (msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005919 want_flags |= TX_CON_CLO_SET;
5920 }
5921
5922 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005923 http_change_connection_header(txn, msg, want_flags);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005924 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005925
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005926 skip_header_mangling:
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005927 if ((msg->flags & HTTP_MSGF_XFER_LEN) ||
Willy Tarreaudc008c52010-02-01 16:20:08 +01005928 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005929 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01005930
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005931 /*************************************************************
5932 * OK, that's finished for the headers. We have done what we *
5933 * could. Let's switch to the DATA state. *
5934 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02005935
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005936 /* if the user wants to log as soon as possible, without counting
5937 * bytes from the server, then this is the right moment. We have
5938 * to temporarily assign bytes_out to log what we currently have.
5939 */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01005940 if (!LIST_ISEMPTY(&t->fe->logformat) && !(t->logs.logwait & LW_BYTES)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005941 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
5942 t->logs.bytes_out = txn->rsp.eoh;
Willy Tarreaua5555ec2008-11-30 19:02:32 +01005943 t->do_log(t);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005944 t->logs.bytes_out = 0;
5945 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005946
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005947 /* Note: we must not try to cheat by jumping directly to DATA,
5948 * otherwise we would not let the client side wake up.
5949 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005950
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005951 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005952 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005953 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005954}
Willy Tarreaua15645d2007-03-18 16:22:39 +01005955
Willy Tarreaud98cf932009-12-27 22:54:55 +01005956/* This function is an analyser which forwards response body (including chunk
5957 * sizes if any). It is called as soon as we must forward, even if we forward
5958 * zero byte. The only situation where it must not be called is when we're in
5959 * tunnel mode and we want to forward till the close. It's used both to forward
5960 * remaining data and to resync after end of body. It expects the msg_state to
5961 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
5962 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01005963 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02005964 * bytes of pending data + the headers if not already done (between sol and sov).
5965 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005966 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005967int http_response_forward_body(struct session *s, struct channel *res, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005968{
5969 struct http_txn *txn = &s->txn;
5970 struct http_msg *msg = &s->txn.rsp;
Willy Tarreauea953162012-05-18 23:41:28 +02005971 unsigned int bytes;
William Lallemand82fe75c2012-10-23 10:25:10 +02005972 static struct buffer *tmpbuf = NULL;
5973 int compressing = 0;
William Lallemandbf3ae612012-11-19 12:35:37 +01005974 int consumed_data = 0;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02005975 int ret;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005976
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005977 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
5978 return 0;
5979
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005980 if ((res->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02005981 ((res->flags & CF_SHUTW) && (res->to_forward || res->buf->o)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01005982 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02005983 /* Output closed while we were sending data. We must abort and
5984 * wake the other side up.
5985 */
5986 msg->msg_state = HTTP_MSG_ERROR;
5987 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01005988 return 1;
5989 }
5990
Willy Tarreau4fe41902010-06-07 22:27:41 +02005991 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005992 channel_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005993
William Lallemand82fe75c2012-10-23 10:25:10 +02005994 /* this is the first time we need the compression buffer */
5995 if (s->comp_algo != NULL && tmpbuf == NULL) {
5996 if ((tmpbuf = pool_alloc2(pool2_buffer)) == NULL)
5997 goto aborted_xfer; /* no memory */
5998 }
5999
Willy Tarreaud98cf932009-12-27 22:54:55 +01006000 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01006001 /* we have msg->sov which points to the first byte of message body.
William Lallemand82fe75c2012-10-23 10:25:10 +02006002 * rep->buf.p still points to the beginning of the message and msg->sol
6003 * is still null. We forward the headers, we don't need them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006004 */
William Lallemand82fe75c2012-10-23 10:25:10 +02006005 channel_forward(res, msg->sov);
6006 msg->next = 0;
6007 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01006008
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01006009 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006010 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02006011 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01006012 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006013 }
6014
William Lallemand82fe75c2012-10-23 10:25:10 +02006015 if (s->comp_algo != NULL) {
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006016 ret = http_compression_buffer_init(s, res->buf, tmpbuf); /* init a buffer with headers */
William Lallemand82fe75c2012-10-23 10:25:10 +02006017 if (ret < 0)
6018 goto missing_data; /* not enough spaces in buffers */
6019 compressing = 1;
6020 }
6021
Willy Tarreaud98cf932009-12-27 22:54:55 +01006022 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01006023 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02006024 /* we may have some data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02006025 if (s->comp_algo == NULL) {
6026 bytes = msg->sov - msg->sol;
6027 if (msg->chunk_len || bytes) {
6028 msg->sol = msg->sov;
6029 msg->next -= bytes; /* will be forwarded */
6030 msg->chunk_len += bytes;
6031 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6032 }
Willy Tarreau638cd022010-01-03 07:42:04 +01006033 }
6034
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006035 switch (msg->msg_state - HTTP_MSG_DATA) {
6036 case HTTP_MSG_DATA - HTTP_MSG_DATA: /* must still forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006037 if (compressing) {
6038 consumed_data += ret = http_compression_buffer_add_data(s, res->buf, tmpbuf);
6039 if (ret < 0)
6040 goto aborted_xfer;
6041 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006042
6043 if (res->to_forward || msg->chunk_len)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006044 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01006045
6046 /* nothing left to forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006047 if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreau54d23df2012-10-25 19:04:45 +02006048 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
William Lallemandbf3ae612012-11-19 12:35:37 +01006049 } else {
Willy Tarreaucaabe412010-01-03 23:08:28 +01006050 msg->msg_state = HTTP_MSG_DONE;
William Lallemandbf3ae612012-11-19 12:35:37 +01006051 if (compressing && consumed_data) {
6052 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6053 compressing = 0;
6054 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006055 break;
William Lallemandbf3ae612012-11-19 12:35:37 +01006056 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006057 /* fall through for HTTP_MSG_CHUNK_CRLF */
6058
6059 case HTTP_MSG_CHUNK_CRLF - HTTP_MSG_DATA:
6060 /* we want the CRLF after the data */
6061
6062 ret = http_skip_chunk_crlf(msg);
6063 if (ret == 0)
6064 goto missing_data;
6065 else if (ret < 0) {
6066 if (msg->err_pos >= 0)
6067 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_CRLF, s->fe);
6068 goto return_bad_res;
6069 }
6070 /* skipping data in buffer for compression */
6071 if (compressing) {
6072 b_adv(res->buf, msg->next);
6073 msg->next = 0;
6074 msg->sov = 0;
6075 msg->sol = 0;
6076 }
6077 /* we're in MSG_CHUNK_SIZE now, fall through */
6078
6079 case HTTP_MSG_CHUNK_SIZE - HTTP_MSG_DATA:
Willy Tarreau124d9912011-03-01 20:30:48 +01006080 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01006081 * set ->sov and ->next to point to the body and switch to DATA or
6082 * TRAILERS state.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006083 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01006084
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006085 ret = http_parse_chunk_size(msg);
Willy Tarreau54d23df2012-10-25 19:04:45 +02006086 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006087 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006088 else if (ret < 0) {
6089 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006090 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006091 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006092 }
William Lallemandbf3ae612012-11-19 12:35:37 +01006093 if (compressing) {
6094 if (likely(msg->chunk_len > 0)) {
6095 /* skipping data if we are in compression mode */
6096 b_adv(res->buf, msg->next);
6097 msg->next = 0;
6098 msg->sov = 0;
6099 msg->sol = 0;
6100 } else {
6101 if (consumed_data) {
6102 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6103 compressing = 0;
6104 }
6105 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006106 }
Willy Tarreau0161d622013-04-02 01:26:55 +02006107 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006108 break;
Willy Tarreau5523b322009-12-29 12:05:52 +01006109
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006110 case HTTP_MSG_TRAILERS - HTTP_MSG_DATA:
6111 ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006112 if (ret == 0)
6113 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006114 else if (ret < 0) {
6115 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006116 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006117 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006118 }
William Lallemand00bf1de2012-11-22 17:55:14 +01006119 if (s->comp_algo != NULL) {
6120 /* forwarding trailers */
6121 channel_forward(res, msg->next);
6122 msg->next = 0;
6123 }
Willy Tarreau2d43e182013-04-03 00:22:25 +02006124 /* we're in HTTP_MSG_DONE now, but we might still have
6125 * some data pending, so let's loop over once.
6126 */
6127 break;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006128
6129 default:
Willy Tarreau610ecce2010-01-04 21:15:02 +01006130 /* other states, DONE...TUNNEL */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006131
6132 ret = msg->msg_state;
Willy Tarreau4fe41902010-06-07 22:27:41 +02006133 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006134 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6135 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006136 channel_dont_close(res);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006137 if (http_resync_states(s)) {
6138 http_silent_debug(__LINE__, s);
6139 /* some state changes occurred, maybe the analyser
6140 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01006141 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006142 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006143 if (res->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006144 /* response errors are most likely due to
6145 * the client aborting the transfer.
6146 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006147 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006148 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006149 if (msg->err_pos >= 0)
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006150 http_capture_bad_message(&s->be->invalid_rep, s, msg, ret, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006151 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006152 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006153 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01006154 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006155 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006156 }
6157 }
6158
Willy Tarreaud98cf932009-12-27 22:54:55 +01006159 missing_data:
William Lallemandbf3ae612012-11-19 12:35:37 +01006160 if (compressing && consumed_data) {
William Lallemand82fe75c2012-10-23 10:25:10 +02006161 http_compression_buffer_end(s, &res->buf, &tmpbuf, 0);
6162 compressing = 0;
6163 }
Willy Tarreauf003d372012-11-26 13:35:37 +01006164
6165 if (res->flags & CF_SHUTW)
6166 goto aborted_xfer;
6167
6168 /* stop waiting for data if the input is closed before the end. If the
6169 * client side was already closed, it means that the client has aborted,
6170 * so we don't want to count this as a server abort. Otherwise it's a
6171 * server abort.
6172 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006173 if (res->flags & CF_SHUTR) {
Willy Tarreauf003d372012-11-26 13:35:37 +01006174 if ((res->flags & CF_SHUTW_NOW) || (s->req->flags & CF_SHUTR))
6175 goto aborted_xfer;
Willy Tarreau40dba092010-03-04 18:14:51 +01006176 if (!(s->flags & SN_ERR_MASK))
6177 s->flags |= SN_ERR_SRVCL;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006178 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006179 if (objt_server(s->target))
6180 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006181 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01006182 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006183
Willy Tarreau40dba092010-03-04 18:14:51 +01006184 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006185 if (!s->req->analysers)
6186 goto return_bad_res;
6187
Willy Tarreauea953162012-05-18 23:41:28 +02006188 /* forward any data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02006189 if (s->comp_algo == NULL) {
6190 bytes = msg->sov - msg->sol;
6191 if (msg->chunk_len || bytes) {
6192 msg->sol = msg->sov;
6193 msg->next -= bytes; /* will be forwarded */
6194 msg->chunk_len += bytes;
6195 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6196 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01006197 }
6198
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006199 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006200 * chunks even if the server has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006201 * Similarly, with keep-alive on the client side, we don't want to forward a
6202 * close.
6203 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006204 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo ||
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006205 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6206 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006207 channel_dont_close(res);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006208
Willy Tarreau5c620922011-05-11 19:56:11 +02006209 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006210 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02006211 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01006212 * modes are already handled by the stream sock layer. We must not do
6213 * this in content-length mode because it could present the MSG_MORE
6214 * flag with the last block of forwarded data, which would cause an
6215 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02006216 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006217 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006218 res->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02006219
Willy Tarreaud98cf932009-12-27 22:54:55 +01006220 /* the session handler will take care of timeouts and errors */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006221 http_silent_debug(__LINE__, s);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006222 return 0;
6223
Willy Tarreau40dba092010-03-04 18:14:51 +01006224 return_bad_res: /* let's centralize all bad responses */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006225 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006226 if (objt_server(s->target))
6227 objt_server(s->target)->counters.failed_resp++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006228
6229 return_bad_res_stats_ok:
Willy Tarreaud98cf932009-12-27 22:54:55 +01006230 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01006231 /* don't send any error message as we're in the body */
6232 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006233 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006234 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006235 if (objt_server(s->target))
6236 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006237
6238 if (!(s->flags & SN_ERR_MASK))
6239 s->flags |= SN_ERR_PRXCOND;
6240 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01006241 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006242 return 0;
6243
6244 aborted_xfer:
6245 txn->rsp.msg_state = HTTP_MSG_ERROR;
6246 /* don't send any error message as we're in the body */
6247 stream_int_retnclose(res->cons, NULL);
6248 res->analysers = 0;
6249 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
6250
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006251 s->fe->fe_counters.cli_aborts++;
6252 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006253 if (objt_server(s->target))
6254 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006255
6256 if (!(s->flags & SN_ERR_MASK))
6257 s->flags |= SN_ERR_CLICL;
6258 if (!(s->flags & SN_FINST_MASK))
6259 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006260 return 0;
6261}
6262
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006263/* Iterate the same filter through all request headers.
6264 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006265 * Since it can manage the switch to another backend, it updates the per-proxy
6266 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006267 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006268int apply_filter_to_req_headers(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006269{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006270 char term;
6271 char *cur_ptr, *cur_end, *cur_next;
6272 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006273 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006274 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006275 int delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01006276
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006277 last_hdr = 0;
6278
Willy Tarreau9b28e032012-10-12 23:49:43 +02006279 cur_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006280 old_idx = 0;
6281
6282 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006283 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006284 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006285 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006286 (exp->action == ACT_ALLOW ||
6287 exp->action == ACT_DENY ||
6288 exp->action == ACT_TARPIT))
6289 return 0;
6290
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006291 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006292 if (!cur_idx)
6293 break;
6294
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006295 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006296 cur_ptr = cur_next;
6297 cur_end = cur_ptr + cur_hdr->len;
6298 cur_next = cur_end + cur_hdr->cr + 1;
6299
6300 /* Now we have one header between cur_ptr and cur_end,
6301 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006302 */
6303
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006304 /* The annoying part is that pattern matching needs
6305 * that we modify the contents to null-terminate all
6306 * strings before testing them.
6307 */
6308
6309 term = *cur_end;
6310 *cur_end = '\0';
6311
6312 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6313 switch (exp->action) {
6314 case ACT_SETBE:
6315 /* It is not possible to jump a second time.
6316 * FIXME: should we return an HTTP/500 here so that
6317 * the admin knows there's a problem ?
6318 */
6319 if (t->be != t->fe)
6320 break;
6321
6322 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02006323 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006324 last_hdr = 1;
6325 break;
6326
6327 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006328 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006329 last_hdr = 1;
6330 break;
6331
6332 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006333 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006334 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006335 break;
6336
6337 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006338 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006339 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006340 break;
6341
6342 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006343 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6344 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006345 /* FIXME: if the user adds a newline in the replacement, the
6346 * index will not be recalculated for now, and the new line
6347 * will not be counted as a new header.
6348 */
6349
6350 cur_end += delta;
6351 cur_next += delta;
6352 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006353 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006354 break;
6355
6356 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02006357 delta = buffer_replace2(req->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006358 cur_next += delta;
6359
Willy Tarreaufa355d42009-11-29 18:12:29 +01006360 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006361 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6362 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006363 cur_hdr->len = 0;
6364 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006365 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006366 break;
6367
6368 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006369 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006370 if (cur_end)
6371 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006372
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006373 /* keep the link from this header to next one in case of later
6374 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006375 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006376 old_idx = cur_idx;
6377 }
6378 return 0;
6379}
6380
6381
6382/* Apply the filter to the request line.
6383 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6384 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006385 * Since it can manage the switch to another backend, it updates the per-proxy
6386 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006387 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006388int apply_filter_to_req_line(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006389{
6390 char term;
6391 char *cur_ptr, *cur_end;
6392 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006393 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006394 int delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006395
Willy Tarreau3d300592007-03-18 18:34:41 +01006396 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006397 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006398 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006399 (exp->action == ACT_ALLOW ||
6400 exp->action == ACT_DENY ||
6401 exp->action == ACT_TARPIT))
6402 return 0;
6403 else if (exp->action == ACT_REMOVE)
6404 return 0;
6405
6406 done = 0;
6407
Willy Tarreau9b28e032012-10-12 23:49:43 +02006408 cur_ptr = req->buf->p;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006409 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006410
6411 /* Now we have the request line between cur_ptr and cur_end */
6412
6413 /* The annoying part is that pattern matching needs
6414 * that we modify the contents to null-terminate all
6415 * strings before testing them.
6416 */
6417
6418 term = *cur_end;
6419 *cur_end = '\0';
6420
6421 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6422 switch (exp->action) {
6423 case ACT_SETBE:
6424 /* It is not possible to jump a second time.
6425 * FIXME: should we return an HTTP/500 here so that
6426 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01006427 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006428 if (t->be != t->fe)
6429 break;
6430
6431 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02006432 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006433 done = 1;
6434 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006435
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006436 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006437 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006438 done = 1;
6439 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006440
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006441 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006442 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006443 done = 1;
6444 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006445
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006446 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006447 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006448 done = 1;
6449 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006450
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006451 case ACT_REPLACE:
6452 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006453 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6454 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006455 /* FIXME: if the user adds a newline in the replacement, the
6456 * index will not be recalculated for now, and the new line
6457 * will not be counted as a new header.
6458 */
Willy Tarreaua496b602006-12-17 23:15:24 +01006459
Willy Tarreaufa355d42009-11-29 18:12:29 +01006460 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006461 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006462 cur_end = (char *)http_parse_reqline(&txn->req,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006463 HTTP_MSG_RQMETH,
6464 cur_ptr, cur_end + 1,
6465 NULL, NULL);
6466 if (unlikely(!cur_end))
6467 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01006468
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006469 /* we have a full request and we know that we have either a CR
6470 * or an LF at <ptr>.
6471 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006472 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
6473 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006474 /* there is no point trying this regex on headers */
6475 return 1;
6476 }
6477 }
6478 *cur_end = term; /* restore the string terminator */
6479 return done;
6480}
Willy Tarreau97de6242006-12-27 17:18:38 +01006481
Willy Tarreau58f10d72006-12-04 02:26:12 +01006482
Willy Tarreau58f10d72006-12-04 02:26:12 +01006483
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006484/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01006485 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006486 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01006487 * unparsable request. Since it can manage the switch to another backend, it
6488 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006489 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006490int apply_filters_to_request(struct session *s, struct channel *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006491{
Willy Tarreau6c123b12010-01-28 20:22:06 +01006492 struct http_txn *txn = &s->txn;
6493 struct hdr_exp *exp;
6494
6495 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006496 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006497
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006498 /*
6499 * The interleaving of transformations and verdicts
6500 * makes it difficult to decide to continue or stop
6501 * the evaluation.
6502 */
6503
Willy Tarreau6c123b12010-01-28 20:22:06 +01006504 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
6505 break;
6506
Willy Tarreau3d300592007-03-18 18:34:41 +01006507 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006508 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01006509 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006510 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01006511
6512 /* if this filter had a condition, evaluate it now and skip to
6513 * next filter if the condition does not match.
6514 */
6515 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006516 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau6c123b12010-01-28 20:22:06 +01006517 ret = acl_pass(ret);
6518 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6519 ret = !ret;
6520
6521 if (!ret)
6522 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006523 }
6524
6525 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006526 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006527 if (unlikely(ret < 0))
6528 return -1;
6529
6530 if (likely(ret == 0)) {
6531 /* The filter did not match the request, it can be
6532 * iterated through all headers.
6533 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006534 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006535 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006536 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006537 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006538}
6539
6540
Willy Tarreaua15645d2007-03-18 16:22:39 +01006541
Willy Tarreau58f10d72006-12-04 02:26:12 +01006542/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006543 * Try to retrieve the server associated to the appsession.
6544 * If the server is found, it's assigned to the session.
