blob: b32c042bef878bcd85a85415c6db6a1cd6f97769 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreau7c669d72008-06-20 15:04:11 +02004 * Copyright 2000-2008 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
27#include <common/compat.h>
28#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010029#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020030#include <common/memory.h>
31#include <common/mini-clist.h>
32#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020033#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/time.h>
35#include <common/uri_auth.h>
36#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020037
38#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020039#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040
Willy Tarreau8797c062007-05-07 00:55:35 +020041#include <proto/acl.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020042#include <proto/backend.h>
43#include <proto/buffers.h>
Willy Tarreau91861262007-10-17 17:06:05 +020044#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020045#include <proto/fd.h>
46#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010047#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020048#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020049#include <proto/proto_http.h>
50#include <proto/queue.h>
Willy Tarreau91861262007-10-17 17:06:05 +020051#include <proto/senddata.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020052#include <proto/session.h>
Willy Tarreau2d212792008-08-27 21:41:35 +020053#include <proto/stream_sock.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020054#include <proto/task.h>
55
Willy Tarreau6d1a9882007-01-07 02:03:04 +010056#ifdef CONFIG_HAP_TCPSPLICE
57#include <libtcpsplice.h>
58#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +020059
Willy Tarreau58f10d72006-12-04 02:26:12 +010060#define DEBUG_PARSE_NO_SPEEDUP
61#undef DEBUG_PARSE_NO_SPEEDUP
62
Willy Tarreau976f1ee2006-12-17 10:06:03 +010063/* This is used to perform a quick jump as an alternative to a break/continue
64 * instruction. The first argument is the label for normal operation, and the
65 * second one is the break/continue instruction in the no_speedup mode.
66 */
67
68#ifdef DEBUG_PARSE_NO_SPEEDUP
69#define QUICK_JUMP(x,y) y
70#else
71#define QUICK_JUMP(x,y) goto x
72#endif
73
Willy Tarreau1c47f852006-07-09 08:22:27 +020074/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010075const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020076 "HTTP/1.0 200 OK\r\n"
77 "Cache-Control: no-cache\r\n"
78 "Connection: close\r\n"
79 "Content-Type: text/html\r\n"
80 "\r\n"
81 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
82
Willy Tarreau0f772532006-12-23 20:51:41 +010083const struct chunk http_200_chunk = {
84 .str = (char *)&HTTP_200,
85 .len = sizeof(HTTP_200)-1
86};
87
Willy Tarreaub463dfb2008-06-07 23:08:56 +020088const char *HTTP_301 =
89 "HTTP/1.0 301 Moved Permantenly\r\n"
90 "Cache-Control: no-cache\r\n"
91 "Connection: close\r\n"
92 "Location: "; /* not terminated since it will be concatenated with the URL */
93
Willy Tarreau0f772532006-12-23 20:51:41 +010094const char *HTTP_302 =
95 "HTTP/1.0 302 Found\r\n"
96 "Cache-Control: no-cache\r\n"
97 "Connection: close\r\n"
98 "Location: "; /* not terminated since it will be concatenated with the URL */
99
100/* same as 302 except that the browser MUST retry with the GET method */
101const char *HTTP_303 =
102 "HTTP/1.0 303 See Other\r\n"
103 "Cache-Control: no-cache\r\n"
104 "Connection: close\r\n"
105 "Location: "; /* not terminated since it will be concatenated with the URL */
106
Willy Tarreaubaaee002006-06-26 02:48:02 +0200107/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
108const char *HTTP_401_fmt =
109 "HTTP/1.0 401 Unauthorized\r\n"
110 "Cache-Control: no-cache\r\n"
111 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200112 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200113 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
114 "\r\n"
115 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
116
Willy Tarreau0f772532006-12-23 20:51:41 +0100117
118const int http_err_codes[HTTP_ERR_SIZE] = {
119 [HTTP_ERR_400] = 400,
120 [HTTP_ERR_403] = 403,
121 [HTTP_ERR_408] = 408,
122 [HTTP_ERR_500] = 500,
123 [HTTP_ERR_502] = 502,
124 [HTTP_ERR_503] = 503,
125 [HTTP_ERR_504] = 504,
126};
127
Willy Tarreau80587432006-12-24 17:47:20 +0100128static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100129 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100130 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100131 "Cache-Control: no-cache\r\n"
132 "Connection: close\r\n"
133 "Content-Type: text/html\r\n"
134 "\r\n"
135 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
136
137 [HTTP_ERR_403] =
138 "HTTP/1.0 403 Forbidden\r\n"
139 "Cache-Control: no-cache\r\n"
140 "Connection: close\r\n"
141 "Content-Type: text/html\r\n"
142 "\r\n"
143 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
144
145 [HTTP_ERR_408] =
146 "HTTP/1.0 408 Request Time-out\r\n"
147 "Cache-Control: no-cache\r\n"
148 "Connection: close\r\n"
149 "Content-Type: text/html\r\n"
150 "\r\n"
151 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
152
153 [HTTP_ERR_500] =
154 "HTTP/1.0 500 Server Error\r\n"
155 "Cache-Control: no-cache\r\n"
156 "Connection: close\r\n"
157 "Content-Type: text/html\r\n"
158 "\r\n"
159 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
160
161 [HTTP_ERR_502] =
162 "HTTP/1.0 502 Bad Gateway\r\n"
163 "Cache-Control: no-cache\r\n"
164 "Connection: close\r\n"
165 "Content-Type: text/html\r\n"
166 "\r\n"
167 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
168
169 [HTTP_ERR_503] =
170 "HTTP/1.0 503 Service Unavailable\r\n"
171 "Cache-Control: no-cache\r\n"
172 "Connection: close\r\n"
173 "Content-Type: text/html\r\n"
174 "\r\n"
175 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
176
177 [HTTP_ERR_504] =
178 "HTTP/1.0 504 Gateway Time-out\r\n"
179 "Cache-Control: no-cache\r\n"
180 "Connection: close\r\n"
181 "Content-Type: text/html\r\n"
182 "\r\n"
183 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
184
185};
186
Willy Tarreau80587432006-12-24 17:47:20 +0100187/* We must put the messages here since GCC cannot initialize consts depending
188 * on strlen().
189 */
190struct chunk http_err_chunks[HTTP_ERR_SIZE];
191
Willy Tarreau42250582007-04-01 01:30:43 +0200192#define FD_SETS_ARE_BITFIELDS
193#ifdef FD_SETS_ARE_BITFIELDS
194/*
195 * This map is used with all the FD_* macros to check whether a particular bit
196 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
197 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
198 * byte should be encoded. Be careful to always pass bytes from 0 to 255
199 * exclusively to the macros.
200 */
201fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
202fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
203
204#else
205#error "Check if your OS uses bitfields for fd_sets"
206#endif
207
Willy Tarreau80587432006-12-24 17:47:20 +0100208void init_proto_http()
209{
Willy Tarreau42250582007-04-01 01:30:43 +0200210 int i;
211 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100212 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200213
Willy Tarreau80587432006-12-24 17:47:20 +0100214 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
215 if (!http_err_msgs[msg]) {
216 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
217 abort();
218 }
219
220 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
221 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
222 }
Willy Tarreau42250582007-04-01 01:30:43 +0200223
224 /* initialize the log header encoding map : '{|}"#' should be encoded with
225 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
226 * URL encoding only requires '"', '#' to be encoded as well as non-
227 * printable characters above.
228 */
229 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
230 memset(url_encode_map, 0, sizeof(url_encode_map));
231 for (i = 0; i < 32; i++) {
232 FD_SET(i, hdr_encode_map);
233 FD_SET(i, url_encode_map);
234 }
235 for (i = 127; i < 256; i++) {
236 FD_SET(i, hdr_encode_map);
237 FD_SET(i, url_encode_map);
238 }
239
240 tmp = "\"#{|}";
241 while (*tmp) {
242 FD_SET(*tmp, hdr_encode_map);
243 tmp++;
244 }
245
246 tmp = "\"#";
247 while (*tmp) {
248 FD_SET(*tmp, url_encode_map);
249 tmp++;
250 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200251
252 /* memory allocations */
253 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200254 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100255}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200256
Willy Tarreau53b6c742006-12-17 13:37:46 +0100257/*
258 * We have 26 list of methods (1 per first letter), each of which can have
259 * up to 3 entries (2 valid, 1 null).
260 */
261struct http_method_desc {
262 http_meth_t meth;
263 int len;
264 const char text[8];
265};
266
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100267const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100268 ['C' - 'A'] = {
269 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
270 },
271 ['D' - 'A'] = {
272 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
273 },
274 ['G' - 'A'] = {
275 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
276 },
277 ['H' - 'A'] = {
278 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
279 },
280 ['P' - 'A'] = {
281 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
282 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
283 },
284 ['T' - 'A'] = {
285 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
286 },
287 /* rest is empty like this :
288 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
289 */
290};
291
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100292/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200293 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100294 * RFC2616 for those chars.
295 */
296
297const char http_is_spht[256] = {
298 [' '] = 1, ['\t'] = 1,
299};
300
301const char http_is_crlf[256] = {
302 ['\r'] = 1, ['\n'] = 1,
303};
304
305const char http_is_lws[256] = {
306 [' '] = 1, ['\t'] = 1,
307 ['\r'] = 1, ['\n'] = 1,
308};
309
310const char http_is_sep[256] = {
311 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
312 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
313 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
314 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
315 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
316};
317
318const char http_is_ctl[256] = {
319 [0 ... 31] = 1,
320 [127] = 1,
321};
322
323/*
324 * A token is any ASCII char that is neither a separator nor a CTL char.
325 * Do not overwrite values in assignment since gcc-2.95 will not handle
326 * them correctly. Instead, define every non-CTL char's status.
327 */
328const char http_is_token[256] = {
329 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
330 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
331 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
332 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
333 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
334 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
335 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
336 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
337 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
338 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
339 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
340 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
341 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
342 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
343 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
344 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
345 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
346 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
347 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
348 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
349 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
350 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
351 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
352 ['|'] = 1, ['}'] = 0, ['~'] = 1,
353};
354
355
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100356/*
357 * An http ver_token is any ASCII which can be found in an HTTP version,
358 * which includes 'H', 'T', 'P', '/', '.' and any digit.
359 */
360const char http_is_ver_token[256] = {
361 ['.'] = 1, ['/'] = 1,
362 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
363 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
364 ['H'] = 1, ['P'] = 1, ['T'] = 1,
365};
366
367
Willy Tarreaubaaee002006-06-26 02:48:02 +0200368#ifdef DEBUG_FULL
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200369static char *cli_stnames[4] = { "DAT", "SHR", "SHW", "CLS" };
Willy Tarreaubaaee002006-06-26 02:48:02 +0200370#endif
371
Willy Tarreau42250582007-04-01 01:30:43 +0200372static void http_sess_log(struct session *s);
373
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100374/*
375 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
376 * CRLF. Text length is measured first, so it cannot be NULL.
377 * The header is also automatically added to the index <hdr_idx>, and the end
378 * of headers is automatically adjusted. The number of bytes added is returned
379 * on success, otherwise <0 is returned indicating an error.
380 */
381int http_header_add_tail(struct buffer *b, struct http_msg *msg,
382 struct hdr_idx *hdr_idx, const char *text)
383{
384 int bytes, len;
385
386 len = strlen(text);
387 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
388 if (!bytes)
389 return -1;
390 msg->eoh += bytes;
391 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
392}
393
394/*
395 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
396 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
397 * the buffer is only opened and the space reserved, but nothing is copied.
398 * The header is also automatically added to the index <hdr_idx>, and the end
399 * of headers is automatically adjusted. The number of bytes added is returned
400 * on success, otherwise <0 is returned indicating an error.
401 */
402int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
403 struct hdr_idx *hdr_idx, const char *text, int len)
404{
405 int bytes;
406
407 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
408 if (!bytes)
409 return -1;
410 msg->eoh += bytes;
411 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
412}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200413
414/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100415 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
416 * If so, returns the position of the first non-space character relative to
417 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
418 * to return a pointer to the place after the first space. Returns 0 if the
419 * header name does not match. Checks are case-insensitive.
420 */
421int http_header_match2(const char *hdr, const char *end,
422 const char *name, int len)
423{
424 const char *val;
425
426 if (hdr + len >= end)
427 return 0;
428 if (hdr[len] != ':')
429 return 0;
430 if (strncasecmp(hdr, name, len) != 0)
431 return 0;
432 val = hdr + len + 1;
433 while (val < end && HTTP_IS_SPHT(*val))
434 val++;
435 if ((val >= end) && (len + 2 <= end - hdr))
436 return len + 2; /* we may replace starting from second space */
437 return val - hdr;
438}
439
Willy Tarreau33a7e692007-06-10 19:45:56 +0200440/* Find the end of the header value contained between <s> and <e>.
441 * See RFC2616, par 2.2 for more information. Note that it requires
442 * a valid header to return a valid result.
443 */
444const char *find_hdr_value_end(const char *s, const char *e)
445{
446 int quoted, qdpair;
447
448 quoted = qdpair = 0;
449 for (; s < e; s++) {
450 if (qdpair) qdpair = 0;
451 else if (quoted && *s == '\\') qdpair = 1;
452 else if (quoted && *s == '"') quoted = 0;
453 else if (*s == '"') quoted = 1;
454 else if (*s == ',') return s;
455 }
456 return s;
457}
458
459/* Find the first or next occurrence of header <name> in message buffer <sol>
460 * using headers index <idx>, and return it in the <ctx> structure. This
461 * structure holds everything necessary to use the header and find next
462 * occurrence. If its <idx> member is 0, the header is searched from the
463 * beginning. Otherwise, the next occurrence is returned. The function returns
464 * 1 when it finds a value, and 0 when there is no more.
465 */
466int http_find_header2(const char *name, int len,
467 const char *sol, struct hdr_idx *idx,
468 struct hdr_ctx *ctx)
469{
470 __label__ return_hdr, next_hdr;
471 const char *eol, *sov;
472 int cur_idx;
473
474 if (ctx->idx) {
475 /* We have previously returned a value, let's search
476 * another one on the same line.
477 */
478 cur_idx = ctx->idx;
479 sol = ctx->line;
480 sov = sol + ctx->val + ctx->vlen;
481 eol = sol + idx->v[cur_idx].len;
482
483 if (sov >= eol)
484 /* no more values in this header */
485 goto next_hdr;
486
487 /* values remaining for this header, skip the comma */
488 sov++;
489 while (sov < eol && http_is_lws[(unsigned char)*sov])
490 sov++;
491
492 goto return_hdr;
493 }
494
495 /* first request for this header */
496 sol += hdr_idx_first_pos(idx);
497 cur_idx = hdr_idx_first_idx(idx);
498
499 while (cur_idx) {
500 eol = sol + idx->v[cur_idx].len;
501
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200502 if (len == 0) {
503 /* No argument was passed, we want any header.
504 * To achieve this, we simply build a fake request. */
505 while (sol + len < eol && sol[len] != ':')
506 len++;
507 name = sol;
508 }
509
Willy Tarreau33a7e692007-06-10 19:45:56 +0200510 if ((len < eol - sol) &&
511 (sol[len] == ':') &&
512 (strncasecmp(sol, name, len) == 0)) {
513
514 sov = sol + len + 1;
515 while (sov < eol && http_is_lws[(unsigned char)*sov])
516 sov++;
517 return_hdr:
518 ctx->line = sol;
519 ctx->idx = cur_idx;
520 ctx->val = sov - sol;
521
522 eol = find_hdr_value_end(sov, eol);
523 ctx->vlen = eol - sov;
524 return 1;
525 }
526 next_hdr:
527 sol = eol + idx->v[cur_idx].cr + 1;
528 cur_idx = idx->v[cur_idx].next;
529 }
530 return 0;
531}
532
533int http_find_header(const char *name,
534 const char *sol, struct hdr_idx *idx,
535 struct hdr_ctx *ctx)
536{
537 return http_find_header2(name, strlen(name), sol, idx, ctx);
538}
539
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200540/* This function shuts down the buffers on the server side, and sets indicators
541 * accordingly. The server's fd is supposed to already be closed. Note that if
542 * <status> is 0, or if the message pointer is NULL, then no message is returned.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200543 */
544void srv_close_with_err(struct session *t, int err, int finst,
Willy Tarreau0f772532006-12-23 20:51:41 +0100545 int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200546{
Willy Tarreau3da77c52008-08-29 09:58:42 +0200547 buffer_write_ena(t->rep);
Willy Tarreauba392ce2008-08-16 21:13:23 +0200548 buffer_shutw(t->req);
549 buffer_shutr(t->rep);
Willy Tarreau0f772532006-12-23 20:51:41 +0100550 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100551 t->txn.status = status;
Willy Tarreau73de9892006-11-30 11:40:23 +0100552 if (t->fe->mode == PR_MODE_HTTP)
Willy Tarreau0f772532006-12-23 20:51:41 +0100553 client_return(t, msg);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200554 }
555 if (!(t->flags & SN_ERR_MASK))
556 t->flags |= err;
557 if (!(t->flags & SN_FINST_MASK))
558 t->flags |= finst;
559}
560
Willy Tarreau80587432006-12-24 17:47:20 +0100561/* This function returns the appropriate error location for the given session
562 * and message.
563 */
564
565struct chunk *error_message(struct session *s, int msgnum)
566{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200567 if (s->be->errmsg[msgnum].str)
568 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100569 else if (s->fe->errmsg[msgnum].str)
570 return &s->fe->errmsg[msgnum];
571 else
572 return &http_err_chunks[msgnum];
573}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200574
Willy Tarreau53b6c742006-12-17 13:37:46 +0100575/*
576 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
577 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
578 */
579static http_meth_t find_http_meth(const char *str, const int len)
580{
581 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100582 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100583
584 m = ((unsigned)*str - 'A');
585
586 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100587 for (h = http_methods[m]; h->len > 0; h++) {
588 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100589 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100590 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100591 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100592 };
593 return HTTP_METH_OTHER;
594 }
595 return HTTP_METH_NONE;
596
597}
598
Willy Tarreau21d2af32008-02-14 20:25:24 +0100599/* Parse the URI from the given transaction (which is assumed to be in request
600 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
601 * It is returned otherwise.
602 */
603static char *
604http_get_path(struct http_txn *txn)
605{
606 char *ptr, *end;
607
608 ptr = txn->req.sol + txn->req.sl.rq.u;
609 end = ptr + txn->req.sl.rq.u_l;
610
611 if (ptr >= end)
612 return NULL;
613
614 /* RFC2616, par. 5.1.2 :
615 * Request-URI = "*" | absuri | abspath | authority
616 */
617
618 if (*ptr == '*')
619 return NULL;
620
621 if (isalpha((unsigned char)*ptr)) {
622 /* this is a scheme as described by RFC3986, par. 3.1 */
623 ptr++;
624 while (ptr < end &&
625 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
626 ptr++;
627 /* skip '://' */
628 if (ptr == end || *ptr++ != ':')
629 return NULL;
630 if (ptr == end || *ptr++ != '/')
631 return NULL;
632 if (ptr == end || *ptr++ != '/')
633 return NULL;
634 }
635 /* skip [user[:passwd]@]host[:[port]] */
636
637 while (ptr < end && *ptr != '/')
638 ptr++;
639
640 if (ptr == end)
641 return NULL;
642
643 /* OK, we got the '/' ! */
644 return ptr;
645}
646
Willy Tarreaudafde432008-08-17 01:00:46 +0200647/* Processes the client, server, request and response jobs of a session task,
648 * then puts it back to the wait queue in a clean state, or cleans up its
649 * resources if it must be deleted. Returns in <next> the date the task wants
650 * to be woken up, or TICK_ETERNITY. In order not to call all functions for
651 * nothing too many times, the request and response buffers flags are monitored
652 * and each function is called only if at least another function has changed at
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200653 * least one flag it is interested in.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200654 */
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200655void process_session(struct task *t, int *next)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200656{
657 struct session *s = t->context;
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200658 int resync;
659 unsigned int rqf_cli, rpf_cli;
660 unsigned int rqf_srv, rpf_srv;
661 unsigned int rqf_req, rpf_rep;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200662
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200663 /* Check timeouts only during data phase for now */
664 if (unlikely(t->state & TASK_WOKEN_TIMER)) {
665 if (s->rep->cons->state == SI_ST_EST)
666 stream_sock_data_check_timeouts(s->rep->cons->fd);
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200667
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200668 if (s->req->cons->state == SI_ST_EST)
669 stream_sock_data_check_timeouts(s->req->cons->fd);
670 }
671
Willy Tarreau48adac52008-08-30 04:58:38 +0200672 /* Check if we need to close the write side. This can only happen
673 * when either SHUTR or EMPTY appears, because WRITE_ENA cannot appear
674 * from low level, and neither HIJACK nor SHUTW can disappear from low
675 * level.
676 */
677 if (unlikely((s->req->flags & (BF_SHUTW|BF_EMPTY|BF_HIJACK|BF_WRITE_ENA|BF_SHUTR)) == (BF_EMPTY|BF_WRITE_ENA|BF_SHUTR))) {
678 buffer_shutw(s->req);
679 s->req->cons->shutw(s->req->cons);
680 }
681
682 if (unlikely((s->rep->flags & (BF_SHUTW|BF_EMPTY|BF_HIJACK|BF_WRITE_ENA|BF_SHUTR)) == (BF_EMPTY|BF_WRITE_ENA|BF_SHUTR))) {
683 buffer_shutw(s->rep);
684 s->rep->cons->shutw(s->rep->cons);
685 }
686
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200687 /* When a server-side connection is released, we have to
688 * count it and check for pending connections on this server.
689 */
690 if (unlikely(s->req->cons->state == SI_ST_CLO &&
691 s->req->cons->prev_state == SI_ST_EST)) {
692 /* Count server-side errors (but not timeouts). */
693 if (s->req->flags & BF_WRITE_ERROR) {
694 s->be->failed_resp++;
695 if (s->srv)
696 s->srv->failed_resp++;
697 }
698
699 if (s->srv) {
700 s->srv->cur_sess--;
701 sess_change_server(s, NULL);
702 if (may_dequeue_tasks(s->srv, s->be))
703 process_srv_queue(s->srv);
704 }
705
706 if (unlikely((s->req->cons->state == SI_ST_CLO) &&
707 (global.mode & MODE_DEBUG) &&
708 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
709 int len;
710 len = sprintf(trash, "%08x:%s.srvcls[%04x:%04x]\n",
711 s->uniq_id, s->be->id, (unsigned short)s->req->prod->fd, (unsigned short)s->req->cons->fd);
712 write(1, trash, len);
713 }
714 }
715
Willy Tarreau48adac52008-08-30 04:58:38 +0200716 /* This is needed when debugging is enabled, to indicate client-side close */
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200717 if (unlikely(s->rep->cons->state == SI_ST_CLO &&
718 s->rep->cons->prev_state == SI_ST_EST)) {
719 if (unlikely((s->rep->cons->state == SI_ST_CLO) &&
720 (global.mode & MODE_DEBUG) &&
721 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
722 int len;
723 len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n",
724 s->uniq_id, s->be->id, (unsigned short)s->rep->prod->fd, (unsigned short)s->req->cons->fd);
725 write(1, trash, len);
726 }
727 }
728
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200729 /* Dirty trick: force one first pass everywhere */
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200730 rqf_cli = rqf_srv = rqf_req = ~s->req->flags;
731 rpf_cli = rpf_srv = rpf_rep = ~s->rep->flags;
Willy Tarreau507385d2008-08-17 13:04:25 +0200732
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200733 /* well, the ST_CONN state is already handled properly */
734 if (s->req->prod->state == SI_ST_EST) {
735 rqf_cli = s->req->flags;
736 rpf_cli = s->rep->flags;
737 }
738
739 if (s->req->cons->state == SI_ST_EST) {
740 rqf_srv = s->req->flags;
741 rpf_srv = s->rep->flags;
742 }
743
Willy Tarreaubaaee002006-06-26 02:48:02 +0200744 do {
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200745 DPRINTF(stderr,"[%u] %s: task=%p rq=%p, rp=%p, exp(r,w)=%u,%u rqf=%08x rpf=%08x rql=%d rpl=%d cs=%d ss=%d\n",
746 now_ms, __FUNCTION__,
747 t,
748 s->req, s->rep,
749 s->req->rex, s->rep->wex,
750 s->req->flags, s->rep->flags,
751 s->req->l, s->rep->l, s->rep->cons->state, s->req->cons->state);
752
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200753 resync = 0;
Willy Tarreaudafde432008-08-17 01:00:46 +0200754
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200755 /* Analyse request */
756 if ((rqf_req ^ s->req->flags) & BF_MASK_ANALYSER) {
757 if (s->req->prod->state >= SI_ST_EST) {
758 resync = 1;
759 /* it's up to the analysers to reset write_ena */
760 buffer_write_ena(s->req);
761 if (s->req->analysers)
762 process_request(s);
763 rqf_req = s->req->flags;
764 }
765
766 }
767
768 /* Analyse response */
769 if (unlikely(s->rep->flags & BF_HIJACK)) {
770 /* In inject mode, we wake up everytime something has
771 * happened on the write side of the buffer.
