blob: 90b73dacd7771941d31346954c83131a847bbc69 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01004 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreaub05405a2012-01-23 15:35:52 +010026#include <netinet/tcp.h>
27
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010029#include <common/base64.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020030#include <common/chunk.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/compat.h>
32#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010033#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/memory.h>
35#include <common/mini-clist.h>
36#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020037#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020038#include <common/time.h>
39#include <common/uri_auth.h>
40#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
42#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020043#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044
Willy Tarreau8797c062007-05-07 00:55:35 +020045#include <proto/acl.h>
Willy Tarreau61612d42012-04-19 18:42:05 +020046#include <proto/arg.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010047#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/backend.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020049#include <proto/channel.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010050#include <proto/checks.h>
William Lallemand82fe75c2012-10-23 10:25:10 +020051#include <proto/compression.h>
Willy Tarreau91861262007-10-17 17:06:05 +020052#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020054#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010056#include <proto/hdr_idx.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010057#include <proto/pattern.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020058#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020059#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010060#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020061#include <proto/queue.h>
Willy Tarreaucd3b0942012-04-27 21:52:18 +020062#include <proto/sample.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010063#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020064#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010065#include <proto/stream_interface.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020066#include <proto/task.h>
Baptiste Assmannfabcbe02014-04-24 22:16:59 +020067#include <proto/pattern.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020068
Willy Tarreau522d6c02009-12-06 18:49:18 +010069const char HTTP_100[] =
70 "HTTP/1.1 100 Continue\r\n\r\n";
71
72const struct chunk http_100_chunk = {
73 .str = (char *)&HTTP_100,
74 .len = sizeof(HTTP_100)-1
75};
76
Willy Tarreaua9679ac2010-01-03 17:32:57 +010077/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020078const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010079 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010080 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020081 "Location: "; /* not terminated since it will be concatenated with the URL */
82
Willy Tarreau0f772532006-12-23 20:51:41 +010083const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010084 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010085 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010086 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010087 "Location: "; /* not terminated since it will be concatenated with the URL */
88
89/* same as 302 except that the browser MUST retry with the GET method */
90const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010091 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010092 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010093 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010094 "Location: "; /* not terminated since it will be concatenated with the URL */
95
Yves Lafon3e8d1ae2013-03-11 11:06:05 -040096
97/* same as 302 except that the browser MUST retry with the same method */
98const char *HTTP_307 =
99 "HTTP/1.1 307 Temporary Redirect\r\n"
100 "Cache-Control: no-cache\r\n"
101 "Content-length: 0\r\n"
102 "Location: "; /* not terminated since it will be concatenated with the URL */
103
104/* same as 301 except that the browser MUST retry with the same method */
105const char *HTTP_308 =
106 "HTTP/1.1 308 Permanent Redirect\r\n"
107 "Content-length: 0\r\n"
108 "Location: "; /* not terminated since it will be concatenated with the URL */
109
Willy Tarreaubaaee002006-06-26 02:48:02 +0200110/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
111const char *HTTP_401_fmt =
112 "HTTP/1.0 401 Unauthorized\r\n"
113 "Cache-Control: no-cache\r\n"
114 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200115 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200116 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
117 "\r\n"
118 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
119
Willy Tarreau844a7e72010-01-31 21:46:18 +0100120const char *HTTP_407_fmt =
121 "HTTP/1.0 407 Unauthorized\r\n"
122 "Cache-Control: no-cache\r\n"
123 "Connection: close\r\n"
124 "Content-Type: text/html\r\n"
125 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
126 "\r\n"
127 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
128
Willy Tarreau0f772532006-12-23 20:51:41 +0100129
130const int http_err_codes[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200131 [HTTP_ERR_200] = 200, /* used by "monitor-uri" */
Willy Tarreau0f772532006-12-23 20:51:41 +0100132 [HTTP_ERR_400] = 400,
133 [HTTP_ERR_403] = 403,
134 [HTTP_ERR_408] = 408,
135 [HTTP_ERR_500] = 500,
136 [HTTP_ERR_502] = 502,
137 [HTTP_ERR_503] = 503,
138 [HTTP_ERR_504] = 504,
139};
140
Willy Tarreau80587432006-12-24 17:47:20 +0100141static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200142 [HTTP_ERR_200] =
143 "HTTP/1.0 200 OK\r\n"
144 "Cache-Control: no-cache\r\n"
145 "Connection: close\r\n"
146 "Content-Type: text/html\r\n"
147 "\r\n"
148 "<html><body><h1>200 OK</h1>\nService ready.\n</body></html>\n",
149
Willy Tarreau0f772532006-12-23 20:51:41 +0100150 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100151 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100152 "Cache-Control: no-cache\r\n"
153 "Connection: close\r\n"
154 "Content-Type: text/html\r\n"
155 "\r\n"
156 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
157
158 [HTTP_ERR_403] =
159 "HTTP/1.0 403 Forbidden\r\n"
160 "Cache-Control: no-cache\r\n"
161 "Connection: close\r\n"
162 "Content-Type: text/html\r\n"
163 "\r\n"
164 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
165
166 [HTTP_ERR_408] =
167 "HTTP/1.0 408 Request Time-out\r\n"
168 "Cache-Control: no-cache\r\n"
169 "Connection: close\r\n"
170 "Content-Type: text/html\r\n"
171 "\r\n"
172 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
173
174 [HTTP_ERR_500] =
175 "HTTP/1.0 500 Server Error\r\n"
176 "Cache-Control: no-cache\r\n"
177 "Connection: close\r\n"
178 "Content-Type: text/html\r\n"
179 "\r\n"
180 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
181
182 [HTTP_ERR_502] =
183 "HTTP/1.0 502 Bad Gateway\r\n"
184 "Cache-Control: no-cache\r\n"
185 "Connection: close\r\n"
186 "Content-Type: text/html\r\n"
187 "\r\n"
188 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
189
190 [HTTP_ERR_503] =
191 "HTTP/1.0 503 Service Unavailable\r\n"
192 "Cache-Control: no-cache\r\n"
193 "Connection: close\r\n"
194 "Content-Type: text/html\r\n"
195 "\r\n"
196 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
197
198 [HTTP_ERR_504] =
199 "HTTP/1.0 504 Gateway Time-out\r\n"
200 "Cache-Control: no-cache\r\n"
201 "Connection: close\r\n"
202 "Content-Type: text/html\r\n"
203 "\r\n"
204 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
205
206};
207
Cyril Bonté19979e12012-04-04 12:57:21 +0200208/* status codes available for the stats admin page (strictly 4 chars length) */
209const char *stat_status_codes[STAT_STATUS_SIZE] = {
210 [STAT_STATUS_DENY] = "DENY",
211 [STAT_STATUS_DONE] = "DONE",
212 [STAT_STATUS_ERRP] = "ERRP",
213 [STAT_STATUS_EXCD] = "EXCD",
214 [STAT_STATUS_NONE] = "NONE",
215 [STAT_STATUS_PART] = "PART",
216 [STAT_STATUS_UNKN] = "UNKN",
217};
218
219
William Lallemand73025dd2014-04-24 14:38:37 +0200220/* List head of all known action keywords for "http-request" */
221struct http_req_action_kw_list http_req_keywords = {
222 .list = LIST_HEAD_INIT(http_req_keywords.list)
223};
224
225/* List head of all known action keywords for "http-response" */
226struct http_res_action_kw_list http_res_keywords = {
227 .list = LIST_HEAD_INIT(http_res_keywords.list)
228};
229
Willy Tarreau80587432006-12-24 17:47:20 +0100230/* We must put the messages here since GCC cannot initialize consts depending
231 * on strlen().
232 */
233struct chunk http_err_chunks[HTTP_ERR_SIZE];
234
Willy Tarreaua890d072013-04-02 12:01:06 +0200235/* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
236static struct hdr_ctx static_hdr_ctx;
237
Willy Tarreau42250582007-04-01 01:30:43 +0200238#define FD_SETS_ARE_BITFIELDS
239#ifdef FD_SETS_ARE_BITFIELDS
240/*
241 * This map is used with all the FD_* macros to check whether a particular bit
242 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
243 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
244 * byte should be encoded. Be careful to always pass bytes from 0 to 255
245 * exclusively to the macros.
246 */
247fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
248fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100249fd_set http_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
Willy Tarreau42250582007-04-01 01:30:43 +0200250
251#else
252#error "Check if your OS uses bitfields for fd_sets"
253#endif
254
Willy Tarreau80587432006-12-24 17:47:20 +0100255void init_proto_http()
256{
Willy Tarreau42250582007-04-01 01:30:43 +0200257 int i;
258 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100259 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200260
Willy Tarreau80587432006-12-24 17:47:20 +0100261 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
262 if (!http_err_msgs[msg]) {
263 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
264 abort();
265 }
266
267 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
268 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
269 }
Willy Tarreau42250582007-04-01 01:30:43 +0200270
271 /* initialize the log header encoding map : '{|}"#' should be encoded with
272 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
273 * URL encoding only requires '"', '#' to be encoded as well as non-
274 * printable characters above.
275 */
276 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
277 memset(url_encode_map, 0, sizeof(url_encode_map));
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100278 memset(http_encode_map, 0, sizeof(url_encode_map));
Willy Tarreau42250582007-04-01 01:30:43 +0200279 for (i = 0; i < 32; i++) {
280 FD_SET(i, hdr_encode_map);
281 FD_SET(i, url_encode_map);
282 }
283 for (i = 127; i < 256; i++) {
284 FD_SET(i, hdr_encode_map);
285 FD_SET(i, url_encode_map);
286 }
287
288 tmp = "\"#{|}";
289 while (*tmp) {
290 FD_SET(*tmp, hdr_encode_map);
291 tmp++;
292 }
293
294 tmp = "\"#";
295 while (*tmp) {
296 FD_SET(*tmp, url_encode_map);
297 tmp++;
298 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200299
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100300 /* initialize the http header encoding map. The draft httpbis define the
301 * header content as:
302 *
303 * HTTP-message = start-line
304 * *( header-field CRLF )
305 * CRLF
306 * [ message-body ]
307 * header-field = field-name ":" OWS field-value OWS
308 * field-value = *( field-content / obs-fold )
309 * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
310 * obs-fold = CRLF 1*( SP / HTAB )
311 * field-vchar = VCHAR / obs-text
312 * VCHAR = %x21-7E
313 * obs-text = %x80-FF
314 *
315 * All the chars are encoded except "VCHAR", "obs-text", SP and HTAB.
316 * The encoded chars are form 0x00 to 0x08, 0x0a to 0x1f and 0x7f. The
317 * "obs-fold" is volontary forgotten because haproxy remove this.
318 */
319 memset(http_encode_map, 0, sizeof(http_encode_map));
320 for (i = 0x00; i <= 0x08; i++)
321 FD_SET(i, http_encode_map);
322 for (i = 0x0a; i <= 0x1f; i++)
323 FD_SET(i, http_encode_map);
324 FD_SET(0x7f, http_encode_map);
325
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200326 /* memory allocations */
327 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
William Lallemanda73203e2012-03-12 12:48:57 +0100328 pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100329}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200330
Willy Tarreau53b6c742006-12-17 13:37:46 +0100331/*
332 * We have 26 list of methods (1 per first letter), each of which can have
333 * up to 3 entries (2 valid, 1 null).
334 */
335struct http_method_desc {
Willy Tarreauc8987b32013-12-06 23:43:17 +0100336 enum http_meth_t meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100337 int len;
338 const char text[8];
339};
340
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100341const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100342 ['C' - 'A'] = {
343 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
344 },
345 ['D' - 'A'] = {
346 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
347 },
348 ['G' - 'A'] = {
349 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
350 },
351 ['H' - 'A'] = {
352 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
353 },
354 ['P' - 'A'] = {
355 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
356 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
357 },
358 ['T' - 'A'] = {
359 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
360 },
361 /* rest is empty like this :
362 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
363 */
364};
365
Thierry FOURNIERd4373142013-12-17 01:10:10 +0100366const struct http_method_name http_known_methods[HTTP_METH_OTHER] = {
367 [HTTP_METH_NONE] = { "", 0 },
368 [HTTP_METH_OPTIONS] = { "OPTIONS", 7 },
369 [HTTP_METH_GET] = { "GET", 3 },
370 [HTTP_METH_HEAD] = { "HEAD", 4 },
371 [HTTP_METH_POST] = { "POST", 4 },
372 [HTTP_METH_PUT] = { "PUT", 3 },
373 [HTTP_METH_DELETE] = { "DELETE", 6 },
374 [HTTP_METH_TRACE] = { "TRACE", 5 },
375 [HTTP_METH_CONNECT] = { "CONNECT", 7 },
376};
377
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100378/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200379 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100380 * RFC2616 for those chars.
381 */
382
383const char http_is_spht[256] = {
384 [' '] = 1, ['\t'] = 1,
385};
386
387const char http_is_crlf[256] = {
388 ['\r'] = 1, ['\n'] = 1,
389};
390
391const char http_is_lws[256] = {
392 [' '] = 1, ['\t'] = 1,
393 ['\r'] = 1, ['\n'] = 1,
394};
395
396const char http_is_sep[256] = {
397 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
398 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
399 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
400 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
401 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
402};
403
404const char http_is_ctl[256] = {
405 [0 ... 31] = 1,
406 [127] = 1,
407};
408
409/*
410 * A token is any ASCII char that is neither a separator nor a CTL char.
411 * Do not overwrite values in assignment since gcc-2.95 will not handle
412 * them correctly. Instead, define every non-CTL char's status.
413 */
414const char http_is_token[256] = {
415 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
416 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
417 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
418 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
419 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
420 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
421 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
422 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
423 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
424 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
425 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
426 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
427 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
428 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
429 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
430 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
431 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
432 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
433 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
434 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
435 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
436 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
437 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
438 ['|'] = 1, ['}'] = 0, ['~'] = 1,
439};
440
441
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100442/*
443 * An http ver_token is any ASCII which can be found in an HTTP version,
444 * which includes 'H', 'T', 'P', '/', '.' and any digit.
445 */
446const char http_is_ver_token[256] = {
447 ['.'] = 1, ['/'] = 1,
448 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
449 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
450 ['H'] = 1, ['P'] = 1, ['T'] = 1,
451};
452
453
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100454/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100455 * Adds a header and its CRLF at the tail of the message's buffer, just before
456 * the last CRLF. Text length is measured first, so it cannot be NULL.
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100457 * The header is also automatically added to the index <hdr_idx>, and the end
458 * of headers is automatically adjusted. The number of bytes added is returned
459 * on success, otherwise <0 is returned indicating an error.
460 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100461int http_header_add_tail(struct http_msg *msg, struct hdr_idx *hdr_idx, const char *text)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100462{
463 int bytes, len;
464
465 len = strlen(text);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200466 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100467 if (!bytes)
468 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100469 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100470 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
471}
472
473/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100474 * Adds a header and its CRLF at the tail of the message's buffer, just before
475 * the last CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100476 * the buffer is only opened and the space reserved, but nothing is copied.
477 * The header is also automatically added to the index <hdr_idx>, and the end
478 * of headers is automatically adjusted. The number of bytes added is returned
479 * on success, otherwise <0 is returned indicating an error.
480 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100481int http_header_add_tail2(struct http_msg *msg,
482 struct hdr_idx *hdr_idx, const char *text, int len)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100483{
484 int bytes;
485
Willy Tarreau9b28e032012-10-12 23:49:43 +0200486 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100487 if (!bytes)
488 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100489 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100490 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
491}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200492
493/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100494 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
495 * If so, returns the position of the first non-space character relative to
496 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
497 * to return a pointer to the place after the first space. Returns 0 if the
498 * header name does not match. Checks are case-insensitive.
499 */
500int http_header_match2(const char *hdr, const char *end,
501 const char *name, int len)
502{
503 const char *val;
504
505 if (hdr + len >= end)
506 return 0;
507 if (hdr[len] != ':')
508 return 0;
509 if (strncasecmp(hdr, name, len) != 0)
510 return 0;
511 val = hdr + len + 1;
512 while (val < end && HTTP_IS_SPHT(*val))
513 val++;
514 if ((val >= end) && (len + 2 <= end - hdr))
515 return len + 2; /* we may replace starting from second space */
516 return val - hdr;
517}
518
Willy Tarreau04ff9f12013-06-10 18:39:42 +0200519/* Find the first or next occurrence of header <name> in message buffer <sol>
520 * using headers index <idx>, and return it in the <ctx> structure. This
521 * structure holds everything necessary to use the header and find next
522 * occurrence. If its <idx> member is 0, the header is searched from the
523 * beginning. Otherwise, the next occurrence is returned. The function returns
524 * 1 when it finds a value, and 0 when there is no more. It is very similar to
525 * http_find_header2() except that it is designed to work with full-line headers
526 * whose comma is not a delimiter but is part of the syntax. As a special case,
527 * if ctx->val is NULL when searching for a new values of a header, the current
528 * header is rescanned. This allows rescanning after a header deletion.
529 */
530int http_find_full_header2(const char *name, int len,
531 char *sol, struct hdr_idx *idx,
532 struct hdr_ctx *ctx)
533{
534 char *eol, *sov;
535 int cur_idx, old_idx;
536
537 cur_idx = ctx->idx;
538 if (cur_idx) {
539 /* We have previously returned a header, let's search another one */
540 sol = ctx->line;
541 eol = sol + idx->v[cur_idx].len;
542 goto next_hdr;
543 }
544
545 /* first request for this header */
546 sol += hdr_idx_first_pos(idx);
547 old_idx = 0;
548 cur_idx = hdr_idx_first_idx(idx);
549 while (cur_idx) {
550 eol = sol + idx->v[cur_idx].len;
551
552 if (len == 0) {
553 /* No argument was passed, we want any header.
554 * To achieve this, we simply build a fake request. */
555 while (sol + len < eol && sol[len] != ':')
556 len++;
557 name = sol;
558 }
559
560 if ((len < eol - sol) &&
561 (sol[len] == ':') &&
562 (strncasecmp(sol, name, len) == 0)) {
563 ctx->del = len;
564 sov = sol + len + 1;
565 while (sov < eol && http_is_lws[(unsigned char)*sov])
566 sov++;
567
568 ctx->line = sol;
569 ctx->prev = old_idx;
570 ctx->idx = cur_idx;
571 ctx->val = sov - sol;
572 ctx->tws = 0;
573 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
574 eol--;
575 ctx->tws++;
576 }
577 ctx->vlen = eol - sov;
578 return 1;
579 }
580 next_hdr:
581 sol = eol + idx->v[cur_idx].cr + 1;
582 old_idx = cur_idx;
583 cur_idx = idx->v[cur_idx].next;
584 }
585 return 0;
586}
587
Willy Tarreau68085d82010-01-18 14:54:04 +0100588/* Find the end of the header value contained between <s> and <e>. See RFC2616,
589 * par 2.2 for more information. Note that it requires a valid header to return
590 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200591 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100592char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200593{
594 int quoted, qdpair;
595
596 quoted = qdpair = 0;
597 for (; s < e; s++) {
598 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200599 else if (quoted) {
600 if (*s == '\\') qdpair = 1;
601 else if (*s == '"') quoted = 0;
602 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200603 else if (*s == '"') quoted = 1;
604 else if (*s == ',') return s;
605 }
606 return s;
607}
608
609/* Find the first or next occurrence of header <name> in message buffer <sol>
610 * using headers index <idx>, and return it in the <ctx> structure. This
611 * structure holds everything necessary to use the header and find next
612 * occurrence. If its <idx> member is 0, the header is searched from the
613 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100614 * 1 when it finds a value, and 0 when there is no more. It is designed to work
615 * with headers defined as comma-separated lists. As a special case, if ctx->val
616 * is NULL when searching for a new values of a header, the current header is
617 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200618 */
619int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100620 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200621 struct hdr_ctx *ctx)
622{
Willy Tarreau68085d82010-01-18 14:54:04 +0100623 char *eol, *sov;
624 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200625
Willy Tarreau68085d82010-01-18 14:54:04 +0100626 cur_idx = ctx->idx;
627 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200628 /* We have previously returned a value, let's search
629 * another one on the same line.
630 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200631 sol = ctx->line;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200632 ctx->del = ctx->val + ctx->vlen + ctx->tws;
Willy Tarreau68085d82010-01-18 14:54:04 +0100633 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200634 eol = sol + idx->v[cur_idx].len;
635
636 if (sov >= eol)
637 /* no more values in this header */
638 goto next_hdr;
639
Willy Tarreau68085d82010-01-18 14:54:04 +0100640 /* values remaining for this header, skip the comma but save it
641 * for later use (eg: for header deletion).
642 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200643 sov++;
644 while (sov < eol && http_is_lws[(unsigned char)*sov])
645 sov++;
646
647 goto return_hdr;
648 }
649
650 /* first request for this header */
651 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100652 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200653 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200654 while (cur_idx) {
655 eol = sol + idx->v[cur_idx].len;
656
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200657 if (len == 0) {
658 /* No argument was passed, we want any header.
659 * To achieve this, we simply build a fake request. */
660 while (sol + len < eol && sol[len] != ':')
661 len++;
662 name = sol;
663 }
664
Willy Tarreau33a7e692007-06-10 19:45:56 +0200665 if ((len < eol - sol) &&
666 (sol[len] == ':') &&
667 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100668 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200669 sov = sol + len + 1;
670 while (sov < eol && http_is_lws[(unsigned char)*sov])
671 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100672
Willy Tarreau33a7e692007-06-10 19:45:56 +0200673 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100674 ctx->prev = old_idx;
675 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200676 ctx->idx = cur_idx;
677 ctx->val = sov - sol;
678
679 eol = find_hdr_value_end(sov, eol);
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200680 ctx->tws = 0;
Willy Tarreau275600b2011-09-16 08:11:26 +0200681 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200682 eol--;
683 ctx->tws++;
684 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200685 ctx->vlen = eol - sov;
686 return 1;
687 }
688 next_hdr:
689 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100690 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200691 cur_idx = idx->v[cur_idx].next;
692 }
693 return 0;
694}
695
696int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100697 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200698 struct hdr_ctx *ctx)
699{
700 return http_find_header2(name, strlen(name), sol, idx, ctx);
701}
702
Willy Tarreau68085d82010-01-18 14:54:04 +0100703/* Remove one value of a header. This only works on a <ctx> returned by one of
704 * the http_find_header functions. The value is removed, as well as surrounding
705 * commas if any. If the removed value was alone, the whole header is removed.
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100706 * The ctx is always updated accordingly, as well as the buffer and HTTP
Willy Tarreau68085d82010-01-18 14:54:04 +0100707 * message <msg>. The new index is returned. If it is zero, it means there is
708 * no more header, so any processing may stop. The ctx is always left in a form
709 * that can be handled by http_find_header2() to find next occurrence.
710 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100711int http_remove_header2(struct http_msg *msg, struct hdr_idx *idx, struct hdr_ctx *ctx)
Willy Tarreau68085d82010-01-18 14:54:04 +0100712{
713 int cur_idx = ctx->idx;
714 char *sol = ctx->line;
715 struct hdr_idx_elem *hdr;
716 int delta, skip_comma;
717
718 if (!cur_idx)
719 return 0;
720
721 hdr = &idx->v[cur_idx];
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200722 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen + ctx->tws == hdr->len) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100723 /* This was the only value of the header, we must now remove it entirely. */
Willy Tarreau9b28e032012-10-12 23:49:43 +0200724 delta = buffer_replace2(msg->chn->buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
Willy Tarreau68085d82010-01-18 14:54:04 +0100725 http_msg_move_end(msg, delta);
726 idx->used--;
727 hdr->len = 0; /* unused entry */
728 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100729 if (idx->tail == ctx->idx)
730 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100731 ctx->idx = ctx->prev; /* walk back to the end of previous header */
732 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
733 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200734 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100735 return ctx->idx;
736 }
737
738 /* This was not the only value of this header. We have to remove between
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200739 * ctx->del+1 and ctx->val+ctx->vlen+ctx->tws+1 included. If it is the
740 * last entry of the list, we remove the last separator.
Willy Tarreau68085d82010-01-18 14:54:04 +0100741 */
742
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200743 skip_comma = (ctx->val + ctx->vlen + ctx->tws == hdr->len) ? 0 : 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200744 delta = buffer_replace2(msg->chn->buf, sol + ctx->del + skip_comma,
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200745 sol + ctx->val + ctx->vlen + ctx->tws + skip_comma,
Willy Tarreau68085d82010-01-18 14:54:04 +0100746 NULL, 0);
747 hdr->len += delta;
748 http_msg_move_end(msg, delta);
749 ctx->val = ctx->del;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200750 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100751 return ctx->idx;
752}
753
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100754/* This function handles a server error at the stream interface level. The
755 * stream interface is assumed to be already in a closed state. An optional
756 * message is copied into the input buffer, and an HTTP status code stored.
757 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100758 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200759 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200760static void http_server_error(struct session *s, struct stream_interface *si,
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100761 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200762{
Willy Tarreau8263d2b2012-08-28 00:06:31 +0200763 channel_auto_read(si->ob);
764 channel_abort(si->ob);
765 channel_auto_close(si->ob);
766 channel_erase(si->ob);
767 channel_auto_close(si->ib);
768 channel_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100769 if (status > 0 && msg) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200770 s->txn.status = status;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +0200771 bo_inject(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200772 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200773 if (!(s->flags & SN_ERR_MASK))
774 s->flags |= err;
775 if (!(s->flags & SN_FINST_MASK))
776 s->flags |= finst;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200777}
778
Willy Tarreau80587432006-12-24 17:47:20 +0100779/* This function returns the appropriate error location for the given session
780 * and message.
781 */
782
Willy Tarreau783f2582012-09-04 12:19:04 +0200783struct chunk *http_error_message(struct session *s, int msgnum)
Willy Tarreau80587432006-12-24 17:47:20 +0100784{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200785 if (s->be->errmsg[msgnum].str)
786 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100787 else if (s->fe->errmsg[msgnum].str)
788 return &s->fe->errmsg[msgnum];
789 else
790 return &http_err_chunks[msgnum];
791}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200792
Willy Tarreau53b6c742006-12-17 13:37:46 +0100793/*
794 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
795 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
796 */
Thierry FOURNIERd4373142013-12-17 01:10:10 +0100797enum http_meth_t find_http_meth(const char *str, const int len)
Willy Tarreau53b6c742006-12-17 13:37:46 +0100798{
799 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100800 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100801
802 m = ((unsigned)*str - 'A');
803
804 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100805 for (h = http_methods[m]; h->len > 0; h++) {
806 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100807 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100808 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100809 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100810 };
811 return HTTP_METH_OTHER;
812 }
813 return HTTP_METH_NONE;
814
815}
816
Willy Tarreau21d2af32008-02-14 20:25:24 +0100817/* Parse the URI from the given transaction (which is assumed to be in request
818 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
819 * It is returned otherwise.
820 */
821static char *
822http_get_path(struct http_txn *txn)
823{
824 char *ptr, *end;
825
Willy Tarreau9b28e032012-10-12 23:49:43 +0200826 ptr = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100827 end = ptr + txn->req.sl.rq.u_l;
828
829 if (ptr >= end)
830 return NULL;
831
832 /* RFC2616, par. 5.1.2 :
833 * Request-URI = "*" | absuri | abspath | authority
834 */
835
836 if (*ptr == '*')
837 return NULL;
838
839 if (isalpha((unsigned char)*ptr)) {
840 /* this is a scheme as described by RFC3986, par. 3.1 */
841 ptr++;
842 while (ptr < end &&
843 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
844 ptr++;
845 /* skip '://' */
846 if (ptr == end || *ptr++ != ':')
847 return NULL;
848 if (ptr == end || *ptr++ != '/')
849 return NULL;
850 if (ptr == end || *ptr++ != '/')
851 return NULL;
852 }
853 /* skip [user[:passwd]@]host[:[port]] */
854
855 while (ptr < end && *ptr != '/')
856 ptr++;
857
858 if (ptr == end)
859 return NULL;
860
861 /* OK, we got the '/' ! */
862 return ptr;
863}
864
William Lallemand65ad6e12014-01-31 15:08:02 +0100865/* Parse the URI from the given string and look for the "/" beginning the PATH.
866 * If not found, return NULL. It is returned otherwise.
867 */
868static char *
869http_get_path_from_string(char *str)
870{
871 char *ptr = str;
872
873 /* RFC2616, par. 5.1.2 :
874 * Request-URI = "*" | absuri | abspath | authority
875 */
876
877 if (*ptr == '*')
878 return NULL;
879
880 if (isalpha((unsigned char)*ptr)) {
881 /* this is a scheme as described by RFC3986, par. 3.1 */
882 ptr++;
883 while (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.')
884 ptr++;
885 /* skip '://' */
886 if (*ptr == '\0' || *ptr++ != ':')
887 return NULL;
888 if (*ptr == '\0' || *ptr++ != '/')
889 return NULL;
890 if (*ptr == '\0' || *ptr++ != '/')
891 return NULL;
892 }
893 /* skip [user[:passwd]@]host[:[port]] */
894
895 while (*ptr != '\0' && *ptr != ' ' && *ptr != '/')
896 ptr++;
897
898 if (*ptr == '\0' || *ptr == ' ')
899 return NULL;
900
901 /* OK, we got the '/' ! */
902 return ptr;
903}
904
Willy Tarreau71241ab2012-12-27 11:30:54 +0100905/* Returns a 302 for a redirectable request that reaches a server working in
906 * in redirect mode. This may only be called just after the stream interface
907 * has moved to SI_ST_ASS. Unprocessable requests are left unchanged and will
908 * follow normal proxy processing. NOTE: this function is designed to support
909 * being called once data are scheduled for forwarding.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100910 */
Willy Tarreau71241ab2012-12-27 11:30:54 +0100911void http_perform_server_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100912{
913 struct http_txn *txn;
Willy Tarreau827aee92011-03-10 16:55:02 +0100914 struct server *srv;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100915 char *path;
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200916 int len, rewind;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100917
918 /* 1: create the response header */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100919 trash.len = strlen(HTTP_302);
920 memcpy(trash.str, HTTP_302, trash.len);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100921
Willy Tarreau3fdb3662012-11-12 00:42:33 +0100922 srv = objt_server(s->target);
Willy Tarreau827aee92011-03-10 16:55:02 +0100923
Willy Tarreauefb453c2008-10-26 20:49:47 +0100924 /* 2: add the server's prefix */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100925 if (trash.len + srv->rdr_len > trash.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100926 return;
927
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100928 /* special prefix "/" means don't change URL */
Willy Tarreau827aee92011-03-10 16:55:02 +0100929 if (srv->rdr_len != 1 || *srv->rdr_pfx != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100930 memcpy(trash.str + trash.len, srv->rdr_pfx, srv->rdr_len);
931 trash.len += srv->rdr_len;
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100932 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100933
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200934 /* 3: add the request URI. Since it was already forwarded, we need
935 * to temporarily rewind the buffer.
936 */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100937 txn = &s->txn;
Willy Tarreau211cdec2014-04-17 20:18:08 +0200938 b_rew(s->req->buf, rewind = http_hdr_rewind(&txn->req));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200939
Willy Tarreauefb453c2008-10-26 20:49:47 +0100940 path = http_get_path(txn);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200941 len = buffer_count(s->req->buf, path, b_ptr(s->req->buf, txn->req.sl.rq.u + txn->req.sl.rq.u_l));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200942
Willy Tarreau9b28e032012-10-12 23:49:43 +0200943 b_adv(s->req->buf, rewind);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200944
Willy Tarreauefb453c2008-10-26 20:49:47 +0100945 if (!path)
946 return;
947
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100948 if (trash.len + len > trash.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100949 return;
950
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100951 memcpy(trash.str + trash.len, path, len);
952 trash.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100953
954 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100955 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
956 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100957 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100958 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
959 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100960 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100961
962 /* prepare to return without error. */
Willy Tarreau73b013b2012-05-21 16:31:45 +0200963 si_shutr(si);
964 si_shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100965 si->err_type = SI_ET_NONE;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100966 si->state = SI_ST_CLO;
967
968 /* send the message */
Willy Tarreau570f2212013-06-10 16:42:09 +0200969 http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100970
971 /* FIXME: we should increase a counter of redirects per server and per backend. */
Willy Tarreau4521ba62013-01-24 01:25:25 +0100972 srv_inc_sess_ctr(srv);
Bhaskar Maddalaa20cb852014-02-03 16:26:46 -0500973 srv_set_sess_last(srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100974}
975
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100976/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100977 * that the server side is closed. Note that err_type is actually a
978 * bitmask, where almost only aborts may be cumulated with other
979 * values. We consider that aborted operations are more important
980 * than timeouts or errors due to the fact that nobody else in the
981 * logs might explain incomplete retries. All others should avoid
982 * being cumulated. It should normally not be possible to have multiple
983 * aborts at once, but just in case, the first one in sequence is reported.
Willy Tarreau6b726ad2013-12-15 19:31:37 +0100984 * Note that connection errors appearing on the second request of a keep-alive
985 * connection are not reported since this allows the client to retry.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100986 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100987void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100988{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100989 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100990
991 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100992 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200993 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100994 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100995 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +0100996 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
997 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100998 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100999 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +02001000 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001001 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +01001002 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +02001003 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001004 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +01001005 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +01001006 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
1007 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001008 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +01001009 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
Willy Tarreau36346242014-02-24 18:26:30 +01001010 503, (s->flags & SN_SRV_REUSED) ? NULL :
Willy Tarreau6b726ad2013-12-15 19:31:37 +01001011 http_error_message(s, HTTP_ERR_503));
Willy Tarreau2d400bb2012-05-14 12:11:47 +02001012 else if (err_type & SI_ET_CONN_RES)
1013 http_server_error(s, si, SN_ERR_RESOURCE, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +01001014 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
1015 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001016 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +01001017 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +02001018 500, http_error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001019}
1020
Willy Tarreau42250582007-04-01 01:30:43 +02001021extern const char sess_term_cond[8];
1022extern const char sess_fin_state[8];
1023extern const char *monthname[12];
Willy Tarreau332f8bf2007-05-13 21:36:56 +02001024struct pool_head *pool2_requri;
Willy Tarreau193b8c62012-11-22 00:17:38 +01001025struct pool_head *pool2_capture = NULL;
William Lallemanda73203e2012-03-12 12:48:57 +01001026struct pool_head *pool2_uniqueid;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001027
Willy Tarreau117f59e2007-03-04 18:17:17 +01001028/*
1029 * Capture headers from message starting at <som> according to header list
1030 * <cap_hdr>, and fill the <idx> structure appropriately.
1031 */
1032void capture_headers(char *som, struct hdr_idx *idx,
1033 char **cap, struct cap_hdr *cap_hdr)
1034{
1035 char *eol, *sol, *col, *sov;
1036 int cur_idx;
1037 struct cap_hdr *h;
1038 int len;
1039
1040 sol = som + hdr_idx_first_pos(idx);
1041 cur_idx = hdr_idx_first_idx(idx);
1042
1043 while (cur_idx) {
1044 eol = sol + idx->v[cur_idx].len;
1045
1046 col = sol;
1047 while (col < eol && *col != ':')
1048 col++;
1049
1050 sov = col + 1;
1051 while (sov < eol && http_is_lws[(unsigned char)*sov])
1052 sov++;
1053
1054 for (h = cap_hdr; h; h = h->next) {
1055 if ((h->namelen == col - sol) &&
1056 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1057 if (cap[h->index] == NULL)
1058 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001059 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001060
1061 if (cap[h->index] == NULL) {
1062 Alert("HTTP capture : out of memory.\n");
1063 continue;
1064 }
1065
1066 len = eol - sov;
1067 if (len > h->len)
1068 len = h->len;
1069
1070 memcpy(cap[h->index], sov, len);
1071 cap[h->index][len]=0;
1072 }
1073 }
1074 sol = eol + idx->v[cur_idx].cr + 1;
1075 cur_idx = idx->v[cur_idx].next;
1076 }
1077}
1078
1079
Willy Tarreau42250582007-04-01 01:30:43 +02001080/* either we find an LF at <ptr> or we jump to <bad>.
1081 */
1082#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1083
1084/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1085 * otherwise to <http_msg_ood> with <state> set to <st>.
1086 */
1087#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1088 ptr++; \
1089 if (likely(ptr < end)) \
1090 goto good; \
1091 else { \
1092 state = (st); \
1093 goto http_msg_ood; \
1094 } \
1095 } while (0)
1096
1097
Willy Tarreaubaaee002006-06-26 02:48:02 +02001098/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001099 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001100 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1101 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1102 * will give undefined results.
1103 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1104 * and that msg->sol points to the beginning of the response.
1105 * If a complete line is found (which implies that at least one CR or LF is
1106 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1107 * returned indicating an incomplete line (which does not mean that parts have
1108 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1109 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1110 * upon next call.
1111 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001112 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001113 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1114 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001115 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001116 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001117const char *http_parse_stsline(struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01001118 enum ht_state state, const char *ptr, const char *end,
1119 unsigned int *ret_ptr, enum ht_state *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001120{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001121 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001122
Willy Tarreau8973c702007-01-21 23:58:29 +01001123 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001124 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001125 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001126 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001127 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1128
1129 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001130 msg->sl.st.v_l = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001131 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1132 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001133 state = HTTP_MSG_ERROR;
1134 break;
1135
Willy Tarreau8973c702007-01-21 23:58:29 +01001136 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001137 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001138 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001139 msg->sl.st.c = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001140 goto http_msg_rpcode;
1141 }
1142 if (likely(HTTP_IS_SPHT(*ptr)))
1143 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1144 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001145 state = HTTP_MSG_ERROR;
1146 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001147
Willy Tarreau8973c702007-01-21 23:58:29 +01001148 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001149 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +01001150 if (likely(!HTTP_IS_LWS(*ptr)))
1151 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1152
1153 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001154 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001155 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1156 }
1157
1158 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001159 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001160 http_msg_rsp_reason:
1161 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001162 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001163 msg->sl.st.r_l = 0;
1164 goto http_msg_rpline_eol;
1165
Willy Tarreau8973c702007-01-21 23:58:29 +01001166 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001167 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001168 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001169 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001170 goto http_msg_rpreason;
1171 }
1172 if (likely(HTTP_IS_SPHT(*ptr)))
1173 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1174 /* so it's a CR/LF, so there is no reason phrase */
1175 goto http_msg_rsp_reason;
1176
Willy Tarreau8973c702007-01-21 23:58:29 +01001177 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001178 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001179 if (likely(!HTTP_IS_CRLF(*ptr)))
1180 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreauea1175a2012-03-05 15:52:30 +01001181 msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001182 http_msg_rpline_eol:
1183 /* We have seen the end of line. Note that we do not
1184 * necessarily have the \n yet, but at least we know that we
1185 * have EITHER \r OR \n, otherwise the response would not be
1186 * complete. We can then record the response length and return
1187 * to the caller which will be able to register it.
1188 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001189 msg->sl.st.l = ptr - msg_start - msg->sol;
Willy Tarreau8973c702007-01-21 23:58:29 +01001190 return ptr;
1191
Willy Tarreau8973c702007-01-21 23:58:29 +01001192 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001193#ifdef DEBUG_FULL
Willy Tarreau8973c702007-01-21 23:58:29 +01001194 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1195 exit(1);
1196#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001197 ;
Willy Tarreau8973c702007-01-21 23:58:29 +01001198 }
1199
1200 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001201 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001202 if (ret_state)
1203 *ret_state = state;
1204 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001205 *ret_ptr = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001206 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001207}
1208
Willy Tarreau8973c702007-01-21 23:58:29 +01001209/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001210 * This function parses a request line between <ptr> and <end>, starting with
1211 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1212 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1213 * will give undefined results.
1214 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1215 * and that msg->sol points to the beginning of the request.
1216 * If a complete line is found (which implies that at least one CR or LF is
1217 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1218 * returned indicating an incomplete line (which does not mean that parts have
1219 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1220 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1221 * upon next call.
1222 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001223 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001224 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1225 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001226 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001227 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001228const char *http_parse_reqline(struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01001229 enum ht_state state, const char *ptr, const char *end,
1230 unsigned int *ret_ptr, enum ht_state *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001231{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001232 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001233
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001234 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001235 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001236 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001237 if (likely(HTTP_IS_TOKEN(*ptr)))
1238 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001239
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001240 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001241 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001242 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1243 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001244
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001245 if (likely(HTTP_IS_CRLF(*ptr))) {
1246 /* HTTP 0.9 request */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001247 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001248 http_msg_req09_uri:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001249 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001250 http_msg_req09_uri_e:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001251 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001252 http_msg_req09_ver:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001253 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001254 msg->sl.rq.v_l = 0;
1255 goto http_msg_rqline_eol;
1256 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001257 state = HTTP_MSG_ERROR;
1258 break;
1259
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001260 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001261 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001262 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001263 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001264 goto http_msg_rquri;
1265 }
1266 if (likely(HTTP_IS_SPHT(*ptr)))
1267 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1268 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1269 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001270
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001271 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001272 http_msg_rquri:
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001273 if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001274 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001275
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001276 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001277 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001278 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1279 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001280
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001281 if (likely((unsigned char)*ptr >= 128)) {
Willy Tarreau422246e2012-01-07 23:54:13 +01001282 /* non-ASCII chars are forbidden unless option
1283 * accept-invalid-http-request is enabled in the frontend.
1284 * In any case, we capture the faulty char.
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001285 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001286 if (msg->err_pos < -1)
1287 goto invalid_char;
1288 if (msg->err_pos == -1)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001289 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001290 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
1291 }
1292
1293 if (likely(HTTP_IS_CRLF(*ptr))) {
1294 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1295 goto http_msg_req09_uri_e;
1296 }
1297
1298 /* OK forbidden chars, 0..31 or 127 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001299 invalid_char:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001300 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001301 state = HTTP_MSG_ERROR;
1302 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001303
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001304 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001305 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001306 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001307 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001308 goto http_msg_rqver;
1309 }
1310 if (likely(HTTP_IS_SPHT(*ptr)))
1311 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1312 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1313 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001314
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001315 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001316 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001317 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001318 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001319
1320 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001321 msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001322 http_msg_rqline_eol:
1323 /* We have seen the end of line. Note that we do not
1324 * necessarily have the \n yet, but at least we know that we
1325 * have EITHER \r OR \n, otherwise the request would not be
1326 * complete. We can then record the request length and return
1327 * to the caller which will be able to register it.
1328 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001329 msg->sl.rq.l = ptr - msg_start - msg->sol;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001330 return ptr;
1331 }
1332
1333 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001334 state = HTTP_MSG_ERROR;
1335 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001336
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001337 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001338#ifdef DEBUG_FULL
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001339 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1340 exit(1);
1341#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001342 ;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001343 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001344
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001345 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001346 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001347 if (ret_state)
1348 *ret_state = state;
1349 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001350 *ret_ptr = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001351 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001352}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001353
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001354/*
1355 * Returns the data from Authorization header. Function may be called more
1356 * than once so data is stored in txn->auth_data. When no header is found
1357 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
Thierry FOURNIER98d96952014-01-23 12:13:02 +01001358 * searching again for something we are unable to find anyway. However, if
1359 * the result if valid, the cache is not reused because we would risk to
1360 * have the credentials overwritten by another session in parallel.
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001361 */
1362
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01001363/* This bufffer is initialized in the file 'src/haproxy.c'. This length is
1364 * set according to global.tune.bufsize.
1365 */
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001366char *get_http_auth_buff;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001367
1368int
1369get_http_auth(struct session *s)
1370{
1371
1372 struct http_txn *txn = &s->txn;
1373 struct chunk auth_method;
1374 struct hdr_ctx ctx;
1375 char *h, *p;
1376 int len;
1377
1378#ifdef DEBUG_AUTH
1379 printf("Auth for session %p: %d\n", s, txn->auth.method);
1380#endif
1381
1382 if (txn->auth.method == HTTP_AUTH_WRONG)
1383 return 0;
1384
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001385 txn->auth.method = HTTP_AUTH_WRONG;
1386
1387 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001388
1389 if (txn->flags & TX_USE_PX_CONN) {
1390 h = "Proxy-Authorization";
1391 len = strlen(h);
1392 } else {
1393 h = "Authorization";
1394 len = strlen(h);
1395 }
1396
Willy Tarreau9b28e032012-10-12 23:49:43 +02001397 if (!http_find_header2(h, len, s->req->buf->p, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001398 return 0;
1399
1400 h = ctx.line + ctx.val;
1401
1402 p = memchr(h, ' ', ctx.vlen);
1403 if (!p || p == h)
1404 return 0;
1405
1406 chunk_initlen(&auth_method, h, 0, p-h);
1407 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1408
1409 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1410
1411 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001412 get_http_auth_buff, global.tune.bufsize - 1);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001413
1414 if (len < 0)
1415 return 0;
1416
1417
1418 get_http_auth_buff[len] = '\0';
1419
1420 p = strchr(get_http_auth_buff, ':');
1421
1422 if (!p)
1423 return 0;
1424
1425 txn->auth.user = get_http_auth_buff;
1426 *p = '\0';
1427 txn->auth.pass = p+1;
1428
1429 txn->auth.method = HTTP_AUTH_BASIC;
1430 return 1;
1431 }
1432
1433 return 0;
1434}
1435
Willy Tarreau58f10d72006-12-04 02:26:12 +01001436
Willy Tarreau8973c702007-01-21 23:58:29 +01001437/*
1438 * This function parses an HTTP message, either a request or a response,
Willy Tarreau8b1323e2012-03-09 14:46:19 +01001439 * depending on the initial msg->msg_state. The caller is responsible for
1440 * ensuring that the message does not wrap. The function can be preempted
1441 * everywhere when data are missing and recalled at the exact same location
1442 * with no information loss. The message may even be realigned between two
1443 * calls. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001444 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau26927362012-05-18 23:22:52 +02001445 * fields. Note that msg->sol will be initialized after completing the first
1446 * state, so that none of the msg pointers has to be initialized prior to the
1447 * first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001448 */
Willy Tarreaua560c212012-03-09 13:50:57 +01001449void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001450{
Willy Tarreau3770f232013-12-07 00:01:53 +01001451 enum ht_state state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001452 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001453 struct buffer *buf;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001454
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001455 state = msg->msg_state;
Willy Tarreau9b28e032012-10-12 23:49:43 +02001456 buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001457 ptr = buf->p + msg->next;
1458 end = buf->p + buf->i;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001459
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001460 if (unlikely(ptr >= end))
1461 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001462
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001463 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001464 /*
1465 * First, states that are specific to the response only.
1466 * We check them first so that request and headers are
1467 * closer to each other (accessed more often).
1468 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001469 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001470 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001471 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001472 /* we have a start of message, but we have to check
1473 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001474 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001475 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001476 if (unlikely(ptr != buf->p)) {
1477 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001478 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001479 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001480 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8973c702007-01-21 23:58:29 +01001481 }
Willy Tarreau26927362012-05-18 23:22:52 +02001482 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001483 msg->sl.st.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001484 hdr_idx_init(idx);
1485 state = HTTP_MSG_RPVER;
1486 goto http_msg_rpver;
1487 }
1488
1489 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1490 goto http_msg_invalid;
1491
1492 if (unlikely(*ptr == '\n'))
1493 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1494 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1495 /* stop here */
1496
Willy Tarreau8973c702007-01-21 23:58:29 +01001497 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001498 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001499 EXPECT_LF_HERE(ptr, http_msg_invalid);
1500 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1501 /* stop here */
1502
Willy Tarreau8973c702007-01-21 23:58:29 +01001503 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001504 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001505 case HTTP_MSG_RPVER_SP:
1506 case HTTP_MSG_RPCODE:
1507 case HTTP_MSG_RPCODE_SP:
1508 case HTTP_MSG_RPREASON:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001509 ptr = (char *)http_parse_stsline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001510 state, ptr, end,
1511 &msg->next, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001512 if (unlikely(!ptr))
1513 return;
1514
1515 /* we have a full response and we know that we have either a CR
1516 * or an LF at <ptr>.
1517 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001518 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1519
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001520 msg->sol = ptr - buf->p;
Willy Tarreau8973c702007-01-21 23:58:29 +01001521 if (likely(*ptr == '\r'))
1522 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1523 goto http_msg_rpline_end;
1524
Willy Tarreau8973c702007-01-21 23:58:29 +01001525 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001526 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001527 /* msg->sol must point to the first of CR or LF. */
1528 EXPECT_LF_HERE(ptr, http_msg_invalid);
1529 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1530 /* stop here */
1531
1532 /*
1533 * Second, states that are specific to the request only
1534 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001535 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001536 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001537 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001538 /* we have a start of message, but we have to check
1539 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001540 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001541 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001542 if (likely(ptr != buf->p)) {
1543 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001544 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001545 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001546 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001547 }
Willy Tarreau26927362012-05-18 23:22:52 +02001548 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001549 msg->sl.rq.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001550 state = HTTP_MSG_RQMETH;
1551 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001552 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001553
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001554 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1555 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001556
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001557 if (unlikely(*ptr == '\n'))
1558 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1559 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001560 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001561
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001562 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001563 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001564 EXPECT_LF_HERE(ptr, http_msg_invalid);
1565 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001566 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001567
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001568 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001569 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001570 case HTTP_MSG_RQMETH_SP:
1571 case HTTP_MSG_RQURI:
1572 case HTTP_MSG_RQURI_SP:
1573 case HTTP_MSG_RQVER:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001574 ptr = (char *)http_parse_reqline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001575 state, ptr, end,
1576 &msg->next, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001577 if (unlikely(!ptr))
1578 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001579
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001580 /* we have a full request and we know that we have either a CR
1581 * or an LF at <ptr>.
1582 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001583 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001584
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001585 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001586 if (likely(*ptr == '\r'))
1587 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001588 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001589
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001590 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001591 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001592 /* check for HTTP/0.9 request : no version information available.
1593 * msg->sol must point to the first of CR or LF.
1594 */
1595 if (unlikely(msg->sl.rq.v_l == 0))
1596 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001597
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001598 EXPECT_LF_HERE(ptr, http_msg_invalid);
1599 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001600 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001601
Willy Tarreau8973c702007-01-21 23:58:29 +01001602 /*
1603 * Common states below
1604 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001605 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001606 http_msg_hdr_first:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001607 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001608 if (likely(!HTTP_IS_CRLF(*ptr))) {
1609 goto http_msg_hdr_name;
1610 }
1611
1612 if (likely(*ptr == '\r'))
1613 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1614 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001615
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001616 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001617 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001618 /* assumes msg->sol points to the first char */
1619 if (likely(HTTP_IS_TOKEN(*ptr)))
1620 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001621
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001622 if (likely(*ptr == ':'))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001623 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001624
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001625 if (likely(msg->err_pos < -1) || *ptr == '\n')
1626 goto http_msg_invalid;
1627
1628 if (msg->err_pos == -1) /* capture error pointer */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001629 msg->err_pos = ptr - buf->p; /* >= 0 now */
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001630
1631 /* and we still accept this non-token character */
1632 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001633
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001634 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001635 http_msg_hdr_l1_sp:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001636 /* assumes msg->sol points to the first char */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001637 if (likely(HTTP_IS_SPHT(*ptr)))
1638 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001639
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 /* header value can be basically anything except CR/LF */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001641 msg->sov = ptr - buf->p;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001642
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001643 if (likely(!HTTP_IS_CRLF(*ptr))) {
1644 goto http_msg_hdr_val;
1645 }
1646
1647 if (likely(*ptr == '\r'))
1648 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1649 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001650
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001651 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001652 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001653 EXPECT_LF_HERE(ptr, http_msg_invalid);
1654 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001655
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001656 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001657 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001658 if (likely(HTTP_IS_SPHT(*ptr))) {
1659 /* replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001660 for (; buf->p + msg->sov < ptr; msg->sov++)
1661 buf->p[msg->sov] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001662 goto http_msg_hdr_l1_sp;
1663 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001664 /* we had a header consisting only in spaces ! */
Willy Tarreau12e48b32012-03-05 16:57:34 +01001665 msg->eol = msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001666 goto http_msg_complete_header;
1667
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001668 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001669 http_msg_hdr_val:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001670 /* assumes msg->sol points to the first char, and msg->sov
1671 * points to the first character of the value.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001672 */
1673 if (likely(!HTTP_IS_CRLF(*ptr)))
1674 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001675
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001676 msg->eol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001677 /* Note: we could also copy eol into ->eoh so that we have the
1678 * real header end in case it ends with lots of LWS, but is this
1679 * really needed ?
