blob: acbe5ddcafa5cc622b35efca77458f032dfc9cf2 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreau7c669d72008-06-20 15:04:11 +02004 * Copyright 2000-2008 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
27#include <common/compat.h>
28#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010029#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020030#include <common/memory.h>
31#include <common/mini-clist.h>
32#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020033#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/time.h>
35#include <common/uri_auth.h>
36#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020037
38#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020039#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040
Willy Tarreau8797c062007-05-07 00:55:35 +020041#include <proto/acl.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020042#include <proto/backend.h>
43#include <proto/buffers.h>
Willy Tarreau91861262007-10-17 17:06:05 +020044#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020045#include <proto/fd.h>
46#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010047#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020048#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020049#include <proto/proto_http.h>
50#include <proto/queue.h>
Willy Tarreau91861262007-10-17 17:06:05 +020051#include <proto/senddata.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020052#include <proto/session.h>
53#include <proto/task.h>
54
Willy Tarreau6d1a9882007-01-07 02:03:04 +010055#ifdef CONFIG_HAP_TCPSPLICE
56#include <libtcpsplice.h>
57#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +020058
Willy Tarreau58f10d72006-12-04 02:26:12 +010059#define DEBUG_PARSE_NO_SPEEDUP
60#undef DEBUG_PARSE_NO_SPEEDUP
61
Willy Tarreau976f1ee2006-12-17 10:06:03 +010062/* This is used to perform a quick jump as an alternative to a break/continue
63 * instruction. The first argument is the label for normal operation, and the
64 * second one is the break/continue instruction in the no_speedup mode.
65 */
66
67#ifdef DEBUG_PARSE_NO_SPEEDUP
68#define QUICK_JUMP(x,y) y
69#else
70#define QUICK_JUMP(x,y) goto x
71#endif
72
Willy Tarreau1c47f852006-07-09 08:22:27 +020073/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010074const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020075 "HTTP/1.0 200 OK\r\n"
76 "Cache-Control: no-cache\r\n"
77 "Connection: close\r\n"
78 "Content-Type: text/html\r\n"
79 "\r\n"
80 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
81
Willy Tarreau0f772532006-12-23 20:51:41 +010082const struct chunk http_200_chunk = {
83 .str = (char *)&HTTP_200,
84 .len = sizeof(HTTP_200)-1
85};
86
Willy Tarreaub463dfb2008-06-07 23:08:56 +020087const char *HTTP_301 =
88 "HTTP/1.0 301 Moved Permantenly\r\n"
89 "Cache-Control: no-cache\r\n"
90 "Connection: close\r\n"
91 "Location: "; /* not terminated since it will be concatenated with the URL */
92
Willy Tarreau0f772532006-12-23 20:51:41 +010093const char *HTTP_302 =
94 "HTTP/1.0 302 Found\r\n"
95 "Cache-Control: no-cache\r\n"
96 "Connection: close\r\n"
97 "Location: "; /* not terminated since it will be concatenated with the URL */
98
99/* same as 302 except that the browser MUST retry with the GET method */
100const char *HTTP_303 =
101 "HTTP/1.0 303 See Other\r\n"
102 "Cache-Control: no-cache\r\n"
103 "Connection: close\r\n"
104 "Location: "; /* not terminated since it will be concatenated with the URL */
105
Willy Tarreaubaaee002006-06-26 02:48:02 +0200106/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
107const char *HTTP_401_fmt =
108 "HTTP/1.0 401 Unauthorized\r\n"
109 "Cache-Control: no-cache\r\n"
110 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200111 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200112 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
113 "\r\n"
114 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
115
Willy Tarreau0f772532006-12-23 20:51:41 +0100116
117const int http_err_codes[HTTP_ERR_SIZE] = {
118 [HTTP_ERR_400] = 400,
119 [HTTP_ERR_403] = 403,
120 [HTTP_ERR_408] = 408,
121 [HTTP_ERR_500] = 500,
122 [HTTP_ERR_502] = 502,
123 [HTTP_ERR_503] = 503,
124 [HTTP_ERR_504] = 504,
125};
126
Willy Tarreau80587432006-12-24 17:47:20 +0100127static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100128 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100129 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100130 "Cache-Control: no-cache\r\n"
131 "Connection: close\r\n"
132 "Content-Type: text/html\r\n"
133 "\r\n"
134 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
135
136 [HTTP_ERR_403] =
137 "HTTP/1.0 403 Forbidden\r\n"
138 "Cache-Control: no-cache\r\n"
139 "Connection: close\r\n"
140 "Content-Type: text/html\r\n"
141 "\r\n"
142 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
143
144 [HTTP_ERR_408] =
145 "HTTP/1.0 408 Request Time-out\r\n"
146 "Cache-Control: no-cache\r\n"
147 "Connection: close\r\n"
148 "Content-Type: text/html\r\n"
149 "\r\n"
150 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
151
152 [HTTP_ERR_500] =
153 "HTTP/1.0 500 Server Error\r\n"
154 "Cache-Control: no-cache\r\n"
155 "Connection: close\r\n"
156 "Content-Type: text/html\r\n"
157 "\r\n"
158 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
159
160 [HTTP_ERR_502] =
161 "HTTP/1.0 502 Bad Gateway\r\n"
162 "Cache-Control: no-cache\r\n"
163 "Connection: close\r\n"
164 "Content-Type: text/html\r\n"
165 "\r\n"
166 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
167
168 [HTTP_ERR_503] =
169 "HTTP/1.0 503 Service Unavailable\r\n"
170 "Cache-Control: no-cache\r\n"
171 "Connection: close\r\n"
172 "Content-Type: text/html\r\n"
173 "\r\n"
174 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
175
176 [HTTP_ERR_504] =
177 "HTTP/1.0 504 Gateway Time-out\r\n"
178 "Cache-Control: no-cache\r\n"
179 "Connection: close\r\n"
180 "Content-Type: text/html\r\n"
181 "\r\n"
182 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
183
184};
185
Willy Tarreau80587432006-12-24 17:47:20 +0100186/* We must put the messages here since GCC cannot initialize consts depending
187 * on strlen().
188 */
189struct chunk http_err_chunks[HTTP_ERR_SIZE];
190
Willy Tarreau42250582007-04-01 01:30:43 +0200191#define FD_SETS_ARE_BITFIELDS
192#ifdef FD_SETS_ARE_BITFIELDS
193/*
194 * This map is used with all the FD_* macros to check whether a particular bit
195 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
196 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
197 * byte should be encoded. Be careful to always pass bytes from 0 to 255
198 * exclusively to the macros.
199 */
200fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
201fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
202
203#else
204#error "Check if your OS uses bitfields for fd_sets"
205#endif
206
Willy Tarreau80587432006-12-24 17:47:20 +0100207void init_proto_http()
208{
Willy Tarreau42250582007-04-01 01:30:43 +0200209 int i;
210 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100211 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200212
Willy Tarreau80587432006-12-24 17:47:20 +0100213 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
214 if (!http_err_msgs[msg]) {
215 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
216 abort();
217 }
218
219 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
220 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
221 }
Willy Tarreau42250582007-04-01 01:30:43 +0200222
223 /* initialize the log header encoding map : '{|}"#' should be encoded with
224 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
225 * URL encoding only requires '"', '#' to be encoded as well as non-
226 * printable characters above.
227 */
228 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
229 memset(url_encode_map, 0, sizeof(url_encode_map));
230 for (i = 0; i < 32; i++) {
231 FD_SET(i, hdr_encode_map);
232 FD_SET(i, url_encode_map);
233 }
234 for (i = 127; i < 256; i++) {
235 FD_SET(i, hdr_encode_map);
236 FD_SET(i, url_encode_map);
237 }
238
239 tmp = "\"#{|}";
240 while (*tmp) {
241 FD_SET(*tmp, hdr_encode_map);
242 tmp++;
243 }
244
245 tmp = "\"#";
246 while (*tmp) {
247 FD_SET(*tmp, url_encode_map);
248 tmp++;
249 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200250
251 /* memory allocations */
252 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200253 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100254}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200255
Willy Tarreau53b6c742006-12-17 13:37:46 +0100256/*
257 * We have 26 list of methods (1 per first letter), each of which can have
258 * up to 3 entries (2 valid, 1 null).
259 */
260struct http_method_desc {
261 http_meth_t meth;
262 int len;
263 const char text[8];
264};
265
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100266const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100267 ['C' - 'A'] = {
268 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
269 },
270 ['D' - 'A'] = {
271 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
272 },
273 ['G' - 'A'] = {
274 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
275 },
276 ['H' - 'A'] = {
277 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
278 },
279 ['P' - 'A'] = {
280 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
281 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
282 },
283 ['T' - 'A'] = {
284 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
285 },
286 /* rest is empty like this :
287 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
288 */
289};
290
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100291/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200292 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100293 * RFC2616 for those chars.
294 */
295
296const char http_is_spht[256] = {
297 [' '] = 1, ['\t'] = 1,
298};
299
300const char http_is_crlf[256] = {
301 ['\r'] = 1, ['\n'] = 1,
302};
303
304const char http_is_lws[256] = {
305 [' '] = 1, ['\t'] = 1,
306 ['\r'] = 1, ['\n'] = 1,
307};
308
309const char http_is_sep[256] = {
310 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
311 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
312 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
313 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
314 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
315};
316
317const char http_is_ctl[256] = {
318 [0 ... 31] = 1,
319 [127] = 1,
320};
321
322/*
323 * A token is any ASCII char that is neither a separator nor a CTL char.
324 * Do not overwrite values in assignment since gcc-2.95 will not handle
325 * them correctly. Instead, define every non-CTL char's status.
326 */
327const char http_is_token[256] = {
328 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
329 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
330 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
331 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
332 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
333 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
334 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
335 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
336 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
337 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
338 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
339 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
340 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
341 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
342 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
343 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
344 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
345 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
346 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
347 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
348 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
349 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
350 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
351 ['|'] = 1, ['}'] = 0, ['~'] = 1,
352};
353
354
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100355/*
356 * An http ver_token is any ASCII which can be found in an HTTP version,
357 * which includes 'H', 'T', 'P', '/', '.' and any digit.
358 */
359const char http_is_ver_token[256] = {
360 ['.'] = 1, ['/'] = 1,
361 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
362 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
363 ['H'] = 1, ['P'] = 1, ['T'] = 1,
364};
365
366
Willy Tarreaubaaee002006-06-26 02:48:02 +0200367#ifdef DEBUG_FULL
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200368static char *cli_stnames[4] = { "DAT", "SHR", "SHW", "CLS" };
Willy Tarreauf5483bf2008-08-14 18:35:40 +0200369static char *srv_stnames[6] = { "IDL", "CON", "DAT", "SHR", "SHW", "CLS" };
Willy Tarreaubaaee002006-06-26 02:48:02 +0200370#endif
371
Willy Tarreau42250582007-04-01 01:30:43 +0200372static void http_sess_log(struct session *s);
373
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100374/*
375 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
376 * CRLF. Text length is measured first, so it cannot be NULL.
377 * The header is also automatically added to the index <hdr_idx>, and the end
378 * of headers is automatically adjusted. The number of bytes added is returned
379 * on success, otherwise <0 is returned indicating an error.
380 */
381int http_header_add_tail(struct buffer *b, struct http_msg *msg,
382 struct hdr_idx *hdr_idx, const char *text)
383{
384 int bytes, len;
385
386 len = strlen(text);
387 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
388 if (!bytes)
389 return -1;
390 msg->eoh += bytes;
391 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
392}
393
394/*
395 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
396 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
397 * the buffer is only opened and the space reserved, but nothing is copied.
398 * The header is also automatically added to the index <hdr_idx>, and the end
399 * of headers is automatically adjusted. The number of bytes added is returned
400 * on success, otherwise <0 is returned indicating an error.
401 */
402int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
403 struct hdr_idx *hdr_idx, const char *text, int len)
404{
405 int bytes;
406
407 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
408 if (!bytes)
409 return -1;
410 msg->eoh += bytes;
411 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
412}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200413
414/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100415 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
416 * If so, returns the position of the first non-space character relative to
417 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
418 * to return a pointer to the place after the first space. Returns 0 if the
419 * header name does not match. Checks are case-insensitive.
420 */
421int http_header_match2(const char *hdr, const char *end,
422 const char *name, int len)
423{
424 const char *val;
425
426 if (hdr + len >= end)
427 return 0;
428 if (hdr[len] != ':')
429 return 0;
430 if (strncasecmp(hdr, name, len) != 0)
431 return 0;
432 val = hdr + len + 1;
433 while (val < end && HTTP_IS_SPHT(*val))
434 val++;
435 if ((val >= end) && (len + 2 <= end - hdr))
436 return len + 2; /* we may replace starting from second space */
437 return val - hdr;
438}
439
Willy Tarreau33a7e692007-06-10 19:45:56 +0200440/* Find the end of the header value contained between <s> and <e>.
441 * See RFC2616, par 2.2 for more information. Note that it requires
442 * a valid header to return a valid result.
443 */
444const char *find_hdr_value_end(const char *s, const char *e)
445{
446 int quoted, qdpair;
447
448 quoted = qdpair = 0;
449 for (; s < e; s++) {
450 if (qdpair) qdpair = 0;
451 else if (quoted && *s == '\\') qdpair = 1;
452 else if (quoted && *s == '"') quoted = 0;
453 else if (*s == '"') quoted = 1;
454 else if (*s == ',') return s;
455 }
456 return s;
457}
458
459/* Find the first or next occurrence of header <name> in message buffer <sol>
460 * using headers index <idx>, and return it in the <ctx> structure. This
461 * structure holds everything necessary to use the header and find next
462 * occurrence. If its <idx> member is 0, the header is searched from the
463 * beginning. Otherwise, the next occurrence is returned. The function returns
464 * 1 when it finds a value, and 0 when there is no more.
465 */
466int http_find_header2(const char *name, int len,
467 const char *sol, struct hdr_idx *idx,
468 struct hdr_ctx *ctx)
469{
470 __label__ return_hdr, next_hdr;
471 const char *eol, *sov;
472 int cur_idx;
473
474 if (ctx->idx) {
475 /* We have previously returned a value, let's search
476 * another one on the same line.
477 */
478 cur_idx = ctx->idx;
479 sol = ctx->line;
480 sov = sol + ctx->val + ctx->vlen;
481 eol = sol + idx->v[cur_idx].len;
482
483 if (sov >= eol)
484 /* no more values in this header */
485 goto next_hdr;
486
487 /* values remaining for this header, skip the comma */
488 sov++;
489 while (sov < eol && http_is_lws[(unsigned char)*sov])
490 sov++;
491
492 goto return_hdr;
493 }
494
495 /* first request for this header */
496 sol += hdr_idx_first_pos(idx);
497 cur_idx = hdr_idx_first_idx(idx);
498
499 while (cur_idx) {
500 eol = sol + idx->v[cur_idx].len;
501
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200502 if (len == 0) {
503 /* No argument was passed, we want any header.
504 * To achieve this, we simply build a fake request. */
505 while (sol + len < eol && sol[len] != ':')
506 len++;
507 name = sol;
508 }
509
Willy Tarreau33a7e692007-06-10 19:45:56 +0200510 if ((len < eol - sol) &&
511 (sol[len] == ':') &&
512 (strncasecmp(sol, name, len) == 0)) {
513
514 sov = sol + len + 1;
515 while (sov < eol && http_is_lws[(unsigned char)*sov])
516 sov++;
517 return_hdr:
518 ctx->line = sol;
519 ctx->idx = cur_idx;
520 ctx->val = sov - sol;
521
522 eol = find_hdr_value_end(sov, eol);
523 ctx->vlen = eol - sov;
524 return 1;
525 }
526 next_hdr:
527 sol = eol + idx->v[cur_idx].cr + 1;
528 cur_idx = idx->v[cur_idx].next;
529 }
530 return 0;
531}
532
533int http_find_header(const char *name,
534 const char *sol, struct hdr_idx *idx,
535 struct hdr_ctx *ctx)
536{
537 return http_find_header2(name, strlen(name), sol, idx, ctx);
538}
539
Willy Tarreaubaaee002006-06-26 02:48:02 +0200540/* This function turns the server state into the SV_STCLOSE, and sets
Willy Tarreau0f772532006-12-23 20:51:41 +0100541 * indicators accordingly. Note that if <status> is 0, or if the message
542 * pointer is NULL, then no message is returned.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200543 */
544void srv_close_with_err(struct session *t, int err, int finst,
Willy Tarreau0f772532006-12-23 20:51:41 +0100545 int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200546{
547 t->srv_state = SV_STCLOSE;
Willy Tarreauadfb8562008-08-11 15:24:42 +0200548 t->rep->flags |= BF_MAY_FORWARD;
Willy Tarreauba392ce2008-08-16 21:13:23 +0200549 buffer_shutw(t->req);
550 buffer_shutr(t->rep);
Willy Tarreau0f772532006-12-23 20:51:41 +0100551 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100552 t->txn.status = status;
Willy Tarreau73de9892006-11-30 11:40:23 +0100553 if (t->fe->mode == PR_MODE_HTTP)
Willy Tarreau0f772532006-12-23 20:51:41 +0100554 client_return(t, msg);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200555 }
556 if (!(t->flags & SN_ERR_MASK))
557 t->flags |= err;
558 if (!(t->flags & SN_FINST_MASK))
559 t->flags |= finst;
560}
561
Willy Tarreau80587432006-12-24 17:47:20 +0100562/* This function returns the appropriate error location for the given session
563 * and message.
564 */
565
566struct chunk *error_message(struct session *s, int msgnum)
567{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200568 if (s->be->errmsg[msgnum].str)
569 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100570 else if (s->fe->errmsg[msgnum].str)
571 return &s->fe->errmsg[msgnum];
572 else
573 return &http_err_chunks[msgnum];
574}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200575
Willy Tarreau53b6c742006-12-17 13:37:46 +0100576/*
577 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
578 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
579 */
580static http_meth_t find_http_meth(const char *str, const int len)
581{
582 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100583 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100584
585 m = ((unsigned)*str - 'A');
586
587 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100588 for (h = http_methods[m]; h->len > 0; h++) {
589 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100590 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100591 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100592 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100593 };
594 return HTTP_METH_OTHER;
595 }
596 return HTTP_METH_NONE;
597
598}
599
Willy Tarreau21d2af32008-02-14 20:25:24 +0100600/* Parse the URI from the given transaction (which is assumed to be in request
601 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
602 * It is returned otherwise.
603 */
604static char *
605http_get_path(struct http_txn *txn)
606{
607 char *ptr, *end;
608
609 ptr = txn->req.sol + txn->req.sl.rq.u;
610 end = ptr + txn->req.sl.rq.u_l;
611
612 if (ptr >= end)
613 return NULL;
614
615 /* RFC2616, par. 5.1.2 :
616 * Request-URI = "*" | absuri | abspath | authority
617 */
618
619 if (*ptr == '*')
620 return NULL;
621
622 if (isalpha((unsigned char)*ptr)) {
623 /* this is a scheme as described by RFC3986, par. 3.1 */
624 ptr++;
625 while (ptr < end &&
626 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
627 ptr++;
628 /* skip '://' */
629 if (ptr == end || *ptr++ != ':')
630 return NULL;
631 if (ptr == end || *ptr++ != '/')
632 return NULL;
633 if (ptr == end || *ptr++ != '/')
634 return NULL;
635 }
636 /* skip [user[:passwd]@]host[:[port]] */
637
638 while (ptr < end && *ptr != '/')
639 ptr++;
640
641 if (ptr == end)
642 return NULL;
643
644 /* OK, we got the '/' ! */
645 return ptr;
646}
647
Willy Tarreaubaaee002006-06-26 02:48:02 +0200648/* Processes the client and server jobs of a session task, then
649 * puts it back to the wait queue in a clean state, or
650 * cleans up its resources if it must be deleted. Returns
651 * the time the task accepts to wait, or TIME_ETERNITY for
652 * infinity.
653 */
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200654void process_session(struct task *t, int *next)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200655{
656 struct session *s = t->context;
657 int fsm_resync = 0;
658
659 do {
660 fsm_resync = 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200661
662 //fprintf(stderr,"before_cli:cli=%d, srv=%d, resync=%d\n", s->cli_state, s->srv_state, fsm_resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200663 fsm_resync |= process_cli(s);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200664
665 //fprintf(stderr,"before_req:cli=%d, srv=%d, resync=%d\n", s->cli_state, s->srv_state, fsm_resync);
666 if (s->analysis & AN_REQ_ANY)
667 fsm_resync |= process_request(s);
668
669 //fprintf(stderr,"before_srv:cli=%d, srv=%d, resync=%d\n", s->cli_state, s->srv_state, fsm_resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200670 fsm_resync |= process_srv(s);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200671
Willy Tarreauf5483bf2008-08-14 18:35:40 +0200672 //fprintf(stderr,"before_rep:cli=%d, srv=%d, resync=%d\n", s->cli_state, s->srv_state, fsm_resync);
673 if (s->analysis & AN_RTR_ANY)
674 fsm_resync |= process_response(s);
675
Willy Tarreauc65a3ba2008-08-11 23:42:50 +0200676 //fprintf(stderr,"endof_loop:cli=%d, srv=%d, resync=%d\n", s->cli_state, s->srv_state, fsm_resync);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200677 } while (fsm_resync);
678
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200679 if (likely(s->cli_state != CL_STCLOSE || s->srv_state != SV_STCLOSE)) {
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100680
681 if ((s->fe->options & PR_O_CONTSTATS) && (s->flags & SN_BE_ASSIGNED))
682 session_process_counters(s);
683
Willy Tarreau0f9f5052006-07-29 17:39:25 +0200684 s->req->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
685 s->rep->flags &= BF_CLEAR_READ & BF_CLEAR_WRITE;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200686
Willy Tarreau7f875f62008-08-11 17:35:01 +0200687 /* Trick: if a request is being waiting for the server to respond,
688 * and if we know the server can timeout, we don't want the timeout
689 * to expire on the client side first, but we're still interested
690 * in passing data from the client to the server (eg: POST). Thus,
691 * we can cancel the client's request timeout if the server's
692 * request timeout is set and the server has not yet sent a response.
693 */
694
Willy Tarreauba392ce2008-08-16 21:13:23 +0200695 if ((s->rep->flags & (BF_MAY_FORWARD|BF_SHUTR)) == 0 &&
Willy Tarreau7f875f62008-08-11 17:35:01 +0200696 (tick_isset(s->req->cex) || tick_isset(s->req->wex) || tick_isset(s->rep->rex)))
697 s->req->rex = TICK_ETERNITY;
698
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200699 t->expire = tick_first(tick_first(s->req->rex, s->req->wex),
700 tick_first(s->rep->rex, s->rep->wex));
701 t->expire = tick_first(t->expire, s->req->cex);
Willy Tarreau67f0eea2008-08-10 22:55:22 +0200702 if (s->analysis & AN_REQ_ANY) {
703 if (s->analysis & AN_REQ_INSPECT)
704 t->expire = tick_first(t->expire, s->inspect_exp);
705 else if (s->analysis & AN_REQ_HTTP_HDR)
706 t->expire = tick_first(t->expire, s->txn.exp);
707 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200708
709 /* restore t to its place in the task list */
710 task_queue(t);
711
Willy Tarreaua7c52762008-08-16 18:40:18 +0200712#ifdef DEBUG_DEV
713 /* this may only happen when no timeout is set or in case of an FSM bug */
714 if (!t->expire)
715 ABORT_NOW();
716#endif
Willy Tarreaud825eef2007-05-12 22:35:00 +0200717 *next = t->expire;
718 return; /* nothing more to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +0200719 }
720
Willy Tarreauf1221aa2006-12-17 22:14:12 +0100721 s->fe->feconn--;
722 if (s->flags & SN_BE_ASSIGNED)
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200723 s->be->beconn--;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200724 actconn--;
725
Willy Tarreauf41d4b12007-04-28 23:26:14 +0200726 if (unlikely((global.mode & MODE_DEBUG) &&
727 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
Willy Tarreaubaaee002006-06-26 02:48:02 +0200728 int len;
Willy Tarreau45e73e32006-12-17 00:05:15 +0100729 len = sprintf(trash, "%08x:%s.closed[%04x:%04x]\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200730 s->uniq_id, s->be->id,
Willy Tarreau45e73e32006-12-17 00:05:15 +0100731 (unsigned short)s->cli_fd, (unsigned short)s->srv_fd);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200732 write(1, trash, len);
733 }
734
Willy Tarreau42aae5c2007-04-29 17:43:56 +0200735 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
Krzysztof Piotr Oledzki583bc962007-11-24 22:12:47 +0100736 session_process_counters(s);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200737
738 /* let's do a final log if we need it */
Willy Tarreau1c47f852006-07-09 08:22:27 +0200739 if (s->logs.logwait &&
740 !(s->flags & SN_MONITOR) &&
Willy Tarreau42250582007-04-01 01:30:43 +0200741 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
742 if (s->fe->to_log & LW_REQ)
743 http_sess_log(s);
744 else
745 tcp_sess_log(s);
746 }
Willy Tarreaubaaee002006-06-26 02:48:02 +0200747
748 /* the task MUST not be in the run queue anymore */
749 task_delete(t);
750 session_free(s);
751 task_free(t);
Willy Tarreau0c303ee2008-07-07 00:09:58 +0200752 *next = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200753}
754
755
Willy Tarreau42250582007-04-01 01:30:43 +0200756extern const char sess_term_cond[8];
757extern const char sess_fin_state[8];
758extern const char *monthname[12];
759const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */
760const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown,
761 Set-cookie seen and left unchanged (passive), Set-cookie Deleted,
762 unknown, Set-cookie Rewritten */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200763struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200764struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100765
Willy Tarreau42250582007-04-01 01:30:43 +0200766/*
767 * send a log for the session when we have enough info about it.
