blob: 831eeeb7bd7c031f79b112e49dffc56ebff34533 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01004 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreaub05405a2012-01-23 15:35:52 +010026#include <netinet/tcp.h>
27
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010029#include <common/base64.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020030#include <common/chunk.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/compat.h>
32#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010033#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/memory.h>
35#include <common/mini-clist.h>
36#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020037#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020038#include <common/time.h>
39#include <common/uri_auth.h>
40#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
42#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020043#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044
Willy Tarreau8797c062007-05-07 00:55:35 +020045#include <proto/acl.h>
Willy Tarreau61612d42012-04-19 18:42:05 +020046#include <proto/arg.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010047#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/backend.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020049#include <proto/channel.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010050#include <proto/checks.h>
William Lallemand82fe75c2012-10-23 10:25:10 +020051#include <proto/compression.h>
Willy Tarreau91861262007-10-17 17:06:05 +020052#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020054#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010056#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020057#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020058#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010059#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020060#include <proto/queue.h>
Willy Tarreaucd3b0942012-04-27 21:52:18 +020061#include <proto/sample.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010062#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020063#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010064#include <proto/stream_interface.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020065#include <proto/task.h>
66
Willy Tarreau522d6c02009-12-06 18:49:18 +010067const char HTTP_100[] =
68 "HTTP/1.1 100 Continue\r\n\r\n";
69
70const struct chunk http_100_chunk = {
71 .str = (char *)&HTTP_100,
72 .len = sizeof(HTTP_100)-1
73};
74
Willy Tarreaua9679ac2010-01-03 17:32:57 +010075/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020076const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010077 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010078 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020079 "Location: "; /* not terminated since it will be concatenated with the URL */
80
Willy Tarreau0f772532006-12-23 20:51:41 +010081const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010082 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010083 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010084 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010085 "Location: "; /* not terminated since it will be concatenated with the URL */
86
87/* same as 302 except that the browser MUST retry with the GET method */
88const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010089 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010090 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010091 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010092 "Location: "; /* not terminated since it will be concatenated with the URL */
93
Yves Lafon3e8d1ae2013-03-11 11:06:05 -040094
95/* same as 302 except that the browser MUST retry with the same method */
96const char *HTTP_307 =
97 "HTTP/1.1 307 Temporary Redirect\r\n"
98 "Cache-Control: no-cache\r\n"
99 "Content-length: 0\r\n"
100 "Location: "; /* not terminated since it will be concatenated with the URL */
101
102/* same as 301 except that the browser MUST retry with the same method */
103const char *HTTP_308 =
104 "HTTP/1.1 308 Permanent Redirect\r\n"
105 "Content-length: 0\r\n"
106 "Location: "; /* not terminated since it will be concatenated with the URL */
107
Willy Tarreaubaaee002006-06-26 02:48:02 +0200108/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
109const char *HTTP_401_fmt =
110 "HTTP/1.0 401 Unauthorized\r\n"
111 "Cache-Control: no-cache\r\n"
112 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200113 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200114 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
115 "\r\n"
116 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
117
Willy Tarreau844a7e72010-01-31 21:46:18 +0100118const char *HTTP_407_fmt =
119 "HTTP/1.0 407 Unauthorized\r\n"
120 "Cache-Control: no-cache\r\n"
121 "Connection: close\r\n"
122 "Content-Type: text/html\r\n"
123 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
124 "\r\n"
125 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
126
Willy Tarreau0f772532006-12-23 20:51:41 +0100127
128const int http_err_codes[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200129 [HTTP_ERR_200] = 200, /* used by "monitor-uri" */
Willy Tarreau0f772532006-12-23 20:51:41 +0100130 [HTTP_ERR_400] = 400,
131 [HTTP_ERR_403] = 403,
132 [HTTP_ERR_408] = 408,
133 [HTTP_ERR_500] = 500,
134 [HTTP_ERR_502] = 502,
135 [HTTP_ERR_503] = 503,
136 [HTTP_ERR_504] = 504,
137};
138
Willy Tarreau80587432006-12-24 17:47:20 +0100139static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200140 [HTTP_ERR_200] =
141 "HTTP/1.0 200 OK\r\n"
142 "Cache-Control: no-cache\r\n"
143 "Connection: close\r\n"
144 "Content-Type: text/html\r\n"
145 "\r\n"
146 "<html><body><h1>200 OK</h1>\nService ready.\n</body></html>\n",
147
Willy Tarreau0f772532006-12-23 20:51:41 +0100148 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100149 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100150 "Cache-Control: no-cache\r\n"
151 "Connection: close\r\n"
152 "Content-Type: text/html\r\n"
153 "\r\n"
154 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
155
156 [HTTP_ERR_403] =
157 "HTTP/1.0 403 Forbidden\r\n"
158 "Cache-Control: no-cache\r\n"
159 "Connection: close\r\n"
160 "Content-Type: text/html\r\n"
161 "\r\n"
162 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
163
164 [HTTP_ERR_408] =
165 "HTTP/1.0 408 Request Time-out\r\n"
166 "Cache-Control: no-cache\r\n"
167 "Connection: close\r\n"
168 "Content-Type: text/html\r\n"
169 "\r\n"
170 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
171
172 [HTTP_ERR_500] =
173 "HTTP/1.0 500 Server Error\r\n"
174 "Cache-Control: no-cache\r\n"
175 "Connection: close\r\n"
176 "Content-Type: text/html\r\n"
177 "\r\n"
178 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
179
180 [HTTP_ERR_502] =
181 "HTTP/1.0 502 Bad Gateway\r\n"
182 "Cache-Control: no-cache\r\n"
183 "Connection: close\r\n"
184 "Content-Type: text/html\r\n"
185 "\r\n"
186 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
187
188 [HTTP_ERR_503] =
189 "HTTP/1.0 503 Service Unavailable\r\n"
190 "Cache-Control: no-cache\r\n"
191 "Connection: close\r\n"
192 "Content-Type: text/html\r\n"
193 "\r\n"
194 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
195
196 [HTTP_ERR_504] =
197 "HTTP/1.0 504 Gateway Time-out\r\n"
198 "Cache-Control: no-cache\r\n"
199 "Connection: close\r\n"
200 "Content-Type: text/html\r\n"
201 "\r\n"
202 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
203
204};
205
Cyril Bonté19979e12012-04-04 12:57:21 +0200206/* status codes available for the stats admin page (strictly 4 chars length) */
207const char *stat_status_codes[STAT_STATUS_SIZE] = {
208 [STAT_STATUS_DENY] = "DENY",
209 [STAT_STATUS_DONE] = "DONE",
210 [STAT_STATUS_ERRP] = "ERRP",
211 [STAT_STATUS_EXCD] = "EXCD",
212 [STAT_STATUS_NONE] = "NONE",
213 [STAT_STATUS_PART] = "PART",
214 [STAT_STATUS_UNKN] = "UNKN",
215};
216
217
Willy Tarreau80587432006-12-24 17:47:20 +0100218/* We must put the messages here since GCC cannot initialize consts depending
219 * on strlen().
220 */
221struct chunk http_err_chunks[HTTP_ERR_SIZE];
222
Willy Tarreaua890d072013-04-02 12:01:06 +0200223/* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
224static struct hdr_ctx static_hdr_ctx;
225
Willy Tarreau42250582007-04-01 01:30:43 +0200226#define FD_SETS_ARE_BITFIELDS
227#ifdef FD_SETS_ARE_BITFIELDS
228/*
229 * This map is used with all the FD_* macros to check whether a particular bit
230 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
231 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
232 * byte should be encoded. Be careful to always pass bytes from 0 to 255
233 * exclusively to the macros.
234 */
235fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
236fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
237
238#else
239#error "Check if your OS uses bitfields for fd_sets"
240#endif
241
Willy Tarreau80587432006-12-24 17:47:20 +0100242void init_proto_http()
243{
Willy Tarreau42250582007-04-01 01:30:43 +0200244 int i;
245 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100246 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200247
Willy Tarreau80587432006-12-24 17:47:20 +0100248 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
249 if (!http_err_msgs[msg]) {
250 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
251 abort();
252 }
253
254 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
255 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
256 }
Willy Tarreau42250582007-04-01 01:30:43 +0200257
258 /* initialize the log header encoding map : '{|}"#' should be encoded with
259 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
260 * URL encoding only requires '"', '#' to be encoded as well as non-
261 * printable characters above.
262 */
263 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
264 memset(url_encode_map, 0, sizeof(url_encode_map));
265 for (i = 0; i < 32; i++) {
266 FD_SET(i, hdr_encode_map);
267 FD_SET(i, url_encode_map);
268 }
269 for (i = 127; i < 256; i++) {
270 FD_SET(i, hdr_encode_map);
271 FD_SET(i, url_encode_map);
272 }
273
274 tmp = "\"#{|}";
275 while (*tmp) {
276 FD_SET(*tmp, hdr_encode_map);
277 tmp++;
278 }
279
280 tmp = "\"#";
281 while (*tmp) {
282 FD_SET(*tmp, url_encode_map);
283 tmp++;
284 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200285
286 /* memory allocations */
287 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
William Lallemanda73203e2012-03-12 12:48:57 +0100288 pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100289}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200290
Willy Tarreau53b6c742006-12-17 13:37:46 +0100291/*
292 * We have 26 list of methods (1 per first letter), each of which can have
293 * up to 3 entries (2 valid, 1 null).
294 */
295struct http_method_desc {
296 http_meth_t meth;
297 int len;
298 const char text[8];
299};
300
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100301const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100302 ['C' - 'A'] = {
303 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
304 },
305 ['D' - 'A'] = {
306 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
307 },
308 ['G' - 'A'] = {
309 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
310 },
311 ['H' - 'A'] = {
312 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
313 },
314 ['P' - 'A'] = {
315 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
316 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
317 },
318 ['T' - 'A'] = {
319 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
320 },
321 /* rest is empty like this :
322 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
323 */
324};
325
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100326/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200327 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100328 * RFC2616 for those chars.
329 */
330
331const char http_is_spht[256] = {
332 [' '] = 1, ['\t'] = 1,
333};
334
335const char http_is_crlf[256] = {
336 ['\r'] = 1, ['\n'] = 1,
337};
338
339const char http_is_lws[256] = {
340 [' '] = 1, ['\t'] = 1,
341 ['\r'] = 1, ['\n'] = 1,
342};
343
344const char http_is_sep[256] = {
345 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
346 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
347 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
348 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
349 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
350};
351
352const char http_is_ctl[256] = {
353 [0 ... 31] = 1,
354 [127] = 1,
355};
356
357/*
358 * A token is any ASCII char that is neither a separator nor a CTL char.
359 * Do not overwrite values in assignment since gcc-2.95 will not handle
360 * them correctly. Instead, define every non-CTL char's status.
361 */
362const char http_is_token[256] = {
363 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
364 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
365 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
366 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
367 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
368 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
369 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
370 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
371 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
372 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
373 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
374 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
375 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
376 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
377 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
378 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
379 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
380 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
381 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
382 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
383 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
384 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
385 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
386 ['|'] = 1, ['}'] = 0, ['~'] = 1,
387};
388
389
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100390/*
391 * An http ver_token is any ASCII which can be found in an HTTP version,
392 * which includes 'H', 'T', 'P', '/', '.' and any digit.
393 */
394const char http_is_ver_token[256] = {
395 ['.'] = 1, ['/'] = 1,
396 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
397 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
398 ['H'] = 1, ['P'] = 1, ['T'] = 1,
399};
400
401
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100402/*
Willy Tarreaue988a792010-01-04 21:13:14 +0100403 * Silent debug that outputs only in strace, using fd #-1. Trash is modified.
404 */
405#if defined(DEBUG_FSM)
406static void http_silent_debug(int line, struct session *s)
407{
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100408 chunk_printf(&trash,
409 "[%04d] req: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld tf=%08x\n",
410 line,
411 s->si[0].state, s->si[0].fd, s->txn.req.msg_state, s->req->flags, s->req->analysers,
412 s->req->buf->data, s->req->buf->size, s->req->l, s->req->w, s->req->r, s->req->buf->p, s->req->buf->o, s->req->to_forward, s->txn.flags);
413 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100414
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100415 chunk_printf(&trash,
416 " %04d rep: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p o=%p sm=%d fw=%ld\n",
417 line,
418 s->si[1].state, s->si[1].fd, s->txn.rsp.msg_state, s->rep->flags, s->rep->analysers,
419 s->rep->buf->data, s->rep->buf->size, s->rep->l, s->rep->w, s->rep->r, s->rep->buf->p, s->rep->buf->o, s->rep->to_forward);
420 write(-1, trash.str, trash.len);
Willy Tarreaue988a792010-01-04 21:13:14 +0100421}
422#else
423#define http_silent_debug(l,s) do { } while (0)
424#endif
425
426/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100427 * Adds a header and its CRLF at the tail of the message's buffer, just before
428 * the last CRLF. Text length is measured first, so it cannot be NULL.
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100429 * The header is also automatically added to the index <hdr_idx>, and the end
430 * of headers is automatically adjusted. The number of bytes added is returned
431 * on success, otherwise <0 is returned indicating an error.
432 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100433int http_header_add_tail(struct http_msg *msg, struct hdr_idx *hdr_idx, const char *text)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100434{
435 int bytes, len;
436
437 len = strlen(text);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200438 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100439 if (!bytes)
440 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100441 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100442 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
443}
444
445/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100446 * Adds a header and its CRLF at the tail of the message's buffer, just before
447 * the last CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100448 * the buffer is only opened and the space reserved, but nothing is copied.
449 * The header is also automatically added to the index <hdr_idx>, and the end
450 * of headers is automatically adjusted. The number of bytes added is returned
451 * on success, otherwise <0 is returned indicating an error.
452 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100453int http_header_add_tail2(struct http_msg *msg,
454 struct hdr_idx *hdr_idx, const char *text, int len)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100455{
456 int bytes;
457
Willy Tarreau9b28e032012-10-12 23:49:43 +0200458 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100459 if (!bytes)
460 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100461 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100462 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
463}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200464
465/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100466 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
467 * If so, returns the position of the first non-space character relative to
468 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
469 * to return a pointer to the place after the first space. Returns 0 if the
470 * header name does not match. Checks are case-insensitive.
471 */
472int http_header_match2(const char *hdr, const char *end,
473 const char *name, int len)
474{
475 const char *val;
476
477 if (hdr + len >= end)
478 return 0;
479 if (hdr[len] != ':')
480 return 0;
481 if (strncasecmp(hdr, name, len) != 0)
482 return 0;
483 val = hdr + len + 1;
484 while (val < end && HTTP_IS_SPHT(*val))
485 val++;
486 if ((val >= end) && (len + 2 <= end - hdr))
487 return len + 2; /* we may replace starting from second space */
488 return val - hdr;
489}
490
Willy Tarreau04ff9f12013-06-10 18:39:42 +0200491/* Find the first or next occurrence of header <name> in message buffer <sol>
492 * using headers index <idx>, and return it in the <ctx> structure. This
493 * structure holds everything necessary to use the header and find next
494 * occurrence. If its <idx> member is 0, the header is searched from the
495 * beginning. Otherwise, the next occurrence is returned. The function returns
496 * 1 when it finds a value, and 0 when there is no more. It is very similar to
497 * http_find_header2() except that it is designed to work with full-line headers
498 * whose comma is not a delimiter but is part of the syntax. As a special case,
499 * if ctx->val is NULL when searching for a new values of a header, the current
500 * header is rescanned. This allows rescanning after a header deletion.
501 */
502int http_find_full_header2(const char *name, int len,
503 char *sol, struct hdr_idx *idx,
504 struct hdr_ctx *ctx)
505{
506 char *eol, *sov;
507 int cur_idx, old_idx;
508
509 cur_idx = ctx->idx;
510 if (cur_idx) {
511 /* We have previously returned a header, let's search another one */
512 sol = ctx->line;
513 eol = sol + idx->v[cur_idx].len;
514 goto next_hdr;
515 }
516
517 /* first request for this header */
518 sol += hdr_idx_first_pos(idx);
519 old_idx = 0;
520 cur_idx = hdr_idx_first_idx(idx);
521 while (cur_idx) {
522 eol = sol + idx->v[cur_idx].len;
523
524 if (len == 0) {
525 /* No argument was passed, we want any header.
526 * To achieve this, we simply build a fake request. */
527 while (sol + len < eol && sol[len] != ':')
528 len++;
529 name = sol;
530 }
531
532 if ((len < eol - sol) &&
533 (sol[len] == ':') &&
534 (strncasecmp(sol, name, len) == 0)) {
535 ctx->del = len;
536 sov = sol + len + 1;
537 while (sov < eol && http_is_lws[(unsigned char)*sov])
538 sov++;
539
540 ctx->line = sol;
541 ctx->prev = old_idx;
542 ctx->idx = cur_idx;
543 ctx->val = sov - sol;
544 ctx->tws = 0;
545 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
546 eol--;
547 ctx->tws++;
548 }
549 ctx->vlen = eol - sov;
550 return 1;
551 }
552 next_hdr:
553 sol = eol + idx->v[cur_idx].cr + 1;
554 old_idx = cur_idx;
555 cur_idx = idx->v[cur_idx].next;
556 }
557 return 0;
558}
559
Willy Tarreau68085d82010-01-18 14:54:04 +0100560/* Find the end of the header value contained between <s> and <e>. See RFC2616,
561 * par 2.2 for more information. Note that it requires a valid header to return
562 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200563 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100564char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200565{
566 int quoted, qdpair;
567
568 quoted = qdpair = 0;
569 for (; s < e; s++) {
570 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200571 else if (quoted) {
572 if (*s == '\\') qdpair = 1;
573 else if (*s == '"') quoted = 0;
574 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200575 else if (*s == '"') quoted = 1;
576 else if (*s == ',') return s;
577 }
578 return s;
579}
580
581/* Find the first or next occurrence of header <name> in message buffer <sol>
582 * using headers index <idx>, and return it in the <ctx> structure. This
583 * structure holds everything necessary to use the header and find next
584 * occurrence. If its <idx> member is 0, the header is searched from the
585 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100586 * 1 when it finds a value, and 0 when there is no more. It is designed to work
587 * with headers defined as comma-separated lists. As a special case, if ctx->val
588 * is NULL when searching for a new values of a header, the current header is
589 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200590 */
591int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100592 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200593 struct hdr_ctx *ctx)
594{
Willy Tarreau68085d82010-01-18 14:54:04 +0100595 char *eol, *sov;
596 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200597
Willy Tarreau68085d82010-01-18 14:54:04 +0100598 cur_idx = ctx->idx;
599 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200600 /* We have previously returned a value, let's search
601 * another one on the same line.
602 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200603 sol = ctx->line;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200604 ctx->del = ctx->val + ctx->vlen + ctx->tws;
Willy Tarreau68085d82010-01-18 14:54:04 +0100605 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200606 eol = sol + idx->v[cur_idx].len;
607
608 if (sov >= eol)
609 /* no more values in this header */
610 goto next_hdr;
611
Willy Tarreau68085d82010-01-18 14:54:04 +0100612 /* values remaining for this header, skip the comma but save it
613 * for later use (eg: for header deletion).
614 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200615 sov++;
616 while (sov < eol && http_is_lws[(unsigned char)*sov])
617 sov++;
618
619 goto return_hdr;
620 }
621
622 /* first request for this header */
623 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100624 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200625 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200626 while (cur_idx) {
627 eol = sol + idx->v[cur_idx].len;
628
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200629 if (len == 0) {
630 /* No argument was passed, we want any header.
631 * To achieve this, we simply build a fake request. */
632 while (sol + len < eol && sol[len] != ':')
633 len++;
634 name = sol;
635 }
636
Willy Tarreau33a7e692007-06-10 19:45:56 +0200637 if ((len < eol - sol) &&
638 (sol[len] == ':') &&
639 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100640 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200641 sov = sol + len + 1;
642 while (sov < eol && http_is_lws[(unsigned char)*sov])
643 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100644
Willy Tarreau33a7e692007-06-10 19:45:56 +0200645 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100646 ctx->prev = old_idx;
647 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200648 ctx->idx = cur_idx;
649 ctx->val = sov - sol;
650
651 eol = find_hdr_value_end(sov, eol);
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200652 ctx->tws = 0;
Willy Tarreau275600b2011-09-16 08:11:26 +0200653 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200654 eol--;
655 ctx->tws++;
656 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200657 ctx->vlen = eol - sov;
658 return 1;
659 }
660 next_hdr:
661 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100662 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200663 cur_idx = idx->v[cur_idx].next;
664 }
665 return 0;
666}
667
668int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100669 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200670 struct hdr_ctx *ctx)
671{
672 return http_find_header2(name, strlen(name), sol, idx, ctx);
673}
674
Willy Tarreau68085d82010-01-18 14:54:04 +0100675/* Remove one value of a header. This only works on a <ctx> returned by one of
676 * the http_find_header functions. The value is removed, as well as surrounding
677 * commas if any. If the removed value was alone, the whole header is removed.
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100678 * The ctx is always updated accordingly, as well as the buffer and HTTP
Willy Tarreau68085d82010-01-18 14:54:04 +0100679 * message <msg>. The new index is returned. If it is zero, it means there is
680 * no more header, so any processing may stop. The ctx is always left in a form
681 * that can be handled by http_find_header2() to find next occurrence.
682 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100683int http_remove_header2(struct http_msg *msg, struct hdr_idx *idx, struct hdr_ctx *ctx)
Willy Tarreau68085d82010-01-18 14:54:04 +0100684{
685 int cur_idx = ctx->idx;
686 char *sol = ctx->line;
687 struct hdr_idx_elem *hdr;
688 int delta, skip_comma;
689
690 if (!cur_idx)
691 return 0;
692
693 hdr = &idx->v[cur_idx];
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200694 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen + ctx->tws == hdr->len) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100695 /* This was the only value of the header, we must now remove it entirely. */
Willy Tarreau9b28e032012-10-12 23:49:43 +0200696 delta = buffer_replace2(msg->chn->buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
Willy Tarreau68085d82010-01-18 14:54:04 +0100697 http_msg_move_end(msg, delta);
698 idx->used--;
699 hdr->len = 0; /* unused entry */
700 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100701 if (idx->tail == ctx->idx)
702 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100703 ctx->idx = ctx->prev; /* walk back to the end of previous header */
704 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
705 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200706 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100707 return ctx->idx;
708 }
709
710 /* This was not the only value of this header. We have to remove between
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200711 * ctx->del+1 and ctx->val+ctx->vlen+ctx->tws+1 included. If it is the
712 * last entry of the list, we remove the last separator.
Willy Tarreau68085d82010-01-18 14:54:04 +0100713 */
714
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200715 skip_comma = (ctx->val + ctx->vlen + ctx->tws == hdr->len) ? 0 : 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200716 delta = buffer_replace2(msg->chn->buf, sol + ctx->del + skip_comma,
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200717 sol + ctx->val + ctx->vlen + ctx->tws + skip_comma,
Willy Tarreau68085d82010-01-18 14:54:04 +0100718 NULL, 0);
719 hdr->len += delta;
720 http_msg_move_end(msg, delta);
721 ctx->val = ctx->del;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200722 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100723 return ctx->idx;
724}
725
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100726/* This function handles a server error at the stream interface level. The
727 * stream interface is assumed to be already in a closed state. An optional
728 * message is copied into the input buffer, and an HTTP status code stored.
729 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100730 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200731 */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100732static void http_server_error(struct session *t, struct stream_interface *si,
733 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200734{
Willy Tarreau8263d2b2012-08-28 00:06:31 +0200735 channel_auto_read(si->ob);
736 channel_abort(si->ob);
737 channel_auto_close(si->ob);
738 channel_erase(si->ob);
739 channel_auto_close(si->ib);
740 channel_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100741 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100742 t->txn.status = status;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +0200743 bo_inject(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200744 }
745 if (!(t->flags & SN_ERR_MASK))
746 t->flags |= err;
747 if (!(t->flags & SN_FINST_MASK))
748 t->flags |= finst;
749}
750
Willy Tarreau80587432006-12-24 17:47:20 +0100751/* This function returns the appropriate error location for the given session
752 * and message.
753 */
754
Willy Tarreau783f2582012-09-04 12:19:04 +0200755struct chunk *http_error_message(struct session *s, int msgnum)
Willy Tarreau80587432006-12-24 17:47:20 +0100756{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200757 if (s->be->errmsg[msgnum].str)
758 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100759 else if (s->fe->errmsg[msgnum].str)
760 return &s->fe->errmsg[msgnum];
761 else
762 return &http_err_chunks[msgnum];
763}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200764
Willy Tarreau53b6c742006-12-17 13:37:46 +0100765/*
766 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
767 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
768 */
769static http_meth_t find_http_meth(const char *str, const int len)
770{
771 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100772 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100773
774 m = ((unsigned)*str - 'A');
775
776 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100777 for (h = http_methods[m]; h->len > 0; h++) {
778 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100779 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100780 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100781 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100782 };
783 return HTTP_METH_OTHER;
784 }
785 return HTTP_METH_NONE;
786
787}
788
Willy Tarreau21d2af32008-02-14 20:25:24 +0100789/* Parse the URI from the given transaction (which is assumed to be in request
790 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
791 * It is returned otherwise.
792 */
793static char *
794http_get_path(struct http_txn *txn)
795{
796 char *ptr, *end;
797
Willy Tarreau9b28e032012-10-12 23:49:43 +0200798 ptr = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100799 end = ptr + txn->req.sl.rq.u_l;
800
801 if (ptr >= end)
802 return NULL;
803
804 /* RFC2616, par. 5.1.2 :
805 * Request-URI = "*" | absuri | abspath | authority
806 */
807
808 if (*ptr == '*')
809 return NULL;
810
811 if (isalpha((unsigned char)*ptr)) {
812 /* this is a scheme as described by RFC3986, par. 3.1 */
813 ptr++;
814 while (ptr < end &&
815 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
816 ptr++;
817 /* skip '://' */
818 if (ptr == end || *ptr++ != ':')
819 return NULL;
820 if (ptr == end || *ptr++ != '/')
821 return NULL;
822 if (ptr == end || *ptr++ != '/')
823 return NULL;
824 }
825 /* skip [user[:passwd]@]host[:[port]] */
826
827 while (ptr < end && *ptr != '/')
828 ptr++;
829
830 if (ptr == end)
831 return NULL;
832
833 /* OK, we got the '/' ! */
834 return ptr;
835}
836
Willy Tarreau71241ab2012-12-27 11:30:54 +0100837/* Returns a 302 for a redirectable request that reaches a server working in
838 * in redirect mode. This may only be called just after the stream interface
839 * has moved to SI_ST_ASS. Unprocessable requests are left unchanged and will
840 * follow normal proxy processing. NOTE: this function is designed to support
841 * being called once data are scheduled for forwarding.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100842 */
Willy Tarreau71241ab2012-12-27 11:30:54 +0100843void http_perform_server_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100844{
845 struct http_txn *txn;
Willy Tarreau827aee92011-03-10 16:55:02 +0100846 struct server *srv;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100847 char *path;
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200848 int len, rewind;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100849
850 /* 1: create the response header */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100851 trash.len = strlen(HTTP_302);
852 memcpy(trash.str, HTTP_302, trash.len);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100853
Willy Tarreau3fdb3662012-11-12 00:42:33 +0100854 srv = objt_server(s->target);
Willy Tarreau827aee92011-03-10 16:55:02 +0100855
Willy Tarreauefb453c2008-10-26 20:49:47 +0100856 /* 2: add the server's prefix */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100857 if (trash.len + srv->rdr_len > trash.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100858 return;
859
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100860 /* special prefix "/" means don't change URL */
Willy Tarreau827aee92011-03-10 16:55:02 +0100861 if (srv->rdr_len != 1 || *srv->rdr_pfx != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100862 memcpy(trash.str + trash.len, srv->rdr_pfx, srv->rdr_len);
863 trash.len += srv->rdr_len;
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100864 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100865
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200866 /* 3: add the request URI. Since it was already forwarded, we need
867 * to temporarily rewind the buffer.
868 */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100869 txn = &s->txn;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200870 b_rew(s->req->buf, rewind = s->req->buf->o);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200871
Willy Tarreauefb453c2008-10-26 20:49:47 +0100872 path = http_get_path(txn);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200873 len = buffer_count(s->req->buf, path, b_ptr(s->req->buf, txn->req.sl.rq.u + txn->req.sl.rq.u_l));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200874
Willy Tarreau9b28e032012-10-12 23:49:43 +0200875 b_adv(s->req->buf, rewind);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200876
Willy Tarreauefb453c2008-10-26 20:49:47 +0100877 if (!path)
878 return;
879
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100880 if (trash.len + len > trash.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100881 return;
882
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100883 memcpy(trash.str + trash.len, path, len);
884 trash.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100885
886 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100887 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
888 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100889 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100890 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
891 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100892 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100893
894 /* prepare to return without error. */
Willy Tarreau73b013b2012-05-21 16:31:45 +0200895 si_shutr(si);
896 si_shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100897 si->err_type = SI_ET_NONE;
898 si->err_loc = NULL;
899 si->state = SI_ST_CLO;
900
901 /* send the message */
Willy Tarreau570f2212013-06-10 16:42:09 +0200902 http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100903
904 /* FIXME: we should increase a counter of redirects per server and per backend. */
Willy Tarreau4521ba62013-01-24 01:25:25 +0100905 srv_inc_sess_ctr(srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100906}
907
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100908/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100909 * that the server side is closed. Note that err_type is actually a
910 * bitmask, where almost only aborts may be cumulated with other
911 * values. We consider that aborted operations are more important
912 * than timeouts or errors due to the fact that nobody else in the
913 * logs might explain incomplete retries. All others should avoid
914 * being cumulated. It should normally not be possible to have multiple
915 * aborts at once, but just in case, the first one in sequence is reported.
916 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100917void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100918{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100919 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100920
921 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100922 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200923 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100924 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100925 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200926 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100927 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100928 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200929 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100930 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100931 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200932 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100933 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100934 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200935 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100936 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100937 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200938 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100939 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100940 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +0200941 500, http_error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100942}
943
Willy Tarreau42250582007-04-01 01:30:43 +0200944extern const char sess_term_cond[8];
945extern const char sess_fin_state[8];
946extern const char *monthname[12];
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200947struct pool_head *pool2_requri;
Willy Tarreau193b8c62012-11-22 00:17:38 +0100948struct pool_head *pool2_capture = NULL;
William Lallemanda73203e2012-03-12 12:48:57 +0100949struct pool_head *pool2_uniqueid;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100950
Willy Tarreau117f59e2007-03-04 18:17:17 +0100951/*
952 * Capture headers from message starting at <som> according to header list
953 * <cap_hdr>, and fill the <idx> structure appropriately.
954 */
955void capture_headers(char *som, struct hdr_idx *idx,
956 char **cap, struct cap_hdr *cap_hdr)
957{
958 char *eol, *sol, *col, *sov;
959 int cur_idx;
960 struct cap_hdr *h;
961 int len;
962
963 sol = som + hdr_idx_first_pos(idx);
964 cur_idx = hdr_idx_first_idx(idx);
965
966 while (cur_idx) {
967 eol = sol + idx->v[cur_idx].len;
968
969 col = sol;
970 while (col < eol && *col != ':')
971 col++;
972
973 sov = col + 1;
974 while (sov < eol && http_is_lws[(unsigned char)*sov])
975 sov++;
976
977 for (h = cap_hdr; h; h = h->next) {
978 if ((h->namelen == col - sol) &&
979 (strncasecmp(sol, h->name, h->namelen) == 0)) {
980 if (cap[h->index] == NULL)
981 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +0200982 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +0100983
984 if (cap[h->index] == NULL) {
985 Alert("HTTP capture : out of memory.\n");
986 continue;
987 }
988
989 len = eol - sov;
990 if (len > h->len)
991 len = h->len;
992
993 memcpy(cap[h->index], sov, len);
994 cap[h->index][len]=0;
995 }
996 }
997 sol = eol + idx->v[cur_idx].cr + 1;
998 cur_idx = idx->v[cur_idx].next;
999 }
1000}
1001
1002
Willy Tarreau42250582007-04-01 01:30:43 +02001003/* either we find an LF at <ptr> or we jump to <bad>.
1004 */
1005#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1006
1007/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1008 * otherwise to <http_msg_ood> with <state> set to <st>.
1009 */
1010#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1011 ptr++; \
1012 if (likely(ptr < end)) \
1013 goto good; \
1014 else { \
1015 state = (st); \
1016 goto http_msg_ood; \
1017 } \
1018 } while (0)
1019
1020
Willy Tarreaubaaee002006-06-26 02:48:02 +02001021/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001022 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001023 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1024 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1025 * will give undefined results.
1026 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1027 * and that msg->sol points to the beginning of the response.
1028 * If a complete line is found (which implies that at least one CR or LF is
1029 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1030 * returned indicating an incomplete line (which does not mean that parts have
1031 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1032 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1033 * upon next call.
1034 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001035 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001036 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1037 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001038 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001039 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001040const char *http_parse_stsline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +01001041 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +01001042 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001043{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001044 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001045
Willy Tarreau8973c702007-01-21 23:58:29 +01001046 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001047 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001048 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001049 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001050 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1051
1052 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001053 msg->sl.st.v_l = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001054 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1055 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001056 state = HTTP_MSG_ERROR;
1057 break;
1058
Willy Tarreau8973c702007-01-21 23:58:29 +01001059 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001060 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001061 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001062 msg->sl.st.c = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001063 goto http_msg_rpcode;
1064 }
1065 if (likely(HTTP_IS_SPHT(*ptr)))
1066 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1067 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001068 state = HTTP_MSG_ERROR;
1069 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001070
Willy Tarreau8973c702007-01-21 23:58:29 +01001071 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001072 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +01001073 if (likely(!HTTP_IS_LWS(*ptr)))
1074 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1075
1076 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001077 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001078 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1079 }
1080
1081 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001082 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001083 http_msg_rsp_reason:
1084 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001085 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001086 msg->sl.st.r_l = 0;
1087 goto http_msg_rpline_eol;
1088
Willy Tarreau8973c702007-01-21 23:58:29 +01001089 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001090 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001091 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001092 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001093 goto http_msg_rpreason;
1094 }
1095 if (likely(HTTP_IS_SPHT(*ptr)))
1096 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1097 /* so it's a CR/LF, so there is no reason phrase */
1098 goto http_msg_rsp_reason;
1099
Willy Tarreau8973c702007-01-21 23:58:29 +01001100 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001101 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001102 if (likely(!HTTP_IS_CRLF(*ptr)))
1103 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreauea1175a2012-03-05 15:52:30 +01001104 msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001105 http_msg_rpline_eol:
1106 /* We have seen the end of line. Note that we do not
1107 * necessarily have the \n yet, but at least we know that we
1108 * have EITHER \r OR \n, otherwise the response would not be
1109 * complete. We can then record the response length and return
1110 * to the caller which will be able to register it.
1111 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001112 msg->sl.st.l = ptr - msg_start - msg->sol;
Willy Tarreau8973c702007-01-21 23:58:29 +01001113 return ptr;
1114
1115#ifdef DEBUG_FULL
1116 default:
1117 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1118 exit(1);
1119#endif
1120 }
1121
1122 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001123 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001124 if (ret_state)
1125 *ret_state = state;
1126 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001127 *ret_ptr = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001128 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001129}
1130
Willy Tarreau8973c702007-01-21 23:58:29 +01001131/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001132 * This function parses a request line between <ptr> and <end>, starting with
1133 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1134 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1135 * will give undefined results.
1136 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1137 * and that msg->sol points to the beginning of the request.
1138 * If a complete line is found (which implies that at least one CR or LF is
1139 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1140 * returned indicating an incomplete line (which does not mean that parts have
1141 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1142 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1143 * upon next call.
1144 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001145 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001146 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1147 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001148 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001149 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001150const char *http_parse_reqline(struct http_msg *msg,
Willy Tarreaue69eada2008-01-27 00:34:10 +01001151 unsigned int state, const char *ptr, const char *end,
Willy Tarreaua458b672012-03-05 11:17:50 +01001152 unsigned int *ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001153{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001154 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001155
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001156 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001157 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001158 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001159 if (likely(HTTP_IS_TOKEN(*ptr)))
1160 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001161
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001162 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001163 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001164 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1165 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001166
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001167 if (likely(HTTP_IS_CRLF(*ptr))) {
1168 /* HTTP 0.9 request */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001169 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001170 http_msg_req09_uri:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001171 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001172 http_msg_req09_uri_e:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001173 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001174 http_msg_req09_ver:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001175 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001176 msg->sl.rq.v_l = 0;
1177 goto http_msg_rqline_eol;
1178 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001179 state = HTTP_MSG_ERROR;
1180 break;
1181
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001182 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001183 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001184 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001185 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001186 goto http_msg_rquri;
1187 }
1188 if (likely(HTTP_IS_SPHT(*ptr)))
1189 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1190 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1191 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001192
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001193 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001194 http_msg_rquri:
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001195 if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001196 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001197
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001198 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001199 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001200 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1201 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001202
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001203 if (likely((unsigned char)*ptr >= 128)) {
Willy Tarreau422246e2012-01-07 23:54:13 +01001204 /* non-ASCII chars are forbidden unless option
1205 * accept-invalid-http-request is enabled in the frontend.
1206 * In any case, we capture the faulty char.
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001207 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001208 if (msg->err_pos < -1)
1209 goto invalid_char;
1210 if (msg->err_pos == -1)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001211 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001212 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
1213 }
1214
1215 if (likely(HTTP_IS_CRLF(*ptr))) {
1216 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1217 goto http_msg_req09_uri_e;
1218 }
1219
1220 /* OK forbidden chars, 0..31 or 127 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001221 invalid_char:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001222 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001223 state = HTTP_MSG_ERROR;
1224 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001225
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001226 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001227 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001228 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001229 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001230 goto http_msg_rqver;
1231 }
1232 if (likely(HTTP_IS_SPHT(*ptr)))
1233 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1234 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1235 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001236
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001237 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001238 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001239 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001240 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001241
1242 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001243 msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001244 http_msg_rqline_eol:
1245 /* We have seen the end of line. Note that we do not
1246 * necessarily have the \n yet, but at least we know that we
1247 * have EITHER \r OR \n, otherwise the request would not be
1248 * complete. We can then record the request length and return
1249 * to the caller which will be able to register it.
1250 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001251 msg->sl.rq.l = ptr - msg_start - msg->sol;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001252 return ptr;
1253 }
1254
1255 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001256 state = HTTP_MSG_ERROR;
1257 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001258
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001259#ifdef DEBUG_FULL
1260 default:
1261 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1262 exit(1);
1263#endif
1264 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001265
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001266 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001267 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001268 if (ret_state)
1269 *ret_state = state;
1270 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001271 *ret_ptr = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001272 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001273}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001274
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001275/*
1276 * Returns the data from Authorization header. Function may be called more
1277 * than once so data is stored in txn->auth_data. When no header is found
1278 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
1279 * searching again for something we are unable to find anyway.
1280 */
1281
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001282char *get_http_auth_buff;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001283
1284int
1285get_http_auth(struct session *s)
1286{
1287
1288 struct http_txn *txn = &s->txn;
1289 struct chunk auth_method;
1290 struct hdr_ctx ctx;
1291 char *h, *p;
1292 int len;
1293
1294#ifdef DEBUG_AUTH
1295 printf("Auth for session %p: %d\n", s, txn->auth.method);
1296#endif
1297
1298 if (txn->auth.method == HTTP_AUTH_WRONG)
1299 return 0;
1300
1301 if (txn->auth.method)
1302 return 1;
1303
1304 txn->auth.method = HTTP_AUTH_WRONG;
1305
1306 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001307
1308 if (txn->flags & TX_USE_PX_CONN) {
1309 h = "Proxy-Authorization";
1310 len = strlen(h);
1311 } else {
1312 h = "Authorization";
1313 len = strlen(h);
1314 }
1315
Willy Tarreau9b28e032012-10-12 23:49:43 +02001316 if (!http_find_header2(h, len, s->req->buf->p, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001317 return 0;
1318
1319 h = ctx.line + ctx.val;
1320
1321 p = memchr(h, ' ', ctx.vlen);
1322 if (!p || p == h)
1323 return 0;
1324
1325 chunk_initlen(&auth_method, h, 0, p-h);
1326 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1327
1328 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1329
1330 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001331 get_http_auth_buff, global.tune.bufsize - 1);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001332
1333 if (len < 0)
1334 return 0;
1335
1336
1337 get_http_auth_buff[len] = '\0';
1338
1339 p = strchr(get_http_auth_buff, ':');
1340
1341 if (!p)
1342 return 0;
1343
1344 txn->auth.user = get_http_auth_buff;
1345 *p = '\0';
1346 txn->auth.pass = p+1;
1347
1348 txn->auth.method = HTTP_AUTH_BASIC;
1349 return 1;
1350 }
1351
1352 return 0;
1353}
1354
Willy Tarreau58f10d72006-12-04 02:26:12 +01001355
Willy Tarreau8973c702007-01-21 23:58:29 +01001356/*
1357 * This function parses an HTTP message, either a request or a response,
Willy Tarreau8b1323e2012-03-09 14:46:19 +01001358 * depending on the initial msg->msg_state. The caller is responsible for
1359 * ensuring that the message does not wrap. The function can be preempted
1360 * everywhere when data are missing and recalled at the exact same location
1361 * with no information loss. The message may even be realigned between two
1362 * calls. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001363 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau26927362012-05-18 23:22:52 +02001364 * fields. Note that msg->sol will be initialized after completing the first
1365 * state, so that none of the msg pointers has to be initialized prior to the
1366 * first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001367 */
Willy Tarreaua560c212012-03-09 13:50:57 +01001368void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001369{
Willy Tarreaue69eada2008-01-27 00:34:10 +01001370 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001371 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001372 struct buffer *buf;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001373
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001374 state = msg->msg_state;
Willy Tarreau9b28e032012-10-12 23:49:43 +02001375 buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001376 ptr = buf->p + msg->next;
1377 end = buf->p + buf->i;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001378
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001379 if (unlikely(ptr >= end))
1380 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001381
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001382 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001383 /*
1384 * First, states that are specific to the response only.
1385 * We check them first so that request and headers are
1386 * closer to each other (accessed more often).
1387 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001388 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001389 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001390 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001391 /* we have a start of message, but we have to check
1392 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001393 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001394 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001395 if (unlikely(ptr != buf->p)) {
1396 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001397 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001398 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001399 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8973c702007-01-21 23:58:29 +01001400 }
Willy Tarreau26927362012-05-18 23:22:52 +02001401 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001402 msg->sl.st.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001403 hdr_idx_init(idx);
1404 state = HTTP_MSG_RPVER;
1405 goto http_msg_rpver;
1406 }
1407
1408 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1409 goto http_msg_invalid;
1410
1411 if (unlikely(*ptr == '\n'))
1412 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1413 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1414 /* stop here */
1415
Willy Tarreau8973c702007-01-21 23:58:29 +01001416 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001417 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001418 EXPECT_LF_HERE(ptr, http_msg_invalid);
1419 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1420 /* stop here */
1421
Willy Tarreau8973c702007-01-21 23:58:29 +01001422 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001423 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001424 case HTTP_MSG_RPVER_SP:
1425 case HTTP_MSG_RPCODE:
1426 case HTTP_MSG_RPCODE_SP:
1427 case HTTP_MSG_RPREASON:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001428 ptr = (char *)http_parse_stsline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001429 state, ptr, end,
1430 &msg->next, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001431 if (unlikely(!ptr))
1432 return;
1433
1434 /* we have a full response and we know that we have either a CR
1435 * or an LF at <ptr>.
1436 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001437 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1438
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001439 msg->sol = ptr - buf->p;
Willy Tarreau8973c702007-01-21 23:58:29 +01001440 if (likely(*ptr == '\r'))
1441 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1442 goto http_msg_rpline_end;
1443
Willy Tarreau8973c702007-01-21 23:58:29 +01001444 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001445 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001446 /* msg->sol must point to the first of CR or LF. */
1447 EXPECT_LF_HERE(ptr, http_msg_invalid);
1448 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1449 /* stop here */
1450
1451 /*
1452 * Second, states that are specific to the request only
1453 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001454 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001455 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001456 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001457 /* we have a start of message, but we have to check
1458 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001459 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001460 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001461 if (likely(ptr != buf->p)) {
1462 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001463 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001464 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001465 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001466 }
Willy Tarreau26927362012-05-18 23:22:52 +02001467 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001468 msg->sl.rq.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001469 state = HTTP_MSG_RQMETH;
1470 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001471 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001472
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001473 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1474 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001475
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001476 if (unlikely(*ptr == '\n'))
1477 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1478 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001479 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001480
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001481 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001482 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001483 EXPECT_LF_HERE(ptr, http_msg_invalid);
1484 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001485 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001486
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001487 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001488 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001489 case HTTP_MSG_RQMETH_SP:
1490 case HTTP_MSG_RQURI:
1491 case HTTP_MSG_RQURI_SP:
1492 case HTTP_MSG_RQVER:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001493 ptr = (char *)http_parse_reqline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001494 state, ptr, end,
1495 &msg->next, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001496 if (unlikely(!ptr))
1497 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001498
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001499 /* we have a full request and we know that we have either a CR
1500 * or an LF at <ptr>.
1501 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001502 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001503
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001504 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001505 if (likely(*ptr == '\r'))
1506 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001507 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001508
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001509 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001510 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001511 /* check for HTTP/0.9 request : no version information available.
1512 * msg->sol must point to the first of CR or LF.
