blob: 321f9c92cacd20fdf30eadfeb67032b70b752266 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01004 * Copyright 2000-2010 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
27#include <common/compat.h>
28#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010029#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020030#include <common/memory.h>
31#include <common/mini-clist.h>
32#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020033#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/time.h>
35#include <common/uri_auth.h>
36#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020037
38#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020039#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040
Willy Tarreau8797c062007-05-07 00:55:35 +020041#include <proto/acl.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020042#include <proto/backend.h>
43#include <proto/buffers.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010044#include <proto/checks.h>
Maik Broemme2850cb42009-04-17 18:53:21 +020045#include <proto/client.h>
Willy Tarreau91861262007-10-17 17:06:05 +020046#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020047#include <proto/fd.h>
48#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010049#include <proto/hdr_idx.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020050#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020051#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010052#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/queue.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010054#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010056#include <proto/stream_interface.h>
Willy Tarreau2d212792008-08-27 21:41:35 +020057#include <proto/stream_sock.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020058#include <proto/task.h>
59
Willy Tarreau522d6c02009-12-06 18:49:18 +010060const char HTTP_100[] =
61 "HTTP/1.1 100 Continue\r\n\r\n";
62
63const struct chunk http_100_chunk = {
64 .str = (char *)&HTTP_100,
65 .len = sizeof(HTTP_100)-1
66};
67
Willy Tarreau1c47f852006-07-09 08:22:27 +020068/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010069const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020070 "HTTP/1.0 200 OK\r\n"
71 "Cache-Control: no-cache\r\n"
72 "Connection: close\r\n"
73 "Content-Type: text/html\r\n"
74 "\r\n"
75 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
76
Willy Tarreau0f772532006-12-23 20:51:41 +010077const struct chunk http_200_chunk = {
78 .str = (char *)&HTTP_200,
79 .len = sizeof(HTTP_200)-1
80};
81
Willy Tarreaua9679ac2010-01-03 17:32:57 +010082/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020083const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010084 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020085 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010086 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020087 "Location: "; /* not terminated since it will be concatenated with the URL */
88
Willy Tarreau0f772532006-12-23 20:51:41 +010089const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010090 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010091 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010092 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010093 "Location: "; /* not terminated since it will be concatenated with the URL */
94
95/* same as 302 except that the browser MUST retry with the GET method */
96const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010097 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010098 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010099 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100100 "Location: "; /* not terminated since it will be concatenated with the URL */
101
Willy Tarreaubaaee002006-06-26 02:48:02 +0200102/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
103const char *HTTP_401_fmt =
104 "HTTP/1.0 401 Unauthorized\r\n"
105 "Cache-Control: no-cache\r\n"
106 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200107 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200108 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
109 "\r\n"
110 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
111
Willy Tarreau0f772532006-12-23 20:51:41 +0100112
113const int http_err_codes[HTTP_ERR_SIZE] = {
114 [HTTP_ERR_400] = 400,
115 [HTTP_ERR_403] = 403,
116 [HTTP_ERR_408] = 408,
117 [HTTP_ERR_500] = 500,
118 [HTTP_ERR_502] = 502,
119 [HTTP_ERR_503] = 503,
120 [HTTP_ERR_504] = 504,
121};
122
Willy Tarreau80587432006-12-24 17:47:20 +0100123static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100124 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100125 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100126 "Cache-Control: no-cache\r\n"
127 "Connection: close\r\n"
128 "Content-Type: text/html\r\n"
129 "\r\n"
130 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
131
132 [HTTP_ERR_403] =
133 "HTTP/1.0 403 Forbidden\r\n"
134 "Cache-Control: no-cache\r\n"
135 "Connection: close\r\n"
136 "Content-Type: text/html\r\n"
137 "\r\n"
138 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
139
140 [HTTP_ERR_408] =
141 "HTTP/1.0 408 Request Time-out\r\n"
142 "Cache-Control: no-cache\r\n"
143 "Connection: close\r\n"
144 "Content-Type: text/html\r\n"
145 "\r\n"
146 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
147
148 [HTTP_ERR_500] =
149 "HTTP/1.0 500 Server Error\r\n"
150 "Cache-Control: no-cache\r\n"
151 "Connection: close\r\n"
152 "Content-Type: text/html\r\n"
153 "\r\n"
154 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
155
156 [HTTP_ERR_502] =
157 "HTTP/1.0 502 Bad Gateway\r\n"
158 "Cache-Control: no-cache\r\n"
159 "Connection: close\r\n"
160 "Content-Type: text/html\r\n"
161 "\r\n"
162 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
163
164 [HTTP_ERR_503] =
165 "HTTP/1.0 503 Service Unavailable\r\n"
166 "Cache-Control: no-cache\r\n"
167 "Connection: close\r\n"
168 "Content-Type: text/html\r\n"
169 "\r\n"
170 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
171
172 [HTTP_ERR_504] =
173 "HTTP/1.0 504 Gateway Time-out\r\n"
174 "Cache-Control: no-cache\r\n"
175 "Connection: close\r\n"
176 "Content-Type: text/html\r\n"
177 "\r\n"
178 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
179
180};
181
Willy Tarreau80587432006-12-24 17:47:20 +0100182/* We must put the messages here since GCC cannot initialize consts depending
183 * on strlen().
184 */
185struct chunk http_err_chunks[HTTP_ERR_SIZE];
186
Willy Tarreau42250582007-04-01 01:30:43 +0200187#define FD_SETS_ARE_BITFIELDS
188#ifdef FD_SETS_ARE_BITFIELDS
189/*
190 * This map is used with all the FD_* macros to check whether a particular bit
191 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
192 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
193 * byte should be encoded. Be careful to always pass bytes from 0 to 255
194 * exclusively to the macros.
195 */
196fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
197fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
198
199#else
200#error "Check if your OS uses bitfields for fd_sets"
201#endif
202
Willy Tarreau80587432006-12-24 17:47:20 +0100203void init_proto_http()
204{
Willy Tarreau42250582007-04-01 01:30:43 +0200205 int i;
206 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100207 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200208
Willy Tarreau80587432006-12-24 17:47:20 +0100209 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
210 if (!http_err_msgs[msg]) {
211 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
212 abort();
213 }
214
215 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
216 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
217 }
Willy Tarreau42250582007-04-01 01:30:43 +0200218
219 /* initialize the log header encoding map : '{|}"#' should be encoded with
220 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
221 * URL encoding only requires '"', '#' to be encoded as well as non-
222 * printable characters above.
223 */
224 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
225 memset(url_encode_map, 0, sizeof(url_encode_map));
226 for (i = 0; i < 32; i++) {
227 FD_SET(i, hdr_encode_map);
228 FD_SET(i, url_encode_map);
229 }
230 for (i = 127; i < 256; i++) {
231 FD_SET(i, hdr_encode_map);
232 FD_SET(i, url_encode_map);
233 }
234
235 tmp = "\"#{|}";
236 while (*tmp) {
237 FD_SET(*tmp, hdr_encode_map);
238 tmp++;
239 }
240
241 tmp = "\"#";
242 while (*tmp) {
243 FD_SET(*tmp, url_encode_map);
244 tmp++;
245 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200246
247 /* memory allocations */
248 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200249 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100250}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200251
Willy Tarreau53b6c742006-12-17 13:37:46 +0100252/*
253 * We have 26 list of methods (1 per first letter), each of which can have
254 * up to 3 entries (2 valid, 1 null).
255 */
256struct http_method_desc {
257 http_meth_t meth;
258 int len;
259 const char text[8];
260};
261
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100262const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100263 ['C' - 'A'] = {
264 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
265 },
266 ['D' - 'A'] = {
267 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
268 },
269 ['G' - 'A'] = {
270 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
271 },
272 ['H' - 'A'] = {
273 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
274 },
275 ['P' - 'A'] = {
276 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
277 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
278 },
279 ['T' - 'A'] = {
280 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
281 },
282 /* rest is empty like this :
283 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
284 */
285};
286
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100287/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200288 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100289 * RFC2616 for those chars.
290 */
291
292const char http_is_spht[256] = {
293 [' '] = 1, ['\t'] = 1,
294};
295
296const char http_is_crlf[256] = {
297 ['\r'] = 1, ['\n'] = 1,
298};
299
300const char http_is_lws[256] = {
301 [' '] = 1, ['\t'] = 1,
302 ['\r'] = 1, ['\n'] = 1,
303};
304
305const char http_is_sep[256] = {
306 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
307 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
308 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
309 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
310 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
311};
312
313const char http_is_ctl[256] = {
314 [0 ... 31] = 1,
315 [127] = 1,
316};
317
318/*
319 * A token is any ASCII char that is neither a separator nor a CTL char.
320 * Do not overwrite values in assignment since gcc-2.95 will not handle
321 * them correctly. Instead, define every non-CTL char's status.
322 */
323const char http_is_token[256] = {
324 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
325 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
326 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
327 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
328 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
329 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
330 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
331 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
332 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
333 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
334 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
335 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
336 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
337 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
338 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
339 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
340 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
341 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
342 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
343 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
344 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
345 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
346 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
347 ['|'] = 1, ['}'] = 0, ['~'] = 1,
348};
349
350
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100351/*
352 * An http ver_token is any ASCII which can be found in an HTTP version,
353 * which includes 'H', 'T', 'P', '/', '.' and any digit.
354 */
355const char http_is_ver_token[256] = {
356 ['.'] = 1, ['/'] = 1,
357 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
358 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
359 ['H'] = 1, ['P'] = 1, ['T'] = 1,
360};
361
362
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100363/*
364 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
365 * CRLF. Text length is measured first, so it cannot be NULL.
366 * The header is also automatically added to the index <hdr_idx>, and the end
367 * of headers is automatically adjusted. The number of bytes added is returned
368 * on success, otherwise <0 is returned indicating an error.
369 */
370int http_header_add_tail(struct buffer *b, struct http_msg *msg,
371 struct hdr_idx *hdr_idx, const char *text)
372{
373 int bytes, len;
374
375 len = strlen(text);
376 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
377 if (!bytes)
378 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100379 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100380 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
381}
382
383/*
384 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
385 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
386 * the buffer is only opened and the space reserved, but nothing is copied.
387 * The header is also automatically added to the index <hdr_idx>, and the end
388 * of headers is automatically adjusted. The number of bytes added is returned
389 * on success, otherwise <0 is returned indicating an error.
390 */
391int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
392 struct hdr_idx *hdr_idx, const char *text, int len)
393{
394 int bytes;
395
396 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
397 if (!bytes)
398 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100399 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100400 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
401}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200402
403/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100404 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
405 * If so, returns the position of the first non-space character relative to
406 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
407 * to return a pointer to the place after the first space. Returns 0 if the
408 * header name does not match. Checks are case-insensitive.
409 */
410int http_header_match2(const char *hdr, const char *end,
411 const char *name, int len)
412{
413 const char *val;
414
415 if (hdr + len >= end)
416 return 0;
417 if (hdr[len] != ':')
418 return 0;
419 if (strncasecmp(hdr, name, len) != 0)
420 return 0;
421 val = hdr + len + 1;
422 while (val < end && HTTP_IS_SPHT(*val))
423 val++;
424 if ((val >= end) && (len + 2 <= end - hdr))
425 return len + 2; /* we may replace starting from second space */
426 return val - hdr;
427}
428
Willy Tarreau33a7e692007-06-10 19:45:56 +0200429/* Find the end of the header value contained between <s> and <e>.
430 * See RFC2616, par 2.2 for more information. Note that it requires
431 * a valid header to return a valid result.
432 */
433const char *find_hdr_value_end(const char *s, const char *e)
434{
435 int quoted, qdpair;
436
437 quoted = qdpair = 0;
438 for (; s < e; s++) {
439 if (qdpair) qdpair = 0;
440 else if (quoted && *s == '\\') qdpair = 1;
441 else if (quoted && *s == '"') quoted = 0;
442 else if (*s == '"') quoted = 1;
443 else if (*s == ',') return s;
444 }
445 return s;
446}
447
448/* Find the first or next occurrence of header <name> in message buffer <sol>
449 * using headers index <idx>, and return it in the <ctx> structure. This
450 * structure holds everything necessary to use the header and find next
451 * occurrence. If its <idx> member is 0, the header is searched from the
452 * beginning. Otherwise, the next occurrence is returned. The function returns
453 * 1 when it finds a value, and 0 when there is no more.
454 */
455int http_find_header2(const char *name, int len,
456 const char *sol, struct hdr_idx *idx,
457 struct hdr_ctx *ctx)
458{
Willy Tarreau33a7e692007-06-10 19:45:56 +0200459 const char *eol, *sov;
460 int cur_idx;
461
462 if (ctx->idx) {
463 /* We have previously returned a value, let's search
464 * another one on the same line.
465 */
466 cur_idx = ctx->idx;
467 sol = ctx->line;
468 sov = sol + ctx->val + ctx->vlen;
469 eol = sol + idx->v[cur_idx].len;
470
471 if (sov >= eol)
472 /* no more values in this header */
473 goto next_hdr;
474
475 /* values remaining for this header, skip the comma */
476 sov++;
477 while (sov < eol && http_is_lws[(unsigned char)*sov])
478 sov++;
479
480 goto return_hdr;
481 }
482
483 /* first request for this header */
484 sol += hdr_idx_first_pos(idx);
485 cur_idx = hdr_idx_first_idx(idx);
486
487 while (cur_idx) {
488 eol = sol + idx->v[cur_idx].len;
489
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200490 if (len == 0) {
491 /* No argument was passed, we want any header.
492 * To achieve this, we simply build a fake request. */
493 while (sol + len < eol && sol[len] != ':')
494 len++;
495 name = sol;
496 }
497
Willy Tarreau33a7e692007-06-10 19:45:56 +0200498 if ((len < eol - sol) &&
499 (sol[len] == ':') &&
500 (strncasecmp(sol, name, len) == 0)) {
501
502 sov = sol + len + 1;
503 while (sov < eol && http_is_lws[(unsigned char)*sov])
504 sov++;
505 return_hdr:
506 ctx->line = sol;
507 ctx->idx = cur_idx;
508 ctx->val = sov - sol;
509
510 eol = find_hdr_value_end(sov, eol);
511 ctx->vlen = eol - sov;
512 return 1;
513 }
514 next_hdr:
515 sol = eol + idx->v[cur_idx].cr + 1;
516 cur_idx = idx->v[cur_idx].next;
517 }
518 return 0;
519}
520
521int http_find_header(const char *name,
522 const char *sol, struct hdr_idx *idx,
523 struct hdr_ctx *ctx)
524{
525 return http_find_header2(name, strlen(name), sol, idx, ctx);
526}
527
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100528/* This function handles a server error at the stream interface level. The
529 * stream interface is assumed to be already in a closed state. An optional
530 * message is copied into the input buffer, and an HTTP status code stored.
531 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100532 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200533 */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100534static void http_server_error(struct session *t, struct stream_interface *si,
535 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200536{
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100537 buffer_erase(si->ob);
538 buffer_erase(si->ib);
Willy Tarreau520d95e2009-09-19 21:04:57 +0200539 buffer_auto_close(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100540 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100541 t->txn.status = status;
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100542 buffer_write(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200543 }
544 if (!(t->flags & SN_ERR_MASK))
545 t->flags |= err;
546 if (!(t->flags & SN_FINST_MASK))
547 t->flags |= finst;
548}
549
Willy Tarreau80587432006-12-24 17:47:20 +0100550/* This function returns the appropriate error location for the given session
551 * and message.
552 */
553
554struct chunk *error_message(struct session *s, int msgnum)
555{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200556 if (s->be->errmsg[msgnum].str)
557 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100558 else if (s->fe->errmsg[msgnum].str)
559 return &s->fe->errmsg[msgnum];
560 else
561 return &http_err_chunks[msgnum];
562}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200563
Willy Tarreau53b6c742006-12-17 13:37:46 +0100564/*
565 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
566 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
567 */
568static http_meth_t find_http_meth(const char *str, const int len)
569{
570 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100571 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100572
573 m = ((unsigned)*str - 'A');
574
575 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100576 for (h = http_methods[m]; h->len > 0; h++) {
577 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100578 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100579 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100580 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100581 };
582 return HTTP_METH_OTHER;
583 }
584 return HTTP_METH_NONE;
585
586}
587
Willy Tarreau21d2af32008-02-14 20:25:24 +0100588/* Parse the URI from the given transaction (which is assumed to be in request
589 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
590 * It is returned otherwise.
591 */
592static char *
593http_get_path(struct http_txn *txn)
594{
595 char *ptr, *end;
596
Willy Tarreaua95a1f42010-01-03 13:04:35 +0100597 ptr = txn->req.sol - txn->req.som + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100598 end = ptr + txn->req.sl.rq.u_l;
599
600 if (ptr >= end)
601 return NULL;
602
603 /* RFC2616, par. 5.1.2 :
604 * Request-URI = "*" | absuri | abspath | authority
605 */
606
607 if (*ptr == '*')
608 return NULL;
609
610 if (isalpha((unsigned char)*ptr)) {
611 /* this is a scheme as described by RFC3986, par. 3.1 */
612 ptr++;
613 while (ptr < end &&
614 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
615 ptr++;
616 /* skip '://' */
617 if (ptr == end || *ptr++ != ':')
618 return NULL;
619 if (ptr == end || *ptr++ != '/')
620 return NULL;
621 if (ptr == end || *ptr++ != '/')
622 return NULL;
623 }
624 /* skip [user[:passwd]@]host[:[port]] */
625
626 while (ptr < end && *ptr != '/')
627 ptr++;
628
629 if (ptr == end)
630 return NULL;
631
632 /* OK, we got the '/' ! */
633 return ptr;
634}
635
Willy Tarreauefb453c2008-10-26 20:49:47 +0100636/* Returns a 302 for a redirectable request. This may only be called just after
637 * the stream interface has moved to SI_ST_ASS. Unprocessable requests are
638 * left unchanged and will follow normal proxy processing.
639 */
Willy Tarreau55a8d0e2008-11-30 18:47:21 +0100640void perform_http_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100641{
642 struct http_txn *txn;
643 struct chunk rdr;
644 char *path;
645 int len;
646
647 /* 1: create the response header */
648 rdr.len = strlen(HTTP_302);
649 rdr.str = trash;
650 memcpy(rdr.str, HTTP_302, rdr.len);
651
652 /* 2: add the server's prefix */
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +0200653 if (rdr.len + s->srv->rdr_len > rdr.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100654 return;
655
656 memcpy(rdr.str + rdr.len, s->srv->rdr_pfx, s->srv->rdr_len);
657 rdr.len += s->srv->rdr_len;
658
659 /* 3: add the request URI */
660 txn = &s->txn;
661 path = http_get_path(txn);
662 if (!path)
663 return;
664
Willy Tarreaua95a1f42010-01-03 13:04:35 +0100665 len = txn->req.sl.rq.u_l + (txn->req.sol-txn->req.som+txn->req.sl.rq.u) - path;
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +0200666 if (rdr.len + len > rdr.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100667 return;
668
669 memcpy(rdr.str + rdr.len, path, len);
670 rdr.len += len;
Willy Tarreaua9679ac2010-01-03 17:32:57 +0100671 memcpy(rdr.str + rdr.len, "\r\nConnection: close\r\n\r\n", 23);
672 rdr.len += 23;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100673
674 /* prepare to return without error. */
Willy Tarreau99126c32008-11-27 10:30:51 +0100675 si->shutr(si);
676 si->shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100677 si->err_type = SI_ET_NONE;
678 si->err_loc = NULL;
679 si->state = SI_ST_CLO;
680
681 /* send the message */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100682 http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100683
684 /* FIXME: we should increase a counter of redirects per server and per backend. */
685 if (s->srv)
Willy Tarreau7f062c42009-03-05 18:43:00 +0100686 srv_inc_sess_ctr(s->srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100687}
688
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100689/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100690 * that the server side is closed. Note that err_type is actually a
691 * bitmask, where almost only aborts may be cumulated with other
692 * values. We consider that aborted operations are more important
693 * than timeouts or errors due to the fact that nobody else in the
694 * logs might explain incomplete retries. All others should avoid
695 * being cumulated. It should normally not be possible to have multiple
696 * aborts at once, but just in case, the first one in sequence is reported.
697 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100698void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100699{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100700 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100701
702 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100703 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
704 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100705 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100706 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
707 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100708 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100709 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
710 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100711 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100712 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
713 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100714 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100715 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
716 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100717 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100718 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
719 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100720 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100721 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
722 500, error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100723}
724
Willy Tarreau42250582007-04-01 01:30:43 +0200725extern const char sess_term_cond[8];
726extern const char sess_fin_state[8];
727extern const char *monthname[12];
728const char sess_cookie[4] = "NIDV"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie */
729const char sess_set_cookie[8] = "N1I3PD5R"; /* No set-cookie, unknown, Set-Cookie Inserted, unknown,
730 Set-cookie seen and left unchanged (passive), Set-cookie Deleted,
731 unknown, Set-cookie Rewritten */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200732struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200733struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100734
Emeric Brun3a058f32009-06-30 18:26:00 +0200735void http_sess_clflog(struct session *s)
736{
737 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
738 struct proxy *fe = s->fe;
739 struct proxy *be = s->be;
740 struct proxy *prx_log;
741 struct http_txn *txn = &s->txn;
742 int tolog, level, err;
743 char *uri, *h;
744 char *svid;
745 struct tm tm;
746 static char tmpline[MAX_SYSLOG_LEN];
747 int hdr;
748 size_t w;
749 int t_request;
750
751 prx_log = fe;
752 err = (s->flags & (SN_ERR_MASK | SN_REDISP)) ||
753 (s->conn_retries != be->conn_retries) ||
754 txn->status >= 500;
755
756 if (s->cli_addr.ss_family == AF_INET)
757 inet_ntop(AF_INET,
758 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
759 pn, sizeof(pn));
760 else
761 inet_ntop(AF_INET6,
762 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
763 pn, sizeof(pn));
764
765 get_gmtime(s->logs.accept_date.tv_sec, &tm);
766
767 /* FIXME: let's limit ourselves to frontend logging for now. */
768 tolog = fe->to_log;
769
770 h = tmpline;
771
772 w = snprintf(h, sizeof(tmpline),
773 "%s - - [%02d/%s/%04d:%02d:%02d:%02d +0000]",
774 pn,
775 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
776 tm.tm_hour, tm.tm_min, tm.tm_sec);
777 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
778 goto trunc;
779 h += w;
780
781 if (h >= tmpline + sizeof(tmpline) - 4)
782 goto trunc;
783
784 *(h++) = ' ';
785 *(h++) = '\"';
786 uri = txn->uri ? txn->uri : "<BADREQ>";
787 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
788 '#', url_encode_map, uri);
789 *(h++) = '\"';
790
791 w = snprintf(h, sizeof(tmpline) - (h - tmpline), " %d %lld", txn->status, s->logs.bytes_out);
792 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
793 goto trunc;
794 h += w;
795
796 if (h >= tmpline + sizeof(tmpline) - 9)
797 goto trunc;
798 memcpy(h, " \"-\" \"-\"", 8);
799 h += 8;
800
801 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
802 " %d %03d",
803 (s->cli_addr.ss_family == AF_INET) ?
804 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
805 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
806 (int)s->logs.accept_date.tv_usec/1000);
807 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
808 goto trunc;
809 h += w;
810
811 w = strlen(fe->id);
812 if (h >= tmpline + sizeof(tmpline) - 4 - w)
813 goto trunc;
814 *(h++) = ' ';
815 *(h++) = '\"';
816 memcpy(h, fe->id, w);
817 h += w;
818 *(h++) = '\"';
819
820 w = strlen(be->id);
821 if (h >= tmpline + sizeof(tmpline) - 4 - w)
822 goto trunc;
823 *(h++) = ' ';
824 *(h++) = '\"';
825 memcpy(h, be->id, w);
826 h += w;
827 *(h++) = '\"';
828
829 svid = (tolog & LW_SVID) ?
830 (s->data_source != DATA_SRC_STATS) ?
831 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
832
833 w = strlen(svid);
834 if (h >= tmpline + sizeof(tmpline) - 4 - w)
835 goto trunc;
836 *(h++) = ' ';
837 *(h++) = '\"';
838 memcpy(h, svid, w);
839 h += w;
840 *(h++) = '\"';
841
842 t_request = -1;
843 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
844 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
845 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
846 " %d %ld %ld %ld %ld",
847 t_request,
848 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
849 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
850 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
851 s->logs.t_close);
852 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
853 goto trunc;
854 h += w;
855
856 if (h >= tmpline + sizeof(tmpline) - 8)
857 goto trunc;
858 *(h++) = ' ';
859 *(h++) = '\"';
860 *(h++) = sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT];
861 *(h++) = sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT];
862 *(h++) = (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
863 *(h++) = (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-';
864 *(h++) = '\"';
865
866 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
867 " %d %d %d %d %d %ld %ld",
868 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
869 (s->conn_retries > 0) ? (be->conn_retries - s->conn_retries) : be->conn_retries,
870 s->logs.srv_queue_size, s->logs.prx_queue_size);
871
872 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
873 goto trunc;
874 h += w;
875
876 if (txn->cli_cookie) {
877 w = strlen(txn->cli_cookie);
878 if (h >= tmpline + sizeof(tmpline) - 4 - w)
879 goto trunc;
880 *(h++) = ' ';
881 *(h++) = '\"';
882 memcpy(h, txn->cli_cookie, w);
883 h += w;
884 *(h++) = '\"';
885 } else {
886 if (h >= tmpline + sizeof(tmpline) - 5)
887 goto trunc;
888 memcpy(h, " \"-\"", 4);
889 h += 4;
890 }
891
892 if (txn->srv_cookie) {
893 w = strlen(txn->srv_cookie);
894 if (h >= tmpline + sizeof(tmpline) - 4 - w)
895 goto trunc;
896 *(h++) = ' ';
897 *(h++) = '\"';
898 memcpy(h, txn->srv_cookie, w);
899 h += w;
900 *(h++) = '\"';
901 } else {
902 if (h >= tmpline + sizeof(tmpline) - 5)
903 goto trunc;
904 memcpy(h, " \"-\"", 4);
905 h += 4;
906 }
907
908 if ((fe->to_log & LW_REQHDR) && txn->req.cap) {
909 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
910 if (h >= sizeof (tmpline) + tmpline - 4)
911 goto trunc;
912 *(h++) = ' ';
913 *(h++) = '\"';
914 h = encode_string(h, tmpline + sizeof(tmpline) - 2,
915 '#', hdr_encode_map, txn->req.cap[hdr]);
916 *(h++) = '\"';
917 }
918 }
919
920 if ((fe->to_log & LW_RSPHDR) && txn->rsp.cap) {
921 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
922 if (h >= sizeof (tmpline) + tmpline - 4)
923 goto trunc;
924 *(h++) = ' ';
925 *(h++) = '\"';
926 h = encode_string(h, tmpline + sizeof(tmpline) - 2,
927 '#', hdr_encode_map, txn->rsp.cap[hdr]);
928 *(h++) = '\"';
929 }
930 }
931
932trunc:
933 *h = '\0';
934
935 level = LOG_INFO;
936 if (err && (fe->options2 & PR_O2_LOGERRORS))
937 level = LOG_ERR;
938
939 send_log(prx_log, level, "%s\n", tmpline);
940
941 s->logs.logwait = 0;
942}
943
Willy Tarreau42250582007-04-01 01:30:43 +0200944/*
945 * send a log for the session when we have enough info about it.