772 */
773 if ((s->rep->flags & (BF_WRITE_PARTIAL|BF_WRITE_ERROR|BF_SHUTW)) &&
774 !(s->rep->flags & BF_FULL)) {
775 if (produce_content(s) != 0)
776 resync = 1; /* completed, better re-check flags */
777 }
778 }
779 else if (s->rep->prod->state >= SI_ST_EST) {
780 if ((rpf_rep ^ s->rep->flags) & BF_MASK_ANALYSER) {
781 resync = 1;
782 /* it's up to the analysers to reset write_ena */
783 buffer_write_ena(s->rep);
784 if (s->rep->analysers)
785 process_response(s);
786 rpf_rep = s->rep->flags;
787 }
788 }
789
790 /* Maybe resync client FD state */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200791 if (s->rep->cons->state != SI_ST_CLO) {
792 if (((rqf_cli ^ s->req->flags) & BF_MASK_INTERFACE_I) ||
793 ((rpf_cli ^ s->rep->flags) & BF_MASK_INTERFACE_O)) {
794 resync = 1;
795 stream_sock_data_update(s->rep->cons->fd);
796 rqf_cli = s->req->flags;
797 rpf_cli = s->rep->flags;
798
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200799 if (unlikely((s->rep->cons->state == SI_ST_CLO) &&
800 (global.mode & MODE_DEBUG) &&
801 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
802 int len;
803 len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n",
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200804 s->uniq_id, s->be->id, (unsigned short)s->rep->prod->fd, (unsigned short)s->req->cons->fd);
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200805 write(1, trash, len);
806 }
Willy Tarreaudafde432008-08-17 01:00:46 +0200807 }
Willy Tarreaudafde432008-08-17 01:00:46 +0200808 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200809
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200810 /* Maybe resync server FD state */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200811 if (s->req->cons->state != SI_ST_CLO) {
812 if (((rpf_srv ^ s->rep->flags) & BF_MASK_INTERFACE_I) ||
813 ((rqf_srv ^ s->req->flags) & BF_MASK_INTERFACE_O)) {
814 resync = 1;
815
Willy Tarreau3da77c52008-08-29 09:58:42 +0200816 if (s->req->cons->state < SI_ST_EST && s->req->flags & BF_WRITE_ENA)
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200817 process_srv_conn(s);
818
819 if (s->req->cons->state == SI_ST_EST) {
Willy Tarreau3da77c52008-08-29 09:58:42 +0200820 if ((s->req->flags & (BF_SHUTW|BF_EMPTY|BF_WRITE_ENA)) == (BF_EMPTY|BF_WRITE_ENA) &&
Willy Tarreau376580a2008-08-27 18:52:22 +0200821 s->be->options & PR_O_FORCE_CLO &&
Willy Tarreau3da77c52008-08-29 09:58:42 +0200822 s->rep->flags & BF_READ_ACTIVITY) {
Willy Tarreau376580a2008-08-27 18:52:22 +0200823 /* We want to force the connection to the server to close,
824 * and the server has begun to respond. That's the right
825 * time.
826 */
827 buffer_shutw_now(s->req);
828 }
829
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200830 stream_sock_data_update(s->req->cons->fd);
Willy Tarreau376580a2008-08-27 18:52:22 +0200831
832 /* When a server-side connection is released, we have to
833 * count it and check for pending connections on this server.
834 */
835 if (s->req->cons->state == SI_ST_CLO) {
836 if (s->srv) {
837 s->srv->cur_sess--;
838 sess_change_server(s, NULL);
839 if (may_dequeue_tasks(s->srv, s->be))
840 process_srv_queue(s->srv);
841 }
842 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200843 }
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200844 rqf_srv = s->req->flags;
845 rpf_srv = s->rep->flags;
Willy Tarreauf5483bf2008-08-14 18:35:40 +0200846
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200847 if (unlikely((s->req->cons->state == SI_ST_CLO) &&
848 (global.mode & MODE_DEBUG) &&
849 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
850 int len;
851 len = sprintf(trash, "%08x:%s.srvcls[%04x:%04x]\n",
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200852 s->uniq_id, s->be->id, (unsigned short)s->req->prod->fd, (unsigned short)s->req->cons->fd);
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200853 write(1, trash, len);
854 }
855 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200856 }
857
Willy Tarreaudafde432008-08-17 01:00:46 +0200858 } while (resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200859
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200860 if (likely((s->rep->cons->state != SI_ST_CLO) ||
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200861 (s->req->cons->state != SI_ST_CLO && s->req->cons->state != SI_ST_INI))) {
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100862
863 if ((s->fe->options & PR_O_CONTSTATS) && (s->flags & SN_BE_ASSIGNED))
864 session_process_counters(s);
865
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200866 if (s->rep->cons->state == SI_ST_EST)
867 stream_sock_data_finish(s->rep->cons->fd);
868
869 if (s->req->cons->state == SI_ST_EST)
870 stream_sock_data_finish(s->req->cons->fd);
871
Willy Tarreau0f9f5052006-07-29 17:39:25 +0200872 s->req->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
873 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200874 s->si[0].prev_state = s->si[0].state;
875 s->si[1].prev_state = s->si[1].state;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200876
Willy Tarreau7f875f62008-08-11 17:35:01 +0200877 /* Trick: if a request is being waiting for the server to respond,
878 * and if we know the server can timeout, we don't want the timeout
879 * to expire on the client side first, but we're still interested
880 * in passing data from the client to the server (eg: POST). Thus,
881 * we can cancel the client's request timeout if the server's
882 * request timeout is set and the server has not yet sent a response.
883 */
884
Willy Tarreau3da77c52008-08-29 09:58:42 +0200885 if ((s->rep->flags & (BF_WRITE_ENA|BF_SHUTR)) == 0 &&
Willy Tarreau26ed74d2008-08-17 12:11:14 +0200886 (tick_isset(s->req->wex) || tick_isset(s->rep->rex)))
Willy Tarreau7f875f62008-08-11 17:35:01 +0200887 s->req->rex = TICK_ETERNITY;
888
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200889 t->expire = tick_first(tick_first(s->req->rex, s->req->wex),
890 tick_first(s->rep->rex, s->rep->wex));
Willy Tarreauffab5b42008-08-17 18:03:28 +0200891 if (s->req->analysers)
892 t->expire = tick_first(t->expire, s->req->analyse_exp);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200893
Willy Tarreaucb651252008-08-29 13:57:30 +0200894#ifdef DEBUG_FULL
895 fprintf(stderr, "[%u] queuing with exp=%u req->rex=%u req->wex=%u req->ana_exp=%u rep->rex=%u rep->wex=%u\n",
896 now_ms, t->expire, s->req->rex, s->req->wex, s->req->analyse_exp, s->rep->rex, s->rep->wex);
897#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +0200898 /* restore t to its place in the task list */
899 task_queue(t);
900
Willy Tarreaua7c52762008-08-16 18:40:18 +0200901#ifdef DEBUG_DEV
902 /* this may only happen when no timeout is set or in case of an FSM bug */
903 if (!t->expire)
904 ABORT_NOW();
905#endif
Willy Tarreaud825eef2007-05-12 22:35:00 +0200906 *next = t->expire;
907 return; /* nothing more to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +0200908 }
909
Willy Tarreauf1221aa2006-12-17 22:14:12 +0100910 s->fe->feconn--;
911 if (s->flags & SN_BE_ASSIGNED)
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200912 s->be->beconn--;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200913 actconn--;
914
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200915 if (unlikely((global.mode & MODE_DEBUG) &&
916 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
Willy Tarreaubaaee002006-06-26 02:48:02 +0200917 int len;
Willy Tarreauf495ddf2008-08-17 14:38:41 +0200918 len = sprintf(trash, "%08x:%s.closed[%04x:%04x] (term_trace=0x%08x)\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200919 s->uniq_id, s->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200920 (unsigned short)s->req->prod->fd, (unsigned short)s->req->cons->fd,
Willy Tarreauf495ddf2008-08-17 14:38:41 +0200921 s->term_trace);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200922 write(1, trash, len);
923 }
924
Willy Tarreau42aae5c2007-04-29 17:43:56 +0200925 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100926 session_process_counters(s);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200927
928 /* let's do a final log if we need it */
Willy Tarreau1c47f852006-07-09 08:22:27 +0200929 if (s->logs.logwait &&
930 !(s->flags & SN_MONITOR) &&
Willy Tarreau42250582007-04-01 01:30:43 +0200931 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
932 if (s->fe->to_log & LW_REQ)
933 http_sess_log(s);
934 else
935 tcp_sess_log(s);
936 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200937
938 /* the task MUST not be in the run queue anymore */
939 task_delete(t);
940 session_free(s);
941 task_free(t);
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200942 *next = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200943}
944
945
Willy Tarreau42250582007-04-01 01:30:43 +0200946extern const char sess_term_cond[8];
947extern const char sess_fin_state[8];
948extern const char *monthname[12];
949const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */
950const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown,
951 Set-cookie seen and left unchanged (passive), Set-cookie Deleted,
952 unknown, Set-cookie Rewritten */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200953struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200954struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100955
Willy Tarreau42250582007-04-01 01:30:43 +0200956/*
957 * send a log for the session when we have enough info about it.
958 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100959 */
Willy Tarreau42250582007-04-01 01:30:43 +0200960static void http_sess_log(struct session *s)
961{
962 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
963 struct proxy *fe = s->fe;
964 struct proxy *be = s->be;
965 struct proxy *prx_log;
966 struct http_txn *txn = &s->txn;
967 int tolog;
968 char *uri, *h;
969 char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +0200970 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +0200971 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +0200972 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +0200973 int hdr;
974
975 if (fe->logfac1 < 0 && fe->logfac2 < 0)
976 return;
977 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100978
Willy Tarreau42250582007-04-01 01:30:43 +0200979 if (s->cli_addr.ss_family == AF_INET)
980 inet_ntop(AF_INET,
981 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
982 pn, sizeof(pn));
983 else
984 inet_ntop(AF_INET6,
985 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
986 pn, sizeof(pn));
987
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200988 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +0200989
990 /* FIXME: let's limit ourselves to frontend logging for now. */
991 tolog = fe->to_log;
992
993 h = tmpline;
994 if (fe->to_log & LW_REQHDR &&
995 txn->req.cap &&
996 (h < tmpline + sizeof(tmpline) - 10)) {
997 *(h++) = ' ';
998 *(h++) = '{';
999 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
1000 if (hdr)
1001 *(h++) = '|';
1002 if (txn->req.cap[hdr] != NULL)
1003 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
1004 '#', hdr_encode_map, txn->req.cap[hdr]);
1005 }
1006 *(h++) = '}';
1007 }
1008
1009 if (fe->to_log & LW_RSPHDR &&
1010 txn->rsp.cap &&
1011 (h < tmpline + sizeof(tmpline) - 7)) {
1012 *(h++) = ' ';
1013 *(h++) = '{';
1014 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
1015 if (hdr)
1016 *(h++) = '|';
1017 if (txn->rsp.cap[hdr] != NULL)
1018 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
1019 '#', hdr_encode_map, txn->rsp.cap[hdr]);
1020 }
1021 *(h++) = '}';
1022 }
1023
1024 if (h < tmpline + sizeof(tmpline) - 4) {
1025 *(h++) = ' ';
1026 *(h++) = '"';
1027 uri = txn->uri ? txn->uri : "<BADREQ>";
1028 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
1029 '#', url_encode_map, uri);
1030 *(h++) = '"';
1031 }
1032 *h = '\0';
1033
1034 svid = (tolog & LW_SVID) ?
1035 (s->data_source != DATA_SRC_STATS) ?
1036 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
1037
Willy Tarreau70089872008-06-13 21:12:51 +02001038 t_request = -1;
1039 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
1040 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
1041
Willy Tarreau42250582007-04-01 01:30:43 +02001042 send_log(prx_log, LOG_INFO,
1043 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
1044 " %s %s/%s %d/%d/%d/%d/%s%d %d %s%lld"
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001045 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %d/%d%s\n",
Willy Tarreau42250582007-04-01 01:30:43 +02001046 pn,
1047 (s->cli_addr.ss_family == AF_INET) ?
1048 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
1049 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +02001050 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreaub7f694f2008-06-22 17:18:02 +02001051 tm.tm_hour, tm.tm_min, tm.tm_sec, s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +02001052 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +02001053 t_request,
1054 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +02001055 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
1056 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
1057 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
1058 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +01001059 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +02001060 txn->cli_cookie ? txn->cli_cookie : "-",
1061 txn->srv_cookie ? txn->srv_cookie : "-",
1062 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
1063 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
1064 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
1065 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
1066 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001067 (s->flags & SN_REDISP)?"+":"",
1068 (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +02001069 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
1070
1071 s->logs.logwait = 0;
1072}
1073
Willy Tarreau117f59e2007-03-04 18:17:17 +01001074
1075/*
1076 * Capture headers from message starting at <som> according to header list
1077 * <cap_hdr>, and fill the <idx> structure appropriately.
1078 */
1079void capture_headers(char *som, struct hdr_idx *idx,
1080 char **cap, struct cap_hdr *cap_hdr)
1081{
1082 char *eol, *sol, *col, *sov;
1083 int cur_idx;
1084 struct cap_hdr *h;
1085 int len;
1086
1087 sol = som + hdr_idx_first_pos(idx);
1088 cur_idx = hdr_idx_first_idx(idx);
1089
1090 while (cur_idx) {
1091 eol = sol + idx->v[cur_idx].len;
1092
1093 col = sol;
1094 while (col < eol && *col != ':')
1095 col++;
1096
1097 sov = col + 1;
1098 while (sov < eol && http_is_lws[(unsigned char)*sov])
1099 sov++;
1100
1101 for (h = cap_hdr; h; h = h->next) {
1102 if ((h->namelen == col - sol) &&
1103 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1104 if (cap[h->index] == NULL)
1105 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001106 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001107
1108 if (cap[h->index] == NULL) {
1109 Alert("HTTP capture : out of memory.\n");
1110 continue;
1111 }
1112
1113 len = eol - sov;
1114 if (len > h->len)
1115 len = h->len;
1116
1117 memcpy(cap[h->index], sov, len);
1118 cap[h->index][len]=0;
1119 }
1120 }
1121 sol = eol + idx->v[cur_idx].cr + 1;
1122 cur_idx = idx->v[cur_idx].next;
1123 }
1124}
1125
1126
Willy Tarreau42250582007-04-01 01:30:43 +02001127/* either we find an LF at <ptr> or we jump to <bad>.
1128 */
1129#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1130
1131/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1132 * otherwise to <http_msg_ood> with <state> set to <st>.
1133 */
1134#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1135 ptr++; \
1136 if (likely(ptr < end)) \
1137 goto good; \
1138 else { \
1139 state = (st); \
1140 goto http_msg_ood; \
1141 } \
1142 } while (0)
1143
1144
Willy Tarreaubaaee002006-06-26 02:48:02 +02001145/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001146 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001147 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1148 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1149 * will give undefined results.
1150 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1151 * and that msg->sol points to the beginning of the response.
1152 * If a complete line is found (which implies that at least one CR or LF is
1153 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1154 * returned indicating an incomplete line (which does not mean that parts have
1155 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1156 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1157 * upon next call.
1158 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001159 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001160 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1161 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001162 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001163 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001164const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
1165 unsigned int state, const char *ptr, const char *end,
1166 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001167{
1168 __label__
1169 http_msg_rpver,
1170 http_msg_rpver_sp,
1171 http_msg_rpcode,
1172 http_msg_rpcode_sp,
1173 http_msg_rpreason,
1174 http_msg_rpline_eol,
1175 http_msg_ood, /* out of data */
1176 http_msg_invalid;
1177
1178 switch (state) {
1179 http_msg_rpver:
1180 case HTTP_MSG_RPVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001181 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001182 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1183
1184 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001185 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001186 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1187 }
1188 goto http_msg_invalid;
1189
1190 http_msg_rpver_sp:
1191 case HTTP_MSG_RPVER_SP:
1192 if (likely(!HTTP_IS_LWS(*ptr))) {
1193 msg->sl.st.c = ptr - msg_buf;
1194 goto http_msg_rpcode;
1195 }
1196 if (likely(HTTP_IS_SPHT(*ptr)))
1197 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1198 /* so it's a CR/LF, this is invalid */
1199 goto http_msg_invalid;
1200
1201 http_msg_rpcode:
1202 case HTTP_MSG_RPCODE:
1203 if (likely(!HTTP_IS_LWS(*ptr)))
1204 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1205
1206 if (likely(HTTP_IS_SPHT(*ptr))) {
1207 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1208 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1209 }
1210
1211 /* so it's a CR/LF, so there is no reason phrase */
1212 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1213 http_msg_rsp_reason:
1214 /* FIXME: should we support HTTP responses without any reason phrase ? */
1215 msg->sl.st.r = ptr - msg_buf;
1216 msg->sl.st.r_l = 0;
1217 goto http_msg_rpline_eol;
1218
1219 http_msg_rpcode_sp:
1220 case HTTP_MSG_RPCODE_SP:
1221 if (likely(!HTTP_IS_LWS(*ptr))) {
1222 msg->sl.st.r = ptr - msg_buf;
1223 goto http_msg_rpreason;
1224 }
1225 if (likely(HTTP_IS_SPHT(*ptr)))
1226 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1227 /* so it's a CR/LF, so there is no reason phrase */
1228 goto http_msg_rsp_reason;
1229
1230 http_msg_rpreason:
1231 case HTTP_MSG_RPREASON:
1232 if (likely(!HTTP_IS_CRLF(*ptr)))
1233 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
1234 msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r;
1235 http_msg_rpline_eol:
1236 /* We have seen the end of line. Note that we do not
1237 * necessarily have the \n yet, but at least we know that we
1238 * have EITHER \r OR \n, otherwise the response would not be
1239 * complete. We can then record the response length and return
1240 * to the caller which will be able to register it.
1241 */
1242 msg->sl.st.l = ptr - msg->sol;
1243 return ptr;
1244
1245#ifdef DEBUG_FULL
1246 default:
1247 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1248 exit(1);
1249#endif
1250 }
1251
1252 http_msg_ood:
1253 /* out of data */
1254 if (ret_state)
1255 *ret_state = state;
1256 if (ret_ptr)
1257 *ret_ptr = (char *)ptr;
1258 return NULL;
1259
1260 http_msg_invalid:
1261 /* invalid message */
1262 if (ret_state)
1263 *ret_state = HTTP_MSG_ERROR;
1264 return NULL;
1265}
1266
1267
1268/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001269 * This function parses a request line between <ptr> and <end>, starting with
1270 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1271 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1272 * will give undefined results.
1273 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1274 * and that msg->sol points to the beginning of the request.
1275 * If a complete line is found (which implies that at least one CR or LF is
1276 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1277 * returned indicating an incomplete line (which does not mean that parts have
1278 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1279 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1280 * upon next call.
1281 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001282 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001283 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1284 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001285 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001286 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001287const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1288 unsigned int state, const char *ptr, const char *end,
1289 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001290{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001291 __label__
1292 http_msg_rqmeth,
1293 http_msg_rqmeth_sp,
1294 http_msg_rquri,
1295 http_msg_rquri_sp,
1296 http_msg_rqver,
1297 http_msg_rqline_eol,
1298 http_msg_ood, /* out of data */
1299 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001300
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001301 switch (state) {
1302 http_msg_rqmeth:
1303 case HTTP_MSG_RQMETH:
1304 if (likely(HTTP_IS_TOKEN(*ptr)))
1305 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001306
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001307 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001308 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001309 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1310 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001311
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001312 if (likely(HTTP_IS_CRLF(*ptr))) {
1313 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001314 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001315 http_msg_req09_uri:
1316 msg->sl.rq.u = ptr - msg_buf;
1317 http_msg_req09_uri_e:
1318 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1319 http_msg_req09_ver:
1320 msg->sl.rq.v = ptr - msg_buf;
1321 msg->sl.rq.v_l = 0;
1322 goto http_msg_rqline_eol;
1323 }
1324 goto http_msg_invalid;
1325
1326 http_msg_rqmeth_sp:
1327 case HTTP_MSG_RQMETH_SP:
1328 if (likely(!HTTP_IS_LWS(*ptr))) {
1329 msg->sl.rq.u = ptr - msg_buf;
1330 goto http_msg_rquri;
1331 }
1332 if (likely(HTTP_IS_SPHT(*ptr)))
1333 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1334 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1335 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001336
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001337 http_msg_rquri:
1338 case HTTP_MSG_RQURI:
1339 if (likely(!HTTP_IS_LWS(*ptr)))
1340 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001341
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001342 if (likely(HTTP_IS_SPHT(*ptr))) {
1343 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1344 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1345 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001346
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001347 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1348 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001349
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001350 http_msg_rquri_sp:
1351 case HTTP_MSG_RQURI_SP:
1352 if (likely(!HTTP_IS_LWS(*ptr))) {
1353 msg->sl.rq.v = ptr - msg_buf;
1354 goto http_msg_rqver;
1355 }
1356 if (likely(HTTP_IS_SPHT(*ptr)))
1357 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1358 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1359 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001360
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001361 http_msg_rqver:
1362 case HTTP_MSG_RQVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001363 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001364 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001365
1366 if (likely(HTTP_IS_CRLF(*ptr))) {
1367 msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v;
1368 http_msg_rqline_eol:
1369 /* We have seen the end of line. Note that we do not
1370 * necessarily have the \n yet, but at least we know that we
1371 * have EITHER \r OR \n, otherwise the request would not be
1372 * complete. We can then record the request length and return
1373 * to the caller which will be able to register it.
1374 */
1375 msg->sl.rq.l = ptr - msg->sol;
1376 return ptr;
1377 }
1378
1379 /* neither an HTTP_VER token nor a CRLF */
1380 goto http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001381
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001382#ifdef DEBUG_FULL
1383 default:
1384 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1385 exit(1);
1386#endif
1387 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001388
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001389 http_msg_ood:
1390 /* out of data */
1391 if (ret_state)
1392 *ret_state = state;
1393 if (ret_ptr)
1394 *ret_ptr = (char *)ptr;
1395 return NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001396
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001397 http_msg_invalid:
1398 /* invalid message */
1399 if (ret_state)
1400 *ret_state = HTTP_MSG_ERROR;
1401 return NULL;
1402}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001403
1404
Willy Tarreau8973c702007-01-21 23:58:29 +01001405/*
1406 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001407 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001408 * when data are missing and recalled at the exact same location with no
1409 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001410 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
1411 * fields.
Willy Tarreau8973c702007-01-21 23:58:29 +01001412 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001413void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1414{
1415 __label__
1416 http_msg_rqbefore,
1417 http_msg_rqbefore_cr,
1418 http_msg_rqmeth,
1419 http_msg_rqline_end,
1420 http_msg_hdr_first,
1421 http_msg_hdr_name,
1422 http_msg_hdr_l1_sp,
1423 http_msg_hdr_l1_lf,
1424 http_msg_hdr_l1_lws,
1425 http_msg_hdr_val,
1426 http_msg_hdr_l2_lf,
1427 http_msg_hdr_l2_lws,
1428 http_msg_complete_header,
1429 http_msg_last_lf,
1430 http_msg_ood, /* out of data */
1431 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001432
Willy Tarreaue69eada2008-01-27 00:34:10 +01001433 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001434 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001435
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001436 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001437 ptr = buf->lr;
1438 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001439
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001440 if (unlikely(ptr >= end))
1441 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001442
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001443 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001444 /*
1445 * First, states that are specific to the response only.
1446 * We check them first so that request and headers are
1447 * closer to each other (accessed more often).
1448 */
1449 http_msg_rpbefore:
1450 case HTTP_MSG_RPBEFORE:
1451 if (likely(HTTP_IS_TOKEN(*ptr))) {
1452 if (likely(ptr == buf->data)) {
1453 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001454 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001455 } else {
1456#if PARSE_PRESERVE_EMPTY_LINES
1457 /* only skip empty leading lines, don't remove them */
1458 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001459 msg->som = ptr - buf->data;
Willy Tarreau8973c702007-01-21 23:58:29 +01001460#else
1461 /* Remove empty leading lines, as recommended by
1462 * RFC2616. This takes a lot of time because we
1463 * must move all the buffer backwards, but this
1464 * is rarely needed. The method above will be
1465 * cleaner when we'll be able to start sending
1466 * the request from any place in the buffer.
1467 */
1468 buf->lr = ptr;
1469 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001470 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001471 msg->sol = buf->data;
1472 ptr = buf->data;
1473 end = buf->r;
1474#endif
1475 }
1476 hdr_idx_init(idx);
1477 state = HTTP_MSG_RPVER;
1478 goto http_msg_rpver;
1479 }
1480
1481 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1482 goto http_msg_invalid;
1483
1484 if (unlikely(*ptr == '\n'))
1485 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1486 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1487 /* stop here */
1488
1489 http_msg_rpbefore_cr:
1490 case HTTP_MSG_RPBEFORE_CR:
1491 EXPECT_LF_HERE(ptr, http_msg_invalid);
1492 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1493 /* stop here */
1494
1495 http_msg_rpver:
1496 case HTTP_MSG_RPVER:
1497 case HTTP_MSG_RPVER_SP:
1498 case HTTP_MSG_RPCODE:
1499 case HTTP_MSG_RPCODE_SP:
1500 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001501 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001502 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001503 if (unlikely(!ptr))
1504 return;
1505
1506 /* we have a full response and we know that we have either a CR
1507 * or an LF at <ptr>.