1513 */
1514 if (unlikely(msg->sl.rq.v_l == 0))
1515 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001516
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001517 EXPECT_LF_HERE(ptr, http_msg_invalid);
1518 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001519 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001520
Willy Tarreau8973c702007-01-21 23:58:29 +01001521 /*
1522 * Common states below
1523 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001524 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001525 http_msg_hdr_first:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001526 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001527 if (likely(!HTTP_IS_CRLF(*ptr))) {
1528 goto http_msg_hdr_name;
1529 }
1530
1531 if (likely(*ptr == '\r'))
1532 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1533 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001534
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001535 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001536 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001537 /* assumes msg->sol points to the first char */
1538 if (likely(HTTP_IS_TOKEN(*ptr)))
1539 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001540
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001541 if (likely(*ptr == ':'))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001542 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001543
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001544 if (likely(msg->err_pos < -1) || *ptr == '\n')
1545 goto http_msg_invalid;
1546
1547 if (msg->err_pos == -1) /* capture error pointer */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001548 msg->err_pos = ptr - buf->p; /* >= 0 now */
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001549
1550 /* and we still accept this non-token character */
1551 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001552
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001553 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001554 http_msg_hdr_l1_sp:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001555 /* assumes msg->sol points to the first char */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001556 if (likely(HTTP_IS_SPHT(*ptr)))
1557 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001558
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001559 /* header value can be basically anything except CR/LF */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001560 msg->sov = ptr - buf->p;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001561
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001562 if (likely(!HTTP_IS_CRLF(*ptr))) {
1563 goto http_msg_hdr_val;
1564 }
1565
1566 if (likely(*ptr == '\r'))
1567 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1568 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001569
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001570 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001571 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001572 EXPECT_LF_HERE(ptr, http_msg_invalid);
1573 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001574
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001575 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001576 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001577 if (likely(HTTP_IS_SPHT(*ptr))) {
1578 /* replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001579 for (; buf->p + msg->sov < ptr; msg->sov++)
1580 buf->p[msg->sov] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001581 goto http_msg_hdr_l1_sp;
1582 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001583 /* we had a header consisting only in spaces ! */
Willy Tarreau12e48b32012-03-05 16:57:34 +01001584 msg->eol = msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001585 goto http_msg_complete_header;
1586
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001587 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001588 http_msg_hdr_val:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001589 /* assumes msg->sol points to the first char, and msg->sov
1590 * points to the first character of the value.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001591 */
1592 if (likely(!HTTP_IS_CRLF(*ptr)))
1593 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001594
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001595 msg->eol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001596 /* Note: we could also copy eol into ->eoh so that we have the
1597 * real header end in case it ends with lots of LWS, but is this
1598 * really needed ?
1599 */
1600 if (likely(*ptr == '\r'))
1601 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1602 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001603
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001604 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001605 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001606 EXPECT_LF_HERE(ptr, http_msg_invalid);
1607 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001608
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001609 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001610 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001611 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1612 /* LWS: replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001613 for (; buf->p + msg->eol < ptr; msg->eol++)
1614 buf->p[msg->eol] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001615 goto http_msg_hdr_val;
1616 }
1617 http_msg_complete_header:
1618 /*
1619 * It was a new header, so the last one is finished.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001620 * Assumes msg->sol points to the first char, msg->sov points
1621 * to the first character of the value and msg->eol to the
1622 * first CR or LF so we know how the line ends. We insert last
1623 * header into the index.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001624 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001625 if (unlikely(hdr_idx_add(msg->eol - msg->sol, buf->p[msg->eol] == '\r',
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001626 idx, idx->tail) < 0))
1627 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001628
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001629 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001630 if (likely(!HTTP_IS_CRLF(*ptr))) {
1631 goto http_msg_hdr_name;
1632 }
1633
1634 if (likely(*ptr == '\r'))
1635 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1636 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001637
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001638 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001639 http_msg_last_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 /* Assumes msg->sol points to the first of either CR or LF */
1641 EXPECT_LF_HERE(ptr, http_msg_invalid);
1642 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001643 msg->sov = msg->next = ptr - buf->p;
Willy Tarreau3a215be2012-03-09 21:39:51 +01001644 msg->eoh = msg->sol;
1645 msg->sol = 0;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001646 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001647 return;
Willy Tarreaub56928a2012-04-16 14:51:55 +02001648
1649 case HTTP_MSG_ERROR:
1650 /* this may only happen if we call http_msg_analyser() twice with an error */
1651 break;
1652
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001653#ifdef DEBUG_FULL
1654 default:
1655 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1656 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001657#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001658 }
1659 http_msg_ood:
1660 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001661 msg->msg_state = state;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001662 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001663 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001664
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001665 http_msg_invalid:
1666 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001667 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001668 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001669 return;
1670}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001671
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001672/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1673 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1674 * nothing is done and 1 is returned.
1675 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001676static int http_upgrade_v09_to_v10(struct http_txn *txn)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001677{
1678 int delta;
1679 char *cur_end;
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001680 struct http_msg *msg = &txn->req;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001681
1682 if (msg->sl.rq.v_l != 0)
1683 return 1;
1684
Willy Tarreau9b28e032012-10-12 23:49:43 +02001685 cur_end = msg->chn->buf->p + msg->sl.rq.l;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001686 delta = 0;
1687
1688 if (msg->sl.rq.u_l == 0) {
1689 /* if no URI was set, add "/" */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001690 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " /", 2);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001691 cur_end += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001692 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001693 }
1694 /* add HTTP version */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001695 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001696 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001697 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001698 cur_end = (char *)http_parse_reqline(msg,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001699 HTTP_MSG_RQMETH,
Willy Tarreau9b28e032012-10-12 23:49:43 +02001700 msg->chn->buf->p, cur_end + 1,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001701 NULL, NULL);
1702 if (unlikely(!cur_end))
1703 return 0;
1704
1705 /* we have a full HTTP/1.0 request now and we know that
1706 * we have either a CR or an LF at <ptr>.
1707 */
1708 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1709 return 1;
1710}
1711
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001712/* Parse the Connection: header of an HTTP request, looking for both "close"
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001713 * and "keep-alive" values. If we already know that some headers may safely
1714 * be removed, we remove them now. The <to_del> flags are used for that :
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001715 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1716 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
Willy Tarreau50fc7772012-11-11 22:19:57 +01001717 * Presence of the "Upgrade" token is also checked and reported.
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001718 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1719 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1720 * harmless combinations may be removed. Do not call that after changes have
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001721 * been processed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001722 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001723void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001724{
Willy Tarreau5b154472009-12-21 20:11:07 +01001725 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001726 const char *hdr_val = "Connection";
1727 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001728
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001729 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001730 return;
1731
Willy Tarreau88d349d2010-01-25 12:15:43 +01001732 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1733 hdr_val = "Proxy-Connection";
1734 hdr_len = 16;
1735 }
1736
Willy Tarreau5b154472009-12-21 20:11:07 +01001737 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001738 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001739 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001740 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1741 txn->flags |= TX_HDR_CONN_KAL;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001742 if (to_del & 2)
1743 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001744 else
1745 txn->flags |= TX_CON_KAL_SET;
1746 }
1747 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1748 txn->flags |= TX_HDR_CONN_CLO;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001749 if (to_del & 1)
1750 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001751 else
1752 txn->flags |= TX_CON_CLO_SET;
1753 }
Willy Tarreau50fc7772012-11-11 22:19:57 +01001754 else if (ctx.vlen >= 7 && word_match(ctx.line + ctx.val, ctx.vlen, "upgrade", 7)) {
1755 txn->flags |= TX_HDR_CONN_UPG;
1756 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001757 }
1758
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001759 txn->flags |= TX_HDR_CONN_PRS;
1760 return;
1761}
Willy Tarreau5b154472009-12-21 20:11:07 +01001762
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001763/* Apply desired changes on the Connection: header. Values may be removed and/or
1764 * added depending on the <wanted> flags, which are exclusively composed of
1765 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
1766 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
1767 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001768void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, int wanted)
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001769{
1770 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001771 const char *hdr_val = "Connection";
1772 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001773
1774 ctx.idx = 0;
1775
Willy Tarreau88d349d2010-01-25 12:15:43 +01001776
1777 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1778 hdr_val = "Proxy-Connection";
1779 hdr_len = 16;
1780 }
1781
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001782 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001783 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001784 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1785 if (wanted & TX_CON_KAL_SET)
1786 txn->flags |= TX_CON_KAL_SET;
1787 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001788 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01001789 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001790 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1791 if (wanted & TX_CON_CLO_SET)
1792 txn->flags |= TX_CON_CLO_SET;
1793 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001794 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01001795 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001796 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001797
1798 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
1799 return;
1800
1801 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
1802 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001803 hdr_val = "Connection: close";
1804 hdr_len = 17;
1805 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1806 hdr_val = "Proxy-Connection: close";
1807 hdr_len = 23;
1808 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001809 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001810 }
1811
1812 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
1813 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001814 hdr_val = "Connection: keep-alive";
1815 hdr_len = 22;
1816 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1817 hdr_val = "Proxy-Connection: keep-alive";
1818 hdr_len = 28;
1819 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001820 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001821 }
1822 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01001823}
1824
Willy Tarreaua458b672012-03-05 11:17:50 +01001825/* Parse the chunk size at msg->next. Once done, it adjusts ->next to point to the
Willy Tarreaud98cf932009-12-27 22:54:55 +01001826 * first byte of body, and increments msg->sov by the number of bytes parsed,
Willy Tarreau26927362012-05-18 23:22:52 +02001827 * so that we know we can forward between ->sol and ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001828 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001829 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001830 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001831static inline int http_parse_chunk_size(struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001832{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001833 const struct buffer *buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001834 const char *ptr = b_ptr(buf, msg->next);
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001835 const char *ptr_old = ptr;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001836 const char *end = buf->data + buf->size;
1837 const char *stop = bi_end(buf);
Willy Tarreau115acb92009-12-26 13:56:06 +01001838 unsigned int chunk = 0;
1839
1840 /* The chunk size is in the following form, though we are only
1841 * interested in the size and CRLF :
1842 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1843 */
1844 while (1) {
1845 int c;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001846 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001847 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001848 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001849 if (c < 0) /* not a hex digit anymore */
1850 break;
Willy Tarreau0161d622013-04-02 01:26:55 +02001851 if (unlikely(++ptr >= end))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001852 ptr = buf->data;
Willy Tarreau431946e2012-02-24 19:20:12 +01001853 if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001854 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001855 chunk = (chunk << 4) + c;
1856 }
1857
Willy Tarreaud98cf932009-12-27 22:54:55 +01001858 /* empty size not allowed */
Willy Tarreau0161d622013-04-02 01:26:55 +02001859 if (unlikely(ptr == ptr_old))
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001860 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001861
1862 while (http_is_spht[(unsigned char)*ptr]) {
1863 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001864 ptr = buf->data;
Willy Tarreau0161d622013-04-02 01:26:55 +02001865 if (unlikely(ptr == stop))
Willy Tarreau115acb92009-12-26 13:56:06 +01001866 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001867 }
1868
Willy Tarreaud98cf932009-12-27 22:54:55 +01001869 /* Up to there, we know that at least one byte is present at *ptr. Check
1870 * for the end of chunk size.
1871 */
1872 while (1) {
1873 if (likely(HTTP_IS_CRLF(*ptr))) {
1874 /* we now have a CR or an LF at ptr */
1875 if (likely(*ptr == '\r')) {
1876 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001877 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001878 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001879 return 0;
1880 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001881
Willy Tarreaud98cf932009-12-27 22:54:55 +01001882 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001883 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001884 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001885 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001886 /* done */
1887 break;
1888 }
1889 else if (*ptr == ';') {
1890 /* chunk extension, ends at next CRLF */
1891 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001892 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001893 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001894 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001895
1896 while (!HTTP_IS_CRLF(*ptr)) {
1897 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001898 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001899 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001900 return 0;
1901 }
1902 /* we have a CRLF now, loop above */
1903 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001904 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001905 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001906 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001907 }
1908
Willy Tarreaud98cf932009-12-27 22:54:55 +01001909 /* OK we found our CRLF and now <ptr> points to the next byte,
Willy Tarreaua458b672012-03-05 11:17:50 +01001910 * which may or may not be present. We save that into ->next and
Willy Tarreaud98cf932009-12-27 22:54:55 +01001911 * ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001912 */
Willy Tarreau0161d622013-04-02 01:26:55 +02001913 if (unlikely(ptr < ptr_old))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001914 msg->sov += buf->size;
Willy Tarreaua458b672012-03-05 11:17:50 +01001915 msg->sov += ptr - ptr_old;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001916 msg->next = buffer_count(buf, buf->p, ptr);
Willy Tarreau124d9912011-03-01 20:30:48 +01001917 msg->chunk_len = chunk;
1918 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001919 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01001920 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001921 error:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001922 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001923 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01001924}
1925
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001926/* This function skips trailers in the buffer associated with HTTP
Willy Tarreaua458b672012-03-05 11:17:50 +01001927 * message <msg>. The first visited position is msg->next. If the end of
Willy Tarreaud98cf932009-12-27 22:54:55 +01001928 * the trailers is found, it is automatically scheduled to be forwarded,
1929 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
1930 * If not enough data are available, the function does not change anything
Willy Tarreaua458b672012-03-05 11:17:50 +01001931 * except maybe msg->next and msg->sov if it could parse some lines, and returns
Willy Tarreau638cd022010-01-03 07:42:04 +01001932 * zero. If a parse error is encountered, the function returns < 0 and does not
Willy Tarreaua458b672012-03-05 11:17:50 +01001933 * change anything except maybe msg->next and msg->sov. Note that the message
Willy Tarreau638cd022010-01-03 07:42:04 +01001934 * must already be in HTTP_MSG_TRAILERS state before calling this function,
1935 * which implies that all non-trailers data have already been scheduled for
Willy Tarreau26927362012-05-18 23:22:52 +02001936 * forwarding, and that the difference between msg->sol and msg->sov exactly
Willy Tarreau638cd022010-01-03 07:42:04 +01001937 * matches the length of trailers already parsed and not forwarded. It is also
1938 * important to note that this function is designed to be able to parse wrapped
1939 * headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001940 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001941static int http_forward_trailers(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001942{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001943 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001944
Willy Tarreaua458b672012-03-05 11:17:50 +01001945 /* we have msg->next which points to next line. Look for CRLF. */
Willy Tarreaud98cf932009-12-27 22:54:55 +01001946 while (1) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001947 const char *p1 = NULL, *p2 = NULL;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001948 const char *ptr = b_ptr(buf, msg->next);
1949 const char *stop = bi_end(buf);
Willy Tarreau638cd022010-01-03 07:42:04 +01001950 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001951
1952 /* scan current line and stop at LF or CRLF */
1953 while (1) {
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001954 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001955 return 0;
1956
1957 if (*ptr == '\n') {
1958 if (!p1)
1959 p1 = ptr;
1960 p2 = ptr;
1961 break;
1962 }
1963
1964 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001965 if (p1) {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001966 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001967 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001968 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001969 p1 = ptr;
1970 }
1971
1972 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001973 if (ptr >= buf->data + buf->size)
1974 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001975 }
1976
1977 /* after LF; point to beginning of next line */
1978 p2++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001979 if (p2 >= buf->data + buf->size)
1980 p2 = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001981
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001982 bytes = p2 - b_ptr(buf, msg->next);
Willy Tarreau638cd022010-01-03 07:42:04 +01001983 if (bytes < 0)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001984 bytes += buf->size;
Willy Tarreau638cd022010-01-03 07:42:04 +01001985
1986 /* schedule this line for forwarding */
1987 msg->sov += bytes;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001988 if (msg->sov >= buf->size)
1989 msg->sov -= buf->size;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001990
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001991 if (p1 == b_ptr(buf, msg->next)) {
Willy Tarreau638cd022010-01-03 07:42:04 +01001992 /* LF/CRLF at beginning of line => end of trailers at p2.
1993 * Everything was scheduled for forwarding, there's nothing
1994 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01001995 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001996 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01001997 msg->msg_state = HTTP_MSG_DONE;
1998 return 1;
1999 }
2000 /* OK, next line then */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002001 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002002 }
2003}
2004
Willy Tarreau54d23df2012-10-25 19:04:45 +02002005/* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF or
Willy Tarreaud98cf932009-12-27 22:54:55 +01002006 * a possible LF alone at the end of a chunk. It automatically adjusts msg->sov,
Willy Tarreau26927362012-05-18 23:22:52 +02002007 * ->sol, ->next in order to include this part into the next forwarding phase.
Willy Tarreaua458b672012-03-05 11:17:50 +01002008 * Note that the caller must ensure that ->p points to the first byte to parse.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002009 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
2010 * not enough data are available, the function does not change anything and
2011 * returns zero. If a parse error is encountered, the function returns < 0 and
2012 * does not change anything. Note: this function is designed to parse wrapped
2013 * CRLF at the end of the buffer.
2014 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002015static inline int http_skip_chunk_crlf(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002016{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002017 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002018 const char *ptr;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002019 int bytes;
2020
2021 /* NB: we'll check data availabilty at the end. It's not a
2022 * problem because whatever we match first will be checked
2023 * against the correct length.
2024 */
2025 bytes = 1;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002026 ptr = buf->p;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002027 if (*ptr == '\r') {
2028 bytes++;
2029 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002030 if (ptr >= buf->data + buf->size)
2031 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002032 }
2033
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002034 if (bytes > buf->i)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002035 return 0;
2036
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002037 if (*ptr != '\n') {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002038 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002039 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002040 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002041
2042 ptr++;
Willy Tarreau0161d622013-04-02 01:26:55 +02002043 if (unlikely(ptr >= buf->data + buf->size))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002044 ptr = buf->data;
Willy Tarreau26927362012-05-18 23:22:52 +02002045 /* prepare the CRLF to be forwarded (between ->sol and ->sov) */
2046 msg->sol = 0;
Willy Tarreauea1175a2012-03-05 15:52:30 +01002047 msg->sov = msg->next = bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002048 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2049 return 1;
2050}
Willy Tarreau5b154472009-12-21 20:11:07 +01002051
William Lallemand82fe75c2012-10-23 10:25:10 +02002052
2053/*
2054 * Selects a compression algorithm depending on the client request.
Willy Tarreau05d84602012-10-26 02:11:25 +02002055 */
William Lallemand82fe75c2012-10-23 10:25:10 +02002056int select_compression_request_header(struct session *s, struct buffer *req)
2057{
2058 struct http_txn *txn = &s->txn;
Willy Tarreau70737d12012-10-27 00:34:28 +02002059 struct http_msg *msg = &txn->req;
William Lallemand82fe75c2012-10-23 10:25:10 +02002060 struct hdr_ctx ctx;
2061 struct comp_algo *comp_algo = NULL;
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002062 struct comp_algo *comp_algo_back = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002063
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002064 /* Disable compression for older user agents announcing themselves as "Mozilla/4"
2065 * unless they are known good (MSIE 6 with XP SP2, or MSIE 7 and later).
Willy Tarreau05d84602012-10-26 02:11:25 +02002066 * See http://zoompf.com/2012/02/lose-the-wait-http-compression for more details.
2067 */
2068 ctx.idx = 0;
2069 if (http_find_header2("User-Agent", 10, req->p, &txn->hdr_idx, &ctx) &&
2070 ctx.vlen >= 9 &&
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002071 memcmp(ctx.line + ctx.val, "Mozilla/4", 9) == 0 &&
2072 (ctx.vlen < 31 ||
2073 memcmp(ctx.line + ctx.val + 25, "MSIE ", 5) != 0 ||
2074 ctx.line[ctx.val + 30] < '6' ||
2075 (ctx.line[ctx.val + 30] == '6' &&
2076 (ctx.vlen < 54 || memcmp(ctx.line + 51, "SV1", 3) != 0)))) {
2077 s->comp_algo = NULL;
2078 return 0;
Willy Tarreau05d84602012-10-26 02:11:25 +02002079 }
2080
William Lallemand82fe75c2012-10-23 10:25:10 +02002081 /* search for the algo in the backend in priority or the frontend */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002082 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002083 ctx.idx = 0;
2084 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002085 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002086 if (word_match(ctx.line + ctx.val, ctx.vlen, comp_algo->name, comp_algo->name_len)) {
2087 s->comp_algo = comp_algo;
Willy Tarreau70737d12012-10-27 00:34:28 +02002088
2089 /* remove all occurrences of the header when "compression offload" is set */
2090
2091 if ((s->be->comp && s->be->comp->offload) ||
2092 (s->fe->comp && s->fe->comp->offload)) {
2093 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2094 ctx.idx = 0;
2095 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
2096 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2097 }
2098 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002099 return 1;
2100 }
2101 }
2102 }
2103 }
2104
2105 /* identity is implicit does not require headers */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002106 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
2107 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002108 if (comp_algo->add_data == identity_add_data) {
2109 s->comp_algo = comp_algo;
2110 return 1;
2111 }
2112 }
2113 }
2114
2115 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002116 return 0;
2117}
2118
2119/*
2120 * Selects a comression algorithm depending of the server response.
2121 */
2122int select_compression_response_header(struct session *s, struct buffer *res)
2123{
2124 struct http_txn *txn = &s->txn;
2125 struct http_msg *msg = &txn->rsp;
2126 struct hdr_ctx ctx;
2127 struct comp_type *comp_type;
William Lallemand82fe75c2012-10-23 10:25:10 +02002128
2129 /* no common compression algorithm was found in request header */
2130 if (s->comp_algo == NULL)
2131 goto fail;
2132
2133 /* HTTP < 1.1 should not be compressed */
2134 if (!(msg->flags & HTTP_MSGF_VER_11))
2135 goto fail;
2136
William Lallemandd3002612012-11-26 14:34:47 +01002137 /* 200 only */
2138 if (txn->status != 200)
2139 goto fail;
2140
William Lallemand82fe75c2012-10-23 10:25:10 +02002141 /* Content-Length is null */
2142 if (!(msg->flags & HTTP_MSGF_TE_CHNK) && msg->body_len == 0)
2143 goto fail;
2144
Willy Tarreau667c2a32013-04-09 08:13:58 +02002145 /* TEMPORARY WORKAROUND: do not compress if response is chunked !!!!!! */
2146 if (msg->flags & HTTP_MSGF_TE_CHNK)
2147 goto fail;
2148
William Lallemand82fe75c2012-10-23 10:25:10 +02002149 /* content is already compressed */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002150 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002151 if (http_find_header2("Content-Encoding", 16, res->p, &txn->hdr_idx, &ctx))
2152 goto fail;
2153
Willy Tarreau56e9ffa2013-01-05 16:20:35 +01002154 /* no compression when Cache-Control: no-transform is present in the message */
2155 ctx.idx = 0;
2156 while (http_find_header2("Cache-Control", 13, res->p, &txn->hdr_idx, &ctx)) {
2157 if (word_match(ctx.line + ctx.val, ctx.vlen, "no-transform", 12))
2158 goto fail;
2159 }
2160
William Lallemand82fe75c2012-10-23 10:25:10 +02002161 comp_type = NULL;
2162
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002163 /* we don't want to compress multipart content-types, nor content-types that are
2164 * not listed in the "compression type" directive if any. If no content-type was
2165 * found but configuration requires one, we don't compress either. Backend has
2166 * the priority.
William Lallemand82fe75c2012-10-23 10:25:10 +02002167 */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002168 ctx.idx = 0;
2169 if (http_find_header2("Content-Type", 12, res->p, &txn->hdr_idx, &ctx)) {
2170 if (ctx.vlen >= 9 && strncasecmp("multipart", ctx.line+ctx.val, 9) == 0)
2171 goto fail;
2172
2173 if ((s->be->comp && (comp_type = s->be->comp->types)) ||
2174 (s->fe->comp && (comp_type = s->fe->comp->types))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002175 for (; comp_type; comp_type = comp_type->next) {
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002176 if (ctx.vlen >= comp_type->name_len &&
2177 strncasecmp(ctx.line+ctx.val, comp_type->name, comp_type->name_len) == 0)
William Lallemand82fe75c2012-10-23 10:25:10 +02002178 /* this Content-Type should be compressed */
2179 break;
2180 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002181 /* this Content-Type should not be compressed */
2182 if (comp_type == NULL)
2183 goto fail;
William Lallemand82fe75c2012-10-23 10:25:10 +02002184 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002185 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002186 else { /* no content-type header */
2187 if ((s->be->comp && s->be->comp->types) || (s->fe->comp && s->fe->comp->types))
2188 goto fail; /* a content-type was required */
William Lallemandd3002612012-11-26 14:34:47 +01002189 }
2190
William Lallemandd85f9172012-11-09 17:05:39 +01002191 /* limit compression rate */
2192 if (global.comp_rate_lim > 0)
2193 if (read_freq_ctr(&global.comp_bps_in) > global.comp_rate_lim)
2194 goto fail;
2195
William Lallemand072a2bf2012-11-20 17:01:01 +01002196 /* limit cpu usage */
2197 if (idle_pct < compress_min_idle)
2198 goto fail;
2199
William Lallemand4c49fae2012-11-07 15:00:23 +01002200 /* initialize compression */
William Lallemandf3747832012-11-09 12:33:10 +01002201 if (s->comp_algo->init(&s->comp_ctx, global.tune.comp_maxlevel) < 0)
William Lallemand4c49fae2012-11-07 15:00:23 +01002202 goto fail;
2203
William Lallemandec3e3892012-11-12 17:02:18 +01002204 s->flags |= SN_COMP_READY;
2205
William Lallemand82fe75c2012-10-23 10:25:10 +02002206 /* remove Content-Length header */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002207 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002208 if ((msg->flags & HTTP_MSGF_CNT_LEN) && http_find_header2("Content-Length", 14, res->p, &txn->hdr_idx, &ctx))
2209 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2210
2211 /* add Transfer-Encoding header */
2212 if (!(msg->flags & HTTP_MSGF_TE_CHNK))
2213 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, "Transfer-Encoding: chunked", 26);
2214
2215 /*
2216 * Add Content-Encoding header when it's not identity encoding.
2217 * RFC 2616 : Identity encoding: This content-coding is used only in the
2218 * Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding
2219 * header.
2220 */
2221 if (s->comp_algo->add_data != identity_add_data) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002222 trash.len = 18;
2223 memcpy(trash.str, "Content-Encoding: ", trash.len);
2224 memcpy(trash.str + trash.len, s->comp_algo->name, s->comp_algo->name_len);
2225 trash.len += s->comp_algo->name_len;
2226 trash.str[trash.len] = '\0';
2227 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
William Lallemand82fe75c2012-10-23 10:25:10 +02002228 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002229 return 1;
2230
2231fail:
Willy Tarreaub97b6192012-11-19 14:55:02 +01002232 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002233 return 0;
2234}
2235
2236
Willy Tarreaud787e662009-07-07 10:14:51 +02002237/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2238 * processing can continue on next analysers, or zero if it either needs more
2239 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2240 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2241 * when it has nothing left to do, and may remove any analyser when it wants to
2242 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002243 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002244int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002245{
Willy Tarreau59234e92008-11-30 23:51:27 +01002246 /*
2247 * We will parse the partial (or complete) lines.
2248 * We will check the request syntax, and also join multi-line
2249 * headers. An index of all the lines will be elaborated while
2250 * parsing.
2251 *
2252 * For the parsing, we use a 28 states FSM.
2253 *
2254 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02002255 * req->buf->p = beginning of request
2256 * req->buf->p + msg->eoh = end of processed headers / start of current one
2257 * req->buf->p + req->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02002258 * msg->eol = end of current header or line (LF or CRLF)
2259 * msg->next = first non-visited byte
Willy Tarreaud787e662009-07-07 10:14:51 +02002260 *
2261 * At end of parsing, we may perform a capture of the error (if any), and
2262 * we will set a few fields (msg->sol, txn->meth, sn->flags/SN_REDIRECTABLE).
2263 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2264 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002265 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002266
Willy Tarreau59234e92008-11-30 23:51:27 +01002267 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002268 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002269 struct http_txn *txn = &s->txn;
2270 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002271 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002272
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002273 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau6bf17362009-02-24 10:48:35 +01002274 now_ms, __FUNCTION__,
2275 s,
2276 req,
2277 req->rex, req->wex,
2278 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002279 req->buf->i,
Willy Tarreau6bf17362009-02-24 10:48:35 +01002280 req->analysers);
2281
Willy Tarreau52a0c602009-08-16 22:45:38 +02002282 /* we're speaking HTTP here, so let's speak HTTP to the client */
2283 s->srv_error = http_return_srv_error;
2284
Willy Tarreau83e3af02009-12-28 17:39:57 +01002285 /* There's a protected area at the end of the buffer for rewriting
2286 * purposes. We don't want to start to parse the request if the
2287 * protected area is affected, because we may have to move processed
2288 * data later, which is much more complicated.
2289 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002290 if (buffer_not_empty(req->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02002291 if (txn->flags & TX_NOT_FIRST) {
2292 if (unlikely(!channel_reserved(req))) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002293 if (req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002294 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002295 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002296 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002297 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002298 return 0;
2299 }
Willy Tarreau379357a2013-06-08 12:55:46 +02002300 if (unlikely(bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2301 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite))
2302 buffer_slow_realign(req->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002303 }
2304
Willy Tarreau065e8332010-01-08 00:30:20 +01002305 /* Note that we have the same problem with the response ; we
2306 * may want to send a redirect, error or anything which requires
2307 * some spare space. So we'll ensure that we have at least
2308 * maxrewrite bytes available in the response buffer before
2309 * processing that one. This will only affect pipelined
2310 * keep-alive requests.
2311 */
2312 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau379357a2013-06-08 12:55:46 +02002313 unlikely(!channel_reserved(s->rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002314 bi_end(s->rep->buf) < b_ptr(s->rep->buf, txn->rsp.next) ||
2315 bi_end(s->rep->buf) > s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)) {
2316 if (s->rep->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002317 if (s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002318 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002319 /* don't let a connection request be initiated */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002320 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002321 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau0499e352010-12-17 07:13:42 +01002322 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002323 return 0;
2324 }
2325 }
2326
Willy Tarreau9b28e032012-10-12 23:49:43 +02002327 if (likely(msg->next < req->buf->i)) /* some unparsed data are available */
Willy Tarreaua560c212012-03-09 13:50:57 +01002328 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002329 }
2330
Willy Tarreau59234e92008-11-30 23:51:27 +01002331 /* 1: we might have to print this header in debug mode */
2332 if (unlikely((global.mode & MODE_DEBUG) &&
2333 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002334 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002335 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002336
Willy Tarreau9b28e032012-10-12 23:49:43 +02002337 sol = req->buf->p;
Willy Tarreaue92693a2012-09-24 21:13:39 +02002338 /* this is a bit complex : in case of error on the request line,
2339 * we know that rq.l is still zero, so we display only the part
2340 * up to the end of the line (truncated by debug_hdr).
2341 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002342 eol = sol + (msg->sl.rq.l ? msg->sl.rq.l : req->buf->i);
Willy Tarreau59234e92008-11-30 23:51:27 +01002343 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002344
Willy Tarreau59234e92008-11-30 23:51:27 +01002345 sol += hdr_idx_first_pos(&txn->hdr_idx);
2346 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002347
Willy Tarreau59234e92008-11-30 23:51:27 +01002348 while (cur_idx) {
2349 eol = sol + txn->hdr_idx.v[cur_idx].len;
2350 debug_hdr("clihdr", s, sol, eol);
2351 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2352 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002353 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002354 }
2355
Willy Tarreau58f10d72006-12-04 02:26:12 +01002356
Willy Tarreau59234e92008-11-30 23:51:27 +01002357 /*
2358 * Now we quickly check if we have found a full valid request.
2359 * If not so, we check the FD and buffer states before leaving.
2360 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002361 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002362 * requests are checked first. When waiting for a second request
2363 * on a keep-alive session, if we encounter and error, close, t/o,
2364 * we note the error in the session flags but don't set any state.
2365 * Since the error will be noted there, it will not be counted by
2366 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002367 * Last, we may increase some tracked counters' http request errors on
2368 * the cases that are deliberately the client's fault. For instance,
2369 * a timeout or connection reset is not counted as an error. However
2370 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002371 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002372
Willy Tarreau655dce92009-11-08 13:10:58 +01002373 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002374 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002375 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002376 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002377 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002378 session_inc_http_req_ctr(s);
2379 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002380 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002381 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002382 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002383
Willy Tarreau59234e92008-11-30 23:51:27 +01002384 /* 1: Since we are in header mode, if there's no space
2385 * left for headers, we won't be able to free more
2386 * later, so the session will never terminate. We
2387 * must terminate it now.
2388 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002389 if (unlikely(buffer_full(req->buf, global.tune.maxrewrite))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002390 /* FIXME: check if URI is set and return Status
2391 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002392 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002393 session_inc_http_req_ctr(s);
2394 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002395 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreaufec4d892011-09-02 20:04:57 +02002396 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02002397 msg->err_pos = req->buf->i;
Willy Tarreau59234e92008-11-30 23:51:27 +01002398 goto return_bad_req;
2399 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002400
Willy Tarreau59234e92008-11-30 23:51:27 +01002401 /* 2: have we encountered a read error ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002402 else if (req->flags & CF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002403 if (!(s->flags & SN_ERR_MASK))
2404 s->flags |= SN_ERR_CLICL;
2405
Willy Tarreaufcffa692010-01-10 14:21:19 +01002406 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002407 goto failed_keep_alive;
2408
Willy Tarreau59234e92008-11-30 23:51:27 +01002409 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002410 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002411 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002412 session_inc_http_err_ctr(s);
2413 }
2414
Willy Tarreaudc979f22012-12-04 10:39:01 +01002415 txn->status = 400;
2416 stream_int_retnclose(req->prod, NULL);
Willy Tarreau59234e92008-11-30 23:51:27 +01002417 msg->msg_state = HTTP_MSG_ERROR;
2418 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002419
Willy Tarreauda7ff642010-06-23 11:44:09 +02002420 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002421 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002422 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002423 if (s->listener->counters)
2424 s->listener->counters->failed_req++;
2425
Willy Tarreau59234e92008-11-30 23:51:27 +01002426 if (!(s->flags & SN_FINST_MASK))
2427 s->flags |= SN_FINST_R;
2428 return 0;
2429 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002430
Willy Tarreau59234e92008-11-30 23:51:27 +01002431 /* 3: has the read timeout expired ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002432 else if (req->flags & CF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002433 if (!(s->flags & SN_ERR_MASK))
2434 s->flags |= SN_ERR_CLITO;
2435
Willy Tarreaufcffa692010-01-10 14:21:19 +01002436 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002437 goto failed_keep_alive;
2438
Willy Tarreau59234e92008-11-30 23:51:27 +01002439 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002440 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002441 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002442 session_inc_http_err_ctr(s);
2443 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002444 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02002445 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau59234e92008-11-30 23:51:27 +01002446 msg->msg_state = HTTP_MSG_ERROR;
2447 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002448
Willy Tarreauda7ff642010-06-23 11:44:09 +02002449 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002450 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002451 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002452 if (s->listener->counters)
2453 s->listener->counters->failed_req++;
2454
Willy Tarreau59234e92008-11-30 23:51:27 +01002455 if (!(s->flags & SN_FINST_MASK))
2456 s->flags |= SN_FINST_R;
2457 return 0;
2458 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002459
Willy Tarreau59234e92008-11-30 23:51:27 +01002460 /* 4: have we encountered a close ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002461 else if (req->flags & CF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002462 if (!(s->flags & SN_ERR_MASK))
2463 s->flags |= SN_ERR_CLICL;
2464
Willy Tarreaufcffa692010-01-10 14:21:19 +01002465 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002466 goto failed_keep_alive;
2467
Willy Tarreau4076a152009-04-02 15:18:36 +02002468 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002469 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002470 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002471 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau59234e92008-11-30 23:51:27 +01002472 msg->msg_state = HTTP_MSG_ERROR;
2473 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002474
Willy Tarreauda7ff642010-06-23 11:44:09 +02002475 session_inc_http_err_ctr(s);
2476 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002477 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002478 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002479 if (s->listener->counters)
2480 s->listener->counters->failed_req++;
2481
Willy Tarreau59234e92008-11-30 23:51:27 +01002482 if (!(s->flags & SN_FINST_MASK))
2483 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002484 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002485 }
2486
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002487 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002488 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
2489 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau5e205522011-12-17 16:34:27 +01002490#ifdef TCP_QUICKACK
Willy Tarreau9b28e032012-10-12 23:49:43 +02002491 if (s->listener->options & LI_O_NOQUICKACK && req->buf->i) {
Willy Tarreau5e205522011-12-17 16:34:27 +01002492 /* We need more data, we have to re-enable quick-ack in case we
2493 * previously disabled it, otherwise we might cause the client
2494 * to delay next data.
2495 */
Willy Tarreau7f7ad912012-11-11 19:27:15 +01002496 setsockopt(s->si[0].conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01002497 }
2498#endif
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002499
Willy Tarreaufcffa692010-01-10 14:21:19 +01002500 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2501 /* If the client starts to talk, let's fall back to
2502 * request timeout processing.
2503 */
2504 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002505 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002506 }
2507
Willy Tarreau59234e92008-11-30 23:51:27 +01002508 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002509 if (!tick_isset(req->analyse_exp)) {
2510 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2511 (txn->flags & TX_WAIT_NEXT_RQ) &&
2512 tick_isset(s->be->timeout.httpka))
2513 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2514 else
2515 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2516 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002517
Willy Tarreau59234e92008-11-30 23:51:27 +01002518 /* we're not ready yet */
2519 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002520
2521 failed_keep_alive:
2522 /* Here we process low-level errors for keep-alive requests. In
2523 * short, if the request is not the first one and it experiences
2524 * a timeout, read error or shutdown, we just silently close so
2525 * that the client can try again.
2526 */
2527 txn->status = 0;
2528 msg->msg_state = HTTP_MSG_RQBEFORE;
2529 req->analysers = 0;
2530 s->logs.logwait = 0;
Willy Tarreauabcd5142013-06-11 17:18:02 +02002531 s->logs.level = 0;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002532 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002533 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002534 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002535 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002536
Willy Tarreaud787e662009-07-07 10:14:51 +02002537 /* OK now we have a complete HTTP request with indexed headers. Let's
2538 * complete the request parsing by setting a few fields we will need
Willy Tarreau9b28e032012-10-12 23:49:43 +02002539 * later. At this point, we have the last CRLF at req->buf->data + msg->eoh.
Willy Tarreaufa355d42009-11-29 18:12:29 +01002540 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
Willy Tarreaua458b672012-03-05 11:17:50 +01002541 * points to the CRLF of the request line. msg->next points to the first
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01002542 * byte after the last LF. msg->sov points to the first byte of data.
2543 * msg->eol cannot be trusted because it may have been left uninitialized
2544 * (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002545 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002546
Willy Tarreauda7ff642010-06-23 11:44:09 +02002547 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002548 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2549
Willy Tarreaub16a5742010-01-10 14:46:16 +01002550 if (txn->flags & TX_WAIT_NEXT_RQ) {
2551 /* kill the pending keep-alive timeout */
2552 txn->flags &= ~TX_WAIT_NEXT_RQ;
2553 req->analyse_exp = TICK_ETERNITY;
2554 }
2555
2556
Willy Tarreaud787e662009-07-07 10:14:51 +02002557 /* Maybe we found in invalid header name while we were configured not
2558 * to block on that, so we have to capture it now.
2559 */
2560 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002561 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002562
Willy Tarreau59234e92008-11-30 23:51:27 +01002563 /*
2564 * 1: identify the method
2565 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002566 txn->meth = find_http_meth(req->buf->p, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002567
2568 /* we can make use of server redirect on GET and HEAD */
2569 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2570 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002571
Willy Tarreau59234e92008-11-30 23:51:27 +01002572 /*
2573 * 2: check if the URI matches the monitor_uri.
2574 * We have to do this for every request which gets in, because
2575 * the monitor-uri is defined by the frontend.
2576 */
2577 if (unlikely((s->fe->monitor_uri_len != 0) &&
2578 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002579 !memcmp(req->buf->p + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002580 s->fe->monitor_uri,
2581 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002582 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002583 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002584 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002585 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002586
Willy Tarreau59234e92008-11-30 23:51:27 +01002587 s->flags |= SN_MONITOR;
Willy Tarreaueabea072011-09-10 23:29:44 +02002588 s->fe->fe_counters.intercepted_req++;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002589
Willy Tarreau59234e92008-11-30 23:51:27 +01002590 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002591 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002592 int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau11382812008-07-09 16:18:21 +02002593
Willy Tarreau59234e92008-11-30 23:51:27 +01002594 ret = acl_pass(ret);
2595 if (cond->pol == ACL_COND_UNLESS)
2596 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002597
Willy Tarreau59234e92008-11-30 23:51:27 +01002598 if (ret) {
2599 /* we fail this request, let's return 503 service unavail */
2600 txn->status = 503;
Willy Tarreau783f2582012-09-04 12:19:04 +02002601 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
Willy Tarreau570f2212013-06-10 16:42:09 +02002602 if (!(s->flags & SN_ERR_MASK))
2603 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002604 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002605 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002606 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002607
Willy Tarreau59234e92008-11-30 23:51:27 +01002608 /* nothing to fail, let's reply normaly */
2609 txn->status = 200;
Willy Tarreau783f2582012-09-04 12:19:04 +02002610 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
Willy Tarreau570f2212013-06-10 16:42:09 +02002611 if (!(s->flags & SN_ERR_MASK))
2612 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002613 goto return_prx_cond;
2614 }
2615
2616 /*
2617 * 3: Maybe we have to copy the original REQURI for the logs ?
2618 * Note: we cannot log anymore if the request has been
2619 * classified as invalid.
2620 */
2621 if (unlikely(s->logs.logwait & LW_REQ)) {
2622 /* we have a complete HTTP request that we must log */
2623 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2624 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002625
Willy Tarreau59234e92008-11-30 23:51:27 +01002626 if (urilen >= REQURI_LEN)
2627 urilen = REQURI_LEN - 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +02002628 memcpy(txn->uri, req->buf->p, urilen);
Willy Tarreau59234e92008-11-30 23:51:27 +01002629 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002630
Willy Tarreaud79a3b22012-12-28 09:40:16 +01002631 if (!(s->logs.logwait &= ~(LW_REQ|LW_INIT)))
Willy Tarreau59234e92008-11-30 23:51:27 +01002632 s->do_log(s);
2633 } else {
2634 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002635 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002636 }
Willy Tarreau06619262006-12-17 08:37:22 +01002637
Willy Tarreau59234e92008-11-30 23:51:27 +01002638 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01002639 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002640 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002641
Willy Tarreau5b154472009-12-21 20:11:07 +01002642 /* ... and check if the request is HTTP/1.1 or above */
2643 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002644 ((req->buf->p[msg->sl.rq.v + 5] > '1') ||
2645 ((req->buf->p[msg->sl.rq.v + 5] == '1') &&
2646 (req->buf->p[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002647 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01002648
2649 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01002650 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL | TX_HDR_CONN_UPG);
Willy Tarreau5b154472009-12-21 20:11:07 +01002651
Willy Tarreau88d349d2010-01-25 12:15:43 +01002652 /* if the frontend has "option http-use-proxy-header", we'll check if
2653 * we have what looks like a proxied connection instead of a connection,
2654 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2655 * Note that this is *not* RFC-compliant, however browsers and proxies
2656 * happen to do that despite being non-standard :-(
2657 * We consider that a request not beginning with either '/' or '*' is
2658 * a proxied connection, which covers both "scheme://location" and
2659 * CONNECT ip:port.
2660 */
2661 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002662 req->buf->p[msg->sl.rq.u] != '/' && req->buf->p[msg->sl.rq.u] != '*')
Willy Tarreau88d349d2010-01-25 12:15:43 +01002663 txn->flags |= TX_USE_PX_CONN;
2664
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002665 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002666 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002667
Willy Tarreau59234e92008-11-30 23:51:27 +01002668 /* 5: we may need to capture headers */
Willy Tarreau42f7d892012-03-24 08:28:09 +01002669 if (unlikely((s->logs.logwait & LW_REQHDR) && txn->req.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02002670 capture_headers(req->buf->p, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002671 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002672
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002673 /* 6: determine the transfer-length.
2674 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2675 * the presence of a message-body in a REQUEST and its transfer length
2676 * must be determined that way (in order of precedence) :
2677 * 1. The presence of a message-body in a request is signaled by the
2678 * inclusion of a Content-Length or Transfer-Encoding header field
2679 * in the request's header fields. When a request message contains
2680 * both a message-body of non-zero length and a method that does
2681 * not define any semantics for that request message-body, then an
2682 * origin server SHOULD either ignore the message-body or respond
2683 * with an appropriate error message (e.g., 413). A proxy or
2684 * gateway, when presented the same request, SHOULD either forward
2685 * the request inbound with the message- body or ignore the
2686 * message-body when determining a response.
2687 *
2688 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2689 * and the "chunked" transfer-coding (Section 6.2) is used, the
2690 * transfer-length is defined by the use of this transfer-coding.
2691 * If a Transfer-Encoding header field is present and the "chunked"
2692 * transfer-coding is not present, the transfer-length is defined
2693 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002694 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002695 * 3. If a Content-Length header field is present, its decimal value in
2696 * OCTETs represents both the entity-length and the transfer-length.
2697 * If a message is received with both a Transfer-Encoding header
2698 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002699 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002700 * 4. By the server closing the connection. (Closing the connection
2701 * cannot be used to indicate the end of a request body, since that
2702 * would leave no possibility for the server to send back a response.)
2703 *
2704 * Whenever a transfer-coding is applied to a message-body, the set of
2705 * transfer-codings MUST include "chunked", unless the message indicates
2706 * it is terminated by closing the connection. When the "chunked"
2707 * transfer-coding is used, it MUST be the last transfer-coding applied
2708 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002709 */
2710
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002711 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002712 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002713 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002714 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002715 http_find_header2("Transfer-Encoding", 17, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002716 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002717 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
2718 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002719 /* bad transfer-encoding (chunked followed by something else) */
2720 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002721 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002722 break;
2723 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002724 }
2725
Willy Tarreau32b47f42009-10-18 20:55:02 +02002726 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002727 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002728 http_find_header2("Content-Length", 14, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau32b47f42009-10-18 20:55:02 +02002729 signed long long cl;
2730
Willy Tarreauad14f752011-09-02 20:33:27 +02002731 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002732 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002733 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002734 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002735
Willy Tarreauad14f752011-09-02 20:33:27 +02002736 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002737 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002738 goto return_bad_req; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02002739 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002740
Willy Tarreauad14f752011-09-02 20:33:27 +02002741 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002742 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002743 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002744 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002745
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002746 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002747 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002748 goto return_bad_req; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02002749 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002750
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002751 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002752 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002753 }
2754
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002755 /* bodyless requests have a known length */
2756 if (!use_close_only)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002757 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002758
Willy Tarreaud787e662009-07-07 10:14:51 +02002759 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002760 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002761 req->analyse_exp = TICK_ETERNITY;
2762 return 1;
2763
2764 return_bad_req:
2765 /* We centralize bad requests processing here */
2766 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2767 /* we detected a parsing error. We want to archive this request
2768 * in the dedicated proxy area for later troubleshooting.