946 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100947 */
Willy Tarreau55a8d0e2008-11-30 18:47:21 +0100948void http_sess_log(struct session *s)
Willy Tarreau42250582007-04-01 01:30:43 +0200949{
950 char pn[INET6_ADDRSTRLEN + strlen(":65535")];
951 struct proxy *fe = s->fe;
952 struct proxy *be = s->be;
953 struct proxy *prx_log;
954 struct http_txn *txn = &s->txn;
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +0200955 int tolog, level, err;
Willy Tarreau42250582007-04-01 01:30:43 +0200956 char *uri, *h;
957 char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +0200958 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +0200959 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +0200960 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +0200961 int hdr;
962
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +0200963 /* if we don't want to log normal traffic, return now */
964 err = (s->flags & (SN_ERR_MASK | SN_REDISP)) ||
965 (s->conn_retries != be->conn_retries) ||
966 txn->status >= 500;
967 if (!err && (fe->options2 & PR_O2_NOLOGNORM))
968 return;
969
Willy Tarreau42250582007-04-01 01:30:43 +0200970 if (fe->logfac1 < 0 && fe->logfac2 < 0)
971 return;
972 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100973
Emeric Brun3a058f32009-06-30 18:26:00 +0200974 if (prx_log->options2 & PR_O2_CLFLOG)
975 return http_sess_clflog(s);
976
Willy Tarreau42250582007-04-01 01:30:43 +0200977 if (s->cli_addr.ss_family == AF_INET)
978 inet_ntop(AF_INET,
979 (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
980 pn, sizeof(pn));
981 else
982 inet_ntop(AF_INET6,
983 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
984 pn, sizeof(pn));
985
Willy Tarreaub7f694f2008-06-22 17:18:02 +0200986 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +0200987
988 /* FIXME: let's limit ourselves to frontend logging for now. */
989 tolog = fe->to_log;
990
991 h = tmpline;
992 if (fe->to_log & LW_REQHDR &&
993 txn->req.cap &&
994 (h < tmpline + sizeof(tmpline) - 10)) {
995 *(h++) = ' ';
996 *(h++) = '{';
997 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
998 if (hdr)
999 *(h++) = '|';
1000 if (txn->req.cap[hdr] != NULL)
1001 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
1002 '#', hdr_encode_map, txn->req.cap[hdr]);
1003 }
1004 *(h++) = '}';
1005 }
1006
1007 if (fe->to_log & LW_RSPHDR &&
1008 txn->rsp.cap &&
1009 (h < tmpline + sizeof(tmpline) - 7)) {
1010 *(h++) = ' ';
1011 *(h++) = '{';
1012 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
1013 if (hdr)
1014 *(h++) = '|';
1015 if (txn->rsp.cap[hdr] != NULL)
1016 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
1017 '#', hdr_encode_map, txn->rsp.cap[hdr]);
1018 }
1019 *(h++) = '}';
1020 }
1021
1022 if (h < tmpline + sizeof(tmpline) - 4) {
1023 *(h++) = ' ';
1024 *(h++) = '"';
1025 uri = txn->uri ? txn->uri : "<BADREQ>";
1026 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
1027 '#', url_encode_map, uri);
1028 *(h++) = '"';
1029 }
1030 *h = '\0';
1031
1032 svid = (tolog & LW_SVID) ?
1033 (s->data_source != DATA_SRC_STATS) ?
1034 (s->srv != NULL) ? s->srv->id : "<NOSRV>" : "<STATS>" : "-";
1035
Willy Tarreau70089872008-06-13 21:12:51 +02001036 t_request = -1;
1037 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
1038 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
1039
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +02001040 level = LOG_INFO;
1041 if (err && (fe->options2 & PR_O2_LOGERRORS))
1042 level = LOG_ERR;
1043
1044 send_log(prx_log, level,
Willy Tarreau42250582007-04-01 01:30:43 +02001045 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
Willy Tarreau1772ece2009-04-03 14:49:12 +02001046 " %s %s/%s %d/%ld/%ld/%ld/%s%ld %d %s%lld"
1047 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %ld/%ld%s\n",
Willy Tarreau42250582007-04-01 01:30:43 +02001048 pn,
1049 (s->cli_addr.ss_family == AF_INET) ?
1050 ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port) :
1051 ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +02001052 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreau1772ece2009-04-03 14:49:12 +02001053 tm.tm_hour, tm.tm_min, tm.tm_sec, (int)s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +02001054 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +02001055 t_request,
1056 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +02001057 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
1058 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
1059 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
1060 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +01001061 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +02001062 txn->cli_cookie ? txn->cli_cookie : "-",
1063 txn->srv_cookie ? txn->srv_cookie : "-",
1064 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
1065 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
1066 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
1067 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
1068 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001069 (s->flags & SN_REDISP)?"+":"",
1070 (s->conn_retries>0)?(be->conn_retries - s->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +02001071 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
1072
1073 s->logs.logwait = 0;
1074}
1075
Willy Tarreau117f59e2007-03-04 18:17:17 +01001076
1077/*
1078 * Capture headers from message starting at <som> according to header list
1079 * <cap_hdr>, and fill the <idx> structure appropriately.
1080 */
1081void capture_headers(char *som, struct hdr_idx *idx,
1082 char **cap, struct cap_hdr *cap_hdr)
1083{
1084 char *eol, *sol, *col, *sov;
1085 int cur_idx;
1086 struct cap_hdr *h;
1087 int len;
1088
1089 sol = som + hdr_idx_first_pos(idx);
1090 cur_idx = hdr_idx_first_idx(idx);
1091
1092 while (cur_idx) {
1093 eol = sol + idx->v[cur_idx].len;
1094
1095 col = sol;
1096 while (col < eol && *col != ':')
1097 col++;
1098
1099 sov = col + 1;
1100 while (sov < eol && http_is_lws[(unsigned char)*sov])
1101 sov++;
1102
1103 for (h = cap_hdr; h; h = h->next) {
1104 if ((h->namelen == col - sol) &&
1105 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1106 if (cap[h->index] == NULL)
1107 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001108 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001109
1110 if (cap[h->index] == NULL) {
1111 Alert("HTTP capture : out of memory.\n");
1112 continue;
1113 }
1114
1115 len = eol - sov;
1116 if (len > h->len)
1117 len = h->len;
1118
1119 memcpy(cap[h->index], sov, len);
1120 cap[h->index][len]=0;
1121 }
1122 }
1123 sol = eol + idx->v[cur_idx].cr + 1;
1124 cur_idx = idx->v[cur_idx].next;
1125 }
1126}
1127
1128
Willy Tarreau42250582007-04-01 01:30:43 +02001129/* either we find an LF at <ptr> or we jump to <bad>.
1130 */
1131#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1132
1133/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1134 * otherwise to <http_msg_ood> with <state> set to <st>.
1135 */
1136#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1137 ptr++; \
1138 if (likely(ptr < end)) \
1139 goto good; \
1140 else { \
1141 state = (st); \
1142 goto http_msg_ood; \
1143 } \
1144 } while (0)
1145
1146
Willy Tarreaubaaee002006-06-26 02:48:02 +02001147/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001148 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001149 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1150 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1151 * will give undefined results.
1152 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1153 * and that msg->sol points to the beginning of the response.
1154 * If a complete line is found (which implies that at least one CR or LF is
1155 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1156 * returned indicating an incomplete line (which does not mean that parts have
1157 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1158 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1159 * upon next call.
1160 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001161 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001162 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1163 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001164 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001165 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001166const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
1167 unsigned int state, const char *ptr, const char *end,
1168 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001169{
Willy Tarreau8973c702007-01-21 23:58:29 +01001170 switch (state) {
1171 http_msg_rpver:
1172 case HTTP_MSG_RPVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001173 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001174 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1175
1176 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001177 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001178 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1179 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001180 state = HTTP_MSG_ERROR;
1181 break;
1182
Willy Tarreau8973c702007-01-21 23:58:29 +01001183 http_msg_rpver_sp:
1184 case HTTP_MSG_RPVER_SP:
1185 if (likely(!HTTP_IS_LWS(*ptr))) {
1186 msg->sl.st.c = ptr - msg_buf;
1187 goto http_msg_rpcode;
1188 }
1189 if (likely(HTTP_IS_SPHT(*ptr)))
1190 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1191 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001192 state = HTTP_MSG_ERROR;
1193 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001194
1195 http_msg_rpcode:
1196 case HTTP_MSG_RPCODE:
1197 if (likely(!HTTP_IS_LWS(*ptr)))
1198 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1199
1200 if (likely(HTTP_IS_SPHT(*ptr))) {
1201 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1202 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1203 }
1204
1205 /* so it's a CR/LF, so there is no reason phrase */
1206 msg->sl.st.c_l = (ptr - msg_buf) - msg->sl.st.c;
1207 http_msg_rsp_reason:
1208 /* FIXME: should we support HTTP responses without any reason phrase ? */
1209 msg->sl.st.r = ptr - msg_buf;
1210 msg->sl.st.r_l = 0;
1211 goto http_msg_rpline_eol;
1212
1213 http_msg_rpcode_sp:
1214 case HTTP_MSG_RPCODE_SP:
1215 if (likely(!HTTP_IS_LWS(*ptr))) {
1216 msg->sl.st.r = ptr - msg_buf;
1217 goto http_msg_rpreason;
1218 }
1219 if (likely(HTTP_IS_SPHT(*ptr)))
1220 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1221 /* so it's a CR/LF, so there is no reason phrase */
1222 goto http_msg_rsp_reason;
1223
1224 http_msg_rpreason:
1225 case HTTP_MSG_RPREASON:
1226 if (likely(!HTTP_IS_CRLF(*ptr)))
1227 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
1228 msg->sl.st.r_l = (ptr - msg_buf) - msg->sl.st.r;
1229 http_msg_rpline_eol:
1230 /* We have seen the end of line. Note that we do not
1231 * necessarily have the \n yet, but at least we know that we
1232 * have EITHER \r OR \n, otherwise the response would not be
1233 * complete. We can then record the response length and return
1234 * to the caller which will be able to register it.
1235 */
1236 msg->sl.st.l = ptr - msg->sol;
1237 return ptr;
1238
1239#ifdef DEBUG_FULL
1240 default:
1241 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1242 exit(1);
1243#endif
1244 }
1245
1246 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001247 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001248 if (ret_state)
1249 *ret_state = state;
1250 if (ret_ptr)
1251 *ret_ptr = (char *)ptr;
1252 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001253}
1254
1255
1256/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001257 * This function parses a request line between <ptr> and <end>, starting with
1258 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1259 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1260 * will give undefined results.
1261 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1262 * and that msg->sol points to the beginning of the request.
1263 * If a complete line is found (which implies that at least one CR or LF is
1264 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1265 * returned indicating an incomplete line (which does not mean that parts have
1266 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1267 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1268 * upon next call.
1269 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001270 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001271 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1272 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001273 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001274 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001275const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1276 unsigned int state, const char *ptr, const char *end,
1277 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001278{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001279 switch (state) {
1280 http_msg_rqmeth:
1281 case HTTP_MSG_RQMETH:
1282 if (likely(HTTP_IS_TOKEN(*ptr)))
1283 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001284
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001285 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001286 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001287 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1288 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001289
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001290 if (likely(HTTP_IS_CRLF(*ptr))) {
1291 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001292 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001293 http_msg_req09_uri:
1294 msg->sl.rq.u = ptr - msg_buf;
1295 http_msg_req09_uri_e:
1296 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1297 http_msg_req09_ver:
1298 msg->sl.rq.v = ptr - msg_buf;
1299 msg->sl.rq.v_l = 0;
1300 goto http_msg_rqline_eol;
1301 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001302 state = HTTP_MSG_ERROR;
1303 break;
1304
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001305 http_msg_rqmeth_sp:
1306 case HTTP_MSG_RQMETH_SP:
1307 if (likely(!HTTP_IS_LWS(*ptr))) {
1308 msg->sl.rq.u = ptr - msg_buf;
1309 goto http_msg_rquri;
1310 }
1311 if (likely(HTTP_IS_SPHT(*ptr)))
1312 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1313 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1314 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001315
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001316 http_msg_rquri:
1317 case HTTP_MSG_RQURI:
1318 if (likely(!HTTP_IS_LWS(*ptr)))
1319 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001320
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001321 if (likely(HTTP_IS_SPHT(*ptr))) {
1322 msg->sl.rq.u_l = (ptr - msg_buf) - msg->sl.rq.u;
1323 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1324 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001325
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001326 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1327 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001328
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001329 http_msg_rquri_sp:
1330 case HTTP_MSG_RQURI_SP:
1331 if (likely(!HTTP_IS_LWS(*ptr))) {
1332 msg->sl.rq.v = ptr - msg_buf;
1333 goto http_msg_rqver;
1334 }
1335 if (likely(HTTP_IS_SPHT(*ptr)))
1336 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1337 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1338 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001339
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001340 http_msg_rqver:
1341 case HTTP_MSG_RQVER:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001342 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001343 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001344
1345 if (likely(HTTP_IS_CRLF(*ptr))) {
1346 msg->sl.rq.v_l = (ptr - msg_buf) - msg->sl.rq.v;
1347 http_msg_rqline_eol:
1348 /* We have seen the end of line. Note that we do not
1349 * necessarily have the \n yet, but at least we know that we
1350 * have EITHER \r OR \n, otherwise the request would not be
1351 * complete. We can then record the request length and return
1352 * to the caller which will be able to register it.
1353 */
1354 msg->sl.rq.l = ptr - msg->sol;
1355 return ptr;
1356 }
1357
1358 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001359 state = HTTP_MSG_ERROR;
1360 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001361
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001362#ifdef DEBUG_FULL
1363 default:
1364 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1365 exit(1);
1366#endif
1367 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001368
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001369 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001370 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001371 if (ret_state)
1372 *ret_state = state;
1373 if (ret_ptr)
1374 *ret_ptr = (char *)ptr;
1375 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001376}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001377
1378
Willy Tarreau8973c702007-01-21 23:58:29 +01001379/*
1380 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001381 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001382 * when data are missing and recalled at the exact same location with no
1383 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001384 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau15de77e2010-01-02 21:59:16 +01001385 * fields. Note that msg->som and msg->sol will be initialized after completing
1386 * the first state, so that none of the msg pointers has to be initialized
1387 * prior to the first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001388 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001389void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1390{
Willy Tarreaue69eada2008-01-27 00:34:10 +01001391 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001392 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001393
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001394 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001395 ptr = buf->lr;
1396 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001397
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001398 if (unlikely(ptr >= end))
1399 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001400
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001401 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001402 /*
1403 * First, states that are specific to the response only.
1404 * We check them first so that request and headers are
1405 * closer to each other (accessed more often).
1406 */
1407 http_msg_rpbefore:
1408 case HTTP_MSG_RPBEFORE:
1409 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001410 /* we have a start of message, but we have to check
1411 * first if we need to remove some CRLF. We can only
1412 * do this when send_max=0.
1413 */
1414 char *beg = buf->w + buf->send_max;
1415 if (beg >= buf->data + buf->size)
1416 beg -= buf->size;
1417 if (unlikely(ptr != beg)) {
1418 if (buf->send_max)
1419 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001420 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreau15de77e2010-01-02 21:59:16 +01001421 buffer_ignore(buf, ptr - beg);
Willy Tarreau8973c702007-01-21 23:58:29 +01001422 }
Willy Tarreau15de77e2010-01-02 21:59:16 +01001423 msg->som = ptr - buf->data;
Willy Tarreau816b9792009-09-15 21:25:21 +02001424 msg->sol = ptr;
Willy Tarreau8973c702007-01-21 23:58:29 +01001425 hdr_idx_init(idx);
1426 state = HTTP_MSG_RPVER;
1427 goto http_msg_rpver;
1428 }
1429
1430 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1431 goto http_msg_invalid;
1432
1433 if (unlikely(*ptr == '\n'))
1434 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1435 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1436 /* stop here */
1437
1438 http_msg_rpbefore_cr:
1439 case HTTP_MSG_RPBEFORE_CR:
1440 EXPECT_LF_HERE(ptr, http_msg_invalid);
1441 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1442 /* stop here */
1443
1444 http_msg_rpver:
1445 case HTTP_MSG_RPVER:
1446 case HTTP_MSG_RPVER_SP:
1447 case HTTP_MSG_RPCODE:
1448 case HTTP_MSG_RPCODE_SP:
1449 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001450 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001451 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001452 if (unlikely(!ptr))
1453 return;
1454
1455 /* we have a full response and we know that we have either a CR
1456 * or an LF at <ptr>.
1457 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001458 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001459 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1460
1461 msg->sol = ptr;
1462 if (likely(*ptr == '\r'))
1463 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1464 goto http_msg_rpline_end;
1465
1466 http_msg_rpline_end:
1467 case HTTP_MSG_RPLINE_END:
1468 /* msg->sol must point to the first of CR or LF. */
1469 EXPECT_LF_HERE(ptr, http_msg_invalid);
1470 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1471 /* stop here */
1472
1473 /*
1474 * Second, states that are specific to the request only
1475 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001476 http_msg_rqbefore:
1477 case HTTP_MSG_RQBEFORE:
1478 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001479 /* we have a start of message, but we have to check
1480 * first if we need to remove some CRLF. We can only
1481 * do this when send_max=0.
1482 */
1483 char *beg = buf->w + buf->send_max;
1484 if (beg >= buf->data + buf->size)
1485 beg -= buf->size;
1486 if (likely(ptr != beg)) {
1487 if (buf->send_max)
1488 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001489 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreau15de77e2010-01-02 21:59:16 +01001490 buffer_ignore(buf, ptr - beg);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001491 }
Willy Tarreau15de77e2010-01-02 21:59:16 +01001492 msg->som = ptr - buf->data;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001493 msg->sol = ptr;
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001494 /* we will need this when keep-alive will be supported
1495 hdr_idx_init(idx);
1496 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001497 state = HTTP_MSG_RQMETH;
1498 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001499 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001500
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001501 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1502 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001503
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001504 if (unlikely(*ptr == '\n'))
1505 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1506 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001507 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001508
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001509 http_msg_rqbefore_cr:
1510 case HTTP_MSG_RQBEFORE_CR:
1511 EXPECT_LF_HERE(ptr, http_msg_invalid);
1512 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001513 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001514
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001515 http_msg_rqmeth:
1516 case HTTP_MSG_RQMETH:
1517 case HTTP_MSG_RQMETH_SP:
1518 case HTTP_MSG_RQURI:
1519 case HTTP_MSG_RQURI_SP:
1520 case HTTP_MSG_RQVER:
1521 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001522 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001523 if (unlikely(!ptr))
1524 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001525
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001526 /* we have a full request and we know that we have either a CR
1527 * or an LF at <ptr>.
1528 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001529 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001530 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001531
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001532 msg->sol = ptr;
1533 if (likely(*ptr == '\r'))
1534 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001535 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001536
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001537 http_msg_rqline_end:
1538 case HTTP_MSG_RQLINE_END:
1539 /* check for HTTP/0.9 request : no version information available.
1540 * msg->sol must point to the first of CR or LF.
1541 */
1542 if (unlikely(msg->sl.rq.v_l == 0))
1543 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001544
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001545 EXPECT_LF_HERE(ptr, http_msg_invalid);
1546 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001547 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001548
Willy Tarreau8973c702007-01-21 23:58:29 +01001549 /*
1550 * Common states below
1551 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001552 http_msg_hdr_first:
1553 case HTTP_MSG_HDR_FIRST:
1554 msg->sol = ptr;
1555 if (likely(!HTTP_IS_CRLF(*ptr))) {
1556 goto http_msg_hdr_name;
1557 }
1558
1559 if (likely(*ptr == '\r'))
1560 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1561 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001562
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001563 http_msg_hdr_name:
1564 case HTTP_MSG_HDR_NAME:
1565 /* assumes msg->sol points to the first char */
1566 if (likely(HTTP_IS_TOKEN(*ptr)))
1567 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001568
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001569 if (likely(*ptr == ':')) {
1570 msg->col = ptr - buf->data;
1571 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1572 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001573
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001574 if (likely(msg->err_pos < -1) || *ptr == '\n')
1575 goto http_msg_invalid;
1576
1577 if (msg->err_pos == -1) /* capture error pointer */
1578 msg->err_pos = ptr - buf->data; /* >= 0 now */
1579
1580 /* and we still accept this non-token character */
1581 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001582
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001583 http_msg_hdr_l1_sp:
1584 case HTTP_MSG_HDR_L1_SP:
1585 /* assumes msg->sol points to the first char and msg->col to the colon */
1586 if (likely(HTTP_IS_SPHT(*ptr)))
1587 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001588
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001589 /* header value can be basically anything except CR/LF */
1590 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001591
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001592 if (likely(!HTTP_IS_CRLF(*ptr))) {
1593 goto http_msg_hdr_val;
1594 }
1595
1596 if (likely(*ptr == '\r'))
1597 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1598 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001599
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001600 http_msg_hdr_l1_lf:
1601 case HTTP_MSG_HDR_L1_LF:
1602 EXPECT_LF_HERE(ptr, http_msg_invalid);
1603 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001604
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001605 http_msg_hdr_l1_lws:
1606 case HTTP_MSG_HDR_L1_LWS:
1607 if (likely(HTTP_IS_SPHT(*ptr))) {
1608 /* replace HT,CR,LF with spaces */
1609 for (; buf->data+msg->sov < ptr; msg->sov++)
1610 buf->data[msg->sov] = ' ';
1611 goto http_msg_hdr_l1_sp;
1612 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001613 /* we had a header consisting only in spaces ! */
1614 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001615 goto http_msg_complete_header;
1616
1617 http_msg_hdr_val:
1618 case HTTP_MSG_HDR_VAL:
1619 /* assumes msg->sol points to the first char, msg->col to the
1620 * colon, and msg->sov points to the first character of the
1621 * value.
1622 */
1623 if (likely(!HTTP_IS_CRLF(*ptr)))
1624 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001625
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001626 msg->eol = ptr;
1627 /* Note: we could also copy eol into ->eoh so that we have the
1628 * real header end in case it ends with lots of LWS, but is this
1629 * really needed ?
1630 */
1631 if (likely(*ptr == '\r'))
1632 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1633 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001634
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001635 http_msg_hdr_l2_lf:
1636 case HTTP_MSG_HDR_L2_LF:
1637 EXPECT_LF_HERE(ptr, http_msg_invalid);
1638 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001639
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 http_msg_hdr_l2_lws:
1641 case HTTP_MSG_HDR_L2_LWS:
1642 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1643 /* LWS: replace HT,CR,LF with spaces */
1644 for (; msg->eol < ptr; msg->eol++)
1645 *msg->eol = ' ';
1646 goto http_msg_hdr_val;
1647 }
1648 http_msg_complete_header:
1649 /*
1650 * It was a new header, so the last one is finished.
1651 * Assumes msg->sol points to the first char, msg->col to the
1652 * colon, msg->sov points to the first character of the value
1653 * and msg->eol to the first CR or LF so we know how the line
1654 * ends. We insert last header into the index.
1655 */
1656 /*
1657 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1658 write(2, msg->sol, msg->eol-msg->sol);
1659 fprintf(stderr,"\n");
1660 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001661
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001662 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1663 idx, idx->tail) < 0))
1664 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001665
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001666 msg->sol = ptr;
1667 if (likely(!HTTP_IS_CRLF(*ptr))) {
1668 goto http_msg_hdr_name;
1669 }
1670
1671 if (likely(*ptr == '\r'))
1672 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1673 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001674
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001675 http_msg_last_lf:
1676 case HTTP_MSG_LAST_LF:
1677 /* Assumes msg->sol points to the first of either CR or LF */
1678 EXPECT_LF_HERE(ptr, http_msg_invalid);
1679 ptr++;
1680 buf->lr = ptr;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001681 msg->col = msg->sov = buf->lr - buf->data;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001682 msg->eoh = msg->sol - buf->data;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001683 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001684 return;
1685#ifdef DEBUG_FULL
1686 default:
1687 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1688 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001689#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001690 }
1691 http_msg_ood:
1692 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001693 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001694 buf->lr = ptr;
1695 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001696
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001697 http_msg_invalid:
1698 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001699 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau7552c032009-03-01 11:10:40 +01001700 buf->lr = ptr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001701 return;
1702}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001703
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001704/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1705 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1706 * nothing is done and 1 is returned.