768 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100769 */
Willy Tarreau42250582007-04-01 01:30:43 +0200770static void http_sess_log(struct session *s)
771{
772 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
773 struct proxy *fe = s->fe;
774 struct proxy *be = s->be;
775 struct proxy *prx_log;
776 struct http_txn *txn = &s->txn;
777 int tolog;
778 char *uri, *h;
779 char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +0200780 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +0200781 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +0200782 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +0200783 int hdr;
784
785 if (fe->logfac1 < 0 && fe->logfac2 < 0)
786 return;
787 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100788
Willy Tarreau42250582007-04-01 01:30:43 +0200789 if (s->cli_addr.ss_family == AF_INET)
790 inet_ntop(AF_INET,
791 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
792 pn, sizeof(pn));
793 else
794 inet_ntop(AF_INET6,
795 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
796 pn, sizeof(pn));
797
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200798 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +0200799
800 /* FIXME: let's limit ourselves to frontend logging for now. */
801 tolog = fe->to_log;
802
803 h = tmpline;
804 if (fe->to_log & LW_REQHDR &&
805 txn->req.cap &&
806 (h < tmpline + sizeof(tmpline) - 10)) {
807 *(h++) = ' ';
808 *(h++) = '{';
809 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
810 if (hdr)
811 *(h++) = '|';
812 if (txn->req.cap[hdr] != NULL)
813 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
814 '#', hdr_encode_map, txn->req.cap[hdr]);
815 }
816 *(h++) = '}';
817 }
818
819 if (fe->to_log & LW_RSPHDR &&
820 txn->rsp.cap &&
821 (h < tmpline + sizeof(tmpline) - 7)) {
822 *(h++) = ' ';
823 *(h++) = '{';
824 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
825 if (hdr)
826 *(h++) = '|';
827 if (txn->rsp.cap[hdr] != NULL)
828 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
829 '#', hdr_encode_map, txn->rsp.cap[hdr]);
830 }
831 *(h++) = '}';
832 }
833
834 if (h < tmpline + sizeof(tmpline) - 4) {
835 *(h++) = ' ';
836 *(h++) = '"';
837 uri = txn->uri ? txn->uri : "<BADREQ>";
838 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
839 '#', url_encode_map, uri);
840 *(h++) = '"';
841 }
842 *h = '\0';
843
844 svid = (tolog & LW_SVID) ?
845 (s->data_source != DATA_SRC_STATS) ?
846 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
847
Willy Tarreau70089872008-06-13 21:12:51 +0200848 t_request = -1;
849 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
850 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
851
Willy Tarreau42250582007-04-01 01:30:43 +0200852 send_log(prx_log, LOG_INFO,
853 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
854 " %s %s/%s %d/%d/%d/%d/%s%d %d %s%lld"
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +0100855 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %d/%d%s\n",
Willy Tarreau42250582007-04-01 01:30:43 +0200856 pn,
857 (s->cli_addr.ss_family == AF_INET) ?
858 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
859 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +0200860 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200861 tm.tm_hour, tm.tm_min, tm.tm_sec, s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +0200862 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +0200863 t_request,
864 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +0200865 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
866 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
867 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
868 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +0100869 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +0200870 txn->cli_cookie ? txn->cli_cookie : "-",
871 txn->srv_cookie ? txn->srv_cookie : "-",
872 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
873 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
874 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
875 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
876 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +0100877 (s->flags & SN_REDISP)?"+":"",
878 (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +0200879 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
880
881 s->logs.logwait = 0;
882}
883
Willy Tarreau117f59e2007-03-04 18:17:17 +0100884
885/*
886 * Capture headers from message starting at <som> according to header list
887 * <cap_hdr>, and fill the <idx> structure appropriately.
888 */
889void capture_headers(char *som, struct hdr_idx *idx,
890 char **cap, struct cap_hdr *cap_hdr)
891{
892 char *eol, *sol, *col, *sov;
893 int cur_idx;
894 struct cap_hdr *h;
895 int len;
896
897 sol = som + hdr_idx_first_pos(idx);
898 cur_idx = hdr_idx_first_idx(idx);
899
900 while (cur_idx) {
901 eol = sol + idx->v[cur_idx].len;
902
903 col = sol;
904 while (col < eol && *col != ':')
905 col++;
906
907 sov = col + 1;
908 while (sov < eol && http_is_lws[(unsigned char)*sov])
909 sov++;
910
911 for (h = cap_hdr; h; h = h->next) {
912 if ((h->namelen == col - sol) &&
913 (strncasecmp(sol, h->name, h->namelen) == 0)) {
914 if (cap[h->index] == NULL)
915 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +0200916 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +0100917
918 if (cap[h->index] == NULL) {
919 Alert("HTTP capture : out of memory.\n");
920 continue;
921 }
922
923 len = eol - sov;
924 if (len > h->len)
925 len = h->len;
926
927 memcpy(cap[h->index], sov, len);
928 cap[h->index][len]=0;
929 }
930 }
931 sol = eol + idx->v[cur_idx].cr + 1;
932 cur_idx = idx->v[cur_idx].next;
933 }
934}
935
936
Willy Tarreau42250582007-04-01 01:30:43 +0200937/* either we find an LF at <ptr> or we jump to <bad>.
938 */
939#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
940
941/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
942 * otherwise to <http_msg_ood> with <state> set to <st>.
943 */
944#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
945 ptr++; \
946 if (likely(ptr < end)) \
947 goto good; \
948 else { \
949 state = (st); \
950 goto http_msg_ood; \
951 } \
952 } while (0)
953
954
Willy Tarreaubaaee002006-06-26 02:48:02 +0200955/*
Willy Tarreaua15645d2007-03-18 16:22:39 +0100956 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +0100957 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
958 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
959 * will give undefined results.
960 * Note that it is upon the caller's responsibility to ensure that ptr < end,
961 * and that msg->sol points to the beginning of the response.
962 * If a complete line is found (which implies that at least one CR or LF is
963 * found before <end>, the updated <ptr> is returned, otherwise NULL is
964 * returned indicating an incomplete line (which does not mean that parts have
965 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
966 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
967 * upon next call.
968 *
Willy Tarreau9cdde232007-05-02 20:58:19 +0200969 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +0100970 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
971 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +0200972 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +0100973 */
Willy Tarreaue69eada2008-01-27 00:34:10 +0100974const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
975 unsigned int state, const char *ptr, const char *end,
976 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +0100977{
978 __label__
979 http_msg_rpver,
980 http_msg_rpver_sp,
981 http_msg_rpcode,
982 http_msg_rpcode_sp,
983 http_msg_rpreason,
984 http_msg_rpline_eol,
985 http_msg_ood, /* out of data */
986 http_msg_invalid;
987
988 switch (state) {
989 http_msg_rpver:
990 case HTTP_MSG_RPVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100991 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +0100992 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
993
994 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +0100995 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +0100996 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
997 }
998 goto http_msg_invalid;
999
1000 http_msg_rpver_sp:
1001 case HTTP_MSG_RPVER_SP:
1002 if (likely(!HTTP_IS_LWS(*ptr))) {
1003 msg->sl.st.c = ptr - msg_buf;
1004 goto http_msg_rpcode;
1005 }
1006 if (likely(HTTP_IS_SPHT(*ptr)))
1007 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1008 /* so it's a CR/LF, this is invalid */
1009 goto http_msg_invalid;
1010
1011 http_msg_rpcode:
1012 case HTTP_MSG_RPCODE:
1013 if (likely(!HTTP_IS_LWS(*ptr)))
1014 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1015
1016 if (likely(HTTP_IS_SPHT(*ptr))) {
1017 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1018 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1019 }
1020
1021 /* so it's a CR/LF, so there is no reason phrase */
1022 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1023 http_msg_rsp_reason:
1024 /* FIXME: should we support HTTP responses without any reason phrase ? */
1025 msg->sl.st.r = ptr - msg_buf;
1026 msg->sl.st.r_l = 0;
1027 goto http_msg_rpline_eol;
1028
1029 http_msg_rpcode_sp:
1030 case HTTP_MSG_RPCODE_SP:
1031 if (likely(!HTTP_IS_LWS(*ptr))) {
1032 msg->sl.st.r = ptr - msg_buf;
1033 goto http_msg_rpreason;
1034 }
1035 if (likely(HTTP_IS_SPHT(*ptr)))
1036 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1037 /* so it's a CR/LF, so there is no reason phrase */
1038 goto http_msg_rsp_reason;
1039
1040 http_msg_rpreason:
1041 case HTTP_MSG_RPREASON:
1042 if (likely(!HTTP_IS_CRLF(*ptr)))
1043 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
1044 msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r;
1045 http_msg_rpline_eol:
1046 /* We have seen the end of line. Note that we do not
1047 * necessarily have the \n yet, but at least we know that we
1048 * have EITHER \r OR \n, otherwise the response would not be
1049 * complete. We can then record the response length and return
1050 * to the caller which will be able to register it.
1051 */
1052 msg->sl.st.l = ptr - msg->sol;
1053 return ptr;
1054
1055#ifdef DEBUG_FULL
1056 default:
1057 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1058 exit(1);
1059#endif
1060 }
1061
1062 http_msg_ood:
1063 /* out of data */
1064 if (ret_state)
1065 *ret_state = state;
1066 if (ret_ptr)
1067 *ret_ptr = (char *)ptr;
1068 return NULL;
1069
1070 http_msg_invalid:
1071 /* invalid message */
1072 if (ret_state)
1073 *ret_state = HTTP_MSG_ERROR;
1074 return NULL;
1075}
1076
1077
1078/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001079 * This function parses a request line between <ptr> and <end>, starting with
1080 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1081 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1082 * will give undefined results.
1083 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1084 * and that msg->sol points to the beginning of the request.
1085 * If a complete line is found (which implies that at least one CR or LF is
1086 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1087 * returned indicating an incomplete line (which does not mean that parts have
1088 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1089 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1090 * upon next call.
1091 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001092 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001093 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1094 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001095 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001096 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001097const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1098 unsigned int state, const char *ptr, const char *end,
1099 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001100{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001101 __label__
1102 http_msg_rqmeth,
1103 http_msg_rqmeth_sp,
1104 http_msg_rquri,
1105 http_msg_rquri_sp,
1106 http_msg_rqver,
1107 http_msg_rqline_eol,
1108 http_msg_ood, /* out of data */
1109 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001110
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001111 switch (state) {
1112 http_msg_rqmeth:
1113 case HTTP_MSG_RQMETH:
1114 if (likely(HTTP_IS_TOKEN(*ptr)))
1115 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001116
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001117 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001118 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001119 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1120 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001121
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001122 if (likely(HTTP_IS_CRLF(*ptr))) {
1123 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001124 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001125 http_msg_req09_uri:
1126 msg->sl.rq.u = ptr - msg_buf;
1127 http_msg_req09_uri_e:
1128 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1129 http_msg_req09_ver:
1130 msg->sl.rq.v = ptr - msg_buf;
1131 msg->sl.rq.v_l = 0;
1132 goto http_msg_rqline_eol;
1133 }
1134 goto http_msg_invalid;
1135
1136 http_msg_rqmeth_sp:
1137 case HTTP_MSG_RQMETH_SP:
1138 if (likely(!HTTP_IS_LWS(*ptr))) {
1139 msg->sl.rq.u = ptr - msg_buf;
1140 goto http_msg_rquri;
1141 }
1142 if (likely(HTTP_IS_SPHT(*ptr)))
1143 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1144 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1145 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001146
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001147 http_msg_rquri:
1148 case HTTP_MSG_RQURI:
1149 if (likely(!HTTP_IS_LWS(*ptr)))
1150 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001151
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001152 if (likely(HTTP_IS_SPHT(*ptr))) {
1153 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1154 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1155 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001156
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001157 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1158 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001159
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001160 http_msg_rquri_sp:
1161 case HTTP_MSG_RQURI_SP:
1162 if (likely(!HTTP_IS_LWS(*ptr))) {
1163 msg->sl.rq.v = ptr - msg_buf;
1164 goto http_msg_rqver;
1165 }
1166 if (likely(HTTP_IS_SPHT(*ptr)))
1167 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1168 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1169 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001170
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001171 http_msg_rqver:
1172 case HTTP_MSG_RQVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001173 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001174 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001175
1176 if (likely(HTTP_IS_CRLF(*ptr))) {
1177 msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v;
1178 http_msg_rqline_eol:
1179 /* We have seen the end of line. Note that we do not
1180 * necessarily have the \n yet, but at least we know that we
1181 * have EITHER \r OR \n, otherwise the request would not be
1182 * complete. We can then record the request length and return
1183 * to the caller which will be able to register it.
1184 */
1185 msg->sl.rq.l = ptr - msg->sol;
1186 return ptr;
1187 }
1188
1189 /* neither an HTTP_VER token nor a CRLF */
1190 goto http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001191
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001192#ifdef DEBUG_FULL
1193 default:
1194 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1195 exit(1);
1196#endif
1197 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001198
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001199 http_msg_ood:
1200 /* out of data */
1201 if (ret_state)
1202 *ret_state = state;
1203 if (ret_ptr)
1204 *ret_ptr = (char *)ptr;
1205 return NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001206
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001207 http_msg_invalid:
1208 /* invalid message */
1209 if (ret_state)
1210 *ret_state = HTTP_MSG_ERROR;
1211 return NULL;
1212}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001213
1214
Willy Tarreau8973c702007-01-21 23:58:29 +01001215/*
1216 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001217 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001218 * when data are missing and recalled at the exact same location with no
1219 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001220 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
1221 * fields.
Willy Tarreau8973c702007-01-21 23:58:29 +01001222 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001223void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1224{
1225 __label__
1226 http_msg_rqbefore,
1227 http_msg_rqbefore_cr,
1228 http_msg_rqmeth,
1229 http_msg_rqline_end,
1230 http_msg_hdr_first,
1231 http_msg_hdr_name,
1232 http_msg_hdr_l1_sp,
1233 http_msg_hdr_l1_lf,
1234 http_msg_hdr_l1_lws,
1235 http_msg_hdr_val,
1236 http_msg_hdr_l2_lf,
1237 http_msg_hdr_l2_lws,
1238 http_msg_complete_header,
1239 http_msg_last_lf,
1240 http_msg_ood, /* out of data */
1241 http_msg_invalid;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001242
Willy Tarreaue69eada2008-01-27 00:34:10 +01001243 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001244 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001245
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001246 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001247 ptr = buf->lr;
1248 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001249
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001250 if (unlikely(ptr >= end))
1251 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001252
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001253 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001254 /*
1255 * First, states that are specific to the response only.
1256 * We check them first so that request and headers are
1257 * closer to each other (accessed more often).
1258 */
1259 http_msg_rpbefore:
1260 case HTTP_MSG_RPBEFORE:
1261 if (likely(HTTP_IS_TOKEN(*ptr))) {
1262 if (likely(ptr == buf->data)) {
1263 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001264 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001265 } else {
1266#if PARSE_PRESERVE_EMPTY_LINES
1267 /* only skip empty leading lines, don't remove them */
1268 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001269 msg->som = ptr - buf->data;
Willy Tarreau8973c702007-01-21 23:58:29 +01001270#else
1271 /* Remove empty leading lines, as recommended by
1272 * RFC2616. This takes a lot of time because we
1273 * must move all the buffer backwards, but this
1274 * is rarely needed. The method above will be
1275 * cleaner when we'll be able to start sending
1276 * the request from any place in the buffer.
1277 */
1278 buf->lr = ptr;
1279 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001280 msg->som = 0;
Willy Tarreau8973c702007-01-21 23:58:29 +01001281 msg->sol = buf->data;
1282 ptr = buf->data;
1283 end = buf->r;
1284#endif
1285 }
1286 hdr_idx_init(idx);
1287 state = HTTP_MSG_RPVER;
1288 goto http_msg_rpver;
1289 }
1290
1291 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1292 goto http_msg_invalid;
1293
1294 if (unlikely(*ptr == '\n'))
1295 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1296 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1297 /* stop here */
1298
1299 http_msg_rpbefore_cr:
1300 case HTTP_MSG_RPBEFORE_CR:
1301 EXPECT_LF_HERE(ptr, http_msg_invalid);
1302 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1303 /* stop here */
1304
1305 http_msg_rpver:
1306 case HTTP_MSG_RPVER:
1307 case HTTP_MSG_RPVER_SP:
1308 case HTTP_MSG_RPCODE:
1309 case HTTP_MSG_RPCODE_SP:
1310 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001311 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001312 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001313 if (unlikely(!ptr))
1314 return;
1315
1316 /* we have a full response and we know that we have either a CR
1317 * or an LF at <ptr>.
1318 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001319 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001320 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1321
1322 msg->sol = ptr;
1323 if (likely(*ptr == '\r'))
1324 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1325 goto http_msg_rpline_end;
1326
1327 http_msg_rpline_end:
1328 case HTTP_MSG_RPLINE_END:
1329 /* msg->sol must point to the first of CR or LF. */
1330 EXPECT_LF_HERE(ptr, http_msg_invalid);
1331 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1332 /* stop here */
1333
1334 /*
1335 * Second, states that are specific to the request only
1336 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001337 http_msg_rqbefore:
1338 case HTTP_MSG_RQBEFORE:
1339 if (likely(HTTP_IS_TOKEN(*ptr))) {
1340 if (likely(ptr == buf->data)) {
1341 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001342 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001343 } else {
1344#if PARSE_PRESERVE_EMPTY_LINES
1345 /* only skip empty leading lines, don't remove them */
1346 msg->sol = ptr;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001347 msg->som = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001348#else
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001349 /* Remove empty leading lines, as recommended by
1350 * RFC2616. This takes a lot of time because we
1351 * must move all the buffer backwards, but this
1352 * is rarely needed. The method above will be
1353 * cleaner when we'll be able to start sending
1354 * the request from any place in the buffer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001355 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001356 buf->lr = ptr;
1357 buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001358 msg->som = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001359 msg->sol = buf->data;
1360 ptr = buf->data;
1361 end = buf->r;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001362#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001363 }
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001364 /* we will need this when keep-alive will be supported
1365 hdr_idx_init(idx);
1366 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001367 state = HTTP_MSG_RQMETH;
1368 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001369 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001370
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001371 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1372 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001373
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001374 if (unlikely(*ptr == '\n'))
1375 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1376 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001377 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001378
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001379 http_msg_rqbefore_cr:
1380 case HTTP_MSG_RQBEFORE_CR:
1381 EXPECT_LF_HERE(ptr, http_msg_invalid);
1382 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001383 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001384
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001385 http_msg_rqmeth:
1386 case HTTP_MSG_RQMETH:
1387 case HTTP_MSG_RQMETH_SP:
1388 case HTTP_MSG_RQURI:
1389 case HTTP_MSG_RQURI_SP:
1390 case HTTP_MSG_RQVER:
1391 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001392 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001393 if (unlikely(!ptr))
1394 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001395
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001396 /* we have a full request and we know that we have either a CR
1397 * or an LF at <ptr>.
1398 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001399 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001400 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001401
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001402 msg->sol = ptr;
1403 if (likely(*ptr == '\r'))
1404 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001405 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001406
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001407 http_msg_rqline_end:
1408 case HTTP_MSG_RQLINE_END:
1409 /* check for HTTP/0.9 request : no version information available.
1410 * msg->sol must point to the first of CR or LF.
1411 */
1412 if (unlikely(msg->sl.rq.v_l == 0))
1413 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001414
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001415 EXPECT_LF_HERE(ptr, http_msg_invalid);
1416 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001417 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001418
Willy Tarreau8973c702007-01-21 23:58:29 +01001419 /*
1420 * Common states below
1421 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001422 http_msg_hdr_first:
1423 case HTTP_MSG_HDR_FIRST:
1424 msg->sol = ptr;
1425 if (likely(!HTTP_IS_CRLF(*ptr))) {
1426 goto http_msg_hdr_name;
1427 }
1428
1429 if (likely(*ptr == '\r'))
1430 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1431 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001432
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001433 http_msg_hdr_name:
1434 case HTTP_MSG_HDR_NAME:
1435 /* assumes msg->sol points to the first char */
1436 if (likely(HTTP_IS_TOKEN(*ptr)))
1437 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001438
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001439 if (likely(*ptr == ':')) {
1440 msg->col = ptr - buf->data;
1441 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1442 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001443
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001444 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001445
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001446 http_msg_hdr_l1_sp:
1447 case HTTP_MSG_HDR_L1_SP:
1448 /* assumes msg->sol points to the first char and msg->col to the colon */
1449 if (likely(HTTP_IS_SPHT(*ptr)))
1450 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001451
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001452 /* header value can be basically anything except CR/LF */
1453 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001454
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001455 if (likely(!HTTP_IS_CRLF(*ptr))) {
1456 goto http_msg_hdr_val;
1457 }
1458
1459 if (likely(*ptr == '\r'))
1460 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1461 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001462
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001463 http_msg_hdr_l1_lf:
1464 case HTTP_MSG_HDR_L1_LF:
1465 EXPECT_LF_HERE(ptr, http_msg_invalid);
1466 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001467
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001468 http_msg_hdr_l1_lws:
1469 case HTTP_MSG_HDR_L1_LWS:
1470 if (likely(HTTP_IS_SPHT(*ptr))) {
1471 /* replace HT,CR,LF with spaces */
1472 for (; buf->data+msg->sov < ptr; msg->sov++)
1473 buf->data[msg->sov] = ' ';
1474 goto http_msg_hdr_l1_sp;
1475 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001476 /* we had a header consisting only in spaces ! */
1477 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001478 goto http_msg_complete_header;
1479
1480 http_msg_hdr_val:
1481 case HTTP_MSG_HDR_VAL:
1482 /* assumes msg->sol points to the first char, msg->col to the
1483 * colon, and msg->sov points to the first character of the
1484 * value.
1485 */
1486 if (likely(!HTTP_IS_CRLF(*ptr)))
1487 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001488
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001489 msg->eol = ptr;
1490 /* Note: we could also copy eol into ->eoh so that we have the
1491 * real header end in case it ends with lots of LWS, but is this
1492 * really needed ?
1493 */
1494 if (likely(*ptr == '\r'))
1495 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1496 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001497
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001498 http_msg_hdr_l2_lf:
1499 case HTTP_MSG_HDR_L2_LF:
1500 EXPECT_LF_HERE(ptr, http_msg_invalid);
1501 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001502
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001503 http_msg_hdr_l2_lws:
1504 case HTTP_MSG_HDR_L2_LWS:
1505 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1506 /* LWS: replace HT,CR,LF with spaces */
1507 for (; msg->eol < ptr; msg->eol++)
1508 *msg->eol = ' ';
1509 goto http_msg_hdr_val;
1510 }
1511 http_msg_complete_header:
1512 /*
1513 * It was a new header, so the last one is finished.
1514 * Assumes msg->sol points to the first char, msg->col to the
1515 * colon, msg->sov points to the first character of the value
1516 * and msg->eol to the first CR or LF so we know how the line
1517 * ends. We insert last header into the index.
1518 */
1519 /*
1520 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1521 write(2, msg->sol, msg->eol-msg->sol);
1522 fprintf(stderr,"\n");
1523 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001524
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001525 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1526 idx, idx->tail) < 0))
1527 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001528
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001529 msg->sol = ptr;
1530 if (likely(!HTTP_IS_CRLF(*ptr))) {
1531 goto http_msg_hdr_name;
1532 }
1533
1534 if (likely(*ptr == '\r'))
1535 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1536 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001537
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001538 http_msg_last_lf:
1539 case HTTP_MSG_LAST_LF:
1540 /* Assumes msg->sol points to the first of either CR or LF */
1541 EXPECT_LF_HERE(ptr, http_msg_invalid);
1542 ptr++;
1543 buf->lr = ptr;
1544 msg->eoh = msg->sol - buf->data;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001545 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001546 return;
1547#ifdef DEBUG_FULL
1548 default:
1549 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1550 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001551#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001552 }
1553 http_msg_ood:
1554 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001555 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001556 buf->lr = ptr;
1557 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001558
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001559 http_msg_invalid:
1560 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001561 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001562 return;
1563}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001564
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001565/* This function performs all the processing enabled for the current request.
1566 * It returns 1 if it changes its state and it believes that another function
1567 * must be updated, otherwise zero. It might make sense to explode it into
1568 * several other functions.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001569 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001570int process_request(struct session *t)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001571{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001572 struct buffer *req = t->req;
1573 struct buffer *rep = t->rep;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001574 int fsm_resync = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001575
Willy Tarreaue46ab552008-08-13 19:19:37 +02001576 DPRINTF(stderr,"[%u] process_req: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x analysis=%02x\n",
1577 now_ms,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001578 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02001579 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
1580 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001581 req->rex, rep->wex, req->flags, rep->flags, t->analysis);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001582
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001583 if (t->analysis & AN_REQ_INSPECT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001584 struct tcp_rule *rule;
1585 int partial;
1586
1587 /* We will abort if we encounter a read error. In theory,
1588 * we should not abort if we get a close, it might be
1589 * valid, also very unlikely. FIXME: we'll abort for now,
1590 * this will be easier to change later.