1680 */
1681 if (likely(*ptr == '\r'))
1682 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1683 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001684
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001685 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001686 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001687 EXPECT_LF_HERE(ptr, http_msg_invalid);
1688 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001689
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001690 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001691 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001692 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1693 /* LWS: replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001694 for (; buf->p + msg->eol < ptr; msg->eol++)
1695 buf->p[msg->eol] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001696 goto http_msg_hdr_val;
1697 }
1698 http_msg_complete_header:
1699 /*
1700 * It was a new header, so the last one is finished.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001701 * Assumes msg->sol points to the first char, msg->sov points
1702 * to the first character of the value and msg->eol to the
1703 * first CR or LF so we know how the line ends. We insert last
1704 * header into the index.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001705 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001706 if (unlikely(hdr_idx_add(msg->eol - msg->sol, buf->p[msg->eol] == '\r',
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001707 idx, idx->tail) < 0))
1708 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001709
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001710 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001711 if (likely(!HTTP_IS_CRLF(*ptr))) {
1712 goto http_msg_hdr_name;
1713 }
1714
1715 if (likely(*ptr == '\r'))
1716 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1717 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001718
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001719 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001720 http_msg_last_lf:
Willy Tarreau0558a022014-03-13 15:48:45 +01001721 /* Assumes msg->sol points to the first of either CR or LF.
1722 * Sets ->sov and ->next to the total header length, ->eoh to
1723 * the last CRLF, and ->eol to the last CRLF length (1 or 2).
1724 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001725 EXPECT_LF_HERE(ptr, http_msg_invalid);
1726 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001727 msg->sov = msg->next = ptr - buf->p;
Willy Tarreau3a215be2012-03-09 21:39:51 +01001728 msg->eoh = msg->sol;
1729 msg->sol = 0;
Willy Tarreau0558a022014-03-13 15:48:45 +01001730 msg->eol = msg->sov - msg->eoh;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001731 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001732 return;
Willy Tarreaub56928a2012-04-16 14:51:55 +02001733
1734 case HTTP_MSG_ERROR:
1735 /* this may only happen if we call http_msg_analyser() twice with an error */
1736 break;
1737
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001738 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001739#ifdef DEBUG_FULL
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001740 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1741 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001742#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001743 ;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001744 }
1745 http_msg_ood:
1746 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001747 msg->msg_state = state;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001748 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001749 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001750
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001751 http_msg_invalid:
1752 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001753 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001754 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001755 return;
1756}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001757
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001758/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1759 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1760 * nothing is done and 1 is returned.
1761 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001762static int http_upgrade_v09_to_v10(struct http_txn *txn)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001763{
1764 int delta;
1765 char *cur_end;
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001766 struct http_msg *msg = &txn->req;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001767
1768 if (msg->sl.rq.v_l != 0)
1769 return 1;
1770
Apollon Oikonomopoulos25a15222014-04-06 02:46:00 +03001771 /* RFC 1945 allows only GET for HTTP/0.9 requests */
1772 if (txn->meth != HTTP_METH_GET)
1773 return 0;
1774
Willy Tarreau9b28e032012-10-12 23:49:43 +02001775 cur_end = msg->chn->buf->p + msg->sl.rq.l;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001776 delta = 0;
1777
1778 if (msg->sl.rq.u_l == 0) {
Apollon Oikonomopoulos25a15222014-04-06 02:46:00 +03001779 /* HTTP/0.9 requests *must* have a request URI, per RFC 1945 */
1780 return 0;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001781 }
1782 /* add HTTP version */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001783 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001784 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001785 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001786 cur_end = (char *)http_parse_reqline(msg,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001787 HTTP_MSG_RQMETH,
Willy Tarreau9b28e032012-10-12 23:49:43 +02001788 msg->chn->buf->p, cur_end + 1,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001789 NULL, NULL);
1790 if (unlikely(!cur_end))
1791 return 0;
1792
1793 /* we have a full HTTP/1.0 request now and we know that
1794 * we have either a CR or an LF at <ptr>.
1795 */
1796 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1797 return 1;
1798}
1799
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001800/* Parse the Connection: header of an HTTP request, looking for both "close"
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001801 * and "keep-alive" values. If we already know that some headers may safely
1802 * be removed, we remove them now. The <to_del> flags are used for that :
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001803 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1804 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
Willy Tarreau50fc7772012-11-11 22:19:57 +01001805 * Presence of the "Upgrade" token is also checked and reported.
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001806 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1807 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1808 * harmless combinations may be removed. Do not call that after changes have
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001809 * been processed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001810 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001811void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001812{
Willy Tarreau5b154472009-12-21 20:11:07 +01001813 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001814 const char *hdr_val = "Connection";
1815 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001816
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001817 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001818 return;
1819
Willy Tarreau88d349d2010-01-25 12:15:43 +01001820 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1821 hdr_val = "Proxy-Connection";
1822 hdr_len = 16;
1823 }
1824
Willy Tarreau5b154472009-12-21 20:11:07 +01001825 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001826 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001827 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001828 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1829 txn->flags |= TX_HDR_CONN_KAL;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001830 if (to_del & 2)
1831 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001832 else
1833 txn->flags |= TX_CON_KAL_SET;
1834 }
1835 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1836 txn->flags |= TX_HDR_CONN_CLO;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001837 if (to_del & 1)
1838 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001839 else
1840 txn->flags |= TX_CON_CLO_SET;
1841 }
Willy Tarreau50fc7772012-11-11 22:19:57 +01001842 else if (ctx.vlen >= 7 && word_match(ctx.line + ctx.val, ctx.vlen, "upgrade", 7)) {
1843 txn->flags |= TX_HDR_CONN_UPG;
1844 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001845 }
1846
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001847 txn->flags |= TX_HDR_CONN_PRS;
1848 return;
1849}
Willy Tarreau5b154472009-12-21 20:11:07 +01001850
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001851/* Apply desired changes on the Connection: header. Values may be removed and/or
1852 * added depending on the <wanted> flags, which are exclusively composed of
1853 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
1854 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
1855 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001856void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, int wanted)
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001857{
1858 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001859 const char *hdr_val = "Connection";
1860 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001861
1862 ctx.idx = 0;
1863
Willy Tarreau88d349d2010-01-25 12:15:43 +01001864
1865 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1866 hdr_val = "Proxy-Connection";
1867 hdr_len = 16;
1868 }
1869
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001870 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001871 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001872 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1873 if (wanted & TX_CON_KAL_SET)
1874 txn->flags |= TX_CON_KAL_SET;
1875 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001876 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01001877 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001878 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1879 if (wanted & TX_CON_CLO_SET)
1880 txn->flags |= TX_CON_CLO_SET;
1881 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001882 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01001883 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001884 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001885
1886 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
1887 return;
1888
1889 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
1890 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001891 hdr_val = "Connection: close";
1892 hdr_len = 17;
1893 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1894 hdr_val = "Proxy-Connection: close";
1895 hdr_len = 23;
1896 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001897 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001898 }
1899
1900 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
1901 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001902 hdr_val = "Connection: keep-alive";
1903 hdr_len = 22;
1904 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1905 hdr_val = "Proxy-Connection: keep-alive";
1906 hdr_len = 28;
1907 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001908 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001909 }
1910 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01001911}
1912
Willy Tarreauc24715e2014-04-17 15:21:20 +02001913/* Parse the chunk size at msg->next. Once done, it adjusts ->next to point to
1914 * the first byte of data after the chunk size, so that we know we can forward
1915 * exactly msg->next bytes. msg->sol contains the exact number of bytes forming
1916 * the chunk size. That way it is always possible to differentiate between the
1917 * start of the body and the start of the data.
Willy Tarreau115acb92009-12-26 13:56:06 +01001918 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001919 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001920 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001921static inline int http_parse_chunk_size(struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001922{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001923 const struct buffer *buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001924 const char *ptr = b_ptr(buf, msg->next);
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001925 const char *ptr_old = ptr;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001926 const char *end = buf->data + buf->size;
1927 const char *stop = bi_end(buf);
Willy Tarreau115acb92009-12-26 13:56:06 +01001928 unsigned int chunk = 0;
1929
1930 /* The chunk size is in the following form, though we are only
1931 * interested in the size and CRLF :
1932 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1933 */
1934 while (1) {
1935 int c;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001936 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001937 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001938 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001939 if (c < 0) /* not a hex digit anymore */
1940 break;
Willy Tarreau0161d622013-04-02 01:26:55 +02001941 if (unlikely(++ptr >= end))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001942 ptr = buf->data;
Willy Tarreau431946e2012-02-24 19:20:12 +01001943 if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001944 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001945 chunk = (chunk << 4) + c;
1946 }
1947
Willy Tarreaud98cf932009-12-27 22:54:55 +01001948 /* empty size not allowed */
Willy Tarreau0161d622013-04-02 01:26:55 +02001949 if (unlikely(ptr == ptr_old))
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001950 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001951
1952 while (http_is_spht[(unsigned char)*ptr]) {
1953 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001954 ptr = buf->data;
Willy Tarreau0161d622013-04-02 01:26:55 +02001955 if (unlikely(ptr == stop))
Willy Tarreau115acb92009-12-26 13:56:06 +01001956 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001957 }
1958
Willy Tarreaud98cf932009-12-27 22:54:55 +01001959 /* Up to there, we know that at least one byte is present at *ptr. Check
1960 * for the end of chunk size.
1961 */
1962 while (1) {
1963 if (likely(HTTP_IS_CRLF(*ptr))) {
1964 /* we now have a CR or an LF at ptr */
1965 if (likely(*ptr == '\r')) {
1966 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001967 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001968 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001969 return 0;
1970 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001971
Willy Tarreaud98cf932009-12-27 22:54:55 +01001972 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001973 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001974 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001975 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001976 /* done */
1977 break;
1978 }
1979 else if (*ptr == ';') {
1980 /* chunk extension, ends at next CRLF */
1981 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001982 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001983 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001984 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001985
1986 while (!HTTP_IS_CRLF(*ptr)) {
1987 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001988 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001989 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001990 return 0;
1991 }
1992 /* we have a CRLF now, loop above */
1993 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001994 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001995 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001996 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001997 }
1998
Willy Tarreaud98cf932009-12-27 22:54:55 +01001999 /* OK we found our CRLF and now <ptr> points to the next byte,
Willy Tarreauc24715e2014-04-17 15:21:20 +02002000 * which may or may not be present. We save that into ->next,
2001 * and the number of bytes parsed into msg->sol.
Willy Tarreau115acb92009-12-26 13:56:06 +01002002 */
Willy Tarreauc24715e2014-04-17 15:21:20 +02002003 msg->sol = ptr - ptr_old;
Willy Tarreau0161d622013-04-02 01:26:55 +02002004 if (unlikely(ptr < ptr_old))
Willy Tarreauc24715e2014-04-17 15:21:20 +02002005 msg->sol += buf->size;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002006 msg->next = buffer_count(buf, buf->p, ptr);
Willy Tarreau124d9912011-03-01 20:30:48 +01002007 msg->chunk_len = chunk;
2008 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002009 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01002010 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002011 error:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002012 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002013 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01002014}
2015
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002016/* This function skips trailers in the buffer associated with HTTP
Willy Tarreaua458b672012-03-05 11:17:50 +01002017 * message <msg>. The first visited position is msg->next. If the end of
Willy Tarreaud98cf932009-12-27 22:54:55 +01002018 * the trailers is found, it is automatically scheduled to be forwarded,
2019 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
2020 * If not enough data are available, the function does not change anything
Willy Tarreauc24715e2014-04-17 15:21:20 +02002021 * except maybe msg->next if it could parse some lines, and returns zero.
2022 * If a parse error is encountered, the function returns < 0 and does not
2023 * change anything except maybe msg->next. Note that the message must
2024 * already be in HTTP_MSG_TRAILERS state before calling this function,
Willy Tarreau638cd022010-01-03 07:42:04 +01002025 * which implies that all non-trailers data have already been scheduled for
Willy Tarreauc24715e2014-04-17 15:21:20 +02002026 * forwarding, and that msg->next exactly matches the length of trailers
2027 * already parsed and not forwarded. It is also important to note that this
2028 * function is designed to be able to parse wrapped headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002029 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002030static int http_forward_trailers(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002031{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002032 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002033
Willy Tarreaua458b672012-03-05 11:17:50 +01002034 /* we have msg->next which points to next line. Look for CRLF. */
Willy Tarreaud98cf932009-12-27 22:54:55 +01002035 while (1) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002036 const char *p1 = NULL, *p2 = NULL;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002037 const char *ptr = b_ptr(buf, msg->next);
2038 const char *stop = bi_end(buf);
Willy Tarreau638cd022010-01-03 07:42:04 +01002039 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002040
2041 /* scan current line and stop at LF or CRLF */
2042 while (1) {
Willy Tarreau363a5bb2012-03-02 20:14:45 +01002043 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002044 return 0;
2045
2046 if (*ptr == '\n') {
2047 if (!p1)
2048 p1 = ptr;
2049 p2 = ptr;
2050 break;
2051 }
2052
2053 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002054 if (p1) {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002055 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002056 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002057 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002058 p1 = ptr;
2059 }
2060
2061 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002062 if (ptr >= buf->data + buf->size)
2063 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002064 }
2065
2066 /* after LF; point to beginning of next line */
2067 p2++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002068 if (p2 >= buf->data + buf->size)
2069 p2 = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002070
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002071 bytes = p2 - b_ptr(buf, msg->next);
Willy Tarreau638cd022010-01-03 07:42:04 +01002072 if (bytes < 0)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002073 bytes += buf->size;
Willy Tarreau638cd022010-01-03 07:42:04 +01002074
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002075 if (p1 == b_ptr(buf, msg->next)) {
Willy Tarreau638cd022010-01-03 07:42:04 +01002076 /* LF/CRLF at beginning of line => end of trailers at p2.
2077 * Everything was scheduled for forwarding, there's nothing
2078 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01002079 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002080 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002081 msg->msg_state = HTTP_MSG_DONE;
2082 return 1;
2083 }
2084 /* OK, next line then */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002085 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002086 }
2087}
2088
Willy Tarreauc24715e2014-04-17 15:21:20 +02002089/* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF
2090 * or a possible LF alone at the end of a chunk. It automatically adjusts
2091 * msg->next in order to include this part into the next forwarding phase.
Willy Tarreaua458b672012-03-05 11:17:50 +01002092 * Note that the caller must ensure that ->p points to the first byte to parse.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002093 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
2094 * not enough data are available, the function does not change anything and
2095 * returns zero. If a parse error is encountered, the function returns < 0 and
2096 * does not change anything. Note: this function is designed to parse wrapped
2097 * CRLF at the end of the buffer.
2098 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002099static inline int http_skip_chunk_crlf(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002100{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002101 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002102 const char *ptr;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002103 int bytes;
2104
2105 /* NB: we'll check data availabilty at the end. It's not a
2106 * problem because whatever we match first will be checked
2107 * against the correct length.
2108 */
2109 bytes = 1;
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002110 ptr = b_ptr(buf, msg->next);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002111 if (*ptr == '\r') {
2112 bytes++;
2113 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002114 if (ptr >= buf->data + buf->size)
2115 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002116 }
2117
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002118 if (msg->next + bytes > buf->i)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002119 return 0;
2120
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002121 if (*ptr != '\n') {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002122 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002123 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002124 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002125
2126 ptr++;
Willy Tarreau0161d622013-04-02 01:26:55 +02002127 if (unlikely(ptr >= buf->data + buf->size))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002128 ptr = buf->data;
Willy Tarreauc24715e2014-04-17 15:21:20 +02002129 /* Advance ->next to allow the CRLF to be forwarded */
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002130 msg->next += bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002131 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2132 return 1;
2133}
Willy Tarreau5b154472009-12-21 20:11:07 +01002134
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002135/* Parses a qvalue and returns it multipled by 1000, from 0 to 1000. If the
2136 * value is larger than 1000, it is bound to 1000. The parser consumes up to
2137 * 1 digit, one dot and 3 digits and stops on the first invalid character.
2138 * Unparsable qvalues return 1000 as "q=1.000".
2139 */
Thierry FOURNIERad903512014-04-11 17:51:01 +02002140int parse_qvalue(const char *qvalue, const char **end)
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002141{
2142 int q = 1000;
2143
2144 if (!isdigit(*qvalue))
2145 goto out;
2146 q = (*qvalue++ - '0') * 1000;
2147
2148 if (*qvalue++ != '.')
2149 goto out;
2150
2151 if (!isdigit(*qvalue))
2152 goto out;
2153 q += (*qvalue++ - '0') * 100;
2154
2155 if (!isdigit(*qvalue))
2156 goto out;
2157 q += (*qvalue++ - '0') * 10;
2158
2159 if (!isdigit(*qvalue))
2160 goto out;
2161 q += (*qvalue++ - '0') * 1;
2162 out:
2163 if (q > 1000)
2164 q = 1000;
Willy Tarreau38b3aa52014-04-22 23:32:05 +02002165 if (end)
Thierry FOURNIERad903512014-04-11 17:51:01 +02002166 *end = qvalue;
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002167 return q;
2168}
William Lallemand82fe75c2012-10-23 10:25:10 +02002169
2170/*
2171 * Selects a compression algorithm depending on the client request.
Willy Tarreau05d84602012-10-26 02:11:25 +02002172 */
William Lallemand82fe75c2012-10-23 10:25:10 +02002173int select_compression_request_header(struct session *s, struct buffer *req)
2174{
2175 struct http_txn *txn = &s->txn;
Willy Tarreau70737d12012-10-27 00:34:28 +02002176 struct http_msg *msg = &txn->req;
William Lallemand82fe75c2012-10-23 10:25:10 +02002177 struct hdr_ctx ctx;
2178 struct comp_algo *comp_algo = NULL;
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002179 struct comp_algo *comp_algo_back = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002180
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002181 /* Disable compression for older user agents announcing themselves as "Mozilla/4"
2182 * unless they are known good (MSIE 6 with XP SP2, or MSIE 7 and later).
Willy Tarreau05d84602012-10-26 02:11:25 +02002183 * See http://zoompf.com/2012/02/lose-the-wait-http-compression for more details.
2184 */
2185 ctx.idx = 0;
2186 if (http_find_header2("User-Agent", 10, req->p, &txn->hdr_idx, &ctx) &&
2187 ctx.vlen >= 9 &&
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002188 memcmp(ctx.line + ctx.val, "Mozilla/4", 9) == 0 &&
2189 (ctx.vlen < 31 ||
2190 memcmp(ctx.line + ctx.val + 25, "MSIE ", 5) != 0 ||
2191 ctx.line[ctx.val + 30] < '6' ||
2192 (ctx.line[ctx.val + 30] == '6' &&
2193 (ctx.vlen < 54 || memcmp(ctx.line + 51, "SV1", 3) != 0)))) {
2194 s->comp_algo = NULL;
2195 return 0;
Willy Tarreau05d84602012-10-26 02:11:25 +02002196 }
2197
William Lallemand82fe75c2012-10-23 10:25:10 +02002198 /* search for the algo in the backend in priority or the frontend */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002199 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002200 int best_q = 0;
2201
William Lallemand82fe75c2012-10-23 10:25:10 +02002202 ctx.idx = 0;
2203 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002204 const char *qval;
2205 int q;
2206 int toklen;
2207
2208 /* try to isolate the token from the optional q-value */
2209 toklen = 0;
2210 while (toklen < ctx.vlen && http_is_token[(unsigned char)*(ctx.line + ctx.val + toklen)])
2211 toklen++;
2212
2213 qval = ctx.line + ctx.val + toklen;
2214 while (1) {
2215 while (qval < ctx.line + ctx.val + ctx.vlen && http_is_lws[(unsigned char)*qval])
2216 qval++;
2217
2218 if (qval >= ctx.line + ctx.val + ctx.vlen || *qval != ';') {
2219 qval = NULL;
2220 break;
2221 }
2222 qval++;
Willy Tarreau70737d12012-10-27 00:34:28 +02002223
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002224 while (qval < ctx.line + ctx.val + ctx.vlen && http_is_lws[(unsigned char)*qval])
2225 qval++;
Willy Tarreau70737d12012-10-27 00:34:28 +02002226
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002227 if (qval >= ctx.line + ctx.val + ctx.vlen) {
2228 qval = NULL;
2229 break;
William Lallemand82fe75c2012-10-23 10:25:10 +02002230 }
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002231 if (strncmp(qval, "q=", MIN(ctx.line + ctx.val + ctx.vlen - qval, 2)) == 0)
2232 break;
2233
2234 while (qval < ctx.line + ctx.val + ctx.vlen && *qval != ';')
2235 qval++;
2236 }
2237
2238 /* here we have qval pointing to the first "q=" attribute or NULL if not found */
Thierry FOURNIERad903512014-04-11 17:51:01 +02002239 q = qval ? parse_qvalue(qval + 2, NULL) : 1000;
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002240
2241 if (q <= best_q)
2242 continue;
2243
2244 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
2245 if (*(ctx.line + ctx.val) == '*' ||
2246 word_match(ctx.line + ctx.val, toklen, comp_algo->name, comp_algo->name_len)) {
2247 s->comp_algo = comp_algo;
2248 best_q = q;
2249 break;
2250 }
2251 }
2252 }
2253 }
2254
2255 /* remove all occurrences of the header when "compression offload" is set */
2256 if (s->comp_algo) {
2257 if ((s->be->comp && s->be->comp->offload) || (s->fe->comp && s->fe->comp->offload)) {
2258 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2259 ctx.idx = 0;
2260 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
2261 http_remove_header2(msg, &txn->hdr_idx, &ctx);
William Lallemand82fe75c2012-10-23 10:25:10 +02002262 }
2263 }
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002264 return 1;
William Lallemand82fe75c2012-10-23 10:25:10 +02002265 }
2266
2267 /* identity is implicit does not require headers */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002268 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
2269 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002270 if (comp_algo->add_data == identity_add_data) {
2271 s->comp_algo = comp_algo;
2272 return 1;
2273 }
2274 }
2275 }
2276
2277 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002278 return 0;
2279}
2280
2281/*
2282 * Selects a comression algorithm depending of the server response.
2283 */
2284int select_compression_response_header(struct session *s, struct buffer *res)
2285{
2286 struct http_txn *txn = &s->txn;
2287 struct http_msg *msg = &txn->rsp;
2288 struct hdr_ctx ctx;
2289 struct comp_type *comp_type;
William Lallemand82fe75c2012-10-23 10:25:10 +02002290
2291 /* no common compression algorithm was found in request header */
2292 if (s->comp_algo == NULL)
2293 goto fail;
2294
2295 /* HTTP < 1.1 should not be compressed */
Willy Tarreau72575502013-12-24 14:41:35 +01002296 if (!(msg->flags & HTTP_MSGF_VER_11) || !(txn->req.flags & HTTP_MSGF_VER_11))
William Lallemand82fe75c2012-10-23 10:25:10 +02002297 goto fail;
2298
William Lallemandd3002612012-11-26 14:34:47 +01002299 /* 200 only */
2300 if (txn->status != 200)
2301 goto fail;
2302
William Lallemand82fe75c2012-10-23 10:25:10 +02002303 /* Content-Length is null */
2304 if (!(msg->flags & HTTP_MSGF_TE_CHNK) && msg->body_len == 0)
2305 goto fail;
2306
2307 /* content is already compressed */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002308 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002309 if (http_find_header2("Content-Encoding", 16, res->p, &txn->hdr_idx, &ctx))
2310 goto fail;
2311
Willy Tarreau56e9ffa2013-01-05 16:20:35 +01002312 /* no compression when Cache-Control: no-transform is present in the message */
2313 ctx.idx = 0;
2314 while (http_find_header2("Cache-Control", 13, res->p, &txn->hdr_idx, &ctx)) {
2315 if (word_match(ctx.line + ctx.val, ctx.vlen, "no-transform", 12))
2316 goto fail;
2317 }
2318
William Lallemand82fe75c2012-10-23 10:25:10 +02002319 comp_type = NULL;
2320
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002321 /* we don't want to compress multipart content-types, nor content-types that are
2322 * not listed in the "compression type" directive if any. If no content-type was
2323 * found but configuration requires one, we don't compress either. Backend has
2324 * the priority.
William Lallemand82fe75c2012-10-23 10:25:10 +02002325 */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002326 ctx.idx = 0;
2327 if (http_find_header2("Content-Type", 12, res->p, &txn->hdr_idx, &ctx)) {
2328 if (ctx.vlen >= 9 && strncasecmp("multipart", ctx.line+ctx.val, 9) == 0)
2329 goto fail;
2330
2331 if ((s->be->comp && (comp_type = s->be->comp->types)) ||
2332 (s->fe->comp && (comp_type = s->fe->comp->types))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002333 for (; comp_type; comp_type = comp_type->next) {
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002334 if (ctx.vlen >= comp_type->name_len &&
2335 strncasecmp(ctx.line+ctx.val, comp_type->name, comp_type->name_len) == 0)
William Lallemand82fe75c2012-10-23 10:25:10 +02002336 /* this Content-Type should be compressed */
2337 break;
2338 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002339 /* this Content-Type should not be compressed */
2340 if (comp_type == NULL)
2341 goto fail;
William Lallemand82fe75c2012-10-23 10:25:10 +02002342 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002343 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002344 else { /* no content-type header */
2345 if ((s->be->comp && s->be->comp->types) || (s->fe->comp && s->fe->comp->types))
2346 goto fail; /* a content-type was required */
William Lallemandd3002612012-11-26 14:34:47 +01002347 }
2348
William Lallemandd85f9172012-11-09 17:05:39 +01002349 /* limit compression rate */
2350 if (global.comp_rate_lim > 0)
2351 if (read_freq_ctr(&global.comp_bps_in) > global.comp_rate_lim)
2352 goto fail;
2353
William Lallemand072a2bf2012-11-20 17:01:01 +01002354 /* limit cpu usage */
2355 if (idle_pct < compress_min_idle)
2356 goto fail;
2357
William Lallemand4c49fae2012-11-07 15:00:23 +01002358 /* initialize compression */
William Lallemandf3747832012-11-09 12:33:10 +01002359 if (s->comp_algo->init(&s->comp_ctx, global.tune.comp_maxlevel) < 0)
William Lallemand4c49fae2012-11-07 15:00:23 +01002360 goto fail;
2361
William Lallemandec3e3892012-11-12 17:02:18 +01002362 s->flags |= SN_COMP_READY;
2363
William Lallemand82fe75c2012-10-23 10:25:10 +02002364 /* remove Content-Length header */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002365 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002366 if ((msg->flags & HTTP_MSGF_CNT_LEN) && http_find_header2("Content-Length", 14, res->p, &txn->hdr_idx, &ctx))
2367 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2368
2369 /* add Transfer-Encoding header */
2370 if (!(msg->flags & HTTP_MSGF_TE_CHNK))
2371 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, "Transfer-Encoding: chunked", 26);
2372
2373 /*
2374 * Add Content-Encoding header when it's not identity encoding.
2375 * RFC 2616 : Identity encoding: This content-coding is used only in the
2376 * Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding
2377 * header.
2378 */
2379 if (s->comp_algo->add_data != identity_add_data) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002380 trash.len = 18;
2381 memcpy(trash.str, "Content-Encoding: ", trash.len);
2382 memcpy(trash.str + trash.len, s->comp_algo->name, s->comp_algo->name_len);
2383 trash.len += s->comp_algo->name_len;
2384 trash.str[trash.len] = '\0';
2385 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
William Lallemand82fe75c2012-10-23 10:25:10 +02002386 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002387 return 1;
2388
2389fail:
Willy Tarreaub97b6192012-11-19 14:55:02 +01002390 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002391 return 0;
2392}
2393
2394
Willy Tarreaud787e662009-07-07 10:14:51 +02002395/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2396 * processing can continue on next analysers, or zero if it either needs more
2397 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2398 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2399 * when it has nothing left to do, and may remove any analyser when it wants to
2400 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002401 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002402int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002403{
Willy Tarreau59234e92008-11-30 23:51:27 +01002404 /*
2405 * We will parse the partial (or complete) lines.
2406 * We will check the request syntax, and also join multi-line
2407 * headers. An index of all the lines will be elaborated while
2408 * parsing.
2409 *
2410 * For the parsing, we use a 28 states FSM.
2411 *
2412 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02002413 * req->buf->p = beginning of request
2414 * req->buf->p + msg->eoh = end of processed headers / start of current one
2415 * req->buf->p + req->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02002416 * msg->eol = end of current header or line (LF or CRLF)
2417 * msg->next = first non-visited byte
Willy Tarreaud787e662009-07-07 10:14:51 +02002418 *
2419 * At end of parsing, we may perform a capture of the error (if any), and
Willy Tarreau877e78d2013-04-07 18:48:08 +02002420 * we will set a few fields (txn->meth, sn->flags/SN_REDIRECTABLE).
Willy Tarreaud787e662009-07-07 10:14:51 +02002421 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2422 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002423 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002424
Willy Tarreau59234e92008-11-30 23:51:27 +01002425 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002426 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002427 struct http_txn *txn = &s->txn;
2428 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002429 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002430
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002431 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau6bf17362009-02-24 10:48:35 +01002432 now_ms, __FUNCTION__,
2433 s,
2434 req,
2435 req->rex, req->wex,
2436 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002437 req->buf->i,
Willy Tarreau6bf17362009-02-24 10:48:35 +01002438 req->analysers);
2439
Willy Tarreau52a0c602009-08-16 22:45:38 +02002440 /* we're speaking HTTP here, so let's speak HTTP to the client */
2441 s->srv_error = http_return_srv_error;
2442
Willy Tarreau83e3af02009-12-28 17:39:57 +01002443 /* There's a protected area at the end of the buffer for rewriting
2444 * purposes. We don't want to start to parse the request if the
2445 * protected area is affected, because we may have to move processed
2446 * data later, which is much more complicated.
2447 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002448 if (buffer_not_empty(req->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02002449 if (txn->flags & TX_NOT_FIRST) {
2450 if (unlikely(!channel_reserved(req))) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002451 if (req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002452 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002453 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002454 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002455 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01002456 req->flags |= CF_WAKE_WRITE;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002457 return 0;
2458 }
Willy Tarreau379357a2013-06-08 12:55:46 +02002459 if (unlikely(bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2460 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite))
2461 buffer_slow_realign(req->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002462 }
2463
Willy Tarreau065e8332010-01-08 00:30:20 +01002464 /* Note that we have the same problem with the response ; we
2465 * may want to send a redirect, error or anything which requires
2466 * some spare space. So we'll ensure that we have at least
2467 * maxrewrite bytes available in the response buffer before
2468 * processing that one. This will only affect pipelined
2469 * keep-alive requests.
2470 */
2471 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau379357a2013-06-08 12:55:46 +02002472 unlikely(!channel_reserved(s->rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002473 bi_end(s->rep->buf) < b_ptr(s->rep->buf, txn->rsp.next) ||
2474 bi_end(s->rep->buf) > s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)) {
2475 if (s->rep->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002476 if (s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002477 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002478 /* don't let a connection request be initiated */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002479 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002480 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01002481 s->rep->flags |= CF_WAKE_WRITE;
Willy Tarreau0499e352010-12-17 07:13:42 +01002482 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002483 return 0;
2484 }
2485 }
2486
Willy Tarreau9b28e032012-10-12 23:49:43 +02002487 if (likely(msg->next < req->buf->i)) /* some unparsed data are available */
Willy Tarreaua560c212012-03-09 13:50:57 +01002488 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002489 }
2490
Willy Tarreau59234e92008-11-30 23:51:27 +01002491 /* 1: we might have to print this header in debug mode */
2492 if (unlikely((global.mode & MODE_DEBUG) &&
2493 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002494 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002495 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002496
Willy Tarreau9b28e032012-10-12 23:49:43 +02002497 sol = req->buf->p;
Willy Tarreaue92693a2012-09-24 21:13:39 +02002498 /* this is a bit complex : in case of error on the request line,
2499 * we know that rq.l is still zero, so we display only the part
2500 * up to the end of the line (truncated by debug_hdr).
2501 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002502 eol = sol + (msg->sl.rq.l ? msg->sl.rq.l : req->buf->i);
Willy Tarreau59234e92008-11-30 23:51:27 +01002503 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002504
Willy Tarreau59234e92008-11-30 23:51:27 +01002505 sol += hdr_idx_first_pos(&txn->hdr_idx);
2506 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002507
Willy Tarreau59234e92008-11-30 23:51:27 +01002508 while (cur_idx) {
2509 eol = sol + txn->hdr_idx.v[cur_idx].len;
2510 debug_hdr("clihdr", s, sol, eol);
2511 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2512 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002513 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002514 }
2515
Willy Tarreau58f10d72006-12-04 02:26:12 +01002516
Willy Tarreau59234e92008-11-30 23:51:27 +01002517 /*
2518 * Now we quickly check if we have found a full valid request.
2519 * If not so, we check the FD and buffer states before leaving.
2520 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002521 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002522 * requests are checked first. When waiting for a second request
2523 * on a keep-alive session, if we encounter and error, close, t/o,
2524 * we note the error in the session flags but don't set any state.
2525 * Since the error will be noted there, it will not be counted by
2526 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002527 * Last, we may increase some tracked counters' http request errors on
2528 * the cases that are deliberately the client's fault. For instance,
2529 * a timeout or connection reset is not counted as an error. However
2530 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002531 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002532
Willy Tarreau655dce92009-11-08 13:10:58 +01002533 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002534 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002535 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002536 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002537 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002538 session_inc_http_req_ctr(s);
2539 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002540 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002541 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002542 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002543
Willy Tarreau59234e92008-11-30 23:51:27 +01002544 /* 1: Since we are in header mode, if there's no space
2545 * left for headers, we won't be able to free more
2546 * later, so the session will never terminate. We
2547 * must terminate it now.
2548 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002549 if (unlikely(buffer_full(req->buf, global.tune.maxrewrite))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002550 /* FIXME: check if URI is set and return Status
2551 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002552 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002553 session_inc_http_req_ctr(s);
2554 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002555 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreaufec4d892011-09-02 20:04:57 +02002556 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02002557 msg->err_pos = req->buf->i;
Willy Tarreau59234e92008-11-30 23:51:27 +01002558 goto return_bad_req;
2559 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002560
Willy Tarreau59234e92008-11-30 23:51:27 +01002561 /* 2: have we encountered a read error ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002562 else if (req->flags & CF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002563 if (!(s->flags & SN_ERR_MASK))
2564 s->flags |= SN_ERR_CLICL;
2565
Willy Tarreaufcffa692010-01-10 14:21:19 +01002566 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002567 goto failed_keep_alive;
2568
Willy Tarreau59234e92008-11-30 23:51:27 +01002569 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002570 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002571 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002572 session_inc_http_err_ctr(s);
2573 }
2574
Willy Tarreaudc979f22012-12-04 10:39:01 +01002575 txn->status = 400;
2576 stream_int_retnclose(req->prod, NULL);
Willy Tarreau59234e92008-11-30 23:51:27 +01002577 msg->msg_state = HTTP_MSG_ERROR;
2578 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002579
Willy Tarreauda7ff642010-06-23 11:44:09 +02002580 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002581 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002582 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002583 if (s->listener->counters)
2584 s->listener->counters->failed_req++;
2585
Willy Tarreau59234e92008-11-30 23:51:27 +01002586 if (!(s->flags & SN_FINST_MASK))
2587 s->flags |= SN_FINST_R;
2588 return 0;
2589 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002590
Willy Tarreau59234e92008-11-30 23:51:27 +01002591 /* 3: has the read timeout expired ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002592 else if (req->flags & CF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002593 if (!(s->flags & SN_ERR_MASK))
2594 s->flags |= SN_ERR_CLITO;
2595
Willy Tarreaufcffa692010-01-10 14:21:19 +01002596 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002597 goto failed_keep_alive;
2598
Willy Tarreau59234e92008-11-30 23:51:27 +01002599 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002600 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002601 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002602 session_inc_http_err_ctr(s);
2603 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002604 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02002605 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau59234e92008-11-30 23:51:27 +01002606 msg->msg_state = HTTP_MSG_ERROR;
2607 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002608
Willy Tarreauda7ff642010-06-23 11:44:09 +02002609 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002610 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002611 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002612 if (s->listener->counters)
2613 s->listener->counters->failed_req++;
2614
Willy Tarreau59234e92008-11-30 23:51:27 +01002615 if (!(s->flags & SN_FINST_MASK))
2616 s->flags |= SN_FINST_R;
2617 return 0;
2618 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002619
Willy Tarreau59234e92008-11-30 23:51:27 +01002620 /* 4: have we encountered a close ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002621 else if (req->flags & CF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002622 if (!(s->flags & SN_ERR_MASK))
2623 s->flags |= SN_ERR_CLICL;
2624
Willy Tarreaufcffa692010-01-10 14:21:19 +01002625 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002626 goto failed_keep_alive;
2627
Willy Tarreau4076a152009-04-02 15:18:36 +02002628 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002629 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002630 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002631 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau59234e92008-11-30 23:51:27 +01002632 msg->msg_state = HTTP_MSG_ERROR;
2633 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002634
Willy Tarreauda7ff642010-06-23 11:44:09 +02002635 session_inc_http_err_ctr(s);
2636 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002637 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002638 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002639 if (s->listener->counters)
2640 s->listener->counters->failed_req++;
2641
Willy Tarreau59234e92008-11-30 23:51:27 +01002642 if (!(s->flags & SN_FINST_MASK))
2643 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002644 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002645 }
2646
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002647 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002648 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
2649 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau5e205522011-12-17 16:34:27 +01002650#ifdef TCP_QUICKACK
Willy Tarreau3c728722014-01-23 13:50:42 +01002651 if (s->listener->options & LI_O_NOQUICKACK && req->buf->i && objt_conn(s->req->prod->end) && conn_ctrl_ready(__objt_conn(s->req->prod->end))) {
Willy Tarreau5e205522011-12-17 16:34:27 +01002652 /* We need more data, we have to re-enable quick-ack in case we
2653 * previously disabled it, otherwise we might cause the client
2654 * to delay next data.
2655 */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002656 setsockopt(__objt_conn(s->req->prod->end)->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01002657 }
2658#endif
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002659
Willy Tarreaufcffa692010-01-10 14:21:19 +01002660 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2661 /* If the client starts to talk, let's fall back to
2662 * request timeout processing.
2663 */
2664 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002665 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002666 }
2667
Willy Tarreau59234e92008-11-30 23:51:27 +01002668 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002669 if (!tick_isset(req->analyse_exp)) {
2670 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2671 (txn->flags & TX_WAIT_NEXT_RQ) &&
2672 tick_isset(s->be->timeout.httpka))
2673 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2674 else
2675 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2676 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002677
Willy Tarreau59234e92008-11-30 23:51:27 +01002678 /* we're not ready yet */
2679 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002680
2681 failed_keep_alive:
2682 /* Here we process low-level errors for keep-alive requests. In
2683 * short, if the request is not the first one and it experiences
2684 * a timeout, read error or shutdown, we just silently close so
2685 * that the client can try again.
2686 */
2687 txn->status = 0;
2688 msg->msg_state = HTTP_MSG_RQBEFORE;
2689 req->analysers = 0;
2690 s->logs.logwait = 0;
Willy Tarreauabcd5142013-06-11 17:18:02 +02002691 s->logs.level = 0;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002692 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002693 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002694 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002695 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002696
Willy Tarreaud787e662009-07-07 10:14:51 +02002697 /* OK now we have a complete HTTP request with indexed headers. Let's
2698 * complete the request parsing by setting a few fields we will need
Willy Tarreau9b28e032012-10-12 23:49:43 +02002699 * later. At this point, we have the last CRLF at req->buf->data + msg->eoh.
Willy Tarreaufa355d42009-11-29 18:12:29 +01002700 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
Willy Tarreaua458b672012-03-05 11:17:50 +01002701 * points to the CRLF of the request line. msg->next points to the first
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01002702 * byte after the last LF. msg->sov points to the first byte of data.
2703 * msg->eol cannot be trusted because it may have been left uninitialized
2704 * (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002705 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002706
Willy Tarreauda7ff642010-06-23 11:44:09 +02002707 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002708 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2709
Willy Tarreaub16a5742010-01-10 14:46:16 +01002710 if (txn->flags & TX_WAIT_NEXT_RQ) {
2711 /* kill the pending keep-alive timeout */
2712 txn->flags &= ~TX_WAIT_NEXT_RQ;
2713 req->analyse_exp = TICK_ETERNITY;
2714 }
2715
2716
Willy Tarreaud787e662009-07-07 10:14:51 +02002717 /* Maybe we found in invalid header name while we were configured not
2718 * to block on that, so we have to capture it now.
2719 */
2720 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002721 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002722
Willy Tarreau59234e92008-11-30 23:51:27 +01002723 /*
2724 * 1: identify the method
2725 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002726 txn->meth = find_http_meth(req->buf->p, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002727
2728 /* we can make use of server redirect on GET and HEAD */
2729 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2730 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002731
Willy Tarreau59234e92008-11-30 23:51:27 +01002732 /*
2733 * 2: check if the URI matches the monitor_uri.
2734 * We have to do this for every request which gets in, because
2735 * the monitor-uri is defined by the frontend.
2736 */
2737 if (unlikely((s->fe->monitor_uri_len != 0) &&
2738 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002739 !memcmp(req->buf->p + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002740 s->fe->monitor_uri,
2741 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002742 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002743 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002744 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002745 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002746
Willy Tarreau59234e92008-11-30 23:51:27 +01002747 s->flags |= SN_MONITOR;
Willy Tarreaueabea072011-09-10 23:29:44 +02002748 s->fe->fe_counters.intercepted_req++;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002749
Willy Tarreau59234e92008-11-30 23:51:27 +01002750 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002751 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002752 int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau11382812008-07-09 16:18:21 +02002753
Willy Tarreau59234e92008-11-30 23:51:27 +01002754 ret = acl_pass(ret);
2755 if (cond->pol == ACL_COND_UNLESS)
2756 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002757
Willy Tarreau59234e92008-11-30 23:51:27 +01002758 if (ret) {
2759 /* we fail this request, let's return 503 service unavail */
2760 txn->status = 503;
Willy Tarreau783f2582012-09-04 12:19:04 +02002761 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
Willy Tarreau570f2212013-06-10 16:42:09 +02002762 if (!(s->flags & SN_ERR_MASK))
2763 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002764 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002765 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002766 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002767
Willy Tarreau59234e92008-11-30 23:51:27 +01002768 /* nothing to fail, let's reply normaly */
2769 txn->status = 200;
Willy Tarreau783f2582012-09-04 12:19:04 +02002770 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
Willy Tarreau570f2212013-06-10 16:42:09 +02002771 if (!(s->flags & SN_ERR_MASK))
2772 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002773 goto return_prx_cond;
2774 }
2775
2776 /*
2777 * 3: Maybe we have to copy the original REQURI for the logs ?
2778 * Note: we cannot log anymore if the request has been
2779 * classified as invalid.
2780 */
2781 if (unlikely(s->logs.logwait & LW_REQ)) {
2782 /* we have a complete HTTP request that we must log */
2783 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2784 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002785
Willy Tarreau59234e92008-11-30 23:51:27 +01002786 if (urilen >= REQURI_LEN)
2787 urilen = REQURI_LEN - 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +02002788 memcpy(txn->uri, req->buf->p, urilen);
Willy Tarreau59234e92008-11-30 23:51:27 +01002789 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002790
Willy Tarreaud79a3b22012-12-28 09:40:16 +01002791 if (!(s->logs.logwait &= ~(LW_REQ|LW_INIT)))
Willy Tarreau59234e92008-11-30 23:51:27 +01002792 s->do_log(s);
2793 } else {
2794 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002795 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002796 }
Willy Tarreau06619262006-12-17 08:37:22 +01002797
Willy Tarreau59234e92008-11-30 23:51:27 +01002798 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01002799 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002800 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002801
Willy Tarreau5b154472009-12-21 20:11:07 +01002802 /* ... and check if the request is HTTP/1.1 or above */
2803 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002804 ((req->buf->p[msg->sl.rq.v + 5] > '1') ||
2805 ((req->buf->p[msg->sl.rq.v + 5] == '1') &&
2806 (req->buf->p[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002807 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01002808
2809 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01002810 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL | TX_HDR_CONN_UPG);
Willy Tarreau5b154472009-12-21 20:11:07 +01002811
Willy Tarreau88d349d2010-01-25 12:15:43 +01002812 /* if the frontend has "option http-use-proxy-header", we'll check if
2813 * we have what looks like a proxied connection instead of a connection,
2814 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2815 * Note that this is *not* RFC-compliant, however browsers and proxies
2816 * happen to do that despite being non-standard :-(
2817 * We consider that a request not beginning with either '/' or '*' is
2818 * a proxied connection, which covers both "scheme://location" and
2819 * CONNECT ip:port.
2820 */
2821 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002822 req->buf->p[msg->sl.rq.u] != '/' && req->buf->p[msg->sl.rq.u] != '*')
Willy Tarreau88d349d2010-01-25 12:15:43 +01002823 txn->flags |= TX_USE_PX_CONN;
2824
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002825 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002826 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002827
Willy Tarreau59234e92008-11-30 23:51:27 +01002828 /* 5: we may need to capture headers */
Willy Tarreau42f7d892012-03-24 08:28:09 +01002829 if (unlikely((s->logs.logwait & LW_REQHDR) && txn->req.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02002830 capture_headers(req->buf->p, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002831 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002832
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002833 /* 6: determine the transfer-length.
2834 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2835 * the presence of a message-body in a REQUEST and its transfer length
2836 * must be determined that way (in order of precedence) :
2837 * 1. The presence of a message-body in a request is signaled by the
2838 * inclusion of a Content-Length or Transfer-Encoding header field
2839 * in the request's header fields. When a request message contains
2840 * both a message-body of non-zero length and a method that does
2841 * not define any semantics for that request message-body, then an
2842 * origin server SHOULD either ignore the message-body or respond
2843 * with an appropriate error message (e.g., 413). A proxy or
2844 * gateway, when presented the same request, SHOULD either forward
2845 * the request inbound with the message- body or ignore the
2846 * message-body when determining a response.
2847 *
2848 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2849 * and the "chunked" transfer-coding (Section 6.2) is used, the
2850 * transfer-length is defined by the use of this transfer-coding.
2851 * If a Transfer-Encoding header field is present and the "chunked"
2852 * transfer-coding is not present, the transfer-length is defined
2853 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002854 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002855 * 3. If a Content-Length header field is present, its decimal value in
2856 * OCTETs represents both the entity-length and the transfer-length.
2857 * If a message is received with both a Transfer-Encoding header
2858 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002859 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002860 * 4. By the server closing the connection. (Closing the connection
2861 * cannot be used to indicate the end of a request body, since that
2862 * would leave no possibility for the server to send back a response.)
2863 *
2864 * Whenever a transfer-coding is applied to a message-body, the set of
2865 * transfer-codings MUST include "chunked", unless the message indicates
2866 * it is terminated by closing the connection. When the "chunked"
2867 * transfer-coding is used, it MUST be the last transfer-coding applied
2868 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002869 */
2870
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002871 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002872 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002873 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002874 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002875 http_find_header2("Transfer-Encoding", 17, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002876 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002877 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
2878 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002879 /* bad transfer-encoding (chunked followed by something else) */
2880 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002881 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002882 break;
2883 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002884 }
2885
Willy Tarreau32b47f42009-10-18 20:55:02 +02002886 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002887 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002888 http_find_header2("Content-Length", 14, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau32b47f42009-10-18 20:55:02 +02002889 signed long long cl;
2890
Willy Tarreauad14f752011-09-02 20:33:27 +02002891 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002892 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002893 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002894 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002895
Willy Tarreauad14f752011-09-02 20:33:27 +02002896 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002897 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002898 goto return_bad_req; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02002899 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002900
Willy Tarreauad14f752011-09-02 20:33:27 +02002901 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002902 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002903 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002904 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002905
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002906 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002907 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002908 goto return_bad_req; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02002909 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002910
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002911 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002912 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002913 }
2914
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002915 /* bodyless requests have a known length */
2916 if (!use_close_only)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002917 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002918
Willy Tarreaud787e662009-07-07 10:14:51 +02002919 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002920 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002921 req->analyse_exp = TICK_ETERNITY;
2922 return 1;
2923
2924 return_bad_req:
2925 /* We centralize bad requests processing here */
2926 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2927 /* we detected a parsing error. We want to archive this request
2928 * in the dedicated proxy area for later troubleshooting.
2929 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002930 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002931 }
2932
2933 txn->req.msg_state = HTTP_MSG_ERROR;
2934 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002935 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002936
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002937 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002938 if (s->listener->counters)
2939 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002940
2941 return_prx_cond:
2942 if (!(s->flags & SN_ERR_MASK))
2943 s->flags |= SN_ERR_PRXCOND;
2944 if (!(s->flags & SN_FINST_MASK))
2945 s->flags |= SN_FINST_R;
2946
2947 req->analysers = 0;
2948 req->analyse_exp = TICK_ETERNITY;
2949 return 0;
2950}
2951
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002952
Willy Tarreau347a35d2013-11-22 17:51:09 +01002953/* This function prepares an applet to handle the stats. It can deal with the
2954 * "100-continue" expectation, check that admin rules are met for POST requests,
2955 * and program a response message if something was unexpected. It cannot fail
2956 * and always relies on the stats applet to complete the job. It does not touch
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002957 * analysers nor counters, which are left to the caller. It does not touch
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002958 * s->target which is supposed to already point to the stats applet. The caller
2959 * is expected to have already assigned an appctx to the session.
Willy Tarreau1facd6d2012-12-22 22:03:39 +01002960 */
2961int http_handle_stats(struct session *s, struct channel *req)
2962{
2963 struct stats_admin_rule *stats_admin_rule;
2964 struct stream_interface *si = s->rep->prod;
2965 struct http_txn *txn = &s->txn;
2966 struct http_msg *msg = &txn->req;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002967 struct uri_auth *uri_auth = s->be->uri_auth;
2968 const char *uri, *h, *lookup;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002969 struct appctx *appctx;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002970
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002971 appctx = si_appctx(si);
2972 memset(&appctx->ctx.stats, 0, sizeof(appctx->ctx.stats));
2973 appctx->st1 = appctx->st2 = 0;
2974 appctx->ctx.stats.st_code = STAT_STATUS_INIT;
2975 appctx->ctx.stats.flags |= STAT_FMT_HTML; /* assume HTML mode by default */
Willy Tarreauaf3cf702014-04-22 22:19:53 +02002976 if ((msg->flags & HTTP_MSGF_VER_11) && (s->txn.meth != HTTP_METH_HEAD))
2977 appctx->ctx.stats.flags |= STAT_CHUNKED;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002978
2979 uri = msg->chn->buf->p + msg->sl.rq.u;
2980 lookup = uri + uri_auth->uri_len;
2981
2982 for (h = lookup; h <= uri + msg->sl.rq.u_l - 3; h++) {
2983 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002984 appctx->ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002985 break;
2986 }
2987 }
2988
2989 if (uri_auth->refresh) {
2990 for (h = lookup; h <= uri + msg->sl.rq.u_l - 10; h++) {
2991 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002992 appctx->ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002993 break;
2994 }
2995 }
2996 }
2997
2998 for (h = lookup; h <= uri + msg->sl.rq.u_l - 4; h++) {
2999 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003000 appctx->ctx.stats.flags &= ~STAT_FMT_HTML;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003001 break;
3002 }
3003 }
3004
3005 for (h = lookup; h <= uri + msg->sl.rq.u_l - 8; h++) {
3006 if (memcmp(h, ";st=", 4) == 0) {
3007 int i;
3008 h += 4;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003009 appctx->ctx.stats.st_code = STAT_STATUS_UNKN;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003010 for (i = STAT_STATUS_INIT + 1; i < STAT_STATUS_SIZE; i++) {
3011 if (strncmp(stat_status_codes[i], h, 4) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003012 appctx->ctx.stats.st_code = i;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003013 break;
3014 }
3015 }
3016 break;
3017 }
3018 }
3019
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003020 appctx->ctx.stats.scope_str = 0;
3021 appctx->ctx.stats.scope_len = 0;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003022 for (h = lookup; h <= uri + msg->sl.rq.u_l - 8; h++) {
3023 if (memcmp(h, STAT_SCOPE_INPUT_NAME "=", strlen(STAT_SCOPE_INPUT_NAME) + 1) == 0) {
3024 int itx = 0;
3025 const char *h2;
3026 char scope_txt[STAT_SCOPE_TXT_MAXLEN + 1];
3027 const char *err;
3028
3029 h += strlen(STAT_SCOPE_INPUT_NAME) + 1;
3030 h2 = h;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003031 appctx->ctx.stats.scope_str = h2 - msg->chn->buf->p;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003032 while (*h != ';' && *h != '\0' && *h != '&' && *h != ' ' && *h != '\n') {
3033 itx++;
3034 h++;
3035 }
3036
3037 if (itx > STAT_SCOPE_TXT_MAXLEN)
3038 itx = STAT_SCOPE_TXT_MAXLEN;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003039 appctx->ctx.stats.scope_len = itx;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003040
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003041 /* scope_txt = search query, appctx->ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003042 memcpy(scope_txt, h2, itx);
3043 scope_txt[itx] = '\0';
3044 err = invalid_char(scope_txt);
3045 if (err) {
3046 /* bad char in search text => clear scope */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003047 appctx->ctx.stats.scope_str = 0;
3048 appctx->ctx.stats.scope_len = 0;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003049 }
3050 break;
3051 }
3052 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003053
3054 /* now check whether we have some admin rules for this request */
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003055 list_for_each_entry(stats_admin_rule, &uri_auth->admin_rules, list) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003056 int ret = 1;
3057
3058 if (stats_admin_rule->cond) {
3059 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
3060 ret = acl_pass(ret);
3061 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3062 ret = !ret;
3063 }
3064
3065 if (ret) {
3066 /* no rule, or the rule matches */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003067 appctx->ctx.stats.flags |= STAT_ADMIN;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003068 break;
3069 }
3070 }
3071
3072 /* Was the status page requested with a POST ? */
Willy Tarreau347a35d2013-11-22 17:51:09 +01003073 if (unlikely(txn->meth == HTTP_METH_POST && txn->req.body_len > 0)) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003074 if (appctx->ctx.stats.flags & STAT_ADMIN) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003075 if (msg->msg_state < HTTP_MSG_100_SENT) {
3076 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3077 * send an HTTP/1.1 100 Continue intermediate response.