6545 */
Cyril Bontéb21570a2009-11-29 20:04:48 +01006546void manage_client_side_appsession(struct session *t, const char *buf, int len) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006547 struct http_txn *txn = &t->txn;
6548 appsess *asession = NULL;
6549 char *sessid_temp = NULL;
6550
Cyril Bontéb21570a2009-11-29 20:04:48 +01006551 if (len > t->be->appsession_len) {
6552 len = t->be->appsession_len;
6553 }
6554
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006555 if (t->be->options2 & PR_O2_AS_REQL) {
6556 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006557 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006558 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006559 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006560 }
6561
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006562 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006563 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6564 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6565 return;
6566 }
6567
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006568 memcpy(txn->sessid, buf, len);
6569 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006570 }
6571
6572 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
6573 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6574 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6575 return;
6576 }
6577
Cyril Bontéb21570a2009-11-29 20:04:48 +01006578 memcpy(sessid_temp, buf, len);
6579 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006580
6581 asession = appsession_hash_lookup(&(t->be->htbl_proxy), sessid_temp);
6582 /* free previously allocated memory */
6583 pool_free2(apools.sessid, sessid_temp);
6584
6585 if (asession != NULL) {
6586 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
6587 if (!(t->be->options2 & PR_O2_AS_REQL))
6588 asession->request_count++;
6589
6590 if (asession->serverid != NULL) {
6591 struct server *srv = t->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02006592
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006593 while (srv) {
6594 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01006595 if ((srv->state & SRV_RUNNING) ||
6596 (t->be->options & PR_O_PERSIST) ||
6597 (t->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006598 /* we found the server and it's usable */
6599 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01006600 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006601 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006602 t->target = &srv->obj_type;
Willy Tarreau664beb82011-03-10 11:38:29 +01006603
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006604 break;
6605 } else {
6606 txn->flags &= ~TX_CK_MASK;
6607 txn->flags |= TX_CK_DOWN;
6608 }
6609 }
6610 srv = srv->next;
6611 }
6612 }
6613 }
6614}
6615
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006616/* Find the end of a cookie value contained between <s> and <e>. It works the
6617 * same way as with headers above except that the semi-colon also ends a token.
6618 * See RFC2965 for more information. Note that it requires a valid header to
6619 * return a valid result.
6620 */
6621char *find_cookie_value_end(char *s, const char *e)
6622{
6623 int quoted, qdpair;
6624
6625 quoted = qdpair = 0;
6626 for (; s < e; s++) {
6627 if (qdpair) qdpair = 0;
6628 else if (quoted) {
6629 if (*s == '\\') qdpair = 1;
6630 else if (*s == '"') quoted = 0;
6631 }
6632 else if (*s == '"') quoted = 1;
6633 else if (*s == ',' || *s == ';') return s;
6634 }
6635 return s;
6636}
6637
6638/* Delete a value in a header between delimiters <from> and <next> in buffer
6639 * <buf>. The number of characters displaced is returned, and the pointer to
6640 * the first delimiter is updated if required. The function tries as much as
6641 * possible to respect the following principles :
6642 * - replace <from> delimiter by the <next> one unless <from> points to a
6643 * colon, in which case <next> is simply removed
6644 * - set exactly one space character after the new first delimiter, unless
6645 * there are not enough characters in the block being moved to do so.
6646 * - remove unneeded spaces before the previous delimiter and after the new
6647 * one.
6648 *
6649 * It is the caller's responsibility to ensure that :
6650 * - <from> points to a valid delimiter or the colon ;
6651 * - <next> points to a valid delimiter or the final CR/LF ;
6652 * - there are non-space chars before <from> ;
6653 * - there is a CR/LF at or after <next>.
6654 */
Willy Tarreauaf819352012-08-27 22:08:00 +02006655int del_hdr_value(struct buffer *buf, char **from, char *next)
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006656{
6657 char *prev = *from;
6658
6659 if (*prev == ':') {
6660 /* We're removing the first value, preserve the colon and add a
6661 * space if possible.
6662 */
6663 if (!http_is_crlf[(unsigned char)*next])
6664 next++;
6665 prev++;
6666 if (prev < next)
6667 *prev++ = ' ';
6668
6669 while (http_is_spht[(unsigned char)*next])
6670 next++;
6671 } else {
6672 /* Remove useless spaces before the old delimiter. */
6673 while (http_is_spht[(unsigned char)*(prev-1)])
6674 prev--;
6675 *from = prev;
6676
6677 /* copy the delimiter and if possible a space if we're
6678 * not at the end of the line.
6679 */
6680 if (!http_is_crlf[(unsigned char)*next]) {
6681 *prev++ = *next++;
6682 if (prev + 1 < next)
6683 *prev++ = ' ';
6684 while (http_is_spht[(unsigned char)*next])
6685 next++;
6686 }
6687 }
6688 return buffer_replace2(buf, prev, next, NULL, 0);
6689}
6690
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006691/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006692 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006693 * desirable to call it only when needed. This code is quite complex because
6694 * of the multiple very crappy and ambiguous syntaxes we have to support. it
6695 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01006696 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006697void manage_client_side_cookies(struct session *t, struct channel *req)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006698{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006699 struct http_txn *txn = &t->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006700 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006701 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006702 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
6703 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006704
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006705 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01006706 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02006707 hdr_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006708
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006709 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006710 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006711 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006712
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006713 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006714 hdr_beg = hdr_next;
6715 hdr_end = hdr_beg + cur_hdr->len;
6716 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006717
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006718 /* We have one full header between hdr_beg and hdr_end, and the
6719 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01006720 * "Cookie:" headers.
6721 */
6722
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006723 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006724 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006725 old_idx = cur_idx;
6726 continue;
6727 }
6728
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006729 del_from = NULL; /* nothing to be deleted */
6730 preserve_hdr = 0; /* assume we may kill the whole header */
6731
Willy Tarreau58f10d72006-12-04 02:26:12 +01006732 /* Now look for cookies. Conforming to RFC2109, we have to support
6733 * attributes whose name begin with a '$', and associate them with
6734 * the right cookie, if we want to delete this cookie.
6735 * So there are 3 cases for each cookie read :
6736 * 1) it's a special attribute, beginning with a '$' : ignore it.
6737 * 2) it's a server id cookie that we *MAY* want to delete : save
6738 * some pointers on it (last semi-colon, beginning of cookie...)
6739 * 3) it's an application cookie : we *MAY* have to delete a previous
6740 * "special" cookie.
6741 * At the end of loop, if a "special" cookie remains, we may have to
6742 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006743 * *MUST* delete it.
6744 *
6745 * Note: RFC2965 is unclear about the processing of spaces around
6746 * the equal sign in the ATTR=VALUE form. A careful inspection of
6747 * the RFC explicitly allows spaces before it, and not within the
6748 * tokens (attrs or values). An inspection of RFC2109 allows that
6749 * too but section 10.1.3 lets one think that spaces may be allowed
6750 * after the equal sign too, resulting in some (rare) buggy
6751 * implementations trying to do that. So let's do what servers do.
6752 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
6753 * allowed quoted strings in values, with any possible character
6754 * after a backslash, including control chars and delimitors, which
6755 * causes parsing to become ambiguous. Browsers also allow spaces
6756 * within values even without quotes.
6757 *
6758 * We have to keep multiple pointers in order to support cookie
6759 * removal at the beginning, middle or end of header without
6760 * corrupting the header. All of these headers are valid :
6761 *
6762 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
6763 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
6764 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
6765 * | | | | | | | | |
6766 * | | | | | | | | hdr_end <--+
6767 * | | | | | | | +--> next
6768 * | | | | | | +----> val_end
6769 * | | | | | +-----------> val_beg
6770 * | | | | +--------------> equal
6771 * | | | +----------------> att_end
6772 * | | +---------------------> att_beg
6773 * | +--------------------------> prev
6774 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01006775 */
6776
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006777 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
6778 /* Iterate through all cookies on this line */
6779
6780 /* find att_beg */
6781 att_beg = prev + 1;
6782 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6783 att_beg++;
6784
6785 /* find att_end : this is the first character after the last non
6786 * space before the equal. It may be equal to hdr_end.
6787 */
6788 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006789
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006790 while (equal < hdr_end) {
6791 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01006792 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006793 if (http_is_spht[(unsigned char)*equal++])
6794 continue;
6795 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006796 }
6797
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006798 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6799 * is between <att_beg> and <equal>, both may be identical.
6800 */
6801
6802 /* look for end of cookie if there is an equal sign */
6803 if (equal < hdr_end && *equal == '=') {
6804 /* look for the beginning of the value */
6805 val_beg = equal + 1;
6806 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6807 val_beg++;
6808
6809 /* find the end of the value, respecting quotes */
6810 next = find_cookie_value_end(val_beg, hdr_end);
6811
6812 /* make val_end point to the first white space or delimitor after the value */
6813 val_end = next;
6814 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
6815 val_end--;
6816 } else {
6817 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01006818 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006819
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006820 /* We have nothing to do with attributes beginning with '$'. However,
6821 * they will automatically be removed if a header before them is removed,
6822 * since they're supposed to be linked together.
6823 */
6824 if (*att_beg == '$')
6825 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006826
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006827 /* Ignore cookies with no equal sign */
6828 if (equal == next) {
6829 /* This is not our cookie, so we must preserve it. But if we already
6830 * scheduled another cookie for removal, we cannot remove the
6831 * complete header, but we can remove the previous block itself.
6832 */
6833 preserve_hdr = 1;
6834 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006835 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006836 val_end += delta;
6837 next += delta;
6838 hdr_end += delta;
6839 hdr_next += delta;
6840 cur_hdr->len += delta;
6841 http_msg_move_end(&txn->req, delta);
6842 prev = del_from;
6843 del_from = NULL;
6844 }
6845 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01006846 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006847
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006848 /* if there are spaces around the equal sign, we need to
6849 * strip them otherwise we'll get trouble for cookie captures,
6850 * or even for rewrites. Since this happens extremely rarely,
6851 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006852 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006853 if (unlikely(att_end != equal || val_beg > equal + 1)) {
6854 int stripped_before = 0;
6855 int stripped_after = 0;
6856
6857 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006858 stripped_before = buffer_replace2(req->buf, att_end, equal, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006859 equal += stripped_before;
6860 val_beg += stripped_before;
6861 }
6862
6863 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006864 stripped_after = buffer_replace2(req->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006865 val_beg += stripped_after;
6866 stripped_before += stripped_after;
6867 }
6868
6869 val_end += stripped_before;
6870 next += stripped_before;
6871 hdr_end += stripped_before;
6872 hdr_next += stripped_before;
6873 cur_hdr->len += stripped_before;
6874 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006875 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006876 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006877
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006878 /* First, let's see if we want to capture this cookie. We check
6879 * that we don't already have a client side cookie, because we
6880 * can only capture one. Also as an optimisation, we ignore
6881 * cookies shorter than the declared name.
6882 */
6883 if (t->fe->capture_name != NULL && txn->cli_cookie == NULL &&
6884 (val_end - att_beg >= t->fe->capture_namelen) &&
6885 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
6886 int log_len = val_end - att_beg;
6887
6888 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
6889 Alert("HTTP logging : out of memory.\n");
6890 } else {
6891 if (log_len > t->fe->capture_len)
6892 log_len = t->fe->capture_len;
6893 memcpy(txn->cli_cookie, att_beg, log_len);
6894 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006895 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006896 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006897
Willy Tarreaubca99692010-10-06 19:25:55 +02006898 /* Persistence cookies in passive, rewrite or insert mode have the
6899 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006900 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006901 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006902 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006903 * For cookies in prefix mode, the form is :
6904 *
6905 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006906 */
6907 if ((att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
6908 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
6909 struct server *srv = t->be->srv;
6910 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006911
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006912 /* if we're in cookie prefix mode, we'll search the delimitor so that we
6913 * have the server ID between val_beg and delim, and the original cookie between
6914 * delim+1 and val_end. Otherwise, delim==val_end :
6915 *
6916 * Cookie: NAME=SRV; # in all but prefix modes
6917 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
6918 * | || || | |+-> next
6919 * | || || | +--> val_end
6920 * | || || +---------> delim
6921 * | || |+------------> val_beg
6922 * | || +-------------> att_end = equal
6923 * | |+-----------------> att_beg
6924 * | +------------------> prev
6925 * +-------------------------> hdr_beg
6926 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006927
Willy Tarreau67402132012-05-31 20:40:20 +02006928 if (t->be->ck_opts & PR_CK_PFX) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006929 for (delim = val_beg; delim < val_end; delim++)
6930 if (*delim == COOKIE_DELIM)
6931 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02006932 } else {
6933 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006934 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02006935 /* Now check if the cookie contains a date field, which would
6936 * appear after a vertical bar ('|') just after the server name
6937 * and before the delimiter.
6938 */
6939 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
6940 if (vbar1) {
6941 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02006942 * right is the last seen date. It is a base64 encoded
6943 * 30-bit value representing the UNIX date since the
6944 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02006945 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02006946 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02006947 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02006948 if (val_end - vbar1 >= 5) {
6949 val = b64tos30(vbar1);
6950 if (val > 0)
6951 txn->cookie_last_date = val << 2;
6952 }
6953 /* look for a second vertical bar */
6954 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
6955 if (vbar1 && (val_end - vbar1 > 5)) {
6956 val = b64tos30(vbar1 + 1);
6957 if (val > 0)
6958 txn->cookie_first_date = val << 2;
6959 }
Willy Tarreaubca99692010-10-06 19:25:55 +02006960 }
6961 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006962
Willy Tarreauf64d1412010-10-07 20:06:11 +02006963 /* if the cookie has an expiration date and the proxy wants to check
6964 * it, then we do that now. We first check if the cookie is too old,
6965 * then only if it has expired. We detect strict overflow because the
6966 * time resolution here is not great (4 seconds). Cookies with dates
6967 * in the future are ignored if their offset is beyond one day. This
6968 * allows an admin to fix timezone issues without expiring everyone
6969 * and at the same time avoids keeping unwanted side effects for too
6970 * long.
6971 */
6972 if (txn->cookie_first_date && t->be->cookie_maxlife &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006973 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)t->be->cookie_maxlife) ||
6974 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006975 txn->flags &= ~TX_CK_MASK;
6976 txn->flags |= TX_CK_OLD;
6977 delim = val_beg; // let's pretend we have not found the cookie
6978 txn->cookie_first_date = 0;
6979 txn->cookie_last_date = 0;
6980 }
6981 else if (txn->cookie_last_date && t->be->cookie_maxidle &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006982 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)t->be->cookie_maxidle) ||
6983 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006984 txn->flags &= ~TX_CK_MASK;
6985 txn->flags |= TX_CK_EXPIRED;
6986 delim = val_beg; // let's pretend we have not found the cookie
6987 txn->cookie_first_date = 0;
6988 txn->cookie_last_date = 0;
6989 }
6990
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006991 /* Here, we'll look for the first running server which supports the cookie.
6992 * This allows to share a same cookie between several servers, for example
6993 * to dedicate backup servers to specific servers only.
6994 * However, to prevent clients from sticking to cookie-less backup server
6995 * when they have incidentely learned an empty cookie, we simply ignore
6996 * empty cookies and mark them as invalid.
6997 * The same behaviour is applied when persistence must be ignored.
6998 */
Willy Tarreau4a5cade2012-04-05 21:09:48 +02006999 if ((delim == val_beg) || (t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007000 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007001
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007002 while (srv) {
7003 if (srv->cookie && (srv->cklen == delim - val_beg) &&
7004 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
7005 if ((srv->state & SRV_RUNNING) ||
7006 (t->be->options & PR_O_PERSIST) ||
7007 (t->flags & SN_FORCE_PRST)) {
7008 /* we found the server and we can use it */
7009 txn->flags &= ~TX_CK_MASK;
7010 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
7011 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007012 t->target = &srv->obj_type;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007013 break;
7014 } else {
7015 /* we found a server, but it's down,
7016 * mark it as such and go on in case
7017 * another one is available.
7018 */
7019 txn->flags &= ~TX_CK_MASK;
7020 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007021 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007022 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007023 srv = srv->next;
7024 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007025
Willy Tarreauf64d1412010-10-07 20:06:11 +02007026 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007027 /* no server matched this cookie or we deliberately skipped it */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007028 txn->flags &= ~TX_CK_MASK;
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007029 if ((t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
7030 txn->flags |= TX_CK_UNUSED;
7031 else
7032 txn->flags |= TX_CK_INVALID;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007033 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007034
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007035 /* depending on the cookie mode, we may have to either :
7036 * - delete the complete cookie if we're in insert+indirect mode, so that
7037 * the server never sees it ;
7038 * - remove the server id from the cookie value, and tag the cookie as an
7039 * application cookie so that it does not get accidentely removed later,
7040 * if we're in cookie prefix mode
7041 */
Willy Tarreau67402132012-05-31 20:40:20 +02007042 if ((t->be->ck_opts & PR_CK_PFX) && (delim != val_end)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007043 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007044
Willy Tarreau9b28e032012-10-12 23:49:43 +02007045 delta = buffer_replace2(req->buf, val_beg, delim + 1, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007046 val_end += delta;
7047 next += delta;
7048 hdr_end += delta;
7049 hdr_next += delta;
7050 cur_hdr->len += delta;
7051 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007052
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007053 del_from = NULL;
7054 preserve_hdr = 1; /* we want to keep this cookie */
7055 }
7056 else if (del_from == NULL &&
Willy Tarreau67402132012-05-31 20:40:20 +02007057 (t->be->ck_opts & (PR_CK_INS | PR_CK_IND)) == (PR_CK_INS | PR_CK_IND)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007058 del_from = prev;
7059 }
7060 } else {
7061 /* This is not our cookie, so we must preserve it. But if we already
7062 * scheduled another cookie for removal, we cannot remove the
7063 * complete header, but we can remove the previous block itself.
7064 */
7065 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007066
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007067 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007068 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01007069 if (att_beg >= del_from)
7070 att_beg += delta;
7071 if (att_end >= del_from)
7072 att_end += delta;
7073 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007074 val_end += delta;
7075 next += delta;
7076 hdr_end += delta;
7077 hdr_next += delta;
7078 cur_hdr->len += delta;
7079 http_msg_move_end(&txn->req, delta);
7080 prev = del_from;
7081 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007082 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007083 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007084
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007085 /* Look for the appsession cookie unless persistence must be ignored */
7086 if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
7087 int cmp_len, value_len;
7088 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007089
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007090 if (t->be->options2 & PR_O2_AS_PFX) {
7091 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7092 value_begin = att_beg + t->be->appsession_name_len;
7093 value_len = val_end - att_beg - t->be->appsession_name_len;
7094 } else {
7095 cmp_len = att_end - att_beg;
7096 value_begin = val_beg;
7097 value_len = val_end - val_beg;
7098 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007099
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007100 /* let's see if the cookie is our appcookie */
7101 if (cmp_len == t->be->appsession_name_len &&
7102 memcmp(att_beg, t->be->appsession_name, cmp_len) == 0) {
7103 manage_client_side_appsession(t, value_begin, value_len);
7104 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007105 }
7106
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007107 /* continue with next cookie on this header line */
7108 att_beg = next;
7109 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007110
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007111 /* There are no more cookies on this line.
7112 * We may still have one (or several) marked for deletion at the
7113 * end of the line. We must do this now in two ways :
7114 * - if some cookies must be preserved, we only delete from the
7115 * mark to the end of line ;
7116 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01007117 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007118 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007119 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007120 if (preserve_hdr) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007121 delta = del_hdr_value(req->buf, &del_from, hdr_end);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007122 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007123 cur_hdr->len += delta;
7124 } else {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007125 delta = buffer_replace2(req->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007126
7127 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007128 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7129 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007130 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007131 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007132 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007133 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007134 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007135 }
7136
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007137 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007138 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007139 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007140}
7141
7142
Willy Tarreaua15645d2007-03-18 16:22:39 +01007143/* Iterate the same filter through all response headers contained in <rtr>.
7144 * Returns 1 if this filter can be stopped upon return, otherwise 0.
7145 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007146int apply_filter_to_resp_headers(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007147{
7148 char term;
7149 char *cur_ptr, *cur_end, *cur_next;
7150 int cur_idx, old_idx, last_hdr;
7151 struct http_txn *txn = &t->txn;
7152 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007153 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007154
7155 last_hdr = 0;
7156
Willy Tarreau9b28e032012-10-12 23:49:43 +02007157 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007158 old_idx = 0;
7159
7160 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007161 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007162 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007163 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007164 (exp->action == ACT_ALLOW ||
7165 exp->action == ACT_DENY))
7166 return 0;
7167
7168 cur_idx = txn->hdr_idx.v[old_idx].next;
7169 if (!cur_idx)
7170 break;
7171
7172 cur_hdr = &txn->hdr_idx.v[cur_idx];
7173 cur_ptr = cur_next;
7174 cur_end = cur_ptr + cur_hdr->len;
7175 cur_next = cur_end + cur_hdr->cr + 1;
7176
7177 /* Now we have one header between cur_ptr and cur_end,
7178 * and the next header starts at cur_next.