1707 */
1708static int http_upgrade_v09_to_v10(struct buffer *req, struct http_msg *msg, struct http_txn *txn)
1709{
1710 int delta;
1711 char *cur_end;
1712
1713 if (msg->sl.rq.v_l != 0)
1714 return 1;
1715
1716 msg->sol = req->data + msg->som;
1717 cur_end = msg->sol + msg->sl.rq.l;
1718 delta = 0;
1719
1720 if (msg->sl.rq.u_l == 0) {
1721 /* if no URI was set, add "/" */
1722 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
1723 cur_end += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001724 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001725 }
1726 /* add HTTP version */
1727 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001728 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001729 cur_end += delta;
1730 cur_end = (char *)http_parse_reqline(msg, req->data,
1731 HTTP_MSG_RQMETH,
1732 msg->sol, cur_end + 1,
1733 NULL, NULL);
1734 if (unlikely(!cur_end))
1735 return 0;
1736
1737 /* we have a full HTTP/1.0 request now and we know that
1738 * we have either a CR or an LF at <ptr>.
1739 */
1740 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1741 return 1;
1742}
1743
Willy Tarreau5b154472009-12-21 20:11:07 +01001744/* Parse the Connection: headaer of an HTTP request, and set the transaction
1745 * flag TX_REQ_CONN_CLO if a "close" mode is expected. The TX_CON_HDR_PARS flag
1746 * is also set so that we don't parse a second time. If some dangerous values
1747 * are encountered, we leave the status to indicate that the request might be
1748 * interpreted as keep-alive, but we also set the connection flags to indicate
1749 * that we WANT it to be a close, so that the header will be fixed. This
1750 * function should only be called when we know we're interested in checking
1751 * the request (not a CONNECT, and FE or BE mangles the header).
1752 */
Willy Tarreaue8e785b2009-12-26 15:34:26 +01001753void http_req_parse_connection_header(struct http_txn *txn)
Willy Tarreau5b154472009-12-21 20:11:07 +01001754{
1755 struct http_msg *msg = &txn->req;
1756 struct hdr_ctx ctx;
1757 int conn_cl, conn_ka;
1758
1759 if (txn->flags & TX_CON_HDR_PARS)
1760 return;
1761
1762 conn_cl = 0;
1763 conn_ka = 0;
1764 ctx.idx = 0;
1765
1766 while (http_find_header2("Connection", 10, msg->sol, &txn->hdr_idx, &ctx)) {
1767 if (ctx.vlen == 5 && strncasecmp(ctx.line + ctx.val, "close", 5) == 0)
1768 conn_cl = 1;
1769 else if (ctx.vlen == 10 && strncasecmp(ctx.line + ctx.val, "keep-alive", 10) == 0)
1770 conn_ka = 1;
1771 }
1772
1773 /* Determine if the client wishes keep-alive or close.
1774 * RFC2616 #8.1.2 and #14.10 state that HTTP/1.1 and above connections
1775 * are persistent unless "Connection: close" is explicitly specified.
1776 * RFC2616 #19.6.2 refers to RFC2068 for HTTP/1.0 persistent connections.
1777 * RFC2068 #19.7.1 states that HTTP/1.0 clients are not persistent unless
1778 * they explicitly specify "Connection: Keep-Alive", regardless of any
1779 * optional "Keep-Alive" header.
1780 * Note that if we find a request with both "Connection: close" and
1781 * "Connection: Keep-Alive", we indicate we want a close but don't have
1782 * it, so that it can be enforced later.
1783 */
1784
1785 if (txn->flags & TX_REQ_VER_11) { /* HTTP/1.1 */
1786 if (conn_cl) {
1787 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
1788 if (!conn_ka)
1789 txn->flags |= TX_REQ_CONN_CLO;
1790 }
1791 } else { /* HTTP/1.0 */
1792 if (!conn_ka)
1793 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO | TX_REQ_CONN_CLO;
1794 else if (conn_cl)
1795 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
1796 }
1797 txn->flags |= TX_CON_HDR_PARS;
1798}
1799
Willy Tarreaud98cf932009-12-27 22:54:55 +01001800/* Parse the chunk size at buf->lr. Once done, it adjusts ->lr to point to the
1801 * first byte of body, and increments msg->sov by the number of bytes parsed,
1802 * so that we know we can forward between ->som and ->sov. Note that due to
1803 * possible wrapping at the end of the buffer, it is possible that msg->sov is
1804 * lower than msg->som.
Willy Tarreau115acb92009-12-26 13:56:06 +01001805 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001806 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001807 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01001808int http_parse_chunk_size(struct buffer *buf, struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001809{
Willy Tarreaud98cf932009-12-27 22:54:55 +01001810 char *ptr = buf->lr;
1811 char *end = buf->data + buf->size;
Willy Tarreau115acb92009-12-26 13:56:06 +01001812 unsigned int chunk = 0;
1813
1814 /* The chunk size is in the following form, though we are only
1815 * interested in the size and CRLF :
1816 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1817 */
1818 while (1) {
1819 int c;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001820 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01001821 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001822 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001823 if (c < 0) /* not a hex digit anymore */
1824 break;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001825 if (++ptr >= end)
1826 ptr = buf->data;
Willy Tarreau115acb92009-12-26 13:56:06 +01001827 if (chunk & 0xF000000) /* overflow will occur */
1828 return -1;
1829 chunk = (chunk << 4) + c;
1830 }
1831
Willy Tarreaud98cf932009-12-27 22:54:55 +01001832 /* empty size not allowed */
1833 if (ptr == buf->lr)
1834 return -1;
1835
1836 while (http_is_spht[(unsigned char)*ptr]) {
1837 if (++ptr >= end)
1838 ptr = buf->data;
1839 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01001840 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001841 }
1842
Willy Tarreaud98cf932009-12-27 22:54:55 +01001843 /* Up to there, we know that at least one byte is present at *ptr. Check
1844 * for the end of chunk size.
1845 */
1846 while (1) {
1847 if (likely(HTTP_IS_CRLF(*ptr))) {
1848 /* we now have a CR or an LF at ptr */
1849 if (likely(*ptr == '\r')) {
1850 if (++ptr >= end)
1851 ptr = buf->data;
1852 if (ptr == buf->r)
1853 return 0;
1854 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001855
Willy Tarreaud98cf932009-12-27 22:54:55 +01001856 if (*ptr != '\n')
1857 return -1;
1858 if (++ptr >= end)
1859 ptr = buf->data;
1860 /* done */
1861 break;
1862 }
1863 else if (*ptr == ';') {
1864 /* chunk extension, ends at next CRLF */
1865 if (++ptr >= end)
1866 ptr = buf->data;
1867 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01001868 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001869
1870 while (!HTTP_IS_CRLF(*ptr)) {
1871 if (++ptr >= end)
1872 ptr = buf->data;
1873 if (ptr == buf->r)
1874 return 0;
1875 }
1876 /* we have a CRLF now, loop above */
1877 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001878 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001879 else
Willy Tarreau115acb92009-12-26 13:56:06 +01001880 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01001881 }
1882
Willy Tarreaud98cf932009-12-27 22:54:55 +01001883 /* OK we found our CRLF and now <ptr> points to the next byte,
1884 * which may or may not be present. We save that into ->lr and
1885 * ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01001886 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01001887 msg->sov += ptr - buf->lr;
1888 buf->lr = ptr;
Willy Tarreau115acb92009-12-26 13:56:06 +01001889 msg->hdr_content_len = chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001890 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01001891 return 1;
1892}
1893
Willy Tarreaud98cf932009-12-27 22:54:55 +01001894/* This function skips trailers in the buffer <buf> associated with HTTP
1895 * message <msg>. The first visited position is buf->lr. If the end of
1896 * the trailers is found, it is automatically scheduled to be forwarded,
1897 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
1898 * If not enough data are available, the function does not change anything
Willy Tarreau638cd022010-01-03 07:42:04 +01001899 * except maybe buf->lr and msg->sov if it could parse some lines, and returns
1900 * zero. If a parse error is encountered, the function returns < 0 and does not
1901 * change anything except maybe buf->lr and msg->sov. Note that the message
1902 * must already be in HTTP_MSG_TRAILERS state before calling this function,
1903 * which implies that all non-trailers data have already been scheduled for
1904 * forwarding, and that the difference between msg->som and msg->sov exactly
1905 * matches the length of trailers already parsed and not forwarded. It is also
1906 * important to note that this function is designed to be able to parse wrapped
1907 * headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001908 */
1909int http_forward_trailers(struct buffer *buf, struct http_msg *msg)
1910{
1911 /* we have buf->lr which points to next line. Look for CRLF. */
1912 while (1) {
1913 char *p1 = NULL, *p2 = NULL;
1914 char *ptr = buf->lr;
Willy Tarreau638cd022010-01-03 07:42:04 +01001915 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001916
1917 /* scan current line and stop at LF or CRLF */
1918 while (1) {
1919 if (ptr == buf->r)
1920 return 0;
1921
1922 if (*ptr == '\n') {
1923 if (!p1)
1924 p1 = ptr;
1925 p2 = ptr;
1926 break;
1927 }
1928
1929 if (*ptr == '\r') {
1930 if (p1)
1931 return -1;
1932 p1 = ptr;
1933 }
1934
1935 ptr++;
1936 if (ptr >= buf->data + buf->size)
1937 ptr = buf->data;
1938 }
1939
1940 /* after LF; point to beginning of next line */
1941 p2++;
1942 if (p2 >= buf->data + buf->size)
1943 p2 = buf->data;
1944
Willy Tarreau638cd022010-01-03 07:42:04 +01001945 bytes = p2 - buf->lr;
1946 if (bytes < 0)
1947 bytes += buf->size;
1948
1949 /* schedule this line for forwarding */
1950 msg->sov += bytes;
1951 if (msg->sov >= buf->size)
1952 msg->sov -= buf->size;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001953
Willy Tarreau638cd022010-01-03 07:42:04 +01001954 if (p1 == buf->lr) {
1955 /* LF/CRLF at beginning of line => end of trailers at p2.
1956 * Everything was scheduled for forwarding, there's nothing
1957 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01001958 */
Willy Tarreau638cd022010-01-03 07:42:04 +01001959 buf->lr = p2;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001960 msg->msg_state = HTTP_MSG_DONE;
1961 return 1;
1962 }
1963 /* OK, next line then */
1964 buf->lr = p2;
1965 }
1966}
1967
1968/* This function may be called only in HTTP_MSG_DATA_CRLF. It reads the CRLF or
1969 * a possible LF alone at the end of a chunk. It automatically adjusts msg->sov,
1970 * ->som, buf->lr in order to include this part into the next forwarding phase.
1971 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
1972 * not enough data are available, the function does not change anything and
1973 * returns zero. If a parse error is encountered, the function returns < 0 and
1974 * does not change anything. Note: this function is designed to parse wrapped
1975 * CRLF at the end of the buffer.
1976 */
1977int http_skip_chunk_crlf(struct buffer *buf, struct http_msg *msg)
1978{
1979 char *ptr;
1980 int bytes;
1981
1982 /* NB: we'll check data availabilty at the end. It's not a
1983 * problem because whatever we match first will be checked
1984 * against the correct length.
1985 */
1986 bytes = 1;
1987 ptr = buf->lr;
1988 if (*ptr == '\r') {
1989 bytes++;
1990 ptr++;
1991 if (ptr >= buf->data + buf->size)
1992 ptr = buf->data;
1993 }
1994
1995 if (buf->l < bytes)
1996 return 0;
1997
1998 if (*ptr != '\n')
1999 return -1;
2000
2001 ptr++;
2002 if (ptr >= buf->data + buf->size)
2003 ptr = buf->data;
2004 buf->lr = ptr;
2005 /* prepare the CRLF to be forwarded. msg->som may be before data but we don't care */
2006 msg->sov = ptr - buf->data;
2007 msg->som = msg->sov - bytes;
2008 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2009 return 1;
2010}
Willy Tarreau5b154472009-12-21 20:11:07 +01002011
Willy Tarreau83e3af02009-12-28 17:39:57 +01002012void http_buffer_heavy_realign(struct buffer *buf, struct http_msg *msg)
2013{
2014 char *end = buf->data + buf->size;
2015 int off = buf->data + buf->size - buf->w;
2016
2017 /* two possible cases :
2018 * - the buffer is in one contiguous block, we move it in-place
2019 * - the buffer is in two blocks, we move it via the trash
2020 */
2021 if (buf->l) {
2022 int block1 = buf->l;
2023 int block2 = 0;
2024 if (buf->r <= buf->w) {
2025 /* non-contiguous block */
2026 block1 = buf->data + buf->size - buf->w;
2027 block2 = buf->r - buf->data;
2028 }
2029 if (block2)
2030 memcpy(trash, buf->data, block2);
2031 memmove(buf->data, buf->w, block1);
2032 if (block2)
2033 memcpy(buf->data + block1, trash, block2);
2034 }
2035
2036 /* adjust all known pointers */
2037 buf->w = buf->data;
2038 buf->lr += off; if (buf->lr >= end) buf->lr -= buf->size;
2039 buf->r += off; if (buf->r >= end) buf->r -= buf->size;
2040 msg->sol += off; if (msg->sol >= end) msg->sol -= buf->size;
2041 msg->eol += off; if (msg->eol >= end) msg->eol -= buf->size;
2042
2043 /* adjust relative pointers */
2044 msg->som = 0;
2045 msg->eoh += off; if (msg->eoh >= buf->size) msg->eoh -= buf->size;
2046 msg->col += off; if (msg->col >= buf->size) msg->col -= buf->size;
2047 msg->sov += off; if (msg->sov >= buf->size) msg->sov -= buf->size;
2048
2049 msg->sl.rq.u += off; if (msg->sl.rq.u >= buf->size) msg->sl.rq.u -= buf->size;
2050 msg->sl.rq.v += off; if (msg->sl.rq.v >= buf->size) msg->sl.rq.v -= buf->size;
2051
2052 if (msg->err_pos >= 0) {
2053 msg->err_pos += off;
2054 if (msg->err_pos >= buf->size)
2055 msg->err_pos -= buf->size;
2056 }
2057
2058 buf->flags &= ~BF_FULL;
2059 if (buf->l >= buffer_max_len(buf))
2060 buf->flags |= BF_FULL;
2061}
2062
Willy Tarreaud787e662009-07-07 10:14:51 +02002063/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2064 * processing can continue on next analysers, or zero if it either needs more
2065 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2066 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2067 * when it has nothing left to do, and may remove any analyser when it wants to
2068 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002069 */
Willy Tarreau3a816292009-07-07 10:55:49 +02002070int http_wait_for_request(struct session *s, struct buffer *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002071{
Willy Tarreau59234e92008-11-30 23:51:27 +01002072 /*
2073 * We will parse the partial (or complete) lines.
2074 * We will check the request syntax, and also join multi-line
2075 * headers. An index of all the lines will be elaborated while
2076 * parsing.
2077 *
2078 * For the parsing, we use a 28 states FSM.
2079 *
2080 * Here is the information we currently have :
Willy Tarreauf073a832009-03-01 23:21:47 +01002081 * req->data + msg->som = beginning of request
Willy Tarreau83e3af02009-12-28 17:39:57 +01002082 * req->data + msg->eoh = end of processed headers / start of current one
2083 * msg->eol = end of current header or line (LF or CRLF)
Willy Tarreau59234e92008-11-30 23:51:27 +01002084 * req->lr = first non-visited byte
2085 * req->r = end of data
Willy Tarreaud787e662009-07-07 10:14:51 +02002086 *
2087 * At end of parsing, we may perform a capture of the error (if any), and
2088 * we will set a few fields (msg->sol, txn->meth, sn->flags/SN_REDIRECTABLE).
2089 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2090 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002091 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002092
Willy Tarreau59234e92008-11-30 23:51:27 +01002093 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002094 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002095 struct http_txn *txn = &s->txn;
2096 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002097 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002098
Willy Tarreau6bf17362009-02-24 10:48:35 +01002099 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
2100 now_ms, __FUNCTION__,
2101 s,
2102 req,
2103 req->rex, req->wex,
2104 req->flags,
2105 req->l,
2106 req->analysers);
2107
Willy Tarreau52a0c602009-08-16 22:45:38 +02002108 /* we're speaking HTTP here, so let's speak HTTP to the client */
2109 s->srv_error = http_return_srv_error;
2110
Willy Tarreau83e3af02009-12-28 17:39:57 +01002111 /* There's a protected area at the end of the buffer for rewriting
2112 * purposes. We don't want to start to parse the request if the
2113 * protected area is affected, because we may have to move processed
2114 * data later, which is much more complicated.
2115 */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002116 if (req->l && msg->msg_state < HTTP_MSG_ERROR) {
2117 if (unlikely((req->flags & BF_FULL) ||
2118 req->r < req->lr ||
2119 req->r > req->data + req->size - global.tune.maxrewrite)) {
2120 if (req->send_max) {
2121 /* some data has still not left the buffer, wake us once that's done */
2122 buffer_dont_connect(req);
2123 req->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
2124 return 0;
2125 }
2126 if (req->l <= req->size - global.tune.maxrewrite)
2127 http_buffer_heavy_realign(req, msg);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002128 }
2129
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002130 if (likely(req->lr < req->r))
2131 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002132 }
2133
Willy Tarreau59234e92008-11-30 23:51:27 +01002134 /* 1: we might have to print this header in debug mode */
2135 if (unlikely((global.mode & MODE_DEBUG) &&
2136 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002137 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002138 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002139
Willy Tarreau59234e92008-11-30 23:51:27 +01002140 sol = req->data + msg->som;
2141 eol = sol + msg->sl.rq.l;
2142 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002143
Willy Tarreau59234e92008-11-30 23:51:27 +01002144 sol += hdr_idx_first_pos(&txn->hdr_idx);
2145 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002146
Willy Tarreau59234e92008-11-30 23:51:27 +01002147 while (cur_idx) {
2148 eol = sol + txn->hdr_idx.v[cur_idx].len;
2149 debug_hdr("clihdr", s, sol, eol);
2150 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2151 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002152 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002153 }
2154
Willy Tarreau58f10d72006-12-04 02:26:12 +01002155
Willy Tarreau59234e92008-11-30 23:51:27 +01002156 /*
2157 * Now we quickly check if we have found a full valid request.
2158 * If not so, we check the FD and buffer states before leaving.
2159 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002160 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreau59234e92008-11-30 23:51:27 +01002161 * requests are checked first.
2162 *
2163 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002164
Willy Tarreau655dce92009-11-08 13:10:58 +01002165 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002166 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002167 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002168 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002169 if (unlikely(msg->msg_state == HTTP_MSG_ERROR))
2170 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002171
Willy Tarreau59234e92008-11-30 23:51:27 +01002172 /* 1: Since we are in header mode, if there's no space
2173 * left for headers, we won't be able to free more
2174 * later, so the session will never terminate. We
2175 * must terminate it now.
2176 */
2177 if (unlikely(req->flags & BF_FULL)) {
2178 /* FIXME: check if URI is set and return Status
2179 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002180 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002181 goto return_bad_req;
2182 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002183
Willy Tarreau59234e92008-11-30 23:51:27 +01002184 /* 2: have we encountered a read error ? */
2185 else if (req->flags & BF_READ_ERROR) {
Willy Tarreaub608feb2010-01-02 22:47:18 +01002186 if (txn->flags & TX_NOT_FIRST)
2187 goto failed_keep_alive;
2188
Willy Tarreau59234e92008-11-30 23:51:27 +01002189 /* we cannot return any message on error */
Willy Tarreau4076a152009-04-02 15:18:36 +02002190 if (msg->err_pos >= 0)
2191 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002192 msg->msg_state = HTTP_MSG_ERROR;
2193 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002194
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002195 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002196 if (s->listener->counters)
2197 s->listener->counters->failed_req++;
2198
Willy Tarreau59234e92008-11-30 23:51:27 +01002199 if (!(s->flags & SN_ERR_MASK))
2200 s->flags |= SN_ERR_CLICL;
2201 if (!(s->flags & SN_FINST_MASK))
2202 s->flags |= SN_FINST_R;
2203 return 0;
2204 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002205
Willy Tarreau59234e92008-11-30 23:51:27 +01002206 /* 3: has the read timeout expired ? */
2207 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaub608feb2010-01-02 22:47:18 +01002208 if (txn->flags & TX_NOT_FIRST)
2209 goto failed_keep_alive;
2210
Willy Tarreau59234e92008-11-30 23:51:27 +01002211 /* read timeout : give up with an error message. */
Willy Tarreau4076a152009-04-02 15:18:36 +02002212 if (msg->err_pos >= 0)
2213 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002214 txn->status = 408;
2215 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_408));
2216 msg->msg_state = HTTP_MSG_ERROR;
2217 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002218
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002219 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002220 if (s->listener->counters)
2221 s->listener->counters->failed_req++;
2222
Willy Tarreau59234e92008-11-30 23:51:27 +01002223 if (!(s->flags & SN_ERR_MASK))
2224 s->flags |= SN_ERR_CLITO;
2225 if (!(s->flags & SN_FINST_MASK))
2226 s->flags |= SN_FINST_R;
2227 return 0;
2228 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002229
Willy Tarreau59234e92008-11-30 23:51:27 +01002230 /* 4: have we encountered a close ? */
2231 else if (req->flags & BF_SHUTR) {
Willy Tarreaub608feb2010-01-02 22:47:18 +01002232 if (txn->flags & TX_NOT_FIRST)
2233 goto failed_keep_alive;
2234
Willy Tarreau4076a152009-04-02 15:18:36 +02002235 if (msg->err_pos >= 0)
2236 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002237 txn->status = 400;
2238 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
2239 msg->msg_state = HTTP_MSG_ERROR;
2240 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002241
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002242 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002243 if (s->listener->counters)
2244 s->listener->counters->failed_req++;
2245
Willy Tarreau59234e92008-11-30 23:51:27 +01002246 if (!(s->flags & SN_ERR_MASK))
2247 s->flags |= SN_ERR_CLICL;
2248 if (!(s->flags & SN_FINST_MASK))
2249 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002250 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002251 }
2252
Willy Tarreau520d95e2009-09-19 21:04:57 +02002253 buffer_dont_connect(req);
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002254 req->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreau5e8949c2010-01-03 14:38:03 +01002255 req->flags &= ~BF_DONT_READ;
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002256
Willy Tarreau59234e92008-11-30 23:51:27 +01002257 /* just set the request timeout once at the beginning of the request */
2258 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02002259 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002260
Willy Tarreau59234e92008-11-30 23:51:27 +01002261 /* we're not ready yet */
2262 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002263
2264 failed_keep_alive:
2265 /* Here we process low-level errors for keep-alive requests. In
2266 * short, if the request is not the first one and it experiences
2267 * a timeout, read error or shutdown, we just silently close so
2268 * that the client can try again.
2269 */
2270 txn->status = 0;
2271 msg->msg_state = HTTP_MSG_RQBEFORE;
2272 req->analysers = 0;
2273 s->logs.logwait = 0;
2274 stream_int_cond_close(req->prod, NULL);
2275 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002276 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002277
Willy Tarreaud787e662009-07-07 10:14:51 +02002278 /* OK now we have a complete HTTP request with indexed headers. Let's
2279 * complete the request parsing by setting a few fields we will need
Willy Tarreaufa355d42009-11-29 18:12:29 +01002280 * later. At this point, we have the last CRLF at req->data + msg->eoh.
2281 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
2282 * points to the CRLF of the request line. req->lr points to the first
2283 * byte after the last LF. msg->col and msg->sov point to the first
2284 * byte of data. msg->eol cannot be trusted because it may have been
2285 * left uninitialized (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002286 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002287
Willy Tarreaud787e662009-07-07 10:14:51 +02002288 /* Maybe we found in invalid header name while we were configured not
2289 * to block on that, so we have to capture it now.
2290 */
2291 if (unlikely(msg->err_pos >= 0))
Willy Tarreau4076a152009-04-02 15:18:36 +02002292 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
2293
Willy Tarreau59234e92008-11-30 23:51:27 +01002294 /* ensure we keep this pointer to the beginning of the message */
2295 msg->sol = req->data + msg->som;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002296
Willy Tarreau59234e92008-11-30 23:51:27 +01002297 /*
2298 * 1: identify the method
2299 */
2300 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
2301
2302 /* we can make use of server redirect on GET and HEAD */
2303 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2304 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002305
Willy Tarreau59234e92008-11-30 23:51:27 +01002306 /*
2307 * 2: check if the URI matches the monitor_uri.
2308 * We have to do this for every request which gets in, because
2309 * the monitor-uri is defined by the frontend.
2310 */
2311 if (unlikely((s->fe->monitor_uri_len != 0) &&
2312 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
2313 !memcmp(&req->data[msg->sl.rq.u],
2314 s->fe->monitor_uri,
2315 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002316 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002317 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002318 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002319 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002320
Willy Tarreau59234e92008-11-30 23:51:27 +01002321 s->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002322
Willy Tarreau59234e92008-11-30 23:51:27 +01002323 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002324 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
2325 int ret = acl_exec_cond(cond, s->fe, s, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002326
Willy Tarreau59234e92008-11-30 23:51:27 +01002327 ret = acl_pass(ret);
2328 if (cond->pol == ACL_COND_UNLESS)
2329 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002330
Willy Tarreau59234e92008-11-30 23:51:27 +01002331 if (ret) {
2332 /* we fail this request, let's return 503 service unavail */
2333 txn->status = 503;
2334 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_503));
2335 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002336 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002337 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002338
Willy Tarreau59234e92008-11-30 23:51:27 +01002339 /* nothing to fail, let's reply normaly */
2340 txn->status = 200;
2341 stream_int_retnclose(req->prod, &http_200_chunk);
2342 goto return_prx_cond;
2343 }
2344
2345 /*
2346 * 3: Maybe we have to copy the original REQURI for the logs ?