1508 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001509 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001510 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1511
1512 msg->sol = ptr;
1513 if (likely(*ptr == '\r'))
1514 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1515 goto http_msg_rpline_end;
1516
1517 http_msg_rpline_end:
1518 case HTTP_MSG_RPLINE_END:
1519 /* msg->sol must point to the first of CR or LF. */
1520 EXPECT_LF_HERE(ptr, http_msg_invalid);
1521 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1522 /* stop here */
1523
1524 /*
1525 * Second, states that are specific to the request only
1526 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001527 http_msg_rqbefore:
1528 case HTTP_MSG_RQBEFORE:
1529 if (likely(HTTP_IS_TOKEN(*ptr))) {
1530 if (likely(ptr == buf->data)) {
1531 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001532 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001533 } else {
1534#if PARSE_PRESERVE_EMPTY_LINES
1535 /* only skip empty leading lines, don't remove them */
1536 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001537 msg->som = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001538#else
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001539 /* Remove empty leading lines, as recommended by
1540 * RFC2616. This takes a lot of time because we
1541 * must move all the buffer backwards, but this
1542 * is rarely needed. The method above will be
1543 * cleaner when we'll be able to start sending
1544 * the request from any place in the buffer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001545 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001546 buf->lr = ptr;
1547 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001548 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001549 msg->sol = buf->data;
1550 ptr = buf->data;
1551 end = buf->r;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001552#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001553 }
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001554 /* we will need this when keep-alive will be supported
1555 hdr_idx_init(idx);
1556 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001557 state = HTTP_MSG_RQMETH;
1558 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001559 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001560
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001561 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1562 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001563
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001564 if (unlikely(*ptr == '\n'))
1565 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1566 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001567 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001568
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001569 http_msg_rqbefore_cr:
1570 case HTTP_MSG_RQBEFORE_CR:
1571 EXPECT_LF_HERE(ptr, http_msg_invalid);
1572 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001573 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001574
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001575 http_msg_rqmeth:
1576 case HTTP_MSG_RQMETH:
1577 case HTTP_MSG_RQMETH_SP:
1578 case HTTP_MSG_RQURI:
1579 case HTTP_MSG_RQURI_SP:
1580 case HTTP_MSG_RQVER:
1581 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001582 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001583 if (unlikely(!ptr))
1584 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001585
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001586 /* we have a full request and we know that we have either a CR
1587 * or an LF at <ptr>.
1588 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001589 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001590 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001591
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001592 msg->sol = ptr;
1593 if (likely(*ptr == '\r'))
1594 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001595 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001596
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001597 http_msg_rqline_end:
1598 case HTTP_MSG_RQLINE_END:
1599 /* check for HTTP/0.9 request : no version information available.
1600 * msg->sol must point to the first of CR or LF.
1601 */
1602 if (unlikely(msg->sl.rq.v_l == 0))
1603 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001604
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001605 EXPECT_LF_HERE(ptr, http_msg_invalid);
1606 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001607 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001608
Willy Tarreau8973c702007-01-21 23:58:29 +01001609 /*
1610 * Common states below
1611 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001612 http_msg_hdr_first:
1613 case HTTP_MSG_HDR_FIRST:
1614 msg->sol = ptr;
1615 if (likely(!HTTP_IS_CRLF(*ptr))) {
1616 goto http_msg_hdr_name;
1617 }
1618
1619 if (likely(*ptr == '\r'))
1620 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1621 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001622
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001623 http_msg_hdr_name:
1624 case HTTP_MSG_HDR_NAME:
1625 /* assumes msg->sol points to the first char */
1626 if (likely(HTTP_IS_TOKEN(*ptr)))
1627 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001628
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001629 if (likely(*ptr == ':')) {
1630 msg->col = ptr - buf->data;
1631 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1632 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001633
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001634 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001635
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001636 http_msg_hdr_l1_sp:
1637 case HTTP_MSG_HDR_L1_SP:
1638 /* assumes msg->sol points to the first char and msg->col to the colon */
1639 if (likely(HTTP_IS_SPHT(*ptr)))
1640 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001641
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001642 /* header value can be basically anything except CR/LF */
1643 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001644
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001645 if (likely(!HTTP_IS_CRLF(*ptr))) {
1646 goto http_msg_hdr_val;
1647 }
1648
1649 if (likely(*ptr == '\r'))
1650 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1651 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001652
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001653 http_msg_hdr_l1_lf:
1654 case HTTP_MSG_HDR_L1_LF:
1655 EXPECT_LF_HERE(ptr, http_msg_invalid);
1656 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001657
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001658 http_msg_hdr_l1_lws:
1659 case HTTP_MSG_HDR_L1_LWS:
1660 if (likely(HTTP_IS_SPHT(*ptr))) {
1661 /* replace HT,CR,LF with spaces */
1662 for (; buf->data+msg->sov < ptr; msg->sov++)
1663 buf->data[msg->sov] = ' ';
1664 goto http_msg_hdr_l1_sp;
1665 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001666 /* we had a header consisting only in spaces ! */
1667 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001668 goto http_msg_complete_header;
1669
1670 http_msg_hdr_val:
1671 case HTTP_MSG_HDR_VAL:
1672 /* assumes msg->sol points to the first char, msg->col to the
1673 * colon, and msg->sov points to the first character of the
1674 * value.
1675 */
1676 if (likely(!HTTP_IS_CRLF(*ptr)))
1677 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001678
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001679 msg->eol = ptr;
1680 /* Note: we could also copy eol into ->eoh so that we have the
1681 * real header end in case it ends with lots of LWS, but is this
1682 * really needed ?
1683 */
1684 if (likely(*ptr == '\r'))
1685 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1686 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001687
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001688 http_msg_hdr_l2_lf:
1689 case HTTP_MSG_HDR_L2_LF:
1690 EXPECT_LF_HERE(ptr, http_msg_invalid);
1691 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001692
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001693 http_msg_hdr_l2_lws:
1694 case HTTP_MSG_HDR_L2_LWS:
1695 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1696 /* LWS: replace HT,CR,LF with spaces */
1697 for (; msg->eol < ptr; msg->eol++)
1698 *msg->eol = ' ';
1699 goto http_msg_hdr_val;
1700 }
1701 http_msg_complete_header:
1702 /*
1703 * It was a new header, so the last one is finished.
1704 * Assumes msg->sol points to the first char, msg->col to the
1705 * colon, msg->sov points to the first character of the value
1706 * and msg->eol to the first CR or LF so we know how the line
1707 * ends. We insert last header into the index.
1708 */
1709 /*
1710 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1711 write(2, msg->sol, msg->eol-msg->sol);
1712 fprintf(stderr,"\n");
1713 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001714
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001715 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1716 idx, idx->tail) < 0))
1717 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001718
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001719 msg->sol = ptr;
1720 if (likely(!HTTP_IS_CRLF(*ptr))) {
1721 goto http_msg_hdr_name;
1722 }
1723
1724 if (likely(*ptr == '\r'))
1725 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1726 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001727
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001728 http_msg_last_lf:
1729 case HTTP_MSG_LAST_LF:
1730 /* Assumes msg->sol points to the first of either CR or LF */
1731 EXPECT_LF_HERE(ptr, http_msg_invalid);
1732 ptr++;
1733 buf->lr = ptr;
1734 msg->eoh = msg->sol - buf->data;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001735 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001736 return;
1737#ifdef DEBUG_FULL
1738 default:
1739 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1740 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001741#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001742 }
1743 http_msg_ood:
1744 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001745 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001746 buf->lr = ptr;
1747 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001748
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001749 http_msg_invalid:
1750 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001751 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001752 return;
1753}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001754
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001755/* This function performs all the processing enabled for the current request.
Willy Tarreaudafde432008-08-17 01:00:46 +02001756 * It normally returns zero, but may return 1 if it absolutely needs to be
1757 * called again after other functions. It relies on buffers flags, and updates
Willy Tarreau2df28e82008-08-17 15:20:19 +02001758 * t->req->analysers. It might make sense to explode it into several other
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001759 * functions. Its behaviour is rather simple :
1760 * - all enabled analysers are called in turn from the lower to the higher
1761 * bit.
1762 * - if an analyser does not have enough data, it must return without calling
Willy Tarreau3da77c52008-08-29 09:58:42 +02001763 * other ones. It should also probably reset the BF_WRITE_ENA bit to ensure
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001764 * that unprocessed data will not be forwarded. But that probably depends on
1765 * the protocol. Generally it is not reset in case of errors.
1766 * - if an analyser has enough data, it just has to pass on to the next
Willy Tarreau3da77c52008-08-29 09:58:42 +02001767 * analyser without touching BF_WRITE_ENA (it is enabled prior to
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001768 * analysis).
1769 * - if an analyser thinks it has no added value anymore staying here, it must
1770 * reset its bit from the analysers flags in order not to be called anymore.
1771 *
1772 * In the future, analysers should be able to indicate that they want to be
1773 * called after XXX bytes have been received (or transfered), and the min of
1774 * all's wishes will be used to ring back (unless a special condition occurs).
1775 *
1776 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001777 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001778int process_request(struct session *t)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001779{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001780 struct buffer *req = t->req;
1781 struct buffer *rep = t->rep;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001782
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02001783 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02001784 now_ms, __FUNCTION__,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02001785 t,
1786 req,
1787 req->rex, req->wex,
1788 req->flags,
1789 req->l,
1790 req->analysers);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001791
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001792 /* The tcp-inspect analyser is always called alone */
Willy Tarreau2df28e82008-08-17 15:20:19 +02001793 if (req->analysers & AN_REQ_INSPECT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001794 struct tcp_rule *rule;
1795 int partial;
1796
Willy Tarreauf495ddf2008-08-17 14:38:41 +02001797 /* We will abort if we encounter a read error. In theory, we
1798 * should not abort if we get a close, it might be valid,
1799 * although very unlikely. FIXME: we'll abort for now, this
1800 * will be easier to change later.
Willy Tarreaub6866442008-07-14 23:54:42 +02001801 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001802 if (req->flags & BF_READ_ERROR) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02001803 req->analysers = 0;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001804 //t->fe->failed_req++;
Willy Tarreaub6866442008-07-14 23:54:42 +02001805 if (!(t->flags & SN_ERR_MASK))
1806 t->flags |= SN_ERR_CLICL;
1807 if (!(t->flags & SN_FINST_MASK))
1808 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001809 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001810 }
1811
1812 /* Abort if client read timeout has expired */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001813 else if (req->flags & BF_READ_TIMEOUT) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02001814 req->analysers = 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001815 t->fe->failed_req++;
1816 if (!(t->flags & SN_ERR_MASK))
1817 t->flags |= SN_ERR_CLITO;
1818 if (!(t->flags & SN_FINST_MASK))
1819 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001820 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001821 }
1822
1823 /* We don't know whether we have enough data, so must proceed
1824 * this way :
1825 * - iterate through all rules in their declaration order
1826 * - if one rule returns MISS, it means the inspect delay is
1827 * not over yet, then return immediately, otherwise consider
1828 * it as a non-match.
1829 * - if one rule returns OK, then return OK
1830 * - if one rule returns KO, then return KO
1831 */
1832
Willy Tarreaue5ed4062008-08-30 03:17:31 +02001833 if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms))
Willy Tarreaub6866442008-07-14 23:54:42 +02001834 partial = 0;
1835 else
1836 partial = ACL_PARTIAL;
1837
1838 list_for_each_entry(rule, &t->fe->tcp_req.inspect_rules, list) {
1839 int ret = ACL_PAT_PASS;
1840
1841 if (rule->cond) {
1842 ret = acl_exec_cond(rule->cond, t->fe, t, NULL, ACL_DIR_REQ | partial);
1843 if (ret == ACL_PAT_MISS) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02001844 buffer_write_dis(req);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001845 /* just set the request timeout once at the beginning of the request */
Willy Tarreauffab5b42008-08-17 18:03:28 +02001846 if (!tick_isset(req->analyse_exp))
1847 req->analyse_exp = tick_add_ifset(now_ms, t->fe->tcp_req.inspect_delay);
Willy Tarreaudafde432008-08-17 01:00:46 +02001848 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001849 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001850
Willy Tarreaub6866442008-07-14 23:54:42 +02001851 ret = acl_pass(ret);
1852 if (rule->cond->pol == ACL_COND_UNLESS)
1853 ret = !ret;
1854 }
1855
1856 if (ret) {
1857 /* we have a matching rule. */
1858 if (rule->action == TCP_ACT_REJECT) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02001859 buffer_abort(req);
1860 buffer_abort(rep);
1861 //FIXME: this delete this
1862 //fd_delete(t->cli_fd);
1863 //t->cli_state = CL_STCLOSE;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001864 req->analysers = 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001865 t->fe->failed_req++;
1866 if (!(t->flags & SN_ERR_MASK))
1867 t->flags |= SN_ERR_PRXCOND;
1868 if (!(t->flags & SN_FINST_MASK))
1869 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001870 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001871 }
1872 /* otherwise accept */
1873 break;
1874 }
1875 }
1876
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001877 /* if we get there, it means we have no rule which matches, or
1878 * we have an explicit accept, so we apply the default accept.
Willy Tarreaub6866442008-07-14 23:54:42 +02001879 */
Willy Tarreau2df28e82008-08-17 15:20:19 +02001880 req->analysers &= ~AN_REQ_INSPECT;
Willy Tarreauffab5b42008-08-17 18:03:28 +02001881 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001882 }
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001883
Willy Tarreau2df28e82008-08-17 15:20:19 +02001884 if (req->analysers & AN_REQ_HTTP_HDR) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001885 /*
1886 * Now parse the partial (or complete) lines.
1887 * We will check the request syntax, and also join multi-line
1888 * headers. An index of all the lines will be elaborated while
1889 * parsing.
1890 *
Willy Tarreau8973c702007-01-21 23:58:29 +01001891 * For the parsing, we use a 28 states FSM.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001892 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001893 * Here is the information we currently have :
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001894 * req->data + req->som = beginning of request
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001895 * req->data + req->eoh = end of processed headers / start of current one
1896 * req->data + req->eol = end of current header or line (LF or CRLF)
1897 * req->lr = first non-visited byte
1898 * req->r = end of data
1899 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001900
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001901 int cur_idx;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001902 struct http_txn *txn = &t->txn;
1903 struct http_msg *msg = &txn->req;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001904 struct proxy *cur_proxy;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001905
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001906 if (likely(req->lr < req->r))
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001907 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001908
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001909 /* 1: we might have to print this header in debug mode */
1910 if (unlikely((global.mode & MODE_DEBUG) &&
1911 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001912 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001913 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001914
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001915 sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001916 eol = sol + msg->sl.rq.l;
1917 debug_hdr("clireq", t, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01001918
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001919 sol += hdr_idx_first_pos(&txn->hdr_idx);
1920 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001921
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001922 while (cur_idx) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001923 eol = sol + txn->hdr_idx.v[cur_idx].len;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001924 debug_hdr("clihdr", t, sol, eol);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001925 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
1926 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001927 }
1928 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001929
Willy Tarreau58f10d72006-12-04 02:26:12 +01001930
1931 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001932 * Now we quickly check if we have found a full valid request.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001933 * If not so, we check the FD and buffer states before leaving.
1934 * A full request is indicated by the fact that we have seen
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001935 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
1936 * requests are checked first.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001937 *
1938 */
1939
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001940 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001941 /*
1942 * First, let's catch bad requests.
1943 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001944 if (unlikely(msg->msg_state == HTTP_MSG_ERROR))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001945 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001946
1947 /* 1: Since we are in header mode, if there's no space
1948 * left for headers, we won't be able to free more
1949 * later, so the session will never terminate. We
1950 * must terminate it now.
1951 */
Willy Tarreaue393fe22008-08-16 22:18:07 +02001952 if (unlikely(req->flags & BF_FULL)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001953 /* FIXME: check if URI is set and return Status
1954 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001955 */
Willy Tarreau06619262006-12-17 08:37:22 +01001956 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001957 }
1958
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001959 /* 2: have we encountered a read error ? */
1960 else if (req->flags & BF_READ_ERROR) {
1961 /* we cannot return any message on error */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001962 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001963 req->analysers = 0;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001964 //t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001965 if (!(t->flags & SN_ERR_MASK))
1966 t->flags |= SN_ERR_CLICL;
1967 if (!(t->flags & SN_FINST_MASK))
1968 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001969 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001970 }
1971
1972 /* 3: has the read timeout expired ? */
Willy Tarreauffab5b42008-08-17 18:03:28 +02001973 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01001974 /* read timeout : give up with an error message. */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001975 txn->status = 408;
Willy Tarreau80587432006-12-24 17:47:20 +01001976 client_retnclose(t, error_message(t, HTTP_ERR_408));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001977 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001978 req->analysers = 0;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001979 t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001980 if (!(t->flags & SN_ERR_MASK))
1981 t->flags |= SN_ERR_CLITO;
1982 if (!(t->flags & SN_FINST_MASK))
1983 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001984 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001985 }
1986
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001987 /* 4: have we encountered a close ? */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02001988 else if (req->flags & BF_SHUTR) {
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001989 txn->status = 400;
1990 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001991 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001992 req->analysers = 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001993 t->fe->failed_req++;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001994
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001995 if (!(t->flags & SN_ERR_MASK))
1996 t->flags |= SN_ERR_CLICL;
1997 if (!(t->flags & SN_FINST_MASK))
1998 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001999 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002000 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002001
Willy Tarreau3da77c52008-08-29 09:58:42 +02002002 buffer_write_dis(req);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002003 /* just set the request timeout once at the beginning of the request */
Willy Tarreauffab5b42008-08-17 18:03:28 +02002004 if (!tick_isset(req->analyse_exp))
2005 req->analyse_exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002006
2007 /* we're not ready yet */
Willy Tarreaudafde432008-08-17 01:00:46 +02002008 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002009 }
2010
2011
2012 /****************************************************************
2013 * More interesting part now : we know that we have a complete *
2014 * request which at least looks like HTTP. We have an indicator *
2015 * of each header's length, so we can parse them quickly. *
2016 ****************************************************************/
2017
Willy Tarreau2df28e82008-08-17 15:20:19 +02002018 req->analysers &= ~AN_REQ_HTTP_HDR;
Willy Tarreauffab5b42008-08-17 18:03:28 +02002019 req->analyse_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002020
Willy Tarreau9cdde232007-05-02 20:58:19 +02002021 /* ensure we keep this pointer to the beginning of the message */
2022 msg->sol = req->data + msg->som;
2023
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002024 /*
2025 * 1: identify the method
2026 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002027 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002028
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002029 /* we can make use of server redirect on GET and HEAD */
2030 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2031 t->flags |= SN_REDIRECTABLE;
2032
Willy Tarreau58f10d72006-12-04 02:26:12 +01002033 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002034 * 2: check if the URI matches the monitor_uri.
Willy Tarreau06619262006-12-17 08:37:22 +01002035 * We have to do this for every request which gets in, because
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002036 * the monitor-uri is defined by the frontend.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002037 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002038 if (unlikely((t->fe->monitor_uri_len != 0) &&
2039 (t->fe->monitor_uri_len == msg->sl.rq.u_l) &&
2040 !memcmp(&req->data[msg->sl.rq.u],
2041 t->fe->monitor_uri,
2042 t->fe->monitor_uri_len))) {
2043 /*
2044 * We have found the monitor URI
2045 */
Willy Tarreaub80c2302007-11-30 20:51:32 +01002046 struct acl_cond *cond;
2047 cur_proxy = t->fe;
2048
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002049 t->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002050
2051 /* Check if we want to fail this monitor request or not */
2052 list_for_each_entry(cond, &cur_proxy->mon_fail_cond, list) {
2053 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002054
2055 ret = acl_pass(ret);
Willy Tarreaub80c2302007-11-30 20:51:32 +01002056 if (cond->pol == ACL_COND_UNLESS)
2057 ret = !ret;
2058
2059 if (ret) {
2060 /* we fail this request, let's return 503 service unavail */
2061 txn->status = 503;
2062 client_retnclose(t, error_message(t, HTTP_ERR_503));
2063 goto return_prx_cond;
2064 }
2065 }
2066
2067 /* nothing to fail, let's reply normaly */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002068 txn->status = 200;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002069 client_retnclose(t, &http_200_chunk);
2070 goto return_prx_cond;
2071 }
2072
2073 /*
2074 * 3: Maybe we have to copy the original REQURI for the logs ?
2075 * Note: we cannot log anymore if the request has been
2076 * classified as invalid.
2077 */
2078 if (unlikely(t->logs.logwait & LW_REQ)) {
2079 /* we have a complete HTTP request that we must log */
Willy Tarreau332f8bf2007-05-13 21:36:56 +02002080 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002081 int urilen = msg->sl.rq.l;
2082
2083 if (urilen >= REQURI_LEN)
2084 urilen = REQURI_LEN - 1;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002085 memcpy(txn->uri, &req->data[msg->som], urilen);
2086 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002087
2088 if (!(t->logs.logwait &= ~LW_REQ))
Willy Tarreau42250582007-04-01 01:30:43 +02002089 http_sess_log(t);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002090 } else {
2091 Alert("HTTP logging : out of memory.\n");
2092 }
2093 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002094
Willy Tarreau06619262006-12-17 08:37:22 +01002095
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002096 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
2097 if (unlikely(msg->sl.rq.v_l == 0)) {
2098 int delta;
2099 char *cur_end;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002100 msg->sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002101 cur_end = msg->sol + msg->sl.rq.l;
2102 delta = 0;
Willy Tarreau06619262006-12-17 08:37:22 +01002103
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002104 if (msg->sl.rq.u_l == 0) {
2105 /* if no URI was set, add "/" */
2106 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
2107 cur_end += delta;
2108 msg->eoh += delta;
Willy Tarreau06619262006-12-17 08:37:22 +01002109 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002110 /* add HTTP version */
2111 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
2112 msg->eoh += delta;
2113 cur_end += delta;
2114 cur_end = (char *)http_parse_reqline(msg, req->data,
2115 HTTP_MSG_RQMETH,
2116 msg->sol, cur_end + 1,
2117 NULL, NULL);
2118 if (unlikely(!cur_end))
2119 goto return_bad_req;
2120
2121 /* we have a full HTTP/1.0 request now and we know that
2122 * we have either a CR or an LF at <ptr>.
2123 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002124 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
Willy Tarreau58f10d72006-12-04 02:26:12 +01002125 }
2126
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002127
2128 /* 5: we may need to capture headers */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002129 if (unlikely((t->logs.logwait & LW_REQHDR) && t->fe->req_cap))
Willy Tarreau117f59e2007-03-04 18:17:17 +01002130 capture_headers(req->data + msg->som, &txn->hdr_idx,
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002131 txn->req.cap, t->fe->req_cap);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002132
2133 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002134 * 6: we will have to evaluate the filters.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002135 * As opposed to version 1.2, now they will be evaluated in the
2136 * filters order and not in the header order. This means that
2137 * each filter has to be validated among all headers.
Willy Tarreau06619262006-12-17 08:37:22 +01002138 *
2139 * We can now check whether we want to switch to another
2140 * backend, in which case we will re-check the backend's
2141 * filters and various options. In order to support 3-level
2142 * switching, here's how we should proceed :
2143 *
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002144 * a) run be.
Willy Tarreau830ff452006-12-17 19:31:23 +01002145 * if (switch) then switch ->be to the new backend.
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002146 * b) run be if (be != fe).
Willy Tarreau06619262006-12-17 08:37:22 +01002147 * There cannot be any switch from there, so ->be cannot be
2148 * changed anymore.
2149 *
Willy Tarreau830ff452006-12-17 19:31:23 +01002150 * => filters always apply to ->be, then ->be may change.
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002151 *
Willy Tarreau830ff452006-12-17 19:31:23 +01002152 * The response path will be able to apply either ->be, or
2153 * ->be then ->fe filters in order to match the reverse of
2154 * the forward sequence.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002155 */
2156
Willy Tarreau06619262006-12-17 08:37:22 +01002157 do {
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002158 struct acl_cond *cond;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002159 struct redirect_rule *rule;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002160 struct proxy *rule_set = t->be;
Willy Tarreau830ff452006-12-17 19:31:23 +01002161 cur_proxy = t->be;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002162
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002163 /* first check whether we have some ACLs set to redirect this request */
2164 list_for_each_entry(rule, &cur_proxy->redirect_rules, list) {
2165 int ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002166
2167 ret = acl_pass(ret);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002168 if (rule->cond->pol == ACL_COND_UNLESS)
2169 ret = !ret;
2170
2171 if (ret) {
2172 struct chunk rdr = { trash, 0 };
2173 const char *msg_fmt;
2174
2175 /* build redirect message */
2176 switch(rule->code) {
2177 case 303:
2178 rdr.len = strlen(HTTP_303);
2179 msg_fmt = HTTP_303;
2180 break;
2181 case 301:
2182 rdr.len = strlen(HTTP_301);
2183 msg_fmt = HTTP_301;
2184 break;
2185 case 302:
2186 default:
2187 rdr.len = strlen(HTTP_302);
2188 msg_fmt = HTTP_302;
2189 break;
2190 }
2191
2192 if (unlikely(rdr.len > sizeof(trash)))
2193 goto return_bad_req;
2194 memcpy(rdr.str, msg_fmt, rdr.len);
2195
2196 switch(rule->type) {
2197 case REDIRECT_TYPE_PREFIX: {
2198 const char *path;
2199 int pathlen;
2200
2201 path = http_get_path(txn);
2202 /* build message using path */
2203 if (path) {
2204 pathlen = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
2205 } else {
2206 path = "/";
2207 pathlen = 1;
2208 }
2209
2210 if (rdr.len + rule->rdr_len + pathlen > sizeof(trash) - 4)
2211 goto return_bad_req;
2212
2213 /* add prefix */
2214 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2215 rdr.len += rule->rdr_len;
2216
2217 /* add path */
2218 memcpy(rdr.str + rdr.len, path, pathlen);
2219 rdr.len += pathlen;
2220 break;
2221 }
2222 case REDIRECT_TYPE_LOCATION:
2223 default:
2224 if (rdr.len + rule->rdr_len > sizeof(trash) - 4)
2225 goto return_bad_req;
2226
2227 /* add location */
2228 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2229 rdr.len += rule->rdr_len;
2230 break;
2231 }
2232
2233 /* add end of headers */
2234 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
2235 rdr.len += 4;
2236
2237 txn->status = rule->code;
2238 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002239 t->logs.tv_request = now;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002240 client_retnclose(t, &rdr);
2241 goto return_prx_cond;
2242 }
2243 }
2244
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002245 /* first check whether we have some ACLs set to block this request */
2246 list_for_each_entry(cond, &cur_proxy->block_cond, list) {
Willy Tarreaud41f8d82007-06-10 10:06:18 +02002247 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002248
2249 ret = acl_pass(ret);
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002250 if (cond->pol == ACL_COND_UNLESS)
2251 ret = !ret;
2252
2253 if (ret) {
2254 txn->status = 403;
2255 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002256 t->logs.tv_request = now;
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002257 client_retnclose(t, error_message(t, HTTP_ERR_403));
2258 goto return_prx_cond;
2259 }
2260 }
2261
Willy Tarreau06619262006-12-17 08:37:22 +01002262 /* try headers filters */
Willy Tarreau53b6c742006-12-17 13:37:46 +01002263 if (rule_set->req_exp != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002264 if (apply_filters_to_request(t, req, rule_set->req_exp) < 0)
2265 goto return_bad_req;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002266 }
2267
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002268 if (!(t->flags & SN_BE_ASSIGNED) && (t->be != cur_proxy)) {
2269 /* to ensure correct connection accounting on
2270 * the backend, we count the connection for the
2271 * one managing the queue.