2769 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002770 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002771 }
2772
2773 txn->req.msg_state = HTTP_MSG_ERROR;
2774 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002775 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002776
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002777 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002778 if (s->listener->counters)
2779 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002780
2781 return_prx_cond:
2782 if (!(s->flags & SN_ERR_MASK))
2783 s->flags |= SN_ERR_PRXCOND;
2784 if (!(s->flags & SN_FINST_MASK))
2785 s->flags |= SN_FINST_R;
2786
2787 req->analysers = 0;
2788 req->analyse_exp = TICK_ETERNITY;
2789 return 0;
2790}
2791
Cyril Bonté70be45d2010-10-12 00:14:35 +02002792/* We reached the stats page through a POST request.
2793 * Parse the posted data and enable/disable servers if necessary.
Cyril Bonté23b39d92011-02-10 22:54:44 +01002794 * Returns 1 if request was parsed or zero if it needs more data.
Cyril Bonté70be45d2010-10-12 00:14:35 +02002795 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002796int http_process_req_stat_post(struct stream_interface *si, struct http_txn *txn, struct channel *req)
Cyril Bonté70be45d2010-10-12 00:14:35 +02002797{
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002798 struct proxy *px = NULL;
2799 struct server *sv = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002800
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002801 char key[LINESIZE];
2802 int action = ST_ADM_ACTION_NONE;
2803 int reprocess = 0;
2804
2805 int total_servers = 0;
2806 int altered_servers = 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002807
2808 char *first_param, *cur_param, *next_param, *end_params;
Willy Tarreau46787ed2012-04-11 17:28:40 +02002809 char *st_cur_param = NULL;
2810 char *st_next_param = NULL;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002811
Willy Tarreau9b28e032012-10-12 23:49:43 +02002812 first_param = req->buf->p + txn->req.eoh + 2;
Willy Tarreau124d9912011-03-01 20:30:48 +01002813 end_params = first_param + txn->req.body_len;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002814
2815 cur_param = next_param = end_params;
2816
Willy Tarreau9b28e032012-10-12 23:49:43 +02002817 if (end_params >= req->buf->data + req->buf->size - global.tune.maxrewrite) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002818 /* Prevent buffer overflow */
Willy Tarreau295a8372011-03-10 11:25:07 +01002819 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002820 return 1;
2821 }
Willy Tarreau9b28e032012-10-12 23:49:43 +02002822 else if (end_params > req->buf->p + req->buf->i) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01002823 /* we need more data */
Willy Tarreau295a8372011-03-10 11:25:07 +01002824 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté23b39d92011-02-10 22:54:44 +01002825 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002826 }
2827
2828 *end_params = '\0';
2829
Willy Tarreau295a8372011-03-10 11:25:07 +01002830 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002831
2832 /*
2833 * Parse the parameters in reverse order to only store the last value.
2834 * From the html form, the backend and the action are at the end.
2835 */
2836 while (cur_param > first_param) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002837 char *value;
2838 int poffset, plen;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002839
2840 cur_param--;
2841 if ((*cur_param == '&') || (cur_param == first_param)) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002842 reprocess_servers:
Cyril Bonté70be45d2010-10-12 00:14:35 +02002843 /* Parse the key */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002844 poffset = (cur_param != first_param ? 1 : 0);
2845 plen = next_param - cur_param + (cur_param == first_param ? 1 : 0);
2846 if ((plen > 0) && (plen <= sizeof(key))) {
2847 strncpy(key, cur_param + poffset, plen);
2848 key[plen - 1] = '\0';
2849 } else {
2850 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
2851 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002852 }
2853
2854 /* Parse the value */
2855 value = key;
2856 while (*value != '\0' && *value != '=') {
2857 value++;
2858 }
2859 if (*value == '=') {
2860 /* Ok, a value is found, we can mark the end of the key */
2861 *value++ = '\0';
2862 }
2863
Thierry FOURNIER5068d962013-10-04 16:27:27 +02002864 if (url_decode(key) < 0 || url_decode(value) < 0)
Willy Tarreaubf9c2fc2011-05-31 18:06:18 +02002865 break;
2866
Cyril Bonté70be45d2010-10-12 00:14:35 +02002867 /* Now we can check the key to see what to do */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002868 if (!px && (strcmp(key, "b") == 0)) {
2869 if ((px = findproxy(value, PR_CAP_BE)) == NULL) {
2870 /* the backend name is unknown or ambiguous (duplicate names) */
2871 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2872 goto out;
2873 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02002874 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002875 else if (!action && (strcmp(key, "action") == 0)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002876 if (strcmp(value, "disable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002877 action = ST_ADM_ACTION_DISABLE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002878 }
2879 else if (strcmp(value, "enable") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002880 action = ST_ADM_ACTION_ENABLE;
2881 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002882 else if (strcmp(value, "stop") == 0) {
2883 action = ST_ADM_ACTION_STOP;
2884 }
2885 else if (strcmp(value, "start") == 0) {
2886 action = ST_ADM_ACTION_START;
2887 }
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002888 else if (strcmp(value, "shutdown") == 0) {
2889 action = ST_ADM_ACTION_SHUTDOWN;
2890 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002891 else {
2892 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2893 goto out;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002894 }
2895 }
2896 else if (strcmp(key, "s") == 0) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002897 if (!(px && action)) {
2898 /*
2899 * Indicates that we'll need to reprocess the parameters
2900 * as soon as backend and action are known
2901 */
2902 if (!reprocess) {
2903 st_cur_param = cur_param;
2904 st_next_param = next_param;
2905 }
2906 reprocess = 1;
2907 }
2908 else if ((sv = findserver(px, value)) != NULL) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002909 switch (action) {
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002910 case ST_ADM_ACTION_DISABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002911 if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002912 /* Not already in maintenance, we can change the server state */
2913 sv->state |= SRV_MAINTAIN;
2914 set_server_down(sv);
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002915 altered_servers++;
2916 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002917 }
2918 break;
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002919 case ST_ADM_ACTION_ENABLE:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002920 if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002921 /* Already in maintenance, we can change the server state */
2922 set_server_up(sv);
Willy Tarreau70461302010-10-22 14:39:02 +02002923 sv->health = sv->rise; /* up, but will fall down at first failure */
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002924 altered_servers++;
2925 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002926 }
Willy Tarreaud7282242012-06-04 00:22:44 +02002927 break;
2928 case ST_ADM_ACTION_STOP:
2929 case ST_ADM_ACTION_START:
2930 if (action == ST_ADM_ACTION_START)
2931 sv->uweight = sv->iweight;
2932 else
2933 sv->uweight = 0;
2934
2935 if (px->lbprm.algo & BE_LB_PROP_DYN) {
2936 /* we must take care of not pushing the server to full throttle during slow starts */
2937 if ((sv->state & SRV_WARMINGUP) && (px->lbprm.algo & BE_LB_PROP_DYN))
2938 sv->eweight = (BE_WEIGHT_SCALE * (now.tv_sec - sv->last_change) + sv->slowstart - 1) / sv->slowstart;
2939 else
2940 sv->eweight = BE_WEIGHT_SCALE;
2941 sv->eweight *= sv->uweight;
2942 } else {
2943 sv->eweight = sv->uweight;
2944 }
2945
2946 /* static LB algorithms are a bit harder to update */
2947 if (px->lbprm.update_server_eweight)
2948 px->lbprm.update_server_eweight(sv);
2949 else if (sv->eweight) {
2950 if (px->lbprm.set_server_status_up)
2951 px->lbprm.set_server_status_up(sv);
2952 }
2953 else {
2954 if (px->lbprm.set_server_status_down)
2955 px->lbprm.set_server_status_down(sv);
2956 }
2957 altered_servers++;
2958 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002959 break;
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002960 case ST_ADM_ACTION_SHUTDOWN:
2961 if (px->state != PR_STSTOPPED) {
2962 struct session *sess, *sess_bck;
2963
2964 list_for_each_entry_safe(sess, sess_bck, &sv->actconns, by_srv)
2965 if (sess->srv_conn == sv)
2966 session_shutdown(sess, SN_ERR_KILLED);
2967
2968 altered_servers++;
2969 total_servers++;
2970 }
2971 break;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002972 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002973 } else {
2974 /* the server name is unknown or ambiguous (duplicate names) */
2975 total_servers++;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002976 }
2977 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002978 if (reprocess && px && action) {
2979 /* Now, we know the backend and the action chosen by the user.
2980 * We can safely restart from the first server parameter
2981 * to reprocess them
2982 */
2983 cur_param = st_cur_param;
2984 next_param = st_next_param;
2985 reprocess = 0;
2986 goto reprocess_servers;
2987 }
2988
Cyril Bonté70be45d2010-10-12 00:14:35 +02002989 next_param = cur_param;
2990 }
2991 }
Cyril Bontécf8d9ae2012-04-04 12:57:18 +02002992
2993 if (total_servers == 0) {
2994 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
2995 }
2996 else if (altered_servers == 0) {
2997 si->applet.ctx.stats.st_code = STAT_STATUS_ERRP;
2998 }
2999 else if (altered_servers == total_servers) {
3000 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
3001 }
3002 else {
3003 si->applet.ctx.stats.st_code = STAT_STATUS_PART;
3004 }
3005 out:
Cyril Bonté23b39d92011-02-10 22:54:44 +01003006 return 1;
Cyril Bonté70be45d2010-10-12 00:14:35 +02003007}
3008
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003009/* This function checks whether we need to enable a POST analyser to parse a
3010 * stats request, and also registers the stats I/O handler. It returns zero
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003011 * if it needs to come back again, otherwise non-zero if it finishes. In the
3012 * latter case, it also clears the request analysers.
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003013 */
3014int http_handle_stats(struct session *s, struct channel *req)
3015{
3016 struct stats_admin_rule *stats_admin_rule;
3017 struct stream_interface *si = s->rep->prod;
3018 struct http_txn *txn = &s->txn;
3019 struct http_msg *msg = &txn->req;
3020 struct uri_auth *uri = s->be->uri_auth;
3021
3022 /* now check whether we have some admin rules for this request */
3023 list_for_each_entry(stats_admin_rule, &s->be->uri_auth->admin_rules, list) {
3024 int ret = 1;
3025
3026 if (stats_admin_rule->cond) {
3027 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
3028 ret = acl_pass(ret);
3029 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3030 ret = !ret;
3031 }
3032
3033 if (ret) {
3034 /* no rule, or the rule matches */
3035 s->rep->prod->applet.ctx.stats.flags |= STAT_ADMIN;
3036 break;
3037 }
3038 }
3039
3040 /* Was the status page requested with a POST ? */
3041 if (unlikely(txn->meth == HTTP_METH_POST)) {
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003042 char scope_txt[STAT_SCOPE_TXT_MAXLEN + sizeof STAT_SCOPE_PATTERN];
3043
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003044 if (si->applet.ctx.stats.flags & STAT_ADMIN) {
3045 if (msg->msg_state < HTTP_MSG_100_SENT) {
3046 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3047 * send an HTTP/1.1 100 Continue intermediate response.
3048 */
3049 if (msg->flags & HTTP_MSGF_VER_11) {
3050 struct hdr_ctx ctx;
3051 ctx.idx = 0;
3052 /* Expect is allowed in 1.1, look for it */
3053 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
3054 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3055 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
3056 }
3057 }
3058 msg->msg_state = HTTP_MSG_100_SENT;
3059 s->logs.tv_request = now; /* update the request timer to reflect full request */
3060 }
3061 if (!http_process_req_stat_post(si, txn, req))
3062 return 0; /* we need more data */
3063 }
3064 else
3065 si->applet.ctx.stats.st_code = STAT_STATUS_DENY;
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003066 /* scope_txt = search pattern + search query, si->applet.ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
3067 scope_txt[0] = 0;
3068 if (si->applet.ctx.stats.scope_len) {
3069 strcpy(scope_txt, STAT_SCOPE_PATTERN);
3070 memcpy(scope_txt + strlen(STAT_SCOPE_PATTERN), bo_ptr(req->buf) + si->applet.ctx.stats.scope_str, si->applet.ctx.stats.scope_len);
3071 scope_txt[strlen(STAT_SCOPE_PATTERN) + si->applet.ctx.stats.scope_len] = 0;
3072 }
3073
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003074
3075 /* We don't want to land on the posted stats page because a refresh will
3076 * repost the data. We don't want this to happen on accident so we redirect
3077 * the browse to the stats page with a GET.
3078 */
3079 chunk_printf(&trash,
Yves Lafon4e8ec502013-03-11 11:06:05 -04003080 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003081 "Cache-Control: no-cache\r\n"
3082 "Content-Type: text/plain\r\n"
3083 "Connection: close\r\n"
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003084 "Location: %s;st=%s%s%s%s\r\n"
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003085 "\r\n",
3086 uri->uri_prefix,
3087 ((si->applet.ctx.stats.st_code > STAT_STATUS_INIT) &&
3088 (si->applet.ctx.stats.st_code < STAT_STATUS_SIZE) &&
3089 stat_status_codes[si->applet.ctx.stats.st_code]) ?
3090 stat_status_codes[si->applet.ctx.stats.st_code] :
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003091 stat_status_codes[STAT_STATUS_UNKN],
3092 (si->applet.ctx.stats.flags & STAT_HIDE_DOWN) ? ";up" : "",
3093 (si->applet.ctx.stats.flags & STAT_NO_REFRESH) ? ";norefresh" : "",
3094 scope_txt);
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003095
3096 s->txn.status = 303;
3097 s->logs.tv_request = now;
3098 stream_int_retnclose(req->prod, &trash);
3099 s->target = &http_stats_applet.obj_type; /* just for logging the applet name */
3100
3101 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3102 s->fe->fe_counters.intercepted_req++;
3103
3104 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
Willy Tarreau570f2212013-06-10 16:42:09 +02003105 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003106 if (!(s->flags & SN_FINST_MASK))
3107 s->flags |= SN_FINST_R;
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003108 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003109 return 1;
3110 }
3111
3112 /* OK, let's go on now */
3113
3114 chunk_printf(&trash,
3115 "HTTP/1.0 200 OK\r\n"
3116 "Cache-Control: no-cache\r\n"
3117 "Connection: close\r\n"
3118 "Content-Type: %s\r\n",
Willy Tarreau354898b2012-12-23 18:15:23 +01003119 (si->applet.ctx.stats.flags & STAT_FMT_HTML) ? "text/html" : "text/plain");
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003120
3121 if (uri->refresh > 0 && !(si->applet.ctx.stats.flags & STAT_NO_REFRESH))
3122 chunk_appendf(&trash, "Refresh: %d\r\n",
3123 uri->refresh);
3124
3125 chunk_appendf(&trash, "\r\n");
3126
3127 s->txn.status = 200;
3128 s->logs.tv_request = now;
3129
3130 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3131 s->fe->fe_counters.intercepted_req++;
3132
3133 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
Willy Tarreau570f2212013-06-10 16:42:09 +02003134 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003135 if (!(s->flags & SN_FINST_MASK))
3136 s->flags |= SN_FINST_R;
3137
3138 if (s->txn.meth == HTTP_METH_HEAD) {
3139 /* that's all we return in case of HEAD request, so let's immediately close. */
3140 stream_int_retnclose(req->prod, &trash);
3141 s->target = &http_stats_applet.obj_type; /* just for logging the applet name */
Willy Tarreaucbc743e2012-12-28 08:36:50 +01003142 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003143 return 1;
3144 }
3145
3146 /* OK, push the response and hand over to the stats I/O handler */
3147 bi_putchk(s->rep, &trash);
3148
3149 s->task->nice = -32; /* small boost for HTTP statistics */
3150 stream_int_register_handler(s->rep->prod, &http_stats_applet);
3151 s->target = s->rep->prod->conn->target; // for logging only
3152 s->rep->prod->conn->xprt_ctx = s;
3153 s->rep->prod->applet.st0 = s->rep->prod->applet.st1 = 0;
3154 req->analysers = 0;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003155 return 1;
3156}
3157
Lukas Tribus67db8df2013-06-23 17:37:13 +02003158/* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
3159 * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
3160 */
3161static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
3162{
3163#ifdef IP_TOS
3164 if (from.ss_family == AF_INET)
3165 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3166#endif
3167#ifdef IPV6_TCLASS
3168 if (from.ss_family == AF_INET6) {
3169 if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
3170 /* v4-mapped addresses need IP_TOS */
3171 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3172 else
3173 setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
3174 }
3175#endif
3176}
3177
Willy Tarreau20b0de52012-12-24 15:45:22 +01003178/* Executes the http-request rules <rules> for session <s>, proxy <px> and
Willy Tarreau96257ec2012-12-27 10:46:37 +01003179 * transaction <txn>. Returns the first rule that prevents further processing
3180 * of the request (auth, deny, ...) or NULL if it executed all rules or stopped
3181 * on an allow. It may set the TX_CLDENY on txn->flags if it encounters a deny
3182 * rule.
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003183 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003184static struct http_req_rule *
Willy Tarreau96257ec2012-12-27 10:46:37 +01003185http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003186{
Willy Tarreauff011f22011-01-06 17:51:27 +01003187 struct http_req_rule *rule;
Willy Tarreau20b0de52012-12-24 15:45:22 +01003188 struct hdr_ctx ctx;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003189
Willy Tarreauff011f22011-01-06 17:51:27 +01003190 list_for_each_entry(rule, rules, list) {
Willy Tarreauff011f22011-01-06 17:51:27 +01003191 if (rule->action >= HTTP_REQ_ACT_MAX)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003192 continue;
3193
Willy Tarreau96257ec2012-12-27 10:46:37 +01003194 /* check optional condition */
Willy Tarreauff011f22011-01-06 17:51:27 +01003195 if (rule->cond) {
Willy Tarreau96257ec2012-12-27 10:46:37 +01003196 int ret;
3197
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003198 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003199 ret = acl_pass(ret);
3200
Willy Tarreauff011f22011-01-06 17:51:27 +01003201 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003202 ret = !ret;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003203
3204 if (!ret) /* condition not matched */
3205 continue;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003206 }
3207
Willy Tarreau20b0de52012-12-24 15:45:22 +01003208
Willy Tarreau96257ec2012-12-27 10:46:37 +01003209 switch (rule->action) {
3210 case HTTP_REQ_ACT_ALLOW:
3211 return NULL; /* "allow" rules are OK */
3212
3213 case HTTP_REQ_ACT_DENY:
3214 txn->flags |= TX_CLDENY;
3215 return rule;
3216
Willy Tarreauccbcc372012-12-27 12:37:57 +01003217 case HTTP_REQ_ACT_TARPIT:
3218 txn->flags |= TX_CLTARPIT;
3219 return rule;
3220
Willy Tarreau96257ec2012-12-27 10:46:37 +01003221 case HTTP_REQ_ACT_AUTH:
3222 return rule;
3223
Willy Tarreau81499eb2012-12-27 12:19:02 +01003224 case HTTP_REQ_ACT_REDIR:
3225 return rule;
3226
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003227 case HTTP_REQ_ACT_SET_NICE:
3228 s->task->nice = rule->arg.nice;
3229 break;
3230
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003231 case HTTP_REQ_ACT_SET_TOS:
Lukas Tribus67db8df2013-06-23 17:37:13 +02003232 inet_set_tos(s->req->prod->conn->t.sock.fd, s->req->prod->conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003233 break;
3234
Willy Tarreau51347ed2013-06-11 19:34:13 +02003235 case HTTP_REQ_ACT_SET_MARK:
3236#ifdef SO_MARK
3237 setsockopt(s->req->prod->conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
3238#endif
3239 break;
3240
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003241 case HTTP_REQ_ACT_SET_LOGL:
3242 s->logs.level = rule->arg.loglevel;
3243 break;
3244
Willy Tarreau96257ec2012-12-27 10:46:37 +01003245 case HTTP_REQ_ACT_SET_HDR:
3246 ctx.idx = 0;
3247 /* remove all occurrences of the header */
3248 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3249 txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
3250 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Willy Tarreau20b0de52012-12-24 15:45:22 +01003251 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003252 /* now fall through to header addition */
3253
3254 case HTTP_REQ_ACT_ADD_HDR:
3255 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3256 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3257 trash.len = rule->arg.hdr_add.name_len;
3258 trash.str[trash.len++] = ':';
3259 trash.str[trash.len++] = ' ';
3260 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3261 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len);
3262 break;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003263 }
3264 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003265
3266 /* we reached the end of the rules, nothing to report */
Willy Tarreau418c1a02012-12-25 20:52:58 +01003267 return NULL;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003268}
3269
Willy Tarreau71241ab2012-12-27 11:30:54 +01003270
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003271/* Executes the http-response rules <rules> for session <s>, proxy <px> and
3272 * transaction <txn>. Returns the first rule that prevents further processing
3273 * of the response (deny, ...) or NULL if it executed all rules or stopped
3274 * on an allow. It may set the TX_SVDENY on txn->flags if it encounters a deny
3275 * rule.
3276 */
3277static struct http_res_rule *
3278http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
3279{
3280 struct http_res_rule *rule;
3281 struct hdr_ctx ctx;
3282
3283 list_for_each_entry(rule, rules, list) {
3284 if (rule->action >= HTTP_RES_ACT_MAX)
3285 continue;
3286
3287 /* check optional condition */
3288 if (rule->cond) {
3289 int ret;
3290
3291 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
3292 ret = acl_pass(ret);
3293
3294 if (rule->cond->pol == ACL_COND_UNLESS)
3295 ret = !ret;
3296
3297 if (!ret) /* condition not matched */
3298 continue;
3299 }
3300
3301
3302 switch (rule->action) {
3303 case HTTP_RES_ACT_ALLOW:
3304 return NULL; /* "allow" rules are OK */
3305
3306 case HTTP_RES_ACT_DENY:
3307 txn->flags |= TX_SVDENY;
3308 return rule;
3309
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003310 case HTTP_RES_ACT_SET_NICE:
3311 s->task->nice = rule->arg.nice;
3312 break;
3313
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003314 case HTTP_RES_ACT_SET_TOS:
Lukas Tribus67db8df2013-06-23 17:37:13 +02003315 inet_set_tos(s->req->prod->conn->t.sock.fd, s->req->prod->conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003316 break;
3317
Willy Tarreau51347ed2013-06-11 19:34:13 +02003318 case HTTP_RES_ACT_SET_MARK:
3319#ifdef SO_MARK
3320 setsockopt(s->req->prod->conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
3321#endif
3322 break;
3323
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003324 case HTTP_RES_ACT_SET_LOGL:
3325 s->logs.level = rule->arg.loglevel;
3326 break;
3327
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003328 case HTTP_RES_ACT_SET_HDR:
3329 ctx.idx = 0;
3330 /* remove all occurrences of the header */
3331 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3332 txn->rsp.chn->buf->p, &txn->hdr_idx, &ctx)) {
3333 http_remove_header2(&txn->rsp, &txn->hdr_idx, &ctx);
3334 }
3335 /* now fall through to header addition */
3336
3337 case HTTP_RES_ACT_ADD_HDR:
3338 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3339 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3340 trash.len = rule->arg.hdr_add.name_len;
3341 trash.str[trash.len++] = ':';
3342 trash.str[trash.len++] = ' ';
3343 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3344 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
3345 break;
3346 }
3347 }
3348
3349 /* we reached the end of the rules, nothing to report */
3350 return NULL;
3351}
3352
3353
Willy Tarreau71241ab2012-12-27 11:30:54 +01003354/* Perform an HTTP redirect based on the information in <rule>. The function
3355 * returns non-zero on success, or zero in case of a, irrecoverable error such
3356 * as too large a request to build a valid response.
3357 */
3358static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *s, struct http_txn *txn)
3359{
3360 struct http_msg *msg = &txn->req;
3361 const char *msg_fmt;
3362
3363 /* build redirect message */
3364 switch(rule->code) {
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04003365 case 308:
3366 msg_fmt = HTTP_308;
3367 break;
3368 case 307:
3369 msg_fmt = HTTP_307;
3370 break;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003371 case 303:
3372 msg_fmt = HTTP_303;
3373 break;
3374 case 301:
3375 msg_fmt = HTTP_301;
3376 break;
3377 case 302:
3378 default:
3379 msg_fmt = HTTP_302;
3380 break;
3381 }
3382
3383 if (unlikely(!chunk_strcpy(&trash, msg_fmt)))
3384 return 0;
3385
3386 switch(rule->type) {
3387 case REDIRECT_TYPE_SCHEME: {
3388 const char *path;
3389 const char *host;
3390 struct hdr_ctx ctx;
3391 int pathlen;
3392 int hostlen;
3393
3394 host = "";
3395 hostlen = 0;
3396 ctx.idx = 0;
3397 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
3398 host = ctx.line + ctx.val;
3399 hostlen = ctx.vlen;
3400 }
3401
3402 path = http_get_path(txn);
3403 /* build message using path */
3404 if (path) {
3405 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3406 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3407 int qs = 0;
3408 while (qs < pathlen) {
3409 if (path[qs] == '?') {
3410 pathlen = qs;
3411 break;
3412 }
3413 qs++;
3414 }
3415 }
3416 } else {
3417 path = "/";
3418 pathlen = 1;
3419 }
3420
3421 /* check if we can add scheme + "://" + host + path */
3422 if (trash.len + rule->rdr_len + 3 + hostlen + pathlen > trash.size - 4)
3423 return 0;
3424
3425 /* add scheme */
3426 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3427 trash.len += rule->rdr_len;
3428
3429 /* add "://" */
3430 memcpy(trash.str + trash.len, "://", 3);
3431 trash.len += 3;
3432
3433 /* add host */
3434 memcpy(trash.str + trash.len, host, hostlen);
3435 trash.len += hostlen;
3436
3437 /* add path */
3438 memcpy(trash.str + trash.len, path, pathlen);
3439 trash.len += pathlen;
3440
3441 /* append a slash at the end of the location is needed and missing */
3442 if (trash.len && trash.str[trash.len - 1] != '/' &&
3443 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3444 if (trash.len > trash.size - 5)
3445 return 0;
3446 trash.str[trash.len] = '/';
3447 trash.len++;
3448 }
3449
3450 break;
3451 }
3452 case REDIRECT_TYPE_PREFIX: {
3453 const char *path;
3454 int pathlen;
3455
3456 path = http_get_path(txn);
3457 /* build message using path */
3458 if (path) {
3459 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3460 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3461 int qs = 0;
3462 while (qs < pathlen) {
3463 if (path[qs] == '?') {
3464 pathlen = qs;
3465 break;
3466 }
3467 qs++;
3468 }
3469 }
3470 } else {
3471 path = "/";
3472 pathlen = 1;
3473 }
3474
3475 if (trash.len + rule->rdr_len + pathlen > trash.size - 4)
3476 return 0;
3477
3478 /* add prefix. Note that if prefix == "/", we don't want to
3479 * add anything, otherwise it makes it hard for the user to
3480 * configure a self-redirection.
3481 */
3482 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
3483 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3484 trash.len += rule->rdr_len;
3485 }
3486
3487 /* add path */
3488 memcpy(trash.str + trash.len, path, pathlen);
3489 trash.len += pathlen;
3490
3491 /* append a slash at the end of the location is needed and missing */
3492 if (trash.len && trash.str[trash.len - 1] != '/' &&
3493 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3494 if (trash.len > trash.size - 5)
3495 return 0;
3496 trash.str[trash.len] = '/';
3497 trash.len++;
3498 }
3499
3500 break;
3501 }
3502 case REDIRECT_TYPE_LOCATION:
3503 default:
3504 if (trash.len + rule->rdr_len > trash.size - 4)
3505 return 0;
3506
3507 /* add location */
3508 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3509 trash.len += rule->rdr_len;
3510 break;
3511 }
3512
3513 if (rule->cookie_len) {
3514 memcpy(trash.str + trash.len, "\r\nSet-Cookie: ", 14);
3515 trash.len += 14;
3516 memcpy(trash.str + trash.len, rule->cookie_str, rule->cookie_len);
3517 trash.len += rule->cookie_len;
3518 memcpy(trash.str + trash.len, "\r\n", 2);
3519 trash.len += 2;
3520 }
3521
3522 /* add end of headers and the keep-alive/close status.
3523 * We may choose to set keep-alive if the Location begins
3524 * with a slash, because the client will come back to the
3525 * same server.
3526 */
3527 txn->status = rule->code;
3528 /* let's log the request time */
3529 s->logs.tv_request = now;
3530
3531 if (rule->rdr_len >= 1 && *rule->rdr_str == '/' &&
3532 (msg->flags & HTTP_MSGF_XFER_LEN) &&
3533 !(msg->flags & HTTP_MSGF_TE_CHNK) && !txn->req.body_len &&
3534 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3535 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3536 /* keep-alive possible */
3537 if (!(msg->flags & HTTP_MSGF_VER_11)) {
3538 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3539 memcpy(trash.str + trash.len, "\r\nProxy-Connection: keep-alive", 30);
3540 trash.len += 30;
3541 } else {
3542 memcpy(trash.str + trash.len, "\r\nConnection: keep-alive", 24);
3543 trash.len += 24;
3544 }
3545 }
3546 memcpy(trash.str + trash.len, "\r\n\r\n", 4);
3547 trash.len += 4;
3548 bo_inject(txn->rsp.chn, trash.str, trash.len);
3549 /* "eat" the request */
3550 bi_fast_delete(txn->req.chn->buf, msg->sov);
3551 msg->sov = 0;
3552 txn->req.chn->analysers = AN_REQ_HTTP_XFER_BODY;
3553 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3554 txn->req.msg_state = HTTP_MSG_CLOSED;
3555 txn->rsp.msg_state = HTTP_MSG_DONE;
3556 } else {
3557 /* keep-alive not possible */
3558 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3559 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3560 trash.len += 29;
3561 } else {
3562 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
3563 trash.len += 23;
3564 }
3565 stream_int_retnclose(txn->req.chn->prod, &trash);
3566 txn->req.chn->analysers = 0;
3567 }
3568
3569 if (!(s->flags & SN_ERR_MASK))
Willy Tarreau570f2212013-06-10 16:42:09 +02003570 s->flags |= SN_ERR_LOCAL;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003571 if (!(s->flags & SN_FINST_MASK))
3572 s->flags |= SN_FINST_R;
3573
3574 return 1;
3575}
3576
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003577/* This stream analyser runs all HTTP request processing which is common to
3578 * frontends and backends, which means blocking ACLs, filters, connection-close,
3579 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02003580 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003581 * either needs more data or wants to immediately abort the request (eg: deny,
3582 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02003583 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003584int http_process_req_common(struct session *s, struct channel *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02003585{
Willy Tarreaud787e662009-07-07 10:14:51 +02003586 struct http_txn *txn = &s->txn;
3587 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003588 struct acl_cond *cond;
Willy Tarreauff011f22011-01-06 17:51:27 +01003589 struct http_req_rule *http_req_last_rule = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003590 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01003591 struct cond_wordlist *wl;
Simon Horman70735c92011-06-07 11:07:50 +09003592 int do_stats;
Willy Tarreaud787e662009-07-07 10:14:51 +02003593
Willy Tarreau655dce92009-11-08 13:10:58 +01003594 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003595 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003596 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003597 return 0;
3598 }
3599
Willy Tarreau3a816292009-07-07 10:55:49 +02003600 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02003601 req->analyse_exp = TICK_ETERNITY;
3602
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003603 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaud787e662009-07-07 10:14:51 +02003604 now_ms, __FUNCTION__,
3605 s,
3606 req,
3607 req->rex, req->wex,
3608 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003609 req->buf->i,
Willy Tarreaud787e662009-07-07 10:14:51 +02003610 req->analysers);
3611
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003612 /* first check whether we have some ACLs set to block this request */
3613 list_for_each_entry(cond, &px->block_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003614 int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02003615
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003616 ret = acl_pass(ret);
3617 if (cond->pol == ACL_COND_UNLESS)
3618 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01003619
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003620 if (ret) {
3621 txn->status = 403;
3622 /* let's log the request time */
3623 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003624 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003625 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003626 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01003627 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003628 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003629
Willy Tarreau5d5b5d82012-12-09 12:00:04 +01003630 /* just in case we have some per-backend tracking */
3631 session_inc_be_http_req_ctr(s);
3632
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003633 /* evaluate http-request rules */
Willy Tarreau96257ec2012-12-27 10:46:37 +01003634 http_req_last_rule = http_req_get_intercept_rule(px, &px->http_req_rules, s, txn);
Willy Tarreau51425942010-02-01 10:40:19 +01003635
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003636 /* evaluate stats http-request rules only if http-request is OK */
Willy Tarreauff011f22011-01-06 17:51:27 +01003637 if (!http_req_last_rule) {
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003638 do_stats = stats_check_uri(s->rep->prod, txn, px);
3639 if (do_stats)
Willy Tarreau96257ec2012-12-27 10:46:37 +01003640 http_req_last_rule = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s, txn);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003641 }
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003642 else
3643 do_stats = 0;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003644
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003645 /* return a 403 if either rule has blocked */
Willy Tarreauccbcc372012-12-27 12:37:57 +01003646 if (txn->flags & (TX_CLDENY|TX_CLTARPIT)) {
3647 if (txn->flags & TX_CLDENY) {
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003648 txn->status = 403;
3649 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003650 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003651 session_inc_http_err_ctr(s);
Willy Tarreau6da0f6d2011-01-06 18:19:50 +01003652 s->fe->fe_counters.denied_req++;
3653 if (an_bit == AN_REQ_HTTP_PROCESS_BE)
3654 s->be->be_counters.denied_req++;
3655 if (s->listener->counters)
3656 s->listener->counters->denied_req++;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003657 goto return_prx_cond;
Willy Tarreauccbcc372012-12-27 12:37:57 +01003658 }
3659 /* When a connection is tarpitted, we use the tarpit timeout,
3660 * which may be the same as the connect timeout if unspecified.
3661 * If unset, then set it to zero because we really want it to
3662 * eventually expire. We build the tarpit as an analyser.
3663 */
3664 if (txn->flags & TX_CLTARPIT) {
3665 channel_erase(s->req);
3666 /* wipe the request out so that we can drop the connection early
3667 * if the client closes first.
3668 */
3669 channel_dont_connect(req);
3670 req->analysers = 0; /* remove switching rules etc... */
3671 req->analysers |= AN_REQ_HTTP_TARPIT;
3672 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3673 if (!req->analyse_exp)
3674 req->analyse_exp = tick_add(now_ms, 0);
3675 session_inc_http_err_ctr(s);
3676 s->fe->fe_counters.denied_req++;
3677 if (s->fe != s->be)
3678 s->be->be_counters.denied_req++;
3679 if (s->listener->counters)
3680 s->listener->counters->denied_req++;
3681 return 1;
3682 }
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003683 }
3684
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003685 /* try headers filters */
3686 if (px->req_exp != NULL) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003687 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003688 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01003689
Willy Tarreau59234e92008-11-30 23:51:27 +01003690 /* has the request been denied ? */
3691 if (txn->flags & TX_CLDENY) {
3692 /* no need to go further */
3693 txn->status = 403;
3694 /* let's log the request time */
3695 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003696 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003697 session_inc_http_err_ctr(s);
Willy Tarreau59234e92008-11-30 23:51:27 +01003698 goto return_prx_cond;
3699 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003700
3701 /* When a connection is tarpitted, we use the tarpit timeout,
3702 * which may be the same as the connect timeout if unspecified.
3703 * If unset, then set it to zero because we really want it to
3704 * eventually expire. We build the tarpit as an analyser.
3705 */
3706 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003707 channel_erase(s->req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003708 /* wipe the request out so that we can drop the connection early
3709 * if the client closes first.
3710 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003711 channel_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003712 req->analysers = 0; /* remove switching rules etc... */
3713 req->analysers |= AN_REQ_HTTP_TARPIT;
3714 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3715 if (!req->analyse_exp)
3716 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003717 session_inc_http_err_ctr(s);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003718 return 1;
3719 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003720 }
Willy Tarreau06619262006-12-17 08:37:22 +01003721
Willy Tarreau5b154472009-12-21 20:11:07 +01003722 /* Until set to anything else, the connection mode is set as TUNNEL. It will
3723 * only change if both the request and the config reference something else.
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003724 * Option httpclose by itself does not set a mode, it remains a tunnel mode
3725 * in which headers are mangled. However, if another mode is set, it will
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003726 * affect it (eg: server-close/keep-alive + httpclose = close). Note that we
3727 * avoid to redo the same work if FE and BE have the same settings (common).
3728 * The method consists in checking if options changed between the two calls
3729 * (implying that either one is non-null, or one of them is non-null and we
3730 * are there for the first time.
Willy Tarreau42736642009-10-18 21:04:35 +02003731 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003732
Willy Tarreaudc008c52010-02-01 16:20:08 +01003733 if ((!(txn->flags & TX_HDR_CONN_PRS) &&
3734 (s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) ||
3735 ((s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) !=
3736 (s->be->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)))) {
Willy Tarreau5b154472009-12-21 20:11:07 +01003737 int tmp = TX_CON_WANT_TUN;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003738
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003739 if ((s->fe->options|s->be->options) & PR_O_KEEPALIVE ||
3740 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreau5b154472009-12-21 20:11:07 +01003741 tmp = TX_CON_WANT_KAL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01003742 if ((s->fe->options|s->be->options) & PR_O_SERVER_CLO)
3743 tmp = TX_CON_WANT_SCL;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003744 if ((s->fe->options|s->be->options) & PR_O_FORCE_CLO)
Willy Tarreau5b154472009-12-21 20:11:07 +01003745 tmp = TX_CON_WANT_CLO;
3746
Willy Tarreau5b154472009-12-21 20:11:07 +01003747 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3748 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003749
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003750 if (!(txn->flags & TX_HDR_CONN_PRS)) {
3751 /* parse the Connection header and possibly clean it */
3752 int to_del = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003753 if ((msg->flags & HTTP_MSGF_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003754 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3755 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003756 to_del |= 2; /* remove "keep-alive" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003757 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003758 to_del |= 1; /* remove "close" */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003759 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003760 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003761
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003762 /* check if client or config asks for explicit close in KAL/SCL */
3763 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3764 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3765 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003766 (!(msg->flags & HTTP_MSGF_VER_11) && !(txn->flags & TX_HDR_CONN_KAL)) || /* no "connection: k-a" in 1.0 */
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003767 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE) || /* httpclose+any = forceclose */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003768 !(msg->flags & HTTP_MSGF_XFER_LEN) || /* no length known => close */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003769 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003770 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3771 }
Willy Tarreau78599912009-10-17 20:12:21 +02003772
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003773 /* we can be blocked here because the request needs to be authenticated,
3774 * either to pass or to access stats.
3775 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003776 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_AUTH) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01003777 char *realm = http_req_last_rule->arg.auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003778
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003779 if (!realm)
3780 realm = do_stats?STATS_DEFAULT_REALM:px->id;
3781
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003782 chunk_printf(&trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003783 txn->status = 401;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003784 stream_int_retnclose(req->prod, &trash);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003785 /* on 401 we still count one error, because normal browsing
3786 * won't significantly increase the counter but brute force
3787 * attempts will.
3788 */
3789 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003790 goto return_prx_cond;
3791 }
3792
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003793 /* add request headers from the rule sets in the same order */
3794 list_for_each_entry(wl, &px->req_add, list) {
3795 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003796 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003797 ret = acl_pass(ret);
3798 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3799 ret = !ret;
3800 if (!ret)
3801 continue;
3802 }
3803
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003804 if (unlikely(http_header_add_tail(&txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003805 goto return_bad_req;
Willy Tarreau81499eb2012-12-27 12:19:02 +01003806 }
3807
3808 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_REDIR) {
3809 if (!http_apply_redirect_rule(http_req_last_rule->arg.redir, s, txn))
3810 goto return_bad_req;
3811 req->analyse_exp = TICK_ETERNITY;
3812 return 1;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003813 }
3814
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003815 if (unlikely(do_stats)) {
3816 /* process the stats request now */
3817 if (!http_handle_stats(s, req)) {
3818 /* we need more data, let's come back here later */
3819 req->analysers |= an_bit;
3820 channel_dont_connect(req);
Willy Tarreau7fe33002013-04-21 08:04:22 +02003821 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02003822 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003823 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003824 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003825
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003826 /* check whether we have some ACLs set to redirect this request */
3827 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01003828 if (rule->cond) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01003829 int ret;
3830
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003831 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf285f542010-01-03 20:03:03 +01003832 ret = acl_pass(ret);
3833 if (rule->cond->pol == ACL_COND_UNLESS)
3834 ret = !ret;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003835 if (!ret)
3836 continue;
Willy Tarreauf285f542010-01-03 20:03:03 +01003837 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003838 if (!http_apply_redirect_rule(rule, s, txn))
3839 goto return_bad_req;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003840
Willy Tarreau71241ab2012-12-27 11:30:54 +01003841 req->analyse_exp = TICK_ETERNITY;
3842 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003843 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003844
Willy Tarreau2be39392010-01-03 17:24:51 +01003845 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
3846 * If this happens, then the data will not come immediately, so we must
3847 * send all what we have without waiting. Note that due to the small gain
3848 * in waiting for the body of the request, it's easier to simply put the
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003849 * CF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
Willy Tarreau2be39392010-01-03 17:24:51 +01003850 * itself once used.
3851 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003852 req->flags |= CF_SEND_DONTWAIT;
Willy Tarreau2be39392010-01-03 17:24:51 +01003853
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003854 /* that's OK for us now, let's move on to next analysers */
3855 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02003856
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003857 return_bad_req:
3858 /* We centralize bad requests processing here */
3859 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
3860 /* we detected a parsing error. We want to archive this request
3861 * in the dedicated proxy area for later troubleshooting.
3862 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01003863 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003864 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003865
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003866 txn->req.msg_state = HTTP_MSG_ERROR;
3867 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02003868 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003869
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003870 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003871 if (s->listener->counters)
3872 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003873
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003874 return_prx_cond:
3875 if (!(s->flags & SN_ERR_MASK))
3876 s->flags |= SN_ERR_PRXCOND;
3877 if (!(s->flags & SN_FINST_MASK))
3878 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01003879
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003880 req->analysers = 0;
3881 req->analyse_exp = TICK_ETERNITY;
3882 return 0;
3883}
Willy Tarreau58f10d72006-12-04 02:26:12 +01003884
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003885/* This function performs all the processing enabled for the current request.
3886 * It returns 1 if the processing can continue on next analysers, or zero if it
3887 * needs more data, encounters an error, or wants to immediately abort the
3888 * request. It relies on buffers flags, and updates s->req->analysers.
3889 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003890int http_process_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003891{
3892 struct http_txn *txn = &s->txn;
3893 struct http_msg *msg = &txn->req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003894
Willy Tarreau655dce92009-11-08 13:10:58 +01003895 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003896 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003897 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003898 return 0;
3899 }
3900
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003901 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003902 now_ms, __FUNCTION__,
3903 s,
3904 req,
3905 req->rex, req->wex,
3906 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003907 req->buf->i,
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003908 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01003909
William Lallemand82fe75c2012-10-23 10:25:10 +02003910 if (s->fe->comp || s->be->comp)
3911 select_compression_request_header(s, req->buf);
3912
Willy Tarreau59234e92008-11-30 23:51:27 +01003913 /*
3914 * Right now, we know that we have processed the entire headers
3915 * and that unwanted requests have been filtered out. We can do
3916 * whatever we want with the remaining request. Also, now we
3917 * may have separate values for ->fe, ->be.
3918 */
Willy Tarreau06619262006-12-17 08:37:22 +01003919
Willy Tarreau59234e92008-11-30 23:51:27 +01003920 /*
3921 * If HTTP PROXY is set we simply get remote server address
3922 * parsing incoming request.
3923 */
3924 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003925 url2sa(req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l, &s->req->cons->conn->addr.to);
Willy Tarreau59234e92008-11-30 23:51:27 +01003926 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003927
Willy Tarreau59234e92008-11-30 23:51:27 +01003928 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003929 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01003930 * Note that doing so might move headers in the request, but
3931 * the fields will stay coherent and the URI will not move.
3932 * This should only be performed in the backend.
3933 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02003934 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01003935 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
3936 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02003937
Willy Tarreau59234e92008-11-30 23:51:27 +01003938 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003939 * 8: the appsession cookie was looked up very early in 1.2,
3940 * so let's do the same now.
3941 */
3942
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003943 /* It needs to look into the URI unless persistence must be ignored */
3944 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003945 get_srv_from_appsession(s, req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01003946 }
3947
William Lallemanda73203e2012-03-12 12:48:57 +01003948 /* add unique-id if "header-unique-id" is specified */
3949
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003950 if (!LIST_ISEMPTY(&s->fe->format_unique_id)) {
3951 if ((s->unique_id = pool_alloc2(pool2_uniqueid)) == NULL)
3952 goto return_bad_req;
3953 s->unique_id[0] = '\0';
William Lallemanda73203e2012-03-12 12:48:57 +01003954 build_logline(s, s->unique_id, UNIQUEID_LEN, &s->fe->format_unique_id);
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003955 }
William Lallemanda73203e2012-03-12 12:48:57 +01003956
3957 if (s->fe->header_unique_id && s->unique_id) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003958 chunk_printf(&trash, "%s: %s", s->fe->header_unique_id, s->unique_id);
3959 if (trash.len < 0)
William Lallemanda73203e2012-03-12 12:48:57 +01003960 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003961 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len) < 0))
William Lallemanda73203e2012-03-12 12:48:57 +01003962 goto return_bad_req;
3963 }
3964
Cyril Bontéb21570a2009-11-29 20:04:48 +01003965 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01003966 * 9: add X-Forwarded-For if either the frontend or the backend
3967 * asks for it.