3078 */
3079 if (msg->flags & HTTP_MSGF_VER_11) {
3080 struct hdr_ctx ctx;
3081 ctx.idx = 0;
3082 /* Expect is allowed in 1.1, look for it */
3083 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
3084 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3085 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
3086 }
3087 }
3088 msg->msg_state = HTTP_MSG_100_SENT;
3089 s->logs.tv_request = now; /* update the request timer to reflect full request */
3090 }
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003091 appctx->st0 = STAT_HTTP_POST;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003092 }
Willy Tarreau347a35d2013-11-22 17:51:09 +01003093 else {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003094 appctx->ctx.stats.st_code = STAT_STATUS_DENY;
3095 appctx->st0 = STAT_HTTP_LAST;
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003096 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003097 }
Willy Tarreau347a35d2013-11-22 17:51:09 +01003098 else {
3099 /* So it was another method (GET/HEAD) */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003100 appctx->st0 = STAT_HTTP_HEAD;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003101 }
3102
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003103 s->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003104 return 1;
3105}
3106
Lukas Tribus67db8df2013-06-23 17:37:13 +02003107/* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
3108 * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
3109 */
3110static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
3111{
3112#ifdef IP_TOS
3113 if (from.ss_family == AF_INET)
3114 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3115#endif
3116#ifdef IPV6_TCLASS
3117 if (from.ss_family == AF_INET6) {
3118 if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
3119 /* v4-mapped addresses need IP_TOS */
3120 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3121 else
3122 setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
3123 }
3124#endif
3125}
3126
Willy Tarreau20b0de52012-12-24 15:45:22 +01003127/* Executes the http-request rules <rules> for session <s>, proxy <px> and
Willy Tarreau96257ec2012-12-27 10:46:37 +01003128 * transaction <txn>. Returns the first rule that prevents further processing
3129 * of the request (auth, deny, ...) or NULL if it executed all rules or stopped
3130 * on an allow. It may set the TX_CLDENY on txn->flags if it encounters a deny
3131 * rule.
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003132 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003133static struct http_req_rule *
Willy Tarreau96257ec2012-12-27 10:46:37 +01003134http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003135{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003136 struct connection *cli_conn;
Willy Tarreauff011f22011-01-06 17:51:27 +01003137 struct http_req_rule *rule;
Willy Tarreau20b0de52012-12-24 15:45:22 +01003138 struct hdr_ctx ctx;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003139
Willy Tarreauff011f22011-01-06 17:51:27 +01003140 list_for_each_entry(rule, rules, list) {
Willy Tarreauff011f22011-01-06 17:51:27 +01003141 if (rule->action >= HTTP_REQ_ACT_MAX)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003142 continue;
3143
Willy Tarreau96257ec2012-12-27 10:46:37 +01003144 /* check optional condition */
Willy Tarreauff011f22011-01-06 17:51:27 +01003145 if (rule->cond) {
Willy Tarreau96257ec2012-12-27 10:46:37 +01003146 int ret;
3147
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003148 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003149 ret = acl_pass(ret);
3150
Willy Tarreauff011f22011-01-06 17:51:27 +01003151 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003152 ret = !ret;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003153
3154 if (!ret) /* condition not matched */
3155 continue;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003156 }
3157
Willy Tarreau20b0de52012-12-24 15:45:22 +01003158
Willy Tarreau96257ec2012-12-27 10:46:37 +01003159 switch (rule->action) {
3160 case HTTP_REQ_ACT_ALLOW:
3161 return NULL; /* "allow" rules are OK */
3162
3163 case HTTP_REQ_ACT_DENY:
3164 txn->flags |= TX_CLDENY;
3165 return rule;
3166
Willy Tarreauccbcc372012-12-27 12:37:57 +01003167 case HTTP_REQ_ACT_TARPIT:
3168 txn->flags |= TX_CLTARPIT;
3169 return rule;
3170
Willy Tarreau96257ec2012-12-27 10:46:37 +01003171 case HTTP_REQ_ACT_AUTH:
3172 return rule;
3173
Willy Tarreau81499eb2012-12-27 12:19:02 +01003174 case HTTP_REQ_ACT_REDIR:
3175 return rule;
3176
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003177 case HTTP_REQ_ACT_SET_NICE:
3178 s->task->nice = rule->arg.nice;
3179 break;
3180
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003181 case HTTP_REQ_ACT_SET_TOS:
Willy Tarreau3c728722014-01-23 13:50:42 +01003182 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003183 inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003184 break;
3185
Willy Tarreau51347ed2013-06-11 19:34:13 +02003186 case HTTP_REQ_ACT_SET_MARK:
3187#ifdef SO_MARK
Willy Tarreau3c728722014-01-23 13:50:42 +01003188 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003189 setsockopt(cli_conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
Willy Tarreau51347ed2013-06-11 19:34:13 +02003190#endif
3191 break;
3192
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003193 case HTTP_REQ_ACT_SET_LOGL:
3194 s->logs.level = rule->arg.loglevel;
3195 break;
3196
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003197 case HTTP_REQ_ACT_DEL_HDR:
Willy Tarreau96257ec2012-12-27 10:46:37 +01003198 case HTTP_REQ_ACT_SET_HDR:
3199 ctx.idx = 0;
3200 /* remove all occurrences of the header */
3201 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3202 txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
3203 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Willy Tarreau20b0de52012-12-24 15:45:22 +01003204 }
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003205 if (rule->action == HTTP_REQ_ACT_DEL_HDR)
3206 break;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003207 /* now fall through to header addition */
3208
3209 case HTTP_REQ_ACT_ADD_HDR:
3210 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3211 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3212 trash.len = rule->arg.hdr_add.name_len;
3213 trash.str[trash.len++] = ':';
3214 trash.str[trash.len++] = ' ';
3215 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3216 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len);
3217 break;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02003218
3219 case HTTP_REQ_ACT_DEL_ACL:
3220 case HTTP_REQ_ACT_DEL_MAP: {
3221 struct pat_ref *ref;
3222 char *key;
3223 int len;
3224
3225 /* collect reference */
3226 ref = pat_ref_lookup(rule->arg.map.ref);
3227 if (!ref)
3228 continue;
3229
3230 /* collect key */
3231 len = build_logline(s, trash.str, trash.size, &rule->arg.map.key);
3232 key = trash.str;
3233 key[len] = '\0';
3234
3235 /* perform update */
3236 /* returned code: 1=ok, 0=ko */
3237 pat_ref_delete(ref, key);
3238
3239 break;
3240 }
3241
3242 case HTTP_REQ_ACT_ADD_ACL: {
3243 struct pat_ref *ref;
3244 char *key;
3245 struct chunk *trash_key;
3246 int len;
3247
3248 trash_key = get_trash_chunk();
3249
3250 /* collect reference */
3251 ref = pat_ref_lookup(rule->arg.map.ref);
3252 if (!ref)
3253 continue;
3254
3255 /* collect key */
3256 len = build_logline(s, trash_key->str, trash_key->size, &rule->arg.map.key);
3257 key = trash_key->str;
3258 key[len] = '\0';
3259
3260 /* perform update */
3261 /* add entry only if it does not already exist */
3262 if (pat_ref_find_elt(ref, key) == NULL)
3263 pat_ref_add(ref, key, NULL, NULL);
3264
3265 break;
3266 }
3267
3268 case HTTP_REQ_ACT_SET_MAP: {
3269 struct pat_ref *ref;
3270 char *key, *value;
3271 struct chunk *trash_key, *trash_value;
3272 int len;
3273
3274 trash_key = get_trash_chunk();
3275 trash_value = get_trash_chunk();
3276
3277 /* collect reference */
3278 ref = pat_ref_lookup(rule->arg.map.ref);
3279 if (!ref)
3280 continue;
3281
3282 /* collect key */
3283 len = build_logline(s, trash_key->str, trash_key->size, &rule->arg.map.key);
3284 key = trash_key->str;
3285 key[len] = '\0';
3286
3287 /* collect value */
3288 len = build_logline(s, trash_value->str, trash_value->size, &rule->arg.map.value);
3289 value = trash_value->str;
3290 value[len] = '\0';
3291
3292 /* perform update */
3293 if (pat_ref_find_elt(ref, key) != NULL)
3294 /* update entry if it exists */
3295 pat_ref_set(ref, key, value, NULL);
3296 else
3297 /* insert a new entry */
3298 pat_ref_add(ref, key, value, NULL);
3299
3300 break;
3301 }
William Lallemand73025dd2014-04-24 14:38:37 +02003302
3303 case HTTP_REQ_ACT_CUSTOM_CONT:
3304 rule->action_ptr(rule, px, s, txn);
3305 break;
3306
3307 case HTTP_REQ_ACT_CUSTOM_STOP:
3308 rule->action_ptr(rule, px, s, txn);
3309 return rule;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003310 }
3311 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003312
3313 /* we reached the end of the rules, nothing to report */
Willy Tarreau418c1a02012-12-25 20:52:58 +01003314 return NULL;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003315}
3316
Willy Tarreau71241ab2012-12-27 11:30:54 +01003317
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003318/* Executes the http-response rules <rules> for session <s>, proxy <px> and
3319 * transaction <txn>. Returns the first rule that prevents further processing
3320 * of the response (deny, ...) or NULL if it executed all rules or stopped
3321 * on an allow. It may set the TX_SVDENY on txn->flags if it encounters a deny
3322 * rule.
3323 */
3324static struct http_res_rule *
3325http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
3326{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003327 struct connection *cli_conn;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003328 struct http_res_rule *rule;
3329 struct hdr_ctx ctx;
3330
3331 list_for_each_entry(rule, rules, list) {
3332 if (rule->action >= HTTP_RES_ACT_MAX)
3333 continue;
3334
3335 /* check optional condition */
3336 if (rule->cond) {
3337 int ret;
3338
3339 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
3340 ret = acl_pass(ret);
3341
3342 if (rule->cond->pol == ACL_COND_UNLESS)
3343 ret = !ret;
3344
3345 if (!ret) /* condition not matched */
3346 continue;
3347 }
3348
3349
3350 switch (rule->action) {
3351 case HTTP_RES_ACT_ALLOW:
3352 return NULL; /* "allow" rules are OK */
3353
3354 case HTTP_RES_ACT_DENY:
3355 txn->flags |= TX_SVDENY;
3356 return rule;
3357
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003358 case HTTP_RES_ACT_SET_NICE:
3359 s->task->nice = rule->arg.nice;
3360 break;
3361
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003362 case HTTP_RES_ACT_SET_TOS:
Willy Tarreau3c728722014-01-23 13:50:42 +01003363 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003364 inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003365 break;
3366
Willy Tarreau51347ed2013-06-11 19:34:13 +02003367 case HTTP_RES_ACT_SET_MARK:
3368#ifdef SO_MARK
Willy Tarreau3c728722014-01-23 13:50:42 +01003369 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003370 setsockopt(cli_conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
Willy Tarreau51347ed2013-06-11 19:34:13 +02003371#endif
3372 break;
3373
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003374 case HTTP_RES_ACT_SET_LOGL:
3375 s->logs.level = rule->arg.loglevel;
3376 break;
3377
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003378 case HTTP_RES_ACT_DEL_HDR:
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003379 case HTTP_RES_ACT_SET_HDR:
3380 ctx.idx = 0;
3381 /* remove all occurrences of the header */
3382 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3383 txn->rsp.chn->buf->p, &txn->hdr_idx, &ctx)) {
3384 http_remove_header2(&txn->rsp, &txn->hdr_idx, &ctx);
3385 }
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003386 if (rule->action == HTTP_RES_ACT_DEL_HDR)
3387 break;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003388 /* now fall through to header addition */
3389
3390 case HTTP_RES_ACT_ADD_HDR:
3391 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3392 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3393 trash.len = rule->arg.hdr_add.name_len;
3394 trash.str[trash.len++] = ':';
3395 trash.str[trash.len++] = ' ';
3396 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3397 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
3398 break;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02003399
3400 case HTTP_RES_ACT_DEL_ACL:
3401 case HTTP_RES_ACT_DEL_MAP: {
3402 struct pat_ref *ref;
3403 char *key;
3404 int len;
3405
3406 /* collect reference */
3407 ref = pat_ref_lookup(rule->arg.map.ref);
3408 if (!ref)
3409 continue;
3410
3411 /* collect key */
3412 len = build_logline(s, trash.str, trash.size, &rule->arg.map.key);
3413 key = trash.str;
3414 key[len] = '\0';
3415
3416 /* perform update */
3417 /* returned code: 1=ok, 0=ko */
3418 pat_ref_delete(ref, key);
3419
3420 break;
3421 }
3422
3423 case HTTP_RES_ACT_ADD_ACL: {
3424 struct pat_ref *ref;
3425 char *key;
3426 struct chunk *trash_key;
3427 int len;
3428
3429 trash_key = get_trash_chunk();
3430
3431 /* collect reference */
3432 ref = pat_ref_lookup(rule->arg.map.ref);
3433 if (!ref)
3434 continue;
3435
3436 /* collect key */
3437 len = build_logline(s, trash_key->str, trash_key->size, &rule->arg.map.key);
3438 key = trash_key->str;
3439 key[len] = '\0';
3440
3441 /* perform update */
3442 /* check if the entry already exists */
3443 if (pat_ref_find_elt(ref, key) == NULL)
3444 pat_ref_add(ref, key, NULL, NULL);
3445
3446 break;
3447 }
3448
3449 case HTTP_RES_ACT_SET_MAP: {
3450 struct pat_ref *ref;
3451 char *key, *value;
3452 struct chunk *trash_key, *trash_value;
3453 int len;
3454
3455 trash_key = get_trash_chunk();
3456 trash_value = get_trash_chunk();
3457
3458 /* collect reference */
3459 ref = pat_ref_lookup(rule->arg.map.ref);
3460 if (!ref)
3461 continue;
3462
3463 /* collect key */
3464 len = build_logline(s, trash_key->str, trash_key->size, &rule->arg.map.key);
3465 key = trash_key->str;
3466 key[len] = '\0';
3467
3468 /* collect value */
3469 len = build_logline(s, trash_value->str, trash_value->size, &rule->arg.map.value);
3470 value = trash_value->str;
3471 value[len] = '\0';
3472
3473 /* perform update */
3474 if (pat_ref_find_elt(ref, key) != NULL)
3475 /* update entry if it exists */
3476 pat_ref_set(ref, key, value, NULL);
3477 else
3478 /* insert a new entry */
3479 pat_ref_add(ref, key, value, NULL);
3480
3481 break;
3482 }
William Lallemand73025dd2014-04-24 14:38:37 +02003483
3484 case HTTP_RES_ACT_CUSTOM_CONT:
3485 rule->action_ptr(rule, px, s, txn);
3486 break;
3487
3488 case HTTP_RES_ACT_CUSTOM_STOP:
3489 rule->action_ptr(rule, px, s, txn);
3490 return rule;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003491 }
3492 }
3493
3494 /* we reached the end of the rules, nothing to report */
3495 return NULL;
3496}
3497
3498
Willy Tarreau71241ab2012-12-27 11:30:54 +01003499/* Perform an HTTP redirect based on the information in <rule>. The function
3500 * returns non-zero on success, or zero in case of a, irrecoverable error such
3501 * as too large a request to build a valid response.
3502 */
3503static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *s, struct http_txn *txn)
3504{
3505 struct http_msg *msg = &txn->req;
3506 const char *msg_fmt;
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003507 const char *location;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003508
3509 /* build redirect message */
3510 switch(rule->code) {
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04003511 case 308:
3512 msg_fmt = HTTP_308;
3513 break;
3514 case 307:
3515 msg_fmt = HTTP_307;
3516 break;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003517 case 303:
3518 msg_fmt = HTTP_303;
3519 break;
3520 case 301:
3521 msg_fmt = HTTP_301;
3522 break;
3523 case 302:
3524 default:
3525 msg_fmt = HTTP_302;
3526 break;
3527 }
3528
3529 if (unlikely(!chunk_strcpy(&trash, msg_fmt)))
3530 return 0;
3531
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003532 location = trash.str + trash.len;
3533
Willy Tarreau71241ab2012-12-27 11:30:54 +01003534 switch(rule->type) {
3535 case REDIRECT_TYPE_SCHEME: {
3536 const char *path;
3537 const char *host;
3538 struct hdr_ctx ctx;
3539 int pathlen;
3540 int hostlen;
3541
3542 host = "";
3543 hostlen = 0;
3544 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +02003545 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01003546 host = ctx.line + ctx.val;
3547 hostlen = ctx.vlen;
3548 }
3549
3550 path = http_get_path(txn);
3551 /* build message using path */
3552 if (path) {
3553 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3554 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3555 int qs = 0;
3556 while (qs < pathlen) {
3557 if (path[qs] == '?') {
3558 pathlen = qs;
3559 break;
3560 }
3561 qs++;
3562 }
3563 }
3564 } else {
3565 path = "/";
3566 pathlen = 1;
3567 }
3568
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003569 if (rule->rdr_str) { /* this is an old "redirect" rule */
3570 /* check if we can add scheme + "://" + host + path */
3571 if (trash.len + rule->rdr_len + 3 + hostlen + pathlen > trash.size - 4)
3572 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003573
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003574 /* add scheme */
3575 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3576 trash.len += rule->rdr_len;
3577 }
3578 else {
3579 /* add scheme with executing log format */
3580 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
Willy Tarreau71241ab2012-12-27 11:30:54 +01003581
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003582 /* check if we can add scheme + "://" + host + path */
3583 if (trash.len + 3 + hostlen + pathlen > trash.size - 4)
3584 return 0;
3585 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003586 /* add "://" */
3587 memcpy(trash.str + trash.len, "://", 3);
3588 trash.len += 3;
3589
3590 /* add host */
3591 memcpy(trash.str + trash.len, host, hostlen);
3592 trash.len += hostlen;
3593
3594 /* add path */
3595 memcpy(trash.str + trash.len, path, pathlen);
3596 trash.len += pathlen;
3597
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003598 /* append a slash at the end of the location if needed and missing */
Willy Tarreau71241ab2012-12-27 11:30:54 +01003599 if (trash.len && trash.str[trash.len - 1] != '/' &&
3600 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3601 if (trash.len > trash.size - 5)
3602 return 0;
3603 trash.str[trash.len] = '/';
3604 trash.len++;
3605 }
3606
3607 break;
3608 }
3609 case REDIRECT_TYPE_PREFIX: {
3610 const char *path;
3611 int pathlen;
3612
3613 path = http_get_path(txn);
3614 /* build message using path */
3615 if (path) {
3616 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3617 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3618 int qs = 0;
3619 while (qs < pathlen) {
3620 if (path[qs] == '?') {
3621 pathlen = qs;
3622 break;
3623 }
3624 qs++;
3625 }
3626 }
3627 } else {
3628 path = "/";
3629 pathlen = 1;
3630 }
3631
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003632 if (rule->rdr_str) { /* this is an old "redirect" rule */
3633 if (trash.len + rule->rdr_len + pathlen > trash.size - 4)
3634 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003635
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003636 /* add prefix. Note that if prefix == "/", we don't want to
3637 * add anything, otherwise it makes it hard for the user to
3638 * configure a self-redirection.
3639 */
3640 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
3641 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3642 trash.len += rule->rdr_len;
3643 }
3644 }
3645 else {
3646 /* add prefix with executing log format */
3647 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
3648
3649 /* Check length */
3650 if (trash.len + pathlen > trash.size - 4)
3651 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003652 }
3653
3654 /* add path */
3655 memcpy(trash.str + trash.len, path, pathlen);
3656 trash.len += pathlen;
3657
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003658 /* append a slash at the end of the location if needed and missing */
Willy Tarreau71241ab2012-12-27 11:30:54 +01003659 if (trash.len && trash.str[trash.len - 1] != '/' &&
3660 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3661 if (trash.len > trash.size - 5)
3662 return 0;
3663 trash.str[trash.len] = '/';
3664 trash.len++;
3665 }
3666
3667 break;
3668 }
3669 case REDIRECT_TYPE_LOCATION:
3670 default:
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003671 if (rule->rdr_str) { /* this is an old "redirect" rule */
3672 if (trash.len + rule->rdr_len > trash.size - 4)
3673 return 0;
3674
3675 /* add location */
3676 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3677 trash.len += rule->rdr_len;
3678 }
3679 else {
3680 /* add location with executing log format */
3681 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
Willy Tarreau71241ab2012-12-27 11:30:54 +01003682
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003683 /* Check left length */
3684 if (trash.len > trash.size - 4)
3685 return 0;
3686 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003687 break;
3688 }
3689
3690 if (rule->cookie_len) {
3691 memcpy(trash.str + trash.len, "\r\nSet-Cookie: ", 14);
3692 trash.len += 14;
3693 memcpy(trash.str + trash.len, rule->cookie_str, rule->cookie_len);
3694 trash.len += rule->cookie_len;
3695 memcpy(trash.str + trash.len, "\r\n", 2);
3696 trash.len += 2;
3697 }
3698
3699 /* add end of headers and the keep-alive/close status.
3700 * We may choose to set keep-alive if the Location begins
3701 * with a slash, because the client will come back to the
3702 * same server.
3703 */
3704 txn->status = rule->code;
3705 /* let's log the request time */
3706 s->logs.tv_request = now;
3707
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003708 if (*location == '/' &&
Willy Tarreau71241ab2012-12-27 11:30:54 +01003709 (msg->flags & HTTP_MSGF_XFER_LEN) &&
3710 !(msg->flags & HTTP_MSGF_TE_CHNK) && !txn->req.body_len &&
3711 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3712 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3713 /* keep-alive possible */
3714 if (!(msg->flags & HTTP_MSGF_VER_11)) {
3715 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3716 memcpy(trash.str + trash.len, "\r\nProxy-Connection: keep-alive", 30);
3717 trash.len += 30;
3718 } else {
3719 memcpy(trash.str + trash.len, "\r\nConnection: keep-alive", 24);
3720 trash.len += 24;
3721 }
3722 }
3723 memcpy(trash.str + trash.len, "\r\n\r\n", 4);
3724 trash.len += 4;
3725 bo_inject(txn->rsp.chn, trash.str, trash.len);
3726 /* "eat" the request */
3727 bi_fast_delete(txn->req.chn->buf, msg->sov);
Willy Tarreau6d8bac72014-04-25 12:19:32 +02003728 msg->next -= msg->sov;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003729 msg->sov = 0;
3730 txn->req.chn->analysers = AN_REQ_HTTP_XFER_BODY;
3731 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3732 txn->req.msg_state = HTTP_MSG_CLOSED;
3733 txn->rsp.msg_state = HTTP_MSG_DONE;
3734 } else {
3735 /* keep-alive not possible */
3736 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3737 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3738 trash.len += 29;
3739 } else {
3740 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
3741 trash.len += 23;
3742 }
3743 stream_int_retnclose(txn->req.chn->prod, &trash);
3744 txn->req.chn->analysers = 0;
3745 }
3746
3747 if (!(s->flags & SN_ERR_MASK))
Willy Tarreau570f2212013-06-10 16:42:09 +02003748 s->flags |= SN_ERR_LOCAL;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003749 if (!(s->flags & SN_FINST_MASK))
3750 s->flags |= SN_FINST_R;
3751
3752 return 1;
3753}
3754
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003755/* This stream analyser runs all HTTP request processing which is common to
3756 * frontends and backends, which means blocking ACLs, filters, connection-close,
3757 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02003758 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003759 * either needs more data or wants to immediately abort the request (eg: deny,
3760 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02003761 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003762int http_process_req_common(struct session *s, struct channel *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02003763{
Willy Tarreaud787e662009-07-07 10:14:51 +02003764 struct http_txn *txn = &s->txn;
3765 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003766 struct acl_cond *cond;
Willy Tarreauff011f22011-01-06 17:51:27 +01003767 struct http_req_rule *http_req_last_rule = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003768 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01003769 struct cond_wordlist *wl;
Willy Tarreaud787e662009-07-07 10:14:51 +02003770
Willy Tarreau655dce92009-11-08 13:10:58 +01003771 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003772 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003773 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003774 return 0;
3775 }
3776
Willy Tarreau3a816292009-07-07 10:55:49 +02003777 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02003778 req->analyse_exp = TICK_ETERNITY;
3779
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003780 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaud787e662009-07-07 10:14:51 +02003781 now_ms, __FUNCTION__,
3782 s,
3783 req,
3784 req->rex, req->wex,
3785 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003786 req->buf->i,
Willy Tarreaud787e662009-07-07 10:14:51 +02003787 req->analysers);
3788
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003789 /* first check whether we have some ACLs set to block this request */
3790 list_for_each_entry(cond, &px->block_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003791 int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02003792
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003793 ret = acl_pass(ret);
3794 if (cond->pol == ACL_COND_UNLESS)
3795 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01003796
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003797 if (ret) {
3798 txn->status = 403;
3799 /* let's log the request time */
3800 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003801 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003802 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003803 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01003804 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003805 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003806
Willy Tarreau5d5b5d82012-12-09 12:00:04 +01003807 /* just in case we have some per-backend tracking */
3808 session_inc_be_http_req_ctr(s);
3809
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003810 /* evaluate http-request rules */
Willy Tarreau96257ec2012-12-27 10:46:37 +01003811 http_req_last_rule = http_req_get_intercept_rule(px, &px->http_req_rules, s, txn);
Willy Tarreau51425942010-02-01 10:40:19 +01003812
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003813 /* evaluate stats http-request rules only if http-request is OK */
Willy Tarreauff011f22011-01-06 17:51:27 +01003814 if (!http_req_last_rule) {
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003815 if (stats_check_uri(s->rep->prod, txn, px)) {
3816 s->target = &http_stats_applet.obj_type;
Willy Tarreau1fbe1c92013-12-01 09:35:41 +01003817 if (unlikely(!stream_int_register_handler(s->rep->prod, objt_applet(s->target)))) {
3818 txn->status = 500;
3819 s->logs.tv_request = now;
3820 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003821
Willy Tarreau1fbe1c92013-12-01 09:35:41 +01003822 if (!(s->flags & SN_ERR_MASK))
3823 s->flags |= SN_ERR_RESOURCE;
3824 goto return_prx_cond;
3825 }
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003826 /* parse the whole stats request and extract the relevant information */
3827 http_handle_stats(s, req);
Willy Tarreau96257ec2012-12-27 10:46:37 +01003828 http_req_last_rule = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s, txn);
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003829 }
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003830 }
3831
Willy Tarreau3b44e722013-11-16 10:28:23 +01003832 /* only apply req{,i}{rep/deny/tarpit} if the request was not yet
3833 * blocked by an http-request rule.
3834 */
3835 if (!(txn->flags & (TX_CLDENY|TX_CLTARPIT)) && (px->req_exp != NULL)) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003836 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003837 goto return_bad_req;
Willy Tarreau3b44e722013-11-16 10:28:23 +01003838 }
Willy Tarreau06619262006-12-17 08:37:22 +01003839
Willy Tarreau3b44e722013-11-16 10:28:23 +01003840 /* return a 403 if either rule has blocked */
3841 if (txn->flags & (TX_CLDENY|TX_CLTARPIT)) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003842 if (txn->flags & TX_CLDENY) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003843 txn->status = 403;
Willy Tarreau59234e92008-11-30 23:51:27 +01003844 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003845 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003846 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003847 s->fe->fe_counters.denied_req++;
3848 if (s->fe != s->be)
3849 s->be->be_counters.denied_req++;
3850 if (s->listener->counters)
3851 s->listener->counters->denied_req++;
Willy Tarreau59234e92008-11-30 23:51:27 +01003852 goto return_prx_cond;
3853 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003854
3855 /* When a connection is tarpitted, we use the tarpit timeout,
3856 * which may be the same as the connect timeout if unspecified.
3857 * If unset, then set it to zero because we really want it to
3858 * eventually expire. We build the tarpit as an analyser.
3859 */
3860 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003861 channel_erase(s->req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003862 /* wipe the request out so that we can drop the connection early
3863 * if the client closes first.
3864 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003865 channel_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003866 req->analysers = 0; /* remove switching rules etc... */
3867 req->analysers |= AN_REQ_HTTP_TARPIT;
3868 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3869 if (!req->analyse_exp)
3870 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003871 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003872 s->fe->fe_counters.denied_req++;
3873 if (s->fe != s->be)
3874 s->be->be_counters.denied_req++;
3875 if (s->listener->counters)
3876 s->listener->counters->denied_req++;
Willy Tarreauc465fd72009-08-31 00:17:18 +02003877 return 1;
3878 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003879 }
Willy Tarreau06619262006-12-17 08:37:22 +01003880
Willy Tarreau70dffda2014-01-30 03:07:23 +01003881 /* Until set to anything else, the connection mode is set as Keep-Alive. It will
Willy Tarreau5b154472009-12-21 20:11:07 +01003882 * only change if both the request and the config reference something else.
Willy Tarreau70dffda2014-01-30 03:07:23 +01003883 * Option httpclose by itself sets tunnel mode where headers are mangled.
3884 * However, if another mode is set, it will affect it (eg: server-close/
3885 * keep-alive + httpclose = close). Note that we avoid to redo the same work
3886 * if FE and BE have the same settings (common). The method consists in
3887 * checking if options changed between the two calls (implying that either
3888 * one is non-null, or one of them is non-null and we are there for the first
3889 * time.
Willy Tarreau42736642009-10-18 21:04:35 +02003890 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003891
Willy Tarreau416ce612014-01-31 15:45:34 +01003892 if (!(txn->flags & TX_HDR_CONN_PRS) ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003893 ((s->fe->options & PR_O_HTTP_MODE) != (s->be->options & PR_O_HTTP_MODE))) {
Willy Tarreau70dffda2014-01-30 03:07:23 +01003894 int tmp = TX_CON_WANT_KAL;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003895
Willy Tarreau70dffda2014-01-30 03:07:23 +01003896 if (!((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)) {
3897 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN ||
3898 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
3899 tmp = TX_CON_WANT_TUN;
3900
3901 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
3902 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
3903 tmp = TX_CON_WANT_TUN;
3904 }
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003905
3906 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL ||
Willy Tarreau70dffda2014-01-30 03:07:23 +01003907 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL) {
3908 /* option httpclose + server_close => forceclose */
3909 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
3910 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
3911 tmp = TX_CON_WANT_CLO;
3912 else
3913 tmp = TX_CON_WANT_SCL;
3914 }
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003915
3916 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL ||
3917 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL)
Willy Tarreau5b154472009-12-21 20:11:07 +01003918 tmp = TX_CON_WANT_CLO;
3919
Willy Tarreau5b154472009-12-21 20:11:07 +01003920 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3921 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003922
Willy Tarreau416ce612014-01-31 15:45:34 +01003923 if (!(txn->flags & TX_HDR_CONN_PRS) &&
3924 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003925 /* parse the Connection header and possibly clean it */
3926 int to_del = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003927 if ((msg->flags & HTTP_MSGF_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003928 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3929 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003930 to_del |= 2; /* remove "keep-alive" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003931 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003932 to_del |= 1; /* remove "close" */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003933 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003934 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003935
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003936 /* check if client or config asks for explicit close in KAL/SCL */
3937 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3938 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3939 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003940 (!(msg->flags & HTTP_MSGF_VER_11) && !(txn->flags & TX_HDR_CONN_KAL)) || /* no "connection: k-a" in 1.0 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003941 !(msg->flags & HTTP_MSGF_XFER_LEN) || /* no length known => close */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003942 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003943 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3944 }
Willy Tarreau78599912009-10-17 20:12:21 +02003945
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003946 /* we can be blocked here because the request needs to be authenticated,
3947 * either to pass or to access stats.
3948 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003949 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_AUTH) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01003950 char *realm = http_req_last_rule->arg.auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003951
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003952 if (!realm)
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003953 realm = (objt_applet(s->target) == &http_stats_applet) ? STATS_DEFAULT_REALM : px->id;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003954
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003955 chunk_printf(&trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003956 txn->status = 401;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003957 stream_int_retnclose(req->prod, &trash);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003958 /* on 401 we still count one error, because normal browsing
3959 * won't significantly increase the counter but brute force
3960 * attempts will.
3961 */
3962 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003963 goto return_prx_cond;
3964 }
3965
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003966 /* add request headers from the rule sets in the same order */
3967 list_for_each_entry(wl, &px->req_add, list) {
3968 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003969 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003970 ret = acl_pass(ret);
3971 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3972 ret = !ret;
3973 if (!ret)
3974 continue;
3975 }
3976
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003977 if (unlikely(http_header_add_tail(&txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003978 goto return_bad_req;
Willy Tarreau81499eb2012-12-27 12:19:02 +01003979 }
3980
3981 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_REDIR) {
3982 if (!http_apply_redirect_rule(http_req_last_rule->arg.redir, s, txn))
3983 goto return_bad_req;
3984 req->analyse_exp = TICK_ETERNITY;
3985 return 1;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003986 }
3987
William Lallemand73025dd2014-04-24 14:38:37 +02003988 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_CUSTOM_STOP) {
3989 req->analyse_exp = TICK_ETERNITY;
3990 return 1;
3991 }
3992
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003993 if (unlikely(objt_applet(s->target) == &http_stats_applet)) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003994 /* process the stats request now */
Willy Tarreau347a35d2013-11-22 17:51:09 +01003995 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3996 s->fe->fe_counters.intercepted_req++;
3997
3998 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
3999 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
4000 if (!(s->flags & SN_FINST_MASK))
4001 s->flags |= SN_FINST_R;
4002
4003 req->analyse_exp = TICK_ETERNITY;
Willy Tarreau70730dd2014-04-24 18:06:27 +02004004
4005 /* we may want to compress the stats page */
4006 if (s->fe->comp || s->be->comp)
4007 select_compression_request_header(s, req->buf);
4008
4009 /* enable the minimally required analyzers to handle keep-alive and compression on the HTTP response */
4010 req->analysers = AN_REQ_HTTP_XFER_BODY | AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE | AN_RES_HTTP_XFER_BODY;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01004011 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004012 }
Willy Tarreaub2513902006-12-17 14:52:38 +01004013
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004014 /* check whether we have some ACLs set to redirect this request */
4015 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01004016 if (rule->cond) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01004017 int ret;
4018
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02004019 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf285f542010-01-03 20:03:03 +01004020 ret = acl_pass(ret);
4021 if (rule->cond->pol == ACL_COND_UNLESS)
4022 ret = !ret;
Willy Tarreau71241ab2012-12-27 11:30:54 +01004023 if (!ret)
4024 continue;
Willy Tarreauf285f542010-01-03 20:03:03 +01004025 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01004026 if (!http_apply_redirect_rule(rule, s, txn))
4027 goto return_bad_req;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01004028
Willy Tarreau71241ab2012-12-27 11:30:54 +01004029 req->analyse_exp = TICK_ETERNITY;
4030 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004031 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02004032
Willy Tarreau2be39392010-01-03 17:24:51 +01004033 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
4034 * If this happens, then the data will not come immediately, so we must
4035 * send all what we have without waiting. Note that due to the small gain
4036 * in waiting for the body of the request, it's easier to simply put the
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004037 * CF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
Willy Tarreau2be39392010-01-03 17:24:51 +01004038 * itself once used.
4039 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004040 req->flags |= CF_SEND_DONTWAIT;
Willy Tarreau2be39392010-01-03 17:24:51 +01004041
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004042 /* that's OK for us now, let's move on to next analysers */
4043 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02004044
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004045 return_bad_req:
4046 /* We centralize bad requests processing here */
4047 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
4048 /* we detected a parsing error. We want to archive this request
4049 * in the dedicated proxy area for later troubleshooting.
4050 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004051 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004052 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02004053
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004054 txn->req.msg_state = HTTP_MSG_ERROR;
4055 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004056 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004057
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004058 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004059 if (s->listener->counters)
4060 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02004061
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004062 return_prx_cond:
4063 if (!(s->flags & SN_ERR_MASK))
4064 s->flags |= SN_ERR_PRXCOND;
4065 if (!(s->flags & SN_FINST_MASK))
4066 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01004067
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004068 req->analysers = 0;
4069 req->analyse_exp = TICK_ETERNITY;
4070 return 0;
4071}
Willy Tarreau58f10d72006-12-04 02:26:12 +01004072
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004073/* This function performs all the processing enabled for the current request.
4074 * It returns 1 if the processing can continue on next analysers, or zero if it
4075 * needs more data, encounters an error, or wants to immediately abort the
4076 * request. It relies on buffers flags, and updates s->req->analysers.
4077 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004078int http_process_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004079{
4080 struct http_txn *txn = &s->txn;
4081 struct http_msg *msg = &txn->req;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004082 struct connection *cli_conn = objt_conn(req->prod->end);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004083
Willy Tarreau655dce92009-11-08 13:10:58 +01004084 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02004085 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004086 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02004087 return 0;
4088 }
4089
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01004090 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004091 now_ms, __FUNCTION__,
4092 s,
4093 req,
4094 req->rex, req->wex,
4095 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02004096 req->buf->i,
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004097 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01004098
William Lallemand82fe75c2012-10-23 10:25:10 +02004099 if (s->fe->comp || s->be->comp)
4100 select_compression_request_header(s, req->buf);
4101
Willy Tarreau59234e92008-11-30 23:51:27 +01004102 /*
4103 * Right now, we know that we have processed the entire headers
4104 * and that unwanted requests have been filtered out. We can do
4105 * whatever we want with the remaining request. Also, now we
4106 * may have separate values for ->fe, ->be.
4107 */
Willy Tarreau06619262006-12-17 08:37:22 +01004108
Willy Tarreau59234e92008-11-30 23:51:27 +01004109 /*
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004110 * If HTTP PROXY is set we simply get remote server address parsing
4111 * incoming request. Note that this requires that a connection is
4112 * allocated on the server side.
Willy Tarreau59234e92008-11-30 23:51:27 +01004113 */
4114 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02004115 struct connection *conn;
Willy Tarreaue8df1e12013-12-16 14:30:55 +01004116 char *path;
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02004117
Willy Tarreau9471b8c2013-12-15 13:31:35 +01004118 /* Note that for now we don't reuse existing proxy connections */
4119 if (unlikely((conn = si_alloc_conn(req->cons, 0)) == NULL)) {
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02004120 txn->req.msg_state = HTTP_MSG_ERROR;
4121 txn->status = 500;
4122 req->analysers = 0;
4123 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
4124
4125 if (!(s->flags & SN_ERR_MASK))
4126 s->flags |= SN_ERR_RESOURCE;
4127 if (!(s->flags & SN_FINST_MASK))
4128 s->flags |= SN_FINST_R;
4129
4130 return 0;
4131 }
Willy Tarreaue8df1e12013-12-16 14:30:55 +01004132
4133 path = http_get_path(txn);
4134 url2sa(req->buf->p + msg->sl.rq.u,
4135 path ? path - (req->buf->p + msg->sl.rq.u) : msg->sl.rq.u_l,
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01004136 &conn->addr.to, NULL);
Willy Tarreaue8df1e12013-12-16 14:30:55 +01004137 /* if the path was found, we have to remove everything between
4138 * req->buf->p + msg->sl.rq.u and path (excluded). If it was not
4139 * found, we need to replace from req->buf->p + msg->sl.rq.u for
4140 * u_l characters by a single "/".
4141 */
4142 if (path) {
4143 char *cur_ptr = req->buf->p;
4144 char *cur_end = cur_ptr + txn->req.sl.rq.l;
4145 int delta;
4146
4147 delta = buffer_replace2(req->buf, req->buf->p + msg->sl.rq.u, path, NULL, 0);
4148 http_msg_move_end(&txn->req, delta);
4149 cur_end += delta;
4150 if (http_parse_reqline(&txn->req, HTTP_MSG_RQMETH, cur_ptr, cur_end + 1, NULL, NULL) == NULL)
4151 goto return_bad_req;
4152 }
4153 else {
4154 char *cur_ptr = req->buf->p;
4155 char *cur_end = cur_ptr + txn->req.sl.rq.l;
4156 int delta;
4157
4158 delta = buffer_replace2(req->buf, req->buf->p + msg->sl.rq.u,
4159 req->buf->p + msg->sl.rq.u + msg->sl.rq.u_l, "/", 1);
4160 http_msg_move_end(&txn->req, delta);
4161 cur_end += delta;
4162 if (http_parse_reqline(&txn->req, HTTP_MSG_RQMETH, cur_ptr, cur_end + 1, NULL, NULL) == NULL)
4163 goto return_bad_req;
4164 }
Willy Tarreau59234e92008-11-30 23:51:27 +01004165 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004166
Willy Tarreau59234e92008-11-30 23:51:27 +01004167 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01004168 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01004169 * Note that doing so might move headers in the request, but
4170 * the fields will stay coherent and the URI will not move.
4171 * This should only be performed in the backend.
4172 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02004173 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01004174 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
4175 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02004176
Willy Tarreau59234e92008-11-30 23:51:27 +01004177 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01004178 * 8: the appsession cookie was looked up very early in 1.2,
4179 * so let's do the same now.
4180 */
4181
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004182 /* It needs to look into the URI unless persistence must be ignored */
4183 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02004184 get_srv_from_appsession(s, req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01004185 }
4186
William Lallemanda73203e2012-03-12 12:48:57 +01004187 /* add unique-id if "header-unique-id" is specified */
4188
William Lallemand5b7ea3a2013-08-28 15:44:19 +02004189 if (!LIST_ISEMPTY(&s->fe->format_unique_id)) {
4190 if ((s->unique_id = pool_alloc2(pool2_uniqueid)) == NULL)
4191 goto return_bad_req;
4192 s->unique_id[0] = '\0';
William Lallemanda73203e2012-03-12 12:48:57 +01004193 build_logline(s, s->unique_id, UNIQUEID_LEN, &s->fe->format_unique_id);
William Lallemand5b7ea3a2013-08-28 15:44:19 +02004194 }
William Lallemanda73203e2012-03-12 12:48:57 +01004195
4196 if (s->fe->header_unique_id && s->unique_id) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004197 chunk_printf(&trash, "%s: %s", s->fe->header_unique_id, s->unique_id);
4198 if (trash.len < 0)
William Lallemanda73203e2012-03-12 12:48:57 +01004199 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004200 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len) < 0))
William Lallemanda73203e2012-03-12 12:48:57 +01004201 goto return_bad_req;
4202 }
4203
Cyril Bontéb21570a2009-11-29 20:04:48 +01004204 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01004205 * 9: add X-Forwarded-For if either the frontend or the backend
4206 * asks for it.
4207 */
4208 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02004209 struct hdr_ctx ctx = { .idx = 0 };
Willy Tarreau87cf5142011-08-19 22:57:24 +02004210 if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
Cyril Bontéa32d2752012-05-29 23:27:41 +02004211 http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
4212 s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
Willy Tarreau9b28e032012-10-12 23:49:43 +02004213 req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02004214 /* The header is set to be added only if none is present
4215 * and we found it, so don't do anything.
4216 */
4217 }
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004218 else if (cli_conn && cli_conn->addr.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01004219 /* Add an X-Forwarded-For header unless the source IP is
4220 * in the 'except' network range.
4221 */
4222 if ((!s->fe->except_mask.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004223 (((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01004224 != s->fe->except_net.s_addr) &&
4225 (!s->be->except_mask.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004226 (((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01004227 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01004228 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01004229 unsigned char *pn;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004230 pn = (unsigned char *)&((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02004231
4232 /* Note: we rely on the backend to get the header name to be used for
4233 * x-forwarded-for, because the header is really meant for the backends.
4234 * However, if the backend did not specify any option, we have to rely
4235 * on the frontend's header name.
4236 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004237 if (s->be->fwdfor_hdr_len) {
4238 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004239 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02004240 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01004241 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004242 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004243 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004244 len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01004245
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004246 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01004247 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01004248 }
4249 }
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004250 else if (cli_conn && cli_conn->addr.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01004251 /* FIXME: for the sake of completeness, we should also support
4252 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004253 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004254 int len;
4255 char pn[INET6_ADDRSTRLEN];
4256 inet_ntop(AF_INET6,
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004257 (const void *)&((struct sockaddr_in6 *)(&cli_conn->addr.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01004258 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004259
Willy Tarreau59234e92008-11-30 23:51:27 +01004260 /* Note: we rely on the backend to get the header name to be used for
4261 * x-forwarded-for, because the header is really meant for the backends.
4262 * However, if the backend did not specify any option, we have to rely
4263 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004264 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004265 if (s->be->fwdfor_hdr_len) {
4266 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004267 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Willy Tarreau59234e92008-11-30 23:51:27 +01004268 } else {
4269 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004270 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004271 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004272 len += snprintf(trash.str + len, trash.size - len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02004273
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004274 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01004275 goto return_bad_req;
4276 }
4277 }
4278
4279 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02004280 * 10: add X-Original-To if either the frontend or the backend
4281 * asks for it.
4282 */
4283 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
4284
4285 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004286 if (cli_conn && cli_conn->addr.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004287 /* Add an X-Original-To header unless the destination IP is
4288 * in the 'except' network range.
4289 */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004290 conn_get_to_addr(cli_conn);
Maik Broemme2850cb42009-04-17 18:53:21 +02004291
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004292 if (cli_conn->addr.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02004293 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004294 (((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004295 != s->fe->except_to.s_addr) &&
4296 (!s->be->except_mask_to.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004297 (((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004298 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004299 int len;
4300 unsigned char *pn;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004301 pn = (unsigned char *)&((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02004302
4303 /* Note: we rely on the backend to get the header name to be used for
4304 * x-original-to, because the header is really meant for the backends.
4305 * However, if the backend did not specify any option, we have to rely
4306 * on the frontend's header name.
4307 */
4308 if (s->be->orgto_hdr_len) {
4309 len = s->be->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004310 memcpy(trash.str, s->be->orgto_hdr_name, len);
Maik Broemme2850cb42009-04-17 18:53:21 +02004311 } else {
4312 len = s->fe->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004313 memcpy(trash.str, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004314 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004315 len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Maik Broemme2850cb42009-04-17 18:53:21 +02004316
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004317 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02004318 goto return_bad_req;
4319 }
4320 }
4321 }
4322
Willy Tarreau50fc7772012-11-11 22:19:57 +01004323 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set.
4324 * If an "Upgrade" token is found, the header is left untouched in order not to have
4325 * to deal with some servers bugs : some of them fail an Upgrade if anything but
4326 * "Upgrade" is present in the Connection header.
4327 */
4328 if (!(txn->flags & TX_HDR_CONN_UPG) &&
4329 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004330 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
4331 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004332 unsigned int want_flags = 0;
4333
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004334 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02004335 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004336 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
4337 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)) &&
Willy Tarreau22a95342010-09-29 14:31:41 +02004338 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004339 want_flags |= TX_CON_CLO_SET;
4340 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02004341 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004342 ((s->fe->options & PR_O_HTTP_MODE) != PR_O_HTTP_PCL &&
4343 (s->be->options & PR_O_HTTP_MODE) != PR_O_HTTP_PCL)) ||
Willy Tarreau22a95342010-09-29 14:31:41 +02004344 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004345 want_flags |= TX_CON_KAL_SET;
4346 }
4347
4348 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004349 http_change_connection_header(txn, msg, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01004350 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004351
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004352
Willy Tarreau522d6c02009-12-06 18:49:18 +01004353 /* If we have no server assigned yet and we're balancing on url_param
4354 * with a POST request, we may be interested in checking the body for
4355 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01004356 */
4357 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
4358 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004359 (msg->flags & (HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK))) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004360 channel_dont_connect(req);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004361 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01004362 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004363
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004364 if (msg->flags & HTTP_MSGF_XFER_LEN) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004365 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau5e205522011-12-17 16:34:27 +01004366#ifdef TCP_QUICKACK
4367 /* We expect some data from the client. Unless we know for sure
4368 * we already have a full request, we have to re-enable quick-ack
4369 * in case we previously disabled it, otherwise we might cause
4370 * the client to delay further data.
4371 */
4372 if ((s->listener->options & LI_O_NOQUICKACK) &&
Willy Tarreau3c728722014-01-23 13:50:42 +01004373 cli_conn && conn_ctrl_ready(cli_conn) &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004374 ((msg->flags & HTTP_MSGF_TE_CHNK) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004375 (msg->body_len > req->buf->i - txn->req.eoh - 2)))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004376 setsockopt(cli_conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01004377#endif
4378 }
Willy Tarreau03945942009-12-22 16:50:27 +01004379
Willy Tarreau59234e92008-11-30 23:51:27 +01004380 /*************************************************************
4381 * OK, that's finished for the headers. We have done what we *
4382 * could. Let's switch to the DATA state. *
4383 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01004384 req->analyse_exp = TICK_ETERNITY;
4385 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004386
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004387 /* if the server closes the connection, we want to immediately react
4388 * and close the socket to save packets and syscalls.
4389 */
Willy Tarreau40f151a2012-12-20 12:10:09 +01004390 if (!(req->analysers & AN_REQ_HTTP_XFER_BODY))
4391 req->cons->flags |= SI_FL_NOHALF;
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004392
Willy Tarreau59234e92008-11-30 23:51:27 +01004393 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01004394 /* OK let's go on with the BODY now */
4395 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01004396
Willy Tarreau59234e92008-11-30 23:51:27 +01004397 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02004398 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01004399 /* we detected a parsing error. We want to archive this request
4400 * in the dedicated proxy area for later troubleshooting.
4401 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004402 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01004403 }
Willy Tarreau4076a152009-04-02 15:18:36 +02004404
Willy Tarreau59234e92008-11-30 23:51:27 +01004405 txn->req.msg_state = HTTP_MSG_ERROR;
4406 txn->status = 400;
4407 req->analysers = 0;
Willy Tarreau783f2582012-09-04 12:19:04 +02004408 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004409
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004410 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004411 if (s->listener->counters)
4412 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004413
Willy Tarreau59234e92008-11-30 23:51:27 +01004414 if (!(s->flags & SN_ERR_MASK))
4415 s->flags |= SN_ERR_PRXCOND;
4416 if (!(s->flags & SN_FINST_MASK))
4417 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02004418 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004419}
Willy Tarreauadfb8562008-08-11 15:24:42 +02004420
Willy Tarreau60b85b02008-11-30 23:28:40 +01004421/* This function is an analyser which processes the HTTP tarpit. It always
4422 * returns zero, at the beginning because it prevents any other processing
4423 * from occurring, and at the end because it terminates the request.