2272 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002273 t->be->beconn++;
2274 if (t->be->beconn > t->be->beconn_max)
2275 t->be->beconn_max = t->be->beconn;
2276 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002277 t->flags |= SN_BE_ASSIGNED;
2278 }
2279
Willy Tarreau06619262006-12-17 08:37:22 +01002280 /* has the request been denied ? */
Willy Tarreau3d300592007-03-18 18:34:41 +01002281 if (txn->flags & TX_CLDENY) {
Willy Tarreau06619262006-12-17 08:37:22 +01002282 /* no need to go further */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002283 txn->status = 403;
Willy Tarreau06619262006-12-17 08:37:22 +01002284 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002285 t->logs.tv_request = now;
Willy Tarreau80587432006-12-24 17:47:20 +01002286 client_retnclose(t, error_message(t, HTTP_ERR_403));
Willy Tarreau06619262006-12-17 08:37:22 +01002287 goto return_prx_cond;
2288 }
2289
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002290 /* We might have to check for "Connection:" */
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002291 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002292 !(t->flags & SN_CONN_CLOSED)) {
2293 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002294 int cur_idx, old_idx, delta, val;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002295 struct hdr_idx_elem *cur_hdr;
Willy Tarreau06619262006-12-17 08:37:22 +01002296
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002297 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002298 old_idx = 0;
2299
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002300 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2301 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002302 cur_ptr = cur_next;
2303 cur_end = cur_ptr + cur_hdr->len;
2304 cur_next = cur_end + cur_hdr->cr + 1;
2305
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002306 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2307 if (val) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002308 /* 3 possibilities :
2309 * - we have already set Connection: close,
2310 * so we remove this line.
2311 * - we have not yet set Connection: close,
2312 * but this line indicates close. We leave
2313 * it untouched and set the flag.
2314 * - we have not yet set Connection: close,
2315 * and this line indicates non-close. We
2316 * replace it.
2317 */
2318 if (t->flags & SN_CONN_CLOSED) {
2319 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002320 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002321 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002322 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2323 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002324 cur_hdr->len = 0;
2325 } else {
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002326 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2327 delta = buffer_replace2(req, cur_ptr + val, cur_end,
2328 "close", 5);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002329 cur_next += delta;
2330 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002331 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002332 }
2333 t->flags |= SN_CONN_CLOSED;
2334 }
2335 }
2336 old_idx = cur_idx;
2337 }
Willy Tarreauf2f0ee82007-03-30 12:02:43 +02002338 }
2339 /* add request headers from the rule sets in the same order */
2340 for (cur_idx = 0; cur_idx < rule_set->nb_reqadd; cur_idx++) {
2341 if (unlikely(http_header_add_tail(req,
2342 &txn->req,
2343 &txn->hdr_idx,
2344 rule_set->req_add[cur_idx])) < 0)
2345 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01002346 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002347
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002348 /* check if stats URI was requested, and if an auth is needed */
Willy Tarreau0214c3a2007-01-07 13:47:30 +01002349 if (rule_set->uri_auth != NULL &&
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002350 (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002351 /* we have to check the URI and auth for this request.
2352 * FIXME!!! that one is rather dangerous, we want to
Willy Tarreau2df28e82008-08-17 15:20:19 +02002353 * make it follow standard rules (eg: clear req->analysers).
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002354 */
Willy Tarreaub2513902006-12-17 14:52:38 +01002355 if (stats_check_uri_auth(t, rule_set))
2356 return 1;
2357 }
2358
Willy Tarreau55ea7572007-06-17 19:56:27 +02002359 /* now check whether we have some switching rules for this request */
2360 if (!(t->flags & SN_BE_ASSIGNED)) {
2361 struct switching_rule *rule;
2362
2363 list_for_each_entry(rule, &cur_proxy->switching_rules, list) {
2364 int ret;
2365
2366 ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002367
2368 ret = acl_pass(ret);
Willy Tarreaua8cfa342008-07-09 11:23:31 +02002369 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreau55ea7572007-06-17 19:56:27 +02002370 ret = !ret;
2371
2372 if (ret) {
2373 t->be = rule->be.backend;
2374 t->be->beconn++;
2375 if (t->be->beconn > t->be->beconn_max)
2376 t->be->beconn_max = t->be->beconn;
2377 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002378
2379 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002380 t->rep->rto = t->req->wto = t->be->timeout.server;
2381 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002382 t->conn_retries = t->be->conn_retries;
Willy Tarreau55ea7572007-06-17 19:56:27 +02002383 t->flags |= SN_BE_ASSIGNED;
2384 break;
2385 }
2386 }
2387 }
2388
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002389 if (!(t->flags & SN_BE_ASSIGNED) && cur_proxy->defbe.be) {
2390 /* No backend was set, but there was a default
2391 * backend set in the frontend, so we use it and
2392 * loop again.
2393 */
2394 t->be = cur_proxy->defbe.be;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002395 t->be->beconn++;
2396 if (t->be->beconn > t->be->beconn_max)
2397 t->be->beconn_max = t->be->beconn;
2398 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002399
2400 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002401 t->rep->rto = t->req->wto = t->be->timeout.server;
2402 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002403 t->conn_retries = t->be->conn_retries;
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002404 t->flags |= SN_BE_ASSIGNED;
2405 }
2406 } while (t->be != cur_proxy); /* we loop only if t->be has changed */
Willy Tarreau2a324282006-12-05 00:05:46 +01002407
Willy Tarreau58f10d72006-12-04 02:26:12 +01002408
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002409 if (!(t->flags & SN_BE_ASSIGNED)) {
2410 /* To ensure correct connection accounting on
2411 * the backend, we count the connection for the
2412 * one managing the queue.
2413 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002414 t->be->beconn++;
2415 if (t->be->beconn > t->be->beconn_max)
2416 t->be->beconn_max = t->be->beconn;
2417 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002418 t->flags |= SN_BE_ASSIGNED;
2419 }
2420
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002421 /*
2422 * Right now, we know that we have processed the entire headers
Willy Tarreau2a324282006-12-05 00:05:46 +01002423 * and that unwanted requests have been filtered out. We can do
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002424 * whatever we want with the remaining request. Also, now we
Willy Tarreau830ff452006-12-17 19:31:23 +01002425 * may have separate values for ->fe, ->be.
Willy Tarreau2a324282006-12-05 00:05:46 +01002426 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002427
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01002428 /*
2429 * If HTTP PROXY is set we simply get remote server address
2430 * parsing incoming request.
2431 */
2432 if ((t->be->options & PR_O_HTTP_PROXY) && !(t->flags & SN_ADDR_SET)) {
2433 url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &t->srv_addr);
2434 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002435
Willy Tarreau2a324282006-12-05 00:05:46 +01002436 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002437 * 7: the appsession cookie was looked up very early in 1.2,
Willy Tarreau06619262006-12-17 08:37:22 +01002438 * so let's do the same now.
2439 */
2440
2441 /* It needs to look into the URI */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002442 if (t->be->appsession_name) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002443 get_srv_from_appsession(t, &req->data[msg->som], msg->sl.rq.l);
Willy Tarreau06619262006-12-17 08:37:22 +01002444 }
2445
2446
2447 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002448 * 8: Now we can work with the cookies.
Willy Tarreau2a324282006-12-05 00:05:46 +01002449 * Note that doing so might move headers in the request, but
2450 * the fields will stay coherent and the URI will not move.
Willy Tarreau06619262006-12-17 08:37:22 +01002451 * This should only be performed in the backend.
Willy Tarreau2a324282006-12-05 00:05:46 +01002452 */
Willy Tarreau396d2c62007-11-04 19:30:00 +01002453 if ((t->be->cookie_name || t->be->appsession_name || t->be->capture_name)
2454 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
Willy Tarreau2a324282006-12-05 00:05:46 +01002455 manage_client_side_cookies(t, req);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002456
Willy Tarreau58f10d72006-12-04 02:26:12 +01002457
Willy Tarreau2a324282006-12-05 00:05:46 +01002458 /*
Willy Tarreaubb046ac2007-03-03 19:17:03 +01002459 * 9: add X-Forwarded-For if either the frontend or the backend
2460 * asks for it.
Willy Tarreau2a324282006-12-05 00:05:46 +01002461 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002462 if ((t->fe->options | t->be->options) & PR_O_FWDFOR) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002463 if (t->cli_addr.ss_family == AF_INET) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002464 /* Add an X-Forwarded-For header unless the source IP is
2465 * in the 'except' network range.
2466 */
2467 if ((!t->fe->except_mask.s_addr ||
2468 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->fe->except_mask.s_addr)
2469 != t->fe->except_net.s_addr) &&
2470 (!t->be->except_mask.s_addr ||
2471 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->be->except_mask.s_addr)
2472 != t->be->except_net.s_addr)) {
2473 int len;
2474 unsigned char *pn;
2475 pn = (unsigned char *)&((struct sockaddr_in *)&t->cli_addr)->sin_addr;
Willy Tarreau45e73e32006-12-17 00:05:15 +01002476
Ross Westaf72a1d2008-08-03 10:51:45 +02002477 /* Note: we rely on the backend to get the header name to be used for
2478 * x-forwarded-for, because the header is really meant for the backends.
2479 * However, if the backend did not specify any option, we have to rely
2480 * on the frontend's header name.
2481 */
2482 if (t->be->fwdfor_hdr_len) {
2483 len = t->be->fwdfor_hdr_len;
2484 memcpy(trash, t->be->fwdfor_hdr_name, len);
2485 } else {
2486 len = t->fe->fwdfor_hdr_len;
2487 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2488 }
2489 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002490
Ross Westaf72a1d2008-08-03 10:51:45 +02002491 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002492 &txn->hdr_idx, trash, len)) < 0)
2493 goto return_bad_req;
2494 }
Willy Tarreau2a324282006-12-05 00:05:46 +01002495 }
2496 else if (t->cli_addr.ss_family == AF_INET6) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002497 /* FIXME: for the sake of completeness, we should also support
2498 * 'except' here, although it is mostly useless in this case.
2499 */
Willy Tarreau2a324282006-12-05 00:05:46 +01002500 int len;
2501 char pn[INET6_ADDRSTRLEN];
2502 inet_ntop(AF_INET6,
2503 (const void *)&((struct sockaddr_in6 *)(&t->cli_addr))->sin6_addr,
2504 pn, sizeof(pn));
Ross Westaf72a1d2008-08-03 10:51:45 +02002505
2506 /* Note: we rely on the backend to get the header name to be used for
2507 * x-forwarded-for, because the header is really meant for the backends.
2508 * However, if the backend did not specify any option, we have to rely
2509 * on the frontend's header name.
2510 */
2511 if (t->be->fwdfor_hdr_len) {
2512 len = t->be->fwdfor_hdr_len;
2513 memcpy(trash, t->be->fwdfor_hdr_name, len);
2514 } else {
2515 len = t->fe->fwdfor_hdr_len;
2516 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2517 }
2518 len += sprintf(trash + len, ": %s", pn);
2519
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002520 if (unlikely(http_header_add_tail2(req, &txn->req,
2521 &txn->hdr_idx, trash, len)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002522 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01002523 }
2524 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002525
Willy Tarreau2a324282006-12-05 00:05:46 +01002526 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002527 * 10: add "Connection: close" if needed and not yet set.
Willy Tarreau2807efd2007-03-25 23:47:23 +02002528 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaub2513902006-12-17 14:52:38 +01002529 */
Willy Tarreau2807efd2007-03-25 23:47:23 +02002530 if (!(t->flags & SN_CONN_CLOSED) &&
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002531 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
Willy Tarreau2807efd2007-03-25 23:47:23 +02002532 if ((unlikely(msg->sl.rq.v_l != 8) ||
2533 unlikely(req->data[msg->som + msg->sl.rq.v + 7] != '0')) &&
2534 unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx,
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002535 "Connection: close", 17)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002536 goto return_bad_req;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002537 t->flags |= SN_CONN_CLOSED;
Willy Tarreaue15d9132006-12-14 22:26:42 +01002538 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002539 /* Before we switch to data, was assignment set in manage_client_side_cookie?
2540 * If not assigned, perhaps we are balancing on url_param, but this is a
2541 * POST; and the parameters are in the body, maybe scan there to find our server.
2542 * (unless headers overflowed the buffer?)
2543 */
2544 if (!(t->flags & (SN_ASSIGNED|SN_DIRECT)) &&
2545 t->txn.meth == HTTP_METH_POST && t->be->url_param_name != NULL &&
Willy Tarreaue393fe22008-08-16 22:18:07 +02002546 t->be->url_param_post_limit != 0 && !(req->flags & BF_FULL) &&
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002547 memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
2548 /* are there enough bytes here? total == l || r || rlim ?
2549 * len is unsigned, but eoh is int,
2550 * how many bytes of body have we received?
2551 * eoh is the first empty line of the header
2552 */
2553 /* already established CRLF or LF at eoh, move to start of message, find message length in buffer */
Willy Tarreaufb0528b2008-08-11 00:21:56 +02002554 unsigned long len = req->l - (msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002555
2556 /* If we have HTTP/1.1 and Expect: 100-continue, then abort.
2557 * We can't assume responsibility for the server's decision,
2558 * on this URI and header set. See rfc2616: 14.20, 8.2.3,
2559 * We also can't change our mind later, about which server to choose, so round robin.
2560 */
2561 if ((likely(msg->sl.rq.v_l == 8) && req->data[msg->som + msg->sl.rq.v + 7] == '1')) {
2562 struct hdr_ctx ctx;
2563 ctx.idx = 0;
2564 /* Expect is allowed in 1.1, look for it */
2565 http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx);
2566 if (ctx.idx != 0 &&
Willy Tarreauadfb8562008-08-11 15:24:42 +02002567 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002568 /* We can't reliablly stall and wait for data, because of
2569 * .NET clients that don't conform to rfc2616; so, no need for
2570 * the next block to check length expectations.
2571 * We could send 100 status back to the client, but then we need to
2572 * re-write headers, and send the message. And this isn't the right
2573 * place for that action.
2574 * TODO: support Expect elsewhere and delete this block.
2575 */
2576 goto end_check_maybe_wait_for_body;
2577 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002578
2579 if (likely(len > t->be->url_param_post_limit)) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002580 /* nothing to do, we got enough */
2581 } else {
2582 /* limit implies we are supposed to need this many bytes
2583 * to find the parameter. Let's see how many bytes we can wait for.
2584 */
2585 long long hint = len;
2586 struct hdr_ctx ctx;
2587 ctx.idx = 0;
2588 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx);
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002589 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02002590 buffer_write_dis(req);
Willy Tarreau2df28e82008-08-17 15:20:19 +02002591 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002592 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002593 else {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002594 ctx.idx = 0;
2595 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx);
2596 /* now if we have a length, we'll take the hint */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002597 if (ctx.idx) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002598 /* We have Content-Length */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002599 if (strl2llrc(ctx.line+ctx.val,ctx.vlen, &hint))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002600 hint = 0; /* parse failure, untrusted client */
2601 else {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002602 if (hint > 0)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002603 msg->hdr_content_len = hint;
2604 else
2605 hint = 0; /* bad client, sent negative length */
2606 }
2607 }
2608 /* but limited to what we care about, maybe we don't expect any entity data (hint == 0) */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002609 if (t->be->url_param_post_limit < hint)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002610 hint = t->be->url_param_post_limit;
2611 /* now do we really need to buffer more data? */
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002612 if (len < hint) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02002613 buffer_write_dis(req);
Willy Tarreau2df28e82008-08-17 15:20:19 +02002614 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002615 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002616 /* else... There are no body bytes to wait for */
2617 }
2618 }
2619 }
2620 end_check_maybe_wait_for_body:
Willy Tarreaubaaee002006-06-26 02:48:02 +02002621
Willy Tarreau2a324282006-12-05 00:05:46 +01002622 /*************************************************************
2623 * OK, that's finished for the headers. We have done what we *
2624 * could. Let's switch to the DATA state. *
2625 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02002626
Willy Tarreaue393fe22008-08-16 22:18:07 +02002627 buffer_set_rlim(req, BUFSIZE); /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02002628 t->logs.tv_request = now;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002629
Willy Tarreau1fa31262007-12-03 00:36:16 +01002630 /* When a connection is tarpitted, we use the tarpit timeout,
2631 * which may be the same as the connect timeout if unspecified.
2632 * If unset, then set it to zero because we really want it to
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002633 * eventually expire. We build the tarpit as an analyser.
Willy Tarreau2a324282006-12-05 00:05:46 +01002634 */
Willy Tarreau3d300592007-03-18 18:34:41 +01002635 if (txn->flags & TX_CLTARPIT) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02002636 buffer_flush(t->req);
Willy Tarreau2a324282006-12-05 00:05:46 +01002637 /* flush the request so that we can drop the connection early
2638 * if the client closes first.
2639 */
Willy Tarreau3da77c52008-08-29 09:58:42 +02002640 buffer_write_dis(req);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002641 req->analysers |= AN_REQ_HTTP_TARPIT;
2642 req->analyse_exp = tick_add_ifset(now_ms, t->be->timeout.tarpit);
2643 if (!req->analyse_exp)
2644 req->analyse_exp = now_ms;
Willy Tarreau2a324282006-12-05 00:05:46 +01002645 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002646
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002647 /* OK let's go on with the BODY now */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002648 goto end_of_headers;
Willy Tarreau06619262006-12-17 08:37:22 +01002649
2650 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002651 txn->req.msg_state = HTTP_MSG_ERROR;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002652 txn->status = 400;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002653 req->analysers = 0;
Willy Tarreau80587432006-12-24 17:47:20 +01002654 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01002655 t->fe->failed_req++;
Willy Tarreau06619262006-12-17 08:37:22 +01002656 return_prx_cond:
2657 if (!(t->flags & SN_ERR_MASK))
2658 t->flags |= SN_ERR_PRXCOND;
2659 if (!(t->flags & SN_FINST_MASK))
2660 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002661 return 0;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002662 end_of_headers:
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002663 ; // to keep gcc happy
Willy Tarreauadfb8562008-08-11 15:24:42 +02002664 }
2665
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002666 if (req->analysers & AN_REQ_HTTP_TARPIT) {
2667 struct http_txn *txn = &t->txn;
2668
2669 /* This connection is being tarpitted. The CLIENT side has
2670 * already set the connect expiration date to the right
2671 * timeout. We just have to check that the client is still
2672 * there and that the timeout has not expired.
2673 */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002674 if ((req->flags & (BF_SHUTR|BF_READ_ERROR)) == 0 &&
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002675 !tick_is_expired(req->analyse_exp, now_ms))
2676 return 0;
2677
2678 /* We will set the queue timer to the time spent, just for
2679 * logging purposes. We fake a 500 server error, so that the
2680 * attacker will not suspect his connection has been tarpitted.
2681 * It will not cause trouble to the logs because we can exclude
2682 * the tarpitted connections by filtering on the 'PT' status flags.
2683 */
2684 trace_term(t, TT_HTTP_SRV_2);
2685 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
2686
2687 txn->status = 500;
2688 if (req->flags != BF_READ_ERROR)
2689 client_retnclose(t, error_message(t, HTTP_ERR_500));
2690
2691 req->analysers = 0;
2692 req->analyse_exp = TICK_ETERNITY;
2693
2694 t->fe->failed_req++;
2695 if (!(t->flags & SN_ERR_MASK))
2696 t->flags |= SN_ERR_PRXCOND;
2697 if (!(t->flags & SN_FINST_MASK))
2698 t->flags |= SN_FINST_T;
2699 return 0;
2700 }
2701
Willy Tarreau2df28e82008-08-17 15:20:19 +02002702 if (req->analysers & AN_REQ_HTTP_BODY) {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002703 /* We have to parse the HTTP request body to find any required data.
2704 * "balance url_param check_post" should have been the only way to get
2705 * into this. We were brought here after HTTP header analysis, so all
2706 * related structures are ready.
2707 */
2708 struct http_msg *msg = &t->txn.req;
2709 unsigned long body = msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1;
2710 long long limit = t->be->url_param_post_limit;
2711 struct hdr_ctx ctx;
2712
2713 ctx.idx = 0;
2714
2715 /* now if we have a length, we'll take the hint */
2716 http_find_header2("Transfer-Encoding", 17, msg->sol, &t->txn.hdr_idx, &ctx);
2717 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
2718 unsigned int chunk = 0;
2719 while (body < req->l && !HTTP_IS_CRLF(msg->sol[body])) {
2720 char c = msg->sol[body];
2721 if (ishex(c)) {
2722 unsigned int hex = toupper(c) - '0';
2723 if (hex > 9)
2724 hex -= 'A' - '9' - 1;
2725 chunk = (chunk << 4) | hex;
2726 } else
2727 break;
2728 body++;
2729 }
2730 if (body + 2 >= req->l) /* we want CRLF too */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002731 goto http_body_end; /* end of buffer? data missing! */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002732
2733 if (memcmp(msg->sol+body, "\r\n", 2) != 0)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002734 goto http_body_end; /* chunked encoding len ends with CRLF, and we don't have it yet */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002735
2736 body += 2; // skip CRLF
2737
2738 /* if we support more then one chunk here, we have to do it again when assigning server
2739 * 1. how much entity data do we have? new var
2740 * 2. should save entity_start, entity_cursor, elen & rlen in req; so we don't repeat scanning here
2741 * 3. test if elen > limit, or set new limit to elen if 0 (end of entity found)
2742 */
2743
2744 if (chunk < limit)
2745 limit = chunk; /* only reading one chunk */
2746 } else {
2747 if (msg->hdr_content_len < limit)
2748 limit = msg->hdr_content_len;
2749 }
2750
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002751 http_body_end:
2752 /* we leave once we know we have nothing left to do. This means that we have
2753 * enough bytes, or that we know we'll not get any more (buffer full, read
2754 * buffer closed).
2755 */
2756 if (req->l - body >= limit || /* enough bytes! */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002757 req->flags & (BF_FULL | BF_READ_ERROR | BF_SHUTR | BF_READ_TIMEOUT) ||
Willy Tarreauc52164a2008-08-17 19:17:57 +02002758 tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002759 /* The situation will not evolve, so let's give up on the analysis. */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002760 t->logs.tv_request = now; /* update the request timer to reflect full request */
Willy Tarreau2df28e82008-08-17 15:20:19 +02002761 req->analysers &= ~AN_REQ_HTTP_BODY;
Willy Tarreauffab5b42008-08-17 18:03:28 +02002762 req->analyse_exp = TICK_ETERNITY;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002763 }
Willy Tarreauc52164a2008-08-17 19:17:57 +02002764 else {
2765 /* Not enough data. We'll re-use the http-request
2766 * timeout here. Ideally, we should set the timeout
2767 * relative to the accept() date. We just set the
2768 * request timeout once at the beginning of the
2769 * request.
2770 */
Willy Tarreau3da77c52008-08-29 09:58:42 +02002771 buffer_write_dis(req);
Willy Tarreauc52164a2008-08-17 19:17:57 +02002772 if (!tick_isset(req->analyse_exp))
2773 req->analyse_exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
2774 return 0;
2775 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002776 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002777
Willy Tarreau2df28e82008-08-17 15:20:19 +02002778 /* Note: eventhough nobody should set an unknown flag, clearing them right now will
2779 * probably reduce one day's debugging session.
2780 */
2781#ifdef DEBUG_DEV
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002782 if (req->analysers & ~(AN_REQ_INSPECT | AN_REQ_HTTP_HDR | AN_REQ_HTTP_TARPIT | AN_REQ_HTTP_BODY)) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02002783 fprintf(stderr, "FIXME !!!! unknown analysers flags %s:%d = 0x%08X\n",
2784 __FILE__, __LINE__, req->analysers);
2785 ABORT_NOW();
2786 }
2787#endif
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002788 req->analysers &= AN_REQ_INSPECT | AN_REQ_HTTP_HDR | AN_REQ_HTTP_TARPIT | AN_REQ_HTTP_BODY;
Willy Tarreaudafde432008-08-17 01:00:46 +02002789 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002790}
Willy Tarreauadfb8562008-08-11 15:24:42 +02002791
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002792/* This function performs all the processing enabled for the current response.
Willy Tarreaudafde432008-08-17 01:00:46 +02002793 * It normally returns zero, but may return 1 if it absolutely needs to be
2794 * called again after other functions. It relies on buffers flags, and updates
Willy Tarreau2df28e82008-08-17 15:20:19 +02002795 * t->rep->analysers. It might make sense to explode it into several other
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002796 * functions. It works like process_request (see indications above).
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002797 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002798int process_response(struct session *t)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002799{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002800 struct http_txn *txn = &t->txn;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002801 struct buffer *req = t->req;
2802 struct buffer *rep = t->rep;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002803
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02002804 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002805 now_ms, __FUNCTION__,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02002806 t,
2807 rep,
2808 rep->rex, rep->wex,
2809 rep->flags,
2810 rep->l,
2811 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002812
Willy Tarreau2df28e82008-08-17 15:20:19 +02002813 if (rep->analysers & AN_RTR_HTTP_HDR) { /* receiving server headers */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002814 /*
2815 * Now parse the partial (or complete) lines.
