blob: 09cf587704273e68fbd036cd898e8772aebb36d2 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreau7c669d72008-06-20 15:04:11 +02004 * Copyright 2000-2008 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
27#include <common/compat.h>
28#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010029#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020030#include <common/memory.h>
31#include <common/mini-clist.h>
32#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020033#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/time.h>
35#include <common/uri_auth.h>
36#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020037
38#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020039#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040
Willy Tarreau8797c062007-05-07 00:55:35 +020041#include <proto/acl.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020042#include <proto/backend.h>
43#include <proto/buffers.h>
Willy Tarreau91861262007-10-17 17:06:05 +020044#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020045#include <proto/fd.h>
46#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010047#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020048#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020049#include <proto/proto_http.h>
50#include <proto/queue.h>
Willy Tarreau91861262007-10-17 17:06:05 +020051#include <proto/senddata.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020052#include <proto/session.h>
Willy Tarreau2d212792008-08-27 21:41:35 +020053#include <proto/stream_sock.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020054#include <proto/task.h>
55
Willy Tarreau6d1a9882007-01-07 02:03:04 +010056#ifdef CONFIG_HAP_TCPSPLICE
57#include <libtcpsplice.h>
58#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +020059
Willy Tarreau58f10d72006-12-04 02:26:12 +010060#define DEBUG_PARSE_NO_SPEEDUP
61#undef DEBUG_PARSE_NO_SPEEDUP
62
Willy Tarreau976f1ee2006-12-17 10:06:03 +010063/* This is used to perform a quick jump as an alternative to a break/continue
64 * instruction. The first argument is the label for normal operation, and the
65 * second one is the break/continue instruction in the no_speedup mode.
66 */
67
68#ifdef DEBUG_PARSE_NO_SPEEDUP
69#define QUICK_JUMP(x,y) y
70#else
71#define QUICK_JUMP(x,y) goto x
72#endif
73
Willy Tarreau1c47f852006-07-09 08:22:27 +020074/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010075const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020076 "HTTP/1.0 200 OK\r\n"
77 "Cache-Control: no-cache\r\n"
78 "Connection: close\r\n"
79 "Content-Type: text/html\r\n"
80 "\r\n"
81 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
82
Willy Tarreau0f772532006-12-23 20:51:41 +010083const struct chunk http_200_chunk = {
84 .str = (char *)&HTTP_200,
85 .len = sizeof(HTTP_200)-1
86};
87
Willy Tarreaub463dfb2008-06-07 23:08:56 +020088const char *HTTP_301 =
89 "HTTP/1.0 301 Moved Permantenly\r\n"
90 "Cache-Control: no-cache\r\n"
91 "Connection: close\r\n"
92 "Location: "; /* not terminated since it will be concatenated with the URL */
93
Willy Tarreau0f772532006-12-23 20:51:41 +010094const char *HTTP_302 =
95 "HTTP/1.0 302 Found\r\n"
96 "Cache-Control: no-cache\r\n"
97 "Connection: close\r\n"
98 "Location: "; /* not terminated since it will be concatenated with the URL */
99
100/* same as 302 except that the browser MUST retry with the GET method */
101const char *HTTP_303 =
102 "HTTP/1.0 303 See Other\r\n"
103 "Cache-Control: no-cache\r\n"
104 "Connection: close\r\n"
105 "Location: "; /* not terminated since it will be concatenated with the URL */
106
Willy Tarreaubaaee002006-06-26 02:48:02 +0200107/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
108const char *HTTP_401_fmt =
109 "HTTP/1.0 401 Unauthorized\r\n"
110 "Cache-Control: no-cache\r\n"
111 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200112 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200113 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
114 "\r\n"
115 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
116
Willy Tarreau0f772532006-12-23 20:51:41 +0100117
118const int http_err_codes[HTTP_ERR_SIZE] = {
119 [HTTP_ERR_400] = 400,
120 [HTTP_ERR_403] = 403,
121 [HTTP_ERR_408] = 408,
122 [HTTP_ERR_500] = 500,
123 [HTTP_ERR_502] = 502,
124 [HTTP_ERR_503] = 503,
125 [HTTP_ERR_504] = 504,
126};
127
Willy Tarreau80587432006-12-24 17:47:20 +0100128static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100129 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100130 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100131 "Cache-Control: no-cache\r\n"
132 "Connection: close\r\n"
133 "Content-Type: text/html\r\n"
134 "\r\n"
135 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
136
137 [HTTP_ERR_403] =
138 "HTTP/1.0 403 Forbidden\r\n"
139 "Cache-Control: no-cache\r\n"
140 "Connection: close\r\n"
141 "Content-Type: text/html\r\n"
142 "\r\n"
143 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
144
145 [HTTP_ERR_408] =
146 "HTTP/1.0 408 Request Time-out\r\n"
147 "Cache-Control: no-cache\r\n"
148 "Connection: close\r\n"
149 "Content-Type: text/html\r\n"
150 "\r\n"
151 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
152
153 [HTTP_ERR_500] =
154 "HTTP/1.0 500 Server Error\r\n"
155 "Cache-Control: no-cache\r\n"
156 "Connection: close\r\n"
157 "Content-Type: text/html\r\n"
158 "\r\n"
159 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
160
161 [HTTP_ERR_502] =
162 "HTTP/1.0 502 Bad Gateway\r\n"
163 "Cache-Control: no-cache\r\n"
164 "Connection: close\r\n"
165 "Content-Type: text/html\r\n"
166 "\r\n"
167 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
168
169 [HTTP_ERR_503] =
170 "HTTP/1.0 503 Service Unavailable\r\n"
171 "Cache-Control: no-cache\r\n"
172 "Connection: close\r\n"
173 "Content-Type: text/html\r\n"
174 "\r\n"
175 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
176
177 [HTTP_ERR_504] =
178 "HTTP/1.0 504 Gateway Time-out\r\n"
179 "Cache-Control: no-cache\r\n"
180 "Connection: close\r\n"
181 "Content-Type: text/html\r\n"
182 "\r\n"
183 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
184
185};
186
Willy Tarreau80587432006-12-24 17:47:20 +0100187/* We must put the messages here since GCC cannot initialize consts depending
188 * on strlen().
189 */
190struct chunk http_err_chunks[HTTP_ERR_SIZE];
191
Willy Tarreau42250582007-04-01 01:30:43 +0200192#define FD_SETS_ARE_BITFIELDS
193#ifdef FD_SETS_ARE_BITFIELDS
194/*
195 * This map is used with all the FD_* macros to check whether a particular bit
196 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
197 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
198 * byte should be encoded. Be careful to always pass bytes from 0 to 255
199 * exclusively to the macros.
200 */
201fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
202fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
203
204#else
205#error "Check if your OS uses bitfields for fd_sets"
206#endif
207
Willy Tarreau80587432006-12-24 17:47:20 +0100208void init_proto_http()
209{
Willy Tarreau42250582007-04-01 01:30:43 +0200210 int i;
211 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100212 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200213
Willy Tarreau80587432006-12-24 17:47:20 +0100214 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
215 if (!http_err_msgs[msg]) {
216 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
217 abort();
218 }
219
220 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
221 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
222 }
Willy Tarreau42250582007-04-01 01:30:43 +0200223
224 /* initialize the log header encoding map : '{|}"#' should be encoded with
225 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
226 * URL encoding only requires '"', '#' to be encoded as well as non-
227 * printable characters above.
228 */
229 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
230 memset(url_encode_map, 0, sizeof(url_encode_map));
231 for (i = 0; i < 32; i++) {
232 FD_SET(i, hdr_encode_map);
233 FD_SET(i, url_encode_map);
234 }
235 for (i = 127; i < 256; i++) {
236 FD_SET(i, hdr_encode_map);
237 FD_SET(i, url_encode_map);
238 }
239
240 tmp = "\"#{|}";
241 while (*tmp) {
242 FD_SET(*tmp, hdr_encode_map);
243 tmp++;
244 }
245
246 tmp = "\"#";
247 while (*tmp) {
248 FD_SET(*tmp, url_encode_map);
249 tmp++;
250 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200251
252 /* memory allocations */
253 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200254 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100255}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200256
Willy Tarreau53b6c742006-12-17 13:37:46 +0100257/*
258 * We have 26 list of methods (1 per first letter), each of which can have
259 * up to 3 entries (2 valid, 1 null).
260 */
261struct http_method_desc {
262 http_meth_t meth;
263 int len;
264 const char text[8];
265};
266
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100267const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100268 ['C' - 'A'] = {
269 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
270 },
271 ['D' - 'A'] = {
272 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
273 },
274 ['G' - 'A'] = {
275 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
276 },
277 ['H' - 'A'] = {
278 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
279 },
280 ['P' - 'A'] = {
281 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
282 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
283 },
284 ['T' - 'A'] = {
285 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
286 },
287 /* rest is empty like this :
288 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
289 */
290};
291
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100292/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200293 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100294 * RFC2616 for those chars.
295 */
296
297const char http_is_spht[256] = {
298 [' '] = 1, ['\t'] = 1,
299};
300
301const char http_is_crlf[256] = {
302 ['\r'] = 1, ['\n'] = 1,
303};
304
305const char http_is_lws[256] = {
306 [' '] = 1, ['\t'] = 1,
307 ['\r'] = 1, ['\n'] = 1,
308};
309
310const char http_is_sep[256] = {
311 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
312 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
313 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
314 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
315 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
316};
317
318const char http_is_ctl[256] = {
319 [0 ... 31] = 1,
320 [127] = 1,
321};
322
323/*
324 * A token is any ASCII char that is neither a separator nor a CTL char.
325 * Do not overwrite values in assignment since gcc-2.95 will not handle
326 * them correctly. Instead, define every non-CTL char's status.
327 */
328const char http_is_token[256] = {
329 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
330 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
331 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
332 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
333 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
334 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
335 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
336 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
337 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
338 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
339 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
340 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
341 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
342 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
343 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
344 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
345 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
346 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
347 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
348 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
349 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
350 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
351 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
352 ['|'] = 1, ['}'] = 0, ['~'] = 1,
353};
354
355
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100356/*
357 * An http ver_token is any ASCII which can be found in an HTTP version,
358 * which includes 'H', 'T', 'P', '/', '.' and any digit.
359 */
360const char http_is_ver_token[256] = {
361 ['.'] = 1, ['/'] = 1,
362 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
363 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
364 ['H'] = 1, ['P'] = 1, ['T'] = 1,
365};
366
367
Willy Tarreaubaaee002006-06-26 02:48:02 +0200368#ifdef DEBUG_FULL
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200369static char *cli_stnames[4] = { "DAT", "SHR", "SHW", "CLS" };
Willy Tarreaubaaee002006-06-26 02:48:02 +0200370#endif
371
Willy Tarreau42250582007-04-01 01:30:43 +0200372static void http_sess_log(struct session *s);
373
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100374/*
375 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
376 * CRLF. Text length is measured first, so it cannot be NULL.
377 * The header is also automatically added to the index <hdr_idx>, and the end
378 * of headers is automatically adjusted. The number of bytes added is returned
379 * on success, otherwise <0 is returned indicating an error.
380 */
381int http_header_add_tail(struct buffer *b, struct http_msg *msg,
382 struct hdr_idx *hdr_idx, const char *text)
383{
384 int bytes, len;
385
386 len = strlen(text);
387 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
388 if (!bytes)
389 return -1;
390 msg->eoh += bytes;
391 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
392}
393
394/*
395 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
396 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
397 * the buffer is only opened and the space reserved, but nothing is copied.
398 * The header is also automatically added to the index <hdr_idx>, and the end
399 * of headers is automatically adjusted. The number of bytes added is returned
400 * on success, otherwise <0 is returned indicating an error.
401 */
402int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
403 struct hdr_idx *hdr_idx, const char *text, int len)
404{
405 int bytes;
406
407 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
408 if (!bytes)
409 return -1;
410 msg->eoh += bytes;
411 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
412}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200413
414/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100415 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
416 * If so, returns the position of the first non-space character relative to
417 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
418 * to return a pointer to the place after the first space. Returns 0 if the
419 * header name does not match. Checks are case-insensitive.
420 */
421int http_header_match2(const char *hdr, const char *end,
422 const char *name, int len)
423{
424 const char *val;
425
426 if (hdr + len >= end)
427 return 0;
428 if (hdr[len] != ':')
429 return 0;
430 if (strncasecmp(hdr, name, len) != 0)
431 return 0;
432 val = hdr + len + 1;
433 while (val < end && HTTP_IS_SPHT(*val))
434 val++;
435 if ((val >= end) && (len + 2 <= end - hdr))
436 return len + 2; /* we may replace starting from second space */
437 return val - hdr;
438}
439
Willy Tarreau33a7e692007-06-10 19:45:56 +0200440/* Find the end of the header value contained between <s> and <e>.
441 * See RFC2616, par 2.2 for more information. Note that it requires
442 * a valid header to return a valid result.
443 */
444const char *find_hdr_value_end(const char *s, const char *e)
445{
446 int quoted, qdpair;
447
448 quoted = qdpair = 0;
449 for (; s < e; s++) {
450 if (qdpair) qdpair = 0;
451 else if (quoted && *s == '\\') qdpair = 1;
452 else if (quoted && *s == '"') quoted = 0;
453 else if (*s == '"') quoted = 1;
454 else if (*s == ',') return s;
455 }
456 return s;
457}
458
459/* Find the first or next occurrence of header <name> in message buffer <sol>
460 * using headers index <idx>, and return it in the <ctx> structure. This
461 * structure holds everything necessary to use the header and find next
462 * occurrence. If its <idx> member is 0, the header is searched from the
463 * beginning. Otherwise, the next occurrence is returned. The function returns
464 * 1 when it finds a value, and 0 when there is no more.
465 */
466int http_find_header2(const char *name, int len,
467 const char *sol, struct hdr_idx *idx,
468 struct hdr_ctx *ctx)
469{
470 __label__ return_hdr, next_hdr;
471 const char *eol, *sov;
472 int cur_idx;
473
474 if (ctx->idx) {
475 /* We have previously returned a value, let's search
476 * another one on the same line.
477 */
478 cur_idx = ctx->idx;
479 sol = ctx->line;
480 sov = sol + ctx->val + ctx->vlen;
481 eol = sol + idx->v[cur_idx].len;
482
483 if (sov >= eol)
484 /* no more values in this header */
485 goto next_hdr;
486
487 /* values remaining for this header, skip the comma */
488 sov++;
489 while (sov < eol && http_is_lws[(unsigned char)*sov])
490 sov++;
491
492 goto return_hdr;
493 }
494
495 /* first request for this header */
496 sol += hdr_idx_first_pos(idx);
497 cur_idx = hdr_idx_first_idx(idx);
498
499 while (cur_idx) {
500 eol = sol + idx->v[cur_idx].len;
501
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200502 if (len == 0) {
503 /* No argument was passed, we want any header.
504 * To achieve this, we simply build a fake request. */
505 while (sol + len < eol && sol[len] != ':')
506 len++;
507 name = sol;
508 }
509
Willy Tarreau33a7e692007-06-10 19:45:56 +0200510 if ((len < eol - sol) &&
511 (sol[len] == ':') &&
512 (strncasecmp(sol, name, len) == 0)) {
513
514 sov = sol + len + 1;
515 while (sov < eol && http_is_lws[(unsigned char)*sov])
516 sov++;
517 return_hdr:
518 ctx->line = sol;
519 ctx->idx = cur_idx;
520 ctx->val = sov - sol;
521
522 eol = find_hdr_value_end(sov, eol);
523 ctx->vlen = eol - sov;
524 return 1;
525 }
526 next_hdr:
527 sol = eol + idx->v[cur_idx].cr + 1;
528 cur_idx = idx->v[cur_idx].next;
529 }
530 return 0;
531}
532
533int http_find_header(const char *name,
534 const char *sol, struct hdr_idx *idx,
535 struct hdr_ctx *ctx)
536{
537 return http_find_header2(name, strlen(name), sol, idx, ctx);
538}
539
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200540/* This function shuts down the buffers on the server side, and sets indicators
541 * accordingly. The server's fd is supposed to already be closed. Note that if
542 * <status> is 0, or if the message pointer is NULL, then no message is returned.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200543 */
544void srv_close_with_err(struct session *t, int err, int finst,
Willy Tarreau0f772532006-12-23 20:51:41 +0100545 int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200546{
Willy Tarreau3da77c52008-08-29 09:58:42 +0200547 buffer_write_ena(t->rep);
Willy Tarreauba392ce2008-08-16 21:13:23 +0200548 buffer_shutw(t->req);
549 buffer_shutr(t->rep);
Willy Tarreau0f772532006-12-23 20:51:41 +0100550 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100551 t->txn.status = status;
Willy Tarreau73de9892006-11-30 11:40:23 +0100552 if (t->fe->mode == PR_MODE_HTTP)
Willy Tarreau0f772532006-12-23 20:51:41 +0100553 client_return(t, msg);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200554 }
555 if (!(t->flags & SN_ERR_MASK))
556 t->flags |= err;
557 if (!(t->flags & SN_FINST_MASK))
558 t->flags |= finst;
559}
560
Willy Tarreau80587432006-12-24 17:47:20 +0100561/* This function returns the appropriate error location for the given session
562 * and message.
563 */
564
565struct chunk *error_message(struct session *s, int msgnum)
566{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200567 if (s->be->errmsg[msgnum].str)
568 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100569 else if (s->fe->errmsg[msgnum].str)
570 return &s->fe->errmsg[msgnum];
571 else
572 return &http_err_chunks[msgnum];
573}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200574
Willy Tarreau53b6c742006-12-17 13:37:46 +0100575/*
576 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
577 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
578 */
579static http_meth_t find_http_meth(const char *str, const int len)
580{
581 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100582 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100583
584 m = ((unsigned)*str - 'A');
585
586 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100587 for (h = http_methods[m]; h->len > 0; h++) {
588 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100589 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100590 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100591 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100592 };
593 return HTTP_METH_OTHER;
594 }
595 return HTTP_METH_NONE;
596
597}
598
Willy Tarreau21d2af32008-02-14 20:25:24 +0100599/* Parse the URI from the given transaction (which is assumed to be in request
600 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
601 * It is returned otherwise.
602 */
603static char *
604http_get_path(struct http_txn *txn)
605{
606 char *ptr, *end;
607
608 ptr = txn->req.sol + txn->req.sl.rq.u;
609 end = ptr + txn->req.sl.rq.u_l;
610
611 if (ptr >= end)
612 return NULL;
613
614 /* RFC2616, par. 5.1.2 :
615 * Request-URI = "*" | absuri | abspath | authority
616 */
617
618 if (*ptr == '*')
619 return NULL;
620
621 if (isalpha((unsigned char)*ptr)) {
622 /* this is a scheme as described by RFC3986, par. 3.1 */
623 ptr++;
624 while (ptr < end &&
625 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
626 ptr++;
627 /* skip '://' */
628 if (ptr == end || *ptr++ != ':')
629 return NULL;
630 if (ptr == end || *ptr++ != '/')
631 return NULL;
632 if (ptr == end || *ptr++ != '/')
633 return NULL;
634 }
635 /* skip [user[:passwd]@]host[:[port]] */
636
637 while (ptr < end && *ptr != '/')
638 ptr++;
639
640 if (ptr == end)
641 return NULL;
642
643 /* OK, we got the '/' ! */
644 return ptr;
645}
646
Willy Tarreaudafde432008-08-17 01:00:46 +0200647/* Processes the client, server, request and response jobs of a session task,
648 * then puts it back to the wait queue in a clean state, or cleans up its
649 * resources if it must be deleted. Returns in <next> the date the task wants
650 * to be woken up, or TICK_ETERNITY. In order not to call all functions for
651 * nothing too many times, the request and response buffers flags are monitored
652 * and each function is called only if at least another function has changed at
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200653 * least one flag it is interested in.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200654 */
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200655void process_session(struct task *t, int *next)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200656{
657 struct session *s = t->context;
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200658 int resync;
659 unsigned int rqf_cli, rpf_cli;
660 unsigned int rqf_srv, rpf_srv;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200661
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200662 /* Check timeouts only during data phase for now */
663 if (unlikely(t->state & TASK_WOKEN_TIMER)) {
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200664 if (s->rep->cons->state == SI_ST_EST) {
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200665 stream_sock_data_check_timeouts(s->rep->cons->fd);
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200666 if (tick_is_expired(s->rep->analyse_exp, now_ms))
667 s->rep->flags |= BF_ANA_TIMEOUT;
668 }
669 if (s->req->cons->state == SI_ST_EST) {
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200670 stream_sock_data_check_timeouts(s->req->cons->fd);
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200671 if (tick_is_expired(s->req->analyse_exp, now_ms))
672 s->req->flags |= BF_ANA_TIMEOUT;
673 }
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200674 }
675
Willy Tarreau48adac52008-08-30 04:58:38 +0200676 /* Check if we need to close the write side. This can only happen
677 * when either SHUTR or EMPTY appears, because WRITE_ENA cannot appear
678 * from low level, and neither HIJACK nor SHUTW can disappear from low
679 * level.
680 */
681 if (unlikely((s->req->flags & (BF_SHUTW|BF_EMPTY|BF_HIJACK|BF_WRITE_ENA|BF_SHUTR)) == (BF_EMPTY|BF_WRITE_ENA|BF_SHUTR))) {
682 buffer_shutw(s->req);
683 s->req->cons->shutw(s->req->cons);
684 }
685
686 if (unlikely((s->rep->flags & (BF_SHUTW|BF_EMPTY|BF_HIJACK|BF_WRITE_ENA|BF_SHUTR)) == (BF_EMPTY|BF_WRITE_ENA|BF_SHUTR))) {
687 buffer_shutw(s->rep);
688 s->rep->cons->shutw(s->rep->cons);
689 }
690
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200691 /* When a server-side connection is released, we have to
692 * count it and check for pending connections on this server.
693 */
694 if (unlikely(s->req->cons->state == SI_ST_CLO &&
695 s->req->cons->prev_state == SI_ST_EST)) {
696 /* Count server-side errors (but not timeouts). */
697 if (s->req->flags & BF_WRITE_ERROR) {
698 s->be->failed_resp++;
699 if (s->srv)
700 s->srv->failed_resp++;
701 }
702
703 if (s->srv) {
704 s->srv->cur_sess--;
705 sess_change_server(s, NULL);
706 if (may_dequeue_tasks(s->srv, s->be))
707 process_srv_queue(s->srv);
708 }
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200709 }
710
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200711 /* Dirty trick: force one first pass everywhere */
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200712 rqf_cli = rqf_srv = ~s->req->flags;
713 rpf_cli = rpf_srv = ~s->rep->flags;
Willy Tarreau507385d2008-08-17 13:04:25 +0200714
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200715 /* well, the ST_CONN state is already handled properly */
716 if (s->req->prod->state == SI_ST_EST) {
717 rqf_cli = s->req->flags;
718 rpf_cli = s->rep->flags;
719 }
720
721 if (s->req->cons->state == SI_ST_EST) {
722 rqf_srv = s->req->flags;
723 rpf_srv = s->rep->flags;
724 }
725
Willy Tarreaubaaee002006-06-26 02:48:02 +0200726 do {
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200727 DPRINTF(stderr,"[%u] %s: task=%p rq=%p, rp=%p, exp(r,w)=%u,%u rqf=%08x rpf=%08x rql=%d rpl=%d cs=%d ss=%d\n",
728 now_ms, __FUNCTION__,
729 t,
730 s->req, s->rep,
731 s->req->rex, s->rep->wex,
732 s->req->flags, s->rep->flags,
733 s->req->l, s->rep->l, s->rep->cons->state, s->req->cons->state);
734
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200735 resync = 0;
Willy Tarreaudafde432008-08-17 01:00:46 +0200736
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200737 /* Maybe resync client FD state */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200738 if (s->rep->cons->state != SI_ST_CLO) {
739 if (((rqf_cli ^ s->req->flags) & BF_MASK_INTERFACE_I) ||
740 ((rpf_cli ^ s->rep->flags) & BF_MASK_INTERFACE_O)) {
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200741 stream_sock_data_update(s->rep->cons->fd);
742 rqf_cli = s->req->flags;
743 rpf_cli = s->rep->flags;
Willy Tarreaudafde432008-08-17 01:00:46 +0200744 }
Willy Tarreaudafde432008-08-17 01:00:46 +0200745 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200746
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200747 /* Maybe resync server FD state */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200748 if (s->req->cons->state != SI_ST_CLO) {
749 if (((rpf_srv ^ s->rep->flags) & BF_MASK_INTERFACE_I) ||
750 ((rqf_srv ^ s->req->flags) & BF_MASK_INTERFACE_O)) {
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200751 if (s->req->cons->state < SI_ST_EST && s->req->flags & BF_WRITE_ENA) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200752 process_srv_conn(s);
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200753 resync = 1; /* we might have to resync */
754 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200755
756 if (s->req->cons->state == SI_ST_EST) {
Willy Tarreau3da77c52008-08-29 09:58:42 +0200757 if ((s->req->flags & (BF_SHUTW|BF_EMPTY|BF_WRITE_ENA)) == (BF_EMPTY|BF_WRITE_ENA) &&
Willy Tarreau376580a2008-08-27 18:52:22 +0200758 s->be->options & PR_O_FORCE_CLO &&
Willy Tarreau3da77c52008-08-29 09:58:42 +0200759 s->rep->flags & BF_READ_ACTIVITY) {
Willy Tarreau376580a2008-08-27 18:52:22 +0200760 /* We want to force the connection to the server to close,
761 * and the server has begun to respond. That's the right
762 * time.
763 */
764 buffer_shutw_now(s->req);
765 }
766
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200767 stream_sock_data_update(s->req->cons->fd);
Willy Tarreau376580a2008-08-27 18:52:22 +0200768
769 /* When a server-side connection is released, we have to
770 * count it and check for pending connections on this server.