2347 * Note: we cannot log anymore if the request has been
2348 * classified as invalid.
2349 */
2350 if (unlikely(s->logs.logwait & LW_REQ)) {
2351 /* we have a complete HTTP request that we must log */
2352 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2353 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002354
Willy Tarreau59234e92008-11-30 23:51:27 +01002355 if (urilen >= REQURI_LEN)
2356 urilen = REQURI_LEN - 1;
2357 memcpy(txn->uri, &req->data[msg->som], urilen);
2358 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002359
Willy Tarreau59234e92008-11-30 23:51:27 +01002360 if (!(s->logs.logwait &= ~LW_REQ))
2361 s->do_log(s);
2362 } else {
2363 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002364 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002365 }
Willy Tarreau06619262006-12-17 08:37:22 +01002366
Willy Tarreau59234e92008-11-30 23:51:27 +01002367 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002368 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(req, msg, txn))
2369 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002370
Willy Tarreau5b154472009-12-21 20:11:07 +01002371 /* ... and check if the request is HTTP/1.1 or above */
2372 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01002373 ((req->data[msg->sl.rq.v + 5] > '1') ||
2374 ((req->data[msg->sl.rq.v + 5] == '1') &&
2375 (req->data[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreau5b154472009-12-21 20:11:07 +01002376 txn->flags |= TX_REQ_VER_11;
2377
2378 /* "connection" has not been parsed yet */
2379 txn->flags &= ~TX_CON_HDR_PARS;
2380
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002381 /* transfer length unknown*/
2382 txn->flags &= ~TX_REQ_XFER_LEN;
2383
Willy Tarreau59234e92008-11-30 23:51:27 +01002384 /* 5: we may need to capture headers */
2385 if (unlikely((s->logs.logwait & LW_REQHDR) && s->fe->req_cap))
2386 capture_headers(req->data + msg->som, &txn->hdr_idx,
2387 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002388
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002389 /* 6: determine the transfer-length.
2390 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2391 * the presence of a message-body in a REQUEST and its transfer length
2392 * must be determined that way (in order of precedence) :
2393 * 1. The presence of a message-body in a request is signaled by the
2394 * inclusion of a Content-Length or Transfer-Encoding header field
2395 * in the request's header fields. When a request message contains
2396 * both a message-body of non-zero length and a method that does
2397 * not define any semantics for that request message-body, then an
2398 * origin server SHOULD either ignore the message-body or respond
2399 * with an appropriate error message (e.g., 413). A proxy or
2400 * gateway, when presented the same request, SHOULD either forward
2401 * the request inbound with the message- body or ignore the
2402 * message-body when determining a response.
2403 *
2404 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2405 * and the "chunked" transfer-coding (Section 6.2) is used, the
2406 * transfer-length is defined by the use of this transfer-coding.
2407 * If a Transfer-Encoding header field is present and the "chunked"
2408 * transfer-coding is not present, the transfer-length is defined
2409 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002410 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002411 * 3. If a Content-Length header field is present, its decimal value in
2412 * OCTETs represents both the entity-length and the transfer-length.
2413 * If a message is received with both a Transfer-Encoding header
2414 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002415 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002416 * 4. By the server closing the connection. (Closing the connection
2417 * cannot be used to indicate the end of a request body, since that
2418 * would leave no possibility for the server to send back a response.)
2419 *
2420 * Whenever a transfer-coding is applied to a message-body, the set of
2421 * transfer-codings MUST include "chunked", unless the message indicates
2422 * it is terminated by closing the connection. When the "chunked"
2423 * transfer-coding is used, it MUST be the last transfer-coding applied
2424 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002425 */
2426
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002427 /* CONNECT sets a tunnel and ignores everything else */
2428 if (txn->meth == HTTP_METH_CONNECT)
2429 goto skip_xfer_len;
2430
2431 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002432 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002433 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01002434 while ((txn->flags & TX_REQ_VER_11) &&
2435 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002436 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
2437 txn->flags |= (TX_REQ_TE_CHNK | TX_REQ_XFER_LEN);
2438 else if (txn->flags & TX_REQ_TE_CHNK) {
2439 /* bad transfer-encoding (chunked followed by something else) */
2440 use_close_only = 1;
2441 txn->flags &= ~(TX_REQ_TE_CHNK | TX_REQ_XFER_LEN);
2442 break;
2443 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002444 }
2445
Willy Tarreau32b47f42009-10-18 20:55:02 +02002446 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002447 while (!(txn->flags & TX_REQ_TE_CHNK) && !use_close_only &&
Willy Tarreau32b47f42009-10-18 20:55:02 +02002448 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx)) {
2449 signed long long cl;
2450
2451 if (!ctx.vlen)
2452 goto return_bad_req;
2453
2454 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl))
2455 goto return_bad_req; /* parse failure */
2456
2457 if (cl < 0)
2458 goto return_bad_req;
2459
2460 if ((txn->flags & TX_REQ_CNT_LEN) && (msg->hdr_content_len != cl))
2461 goto return_bad_req; /* already specified, was different */
2462
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002463 txn->flags |= TX_REQ_CNT_LEN | TX_REQ_XFER_LEN;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002464 msg->hdr_content_len = cl;
2465 }
2466
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002467 /* bodyless requests have a known length */
2468 if (!use_close_only)
2469 txn->flags |= TX_REQ_XFER_LEN;
2470
2471 skip_xfer_len:
Willy Tarreaud787e662009-07-07 10:14:51 +02002472 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002473 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002474 req->analyse_exp = TICK_ETERNITY;
2475 return 1;
2476
2477 return_bad_req:
2478 /* We centralize bad requests processing here */
2479 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2480 /* we detected a parsing error. We want to archive this request
2481 * in the dedicated proxy area for later troubleshooting.
2482 */
2483 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
2484 }
2485
2486 txn->req.msg_state = HTTP_MSG_ERROR;
2487 txn->status = 400;
2488 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002489
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002490 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002491 if (s->listener->counters)
2492 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002493
2494 return_prx_cond:
2495 if (!(s->flags & SN_ERR_MASK))
2496 s->flags |= SN_ERR_PRXCOND;
2497 if (!(s->flags & SN_FINST_MASK))
2498 s->flags |= SN_FINST_R;
2499
2500 req->analysers = 0;
2501 req->analyse_exp = TICK_ETERNITY;
2502 return 0;
2503}
2504
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002505/* This stream analyser runs all HTTP request processing which is common to
2506 * frontends and backends, which means blocking ACLs, filters, connection-close,
2507 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02002508 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002509 * either needs more data or wants to immediately abort the request (eg: deny,
2510 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02002511 */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002512int http_process_req_common(struct session *s, struct buffer *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02002513{
Willy Tarreaud787e662009-07-07 10:14:51 +02002514 struct http_txn *txn = &s->txn;
2515 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002516 struct acl_cond *cond;
2517 struct redirect_rule *rule;
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01002518 struct wordlist *wl;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002519 int cur_idx;
Willy Tarreaud787e662009-07-07 10:14:51 +02002520
Willy Tarreau655dce92009-11-08 13:10:58 +01002521 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02002522 /* we need more data */
Willy Tarreau520d95e2009-09-19 21:04:57 +02002523 buffer_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02002524 return 0;
2525 }
2526
Willy Tarreau3a816292009-07-07 10:55:49 +02002527 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002528 req->analyse_exp = TICK_ETERNITY;
2529
2530 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
2531 now_ms, __FUNCTION__,
2532 s,
2533 req,
2534 req->rex, req->wex,
2535 req->flags,
2536 req->l,
2537 req->analysers);
2538
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002539 /* first check whether we have some ACLs set to block this request */
2540 list_for_each_entry(cond, &px->block_cond, list) {
2541 int ret = acl_exec_cond(cond, px, s, txn, ACL_DIR_REQ);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02002542
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002543 ret = acl_pass(ret);
2544 if (cond->pol == ACL_COND_UNLESS)
2545 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01002546
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002547 if (ret) {
2548 txn->status = 403;
2549 /* let's log the request time */
2550 s->logs.tv_request = now;
2551 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403));
2552 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01002553 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002554 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002555
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002556 /* try headers filters */
2557 if (px->req_exp != NULL) {
2558 if (apply_filters_to_request(s, req, px->req_exp) < 0)
2559 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01002560
Willy Tarreau59234e92008-11-30 23:51:27 +01002561 /* has the request been denied ? */
2562 if (txn->flags & TX_CLDENY) {
2563 /* no need to go further */
2564 txn->status = 403;
2565 /* let's log the request time */
2566 s->logs.tv_request = now;
2567 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403));
2568 goto return_prx_cond;
2569 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02002570
2571 /* When a connection is tarpitted, we use the tarpit timeout,
2572 * which may be the same as the connect timeout if unspecified.
2573 * If unset, then set it to zero because we really want it to
2574 * eventually expire. We build the tarpit as an analyser.
2575 */
2576 if (txn->flags & TX_CLTARPIT) {
2577 buffer_erase(s->req);
2578 /* wipe the request out so that we can drop the connection early
2579 * if the client closes first.
2580 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02002581 buffer_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02002582 req->analysers = 0; /* remove switching rules etc... */
2583 req->analysers |= AN_REQ_HTTP_TARPIT;
2584 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
2585 if (!req->analyse_exp)
2586 req->analyse_exp = tick_add(now_ms, 0);
2587 return 1;
2588 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002589 }
Willy Tarreau06619262006-12-17 08:37:22 +01002590
Willy Tarreau5b154472009-12-21 20:11:07 +01002591 /* Until set to anything else, the connection mode is set as TUNNEL. It will
2592 * only change if both the request and the config reference something else.
Willy Tarreau42736642009-10-18 21:04:35 +02002593 */
Willy Tarreau5b154472009-12-21 20:11:07 +01002594
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002595 if ((txn->meth != HTTP_METH_CONNECT) &&
Willy Tarreaub608feb2010-01-02 22:47:18 +01002596 ((s->fe->options|s->be->options) & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) {
Willy Tarreau5b154472009-12-21 20:11:07 +01002597 int tmp = TX_CON_WANT_TUN;
2598 if ((s->fe->options|s->be->options) & PR_O_KEEPALIVE)
2599 tmp = TX_CON_WANT_KAL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002600 if ((s->fe->options|s->be->options) & PR_O_SERVER_CLO)
2601 tmp = TX_CON_WANT_SCL;
Willy Tarreau5b154472009-12-21 20:11:07 +01002602 if ((s->fe->options|s->be->options) & (PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))
2603 tmp = TX_CON_WANT_CLO;
2604
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002605 if (!(txn->flags & TX_REQ_XFER_LEN))
2606 tmp = TX_CON_WANT_CLO;
2607
Willy Tarreau5b154472009-12-21 20:11:07 +01002608 if (!(txn->flags & TX_CON_HDR_PARS))
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002609 http_req_parse_connection_header(txn);
Willy Tarreau5b154472009-12-21 20:11:07 +01002610
2611 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
2612 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
2613 }
2614
2615 /* We're really certain of the connection mode (tunnel, close, keep-alive)
2616 * once we know the backend, because the tunnel mode can be implied by the
2617 * lack of any close/keepalive options in both the FE and the BE. Since
2618 * this information can evolve with time, we proceed by trying to make the
2619 * header status match the desired status. For this, we'll have to adjust
2620 * the "Connection" header. The test for persistent connections has already
2621 * been performed, so we only enter here if there is a risk the connection
2622 * is considered as persistent and we want it to be closed on the server
2623 * side. It would be nice if we could enter this place only when a
2624 * Connection header exists. Note that a CONNECT method will not enter
2625 * here.
2626 */
2627 if (!(txn->flags & TX_REQ_CONN_CLO) && ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL)) {
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002628 char *cur_ptr, *cur_end, *cur_next;
2629 int old_idx, delta, val;
Willy Tarreau5b154472009-12-21 20:11:07 +01002630 int must_delete;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002631 struct hdr_idx_elem *cur_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002632
Willy Tarreau5b154472009-12-21 20:11:07 +01002633 must_delete = !(txn->flags & TX_REQ_VER_11);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002634 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002635
Willy Tarreau5b154472009-12-21 20:11:07 +01002636 for (old_idx = 0; (cur_idx = txn->hdr_idx.v[old_idx].next); old_idx = cur_idx) {
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002637 cur_hdr = &txn->hdr_idx.v[cur_idx];
2638 cur_ptr = cur_next;
2639 cur_end = cur_ptr + cur_hdr->len;
2640 cur_next = cur_end + cur_hdr->cr + 1;
Willy Tarreau59234e92008-11-30 23:51:27 +01002641
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002642 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
Willy Tarreau5b154472009-12-21 20:11:07 +01002643 if (!val)
2644 continue;
2645
2646 /* 3 possibilities :
2647 * - we have already set "Connection: close" or we're in
2648 * HTTP/1.0, so we remove this line.
2649 * - we have not yet set "Connection: close", but this line
2650 * indicates close. We leave it untouched and set the flag.
2651 * - we have not yet set "Connection: close", and this line
2652 * indicates non-close. We replace it and set the flag.
2653 */
2654 if (must_delete) {
2655 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
2656 http_msg_move_end(&txn->req, delta);
2657 cur_next += delta;
2658 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
2659 txn->hdr_idx.used--;
2660 cur_hdr->len = 0;
2661 txn->flags |= TX_REQ_CONN_CLO;
2662 } else {
2663 if (cur_end - cur_ptr - val != 5 ||
2664 strncasecmp(cur_ptr + val, "close", 5) != 0) {
2665 delta = buffer_replace2(req, cur_ptr + val, cur_end,
2666 "close", 5);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002667 cur_next += delta;
Willy Tarreau5b154472009-12-21 20:11:07 +01002668 cur_hdr->len += delta;
2669 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002670 }
Willy Tarreau5b154472009-12-21 20:11:07 +01002671 txn->flags |= TX_REQ_CONN_CLO;
2672 must_delete = 1;
Willy Tarreau06619262006-12-17 08:37:22 +01002673 }
Willy Tarreau5b154472009-12-21 20:11:07 +01002674 } /* for loop */
2675 } /* if must close keep-alive */
Willy Tarreau78599912009-10-17 20:12:21 +02002676
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002677 /* add request headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01002678 list_for_each_entry(wl, &px->req_add, list) {
2679 if (unlikely(http_header_add_tail(req, &txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002680 goto return_bad_req;
2681 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002682
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002683 /* check if stats URI was requested, and if an auth is needed */
2684 if (px->uri_auth != NULL &&
2685 (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)) {
2686 /* we have to check the URI and auth for this request.
2687 * FIXME!!! that one is rather dangerous, we want to
2688 * make it follow standard rules (eg: clear req->analysers).
2689 */
2690 if (stats_check_uri_auth(s, px)) {
2691 req->analysers = 0;
2692 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002693 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002694 }
Willy Tarreaub2513902006-12-17 14:52:38 +01002695
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002696 /* check whether we have some ACLs set to redirect this request */
2697 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01002698 int ret = ACL_PAT_PASS;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002699
Willy Tarreauf285f542010-01-03 20:03:03 +01002700 if (rule->cond) {
2701 ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ);
2702 ret = acl_pass(ret);
2703 if (rule->cond->pol == ACL_COND_UNLESS)
2704 ret = !ret;
2705 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002706
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002707 if (ret) {
Willy Tarreau3bb9c232010-01-03 12:24:37 +01002708 struct chunk rdr = { .str = trash, .size = sizeof(trash), .len = 0 };
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002709 const char *msg_fmt;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002710
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002711 /* build redirect message */
2712 switch(rule->code) {
2713 case 303:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002714 msg_fmt = HTTP_303;
2715 break;
2716 case 301:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002717 msg_fmt = HTTP_301;
2718 break;
2719 case 302:
2720 default:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002721 msg_fmt = HTTP_302;
2722 break;
2723 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002724
Willy Tarreau3bb9c232010-01-03 12:24:37 +01002725 if (unlikely(!chunk_strcpy(&rdr, msg_fmt)))
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002726 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002727
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002728 switch(rule->type) {
2729 case REDIRECT_TYPE_PREFIX: {
2730 const char *path;
2731 int pathlen;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002732
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002733 path = http_get_path(txn);
2734 /* build message using path */
2735 if (path) {
Willy Tarreaua95a1f42010-01-03 13:04:35 +01002736 pathlen = txn->req.sl.rq.u_l + (txn->req.sol-txn->req.som+txn->req.sl.rq.u) - path;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002737 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
2738 int qs = 0;
2739 while (qs < pathlen) {
2740 if (path[qs] == '?') {
2741 pathlen = qs;
2742 break;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002743 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002744 qs++;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002745 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002746 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002747 } else {
2748 path = "/";
2749 pathlen = 1;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002750 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002751
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +02002752 if (rdr.len + rule->rdr_len + pathlen > rdr.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002753 goto return_bad_req;
2754
2755 /* add prefix. Note that if prefix == "/", we don't want to
2756 * add anything, otherwise it makes it hard for the user to
2757 * configure a self-redirection.
2758 */
2759 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
Willy Tarreau06b917c2009-07-06 16:34:52 +02002760 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2761 rdr.len += rule->rdr_len;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002762 }
2763
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002764 /* add path */
2765 memcpy(rdr.str + rdr.len, path, pathlen);
2766 rdr.len += pathlen;
2767 break;
2768 }
2769 case REDIRECT_TYPE_LOCATION:
2770 default:
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +02002771 if (rdr.len + rule->rdr_len > rdr.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002772 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002773
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002774 /* add location */
2775 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
2776 rdr.len += rule->rdr_len;
2777 break;
2778 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002779
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002780 if (rule->cookie_len) {
2781 memcpy(rdr.str + rdr.len, "\r\nSet-Cookie: ", 14);
2782 rdr.len += 14;
2783 memcpy(rdr.str + rdr.len, rule->cookie_str, rule->cookie_len);
2784 rdr.len += rule->cookie_len;
2785 memcpy(rdr.str + rdr.len, "\r\n", 2);
2786 rdr.len += 2;
Willy Tarreau06b917c2009-07-06 16:34:52 +02002787 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02002788
Willy Tarreaua9679ac2010-01-03 17:32:57 +01002789 /* add end of headers and the keep-alive/close status.
2790 * We may choose to set keep-alive if the Location begins
2791 * with a slash, because the client will come back to the
2792 * same server.
2793 */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002794 txn->status = rule->code;
2795 /* let's log the request time */
2796 s->logs.tv_request = now;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01002797
2798 if (rule->rdr_len >= 1 && *rule->rdr_str == '/' &&
2799 (txn->flags & TX_REQ_XFER_LEN) &&
2800 !(txn->flags & TX_REQ_TE_CHNK) && !txn->req.hdr_content_len &&
2801 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
2802 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
2803 /* keep-alive possible */
2804 memcpy(rdr.str + rdr.len, "\r\nConnection: keep-alive\r\n\r\n", 28);
2805 rdr.len += 28;
2806 buffer_write(req->prod->ob, rdr.str, rdr.len);
2807 /* "eat" the request */
2808 buffer_ignore(req, msg->sov - msg->som);
2809 msg->som = msg->sov;
2810 req->analysers = AN_REQ_HTTP_XFER_BODY;
2811 txn->req.msg_state = HTTP_MSG_DONE;
2812 txn->rsp.msg_state = HTTP_MSG_CLOSED;
2813 break;
2814 } else {
2815 /* keep-alive not possible */
2816 memcpy(rdr.str + rdr.len, "\r\nConnection: close\r\n\r\n", 23);
2817 rdr.len += 23;
2818 stream_int_cond_close(req->prod, &rdr);
2819 goto return_prx_cond;
2820 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002821 }
2822 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02002823
Willy Tarreaud98cf932009-12-27 22:54:55 +01002824 /* We can shut read side if we know how we won't transfer any more data && !abort_on_close */
2825 if ((txn->flags & TX_REQ_XFER_LEN) &&
Willy Tarreau5b154472009-12-21 20:11:07 +01002826 !(txn->flags & TX_REQ_TE_CHNK) && !txn->req.hdr_content_len &&
Willy Tarreaud98cf932009-12-27 22:54:55 +01002827 (req->cons->state == SI_ST_EST || !(s->be->options & PR_O_ABRT_CLOSE)))
Willy Tarreau349a0f62009-10-18 21:17:42 +02002828 req->flags |= BF_DONT_READ;
Willy Tarreau5e8949c2010-01-03 14:38:03 +01002829 else
2830 req->flags &= ~BF_DONT_READ;
Willy Tarreauf1ba4b32009-10-17 14:37:52 +02002831
Willy Tarreau2be39392010-01-03 17:24:51 +01002832 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
2833 * If this happens, then the data will not come immediately, so we must
2834 * send all what we have without waiting. Note that due to the small gain
2835 * in waiting for the body of the request, it's easier to simply put the
2836 * BF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
2837 * itself once used.
2838 */
2839 req->flags |= BF_SEND_DONTWAIT;
2840
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002841 /* that's OK for us now, let's move on to next analysers */
2842 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02002843
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002844 return_bad_req:
2845 /* We centralize bad requests processing here */
2846 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2847 /* we detected a parsing error. We want to archive this request
2848 * in the dedicated proxy area for later troubleshooting.
2849 */
2850 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
2851 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02002852
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002853 txn->req.msg_state = HTTP_MSG_ERROR;
2854 txn->status = 400;
2855 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002856
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002857 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002858 if (s->listener->counters)
2859 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02002860
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002861 return_prx_cond:
2862 if (!(s->flags & SN_ERR_MASK))
2863 s->flags |= SN_ERR_PRXCOND;
2864 if (!(s->flags & SN_FINST_MASK))
2865 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01002866
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002867 req->analysers = 0;
2868 req->analyse_exp = TICK_ETERNITY;
2869 return 0;
2870}
Willy Tarreau58f10d72006-12-04 02:26:12 +01002871
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002872/* This function performs all the processing enabled for the current request.
2873 * It returns 1 if the processing can continue on next analysers, or zero if it
2874 * needs more data, encounters an error, or wants to immediately abort the
2875 * request. It relies on buffers flags, and updates s->req->analysers.
2876 */
2877int http_process_request(struct session *s, struct buffer *req, int an_bit)
2878{
2879 struct http_txn *txn = &s->txn;
2880 struct http_msg *msg = &txn->req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002881
Willy Tarreau655dce92009-11-08 13:10:58 +01002882 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02002883 /* we need more data */
Willy Tarreau520d95e2009-09-19 21:04:57 +02002884 buffer_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02002885 return 0;
2886 }
2887
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002888 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
2889 now_ms, __FUNCTION__,
2890 s,
2891 req,
2892 req->rex, req->wex,
2893 req->flags,
2894 req->l,
2895 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01002896
Willy Tarreau59234e92008-11-30 23:51:27 +01002897 /*
2898 * Right now, we know that we have processed the entire headers
2899 * and that unwanted requests have been filtered out. We can do
2900 * whatever we want with the remaining request. Also, now we
2901 * may have separate values for ->fe, ->be.
2902 */
Willy Tarreau06619262006-12-17 08:37:22 +01002903
Willy Tarreau59234e92008-11-30 23:51:27 +01002904 /*
2905 * If HTTP PROXY is set we simply get remote server address
2906 * parsing incoming request.
2907 */
2908 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
2909 url2sa(req->data + msg->sl.rq.u, msg->sl.rq.u_l, &s->srv_addr);
2910 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002911
Willy Tarreau59234e92008-11-30 23:51:27 +01002912 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01002913 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01002914 * Note that doing so might move headers in the request, but
2915 * the fields will stay coherent and the URI will not move.
2916 * This should only be performed in the backend.
2917 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02002918 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01002919 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
2920 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02002921
Willy Tarreau59234e92008-11-30 23:51:27 +01002922 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01002923 * 8: the appsession cookie was looked up very early in 1.2,
2924 * so let's do the same now.
2925 */
2926
2927 /* It needs to look into the URI */
2928 if ((s->sessid == NULL) && s->be->appsession_name) {
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01002929 get_srv_from_appsession(s, &req->data[msg->sl.rq.u], msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01002930 }
2931
2932 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002933 * 9: add X-Forwarded-For if either the frontend or the backend
2934 * asks for it.
2935 */
2936 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
2937 if (s->cli_addr.ss_family == AF_INET) {
2938 /* Add an X-Forwarded-For header unless the source IP is
2939 * in the 'except' network range.
2940 */
2941 if ((!s->fe->except_mask.s_addr ||
2942 (((struct sockaddr_in *)&s->cli_addr)->sin_addr.s_addr & s->fe->except_mask.s_addr)
2943 != s->fe->except_net.s_addr) &&
2944 (!s->be->except_mask.s_addr ||
2945 (((struct sockaddr_in *)&s->cli_addr)->sin_addr.s_addr & s->be->except_mask.s_addr)
2946 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01002947 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01002948 unsigned char *pn;
2949 pn = (unsigned char *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02002950
2951 /* Note: we rely on the backend to get the header name to be used for
2952 * x-forwarded-for, because the header is really meant for the backends.
2953 * However, if the backend did not specify any option, we have to rely
2954 * on the frontend's header name.