1591 */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001592 if (req->flags & BF_READ_ERROR) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001593 t->inspect_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001594 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001595 t->fe->failed_req++;
1596 if (!(t->flags & SN_ERR_MASK))
1597 t->flags |= SN_ERR_CLICL;
1598 if (!(t->flags & SN_FINST_MASK))
1599 t->flags |= SN_FINST_R;
1600 return 1;
1601 }
1602
1603 /* Abort if client read timeout has expired */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001604 else if (req->flags & BF_READ_TIMEOUT) {
Willy Tarreaub6866442008-07-14 23:54:42 +02001605 t->inspect_exp = TICK_ETERNITY;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001606 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001607 t->fe->failed_req++;
1608 if (!(t->flags & SN_ERR_MASK))
1609 t->flags |= SN_ERR_CLITO;
1610 if (!(t->flags & SN_FINST_MASK))
1611 t->flags |= SN_FINST_R;
1612 return 1;
1613 }
1614
1615 /* We don't know whether we have enough data, so must proceed
1616 * this way :
1617 * - iterate through all rules in their declaration order
1618 * - if one rule returns MISS, it means the inspect delay is
1619 * not over yet, then return immediately, otherwise consider
1620 * it as a non-match.
1621 * - if one rule returns OK, then return OK
1622 * - if one rule returns KO, then return KO
1623 */
1624
Willy Tarreauba392ce2008-08-16 21:13:23 +02001625 if (req->flags & (BF_READ_NULL | BF_SHUTR) ||
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001626 tick_is_expired(t->inspect_exp, now_ms))
Willy Tarreaub6866442008-07-14 23:54:42 +02001627 partial = 0;
1628 else
1629 partial = ACL_PARTIAL;
1630
1631 list_for_each_entry(rule, &t->fe->tcp_req.inspect_rules, list) {
1632 int ret = ACL_PAT_PASS;
1633
1634 if (rule->cond) {
1635 ret = acl_exec_cond(rule->cond, t->fe, t, NULL, ACL_DIR_REQ | partial);
1636 if (ret == ACL_PAT_MISS) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001637 /* just set the request timeout once at the beginning of the request */
1638 if (!tick_isset(t->inspect_exp))
1639 t->inspect_exp = tick_add_ifset(now_ms, t->fe->tcp_req.inspect_delay);
1640
1641 return fsm_resync;
Willy Tarreaub6866442008-07-14 23:54:42 +02001642 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001643
Willy Tarreaub6866442008-07-14 23:54:42 +02001644 ret = acl_pass(ret);
1645 if (rule->cond->pol == ACL_COND_UNLESS)
1646 ret = !ret;
1647 }
1648
1649 if (ret) {
1650 /* we have a matching rule. */
1651 if (rule->action == TCP_ACT_REJECT) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02001652 buffer_shutr(req);
1653 buffer_shutw(rep);
Willy Tarreaub6866442008-07-14 23:54:42 +02001654 fd_delete(t->cli_fd);
1655 t->cli_state = CL_STCLOSE;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001656 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub6866442008-07-14 23:54:42 +02001657 t->fe->failed_req++;
1658 if (!(t->flags & SN_ERR_MASK))
1659 t->flags |= SN_ERR_PRXCOND;
1660 if (!(t->flags & SN_FINST_MASK))
1661 t->flags |= SN_FINST_R;
1662 t->inspect_exp = TICK_ETERNITY;
1663 return 1;
1664 }
1665 /* otherwise accept */
1666 break;
1667 }
1668 }
1669
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001670 /* if we get there, it means we have no rule which matches, or
1671 * we have an explicit accept, so we apply the default accept.
Willy Tarreaub6866442008-07-14 23:54:42 +02001672 */
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001673 t->analysis &= ~AN_REQ_INSPECT;
Willy Tarreaub6866442008-07-14 23:54:42 +02001674 t->inspect_exp = TICK_ETERNITY;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001675 fsm_resync = 1;
Willy Tarreaub6866442008-07-14 23:54:42 +02001676 }
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001677
1678 if (t->analysis & AN_REQ_HTTP_HDR) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001679 /*
1680 * Now parse the partial (or complete) lines.
1681 * We will check the request syntax, and also join multi-line
1682 * headers. An index of all the lines will be elaborated while
1683 * parsing.
1684 *
Willy Tarreau8973c702007-01-21 23:58:29 +01001685 * For the parsing, we use a 28 states FSM.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001686 *
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001687 * Here is the information we currently have :
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001688 * req->data + req->som = beginning of request
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001689 * req->data + req->eoh = end of processed headers / start of current one
1690 * req->data + req->eol = end of current header or line (LF or CRLF)
1691 * req->lr = first non-visited byte
1692 * req->r = end of data
1693 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001694
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001695 int cur_idx;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001696 struct http_txn *txn = &t->txn;
1697 struct http_msg *msg = &txn->req;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001698 struct proxy *cur_proxy;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001699
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001700 if (likely(req->lr < req->r))
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001701 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001702
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001703 /* 1: we might have to print this header in debug mode */
1704 if (unlikely((global.mode & MODE_DEBUG) &&
1705 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001706 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001707 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001708
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001709 sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001710 eol = sol + msg->sl.rq.l;
1711 debug_hdr("clireq", t, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01001712
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001713 sol += hdr_idx_first_pos(&txn->hdr_idx);
1714 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001715
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001716 while (cur_idx) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001717 eol = sol + txn->hdr_idx.v[cur_idx].len;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001718 debug_hdr("clihdr", t, sol, eol);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001719 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
1720 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001721 }
1722 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001723
Willy Tarreau58f10d72006-12-04 02:26:12 +01001724
1725 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001726 * Now we quickly check if we have found a full valid request.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001727 * If not so, we check the FD and buffer states before leaving.
1728 * A full request is indicated by the fact that we have seen
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001729 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
1730 * requests are checked first.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001731 *
1732 */
1733
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001734 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001735 /*
1736 * First, let's catch bad requests.
1737 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001738 if (unlikely(msg->msg_state == HTTP_MSG_ERROR))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001739 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001740
1741 /* 1: Since we are in header mode, if there's no space
1742 * left for headers, we won't be able to free more
1743 * later, so the session will never terminate. We
1744 * must terminate it now.
1745 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001746 if (unlikely(req->l >= req->rlim - req->data)) {
1747 /* FIXME: check if URI is set and return Status
1748 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001749 */
Willy Tarreau06619262006-12-17 08:37:22 +01001750 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001751 }
1752
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001753 /* 2: have we encountered a close ? */
1754 else if (req->flags & BF_READ_NULL) {
1755 txn->status = 400;
1756 client_retnclose(t, error_message(t, HTTP_ERR_400));
1757 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001758 t->analysis &= ~AN_REQ_ANY;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001759 t->fe->failed_req++;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001760
Willy Tarreau58f10d72006-12-04 02:26:12 +01001761 if (!(t->flags & SN_ERR_MASK))
1762 t->flags |= SN_ERR_CLICL;
1763 if (!(t->flags & SN_FINST_MASK))
1764 t->flags |= SN_FINST_R;
1765 return 1;
1766 }
1767
1768 /* 3: has the read timeout expired ? */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001769 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(txn->exp, now_ms)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01001770 /* read timeout : give up with an error message. */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001771 txn->status = 408;
Willy Tarreau80587432006-12-24 17:47:20 +01001772 client_retnclose(t, error_message(t, HTTP_ERR_408));
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001773 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001774 t->analysis &= ~AN_REQ_ANY;
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01001775 t->fe->failed_req++;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001776 if (!(t->flags & SN_ERR_MASK))
1777 t->flags |= SN_ERR_CLITO;
1778 if (!(t->flags & SN_FINST_MASK))
1779 t->flags |= SN_FINST_R;
1780 return 1;
1781 }
1782
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001783 /* 4: have we encountered a read error or did we have to shutdown ? */
Willy Tarreauba392ce2008-08-16 21:13:23 +02001784 else if (req->flags & (BF_READ_ERROR | BF_SHUTR)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001785 /* we cannot return any message on error */
1786 msg->msg_state = HTTP_MSG_ERROR;
1787 t->analysis &= ~AN_REQ_ANY;
1788 t->fe->failed_req++;
1789 if (!(t->flags & SN_ERR_MASK))
1790 t->flags |= SN_ERR_CLICL;
1791 if (!(t->flags & SN_FINST_MASK))
1792 t->flags |= SN_FINST_R;
1793 return 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001794 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02001795
1796 /* just set the request timeout once at the beginning of the request */
1797 if (!tick_isset(t->txn.exp))
1798 t->txn.exp = tick_add_ifset(now_ms, t->fe->timeout.httpreq);
1799
1800 /* we're not ready yet */
1801 return fsm_resync;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001802 }
1803
1804
1805 /****************************************************************
1806 * More interesting part now : we know that we have a complete *
1807 * request which at least looks like HTTP. We have an indicator *
1808 * of each header's length, so we can parse them quickly. *
1809 ****************************************************************/
1810
Willy Tarreau67f0eea2008-08-10 22:55:22 +02001811 t->analysis &= ~AN_REQ_HTTP_HDR;
1812
Willy Tarreau9cdde232007-05-02 20:58:19 +02001813 /* ensure we keep this pointer to the beginning of the message */
1814 msg->sol = req->data + msg->som;
1815
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001816 /*
1817 * 1: identify the method
1818 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001819 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001820
1821 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001822 * 2: check if the URI matches the monitor_uri.
Willy Tarreau06619262006-12-17 08:37:22 +01001823 * We have to do this for every request which gets in, because
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001824 * the monitor-uri is defined by the frontend.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001825 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001826 if (unlikely((t->fe->monitor_uri_len != 0) &&
1827 (t->fe->monitor_uri_len == msg->sl.rq.u_l) &&
1828 !memcmp(&req->data[msg->sl.rq.u],
1829 t->fe->monitor_uri,
1830 t->fe->monitor_uri_len))) {
1831 /*
1832 * We have found the monitor URI
1833 */
Willy Tarreaub80c2302007-11-30 20:51:32 +01001834 struct acl_cond *cond;
1835 cur_proxy = t->fe;
1836
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001837 t->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01001838
1839 /* Check if we want to fail this monitor request or not */
1840 list_for_each_entry(cond, &cur_proxy->mon_fail_cond, list) {
1841 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02001842
1843 ret = acl_pass(ret);
Willy Tarreaub80c2302007-11-30 20:51:32 +01001844 if (cond->pol == ACL_COND_UNLESS)
1845 ret = !ret;
1846
1847 if (ret) {
1848 /* we fail this request, let's return 503 service unavail */
1849 txn->status = 503;
1850 client_retnclose(t, error_message(t, HTTP_ERR_503));
1851 goto return_prx_cond;
1852 }
1853 }
1854
1855 /* nothing to fail, let's reply normaly */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001856 txn->status = 200;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001857 client_retnclose(t, &http_200_chunk);
1858 goto return_prx_cond;
1859 }
1860
1861 /*
1862 * 3: Maybe we have to copy the original REQURI for the logs ?
1863 * Note: we cannot log anymore if the request has been
1864 * classified as invalid.
1865 */
1866 if (unlikely(t->logs.logwait & LW_REQ)) {
1867 /* we have a complete HTTP request that we must log */
Willy Tarreau332f8bf2007-05-13 21:36:56 +02001868 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001869 int urilen = msg->sl.rq.l;
1870
1871 if (urilen >= REQURI_LEN)
1872 urilen = REQURI_LEN - 1;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01001873 memcpy(txn->uri, &req->data[msg->som], urilen);
1874 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001875
1876 if (!(t->logs.logwait &= ~LW_REQ))
Willy Tarreau42250582007-04-01 01:30:43 +02001877 http_sess_log(t);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001878 } else {
1879 Alert("HTTP logging : out of memory.\n");
1880 }
1881 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001882
Willy Tarreau06619262006-12-17 08:37:22 +01001883
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001884 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
1885 if (unlikely(msg->sl.rq.v_l == 0)) {
1886 int delta;
1887 char *cur_end;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001888 msg->sol = req->data + msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001889 cur_end = msg->sol + msg->sl.rq.l;
1890 delta = 0;
Willy Tarreau06619262006-12-17 08:37:22 +01001891
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001892 if (msg->sl.rq.u_l == 0) {
1893 /* if no URI was set, add "/" */
1894 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
1895 cur_end += delta;
1896 msg->eoh += delta;
Willy Tarreau06619262006-12-17 08:37:22 +01001897 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001898 /* add HTTP version */
1899 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
1900 msg->eoh += delta;
1901 cur_end += delta;
1902 cur_end = (char *)http_parse_reqline(msg, req->data,
1903 HTTP_MSG_RQMETH,
1904 msg->sol, cur_end + 1,
1905 NULL, NULL);
1906 if (unlikely(!cur_end))
1907 goto return_bad_req;
1908
1909 /* we have a full HTTP/1.0 request now and we know that
1910 * we have either a CR or an LF at <ptr>.
1911 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01001912 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
Willy Tarreau58f10d72006-12-04 02:26:12 +01001913 }
1914
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001915
1916 /* 5: we may need to capture headers */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001917 if (unlikely((t->logs.logwait & LW_REQHDR) && t->fe->req_cap))
Willy Tarreau117f59e2007-03-04 18:17:17 +01001918 capture_headers(req->data + msg->som, &txn->hdr_idx,
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001919 txn->req.cap, t->fe->req_cap);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001920
1921 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001922 * 6: we will have to evaluate the filters.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001923 * As opposed to version 1.2, now they will be evaluated in the
1924 * filters order and not in the header order. This means that
1925 * each filter has to be validated among all headers.
Willy Tarreau06619262006-12-17 08:37:22 +01001926 *
1927 * We can now check whether we want to switch to another
1928 * backend, in which case we will re-check the backend's
1929 * filters and various options. In order to support 3-level
1930 * switching, here's how we should proceed :
1931 *
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001932 * a) run be.
Willy Tarreau830ff452006-12-17 19:31:23 +01001933 * if (switch) then switch ->be to the new backend.
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001934 * b) run be if (be != fe).
Willy Tarreau06619262006-12-17 08:37:22 +01001935 * There cannot be any switch from there, so ->be cannot be
1936 * changed anymore.
1937 *
Willy Tarreau830ff452006-12-17 19:31:23 +01001938 * => filters always apply to ->be, then ->be may change.
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001939 *
Willy Tarreau830ff452006-12-17 19:31:23 +01001940 * The response path will be able to apply either ->be, or
1941 * ->be then ->fe filters in order to match the reverse of
1942 * the forward sequence.
Willy Tarreau58f10d72006-12-04 02:26:12 +01001943 */
1944
Willy Tarreau06619262006-12-17 08:37:22 +01001945 do {
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02001946 struct acl_cond *cond;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02001947 struct redirect_rule *rule;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02001948 struct proxy *rule_set = t->be;
Willy Tarreau830ff452006-12-17 19:31:23 +01001949 cur_proxy = t->be;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001950
Willy Tarreaub463dfb2008-06-07 23:08:56 +02001951 /* first check whether we have some ACLs set to redirect this request */
1952 list_for_each_entry(rule, &cur_proxy->redirect_rules, list) {
1953 int ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02001954
1955 ret = acl_pass(ret);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02001956 if (rule->cond->pol == ACL_COND_UNLESS)
1957 ret = !ret;
1958
1959 if (ret) {
1960 struct chunk rdr = { trash, 0 };
1961 const char *msg_fmt;
1962
1963 /* build redirect message */
1964 switch(rule->code) {
1965 case 303:
1966 rdr.len = strlen(HTTP_303);
1967 msg_fmt = HTTP_303;
1968 break;
1969 case 301:
1970 rdr.len = strlen(HTTP_301);
1971 msg_fmt = HTTP_301;
1972 break;
1973 case 302:
1974 default:
1975 rdr.len = strlen(HTTP_302);
1976 msg_fmt = HTTP_302;
1977 break;
1978 }
1979
1980 if (unlikely(rdr.len > sizeof(trash)))
1981 goto return_bad_req;
1982 memcpy(rdr.str, msg_fmt, rdr.len);
1983
1984 switch(rule->type) {
1985 case REDIRECT_TYPE_PREFIX: {
1986 const char *path;
1987 int pathlen;
1988
1989 path = http_get_path(txn);
1990 /* build message using path */
1991 if (path) {
1992 pathlen = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
1993 } else {
1994 path = "/";
1995 pathlen = 1;
1996 }
1997
1998 if (rdr.len + rule->rdr_len + pathlen > sizeof(trash) - 4)
1999 goto return_bad_req;
2000
2001 /* add prefix */
2002 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2003 rdr.len += rule->rdr_len;
2004
2005 /* add path */
2006 memcpy(rdr.str + rdr.len, path, pathlen);
2007 rdr.len += pathlen;
2008 break;
2009 }
2010 case REDIRECT_TYPE_LOCATION:
2011 default:
2012 if (rdr.len + rule->rdr_len > sizeof(trash) - 4)
2013 goto return_bad_req;
2014
2015 /* add location */
2016 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2017 rdr.len += rule->rdr_len;
2018 break;
2019 }
2020
2021 /* add end of headers */
2022 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
2023 rdr.len += 4;
2024
2025 txn->status = rule->code;
2026 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002027 t->logs.tv_request = now;
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002028 client_retnclose(t, &rdr);
2029 goto return_prx_cond;
2030 }
2031 }
2032
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002033 /* first check whether we have some ACLs set to block this request */
2034 list_for_each_entry(cond, &cur_proxy->block_cond, list) {
Willy Tarreaud41f8d82007-06-10 10:06:18 +02002035 int ret = acl_exec_cond(cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002036
2037 ret = acl_pass(ret);
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002038 if (cond->pol == ACL_COND_UNLESS)
2039 ret = !ret;
2040
2041 if (ret) {
2042 txn->status = 403;
2043 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002044 t->logs.tv_request = now;
Willy Tarreau5c8e3e02007-05-07 00:58:25 +02002045 client_retnclose(t, error_message(t, HTTP_ERR_403));
2046 goto return_prx_cond;
2047 }
2048 }
2049
Willy Tarreau06619262006-12-17 08:37:22 +01002050 /* try headers filters */
Willy Tarreau53b6c742006-12-17 13:37:46 +01002051 if (rule_set->req_exp != NULL) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002052 if (apply_filters_to_request(t, req, rule_set->req_exp) < 0)
2053 goto return_bad_req;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002054 }
2055
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002056 if (!(t->flags & SN_BE_ASSIGNED) && (t->be != cur_proxy)) {
2057 /* to ensure correct connection accounting on
2058 * the backend, we count the connection for the
2059 * one managing the queue.
2060 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002061 t->be->beconn++;
2062 if (t->be->beconn > t->be->beconn_max)
2063 t->be->beconn_max = t->be->beconn;
2064 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002065 t->flags |= SN_BE_ASSIGNED;
2066 }
2067
Willy Tarreau06619262006-12-17 08:37:22 +01002068 /* has the request been denied ? */
Willy Tarreau3d300592007-03-18 18:34:41 +01002069 if (txn->flags & TX_CLDENY) {
Willy Tarreau06619262006-12-17 08:37:22 +01002070 /* no need to go further */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002071 txn->status = 403;
Willy Tarreau06619262006-12-17 08:37:22 +01002072 /* let's log the request time */
Willy Tarreau70089872008-06-13 21:12:51 +02002073 t->logs.tv_request = now;
Willy Tarreau80587432006-12-24 17:47:20 +01002074 client_retnclose(t, error_message(t, HTTP_ERR_403));
Willy Tarreau06619262006-12-17 08:37:22 +01002075 goto return_prx_cond;
2076 }
2077
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002078 /* We might have to check for "Connection:" */
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002079 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002080 !(t->flags & SN_CONN_CLOSED)) {
2081 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002082 int cur_idx, old_idx, delta, val;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002083 struct hdr_idx_elem *cur_hdr;
Willy Tarreau06619262006-12-17 08:37:22 +01002084
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002085 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002086 old_idx = 0;
2087
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002088 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2089 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002090 cur_ptr = cur_next;
2091 cur_end = cur_ptr + cur_hdr->len;
2092 cur_next = cur_end + cur_hdr->cr + 1;
2093
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002094 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2095 if (val) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002096 /* 3 possibilities :
2097 * - we have already set Connection: close,
2098 * so we remove this line.
2099 * - we have not yet set Connection: close,
2100 * but this line indicates close. We leave
2101 * it untouched and set the flag.
2102 * - we have not yet set Connection: close,
2103 * and this line indicates non-close. We
2104 * replace it.
2105 */
2106 if (t->flags & SN_CONN_CLOSED) {
2107 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002108 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002109 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002110 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2111 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002112 cur_hdr->len = 0;
2113 } else {
Willy Tarreauaa9dce32007-03-18 23:50:16 +01002114 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2115 delta = buffer_replace2(req, cur_ptr + val, cur_end,
2116 "close", 5);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002117 cur_next += delta;
2118 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002119 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002120 }
2121 t->flags |= SN_CONN_CLOSED;
2122 }
2123 }
2124 old_idx = cur_idx;
2125 }
Willy Tarreauf2f0ee82007-03-30 12:02:43 +02002126 }
2127 /* add request headers from the rule sets in the same order */
2128 for (cur_idx = 0; cur_idx < rule_set->nb_reqadd; cur_idx++) {
2129 if (unlikely(http_header_add_tail(req,
2130 &txn->req,
2131 &txn->hdr_idx,
2132 rule_set->req_add[cur_idx])) < 0)
2133 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01002134 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002135
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002136 /* check if stats URI was requested, and if an auth is needed */
Willy Tarreau0214c3a2007-01-07 13:47:30 +01002137 if (rule_set->uri_auth != NULL &&
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002138 (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) {
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002139 /* we have to check the URI and auth for this request.
2140 * FIXME!!! that one is rather dangerous, we want to
2141 * make it follow standard rules (eg: clear t->analysis).
2142 */
Willy Tarreaub2513902006-12-17 14:52:38 +01002143 if (stats_check_uri_auth(t, rule_set))
2144 return 1;
2145 }
2146
Willy Tarreau55ea7572007-06-17 19:56:27 +02002147 /* now check whether we have some switching rules for this request */
2148 if (!(t->flags & SN_BE_ASSIGNED)) {
2149 struct switching_rule *rule;
2150
2151 list_for_each_entry(rule, &cur_proxy->switching_rules, list) {
2152 int ret;
2153
2154 ret = acl_exec_cond(rule->cond, cur_proxy, t, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002155
2156 ret = acl_pass(ret);
Willy Tarreaua8cfa342008-07-09 11:23:31 +02002157 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreau55ea7572007-06-17 19:56:27 +02002158 ret = !ret;
2159
2160 if (ret) {
2161 t->be = rule->be.backend;
2162 t->be->beconn++;
2163 if (t->be->beconn > t->be->beconn_max)
2164 t->be->beconn_max = t->be->beconn;
2165 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002166
2167 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002168 t->rep->rto = t->req->wto = t->be->timeout.server;
2169 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002170 t->conn_retries = t->be->conn_retries;
Willy Tarreau55ea7572007-06-17 19:56:27 +02002171 t->flags |= SN_BE_ASSIGNED;
2172 break;
2173 }
2174 }
2175 }
2176
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002177 if (!(t->flags & SN_BE_ASSIGNED) && cur_proxy->defbe.be) {
2178 /* No backend was set, but there was a default
2179 * backend set in the frontend, so we use it and
2180 * loop again.
2181 */
2182 t->be = cur_proxy->defbe.be;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002183 t->be->beconn++;
2184 if (t->be->beconn > t->be->beconn_max)
2185 t->be->beconn_max = t->be->beconn;
2186 t->be->cum_beconn++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002187
2188 /* assign new parameters to the session from the new backend */
Willy Tarreaud7c30f92007-12-03 01:38:36 +01002189 t->rep->rto = t->req->wto = t->be->timeout.server;
2190 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002191 t->conn_retries = t->be->conn_retries;
Willy Tarreau5fdfb912007-01-01 23:11:07 +01002192 t->flags |= SN_BE_ASSIGNED;
2193 }
2194 } while (t->be != cur_proxy); /* we loop only if t->be has changed */
Willy Tarreau2a324282006-12-05 00:05:46 +01002195
Willy Tarreau58f10d72006-12-04 02:26:12 +01002196
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002197 if (!(t->flags & SN_BE_ASSIGNED)) {
2198 /* To ensure correct connection accounting on
2199 * the backend, we count the connection for the
2200 * one managing the queue.
2201 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002202 t->be->beconn++;
2203 if (t->be->beconn > t->be->beconn_max)
2204 t->be->beconn_max = t->be->beconn;
2205 t->be->cum_beconn++;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002206 t->flags |= SN_BE_ASSIGNED;
2207 }
2208
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002209 /*
2210 * Right now, we know that we have processed the entire headers
Willy Tarreau2a324282006-12-05 00:05:46 +01002211 * and that unwanted requests have been filtered out. We can do
Willy Tarreau230fd0b2006-12-17 12:05:00 +01002212 * whatever we want with the remaining request. Also, now we
Willy Tarreau830ff452006-12-17 19:31:23 +01002213 * may have separate values for ->fe, ->be.