771 */
772 if (s->req->cons->state == SI_ST_CLO) {
773 if (s->srv) {
774 s->srv->cur_sess--;
775 sess_change_server(s, NULL);
776 if (may_dequeue_tasks(s->srv, s->be))
777 process_srv_queue(s->srv);
778 }
779 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200780 }
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200781 rqf_srv = s->req->flags;
782 rpf_srv = s->rep->flags;
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200783 }
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200784 }
785
786 /* we may have to resync because of pending connections */
787 if (resync)
788 continue;
789
790 /**** Process layer 7 below ****/
791
792 /* Analyse request */
793 if (s->req->flags & BF_MASK_ANALYSER) {
794 unsigned int flags = s->req->flags;
795
796 if (s->req->prod->state >= SI_ST_EST) {
797 /* it's up to the analysers to reset write_ena */
798 buffer_write_ena(s->req);
799 if (s->req->analysers)
800 process_request(s);
801 }
802 s->req->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
803 flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
804 if (s->req->flags != flags)
805 resync = 1;
806 }
807
808 /* Analyse response */
809 if (unlikely(s->rep->flags & BF_HIJACK)) {
810 /* In inject mode, we wake up everytime something has
811 * happened on the write side of the buffer.
812 */
813 unsigned int flags = s->rep->flags;
814
815 if ((s->rep->flags & (BF_WRITE_PARTIAL|BF_WRITE_ERROR|BF_SHUTW)) &&
816 !(s->rep->flags & BF_FULL)) {
817 produce_content(s);
818 }
819 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
820 flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
821 if (s->rep->flags != flags)
822 resync = 1;
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200823 }
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200824 else if (s->rep->flags & BF_MASK_ANALYSER) {
825 unsigned int flags = s->rep->flags;
826
827 if (s->rep->prod->state >= SI_ST_EST) {
828 /* it's up to the analysers to reset write_ena */
829 buffer_write_ena(s->rep);
830 if (s->rep->analysers)
831 process_response(s);
832 }
833 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
834 flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
835 if (s->rep->flags != flags)
836 resync = 1;
837 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200838
Willy Tarreau4ffd51a2008-08-30 13:36:43 +0200839 /* For the moment, we need to clean the client and server flags that
840 * have vanished. This is just a temporary measure though.
841 */
842 rqf_cli &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
843 rqf_srv &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
844 rpf_cli &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
845 rpf_srv &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
Willy Tarreaudafde432008-08-17 01:00:46 +0200846 } while (resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200847
Willy Tarreaua37095b2008-09-03 11:37:47 +0200848 /* This is needed only when debugging is enabled, to indicate
849 * client-side or server-side close. Please note that in the unlikely
850 * event where both sides would close at once, the sequence is reported
851 * on the server side first.
852 */
853 if (unlikely((global.mode & MODE_DEBUG) &&
854 (!(global.mode & MODE_QUIET) ||
855 (global.mode & MODE_VERBOSE)))) {
856 int len;
857
858 if (s->si[1].state == SI_ST_CLO &&
859 s->si[1].prev_state == SI_ST_EST) {
860 len = sprintf(trash, "%08x:%s.srvcls[%04x:%04x]\n",
861 s->uniq_id, s->be->id,
862 (unsigned short)s->si[0].fd,
863 (unsigned short)s->si[1].fd);
864 write(1, trash, len);
865 }
866
867 if (s->si[0].state == SI_ST_CLO &&
868 s->si[0].prev_state == SI_ST_EST) {
869 len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n",
870 s->uniq_id, s->be->id,
871 (unsigned short)s->si[0].fd,
872 (unsigned short)s->si[1].fd);
873 write(1, trash, len);
874 }
875 }
876
Willy Tarreauf9839bd2008-08-27 23:57:16 +0200877 if (likely((s->rep->cons->state != SI_ST_CLO) ||
Willy Tarreaufa7e1022008-10-19 07:30:41 +0200878 (s->req->cons->state != SI_ST_CLO && s->req->cons->state != SI_ST_INI))) {
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100879
880 if ((s->fe->options & PR_O_CONTSTATS) && (s->flags & SN_BE_ASSIGNED))
881 session_process_counters(s);
882
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200883 if (s->rep->cons->state == SI_ST_EST)
884 stream_sock_data_finish(s->rep->cons->fd);
885
886 if (s->req->cons->state == SI_ST_EST)
887 stream_sock_data_finish(s->req->cons->fd);
888
Willy Tarreau9a2d1542008-08-30 12:31:07 +0200889 s->req->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
890 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE & BF_CLEAR_TIMEOUT;
Willy Tarreaue5ed4062008-08-30 03:17:31 +0200891 s->si[0].prev_state = s->si[0].state;
892 s->si[1].prev_state = s->si[1].state;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200893
Willy Tarreau7f875f62008-08-11 17:35:01 +0200894 /* Trick: if a request is being waiting for the server to respond,
895 * and if we know the server can timeout, we don't want the timeout
896 * to expire on the client side first, but we're still interested
897 * in passing data from the client to the server (eg: POST). Thus,
898 * we can cancel the client's request timeout if the server's
899 * request timeout is set and the server has not yet sent a response.
900 */
901
Willy Tarreau3da77c52008-08-29 09:58:42 +0200902 if ((s->rep->flags & (BF_WRITE_ENA|BF_SHUTR)) == 0 &&
Willy Tarreau26ed74d2008-08-17 12:11:14 +0200903 (tick_isset(s->req->wex) || tick_isset(s->rep->rex)))
Willy Tarreau7f875f62008-08-11 17:35:01 +0200904 s->req->rex = TICK_ETERNITY;
905
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200906 t->expire = tick_first(tick_first(s->req->rex, s->req->wex),
907 tick_first(s->rep->rex, s->rep->wex));
Willy Tarreauffab5b42008-08-17 18:03:28 +0200908 if (s->req->analysers)
909 t->expire = tick_first(t->expire, s->req->analyse_exp);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200910
Willy Tarreaucb651252008-08-29 13:57:30 +0200911#ifdef DEBUG_FULL
912 fprintf(stderr, "[%u] queuing with exp=%u req->rex=%u req->wex=%u req->ana_exp=%u rep->rex=%u rep->wex=%u\n",
913 now_ms, t->expire, s->req->rex, s->req->wex, s->req->analyse_exp, s->rep->rex, s->rep->wex);
914#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +0200915 /* restore t to its place in the task list */
916 task_queue(t);
917
Willy Tarreaua7c52762008-08-16 18:40:18 +0200918#ifdef DEBUG_DEV
919 /* this may only happen when no timeout is set or in case of an FSM bug */
920 if (!t->expire)
921 ABORT_NOW();
922#endif
Willy Tarreaud825eef2007-05-12 22:35:00 +0200923 *next = t->expire;
924 return; /* nothing more to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +0200925 }
926
Willy Tarreauf1221aa2006-12-17 22:14:12 +0100927 s->fe->feconn--;
928 if (s->flags & SN_BE_ASSIGNED)
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200929 s->be->beconn--;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200930 actconn--;
931
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200932 if (unlikely((global.mode & MODE_DEBUG) &&
933 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
Willy Tarreaubaaee002006-06-26 02:48:02 +0200934 int len;
Willy Tarreauf495ddf2008-08-17 14:38:41 +0200935 len = sprintf(trash, "%08x:%s.closed[%04x:%04x] (term_trace=0x%08x)\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200936 s->uniq_id, s->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +0200937 (unsigned short)s->req->prod->fd, (unsigned short)s->req->cons->fd,
Willy Tarreauf495ddf2008-08-17 14:38:41 +0200938 s->term_trace);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200939 write(1, trash, len);
940 }
941
Willy Tarreau42aae5c2007-04-29 17:43:56 +0200942 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100943 session_process_counters(s);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200944
945 /* let's do a final log if we need it */
Willy Tarreau1c47f852006-07-09 08:22:27 +0200946 if (s->logs.logwait &&
947 !(s->flags & SN_MONITOR) &&
Willy Tarreau42250582007-04-01 01:30:43 +0200948 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
949 if (s->fe->to_log & LW_REQ)
950 http_sess_log(s);
951 else
952 tcp_sess_log(s);
953 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200954
955 /* the task MUST not be in the run queue anymore */
956 task_delete(t);
957 session_free(s);
958 task_free(t);
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200959 *next = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200960}
961
962
Willy Tarreau42250582007-04-01 01:30:43 +0200963extern const char sess_term_cond[8];
964extern const char sess_fin_state[8];
965extern const char *monthname[12];
966const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */
967const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown,
968 Set-cookie seen and left unchanged (passive), Set-cookie Deleted,
969 unknown, Set-cookie Rewritten */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200970struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200971struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100972
Willy Tarreau42250582007-04-01 01:30:43 +0200973/*
974 * send a log for the session when we have enough info about it.
975 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100976 */
Willy Tarreau42250582007-04-01 01:30:43 +0200977static void http_sess_log(struct session *s)
978{
979 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
980 struct proxy *fe = s->fe;
981 struct proxy *be = s->be;
982 struct proxy *prx_log;
983 struct http_txn *txn = &s->txn;
984 int tolog;
985 char *uri, *h;
986 char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +0200987 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +0200988 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +0200989 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +0200990 int hdr;
991
992 if (fe->logfac1 < 0 && fe->logfac2 < 0)
993 return;
994 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100995
Willy Tarreau42250582007-04-01 01:30:43 +0200996 if (s->cli_addr.ss_family == AF_INET)
997 inet_ntop(AF_INET,
998 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
999 pn, sizeof(pn));
1000 else
1001 inet_ntop(AF_INET6,
1002 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
1003 pn, sizeof(pn));
1004
Willy Tarreaub7f694f2008-06-22 17:18:02 +02001005 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +02001006
1007 /* FIXME: let's limit ourselves to frontend logging for now. */
1008 tolog = fe->to_log;
1009
1010 h = tmpline;
1011 if (fe->to_log & LW_REQHDR &&
1012 txn->req.cap &&
1013 (h < tmpline + sizeof(tmpline) - 10)) {
1014 *(h++) = ' ';
1015 *(h++) = '{';
1016 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
1017 if (hdr)
1018 *(h++) = '|';
1019 if (txn->req.cap[hdr] != NULL)
1020 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
1021 '#', hdr_encode_map, txn->req.cap[hdr]);
1022 }
1023 *(h++) = '}';
1024 }
1025
1026 if (fe->to_log & LW_RSPHDR &&
1027 txn->rsp.cap &&
1028 (h < tmpline + sizeof(tmpline) - 7)) {
1029 *(h++) = ' ';
1030 *(h++) = '{';
1031 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
1032 if (hdr)
1033 *(h++) = '|';
1034 if (txn->rsp.cap[hdr] != NULL)
1035 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
1036 '#', hdr_encode_map, txn->rsp.cap[hdr]);
1037 }
1038 *(h++) = '}';
1039 }
1040
1041 if (h < tmpline + sizeof(tmpline) - 4) {
1042 *(h++) = ' ';
1043 *(h++) = '"';
1044 uri = txn->uri ? txn->uri : "<BADREQ>";
1045 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
1046 '#', url_encode_map, uri);
1047 *(h++) = '"';
1048 }
1049 *h = '\0';
1050
1051 svid = (tolog & LW_SVID) ?
1052 (s->data_source != DATA_SRC_STATS) ?
1053 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
1054
Willy Tarreau70089872008-06-13 21:12:51 +02001055 t_request = -1;
1056 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
1057 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
1058
Willy Tarreau42250582007-04-01 01:30:43 +02001059 send_log(prx_log, LOG_INFO,
1060 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
1061 " %s %s/%s %d/%d/%d/%d/%s%d %d %s%lld"
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001062 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %d/%d%s\n",
Willy Tarreau42250582007-04-01 01:30:43 +02001063 pn,
1064 (s->cli_addr.ss_family == AF_INET) ?
1065 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
1066 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +02001067 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreaub7f694f2008-06-22 17:18:02 +02001068 tm.tm_hour, tm.tm_min, tm.tm_sec, s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +02001069 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +02001070 t_request,
1071 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +02001072 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
1073 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
1074 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
1075 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +01001076 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +02001077 txn->cli_cookie ? txn->cli_cookie : "-",
1078 txn->srv_cookie ? txn->srv_cookie : "-",
1079 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
1080 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
1081 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
1082 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
1083 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001084 (s->flags & SN_REDISP)?"+":"",
1085 (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +02001086 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
1087
1088 s->logs.logwait = 0;
1089}
1090
Willy Tarreau117f59e2007-03-04 18:17:17 +01001091
1092/*
1093 * Capture headers from message starting at <som> according to header list
1094 * <cap_hdr>, and fill the <idx> structure appropriately.
1095 */
1096void capture_headers(char *som, struct hdr_idx *idx,
1097 char **cap, struct cap_hdr *cap_hdr)
1098{
1099 char *eol, *sol, *col, *sov;
1100 int cur_idx;
1101 struct cap_hdr *h;
1102 int len;
1103
1104 sol = som + hdr_idx_first_pos(idx);
1105 cur_idx = hdr_idx_first_idx(idx);
1106
1107 while (cur_idx) {
1108 eol = sol + idx->v[cur_idx].len;
1109
1110 col = sol;
1111 while (col < eol && *col != ':')
1112 col++;
1113
1114 sov = col + 1;
1115 while (sov < eol && http_is_lws[(unsigned char)*sov])
1116 sov++;
1117
1118 for (h = cap_hdr; h; h = h->next) {
1119 if ((h->namelen == col - sol) &&
1120 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1121 if (cap[h->index] == NULL)
1122 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001123 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001124
1125 if (cap[h->index] == NULL) {
1126 Alert("HTTP capture : out of memory.\n");
1127 continue;
1128 }
1129
1130 len = eol - sov;
1131 if (len > h->len)
1132 len = h->len;
1133
1134 memcpy(cap[h->index], sov, len);
1135 cap[h->index][len]=0;
1136 }
1137 }
1138 sol = eol + idx->v[cur_idx].cr + 1;
1139 cur_idx = idx->v[cur_idx].next;
1140 }
1141}
1142
1143
Willy Tarreau42250582007-04-01 01:30:43 +02001144/* either we find an LF at <ptr> or we jump to <bad>.
1145 */
1146#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1147
1148/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1149 * otherwise to <http_msg_ood> with <state> set to <st>.
1150 */
1151#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1152 ptr++; \
1153 if (likely(ptr < end)) \
1154 goto good; \
1155 else { \
1156 state = (st); \
1157 goto http_msg_ood; \
1158 } \
1159 } while (0)
1160
1161
Willy Tarreaubaaee002006-06-26 02:48:02 +02001162/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001163 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001164 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1165 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1166 * will give undefined results.
1167 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1168 * and that msg->sol points to the beginning of the response.
1169 * If a complete line is found (which implies that at least one CR or LF is
1170 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1171 * returned indicating an incomplete line (which does not mean that parts have
1172 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1173 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1174 * upon next call.
1175 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001176 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001177 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1178 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001179 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001180 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001181const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
1182 unsigned int state, const char *ptr, const char *end,
1183 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001184{
1185 __label__
1186 http_msg_rpver,
1187 http_msg_rpver_sp,
1188 http_msg_rpcode,
1189 http_msg_rpcode_sp,
1190 http_msg_rpreason,
1191 http_msg_rpline_eol,
1192 http_msg_ood, /* out of data */
1193 http_msg_invalid;
1194
1195 switch (state) {
1196 http_msg_rpver:
1197 case HTTP_MSG_RPVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001198 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001199 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1200
1201 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001202 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001203 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1204 }
1205 goto http_msg_invalid;
1206
1207 http_msg_rpver_sp:
1208 case HTTP_MSG_RPVER_SP:
1209 if (likely(!HTTP_IS_LWS(*ptr))) {
1210 msg->sl.st.c = ptr - msg_buf;
1211 goto http_msg_rpcode;
1212 }
1213 if (likely(HTTP_IS_SPHT(*ptr)))
1214 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1215 /* so it's a CR/LF, this is invalid */
1216 goto http_msg_invalid;
1217
1218 http_msg_rpcode:
1219 case HTTP_MSG_RPCODE:
1220 if (likely(!HTTP_IS_LWS(*ptr)))
1221 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1222
1223 if (likely(HTTP_IS_SPHT(*ptr))) {
1224 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1225 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1226 }
1227
1228 /* so it's a CR/LF, so there is no reason phrase */
1229 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1230 http_msg_rsp_reason:
1231 /* FIXME: should we support HTTP responses without any reason phrase ? */
1232 msg->sl.st.r = ptr - msg_buf;
1233 msg->sl.st.r_l = 0;
1234 goto http_msg_rpline_eol;
1235
1236 http_msg_rpcode_sp:
1237 case HTTP_MSG_RPCODE_SP:
1238 if (likely(!HTTP_IS_LWS(*ptr))) {
1239 msg->sl.st.r = ptr - msg_buf;
1240 goto http_msg_rpreason;
1241 }
1242 if (likely(HTTP_IS_SPHT(*ptr)))
1243 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1244 /* so it's a CR/LF, so there is no reason phrase */
1245 goto http_msg_rsp_reason;
1246
1247 http_msg_rpreason:
1248 case HTTP_MSG_RPREASON:
1249 if (likely(!HTTP_IS_CRLF(*ptr)))
1250 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
1251 msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r;
1252 http_msg_rpline_eol:
1253 /* We have seen the end of line. Note that we do not
1254 * necessarily have the \n yet, but at least we know that we
1255 * have EITHER \r OR \n, otherwise the response would not be
1256 * complete. We can then record the response length and return
1257 * to the caller which will be able to register it.
1258 */
1259 msg->sl.st.l = ptr - msg->sol;
1260 return ptr;
1261
1262#ifdef DEBUG_FULL
1263 default:
1264 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1265 exit(1);
1266#endif
1267 }
1268
1269 http_msg_ood:
1270 /* out of data */
1271 if (ret_state)
1272 *ret_state = state;
1273 if (ret_ptr)
1274 *ret_ptr = (char *)ptr;
1275 return NULL;
1276
1277 http_msg_invalid:
1278 /* invalid message */
1279 if (ret_state)
1280 *ret_state = HTTP_MSG_ERROR;
1281 return NULL;
1282}
1283
1284
1285/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001286 * This function parses a request line between <ptr> and <end>, starting with
1287 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1288 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1289 * will give undefined results.
1290 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1291 * and that msg->sol points to the beginning of the request.
1292 * If a complete line is found (which implies that at least one CR or LF is
1293 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1294 * returned indicating an incomplete line (which does not mean that parts have
1295 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1296 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1297 * upon next call.
1298 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001299 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001300 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1301 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001302 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001303 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001304const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1305 unsigned int state, const char *ptr, const char *end,
1306 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001307{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001308 __label__
1309 http_msg_rqmeth,
1310 http_msg_rqmeth_sp,
1311 http_msg_rquri,
1312 http_msg_rquri_sp,
1313 http_msg_rqver,
1314 http_msg_rqline_eol,
1315 http_msg_ood, /* out of data */
1316 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001317
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001318 switch (state) {
1319 http_msg_rqmeth:
1320 case HTTP_MSG_RQMETH:
1321 if (likely(HTTP_IS_TOKEN(*ptr)))
1322 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001323
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001324 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001325 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001326 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1327 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001328
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001329 if (likely(HTTP_IS_CRLF(*ptr))) {
1330 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001331 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001332 http_msg_req09_uri:
1333 msg->sl.rq.u = ptr - msg_buf;
1334 http_msg_req09_uri_e:
1335 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1336 http_msg_req09_ver:
1337 msg->sl.rq.v = ptr - msg_buf;
1338 msg->sl.rq.v_l = 0;
1339 goto http_msg_rqline_eol;
1340 }
1341 goto http_msg_invalid;
1342
1343 http_msg_rqmeth_sp:
1344 case HTTP_MSG_RQMETH_SP:
1345 if (likely(!HTTP_IS_LWS(*ptr))) {
1346 msg->sl.rq.u = ptr - msg_buf;
1347 goto http_msg_rquri;
1348 }
1349 if (likely(HTTP_IS_SPHT(*ptr)))
1350 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1351 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1352 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001353
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001354 http_msg_rquri:
1355 case HTTP_MSG_RQURI:
1356 if (likely(!HTTP_IS_LWS(*ptr)))
1357 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001358
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001359 if (likely(HTTP_IS_SPHT(*ptr))) {
1360 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1361 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1362 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001363
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001364 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1365 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001366
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001367 http_msg_rquri_sp:
1368 case HTTP_MSG_RQURI_SP:
1369 if (likely(!HTTP_IS_LWS(*ptr))) {
1370 msg->sl.rq.v = ptr - msg_buf;
1371 goto http_msg_rqver;
1372 }
1373 if (likely(HTTP_IS_SPHT(*ptr)))
1374 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1375 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1376 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001377
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001378 http_msg_rqver:
1379 case HTTP_MSG_RQVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001380 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001381 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001382
1383 if (likely(HTTP_IS_CRLF(*ptr))) {
1384 msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v;
1385 http_msg_rqline_eol:
1386 /* We have seen the end of line. Note that we do not
1387 * necessarily have the \n yet, but at least we know that we
1388 * have EITHER \r OR \n, otherwise the request would not be
1389 * complete. We can then record the request length and return
1390 * to the caller which will be able to register it.
1391 */
1392 msg->sl.rq.l = ptr - msg->sol;
1393 return ptr;
1394 }
1395
1396 /* neither an HTTP_VER token nor a CRLF */
1397 goto http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001398
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001399#ifdef DEBUG_FULL
1400 default:
1401 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1402 exit(1);
1403#endif
1404 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001405
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001406 http_msg_ood:
1407 /* out of data */
1408 if (ret_state)
1409 *ret_state = state;
1410 if (ret_ptr)
1411 *ret_ptr = (char *)ptr;
1412 return NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001413
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001414 http_msg_invalid:
1415 /* invalid message */
1416 if (ret_state)
1417 *ret_state = HTTP_MSG_ERROR;
1418 return NULL;
1419}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001420
1421
Willy Tarreau8973c702007-01-21 23:58:29 +01001422/*
1423 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001424 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001425 * when data are missing and recalled at the exact same location with no
1426 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001427 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
1428 * fields.
Willy Tarreau8973c702007-01-21 23:58:29 +01001429 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001430void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1431{
1432 __label__
1433 http_msg_rqbefore,
1434 http_msg_rqbefore_cr,
1435 http_msg_rqmeth,
1436 http_msg_rqline_end,
1437 http_msg_hdr_first,
1438 http_msg_hdr_name,
1439 http_msg_hdr_l1_sp,
1440 http_msg_hdr_l1_lf,
1441 http_msg_hdr_l1_lws,
1442 http_msg_hdr_val,
1443 http_msg_hdr_l2_lf,
1444 http_msg_hdr_l2_lws,
1445 http_msg_complete_header,
1446 http_msg_last_lf,
1447 http_msg_ood, /* out of data */
1448 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001449
Willy Tarreaue69eada2008-01-27 00:34:10 +01001450 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001451 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001452
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001453 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001454 ptr = buf->lr;
1455 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001456
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001457 if (unlikely(ptr >= end))
1458 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001459
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001460 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001461 /*
1462 * First, states that are specific to the response only.
1463 * We check them first so that request and headers are
1464 * closer to each other (accessed more often).
1465 */
1466 http_msg_rpbefore:
1467 case HTTP_MSG_RPBEFORE:
1468 if (likely(HTTP_IS_TOKEN(*ptr))) {
1469 if (likely(ptr == buf->data)) {
1470 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001471 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001472 } else {
1473#if PARSE_PRESERVE_EMPTY_LINES
1474 /* only skip empty leading lines, don't remove them */
1475 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001476 msg->som = ptr - buf->data;
Willy Tarreau8973c702007-01-21 23:58:29 +01001477#else
1478 /* Remove empty leading lines, as recommended by
1479 * RFC2616. This takes a lot of time because we
1480 * must move all the buffer backwards, but this
1481 * is rarely needed. The method above will be
1482 * cleaner when we'll be able to start sending
1483 * the request from any place in the buffer.
1484 */
1485 buf->lr = ptr;
1486 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001487 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001488 msg->sol = buf->data;
1489 ptr = buf->data;
1490 end = buf->r;
1491#endif
1492 }
1493 hdr_idx_init(idx);
1494 state = HTTP_MSG_RPVER;
1495 goto http_msg_rpver;
1496 }
1497
1498 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1499 goto http_msg_invalid;
1500
1501 if (unlikely(*ptr == '\n'))
1502 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1503 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1504 /* stop here */
1505
1506 http_msg_rpbefore_cr:
1507 case HTTP_MSG_RPBEFORE_CR:
1508 EXPECT_LF_HERE(ptr, http_msg_invalid);
1509 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1510 /* stop here */
1511
1512 http_msg_rpver:
1513 case HTTP_MSG_RPVER:
1514 case HTTP_MSG_RPVER_SP:
1515 case HTTP_MSG_RPCODE:
1516 case HTTP_MSG_RPCODE_SP:
1517 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001518 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001519 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001520 if (unlikely(!ptr))
1521 return;
1522
1523 /* we have a full response and we know that we have either a CR
1524 * or an LF at <ptr>.