3968 */
3969 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003970 struct hdr_ctx ctx = { .idx = 0 };
Willy Tarreau87cf5142011-08-19 22:57:24 +02003971 if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
Cyril Bontéa32d2752012-05-29 23:27:41 +02003972 http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
3973 s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003974 req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02003975 /* The header is set to be added only if none is present
3976 * and we found it, so don't do anything.
3977 */
3978 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003979 else if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003980 /* Add an X-Forwarded-For header unless the source IP is
3981 * in the 'except' network range.
3982 */
3983 if ((!s->fe->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003984 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003985 != s->fe->except_net.s_addr) &&
3986 (!s->be->except_mask.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003987 (((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003988 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01003989 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01003990 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02003991 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02003992
3993 /* Note: we rely on the backend to get the header name to be used for
3994 * x-forwarded-for, because the header is really meant for the backends.
3995 * However, if the backend did not specify any option, we have to rely
3996 * on the frontend's header name.
3997 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003998 if (s->be->fwdfor_hdr_len) {
3999 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004000 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02004001 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01004002 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004003 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004004 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004005 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01004006
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004007 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01004008 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01004009 }
4010 }
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004011 else if (s->req->prod->conn->addr.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01004012 /* FIXME: for the sake of completeness, we should also support
4013 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004014 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004015 int len;
4016 char pn[INET6_ADDRSTRLEN];
4017 inet_ntop(AF_INET6,
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004018 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->conn->addr.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01004019 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004020
Willy Tarreau59234e92008-11-30 23:51:27 +01004021 /* Note: we rely on the backend to get the header name to be used for
4022 * x-forwarded-for, because the header is really meant for the backends.
4023 * However, if the backend did not specify any option, we have to rely
4024 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004025 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004026 if (s->be->fwdfor_hdr_len) {
4027 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004028 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Willy Tarreau59234e92008-11-30 23:51:27 +01004029 } else {
4030 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004031 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004032 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004033 len += sprintf(trash.str + len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02004034
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004035 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01004036 goto return_bad_req;
4037 }
4038 }
4039
4040 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02004041 * 10: add X-Original-To if either the frontend or the backend
4042 * asks for it.
4043 */
4044 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
4045
4046 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004047 if (s->req->prod->conn->addr.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004048 /* Add an X-Original-To header unless the destination IP is
4049 * in the 'except' network range.
4050 */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004051 conn_get_to_addr(s->req->prod->conn);
Maik Broemme2850cb42009-04-17 18:53:21 +02004052
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004053 if (s->req->prod->conn->addr.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02004054 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004055 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004056 != s->fe->except_to.s_addr) &&
4057 (!s->be->except_mask_to.s_addr ||
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004058 (((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004059 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004060 int len;
4061 unsigned char *pn;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004062 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->conn->addr.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02004063
4064 /* Note: we rely on the backend to get the header name to be used for
4065 * x-original-to, because the header is really meant for the backends.
4066 * However, if the backend did not specify any option, we have to rely
4067 * on the frontend's header name.
4068 */
4069 if (s->be->orgto_hdr_len) {
4070 len = s->be->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004071 memcpy(trash.str, s->be->orgto_hdr_name, len);
Maik Broemme2850cb42009-04-17 18:53:21 +02004072 } else {
4073 len = s->fe->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004074 memcpy(trash.str, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004075 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004076 len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Maik Broemme2850cb42009-04-17 18:53:21 +02004077
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004078 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02004079 goto return_bad_req;
4080 }
4081 }
4082 }
4083
Willy Tarreau50fc7772012-11-11 22:19:57 +01004084 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set.
4085 * If an "Upgrade" token is found, the header is left untouched in order not to have
4086 * to deal with some servers bugs : some of them fail an Upgrade if anything but
4087 * "Upgrade" is present in the Connection header.
4088 */
4089 if (!(txn->flags & TX_HDR_CONN_UPG) &&
4090 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
4091 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004092 unsigned int want_flags = 0;
4093
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004094 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02004095 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
4096 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) &&
4097 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004098 want_flags |= TX_CON_CLO_SET;
4099 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02004100 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
4101 !((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) ||
4102 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004103 want_flags |= TX_CON_KAL_SET;
4104 }
4105
4106 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004107 http_change_connection_header(txn, msg, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01004108 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004109
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004110
Willy Tarreau522d6c02009-12-06 18:49:18 +01004111 /* If we have no server assigned yet and we're balancing on url_param
4112 * with a POST request, we may be interested in checking the body for
4113 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01004114 */
4115 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
4116 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01004117 s->be->url_param_post_limit != 0 &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004118 (msg->flags & (HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK))) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004119 channel_dont_connect(req);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004120 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01004121 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004122
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004123 if (msg->flags & HTTP_MSGF_XFER_LEN) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004124 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau5e205522011-12-17 16:34:27 +01004125#ifdef TCP_QUICKACK
4126 /* We expect some data from the client. Unless we know for sure
4127 * we already have a full request, we have to re-enable quick-ack
4128 * in case we previously disabled it, otherwise we might cause
4129 * the client to delay further data.
4130 */
4131 if ((s->listener->options & LI_O_NOQUICKACK) &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004132 ((msg->flags & HTTP_MSGF_TE_CHNK) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004133 (msg->body_len > req->buf->i - txn->req.eoh - 2)))
Willy Tarreau7f7ad912012-11-11 19:27:15 +01004134 setsockopt(s->si[0].conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01004135#endif
4136 }
Willy Tarreau03945942009-12-22 16:50:27 +01004137
Willy Tarreau59234e92008-11-30 23:51:27 +01004138 /*************************************************************
4139 * OK, that's finished for the headers. We have done what we *
4140 * could. Let's switch to the DATA state. *
4141 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01004142 req->analyse_exp = TICK_ETERNITY;
4143 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004144
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004145 /* if the server closes the connection, we want to immediately react
4146 * and close the socket to save packets and syscalls.
4147 */
Willy Tarreau40f151a2012-12-20 12:10:09 +01004148 if (!(req->analysers & AN_REQ_HTTP_XFER_BODY))
4149 req->cons->flags |= SI_FL_NOHALF;
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004150
Willy Tarreau59234e92008-11-30 23:51:27 +01004151 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01004152 /* OK let's go on with the BODY now */
4153 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01004154
Willy Tarreau59234e92008-11-30 23:51:27 +01004155 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02004156 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01004157 /* we detected a parsing error. We want to archive this request
4158 * in the dedicated proxy area for later troubleshooting.
4159 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004160 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01004161 }
Willy Tarreau4076a152009-04-02 15:18:36 +02004162
Willy Tarreau59234e92008-11-30 23:51:27 +01004163 txn->req.msg_state = HTTP_MSG_ERROR;
4164 txn->status = 400;
4165 req->analysers = 0;
Willy Tarreau783f2582012-09-04 12:19:04 +02004166 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004167
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004168 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004169 if (s->listener->counters)
4170 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004171
Willy Tarreau59234e92008-11-30 23:51:27 +01004172 if (!(s->flags & SN_ERR_MASK))
4173 s->flags |= SN_ERR_PRXCOND;
4174 if (!(s->flags & SN_FINST_MASK))
4175 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02004176 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004177}
Willy Tarreauadfb8562008-08-11 15:24:42 +02004178
Willy Tarreau60b85b02008-11-30 23:28:40 +01004179/* This function is an analyser which processes the HTTP tarpit. It always
4180 * returns zero, at the beginning because it prevents any other processing
4181 * from occurring, and at the end because it terminates the request.
4182 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004183int http_process_tarpit(struct session *s, struct channel *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01004184{
4185 struct http_txn *txn = &s->txn;
4186
4187 /* This connection is being tarpitted. The CLIENT side has
4188 * already set the connect expiration date to the right
4189 * timeout. We just have to check that the client is still
4190 * there and that the timeout has not expired.
4191 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004192 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004193 if ((req->flags & (CF_SHUTR|CF_READ_ERROR)) == 0 &&
Willy Tarreau60b85b02008-11-30 23:28:40 +01004194 !tick_is_expired(req->analyse_exp, now_ms))
4195 return 0;
4196
4197 /* We will set the queue timer to the time spent, just for
4198 * logging purposes. We fake a 500 server error, so that the
4199 * attacker will not suspect his connection has been tarpitted.
4200 * It will not cause trouble to the logs because we can exclude
4201 * the tarpitted connections by filtering on the 'PT' status flags.
4202 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01004203 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
4204
4205 txn->status = 500;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004206 if (!(req->flags & CF_READ_ERROR))
Willy Tarreau783f2582012-09-04 12:19:04 +02004207 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau60b85b02008-11-30 23:28:40 +01004208
4209 req->analysers = 0;
4210 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004211
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004212 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004213 if (s->listener->counters)
4214 s->listener->counters->failed_req++;
Willy Tarreau60b85b02008-11-30 23:28:40 +01004215
Willy Tarreau60b85b02008-11-30 23:28:40 +01004216 if (!(s->flags & SN_ERR_MASK))
4217 s->flags |= SN_ERR_PRXCOND;
4218 if (!(s->flags & SN_FINST_MASK))
4219 s->flags |= SN_FINST_T;
4220 return 0;
4221}
4222
Willy Tarreaud34af782008-11-30 23:36:37 +01004223/* This function is an analyser which processes the HTTP request body. It looks
4224 * for parameters to be used for the load balancing algorithm (url_param). It
4225 * must only be called after the standard HTTP request processing has occurred,
4226 * because it expects the request to be parsed. It returns zero if it needs to
4227 * read more data, or 1 once it has completed its analysis.
4228 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004229int http_process_request_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01004230{
Willy Tarreau522d6c02009-12-06 18:49:18 +01004231 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01004232 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01004233 long long limit = s->be->url_param_post_limit;
Willy Tarreaud34af782008-11-30 23:36:37 +01004234
4235 /* We have to parse the HTTP request body to find any required data.
4236 * "balance url_param check_post" should have been the only way to get
4237 * into this. We were brought here after HTTP header analysis, so all
4238 * related structures are ready.
4239 */
4240
Willy Tarreau522d6c02009-12-06 18:49:18 +01004241 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4242 goto missing_data;
4243
4244 if (msg->msg_state < HTTP_MSG_100_SENT) {
4245 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
4246 * send an HTTP/1.1 100 Continue intermediate response.
4247 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004248 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004249 struct hdr_ctx ctx;
4250 ctx.idx = 0;
4251 /* Expect is allowed in 1.1, look for it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004252 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01004253 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004254 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004255 }
4256 }
4257 msg->msg_state = HTTP_MSG_100_SENT;
4258 }
4259
4260 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004261 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02004262 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02004263 * is still null. We must save the body in msg->next because it
4264 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004265 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004266 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004267
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004268 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau522d6c02009-12-06 18:49:18 +01004269 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4270 else
4271 msg->msg_state = HTTP_MSG_DATA;
4272 }
4273
4274 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004275 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004276 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004277 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01004278 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004279 int ret = http_parse_chunk_size(msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01004280
Willy Tarreau115acb92009-12-26 13:56:06 +01004281 if (!ret)
4282 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004283 else if (ret < 0) {
4284 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004285 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004286 }
Willy Tarreaud34af782008-11-30 23:36:37 +01004287 }
4288
Willy Tarreaud98cf932009-12-27 22:54:55 +01004289 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004290 * We have the first data byte is in msg->sov. We're waiting for at
4291 * least <url_param_post_limit> bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01004292 */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004293
Willy Tarreau124d9912011-03-01 20:30:48 +01004294 if (msg->body_len < limit)
4295 limit = msg->body_len;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004296
Willy Tarreau9b28e032012-10-12 23:49:43 +02004297 if (req->buf->i - msg->sov >= limit) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004298 goto http_end;
4299
4300 missing_data:
4301 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004302 if (buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02004303 session_inc_http_err_ctr(s);
Willy Tarreau115acb92009-12-26 13:56:06 +01004304 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004305 }
Willy Tarreau115acb92009-12-26 13:56:06 +01004306
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004307 if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004308 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02004309 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02004310
4311 if (!(s->flags & SN_ERR_MASK))
4312 s->flags |= SN_ERR_CLITO;
4313 if (!(s->flags & SN_FINST_MASK))
4314 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004315 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01004316 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004317
4318 /* we get here if we need to wait for more data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004319 if (!(req->flags & (CF_SHUTR | CF_READ_ERROR)) && !buffer_full(req->buf, global.tune.maxrewrite)) {
Willy Tarreaud34af782008-11-30 23:36:37 +01004320 /* Not enough data. We'll re-use the http-request
4321 * timeout here. Ideally, we should set the timeout
4322 * relative to the accept() date. We just set the
4323 * request timeout once at the beginning of the
4324 * request.
4325 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004326 channel_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01004327 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02004328 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01004329 return 0;
4330 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004331
4332 http_end:
4333 /* The situation will not evolve, so let's give up on the analysis. */
4334 s->logs.tv_request = now; /* update the request timer to reflect full request */
4335 req->analysers &= ~an_bit;
4336 req->analyse_exp = TICK_ETERNITY;
4337 return 1;
4338
4339 return_bad_req: /* let's centralize all bad requests */
4340 txn->req.msg_state = HTTP_MSG_ERROR;
4341 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004342 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau522d6c02009-12-06 18:49:18 +01004343
Willy Tarreau79ebac62010-06-07 13:47:49 +02004344 if (!(s->flags & SN_ERR_MASK))
4345 s->flags |= SN_ERR_PRXCOND;
4346 if (!(s->flags & SN_FINST_MASK))
4347 s->flags |= SN_FINST_R;
4348
Willy Tarreau522d6c02009-12-06 18:49:18 +01004349 return_err_msg:
4350 req->analysers = 0;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004351 s->fe->fe_counters.failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004352 if (s->listener->counters)
4353 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004354 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01004355}
4356
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004357/* send a server's name with an outgoing request over an established connection.
4358 * Note: this function is designed to be called once the request has been scheduled
4359 * for being forwarded. This is the reason why it rewinds the buffer before
4360 * proceeding.
4361 */
Willy Tarreau45c0d982012-03-09 12:11:57 +01004362int http_send_name_header(struct http_txn *txn, struct proxy* be, const char* srv_name) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004363
4364 struct hdr_ctx ctx;
4365
Mark Lamourinec2247f02012-01-04 13:02:01 -05004366 char *hdr_name = be->server_id_hdr_name;
4367 int hdr_name_len = be->server_id_hdr_len;
Willy Tarreau394db372012-10-12 22:40:39 +02004368 struct channel *chn = txn->req.chn;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004369 char *hdr_val;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004370 unsigned int old_o, old_i;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004371
William Lallemandd9e90662012-01-30 17:27:17 +01004372 ctx.idx = 0;
4373
Willy Tarreau9b28e032012-10-12 23:49:43 +02004374 old_o = chn->buf->o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004375 if (old_o) {
4376 /* The request was already skipped, let's restore it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004377 b_rew(chn->buf, old_o);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004378 }
4379
Willy Tarreau9b28e032012-10-12 23:49:43 +02004380 old_i = chn->buf->i;
4381 while (http_find_header2(hdr_name, hdr_name_len, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004382 /* remove any existing values from the header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004383 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004384 }
4385
4386 /* Add the new header requested with the server value */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004387 hdr_val = trash.str;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004388 memcpy(hdr_val, hdr_name, hdr_name_len);
4389 hdr_val += hdr_name_len;
4390 *hdr_val++ = ':';
4391 *hdr_val++ = ' ';
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004392 hdr_val += strlcpy2(hdr_val, srv_name, trash.str + trash.size - hdr_val);
4393 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, hdr_val - trash.str);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004394
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004395 if (old_o) {
4396 /* If this was a forwarded request, we must readjust the amount of
4397 * data to be forwarded in order to take into account the size
Willy Tarreau2fef9b12013-03-26 01:08:21 +01004398 * variations. Note that if the request was already scheduled for
4399 * forwarding, it had its req->sol pointing to the body, which
4400 * must then be updated too.
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004401 */
Willy Tarreau2fef9b12013-03-26 01:08:21 +01004402 txn->req.sol += chn->buf->i - old_i;
Willy Tarreau9b28e032012-10-12 23:49:43 +02004403 b_adv(chn->buf, old_o + chn->buf->i - old_i);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004404 }
4405
Mark Lamourinec2247f02012-01-04 13:02:01 -05004406 return 0;
4407}
4408
Willy Tarreau610ecce2010-01-04 21:15:02 +01004409/* Terminate current transaction and prepare a new one. This is very tricky
4410 * right now but it works.
4411 */
4412void http_end_txn_clean_session(struct session *s)
4413{
4414 /* FIXME: We need a more portable way of releasing a backend's and a
4415 * server's connections. We need a safer way to reinitialize buffer
4416 * flags. We also need a more accurate method for computing per-request
4417 * data.
4418 */
4419 http_silent_debug(__LINE__, s);
4420
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004421 s->req->cons->flags |= SI_FL_NOLINGER | SI_FL_NOHALF;
Willy Tarreau73b013b2012-05-21 16:31:45 +02004422 si_shutr(s->req->cons);
4423 si_shutw(s->req->cons);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004424
4425 http_silent_debug(__LINE__, s);
4426
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004427 if (s->flags & SN_BE_ASSIGNED) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004428 s->be->beconn--;
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004429 if (unlikely(s->srv_conn))
4430 sess_change_server(s, NULL);
4431 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004432
4433 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
4434 session_process_counters(s);
Willy Tarreauf059a0f2010-08-03 16:29:52 +02004435 session_stop_backend_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004436
4437 if (s->txn.status) {
4438 int n;
4439
4440 n = s->txn.status / 100;
4441 if (n < 1 || n > 5)
4442 n = 0;
4443
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004444 if (s->fe->mode == PR_MODE_HTTP) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004445 s->fe->fe_counters.p.http.rsp[n]++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004446 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004447 s->fe->fe_counters.p.http.comp_rsp++;
4448 }
Willy Tarreau24657792010-02-26 10:30:28 +01004449 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004450 (s->be->mode == PR_MODE_HTTP)) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004451 s->be->be_counters.p.http.rsp[n]++;
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004452 s->be->be_counters.p.http.cum_req++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004453 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004454 s->be->be_counters.p.http.comp_rsp++;
4455 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004456 }
4457
4458 /* don't count other requests' data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004459 s->logs.bytes_in -= s->req->buf->i;
4460 s->logs.bytes_out -= s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004461
4462 /* let's do a final log if we need it */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01004463 if (!LIST_ISEMPTY(&s->fe->logformat) && s->logs.logwait &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004464 !(s->flags & SN_MONITOR) &&
4465 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
4466 s->do_log(s);
4467 }
4468
4469 s->logs.accept_date = date; /* user-visible date for logging */
4470 s->logs.tv_accept = now; /* corrected date for internal use */
4471 tv_zero(&s->logs.tv_request);
4472 s->logs.t_queue = -1;
4473 s->logs.t_connect = -1;
4474 s->logs.t_data = -1;
4475 s->logs.t_close = 0;
4476 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
4477 s->logs.srv_queue_size = 0; /* we will get this number soon */
4478
Willy Tarreau9b28e032012-10-12 23:49:43 +02004479 s->logs.bytes_in = s->req->total = s->req->buf->i;
4480 s->logs.bytes_out = s->rep->total = s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004481
4482 if (s->pend_pos)
4483 pendconn_free(s->pend_pos);
4484
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004485 if (objt_server(s->target)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004486 if (s->flags & SN_CURR_SESS) {
4487 s->flags &= ~SN_CURR_SESS;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004488 objt_server(s->target)->cur_sess--;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004489 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004490 if (may_dequeue_tasks(objt_server(s->target), s->be))
4491 process_srv_queue(objt_server(s->target));
Willy Tarreau610ecce2010-01-04 21:15:02 +01004492 }
4493
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004494 s->target = NULL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004495
4496 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02004497 s->req->cons->conn->t.sock.fd = -1; /* just to help with debugging */
4498 s->req->cons->conn->flags = CO_FL_NONE;
Willy Tarreau14cba4b2012-11-30 17:33:05 +01004499 s->req->cons->conn->err_code = CO_ER_NONE;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004500 s->req->cons->err_type = SI_ET_NONE;
Willy Tarreau0b3a4112011-03-27 19:16:56 +02004501 s->req->cons->conn_retries = 0; /* used for logging too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004502 s->req->cons->err_loc = NULL;
4503 s->req->cons->exp = TICK_ETERNITY;
4504 s->req->cons->flags = SI_FL_NONE;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004505 s->req->flags &= ~(CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CONNECT|CF_WRITE_ERROR|CF_STREAMER|CF_STREAMER_FAST|CF_NEVER_WAIT);
4506 s->rep->flags &= ~(CF_SHUTR|CF_SHUTR_NOW|CF_READ_ATTACHED|CF_READ_ERROR|CF_READ_NOEXP|CF_STREAMER|CF_STREAMER_FAST|CF_WRITE_PARTIAL|CF_NEVER_WAIT);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004507 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004508 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE);
Willy Tarreau543db622012-11-15 16:41:22 +01004509
4510 if (s->flags & SN_COMP_READY)
4511 s->comp_algo->end(&s->comp_ctx);
4512 s->comp_algo = NULL;
4513 s->flags &= ~SN_COMP_READY;
4514
Willy Tarreau610ecce2010-01-04 21:15:02 +01004515 s->txn.meth = 0;
4516 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01004517 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreauee55dc02010-06-01 10:56:34 +02004518 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01004519 s->req->cons->flags |= SI_FL_INDEP_STR;
4520
Willy Tarreau96e31212011-05-30 18:10:30 +02004521 if (s->fe->options2 & PR_O2_NODELAY) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004522 s->req->flags |= CF_NEVER_WAIT;
4523 s->rep->flags |= CF_NEVER_WAIT;
Willy Tarreau96e31212011-05-30 18:10:30 +02004524 }
4525
Willy Tarreau610ecce2010-01-04 21:15:02 +01004526 /* if the request buffer is not empty, it means we're
4527 * about to process another request, so send pending
4528 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01004529 * Just don't do this if the buffer is close to be full,
4530 * because the request will wait for it to flush a little
4531 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004532 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004533 if (s->req->buf->i) {
4534 if (s->rep->buf->o &&
4535 !buffer_full(s->rep->buf, global.tune.maxrewrite) &&
4536 bi_end(s->rep->buf) <= s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004537 s->rep->flags |= CF_EXPECT_MORE;
Willy Tarreau065e8332010-01-08 00:30:20 +01004538 }
Willy Tarreau90deb182010-01-07 00:20:41 +01004539
4540 /* we're removing the analysers, we MUST re-enable events detection */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004541 channel_auto_read(s->req);
4542 channel_auto_close(s->req);
4543 channel_auto_read(s->rep);
4544 channel_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004545
Willy Tarreau342b11c2010-11-24 16:22:09 +01004546 s->req->analysers = s->listener->analysers;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004547 s->rep->analysers = 0;
4548
4549 http_silent_debug(__LINE__, s);
4550}
4551
4552
4553/* This function updates the request state machine according to the response
4554 * state machine and buffer flags. It returns 1 if it changes anything (flag
4555 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4556 * it is only used to find when a request/response couple is complete. Both
4557 * this function and its equivalent should loop until both return zero. It
4558 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4559 */
4560int http_sync_req_state(struct session *s)
4561{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004562 struct channel *chn = s->req;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004563 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004564 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004565 unsigned int old_state = txn->req.msg_state;
4566
4567 http_silent_debug(__LINE__, s);
4568 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4569 return 0;
4570
4571 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004572 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004573 * We can shut the read side unless we want to abort_on_close,
4574 * or we have a POST request. The issue with POST requests is
4575 * that some browsers still send a CRLF after the request, and
4576 * this CRLF must be read so that it does not remain in the kernel
4577 * buffers, otherwise a close could cause an RST on some systems
4578 * (eg: Linux).
Willy Tarreau90deb182010-01-07 00:20:41 +01004579 */
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004580 if (!(s->be->options & PR_O_ABRT_CLOSE) && txn->meth != HTTP_METH_POST)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004581 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004582
Willy Tarreau40f151a2012-12-20 12:10:09 +01004583 /* if the server closes the connection, we want to immediately react
4584 * and close the socket to save packets and syscalls.
4585 */
4586 chn->cons->flags |= SI_FL_NOHALF;
4587
Willy Tarreau610ecce2010-01-04 21:15:02 +01004588 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4589 goto wait_other_side;
4590
4591 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4592 /* The server has not finished to respond, so we
4593 * don't want to move in order not to upset it.
4594 */
4595 goto wait_other_side;
4596 }
4597
4598 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4599 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004600 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004601 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004602 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004603 goto wait_other_side;
4604 }
4605
4606 /* When we get here, it means that both the request and the
4607 * response have finished receiving. Depending on the connection
4608 * mode, we'll have to wait for the last bytes to leave in either
4609 * direction, and sometimes for a close to be effective.
4610 */
4611
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004612 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4613 /* Server-close mode : queue a connection close to the server */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004614 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW)))
4615 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004616 }
4617 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4618 /* Option forceclose is set, or either side wants to close,
4619 * let's enforce it now that we're not expecting any new
4620 * data to come. The caller knows the session is complete
4621 * once both states are CLOSED.
4622 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004623 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4624 channel_shutr_now(chn);
4625 channel_shutw_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004626 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004627 }
4628 else {
4629 /* The last possible modes are keep-alive and tunnel. Since tunnel
4630 * mode does not set the body analyser, we can't reach this place
4631 * in tunnel mode, so we're left with keep-alive only.
4632 * This mode is currently not implemented, we switch to tunnel mode.
4633 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004634 channel_auto_read(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004635 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004636 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004637 }
4638
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004639 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004640 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004641 chn->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004642
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004643 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004644 txn->req.msg_state = HTTP_MSG_CLOSING;
4645 goto http_msg_closing;
4646 }
4647 else {
4648 txn->req.msg_state = HTTP_MSG_CLOSED;
4649 goto http_msg_closed;
4650 }
4651 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004652 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004653 }
4654
4655 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4656 http_msg_closing:
4657 /* nothing else to forward, just waiting for the output buffer
4658 * to be empty and for the shutw_now to take effect.
4659 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004660 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004661 txn->req.msg_state = HTTP_MSG_CLOSED;
4662 goto http_msg_closed;
4663 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004664 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004665 txn->req.msg_state = HTTP_MSG_ERROR;
4666 goto wait_other_side;
4667 }
4668 }
4669
4670 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4671 http_msg_closed:
4672 goto wait_other_side;
4673 }
4674
4675 wait_other_side:
4676 http_silent_debug(__LINE__, s);
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004677 return txn->req.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004678}
4679
4680
4681/* This function updates the response state machine according to the request
4682 * state machine and buffer flags. It returns 1 if it changes anything (flag
4683 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4684 * it is only used to find when a request/response couple is complete. Both
4685 * this function and its equivalent should loop until both return zero. It
4686 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4687 */
4688int http_sync_res_state(struct session *s)
4689{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004690 struct channel *chn = s->rep;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004691 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004692 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004693 unsigned int old_state = txn->rsp.msg_state;
4694
4695 http_silent_debug(__LINE__, s);
4696 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4697 return 0;
4698
4699 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4700 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004701 * still monitor the server connection for a possible close
4702 * while the request is being uploaded, so we don't disable
4703 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004704 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004705 /* channel_dont_read(chn); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004706
4707 if (txn->req.msg_state == HTTP_MSG_ERROR)
4708 goto wait_other_side;
4709
4710 if (txn->req.msg_state < HTTP_MSG_DONE) {
4711 /* The client seems to still be sending data, probably
4712 * because we got an error response during an upload.
4713 * We have the choice of either breaking the connection
4714 * or letting it pass through. Let's do the later.
4715 */
4716 goto wait_other_side;
4717 }
4718
4719 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
4720 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004721 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004722 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004723 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004724 goto wait_other_side;
4725 }
4726
4727 /* When we get here, it means that both the request and the
4728 * response have finished receiving. Depending on the connection
4729 * mode, we'll have to wait for the last bytes to leave in either
4730 * direction, and sometimes for a close to be effective.
4731 */
4732
4733 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4734 /* Server-close mode : shut read and wait for the request
4735 * side to close its output buffer. The caller will detect
4736 * when we're in DONE and the other is in CLOSED and will
4737 * catch that for the final cleanup.
4738 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004739 if (!(chn->flags & (CF_SHUTR|CF_SHUTR_NOW)))
4740 channel_shutr_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004741 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004742 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4743 /* Option forceclose is set, or either side wants to close,
4744 * let's enforce it now that we're not expecting any new
4745 * data to come. The caller knows the session is complete
4746 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004747 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004748 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4749 channel_shutr_now(chn);
4750 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004751 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004752 }
4753 else {
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004754 /* The last possible modes are keep-alive and tunnel. Since tunnel
4755 * mode does not set the body analyser, we can't reach this place
4756 * in tunnel mode, so we're left with keep-alive only.
4757 * This mode is currently not implemented, we switch to tunnel mode.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004758 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004759 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004760 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004761 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004762 }
4763
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004764 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004765 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004766 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004767 txn->rsp.msg_state = HTTP_MSG_CLOSING;
4768 goto http_msg_closing;
4769 }
4770 else {
4771 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4772 goto http_msg_closed;
4773 }
4774 }
4775 goto wait_other_side;
4776 }
4777
4778 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
4779 http_msg_closing:
4780 /* nothing else to forward, just waiting for the output buffer
4781 * to be empty and for the shutw_now to take effect.
4782 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004783 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004784 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4785 goto http_msg_closed;
4786 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004787 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004788 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004789 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004790 if (objt_server(s->target))
4791 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004792 goto wait_other_side;
4793 }
4794 }
4795
4796 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
4797 http_msg_closed:
4798 /* drop any pending data */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004799 bi_erase(chn);
4800 channel_auto_close(chn);
4801 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004802 goto wait_other_side;
4803 }
4804
4805 wait_other_side:
4806 http_silent_debug(__LINE__, s);
Willy Tarreaufc47f912012-10-20 10:38:09 +02004807 /* We force the response to leave immediately if we're waiting for the
4808 * other side, since there is no pending shutdown to push it out.
4809 */
4810 if (!channel_is_empty(chn))
4811 chn->flags |= CF_SEND_DONTWAIT;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004812 return txn->rsp.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004813}
4814
4815
4816/* Resync the request and response state machines. Return 1 if either state
4817 * changes.
4818 */
4819int http_resync_states(struct session *s)
4820{
4821 struct http_txn *txn = &s->txn;
4822 int old_req_state = txn->req.msg_state;
4823 int old_res_state = txn->rsp.msg_state;
4824
4825 http_silent_debug(__LINE__, s);
4826 http_sync_req_state(s);
4827 while (1) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004828 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004829 if (!http_sync_res_state(s))
4830 break;
Willy Tarreau90deb182010-01-07 00:20:41 +01004831 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004832 if (!http_sync_req_state(s))
4833 break;
4834 }
4835 http_silent_debug(__LINE__, s);
4836 /* OK, both state machines agree on a compatible state.
4837 * There are a few cases we're interested in :
4838 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
4839 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
4840 * directions, so let's simply disable both analysers.
4841 * - HTTP_MSG_CLOSED on the response only means we must abort the
4842 * request.
4843 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
4844 * with server-close mode means we've completed one request and we
4845 * must re-initialize the server connection.
4846 */
4847
4848 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
4849 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
4850 (txn->req.msg_state == HTTP_MSG_CLOSED &&
4851 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
4852 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004853 channel_auto_close(s->req);
4854 channel_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004855 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004856 channel_auto_close(s->rep);
4857 channel_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004858 }
Willy Tarreau40f151a2012-12-20 12:10:09 +01004859 else if ((txn->req.msg_state >= HTTP_MSG_DONE &&
4860 (txn->rsp.msg_state == HTTP_MSG_CLOSED || (s->rep->flags & CF_SHUTW))) ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004861 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau40f151a2012-12-20 12:10:09 +01004862 txn->req.msg_state == HTTP_MSG_ERROR) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004863 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004864 channel_auto_close(s->rep);
4865 channel_auto_read(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01004866 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004867 channel_abort(s->req);
4868 channel_auto_close(s->req);
4869 channel_auto_read(s->req);
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004870 bi_erase(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004871 }
4872 else if (txn->req.msg_state == HTTP_MSG_CLOSED &&
4873 txn->rsp.msg_state == HTTP_MSG_DONE &&
4874 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)) {
4875 /* server-close: terminate this server connection and
4876 * reinitialize a fresh-new transaction.
4877 */
4878 http_end_txn_clean_session(s);
4879 }
4880
4881 http_silent_debug(__LINE__, s);
4882 return txn->req.msg_state != old_req_state ||
4883 txn->rsp.msg_state != old_res_state;
4884}
4885
Willy Tarreaud98cf932009-12-27 22:54:55 +01004886/* This function is an analyser which forwards request body (including chunk
4887 * sizes if any). It is called as soon as we must forward, even if we forward
4888 * zero byte. The only situation where it must not be called is when we're in
4889 * tunnel mode and we want to forward till the close. It's used both to forward
4890 * remaining data and to resync after end of body. It expects the msg_state to
4891 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4892 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01004893 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02004894 * bytes of pending data + the headers if not already done (between sol and sov).
4895 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004896 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004897int http_request_forward_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004898{
4899 struct http_txn *txn = &s->txn;
4900 struct http_msg *msg = &s->txn.req;
4901
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004902 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4903 return 0;
4904
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004905 if ((req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004906 ((req->flags & CF_SHUTW) && (req->to_forward || req->buf->o))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02004907 /* Output closed while we were sending data. We must abort and
4908 * wake the other side up.
4909 */
4910 msg->msg_state = HTTP_MSG_ERROR;
4911 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004912 return 1;
4913 }
4914
Willy Tarreau4fe41902010-06-07 22:27:41 +02004915 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004916 channel_auto_close(req);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004917
4918 /* Note that we don't have to send 100-continue back because we don't
4919 * need the data to complete our job, and it's up to the server to
4920 * decide whether to return 100, 417 or anything else in return of
4921 * an "Expect: 100-continue" header.
4922 */
4923
4924 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004925 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau9b28e032012-10-12 23:49:43 +02004926 * req->buf->p still points to the beginning of the message and msg->sol
Willy Tarreau26927362012-05-18 23:22:52 +02004927 * is still null. We must save the body in msg->next because it
4928 * survives buffer re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004929 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004930 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004931
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004932 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004933 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02004934 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01004935 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004936 }
4937
Willy Tarreaud98cf932009-12-27 22:54:55 +01004938 while (1) {
Willy Tarreauea953162012-05-18 23:41:28 +02004939 unsigned int bytes;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004940
Willy Tarreau610ecce2010-01-04 21:15:02 +01004941 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02004942 /* we may have some data pending between sol and sov */
Willy Tarreau26927362012-05-18 23:22:52 +02004943 bytes = msg->sov - msg->sol;
Willy Tarreaud8ee85a2011-03-28 16:06:28 +02004944 if (msg->chunk_len || bytes) {
Willy Tarreau26927362012-05-18 23:22:52 +02004945 msg->sol = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004946 msg->next -= bytes; /* will be forwarded */
Willy Tarreauea953162012-05-18 23:41:28 +02004947 msg->chunk_len += bytes;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004948 msg->chunk_len -= channel_forward(req, msg->chunk_len);
Willy Tarreau638cd022010-01-03 07:42:04 +01004949 }
Willy Tarreau5523b322009-12-29 12:05:52 +01004950
Willy Tarreaucaabe412010-01-03 23:08:28 +01004951 if (msg->msg_state == HTTP_MSG_DATA) {
4952 /* must still forward */
4953 if (req->to_forward)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004954 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004955
4956 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004957 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004958 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004959 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01004960 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004961 }
4962 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004963 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004964 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004965 * TRAILERS state.
4966 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004967 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004968
Willy Tarreau54d23df2012-10-25 19:04:45 +02004969 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004970 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004971 else if (ret < 0) {
4972 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004973 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004974 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004975 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004976 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004977 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004978 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02004979 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004980 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02004981 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004982
4983 if (ret == 0)
4984 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004985 else if (ret < 0) {
4986 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004987 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02004988 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004989 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004990 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004991 /* we're in MSG_CHUNK_SIZE now */
4992 }
4993 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004994 int ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004995
4996 if (ret == 0)
4997 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004998 else if (ret < 0) {
4999 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005000 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005001 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005002 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005003 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005004 /* we're in HTTP_MSG_DONE now */
5005 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005006 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005007 int old_state = msg->msg_state;
5008
Willy Tarreau610ecce2010-01-04 21:15:02 +01005009 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02005010 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005011 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5012 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005013 channel_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005014 if (http_resync_states(s)) {
5015 /* some state changes occurred, maybe the analyser
5016 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01005017 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005018 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005019 if (req->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005020 /* request errors are most likely due to
5021 * the server aborting the transfer.
5022 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005023 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005024 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005025 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005026 http_capture_bad_message(&s->fe->invalid_req, s, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005027 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005028 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005029 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005030 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005031
5032 /* If "option abortonclose" is set on the backend, we
5033 * want to monitor the client's connection and forward
5034 * any shutdown notification to the server, which will
5035 * decide whether to close or to go on processing the
5036 * request.
5037 */
5038 if (s->be->options & PR_O_ABRT_CLOSE) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005039 channel_auto_read(req);
5040 channel_auto_close(req);
Willy Tarreau5c54c712010-07-17 08:02:58 +02005041 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005042 else if (s->txn.meth == HTTP_METH_POST) {
5043 /* POST requests may require to read extra CRLF
5044 * sent by broken browsers and which could cause
5045 * an RST to be sent upon close on some systems
5046 * (eg: Linux).
5047 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005048 channel_auto_read(req);
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005049 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005050
Willy Tarreau610ecce2010-01-04 21:15:02 +01005051 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005052 }
5053 }
5054
Willy Tarreaud98cf932009-12-27 22:54:55 +01005055 missing_data:
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005056 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005057 if (req->flags & CF_SHUTR) {
Willy Tarreau79ebac62010-06-07 13:47:49 +02005058 if (!(s->flags & SN_ERR_MASK))
5059 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005060 if (!(s->flags & SN_FINST_MASK)) {
5061 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5062 s->flags |= SN_FINST_H;
5063 else
5064 s->flags |= SN_FINST_D;
5065 }
5066
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005067 s->fe->fe_counters.cli_aborts++;
5068 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005069 if (objt_server(s->target))
5070 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005071
5072 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02005073 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005074
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005075 /* waiting for the last bits to leave the buffer */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005076 if (req->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005077 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005078
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005079 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005080 * chunks even if the client has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005081 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005082 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005083 channel_dont_close(req);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005084
Willy Tarreau5c620922011-05-11 19:56:11 +02005085 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005086 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02005087 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01005088 * modes are already handled by the stream sock layer. We must not do
5089 * this in content-length mode because it could present the MSG_MORE
5090 * flag with the last block of forwarded data, which would cause an
5091 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02005092 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005093 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005094 req->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02005095
Willy Tarreau610ecce2010-01-04 21:15:02 +01005096 http_silent_debug(__LINE__, s);
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005097 return 0;
5098
Willy Tarreaud98cf932009-12-27 22:54:55 +01005099 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005100 s->fe->fe_counters.failed_req++;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005101 if (s->listener->counters)
5102 s->listener->counters->failed_req++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005103 return_bad_req_stats_ok:
5104 txn->req.msg_state = HTTP_MSG_ERROR;
5105 if (txn->status) {
5106 /* Note: we don't send any error if some data were already sent */
5107 stream_int_retnclose(req->prod, NULL);
5108 } else {
5109 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02005110 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005111 }
5112 req->analysers = 0;
5113 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005114
5115 if (!(s->flags & SN_ERR_MASK))
5116 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005117 if (!(s->flags & SN_FINST_MASK)) {
5118 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5119 s->flags |= SN_FINST_H;
5120 else
5121 s->flags |= SN_FINST_D;
5122 }
5123 return 0;
5124
5125 aborted_xfer:
5126 txn->req.msg_state = HTTP_MSG_ERROR;
5127 if (txn->status) {
5128 /* Note: we don't send any error if some data were already sent */
5129 stream_int_retnclose(req->prod, NULL);
5130 } else {
5131 txn->status = 502;
Willy Tarreau783f2582012-09-04 12:19:04 +02005132 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_502));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005133 }
5134 req->analysers = 0;
5135 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
5136
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005137 s->fe->fe_counters.srv_aborts++;
5138 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005139 if (objt_server(s->target))
5140 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005141
5142 if (!(s->flags & SN_ERR_MASK))
5143 s->flags |= SN_ERR_SRVCL;
5144 if (!(s->flags & SN_FINST_MASK)) {
5145 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5146 s->flags |= SN_FINST_H;
5147 else
5148 s->flags |= SN_FINST_D;
5149 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005150 return 0;
5151}
5152
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005153/* This stream analyser waits for a complete HTTP response. It returns 1 if the
5154 * processing can continue on next analysers, or zero if it either needs more
5155 * data or wants to immediately abort the response (eg: timeout, error, ...). It
5156 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
5157 * when it has nothing left to do, and may remove any analyser when it wants to
5158 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005159 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005160int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005161{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005162 struct http_txn *txn = &s->txn;
5163 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005164 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005165 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005166 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005167 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02005168
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005169 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02005170 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005171 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005172 rep,
5173 rep->rex, rep->wex,
5174 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005175 rep->buf->i,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005176 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005177
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005178 /*
5179 * Now parse the partial (or complete) lines.
5180 * We will check the response syntax, and also join multi-line
5181 * headers. An index of all the lines will be elaborated while
5182 * parsing.
5183 *
5184 * For the parsing, we use a 28 states FSM.
5185 *
5186 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02005187 * rep->buf->p = beginning of response
5188 * rep->buf->p + msg->eoh = end of processed headers / start of current one
5189 * rep->buf->p + rep->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02005190 * msg->eol = end of current header or line (LF or CRLF)
5191 * msg->next = first non-visited byte
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005192 */
5193
Willy Tarreau83e3af02009-12-28 17:39:57 +01005194 /* There's a protected area at the end of the buffer for rewriting
5195 * purposes. We don't want to start to parse the request if the
5196 * protected area is affected, because we may have to move processed
5197 * data later, which is much more complicated.
5198 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005199 if (buffer_not_empty(rep->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02005200 if (unlikely(!channel_reserved(rep))) {
5201 /* some data has still not left the buffer, wake us once that's done */
5202 if (rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
5203 goto abort_response;
5204 channel_dont_close(rep);
5205 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
5206 return 0;
Willy Tarreau83e3af02009-12-28 17:39:57 +01005207 }
5208
Willy Tarreau379357a2013-06-08 12:55:46 +02005209 if (unlikely(bi_end(rep->buf) < b_ptr(rep->buf, msg->next) ||
5210 bi_end(rep->buf) > rep->buf->data + rep->buf->size - global.tune.maxrewrite))
5211 buffer_slow_realign(rep->buf);
5212
Willy Tarreau9b28e032012-10-12 23:49:43 +02005213 if (likely(msg->next < rep->buf->i))
Willy Tarreaua560c212012-03-09 13:50:57 +01005214 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01005215 }
5216
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005217 /* 1: we might have to print this header in debug mode */
5218 if (unlikely((global.mode & MODE_DEBUG) &&
5219 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01005220 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005221 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005222
Willy Tarreau9b28e032012-10-12 23:49:43 +02005223 sol = rep->buf->p;
5224 eol = sol + (msg->sl.st.l ? msg->sl.st.l : rep->buf->i);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005225 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005226
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005227 sol += hdr_idx_first_pos(&txn->hdr_idx);
5228 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005229
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005230 while (cur_idx) {
5231 eol = sol + txn->hdr_idx.v[cur_idx].len;
5232 debug_hdr("srvhdr", s, sol, eol);
5233 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
5234 cur_idx = txn->hdr_idx.v[cur_idx].next;
5235 }
5236 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005237
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005238 /*
5239 * Now we quickly check if we have found a full valid response.
5240 * If not so, we check the FD and buffer states before leaving.
5241 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01005242 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005243 * responses are checked first.
5244 *
5245 * Depending on whether the client is still there or not, we
5246 * may send an error response back or not. Note that normally
5247 * we should only check for HTTP status there, and check I/O
5248 * errors somewhere else.
5249 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005250
Willy Tarreau655dce92009-11-08 13:10:58 +01005251 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005252 /* Invalid response */
5253 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
5254 /* we detected a parsing error. We want to archive this response
5255 * in the dedicated proxy area for later troubleshooting.