7179 */
7180
7181 /* The annoying part is that pattern matching needs
7182 * that we modify the contents to null-terminate all
7183 * strings before testing them.
7184 */
7185
7186 term = *cur_end;
7187 *cur_end = '\0';
7188
7189 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7190 switch (exp->action) {
7191 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007192 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007193 last_hdr = 1;
7194 break;
7195
7196 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007197 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007198 last_hdr = 1;
7199 break;
7200
7201 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007202 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7203 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007204 /* FIXME: if the user adds a newline in the replacement, the
7205 * index will not be recalculated for now, and the new line
7206 * will not be counted as a new header.
7207 */
7208
7209 cur_end += delta;
7210 cur_next += delta;
7211 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007212 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007213 break;
7214
7215 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02007216 delta = buffer_replace2(rtr->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007217 cur_next += delta;
7218
Willy Tarreaufa355d42009-11-29 18:12:29 +01007219 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007220 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7221 txn->hdr_idx.used--;
7222 cur_hdr->len = 0;
7223 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01007224 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007225 break;
7226
7227 }
7228 }
7229 if (cur_end)
7230 *cur_end = term; /* restore the string terminator */
7231
7232 /* keep the link from this header to next one in case of later
7233 * removal of next header.
7234 */
7235 old_idx = cur_idx;
7236 }
7237 return 0;
7238}
7239
7240
7241/* Apply the filter to the status line in the response buffer <rtr>.
7242 * Returns 0 if nothing has been done, 1 if the filter has been applied,
7243 * or -1 if a replacement resulted in an invalid status line.
7244 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007245int apply_filter_to_sts_line(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007246{
7247 char term;
7248 char *cur_ptr, *cur_end;
7249 int done;
7250 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007251 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007252
7253
Willy Tarreau3d300592007-03-18 18:34:41 +01007254 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007255 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007256 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007257 (exp->action == ACT_ALLOW ||
7258 exp->action == ACT_DENY))
7259 return 0;
7260 else if (exp->action == ACT_REMOVE)
7261 return 0;
7262
7263 done = 0;
7264
Willy Tarreau9b28e032012-10-12 23:49:43 +02007265 cur_ptr = rtr->buf->p;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007266 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007267
7268 /* Now we have the status line between cur_ptr and cur_end */
7269
7270 /* The annoying part is that pattern matching needs
7271 * that we modify the contents to null-terminate all
7272 * strings before testing them.
7273 */
7274
7275 term = *cur_end;
7276 *cur_end = '\0';
7277
7278 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7279 switch (exp->action) {
7280 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007281 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007282 done = 1;
7283 break;
7284
7285 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007286 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007287 done = 1;
7288 break;
7289
7290 case ACT_REPLACE:
7291 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007292 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7293 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007294 /* FIXME: if the user adds a newline in the replacement, the
7295 * index will not be recalculated for now, and the new line
7296 * will not be counted as a new header.
7297 */
7298
Willy Tarreaufa355d42009-11-29 18:12:29 +01007299 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007300 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007301 cur_end = (char *)http_parse_stsline(&txn->rsp,
Willy Tarreau02785762007-04-03 14:45:44 +02007302 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01007303 cur_ptr, cur_end + 1,
7304 NULL, NULL);
7305 if (unlikely(!cur_end))
7306 return -1;
7307
7308 /* we have a full respnse and we know that we have either a CR
7309 * or an LF at <ptr>.
7310 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007311 txn->status = strl2ui(rtr->buf->p + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007312 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01007313 /* there is no point trying this regex on headers */
7314 return 1;
7315 }
7316 }
7317 *cur_end = term; /* restore the string terminator */
7318 return done;
7319}
7320
7321
7322
7323/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007324 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007325 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
7326 * unparsable response.
7327 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007328int apply_filters_to_response(struct session *s, struct channel *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007329{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007330 struct http_txn *txn = &s->txn;
7331 struct hdr_exp *exp;
7332
7333 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007334 int ret;
7335
7336 /*
7337 * The interleaving of transformations and verdicts
7338 * makes it difficult to decide to continue or stop
7339 * the evaluation.
7340 */
7341
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007342 if (txn->flags & TX_SVDENY)
7343 break;
7344
Willy Tarreau3d300592007-03-18 18:34:41 +01007345 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007346 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
7347 exp->action == ACT_PASS)) {
7348 exp = exp->next;
7349 continue;
7350 }
7351
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007352 /* if this filter had a condition, evaluate it now and skip to
7353 * next filter if the condition does not match.
7354 */
7355 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007356 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007357 ret = acl_pass(ret);
7358 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
7359 ret = !ret;
7360 if (!ret)
7361 continue;
7362 }
7363
Willy Tarreaua15645d2007-03-18 16:22:39 +01007364 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007365 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007366 if (unlikely(ret < 0))
7367 return -1;
7368
7369 if (likely(ret == 0)) {
7370 /* The filter did not match the response, it can be
7371 * iterated through all headers.
7372 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007373 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007374 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007375 }
7376 return 0;
7377}
7378
7379
Willy Tarreaua15645d2007-03-18 16:22:39 +01007380/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01007381 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02007382 * desirable to call it only when needed. This function is also used when we
7383 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01007384 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007385void manage_server_side_cookies(struct session *t, struct channel *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007386{
7387 struct http_txn *txn = &t->txn;
Willy Tarreau827aee92011-03-10 16:55:02 +01007388 struct server *srv;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007389 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007390 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007391 char *hdr_beg, *hdr_end, *hdr_next;
7392 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007393
Willy Tarreaua15645d2007-03-18 16:22:39 +01007394 /* Iterate through the headers.
7395 * we start with the start line.
7396 */
7397 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007398 hdr_next = res->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007399
7400 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
7401 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007402 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007403
7404 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02007405 hdr_beg = hdr_next;
7406 hdr_end = hdr_beg + cur_hdr->len;
7407 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007408
Willy Tarreau24581ba2010-08-31 22:39:35 +02007409 /* We have one full header between hdr_beg and hdr_end, and the
7410 * next header starts at hdr_next. We're only interested in
7411 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007412 */
7413
Willy Tarreau24581ba2010-08-31 22:39:35 +02007414 is_cookie2 = 0;
7415 prev = hdr_beg + 10;
7416 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007417 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007418 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
7419 if (!val) {
7420 old_idx = cur_idx;
7421 continue;
7422 }
7423 is_cookie2 = 1;
7424 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007425 }
7426
Willy Tarreau24581ba2010-08-31 22:39:35 +02007427 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
7428 * <prev> points to the colon.
7429 */
Willy Tarreauf1348312010-10-07 15:54:11 +02007430 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007431
Willy Tarreau24581ba2010-08-31 22:39:35 +02007432 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
7433 * check-cache is enabled) and we are not interested in checking
7434 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007435 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007436 if (t->be->cookie_name == NULL &&
7437 t->be->appsession_name == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007438 t->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007439 return;
7440
Willy Tarreau24581ba2010-08-31 22:39:35 +02007441 /* OK so now we know we have to process this response cookie.
7442 * The format of the Set-Cookie header is slightly different
7443 * from the format of the Cookie header in that it does not
7444 * support the comma as a cookie delimiter (thus the header
7445 * cannot be folded) because the Expires attribute described in
7446 * the original Netscape's spec may contain an unquoted date
7447 * with a comma inside. We have to live with this because
7448 * many browsers don't support Max-Age and some browsers don't
7449 * support quoted strings. However the Set-Cookie2 header is
7450 * clean.
7451 *
7452 * We have to keep multiple pointers in order to support cookie
7453 * removal at the beginning, middle or end of header without
7454 * corrupting the header (in case of set-cookie2). A special
7455 * pointer, <scav> points to the beginning of the set-cookie-av
7456 * fields after the first semi-colon. The <next> pointer points
7457 * either to the end of line (set-cookie) or next unquoted comma
7458 * (set-cookie2). All of these headers are valid :
7459 *
7460 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
7461 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7462 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7463 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
7464 * | | | | | | | | | |
7465 * | | | | | | | | +-> next hdr_end <--+
7466 * | | | | | | | +------------> scav
7467 * | | | | | | +--------------> val_end
7468 * | | | | | +--------------------> val_beg
7469 * | | | | +----------------------> equal
7470 * | | | +------------------------> att_end
7471 * | | +----------------------------> att_beg
7472 * | +------------------------------> prev
7473 * +-----------------------------------------> hdr_beg
7474 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007475
Willy Tarreau24581ba2010-08-31 22:39:35 +02007476 for (; prev < hdr_end; prev = next) {
7477 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007478
Willy Tarreau24581ba2010-08-31 22:39:35 +02007479 /* find att_beg */
7480 att_beg = prev + 1;
7481 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7482 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007483
Willy Tarreau24581ba2010-08-31 22:39:35 +02007484 /* find att_end : this is the first character after the last non
7485 * space before the equal. It may be equal to hdr_end.
7486 */
7487 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007488
Willy Tarreau24581ba2010-08-31 22:39:35 +02007489 while (equal < hdr_end) {
7490 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
7491 break;
7492 if (http_is_spht[(unsigned char)*equal++])
7493 continue;
7494 att_end = equal;
7495 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007496
Willy Tarreau24581ba2010-08-31 22:39:35 +02007497 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7498 * is between <att_beg> and <equal>, both may be identical.
7499 */
7500
7501 /* look for end of cookie if there is an equal sign */
7502 if (equal < hdr_end && *equal == '=') {
7503 /* look for the beginning of the value */
7504 val_beg = equal + 1;
7505 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7506 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007507
Willy Tarreau24581ba2010-08-31 22:39:35 +02007508 /* find the end of the value, respecting quotes */
7509 next = find_cookie_value_end(val_beg, hdr_end);
7510
7511 /* make val_end point to the first white space or delimitor after the value */
7512 val_end = next;
7513 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7514 val_end--;
7515 } else {
7516 /* <equal> points to next comma, semi-colon or EOL */
7517 val_beg = val_end = next = equal;
7518 }
7519
7520 if (next < hdr_end) {
7521 /* Set-Cookie2 supports multiple cookies, and <next> points to
7522 * a colon or semi-colon before the end. So skip all attr-value
7523 * pairs and look for the next comma. For Set-Cookie, since
7524 * commas are permitted in values, skip to the end.
7525 */
7526 if (is_cookie2)
7527 next = find_hdr_value_end(next, hdr_end);
7528 else
7529 next = hdr_end;
7530 }
7531
7532 /* Now everything is as on the diagram above */
7533
7534 /* Ignore cookies with no equal sign */
7535 if (equal == val_end)
7536 continue;
7537
7538 /* If there are spaces around the equal sign, we need to
7539 * strip them otherwise we'll get trouble for cookie captures,
7540 * or even for rewrites. Since this happens extremely rarely,
7541 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007542 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007543 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7544 int stripped_before = 0;
7545 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007546
Willy Tarreau24581ba2010-08-31 22:39:35 +02007547 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007548 stripped_before = buffer_replace2(res->buf, att_end, equal, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007549 equal += stripped_before;
7550 val_beg += stripped_before;
7551 }
7552
7553 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007554 stripped_after = buffer_replace2(res->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007555 val_beg += stripped_after;
7556 stripped_before += stripped_after;
7557 }
7558
7559 val_end += stripped_before;
7560 next += stripped_before;
7561 hdr_end += stripped_before;
7562 hdr_next += stripped_before;
7563 cur_hdr->len += stripped_before;
Willy Tarreau1fc1f452011-04-07 22:35:37 +02007564 http_msg_move_end(&txn->rsp, stripped_before);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007565 }
7566
7567 /* First, let's see if we want to capture this cookie. We check
7568 * that we don't already have a server side cookie, because we
7569 * can only capture one. Also as an optimisation, we ignore
7570 * cookies shorter than the declared name.
7571 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007572 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01007573 txn->srv_cookie == NULL &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007574 (val_end - att_beg >= t->fe->capture_namelen) &&
7575 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
7576 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02007577 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007578 Alert("HTTP logging : out of memory.\n");
7579 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01007580 else {
7581 if (log_len > t->fe->capture_len)
7582 log_len = t->fe->capture_len;
7583 memcpy(txn->srv_cookie, att_beg, log_len);
7584 txn->srv_cookie[log_len] = 0;
7585 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007586 }
7587
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007588 srv = objt_server(t->target);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007589 /* now check if we need to process it for persistence */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007590 if (!(t->flags & SN_IGNORE_PRST) &&
7591 (att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
7592 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02007593 /* assume passive cookie by default */
7594 txn->flags &= ~TX_SCK_MASK;
7595 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007596
7597 /* If the cookie is in insert mode on a known server, we'll delete
7598 * this occurrence because we'll insert another one later.
7599 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02007600 * a direct access.
7601 */
Willy Tarreau67402132012-05-31 20:40:20 +02007602 if (t->be->ck_opts & PR_CK_PSV) {
Willy Tarreauba4c5be2010-10-23 12:46:42 +02007603 /* The "preserve" flag was set, we don't want to touch the
7604 * server's cookie.
7605 */
7606 }
Willy Tarreau67402132012-05-31 20:40:20 +02007607 else if ((srv && (t->be->ck_opts & PR_CK_INS)) ||
7608 ((t->flags & SN_DIRECT) && (t->be->ck_opts & PR_CK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007609 /* this cookie must be deleted */
7610 if (*prev == ':' && next == hdr_end) {
7611 /* whole header */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007612 delta = buffer_replace2(res->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007613 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7614 txn->hdr_idx.used--;
7615 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007616 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007617 hdr_next += delta;
7618 http_msg_move_end(&txn->rsp, delta);
7619 /* note: while both invalid now, <next> and <hdr_end>
7620 * are still equal, so the for() will stop as expected.
7621 */
7622 } else {
7623 /* just remove the value */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007624 int delta = del_hdr_value(res->buf, &prev, next);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007625 next = prev;
7626 hdr_end += delta;
7627 hdr_next += delta;
7628 cur_hdr->len += delta;
7629 http_msg_move_end(&txn->rsp, delta);
7630 }
Willy Tarreauf1348312010-10-07 15:54:11 +02007631 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01007632 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007633 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007634 }
Willy Tarreau67402132012-05-31 20:40:20 +02007635 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007636 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01007637 * with this server since we know it.
7638 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007639 delta = buffer_replace2(res->buf, val_beg, val_end, srv->cookie, srv->cklen);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007640 next += delta;
7641 hdr_end += delta;
7642 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007643 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007644 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007645
Willy Tarreauf1348312010-10-07 15:54:11 +02007646 txn->flags &= ~TX_SCK_MASK;
7647 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007648 }
Willy Tarreaua0590312012-06-06 16:07:00 +02007649 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007650 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02007651 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01007652 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007653 delta = buffer_replace2(res->buf, val_beg, val_beg, srv->cookie, srv->cklen + 1);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007654 next += delta;
7655 hdr_end += delta;
7656 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007657 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007658 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007659
Willy Tarreau827aee92011-03-10 16:55:02 +01007660 val_beg[srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02007661 txn->flags &= ~TX_SCK_MASK;
7662 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007663 }
7664 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02007665 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
7666 else if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007667 int cmp_len, value_len;
7668 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007669
Cyril Bontéb21570a2009-11-29 20:04:48 +01007670 if (t->be->options2 & PR_O2_AS_PFX) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007671 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7672 value_begin = att_beg + t->be->appsession_name_len;
7673 value_len = MIN(t->be->appsession_len, val_end - att_beg - t->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01007674 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007675 cmp_len = att_end - att_beg;
7676 value_begin = val_beg;
7677 value_len = MIN(t->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007678 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007679
Cyril Bonté17530c32010-04-06 21:11:10 +02007680 if ((cmp_len == t->be->appsession_name_len) &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007681 (memcmp(att_beg, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7682 /* free a possibly previously allocated memory */
7683 pool_free2(apools.sessid, txn->sessid);
7684
Cyril Bontéb21570a2009-11-29 20:04:48 +01007685 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007686 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007687 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7688 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7689 return;
7690 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007691 memcpy(txn->sessid, value_begin, value_len);
7692 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007693 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02007694 }
7695 /* that's done for this cookie, check the next one on the same
7696 * line when next != hdr_end (only if is_cookie2).
7697 */
7698 }
7699 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007700 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007701 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007702
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007703 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007704 appsess *asession = NULL;
7705 /* only do insert, if lookup fails */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007706 asession = appsession_hash_lookup(&(t->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007707 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01007708 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007709 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
7710 Alert("Not enough Memory process_srv():asession:calloc().\n");
7711 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
7712 return;
7713 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007714 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
7715
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007716 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
7717 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7718 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007719 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007720 return;
7721 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007722 memcpy(asession->sessid, txn->sessid, t->be->appsession_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007723 asession->sessid[t->be->appsession_len] = 0;
7724
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007725 server_id_len = strlen(objt_server(t->target)->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007726 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007727 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007728 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007729 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007730 return;
7731 }
7732 asession->serverid[0] = '\0';
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007733 memcpy(asession->serverid, objt_server(t->target)->id, server_id_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007734
7735 asession->request_count = 0;
7736 appsession_hash_insert(&(t->be->htbl_proxy), asession);
7737 }
7738
7739 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
7740 asession->request_count++;
7741 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007742}
7743
7744
Willy Tarreaua15645d2007-03-18 16:22:39 +01007745/*
7746 * Check if response is cacheable or not. Updates t->flags.
7747 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007748void check_response_for_cacheability(struct session *t, struct channel *rtr)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007749{
7750 struct http_txn *txn = &t->txn;
7751 char *p1, *p2;
7752
7753 char *cur_ptr, *cur_end, *cur_next;
7754 int cur_idx;
7755
Willy Tarreau5df51872007-11-25 16:20:08 +01007756 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007757 return;
7758
7759 /* Iterate through the headers.
7760 * we start with the start line.
7761 */
7762 cur_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007763 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007764
7765 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
7766 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007767 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007768
7769 cur_hdr = &txn->hdr_idx.v[cur_idx];
7770 cur_ptr = cur_next;
7771 cur_end = cur_ptr + cur_hdr->len;
7772 cur_next = cur_end + cur_hdr->cr + 1;
7773
7774 /* We have one full header between cur_ptr and cur_end, and the
7775 * next header starts at cur_next. We're only interested in
7776 * "Cookie:" headers.
7777 */
7778
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007779 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
7780 if (val) {
7781 if ((cur_end - (cur_ptr + val) >= 8) &&
7782 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
7783 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
7784 return;
7785 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007786 }
7787
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007788 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
7789 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007790 continue;
7791
7792 /* OK, right now we know we have a cache-control header at cur_ptr */
7793
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007794 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007795
7796 if (p1 >= cur_end) /* no more info */
7797 continue;
7798
7799 /* p1 is at the beginning of the value */
7800 p2 = p1;
7801
Willy Tarreau8f8e6452007-06-17 21:51:38 +02007802 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007803 p2++;
7804
7805 /* we have a complete value between p1 and p2 */
7806 if (p2 < cur_end && *p2 == '=') {
7807 /* we have something of the form no-cache="set-cookie" */
7808 if ((cur_end - p1 >= 21) &&
7809 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
7810 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01007811 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007812 continue;
7813 }
7814
7815 /* OK, so we know that either p2 points to the end of string or to a comma */
7816 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
Willy Tarreau5b15f902013-07-04 12:46:56 +02007817 ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
Willy Tarreaua15645d2007-03-18 16:22:39 +01007818 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
7819 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
7820 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007821 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007822 return;
7823 }
7824
7825 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007826 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007827 continue;
7828 }
7829 }
7830}
7831
7832
Willy Tarreau58f10d72006-12-04 02:26:12 +01007833/*
7834 * Try to retrieve a known appsession in the URI, then the associated server.
7835 * If the server is found, it's assigned to the session.