2955 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002956 if (s->be->fwdfor_hdr_len) {
2957 len = s->be->fwdfor_hdr_len;
2958 memcpy(trash, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02002959 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01002960 len = s->fe->fwdfor_hdr_len;
2961 memcpy(trash, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01002962 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002963 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01002964
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01002965 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01002966 &txn->hdr_idx, trash, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01002967 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01002968 }
2969 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002970 else if (s->cli_addr.ss_family == AF_INET6) {
2971 /* FIXME: for the sake of completeness, we should also support
2972 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002973 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002974 int len;
2975 char pn[INET6_ADDRSTRLEN];
2976 inet_ntop(AF_INET6,
2977 (const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
2978 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002979
Willy Tarreau59234e92008-11-30 23:51:27 +01002980 /* Note: we rely on the backend to get the header name to be used for
2981 * x-forwarded-for, because the header is really meant for the backends.
2982 * However, if the backend did not specify any option, we have to rely
2983 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002984 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002985 if (s->be->fwdfor_hdr_len) {
2986 len = s->be->fwdfor_hdr_len;
2987 memcpy(trash, s->be->fwdfor_hdr_name, len);
2988 } else {
2989 len = s->fe->fwdfor_hdr_len;
2990 memcpy(trash, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02002991 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002992 len += sprintf(trash + len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02002993
Willy Tarreau59234e92008-11-30 23:51:27 +01002994 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01002995 &txn->hdr_idx, trash, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01002996 goto return_bad_req;
2997 }
2998 }
2999
3000 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02003001 * 10: add X-Original-To if either the frontend or the backend
3002 * asks for it.
3003 */
3004 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
3005
3006 /* FIXME: don't know if IPv6 can handle that case too. */
3007 if (s->cli_addr.ss_family == AF_INET) {
3008 /* Add an X-Original-To header unless the destination IP is
3009 * in the 'except' network range.
3010 */
3011 if (!(s->flags & SN_FRT_ADDR_SET))
3012 get_frt_addr(s);
3013
3014 if ((!s->fe->except_mask_to.s_addr ||
3015 (((struct sockaddr_in *)&s->frt_addr)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
3016 != s->fe->except_to.s_addr) &&
3017 (!s->be->except_mask_to.s_addr ||
3018 (((struct sockaddr_in *)&s->frt_addr)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
3019 != s->be->except_to.s_addr)) {
3020 int len;
3021 unsigned char *pn;
3022 pn = (unsigned char *)&((struct sockaddr_in *)&s->frt_addr)->sin_addr;
3023
3024 /* Note: we rely on the backend to get the header name to be used for
3025 * x-original-to, because the header is really meant for the backends.
3026 * However, if the backend did not specify any option, we have to rely
3027 * on the frontend's header name.
3028 */
3029 if (s->be->orgto_hdr_len) {
3030 len = s->be->orgto_hdr_len;
3031 memcpy(trash, s->be->orgto_hdr_name, len);
3032 } else {
3033 len = s->fe->orgto_hdr_len;
3034 memcpy(trash, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003035 }
Maik Broemme2850cb42009-04-17 18:53:21 +02003036 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
3037
3038 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01003039 &txn->hdr_idx, trash, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02003040 goto return_bad_req;
3041 }
3042 }
3043 }
3044
Willy Tarreau78599912009-10-17 20:12:21 +02003045 /* 11: add "Connection: close" if needed and not yet set. */
Willy Tarreau5b154472009-12-21 20:11:07 +01003046 if (!(txn->flags & TX_REQ_CONN_CLO) && ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL)) {
Willy Tarreau78599912009-10-17 20:12:21 +02003047 if (unlikely(http_header_add_tail2(req, &txn->req, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01003048 "Connection: close", 17) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01003049 goto return_bad_req;
Willy Tarreau5b154472009-12-21 20:11:07 +01003050 txn->flags |= TX_REQ_CONN_CLO;
Willy Tarreau59234e92008-11-30 23:51:27 +01003051 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003052
3053 /* If we have no server assigned yet and we're balancing on url_param
3054 * with a POST request, we may be interested in checking the body for
3055 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01003056 */
3057 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
3058 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01003059 s->be->url_param_post_limit != 0 &&
3060 (txn->flags & (TX_REQ_CNT_LEN|TX_REQ_TE_CHNK)) &&
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01003061 memchr(req->data + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003062 buffer_dont_connect(req);
3063 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01003064 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003065
Willy Tarreaud98cf932009-12-27 22:54:55 +01003066 if (txn->flags & TX_REQ_XFER_LEN)
3067 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01003068
Willy Tarreau59234e92008-11-30 23:51:27 +01003069 /*************************************************************
3070 * OK, that's finished for the headers. We have done what we *
3071 * could. Let's switch to the DATA state. *
3072 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01003073 req->analyse_exp = TICK_ETERNITY;
3074 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003075
Willy Tarreau59234e92008-11-30 23:51:27 +01003076 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01003077 /* OK let's go on with the BODY now */
3078 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01003079
Willy Tarreau59234e92008-11-30 23:51:27 +01003080 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02003081 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01003082 /* we detected a parsing error. We want to archive this request
3083 * in the dedicated proxy area for later troubleshooting.
3084 */
Willy Tarreau4076a152009-04-02 15:18:36 +02003085 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01003086 }
Willy Tarreau4076a152009-04-02 15:18:36 +02003087
Willy Tarreau59234e92008-11-30 23:51:27 +01003088 txn->req.msg_state = HTTP_MSG_ERROR;
3089 txn->status = 400;
3090 req->analysers = 0;
3091 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003092
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02003093 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003094 if (s->listener->counters)
3095 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02003096
Willy Tarreau59234e92008-11-30 23:51:27 +01003097 if (!(s->flags & SN_ERR_MASK))
3098 s->flags |= SN_ERR_PRXCOND;
3099 if (!(s->flags & SN_FINST_MASK))
3100 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02003101 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02003102}
Willy Tarreauadfb8562008-08-11 15:24:42 +02003103
Willy Tarreau60b85b02008-11-30 23:28:40 +01003104/* This function is an analyser which processes the HTTP tarpit. It always
3105 * returns zero, at the beginning because it prevents any other processing
3106 * from occurring, and at the end because it terminates the request.
3107 */
Willy Tarreau3a816292009-07-07 10:55:49 +02003108int http_process_tarpit(struct session *s, struct buffer *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01003109{
3110 struct http_txn *txn = &s->txn;
3111
3112 /* This connection is being tarpitted. The CLIENT side has
3113 * already set the connect expiration date to the right
3114 * timeout. We just have to check that the client is still
3115 * there and that the timeout has not expired.
3116 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003117 buffer_dont_connect(req);
Willy Tarreau60b85b02008-11-30 23:28:40 +01003118 if ((req->flags & (BF_SHUTR|BF_READ_ERROR)) == 0 &&
3119 !tick_is_expired(req->analyse_exp, now_ms))
3120 return 0;
3121
3122 /* We will set the queue timer to the time spent, just for
3123 * logging purposes. We fake a 500 server error, so that the
3124 * attacker will not suspect his connection has been tarpitted.
3125 * It will not cause trouble to the logs because we can exclude
3126 * the tarpitted connections by filtering on the 'PT' status flags.
3127 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01003128 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
3129
3130 txn->status = 500;
3131 if (req->flags != BF_READ_ERROR)
3132 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_500));
3133
3134 req->analysers = 0;
3135 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003136
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02003137 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003138 if (s->listener->counters)
3139 s->listener->counters->failed_req++;
Willy Tarreau60b85b02008-11-30 23:28:40 +01003140
Willy Tarreau60b85b02008-11-30 23:28:40 +01003141 if (!(s->flags & SN_ERR_MASK))
3142 s->flags |= SN_ERR_PRXCOND;
3143 if (!(s->flags & SN_FINST_MASK))
3144 s->flags |= SN_FINST_T;
3145 return 0;
3146}
3147
Willy Tarreaud34af782008-11-30 23:36:37 +01003148/* This function is an analyser which processes the HTTP request body. It looks
3149 * for parameters to be used for the load balancing algorithm (url_param). It
3150 * must only be called after the standard HTTP request processing has occurred,
3151 * because it expects the request to be parsed. It returns zero if it needs to
3152 * read more data, or 1 once it has completed its analysis.
3153 */
Willy Tarreau3a816292009-07-07 10:55:49 +02003154int http_process_request_body(struct session *s, struct buffer *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01003155{
Willy Tarreau522d6c02009-12-06 18:49:18 +01003156 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01003157 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01003158 long long limit = s->be->url_param_post_limit;
Willy Tarreaud34af782008-11-30 23:36:37 +01003159
3160 /* We have to parse the HTTP request body to find any required data.
3161 * "balance url_param check_post" should have been the only way to get
3162 * into this. We were brought here after HTTP header analysis, so all
3163 * related structures are ready.
3164 */
3165
Willy Tarreau522d6c02009-12-06 18:49:18 +01003166 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
3167 goto missing_data;
3168
3169 if (msg->msg_state < HTTP_MSG_100_SENT) {
3170 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3171 * send an HTTP/1.1 100 Continue intermediate response.
3172 */
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01003173 if (txn->flags & TX_REQ_VER_11) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003174 struct hdr_ctx ctx;
3175 ctx.idx = 0;
3176 /* Expect is allowed in 1.1, look for it */
3177 if (http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx) &&
3178 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3179 buffer_write(s->rep, http_100_chunk.str, http_100_chunk.len);
3180 }
3181 }
3182 msg->msg_state = HTTP_MSG_100_SENT;
3183 }
3184
3185 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01003186 /* we have msg->col and msg->sov which both point to the first
3187 * byte of message body. msg->som still points to the beginning
3188 * of the message. We must save the body in req->lr because it
3189 * survives buffer re-alignments.
3190 */
3191 req->lr = req->data + msg->sov;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003192 if (txn->flags & TX_REQ_TE_CHNK)
3193 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
3194 else
3195 msg->msg_state = HTTP_MSG_DATA;
3196 }
3197
3198 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau115acb92009-12-26 13:56:06 +01003199 /* read the chunk size and assign it to ->hdr_content_len, then
Willy Tarreaud98cf932009-12-27 22:54:55 +01003200 * set ->sov and ->lr to point to the body and switch to DATA or
3201 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01003202 */
3203 int ret = http_parse_chunk_size(req, msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01003204
Willy Tarreau115acb92009-12-26 13:56:06 +01003205 if (!ret)
3206 goto missing_data;
3207 else if (ret < 0)
Willy Tarreau522d6c02009-12-06 18:49:18 +01003208 goto return_bad_req;
Willy Tarreaud34af782008-11-30 23:36:37 +01003209 }
3210
Willy Tarreaud98cf932009-12-27 22:54:55 +01003211 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreau522d6c02009-12-06 18:49:18 +01003212 * We have the first non-header byte in msg->col, which is either the
3213 * beginning of the chunk size or of the data. The first data byte is in
3214 * msg->sov, which is equal to msg->col when not using transfer-encoding.
3215 * We're waiting for at least <url_param_post_limit> bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01003216 */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003217
3218 if (msg->hdr_content_len < limit)
3219 limit = msg->hdr_content_len;
3220
Willy Tarreau7c96f672009-12-27 22:47:25 +01003221 if (req->l - (msg->sov - msg->som) >= limit) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003222 goto http_end;
3223
3224 missing_data:
3225 /* we get here if we need to wait for more data */
Willy Tarreau115acb92009-12-26 13:56:06 +01003226 if (req->flags & BF_FULL)
3227 goto return_bad_req;
3228
Willy Tarreau522d6c02009-12-06 18:49:18 +01003229 if ((req->flags & BF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
3230 txn->status = 408;
3231 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_408));
3232 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01003233 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003234
3235 /* we get here if we need to wait for more data */
3236 if (!(req->flags & (BF_FULL | BF_READ_ERROR | BF_SHUTR))) {
Willy Tarreaud34af782008-11-30 23:36:37 +01003237 /* Not enough data. We'll re-use the http-request
3238 * timeout here. Ideally, we should set the timeout
3239 * relative to the accept() date. We just set the
3240 * request timeout once at the beginning of the
3241 * request.
3242 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003243 buffer_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01003244 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02003245 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01003246 return 0;
3247 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003248
3249 http_end:
3250 /* The situation will not evolve, so let's give up on the analysis. */
3251 s->logs.tv_request = now; /* update the request timer to reflect full request */
3252 req->analysers &= ~an_bit;
3253 req->analyse_exp = TICK_ETERNITY;
3254 return 1;
3255
3256 return_bad_req: /* let's centralize all bad requests */
3257 txn->req.msg_state = HTTP_MSG_ERROR;
3258 txn->status = 400;
3259 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
3260
3261 return_err_msg:
3262 req->analysers = 0;
3263 s->fe->counters.failed_req++;
3264 if (s->listener->counters)
3265 s->listener->counters->failed_req++;
3266
3267 if (!(s->flags & SN_ERR_MASK))
3268 s->flags |= SN_ERR_PRXCOND;
3269 if (!(s->flags & SN_FINST_MASK))
3270 s->flags |= SN_FINST_R;
3271 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01003272}
3273
Willy Tarreaud98cf932009-12-27 22:54:55 +01003274/* This function is an analyser which forwards request body (including chunk
3275 * sizes if any). It is called as soon as we must forward, even if we forward
3276 * zero byte. The only situation where it must not be called is when we're in
3277 * tunnel mode and we want to forward till the close. It's used both to forward
3278 * remaining data and to resync after end of body. It expects the msg_state to
3279 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
3280 * read more data, or 1 once we can go on with next request or end the session.
3281 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward hdr_content_len
3282 * bytes of pending data + the headers if not already done (between som and sov).
3283 * It eventually adjusts som to match sov after the data in between have been sent.
3284 */
3285int http_request_forward_body(struct session *s, struct buffer *req, int an_bit)
3286{
3287 struct http_txn *txn = &s->txn;
3288 struct http_msg *msg = &s->txn.req;
3289
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01003290 if ((req->flags & (BF_READ_ERROR|BF_READ_TIMEOUT|BF_WRITE_ERROR|BF_WRITE_TIMEOUT)) ||
3291 ((req->flags & BF_SHUTW) && (req->to_forward || req->send_max))) {
3292 /* Output closed while we were sending data. We must abort. */
3293 buffer_ignore(req, req->l - req->send_max);
Willy Tarreau082b01c2010-01-02 23:58:04 +01003294 req->analysers &= ~an_bit;
3295 return 1;
3296 }
3297
Willy Tarreaud3347ee2010-01-04 02:02:25 +01003298 buffer_dont_close(req);
Willy Tarreaud98cf932009-12-27 22:54:55 +01003299 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
3300 return 0;
3301
3302 /* Note that we don't have to send 100-continue back because we don't
3303 * need the data to complete our job, and it's up to the server to
3304 * decide whether to return 100, 417 or anything else in return of
3305 * an "Expect: 100-continue" header.
3306 */
3307
3308 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
3309 /* we have msg->col and msg->sov which both point to the first
3310 * byte of message body. msg->som still points to the beginning
3311 * of the message. We must save the body in req->lr because it
3312 * survives buffer re-alignments.
3313 */
3314 req->lr = req->data + msg->sov;
3315 if (txn->flags & TX_REQ_TE_CHNK)
3316 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
3317 else {
3318 msg->msg_state = HTTP_MSG_DATA;
3319 }
3320 }
3321
Willy Tarreaud98cf932009-12-27 22:54:55 +01003322 while (1) {
Willy Tarreau638cd022010-01-03 07:42:04 +01003323 /* we may have some data pending */
3324 if (msg->hdr_content_len || msg->som != msg->sov) {
3325 int bytes = msg->sov - msg->som;
3326 if (bytes < 0) /* sov may have wrapped at the end */
3327 bytes += req->size;
3328 buffer_forward(req, bytes + msg->hdr_content_len);
3329 msg->hdr_content_len = 0; /* don't forward that again */
3330 msg->som = msg->sov;
3331 }
Willy Tarreau5523b322009-12-29 12:05:52 +01003332
Willy Tarreaucaabe412010-01-03 23:08:28 +01003333 if (msg->msg_state == HTTP_MSG_DATA) {
3334 /* must still forward */
3335 if (req->to_forward)
3336 return 0;
3337
3338 /* nothing left to forward */
3339 if (txn->flags & TX_REQ_TE_CHNK)
3340 msg->msg_state = HTTP_MSG_DATA_CRLF;
3341 else {
3342 msg->msg_state = HTTP_MSG_DONE;
3343 goto http_msg_done;
3344 }
3345 }
3346 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01003347 /* read the chunk size and assign it to ->hdr_content_len, then
3348 * set ->sov and ->lr to point to the body and switch to DATA or
3349 * TRAILERS state.
3350 */
3351 int ret = http_parse_chunk_size(req, msg);
3352
3353 if (!ret)
3354 goto missing_data;
3355 else if (ret < 0)
3356 goto return_bad_req;
3357 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01003358 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01003359 else if (msg->msg_state == HTTP_MSG_DATA_CRLF) {
3360 /* we want the CRLF after the data */
3361 int ret;
3362
Willy Tarreaud3347ee2010-01-04 02:02:25 +01003363 req->lr = req->w + req->send_max;
3364 if (req->lr >= req->data + req->size)
3365 req->lr -= req->size;
3366
Willy Tarreaud98cf932009-12-27 22:54:55 +01003367 ret = http_skip_chunk_crlf(req, msg);
3368
3369 if (ret == 0)
3370 goto missing_data;
3371 else if (ret < 0)
3372 goto return_bad_req;
3373 /* we're in MSG_CHUNK_SIZE now */
3374 }
3375 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
3376 int ret = http_forward_trailers(req, msg);
3377
3378 if (ret == 0)
3379 goto missing_data;
3380 else if (ret < 0)
3381 goto return_bad_req;
3382 /* we're in HTTP_MSG_DONE now */
3383 }
3384 else if (msg->msg_state == HTTP_MSG_DONE) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01003385 http_msg_done:
Willy Tarreau5523b322009-12-29 12:05:52 +01003386 /* No need to read anymore, the request was completely parsed */
Willy Tarreaud98cf932009-12-27 22:54:55 +01003387 req->flags |= BF_DONT_READ;
3388
Willy Tarreau5523b322009-12-29 12:05:52 +01003389 if (txn->rsp.msg_state < HTTP_MSG_DONE && txn->rsp.msg_state != HTTP_MSG_ERROR) {
3390 /* The server has not finished to respond, so we
3391 * don't want to move in order not to upset it.
Willy Tarreaud98cf932009-12-27 22:54:55 +01003392 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01003393 return 0;
3394 }
3395
3396 /* when we support keep-alive or server-close modes, we'll have
3397 * to reset the transaction here.
3398 */
Willy Tarreau5523b322009-12-29 12:05:52 +01003399
Willy Tarreaub608feb2010-01-02 22:47:18 +01003400 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
3401 /* initiate a connection close to the server */
3402 req->cons->flags |= SI_FL_NOLINGER;
3403 buffer_shutw_now(req);
3404 }
3405 else if ((s->fe->options | s->be->options) & PR_O_FORCE_CLO) {
Willy Tarreau9438c712009-12-29 14:39:48 +01003406 /* Option forceclose is set, let's enforce it now
3407 * that the transfer is complete. We can safely speed
3408 * up the close because we know the server has received
3409 * everything we wanted it to receive.
3410 */
3411 req->cons->flags |= SI_FL_NOLINGER;
Willy Tarreau82eeaf22009-12-29 12:09:05 +01003412 buffer_abort(req);
3413 }
3414
Willy Tarreau5523b322009-12-29 12:05:52 +01003415 if (req->flags & (BF_SHUTW|BF_SHUTW_NOW)) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01003416 if (req->flags & BF_OUT_EMPTY) {
Willy Tarreau5523b322009-12-29 12:05:52 +01003417 msg->msg_state = HTTP_MSG_CLOSED;
Willy Tarreaucaabe412010-01-03 23:08:28 +01003418 goto http_msg_closed;
3419 }
3420 else {
Willy Tarreau5523b322009-12-29 12:05:52 +01003421 msg->msg_state = HTTP_MSG_CLOSING;
Willy Tarreaucaabe412010-01-03 23:08:28 +01003422 goto http_msg_closing;
3423 }
Willy Tarreau5523b322009-12-29 12:05:52 +01003424 }
3425 else {
3426 /* for other modes, we let further requests pass for now */
3427 req->flags &= ~BF_DONT_READ;
3428 /* FIXME: we're still forced to do that here */
3429 s->rep->flags &= ~BF_DONT_READ;
3430 break;
3431 }
3432 }
3433 else if (msg->msg_state == HTTP_MSG_CLOSING) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01003434 http_msg_closing:
Willy Tarreau5523b322009-12-29 12:05:52 +01003435 /* nothing else to forward, just waiting for the buffer to be empty */
3436 if (!(req->flags & BF_OUT_EMPTY))
3437 return 0;
3438 msg->msg_state = HTTP_MSG_CLOSED;
3439 }
3440 else if (msg->msg_state == HTTP_MSG_CLOSED) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01003441 http_msg_closed:
Willy Tarreau5523b322009-12-29 12:05:52 +01003442 req->flags &= ~BF_DONT_READ;
Willy Tarreaub608feb2010-01-02 22:47:18 +01003443
3444 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
3445
3446 /* FIXME : this part is 1) awful, 2) tricky, 3) duplicated
3447 * ... but it works.
3448 * We need a better way to force a connection close without
3449 * any risk of propagation to the other side. We need a more
3450 * portable way of releasing a backend's and a server's
3451 * connections. We need a safer way to reinitialize buffer
3452 * flags. We also need a more accurate method for computing
3453 * per-request data.
3454 */
3455 s->req->cons->flags |= SI_FL_NOLINGER;
3456 s->req->cons->shutr(s->req->cons);
3457 s->req->cons->shutw(s->req->cons);
3458
3459 if (s->flags & SN_BE_ASSIGNED)
3460 s->be->beconn--;
3461
3462 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
3463 session_process_counters(s);
3464
3465 if (s->txn.status) {
3466 int n;
3467
3468 n = s->txn.status / 100;
3469 if (n < 1 || n > 5)
3470 n = 0;
3471
3472 if (s->fe->mode == PR_MODE_HTTP)
3473 s->fe->counters.p.http.rsp[n]++;
3474
3475 if ((s->flags & SN_BE_ASSIGNED) && (s->fe != s->be) &&
3476 (s->be->mode == PR_MODE_HTTP))
3477 s->be->counters.p.http.rsp[n]++;
3478 }
3479
3480 /* don't count other requests' data */
3481 s->logs.bytes_in -= s->req->l - s->req->send_max;
3482 s->logs.bytes_out -= s->rep->l - s->rep->send_max;
3483
3484 /* let's do a final log if we need it */
3485 if (s->logs.logwait &&
3486 !(s->flags & SN_MONITOR) &&
3487 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
3488 s->do_log(s);
3489 }
3490
3491 s->logs.accept_date = date; /* user-visible date for logging */
3492 s->logs.tv_accept = now; /* corrected date for internal use */
3493 tv_zero(&s->logs.tv_request);
3494 s->logs.t_queue = -1;
3495 s->logs.t_connect = -1;
3496 s->logs.t_data = -1;
3497 s->logs.t_close = 0;
3498 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
3499 s->logs.srv_queue_size = 0; /* we will get this number soon */
3500
3501 s->logs.bytes_in = s->req->total = s->req->l - s->req->send_max;
3502 s->logs.bytes_out = s->rep->total = s->rep->l - s->rep->send_max;
3503
3504 if (s->pend_pos)
3505 pendconn_free(s->pend_pos);
3506
3507 if (s->srv) {
3508 if (s->flags & SN_CURR_SESS) {
3509 s->flags &= ~SN_CURR_SESS;
3510 s->srv->cur_sess--;
3511 }
3512 if (may_dequeue_tasks(s->srv, s->be))
3513 process_srv_queue(s->srv);
3514 }
3515
3516 if (unlikely(s->srv_conn))
3517 sess_change_server(s, NULL);
3518 s->srv = NULL;
3519
3520 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
3521 s->req->cons->fd = -1; /* just to help with debugging */
3522 s->req->cons->err_type = SI_ET_NONE;
3523 s->req->cons->err_loc = NULL;
3524 s->req->cons->exp = TICK_ETERNITY;
3525 s->req->cons->flags = SI_FL_NONE;
3526 s->req->flags &= ~(BF_SHUTW|BF_SHUTW_NOW|BF_AUTO_CONNECT|BF_WRITE_ERROR|BF_STREAMER|BF_STREAMER_FAST|BF_AUTO_CLOSE);
3527 s->rep->flags &= ~(BF_SHUTR|BF_SHUTR_NOW|BF_READ_ATTACHED|BF_READ_ERROR|BF_READ_NOEXP|BF_STREAMER|BF_STREAMER_FAST|BF_AUTO_CLOSE|BF_WRITE_PARTIAL);
3528 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED);
3529 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE);
3530 s->txn.meth = 0;
3531 http_reset_txn(s);
3532 txn->flags |= TX_NOT_FIRST;
3533 if (s->be->options2 & PR_O2_INDEPSTR)
3534 s->req->cons->flags |= SI_FL_INDEP_STR;
3535
Willy Tarreauface8392010-01-03 11:37:54 +01003536 /* if the request buffer is not empty, it means we're
3537 * about to process another request, so send pending
3538 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau5e8949c2010-01-03 14:38:03 +01003539 * Also, let's not start reading a small request packet,
3540 * we may prefer to read a larger one later.