4424 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004425int http_process_tarpit(struct session *s, struct channel *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01004426{
4427 struct http_txn *txn = &s->txn;
4428
4429 /* This connection is being tarpitted. The CLIENT side has
4430 * already set the connect expiration date to the right
4431 * timeout. We just have to check that the client is still
4432 * there and that the timeout has not expired.
4433 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004434 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004435 if ((req->flags & (CF_SHUTR|CF_READ_ERROR)) == 0 &&
Willy Tarreau60b85b02008-11-30 23:28:40 +01004436 !tick_is_expired(req->analyse_exp, now_ms))
4437 return 0;
4438
4439 /* We will set the queue timer to the time spent, just for
4440 * logging purposes. We fake a 500 server error, so that the
4441 * attacker will not suspect his connection has been tarpitted.
4442 * It will not cause trouble to the logs because we can exclude
4443 * the tarpitted connections by filtering on the 'PT' status flags.
4444 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01004445 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
4446
4447 txn->status = 500;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004448 if (!(req->flags & CF_READ_ERROR))
Willy Tarreau783f2582012-09-04 12:19:04 +02004449 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau60b85b02008-11-30 23:28:40 +01004450
4451 req->analysers = 0;
4452 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004453
Willy Tarreau60b85b02008-11-30 23:28:40 +01004454 if (!(s->flags & SN_ERR_MASK))
4455 s->flags |= SN_ERR_PRXCOND;
4456 if (!(s->flags & SN_FINST_MASK))
4457 s->flags |= SN_FINST_T;
4458 return 0;
4459}
4460
Willy Tarreau5a8f9472014-04-10 11:16:06 +02004461/* This function is an analyser which waits for the HTTP request body. It waits
4462 * for either the buffer to be full, or the full advertised contents to have
4463 * reached the buffer. It must only be called after the standard HTTP request
4464 * processing has occurred, because it expects the request to be parsed and will
4465 * look for the Expect header. It may send a 100-Continue interim response. It
4466 * takes in input any state starting from HTTP_MSG_BODY and leaves with one of
4467 * HTTP_MSG_CHK_SIZE, HTTP_MSG_DATA or HTTP_MSG_TRAILERS. It returns zero if it
4468 * needs to read more data, or 1 once it has completed its analysis.
Willy Tarreaud34af782008-11-30 23:36:37 +01004469 */
Willy Tarreau5a8f9472014-04-10 11:16:06 +02004470int http_wait_for_request_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01004471{
Willy Tarreau522d6c02009-12-06 18:49:18 +01004472 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01004473 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01004474
4475 /* We have to parse the HTTP request body to find any required data.
4476 * "balance url_param check_post" should have been the only way to get
4477 * into this. We were brought here after HTTP header analysis, so all
4478 * related structures are ready.
4479 */
4480
Willy Tarreau890988f2014-04-10 11:59:33 +02004481 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
4482 /* This is the first call */
4483 if (msg->msg_state < HTTP_MSG_BODY)
4484 goto missing_data;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004485
Willy Tarreau890988f2014-04-10 11:59:33 +02004486 if (msg->msg_state < HTTP_MSG_100_SENT) {
4487 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
4488 * send an HTTP/1.1 100 Continue intermediate response.
4489 */
4490 if (msg->flags & HTTP_MSGF_VER_11) {
4491 struct hdr_ctx ctx;
4492 ctx.idx = 0;
4493 /* Expect is allowed in 1.1, look for it */
4494 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
4495 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
4496 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
4497 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004498 }
Willy Tarreau890988f2014-04-10 11:59:33 +02004499 msg->msg_state = HTTP_MSG_100_SENT;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004500 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004501
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004502 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau877e78d2013-04-07 18:48:08 +02004503 * req->buf->p still points to the beginning of the message. We
4504 * must save the body in msg->next because it survives buffer
4505 * re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004506 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004507 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004508
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004509 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau522d6c02009-12-06 18:49:18 +01004510 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4511 else
4512 msg->msg_state = HTTP_MSG_DATA;
4513 }
4514
Willy Tarreau890988f2014-04-10 11:59:33 +02004515 if (!(msg->flags & HTTP_MSGF_TE_CHNK)) {
4516 /* We're in content-length mode, we just have to wait for enough data. */
4517 if (req->buf->i - msg->sov < msg->body_len)
4518 goto missing_data;
4519
4520 /* OK we have everything we need now */
4521 goto http_end;
4522 }
4523
4524 /* OK here we're parsing a chunked-encoded message */
4525
Willy Tarreau522d6c02009-12-06 18:49:18 +01004526 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004527 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004528 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004529 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01004530 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004531 int ret = http_parse_chunk_size(msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01004532
Willy Tarreau115acb92009-12-26 13:56:06 +01004533 if (!ret)
4534 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004535 else if (ret < 0) {
4536 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004537 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004538 }
Willy Tarreaud34af782008-11-30 23:36:37 +01004539 }
4540
Willy Tarreaud98cf932009-12-27 22:54:55 +01004541 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004542 * We have the first data byte is in msg->sov. We're waiting for at
Willy Tarreau226071e2014-04-10 11:55:45 +02004543 * least a whole chunk or the whole content length bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01004544 */
Willy Tarreau890988f2014-04-10 11:59:33 +02004545 if (msg->msg_state == HTTP_MSG_TRAILERS)
4546 goto http_end;
4547
Willy Tarreau226071e2014-04-10 11:55:45 +02004548 if (req->buf->i - msg->sov >= msg->body_len) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004549 goto http_end;
4550
4551 missing_data:
Willy Tarreau31a19952014-04-10 11:50:37 +02004552 /* we get here if we need to wait for more data. If the buffer is full,
4553 * we have the maximum we can expect.
4554 */
4555 if (buffer_full(req->buf, global.tune.maxrewrite))
4556 goto http_end;
Willy Tarreau115acb92009-12-26 13:56:06 +01004557
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004558 if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004559 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02004560 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02004561
4562 if (!(s->flags & SN_ERR_MASK))
4563 s->flags |= SN_ERR_CLITO;
4564 if (!(s->flags & SN_FINST_MASK))
4565 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004566 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01004567 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004568
4569 /* we get here if we need to wait for more data */
Willy Tarreau31a19952014-04-10 11:50:37 +02004570 if (!(req->flags & (CF_SHUTR | CF_READ_ERROR))) {
Willy Tarreaud34af782008-11-30 23:36:37 +01004571 /* Not enough data. We'll re-use the http-request
4572 * timeout here. Ideally, we should set the timeout
4573 * relative to the accept() date. We just set the
4574 * request timeout once at the beginning of the
4575 * request.
4576 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004577 channel_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01004578 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02004579 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01004580 return 0;
4581 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004582
4583 http_end:
4584 /* The situation will not evolve, so let's give up on the analysis. */
4585 s->logs.tv_request = now; /* update the request timer to reflect full request */
4586 req->analysers &= ~an_bit;
4587 req->analyse_exp = TICK_ETERNITY;
4588 return 1;
4589
4590 return_bad_req: /* let's centralize all bad requests */
4591 txn->req.msg_state = HTTP_MSG_ERROR;
4592 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004593 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau522d6c02009-12-06 18:49:18 +01004594
Willy Tarreau79ebac62010-06-07 13:47:49 +02004595 if (!(s->flags & SN_ERR_MASK))
4596 s->flags |= SN_ERR_PRXCOND;
4597 if (!(s->flags & SN_FINST_MASK))
4598 s->flags |= SN_FINST_R;
4599
Willy Tarreau522d6c02009-12-06 18:49:18 +01004600 return_err_msg:
4601 req->analysers = 0;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004602 s->fe->fe_counters.failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004603 if (s->listener->counters)
4604 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004605 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01004606}
4607
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004608/* send a server's name with an outgoing request over an established connection.
4609 * Note: this function is designed to be called once the request has been scheduled
4610 * for being forwarded. This is the reason why it rewinds the buffer before
4611 * proceeding.
4612 */
Willy Tarreau45c0d982012-03-09 12:11:57 +01004613int http_send_name_header(struct http_txn *txn, struct proxy* be, const char* srv_name) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004614
4615 struct hdr_ctx ctx;
4616
Mark Lamourinec2247f02012-01-04 13:02:01 -05004617 char *hdr_name = be->server_id_hdr_name;
4618 int hdr_name_len = be->server_id_hdr_len;
Willy Tarreau394db372012-10-12 22:40:39 +02004619 struct channel *chn = txn->req.chn;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004620 char *hdr_val;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004621 unsigned int old_o, old_i;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004622
William Lallemandd9e90662012-01-30 17:27:17 +01004623 ctx.idx = 0;
4624
Willy Tarreau211cdec2014-04-17 20:18:08 +02004625 old_o = http_hdr_rewind(&txn->req);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004626 if (old_o) {
4627 /* The request was already skipped, let's restore it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004628 b_rew(chn->buf, old_o);
Willy Tarreau877e78d2013-04-07 18:48:08 +02004629 txn->req.next += old_o;
4630 txn->req.sov += old_o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004631 }
4632
Willy Tarreau9b28e032012-10-12 23:49:43 +02004633 old_i = chn->buf->i;
4634 while (http_find_header2(hdr_name, hdr_name_len, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004635 /* remove any existing values from the header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004636 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004637 }
4638
4639 /* Add the new header requested with the server value */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004640 hdr_val = trash.str;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004641 memcpy(hdr_val, hdr_name, hdr_name_len);
4642 hdr_val += hdr_name_len;
4643 *hdr_val++ = ':';
4644 *hdr_val++ = ' ';
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004645 hdr_val += strlcpy2(hdr_val, srv_name, trash.str + trash.size - hdr_val);
4646 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, hdr_val - trash.str);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004647
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004648 if (old_o) {
4649 /* If this was a forwarded request, we must readjust the amount of
4650 * data to be forwarded in order to take into account the size
Willy Tarreau877e78d2013-04-07 18:48:08 +02004651 * variations. Note that the current state is >= HTTP_MSG_BODY,
4652 * so we don't have to adjust ->sol.
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004653 */
Willy Tarreau877e78d2013-04-07 18:48:08 +02004654 old_o += chn->buf->i - old_i;
4655 b_adv(chn->buf, old_o);
4656 txn->req.next -= old_o;
4657 txn->req.sov -= old_o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004658 }
4659
Mark Lamourinec2247f02012-01-04 13:02:01 -05004660 return 0;
4661}
4662
Willy Tarreau610ecce2010-01-04 21:15:02 +01004663/* Terminate current transaction and prepare a new one. This is very tricky
4664 * right now but it works.
4665 */
4666void http_end_txn_clean_session(struct session *s)
4667{
Willy Tarreau068621e2013-12-23 15:11:25 +01004668 int prev_status = s->txn.status;
4669
Willy Tarreau610ecce2010-01-04 21:15:02 +01004670 /* FIXME: We need a more portable way of releasing a backend's and a
4671 * server's connections. We need a safer way to reinitialize buffer
4672 * flags. We also need a more accurate method for computing per-request
4673 * data.
4674 */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004675
Willy Tarreau4213a112013-12-15 10:25:42 +01004676 /* unless we're doing keep-alive, we want to quickly close the connection
4677 * to the server.
4678 */
4679 if (((s->txn.flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) ||
4680 !si_conn_ready(s->req->cons)) {
4681 s->req->cons->flags |= SI_FL_NOLINGER | SI_FL_NOHALF;
4682 si_shutr(s->req->cons);
4683 si_shutw(s->req->cons);
4684 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004685
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004686 if (s->flags & SN_BE_ASSIGNED) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004687 s->be->beconn--;
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004688 if (unlikely(s->srv_conn))
4689 sess_change_server(s, NULL);
4690 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004691
4692 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
4693 session_process_counters(s);
Willy Tarreauf3338342014-01-28 21:40:28 +01004694 session_stop_content_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004695
4696 if (s->txn.status) {
4697 int n;
4698
4699 n = s->txn.status / 100;
4700 if (n < 1 || n > 5)
4701 n = 0;
4702
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004703 if (s->fe->mode == PR_MODE_HTTP) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004704 s->fe->fe_counters.p.http.rsp[n]++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004705 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004706 s->fe->fe_counters.p.http.comp_rsp++;
4707 }
Willy Tarreau24657792010-02-26 10:30:28 +01004708 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004709 (s->be->mode == PR_MODE_HTTP)) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004710 s->be->be_counters.p.http.rsp[n]++;
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004711 s->be->be_counters.p.http.cum_req++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004712 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004713 s->be->be_counters.p.http.comp_rsp++;
4714 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004715 }
4716
4717 /* don't count other requests' data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004718 s->logs.bytes_in -= s->req->buf->i;
4719 s->logs.bytes_out -= s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004720
4721 /* let's do a final log if we need it */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01004722 if (!LIST_ISEMPTY(&s->fe->logformat) && s->logs.logwait &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004723 !(s->flags & SN_MONITOR) &&
4724 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
4725 s->do_log(s);
4726 }
4727
4728 s->logs.accept_date = date; /* user-visible date for logging */
4729 s->logs.tv_accept = now; /* corrected date for internal use */
4730 tv_zero(&s->logs.tv_request);
4731 s->logs.t_queue = -1;
4732 s->logs.t_connect = -1;
4733 s->logs.t_data = -1;
4734 s->logs.t_close = 0;
4735 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
4736 s->logs.srv_queue_size = 0; /* we will get this number soon */
4737
Willy Tarreau9b28e032012-10-12 23:49:43 +02004738 s->logs.bytes_in = s->req->total = s->req->buf->i;
4739 s->logs.bytes_out = s->rep->total = s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004740
4741 if (s->pend_pos)
4742 pendconn_free(s->pend_pos);
4743
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004744 if (objt_server(s->target)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004745 if (s->flags & SN_CURR_SESS) {
4746 s->flags &= ~SN_CURR_SESS;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004747 objt_server(s->target)->cur_sess--;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004748 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004749 if (may_dequeue_tasks(objt_server(s->target), s->be))
4750 process_srv_queue(objt_server(s->target));
Willy Tarreau610ecce2010-01-04 21:15:02 +01004751 }
4752
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004753 s->target = NULL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004754
Willy Tarreau4213a112013-12-15 10:25:42 +01004755 /* only release our endpoint if we don't intend to reuse the
4756 * connection.
4757 */
4758 if (((s->txn.flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) ||
4759 !si_conn_ready(s->req->cons)) {
4760 si_release_endpoint(s->req->cons);
4761 }
4762
Willy Tarreau610ecce2010-01-04 21:15:02 +01004763 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004764 s->req->cons->err_type = SI_ET_NONE;
Willy Tarreau0b3a4112011-03-27 19:16:56 +02004765 s->req->cons->conn_retries = 0; /* used for logging too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004766 s->req->cons->exp = TICK_ETERNITY;
Willy Tarreauc9200962013-12-31 23:03:09 +01004767 s->req->cons->flags &= SI_FL_DONT_WAKE; /* we're in the context of process_session */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004768 s->req->flags &= ~(CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CONNECT|CF_WRITE_ERROR|CF_STREAMER|CF_STREAMER_FAST|CF_NEVER_WAIT);
4769 s->rep->flags &= ~(CF_SHUTR|CF_SHUTR_NOW|CF_READ_ATTACHED|CF_READ_ERROR|CF_READ_NOEXP|CF_STREAMER|CF_STREAMER_FAST|CF_WRITE_PARTIAL|CF_NEVER_WAIT);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004770 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau36346242014-02-24 18:26:30 +01004771 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE|SN_SRV_REUSED);
Willy Tarreau543db622012-11-15 16:41:22 +01004772
Willy Tarreau610ecce2010-01-04 21:15:02 +01004773 s->txn.meth = 0;
4774 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01004775 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreau068621e2013-12-23 15:11:25 +01004776
4777 if (prev_status == 401 || prev_status == 407) {
4778 /* In HTTP keep-alive mode, if we receive a 401, we still have
4779 * a chance of being able to send the visitor again to the same
4780 * server over the same connection. This is required by some
4781 * broken protocols such as NTLM, and anyway whenever there is
4782 * an opportunity for sending the challenge to the proper place,
4783 * it's better to do it (at least it helps with debugging).
4784 */
4785 s->txn.flags |= TX_PREFER_LAST;
4786 }
4787
Willy Tarreauee55dc02010-06-01 10:56:34 +02004788 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01004789 s->req->cons->flags |= SI_FL_INDEP_STR;
4790
Willy Tarreau96e31212011-05-30 18:10:30 +02004791 if (s->fe->options2 & PR_O2_NODELAY) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004792 s->req->flags |= CF_NEVER_WAIT;
4793 s->rep->flags |= CF_NEVER_WAIT;
Willy Tarreau96e31212011-05-30 18:10:30 +02004794 }
4795
Willy Tarreau610ecce2010-01-04 21:15:02 +01004796 /* if the request buffer is not empty, it means we're
4797 * about to process another request, so send pending
4798 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01004799 * Just don't do this if the buffer is close to be full,
4800 * because the request will wait for it to flush a little
4801 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004802 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004803 if (s->req->buf->i) {
4804 if (s->rep->buf->o &&
4805 !buffer_full(s->rep->buf, global.tune.maxrewrite) &&
4806 bi_end(s->rep->buf) <= s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004807 s->rep->flags |= CF_EXPECT_MORE;
Willy Tarreau065e8332010-01-08 00:30:20 +01004808 }
Willy Tarreau90deb182010-01-07 00:20:41 +01004809
4810 /* we're removing the analysers, we MUST re-enable events detection */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004811 channel_auto_read(s->req);
4812 channel_auto_close(s->req);
4813 channel_auto_read(s->rep);
4814 channel_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004815
Willy Tarreau27375622013-12-17 00:00:28 +01004816 /* we're in keep-alive with an idle connection, monitor it */
4817 si_idle_conn(s->req->cons);
4818
Willy Tarreau342b11c2010-11-24 16:22:09 +01004819 s->req->analysers = s->listener->analysers;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004820 s->rep->analysers = 0;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004821}
4822
4823
4824/* This function updates the request state machine according to the response
4825 * state machine and buffer flags. It returns 1 if it changes anything (flag
4826 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4827 * it is only used to find when a request/response couple is complete. Both
4828 * this function and its equivalent should loop until both return zero. It
4829 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4830 */
4831int http_sync_req_state(struct session *s)
4832{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004833 struct channel *chn = s->req;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004834 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004835 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004836 unsigned int old_state = txn->req.msg_state;
4837
Willy Tarreau610ecce2010-01-04 21:15:02 +01004838 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4839 return 0;
4840
4841 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004842 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004843 * We can shut the read side unless we want to abort_on_close,
4844 * or we have a POST request. The issue with POST requests is
4845 * that some browsers still send a CRLF after the request, and
4846 * this CRLF must be read so that it does not remain in the kernel
4847 * buffers, otherwise a close could cause an RST on some systems
4848 * (eg: Linux).
Willy Tarreau3988d932013-12-27 23:03:08 +01004849 * Note that if we're using keep-alive on the client side, we'd
4850 * rather poll now and keep the polling enabled for the whole
4851 * session's life than enabling/disabling it between each
4852 * response and next request.
Willy Tarreau90deb182010-01-07 00:20:41 +01004853 */
Willy Tarreau3988d932013-12-27 23:03:08 +01004854 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_SCL) &&
4855 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) &&
4856 !(s->be->options & PR_O_ABRT_CLOSE) &&
4857 txn->meth != HTTP_METH_POST)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004858 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004859
Willy Tarreau40f151a2012-12-20 12:10:09 +01004860 /* if the server closes the connection, we want to immediately react
4861 * and close the socket to save packets and syscalls.
4862 */
4863 chn->cons->flags |= SI_FL_NOHALF;
4864
Willy Tarreau610ecce2010-01-04 21:15:02 +01004865 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4866 goto wait_other_side;
4867
4868 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4869 /* The server has not finished to respond, so we
4870 * don't want to move in order not to upset it.
4871 */
4872 goto wait_other_side;
4873 }
4874
4875 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4876 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004877 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004878 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004879 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004880 goto wait_other_side;
4881 }
4882
4883 /* When we get here, it means that both the request and the
4884 * response have finished receiving. Depending on the connection
4885 * mode, we'll have to wait for the last bytes to leave in either
4886 * direction, and sometimes for a close to be effective.
4887 */
4888
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004889 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4890 /* Server-close mode : queue a connection close to the server */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004891 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW)))
4892 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004893 }
4894 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4895 /* Option forceclose is set, or either side wants to close,
4896 * let's enforce it now that we're not expecting any new
4897 * data to come. The caller knows the session is complete
4898 * once both states are CLOSED.
4899 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004900 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4901 channel_shutr_now(chn);
4902 channel_shutw_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004903 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004904 }
4905 else {
Willy Tarreau4213a112013-12-15 10:25:42 +01004906 /* The last possible modes are keep-alive and tunnel. Tunnel mode
4907 * will not have any analyser so it needs to poll for reads.
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004908 */
Willy Tarreau4213a112013-12-15 10:25:42 +01004909 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN) {
4910 channel_auto_read(chn);
4911 txn->req.msg_state = HTTP_MSG_TUNNEL;
4912 chn->flags |= CF_NEVER_WAIT;
4913 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004914 }
4915
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004916 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004917 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004918 chn->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004919
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004920 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004921 txn->req.msg_state = HTTP_MSG_CLOSING;
4922 goto http_msg_closing;
4923 }
4924 else {
4925 txn->req.msg_state = HTTP_MSG_CLOSED;
4926 goto http_msg_closed;
4927 }
4928 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004929 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004930 }
4931
4932 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4933 http_msg_closing:
4934 /* nothing else to forward, just waiting for the output buffer
4935 * to be empty and for the shutw_now to take effect.
4936 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004937 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004938 txn->req.msg_state = HTTP_MSG_CLOSED;
4939 goto http_msg_closed;
4940 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004941 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004942 txn->req.msg_state = HTTP_MSG_ERROR;
4943 goto wait_other_side;
4944 }
4945 }
4946
4947 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4948 http_msg_closed:
Willy Tarreau3988d932013-12-27 23:03:08 +01004949 /* see above in MSG_DONE why we only do this in these states */
4950 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_SCL) &&
4951 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) &&
4952 !(s->be->options & PR_O_ABRT_CLOSE))
Willy Tarreau2e7a1652013-12-15 15:32:10 +01004953 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004954 goto wait_other_side;
4955 }
4956
4957 wait_other_side:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004958 return txn->req.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004959}
4960
4961
4962/* This function updates the response state machine according to the request
4963 * state machine and buffer flags. It returns 1 if it changes anything (flag
4964 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4965 * it is only used to find when a request/response couple is complete. Both
4966 * this function and its equivalent should loop until both return zero. It
4967 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4968 */
4969int http_sync_res_state(struct session *s)
4970{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004971 struct channel *chn = s->rep;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004972 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004973 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004974 unsigned int old_state = txn->rsp.msg_state;
4975
Willy Tarreau610ecce2010-01-04 21:15:02 +01004976 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4977 return 0;
4978
4979 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4980 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004981 * still monitor the server connection for a possible close
4982 * while the request is being uploaded, so we don't disable
4983 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004984 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004985 /* channel_dont_read(chn); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004986
4987 if (txn->req.msg_state == HTTP_MSG_ERROR)
4988 goto wait_other_side;
4989
4990 if (txn->req.msg_state < HTTP_MSG_DONE) {
4991 /* The client seems to still be sending data, probably
4992 * because we got an error response during an upload.
4993 * We have the choice of either breaking the connection
4994 * or letting it pass through. Let's do the later.
4995 */
4996 goto wait_other_side;
4997 }
4998
4999 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
5000 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005001 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005002 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02005003 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005004 goto wait_other_side;
5005 }
5006
5007 /* When we get here, it means that both the request and the
5008 * response have finished receiving. Depending on the connection
5009 * mode, we'll have to wait for the last bytes to leave in either
5010 * direction, and sometimes for a close to be effective.
5011 */
5012
5013 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
5014 /* Server-close mode : shut read and wait for the request
5015 * side to close its output buffer. The caller will detect
5016 * when we're in DONE and the other is in CLOSED and will
5017 * catch that for the final cleanup.
5018 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005019 if (!(chn->flags & (CF_SHUTR|CF_SHUTR_NOW)))
5020 channel_shutr_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005021 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01005022 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5023 /* Option forceclose is set, or either side wants to close,
5024 * let's enforce it now that we're not expecting any new
5025 * data to come. The caller knows the session is complete
5026 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01005027 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005028 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
5029 channel_shutr_now(chn);
5030 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01005031 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005032 }
5033 else {
Willy Tarreau4213a112013-12-15 10:25:42 +01005034 /* The last possible modes are keep-alive and tunnel. Tunnel will
5035 * need to forward remaining data. Keep-alive will need to monitor
5036 * for connection closing.
Willy Tarreau610ecce2010-01-04 21:15:02 +01005037 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005038 channel_auto_read(chn);
Willy Tarreaufc47f912012-10-20 10:38:09 +02005039 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau4213a112013-12-15 10:25:42 +01005040 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
5041 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005042 }
5043
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005044 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005045 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005046 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005047 txn->rsp.msg_state = HTTP_MSG_CLOSING;
5048 goto http_msg_closing;
5049 }
5050 else {
5051 txn->rsp.msg_state = HTTP_MSG_CLOSED;
5052 goto http_msg_closed;
5053 }
5054 }
5055 goto wait_other_side;
5056 }
5057
5058 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
5059 http_msg_closing:
5060 /* nothing else to forward, just waiting for the output buffer
5061 * to be empty and for the shutw_now to take effect.
5062 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005063 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005064 txn->rsp.msg_state = HTTP_MSG_CLOSED;
5065 goto http_msg_closed;
5066 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005067 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005068 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005069 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005070 if (objt_server(s->target))
5071 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005072 goto wait_other_side;
5073 }
5074 }
5075
5076 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
5077 http_msg_closed:
5078 /* drop any pending data */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005079 bi_erase(chn);
5080 channel_auto_close(chn);
5081 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005082 goto wait_other_side;
5083 }
5084
5085 wait_other_side:
Willy Tarreaufc47f912012-10-20 10:38:09 +02005086 /* We force the response to leave immediately if we're waiting for the
5087 * other side, since there is no pending shutdown to push it out.
5088 */
5089 if (!channel_is_empty(chn))
5090 chn->flags |= CF_SEND_DONTWAIT;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02005091 return txn->rsp.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005092}
5093
5094
5095/* Resync the request and response state machines. Return 1 if either state
5096 * changes.
5097 */
5098int http_resync_states(struct session *s)
5099{
5100 struct http_txn *txn = &s->txn;
5101 int old_req_state = txn->req.msg_state;
5102 int old_res_state = txn->rsp.msg_state;
5103
Willy Tarreau610ecce2010-01-04 21:15:02 +01005104 http_sync_req_state(s);
5105 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005106 if (!http_sync_res_state(s))
5107 break;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005108 if (!http_sync_req_state(s))
5109 break;
5110 }
Willy Tarreau3ce10ff2014-04-22 08:24:38 +02005111
Willy Tarreau610ecce2010-01-04 21:15:02 +01005112 /* OK, both state machines agree on a compatible state.
5113 * There are a few cases we're interested in :
5114 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
5115 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
5116 * directions, so let's simply disable both analysers.
5117 * - HTTP_MSG_CLOSED on the response only means we must abort the
5118 * request.
5119 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
5120 * with server-close mode means we've completed one request and we
5121 * must re-initialize the server connection.
5122 */
5123
5124 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
5125 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
5126 (txn->req.msg_state == HTTP_MSG_CLOSED &&
5127 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
5128 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005129 channel_auto_close(s->req);
5130 channel_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005131 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005132 channel_auto_close(s->rep);
5133 channel_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005134 }
Willy Tarreau40f151a2012-12-20 12:10:09 +01005135 else if ((txn->req.msg_state >= HTTP_MSG_DONE &&
5136 (txn->rsp.msg_state == HTTP_MSG_CLOSED || (s->rep->flags & CF_SHUTW))) ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01005137 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau40f151a2012-12-20 12:10:09 +01005138 txn->req.msg_state == HTTP_MSG_ERROR) {
Willy Tarreau90deb182010-01-07 00:20:41 +01005139 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005140 channel_auto_close(s->rep);
5141 channel_auto_read(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01005142 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005143 channel_abort(s->req);
5144 channel_auto_close(s->req);
5145 channel_auto_read(s->req);
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005146 bi_erase(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005147 }
Willy Tarreau4213a112013-12-15 10:25:42 +01005148 else if ((txn->req.msg_state == HTTP_MSG_DONE ||
5149 txn->req.msg_state == HTTP_MSG_CLOSED) &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01005150 txn->rsp.msg_state == HTTP_MSG_DONE &&
Willy Tarreau4213a112013-12-15 10:25:42 +01005151 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
5152 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
5153 /* server-close/keep-alive: terminate this transaction,
5154 * possibly killing the server connection and reinitialize
5155 * a fresh-new transaction.
Willy Tarreau610ecce2010-01-04 21:15:02 +01005156 */
5157 http_end_txn_clean_session(s);
5158 }
5159
Willy Tarreau610ecce2010-01-04 21:15:02 +01005160 return txn->req.msg_state != old_req_state ||
5161 txn->rsp.msg_state != old_res_state;
5162}
5163
Willy Tarreaud98cf932009-12-27 22:54:55 +01005164/* This function is an analyser which forwards request body (including chunk
5165 * sizes if any). It is called as soon as we must forward, even if we forward
5166 * zero byte. The only situation where it must not be called is when we're in
5167 * tunnel mode and we want to forward till the close. It's used both to forward
5168 * remaining data and to resync after end of body. It expects the msg_state to
5169 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
5170 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01005171 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreauc24715e2014-04-17 15:21:20 +02005172 * bytes of pending data + the headers if not already done.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005173 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005174int http_request_forward_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005175{
5176 struct http_txn *txn = &s->txn;
5177 struct http_msg *msg = &s->txn.req;
5178
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005179 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
5180 return 0;
5181
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005182 if ((req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02005183 ((req->flags & CF_SHUTW) && (req->to_forward || req->buf->o))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02005184 /* Output closed while we were sending data. We must abort and
5185 * wake the other side up.
5186 */
5187 msg->msg_state = HTTP_MSG_ERROR;
5188 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01005189 return 1;
5190 }
5191
Willy Tarreaud98cf932009-12-27 22:54:55 +01005192 /* Note that we don't have to send 100-continue back because we don't
5193 * need the data to complete our job, and it's up to the server to
5194 * decide whether to return 100, 417 or anything else in return of
5195 * an "Expect: 100-continue" header.
5196 */
5197
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02005198 if (msg->sov) {
5199 /* we have msg->sov which points to the first byte of message
5200 * body, and req->buf.p still points to the beginning of the
5201 * message. We forward the headers now, as we don't need them
5202 * anymore, and we want to flush them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01005203 */
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02005204 b_adv(req->buf, msg->sov);
5205 msg->next -= msg->sov;
5206 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01005207
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02005208 /* The previous analysers guarantee that the state is somewhere
5209 * between MSG_BODY and the first MSG_DATA. So msg->sol and
5210 * msg->next are always correct.
5211 */
5212 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
5213 if (msg->flags & HTTP_MSGF_TE_CHNK)
5214 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
5215 else
5216 msg->msg_state = HTTP_MSG_DATA;
5217 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005218 }
5219
Willy Tarreau7ba23542014-04-17 21:50:00 +02005220 /* Some post-connect processing might want us to refrain from starting to
5221 * forward data. Currently, the only reason for this is "balance url_param"
5222 * whichs need to parse/process the request after we've enabled forwarding.
5223 */
5224 if (unlikely(msg->flags & HTTP_MSGF_WAIT_CONN)) {
5225 if (!(s->rep->flags & CF_READ_ATTACHED)) {
5226 channel_auto_connect(req);
5227 goto missing_data;
5228 }
5229 msg->flags &= ~HTTP_MSGF_WAIT_CONN;
5230 }
5231
Willy Tarreau80a92c02014-03-12 10:41:13 +01005232 /* in most states, we should abort in case of early close */
5233 channel_auto_close(req);
5234
Willy Tarreauefdf0942014-04-24 20:08:57 +02005235 if (req->to_forward) {
5236 /* We can't process the buffer's contents yet */
5237 req->flags |= CF_WAKE_WRITE;
5238 goto missing_data;
5239 }
5240
Willy Tarreaud98cf932009-12-27 22:54:55 +01005241 while (1) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01005242 if (msg->msg_state == HTTP_MSG_DATA) {
5243 /* must still forward */
Willy Tarreaubed410e2014-04-22 08:19:34 +02005244 /* we may have some pending data starting at req->buf->p */
5245 if (msg->chunk_len > req->buf->i - msg->next) {
Willy Tarreau4afd70a2014-01-25 02:26:39 +01005246 req->flags |= CF_WAKE_WRITE;
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005247 goto missing_data;
Willy Tarreau4afd70a2014-01-25 02:26:39 +01005248 }
Willy Tarreaubed410e2014-04-22 08:19:34 +02005249 msg->next += msg->chunk_len;
5250 msg->chunk_len = 0;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005251
5252 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005253 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005254 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005255 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01005256 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005257 }
5258 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01005259 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreauc24715e2014-04-17 15:21:20 +02005260 * set ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01005261 * TRAILERS state.
5262 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005263 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005264
Willy Tarreau54d23df2012-10-25 19:04:45 +02005265 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005266 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005267 else if (ret < 0) {
5268 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005269 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005270 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005271 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005272 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005273 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005274 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02005275 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01005276 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02005277 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005278
5279 if (ret == 0)
5280 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005281 else if (ret < 0) {
5282 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005283 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005284 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005285 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005286 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005287 /* we're in MSG_CHUNK_SIZE now */
5288 }
5289 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005290 int ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005291
5292 if (ret == 0)
5293 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005294 else if (ret < 0) {
5295 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005296 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005297 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005298 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005299 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005300 /* we're in HTTP_MSG_DONE now */
5301 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005302 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005303 int old_state = msg->msg_state;
5304
Willy Tarreau610ecce2010-01-04 21:15:02 +01005305 /* other states, DONE...TUNNEL */
Willy Tarreaubed410e2014-04-22 08:19:34 +02005306
5307 /* we may have some pending data starting at req->buf->p
5308 * such as last chunk of data or trailers.
5309 */
5310 b_adv(req->buf, msg->next);
5311 msg->next = 0;
5312
Willy Tarreau4fe41902010-06-07 22:27:41 +02005313 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005314 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5315 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005316 channel_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005317 if (http_resync_states(s)) {
5318 /* some state changes occurred, maybe the analyser
5319 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01005320 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005321 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005322 if (req->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005323 /* request errors are most likely due to
5324 * the server aborting the transfer.
5325 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005326 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005327 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005328 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005329 http_capture_bad_message(&s->fe->invalid_req, s, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005330 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005331 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005332 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005333 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005334
5335 /* If "option abortonclose" is set on the backend, we
5336 * want to monitor the client's connection and forward
5337 * any shutdown notification to the server, which will
5338 * decide whether to close or to go on processing the
5339 * request.
5340 */
5341 if (s->be->options & PR_O_ABRT_CLOSE) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005342 channel_auto_read(req);
5343 channel_auto_close(req);
Willy Tarreau5c54c712010-07-17 08:02:58 +02005344 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005345 else if (s->txn.meth == HTTP_METH_POST) {
5346 /* POST requests may require to read extra CRLF
5347 * sent by broken browsers and which could cause
5348 * an RST to be sent upon close on some systems
5349 * (eg: Linux).
5350 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005351 channel_auto_read(req);
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005352 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005353
Willy Tarreau610ecce2010-01-04 21:15:02 +01005354 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005355 }
5356 }
5357
Willy Tarreaud98cf932009-12-27 22:54:55 +01005358 missing_data:
Willy Tarreaubed410e2014-04-22 08:19:34 +02005359 /* we may have some pending data starting at req->buf->p */
5360 b_adv(req->buf, msg->next);
5361 msg->next = 0;
5362 msg->chunk_len -= channel_forward(req, msg->chunk_len);
5363
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005364 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005365 if (req->flags & CF_SHUTR) {
Willy Tarreau79ebac62010-06-07 13:47:49 +02005366 if (!(s->flags & SN_ERR_MASK))
5367 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005368 if (!(s->flags & SN_FINST_MASK)) {
5369 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5370 s->flags |= SN_FINST_H;
5371 else
5372 s->flags |= SN_FINST_D;
5373 }
5374
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005375 s->fe->fe_counters.cli_aborts++;
5376 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005377 if (objt_server(s->target))
5378 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005379
5380 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02005381 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005382
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005383 /* waiting for the last bits to leave the buffer */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005384 if (req->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005385 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005386
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005387 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005388 * chunks even if the client has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005389 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005390 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005391 channel_dont_close(req);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005392
Willy Tarreau5c620922011-05-11 19:56:11 +02005393 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005394 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02005395 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01005396 * modes are already handled by the stream sock layer. We must not do
5397 * this in content-length mode because it could present the MSG_MORE
5398 * flag with the last block of forwarded data, which would cause an
5399 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02005400 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005401 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005402 req->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02005403
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005404 return 0;
5405
Willy Tarreaud98cf932009-12-27 22:54:55 +01005406 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005407 s->fe->fe_counters.failed_req++;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005408 if (s->listener->counters)
5409 s->listener->counters->failed_req++;
Willy Tarreaubed410e2014-04-22 08:19:34 +02005410
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005411 return_bad_req_stats_ok:
Willy Tarreaubed410e2014-04-22 08:19:34 +02005412 /* we may have some pending data starting at req->buf->p */
5413 b_adv(req->buf, msg->next);
5414 msg->next = 0;
5415
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005416 txn->req.msg_state = HTTP_MSG_ERROR;
5417 if (txn->status) {
5418 /* Note: we don't send any error if some data were already sent */
5419 stream_int_retnclose(req->prod, NULL);
5420 } else {
5421 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02005422 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005423 }
5424 req->analysers = 0;
5425 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005426
5427 if (!(s->flags & SN_ERR_MASK))
5428 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005429 if (!(s->flags & SN_FINST_MASK)) {
5430 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5431 s->flags |= SN_FINST_H;
5432 else
5433 s->flags |= SN_FINST_D;
5434 }
5435 return 0;
5436
5437 aborted_xfer:
5438 txn->req.msg_state = HTTP_MSG_ERROR;
5439 if (txn->status) {
5440 /* Note: we don't send any error if some data were already sent */
5441 stream_int_retnclose(req->prod, NULL);
5442 } else {
5443 txn->status = 502;
Willy Tarreau783f2582012-09-04 12:19:04 +02005444 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_502));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005445 }
5446 req->analysers = 0;
5447 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
5448
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005449 s->fe->fe_counters.srv_aborts++;
5450 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005451 if (objt_server(s->target))
5452 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005453
5454 if (!(s->flags & SN_ERR_MASK))
5455 s->flags |= SN_ERR_SRVCL;
5456 if (!(s->flags & SN_FINST_MASK)) {
5457 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5458 s->flags |= SN_FINST_H;
5459 else
5460 s->flags |= SN_FINST_D;
5461 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005462 return 0;
5463}
5464
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005465/* This stream analyser waits for a complete HTTP response. It returns 1 if the
5466 * processing can continue on next analysers, or zero if it either needs more
5467 * data or wants to immediately abort the response (eg: timeout, error, ...). It
5468 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
5469 * when it has nothing left to do, and may remove any analyser when it wants to
5470 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005471 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005472int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005473{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005474 struct http_txn *txn = &s->txn;
5475 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005476 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005477 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005478 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005479 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02005480
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005481 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02005482 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005483 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005484 rep,
5485 rep->rex, rep->wex,
5486 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005487 rep->buf->i,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005488 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005489
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005490 /*
5491 * Now parse the partial (or complete) lines.
5492 * We will check the response syntax, and also join multi-line
5493 * headers. An index of all the lines will be elaborated while
5494 * parsing.
5495 *
5496 * For the parsing, we use a 28 states FSM.
5497 *
5498 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02005499 * rep->buf->p = beginning of response
5500 * rep->buf->p + msg->eoh = end of processed headers / start of current one
5501 * rep->buf->p + rep->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02005502 * msg->eol = end of current header or line (LF or CRLF)
5503 * msg->next = first non-visited byte
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005504 */
5505
Willy Tarreau628c40c2014-04-24 19:11:26 +02005506 next_one:
Willy Tarreau83e3af02009-12-28 17:39:57 +01005507 /* There's a protected area at the end of the buffer for rewriting
5508 * purposes. We don't want to start to parse the request if the
5509 * protected area is affected, because we may have to move processed
5510 * data later, which is much more complicated.
5511 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005512 if (buffer_not_empty(rep->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02005513 if (unlikely(!channel_reserved(rep))) {
5514 /* some data has still not left the buffer, wake us once that's done */
5515 if (rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
5516 goto abort_response;
5517 channel_dont_close(rep);
5518 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01005519 rep->flags |= CF_WAKE_WRITE;
Willy Tarreau379357a2013-06-08 12:55:46 +02005520 return 0;
Willy Tarreau83e3af02009-12-28 17:39:57 +01005521 }
5522
Willy Tarreau379357a2013-06-08 12:55:46 +02005523 if (unlikely(bi_end(rep->buf) < b_ptr(rep->buf, msg->next) ||
5524 bi_end(rep->buf) > rep->buf->data + rep->buf->size - global.tune.maxrewrite))
5525 buffer_slow_realign(rep->buf);
5526
Willy Tarreau9b28e032012-10-12 23:49:43 +02005527 if (likely(msg->next < rep->buf->i))
Willy Tarreaua560c212012-03-09 13:50:57 +01005528 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01005529 }
5530
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005531 /* 1: we might have to print this header in debug mode */
5532 if (unlikely((global.mode & MODE_DEBUG) &&
5533 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01005534 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005535 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005536
Willy Tarreau9b28e032012-10-12 23:49:43 +02005537 sol = rep->buf->p;
5538 eol = sol + (msg->sl.st.l ? msg->sl.st.l : rep->buf->i);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005539 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005540
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005541 sol += hdr_idx_first_pos(&txn->hdr_idx);
5542 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005543
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005544 while (cur_idx) {
5545 eol = sol + txn->hdr_idx.v[cur_idx].len;
5546 debug_hdr("srvhdr", s, sol, eol);
5547 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
5548 cur_idx = txn->hdr_idx.v[cur_idx].next;
5549 }
5550 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005551
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005552 /*
5553 * Now we quickly check if we have found a full valid response.
5554 * If not so, we check the FD and buffer states before leaving.
5555 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01005556 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005557 * responses are checked first.
5558 *
5559 * Depending on whether the client is still there or not, we
5560 * may send an error response back or not. Note that normally
5561 * we should only check for HTTP status there, and check I/O
5562 * errors somewhere else.
5563 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005564
Willy Tarreau655dce92009-11-08 13:10:58 +01005565 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005566 /* Invalid response */
5567 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
5568 /* we detected a parsing error. We want to archive this response
5569 * in the dedicated proxy area for later troubleshooting.
5570 */
5571 hdr_response_bad:
5572 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005573 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005574
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005575 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005576 if (objt_server(s->target)) {
5577 objt_server(s->target)->counters.failed_resp++;
5578 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005579 }
Willy Tarreau64648412010-03-05 10:41:54 +01005580 abort_response:
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005581 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005582 rep->analysers = 0;
5583 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005584 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005585 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005586 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005587
5588 if (!(s->flags & SN_ERR_MASK))
5589 s->flags |= SN_ERR_PRXCOND;
5590 if (!(s->flags & SN_FINST_MASK))
5591 s->flags |= SN_FINST_H;
5592
5593 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005594 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005595
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005596 /* too large response does not fit in buffer. */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005597 else if (buffer_full(rep->buf, global.tune.maxrewrite)) {
Willy Tarreaufec4d892011-09-02 20:04:57 +02005598 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02005599 msg->err_pos = rep->buf->i;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005600 goto hdr_response_bad;
5601 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005602
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005603 /* read error */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005604 else if (rep->flags & CF_READ_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005605 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005606 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005607 else if (txn->flags & TX_NOT_FIRST)
5608 goto abort_keep_alive;
Willy Tarreau4076a152009-04-02 15:18:36 +02005609
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005610 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005611 if (objt_server(s->target)) {
5612 objt_server(s->target)->counters.failed_resp++;
5613 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_ERROR);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005614 }
Willy Tarreau461f6622008-08-15 23:43:19 +02005615
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005616 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005617 rep->analysers = 0;
5618 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005619 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005620 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005621 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02005622
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005623 if (!(s->flags & SN_ERR_MASK))
5624 s->flags |= SN_ERR_SRVCL;
5625 if (!(s->flags & SN_FINST_MASK))
5626 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02005627 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005628 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005629
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005630 /* read timeout : return a 504 to the client. */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005631 else if (rep->flags & CF_READ_TIMEOUT) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005632 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005633 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005634 else if (txn->flags & TX_NOT_FIRST)
5635 goto abort_keep_alive;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005636
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005637 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005638 if (objt_server(s->target)) {
5639 objt_server(s->target)->counters.failed_resp++;
5640 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_TIMEOUT);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005641 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005642
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005643 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005644 rep->analysers = 0;
5645 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005646 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005647 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005648 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02005649
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005650 if (!(s->flags & SN_ERR_MASK))
5651 s->flags |= SN_ERR_SRVTO;
5652 if (!(s->flags & SN_FINST_MASK))
5653 s->flags |= SN_FINST_H;
5654 return 0;
5655 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02005656
Willy Tarreauf003d372012-11-26 13:35:37 +01005657 /* client abort with an abortonclose */
5658 else if ((rep->flags & CF_SHUTR) && ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))) {
5659 s->fe->fe_counters.cli_aborts++;
5660 s->be->be_counters.cli_aborts++;
5661 if (objt_server(s->target))
5662 objt_server(s->target)->counters.cli_aborts++;
5663
5664 rep->analysers = 0;
5665 channel_auto_close(rep);
5666
5667 txn->status = 400;
5668 bi_erase(rep);
5669 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_400));
5670
5671 if (!(s->flags & SN_ERR_MASK))
5672 s->flags |= SN_ERR_CLICL;
5673 if (!(s->flags & SN_FINST_MASK))
5674 s->flags |= SN_FINST_H;
5675
5676 /* process_session() will take care of the error */
5677 return 0;
5678 }
5679
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005680 /* close from server, capture the response if the server has started to respond */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005681 else if (rep->flags & CF_SHUTR) {
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005682 if (msg->msg_state >= HTTP_MSG_RPVER || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005683 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005684 else if (txn->flags & TX_NOT_FIRST)
5685 goto abort_keep_alive;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005686
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005687 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005688 if (objt_server(s->target)) {
5689 objt_server(s->target)->counters.failed_resp++;
5690 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_BROKEN_PIPE);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005691 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005692
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005693 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005694 rep->analysers = 0;
5695 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005696 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005697 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005698 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01005699
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005700 if (!(s->flags & SN_ERR_MASK))
5701 s->flags |= SN_ERR_SRVCL;
5702 if (!(s->flags & SN_FINST_MASK))
5703 s->flags |= SN_FINST_H;
5704 return 0;
5705 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005706
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005707 /* write error to client (we don't send any message then) */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005708 else if (rep->flags & CF_WRITE_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005709 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005710 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005711 else if (txn->flags & TX_NOT_FIRST)
5712 goto abort_keep_alive;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005713
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005714 s->be->be_counters.failed_resp++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005715 rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005716 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005717
5718 if (!(s->flags & SN_ERR_MASK))
5719 s->flags |= SN_ERR_CLICL;
5720 if (!(s->flags & SN_FINST_MASK))
5721 s->flags |= SN_FINST_H;
5722
5723 /* process_session() will take care of the error */
5724 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005725 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005726
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005727 channel_dont_close(rep);
Willy Tarreau3f3997e2013-12-15 15:21:32 +01005728 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005729 return 0;
5730 }
5731
5732 /* More interesting part now : we know that we have a complete
5733 * response which at least looks like HTTP. We have an indicator
5734 * of each header's length, so we can parse them quickly.
5735 */
5736
5737 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005738 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005739
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005740 /*
5741 * 1: get the status code
5742 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005743 n = rep->buf->p[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005744 if (n < 1 || n > 5)
5745 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005746 /* when the client triggers a 4xx from the server, it's most often due
5747 * to a missing object or permission. These events should be tracked
5748 * because if they happen often, it may indicate a brute force or a
5749 * vulnerability scan.
5750 */
5751 if (n == 4)
5752 session_inc_http_err_ctr(s);
5753
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005754 if (objt_server(s->target))
5755 objt_server(s->target)->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005756
Willy Tarreau5b154472009-12-21 20:11:07 +01005757 /* check if the response is HTTP/1.1 or above */
5758 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005759 ((rep->buf->p[5] > '1') ||
5760 ((rep->buf->p[5] == '1') && (rep->buf->p[7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005761 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01005762
5763 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005764 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_HDR_CONN_UPG|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01005765
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005766 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005767 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005768
Willy Tarreau9b28e032012-10-12 23:49:43 +02005769 txn->status = strl2ui(rep->buf->p + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005770
Willy Tarreau39650402010-03-15 19:44:39 +01005771 /* Adjust server's health based on status code. Note: status codes 501
5772 * and 505 are triggered on demand by client request, so we must not
5773 * count them as server failures.
5774 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005775 if (objt_server(s->target)) {
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005776 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005777 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_OK);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005778 else
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005779 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_STS);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005780 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005781
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005782 /*
5783 * 2: check for cacheability.
5784 */
5785
5786 switch (txn->status) {
Willy Tarreau628c40c2014-04-24 19:11:26 +02005787 case 100:
5788 /*
5789 * We may be facing a 100-continue response, in which case this
5790 * is not the right response, and we're waiting for the next one.
5791 * Let's allow this response to go to the client and wait for the
5792 * next one.
5793 */
5794 hdr_idx_init(&txn->hdr_idx);
5795 msg->next -= channel_forward(rep, msg->next);
5796 msg->msg_state = HTTP_MSG_RPBEFORE;
5797 txn->status = 0;
5798 s->logs.t_data = -1; /* was not a response yet */
5799 goto next_one;
5800
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005801 case 200:
5802 case 203:
5803 case 206:
5804 case 300:
5805 case 301:
5806 case 410:
5807 /* RFC2616 @13.4:
5808 * "A response received with a status code of
5809 * 200, 203, 206, 300, 301 or 410 MAY be stored
5810 * by a cache (...) unless a cache-control
5811 * directive prohibits caching."
5812 *
5813 * RFC2616 @9.5: POST method :
5814 * "Responses to this method are not cacheable,
5815 * unless the response includes appropriate
5816 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005817 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005818 if (likely(txn->meth != HTTP_METH_POST) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005819 ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005820 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
5821 break;
5822 default:
5823 break;
5824 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005825
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005826 /*
5827 * 3: we may need to capture headers
5828 */
5829 s->logs.logwait &= ~LW_RESP;
Willy Tarreau42f7d892012-03-24 08:28:09 +01005830 if (unlikely((s->logs.logwait & LW_RSPHDR) && txn->rsp.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02005831 capture_headers(rep->buf->p, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005832 txn->rsp.cap, s->fe->rsp_cap);
5833
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005834 /* 4: determine the transfer-length.
5835 * According to RFC2616 #4.4, amended by the HTTPbis working group,
5836 * the presence of a message-body in a RESPONSE and its transfer length
5837 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005838 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005839 * All responses to the HEAD request method MUST NOT include a
5840 * message-body, even though the presence of entity-header fields
5841 * might lead one to believe they do. All 1xx (informational), 204
5842 * (No Content), and 304 (Not Modified) responses MUST NOT include a
5843 * message-body. All other responses do include a message-body,
5844 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005845 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005846 * 1. Any response which "MUST NOT" include a message-body (such as the
5847 * 1xx, 204 and 304 responses and any response to a HEAD request) is
5848 * always terminated by the first empty line after the header fields,
5849 * regardless of the entity-header fields present in the message.
5850 *
5851 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
5852 * the "chunked" transfer-coding (Section 6.2) is used, the
5853 * transfer-length is defined by the use of this transfer-coding.
5854 * If a Transfer-Encoding header field is present and the "chunked"
5855 * transfer-coding is not present, the transfer-length is defined by
5856 * the sender closing the connection.
5857 *
5858 * 3. If a Content-Length header field is present, its decimal value in
5859 * OCTETs represents both the entity-length and the transfer-length.