7836 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007837void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01007838{
Cyril Bontéb21570a2009-11-29 20:04:48 +01007839 char *end_params, *first_param, *cur_param, *next_param;
7840 char separator;
7841 int value_len;
7842
7843 int mode = t->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007844
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007845 if (t->be->appsession_name == NULL ||
Cyril Bonté17530c32010-04-06 21:11:10 +02007846 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST && t->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007847 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007848 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007849
Cyril Bontéb21570a2009-11-29 20:04:48 +01007850 first_param = NULL;
7851 switch (mode) {
7852 case PR_O2_AS_M_PP:
7853 first_param = memchr(begin, ';', len);
7854 break;
7855 case PR_O2_AS_M_QS:
7856 first_param = memchr(begin, '?', len);
7857 break;
7858 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007859
Cyril Bontéb21570a2009-11-29 20:04:48 +01007860 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007861 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007862 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007863
Cyril Bontéb21570a2009-11-29 20:04:48 +01007864 switch (mode) {
7865 case PR_O2_AS_M_PP:
7866 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
7867 end_params = (char *) begin + len;
7868 }
7869 separator = ';';
7870 break;
7871 case PR_O2_AS_M_QS:
7872 end_params = (char *) begin + len;
7873 separator = '&';
7874 break;
7875 default:
7876 /* unknown mode, shouldn't happen */
7877 return;
7878 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007879
Cyril Bontéb21570a2009-11-29 20:04:48 +01007880 cur_param = next_param = end_params;
7881 while (cur_param > first_param) {
7882 cur_param--;
7883 if ((cur_param[0] == separator) || (cur_param == first_param)) {
7884 /* let's see if this is the appsession parameter */
7885 if ((cur_param + t->be->appsession_name_len + 1 < next_param) &&
7886 ((t->be->options2 & PR_O2_AS_PFX) || cur_param[t->be->appsession_name_len + 1] == '=') &&
7887 (strncasecmp(cur_param + 1, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7888 /* Cool... it's the right one */
7889 cur_param += t->be->appsession_name_len + (t->be->options2 & PR_O2_AS_PFX ? 1 : 2);
7890 value_len = MIN(t->be->appsession_len, next_param - cur_param);
7891 if (value_len > 0) {
7892 manage_client_side_appsession(t, cur_param, value_len);
7893 }
7894 break;
7895 }
7896 next_param = cur_param;
7897 }
7898 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007899#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007900 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02007901 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01007902#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01007903}
7904
Willy Tarreaub2513902006-12-17 14:52:38 +01007905/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02007906 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007907 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01007908 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02007909 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01007910 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01007911 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007912 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01007913 */
Willy Tarreau295a8372011-03-10 11:25:07 +01007914int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01007915{
7916 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007917 struct http_msg *msg = &txn->req;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007918 const char *uri = msg->chn->buf->p+ msg->sl.rq.u;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007919 const char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01007920
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007921 if (!uri_auth)
7922 return 0;
7923
Cyril Bonté70be45d2010-10-12 00:14:35 +02007924 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007925 return 0;
7926
Willy Tarreau295a8372011-03-10 11:25:07 +01007927 memset(&si->applet.ctx.stats, 0, sizeof(si->applet.ctx.stats));
Cyril Bonté19979e12012-04-04 12:57:21 +02007928 si->applet.ctx.stats.st_code = STAT_STATUS_INIT;
Willy Tarreau354898b2012-12-23 18:15:23 +01007929 si->applet.ctx.stats.flags |= STAT_FMT_HTML; /* assume HTML mode by default */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007930
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007931 /* check URI size */
Willy Tarreau3a215be2012-03-09 21:39:51 +01007932 if (uri_auth->uri_len > msg->sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01007933 return 0;
7934
Willy Tarreau3a215be2012-03-09 21:39:51 +01007935 h = uri;
Willy Tarreau0214c3a2007-01-07 13:47:30 +01007936 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01007937 return 0;
7938
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007939 h += uri_auth->uri_len;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007940 while (h <= uri + msg->sl.rq.u_l - 3) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007941 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007942 si->applet.ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007943 break;
7944 }
7945 h++;
7946 }
7947
7948 if (uri_auth->refresh) {
Willy Tarreau3a215be2012-03-09 21:39:51 +01007949 h = uri + uri_auth->uri_len;
7950 while (h <= uri + msg->sl.rq.u_l - 10) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007951 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007952 si->applet.ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007953 break;
7954 }
7955 h++;
7956 }
7957 }
7958
Willy Tarreau3a215be2012-03-09 21:39:51 +01007959 h = uri + uri_auth->uri_len;
7960 while (h <= uri + msg->sl.rq.u_l - 4) {
Willy Tarreau55bb8452007-10-17 18:44:57 +02007961 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau354898b2012-12-23 18:15:23 +01007962 si->applet.ctx.stats.flags &= ~STAT_FMT_HTML;
Willy Tarreau55bb8452007-10-17 18:44:57 +02007963 break;
7964 }
7965 h++;
7966 }
7967
Willy Tarreau3a215be2012-03-09 21:39:51 +01007968 h = uri + uri_auth->uri_len;
7969 while (h <= uri + msg->sl.rq.u_l - 8) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02007970 if (memcmp(h, ";st=", 4) == 0) {
Cyril Bonté19979e12012-04-04 12:57:21 +02007971 int i;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007972 h += 4;
Cyril Bonté20a804a2012-05-10 19:42:52 +02007973 si->applet.ctx.stats.st_code = STAT_STATUS_UNKN;
Cyril Bonté19979e12012-04-04 12:57:21 +02007974 for (i = STAT_STATUS_INIT + 1; i < STAT_STATUS_SIZE; i++) {
7975 if (strncmp(stat_status_codes[i], h, 4) == 0) {
7976 si->applet.ctx.stats.st_code = i;
7977 break;
7978 }
7979 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02007980 break;
7981 }
7982 h++;
7983 }
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02007984
7985 si->applet.ctx.stats.scope_str = 0;
7986 si->applet.ctx.stats.scope_len = 0;
7987 h = uri + uri_auth->uri_len;
7988 while (h <= uri + msg->sl.rq.u_l - 8) {
7989 if (memcmp(h, STAT_SCOPE_INPUT_NAME "=", strlen(STAT_SCOPE_INPUT_NAME) + 1) == 0) {
7990 int itx = 0;
7991 const char *h2;
7992 char scope_txt[STAT_SCOPE_TXT_MAXLEN + 1];
7993 const char *err;
7994
7995 h += strlen(STAT_SCOPE_INPUT_NAME) + 1;
7996 h2 = h;
7997 si->applet.ctx.stats.scope_str = h2 - msg->chn->buf->p;
7998 while (*h != ';' && *h != '\0' && *h != '&' && *h != ' ' && *h != '\n') {
7999 itx++;
8000 h++;
8001 }
8002
8003 if (itx > STAT_SCOPE_TXT_MAXLEN)
8004 itx = STAT_SCOPE_TXT_MAXLEN;
8005 si->applet.ctx.stats.scope_len = itx;
8006
8007 /* scope_txt = search query, si->applet.ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
8008 memcpy(scope_txt, h2, itx);
8009 scope_txt[itx] = '\0';
8010 err = invalid_char(scope_txt);
8011 if (err) {
8012 /* bad char in search text => clear scope */
8013 si->applet.ctx.stats.scope_str = 0;
8014 si->applet.ctx.stats.scope_len = 0;
8015 }
8016 break;
8017 }
8018 h++;
8019 }
8020
8021
Willy Tarreaub2513902006-12-17 14:52:38 +01008022 return 1;
8023}
8024
Willy Tarreau4076a152009-04-02 15:18:36 +02008025/*
8026 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008027 * By default it tries to report the error position as msg->err_pos. However if
8028 * this one is not set, it will then report msg->next, which is the last known
8029 * parsing point. The function is able to deal with wrapping buffers. It always
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008030 * displays buffers as a contiguous area starting at buf->p.
Willy Tarreau4076a152009-04-02 15:18:36 +02008031 */
8032void http_capture_bad_message(struct error_snapshot *es, struct session *s,
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008033 struct http_msg *msg,
Willy Tarreau078272e2010-12-12 12:46:33 +01008034 int state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02008035{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008036 struct channel *chn = msg->chn;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008037 int len1, len2;
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008038
Willy Tarreau9b28e032012-10-12 23:49:43 +02008039 es->len = MIN(chn->buf->i, sizeof(es->buf));
8040 len1 = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008041 len1 = MIN(len1, es->len);
8042 len2 = es->len - len1; /* remaining data if buffer wraps */
8043
Willy Tarreau9b28e032012-10-12 23:49:43 +02008044 memcpy(es->buf, chn->buf->p, len1);
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008045 if (len2)
Willy Tarreau9b28e032012-10-12 23:49:43 +02008046 memcpy(es->buf + len1, chn->buf->data, len2);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008047
Willy Tarreau4076a152009-04-02 15:18:36 +02008048 if (msg->err_pos >= 0)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008049 es->pos = msg->err_pos;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008050 else
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008051 es->pos = msg->next;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008052
Willy Tarreau4076a152009-04-02 15:18:36 +02008053 es->when = date; // user-visible date
8054 es->sid = s->uniq_id;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008055 es->srv = objt_server(s->target);
Willy Tarreau4076a152009-04-02 15:18:36 +02008056 es->oe = other_end;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008057 es->src = s->req->prod->conn->addr.from;
Willy Tarreau078272e2010-12-12 12:46:33 +01008058 es->state = state;
Willy Tarreau10479e42010-12-12 14:00:34 +01008059 es->ev_id = error_snapshot_id++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008060 es->b_flags = chn->flags;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008061 es->s_flags = s->flags;
8062 es->t_flags = s->txn.flags;
8063 es->m_flags = msg->flags;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008064 es->b_out = chn->buf->o;
8065 es->b_wrap = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008066 es->b_tot = chn->total;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008067 es->m_clen = msg->chunk_len;
8068 es->m_blen = msg->body_len;
Willy Tarreau4076a152009-04-02 15:18:36 +02008069}
Willy Tarreaub2513902006-12-17 14:52:38 +01008070
Willy Tarreau294c4732011-12-16 21:35:50 +01008071/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8072 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8073 * performed over the whole headers. Otherwise it must contain a valid header
8074 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8075 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8076 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8077 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008078 * -1. The value fetch stops at commas, so this function is suited for use with
8079 * list headers.
Willy Tarreau294c4732011-12-16 21:35:50 +01008080 * The return value is 0 if nothing was found, or non-zero otherwise.
Willy Tarreaubce70882009-09-07 11:51:47 +02008081 */
Willy Tarreau185b5c42012-04-26 15:11:51 +02008082unsigned int http_get_hdr(const struct http_msg *msg, const char *hname, int hlen,
Willy Tarreau294c4732011-12-16 21:35:50 +01008083 struct hdr_idx *idx, int occ,
8084 struct hdr_ctx *ctx, char **vptr, int *vlen)
Willy Tarreaubce70882009-09-07 11:51:47 +02008085{
Willy Tarreau294c4732011-12-16 21:35:50 +01008086 struct hdr_ctx local_ctx;
8087 char *ptr_hist[MAX_HDR_HISTORY];
8088 int len_hist[MAX_HDR_HISTORY];
Willy Tarreaubce70882009-09-07 11:51:47 +02008089 unsigned int hist_ptr;
Willy Tarreau294c4732011-12-16 21:35:50 +01008090 int found;
Willy Tarreaubce70882009-09-07 11:51:47 +02008091
Willy Tarreau294c4732011-12-16 21:35:50 +01008092 if (!ctx) {
8093 local_ctx.idx = 0;
8094 ctx = &local_ctx;
8095 }
8096
Willy Tarreaubce70882009-09-07 11:51:47 +02008097 if (occ >= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008098 /* search from the beginning */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008099 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreaubce70882009-09-07 11:51:47 +02008100 occ--;
8101 if (occ <= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008102 *vptr = ctx->line + ctx->val;
8103 *vlen = ctx->vlen;
8104 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008105 }
8106 }
Willy Tarreau294c4732011-12-16 21:35:50 +01008107 return 0;
Willy Tarreaubce70882009-09-07 11:51:47 +02008108 }
8109
8110 /* negative occurrence, we scan all the list then walk back */
8111 if (-occ > MAX_HDR_HISTORY)
8112 return 0;
8113
Willy Tarreau294c4732011-12-16 21:35:50 +01008114 found = hist_ptr = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008115 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008116 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8117 len_hist[hist_ptr] = ctx->vlen;
8118 if (++hist_ptr >= MAX_HDR_HISTORY)
Willy Tarreaubce70882009-09-07 11:51:47 +02008119 hist_ptr = 0;
8120 found++;
8121 }
8122 if (-occ > found)
8123 return 0;
8124 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
Willy Tarreau67dad272013-06-12 22:27:44 +02008125 * find occurrence -occ. 0 <= hist_ptr < MAX_HDR_HISTORY, and we have
8126 * -10 <= occ <= -1. So we have to check [hist_ptr%MAX_HDR_HISTORY+occ]
8127 * to remain in the 0..9 range.
Willy Tarreaubce70882009-09-07 11:51:47 +02008128 */
Willy Tarreau67dad272013-06-12 22:27:44 +02008129 hist_ptr += occ + MAX_HDR_HISTORY;
Willy Tarreaubce70882009-09-07 11:51:47 +02008130 if (hist_ptr >= MAX_HDR_HISTORY)
8131 hist_ptr -= MAX_HDR_HISTORY;
Willy Tarreau294c4732011-12-16 21:35:50 +01008132 *vptr = ptr_hist[hist_ptr];
8133 *vlen = len_hist[hist_ptr];
8134 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008135}
8136
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008137/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8138 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8139 * performed over the whole headers. Otherwise it must contain a valid header
8140 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8141 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8142 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8143 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
8144 * -1. This function differs from http_get_hdr() in that it only returns full
8145 * line header values and does not stop at commas.
8146 * The return value is 0 if nothing was found, or non-zero otherwise.
8147 */
8148unsigned int http_get_fhdr(const struct http_msg *msg, const char *hname, int hlen,
8149 struct hdr_idx *idx, int occ,
8150 struct hdr_ctx *ctx, char **vptr, int *vlen)
8151{
8152 struct hdr_ctx local_ctx;
8153 char *ptr_hist[MAX_HDR_HISTORY];
8154 int len_hist[MAX_HDR_HISTORY];
8155 unsigned int hist_ptr;
8156 int found;
8157
8158 if (!ctx) {
8159 local_ctx.idx = 0;
8160 ctx = &local_ctx;
8161 }
8162
8163 if (occ >= 0) {
8164 /* search from the beginning */
8165 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8166 occ--;
8167 if (occ <= 0) {
8168 *vptr = ctx->line + ctx->val;
8169 *vlen = ctx->vlen;
8170 return 1;
8171 }
8172 }
8173 return 0;
8174 }
8175
8176 /* negative occurrence, we scan all the list then walk back */
8177 if (-occ > MAX_HDR_HISTORY)
8178 return 0;
8179
8180 found = hist_ptr = 0;
8181 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8182 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8183 len_hist[hist_ptr] = ctx->vlen;
8184 if (++hist_ptr >= MAX_HDR_HISTORY)
8185 hist_ptr = 0;
8186 found++;
8187 }
8188 if (-occ > found)
8189 return 0;
8190 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
8191 * find occurrence -occ, so we have to check [hist_ptr+occ].
8192 */
8193 hist_ptr += occ;
8194 if (hist_ptr >= MAX_HDR_HISTORY)
8195 hist_ptr -= MAX_HDR_HISTORY;
8196 *vptr = ptr_hist[hist_ptr];
8197 *vlen = len_hist[hist_ptr];
8198 return 1;
8199}
8200
Willy Tarreaubaaee002006-06-26 02:48:02 +02008201/*
Willy Tarreaue92693a2012-09-24 21:13:39 +02008202 * Print a debug line with a header. Always stop at the first CR or LF char,
8203 * so it is safe to pass it a full buffer if needed. If <err> is not NULL, an
8204 * arrow is printed after the line which contains the pointer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01008205 */
8206void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
8207{
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008208 int max;
8209 chunk_printf(&trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau7f7ad912012-11-11 19:27:15 +01008210 dir, (unsigned short)t->req->prod->conn->t.sock.fd,
8211 (unsigned short)t->req->cons->conn->t.sock.fd);
Willy Tarreaue92693a2012-09-24 21:13:39 +02008212
8213 for (max = 0; start + max < end; max++)
8214 if (start[max] == '\r' || start[max] == '\n')
8215 break;
8216
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008217 UBOUND(max, trash.size - trash.len - 3);
8218 trash.len += strlcpy2(trash.str + trash.len, start, max + 1);
8219 trash.str[trash.len++] = '\n';
8220 if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */;
Willy Tarreau58f10d72006-12-04 02:26:12 +01008221}
8222
Willy Tarreau0937bc42009-12-22 15:03:09 +01008223/*
8224 * Initialize a new HTTP transaction for session <s>. It is assumed that all
8225 * the required fields are properly allocated and that we only need to (re)init
8226 * them. This should be used before processing any new request.
8227 */
8228void http_init_txn(struct session *s)
8229{
8230 struct http_txn *txn = &s->txn;
8231 struct proxy *fe = s->fe;
8232
8233 txn->flags = 0;
8234 txn->status = -1;
8235
Willy Tarreauf64d1412010-10-07 20:06:11 +02008236 txn->cookie_first_date = 0;
8237 txn->cookie_last_date = 0;
8238
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008239 txn->req.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008240 txn->req.sol = txn->req.eol = txn->req.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008241 txn->req.next = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008242 txn->rsp.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008243 txn->rsp.sol = txn->rsp.eol = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008244 txn->rsp.next = 0;
Willy Tarreau124d9912011-03-01 20:30:48 +01008245 txn->req.chunk_len = 0LL;
8246 txn->req.body_len = 0LL;
8247 txn->rsp.chunk_len = 0LL;
8248 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008249 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
8250 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Willy Tarreau394db372012-10-12 22:40:39 +02008251 txn->req.chn = s->req;
8252 txn->rsp.chn = s->rep;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008253
8254 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008255
8256 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
8257 if (fe->options2 & PR_O2_REQBUG_OK)
8258 txn->req.err_pos = -1; /* let buggy requests pass */
8259
Willy Tarreau46023632010-01-07 22:51:47 +01008260 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008261 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
8262
Willy Tarreau46023632010-01-07 22:51:47 +01008263 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008264 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
8265
8266 if (txn->hdr_idx.v)
8267 hdr_idx_init(&txn->hdr_idx);
8268}
8269
8270/* to be used at the end of a transaction */
8271void http_end_txn(struct session *s)
8272{
8273 struct http_txn *txn = &s->txn;
8274
8275 /* these ones will have been dynamically allocated */
8276 pool_free2(pool2_requri, txn->uri);
8277 pool_free2(pool2_capture, txn->cli_cookie);
8278 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008279 pool_free2(apools.sessid, txn->sessid);
William Lallemanda73203e2012-03-12 12:48:57 +01008280 pool_free2(pool2_uniqueid, s->unique_id);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008281
William Lallemanda73203e2012-03-12 12:48:57 +01008282 s->unique_id = NULL;
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008283 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008284 txn->uri = NULL;
8285 txn->srv_cookie = NULL;
8286 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01008287
8288 if (txn->req.cap) {
8289 struct cap_hdr *h;
8290 for (h = s->fe->req_cap; h; h = h->next)
8291 pool_free2(h->pool, txn->req.cap[h->index]);
8292 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
8293 }
8294
8295 if (txn->rsp.cap) {
8296 struct cap_hdr *h;
8297 for (h = s->fe->rsp_cap; h; h = h->next)
8298 pool_free2(h->pool, txn->rsp.cap[h->index]);
8299 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
8300 }
8301
Willy Tarreau0937bc42009-12-22 15:03:09 +01008302}
8303
8304/* to be used at the end of a transaction to prepare a new one */
8305void http_reset_txn(struct session *s)
8306{
8307 http_end_txn(s);
8308 http_init_txn(s);
8309
8310 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008311 s->logs.logwait = s->fe->to_log;
Willy Tarreauabcd5142013-06-11 17:18:02 +02008312 s->logs.level = 0;
Simon Hormanaf514952011-06-21 14:34:57 +09008313 session_del_srv_conn(s);
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008314 s->target = NULL;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008315 /* re-init store persistence */
8316 s->store_count = 0;
8317
Willy Tarreau0937bc42009-12-22 15:03:09 +01008318 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008319
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02008320 s->req->flags |= CF_READ_DONTWAIT; /* one read is usually enough */
Willy Tarreau0937bc42009-12-22 15:03:09 +01008321
Willy Tarreau739cfba2010-01-25 23:11:14 +01008322 /* We must trim any excess data from the response buffer, because we
8323 * may have blocked an invalid response from a server that we don't
8324 * want to accidentely forward once we disable the analysers, nor do
8325 * we want those data to come along with next response. A typical
8326 * example of such data would be from a buggy server responding to
8327 * a HEAD with some data, or sending more than the advertised
8328 * content-length.