Willy Tarreauface8392010-01-03 11:37:54 +01003541 */
Willy Tarreau5e8949c2010-01-03 14:38:03 +01003542 if (s->req->l > s->req->send_max) {
Willy Tarreauface8392010-01-03 11:37:54 +01003543 s->rep->flags |= BF_EXPECT_MORE;
Willy Tarreau5e8949c2010-01-03 14:38:03 +01003544 s->req->flags |= BF_DONT_READ;
3545 }
Willy Tarreauface8392010-01-03 11:37:54 +01003546
Willy Tarreaub608feb2010-01-02 22:47:18 +01003547 /* make ->lr point to the first non-forwarded byte */
3548 s->req->lr = s->req->w + s->req->send_max;
3549 if (s->req->lr >= s->req->data + s->req->size)
3550 s->req->lr -= s->req->size;
3551 s->rep->lr = s->rep->w + s->rep->send_max;
3552 if (s->rep->lr >= s->rep->data + s->rep->size)
3553 s->rep->lr -= s->req->size;
3554
3555 s->req->analysers |= s->fe->fe_req_ana;
3556 s->rep->analysers = 0;
3557 }
3558
Willy Tarreau5523b322009-12-29 12:05:52 +01003559 /* FIXME: we're still forced to do that here */
3560 s->rep->flags &= ~BF_DONT_READ;
Willy Tarreaud98cf932009-12-27 22:54:55 +01003561 break;
3562 }
3563 }
3564
3565 /* OK we're done with the data phase */
3566 req->analysers &= ~an_bit;
3567 return 1;
3568
3569 missing_data:
3570 /* forward the chunk size as well as any pending data */
3571 if (msg->hdr_content_len || msg->som != msg->sov) {
3572 buffer_forward(req, msg->sov - msg->som + msg->hdr_content_len);
3573 msg->hdr_content_len = 0; /* don't forward that again */
3574 msg->som = msg->sov;
3575 }
3576
3577 if (req->flags & BF_FULL)
3578 goto return_bad_req;
3579 /* the session handler will take care of timeouts and errors */
3580 return 0;
3581
3582 return_bad_req: /* let's centralize all bad requests */
3583 txn->req.msg_state = HTTP_MSG_ERROR;
3584 txn->status = 400;
3585 /* Note: we don't send any error if some data were already sent */
3586 stream_int_cond_close(req->prod, (txn->rsp.msg_state < HTTP_MSG_BODY) ? error_message(s, HTTP_ERR_400) : NULL);
3587
3588 req->analysers = 0;
3589 s->fe->counters.failed_req++;
3590 if (s->listener->counters)
3591 s->listener->counters->failed_req++;
3592
3593 if (!(s->flags & SN_ERR_MASK))
3594 s->flags |= SN_ERR_PRXCOND;
3595 if (!(s->flags & SN_FINST_MASK))
3596 s->flags |= SN_FINST_R;
3597 return 0;
3598}
3599
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003600/* This stream analyser waits for a complete HTTP response. It returns 1 if the
3601 * processing can continue on next analysers, or zero if it either needs more
3602 * data or wants to immediately abort the response (eg: timeout, error, ...). It
3603 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
3604 * when it has nothing left to do, and may remove any analyser when it wants to
3605 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02003606 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003607int http_wait_for_response(struct session *s, struct buffer *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02003608{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003609 struct http_txn *txn = &s->txn;
3610 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003611 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003612 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003613 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02003614 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02003615
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003616 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02003617 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003618 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02003619 rep,
3620 rep->rex, rep->wex,
3621 rep->flags,
3622 rep->l,
3623 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02003624
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003625 /*
3626 * Now parse the partial (or complete) lines.
3627 * We will check the response syntax, and also join multi-line
3628 * headers. An index of all the lines will be elaborated while
3629 * parsing.
3630 *
3631 * For the parsing, we use a 28 states FSM.
3632 *
3633 * Here is the information we currently have :
Willy Tarreau83e3af02009-12-28 17:39:57 +01003634 * rep->data + msg->som = beginning of response
3635 * rep->data + msg->eoh = end of processed headers / start of current one
3636 * msg->eol = end of current header or line (LF or CRLF)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003637 * rep->lr = first non-visited byte
3638 * rep->r = end of data
3639 */
3640
Willy Tarreau83e3af02009-12-28 17:39:57 +01003641 /* There's a protected area at the end of the buffer for rewriting
3642 * purposes. We don't want to start to parse the request if the
3643 * protected area is affected, because we may have to move processed
3644 * data later, which is much more complicated.
3645 */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01003646 if (rep->l && msg->msg_state < HTTP_MSG_ERROR) {
3647 if (unlikely((rep->flags & BF_FULL) ||
3648 rep->r < rep->lr ||
3649 rep->r > rep->data + rep->size - global.tune.maxrewrite)) {
3650 if (rep->send_max) {
3651 /* some data has still not left the buffer, wake us once that's done */
3652 buffer_dont_close(rep);
3653 rep->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
3654 return 0;
3655 }
3656 if (rep->l <= rep->size - global.tune.maxrewrite)
3657 http_buffer_heavy_realign(rep, msg);
Willy Tarreau83e3af02009-12-28 17:39:57 +01003658 }
3659
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01003660 if (likely(rep->lr < rep->r))
3661 http_msg_analyzer(rep, msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01003662 }
3663
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003664 /* 1: we might have to print this header in debug mode */
3665 if (unlikely((global.mode & MODE_DEBUG) &&
3666 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01003667 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003668 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003669
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003670 sol = rep->data + msg->som;
3671 eol = sol + msg->sl.rq.l;
3672 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003673
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003674 sol += hdr_idx_first_pos(&txn->hdr_idx);
3675 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003676
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003677 while (cur_idx) {
3678 eol = sol + txn->hdr_idx.v[cur_idx].len;
3679 debug_hdr("srvhdr", s, sol, eol);
3680 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
3681 cur_idx = txn->hdr_idx.v[cur_idx].next;
3682 }
3683 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003684
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003685 /*
3686 * Now we quickly check if we have found a full valid response.
3687 * If not so, we check the FD and buffer states before leaving.
3688 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01003689 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003690 * responses are checked first.
3691 *
3692 * Depending on whether the client is still there or not, we
3693 * may send an error response back or not. Note that normally
3694 * we should only check for HTTP status there, and check I/O
3695 * errors somewhere else.
3696 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003697
Willy Tarreau655dce92009-11-08 13:10:58 +01003698 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003699 /* Invalid response */
3700 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
3701 /* we detected a parsing error. We want to archive this response
3702 * in the dedicated proxy area for later troubleshooting.
3703 */
3704 hdr_response_bad:
3705 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
3706 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
3707
3708 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003709 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003710 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003711 health_adjust(s->srv, HANA_STATUS_HTTP_HDRRSP);
3712 }
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003713
3714 rep->analysers = 0;
3715 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01003716 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003717 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
3718
3719 if (!(s->flags & SN_ERR_MASK))
3720 s->flags |= SN_ERR_PRXCOND;
3721 if (!(s->flags & SN_FINST_MASK))
3722 s->flags |= SN_FINST_H;
3723
3724 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003725 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003726
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003727 /* too large response does not fit in buffer. */
3728 else if (rep->flags & BF_FULL) {
3729 goto hdr_response_bad;
3730 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003731
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003732 /* read error */
3733 else if (rep->flags & BF_READ_ERROR) {
3734 if (msg->err_pos >= 0)
3735 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02003736
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003737 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003738 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003739 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003740 health_adjust(s->srv, HANA_STATUS_HTTP_READ_ERROR);
3741 }
Willy Tarreau461f6622008-08-15 23:43:19 +02003742
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003743 rep->analysers = 0;
3744 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01003745 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003746 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02003747
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003748 if (!(s->flags & SN_ERR_MASK))
3749 s->flags |= SN_ERR_SRVCL;
3750 if (!(s->flags & SN_FINST_MASK))
3751 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02003752 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003753 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003754
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003755 /* read timeout : return a 504 to the client. */
3756 else if (rep->flags & BF_READ_TIMEOUT) {
3757 if (msg->err_pos >= 0)
3758 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01003759
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003760 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003761 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003762 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003763 health_adjust(s->srv, HANA_STATUS_HTTP_READ_TIMEOUT);
3764 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003765
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003766 rep->analysers = 0;
3767 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01003768 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003769 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02003770
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003771 if (!(s->flags & SN_ERR_MASK))
3772 s->flags |= SN_ERR_SRVTO;
3773 if (!(s->flags & SN_FINST_MASK))
3774 s->flags |= SN_FINST_H;
3775 return 0;
3776 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02003777
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003778 /* close from server */
3779 else if (rep->flags & BF_SHUTR) {
3780 if (msg->err_pos >= 0)
3781 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01003782
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003783 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003784 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003785 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003786 health_adjust(s->srv, HANA_STATUS_HTTP_BROKEN_PIPE);
3787 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003788
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003789 rep->analysers = 0;
3790 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01003791 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003792 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01003793
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003794 if (!(s->flags & SN_ERR_MASK))
3795 s->flags |= SN_ERR_SRVCL;
3796 if (!(s->flags & SN_FINST_MASK))
3797 s->flags |= SN_FINST_H;
3798 return 0;
3799 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02003800
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003801 /* write error to client (we don't send any message then) */
3802 else if (rep->flags & BF_WRITE_ERROR) {
3803 if (msg->err_pos >= 0)
3804 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02003805
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003806 s->be->counters.failed_resp++;
3807 rep->analysers = 0;
3808
3809 if (!(s->flags & SN_ERR_MASK))
3810 s->flags |= SN_ERR_CLICL;
3811 if (!(s->flags & SN_FINST_MASK))
3812 s->flags |= SN_FINST_H;
3813
3814 /* process_session() will take care of the error */
3815 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003816 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01003817
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003818 buffer_dont_close(rep);
3819 return 0;
3820 }
3821
3822 /* More interesting part now : we know that we have a complete
3823 * response which at least looks like HTTP. We have an indicator
3824 * of each header's length, so we can parse them quickly.
3825 */
3826
3827 if (unlikely(msg->err_pos >= 0))
3828 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, s->fe);
3829
3830 /* ensure we keep this pointer to the beginning of the message */
3831 msg->sol = rep->data + msg->som;
3832
3833 /*
3834 * 1: get the status code
3835 */
3836 n = rep->data[msg->sl.st.c] - '0';
3837 if (n < 1 || n > 5)
3838 n = 0;
3839 s->srv->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003840
Willy Tarreau5b154472009-12-21 20:11:07 +01003841 /* check if the response is HTTP/1.1 or above */
3842 if ((msg->sl.st.v_l == 8) &&
3843 ((rep->data[msg->som + 5] > '1') ||
3844 ((rep->data[msg->som + 5] == '1') &&
3845 (rep->data[msg->som + 7] >= '1'))))
3846 txn->flags |= TX_RES_VER_11;
3847
3848 /* "connection" has not been parsed yet */
3849 txn->flags &= ~TX_CON_HDR_PARS;
3850
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003851 /* transfer length unknown*/
3852 txn->flags &= ~TX_RES_XFER_LEN;
3853
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003854 txn->status = strl2ui(rep->data + msg->sl.st.c, msg->sl.st.c_l);
3855
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01003856 if (txn->status >= 100 && txn->status < 500)
3857 health_adjust(s->srv, HANA_STATUS_HTTP_OK);
3858 else
3859 health_adjust(s->srv, HANA_STATUS_HTTP_STS);
3860
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003861 /*
3862 * 2: check for cacheability.
3863 */
3864
3865 switch (txn->status) {
3866 case 200:
3867 case 203:
3868 case 206:
3869 case 300:
3870 case 301:
3871 case 410:
3872 /* RFC2616 @13.4:
3873 * "A response received with a status code of
3874 * 200, 203, 206, 300, 301 or 410 MAY be stored
3875 * by a cache (...) unless a cache-control
3876 * directive prohibits caching."
3877 *
3878 * RFC2616 @9.5: POST method :
3879 * "Responses to this method are not cacheable,
3880 * unless the response includes appropriate
3881 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003882 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003883 if (likely(txn->meth != HTTP_METH_POST) &&
3884 (s->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
3885 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
3886 break;
3887 default:
3888 break;
3889 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02003890
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003891 /*
3892 * 3: we may need to capture headers
3893 */
3894 s->logs.logwait &= ~LW_RESP;
3895 if (unlikely((s->logs.logwait & LW_RSPHDR) && s->fe->rsp_cap))
3896 capture_headers(rep->data + msg->som, &txn->hdr_idx,
3897 txn->rsp.cap, s->fe->rsp_cap);
3898
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003899 /* 4: determine the transfer-length.
3900 * According to RFC2616 #4.4, amended by the HTTPbis working group,
3901 * the presence of a message-body in a RESPONSE and its transfer length
3902 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003903 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003904 * All responses to the HEAD request method MUST NOT include a
3905 * message-body, even though the presence of entity-header fields
3906 * might lead one to believe they do. All 1xx (informational), 204
3907 * (No Content), and 304 (Not Modified) responses MUST NOT include a
3908 * message-body. All other responses do include a message-body,
3909 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003910 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003911 * 1. Any response which "MUST NOT" include a message-body (such as the
3912 * 1xx, 204 and 304 responses and any response to a HEAD request) is
3913 * always terminated by the first empty line after the header fields,
3914 * regardless of the entity-header fields present in the message.
3915 *
3916 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
3917 * the "chunked" transfer-coding (Section 6.2) is used, the
3918 * transfer-length is defined by the use of this transfer-coding.
3919 * If a Transfer-Encoding header field is present and the "chunked"
3920 * transfer-coding is not present, the transfer-length is defined by
3921 * the sender closing the connection.
3922 *
3923 * 3. If a Content-Length header field is present, its decimal value in
3924 * OCTETs represents both the entity-length and the transfer-length.
3925 * If a message is received with both a Transfer-Encoding header
3926 * field and a Content-Length header field, the latter MUST be ignored.
3927 *
3928 * 4. If the message uses the media type "multipart/byteranges", and
3929 * the transfer-length is not otherwise specified, then this self-
3930 * delimiting media type defines the transfer-length. This media
3931 * type MUST NOT be used unless the sender knows that the recipient
3932 * can parse it; the presence in a request of a Range header with
3933 * multiple byte-range specifiers from a 1.1 client implies that the
3934 * client can parse multipart/byteranges responses.
3935 *
3936 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003937 */
3938
3939 /* Skip parsing if no content length is possible. The response flags
3940 * remain 0 as well as the hdr_content_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003941 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003942 * FIXME: should we parse anyway and return an error on chunked encoding ?
3943 */
3944 if (txn->meth == HTTP_METH_HEAD ||
3945 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003946 txn->status == 204 || txn->status == 304) {
3947 txn->flags |= TX_RES_XFER_LEN;
3948 goto skip_content_length;
3949 }
3950
3951 if (txn->meth == HTTP_METH_CONNECT)
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003952 goto skip_content_length;
3953
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003954 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003955 ctx.idx = 0;
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01003956 while ((txn->flags & TX_RES_VER_11) &&
3957 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003958 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
3959 txn->flags |= (TX_RES_TE_CHNK | TX_RES_XFER_LEN);
3960 else if (txn->flags & TX_RES_TE_CHNK) {
3961 /* bad transfer-encoding (chunked followed by something else) */
3962 use_close_only = 1;
3963 txn->flags &= ~(TX_RES_TE_CHNK | TX_RES_XFER_LEN);
3964 break;
3965 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003966 }
3967
3968 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
3969 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003970 while (!(txn->flags & TX_RES_TE_CHNK) && !use_close_only &&
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003971 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx)) {
3972 signed long long cl;
3973
3974 if (!ctx.vlen)
3975 goto hdr_response_bad;
3976
3977 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl))
3978 goto hdr_response_bad; /* parse failure */
3979
3980 if (cl < 0)
3981 goto hdr_response_bad;
3982
3983 if ((txn->flags & TX_RES_CNT_LEN) && (msg->hdr_content_len != cl))
3984 goto hdr_response_bad; /* already specified, was different */
3985
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003986 txn->flags |= TX_RES_CNT_LEN | TX_RES_XFER_LEN;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003987 msg->hdr_content_len = cl;
3988 }
3989
Willy Tarreaue8e785b2009-12-26 15:34:26 +01003990 /* FIXME: we should also implement the multipart/byterange method.
3991 * For now on, we resort to close mode in this case (unknown length).
3992 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003993skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02003994
Willy Tarreaub37c27e2009-10-18 22:53:08 +02003995 /* end of job, return OK */
3996 rep->analysers &= ~an_bit;
3997 rep->analyse_exp = TICK_ETERNITY;
3998 return 1;
3999}
4000
4001/* This function performs all the processing enabled for the current response.
4002 * It normally returns zero, but may return 1 if it absolutely needs to be
4003 * called again after other functions. It relies on buffers flags, and updates
4004 * t->rep->analysers. It might make sense to explode it into several other
4005 * functions. It works like process_request (see indications above).
4006 */
4007int http_process_res_common(struct session *t, struct buffer *rep, int an_bit, struct proxy *px)
4008{
4009 struct http_txn *txn = &t->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004010 struct http_msg *msg = &txn->rsp;
4011 struct proxy *cur_proxy;
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01004012 struct wordlist *wl;
Willy Tarreau5b154472009-12-21 20:11:07 +01004013 int conn_ka = 0, conn_cl = 0;
4014 int must_close = 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004015 int must_del_close = 0, must_keep = 0;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004016
4017 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
4018 now_ms, __FUNCTION__,
4019 t,
4020 rep,
4021 rep->rex, rep->wex,
4022 rep->flags,
4023 rep->l,
4024 rep->analysers);
4025
Willy Tarreau655dce92009-11-08 13:10:58 +01004026 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004027 return 0;
4028
4029 rep->analysers &= ~an_bit;
4030 rep->analyse_exp = TICK_ETERNITY;
4031
Willy Tarreau5b154472009-12-21 20:11:07 +01004032 /* Now we have to check if we need to modify the Connection header.
4033 * This is more difficult on the response than it is on the request,
4034 * because we can have two different HTTP versions and we don't know
4035 * how the client will interprete a response. For instance, let's say
4036 * that the client sends a keep-alive request in HTTP/1.0 and gets an
4037 * HTTP/1.1 response without any header. Maybe it will bound itself to
4038 * HTTP/1.0 because it only knows about it, and will consider the lack
4039 * of header as a close, or maybe it knows HTTP/1.1 and can consider
4040 * the lack of header as a keep-alive. Thus we will use two flags
4041 * indicating how a request MAY be understood by the client. In case
4042 * of multiple possibilities, we'll fix the header to be explicit. If
4043 * ambiguous cases such as both close and keepalive are seen, then we
4044 * will fall back to explicit close. Note that we won't take risks with
4045 * HTTP/1.0 clients which may not necessarily understand keep-alive.
4046 */
4047
4048 if ((txn->meth != HTTP_METH_CONNECT) &&
4049 (txn->status >= 200) &&
4050 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN &&
4051 !(txn->flags & TX_CON_HDR_PARS)) {
4052 int may_keep = 0, may_close = 0; /* how it may be understood */
4053 struct hdr_ctx ctx;
4054
4055 ctx.idx = 0;
4056 while (http_find_header2("Connection", 10, msg->sol, &txn->hdr_idx, &ctx)) {
4057 if (ctx.vlen == 5 && strncasecmp(ctx.line + ctx.val, "close", 5) == 0)
4058 conn_cl = 1;
4059 else if (ctx.vlen == 10 && strncasecmp(ctx.line + ctx.val, "keep-alive", 10) == 0)
4060 conn_ka = 1;
4061 }
4062
4063 if (conn_cl) {
4064 /* close header present */
4065 may_close = 1;
4066 if (conn_ka) /* we have both close and keep-alive */
4067 may_keep = 1;
4068 }
4069 else if (conn_ka) {
4070 /* keep-alive alone */
4071 may_keep = 1;
4072 }
4073 else {
4074 /* no close nor keep-alive header */
4075 if (txn->flags & TX_RES_VER_11)
4076 may_keep = 1;
4077 else
4078 may_close = 1;
4079
4080 if (txn->flags & TX_REQ_VER_11)
4081 may_keep = 1;
4082 else
4083 may_close = 1;
4084 }
4085
4086 /* let's update the transaction status to reflect any close.
4087 * Note that ambiguous cases with keep & close will also be
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004088 * handled. We also explicitly state that we will close in
4089 * case of an ambiguous response having no content-length.
Willy Tarreau5b154472009-12-21 20:11:07 +01004090 */
Willy Tarreaub608feb2010-01-02 22:47:18 +01004091 if ((may_close &&
4092 (may_keep || ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_SCL))) ||
4093 !(txn->flags & TX_RES_XFER_LEN))
Willy Tarreau5b154472009-12-21 20:11:07 +01004094 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
4095
4096 /* Now we must adjust the response header :
4097 * - set "close" if may_keep and WANT_CLO
4098 * - remove "close" if WANT_SCL and REQ_1.1 and may_close and (content-length or TE_CHNK)
4099 * - add "keep-alive" if WANT_SCL and REQ_1.0 and may_close and content-length
4100 *
4101 * Until we support the server-close mode, we'll only support the set "close".
4102 */
4103 if (may_keep && (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO)
4104 must_close = 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004105 else if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
4106 may_close && (txn->flags & TX_RES_XFER_LEN)) {
4107 must_del_close = 1;
4108 if (!(txn->flags & TX_REQ_VER_11))
4109 must_keep = 1;
4110 }
Willy Tarreau5b154472009-12-21 20:11:07 +01004111
4112 txn->flags |= TX_CON_HDR_PARS;
4113 }
4114
4115 /* We might have to check for "Connection:" if the server
4116 * returns a connection status that is not compatible with
4117 * the client's or with the config.
4118 */
Willy Tarreaub608feb2010-01-02 22:47:18 +01004119 if ((txn->status >= 200) && (must_del_close|must_close) && (conn_cl|conn_ka)) {
Willy Tarreau5b154472009-12-21 20:11:07 +01004120 char *cur_ptr, *cur_end, *cur_next;
4121 int cur_idx, old_idx, delta, val;
4122 int must_delete;
4123 struct hdr_idx_elem *cur_hdr;
4124
4125 /* we just have to remove the headers if both sides are 1.0 */
4126 must_delete = !(txn->flags & TX_REQ_VER_11) && !(txn->flags & TX_RES_VER_11);
Willy Tarreaub608feb2010-01-02 22:47:18 +01004127
4128 /* same if we want to re-enable keep-alive on 1.1 */
4129 must_delete |= must_del_close;
4130
Willy Tarreau5b154472009-12-21 20:11:07 +01004131 cur_next = rep->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
4132
4133 for (old_idx = 0; (cur_idx = txn->hdr_idx.v[old_idx].next); old_idx = cur_idx) {
4134 cur_hdr = &txn->hdr_idx.v[cur_idx];
4135 cur_ptr = cur_next;
4136 cur_end = cur_ptr + cur_hdr->len;
4137 cur_next = cur_end + cur_hdr->cr + 1;
4138
4139 val = http_header_match2(cur_ptr, cur_end, "Connection", 10);
4140 if (!val)
4141 continue;
4142
4143 /* 3 possibilities :
4144 * - we have already set "Connection: close" or we're in
4145 * HTTP/1.0, so we remove this line.
4146 * - we have not yet set "Connection: close", but this line
4147 * indicates close. We leave it untouched and set the flag.
4148 * - we have not yet set "Connection: close", and this line
4149 * indicates non-close. We replace it and set the flag.
4150 */
4151 if (must_delete) {
4152 delta = buffer_replace2(rep, cur_ptr, cur_next, NULL, 0);
4153 http_msg_move_end(&txn->rsp, delta);
4154 cur_next += delta;
4155 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4156 txn->hdr_idx.used--;
4157 cur_hdr->len = 0;
4158 must_close = 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004159 must_del_close = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01004160 } else {
4161 if (cur_end - cur_ptr - val != 5 ||
4162 strncasecmp(cur_ptr + val, "close", 5) != 0) {
4163 delta = buffer_replace2(rep, cur_ptr + val, cur_end,
4164 "close", 5);
4165 cur_next += delta;
4166 cur_hdr->len += delta;
4167 http_msg_move_end(&txn->rsp, delta);
4168 }
4169 must_delete = 1;
4170 must_close = 0;
4171 }
4172 } /* for loop */
4173 } /* if must close keep-alive */
4174
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004175 if (1) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004176 /*
4177 * 3: we will have to evaluate the filters.
4178 * As opposed to version 1.2, now they will be evaluated in the
4179 * filters order and not in the header order. This means that
4180 * each filter has to be validated among all headers.
4181 *
4182 * Filters are tried with ->be first, then with ->fe if it is
4183 * different from ->be.
4184 */
4185
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004186 cur_proxy = t->be;
4187 while (1) {
4188 struct proxy *rule_set = cur_proxy;
4189
4190 /* try headers filters */
4191 if (rule_set->rsp_exp != NULL) {
4192 if (apply_filters_to_response(t, rep, rule_set->rsp_exp) < 0) {
4193 return_bad_resp:
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004194 if (t->srv) {
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004195 t->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004196 health_adjust(t->srv, HANA_STATUS_HTTP_RSP);
4197 }
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004198 cur_proxy->counters.failed_resp++;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004199 return_srv_prx_502:
Willy Tarreau2df28e82008-08-17 15:20:19 +02004200 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004201 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004202 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau8e89b842009-10-18 23:56:35 +02004203 stream_int_retnclose(rep->cons, error_message(t, HTTP_ERR_502));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004204 if (!(t->flags & SN_ERR_MASK))
4205 t->flags |= SN_ERR_PRXCOND;
4206 if (!(t->flags & SN_FINST_MASK))
4207 t->flags |= SN_FINST_H;
Willy Tarreaudafde432008-08-17 01:00:46 +02004208 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01004209 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004210 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004211
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004212 /* has the response been denied ? */
4213 if (txn->flags & TX_SVDENY) {
Willy Tarreau8365f932009-03-15 23:11:49 +01004214 if (t->srv)
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004215 t->srv->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004216
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004217 cur_proxy->counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004218 if (t->listener->counters)
4219 t->listener->counters->denied_resp++;
4220
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004221 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01004222 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004223
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004224 /* add response headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01004225 list_for_each_entry(wl, &rule_set->rsp_add, list) {
Willy Tarreau816b9792009-09-15 21:25:21 +02004226 if (txn->status < 200)
4227 break;
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01004228 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004229 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02004230 }
4231
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004232 /* check whether we're already working on the frontend */
4233 if (cur_proxy == t->fe)
4234 break;
4235 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004236 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004237
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004238 /*
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004239 * We may be facing a 1xx response (100 continue, 101 switching protocols),
4240 * in which case this is not the right response, and we're waiting for the
4241 * next one. Let's allow this response to go to the client and wait for the
4242 * next one.