Willy Tarreau2a324282006-12-05 00:05:46 +01002214 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002215
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01002216 /*
2217 * If HTTP PROXY is set we simply get remote server address
2218 * parsing incoming request.
2219 */
2220 if ((t->be->options & PR_O_HTTP_PROXY) && !(t->flags & SN_ADDR_SET)) {
2221 url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &t->srv_addr);
2222 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002223
Willy Tarreau2a324282006-12-05 00:05:46 +01002224 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002225 * 7: the appsession cookie was looked up very early in 1.2,
Willy Tarreau06619262006-12-17 08:37:22 +01002226 * so let's do the same now.
2227 */
2228
2229 /* It needs to look into the URI */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002230 if (t->be->appsession_name) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01002231 get_srv_from_appsession(t, &req->data[msg->som], msg->sl.rq.l);
Willy Tarreau06619262006-12-17 08:37:22 +01002232 }
2233
2234
2235 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002236 * 8: Now we can work with the cookies.
Willy Tarreau2a324282006-12-05 00:05:46 +01002237 * Note that doing so might move headers in the request, but
2238 * the fields will stay coherent and the URI will not move.
Willy Tarreau06619262006-12-17 08:37:22 +01002239 * This should only be performed in the backend.
Willy Tarreau2a324282006-12-05 00:05:46 +01002240 */
Willy Tarreau396d2c62007-11-04 19:30:00 +01002241 if ((t->be->cookie_name || t->be->appsession_name || t->be->capture_name)
2242 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
Willy Tarreau2a324282006-12-05 00:05:46 +01002243 manage_client_side_cookies(t, req);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002244
Willy Tarreau58f10d72006-12-04 02:26:12 +01002245
Willy Tarreau2a324282006-12-05 00:05:46 +01002246 /*
Willy Tarreaubb046ac2007-03-03 19:17:03 +01002247 * 9: add X-Forwarded-For if either the frontend or the backend
2248 * asks for it.
Willy Tarreau2a324282006-12-05 00:05:46 +01002249 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02002250 if ((t->fe->options | t->be->options) & PR_O_FWDFOR) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002251 if (t->cli_addr.ss_family == AF_INET) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002252 /* Add an X-Forwarded-For header unless the source IP is
2253 * in the 'except' network range.
2254 */
2255 if ((!t->fe->except_mask.s_addr ||
2256 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->fe->except_mask.s_addr)
2257 != t->fe->except_net.s_addr) &&
2258 (!t->be->except_mask.s_addr ||
2259 (((struct sockaddr_in *)&t->cli_addr)->sin_addr.s_addr & t->be->except_mask.s_addr)
2260 != t->be->except_net.s_addr)) {
2261 int len;
2262 unsigned char *pn;
2263 pn = (unsigned char *)&((struct sockaddr_in *)&t->cli_addr)->sin_addr;
Willy Tarreau45e73e32006-12-17 00:05:15 +01002264
Ross Westaf72a1d2008-08-03 10:51:45 +02002265 /* Note: we rely on the backend to get the header name to be used for
2266 * x-forwarded-for, because the header is really meant for the backends.
2267 * However, if the backend did not specify any option, we have to rely
2268 * on the frontend's header name.
2269 */
2270 if (t->be->fwdfor_hdr_len) {
2271 len = t->be->fwdfor_hdr_len;
2272 memcpy(trash, t->be->fwdfor_hdr_name, len);
2273 } else {
2274 len = t->fe->fwdfor_hdr_len;
2275 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2276 }
2277 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002278
Ross Westaf72a1d2008-08-03 10:51:45 +02002279 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002280 &txn->hdr_idx, trash, len)) < 0)
2281 goto return_bad_req;
2282 }
Willy Tarreau2a324282006-12-05 00:05:46 +01002283 }
2284 else if (t->cli_addr.ss_family == AF_INET6) {
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002285 /* FIXME: for the sake of completeness, we should also support
2286 * 'except' here, although it is mostly useless in this case.
2287 */
Willy Tarreau2a324282006-12-05 00:05:46 +01002288 int len;
2289 char pn[INET6_ADDRSTRLEN];
2290 inet_ntop(AF_INET6,
2291 (const void *)&((struct sockaddr_in6 *)(&t->cli_addr))->sin6_addr,
2292 pn, sizeof(pn));
Ross Westaf72a1d2008-08-03 10:51:45 +02002293
2294 /* Note: we rely on the backend to get the header name to be used for
2295 * x-forwarded-for, because the header is really meant for the backends.
2296 * However, if the backend did not specify any option, we have to rely
2297 * on the frontend's header name.
2298 */
2299 if (t->be->fwdfor_hdr_len) {
2300 len = t->be->fwdfor_hdr_len;
2301 memcpy(trash, t->be->fwdfor_hdr_name, len);
2302 } else {
2303 len = t->fe->fwdfor_hdr_len;
2304 memcpy(trash, t->fe->fwdfor_hdr_name, len);
2305 }
2306 len += sprintf(trash + len, ": %s", pn);
2307
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002308 if (unlikely(http_header_add_tail2(req, &txn->req,
2309 &txn->hdr_idx, trash, len)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002310 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01002311 }
2312 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002313
Willy Tarreau2a324282006-12-05 00:05:46 +01002314 /*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002315 * 10: add "Connection: close" if needed and not yet set.
Willy Tarreau2807efd2007-03-25 23:47:23 +02002316 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaub2513902006-12-17 14:52:38 +01002317 */
Willy Tarreau2807efd2007-03-25 23:47:23 +02002318 if (!(t->flags & SN_CONN_CLOSED) &&
Krzysztof Oledzki336d4752007-12-25 02:40:22 +01002319 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
Willy Tarreau2807efd2007-03-25 23:47:23 +02002320 if ((unlikely(msg->sl.rq.v_l != 8) ||
2321 unlikely(req->data[msg->som + msg->sl.rq.v + 7] != '0')) &&
2322 unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx,
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002323 "Connection: close", 17)) < 0)
Willy Tarreau06619262006-12-17 08:37:22 +01002324 goto return_bad_req;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002325 t->flags |= SN_CONN_CLOSED;
Willy Tarreaue15d9132006-12-14 22:26:42 +01002326 }
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002327 /* Before we switch to data, was assignment set in manage_client_side_cookie?
2328 * If not assigned, perhaps we are balancing on url_param, but this is a
2329 * POST; and the parameters are in the body, maybe scan there to find our server.
2330 * (unless headers overflowed the buffer?)
2331 */
2332 if (!(t->flags & (SN_ASSIGNED|SN_DIRECT)) &&
2333 t->txn.meth == HTTP_METH_POST && t->be->url_param_name != NULL &&
Willy Tarreaufb0528b2008-08-11 00:21:56 +02002334 t->be->url_param_post_limit != 0 && req->l < BUFSIZE &&
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002335 memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
2336 /* are there enough bytes here? total == l || r || rlim ?
2337 * len is unsigned, but eoh is int,
2338 * how many bytes of body have we received?
2339 * eoh is the first empty line of the header
2340 */
2341 /* already established CRLF or LF at eoh, move to start of message, find message length in buffer */
Willy Tarreaufb0528b2008-08-11 00:21:56 +02002342 unsigned long len = req->l - (msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002343
2344 /* If we have HTTP/1.1 and Expect: 100-continue, then abort.
2345 * We can't assume responsibility for the server's decision,
2346 * on this URI and header set. See rfc2616: 14.20, 8.2.3,
2347 * We also can't change our mind later, about which server to choose, so round robin.
2348 */
2349 if ((likely(msg->sl.rq.v_l == 8) && req->data[msg->som + msg->sl.rq.v + 7] == '1')) {
2350 struct hdr_ctx ctx;
2351 ctx.idx = 0;
2352 /* Expect is allowed in 1.1, look for it */
2353 http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx);
2354 if (ctx.idx != 0 &&
Willy Tarreauadfb8562008-08-11 15:24:42 +02002355 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002356 /* We can't reliablly stall and wait for data, because of
2357 * .NET clients that don't conform to rfc2616; so, no need for
2358 * the next block to check length expectations.
2359 * We could send 100 status back to the client, but then we need to
2360 * re-write headers, and send the message. And this isn't the right
2361 * place for that action.
2362 * TODO: support Expect elsewhere and delete this block.
2363 */
2364 goto end_check_maybe_wait_for_body;
2365 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002366
2367 if (likely(len > t->be->url_param_post_limit)) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002368 /* nothing to do, we got enough */
2369 } else {
2370 /* limit implies we are supposed to need this many bytes
2371 * to find the parameter. Let's see how many bytes we can wait for.
2372 */
2373 long long hint = len;
2374 struct hdr_ctx ctx;
2375 ctx.idx = 0;
2376 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx);
Willy Tarreauadfb8562008-08-11 15:24:42 +02002377 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0)
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002378 t->analysis |= AN_REQ_HTTP_BODY;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002379 else {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002380 ctx.idx = 0;
2381 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx);
2382 /* now if we have a length, we'll take the hint */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002383 if (ctx.idx) {
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002384 /* We have Content-Length */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002385 if (strl2llrc(ctx.line+ctx.val,ctx.vlen, &hint))
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002386 hint = 0; /* parse failure, untrusted client */
2387 else {
Willy Tarreauadfb8562008-08-11 15:24:42 +02002388 if (hint > 0)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002389 msg->hdr_content_len = hint;
2390 else
2391 hint = 0; /* bad client, sent negative length */
2392 }
2393 }
2394 /* but limited to what we care about, maybe we don't expect any entity data (hint == 0) */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002395 if (t->be->url_param_post_limit < hint)
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002396 hint = t->be->url_param_post_limit;
2397 /* now do we really need to buffer more data? */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002398 if (len < hint)
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002399 t->analysis |= AN_REQ_HTTP_BODY;
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002400 /* else... There are no body bytes to wait for */
2401 }
2402 }
2403 }
2404 end_check_maybe_wait_for_body:
Willy Tarreaubaaee002006-06-26 02:48:02 +02002405
Willy Tarreau2a324282006-12-05 00:05:46 +01002406 /*************************************************************
2407 * OK, that's finished for the headers. We have done what we *
2408 * could. Let's switch to the DATA state. *
2409 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02002410
Willy Tarreauadfb8562008-08-11 15:24:42 +02002411 req->rlim = req->data + BUFSIZE; /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02002412 t->logs.tv_request = now;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002413
Willy Tarreau1fa31262007-12-03 00:36:16 +01002414 /* When a connection is tarpitted, we use the tarpit timeout,
2415 * which may be the same as the connect timeout if unspecified.
2416 * If unset, then set it to zero because we really want it to
2417 * eventually expire.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002418 * FIXME: this part should be moved elsewhere (eg: on the server side)
Willy Tarreau2a324282006-12-05 00:05:46 +01002419 */
Willy Tarreau3d300592007-03-18 18:34:41 +01002420 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002421 t->req->l = 0;
2422 /* flush the request so that we can drop the connection early
2423 * if the client closes first.
2424 */
Willy Tarreau0c303ee2008-07-07 00:09:58 +02002425 req->cex = tick_add_ifset(now_ms, t->be->timeout.tarpit);
2426 if (!req->cex)
2427 req->cex = now_ms;
Willy Tarreau2a324282006-12-05 00:05:46 +01002428 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002429
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002430 /* OK let's go on with the BODY now */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002431 fsm_resync = 1;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002432 goto end_of_headers;
Willy Tarreau06619262006-12-17 08:37:22 +01002433
2434 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01002435 txn->req.msg_state = HTTP_MSG_ERROR;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01002436 txn->status = 400;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002437 t->analysis &= ~AN_REQ_ANY;
Willy Tarreau80587432006-12-24 17:47:20 +01002438 client_retnclose(t, error_message(t, HTTP_ERR_400));
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01002439 t->fe->failed_req++;
Willy Tarreau06619262006-12-17 08:37:22 +01002440 return_prx_cond:
2441 if (!(t->flags & SN_ERR_MASK))
2442 t->flags |= SN_ERR_PRXCOND;
2443 if (!(t->flags & SN_FINST_MASK))
2444 t->flags |= SN_FINST_R;
2445 return 1;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002446 end_of_headers:
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002447 ; // to keep gcc happy
Willy Tarreauadfb8562008-08-11 15:24:42 +02002448 }
2449
2450 if (t->analysis & AN_REQ_HTTP_BODY) {
2451 /* We have to parse the HTTP request body to find any required data.
2452 * "balance url_param check_post" should have been the only way to get
2453 * into this. We were brought here after HTTP header analysis, so all
2454 * related structures are ready.
2455 */
2456 struct http_msg *msg = &t->txn.req;
2457 unsigned long body = msg->sol[msg->eoh] == '\r' ? msg->eoh + 2 : msg->eoh + 1;
2458 long long limit = t->be->url_param_post_limit;
2459 struct hdr_ctx ctx;
2460
2461 ctx.idx = 0;
2462
2463 /* now if we have a length, we'll take the hint */
2464 http_find_header2("Transfer-Encoding", 17, msg->sol, &t->txn.hdr_idx, &ctx);
2465 if (ctx.idx && ctx.vlen >= 7 && strncasecmp(ctx.line+ctx.val, "chunked", 7) == 0) {
2466 unsigned int chunk = 0;
2467 while (body < req->l && !HTTP_IS_CRLF(msg->sol[body])) {
2468 char c = msg->sol[body];
2469 if (ishex(c)) {
2470 unsigned int hex = toupper(c) - '0';
2471 if (hex > 9)
2472 hex -= 'A' - '9' - 1;
2473 chunk = (chunk << 4) | hex;
2474 } else
2475 break;
2476 body++;
2477 }
2478 if (body + 2 >= req->l) /* we want CRLF too */
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002479 goto http_body_end; /* end of buffer? data missing! */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002480
2481 if (memcmp(msg->sol+body, "\r\n", 2) != 0)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002482 goto http_body_end; /* chunked encoding len ends with CRLF, and we don't have it yet */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002483
2484 body += 2; // skip CRLF
2485
2486 /* if we support more then one chunk here, we have to do it again when assigning server
2487 * 1. how much entity data do we have? new var
2488 * 2. should save entity_start, entity_cursor, elen & rlen in req; so we don't repeat scanning here
2489 * 3. test if elen > limit, or set new limit to elen if 0 (end of entity found)
2490 */
2491
2492 if (chunk < limit)
2493 limit = chunk; /* only reading one chunk */
2494 } else {
2495 if (msg->hdr_content_len < limit)
2496 limit = msg->hdr_content_len;
2497 }
2498
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002499 http_body_end:
2500 /* we leave once we know we have nothing left to do. This means that we have
2501 * enough bytes, or that we know we'll not get any more (buffer full, read
2502 * buffer closed).
2503 */
2504 if (req->l - body >= limit || /* enough bytes! */
2505 req->l >= req->rlim - req->data || /* full */
2506 req->flags & (BF_READ_ERROR | BF_READ_NULL | BF_READ_TIMEOUT)) {
2507 /* The situation will not evolve, so let's give up on the analysis. */
Willy Tarreauadfb8562008-08-11 15:24:42 +02002508 t->logs.tv_request = now; /* update the request timer to reflect full request */
2509 t->analysis &= ~AN_REQ_HTTP_BODY;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002510 fsm_resync = 1;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002511 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002512 }
Willy Tarreauadfb8562008-08-11 15:24:42 +02002513
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002514 return fsm_resync;
2515}
Willy Tarreauadfb8562008-08-11 15:24:42 +02002516
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002517/* This function performs all the processing enabled for the current response.
2518 * It returns 1 if it changes its state and it believes that another function
2519 * must be updated, otherwise zero. It might make sense to explode it into
2520 * several other functions.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002521 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002522int process_response(struct session *t)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002523{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002524 struct http_txn *txn = &t->txn;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002525 struct buffer *req = t->req;
2526 struct buffer *rep = t->rep;
Willy Tarreauadfb8562008-08-11 15:24:42 +02002527
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002528 DPRINTF(stderr,"[%u] process_rep: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x analysis=%02x\n",
Willy Tarreaue46ab552008-08-13 19:19:37 +02002529 now_ms,
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002530 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02002531 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_RD) : 0,
2532 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002533 req->rex, rep->wex, req->flags, rep->flags, t->analysis);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02002534
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002535 if (t->analysis & AN_RTR_HTTP_HDR) { /* receiving server headers */
2536 /*
2537 * Now parse the partial (or complete) lines.
2538 * We will check the response syntax, and also join multi-line
2539 * headers. An index of all the lines will be elaborated while
2540 * parsing.
2541 *
2542 * For the parsing, we use a 28 states FSM.
2543 *
2544 * Here is the information we currently have :
2545 * rep->data + req->som = beginning of response
2546 * rep->data + req->eoh = end of processed headers / start of current one
2547 * rep->data + req->eol = end of current header or line (LF or CRLF)
2548 * rep->lr = first non-visited byte
2549 * rep->r = end of data
2550 */
Willy Tarreau7f875f62008-08-11 17:35:01 +02002551
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002552 int cur_idx;
2553 struct http_msg *msg = &txn->rsp;
2554 struct proxy *cur_proxy;
2555
2556 if (likely(rep->lr < rep->r))
2557 http_msg_analyzer(rep, msg, &txn->hdr_idx);
2558
2559 /* 1: we might have to print this header in debug mode */
2560 if (unlikely((global.mode & MODE_DEBUG) &&
2561 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
2562 (msg->msg_state == HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
2563 char *eol, *sol;
2564
2565 sol = rep->data + msg->som;
2566 eol = sol + msg->sl.rq.l;
2567 debug_hdr("srvrep", t, sol, eol);
2568
2569 sol += hdr_idx_first_pos(&txn->hdr_idx);
2570 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
2571
2572 while (cur_idx) {
2573 eol = sol + txn->hdr_idx.v[cur_idx].len;
2574 debug_hdr("srvhdr", t, sol, eol);
2575 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2576 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002577 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002578 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002579
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002580 /*
2581 * Now we quickly check if we have found a full valid response.
2582 * If not so, we check the FD and buffer states before leaving.
2583 * A full response is indicated by the fact that we have seen
2584 * the double LF/CRLF, so the state is HTTP_MSG_BODY. Invalid
2585 * responses are checked first.
2586 *
2587 * Depending on whether the client is still there or not, we
2588 * may send an error response back or not. Note that normally
2589 * we should only check for HTTP status there, and check I/O
2590 * errors somewhere else.
2591 */
2592
2593 if (unlikely(msg->msg_state != HTTP_MSG_BODY)) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002594 /* Invalid response */
2595 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
2596 hdr_response_bad:
Willy Tarreauba392ce2008-08-16 21:13:23 +02002597 buffer_shutr(rep);
2598 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002599 fd_delete(t->srv_fd);
2600 if (t->srv) {
2601 t->srv->cur_sess--;
2602 t->srv->failed_resp++;
2603 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002604 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002605 t->be->failed_resp++;
2606 t->srv_state = SV_STCLOSE;
2607 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002608 txn->status = 502;
2609 client_return(t, error_message(t, HTTP_ERR_502));
2610 if (!(t->flags & SN_ERR_MASK))
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002611 t->flags |= SN_ERR_PRXCOND;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002612 if (!(t->flags & SN_FINST_MASK))
2613 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002614
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002615 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2616 process_srv_queue(t->srv);
2617
2618 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002619 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002620 /* write error to client, read error or close from server */
2621 if (req->flags & BF_WRITE_ERROR ||
Willy Tarreauba392ce2008-08-16 21:13:23 +02002622 rep->flags & (BF_READ_ERROR | BF_READ_NULL | BF_SHUTW)) {
2623 buffer_shutr(rep);
2624 buffer_shutw(req);
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002625 fd_delete(t->srv_fd);
2626 if (t->srv) {
2627 t->srv->cur_sess--;
2628 t->srv->failed_resp++;
2629 sess_change_server(t, NULL);
2630 }
2631 t->be->failed_resp++;
2632 t->srv_state = SV_STCLOSE;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002633 t->analysis &= ~AN_RTR_ANY;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002634 txn->status = 502;
2635 client_return(t, error_message(t, HTTP_ERR_502));
2636 if (!(t->flags & SN_ERR_MASK))
2637 t->flags |= SN_ERR_SRVCL;
2638 if (!(t->flags & SN_FINST_MASK))
2639 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002640
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002641 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2642 process_srv_queue(t->srv);
2643
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002644 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002645 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002646 /* too large response does not fit in buffer. */
Willy Tarreau461f6622008-08-15 23:43:19 +02002647 else if (rep->l >= rep->rlim - rep->data) {
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002648 goto hdr_response_bad;
Willy Tarreau461f6622008-08-15 23:43:19 +02002649 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002650 /* read timeout : return a 504 to the client. */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002651 else if (rep->flags & BF_READ_TIMEOUT) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02002652 buffer_shutr(rep);
2653 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002654 fd_delete(t->srv_fd);
2655 if (t->srv) {
2656 t->srv->cur_sess--;
2657 t->srv->failed_resp++;
2658 sess_change_server(t, NULL);
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002659 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002660 t->be->failed_resp++;
2661 t->srv_state = SV_STCLOSE;
2662 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002663 txn->status = 504;
2664 client_return(t, error_message(t, HTTP_ERR_504));
2665 if (!(t->flags & SN_ERR_MASK))
2666 t->flags |= SN_ERR_SRVTO;
2667 if (!(t->flags & SN_FINST_MASK))
2668 t->flags |= SN_FINST_H;
Willy Tarreau461f6622008-08-15 23:43:19 +02002669
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002670 if (t->srv && may_dequeue_tasks(t->srv, t->be))
2671 process_srv_queue(t->srv);
2672 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002673 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002674 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002675 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002676
Willy Tarreau21d2af32008-02-14 20:25:24 +01002677
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002678 /*****************************************************************
2679 * More interesting part now : we know that we have a complete *
2680 * response which at least looks like HTTP. We have an indicator *
2681 * of each header's length, so we can parse them quickly. *
2682 ****************************************************************/
Willy Tarreau21d2af32008-02-14 20:25:24 +01002683
Willy Tarreaua7c52762008-08-16 18:40:18 +02002684 t->analysis &= ~AN_RTR_HTTP_HDR;
2685
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002686 /* ensure we keep this pointer to the beginning of the message */
2687 msg->sol = rep->data + msg->som;
Willy Tarreau21d2af32008-02-14 20:25:24 +01002688
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002689 /*
2690 * 1: get the status code and check for cacheability.
2691 */
Willy Tarreau21d2af32008-02-14 20:25:24 +01002692
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002693 t->logs.logwait &= ~LW_RESP;
2694 txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreau21d2af32008-02-14 20:25:24 +01002695
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002696 switch (txn->status) {
2697 case 200:
2698 case 203:
2699 case 206:
2700 case 300:
2701 case 301:
2702 case 410:
2703 /* RFC2616 @13.4:
2704 * "A response received with a status code of
2705 * 200, 203, 206, 300, 301 or 410 MAY be stored
2706 * by a cache (...) unless a cache-control
2707 * directive prohibits caching."
2708 *
2709 * RFC2616 @9.5: POST method :
2710 * "Responses to this method are not cacheable,
2711 * unless the response includes appropriate
2712 * Cache-Control or Expires header fields."
2713 */
2714 if (likely(txn->meth != HTTP_METH_POST) &&
2715 (t->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
2716 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
2717 break;
2718 default:
2719 break;
2720 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01002721
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002722 /*
2723 * 2: we may need to capture headers
2724 */
2725 if (unlikely((t->logs.logwait & LW_RSPHDR) && t->fe->rsp_cap))
2726 capture_headers(rep->data + msg->som, &txn->hdr_idx,
2727 txn->rsp.cap, t->fe->rsp_cap);
2728
2729 /*
2730 * 3: we will have to evaluate the filters.
2731 * As opposed to version 1.2, now they will be evaluated in the
2732 * filters order and not in the header order. This means that
2733 * each filter has to be validated among all headers.
2734 *
2735 * Filters are tried with ->be first, then with ->fe if it is
2736 * different from ->be.
2737 */
2738
2739 t->flags &= ~SN_CONN_CLOSED; /* prepare for inspection */
2740
2741 cur_proxy = t->be;
2742 while (1) {
2743 struct proxy *rule_set = cur_proxy;
2744
2745 /* try headers filters */
2746 if (rule_set->rsp_exp != NULL) {
2747 if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) {
2748 return_bad_resp:
2749 if (t->srv) {
2750 t->srv->cur_sess--;
2751 t->srv->failed_resp++;
2752 sess_change_server(t, NULL);
2753 }
2754 cur_proxy->failed_resp++;
2755 return_srv_prx_502:
Willy Tarreauba392ce2008-08-16 21:13:23 +02002756 buffer_shutr(rep);
2757 buffer_shutw(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002758 fd_delete(t->srv_fd);
2759 t->srv_state = SV_STCLOSE;
2760 t->analysis &= ~AN_RTR_ANY;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002761 txn->status = 502;
2762 client_return(t, error_message(t, HTTP_ERR_502));
2763 if (!(t->flags & SN_ERR_MASK))
2764 t->flags |= SN_ERR_PRXCOND;
2765 if (!(t->flags & SN_FINST_MASK))
2766 t->flags |= SN_FINST_H;
2767 /* We used to have a free connection slot. Since we'll never use it,
2768 * we have to inform the server that it may be used by another session.