8329 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008330 if (unlikely(s->rep->buf->i))
8331 s->rep->buf->i = 0;
Willy Tarreau739cfba2010-01-25 23:11:14 +01008332
Willy Tarreau0937bc42009-12-22 15:03:09 +01008333 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02008334 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008335
Willy Tarreaud04e8582010-05-31 12:31:35 +02008336 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008337 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008338
8339 s->req->rex = TICK_ETERNITY;
8340 s->req->wex = TICK_ETERNITY;
8341 s->req->analyse_exp = TICK_ETERNITY;
8342 s->rep->rex = TICK_ETERNITY;
8343 s->rep->wex = TICK_ETERNITY;
8344 s->rep->analyse_exp = TICK_ETERNITY;
8345}
Willy Tarreau58f10d72006-12-04 02:26:12 +01008346
Willy Tarreauff011f22011-01-06 17:51:27 +01008347void free_http_req_rules(struct list *r) {
8348 struct http_req_rule *tr, *pr;
8349
8350 list_for_each_entry_safe(pr, tr, r, list) {
8351 LIST_DEL(&pr->list);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008352 if (pr->action == HTTP_REQ_ACT_AUTH)
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008353 free(pr->arg.auth.realm);
Willy Tarreauff011f22011-01-06 17:51:27 +01008354
8355 free(pr);
8356 }
8357}
8358
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008359/* parse an "http-request" rule */
Willy Tarreauff011f22011-01-06 17:51:27 +01008360struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8361{
8362 struct http_req_rule *rule;
8363 int cur_arg;
8364
8365 rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
8366 if (!rule) {
8367 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008368 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008369 }
8370
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008371 if (!strcmp(args[0], "allow")) {
Willy Tarreauff011f22011-01-06 17:51:27 +01008372 rule->action = HTTP_REQ_ACT_ALLOW;
8373 cur_arg = 1;
8374 } else if (!strcmp(args[0], "deny")) {
8375 rule->action = HTTP_REQ_ACT_DENY;
8376 cur_arg = 1;
Willy Tarreauccbcc372012-12-27 12:37:57 +01008377 } else if (!strcmp(args[0], "tarpit")) {
8378 rule->action = HTTP_REQ_ACT_TARPIT;
8379 cur_arg = 1;
Willy Tarreauff011f22011-01-06 17:51:27 +01008380 } else if (!strcmp(args[0], "auth")) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008381 rule->action = HTTP_REQ_ACT_AUTH;
Willy Tarreauff011f22011-01-06 17:51:27 +01008382 cur_arg = 1;
8383
8384 while(*args[cur_arg]) {
8385 if (!strcmp(args[cur_arg], "realm")) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008386 rule->arg.auth.realm = strdup(args[cur_arg + 1]);
Willy Tarreauff011f22011-01-06 17:51:27 +01008387 cur_arg+=2;
8388 continue;
8389 } else
8390 break;
8391 }
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008392 } else if (!strcmp(args[0], "set-nice")) {
8393 rule->action = HTTP_REQ_ACT_SET_NICE;
8394 cur_arg = 1;
8395
8396 if (!*args[cur_arg] ||
8397 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8398 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer value).\n",
8399 file, linenum, args[0]);
8400 goto out_err;
8401 }
8402 rule->arg.nice = atoi(args[cur_arg]);
8403 if (rule->arg.nice < -1024)
8404 rule->arg.nice = -1024;
8405 else if (rule->arg.nice > 1024)
8406 rule->arg.nice = 1024;
8407 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008408 } else if (!strcmp(args[0], "set-tos")) {
8409#ifdef IP_TOS
8410 char *err;
8411 rule->action = HTTP_REQ_ACT_SET_TOS;
8412 cur_arg = 1;
8413
8414 if (!*args[cur_arg] ||
8415 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8416 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8417 file, linenum, args[0]);
8418 goto out_err;
8419 }
8420
8421 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8422 if (err && *err != '\0') {
8423 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8424 file, linenum, err, args[0]);
8425 goto out_err;
8426 }
8427 cur_arg++;
8428#else
8429 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8430 goto out_err;
8431#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008432 } else if (!strcmp(args[0], "set-mark")) {
8433#ifdef SO_MARK
8434 char *err;
8435 rule->action = HTTP_REQ_ACT_SET_MARK;
8436 cur_arg = 1;
8437
8438 if (!*args[cur_arg] ||
8439 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8440 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8441 file, linenum, args[0]);
8442 goto out_err;
8443 }
8444
8445 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8446 if (err && *err != '\0') {
8447 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8448 file, linenum, err, args[0]);
8449 goto out_err;
8450 }
8451 cur_arg++;
8452 global.last_checks |= LSTCHK_NETADM;
8453#else
8454 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8455 goto out_err;
8456#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008457 } else if (!strcmp(args[0], "set-log-level")) {
8458 rule->action = HTTP_REQ_ACT_SET_LOGL;
8459 cur_arg = 1;
8460
8461 if (!*args[cur_arg] ||
8462 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8463 bad_log_level:
8464 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (log level name or 'silent').\n",
8465 file, linenum, args[0]);
8466 goto out_err;
8467 }
8468 if (strcmp(args[cur_arg], "silent") == 0)
8469 rule->arg.loglevel = -1;
8470 else if ((rule->arg.loglevel = get_log_level(args[cur_arg]) + 1) == 0)
8471 goto bad_log_level;
8472 cur_arg++;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008473 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8474 rule->action = *args[0] == 'a' ? HTTP_REQ_ACT_ADD_HDR : HTTP_REQ_ACT_SET_HDR;
8475 cur_arg = 1;
8476
Willy Tarreau8d1c5162013-04-03 14:13:58 +02008477 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8478 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008479 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
8480 file, linenum, args[0]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008481 goto out_err;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008482 }
8483
8484 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8485 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8486 LIST_INIT(&rule->arg.hdr_add.fmt);
Willy Tarreaua4312fa2013-04-02 16:34:32 +02008487
8488 proxy->conf.args.ctx = ARGC_HDR;
Willy Tarreau434c57c2013-01-08 01:10:24 +01008489 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, 0,
8490 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008491 cur_arg += 2;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008492 } else if (strcmp(args[0], "redirect") == 0) {
8493 struct redirect_rule *redir;
Willy Tarreau6d4890c2013-11-18 18:04:25 +01008494 char *errmsg = NULL;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008495
8496 if ((redir = http_parse_redirect_rule(file, linenum, proxy, (const char **)args + 1, &errmsg)) == NULL) {
8497 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
8498 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
8499 goto out_err;
8500 }
8501
8502 /* this redirect rule might already contain a parsed condition which
8503 * we'll pass to the http-request rule.
8504 */
8505 rule->action = HTTP_REQ_ACT_REDIR;
8506 rule->arg.redir = redir;
8507 rule->cond = redir->cond;
8508 redir->cond = NULL;
8509 cur_arg = 2;
8510 return rule;
Willy Tarreauff011f22011-01-06 17:51:27 +01008511 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008512 Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', 'tarpit', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008513 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
Willy Tarreau81499eb2012-12-27 12:19:02 +01008514 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008515 }
8516
8517 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8518 struct acl_cond *cond;
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008519 char *errmsg = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008520
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008521 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8522 Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
8523 file, linenum, args[0], errmsg);
8524 free(errmsg);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008525 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008526 }
8527 rule->cond = cond;
8528 }
8529 else if (*args[cur_arg]) {
8530 Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
8531 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8532 file, linenum, args[0], args[cur_arg]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008533 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008534 }
8535
8536 return rule;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008537 out_err:
8538 free(rule);
8539 return NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008540}
8541
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008542/* parse an "http-respose" rule */
8543struct http_res_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8544{
8545 struct http_res_rule *rule;
8546 int cur_arg;
8547
8548 rule = calloc(1, sizeof(*rule));
8549 if (!rule) {
8550 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
8551 goto out_err;
8552 }
8553
8554 if (!strcmp(args[0], "allow")) {
8555 rule->action = HTTP_RES_ACT_ALLOW;
8556 cur_arg = 1;
8557 } else if (!strcmp(args[0], "deny")) {
8558 rule->action = HTTP_RES_ACT_DENY;
8559 cur_arg = 1;
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008560 } else if (!strcmp(args[0], "set-nice")) {
8561 rule->action = HTTP_RES_ACT_SET_NICE;
8562 cur_arg = 1;
8563
8564 if (!*args[cur_arg] ||
8565 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8566 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer value).\n",
8567 file, linenum, args[0]);
8568 goto out_err;
8569 }
8570 rule->arg.nice = atoi(args[cur_arg]);
8571 if (rule->arg.nice < -1024)
8572 rule->arg.nice = -1024;
8573 else if (rule->arg.nice > 1024)
8574 rule->arg.nice = 1024;
8575 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008576 } else if (!strcmp(args[0], "set-tos")) {
8577#ifdef IP_TOS
8578 char *err;
8579 rule->action = HTTP_RES_ACT_SET_TOS;
8580 cur_arg = 1;
8581
8582 if (!*args[cur_arg] ||
8583 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8584 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8585 file, linenum, args[0]);
8586 goto out_err;
8587 }
8588
8589 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8590 if (err && *err != '\0') {
8591 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8592 file, linenum, err, args[0]);
8593 goto out_err;
8594 }
8595 cur_arg++;
8596#else
8597 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8598 goto out_err;
8599#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008600 } else if (!strcmp(args[0], "set-mark")) {
8601#ifdef SO_MARK
8602 char *err;
8603 rule->action = HTTP_RES_ACT_SET_MARK;
8604 cur_arg = 1;
8605
8606 if (!*args[cur_arg] ||
8607 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8608 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8609 file, linenum, args[0]);
8610 goto out_err;
8611 }
8612
8613 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8614 if (err && *err != '\0') {
8615 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8616 file, linenum, err, args[0]);
8617 goto out_err;
8618 }
8619 cur_arg++;
8620 global.last_checks |= LSTCHK_NETADM;
8621#else
8622 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8623 goto out_err;
8624#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008625 } else if (!strcmp(args[0], "set-log-level")) {
8626 rule->action = HTTP_RES_ACT_SET_LOGL;
8627 cur_arg = 1;
8628
8629 if (!*args[cur_arg] ||
8630 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8631 bad_log_level:
8632 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (log level name or 'silent').\n",
8633 file, linenum, args[0]);
8634 goto out_err;
8635 }
8636 if (strcmp(args[cur_arg], "silent") == 0)
8637 rule->arg.loglevel = -1;
8638 else if ((rule->arg.loglevel = get_log_level(args[cur_arg] + 1)) == 0)
8639 goto bad_log_level;
8640 cur_arg++;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008641 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8642 rule->action = *args[0] == 'a' ? HTTP_RES_ACT_ADD_HDR : HTTP_RES_ACT_SET_HDR;
8643 cur_arg = 1;
8644
8645 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8646 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
8647 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 2 arguments.\n",
8648 file, linenum, args[0]);
8649 goto out_err;
8650 }
8651
8652 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8653 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8654 LIST_INIT(&rule->arg.hdr_add.fmt);
8655
8656 proxy->conf.args.ctx = ARGC_HDR;
8657 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, 0,
8658 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR);
8659 cur_arg += 2;
8660 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008661 Alert("parsing [%s:%d]: 'http-response' expects 'allow', 'deny', 'redirect', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008662 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
8663 goto out_err;
8664 }
8665
8666 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8667 struct acl_cond *cond;
8668 char *errmsg = NULL;
8669
8670 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8671 Alert("parsing [%s:%d] : error detected while parsing an 'http-response %s' condition : %s.\n",
8672 file, linenum, args[0], errmsg);
8673 free(errmsg);
8674 goto out_err;
8675 }
8676 rule->cond = cond;
8677 }
8678 else if (*args[cur_arg]) {
8679 Alert("parsing [%s:%d]: 'http-response %s' expects"
8680 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8681 file, linenum, args[0], args[cur_arg]);
8682 goto out_err;
8683 }
8684
8685 return rule;
8686 out_err:
8687 free(rule);
8688 return NULL;
8689}
8690
Willy Tarreau4baae242012-12-27 12:00:31 +01008691/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
8692 * with <err> filled with the error message.
8693 */
8694struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
8695 const char **args, char **errmsg)
8696{
8697 struct redirect_rule *rule;
8698 int cur_arg;
8699 int type = REDIRECT_TYPE_NONE;
8700 int code = 302;
8701 const char *destination = NULL;
8702 const char *cookie = NULL;
8703 int cookie_set = 0;
8704 unsigned int flags = REDIRECT_FLAG_NONE;
8705 struct acl_cond *cond = NULL;
8706
8707 cur_arg = 0;
8708 while (*(args[cur_arg])) {
8709 if (strcmp(args[cur_arg], "location") == 0) {
8710 if (!*args[cur_arg + 1])
8711 goto missing_arg;
8712
8713 type = REDIRECT_TYPE_LOCATION;
8714 cur_arg++;
8715 destination = args[cur_arg];
8716 }
8717 else if (strcmp(args[cur_arg], "prefix") == 0) {
8718 if (!*args[cur_arg + 1])
8719 goto missing_arg;
8720
8721 type = REDIRECT_TYPE_PREFIX;
8722 cur_arg++;
8723 destination = args[cur_arg];
8724 }
8725 else if (strcmp(args[cur_arg], "scheme") == 0) {
8726 if (!*args[cur_arg + 1])
8727 goto missing_arg;
8728
8729 type = REDIRECT_TYPE_SCHEME;
8730 cur_arg++;
8731 destination = args[cur_arg];
8732 }
8733 else if (strcmp(args[cur_arg], "set-cookie") == 0) {
8734 if (!*args[cur_arg + 1])
8735 goto missing_arg;
8736
8737 cur_arg++;
8738 cookie = args[cur_arg];
8739 cookie_set = 1;
8740 }
8741 else if (strcmp(args[cur_arg], "clear-cookie") == 0) {
8742 if (!*args[cur_arg + 1])
8743 goto missing_arg;
8744
8745 cur_arg++;
8746 cookie = args[cur_arg];
8747 cookie_set = 0;
8748 }
8749 else if (strcmp(args[cur_arg], "code") == 0) {
8750 if (!*args[cur_arg + 1])
8751 goto missing_arg;
8752
8753 cur_arg++;
8754 code = atol(args[cur_arg]);
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008755 if (code < 301 || code > 308 || (code > 303 && code < 307)) {
Willy Tarreau4baae242012-12-27 12:00:31 +01008756 memprintf(errmsg,
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008757 "'%s': unsupported HTTP code '%s' (must be one of 301, 302, 303, 307 or 308)",
Willy Tarreau4baae242012-12-27 12:00:31 +01008758 args[cur_arg - 1], args[cur_arg]);
8759 return NULL;
8760 }
8761 }
8762 else if (!strcmp(args[cur_arg],"drop-query")) {
8763 flags |= REDIRECT_FLAG_DROP_QS;
8764 }
8765 else if (!strcmp(args[cur_arg],"append-slash")) {
8766 flags |= REDIRECT_FLAG_APPEND_SLASH;
8767 }
8768 else if (strcmp(args[cur_arg], "if") == 0 ||
8769 strcmp(args[cur_arg], "unless") == 0) {
8770 cond = build_acl_cond(file, linenum, curproxy, (const char **)args + cur_arg, errmsg);
8771 if (!cond) {
8772 memprintf(errmsg, "error in condition: %s", *errmsg);
8773 return NULL;
8774 }
8775 break;
8776 }
8777 else {
8778 memprintf(errmsg,
8779 "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
8780 args[cur_arg]);
8781 return NULL;
8782 }
8783 cur_arg++;
8784 }
8785
8786 if (type == REDIRECT_TYPE_NONE) {
8787 memprintf(errmsg, "redirection type expected ('prefix', 'location', or 'scheme')");
8788 return NULL;
8789 }
8790
8791 rule = (struct redirect_rule *)calloc(1, sizeof(*rule));
8792 rule->cond = cond;
8793 rule->rdr_str = strdup(destination);
8794 rule->rdr_len = strlen(destination);
8795 if (cookie) {
8796 /* depending on cookie_set, either we want to set the cookie, or to clear it.
8797 * a clear consists in appending "; path=/; Max-Age=0;" at the end.
8798 */
8799 rule->cookie_len = strlen(cookie);
8800 if (cookie_set) {
8801 rule->cookie_str = malloc(rule->cookie_len + 10);
8802 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8803 memcpy(rule->cookie_str + rule->cookie_len, "; path=/;", 10);
8804 rule->cookie_len += 9;
8805 } else {
8806 rule->cookie_str = malloc(rule->cookie_len + 21);
8807 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8808 memcpy(rule->cookie_str + rule->cookie_len, "; path=/; Max-Age=0;", 21);
8809 rule->cookie_len += 20;
8810 }
8811 }
8812 rule->type = type;
8813 rule->code = code;
8814 rule->flags = flags;
8815 LIST_INIT(&rule->list);
8816 return rule;
8817
8818 missing_arg:
8819 memprintf(errmsg, "missing argument for '%s'", args[cur_arg]);
8820 return NULL;
8821}
8822
Willy Tarreau8797c062007-05-07 00:55:35 +02008823/************************************************************************/
8824/* The code below is dedicated to ACL parsing and matching */
8825/************************************************************************/
8826
8827
Willy Tarreau14174bc2012-04-16 14:34:04 +02008828/* This function ensures that the prerequisites for an L7 fetch are ready,
8829 * which means that a request or response is ready. If some data is missing,
8830 * a parsing attempt is made. This is useful in TCP-based ACLs which are able
Willy Tarreau24e32d82012-04-23 23:55:44 +02008831 * to extract data from L7. If <req_vol> is non-null during a request prefetch,
8832 * another test is made to ensure the required information is not gone.
Willy Tarreau14174bc2012-04-16 14:34:04 +02008833 *
8834 * The function returns :
Willy Tarreau506d0502013-07-06 13:29:24 +02008835 * 0 with SMP_F_MAY_CHANGE in the sample flags if some data is missing to
8836 * decide whether or not an HTTP message is present ;
8837 * 0 if the requested data cannot be fetched or if it is certain that
8838 * we'll never have any HTTP message there ;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008839 * 1 if an HTTP message is ready
8840 */
8841static int
Willy Tarreau506d0502013-07-06 13:29:24 +02008842smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008843 const struct arg *args, struct sample *smp, int req_vol)
Willy Tarreau14174bc2012-04-16 14:34:04 +02008844{
8845 struct http_txn *txn = l7;
8846 struct http_msg *msg = &txn->req;
8847
8848 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
8849 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
8850 */
8851
8852 if (unlikely(!s || !txn))
8853 return 0;
8854
8855 /* Check for a dependency on a request */
Willy Tarreauf853c462012-04-23 18:53:56 +02008856 smp->type = SMP_T_BOOL;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008857
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008858 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02008859 if (unlikely(!s->req))
8860 return 0;
8861
Willy Tarreauaae75e32013-03-29 12:31:49 +01008862 /* If the buffer does not leave enough free space at the end,
8863 * we must first realign it.
8864 */
8865 if (s->req->buf->p > s->req->buf->data &&
8866 s->req->buf->i + s->req->buf->p > s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)
8867 buffer_slow_realign(s->req->buf);
8868
Willy Tarreau14174bc2012-04-16 14:34:04 +02008869 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
Willy Tarreau472b1ee2013-10-14 22:41:30 +02008870 if (msg->msg_state == HTTP_MSG_ERROR)
Willy Tarreau506d0502013-07-06 13:29:24 +02008871 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008872
8873 /* Try to decode HTTP request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008874 if (likely(msg->next < s->req->buf->i))
Willy Tarreau14174bc2012-04-16 14:34:04 +02008875 http_msg_analyzer(msg, &txn->hdr_idx);
8876
8877 /* Still no valid request ? */
8878 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02008879 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02008880 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau506d0502013-07-06 13:29:24 +02008881 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008882 }
8883 /* wait for final state */
Willy Tarreau37406352012-04-23 16:16:37 +02008884 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008885 return 0;
8886 }
8887
8888 /* OK we just got a valid HTTP request. We have some minor
8889 * preparation to perform so that further checks can rely
8890 * on HTTP tests.