2816 * We will check the response syntax, and also join multi-line
2817 * headers. An index of all the lines will be elaborated while
2818 * parsing.
2819 *
2820 * For the parsing, we use a 28 states FSM.
2821 *
2822 * Here is the information we currently have :
Willy Tarreaue393fe22008-08-16 22:18:07 +02002823 * rep->data + rep->som = beginning of response
2824 * rep->data + rep->eoh = end of processed headers / start of current one
2825 * rep->data + rep->eol = end of current header or line (LF or CRLF)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002826 * rep->lr = first non-visited byte
2827 * rep->r = end of data
2828 */
Willy Tarreau7f875f62008-08-11 17:35:01 +02002829
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002830 int cur_idx;
2831 struct http_msg *msg = &txn->rsp;
2832 struct proxy *cur_proxy;
2833
2834 if (likely(rep->lr < rep->r))
2835 http_msg_analyzer(rep, msg, &txn->hdr_idx);
2836
2837 /* 1: we might have to print this header in debug mode */
2838 if (unlikely((global.mode & MODE_DEBUG) &&
2839 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
2840 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
2841 char *eol, *sol;
2842
2843 sol = rep->data + msg->som;
2844 eol = sol + msg->sl.rq.l;
2845 debug_hdr("srvrep", t, sol, eol);
2846
2847 sol += hdr_idx_first_pos(&txn->hdr_idx);
2848 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
2849
2850 while (cur_idx) {
2851 eol = sol + txn->hdr_idx.v[cur_idx].len;
2852 debug_hdr("srvhdr", t, sol, eol);
2853 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2854 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002855 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002856 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002857
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002858 /*
2859 * Now we quickly check if we have found a full valid response.
2860 * If not so, we check the FD and buffer states before leaving.
2861 * A full response is indicated by the fact that we have seen
2862 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
2863 * responses are checked first.
2864 *
2865 * Depending on whether the client is still there or not, we
2866 * may send an error response back or not. Note that normally
2867 * we should only check for HTTP status there, and check I/O
2868 * errors somewhere else.
2869 */
2870
2871 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002872 /* Invalid response */
2873 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
2874 hdr_response_bad:
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002875 //buffer_shutr(rep);
2876 //buffer_shutw(req);
2877 //fd_delete(req->cons->fd);
2878 //req->cons->state = SI_ST_CLO;
2879 buffer_shutr_now(rep);
2880 buffer_shutw_now(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002881 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002882 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002883 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002884 //sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002885 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002886 t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002887 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002888 txn->status = 502;
2889 client_return(t, error_message(t, HTTP_ERR_502));
2890 if (!(t->flags & SN_ERR_MASK))
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002891 t->flags |= SN_ERR_PRXCOND;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002892 if (!(t->flags & SN_FINST_MASK))
2893 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002894
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002895 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2896 // process_srv_queue(t->srv);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002897
Willy Tarreaudafde432008-08-17 01:00:46 +02002898 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002899 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002900 /* too large response does not fit in buffer. */
2901 else if (rep->flags & BF_FULL) {
2902 goto hdr_response_bad;
2903 }
2904 /* read error */
2905 else if (rep->flags & BF_READ_ERROR) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002906 buffer_shutr_now(rep);
2907 buffer_shutw_now(req);
2908 //fd_delete(req->cons->fd);
2909 //req->cons->state = SI_ST_CLO;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002910 //if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002911 //t->srv->cur_sess--;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002912 //t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002913 //sess_change_server(t, NULL);
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002914 //}
2915 //t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002916 rep->analysers = 0;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002917 txn->status = 502;
2918 client_return(t, error_message(t, HTTP_ERR_502));
2919 if (!(t->flags & SN_ERR_MASK))
2920 t->flags |= SN_ERR_SRVCL;
2921 if (!(t->flags & SN_FINST_MASK))
2922 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002923
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002924 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2925 // process_srv_queue(t->srv);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002926
Willy Tarreaudafde432008-08-17 01:00:46 +02002927 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002928 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002929 /* read timeout : return a 504 to the client. */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002930 else if (rep->flags & BF_READ_TIMEOUT) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002931 buffer_shutr_now(rep);
2932 buffer_shutw_now(req);
2933 //fd_delete(req->cons->fd);
2934 //req->cons->state = SI_ST_CLO;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002935 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002936 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002937 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002938 //sess_change_server(t, NULL);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002939 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002940 t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002941 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002942 txn->status = 504;
2943 client_return(t, error_message(t, HTTP_ERR_504));
2944 if (!(t->flags & SN_ERR_MASK))
2945 t->flags |= SN_ERR_SRVTO;
2946 if (!(t->flags & SN_FINST_MASK))
2947 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002948
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002949 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2950 // process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02002951 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002952 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002953 /* write error to client, or close from server */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002954 else if (rep->flags & (BF_WRITE_ERROR|BF_SHUTR)) {
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002955 buffer_shutr_now(rep);
2956 buffer_shutw_now(req);
2957 //fd_delete(req->cons->fd);
2958 //req->cons->state = SI_ST_CLO;
2959 if (t->srv) {
2960 //t->srv->cur_sess--;
2961 t->srv->failed_resp++;
2962 //sess_change_server(t, NULL);
2963 }
2964 t->be->failed_resp++;
2965 rep->analysers = 0;
2966 txn->status = 502;
2967 client_return(t, error_message(t, HTTP_ERR_502));
2968 if (!(t->flags & SN_ERR_MASK))
2969 t->flags |= SN_ERR_SRVCL;
2970 if (!(t->flags & SN_FINST_MASK))
2971 t->flags |= SN_FINST_H;
2972
2973 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2974 // process_srv_queue(t->srv);
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002975
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002976 return 0;
2977 }
Willy Tarreau3da77c52008-08-29 09:58:42 +02002978 buffer_write_dis(rep);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002979 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002980 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002981
Willy Tarreau21d2af32008-02-14 20:25:24 +01002982
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002983 /*****************************************************************
2984 * More interesting part now : we know that we have a complete *
2985 * response which at least looks like HTTP. We have an indicator *
2986 * of each header's length, so we can parse them quickly. *
2987 ****************************************************************/
Willy Tarreau21d2af32008-02-14 20:25:24 +01002988
Willy Tarreau2df28e82008-08-17 15:20:19 +02002989 rep->analysers &= ~AN_RTR_HTTP_HDR;
Willy Tarreaua7c52762008-08-16 18:40:18 +02002990
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002991 /* ensure we keep this pointer to the beginning of the message */
2992 msg->sol = rep->data + msg->som;
Willy Tarreau21d2af32008-02-14 20:25:24 +01002993
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002994 /*
2995 * 1: get the status code and check for cacheability.
2996 */
Willy Tarreau21d2af32008-02-14 20:25:24 +01002997
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002998 t->logs.logwait &= ~LW_RESP;
2999 txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreau21d2af32008-02-14 20:25:24 +01003000
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003001 switch (txn->status) {
3002 case 200:
3003 case 203:
3004 case 206:
3005 case 300:
3006 case 301:
3007 case 410:
3008 /* RFC2616 @13.4:
3009 * "A response received with a status code of
3010 * 200, 203, 206, 300, 301 or 410 MAY be stored
3011 * by a cache (...) unless a cache-control
3012 * directive prohibits caching."
3013 *
3014 * RFC2616 @9.5: POST method :
3015 * "Responses to this method are not cacheable,
3016 * unless the response includes appropriate
3017 * Cache-Control or Expires header fields."
3018 */
3019 if (likely(txn->meth != HTTP_METH_POST) &&
3020 (t->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
3021 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
3022 break;
3023 default:
3024 break;
3025 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003026
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003027 /*
3028 * 2: we may need to capture headers
3029 */
3030 if (unlikely((t->logs.logwait & LW_RSPHDR) && t->fe->rsp_cap))
3031 capture_headers(rep->data + msg->som, &txn->hdr_idx,
3032 txn->rsp.cap, t->fe->rsp_cap);
3033
3034 /*
3035 * 3: we will have to evaluate the filters.
3036 * As opposed to version 1.2, now they will be evaluated in the
3037 * filters order and not in the header order. This means that
3038 * each filter has to be validated among all headers.
3039 *
3040 * Filters are tried with ->be first, then with ->fe if it is
3041 * different from ->be.
3042 */
3043
3044 t->flags &= ~SN_CONN_CLOSED; /* prepare for inspection */
3045
3046 cur_proxy = t->be;
3047 while (1) {
3048 struct proxy *rule_set = cur_proxy;
3049
3050 /* try headers filters */
3051 if (rule_set->rsp_exp != NULL) {
3052 if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) {
3053 return_bad_resp:
3054 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003055 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003056 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003057 //sess_change_server(t, NULL);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003058 }
3059 cur_proxy->failed_resp++;
3060 return_srv_prx_502:
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003061 buffer_shutr_now(rep);
3062 buffer_shutw_now(req);
3063 //fd_delete(req->cons->fd);
3064 //req->cons->state = SI_ST_CLO;
Willy Tarreau2df28e82008-08-17 15:20:19 +02003065 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003066 txn->status = 502;
3067 client_return(t, error_message(t, HTTP_ERR_502));
3068 if (!(t->flags & SN_ERR_MASK))
3069 t->flags |= SN_ERR_PRXCOND;
3070 if (!(t->flags & SN_FINST_MASK))
3071 t->flags |= SN_FINST_H;
3072 /* We used to have a free connection slot. Since we'll never use it,
3073 * we have to inform the server that it may be used by another session.
3074 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003075 //if (t->srv && may_dequeue_tasks(t->srv, cur_proxy))
3076 // process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02003077 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01003078 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003079 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003080
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003081 /* has the response been denied ? */
3082 if (txn->flags & TX_SVDENY) {
Willy Tarreauf899b942008-03-28 18:09:38 +01003083 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003084 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003085 t->srv->failed_secu++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003086 //sess_change_server(t, NULL);
Willy Tarreauf899b942008-03-28 18:09:38 +01003087 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003088 cur_proxy->denied_resp++;
3089 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01003090 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003091
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003092 /* We might have to check for "Connection:" */
3093 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
3094 !(t->flags & SN_CONN_CLOSED)) {
3095 char *cur_ptr, *cur_end, *cur_next;
3096 int cur_idx, old_idx, delta, val;
3097 struct hdr_idx_elem *cur_hdr;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003098
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003099 cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
3100 old_idx = 0;
Willy Tarreau541b5c22008-01-06 23:34:21 +01003101
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003102 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
3103 cur_hdr = &txn->hdr_idx.v[cur_idx];
3104 cur_ptr = cur_next;
3105 cur_end = cur_ptr + cur_hdr->len;
3106 cur_next = cur_end + cur_hdr->cr + 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003107
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003108 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
3109 if (val) {
3110 /* 3 possibilities :
3111 * - we have already set Connection: close,
3112 * so we remove this line.
3113 * - we have not yet set Connection: close,
3114 * but this line indicates close. We leave
3115 * it untouched and set the flag.
3116 * - we have not yet set Connection: close,
3117 * and this line indicates non-close. We
3118 * replace it.
3119 */
3120 if (t->flags & SN_CONN_CLOSED) {
3121 delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0);
3122 txn->rsp.eoh += delta;
3123 cur_next += delta;
3124 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
3125 txn->hdr_idx.used--;
3126 cur_hdr->len = 0;
3127 } else {
3128 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
3129 delta = buffer_replace2(rep, cur_ptr + val, cur_end,
3130 "close", 5);
3131 cur_next += delta;
3132 cur_hdr->len += delta;
3133 txn->rsp.eoh += delta;
3134 }
3135 t->flags |= SN_CONN_CLOSED;
3136 }
3137 }
3138 old_idx = cur_idx;
Willy Tarreau541b5c22008-01-06 23:34:21 +01003139 }
3140 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003141
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003142 /* add response headers from the rule sets in the same order */
3143 for (cur_idx = 0; cur_idx < rule_set->nb_rspadd; cur_idx++) {
3144 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx,
3145 rule_set->rsp_add[cur_idx])) < 0)
3146 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02003147 }
3148
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003149 /* check whether we're already working on the frontend */
3150 if (cur_proxy == t->fe)
3151 break;
3152 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003153 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003154
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003155 /*
3156 * 4: check for server cookie.
3157 */
3158 if (t->be->cookie_name || t->be->appsession_name || t->be->capture_name
3159 || (t->be->options & PR_O_CHK_CACHE))
3160 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003161
Willy Tarreaubaaee002006-06-26 02:48:02 +02003162
Willy Tarreaua15645d2007-03-18 16:22:39 +01003163 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003164 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003165 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003166 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
3167 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003168
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003169 /*
3170 * 6: add server cookie in the response if needed
3171 */
3172 if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) &&
3173 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) {
3174 int len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003175
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003176 /* the server is known, it's not the one the client requested, we have to
3177 * insert a set-cookie here, except if we want to insert only on POST
3178 * requests and this one isn't. Note that servers which don't have cookies
3179 * (eg: some backup servers) will return a full cookie removal request.
3180 */
3181 len = sprintf(trash, "Set-Cookie: %s=%s; path=/",
3182 t->be->cookie_name,
3183 t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
Willy Tarreaubaaee002006-06-26 02:48:02 +02003184
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003185 if (t->be->cookie_domain)
3186 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003187
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003188 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3189 trash, len)) < 0)
3190 goto return_bad_resp;
3191 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003192
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003193 /* Here, we will tell an eventual cache on the client side that we don't
3194 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
3195 * Some caches understand the correct form: 'no-cache="set-cookie"', but
3196 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
3197 */
3198 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02003199
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003200 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
3201
3202 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3203 "Cache-control: private", 22)) < 0)
3204 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003205 }
3206 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003207
Willy Tarreaubaaee002006-06-26 02:48:02 +02003208
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003209 /*
3210 * 7: check if result will be cacheable with a cookie.
3211 * We'll block the response if security checks have caught
3212 * nasty things such as a cacheable cookie.
3213 */
3214 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
3215 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
3216 (t->be->options & PR_O_CHK_CACHE)) {
3217
3218 /* we're in presence of a cacheable response containing
3219 * a set-cookie header. We'll block it as requested by
3220 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003221 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003222 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003223 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003224 t->srv->failed_secu++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003225 //sess_change_server(t, NULL);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003226 }
3227 t->be->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003228
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003229 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
3230 t->be->id, t->srv?t->srv->id:"<dispatch>");
3231 send_log(t->be, LOG_ALERT,
3232 "Blocking cacheable cookie in response from instance %s, server %s.\n",
3233 t->be->id, t->srv?t->srv->id:"<dispatch>");
3234 goto return_srv_prx_502;
3235 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003236
3237 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003238 * 8: add "Connection: close" if needed and not yet set.
3239 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003240 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003241 if (!(t->flags & SN_CONN_CLOSED) &&
3242 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
3243 if ((unlikely(msg->sl.st.v_l != 8) ||
3244 unlikely(req->data[msg->som + 7] != '0')) &&
3245 unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3246 "Connection: close", 17)) < 0)
3247 goto return_bad_resp;
3248 t->flags |= SN_CONN_CLOSED;
3249 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003250
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003251 /*************************************************************
3252 * OK, that's finished for the headers. We have done what we *
3253 * could. Let's switch to the DATA state. *
3254 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02003255
Willy Tarreaue393fe22008-08-16 22:18:07 +02003256 buffer_set_rlim(rep, BUFSIZE); /* no more rewrite needed */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003257 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003258
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003259#ifdef CONFIG_HAP_TCPSPLICE
3260 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3261 /* TCP splicing supported by both FE and BE */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003262 tcp_splice_splicefd(rep->cons->fd, rep->prod->fd, 0);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003263 }
3264#endif
3265 /* if the user wants to log as soon as possible, without counting
3266 * bytes from the server, then this is the right moment. We have
3267 * to temporarily assign bytes_out to log what we currently have.
3268 */
3269 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3270 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
3271 t->logs.bytes_out = txn->rsp.eoh;
3272 if (t->fe->to_log & LW_REQ)
3273 http_sess_log(t);
3274 else
3275 tcp_sess_log(t);
3276 t->logs.bytes_out = 0;
3277 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003278
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003279 /* Note: we must not try to cheat by jumping directly to DATA,
3280 * otherwise we would not let the client side wake up.
3281 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01003282
Willy Tarreaudafde432008-08-17 01:00:46 +02003283 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003284 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003285
Willy Tarreau2df28e82008-08-17 15:20:19 +02003286 /* Note: eventhough nobody should set an unknown flag, clearing them right now will
3287 * probably reduce one day's debugging session.
3288 */
3289#ifdef DEBUG_DEV
3290 if (rep->analysers & ~(AN_RTR_HTTP_HDR)) {
3291 fprintf(stderr, "FIXME !!!! unknown analysers flags %s:%d = 0x%08X\n",
3292 __FILE__, __LINE__, rep->analysers);
3293 ABORT_NOW();
3294 }
3295#endif
3296 rep->analysers &= AN_RTR_HTTP_HDR;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003297 return 0;
3298}
Willy Tarreaua15645d2007-03-18 16:22:39 +01003299
Willy Tarreauf9839bd2008-08-27 23:57:16 +02003300///*
3301// * Manages the client FSM and its socket. It normally returns zero, but may
3302// * return 1 if it absolutely wants to be called again.
3303// *
3304// * Note: process_cli is the ONLY function allowed to set cli_state to anything
3305// * but CL_STCLOSE.
3306// */
3307//int process_cli(struct session *t)
3308//{
3309// struct buffer *req = t->req;
3310// struct buffer *rep = t->rep;
3311//
3312// DPRINTF(stderr,"[%u] %s: fd=%d[%d] c=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3313// now_ms, __FUNCTION__,
3314// t->cli_fd, t->cli_fd >= 0 ? fdtab[t->cli_fd].state : 0, /* fd,state*/
3315// cli_stnames[t->cli_state],
3316// t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
3317// t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
3318// req->rex, rep->wex,
3319// req->flags, rep->flags,
3320// req->l, rep->l);
3321//
3322// update_state:
3323// /* FIXME: we still have to check for CL_STSHUTR because client_retnclose
3324// * still set this state (and will do until unix sockets are converted).
3325// */
3326// if (t->cli_state == CL_STDATA || t->cli_state == CL_STSHUTR) {
3327// /* we can skip most of the tests at once if some conditions are not met */
3328// if (!((fdtab[t->cli_fd].state == FD_STERROR) ||
3329// (req->flags & (BF_READ_TIMEOUT|BF_READ_ERROR|BF_SHUTR_NOW)) ||
3330// (rep->flags & (BF_WRITE_TIMEOUT|BF_WRITE_ERROR|BF_SHUTW_NOW)) ||
3331// (!(req->flags & BF_SHUTR) && req->flags & (BF_READ_NULL|BF_SHUTW)) ||
3332// (!(rep->flags & BF_SHUTW) &&
3333// (rep->flags & (BF_EMPTY|BF_MAY_FORWARD|BF_SHUTR)) == (BF_EMPTY|BF_MAY_FORWARD|BF_SHUTR))))
3334// goto update_timeouts;
3335//
3336// /* read or write error */
3337// if (fdtab[t->cli_fd].state == FD_STERROR) {
3338// buffer_shutr(req);
3339// req->flags |= BF_READ_ERROR;
3340// buffer_shutw(rep);
3341// rep->flags |= BF_WRITE_ERROR;
3342// fd_delete(t->cli_fd);
3343// t->cli_state = CL_STCLOSE;
3344// trace_term(t, TT_HTTP_CLI_1);
3345// if (!req->analysers) {
3346// if (!(t->flags & SN_ERR_MASK))
3347// t->flags |= SN_ERR_CLICL;
3348// if (!(t->flags & SN_FINST_MASK)) {
3349// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3350// t->flags |= SN_FINST_Q;
3351// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3352// t->flags |= SN_FINST_C;
3353// else
3354// t->flags |= SN_FINST_D;
3355// }
3356// }
3357// goto update_state;
3358// }
3359// /* last read, or end of server write */
3360// else if (!(req->flags & BF_SHUTR) && /* not already done */
3361// req->flags & (BF_READ_NULL|BF_SHUTR_NOW|BF_SHUTW)) {
3362// buffer_shutr(req);
3363// if (!(rep->flags & BF_SHUTW)) {
3364// EV_FD_CLR(t->cli_fd, DIR_RD);
3365// trace_term(t, TT_HTTP_CLI_2);
3366// } else {
3367// /* output was already closed */
3368// fd_delete(t->cli_fd);
3369// t->cli_state = CL_STCLOSE;
3370// trace_term(t, TT_HTTP_CLI_3);
3371// }
3372// goto update_state;
3373// }
3374// /* last server read and buffer empty : we only check them when we're
3375// * allowed to forward the data.
3376// */
3377// else if (!(rep->flags & BF_SHUTW) && /* not already done */
3378// ((rep->flags & BF_SHUTW_NOW) ||
3379// (rep->flags & BF_EMPTY && rep->flags & BF_MAY_FORWARD &&
3380// rep->flags & BF_SHUTR && !(t->flags & SN_SELF_GEN)))) {
3381// buffer_shutw(rep);
3382// if (!(req->flags & BF_SHUTR)) {
3383// EV_FD_CLR(t->cli_fd, DIR_WR);
3384// shutdown(t->cli_fd, SHUT_WR);
3385// trace_term(t, TT_HTTP_CLI_4);
3386// } else {
3387// fd_delete(t->cli_fd);
3388// t->cli_state = CL_STCLOSE;
3389// trace_term(t, TT_HTTP_CLI_5);
3390// }
3391// goto update_state;
3392// }
3393// /* read timeout */
3394// else if ((req->flags & (BF_SHUTR|BF_READ_TIMEOUT)) == BF_READ_TIMEOUT) {
3395// buffer_shutr(req);
3396// if (!(rep->flags & BF_SHUTW)) {
3397// EV_FD_CLR(t->cli_fd, DIR_RD);
3398// trace_term(t, TT_HTTP_CLI_6);
3399// } else {
3400// /* output was already closed */
3401// fd_delete(t->cli_fd);
3402// t->cli_state = CL_STCLOSE;
3403// trace_term(t, TT_HTTP_CLI_7);
3404// }
3405// if (!req->analysers) {
3406// if (!(t->flags & SN_ERR_MASK))
3407// t->flags |= SN_ERR_CLITO;
3408// if (!(t->flags & SN_FINST_MASK)) {
3409// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3410// t->flags |= SN_FINST_Q;
3411// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3412// t->flags |= SN_FINST_C;
3413// else
3414// t->flags |= SN_FINST_D;
3415// }
3416// }
3417// goto update_state;
3418// }
3419// /* write timeout */
3420// else if ((rep->flags & (BF_SHUTW|BF_WRITE_TIMEOUT)) == BF_WRITE_TIMEOUT) {
3421// buffer_shutw(rep);
3422// if (!(req->flags & BF_SHUTR)) {
3423// EV_FD_CLR(t->cli_fd, DIR_WR);
3424// shutdown(t->cli_fd, SHUT_WR);
3425// trace_term(t, TT_HTTP_CLI_8);
3426// } else {
3427// fd_delete(t->cli_fd);
3428// t->cli_state = CL_STCLOSE;
3429// trace_term(t, TT_HTTP_CLI_9);
3430// }
3431// if (!req->analysers) {
3432// if (!(t->flags & SN_ERR_MASK))
3433// t->flags |= SN_ERR_CLITO;
3434// if (!(t->flags & SN_FINST_MASK)) {
3435// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3436// t->flags |= SN_FINST_Q;
3437// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3438// t->flags |= SN_FINST_C;
3439// else
3440// t->flags |= SN_FINST_D;
3441// }
3442// }
3443// goto update_state;
3444// }
3445//
3446// update_timeouts:
3447// /* manage read timeout */
3448// if (!(req->flags & BF_SHUTR)) {
3449// if (req->flags & BF_FULL) {
3450// /* no room to read more data */
3451// if (EV_FD_COND_C(t->cli_fd, DIR_RD)) {
3452// /* stop reading until we get some space */
3453// req->rex = TICK_ETERNITY;
3454// }
3455// } else {
3456// EV_FD_COND_S(t->cli_fd, DIR_RD);
3457// req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
3458// }
3459// }
3460//
3461// /* manage write timeout */
3462// if (!(rep->flags & BF_SHUTW)) {
3463// /* first, we may have to produce data (eg: stats).
3464// * right now, this is limited to the SHUTR state.