2769 */
2770 if (t->srv && may_dequeue_tasks(t->srv, cur_proxy))
2771 process_srv_queue(t->srv);
Willy Tarreau21d2af32008-02-14 20:25:24 +01002772 return 1;
2773 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002774 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01002775
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002776 /* has the response been denied ? */
2777 if (txn->flags & TX_SVDENY) {
Willy Tarreauf899b942008-03-28 18:09:38 +01002778 if (t->srv) {
2779 t->srv->cur_sess--;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002780 t->srv->failed_secu++;
Willy Tarreau7c669d72008-06-20 15:04:11 +02002781 sess_change_server(t, NULL);
Willy Tarreauf899b942008-03-28 18:09:38 +01002782 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002783 cur_proxy->denied_resp++;
2784 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01002785 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002786
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002787 /* We might have to check for "Connection:" */
2788 if (((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) &&
2789 !(t->flags & SN_CONN_CLOSED)) {
2790 char *cur_ptr, *cur_end, *cur_next;
2791 int cur_idx, old_idx, delta, val;
2792 struct hdr_idx_elem *cur_hdr;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002793
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002794 cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
2795 old_idx = 0;
Willy Tarreau541b5c22008-01-06 23:34:21 +01002796
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002797 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
2798 cur_hdr = &txn->hdr_idx.v[cur_idx];
2799 cur_ptr = cur_next;
2800 cur_end = cur_ptr + cur_hdr->len;
2801 cur_next = cur_end + cur_hdr->cr + 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002802
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002803 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
2804 if (val) {
2805 /* 3 possibilities :
2806 * - we have already set Connection: close,
2807 * so we remove this line.
2808 * - we have not yet set Connection: close,
2809 * but this line indicates close. We leave
2810 * it untouched and set the flag.
2811 * - we have not yet set Connection: close,
2812 * and this line indicates non-close. We
2813 * replace it.
2814 */
2815 if (t->flags & SN_CONN_CLOSED) {
2816 delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0);
2817 txn->rsp.eoh += delta;
2818 cur_next += delta;
2819 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2820 txn->hdr_idx.used--;
2821 cur_hdr->len = 0;
2822 } else {
2823 if (strncasecmp(cur_ptr + val, "close", 5) != 0) {
2824 delta = buffer_replace2(rep, cur_ptr + val, cur_end,
2825 "close", 5);
2826 cur_next += delta;
2827 cur_hdr->len += delta;
2828 txn->rsp.eoh += delta;
2829 }
2830 t->flags |= SN_CONN_CLOSED;
2831 }
2832 }
2833 old_idx = cur_idx;
Willy Tarreau541b5c22008-01-06 23:34:21 +01002834 }
2835 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002836
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002837 /* add response headers from the rule sets in the same order */
2838 for (cur_idx = 0; cur_idx < rule_set->nb_rspadd; cur_idx++) {
2839 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx,
2840 rule_set->rsp_add[cur_idx])) < 0)
2841 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02002842 }
2843
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002844 /* check whether we're already working on the frontend */
2845 if (cur_proxy == t->fe)
2846 break;
2847 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002848 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002849
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002850 /*
2851 * 4: check for server cookie.
2852 */
2853 if (t->be->cookie_name || t->be->appsession_name || t->be->capture_name
2854 || (t->be->options & PR_O_CHK_CACHE))
2855 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002856
Willy Tarreaubaaee002006-06-26 02:48:02 +02002857
Willy Tarreaua15645d2007-03-18 16:22:39 +01002858 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002859 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002860 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002861 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
2862 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01002863
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002864 /*
2865 * 6: add server cookie in the response if needed
2866 */
2867 if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) &&
2868 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) {
2869 int len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002870
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002871 /* the server is known, it's not the one the client requested, we have to
2872 * insert a set-cookie here, except if we want to insert only on POST
2873 * requests and this one isn't. Note that servers which don't have cookies
2874 * (eg: some backup servers) will return a full cookie removal request.
2875 */
2876 len = sprintf(trash, "Set-Cookie: %s=%s; path=/",
2877 t->be->cookie_name,
2878 t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
Willy Tarreaubaaee002006-06-26 02:48:02 +02002879
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002880 if (t->be->cookie_domain)
2881 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02002882
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002883 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2884 trash, len)) < 0)
2885 goto return_bad_resp;
2886 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02002887
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002888 /* Here, we will tell an eventual cache on the client side that we don't
2889 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
2890 * Some caches understand the correct form: 'no-cache="set-cookie"', but
2891 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
2892 */
2893 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02002894
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002895 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
2896
2897 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2898 "Cache-control: private", 22)) < 0)
2899 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002900 }
2901 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02002902
Willy Tarreaubaaee002006-06-26 02:48:02 +02002903
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002904 /*
2905 * 7: check if result will be cacheable with a cookie.
2906 * We'll block the response if security checks have caught
2907 * nasty things such as a cacheable cookie.
2908 */
2909 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
2910 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
2911 (t->be->options & PR_O_CHK_CACHE)) {
2912
2913 /* we're in presence of a cacheable response containing
2914 * a set-cookie header. We'll block it as requested by
2915 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002916 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002917 if (t->srv) {
2918 t->srv->cur_sess--;
2919 t->srv->failed_secu++;
2920 sess_change_server(t, NULL);
2921 }
2922 t->be->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002923
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002924 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
2925 t->be->id, t->srv?t->srv->id:"<dispatch>");
2926 send_log(t->be, LOG_ALERT,
2927 "Blocking cacheable cookie in response from instance %s, server %s.\n",
2928 t->be->id, t->srv?t->srv->id:"<dispatch>");
2929 goto return_srv_prx_502;
2930 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01002931
2932 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002933 * 8: add "Connection: close" if needed and not yet set.
2934 * Note that we do not need to add it in case of HTTP/1.0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01002935 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002936 if (!(t->flags & SN_CONN_CLOSED) &&
2937 ((t->fe->options | t->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
2938 if ((unlikely(msg->sl.st.v_l != 8) ||
2939 unlikely(req->data[msg->som + 7] != '0')) &&
2940 unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
2941 "Connection: close", 17)) < 0)
2942 goto return_bad_resp;
2943 t->flags |= SN_CONN_CLOSED;
2944 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01002945
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002946 /*************************************************************
2947 * OK, that's finished for the headers. We have done what we *
2948 * could. Let's switch to the DATA state. *
2949 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02002950
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002951 rep->rlim = rep->data + BUFSIZE; /* no more rewrite needed */
2952 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01002953
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002954#ifdef CONFIG_HAP_TCPSPLICE
2955 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
2956 /* TCP splicing supported by both FE and BE */
2957 tcp_splice_splicefd(t->cli_fd, t->srv_fd, 0);
2958 }
2959#endif
2960 /* if the user wants to log as soon as possible, without counting
2961 * bytes from the server, then this is the right moment. We have
2962 * to temporarily assign bytes_out to log what we currently have.
2963 */
2964 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
2965 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
2966 t->logs.bytes_out = txn->rsp.eoh;
2967 if (t->fe->to_log & LW_REQ)
2968 http_sess_log(t);
2969 else
2970 tcp_sess_log(t);
2971 t->logs.bytes_out = 0;
2972 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01002973
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002974 /* Note: we must not try to cheat by jumping directly to DATA,
2975 * otherwise we would not let the client side wake up.
2976 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01002977
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002978 return 1;
2979 }
2980 return 0;
2981}
Willy Tarreaua15645d2007-03-18 16:22:39 +01002982
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002983/*
2984 * manages the client FSM and its socket. BTW, it also tries to handle the
2985 * cookie. It returns 1 if a state has changed (and a resync may be needed),
2986 * 0 else.
Willy Tarreaua7c52762008-08-16 18:40:18 +02002987 * Note: process_srv is the ONLY function allowed to set cli_state to anything
2988 * but CL_STCLOSE.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002989 */
2990int process_cli(struct session *t)
2991{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002992 struct buffer *req = t->req;
2993 struct buffer *rep = t->rep;
Willy Tarreaua15645d2007-03-18 16:22:39 +01002994
Willy Tarreaucebf57e2008-08-15 18:16:37 +02002995 DPRINTF(stderr,"[%u] process_cli: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
Willy Tarreauf5483bf2008-08-14 18:35:40 +02002996 now_ms,
2997 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02002998 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_RD) : 0,
2999 t->cli_fd >= 0 && fdtab[t->cli_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->cli_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003000 req->rex, rep->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003001 req->flags, rep->flags,
3002 req->l, rep->l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01003003
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003004 /* if no analysis remains, it's time to forward the connection */
Willy Tarreaud9f48362008-08-16 16:39:26 +02003005 if (!(t->analysis & AN_REQ_ANY) && !(req->flags & BF_MAY_FORWARD))
3006 req->flags |= BF_MAY_FORWARD;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003007
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003008 /* FIXME: we still have to check for CL_STSHUTR because client_retnclose
3009 * still set this state (and will do until unix sockets are converted).
3010 */
3011 if (t->cli_state == CL_STDATA || t->cli_state == CL_STSHUTR) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003012 /* read or write error */
3013 if (rep->flags & BF_WRITE_ERROR || req->flags & BF_READ_ERROR) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003014 buffer_shutr(req);
3015 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003016 fd_delete(t->cli_fd);
3017 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003018 trace_term(t, TT_HTTP_CLI_1);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003019 if (!(t->flags & SN_ERR_MASK))
3020 t->flags |= SN_ERR_CLICL;
3021 if (!(t->flags & SN_FINST_MASK)) {
3022 if (t->analysis & AN_REQ_ANY)
3023 t->flags |= SN_FINST_R;
3024 else if (t->pend_pos)
3025 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003026 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003027 t->flags |= SN_FINST_C;
3028 else
3029 t->flags |= SN_FINST_D;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003030 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003031 return 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003032 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003033 /* last read, or end of server write */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003034 else if (!(req->flags & BF_SHUTR) && /* already done */
3035 req->flags & (BF_READ_NULL | BF_SHUTW)) {
3036 buffer_shutr(req);
3037 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003038 EV_FD_CLR(t->cli_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003039 trace_term(t, TT_HTTP_CLI_2);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003040 } else {
3041 /* output was already closed */
3042 fd_delete(t->cli_fd);
3043 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003044 trace_term(t, TT_HTTP_CLI_3);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003045 }
3046 return 1;
3047 }
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003048 /* last server read and buffer empty : we only check them when we're
3049 * allowed to forward the data.
3050 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003051 else if (!(rep->flags & BF_SHUTW) && /* already done */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003052 rep->l == 0 && rep->flags & BF_MAY_FORWARD &&
Willy Tarreauba392ce2008-08-16 21:13:23 +02003053 rep->flags & BF_SHUTR && !(t->flags & SN_SELF_GEN)) {
3054 buffer_shutw(rep);
3055 if (!(req->flags & BF_SHUTR)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003056 EV_FD_CLR(t->cli_fd, DIR_WR);
3057 shutdown(t->cli_fd, SHUT_WR);
3058 /* We must ensure that the read part is still alive when switching to shutw */
3059 /* FIXME: is this still true ? */
3060 EV_FD_SET(t->cli_fd, DIR_RD);
3061 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauf8533202008-08-16 14:55:08 +02003062 trace_term(t, TT_HTTP_CLI_4);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003063 } else {
3064 fd_delete(t->cli_fd);
3065 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003066 trace_term(t, TT_HTTP_CLI_5);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003067 }
3068 return 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003069 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003070 /* read timeout */
3071 else if (tick_is_expired(req->rex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003072 buffer_shutr(req);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003073 req->flags |= BF_READ_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003074 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003075 EV_FD_CLR(t->cli_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003076 trace_term(t, TT_HTTP_CLI_6);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003077 } else {
3078 /* output was already closed */
3079 fd_delete(t->cli_fd);
3080 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003081 trace_term(t, TT_HTTP_CLI_7);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003082 }
3083 if (!(t->flags & SN_ERR_MASK))
3084 t->flags |= SN_ERR_CLITO;
3085 if (!(t->flags & SN_FINST_MASK)) {
3086 if (t->analysis & AN_REQ_ANY)
3087 t->flags |= SN_FINST_R;
3088 else if (t->pend_pos)
3089 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003090 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003091 t->flags |= SN_FINST_C;
3092 else
3093 t->flags |= SN_FINST_D;
3094 }
3095 return 1;
3096 }
3097 /* write timeout */
3098 else if (tick_is_expired(rep->wex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003099 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003100 rep->flags |= BF_WRITE_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003101 if (!(req->flags & BF_SHUTR)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003102 EV_FD_CLR(t->cli_fd, DIR_WR);
3103 shutdown(t->cli_fd, SHUT_WR);
3104 /* We must ensure that the read part is still alive when switching to shutw */
3105 /* FIXME: is this still true ? */
3106 EV_FD_SET(t->cli_fd, DIR_RD);
3107 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauf8533202008-08-16 14:55:08 +02003108 trace_term(t, TT_HTTP_CLI_8);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003109 } else {
3110 fd_delete(t->cli_fd);
3111 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003112 trace_term(t, TT_HTTP_CLI_9);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003113 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003114
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003115 if (!(t->flags & SN_ERR_MASK))
3116 t->flags |= SN_ERR_CLITO;
3117 if (!(t->flags & SN_FINST_MASK)) {
3118 if (t->analysis & AN_REQ_ANY)
3119 t->flags |= SN_FINST_R;
3120 else if (t->pend_pos)
3121 t->flags |= SN_FINST_Q;
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003122 else if (t->srv_state == SV_STCONN)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003123 t->flags |= SN_FINST_C;
3124 else
3125 t->flags |= SN_FINST_D;
3126 }
3127 return 1;
3128 }
3129
3130 /* manage read timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003131 if (!(req->flags & BF_SHUTR)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003132 if (req->l >= req->rlim - req->data) {
3133 /* no room to read more data */
3134 if (EV_FD_COND_C(t->cli_fd, DIR_RD)) {
3135 /* stop reading until we get some space */
3136 req->rex = TICK_ETERNITY;
3137 }
3138 } else {
3139 EV_FD_COND_S(t->cli_fd, DIR_RD);
3140 req->rex = tick_add_ifset(now_ms, t->fe->timeout.client);
3141 }
3142 }
3143
3144 /* manage write timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003145 if (!(rep->flags & BF_SHUTW)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003146 /* first, we may have to produce data (eg: stats).
3147 * right now, this is limited to the SHUTR state.
3148 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003149 if (req->flags & BF_SHUTR && t->flags & SN_SELF_GEN) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003150 produce_content(t);
3151 if (rep->l == 0) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003152 buffer_shutw(rep);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003153 fd_delete(t->cli_fd);
3154 t->cli_state = CL_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003155 trace_term(t, TT_HTTP_CLI_10);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003156 return 1;
3157 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003158 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003159
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003160 /* we don't enable client write if the buffer is empty, nor if the server has to analyze it */
3161 if ((rep->l == 0) || !(rep->flags & BF_MAY_FORWARD)) {
3162 if (EV_FD_COND_C(t->cli_fd, DIR_WR)) {
3163 /* stop writing */
3164 rep->wex = TICK_ETERNITY;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003165 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003166 } else {
3167 /* buffer not empty */
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003168 EV_FD_COND_S(t->cli_fd, DIR_WR);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003169 if (!tick_isset(rep->wex)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003170 /* restart writing */
3171 rep->wex = tick_add_ifset(now_ms, t->fe->timeout.client);
Willy Tarreauba392ce2008-08-16 21:13:23 +02003172 if (!(req->flags & BF_SHUTR) && tick_isset(rep->wex) && tick_isset(req->rex)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003173 /* FIXME: to prevent the client from expiring read timeouts during writes,
3174 * we refresh it, except if it was already infinite. */
3175 req->rex = rep->wex;
3176 }
3177 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003178 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003179 }
3180 return 0; /* other cases change nothing */
3181 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003182 else if (t->cli_state == CL_STCLOSE) { /* CL_STCLOSE: nothing to do */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003183 if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3184 int len;
3185 len = sprintf(trash, "%08x:%s.clicls[%04x:%04x]\n", t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
3186 write(1, trash, len);
3187 }
3188 return 0;
3189 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003190#ifdef DEBUG_FULL
3191 else {
3192 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->cli_state);
3193 exit(1);
3194 }
3195#endif
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003196 return 0;
3197}
Willy Tarreaubaaee002006-06-26 02:48:02 +02003198
Willy Tarreaubaaee002006-06-26 02:48:02 +02003199
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003200/*
3201 * manages the server FSM and its socket. It returns 1 if a state has changed
3202 * (and a resync may be needed), 0 else.
Willy Tarreaua7c52762008-08-16 18:40:18 +02003203 * Note: process_srv is the ONLY function allowed to set srv_state to anything
3204 * but SV_STCLOSE. The only exception is for functions called from this
3205 * one (eg: those in backend.c).
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003206 */
3207int process_srv(struct session *t)
3208{
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003209 struct http_txn *txn = &t->txn;
3210 struct buffer *req = t->req;
3211 struct buffer *rep = t->rep;
3212 int conn_err;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003213
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003214 DPRINTF(stderr,"[%u] process_srv: c=%s s=%s set(r,w)=%d,%d exp(r,w)=%u,%u req=%08x rep=%08x rql=%d rpl=%d\n",
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003215 now_ms,
3216 cli_stnames[t->cli_state], srv_stnames[t->srv_state],
Willy Tarreaua7c52762008-08-16 18:40:18 +02003217 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_RD) : 0,
3218 t->srv_fd >= 0 && fdtab[t->srv_fd].state != FD_STCLOSE ? EV_FD_ISSET(t->srv_fd, DIR_WR) : 0,
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003219 rep->rex, req->wex,
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003220 req->flags, rep->flags,
3221 req->l, rep->l);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003222
Willy Tarreau461f6622008-08-15 23:43:19 +02003223 /* if no analysis remains, we have to let the data pass */
3224 if (!(t->analysis & AN_RTR_ANY) && !(rep->flags & BF_MAY_FORWARD))
3225 rep->flags |= BF_MAY_FORWARD;
3226
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003227 if (t->srv_state == SV_STIDLE) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003228 if ((rep->flags & BF_SHUTW) ||
3229 ((req->flags & BF_SHUTR) &&
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003230 (req->l == 0 || t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
3231 req->cex = TICK_ETERNITY;
3232 if (t->pend_pos)
3233 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3234 /* note that this must not return any error because it would be able to
3235 * overwrite the client_retnclose() output.
3236 */
3237 if (txn->flags & TX_CLTARPIT)
3238 srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_T, 0, NULL);
3239 else
3240 srv_close_with_err(t, SN_ERR_CLICL, t->pend_pos ? SN_FINST_Q : SN_FINST_C, 0, NULL);
3241
Willy Tarreauf8533202008-08-16 14:55:08 +02003242 trace_term(t, TT_HTTP_SRV_1);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003243 return 1;
3244 }
Willy Tarreaud9f48362008-08-16 16:39:26 +02003245 else if (req->flags & BF_MAY_FORWARD) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003246 /* the client allows the server to connect */
3247 if (txn->flags & TX_CLTARPIT) {
3248 /* This connection is being tarpitted. The CLIENT side has
3249 * already set the connect expiration date to the right
3250 * timeout. We just have to check that it has not expired.
3251 */
3252 if (!tick_is_expired(req->cex, now_ms))
3253 return 0;
3254
3255 /* We will set the queue timer to the time spent, just for
3256 * logging purposes. We fake a 500 server error, so that the
3257 * attacker will not suspect his connection has been tarpitted.
3258 * It will not cause trouble to the logs because we can exclude
3259 * the tarpitted connections by filtering on the 'PT' status flags.
3260 */
3261 req->cex = TICK_ETERNITY;
3262 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3263 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_T,
3264 500, error_message(t, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02003265 trace_term(t, TT_HTTP_SRV_2);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003266 return 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003267 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003268
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003269 /* Right now, we will need to create a connection to the server.
3270 * We might already have tried, and got a connection pending, in
3271 * which case we will not do anything till it's pending. It's up
3272 * to any other session to release it and wake us up again.
3273 */
3274 if (t->pend_pos) {
3275 if (!tick_is_expired(req->cex, now_ms)) {
3276 return 0;
3277 } else {
3278 /* we've been waiting too long here */
3279 req->cex = TICK_ETERNITY;
3280 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3281 srv_close_with_err(t, SN_ERR_SRVTO, SN_FINST_Q,
3282 503, error_message(t, HTTP_ERR_503));
Willy Tarreauf8533202008-08-16 14:55:08 +02003283 trace_term(t, TT_HTTP_SRV_3);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003284 if (t->srv)
3285 t->srv->failed_conns++;
3286 t->be->failed_conns++;
3287 return 1;
3288 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003289 }
3290
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003291 do {
3292 /* first, get a connection */
3293 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
3294 t->flags |= SN_REDIRECTABLE;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003295
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003296 if (srv_redispatch_connect(t))
3297 return t->srv_state != SV_STIDLE;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003298
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003299 if ((t->flags & SN_REDIRECTABLE) && t->srv && t->srv->rdr_len) {
3300 /* Server supporting redirection and it is possible.
3301 * Invalid requests are reported as such. It concerns all
3302 * the largest ones.
3303 */
3304 struct chunk rdr;
3305 char *path;
3306 int len;
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003307
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003308 /* 1: create the response header */
3309 rdr.len = strlen(HTTP_302);
3310 rdr.str = trash;
3311 memcpy(rdr.str, HTTP_302, rdr.len);
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003312
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003313 /* 2: add the server's prefix */
3314 if (rdr.len + t->srv->rdr_len > sizeof(trash))
3315 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003316
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003317 memcpy(rdr.str + rdr.len, t->srv->rdr_pfx, t->srv->rdr_len);
3318 rdr.len += t->srv->rdr_len;
3319
3320 /* 3: add the request URI */
3321 path = http_get_path(txn);
3322 if (!path)
3323 goto cancel_redir;
3324 len = txn->req.sl.rq.u_l + (txn->req.sol+txn->req.sl.rq.u) - path;
3325 if (rdr.len + len > sizeof(trash) - 4) /* 4 for CRLF-CRLF */
3326 goto cancel_redir;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003327
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003328 memcpy(rdr.str + rdr.len, path, len);
3329 rdr.len += len;
3330 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
3331 rdr.len += 4;
Krzysztof Piotr Oledzkiefe3b6f2008-05-23 23:49:32 +02003332
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003333 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
Willy Tarreauf8533202008-08-16 14:55:08 +02003334 trace_term(t, TT_HTTP_SRV_3);
3335
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003336 /* FIXME: we should increase a counter of redirects per server and per backend. */
3337 if (t->srv)
3338 t->srv->cum_sess++;
3339 return 1;
3340 cancel_redir:
3341 txn->status = 400;
3342 t->fe->failed_req++;
3343 srv_close_with_err(t, SN_ERR_PRXCOND, SN_FINST_C,
3344 400, error_message(t, HTTP_ERR_400));
Willy Tarreauf8533202008-08-16 14:55:08 +02003345 trace_term(t, TT_HTTP_SRV_4);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003346 return 1;
3347 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003348
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003349 /* try to (re-)connect to the server, and fail if we expire the
3350 * number of retries.
3351 */
3352 if (srv_retryable_connect(t)) {
3353 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3354 return t->srv_state != SV_STIDLE;
3355 }
3356 } while (1);
3357 }
3358 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003359 else if (t->srv_state == SV_STCONN) { /* connection in progress */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003360 if ((rep->flags & BF_SHUTW) ||
3361 ((req->flags & BF_SHUTR) &&
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003362 ((req->l == 0 && !(req->flags & BF_WRITE_STATUS)) ||
3363 t->be->options & PR_O_ABRT_CLOSE))) { /* give up */
3364 req->cex = TICK_ETERNITY;
3365 if (!(t->flags & SN_CONN_TAR)) {
3366 /* if we are in turn-around, we have already closed the FD */
3367 fd_delete(t->srv_fd);
3368 if (t->srv) {
3369 t->srv->cur_sess--;
3370 sess_change_server(t, NULL);
3371 }
3372 }
Krzysztof Oledzki9198ab52007-10-11 18:56:27 +02003373
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003374 /* note that this must not return any error because it would be able to
3375 * overwrite the client_retnclose() output.
3376 */
3377 srv_close_with_err(t, SN_ERR_CLICL, SN_FINST_C, 0, NULL);
Willy Tarreauf8533202008-08-16 14:55:08 +02003378 trace_term(t, TT_HTTP_SRV_5);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003379 return 1;
3380 }
3381 if (!(req->flags & BF_WRITE_STATUS) && !tick_is_expired(req->cex, now_ms)) {
3382 return 0; /* nothing changed */
3383 }
3384 else if (!(req->flags & BF_WRITE_STATUS) || (req->flags & BF_WRITE_ERROR)) {
3385 /* timeout, asynchronous connect error or first write error */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003386 if (t->flags & SN_CONN_TAR) {
3387 /* We are doing a turn-around waiting for a new connection attempt. */
3388 if (!tick_is_expired(req->cex, now_ms))
3389 return 0;
3390 t->flags &= ~SN_CONN_TAR;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003391 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003392 else {
3393 fd_delete(t->srv_fd);
3394 if (t->srv) {
3395 t->srv->cur_sess--;
3396 sess_change_server(t, NULL);
3397 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003398
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003399 if (!(req->flags & BF_WRITE_STATUS))
3400 conn_err = SN_ERR_SRVTO; // it was a connect timeout.