1525 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001526 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001527 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1528
1529 msg->sol = ptr;
1530 if (likely(*ptr == '\r'))
1531 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1532 goto http_msg_rpline_end;
1533
1534 http_msg_rpline_end:
1535 case HTTP_MSG_RPLINE_END:
1536 /* msg->sol must point to the first of CR or LF. */
1537 EXPECT_LF_HERE(ptr, http_msg_invalid);
1538 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1539 /* stop here */
1540
1541 /*
1542 * Second, states that are specific to the request only
1543 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001544 http_msg_rqbefore:
1545 case HTTP_MSG_RQBEFORE:
1546 if (likely(HTTP_IS_TOKEN(*ptr))) {
1547 if (likely(ptr == buf->data)) {
1548 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001549 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001550 } else {
1551#if PARSE_PRESERVE_EMPTY_LINES
1552 /* only skip empty leading lines, don't remove them */
1553 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001554 msg->som = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001555#else
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001556 /* Remove empty leading lines, as recommended by
1557 * RFC2616. This takes a lot of time because we
1558 * must move all the buffer backwards, but this
1559 * is rarely needed. The method above will be
1560 * cleaner when we'll be able to start sending
1561 * the request from any place in the buffer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001562 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001563 buf->lr = ptr;
1564 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001565 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001566 msg->sol = buf->data;
1567 ptr = buf->data;
1568 end = buf->r;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001569#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001570 }
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001571 /* we will need this when keep-alive will be supported
1572 hdr_idx_init(idx);
1573 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001574 state = HTTP_MSG_RQMETH;
1575 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001576 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001577
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001578 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1579 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001580
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001581 if (unlikely(*ptr == '\n'))
1582 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1583 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001584 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001585
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001586 http_msg_rqbefore_cr:
1587 case HTTP_MSG_RQBEFORE_CR:
1588 EXPECT_LF_HERE(ptr, http_msg_invalid);
1589 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001590 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001591
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001592 http_msg_rqmeth:
1593 case HTTP_MSG_RQMETH:
1594 case HTTP_MSG_RQMETH_SP:
1595 case HTTP_MSG_RQURI:
1596 case HTTP_MSG_RQURI_SP:
1597 case HTTP_MSG_RQVER:
1598 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001599 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001600 if (unlikely(!ptr))
1601 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001602
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001603 /* we have a full request and we know that we have either a CR
1604 * or an LF at <ptr>.
1605 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001606 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001607 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001608
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001609 msg->sol = ptr;
1610 if (likely(*ptr == '\r'))
1611 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001612 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001613
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001614 http_msg_rqline_end:
1615 case HTTP_MSG_RQLINE_END:
1616 /* check for HTTP/0.9 request : no version information available.
1617 * msg->sol must point to the first of CR or LF.
1618 */
1619 if (unlikely(msg->sl.rq.v_l == 0))
1620 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001621
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001622 EXPECT_LF_HERE(ptr, http_msg_invalid);
1623 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001624 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001625
Willy Tarreau8973c702007-01-21 23:58:29 +01001626 /*
1627 * Common states below
1628 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001629 http_msg_hdr_first:
1630 case HTTP_MSG_HDR_FIRST:
1631 msg->sol = ptr;
1632 if (likely(!HTTP_IS_CRLF(*ptr))) {
1633 goto http_msg_hdr_name;
1634 }
1635
1636 if (likely(*ptr == '\r'))
1637 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1638 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001639
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 http_msg_hdr_name:
1641 case HTTP_MSG_HDR_NAME:
1642 /* assumes msg->sol points to the first char */
1643 if (likely(HTTP_IS_TOKEN(*ptr)))
1644 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001645
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001646 if (likely(*ptr == ':')) {
1647 msg->col = ptr - buf->data;
1648 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1649 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001650
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001651 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001652
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001653 http_msg_hdr_l1_sp:
1654 case HTTP_MSG_HDR_L1_SP:
1655 /* assumes msg->sol points to the first char and msg->col to the colon */
1656 if (likely(HTTP_IS_SPHT(*ptr)))
1657 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001658
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001659 /* header value can be basically anything except CR/LF */
1660 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001661
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001662 if (likely(!HTTP_IS_CRLF(*ptr))) {
1663 goto http_msg_hdr_val;
1664 }
1665
1666 if (likely(*ptr == '\r'))
1667 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1668 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001669
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001670 http_msg_hdr_l1_lf:
1671 case HTTP_MSG_HDR_L1_LF:
1672 EXPECT_LF_HERE(ptr, http_msg_invalid);
1673 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001674
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001675 http_msg_hdr_l1_lws:
1676 case HTTP_MSG_HDR_L1_LWS:
1677 if (likely(HTTP_IS_SPHT(*ptr))) {
1678 /* replace HT,CR,LF with spaces */
1679 for (; buf->data+msg->sov < ptr; msg->sov++)
1680 buf->data[msg->sov] = ' ';
1681 goto http_msg_hdr_l1_sp;
1682 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001683 /* we had a header consisting only in spaces ! */
1684 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001685 goto http_msg_complete_header;
1686
1687 http_msg_hdr_val:
1688 case HTTP_MSG_HDR_VAL:
1689 /* assumes msg->sol points to the first char, msg->col to the
1690 * colon, and msg->sov points to the first character of the
1691 * value.
1692 */
1693 if (likely(!HTTP_IS_CRLF(*ptr)))
1694 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001695
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001696 msg->eol = ptr;
1697 /* Note: we could also copy eol into ->eoh so that we have the
1698 * real header end in case it ends with lots of LWS, but is this
1699 * really needed ?
1700 */
1701 if (likely(*ptr == '\r'))
1702 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1703 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001704
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001705 http_msg_hdr_l2_lf:
1706 case HTTP_MSG_HDR_L2_LF:
1707 EXPECT_LF_HERE(ptr, http_msg_invalid);
1708 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001709
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001710 http_msg_hdr_l2_lws:
1711 case HTTP_MSG_HDR_L2_LWS:
1712 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1713 /* LWS: replace HT,CR,LF with spaces */
1714 for (; msg->eol < ptr; msg->eol++)
1715 *msg->eol = ' ';
1716 goto http_msg_hdr_val;
1717 }
1718 http_msg_complete_header:
1719 /*
1720 * It was a new header, so the last one is finished.
1721 * Assumes msg->sol points to the first char, msg->col to the
1722 * colon, msg->sov points to the first character of the value
1723 * and msg->eol to the first CR or LF so we know how the line
1724 * ends. We insert last header into the index.
1725 */
1726 /*
1727 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1728 write(2, msg->sol, msg->eol-msg->sol);
1729 fprintf(stderr,"\n");
1730 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001731
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001732 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1733 idx, idx->tail) < 0))
1734 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001735
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001736 msg->sol = ptr;
1737 if (likely(!HTTP_IS_CRLF(*ptr))) {
1738 goto http_msg_hdr_name;
1739 }
1740
1741 if (likely(*ptr == '\r'))
1742 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1743 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001744
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001745 http_msg_last_lf:
1746 case HTTP_MSG_LAST_LF:
1747 /* Assumes msg->sol points to the first of either CR or LF */
1748 EXPECT_LF_HERE(ptr, http_msg_invalid);
1749 ptr++;
1750 buf->lr = ptr;
1751 msg->eoh = msg->sol - buf->data;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001752 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001753 return;
1754#ifdef DEBUG_FULL
1755 default:
1756 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1757 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001758#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001759 }
1760 http_msg_ood:
1761 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001762 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001763 buf->lr = ptr;
1764 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001765
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001766 http_msg_invalid:
1767 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001768 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001769 return;
1770}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001771
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001772/* This function performs all the processing enabled for the current request.
Willy Tarreaudafde432008-08-17 01:00:46 +02001773 * It normally returns zero, but may return 1 if it absolutely needs to be
1774 * called again after other functions. It relies on buffers flags, and updates
Willy Tarreau2df28e82008-08-17 15:20:19 +02001775 * t->req->analysers. It might make sense to explode it into several other
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001776 * functions. Its behaviour is rather simple :
1777 * - all enabled analysers are called in turn from the lower to the higher
1778 * bit.
1779 * - if an analyser does not have enough data, it must return without calling
Willy Tarreau3da77c52008-08-29 09:58:42 +02001780 * other ones. It should also probably reset the BF_WRITE_ENA bit to ensure
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001781 * that unprocessed data will not be forwarded. But that probably depends on
1782 * the protocol. Generally it is not reset in case of errors.
1783 * - if an analyser has enough data, it just has to pass on to the next
Willy Tarreau3da77c52008-08-29 09:58:42 +02001784 * analyser without touching BF_WRITE_ENA (it is enabled prior to
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001785 * analysis).
1786 * - if an analyser thinks it has no added value anymore staying here, it must
1787 * reset its bit from the analysers flags in order not to be called anymore.
1788 *
1789 * In the future, analysers should be able to indicate that they want to be
1790 * called after XXX bytes have been received (or transfered), and the min of
1791 * all's wishes will be used to ring back (unless a special condition occurs).
1792 *
1793 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001794 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001795int process_request(struct session *t)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001796{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001797 struct buffer *req = t->req;
1798 struct buffer *rep = t->rep;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001799
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02001800 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02001801 now_ms, __FUNCTION__,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02001802 t,
1803 req,
1804 req->rex, req->wex,
1805 req->flags,
1806 req->l,
1807 req->analysers);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001808
Willy Tarreau41f40ed2008-08-21 10:05:00 +02001809 /* The tcp-inspect analyser is always called alone */
Willy Tarreau2df28e82008-08-17 15:20:19 +02001810 if (req->analysers & AN_REQ_INSPECT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001811 struct tcp_rule *rule;
1812 int partial;
1813
Willy Tarreauf495ddf2008-08-17 14:38:41 +02001814 /* We will abort if we encounter a read error. In theory, we
1815 * should not abort if we get a close, it might be valid,
1816 * although very unlikely. FIXME: we'll abort for now, this
1817 * will be easier to change later.
Willy Tarreaub6866442008-07-14 23:54:42 +02001818 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001819 if (req->flags & BF_READ_ERROR) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02001820 req->analysers = 0;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001821 //t->fe->failed_req++;
Willy Tarreaub6866442008-07-14 23:54:42 +02001822 if (!(t->flags & SN_ERR_MASK))
1823 t->flags |= SN_ERR_CLICL;
1824 if (!(t->flags & SN_FINST_MASK))
1825 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001826 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001827 }
1828
1829 /* Abort if client read timeout has expired */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001830 else if (req->flags & BF_READ_TIMEOUT) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02001831 req->analysers = 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001832 t->fe->failed_req++;
1833 if (!(t->flags & SN_ERR_MASK))
1834 t->flags |= SN_ERR_CLITO;
1835 if (!(t->flags & SN_FINST_MASK))
1836 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001837 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001838 }
1839
1840 /* We don't know whether we have enough data, so must proceed
1841 * this way :
1842 * - iterate through all rules in their declaration order
1843 * - if one rule returns MISS, it means the inspect delay is
1844 * not over yet, then return immediately, otherwise consider
1845 * it as a non-match.
1846 * - if one rule returns OK, then return OK
1847 * - if one rule returns KO, then return KO
1848 */
1849
Willy Tarreaue5ed4062008-08-30 03:17:31 +02001850 if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms))
Willy Tarreaub6866442008-07-14 23:54:42 +02001851 partial = 0;
1852 else
1853 partial = ACL_PARTIAL;
1854
1855 list_for_each_entry(rule, &t->fe->tcp_req.inspect_rules, list) {
1856 int ret = ACL_PAT_PASS;
1857
1858 if (rule->cond) {
1859 ret = acl_exec_cond(rule->cond, t->fe, t, NULL, ACL_DIR_REQ | partial);
1860 if (ret == ACL_PAT_MISS) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02001861 buffer_write_dis(req);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001862 /* just set the request timeout once at the beginning of the request */
Willy Tarreauffab5b42008-08-17 18:03:28 +02001863 if (!tick_isset(req->analyse_exp))
1864 req->analyse_exp = tick_add_ifset(now_ms, t->fe->tcp_req.inspect_delay);
Willy Tarreaudafde432008-08-17 01:00:46 +02001865 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001866 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001867
Willy Tarreaub6866442008-07-14 23:54:42 +02001868 ret = acl_pass(ret);
1869 if (rule->cond->pol == ACL_COND_UNLESS)
1870 ret = !ret;
1871 }
1872
1873 if (ret) {
1874 /* we have a matching rule. */
1875 if (rule->action == TCP_ACT_REJECT) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02001876 buffer_abort(req);
1877 buffer_abort(rep);
1878 //FIXME: this delete this
1879 //fd_delete(t->cli_fd);
1880 //t->cli_state = CL_STCLOSE;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001881 req->analysers = 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001882 t->fe->failed_req++;
1883 if (!(t->flags & SN_ERR_MASK))
1884 t->flags |= SN_ERR_PRXCOND;
1885 if (!(t->flags & SN_FINST_MASK))
1886 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001887 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02001888 }
1889 /* otherwise accept */
1890 break;
1891 }
1892 }
1893
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001894 /* if we get there, it means we have no rule which matches, or
1895 * we have an explicit accept, so we apply the default accept.
Willy Tarreaub6866442008-07-14 23:54:42 +02001896 */
Willy Tarreau2df28e82008-08-17 15:20:19 +02001897 req->analysers &= ~AN_REQ_INSPECT;
Willy Tarreauffab5b42008-08-17 18:03:28 +02001898 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001899 }
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001900
Willy Tarreau2df28e82008-08-17 15:20:19 +02001901 if (req->analysers & AN_REQ_HTTP_HDR) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001902 /*
1903 * Now parse the partial (or complete) lines.
1904 * We will check the request syntax, and also join multi-line
1905 * headers. An index of all the lines will be elaborated while
1906 * parsing.
1907 *
Willy Tarreau8973c702007-01-21 23:58:29 +01001908 * For the parsing, we use a 28 states FSM.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001909 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001910 * Here is the information we currently have :
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001911 * req->data + req->som = beginning of request
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001912 * req->data + req->eoh = end of processed headers / start of current one
1913 * req->data + req->eol = end of current header or line (LF or CRLF)
1914 * req->lr = first non-visited byte
1915 * req->r = end of data
1916 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001917
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001918 int cur_idx;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001919 struct http_txn *txn = &t->txn;
1920 struct http_msg *msg = &txn->req;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001921 struct proxy *cur_proxy;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001922
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001923 if (likely(req->lr < req->r))
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001924 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001925
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001926 /* 1: we might have to print this header in debug mode */
1927 if (unlikely((global.mode & MODE_DEBUG) &&
1928 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001929 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001930 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001931
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001932 sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001933 eol = sol + msg->sl.rq.l;
1934 debug_hdr("clireq", t, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01001935
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001936 sol += hdr_idx_first_pos(&txn->hdr_idx);
1937 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001938
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001939 while (cur_idx) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001940 eol = sol + txn->hdr_idx.v[cur_idx].len;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001941 debug_hdr("clihdr", t, sol, eol);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001942 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
1943 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001944 }
1945 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001946
Willy Tarreau58f10d72006-12-04 02:26:12 +01001947
1948 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001949 * Now we quickly check if we have found a full valid request.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001950 * If not so, we check the FD and buffer states before leaving.
1951 * A full request is indicated by the fact that we have seen
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001952 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
1953 * requests are checked first.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001954 *
1955 */
1956
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001957 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001958 /*
1959 * First, let's catch bad requests.
1960 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001961 if (unlikely(msg->msg_state == HTTP_MSG_ERROR))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001962 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001963
1964 /* 1: Since we are in header mode, if there's no space
1965 * left for headers, we won't be able to free more
1966 * later, so the session will never terminate. We
1967 * must terminate it now.
1968 */
Willy Tarreaue393fe22008-08-16 22:18:07 +02001969 if (unlikely(req->flags & BF_FULL)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001970 /* FIXME: check if URI is set and return Status
1971 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001972 */
Willy Tarreau06619262006-12-17 08:37:22 +01001973 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001974 }
1975
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001976 /* 2: have we encountered a read error ? */
1977 else if (req->flags & BF_READ_ERROR) {
1978 /* we cannot return any message on error */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001979 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001980 req->analysers = 0;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02001981 //t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001982 if (!(t->flags & SN_ERR_MASK))
1983 t->flags |= SN_ERR_CLICL;
1984 if (!(t->flags & SN_FINST_MASK))
1985 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02001986 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001987 }
1988
1989 /* 3: has the read timeout expired ? */
Willy Tarreauffab5b42008-08-17 18:03:28 +02001990 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01001991 /* read timeout : give up with an error message. */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001992 txn->status = 408;
Willy Tarreau80587432006-12-24 17:47:20 +01001993 client_retnclose(t, error_message(t, HTTP_ERR_408));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001994 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02001995 req->analysers = 0;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001996 t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001997 if (!(t->flags & SN_ERR_MASK))
1998 t->flags |= SN_ERR_CLITO;
1999 if (!(t->flags & SN_FINST_MASK))
2000 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002001 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002002 }
2003
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002004 /* 4: have we encountered a close ? */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002005 else if (req->flags & BF_SHUTR) {
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002006 txn->status = 400;
2007 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002008 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002009 req->analysers = 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002010 t->fe->failed_req++;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002011
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002012 if (!(t->flags & SN_ERR_MASK))
2013 t->flags |= SN_ERR_CLICL;
2014 if (!(t->flags & SN_FINST_MASK))
2015 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002016 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002017 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002018
Willy Tarreau3da77c52008-08-29 09:58:42 +02002019 buffer_write_dis(req);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002020 /* just set the request timeout once at the beginning of the request */
Willy Tarreauffab5b42008-08-17 18:03:28 +02002021 if (!tick_isset(req->analyse_exp))
2022 req->analyse_exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002023
2024 /* we're not ready yet */
Willy Tarreaudafde432008-08-17 01:00:46 +02002025 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002026 }
2027
2028
2029 /****************************************************************
2030 * More interesting part now : we know that we have a complete *
2031 * request which at least looks like HTTP. We have an indicator *
2032 * of each header's length, so we can parse them quickly. *
2033 ****************************************************************/
2034
Willy Tarreau2df28e82008-08-17 15:20:19 +02002035 req->analysers &= ~AN_REQ_HTTP_HDR;
Willy Tarreauffab5b42008-08-17 18:03:28 +02002036 req->analyse_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002037
Willy Tarreau9cdde232007-05-02 20:58:19 +02002038 /* ensure we keep this pointer to the beginning of the message */
2039 msg->sol = req->data + msg->som;
2040
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002041 /*
2042 * 1: identify the method
2043 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002044 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002045
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002046 /* we can make use of server redirect on GET and HEAD */
2047 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2048 t->flags |= SN_REDIRECTABLE;
2049
Willy Tarreau58f10d72006-12-04 02:26:12 +01002050 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002051 * 2: check if the URI matches the monitor_uri.
Willy Tarreau06619262006-12-17 08:37:22 +01002052 * We have to do this for every request which gets in, because
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002053 * the monitor-uri is defined by the frontend.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002054 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002055 if (unlikely((t->fe->monitor_uri_len != 0) &&
2056 (t->fe->monitor_uri_len == msg->sl.rq.u_l) &&
2057 !memcmp(&req->data[msg->sl.rq.u],
2058 t->fe->monitor_uri,
2059 t->fe->monitor_uri_len))) {
2060 /*
2061 * We have found the monitor URI
2062 */
Willy Tarreaub80c2302007-11-30 20:51:32 +01002063 struct acl_cond *cond;
2064 cur_proxy = t->fe;
2065
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002066 t->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002067
2068 /* Check if we want to fail this monitor request or not */
2069 list_for_each_entry(cond, &cur_proxy->mon_fail_cond, list) {
2070 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002071
2072 ret = acl_pass(ret);
Willy Tarreaub80c2302007-11-30 20:51:32 +01002073 if (cond->pol == ACL_COND_UNLESS)
2074 ret = !ret;
2075
2076 if (ret) {
2077 /* we fail this request, let's return 503 service unavail */
2078 txn->status = 503;
2079 client_retnclose(t, error_message(t, HTTP_ERR_503));
2080 goto return_prx_cond;
2081 }
2082 }
2083
2084 /* nothing to fail, let's reply normaly */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002085 txn->status = 200;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002086 client_retnclose(t, &http_200_chunk);
2087 goto return_prx_cond;
2088 }
2089
2090 /*
2091 * 3: Maybe we have to copy the original REQURI for the logs ?
2092 * Note: we cannot log anymore if the request has been
2093 * classified as invalid.
2094 */
2095 if (unlikely(t->logs.logwait & LW_REQ)) {
2096 /* we have a complete HTTP request that we must log */
Willy Tarreau332f8bf2007-05-13 21:36:56 +02002097 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002098 int urilen = msg->sl.rq.l;
2099
2100 if (urilen >= REQURI_LEN)
2101 urilen = REQURI_LEN - 1;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002102 memcpy(txn->uri, &req->data[msg->som], urilen);
2103 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002104
2105 if (!(t->logs.logwait &= ~LW_REQ))
Willy Tarreau42250582007-04-01 01:30:43 +02002106 http_sess_log(t);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002107 } else {
2108 Alert("HTTP logging : out of memory.\n");
2109 }
2110 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002111
Willy Tarreau06619262006-12-17 08:37:22 +01002112
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002113 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
2114 if (unlikely(msg->sl.rq.v_l == 0)) {
2115 int delta;
2116 char *cur_end;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002117 msg->sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002118 cur_end = msg->sol + msg->sl.rq.l;
2119 delta = 0;
Willy Tarreau06619262006-12-17 08:37:22 +01002120
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002121 if (msg->sl.rq.u_l == 0) {
2122 /* if no URI was set, add "/" */
2123 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
2124 cur_end += delta;
2125 msg->eoh += delta;
Willy Tarreau06619262006-12-17 08:37:22 +01002126 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002127 /* add HTTP version */
2128 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
2129 msg->eoh += delta;
2130 cur_end += delta;
2131 cur_end = (char *)http_parse_reqline(msg, req->data,
2132 HTTP_MSG_RQMETH,
2133 msg->sol, cur_end + 1,
2134 NULL, NULL);
2135 if (unlikely(!cur_end))
2136 goto return_bad_req;
2137
2138 /* we have a full HTTP/1.0 request now and we know that
2139 * we have either a CR or an LF at <ptr>.
2140 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002141 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
Willy Tarreau58f10d72006-12-04 02:26:12 +01002142 }
2143
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002144
2145 /* 5: we may need to capture headers */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002146 if (unlikely((t->logs.logwait & LW_REQHDR) && t->fe->req_cap))
Willy Tarreau117f59e2007-03-04 18:17:17 +01002147 capture_headers(req->data + msg->som, &txn->hdr_idx,
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002148 txn->req.cap, t->fe->req_cap);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002149
2150 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002151 * 6: we will have to evaluate the filters.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002152 * As opposed to version 1.2, now they will be evaluated in the
2153 * filters order and not in the header order. This means that
2154 * each filter has to be validated among all headers.
Willy Tarreau06619262006-12-17 08:37:22 +01002155 *
2156 * We can now check whether we want to switch to another
2157 * backend, in which case we will re-check the backend's
2158 * filters and various options. In order to support 3-level
2159 * switching, here's how we should proceed :
2160 *
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002161 * a) run be.
Willy Tarreau830ff452006-12-17 19:31:23 +01002162 * if (switch) then switch ->be to the new backend.
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002163 * b) run be if (be != fe).
Willy Tarreau06619262006-12-17 08:37:22 +01002164 * There cannot be any switch from there, so ->be cannot be
2165 * changed anymore.
2166 *
Willy Tarreau830ff452006-12-17 19:31:23 +01002167 * => filters always apply to ->be, then ->be may change.
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002168 *
Willy Tarreau830ff452006-12-17 19:31:23 +01002169 * The response path will be able to apply either ->be, or
2170 * ->be then ->fe filters in order to match the reverse of
2171 * the forward sequence.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002172 */
2173
Willy Tarreau06619262006-12-17 08:37:22 +01002174 do {
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002175 struct acl_cond *cond;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002176 struct redirect_rule *rule;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002177 struct proxy *rule_set = t->be;
Willy Tarreau830ff452006-12-17 19:31:23 +01002178 cur_proxy = t->be;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002179
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002180 /* first check whether we have some ACLs set to redirect this request */
2181 list_for_each_entry(rule, &cur_proxy->redirect_rules, list) {
2182 int ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002183
2184 ret = acl_pass(ret);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002185 if (rule->cond->pol == ACL_COND_UNLESS)
2186 ret = !ret;
2187
2188 if (ret) {
2189 struct chunk rdr = { trash, 0 };
2190 const char *msg_fmt;
2191
2192 /* build redirect message */
2193 switch(rule->code) {
2194 case 303:
2195 rdr.len = strlen(HTTP_303);
2196 msg_fmt = HTTP_303;
2197 break;
2198 case 301:
2199 rdr.len = strlen(HTTP_301);
2200 msg_fmt = HTTP_301;
2201 break;
2202 case 302:
2203 default:
2204 rdr.len = strlen(HTTP_302);
2205 msg_fmt = HTTP_302;
2206 break;
2207 }
2208
2209 if (unlikely(rdr.len > sizeof(trash)))
2210 goto return_bad_req;
2211 memcpy(rdr.str, msg_fmt, rdr.len);
2212
2213 switch(rule->type) {
2214 case REDIRECT_TYPE_PREFIX: {
2215 const char *path;
2216 int pathlen;
2217
2218 path = http_get_path(txn);
2219 /* build message using path */
2220 if (path) {
2221 pathlen = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
2222 } else {
2223 path = "/";
2224 pathlen = 1;
2225 }
2226
2227 if (rdr.len + rule->rdr_len + pathlen > sizeof(trash) - 4)
2228 goto return_bad_req;
2229
2230 /* add prefix */
2231 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2232 rdr.len += rule->rdr_len;
2233
2234 /* add path */
2235 memcpy(rdr.str + rdr.len, path, pathlen);
2236 rdr.len += pathlen;
2237 break;
2238 }
2239 case REDIRECT_TYPE_LOCATION:
2240 default:
2241 if (rdr.len + rule->rdr_len > sizeof(trash) - 4)
2242 goto return_bad_req;
2243
2244 /* add location */
2245 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2246 rdr.len += rule->rdr_len;
2247 break;
2248 }
2249
2250 /* add end of headers */
2251 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
2252 rdr.len += 4;
2253
2254 txn->status = rule->code;
2255 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002256 t->logs.tv_request = now;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002257 client_retnclose(t, &rdr);
2258 goto return_prx_cond;
2259 }
2260 }
2261
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002262 /* first check whether we have some ACLs set to block this request */
2263 list_for_each_entry(cond, &cur_proxy->block_cond, list) {
Willy Tarreaud41f8d82007-06-10 10:06:18 +02002264 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002265
2266 ret = acl_pass(ret);
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002267 if (cond->pol == ACL_COND_UNLESS)
2268 ret = !ret;
2269
2270 if (ret) {
2271 txn->status = 403;
2272 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002273 t->logs.tv_request = now;
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002274 client_retnclose(t, error_message(t, HTTP_ERR_403));
2275 goto return_prx_cond;
2276 }
2277 }
2278
Willy Tarreau06619262006-12-17 08:37:22 +01002279 /* try headers filters */
Willy Tarreau53b6c742006-12-17 13:37:46 +01002280 if (rule_set->req_exp != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002281 if (apply_filters_to_request(t, req, rule_set->req_exp) < 0)
2282 goto return_bad_req;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002283 }
2284
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002285 if (!(t->flags & SN_BE_ASSIGNED) && (t->be != cur_proxy)) {
2286 /* to ensure correct connection accounting on
2287 * the backend, we count the connection for the
2288 * one managing the queue.