4243 */
4244 if (txn->status < 200) {
4245 hdr_idx_init(&txn->hdr_idx);
4246 buffer_forward(rep, rep->lr - (rep->data + msg->som));
4247 msg->msg_state = HTTP_MSG_RPBEFORE;
4248 txn->status = 0;
4249 rep->analysers |= AN_RES_WAIT_HTTP | an_bit;
4250 return 1;
4251 }
4252
4253 /* we don't have any 1xx status code now */
4254
4255 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004256 * 4: check for server cookie.
4257 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004258 if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name ||
4259 (t->be->options & PR_O_CHK_CACHE))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004260 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02004261
Willy Tarreaubaaee002006-06-26 02:48:02 +02004262
Willy Tarreaua15645d2007-03-18 16:22:39 +01004263 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004264 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004265 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004266 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004267 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004268
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004269 /*
4270 * 6: add server cookie in the response if needed
4271 */
4272 if ((t->srv) && !(t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_INS) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004273 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST))) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004274 int len;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004275
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004276 /* the server is known, it's not the one the client requested, we have to
4277 * insert a set-cookie here, except if we want to insert only on POST
4278 * requests and this one isn't. Note that servers which don't have cookies
4279 * (eg: some backup servers) will return a full cookie removal request.
4280 */
4281 len = sprintf(trash, "Set-Cookie: %s=%s; path=/",
4282 t->be->cookie_name,
4283 t->srv->cookie ? t->srv->cookie : "; Expires=Thu, 01-Jan-1970 00:00:01 GMT");
Willy Tarreaubaaee002006-06-26 02:48:02 +02004284
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004285 if (t->be->cookie_domain)
4286 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02004287
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004288 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01004289 trash, len) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004290 goto return_bad_resp;
4291 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004292
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004293 /* Here, we will tell an eventual cache on the client side that we don't
4294 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
4295 * Some caches understand the correct form: 'no-cache="set-cookie"', but
4296 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
4297 */
4298 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02004299
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004300 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
4301
4302 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01004303 "Cache-control: private", 22) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004304 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01004305 }
4306 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004307
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004308 /*
4309 * 7: check if result will be cacheable with a cookie.
4310 * We'll block the response if security checks have caught
4311 * nasty things such as a cacheable cookie.
4312 */
4313 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) ==
4314 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_ANY)) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004315 (t->be->options & PR_O_CHK_CACHE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004316
4317 /* we're in presence of a cacheable response containing
4318 * a set-cookie header. We'll block it as requested by
4319 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004320 */
Willy Tarreau8365f932009-03-15 23:11:49 +01004321 if (t->srv)
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004322 t->srv->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004323
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004324 cur_proxy->counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004325 if (t->listener->counters)
4326 t->listener->counters->denied_resp++;
4327
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004328 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
4329 t->be->id, t->srv?t->srv->id:"<dispatch>");
4330 send_log(t->be, LOG_ALERT,
4331 "Blocking cacheable cookie in response from instance %s, server %s.\n",
4332 t->be->id, t->srv?t->srv->id:"<dispatch>");
4333 goto return_srv_prx_502;
4334 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01004335
4336 /*
Willy Tarreau5b154472009-12-21 20:11:07 +01004337 * 8: add "Connection: close" if needed and not yet set. This is
4338 * only needed for 1.1 responses since we know there is no other
4339 * Connection header.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004340 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01004341 if (must_close && (txn->flags & TX_RES_VER_11)) {
Willy Tarreau5b154472009-12-21 20:11:07 +01004342 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01004343 "Connection: close", 17) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004344 goto return_bad_resp;
Willy Tarreau5b154472009-12-21 20:11:07 +01004345 must_close = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004346 }
Willy Tarreaub608feb2010-01-02 22:47:18 +01004347 else if (must_keep && !(txn->flags & TX_REQ_VER_11)) {
4348 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
4349 "Connection: keep-alive", 22) < 0))
4350 goto return_bad_resp;
4351 must_keep = 0;
4352 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01004353
Willy Tarreaud98cf932009-12-27 22:54:55 +01004354 if (txn->flags & TX_RES_XFER_LEN)
4355 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01004356
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004357 /*************************************************************
4358 * OK, that's finished for the headers. We have done what we *
4359 * could. Let's switch to the DATA state. *
4360 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02004361
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004362 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01004363
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004364 /* if the user wants to log as soon as possible, without counting
4365 * bytes from the server, then this is the right moment. We have
4366 * to temporarily assign bytes_out to log what we currently have.
4367 */
4368 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
4369 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
4370 t->logs.bytes_out = txn->rsp.eoh;
Willy Tarreaua5555ec2008-11-30 19:02:32 +01004371 t->do_log(t);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004372 t->logs.bytes_out = 0;
4373 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01004374
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004375 /* Note: we must not try to cheat by jumping directly to DATA,
4376 * otherwise we would not let the client side wake up.
4377 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01004378
Willy Tarreaudafde432008-08-17 01:00:46 +02004379 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004380 }
4381 return 0;
4382}
Willy Tarreaua15645d2007-03-18 16:22:39 +01004383
Willy Tarreaud98cf932009-12-27 22:54:55 +01004384/* This function is an analyser which forwards response body (including chunk
4385 * sizes if any). It is called as soon as we must forward, even if we forward
4386 * zero byte. The only situation where it must not be called is when we're in
4387 * tunnel mode and we want to forward till the close. It's used both to forward
4388 * remaining data and to resync after end of body. It expects the msg_state to
4389 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4390 * read more data, or 1 once we can go on with next request or end the session.
4391 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward hdr_content_len
4392 * bytes of pending data + the headers if not already done (between som and sov).
4393 * It eventually adjusts som to match sov after the data in between have been sent.
4394 */
4395int http_response_forward_body(struct session *s, struct buffer *res, int an_bit)
4396{
4397 struct http_txn *txn = &s->txn;
4398 struct http_msg *msg = &s->txn.rsp;
4399
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01004400 if ((res->flags & (BF_READ_ERROR|BF_READ_TIMEOUT|BF_WRITE_ERROR|BF_WRITE_TIMEOUT)) ||
4401 !s->req->analysers) {
4402 /* in case of error or if the other analyser went away, we can't analyse HTTP anymore */
4403 buffer_ignore(res, res->l - res->send_max);
4404 buffer_auto_close(res);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004405 res->analysers &= ~an_bit;
4406 return 1;
4407 }
4408
Willy Tarreaud3347ee2010-01-04 02:02:25 +01004409 buffer_dont_close(res);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004410 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4411 return 0;
4412
Willy Tarreaub608feb2010-01-02 22:47:18 +01004413 /* note: in server-close mode, we don't want to automatically close the
4414 * output when the input is closed.
4415 */
4416 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
4417 buffer_dont_close(res);
4418
Willy Tarreaud98cf932009-12-27 22:54:55 +01004419 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
4420 /* we have msg->col and msg->sov which both point to the first
4421 * byte of message body. msg->som still points to the beginning
4422 * of the message. We must save the body in req->lr because it
4423 * survives buffer re-alignments.
4424 */
4425 res->lr = res->data + msg->sov;
4426 if (txn->flags & TX_RES_TE_CHNK)
4427 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4428 else {
4429 msg->msg_state = HTTP_MSG_DATA;
4430 }
4431 }
4432
Willy Tarreaud98cf932009-12-27 22:54:55 +01004433 while (1) {
Willy Tarreau638cd022010-01-03 07:42:04 +01004434 /* we may have some data pending */
4435 if (msg->hdr_content_len || msg->som != msg->sov) {
4436 int bytes = msg->sov - msg->som;
4437 if (bytes < 0) /* sov may have wrapped at the end */
4438 bytes += res->size;
4439 buffer_forward(res, bytes + msg->hdr_content_len);
4440 msg->hdr_content_len = 0; /* don't forward that again */
4441 msg->som = msg->sov;
4442 }
4443
Willy Tarreaucaabe412010-01-03 23:08:28 +01004444 if (msg->msg_state == HTTP_MSG_DATA) {
4445 /* must still forward */
4446 if (res->to_forward)
4447 return 0;
4448
4449 /* nothing left to forward */
4450 if (txn->flags & TX_RES_TE_CHNK)
4451 msg->msg_state = HTTP_MSG_DATA_CRLF;
4452 else
4453 msg->msg_state = HTTP_MSG_DONE;
4454 }
4455 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004456 /* read the chunk size and assign it to ->hdr_content_len, then
4457 * set ->sov to point to the body and switch to DATA or TRAILERS state.
4458 */
4459 int ret = http_parse_chunk_size(res, msg);
4460
4461 if (!ret)
4462 goto missing_data;
4463 else if (ret < 0)
4464 goto return_bad_res;
4465 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004466 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004467 else if (msg->msg_state == HTTP_MSG_DATA_CRLF) {
4468 /* we want the CRLF after the data */
4469 int ret;
4470
Willy Tarreaud3347ee2010-01-04 02:02:25 +01004471 res->lr = res->w + res->send_max;
4472 if (res->lr >= res->data + res->size)
4473 res->lr -= res->size;
4474
Willy Tarreaud98cf932009-12-27 22:54:55 +01004475 ret = http_skip_chunk_crlf(res, msg);
4476
4477 if (!ret)
4478 goto missing_data;
4479 else if (ret < 0)
4480 goto return_bad_res;
4481 /* we're in MSG_CHUNK_SIZE now */
4482 }
4483 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
4484 int ret = http_forward_trailers(res, msg);
Willy Tarreau5523b322009-12-29 12:05:52 +01004485
Willy Tarreaud98cf932009-12-27 22:54:55 +01004486 if (ret == 0)
4487 goto missing_data;
4488 else if (ret < 0)
4489 goto return_bad_res;
4490 /* we're in HTTP_MSG_DONE now */
4491 }
4492 else if (msg->msg_state == HTTP_MSG_DONE) {
Willy Tarreau5523b322009-12-29 12:05:52 +01004493 /* In theory, we don't need to read anymore, but we must
4494 * still monitor the server connection for a possible close,
4495 * so we don't set the BF_DONT_READ flag here.
4496 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004497
Willy Tarreau5523b322009-12-29 12:05:52 +01004498 if (txn->req.msg_state < HTTP_MSG_DONE && txn->req.msg_state != HTTP_MSG_ERROR) {
4499 /* The client seems to still be sending data, probably
4500 * because we got an error response during an upload.
4501 * We have the choice of either breaking the connection
4502 * or letting it pass through. Let's do the later.
4503 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004504 return 0;
Willy Tarreau5523b322009-12-29 12:05:52 +01004505 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004506
4507 /* when we support keep-alive or server-close modes, we'll have
4508 * to reset the transaction here.
4509 */
Willy Tarreau5523b322009-12-29 12:05:52 +01004510
Willy Tarreau82eeaf22009-12-29 12:09:05 +01004511 if ((s->fe->options | s->be->options) & PR_O_FORCE_CLO) {
4512 /* option forceclose is set, let's enforce it now that the transfer is complete. */
4513 buffer_abort(res);
4514 }
Willy Tarreaub608feb2010-01-02 22:47:18 +01004515 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4516 /* server close is handled entirely on the req analyser */
4517 s->req->cons->flags |= SI_FL_NOLINGER;
4518 buffer_shutw_now(s->req);
4519 }
Willy Tarreau82eeaf22009-12-29 12:09:05 +01004520
Willy Tarreau5523b322009-12-29 12:05:52 +01004521 if (res->flags & (BF_SHUTW|BF_SHUTW_NOW)) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01004522 if (res->flags & BF_OUT_EMPTY) {
Willy Tarreau5523b322009-12-29 12:05:52 +01004523 msg->msg_state = HTTP_MSG_CLOSED;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004524 goto http_msg_closed;
4525 }
4526 else {
Willy Tarreau5523b322009-12-29 12:05:52 +01004527 msg->msg_state = HTTP_MSG_CLOSING;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004528 goto http_msg_closing;
4529 }
Willy Tarreau5523b322009-12-29 12:05:52 +01004530 }
4531 else {
4532 /* for other modes, we let further responses pass for now */
4533 res->flags &= ~BF_DONT_READ;
4534 /* FIXME: we're still forced to do that here */
4535 s->req->flags &= ~BF_DONT_READ;
4536 break;
4537 }
4538 }
4539 else if (msg->msg_state == HTTP_MSG_CLOSING) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01004540 http_msg_closing:
Willy Tarreau5523b322009-12-29 12:05:52 +01004541 /* nothing else to forward, just waiting for the buffer to be empty */
4542 if (!(res->flags & BF_OUT_EMPTY))
4543 return 0;
4544 msg->msg_state = HTTP_MSG_CLOSED;
4545 }
4546 else if (msg->msg_state == HTTP_MSG_CLOSED) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01004547 http_msg_closed:
Willy Tarreau5523b322009-12-29 12:05:52 +01004548 res->flags &= ~BF_DONT_READ;
4549 /* FIXME: we're still forced to do that here */
4550 s->req->flags &= ~BF_DONT_READ;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004551 break;
4552 }
4553 }
4554
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01004555 buffer_ignore(res, res->l - res->send_max);
4556 buffer_auto_close(res);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004557 res->analysers &= ~an_bit;
4558 return 1;
4559
4560 missing_data:
4561 /* forward the chunk size as well as any pending data */
4562 if (msg->hdr_content_len || msg->som != msg->sov) {
4563 buffer_forward(res, msg->sov - msg->som + msg->hdr_content_len);
4564 msg->hdr_content_len = 0; /* don't forward that again */
4565 msg->som = msg->sov;
4566 }
4567
4568 if (res->flags & BF_FULL)
4569 goto return_bad_res;
4570 /* the session handler will take care of timeouts and errors */
4571 return 0;
4572
4573 return_bad_res: /* let's centralize all bad resuests */
4574 txn->rsp.msg_state = HTTP_MSG_ERROR;
4575 txn->status = 502;
4576 stream_int_cond_close(res->cons, NULL);
4577
4578 res->analysers = 0;
4579 s->be->counters.failed_resp++;
4580 if (s->srv) {
4581 s->srv->counters.failed_resp++;
4582 health_adjust(s->srv, HANA_STATUS_HTTP_HDRRSP);
4583 }
4584
4585 if (!(s->flags & SN_ERR_MASK))
4586 s->flags |= SN_ERR_PRXCOND;
4587 if (!(s->flags & SN_FINST_MASK))
4588 s->flags |= SN_FINST_R;
4589 return 0;
4590}
4591
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004592/* Iterate the same filter through all request headers.
4593 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004594 * Since it can manage the switch to another backend, it updates the per-proxy
4595 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004596 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004597int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01004598{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004599 char term;
4600 char *cur_ptr, *cur_end, *cur_next;
4601 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004602 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004603 struct hdr_idx_elem *cur_hdr;
4604 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01004605
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004606 last_hdr = 0;
4607
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004608 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004609 old_idx = 0;
4610
4611 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01004612 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004613 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004614 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004615 (exp->action == ACT_ALLOW ||
4616 exp->action == ACT_DENY ||
4617 exp->action == ACT_TARPIT))
4618 return 0;
4619
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004620 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004621 if (!cur_idx)
4622 break;
4623
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004624 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004625 cur_ptr = cur_next;
4626 cur_end = cur_ptr + cur_hdr->len;
4627 cur_next = cur_end + cur_hdr->cr + 1;
4628
4629 /* Now we have one header between cur_ptr and cur_end,
4630 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004631 */
4632
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004633 /* The annoying part is that pattern matching needs
4634 * that we modify the contents to null-terminate all
4635 * strings before testing them.
4636 */
4637
4638 term = *cur_end;
4639 *cur_end = '\0';
4640
4641 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4642 switch (exp->action) {
4643 case ACT_SETBE:
4644 /* It is not possible to jump a second time.
4645 * FIXME: should we return an HTTP/500 here so that
4646 * the admin knows there's a problem ?
4647 */
4648 if (t->be != t->fe)
4649 break;
4650
4651 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004652 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004653 last_hdr = 1;
4654 break;
4655
4656 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004657 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004658 last_hdr = 1;
4659 break;
4660
4661 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004662 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004663 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004664
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004665 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004666 if (t->listener->counters)
4667 t->listener->counters->denied_resp++;
4668
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004669 break;
4670
4671 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004672 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004673 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004674
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004675 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004676 if (t->listener->counters)
4677 t->listener->counters->denied_resp++;
4678
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004679 break;
4680
4681 case ACT_REPLACE:
4682 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4683 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4684 /* FIXME: if the user adds a newline in the replacement, the
4685 * index will not be recalculated for now, and the new line
4686 * will not be counted as a new header.
4687 */
4688
4689 cur_end += delta;
4690 cur_next += delta;
4691 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01004692 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004693 break;
4694
4695 case ACT_REMOVE:
4696 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
4697 cur_next += delta;
4698
Willy Tarreaufa355d42009-11-29 18:12:29 +01004699 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004700 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
4701 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004702 cur_hdr->len = 0;
4703 cur_end = NULL; /* null-term has been rewritten */
4704 break;
4705
4706 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01004707 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004708 if (cur_end)
4709 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01004710
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004711 /* keep the link from this header to next one in case of later
4712 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004713 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004714 old_idx = cur_idx;
4715 }
4716 return 0;
4717}
4718
4719
4720/* Apply the filter to the request line.
4721 * Returns 0 if nothing has been done, 1 if the filter has been applied,
4722 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01004723 * Since it can manage the switch to another backend, it updates the per-proxy
4724 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004725 */
4726int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
4727{
4728 char term;
4729 char *cur_ptr, *cur_end;
4730 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004731 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004732 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004733
Willy Tarreau58f10d72006-12-04 02:26:12 +01004734
Willy Tarreau3d300592007-03-18 18:34:41 +01004735 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004736 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01004737 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004738 (exp->action == ACT_ALLOW ||
4739 exp->action == ACT_DENY ||
4740 exp->action == ACT_TARPIT))
4741 return 0;
4742 else if (exp->action == ACT_REMOVE)
4743 return 0;
4744
4745 done = 0;
4746
Willy Tarreau9cdde232007-05-02 20:58:19 +02004747 cur_ptr = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004748 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004749
4750 /* Now we have the request line between cur_ptr and cur_end */
4751
4752 /* The annoying part is that pattern matching needs
4753 * that we modify the contents to null-terminate all
4754 * strings before testing them.
4755 */
4756
4757 term = *cur_end;
4758 *cur_end = '\0';
4759
4760 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
4761 switch (exp->action) {
4762 case ACT_SETBE:
4763 /* It is not possible to jump a second time.
4764 * FIXME: should we return an HTTP/500 here so that
4765 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01004766 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004767 if (t->be != t->fe)
4768 break;
4769
4770 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02004771 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004772 done = 1;
4773 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004774
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004775 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01004776 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004777 done = 1;
4778 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004779
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004780 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01004781 txn->flags |= TX_CLDENY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004782
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004783 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004784 if (t->listener->counters)
4785 t->listener->counters->denied_resp++;
4786
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004787 done = 1;
4788 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004789
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004790 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01004791 txn->flags |= TX_CLTARPIT;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004792
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02004793 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004794 if (t->listener->counters)
4795 t->listener->counters->denied_resp++;
4796
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004797 done = 1;
4798 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01004799
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004800 case ACT_REPLACE:
4801 *cur_end = term; /* restore the string terminator */
4802 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
4803 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
4804 /* FIXME: if the user adds a newline in the replacement, the
4805 * index will not be recalculated for now, and the new line
4806 * will not be counted as a new header.
4807 */
Willy Tarreaua496b602006-12-17 23:15:24 +01004808
Willy Tarreaufa355d42009-11-29 18:12:29 +01004809 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004810 cur_end += delta;
Willy Tarreaua496b602006-12-17 23:15:24 +01004811
Willy Tarreau9cdde232007-05-02 20:58:19 +02004812 txn->req.sol = req->data + txn->req.som; /* should be equal to txn->sol */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004813 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004814 HTTP_MSG_RQMETH,
4815 cur_ptr, cur_end + 1,
4816 NULL, NULL);
4817 if (unlikely(!cur_end))
4818 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01004819
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004820 /* we have a full request and we know that we have either a CR
4821 * or an LF at <ptr>.
4822 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004823 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
4824 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004825 /* there is no point trying this regex on headers */
4826 return 1;
4827 }
4828 }
4829 *cur_end = term; /* restore the string terminator */
4830 return done;
4831}
Willy Tarreau97de6242006-12-27 17:18:38 +01004832
Willy Tarreau58f10d72006-12-04 02:26:12 +01004833
Willy Tarreau58f10d72006-12-04 02:26:12 +01004834
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004835/*
4836 * Apply all the req filters <exp> to all headers in buffer <req> of session <t>.
4837 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01004838 * unparsable request. Since it can manage the switch to another backend, it
4839 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004840 */
4841int apply_filters_to_request(struct session *t, struct buffer *req, struct hdr_exp *exp)
4842{
Willy Tarreau3d300592007-03-18 18:34:41 +01004843 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004844 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01004845 while (exp && !(txn->flags & (TX_CLDENY|TX_CLTARPIT))) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004846 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004847
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004848 /*
4849 * The interleaving of transformations and verdicts
4850 * makes it difficult to decide to continue or stop
4851 * the evaluation.
4852 */
4853
Willy Tarreau3d300592007-03-18 18:34:41 +01004854 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004855 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
4856 exp->action == ACT_TARPIT || exp->action == ACT_PASS)) {
4857 exp = exp->next;
4858 continue;
4859 }
4860
4861 /* Apply the filter to the request line. */
4862 ret = apply_filter_to_req_line(t, req, exp);
4863 if (unlikely(ret < 0))
4864 return -1;
4865
4866 if (likely(ret == 0)) {
4867 /* The filter did not match the request, it can be
4868 * iterated through all headers.
4869 */
4870 apply_filter_to_req_headers(t, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004871 }
4872 exp = exp->next;
4873 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004874 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004875}
4876
4877
Willy Tarreaua15645d2007-03-18 16:22:39 +01004878
Willy Tarreau58f10d72006-12-04 02:26:12 +01004879/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02004880 * Try to retrieve the server associated to the appsession.
4881 * If the server is found, it's assigned to the session.
4882 */
Cyril Bontéb21570a2009-11-29 20:04:48 +01004883void manage_client_side_appsession(struct session *t, const char *buf, int len) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02004884 struct http_txn *txn = &t->txn;
4885 appsess *asession = NULL;
4886 char *sessid_temp = NULL;
4887
Cyril Bontéb21570a2009-11-29 20:04:48 +01004888 if (len > t->be->appsession_len) {
4889 len = t->be->appsession_len;
4890 }
4891
Cyril Bontébf47aeb2009-10-15 00:15:40 +02004892 if (t->be->options2 & PR_O2_AS_REQL) {
4893 /* request-learn option is enabled : store the sessid in the session for future use */
4894 if (t->sessid != NULL) {
4895 /* free previously allocated memory as we don't need the session id found in the URL anymore */
4896 pool_free2(apools.sessid, t->sessid);
4897 }
4898
4899 if ((t->sessid = pool_alloc2(apools.sessid)) == NULL) {
4900 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4901 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4902 return;
4903 }
4904
Cyril Bontéb21570a2009-11-29 20:04:48 +01004905 memcpy(t->sessid, buf, len);
4906 t->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02004907 }
4908
4909 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
4910 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
4911 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
4912 return;
4913 }
4914
Cyril Bontéb21570a2009-11-29 20:04:48 +01004915 memcpy(sessid_temp, buf, len);
4916 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02004917
4918 asession = appsession_hash_lookup(&(t->be->htbl_proxy), sessid_temp);
4919 /* free previously allocated memory */
4920 pool_free2(apools.sessid, sessid_temp);
4921
4922 if (asession != NULL) {
4923 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
4924 if (!(t->be->options2 & PR_O2_AS_REQL))
4925 asession->request_count++;
4926
4927 if (asession->serverid != NULL) {
4928 struct server *srv = t->be->srv;
4929 while (srv) {
4930 if (strcmp(srv->id, asession->serverid) == 0) {
4931 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
4932 /* we found the server and it's usable */
4933 txn->flags &= ~TX_CK_MASK;
4934 txn->flags |= TX_CK_VALID;
4935 t->flags |= SN_DIRECT | SN_ASSIGNED;
4936 t->srv = srv;
4937 break;
4938 } else {
4939 txn->flags &= ~TX_CK_MASK;
4940 txn->flags |= TX_CK_DOWN;
4941 }
4942 }
4943 srv = srv->next;
4944 }
4945 }
4946 }
4947}
4948
4949/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01004950 * Manage client-side cookie. It can impact performance by about 2% so it is
4951 * desirable to call it only when needed.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004952 */
4953void manage_client_side_cookies(struct session *t, struct buffer *req)
4954{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004955 struct http_txn *txn = &t->txn;
Willy Tarreau305ae852010-01-03 19:45:54 +01004956 char *p1, *p2, *p3, *p4, *p5;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004957 char *del_colon, *del_cookie, *colon;
4958 int app_cookies;
4959
Willy Tarreau58f10d72006-12-04 02:26:12 +01004960 char *cur_ptr, *cur_end, *cur_next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01004961 int cur_idx, old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004962
Willy Tarreau2a324282006-12-05 00:05:46 +01004963 /* Iterate through the headers.