3401 else
3402 conn_err = SN_ERR_SRVCL; // it was an asynchronous connect error.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003403
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003404 /* ensure that we have enough retries left */
3405 if (srv_count_retry_down(t, conn_err))
3406 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003407
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003408 if (req->flags & BF_WRITE_ERROR) {
3409 /* we encountered an immediate connection error, and we
3410 * will have to retry connecting to the same server, most
3411 * likely leading to the same result. To avoid this, we
3412 * fake a connection timeout to retry after a turn-around
3413 * time of 1 second. We will wait in the previous if block.
3414 */
3415 t->flags |= SN_CONN_TAR;
3416 req->cex = tick_add(now_ms, MS_TO_TICKS(1000));
3417 return 0;
3418 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003419 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003420
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003421 if (t->srv && t->conn_retries == 0 && t->be->options & PR_O_REDISP) {
3422 /* We're on our last chance, and the REDISP option was specified.
3423 * We will ignore cookie and force to balance or use the dispatcher.
3424 */
3425 /* let's try to offer this slot to anybody */
3426 if (may_dequeue_tasks(t->srv, t->be))
3427 process_srv_queue(t->srv);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003428
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003429 /* it's left to the dispatcher to choose a server */
3430 t->flags &= ~(SN_DIRECT | SN_ASSIGNED | SN_ADDR_SET);
3431 t->prev_srv = t->srv;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003432
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003433 /* first, get a connection */
3434 if (srv_redispatch_connect(t))
3435 return t->srv_state != SV_STCONN;
3436 } else {
3437 if (t->srv)
3438 t->srv->retries++;
3439 t->be->retries++;
3440 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003441
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003442 do {
3443 /* Now we will try to either reconnect to the same server or
3444 * connect to another server. If the connection gets queued
3445 * because all servers are saturated, then we will go back to
3446 * the SV_STIDLE state.
3447 */
3448 if (srv_retryable_connect(t)) {
3449 t->logs.t_queue = tv_ms_elapsed(&t->logs.tv_accept, &now);
3450 return t->srv_state != SV_STCONN;
3451 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003452
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003453 /* we need to redispatch the connection to another server */
3454 if (srv_redispatch_connect(t))
3455 return t->srv_state != SV_STCONN;
3456 } while (1);
3457 }
3458 else { /* no error or write 0 */
3459 t->logs.t_connect = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003460
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003461 if (req->l == 0) /* nothing to write */ {
3462 EV_FD_CLR(t->srv_fd, DIR_WR);
3463 req->wex = TICK_ETERNITY;
3464 } else /* need the right to write */ {
3465 EV_FD_SET(t->srv_fd, DIR_WR);
3466 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
3467 if (tick_isset(req->wex)) {
3468 /* FIXME: to prevent the server from expiring read timeouts during writes,
3469 * we refresh it. */
3470 rep->rex = req->wex;
3471 }
3472 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003473
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003474 if (t->be->mode == PR_MODE_TCP) { /* let's allow immediate data connection in this case */
3475 EV_FD_SET(t->srv_fd, DIR_RD);
3476 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
3477 t->srv_state = SV_STDATA;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003478 rep->rlim = rep->data + BUFSIZE; /* no rewrite needed */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003479
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003480 /* if the user wants to log as soon as possible, without counting
3481 bytes from the server, then this is the right moment. */
3482 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
3483 t->logs.t_close = t->logs.t_connect; /* to get a valid end date */
3484 tcp_sess_log(t);
3485 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003486#ifdef CONFIG_HAP_TCPSPLICE
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003487 if ((t->fe->options & t->be->options) & PR_O_TCPSPLICE) {
3488 /* TCP splicing supported by both FE and BE */
3489 tcp_splice_splicefd(t->cli_fd, t->srv_fd, 0);
3490 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01003491#endif
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003492 }
3493 else {
3494 t->srv_state = SV_STDATA;
3495 t->analysis |= AN_RTR_HTTP_HDR;
3496 rep->rlim = rep->data + BUFSIZE - MAXREWRITE; /* rewrite needed */
3497 t->txn.rsp.msg_state = HTTP_MSG_RPBEFORE;
3498 /* reset hdr_idx which was already initialized by the request.
3499 * right now, the http parser does it.
3500 * hdr_idx_init(&t->txn.hdr_idx);
3501 */
3502 }
3503 req->cex = TICK_ETERNITY;
3504 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003505 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003506 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003507 else if (t->srv_state == SV_STDATA) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02003508 /* read or write error */
Willy Tarreau461f6622008-08-15 23:43:19 +02003509 /* FIXME: what happens when we have to deal with HTTP ??? */
Willy Tarreau0f9f5052006-07-29 17:39:25 +02003510 if (req->flags & BF_WRITE_ERROR || rep->flags & BF_READ_ERROR) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003511 buffer_shutr(rep);
3512 buffer_shutw(req);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003513 fd_delete(t->srv_fd);
3514 if (t->srv) {
3515 t->srv->cur_sess--;
3516 t->srv->failed_resp++;
Willy Tarreau7c669d72008-06-20 15:04:11 +02003517 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003518 }
Willy Tarreau73de9892006-11-30 11:40:23 +01003519 t->be->failed_resp++;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003520 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003521 trace_term(t, TT_HTTP_SRV_6);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003522 if (!(t->flags & SN_ERR_MASK))
3523 t->flags |= SN_ERR_SRVCL;
3524 if (!(t->flags & SN_FINST_MASK))
3525 t->flags |= SN_FINST_D;
Willy Tarreau461f6622008-08-15 23:43:19 +02003526
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003527 if (may_dequeue_tasks(t->srv, t->be))
Willy Tarreau7c669d72008-06-20 15:04:11 +02003528 process_srv_queue(t->srv);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003529
3530 return 1;
3531 }
3532 /* last read, or end of client write */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003533 else if (!(rep->flags & BF_SHUTR) && /* not already done */
3534 rep->flags & (BF_READ_NULL | BF_SHUTW)) {
3535 buffer_shutr(rep);
3536 if (!(req->flags & BF_SHUTW)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003537 EV_FD_CLR(t->srv_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003538 trace_term(t, TT_HTTP_SRV_7);
Willy Tarreau461f6622008-08-15 23:43:19 +02003539 } else {
3540 /* output was already closed */
3541 fd_delete(t->srv_fd);
3542 if (t->srv) {
3543 t->srv->cur_sess--;
3544 sess_change_server(t, NULL);
3545 }
3546 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003547 trace_term(t, TT_HTTP_SRV_8);
Willy Tarreau461f6622008-08-15 23:43:19 +02003548
3549 if (may_dequeue_tasks(t->srv, t->be))
3550 process_srv_queue(t->srv);
3551 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003552 return 1;
3553 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003554 /* end of client read and no more data to send. We can forward
3555 * the close when we're allowed to forward data (anytime right
3556 * now). If we're using option forceclose, then we may also
3557 * shutdown the outgoing write channel once the response starts
3558 * coming from the server.
3559 */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003560 else if (!(req->flags & BF_SHUTW) && /* not already done */
Willy Tarreau461f6622008-08-15 23:43:19 +02003561 req->l == 0 && req->flags & BF_MAY_FORWARD &&
Willy Tarreauba392ce2008-08-16 21:13:23 +02003562 (req->flags & BF_SHUTR ||
Willy Tarreau461f6622008-08-15 23:43:19 +02003563 (t->be->options & PR_O_FORCE_CLO && rep->flags & BF_READ_STATUS))) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003564 buffer_shutw(req);
3565 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003566 EV_FD_CLR(t->srv_fd, DIR_WR);
3567 shutdown(t->srv_fd, SHUT_WR);
Willy Tarreauf8533202008-08-16 14:55:08 +02003568 trace_term(t, TT_HTTP_SRV_9);
Willy Tarreau461f6622008-08-15 23:43:19 +02003569 /* We must ensure that the read part is still alive when switching to shutw */
3570 /* FIXME: is this still true ? */
3571 EV_FD_SET(t->srv_fd, DIR_RD);
3572 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau461f6622008-08-15 23:43:19 +02003573 } else {
3574 fd_delete(t->srv_fd);
3575 if (t->srv) {
3576 t->srv->cur_sess--;
3577 sess_change_server(t, NULL);
3578 }
3579 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003580 trace_term(t, TT_HTTP_SRV_10);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003581
Willy Tarreau461f6622008-08-15 23:43:19 +02003582 if (may_dequeue_tasks(t->srv, t->be))
3583 process_srv_queue(t->srv);
3584 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003585 return 1;
3586 }
3587 /* read timeout */
Willy Tarreau0c303ee2008-07-07 00:09:58 +02003588 else if (tick_is_expired(rep->rex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003589 buffer_shutr(rep);
Willy Tarreau461f6622008-08-15 23:43:19 +02003590 rep->flags |= BF_READ_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003591 if (!(req->flags & BF_SHUTW)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003592 EV_FD_CLR(t->srv_fd, DIR_RD);
Willy Tarreauf8533202008-08-16 14:55:08 +02003593 trace_term(t, TT_HTTP_SRV_11);
Willy Tarreau461f6622008-08-15 23:43:19 +02003594 } else {
3595 fd_delete(t->srv_fd);
3596 if (t->srv) {
3597 t->srv->cur_sess--;
3598 sess_change_server(t, NULL);
3599 }
3600 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003601 trace_term(t, TT_HTTP_SRV_12);
Willy Tarreau461f6622008-08-15 23:43:19 +02003602
3603 if (may_dequeue_tasks(t->srv, t->be))
3604 process_srv_queue(t->srv);
3605 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003606 if (!(t->flags & SN_ERR_MASK))
3607 t->flags |= SN_ERR_SRVTO;
3608 if (!(t->flags & SN_FINST_MASK))
3609 t->flags |= SN_FINST_D;
3610 return 1;
3611 }
3612 /* write timeout */
Willy Tarreau0c303ee2008-07-07 00:09:58 +02003613 else if (tick_is_expired(req->wex, now_ms)) {
Willy Tarreauba392ce2008-08-16 21:13:23 +02003614 buffer_shutw(req);
Willy Tarreau461f6622008-08-15 23:43:19 +02003615 req->flags |= BF_WRITE_TIMEOUT;
Willy Tarreauba392ce2008-08-16 21:13:23 +02003616 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003617 EV_FD_CLR(t->srv_fd, DIR_WR);
3618 shutdown(t->srv_fd, SHUT_WR);
Willy Tarreauf8533202008-08-16 14:55:08 +02003619 trace_term(t, TT_HTTP_SRV_13);
Willy Tarreau461f6622008-08-15 23:43:19 +02003620 /* We must ensure that the read part is still alive when switching to shutw */
3621 /* FIXME: is this still needed ? */
3622 EV_FD_SET(t->srv_fd, DIR_RD);
3623 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau461f6622008-08-15 23:43:19 +02003624 } else {
3625 fd_delete(t->srv_fd);
3626 if (t->srv) {
3627 t->srv->cur_sess--;
3628 sess_change_server(t, NULL);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003629 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003630 t->srv_state = SV_STCLOSE;
Willy Tarreauf8533202008-08-16 14:55:08 +02003631 trace_term(t, TT_HTTP_SRV_14);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003632
Willy Tarreau461f6622008-08-15 23:43:19 +02003633 if (may_dequeue_tasks(t->srv, t->be))
3634 process_srv_queue(t->srv);
Willy Tarreau51406232008-03-10 22:04:20 +01003635 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003636 if (!(t->flags & SN_ERR_MASK))
3637 t->flags |= SN_ERR_SRVTO;
3638 if (!(t->flags & SN_FINST_MASK))
3639 t->flags |= SN_FINST_D;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003640 return 1;
3641 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003642
Willy Tarreau461f6622008-08-15 23:43:19 +02003643 /* manage read timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003644 if (!(rep->flags & BF_SHUTR)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003645 if (rep->l >= rep->rlim - rep->data) {
3646 if (EV_FD_COND_C(t->srv_fd, DIR_RD))
3647 rep->rex = TICK_ETERNITY;
3648 } else {
3649 EV_FD_COND_S(t->srv_fd, DIR_RD);
3650 rep->rex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreau51406232008-03-10 22:04:20 +01003651 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003652 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003653
Willy Tarreau461f6622008-08-15 23:43:19 +02003654 /* manage write timeout */
Willy Tarreauba392ce2008-08-16 21:13:23 +02003655 if (!(req->flags & BF_SHUTW)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003656 if (req->l == 0 || !(req->flags & BF_MAY_FORWARD)) {
3657 /* stop writing */
3658 if (EV_FD_COND_C(t->srv_fd, DIR_WR))
3659 req->wex = TICK_ETERNITY;
3660 } else {
3661 /* buffer not empty, there are still data to be transferred */
3662 EV_FD_COND_S(t->srv_fd, DIR_WR);
3663 if (!tick_isset(req->wex)) {
3664 /* restart writing */
3665 req->wex = tick_add_ifset(now_ms, t->be->timeout.server);
Willy Tarreauba392ce2008-08-16 21:13:23 +02003666 if (!(rep->flags & BF_SHUTR) && tick_isset(req->wex) && tick_isset(rep->rex)) {
Willy Tarreau461f6622008-08-15 23:43:19 +02003667 /* FIXME: to prevent the server from expiring read timeouts during writes,
3668 * we refresh it, except if it was already infinite.
3669 */
3670 rep->rex = req->wex;
3671 }
3672 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003673 }
3674 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003675 return 0; /* other cases change nothing */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003676 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003677 else if (t->srv_state == SV_STCLOSE) { /* SV_STCLOSE : nothing to do */
Willy Tarreaubaaee002006-06-26 02:48:02 +02003678 if ((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))) {
3679 int len;
Willy Tarreaua15645d2007-03-18 16:22:39 +01003680 len = sprintf(trash, "%08x:%s.srvcls[%04x:%04x]\n",
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003681 t->uniq_id, t->be->id, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
Willy Tarreaubaaee002006-06-26 02:48:02 +02003682 write(1, trash, len);
3683 }
3684 return 0;
3685 }
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003686#ifdef DEBUG_FULL
3687 else {
3688 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, t->srv_state);
3689 exit(1);
3690 }
3691#endif
Willy Tarreaubaaee002006-06-26 02:48:02 +02003692 return 0;
3693}
3694
3695
3696/*
3697 * Produces data for the session <s> depending on its source. Expects to be
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003698 * called with client socket shut down on input. Right now, only statistics can
3699 * be produced. It stops by itself by unsetting the SN_SELF_GEN flag from the
Willy Tarreaubaaee002006-06-26 02:48:02 +02003700 * session, which it uses to keep on being called when there is free space in
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003701 * the buffer, or simply by letting an empty buffer upon return. It returns 1
Willy Tarreau1ae3a052008-08-16 10:56:30 +02003702 * when it wants to stop sending data, otherwise 0.
Willy Tarreaubaaee002006-06-26 02:48:02 +02003703 */
3704int produce_content(struct session *s)
3705{
Willy Tarreaubaaee002006-06-26 02:48:02 +02003706 if (s->data_source == DATA_SRC_NONE) {
3707 s->flags &= ~SN_SELF_GEN;
3708 return 1;
3709 }
3710 else if (s->data_source == DATA_SRC_STATS) {
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003711 /* dump server statistics */
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01003712 int ret = stats_dump_http(s, s->be->uri_auth);
Willy Tarreau91861262007-10-17 17:06:05 +02003713 if (ret >= 0)
3714 return ret;
3715 /* -1 indicates an error */
Willy Tarreauc0dde7a2007-01-01 21:38:07 +01003716 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003717
Willy Tarreau91861262007-10-17 17:06:05 +02003718 /* unknown data source or internal error */
3719 s->txn.status = 500;
3720 client_retnclose(s, error_message(s, HTTP_ERR_500));
Willy Tarreauf8533202008-08-16 14:55:08 +02003721 trace_term(s, TT_HTTP_CNT_1);
Willy Tarreau91861262007-10-17 17:06:05 +02003722 if (!(s->flags & SN_ERR_MASK))
3723 s->flags |= SN_ERR_PRXCOND;
3724 if (!(s->flags & SN_FINST_MASK))
3725 s->flags |= SN_FINST_R;
3726 s->flags &= ~SN_SELF_GEN;
3727 return 1;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003728}
3729
3730
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003731/* Iterate the same filter through all request headers.
3732 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003733 * Since it can manage the switch to another backend, it updates the per-proxy
3734 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003735 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003736int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01003737{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003738 char term;
3739 char *cur_ptr, *cur_end, *cur_next;
3740 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003741 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003742 struct hdr_idx_elem *cur_hdr;
3743 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01003744
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003745 last_hdr = 0;
3746
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003747 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003748 old_idx = 0;
3749
3750 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01003751 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003752 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01003753 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003754 (exp->action == ACT_ALLOW ||
3755 exp->action == ACT_DENY ||
3756 exp->action == ACT_TARPIT))
3757 return 0;
3758
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003759 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003760 if (!cur_idx)
3761 break;
3762
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003763 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003764 cur_ptr = cur_next;
3765 cur_end = cur_ptr + cur_hdr->len;
3766 cur_next = cur_end + cur_hdr->cr + 1;
3767
3768 /* Now we have one header between cur_ptr and cur_end,
3769 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003770 */
3771
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003772 /* The annoying part is that pattern matching needs
3773 * that we modify the contents to null-terminate all
3774 * strings before testing them.
3775 */
3776
3777 term = *cur_end;
3778 *cur_end = '\0';
3779
3780 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
3781 switch (exp->action) {
3782 case ACT_SETBE:
3783 /* It is not possible to jump a second time.
3784 * FIXME: should we return an HTTP/500 here so that
3785 * the admin knows there's a problem ?
3786 */
3787 if (t->be != t->fe)
3788 break;
3789
3790 /* Swithing Proxy */
3791 t->be = (struct proxy *) exp->replace;
3792
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003793 /* right now, the backend switch is not overly complicated
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003794 * because we have associated req_cap and rsp_cap to the
3795 * frontend, and the beconn will be updated later.
3796 */
3797
Willy Tarreaud7c30f92007-12-03 01:38:36 +01003798 t->rep->rto = t->req->wto = t->be->timeout.server;
3799 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003800 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003801 last_hdr = 1;
3802 break;
3803
3804 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01003805 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003806 last_hdr = 1;
3807 break;
3808
3809 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01003810 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003811 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003812 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003813 break;
3814
3815 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01003816 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003817 last_hdr = 1;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003818 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003819 break;
3820
3821 case ACT_REPLACE:
3822 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
3823 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
3824 /* FIXME: if the user adds a newline in the replacement, the
3825 * index will not be recalculated for now, and the new line
3826 * will not be counted as a new header.
3827 */
3828
3829 cur_end += delta;
3830 cur_next += delta;
3831 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003832 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003833 break;
3834
3835 case ACT_REMOVE:
3836 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
3837 cur_next += delta;
3838
3839 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003840 txn->req.eoh += delta;
3841 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
3842 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003843 cur_hdr->len = 0;
3844 cur_end = NULL; /* null-term has been rewritten */
3845 break;
3846
3847 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003848 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003849 if (cur_end)
3850 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01003851
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003852 /* keep the link from this header to next one in case of later
3853 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003854 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003855 old_idx = cur_idx;
3856 }
3857 return 0;
3858}
3859
3860
3861/* Apply the filter to the request line.
3862 * Returns 0 if nothing has been done, 1 if the filter has been applied,
3863 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01003864 * Since it can manage the switch to another backend, it updates the per-proxy
3865 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003866 */
3867int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
3868{
3869 char term;
3870 char *cur_ptr, *cur_end;
3871 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003872 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003873 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003874
Willy Tarreau58f10d72006-12-04 02:26:12 +01003875
Willy Tarreau3d300592007-03-18 18:34:41 +01003876 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003877 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01003878 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003879 (exp->action == ACT_ALLOW ||
3880 exp->action == ACT_DENY ||
3881 exp->action == ACT_TARPIT))
3882 return 0;
3883 else if (exp->action == ACT_REMOVE)
3884 return 0;
3885
3886 done = 0;
3887
Willy Tarreau9cdde232007-05-02 20:58:19 +02003888 cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003889 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003890
3891 /* Now we have the request line between cur_ptr and cur_end */
3892
3893 /* The annoying part is that pattern matching needs
3894 * that we modify the contents to null-terminate all
3895 * strings before testing them.
3896 */
3897
3898 term = *cur_end;
3899 *cur_end = '\0';
3900
3901 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
3902 switch (exp->action) {
3903 case ACT_SETBE:
3904 /* It is not possible to jump a second time.
3905 * FIXME: should we return an HTTP/500 here so that
3906 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01003907 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003908 if (t->be != t->fe)
3909 break;
3910
3911 /* Swithing Proxy */
3912 t->be = (struct proxy *) exp->replace;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003913
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003914 /* right now, the backend switch is not too much complicated
3915 * because we have associated req_cap and rsp_cap to the
3916 * frontend, and the beconn will be updated later.
Willy Tarreau58f10d72006-12-04 02:26:12 +01003917 */
3918
Willy Tarreaud7c30f92007-12-03 01:38:36 +01003919 t->rep->rto = t->req->wto = t->be->timeout.server;
3920 t->req->cto = t->be->timeout.connect;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003921 t->conn_retries = t->be->conn_retries;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003922 done = 1;
3923 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003924
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003925 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01003926 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003927 done = 1;
3928 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01003929
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003930 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01003931 txn->flags |= TX_CLDENY;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003932 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003933 done = 1;
3934 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01003935
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003936 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01003937 txn->flags |= TX_CLTARPIT;
Willy Tarreaue2e27a52007-04-01 00:01:37 +02003938 t->be->denied_req++;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003939 done = 1;
3940 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01003941
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003942 case ACT_REPLACE:
3943 *cur_end = term; /* restore the string terminator */
3944 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
3945 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
3946 /* FIXME: if the user adds a newline in the replacement, the
3947 * index will not be recalculated for now, and the new line
3948 * will not be counted as a new header.
3949 */
Willy Tarreaua496b602006-12-17 23:15:24 +01003950
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003951 txn->req.eoh += delta;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003952 cur_end += delta;
Willy Tarreaua496b602006-12-17 23:15:24 +01003953
Willy Tarreau9cdde232007-05-02 20:58:19 +02003954 txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003955 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003956 HTTP_MSG_RQMETH,
3957 cur_ptr, cur_end + 1,
3958 NULL, NULL);
3959 if (unlikely(!cur_end))
3960 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01003961
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003962 /* we have a full request and we know that we have either a CR
3963 * or an LF at <ptr>.
3964 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01003965 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
3966 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003967 /* there is no point trying this regex on headers */
3968 return 1;
3969 }
3970 }
3971 *cur_end = term; /* restore the string terminator */
3972 return done;
3973}
Willy Tarreau97de6242006-12-27 17:18:38 +01003974
Willy Tarreau58f10d72006-12-04 02:26:12 +01003975
Willy Tarreau58f10d72006-12-04 02:26:12 +01003976
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003977/*
3978 * Apply all the req filters <exp> to all headers in buffer <req> of session <t>.
3979 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01003980 * unparsable request. Since it can manage the switch to another backend, it
3981 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003982 */
3983int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
3984{
Willy Tarreau3d300592007-03-18 18:34:41 +01003985 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003986 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01003987 while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003988 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003989
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003990 /*
3991 * The interleaving of transformations and verdicts
3992 * makes it difficult to decide to continue or stop
3993 * the evaluation.
3994 */
3995
Willy Tarreau3d300592007-03-18 18:34:41 +01003996 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01003997 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
3998 exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
3999 exp = exp->next;
4000 continue;
4001 }
4002
4003 /* Apply the filter to the request line. */
4004 ret = apply_filter_to_req_line(t, req, exp);
4005 if (unlikely(ret < 0))
4006 return -1;
4007
4008 if (likely(ret == 0)) {
4009 /* The filter did not match the request, it can be
4010 * iterated through all headers.
4011 */
4012 apply_filter_to_req_headers(t, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004013 }
4014 exp = exp->next;
4015 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004016 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004017}
4018
4019
Willy Tarreaua15645d2007-03-18 16:22:39 +01004020
Willy Tarreau58f10d72006-12-04 02:26:12 +01004021/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004022 * Manage client-side cookie. It can impact performance by about 2% so it is
4023 * desirable to call it only when needed.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004024 */
4025void manage_client_side_cookies(struct session *t, struct buffer *req)
4026{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004027 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004028 char *p1, *p2, *p3, *p4;
4029 char *del_colon, *del_cookie, *colon;
4030 int app_cookies;
4031
4032 appsess *asession_temp = NULL;
4033 appsess local_asession;
4034
4035 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004036 int cur_idx, old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004037
Willy Tarreau2a324282006-12-05 00:05:46 +01004038 /* Iterate through the headers.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004039 * we start with the start line.
4040 */
Willy Tarreau83969f42007-01-22 08:55:47 +01004041 old_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004042 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004043
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004044 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004045 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004046 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004047
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004048 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau58f10d72006-12-04 02:26:12 +01004049 cur_ptr = cur_next;
4050 cur_end = cur_ptr + cur_hdr->len;
4051 cur_next = cur_end + cur_hdr->cr + 1;
4052
4053 /* We have one full header between cur_ptr and cur_end, and the
4054 * next header starts at cur_next. We're only interested in
4055 * "Cookie:" headers.