3465// */
3466// if (req->flags & BF_SHUTR && t->flags & SN_SELF_GEN) {
3467// produce_content(t);
3468// if (rep->flags & BF_EMPTY) {
3469// buffer_shutw(rep);
3470// fd_delete(t->cli_fd);
3471// t->cli_state = CL_STCLOSE;
3472// trace_term(t, TT_HTTP_CLI_10);
3473// goto update_state;
3474// }
3475// }
3476//
3477// /* we don't enable client write if the buffer is empty, nor if the server has to analyze it */
3478// if ((rep->flags & (BF_EMPTY|BF_MAY_FORWARD)) != BF_MAY_FORWARD) {
3479// if (EV_FD_COND_C(t->cli_fd, DIR_WR)) {
3480// /* stop writing */
3481// rep->wex = TICK_ETERNITY;
3482// }
3483// } else {
3484// /* buffer not empty */
3485// EV_FD_COND_S(t->cli_fd, DIR_WR);
3486// if (!tick_isset(rep->wex)) {
3487// /* restart writing */
3488// rep->wex = tick_add_ifset(now_ms, t->fe->timeout.client);
3489// if (!(req->flags & BF_SHUTR) && tick_isset(rep->wex) && tick_isset(req->rex)) {
3490// /* FIXME: to prevent the client from expiring read timeouts during writes,
3491// * we refresh it, except if it was already infinite. */
3492// req->rex = rep->wex;
3493// }
3494// }
3495// }
3496// }
3497// return 0; /* other cases change nothing */
3498// }
3499// else if (t->cli_state == CL_STCLOSE) { /* CL_STCLOSE: nothing to do */
3500// if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3501// int len;
3502// len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n", t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)req->cons->fd);
3503// write(1, trash, len);
3504// }
3505// return 0;
3506// }
3507//#ifdef DEBUG_DEV
3508// fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->cli_state);
3509// ABORT_NOW();
3510//#endif
3511// return 0;
3512//}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003513
Willy Tarreaubaaee002006-06-26 02:48:02 +02003514
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003515/* Return 1 if the pending connection has failed and should be retried,
3516 * otherwise zero. We may only come here in SI_ST_CON state, which means that
3517 * the socket's file descriptor is known.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003518 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003519int tcp_connection_status(struct session *t)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003520{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003521 struct buffer *req = t->req;
3522 struct buffer *rep = t->rep;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003523 int conn_err = 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003524
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003525 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3526 now_ms, __FUNCTION__,
3527 cli_stnames[t->cli_state],
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003528 rep->rex, req->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003529 req->flags, rep->flags,
3530 req->l, rep->l);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003531
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003532 if ((req->flags & BF_SHUTW_NOW) ||
3533 (rep->flags & BF_SHUTW) ||
3534 ((req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
Willy Tarreau3da77c52008-08-29 09:58:42 +02003535 ((req->flags & BF_EMPTY && !(req->flags & BF_WRITE_ACTIVITY)) ||
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003536 t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
3537
3538 trace_term(t, TT_HTTP_SRV_5);
3539 req->wex = TICK_ETERNITY;
3540 fd_delete(req->cons->fd);
3541 if (t->srv) {
3542 t->srv->cur_sess--;
3543 sess_change_server(t, NULL);
3544 }
3545 /* note that this must not return any error because it would be able to
3546 * overwrite the client_retnclose() output.
3547 */
3548 //srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_C, 0, NULL);
3549
3550 // FIXME: should we set rep->MAY_FORWARD ?
3551 buffer_shutw(req);
3552 buffer_shutr(rep);
3553 req->cons->state = SI_ST_CLO;
3554 if (!req->cons->err_type)
3555 req->cons->err_type = SI_ET_CONN_ABRT;
3556 req->cons->err_loc = t->srv;
3557 return 0;
3558 }
3559
3560 /* check for timeouts and asynchronous connect errors */
3561 if (fdtab[req->cons->fd].state == FD_STERROR) {
3562 conn_err = SI_ET_CONN_ERR;
3563 if (!req->cons->err_type)
3564 req->cons->err_type = SI_ET_CONN_ERR;
3565 }
Willy Tarreau3da77c52008-08-29 09:58:42 +02003566 else if (!(req->flags & BF_WRITE_ACTIVITY)) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003567 /* nothing happened, maybe we timed out */
3568 if (tick_is_expired(req->wex, now_ms)) {
3569 conn_err = SI_ET_CONN_TO;
3570 if (!req->cons->err_type)
3571 req->cons->err_type = SI_ET_CONN_TO;
3572 }
3573 else
3574 return 0; /* let's wait a bit more */
3575 }
3576
3577 if (conn_err) {
3578 fd_delete(req->cons->fd);
3579 req->cons->state = SI_ST_CLO;
3580
3581 if (t->srv) {
3582 t->srv->cur_sess--;
3583 sess_change_server(t, NULL);
3584 req->cons->err_loc = t->srv;
3585 }
3586
3587 /* ensure that we have enough retries left */
3588 if (srv_count_retry_down(t, conn_err))
3589 return 0;
3590
3591 if (conn_err == SI_ET_CONN_ERR) {
3592 /* we encountered an immediate connection error, and we
3593 * will have to retry connecting to the same server, most
3594 * likely leading to the same result. To avoid this, we
3595 * fake a connection timeout to retry after a turn-around
3596 * time of 1 second. We will wait in the previous if block.
3597 */
3598 req->cons->state = SI_ST_TAR;
3599 req->wex = tick_add(now_ms, MS_TO_TICKS(1000));
3600 return 0;
3601 }
3602
3603 if (t->srv && t->conn_retries == 0 && t->be->options & PR_O_REDISP) {
3604 /* We're on our last chance, and the REDISP option was specified.
3605 * We will ignore cookie and force to balance or use the dispatcher.
3606 */
3607 /* let's try to offer this slot to anybody */
3608 if (may_dequeue_tasks(t->srv, t->be))
3609 process_srv_queue(t->srv);
3610
3611 /* it's left to the dispatcher to choose a server */
3612 t->flags &= ~(SN_DIRECT | SN_ASSIGNED | SN_ADDR_SET);
3613 t->prev_srv = t->srv;
3614 } else {
3615 /* we just want to retry */
3616 if (t->srv)
3617 t->srv->retries++;
3618 t->be->retries++;
3619
3620 /* Now we will try to either reconnect to the same server or
3621 * connect to another server. If the connection gets queued
3622 * because all servers are saturated, then we will go back to
3623 * the idle state where the buffer's consumer is marked as
3624 * unknown.
3625 */
3626 if (srv_retryable_connect(t)) {
3627 /* success or unrecoverable error */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003628 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003629 return 0;
3630 }
3631 }
3632
3633 /* We'll rely on the caller to try to get a connection again */
3634 return 1;
3635 }
3636 else {
3637 /* no error and write OK : connection succeeded */
3638 t->logs.t_connect = tv_ms_elapsed(&t->logs.tv_accept, &now);
3639 req->cons->state = SI_ST_EST;
3640 req->cons->err_type = SI_ET_NONE;
3641 req->cons->err_loc = NULL;
3642
3643 if (req->flags & BF_EMPTY) {
3644 EV_FD_CLR(req->cons->fd, DIR_WR);
3645 req->wex = TICK_ETERNITY;
3646 } else {
3647 EV_FD_SET(req->cons->fd, DIR_WR);
3648 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
3649 if (tick_isset(req->wex)) {
3650 /* FIXME: to prevent the server from expiring read timeouts during writes,
3651 * we refresh it. */
3652 rep->rex = req->wex;
3653 }
3654 }
3655
3656 if (t->be->mode == PR_MODE_TCP) { /* let's allow immediate data connection in this case */
3657 if (!(rep->flags & BF_HIJACK)) {
3658 EV_FD_SET(req->cons->fd, DIR_RD);
3659 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
3660 }
3661 buffer_set_rlim(rep, BUFSIZE); /* no rewrite needed */
3662
3663 /* if the user wants to log as soon as possible, without counting
3664 bytes from the server, then this is the right moment. */
3665 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3666 t->logs.t_close = t->logs.t_connect; /* to get a valid end date */
3667 tcp_sess_log(t);
3668 }
3669#ifdef CONFIG_HAP_TCPSPLICE
3670 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3671 /* TCP splicing supported by both FE and BE */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003672 tcp_splice_splicefd(req->prod->fd, req->cons->fd, 0);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003673 }
3674#endif
3675 }
3676 else {
3677 rep->analysers |= AN_RTR_HTTP_HDR;
3678 buffer_set_rlim(rep, BUFSIZE - MAXREWRITE); /* rewrite needed */
3679 t->txn.rsp.msg_state = HTTP_MSG_RPBEFORE;
3680 /* reset hdr_idx which was already initialized by the request.
3681 * right now, the http parser does it.
3682 * hdr_idx_init(&t->txn.hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003683 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003684 }
3685
3686 if (!rep->analysers)
Willy Tarreau3da77c52008-08-29 09:58:42 +02003687 buffer_write_ena(t->rep);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003688 req->wex = TICK_ETERNITY;
3689 return 0;
3690 }
3691}
3692
3693
3694/*
3695 * This function tries to assign a server to a stream_sock interface.
3696 * It may be called only for t->req->cons->state = one of { SI_ST_INI,
3697 * SI_ST_TAR, SI_ST_QUE }. It returns one of those states, SI_ST_ASS
3698 * in case of success, or SI_ST_CLO in case of failure. It returns 1 if
3699 * it returns SI_ST_ASS, otherwise zero.
3700 */
3701int stream_sock_assign_server(struct session *t)
3702{
3703 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3704 now_ms, __FUNCTION__,
3705 cli_stnames[t->cli_state],
3706 t->rep->rex, t->req->wex,
3707 t->req->flags, t->rep->flags,
3708 t->req->l, t->rep->l);
3709
3710 if (t->req->cons->state == SI_ST_TAR) {
3711 /* connection might be aborted */
3712 if ((t->req->flags & BF_SHUTW_NOW) ||
3713 (t->rep->flags & BF_SHUTW) ||
3714 ((t->req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
3715 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003716
Willy Tarreauf8533202008-08-16 14:55:08 +02003717 trace_term(t, TT_HTTP_SRV_1);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003718 t->req->wex = TICK_ETERNITY;
3719
3720 // FIXME: should we set rep->MAY_FORWARD ?
3721 buffer_shutr(t->rep);
3722 buffer_shutw(t->req);
3723 if (!t->req->cons->err_type)
3724 t->req->cons->err_type = SI_ET_CONN_ABRT;
3725 t->req->cons->state = SI_ST_CLO;
3726 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003727 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003728
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003729 if (!tick_is_expired(t->req->wex, now_ms))
3730 return 0; /* still in turn-around */
3731
3732 t->req->cons->state = SI_ST_INI;
3733 }
3734 else if (t->req->cons->state == SI_ST_QUE) {
3735 if (t->pend_pos) {
3736 /* request still in queue... */
3737 if (tick_is_expired(t->req->wex, now_ms)) {
3738 /* ... and timeout expired */
3739 trace_term(t, TT_HTTP_SRV_3);
3740 t->req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003741 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003742 if (t->srv)
3743 t->srv->failed_conns++;
3744 t->be->failed_conns++;
3745
3746 // FIXME: should we set rep->MAY_FORWARD ?
3747 buffer_shutr(t->rep);
3748 buffer_shutw(t->req);
3749 t->req->flags |= BF_WRITE_TIMEOUT;
3750 if (!t->req->cons->err_type)
3751 t->req->cons->err_type = SI_ET_QUEUE_TO;
3752 t->req->cons->state = SI_ST_CLO;
3753 return 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003754 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003755 /* connection remains in queue, check if we have to abort it */
3756 if ((t->req->flags & BF_SHUTW_NOW) ||
3757 (t->rep->flags & BF_SHUTW) ||
3758 ((t->req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
3759 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) {
3760 /* give up */
3761 trace_term(t, TT_HTTP_SRV_1);
3762 t->req->wex = TICK_ETERNITY;
3763 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003764
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003765 // FIXME: should we set rep->MAY_FORWARD ?
3766 buffer_shutr(t->rep);
3767 buffer_shutw(t->req);
3768 if (!t->req->cons->err_type)
3769 t->req->cons->err_type = SI_ET_QUEUE_ABRT;
3770 t->req->cons->state = SI_ST_CLO;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003771 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003772 return 0;
3773 }
3774 /* The connection is not in the queue anymore */
3775 t->req->cons->state = SI_ST_INI;
3776 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003777
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003778 /* we may get here from above */
3779 if (t->req->cons->state == SI_ST_INI) {
3780 /* no connection in progress, we have to get a new one */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003781
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003782 /* first, check if the connection has been aborted */
3783 if ((t->req->flags & BF_SHUTW_NOW) ||
3784 (t->rep->flags & BF_SHUTW) ||
3785 ((t->req->flags & BF_SHUTR) &&
3786 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003787
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003788 trace_term(t, TT_HTTP_SRV_1);
3789 t->req->wex = TICK_ETERNITY;
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003790
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003791 // FIXME: should we set rep->MAY_FORWARD ?
3792 buffer_shutr(t->rep);
3793 buffer_shutw(t->req);
3794 if (!t->req->cons->err_type)
3795 t->req->cons->err_type = SI_ET_CONN_ABRT;
3796 t->req->cons->state = SI_ST_CLO;
3797 return 0;
3798 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003799
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003800 /* try to get a server assigned */
3801 if (srv_redispatch_connect(t) != 0) {
3802 /* we did not get any server, let's check the cause */
3803 if (t->req->cons->state == SI_ST_QUE) {
3804 /* the connection was queued, that's OK */
3805 return 0;
3806 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003807
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003808 trace_term(t, TT_HTTP_SRV_2);
3809 t->req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003810
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003811 // FIXME: should we set rep->MAY_FORWARD ?
3812 buffer_shutr(t->rep);
3813 buffer_shutw(t->req);
3814 t->req->flags |= BF_WRITE_ERROR;
3815 if (!t->req->cons->err_type)
3816 t->req->cons->err_type = SI_ET_CONN_OTHER;
3817 t->req->cons->state = SI_ST_CLO;
3818 return 0;
3819 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003820
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003821 t->req->cons->state = SI_ST_ASS;
3822 /* Once the server is assigned, we have to return because
3823 * the caller might be interested in checking several
3824 * things before connecting.
3825 */
3826 return 1;
3827 }
3828 return 0;
3829}
Krzysztof Piotr Oledzkiefe3b6f2008-05-23 23:49:32 +02003830
Willy Tarreauf8533202008-08-16 14:55:08 +02003831
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003832/*
3833 * This function tries to establish a connection to an assigned server. It also
3834 * performs connection retries. It may only be called with t->req->cons->state
3835 * in { SI_ST_ASS, SI_ST_CON }. It may also set the state to SI_ST_INI,
3836 * SI_ST_EST, or SI_ST_CLO.
3837 */
3838int stream_sock_connect_server(struct session *t)
3839{
3840 if (t->req->cons->state == SI_ST_ASS) {
3841 /* server assigned to request, we have to try to connect now */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003842
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003843 if (!srv_retryable_connect(t)) {
3844 /* we need to redispatch */
3845 t->req->cons->state = SI_ST_INI;
3846 return 0;
3847 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003848
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003849 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3850 if (t->req->cons->state != SI_ST_CON) {
3851 /* it was an error */
3852 trace_term(t, TT_HTTP_SRV_4);
3853 t->req->wex = TICK_ETERNITY;
3854
3855 // FIXME: should we set rep->MAY_FORWARD ?
3856 buffer_shutr(t->rep);
3857 buffer_shutw(t->req);
3858 t->req->flags |= BF_WRITE_ERROR;
3859 if (!t->req->cons->err_type)
3860 t->req->cons->err_type = SI_ET_CONN_OTHER;
3861 t->req->cons->state = SI_ST_CLO;
3862 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003863 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003864 /* We have a socket and switched to SI_ST_CON */
3865 }
3866
3867 /* we may also get here from above */
3868 if (t->req->cons->state == SI_ST_CON) {
3869 /* connection in progress or just completed */
3870 if (!tcp_connection_status(t))
3871 return 0;
3872 }
3873 return 0;
3874}
3875
3876
3877/*
3878 * Tries to establish a connection to the server and associate it to the
3879 * request buffer's consumer side. It is assumed that this function will not be
Willy Tarreau3da77c52008-08-29 09:58:42 +02003880 * be called with SI_ST_EST nor with BF_WRITE_ENA cleared. It normally
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003881 * returns zero, but may return 1 if it absolutely wants to be called again.
3882 */
3883int process_srv_conn(struct session *t)
3884{
3885 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3886 now_ms, __FUNCTION__,
3887 cli_stnames[t->cli_state],
3888 t->rep->rex, t->req->wex,
3889 t->req->flags, t->rep->flags,
3890 t->req->l, t->rep->l);
3891
3892 do {
3893 if (t->req->cons->state == SI_ST_INI ||
3894 t->req->cons->state == SI_ST_TAR ||
3895 t->req->cons->state == SI_ST_QUE) {
3896 /* try to assign a server */
3897 if (!stream_sock_assign_server(t))
3898 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003899 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003900
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003901 if (t->req->cons->state == SI_ST_ASS &&
3902 t->srv && t->srv->rdr_len && t->flags & SN_REDIRECTABLE) {
3903 /* Server supporting redirection and it is possible.
3904 * Invalid requests are reported as such. It concerns all
3905 * the largest ones.
3906 */
3907 struct http_txn *txn = &t->txn;
3908 struct chunk rdr;
3909 char *path;
3910 int len;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003911
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003912 /* 1: create the response header */
3913 rdr.len = strlen(HTTP_302);
3914 rdr.str = trash;
3915 memcpy(rdr.str, HTTP_302, rdr.len);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003916
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003917 /* 2: add the server's prefix */
3918 if (rdr.len + t->srv->rdr_len > sizeof(trash))
3919 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003920
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003921 memcpy(rdr.str + rdr.len, t->srv->rdr_pfx, t->srv->rdr_len);
3922 rdr.len += t->srv->rdr_len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003923
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003924 /* 3: add the request URI */
3925 path = http_get_path(txn);
3926 if (!path)
3927 goto cancel_redir;
3928 len = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
3929 if (rdr.len + len > sizeof(trash) - 4) /* 4 for CRLF-CRLF */
3930 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003931
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003932 memcpy(rdr.str + rdr.len, path, len);
3933 rdr.len += len;
3934 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
3935 rdr.len += 4;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003936
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003937 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
3938 trace_term(t, TT_HTTP_SRV_3);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003939
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003940 /* FIXME: we should increase a counter of redirects per server and per backend. */
3941 if (t->srv)
3942 t->srv->cum_sess++;
3943
3944 t->req->cons->state = SI_ST_CLO;
3945 return 0;
3946 cancel_redir:
3947 //txn->status = 400;
3948 //t->fe->failed_req++;
3949 //srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C,
3950 // 400, error_message(t, HTTP_ERR_400));
3951 trace_term(t, TT_HTTP_SRV_4);
3952
3953 // FIXME: should we set rep->MAY_FORWARD ?
3954 buffer_shutw(t->req);
3955 buffer_shutr(t->rep);
3956 if (!t->req->cons->err_type)
3957 t->req->cons->err_type = SI_ET_CONN_OTHER;
3958 t->req->cons->state = SI_ST_CLO;
3959 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003960 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003961
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003962 if (t->req->cons->state == SI_ST_CON ||
3963 t->req->cons->state == SI_ST_ASS) {
3964 stream_sock_connect_server(t);
3965 }
3966 } while (t->req->cons->state != SI_ST_CLO &&
3967 t->req->cons->state != SI_ST_CON &&
3968 t->req->cons->state != SI_ST_EST);
3969 return 0;
3970}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003971
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003972
Willy Tarreaubaaee002006-06-26 02:48:02 +02003973/*
3974 * Produces data for the session <s> depending on its source. Expects to be
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003975 * called with client socket shut down on input. Right now, only statistics can
Willy Tarreau72b179a2008-08-28 16:01:32 +02003976 * be produced. It stops by itself by unsetting the BF_HIJACK flag from the
3977 * buffer, which it uses to keep on being called when there is free space in
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003978 * the buffer, or simply by letting an empty buffer upon return. It returns 1
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003979 * when it wants to stop sending data, otherwise 0.
Willy Tarreaubaaee002006-06-26 02:48:02 +02003980 */
3981int produce_content(struct session *s)
3982{
Willy Tarreaubaaee002006-06-26 02:48:02 +02003983 if (s->data_source == DATA_SRC_NONE) {
Willy Tarreau72b179a2008-08-28 16:01:32 +02003984 buffer_stop_hijack(s->rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003985 return 1;
3986 }
3987 else if (s->data_source == DATA_SRC_STATS) {
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003988 /* dump server statistics */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01003989 int ret = stats_dump_http(s, s->be->uri_auth);
Willy Tarreau91861262007-10-17 17:06:05 +02003990 if (ret >= 0)
3991 return ret;
3992 /* -1 indicates an error */
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003993 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003994
Willy Tarreau91861262007-10-17 17:06:05 +02003995 /* unknown data source or internal error */
3996 s->txn.status = 500;
3997 client_retnclose(s, error_message(s, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02003998 trace_term(s, TT_HTTP_CNT_1);
Willy Tarreau91861262007-10-17 17:06:05 +02003999 if (!(s->flags & SN_ERR_MASK))
4000 s->flags |= SN_ERR_PRXCOND;
4001 if (!(s->flags & SN_FINST_MASK))
4002 s->flags |= SN_FINST_R;
Willy Tarreau72b179a2008-08-28 16:01:32 +02004003 buffer_stop_hijack(s->rep);
Willy Tarreau91861262007-10-17 17:06:05 +02004004 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004005}
4006
4007
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004008/* Iterate the same filter through all request headers.
4009 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004010 * Since it can manage the switch to another backend, it updates the per-proxy
4011 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004012 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004013int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004014{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004015 char term;
4016 char *cur_ptr, *cur_end, *cur_next;
4017 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004018 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004019 struct hdr_idx_elem *cur_hdr;
4020 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01004021
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004022 last_hdr = 0;
4023
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004024 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004025 old_idx = 0;
4026
4027 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004028 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004029 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004030 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004031 (exp->action == ACT_ALLOW ||
4032 exp->action == ACT_DENY ||
4033 exp->action == ACT_TARPIT))
4034 return 0;
4035
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004036 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004037 if (!cur_idx)
4038 break;
4039
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004040 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004041 cur_ptr = cur_next;
4042 cur_end = cur_ptr + cur_hdr->len;
4043 cur_next = cur_end + cur_hdr->cr + 1;
4044
4045 /* Now we have one header between cur_ptr and cur_end,
4046 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004047 */
4048
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004049 /* The annoying part is that pattern matching needs
4050 * that we modify the contents to null-terminate all
4051 * strings before testing them.
4052 */
4053
4054 term = *cur_end;
4055 *cur_end = '\0';
4056
4057 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4058 switch (exp->action) {
4059 case ACT_SETBE:
4060 /* It is not possible to jump a second time.
4061 * FIXME: should we return an HTTP/500 here so that
4062 * the admin knows there's a problem ?
4063 */
4064 if (t->be != t->fe)
4065 break;
4066
4067 /* Swithing Proxy */
4068 t->be = (struct proxy *) exp->replace;
4069
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004070 /* right now, the backend switch is not overly complicated
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004071 * because we have associated req_cap and rsp_cap to the
4072 * frontend, and the beconn will be updated later.
4073 */
4074
Willy Tarreaud7c30f92007-12-03 01:38:36 +01004075 t->rep->rto = t->req->wto = t->be->timeout.server;
4076 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02004077 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004078 last_hdr = 1;
4079 break;
4080
4081 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004082 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004083 last_hdr = 1;
4084 break;
4085
4086 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004087 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004088 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004089 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004090 break;
4091
4092 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004093 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004094 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004095 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004096 break;
4097
4098 case ACT_REPLACE:
4099 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4100 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4101 /* FIXME: if the user adds a newline in the replacement, the
4102 * index will not be recalculated for now, and the new line
4103 * will not be counted as a new header.
4104 */
4105
4106 cur_end += delta;
4107 cur_next += delta;
4108 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004109 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004110 break;
4111
4112 case ACT_REMOVE:
4113 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
4114 cur_next += delta;
4115
4116 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004117 txn->req.eoh += delta;
4118 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4119 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004120 cur_hdr->len = 0;
4121 cur_end = NULL; /* null-term has been rewritten */
4122 break;
4123
4124 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004125 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004126 if (cur_end)
4127 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004128
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004129 /* keep the link from this header to next one in case of later
4130 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004131 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004132 old_idx = cur_idx;
4133 }
4134 return 0;
4135}
4136
4137
4138/* Apply the filter to the request line.
4139 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4140 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004141 * Since it can manage the switch to another backend, it updates the per-proxy
4142 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004143 */
4144int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
4145{
4146 char term;
4147 char *cur_ptr, *cur_end;
4148 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004149 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004150 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004151
Willy Tarreau58f10d72006-12-04 02:26:12 +01004152
Willy Tarreau3d300592007-03-18 18:34:41 +01004153 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004154 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004155 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004156 (exp->action == ACT_ALLOW ||
4157 exp->action == ACT_DENY ||
4158 exp->action == ACT_TARPIT))
4159 return 0;
4160 else if (exp->action == ACT_REMOVE)
4161 return 0;
4162
4163 done = 0;
4164
Willy Tarreau9cdde232007-05-02 20:58:19 +02004165 cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004166 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004167
4168 /* Now we have the request line between cur_ptr and cur_end */
4169
4170 /* The annoying part is that pattern matching needs
4171 * that we modify the contents to null-terminate all
4172 * strings before testing them.
4173 */
4174
4175 term = *cur_end;
4176 *cur_end = '\0';
4177
4178 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4179 switch (exp->action) {
4180 case ACT_SETBE:
4181 /* It is not possible to jump a second time.
4182 * FIXME: should we return an HTTP/500 here so that
4183 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01004184 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004185 if (t->be != t->fe)
4186 break;
4187
4188 /* Swithing Proxy */
4189 t->be = (struct proxy *) exp->replace;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004190
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004191 /* right now, the backend switch is not too much complicated
4192 * because we have associated req_cap and rsp_cap to the
4193 * frontend, and the beconn will be updated later.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004194 */
4195
Willy Tarreaud7c30f92007-12-03 01:38:36 +01004196 t->rep->rto = t->req->wto = t->be->timeout.server;
4197 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02004198 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004199 done = 1;
4200 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004201
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004202 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004203 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004204 done = 1;
4205 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004206
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004207 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004208 txn->flags |= TX_CLDENY;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004209 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004210 done = 1;
4211 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004212
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004213 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004214 txn->flags |= TX_CLTARPIT;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004215 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004216 done = 1;
4217 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004218
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004219 case ACT_REPLACE:
4220 *cur_end = term; /* restore the string terminator */
4221 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4222 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4223 /* FIXME: if the user adds a newline in the replacement, the
4224 * index will not be recalculated for now, and the new line
4225 * will not be counted as a new header.