5256 */
5257 hdr_response_bad:
5258 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005259 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005260
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005261 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005262 if (objt_server(s->target)) {
5263 objt_server(s->target)->counters.failed_resp++;
5264 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005265 }
Willy Tarreau64648412010-03-05 10:41:54 +01005266 abort_response:
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005267 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005268 rep->analysers = 0;
5269 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005270 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005271 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005272 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005273
5274 if (!(s->flags & SN_ERR_MASK))
5275 s->flags |= SN_ERR_PRXCOND;
5276 if (!(s->flags & SN_FINST_MASK))
5277 s->flags |= SN_FINST_H;
5278
5279 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005280 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005281
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005282 /* too large response does not fit in buffer. */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005283 else if (buffer_full(rep->buf, global.tune.maxrewrite)) {
Willy Tarreaufec4d892011-09-02 20:04:57 +02005284 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02005285 msg->err_pos = rep->buf->i;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005286 goto hdr_response_bad;
5287 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005288
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005289 /* read error */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005290 else if (rep->flags & CF_READ_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005291 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005292 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02005293
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005294 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005295 if (objt_server(s->target)) {
5296 objt_server(s->target)->counters.failed_resp++;
5297 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_ERROR);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005298 }
Willy Tarreau461f6622008-08-15 23:43:19 +02005299
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005300 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005301 rep->analysers = 0;
5302 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005303 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005304 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005305 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02005306
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005307 if (!(s->flags & SN_ERR_MASK))
5308 s->flags |= SN_ERR_SRVCL;
5309 if (!(s->flags & SN_FINST_MASK))
5310 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02005311 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005312 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005313
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005314 /* read timeout : return a 504 to the client. */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005315 else if (rep->flags & CF_READ_TIMEOUT) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005316 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005317 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01005318
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005319 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005320 if (objt_server(s->target)) {
5321 objt_server(s->target)->counters.failed_resp++;
5322 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_TIMEOUT);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005323 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005324
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005325 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005326 rep->analysers = 0;
5327 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005328 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005329 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005330 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02005331
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005332 if (!(s->flags & SN_ERR_MASK))
5333 s->flags |= SN_ERR_SRVTO;
5334 if (!(s->flags & SN_FINST_MASK))
5335 s->flags |= SN_FINST_H;
5336 return 0;
5337 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02005338
Willy Tarreauf003d372012-11-26 13:35:37 +01005339 /* client abort with an abortonclose */
5340 else if ((rep->flags & CF_SHUTR) && ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))) {
5341 s->fe->fe_counters.cli_aborts++;
5342 s->be->be_counters.cli_aborts++;
5343 if (objt_server(s->target))
5344 objt_server(s->target)->counters.cli_aborts++;
5345
5346 rep->analysers = 0;
5347 channel_auto_close(rep);
5348
5349 txn->status = 400;
5350 bi_erase(rep);
5351 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_400));
5352
5353 if (!(s->flags & SN_ERR_MASK))
5354 s->flags |= SN_ERR_CLICL;
5355 if (!(s->flags & SN_FINST_MASK))
5356 s->flags |= SN_FINST_H;
5357
5358 /* process_session() will take care of the error */
5359 return 0;
5360 }
5361
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005362 /* close from server, capture the response if the server has started to respond */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005363 else if (rep->flags & CF_SHUTR) {
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005364 if (msg->msg_state >= HTTP_MSG_RPVER || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005365 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01005366
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005367 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005368 if (objt_server(s->target)) {
5369 objt_server(s->target)->counters.failed_resp++;
5370 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_BROKEN_PIPE);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005371 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005372
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005373 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005374 rep->analysers = 0;
5375 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005376 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005377 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005378 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01005379
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005380 if (!(s->flags & SN_ERR_MASK))
5381 s->flags |= SN_ERR_SRVCL;
5382 if (!(s->flags & SN_FINST_MASK))
5383 s->flags |= SN_FINST_H;
5384 return 0;
5385 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005386
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005387 /* write error to client (we don't send any message then) */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005388 else if (rep->flags & CF_WRITE_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005389 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005390 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005391
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005392 s->be->be_counters.failed_resp++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005393 rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005394 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005395
5396 if (!(s->flags & SN_ERR_MASK))
5397 s->flags |= SN_ERR_CLICL;
5398 if (!(s->flags & SN_FINST_MASK))
5399 s->flags |= SN_FINST_H;
5400
5401 /* process_session() will take care of the error */
5402 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005403 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005404
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005405 channel_dont_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005406 return 0;
5407 }
5408
5409 /* More interesting part now : we know that we have a complete
5410 * response which at least looks like HTTP. We have an indicator
5411 * of each header's length, so we can parse them quickly.
5412 */
5413
5414 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005415 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005416
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005417 /*
5418 * 1: get the status code
5419 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005420 n = rep->buf->p[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005421 if (n < 1 || n > 5)
5422 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005423 /* when the client triggers a 4xx from the server, it's most often due
5424 * to a missing object or permission. These events should be tracked
5425 * because if they happen often, it may indicate a brute force or a
5426 * vulnerability scan.
5427 */
5428 if (n == 4)
5429 session_inc_http_err_ctr(s);
5430
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005431 if (objt_server(s->target))
5432 objt_server(s->target)->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005433
Willy Tarreau5b154472009-12-21 20:11:07 +01005434 /* check if the response is HTTP/1.1 or above */
5435 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005436 ((rep->buf->p[5] > '1') ||
5437 ((rep->buf->p[5] == '1') && (rep->buf->p[7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005438 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01005439
5440 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005441 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_HDR_CONN_UPG|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01005442
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005443 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005444 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005445
Willy Tarreau9b28e032012-10-12 23:49:43 +02005446 txn->status = strl2ui(rep->buf->p + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005447
Willy Tarreau39650402010-03-15 19:44:39 +01005448 /* Adjust server's health based on status code. Note: status codes 501
5449 * and 505 are triggered on demand by client request, so we must not
5450 * count them as server failures.
5451 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005452 if (objt_server(s->target)) {
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005453 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005454 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_OK);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005455 else
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005456 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_STS);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005457 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005458
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005459 /*
5460 * 2: check for cacheability.
5461 */
5462
5463 switch (txn->status) {
5464 case 200:
5465 case 203:
5466 case 206:
5467 case 300:
5468 case 301:
5469 case 410:
5470 /* RFC2616 @13.4:
5471 * "A response received with a status code of
5472 * 200, 203, 206, 300, 301 or 410 MAY be stored
5473 * by a cache (...) unless a cache-control
5474 * directive prohibits caching."
5475 *
5476 * RFC2616 @9.5: POST method :
5477 * "Responses to this method are not cacheable,
5478 * unless the response includes appropriate
5479 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005480 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005481 if (likely(txn->meth != HTTP_METH_POST) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005482 ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005483 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
5484 break;
5485 default:
5486 break;
5487 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005488
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005489 /*
5490 * 3: we may need to capture headers
5491 */
5492 s->logs.logwait &= ~LW_RESP;
Willy Tarreau42f7d892012-03-24 08:28:09 +01005493 if (unlikely((s->logs.logwait & LW_RSPHDR) && txn->rsp.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02005494 capture_headers(rep->buf->p, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005495 txn->rsp.cap, s->fe->rsp_cap);
5496
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005497 /* 4: determine the transfer-length.
5498 * According to RFC2616 #4.4, amended by the HTTPbis working group,
5499 * the presence of a message-body in a RESPONSE and its transfer length
5500 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005501 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005502 * All responses to the HEAD request method MUST NOT include a
5503 * message-body, even though the presence of entity-header fields
5504 * might lead one to believe they do. All 1xx (informational), 204
5505 * (No Content), and 304 (Not Modified) responses MUST NOT include a
5506 * message-body. All other responses do include a message-body,
5507 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005508 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005509 * 1. Any response which "MUST NOT" include a message-body (such as the
5510 * 1xx, 204 and 304 responses and any response to a HEAD request) is
5511 * always terminated by the first empty line after the header fields,
5512 * regardless of the entity-header fields present in the message.
5513 *
5514 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
5515 * the "chunked" transfer-coding (Section 6.2) is used, the
5516 * transfer-length is defined by the use of this transfer-coding.
5517 * If a Transfer-Encoding header field is present and the "chunked"
5518 * transfer-coding is not present, the transfer-length is defined by
5519 * the sender closing the connection.
5520 *
5521 * 3. If a Content-Length header field is present, its decimal value in
5522 * OCTETs represents both the entity-length and the transfer-length.
5523 * If a message is received with both a Transfer-Encoding header
5524 * field and a Content-Length header field, the latter MUST be ignored.
5525 *
5526 * 4. If the message uses the media type "multipart/byteranges", and
5527 * the transfer-length is not otherwise specified, then this self-
5528 * delimiting media type defines the transfer-length. This media
5529 * type MUST NOT be used unless the sender knows that the recipient
5530 * can parse it; the presence in a request of a Range header with
5531 * multiple byte-range specifiers from a 1.1 client implies that the
5532 * client can parse multipart/byteranges responses.
5533 *
5534 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005535 */
5536
5537 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01005538 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005539 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005540 * FIXME: should we parse anyway and return an error on chunked encoding ?
5541 */
5542 if (txn->meth == HTTP_METH_HEAD ||
5543 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005544 txn->status == 204 || txn->status == 304) {
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005545 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreau91015352012-11-27 07:31:33 +01005546 s->comp_algo = NULL;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005547 goto skip_content_length;
5548 }
5549
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005550 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005551 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005552 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005553 http_find_header2("Transfer-Encoding", 17, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005554 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005555 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
5556 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005557 /* bad transfer-encoding (chunked followed by something else) */
5558 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005559 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005560 break;
5561 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005562 }
5563
5564 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
5565 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005566 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005567 http_find_header2("Content-Length", 14, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005568 signed long long cl;
5569
Willy Tarreauad14f752011-09-02 20:33:27 +02005570 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005571 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005572 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005573 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005574
Willy Tarreauad14f752011-09-02 20:33:27 +02005575 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005576 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005577 goto hdr_response_bad; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02005578 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005579
Willy Tarreauad14f752011-09-02 20:33:27 +02005580 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005581 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005582 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005583 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005584
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005585 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005586 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005587 goto hdr_response_bad; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02005588 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005589
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005590 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005591 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005592 }
5593
William Lallemand82fe75c2012-10-23 10:25:10 +02005594 if (s->fe->comp || s->be->comp)
5595 select_compression_response_header(s, rep->buf);
5596
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005597 /* FIXME: we should also implement the multipart/byterange method.
5598 * For now on, we resort to close mode in this case (unknown length).
5599 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005600skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005601
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005602 /* end of job, return OK */
5603 rep->analysers &= ~an_bit;
5604 rep->analyse_exp = TICK_ETERNITY;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005605 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005606 return 1;
5607}
5608
5609/* This function performs all the processing enabled for the current response.
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005610 * It normally returns 1 unless it wants to break. It relies on buffers flags,
5611 * and updates t->rep->analysers. It might make sense to explode it into several
5612 * other functions. It works like process_request (see indications above).
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005613 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005614int http_process_res_common(struct session *t, struct channel *rep, int an_bit, struct proxy *px)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005615{
5616 struct http_txn *txn = &t->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005617 struct http_msg *msg = &txn->rsp;
5618 struct proxy *cur_proxy;
Willy Tarreauf4f04122010-01-28 18:10:50 +01005619 struct cond_wordlist *wl;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005620 struct http_res_rule *http_res_last_rule = NULL;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005621
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005622 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005623 now_ms, __FUNCTION__,
5624 t,
5625 rep,
5626 rep->rex, rep->wex,
5627 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005628 rep->buf->i,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005629 rep->analysers);
5630
Willy Tarreau655dce92009-11-08 13:10:58 +01005631 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005632 return 0;
5633
5634 rep->analysers &= ~an_bit;
5635 rep->analyse_exp = TICK_ETERNITY;
5636
Willy Tarreau5b154472009-12-21 20:11:07 +01005637 /* Now we have to check if we need to modify the Connection header.
5638 * This is more difficult on the response than it is on the request,
5639 * because we can have two different HTTP versions and we don't know
5640 * how the client will interprete a response. For instance, let's say
5641 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5642 * HTTP/1.1 response without any header. Maybe it will bound itself to
5643 * HTTP/1.0 because it only knows about it, and will consider the lack
5644 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5645 * the lack of header as a keep-alive. Thus we will use two flags
5646 * indicating how a request MAY be understood by the client. In case
5647 * of multiple possibilities, we'll fix the header to be explicit. If
5648 * ambiguous cases such as both close and keepalive are seen, then we
5649 * will fall back to explicit close. Note that we won't take risks with
5650 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005651 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005652 */
5653
Willy Tarreaudc008c52010-02-01 16:20:08 +01005654 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5655 txn->status == 101)) {
5656 /* Either we've established an explicit tunnel, or we're
5657 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005658 * to understand the next protocols. We have to switch to tunnel
5659 * mode, so that we transfer the request and responses then let
5660 * this protocol pass unmodified. When we later implement specific
5661 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005662 * header which contains information about that protocol for
5663 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005664 */
5665 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5666 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005667 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5668 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
5669 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005670 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005671
Willy Tarreau60466522010-01-18 19:08:45 +01005672 /* on unknown transfer length, we must close */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005673 if (!(msg->flags & HTTP_MSGF_XFER_LEN) &&
Willy Tarreau60466522010-01-18 19:08:45 +01005674 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5675 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005676
Willy Tarreau60466522010-01-18 19:08:45 +01005677 /* now adjust header transformations depending on current state */
5678 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5679 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5680 to_del |= 2; /* remove "keep-alive" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005681 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005682 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005683 }
Willy Tarreau60466522010-01-18 19:08:45 +01005684 else { /* SCL / KAL */
5685 to_del |= 1; /* remove "close" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005686 if (txn->req.flags & msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005687 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005688 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005689
Willy Tarreau60466522010-01-18 19:08:45 +01005690 /* Parse and remove some headers from the connection header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005691 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005692
Willy Tarreau60466522010-01-18 19:08:45 +01005693 /* Some keep-alive responses are converted to Server-close if
5694 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01005695 */
Willy Tarreau60466522010-01-18 19:08:45 +01005696 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
5697 if ((txn->flags & TX_HDR_CONN_CLO) ||
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005698 (!(txn->flags & TX_HDR_CONN_KAL) && !(msg->flags & HTTP_MSGF_VER_11)))
Willy Tarreau60466522010-01-18 19:08:45 +01005699 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005700 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005701 }
5702
Willy Tarreau7959a552013-09-23 16:44:27 +02005703 /* we want to have the response time before we start processing it */
5704 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
5705
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005706 if (1) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005707 /*
5708 * 3: we will have to evaluate the filters.
5709 * As opposed to version 1.2, now they will be evaluated in the
5710 * filters order and not in the header order. This means that
5711 * each filter has to be validated among all headers.
5712 *
5713 * Filters are tried with ->be first, then with ->fe if it is
5714 * different from ->be.
5715 */
5716
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005717 cur_proxy = t->be;
5718 while (1) {
5719 struct proxy *rule_set = cur_proxy;
5720
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005721 /* evaluate http-response rules */
5722 if (!http_res_last_rule)
5723 http_res_last_rule = http_res_get_intercept_rule(cur_proxy, &cur_proxy->http_res_rules, t, txn);
5724
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005725 /* try headers filters */
5726 if (rule_set->rsp_exp != NULL) {
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005727 if (apply_filters_to_response(t, rep, rule_set) < 0) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005728 return_bad_resp:
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005729 if (objt_server(t->target)) {
5730 objt_server(t->target)->counters.failed_resp++;
5731 health_adjust(objt_server(t->target), HANA_STATUS_HTTP_RSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005732 }
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005733 t->be->be_counters.failed_resp++;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005734 return_srv_prx_502:
Willy Tarreau2df28e82008-08-17 15:20:19 +02005735 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005736 txn->status = 502;
Willy Tarreau7959a552013-09-23 16:44:27 +02005737 t->logs.t_data = -1; /* was not a valid response */
Willy Tarreauc88ea682009-12-29 14:56:36 +01005738 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005739 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005740 stream_int_retnclose(rep->cons, http_error_message(t, HTTP_ERR_502));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005741 if (!(t->flags & SN_ERR_MASK))
5742 t->flags |= SN_ERR_PRXCOND;
5743 if (!(t->flags & SN_FINST_MASK))
5744 t->flags |= SN_FINST_H;
Willy Tarreaudafde432008-08-17 01:00:46 +02005745 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005746 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005747 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005748
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005749 /* has the response been denied ? */
5750 if (txn->flags & TX_SVDENY) {
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005751 if (objt_server(t->target))
5752 objt_server(t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005753
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005754 t->be->be_counters.denied_resp++;
5755 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005756 if (t->listener->counters)
5757 t->listener->counters->denied_resp++;
5758
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005759 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01005760 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005761
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005762 /* add response headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01005763 list_for_each_entry(wl, &rule_set->rsp_add, list) {
Willy Tarreau816b9792009-09-15 21:25:21 +02005764 if (txn->status < 200)
5765 break;
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005766 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02005767 int ret = acl_exec_cond(wl->cond, px, t, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005768 ret = acl_pass(ret);
5769 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
5770 ret = !ret;
5771 if (!ret)
5772 continue;
5773 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005774 if (unlikely(http_header_add_tail(&txn->rsp, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005775 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02005776 }
5777
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005778 /* check whether we're already working on the frontend */
5779 if (cur_proxy == t->fe)
5780 break;
5781 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005782 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005783
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005784 /*
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005785 * We may be facing a 100-continue response, in which case this
5786 * is not the right response, and we're waiting for the next one.
5787 * Let's allow this response to go to the client and wait for the
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005788 * next one.
5789 */
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005790 if (unlikely(txn->status == 100)) {
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005791 hdr_idx_init(&txn->hdr_idx);
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005792 msg->next -= channel_forward(rep, msg->next);
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005793 msg->msg_state = HTTP_MSG_RPBEFORE;
5794 txn->status = 0;
Willy Tarreau7959a552013-09-23 16:44:27 +02005795 t->logs.t_data = -1; /* was not a response yet */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005796 rep->analysers |= AN_RES_WAIT_HTTP | an_bit;
5797 return 1;
5798 }
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005799 else if (unlikely(txn->status < 200))
5800 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005801
5802 /* we don't have any 1xx status code now */
5803
5804 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005805 * 4: check for server cookie.
5806 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005807 if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name ||
5808 (t->be->options & PR_O_CHK_CACHE))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005809 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005810
Willy Tarreaubaaee002006-06-26 02:48:02 +02005811
Willy Tarreaua15645d2007-03-18 16:22:39 +01005812 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005813 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005814 */
Willy Tarreau67402132012-05-31 20:40:20 +02005815 if ((t->be->options & PR_O_CHK_CACHE) || (t->be->ck_opts & PR_CK_NOC))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005816 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005817
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005818 /*
5819 * 6: add server cookie in the response if needed
5820 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005821 if (objt_server(t->target) && (t->be->ck_opts & PR_CK_INS) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005822 !((txn->flags & TX_SCK_FOUND) && (t->be->ck_opts & PR_CK_PSV)) &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02005823 (!(t->flags & SN_DIRECT) ||
5824 ((t->be->cookie_maxidle || txn->cookie_last_date) &&
5825 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
5826 (t->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
5827 (!t->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
Willy Tarreau67402132012-05-31 20:40:20 +02005828 (!(t->be->ck_opts & PR_CK_POST) || (txn->meth == HTTP_METH_POST)) &&
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02005829 !(t->flags & SN_IGNORE_PRST)) {
Willy Tarreauef4f3912010-10-07 21:00:29 +02005830 /* the server is known, it's not the one the client requested, or the
5831 * cookie's last seen date needs to be refreshed. We have to
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005832 * insert a set-cookie here, except if we want to insert only on POST
5833 * requests and this one isn't. Note that servers which don't have cookies
5834 * (eg: some backup servers) will return a full cookie removal request.
5835 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005836 if (!objt_server(t->target)->cookie) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005837 chunk_printf(&trash,
Willy Tarreauef4f3912010-10-07 21:00:29 +02005838 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
5839 t->be->cookie_name);
5840 }
5841 else {
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005842 chunk_printf(&trash, "Set-Cookie: %s=%s", t->be->cookie_name, objt_server(t->target)->cookie);
Willy Tarreauef4f3912010-10-07 21:00:29 +02005843
5844 if (t->be->cookie_maxidle || t->be->cookie_maxlife) {
5845 /* emit last_date, which is mandatory */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005846 trash.str[trash.len++] = COOKIE_DELIM_DATE;
5847 s30tob64((date.tv_sec+3) >> 2, trash.str + trash.len);
5848 trash.len += 5;
5849
Willy Tarreauef4f3912010-10-07 21:00:29 +02005850 if (t->be->cookie_maxlife) {
5851 /* emit first_date, which is either the original one or
5852 * the current date.
5853 */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005854 trash.str[trash.len++] = COOKIE_DELIM_DATE;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005855 s30tob64(txn->cookie_first_date ?
5856 txn->cookie_first_date >> 2 :
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005857 (date.tv_sec+3) >> 2, trash.str + trash.len);
5858 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005859 }
5860 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005861 chunk_appendf(&trash, "; path=/");
Willy Tarreauef4f3912010-10-07 21:00:29 +02005862 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005863
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005864 if (t->be->cookie_domain)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005865 chunk_appendf(&trash, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005866
Willy Tarreau4992dd22012-05-31 21:02:17 +02005867 if (t->be->ck_opts & PR_CK_HTTPONLY)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005868 chunk_appendf(&trash, "; HttpOnly");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005869
5870 if (t->be->ck_opts & PR_CK_SECURE)
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005871 chunk_appendf(&trash, "; Secure");
Willy Tarreau4992dd22012-05-31 21:02:17 +02005872
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005873 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005874 goto return_bad_resp;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005875
Willy Tarreauf1348312010-10-07 15:54:11 +02005876 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005877 if (objt_server(t->target)->cookie && (t->flags & SN_DIRECT))
Willy Tarreauef4f3912010-10-07 21:00:29 +02005878 /* the server did not change, only the date was updated */
5879 txn->flags |= TX_SCK_UPDATED;
5880 else
5881 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005882
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005883 /* Here, we will tell an eventual cache on the client side that we don't
5884 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
5885 * Some caches understand the correct form: 'no-cache="set-cookie"', but
5886 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
5887 */
Willy Tarreau67402132012-05-31 20:40:20 +02005888 if ((t->be->ck_opts & PR_CK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02005889
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005890 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5891
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005892 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01005893 "Cache-control: private", 22) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005894 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005895 }
5896 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005897
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005898 /*
5899 * 7: check if result will be cacheable with a cookie.
5900 * We'll block the response if security checks have caught
5901 * nasty things such as a cacheable cookie.
5902 */
Willy Tarreauf1348312010-10-07 15:54:11 +02005903 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
5904 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005905 (t->be->options & PR_O_CHK_CACHE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005906
5907 /* we're in presence of a cacheable response containing
5908 * a set-cookie header. We'll block it as requested by
5909 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005910 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005911 if (objt_server(t->target))
5912 objt_server(t->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005913
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005914 t->be->be_counters.denied_resp++;
5915 t->fe->fe_counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005916 if (t->listener->counters)
5917 t->listener->counters->denied_resp++;
5918
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005919 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005920 t->be->id, objt_server(t->target) ? objt_server(t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005921 send_log(t->be, LOG_ALERT,
5922 "Blocking cacheable cookie in response from instance %s, server %s.\n",
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005923 t->be->id, objt_server(t->target) ? objt_server(t->target)->id : "<dispatch>");
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005924 goto return_srv_prx_502;
5925 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005926
5927 /*
Willy Tarreau60466522010-01-18 19:08:45 +01005928 * 8: adjust "Connection: close" or "Connection: keep-alive" if needed.
Willy Tarreau50fc7772012-11-11 22:19:57 +01005929 * If an "Upgrade" token is found, the header is left untouched in order
5930 * not to have to deal with some client bugs : some of them fail an upgrade
5931 * if anything but "Upgrade" is present in the Connection header.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005932 */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005933 if (!(txn->flags & TX_HDR_CONN_UPG) &&
5934 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
5935 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005936 unsigned int want_flags = 0;
5937
5938 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5939 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
5940 /* we want a keep-alive response here. Keep-alive header
5941 * required if either side is not 1.1.
5942 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005943 if (!(txn->req.flags & msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005944 want_flags |= TX_CON_KAL_SET;
5945 }
5946 else {
5947 /* we want a close response here. Close header required if
5948 * the server is 1.1, regardless of the client.
5949 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005950 if (msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005951 want_flags |= TX_CON_CLO_SET;
5952 }
5953
5954 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005955 http_change_connection_header(txn, msg, want_flags);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005956 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005957
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005958 skip_header_mangling:
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005959 if ((msg->flags & HTTP_MSGF_XFER_LEN) ||
Willy Tarreaudc008c52010-02-01 16:20:08 +01005960 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005961 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01005962
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005963 /*************************************************************
5964 * OK, that's finished for the headers. We have done what we *
5965 * could. Let's switch to the DATA state. *
5966 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02005967
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005968 /* if the user wants to log as soon as possible, without counting
5969 * bytes from the server, then this is the right moment. We have
5970 * to temporarily assign bytes_out to log what we currently have.
5971 */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01005972 if (!LIST_ISEMPTY(&t->fe->logformat) && !(t->logs.logwait & LW_BYTES)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005973 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
5974 t->logs.bytes_out = txn->rsp.eoh;
Willy Tarreaua5555ec2008-11-30 19:02:32 +01005975 t->do_log(t);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005976 t->logs.bytes_out = 0;
5977 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005978
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005979 /* Note: we must not try to cheat by jumping directly to DATA,
5980 * otherwise we would not let the client side wake up.
5981 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005982
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005983 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005984 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005985 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005986}
Willy Tarreaua15645d2007-03-18 16:22:39 +01005987
Willy Tarreaud98cf932009-12-27 22:54:55 +01005988/* This function is an analyser which forwards response body (including chunk
5989 * sizes if any). It is called as soon as we must forward, even if we forward
5990 * zero byte. The only situation where it must not be called is when we're in
5991 * tunnel mode and we want to forward till the close. It's used both to forward
5992 * remaining data and to resync after end of body. It expects the msg_state to
5993 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
5994 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01005995 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreau26927362012-05-18 23:22:52 +02005996 * bytes of pending data + the headers if not already done (between sol and sov).
5997 * It eventually adjusts sol to match sov after the data in between have been sent.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005998 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005999int http_response_forward_body(struct session *s, struct channel *res, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006000{
6001 struct http_txn *txn = &s->txn;
6002 struct http_msg *msg = &s->txn.rsp;
Willy Tarreauea953162012-05-18 23:41:28 +02006003 unsigned int bytes;
William Lallemand82fe75c2012-10-23 10:25:10 +02006004 static struct buffer *tmpbuf = NULL;
6005 int compressing = 0;
William Lallemandbf3ae612012-11-19 12:35:37 +01006006 int consumed_data = 0;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006007 int ret;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006008
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006009 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
6010 return 0;
6011
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006012 if ((res->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02006013 ((res->flags & CF_SHUTW) && (res->to_forward || res->buf->o)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01006014 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02006015 /* Output closed while we were sending data. We must abort and
6016 * wake the other side up.
6017 */
6018 msg->msg_state = HTTP_MSG_ERROR;
6019 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01006020 return 1;
6021 }
6022
Willy Tarreau4fe41902010-06-07 22:27:41 +02006023 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006024 channel_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01006025
William Lallemand82fe75c2012-10-23 10:25:10 +02006026 /* this is the first time we need the compression buffer */
6027 if (s->comp_algo != NULL && tmpbuf == NULL) {
6028 if ((tmpbuf = pool_alloc2(pool2_buffer)) == NULL)
6029 goto aborted_xfer; /* no memory */
6030 }
6031
Willy Tarreaud98cf932009-12-27 22:54:55 +01006032 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01006033 /* we have msg->sov which points to the first byte of message body.
William Lallemand82fe75c2012-10-23 10:25:10 +02006034 * rep->buf.p still points to the beginning of the message and msg->sol
6035 * is still null. We forward the headers, we don't need them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006036 */
William Lallemand82fe75c2012-10-23 10:25:10 +02006037 channel_forward(res, msg->sov);
6038 msg->next = 0;
6039 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01006040
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01006041 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006042 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
Willy Tarreau54d23df2012-10-25 19:04:45 +02006043 else
Willy Tarreaud98cf932009-12-27 22:54:55 +01006044 msg->msg_state = HTTP_MSG_DATA;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006045 }
6046
William Lallemand82fe75c2012-10-23 10:25:10 +02006047 if (s->comp_algo != NULL) {
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006048 ret = http_compression_buffer_init(s, res->buf, tmpbuf); /* init a buffer with headers */
William Lallemand82fe75c2012-10-23 10:25:10 +02006049 if (ret < 0)
6050 goto missing_data; /* not enough spaces in buffers */
6051 compressing = 1;
6052 }
6053
Willy Tarreaud98cf932009-12-27 22:54:55 +01006054 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01006055 http_silent_debug(__LINE__, s);
Willy Tarreauea953162012-05-18 23:41:28 +02006056 /* we may have some data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02006057 if (s->comp_algo == NULL) {
6058 bytes = msg->sov - msg->sol;
6059 if (msg->chunk_len || bytes) {
6060 msg->sol = msg->sov;
6061 msg->next -= bytes; /* will be forwarded */
6062 msg->chunk_len += bytes;
6063 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6064 }
Willy Tarreau638cd022010-01-03 07:42:04 +01006065 }
6066
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006067 switch (msg->msg_state - HTTP_MSG_DATA) {
6068 case HTTP_MSG_DATA - HTTP_MSG_DATA: /* must still forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006069 if (compressing) {
6070 consumed_data += ret = http_compression_buffer_add_data(s, res->buf, tmpbuf);
6071 if (ret < 0)
6072 goto aborted_xfer;
6073 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006074
6075 if (res->to_forward || msg->chunk_len)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006076 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01006077
6078 /* nothing left to forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006079 if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreau54d23df2012-10-25 19:04:45 +02006080 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
William Lallemandbf3ae612012-11-19 12:35:37 +01006081 } else {
Willy Tarreaucaabe412010-01-03 23:08:28 +01006082 msg->msg_state = HTTP_MSG_DONE;
William Lallemandbf3ae612012-11-19 12:35:37 +01006083 if (compressing && consumed_data) {
6084 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6085 compressing = 0;
6086 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006087 break;
William Lallemandbf3ae612012-11-19 12:35:37 +01006088 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006089 /* fall through for HTTP_MSG_CHUNK_CRLF */
6090
6091 case HTTP_MSG_CHUNK_CRLF - HTTP_MSG_DATA:
6092 /* we want the CRLF after the data */
6093
6094 ret = http_skip_chunk_crlf(msg);
6095 if (ret == 0)
6096 goto missing_data;
6097 else if (ret < 0) {
6098 if (msg->err_pos >= 0)
6099 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_CRLF, s->fe);
6100 goto return_bad_res;
6101 }
6102 /* skipping data in buffer for compression */
6103 if (compressing) {
6104 b_adv(res->buf, msg->next);
6105 msg->next = 0;
6106 msg->sov = 0;
6107 msg->sol = 0;
6108 }
6109 /* we're in MSG_CHUNK_SIZE now, fall through */
6110
6111 case HTTP_MSG_CHUNK_SIZE - HTTP_MSG_DATA:
Willy Tarreau124d9912011-03-01 20:30:48 +01006112 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01006113 * set ->sov and ->next to point to the body and switch to DATA or
6114 * TRAILERS state.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006115 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01006116
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006117 ret = http_parse_chunk_size(msg);
Willy Tarreau54d23df2012-10-25 19:04:45 +02006118 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006119 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006120 else if (ret < 0) {
6121 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006122 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006123 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006124 }
William Lallemandbf3ae612012-11-19 12:35:37 +01006125 if (compressing) {
6126 if (likely(msg->chunk_len > 0)) {
6127 /* skipping data if we are in compression mode */
6128 b_adv(res->buf, msg->next);
6129 msg->next = 0;
6130 msg->sov = 0;
6131 msg->sol = 0;
6132 } else {
6133 if (consumed_data) {
6134 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6135 compressing = 0;
6136 }
6137 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006138 }
Willy Tarreau0161d622013-04-02 01:26:55 +02006139 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006140 break;
Willy Tarreau5523b322009-12-29 12:05:52 +01006141
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006142 case HTTP_MSG_TRAILERS - HTTP_MSG_DATA:
6143 ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006144 if (ret == 0)
6145 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006146 else if (ret < 0) {
6147 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006148 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006149 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006150 }
William Lallemand00bf1de2012-11-22 17:55:14 +01006151 if (s->comp_algo != NULL) {
6152 /* forwarding trailers */
6153 channel_forward(res, msg->next);
6154 msg->next = 0;
6155 }
Willy Tarreau2d43e182013-04-03 00:22:25 +02006156 /* we're in HTTP_MSG_DONE now, but we might still have
6157 * some data pending, so let's loop over once.
6158 */
6159 break;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006160
6161 default:
Willy Tarreau610ecce2010-01-04 21:15:02 +01006162 /* other states, DONE...TUNNEL */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006163
6164 ret = msg->msg_state;
Willy Tarreau4fe41902010-06-07 22:27:41 +02006165 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006166 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6167 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006168 channel_dont_close(res);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006169 if (http_resync_states(s)) {
6170 http_silent_debug(__LINE__, s);
6171 /* some state changes occurred, maybe the analyser
6172 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01006173 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006174 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006175 if (res->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006176 /* response errors are most likely due to
6177 * the client aborting the transfer.
6178 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006179 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006180 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006181 if (msg->err_pos >= 0)
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006182 http_capture_bad_message(&s->be->invalid_rep, s, msg, ret, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006183 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006184 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006185 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01006186 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006187 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006188 }
6189 }
6190
Willy Tarreaud98cf932009-12-27 22:54:55 +01006191 missing_data:
William Lallemandbf3ae612012-11-19 12:35:37 +01006192 if (compressing && consumed_data) {
William Lallemand82fe75c2012-10-23 10:25:10 +02006193 http_compression_buffer_end(s, &res->buf, &tmpbuf, 0);
6194 compressing = 0;
6195 }
Willy Tarreauf003d372012-11-26 13:35:37 +01006196
6197 if (res->flags & CF_SHUTW)
6198 goto aborted_xfer;
6199
6200 /* stop waiting for data if the input is closed before the end. If the
6201 * client side was already closed, it means that the client has aborted,
6202 * so we don't want to count this as a server abort. Otherwise it's a
6203 * server abort.
6204 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006205 if (res->flags & CF_SHUTR) {
Willy Tarreauf003d372012-11-26 13:35:37 +01006206 if ((res->flags & CF_SHUTW_NOW) || (s->req->flags & CF_SHUTR))
6207 goto aborted_xfer;
Willy Tarreau40dba092010-03-04 18:14:51 +01006208 if (!(s->flags & SN_ERR_MASK))
6209 s->flags |= SN_ERR_SRVCL;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006210 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006211 if (objt_server(s->target))
6212 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006213 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01006214 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006215
Willy Tarreau40dba092010-03-04 18:14:51 +01006216 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006217 if (!s->req->analysers)
6218 goto return_bad_res;
6219
Willy Tarreauea953162012-05-18 23:41:28 +02006220 /* forward any data pending between sol and sov */
William Lallemand82fe75c2012-10-23 10:25:10 +02006221 if (s->comp_algo == NULL) {
6222 bytes = msg->sov - msg->sol;
6223 if (msg->chunk_len || bytes) {
6224 msg->sol = msg->sov;
6225 msg->next -= bytes; /* will be forwarded */
6226 msg->chunk_len += bytes;
6227 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6228 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01006229 }
6230
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006231 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006232 * chunks even if the server has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006233 * Similarly, with keep-alive on the client side, we don't want to forward a
6234 * close.
6235 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006236 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo ||
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006237 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6238 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006239 channel_dont_close(res);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006240
Willy Tarreau5c620922011-05-11 19:56:11 +02006241 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006242 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02006243 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01006244 * modes are already handled by the stream sock layer. We must not do
6245 * this in content-length mode because it could present the MSG_MORE
6246 * flag with the last block of forwarded data, which would cause an
6247 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02006248 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006249 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006250 res->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02006251
Willy Tarreaud98cf932009-12-27 22:54:55 +01006252 /* the session handler will take care of timeouts and errors */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006253 http_silent_debug(__LINE__, s);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006254 return 0;
6255
Willy Tarreau40dba092010-03-04 18:14:51 +01006256 return_bad_res: /* let's centralize all bad responses */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006257 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006258 if (objt_server(s->target))
6259 objt_server(s->target)->counters.failed_resp++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006260
6261 return_bad_res_stats_ok:
Willy Tarreaud98cf932009-12-27 22:54:55 +01006262 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01006263 /* don't send any error message as we're in the body */
6264 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006265 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006266 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006267 if (objt_server(s->target))
6268 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006269
6270 if (!(s->flags & SN_ERR_MASK))
6271 s->flags |= SN_ERR_PRXCOND;
6272 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01006273 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006274 return 0;
6275
6276 aborted_xfer:
6277 txn->rsp.msg_state = HTTP_MSG_ERROR;
6278 /* don't send any error message as we're in the body */
6279 stream_int_retnclose(res->cons, NULL);
6280 res->analysers = 0;
6281 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
6282
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006283 s->fe->fe_counters.cli_aborts++;
6284 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006285 if (objt_server(s->target))
6286 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006287
6288 if (!(s->flags & SN_ERR_MASK))
6289 s->flags |= SN_ERR_CLICL;
6290 if (!(s->flags & SN_FINST_MASK))
6291 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006292 return 0;
6293}
6294
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006295/* Iterate the same filter through all request headers.
6296 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006297 * Since it can manage the switch to another backend, it updates the per-proxy
6298 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006299 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006300int apply_filter_to_req_headers(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006301{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006302 char term;
6303 char *cur_ptr, *cur_end, *cur_next;
6304 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006305 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006306 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006307 int delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01006308
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006309 last_hdr = 0;
6310
Willy Tarreau9b28e032012-10-12 23:49:43 +02006311 cur_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006312 old_idx = 0;
6313
6314 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006315 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006316 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006317 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006318 (exp->action == ACT_ALLOW ||
6319 exp->action == ACT_DENY ||
6320 exp->action == ACT_TARPIT))
6321 return 0;
6322
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006323 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006324 if (!cur_idx)
6325 break;
6326
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006327 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006328 cur_ptr = cur_next;
6329 cur_end = cur_ptr + cur_hdr->len;
6330 cur_next = cur_end + cur_hdr->cr + 1;
6331
6332 /* Now we have one header between cur_ptr and cur_end,
6333 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006334 */
6335
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006336 /* The annoying part is that pattern matching needs
6337 * that we modify the contents to null-terminate all
6338 * strings before testing them.
6339 */
6340
6341 term = *cur_end;
6342 *cur_end = '\0';
6343
6344 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6345 switch (exp->action) {
6346 case ACT_SETBE:
6347 /* It is not possible to jump a second time.
6348 * FIXME: should we return an HTTP/500 here so that
6349 * the admin knows there's a problem ?
6350 */
6351 if (t->be != t->fe)
6352 break;
6353
6354 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02006355 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006356 last_hdr = 1;
6357 break;
6358
6359 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006360 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006361 last_hdr = 1;
6362 break;
6363
6364 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006365 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006366 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006367
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006368 t->fe->fe_counters.denied_req++;
6369 if (t->fe != t->be)
6370 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006371 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02006372 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006373
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006374 break;
6375
6376 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006377 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006378 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006379
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006380 t->fe->fe_counters.denied_req++;
6381 if (t->fe != t->be)
6382 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006383 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02006384 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006385
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006386 break;
6387
6388 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006389 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6390 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006391 /* FIXME: if the user adds a newline in the replacement, the
6392 * index will not be recalculated for now, and the new line
6393 * will not be counted as a new header.
6394 */
6395
6396 cur_end += delta;
6397 cur_next += delta;
6398 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006399 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006400 break;
6401
6402 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02006403 delta = buffer_replace2(req->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006404 cur_next += delta;
6405
Willy Tarreaufa355d42009-11-29 18:12:29 +01006406 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006407 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6408 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006409 cur_hdr->len = 0;
6410 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006411 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006412 break;
6413
6414 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006415 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006416 if (cur_end)
6417 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006418
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006419 /* keep the link from this header to next one in case of later
6420 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006421 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006422 old_idx = cur_idx;
6423 }
6424 return 0;
6425}
6426
6427
6428/* Apply the filter to the request line.
6429 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6430 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006431 * Since it can manage the switch to another backend, it updates the per-proxy
6432 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006433 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006434int apply_filter_to_req_line(struct session *t, struct channel *req, struct hdr_exp *exp)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006435{
6436 char term;
6437 char *cur_ptr, *cur_end;
6438 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006439 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006440 int delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006441
Willy Tarreau3d300592007-03-18 18:34:41 +01006442 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006443 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006444 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006445 (exp->action == ACT_ALLOW ||
6446 exp->action == ACT_DENY ||
6447 exp->action == ACT_TARPIT))
6448 return 0;
6449 else if (exp->action == ACT_REMOVE)
6450 return 0;
6451
6452 done = 0;
6453
Willy Tarreau9b28e032012-10-12 23:49:43 +02006454 cur_ptr = req->buf->p;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006455 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006456
6457 /* Now we have the request line between cur_ptr and cur_end */
6458
6459 /* The annoying part is that pattern matching needs
6460 * that we modify the contents to null-terminate all
6461 * strings before testing them.
6462 */
6463
6464 term = *cur_end;
6465 *cur_end = '\0';
6466
6467 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6468 switch (exp->action) {
6469 case ACT_SETBE:
6470 /* It is not possible to jump a second time.
6471 * FIXME: should we return an HTTP/500 here so that
6472 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01006473 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006474 if (t->be != t->fe)
6475 break;
6476
6477 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02006478 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006479 done = 1;
6480 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006481
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006482 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006483 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006484 done = 1;
6485 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006486
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006487 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006488 txn->flags |= TX_CLDENY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006489
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006490 t->fe->fe_counters.denied_req++;
6491 if (t->fe != t->be)
6492 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006493 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02006494 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006495
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006496 done = 1;
6497 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006498
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006499 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006500 txn->flags |= TX_CLTARPIT;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006501
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006502 t->fe->fe_counters.denied_req++;
6503 if (t->fe != t->be)
6504 t->be->be_counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006505 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02006506 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006507
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006508 done = 1;
6509 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006510
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006511 case ACT_REPLACE:
6512 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006513 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6514 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006515 /* FIXME: if the user adds a newline in the replacement, the
6516 * index will not be recalculated for now, and the new line
6517 * will not be counted as a new header.
6518 */
Willy Tarreaua496b602006-12-17 23:15:24 +01006519
Willy Tarreaufa355d42009-11-29 18:12:29 +01006520 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006521 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006522 cur_end = (char *)http_parse_reqline(&txn->req,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006523 HTTP_MSG_RQMETH,
6524 cur_ptr, cur_end + 1,
6525 NULL, NULL);
6526 if (unlikely(!cur_end))
6527 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01006528
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006529 /* we have a full request and we know that we have either a CR
6530 * or an LF at <ptr>.
6531 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006532 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
6533 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006534 /* there is no point trying this regex on headers */
6535 return 1;
6536 }
6537 }
6538 *cur_end = term; /* restore the string terminator */
6539 return done;
6540}
Willy Tarreau97de6242006-12-27 17:18:38 +01006541
Willy Tarreau58f10d72006-12-04 02:26:12 +01006542
Willy Tarreau58f10d72006-12-04 02:26:12 +01006543
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006544/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01006545 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006546 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01006547 * unparsable request. Since it can manage the switch to another backend, it
6548 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006549 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006550int apply_filters_to_request(struct session *s, struct channel *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006551{
Willy Tarreau6c123b12010-01-28 20:22:06 +01006552 struct http_txn *txn = &s->txn;
6553 struct hdr_exp *exp;
6554
6555 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006556 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006557
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006558 /*
6559 * The interleaving of transformations and verdicts
6560 * makes it difficult to decide to continue or stop
6561 * the evaluation.
6562 */
6563
Willy Tarreau6c123b12010-01-28 20:22:06 +01006564 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
6565 break;
6566
Willy Tarreau3d300592007-03-18 18:34:41 +01006567 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006568 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01006569 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006570 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01006571
6572 /* if this filter had a condition, evaluate it now and skip to
6573 * next filter if the condition does not match.
6574 */
6575 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006576 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau6c123b12010-01-28 20:22:06 +01006577 ret = acl_pass(ret);
6578 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6579 ret = !ret;
6580
6581 if (!ret)
6582 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006583 }
6584
6585 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006586 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006587 if (unlikely(ret < 0))
6588 return -1;
6589
6590 if (likely(ret == 0)) {
6591 /* The filter did not match the request, it can be
6592 * iterated through all headers.
6593 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006594 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006595 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006596 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006597 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006598}
6599
6600
Willy Tarreaua15645d2007-03-18 16:22:39 +01006601
Willy Tarreau58f10d72006-12-04 02:26:12 +01006602/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006603 * Try to retrieve the server associated to the appsession.
6604 * If the server is found, it's assigned to the session.
6605 */
Cyril Bontéb21570a2009-11-29 20:04:48 +01006606void manage_client_side_appsession(struct session *t, const char *buf, int len) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006607 struct http_txn *txn = &t->txn;
6608 appsess *asession = NULL;
6609 char *sessid_temp = NULL;
6610
Cyril Bontéb21570a2009-11-29 20:04:48 +01006611 if (len > t->be->appsession_len) {
6612 len = t->be->appsession_len;
6613 }
6614
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006615 if (t->be->options2 & PR_O2_AS_REQL) {
6616 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006617 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006618 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006619 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006620 }
6621
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006622 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006623 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6624 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6625 return;
6626 }
6627
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006628 memcpy(txn->sessid, buf, len);
6629 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006630 }
6631
6632 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
6633 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
6634 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
6635 return;
6636 }
6637
Cyril Bontéb21570a2009-11-29 20:04:48 +01006638 memcpy(sessid_temp, buf, len);
6639 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006640
6641 asession = appsession_hash_lookup(&(t->be->htbl_proxy), sessid_temp);
6642 /* free previously allocated memory */
6643 pool_free2(apools.sessid, sessid_temp);
6644
6645 if (asession != NULL) {
6646 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
6647 if (!(t->be->options2 & PR_O2_AS_REQL))
6648 asession->request_count++;
6649
6650 if (asession->serverid != NULL) {
6651 struct server *srv = t->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02006652
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006653 while (srv) {
6654 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01006655 if ((srv->state & SRV_RUNNING) ||
6656 (t->be->options & PR_O_PERSIST) ||
6657 (t->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006658 /* we found the server and it's usable */
6659 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01006660 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006661 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006662 t->target = &srv->obj_type;
Willy Tarreau664beb82011-03-10 11:38:29 +01006663
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006664 break;
6665 } else {
6666 txn->flags &= ~TX_CK_MASK;
6667 txn->flags |= TX_CK_DOWN;
6668 }
6669 }
6670 srv = srv->next;
6671 }
6672 }
6673 }
6674}
6675
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006676/* Find the end of a cookie value contained between <s> and <e>. It works the
6677 * same way as with headers above except that the semi-colon also ends a token.