4056 */
4057
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004058 val = http_header_match2(cur_ptr, cur_end, "Cookie", 6);
4059 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004060 old_idx = cur_idx;
4061 continue;
4062 }
4063
4064 /* Now look for cookies. Conforming to RFC2109, we have to support
4065 * attributes whose name begin with a '$', and associate them with
4066 * the right cookie, if we want to delete this cookie.
4067 * So there are 3 cases for each cookie read :
4068 * 1) it's a special attribute, beginning with a '$' : ignore it.
4069 * 2) it's a server id cookie that we *MAY* want to delete : save
4070 * some pointers on it (last semi-colon, beginning of cookie...)
4071 * 3) it's an application cookie : we *MAY* have to delete a previous
4072 * "special" cookie.
4073 * At the end of loop, if a "special" cookie remains, we may have to
4074 * remove it. If no application cookie persists in the header, we
4075 * *MUST* delete it
4076 */
4077
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004078 colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004079
Willy Tarreau58f10d72006-12-04 02:26:12 +01004080 /* del_cookie == NULL => nothing to be deleted */
4081 del_colon = del_cookie = NULL;
4082 app_cookies = 0;
4083
4084 while (p1 < cur_end) {
4085 /* skip spaces and colons, but keep an eye on these ones */
4086 while (p1 < cur_end) {
4087 if (*p1 == ';' || *p1 == ',')
4088 colon = p1;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004089 else if (!isspace((unsigned char)*p1))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004090 break;
4091 p1++;
4092 }
4093
4094 if (p1 == cur_end)
4095 break;
4096
4097 /* p1 is at the beginning of the cookie name */
4098 p2 = p1;
4099 while (p2 < cur_end && *p2 != '=')
4100 p2++;
4101
4102 if (p2 == cur_end)
4103 break;
4104
4105 p3 = p2 + 1; /* skips the '=' sign */
4106 if (p3 == cur_end)
4107 break;
4108
4109 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004110 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';' && *p4 != ',')
Willy Tarreau58f10d72006-12-04 02:26:12 +01004111 p4++;
4112
4113 /* here, we have the cookie name between p1 and p2,
4114 * and its value between p3 and p4.
4115 * we can process it :
4116 *
4117 * Cookie: NAME=VALUE;
4118 * | || || |
4119 * | || || +--> p4
4120 * | || |+-------> p3
4121 * | || +--------> p2
4122 * | |+------------> p1
4123 * | +-------------> colon
4124 * +--------------------> cur_ptr
4125 */
4126
4127 if (*p1 == '$') {
4128 /* skip this one */
4129 }
4130 else {
4131 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004132 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004133 txn->cli_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004134 (p4 - p1 >= t->fe->capture_namelen) &&
4135 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004136 int log_len = p4 - p1;
4137
Willy Tarreau086b3b42007-05-13 21:45:51 +02004138 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004139 Alert("HTTP logging : out of memory.\n");
4140 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004141 if (log_len > t->fe->capture_len)
4142 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004143 memcpy(txn->cli_cookie, p1, log_len);
4144 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004145 }
4146 }
4147
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004148 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4149 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004150 /* Cool... it's the right one */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004151 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004152 char *delim;
4153
4154 /* if we're in cookie prefix mode, we'll search the delimitor so that we
4155 * have the server ID betweek p3 and delim, and the original cookie between
4156 * delim+1 and p4. Otherwise, delim==p4 :
4157 *
4158 * Cookie: NAME=SRV~VALUE;
4159 * | || || | |
4160 * | || || | +--> p4
4161 * | || || +--------> delim
4162 * | || |+-----------> p3
4163 * | || +------------> p2
4164 * | |+----------------> p1
4165 * | +-----------------> colon
4166 * +------------------------> cur_ptr
4167 */
4168
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004169 if (t->be->options & PR_O_COOK_PFX) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004170 for (delim = p3; delim < p4; delim++)
4171 if (*delim == COOKIE_DELIM)
4172 break;
4173 }
4174 else
4175 delim = p4;
4176
4177
4178 /* Here, we'll look for the first running server which supports the cookie.
4179 * This allows to share a same cookie between several servers, for example
4180 * to dedicate backup servers to specific servers only.
4181 * However, to prevent clients from sticking to cookie-less backup server
4182 * when they have incidentely learned an empty cookie, we simply ignore
4183 * empty cookies and mark them as invalid.
4184 */
4185 if (delim == p3)
4186 srv = NULL;
4187
4188 while (srv) {
Willy Tarreau92f2ab12007-02-02 22:14:47 +01004189 if (srv->cookie && (srv->cklen == delim - p3) &&
4190 !memcmp(p3, srv->cookie, delim - p3)) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004191 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004192 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004193 txn->flags &= ~TX_CK_MASK;
4194 txn->flags |= TX_CK_VALID;
4195 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004196 t->srv = srv;
4197 break;
4198 } else {
4199 /* we found a server, but it's down */
Willy Tarreau3d300592007-03-18 18:34:41 +01004200 txn->flags &= ~TX_CK_MASK;
4201 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004202 }
4203 }
4204 srv = srv->next;
4205 }
4206
Willy Tarreau3d300592007-03-18 18:34:41 +01004207 if (!srv && !(txn->flags & TX_CK_DOWN)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004208 /* no server matched this cookie */
Willy Tarreau3d300592007-03-18 18:34:41 +01004209 txn->flags &= ~TX_CK_MASK;
4210 txn->flags |= TX_CK_INVALID;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004211 }
4212
4213 /* depending on the cookie mode, we may have to either :
4214 * - delete the complete cookie if we're in insert+indirect mode, so that
4215 * the server never sees it ;
4216 * - remove the server id from the cookie value, and tag the cookie as an
4217 * application cookie so that it does not get accidentely removed later,
4218 * if we're in cookie prefix mode
4219 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004220 if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004221 int delta; /* negative */
4222
4223 delta = buffer_replace2(req, p3, delim + 1, NULL, 0);
4224 p4 += delta;
4225 cur_end += delta;
4226 cur_next += delta;
4227 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004228 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004229
4230 del_cookie = del_colon = NULL;
4231 app_cookies++; /* protect the header from deletion */
4232 }
4233 else if (del_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004234 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004235 del_cookie = p1;
4236 del_colon = colon;
4237 }
4238 } else {
4239 /* now we know that we must keep this cookie since it's
4240 * not ours. But if we wanted to delete our cookie
4241 * earlier, we cannot remove the complete header, but we
4242 * can remove the previous block itself.
4243 */
4244 app_cookies++;
4245
4246 if (del_cookie != NULL) {
4247 int delta; /* negative */
4248
4249 delta = buffer_replace2(req, del_cookie, p1, NULL, 0);
4250 p4 += delta;
4251 cur_end += delta;
4252 cur_next += delta;
4253 cur_hdr->len += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004254 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004255 del_cookie = del_colon = NULL;
4256 }
4257 }
4258
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004259 if ((t->be->appsession_name != NULL) &&
4260 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004261 /* first, let's see if the cookie is our appcookie*/
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004262
Willy Tarreau58f10d72006-12-04 02:26:12 +01004263 /* Cool... it's the right one */
4264
4265 asession_temp = &local_asession;
4266
Willy Tarreau63963c62007-05-13 21:29:55 +02004267 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004268 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4269 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4270 return;
4271 }
4272
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004273 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4274 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004275 asession_temp->serverid = NULL;
Willy Tarreau51041c72007-09-09 21:56:53 +02004276
Willy Tarreau58f10d72006-12-04 02:26:12 +01004277 /* only do insert, if lookup fails */
Willy Tarreau51041c72007-09-09 21:56:53 +02004278 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4279 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004280 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004281 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004282 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004283 Alert("Not enough memory process_cli():asession:calloc().\n");
4284 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4285 return;
4286 }
4287
4288 asession_temp->sessid = local_asession.sessid;
4289 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004290 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004291 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004292 } else {
4293 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004294 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004295 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004296 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004297 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004298 Alert("Found Application Session without matching server.\n");
4299 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004300 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004301 while (srv) {
4302 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004303 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004304 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004305 txn->flags &= ~TX_CK_MASK;
4306 txn->flags |= TX_CK_VALID;
4307 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004308 t->srv = srv;
4309 break;
4310 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01004311 txn->flags &= ~TX_CK_MASK;
4312 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004313 }
4314 }
4315 srv = srv->next;
4316 }/* end while(srv) */
4317 }/* end else if server == NULL */
4318
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004319 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004320 asession_temp->request_count++;
4321#if defined(DEBUG_HASH)
4322 Alert("manage_client_side_cookies\n");
4323 appsession_hash_dump(&(t->be->htbl_proxy));
4324#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01004325 }/* end if ((t->proxy->appsession_name != NULL) ... */
4326 }
4327
4328 /* we'll have to look for another cookie ... */
4329 p1 = p4;
4330 } /* while (p1 < cur_end) */
4331
4332 /* There's no more cookie on this line.
4333 * We may have marked the last one(s) for deletion.
4334 * We must do this now in two ways :
4335 * - if there is no app cookie, we simply delete the header ;
4336 * - if there are app cookies, we must delete the end of the
4337 * string properly, including the colon/semi-colon before
4338 * the cookie name.
4339 */
4340 if (del_cookie != NULL) {
4341 int delta;
4342 if (app_cookies) {
4343 delta = buffer_replace2(req, del_colon, cur_end, NULL, 0);
4344 cur_end = del_colon;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004345 cur_hdr->len += delta;
4346 } else {
4347 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004348
4349 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004350 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4351 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004352 cur_hdr->len = 0;
4353 }
Willy Tarreau45e73e32006-12-17 00:05:15 +01004354 cur_next += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004355 txn->req.eoh += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004356 }
4357
4358 /* keep the link from this header to next one */
4359 old_idx = cur_idx;
4360 } /* end of cookie processing on this header */
4361}
4362
4363
Willy Tarreaua15645d2007-03-18 16:22:39 +01004364/* Iterate the same filter through all response headers contained in <rtr>.
4365 * Returns 1 if this filter can be stopped upon return, otherwise 0.
4366 */
4367int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4368{
4369 char term;
4370 char *cur_ptr, *cur_end, *cur_next;
4371 int cur_idx, old_idx, last_hdr;
4372 struct http_txn *txn = &t->txn;
4373 struct hdr_idx_elem *cur_hdr;
4374 int len, delta;
4375
4376 last_hdr = 0;
4377
4378 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4379 old_idx = 0;
4380
4381 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004382 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004383 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004384 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004385 (exp->action == ACT_ALLOW ||
4386 exp->action == ACT_DENY))
4387 return 0;
4388
4389 cur_idx = txn->hdr_idx.v[old_idx].next;
4390 if (!cur_idx)
4391 break;
4392
4393 cur_hdr = &txn->hdr_idx.v[cur_idx];
4394 cur_ptr = cur_next;
4395 cur_end = cur_ptr + cur_hdr->len;
4396 cur_next = cur_end + cur_hdr->cr + 1;
4397
4398 /* Now we have one header between cur_ptr and cur_end,
4399 * and the next header starts at cur_next.
4400 */
4401
4402 /* The annoying part is that pattern matching needs
4403 * that we modify the contents to null-terminate all
4404 * strings before testing them.
4405 */
4406
4407 term = *cur_end;
4408 *cur_end = '\0';
4409
4410 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4411 switch (exp->action) {
4412 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004413 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004414 last_hdr = 1;
4415 break;
4416
4417 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004418 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004419 last_hdr = 1;
4420 break;
4421
4422 case ACT_REPLACE:
4423 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4424 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4425 /* FIXME: if the user adds a newline in the replacement, the
4426 * index will not be recalculated for now, and the new line
4427 * will not be counted as a new header.
4428 */
4429
4430 cur_end += delta;
4431 cur_next += delta;
4432 cur_hdr->len += delta;
4433 txn->rsp.eoh += delta;
4434 break;
4435
4436 case ACT_REMOVE:
4437 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4438 cur_next += delta;
4439
4440 /* FIXME: this should be a separate function */
4441 txn->rsp.eoh += delta;
4442 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4443 txn->hdr_idx.used--;
4444 cur_hdr->len = 0;
4445 cur_end = NULL; /* null-term has been rewritten */
4446 break;
4447
4448 }
4449 }
4450 if (cur_end)
4451 *cur_end = term; /* restore the string terminator */
4452
4453 /* keep the link from this header to next one in case of later
4454 * removal of next header.
4455 */
4456 old_idx = cur_idx;
4457 }
4458 return 0;
4459}
4460
4461
4462/* Apply the filter to the status line in the response buffer <rtr>.
4463 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4464 * or -1 if a replacement resulted in an invalid status line.
4465 */
4466int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4467{
4468 char term;
4469 char *cur_ptr, *cur_end;
4470 int done;
4471 struct http_txn *txn = &t->txn;
4472 int len, delta;
4473
4474
Willy Tarreau3d300592007-03-18 18:34:41 +01004475 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004476 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004477 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004478 (exp->action == ACT_ALLOW ||
4479 exp->action == ACT_DENY))
4480 return 0;
4481 else if (exp->action == ACT_REMOVE)
4482 return 0;
4483
4484 done = 0;
4485
Willy Tarreau9cdde232007-05-02 20:58:19 +02004486 cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004487 cur_end = cur_ptr + txn->rsp.sl.rq.l;
4488
4489 /* Now we have the status line between cur_ptr and cur_end */
4490
4491 /* The annoying part is that pattern matching needs
4492 * that we modify the contents to null-terminate all
4493 * strings before testing them.
4494 */
4495
4496 term = *cur_end;
4497 *cur_end = '\0';
4498
4499 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4500 switch (exp->action) {
4501 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004502 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004503 done = 1;
4504 break;
4505
4506 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004507 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004508 done = 1;
4509 break;
4510
4511 case ACT_REPLACE:
4512 *cur_end = term; /* restore the string terminator */
4513 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4514 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
4515 /* FIXME: if the user adds a newline in the replacement, the
4516 * index will not be recalculated for now, and the new line
4517 * will not be counted as a new header.
4518 */
4519
4520 txn->rsp.eoh += delta;
4521 cur_end += delta;
4522
Willy Tarreau9cdde232007-05-02 20:58:19 +02004523 txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004524 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02004525 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01004526 cur_ptr, cur_end + 1,
4527 NULL, NULL);
4528 if (unlikely(!cur_end))
4529 return -1;
4530
4531 /* we have a full respnse and we know that we have either a CR
4532 * or an LF at <ptr>.
4533 */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004534 txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004535 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r');
4536 /* there is no point trying this regex on headers */
4537 return 1;
4538 }
4539 }
4540 *cur_end = term; /* restore the string terminator */
4541 return done;
4542}
4543
4544
4545
4546/*
4547 * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>.
4548 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
4549 * unparsable response.
4550 */
4551int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
4552{
Willy Tarreau3d300592007-03-18 18:34:41 +01004553 struct http_txn *txn = &t->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004554 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004555 while (exp && !(txn->flags & TX_SVDENY)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004556 int ret;
4557
4558 /*
4559 * The interleaving of transformations and verdicts
4560 * makes it difficult to decide to continue or stop
4561 * the evaluation.
4562 */
4563
Willy Tarreau3d300592007-03-18 18:34:41 +01004564 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01004565 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4566 exp->action == ACT_PASS)) {
4567 exp = exp->next;
4568 continue;
4569 }
4570
4571 /* Apply the filter to the status line. */
4572 ret = apply_filter_to_sts_line(t, rtr, exp);
4573 if (unlikely(ret < 0))
4574 return -1;
4575
4576 if (likely(ret == 0)) {
4577 /* The filter did not match the response, it can be
4578 * iterated through all headers.
4579 */
4580 apply_filter_to_resp_headers(t, rtr, exp);
4581 }
4582 exp = exp->next;
4583 }
4584 return 0;
4585}
4586
4587
4588
4589/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004590 * Manage server-side cookies. It can impact performance by about 2% so it is
4591 * desirable to call it only when needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004592 */
4593void manage_server_side_cookies(struct session *t, struct buffer *rtr)
4594{
4595 struct http_txn *txn = &t->txn;
4596 char *p1, *p2, *p3, *p4;
4597
4598 appsess *asession_temp = NULL;
4599 appsess local_asession;
4600
4601 char *cur_ptr, *cur_end, *cur_next;
4602 int cur_idx, old_idx, delta;
4603
Willy Tarreaua15645d2007-03-18 16:22:39 +01004604 /* Iterate through the headers.
4605 * we start with the start line.
4606 */
4607 old_idx = 0;
4608 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4609
4610 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
4611 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004612 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004613
4614 cur_hdr = &txn->hdr_idx.v[cur_idx];
4615 cur_ptr = cur_next;
4616 cur_end = cur_ptr + cur_hdr->len;
4617 cur_next = cur_end + cur_hdr->cr + 1;
4618
4619 /* We have one full header between cur_ptr and cur_end, and the
4620 * next header starts at cur_next. We're only interested in
4621 * "Cookie:" headers.
4622 */
4623
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004624 val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10);
4625 if (!val) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004626 old_idx = cur_idx;
4627 continue;
4628 }
4629
4630 /* OK, right now we know we have a set-cookie at cur_ptr */
Willy Tarreau3d300592007-03-18 18:34:41 +01004631 txn->flags |= TX_SCK_ANY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004632
4633
4634 /* maybe we only wanted to see if there was a set-cookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004635 if (t->be->cookie_name == NULL &&
4636 t->be->appsession_name == NULL &&
4637 t->be->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004638 return;
4639
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004640 p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004641
4642 while (p1 < cur_end) { /* in fact, we'll break after the first cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004643 if (p1 == cur_end || *p1 == ';') /* end of cookie */
4644 break;
4645
4646 /* p1 is at the beginning of the cookie name */
4647 p2 = p1;
4648
4649 while (p2 < cur_end && *p2 != '=' && *p2 != ';')
4650 p2++;
4651
4652 if (p2 == cur_end || *p2 == ';') /* next cookie */
4653 break;
4654
4655 p3 = p2 + 1; /* skip the '=' sign */
4656 if (p3 == cur_end)
4657 break;
4658
4659 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004660 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';')
Willy Tarreaua15645d2007-03-18 16:22:39 +01004661 p4++;
4662
4663 /* here, we have the cookie name between p1 and p2,
4664 * and its value between p3 and p4.
4665 * we can process it.
4666 */
4667
4668 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004669 if (t->be->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004670 txn->srv_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004671 (p4 - p1 >= t->be->capture_namelen) &&
4672 memcmp(p1, t->be->capture_name, t->be->capture_namelen) == 0) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004673 int log_len = p4 - p1;
4674
Willy Tarreau086b3b42007-05-13 21:45:51 +02004675 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004676 Alert("HTTP logging : out of memory.\n");
4677 }
4678
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004679 if (log_len > t->be->capture_len)
4680 log_len = t->be->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01004681 memcpy(txn->srv_cookie, p1, log_len);
4682 txn->srv_cookie[log_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004683 }
4684
4685 /* now check if we need to process it for persistence */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004686 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
4687 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004688 /* Cool... it's the right one */
Willy Tarreau3d300592007-03-18 18:34:41 +01004689 txn->flags |= TX_SCK_SEEN;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004690
4691 /* If the cookie is in insert mode on a known server, we'll delete
4692 * this occurrence because we'll insert another one later.
4693 * We'll delete it too if the "indirect" option is set and we're in
4694 * a direct access. */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004695 if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
4696 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004697 /* this header must be deleted */
4698 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
4699 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4700 txn->hdr_idx.used--;
4701 cur_hdr->len = 0;
4702 cur_next += delta;
4703 txn->rsp.eoh += delta;
4704
Willy Tarreau3d300592007-03-18 18:34:41 +01004705 txn->flags |= TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004706 }
4707 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004708 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004709 /* replace bytes p3->p4 with the cookie name associated
4710 * with this server since we know it.
4711 */
4712 delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen);
4713 cur_hdr->len += delta;
4714 cur_next += delta;
4715 txn->rsp.eoh += delta;
4716
Willy Tarreau3d300592007-03-18 18:34:41 +01004717 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004718 }
4719 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004720 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004721 /* insert the cookie name associated with this server
4722 * before existing cookie, and insert a delimitor between them..
4723 */
4724 delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1);
4725 cur_hdr->len += delta;
4726 cur_next += delta;
4727 txn->rsp.eoh += delta;
4728
4729 p3[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreau3d300592007-03-18 18:34:41 +01004730 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004731 }
4732 }
4733 /* next, let's see if the cookie is our appcookie */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004734 else if ((t->be->appsession_name != NULL) &&
4735 (memcmp(p1, t->be->appsession_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004736
4737 /* Cool... it's the right one */
4738
4739 size_t server_id_len = strlen(t->srv->id) + 1;
4740 asession_temp = &local_asession;
4741
Willy Tarreau63963c62007-05-13 21:29:55 +02004742 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004743 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
4744 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
4745 return;
4746 }
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004747 memcpy(asession_temp->sessid, p3, t->be->appsession_len);
4748 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004749 asession_temp->serverid = NULL;
4750
4751 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01004752 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4753 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004754 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004755 Alert("Not enough Memory process_srv():asession:calloc().\n");
4756 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
4757 return;
4758 }
4759 asession_temp->sessid = local_asession.sessid;
4760 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004761 asession_temp->request_count = 0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004762 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
4763 } else {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004764 /* free wasted memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004765 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau51041c72007-09-09 21:56:53 +02004766 }
4767
Willy Tarreaua15645d2007-03-18 16:22:39 +01004768 if (asession_temp->serverid == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004769 if ((asession_temp->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01004770 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
4771 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
4772 return;
4773 }
4774 asession_temp->serverid[0] = '\0';
4775 }
4776
4777 if (asession_temp->serverid[0] == '\0')
4778 memcpy(asession_temp->serverid, t->srv->id, server_id_len);
4779
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004780 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004781 asession_temp->request_count++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004782#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004783 Alert("manage_server_side_cookies\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02004784 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreaua15645d2007-03-18 16:22:39 +01004785#endif
4786 }/* end if ((t->proxy->appsession_name != NULL) ... */
4787 break; /* we don't want to loop again since there cannot be another cookie on the same line */
4788 } /* we're now at the end of the cookie value */
4789
4790 /* keep the link from this header to next one */
4791 old_idx = cur_idx;
4792 } /* end of cookie processing on this header */
4793}
4794
4795
4796
4797/*
4798 * Check if response is cacheable or not. Updates t->flags.
4799 */
4800void check_response_for_cacheability(struct session *t, struct buffer *rtr)
4801{
4802 struct http_txn *txn = &t->txn;
4803 char *p1, *p2;
4804
4805 char *cur_ptr, *cur_end, *cur_next;
4806 int cur_idx;
4807
Willy Tarreau5df51872007-11-25 16:20:08 +01004808 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004809 return;
4810
4811 /* Iterate through the headers.
4812 * we start with the start line.
4813 */
4814 cur_idx = 0;
4815 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4816
4817 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
4818 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004819 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004820
4821 cur_hdr = &txn->hdr_idx.v[cur_idx];
4822 cur_ptr = cur_next;
4823 cur_end = cur_ptr + cur_hdr->len;
4824 cur_next = cur_end + cur_hdr->cr + 1;
4825
4826 /* We have one full header between cur_ptr and cur_end, and the
4827 * next header starts at cur_next. We're only interested in
4828 * "Cookie:" headers.
4829 */
4830
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004831 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
4832 if (val) {
4833 if ((cur_end - (cur_ptr + val) >= 8) &&
4834 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
4835 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
4836 return;
4837 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01004838 }
4839
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004840 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
4841 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01004842 continue;
4843
4844 /* OK, right now we know we have a cache-control header at cur_ptr */
4845
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004846 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004847
4848 if (p1 >= cur_end) /* no more info */
4849 continue;
4850
4851 /* p1 is at the beginning of the value */
4852 p2 = p1;
4853
Willy Tarreau8f8e6452007-06-17 21:51:38 +02004854 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01004855 p2++;
4856
4857 /* we have a complete value between p1 and p2 */
4858 if (p2 < cur_end && *p2 == '=') {
4859 /* we have something of the form no-cache="set-cookie" */
4860 if ((cur_end - p1 >= 21) &&
4861 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
4862 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01004863 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004864 continue;
4865 }
4866
4867 /* OK, so we know that either p2 points to the end of string or to a comma */
4868 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
4869 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
4870 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
4871 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004872 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004873 return;
4874 }
4875
4876 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004877 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004878 continue;
4879 }
4880 }
4881}
4882
4883
Willy Tarreau58f10d72006-12-04 02:26:12 +01004884/*
4885 * Try to retrieve a known appsession in the URI, then the associated server.
4886 * If the server is found, it's assigned to the session.