8891 */
Willy Tarreauaae75e32013-03-29 12:31:49 +01008892
8893 /* If the request was parsed but was too large, we must absolutely
8894 * return an error so that it is not processed. At the moment this
8895 * cannot happen, but if the parsers are to change in the future,
8896 * we want this check to be maintained.
8897 */
8898 if (unlikely(s->req->buf->i + s->req->buf->p >
8899 s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)) {
8900 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau506d0502013-07-06 13:29:24 +02008901 smp->data.uint = 1;
Willy Tarreauaae75e32013-03-29 12:31:49 +01008902 return 1;
8903 }
8904
Willy Tarreau9b28e032012-10-12 23:49:43 +02008905 txn->meth = find_http_meth(msg->chn->buf->p, msg->sl.rq.m_l);
Willy Tarreau14174bc2012-04-16 14:34:04 +02008906 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
8907 s->flags |= SN_REDIRECTABLE;
8908
Willy Tarreau506d0502013-07-06 13:29:24 +02008909 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
8910 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008911 }
8912
Willy Tarreau506d0502013-07-06 13:29:24 +02008913 if (req_vol && txn->rsp.msg_state != HTTP_MSG_RPBEFORE) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02008914 return 0; /* data might have moved and indexes changed */
Willy Tarreau506d0502013-07-06 13:29:24 +02008915 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02008916
8917 /* otherwise everything's ready for the request */
8918 }
Willy Tarreau24e32d82012-04-23 23:55:44 +02008919 else {
8920 /* Check for a dependency on a response */
Willy Tarreau506d0502013-07-06 13:29:24 +02008921 if (txn->rsp.msg_state < HTTP_MSG_BODY) {
8922 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008923 return 0;
Willy Tarreau506d0502013-07-06 13:29:24 +02008924 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02008925 }
8926
8927 /* everything's OK */
Willy Tarreau506d0502013-07-06 13:29:24 +02008928 smp->data.uint = 1;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008929 return 1;
8930}
Willy Tarreau8797c062007-05-07 00:55:35 +02008931
Willy Tarreauc0239e02012-04-16 14:42:55 +02008932#define CHECK_HTTP_MESSAGE_FIRST() \
Willy Tarreau506d0502013-07-06 13:29:24 +02008933 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
Willy Tarreauc0239e02012-04-16 14:42:55 +02008934
Willy Tarreau24e32d82012-04-23 23:55:44 +02008935#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
Willy Tarreau506d0502013-07-06 13:29:24 +02008936 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
Willy Tarreau24e32d82012-04-23 23:55:44 +02008937
Willy Tarreau8797c062007-05-07 00:55:35 +02008938
8939/* 1. Check on METHOD
8940 * We use the pre-parsed method if it is known, and store its number as an
8941 * integer. If it is unknown, we use the pointer and the length.
8942 */
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008943static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02008944{
8945 int len, meth;
8946
Willy Tarreauae8b7962007-06-09 23:10:04 +02008947 len = strlen(*text);
8948 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02008949
8950 pattern->val.i = meth;
8951 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02008952 pattern->ptr.str = strdup(*text);
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008953 if (!pattern->ptr.str) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008954 memprintf(err, "out of memory while loading pattern");
Willy Tarreau8797c062007-05-07 00:55:35 +02008955 return 0;
Willy Tarreau7dcb6482012-04-27 17:52:25 +02008956 }
Willy Tarreau8797c062007-05-07 00:55:35 +02008957 pattern->len = len;
8958 }
8959 return 1;
8960}
8961
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008962/* This function fetches the method of current HTTP request and stores
8963 * it in the global pattern struct as a chunk. There are two possibilities :
8964 * - if the method is known (not HTTP_METH_OTHER), its identifier is stored
8965 * in <len> and <ptr> is NULL ;
8966 * - if the method is unknown (HTTP_METH_OTHER), <ptr> points to the text and
8967 * <len> to its length.
8968 * This is intended to be used with acl_match_meth() only.
8969 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02008970static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01008971smp_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02008972 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02008973{
8974 int meth;
8975 struct http_txn *txn = l7;
8976
Willy Tarreau24e32d82012-04-23 23:55:44 +02008977 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreauc11416f2007-06-17 16:58:38 +02008978
Willy Tarreau8797c062007-05-07 00:55:35 +02008979 meth = txn->meth;
Willy Tarreauf853c462012-04-23 18:53:56 +02008980 smp->type = SMP_T_UINT;
8981 smp->data.uint = meth;
Willy Tarreau8797c062007-05-07 00:55:35 +02008982 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02008983 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
8984 /* ensure the indexes are not affected */
8985 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02008986 smp->type = SMP_T_CSTR;
8987 smp->data.str.len = txn->req.sl.rq.m_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008988 smp->data.str.str = txn->req.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02008989 }
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02008990 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02008991 return 1;
8992}
8993
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008994/* See above how the method is stored in the global pattern */
Willy Tarreau37406352012-04-23 16:16:37 +02008995static int acl_match_meth(struct sample *smp, struct acl_pattern *pattern)
Willy Tarreau8797c062007-05-07 00:55:35 +02008996{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02008997 int icase;
8998
Willy Tarreau8e5e9552011-12-16 15:38:49 +01008999
Willy Tarreauf853c462012-04-23 18:53:56 +02009000 if (smp->type == SMP_T_UINT) {
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009001 /* well-known method */
Willy Tarreauf853c462012-04-23 18:53:56 +02009002 if (smp->data.uint == pattern->val.i)
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009003 return ACL_PAT_PASS;
Willy Tarreau11382812008-07-09 16:18:21 +02009004 return ACL_PAT_FAIL;
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009005 }
Willy Tarreau8797c062007-05-07 00:55:35 +02009006
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009007 /* Uncommon method, only HTTP_METH_OTHER is accepted now */
9008 if (pattern->val.i != HTTP_METH_OTHER)
9009 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02009010
9011 /* Other method, we must compare the strings */
Willy Tarreauf853c462012-04-23 18:53:56 +02009012 if (pattern->len != smp->data.str.len)
Willy Tarreau11382812008-07-09 16:18:21 +02009013 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009014
9015 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
Willy Tarreauf853c462012-04-23 18:53:56 +02009016 if ((icase && strncasecmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0) ||
9017 (!icase && strncmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02009018 return ACL_PAT_FAIL;
9019 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02009020}
9021
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009022static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009023smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009024 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009025{
9026 struct http_txn *txn = l7;
9027 char *ptr;
9028 int len;
9029
Willy Tarreauc0239e02012-04-16 14:42:55 +02009030 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009031
Willy Tarreau8797c062007-05-07 00:55:35 +02009032 len = txn->req.sl.rq.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009033 ptr = txn->req.chn->buf->p + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02009034
9035 while ((len-- > 0) && (*ptr++ != '/'));
9036 if (len <= 0)
9037 return 0;
9038
Willy Tarreauf853c462012-04-23 18:53:56 +02009039 smp->type = SMP_T_CSTR;
9040 smp->data.str.str = ptr;
9041 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009042
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009043 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009044 return 1;
9045}
9046
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009047static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009048smp_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009049 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009050{
9051 struct http_txn *txn = l7;
9052 char *ptr;
9053 int len;
9054
Willy Tarreauc0239e02012-04-16 14:42:55 +02009055 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009056
Willy Tarreauf26b2522012-12-14 08:33:14 +01009057 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9058 return 0;
9059
Willy Tarreau8797c062007-05-07 00:55:35 +02009060 len = txn->rsp.sl.st.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009061 ptr = txn->rsp.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009062
9063 while ((len-- > 0) && (*ptr++ != '/'));
9064 if (len <= 0)
9065 return 0;
9066
Willy Tarreauf853c462012-04-23 18:53:56 +02009067 smp->type = SMP_T_CSTR;
9068 smp->data.str.str = ptr;
9069 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009070
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009071 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009072 return 1;
9073}
9074
9075/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009076static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009077smp_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009078 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009079{
9080 struct http_txn *txn = l7;
9081 char *ptr;
9082 int len;
9083
Willy Tarreauc0239e02012-04-16 14:42:55 +02009084 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009085
Willy Tarreauf26b2522012-12-14 08:33:14 +01009086 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9087 return 0;
9088
Willy Tarreau8797c062007-05-07 00:55:35 +02009089 len = txn->rsp.sl.st.c_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009090 ptr = txn->rsp.chn->buf->p + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02009091
Willy Tarreauf853c462012-04-23 18:53:56 +02009092 smp->type = SMP_T_UINT;
9093 smp->data.uint = __strl2ui(ptr, len);
Willy Tarreau37406352012-04-23 16:16:37 +02009094 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009095 return 1;
9096}
9097
9098/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009099static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009100smp_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009101 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009102{
9103 struct http_txn *txn = l7;
9104
Willy Tarreauc0239e02012-04-16 14:42:55 +02009105 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009106
Willy Tarreauf853c462012-04-23 18:53:56 +02009107 smp->type = SMP_T_CSTR;
9108 smp->data.str.len = txn->req.sl.rq.u_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009109 smp->data.str.str = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau37406352012-04-23 16:16:37 +02009110 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009111 return 1;
9112}
9113
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009114static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009115smp_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009116 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009117{
9118 struct http_txn *txn = l7;
9119
Willy Tarreauc0239e02012-04-16 14:42:55 +02009120 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009121
9122 /* Parse HTTP request */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009123 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
9124 if (((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_family != AF_INET)
Willy Tarreauf4362b32011-12-16 17:49:52 +01009125 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02009126 smp->type = SMP_T_IPV4;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009127 smp->data.ipv4 = ((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009128
9129 /*
9130 * If we are parsing url in frontend space, we prepare backend stage
9131 * to not parse again the same url ! optimization lazyness...
9132 */
9133 if (px->options & PR_O_HTTP_PROXY)
9134 l4->flags |= SN_ADDR_SET;
9135
Willy Tarreau37406352012-04-23 16:16:37 +02009136 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009137 return 1;
9138}
9139
9140static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009141smp_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009142 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009143{
9144 struct http_txn *txn = l7;
9145
Willy Tarreauc0239e02012-04-16 14:42:55 +02009146 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009147
9148 /* Same optimization as url_ip */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009149 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
Willy Tarreauf853c462012-04-23 18:53:56 +02009150 smp->type = SMP_T_UINT;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009151 smp->data.uint = ntohs(((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_port);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009152
9153 if (px->options & PR_O_HTTP_PROXY)
9154 l4->flags |= SN_ADDR_SET;
9155
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009156 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009157 return 1;
9158}
9159
Willy Tarreau185b5c42012-04-26 15:11:51 +02009160/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9161 * Accepts an optional argument of type string containing the header field name,
9162 * and an optional argument of type signed or unsigned integer to request an
9163 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009164 * headers are considered from the first one. It does not stop on commas and
9165 * returns full lines instead (useful for User-Agent or Date for example).
9166 */
9167static int
9168smp_fetch_fhdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009169 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009170{
9171 struct http_txn *txn = l7;
9172 struct hdr_idx *idx = &txn->hdr_idx;
9173 struct hdr_ctx *ctx = smp->ctx.a[0];
9174 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9175 int occ = 0;
9176 const char *name_str = NULL;
9177 int name_len = 0;
9178
9179 if (!ctx) {
9180 /* first call */
9181 ctx = &static_hdr_ctx;
9182 ctx->idx = 0;
9183 smp->ctx.a[0] = ctx;
9184 }
9185
9186 if (args) {
9187 if (args[0].type != ARGT_STR)
9188 return 0;
9189 name_str = args[0].data.str.str;
9190 name_len = args[0].data.str.len;
9191
9192 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9193 occ = args[1].data.uint;
9194 }
9195
9196 CHECK_HTTP_MESSAGE_FIRST();
9197
9198 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
9199 /* search for header from the beginning */
9200 ctx->idx = 0;
9201
9202 if (!occ && !(opt & SMP_OPT_ITERATE))
9203 /* no explicit occurrence and single fetch => last header by default */
9204 occ = -1;
9205
9206 if (!occ)
9207 /* prepare to report multiple occurrences for ACL fetches */
9208 smp->flags |= SMP_F_NOT_LAST;
9209
9210 smp->type = SMP_T_CSTR;
9211 smp->flags |= SMP_F_VOL_HDR;
9212 if (http_get_fhdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
9213 return 1;
9214
9215 smp->flags &= ~SMP_F_NOT_LAST;
9216 return 0;
9217}
9218
9219/* 6. Check on HTTP header count. The number of occurrences is returned.
9220 * Accepts exactly 1 argument of type string. It does not stop on commas and
9221 * returns full lines instead (useful for User-Agent or Date for example).
9222 */
9223static int
9224smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009225 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009226{
9227 struct http_txn *txn = l7;
9228 struct hdr_idx *idx = &txn->hdr_idx;
9229 struct hdr_ctx ctx;
9230 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9231 int cnt;
9232
9233 if (!args || args->type != ARGT_STR)
9234 return 0;
9235
9236 CHECK_HTTP_MESSAGE_FIRST();
9237
9238 ctx.idx = 0;
9239 cnt = 0;
9240 while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
9241 cnt++;
9242
9243 smp->type = SMP_T_UINT;
9244 smp->data.uint = cnt;
9245 smp->flags = SMP_F_VOL_HDR;
9246 return 1;
9247}
9248
9249/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9250 * Accepts an optional argument of type string containing the header field name,
9251 * and an optional argument of type signed or unsigned integer to request an
9252 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau185b5c42012-04-26 15:11:51 +02009253 * headers are considered from the first one.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009254 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02009255static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009256smp_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009257 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009258{
9259 struct http_txn *txn = l7;
9260 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009261 struct hdr_ctx *ctx = smp->ctx.a[0];
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009262 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009263 int occ = 0;
9264 const char *name_str = NULL;
9265 int name_len = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009266
Willy Tarreaua890d072013-04-02 12:01:06 +02009267 if (!ctx) {
9268 /* first call */
9269 ctx = &static_hdr_ctx;
9270 ctx->idx = 0;
Willy Tarreauffb6f082013-04-02 23:16:53 +02009271 smp->ctx.a[0] = ctx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009272 }
9273
Willy Tarreau185b5c42012-04-26 15:11:51 +02009274 if (args) {
9275 if (args[0].type != ARGT_STR)
9276 return 0;
9277 name_str = args[0].data.str.str;
9278 name_len = args[0].data.str.len;
9279
9280 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9281 occ = args[1].data.uint;
9282 }
Willy Tarreau34db1082012-04-19 17:16:54 +02009283
Willy Tarreaue333ec92012-04-16 16:26:40 +02009284 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau33a7e692007-06-10 19:45:56 +02009285
Willy Tarreau185b5c42012-04-26 15:11:51 +02009286 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009287 /* search for header from the beginning */
9288 ctx->idx = 0;
9289
Willy Tarreau185b5c42012-04-26 15:11:51 +02009290 if (!occ && !(opt & SMP_OPT_ITERATE))
9291 /* no explicit occurrence and single fetch => last header by default */
9292 occ = -1;
9293
9294 if (!occ)
9295 /* prepare to report multiple occurrences for ACL fetches */
Willy Tarreau37406352012-04-23 16:16:37 +02009296 smp->flags |= SMP_F_NOT_LAST;
Willy Tarreau664092c2011-12-16 19:11:42 +01009297
Willy Tarreau185b5c42012-04-26 15:11:51 +02009298 smp->type = SMP_T_CSTR;
9299 smp->flags |= SMP_F_VOL_HDR;
9300 if (http_get_hdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009301 return 1;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009302
Willy Tarreau37406352012-04-23 16:16:37 +02009303 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009304 return 0;
9305}
9306
Willy Tarreauc11416f2007-06-17 16:58:38 +02009307/* 6. Check on HTTP header count. The number of occurrences is returned.
Willy Tarreau34db1082012-04-19 17:16:54 +02009308 * Accepts exactly 1 argument of type string.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009309 */
9310static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009311smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009312 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009313{
9314 struct http_txn *txn = l7;
9315 struct hdr_idx *idx = &txn->hdr_idx;
9316 struct hdr_ctx ctx;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009317 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009318 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02009319
Willy Tarreau24e32d82012-04-23 23:55:44 +02009320 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009321 return 0;
9322
Willy Tarreaue333ec92012-04-16 16:26:40 +02009323 CHECK_HTTP_MESSAGE_FIRST();
9324
Willy Tarreau33a7e692007-06-10 19:45:56 +02009325 ctx.idx = 0;
9326 cnt = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009327 while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009328 cnt++;
9329
Willy Tarreauf853c462012-04-23 18:53:56 +02009330 smp->type = SMP_T_UINT;
9331 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009332 smp->flags = SMP_F_VOL_HDR;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009333 return 1;
9334}
9335
Willy Tarreau185b5c42012-04-26 15:11:51 +02009336/* Fetch an HTTP header's integer value. The integer value is returned. It
9337 * takes a mandatory argument of type string and an optional one of type int
9338 * to designate a specific occurrence. It returns an unsigned integer, which
9339 * may or may not be appropriate for everything.
Willy Tarreau33a7e692007-06-10 19:45:56 +02009340 */
9341static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009342smp_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009343 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009344{
Willy Tarreauef38c392013-07-22 16:29:32 +02009345 int ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw);
Willy Tarreaue333ec92012-04-16 16:26:40 +02009346
Willy Tarreauf853c462012-04-23 18:53:56 +02009347 if (ret > 0) {
9348 smp->type = SMP_T_UINT;
9349 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
9350 }
Willy Tarreau33a7e692007-06-10 19:45:56 +02009351
Willy Tarreaud53e2422012-04-16 17:21:11 +02009352 return ret;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009353}
9354
Cyril Bonté69fa9922012-10-25 00:01:06 +02009355/* Fetch an HTTP header's IP value. takes a mandatory argument of type string
9356 * and an optional one of type int to designate a specific occurrence.
9357 * It returns an IPv4 or IPv6 address.
Willy Tarreau106f9792009-09-19 07:54:16 +02009358 */
9359static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009360smp_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009361 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau106f9792009-09-19 07:54:16 +02009362{
Willy Tarreaud53e2422012-04-16 17:21:11 +02009363 int ret;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009364
Willy Tarreauef38c392013-07-22 16:29:32 +02009365 while ((ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw)) > 0) {
Cyril Bonté69fa9922012-10-25 00:01:06 +02009366 if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) {
9367 smp->type = SMP_T_IPV4;
Willy Tarreaud53e2422012-04-16 17:21:11 +02009368 break;
Cyril Bonté69fa9922012-10-25 00:01:06 +02009369 } else {
Willy Tarreau47ca5452012-12-23 20:22:19 +01009370 struct chunk *temp = get_trash_chunk();
Cyril Bonté69fa9922012-10-25 00:01:06 +02009371 if (smp->data.str.len < temp->size - 1) {
9372 memcpy(temp->str, smp->data.str.str, smp->data.str.len);
9373 temp->str[smp->data.str.len] = '\0';
9374 if (inet_pton(AF_INET6, temp->str, &smp->data.ipv6)) {
9375 smp->type = SMP_T_IPV6;
9376 break;
9377 }
9378 }
9379 }
9380
Willy Tarreaud53e2422012-04-16 17:21:11 +02009381 /* if the header doesn't match an IP address, fetch next one */
Willy Tarreau185b5c42012-04-26 15:11:51 +02009382 if (!(smp->flags & SMP_F_NOT_LAST))
9383 return 0;
Willy Tarreau106f9792009-09-19 07:54:16 +02009384 }
Willy Tarreaud53e2422012-04-16 17:21:11 +02009385 return ret;
Willy Tarreau106f9792009-09-19 07:54:16 +02009386}
9387
Willy Tarreau737b0c12007-06-10 21:28:46 +02009388/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
9389 * the first '/' after the possible hostname, and ends before the possible '?'.
9390 */
9391static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009392smp_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009393 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009394{
9395 struct http_txn *txn = l7;
9396 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009397
Willy Tarreauc0239e02012-04-16 14:42:55 +02009398 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009399
Willy Tarreau9b28e032012-10-12 23:49:43 +02009400 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01009401 ptr = http_get_path(txn);
9402 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009403 return 0;
9404
9405 /* OK, we got the '/' ! */
Willy Tarreauf853c462012-04-23 18:53:56 +02009406 smp->type = SMP_T_CSTR;
9407 smp->data.str.str = ptr;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009408
9409 while (ptr < end && *ptr != '?')