6678 * See RFC2965 for more information. Note that it requires a valid header to
6679 * return a valid result.
6680 */
6681char *find_cookie_value_end(char *s, const char *e)
6682{
6683 int quoted, qdpair;
6684
6685 quoted = qdpair = 0;
6686 for (; s < e; s++) {
6687 if (qdpair) qdpair = 0;
6688 else if (quoted) {
6689 if (*s == '\\') qdpair = 1;
6690 else if (*s == '"') quoted = 0;
6691 }
6692 else if (*s == '"') quoted = 1;
6693 else if (*s == ',' || *s == ';') return s;
6694 }
6695 return s;
6696}
6697
6698/* Delete a value in a header between delimiters <from> and <next> in buffer
6699 * <buf>. The number of characters displaced is returned, and the pointer to
6700 * the first delimiter is updated if required. The function tries as much as
6701 * possible to respect the following principles :
6702 * - replace <from> delimiter by the <next> one unless <from> points to a
6703 * colon, in which case <next> is simply removed
6704 * - set exactly one space character after the new first delimiter, unless
6705 * there are not enough characters in the block being moved to do so.
6706 * - remove unneeded spaces before the previous delimiter and after the new
6707 * one.
6708 *
6709 * It is the caller's responsibility to ensure that :
6710 * - <from> points to a valid delimiter or the colon ;
6711 * - <next> points to a valid delimiter or the final CR/LF ;
6712 * - there are non-space chars before <from> ;
6713 * - there is a CR/LF at or after <next>.
6714 */
Willy Tarreauaf819352012-08-27 22:08:00 +02006715int del_hdr_value(struct buffer *buf, char **from, char *next)
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006716{
6717 char *prev = *from;
6718
6719 if (*prev == ':') {
6720 /* We're removing the first value, preserve the colon and add a
6721 * space if possible.
6722 */
6723 if (!http_is_crlf[(unsigned char)*next])
6724 next++;
6725 prev++;
6726 if (prev < next)
6727 *prev++ = ' ';
6728
6729 while (http_is_spht[(unsigned char)*next])
6730 next++;
6731 } else {
6732 /* Remove useless spaces before the old delimiter. */
6733 while (http_is_spht[(unsigned char)*(prev-1)])
6734 prev--;
6735 *from = prev;
6736
6737 /* copy the delimiter and if possible a space if we're
6738 * not at the end of the line.
6739 */
6740 if (!http_is_crlf[(unsigned char)*next]) {
6741 *prev++ = *next++;
6742 if (prev + 1 < next)
6743 *prev++ = ' ';
6744 while (http_is_spht[(unsigned char)*next])
6745 next++;
6746 }
6747 }
6748 return buffer_replace2(buf, prev, next, NULL, 0);
6749}
6750
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006751/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006752 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006753 * desirable to call it only when needed. This code is quite complex because
6754 * of the multiple very crappy and ambiguous syntaxes we have to support. it
6755 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01006756 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006757void manage_client_side_cookies(struct session *t, struct channel *req)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006758{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006759 struct http_txn *txn = &t->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006760 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006761 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006762 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
6763 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006764
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006765 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01006766 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02006767 hdr_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006768
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006769 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006770 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006771 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006772
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006773 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006774 hdr_beg = hdr_next;
6775 hdr_end = hdr_beg + cur_hdr->len;
6776 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006777
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006778 /* We have one full header between hdr_beg and hdr_end, and the
6779 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01006780 * "Cookie:" headers.
6781 */
6782
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006783 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006784 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006785 old_idx = cur_idx;
6786 continue;
6787 }
6788
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006789 del_from = NULL; /* nothing to be deleted */
6790 preserve_hdr = 0; /* assume we may kill the whole header */
6791
Willy Tarreau58f10d72006-12-04 02:26:12 +01006792 /* Now look for cookies. Conforming to RFC2109, we have to support
6793 * attributes whose name begin with a '$', and associate them with
6794 * the right cookie, if we want to delete this cookie.
6795 * So there are 3 cases for each cookie read :
6796 * 1) it's a special attribute, beginning with a '$' : ignore it.
6797 * 2) it's a server id cookie that we *MAY* want to delete : save
6798 * some pointers on it (last semi-colon, beginning of cookie...)
6799 * 3) it's an application cookie : we *MAY* have to delete a previous
6800 * "special" cookie.
6801 * At the end of loop, if a "special" cookie remains, we may have to
6802 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006803 * *MUST* delete it.
6804 *
6805 * Note: RFC2965 is unclear about the processing of spaces around
6806 * the equal sign in the ATTR=VALUE form. A careful inspection of
6807 * the RFC explicitly allows spaces before it, and not within the
6808 * tokens (attrs or values). An inspection of RFC2109 allows that
6809 * too but section 10.1.3 lets one think that spaces may be allowed
6810 * after the equal sign too, resulting in some (rare) buggy
6811 * implementations trying to do that. So let's do what servers do.
6812 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
6813 * allowed quoted strings in values, with any possible character
6814 * after a backslash, including control chars and delimitors, which
6815 * causes parsing to become ambiguous. Browsers also allow spaces
6816 * within values even without quotes.
6817 *
6818 * We have to keep multiple pointers in order to support cookie
6819 * removal at the beginning, middle or end of header without
6820 * corrupting the header. All of these headers are valid :
6821 *
6822 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
6823 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
6824 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
6825 * | | | | | | | | |
6826 * | | | | | | | | hdr_end <--+
6827 * | | | | | | | +--> next
6828 * | | | | | | +----> val_end
6829 * | | | | | +-----------> val_beg
6830 * | | | | +--------------> equal
6831 * | | | +----------------> att_end
6832 * | | +---------------------> att_beg
6833 * | +--------------------------> prev
6834 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01006835 */
6836
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006837 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
6838 /* Iterate through all cookies on this line */
6839
6840 /* find att_beg */
6841 att_beg = prev + 1;
6842 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6843 att_beg++;
6844
6845 /* find att_end : this is the first character after the last non
6846 * space before the equal. It may be equal to hdr_end.
6847 */
6848 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006849
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006850 while (equal < hdr_end) {
6851 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01006852 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006853 if (http_is_spht[(unsigned char)*equal++])
6854 continue;
6855 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006856 }
6857
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006858 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6859 * is between <att_beg> and <equal>, both may be identical.
6860 */
6861
6862 /* look for end of cookie if there is an equal sign */
6863 if (equal < hdr_end && *equal == '=') {
6864 /* look for the beginning of the value */
6865 val_beg = equal + 1;
6866 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6867 val_beg++;
6868
6869 /* find the end of the value, respecting quotes */
6870 next = find_cookie_value_end(val_beg, hdr_end);
6871
6872 /* make val_end point to the first white space or delimitor after the value */
6873 val_end = next;
6874 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
6875 val_end--;
6876 } else {
6877 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01006878 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006879
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006880 /* We have nothing to do with attributes beginning with '$'. However,
6881 * they will automatically be removed if a header before them is removed,
6882 * since they're supposed to be linked together.
6883 */
6884 if (*att_beg == '$')
6885 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006886
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006887 /* Ignore cookies with no equal sign */
6888 if (equal == next) {
6889 /* This is not our cookie, so we must preserve it. But if we already
6890 * scheduled another cookie for removal, we cannot remove the
6891 * complete header, but we can remove the previous block itself.
6892 */
6893 preserve_hdr = 1;
6894 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006895 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006896 val_end += delta;
6897 next += delta;
6898 hdr_end += delta;
6899 hdr_next += delta;
6900 cur_hdr->len += delta;
6901 http_msg_move_end(&txn->req, delta);
6902 prev = del_from;
6903 del_from = NULL;
6904 }
6905 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01006906 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006907
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006908 /* if there are spaces around the equal sign, we need to
6909 * strip them otherwise we'll get trouble for cookie captures,
6910 * or even for rewrites. Since this happens extremely rarely,
6911 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006912 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006913 if (unlikely(att_end != equal || val_beg > equal + 1)) {
6914 int stripped_before = 0;
6915 int stripped_after = 0;
6916
6917 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006918 stripped_before = buffer_replace2(req->buf, att_end, equal, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006919 equal += stripped_before;
6920 val_beg += stripped_before;
6921 }
6922
6923 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02006924 stripped_after = buffer_replace2(req->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006925 val_beg += stripped_after;
6926 stripped_before += stripped_after;
6927 }
6928
6929 val_end += stripped_before;
6930 next += stripped_before;
6931 hdr_end += stripped_before;
6932 hdr_next += stripped_before;
6933 cur_hdr->len += stripped_before;
6934 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006935 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006936 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006937
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006938 /* First, let's see if we want to capture this cookie. We check
6939 * that we don't already have a client side cookie, because we
6940 * can only capture one. Also as an optimisation, we ignore
6941 * cookies shorter than the declared name.
6942 */
6943 if (t->fe->capture_name != NULL && txn->cli_cookie == NULL &&
6944 (val_end - att_beg >= t->fe->capture_namelen) &&
6945 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
6946 int log_len = val_end - att_beg;
6947
6948 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
6949 Alert("HTTP logging : out of memory.\n");
6950 } else {
6951 if (log_len > t->fe->capture_len)
6952 log_len = t->fe->capture_len;
6953 memcpy(txn->cli_cookie, att_beg, log_len);
6954 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006955 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006956 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006957
Willy Tarreaubca99692010-10-06 19:25:55 +02006958 /* Persistence cookies in passive, rewrite or insert mode have the
6959 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006960 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006961 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006962 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006963 * For cookies in prefix mode, the form is :
6964 *
6965 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006966 */
6967 if ((att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
6968 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
6969 struct server *srv = t->be->srv;
6970 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006971
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006972 /* if we're in cookie prefix mode, we'll search the delimitor so that we
6973 * have the server ID between val_beg and delim, and the original cookie between
6974 * delim+1 and val_end. Otherwise, delim==val_end :
6975 *
6976 * Cookie: NAME=SRV; # in all but prefix modes
6977 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
6978 * | || || | |+-> next
6979 * | || || | +--> val_end
6980 * | || || +---------> delim
6981 * | || |+------------> val_beg
6982 * | || +-------------> att_end = equal
6983 * | |+-----------------> att_beg
6984 * | +------------------> prev
6985 * +-------------------------> hdr_beg
6986 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006987
Willy Tarreau67402132012-05-31 20:40:20 +02006988 if (t->be->ck_opts & PR_CK_PFX) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006989 for (delim = val_beg; delim < val_end; delim++)
6990 if (*delim == COOKIE_DELIM)
6991 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02006992 } else {
6993 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006994 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02006995 /* Now check if the cookie contains a date field, which would
6996 * appear after a vertical bar ('|') just after the server name
6997 * and before the delimiter.
6998 */
6999 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
7000 if (vbar1) {
7001 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02007002 * right is the last seen date. It is a base64 encoded
7003 * 30-bit value representing the UNIX date since the
7004 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02007005 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02007006 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02007007 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02007008 if (val_end - vbar1 >= 5) {
7009 val = b64tos30(vbar1);
7010 if (val > 0)
7011 txn->cookie_last_date = val << 2;
7012 }
7013 /* look for a second vertical bar */
7014 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
7015 if (vbar1 && (val_end - vbar1 > 5)) {
7016 val = b64tos30(vbar1 + 1);
7017 if (val > 0)
7018 txn->cookie_first_date = val << 2;
7019 }
Willy Tarreaubca99692010-10-06 19:25:55 +02007020 }
7021 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007022
Willy Tarreauf64d1412010-10-07 20:06:11 +02007023 /* if the cookie has an expiration date and the proxy wants to check
7024 * it, then we do that now. We first check if the cookie is too old,
7025 * then only if it has expired. We detect strict overflow because the
7026 * time resolution here is not great (4 seconds). Cookies with dates
7027 * in the future are ignored if their offset is beyond one day. This
7028 * allows an admin to fix timezone issues without expiring everyone
7029 * and at the same time avoids keeping unwanted side effects for too
7030 * long.
7031 */
7032 if (txn->cookie_first_date && t->be->cookie_maxlife &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02007033 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)t->be->cookie_maxlife) ||
7034 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007035 txn->flags &= ~TX_CK_MASK;
7036 txn->flags |= TX_CK_OLD;
7037 delim = val_beg; // let's pretend we have not found the cookie
7038 txn->cookie_first_date = 0;
7039 txn->cookie_last_date = 0;
7040 }
7041 else if (txn->cookie_last_date && t->be->cookie_maxidle &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02007042 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)t->be->cookie_maxidle) ||
7043 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007044 txn->flags &= ~TX_CK_MASK;
7045 txn->flags |= TX_CK_EXPIRED;
7046 delim = val_beg; // let's pretend we have not found the cookie
7047 txn->cookie_first_date = 0;
7048 txn->cookie_last_date = 0;
7049 }
7050
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007051 /* Here, we'll look for the first running server which supports the cookie.
7052 * This allows to share a same cookie between several servers, for example
7053 * to dedicate backup servers to specific servers only.
7054 * However, to prevent clients from sticking to cookie-less backup server
7055 * when they have incidentely learned an empty cookie, we simply ignore
7056 * empty cookies and mark them as invalid.
7057 * The same behaviour is applied when persistence must be ignored.
7058 */
Willy Tarreau4a5cade2012-04-05 21:09:48 +02007059 if ((delim == val_beg) || (t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007060 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007061
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007062 while (srv) {
7063 if (srv->cookie && (srv->cklen == delim - val_beg) &&
7064 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
7065 if ((srv->state & SRV_RUNNING) ||
7066 (t->be->options & PR_O_PERSIST) ||
7067 (t->flags & SN_FORCE_PRST)) {
7068 /* we found the server and we can use it */
7069 txn->flags &= ~TX_CK_MASK;
7070 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
7071 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007072 t->target = &srv->obj_type;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007073 break;
7074 } else {
7075 /* we found a server, but it's down,
7076 * mark it as such and go on in case
7077 * another one is available.
7078 */
7079 txn->flags &= ~TX_CK_MASK;
7080 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007081 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007082 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007083 srv = srv->next;
7084 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007085
Willy Tarreauf64d1412010-10-07 20:06:11 +02007086 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007087 /* no server matched this cookie or we deliberately skipped it */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007088 txn->flags &= ~TX_CK_MASK;
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007089 if ((t->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
7090 txn->flags |= TX_CK_UNUSED;
7091 else
7092 txn->flags |= TX_CK_INVALID;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007093 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007094
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007095 /* depending on the cookie mode, we may have to either :
7096 * - delete the complete cookie if we're in insert+indirect mode, so that
7097 * the server never sees it ;
7098 * - remove the server id from the cookie value, and tag the cookie as an
7099 * application cookie so that it does not get accidentely removed later,
7100 * if we're in cookie prefix mode
7101 */
Willy Tarreau67402132012-05-31 20:40:20 +02007102 if ((t->be->ck_opts & PR_CK_PFX) && (delim != val_end)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007103 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007104
Willy Tarreau9b28e032012-10-12 23:49:43 +02007105 delta = buffer_replace2(req->buf, val_beg, delim + 1, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007106 val_end += delta;
7107 next += delta;
7108 hdr_end += delta;
7109 hdr_next += delta;
7110 cur_hdr->len += delta;
7111 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007112
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007113 del_from = NULL;
7114 preserve_hdr = 1; /* we want to keep this cookie */
7115 }
7116 else if (del_from == NULL &&
Willy Tarreau67402132012-05-31 20:40:20 +02007117 (t->be->ck_opts & (PR_CK_INS | PR_CK_IND)) == (PR_CK_INS | PR_CK_IND)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007118 del_from = prev;
7119 }
7120 } else {
7121 /* This is not our cookie, so we must preserve it. But if we already
7122 * scheduled another cookie for removal, we cannot remove the
7123 * complete header, but we can remove the previous block itself.
7124 */
7125 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007126
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007127 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007128 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01007129 if (att_beg >= del_from)
7130 att_beg += delta;
7131 if (att_end >= del_from)
7132 att_end += delta;
7133 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007134 val_end += delta;
7135 next += delta;
7136 hdr_end += delta;
7137 hdr_next += delta;
7138 cur_hdr->len += delta;
7139 http_msg_move_end(&txn->req, delta);
7140 prev = del_from;
7141 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007142 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007143 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007144
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007145 /* Look for the appsession cookie unless persistence must be ignored */
7146 if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
7147 int cmp_len, value_len;
7148 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007149
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007150 if (t->be->options2 & PR_O2_AS_PFX) {
7151 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7152 value_begin = att_beg + t->be->appsession_name_len;
7153 value_len = val_end - att_beg - t->be->appsession_name_len;
7154 } else {
7155 cmp_len = att_end - att_beg;
7156 value_begin = val_beg;
7157 value_len = val_end - val_beg;
7158 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007159
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007160 /* let's see if the cookie is our appcookie */
7161 if (cmp_len == t->be->appsession_name_len &&
7162 memcmp(att_beg, t->be->appsession_name, cmp_len) == 0) {
7163 manage_client_side_appsession(t, value_begin, value_len);
7164 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007165 }
7166
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007167 /* continue with next cookie on this header line */
7168 att_beg = next;
7169 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007170
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007171 /* There are no more cookies on this line.
7172 * We may still have one (or several) marked for deletion at the
7173 * end of the line. We must do this now in two ways :
7174 * - if some cookies must be preserved, we only delete from the
7175 * mark to the end of line ;
7176 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01007177 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007178 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007179 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007180 if (preserve_hdr) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007181 delta = del_hdr_value(req->buf, &del_from, hdr_end);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007182 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007183 cur_hdr->len += delta;
7184 } else {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007185 delta = buffer_replace2(req->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007186
7187 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007188 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7189 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007190 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007191 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007192 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007193 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007194 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007195 }
7196
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007197 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007198 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007199 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007200}
7201
7202
Willy Tarreaua15645d2007-03-18 16:22:39 +01007203/* Iterate the same filter through all response headers contained in <rtr>.
7204 * Returns 1 if this filter can be stopped upon return, otherwise 0.
7205 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007206int apply_filter_to_resp_headers(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007207{
7208 char term;
7209 char *cur_ptr, *cur_end, *cur_next;
7210 int cur_idx, old_idx, last_hdr;
7211 struct http_txn *txn = &t->txn;
7212 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007213 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007214
7215 last_hdr = 0;
7216
Willy Tarreau9b28e032012-10-12 23:49:43 +02007217 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007218 old_idx = 0;
7219
7220 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007221 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007222 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007223 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007224 (exp->action == ACT_ALLOW ||
7225 exp->action == ACT_DENY))
7226 return 0;
7227
7228 cur_idx = txn->hdr_idx.v[old_idx].next;
7229 if (!cur_idx)
7230 break;
7231
7232 cur_hdr = &txn->hdr_idx.v[cur_idx];
7233 cur_ptr = cur_next;
7234 cur_end = cur_ptr + cur_hdr->len;
7235 cur_next = cur_end + cur_hdr->cr + 1;
7236
7237 /* Now we have one header between cur_ptr and cur_end,
7238 * and the next header starts at cur_next.
7239 */
7240
7241 /* The annoying part is that pattern matching needs
7242 * that we modify the contents to null-terminate all
7243 * strings before testing them.
7244 */
7245
7246 term = *cur_end;
7247 *cur_end = '\0';
7248
7249 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7250 switch (exp->action) {
7251 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007252 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007253 last_hdr = 1;
7254 break;
7255
7256 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007257 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007258 last_hdr = 1;
7259 break;
7260
7261 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007262 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7263 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007264 /* FIXME: if the user adds a newline in the replacement, the
7265 * index will not be recalculated for now, and the new line
7266 * will not be counted as a new header.
7267 */
7268
7269 cur_end += delta;
7270 cur_next += delta;
7271 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007272 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007273 break;
7274
7275 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02007276 delta = buffer_replace2(rtr->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007277 cur_next += delta;
7278
Willy Tarreaufa355d42009-11-29 18:12:29 +01007279 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007280 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7281 txn->hdr_idx.used--;
7282 cur_hdr->len = 0;
7283 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01007284 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007285 break;
7286
7287 }
7288 }
7289 if (cur_end)
7290 *cur_end = term; /* restore the string terminator */
7291
7292 /* keep the link from this header to next one in case of later
7293 * removal of next header.
7294 */
7295 old_idx = cur_idx;
7296 }
7297 return 0;
7298}
7299
7300
7301/* Apply the filter to the status line in the response buffer <rtr>.
7302 * Returns 0 if nothing has been done, 1 if the filter has been applied,
7303 * or -1 if a replacement resulted in an invalid status line.
7304 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007305int apply_filter_to_sts_line(struct session *t, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007306{
7307 char term;
7308 char *cur_ptr, *cur_end;
7309 int done;
7310 struct http_txn *txn = &t->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007311 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007312
7313
Willy Tarreau3d300592007-03-18 18:34:41 +01007314 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007315 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007316 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007317 (exp->action == ACT_ALLOW ||
7318 exp->action == ACT_DENY))
7319 return 0;
7320 else if (exp->action == ACT_REMOVE)
7321 return 0;
7322
7323 done = 0;
7324
Willy Tarreau9b28e032012-10-12 23:49:43 +02007325 cur_ptr = rtr->buf->p;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007326 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007327
7328 /* Now we have the status line between cur_ptr and cur_end */
7329
7330 /* The annoying part is that pattern matching needs
7331 * that we modify the contents to null-terminate all
7332 * strings before testing them.
7333 */
7334
7335 term = *cur_end;
7336 *cur_end = '\0';
7337
7338 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7339 switch (exp->action) {
7340 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007341 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007342 done = 1;
7343 break;
7344
7345 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007346 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007347 done = 1;
7348 break;
7349
7350 case ACT_REPLACE:
7351 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007352 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7353 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007354 /* FIXME: if the user adds a newline in the replacement, the
7355 * index will not be recalculated for now, and the new line
7356 * will not be counted as a new header.
7357 */
7358
Willy Tarreaufa355d42009-11-29 18:12:29 +01007359 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007360 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007361 cur_end = (char *)http_parse_stsline(&txn->rsp,
Willy Tarreau02785762007-04-03 14:45:44 +02007362 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01007363 cur_ptr, cur_end + 1,
7364 NULL, NULL);
7365 if (unlikely(!cur_end))
7366 return -1;
7367
7368 /* we have a full respnse and we know that we have either a CR
7369 * or an LF at <ptr>.
7370 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007371 txn->status = strl2ui(rtr->buf->p + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007372 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01007373 /* there is no point trying this regex on headers */
7374 return 1;
7375 }
7376 }
7377 *cur_end = term; /* restore the string terminator */
7378 return done;
7379}
7380
7381
7382
7383/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007384 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007385 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
7386 * unparsable response.
7387 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007388int apply_filters_to_response(struct session *s, struct channel *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007389{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007390 struct http_txn *txn = &s->txn;
7391 struct hdr_exp *exp;
7392
7393 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007394 int ret;
7395
7396 /*
7397 * The interleaving of transformations and verdicts
7398 * makes it difficult to decide to continue or stop
7399 * the evaluation.
7400 */
7401
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007402 if (txn->flags & TX_SVDENY)
7403 break;
7404
Willy Tarreau3d300592007-03-18 18:34:41 +01007405 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007406 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
7407 exp->action == ACT_PASS)) {
7408 exp = exp->next;
7409 continue;
7410 }
7411
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007412 /* if this filter had a condition, evaluate it now and skip to
7413 * next filter if the condition does not match.
7414 */
7415 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007416 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007417 ret = acl_pass(ret);
7418 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
7419 ret = !ret;
7420 if (!ret)
7421 continue;
7422 }
7423
Willy Tarreaua15645d2007-03-18 16:22:39 +01007424 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007425 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007426 if (unlikely(ret < 0))
7427 return -1;
7428
7429 if (likely(ret == 0)) {
7430 /* The filter did not match the response, it can be
7431 * iterated through all headers.
7432 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007433 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007434 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007435 }
7436 return 0;
7437}
7438
7439
Willy Tarreaua15645d2007-03-18 16:22:39 +01007440/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01007441 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02007442 * desirable to call it only when needed. This function is also used when we
7443 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01007444 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007445void manage_server_side_cookies(struct session *t, struct channel *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007446{
7447 struct http_txn *txn = &t->txn;
Willy Tarreau827aee92011-03-10 16:55:02 +01007448 struct server *srv;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007449 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007450 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007451 char *hdr_beg, *hdr_end, *hdr_next;
7452 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007453
Willy Tarreaua15645d2007-03-18 16:22:39 +01007454 /* Iterate through the headers.
7455 * we start with the start line.
7456 */
7457 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007458 hdr_next = res->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007459
7460 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
7461 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007462 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007463
7464 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02007465 hdr_beg = hdr_next;
7466 hdr_end = hdr_beg + cur_hdr->len;
7467 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007468
Willy Tarreau24581ba2010-08-31 22:39:35 +02007469 /* We have one full header between hdr_beg and hdr_end, and the
7470 * next header starts at hdr_next. We're only interested in
7471 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007472 */
7473
Willy Tarreau24581ba2010-08-31 22:39:35 +02007474 is_cookie2 = 0;
7475 prev = hdr_beg + 10;
7476 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007477 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007478 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
7479 if (!val) {
7480 old_idx = cur_idx;
7481 continue;
7482 }
7483 is_cookie2 = 1;
7484 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007485 }
7486
Willy Tarreau24581ba2010-08-31 22:39:35 +02007487 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
7488 * <prev> points to the colon.
7489 */
Willy Tarreauf1348312010-10-07 15:54:11 +02007490 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007491
Willy Tarreau24581ba2010-08-31 22:39:35 +02007492 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
7493 * check-cache is enabled) and we are not interested in checking
7494 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007495 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007496 if (t->be->cookie_name == NULL &&
7497 t->be->appsession_name == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007498 t->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007499 return;
7500
Willy Tarreau24581ba2010-08-31 22:39:35 +02007501 /* OK so now we know we have to process this response cookie.
7502 * The format of the Set-Cookie header is slightly different
7503 * from the format of the Cookie header in that it does not
7504 * support the comma as a cookie delimiter (thus the header
7505 * cannot be folded) because the Expires attribute described in
7506 * the original Netscape's spec may contain an unquoted date
7507 * with a comma inside. We have to live with this because
7508 * many browsers don't support Max-Age and some browsers don't
7509 * support quoted strings. However the Set-Cookie2 header is
7510 * clean.
7511 *
7512 * We have to keep multiple pointers in order to support cookie
7513 * removal at the beginning, middle or end of header without
7514 * corrupting the header (in case of set-cookie2). A special
7515 * pointer, <scav> points to the beginning of the set-cookie-av
7516 * fields after the first semi-colon. The <next> pointer points
7517 * either to the end of line (set-cookie) or next unquoted comma
7518 * (set-cookie2). All of these headers are valid :
7519 *
7520 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
7521 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7522 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7523 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
7524 * | | | | | | | | | |
7525 * | | | | | | | | +-> next hdr_end <--+
7526 * | | | | | | | +------------> scav
7527 * | | | | | | +--------------> val_end
7528 * | | | | | +--------------------> val_beg
7529 * | | | | +----------------------> equal
7530 * | | | +------------------------> att_end
7531 * | | +----------------------------> att_beg
7532 * | +------------------------------> prev
7533 * +-----------------------------------------> hdr_beg
7534 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007535
Willy Tarreau24581ba2010-08-31 22:39:35 +02007536 for (; prev < hdr_end; prev = next) {
7537 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007538
Willy Tarreau24581ba2010-08-31 22:39:35 +02007539 /* find att_beg */
7540 att_beg = prev + 1;
7541 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7542 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007543
Willy Tarreau24581ba2010-08-31 22:39:35 +02007544 /* find att_end : this is the first character after the last non
7545 * space before the equal. It may be equal to hdr_end.
7546 */
7547 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007548
Willy Tarreau24581ba2010-08-31 22:39:35 +02007549 while (equal < hdr_end) {
7550 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
7551 break;
7552 if (http_is_spht[(unsigned char)*equal++])
7553 continue;
7554 att_end = equal;
7555 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007556
Willy Tarreau24581ba2010-08-31 22:39:35 +02007557 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7558 * is between <att_beg> and <equal>, both may be identical.
7559 */
7560
7561 /* look for end of cookie if there is an equal sign */
7562 if (equal < hdr_end && *equal == '=') {
7563 /* look for the beginning of the value */
7564 val_beg = equal + 1;
7565 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7566 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007567
Willy Tarreau24581ba2010-08-31 22:39:35 +02007568 /* find the end of the value, respecting quotes */
7569 next = find_cookie_value_end(val_beg, hdr_end);
7570
7571 /* make val_end point to the first white space or delimitor after the value */
7572 val_end = next;
7573 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7574 val_end--;
7575 } else {
7576 /* <equal> points to next comma, semi-colon or EOL */
7577 val_beg = val_end = next = equal;
7578 }
7579
7580 if (next < hdr_end) {
7581 /* Set-Cookie2 supports multiple cookies, and <next> points to
7582 * a colon or semi-colon before the end. So skip all attr-value
7583 * pairs and look for the next comma. For Set-Cookie, since
7584 * commas are permitted in values, skip to the end.
7585 */
7586 if (is_cookie2)
7587 next = find_hdr_value_end(next, hdr_end);
7588 else
7589 next = hdr_end;
7590 }
7591
7592 /* Now everything is as on the diagram above */
7593
7594 /* Ignore cookies with no equal sign */
7595 if (equal == val_end)
7596 continue;
7597
7598 /* If there are spaces around the equal sign, we need to
7599 * strip them otherwise we'll get trouble for cookie captures,
7600 * or even for rewrites. Since this happens extremely rarely,
7601 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007602 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007603 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7604 int stripped_before = 0;
7605 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007606
Willy Tarreau24581ba2010-08-31 22:39:35 +02007607 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007608 stripped_before = buffer_replace2(res->buf, att_end, equal, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007609 equal += stripped_before;
7610 val_beg += stripped_before;
7611 }
7612
7613 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007614 stripped_after = buffer_replace2(res->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007615 val_beg += stripped_after;
7616 stripped_before += stripped_after;
7617 }
7618
7619 val_end += stripped_before;
7620 next += stripped_before;
7621 hdr_end += stripped_before;
7622 hdr_next += stripped_before;
7623 cur_hdr->len += stripped_before;
Willy Tarreau1fc1f452011-04-07 22:35:37 +02007624 http_msg_move_end(&txn->rsp, stripped_before);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007625 }
7626
7627 /* First, let's see if we want to capture this cookie. We check
7628 * that we don't already have a server side cookie, because we
7629 * can only capture one. Also as an optimisation, we ignore
7630 * cookies shorter than the declared name.
7631 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007632 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01007633 txn->srv_cookie == NULL &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007634 (val_end - att_beg >= t->fe->capture_namelen) &&
7635 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
7636 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02007637 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007638 Alert("HTTP logging : out of memory.\n");
7639 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01007640 else {
7641 if (log_len > t->fe->capture_len)
7642 log_len = t->fe->capture_len;
7643 memcpy(txn->srv_cookie, att_beg, log_len);
7644 txn->srv_cookie[log_len] = 0;
7645 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007646 }
7647
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007648 srv = objt_server(t->target);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007649 /* now check if we need to process it for persistence */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007650 if (!(t->flags & SN_IGNORE_PRST) &&
7651 (att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
7652 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02007653 /* assume passive cookie by default */
7654 txn->flags &= ~TX_SCK_MASK;
7655 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007656
7657 /* If the cookie is in insert mode on a known server, we'll delete
7658 * this occurrence because we'll insert another one later.
7659 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02007660 * a direct access.
7661 */
Willy Tarreau67402132012-05-31 20:40:20 +02007662 if (t->be->ck_opts & PR_CK_PSV) {
Willy Tarreauba4c5be2010-10-23 12:46:42 +02007663 /* The "preserve" flag was set, we don't want to touch the
7664 * server's cookie.
7665 */
7666 }
Willy Tarreau67402132012-05-31 20:40:20 +02007667 else if ((srv && (t->be->ck_opts & PR_CK_INS)) ||
7668 ((t->flags & SN_DIRECT) && (t->be->ck_opts & PR_CK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007669 /* this cookie must be deleted */
7670 if (*prev == ':' && next == hdr_end) {
7671 /* whole header */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007672 delta = buffer_replace2(res->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007673 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7674 txn->hdr_idx.used--;
7675 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007676 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007677 hdr_next += delta;
7678 http_msg_move_end(&txn->rsp, delta);
7679 /* note: while both invalid now, <next> and <hdr_end>
7680 * are still equal, so the for() will stop as expected.
7681 */
7682 } else {
7683 /* just remove the value */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007684 int delta = del_hdr_value(res->buf, &prev, next);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007685 next = prev;
7686 hdr_end += delta;
7687 hdr_next += delta;
7688 cur_hdr->len += delta;
7689 http_msg_move_end(&txn->rsp, delta);
7690 }
Willy Tarreauf1348312010-10-07 15:54:11 +02007691 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01007692 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007693 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007694 }
Willy Tarreau67402132012-05-31 20:40:20 +02007695 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007696 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01007697 * with this server since we know it.
7698 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007699 delta = buffer_replace2(res->buf, val_beg, val_end, srv->cookie, srv->cklen);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007700 next += delta;
7701 hdr_end += delta;
7702 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007703 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007704 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007705
Willy Tarreauf1348312010-10-07 15:54:11 +02007706 txn->flags &= ~TX_SCK_MASK;
7707 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007708 }
Willy Tarreaua0590312012-06-06 16:07:00 +02007709 else if (srv && srv->cookie && (t->be->ck_opts & PR_CK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007710 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02007711 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01007712 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007713 delta = buffer_replace2(res->buf, val_beg, val_beg, srv->cookie, srv->cklen + 1);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007714 next += delta;
7715 hdr_end += delta;
7716 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007717 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007718 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007719
Willy Tarreau827aee92011-03-10 16:55:02 +01007720 val_beg[srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02007721 txn->flags &= ~TX_SCK_MASK;
7722 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007723 }
7724 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02007725 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
7726 else if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007727 int cmp_len, value_len;
7728 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007729
Cyril Bontéb21570a2009-11-29 20:04:48 +01007730 if (t->be->options2 & PR_O2_AS_PFX) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007731 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7732 value_begin = att_beg + t->be->appsession_name_len;
7733 value_len = MIN(t->be->appsession_len, val_end - att_beg - t->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01007734 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007735 cmp_len = att_end - att_beg;
7736 value_begin = val_beg;
7737 value_len = MIN(t->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007738 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007739
Cyril Bonté17530c32010-04-06 21:11:10 +02007740 if ((cmp_len == t->be->appsession_name_len) &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007741 (memcmp(att_beg, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7742 /* free a possibly previously allocated memory */
7743 pool_free2(apools.sessid, txn->sessid);
7744
Cyril Bontéb21570a2009-11-29 20:04:48 +01007745 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007746 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007747 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7748 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7749 return;
7750 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007751 memcpy(txn->sessid, value_begin, value_len);
7752 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007753 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02007754 }
7755 /* that's done for this cookie, check the next one on the same
7756 * line when next != hdr_end (only if is_cookie2).
7757 */
7758 }
7759 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007760 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007761 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007762
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007763 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007764 appsess *asession = NULL;
7765 /* only do insert, if lookup fails */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007766 asession = appsession_hash_lookup(&(t->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007767 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01007768 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007769 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
7770 Alert("Not enough Memory process_srv():asession:calloc().\n");
7771 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
7772 return;
7773 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007774 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
7775
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007776 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
7777 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7778 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007779 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007780 return;
7781 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007782 memcpy(asession->sessid, txn->sessid, t->be->appsession_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007783 asession->sessid[t->be->appsession_len] = 0;
7784
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007785 server_id_len = strlen(objt_server(t->target)->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007786 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007787 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007788 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007789 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007790 return;
7791 }
7792 asession->serverid[0] = '\0';
Willy Tarreau3fdb3662012-11-12 00:42:33 +01007793 memcpy(asession->serverid, objt_server(t->target)->id, server_id_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007794
7795 asession->request_count = 0;
7796 appsession_hash_insert(&(t->be->htbl_proxy), asession);
7797 }
7798
7799 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
7800 asession->request_count++;
7801 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007802}
7803
7804
Willy Tarreaua15645d2007-03-18 16:22:39 +01007805/*
7806 * Check if response is cacheable or not. Updates t->flags.
7807 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007808void check_response_for_cacheability(struct session *t, struct channel *rtr)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007809{
7810 struct http_txn *txn = &t->txn;
7811 char *p1, *p2;
7812
7813 char *cur_ptr, *cur_end, *cur_next;
7814 int cur_idx;
7815
Willy Tarreau5df51872007-11-25 16:20:08 +01007816 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007817 return;
7818
7819 /* Iterate through the headers.
7820 * we start with the start line.
7821 */
7822 cur_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007823 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007824
7825 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
7826 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007827 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007828
7829 cur_hdr = &txn->hdr_idx.v[cur_idx];
7830 cur_ptr = cur_next;
7831 cur_end = cur_ptr + cur_hdr->len;
7832 cur_next = cur_end + cur_hdr->cr + 1;
7833
7834 /* We have one full header between cur_ptr and cur_end, and the
7835 * next header starts at cur_next. We're only interested in
7836 * "Cookie:" headers.
7837 */
7838
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007839 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
7840 if (val) {
7841 if ((cur_end - (cur_ptr + val) >= 8) &&
7842 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
7843 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
7844 return;
7845 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007846 }
7847
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007848 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
7849 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007850 continue;
7851
7852 /* OK, right now we know we have a cache-control header at cur_ptr */
7853
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007854 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007855
7856 if (p1 >= cur_end) /* no more info */
7857 continue;
7858
7859 /* p1 is at the beginning of the value */
7860 p2 = p1;
7861
Willy Tarreau8f8e6452007-06-17 21:51:38 +02007862 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007863 p2++;
7864
7865 /* we have a complete value between p1 and p2 */
7866 if (p2 < cur_end && *p2 == '=') {
7867 /* we have something of the form no-cache="set-cookie" */
7868 if ((cur_end - p1 >= 21) &&
7869 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
7870 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01007871 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007872 continue;
7873 }
7874
7875 /* OK, so we know that either p2 points to the end of string or to a comma */
7876 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
Willy Tarreau5b15f902013-07-04 12:46:56 +02007877 ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
Willy Tarreaua15645d2007-03-18 16:22:39 +01007878 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
7879 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
7880 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007881 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007882 return;
7883 }
7884
7885 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007886 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007887 continue;
7888 }
7889 }
7890}
7891
7892
Willy Tarreau58f10d72006-12-04 02:26:12 +01007893/*
7894 * Try to retrieve a known appsession in the URI, then the associated server.
7895 * If the server is found, it's assigned to the session.
7896 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007897void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01007898{
Cyril Bontéb21570a2009-11-29 20:04:48 +01007899 char *end_params, *first_param, *cur_param, *next_param;
7900 char separator;
7901 int value_len;
7902
7903 int mode = t->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007904
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007905 if (t->be->appsession_name == NULL ||
Cyril Bonté17530c32010-04-06 21:11:10 +02007906 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST && t->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007907 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007908 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007909
Cyril Bontéb21570a2009-11-29 20:04:48 +01007910 first_param = NULL;
7911 switch (mode) {
7912 case PR_O2_AS_M_PP:
7913 first_param = memchr(begin, ';', len);
7914 break;
7915 case PR_O2_AS_M_QS:
7916 first_param = memchr(begin, '?', len);
7917 break;
7918 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007919
Cyril Bontéb21570a2009-11-29 20:04:48 +01007920 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007921 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007922 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007923
Cyril Bontéb21570a2009-11-29 20:04:48 +01007924 switch (mode) {
7925 case PR_O2_AS_M_PP:
7926 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
7927 end_params = (char *) begin + len;
7928 }
7929 separator = ';';
7930 break;
7931 case PR_O2_AS_M_QS:
7932 end_params = (char *) begin + len;
7933 separator = '&';
7934 break;
7935 default:
7936 /* unknown mode, shouldn't happen */
7937 return;
7938 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007939
Cyril Bontéb21570a2009-11-29 20:04:48 +01007940 cur_param = next_param = end_params;
7941 while (cur_param > first_param) {
7942 cur_param--;
7943 if ((cur_param[0] == separator) || (cur_param == first_param)) {
7944 /* let's see if this is the appsession parameter */
7945 if ((cur_param + t->be->appsession_name_len + 1 < next_param) &&
7946 ((t->be->options2 & PR_O2_AS_PFX) || cur_param[t->be->appsession_name_len + 1] == '=') &&
7947 (strncasecmp(cur_param + 1, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7948 /* Cool... it's the right one */
7949 cur_param += t->be->appsession_name_len + (t->be->options2 & PR_O2_AS_PFX ? 1 : 2);
7950 value_len = MIN(t->be->appsession_len, next_param - cur_param);
7951 if (value_len > 0) {
7952 manage_client_side_appsession(t, cur_param, value_len);
7953 }
7954 break;
7955 }
7956 next_param = cur_param;
7957 }
7958 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007959#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007960 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02007961 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01007962#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01007963}
7964
Willy Tarreaub2513902006-12-17 14:52:38 +01007965/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02007966 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007967 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01007968 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02007969 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01007970 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01007971 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007972 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01007973 */
Willy Tarreau295a8372011-03-10 11:25:07 +01007974int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01007975{
7976 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007977 struct http_msg *msg = &txn->req;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007978 const char *uri = msg->chn->buf->p+ msg->sl.rq.u;
Willy Tarreau3a215be2012-03-09 21:39:51 +01007979 const char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01007980
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007981 if (!uri_auth)
7982 return 0;
7983
Cyril Bonté70be45d2010-10-12 00:14:35 +02007984 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007985 return 0;
7986
Willy Tarreau295a8372011-03-10 11:25:07 +01007987 memset(&si->applet.ctx.stats, 0, sizeof(si->applet.ctx.stats));
Cyril Bonté19979e12012-04-04 12:57:21 +02007988 si->applet.ctx.stats.st_code = STAT_STATUS_INIT;
Willy Tarreau354898b2012-12-23 18:15:23 +01007989 si->applet.ctx.stats.flags |= STAT_FMT_HTML; /* assume HTML mode by default */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007990
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007991 /* check URI size */
Willy Tarreau3a215be2012-03-09 21:39:51 +01007992 if (uri_auth->uri_len > msg->sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01007993 return 0;
7994
Willy Tarreau3a215be2012-03-09 21:39:51 +01007995 h = uri;
Willy Tarreau0214c3a2007-01-07 13:47:30 +01007996 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01007997 return 0;
7998
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007999 h += uri_auth->uri_len;
Willy Tarreau3a215be2012-03-09 21:39:51 +01008000 while (h <= uri + msg->sl.rq.u_l - 3) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02008001 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01008002 si->applet.ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02008003 break;
8004 }
8005 h++;
8006 }
8007
8008 if (uri_auth->refresh) {
Willy Tarreau3a215be2012-03-09 21:39:51 +01008009 h = uri + uri_auth->uri_len;
8010 while (h <= uri + msg->sl.rq.u_l - 10) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02008011 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01008012 si->applet.ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02008013 break;
8014 }
8015 h++;
8016 }
8017 }
8018
Willy Tarreau3a215be2012-03-09 21:39:51 +01008019 h = uri + uri_auth->uri_len;
8020 while (h <= uri + msg->sl.rq.u_l - 4) {
Willy Tarreau55bb8452007-10-17 18:44:57 +02008021 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau354898b2012-12-23 18:15:23 +01008022 si->applet.ctx.stats.flags &= ~STAT_FMT_HTML;
Willy Tarreau55bb8452007-10-17 18:44:57 +02008023 break;
8024 }
8025 h++;
8026 }
8027
Willy Tarreau3a215be2012-03-09 21:39:51 +01008028 h = uri + uri_auth->uri_len;
8029 while (h <= uri + msg->sl.rq.u_l - 8) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02008030 if (memcmp(h, ";st=", 4) == 0) {
Cyril Bonté19979e12012-04-04 12:57:21 +02008031 int i;
Cyril Bonté70be45d2010-10-12 00:14:35 +02008032 h += 4;
Cyril Bonté20a804a2012-05-10 19:42:52 +02008033 si->applet.ctx.stats.st_code = STAT_STATUS_UNKN;
Cyril Bonté19979e12012-04-04 12:57:21 +02008034 for (i = STAT_STATUS_INIT + 1; i < STAT_STATUS_SIZE; i++) {
8035 if (strncmp(stat_status_codes[i], h, 4) == 0) {
8036 si->applet.ctx.stats.st_code = i;
8037 break;
8038 }
8039 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02008040 break;
8041 }
8042 h++;
8043 }
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02008044
8045 si->applet.ctx.stats.scope_str = 0;
8046 si->applet.ctx.stats.scope_len = 0;
8047 h = uri + uri_auth->uri_len;
8048 while (h <= uri + msg->sl.rq.u_l - 8) {
8049 if (memcmp(h, STAT_SCOPE_INPUT_NAME "=", strlen(STAT_SCOPE_INPUT_NAME) + 1) == 0) {
8050 int itx = 0;
8051 const char *h2;
8052 char scope_txt[STAT_SCOPE_TXT_MAXLEN + 1];
8053 const char *err;
8054
8055 h += strlen(STAT_SCOPE_INPUT_NAME) + 1;
8056 h2 = h;
8057 si->applet.ctx.stats.scope_str = h2 - msg->chn->buf->p;
8058 while (*h != ';' && *h != '\0' && *h != '&' && *h != ' ' && *h != '\n') {
8059 itx++;
8060 h++;
8061 }
8062
8063 if (itx > STAT_SCOPE_TXT_MAXLEN)
8064 itx = STAT_SCOPE_TXT_MAXLEN;
8065 si->applet.ctx.stats.scope_len = itx;
8066
8067 /* scope_txt = search query, si->applet.ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
8068 memcpy(scope_txt, h2, itx);
8069 scope_txt[itx] = '\0';
8070 err = invalid_char(scope_txt);
8071 if (err) {
8072 /* bad char in search text => clear scope */
8073 si->applet.ctx.stats.scope_str = 0;
8074 si->applet.ctx.stats.scope_len = 0;
8075 }
8076 break;
8077 }
8078 h++;
8079 }
8080
8081
Willy Tarreaub2513902006-12-17 14:52:38 +01008082 return 1;
8083}
8084
Willy Tarreau4076a152009-04-02 15:18:36 +02008085/*
8086 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008087 * By default it tries to report the error position as msg->err_pos. However if
8088 * this one is not set, it will then report msg->next, which is the last known
8089 * parsing point. The function is able to deal with wrapping buffers. It always
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008090 * displays buffers as a contiguous area starting at buf->p.