5860 * If a message is received with both a Transfer-Encoding header
5861 * field and a Content-Length header field, the latter MUST be ignored.
5862 *
5863 * 4. If the message uses the media type "multipart/byteranges", and
5864 * the transfer-length is not otherwise specified, then this self-
5865 * delimiting media type defines the transfer-length. This media
5866 * type MUST NOT be used unless the sender knows that the recipient
5867 * can parse it; the presence in a request of a Range header with
5868 * multiple byte-range specifiers from a 1.1 client implies that the
5869 * client can parse multipart/byteranges responses.
5870 *
5871 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005872 */
5873
5874 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01005875 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005876 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005877 * FIXME: should we parse anyway and return an error on chunked encoding ?
5878 */
5879 if (txn->meth == HTTP_METH_HEAD ||
5880 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005881 txn->status == 204 || txn->status == 304) {
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005882 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreau91015352012-11-27 07:31:33 +01005883 s->comp_algo = NULL;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005884 goto skip_content_length;
5885 }
5886
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005887 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005888 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005889 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005890 http_find_header2("Transfer-Encoding", 17, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005891 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005892 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
5893 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005894 /* bad transfer-encoding (chunked followed by something else) */
5895 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005896 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005897 break;
5898 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005899 }
5900
5901 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
5902 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005903 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005904 http_find_header2("Content-Length", 14, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005905 signed long long cl;
5906
Willy Tarreauad14f752011-09-02 20:33:27 +02005907 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005908 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005909 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005910 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005911
Willy Tarreauad14f752011-09-02 20:33:27 +02005912 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005913 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005914 goto hdr_response_bad; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02005915 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005916
Willy Tarreauad14f752011-09-02 20:33:27 +02005917 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005918 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005919 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005920 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005921
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005922 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005923 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005924 goto hdr_response_bad; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02005925 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005926
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005927 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005928 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005929 }
5930
William Lallemand82fe75c2012-10-23 10:25:10 +02005931 if (s->fe->comp || s->be->comp)
5932 select_compression_response_header(s, rep->buf);
5933
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005934skip_content_length:
Willy Tarreau5b154472009-12-21 20:11:07 +01005935 /* Now we have to check if we need to modify the Connection header.
5936 * This is more difficult on the response than it is on the request,
5937 * because we can have two different HTTP versions and we don't know
5938 * how the client will interprete a response. For instance, let's say
5939 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5940 * HTTP/1.1 response without any header. Maybe it will bound itself to
5941 * HTTP/1.0 because it only knows about it, and will consider the lack
5942 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5943 * the lack of header as a keep-alive. Thus we will use two flags
5944 * indicating how a request MAY be understood by the client. In case
5945 * of multiple possibilities, we'll fix the header to be explicit. If
5946 * ambiguous cases such as both close and keepalive are seen, then we
5947 * will fall back to explicit close. Note that we won't take risks with
5948 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005949 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005950 */
5951
Willy Tarreaudc008c52010-02-01 16:20:08 +01005952 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5953 txn->status == 101)) {
5954 /* Either we've established an explicit tunnel, or we're
5955 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005956 * to understand the next protocols. We have to switch to tunnel
5957 * mode, so that we transfer the request and responses then let
5958 * this protocol pass unmodified. When we later implement specific
5959 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005960 * header which contains information about that protocol for
5961 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005962 */
5963 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5964 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005965 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5966 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005967 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
5968 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005969 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005970
Willy Tarreau70dffda2014-01-30 03:07:23 +01005971 /* this situation happens when combining pretend-keepalive with httpclose. */
5972 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005973 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
5974 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))
Willy Tarreau70dffda2014-01-30 03:07:23 +01005975 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
5976
Willy Tarreau60466522010-01-18 19:08:45 +01005977 /* on unknown transfer length, we must close */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005978 if (!(msg->flags & HTTP_MSGF_XFER_LEN) &&
Willy Tarreau60466522010-01-18 19:08:45 +01005979 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5980 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005981
Willy Tarreau60466522010-01-18 19:08:45 +01005982 /* now adjust header transformations depending on current state */
5983 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5984 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5985 to_del |= 2; /* remove "keep-alive" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005986 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005987 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005988 }
Willy Tarreau60466522010-01-18 19:08:45 +01005989 else { /* SCL / KAL */
5990 to_del |= 1; /* remove "close" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005991 if (txn->req.flags & msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005992 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005993 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005994
Willy Tarreau60466522010-01-18 19:08:45 +01005995 /* Parse and remove some headers from the connection header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005996 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005997
Willy Tarreau60466522010-01-18 19:08:45 +01005998 /* Some keep-alive responses are converted to Server-close if
5999 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01006000 */
Willy Tarreau60466522010-01-18 19:08:45 +01006001 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
6002 if ((txn->flags & TX_HDR_CONN_CLO) ||
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01006003 (!(txn->flags & TX_HDR_CONN_KAL) && !(msg->flags & HTTP_MSGF_VER_11)))
Willy Tarreau60466522010-01-18 19:08:45 +01006004 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01006005 }
Willy Tarreau5b154472009-12-21 20:11:07 +01006006 }
6007
Willy Tarreau7959a552013-09-23 16:44:27 +02006008 /* we want to have the response time before we start processing it */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006009 s->logs.t_data = tv_ms_elapsed(&s->logs.tv_accept, &now);
Willy Tarreau7959a552013-09-23 16:44:27 +02006010
Willy Tarreauf118d9f2014-04-24 18:26:08 +02006011 /* end of job, return OK */
6012 rep->analysers &= ~an_bit;
6013 rep->analyse_exp = TICK_ETERNITY;
6014 channel_auto_close(rep);
6015 return 1;
6016
6017 abort_keep_alive:
6018 /* A keep-alive request to the server failed on a network error.
6019 * The client is required to retry. We need to close without returning
6020 * any other information so that the client retries.
6021 */
6022 txn->status = 0;
6023 rep->analysers = 0;
6024 s->req->analysers = 0;
6025 channel_auto_close(rep);
6026 s->logs.logwait = 0;
6027 s->logs.level = 0;
6028 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
6029 bi_erase(rep);
6030 stream_int_retnclose(rep->cons, NULL);
6031 return 0;
6032}
6033
6034/* This function performs all the processing enabled for the current response.
6035 * It normally returns 1 unless it wants to break. It relies on buffers flags,
6036 * and updates s->rep->analysers. It might make sense to explode it into several
6037 * other functions. It works like process_request (see indications above).
6038 */
6039int http_process_res_common(struct session *s, struct channel *rep, int an_bit, struct proxy *px)
6040{
6041 struct http_txn *txn = &s->txn;
6042 struct http_msg *msg = &txn->rsp;
6043 struct proxy *cur_proxy;
6044 struct cond_wordlist *wl;
6045 struct http_res_rule *http_res_last_rule = NULL;
6046
6047 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
6048 now_ms, __FUNCTION__,
6049 s,
6050 rep,
6051 rep->rex, rep->wex,
6052 rep->flags,
6053 rep->buf->i,
6054 rep->analysers);
6055
6056 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
6057 return 0;
6058
6059 rep->analysers &= ~an_bit;
6060 rep->analyse_exp = TICK_ETERNITY;
6061
Willy Tarreau70730dd2014-04-24 18:06:27 +02006062 /* The stats applet needs to adjust the Connection header but we don't
6063 * apply any filter there.
6064 */
6065 if (unlikely(objt_applet(s->target) == &http_stats_applet))
6066 goto skip_filters;
6067
Willy Tarreau58975672014-04-24 21:13:57 +02006068 /*
6069 * We will have to evaluate the filters.
6070 * As opposed to version 1.2, now they will be evaluated in the
6071 * filters order and not in the header order. This means that
6072 * each filter has to be validated among all headers.
6073 *
6074 * Filters are tried with ->be first, then with ->fe if it is
6075 * different from ->be.
6076 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006077
Willy Tarreau58975672014-04-24 21:13:57 +02006078 cur_proxy = s->be;
6079 while (1) {
6080 struct proxy *rule_set = cur_proxy;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006081
Willy Tarreau58975672014-04-24 21:13:57 +02006082 /* evaluate http-response rules */
6083 if (!http_res_last_rule)
6084 http_res_last_rule = http_res_get_intercept_rule(cur_proxy, &cur_proxy->http_res_rules, s, txn);
Willy Tarreaue365c0b2013-06-11 16:06:12 +02006085
Willy Tarreau58975672014-04-24 21:13:57 +02006086 /* try headers filters */
6087 if (rule_set->rsp_exp != NULL) {
6088 if (apply_filters_to_response(s, rep, rule_set) < 0) {
6089 return_bad_resp:
6090 if (objt_server(s->target)) {
6091 objt_server(s->target)->counters.failed_resp++;
6092 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_RSP);
Willy Tarreau21d2af32008-02-14 20:25:24 +01006093 }
Willy Tarreau58975672014-04-24 21:13:57 +02006094 s->be->be_counters.failed_resp++;
6095 return_srv_prx_502:
6096 rep->analysers = 0;
6097 txn->status = 502;
6098 s->logs.t_data = -1; /* was not a valid response */
6099 rep->prod->flags |= SI_FL_NOLINGER;
6100 bi_erase(rep);
6101 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
6102 if (!(s->flags & SN_ERR_MASK))
6103 s->flags |= SN_ERR_PRXCOND;
6104 if (!(s->flags & SN_FINST_MASK))
6105 s->flags |= SN_FINST_H;
6106 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006107 }
Willy Tarreau58975672014-04-24 21:13:57 +02006108 }
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006109
Willy Tarreau58975672014-04-24 21:13:57 +02006110 /* has the response been denied ? */
6111 if (txn->flags & TX_SVDENY) {
6112 if (objt_server(s->target))
6113 objt_server(s->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006114
Willy Tarreau58975672014-04-24 21:13:57 +02006115 s->be->be_counters.denied_resp++;
6116 s->fe->fe_counters.denied_resp++;
6117 if (s->listener->counters)
6118 s->listener->counters->denied_resp++;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006119
Willy Tarreau58975672014-04-24 21:13:57 +02006120 goto return_srv_prx_502;
6121 }
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02006122
Willy Tarreau58975672014-04-24 21:13:57 +02006123 /* add response headers from the rule sets in the same order */
6124 list_for_each_entry(wl, &rule_set->rsp_add, list) {
6125 if (txn->status < 200)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006126 break;
Willy Tarreau58975672014-04-24 21:13:57 +02006127 if (wl->cond) {
6128 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
6129 ret = acl_pass(ret);
6130 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
6131 ret = !ret;
6132 if (!ret)
6133 continue;
6134 }
6135 if (unlikely(http_header_add_tail(&txn->rsp, &txn->hdr_idx, wl->s) < 0))
6136 goto return_bad_resp;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006137 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02006138
Willy Tarreau58975672014-04-24 21:13:57 +02006139 /* check whether we're already working on the frontend */
6140 if (cur_proxy == s->fe)
6141 break;
6142 cur_proxy = s->fe;
6143 }
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01006144
Willy Tarreau58975672014-04-24 21:13:57 +02006145 /* OK that's all we can do for 1xx responses */
6146 if (unlikely(txn->status < 200))
6147 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01006148
Willy Tarreau58975672014-04-24 21:13:57 +02006149 /*
6150 * Now check for a server cookie.
6151 */
6152 if (s->be->cookie_name || s->be->appsession_name || s->fe->capture_name ||
6153 (s->be->options & PR_O_CHK_CACHE))
6154 manage_server_side_cookies(s, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02006155
Willy Tarreau58975672014-04-24 21:13:57 +02006156 /*
6157 * Check for cache-control or pragma headers if required.
6158 */
6159 if ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC))
6160 check_response_for_cacheability(s, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02006161
Willy Tarreau58975672014-04-24 21:13:57 +02006162 /*
6163 * Add server cookie in the response if needed
6164 */
6165 if (objt_server(s->target) && (s->be->ck_opts & PR_CK_INS) &&
6166 !((txn->flags & TX_SCK_FOUND) && (s->be->ck_opts & PR_CK_PSV)) &&
6167 (!(s->flags & SN_DIRECT) ||
6168 ((s->be->cookie_maxidle || txn->cookie_last_date) &&
6169 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
6170 (s->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
6171 (!s->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
6172 (!(s->be->ck_opts & PR_CK_POST) || (txn->meth == HTTP_METH_POST)) &&
6173 !(s->flags & SN_IGNORE_PRST)) {
6174 /* the server is known, it's not the one the client requested, or the
6175 * cookie's last seen date needs to be refreshed. We have to
6176 * insert a set-cookie here, except if we want to insert only on POST
6177 * requests and this one isn't. Note that servers which don't have cookies
6178 * (eg: some backup servers) will return a full cookie removal request.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006179 */
Willy Tarreau58975672014-04-24 21:13:57 +02006180 if (!objt_server(s->target)->cookie) {
6181 chunk_printf(&trash,
6182 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
6183 s->be->cookie_name);
6184 }
6185 else {
6186 chunk_printf(&trash, "Set-Cookie: %s=%s", s->be->cookie_name, objt_server(s->target)->cookie);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006187
Willy Tarreau58975672014-04-24 21:13:57 +02006188 if (s->be->cookie_maxidle || s->be->cookie_maxlife) {
6189 /* emit last_date, which is mandatory */
6190 trash.str[trash.len++] = COOKIE_DELIM_DATE;
6191 s30tob64((date.tv_sec+3) >> 2, trash.str + trash.len);
6192 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02006193
Willy Tarreau58975672014-04-24 21:13:57 +02006194 if (s->be->cookie_maxlife) {
6195 /* emit first_date, which is either the original one or
6196 * the current date.
6197 */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006198 trash.str[trash.len++] = COOKIE_DELIM_DATE;
Willy Tarreau58975672014-04-24 21:13:57 +02006199 s30tob64(txn->cookie_first_date ?
6200 txn->cookie_first_date >> 2 :
6201 (date.tv_sec+3) >> 2, trash.str + trash.len);
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006202 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02006203 }
Willy Tarreauef4f3912010-10-07 21:00:29 +02006204 }
Willy Tarreau58975672014-04-24 21:13:57 +02006205 chunk_appendf(&trash, "; path=/");
6206 }
Willy Tarreau4992dd22012-05-31 21:02:17 +02006207
Willy Tarreau58975672014-04-24 21:13:57 +02006208 if (s->be->cookie_domain)
6209 chunk_appendf(&trash, "; domain=%s", s->be->cookie_domain);
Willy Tarreauef4f3912010-10-07 21:00:29 +02006210
Willy Tarreau58975672014-04-24 21:13:57 +02006211 if (s->be->ck_opts & PR_CK_HTTPONLY)
6212 chunk_appendf(&trash, "; HttpOnly");
Willy Tarreaubaaee002006-06-26 02:48:02 +02006213
Willy Tarreau58975672014-04-24 21:13:57 +02006214 if (s->be->ck_opts & PR_CK_SECURE)
6215 chunk_appendf(&trash, "; Secure");
Willy Tarreaubaaee002006-06-26 02:48:02 +02006216
Willy Tarreau58975672014-04-24 21:13:57 +02006217 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len) < 0))
6218 goto return_bad_resp;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006219
Willy Tarreau58975672014-04-24 21:13:57 +02006220 txn->flags &= ~TX_SCK_MASK;
6221 if (objt_server(s->target)->cookie && (s->flags & SN_DIRECT))
6222 /* the server did not change, only the date was updated */
6223 txn->flags |= TX_SCK_UPDATED;
6224 else
6225 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006226
Willy Tarreau58975672014-04-24 21:13:57 +02006227 /* Here, we will tell an eventual cache on the client side that we don't
6228 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
6229 * Some caches understand the correct form: 'no-cache="set-cookie"', but
6230 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006231 */
Willy Tarreau58975672014-04-24 21:13:57 +02006232 if ((s->be->ck_opts & PR_CK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006233
Willy Tarreau58975672014-04-24 21:13:57 +02006234 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006235
Willy Tarreau58975672014-04-24 21:13:57 +02006236 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx,
6237 "Cache-control: private", 22) < 0))
6238 goto return_bad_resp;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006239 }
Willy Tarreau58975672014-04-24 21:13:57 +02006240 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006241
Willy Tarreau58975672014-04-24 21:13:57 +02006242 /*
6243 * Check if result will be cacheable with a cookie.
6244 * We'll block the response if security checks have caught
6245 * nasty things such as a cacheable cookie.
6246 */
6247 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
6248 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
6249 (s->be->options & PR_O_CHK_CACHE)) {
6250 /* we're in presence of a cacheable response containing
6251 * a set-cookie header. We'll block it as requested by
6252 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006253 */
Willy Tarreau58975672014-04-24 21:13:57 +02006254 if (objt_server(s->target))
6255 objt_server(s->target)->counters.failed_secu++;
Willy Tarreau60466522010-01-18 19:08:45 +01006256
Willy Tarreau58975672014-04-24 21:13:57 +02006257 s->be->be_counters.denied_resp++;
6258 s->fe->fe_counters.denied_resp++;
6259 if (s->listener->counters)
6260 s->listener->counters->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006261
Willy Tarreau58975672014-04-24 21:13:57 +02006262 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
6263 s->be->id, objt_server(s->target) ? objt_server(s->target)->id : "<dispatch>");
6264 send_log(s->be, LOG_ALERT,
6265 "Blocking cacheable cookie in response from instance %s, server %s.\n",
6266 s->be->id, objt_server(s->target) ? objt_server(s->target)->id : "<dispatch>");
6267 goto return_srv_prx_502;
6268 }
Willy Tarreau03945942009-12-22 16:50:27 +01006269
Willy Tarreau70730dd2014-04-24 18:06:27 +02006270 skip_filters:
Willy Tarreau58975672014-04-24 21:13:57 +02006271 /*
6272 * Adjust "Connection: close" or "Connection: keep-alive" if needed.
6273 * If an "Upgrade" token is found, the header is left untouched in order
6274 * not to have to deal with some client bugs : some of them fail an upgrade
6275 * if anything but "Upgrade" is present in the Connection header.
6276 */
6277 if (!(txn->flags & TX_HDR_CONN_UPG) &&
6278 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
6279 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
6280 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
6281 unsigned int want_flags = 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006282
Willy Tarreau58975672014-04-24 21:13:57 +02006283 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6284 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
6285 /* we want a keep-alive response here. Keep-alive header
6286 * required if either side is not 1.1.
6287 */
6288 if (!(txn->req.flags & msg->flags & HTTP_MSGF_VER_11))
6289 want_flags |= TX_CON_KAL_SET;
6290 }
6291 else {
6292 /* we want a close response here. Close header required if
6293 * the server is 1.1, regardless of the client.
6294 */
6295 if (msg->flags & HTTP_MSGF_VER_11)
6296 want_flags |= TX_CON_CLO_SET;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006297 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006298
Willy Tarreau58975672014-04-24 21:13:57 +02006299 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
6300 http_change_connection_header(txn, msg, want_flags);
6301 }
6302
6303 skip_header_mangling:
6304 if ((msg->flags & HTTP_MSGF_XFER_LEN) ||
6305 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
6306 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006307
Willy Tarreau58975672014-04-24 21:13:57 +02006308 /* if the user wants to log as soon as possible, without counting
6309 * bytes from the server, then this is the right moment. We have
6310 * to temporarily assign bytes_out to log what we currently have.
6311 */
6312 if (!LIST_ISEMPTY(&s->fe->logformat) && !(s->logs.logwait & LW_BYTES)) {
6313 s->logs.t_close = s->logs.t_data; /* to get a valid end date */
6314 s->logs.bytes_out = txn->rsp.eoh;
6315 s->do_log(s);
6316 s->logs.bytes_out = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006317 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01006318 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006319}
Willy Tarreaua15645d2007-03-18 16:22:39 +01006320
Willy Tarreaud98cf932009-12-27 22:54:55 +01006321/* This function is an analyser which forwards response body (including chunk
6322 * sizes if any). It is called as soon as we must forward, even if we forward
6323 * zero byte. The only situation where it must not be called is when we're in
6324 * tunnel mode and we want to forward till the close. It's used both to forward
6325 * remaining data and to resync after end of body. It expects the msg_state to
6326 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
6327 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreaud3510212014-04-21 11:24:13 +02006328 *
6329 * It is capable of compressing response data both in content-length mode and
6330 * in chunked mode. The state machines follows different flows depending on
6331 * whether content-length and chunked modes are used, since there are no
6332 * trailers in content-length :
6333 *
6334 * chk-mode cl-mode
6335 * ,----- BODY -----.
6336 * / \
6337 * V size > 0 V chk-mode
6338 * .--> SIZE -------------> DATA -------------> CRLF
6339 * | | size == 0 | last byte |
6340 * | v final crlf v inspected |
6341 * | TRAILERS -----------> DONE |
6342 * | |
6343 * `----------------------------------------------'
6344 *
6345 * Compression only happens in the DATA state, and must be flushed in final
6346 * states (TRAILERS/DONE) or when leaving on missing data. Normal forwarding
6347 * is performed at once on final states for all bytes parsed, or when leaving
6348 * on missing data.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006349 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006350int http_response_forward_body(struct session *s, struct channel *res, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006351{
6352 struct http_txn *txn = &s->txn;
6353 struct http_msg *msg = &s->txn.rsp;
William Lallemand82fe75c2012-10-23 10:25:10 +02006354 static struct buffer *tmpbuf = NULL;
6355 int compressing = 0;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006356 int ret;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006357
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006358 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
6359 return 0;
6360
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006361 if ((res->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02006362 ((res->flags & CF_SHUTW) && (res->to_forward || res->buf->o)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01006363 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02006364 /* Output closed while we were sending data. We must abort and
6365 * wake the other side up.
6366 */
6367 msg->msg_state = HTTP_MSG_ERROR;
6368 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01006369 return 1;
6370 }
6371
Willy Tarreau4fe41902010-06-07 22:27:41 +02006372 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006373 channel_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01006374
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006375 if (msg->sov) {
6376 /* we have msg->sov which points to the first byte of message
6377 * body, and res->buf.p still points to the beginning of the
6378 * message. We forward the headers now, as we don't need them
6379 * anymore, and we want to flush them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006380 */
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006381 b_adv(res->buf, msg->sov);
6382 msg->next -= msg->sov;
6383 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01006384
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006385 /* The previous analysers guarantee that the state is somewhere
6386 * between MSG_BODY and the first MSG_DATA. So msg->sol and
6387 * msg->next are always correct.
6388 */
6389 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
6390 if (msg->flags & HTTP_MSGF_TE_CHNK)
6391 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
6392 else
6393 msg->msg_state = HTTP_MSG_DATA;
6394 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01006395 }
6396
Willy Tarreauefdf0942014-04-24 20:08:57 +02006397 if (res->to_forward) {
6398 /* We can't process the buffer's contents yet */
6399 res->flags |= CF_WAKE_WRITE;
6400 goto missing_data;
6401 }
6402
Willy Tarreau32b5ab22014-04-21 11:27:29 +02006403 if (unlikely(s->comp_algo != NULL) && msg->msg_state < HTTP_MSG_TRAILERS) {
6404 /* We need a compression buffer in the DATA state to put the
6405 * output of compressed data, and in CRLF state to let the
6406 * TRAILERS state finish the job of removing the trailing CRLF.
6407 */
6408 if (unlikely(tmpbuf == NULL)) {
6409 /* this is the first time we need the compression buffer */
6410 tmpbuf = pool_alloc2(pool2_buffer);
6411 if (tmpbuf == NULL)
6412 goto aborted_xfer; /* no memory */
6413 }
6414
6415 ret = http_compression_buffer_init(s, res->buf, tmpbuf);
Willy Tarreau4afd70a2014-01-25 02:26:39 +01006416 if (ret < 0) {
6417 res->flags |= CF_WAKE_WRITE;
William Lallemand82fe75c2012-10-23 10:25:10 +02006418 goto missing_data; /* not enough spaces in buffers */
Willy Tarreau4afd70a2014-01-25 02:26:39 +01006419 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006420 compressing = 1;
6421 }
6422
Willy Tarreaud98cf932009-12-27 22:54:55 +01006423 while (1) {
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006424 switch (msg->msg_state - HTTP_MSG_DATA) {
6425 case HTTP_MSG_DATA - HTTP_MSG_DATA: /* must still forward */
Willy Tarreauc623c172014-04-18 09:53:50 +02006426 /* we may have some pending data starting at res->buf->p */
6427 if (unlikely(s->comp_algo)) {
Willy Tarreau7f2f8d52014-04-18 00:20:14 +02006428 ret = http_compression_buffer_add_data(s, res->buf, tmpbuf);
William Lallemandbf3ae612012-11-19 12:35:37 +01006429 if (ret < 0)
6430 goto aborted_xfer;
Willy Tarreauc623c172014-04-18 09:53:50 +02006431
Willy Tarreaud5a67832014-04-21 10:54:27 +02006432 if (msg->chunk_len) {
6433 /* input empty or output full */
6434 if (res->buf->i > msg->next)
6435 res->flags |= CF_WAKE_WRITE;
Willy Tarreauc623c172014-04-18 09:53:50 +02006436 goto missing_data;
6437 }
William Lallemandbf3ae612012-11-19 12:35:37 +01006438 }
Willy Tarreauc623c172014-04-18 09:53:50 +02006439 else {
Willy Tarreaud5a67832014-04-21 10:54:27 +02006440 if (msg->chunk_len > res->buf->i - msg->next) {
6441 /* output full */
6442 res->flags |= CF_WAKE_WRITE;
6443 goto missing_data;
6444 }
Willy Tarreauc623c172014-04-18 09:53:50 +02006445 msg->next += msg->chunk_len;
6446 msg->chunk_len = 0;
6447 }
Willy Tarreaucaabe412010-01-03 23:08:28 +01006448
6449 /* nothing left to forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006450 if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreau54d23df2012-10-25 19:04:45 +02006451 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
William Lallemandbf3ae612012-11-19 12:35:37 +01006452 } else {
Willy Tarreaucaabe412010-01-03 23:08:28 +01006453 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006454 break;
William Lallemandbf3ae612012-11-19 12:35:37 +01006455 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006456 /* fall through for HTTP_MSG_CHUNK_CRLF */
6457
6458 case HTTP_MSG_CHUNK_CRLF - HTTP_MSG_DATA:
6459 /* we want the CRLF after the data */
6460
6461 ret = http_skip_chunk_crlf(msg);
6462 if (ret == 0)
6463 goto missing_data;
6464 else if (ret < 0) {
6465 if (msg->err_pos >= 0)
6466 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_CRLF, s->fe);
6467 goto return_bad_res;
6468 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006469 /* we're in MSG_CHUNK_SIZE now, fall through */
6470
6471 case HTTP_MSG_CHUNK_SIZE - HTTP_MSG_DATA:
Willy Tarreau124d9912011-03-01 20:30:48 +01006472 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreauc24715e2014-04-17 15:21:20 +02006473 * set ->next to point to the body and switch to DATA or
Willy Tarreaua458b672012-03-05 11:17:50 +01006474 * TRAILERS state.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006475 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01006476
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006477 ret = http_parse_chunk_size(msg);
Willy Tarreau54d23df2012-10-25 19:04:45 +02006478 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006479 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006480 else if (ret < 0) {
6481 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006482 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006483 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006484 }
Willy Tarreau0161d622013-04-02 01:26:55 +02006485 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006486 break;
Willy Tarreau5523b322009-12-29 12:05:52 +01006487
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006488 case HTTP_MSG_TRAILERS - HTTP_MSG_DATA:
Willy Tarreau168ebc52014-04-18 00:53:43 +02006489 if (unlikely(compressing)) {
6490 /* we need to flush output contents before syncing FSMs */
6491 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6492 compressing = 0;
6493 }
6494
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006495 ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006496 if (ret == 0)
6497 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006498 else if (ret < 0) {
6499 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006500 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006501 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006502 }
Willy Tarreau168ebc52014-04-18 00:53:43 +02006503 /* we're in HTTP_MSG_DONE now, fall through */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006504
6505 default:
Willy Tarreau610ecce2010-01-04 21:15:02 +01006506 /* other states, DONE...TUNNEL */
Willy Tarreau168ebc52014-04-18 00:53:43 +02006507 if (unlikely(compressing)) {
6508 /* we need to flush output contents before syncing FSMs */
6509 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6510 compressing = 0;
6511 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006512
Willy Tarreauc623c172014-04-18 09:53:50 +02006513 /* we may have some pending data starting at res->buf->p
6514 * such as a last chunk of data or trailers.
6515 */
6516 b_adv(res->buf, msg->next);
6517 msg->next = 0;
6518
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006519 ret = msg->msg_state;
Willy Tarreau4fe41902010-06-07 22:27:41 +02006520 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006521 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6522 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006523 channel_dont_close(res);
Willy Tarreau3ce10ff2014-04-22 08:24:38 +02006524
Willy Tarreau610ecce2010-01-04 21:15:02 +01006525 if (http_resync_states(s)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01006526 /* some state changes occurred, maybe the analyser
6527 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01006528 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006529 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006530 if (res->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006531 /* response errors are most likely due to
6532 * the client aborting the transfer.
6533 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006534 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006535 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006536 if (msg->err_pos >= 0)
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006537 http_capture_bad_message(&s->be->invalid_rep, s, msg, ret, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006538 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006539 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006540 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01006541 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006542 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006543 }
6544 }
6545
Willy Tarreaud98cf932009-12-27 22:54:55 +01006546 missing_data:
Willy Tarreauc623c172014-04-18 09:53:50 +02006547 /* we may have some pending data starting at res->buf->p */
Willy Tarreau168ebc52014-04-18 00:53:43 +02006548 if (unlikely(compressing)) {
6549 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
William Lallemand82fe75c2012-10-23 10:25:10 +02006550 compressing = 0;
6551 }
Willy Tarreauf003d372012-11-26 13:35:37 +01006552
Willy Tarreauc623c172014-04-18 09:53:50 +02006553 if ((s->comp_algo == NULL || msg->msg_state >= HTTP_MSG_TRAILERS)) {
6554 b_adv(res->buf, msg->next);
6555 msg->next = 0;
6556 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6557 }
6558
Willy Tarreauf003d372012-11-26 13:35:37 +01006559 if (res->flags & CF_SHUTW)
6560 goto aborted_xfer;
6561
6562 /* stop waiting for data if the input is closed before the end. If the
6563 * client side was already closed, it means that the client has aborted,
6564 * so we don't want to count this as a server abort. Otherwise it's a
6565 * server abort.
6566 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006567 if (res->flags & CF_SHUTR) {
Willy Tarreaub2c6a782014-04-23 20:29:01 +02006568 if ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))
Willy Tarreauf003d372012-11-26 13:35:37 +01006569 goto aborted_xfer;
Willy Tarreau40dba092010-03-04 18:14:51 +01006570 if (!(s->flags & SN_ERR_MASK))
6571 s->flags |= SN_ERR_SRVCL;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006572 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006573 if (objt_server(s->target))
6574 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006575 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01006576 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006577
Willy Tarreau40dba092010-03-04 18:14:51 +01006578 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006579 if (!s->req->analysers)
6580 goto return_bad_res;
6581
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006582 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006583 * chunks even if the server has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006584 * Similarly, with keep-alive on the client side, we don't want to forward a
6585 * close.
6586 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006587 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo ||
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006588 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6589 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006590 channel_dont_close(res);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006591
Willy Tarreau5c620922011-05-11 19:56:11 +02006592 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006593 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02006594 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01006595 * modes are already handled by the stream sock layer. We must not do
6596 * this in content-length mode because it could present the MSG_MORE
6597 * flag with the last block of forwarded data, which would cause an
6598 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02006599 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006600 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006601 res->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02006602
Willy Tarreaud98cf932009-12-27 22:54:55 +01006603 /* the session handler will take care of timeouts and errors */
6604 return 0;
6605
Willy Tarreau40dba092010-03-04 18:14:51 +01006606 return_bad_res: /* let's centralize all bad responses */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006607 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006608 if (objt_server(s->target))
6609 objt_server(s->target)->counters.failed_resp++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006610
6611 return_bad_res_stats_ok:
Willy Tarreaud01f4262014-04-21 11:00:13 +02006612 if (unlikely(compressing)) {
Willy Tarreau168ebc52014-04-18 00:53:43 +02006613 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
Willy Tarreaud01f4262014-04-21 11:00:13 +02006614 compressing = 0;
6615 }
6616
Willy Tarreauc623c172014-04-18 09:53:50 +02006617 /* we may have some pending data starting at res->buf->p */
6618 if (s->comp_algo == NULL) {
6619 b_adv(res->buf, msg->next);
6620 msg->next = 0;
6621 }
6622
Willy Tarreaud98cf932009-12-27 22:54:55 +01006623 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01006624 /* don't send any error message as we're in the body */
6625 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006626 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006627 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006628 if (objt_server(s->target))
6629 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006630
6631 if (!(s->flags & SN_ERR_MASK))
6632 s->flags |= SN_ERR_PRXCOND;
6633 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01006634 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006635 return 0;
6636
6637 aborted_xfer:
Willy Tarreau6fef8ae2014-04-22 21:22:06 +02006638 if (unlikely(compressing)) {
6639 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
6640 compressing = 0;
6641 }
6642
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006643 txn->rsp.msg_state = HTTP_MSG_ERROR;
6644 /* don't send any error message as we're in the body */
6645 stream_int_retnclose(res->cons, NULL);
6646 res->analysers = 0;
6647 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
6648
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006649 s->fe->fe_counters.cli_aborts++;
6650 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006651 if (objt_server(s->target))
6652 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006653
6654 if (!(s->flags & SN_ERR_MASK))
6655 s->flags |= SN_ERR_CLICL;
6656 if (!(s->flags & SN_FINST_MASK))
6657 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006658 return 0;
6659}
6660
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006661/* Iterate the same filter through all request headers.
6662 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006663 * Since it can manage the switch to another backend, it updates the per-proxy
6664 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006665 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006666int apply_filter_to_req_headers(struct session *s, struct channel *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006667{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006668 char term;
6669 char *cur_ptr, *cur_end, *cur_next;
6670 int cur_idx, old_idx, last_hdr;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006671 struct http_txn *txn = &s->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006672 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006673 int delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01006674
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006675 last_hdr = 0;
6676
Willy Tarreau9b28e032012-10-12 23:49:43 +02006677 cur_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006678 old_idx = 0;
6679
6680 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006681 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006682 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006683 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006684 (exp->action == ACT_ALLOW ||
6685 exp->action == ACT_DENY ||
6686 exp->action == ACT_TARPIT))
6687 return 0;
6688
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006689 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006690 if (!cur_idx)
6691 break;
6692
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006693 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006694 cur_ptr = cur_next;
6695 cur_end = cur_ptr + cur_hdr->len;
6696 cur_next = cur_end + cur_hdr->cr + 1;
6697
6698 /* Now we have one header between cur_ptr and cur_end,
6699 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006700 */
6701
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006702 /* The annoying part is that pattern matching needs
6703 * that we modify the contents to null-terminate all
6704 * strings before testing them.
6705 */
6706
6707 term = *cur_end;
6708 *cur_end = '\0';
6709
6710 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6711 switch (exp->action) {
6712 case ACT_SETBE:
6713 /* It is not possible to jump a second time.
6714 * FIXME: should we return an HTTP/500 here so that
6715 * the admin knows there's a problem ?
6716 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006717 if (s->be != s->fe)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006718 break;
6719
6720 /* Swithing Proxy */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006721 session_set_backend(s, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006722 last_hdr = 1;
6723 break;
6724
6725 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006726 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006727 last_hdr = 1;
6728 break;
6729
6730 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006731 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006732 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006733 break;
6734
6735 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006736 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006737 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006738 break;
6739
6740 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006741 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6742 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006743 /* FIXME: if the user adds a newline in the replacement, the
6744 * index will not be recalculated for now, and the new line
6745 * will not be counted as a new header.
6746 */
6747
6748 cur_end += delta;
6749 cur_next += delta;
6750 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006751 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006752 break;
6753
6754 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02006755 delta = buffer_replace2(req->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006756 cur_next += delta;
6757
Willy Tarreaufa355d42009-11-29 18:12:29 +01006758 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006759 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6760 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006761 cur_hdr->len = 0;
6762 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006763 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006764 break;
6765
6766 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006767 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006768 if (cur_end)
6769 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006770
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006771 /* keep the link from this header to next one in case of later
6772 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006773 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006774 old_idx = cur_idx;
6775 }
6776 return 0;
6777}
6778
6779
6780/* Apply the filter to the request line.
6781 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6782 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006783 * Since it can manage the switch to another backend, it updates the per-proxy
6784 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006785 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006786int apply_filter_to_req_line(struct session *s, struct channel *req, struct hdr_exp *exp)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006787{
6788 char term;
6789 char *cur_ptr, *cur_end;
6790 int done;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006791 struct http_txn *txn = &s->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006792 int delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006793
Willy Tarreau3d300592007-03-18 18:34:41 +01006794 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006795 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006796 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006797 (exp->action == ACT_ALLOW ||
6798 exp->action == ACT_DENY ||
6799 exp->action == ACT_TARPIT))
6800 return 0;
6801 else if (exp->action == ACT_REMOVE)
6802 return 0;
6803
6804 done = 0;
6805
Willy Tarreau9b28e032012-10-12 23:49:43 +02006806 cur_ptr = req->buf->p;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006807 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006808
6809 /* Now we have the request line between cur_ptr and cur_end */
6810
6811 /* The annoying part is that pattern matching needs
6812 * that we modify the contents to null-terminate all
6813 * strings before testing them.
6814 */
6815
6816 term = *cur_end;
6817 *cur_end = '\0';
6818
6819 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6820 switch (exp->action) {
6821 case ACT_SETBE:
6822 /* It is not possible to jump a second time.
6823 * FIXME: should we return an HTTP/500 here so that
6824 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01006825 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006826 if (s->be != s->fe)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006827 break;
6828
6829 /* Swithing Proxy */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006830 session_set_backend(s, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006831 done = 1;
6832 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006833
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006834 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006835 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006836 done = 1;
6837 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006838
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006839 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006840 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006841 done = 1;
6842 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006843
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006844 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006845 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006846 done = 1;
6847 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006848
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006849 case ACT_REPLACE:
6850 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006851 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6852 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006853 /* FIXME: if the user adds a newline in the replacement, the
6854 * index will not be recalculated for now, and the new line
6855 * will not be counted as a new header.
6856 */
Willy Tarreaua496b602006-12-17 23:15:24 +01006857
Willy Tarreaufa355d42009-11-29 18:12:29 +01006858 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006859 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006860 cur_end = (char *)http_parse_reqline(&txn->req,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006861 HTTP_MSG_RQMETH,
6862 cur_ptr, cur_end + 1,
6863 NULL, NULL);
6864 if (unlikely(!cur_end))
6865 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01006866
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006867 /* we have a full request and we know that we have either a CR
6868 * or an LF at <ptr>.
6869 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006870 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
6871 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006872 /* there is no point trying this regex on headers */
6873 return 1;
6874 }
6875 }
6876 *cur_end = term; /* restore the string terminator */
6877 return done;
6878}
Willy Tarreau97de6242006-12-27 17:18:38 +01006879
Willy Tarreau58f10d72006-12-04 02:26:12 +01006880
Willy Tarreau58f10d72006-12-04 02:26:12 +01006881
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006882/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01006883 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006884 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01006885 * unparsable request. Since it can manage the switch to another backend, it
6886 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006887 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006888int apply_filters_to_request(struct session *s, struct channel *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006889{
Willy Tarreau6c123b12010-01-28 20:22:06 +01006890 struct http_txn *txn = &s->txn;
6891 struct hdr_exp *exp;
6892
6893 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006894 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006895
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006896 /*
6897 * The interleaving of transformations and verdicts
6898 * makes it difficult to decide to continue or stop
6899 * the evaluation.
6900 */
6901
Willy Tarreau6c123b12010-01-28 20:22:06 +01006902 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
6903 break;
6904
Willy Tarreau3d300592007-03-18 18:34:41 +01006905 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006906 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01006907 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006908 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01006909
6910 /* if this filter had a condition, evaluate it now and skip to
6911 * next filter if the condition does not match.
6912 */
6913 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006914 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau6c123b12010-01-28 20:22:06 +01006915 ret = acl_pass(ret);
6916 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6917 ret = !ret;
6918
6919 if (!ret)
6920 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006921 }
6922
6923 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006924 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006925 if (unlikely(ret < 0))
6926 return -1;
6927
6928 if (likely(ret == 0)) {
6929 /* The filter did not match the request, it can be
6930 * iterated through all headers.
6931 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006932 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006933 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006934 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006935 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006936}
6937
6938
Willy Tarreaua15645d2007-03-18 16:22:39 +01006939
Willy Tarreau58f10d72006-12-04 02:26:12 +01006940/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006941 * Try to retrieve the server associated to the appsession.
6942 * If the server is found, it's assigned to the session.
6943 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006944void manage_client_side_appsession(struct session *s, const char *buf, int len) {
6945 struct http_txn *txn = &s->txn;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006946 appsess *asession = NULL;
6947 char *sessid_temp = NULL;
6948
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006949 if (len > s->be->appsession_len) {
6950 len = s->be->appsession_len;
Cyril Bontéb21570a2009-11-29 20:04:48 +01006951 }
6952
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006953 if (s->be->options2 & PR_O2_AS_REQL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006954 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006955 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006956 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006957 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006958 }
6959
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006960 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006961 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006962 send_log(s->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006963 return;
6964 }
6965
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006966 memcpy(txn->sessid, buf, len);
6967 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006968 }
6969
6970 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
6971 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006972 send_log(s->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006973 return;
6974 }
6975
Cyril Bontéb21570a2009-11-29 20:04:48 +01006976 memcpy(sessid_temp, buf, len);
6977 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006978
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006979 asession = appsession_hash_lookup(&(s->be->htbl_proxy), sessid_temp);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006980 /* free previously allocated memory */
6981 pool_free2(apools.sessid, sessid_temp);
6982
6983 if (asession != NULL) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006984 asession->expire = tick_add_ifset(now_ms, s->be->timeout.appsession);
6985 if (!(s->be->options2 & PR_O2_AS_REQL))
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006986 asession->request_count++;
6987
6988 if (asession->serverid != NULL) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006989 struct server *srv = s->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02006990
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006991 while (srv) {
6992 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01006993 if ((srv->state & SRV_RUNNING) ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006994 (s->be->options & PR_O_PERSIST) ||
6995 (s->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006996 /* we found the server and it's usable */
6997 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01006998 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006999 s->flags |= SN_DIRECT | SN_ASSIGNED;
7000 s->target = &srv->obj_type;
Willy Tarreau664beb82011-03-10 11:38:29 +01007001
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007002 break;
7003 } else {
7004 txn->flags &= ~TX_CK_MASK;
7005 txn->flags |= TX_CK_DOWN;
7006 }
7007 }
7008 srv = srv->next;
7009 }
7010 }
7011 }
7012}
7013
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007014/* Find the end of a cookie value contained between <s> and <e>. It works the
7015 * same way as with headers above except that the semi-colon also ends a token.
7016 * See RFC2965 for more information. Note that it requires a valid header to
7017 * return a valid result.
7018 */
7019char *find_cookie_value_end(char *s, const char *e)
7020{
7021 int quoted, qdpair;
7022
7023 quoted = qdpair = 0;
7024 for (; s < e; s++) {
7025 if (qdpair) qdpair = 0;
7026 else if (quoted) {
7027 if (*s == '\\') qdpair = 1;
7028 else if (*s == '"') quoted = 0;
7029 }
7030 else if (*s == '"') quoted = 1;
7031 else if (*s == ',' || *s == ';') return s;
7032 }
7033 return s;
7034}
7035
7036/* Delete a value in a header between delimiters <from> and <next> in buffer
7037 * <buf>. The number of characters displaced is returned, and the pointer to
7038 * the first delimiter is updated if required. The function tries as much as
7039 * possible to respect the following principles :
7040 * - replace <from> delimiter by the <next> one unless <from> points to a
7041 * colon, in which case <next> is simply removed
7042 * - set exactly one space character after the new first delimiter, unless
7043 * there are not enough characters in the block being moved to do so.
7044 * - remove unneeded spaces before the previous delimiter and after the new
7045 * one.
7046 *
7047 * It is the caller's responsibility to ensure that :
7048 * - <from> points to a valid delimiter or the colon ;
7049 * - <next> points to a valid delimiter or the final CR/LF ;
7050 * - there are non-space chars before <from> ;
7051 * - there is a CR/LF at or after <next>.
7052 */
Willy Tarreauaf819352012-08-27 22:08:00 +02007053int del_hdr_value(struct buffer *buf, char **from, char *next)
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007054{
7055 char *prev = *from;
7056
7057 if (*prev == ':') {
7058 /* We're removing the first value, preserve the colon and add a
7059 * space if possible.
7060 */
7061 if (!http_is_crlf[(unsigned char)*next])
7062 next++;
7063 prev++;
7064 if (prev < next)
7065 *prev++ = ' ';
7066
7067 while (http_is_spht[(unsigned char)*next])
7068 next++;
7069 } else {
7070 /* Remove useless spaces before the old delimiter. */
7071 while (http_is_spht[(unsigned char)*(prev-1)])
7072 prev--;
7073 *from = prev;
7074
7075 /* copy the delimiter and if possible a space if we're
7076 * not at the end of the line.
7077 */
7078 if (!http_is_crlf[(unsigned char)*next]) {
7079 *prev++ = *next++;
7080 if (prev + 1 < next)
7081 *prev++ = ' ';
7082 while (http_is_spht[(unsigned char)*next])
7083 next++;
7084 }
7085 }
7086 return buffer_replace2(buf, prev, next, NULL, 0);
7087}
7088
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007089/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01007090 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007091 * desirable to call it only when needed. This code is quite complex because
7092 * of the multiple very crappy and ambiguous syntaxes we have to support. it
7093 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01007094 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007095void manage_client_side_cookies(struct session *s, struct channel *req)
Willy Tarreau58f10d72006-12-04 02:26:12 +01007096{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007097 struct http_txn *txn = &s->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007098 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007099 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007100 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
7101 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007102
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007103 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01007104 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007105 hdr_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007106
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007107 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007108 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007109 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007110
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007111 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007112 hdr_beg = hdr_next;
7113 hdr_end = hdr_beg + cur_hdr->len;
7114 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007115
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007116 /* We have one full header between hdr_beg and hdr_end, and the
7117 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01007118 * "Cookie:" headers.
7119 */
7120
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007121 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007122 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007123 old_idx = cur_idx;
7124 continue;
7125 }
7126
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007127 del_from = NULL; /* nothing to be deleted */
7128 preserve_hdr = 0; /* assume we may kill the whole header */
7129
Willy Tarreau58f10d72006-12-04 02:26:12 +01007130 /* Now look for cookies. Conforming to RFC2109, we have to support
7131 * attributes whose name begin with a '$', and associate them with
7132 * the right cookie, if we want to delete this cookie.
7133 * So there are 3 cases for each cookie read :
7134 * 1) it's a special attribute, beginning with a '$' : ignore it.
7135 * 2) it's a server id cookie that we *MAY* want to delete : save
7136 * some pointers on it (last semi-colon, beginning of cookie...)
7137 * 3) it's an application cookie : we *MAY* have to delete a previous
7138 * "special" cookie.
7139 * At the end of loop, if a "special" cookie remains, we may have to
7140 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007141 * *MUST* delete it.
7142 *
7143 * Note: RFC2965 is unclear about the processing of spaces around
7144 * the equal sign in the ATTR=VALUE form. A careful inspection of
7145 * the RFC explicitly allows spaces before it, and not within the
7146 * tokens (attrs or values). An inspection of RFC2109 allows that
7147 * too but section 10.1.3 lets one think that spaces may be allowed
7148 * after the equal sign too, resulting in some (rare) buggy
7149 * implementations trying to do that. So let's do what servers do.
7150 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
7151 * allowed quoted strings in values, with any possible character
7152 * after a backslash, including control chars and delimitors, which
7153 * causes parsing to become ambiguous. Browsers also allow spaces
7154 * within values even without quotes.
7155 *
7156 * We have to keep multiple pointers in order to support cookie
7157 * removal at the beginning, middle or end of header without
7158 * corrupting the header. All of these headers are valid :
7159 *
7160 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
7161 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
7162 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
7163 * | | | | | | | | |
7164 * | | | | | | | | hdr_end <--+
7165 * | | | | | | | +--> next
7166 * | | | | | | +----> val_end
7167 * | | | | | +-----------> val_beg
7168 * | | | | +--------------> equal
7169 * | | | +----------------> att_end
7170 * | | +---------------------> att_beg
7171 * | +--------------------------> prev
7172 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01007173 */
7174
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007175 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
7176 /* Iterate through all cookies on this line */
7177
7178 /* find att_beg */
7179 att_beg = prev + 1;
7180 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7181 att_beg++;
7182
7183 /* find att_end : this is the first character after the last non
7184 * space before the equal. It may be equal to hdr_end.
7185 */
7186 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007187
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007188 while (equal < hdr_end) {
7189 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01007190 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007191 if (http_is_spht[(unsigned char)*equal++])
7192 continue;
7193 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007194 }
7195
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007196 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7197 * is between <att_beg> and <equal>, both may be identical.
7198 */
7199
7200 /* look for end of cookie if there is an equal sign */
7201 if (equal < hdr_end && *equal == '=') {
7202 /* look for the beginning of the value */
7203 val_beg = equal + 1;
7204 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7205 val_beg++;
7206
7207 /* find the end of the value, respecting quotes */
7208 next = find_cookie_value_end(val_beg, hdr_end);
7209
7210 /* make val_end point to the first white space or delimitor after the value */
7211 val_end = next;
7212 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7213 val_end--;
7214 } else {
7215 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01007216 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007217
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007218 /* We have nothing to do with attributes beginning with '$'. However,
7219 * they will automatically be removed if a header before them is removed,
7220 * since they're supposed to be linked together.
7221 */
7222 if (*att_beg == '$')
7223 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007224
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007225 /* Ignore cookies with no equal sign */
7226 if (equal == next) {
7227 /* This is not our cookie, so we must preserve it. But if we already
7228 * scheduled another cookie for removal, we cannot remove the
7229 * complete header, but we can remove the previous block itself.
7230 */
7231 preserve_hdr = 1;
7232 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007233 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007234 val_end += delta;
7235 next += delta;
7236 hdr_end += delta;
7237 hdr_next += delta;
7238 cur_hdr->len += delta;
7239 http_msg_move_end(&txn->req, delta);
7240 prev = del_from;
7241 del_from = NULL;
7242 }
7243 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01007244 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007245
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007246 /* if there are spaces around the equal sign, we need to
7247 * strip them otherwise we'll get trouble for cookie captures,
7248 * or even for rewrites. Since this happens extremely rarely,
7249 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01007250 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007251 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7252 int stripped_before = 0;
7253 int stripped_after = 0;
7254
7255 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007256 stripped_before = buffer_replace2(req->buf, att_end, equal, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007257 equal += stripped_before;
7258 val_beg += stripped_before;
7259 }
7260
7261 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007262 stripped_after = buffer_replace2(req->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007263 val_beg += stripped_after;
7264 stripped_before += stripped_after;
7265 }
7266
7267 val_end += stripped_before;
7268 next += stripped_before;
7269 hdr_end += stripped_before;
7270 hdr_next += stripped_before;
7271 cur_hdr->len += stripped_before;
7272 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007273 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007274 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007275
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007276 /* First, let's see if we want to capture this cookie. We check
7277 * that we don't already have a client side cookie, because we
7278 * can only capture one. Also as an optimisation, we ignore
7279 * cookies shorter than the declared name.