2289 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002290 t->be->beconn++;
2291 if (t->be->beconn > t->be->beconn_max)
2292 t->be->beconn_max = t->be->beconn;
2293 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002294 t->flags |= SN_BE_ASSIGNED;
2295 }
2296
Willy Tarreau06619262006-12-17 08:37:22 +01002297 /* has the request been denied ? */
Willy Tarreau3d300592007-03-18 18:34:41 +01002298 if (txn->flags & TX_CLDENY) {
Willy Tarreau06619262006-12-17 08:37:22 +01002299 /* no need to go further */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002300 txn->status = 403;
Willy Tarreau06619262006-12-17 08:37:22 +01002301 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002302 t->logs.tv_request = now;
Willy Tarreau80587432006-12-24 17:47:20 +01002303 client_retnclose(t, error_message(t, HTTP_ERR_403));
Willy Tarreau06619262006-12-17 08:37:22 +01002304 goto return_prx_cond;
2305 }
2306
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002307 /* We might have to check for "Connection:" */
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002308 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002309 !(t->flags & SN_CONN_CLOSED)) {
2310 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002311 int cur_idx, old_idx, delta, val;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002312 struct hdr_idx_elem *cur_hdr;
Willy Tarreau06619262006-12-17 08:37:22 +01002313
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002314 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002315 old_idx = 0;
2316
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002317 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2318 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002319 cur_ptr = cur_next;
2320 cur_end = cur_ptr + cur_hdr->len;
2321 cur_next = cur_end + cur_hdr->cr + 1;
2322
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002323 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2324 if (val) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002325 /* 3 possibilities :
2326 * - we have already set Connection: close,
2327 * so we remove this line.
2328 * - we have not yet set Connection: close,
2329 * but this line indicates close. We leave
2330 * it untouched and set the flag.
2331 * - we have not yet set Connection: close,
2332 * and this line indicates non-close. We
2333 * replace it.
2334 */
2335 if (t->flags & SN_CONN_CLOSED) {
2336 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002337 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002338 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002339 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2340 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002341 cur_hdr->len = 0;
2342 } else {
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002343 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2344 delta = buffer_replace2(req, cur_ptr + val, cur_end,
2345 "close", 5);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002346 cur_next += delta;
2347 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002348 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002349 }
2350 t->flags |= SN_CONN_CLOSED;
2351 }
2352 }
2353 old_idx = cur_idx;
2354 }
Willy Tarreauf2f0ee82007-03-30 12:02:43 +02002355 }
2356 /* add request headers from the rule sets in the same order */
2357 for (cur_idx = 0; cur_idx < rule_set->nb_reqadd; cur_idx++) {
2358 if (unlikely(http_header_add_tail(req,
2359 &txn->req,
2360 &txn->hdr_idx,
2361 rule_set->req_add[cur_idx])) < 0)
2362 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01002363 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002364
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002365 /* check if stats URI was requested, and if an auth is needed */
Willy Tarreau0214c3a2007-01-07 13:47:30 +01002366 if (rule_set->uri_auth != NULL &&
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002367 (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002368 /* we have to check the URI and auth for this request.
2369 * FIXME!!! that one is rather dangerous, we want to
Willy Tarreau2df28e82008-08-17 15:20:19 +02002370 * make it follow standard rules (eg: clear req->analysers).
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002371 */
Willy Tarreaub2513902006-12-17 14:52:38 +01002372 if (stats_check_uri_auth(t, rule_set))
2373 return 1;
2374 }
2375
Willy Tarreau55ea7572007-06-17 19:56:27 +02002376 /* now check whether we have some switching rules for this request */
2377 if (!(t->flags & SN_BE_ASSIGNED)) {
2378 struct switching_rule *rule;
2379
2380 list_for_each_entry(rule, &cur_proxy->switching_rules, list) {
2381 int ret;
2382
2383 ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002384
2385 ret = acl_pass(ret);
Willy Tarreaua8cfa342008-07-09 11:23:31 +02002386 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreau55ea7572007-06-17 19:56:27 +02002387 ret = !ret;
2388
2389 if (ret) {
2390 t->be = rule->be.backend;
2391 t->be->beconn++;
2392 if (t->be->beconn > t->be->beconn_max)
2393 t->be->beconn_max = t->be->beconn;
2394 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002395
2396 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002397 t->rep->rto = t->req->wto = t->be->timeout.server;
2398 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002399 t->conn_retries = t->be->conn_retries;
Willy Tarreau55ea7572007-06-17 19:56:27 +02002400 t->flags |= SN_BE_ASSIGNED;
2401 break;
2402 }
2403 }
2404 }
2405
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002406 if (!(t->flags & SN_BE_ASSIGNED) && cur_proxy->defbe.be) {
2407 /* No backend was set, but there was a default
2408 * backend set in the frontend, so we use it and
2409 * loop again.
2410 */
2411 t->be = cur_proxy->defbe.be;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002412 t->be->beconn++;
2413 if (t->be->beconn > t->be->beconn_max)
2414 t->be->beconn_max = t->be->beconn;
2415 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002416
2417 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002418 t->rep->rto = t->req->wto = t->be->timeout.server;
2419 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002420 t->conn_retries = t->be->conn_retries;
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002421 t->flags |= SN_BE_ASSIGNED;
2422 }
2423 } while (t->be != cur_proxy); /* we loop only if t->be has changed */
Willy Tarreau2a324282006-12-05 00:05:46 +01002424
Willy Tarreau58f10d72006-12-04 02:26:12 +01002425
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002426 if (!(t->flags & SN_BE_ASSIGNED)) {
2427 /* To ensure correct connection accounting on
2428 * the backend, we count the connection for the
2429 * one managing the queue.
2430 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002431 t->be->beconn++;
2432 if (t->be->beconn > t->be->beconn_max)
2433 t->be->beconn_max = t->be->beconn;
2434 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002435 t->flags |= SN_BE_ASSIGNED;
2436 }
2437
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002438 /*
2439 * Right now, we know that we have processed the entire headers
Willy Tarreau2a324282006-12-05 00:05:46 +01002440 * and that unwanted requests have been filtered out. We can do
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002441 * whatever we want with the remaining request. Also, now we
Willy Tarreau830ff452006-12-17 19:31:23 +01002442 * may have separate values for ->fe, ->be.
Willy Tarreau2a324282006-12-05 00:05:46 +01002443 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002444
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01002445 /*
2446 * If HTTP PROXY is set we simply get remote server address
2447 * parsing incoming request.
2448 */
2449 if ((t->be->options & PR_O_HTTP_PROXY) && !(t->flags & SN_ADDR_SET)) {
2450 url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &t->srv_addr);
2451 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002452
Willy Tarreau2a324282006-12-05 00:05:46 +01002453 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002454 * 7: the appsession cookie was looked up very early in 1.2,
Willy Tarreau06619262006-12-17 08:37:22 +01002455 * so let's do the same now.
2456 */
2457
2458 /* It needs to look into the URI */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002459 if (t->be->appsession_name) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002460 get_srv_from_appsession(t, &req->data[msg->som], msg->sl.rq.l);
Willy Tarreau06619262006-12-17 08:37:22 +01002461 }
2462
2463
2464 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002465 * 8: Now we can work with the cookies.
Willy Tarreau2a324282006-12-05 00:05:46 +01002466 * Note that doing so might move headers in the request, but
2467 * the fields will stay coherent and the URI will not move.
Willy Tarreau06619262006-12-17 08:37:22 +01002468 * This should only be performed in the backend.
Willy Tarreau2a324282006-12-05 00:05:46 +01002469 */
Willy Tarreau396d2c62007-11-04 19:30:00 +01002470 if ((t->be->cookie_name || t->be->appsession_name || t->be->capture_name)
2471 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
Willy Tarreau2a324282006-12-05 00:05:46 +01002472 manage_client_side_cookies(t, req);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002473
Willy Tarreau58f10d72006-12-04 02:26:12 +01002474
Willy Tarreau2a324282006-12-05 00:05:46 +01002475 /*
Willy Tarreaubb046ac2007-03-03 19:17:03 +01002476 * 9: add X-Forwarded-For if either the frontend or the backend
2477 * asks for it.
Willy Tarreau2a324282006-12-05 00:05:46 +01002478 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002479 if ((t->fe->options | t->be->options) & PR_O_FWDFOR) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002480 if (t->cli_addr.ss_family == AF_INET) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002481 /* Add an X-Forwarded-For header unless the source IP is
2482 * in the 'except' network range.
2483 */
2484 if ((!t->fe->except_mask.s_addr ||
2485 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->fe->except_mask.s_addr)
2486 != t->fe->except_net.s_addr) &&
2487 (!t->be->except_mask.s_addr ||
2488 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->be->except_mask.s_addr)
2489 != t->be->except_net.s_addr)) {
2490 int len;
2491 unsigned char *pn;
2492 pn = (unsigned char *)&((struct sockaddr_in *)&t->cli_addr)->sin_addr;
Willy Tarreau45e73e32006-12-17 00:05:15 +01002493
Ross Westaf72a1d2008-08-03 10:51:45 +02002494 /* Note: we rely on the backend to get the header name to be used for
2495 * x-forwarded-for, because the header is really meant for the backends.
2496 * However, if the backend did not specify any option, we have to rely
2497 * on the frontend's header name.
2498 */
2499 if (t->be->fwdfor_hdr_len) {
2500 len = t->be->fwdfor_hdr_len;
2501 memcpy(trash, t->be->fwdfor_hdr_name, len);
2502 } else {
2503 len = t->fe->fwdfor_hdr_len;
2504 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2505 }
2506 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002507
Ross Westaf72a1d2008-08-03 10:51:45 +02002508 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002509 &txn->hdr_idx, trash, len)) < 0)
2510 goto return_bad_req;
2511 }
Willy Tarreau2a324282006-12-05 00:05:46 +01002512 }
2513 else if (t->cli_addr.ss_family == AF_INET6) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002514 /* FIXME: for the sake of completeness, we should also support
2515 * 'except' here, although it is mostly useless in this case.
2516 */
Willy Tarreau2a324282006-12-05 00:05:46 +01002517 int len;
2518 char pn[INET6_ADDRSTRLEN];
2519 inet_ntop(AF_INET6,
2520 (const void *)&((struct sockaddr_in6 *)(&t->cli_addr))->sin6_addr,
2521 pn, sizeof(pn));
Ross Westaf72a1d2008-08-03 10:51:45 +02002522
2523 /* Note: we rely on the backend to get the header name to be used for
2524 * x-forwarded-for, because the header is really meant for the backends.
2525 * However, if the backend did not specify any option, we have to rely
2526 * on the frontend's header name.
2527 */
2528 if (t->be->fwdfor_hdr_len) {
2529 len = t->be->fwdfor_hdr_len;
2530 memcpy(trash, t->be->fwdfor_hdr_name, len);
2531 } else {
2532 len = t->fe->fwdfor_hdr_len;
2533 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2534 }
2535 len += sprintf(trash + len, ": %s", pn);
2536
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002537 if (unlikely(http_header_add_tail2(req, &txn->req,
2538 &txn->hdr_idx, trash, len)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002539 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01002540 }
2541 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002542
Willy Tarreau2a324282006-12-05 00:05:46 +01002543 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002544 * 10: add "Connection: close" if needed and not yet set.
Willy Tarreau2807efd2007-03-25 23:47:23 +02002545 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaub2513902006-12-17 14:52:38 +01002546 */
Willy Tarreau2807efd2007-03-25 23:47:23 +02002547 if (!(t->flags & SN_CONN_CLOSED) &&
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002548 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
Willy Tarreau2807efd2007-03-25 23:47:23 +02002549 if ((unlikely(msg->sl.rq.v_l != 8) ||
2550 unlikely(req->data[msg->som + msg->sl.rq.v + 7] != '0')) &&
2551 unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx,
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002552 "Connection: close", 17)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002553 goto return_bad_req;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002554 t->flags |= SN_CONN_CLOSED;
Willy Tarreaue15d9132006-12-14 22:26:42 +01002555 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002556 /* Before we switch to data, was assignment set in manage_client_side_cookie?
2557 * If not assigned, perhaps we are balancing on url_param, but this is a
2558 * POST; and the parameters are in the body, maybe scan there to find our server.
2559 * (unless headers overflowed the buffer?)
2560 */
2561 if (!(t->flags & (SN_ASSIGNED|SN_DIRECT)) &&
2562 t->txn.meth == HTTP_METH_POST && t->be->url_param_name != NULL &&
Willy Tarreaue393fe22008-08-16 22:18:07 +02002563 t->be->url_param_post_limit != 0 && !(req->flags & BF_FULL) &&
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002564 memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
2565 /* are there enough bytes here? total == l || r || rlim ?
2566 * len is unsigned, but eoh is int,
2567 * how many bytes of body have we received?
2568 * eoh is the first empty line of the header
2569 */
2570 /* already established CRLF or LF at eoh, move to start of message, find message length in buffer */
Willy Tarreaufb0528b2008-08-11 00:21:56 +02002571 unsigned long len = req->l - (msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002572
2573 /* If we have HTTP/1.1 and Expect: 100-continue, then abort.
2574 * We can't assume responsibility for the server's decision,
2575 * on this URI and header set. See rfc2616: 14.20, 8.2.3,
2576 * We also can't change our mind later, about which server to choose, so round robin.
2577 */
2578 if ((likely(msg->sl.rq.v_l == 8) && req->data[msg->som + msg->sl.rq.v + 7] == '1')) {
2579 struct hdr_ctx ctx;
2580 ctx.idx = 0;
2581 /* Expect is allowed in 1.1, look for it */
2582 http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx);
2583 if (ctx.idx != 0 &&
Willy Tarreauadfb8562008-08-11 15:24:42 +02002584 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002585 /* We can't reliablly stall and wait for data, because of
2586 * .NET clients that don't conform to rfc2616; so, no need for
2587 * the next block to check length expectations.
2588 * We could send 100 status back to the client, but then we need to
2589 * re-write headers, and send the message. And this isn't the right
2590 * place for that action.
2591 * TODO: support Expect elsewhere and delete this block.
2592 */
2593 goto end_check_maybe_wait_for_body;
2594 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002595
2596 if (likely(len > t->be->url_param_post_limit)) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002597 /* nothing to do, we got enough */
2598 } else {
2599 /* limit implies we are supposed to need this many bytes
2600 * to find the parameter. Let's see how many bytes we can wait for.
2601 */
2602 long long hint = len;
2603 struct hdr_ctx ctx;
2604 ctx.idx = 0;
2605 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx);
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002606 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02002607 buffer_write_dis(req);
Willy Tarreau2df28e82008-08-17 15:20:19 +02002608 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002609 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002610 else {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002611 ctx.idx = 0;
2612 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx);
2613 /* now if we have a length, we'll take the hint */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002614 if (ctx.idx) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002615 /* We have Content-Length */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002616 if (strl2llrc(ctx.line+ctx.val,ctx.vlen, &hint))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002617 hint = 0; /* parse failure, untrusted client */
2618 else {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002619 if (hint > 0)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002620 msg->hdr_content_len = hint;
2621 else
2622 hint = 0; /* bad client, sent negative length */
2623 }
2624 }
2625 /* but limited to what we care about, maybe we don't expect any entity data (hint == 0) */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002626 if (t->be->url_param_post_limit < hint)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002627 hint = t->be->url_param_post_limit;
2628 /* now do we really need to buffer more data? */
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002629 if (len < hint) {
Willy Tarreau3da77c52008-08-29 09:58:42 +02002630 buffer_write_dis(req);
Willy Tarreau2df28e82008-08-17 15:20:19 +02002631 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002632 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002633 /* else... There are no body bytes to wait for */
2634 }
2635 }
2636 }
2637 end_check_maybe_wait_for_body:
Willy Tarreaubaaee002006-06-26 02:48:02 +02002638
Willy Tarreau2a324282006-12-05 00:05:46 +01002639 /*************************************************************
2640 * OK, that's finished for the headers. We have done what we *
2641 * could. Let's switch to the DATA state. *
2642 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02002643
Willy Tarreaue393fe22008-08-16 22:18:07 +02002644 buffer_set_rlim(req, BUFSIZE); /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02002645 t->logs.tv_request = now;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002646
Willy Tarreau1fa31262007-12-03 00:36:16 +01002647 /* When a connection is tarpitted, we use the tarpit timeout,
2648 * which may be the same as the connect timeout if unspecified.
2649 * If unset, then set it to zero because we really want it to
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002650 * eventually expire. We build the tarpit as an analyser.
Willy Tarreau2a324282006-12-05 00:05:46 +01002651 */
Willy Tarreau3d300592007-03-18 18:34:41 +01002652 if (txn->flags & TX_CLTARPIT) {
Willy Tarreaue393fe22008-08-16 22:18:07 +02002653 buffer_flush(t->req);
Willy Tarreau2a324282006-12-05 00:05:46 +01002654 /* flush the request so that we can drop the connection early
2655 * if the client closes first.
2656 */
Willy Tarreau3da77c52008-08-29 09:58:42 +02002657 buffer_write_dis(req);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002658 req->analysers |= AN_REQ_HTTP_TARPIT;
2659 req->analyse_exp = tick_add_ifset(now_ms, t->be->timeout.tarpit);
2660 if (!req->analyse_exp)
2661 req->analyse_exp = now_ms;
Willy Tarreau2a324282006-12-05 00:05:46 +01002662 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002663
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002664 /* OK let's go on with the BODY now */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002665 goto end_of_headers;
Willy Tarreau06619262006-12-17 08:37:22 +01002666
2667 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002668 txn->req.msg_state = HTTP_MSG_ERROR;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002669 txn->status = 400;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002670 req->analysers = 0;
Willy Tarreau80587432006-12-24 17:47:20 +01002671 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01002672 t->fe->failed_req++;
Willy Tarreau06619262006-12-17 08:37:22 +01002673 return_prx_cond:
2674 if (!(t->flags & SN_ERR_MASK))
2675 t->flags |= SN_ERR_PRXCOND;
2676 if (!(t->flags & SN_FINST_MASK))
2677 t->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002678 return 0;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002679 end_of_headers:
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002680 ; // to keep gcc happy
Willy Tarreauadfb8562008-08-11 15:24:42 +02002681 }
2682
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002683 if (req->analysers & AN_REQ_HTTP_TARPIT) {
2684 struct http_txn *txn = &t->txn;
2685
2686 /* This connection is being tarpitted. The CLIENT side has
2687 * already set the connect expiration date to the right
2688 * timeout. We just have to check that the client is still
2689 * there and that the timeout has not expired.
2690 */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002691 if ((req->flags & (BF_SHUTR|BF_READ_ERROR)) == 0 &&
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002692 !tick_is_expired(req->analyse_exp, now_ms))
2693 return 0;
2694
2695 /* We will set the queue timer to the time spent, just for
2696 * logging purposes. We fake a 500 server error, so that the
2697 * attacker will not suspect his connection has been tarpitted.
2698 * It will not cause trouble to the logs because we can exclude
2699 * the tarpitted connections by filtering on the 'PT' status flags.
2700 */
2701 trace_term(t, TT_HTTP_SRV_2);
2702 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
2703
2704 txn->status = 500;
2705 if (req->flags != BF_READ_ERROR)
2706 client_retnclose(t, error_message(t, HTTP_ERR_500));
2707
2708 req->analysers = 0;
2709 req->analyse_exp = TICK_ETERNITY;
2710
2711 t->fe->failed_req++;
2712 if (!(t->flags & SN_ERR_MASK))
2713 t->flags |= SN_ERR_PRXCOND;
2714 if (!(t->flags & SN_FINST_MASK))
2715 t->flags |= SN_FINST_T;
2716 return 0;
2717 }
2718
Willy Tarreau2df28e82008-08-17 15:20:19 +02002719 if (req->analysers & AN_REQ_HTTP_BODY) {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002720 /* We have to parse the HTTP request body to find any required data.
2721 * "balance url_param check_post" should have been the only way to get
2722 * into this. We were brought here after HTTP header analysis, so all
2723 * related structures are ready.
2724 */
2725 struct http_msg *msg = &t->txn.req;
2726 unsigned long body = msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1;
2727 long long limit = t->be->url_param_post_limit;
2728 struct hdr_ctx ctx;
2729
2730 ctx.idx = 0;
2731
2732 /* now if we have a length, we'll take the hint */
2733 http_find_header2("Transfer-Encoding", 17, msg->sol, &t->txn.hdr_idx, &ctx);
2734 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
2735 unsigned int chunk = 0;
2736 while (body < req->l && !HTTP_IS_CRLF(msg->sol[body])) {
2737 char c = msg->sol[body];
2738 if (ishex(c)) {
2739 unsigned int hex = toupper(c) - '0';
2740 if (hex > 9)
2741 hex -= 'A' - '9' - 1;
2742 chunk = (chunk << 4) | hex;
2743 } else
2744 break;
2745 body++;
2746 }
2747 if (body + 2 >= req->l) /* we want CRLF too */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002748 goto http_body_end; /* end of buffer? data missing! */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002749
2750 if (memcmp(msg->sol+body, "\r\n", 2) != 0)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002751 goto http_body_end; /* chunked encoding len ends with CRLF, and we don't have it yet */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002752
2753 body += 2; // skip CRLF
2754
2755 /* if we support more then one chunk here, we have to do it again when assigning server
2756 * 1. how much entity data do we have? new var
2757 * 2. should save entity_start, entity_cursor, elen & rlen in req; so we don't repeat scanning here
2758 * 3. test if elen > limit, or set new limit to elen if 0 (end of entity found)
2759 */
2760
2761 if (chunk < limit)
2762 limit = chunk; /* only reading one chunk */
2763 } else {
2764 if (msg->hdr_content_len < limit)
2765 limit = msg->hdr_content_len;
2766 }
2767
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002768 http_body_end:
2769 /* we leave once we know we have nothing left to do. This means that we have
2770 * enough bytes, or that we know we'll not get any more (buffer full, read
2771 * buffer closed).
2772 */
2773 if (req->l - body >= limit || /* enough bytes! */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002774 req->flags & (BF_FULL | BF_READ_ERROR | BF_SHUTR | BF_READ_TIMEOUT) ||
Willy Tarreauc52164a2008-08-17 19:17:57 +02002775 tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002776 /* The situation will not evolve, so let's give up on the analysis. */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002777 t->logs.tv_request = now; /* update the request timer to reflect full request */
Willy Tarreau2df28e82008-08-17 15:20:19 +02002778 req->analysers &= ~AN_REQ_HTTP_BODY;
Willy Tarreauffab5b42008-08-17 18:03:28 +02002779 req->analyse_exp = TICK_ETERNITY;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002780 }
Willy Tarreauc52164a2008-08-17 19:17:57 +02002781 else {
2782 /* Not enough data. We'll re-use the http-request
2783 * timeout here. Ideally, we should set the timeout
2784 * relative to the accept() date. We just set the
2785 * request timeout once at the beginning of the
2786 * request.
2787 */
Willy Tarreau3da77c52008-08-29 09:58:42 +02002788 buffer_write_dis(req);
Willy Tarreauc52164a2008-08-17 19:17:57 +02002789 if (!tick_isset(req->analyse_exp))
2790 req->analyse_exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
2791 return 0;
2792 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002793 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002794
Willy Tarreau2df28e82008-08-17 15:20:19 +02002795 /* Note: eventhough nobody should set an unknown flag, clearing them right now will
2796 * probably reduce one day's debugging session.
2797 */
2798#ifdef DEBUG_DEV
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002799 if (req->analysers & ~(AN_REQ_INSPECT | AN_REQ_HTTP_HDR | AN_REQ_HTTP_TARPIT | AN_REQ_HTTP_BODY)) {
Willy Tarreau2df28e82008-08-17 15:20:19 +02002800 fprintf(stderr, "FIXME !!!! unknown analysers flags %s:%d = 0x%08X\n",
2801 __FILE__, __LINE__, req->analysers);
2802 ABORT_NOW();
2803 }
2804#endif
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002805 req->analysers &= AN_REQ_INSPECT | AN_REQ_HTTP_HDR | AN_REQ_HTTP_TARPIT | AN_REQ_HTTP_BODY;
Willy Tarreaudafde432008-08-17 01:00:46 +02002806 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002807}
Willy Tarreauadfb8562008-08-11 15:24:42 +02002808
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002809/* This function performs all the processing enabled for the current response.
Willy Tarreaudafde432008-08-17 01:00:46 +02002810 * It normally returns zero, but may return 1 if it absolutely needs to be
2811 * called again after other functions. It relies on buffers flags, and updates
Willy Tarreau2df28e82008-08-17 15:20:19 +02002812 * t->rep->analysers. It might make sense to explode it into several other
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002813 * functions. It works like process_request (see indications above).
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002814 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002815int process_response(struct session *t)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002816{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002817 struct http_txn *txn = &t->txn;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002818 struct buffer *req = t->req;
2819 struct buffer *rep = t->rep;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002820
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02002821 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002822 now_ms, __FUNCTION__,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02002823 t,
2824 rep,
2825 rep->rex, rep->wex,
2826 rep->flags,
2827 rep->l,
2828 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002829
Willy Tarreau2df28e82008-08-17 15:20:19 +02002830 if (rep->analysers & AN_RTR_HTTP_HDR) { /* receiving server headers */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002831 /*
2832 * Now parse the partial (or complete) lines.
2833 * We will check the response syntax, and also join multi-line
2834 * headers. An index of all the lines will be elaborated while
2835 * parsing.