Willy Tarreau4076a152009-04-02 15:18:36 +02008091 */
8092void http_capture_bad_message(struct error_snapshot *es, struct session *s,
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008093 struct http_msg *msg,
Willy Tarreau078272e2010-12-12 12:46:33 +01008094 int state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02008095{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008096 struct channel *chn = msg->chn;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008097 int len1, len2;
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008098
Willy Tarreau9b28e032012-10-12 23:49:43 +02008099 es->len = MIN(chn->buf->i, sizeof(es->buf));
8100 len1 = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008101 len1 = MIN(len1, es->len);
8102 len2 = es->len - len1; /* remaining data if buffer wraps */
8103
Willy Tarreau9b28e032012-10-12 23:49:43 +02008104 memcpy(es->buf, chn->buf->p, len1);
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008105 if (len2)
Willy Tarreau9b28e032012-10-12 23:49:43 +02008106 memcpy(es->buf + len1, chn->buf->data, len2);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008107
Willy Tarreau4076a152009-04-02 15:18:36 +02008108 if (msg->err_pos >= 0)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008109 es->pos = msg->err_pos;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008110 else
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008111 es->pos = msg->next;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008112
Willy Tarreau4076a152009-04-02 15:18:36 +02008113 es->when = date; // user-visible date
8114 es->sid = s->uniq_id;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008115 es->srv = objt_server(s->target);
Willy Tarreau4076a152009-04-02 15:18:36 +02008116 es->oe = other_end;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02008117 es->src = s->req->prod->conn->addr.from;
Willy Tarreau078272e2010-12-12 12:46:33 +01008118 es->state = state;
Willy Tarreau10479e42010-12-12 14:00:34 +01008119 es->ev_id = error_snapshot_id++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008120 es->b_flags = chn->flags;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008121 es->s_flags = s->flags;
8122 es->t_flags = s->txn.flags;
8123 es->m_flags = msg->flags;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008124 es->b_out = chn->buf->o;
8125 es->b_wrap = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008126 es->b_tot = chn->total;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008127 es->m_clen = msg->chunk_len;
8128 es->m_blen = msg->body_len;
Willy Tarreau4076a152009-04-02 15:18:36 +02008129}
Willy Tarreaub2513902006-12-17 14:52:38 +01008130
Willy Tarreau294c4732011-12-16 21:35:50 +01008131/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8132 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8133 * performed over the whole headers. Otherwise it must contain a valid header
8134 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8135 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8136 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8137 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008138 * -1. The value fetch stops at commas, so this function is suited for use with
8139 * list headers.
Willy Tarreau294c4732011-12-16 21:35:50 +01008140 * The return value is 0 if nothing was found, or non-zero otherwise.
Willy Tarreaubce70882009-09-07 11:51:47 +02008141 */
Willy Tarreau185b5c42012-04-26 15:11:51 +02008142unsigned int http_get_hdr(const struct http_msg *msg, const char *hname, int hlen,
Willy Tarreau294c4732011-12-16 21:35:50 +01008143 struct hdr_idx *idx, int occ,
8144 struct hdr_ctx *ctx, char **vptr, int *vlen)
Willy Tarreaubce70882009-09-07 11:51:47 +02008145{
Willy Tarreau294c4732011-12-16 21:35:50 +01008146 struct hdr_ctx local_ctx;
8147 char *ptr_hist[MAX_HDR_HISTORY];
8148 int len_hist[MAX_HDR_HISTORY];
Willy Tarreaubce70882009-09-07 11:51:47 +02008149 unsigned int hist_ptr;
Willy Tarreau294c4732011-12-16 21:35:50 +01008150 int found;
Willy Tarreaubce70882009-09-07 11:51:47 +02008151
Willy Tarreau294c4732011-12-16 21:35:50 +01008152 if (!ctx) {
8153 local_ctx.idx = 0;
8154 ctx = &local_ctx;
8155 }
8156
Willy Tarreaubce70882009-09-07 11:51:47 +02008157 if (occ >= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008158 /* search from the beginning */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008159 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreaubce70882009-09-07 11:51:47 +02008160 occ--;
8161 if (occ <= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008162 *vptr = ctx->line + ctx->val;
8163 *vlen = ctx->vlen;
8164 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008165 }
8166 }
Willy Tarreau294c4732011-12-16 21:35:50 +01008167 return 0;
Willy Tarreaubce70882009-09-07 11:51:47 +02008168 }
8169
8170 /* negative occurrence, we scan all the list then walk back */
8171 if (-occ > MAX_HDR_HISTORY)
8172 return 0;
8173
Willy Tarreau294c4732011-12-16 21:35:50 +01008174 found = hist_ptr = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008175 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008176 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8177 len_hist[hist_ptr] = ctx->vlen;
8178 if (++hist_ptr >= MAX_HDR_HISTORY)
Willy Tarreaubce70882009-09-07 11:51:47 +02008179 hist_ptr = 0;
8180 found++;
8181 }
8182 if (-occ > found)
8183 return 0;
8184 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
Willy Tarreau67dad272013-06-12 22:27:44 +02008185 * find occurrence -occ. 0 <= hist_ptr < MAX_HDR_HISTORY, and we have
8186 * -10 <= occ <= -1. So we have to check [hist_ptr%MAX_HDR_HISTORY+occ]
8187 * to remain in the 0..9 range.
Willy Tarreaubce70882009-09-07 11:51:47 +02008188 */
Willy Tarreau67dad272013-06-12 22:27:44 +02008189 hist_ptr += occ + MAX_HDR_HISTORY;
Willy Tarreaubce70882009-09-07 11:51:47 +02008190 if (hist_ptr >= MAX_HDR_HISTORY)
8191 hist_ptr -= MAX_HDR_HISTORY;
Willy Tarreau294c4732011-12-16 21:35:50 +01008192 *vptr = ptr_hist[hist_ptr];
8193 *vlen = len_hist[hist_ptr];
8194 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008195}
8196
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008197/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8198 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8199 * performed over the whole headers. Otherwise it must contain a valid header
8200 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8201 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8202 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8203 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
8204 * -1. This function differs from http_get_hdr() in that it only returns full
8205 * line header values and does not stop at commas.
8206 * The return value is 0 if nothing was found, or non-zero otherwise.
8207 */
8208unsigned int http_get_fhdr(const struct http_msg *msg, const char *hname, int hlen,
8209 struct hdr_idx *idx, int occ,
8210 struct hdr_ctx *ctx, char **vptr, int *vlen)
8211{
8212 struct hdr_ctx local_ctx;
8213 char *ptr_hist[MAX_HDR_HISTORY];
8214 int len_hist[MAX_HDR_HISTORY];
8215 unsigned int hist_ptr;
8216 int found;
8217
8218 if (!ctx) {
8219 local_ctx.idx = 0;
8220 ctx = &local_ctx;
8221 }
8222
8223 if (occ >= 0) {
8224 /* search from the beginning */
8225 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8226 occ--;
8227 if (occ <= 0) {
8228 *vptr = ctx->line + ctx->val;
8229 *vlen = ctx->vlen;
8230 return 1;
8231 }
8232 }
8233 return 0;
8234 }
8235
8236 /* negative occurrence, we scan all the list then walk back */
8237 if (-occ > MAX_HDR_HISTORY)
8238 return 0;
8239
8240 found = hist_ptr = 0;
8241 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8242 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8243 len_hist[hist_ptr] = ctx->vlen;
8244 if (++hist_ptr >= MAX_HDR_HISTORY)
8245 hist_ptr = 0;
8246 found++;
8247 }
8248 if (-occ > found)
8249 return 0;
8250 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
8251 * find occurrence -occ, so we have to check [hist_ptr+occ].
8252 */
8253 hist_ptr += occ;
8254 if (hist_ptr >= MAX_HDR_HISTORY)
8255 hist_ptr -= MAX_HDR_HISTORY;
8256 *vptr = ptr_hist[hist_ptr];
8257 *vlen = len_hist[hist_ptr];
8258 return 1;
8259}
8260
Willy Tarreaubaaee002006-06-26 02:48:02 +02008261/*
Willy Tarreaue92693a2012-09-24 21:13:39 +02008262 * Print a debug line with a header. Always stop at the first CR or LF char,
8263 * so it is safe to pass it a full buffer if needed. If <err> is not NULL, an
8264 * arrow is printed after the line which contains the pointer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01008265 */
8266void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
8267{
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008268 int max;
8269 chunk_printf(&trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau7f7ad912012-11-11 19:27:15 +01008270 dir, (unsigned short)t->req->prod->conn->t.sock.fd,
8271 (unsigned short)t->req->cons->conn->t.sock.fd);
Willy Tarreaue92693a2012-09-24 21:13:39 +02008272
8273 for (max = 0; start + max < end; max++)
8274 if (start[max] == '\r' || start[max] == '\n')
8275 break;
8276
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008277 UBOUND(max, trash.size - trash.len - 3);
8278 trash.len += strlcpy2(trash.str + trash.len, start, max + 1);
8279 trash.str[trash.len++] = '\n';
8280 if (write(1, trash.str, trash.len) < 0) /* shut gcc warning */;
Willy Tarreau58f10d72006-12-04 02:26:12 +01008281}
8282
Willy Tarreau0937bc42009-12-22 15:03:09 +01008283/*
8284 * Initialize a new HTTP transaction for session <s>. It is assumed that all
8285 * the required fields are properly allocated and that we only need to (re)init
8286 * them. This should be used before processing any new request.
8287 */
8288void http_init_txn(struct session *s)
8289{
8290 struct http_txn *txn = &s->txn;
8291 struct proxy *fe = s->fe;
8292
8293 txn->flags = 0;
8294 txn->status = -1;
8295
Willy Tarreauf64d1412010-10-07 20:06:11 +02008296 txn->cookie_first_date = 0;
8297 txn->cookie_last_date = 0;
8298
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008299 txn->req.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008300 txn->req.sol = txn->req.eol = txn->req.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008301 txn->req.next = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008302 txn->rsp.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008303 txn->rsp.sol = txn->rsp.eol = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008304 txn->rsp.next = 0;
Willy Tarreau124d9912011-03-01 20:30:48 +01008305 txn->req.chunk_len = 0LL;
8306 txn->req.body_len = 0LL;
8307 txn->rsp.chunk_len = 0LL;
8308 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008309 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
8310 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Willy Tarreau394db372012-10-12 22:40:39 +02008311 txn->req.chn = s->req;
8312 txn->rsp.chn = s->rep;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008313
8314 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008315
8316 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
8317 if (fe->options2 & PR_O2_REQBUG_OK)
8318 txn->req.err_pos = -1; /* let buggy requests pass */
8319
Willy Tarreau46023632010-01-07 22:51:47 +01008320 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008321 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
8322
Willy Tarreau46023632010-01-07 22:51:47 +01008323 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008324 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
8325
8326 if (txn->hdr_idx.v)
8327 hdr_idx_init(&txn->hdr_idx);
8328}
8329
8330/* to be used at the end of a transaction */
8331void http_end_txn(struct session *s)
8332{
8333 struct http_txn *txn = &s->txn;
8334
8335 /* these ones will have been dynamically allocated */
8336 pool_free2(pool2_requri, txn->uri);
8337 pool_free2(pool2_capture, txn->cli_cookie);
8338 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008339 pool_free2(apools.sessid, txn->sessid);
William Lallemanda73203e2012-03-12 12:48:57 +01008340 pool_free2(pool2_uniqueid, s->unique_id);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008341
William Lallemanda73203e2012-03-12 12:48:57 +01008342 s->unique_id = NULL;
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008343 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008344 txn->uri = NULL;
8345 txn->srv_cookie = NULL;
8346 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01008347
8348 if (txn->req.cap) {
8349 struct cap_hdr *h;
8350 for (h = s->fe->req_cap; h; h = h->next)
8351 pool_free2(h->pool, txn->req.cap[h->index]);
8352 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
8353 }
8354
8355 if (txn->rsp.cap) {
8356 struct cap_hdr *h;
8357 for (h = s->fe->rsp_cap; h; h = h->next)
8358 pool_free2(h->pool, txn->rsp.cap[h->index]);
8359 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
8360 }
8361
Willy Tarreau0937bc42009-12-22 15:03:09 +01008362}
8363
8364/* to be used at the end of a transaction to prepare a new one */
8365void http_reset_txn(struct session *s)
8366{
8367 http_end_txn(s);
8368 http_init_txn(s);
8369
8370 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008371 s->logs.logwait = s->fe->to_log;
Willy Tarreauabcd5142013-06-11 17:18:02 +02008372 s->logs.level = 0;
Simon Hormanaf514952011-06-21 14:34:57 +09008373 session_del_srv_conn(s);
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008374 s->target = NULL;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008375 /* re-init store persistence */
8376 s->store_count = 0;
8377
Willy Tarreau0937bc42009-12-22 15:03:09 +01008378 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008379
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02008380 s->req->flags |= CF_READ_DONTWAIT; /* one read is usually enough */
Willy Tarreau0937bc42009-12-22 15:03:09 +01008381
Willy Tarreau739cfba2010-01-25 23:11:14 +01008382 /* We must trim any excess data from the response buffer, because we
8383 * may have blocked an invalid response from a server that we don't
8384 * want to accidentely forward once we disable the analysers, nor do
8385 * we want those data to come along with next response. A typical
8386 * example of such data would be from a buggy server responding to
8387 * a HEAD with some data, or sending more than the advertised
8388 * content-length.
8389 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008390 if (unlikely(s->rep->buf->i))
8391 s->rep->buf->i = 0;
Willy Tarreau739cfba2010-01-25 23:11:14 +01008392
Willy Tarreau0937bc42009-12-22 15:03:09 +01008393 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02008394 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008395
Willy Tarreaud04e8582010-05-31 12:31:35 +02008396 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008397 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008398
8399 s->req->rex = TICK_ETERNITY;
8400 s->req->wex = TICK_ETERNITY;
8401 s->req->analyse_exp = TICK_ETERNITY;
8402 s->rep->rex = TICK_ETERNITY;
8403 s->rep->wex = TICK_ETERNITY;
8404 s->rep->analyse_exp = TICK_ETERNITY;
8405}
Willy Tarreau58f10d72006-12-04 02:26:12 +01008406
Willy Tarreauff011f22011-01-06 17:51:27 +01008407void free_http_req_rules(struct list *r) {
8408 struct http_req_rule *tr, *pr;
8409
8410 list_for_each_entry_safe(pr, tr, r, list) {
8411 LIST_DEL(&pr->list);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008412 if (pr->action == HTTP_REQ_ACT_AUTH)
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008413 free(pr->arg.auth.realm);
Willy Tarreauff011f22011-01-06 17:51:27 +01008414
8415 free(pr);
8416 }
8417}
8418
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008419/* parse an "http-request" rule */
Willy Tarreauff011f22011-01-06 17:51:27 +01008420struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8421{
8422 struct http_req_rule *rule;
8423 int cur_arg;
8424
8425 rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
8426 if (!rule) {
8427 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008428 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008429 }
8430
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008431 if (!strcmp(args[0], "allow")) {
Willy Tarreauff011f22011-01-06 17:51:27 +01008432 rule->action = HTTP_REQ_ACT_ALLOW;
8433 cur_arg = 1;
8434 } else if (!strcmp(args[0], "deny")) {
8435 rule->action = HTTP_REQ_ACT_DENY;
8436 cur_arg = 1;
Willy Tarreauccbcc372012-12-27 12:37:57 +01008437 } else if (!strcmp(args[0], "tarpit")) {
8438 rule->action = HTTP_REQ_ACT_TARPIT;
8439 cur_arg = 1;
Willy Tarreauff011f22011-01-06 17:51:27 +01008440 } else if (!strcmp(args[0], "auth")) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008441 rule->action = HTTP_REQ_ACT_AUTH;
Willy Tarreauff011f22011-01-06 17:51:27 +01008442 cur_arg = 1;
8443
8444 while(*args[cur_arg]) {
8445 if (!strcmp(args[cur_arg], "realm")) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008446 rule->arg.auth.realm = strdup(args[cur_arg + 1]);
Willy Tarreauff011f22011-01-06 17:51:27 +01008447 cur_arg+=2;
8448 continue;
8449 } else
8450 break;
8451 }
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008452 } else if (!strcmp(args[0], "set-nice")) {
8453 rule->action = HTTP_REQ_ACT_SET_NICE;
8454 cur_arg = 1;
8455
8456 if (!*args[cur_arg] ||
8457 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8458 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer value).\n",
8459 file, linenum, args[0]);
8460 goto out_err;
8461 }
8462 rule->arg.nice = atoi(args[cur_arg]);
8463 if (rule->arg.nice < -1024)
8464 rule->arg.nice = -1024;
8465 else if (rule->arg.nice > 1024)
8466 rule->arg.nice = 1024;
8467 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008468 } else if (!strcmp(args[0], "set-tos")) {
8469#ifdef IP_TOS
8470 char *err;
8471 rule->action = HTTP_REQ_ACT_SET_TOS;
8472 cur_arg = 1;
8473
8474 if (!*args[cur_arg] ||
8475 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8476 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8477 file, linenum, args[0]);
8478 goto out_err;
8479 }
8480
8481 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8482 if (err && *err != '\0') {
8483 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8484 file, linenum, err, args[0]);
8485 goto out_err;
8486 }
8487 cur_arg++;
8488#else
8489 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8490 goto out_err;
8491#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008492 } else if (!strcmp(args[0], "set-mark")) {
8493#ifdef SO_MARK
8494 char *err;
8495 rule->action = HTTP_REQ_ACT_SET_MARK;
8496 cur_arg = 1;
8497
8498 if (!*args[cur_arg] ||
8499 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8500 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8501 file, linenum, args[0]);
8502 goto out_err;
8503 }
8504
8505 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8506 if (err && *err != '\0') {
8507 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8508 file, linenum, err, args[0]);
8509 goto out_err;
8510 }
8511 cur_arg++;
8512 global.last_checks |= LSTCHK_NETADM;
8513#else
8514 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8515 goto out_err;
8516#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008517 } else if (!strcmp(args[0], "set-log-level")) {
8518 rule->action = HTTP_REQ_ACT_SET_LOGL;
8519 cur_arg = 1;
8520
8521 if (!*args[cur_arg] ||
8522 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8523 bad_log_level:
8524 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (log level name or 'silent').\n",
8525 file, linenum, args[0]);
8526 goto out_err;
8527 }
8528 if (strcmp(args[cur_arg], "silent") == 0)
8529 rule->arg.loglevel = -1;
8530 else if ((rule->arg.loglevel = get_log_level(args[cur_arg]) + 1) == 0)
8531 goto bad_log_level;
8532 cur_arg++;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008533 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8534 rule->action = *args[0] == 'a' ? HTTP_REQ_ACT_ADD_HDR : HTTP_REQ_ACT_SET_HDR;
8535 cur_arg = 1;
8536
Willy Tarreau8d1c5162013-04-03 14:13:58 +02008537 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8538 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008539 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
8540 file, linenum, args[0]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008541 goto out_err;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008542 }
8543
8544 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8545 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8546 LIST_INIT(&rule->arg.hdr_add.fmt);
Willy Tarreaua4312fa2013-04-02 16:34:32 +02008547
8548 proxy->conf.args.ctx = ARGC_HDR;
Willy Tarreau434c57c2013-01-08 01:10:24 +01008549 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, 0,
8550 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008551 cur_arg += 2;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008552 } else if (strcmp(args[0], "redirect") == 0) {
8553 struct redirect_rule *redir;
8554 char *errmsg;
8555
8556 if ((redir = http_parse_redirect_rule(file, linenum, proxy, (const char **)args + 1, &errmsg)) == NULL) {
8557 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
8558 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
8559 goto out_err;
8560 }
8561
8562 /* this redirect rule might already contain a parsed condition which
8563 * we'll pass to the http-request rule.
8564 */
8565 rule->action = HTTP_REQ_ACT_REDIR;
8566 rule->arg.redir = redir;
8567 rule->cond = redir->cond;
8568 redir->cond = NULL;
8569 cur_arg = 2;
8570 return rule;
Willy Tarreauff011f22011-01-06 17:51:27 +01008571 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008572 Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', 'tarpit', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008573 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
Willy Tarreau81499eb2012-12-27 12:19:02 +01008574 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008575 }
8576
8577 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8578 struct acl_cond *cond;
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008579 char *errmsg = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008580
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008581 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8582 Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
8583 file, linenum, args[0], errmsg);
8584 free(errmsg);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008585 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008586 }
8587 rule->cond = cond;
8588 }
8589 else if (*args[cur_arg]) {
8590 Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
8591 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8592 file, linenum, args[0], args[cur_arg]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008593 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008594 }
8595
8596 return rule;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008597 out_err:
8598 free(rule);
8599 return NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008600}
8601
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008602/* parse an "http-respose" rule */
8603struct http_res_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8604{
8605 struct http_res_rule *rule;
8606 int cur_arg;
8607
8608 rule = calloc(1, sizeof(*rule));
8609 if (!rule) {
8610 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
8611 goto out_err;
8612 }
8613
8614 if (!strcmp(args[0], "allow")) {
8615 rule->action = HTTP_RES_ACT_ALLOW;
8616 cur_arg = 1;
8617 } else if (!strcmp(args[0], "deny")) {
8618 rule->action = HTTP_RES_ACT_DENY;
8619 cur_arg = 1;
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008620 } else if (!strcmp(args[0], "set-nice")) {
8621 rule->action = HTTP_RES_ACT_SET_NICE;
8622 cur_arg = 1;
8623
8624 if (!*args[cur_arg] ||
8625 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8626 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer value).\n",
8627 file, linenum, args[0]);
8628 goto out_err;
8629 }
8630 rule->arg.nice = atoi(args[cur_arg]);
8631 if (rule->arg.nice < -1024)
8632 rule->arg.nice = -1024;
8633 else if (rule->arg.nice > 1024)
8634 rule->arg.nice = 1024;
8635 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008636 } else if (!strcmp(args[0], "set-tos")) {
8637#ifdef IP_TOS
8638 char *err;
8639 rule->action = HTTP_RES_ACT_SET_TOS;
8640 cur_arg = 1;
8641
8642 if (!*args[cur_arg] ||
8643 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8644 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8645 file, linenum, args[0]);
8646 goto out_err;
8647 }
8648
8649 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8650 if (err && *err != '\0') {
8651 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8652 file, linenum, err, args[0]);
8653 goto out_err;
8654 }
8655 cur_arg++;
8656#else
8657 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8658 goto out_err;
8659#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008660 } else if (!strcmp(args[0], "set-mark")) {
8661#ifdef SO_MARK
8662 char *err;
8663 rule->action = HTTP_RES_ACT_SET_MARK;
8664 cur_arg = 1;
8665
8666 if (!*args[cur_arg] ||
8667 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8668 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8669 file, linenum, args[0]);
8670 goto out_err;
8671 }
8672
8673 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8674 if (err && *err != '\0') {
8675 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8676 file, linenum, err, args[0]);
8677 goto out_err;
8678 }
8679 cur_arg++;
8680 global.last_checks |= LSTCHK_NETADM;
8681#else
8682 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8683 goto out_err;
8684#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008685 } else if (!strcmp(args[0], "set-log-level")) {
8686 rule->action = HTTP_RES_ACT_SET_LOGL;
8687 cur_arg = 1;
8688
8689 if (!*args[cur_arg] ||
8690 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8691 bad_log_level:
8692 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (log level name or 'silent').\n",
8693 file, linenum, args[0]);
8694 goto out_err;
8695 }
8696 if (strcmp(args[cur_arg], "silent") == 0)
8697 rule->arg.loglevel = -1;
8698 else if ((rule->arg.loglevel = get_log_level(args[cur_arg] + 1)) == 0)
8699 goto bad_log_level;
8700 cur_arg++;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008701 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8702 rule->action = *args[0] == 'a' ? HTTP_RES_ACT_ADD_HDR : HTTP_RES_ACT_SET_HDR;
8703 cur_arg = 1;
8704
8705 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8706 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
8707 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 2 arguments.\n",
8708 file, linenum, args[0]);
8709 goto out_err;
8710 }
8711
8712 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8713 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8714 LIST_INIT(&rule->arg.hdr_add.fmt);
8715
8716 proxy->conf.args.ctx = ARGC_HDR;
8717 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, 0,
8718 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR);
8719 cur_arg += 2;
8720 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008721 Alert("parsing [%s:%d]: 'http-response' expects 'allow', 'deny', 'redirect', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008722 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
8723 goto out_err;
8724 }
8725
8726 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8727 struct acl_cond *cond;
8728 char *errmsg = NULL;
8729
8730 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8731 Alert("parsing [%s:%d] : error detected while parsing an 'http-response %s' condition : %s.\n",
8732 file, linenum, args[0], errmsg);
8733 free(errmsg);
8734 goto out_err;
8735 }
8736 rule->cond = cond;
8737 }
8738 else if (*args[cur_arg]) {
8739 Alert("parsing [%s:%d]: 'http-response %s' expects"
8740 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8741 file, linenum, args[0], args[cur_arg]);
8742 goto out_err;
8743 }
8744
8745 return rule;
8746 out_err:
8747 free(rule);
8748 return NULL;
8749}
8750
Willy Tarreau4baae242012-12-27 12:00:31 +01008751/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
8752 * with <err> filled with the error message.
8753 */
8754struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
8755 const char **args, char **errmsg)
8756{
8757 struct redirect_rule *rule;
8758 int cur_arg;
8759 int type = REDIRECT_TYPE_NONE;
8760 int code = 302;
8761 const char *destination = NULL;
8762 const char *cookie = NULL;
8763 int cookie_set = 0;
8764 unsigned int flags = REDIRECT_FLAG_NONE;
8765 struct acl_cond *cond = NULL;
8766
8767 cur_arg = 0;
8768 while (*(args[cur_arg])) {
8769 if (strcmp(args[cur_arg], "location") == 0) {
8770 if (!*args[cur_arg + 1])
8771 goto missing_arg;
8772
8773 type = REDIRECT_TYPE_LOCATION;
8774 cur_arg++;
8775 destination = args[cur_arg];
8776 }
8777 else if (strcmp(args[cur_arg], "prefix") == 0) {
8778 if (!*args[cur_arg + 1])
8779 goto missing_arg;
8780
8781 type = REDIRECT_TYPE_PREFIX;
8782 cur_arg++;
8783 destination = args[cur_arg];
8784 }
8785 else if (strcmp(args[cur_arg], "scheme") == 0) {
8786 if (!*args[cur_arg + 1])
8787 goto missing_arg;
8788
8789 type = REDIRECT_TYPE_SCHEME;
8790 cur_arg++;
8791 destination = args[cur_arg];
8792 }
8793 else if (strcmp(args[cur_arg], "set-cookie") == 0) {
8794 if (!*args[cur_arg + 1])
8795 goto missing_arg;
8796
8797 cur_arg++;
8798 cookie = args[cur_arg];
8799 cookie_set = 1;
8800 }
8801 else if (strcmp(args[cur_arg], "clear-cookie") == 0) {
8802 if (!*args[cur_arg + 1])
8803 goto missing_arg;
8804
8805 cur_arg++;
8806 cookie = args[cur_arg];
8807 cookie_set = 0;
8808 }
8809 else if (strcmp(args[cur_arg], "code") == 0) {
8810 if (!*args[cur_arg + 1])
8811 goto missing_arg;
8812
8813 cur_arg++;
8814 code = atol(args[cur_arg]);
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008815 if (code < 301 || code > 308 || (code > 303 && code < 307)) {
Willy Tarreau4baae242012-12-27 12:00:31 +01008816 memprintf(errmsg,
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008817 "'%s': unsupported HTTP code '%s' (must be one of 301, 302, 303, 307 or 308)",
Willy Tarreau4baae242012-12-27 12:00:31 +01008818 args[cur_arg - 1], args[cur_arg]);
8819 return NULL;
8820 }
8821 }
8822 else if (!strcmp(args[cur_arg],"drop-query")) {
8823 flags |= REDIRECT_FLAG_DROP_QS;
8824 }
8825 else if (!strcmp(args[cur_arg],"append-slash")) {
8826 flags |= REDIRECT_FLAG_APPEND_SLASH;
8827 }
8828 else if (strcmp(args[cur_arg], "if") == 0 ||
8829 strcmp(args[cur_arg], "unless") == 0) {
8830 cond = build_acl_cond(file, linenum, curproxy, (const char **)args + cur_arg, errmsg);
8831 if (!cond) {
8832 memprintf(errmsg, "error in condition: %s", *errmsg);
8833 return NULL;
8834 }
8835 break;
8836 }
8837 else {
8838 memprintf(errmsg,
8839 "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
8840 args[cur_arg]);
8841 return NULL;
8842 }
8843 cur_arg++;
8844 }
8845
8846 if (type == REDIRECT_TYPE_NONE) {
8847 memprintf(errmsg, "redirection type expected ('prefix', 'location', or 'scheme')");
8848 return NULL;
8849 }
8850
8851 rule = (struct redirect_rule *)calloc(1, sizeof(*rule));
8852 rule->cond = cond;
8853 rule->rdr_str = strdup(destination);
8854 rule->rdr_len = strlen(destination);
8855 if (cookie) {
8856 /* depending on cookie_set, either we want to set the cookie, or to clear it.
8857 * a clear consists in appending "; path=/; Max-Age=0;" at the end.
8858 */
8859 rule->cookie_len = strlen(cookie);
8860 if (cookie_set) {
8861 rule->cookie_str = malloc(rule->cookie_len + 10);
8862 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8863 memcpy(rule->cookie_str + rule->cookie_len, "; path=/;", 10);
8864 rule->cookie_len += 9;
8865 } else {
8866 rule->cookie_str = malloc(rule->cookie_len + 21);
8867 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8868 memcpy(rule->cookie_str + rule->cookie_len, "; path=/; Max-Age=0;", 21);
8869 rule->cookie_len += 20;
8870 }
8871 }
8872 rule->type = type;
8873 rule->code = code;
8874 rule->flags = flags;
8875 LIST_INIT(&rule->list);
8876 return rule;
8877
8878 missing_arg:
8879 memprintf(errmsg, "missing argument for '%s'", args[cur_arg]);
8880 return NULL;
8881}
8882
Willy Tarreau8797c062007-05-07 00:55:35 +02008883/************************************************************************/
8884/* The code below is dedicated to ACL parsing and matching */
8885/************************************************************************/
8886
8887
Willy Tarreau14174bc2012-04-16 14:34:04 +02008888/* This function ensures that the prerequisites for an L7 fetch are ready,
8889 * which means that a request or response is ready. If some data is missing,
8890 * a parsing attempt is made. This is useful in TCP-based ACLs which are able
Willy Tarreau24e32d82012-04-23 23:55:44 +02008891 * to extract data from L7. If <req_vol> is non-null during a request prefetch,
8892 * another test is made to ensure the required information is not gone.
Willy Tarreau14174bc2012-04-16 14:34:04 +02008893 *
8894 * The function returns :
Willy Tarreau506d0502013-07-06 13:29:24 +02008895 * 0 with SMP_F_MAY_CHANGE in the sample flags if some data is missing to
8896 * decide whether or not an HTTP message is present ;
8897 * 0 if the requested data cannot be fetched or if it is certain that
8898 * we'll never have any HTTP message there ;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008899 * 1 if an HTTP message is ready
8900 */
8901static int
Willy Tarreau506d0502013-07-06 13:29:24 +02008902smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02008903 const struct arg *args, struct sample *smp, int req_vol)
Willy Tarreau14174bc2012-04-16 14:34:04 +02008904{
8905 struct http_txn *txn = l7;
8906 struct http_msg *msg = &txn->req;
8907
8908 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
8909 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
8910 */
8911
8912 if (unlikely(!s || !txn))
8913 return 0;
8914
8915 /* Check for a dependency on a request */
Willy Tarreauf853c462012-04-23 18:53:56 +02008916 smp->type = SMP_T_BOOL;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008917
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02008918 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02008919 if (unlikely(!s->req))
8920 return 0;
8921
Willy Tarreauaae75e32013-03-29 12:31:49 +01008922 /* If the buffer does not leave enough free space at the end,
8923 * we must first realign it.
8924 */
8925 if (s->req->buf->p > s->req->buf->data &&
8926 s->req->buf->i + s->req->buf->p > s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)
8927 buffer_slow_realign(s->req->buf);
8928
Willy Tarreau14174bc2012-04-16 14:34:04 +02008929 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
Willy Tarreau472b1ee2013-10-14 22:41:30 +02008930 if (msg->msg_state == HTTP_MSG_ERROR)
Willy Tarreau506d0502013-07-06 13:29:24 +02008931 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008932
8933 /* Try to decode HTTP request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008934 if (likely(msg->next < s->req->buf->i))
Willy Tarreau14174bc2012-04-16 14:34:04 +02008935 http_msg_analyzer(msg, &txn->hdr_idx);
8936
8937 /* Still no valid request ? */
8938 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02008939 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02008940 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau506d0502013-07-06 13:29:24 +02008941 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008942 }
8943 /* wait for final state */
Willy Tarreau37406352012-04-23 16:16:37 +02008944 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008945 return 0;
8946 }
8947
8948 /* OK we just got a valid HTTP request. We have some minor
8949 * preparation to perform so that further checks can rely
8950 * on HTTP tests.
8951 */
Willy Tarreauaae75e32013-03-29 12:31:49 +01008952
8953 /* If the request was parsed but was too large, we must absolutely
8954 * return an error so that it is not processed. At the moment this
8955 * cannot happen, but if the parsers are to change in the future,
8956 * we want this check to be maintained.
8957 */
8958 if (unlikely(s->req->buf->i + s->req->buf->p >
8959 s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)) {
8960 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau506d0502013-07-06 13:29:24 +02008961 smp->data.uint = 1;
Willy Tarreauaae75e32013-03-29 12:31:49 +01008962 return 1;
8963 }
8964
Willy Tarreau9b28e032012-10-12 23:49:43 +02008965 txn->meth = find_http_meth(msg->chn->buf->p, msg->sl.rq.m_l);
Willy Tarreau14174bc2012-04-16 14:34:04 +02008966 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
8967 s->flags |= SN_REDIRECTABLE;
8968
Willy Tarreau506d0502013-07-06 13:29:24 +02008969 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
8970 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008971 }
8972
Willy Tarreau506d0502013-07-06 13:29:24 +02008973 if (req_vol && txn->rsp.msg_state != HTTP_MSG_RPBEFORE) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02008974 return 0; /* data might have moved and indexes changed */
Willy Tarreau506d0502013-07-06 13:29:24 +02008975 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02008976
8977 /* otherwise everything's ready for the request */
8978 }
Willy Tarreau24e32d82012-04-23 23:55:44 +02008979 else {
8980 /* Check for a dependency on a response */
Willy Tarreau506d0502013-07-06 13:29:24 +02008981 if (txn->rsp.msg_state < HTTP_MSG_BODY) {
8982 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008983 return 0;
Willy Tarreau506d0502013-07-06 13:29:24 +02008984 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02008985 }
8986
8987 /* everything's OK */
Willy Tarreau506d0502013-07-06 13:29:24 +02008988 smp->data.uint = 1;
Willy Tarreau14174bc2012-04-16 14:34:04 +02008989 return 1;
8990}
Willy Tarreau8797c062007-05-07 00:55:35 +02008991
Willy Tarreauc0239e02012-04-16 14:42:55 +02008992#define CHECK_HTTP_MESSAGE_FIRST() \
Willy Tarreau506d0502013-07-06 13:29:24 +02008993 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
Willy Tarreauc0239e02012-04-16 14:42:55 +02008994
Willy Tarreau24e32d82012-04-23 23:55:44 +02008995#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
Willy Tarreau506d0502013-07-06 13:29:24 +02008996 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
Willy Tarreau24e32d82012-04-23 23:55:44 +02008997
Willy Tarreau8797c062007-05-07 00:55:35 +02008998
8999/* 1. Check on METHOD
9000 * We use the pre-parsed method if it is known, and store its number as an
9001 * integer. If it is unknown, we use the pointer and the length.
9002 */
Willy Tarreau7dcb6482012-04-27 17:52:25 +02009003static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02009004{
9005 int len, meth;
9006
Willy Tarreauae8b7962007-06-09 23:10:04 +02009007 len = strlen(*text);
9008 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02009009
9010 pattern->val.i = meth;
9011 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02009012 pattern->ptr.str = strdup(*text);
Willy Tarreau7dcb6482012-04-27 17:52:25 +02009013 if (!pattern->ptr.str) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02009014 memprintf(err, "out of memory while loading pattern");
Willy Tarreau8797c062007-05-07 00:55:35 +02009015 return 0;
Willy Tarreau7dcb6482012-04-27 17:52:25 +02009016 }
Willy Tarreau8797c062007-05-07 00:55:35 +02009017 pattern->len = len;
9018 }
9019 return 1;
9020}
9021
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009022/* This function fetches the method of current HTTP request and stores
9023 * it in the global pattern struct as a chunk. There are two possibilities :
9024 * - if the method is known (not HTTP_METH_OTHER), its identifier is stored
9025 * in <len> and <ptr> is NULL ;
9026 * - if the method is unknown (HTTP_METH_OTHER), <ptr> points to the text and
9027 * <len> to its length.
9028 * This is intended to be used with acl_match_meth() only.
9029 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009030static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009031smp_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009032 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009033{
9034 int meth;
9035 struct http_txn *txn = l7;
9036
Willy Tarreau24e32d82012-04-23 23:55:44 +02009037 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009038
Willy Tarreau8797c062007-05-07 00:55:35 +02009039 meth = txn->meth;
Willy Tarreauf853c462012-04-23 18:53:56 +02009040 smp->type = SMP_T_UINT;
9041 smp->data.uint = meth;
Willy Tarreau8797c062007-05-07 00:55:35 +02009042 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02009043 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
9044 /* ensure the indexes are not affected */
9045 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02009046 smp->type = SMP_T_CSTR;
9047 smp->data.str.len = txn->req.sl.rq.m_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009048 smp->data.str.str = txn->req.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009049 }
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009050 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009051 return 1;
9052}
9053
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009054/* See above how the method is stored in the global pattern */
Willy Tarreau37406352012-04-23 16:16:37 +02009055static int acl_match_meth(struct sample *smp, struct acl_pattern *pattern)
Willy Tarreau8797c062007-05-07 00:55:35 +02009056{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009057 int icase;
9058
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009059
Willy Tarreauf853c462012-04-23 18:53:56 +02009060 if (smp->type == SMP_T_UINT) {
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009061 /* well-known method */
Willy Tarreauf853c462012-04-23 18:53:56 +02009062 if (smp->data.uint == pattern->val.i)
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009063 return ACL_PAT_PASS;
Willy Tarreau11382812008-07-09 16:18:21 +02009064 return ACL_PAT_FAIL;
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009065 }
Willy Tarreau8797c062007-05-07 00:55:35 +02009066
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009067 /* Uncommon method, only HTTP_METH_OTHER is accepted now */
9068 if (pattern->val.i != HTTP_METH_OTHER)
9069 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02009070
9071 /* Other method, we must compare the strings */
Willy Tarreauf853c462012-04-23 18:53:56 +02009072 if (pattern->len != smp->data.str.len)
Willy Tarreau11382812008-07-09 16:18:21 +02009073 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009074
9075 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
Willy Tarreauf853c462012-04-23 18:53:56 +02009076 if ((icase && strncasecmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0) ||
9077 (!icase && strncmp(pattern->ptr.str, smp->data.str.str, smp->data.str.len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02009078 return ACL_PAT_FAIL;
9079 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02009080}
9081
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009082static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009083smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009084 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009085{
9086 struct http_txn *txn = l7;
9087 char *ptr;
9088 int len;
9089
Willy Tarreauc0239e02012-04-16 14:42:55 +02009090 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009091
Willy Tarreau8797c062007-05-07 00:55:35 +02009092 len = txn->req.sl.rq.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009093 ptr = txn->req.chn->buf->p + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02009094
9095 while ((len-- > 0) && (*ptr++ != '/'));
9096 if (len <= 0)
9097 return 0;
9098
Willy Tarreauf853c462012-04-23 18:53:56 +02009099 smp->type = SMP_T_CSTR;
9100 smp->data.str.str = ptr;
9101 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009102
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009103 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009104 return 1;
9105}
9106
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009107static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009108smp_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009109 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009110{
9111 struct http_txn *txn = l7;
9112 char *ptr;
9113 int len;
9114
Willy Tarreauc0239e02012-04-16 14:42:55 +02009115 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009116
Willy Tarreauf26b2522012-12-14 08:33:14 +01009117 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9118 return 0;
9119
Willy Tarreau8797c062007-05-07 00:55:35 +02009120 len = txn->rsp.sl.st.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009121 ptr = txn->rsp.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009122
9123 while ((len-- > 0) && (*ptr++ != '/'));
9124 if (len <= 0)
9125 return 0;
9126
Willy Tarreauf853c462012-04-23 18:53:56 +02009127 smp->type = SMP_T_CSTR;
9128 smp->data.str.str = ptr;
9129 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009130
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009131 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009132 return 1;
9133}
9134
9135/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009136static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009137smp_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009138 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009139{
9140 struct http_txn *txn = l7;
9141 char *ptr;
9142 int len;
9143
Willy Tarreauc0239e02012-04-16 14:42:55 +02009144 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009145
Willy Tarreauf26b2522012-12-14 08:33:14 +01009146 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9147 return 0;
9148
Willy Tarreau8797c062007-05-07 00:55:35 +02009149 len = txn->rsp.sl.st.c_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009150 ptr = txn->rsp.chn->buf->p + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02009151
Willy Tarreauf853c462012-04-23 18:53:56 +02009152 smp->type = SMP_T_UINT;
9153 smp->data.uint = __strl2ui(ptr, len);
Willy Tarreau37406352012-04-23 16:16:37 +02009154 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009155 return 1;
9156}
9157
9158/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009159static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009160smp_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009161 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009162{
9163 struct http_txn *txn = l7;
9164
Willy Tarreauc0239e02012-04-16 14:42:55 +02009165 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009166
Willy Tarreauf853c462012-04-23 18:53:56 +02009167 smp->type = SMP_T_CSTR;
9168 smp->data.str.len = txn->req.sl.rq.u_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009169 smp->data.str.str = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau37406352012-04-23 16:16:37 +02009170 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009171 return 1;
9172}
9173
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009174static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009175smp_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009176 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009177{
9178 struct http_txn *txn = l7;
9179
Willy Tarreauc0239e02012-04-16 14:42:55 +02009180 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009181
9182 /* Parse HTTP request */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009183 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
9184 if (((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_family != AF_INET)
Willy Tarreauf4362b32011-12-16 17:49:52 +01009185 return 0;
Willy Tarreauf853c462012-04-23 18:53:56 +02009186 smp->type = SMP_T_IPV4;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009187 smp->data.ipv4 = ((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009188
9189 /*
9190 * If we are parsing url in frontend space, we prepare backend stage
9191 * to not parse again the same url ! optimization lazyness...
9192 */
9193 if (px->options & PR_O_HTTP_PROXY)
9194 l4->flags |= SN_ADDR_SET;
9195
Willy Tarreau37406352012-04-23 16:16:37 +02009196 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009197 return 1;
9198}
9199
9200static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009201smp_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009202 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009203{
9204 struct http_txn *txn = l7;
9205
Willy Tarreauc0239e02012-04-16 14:42:55 +02009206 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009207
9208 /* Same optimization as url_ip */
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009209 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->conn->addr.to);
Willy Tarreauf853c462012-04-23 18:53:56 +02009210 smp->type = SMP_T_UINT;
Willy Tarreauf2943dc2012-10-26 20:10:28 +02009211 smp->data.uint = ntohs(((struct sockaddr_in *)&l4->req->cons->conn->addr.to)->sin_port);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009212
9213 if (px->options & PR_O_HTTP_PROXY)
9214 l4->flags |= SN_ADDR_SET;
9215
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009216 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009217 return 1;
9218}
9219
Willy Tarreau185b5c42012-04-26 15:11:51 +02009220/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9221 * Accepts an optional argument of type string containing the header field name,
9222 * and an optional argument of type signed or unsigned integer to request an
9223 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009224 * headers are considered from the first one. It does not stop on commas and
9225 * returns full lines instead (useful for User-Agent or Date for example).
9226 */
9227static int
9228smp_fetch_fhdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009229 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009230{
9231 struct http_txn *txn = l7;
9232 struct hdr_idx *idx = &txn->hdr_idx;
9233 struct hdr_ctx *ctx = smp->ctx.a[0];
9234 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9235 int occ = 0;
9236 const char *name_str = NULL;
9237 int name_len = 0;
9238
9239 if (!ctx) {
9240 /* first call */
9241 ctx = &static_hdr_ctx;
9242 ctx->idx = 0;
9243 smp->ctx.a[0] = ctx;
9244 }
9245
9246 if (args) {
9247 if (args[0].type != ARGT_STR)
9248 return 0;
9249 name_str = args[0].data.str.str;
9250 name_len = args[0].data.str.len;
9251
9252 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9253 occ = args[1].data.uint;
9254 }
9255
9256 CHECK_HTTP_MESSAGE_FIRST();
9257
9258 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
9259 /* search for header from the beginning */
9260 ctx->idx = 0;
9261
9262 if (!occ && !(opt & SMP_OPT_ITERATE))
9263 /* no explicit occurrence and single fetch => last header by default */
9264 occ = -1;
9265
9266 if (!occ)
9267 /* prepare to report multiple occurrences for ACL fetches */
9268 smp->flags |= SMP_F_NOT_LAST;
9269
9270 smp->type = SMP_T_CSTR;
9271 smp->flags |= SMP_F_VOL_HDR;
9272 if (http_get_fhdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
9273 return 1;
9274
9275 smp->flags &= ~SMP_F_NOT_LAST;
9276 return 0;
9277}
9278
9279/* 6. Check on HTTP header count. The number of occurrences is returned.