7280 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007281 if (s->fe->capture_name != NULL && txn->cli_cookie == NULL &&
7282 (val_end - att_beg >= s->fe->capture_namelen) &&
7283 memcmp(att_beg, s->fe->capture_name, s->fe->capture_namelen) == 0) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007284 int log_len = val_end - att_beg;
7285
7286 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
7287 Alert("HTTP logging : out of memory.\n");
7288 } else {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007289 if (log_len > s->fe->capture_len)
7290 log_len = s->fe->capture_len;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007291 memcpy(txn->cli_cookie, att_beg, log_len);
7292 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007293 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007294 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007295
Willy Tarreaubca99692010-10-06 19:25:55 +02007296 /* Persistence cookies in passive, rewrite or insert mode have the
7297 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007298 *
Willy Tarreaubca99692010-10-06 19:25:55 +02007299 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007300 *
Willy Tarreaubca99692010-10-06 19:25:55 +02007301 * For cookies in prefix mode, the form is :
7302 *
7303 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007304 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007305 if ((att_end - att_beg == s->be->cookie_len) && (s->be->cookie_name != NULL) &&
7306 (memcmp(att_beg, s->be->cookie_name, att_end - att_beg) == 0)) {
7307 struct server *srv = s->be->srv;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007308 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007309
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007310 /* if we're in cookie prefix mode, we'll search the delimitor so that we
7311 * have the server ID between val_beg and delim, and the original cookie between
7312 * delim+1 and val_end. Otherwise, delim==val_end :
7313 *
7314 * Cookie: NAME=SRV; # in all but prefix modes
7315 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
7316 * | || || | |+-> next
7317 * | || || | +--> val_end
7318 * | || || +---------> delim
7319 * | || |+------------> val_beg
7320 * | || +-------------> att_end = equal
7321 * | |+-----------------> att_beg
7322 * | +------------------> prev
7323 * +-------------------------> hdr_beg
7324 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007325
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007326 if (s->be->ck_opts & PR_CK_PFX) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007327 for (delim = val_beg; delim < val_end; delim++)
7328 if (*delim == COOKIE_DELIM)
7329 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02007330 } else {
7331 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007332 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02007333 /* Now check if the cookie contains a date field, which would
7334 * appear after a vertical bar ('|') just after the server name
7335 * and before the delimiter.
7336 */
7337 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
7338 if (vbar1) {
7339 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02007340 * right is the last seen date. It is a base64 encoded
7341 * 30-bit value representing the UNIX date since the
7342 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02007343 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02007344 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02007345 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02007346 if (val_end - vbar1 >= 5) {
7347 val = b64tos30(vbar1);
7348 if (val > 0)
7349 txn->cookie_last_date = val << 2;
7350 }
7351 /* look for a second vertical bar */
7352 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
7353 if (vbar1 && (val_end - vbar1 > 5)) {
7354 val = b64tos30(vbar1 + 1);
7355 if (val > 0)
7356 txn->cookie_first_date = val << 2;
7357 }
Willy Tarreaubca99692010-10-06 19:25:55 +02007358 }
7359 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007360
Willy Tarreauf64d1412010-10-07 20:06:11 +02007361 /* if the cookie has an expiration date and the proxy wants to check
7362 * it, then we do that now. We first check if the cookie is too old,
7363 * then only if it has expired. We detect strict overflow because the
7364 * time resolution here is not great (4 seconds). Cookies with dates
7365 * in the future are ignored if their offset is beyond one day. This
7366 * allows an admin to fix timezone issues without expiring everyone
7367 * and at the same time avoids keeping unwanted side effects for too
7368 * long.
7369 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007370 if (txn->cookie_first_date && s->be->cookie_maxlife &&
7371 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)s->be->cookie_maxlife) ||
Willy Tarreauef4f3912010-10-07 21:00:29 +02007372 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007373 txn->flags &= ~TX_CK_MASK;
7374 txn->flags |= TX_CK_OLD;
7375 delim = val_beg; // let's pretend we have not found the cookie
7376 txn->cookie_first_date = 0;
7377 txn->cookie_last_date = 0;
7378 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007379 else if (txn->cookie_last_date && s->be->cookie_maxidle &&
7380 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)s->be->cookie_maxidle) ||
Willy Tarreauef4f3912010-10-07 21:00:29 +02007381 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007382 txn->flags &= ~TX_CK_MASK;
7383 txn->flags |= TX_CK_EXPIRED;
7384 delim = val_beg; // let's pretend we have not found the cookie
7385 txn->cookie_first_date = 0;
7386 txn->cookie_last_date = 0;
7387 }
7388
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007389 /* Here, we'll look for the first running server which supports the cookie.
7390 * This allows to share a same cookie between several servers, for example
7391 * to dedicate backup servers to specific servers only.
7392 * However, to prevent clients from sticking to cookie-less backup server
7393 * when they have incidentely learned an empty cookie, we simply ignore
7394 * empty cookies and mark them as invalid.
7395 * The same behaviour is applied when persistence must be ignored.
7396 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007397 if ((delim == val_beg) || (s->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007398 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007399
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007400 while (srv) {
7401 if (srv->cookie && (srv->cklen == delim - val_beg) &&
7402 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
7403 if ((srv->state & SRV_RUNNING) ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007404 (s->be->options & PR_O_PERSIST) ||
7405 (s->flags & SN_FORCE_PRST)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007406 /* we found the server and we can use it */
7407 txn->flags &= ~TX_CK_MASK;
7408 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007409 s->flags |= SN_DIRECT | SN_ASSIGNED;
7410 s->target = &srv->obj_type;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007411 break;
7412 } else {
7413 /* we found a server, but it's down,
7414 * mark it as such and go on in case
7415 * another one is available.
7416 */
7417 txn->flags &= ~TX_CK_MASK;
7418 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007419 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007420 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007421 srv = srv->next;
7422 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007423
Willy Tarreauf64d1412010-10-07 20:06:11 +02007424 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007425 /* no server matched this cookie or we deliberately skipped it */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007426 txn->flags &= ~TX_CK_MASK;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007427 if ((s->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007428 txn->flags |= TX_CK_UNUSED;
7429 else
7430 txn->flags |= TX_CK_INVALID;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007431 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007432
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007433 /* depending on the cookie mode, we may have to either :
7434 * - delete the complete cookie if we're in insert+indirect mode, so that
7435 * the server never sees it ;
7436 * - remove the server id from the cookie value, and tag the cookie as an
7437 * application cookie so that it does not get accidentely removed later,
7438 * if we're in cookie prefix mode
7439 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007440 if ((s->be->ck_opts & PR_CK_PFX) && (delim != val_end)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007441 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007442
Willy Tarreau9b28e032012-10-12 23:49:43 +02007443 delta = buffer_replace2(req->buf, val_beg, delim + 1, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007444 val_end += delta;
7445 next += delta;
7446 hdr_end += delta;
7447 hdr_next += delta;
7448 cur_hdr->len += delta;
7449 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007450
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007451 del_from = NULL;
7452 preserve_hdr = 1; /* we want to keep this cookie */
7453 }
7454 else if (del_from == NULL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007455 (s->be->ck_opts & (PR_CK_INS | PR_CK_IND)) == (PR_CK_INS | PR_CK_IND)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007456 del_from = prev;
7457 }
7458 } else {
7459 /* This is not our cookie, so we must preserve it. But if we already
7460 * scheduled another cookie for removal, we cannot remove the
7461 * complete header, but we can remove the previous block itself.
7462 */
7463 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007464
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007465 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007466 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01007467 if (att_beg >= del_from)
7468 att_beg += delta;
7469 if (att_end >= del_from)
7470 att_end += delta;
7471 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007472 val_end += delta;
7473 next += delta;
7474 hdr_end += delta;
7475 hdr_next += delta;
7476 cur_hdr->len += delta;
7477 http_msg_move_end(&txn->req, delta);
7478 prev = del_from;
7479 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007480 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007481 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007482
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007483 /* Look for the appsession cookie unless persistence must be ignored */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007484 if (!(s->flags & SN_IGNORE_PRST) && (s->be->appsession_name != NULL)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007485 int cmp_len, value_len;
7486 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007487
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007488 if (s->be->options2 & PR_O2_AS_PFX) {
7489 cmp_len = MIN(val_end - att_beg, s->be->appsession_name_len);
7490 value_begin = att_beg + s->be->appsession_name_len;
7491 value_len = val_end - att_beg - s->be->appsession_name_len;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007492 } else {
7493 cmp_len = att_end - att_beg;
7494 value_begin = val_beg;
7495 value_len = val_end - val_beg;
7496 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007497
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007498 /* let's see if the cookie is our appcookie */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007499 if (cmp_len == s->be->appsession_name_len &&
7500 memcmp(att_beg, s->be->appsession_name, cmp_len) == 0) {
7501 manage_client_side_appsession(s, value_begin, value_len);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007502 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007503 }
7504
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007505 /* continue with next cookie on this header line */
7506 att_beg = next;
7507 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007508
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007509 /* There are no more cookies on this line.
7510 * We may still have one (or several) marked for deletion at the
7511 * end of the line. We must do this now in two ways :
7512 * - if some cookies must be preserved, we only delete from the
7513 * mark to the end of line ;
7514 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01007515 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007516 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007517 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007518 if (preserve_hdr) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007519 delta = del_hdr_value(req->buf, &del_from, hdr_end);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007520 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007521 cur_hdr->len += delta;
7522 } else {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007523 delta = buffer_replace2(req->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007524
7525 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007526 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7527 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007528 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007529 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007530 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007531 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007532 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007533 }
7534
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007535 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007536 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007537 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007538}
7539
7540
Willy Tarreaua15645d2007-03-18 16:22:39 +01007541/* Iterate the same filter through all response headers contained in <rtr>.
7542 * Returns 1 if this filter can be stopped upon return, otherwise 0.
7543 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007544int apply_filter_to_resp_headers(struct session *s, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007545{
7546 char term;
7547 char *cur_ptr, *cur_end, *cur_next;
7548 int cur_idx, old_idx, last_hdr;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007549 struct http_txn *txn = &s->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007550 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007551 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007552
7553 last_hdr = 0;
7554
Willy Tarreau9b28e032012-10-12 23:49:43 +02007555 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007556 old_idx = 0;
7557
7558 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007559 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007560 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007561 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007562 (exp->action == ACT_ALLOW ||
7563 exp->action == ACT_DENY))
7564 return 0;
7565
7566 cur_idx = txn->hdr_idx.v[old_idx].next;
7567 if (!cur_idx)
7568 break;
7569
7570 cur_hdr = &txn->hdr_idx.v[cur_idx];
7571 cur_ptr = cur_next;
7572 cur_end = cur_ptr + cur_hdr->len;
7573 cur_next = cur_end + cur_hdr->cr + 1;
7574
7575 /* Now we have one header between cur_ptr and cur_end,
7576 * and the next header starts at cur_next.
7577 */
7578
7579 /* The annoying part is that pattern matching needs
7580 * that we modify the contents to null-terminate all
7581 * strings before testing them.
7582 */
7583
7584 term = *cur_end;
7585 *cur_end = '\0';
7586
7587 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7588 switch (exp->action) {
7589 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007590 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007591 last_hdr = 1;
7592 break;
7593
7594 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007595 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007596 last_hdr = 1;
7597 break;
7598
7599 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007600 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7601 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007602 /* FIXME: if the user adds a newline in the replacement, the
7603 * index will not be recalculated for now, and the new line
7604 * will not be counted as a new header.
7605 */
7606
7607 cur_end += delta;
7608 cur_next += delta;
7609 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007610 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007611 break;
7612
7613 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02007614 delta = buffer_replace2(rtr->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007615 cur_next += delta;
7616
Willy Tarreaufa355d42009-11-29 18:12:29 +01007617 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007618 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7619 txn->hdr_idx.used--;
7620 cur_hdr->len = 0;
7621 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01007622 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007623 break;
7624
7625 }
7626 }
7627 if (cur_end)
7628 *cur_end = term; /* restore the string terminator */
7629
7630 /* keep the link from this header to next one in case of later
7631 * removal of next header.
7632 */
7633 old_idx = cur_idx;
7634 }
7635 return 0;
7636}
7637
7638
7639/* Apply the filter to the status line in the response buffer <rtr>.
7640 * Returns 0 if nothing has been done, 1 if the filter has been applied,
7641 * or -1 if a replacement resulted in an invalid status line.
7642 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007643int apply_filter_to_sts_line(struct session *s, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007644{
7645 char term;
7646 char *cur_ptr, *cur_end;
7647 int done;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007648 struct http_txn *txn = &s->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007649 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007650
7651
Willy Tarreau3d300592007-03-18 18:34:41 +01007652 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007653 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007654 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007655 (exp->action == ACT_ALLOW ||
7656 exp->action == ACT_DENY))
7657 return 0;
7658 else if (exp->action == ACT_REMOVE)
7659 return 0;
7660
7661 done = 0;
7662
Willy Tarreau9b28e032012-10-12 23:49:43 +02007663 cur_ptr = rtr->buf->p;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007664 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007665
7666 /* Now we have the status line between cur_ptr and cur_end */
7667
7668 /* The annoying part is that pattern matching needs
7669 * that we modify the contents to null-terminate all
7670 * strings before testing them.
7671 */
7672
7673 term = *cur_end;
7674 *cur_end = '\0';
7675
7676 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7677 switch (exp->action) {
7678 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007679 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007680 done = 1;
7681 break;
7682
7683 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007684 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007685 done = 1;
7686 break;
7687
7688 case ACT_REPLACE:
7689 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007690 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7691 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007692 /* FIXME: if the user adds a newline in the replacement, the
7693 * index will not be recalculated for now, and the new line
7694 * will not be counted as a new header.
7695 */
7696
Willy Tarreaufa355d42009-11-29 18:12:29 +01007697 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007698 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007699 cur_end = (char *)http_parse_stsline(&txn->rsp,
Willy Tarreau02785762007-04-03 14:45:44 +02007700 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01007701 cur_ptr, cur_end + 1,
7702 NULL, NULL);
7703 if (unlikely(!cur_end))
7704 return -1;
7705
7706 /* we have a full respnse and we know that we have either a CR
7707 * or an LF at <ptr>.
7708 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007709 txn->status = strl2ui(rtr->buf->p + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007710 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01007711 /* there is no point trying this regex on headers */
7712 return 1;
7713 }
7714 }
7715 *cur_end = term; /* restore the string terminator */
7716 return done;
7717}
7718
7719
7720
7721/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007722 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007723 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
7724 * unparsable response.
7725 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007726int apply_filters_to_response(struct session *s, struct channel *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007727{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007728 struct http_txn *txn = &s->txn;
7729 struct hdr_exp *exp;
7730
7731 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007732 int ret;
7733
7734 /*
7735 * The interleaving of transformations and verdicts
7736 * makes it difficult to decide to continue or stop
7737 * the evaluation.
7738 */
7739
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007740 if (txn->flags & TX_SVDENY)
7741 break;
7742
Willy Tarreau3d300592007-03-18 18:34:41 +01007743 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007744 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
7745 exp->action == ACT_PASS)) {
7746 exp = exp->next;
7747 continue;
7748 }
7749
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007750 /* if this filter had a condition, evaluate it now and skip to
7751 * next filter if the condition does not match.
7752 */
7753 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007754 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007755 ret = acl_pass(ret);
7756 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
7757 ret = !ret;
7758 if (!ret)
7759 continue;
7760 }
7761
Willy Tarreaua15645d2007-03-18 16:22:39 +01007762 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007763 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007764 if (unlikely(ret < 0))
7765 return -1;
7766
7767 if (likely(ret == 0)) {
7768 /* The filter did not match the response, it can be
7769 * iterated through all headers.
7770 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007771 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007772 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007773 }
7774 return 0;
7775}
7776
7777
Willy Tarreaua15645d2007-03-18 16:22:39 +01007778/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01007779 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02007780 * desirable to call it only when needed. This function is also used when we
7781 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01007782 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007783void manage_server_side_cookies(struct session *s, struct channel *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007784{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007785 struct http_txn *txn = &s->txn;
Willy Tarreau827aee92011-03-10 16:55:02 +01007786 struct server *srv;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007787 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007788 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007789 char *hdr_beg, *hdr_end, *hdr_next;
7790 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007791
Willy Tarreaua15645d2007-03-18 16:22:39 +01007792 /* Iterate through the headers.
7793 * we start with the start line.
7794 */
7795 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007796 hdr_next = res->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007797
7798 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
7799 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007800 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007801
7802 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02007803 hdr_beg = hdr_next;
7804 hdr_end = hdr_beg + cur_hdr->len;
7805 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007806
Willy Tarreau24581ba2010-08-31 22:39:35 +02007807 /* We have one full header between hdr_beg and hdr_end, and the
7808 * next header starts at hdr_next. We're only interested in
7809 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007810 */
7811
Willy Tarreau24581ba2010-08-31 22:39:35 +02007812 is_cookie2 = 0;
7813 prev = hdr_beg + 10;
7814 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007815 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007816 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
7817 if (!val) {
7818 old_idx = cur_idx;
7819 continue;
7820 }
7821 is_cookie2 = 1;
7822 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007823 }
7824
Willy Tarreau24581ba2010-08-31 22:39:35 +02007825 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
7826 * <prev> points to the colon.
7827 */
Willy Tarreauf1348312010-10-07 15:54:11 +02007828 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007829
Willy Tarreau24581ba2010-08-31 22:39:35 +02007830 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
7831 * check-cache is enabled) and we are not interested in checking
7832 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007833 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007834 if (s->be->cookie_name == NULL &&
7835 s->be->appsession_name == NULL &&
7836 s->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007837 return;
7838
Willy Tarreau24581ba2010-08-31 22:39:35 +02007839 /* OK so now we know we have to process this response cookie.
7840 * The format of the Set-Cookie header is slightly different
7841 * from the format of the Cookie header in that it does not
7842 * support the comma as a cookie delimiter (thus the header
7843 * cannot be folded) because the Expires attribute described in
7844 * the original Netscape's spec may contain an unquoted date
7845 * with a comma inside. We have to live with this because
7846 * many browsers don't support Max-Age and some browsers don't
7847 * support quoted strings. However the Set-Cookie2 header is
7848 * clean.
7849 *
7850 * We have to keep multiple pointers in order to support cookie
7851 * removal at the beginning, middle or end of header without
7852 * corrupting the header (in case of set-cookie2). A special
7853 * pointer, <scav> points to the beginning of the set-cookie-av
7854 * fields after the first semi-colon. The <next> pointer points
7855 * either to the end of line (set-cookie) or next unquoted comma
7856 * (set-cookie2). All of these headers are valid :
7857 *
7858 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
7859 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7860 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7861 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
7862 * | | | | | | | | | |
7863 * | | | | | | | | +-> next hdr_end <--+
7864 * | | | | | | | +------------> scav
7865 * | | | | | | +--------------> val_end
7866 * | | | | | +--------------------> val_beg
7867 * | | | | +----------------------> equal
7868 * | | | +------------------------> att_end
7869 * | | +----------------------------> att_beg
7870 * | +------------------------------> prev
7871 * +-----------------------------------------> hdr_beg
7872 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007873
Willy Tarreau24581ba2010-08-31 22:39:35 +02007874 for (; prev < hdr_end; prev = next) {
7875 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007876
Willy Tarreau24581ba2010-08-31 22:39:35 +02007877 /* find att_beg */
7878 att_beg = prev + 1;
7879 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7880 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007881
Willy Tarreau24581ba2010-08-31 22:39:35 +02007882 /* find att_end : this is the first character after the last non
7883 * space before the equal. It may be equal to hdr_end.
7884 */
7885 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007886
Willy Tarreau24581ba2010-08-31 22:39:35 +02007887 while (equal < hdr_end) {
7888 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
7889 break;
7890 if (http_is_spht[(unsigned char)*equal++])
7891 continue;
7892 att_end = equal;
7893 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007894
Willy Tarreau24581ba2010-08-31 22:39:35 +02007895 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7896 * is between <att_beg> and <equal>, both may be identical.
7897 */
7898
7899 /* look for end of cookie if there is an equal sign */
7900 if (equal < hdr_end && *equal == '=') {
7901 /* look for the beginning of the value */
7902 val_beg = equal + 1;
7903 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7904 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007905
Willy Tarreau24581ba2010-08-31 22:39:35 +02007906 /* find the end of the value, respecting quotes */
7907 next = find_cookie_value_end(val_beg, hdr_end);
7908
7909 /* make val_end point to the first white space or delimitor after the value */
7910 val_end = next;
7911 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7912 val_end--;
7913 } else {
7914 /* <equal> points to next comma, semi-colon or EOL */
7915 val_beg = val_end = next = equal;
7916 }
7917
7918 if (next < hdr_end) {
7919 /* Set-Cookie2 supports multiple cookies, and <next> points to
7920 * a colon or semi-colon before the end. So skip all attr-value
7921 * pairs and look for the next comma. For Set-Cookie, since
7922 * commas are permitted in values, skip to the end.
7923 */
7924 if (is_cookie2)
7925 next = find_hdr_value_end(next, hdr_end);
7926 else
7927 next = hdr_end;
7928 }
7929
7930 /* Now everything is as on the diagram above */
7931
7932 /* Ignore cookies with no equal sign */
7933 if (equal == val_end)
7934 continue;
7935
7936 /* If there are spaces around the equal sign, we need to
7937 * strip them otherwise we'll get trouble for cookie captures,
7938 * or even for rewrites. Since this happens extremely rarely,
7939 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007940 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007941 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7942 int stripped_before = 0;
7943 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007944
Willy Tarreau24581ba2010-08-31 22:39:35 +02007945 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007946 stripped_before = buffer_replace2(res->buf, att_end, equal, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007947 equal += stripped_before;
7948 val_beg += stripped_before;
7949 }
7950
7951 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007952 stripped_after = buffer_replace2(res->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007953 val_beg += stripped_after;
7954 stripped_before += stripped_after;
7955 }
7956
7957 val_end += stripped_before;
7958 next += stripped_before;
7959 hdr_end += stripped_before;
7960 hdr_next += stripped_before;
7961 cur_hdr->len += stripped_before;
Willy Tarreau1fc1f452011-04-07 22:35:37 +02007962 http_msg_move_end(&txn->rsp, stripped_before);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007963 }
7964
7965 /* First, let's see if we want to capture this cookie. We check
7966 * that we don't already have a server side cookie, because we
7967 * can only capture one. Also as an optimisation, we ignore
7968 * cookies shorter than the declared name.
7969 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007970 if (s->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01007971 txn->srv_cookie == NULL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007972 (val_end - att_beg >= s->fe->capture_namelen) &&
7973 memcmp(att_beg, s->fe->capture_name, s->fe->capture_namelen) == 0) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007974 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02007975 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007976 Alert("HTTP logging : out of memory.\n");
7977 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01007978 else {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007979 if (log_len > s->fe->capture_len)
7980 log_len = s->fe->capture_len;
Willy Tarreauf70fc752010-11-19 11:27:18 +01007981 memcpy(txn->srv_cookie, att_beg, log_len);
7982 txn->srv_cookie[log_len] = 0;
7983 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007984 }
7985
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007986 srv = objt_server(s->target);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007987 /* now check if we need to process it for persistence */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007988 if (!(s->flags & SN_IGNORE_PRST) &&
7989 (att_end - att_beg == s->be->cookie_len) && (s->be->cookie_name != NULL) &&
7990 (memcmp(att_beg, s->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02007991 /* assume passive cookie by default */
7992 txn->flags &= ~TX_SCK_MASK;
7993 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007994
7995 /* If the cookie is in insert mode on a known server, we'll delete
7996 * this occurrence because we'll insert another one later.
7997 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02007998 * a direct access.
7999 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008000 if (s->be->ck_opts & PR_CK_PSV) {
Willy Tarreauba4c5be2010-10-23 12:46:42 +02008001 /* The "preserve" flag was set, we don't want to touch the
8002 * server's cookie.
8003 */
8004 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008005 else if ((srv && (s->be->ck_opts & PR_CK_INS)) ||
8006 ((s->flags & SN_DIRECT) && (s->be->ck_opts & PR_CK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02008007 /* this cookie must be deleted */
8008 if (*prev == ':' && next == hdr_end) {
8009 /* whole header */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008010 delta = buffer_replace2(res->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02008011 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
8012 txn->hdr_idx.used--;
8013 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01008014 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02008015 hdr_next += delta;
8016 http_msg_move_end(&txn->rsp, delta);
8017 /* note: while both invalid now, <next> and <hdr_end>
8018 * are still equal, so the for() will stop as expected.
8019 */
8020 } else {
8021 /* just remove the value */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008022 int delta = del_hdr_value(res->buf, &prev, next);
Willy Tarreau24581ba2010-08-31 22:39:35 +02008023 next = prev;
8024 hdr_end += delta;
8025 hdr_next += delta;
8026 cur_hdr->len += delta;
8027 http_msg_move_end(&txn->rsp, delta);
8028 }
Willy Tarreauf1348312010-10-07 15:54:11 +02008029 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01008030 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02008031 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01008032 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008033 else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02008034 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01008035 * with this server since we know it.
8036 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008037 delta = buffer_replace2(res->buf, val_beg, val_end, srv->cookie, srv->cklen);
Willy Tarreau24581ba2010-08-31 22:39:35 +02008038 next += delta;
8039 hdr_end += delta;
8040 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008041 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01008042 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01008043
Willy Tarreauf1348312010-10-07 15:54:11 +02008044 txn->flags &= ~TX_SCK_MASK;
8045 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008046 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008047 else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01008048 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02008049 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01008050 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008051 delta = buffer_replace2(res->buf, val_beg, val_beg, srv->cookie, srv->cklen + 1);
Willy Tarreau24581ba2010-08-31 22:39:35 +02008052 next += delta;
8053 hdr_end += delta;
8054 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008055 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01008056 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01008057
Willy Tarreau827aee92011-03-10 16:55:02 +01008058 val_beg[srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02008059 txn->flags &= ~TX_SCK_MASK;
8060 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008061 }
8062 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02008063 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008064 else if (!(s->flags & SN_IGNORE_PRST) && (s->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01008065 int cmp_len, value_len;
8066 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008067
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008068 if (s->be->options2 & PR_O2_AS_PFX) {
8069 cmp_len = MIN(val_end - att_beg, s->be->appsession_name_len);
8070 value_begin = att_beg + s->be->appsession_name_len;
8071 value_len = MIN(s->be->appsession_len, val_end - att_beg - s->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01008072 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02008073 cmp_len = att_end - att_beg;
8074 value_begin = val_beg;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008075 value_len = MIN(s->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008076 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01008077
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008078 if ((cmp_len == s->be->appsession_name_len) &&
8079 (memcmp(att_beg, s->be->appsession_name, s->be->appsession_name_len) == 0)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02008080 /* free a possibly previously allocated memory */
8081 pool_free2(apools.sessid, txn->sessid);
8082
Cyril Bontéb21570a2009-11-29 20:04:48 +01008083 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008084 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01008085 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008086 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bontéb21570a2009-11-29 20:04:48 +01008087 return;
8088 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008089 memcpy(txn->sessid, value_begin, value_len);
8090 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008091 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02008092 }
8093 /* that's done for this cookie, check the next one on the same
8094 * line when next != hdr_end (only if is_cookie2).
8095 */
8096 }
8097 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01008098 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02008099 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008100
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008101 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008102 appsess *asession = NULL;
8103 /* only do insert, if lookup fails */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008104 asession = appsession_hash_lookup(&(s->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008105 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01008106 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008107 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
8108 Alert("Not enough Memory process_srv():asession:calloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008109 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008110 return;
8111 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01008112 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
8113
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008114 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
8115 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008116 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
8117 s->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008118 return;
8119 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008120 memcpy(asession->sessid, txn->sessid, s->be->appsession_len);
8121 asession->sessid[s->be->appsession_len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008122
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008123 server_id_len = strlen(objt_server(s->target)->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008124 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01008125 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008126 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
8127 s->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008128 return;
8129 }
8130 asession->serverid[0] = '\0';
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008131 memcpy(asession->serverid, objt_server(s->target)->id, server_id_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008132
8133 asession->request_count = 0;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008134 appsession_hash_insert(&(s->be->htbl_proxy), asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008135 }
8136
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008137 asession->expire = tick_add_ifset(now_ms, s->be->timeout.appsession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02008138 asession->request_count++;
8139 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01008140}
8141
8142
Willy Tarreaua15645d2007-03-18 16:22:39 +01008143/*
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008144 * Check if response is cacheable or not. Updates s->flags.
Willy Tarreaua15645d2007-03-18 16:22:39 +01008145 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008146void check_response_for_cacheability(struct session *s, struct channel *rtr)
Willy Tarreaua15645d2007-03-18 16:22:39 +01008147{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008148 struct http_txn *txn = &s->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008149 char *p1, *p2;
8150
8151 char *cur_ptr, *cur_end, *cur_next;
8152 int cur_idx;
8153
Willy Tarreau5df51872007-11-25 16:20:08 +01008154 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01008155 return;
8156
8157 /* Iterate through the headers.
8158 * we start with the start line.
8159 */
8160 cur_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008161 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01008162
8163 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
8164 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01008165 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008166
8167 cur_hdr = &txn->hdr_idx.v[cur_idx];
8168 cur_ptr = cur_next;
8169 cur_end = cur_ptr + cur_hdr->len;
8170 cur_next = cur_end + cur_hdr->cr + 1;
8171
8172 /* We have one full header between cur_ptr and cur_end, and the
8173 * next header starts at cur_next. We're only interested in
8174 * "Cookie:" headers.
8175 */
8176
Willy Tarreauaa9dce32007-03-18 23:50:16 +01008177 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
8178 if (val) {
8179 if ((cur_end - (cur_ptr + val) >= 8) &&
8180 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
8181 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
8182 return;
8183 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01008184 }
8185
Willy Tarreauaa9dce32007-03-18 23:50:16 +01008186 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
8187 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01008188 continue;
8189
8190 /* OK, right now we know we have a cache-control header at cur_ptr */
8191
Willy Tarreauaa9dce32007-03-18 23:50:16 +01008192 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01008193
8194 if (p1 >= cur_end) /* no more info */
8195 continue;
8196
8197 /* p1 is at the beginning of the value */
8198 p2 = p1;
8199
Willy Tarreau8f8e6452007-06-17 21:51:38 +02008200 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01008201 p2++;
8202
8203 /* we have a complete value between p1 and p2 */
8204 if (p2 < cur_end && *p2 == '=') {
8205 /* we have something of the form no-cache="set-cookie" */
8206 if ((cur_end - p1 >= 21) &&
8207 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
8208 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01008209 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008210 continue;
8211 }
8212
8213 /* OK, so we know that either p2 points to the end of string or to a comma */
8214 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
Willy Tarreau5b15f902013-07-04 12:46:56 +02008215 ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
Willy Tarreaua15645d2007-03-18 16:22:39 +01008216 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
8217 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
8218 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01008219 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008220 return;
8221 }
8222
8223 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01008224 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008225 continue;
8226 }
8227 }
8228}
8229
8230
Willy Tarreau58f10d72006-12-04 02:26:12 +01008231/*
8232 * Try to retrieve a known appsession in the URI, then the associated server.
8233 * If the server is found, it's assigned to the session.
8234 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008235void get_srv_from_appsession(struct session *s, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01008236{
Cyril Bontéb21570a2009-11-29 20:04:48 +01008237 char *end_params, *first_param, *cur_param, *next_param;
8238 char separator;
8239 int value_len;
8240
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008241 int mode = s->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01008242
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008243 if (s->be->appsession_name == NULL ||
8244 (s->txn.meth != HTTP_METH_GET && s->txn.meth != HTTP_METH_POST && s->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01008245 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01008246 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008247
Cyril Bontéb21570a2009-11-29 20:04:48 +01008248 first_param = NULL;
8249 switch (mode) {
8250 case PR_O2_AS_M_PP:
8251 first_param = memchr(begin, ';', len);
8252 break;
8253 case PR_O2_AS_M_QS:
8254 first_param = memchr(begin, '?', len);
8255 break;
8256 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008257
Cyril Bontéb21570a2009-11-29 20:04:48 +01008258 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01008259 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01008260 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008261
Cyril Bontéb21570a2009-11-29 20:04:48 +01008262 switch (mode) {
8263 case PR_O2_AS_M_PP:
8264 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
8265 end_params = (char *) begin + len;
8266 }
8267 separator = ';';
8268 break;
8269 case PR_O2_AS_M_QS:
8270 end_params = (char *) begin + len;
8271 separator = '&';
8272 break;
8273 default:
8274 /* unknown mode, shouldn't happen */
8275 return;
8276 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008277
Cyril Bontéb21570a2009-11-29 20:04:48 +01008278 cur_param = next_param = end_params;
8279 while (cur_param > first_param) {
8280 cur_param--;
8281 if ((cur_param[0] == separator) || (cur_param == first_param)) {
8282 /* let's see if this is the appsession parameter */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008283 if ((cur_param + s->be->appsession_name_len + 1 < next_param) &&
8284 ((s->be->options2 & PR_O2_AS_PFX) || cur_param[s->be->appsession_name_len + 1] == '=') &&
8285 (strncasecmp(cur_param + 1, s->be->appsession_name, s->be->appsession_name_len) == 0)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01008286 /* Cool... it's the right one */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008287 cur_param += s->be->appsession_name_len + (s->be->options2 & PR_O2_AS_PFX ? 1 : 2);
8288 value_len = MIN(s->be->appsession_len, next_param - cur_param);
Cyril Bontéb21570a2009-11-29 20:04:48 +01008289 if (value_len > 0) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008290 manage_client_side_appsession(s, cur_param, value_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01008291 }
8292 break;
8293 }
8294 next_param = cur_param;
8295 }
8296 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008297#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02008298 Alert("get_srv_from_appsession\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008299 appsession_hash_dump(&(s->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01008300#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01008301}
8302
Willy Tarreaub2513902006-12-17 14:52:38 +01008303/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02008304 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008305 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01008306 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02008307 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01008308 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01008309 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008310 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01008311 */
Willy Tarreau295a8372011-03-10 11:25:07 +01008312int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01008313{
8314 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau3a215be2012-03-09 21:39:51 +01008315 struct http_msg *msg = &txn->req;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008316 const char *uri = msg->chn->buf->p+ msg->sl.rq.u;
Willy Tarreaub2513902006-12-17 14:52:38 +01008317
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008318 if (!uri_auth)
8319 return 0;
8320
Cyril Bonté70be45d2010-10-12 00:14:35 +02008321 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008322 return 0;
8323
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01008324 /* check URI size */
Willy Tarreau3a215be2012-03-09 21:39:51 +01008325 if (uri_auth->uri_len > msg->sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01008326 return 0;
8327
Willy Tarreau414e9bb2013-11-23 00:30:38 +01008328 if (memcmp(uri, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01008329 return 0;
8330
Willy Tarreaub2513902006-12-17 14:52:38 +01008331 return 1;
8332}
8333
Willy Tarreau4076a152009-04-02 15:18:36 +02008334/*
8335 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008336 * By default it tries to report the error position as msg->err_pos. However if
8337 * this one is not set, it will then report msg->next, which is the last known
8338 * parsing point. The function is able to deal with wrapping buffers. It always
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008339 * displays buffers as a contiguous area starting at buf->p.
Willy Tarreau4076a152009-04-02 15:18:36 +02008340 */
8341void http_capture_bad_message(struct error_snapshot *es, struct session *s,
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008342 struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01008343 enum ht_state state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02008344{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008345 struct channel *chn = msg->chn;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008346 int len1, len2;
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008347
Willy Tarreau9b28e032012-10-12 23:49:43 +02008348 es->len = MIN(chn->buf->i, sizeof(es->buf));
8349 len1 = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008350 len1 = MIN(len1, es->len);
8351 len2 = es->len - len1; /* remaining data if buffer wraps */
8352
Willy Tarreau9b28e032012-10-12 23:49:43 +02008353 memcpy(es->buf, chn->buf->p, len1);
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008354 if (len2)
Willy Tarreau9b28e032012-10-12 23:49:43 +02008355 memcpy(es->buf + len1, chn->buf->data, len2);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008356
Willy Tarreau4076a152009-04-02 15:18:36 +02008357 if (msg->err_pos >= 0)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008358 es->pos = msg->err_pos;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008359 else
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008360 es->pos = msg->next;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008361
Willy Tarreau4076a152009-04-02 15:18:36 +02008362 es->when = date; // user-visible date
8363 es->sid = s->uniq_id;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008364 es->srv = objt_server(s->target);
Willy Tarreau4076a152009-04-02 15:18:36 +02008365 es->oe = other_end;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008366 if (objt_conn(s->req->prod->end))
8367 es->src = __objt_conn(s->req->prod->end)->addr.from;
8368 else
8369 memset(&es->src, 0, sizeof(es->src));
8370
Willy Tarreau078272e2010-12-12 12:46:33 +01008371 es->state = state;
Willy Tarreau10479e42010-12-12 14:00:34 +01008372 es->ev_id = error_snapshot_id++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008373 es->b_flags = chn->flags;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008374 es->s_flags = s->flags;
8375 es->t_flags = s->txn.flags;
8376 es->m_flags = msg->flags;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008377 es->b_out = chn->buf->o;
8378 es->b_wrap = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008379 es->b_tot = chn->total;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008380 es->m_clen = msg->chunk_len;
8381 es->m_blen = msg->body_len;
Willy Tarreau4076a152009-04-02 15:18:36 +02008382}
Willy Tarreaub2513902006-12-17 14:52:38 +01008383
Willy Tarreau294c4732011-12-16 21:35:50 +01008384/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8385 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8386 * performed over the whole headers. Otherwise it must contain a valid header
8387 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8388 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8389 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8390 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008391 * -1. The value fetch stops at commas, so this function is suited for use with
8392 * list headers.
Willy Tarreau294c4732011-12-16 21:35:50 +01008393 * The return value is 0 if nothing was found, or non-zero otherwise.
Willy Tarreaubce70882009-09-07 11:51:47 +02008394 */
Willy Tarreau185b5c42012-04-26 15:11:51 +02008395unsigned int http_get_hdr(const struct http_msg *msg, const char *hname, int hlen,
Willy Tarreau294c4732011-12-16 21:35:50 +01008396 struct hdr_idx *idx, int occ,
8397 struct hdr_ctx *ctx, char **vptr, int *vlen)
Willy Tarreaubce70882009-09-07 11:51:47 +02008398{
Willy Tarreau294c4732011-12-16 21:35:50 +01008399 struct hdr_ctx local_ctx;
8400 char *ptr_hist[MAX_HDR_HISTORY];
8401 int len_hist[MAX_HDR_HISTORY];
Willy Tarreaubce70882009-09-07 11:51:47 +02008402 unsigned int hist_ptr;
Willy Tarreau294c4732011-12-16 21:35:50 +01008403 int found;
Willy Tarreaubce70882009-09-07 11:51:47 +02008404
Willy Tarreau294c4732011-12-16 21:35:50 +01008405 if (!ctx) {
8406 local_ctx.idx = 0;
8407 ctx = &local_ctx;
8408 }
8409
Willy Tarreaubce70882009-09-07 11:51:47 +02008410 if (occ >= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008411 /* search from the beginning */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008412 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreaubce70882009-09-07 11:51:47 +02008413 occ--;
8414 if (occ <= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008415 *vptr = ctx->line + ctx->val;
8416 *vlen = ctx->vlen;
8417 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008418 }
8419 }
Willy Tarreau294c4732011-12-16 21:35:50 +01008420 return 0;
Willy Tarreaubce70882009-09-07 11:51:47 +02008421 }
8422
8423 /* negative occurrence, we scan all the list then walk back */
8424 if (-occ > MAX_HDR_HISTORY)
8425 return 0;
8426
Willy Tarreau294c4732011-12-16 21:35:50 +01008427 found = hist_ptr = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008428 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008429 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8430 len_hist[hist_ptr] = ctx->vlen;
8431 if (++hist_ptr >= MAX_HDR_HISTORY)
Willy Tarreaubce70882009-09-07 11:51:47 +02008432 hist_ptr = 0;
8433 found++;
8434 }
8435 if (-occ > found)
8436 return 0;
8437 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
Willy Tarreau67dad272013-06-12 22:27:44 +02008438 * find occurrence -occ. 0 <= hist_ptr < MAX_HDR_HISTORY, and we have
8439 * -10 <= occ <= -1. So we have to check [hist_ptr%MAX_HDR_HISTORY+occ]
8440 * to remain in the 0..9 range.
Willy Tarreaubce70882009-09-07 11:51:47 +02008441 */
Willy Tarreau67dad272013-06-12 22:27:44 +02008442 hist_ptr += occ + MAX_HDR_HISTORY;
Willy Tarreaubce70882009-09-07 11:51:47 +02008443 if (hist_ptr >= MAX_HDR_HISTORY)
8444 hist_ptr -= MAX_HDR_HISTORY;
Willy Tarreau294c4732011-12-16 21:35:50 +01008445 *vptr = ptr_hist[hist_ptr];
8446 *vlen = len_hist[hist_ptr];
8447 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008448}
8449
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008450/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8451 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8452 * performed over the whole headers. Otherwise it must contain a valid header
8453 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8454 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8455 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8456 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
8457 * -1. This function differs from http_get_hdr() in that it only returns full
8458 * line header values and does not stop at commas.
8459 * The return value is 0 if nothing was found, or non-zero otherwise.
8460 */
8461unsigned int http_get_fhdr(const struct http_msg *msg, const char *hname, int hlen,
8462 struct hdr_idx *idx, int occ,
8463 struct hdr_ctx *ctx, char **vptr, int *vlen)
8464{
8465 struct hdr_ctx local_ctx;
8466 char *ptr_hist[MAX_HDR_HISTORY];
8467 int len_hist[MAX_HDR_HISTORY];
8468 unsigned int hist_ptr;
8469 int found;
8470
8471 if (!ctx) {
8472 local_ctx.idx = 0;
8473 ctx = &local_ctx;
8474 }
8475
8476 if (occ >= 0) {
8477 /* search from the beginning */
8478 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8479 occ--;
8480 if (occ <= 0) {
8481 *vptr = ctx->line + ctx->val;
8482 *vlen = ctx->vlen;
8483 return 1;
8484 }
8485 }
8486 return 0;
8487 }
8488
8489 /* negative occurrence, we scan all the list then walk back */
8490 if (-occ > MAX_HDR_HISTORY)
8491 return 0;
8492
8493 found = hist_ptr = 0;
8494 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8495 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8496 len_hist[hist_ptr] = ctx->vlen;
8497 if (++hist_ptr >= MAX_HDR_HISTORY)
8498 hist_ptr = 0;
8499 found++;
8500 }
8501 if (-occ > found)
8502 return 0;
8503 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
8504 * find occurrence -occ, so we have to check [hist_ptr+occ].
8505 */
8506 hist_ptr += occ;
8507 if (hist_ptr >= MAX_HDR_HISTORY)
8508 hist_ptr -= MAX_HDR_HISTORY;
8509 *vptr = ptr_hist[hist_ptr];
8510 *vlen = len_hist[hist_ptr];
8511 return 1;
8512}
8513
Willy Tarreaubaaee002006-06-26 02:48:02 +02008514/*
Willy Tarreaue92693a2012-09-24 21:13:39 +02008515 * Print a debug line with a header. Always stop at the first CR or LF char,
8516 * so it is safe to pass it a full buffer if needed. If <err> is not NULL, an
8517 * arrow is printed after the line which contains the pointer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01008518 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008519void debug_hdr(const char *dir, struct session *s, const char *start, const char *end)
Willy Tarreau58f10d72006-12-04 02:26:12 +01008520{
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008521 int max;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008522 chunk_printf(&trash, "%08x:%s.%s[%04x:%04x]: ", s->uniq_id, s->be->id,
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008523 dir,
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008524 objt_conn(s->req->prod->end) ? (unsigned short)objt_conn(s->req->prod->end)->t.sock.fd : -1,
8525 objt_conn(s->req->cons->end) ? (unsigned short)objt_conn(s->req->cons->end)->t.sock.fd : -1);
Willy Tarreaue92693a2012-09-24 21:13:39 +02008526
8527 for (max = 0; start + max < end; max++)
8528 if (start[max] == '\r' || start[max] == '\n')
8529 break;
8530
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008531 UBOUND(max, trash.size - trash.len - 3);
8532 trash.len += strlcpy2(trash.str + trash.len, start, max + 1);
8533 trash.str[trash.len++] = '\n';
Willy Tarreau89efaed2013-12-13 15:14:55 +01008534 shut_your_big_mouth_gcc(write(1, trash.str, trash.len));
Willy Tarreau58f10d72006-12-04 02:26:12 +01008535}
8536
Willy Tarreau0937bc42009-12-22 15:03:09 +01008537/*
8538 * Initialize a new HTTP transaction for session <s>. It is assumed that all
8539 * the required fields are properly allocated and that we only need to (re)init
8540 * them. This should be used before processing any new request.
8541 */
8542void http_init_txn(struct session *s)
8543{
8544 struct http_txn *txn = &s->txn;
8545 struct proxy *fe = s->fe;
8546
8547 txn->flags = 0;
8548 txn->status = -1;
8549
Willy Tarreauf64d1412010-10-07 20:06:11 +02008550 txn->cookie_first_date = 0;
8551 txn->cookie_last_date = 0;
8552
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008553 txn->req.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008554 txn->req.sol = txn->req.eol = txn->req.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008555 txn->req.next = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008556 txn->rsp.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008557 txn->rsp.sol = txn->rsp.eol = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008558 txn->rsp.next = 0;
Willy Tarreau124d9912011-03-01 20:30:48 +01008559 txn->req.chunk_len = 0LL;
8560 txn->req.body_len = 0LL;
8561 txn->rsp.chunk_len = 0LL;
8562 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008563 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
8564 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Willy Tarreau394db372012-10-12 22:40:39 +02008565 txn->req.chn = s->req;
8566 txn->rsp.chn = s->rep;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008567
8568 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008569
8570 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
8571 if (fe->options2 & PR_O2_REQBUG_OK)
8572 txn->req.err_pos = -1; /* let buggy requests pass */
8573
Willy Tarreau46023632010-01-07 22:51:47 +01008574 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008575 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
8576
Willy Tarreau46023632010-01-07 22:51:47 +01008577 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008578 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
8579
8580 if (txn->hdr_idx.v)
8581 hdr_idx_init(&txn->hdr_idx);
8582}
8583
8584/* to be used at the end of a transaction */
8585void http_end_txn(struct session *s)
8586{
8587 struct http_txn *txn = &s->txn;
8588
Willy Tarreau75195602014-03-11 15:48:55 +01008589 /* release any possible compression context */
8590 if (s->flags & SN_COMP_READY)
8591 s->comp_algo->end(&s->comp_ctx);
8592 s->comp_algo = NULL;
8593 s->flags &= ~SN_COMP_READY;
8594
Willy Tarreau0937bc42009-12-22 15:03:09 +01008595 /* these ones will have been dynamically allocated */
8596 pool_free2(pool2_requri, txn->uri);
8597 pool_free2(pool2_capture, txn->cli_cookie);
8598 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008599 pool_free2(apools.sessid, txn->sessid);
William Lallemanda73203e2012-03-12 12:48:57 +01008600 pool_free2(pool2_uniqueid, s->unique_id);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008601
William Lallemanda73203e2012-03-12 12:48:57 +01008602 s->unique_id = NULL;
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008603 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008604 txn->uri = NULL;
8605 txn->srv_cookie = NULL;
8606 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01008607
8608 if (txn->req.cap) {
8609 struct cap_hdr *h;
8610 for (h = s->fe->req_cap; h; h = h->next)
8611 pool_free2(h->pool, txn->req.cap[h->index]);
8612 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
8613 }
8614
8615 if (txn->rsp.cap) {
8616 struct cap_hdr *h;
8617 for (h = s->fe->rsp_cap; h; h = h->next)
8618 pool_free2(h->pool, txn->rsp.cap[h->index]);
8619 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
8620 }
8621
Willy Tarreau0937bc42009-12-22 15:03:09 +01008622}
8623
8624/* to be used at the end of a transaction to prepare a new one */
8625void http_reset_txn(struct session *s)
8626{
8627 http_end_txn(s);
8628 http_init_txn(s);
8629
8630 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008631 s->logs.logwait = s->fe->to_log;
Willy Tarreauabcd5142013-06-11 17:18:02 +02008632 s->logs.level = 0;
Simon Hormanaf514952011-06-21 14:34:57 +09008633 session_del_srv_conn(s);
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008634 s->target = NULL;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008635 /* re-init store persistence */
8636 s->store_count = 0;
Willy Tarreau1f0da242014-01-25 11:01:50 +01008637 s->uniq_id = global.req_count++;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008638
Willy Tarreau0937bc42009-12-22 15:03:09 +01008639 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008640
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02008641 s->req->flags |= CF_READ_DONTWAIT; /* one read is usually enough */
Willy Tarreau0937bc42009-12-22 15:03:09 +01008642
Willy Tarreau739cfba2010-01-25 23:11:14 +01008643 /* We must trim any excess data from the response buffer, because we
8644 * may have blocked an invalid response from a server that we don't
8645 * want to accidentely forward once we disable the analysers, nor do
8646 * we want those data to come along with next response. A typical
8647 * example of such data would be from a buggy server responding to
8648 * a HEAD with some data, or sending more than the advertised
8649 * content-length.
8650 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008651 if (unlikely(s->rep->buf->i))
8652 s->rep->buf->i = 0;
Willy Tarreau739cfba2010-01-25 23:11:14 +01008653
Willy Tarreau0937bc42009-12-22 15:03:09 +01008654 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02008655 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008656
Willy Tarreaud04e8582010-05-31 12:31:35 +02008657 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008658 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008659
8660 s->req->rex = TICK_ETERNITY;
8661 s->req->wex = TICK_ETERNITY;
8662 s->req->analyse_exp = TICK_ETERNITY;
8663 s->rep->rex = TICK_ETERNITY;
8664 s->rep->wex = TICK_ETERNITY;
8665 s->rep->analyse_exp = TICK_ETERNITY;
8666}
Willy Tarreau58f10d72006-12-04 02:26:12 +01008667
Willy Tarreauff011f22011-01-06 17:51:27 +01008668void free_http_req_rules(struct list *r) {
8669 struct http_req_rule *tr, *pr;
8670
8671 list_for_each_entry_safe(pr, tr, r, list) {
8672 LIST_DEL(&pr->list);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008673 if (pr->action == HTTP_REQ_ACT_AUTH)
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008674 free(pr->arg.auth.realm);
Willy Tarreauff011f22011-01-06 17:51:27 +01008675
8676 free(pr);
8677 }
8678}
8679
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008680/* parse an "http-request" rule */
Willy Tarreauff011f22011-01-06 17:51:27 +01008681struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8682{
8683 struct http_req_rule *rule;
William Lallemand73025dd2014-04-24 14:38:37 +02008684 struct http_req_action_kw *custom = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008685 int cur_arg;
8686
8687 rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
8688 if (!rule) {
8689 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008690 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008691 }
8692
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008693 if (!strcmp(args[0], "allow")) {
Willy Tarreauff011f22011-01-06 17:51:27 +01008694 rule->action = HTTP_REQ_ACT_ALLOW;
8695 cur_arg = 1;
8696 } else if (!strcmp(args[0], "deny")) {
8697 rule->action = HTTP_REQ_ACT_DENY;
8698 cur_arg = 1;
Willy Tarreauccbcc372012-12-27 12:37:57 +01008699 } else if (!strcmp(args[0], "tarpit")) {
8700 rule->action = HTTP_REQ_ACT_TARPIT;
8701 cur_arg = 1;
Willy Tarreauff011f22011-01-06 17:51:27 +01008702 } else if (!strcmp(args[0], "auth")) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008703 rule->action = HTTP_REQ_ACT_AUTH;
Willy Tarreauff011f22011-01-06 17:51:27 +01008704 cur_arg = 1;
8705
8706 while(*args[cur_arg]) {
8707 if (!strcmp(args[cur_arg], "realm")) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008708 rule->arg.auth.realm = strdup(args[cur_arg + 1]);
Willy Tarreauff011f22011-01-06 17:51:27 +01008709 cur_arg+=2;
8710 continue;
8711 } else
8712 break;
8713 }
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008714 } else if (!strcmp(args[0], "set-nice")) {
8715 rule->action = HTTP_REQ_ACT_SET_NICE;
8716 cur_arg = 1;
8717
8718 if (!*args[cur_arg] ||
8719 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8720 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer value).\n",
8721 file, linenum, args[0]);
8722 goto out_err;
8723 }
8724 rule->arg.nice = atoi(args[cur_arg]);
8725 if (rule->arg.nice < -1024)
8726 rule->arg.nice = -1024;
8727 else if (rule->arg.nice > 1024)
8728 rule->arg.nice = 1024;
8729 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008730 } else if (!strcmp(args[0], "set-tos")) {
8731#ifdef IP_TOS
8732 char *err;
8733 rule->action = HTTP_REQ_ACT_SET_TOS;
8734 cur_arg = 1;
8735
8736 if (!*args[cur_arg] ||
8737 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8738 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8739 file, linenum, args[0]);
8740 goto out_err;
8741 }
8742
8743 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8744 if (err && *err != '\0') {
8745 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8746 file, linenum, err, args[0]);
8747 goto out_err;
8748 }
8749 cur_arg++;
8750#else
8751 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8752 goto out_err;
8753#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008754 } else if (!strcmp(args[0], "set-mark")) {
8755#ifdef SO_MARK
8756 char *err;
8757 rule->action = HTTP_REQ_ACT_SET_MARK;
8758 cur_arg = 1;
8759
8760 if (!*args[cur_arg] ||
8761 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8762 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8763 file, linenum, args[0]);
8764 goto out_err;
8765 }
8766
8767 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8768 if (err && *err != '\0') {
8769 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8770 file, linenum, err, args[0]);
8771 goto out_err;
8772 }
8773 cur_arg++;
8774 global.last_checks |= LSTCHK_NETADM;
8775#else
8776 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8777 goto out_err;
8778#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008779 } else if (!strcmp(args[0], "set-log-level")) {
8780 rule->action = HTTP_REQ_ACT_SET_LOGL;
8781 cur_arg = 1;
8782
8783 if (!*args[cur_arg] ||
8784 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8785 bad_log_level:
8786 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (log level name or 'silent').\n",
8787 file, linenum, args[0]);
8788 goto out_err;
8789 }
8790 if (strcmp(args[cur_arg], "silent") == 0)
8791 rule->arg.loglevel = -1;
8792 else if ((rule->arg.loglevel = get_log_level(args[cur_arg]) + 1) == 0)
8793 goto bad_log_level;
8794 cur_arg++;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008795 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8796 rule->action = *args[0] == 'a' ? HTTP_REQ_ACT_ADD_HDR : HTTP_REQ_ACT_SET_HDR;
8797 cur_arg = 1;
8798
Willy Tarreau8d1c5162013-04-03 14:13:58 +02008799 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8800 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008801 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
8802 file, linenum, args[0]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008803 goto out_err;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008804 }
8805
8806 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8807 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8808 LIST_INIT(&rule->arg.hdr_add.fmt);
Willy Tarreaua4312fa2013-04-02 16:34:32 +02008809
Thierry FOURNIER1c0054f2013-11-20 15:09:52 +01008810 proxy->conf.args.ctx = ARGC_HRQ;
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01008811 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01008812 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8813 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01008814 free(proxy->conf.lfs_file);
8815 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8816 proxy->conf.lfs_line = proxy->conf.args.line;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008817 cur_arg += 2;
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02008818 } else if (strcmp(args[0], "del-header") == 0) {
8819 rule->action = HTTP_REQ_ACT_DEL_HDR;
8820 cur_arg = 1;
8821
8822 if (!*args[cur_arg] ||
8823 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8824 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument.\n",
8825 file, linenum, args[0]);
8826 goto out_err;
8827 }
8828
8829 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8830 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8831
8832 proxy->conf.args.ctx = ARGC_HRQ;
8833 free(proxy->conf.lfs_file);
8834 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8835 proxy->conf.lfs_line = proxy->conf.args.line;
8836 cur_arg += 1;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008837 } else if (strcmp(args[0], "redirect") == 0) {
8838 struct redirect_rule *redir;
Willy Tarreau6d4890c2013-11-18 18:04:25 +01008839 char *errmsg = NULL;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008840
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008841 if ((redir = http_parse_redirect_rule(file, linenum, proxy, (const char **)args + 1, &errmsg, 1)) == NULL) {
Willy Tarreau81499eb2012-12-27 12:19:02 +01008842 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
8843 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
8844 goto out_err;
8845 }
8846
8847 /* this redirect rule might already contain a parsed condition which
8848 * we'll pass to the http-request rule.