4887 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004888void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004889{
Willy Tarreau3d300592007-03-18 18:34:41 +01004890 struct http_txn *txn = &t->txn;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004891 appsess *asession_temp = NULL;
4892 appsess local_asession;
4893 char *request_line;
4894
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004895 if (t->be->appsession_name == NULL ||
Willy Tarreaub326fcc2007-03-03 13:54:32 +01004896 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST) ||
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004897 (request_line = memchr(begin, ';', len)) == NULL ||
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004898 ((1 + t->be->appsession_name_len + 1 + t->be->appsession_len) > (begin + len - request_line)))
Willy Tarreau58f10d72006-12-04 02:26:12 +01004899 return;
4900
4901 /* skip ';' */
4902 request_line++;
4903
4904 /* look if we have a jsessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004905 if (strncasecmp(request_line, t->be->appsession_name, t->be->appsession_name_len) != 0)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004906 return;
4907
4908 /* skip jsessionid= */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004909 request_line += t->be->appsession_name_len + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004910
4911 /* First try if we already have an appsession */
4912 asession_temp = &local_asession;
4913
Willy Tarreau63963c62007-05-13 21:29:55 +02004914 if ((asession_temp->sessid = pool_alloc2(apools.sessid)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004915 Alert("Not enough memory process_cli():asession_temp->sessid:calloc().\n");
4916 send_log(t->be, LOG_ALERT, "Not enough Memory process_cli():asession_temp->sessid:calloc().\n");
4917 return;
4918 }
4919
4920 /* Copy the sessionid */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004921 memcpy(asession_temp->sessid, request_line, t->be->appsession_len);
4922 asession_temp->sessid[t->be->appsession_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004923 asession_temp->serverid = NULL;
4924
4925 /* only do insert, if lookup fails */
Ryan Warnick6d0b1fa2008-02-17 11:24:35 +01004926 asession_temp = appsession_hash_lookup(&(t->be->htbl_proxy), asession_temp->sessid);
4927 if (asession_temp == NULL) {
Willy Tarreau63963c62007-05-13 21:29:55 +02004928 if ((asession_temp = pool_alloc2(pool2_appsess)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004929 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004930 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004931 Alert("Not enough memory process_cli():asession:calloc().\n");
4932 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession:calloc().\n");
4933 return;
4934 }
4935 asession_temp->sessid = local_asession.sessid;
4936 asession_temp->serverid = local_asession.serverid;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004937 asession_temp->request_count=0;
Willy Tarreau51041c72007-09-09 21:56:53 +02004938 appsession_hash_insert(&(t->be->htbl_proxy), asession_temp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004939 }
4940 else {
4941 /* free previously allocated memory */
Willy Tarreau63963c62007-05-13 21:29:55 +02004942 pool_free2(apools.sessid, local_asession.sessid);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004943 }
Willy Tarreau51041c72007-09-09 21:56:53 +02004944
Willy Tarreau0c303ee2008-07-07 00:09:58 +02004945 asession_temp->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004946 asession_temp->request_count++;
Willy Tarreau51041c72007-09-09 21:56:53 +02004947
Willy Tarreau58f10d72006-12-04 02:26:12 +01004948#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004949 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02004950 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01004951#endif
4952 if (asession_temp->serverid == NULL) {
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02004953 /* TODO redispatch request */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004954 Alert("Found Application Session without matching server.\n");
4955 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004956 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004957 while (srv) {
4958 if (strcmp(srv->id, asession_temp->serverid) == 0) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004959 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004960 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01004961 txn->flags &= ~TX_CK_MASK;
4962 txn->flags |= TX_CK_VALID;
4963 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004964 t->srv = srv;
4965 break;
4966 } else {
Willy Tarreau3d300592007-03-18 18:34:41 +01004967 txn->flags &= ~TX_CK_MASK;
4968 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004969 }
4970 }
4971 srv = srv->next;
4972 }
4973 }
4974}
4975
4976
Willy Tarreaub2513902006-12-17 14:52:38 +01004977/*
Willy Tarreau0214c3a2007-01-07 13:47:30 +01004978 * In a GET or HEAD request, check if the requested URI matches the stats uri
4979 * for the current backend, and if an authorization has been passed and is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01004980 *
Willy Tarreau0214c3a2007-01-07 13:47:30 +01004981 * It is assumed that the request is either a HEAD or GET and that the
Willy Tarreaue2e27a52007-04-01 00:01:37 +02004982 * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or
Willy Tarreau0214c3a2007-01-07 13:47:30 +01004983 * produce_content() can be called to start sending data.
Willy Tarreaub2513902006-12-17 14:52:38 +01004984 *
4985 * Returns 1 if the session's state changes, otherwise 0.
4986 */
4987int stats_check_uri_auth(struct session *t, struct proxy *backend)
4988{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004989 struct http_txn *txn = &t->txn;
Willy Tarreaub2513902006-12-17 14:52:38 +01004990 struct uri_auth *uri_auth = backend->uri_auth;
4991 struct user_auth *user;
4992 int authenticated, cur_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004993 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01004994
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01004995 memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
4996
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004997 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004998 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01004999 return 0;
5000
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005001 h = t->req->data + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005002
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005003 /* the URI is in h */
5004 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01005005 return 0;
5006
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005007 h += uri_auth->uri_len;
5008 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
5009 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005010 t->data_ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005011 break;
5012 }
5013 h++;
5014 }
5015
5016 if (uri_auth->refresh) {
5017 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5018 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
5019 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005020 t->data_ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005021 break;
5022 }
5023 h++;
5024 }
5025 }
5026
Willy Tarreau55bb8452007-10-17 18:44:57 +02005027 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5028 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
5029 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005030 t->data_ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02005031 break;
5032 }
5033 h++;
5034 }
5035
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005036 t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
5037
Willy Tarreaub2513902006-12-17 14:52:38 +01005038 /* we are in front of a interceptable URI. Let's check
5039 * if there's an authentication and if it's valid.
5040 */
5041 user = uri_auth->users;
5042 if (!user) {
5043 /* no user auth required, it's OK */
5044 authenticated = 1;
5045 } else {
5046 authenticated = 0;
5047
5048 /* a user list is defined, we have to check.
5049 * skip 21 chars for "Authorization: Basic ".
5050 */
5051
5052 /* FIXME: this should move to an earlier place */
5053 cur_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005054 h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
5055 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5056 int len = txn->hdr_idx.v[cur_idx].len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005057 if (len > 14 &&
5058 !strncasecmp("Authorization:", h, 14)) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005059 txn->auth_hdr.str = h;
5060 txn->auth_hdr.len = len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005061 break;
5062 }
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005063 h += len + txn->hdr_idx.v[cur_idx].cr + 1;
Willy Tarreaub2513902006-12-17 14:52:38 +01005064 }
5065
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005066 if (txn->auth_hdr.len < 21 ||
5067 memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
Willy Tarreaub2513902006-12-17 14:52:38 +01005068 user = NULL;
5069
5070 while (user) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005071 if ((txn->auth_hdr.len == user->user_len + 14 + 7)
5072 && !memcmp(txn->auth_hdr.str + 14 + 7,
Willy Tarreaub2513902006-12-17 14:52:38 +01005073 user->user_pwd, user->user_len)) {
5074 authenticated = 1;
5075 break;
5076 }
5077 user = user->next;
5078 }
5079 }
5080
5081 if (!authenticated) {
Willy Tarreau0f772532006-12-23 20:51:41 +01005082 struct chunk msg;
Willy Tarreaub2513902006-12-17 14:52:38 +01005083
5084 /* no need to go further */
Willy Tarreau0f772532006-12-23 20:51:41 +01005085 msg.str = trash;
5086 msg.len = sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm);
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005087 txn->status = 401;
Willy Tarreau0f772532006-12-23 20:51:41 +01005088 client_retnclose(t, &msg);
Willy Tarreauf8533202008-08-16 14:55:08 +02005089 trace_term(t, TT_HTTP_URI_1);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005090 t->analysis &= ~AN_REQ_ANY;
Willy Tarreaub2513902006-12-17 14:52:38 +01005091 if (!(t->flags & SN_ERR_MASK))
5092 t->flags |= SN_ERR_PRXCOND;
5093 if (!(t->flags & SN_FINST_MASK))
5094 t->flags |= SN_FINST_R;
5095 return 1;
5096 }
5097
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005098 /* The request is valid, the user is authenticated. Let's start sending
Willy Tarreaub2513902006-12-17 14:52:38 +01005099 * data.
5100 */
Willy Tarreau284c7b32008-06-29 16:38:43 +02005101 EV_FD_CLR(t->cli_fd, DIR_RD);
5102 buffer_shutr(t->req);
5103 buffer_shutr(t->rep);
Willy Tarreaub2513902006-12-17 14:52:38 +01005104 t->req->rlim = t->req->data + BUFSIZE; /* no more rewrite needed */
Willy Tarreau70089872008-06-13 21:12:51 +02005105 t->logs.tv_request = now;
Willy Tarreaub2513902006-12-17 14:52:38 +01005106 t->data_source = DATA_SRC_STATS;
5107 t->data_state = DATA_ST_INIT;
Willy Tarreau91e99932008-06-30 07:51:00 +02005108 t->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub2513902006-12-17 14:52:38 +01005109 produce_content(t);
5110 return 1;
5111}
5112
5113
Willy Tarreaubaaee002006-06-26 02:48:02 +02005114/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01005115 * Print a debug line with a header
5116 */
5117void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
5118{
5119 int len, max;
5120 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
5121 dir, (unsigned short)t->cli_fd, (unsigned short)t->srv_fd);
5122 max = end - start;
5123 UBOUND(max, sizeof(trash) - len - 1);
5124 len += strlcpy2(trash + len, start, max + 1);
5125 trash[len++] = '\n';
5126 write(1, trash, len);
5127}
5128
5129
Willy Tarreau8797c062007-05-07 00:55:35 +02005130/************************************************************************/
5131/* The code below is dedicated to ACL parsing and matching */
5132/************************************************************************/
5133
5134
5135
5136
5137/* 1. Check on METHOD
5138 * We use the pre-parsed method if it is known, and store its number as an
5139 * integer. If it is unknown, we use the pointer and the length.
5140 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005141static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005142{
5143 int len, meth;
5144
Willy Tarreauae8b7962007-06-09 23:10:04 +02005145 len = strlen(*text);
5146 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02005147
5148 pattern->val.i = meth;
5149 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02005150 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005151 if (!pattern->ptr.str)
5152 return 0;
5153 pattern->len = len;
5154 }
5155 return 1;
5156}
5157
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005158static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005159acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
5160 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005161{
5162 int meth;
5163 struct http_txn *txn = l7;
5164
Willy Tarreaub6866442008-07-14 23:54:42 +02005165 if (!txn)
5166 return 0;
5167
Willy Tarreauc11416f2007-06-17 16:58:38 +02005168 if (txn->req.msg_state != HTTP_MSG_BODY)
5169 return 0;
5170
Willy Tarreau8797c062007-05-07 00:55:35 +02005171 meth = txn->meth;
5172 test->i = meth;
5173 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02005174 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5175 /* ensure the indexes are not affected */
5176 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02005177 test->len = txn->req.sl.rq.m_l;
5178 test->ptr = txn->req.sol;
5179 }
5180 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5181 return 1;
5182}
5183
5184static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
5185{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005186 int icase;
5187
Willy Tarreau8797c062007-05-07 00:55:35 +02005188 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02005189 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02005190
5191 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02005192 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005193
5194 /* Other method, we must compare the strings */
5195 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02005196 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02005197
5198 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
5199 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
5200 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02005201 return ACL_PAT_FAIL;
5202 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02005203}
5204
5205/* 2. Check on Request/Status Version
5206 * We simply compare strings here.
5207 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02005208static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02005209{
Willy Tarreauae8b7962007-06-09 23:10:04 +02005210 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005211 if (!pattern->ptr.str)
5212 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02005213 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02005214 return 1;
5215}
5216
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005217static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005218acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
5219 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005220{
5221 struct http_txn *txn = l7;
5222 char *ptr;
5223 int len;
5224
Willy Tarreaub6866442008-07-14 23:54:42 +02005225 if (!txn)
5226 return 0;
5227
Willy Tarreauc11416f2007-06-17 16:58:38 +02005228 if (txn->req.msg_state != HTTP_MSG_BODY)
5229 return 0;
5230
Willy Tarreau8797c062007-05-07 00:55:35 +02005231 len = txn->req.sl.rq.v_l;
5232 ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som;
5233
5234 while ((len-- > 0) && (*ptr++ != '/'));
5235 if (len <= 0)
5236 return 0;
5237
5238 test->ptr = ptr;
5239 test->len = len;
5240
5241 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5242 return 1;
5243}
5244
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005245static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005246acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
5247 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005248{
5249 struct http_txn *txn = l7;
5250 char *ptr;
5251 int len;
5252
Willy Tarreaub6866442008-07-14 23:54:42 +02005253 if (!txn)
5254 return 0;
5255
Willy Tarreauc11416f2007-06-17 16:58:38 +02005256 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5257 return 0;
5258
Willy Tarreau8797c062007-05-07 00:55:35 +02005259 len = txn->rsp.sl.st.v_l;
5260 ptr = txn->rsp.sol;
5261
5262 while ((len-- > 0) && (*ptr++ != '/'));
5263 if (len <= 0)
5264 return 0;
5265
5266 test->ptr = ptr;
5267 test->len = len;
5268
5269 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
5270 return 1;
5271}
5272
5273/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005274static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005275acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
5276 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005277{
5278 struct http_txn *txn = l7;
5279 char *ptr;
5280 int len;
5281
Willy Tarreaub6866442008-07-14 23:54:42 +02005282 if (!txn)
5283 return 0;
5284
Willy Tarreauc11416f2007-06-17 16:58:38 +02005285 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5286 return 0;
5287
Willy Tarreau8797c062007-05-07 00:55:35 +02005288 len = txn->rsp.sl.st.c_l;
5289 ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som;
5290
5291 test->i = __strl2ui(ptr, len);
5292 test->flags = ACL_TEST_F_VOL_1ST;
5293 return 1;
5294}
5295
5296/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02005297static int
Willy Tarreau97be1452007-06-10 11:47:14 +02005298acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
5299 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02005300{
5301 struct http_txn *txn = l7;
5302
Willy Tarreaub6866442008-07-14 23:54:42 +02005303 if (!txn)
5304 return 0;
5305
Willy Tarreauc11416f2007-06-17 16:58:38 +02005306 if (txn->req.msg_state != HTTP_MSG_BODY)
5307 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005308
Willy Tarreauc11416f2007-06-17 16:58:38 +02005309 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5310 /* ensure the indexes are not affected */
5311 return 0;
5312
Willy Tarreau8797c062007-05-07 00:55:35 +02005313 test->len = txn->req.sl.rq.u_l;
5314 test->ptr = txn->req.sol + txn->req.sl.rq.u;
5315
Willy Tarreauf3d25982007-05-08 22:45:09 +02005316 /* we do not need to set READ_ONLY because the data is in a buffer */
5317 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02005318 return 1;
5319}
5320
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005321static int
5322acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
5323 struct acl_expr *expr, struct acl_test *test)
5324{
5325 struct http_txn *txn = l7;
5326
Willy Tarreaub6866442008-07-14 23:54:42 +02005327 if (!txn)
5328 return 0;
5329
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005330 if (txn->req.msg_state != HTTP_MSG_BODY)
5331 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005332
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005333 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5334 /* ensure the indexes are not affected */
5335 return 0;
5336
5337 /* Parse HTTP request */
5338 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5339 test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr;
5340 test->i = AF_INET;
5341
5342 /*
5343 * If we are parsing url in frontend space, we prepare backend stage
5344 * to not parse again the same url ! optimization lazyness...
5345 */
5346 if (px->options & PR_O_HTTP_PROXY)
5347 l4->flags |= SN_ADDR_SET;
5348
5349 test->flags = ACL_TEST_F_READ_ONLY;
5350 return 1;
5351}
5352
5353static int
5354acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
5355 struct acl_expr *expr, struct acl_test *test)
5356{
5357 struct http_txn *txn = l7;
5358
Willy Tarreaub6866442008-07-14 23:54:42 +02005359 if (!txn)
5360 return 0;
5361
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005362 if (txn->req.msg_state != HTTP_MSG_BODY)
5363 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005364
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01005365 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5366 /* ensure the indexes are not affected */
5367 return 0;
5368
5369 /* Same optimization as url_ip */
5370 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
5371 test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port);
5372
5373 if (px->options & PR_O_HTTP_PROXY)
5374 l4->flags |= SN_ADDR_SET;
5375
5376 test->flags = ACL_TEST_F_READ_ONLY;
5377 return 1;
5378}
5379
Willy Tarreauc11416f2007-06-17 16:58:38 +02005380/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
5381 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
5382 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02005383static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005384acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005385 struct acl_expr *expr, struct acl_test *test)
5386{
5387 struct http_txn *txn = l7;
5388 struct hdr_idx *idx = &txn->hdr_idx;
5389 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005390
Willy Tarreaub6866442008-07-14 23:54:42 +02005391 if (!txn)
5392 return 0;
5393
Willy Tarreau33a7e692007-06-10 19:45:56 +02005394 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5395 /* search for header from the beginning */
5396 ctx->idx = 0;
5397
Willy Tarreau33a7e692007-06-10 19:45:56 +02005398 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5399 test->flags |= ACL_TEST_F_FETCH_MORE;
5400 test->flags |= ACL_TEST_F_VOL_HDR;
5401 test->len = ctx->vlen;
5402 test->ptr = (char *)ctx->line + ctx->val;
5403 return 1;
5404 }
5405
5406 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5407 test->flags |= ACL_TEST_F_VOL_HDR;
5408 return 0;
5409}
5410
Willy Tarreau33a7e692007-06-10 19:45:56 +02005411static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005412acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
5413 struct acl_expr *expr, struct acl_test *test)
5414{
5415 struct http_txn *txn = l7;
5416
Willy Tarreaub6866442008-07-14 23:54:42 +02005417 if (!txn)
5418 return 0;
5419
Willy Tarreauc11416f2007-06-17 16:58:38 +02005420 if (txn->req.msg_state != HTTP_MSG_BODY)
5421 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005422
Willy Tarreauc11416f2007-06-17 16:58:38 +02005423 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5424 /* ensure the indexes are not affected */
5425 return 0;
5426
5427 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
5428}
5429
5430static int
5431acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
5432 struct acl_expr *expr, struct acl_test *test)
5433{
5434 struct http_txn *txn = l7;
5435
Willy Tarreaub6866442008-07-14 23:54:42 +02005436 if (!txn)
5437 return 0;
5438
Willy Tarreauc11416f2007-06-17 16:58:38 +02005439 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5440 return 0;
5441
5442 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
5443}
5444
5445/* 6. Check on HTTP header count. The number of occurrences is returned.
5446 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
5447 */
5448static int
5449acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005450 struct acl_expr *expr, struct acl_test *test)
5451{
5452 struct http_txn *txn = l7;
5453 struct hdr_idx *idx = &txn->hdr_idx;
5454 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005455 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02005456
Willy Tarreaub6866442008-07-14 23:54:42 +02005457 if (!txn)
5458 return 0;
5459
Willy Tarreau33a7e692007-06-10 19:45:56 +02005460 ctx.idx = 0;
5461 cnt = 0;
5462 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
5463 cnt++;
5464
5465 test->i = cnt;
5466 test->flags = ACL_TEST_F_VOL_HDR;
5467 return 1;
5468}
5469
Willy Tarreauc11416f2007-06-17 16:58:38 +02005470static int
5471acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5472 struct acl_expr *expr, struct acl_test *test)
5473{
5474 struct http_txn *txn = l7;
5475
Willy Tarreaub6866442008-07-14 23:54:42 +02005476 if (!txn)
5477 return 0;
5478
Willy Tarreauc11416f2007-06-17 16:58:38 +02005479 if (txn->req.msg_state != HTTP_MSG_BODY)
5480 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005481
Willy Tarreauc11416f2007-06-17 16:58:38 +02005482 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5483 /* ensure the indexes are not affected */
5484 return 0;
5485
5486 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
5487}
5488
5489static int
5490acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
5491 struct acl_expr *expr, struct acl_test *test)
5492{
5493 struct http_txn *txn = l7;
5494
Willy Tarreaub6866442008-07-14 23:54:42 +02005495 if (!txn)
5496 return 0;
5497
Willy Tarreauc11416f2007-06-17 16:58:38 +02005498 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5499 return 0;
5500
5501 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
5502}
5503
Willy Tarreau33a7e692007-06-10 19:45:56 +02005504/* 7. Check on HTTP header's integer value. The integer value is returned.
5505 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02005506 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02005507 */
5508static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02005509acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02005510 struct acl_expr *expr, struct acl_test *test)
5511{
5512 struct http_txn *txn = l7;
5513 struct hdr_idx *idx = &txn->hdr_idx;
5514 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005515
Willy Tarreaub6866442008-07-14 23:54:42 +02005516 if (!txn)
5517 return 0;
5518
Willy Tarreau33a7e692007-06-10 19:45:56 +02005519 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
5520 /* search for header from the beginning */
5521 ctx->idx = 0;
5522
Willy Tarreau33a7e692007-06-10 19:45:56 +02005523 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
5524 test->flags |= ACL_TEST_F_FETCH_MORE;
5525 test->flags |= ACL_TEST_F_VOL_HDR;
5526 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
5527 return 1;
5528 }
5529
5530 test->flags &= ~ACL_TEST_F_FETCH_MORE;
5531 test->flags |= ACL_TEST_F_VOL_HDR;
5532 return 0;
5533}
5534
Willy Tarreauc11416f2007-06-17 16:58:38 +02005535static int
5536acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5537 struct acl_expr *expr, struct acl_test *test)
5538{
5539 struct http_txn *txn = l7;
5540
Willy Tarreaub6866442008-07-14 23:54:42 +02005541 if (!txn)
5542 return 0;
5543
Willy Tarreauc11416f2007-06-17 16:58:38 +02005544 if (txn->req.msg_state != HTTP_MSG_BODY)
5545 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005546
Willy Tarreauc11416f2007-06-17 16:58:38 +02005547 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5548 /* ensure the indexes are not affected */
5549 return 0;
5550
5551 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
5552}
5553
5554static int
5555acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
5556 struct acl_expr *expr, struct acl_test *test)
5557{
5558 struct http_txn *txn = l7;
5559
Willy Tarreaub6866442008-07-14 23:54:42 +02005560 if (!txn)
5561 return 0;
5562
Willy Tarreauc11416f2007-06-17 16:58:38 +02005563 if (txn->rsp.msg_state != HTTP_MSG_BODY)
5564 return 0;
5565
5566 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
5567}
5568
Willy Tarreau737b0c12007-06-10 21:28:46 +02005569/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
5570 * the first '/' after the possible hostname, and ends before the possible '?'.
5571 */
5572static int
5573acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
5574 struct acl_expr *expr, struct acl_test *test)
5575{
5576 struct http_txn *txn = l7;
5577 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02005578
Willy Tarreaub6866442008-07-14 23:54:42 +02005579 if (!txn)
5580 return 0;
5581
Willy Tarreauc11416f2007-06-17 16:58:38 +02005582 if (txn->req.msg_state != HTTP_MSG_BODY)
5583 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02005584
Willy Tarreauc11416f2007-06-17 16:58:38 +02005585 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
5586 /* ensure the indexes are not affected */
5587 return 0;
5588
Willy Tarreau21d2af32008-02-14 20:25:24 +01005589 end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
5590 ptr = http_get_path(txn);
5591 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02005592 return 0;
5593
5594 /* OK, we got the '/' ! */
5595 test->ptr = ptr;
5596
5597 while (ptr < end && *ptr != '?')
5598 ptr++;
5599
5600 test->len = ptr - test->ptr;
5601
5602 /* we do not need to set READ_ONLY because the data is in a buffer */
5603 test->flags = ACL_TEST_F_VOL_1ST;
5604 return 1;
5605}
5606
5607
Willy Tarreau8797c062007-05-07 00:55:35 +02005608
5609/************************************************************************/
5610/* All supported keywords must be declared here. */
5611/************************************************************************/
5612
5613/* Note: must not be declared <const> as its list will be overwritten */
5614static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005615 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
5616 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5617 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5618 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02005619
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005620 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5621 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5622 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5623 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5624 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5625 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5626 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5627 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
5628 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02005629
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005630 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
5631 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5632 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5633 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5634 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5635 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5636 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5637 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
5638 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
5639 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreauc11416f2007-06-17 16:58:38 +02005640
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005641 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
5642 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
5643 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
5644 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
5645 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
5646 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
5647 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
5648 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
5649 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005650
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02005651 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
5652 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
5653 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
5654 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
5655 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
5656 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
5657 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02005658
Willy Tarreauf3d25982007-05-08 22:45:09 +02005659 { NULL, NULL, NULL, NULL },
5660
5661#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02005662 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
5663 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
5664 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
5665 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
5666 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
5667 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
5668 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
5669
Willy Tarreau8797c062007-05-07 00:55:35 +02005670 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
5671 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
5672 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
5673 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
5674 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
5675 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
5676 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
5677 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
5678
5679 { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str },
5680 { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg },
5681 { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str },
5682 { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 },
5683 { NULL, NULL, NULL, NULL },
5684#endif
5685}};
5686
5687
5688__attribute__((constructor))
5689static void __http_protocol_init(void)
5690{
5691 acl_register_keywords(&acl_kws);
5692}
5693
5694
Willy Tarreau58f10d72006-12-04 02:26:12 +01005695/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02005696 * Local variables:
5697 * c-indent-level: 8
5698 * c-basic-offset: 8
5699 * End:
5700 */