9410 ptr++;
9411
Willy Tarreauf853c462012-04-23 18:53:56 +02009412 smp->data.str.len = ptr - smp->data.str.str;
Willy Tarreau37406352012-04-23 16:16:37 +02009413 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009414 return 1;
9415}
9416
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009417/* This produces a concatenation of the first occurrence of the Host header
9418 * followed by the path component if it begins with a slash ('/'). This means
9419 * that '*' will not be added, resulting in exactly the first Host entry.
9420 * If no Host header is found, then the path is returned as-is. The returned
9421 * value is stored in the trash so it does not need to be marked constant.
9422 */
9423static int
9424smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009425 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009426{
9427 struct http_txn *txn = l7;
9428 char *ptr, *end, *beg;
9429 struct hdr_ctx ctx;
9430
9431 CHECK_HTTP_MESSAGE_FIRST();
9432
9433 ctx.idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009434 if (!http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx) ||
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009435 !ctx.vlen)
Willy Tarreauef38c392013-07-22 16:29:32 +02009436 return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009437
9438 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009439 memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009440 smp->type = SMP_T_STR;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009441 smp->data.str.str = trash.str;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009442 smp->data.str.len = ctx.vlen;
9443
9444 /* now retrieve the path */
Willy Tarreau9b28e032012-10-12 23:49:43 +02009445 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009446 beg = http_get_path(txn);
9447 if (!beg)
9448 beg = end;
9449
9450 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9451
9452 if (beg < ptr && *beg == '/') {
9453 memcpy(smp->data.str.str + smp->data.str.len, beg, ptr - beg);
9454 smp->data.str.len += ptr - beg;
9455 }
9456
9457 smp->flags = SMP_F_VOL_1ST;
9458 return 1;
9459}
9460
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009461/* This produces a 32-bit hash of the concatenation of the first occurrence of
9462 * the Host header followed by the path component if it begins with a slash ('/').
9463 * This means that '*' will not be added, resulting in exactly the first Host
9464 * entry. If no Host header is found, then the path is used. The resulting value
Neil - HAProxy List39c63c52013-11-04 13:48:42 +00009465 * is hashed using the path hash followed by a full avalanche hash and provides a
9466 * 32-bit integer value. This fetch is useful for tracking per-path activity on
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009467 * high-traffic sites without having to store whole paths.
9468 */
9469static int
9470smp_fetch_base32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009471 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009472{
9473 struct http_txn *txn = l7;
9474 struct hdr_ctx ctx;
9475 unsigned int hash = 0;
9476 char *ptr, *beg, *end;
9477 int len;
9478
9479 CHECK_HTTP_MESSAGE_FIRST();
9480
9481 ctx.idx = 0;
9482 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
9483 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
9484 ptr = ctx.line + ctx.val;
9485 len = ctx.vlen;
9486 while (len--)
9487 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
9488 }
9489
9490 /* now retrieve the path */
9491 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
9492 beg = http_get_path(txn);
9493 if (!beg)
9494 beg = end;
9495
9496 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9497
9498 if (beg < ptr && *beg == '/') {
9499 while (beg < ptr)
9500 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
9501 }
9502 hash = full_hash(hash);
9503
9504 smp->type = SMP_T_UINT;
9505 smp->data.uint = hash;
9506 smp->flags = SMP_F_VOL_1ST;
9507 return 1;
9508}
9509
Willy Tarreau4a550602012-12-09 14:53:32 +01009510/* This concatenates the source address with the 32-bit hash of the Host and
Neil - HAProxy List39c63c52013-11-04 13:48:42 +00009511 * path as returned by smp_fetch_base32(). The idea is to have per-source and
9512 * per-path counters. The result is a binary block from 8 to 20 bytes depending
9513 * on the source address length. The path hash is stored before the address so
Willy Tarreau4a550602012-12-09 14:53:32 +01009514 * that in environments where IPv6 is insignificant, truncating the output to
9515 * 8 bytes would still work.
9516 */
9517static int
9518smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009519 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a550602012-12-09 14:53:32 +01009520{
Willy Tarreau47ca5452012-12-23 20:22:19 +01009521 struct chunk *temp;
Willy Tarreau4a550602012-12-09 14:53:32 +01009522
Willy Tarreauef38c392013-07-22 16:29:32 +02009523 if (!smp_fetch_base32(px, l4, l7, opt, args, smp, kw))
Willy Tarreau4a550602012-12-09 14:53:32 +01009524 return 0;
9525
Willy Tarreau47ca5452012-12-23 20:22:19 +01009526 temp = get_trash_chunk();
Willy Tarreau4a550602012-12-09 14:53:32 +01009527 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
9528 temp->len += sizeof(smp->data.uint);
9529
9530 switch (l4->si[0].conn->addr.from.ss_family) {
9531 case AF_INET:
9532 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&l4->si[0].conn->addr.from)->sin_addr, 4);
9533 temp->len += 4;
9534 break;
9535 case AF_INET6:
9536 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)(&l4->si[0].conn->addr.from))->sin6_addr, 16);
9537 temp->len += 16;
9538 break;
9539 default:
9540 return 0;
9541 }
9542
9543 smp->data.str = *temp;
9544 smp->type = SMP_T_BIN;
9545 return 1;
9546}
9547
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009548static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009549smp_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009550 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009551{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009552 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
9553 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
9554 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009555
Willy Tarreau24e32d82012-04-23 23:55:44 +02009556 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009557
Willy Tarreauf853c462012-04-23 18:53:56 +02009558 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009559 smp->data.uint = 1;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009560 return 1;
9561}
9562
Willy Tarreau7f18e522010-10-22 20:04:13 +02009563/* return a valid test if the current request is the first one on the connection */
9564static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009565smp_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009566 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7f18e522010-10-22 20:04:13 +02009567{
9568 if (!s)
9569 return 0;
9570
Willy Tarreauf853c462012-04-23 18:53:56 +02009571 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009572 smp->data.uint = !(s->txn.flags & TX_NOT_FIRST);
Willy Tarreau7f18e522010-10-22 20:04:13 +02009573 return 1;
9574}
9575
Willy Tarreau34db1082012-04-19 17:16:54 +02009576/* Accepts exactly 1 argument of type userlist */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009577static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009578smp_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009579 const struct arg *args, struct sample *smp, const char *kw)
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009580{
9581
Willy Tarreau24e32d82012-04-23 23:55:44 +02009582 if (!args || args->type != ARGT_USR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009583 return 0;
9584
Willy Tarreauc0239e02012-04-16 14:42:55 +02009585 CHECK_HTTP_MESSAGE_FIRST();
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009586
Willy Tarreauc0239e02012-04-16 14:42:55 +02009587 if (!get_http_auth(l4))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009588 return 0;
9589
Willy Tarreauf853c462012-04-23 18:53:56 +02009590 smp->type = SMP_T_BOOL;
Willy Tarreau24e32d82012-04-23 23:55:44 +02009591 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009592 return 1;
9593}
Willy Tarreau8797c062007-05-07 00:55:35 +02009594
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009595/* Accepts exactly 1 argument of type userlist */
9596static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009597smp_fetch_http_auth_grp(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009598 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009599{
9600
9601 if (!args || args->type != ARGT_USR)
9602 return 0;
9603
9604 CHECK_HTTP_MESSAGE_FIRST();
9605
9606 if (!get_http_auth(l4))
9607 return 0;
9608
9609 /* acl_match_auth() will need several information at once */
9610 smp->ctx.a[0] = args->data.usr; /* user list */
9611 smp->ctx.a[1] = l4->txn.auth.user; /* user name */
9612 smp->ctx.a[2] = l4->txn.auth.pass; /* password */
9613
9614 /* if the user does not belong to the userlist or has a wrong password,
9615 * report that it unconditionally does not match. Otherwise we return
9616 * a non-zero integer which will be ignored anyway since all the params
9617 * that acl_match_auth() will use are in test->ctx.a[0,1,2].
9618 */
9619 smp->type = SMP_T_BOOL;
9620 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
9621 if (smp->data.uint)
9622 smp->type = SMP_T_UINT;
9623
9624 return 1;
9625}
9626
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009627/* Try to find the next occurrence of a cookie name in a cookie header value.
9628 * The lookup begins at <hdr>. The pointer and size of the next occurrence of
9629 * the cookie value is returned into *value and *value_l, and the function
9630 * returns a pointer to the next pointer to search from if the value was found.
9631 * Otherwise if the cookie was not found, NULL is returned and neither value
9632 * nor value_l are touched. The input <hdr> string should first point to the
9633 * header's value, and the <hdr_end> pointer must point to the first character
9634 * not part of the value. <list> must be non-zero if value may represent a list
9635 * of values (cookie headers). This makes it faster to abort parsing when no
9636 * list is expected.
9637 */
9638static char *
9639extract_cookie_value(char *hdr, const char *hdr_end,
9640 char *cookie_name, size_t cookie_name_l, int list,
Willy Tarreau3fb818c2012-04-11 17:21:08 +02009641 char **value, int *value_l)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009642{
9643 char *equal, *att_end, *att_beg, *val_beg, *val_end;
9644 char *next;
9645
9646 /* we search at least a cookie name followed by an equal, and more
9647 * generally something like this :
9648 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
9649 */
9650 for (att_beg = hdr; att_beg + cookie_name_l + 1 < hdr_end; att_beg = next + 1) {
9651 /* Iterate through all cookies on this line */
9652
9653 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
9654 att_beg++;
9655
9656 /* find att_end : this is the first character after the last non
9657 * space before the equal. It may be equal to hdr_end.
9658 */
9659 equal = att_end = att_beg;
9660
9661 while (equal < hdr_end) {
9662 if (*equal == '=' || *equal == ';' || (list && *equal == ','))
9663 break;
9664 if (http_is_spht[(unsigned char)*equal++])
9665 continue;
9666 att_end = equal;
9667 }
9668
9669 /* here, <equal> points to '=', a delimitor or the end. <att_end>
9670 * is between <att_beg> and <equal>, both may be identical.
9671 */
9672
9673 /* look for end of cookie if there is an equal sign */
9674 if (equal < hdr_end && *equal == '=') {
9675 /* look for the beginning of the value */
9676 val_beg = equal + 1;
9677 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
9678 val_beg++;
9679
9680 /* find the end of the value, respecting quotes */
9681 next = find_cookie_value_end(val_beg, hdr_end);
9682
9683 /* make val_end point to the first white space or delimitor after the value */
9684 val_end = next;
9685 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
9686 val_end--;
9687 } else {
9688 val_beg = val_end = next = equal;
9689 }
9690
9691 /* We have nothing to do with attributes beginning with '$'. However,
9692 * they will automatically be removed if a header before them is removed,
9693 * since they're supposed to be linked together.
9694 */
9695 if (*att_beg == '$')
9696 continue;
9697
9698 /* Ignore cookies with no equal sign */
9699 if (equal == next)
9700 continue;
9701
9702 /* Now we have the cookie name between att_beg and att_end, and
9703 * its value between val_beg and val_end.
9704 */
9705
9706 if (att_end - att_beg == cookie_name_l &&
9707 memcmp(att_beg, cookie_name, cookie_name_l) == 0) {
9708 /* let's return this value and indicate where to go on from */
9709 *value = val_beg;
9710 *value_l = val_end - val_beg;
9711 return next + 1;
9712 }
9713
9714 /* Set-Cookie headers only have the name in the first attr=value part */
9715 if (!list)
9716 break;
9717 }
9718
9719 return NULL;
9720}
9721
Willy Tarreaue333ec92012-04-16 16:26:40 +02009722/* Iterate over all cookies present in a message. The context is stored in
Willy Tarreau37406352012-04-23 16:16:37 +02009723 * smp->ctx.a[0] for the in-header position, smp->ctx.a[1] for the
Willy Tarreaua890d072013-04-02 12:01:06 +02009724 * end-of-header-value, and smp->ctx.a[2] for the hdr_ctx. Depending on
Willy Tarreaue333ec92012-04-16 16:26:40 +02009725 * the direction, multiple cookies may be parsed on the same line or not.
Willy Tarreau24e32d82012-04-23 23:55:44 +02009726 * The cookie name is in args and the name length in args->data.str.len.
Willy Tarreau28376d62012-04-26 21:26:10 +02009727 * Accepts exactly 1 argument of type string. If the input options indicate
9728 * that no iterating is desired, then only last value is fetched if any.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009729 */
9730static int
Willy Tarreau51539362012-05-08 12:46:28 +02009731smp_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009732 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009733{
9734 struct http_txn *txn = l7;
9735 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009736 struct hdr_ctx *ctx = smp->ctx.a[2];
Willy Tarreaue333ec92012-04-16 16:26:40 +02009737 const struct http_msg *msg;
9738 const char *hdr_name;
9739 int hdr_name_len;
9740 char *sol;
Willy Tarreau28376d62012-04-26 21:26:10 +02009741 int occ = 0;
9742 int found = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009743
Willy Tarreau24e32d82012-04-23 23:55:44 +02009744 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009745 return 0;
9746
Willy Tarreaua890d072013-04-02 12:01:06 +02009747 if (!ctx) {
9748 /* first call */
9749 ctx = &static_hdr_ctx;
9750 ctx->idx = 0;
9751 smp->ctx.a[2] = ctx;
9752 }
9753
Willy Tarreaue333ec92012-04-16 16:26:40 +02009754 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009755
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009756 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02009757 msg = &txn->req;
9758 hdr_name = "Cookie";
9759 hdr_name_len = 6;
9760 } else {
9761 msg = &txn->rsp;
9762 hdr_name = "Set-Cookie";
9763 hdr_name_len = 10;
9764 }
9765
Willy Tarreau28376d62012-04-26 21:26:10 +02009766 if (!occ && !(opt & SMP_OPT_ITERATE))
9767 /* no explicit occurrence and single fetch => last cookie by default */
9768 occ = -1;
9769
9770 /* OK so basically here, either we want only one value and it's the
9771 * last one, or we want to iterate over all of them and we fetch the
9772 * next one.
9773 */
9774
Willy Tarreau9b28e032012-10-12 23:49:43 +02009775 sol = msg->chn->buf->p;
Willy Tarreau37406352012-04-23 16:16:37 +02009776 if (!(smp->flags & SMP_F_NOT_LAST)) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009777 /* search for the header from the beginning, we must first initialize
9778 * the search parameters.
9779 */
Willy Tarreau37406352012-04-23 16:16:37 +02009780 smp->ctx.a[0] = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009781 ctx->idx = 0;
9782 }
9783
Willy Tarreau28376d62012-04-26 21:26:10 +02009784 smp->flags |= SMP_F_VOL_HDR;
9785
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009786 while (1) {
Willy Tarreau37406352012-04-23 16:16:37 +02009787 /* Note: smp->ctx.a[0] == NULL every time we need to fetch a new header */
9788 if (!smp->ctx.a[0]) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009789 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, ctx))
9790 goto out;
9791
Willy Tarreau24e32d82012-04-23 23:55:44 +02009792 if (ctx->vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009793 continue;
9794
Willy Tarreau37406352012-04-23 16:16:37 +02009795 smp->ctx.a[0] = ctx->line + ctx->val;
9796 smp->ctx.a[1] = smp->ctx.a[0] + ctx->vlen;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009797 }
9798
Willy Tarreauf853c462012-04-23 18:53:56 +02009799 smp->type = SMP_T_CSTR;
Willy Tarreau37406352012-04-23 16:16:37 +02009800 smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
Willy Tarreau24e32d82012-04-23 23:55:44 +02009801 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009802 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02009803 &smp->data.str.str,
9804 &smp->data.str.len);
Willy Tarreau37406352012-04-23 16:16:37 +02009805 if (smp->ctx.a[0]) {
Willy Tarreau28376d62012-04-26 21:26:10 +02009806 found = 1;
9807 if (occ >= 0) {
9808 /* one value was returned into smp->data.str.{str,len} */
9809 smp->flags |= SMP_F_NOT_LAST;
9810 return 1;
9811 }
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009812 }
Willy Tarreau28376d62012-04-26 21:26:10 +02009813 /* if we're looking for last occurrence, let's loop */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009814 }
Willy Tarreau28376d62012-04-26 21:26:10 +02009815 /* all cookie headers and values were scanned. If we're looking for the
9816 * last occurrence, we may return it now.
9817 */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009818 out:
Willy Tarreau37406352012-04-23 16:16:37 +02009819 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau28376d62012-04-26 21:26:10 +02009820 return found;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009821}
9822
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009823/* Iterate over all cookies present in a request to count how many occurrences
Willy Tarreau24e32d82012-04-23 23:55:44 +02009824 * match the name in args and args->data.str.len. If <multi> is non-null, then
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009825 * multiple cookies may be parsed on the same line.
Willy Tarreau34db1082012-04-19 17:16:54 +02009826 * Accepts exactly 1 argument of type string.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009827 */
9828static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009829smp_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009830 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009831{
9832 struct http_txn *txn = l7;
9833 struct hdr_idx *idx = &txn->hdr_idx;
9834 struct hdr_ctx ctx;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009835 const struct http_msg *msg;
9836 const char *hdr_name;
9837 int hdr_name_len;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009838 int cnt;
9839 char *val_beg, *val_end;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009840 char *sol;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009841
Willy Tarreau24e32d82012-04-23 23:55:44 +02009842 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009843 return 0;
9844
Willy Tarreaue333ec92012-04-16 16:26:40 +02009845 CHECK_HTTP_MESSAGE_FIRST();
9846
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009847 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02009848 msg = &txn->req;
9849 hdr_name = "Cookie";
9850 hdr_name_len = 6;
9851 } else {
9852 msg = &txn->rsp;
9853 hdr_name = "Set-Cookie";
9854 hdr_name_len = 10;
9855 }
9856
Willy Tarreau9b28e032012-10-12 23:49:43 +02009857 sol = msg->chn->buf->p;
Willy Tarreau46787ed2012-04-11 17:28:40 +02009858 val_end = val_beg = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009859 ctx.idx = 0;
9860 cnt = 0;
9861
9862 while (1) {
9863 /* Note: val_beg == NULL every time we need to fetch a new header */
9864 if (!val_beg) {
9865 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, &ctx))
9866 break;
9867
Willy Tarreau24e32d82012-04-23 23:55:44 +02009868 if (ctx.vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009869 continue;
9870
9871 val_beg = ctx.line + ctx.val;
9872 val_end = val_beg + ctx.vlen;
9873 }
9874
Willy Tarreauf853c462012-04-23 18:53:56 +02009875 smp->type = SMP_T_CSTR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009876 while ((val_beg = extract_cookie_value(val_beg, val_end,
Willy Tarreau24e32d82012-04-23 23:55:44 +02009877 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009878 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02009879 &smp->data.str.str,
9880 &smp->data.str.len))) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009881 cnt++;
9882 }
9883 }
9884
Willy Tarreauf853c462012-04-23 18:53:56 +02009885 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009886 smp->flags |= SMP_F_VOL_HDR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009887 return 1;
9888}
9889
Willy Tarreau51539362012-05-08 12:46:28 +02009890/* Fetch an cookie's integer value. The integer value is returned. It
9891 * takes a mandatory argument of type string. It relies on smp_fetch_cookie().
9892 */
9893static int
9894smp_fetch_cookie_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009895 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau51539362012-05-08 12:46:28 +02009896{
Willy Tarreauef38c392013-07-22 16:29:32 +02009897 int ret = smp_fetch_cookie(px, l4, l7, opt, args, smp, kw);
Willy Tarreau51539362012-05-08 12:46:28 +02009898
9899 if (ret > 0) {
9900 smp->type = SMP_T_UINT;
9901 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
9902 }
9903
9904 return ret;
9905}
9906
Willy Tarreau8797c062007-05-07 00:55:35 +02009907/************************************************************************/
Willy Tarreau12785782012-04-27 21:37:17 +02009908/* The code below is dedicated to sample fetches */
Willy Tarreau4a568972010-05-12 08:08:50 +02009909/************************************************************************/
9910
David Cournapeau16023ee2010-12-23 20:55:41 +09009911/*
9912 * Given a path string and its length, find the position of beginning of the
9913 * query string. Returns NULL if no query string is found in the path.