8849 */
8850 rule->action = HTTP_REQ_ACT_REDIR;
8851 rule->arg.redir = redir;
8852 rule->cond = redir->cond;
8853 redir->cond = NULL;
8854 cur_arg = 2;
8855 return rule;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008856 } else if (strncmp(args[0], "add-acl", 7) == 0) {
8857 /* http-request add-acl(<reference (acl name)>) <key pattern> */
8858 rule->action = HTTP_REQ_ACT_ADD_ACL;
8859 /*
8860 * '+ 8' for 'add-acl('
8861 * '- 9' for 'add-acl(' + trailing ')'
8862 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02008863 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008864
8865 cur_arg = 1;
8866
8867 if (!*args[cur_arg] ||
8868 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8869 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument.\n",
8870 file, linenum, args[0]);
8871 goto out_err;
8872 }
8873
8874 LIST_INIT(&rule->arg.map.key);
8875 proxy->conf.args.ctx = ARGC_HRQ;
8876 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
8877 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8878 file, linenum);
8879 free(proxy->conf.lfs_file);
8880 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8881 proxy->conf.lfs_line = proxy->conf.args.line;
8882 cur_arg += 1;
8883 } else if (strncmp(args[0], "del-acl", 7) == 0) {
8884 /* http-request del-acl(<reference (acl name)>) <key pattern> */
8885 rule->action = HTTP_REQ_ACT_DEL_ACL;
8886 /*
8887 * '+ 8' for 'del-acl('
8888 * '- 9' for 'del-acl(' + trailing ')'
8889 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02008890 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008891
8892 cur_arg = 1;
8893
8894 if (!*args[cur_arg] ||
8895 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8896 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument.\n",
8897 file, linenum, args[0]);
8898 goto out_err;
8899 }
8900
8901 LIST_INIT(&rule->arg.map.key);
8902 proxy->conf.args.ctx = ARGC_HRQ;
8903 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
8904 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8905 file, linenum);
8906 free(proxy->conf.lfs_file);
8907 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8908 proxy->conf.lfs_line = proxy->conf.args.line;
8909 cur_arg += 1;
8910 } else if (strncmp(args[0], "del-map", 7) == 0) {
8911 /* http-request del-map(<reference (map name)>) <key pattern> */
8912 rule->action = HTTP_REQ_ACT_DEL_MAP;
8913 /*
8914 * '+ 8' for 'del-map('
8915 * '- 9' for 'del-map(' + trailing ')'
8916 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02008917 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008918
8919 cur_arg = 1;
8920
8921 if (!*args[cur_arg] ||
8922 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8923 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument.\n",
8924 file, linenum, args[0]);
8925 goto out_err;
8926 }
8927
8928 LIST_INIT(&rule->arg.map.key);
8929 proxy->conf.args.ctx = ARGC_HRQ;
8930 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
8931 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8932 file, linenum);
8933 free(proxy->conf.lfs_file);
8934 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8935 proxy->conf.lfs_line = proxy->conf.args.line;
8936 cur_arg += 1;
8937 } else if (strncmp(args[0], "set-map", 7) == 0) {
8938 /* http-request set-map(<reference (map name)>) <key pattern> <value pattern> */
8939 rule->action = HTTP_REQ_ACT_SET_MAP;
8940 /*
8941 * '+ 8' for 'set-map('
8942 * '- 9' for 'set-map(' + trailing ')'
8943 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02008944 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008945
8946 cur_arg = 1;
8947
8948 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8949 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
8950 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
8951 file, linenum, args[0]);
8952 goto out_err;
8953 }
8954
8955 LIST_INIT(&rule->arg.map.key);
8956 LIST_INIT(&rule->arg.map.value);
8957 proxy->conf.args.ctx = ARGC_HRQ;
8958
8959 /* key pattern */
8960 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
8961 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8962 file, linenum);
8963
8964 /* value pattern */
8965 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.map.value, LOG_OPT_HTTP,
8966 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8967 file, linenum);
8968 free(proxy->conf.lfs_file);
8969 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8970 proxy->conf.lfs_line = proxy->conf.args.line;
8971
8972 cur_arg += 2;
William Lallemand73025dd2014-04-24 14:38:37 +02008973 } else if (((custom = action_http_req_custom(args[0])) != NULL)) {
8974 char *errmsg = NULL;
8975 cur_arg = 1;
8976 /* try in the module list */
8977 if (custom->parse(args, &cur_arg, proxy, rule, &errmsg) < 0) {
8978 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
8979 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
8980 free(errmsg);
8981 goto out_err;
8982 }
Willy Tarreauff011f22011-01-06 17:51:27 +01008983 } else {
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02008984 Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', 'tarpit', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map', but got '%s'%s.\n",
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008985 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
Willy Tarreau81499eb2012-12-27 12:19:02 +01008986 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008987 }
8988
8989 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8990 struct acl_cond *cond;
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008991 char *errmsg = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008992
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008993 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8994 Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
8995 file, linenum, args[0], errmsg);
8996 free(errmsg);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008997 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008998 }
8999 rule->cond = cond;
9000 }
9001 else if (*args[cur_arg]) {
9002 Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
9003 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
9004 file, linenum, args[0], args[cur_arg]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01009005 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01009006 }
9007
9008 return rule;
Willy Tarreau81499eb2012-12-27 12:19:02 +01009009 out_err:
9010 free(rule);
9011 return NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01009012}
9013
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009014/* parse an "http-respose" rule */
9015struct http_res_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
9016{
9017 struct http_res_rule *rule;
William Lallemand73025dd2014-04-24 14:38:37 +02009018 struct http_res_action_kw *custom = NULL;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009019 int cur_arg;
9020
9021 rule = calloc(1, sizeof(*rule));
9022 if (!rule) {
9023 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
9024 goto out_err;
9025 }
9026
9027 if (!strcmp(args[0], "allow")) {
9028 rule->action = HTTP_RES_ACT_ALLOW;
9029 cur_arg = 1;
9030 } else if (!strcmp(args[0], "deny")) {
9031 rule->action = HTTP_RES_ACT_DENY;
9032 cur_arg = 1;
Willy Tarreauf4c43c12013-06-11 17:01:13 +02009033 } else if (!strcmp(args[0], "set-nice")) {
9034 rule->action = HTTP_RES_ACT_SET_NICE;
9035 cur_arg = 1;
9036
9037 if (!*args[cur_arg] ||
9038 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
9039 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer value).\n",
9040 file, linenum, args[0]);
9041 goto out_err;
9042 }
9043 rule->arg.nice = atoi(args[cur_arg]);
9044 if (rule->arg.nice < -1024)
9045 rule->arg.nice = -1024;
9046 else if (rule->arg.nice > 1024)
9047 rule->arg.nice = 1024;
9048 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02009049 } else if (!strcmp(args[0], "set-tos")) {
9050#ifdef IP_TOS
9051 char *err;
9052 rule->action = HTTP_RES_ACT_SET_TOS;
9053 cur_arg = 1;
9054
9055 if (!*args[cur_arg] ||
9056 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
9057 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
9058 file, linenum, args[0]);
9059 goto out_err;
9060 }
9061
9062 rule->arg.tos = strtol(args[cur_arg], &err, 0);
9063 if (err && *err != '\0') {
9064 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
9065 file, linenum, err, args[0]);
9066 goto out_err;
9067 }
9068 cur_arg++;
9069#else
9070 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
9071 goto out_err;
9072#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02009073 } else if (!strcmp(args[0], "set-mark")) {
9074#ifdef SO_MARK
9075 char *err;
9076 rule->action = HTTP_RES_ACT_SET_MARK;
9077 cur_arg = 1;
9078
9079 if (!*args[cur_arg] ||
9080 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
9081 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
9082 file, linenum, args[0]);
9083 goto out_err;
9084 }
9085
9086 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
9087 if (err && *err != '\0') {
9088 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
9089 file, linenum, err, args[0]);
9090 goto out_err;
9091 }
9092 cur_arg++;
9093 global.last_checks |= LSTCHK_NETADM;
9094#else
9095 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
9096 goto out_err;
9097#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02009098 } else if (!strcmp(args[0], "set-log-level")) {
9099 rule->action = HTTP_RES_ACT_SET_LOGL;
9100 cur_arg = 1;
9101
9102 if (!*args[cur_arg] ||
9103 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
9104 bad_log_level:
9105 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (log level name or 'silent').\n",
9106 file, linenum, args[0]);
9107 goto out_err;
9108 }
9109 if (strcmp(args[cur_arg], "silent") == 0)
9110 rule->arg.loglevel = -1;
9111 else if ((rule->arg.loglevel = get_log_level(args[cur_arg] + 1)) == 0)
9112 goto bad_log_level;
9113 cur_arg++;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009114 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
9115 rule->action = *args[0] == 'a' ? HTTP_RES_ACT_ADD_HDR : HTTP_RES_ACT_SET_HDR;
9116 cur_arg = 1;
9117
9118 if (!*args[cur_arg] || !*args[cur_arg+1] ||
9119 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
9120 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 2 arguments.\n",
9121 file, linenum, args[0]);
9122 goto out_err;
9123 }
9124
9125 rule->arg.hdr_add.name = strdup(args[cur_arg]);
9126 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
9127 LIST_INIT(&rule->arg.hdr_add.fmt);
9128
Thierry FOURNIER1c0054f2013-11-20 15:09:52 +01009129 proxy->conf.args.ctx = ARGC_HRS;
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01009130 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01009131 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9132 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01009133 free(proxy->conf.lfs_file);
9134 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9135 proxy->conf.lfs_line = proxy->conf.args.line;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009136 cur_arg += 2;
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02009137 } else if (strcmp(args[0], "del-header") == 0) {
9138 rule->action = HTTP_RES_ACT_DEL_HDR;
9139 cur_arg = 1;
9140
9141 if (!*args[cur_arg] ||
9142 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
9143 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument.\n",
9144 file, linenum, args[0]);
9145 goto out_err;
9146 }
9147
9148 rule->arg.hdr_add.name = strdup(args[cur_arg]);
9149 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
9150
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009151 proxy->conf.args.ctx = ARGC_HRS;
9152 free(proxy->conf.lfs_file);
9153 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9154 proxy->conf.lfs_line = proxy->conf.args.line;
9155 cur_arg += 1;
9156 } else if (strncmp(args[0], "add-acl", 7) == 0) {
9157 /* http-request add-acl(<reference (acl name)>) <key pattern> */
9158 rule->action = HTTP_RES_ACT_ADD_ACL;
9159 /*
9160 * '+ 8' for 'add-acl('
9161 * '- 9' for 'add-acl(' + trailing ')'
9162 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02009163 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009164
9165 cur_arg = 1;
9166
9167 if (!*args[cur_arg] ||
9168 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
9169 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument.\n",
9170 file, linenum, args[0]);
9171 goto out_err;
9172 }
9173
9174 LIST_INIT(&rule->arg.map.key);
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02009175 proxy->conf.args.ctx = ARGC_HRS;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009176 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
9177 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9178 file, linenum);
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02009179 free(proxy->conf.lfs_file);
9180 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9181 proxy->conf.lfs_line = proxy->conf.args.line;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009182
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02009183 cur_arg += 1;
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009184 } else if (strncmp(args[0], "del-acl", 7) == 0) {
9185 /* http-response del-acl(<reference (acl name)>) <key pattern> */
9186 rule->action = HTTP_RES_ACT_DEL_ACL;
9187 /*
9188 * '+ 8' for 'del-acl('
9189 * '- 9' for 'del-acl(' + trailing ')'
9190 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02009191 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009192
9193 cur_arg = 1;
9194
9195 if (!*args[cur_arg] ||
9196 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
9197 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument.\n",
9198 file, linenum, args[0]);
9199 goto out_err;
9200 }
9201
9202 LIST_INIT(&rule->arg.map.key);
9203 proxy->conf.args.ctx = ARGC_HRS;
9204 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
9205 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9206 file, linenum);
9207 free(proxy->conf.lfs_file);
9208 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9209 proxy->conf.lfs_line = proxy->conf.args.line;
9210 cur_arg += 1;
9211 } else if (strncmp(args[0], "del-map", 7) == 0) {
9212 /* http-response del-map(<reference (map name)>) <key pattern> */
9213 rule->action = HTTP_RES_ACT_DEL_MAP;
9214 /*
9215 * '+ 8' for 'del-map('
9216 * '- 9' for 'del-map(' + trailing ')'
9217 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02009218 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009219
9220 cur_arg = 1;
9221
9222 if (!*args[cur_arg] ||
9223 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
9224 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument.\n",
9225 file, linenum, args[0]);
9226 goto out_err;
9227 }
9228
9229 LIST_INIT(&rule->arg.map.key);
9230 proxy->conf.args.ctx = ARGC_HRS;
9231 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
9232 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9233 file, linenum);
9234 free(proxy->conf.lfs_file);
9235 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9236 proxy->conf.lfs_line = proxy->conf.args.line;
9237 cur_arg += 1;
9238 } else if (strncmp(args[0], "set-map", 7) == 0) {
9239 /* http-response set-map(<reference (map name)>) <key pattern> <value pattern> */
9240 rule->action = HTTP_RES_ACT_SET_MAP;
9241 /*
9242 * '+ 8' for 'set-map('
9243 * '- 9' for 'set-map(' + trailing ')'
9244 */
Willy Tarreau6c09c2c2014-04-25 21:38:08 +02009245 rule->arg.map.ref = my_strndup(args[0] + 8, strlen(args[0]) - 9);
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009246
9247 cur_arg = 1;
9248
9249 if (!*args[cur_arg] || !*args[cur_arg+1] ||
9250 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
9251 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 2 arguments.\n",
9252 file, linenum, args[0]);
9253 goto out_err;
9254 }
9255
9256 LIST_INIT(&rule->arg.map.key);
9257 LIST_INIT(&rule->arg.map.value);
9258
9259 proxy->conf.args.ctx = ARGC_HRS;
9260
9261 /* key pattern */
9262 parse_logformat_string(args[cur_arg], proxy, &rule->arg.map.key, LOG_OPT_HTTP,
9263 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9264 file, linenum);
9265
9266 /* value pattern */
9267 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.map.value, LOG_OPT_HTTP,
9268 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
9269 file, linenum);
9270
9271 free(proxy->conf.lfs_file);
9272 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
9273 proxy->conf.lfs_line = proxy->conf.args.line;
9274
9275 cur_arg += 2;
William Lallemand73025dd2014-04-24 14:38:37 +02009276 } else if (((custom = action_http_res_custom(args[0])) != NULL)) {
9277 char *errmsg = NULL;
9278 cur_arg = 1;
9279 /* try in the module list */
9280 if (custom->parse(args, &cur_arg, proxy, rule, &errmsg) < 0) {
9281 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-response %s' rule : %s.\n",
9282 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
9283 free(errmsg);
9284 goto out_err;
9285 }
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009286 } else {
Baptiste Assmannfabcbe02014-04-24 22:16:59 +02009287 Alert("parsing [%s:%d]: 'http-response' expects 'allow', 'deny', 'redirect', 'add-header', 'del-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', 'del-acl', 'add-acl', 'del-map', 'set-map', but got '%s'%s.\n",
Willy Tarreaue365c0b2013-06-11 16:06:12 +02009288 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
9289 goto out_err;
9290 }
9291
9292 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
9293 struct acl_cond *cond;
9294 char *errmsg = NULL;
9295
9296 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
9297 Alert("parsing [%s:%d] : error detected while parsing an 'http-response %s' condition : %s.\n",
9298 file, linenum, args[0], errmsg);
9299 free(errmsg);
9300 goto out_err;
9301 }
9302 rule->cond = cond;
9303 }
9304 else if (*args[cur_arg]) {
9305 Alert("parsing [%s:%d]: 'http-response %s' expects"
9306 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
9307 file, linenum, args[0], args[cur_arg]);
9308 goto out_err;
9309 }
9310
9311 return rule;
9312 out_err:
9313 free(rule);
9314 return NULL;
9315}
9316
Willy Tarreau4baae242012-12-27 12:00:31 +01009317/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01009318 * with <err> filled with the error message. If <use_fmt> is not null, builds a
9319 * dynamic log-format rule instead of a static string.
Willy Tarreau4baae242012-12-27 12:00:31 +01009320 */
9321struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01009322 const char **args, char **errmsg, int use_fmt)
Willy Tarreau4baae242012-12-27 12:00:31 +01009323{
9324 struct redirect_rule *rule;
9325 int cur_arg;
9326 int type = REDIRECT_TYPE_NONE;
9327 int code = 302;
9328 const char *destination = NULL;
9329 const char *cookie = NULL;
9330 int cookie_set = 0;
9331 unsigned int flags = REDIRECT_FLAG_NONE;
9332 struct acl_cond *cond = NULL;
9333
9334 cur_arg = 0;
9335 while (*(args[cur_arg])) {
9336 if (strcmp(args[cur_arg], "location") == 0) {
9337 if (!*args[cur_arg + 1])
9338 goto missing_arg;
9339
9340 type = REDIRECT_TYPE_LOCATION;
9341 cur_arg++;
9342 destination = args[cur_arg];
9343 }
9344 else if (strcmp(args[cur_arg], "prefix") == 0) {
9345 if (!*args[cur_arg + 1])
9346 goto missing_arg;
9347
9348 type = REDIRECT_TYPE_PREFIX;
9349 cur_arg++;
9350 destination = args[cur_arg];
9351 }
9352 else if (strcmp(args[cur_arg], "scheme") == 0) {
9353 if (!*args[cur_arg + 1])
9354 goto missing_arg;
9355
9356 type = REDIRECT_TYPE_SCHEME;
9357 cur_arg++;
9358 destination = args[cur_arg];
9359 }
9360 else if (strcmp(args[cur_arg], "set-cookie") == 0) {
9361 if (!*args[cur_arg + 1])
9362 goto missing_arg;
9363
9364 cur_arg++;
9365 cookie = args[cur_arg];
9366 cookie_set = 1;
9367 }
9368 else if (strcmp(args[cur_arg], "clear-cookie") == 0) {
9369 if (!*args[cur_arg + 1])
9370 goto missing_arg;
9371
9372 cur_arg++;
9373 cookie = args[cur_arg];
9374 cookie_set = 0;
9375 }
9376 else if (strcmp(args[cur_arg], "code") == 0) {
9377 if (!*args[cur_arg + 1])
9378 goto missing_arg;
9379
9380 cur_arg++;
9381 code = atol(args[cur_arg]);
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04009382 if (code < 301 || code > 308 || (code > 303 && code < 307)) {
Willy Tarreau4baae242012-12-27 12:00:31 +01009383 memprintf(errmsg,
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04009384 "'%s': unsupported HTTP code '%s' (must be one of 301, 302, 303, 307 or 308)",
Willy Tarreau4baae242012-12-27 12:00:31 +01009385 args[cur_arg - 1], args[cur_arg]);
9386 return NULL;
9387 }
9388 }
9389 else if (!strcmp(args[cur_arg],"drop-query")) {
9390 flags |= REDIRECT_FLAG_DROP_QS;
9391 }
9392 else if (!strcmp(args[cur_arg],"append-slash")) {
9393 flags |= REDIRECT_FLAG_APPEND_SLASH;
9394 }
9395 else if (strcmp(args[cur_arg], "if") == 0 ||
9396 strcmp(args[cur_arg], "unless") == 0) {
9397 cond = build_acl_cond(file, linenum, curproxy, (const char **)args + cur_arg, errmsg);
9398 if (!cond) {
9399 memprintf(errmsg, "error in condition: %s", *errmsg);
9400 return NULL;
9401 }
9402 break;
9403 }
9404 else {
9405 memprintf(errmsg,
9406 "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
9407 args[cur_arg]);
9408 return NULL;
9409 }
9410 cur_arg++;
9411 }
9412
9413 if (type == REDIRECT_TYPE_NONE) {
9414 memprintf(errmsg, "redirection type expected ('prefix', 'location', or 'scheme')");
9415 return NULL;
9416 }
9417
9418 rule = (struct redirect_rule *)calloc(1, sizeof(*rule));
9419 rule->cond = cond;
Willy Tarreau60e08382013-12-03 00:48:45 +01009420 LIST_INIT(&rule->rdr_fmt);
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01009421
9422 if (!use_fmt) {
9423 /* old-style static redirect rule */
9424 rule->rdr_str = strdup(destination);
9425 rule->rdr_len = strlen(destination);
9426 }
9427 else {
9428 /* log-format based redirect rule */
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01009429
9430 /* Parse destination. Note that in the REDIRECT_TYPE_PREFIX case,
9431 * if prefix == "/", we don't want to add anything, otherwise it
9432 * makes it hard for the user to configure a self-redirection.
9433 */
9434 proxy->conf.args.ctx = ARGC_RDR;
9435 if (!(type == REDIRECT_TYPE_PREFIX && destination[0] == '/' && destination[1] == '\0')) {
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01009436 parse_logformat_string(destination, curproxy, &rule->rdr_fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01009437 (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
9438 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01009439 free(curproxy->conf.lfs_file);
9440 curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
9441 curproxy->conf.lfs_line = curproxy->conf.args.line;
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01009442 }
9443 }
9444
Willy Tarreau4baae242012-12-27 12:00:31 +01009445 if (cookie) {
9446 /* depending on cookie_set, either we want to set the cookie, or to clear it.
9447 * a clear consists in appending "; path=/; Max-Age=0;" at the end.
9448 */
9449 rule->cookie_len = strlen(cookie);
9450 if (cookie_set) {
9451 rule->cookie_str = malloc(rule->cookie_len + 10);
9452 memcpy(rule->cookie_str, cookie, rule->cookie_len);
9453 memcpy(rule->cookie_str + rule->cookie_len, "; path=/;", 10);
9454 rule->cookie_len += 9;
9455 } else {
9456 rule->cookie_str = malloc(rule->cookie_len + 21);
9457 memcpy(rule->cookie_str, cookie, rule->cookie_len);
9458 memcpy(rule->cookie_str + rule->cookie_len, "; path=/; Max-Age=0;", 21);
9459 rule->cookie_len += 20;
9460 }
9461 }
9462 rule->type = type;
9463 rule->code = code;
9464 rule->flags = flags;
9465 LIST_INIT(&rule->list);
9466 return rule;
9467
9468 missing_arg:
9469 memprintf(errmsg, "missing argument for '%s'", args[cur_arg]);
9470 return NULL;
9471}
9472
Willy Tarreau8797c062007-05-07 00:55:35 +02009473/************************************************************************/
9474/* The code below is dedicated to ACL parsing and matching */
9475/************************************************************************/
9476
9477
Willy Tarreau14174bc2012-04-16 14:34:04 +02009478/* This function ensures that the prerequisites for an L7 fetch are ready,
9479 * which means that a request or response is ready. If some data is missing,
9480 * a parsing attempt is made. This is useful in TCP-based ACLs which are able
Willy Tarreau24e32d82012-04-23 23:55:44 +02009481 * to extract data from L7. If <req_vol> is non-null during a request prefetch,
9482 * another test is made to ensure the required information is not gone.
Willy Tarreau14174bc2012-04-16 14:34:04 +02009483 *
9484 * The function returns :
Willy Tarreau506d0502013-07-06 13:29:24 +02009485 * 0 with SMP_F_MAY_CHANGE in the sample flags if some data is missing to
9486 * decide whether or not an HTTP message is present ;
9487 * 0 if the requested data cannot be fetched or if it is certain that
9488 * we'll never have any HTTP message there ;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009489 * 1 if an HTTP message is ready
9490 */
9491static int
Willy Tarreau506d0502013-07-06 13:29:24 +02009492smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02009493 const struct arg *args, struct sample *smp, int req_vol)
Willy Tarreau14174bc2012-04-16 14:34:04 +02009494{
9495 struct http_txn *txn = l7;
9496 struct http_msg *msg = &txn->req;
9497
9498 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
9499 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
9500 */
9501
9502 if (unlikely(!s || !txn))
9503 return 0;
9504
9505 /* Check for a dependency on a request */
Willy Tarreauf853c462012-04-23 18:53:56 +02009506 smp->type = SMP_T_BOOL;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009507
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009508 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02009509 if (unlikely(!s->req))
9510 return 0;
9511
Willy Tarreauaae75e32013-03-29 12:31:49 +01009512 /* If the buffer does not leave enough free space at the end,
9513 * we must first realign it.
9514 */
9515 if (s->req->buf->p > s->req->buf->data &&
9516 s->req->buf->i + s->req->buf->p > s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)
9517 buffer_slow_realign(s->req->buf);
9518
Willy Tarreau14174bc2012-04-16 14:34:04 +02009519 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
Willy Tarreau472b1ee2013-10-14 22:41:30 +02009520 if (msg->msg_state == HTTP_MSG_ERROR)
Willy Tarreau506d0502013-07-06 13:29:24 +02009521 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009522
9523 /* Try to decode HTTP request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02009524 if (likely(msg->next < s->req->buf->i))
Willy Tarreau14174bc2012-04-16 14:34:04 +02009525 http_msg_analyzer(msg, &txn->hdr_idx);
9526
9527 /* Still no valid request ? */
9528 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02009529 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02009530 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau506d0502013-07-06 13:29:24 +02009531 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009532 }
9533 /* wait for final state */
Willy Tarreau37406352012-04-23 16:16:37 +02009534 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009535 return 0;
9536 }
9537
9538 /* OK we just got a valid HTTP request. We have some minor
9539 * preparation to perform so that further checks can rely
9540 * on HTTP tests.
9541 */
Willy Tarreauaae75e32013-03-29 12:31:49 +01009542
9543 /* If the request was parsed but was too large, we must absolutely
9544 * return an error so that it is not processed. At the moment this
9545 * cannot happen, but if the parsers are to change in the future,
9546 * we want this check to be maintained.
9547 */
9548 if (unlikely(s->req->buf->i + s->req->buf->p >
9549 s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)) {
9550 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau506d0502013-07-06 13:29:24 +02009551 smp->data.uint = 1;
Willy Tarreauaae75e32013-03-29 12:31:49 +01009552 return 1;
9553 }
9554
Willy Tarreau9b28e032012-10-12 23:49:43 +02009555 txn->meth = find_http_meth(msg->chn->buf->p, msg->sl.rq.m_l);
Willy Tarreau14174bc2012-04-16 14:34:04 +02009556 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
9557 s->flags |= SN_REDIRECTABLE;
9558
Willy Tarreau506d0502013-07-06 13:29:24 +02009559 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
9560 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009561 }
9562
Willy Tarreau506d0502013-07-06 13:29:24 +02009563 if (req_vol && txn->rsp.msg_state != HTTP_MSG_RPBEFORE) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02009564 return 0; /* data might have moved and indexes changed */
Willy Tarreau506d0502013-07-06 13:29:24 +02009565 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02009566
9567 /* otherwise everything's ready for the request */
9568 }
Willy Tarreau24e32d82012-04-23 23:55:44 +02009569 else {
9570 /* Check for a dependency on a response */
Willy Tarreau506d0502013-07-06 13:29:24 +02009571 if (txn->rsp.msg_state < HTTP_MSG_BODY) {
9572 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009573 return 0;
Willy Tarreau506d0502013-07-06 13:29:24 +02009574 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02009575 }
9576
9577 /* everything's OK */
Willy Tarreau506d0502013-07-06 13:29:24 +02009578 smp->data.uint = 1;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009579 return 1;
9580}
Willy Tarreau8797c062007-05-07 00:55:35 +02009581
Willy Tarreauc0239e02012-04-16 14:42:55 +02009582#define CHECK_HTTP_MESSAGE_FIRST() \
Willy Tarreau506d0502013-07-06 13:29:24 +02009583 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
Willy Tarreauc0239e02012-04-16 14:42:55 +02009584
Willy Tarreau24e32d82012-04-23 23:55:44 +02009585#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
Willy Tarreau506d0502013-07-06 13:29:24 +02009586 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
Willy Tarreau24e32d82012-04-23 23:55:44 +02009587
Willy Tarreau8797c062007-05-07 00:55:35 +02009588
9589/* 1. Check on METHOD
9590 * We use the pre-parsed method if it is known, and store its number as an
9591 * integer. If it is unknown, we use the pointer and the length.
9592 */
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009593static int pat_parse_meth(const char *text, struct pattern *pattern, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02009594{
9595 int len, meth;
Thierry FOURNIER0b2fe4a2013-12-06 20:33:50 +01009596 struct chunk *trash;
Willy Tarreau8797c062007-05-07 00:55:35 +02009597
Thierry FOURNIER580c32c2014-01-24 10:58:12 +01009598 len = strlen(text);
9599 meth = find_http_meth(text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02009600
9601 pattern->val.i = meth;
9602 if (meth == HTTP_METH_OTHER) {
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009603 trash = get_trash_chunk();
9604 if (trash->size < len) {
9605 memprintf(err, "no space avalaible in the buffer. expect %d, provides %d",
9606 len, trash->size);
9607 return 0;
Thierry FOURNIER0b2fe4a2013-12-06 20:33:50 +01009608 }
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009609 pattern->ptr.str = trash->str;
Willy Tarreau8797c062007-05-07 00:55:35 +02009610 pattern->len = len;
9611 }
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009612 else {
9613 pattern->ptr.str = NULL;
9614 pattern->len = 0;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009615 }
Willy Tarreau8797c062007-05-07 00:55:35 +02009616 return 1;
9617}
9618
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009619/* This function fetches the method of current HTTP request and stores
9620 * it in the global pattern struct as a chunk. There are two possibilities :
9621 * - if the method is known (not HTTP_METH_OTHER), its identifier is stored
9622 * in <len> and <ptr> is NULL ;
9623 * - if the method is unknown (HTTP_METH_OTHER), <ptr> points to the text and
9624 * <len> to its length.
Thierry FOURNIERa65b3432013-11-28 18:22:00 +01009625 * This is intended to be used with pat_match_meth() only.
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009626 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009627static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009628smp_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009629 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009630{
9631 int meth;
9632 struct http_txn *txn = l7;
9633
Willy Tarreau24e32d82012-04-23 23:55:44 +02009634 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009635
Willy Tarreau8797c062007-05-07 00:55:35 +02009636 meth = txn->meth;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009637 smp->type = SMP_T_METH;
9638 smp->data.meth.meth = meth;
Willy Tarreau8797c062007-05-07 00:55:35 +02009639 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02009640 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
9641 /* ensure the indexes are not affected */
9642 return 0;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009643 smp->flags |= SMP_F_CONST;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009644 smp->data.meth.str.len = txn->req.sl.rq.m_l;
9645 smp->data.meth.str.str = txn->req.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009646 }
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009647 smp->flags |= SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009648 return 1;
9649}
9650
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009651/* See above how the method is stored in the global pattern */
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009652static struct pattern *pat_match_meth(struct sample *smp, struct pattern_expr *expr, int fill)
Willy Tarreau8797c062007-05-07 00:55:35 +02009653{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009654 int icase;
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009655 struct pattern_list *lst;
9656 struct pattern *pattern;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009657
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009658 list_for_each_entry(lst, &expr->patterns, list) {
9659 pattern = &lst->pat;
Willy Tarreau8797c062007-05-07 00:55:35 +02009660
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009661 /* well-known method */
9662 if (pattern->val.i != HTTP_METH_OTHER) {
9663 if (smp->data.meth.meth == pattern->val.i)
9664 return pattern;
9665 else
9666 continue;
9667 }
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009668
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009669 /* Other method, we must compare the strings */
9670 if (pattern->len != smp->data.meth.str.len)
9671 continue;
9672
9673 icase = pattern->flags & PAT_F_IGNORE_CASE;
9674 if ((icase && strncasecmp(pattern->ptr.str, smp->data.meth.str.str, smp->data.meth.str.len) != 0) ||
9675 (!icase && strncmp(pattern->ptr.str, smp->data.meth.str.str, smp->data.meth.str.len) != 0))
9676 return pattern;
9677 }
9678 return NULL;
Willy Tarreau8797c062007-05-07 00:55:35 +02009679}
9680
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009681static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009682smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009683 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009684{
9685 struct http_txn *txn = l7;
9686 char *ptr;
9687 int len;
9688
Willy Tarreauc0239e02012-04-16 14:42:55 +02009689 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009690
Willy Tarreau8797c062007-05-07 00:55:35 +02009691 len = txn->req.sl.rq.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009692 ptr = txn->req.chn->buf->p + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02009693
9694 while ((len-- > 0) && (*ptr++ != '/'));
9695 if (len <= 0)
9696 return 0;
9697
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009698 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009699 smp->data.str.str = ptr;
9700 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009701
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009702 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009703 return 1;
9704}
9705
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009706static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009707smp_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009708 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009709{
9710 struct http_txn *txn = l7;
9711 char *ptr;
9712 int len;
9713
Willy Tarreauc0239e02012-04-16 14:42:55 +02009714 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009715
Willy Tarreauf26b2522012-12-14 08:33:14 +01009716 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9717 return 0;
9718
Willy Tarreau8797c062007-05-07 00:55:35 +02009719 len = txn->rsp.sl.st.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009720 ptr = txn->rsp.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009721
9722 while ((len-- > 0) && (*ptr++ != '/'));
9723 if (len <= 0)
9724 return 0;
9725
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009726 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009727 smp->data.str.str = ptr;
9728 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009729
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009730 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009731 return 1;
9732}
9733
9734/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009735static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009736smp_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009737 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009738{
9739 struct http_txn *txn = l7;
9740 char *ptr;
9741 int len;
9742
Willy Tarreauc0239e02012-04-16 14:42:55 +02009743 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009744
Willy Tarreauf26b2522012-12-14 08:33:14 +01009745 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9746 return 0;
9747
Willy Tarreau8797c062007-05-07 00:55:35 +02009748 len = txn->rsp.sl.st.c_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009749 ptr = txn->rsp.chn->buf->p + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02009750
Willy Tarreauf853c462012-04-23 18:53:56 +02009751 smp->type = SMP_T_UINT;
9752 smp->data.uint = __strl2ui(ptr, len);
Willy Tarreau37406352012-04-23 16:16:37 +02009753 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009754 return 1;
9755}
9756
9757/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009758static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009759smp_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009760 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009761{
9762 struct http_txn *txn = l7;
9763
Willy Tarreauc0239e02012-04-16 14:42:55 +02009764 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009765
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009766 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009767 smp->data.str.len = txn->req.sl.rq.u_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009768 smp->data.str.str = txn->req.chn->buf->p + txn->req.sl.rq.u;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009769 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009770 return 1;
9771}
9772
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009773static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009774smp_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009775 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009776{
9777 struct http_txn *txn = l7;
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009778 struct sockaddr_storage addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009779
Willy Tarreauc0239e02012-04-16 14:42:55 +02009780 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009781
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01009782 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &addr, NULL);
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009783 if (((struct sockaddr_in *)&addr)->sin_family != AF_INET)
Willy Tarreauf4362b32011-12-16 17:49:52 +01009784 return 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009785
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009786 smp->type = SMP_T_IPV4;
9787 smp->data.ipv4 = ((struct sockaddr_in *)&addr)->sin_addr;
Willy Tarreau37406352012-04-23 16:16:37 +02009788 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009789 return 1;
9790}
9791
9792static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009793smp_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009794 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009795{
9796 struct http_txn *txn = l7;
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009797 struct sockaddr_storage addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009798
Willy Tarreauc0239e02012-04-16 14:42:55 +02009799 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009800
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01009801 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &addr, NULL);
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009802 if (((struct sockaddr_in *)&addr)->sin_family != AF_INET)
9803 return 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009804
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009805 smp->type = SMP_T_UINT;
9806 smp->data.uint = ntohs(((struct sockaddr_in *)&addr)->sin_port);
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009807 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009808 return 1;
9809}
9810
Willy Tarreau185b5c42012-04-26 15:11:51 +02009811/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9812 * Accepts an optional argument of type string containing the header field name,
9813 * and an optional argument of type signed or unsigned integer to request an
9814 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009815 * headers are considered from the first one. It does not stop on commas and
9816 * returns full lines instead (useful for User-Agent or Date for example).
9817 */
9818static int
9819smp_fetch_fhdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009820 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009821{
9822 struct http_txn *txn = l7;
9823 struct hdr_idx *idx = &txn->hdr_idx;
9824 struct hdr_ctx *ctx = smp->ctx.a[0];
9825 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9826 int occ = 0;
9827 const char *name_str = NULL;
9828 int name_len = 0;
9829
9830 if (!ctx) {
9831 /* first call */
9832 ctx = &static_hdr_ctx;
9833 ctx->idx = 0;
9834 smp->ctx.a[0] = ctx;
9835 }
9836
9837 if (args) {
9838 if (args[0].type != ARGT_STR)
9839 return 0;
9840 name_str = args[0].data.str.str;
9841 name_len = args[0].data.str.len;
9842
9843 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9844 occ = args[1].data.uint;
9845 }
9846
9847 CHECK_HTTP_MESSAGE_FIRST();
9848
9849 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
9850 /* search for header from the beginning */
9851 ctx->idx = 0;
9852
9853 if (!occ && !(opt & SMP_OPT_ITERATE))
9854 /* no explicit occurrence and single fetch => last header by default */
9855 occ = -1;
9856
9857 if (!occ)
9858 /* prepare to report multiple occurrences for ACL fetches */
9859 smp->flags |= SMP_F_NOT_LAST;
9860
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009861 smp->type = SMP_T_STR;
9862 smp->flags |= SMP_F_VOL_HDR | SMP_F_CONST;
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009863 if (http_get_fhdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
9864 return 1;
9865
9866 smp->flags &= ~SMP_F_NOT_LAST;
9867 return 0;
9868}
9869
9870/* 6. Check on HTTP header count. The number of occurrences is returned.
9871 * Accepts exactly 1 argument of type string. It does not stop on commas and
9872 * returns full lines instead (useful for User-Agent or Date for example).
9873 */
9874static int
9875smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009876 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009877{
9878 struct http_txn *txn = l7;
9879 struct hdr_idx *idx = &txn->hdr_idx;
9880 struct hdr_ctx ctx;
9881 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9882 int cnt;
9883
9884 if (!args || args->type != ARGT_STR)
9885 return 0;
9886
9887 CHECK_HTTP_MESSAGE_FIRST();
9888
9889 ctx.idx = 0;
9890 cnt = 0;
9891 while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
9892 cnt++;
9893
9894 smp->type = SMP_T_UINT;
9895 smp->data.uint = cnt;
9896 smp->flags = SMP_F_VOL_HDR;
9897 return 1;
9898}
9899
9900/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9901 * Accepts an optional argument of type string containing the header field name,
9902 * and an optional argument of type signed or unsigned integer to request an
9903 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau185b5c42012-04-26 15:11:51 +02009904 * headers are considered from the first one.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009905 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02009906static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009907smp_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009908 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009909{
9910 struct http_txn *txn = l7;
9911 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009912 struct hdr_ctx *ctx = smp->ctx.a[0];
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009913 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009914 int occ = 0;
9915 const char *name_str = NULL;
9916 int name_len = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009917
Willy Tarreaua890d072013-04-02 12:01:06 +02009918 if (!ctx) {
9919 /* first call */
9920 ctx = &static_hdr_ctx;
9921 ctx->idx = 0;
Willy Tarreauffb6f082013-04-02 23:16:53 +02009922 smp->ctx.a[0] = ctx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009923 }
9924
Willy Tarreau185b5c42012-04-26 15:11:51 +02009925 if (args) {
9926 if (args[0].type != ARGT_STR)
9927 return 0;
9928 name_str = args[0].data.str.str;
9929 name_len = args[0].data.str.len;
9930
9931 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9932 occ = args[1].data.uint;
9933 }
Willy Tarreau34db1082012-04-19 17:16:54 +02009934
Willy Tarreaue333ec92012-04-16 16:26:40 +02009935 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau33a7e692007-06-10 19:45:56 +02009936
Willy Tarreau185b5c42012-04-26 15:11:51 +02009937 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009938 /* search for header from the beginning */
9939 ctx->idx = 0;
9940
Willy Tarreau185b5c42012-04-26 15:11:51 +02009941 if (!occ && !(opt & SMP_OPT_ITERATE))
9942 /* no explicit occurrence and single fetch => last header by default */
9943 occ = -1;
9944
9945 if (!occ)
9946 /* prepare to report multiple occurrences for ACL fetches */
Willy Tarreau37406352012-04-23 16:16:37 +02009947 smp->flags |= SMP_F_NOT_LAST;
Willy Tarreau664092c2011-12-16 19:11:42 +01009948
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009949 smp->type = SMP_T_STR;
9950 smp->flags |= SMP_F_VOL_HDR | SMP_F_CONST;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009951 if (http_get_hdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009952 return 1;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009953
Willy Tarreau37406352012-04-23 16:16:37 +02009954 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009955 return 0;
9956}
9957
Willy Tarreauc11416f2007-06-17 16:58:38 +02009958/* 6. Check on HTTP header count. The number of occurrences is returned.
Willy Tarreau34db1082012-04-19 17:16:54 +02009959 * Accepts exactly 1 argument of type string.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009960 */
9961static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009962smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009963 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009964{
9965 struct http_txn *txn = l7;
9966 struct hdr_idx *idx = &txn->hdr_idx;
9967 struct hdr_ctx ctx;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009968 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009969 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02009970
Willy Tarreau24e32d82012-04-23 23:55:44 +02009971 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009972 return 0;
9973
Willy Tarreaue333ec92012-04-16 16:26:40 +02009974 CHECK_HTTP_MESSAGE_FIRST();
9975
Willy Tarreau33a7e692007-06-10 19:45:56 +02009976 ctx.idx = 0;
9977 cnt = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009978 while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009979 cnt++;
9980
Willy Tarreauf853c462012-04-23 18:53:56 +02009981 smp->type = SMP_T_UINT;
9982 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009983 smp->flags = SMP_F_VOL_HDR;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009984 return 1;
9985}
9986
Willy Tarreau185b5c42012-04-26 15:11:51 +02009987/* Fetch an HTTP header's integer value. The integer value is returned. It
9988 * takes a mandatory argument of type string and an optional one of type int
9989 * to designate a specific occurrence. It returns an unsigned integer, which
9990 * may or may not be appropriate for everything.
Willy Tarreau33a7e692007-06-10 19:45:56 +02009991 */
9992static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009993smp_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009994 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009995{
Willy Tarreauef38c392013-07-22 16:29:32 +02009996 int ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw);
Willy Tarreaue333ec92012-04-16 16:26:40 +02009997
Willy Tarreauf853c462012-04-23 18:53:56 +02009998 if (ret > 0) {
9999 smp->type = SMP_T_UINT;
10000 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10001 }
Willy Tarreau33a7e692007-06-10 19:45:56 +020010002
Willy Tarreaud53e2422012-04-16 17:21:11 +020010003 return ret;
Willy Tarreau33a7e692007-06-10 19:45:56 +020010004}
10005
Cyril Bonté69fa9922012-10-25 00:01:06 +020010006/* Fetch an HTTP header's IP value. takes a mandatory argument of type string
10007 * and an optional one of type int to designate a specific occurrence.
10008 * It returns an IPv4 or IPv6 address.
Willy Tarreau106f9792009-09-19 07:54:16 +020010009 */
10010static int
Willy Tarreau185b5c42012-04-26 15:11:51 +020010011smp_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010012 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau106f9792009-09-19 07:54:16 +020010013{
Willy Tarreaud53e2422012-04-16 17:21:11 +020010014 int ret;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010015
Willy Tarreauef38c392013-07-22 16:29:32 +020010016 while ((ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw)) > 0) {
Cyril Bonté69fa9922012-10-25 00:01:06 +020010017 if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) {
10018 smp->type = SMP_T_IPV4;
Willy Tarreaud53e2422012-04-16 17:21:11 +020010019 break;
Cyril Bonté69fa9922012-10-25 00:01:06 +020010020 } else {
Willy Tarreau47ca5452012-12-23 20:22:19 +010010021 struct chunk *temp = get_trash_chunk();
Cyril Bonté69fa9922012-10-25 00:01:06 +020010022 if (smp->data.str.len < temp->size - 1) {
10023 memcpy(temp->str, smp->data.str.str, smp->data.str.len);
10024 temp->str[smp->data.str.len] = '\0';
10025 if (inet_pton(AF_INET6, temp->str, &smp->data.ipv6)) {
10026 smp->type = SMP_T_IPV6;
10027 break;
10028 }
10029 }
10030 }
10031
Willy Tarreaud53e2422012-04-16 17:21:11 +020010032 /* if the header doesn't match an IP address, fetch next one */
Willy Tarreau185b5c42012-04-26 15:11:51 +020010033 if (!(smp->flags & SMP_F_NOT_LAST))
10034 return 0;
Willy Tarreau106f9792009-09-19 07:54:16 +020010035 }
Willy Tarreaud53e2422012-04-16 17:21:11 +020010036 return ret;
Willy Tarreau106f9792009-09-19 07:54:16 +020010037}
10038
Willy Tarreau737b0c12007-06-10 21:28:46 +020010039/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
10040 * the first '/' after the possible hostname, and ends before the possible '?'.
10041 */
10042static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +020010043smp_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010044 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau737b0c12007-06-10 21:28:46 +020010045{
10046 struct http_txn *txn = l7;
10047 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +020010048
Willy Tarreauc0239e02012-04-16 14:42:55 +020010049 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +020010050
Willy Tarreau9b28e032012-10-12 23:49:43 +020010051 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +010010052 ptr = http_get_path(txn);
10053 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +020010054 return 0;
10055
10056 /* OK, we got the '/' ! */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010057 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +020010058 smp->data.str.str = ptr;
Willy Tarreau737b0c12007-06-10 21:28:46 +020010059
10060 while (ptr < end && *ptr != '?')
10061 ptr++;
10062
Willy Tarreauf853c462012-04-23 18:53:56 +020010063 smp->data.str.len = ptr - smp->data.str.str;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010064 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau737b0c12007-06-10 21:28:46 +020010065 return 1;
10066}
10067
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010068/* This produces a concatenation of the first occurrence of the Host header
10069 * followed by the path component if it begins with a slash ('/'). This means
10070 * that '*' will not be added, resulting in exactly the first Host entry.
10071 * If no Host header is found, then the path is returned as-is. The returned
10072 * value is stored in the trash so it does not need to be marked constant.
Willy Tarreaub169eba2013-12-16 15:14:43 +010010073 * The returned sample is of type string.
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010074 */
10075static int
10076smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010077 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010078{
10079 struct http_txn *txn = l7;
10080 char *ptr, *end, *beg;
10081 struct hdr_ctx ctx;
10082
10083 CHECK_HTTP_MESSAGE_FIRST();
10084
10085 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +020010086 if (!http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx) || !ctx.vlen)
Willy Tarreauef38c392013-07-22 16:29:32 +020010087 return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010088
10089 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
Willy Tarreau19d14ef2012-10-29 16:51:55 +010010090 memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010091 smp->type = SMP_T_STR;
Willy Tarreau19d14ef2012-10-29 16:51:55 +010010092 smp->data.str.str = trash.str;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010093 smp->data.str.len = ctx.vlen;
10094
10095 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +020010096 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010097 beg = http_get_path(txn);
10098 if (!beg)
10099 beg = end;
10100
10101 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
10102
10103 if (beg < ptr && *beg == '/') {
10104 memcpy(smp->data.str.str + smp->data.str.len, beg, ptr - beg);
10105 smp->data.str.len += ptr - beg;
10106 }
10107
10108 smp->flags = SMP_F_VOL_1ST;
10109 return 1;
10110}
10111
Willy Tarreauab1f7b72012-12-09 13:38:54 +010010112/* This produces a 32-bit hash of the concatenation of the first occurrence of
10113 * the Host header followed by the path component if it begins with a slash ('/').
10114 * This means that '*' will not be added, resulting in exactly the first Host
10115 * entry. If no Host header is found, then the path is used. The resulting value
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010116 * is hashed using the path hash followed by a full avalanche hash and provides a
10117 * 32-bit integer value. This fetch is useful for tracking per-path activity on
Willy Tarreauab1f7b72012-12-09 13:38:54 +010010118 * high-traffic sites without having to store whole paths.
10119 */
10120static int
10121smp_fetch_base32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010122 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreauab1f7b72012-12-09 13:38:54 +010010123{
10124 struct http_txn *txn = l7;
10125 struct hdr_ctx ctx;
10126 unsigned int hash = 0;
10127 char *ptr, *beg, *end;
10128 int len;
10129
10130 CHECK_HTTP_MESSAGE_FIRST();
10131
10132 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +020010133 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreauab1f7b72012-12-09 13:38:54 +010010134 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
10135 ptr = ctx.line + ctx.val;
10136 len = ctx.vlen;
10137 while (len--)
10138 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
10139 }
10140
10141 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +020010142 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreauab1f7b72012-12-09 13:38:54 +010010143 beg = http_get_path(txn);
10144 if (!beg)
10145 beg = end;
10146
10147 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
10148
10149 if (beg < ptr && *beg == '/') {
10150 while (beg < ptr)
10151 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
10152 }
10153 hash = full_hash(hash);
10154
10155 smp->type = SMP_T_UINT;
10156 smp->data.uint = hash;
10157 smp->flags = SMP_F_VOL_1ST;
10158 return 1;
10159}
10160
Willy Tarreau4a550602012-12-09 14:53:32 +010010161/* This concatenates the source address with the 32-bit hash of the Host and
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010162 * path as returned by smp_fetch_base32(). The idea is to have per-source and
10163 * per-path counters. The result is a binary block from 8 to 20 bytes depending
10164 * on the source address length. The path hash is stored before the address so
Willy Tarreau4a550602012-12-09 14:53:32 +010010165 * that in environments where IPv6 is insignificant, truncating the output to
10166 * 8 bytes would still work.