2836 *
2837 * For the parsing, we use a 28 states FSM.
2838 *
2839 * Here is the information we currently have :
Willy Tarreaue393fe22008-08-16 22:18:07 +02002840 * rep->data + rep->som = beginning of response
2841 * rep->data + rep->eoh = end of processed headers / start of current one
2842 * rep->data + rep->eol = end of current header or line (LF or CRLF)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002843 * rep->lr = first non-visited byte
2844 * rep->r = end of data
2845 */
Willy Tarreau7f875f62008-08-11 17:35:01 +02002846
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002847 int cur_idx;
2848 struct http_msg *msg = &txn->rsp;
2849 struct proxy *cur_proxy;
2850
2851 if (likely(rep->lr < rep->r))
2852 http_msg_analyzer(rep, msg, &txn->hdr_idx);
2853
2854 /* 1: we might have to print this header in debug mode */
2855 if (unlikely((global.mode & MODE_DEBUG) &&
2856 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
2857 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
2858 char *eol, *sol;
2859
2860 sol = rep->data + msg->som;
2861 eol = sol + msg->sl.rq.l;
2862 debug_hdr("srvrep", t, sol, eol);
2863
2864 sol += hdr_idx_first_pos(&txn->hdr_idx);
2865 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
2866
2867 while (cur_idx) {
2868 eol = sol + txn->hdr_idx.v[cur_idx].len;
2869 debug_hdr("srvhdr", t, sol, eol);
2870 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2871 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002872 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002873 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002874
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002875 /*
2876 * Now we quickly check if we have found a full valid response.
2877 * If not so, we check the FD and buffer states before leaving.
2878 * A full response is indicated by the fact that we have seen
2879 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
2880 * responses are checked first.
2881 *
2882 * Depending on whether the client is still there or not, we
2883 * may send an error response back or not. Note that normally
2884 * we should only check for HTTP status there, and check I/O
2885 * errors somewhere else.
2886 */
2887
2888 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002889 /* Invalid response */
2890 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
2891 hdr_response_bad:
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002892 //buffer_shutr(rep);
2893 //buffer_shutw(req);
2894 //fd_delete(req->cons->fd);
2895 //req->cons->state = SI_ST_CLO;
2896 buffer_shutr_now(rep);
2897 buffer_shutw_now(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002898 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002899 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002900 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002901 //sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002902 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002903 t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002904 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002905 txn->status = 502;
2906 client_return(t, error_message(t, HTTP_ERR_502));
2907 if (!(t->flags & SN_ERR_MASK))
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002908 t->flags |= SN_ERR_PRXCOND;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002909 if (!(t->flags & SN_FINST_MASK))
2910 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002911
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002912 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2913 // process_srv_queue(t->srv);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002914
Willy Tarreaudafde432008-08-17 01:00:46 +02002915 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002916 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002917 /* too large response does not fit in buffer. */
2918 else if (rep->flags & BF_FULL) {
2919 goto hdr_response_bad;
2920 }
2921 /* read error */
2922 else if (rep->flags & BF_READ_ERROR) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002923 buffer_shutr_now(rep);
2924 buffer_shutw_now(req);
2925 //fd_delete(req->cons->fd);
2926 //req->cons->state = SI_ST_CLO;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002927 //if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002928 //t->srv->cur_sess--;
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002929 //t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002930 //sess_change_server(t, NULL);
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002931 //}
2932 //t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002933 rep->analysers = 0;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002934 txn->status = 502;
2935 client_return(t, error_message(t, HTTP_ERR_502));
2936 if (!(t->flags & SN_ERR_MASK))
2937 t->flags |= SN_ERR_SRVCL;
2938 if (!(t->flags & SN_FINST_MASK))
2939 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002940
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002941 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2942 // process_srv_queue(t->srv);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002943
Willy Tarreaudafde432008-08-17 01:00:46 +02002944 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002945 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002946 /* read timeout : return a 504 to the client. */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002947 else if (rep->flags & BF_READ_TIMEOUT) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002948 buffer_shutr_now(rep);
2949 buffer_shutw_now(req);
2950 //fd_delete(req->cons->fd);
2951 //req->cons->state = SI_ST_CLO;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002952 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002953 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002954 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002955 //sess_change_server(t, NULL);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002956 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002957 t->be->failed_resp++;
Willy Tarreau2df28e82008-08-17 15:20:19 +02002958 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002959 txn->status = 504;
2960 client_return(t, error_message(t, HTTP_ERR_504));
2961 if (!(t->flags & SN_ERR_MASK))
2962 t->flags |= SN_ERR_SRVTO;
2963 if (!(t->flags & SN_FINST_MASK))
2964 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002965
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002966 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2967 // process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02002968 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002969 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002970 /* write error to client, or close from server */
Willy Tarreaue5ed4062008-08-30 03:17:31 +02002971 else if (rep->flags & (BF_WRITE_ERROR|BF_SHUTR)) {
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002972 buffer_shutr_now(rep);
2973 buffer_shutw_now(req);
2974 //fd_delete(req->cons->fd);
2975 //req->cons->state = SI_ST_CLO;
2976 if (t->srv) {
2977 //t->srv->cur_sess--;
2978 t->srv->failed_resp++;
2979 //sess_change_server(t, NULL);
2980 }
2981 t->be->failed_resp++;
2982 rep->analysers = 0;
2983 txn->status = 502;
2984 client_return(t, error_message(t, HTTP_ERR_502));
2985 if (!(t->flags & SN_ERR_MASK))
2986 t->flags |= SN_ERR_SRVCL;
2987 if (!(t->flags & SN_FINST_MASK))
2988 t->flags |= SN_FINST_H;
2989
2990 //if (t->srv && may_dequeue_tasks(t->srv, t->be))
2991 // process_srv_queue(t->srv);
Willy Tarreau41f40ed2008-08-21 10:05:00 +02002992
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002993 return 0;
2994 }
Willy Tarreau3da77c52008-08-29 09:58:42 +02002995 buffer_write_dis(rep);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002996 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002997 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002998
Willy Tarreau21d2af32008-02-14 20:25:24 +01002999
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003000 /*****************************************************************
3001 * More interesting part now : we know that we have a complete *
3002 * response which at least looks like HTTP. We have an indicator *
3003 * of each header's length, so we can parse them quickly. *
3004 ****************************************************************/
Willy Tarreau21d2af32008-02-14 20:25:24 +01003005
Willy Tarreau2df28e82008-08-17 15:20:19 +02003006 rep->analysers &= ~AN_RTR_HTTP_HDR;
Willy Tarreaua7c52762008-08-16 18:40:18 +02003007
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003008 /* ensure we keep this pointer to the beginning of the message */
3009 msg->sol = rep->data + msg->som;
Willy Tarreau21d2af32008-02-14 20:25:24 +01003010
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003011 /*
3012 * 1: get the status code and check for cacheability.
3013 */
Willy Tarreau21d2af32008-02-14 20:25:24 +01003014
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003015 t->logs.logwait &= ~LW_RESP;
3016 txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreau21d2af32008-02-14 20:25:24 +01003017
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003018 switch (txn->status) {
3019 case 200:
3020 case 203:
3021 case 206:
3022 case 300:
3023 case 301:
3024 case 410:
3025 /* RFC2616 @13.4:
3026 * "A response received with a status code of
3027 * 200, 203, 206, 300, 301 or 410 MAY be stored
3028 * by a cache (...) unless a cache-control
3029 * directive prohibits caching."
3030 *
3031 * RFC2616 @9.5: POST method :
3032 * "Responses to this method are not cacheable,
3033 * unless the response includes appropriate
3034 * Cache-Control or Expires header fields."
3035 */
3036 if (likely(txn->meth != HTTP_METH_POST) &&
3037 (t->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
3038 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
3039 break;
3040 default:
3041 break;
3042 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003043
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003044 /*
3045 * 2: we may need to capture headers
3046 */
3047 if (unlikely((t->logs.logwait & LW_RSPHDR) && t->fe->rsp_cap))
3048 capture_headers(rep->data + msg->som, &txn->hdr_idx,
3049 txn->rsp.cap, t->fe->rsp_cap);
3050
3051 /*
3052 * 3: we will have to evaluate the filters.
3053 * As opposed to version 1.2, now they will be evaluated in the
3054 * filters order and not in the header order. This means that
3055 * each filter has to be validated among all headers.
3056 *
3057 * Filters are tried with ->be first, then with ->fe if it is
3058 * different from ->be.
3059 */
3060
3061 t->flags &= ~SN_CONN_CLOSED; /* prepare for inspection */
3062
3063 cur_proxy = t->be;
3064 while (1) {
3065 struct proxy *rule_set = cur_proxy;
3066
3067 /* try headers filters */
3068 if (rule_set->rsp_exp != NULL) {
3069 if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) {
3070 return_bad_resp:
3071 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003072 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003073 t->srv->failed_resp++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003074 //sess_change_server(t, NULL);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003075 }
3076 cur_proxy->failed_resp++;
3077 return_srv_prx_502:
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003078 buffer_shutr_now(rep);
3079 buffer_shutw_now(req);
3080 //fd_delete(req->cons->fd);
3081 //req->cons->state = SI_ST_CLO;
Willy Tarreau2df28e82008-08-17 15:20:19 +02003082 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003083 txn->status = 502;
3084 client_return(t, error_message(t, HTTP_ERR_502));
3085 if (!(t->flags & SN_ERR_MASK))
3086 t->flags |= SN_ERR_PRXCOND;
3087 if (!(t->flags & SN_FINST_MASK))
3088 t->flags |= SN_FINST_H;
3089 /* We used to have a free connection slot. Since we'll never use it,
3090 * we have to inform the server that it may be used by another session.
3091 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003092 //if (t->srv && may_dequeue_tasks(t->srv, cur_proxy))
3093 // process_srv_queue(t->srv);
Willy Tarreaudafde432008-08-17 01:00:46 +02003094 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01003095 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003096 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003097
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003098 /* has the response been denied ? */
3099 if (txn->flags & TX_SVDENY) {
Willy Tarreauf899b942008-03-28 18:09:38 +01003100 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003101 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003102 t->srv->failed_secu++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003103 //sess_change_server(t, NULL);
Willy Tarreauf899b942008-03-28 18:09:38 +01003104 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003105 cur_proxy->denied_resp++;
3106 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01003107 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003108
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003109 /* We might have to check for "Connection:" */
3110 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
3111 !(t->flags & SN_CONN_CLOSED)) {
3112 char *cur_ptr, *cur_end, *cur_next;
3113 int cur_idx, old_idx, delta, val;
3114 struct hdr_idx_elem *cur_hdr;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003115
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003116 cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
3117 old_idx = 0;
Willy Tarreau541b5c22008-01-06 23:34:21 +01003118
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003119 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
3120 cur_hdr = &txn->hdr_idx.v[cur_idx];
3121 cur_ptr = cur_next;
3122 cur_end = cur_ptr + cur_hdr->len;
3123 cur_next = cur_end + cur_hdr->cr + 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003124
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003125 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
3126 if (val) {
3127 /* 3 possibilities :
3128 * - we have already set Connection: close,
3129 * so we remove this line.
3130 * - we have not yet set Connection: close,
3131 * but this line indicates close. We leave
3132 * it untouched and set the flag.
3133 * - we have not yet set Connection: close,
3134 * and this line indicates non-close. We
3135 * replace it.
3136 */
3137 if (t->flags & SN_CONN_CLOSED) {
3138 delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0);
3139 txn->rsp.eoh += delta;
3140 cur_next += delta;
3141 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
3142 txn->hdr_idx.used--;
3143 cur_hdr->len = 0;
3144 } else {
3145 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
3146 delta = buffer_replace2(rep, cur_ptr + val, cur_end,
3147 "close", 5);
3148 cur_next += delta;
3149 cur_hdr->len += delta;
3150 txn->rsp.eoh += delta;
3151 }
3152 t->flags |= SN_CONN_CLOSED;
3153 }
3154 }
3155 old_idx = cur_idx;
Willy Tarreau541b5c22008-01-06 23:34:21 +01003156 }
3157 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003158
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003159 /* add response headers from the rule sets in the same order */
3160 for (cur_idx = 0; cur_idx < rule_set->nb_rspadd; cur_idx++) {
3161 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx,
3162 rule_set->rsp_add[cur_idx])) < 0)
3163 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02003164 }
3165
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003166 /* check whether we're already working on the frontend */
3167 if (cur_proxy == t->fe)
3168 break;
3169 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003170 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003171
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003172 /*
3173 * 4: check for server cookie.
3174 */
3175 if (t->be->cookie_name || t->be->appsession_name || t->be->capture_name
3176 || (t->be->options & PR_O_CHK_CACHE))
3177 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003178
Willy Tarreaubaaee002006-06-26 02:48:02 +02003179
Willy Tarreaua15645d2007-03-18 16:22:39 +01003180 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003181 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003182 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003183 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
3184 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003185
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003186 /*
3187 * 6: add server cookie in the response if needed
3188 */
3189 if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) &&
3190 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) {
3191 int len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003192
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003193 /* the server is known, it's not the one the client requested, we have to
3194 * insert a set-cookie here, except if we want to insert only on POST
3195 * requests and this one isn't. Note that servers which don't have cookies
3196 * (eg: some backup servers) will return a full cookie removal request.
3197 */
3198 len = sprintf(trash, "Set-Cookie: %s=%s; path=/",
3199 t->be->cookie_name,
3200 t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
Willy Tarreaubaaee002006-06-26 02:48:02 +02003201
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003202 if (t->be->cookie_domain)
3203 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003204
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003205 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3206 trash, len)) < 0)
3207 goto return_bad_resp;
3208 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003209
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003210 /* Here, we will tell an eventual cache on the client side that we don't
3211 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
3212 * Some caches understand the correct form: 'no-cache="set-cookie"', but
3213 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
3214 */
3215 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02003216
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003217 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
3218
3219 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3220 "Cache-control: private", 22)) < 0)
3221 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003222 }
3223 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003224
Willy Tarreaubaaee002006-06-26 02:48:02 +02003225
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003226 /*
3227 * 7: check if result will be cacheable with a cookie.
3228 * We'll block the response if security checks have caught
3229 * nasty things such as a cacheable cookie.
3230 */
3231 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
3232 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
3233 (t->be->options & PR_O_CHK_CACHE)) {
3234
3235 /* we're in presence of a cacheable response containing
3236 * a set-cookie header. We'll block it as requested by
3237 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003238 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003239 if (t->srv) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003240 //t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003241 t->srv->failed_secu++;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003242 //sess_change_server(t, NULL);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003243 }
3244 t->be->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003245
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003246 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
3247 t->be->id, t->srv?t->srv->id:"<dispatch>");
3248 send_log(t->be, LOG_ALERT,
3249 "Blocking cacheable cookie in response from instance %s, server %s.\n",
3250 t->be->id, t->srv?t->srv->id:"<dispatch>");
3251 goto return_srv_prx_502;
3252 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003253
3254 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003255 * 8: add "Connection: close" if needed and not yet set.
3256 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003257 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003258 if (!(t->flags & SN_CONN_CLOSED) &&
3259 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
3260 if ((unlikely(msg->sl.st.v_l != 8) ||
3261 unlikely(req->data[msg->som + 7] != '0')) &&
3262 unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
3263 "Connection: close", 17)) < 0)
3264 goto return_bad_resp;
3265 t->flags |= SN_CONN_CLOSED;
3266 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003267
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003268 /*************************************************************
3269 * OK, that's finished for the headers. We have done what we *
3270 * could. Let's switch to the DATA state. *
3271 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02003272
Willy Tarreaue393fe22008-08-16 22:18:07 +02003273 buffer_set_rlim(rep, BUFSIZE); /* no more rewrite needed */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003274 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003275
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003276#ifdef CONFIG_HAP_TCPSPLICE
3277 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3278 /* TCP splicing supported by both FE and BE */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003279 tcp_splice_splicefd(rep->cons->fd, rep->prod->fd, 0);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003280 }
3281#endif
3282 /* if the user wants to log as soon as possible, without counting
3283 * bytes from the server, then this is the right moment. We have
3284 * to temporarily assign bytes_out to log what we currently have.
3285 */
3286 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3287 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
3288 t->logs.bytes_out = txn->rsp.eoh;
3289 if (t->fe->to_log & LW_REQ)
3290 http_sess_log(t);
3291 else
3292 tcp_sess_log(t);
3293 t->logs.bytes_out = 0;
3294 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003295
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003296 /* Note: we must not try to cheat by jumping directly to DATA,
3297 * otherwise we would not let the client side wake up.
3298 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01003299
Willy Tarreaudafde432008-08-17 01:00:46 +02003300 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003301 }
Willy Tarreaudafde432008-08-17 01:00:46 +02003302
Willy Tarreau2df28e82008-08-17 15:20:19 +02003303 /* Note: eventhough nobody should set an unknown flag, clearing them right now will
3304 * probably reduce one day's debugging session.
3305 */
3306#ifdef DEBUG_DEV
3307 if (rep->analysers & ~(AN_RTR_HTTP_HDR)) {
3308 fprintf(stderr, "FIXME !!!! unknown analysers flags %s:%d = 0x%08X\n",
3309 __FILE__, __LINE__, rep->analysers);
3310 ABORT_NOW();
3311 }
3312#endif
3313 rep->analysers &= AN_RTR_HTTP_HDR;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003314 return 0;
3315}
Willy Tarreaua15645d2007-03-18 16:22:39 +01003316
Willy Tarreauf9839bd2008-08-27 23:57:16 +02003317///*
3318// * Manages the client FSM and its socket. It normally returns zero, but may
3319// * return 1 if it absolutely wants to be called again.
3320// *
3321// * Note: process_cli is the ONLY function allowed to set cli_state to anything
3322// * but CL_STCLOSE.
3323// */
3324//int process_cli(struct session *t)
3325//{
3326// struct buffer *req = t->req;
3327// struct buffer *rep = t->rep;
3328//
3329// DPRINTF(stderr,"[%u] %s: fd=%d[%d] c=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3330// now_ms, __FUNCTION__,
3331// t->cli_fd, t->cli_fd >= 0 ? fdtab[t->cli_fd].state : 0, /* fd,state*/
3332// cli_stnames[t->cli_state],
3333// t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
3334// t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
3335// req->rex, rep->wex,
3336// req->flags, rep->flags,
3337// req->l, rep->l);
3338//
3339// update_state:
3340// /* FIXME: we still have to check for CL_STSHUTR because client_retnclose
3341// * still set this state (and will do until unix sockets are converted).
3342// */
3343// if (t->cli_state == CL_STDATA || t->cli_state == CL_STSHUTR) {
3344// /* we can skip most of the tests at once if some conditions are not met */
3345// if (!((fdtab[t->cli_fd].state == FD_STERROR) ||
3346// (req->flags & (BF_READ_TIMEOUT|BF_READ_ERROR|BF_SHUTR_NOW)) ||
3347// (rep->flags & (BF_WRITE_TIMEOUT|BF_WRITE_ERROR|BF_SHUTW_NOW)) ||
3348// (!(req->flags & BF_SHUTR) && req->flags & (BF_READ_NULL|BF_SHUTW)) ||
3349// (!(rep->flags & BF_SHUTW) &&
3350// (rep->flags & (BF_EMPTY|BF_MAY_FORWARD|BF_SHUTR)) == (BF_EMPTY|BF_MAY_FORWARD|BF_SHUTR))))
3351// goto update_timeouts;
3352//
3353// /* read or write error */
3354// if (fdtab[t->cli_fd].state == FD_STERROR) {
3355// buffer_shutr(req);
3356// req->flags |= BF_READ_ERROR;
3357// buffer_shutw(rep);
3358// rep->flags |= BF_WRITE_ERROR;
3359// fd_delete(t->cli_fd);
3360// t->cli_state = CL_STCLOSE;
3361// trace_term(t, TT_HTTP_CLI_1);
3362// if (!req->analysers) {
3363// if (!(t->flags & SN_ERR_MASK))
3364// t->flags |= SN_ERR_CLICL;
3365// if (!(t->flags & SN_FINST_MASK)) {
3366// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3367// t->flags |= SN_FINST_Q;
3368// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3369// t->flags |= SN_FINST_C;
3370// else
3371// t->flags |= SN_FINST_D;
3372// }
3373// }
3374// goto update_state;
3375// }
3376// /* last read, or end of server write */
3377// else if (!(req->flags & BF_SHUTR) && /* not already done */
3378// req->flags & (BF_READ_NULL|BF_SHUTR_NOW|BF_SHUTW)) {
3379// buffer_shutr(req);
3380// if (!(rep->flags & BF_SHUTW)) {
3381// EV_FD_CLR(t->cli_fd, DIR_RD);
3382// trace_term(t, TT_HTTP_CLI_2);
3383// } else {
3384// /* output was already closed */
3385// fd_delete(t->cli_fd);
3386// t->cli_state = CL_STCLOSE;
3387// trace_term(t, TT_HTTP_CLI_3);
3388// }
3389// goto update_state;
3390// }
3391// /* last server read and buffer empty : we only check them when we're
3392// * allowed to forward the data.
3393// */
3394// else if (!(rep->flags & BF_SHUTW) && /* not already done */
3395// ((rep->flags & BF_SHUTW_NOW) ||
3396// (rep->flags & BF_EMPTY && rep->flags & BF_MAY_FORWARD &&
3397// rep->flags & BF_SHUTR && !(t->flags & SN_SELF_GEN)))) {
3398// buffer_shutw(rep);
3399// if (!(req->flags & BF_SHUTR)) {
3400// EV_FD_CLR(t->cli_fd, DIR_WR);
3401// shutdown(t->cli_fd, SHUT_WR);
3402// trace_term(t, TT_HTTP_CLI_4);
3403// } else {
3404// fd_delete(t->cli_fd);
3405// t->cli_state = CL_STCLOSE;
3406// trace_term(t, TT_HTTP_CLI_5);
3407// }
3408// goto update_state;
3409// }
3410// /* read timeout */
3411// else if ((req->flags & (BF_SHUTR|BF_READ_TIMEOUT)) == BF_READ_TIMEOUT) {
3412// buffer_shutr(req);
3413// if (!(rep->flags & BF_SHUTW)) {
3414// EV_FD_CLR(t->cli_fd, DIR_RD);
3415// trace_term(t, TT_HTTP_CLI_6);
3416// } else {
3417// /* output was already closed */
3418// fd_delete(t->cli_fd);
3419// t->cli_state = CL_STCLOSE;
3420// trace_term(t, TT_HTTP_CLI_7);
3421// }
3422// if (!req->analysers) {
3423// if (!(t->flags & SN_ERR_MASK))
3424// t->flags |= SN_ERR_CLITO;
3425// if (!(t->flags & SN_FINST_MASK)) {
3426// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3427// t->flags |= SN_FINST_Q;
3428// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3429// t->flags |= SN_FINST_C;
3430// else
3431// t->flags |= SN_FINST_D;
3432// }
3433// }
3434// goto update_state;
3435// }
3436// /* write timeout */
3437// else if ((rep->flags & (BF_SHUTW|BF_WRITE_TIMEOUT)) == BF_WRITE_TIMEOUT) {
3438// buffer_shutw(rep);
3439// if (!(req->flags & BF_SHUTR)) {
3440// EV_FD_CLR(t->cli_fd, DIR_WR);
3441// shutdown(t->cli_fd, SHUT_WR);
3442// trace_term(t, TT_HTTP_CLI_8);
3443// } else {
3444// fd_delete(t->cli_fd);
3445// t->cli_state = CL_STCLOSE;
3446// trace_term(t, TT_HTTP_CLI_9);
3447// }
3448// if (!req->analysers) {
3449// if (!(t->flags & SN_ERR_MASK))
3450// t->flags |= SN_ERR_CLITO;
3451// if (!(t->flags & SN_FINST_MASK)) {
3452// if (req->cons->err_type <= SI_ET_QUEUE_ABRT)
3453// t->flags |= SN_FINST_Q;
3454// else if (req->cons->err_type <= SI_ET_CONN_OTHER)
3455// t->flags |= SN_FINST_C;
3456// else
3457// t->flags |= SN_FINST_D;
3458// }
3459// }
3460// goto update_state;
3461// }
3462//
3463// update_timeouts:
3464// /* manage read timeout */
3465// if (!(req->flags & BF_SHUTR)) {
3466// if (req->flags & BF_FULL) {
3467// /* no room to read more data */
3468// if (EV_FD_COND_C(t->cli_fd, DIR_RD)) {
3469// /* stop reading until we get some space */
3470// req->rex = TICK_ETERNITY;
3471// }
3472// } else {
3473// EV_FD_COND_S(t->cli_fd, DIR_RD);
3474// req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
3475// }
3476// }
3477//
3478// /* manage write timeout */
3479// if (!(rep->flags & BF_SHUTW)) {
3480// /* first, we may have to produce data (eg: stats).
3481// * right now, this is limited to the SHUTR state.