4226 */
Willy Tarreaua496b602006-12-17 23:15:24 +01004227
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004228 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004229 cur_end += delta;
Willy Tarreaua496b602006-12-17 23:15:24 +01004230
Willy Tarreau9cdde232007-05-02 20:58:19 +02004231 txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004232 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004233 HTTP_MSG_RQMETH,
4234 cur_ptr, cur_end + 1,
4235 NULL, NULL);
4236 if (unlikely(!cur_end))
4237 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01004238
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004239 /* we have a full request and we know that we have either a CR
4240 * or an LF at <ptr>.
4241 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004242 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
4243 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004244 /* there is no point trying this regex on headers */
4245 return 1;
4246 }
4247 }
4248 *cur_end = term; /* restore the string terminator */
4249 return done;
4250}
Willy Tarreau97de6242006-12-27 17:18:38 +01004251
Willy Tarreau58f10d72006-12-04 02:26:12 +01004252
Willy Tarreau58f10d72006-12-04 02:26:12 +01004253
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004254/*
4255 * Apply all the req filters <exp> to all headers in buffer <req> of session <t>.
4256 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01004257 * unparsable request. Since it can manage the switch to another backend, it
4258 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004259 */
4260int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
4261{
Willy Tarreau3d300592007-03-18 18:34:41 +01004262 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004263 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004264 while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004265 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004266
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004267 /*
4268 * The interleaving of transformations and verdicts
4269 * makes it difficult to decide to continue or stop
4270 * the evaluation.
4271 */
4272
Willy Tarreau3d300592007-03-18 18:34:41 +01004273 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004274 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4275 exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
4276 exp = exp->next;
4277 continue;
4278 }
4279
4280 /* Apply the filter to the request line. */
4281 ret = apply_filter_to_req_line(t, req, exp);
4282 if (unlikely(ret < 0))
4283 return -1;
4284
4285 if (likely(ret == 0)) {
4286 /* The filter did not match the request, it can be
4287 * iterated through all headers.
4288 */
4289 apply_filter_to_req_headers(t, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004290 }
4291 exp = exp->next;
4292 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004293 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004294}
4295
4296
Willy Tarreaua15645d2007-03-18 16:22:39 +01004297
Willy Tarreau58f10d72006-12-04 02:26:12 +01004298/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004299 * Manage client-side cookie. It can impact performance by about 2% so it is
4300 * desirable to call it only when needed.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004301 */
4302void manage_client_side_cookies(struct session *t, struct buffer *req)
4303{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004304 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004305 char *p1, *p2, *p3, *p4;
4306 char *del_colon, *del_cookie, *colon;
4307 int app_cookies;
4308
4309 appsess *asession_temp = NULL;
4310 appsess local_asession;
4311
4312 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004313 int cur_idx, old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004314
Willy Tarreau2a324282006-12-05 00:05:46 +01004315 /* Iterate through the headers.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004316 * we start with the start line.
4317 */
Willy Tarreau83969f42007-01-22 08:55:47 +01004318 old_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004319 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004320
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004321 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004322 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004323 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004324
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004325 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau58f10d72006-12-04 02:26:12 +01004326 cur_ptr = cur_next;
4327 cur_end = cur_ptr + cur_hdr->len;
4328 cur_next = cur_end + cur_hdr->cr + 1;
4329
4330 /* We have one full header between cur_ptr and cur_end, and the
4331 * next header starts at cur_next. We're only interested in
4332 * "Cookie:" headers.
4333 */
4334
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004335 val = http_header_match2(cur_ptr, cur_end, "Cookie", 6);
4336 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004337 old_idx = cur_idx;
4338 continue;
4339 }
4340
4341 /* Now look for cookies. Conforming to RFC2109, we have to support
4342 * attributes whose name begin with a '$', and associate them with
4343 * the right cookie, if we want to delete this cookie.
4344 * So there are 3 cases for each cookie read :
4345 * 1) it's a special attribute, beginning with a '$' : ignore it.
4346 * 2) it's a server id cookie that we *MAY* want to delete : save
4347 * some pointers on it (last semi-colon, beginning of cookie...)
4348 * 3) it's an application cookie : we *MAY* have to delete a previous
4349 * "special" cookie.
4350 * At the end of loop, if a "special" cookie remains, we may have to
4351 * remove it. If no application cookie persists in the header, we
4352 * *MUST* delete it
4353 */
4354
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004355 colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004356
Willy Tarreau58f10d72006-12-04 02:26:12 +01004357 /* del_cookie == NULL => nothing to be deleted */
4358 del_colon = del_cookie = NULL;
4359 app_cookies = 0;
4360
4361 while (p1 < cur_end) {
4362 /* skip spaces and colons, but keep an eye on these ones */
4363 while (p1 < cur_end) {
4364 if (*p1 == ';' || *p1 == ',')
4365 colon = p1;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004366 else if (!isspace((unsigned char)*p1))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004367 break;
4368 p1++;
4369 }
4370
4371 if (p1 == cur_end)
4372 break;
4373
4374 /* p1 is at the beginning of the cookie name */
4375 p2 = p1;
4376 while (p2 < cur_end && *p2 != '=')
4377 p2++;
4378
4379 if (p2 == cur_end)
4380 break;
4381
4382 p3 = p2 + 1; /* skips the '=' sign */
4383 if (p3 == cur_end)
4384 break;
4385
4386 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004387 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';' && *p4 != ',')
Willy Tarreau58f10d72006-12-04 02:26:12 +01004388 p4++;
4389
4390 /* here, we have the cookie name between p1 and p2,
4391 * and its value between p3 and p4.
4392 * we can process it :
4393 *
4394 * Cookie: NAME=VALUE;
4395 * | || || |
4396 * | || || +--> p4
4397 * | || |+-------> p3
4398 * | || +--------> p2
4399 * | |+------------> p1
4400 * | +-------------> colon
4401 * +--------------------> cur_ptr
4402 */
4403
4404 if (*p1 == '$') {
4405 /* skip this one */
4406 }
4407 else {
4408 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004409 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004410 txn->cli_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004411 (p4 - p1 >= t->fe->capture_namelen) &&
4412 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004413 int log_len = p4 - p1;
4414
Willy Tarreau086b3b42007-05-13 21:45:51 +02004415 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004416 Alert("HTTP logging : out of memory.\n");
4417 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004418 if (log_len > t->fe->capture_len)
4419 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004420 memcpy(txn->cli_cookie, p1, log_len);
4421 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004422 }
4423 }
4424
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004425 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4426 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004427 /* Cool... it's the right one */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004428 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004429 char *delim;
4430
4431 /* if we're in cookie prefix mode, we'll search the delimitor so that we
4432 * have the server ID betweek p3 and delim, and the original cookie between
4433 * delim+1 and p4. Otherwise, delim==p4 :
4434 *
4435 * Cookie: NAME=SRV~VALUE;
4436 * | || || | |
4437 * | || || | +--> p4
4438 * | || || +--------> delim
4439 * | || |+-----------> p3
4440 * | || +------------> p2
4441 * | |+----------------> p1
4442 * | +-----------------> colon
4443 * +------------------------> cur_ptr
4444 */
4445
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004446 if (t->be->options & PR_O_COOK_PFX) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004447 for (delim = p3; delim < p4; delim++)
4448 if (*delim == COOKIE_DELIM)
4449 break;
4450 }
4451 else
4452 delim = p4;
4453
4454
4455 /* Here, we'll look for the first running server which supports the cookie.
4456 * This allows to share a same cookie between several servers, for example
4457 * to dedicate backup servers to specific servers only.
4458 * However, to prevent clients from sticking to cookie-less backup server
4459 * when they have incidentely learned an empty cookie, we simply ignore
4460 * empty cookies and mark them as invalid.
4461 */
4462 if (delim == p3)
4463 srv = NULL;
4464
4465 while (srv) {
Willy Tarreau92f2ab12007-02-02 22:14:47 +01004466 if (srv->cookie && (srv->cklen == delim - p3) &&
4467 !memcmp(p3, srv->cookie, delim - p3)) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004468 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004469 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004470 txn->flags &= ~TX_CK_MASK;
4471 txn->flags |= TX_CK_VALID;
4472 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004473 t->srv = srv;
4474 break;
4475 } else {
4476 /* we found a server, but it's down */
Willy Tarreau3d300592007-03-18 18:34:41 +01004477 txn->flags &= ~TX_CK_MASK;
4478 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004479 }
4480 }
4481 srv = srv->next;
4482 }
4483
Willy Tarreau3d300592007-03-18 18:34:41 +01004484 if (!srv && !(txn->flags & TX_CK_DOWN)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004485 /* no server matched this cookie */
Willy Tarreau3d300592007-03-18 18:34:41 +01004486 txn->flags &= ~TX_CK_MASK;
4487 txn->flags |= TX_CK_INVALID;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004488 }
4489
4490 /* depending on the cookie mode, we may have to either :
4491 * - delete the complete cookie if we're in insert+indirect mode, so that
4492 * the server never sees it ;
4493 * - remove the server id from the cookie value, and tag the cookie as an
4494 * application cookie so that it does not get accidentely removed later,
4495 * if we're in cookie prefix mode
4496 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004497 if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004498 int delta; /* negative */
4499
4500 delta = buffer_replace2(req, p3, delim + 1, NULL, 0);
4501 p4 += delta;
4502 cur_end += delta;
4503 cur_next += delta;
4504 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004505 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004506
4507 del_cookie = del_colon = NULL;
4508 app_cookies++; /* protect the header from deletion */
4509 }
4510 else if (del_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004511 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004512 del_cookie = p1;
4513 del_colon = colon;
4514 }
4515 } else {
4516 /* now we know that we must keep this cookie since it's
4517 * not ours. But if we wanted to delete our cookie
4518 * earlier, we cannot remove the complete header, but we
4519 * can remove the previous block itself.
4520 */
4521 app_cookies++;
4522
4523 if (del_cookie != NULL) {
4524 int delta; /* negative */
4525
4526 delta = buffer_replace2(req, del_cookie, p1, NULL, 0);
4527 p4 += delta;
4528 cur_end += delta;
4529 cur_next += delta;
4530 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004531 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004532 del_cookie = del_colon = NULL;
4533 }
4534 }
4535
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004536 if ((t->be->appsession_name != NULL) &&
4537 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004538 /* first, let's see if the cookie is our appcookie*/
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004539
Willy Tarreau58f10d72006-12-04 02:26:12 +01004540 /* Cool... it's the right one */
4541
4542 asession_temp = &local_asession;
4543
Willy Tarreau63963c62007-05-13 21:29:55 +02004544 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004545 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4546 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4547 return;
4548 }
4549
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004550 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4551 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004552 asession_temp->serverid = NULL;
Willy Tarreau51041c72007-09-09 21:56:53 +02004553
Willy Tarreau58f10d72006-12-04 02:26:12 +01004554 /* only do insert, if lookup fails */
Willy Tarreau51041c72007-09-09 21:56:53 +02004555 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4556 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004557 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004558 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004559 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004560 Alert("Not enough memory process_cli():asession:calloc().\n");
4561 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4562 return;
4563 }
4564
4565 asession_temp->sessid = local_asession.sessid;
4566 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004567 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004568 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004569 } else {
4570 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004571 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004572 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004573 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004574 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004575 Alert("Found Application Session without matching server.\n");
4576 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004577 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004578 while (srv) {
4579 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004580 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004581 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004582 txn->flags &= ~TX_CK_MASK;
4583 txn->flags |= TX_CK_VALID;
4584 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004585 t->srv = srv;
4586 break;
4587 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01004588 txn->flags &= ~TX_CK_MASK;
4589 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004590 }
4591 }
4592 srv = srv->next;
4593 }/* end while(srv) */
4594 }/* end else if server == NULL */
4595
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004596 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004597 asession_temp->request_count++;
4598#if defined(DEBUG_HASH)
4599 Alert("manage_client_side_cookies\n");
4600 appsession_hash_dump(&(t->be->htbl_proxy));
4601#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01004602 }/* end if ((t->proxy->appsession_name != NULL) ... */
4603 }
4604
4605 /* we'll have to look for another cookie ... */
4606 p1 = p4;
4607 } /* while (p1 < cur_end) */
4608
4609 /* There's no more cookie on this line.
4610 * We may have marked the last one(s) for deletion.
4611 * We must do this now in two ways :
4612 * - if there is no app cookie, we simply delete the header ;
4613 * - if there are app cookies, we must delete the end of the
4614 * string properly, including the colon/semi-colon before
4615 * the cookie name.
4616 */
4617 if (del_cookie != NULL) {
4618 int delta;
4619 if (app_cookies) {
4620 delta = buffer_replace2(req, del_colon, cur_end, NULL, 0);
4621 cur_end = del_colon;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004622 cur_hdr->len += delta;
4623 } else {
4624 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004625
4626 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004627 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4628 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004629 cur_hdr->len = 0;
4630 }
Willy Tarreau45e73e32006-12-17 00:05:15 +01004631 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004632 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004633 }
4634
4635 /* keep the link from this header to next one */
4636 old_idx = cur_idx;
4637 } /* end of cookie processing on this header */
4638}
4639
4640
Willy Tarreaua15645d2007-03-18 16:22:39 +01004641/* Iterate the same filter through all response headers contained in <rtr>.
4642 * Returns 1 if this filter can be stopped upon return, otherwise 0.
4643 */
4644int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4645{
4646 char term;
4647 char *cur_ptr, *cur_end, *cur_next;
4648 int cur_idx, old_idx, last_hdr;
4649 struct http_txn *txn = &t->txn;
4650 struct hdr_idx_elem *cur_hdr;
4651 int len, delta;
4652
4653 last_hdr = 0;
4654
4655 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4656 old_idx = 0;
4657
4658 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004659 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004660 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004661 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004662 (exp->action == ACT_ALLOW ||
4663 exp->action == ACT_DENY))
4664 return 0;
4665
4666 cur_idx = txn->hdr_idx.v[old_idx].next;
4667 if (!cur_idx)
4668 break;
4669
4670 cur_hdr = &txn->hdr_idx.v[cur_idx];
4671 cur_ptr = cur_next;
4672 cur_end = cur_ptr + cur_hdr->len;
4673 cur_next = cur_end + cur_hdr->cr + 1;
4674
4675 /* Now we have one header between cur_ptr and cur_end,
4676 * and the next header starts at cur_next.
4677 */
4678
4679 /* The annoying part is that pattern matching needs
4680 * that we modify the contents to null-terminate all
4681 * strings before testing them.
4682 */
4683
4684 term = *cur_end;
4685 *cur_end = '\0';
4686
4687 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4688 switch (exp->action) {
4689 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004690 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004691 last_hdr = 1;
4692 break;
4693
4694 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004695 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004696 last_hdr = 1;
4697 break;
4698
4699 case ACT_REPLACE:
4700 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4701 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4702 /* FIXME: if the user adds a newline in the replacement, the
4703 * index will not be recalculated for now, and the new line
4704 * will not be counted as a new header.
4705 */
4706
4707 cur_end += delta;
4708 cur_next += delta;
4709 cur_hdr->len += delta;
4710 txn->rsp.eoh += delta;
4711 break;
4712
4713 case ACT_REMOVE:
4714 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4715 cur_next += delta;
4716
4717 /* FIXME: this should be a separate function */
4718 txn->rsp.eoh += delta;
4719 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4720 txn->hdr_idx.used--;
4721 cur_hdr->len = 0;
4722 cur_end = NULL; /* null-term has been rewritten */
4723 break;
4724
4725 }
4726 }
4727 if (cur_end)
4728 *cur_end = term; /* restore the string terminator */
4729
4730 /* keep the link from this header to next one in case of later
4731 * removal of next header.
4732 */
4733 old_idx = cur_idx;
4734 }
4735 return 0;
4736}
4737
4738
4739/* Apply the filter to the status line in the response buffer <rtr>.
4740 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4741 * or -1 if a replacement resulted in an invalid status line.
4742 */
4743int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4744{
4745 char term;
4746 char *cur_ptr, *cur_end;
4747 int done;
4748 struct http_txn *txn = &t->txn;
4749 int len, delta;
4750
4751
Willy Tarreau3d300592007-03-18 18:34:41 +01004752 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004753 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004754 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004755 (exp->action == ACT_ALLOW ||
4756 exp->action == ACT_DENY))
4757 return 0;
4758 else if (exp->action == ACT_REMOVE)
4759 return 0;
4760
4761 done = 0;
4762
Willy Tarreau9cdde232007-05-02 20:58:19 +02004763 cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004764 cur_end = cur_ptr + txn->rsp.sl.rq.l;
4765
4766 /* Now we have the status line between cur_ptr and cur_end */
4767
4768 /* The annoying part is that pattern matching needs
4769 * that we modify the contents to null-terminate all
4770 * strings before testing them.
4771 */
4772
4773 term = *cur_end;
4774 *cur_end = '\0';
4775
4776 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4777 switch (exp->action) {
4778 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004779 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004780 done = 1;
4781 break;
4782
4783 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004784 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004785 done = 1;
4786 break;
4787
4788 case ACT_REPLACE:
4789 *cur_end = term; /* restore the string terminator */
4790 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4791 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4792 /* FIXME: if the user adds a newline in the replacement, the
4793 * index will not be recalculated for now, and the new line
4794 * will not be counted as a new header.
4795 */
4796
4797 txn->rsp.eoh += delta;
4798 cur_end += delta;
4799
Willy Tarreau9cdde232007-05-02 20:58:19 +02004800 txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004801 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02004802 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01004803 cur_ptr, cur_end + 1,
4804 NULL, NULL);
4805 if (unlikely(!cur_end))
4806 return -1;
4807
4808 /* we have a full respnse and we know that we have either a CR
4809 * or an LF at <ptr>.
4810 */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004811 txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004812 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r');
4813 /* there is no point trying this regex on headers */
4814 return 1;
4815 }
4816 }
4817 *cur_end = term; /* restore the string terminator */
4818 return done;
4819}
4820
4821
4822
4823/*
4824 * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>.
4825 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
4826 * unparsable response.
4827 */
4828int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4829{
Willy Tarreau3d300592007-03-18 18:34:41 +01004830 struct http_txn *txn = &t->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004831 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004832 while (exp && !(txn->flags & TX_SVDENY)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004833 int ret;
4834
4835 /*
4836 * The interleaving of transformations and verdicts
4837 * makes it difficult to decide to continue or stop
4838 * the evaluation.
4839 */
4840
Willy Tarreau3d300592007-03-18 18:34:41 +01004841 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004842 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4843 exp->action == ACT_PASS)) {
4844 exp = exp->next;
4845 continue;
4846 }
4847
4848 /* Apply the filter to the status line. */
4849 ret = apply_filter_to_sts_line(t, rtr, exp);
4850 if (unlikely(ret < 0))
4851 return -1;
4852
4853 if (likely(ret == 0)) {
4854 /* The filter did not match the response, it can be
4855 * iterated through all headers.
4856 */
4857 apply_filter_to_resp_headers(t, rtr, exp);
4858 }
4859 exp = exp->next;
4860 }
4861 return 0;
4862}
4863
4864
4865
4866/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004867 * Manage server-side cookies. It can impact performance by about 2% so it is
4868 * desirable to call it only when needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004869 */
4870void manage_server_side_cookies(struct session *t, struct buffer *rtr)
4871{
4872 struct http_txn *txn = &t->txn;
4873 char *p1, *p2, *p3, *p4;
4874
4875 appsess *asession_temp = NULL;
4876 appsess local_asession;
4877
4878 char *cur_ptr, *cur_end, *cur_next;
4879 int cur_idx, old_idx, delta;
4880
Willy Tarreaua15645d2007-03-18 16:22:39 +01004881 /* Iterate through the headers.
4882 * we start with the start line.
4883 */
4884 old_idx = 0;
4885 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4886
4887 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
4888 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004889 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004890
4891 cur_hdr = &txn->hdr_idx.v[cur_idx];
4892 cur_ptr = cur_next;
4893 cur_end = cur_ptr + cur_hdr->len;
4894 cur_next = cur_end + cur_hdr->cr + 1;
4895
4896 /* We have one full header between cur_ptr and cur_end, and the
4897 * next header starts at cur_next. We're only interested in
4898 * "Cookie:" headers.
4899 */
4900
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004901 val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10);
4902 if (!val) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004903 old_idx = cur_idx;
4904 continue;
4905 }
4906
4907 /* OK, right now we know we have a set-cookie at cur_ptr */
Willy Tarreau3d300592007-03-18 18:34:41 +01004908 txn->flags |= TX_SCK_ANY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004909
4910
4911 /* maybe we only wanted to see if there was a set-cookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004912 if (t->be->cookie_name == NULL &&
4913 t->be->appsession_name == NULL &&
4914 t->be->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004915 return;
4916
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004917 p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004918
4919 while (p1 < cur_end) { /* in fact, we'll break after the first cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004920 if (p1 == cur_end || *p1 == ';') /* end of cookie */
4921 break;
4922
4923 /* p1 is at the beginning of the cookie name */
4924 p2 = p1;
4925
4926 while (p2 < cur_end && *p2 != '=' && *p2 != ';')
4927 p2++;
4928
4929 if (p2 == cur_end || *p2 == ';') /* next cookie */
4930 break;
4931
4932 p3 = p2 + 1; /* skip the '=' sign */
4933 if (p3 == cur_end)
4934 break;
4935
4936 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004937 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';')
Willy Tarreaua15645d2007-03-18 16:22:39 +01004938 p4++;
4939
4940 /* here, we have the cookie name between p1 and p2,
4941 * and its value between p3 and p4.
4942 * we can process it.
4943 */
4944
4945 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004946 if (t->be->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004947 txn->srv_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004948 (p4 - p1 >= t->be->capture_namelen) &&
4949 memcmp(p1, t->be->capture_name, t->be->capture_namelen) == 0) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004950 int log_len = p4 - p1;
4951
Willy Tarreau086b3b42007-05-13 21:45:51 +02004952 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004953 Alert("HTTP logging : out of memory.\n");
4954 }
4955
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004956 if (log_len > t->be->capture_len)
4957 log_len = t->be->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004958 memcpy(txn->srv_cookie, p1, log_len);
4959 txn->srv_cookie[log_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004960 }
4961
4962 /* now check if we need to process it for persistence */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004963 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4964 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004965 /* Cool... it's the right one */
Willy Tarreau3d300592007-03-18 18:34:41 +01004966 txn->flags |= TX_SCK_SEEN;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004967
4968 /* If the cookie is in insert mode on a known server, we'll delete
4969 * this occurrence because we'll insert another one later.
4970 * We'll delete it too if the "indirect" option is set and we're in
4971 * a direct access. */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004972 if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
4973 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004974 /* this header must be deleted */
4975 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4976 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4977 txn->hdr_idx.used--;
4978 cur_hdr->len = 0;
4979 cur_next += delta;
4980 txn->rsp.eoh += delta;
4981
Willy Tarreau3d300592007-03-18 18:34:41 +01004982 txn->flags |= TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004983 }
4984 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004985 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004986 /* replace bytes p3->p4 with the cookie name associated
4987 * with this server since we know it.
4988 */
4989 delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen);
4990 cur_hdr->len += delta;
4991 cur_next += delta;
4992 txn->rsp.eoh += delta;
4993
Willy Tarreau3d300592007-03-18 18:34:41 +01004994 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004995 }
4996 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004997 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004998 /* insert the cookie name associated with this server
4999 * before existing cookie, and insert a delimitor between them..
5000 */
5001 delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1);
5002 cur_hdr->len += delta;
5003 cur_next += delta;
5004 txn->rsp.eoh += delta;
5005
5006 p3[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreau3d300592007-03-18 18:34:41 +01005007 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005008 }
5009 }
5010 /* next, let's see if the cookie is our appcookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005011 else if ((t->be->appsession_name != NULL) &&
5012 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005013
5014 /* Cool... it's the right one */
5015
5016 size_t server_id_len = strlen(t->srv->id) + 1;
5017 asession_temp = &local_asession;
5018
Willy Tarreau63963c62007-05-13 21:29:55 +02005019 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005020 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5021 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5022 return;
5023 }
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005024 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
5025 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005026 asession_temp->serverid = NULL;
5027
5028 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01005029 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
5030 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005031 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005032 Alert("Not enough Memory process_srv():asession:calloc().\n");
5033 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
5034 return;
5035 }
5036 asession_temp->sessid = local_asession.sessid;
5037 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005038 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02005039 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
5040 } else {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005041 /* free wasted memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005042 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau51041c72007-09-09 21:56:53 +02005043 }
5044
Willy Tarreaua15645d2007-03-18 16:22:39 +01005045 if (asession_temp->serverid == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005046 if ((asession_temp->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005047 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5048 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5049 return;
5050 }
5051 asession_temp->serverid[0] = '\0';
5052 }
5053
5054 if (asession_temp->serverid[0] == '\0')
5055 memcpy(asession_temp->serverid, t->srv->id, server_id_len);
5056
Willy Tarreau0c303ee2008-07-07 00:09:58 +02005057 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005058 asession_temp->request_count++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005059#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005060 Alert("manage_server_side_cookies\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005061 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreaua15645d2007-03-18 16:22:39 +01005062#endif
5063 }/* end if ((t->proxy->appsession_name != NULL) ... */
5064 break; /* we don't want to loop again since there cannot be another cookie on the same line */
5065 } /* we're now at the end of the cookie value */
5066
5067 /* keep the link from this header to next one */
5068 old_idx = cur_idx;
5069 } /* end of cookie processing on this header */
5070}
5071
5072
5073
5074/*
5075 * Check if response is cacheable or not. Updates t->flags.
5076 */
5077void check_response_for_cacheability(struct session *t, struct buffer *rtr)
5078{
5079 struct http_txn *txn = &t->txn;
5080 char *p1, *p2;
5081
5082 char *cur_ptr, *cur_end, *cur_next;
5083 int cur_idx;
5084
Willy Tarreau5df51872007-11-25 16:20:08 +01005085 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005086 return;
5087
5088 /* Iterate through the headers.
5089 * we start with the start line.