10167 */
10168static int
10169smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010170 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a550602012-12-09 14:53:32 +010010171{
Willy Tarreau47ca5452012-12-23 20:22:19 +010010172 struct chunk *temp;
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010173 struct connection *cli_conn = objt_conn(l4->si[0].end);
10174
10175 if (!cli_conn)
10176 return 0;
Willy Tarreau4a550602012-12-09 14:53:32 +010010177
Willy Tarreauef38c392013-07-22 16:29:32 +020010178 if (!smp_fetch_base32(px, l4, l7, opt, args, smp, kw))
Willy Tarreau4a550602012-12-09 14:53:32 +010010179 return 0;
10180
Willy Tarreau47ca5452012-12-23 20:22:19 +010010181 temp = get_trash_chunk();
Willy Tarreau4a550602012-12-09 14:53:32 +010010182 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
10183 temp->len += sizeof(smp->data.uint);
10184
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010185 switch (cli_conn->addr.from.ss_family) {
Willy Tarreau4a550602012-12-09 14:53:32 +010010186 case AF_INET:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010187 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr, 4);
Willy Tarreau4a550602012-12-09 14:53:32 +010010188 temp->len += 4;
10189 break;
10190 case AF_INET6:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010191 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, 16);
Willy Tarreau4a550602012-12-09 14:53:32 +010010192 temp->len += 16;
10193 break;
10194 default:
10195 return 0;
10196 }
10197
10198 smp->data.str = *temp;
10199 smp->type = SMP_T_BIN;
10200 return 1;
10201}
10202
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010203static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010204smp_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010205 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010206{
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010207 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
10208 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
10209 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010210
Willy Tarreau24e32d82012-04-23 23:55:44 +020010211 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010212
Willy Tarreauf853c462012-04-23 18:53:56 +020010213 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +020010214 smp->data.uint = 1;
Willy Tarreau2492d5b2009-07-11 00:06:00 +020010215 return 1;
10216}
10217
Willy Tarreau7f18e522010-10-22 20:04:13 +020010218/* return a valid test if the current request is the first one on the connection */
10219static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010220smp_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010221 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7f18e522010-10-22 20:04:13 +020010222{
10223 if (!s)
10224 return 0;
10225
Willy Tarreauf853c462012-04-23 18:53:56 +020010226 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +020010227 smp->data.uint = !(s->txn.flags & TX_NOT_FIRST);
Willy Tarreau7f18e522010-10-22 20:04:13 +020010228 return 1;
10229}
10230
Willy Tarreau34db1082012-04-19 17:16:54 +020010231/* Accepts exactly 1 argument of type userlist */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010010232static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010233smp_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010234 const struct arg *args, struct sample *smp, const char *kw)
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010010235{
10236
Willy Tarreau24e32d82012-04-23 23:55:44 +020010237 if (!args || args->type != ARGT_USR)
Willy Tarreau34db1082012-04-19 17:16:54 +020010238 return 0;
10239
Willy Tarreauc0239e02012-04-16 14:42:55 +020010240 CHECK_HTTP_MESSAGE_FIRST();
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010010241
Willy Tarreauc0239e02012-04-16 14:42:55 +020010242 if (!get_http_auth(l4))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010010243 return 0;
10244
Willy Tarreauf853c462012-04-23 18:53:56 +020010245 smp->type = SMP_T_BOOL;
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +010010246 smp->data.uint = check_user(args->data.usr, l4->txn.auth.user, l4->txn.auth.pass);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010010247 return 1;
10248}
Willy Tarreau8797c062007-05-07 00:55:35 +020010249
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +020010250/* Accepts exactly 1 argument of type userlist */
10251static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010252smp_fetch_http_auth_grp(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010253 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +020010254{
10255
10256 if (!args || args->type != ARGT_USR)
10257 return 0;
10258
10259 CHECK_HTTP_MESSAGE_FIRST();
10260
10261 if (!get_http_auth(l4))
10262 return 0;
10263
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +020010264 /* if the user does not belong to the userlist or has a wrong password,
10265 * report that it unconditionally does not match. Otherwise we return
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +010010266 * a string containing the username.
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +020010267 */
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +010010268 if (!check_user(args->data.usr, l4->txn.auth.user, l4->txn.auth.pass))
10269 return 0;
10270
10271 /* pat_match_auth() will need the user list */
10272 smp->ctx.a[0] = args->data.usr;
10273
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010274 smp->type = SMP_T_STR;
10275 smp->flags = SMP_F_CONST;
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +010010276 smp->data.str.str = l4->txn.auth.user;
10277 smp->data.str.len = strlen(l4->txn.auth.user);
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +020010278
10279 return 1;
10280}
10281
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010282/* Try to find the next occurrence of a cookie name in a cookie header value.
10283 * The lookup begins at <hdr>. The pointer and size of the next occurrence of
10284 * the cookie value is returned into *value and *value_l, and the function
10285 * returns a pointer to the next pointer to search from if the value was found.
10286 * Otherwise if the cookie was not found, NULL is returned and neither value
10287 * nor value_l are touched. The input <hdr> string should first point to the
10288 * header's value, and the <hdr_end> pointer must point to the first character
10289 * not part of the value. <list> must be non-zero if value may represent a list
10290 * of values (cookie headers). This makes it faster to abort parsing when no
10291 * list is expected.
10292 */
10293static char *
10294extract_cookie_value(char *hdr, const char *hdr_end,
10295 char *cookie_name, size_t cookie_name_l, int list,
Willy Tarreau3fb818c2012-04-11 17:21:08 +020010296 char **value, int *value_l)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010297{
10298 char *equal, *att_end, *att_beg, *val_beg, *val_end;
10299 char *next;
10300
10301 /* we search at least a cookie name followed by an equal, and more
10302 * generally something like this :
10303 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
10304 */
10305 for (att_beg = hdr; att_beg + cookie_name_l + 1 < hdr_end; att_beg = next + 1) {
10306 /* Iterate through all cookies on this line */
10307
10308 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
10309 att_beg++;
10310
10311 /* find att_end : this is the first character after the last non
10312 * space before the equal. It may be equal to hdr_end.
10313 */
10314 equal = att_end = att_beg;
10315
10316 while (equal < hdr_end) {
10317 if (*equal == '=' || *equal == ';' || (list && *equal == ','))
10318 break;
10319 if (http_is_spht[(unsigned char)*equal++])
10320 continue;
10321 att_end = equal;
10322 }
10323
10324 /* here, <equal> points to '=', a delimitor or the end. <att_end>
10325 * is between <att_beg> and <equal>, both may be identical.
10326 */
10327
10328 /* look for end of cookie if there is an equal sign */
10329 if (equal < hdr_end && *equal == '=') {
10330 /* look for the beginning of the value */
10331 val_beg = equal + 1;
10332 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
10333 val_beg++;
10334
10335 /* find the end of the value, respecting quotes */
10336 next = find_cookie_value_end(val_beg, hdr_end);
10337
10338 /* make val_end point to the first white space or delimitor after the value */
10339 val_end = next;
10340 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
10341 val_end--;
10342 } else {
10343 val_beg = val_end = next = equal;
10344 }
10345
10346 /* We have nothing to do with attributes beginning with '$'. However,
10347 * they will automatically be removed if a header before them is removed,
10348 * since they're supposed to be linked together.
10349 */
10350 if (*att_beg == '$')
10351 continue;
10352
10353 /* Ignore cookies with no equal sign */
10354 if (equal == next)
10355 continue;
10356
10357 /* Now we have the cookie name between att_beg and att_end, and
10358 * its value between val_beg and val_end.
10359 */
10360
10361 if (att_end - att_beg == cookie_name_l &&
10362 memcmp(att_beg, cookie_name, cookie_name_l) == 0) {
10363 /* let's return this value and indicate where to go on from */
10364 *value = val_beg;
10365 *value_l = val_end - val_beg;
10366 return next + 1;
10367 }
10368
10369 /* Set-Cookie headers only have the name in the first attr=value part */
10370 if (!list)
10371 break;
10372 }
10373
10374 return NULL;
10375}
10376
William Lallemanda43ba4e2014-01-28 18:14:25 +010010377/* Fetch a captured HTTP request header. The index is the position of
10378 * the "capture" option in the configuration file
10379 */
10380static int
10381smp_fetch_capture_header_req(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10382 const struct arg *args, struct sample *smp, const char *kw)
10383{
10384 struct proxy *fe = l4->fe;
10385 struct http_txn *txn = l7;
10386 int idx;
10387
10388 if (!args || args->type != ARGT_UINT)
10389 return 0;
10390
10391 idx = args->data.uint;
10392
10393 if (idx > (fe->nb_req_cap - 1) || txn->req.cap == NULL || txn->req.cap[idx] == NULL)
10394 return 0;
10395
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010396 smp->type = SMP_T_STR;
10397 smp->flags |= SMP_F_CONST;
William Lallemanda43ba4e2014-01-28 18:14:25 +010010398 smp->data.str.str = txn->req.cap[idx];
10399 smp->data.str.len = strlen(txn->req.cap[idx]);
10400
10401 return 1;
10402}
10403
10404/* Fetch a captured HTTP response header. The index is the position of
10405 * the "capture" option in the configuration file
10406 */
10407static int
10408smp_fetch_capture_header_res(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10409 const struct arg *args, struct sample *smp, const char *kw)
10410{
10411 struct proxy *fe = l4->fe;
10412 struct http_txn *txn = l7;
10413 int idx;
10414
10415 if (!args || args->type != ARGT_UINT)
10416 return 0;
10417
10418 idx = args->data.uint;
10419
10420 if (idx > (fe->nb_rsp_cap - 1) || txn->rsp.cap == NULL || txn->rsp.cap[idx] == NULL)
10421 return 0;
10422
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010423 smp->type = SMP_T_STR;
10424 smp->flags |= SMP_F_CONST;
William Lallemanda43ba4e2014-01-28 18:14:25 +010010425 smp->data.str.str = txn->rsp.cap[idx];
10426 smp->data.str.len = strlen(txn->rsp.cap[idx]);
10427
10428 return 1;
10429}
10430
William Lallemand65ad6e12014-01-31 15:08:02 +010010431/* Extracts the METHOD in the HTTP request, the txn->uri should be filled before the call */
10432static int
10433smp_fetch_capture_req_method(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10434 const struct arg *args, struct sample *smp, const char *kw)
10435{
10436 struct chunk *temp;
10437 struct http_txn *txn = l7;
William Lallemand96a77852014-02-05 00:30:02 +010010438 char *ptr;
William Lallemand65ad6e12014-01-31 15:08:02 +010010439
10440 if (!txn->uri)
10441 return 0;
10442
William Lallemand96a77852014-02-05 00:30:02 +010010443 ptr = txn->uri;
William Lallemand65ad6e12014-01-31 15:08:02 +010010444
William Lallemand96a77852014-02-05 00:30:02 +010010445 while (*ptr != ' ' && *ptr != '\0') /* find first space */
10446 ptr++;
William Lallemand65ad6e12014-01-31 15:08:02 +010010447
William Lallemand96a77852014-02-05 00:30:02 +010010448 temp = get_trash_chunk();
10449 temp->str = txn->uri;
10450 temp->len = ptr - txn->uri;
William Lallemand65ad6e12014-01-31 15:08:02 +010010451 smp->data.str = *temp;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010452 smp->type = SMP_T_STR;
10453 smp->flags = SMP_F_CONST;
William Lallemand65ad6e12014-01-31 15:08:02 +010010454
10455 return 1;
10456
10457}
10458
10459/* Extracts the path in the HTTP request, the txn->uri should be filled before the call */
10460static int
10461smp_fetch_capture_req_uri(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10462 const struct arg *args, struct sample *smp, const char *kw)
10463{
10464 struct chunk *temp;
10465 struct http_txn *txn = l7;
10466 char *ptr;
William Lallemand65ad6e12014-01-31 15:08:02 +010010467
10468 if (!txn->uri)
10469 return 0;
William Lallemand96a77852014-02-05 00:30:02 +010010470
William Lallemand65ad6e12014-01-31 15:08:02 +010010471 ptr = txn->uri;
10472
10473 while (*ptr != ' ' && *ptr != '\0') /* find first space */
10474 ptr++;
William Lallemand96a77852014-02-05 00:30:02 +010010475
William Lallemand65ad6e12014-01-31 15:08:02 +010010476 if (!*ptr)
10477 return 0;
10478
10479 ptr++; /* skip the space */
10480
10481 temp = get_trash_chunk();
William Lallemand96a77852014-02-05 00:30:02 +010010482 ptr = temp->str = http_get_path_from_string(ptr);
William Lallemand65ad6e12014-01-31 15:08:02 +010010483 if (!ptr)
10484 return 0;
10485 while (*ptr != ' ' && *ptr != '\0') /* find space after URI */
10486 ptr++;
William Lallemand65ad6e12014-01-31 15:08:02 +010010487
10488 smp->data.str = *temp;
William Lallemand96a77852014-02-05 00:30:02 +010010489 smp->data.str.len = ptr - temp->str;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010490 smp->type = SMP_T_STR;
10491 smp->flags = SMP_F_CONST;
William Lallemand65ad6e12014-01-31 15:08:02 +010010492
10493 return 1;
10494}
10495
Willy Tarreau3c1b5ec2014-04-24 23:41:57 +020010496/* Retrieves the HTTP version from the request (either 1.0 or 1.1) and emits it
10497 * as a string (either "HTTP/1.0" or "HTTP/1.1").
10498 */
10499static int
10500smp_fetch_capture_req_ver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10501 const struct arg *args, struct sample *smp, const char *kw)
10502{
10503 struct http_txn *txn = l7;
10504
10505 if (txn->req.msg_state < HTTP_MSG_HDR_FIRST)
10506 return 0;
10507
10508 if (txn->req.flags & HTTP_MSGF_VER_11)
10509 smp->data.str.str = "HTTP/1.1";
10510 else
10511 smp->data.str.str = "HTTP/1.0";
10512
10513 smp->data.str.len = 8;
10514 smp->type = SMP_T_STR;
10515 smp->flags = SMP_F_CONST;
10516 return 1;
10517
10518}
10519
10520/* Retrieves the HTTP version from the response (either 1.0 or 1.1) and emits it
10521 * as a string (either "HTTP/1.0" or "HTTP/1.1").
10522 */
10523static int
10524smp_fetch_capture_res_ver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
10525 const struct arg *args, struct sample *smp, const char *kw)
10526{
10527 struct http_txn *txn = l7;
10528
10529 if (txn->rsp.msg_state < HTTP_MSG_HDR_FIRST)
10530 return 0;
10531
10532 if (txn->rsp.flags & HTTP_MSGF_VER_11)
10533 smp->data.str.str = "HTTP/1.1";
10534 else
10535 smp->data.str.str = "HTTP/1.0";
10536
10537 smp->data.str.len = 8;
10538 smp->type = SMP_T_STR;
10539 smp->flags = SMP_F_CONST;
10540 return 1;
10541
10542}
10543
William Lallemand65ad6e12014-01-31 15:08:02 +010010544
Willy Tarreaue333ec92012-04-16 16:26:40 +020010545/* Iterate over all cookies present in a message. The context is stored in
Willy Tarreau37406352012-04-23 16:16:37 +020010546 * smp->ctx.a[0] for the in-header position, smp->ctx.a[1] for the
Willy Tarreaua890d072013-04-02 12:01:06 +020010547 * end-of-header-value, and smp->ctx.a[2] for the hdr_ctx. Depending on
Willy Tarreaue333ec92012-04-16 16:26:40 +020010548 * the direction, multiple cookies may be parsed on the same line or not.
Willy Tarreau24e32d82012-04-23 23:55:44 +020010549 * The cookie name is in args and the name length in args->data.str.len.
Willy Tarreau28376d62012-04-26 21:26:10 +020010550 * Accepts exactly 1 argument of type string. If the input options indicate
10551 * that no iterating is desired, then only last value is fetched if any.
Willy Tarreaub169eba2013-12-16 15:14:43 +010010552 * The returned sample is of type CSTR.
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010553 */
10554static int
Willy Tarreau51539362012-05-08 12:46:28 +020010555smp_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010556 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010557{
10558 struct http_txn *txn = l7;
10559 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +020010560 struct hdr_ctx *ctx = smp->ctx.a[2];
Willy Tarreaue333ec92012-04-16 16:26:40 +020010561 const struct http_msg *msg;
10562 const char *hdr_name;
10563 int hdr_name_len;
10564 char *sol;
Willy Tarreau28376d62012-04-26 21:26:10 +020010565 int occ = 0;
10566 int found = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010567
Willy Tarreau24e32d82012-04-23 23:55:44 +020010568 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +020010569 return 0;
10570
Willy Tarreaua890d072013-04-02 12:01:06 +020010571 if (!ctx) {
10572 /* first call */
10573 ctx = &static_hdr_ctx;
10574 ctx->idx = 0;
10575 smp->ctx.a[2] = ctx;
10576 }
10577
Willy Tarreaue333ec92012-04-16 16:26:40 +020010578 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010579
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010580 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +020010581 msg = &txn->req;
10582 hdr_name = "Cookie";
10583 hdr_name_len = 6;
10584 } else {
10585 msg = &txn->rsp;
10586 hdr_name = "Set-Cookie";
10587 hdr_name_len = 10;
10588 }
10589
Willy Tarreau28376d62012-04-26 21:26:10 +020010590 if (!occ && !(opt & SMP_OPT_ITERATE))
10591 /* no explicit occurrence and single fetch => last cookie by default */
10592 occ = -1;
10593
10594 /* OK so basically here, either we want only one value and it's the
10595 * last one, or we want to iterate over all of them and we fetch the
10596 * next one.
10597 */
10598
Willy Tarreau9b28e032012-10-12 23:49:43 +020010599 sol = msg->chn->buf->p;
Willy Tarreau37406352012-04-23 16:16:37 +020010600 if (!(smp->flags & SMP_F_NOT_LAST)) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010601 /* search for the header from the beginning, we must first initialize
10602 * the search parameters.
10603 */
Willy Tarreau37406352012-04-23 16:16:37 +020010604 smp->ctx.a[0] = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010605 ctx->idx = 0;
10606 }
10607
Willy Tarreau28376d62012-04-26 21:26:10 +020010608 smp->flags |= SMP_F_VOL_HDR;
10609
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010610 while (1) {
Willy Tarreau37406352012-04-23 16:16:37 +020010611 /* Note: smp->ctx.a[0] == NULL every time we need to fetch a new header */
10612 if (!smp->ctx.a[0]) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010613 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, ctx))
10614 goto out;
10615
Willy Tarreau24e32d82012-04-23 23:55:44 +020010616 if (ctx->vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010617 continue;
10618
Willy Tarreau37406352012-04-23 16:16:37 +020010619 smp->ctx.a[0] = ctx->line + ctx->val;
10620 smp->ctx.a[1] = smp->ctx.a[0] + ctx->vlen;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010621 }
10622
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010623 smp->type = SMP_T_STR;
10624 smp->flags |= SMP_F_CONST;
Willy Tarreau37406352012-04-23 16:16:37 +020010625 smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
Willy Tarreau24e32d82012-04-23 23:55:44 +020010626 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010627 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +020010628 &smp->data.str.str,
10629 &smp->data.str.len);
Willy Tarreau37406352012-04-23 16:16:37 +020010630 if (smp->ctx.a[0]) {
Willy Tarreau28376d62012-04-26 21:26:10 +020010631 found = 1;
10632 if (occ >= 0) {
10633 /* one value was returned into smp->data.str.{str,len} */
10634 smp->flags |= SMP_F_NOT_LAST;
10635 return 1;
10636 }
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010637 }
Willy Tarreau28376d62012-04-26 21:26:10 +020010638 /* if we're looking for last occurrence, let's loop */
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010639 }
Willy Tarreau28376d62012-04-26 21:26:10 +020010640 /* all cookie headers and values were scanned. If we're looking for the
10641 * last occurrence, we may return it now.
10642 */
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010643 out:
Willy Tarreau37406352012-04-23 16:16:37 +020010644 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau28376d62012-04-26 21:26:10 +020010645 return found;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010646}
10647
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010648/* Iterate over all cookies present in a request to count how many occurrences
Willy Tarreau24e32d82012-04-23 23:55:44 +020010649 * match the name in args and args->data.str.len. If <multi> is non-null, then
Willy Tarreaub169eba2013-12-16 15:14:43 +010010650 * multiple cookies may be parsed on the same line. The returned sample is of
10651 * type UINT. Accepts exactly 1 argument of type string.
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010652 */
10653static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010654smp_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010655 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010656{
10657 struct http_txn *txn = l7;
10658 struct hdr_idx *idx = &txn->hdr_idx;
10659 struct hdr_ctx ctx;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010660 const struct http_msg *msg;
10661 const char *hdr_name;
10662 int hdr_name_len;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010663 int cnt;
10664 char *val_beg, *val_end;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010665 char *sol;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010666
Willy Tarreau24e32d82012-04-23 23:55:44 +020010667 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +020010668 return 0;
10669
Willy Tarreaue333ec92012-04-16 16:26:40 +020010670 CHECK_HTTP_MESSAGE_FIRST();
10671
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010672 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +020010673 msg = &txn->req;
10674 hdr_name = "Cookie";
10675 hdr_name_len = 6;
10676 } else {
10677 msg = &txn->rsp;
10678 hdr_name = "Set-Cookie";
10679 hdr_name_len = 10;
10680 }
10681
Willy Tarreau9b28e032012-10-12 23:49:43 +020010682 sol = msg->chn->buf->p;
Willy Tarreau46787ed2012-04-11 17:28:40 +020010683 val_end = val_beg = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010684 ctx.idx = 0;
10685 cnt = 0;
10686
10687 while (1) {
10688 /* Note: val_beg == NULL every time we need to fetch a new header */
10689 if (!val_beg) {
10690 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, &ctx))
10691 break;
10692
Willy Tarreau24e32d82012-04-23 23:55:44 +020010693 if (ctx.vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010694 continue;
10695
10696 val_beg = ctx.line + ctx.val;
10697 val_end = val_beg + ctx.vlen;
10698 }
10699
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010700 smp->type = SMP_T_STR;
10701 smp->flags |= SMP_F_CONST;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010702 while ((val_beg = extract_cookie_value(val_beg, val_end,
Willy Tarreau24e32d82012-04-23 23:55:44 +020010703 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010704 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +020010705 &smp->data.str.str,
10706 &smp->data.str.len))) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010707 cnt++;
10708 }
10709 }
10710
Willy Tarreaub169eba2013-12-16 15:14:43 +010010711 smp->type = SMP_T_UINT;
Willy Tarreauf853c462012-04-23 18:53:56 +020010712 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +020010713 smp->flags |= SMP_F_VOL_HDR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010714 return 1;
10715}
10716
Willy Tarreau51539362012-05-08 12:46:28 +020010717/* Fetch an cookie's integer value. The integer value is returned. It
10718 * takes a mandatory argument of type string. It relies on smp_fetch_cookie().
10719 */
10720static int
10721smp_fetch_cookie_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010722 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau51539362012-05-08 12:46:28 +020010723{
Willy Tarreauef38c392013-07-22 16:29:32 +020010724 int ret = smp_fetch_cookie(px, l4, l7, opt, args, smp, kw);
Willy Tarreau51539362012-05-08 12:46:28 +020010725
10726 if (ret > 0) {
10727 smp->type = SMP_T_UINT;
10728 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10729 }
10730
10731 return ret;
10732}
10733
Willy Tarreau8797c062007-05-07 00:55:35 +020010734/************************************************************************/
Willy Tarreau12785782012-04-27 21:37:17 +020010735/* The code below is dedicated to sample fetches */
Willy Tarreau4a568972010-05-12 08:08:50 +020010736/************************************************************************/
10737
David Cournapeau16023ee2010-12-23 20:55:41 +090010738/*
10739 * Given a path string and its length, find the position of beginning of the
10740 * query string. Returns NULL if no query string is found in the path.
10741 *
10742 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
10743 *
10744 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
10745 */
bedis4c75cca2012-10-05 08:38:24 +020010746static inline char *find_param_list(char *path, size_t path_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010747{
10748 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +020010749
bedis4c75cca2012-10-05 08:38:24 +020010750 p = memchr(path, delim, path_l);
David Cournapeau16023ee2010-12-23 20:55:41 +090010751 return p ? p + 1 : NULL;
10752}
10753
bedis4c75cca2012-10-05 08:38:24 +020010754static inline int is_param_delimiter(char c, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010755{
bedis4c75cca2012-10-05 08:38:24 +020010756 return c == '&' || c == ';' || c == delim;
David Cournapeau16023ee2010-12-23 20:55:41 +090010757}
10758
10759/*
10760 * Given a url parameter, find the starting position of the first occurence,
10761 * or NULL if the parameter is not found.
10762 *
10763 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
10764 * the function will return query_string+8.
10765 */
10766static char*
10767find_url_param_pos(char* query_string, size_t query_string_l,
bedis4c75cca2012-10-05 08:38:24 +020010768 char* url_param_name, size_t url_param_name_l,
10769 char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010770{
10771 char *pos, *last;
10772
10773 pos = query_string;
10774 last = query_string + query_string_l - url_param_name_l - 1;
10775
10776 while (pos <= last) {
10777 if (pos[url_param_name_l] == '=') {
10778 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
10779 return pos;
10780 pos += url_param_name_l + 1;
10781 }
bedis4c75cca2012-10-05 08:38:24 +020010782 while (pos <= last && !is_param_delimiter(*pos, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010783 pos++;
10784 pos++;
10785 }
10786 return NULL;
10787}
10788
10789/*
10790 * Given a url parameter name, returns its value and size into *value and
10791 * *value_l respectively, and returns non-zero. If the parameter is not found,
10792 * zero is returned and value/value_l are not touched.
10793 */
10794static int
10795find_url_param_value(char* path, size_t path_l,
10796 char* url_param_name, size_t url_param_name_l,
bedis4c75cca2012-10-05 08:38:24 +020010797 char** value, int* value_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010798{
10799 char *query_string, *qs_end;
10800 char *arg_start;
10801 char *value_start, *value_end;
10802
bedis4c75cca2012-10-05 08:38:24 +020010803 query_string = find_param_list(path, path_l, delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010804 if (!query_string)
10805 return 0;
10806
10807 qs_end = path + path_l;
10808 arg_start = find_url_param_pos(query_string, qs_end - query_string,
bedis4c75cca2012-10-05 08:38:24 +020010809 url_param_name, url_param_name_l,
10810 delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010811 if (!arg_start)
10812 return 0;
10813
10814 value_start = arg_start + url_param_name_l + 1;
10815 value_end = value_start;
10816
bedis4c75cca2012-10-05 08:38:24 +020010817 while ((value_end < qs_end) && !is_param_delimiter(*value_end, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010818 value_end++;
10819
10820 *value = value_start;
10821 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +010010822 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +090010823}
10824
10825static int
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010826smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010827 const struct arg *args, struct sample *smp, const char *kw)
David Cournapeau16023ee2010-12-23 20:55:41 +090010828{
bedis4c75cca2012-10-05 08:38:24 +020010829 char delim = '?';
David Cournapeau16023ee2010-12-23 20:55:41 +090010830 struct http_txn *txn = l7;
10831 struct http_msg *msg = &txn->req;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010832
bedis4c75cca2012-10-05 08:38:24 +020010833 if (!args || args[0].type != ARGT_STR ||
10834 (args[1].type && args[1].type != ARGT_STR))
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010835 return 0;
10836
10837 CHECK_HTTP_MESSAGE_FIRST();
David Cournapeau16023ee2010-12-23 20:55:41 +090010838
bedis4c75cca2012-10-05 08:38:24 +020010839 if (args[1].type)
10840 delim = *args[1].data.str.str;
10841
Willy Tarreau9b28e032012-10-12 23:49:43 +020010842 if (!find_url_param_value(msg->chn->buf->p + msg->sl.rq.u, msg->sl.rq.u_l,
bedis4c75cca2012-10-05 08:38:24 +020010843 args->data.str.str, args->data.str.len,
10844 &smp->data.str.str, &smp->data.str.len,
10845 delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010846 return 0;
10847
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010848 smp->type = SMP_T_STR;
10849 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
David Cournapeau16023ee2010-12-23 20:55:41 +090010850 return 1;
10851}
10852
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010853/* Return the signed integer value for the specified url parameter (see url_param
10854 * above).
10855 */
10856static int
10857smp_fetch_url_param_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010858 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010859{
Willy Tarreauef38c392013-07-22 16:29:32 +020010860 int ret = smp_fetch_url_param(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010861
10862 if (ret > 0) {
10863 smp->type = SMP_T_UINT;
10864 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10865 }
10866
10867 return ret;
10868}
10869
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010870/* This produces a 32-bit hash of the concatenation of the first occurrence of
10871 * the Host header followed by the path component if it begins with a slash ('/').
10872 * This means that '*' will not be added, resulting in exactly the first Host
10873 * entry. If no Host header is found, then the path is used. The resulting value
10874 * is hashed using the url hash followed by a full avalanche hash and provides a
10875 * 32-bit integer value. This fetch is useful for tracking per-URL activity on
10876 * high-traffic sites without having to store whole paths.
10877 * this differs from the base32 functions in that it includes the url parameters
10878 * as well as the path
10879 */
10880static int
10881smp_fetch_url32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010882 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010883{
10884 struct http_txn *txn = l7;
10885 struct hdr_ctx ctx;
10886 unsigned int hash = 0;
10887 char *ptr, *beg, *end;
10888 int len;
10889
10890 CHECK_HTTP_MESSAGE_FIRST();
10891
10892 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +020010893 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010894 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
10895 ptr = ctx.line + ctx.val;
10896 len = ctx.vlen;
10897 while (len--)
10898 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
10899 }
10900
10901 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +020010902 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010903 beg = http_get_path(txn);
10904 if (!beg)
10905 beg = end;
10906
10907 for (ptr = beg; ptr < end ; ptr++);
10908
10909 if (beg < ptr && *beg == '/') {
10910 while (beg < ptr)
10911 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
10912 }
10913 hash = full_hash(hash);
10914
10915 smp->type = SMP_T_UINT;
10916 smp->data.uint = hash;
10917 smp->flags = SMP_F_VOL_1ST;
10918 return 1;
10919}
10920
10921/* This concatenates the source address with the 32-bit hash of the Host and
10922 * URL as returned by smp_fetch_base32(). The idea is to have per-source and
10923 * per-url counters. The result is a binary block from 8 to 20 bytes depending
10924 * on the source address length. The URL hash is stored before the address so
10925 * that in environments where IPv6 is insignificant, truncating the output to
10926 * 8 bytes would still work.
10927 */
10928static int
10929smp_fetch_url32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010930 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010931{
10932 struct chunk *temp;
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010933 struct connection *cli_conn = objt_conn(l4->si[0].end);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010934
Willy Tarreaue155ec22013-11-18 18:33:22 +010010935 if (!smp_fetch_url32(px, l4, l7, opt, args, smp, kw))
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010936 return 0;
10937
10938 temp = get_trash_chunk();
10939 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
10940 temp->len += sizeof(smp->data.uint);
10941
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010942 switch (cli_conn->addr.from.ss_family) {
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010943 case AF_INET:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010944 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr, 4);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010945 temp->len += 4;
10946 break;
10947 case AF_INET6:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010948 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, 16);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010949 temp->len += 16;
10950 break;
10951 default:
10952 return 0;
10953 }
10954
10955 smp->data.str = *temp;
10956 smp->type = SMP_T_BIN;
10957 return 1;
10958}
10959
Willy Tarreau185b5c42012-04-26 15:11:51 +020010960/* This function is used to validate the arguments passed to any "hdr" fetch
10961 * keyword. These keywords support an optional positive or negative occurrence
10962 * number. We must ensure that the number is greater than -MAX_HDR_HISTORY. It
10963 * is assumed that the types are already the correct ones. Returns 0 on error,
10964 * non-zero if OK. If <err> is not NULL, it will be filled with a pointer to an
10965 * error message in case of error, that the caller is responsible for freeing.
10966 * The initial location must either be freeable or NULL.
10967 */
10968static int val_hdr(struct arg *arg, char **err_msg)
10969{
10970 if (arg && arg[1].type == ARGT_SINT && arg[1].data.sint < -MAX_HDR_HISTORY) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +020010971 memprintf(err_msg, "header occurrence must be >= %d", -MAX_HDR_HISTORY);
Willy Tarreau185b5c42012-04-26 15:11:51 +020010972 return 0;
10973 }
10974 return 1;
10975}
10976
Willy Tarreau276fae92013-07-25 14:36:01 +020010977/* takes an UINT value on input supposed to represent the time since EPOCH,
10978 * adds an optional offset found in args[0] and emits a string representing
10979 * the date in RFC-1123/5322 format.
10980 */
10981static int sample_conv_http_date(const struct arg *args, struct sample *smp)
10982{
10983 const char day[7][4] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
10984 const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
10985 struct chunk *temp;
10986 struct tm *tm;
10987 time_t curr_date = smp->data.uint;
10988
10989 /* add offset */
10990 if (args && (args[0].type == ARGT_SINT || args[0].type == ARGT_UINT))
10991 curr_date += args[0].data.sint;
10992
10993 tm = gmtime(&curr_date);
10994
10995 temp = get_trash_chunk();
10996 temp->len = snprintf(temp->str, temp->size - temp->len,
10997 "%s, %02d %s %04d %02d:%02d:%02d GMT",
10998 day[tm->tm_wday], tm->tm_mday, mon[tm->tm_mon], 1900+tm->tm_year,
10999 tm->tm_hour, tm->tm_min, tm->tm_sec);
11000
11001 smp->data.str = *temp;
11002 smp->type = SMP_T_STR;
11003 return 1;
11004}
11005
Thierry FOURNIERad903512014-04-11 17:51:01 +020011006/* Match language range with language tag. RFC2616 14.4:
11007 *
11008 * A language-range matches a language-tag if it exactly equals
11009 * the tag, or if it exactly equals a prefix of the tag such
11010 * that the first tag character following the prefix is "-".
11011 *
11012 * Return 1 if the strings match, else return 0.
11013 */
11014static inline int language_range_match(const char *range, int range_len,
11015 const char *tag, int tag_len)
11016{
11017 const char *end = range + range_len;
11018 const char *tend = tag + tag_len;
11019 while (range < end) {
11020 if (*range == '-' && tag == tend)
11021 return 1;
11022 if (*range != *tag || tag == tend)
11023 return 0;
11024 range++;
11025 tag++;
11026 }
11027 /* Return true only if the last char of the tag is matched. */
11028 return tag == tend;
11029}
11030
11031/* Arguments: The list of expected value, the number of parts returned and the separator */
11032static int sample_conv_q_prefered(const struct arg *args, struct sample *smp)
11033{
11034 const char *al = smp->data.str.str;
11035 const char *end = al + smp->data.str.len;
11036 const char *token;
11037 int toklen;
11038 int qvalue;
11039 const char *str;
11040 const char *w;
11041 int best_q = 0;
11042
11043 /* Set the constant to the sample, because the output of the
11044 * function will be peek in the constant configuration string.
11045 */
11046 smp->flags |= SMP_F_CONST;
11047 smp->data.str.size = 0;
11048 smp->data.str.str = "";
11049 smp->data.str.len = 0;
11050
11051 /* Parse the accept language */
11052 while (1) {
11053
11054 /* Jump spaces, quit if the end is detected. */
11055 while (al < end && isspace(*al))
11056 al++;
11057 if (al >= end)
11058 break;
11059
11060 /* Start of the fisrt word. */
11061 token = al;
11062
11063 /* Look for separator: isspace(), ',' or ';'. Next value if 0 length word. */
11064 while (al < end && *al != ';' && *al != ',' && !isspace(*al))
11065 al++;
11066 if (al == token)
11067 goto expect_comma;
11068
11069 /* Length of the token. */
11070 toklen = al - token;
11071 qvalue = 1000;
11072
11073 /* Check if the token exists in the list. If the token not exists,
11074 * jump to the next token.
11075 */
11076 str = args[0].data.str.str;
11077 w = str;
11078 while (1) {
11079 if (*str == ';' || *str == '\0') {
11080 if (language_range_match(token, toklen, w, str-w))
11081 goto look_for_q;
11082 if (*str == '\0')
11083 goto expect_comma;
11084 w = str + 1;
11085 }
11086 str++;
11087 }
11088 goto expect_comma;
11089
11090look_for_q:
11091
11092 /* Jump spaces, quit if the end is detected. */
11093 while (al < end && isspace(*al))
11094 al++;
11095 if (al >= end)
11096 goto process_value;
11097
11098 /* If ',' is found, process the result */
11099 if (*al == ',')
11100 goto process_value;
11101
11102 /* If the character is different from ';', look
11103 * for the end of the header part in best effort.
11104 */
11105 if (*al != ';')
11106 goto expect_comma;
11107
11108 /* Assumes that the char is ';', now expect "q=". */
11109 al++;
11110
11111 /* Jump spaces, process value if the end is detected. */
11112 while (al < end && isspace(*al))
11113 al++;
11114 if (al >= end)
11115 goto process_value;
11116
11117 /* Expect 'q'. If no 'q', continue in best effort */
11118 if (*al != 'q')
11119 goto process_value;
11120 al++;
11121
11122 /* Jump spaces, process value if the end is detected. */
11123 while (al < end && isspace(*al))
11124 al++;
11125 if (al >= end)
11126 goto process_value;
11127
11128 /* Expect '='. If no '=', continue in best effort */
11129 if (*al != '=')
11130 goto process_value;
11131 al++;
11132
11133 /* Jump spaces, process value if the end is detected. */
11134 while (al < end && isspace(*al))
11135 al++;
11136 if (al >= end)
11137 goto process_value;
11138
11139 /* Parse the q value. */
11140 qvalue = parse_qvalue(al, &al);
11141
11142process_value:
11143
11144 /* If the new q value is the best q value, then store the associated
11145 * language in the response. If qvalue is the biggest value (1000),
11146 * break the process.
11147 */
11148 if (qvalue > best_q) {
11149 smp->data.str.str = (char *)w;
11150 smp->data.str.len = str - w;
11151 if (qvalue >= 1000)
11152 break;
11153 best_q = qvalue;
11154 }
11155
11156expect_comma:
11157
11158 /* Expect comma or end. If the end is detected, quit the loop. */
11159 while (al < end && *al != ',')
11160 al++;
11161 if (al >= end)
11162 break;
11163
11164 /* Comma is found, jump it and restart the analyzer. */
11165 al++;
11166 }
11167
11168 /* Set default value if required. */
11169 if (smp->data.str.len == 0 && args[1].type == ARGT_STR) {
11170 smp->data.str.str = args[1].data.str.str;
11171 smp->data.str.len = args[1].data.str.len;
11172 }
11173
11174 /* Return true only if a matching language was found. */
11175 return smp->data.str.len != 0;
11176}
11177
William Lallemand73025dd2014-04-24 14:38:37 +020011178/*
11179 * Return the struct http_req_action_kw associated to a keyword.
11180 */
11181struct http_req_action_kw *action_http_req_custom(const char *kw)
11182{
11183 if (!LIST_ISEMPTY(&http_req_keywords.list)) {
11184 struct http_req_action_kw_list *kw_list;
11185 int i;
11186
11187 list_for_each_entry(kw_list, &http_req_keywords.list, list) {
11188 for (i = 0; kw_list->kw[i].kw != NULL; i++) {
11189 if (!strcmp(kw, kw_list->kw[i].kw))
11190 return &kw_list->kw[i];
11191 }
11192 }
11193 }
11194 return NULL;
11195}
11196
11197/*
11198 * Return the struct http_res_action_kw associated to a keyword.
11199 */
11200struct http_res_action_kw *action_http_res_custom(const char *kw)
11201{
11202 if (!LIST_ISEMPTY(&http_res_keywords.list)) {
11203 struct http_res_action_kw_list *kw_list;
11204 int i;
11205
11206 list_for_each_entry(kw_list, &http_res_keywords.list, list) {
11207 for (i = 0; kw_list->kw[i].kw != NULL; i++) {
11208 if (!strcmp(kw, kw_list->kw[i].kw))
11209 return &kw_list->kw[i];
11210 }
11211 }
11212 }
11213 return NULL;
11214}
11215
Willy Tarreau4a568972010-05-12 08:08:50 +020011216/************************************************************************/
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011217/* All supported ACL keywords must be declared here. */
11218/************************************************************************/
11219
11220/* Note: must not be declared <const> as its list will be overwritten.
11221 * Please take care of keeping this list alphabetically sorted.
11222 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011223static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011224 { "base", "base", PAT_MATCH_STR },
11225 { "base_beg", "base", PAT_MATCH_BEG },
11226 { "base_dir", "base", PAT_MATCH_DIR },
11227 { "base_dom", "base", PAT_MATCH_DOM },
11228 { "base_end", "base", PAT_MATCH_END },
11229 { "base_len", "base", PAT_MATCH_LEN },
11230 { "base_reg", "base", PAT_MATCH_REG },
11231 { "base_sub", "base", PAT_MATCH_SUB },
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020011232
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011233 { "cook", "req.cook", PAT_MATCH_STR },
11234 { "cook_beg", "req.cook", PAT_MATCH_BEG },
11235 { "cook_dir", "req.cook", PAT_MATCH_DIR },
11236 { "cook_dom", "req.cook", PAT_MATCH_DOM },
11237 { "cook_end", "req.cook", PAT_MATCH_END },
11238 { "cook_len", "req.cook", PAT_MATCH_LEN },
11239 { "cook_reg", "req.cook", PAT_MATCH_REG },
11240 { "cook_sub", "req.cook", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011241
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011242 { "hdr", "req.hdr", PAT_MATCH_STR },
11243 { "hdr_beg", "req.hdr", PAT_MATCH_BEG },
11244 { "hdr_dir", "req.hdr", PAT_MATCH_DIR },
11245 { "hdr_dom", "req.hdr", PAT_MATCH_DOM },
11246 { "hdr_end", "req.hdr", PAT_MATCH_END },
11247 { "hdr_len", "req.hdr", PAT_MATCH_LEN },
11248 { "hdr_reg", "req.hdr", PAT_MATCH_REG },
11249 { "hdr_sub", "req.hdr", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011250
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011251 /* these two declarations uses strings with list storage (in place
11252 * of tree storage). The basic match is PAT_MATCH_STR, but the indexation
11253 * and delete functions are relative to the list management. The parse
11254 * and match method are related to the corresponding fetch methods. This
11255 * is very particular ACL declaration mode.
11256 */
11257 { "http_auth_group", NULL, PAT_MATCH_STR, NULL, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_auth },
11258 { "method", NULL, PAT_MATCH_STR, pat_parse_meth, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_meth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011259
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011260 { "path", "path", PAT_MATCH_STR },
11261 { "path_beg", "path", PAT_MATCH_BEG },
11262 { "path_dir", "path", PAT_MATCH_DIR },
11263 { "path_dom", "path", PAT_MATCH_DOM },
11264 { "path_end", "path", PAT_MATCH_END },
11265 { "path_len", "path", PAT_MATCH_LEN },
11266 { "path_reg", "path", PAT_MATCH_REG },
11267 { "path_sub", "path", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011268
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011269 { "req_ver", "req.ver", PAT_MATCH_STR },
11270 { "resp_ver", "res.ver", PAT_MATCH_STR },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011271
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011272 { "scook", "res.cook", PAT_MATCH_STR },
11273 { "scook_beg", "res.cook", PAT_MATCH_BEG },
11274 { "scook_dir", "res.cook", PAT_MATCH_DIR },
11275 { "scook_dom", "res.cook", PAT_MATCH_DOM },
11276 { "scook_end", "res.cook", PAT_MATCH_END },
11277 { "scook_len", "res.cook", PAT_MATCH_LEN },
11278 { "scook_reg", "res.cook", PAT_MATCH_REG },
11279 { "scook_sub", "res.cook", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011280
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011281 { "shdr", "res.hdr", PAT_MATCH_STR },
11282 { "shdr_beg", "res.hdr", PAT_MATCH_BEG },
11283 { "shdr_dir", "res.hdr", PAT_MATCH_DIR },
11284 { "shdr_dom", "res.hdr", PAT_MATCH_DOM },
11285 { "shdr_end", "res.hdr", PAT_MATCH_END },
11286 { "shdr_len", "res.hdr", PAT_MATCH_LEN },
11287 { "shdr_reg", "res.hdr", PAT_MATCH_REG },
11288 { "shdr_sub", "res.hdr", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011289
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011290 { "url", "url", PAT_MATCH_STR },
11291 { "url_beg", "url", PAT_MATCH_BEG },
11292 { "url_dir", "url", PAT_MATCH_DIR },
11293 { "url_dom", "url", PAT_MATCH_DOM },
11294 { "url_end", "url", PAT_MATCH_END },
11295 { "url_len", "url", PAT_MATCH_LEN },
11296 { "url_reg", "url", PAT_MATCH_REG },
11297 { "url_sub", "url", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011298
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011299 { "urlp", "urlp", PAT_MATCH_STR },
11300 { "urlp_beg", "urlp", PAT_MATCH_BEG },
11301 { "urlp_dir", "urlp", PAT_MATCH_DIR },
11302 { "urlp_dom", "urlp", PAT_MATCH_DOM },
11303 { "urlp_end", "urlp", PAT_MATCH_END },
11304 { "urlp_len", "urlp", PAT_MATCH_LEN },
11305 { "urlp_reg", "urlp", PAT_MATCH_REG },
11306 { "urlp_sub", "urlp", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011307
Willy Tarreau8ed669b2013-01-11 15:49:37 +010011308 { /* END */ },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020011309}};
11310
11311/************************************************************************/
11312/* All supported pattern keywords must be declared here. */
Willy Tarreau4a568972010-05-12 08:08:50 +020011313/************************************************************************/
11314/* Note: must not be declared <const> as its list will be overwritten */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011315static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011316 { "base", smp_fetch_base, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011317 { "base32", smp_fetch_base32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
11318 { "base32+src", smp_fetch_base32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
11319
William Lallemanda43ba4e2014-01-28 18:14:25 +010011320 /* capture are allocated and are permanent in the session */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011321 { "capture.req.hdr", smp_fetch_capture_header_req, ARG1(1, UINT), NULL, SMP_T_STR, SMP_USE_HRQHP },
Willy Tarreau3c1b5ec2014-04-24 23:41:57 +020011322
11323 /* retrieve these captures from the HTTP logs */
11324 { "capture.req.method", smp_fetch_capture_req_method, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
11325 { "capture.req.uri", smp_fetch_capture_req_uri, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
11326 { "capture.req.ver", smp_fetch_capture_req_ver, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
11327
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011328 { "capture.res.hdr", smp_fetch_capture_header_res, ARG1(1, UINT), NULL, SMP_T_STR, SMP_USE_HRSHP },
Willy Tarreau3c1b5ec2014-04-24 23:41:57 +020011329 { "capture.res.ver", smp_fetch_capture_res_ver, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
William Lallemanda43ba4e2014-01-28 18:14:25 +010011330
Willy Tarreau409bcde2013-01-08 00:31:00 +010011331 /* cookie is valid in both directions (eg: for "stick ...") but cook*
11332 * are only here to match the ACL's name, are request-only and are used
11333 * for ACL compatibility only.
11334 */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011335 { "cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
11336 { "cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV|SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011337 { "cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11338 { "cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11339
11340 /* hdr is valid in both directions (eg: for "stick ...") but hdr_* are
11341 * only here to match the ACL's name, are request-only and are used for
11342 * ACL compatibility only.
11343 */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011344 { "hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV|SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011345 { "hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11346 { "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
11347 { "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
11348
Willy Tarreau0a0daec2013-04-02 22:44:58 +020011349 { "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011350 { "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011351 { "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Thierry FOURNIERd4373142013-12-17 01:10:10 +010011352 { "method", smp_fetch_meth, 0, NULL, SMP_T_METH, SMP_USE_HRQHP },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011353 { "path", smp_fetch_path, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011354
11355 /* HTTP protocol on the request path */
11356 { "req.proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011357 { "req_proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011358
11359 /* HTTP version on the request path */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011360 { "req.ver", smp_fetch_rqver, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
11361 { "req_ver", smp_fetch_rqver, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011362
11363 /* HTTP version on the response path */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011364 { "res.ver", smp_fetch_stver, 0, NULL, SMP_T_STR, SMP_USE_HRSHV },
11365 { "resp_ver", smp_fetch_stver, 0, NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011366
Willy Tarreau18ed2562013-01-14 15:56:36 +010011367 /* explicit req.{cook,hdr} are used to force the fetch direction to be request-only */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011368 { "req.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011369 { "req.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11370 { "req.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11371
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011372 { "req.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau04ff9f12013-06-10 18:39:42 +020011373 { "req.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011374 { "req.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011375 { "req.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11376 { "req.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
11377 { "req.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
11378
11379 /* explicit req.{cook,hdr} are used to force the fetch direction to be response-only */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011380 { "res.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011381 { "res.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
11382 { "res.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
11383
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011384 { "res.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau04ff9f12013-06-10 18:39:42 +020011385 { "res.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011386 { "res.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010011387 { "res.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
11388 { "res.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
11389 { "res.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
11390
Willy Tarreau409bcde2013-01-08 00:31:00 +010011391 /* scook is valid only on the response and is used for ACL compatibility */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011392 { "scook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011393 { "scook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
11394 { "scook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011395 { "set-cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV }, /* deprecated */
Willy Tarreau409bcde2013-01-08 00:31:00 +010011396
11397 /* shdr is valid only on the response and is used for ACL compatibility */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011398 { "shdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011399 { "shdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
11400 { "shdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
11401 { "shdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
11402
11403 { "status", smp_fetch_stcode, 0, NULL, SMP_T_UINT, SMP_USE_HRSHP },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011404 { "url", smp_fetch_url, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000011405 { "url32", smp_fetch_url32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
11406 { "url32+src", smp_fetch_url32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011407 { "url_ip", smp_fetch_url_ip, 0, NULL, SMP_T_IPV4, SMP_USE_HRQHV },
11408 { "url_port", smp_fetch_url_port, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011409 { "url_param", smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
11410 { "urlp" , smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010011411 { "urlp_val", smp_fetch_url_param_val, ARG2(1,STR,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
11412 { /* END */ },
Willy Tarreau4a568972010-05-12 08:08:50 +020011413}};
11414
Willy Tarreau8797c062007-05-07 00:55:35 +020011415
Willy Tarreau276fae92013-07-25 14:36:01 +020011416/* Note: must not be declared <const> as its list will be overwritten */
11417static struct sample_conv_kw_list sample_conv_kws = {ILH, {
Thierry FOURNIERad903512014-04-11 17:51:01 +020011418 { "http_date", sample_conv_http_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_T_STR},
11419 { "language", sample_conv_q_prefered, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_T_STR},
Willy Tarreau276fae92013-07-25 14:36:01 +020011420 { NULL, NULL, 0, 0, 0 },
11421}};
11422
Willy Tarreau8797c062007-05-07 00:55:35 +020011423__attribute__((constructor))
11424static void __http_protocol_init(void)
11425{
11426 acl_register_keywords(&acl_kws);
Willy Tarreau12785782012-04-27 21:37:17 +020011427 sample_register_fetches(&sample_fetch_keywords);
Willy Tarreau276fae92013-07-25 14:36:01 +020011428 sample_register_convs(&sample_conv_kws);
Willy Tarreau8797c062007-05-07 00:55:35 +020011429}
11430
11431
Willy Tarreau58f10d72006-12-04 02:26:12 +010011432/*
Willy Tarreaubaaee002006-06-26 02:48:02 +020011433 * Local variables:
11434 * c-indent-level: 8
11435 * c-basic-offset: 8
11436 * End:
11437 */