9914 *
9915 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
9916 *
9917 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
9918 */
bedis4c75cca2012-10-05 08:38:24 +02009919static inline char *find_param_list(char *path, size_t path_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009920{
9921 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +02009922
bedis4c75cca2012-10-05 08:38:24 +02009923 p = memchr(path, delim, path_l);
David Cournapeau16023ee2010-12-23 20:55:41 +09009924 return p ? p + 1 : NULL;
9925}
9926
bedis4c75cca2012-10-05 08:38:24 +02009927static inline int is_param_delimiter(char c, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009928{
bedis4c75cca2012-10-05 08:38:24 +02009929 return c == '&' || c == ';' || c == delim;
David Cournapeau16023ee2010-12-23 20:55:41 +09009930}
9931
9932/*
9933 * Given a url parameter, find the starting position of the first occurence,
9934 * or NULL if the parameter is not found.
9935 *
9936 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
9937 * the function will return query_string+8.
9938 */
9939static char*
9940find_url_param_pos(char* query_string, size_t query_string_l,
bedis4c75cca2012-10-05 08:38:24 +02009941 char* url_param_name, size_t url_param_name_l,
9942 char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009943{
9944 char *pos, *last;
9945
9946 pos = query_string;
9947 last = query_string + query_string_l - url_param_name_l - 1;
9948
9949 while (pos <= last) {
9950 if (pos[url_param_name_l] == '=') {
9951 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
9952 return pos;
9953 pos += url_param_name_l + 1;
9954 }
bedis4c75cca2012-10-05 08:38:24 +02009955 while (pos <= last && !is_param_delimiter(*pos, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +09009956 pos++;
9957 pos++;
9958 }
9959 return NULL;
9960}
9961
9962/*
9963 * Given a url parameter name, returns its value and size into *value and
9964 * *value_l respectively, and returns non-zero. If the parameter is not found,
9965 * zero is returned and value/value_l are not touched.
9966 */
9967static int
9968find_url_param_value(char* path, size_t path_l,
9969 char* url_param_name, size_t url_param_name_l,
bedis4c75cca2012-10-05 08:38:24 +02009970 char** value, int* value_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009971{
9972 char *query_string, *qs_end;
9973 char *arg_start;
9974 char *value_start, *value_end;
9975
bedis4c75cca2012-10-05 08:38:24 +02009976 query_string = find_param_list(path, path_l, delim);
David Cournapeau16023ee2010-12-23 20:55:41 +09009977 if (!query_string)
9978 return 0;
9979
9980 qs_end = path + path_l;
9981 arg_start = find_url_param_pos(query_string, qs_end - query_string,
bedis4c75cca2012-10-05 08:38:24 +02009982 url_param_name, url_param_name_l,
9983 delim);
David Cournapeau16023ee2010-12-23 20:55:41 +09009984 if (!arg_start)
9985 return 0;
9986
9987 value_start = arg_start + url_param_name_l + 1;
9988 value_end = value_start;
9989
bedis4c75cca2012-10-05 08:38:24 +02009990 while ((value_end < qs_end) && !is_param_delimiter(*value_end, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +09009991 value_end++;
9992
9993 *value = value_start;
9994 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +01009995 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +09009996}
9997
9998static int
Willy Tarreau25c1ebc2012-04-25 16:21:44 +02009999smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010000 const struct arg *args, struct sample *smp, const char *kw)
David Cournapeau16023ee2010-12-23 20:55:41 +090010001{
bedis4c75cca2012-10-05 08:38:24 +020010002 char delim = '?';
David Cournapeau16023ee2010-12-23 20:55:41 +090010003 struct http_txn *txn = l7;
10004 struct http_msg *msg = &txn->req;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010005
bedis4c75cca2012-10-05 08:38:24 +020010006 if (!args || args[0].type != ARGT_STR ||
10007 (args[1].type && args[1].type != ARGT_STR))
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010008 return 0;
10009
10010 CHECK_HTTP_MESSAGE_FIRST();
David Cournapeau16023ee2010-12-23 20:55:41 +090010011
bedis4c75cca2012-10-05 08:38:24 +020010012 if (args[1].type)
10013 delim = *args[1].data.str.str;
10014
Willy Tarreau9b28e032012-10-12 23:49:43 +020010015 if (!find_url_param_value(msg->chn->buf->p + msg->sl.rq.u, msg->sl.rq.u_l,
bedis4c75cca2012-10-05 08:38:24 +020010016 args->data.str.str, args->data.str.len,
10017 &smp->data.str.str, &smp->data.str.len,
10018 delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010019 return 0;
10020
Willy Tarreaub8c8f1f2012-04-23 22:38:26 +020010021 smp->type = SMP_T_CSTR;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010022 smp->flags = SMP_F_VOL_1ST;
David Cournapeau16023ee2010-12-23 20:55:41 +090010023 return 1;
10024}
10025
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010026/* Return the signed integer value for the specified url parameter (see url_param
10027 * above).
10028 */
10029static int
10030smp_fetch_url_param_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010031 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010032{
Willy Tarreauef38c392013-07-22 16:29:32 +020010033 int ret = smp_fetch_url_param(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010034
10035 if (ret > 0) {
10036 smp->type = SMP_T_UINT;
10037 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10038 }
10039
10040 return ret;
10041}
10042
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010043/* This produces a 32-bit hash of the concatenation of the first occurrence of
10044 * the Host header followed by the path component if it begins with a slash ('/').
10045 * This means that '*' will not be added, resulting in exactly the first Host
10046 * entry. If no Host header is found, then the path is used. The resulting value
10047 * is hashed using the url hash followed by a full avalanche hash and provides a
10048 * 32-bit integer value. This fetch is useful for tracking per-URL activity on
10049 * high-traffic sites without having to store whole paths.
10050 * this differs from the base32 functions in that it includes the url parameters
10051 * as well as the path
10052 */
10053static int
10054smp_fetch_url32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010055 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010056{
10057 struct http_txn *txn = l7;
10058 struct hdr_ctx ctx;
10059 unsigned int hash = 0;
10060 char *ptr, *beg, *end;
10061 int len;
10062
10063 CHECK_HTTP_MESSAGE_FIRST();
10064
10065 ctx.idx = 0;
10066 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
10067 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
10068 ptr = ctx.line + ctx.val;
10069 len = ctx.vlen;
10070 while (len--)
10071 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
10072 }
10073
10074 /* now retrieve the path */
10075 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
10076 beg = http_get_path(txn);
10077 if (!beg)
10078 beg = end;
10079
10080 for (ptr = beg; ptr < end ; ptr++);
10081
10082 if (beg < ptr && *beg == '/') {
10083 while (beg < ptr)
10084 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
10085 }
10086 hash = full_hash(hash);
10087
10088 smp->type = SMP_T_UINT;
10089 smp->data.uint = hash;
10090 smp->flags = SMP_F_VOL_1ST;
10091 return 1;
10092}
10093
10094/* This concatenates the source address with the 32-bit hash of the Host and
10095 * URL as returned by smp_fetch_base32(). The idea is to have per-source and
10096 * per-url counters. The result is a binary block from 8 to 20 bytes depending
10097 * on the source address length. The URL hash is stored before the address so
10098 * that in environments where IPv6 is insignificant, truncating the output to
10099 * 8 bytes would still work.
10100 */
10101static int
10102smp_fetch_url32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010103 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010104{
10105 struct chunk *temp;
10106
Willy Tarreaue155ec22013-11-18 18:33:22 +010010107 if (!smp_fetch_url32(px, l4, l7, opt, args, smp, kw))
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010108 return 0;
10109
10110 temp = get_trash_chunk();
10111 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
10112 temp->len += sizeof(smp->data.uint);
10113
10114 switch (l4->si[0].conn->addr.from.ss_family) {
10115 case AF_INET:
10116 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&l4->si[0].conn->addr.from)->sin_addr, 4);
10117 temp->len += 4;
10118 break;
10119 case AF_INET6:
10120 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)(&l4->si[0].conn->addr.from))->sin6_addr, 16);
10121 temp->len += 16;
10122 break;
10123 default:
10124 return 0;
10125 }
10126
10127 smp->data.str = *temp;
10128 smp->type = SMP_T_BIN;
10129 return 1;
10130}
10131
Willy Tarreau185b5c42012-04-26 15:11:51 +020010132/* This function is used to validate the arguments passed to any "hdr" fetch
10133 * keyword. These keywords support an optional positive or negative occurrence
10134 * number. We must ensure that the number is greater than -MAX_HDR_HISTORY. It
10135 * is assumed that the types are already the correct ones. Returns 0 on error,
10136 * non-zero if OK. If <err> is not NULL, it will be filled with a pointer to an
10137 * error message in case of error, that the caller is responsible for freeing.
10138 * The initial location must either be freeable or NULL.
10139 */
10140static int val_hdr(struct arg *arg, char **err_msg)
10141{
10142 if (arg && arg[1].type == ARGT_SINT && arg[1].data.sint < -MAX_HDR_HISTORY) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +020010143 memprintf(err_msg, "header occurrence must be >= %d", -MAX_HDR_HISTORY);
Willy Tarreau185b5c42012-04-26 15:11:51 +020010144 return 0;
10145 }
10146 return 1;
10147}
10148
Willy Tarreau276fae92013-07-25 14:36:01 +020010149/* takes an UINT value on input supposed to represent the time since EPOCH,
10150 * adds an optional offset found in args[0] and emits a string representing
10151 * the date in RFC-1123/5322 format.
10152 */
10153static int sample_conv_http_date(const struct arg *args, struct sample *smp)
10154{
10155 const char day[7][4] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
10156 const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
10157 struct chunk *temp;
10158 struct tm *tm;
10159 time_t curr_date = smp->data.uint;
10160
10161 /* add offset */
10162 if (args && (args[0].type == ARGT_SINT || args[0].type == ARGT_UINT))
10163 curr_date += args[0].data.sint;
10164
10165 tm = gmtime(&curr_date);
10166
10167 temp = get_trash_chunk();
10168 temp->len = snprintf(temp->str, temp->size - temp->len,
10169 "%s, %02d %s %04d %02d:%02d:%02d GMT",
10170 day[tm->tm_wday], tm->tm_mday, mon[tm->tm_mon], 1900+tm->tm_year,
10171 tm->tm_hour, tm->tm_min, tm->tm_sec);
10172
10173 smp->data.str = *temp;
10174 smp->type = SMP_T_STR;
10175 return 1;
10176}
10177
Willy Tarreau4a568972010-05-12 08:08:50 +020010178/************************************************************************/
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010179/* All supported ACL keywords must be declared here. */
10180/************************************************************************/
10181
10182/* Note: must not be declared <const> as its list will be overwritten.
10183 * Please take care of keeping this list alphabetically sorted.
10184 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010185static struct acl_kw_list acl_kws = {ILH, {
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010186 { "base", "base", acl_parse_str, acl_match_str },
10187 { "base_beg", "base", acl_parse_str, acl_match_beg },
10188 { "base_dir", "base", acl_parse_str, acl_match_dir },
10189 { "base_dom", "base", acl_parse_str, acl_match_dom },
10190 { "base_end", "base", acl_parse_str, acl_match_end },
10191 { "base_len", "base", acl_parse_int, acl_match_len },
10192 { "base_reg", "base", acl_parse_reg, acl_match_reg },
10193 { "base_sub", "base", acl_parse_str, acl_match_sub },
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010194
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010195 { "cook", "req.cook", acl_parse_str, acl_match_str },
10196 { "cook_beg", "req.cook", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010197 { "cook_dir", "req.cook", acl_parse_str, acl_match_dir },
10198 { "cook_dom", "req.cook", acl_parse_str, acl_match_dom },
10199 { "cook_end", "req.cook", acl_parse_str, acl_match_end },
10200 { "cook_len", "req.cook", acl_parse_int, acl_match_len },
10201 { "cook_reg", "req.cook", acl_parse_reg, acl_match_reg },
10202 { "cook_sub", "req.cook", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010203
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010204 { "hdr", "req.hdr", acl_parse_str, acl_match_str },
10205 { "hdr_beg", "req.hdr", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010206 { "hdr_dir", "req.hdr", acl_parse_str, acl_match_dir },
10207 { "hdr_dom", "req.hdr", acl_parse_str, acl_match_dom },
10208 { "hdr_end", "req.hdr", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010209 { "hdr_len", "req.hdr", acl_parse_int, acl_match_len },
10210 { "hdr_reg", "req.hdr", acl_parse_reg, acl_match_reg },
10211 { "hdr_sub", "req.hdr", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010212
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010213 { "http_auth_group", NULL, acl_parse_strcat, acl_match_auth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010214
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010215 { "method", NULL, acl_parse_meth, acl_match_meth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010216
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010217 { "path", "path", acl_parse_str, acl_match_str },
10218 { "path_beg", "path", acl_parse_str, acl_match_beg },
10219 { "path_dir", "path", acl_parse_str, acl_match_dir },
10220 { "path_dom", "path", acl_parse_str, acl_match_dom },
10221 { "path_end", "path", acl_parse_str, acl_match_end },
10222 { "path_len", "path", acl_parse_int, acl_match_len },
10223 { "path_reg", "path", acl_parse_reg, acl_match_reg },
10224 { "path_sub", "path", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010225
Willy Tarreauff5afcc2013-03-31 18:49:18 +020010226 { "req_ver", "req.ver", acl_parse_str, acl_match_str },
10227 { "resp_ver", "res.ver", acl_parse_str, acl_match_str },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010228
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010229 { "scook", "res.cook", acl_parse_str, acl_match_str },
10230 { "scook_beg", "res.cook", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010231 { "scook_dir", "res.cook", acl_parse_str, acl_match_dir },
10232 { "scook_dom", "res.cook", acl_parse_str, acl_match_dom },
10233 { "scook_end", "res.cook", acl_parse_str, acl_match_end },
10234 { "scook_len", "res.cook", acl_parse_int, acl_match_len },
10235 { "scook_reg", "res.cook", acl_parse_reg, acl_match_reg },
10236 { "scook_sub", "res.cook", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010237
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010238 { "shdr", "res.hdr", acl_parse_str, acl_match_str },
10239 { "shdr_beg", "res.hdr", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010240 { "shdr_dir", "res.hdr", acl_parse_str, acl_match_dir },
10241 { "shdr_dom", "res.hdr", acl_parse_str, acl_match_dom },
10242 { "shdr_end", "res.hdr", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010243 { "shdr_len", "res.hdr", acl_parse_int, acl_match_len },
10244 { "shdr_reg", "res.hdr", acl_parse_reg, acl_match_reg },
10245 { "shdr_sub", "res.hdr", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010246
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010247 { "url", "url", acl_parse_str, acl_match_str },
10248 { "url_beg", "url", acl_parse_str, acl_match_beg },
10249 { "url_dir", "url", acl_parse_str, acl_match_dir },
10250 { "url_dom", "url", acl_parse_str, acl_match_dom },
10251 { "url_end", "url", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010252 { "url_len", "url", acl_parse_int, acl_match_len },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010253 { "url_reg", "url", acl_parse_reg, acl_match_reg },
10254 { "url_sub", "url", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010255
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010256 { "urlp", "urlp", acl_parse_str, acl_match_str },
10257 { "urlp_beg", "urlp", acl_parse_str, acl_match_beg },
10258 { "urlp_dir", "urlp", acl_parse_str, acl_match_dir },
10259 { "urlp_dom", "urlp", acl_parse_str, acl_match_dom },
10260 { "urlp_end", "urlp", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010261 { "urlp_len", "urlp", acl_parse_int, acl_match_len },
10262 { "urlp_reg", "urlp", acl_parse_reg, acl_match_reg },
10263 { "urlp_sub", "urlp", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010264
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010265 { /* END */ },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010266}};
10267
10268/************************************************************************/
10269/* All supported pattern keywords must be declared here. */
Willy Tarreau4a568972010-05-12 08:08:50 +020010270/************************************************************************/
10271/* Note: must not be declared <const> as its list will be overwritten */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010272static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Willy Tarreau409bcde2013-01-08 00:31:00 +010010273 { "base", smp_fetch_base, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10274 { "base32", smp_fetch_base32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10275 { "base32+src", smp_fetch_base32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
10276
10277 /* cookie is valid in both directions (eg: for "stick ...") but cook*
10278 * are only here to match the ACL's name, are request-only and are used
10279 * for ACL compatibility only.
10280 */
10281 { "cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10282 { "cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV|SMP_USE_HRSHV },
10283 { "cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10284 { "cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10285
10286 /* hdr is valid in both directions (eg: for "stick ...") but hdr_* are
10287 * only here to match the ACL's name, are request-only and are used for
10288 * ACL compatibility only.
10289 */
10290 { "hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV|SMP_USE_HRSHV },
10291 { "hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10292 { "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10293 { "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10294
Willy Tarreau0a0daec2013-04-02 22:44:58 +020010295 { "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
10296 { "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010297 { "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
10298 { "method", smp_fetch_meth, 0, NULL, SMP_T_UINT, SMP_USE_HRQHP },
10299 { "path", smp_fetch_path, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010300
10301 /* HTTP protocol on the request path */
10302 { "req.proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010303 { "req_proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010304
10305 /* HTTP version on the request path */
10306 { "req.ver", smp_fetch_rqver, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010307 { "req_ver", smp_fetch_rqver, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010308
10309 /* HTTP version on the response path */
10310 { "res.ver", smp_fetch_stver, 0, NULL, SMP_T_CSTR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010311 { "resp_ver", smp_fetch_stver, 0, NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10312
Willy Tarreau18ed2562013-01-14 15:56:36 +010010313 /* explicit req.{cook,hdr} are used to force the fetch direction to be request-only */
10314 { "req.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10315 { "req.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10316 { "req.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10317
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010318 { "req.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV },
10319 { "req.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010320 { "req.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV },
10321 { "req.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10322 { "req.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10323 { "req.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10324
10325 /* explicit req.{cook,hdr} are used to force the fetch direction to be response-only */
10326 { "res.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10327 { "res.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10328 { "res.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10329
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010330 { "res.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10331 { "res.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010332 { "res.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10333 { "res.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10334 { "res.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10335 { "res.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10336
Willy Tarreau409bcde2013-01-08 00:31:00 +010010337 /* scook is valid only on the response and is used for ACL compatibility */
10338 { "scook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10339 { "scook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10340 { "scook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10341 { "set-cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV }, /* deprecated */
10342
10343 /* shdr is valid only on the response and is used for ACL compatibility */
10344 { "shdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10345 { "shdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10346 { "shdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10347 { "shdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10348
10349 { "status", smp_fetch_stcode, 0, NULL, SMP_T_UINT, SMP_USE_HRSHP },
10350 { "url", smp_fetch_url, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010351 { "url32", smp_fetch_url32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10352 { "url32+src", smp_fetch_url32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010353 { "url_ip", smp_fetch_url_ip, 0, NULL, SMP_T_IPV4, SMP_USE_HRQHV },
10354 { "url_port", smp_fetch_url_port, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10355 { "url_param", smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10356 { "urlp" , smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10357 { "urlp_val", smp_fetch_url_param_val, ARG2(1,STR,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10358 { /* END */ },
Willy Tarreau4a568972010-05-12 08:08:50 +020010359}};
10360
Willy Tarreau8797c062007-05-07 00:55:35 +020010361
Willy Tarreau276fae92013-07-25 14:36:01 +020010362/* Note: must not be declared <const> as its list will be overwritten */
10363static struct sample_conv_kw_list sample_conv_kws = {ILH, {
10364 { "http_date", sample_conv_http_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_T_STR },
10365 { NULL, NULL, 0, 0, 0 },
10366}};
10367
Willy Tarreau8797c062007-05-07 00:55:35 +020010368__attribute__((constructor))
10369static void __http_protocol_init(void)
10370{
10371 acl_register_keywords(&acl_kws);
Willy Tarreau12785782012-04-27 21:37:17 +020010372 sample_register_fetches(&sample_fetch_keywords);
Willy Tarreau276fae92013-07-25 14:36:01 +020010373 sample_register_convs(&sample_conv_kws);
Willy Tarreau8797c062007-05-07 00:55:35 +020010374}
10375
10376
Willy Tarreau58f10d72006-12-04 02:26:12 +010010377/*
Willy Tarreaubaaee002006-06-26 02:48:02 +020010378 * Local variables:
10379 * c-indent-level: 8
10380 * c-basic-offset: 8
10381 * End:
10382 */