9280 * Accepts exactly 1 argument of type string. It does not stop on commas and
9281 * returns full lines instead (useful for User-Agent or Date for example).
9282 */
9283static int
9284smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009285 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009286{
9287 struct http_txn *txn = l7;
9288 struct hdr_idx *idx = &txn->hdr_idx;
9289 struct hdr_ctx ctx;
9290 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9291 int cnt;
9292
9293 if (!args || args->type != ARGT_STR)
9294 return 0;
9295
9296 CHECK_HTTP_MESSAGE_FIRST();
9297
9298 ctx.idx = 0;
9299 cnt = 0;
9300 while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
9301 cnt++;
9302
9303 smp->type = SMP_T_UINT;
9304 smp->data.uint = cnt;
9305 smp->flags = SMP_F_VOL_HDR;
9306 return 1;
9307}
9308
9309/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9310 * Accepts an optional argument of type string containing the header field name,
9311 * and an optional argument of type signed or unsigned integer to request an
9312 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau185b5c42012-04-26 15:11:51 +02009313 * headers are considered from the first one.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009314 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02009315static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009316smp_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009317 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009318{
9319 struct http_txn *txn = l7;
9320 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009321 struct hdr_ctx *ctx = smp->ctx.a[0];
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009322 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009323 int occ = 0;
9324 const char *name_str = NULL;
9325 int name_len = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009326
Willy Tarreaua890d072013-04-02 12:01:06 +02009327 if (!ctx) {
9328 /* first call */
9329 ctx = &static_hdr_ctx;
9330 ctx->idx = 0;
Willy Tarreauffb6f082013-04-02 23:16:53 +02009331 smp->ctx.a[0] = ctx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009332 }
9333
Willy Tarreau185b5c42012-04-26 15:11:51 +02009334 if (args) {
9335 if (args[0].type != ARGT_STR)
9336 return 0;
9337 name_str = args[0].data.str.str;
9338 name_len = args[0].data.str.len;
9339
9340 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9341 occ = args[1].data.uint;
9342 }
Willy Tarreau34db1082012-04-19 17:16:54 +02009343
Willy Tarreaue333ec92012-04-16 16:26:40 +02009344 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau33a7e692007-06-10 19:45:56 +02009345
Willy Tarreau185b5c42012-04-26 15:11:51 +02009346 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009347 /* search for header from the beginning */
9348 ctx->idx = 0;
9349
Willy Tarreau185b5c42012-04-26 15:11:51 +02009350 if (!occ && !(opt & SMP_OPT_ITERATE))
9351 /* no explicit occurrence and single fetch => last header by default */
9352 occ = -1;
9353
9354 if (!occ)
9355 /* prepare to report multiple occurrences for ACL fetches */
Willy Tarreau37406352012-04-23 16:16:37 +02009356 smp->flags |= SMP_F_NOT_LAST;
Willy Tarreau664092c2011-12-16 19:11:42 +01009357
Willy Tarreau185b5c42012-04-26 15:11:51 +02009358 smp->type = SMP_T_CSTR;
9359 smp->flags |= SMP_F_VOL_HDR;
9360 if (http_get_hdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009361 return 1;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009362
Willy Tarreau37406352012-04-23 16:16:37 +02009363 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009364 return 0;
9365}
9366
Willy Tarreauc11416f2007-06-17 16:58:38 +02009367/* 6. Check on HTTP header count. The number of occurrences is returned.
Willy Tarreau34db1082012-04-19 17:16:54 +02009368 * Accepts exactly 1 argument of type string.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009369 */
9370static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009371smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009372 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009373{
9374 struct http_txn *txn = l7;
9375 struct hdr_idx *idx = &txn->hdr_idx;
9376 struct hdr_ctx ctx;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009377 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009378 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02009379
Willy Tarreau24e32d82012-04-23 23:55:44 +02009380 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009381 return 0;
9382
Willy Tarreaue333ec92012-04-16 16:26:40 +02009383 CHECK_HTTP_MESSAGE_FIRST();
9384
Willy Tarreau33a7e692007-06-10 19:45:56 +02009385 ctx.idx = 0;
9386 cnt = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009387 while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009388 cnt++;
9389
Willy Tarreauf853c462012-04-23 18:53:56 +02009390 smp->type = SMP_T_UINT;
9391 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009392 smp->flags = SMP_F_VOL_HDR;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009393 return 1;
9394}
9395
Willy Tarreau185b5c42012-04-26 15:11:51 +02009396/* Fetch an HTTP header's integer value. The integer value is returned. It
9397 * takes a mandatory argument of type string and an optional one of type int
9398 * to designate a specific occurrence. It returns an unsigned integer, which
9399 * may or may not be appropriate for everything.
Willy Tarreau33a7e692007-06-10 19:45:56 +02009400 */
9401static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009402smp_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009403 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009404{
Willy Tarreauef38c392013-07-22 16:29:32 +02009405 int ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw);
Willy Tarreaue333ec92012-04-16 16:26:40 +02009406
Willy Tarreauf853c462012-04-23 18:53:56 +02009407 if (ret > 0) {
9408 smp->type = SMP_T_UINT;
9409 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
9410 }
Willy Tarreau33a7e692007-06-10 19:45:56 +02009411
Willy Tarreaud53e2422012-04-16 17:21:11 +02009412 return ret;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009413}
9414
Cyril Bonté69fa9922012-10-25 00:01:06 +02009415/* Fetch an HTTP header's IP value. takes a mandatory argument of type string
9416 * and an optional one of type int to designate a specific occurrence.
9417 * It returns an IPv4 or IPv6 address.
Willy Tarreau106f9792009-09-19 07:54:16 +02009418 */
9419static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009420smp_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009421 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau106f9792009-09-19 07:54:16 +02009422{
Willy Tarreaud53e2422012-04-16 17:21:11 +02009423 int ret;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009424
Willy Tarreauef38c392013-07-22 16:29:32 +02009425 while ((ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw)) > 0) {
Cyril Bonté69fa9922012-10-25 00:01:06 +02009426 if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) {
9427 smp->type = SMP_T_IPV4;
Willy Tarreaud53e2422012-04-16 17:21:11 +02009428 break;
Cyril Bonté69fa9922012-10-25 00:01:06 +02009429 } else {
Willy Tarreau47ca5452012-12-23 20:22:19 +01009430 struct chunk *temp = get_trash_chunk();
Cyril Bonté69fa9922012-10-25 00:01:06 +02009431 if (smp->data.str.len < temp->size - 1) {
9432 memcpy(temp->str, smp->data.str.str, smp->data.str.len);
9433 temp->str[smp->data.str.len] = '\0';
9434 if (inet_pton(AF_INET6, temp->str, &smp->data.ipv6)) {
9435 smp->type = SMP_T_IPV6;
9436 break;
9437 }
9438 }
9439 }
9440
Willy Tarreaud53e2422012-04-16 17:21:11 +02009441 /* if the header doesn't match an IP address, fetch next one */
Willy Tarreau185b5c42012-04-26 15:11:51 +02009442 if (!(smp->flags & SMP_F_NOT_LAST))
9443 return 0;
Willy Tarreau106f9792009-09-19 07:54:16 +02009444 }
Willy Tarreaud53e2422012-04-16 17:21:11 +02009445 return ret;
Willy Tarreau106f9792009-09-19 07:54:16 +02009446}
9447
Willy Tarreau737b0c12007-06-10 21:28:46 +02009448/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
9449 * the first '/' after the possible hostname, and ends before the possible '?'.
9450 */
9451static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009452smp_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009453 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009454{
9455 struct http_txn *txn = l7;
9456 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009457
Willy Tarreauc0239e02012-04-16 14:42:55 +02009458 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009459
Willy Tarreau9b28e032012-10-12 23:49:43 +02009460 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01009461 ptr = http_get_path(txn);
9462 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009463 return 0;
9464
9465 /* OK, we got the '/' ! */
Willy Tarreauf853c462012-04-23 18:53:56 +02009466 smp->type = SMP_T_CSTR;
9467 smp->data.str.str = ptr;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009468
9469 while (ptr < end && *ptr != '?')
9470 ptr++;
9471
Willy Tarreauf853c462012-04-23 18:53:56 +02009472 smp->data.str.len = ptr - smp->data.str.str;
Willy Tarreau37406352012-04-23 16:16:37 +02009473 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009474 return 1;
9475}
9476
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009477/* This produces a concatenation of the first occurrence of the Host header
9478 * followed by the path component if it begins with a slash ('/'). This means
9479 * that '*' will not be added, resulting in exactly the first Host entry.
9480 * If no Host header is found, then the path is returned as-is. The returned
9481 * value is stored in the trash so it does not need to be marked constant.
9482 */
9483static int
9484smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009485 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009486{
9487 struct http_txn *txn = l7;
9488 char *ptr, *end, *beg;
9489 struct hdr_ctx ctx;
9490
9491 CHECK_HTTP_MESSAGE_FIRST();
9492
9493 ctx.idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009494 if (!http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx) ||
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009495 !ctx.vlen)
Willy Tarreauef38c392013-07-22 16:29:32 +02009496 return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009497
9498 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009499 memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009500 smp->type = SMP_T_STR;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009501 smp->data.str.str = trash.str;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009502 smp->data.str.len = ctx.vlen;
9503
9504 /* now retrieve the path */
Willy Tarreau9b28e032012-10-12 23:49:43 +02009505 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009506 beg = http_get_path(txn);
9507 if (!beg)
9508 beg = end;
9509
9510 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9511
9512 if (beg < ptr && *beg == '/') {
9513 memcpy(smp->data.str.str + smp->data.str.len, beg, ptr - beg);
9514 smp->data.str.len += ptr - beg;
9515 }
9516
9517 smp->flags = SMP_F_VOL_1ST;
9518 return 1;
9519}
9520
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009521/* This produces a 32-bit hash of the concatenation of the first occurrence of
9522 * the Host header followed by the path component if it begins with a slash ('/').
9523 * This means that '*' will not be added, resulting in exactly the first Host
9524 * entry. If no Host header is found, then the path is used. The resulting value
9525 * is hashed using the url hash followed by a full avalanche hash and provides a
9526 * 32-bit integer value. This fetch is useful for tracking per-URL activity on
9527 * high-traffic sites without having to store whole paths.
9528 */
9529static int
9530smp_fetch_base32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009531 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009532{
9533 struct http_txn *txn = l7;
9534 struct hdr_ctx ctx;
9535 unsigned int hash = 0;
9536 char *ptr, *beg, *end;
9537 int len;
9538
9539 CHECK_HTTP_MESSAGE_FIRST();
9540
9541 ctx.idx = 0;
9542 if (http_find_header2("Host", 4, txn->req.chn->buf->p + txn->req.sol, &txn->hdr_idx, &ctx)) {
9543 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
9544 ptr = ctx.line + ctx.val;
9545 len = ctx.vlen;
9546 while (len--)
9547 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
9548 }
9549
9550 /* now retrieve the path */
9551 end = txn->req.chn->buf->p + txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
9552 beg = http_get_path(txn);
9553 if (!beg)
9554 beg = end;
9555
9556 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9557
9558 if (beg < ptr && *beg == '/') {
9559 while (beg < ptr)
9560 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
9561 }
9562 hash = full_hash(hash);
9563
9564 smp->type = SMP_T_UINT;
9565 smp->data.uint = hash;
9566 smp->flags = SMP_F_VOL_1ST;
9567 return 1;
9568}
9569
Willy Tarreau4a550602012-12-09 14:53:32 +01009570/* This concatenates the source address with the 32-bit hash of the Host and
9571 * URL as returned by smp_fetch_base32(). The idea is to have per-source and
9572 * per-url counters. The result is a binary block from 8 to 20 bytes depending
9573 * on the source address length. The URL hash is stored before the address so
9574 * that in environments where IPv6 is insignificant, truncating the output to
9575 * 8 bytes would still work.
9576 */
9577static int
9578smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009579 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a550602012-12-09 14:53:32 +01009580{
Willy Tarreau47ca5452012-12-23 20:22:19 +01009581 struct chunk *temp;
Willy Tarreau4a550602012-12-09 14:53:32 +01009582
Willy Tarreauef38c392013-07-22 16:29:32 +02009583 if (!smp_fetch_base32(px, l4, l7, opt, args, smp, kw))
Willy Tarreau4a550602012-12-09 14:53:32 +01009584 return 0;
9585
Willy Tarreau47ca5452012-12-23 20:22:19 +01009586 temp = get_trash_chunk();
Willy Tarreau4a550602012-12-09 14:53:32 +01009587 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
9588 temp->len += sizeof(smp->data.uint);
9589
9590 switch (l4->si[0].conn->addr.from.ss_family) {
9591 case AF_INET:
9592 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&l4->si[0].conn->addr.from)->sin_addr, 4);
9593 temp->len += 4;
9594 break;
9595 case AF_INET6:
9596 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)(&l4->si[0].conn->addr.from))->sin6_addr, 16);
9597 temp->len += 16;
9598 break;
9599 default:
9600 return 0;
9601 }
9602
9603 smp->data.str = *temp;
9604 smp->type = SMP_T_BIN;
9605 return 1;
9606}
9607
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009608static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009609smp_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009610 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009611{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009612 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
9613 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
9614 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009615
Willy Tarreau24e32d82012-04-23 23:55:44 +02009616 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009617
Willy Tarreauf853c462012-04-23 18:53:56 +02009618 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009619 smp->data.uint = 1;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009620 return 1;
9621}
9622
Willy Tarreau7f18e522010-10-22 20:04:13 +02009623/* return a valid test if the current request is the first one on the connection */
9624static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009625smp_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009626 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7f18e522010-10-22 20:04:13 +02009627{
9628 if (!s)
9629 return 0;
9630
Willy Tarreauf853c462012-04-23 18:53:56 +02009631 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009632 smp->data.uint = !(s->txn.flags & TX_NOT_FIRST);
Willy Tarreau7f18e522010-10-22 20:04:13 +02009633 return 1;
9634}
9635
Willy Tarreau34db1082012-04-19 17:16:54 +02009636/* Accepts exactly 1 argument of type userlist */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009637static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009638smp_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009639 const struct arg *args, struct sample *smp, const char *kw)
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009640{
9641
Willy Tarreau24e32d82012-04-23 23:55:44 +02009642 if (!args || args->type != ARGT_USR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009643 return 0;
9644
Willy Tarreauc0239e02012-04-16 14:42:55 +02009645 CHECK_HTTP_MESSAGE_FIRST();
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009646
Willy Tarreauc0239e02012-04-16 14:42:55 +02009647 if (!get_http_auth(l4))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009648 return 0;
9649
Willy Tarreauf853c462012-04-23 18:53:56 +02009650 smp->type = SMP_T_BOOL;
Willy Tarreau24e32d82012-04-23 23:55:44 +02009651 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009652 return 1;
9653}
Willy Tarreau8797c062007-05-07 00:55:35 +02009654
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009655/* Accepts exactly 1 argument of type userlist */
9656static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009657smp_fetch_http_auth_grp(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009658 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009659{
9660
9661 if (!args || args->type != ARGT_USR)
9662 return 0;
9663
9664 CHECK_HTTP_MESSAGE_FIRST();
9665
9666 if (!get_http_auth(l4))
9667 return 0;
9668
9669 /* acl_match_auth() will need several information at once */
9670 smp->ctx.a[0] = args->data.usr; /* user list */
9671 smp->ctx.a[1] = l4->txn.auth.user; /* user name */
9672 smp->ctx.a[2] = l4->txn.auth.pass; /* password */
9673
9674 /* if the user does not belong to the userlist or has a wrong password,
9675 * report that it unconditionally does not match. Otherwise we return
9676 * a non-zero integer which will be ignored anyway since all the params
9677 * that acl_match_auth() will use are in test->ctx.a[0,1,2].
9678 */
9679 smp->type = SMP_T_BOOL;
9680 smp->data.uint = check_user(args->data.usr, 0, l4->txn.auth.user, l4->txn.auth.pass);
9681 if (smp->data.uint)
9682 smp->type = SMP_T_UINT;
9683
9684 return 1;
9685}
9686
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009687/* Try to find the next occurrence of a cookie name in a cookie header value.
9688 * The lookup begins at <hdr>. The pointer and size of the next occurrence of
9689 * the cookie value is returned into *value and *value_l, and the function
9690 * returns a pointer to the next pointer to search from if the value was found.
9691 * Otherwise if the cookie was not found, NULL is returned and neither value
9692 * nor value_l are touched. The input <hdr> string should first point to the
9693 * header's value, and the <hdr_end> pointer must point to the first character
9694 * not part of the value. <list> must be non-zero if value may represent a list
9695 * of values (cookie headers). This makes it faster to abort parsing when no
9696 * list is expected.
9697 */
9698static char *
9699extract_cookie_value(char *hdr, const char *hdr_end,
9700 char *cookie_name, size_t cookie_name_l, int list,
Willy Tarreau3fb818c2012-04-11 17:21:08 +02009701 char **value, int *value_l)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009702{
9703 char *equal, *att_end, *att_beg, *val_beg, *val_end;
9704 char *next;
9705
9706 /* we search at least a cookie name followed by an equal, and more
9707 * generally something like this :
9708 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
9709 */
9710 for (att_beg = hdr; att_beg + cookie_name_l + 1 < hdr_end; att_beg = next + 1) {
9711 /* Iterate through all cookies on this line */
9712
9713 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
9714 att_beg++;
9715
9716 /* find att_end : this is the first character after the last non
9717 * space before the equal. It may be equal to hdr_end.
9718 */
9719 equal = att_end = att_beg;
9720
9721 while (equal < hdr_end) {
9722 if (*equal == '=' || *equal == ';' || (list && *equal == ','))
9723 break;
9724 if (http_is_spht[(unsigned char)*equal++])
9725 continue;
9726 att_end = equal;
9727 }
9728
9729 /* here, <equal> points to '=', a delimitor or the end. <att_end>
9730 * is between <att_beg> and <equal>, both may be identical.
9731 */
9732
9733 /* look for end of cookie if there is an equal sign */
9734 if (equal < hdr_end && *equal == '=') {
9735 /* look for the beginning of the value */
9736 val_beg = equal + 1;
9737 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
9738 val_beg++;
9739
9740 /* find the end of the value, respecting quotes */
9741 next = find_cookie_value_end(val_beg, hdr_end);
9742
9743 /* make val_end point to the first white space or delimitor after the value */
9744 val_end = next;
9745 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
9746 val_end--;
9747 } else {
9748 val_beg = val_end = next = equal;
9749 }
9750
9751 /* We have nothing to do with attributes beginning with '$'. However,
9752 * they will automatically be removed if a header before them is removed,
9753 * since they're supposed to be linked together.
9754 */
9755 if (*att_beg == '$')
9756 continue;
9757
9758 /* Ignore cookies with no equal sign */
9759 if (equal == next)
9760 continue;
9761
9762 /* Now we have the cookie name between att_beg and att_end, and
9763 * its value between val_beg and val_end.
9764 */
9765
9766 if (att_end - att_beg == cookie_name_l &&
9767 memcmp(att_beg, cookie_name, cookie_name_l) == 0) {
9768 /* let's return this value and indicate where to go on from */
9769 *value = val_beg;
9770 *value_l = val_end - val_beg;
9771 return next + 1;
9772 }
9773
9774 /* Set-Cookie headers only have the name in the first attr=value part */
9775 if (!list)
9776 break;
9777 }
9778
9779 return NULL;
9780}
9781
Willy Tarreaue333ec92012-04-16 16:26:40 +02009782/* Iterate over all cookies present in a message. The context is stored in
Willy Tarreau37406352012-04-23 16:16:37 +02009783 * smp->ctx.a[0] for the in-header position, smp->ctx.a[1] for the
Willy Tarreaua890d072013-04-02 12:01:06 +02009784 * end-of-header-value, and smp->ctx.a[2] for the hdr_ctx. Depending on
Willy Tarreaue333ec92012-04-16 16:26:40 +02009785 * the direction, multiple cookies may be parsed on the same line or not.
Willy Tarreau24e32d82012-04-23 23:55:44 +02009786 * The cookie name is in args and the name length in args->data.str.len.
Willy Tarreau28376d62012-04-26 21:26:10 +02009787 * Accepts exactly 1 argument of type string. If the input options indicate
9788 * that no iterating is desired, then only last value is fetched if any.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009789 */
9790static int
Willy Tarreau51539362012-05-08 12:46:28 +02009791smp_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009792 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009793{
9794 struct http_txn *txn = l7;
9795 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009796 struct hdr_ctx *ctx = smp->ctx.a[2];
Willy Tarreaue333ec92012-04-16 16:26:40 +02009797 const struct http_msg *msg;
9798 const char *hdr_name;
9799 int hdr_name_len;
9800 char *sol;
Willy Tarreau28376d62012-04-26 21:26:10 +02009801 int occ = 0;
9802 int found = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009803
Willy Tarreau24e32d82012-04-23 23:55:44 +02009804 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009805 return 0;
9806
Willy Tarreaua890d072013-04-02 12:01:06 +02009807 if (!ctx) {
9808 /* first call */
9809 ctx = &static_hdr_ctx;
9810 ctx->idx = 0;
9811 smp->ctx.a[2] = ctx;
9812 }
9813
Willy Tarreaue333ec92012-04-16 16:26:40 +02009814 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009815
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009816 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02009817 msg = &txn->req;
9818 hdr_name = "Cookie";
9819 hdr_name_len = 6;
9820 } else {
9821 msg = &txn->rsp;
9822 hdr_name = "Set-Cookie";
9823 hdr_name_len = 10;
9824 }
9825
Willy Tarreau28376d62012-04-26 21:26:10 +02009826 if (!occ && !(opt & SMP_OPT_ITERATE))
9827 /* no explicit occurrence and single fetch => last cookie by default */
9828 occ = -1;
9829
9830 /* OK so basically here, either we want only one value and it's the
9831 * last one, or we want to iterate over all of them and we fetch the
9832 * next one.
9833 */
9834
Willy Tarreau9b28e032012-10-12 23:49:43 +02009835 sol = msg->chn->buf->p;
Willy Tarreau37406352012-04-23 16:16:37 +02009836 if (!(smp->flags & SMP_F_NOT_LAST)) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009837 /* search for the header from the beginning, we must first initialize
9838 * the search parameters.
9839 */
Willy Tarreau37406352012-04-23 16:16:37 +02009840 smp->ctx.a[0] = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009841 ctx->idx = 0;
9842 }
9843
Willy Tarreau28376d62012-04-26 21:26:10 +02009844 smp->flags |= SMP_F_VOL_HDR;
9845
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009846 while (1) {
Willy Tarreau37406352012-04-23 16:16:37 +02009847 /* Note: smp->ctx.a[0] == NULL every time we need to fetch a new header */
9848 if (!smp->ctx.a[0]) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009849 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, ctx))
9850 goto out;
9851
Willy Tarreau24e32d82012-04-23 23:55:44 +02009852 if (ctx->vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009853 continue;
9854
Willy Tarreau37406352012-04-23 16:16:37 +02009855 smp->ctx.a[0] = ctx->line + ctx->val;
9856 smp->ctx.a[1] = smp->ctx.a[0] + ctx->vlen;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009857 }
9858
Willy Tarreauf853c462012-04-23 18:53:56 +02009859 smp->type = SMP_T_CSTR;
Willy Tarreau37406352012-04-23 16:16:37 +02009860 smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
Willy Tarreau24e32d82012-04-23 23:55:44 +02009861 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009862 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02009863 &smp->data.str.str,
9864 &smp->data.str.len);
Willy Tarreau37406352012-04-23 16:16:37 +02009865 if (smp->ctx.a[0]) {
Willy Tarreau28376d62012-04-26 21:26:10 +02009866 found = 1;
9867 if (occ >= 0) {
9868 /* one value was returned into smp->data.str.{str,len} */
9869 smp->flags |= SMP_F_NOT_LAST;
9870 return 1;
9871 }
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009872 }
Willy Tarreau28376d62012-04-26 21:26:10 +02009873 /* if we're looking for last occurrence, let's loop */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009874 }
Willy Tarreau28376d62012-04-26 21:26:10 +02009875 /* all cookie headers and values were scanned. If we're looking for the
9876 * last occurrence, we may return it now.
9877 */
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009878 out:
Willy Tarreau37406352012-04-23 16:16:37 +02009879 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau28376d62012-04-26 21:26:10 +02009880 return found;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009881}
9882
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009883/* Iterate over all cookies present in a request to count how many occurrences
Willy Tarreau24e32d82012-04-23 23:55:44 +02009884 * match the name in args and args->data.str.len. If <multi> is non-null, then
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009885 * multiple cookies may be parsed on the same line.
Willy Tarreau34db1082012-04-19 17:16:54 +02009886 * Accepts exactly 1 argument of type string.
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009887 */
9888static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009889smp_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009890 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009891{
9892 struct http_txn *txn = l7;
9893 struct hdr_idx *idx = &txn->hdr_idx;
9894 struct hdr_ctx ctx;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009895 const struct http_msg *msg;
9896 const char *hdr_name;
9897 int hdr_name_len;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009898 int cnt;
9899 char *val_beg, *val_end;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009900 char *sol;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009901
Willy Tarreau24e32d82012-04-23 23:55:44 +02009902 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009903 return 0;
9904
Willy Tarreaue333ec92012-04-16 16:26:40 +02009905 CHECK_HTTP_MESSAGE_FIRST();
9906
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009907 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +02009908 msg = &txn->req;
9909 hdr_name = "Cookie";
9910 hdr_name_len = 6;
9911 } else {
9912 msg = &txn->rsp;
9913 hdr_name = "Set-Cookie";
9914 hdr_name_len = 10;
9915 }
9916
Willy Tarreau9b28e032012-10-12 23:49:43 +02009917 sol = msg->chn->buf->p;
Willy Tarreau46787ed2012-04-11 17:28:40 +02009918 val_end = val_beg = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009919 ctx.idx = 0;
9920 cnt = 0;
9921
9922 while (1) {
9923 /* Note: val_beg == NULL every time we need to fetch a new header */
9924 if (!val_beg) {
9925 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, &ctx))
9926 break;
9927
Willy Tarreau24e32d82012-04-23 23:55:44 +02009928 if (ctx.vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009929 continue;
9930
9931 val_beg = ctx.line + ctx.val;
9932 val_end = val_beg + ctx.vlen;
9933 }
9934
Willy Tarreauf853c462012-04-23 18:53:56 +02009935 smp->type = SMP_T_CSTR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009936 while ((val_beg = extract_cookie_value(val_beg, val_end,
Willy Tarreau24e32d82012-04-23 23:55:44 +02009937 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009938 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +02009939 &smp->data.str.str,
9940 &smp->data.str.len))) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009941 cnt++;
9942 }
9943 }
9944
Willy Tarreauf853c462012-04-23 18:53:56 +02009945 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009946 smp->flags |= SMP_F_VOL_HDR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009947 return 1;
9948}
9949
Willy Tarreau51539362012-05-08 12:46:28 +02009950/* Fetch an cookie's integer value. The integer value is returned. It
9951 * takes a mandatory argument of type string. It relies on smp_fetch_cookie().
9952 */
9953static int
9954smp_fetch_cookie_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009955 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau51539362012-05-08 12:46:28 +02009956{
Willy Tarreauef38c392013-07-22 16:29:32 +02009957 int ret = smp_fetch_cookie(px, l4, l7, opt, args, smp, kw);
Willy Tarreau51539362012-05-08 12:46:28 +02009958
9959 if (ret > 0) {
9960 smp->type = SMP_T_UINT;
9961 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
9962 }
9963
9964 return ret;
9965}
9966
Willy Tarreau8797c062007-05-07 00:55:35 +02009967/************************************************************************/
Willy Tarreau12785782012-04-27 21:37:17 +02009968/* The code below is dedicated to sample fetches */
Willy Tarreau4a568972010-05-12 08:08:50 +02009969/************************************************************************/
9970
David Cournapeau16023ee2010-12-23 20:55:41 +09009971/*
9972 * Given a path string and its length, find the position of beginning of the
9973 * query string. Returns NULL if no query string is found in the path.
9974 *
9975 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
9976 *
9977 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
9978 */
bedis4c75cca2012-10-05 08:38:24 +02009979static inline char *find_param_list(char *path, size_t path_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009980{
9981 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +02009982
bedis4c75cca2012-10-05 08:38:24 +02009983 p = memchr(path, delim, path_l);
David Cournapeau16023ee2010-12-23 20:55:41 +09009984 return p ? p + 1 : NULL;
9985}
9986
bedis4c75cca2012-10-05 08:38:24 +02009987static inline int is_param_delimiter(char c, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +09009988{
bedis4c75cca2012-10-05 08:38:24 +02009989 return c == '&' || c == ';' || c == delim;
David Cournapeau16023ee2010-12-23 20:55:41 +09009990}
9991
9992/*
9993 * Given a url parameter, find the starting position of the first occurence,
9994 * or NULL if the parameter is not found.
9995 *
9996 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
9997 * the function will return query_string+8.
9998 */
9999static char*
10000find_url_param_pos(char* query_string, size_t query_string_l,
bedis4c75cca2012-10-05 08:38:24 +020010001 char* url_param_name, size_t url_param_name_l,
10002 char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010003{
10004 char *pos, *last;
10005
10006 pos = query_string;
10007 last = query_string + query_string_l - url_param_name_l - 1;
10008
10009 while (pos <= last) {
10010 if (pos[url_param_name_l] == '=') {
10011 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
10012 return pos;
10013 pos += url_param_name_l + 1;
10014 }
bedis4c75cca2012-10-05 08:38:24 +020010015 while (pos <= last && !is_param_delimiter(*pos, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010016 pos++;
10017 pos++;
10018 }
10019 return NULL;
10020}
10021
10022/*
10023 * Given a url parameter name, returns its value and size into *value and
10024 * *value_l respectively, and returns non-zero. If the parameter is not found,
10025 * zero is returned and value/value_l are not touched.
10026 */
10027static int
10028find_url_param_value(char* path, size_t path_l,
10029 char* url_param_name, size_t url_param_name_l,
bedis4c75cca2012-10-05 08:38:24 +020010030 char** value, int* value_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010031{
10032 char *query_string, *qs_end;
10033 char *arg_start;
10034 char *value_start, *value_end;
10035
bedis4c75cca2012-10-05 08:38:24 +020010036 query_string = find_param_list(path, path_l, delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010037 if (!query_string)
10038 return 0;
10039
10040 qs_end = path + path_l;
10041 arg_start = find_url_param_pos(query_string, qs_end - query_string,
bedis4c75cca2012-10-05 08:38:24 +020010042 url_param_name, url_param_name_l,
10043 delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010044 if (!arg_start)
10045 return 0;
10046
10047 value_start = arg_start + url_param_name_l + 1;
10048 value_end = value_start;
10049
bedis4c75cca2012-10-05 08:38:24 +020010050 while ((value_end < qs_end) && !is_param_delimiter(*value_end, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010051 value_end++;
10052
10053 *value = value_start;
10054 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +010010055 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +090010056}
10057
10058static int
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010059smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010060 const struct arg *args, struct sample *smp, const char *kw)
David Cournapeau16023ee2010-12-23 20:55:41 +090010061{
bedis4c75cca2012-10-05 08:38:24 +020010062 char delim = '?';
David Cournapeau16023ee2010-12-23 20:55:41 +090010063 struct http_txn *txn = l7;
10064 struct http_msg *msg = &txn->req;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010065
bedis4c75cca2012-10-05 08:38:24 +020010066 if (!args || args[0].type != ARGT_STR ||
10067 (args[1].type && args[1].type != ARGT_STR))
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010068 return 0;
10069
10070 CHECK_HTTP_MESSAGE_FIRST();
David Cournapeau16023ee2010-12-23 20:55:41 +090010071
bedis4c75cca2012-10-05 08:38:24 +020010072 if (args[1].type)
10073 delim = *args[1].data.str.str;
10074
Willy Tarreau9b28e032012-10-12 23:49:43 +020010075 if (!find_url_param_value(msg->chn->buf->p + msg->sl.rq.u, msg->sl.rq.u_l,
bedis4c75cca2012-10-05 08:38:24 +020010076 args->data.str.str, args->data.str.len,
10077 &smp->data.str.str, &smp->data.str.len,
10078 delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010079 return 0;
10080
Willy Tarreaub8c8f1f2012-04-23 22:38:26 +020010081 smp->type = SMP_T_CSTR;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010082 smp->flags = SMP_F_VOL_1ST;
David Cournapeau16023ee2010-12-23 20:55:41 +090010083 return 1;
10084}
10085
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010086/* Return the signed integer value for the specified url parameter (see url_param
10087 * above).
10088 */
10089static int
10090smp_fetch_url_param_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010091 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010092{
Willy Tarreauef38c392013-07-22 16:29:32 +020010093 int ret = smp_fetch_url_param(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010094
10095 if (ret > 0) {
10096 smp->type = SMP_T_UINT;
10097 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10098 }
10099
10100 return ret;
10101}
10102
Willy Tarreau185b5c42012-04-26 15:11:51 +020010103/* This function is used to validate the arguments passed to any "hdr" fetch
10104 * keyword. These keywords support an optional positive or negative occurrence
10105 * number. We must ensure that the number is greater than -MAX_HDR_HISTORY. It
10106 * is assumed that the types are already the correct ones. Returns 0 on error,
10107 * non-zero if OK. If <err> is not NULL, it will be filled with a pointer to an
10108 * error message in case of error, that the caller is responsible for freeing.
10109 * The initial location must either be freeable or NULL.
10110 */
10111static int val_hdr(struct arg *arg, char **err_msg)
10112{
10113 if (arg && arg[1].type == ARGT_SINT && arg[1].data.sint < -MAX_HDR_HISTORY) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +020010114 memprintf(err_msg, "header occurrence must be >= %d", -MAX_HDR_HISTORY);
Willy Tarreau185b5c42012-04-26 15:11:51 +020010115 return 0;
10116 }
10117 return 1;
10118}
10119
Willy Tarreau276fae92013-07-25 14:36:01 +020010120/* takes an UINT value on input supposed to represent the time since EPOCH,
10121 * adds an optional offset found in args[0] and emits a string representing
10122 * the date in RFC-1123/5322 format.
10123 */
10124static int sample_conv_http_date(const struct arg *args, struct sample *smp)
10125{
10126 const char day[7][4] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
10127 const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
10128 struct chunk *temp;
10129 struct tm *tm;
10130 time_t curr_date = smp->data.uint;
10131
10132 /* add offset */
10133 if (args && (args[0].type == ARGT_SINT || args[0].type == ARGT_UINT))
10134 curr_date += args[0].data.sint;
10135
10136 tm = gmtime(&curr_date);
10137
10138 temp = get_trash_chunk();
10139 temp->len = snprintf(temp->str, temp->size - temp->len,
10140 "%s, %02d %s %04d %02d:%02d:%02d GMT",
10141 day[tm->tm_wday], tm->tm_mday, mon[tm->tm_mon], 1900+tm->tm_year,
10142 tm->tm_hour, tm->tm_min, tm->tm_sec);
10143
10144 smp->data.str = *temp;
10145 smp->type = SMP_T_STR;
10146 return 1;
10147}
10148
Willy Tarreau4a568972010-05-12 08:08:50 +020010149/************************************************************************/
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010150/* All supported ACL keywords must be declared here. */
10151/************************************************************************/
10152
10153/* Note: must not be declared <const> as its list will be overwritten.
10154 * Please take care of keeping this list alphabetically sorted.
10155 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010156static struct acl_kw_list acl_kws = {ILH, {
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010157 { "base", "base", acl_parse_str, acl_match_str },
10158 { "base_beg", "base", acl_parse_str, acl_match_beg },
10159 { "base_dir", "base", acl_parse_str, acl_match_dir },
10160 { "base_dom", "base", acl_parse_str, acl_match_dom },
10161 { "base_end", "base", acl_parse_str, acl_match_end },
10162 { "base_len", "base", acl_parse_int, acl_match_len },
10163 { "base_reg", "base", acl_parse_reg, acl_match_reg },
10164 { "base_sub", "base", acl_parse_str, acl_match_sub },
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010165
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010166 { "cook", "req.cook", acl_parse_str, acl_match_str },
10167 { "cook_beg", "req.cook", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010168 { "cook_dir", "req.cook", acl_parse_str, acl_match_dir },
10169 { "cook_dom", "req.cook", acl_parse_str, acl_match_dom },
10170 { "cook_end", "req.cook", acl_parse_str, acl_match_end },
10171 { "cook_len", "req.cook", acl_parse_int, acl_match_len },
10172 { "cook_reg", "req.cook", acl_parse_reg, acl_match_reg },
10173 { "cook_sub", "req.cook", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010174
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010175 { "hdr", "req.hdr", acl_parse_str, acl_match_str },
10176 { "hdr_beg", "req.hdr", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010177 { "hdr_dir", "req.hdr", acl_parse_str, acl_match_dir },
10178 { "hdr_dom", "req.hdr", acl_parse_str, acl_match_dom },
10179 { "hdr_end", "req.hdr", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010180 { "hdr_len", "req.hdr", acl_parse_int, acl_match_len },
10181 { "hdr_reg", "req.hdr", acl_parse_reg, acl_match_reg },
10182 { "hdr_sub", "req.hdr", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010183
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010184 { "http_auth_group", NULL, acl_parse_strcat, acl_match_auth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010185
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010186 { "method", NULL, acl_parse_meth, acl_match_meth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010187
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010188 { "path", "path", acl_parse_str, acl_match_str },
10189 { "path_beg", "path", acl_parse_str, acl_match_beg },
10190 { "path_dir", "path", acl_parse_str, acl_match_dir },
10191 { "path_dom", "path", acl_parse_str, acl_match_dom },
10192 { "path_end", "path", acl_parse_str, acl_match_end },
10193 { "path_len", "path", acl_parse_int, acl_match_len },
10194 { "path_reg", "path", acl_parse_reg, acl_match_reg },
10195 { "path_sub", "path", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010196
Willy Tarreauff5afcc2013-03-31 18:49:18 +020010197 { "req_ver", "req.ver", acl_parse_str, acl_match_str },
10198 { "resp_ver", "res.ver", acl_parse_str, acl_match_str },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010199
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010200 { "scook", "res.cook", acl_parse_str, acl_match_str },
10201 { "scook_beg", "res.cook", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010202 { "scook_dir", "res.cook", acl_parse_str, acl_match_dir },
10203 { "scook_dom", "res.cook", acl_parse_str, acl_match_dom },
10204 { "scook_end", "res.cook", acl_parse_str, acl_match_end },
10205 { "scook_len", "res.cook", acl_parse_int, acl_match_len },
10206 { "scook_reg", "res.cook", acl_parse_reg, acl_match_reg },
10207 { "scook_sub", "res.cook", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010208
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010209 { "shdr", "res.hdr", acl_parse_str, acl_match_str },
10210 { "shdr_beg", "res.hdr", acl_parse_str, acl_match_beg },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010211 { "shdr_dir", "res.hdr", acl_parse_str, acl_match_dir },
10212 { "shdr_dom", "res.hdr", acl_parse_str, acl_match_dom },
10213 { "shdr_end", "res.hdr", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010214 { "shdr_len", "res.hdr", acl_parse_int, acl_match_len },
10215 { "shdr_reg", "res.hdr", acl_parse_reg, acl_match_reg },
10216 { "shdr_sub", "res.hdr", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010217
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010218 { "url", "url", acl_parse_str, acl_match_str },
10219 { "url_beg", "url", acl_parse_str, acl_match_beg },
10220 { "url_dir", "url", acl_parse_str, acl_match_dir },
10221 { "url_dom", "url", acl_parse_str, acl_match_dom },
10222 { "url_end", "url", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010223 { "url_len", "url", acl_parse_int, acl_match_len },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010224 { "url_reg", "url", acl_parse_reg, acl_match_reg },
10225 { "url_sub", "url", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010226
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010227 { "urlp", "urlp", acl_parse_str, acl_match_str },
10228 { "urlp_beg", "urlp", acl_parse_str, acl_match_beg },
10229 { "urlp_dir", "urlp", acl_parse_str, acl_match_dir },
10230 { "urlp_dom", "urlp", acl_parse_str, acl_match_dom },
10231 { "urlp_end", "urlp", acl_parse_str, acl_match_end },
Willy Tarreaud86e29d2013-03-25 08:21:05 +010010232 { "urlp_len", "urlp", acl_parse_int, acl_match_len },
10233 { "urlp_reg", "urlp", acl_parse_reg, acl_match_reg },
10234 { "urlp_sub", "urlp", acl_parse_str, acl_match_sub },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010235
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010236 { /* END */ },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010237}};
10238
10239/************************************************************************/
10240/* All supported pattern keywords must be declared here. */
Willy Tarreau4a568972010-05-12 08:08:50 +020010241/************************************************************************/
10242/* Note: must not be declared <const> as its list will be overwritten */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010243static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Willy Tarreau409bcde2013-01-08 00:31:00 +010010244 { "base", smp_fetch_base, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10245 { "base32", smp_fetch_base32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10246 { "base32+src", smp_fetch_base32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
10247
10248 /* cookie is valid in both directions (eg: for "stick ...") but cook*
10249 * are only here to match the ACL's name, are request-only and are used
10250 * for ACL compatibility only.
10251 */
10252 { "cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10253 { "cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV|SMP_USE_HRSHV },
10254 { "cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10255 { "cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10256
10257 /* hdr is valid in both directions (eg: for "stick ...") but hdr_* are
10258 * only here to match the ACL's name, are request-only and are used for
10259 * ACL compatibility only.
10260 */
10261 { "hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV|SMP_USE_HRSHV },
10262 { "hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10263 { "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10264 { "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10265
Willy Tarreau0a0daec2013-04-02 22:44:58 +020010266 { "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
10267 { "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010268 { "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
10269 { "method", smp_fetch_meth, 0, NULL, SMP_T_UINT, SMP_USE_HRQHP },
10270 { "path", smp_fetch_path, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010271
10272 /* HTTP protocol on the request path */
10273 { "req.proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010274 { "req_proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010275
10276 /* HTTP version on the request path */
10277 { "req.ver", smp_fetch_rqver, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010278 { "req_ver", smp_fetch_rqver, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010279
10280 /* HTTP version on the response path */
10281 { "res.ver", smp_fetch_stver, 0, NULL, SMP_T_CSTR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010282 { "resp_ver", smp_fetch_stver, 0, NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10283
Willy Tarreau18ed2562013-01-14 15:56:36 +010010284 /* explicit req.{cook,hdr} are used to force the fetch direction to be request-only */
10285 { "req.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10286 { "req.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10287 { "req.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10288
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010289 { "req.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV },
10290 { "req.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010291 { "req.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRQHV },
10292 { "req.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10293 { "req.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10294 { "req.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10295
10296 /* explicit req.{cook,hdr} are used to force the fetch direction to be response-only */
10297 { "res.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10298 { "res.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10299 { "res.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10300
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010301 { "res.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10302 { "res.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010303 { "res.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10304 { "res.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10305 { "res.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10306 { "res.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10307
Willy Tarreau409bcde2013-01-08 00:31:00 +010010308 /* scook is valid only on the response and is used for ACL compatibility */
10309 { "scook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV },
10310 { "scook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10311 { "scook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10312 { "set-cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_CSTR, SMP_USE_HRSHV }, /* deprecated */
10313
10314 /* shdr is valid only on the response and is used for ACL compatibility */
10315 { "shdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_CSTR, SMP_USE_HRSHV },
10316 { "shdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10317 { "shdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10318 { "shdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10319
10320 { "status", smp_fetch_stcode, 0, NULL, SMP_T_UINT, SMP_USE_HRSHP },
10321 { "url", smp_fetch_url, 0, NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10322 { "url_ip", smp_fetch_url_ip, 0, NULL, SMP_T_IPV4, SMP_USE_HRQHV },
10323 { "url_port", smp_fetch_url_port, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10324 { "url_param", smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10325 { "urlp" , smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_CSTR, SMP_USE_HRQHV },
10326 { "urlp_val", smp_fetch_url_param_val, ARG2(1,STR,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10327 { /* END */ },
Willy Tarreau4a568972010-05-12 08:08:50 +020010328}};
10329
Willy Tarreau8797c062007-05-07 00:55:35 +020010330
Willy Tarreau276fae92013-07-25 14:36:01 +020010331/* Note: must not be declared <const> as its list will be overwritten */
10332static struct sample_conv_kw_list sample_conv_kws = {ILH, {
10333 { "http_date", sample_conv_http_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_T_STR },
10334 { NULL, NULL, 0, 0, 0 },
10335}};
10336
Willy Tarreau8797c062007-05-07 00:55:35 +020010337__attribute__((constructor))
10338static void __http_protocol_init(void)
10339{
10340 acl_register_keywords(&acl_kws);
Willy Tarreau12785782012-04-27 21:37:17 +020010341 sample_register_fetches(&sample_fetch_keywords);
Willy Tarreau276fae92013-07-25 14:36:01 +020010342 sample_register_convs(&sample_conv_kws);
Willy Tarreau8797c062007-05-07 00:55:35 +020010343}
10344
10345
Willy Tarreau58f10d72006-12-04 02:26:12 +010010346/*
Willy Tarreaubaaee002006-06-26 02:48:02 +020010347 * Local variables:
10348 * c-indent-level: 8
10349 * c-basic-offset: 8
10350 * End:
10351 */