3482// */
3483// if (req->flags & BF_SHUTR && t->flags & SN_SELF_GEN) {
3484// produce_content(t);
3485// if (rep->flags & BF_EMPTY) {
3486// buffer_shutw(rep);
3487// fd_delete(t->cli_fd);
3488// t->cli_state = CL_STCLOSE;
3489// trace_term(t, TT_HTTP_CLI_10);
3490// goto update_state;
3491// }
3492// }
3493//
3494// /* we don't enable client write if the buffer is empty, nor if the server has to analyze it */
3495// if ((rep->flags & (BF_EMPTY|BF_MAY_FORWARD)) != BF_MAY_FORWARD) {
3496// if (EV_FD_COND_C(t->cli_fd, DIR_WR)) {
3497// /* stop writing */
3498// rep->wex = TICK_ETERNITY;
3499// }
3500// } else {
3501// /* buffer not empty */
3502// EV_FD_COND_S(t->cli_fd, DIR_WR);
3503// if (!tick_isset(rep->wex)) {
3504// /* restart writing */
3505// rep->wex = tick_add_ifset(now_ms, t->fe->timeout.client);
3506// if (!(req->flags & BF_SHUTR) && tick_isset(rep->wex) && tick_isset(req->rex)) {
3507// /* FIXME: to prevent the client from expiring read timeouts during writes,
3508// * we refresh it, except if it was already infinite. */
3509// req->rex = rep->wex;
3510// }
3511// }
3512// }
3513// }
3514// return 0; /* other cases change nothing */
3515// }
3516// else if (t->cli_state == CL_STCLOSE) { /* CL_STCLOSE: nothing to do */
3517// if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3518// int len;
3519// len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n", t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)req->cons->fd);
3520// write(1, trash, len);
3521// }
3522// return 0;
3523// }
3524//#ifdef DEBUG_DEV
3525// fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->cli_state);
3526// ABORT_NOW();
3527//#endif
3528// return 0;
3529//}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003530
Willy Tarreaubaaee002006-06-26 02:48:02 +02003531
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003532/* Return 1 if the pending connection has failed and should be retried,
3533 * otherwise zero. We may only come here in SI_ST_CON state, which means that
3534 * the socket's file descriptor is known.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003535 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003536int tcp_connection_status(struct session *t)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003537{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003538 struct buffer *req = t->req;
3539 struct buffer *rep = t->rep;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003540 int conn_err = 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003541
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003542 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3543 now_ms, __FUNCTION__,
3544 cli_stnames[t->cli_state],
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003545 rep->rex, req->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003546 req->flags, rep->flags,
3547 req->l, rep->l);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003548
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003549 if ((req->flags & BF_SHUTW_NOW) ||
3550 (rep->flags & BF_SHUTW) ||
3551 ((req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
Willy Tarreau3da77c52008-08-29 09:58:42 +02003552 ((req->flags & BF_EMPTY && !(req->flags & BF_WRITE_ACTIVITY)) ||
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003553 t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
3554
3555 trace_term(t, TT_HTTP_SRV_5);
3556 req->wex = TICK_ETERNITY;
3557 fd_delete(req->cons->fd);
3558 if (t->srv) {
3559 t->srv->cur_sess--;
3560 sess_change_server(t, NULL);
3561 }
3562 /* note that this must not return any error because it would be able to
3563 * overwrite the client_retnclose() output.
3564 */
3565 //srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_C, 0, NULL);
3566
3567 // FIXME: should we set rep->MAY_FORWARD ?
3568 buffer_shutw(req);
3569 buffer_shutr(rep);
3570 req->cons->state = SI_ST_CLO;
3571 if (!req->cons->err_type)
3572 req->cons->err_type = SI_ET_CONN_ABRT;
3573 req->cons->err_loc = t->srv;
3574 return 0;
3575 }
3576
3577 /* check for timeouts and asynchronous connect errors */
3578 if (fdtab[req->cons->fd].state == FD_STERROR) {
3579 conn_err = SI_ET_CONN_ERR;
3580 if (!req->cons->err_type)
3581 req->cons->err_type = SI_ET_CONN_ERR;
3582 }
Willy Tarreau3da77c52008-08-29 09:58:42 +02003583 else if (!(req->flags & BF_WRITE_ACTIVITY)) {
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003584 /* nothing happened, maybe we timed out */
3585 if (tick_is_expired(req->wex, now_ms)) {
3586 conn_err = SI_ET_CONN_TO;
3587 if (!req->cons->err_type)
3588 req->cons->err_type = SI_ET_CONN_TO;
3589 }
3590 else
3591 return 0; /* let's wait a bit more */
3592 }
3593
3594 if (conn_err) {
3595 fd_delete(req->cons->fd);
3596 req->cons->state = SI_ST_CLO;
3597
3598 if (t->srv) {
3599 t->srv->cur_sess--;
3600 sess_change_server(t, NULL);
3601 req->cons->err_loc = t->srv;
3602 }
3603
3604 /* ensure that we have enough retries left */
3605 if (srv_count_retry_down(t, conn_err))
3606 return 0;
3607
3608 if (conn_err == SI_ET_CONN_ERR) {
3609 /* we encountered an immediate connection error, and we
3610 * will have to retry connecting to the same server, most
3611 * likely leading to the same result. To avoid this, we
3612 * fake a connection timeout to retry after a turn-around
3613 * time of 1 second. We will wait in the previous if block.
3614 */
3615 req->cons->state = SI_ST_TAR;
3616 req->wex = tick_add(now_ms, MS_TO_TICKS(1000));
3617 return 0;
3618 }
3619
3620 if (t->srv && t->conn_retries == 0 && t->be->options & PR_O_REDISP) {
3621 /* We're on our last chance, and the REDISP option was specified.
3622 * We will ignore cookie and force to balance or use the dispatcher.
3623 */
3624 /* let's try to offer this slot to anybody */
3625 if (may_dequeue_tasks(t->srv, t->be))
3626 process_srv_queue(t->srv);
3627
3628 /* it's left to the dispatcher to choose a server */
3629 t->flags &= ~(SN_DIRECT | SN_ASSIGNED | SN_ADDR_SET);
3630 t->prev_srv = t->srv;
3631 } else {
3632 /* we just want to retry */
3633 if (t->srv)
3634 t->srv->retries++;
3635 t->be->retries++;
3636
3637 /* Now we will try to either reconnect to the same server or
3638 * connect to another server. If the connection gets queued
3639 * because all servers are saturated, then we will go back to
3640 * the idle state where the buffer's consumer is marked as
3641 * unknown.
3642 */
3643 if (srv_retryable_connect(t)) {
3644 /* success or unrecoverable error */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003645 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003646 return 0;
3647 }
3648 }
3649
3650 /* We'll rely on the caller to try to get a connection again */
3651 return 1;
3652 }
3653 else {
3654 /* no error and write OK : connection succeeded */
3655 t->logs.t_connect = tv_ms_elapsed(&t->logs.tv_accept, &now);
3656 req->cons->state = SI_ST_EST;
3657 req->cons->err_type = SI_ET_NONE;
3658 req->cons->err_loc = NULL;
3659
3660 if (req->flags & BF_EMPTY) {
3661 EV_FD_CLR(req->cons->fd, DIR_WR);
3662 req->wex = TICK_ETERNITY;
3663 } else {
3664 EV_FD_SET(req->cons->fd, DIR_WR);
3665 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
3666 if (tick_isset(req->wex)) {
3667 /* FIXME: to prevent the server from expiring read timeouts during writes,
3668 * we refresh it. */
3669 rep->rex = req->wex;
3670 }
3671 }
3672
3673 if (t->be->mode == PR_MODE_TCP) { /* let's allow immediate data connection in this case */
3674 if (!(rep->flags & BF_HIJACK)) {
3675 EV_FD_SET(req->cons->fd, DIR_RD);
3676 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
3677 }
3678 buffer_set_rlim(rep, BUFSIZE); /* no rewrite needed */
3679
3680 /* if the user wants to log as soon as possible, without counting
3681 bytes from the server, then this is the right moment. */
3682 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3683 t->logs.t_close = t->logs.t_connect; /* to get a valid end date */
3684 tcp_sess_log(t);
3685 }
3686#ifdef CONFIG_HAP_TCPSPLICE
3687 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3688 /* TCP splicing supported by both FE and BE */
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003689 tcp_splice_splicefd(req->prod->fd, req->cons->fd, 0);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003690 }
3691#endif
3692 }
3693 else {
3694 rep->analysers |= AN_RTR_HTTP_HDR;
3695 buffer_set_rlim(rep, BUFSIZE - MAXREWRITE); /* rewrite needed */
3696 t->txn.rsp.msg_state = HTTP_MSG_RPBEFORE;
3697 /* reset hdr_idx which was already initialized by the request.
3698 * right now, the http parser does it.
3699 * hdr_idx_init(&t->txn.hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003700 */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003701 }
3702
Willy Tarreau9a2d1542008-08-30 12:31:07 +02003703 rep->flags |= BF_READ_ATTACHED; /* producer is now attached */
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003704 req->wex = TICK_ETERNITY;
3705 return 0;
3706 }
3707}
3708
3709
3710/*
3711 * This function tries to assign a server to a stream_sock interface.
3712 * It may be called only for t->req->cons->state = one of { SI_ST_INI,
3713 * SI_ST_TAR, SI_ST_QUE }. It returns one of those states, SI_ST_ASS
3714 * in case of success, or SI_ST_CLO in case of failure. It returns 1 if
3715 * it returns SI_ST_ASS, otherwise zero.
3716 */
3717int stream_sock_assign_server(struct session *t)
3718{
3719 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3720 now_ms, __FUNCTION__,
3721 cli_stnames[t->cli_state],
3722 t->rep->rex, t->req->wex,
3723 t->req->flags, t->rep->flags,
3724 t->req->l, t->rep->l);
3725
3726 if (t->req->cons->state == SI_ST_TAR) {
3727 /* connection might be aborted */
3728 if ((t->req->flags & BF_SHUTW_NOW) ||
3729 (t->rep->flags & BF_SHUTW) ||
3730 ((t->req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
3731 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003732
Willy Tarreauf8533202008-08-16 14:55:08 +02003733 trace_term(t, TT_HTTP_SRV_1);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003734 t->req->wex = TICK_ETERNITY;
3735
3736 // FIXME: should we set rep->MAY_FORWARD ?
3737 buffer_shutr(t->rep);
3738 buffer_shutw(t->req);
3739 if (!t->req->cons->err_type)
3740 t->req->cons->err_type = SI_ET_CONN_ABRT;
3741 t->req->cons->state = SI_ST_CLO;
3742 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003743 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003744
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003745 if (!tick_is_expired(t->req->wex, now_ms))
3746 return 0; /* still in turn-around */
3747
3748 t->req->cons->state = SI_ST_INI;
3749 }
3750 else if (t->req->cons->state == SI_ST_QUE) {
3751 if (t->pend_pos) {
3752 /* request still in queue... */
3753 if (tick_is_expired(t->req->wex, now_ms)) {
3754 /* ... and timeout expired */
3755 trace_term(t, TT_HTTP_SRV_3);
3756 t->req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003757 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003758 if (t->srv)
3759 t->srv->failed_conns++;
3760 t->be->failed_conns++;
3761
3762 // FIXME: should we set rep->MAY_FORWARD ?
3763 buffer_shutr(t->rep);
3764 buffer_shutw(t->req);
3765 t->req->flags |= BF_WRITE_TIMEOUT;
3766 if (!t->req->cons->err_type)
3767 t->req->cons->err_type = SI_ET_QUEUE_TO;
3768 t->req->cons->state = SI_ST_CLO;
3769 return 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003770 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003771 /* connection remains in queue, check if we have to abort it */
3772 if ((t->req->flags & BF_SHUTW_NOW) ||
3773 (t->rep->flags & BF_SHUTW) ||
3774 ((t->req->flags & BF_SHUTR) && /* FIXME: this should not prevent a connection from establishing */
3775 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) {
3776 /* give up */
3777 trace_term(t, TT_HTTP_SRV_1);
3778 t->req->wex = TICK_ETERNITY;
3779 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003780
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003781 // FIXME: should we set rep->MAY_FORWARD ?
3782 buffer_shutr(t->rep);
3783 buffer_shutw(t->req);
3784 if (!t->req->cons->err_type)
3785 t->req->cons->err_type = SI_ET_QUEUE_ABRT;
3786 t->req->cons->state = SI_ST_CLO;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003787 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003788 return 0;
3789 }
3790 /* The connection is not in the queue anymore */
3791 t->req->cons->state = SI_ST_INI;
3792 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003793
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003794 /* we may get here from above */
3795 if (t->req->cons->state == SI_ST_INI) {
3796 /* no connection in progress, we have to get a new one */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003797
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003798 /* first, check if the connection has been aborted */
3799 if ((t->req->flags & BF_SHUTW_NOW) ||
3800 (t->rep->flags & BF_SHUTW) ||
3801 ((t->req->flags & BF_SHUTR) &&
3802 (t->req->flags & BF_EMPTY || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003803
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003804 trace_term(t, TT_HTTP_SRV_1);
3805 t->req->wex = TICK_ETERNITY;
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003806
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003807 // FIXME: should we set rep->MAY_FORWARD ?
3808 buffer_shutr(t->rep);
3809 buffer_shutw(t->req);
3810 if (!t->req->cons->err_type)
3811 t->req->cons->err_type = SI_ET_CONN_ABRT;
3812 t->req->cons->state = SI_ST_CLO;
3813 return 0;
3814 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003815
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003816 /* try to get a server assigned */
3817 if (srv_redispatch_connect(t) != 0) {
3818 /* we did not get any server, let's check the cause */
3819 if (t->req->cons->state == SI_ST_QUE) {
3820 /* the connection was queued, that's OK */
3821 return 0;
3822 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003823
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003824 trace_term(t, TT_HTTP_SRV_2);
3825 t->req->wex = TICK_ETERNITY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003826
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003827 // FIXME: should we set rep->MAY_FORWARD ?
3828 buffer_shutr(t->rep);
3829 buffer_shutw(t->req);
3830 t->req->flags |= BF_WRITE_ERROR;
3831 if (!t->req->cons->err_type)
3832 t->req->cons->err_type = SI_ET_CONN_OTHER;
3833 t->req->cons->state = SI_ST_CLO;
3834 return 0;
3835 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003836
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003837 t->req->cons->state = SI_ST_ASS;
3838 /* Once the server is assigned, we have to return because
3839 * the caller might be interested in checking several
3840 * things before connecting.
3841 */
3842 return 1;
3843 }
3844 return 0;
3845}
Krzysztof Piotr Oledzkiefe3b6f2008-05-23 23:49:32 +02003846
Willy Tarreauf8533202008-08-16 14:55:08 +02003847
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003848/*
3849 * This function tries to establish a connection to an assigned server. It also
3850 * performs connection retries. It may only be called with t->req->cons->state
3851 * in { SI_ST_ASS, SI_ST_CON }. It may also set the state to SI_ST_INI,
3852 * SI_ST_EST, or SI_ST_CLO.
3853 */
3854int stream_sock_connect_server(struct session *t)
3855{
3856 if (t->req->cons->state == SI_ST_ASS) {
3857 /* server assigned to request, we have to try to connect now */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003858
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003859 if (!srv_retryable_connect(t)) {
3860 /* we need to redispatch */
3861 t->req->cons->state = SI_ST_INI;
3862 return 0;
3863 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003864
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003865 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3866 if (t->req->cons->state != SI_ST_CON) {
3867 /* it was an error */
3868 trace_term(t, TT_HTTP_SRV_4);
3869 t->req->wex = TICK_ETERNITY;
3870
3871 // FIXME: should we set rep->MAY_FORWARD ?
3872 buffer_shutr(t->rep);
3873 buffer_shutw(t->req);
3874 t->req->flags |= BF_WRITE_ERROR;
3875 if (!t->req->cons->err_type)
3876 t->req->cons->err_type = SI_ET_CONN_OTHER;
3877 t->req->cons->state = SI_ST_CLO;
3878 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003879 }
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003880 /* We have a socket and switched to SI_ST_CON */
3881 }
3882
3883 /* we may also get here from above */
3884 if (t->req->cons->state == SI_ST_CON) {
3885 /* connection in progress or just completed */
3886 if (!tcp_connection_status(t))
3887 return 0;
3888 }
3889 return 0;
3890}
3891
3892
3893/*
3894 * Tries to establish a connection to the server and associate it to the
3895 * request buffer's consumer side. It is assumed that this function will not be
Willy Tarreau3da77c52008-08-29 09:58:42 +02003896 * be called with SI_ST_EST nor with BF_WRITE_ENA cleared. It normally
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003897 * returns zero, but may return 1 if it absolutely wants to be called again.
3898 */
3899int process_srv_conn(struct session *t)
3900{
3901 DPRINTF(stderr,"[%u] %s: c=%s exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
3902 now_ms, __FUNCTION__,
3903 cli_stnames[t->cli_state],
3904 t->rep->rex, t->req->wex,
3905 t->req->flags, t->rep->flags,
3906 t->req->l, t->rep->l);
3907
3908 do {
3909 if (t->req->cons->state == SI_ST_INI ||
3910 t->req->cons->state == SI_ST_TAR ||
3911 t->req->cons->state == SI_ST_QUE) {
3912 /* try to assign a server */
3913 if (!stream_sock_assign_server(t))
3914 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003915 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003916
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003917 if (t->req->cons->state == SI_ST_ASS &&
3918 t->srv && t->srv->rdr_len && t->flags & SN_REDIRECTABLE) {
3919 /* Server supporting redirection and it is possible.
3920 * Invalid requests are reported as such. It concerns all
3921 * the largest ones.
3922 */
3923 struct http_txn *txn = &t->txn;
3924 struct chunk rdr;
3925 char *path;
3926 int len;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003927
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003928 /* 1: create the response header */
3929 rdr.len = strlen(HTTP_302);
3930 rdr.str = trash;
3931 memcpy(rdr.str, HTTP_302, rdr.len);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003932
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003933 /* 2: add the server's prefix */
3934 if (rdr.len + t->srv->rdr_len > sizeof(trash))
3935 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003936
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003937 memcpy(rdr.str + rdr.len, t->srv->rdr_pfx, t->srv->rdr_len);
3938 rdr.len += t->srv->rdr_len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003939
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003940 /* 3: add the request URI */
3941 path = http_get_path(txn);
3942 if (!path)
3943 goto cancel_redir;
3944 len = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
3945 if (rdr.len + len > sizeof(trash) - 4) /* 4 for CRLF-CRLF */
3946 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003947
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003948 memcpy(rdr.str + rdr.len, path, len);
3949 rdr.len += len;
3950 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
3951 rdr.len += 4;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003952
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003953 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
3954 trace_term(t, TT_HTTP_SRV_3);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003955
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003956 /* FIXME: we should increase a counter of redirects per server and per backend. */
3957 if (t->srv)
3958 t->srv->cum_sess++;
3959
3960 t->req->cons->state = SI_ST_CLO;
3961 return 0;
3962 cancel_redir:
3963 //txn->status = 400;
3964 //t->fe->failed_req++;
3965 //srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C,
3966 // 400, error_message(t, HTTP_ERR_400));
3967 trace_term(t, TT_HTTP_SRV_4);
3968
3969 // FIXME: should we set rep->MAY_FORWARD ?
3970 buffer_shutw(t->req);
3971 buffer_shutr(t->rep);
3972 if (!t->req->cons->err_type)
3973 t->req->cons->err_type = SI_ET_CONN_OTHER;
3974 t->req->cons->state = SI_ST_CLO;
3975 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003976 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003977
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003978 if (t->req->cons->state == SI_ST_CON ||
3979 t->req->cons->state == SI_ST_ASS) {
3980 stream_sock_connect_server(t);
3981 }
3982 } while (t->req->cons->state != SI_ST_CLO &&
3983 t->req->cons->state != SI_ST_CON &&
3984 t->req->cons->state != SI_ST_EST);
3985 return 0;
3986}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003987
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003988
Willy Tarreaubaaee002006-06-26 02:48:02 +02003989/*
3990 * Produces data for the session <s> depending on its source. Expects to be
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003991 * called with client socket shut down on input. Right now, only statistics can
Willy Tarreau72b179a2008-08-28 16:01:32 +02003992 * be produced. It stops by itself by unsetting the BF_HIJACK flag from the
3993 * buffer, which it uses to keep on being called when there is free space in
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003994 * the buffer, or simply by letting an empty buffer upon return. It returns 1
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003995 * when it wants to stop sending data, otherwise 0.
Willy Tarreaubaaee002006-06-26 02:48:02 +02003996 */
3997int produce_content(struct session *s)
3998{
Willy Tarreaubaaee002006-06-26 02:48:02 +02003999 if (s->data_source == DATA_SRC_NONE) {
Willy Tarreau72b179a2008-08-28 16:01:32 +02004000 buffer_stop_hijack(s->rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02004001 return 1;
4002 }
4003 else if (s->data_source == DATA_SRC_STATS) {
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01004004 /* dump server statistics */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01004005 int ret = stats_dump_http(s, s->be->uri_auth);
Willy Tarreau91861262007-10-17 17:06:05 +02004006 if (ret >= 0)
4007 return ret;
4008 /* -1 indicates an error */
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01004009 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004010
Willy Tarreau91861262007-10-17 17:06:05 +02004011 /* unknown data source or internal error */
4012 s->txn.status = 500;
4013 client_retnclose(s, error_message(s, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02004014 trace_term(s, TT_HTTP_CNT_1);
Willy Tarreau91861262007-10-17 17:06:05 +02004015 if (!(s->flags & SN_ERR_MASK))
4016 s->flags |= SN_ERR_PRXCOND;
4017 if (!(s->flags & SN_FINST_MASK))
4018 s->flags |= SN_FINST_R;
Willy Tarreau72b179a2008-08-28 16:01:32 +02004019 buffer_stop_hijack(s->rep);
Willy Tarreau91861262007-10-17 17:06:05 +02004020 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004021}
4022
4023
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004024/* Iterate the same filter through all request headers.
4025 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004026 * Since it can manage the switch to another backend, it updates the per-proxy
4027 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004028 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004029int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004030{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004031 char term;
4032 char *cur_ptr, *cur_end, *cur_next;
4033 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004034 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004035 struct hdr_idx_elem *cur_hdr;
4036 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01004037
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004038 last_hdr = 0;
4039
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004040 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004041 old_idx = 0;
4042
4043 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004044 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004045 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004046 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004047 (exp->action == ACT_ALLOW ||
4048 exp->action == ACT_DENY ||
4049 exp->action == ACT_TARPIT))
4050 return 0;
4051
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004052 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004053 if (!cur_idx)
4054 break;
4055
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004056 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004057 cur_ptr = cur_next;
4058 cur_end = cur_ptr + cur_hdr->len;
4059 cur_next = cur_end + cur_hdr->cr + 1;
4060
4061 /* Now we have one header between cur_ptr and cur_end,
4062 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004063 */
4064
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004065 /* The annoying part is that pattern matching needs
4066 * that we modify the contents to null-terminate all
4067 * strings before testing them.
4068 */
4069
4070 term = *cur_end;
4071 *cur_end = '\0';
4072
4073 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4074 switch (exp->action) {
4075 case ACT_SETBE:
4076 /* It is not possible to jump a second time.
4077 * FIXME: should we return an HTTP/500 here so that
4078 * the admin knows there's a problem ?
4079 */
4080 if (t->be != t->fe)
4081 break;
4082
4083 /* Swithing Proxy */
4084 t->be = (struct proxy *) exp->replace;
4085
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004086 /* right now, the backend switch is not overly complicated
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004087 * because we have associated req_cap and rsp_cap to the
4088 * frontend, and the beconn will be updated later.
4089 */
4090
Willy Tarreaud7c30f92007-12-03 01:38:36 +01004091 t->rep->rto = t->req->wto = t->be->timeout.server;
4092 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02004093 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004094 last_hdr = 1;
4095 break;
4096
4097 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004098 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004099 last_hdr = 1;
4100 break;
4101
4102 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004103 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004104 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004105 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004106 break;
4107
4108 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004109 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004110 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004111 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004112 break;
4113
4114 case ACT_REPLACE:
4115 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4116 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4117 /* FIXME: if the user adds a newline in the replacement, the
4118 * index will not be recalculated for now, and the new line
4119 * will not be counted as a new header.
4120 */
4121
4122 cur_end += delta;
4123 cur_next += delta;
4124 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004125 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004126 break;
4127
4128 case ACT_REMOVE:
4129 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
4130 cur_next += delta;
4131
4132 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004133 txn->req.eoh += delta;
4134 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4135 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004136 cur_hdr->len = 0;
4137 cur_end = NULL; /* null-term has been rewritten */
4138 break;
4139
4140 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004141 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004142 if (cur_end)
4143 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004144
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004145 /* keep the link from this header to next one in case of later
4146 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004147 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004148 old_idx = cur_idx;
4149 }
4150 return 0;
4151}
4152
4153
4154/* Apply the filter to the request line.
4155 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4156 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004157 * Since it can manage the switch to another backend, it updates the per-proxy
4158 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004159 */
4160int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
4161{
4162 char term;
4163 char *cur_ptr, *cur_end;
4164 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004165 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004166 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004167
Willy Tarreau58f10d72006-12-04 02:26:12 +01004168
Willy Tarreau3d300592007-03-18 18:34:41 +01004169 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004170 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004171 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004172 (exp->action == ACT_ALLOW ||
4173 exp->action == ACT_DENY ||
4174 exp->action == ACT_TARPIT))
4175 return 0;
4176 else if (exp->action == ACT_REMOVE)
4177 return 0;
4178
4179 done = 0;
4180
Willy Tarreau9cdde232007-05-02 20:58:19 +02004181 cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004182 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004183
4184 /* Now we have the request line between cur_ptr and cur_end */
4185
4186 /* The annoying part is that pattern matching needs
4187 * that we modify the contents to null-terminate all
4188 * strings before testing them.
4189 */
4190
4191 term = *cur_end;
4192 *cur_end = '\0';
4193
4194 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4195 switch (exp->action) {
4196 case ACT_SETBE:
4197 /* It is not possible to jump a second time.
4198 * FIXME: should we return an HTTP/500 here so that
4199 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01004200 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004201 if (t->be != t->fe)
4202 break;
4203
4204 /* Swithing Proxy */
4205 t->be = (struct proxy *) exp->replace;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004206
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004207 /* right now, the backend switch is not too much complicated
4208 * because we have associated req_cap and rsp_cap to the
4209 * frontend, and the beconn will be updated later.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004210 */
4211
Willy Tarreaud7c30f92007-12-03 01:38:36 +01004212 t->rep->rto = t->req->wto = t->be->timeout.server;
4213 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02004214 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004215 done = 1;
4216 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004217
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004218 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004219 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004220 done = 1;
4221 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004222
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004223 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004224 txn->flags |= TX_CLDENY;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004225 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004226 done = 1;
4227 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004228
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004229 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004230 txn->flags |= TX_CLTARPIT;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004231 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004232 done = 1;
4233 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004234
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004235 case ACT_REPLACE:
4236 *cur_end = term; /* restore the string terminator */
4237 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4238 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4239 /* FIXME: if the user adds a newline in the replacement, the
4240 * index will not be recalculated for now, and the new line
4241 * will not be counted as a new header.