5090 */
5091 cur_idx = 0;
5092 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
5093
5094 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5095 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005096 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005097
5098 cur_hdr = &txn->hdr_idx.v[cur_idx];
5099 cur_ptr = cur_next;
5100 cur_end = cur_ptr + cur_hdr->len;
5101 cur_next = cur_end + cur_hdr->cr + 1;
5102
5103 /* We have one full header between cur_ptr and cur_end, and the
5104 * next header starts at cur_next. We're only interested in
5105 * "Cookie:" headers.
5106 */
5107
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005108 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
5109 if (val) {
5110 if ((cur_end - (cur_ptr + val) >= 8) &&
5111 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
5112 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5113 return;
5114 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005115 }
5116
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005117 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
5118 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01005119 continue;
5120
5121 /* OK, right now we know we have a cache-control header at cur_ptr */
5122
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005123 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005124
5125 if (p1 >= cur_end) /* no more info */
5126 continue;
5127
5128 /* p1 is at the beginning of the value */
5129 p2 = p1;
5130
Willy Tarreau8f8e6452007-06-17 21:51:38 +02005131 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005132 p2++;
5133
5134 /* we have a complete value between p1 and p2 */
5135 if (p2 < cur_end && *p2 == '=') {
5136 /* we have something of the form no-cache="set-cookie" */
5137 if ((cur_end - p1 >= 21) &&
5138 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
5139 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01005140 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005141 continue;
5142 }
5143
5144 /* OK, so we know that either p2 points to the end of string or to a comma */
5145 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
5146 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
5147 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
5148 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005149 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005150 return;
5151 }
5152
5153 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005154 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005155 continue;
5156 }
5157 }
5158}
5159
5160
Willy Tarreau58f10d72006-12-04 02:26:12 +01005161/*
5162 * Try to retrieve a known appsession in the URI, then the associated server.
5163 * If the server is found, it's assigned to the session.
5164 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005165void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005166{
Willy Tarreau3d300592007-03-18 18:34:41 +01005167 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005168 appsess *asession_temp = NULL;
5169 appsess local_asession;
5170 char *request_line;
5171
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005172 if (t->be->appsession_name == NULL ||
Willy Tarreaub326fcc2007-03-03 13:54:32 +01005173 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST) ||
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005174 (request_line = memchr(begin, ';', len)) == NULL ||
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005175 ((1 + t->be->appsession_name_len + 1 + t->be->appsession_len) > (begin + len - request_line)))
Willy Tarreau58f10d72006-12-04 02:26:12 +01005176 return;
5177
5178 /* skip ';' */
5179 request_line++;
5180
5181 /* look if we have a jsessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005182 if (strncasecmp(request_line, t->be->appsession_name, t->be->appsession_name_len) != 0)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005183 return;
5184
5185 /* skip jsessionid= */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005186 request_line += t->be->appsession_name_len + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005187
5188 /* First try if we already have an appsession */
5189 asession_temp = &local_asession;
5190
Willy Tarreau63963c62007-05-13 21:29:55 +02005191 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005192 Alert("Not enough memory process_cli():asession_temp->sessid:calloc().\n");
5193 send_log(t->be, LOG_ALERT, "Not enough Memory process_cli():asession_temp->sessid:calloc().\n");
5194 return;
5195 }
5196
5197 /* Copy the sessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005198 memcpy(asession_temp->sessid, request_line, t->be->appsession_len);
5199 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005200 asession_temp->serverid = NULL;
5201
5202 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01005203 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
5204 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005205 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005206 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005207 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005208 Alert("Not enough memory process_cli():asession:calloc().\n");
5209 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
5210 return;
5211 }
5212 asession_temp->sessid = local_asession.sessid;
5213 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005214 asession_temp->request_count=0;
Willy Tarreau51041c72007-09-09 21:56:53 +02005215 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005216 }
5217 else {
5218 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005219 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005220 }
Willy Tarreau51041c72007-09-09 21:56:53 +02005221
Willy Tarreau0c303ee2008-07-07 00:09:58 +02005222 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005223 asession_temp->request_count++;
Willy Tarreau51041c72007-09-09 21:56:53 +02005224
Willy Tarreau58f10d72006-12-04 02:26:12 +01005225#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005226 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005227 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01005228#endif
5229 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005230 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005231 Alert("Found Application Session without matching server.\n");
5232 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005233 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005234 while (srv) {
5235 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005236 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005237 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01005238 txn->flags &= ~TX_CK_MASK;
5239 txn->flags |= TX_CK_VALID;
5240 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005241 t->srv = srv;
5242 break;
5243 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01005244 txn->flags &= ~TX_CK_MASK;
5245 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005246 }
5247 }
5248 srv = srv->next;
5249 }
5250 }
5251}
5252
5253
Willy Tarreaub2513902006-12-17 14:52:38 +01005254/*
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005255 * In a GET or HEAD request, check if the requested URI matches the stats uri
5256 * for the current backend, and if an authorization has been passed and is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01005257 *
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005258 * It is assumed that the request is either a HEAD or GET and that the
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005259 * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005260 * produce_content() can be called to start sending data.
Willy Tarreaub2513902006-12-17 14:52:38 +01005261 *
5262 * Returns 1 if the session's state changes, otherwise 0.
5263 */
5264int stats_check_uri_auth(struct session *t, struct proxy *backend)
5265{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005266 struct http_txn *txn = &t->txn;
Willy Tarreaub2513902006-12-17 14:52:38 +01005267 struct uri_auth *uri_auth = backend->uri_auth;
5268 struct user_auth *user;
5269 int authenticated, cur_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005270 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01005271
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005272 memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
5273
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005274 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005275 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01005276 return 0;
5277
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005278 h = t->req->data + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005279
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005280 /* the URI is in h */
5281 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01005282 return 0;
5283
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005284 h += uri_auth->uri_len;
5285 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
5286 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005287 t->data_ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005288 break;
5289 }
5290 h++;
5291 }
5292
5293 if (uri_auth->refresh) {
5294 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5295 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
5296 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005297 t->data_ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005298 break;
5299 }
5300 h++;
5301 }
5302 }
5303
Willy Tarreau55bb8452007-10-17 18:44:57 +02005304 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5305 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
5306 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005307 t->data_ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02005308 break;
5309 }
5310 h++;
5311 }
5312
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005313 t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
5314
Willy Tarreaub2513902006-12-17 14:52:38 +01005315 /* we are in front of a interceptable URI. Let's check
5316 * if there's an authentication and if it's valid.
5317 */
5318 user = uri_auth->users;
5319 if (!user) {
5320 /* no user auth required, it's OK */
5321 authenticated = 1;
5322 } else {
5323 authenticated = 0;
5324
5325 /* a user list is defined, we have to check.
5326 * skip 21 chars for "Authorization: Basic ".
5327 */
5328
5329 /* FIXME: this should move to an earlier place */
5330 cur_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005331 h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
5332 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5333 int len = txn->hdr_idx.v[cur_idx].len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005334 if (len > 14 &&
5335 !strncasecmp("Authorization:", h, 14)) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005336 txn->auth_hdr.str = h;
5337 txn->auth_hdr.len = len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005338 break;
5339 }
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005340 h += len + txn->hdr_idx.v[cur_idx].cr + 1;
Willy Tarreaub2513902006-12-17 14:52:38 +01005341 }
5342
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005343 if (txn->auth_hdr.len < 21 ||
5344 memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
Willy Tarreaub2513902006-12-17 14:52:38 +01005345 user = NULL;
5346
5347 while (user) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005348 if ((txn->auth_hdr.len == user->user_len + 14 + 7)
5349 && !memcmp(txn->auth_hdr.str + 14 + 7,
Willy Tarreaub2513902006-12-17 14:52:38 +01005350 user->user_pwd, user->user_len)) {
5351 authenticated = 1;
5352 break;
5353 }
5354 user = user->next;
5355 }
5356 }
5357
5358 if (!authenticated) {
Willy Tarreau0f772532006-12-23 20:51:41 +01005359 struct chunk msg;
Willy Tarreaub2513902006-12-17 14:52:38 +01005360
5361 /* no need to go further */
Willy Tarreau0f772532006-12-23 20:51:41 +01005362 msg.str = trash;
5363 msg.len = sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm);
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005364 txn->status = 401;
Willy Tarreau0f772532006-12-23 20:51:41 +01005365 client_retnclose(t, &msg);
Willy Tarreauf8533202008-08-16 14:55:08 +02005366 trace_term(t, TT_HTTP_URI_1);
Willy Tarreau2df28e82008-08-17 15:20:19 +02005367 t->req->analysers = 0;
Willy Tarreaub2513902006-12-17 14:52:38 +01005368 if (!(t->flags & SN_ERR_MASK))
5369 t->flags |= SN_ERR_PRXCOND;
5370 if (!(t->flags & SN_FINST_MASK))
5371 t->flags |= SN_FINST_R;
5372 return 1;
5373 }
5374
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005375 /* The request is valid, the user is authenticated. Let's start sending
Willy Tarreaub2513902006-12-17 14:52:38 +01005376 * data.
5377 */
Willy Tarreau72b179a2008-08-28 16:01:32 +02005378 buffer_shutw_now(t->req);
5379 buffer_shutr_now(t->rep);
5380 buffer_start_hijack(t->rep);
Willy Tarreau70089872008-06-13 21:12:51 +02005381 t->logs.tv_request = now;
Willy Tarreaub2513902006-12-17 14:52:38 +01005382 t->data_source = DATA_SRC_STATS;
5383 t->data_state = DATA_ST_INIT;
Willy Tarreau91e99932008-06-30 07:51:00 +02005384 t->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub2513902006-12-17 14:52:38 +01005385 produce_content(t);
5386 return 1;
5387}
5388
5389
Willy Tarreaubaaee002006-06-26 02:48:02 +02005390/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01005391 * Print a debug line with a header
5392 */
5393void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
5394{
5395 int len, max;
5396 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005397 dir, (unsigned short)t->req->prod->fd, (unsigned short)t->req->cons->fd);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005398 max = end - start;
5399 UBOUND(max, sizeof(trash) - len - 1);
5400 len += strlcpy2(trash + len, start, max + 1);
5401 trash[len++] = '\n';
5402 write(1, trash, len);
5403}
5404
5405
Willy Tarreau8797c062007-05-07 00:55:35 +02005406/************************************************************************/
5407/* The code below is dedicated to ACL parsing and matching */
5408/************************************************************************/
5409
5410
5411
5412
5413/* 1. Check on METHOD
5414 * We use the pre-parsed method if it is known, and store its number as an
5415 * integer. If it is unknown, we use the pointer and the length.
5416 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005417static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005418{
5419 int len, meth;
5420
Willy Tarreauae8b7962007-06-09 23:10:04 +02005421 len = strlen(*text);
5422 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02005423
5424 pattern->val.i = meth;
5425 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02005426 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005427 if (!pattern->ptr.str)
5428 return 0;
5429 pattern->len = len;
5430 }
5431 return 1;
5432}
5433
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005434static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005435acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
5436 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005437{
5438 int meth;
5439 struct http_txn *txn = l7;
5440
Willy Tarreaub6866442008-07-14 23:54:42 +02005441 if (!txn)
5442 return 0;
5443
Willy Tarreauc11416f2007-06-17 16:58:38 +02005444 if (txn->req.msg_state != HTTP_MSG_BODY)
5445 return 0;
5446
Willy Tarreau8797c062007-05-07 00:55:35 +02005447 meth = txn->meth;
5448 test->i = meth;
5449 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02005450 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5451 /* ensure the indexes are not affected */
5452 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02005453 test->len = txn->req.sl.rq.m_l;
5454 test->ptr = txn->req.sol;
5455 }
5456 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5457 return 1;
5458}
5459
5460static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
5461{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005462 int icase;
5463
Willy Tarreau8797c062007-05-07 00:55:35 +02005464 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02005465 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02005466
5467 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02005468 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005469
5470 /* Other method, we must compare the strings */
5471 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02005472 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005473
5474 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
5475 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
5476 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02005477 return ACL_PAT_FAIL;
5478 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005479}
5480
5481/* 2. Check on Request/Status Version
5482 * We simply compare strings here.
5483 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005484static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005485{
Willy Tarreauae8b7962007-06-09 23:10:04 +02005486 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005487 if (!pattern->ptr.str)
5488 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02005489 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005490 return 1;
5491}
5492
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005493static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005494acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
5495 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005496{
5497 struct http_txn *txn = l7;
5498 char *ptr;
5499 int len;
5500
Willy Tarreaub6866442008-07-14 23:54:42 +02005501 if (!txn)
5502 return 0;
5503
Willy Tarreauc11416f2007-06-17 16:58:38 +02005504 if (txn->req.msg_state != HTTP_MSG_BODY)
5505 return 0;
5506
Willy Tarreau8797c062007-05-07 00:55:35 +02005507 len = txn->req.sl.rq.v_l;
5508 ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som;
5509
5510 while ((len-- > 0) && (*ptr++ != '/'));
5511 if (len <= 0)
5512 return 0;
5513
5514 test->ptr = ptr;
5515 test->len = len;
5516
5517 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5518 return 1;
5519}
5520
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005521static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005522acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
5523 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005524{
5525 struct http_txn *txn = l7;
5526 char *ptr;
5527 int len;
5528
Willy Tarreaub6866442008-07-14 23:54:42 +02005529 if (!txn)
5530 return 0;
5531
Willy Tarreauc11416f2007-06-17 16:58:38 +02005532 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5533 return 0;
5534
Willy Tarreau8797c062007-05-07 00:55:35 +02005535 len = txn->rsp.sl.st.v_l;
5536 ptr = txn->rsp.sol;
5537
5538 while ((len-- > 0) && (*ptr++ != '/'));
5539 if (len <= 0)
5540 return 0;
5541
5542 test->ptr = ptr;
5543 test->len = len;
5544
5545 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5546 return 1;
5547}
5548
5549/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005550static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005551acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
5552 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005553{
5554 struct http_txn *txn = l7;
5555 char *ptr;
5556 int len;
5557
Willy Tarreaub6866442008-07-14 23:54:42 +02005558 if (!txn)
5559 return 0;
5560
Willy Tarreauc11416f2007-06-17 16:58:38 +02005561 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5562 return 0;
5563
Willy Tarreau8797c062007-05-07 00:55:35 +02005564 len = txn->rsp.sl.st.c_l;
5565 ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som;
5566
5567 test->i = __strl2ui(ptr, len);
5568 test->flags = ACL_TEST_F_VOL_1ST;
5569 return 1;
5570}
5571
5572/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005573static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005574acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
5575 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005576{
5577 struct http_txn *txn = l7;
5578
Willy Tarreaub6866442008-07-14 23:54:42 +02005579 if (!txn)
5580 return 0;
5581
Willy Tarreauc11416f2007-06-17 16:58:38 +02005582 if (txn->req.msg_state != HTTP_MSG_BODY)
5583 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005584
Willy Tarreauc11416f2007-06-17 16:58:38 +02005585 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5586 /* ensure the indexes are not affected */
5587 return 0;
5588
Willy Tarreau8797c062007-05-07 00:55:35 +02005589 test->len = txn->req.sl.rq.u_l;
5590 test->ptr = txn->req.sol + txn->req.sl.rq.u;
5591
Willy Tarreauf3d25982007-05-08 22:45:09 +02005592 /* we do not need to set READ_ONLY because the data is in a buffer */
5593 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02005594 return 1;
5595}
5596
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005597static int
5598acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
5599 struct acl_expr *expr, struct acl_test *test)
5600{
5601 struct http_txn *txn = l7;
5602
Willy Tarreaub6866442008-07-14 23:54:42 +02005603 if (!txn)
5604 return 0;
5605
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005606 if (txn->req.msg_state != HTTP_MSG_BODY)
5607 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005608
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005609 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5610 /* ensure the indexes are not affected */
5611 return 0;
5612
5613 /* Parse HTTP request */
5614 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5615 test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr;
5616 test->i = AF_INET;
5617
5618 /*
5619 * If we are parsing url in frontend space, we prepare backend stage
5620 * to not parse again the same url ! optimization lazyness...
5621 */
5622 if (px->options & PR_O_HTTP_PROXY)
5623 l4->flags |= SN_ADDR_SET;
5624
5625 test->flags = ACL_TEST_F_READ_ONLY;
5626 return 1;
5627}
5628
5629static int
5630acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
5631 struct acl_expr *expr, struct acl_test *test)
5632{
5633 struct http_txn *txn = l7;
5634
Willy Tarreaub6866442008-07-14 23:54:42 +02005635 if (!txn)
5636 return 0;
5637
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005638 if (txn->req.msg_state != HTTP_MSG_BODY)
5639 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005640
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005641 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5642 /* ensure the indexes are not affected */
5643 return 0;
5644
5645 /* Same optimization as url_ip */
5646 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5647 test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port);
5648
5649 if (px->options & PR_O_HTTP_PROXY)
5650 l4->flags |= SN_ADDR_SET;
5651
5652 test->flags = ACL_TEST_F_READ_ONLY;
5653 return 1;
5654}
5655
Willy Tarreauc11416f2007-06-17 16:58:38 +02005656/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
5657 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
5658 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02005659static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005660acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005661 struct acl_expr *expr, struct acl_test *test)
5662{
5663 struct http_txn *txn = l7;
5664 struct hdr_idx *idx = &txn->hdr_idx;
5665 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005666
Willy Tarreaub6866442008-07-14 23:54:42 +02005667 if (!txn)
5668 return 0;
5669
Willy Tarreau33a7e692007-06-10 19:45:56 +02005670 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5671 /* search for header from the beginning */
5672 ctx->idx = 0;
5673
Willy Tarreau33a7e692007-06-10 19:45:56 +02005674 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5675 test->flags |= ACL_TEST_F_FETCH_MORE;
5676 test->flags |= ACL_TEST_F_VOL_HDR;
5677 test->len = ctx->vlen;
5678 test->ptr = (char *)ctx->line + ctx->val;
5679 return 1;
5680 }
5681
5682 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5683 test->flags |= ACL_TEST_F_VOL_HDR;
5684 return 0;
5685}
5686
Willy Tarreau33a7e692007-06-10 19:45:56 +02005687static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005688acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
5689 struct acl_expr *expr, struct acl_test *test)
5690{
5691 struct http_txn *txn = l7;
5692
Willy Tarreaub6866442008-07-14 23:54:42 +02005693 if (!txn)
5694 return 0;
5695
Willy Tarreauc11416f2007-06-17 16:58:38 +02005696 if (txn->req.msg_state != HTTP_MSG_BODY)
5697 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005698
Willy Tarreauc11416f2007-06-17 16:58:38 +02005699 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5700 /* ensure the indexes are not affected */
5701 return 0;
5702
5703 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
5704}
5705
5706static int
5707acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
5708 struct acl_expr *expr, struct acl_test *test)
5709{
5710 struct http_txn *txn = l7;
5711
Willy Tarreaub6866442008-07-14 23:54:42 +02005712 if (!txn)
5713 return 0;
5714
Willy Tarreauc11416f2007-06-17 16:58:38 +02005715 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5716 return 0;
5717
5718 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
5719}
5720
5721/* 6. Check on HTTP header count. The number of occurrences is returned.
5722 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
5723 */
5724static int
5725acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005726 struct acl_expr *expr, struct acl_test *test)
5727{
5728 struct http_txn *txn = l7;
5729 struct hdr_idx *idx = &txn->hdr_idx;
5730 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005731 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02005732
Willy Tarreaub6866442008-07-14 23:54:42 +02005733 if (!txn)
5734 return 0;
5735
Willy Tarreau33a7e692007-06-10 19:45:56 +02005736 ctx.idx = 0;
5737 cnt = 0;
5738 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
5739 cnt++;
5740
5741 test->i = cnt;
5742 test->flags = ACL_TEST_F_VOL_HDR;
5743 return 1;
5744}
5745
Willy Tarreauc11416f2007-06-17 16:58:38 +02005746static int
5747acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5748 struct acl_expr *expr, struct acl_test *test)
5749{
5750 struct http_txn *txn = l7;
5751
Willy Tarreaub6866442008-07-14 23:54:42 +02005752 if (!txn)
5753 return 0;
5754
Willy Tarreauc11416f2007-06-17 16:58:38 +02005755 if (txn->req.msg_state != HTTP_MSG_BODY)
5756 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005757
Willy Tarreauc11416f2007-06-17 16:58:38 +02005758 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5759 /* ensure the indexes are not affected */
5760 return 0;
5761
5762 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
5763}
5764
5765static int
5766acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5767 struct acl_expr *expr, struct acl_test *test)
5768{
5769 struct http_txn *txn = l7;
5770
Willy Tarreaub6866442008-07-14 23:54:42 +02005771 if (!txn)
5772 return 0;
5773
Willy Tarreauc11416f2007-06-17 16:58:38 +02005774 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5775 return 0;
5776
5777 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
5778}
5779
Willy Tarreau33a7e692007-06-10 19:45:56 +02005780/* 7. Check on HTTP header's integer value. The integer value is returned.
5781 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02005782 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02005783 */
5784static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005785acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005786 struct acl_expr *expr, struct acl_test *test)
5787{
5788 struct http_txn *txn = l7;
5789 struct hdr_idx *idx = &txn->hdr_idx;
5790 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005791
Willy Tarreaub6866442008-07-14 23:54:42 +02005792 if (!txn)
5793 return 0;
5794
Willy Tarreau33a7e692007-06-10 19:45:56 +02005795 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5796 /* search for header from the beginning */
5797 ctx->idx = 0;
5798
Willy Tarreau33a7e692007-06-10 19:45:56 +02005799 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5800 test->flags |= ACL_TEST_F_FETCH_MORE;
5801 test->flags |= ACL_TEST_F_VOL_HDR;
5802 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
5803 return 1;
5804 }
5805
5806 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5807 test->flags |= ACL_TEST_F_VOL_HDR;
5808 return 0;
5809}
5810
Willy Tarreauc11416f2007-06-17 16:58:38 +02005811static int
5812acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5813 struct acl_expr *expr, struct acl_test *test)
5814{
5815 struct http_txn *txn = l7;
5816
Willy Tarreaub6866442008-07-14 23:54:42 +02005817 if (!txn)
5818 return 0;
5819
Willy Tarreauc11416f2007-06-17 16:58:38 +02005820 if (txn->req.msg_state != HTTP_MSG_BODY)
5821 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005822
Willy Tarreauc11416f2007-06-17 16:58:38 +02005823 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5824 /* ensure the indexes are not affected */
5825 return 0;
5826
5827 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
5828}
5829
5830static int
5831acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5832 struct acl_expr *expr, struct acl_test *test)
5833{
5834 struct http_txn *txn = l7;
5835
Willy Tarreaub6866442008-07-14 23:54:42 +02005836 if (!txn)
5837 return 0;
5838
Willy Tarreauc11416f2007-06-17 16:58:38 +02005839 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5840 return 0;
5841
5842 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
5843}
5844
Willy Tarreau737b0c12007-06-10 21:28:46 +02005845/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
5846 * the first '/' after the possible hostname, and ends before the possible '?'.
5847 */
5848static int
5849acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
5850 struct acl_expr *expr, struct acl_test *test)
5851{
5852 struct http_txn *txn = l7;
5853 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005854
Willy Tarreaub6866442008-07-14 23:54:42 +02005855 if (!txn)
5856 return 0;
5857
Willy Tarreauc11416f2007-06-17 16:58:38 +02005858 if (txn->req.msg_state != HTTP_MSG_BODY)
5859 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005860
Willy Tarreauc11416f2007-06-17 16:58:38 +02005861 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5862 /* ensure the indexes are not affected */
5863 return 0;
5864
Willy Tarreau21d2af32008-02-14 20:25:24 +01005865 end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
5866 ptr = http_get_path(txn);
5867 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02005868 return 0;
5869
5870 /* OK, we got the '/' ! */
5871 test->ptr = ptr;
5872
5873 while (ptr < end && *ptr != '?')
5874 ptr++;
5875
5876 test->len = ptr - test->ptr;
5877
5878 /* we do not need to set READ_ONLY because the data is in a buffer */
5879 test->flags = ACL_TEST_F_VOL_1ST;
5880 return 1;
5881}
5882
5883
Willy Tarreau8797c062007-05-07 00:55:35 +02005884
5885/************************************************************************/
5886/* All supported keywords must be declared here. */
5887/************************************************************************/
5888
5889/* Note: must not be declared <const> as its list will be overwritten */
5890static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005891 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
5892 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5893 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5894 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02005895
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005896 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5897 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5898 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5899 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5900 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5901 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5902 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5903 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
5904 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02005905
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005906 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
5907 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5908 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5909 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5910 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5911 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5912 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5913 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5914 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
5915 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreauc11416f2007-06-17 16:58:38 +02005916
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005917 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5918 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
5919 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
5920 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
5921 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
5922 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
5923 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
5924 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
5925 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005926
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005927 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5928 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5929 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5930 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5931 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5932 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5933 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005934
Willy Tarreauf3d25982007-05-08 22:45:09 +02005935 { NULL, NULL, NULL, NULL },
5936
5937#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02005938 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
5939 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
5940 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
5941 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
5942 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
5943 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
5944 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
5945
Willy Tarreau8797c062007-05-07 00:55:35 +02005946 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
5947 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
5948 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
5949 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
5950 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
5951 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
5952 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
5953 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
5954
5955 { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str },
5956 { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg },
5957 { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str },
5958 { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 },
5959 { NULL, NULL, NULL, NULL },
5960#endif
5961}};
5962
5963
5964__attribute__((constructor))
5965static void __http_protocol_init(void)
5966{
5967 acl_register_keywords(&acl_kws);
5968}
5969
5970
Willy Tarreau58f10d72006-12-04 02:26:12 +01005971/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02005972 * Local variables:
5973 * c-indent-level: 8
5974 * c-basic-offset: 8
5975 * End:
5976 */