4242 */
Willy Tarreaua496b602006-12-17 23:15:24 +01004243
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004244 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004245 cur_end += delta;
Willy Tarreaua496b602006-12-17 23:15:24 +01004246
Willy Tarreau9cdde232007-05-02 20:58:19 +02004247 txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004248 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004249 HTTP_MSG_RQMETH,
4250 cur_ptr, cur_end + 1,
4251 NULL, NULL);
4252 if (unlikely(!cur_end))
4253 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01004254
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004255 /* we have a full request and we know that we have either a CR
4256 * or an LF at <ptr>.
4257 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004258 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
4259 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004260 /* there is no point trying this regex on headers */
4261 return 1;
4262 }
4263 }
4264 *cur_end = term; /* restore the string terminator */
4265 return done;
4266}
Willy Tarreau97de6242006-12-27 17:18:38 +01004267
Willy Tarreau58f10d72006-12-04 02:26:12 +01004268
Willy Tarreau58f10d72006-12-04 02:26:12 +01004269
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004270/*
4271 * Apply all the req filters <exp> to all headers in buffer <req> of session <t>.
4272 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01004273 * unparsable request. Since it can manage the switch to another backend, it
4274 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004275 */
4276int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
4277{
Willy Tarreau3d300592007-03-18 18:34:41 +01004278 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004279 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004280 while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004281 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004282
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004283 /*
4284 * The interleaving of transformations and verdicts
4285 * makes it difficult to decide to continue or stop
4286 * the evaluation.
4287 */
4288
Willy Tarreau3d300592007-03-18 18:34:41 +01004289 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004290 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4291 exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
4292 exp = exp->next;
4293 continue;
4294 }
4295
4296 /* Apply the filter to the request line. */
4297 ret = apply_filter_to_req_line(t, req, exp);
4298 if (unlikely(ret < 0))
4299 return -1;
4300
4301 if (likely(ret == 0)) {
4302 /* The filter did not match the request, it can be
4303 * iterated through all headers.
4304 */
4305 apply_filter_to_req_headers(t, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004306 }
4307 exp = exp->next;
4308 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004309 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004310}
4311
4312
Willy Tarreaua15645d2007-03-18 16:22:39 +01004313
Willy Tarreau58f10d72006-12-04 02:26:12 +01004314/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004315 * Manage client-side cookie. It can impact performance by about 2% so it is
4316 * desirable to call it only when needed.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004317 */
4318void manage_client_side_cookies(struct session *t, struct buffer *req)
4319{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004320 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004321 char *p1, *p2, *p3, *p4;
4322 char *del_colon, *del_cookie, *colon;
4323 int app_cookies;
4324
4325 appsess *asession_temp = NULL;
4326 appsess local_asession;
4327
4328 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004329 int cur_idx, old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004330
Willy Tarreau2a324282006-12-05 00:05:46 +01004331 /* Iterate through the headers.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004332 * we start with the start line.
4333 */
Willy Tarreau83969f42007-01-22 08:55:47 +01004334 old_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004335 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004336
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004337 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004338 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004339 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004340
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004341 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau58f10d72006-12-04 02:26:12 +01004342 cur_ptr = cur_next;
4343 cur_end = cur_ptr + cur_hdr->len;
4344 cur_next = cur_end + cur_hdr->cr + 1;
4345
4346 /* We have one full header between cur_ptr and cur_end, and the
4347 * next header starts at cur_next. We're only interested in
4348 * "Cookie:" headers.
4349 */
4350
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004351 val = http_header_match2(cur_ptr, cur_end, "Cookie", 6);
4352 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004353 old_idx = cur_idx;
4354 continue;
4355 }
4356
4357 /* Now look for cookies. Conforming to RFC2109, we have to support
4358 * attributes whose name begin with a '$', and associate them with
4359 * the right cookie, if we want to delete this cookie.
4360 * So there are 3 cases for each cookie read :
4361 * 1) it's a special attribute, beginning with a '$' : ignore it.
4362 * 2) it's a server id cookie that we *MAY* want to delete : save
4363 * some pointers on it (last semi-colon, beginning of cookie...)
4364 * 3) it's an application cookie : we *MAY* have to delete a previous
4365 * "special" cookie.
4366 * At the end of loop, if a "special" cookie remains, we may have to
4367 * remove it. If no application cookie persists in the header, we
4368 * *MUST* delete it
4369 */
4370
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004371 colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004372
Willy Tarreau58f10d72006-12-04 02:26:12 +01004373 /* del_cookie == NULL => nothing to be deleted */
4374 del_colon = del_cookie = NULL;
4375 app_cookies = 0;
4376
4377 while (p1 < cur_end) {
4378 /* skip spaces and colons, but keep an eye on these ones */
4379 while (p1 < cur_end) {
4380 if (*p1 == ';' || *p1 == ',')
4381 colon = p1;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004382 else if (!isspace((unsigned char)*p1))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004383 break;
4384 p1++;
4385 }
4386
4387 if (p1 == cur_end)
4388 break;
4389
4390 /* p1 is at the beginning of the cookie name */
4391 p2 = p1;
4392 while (p2 < cur_end && *p2 != '=')
4393 p2++;
4394
4395 if (p2 == cur_end)
4396 break;
4397
4398 p3 = p2 + 1; /* skips the '=' sign */
4399 if (p3 == cur_end)
4400 break;
4401
4402 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004403 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';' && *p4 != ',')
Willy Tarreau58f10d72006-12-04 02:26:12 +01004404 p4++;
4405
4406 /* here, we have the cookie name between p1 and p2,
4407 * and its value between p3 and p4.
4408 * we can process it :
4409 *
4410 * Cookie: NAME=VALUE;
4411 * | || || |
4412 * | || || +--> p4
4413 * | || |+-------> p3
4414 * | || +--------> p2
4415 * | |+------------> p1
4416 * | +-------------> colon
4417 * +--------------------> cur_ptr
4418 */
4419
4420 if (*p1 == '$') {
4421 /* skip this one */
4422 }
4423 else {
4424 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004425 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004426 txn->cli_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004427 (p4 - p1 >= t->fe->capture_namelen) &&
4428 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004429 int log_len = p4 - p1;
4430
Willy Tarreau086b3b42007-05-13 21:45:51 +02004431 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004432 Alert("HTTP logging : out of memory.\n");
4433 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004434 if (log_len > t->fe->capture_len)
4435 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004436 memcpy(txn->cli_cookie, p1, log_len);
4437 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004438 }
4439 }
4440
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004441 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4442 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004443 /* Cool... it's the right one */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004444 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004445 char *delim;
4446
4447 /* if we're in cookie prefix mode, we'll search the delimitor so that we
4448 * have the server ID betweek p3 and delim, and the original cookie between
4449 * delim+1 and p4. Otherwise, delim==p4 :
4450 *
4451 * Cookie: NAME=SRV~VALUE;
4452 * | || || | |
4453 * | || || | +--> p4
4454 * | || || +--------> delim
4455 * | || |+-----------> p3
4456 * | || +------------> p2
4457 * | |+----------------> p1
4458 * | +-----------------> colon
4459 * +------------------------> cur_ptr
4460 */
4461
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004462 if (t->be->options & PR_O_COOK_PFX) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004463 for (delim = p3; delim < p4; delim++)
4464 if (*delim == COOKIE_DELIM)
4465 break;
4466 }
4467 else
4468 delim = p4;
4469
4470
4471 /* Here, we'll look for the first running server which supports the cookie.
4472 * This allows to share a same cookie between several servers, for example
4473 * to dedicate backup servers to specific servers only.
4474 * However, to prevent clients from sticking to cookie-less backup server
4475 * when they have incidentely learned an empty cookie, we simply ignore
4476 * empty cookies and mark them as invalid.
4477 */
4478 if (delim == p3)
4479 srv = NULL;
4480
4481 while (srv) {
Willy Tarreau92f2ab12007-02-02 22:14:47 +01004482 if (srv->cookie && (srv->cklen == delim - p3) &&
4483 !memcmp(p3, srv->cookie, delim - p3)) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004484 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004485 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004486 txn->flags &= ~TX_CK_MASK;
4487 txn->flags |= TX_CK_VALID;
4488 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004489 t->srv = srv;
4490 break;
4491 } else {
4492 /* we found a server, but it's down */
Willy Tarreau3d300592007-03-18 18:34:41 +01004493 txn->flags &= ~TX_CK_MASK;
4494 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004495 }
4496 }
4497 srv = srv->next;
4498 }
4499
Willy Tarreau3d300592007-03-18 18:34:41 +01004500 if (!srv && !(txn->flags & TX_CK_DOWN)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004501 /* no server matched this cookie */
Willy Tarreau3d300592007-03-18 18:34:41 +01004502 txn->flags &= ~TX_CK_MASK;
4503 txn->flags |= TX_CK_INVALID;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004504 }
4505
4506 /* depending on the cookie mode, we may have to either :
4507 * - delete the complete cookie if we're in insert+indirect mode, so that
4508 * the server never sees it ;
4509 * - remove the server id from the cookie value, and tag the cookie as an
4510 * application cookie so that it does not get accidentely removed later,
4511 * if we're in cookie prefix mode
4512 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004513 if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004514 int delta; /* negative */
4515
4516 delta = buffer_replace2(req, p3, delim + 1, NULL, 0);
4517 p4 += delta;
4518 cur_end += delta;
4519 cur_next += delta;
4520 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004521 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004522
4523 del_cookie = del_colon = NULL;
4524 app_cookies++; /* protect the header from deletion */
4525 }
4526 else if (del_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004527 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004528 del_cookie = p1;
4529 del_colon = colon;
4530 }
4531 } else {
4532 /* now we know that we must keep this cookie since it's
4533 * not ours. But if we wanted to delete our cookie
4534 * earlier, we cannot remove the complete header, but we
4535 * can remove the previous block itself.
4536 */
4537 app_cookies++;
4538
4539 if (del_cookie != NULL) {
4540 int delta; /* negative */
4541
4542 delta = buffer_replace2(req, del_cookie, p1, NULL, 0);
4543 p4 += delta;
4544 cur_end += delta;
4545 cur_next += delta;
4546 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004547 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004548 del_cookie = del_colon = NULL;
4549 }
4550 }
4551
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004552 if ((t->be->appsession_name != NULL) &&
4553 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004554 /* first, let's see if the cookie is our appcookie*/
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004555
Willy Tarreau58f10d72006-12-04 02:26:12 +01004556 /* Cool... it's the right one */
4557
4558 asession_temp = &local_asession;
4559
Willy Tarreau63963c62007-05-13 21:29:55 +02004560 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004561 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4562 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4563 return;
4564 }
4565
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004566 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4567 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004568 asession_temp->serverid = NULL;
Willy Tarreau51041c72007-09-09 21:56:53 +02004569
Willy Tarreau58f10d72006-12-04 02:26:12 +01004570 /* only do insert, if lookup fails */
Willy Tarreau51041c72007-09-09 21:56:53 +02004571 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4572 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004573 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004574 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004575 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004576 Alert("Not enough memory process_cli():asession:calloc().\n");
4577 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4578 return;
4579 }
4580
4581 asession_temp->sessid = local_asession.sessid;
4582 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004583 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004584 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004585 } else {
4586 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004587 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004588 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004589 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004590 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004591 Alert("Found Application Session without matching server.\n");
4592 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004593 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004594 while (srv) {
4595 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004596 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004597 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004598 txn->flags &= ~TX_CK_MASK;
4599 txn->flags |= TX_CK_VALID;
4600 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004601 t->srv = srv;
4602 break;
4603 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01004604 txn->flags &= ~TX_CK_MASK;
4605 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004606 }
4607 }
4608 srv = srv->next;
4609 }/* end while(srv) */
4610 }/* end else if server == NULL */
4611
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004612 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004613 asession_temp->request_count++;
4614#if defined(DEBUG_HASH)
4615 Alert("manage_client_side_cookies\n");
4616 appsession_hash_dump(&(t->be->htbl_proxy));
4617#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01004618 }/* end if ((t->proxy->appsession_name != NULL) ... */
4619 }
4620
4621 /* we'll have to look for another cookie ... */
4622 p1 = p4;
4623 } /* while (p1 < cur_end) */
4624
4625 /* There's no more cookie on this line.
4626 * We may have marked the last one(s) for deletion.
4627 * We must do this now in two ways :
4628 * - if there is no app cookie, we simply delete the header ;
4629 * - if there are app cookies, we must delete the end of the
4630 * string properly, including the colon/semi-colon before
4631 * the cookie name.
4632 */
4633 if (del_cookie != NULL) {
4634 int delta;
4635 if (app_cookies) {
4636 delta = buffer_replace2(req, del_colon, cur_end, NULL, 0);
4637 cur_end = del_colon;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004638 cur_hdr->len += delta;
4639 } else {
4640 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004641
4642 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004643 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4644 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004645 cur_hdr->len = 0;
4646 }
Willy Tarreau45e73e32006-12-17 00:05:15 +01004647 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004648 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004649 }
4650
4651 /* keep the link from this header to next one */
4652 old_idx = cur_idx;
4653 } /* end of cookie processing on this header */
4654}
4655
4656
Willy Tarreaua15645d2007-03-18 16:22:39 +01004657/* Iterate the same filter through all response headers contained in <rtr>.
4658 * Returns 1 if this filter can be stopped upon return, otherwise 0.
4659 */
4660int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4661{
4662 char term;
4663 char *cur_ptr, *cur_end, *cur_next;
4664 int cur_idx, old_idx, last_hdr;
4665 struct http_txn *txn = &t->txn;
4666 struct hdr_idx_elem *cur_hdr;
4667 int len, delta;
4668
4669 last_hdr = 0;
4670
4671 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4672 old_idx = 0;
4673
4674 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004675 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004676 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004677 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004678 (exp->action == ACT_ALLOW ||
4679 exp->action == ACT_DENY))
4680 return 0;
4681
4682 cur_idx = txn->hdr_idx.v[old_idx].next;
4683 if (!cur_idx)
4684 break;
4685
4686 cur_hdr = &txn->hdr_idx.v[cur_idx];
4687 cur_ptr = cur_next;
4688 cur_end = cur_ptr + cur_hdr->len;
4689 cur_next = cur_end + cur_hdr->cr + 1;
4690
4691 /* Now we have one header between cur_ptr and cur_end,
4692 * and the next header starts at cur_next.
4693 */
4694
4695 /* The annoying part is that pattern matching needs
4696 * that we modify the contents to null-terminate all
4697 * strings before testing them.
4698 */
4699
4700 term = *cur_end;
4701 *cur_end = '\0';
4702
4703 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4704 switch (exp->action) {
4705 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004706 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004707 last_hdr = 1;
4708 break;
4709
4710 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004711 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004712 last_hdr = 1;
4713 break;
4714
4715 case ACT_REPLACE:
4716 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4717 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4718 /* FIXME: if the user adds a newline in the replacement, the
4719 * index will not be recalculated for now, and the new line
4720 * will not be counted as a new header.
4721 */
4722
4723 cur_end += delta;
4724 cur_next += delta;
4725 cur_hdr->len += delta;
4726 txn->rsp.eoh += delta;
4727 break;
4728
4729 case ACT_REMOVE:
4730 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4731 cur_next += delta;
4732
4733 /* FIXME: this should be a separate function */
4734 txn->rsp.eoh += delta;
4735 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4736 txn->hdr_idx.used--;
4737 cur_hdr->len = 0;
4738 cur_end = NULL; /* null-term has been rewritten */
4739 break;
4740
4741 }
4742 }
4743 if (cur_end)
4744 *cur_end = term; /* restore the string terminator */
4745
4746 /* keep the link from this header to next one in case of later
4747 * removal of next header.
4748 */
4749 old_idx = cur_idx;
4750 }
4751 return 0;
4752}
4753
4754
4755/* Apply the filter to the status line in the response buffer <rtr>.
4756 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4757 * or -1 if a replacement resulted in an invalid status line.
4758 */
4759int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4760{
4761 char term;
4762 char *cur_ptr, *cur_end;
4763 int done;
4764 struct http_txn *txn = &t->txn;
4765 int len, delta;
4766
4767
Willy Tarreau3d300592007-03-18 18:34:41 +01004768 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004769 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004770 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004771 (exp->action == ACT_ALLOW ||
4772 exp->action == ACT_DENY))
4773 return 0;
4774 else if (exp->action == ACT_REMOVE)
4775 return 0;
4776
4777 done = 0;
4778
Willy Tarreau9cdde232007-05-02 20:58:19 +02004779 cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004780 cur_end = cur_ptr + txn->rsp.sl.rq.l;
4781
4782 /* Now we have the status line between cur_ptr and cur_end */
4783
4784 /* The annoying part is that pattern matching needs
4785 * that we modify the contents to null-terminate all
4786 * strings before testing them.
4787 */
4788
4789 term = *cur_end;
4790 *cur_end = '\0';
4791
4792 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4793 switch (exp->action) {
4794 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004795 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004796 done = 1;
4797 break;
4798
4799 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004800 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004801 done = 1;
4802 break;
4803
4804 case ACT_REPLACE:
4805 *cur_end = term; /* restore the string terminator */
4806 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4807 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4808 /* FIXME: if the user adds a newline in the replacement, the
4809 * index will not be recalculated for now, and the new line
4810 * will not be counted as a new header.
4811 */
4812
4813 txn->rsp.eoh += delta;
4814 cur_end += delta;
4815
Willy Tarreau9cdde232007-05-02 20:58:19 +02004816 txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004817 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02004818 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01004819 cur_ptr, cur_end + 1,
4820 NULL, NULL);
4821 if (unlikely(!cur_end))
4822 return -1;
4823
4824 /* we have a full respnse and we know that we have either a CR
4825 * or an LF at <ptr>.
4826 */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004827 txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004828 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r');
4829 /* there is no point trying this regex on headers */
4830 return 1;
4831 }
4832 }
4833 *cur_end = term; /* restore the string terminator */
4834 return done;
4835}
4836
4837
4838
4839/*
4840 * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>.
4841 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
4842 * unparsable response.
4843 */
4844int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4845{
Willy Tarreau3d300592007-03-18 18:34:41 +01004846 struct http_txn *txn = &t->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004847 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004848 while (exp && !(txn->flags & TX_SVDENY)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004849 int ret;
4850
4851 /*
4852 * The interleaving of transformations and verdicts
4853 * makes it difficult to decide to continue or stop
4854 * the evaluation.
4855 */
4856
Willy Tarreau3d300592007-03-18 18:34:41 +01004857 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004858 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4859 exp->action == ACT_PASS)) {
4860 exp = exp->next;
4861 continue;
4862 }
4863
4864 /* Apply the filter to the status line. */
4865 ret = apply_filter_to_sts_line(t, rtr, exp);
4866 if (unlikely(ret < 0))
4867 return -1;
4868
4869 if (likely(ret == 0)) {
4870 /* The filter did not match the response, it can be
4871 * iterated through all headers.
4872 */
4873 apply_filter_to_resp_headers(t, rtr, exp);
4874 }
4875 exp = exp->next;
4876 }
4877 return 0;
4878}
4879
4880
4881
4882/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004883 * Manage server-side cookies. It can impact performance by about 2% so it is
4884 * desirable to call it only when needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004885 */
4886void manage_server_side_cookies(struct session *t, struct buffer *rtr)
4887{
4888 struct http_txn *txn = &t->txn;
4889 char *p1, *p2, *p3, *p4;
4890
4891 appsess *asession_temp = NULL;
4892 appsess local_asession;
4893
4894 char *cur_ptr, *cur_end, *cur_next;
4895 int cur_idx, old_idx, delta;
4896
Willy Tarreaua15645d2007-03-18 16:22:39 +01004897 /* Iterate through the headers.
4898 * we start with the start line.
4899 */
4900 old_idx = 0;
4901 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4902
4903 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
4904 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004905 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004906
4907 cur_hdr = &txn->hdr_idx.v[cur_idx];
4908 cur_ptr = cur_next;
4909 cur_end = cur_ptr + cur_hdr->len;
4910 cur_next = cur_end + cur_hdr->cr + 1;
4911
4912 /* We have one full header between cur_ptr and cur_end, and the
4913 * next header starts at cur_next. We're only interested in
4914 * "Cookie:" headers.
4915 */
4916
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004917 val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10);
4918 if (!val) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004919 old_idx = cur_idx;
4920 continue;
4921 }
4922
4923 /* OK, right now we know we have a set-cookie at cur_ptr */
Willy Tarreau3d300592007-03-18 18:34:41 +01004924 txn->flags |= TX_SCK_ANY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004925
4926
4927 /* maybe we only wanted to see if there was a set-cookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004928 if (t->be->cookie_name == NULL &&
4929 t->be->appsession_name == NULL &&
4930 t->be->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004931 return;
4932
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004933 p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004934
4935 while (p1 < cur_end) { /* in fact, we'll break after the first cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004936 if (p1 == cur_end || *p1 == ';') /* end of cookie */
4937 break;
4938
4939 /* p1 is at the beginning of the cookie name */
4940 p2 = p1;
4941
4942 while (p2 < cur_end && *p2 != '=' && *p2 != ';')
4943 p2++;
4944
4945 if (p2 == cur_end || *p2 == ';') /* next cookie */
4946 break;
4947
4948 p3 = p2 + 1; /* skip the '=' sign */
4949 if (p3 == cur_end)
4950 break;
4951
4952 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004953 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';')
Willy Tarreaua15645d2007-03-18 16:22:39 +01004954 p4++;
4955
4956 /* here, we have the cookie name between p1 and p2,
4957 * and its value between p3 and p4.
4958 * we can process it.
4959 */
4960
4961 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004962 if (t->be->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004963 txn->srv_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004964 (p4 - p1 >= t->be->capture_namelen) &&
4965 memcmp(p1, t->be->capture_name, t->be->capture_namelen) == 0) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004966 int log_len = p4 - p1;
4967
Willy Tarreau086b3b42007-05-13 21:45:51 +02004968 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004969 Alert("HTTP logging : out of memory.\n");
4970 }
4971
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004972 if (log_len > t->be->capture_len)
4973 log_len = t->be->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004974 memcpy(txn->srv_cookie, p1, log_len);
4975 txn->srv_cookie[log_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004976 }
4977
4978 /* now check if we need to process it for persistence */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004979 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4980 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004981 /* Cool... it's the right one */
Willy Tarreau3d300592007-03-18 18:34:41 +01004982 txn->flags |= TX_SCK_SEEN;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004983
4984 /* If the cookie is in insert mode on a known server, we'll delete
4985 * this occurrence because we'll insert another one later.
4986 * We'll delete it too if the "indirect" option is set and we're in
4987 * a direct access. */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004988 if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
4989 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004990 /* this header must be deleted */
4991 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4992 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4993 txn->hdr_idx.used--;
4994 cur_hdr->len = 0;
4995 cur_next += delta;
4996 txn->rsp.eoh += delta;
4997
Willy Tarreau3d300592007-03-18 18:34:41 +01004998 txn->flags |= TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004999 }
5000 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005001 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005002 /* replace bytes p3->p4 with the cookie name associated
5003 * with this server since we know it.
5004 */
5005 delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen);
5006 cur_hdr->len += delta;
5007 cur_next += delta;
5008 txn->rsp.eoh += delta;
5009
Willy Tarreau3d300592007-03-18 18:34:41 +01005010 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005011 }
5012 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005013 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005014 /* insert the cookie name associated with this server
5015 * before existing cookie, and insert a delimitor between them..
5016 */
5017 delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1);
5018 cur_hdr->len += delta;
5019 cur_next += delta;
5020 txn->rsp.eoh += delta;
5021
5022 p3[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreau3d300592007-03-18 18:34:41 +01005023 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005024 }
5025 }
5026 /* next, let's see if the cookie is our appcookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005027 else if ((t->be->appsession_name != NULL) &&
5028 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005029
5030 /* Cool... it's the right one */
5031
5032 size_t server_id_len = strlen(t->srv->id) + 1;
5033 asession_temp = &local_asession;
5034
Willy Tarreau63963c62007-05-13 21:29:55 +02005035 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005036 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5037 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5038 return;
5039 }
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005040 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
5041 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005042 asession_temp->serverid = NULL;
5043
5044 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01005045 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
5046 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005047 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005048 Alert("Not enough Memory process_srv():asession:calloc().\n");
5049 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
5050 return;
5051 }
5052 asession_temp->sessid = local_asession.sessid;
5053 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005054 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02005055 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
5056 } else {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005057 /* free wasted memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005058 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau51041c72007-09-09 21:56:53 +02005059 }
5060
Willy Tarreaua15645d2007-03-18 16:22:39 +01005061 if (asession_temp->serverid == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005062 if ((asession_temp->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005063 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5064 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5065 return;
5066 }
5067 asession_temp->serverid[0] = '\0';
5068 }
5069
5070 if (asession_temp->serverid[0] == '\0')
5071 memcpy(asession_temp->serverid, t->srv->id, server_id_len);
5072
Willy Tarreau0c303ee2008-07-07 00:09:58 +02005073 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005074 asession_temp->request_count++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005075#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005076 Alert("manage_server_side_cookies\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005077 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreaua15645d2007-03-18 16:22:39 +01005078#endif
5079 }/* end if ((t->proxy->appsession_name != NULL) ... */
5080 break; /* we don't want to loop again since there cannot be another cookie on the same line */
5081 } /* we're now at the end of the cookie value */
5082
5083 /* keep the link from this header to next one */
5084 old_idx = cur_idx;
5085 } /* end of cookie processing on this header */
5086}
5087
5088
5089
5090/*
5091 * Check if response is cacheable or not. Updates t->flags.
5092 */
5093void check_response_for_cacheability(struct session *t, struct buffer *rtr)
5094{
5095 struct http_txn *txn = &t->txn;
5096 char *p1, *p2;
5097
5098 char *cur_ptr, *cur_end, *cur_next;
5099 int cur_idx;
5100
Willy Tarreau5df51872007-11-25 16:20:08 +01005101 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005102 return;
5103
5104 /* Iterate through the headers.
5105 * we start with the start line.
5106 */
5107 cur_idx = 0;
5108 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
5109
5110 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5111 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005112 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005113
5114 cur_hdr = &txn->hdr_idx.v[cur_idx];
5115 cur_ptr = cur_next;
5116 cur_end = cur_ptr + cur_hdr->len;
5117 cur_next = cur_end + cur_hdr->cr + 1;
5118
5119 /* We have one full header between cur_ptr and cur_end, and the
5120 * next header starts at cur_next. We're only interested in
5121 * "Cookie:" headers.
5122 */
5123
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005124 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
5125 if (val) {
5126 if ((cur_end - (cur_ptr + val) >= 8) &&
5127 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
5128 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5129 return;
5130 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005131 }
5132
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005133 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
5134 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01005135 continue;
5136
5137 /* OK, right now we know we have a cache-control header at cur_ptr */
5138
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005139 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005140
5141 if (p1 >= cur_end) /* no more info */
5142 continue;
5143
5144 /* p1 is at the beginning of the value */
5145 p2 = p1;
5146
Willy Tarreau8f8e6452007-06-17 21:51:38 +02005147 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005148 p2++;
5149
5150 /* we have a complete value between p1 and p2 */
5151 if (p2 < cur_end && *p2 == '=') {
5152 /* we have something of the form no-cache="set-cookie" */
5153 if ((cur_end - p1 >= 21) &&
5154 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
5155 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01005156 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005157 continue;
5158 }
5159
5160 /* OK, so we know that either p2 points to the end of string or to a comma */
5161 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
5162 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
5163 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
5164 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005165 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005166 return;
5167 }
5168
5169 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005170 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005171 continue;
5172 }
5173 }
5174}
5175
5176
Willy Tarreau58f10d72006-12-04 02:26:12 +01005177/*
5178 * Try to retrieve a known appsession in the URI, then the associated server.
5179 * If the server is found, it's assigned to the session.
5180 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005181void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005182{
Willy Tarreau3d300592007-03-18 18:34:41 +01005183 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005184 appsess *asession_temp = NULL;
5185 appsess local_asession;
5186 char *request_line;
5187
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005188 if (t->be->appsession_name == NULL ||
Willy Tarreaub326fcc2007-03-03 13:54:32 +01005189 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST) ||
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005190 (request_line = memchr(begin, ';', len)) == NULL ||
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005191 ((1 + t->be->appsession_name_len + 1 + t->be->appsession_len) > (begin + len - request_line)))
Willy Tarreau58f10d72006-12-04 02:26:12 +01005192 return;
5193
5194 /* skip ';' */
5195 request_line++;
5196
5197 /* look if we have a jsessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005198 if (strncasecmp(request_line, t->be->appsession_name, t->be->appsession_name_len) != 0)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005199 return;
5200
5201 /* skip jsessionid= */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005202 request_line += t->be->appsession_name_len + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005203
5204 /* First try if we already have an appsession */
5205 asession_temp = &local_asession;
5206
Willy Tarreau63963c62007-05-13 21:29:55 +02005207 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005208 Alert("Not enough memory process_cli():asession_temp->sessid:calloc().\n");
5209 send_log(t->be, LOG_ALERT, "Not enough Memory process_cli():asession_temp->sessid:calloc().\n");
5210 return;
5211 }
5212
5213 /* Copy the sessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005214 memcpy(asession_temp->sessid, request_line, t->be->appsession_len);
5215 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005216 asession_temp->serverid = NULL;
5217
5218 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01005219 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
5220 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02005221 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005222 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005223 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005224 Alert("Not enough memory process_cli():asession:calloc().\n");
5225 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
5226 return;
5227 }
5228 asession_temp->sessid = local_asession.sessid;
5229 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005230 asession_temp->request_count=0;
Willy Tarreau51041c72007-09-09 21:56:53 +02005231 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005232 }
5233 else {
5234 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02005235 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005236 }
Willy Tarreau51041c72007-09-09 21:56:53 +02005237
Willy Tarreau0c303ee2008-07-07 00:09:58 +02005238 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005239 asession_temp->request_count++;
Willy Tarreau51041c72007-09-09 21:56:53 +02005240
Willy Tarreau58f10d72006-12-04 02:26:12 +01005241#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005242 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005243 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01005244#endif
5245 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005246 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005247 Alert("Found Application Session without matching server.\n");
5248 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005249 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005250 while (srv) {
5251 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005252 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005253 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01005254 txn->flags &= ~TX_CK_MASK;
5255 txn->flags |= TX_CK_VALID;
5256 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005257 t->srv = srv;
5258 break;
5259 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01005260 txn->flags &= ~TX_CK_MASK;
5261 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005262 }
5263 }
5264 srv = srv->next;
5265 }
5266 }
5267}
5268
5269
Willy Tarreaub2513902006-12-17 14:52:38 +01005270/*
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005271 * In a GET or HEAD request, check if the requested URI matches the stats uri
5272 * for the current backend, and if an authorization has been passed and is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01005273 *
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005274 * It is assumed that the request is either a HEAD or GET and that the
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005275 * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005276 * produce_content() can be called to start sending data.
Willy Tarreaub2513902006-12-17 14:52:38 +01005277 *
5278 * Returns 1 if the session's state changes, otherwise 0.
5279 */
5280int stats_check_uri_auth(struct session *t, struct proxy *backend)
5281{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005282 struct http_txn *txn = &t->txn;
Willy Tarreaub2513902006-12-17 14:52:38 +01005283 struct uri_auth *uri_auth = backend->uri_auth;
5284 struct user_auth *user;
5285 int authenticated, cur_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005286 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01005287
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005288 memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
5289
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005290 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005291 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01005292 return 0;
5293
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005294 h = t->req->data + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005295
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005296 /* the URI is in h */
5297 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01005298 return 0;
5299
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005300 h += uri_auth->uri_len;
5301 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
5302 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005303 t->data_ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005304 break;
5305 }
5306 h++;
5307 }
5308
5309 if (uri_auth->refresh) {
5310 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5311 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
5312 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005313 t->data_ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005314 break;
5315 }
5316 h++;
5317 }
5318 }
5319
Willy Tarreau55bb8452007-10-17 18:44:57 +02005320 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5321 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
5322 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005323 t->data_ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02005324 break;
5325 }
5326 h++;
5327 }
5328
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005329 t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
5330
Willy Tarreaub2513902006-12-17 14:52:38 +01005331 /* we are in front of a interceptable URI. Let's check
5332 * if there's an authentication and if it's valid.
5333 */
5334 user = uri_auth->users;
5335 if (!user) {
5336 /* no user auth required, it's OK */
5337 authenticated = 1;
5338 } else {
5339 authenticated = 0;
5340
5341 /* a user list is defined, we have to check.
5342 * skip 21 chars for "Authorization: Basic ".
5343 */
5344
5345 /* FIXME: this should move to an earlier place */
5346 cur_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005347 h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
5348 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5349 int len = txn->hdr_idx.v[cur_idx].len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005350 if (len > 14 &&
5351 !strncasecmp("Authorization:", h, 14)) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005352 txn->auth_hdr.str = h;
5353 txn->auth_hdr.len = len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005354 break;
5355 }
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005356 h += len + txn->hdr_idx.v[cur_idx].cr + 1;
Willy Tarreaub2513902006-12-17 14:52:38 +01005357 }
5358
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005359 if (txn->auth_hdr.len < 21 ||
5360 memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
Willy Tarreaub2513902006-12-17 14:52:38 +01005361 user = NULL;
5362
5363 while (user) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005364 if ((txn->auth_hdr.len == user->user_len + 14 + 7)
5365 && !memcmp(txn->auth_hdr.str + 14 + 7,
Willy Tarreaub2513902006-12-17 14:52:38 +01005366 user->user_pwd, user->user_len)) {
5367 authenticated = 1;
5368 break;
5369 }
5370 user = user->next;
5371 }
5372 }
5373
5374 if (!authenticated) {
Willy Tarreau0f772532006-12-23 20:51:41 +01005375 struct chunk msg;
Willy Tarreaub2513902006-12-17 14:52:38 +01005376
5377 /* no need to go further */
Willy Tarreau0f772532006-12-23 20:51:41 +01005378 msg.str = trash;
5379 msg.len = sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm);
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005380 txn->status = 401;
Willy Tarreau0f772532006-12-23 20:51:41 +01005381 client_retnclose(t, &msg);
Willy Tarreauf8533202008-08-16 14:55:08 +02005382 trace_term(t, TT_HTTP_URI_1);
Willy Tarreau2df28e82008-08-17 15:20:19 +02005383 t->req->analysers = 0;
Willy Tarreaub2513902006-12-17 14:52:38 +01005384 if (!(t->flags & SN_ERR_MASK))
5385 t->flags |= SN_ERR_PRXCOND;
5386 if (!(t->flags & SN_FINST_MASK))
5387 t->flags |= SN_FINST_R;
5388 return 1;
5389 }
5390
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005391 /* The request is valid, the user is authenticated. Let's start sending
Willy Tarreaub2513902006-12-17 14:52:38 +01005392 * data.
5393 */
Willy Tarreau72b179a2008-08-28 16:01:32 +02005394 buffer_shutw_now(t->req);
5395 buffer_shutr_now(t->rep);
5396 buffer_start_hijack(t->rep);
Willy Tarreau70089872008-06-13 21:12:51 +02005397 t->logs.tv_request = now;
Willy Tarreaub2513902006-12-17 14:52:38 +01005398 t->data_source = DATA_SRC_STATS;
5399 t->data_state = DATA_ST_INIT;
Willy Tarreau91e99932008-06-30 07:51:00 +02005400 t->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub2513902006-12-17 14:52:38 +01005401 produce_content(t);
5402 return 1;
5403}
5404
5405
Willy Tarreaubaaee002006-06-26 02:48:02 +02005406/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01005407 * Print a debug line with a header
5408 */
5409void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
5410{
5411 int len, max;
5412 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005413 dir, (unsigned short)t->req->prod->fd, (unsigned short)t->req->cons->fd);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005414 max = end - start;
5415 UBOUND(max, sizeof(trash) - len - 1);
5416 len += strlcpy2(trash + len, start, max + 1);
5417 trash[len++] = '\n';
5418 write(1, trash, len);
5419}
5420
5421
Willy Tarreau8797c062007-05-07 00:55:35 +02005422/************************************************************************/
5423/* The code below is dedicated to ACL parsing and matching */
5424/************************************************************************/
5425
5426
5427
5428
5429/* 1. Check on METHOD
5430 * We use the pre-parsed method if it is known, and store its number as an
5431 * integer. If it is unknown, we use the pointer and the length.
5432 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005433static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005434{
5435 int len, meth;
5436
Willy Tarreauae8b7962007-06-09 23:10:04 +02005437 len = strlen(*text);
5438 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02005439
5440 pattern->val.i = meth;
5441 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02005442 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005443 if (!pattern->ptr.str)
5444 return 0;
5445 pattern->len = len;
5446 }
5447 return 1;
5448}
5449
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005450static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005451acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
5452 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005453{
5454 int meth;
5455 struct http_txn *txn = l7;
5456
Willy Tarreaub6866442008-07-14 23:54:42 +02005457 if (!txn)
5458 return 0;
5459
Willy Tarreauc11416f2007-06-17 16:58:38 +02005460 if (txn->req.msg_state != HTTP_MSG_BODY)
5461 return 0;
5462
Willy Tarreau8797c062007-05-07 00:55:35 +02005463 meth = txn->meth;
5464 test->i = meth;
5465 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02005466 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5467 /* ensure the indexes are not affected */
5468 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02005469 test->len = txn->req.sl.rq.m_l;
5470 test->ptr = txn->req.sol;
5471 }
5472 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5473 return 1;
5474}
5475
5476static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
5477{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005478 int icase;
5479
Willy Tarreau8797c062007-05-07 00:55:35 +02005480 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02005481 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02005482
5483 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02005484 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005485
5486 /* Other method, we must compare the strings */
5487 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02005488 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005489
5490 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
5491 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
5492 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02005493 return ACL_PAT_FAIL;
5494 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005495}
5496
5497/* 2. Check on Request/Status Version
5498 * We simply compare strings here.
5499 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005500static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005501{
Willy Tarreauae8b7962007-06-09 23:10:04 +02005502 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005503 if (!pattern->ptr.str)
5504 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02005505 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005506 return 1;
5507}
5508
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005509static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005510acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
5511 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005512{
5513 struct http_txn *txn = l7;
5514 char *ptr;
5515 int len;
5516
Willy Tarreaub6866442008-07-14 23:54:42 +02005517 if (!txn)
5518 return 0;
5519
Willy Tarreauc11416f2007-06-17 16:58:38 +02005520 if (txn->req.msg_state != HTTP_MSG_BODY)
5521 return 0;
5522
Willy Tarreau8797c062007-05-07 00:55:35 +02005523 len = txn->req.sl.rq.v_l;
5524 ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som;
5525
5526 while ((len-- > 0) && (*ptr++ != '/'));
5527 if (len <= 0)
5528 return 0;
5529
5530 test->ptr = ptr;
5531 test->len = len;
5532
5533 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5534 return 1;
5535}
5536
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005537static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005538acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
5539 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005540{
5541 struct http_txn *txn = l7;
5542 char *ptr;
5543 int len;
5544
Willy Tarreaub6866442008-07-14 23:54:42 +02005545 if (!txn)
5546 return 0;
5547
Willy Tarreauc11416f2007-06-17 16:58:38 +02005548 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5549 return 0;
5550
Willy Tarreau8797c062007-05-07 00:55:35 +02005551 len = txn->rsp.sl.st.v_l;
5552 ptr = txn->rsp.sol;
5553
5554 while ((len-- > 0) && (*ptr++ != '/'));
5555 if (len <= 0)
5556 return 0;
5557
5558 test->ptr = ptr;
5559 test->len = len;
5560
5561 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5562 return 1;
5563}
5564
5565/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005566static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005567acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
5568 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005569{
5570 struct http_txn *txn = l7;
5571 char *ptr;
5572 int len;
5573
Willy Tarreaub6866442008-07-14 23:54:42 +02005574 if (!txn)
5575 return 0;
5576
Willy Tarreauc11416f2007-06-17 16:58:38 +02005577 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5578 return 0;
5579
Willy Tarreau8797c062007-05-07 00:55:35 +02005580 len = txn->rsp.sl.st.c_l;
5581 ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som;
5582
5583 test->i = __strl2ui(ptr, len);
5584 test->flags = ACL_TEST_F_VOL_1ST;
5585 return 1;
5586}
5587
5588/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005589static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005590acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
5591 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005592{
5593 struct http_txn *txn = l7;
5594
Willy Tarreaub6866442008-07-14 23:54:42 +02005595 if (!txn)
5596 return 0;
5597
Willy Tarreauc11416f2007-06-17 16:58:38 +02005598 if (txn->req.msg_state != HTTP_MSG_BODY)
5599 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005600
Willy Tarreauc11416f2007-06-17 16:58:38 +02005601 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5602 /* ensure the indexes are not affected */
5603 return 0;
5604
Willy Tarreau8797c062007-05-07 00:55:35 +02005605 test->len = txn->req.sl.rq.u_l;
5606 test->ptr = txn->req.sol + txn->req.sl.rq.u;
5607
Willy Tarreauf3d25982007-05-08 22:45:09 +02005608 /* we do not need to set READ_ONLY because the data is in a buffer */
5609 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02005610 return 1;
5611}
5612
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005613static int
5614acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
5615 struct acl_expr *expr, struct acl_test *test)
5616{
5617 struct http_txn *txn = l7;
5618
Willy Tarreaub6866442008-07-14 23:54:42 +02005619 if (!txn)
5620 return 0;
5621
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005622 if (txn->req.msg_state != HTTP_MSG_BODY)
5623 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005624
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005625 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5626 /* ensure the indexes are not affected */
5627 return 0;
5628
5629 /* Parse HTTP request */
5630 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5631 test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr;
5632 test->i = AF_INET;
5633
5634 /*
5635 * If we are parsing url in frontend space, we prepare backend stage
5636 * to not parse again the same url ! optimization lazyness...
5637 */
5638 if (px->options & PR_O_HTTP_PROXY)
5639 l4->flags |= SN_ADDR_SET;
5640
5641 test->flags = ACL_TEST_F_READ_ONLY;
5642 return 1;
5643}
5644
5645static int
5646acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
5647 struct acl_expr *expr, struct acl_test *test)
5648{
5649 struct http_txn *txn = l7;
5650
Willy Tarreaub6866442008-07-14 23:54:42 +02005651 if (!txn)
5652 return 0;
5653
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005654 if (txn->req.msg_state != HTTP_MSG_BODY)
5655 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005656
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005657 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5658 /* ensure the indexes are not affected */
5659 return 0;
5660
5661 /* Same optimization as url_ip */
5662 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5663 test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port);
5664
5665 if (px->options & PR_O_HTTP_PROXY)
5666 l4->flags |= SN_ADDR_SET;
5667
5668 test->flags = ACL_TEST_F_READ_ONLY;
5669 return 1;
5670}
5671
Willy Tarreauc11416f2007-06-17 16:58:38 +02005672/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
5673 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
5674 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02005675static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005676acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005677 struct acl_expr *expr, struct acl_test *test)
5678{
5679 struct http_txn *txn = l7;
5680 struct hdr_idx *idx = &txn->hdr_idx;
5681 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005682
Willy Tarreaub6866442008-07-14 23:54:42 +02005683 if (!txn)
5684 return 0;
5685
Willy Tarreau33a7e692007-06-10 19:45:56 +02005686 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5687 /* search for header from the beginning */
5688 ctx->idx = 0;
5689
Willy Tarreau33a7e692007-06-10 19:45:56 +02005690 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5691 test->flags |= ACL_TEST_F_FETCH_MORE;
5692 test->flags |= ACL_TEST_F_VOL_HDR;
5693 test->len = ctx->vlen;
5694 test->ptr = (char *)ctx->line + ctx->val;
5695 return 1;
5696 }
5697
5698 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5699 test->flags |= ACL_TEST_F_VOL_HDR;
5700 return 0;
5701}
5702
Willy Tarreau33a7e692007-06-10 19:45:56 +02005703static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005704acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
5705 struct acl_expr *expr, struct acl_test *test)
5706{
5707 struct http_txn *txn = l7;
5708
Willy Tarreaub6866442008-07-14 23:54:42 +02005709 if (!txn)
5710 return 0;
5711
Willy Tarreauc11416f2007-06-17 16:58:38 +02005712 if (txn->req.msg_state != HTTP_MSG_BODY)
5713 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005714
Willy Tarreauc11416f2007-06-17 16:58:38 +02005715 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5716 /* ensure the indexes are not affected */
5717 return 0;
5718
5719 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
5720}
5721
5722static int
5723acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
5724 struct acl_expr *expr, struct acl_test *test)
5725{
5726 struct http_txn *txn = l7;
5727
Willy Tarreaub6866442008-07-14 23:54:42 +02005728 if (!txn)
5729 return 0;
5730
Willy Tarreauc11416f2007-06-17 16:58:38 +02005731 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5732 return 0;
5733
5734 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
5735}
5736
5737/* 6. Check on HTTP header count. The number of occurrences is returned.
5738 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
5739 */
5740static int
5741acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005742 struct acl_expr *expr, struct acl_test *test)
5743{
5744 struct http_txn *txn = l7;
5745 struct hdr_idx *idx = &txn->hdr_idx;
5746 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005747 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02005748
Willy Tarreaub6866442008-07-14 23:54:42 +02005749 if (!txn)
5750 return 0;
5751
Willy Tarreau33a7e692007-06-10 19:45:56 +02005752 ctx.idx = 0;
5753 cnt = 0;
5754 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
5755 cnt++;
5756
5757 test->i = cnt;
5758 test->flags = ACL_TEST_F_VOL_HDR;
5759 return 1;
5760}
5761
Willy Tarreauc11416f2007-06-17 16:58:38 +02005762static int
5763acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5764 struct acl_expr *expr, struct acl_test *test)
5765{
5766 struct http_txn *txn = l7;
5767
Willy Tarreaub6866442008-07-14 23:54:42 +02005768 if (!txn)
5769 return 0;
5770
Willy Tarreauc11416f2007-06-17 16:58:38 +02005771 if (txn->req.msg_state != HTTP_MSG_BODY)
5772 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005773
Willy Tarreauc11416f2007-06-17 16:58:38 +02005774 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5775 /* ensure the indexes are not affected */
5776 return 0;
5777
5778 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
5779}
5780
5781static int
5782acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5783 struct acl_expr *expr, struct acl_test *test)
5784{
5785 struct http_txn *txn = l7;
5786
Willy Tarreaub6866442008-07-14 23:54:42 +02005787 if (!txn)
5788 return 0;
5789
Willy Tarreauc11416f2007-06-17 16:58:38 +02005790 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5791 return 0;
5792
5793 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
5794}
5795
Willy Tarreau33a7e692007-06-10 19:45:56 +02005796/* 7. Check on HTTP header's integer value. The integer value is returned.
5797 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02005798 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02005799 */
5800static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005801acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005802 struct acl_expr *expr, struct acl_test *test)
5803{
5804 struct http_txn *txn = l7;
5805 struct hdr_idx *idx = &txn->hdr_idx;
5806 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005807
Willy Tarreaub6866442008-07-14 23:54:42 +02005808 if (!txn)
5809 return 0;
5810
Willy Tarreau33a7e692007-06-10 19:45:56 +02005811 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5812 /* search for header from the beginning */
5813 ctx->idx = 0;
5814
Willy Tarreau33a7e692007-06-10 19:45:56 +02005815 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5816 test->flags |= ACL_TEST_F_FETCH_MORE;
5817 test->flags |= ACL_TEST_F_VOL_HDR;
5818 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
5819 return 1;
5820 }
5821
5822 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5823 test->flags |= ACL_TEST_F_VOL_HDR;
5824 return 0;
5825}
5826
Willy Tarreauc11416f2007-06-17 16:58:38 +02005827static int
5828acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5829 struct acl_expr *expr, struct acl_test *test)
5830{
5831 struct http_txn *txn = l7;
5832
Willy Tarreaub6866442008-07-14 23:54:42 +02005833 if (!txn)
5834 return 0;
5835
Willy Tarreauc11416f2007-06-17 16:58:38 +02005836 if (txn->req.msg_state != HTTP_MSG_BODY)
5837 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005838
Willy Tarreauc11416f2007-06-17 16:58:38 +02005839 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5840 /* ensure the indexes are not affected */
5841 return 0;
5842
5843 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
5844}
5845
5846static int
5847acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5848 struct acl_expr *expr, struct acl_test *test)
5849{
5850 struct http_txn *txn = l7;
5851
Willy Tarreaub6866442008-07-14 23:54:42 +02005852 if (!txn)
5853 return 0;
5854
Willy Tarreauc11416f2007-06-17 16:58:38 +02005855 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5856 return 0;
5857
5858 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
5859}
5860
Willy Tarreau737b0c12007-06-10 21:28:46 +02005861/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
5862 * the first '/' after the possible hostname, and ends before the possible '?'.
5863 */
5864static int
5865acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
5866 struct acl_expr *expr, struct acl_test *test)
5867{
5868 struct http_txn *txn = l7;
5869 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005870
Willy Tarreaub6866442008-07-14 23:54:42 +02005871 if (!txn)
5872 return 0;
5873
Willy Tarreauc11416f2007-06-17 16:58:38 +02005874 if (txn->req.msg_state != HTTP_MSG_BODY)
5875 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005876
Willy Tarreauc11416f2007-06-17 16:58:38 +02005877 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5878 /* ensure the indexes are not affected */
5879 return 0;
5880
Willy Tarreau21d2af32008-02-14 20:25:24 +01005881 end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
5882 ptr = http_get_path(txn);
5883 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02005884 return 0;
5885
5886 /* OK, we got the '/' ! */
5887 test->ptr = ptr;
5888
5889 while (ptr < end && *ptr != '?')
5890 ptr++;
5891
5892 test->len = ptr - test->ptr;
5893
5894 /* we do not need to set READ_ONLY because the data is in a buffer */
5895 test->flags = ACL_TEST_F_VOL_1ST;
5896 return 1;
5897}
5898
5899
Willy Tarreau8797c062007-05-07 00:55:35 +02005900
5901/************************************************************************/
5902/* All supported keywords must be declared here. */
5903/************************************************************************/
5904
5905/* Note: must not be declared <const> as its list will be overwritten */
5906static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005907 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
5908 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5909 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5910 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02005911
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005912 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5913 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5914 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5915 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5916 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5917 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5918 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5919 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
5920 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02005921
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005922 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
5923 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5924 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5925 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5926 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5927 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5928 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5929 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5930 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
5931 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreauc11416f2007-06-17 16:58:38 +02005932
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005933 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5934 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
5935 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
5936 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
5937 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
5938 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
5939 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
5940 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
5941 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005942
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005943 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5944 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5945 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5946 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5947 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5948 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5949 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005950
Willy Tarreauf3d25982007-05-08 22:45:09 +02005951 { NULL, NULL, NULL, NULL },
5952
5953#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02005954 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
5955 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
5956 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
5957 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
5958 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
5959 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
5960 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
5961
Willy Tarreau8797c062007-05-07 00:55:35 +02005962 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
5963 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
5964 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
5965 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
5966 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
5967 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
5968 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
5969 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
5970
5971 { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str },
5972 { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg },
5973 { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str },
5974 { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 },
5975 { NULL, NULL, NULL, NULL },
5976#endif
5977}};
5978
5979
5980__attribute__((constructor))
5981static void __http_protocol_init(void)
5982{
5983 acl_register_keywords(&acl_kws);
5984}
5985
5986
Willy Tarreau58f10d72006-12-04 02:26:12 +01005987/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02005988 * Local variables:
5989 * c-indent-level: 8
5990 * c-basic-offset: 8
5991 * End:
5992 */