Willy Tarreau58f10d72006-12-04 02:26:12 +01004964 * we start with the start line.
4965 */
Willy Tarreau83969f42007-01-22 08:55:47 +01004966 old_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004967 cur_next = req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01004968
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004969 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004970 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004971 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01004972
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01004973 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau58f10d72006-12-04 02:26:12 +01004974 cur_ptr = cur_next;
4975 cur_end = cur_ptr + cur_hdr->len;
4976 cur_next = cur_end + cur_hdr->cr + 1;
4977
4978 /* We have one full header between cur_ptr and cur_end, and the
4979 * next header starts at cur_next. We're only interested in
4980 * "Cookie:" headers.
4981 */
4982
Willy Tarreauaa9dce32007-03-18 23:50:16 +01004983 val = http_header_match2(cur_ptr, cur_end, "Cookie", 6);
4984 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01004985 old_idx = cur_idx;
4986 continue;
4987 }
4988
4989 /* Now look for cookies. Conforming to RFC2109, we have to support
4990 * attributes whose name begin with a '$', and associate them with
4991 * the right cookie, if we want to delete this cookie.
4992 * So there are 3 cases for each cookie read :
4993 * 1) it's a special attribute, beginning with a '$' : ignore it.
4994 * 2) it's a server id cookie that we *MAY* want to delete : save
4995 * some pointers on it (last semi-colon, beginning of cookie...)
4996 * 3) it's an application cookie : we *MAY* have to delete a previous
4997 * "special" cookie.
4998 * At the end of loop, if a "special" cookie remains, we may have to
4999 * remove it. If no application cookie persists in the header, we
5000 * *MUST* delete it
5001 */
5002
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005003 colon = p1 = cur_ptr + val; /* first non-space char after 'Cookie:' */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005004
Willy Tarreau58f10d72006-12-04 02:26:12 +01005005 /* del_cookie == NULL => nothing to be deleted */
5006 del_colon = del_cookie = NULL;
5007 app_cookies = 0;
5008
5009 while (p1 < cur_end) {
5010 /* skip spaces and colons, but keep an eye on these ones */
Willy Tarreau305ae852010-01-03 19:45:54 +01005011 resync_name:
Willy Tarreau58f10d72006-12-04 02:26:12 +01005012 while (p1 < cur_end) {
5013 if (*p1 == ';' || *p1 == ',')
5014 colon = p1;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02005015 else if (!isspace((unsigned char)*p1))
Willy Tarreau58f10d72006-12-04 02:26:12 +01005016 break;
5017 p1++;
5018 }
5019
5020 if (p1 == cur_end)
5021 break;
5022
5023 /* p1 is at the beginning of the cookie name */
5024 p2 = p1;
Willy Tarreau305ae852010-01-03 19:45:54 +01005025 while (p2 < cur_end && *p2 != '=') {
5026 if (*p2 == ',' || *p2 == ';' || isspace((unsigned char)*p2)) {
5027 /* oops, the cookie name was truncated, resync */
5028 p1 = p2;
5029 goto resync_name;
5030 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005031 p2++;
Willy Tarreau305ae852010-01-03 19:45:54 +01005032 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005033
5034 if (p2 == cur_end)
5035 break;
5036
5037 p3 = p2 + 1; /* skips the '=' sign */
5038 if (p3 == cur_end)
5039 break;
5040
Willy Tarreau305ae852010-01-03 19:45:54 +01005041 /* parse the value, stripping leading and trailing spaces but keeping insiders. */
5042 p5 = p4 = p3;
5043 while (p5 < cur_end && *p5 != ';' && *p5 != ',') {
5044 if (!isspace((unsigned char)*p5))
5045 p4 = p5 + 1;
5046 p5++;
5047 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005048
5049 /* here, we have the cookie name between p1 and p2,
5050 * and its value between p3 and p4.
5051 * we can process it :
5052 *
Willy Tarreau305ae852010-01-03 19:45:54 +01005053 * Cookie: NAME=VALUE ;
5054 * | || || |+-> p5
Willy Tarreau58f10d72006-12-04 02:26:12 +01005055 * | || || +--> p4
5056 * | || |+-------> p3
5057 * | || +--------> p2
5058 * | |+------------> p1
5059 * | +-------------> colon
5060 * +--------------------> cur_ptr
5061 */
5062
5063 if (*p1 == '$') {
5064 /* skip this one */
5065 }
5066 else {
5067 /* first, let's see if we want to capture it */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005068 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005069 txn->cli_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005070 (p4 - p1 >= t->fe->capture_namelen) &&
5071 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005072 int log_len = p4 - p1;
5073
Willy Tarreau086b3b42007-05-13 21:45:51 +02005074 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005075 Alert("HTTP logging : out of memory.\n");
5076 } else {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005077 if (log_len > t->fe->capture_len)
5078 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005079 memcpy(txn->cli_cookie, p1, log_len);
5080 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005081 }
5082 }
5083
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005084 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
5085 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005086 /* Cool... it's the right one */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005087 struct server *srv = t->be->srv;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005088 char *delim;
5089
5090 /* if we're in cookie prefix mode, we'll search the delimitor so that we
5091 * have the server ID betweek p3 and delim, and the original cookie between
5092 * delim+1 and p4. Otherwise, delim==p4 :
5093 *
Willy Tarreau305ae852010-01-03 19:45:54 +01005094 * Cookie: NAME=SRV~VALUE ;
5095 * | || || | |+-> p5
Willy Tarreau58f10d72006-12-04 02:26:12 +01005096 * | || || | +--> p4
5097 * | || || +--------> delim
5098 * | || |+-----------> p3
5099 * | || +------------> p2
5100 * | |+----------------> p1
5101 * | +-----------------> colon
5102 * +------------------------> cur_ptr
5103 */
5104
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005105 if (t->be->options & PR_O_COOK_PFX) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005106 for (delim = p3; delim < p4; delim++)
5107 if (*delim == COOKIE_DELIM)
5108 break;
5109 }
5110 else
5111 delim = p4;
5112
5113
5114 /* Here, we'll look for the first running server which supports the cookie.
5115 * This allows to share a same cookie between several servers, for example
5116 * to dedicate backup servers to specific servers only.
5117 * However, to prevent clients from sticking to cookie-less backup server
5118 * when they have incidentely learned an empty cookie, we simply ignore
5119 * empty cookies and mark them as invalid.
5120 */
5121 if (delim == p3)
5122 srv = NULL;
5123
5124 while (srv) {
Willy Tarreau92f2ab12007-02-02 22:14:47 +01005125 if (srv->cookie && (srv->cklen == delim - p3) &&
5126 !memcmp(p3, srv->cookie, delim - p3)) {
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005127 if (srv->state & SRV_RUNNING || t->be->options & PR_O_PERSIST) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005128 /* we found the server and it's usable */
Willy Tarreau3d300592007-03-18 18:34:41 +01005129 txn->flags &= ~TX_CK_MASK;
5130 txn->flags |= TX_CK_VALID;
5131 t->flags |= SN_DIRECT | SN_ASSIGNED;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005132 t->srv = srv;
5133 break;
5134 } else {
5135 /* we found a server, but it's down */
Willy Tarreau3d300592007-03-18 18:34:41 +01005136 txn->flags &= ~TX_CK_MASK;
5137 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005138 }
5139 }
5140 srv = srv->next;
5141 }
5142
Willy Tarreau3d300592007-03-18 18:34:41 +01005143 if (!srv && !(txn->flags & TX_CK_DOWN)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005144 /* no server matched this cookie */
Willy Tarreau3d300592007-03-18 18:34:41 +01005145 txn->flags &= ~TX_CK_MASK;
5146 txn->flags |= TX_CK_INVALID;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005147 }
5148
5149 /* depending on the cookie mode, we may have to either :
5150 * - delete the complete cookie if we're in insert+indirect mode, so that
5151 * the server never sees it ;
5152 * - remove the server id from the cookie value, and tag the cookie as an
5153 * application cookie so that it does not get accidentely removed later,
5154 * if we're in cookie prefix mode
5155 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005156 if ((t->be->options & PR_O_COOK_PFX) && (delim != p4)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005157 int delta; /* negative */
5158
5159 delta = buffer_replace2(req, p3, delim + 1, NULL, 0);
5160 p4 += delta;
Willy Tarreau305ae852010-01-03 19:45:54 +01005161 p5 += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005162 cur_end += delta;
5163 cur_next += delta;
5164 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005165 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005166
5167 del_cookie = del_colon = NULL;
5168 app_cookies++; /* protect the header from deletion */
5169 }
5170 else if (del_cookie == NULL &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005171 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005172 del_cookie = p1;
5173 del_colon = colon;
5174 }
5175 } else {
5176 /* now we know that we must keep this cookie since it's
5177 * not ours. But if we wanted to delete our cookie
5178 * earlier, we cannot remove the complete header, but we
5179 * can remove the previous block itself.
5180 */
5181 app_cookies++;
5182
5183 if (del_cookie != NULL) {
5184 int delta; /* negative */
5185
5186 delta = buffer_replace2(req, del_cookie, p1, NULL, 0);
5187 p4 += delta;
Willy Tarreau305ae852010-01-03 19:45:54 +01005188 p5 += delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005189 cur_end += delta;
5190 cur_next += delta;
5191 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005192 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005193 del_cookie = del_colon = NULL;
5194 }
5195 }
5196
Cyril Bontéb21570a2009-11-29 20:04:48 +01005197 if (t->be->appsession_name != NULL) {
5198 int cmp_len, value_len;
5199 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005200
Cyril Bontéb21570a2009-11-29 20:04:48 +01005201 if (t->be->options2 & PR_O2_AS_PFX) {
5202 cmp_len = MIN(p4 - p1, t->be->appsession_name_len);
5203 value_begin = p1 + t->be->appsession_name_len;
5204 value_len = p4 - p1 - t->be->appsession_name_len;
5205 } else {
5206 cmp_len = p2 - p1;
5207 value_begin = p3;
5208 value_len = p4 - p3;
5209 }
5210
5211 /* let's see if the cookie is our appcookie */
5212 if (memcmp(p1, t->be->appsession_name, cmp_len) == 0) {
5213 /* Cool... it's the right one */
5214 manage_client_side_appsession(t, value_begin, value_len);
5215 }
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005216#if defined(DEBUG_HASH)
5217 Alert("manage_client_side_cookies\n");
5218 appsession_hash_dump(&(t->be->htbl_proxy));
5219#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01005220 }/* end if ((t->proxy->appsession_name != NULL) ... */
5221 }
5222
5223 /* we'll have to look for another cookie ... */
Willy Tarreau305ae852010-01-03 19:45:54 +01005224 p1 = p5;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005225 } /* while (p1 < cur_end) */
5226
5227 /* There's no more cookie on this line.
5228 * We may have marked the last one(s) for deletion.
5229 * We must do this now in two ways :
5230 * - if there is no app cookie, we simply delete the header ;
5231 * - if there are app cookies, we must delete the end of the
5232 * string properly, including the colon/semi-colon before
5233 * the cookie name.
5234 */
5235 if (del_cookie != NULL) {
5236 int delta;
5237 if (app_cookies) {
5238 delta = buffer_replace2(req, del_colon, cur_end, NULL, 0);
5239 cur_end = del_colon;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005240 cur_hdr->len += delta;
5241 } else {
5242 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005243
5244 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005245 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
5246 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005247 cur_hdr->len = 0;
5248 }
Willy Tarreau45e73e32006-12-17 00:05:15 +01005249 cur_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005250 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005251 }
5252
5253 /* keep the link from this header to next one */
5254 old_idx = cur_idx;
5255 } /* end of cookie processing on this header */
5256}
5257
5258
Willy Tarreaua15645d2007-03-18 16:22:39 +01005259/* Iterate the same filter through all response headers contained in <rtr>.
5260 * Returns 1 if this filter can be stopped upon return, otherwise 0.
5261 */
5262int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
5263{
5264 char term;
5265 char *cur_ptr, *cur_end, *cur_next;
5266 int cur_idx, old_idx, last_hdr;
5267 struct http_txn *txn = &t->txn;
5268 struct hdr_idx_elem *cur_hdr;
5269 int len, delta;
5270
5271 last_hdr = 0;
5272
5273 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
5274 old_idx = 0;
5275
5276 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005277 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005278 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005279 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01005280 (exp->action == ACT_ALLOW ||
5281 exp->action == ACT_DENY))
5282 return 0;
5283
5284 cur_idx = txn->hdr_idx.v[old_idx].next;
5285 if (!cur_idx)
5286 break;
5287
5288 cur_hdr = &txn->hdr_idx.v[cur_idx];
5289 cur_ptr = cur_next;
5290 cur_end = cur_ptr + cur_hdr->len;
5291 cur_next = cur_end + cur_hdr->cr + 1;
5292
5293 /* Now we have one header between cur_ptr and cur_end,
5294 * and the next header starts at cur_next.
5295 */
5296
5297 /* The annoying part is that pattern matching needs
5298 * that we modify the contents to null-terminate all
5299 * strings before testing them.
5300 */
5301
5302 term = *cur_end;
5303 *cur_end = '\0';
5304
5305 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5306 switch (exp->action) {
5307 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005308 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005309 last_hdr = 1;
5310 break;
5311
5312 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005313 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005314 last_hdr = 1;
5315 break;
5316
5317 case ACT_REPLACE:
5318 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
5319 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
5320 /* FIXME: if the user adds a newline in the replacement, the
5321 * index will not be recalculated for now, and the new line
5322 * will not be counted as a new header.
5323 */
5324
5325 cur_end += delta;
5326 cur_next += delta;
5327 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005328 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005329 break;
5330
5331 case ACT_REMOVE:
5332 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
5333 cur_next += delta;
5334
Willy Tarreaufa355d42009-11-29 18:12:29 +01005335 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005336 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
5337 txn->hdr_idx.used--;
5338 cur_hdr->len = 0;
5339 cur_end = NULL; /* null-term has been rewritten */
5340 break;
5341
5342 }
5343 }
5344 if (cur_end)
5345 *cur_end = term; /* restore the string terminator */
5346
5347 /* keep the link from this header to next one in case of later
5348 * removal of next header.
5349 */
5350 old_idx = cur_idx;
5351 }
5352 return 0;
5353}
5354
5355
5356/* Apply the filter to the status line in the response buffer <rtr>.
5357 * Returns 0 if nothing has been done, 1 if the filter has been applied,
5358 * or -1 if a replacement resulted in an invalid status line.
5359 */
5360int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
5361{
5362 char term;
5363 char *cur_ptr, *cur_end;
5364 int done;
5365 struct http_txn *txn = &t->txn;
5366 int len, delta;
5367
5368
Willy Tarreau3d300592007-03-18 18:34:41 +01005369 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005370 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005371 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01005372 (exp->action == ACT_ALLOW ||
5373 exp->action == ACT_DENY))
5374 return 0;
5375 else if (exp->action == ACT_REMOVE)
5376 return 0;
5377
5378 done = 0;
5379
Willy Tarreau9cdde232007-05-02 20:58:19 +02005380 cur_ptr = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005381 cur_end = cur_ptr + txn->rsp.sl.rq.l;
5382
5383 /* Now we have the status line between cur_ptr and cur_end */
5384
5385 /* The annoying part is that pattern matching needs
5386 * that we modify the contents to null-terminate all
5387 * strings before testing them.
5388 */
5389
5390 term = *cur_end;
5391 *cur_end = '\0';
5392
5393 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5394 switch (exp->action) {
5395 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005396 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005397 done = 1;
5398 break;
5399
5400 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005401 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005402 done = 1;
5403 break;
5404
5405 case ACT_REPLACE:
5406 *cur_end = term; /* restore the string terminator */
5407 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
5408 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
5409 /* FIXME: if the user adds a newline in the replacement, the
5410 * index will not be recalculated for now, and the new line
5411 * will not be counted as a new header.
5412 */
5413
Willy Tarreaufa355d42009-11-29 18:12:29 +01005414 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005415 cur_end += delta;
5416
Willy Tarreau9cdde232007-05-02 20:58:19 +02005417 txn->rsp.sol = rtr->data + txn->rsp.som; /* should be equal to txn->sol */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005418 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02005419 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01005420 cur_ptr, cur_end + 1,
5421 NULL, NULL);
5422 if (unlikely(!cur_end))
5423 return -1;
5424
5425 /* we have a full respnse and we know that we have either a CR
5426 * or an LF at <ptr>.
5427 */
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005428 txn->status = strl2ui(rtr->data + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005429 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.rq.l, *cur_end == '\r');
5430 /* there is no point trying this regex on headers */
5431 return 1;
5432 }
5433 }
5434 *cur_end = term; /* restore the string terminator */
5435 return done;
5436}
5437
5438
5439
5440/*
5441 * Apply all the resp filters <exp> to all headers in buffer <rtr> of session <t>.
5442 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
5443 * unparsable response.
5444 */
5445int apply_filters_to_response(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
5446{
Willy Tarreau3d300592007-03-18 18:34:41 +01005447 struct http_txn *txn = &t->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005448 /* iterate through the filters in the outer loop */
Willy Tarreau3d300592007-03-18 18:34:41 +01005449 while (exp && !(txn->flags & TX_SVDENY)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005450 int ret;
5451
5452 /*
5453 * The interleaving of transformations and verdicts
5454 * makes it difficult to decide to continue or stop
5455 * the evaluation.
5456 */
5457
Willy Tarreau3d300592007-03-18 18:34:41 +01005458 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01005459 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
5460 exp->action == ACT_PASS)) {
5461 exp = exp->next;
5462 continue;
5463 }
5464
5465 /* Apply the filter to the status line. */
5466 ret = apply_filter_to_sts_line(t, rtr, exp);
5467 if (unlikely(ret < 0))
5468 return -1;
5469
5470 if (likely(ret == 0)) {
5471 /* The filter did not match the response, it can be
5472 * iterated through all headers.
5473 */
5474 apply_filter_to_resp_headers(t, rtr, exp);
5475 }
5476 exp = exp->next;
5477 }
5478 return 0;
5479}
5480
5481
5482
5483/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01005484 * Manage server-side cookies. It can impact performance by about 2% so it is
5485 * desirable to call it only when needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005486 */
5487void manage_server_side_cookies(struct session *t, struct buffer *rtr)
5488{
5489 struct http_txn *txn = &t->txn;
5490 char *p1, *p2, *p3, *p4;
5491
Willy Tarreaua15645d2007-03-18 16:22:39 +01005492 char *cur_ptr, *cur_end, *cur_next;
5493 int cur_idx, old_idx, delta;
5494
Willy Tarreaua15645d2007-03-18 16:22:39 +01005495 /* Iterate through the headers.
5496 * we start with the start line.
5497 */
5498 old_idx = 0;
5499 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
5500
5501 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
5502 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005503 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005504
5505 cur_hdr = &txn->hdr_idx.v[cur_idx];
5506 cur_ptr = cur_next;
5507 cur_end = cur_ptr + cur_hdr->len;
5508 cur_next = cur_end + cur_hdr->cr + 1;
5509
5510 /* We have one full header between cur_ptr and cur_end, and the
5511 * next header starts at cur_next. We're only interested in
5512 * "Cookie:" headers.
5513 */
5514
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005515 val = http_header_match2(cur_ptr, cur_end, "Set-Cookie", 10);
5516 if (!val) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005517 old_idx = cur_idx;
5518 continue;
5519 }
5520
5521 /* OK, right now we know we have a set-cookie at cur_ptr */
Willy Tarreau3d300592007-03-18 18:34:41 +01005522 txn->flags |= TX_SCK_ANY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005523
5524
Willy Tarreaufd39dda2008-10-17 12:01:58 +02005525 /* maybe we only wanted to see if there was a set-cookie. Note that
5526 * the cookie capture is declared in the fronend.
5527 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005528 if (t->be->cookie_name == NULL &&
5529 t->be->appsession_name == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02005530 t->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01005531 return;
5532
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005533 p1 = cur_ptr + val; /* first non-space char after 'Set-Cookie:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005534
5535 while (p1 < cur_end) { /* in fact, we'll break after the first cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005536 if (p1 == cur_end || *p1 == ';') /* end of cookie */
5537 break;
5538
5539 /* p1 is at the beginning of the cookie name */
5540 p2 = p1;
5541
5542 while (p2 < cur_end && *p2 != '=' && *p2 != ';')
5543 p2++;
5544
5545 if (p2 == cur_end || *p2 == ';') /* next cookie */
5546 break;
5547
5548 p3 = p2 + 1; /* skip the '=' sign */
5549 if (p3 == cur_end)
5550 break;
5551
5552 p4 = p3;
Willy Tarreau8f8e6452007-06-17 21:51:38 +02005553 while (p4 < cur_end && !isspace((unsigned char)*p4) && *p4 != ';')
Willy Tarreaua15645d2007-03-18 16:22:39 +01005554 p4++;
5555
5556 /* here, we have the cookie name between p1 and p2,
5557 * and its value between p3 and p4.
5558 * we can process it.
5559 */
5560
5561 /* first, let's see if we want to capture it */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02005562 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005563 txn->srv_cookie == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02005564 (p4 - p1 >= t->fe->capture_namelen) &&
5565 memcmp(p1, t->fe->capture_name, t->fe->capture_namelen) == 0) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005566 int log_len = p4 - p1;
5567
Willy Tarreau086b3b42007-05-13 21:45:51 +02005568 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005569 Alert("HTTP logging : out of memory.\n");
5570 }
5571
Willy Tarreaufd39dda2008-10-17 12:01:58 +02005572 if (log_len > t->fe->capture_len)
5573 log_len = t->fe->capture_len;
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005574 memcpy(txn->srv_cookie, p1, log_len);
5575 txn->srv_cookie[log_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005576 }
5577
5578 /* now check if we need to process it for persistence */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005579 if ((p2 - p1 == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
5580 (memcmp(p1, t->be->cookie_name, p2 - p1) == 0)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005581 /* Cool... it's the right one */
Willy Tarreau3d300592007-03-18 18:34:41 +01005582 txn->flags |= TX_SCK_SEEN;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005583
5584 /* If the cookie is in insert mode on a known server, we'll delete
5585 * this occurrence because we'll insert another one later.
5586 * We'll delete it too if the "indirect" option is set and we're in
5587 * a direct access. */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005588 if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
5589 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005590 /* this header must be deleted */
5591 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
5592 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
5593 txn->hdr_idx.used--;
5594 cur_hdr->len = 0;
5595 cur_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005596 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005597
Willy Tarreau3d300592007-03-18 18:34:41 +01005598 txn->flags |= TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005599 }
5600 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005601 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005602 /* replace bytes p3->p4 with the cookie name associated
5603 * with this server since we know it.
5604 */
5605 delta = buffer_replace2(rtr, p3, p4, t->srv->cookie, t->srv->cklen);
5606 cur_hdr->len += delta;
5607 cur_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005608 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005609
Willy Tarreau3d300592007-03-18 18:34:41 +01005610 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005611 }
5612 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005613 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01005614 /* insert the cookie name associated with this server
5615 * before existing cookie, and insert a delimitor between them..
5616 */
5617 delta = buffer_replace2(rtr, p3, p3, t->srv->cookie, t->srv->cklen + 1);
5618 cur_hdr->len += delta;
5619 cur_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005620 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005621
5622 p3[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreau3d300592007-03-18 18:34:41 +01005623 txn->flags |= TX_SCK_INSERTED | TX_SCK_DELETED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005624 }
5625 }
5626 /* next, let's see if the cookie is our appcookie */
Cyril Bontéb21570a2009-11-29 20:04:48 +01005627 else if (t->be->appsession_name != NULL) {
5628 int cmp_len, value_len;
5629 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005630
Cyril Bontéb21570a2009-11-29 20:04:48 +01005631 if (t->be->options2 & PR_O2_AS_PFX) {
5632 cmp_len = MIN(p4 - p1, t->be->appsession_name_len);
5633 value_begin = p1 + t->be->appsession_name_len;
5634 value_len = MIN(t->be->appsession_len, p4 - p1 - t->be->appsession_name_len);
5635 } else {
5636 cmp_len = p2 - p1;
5637 value_begin = p3;
5638 value_len = MIN(t->be->appsession_len, p4 - p3);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005639 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01005640
5641 if (memcmp(p1, t->be->appsession_name, cmp_len) == 0) {
5642 /* Cool... it's the right one */
5643 if (t->sessid != NULL) {
5644 /* free previously allocated memory as we don't need it anymore */
5645 pool_free2(apools.sessid, t->sessid);
5646 }
5647 /* Store the sessid in the session for future use */
5648 if ((t->sessid = pool_alloc2(apools.sessid)) == NULL) {
5649 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5650 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5651 return;
5652 }
5653 memcpy(t->sessid, value_begin, value_len);
5654 t->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005655 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01005656 } /* end if ((t->be->appsession_name != NULL) ... */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005657 break; /* we don't want to loop again since there cannot be another cookie on the same line */
5658 } /* we're now at the end of the cookie value */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005659 /* keep the link from this header to next one */
5660 old_idx = cur_idx;
5661 } /* end of cookie processing on this header */
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005662
5663 if (t->sessid != NULL) {
5664 appsess *asession = NULL;
5665 /* only do insert, if lookup fails */
5666 asession = appsession_hash_lookup(&(t->be->htbl_proxy), t->sessid);
5667 if (asession == NULL) {
5668 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
5669 Alert("Not enough Memory process_srv():asession:calloc().\n");
5670 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
5671 return;
5672 }
5673 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
5674 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5675 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5676 return;
5677 }
5678 memcpy(asession->sessid, t->sessid, t->be->appsession_len);
5679 asession->sessid[t->be->appsession_len] = 0;
5680
5681 size_t server_id_len = strlen(t->srv->id) + 1;
5682 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
5683 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
5684 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
5685 return;
5686 }
5687 asession->serverid[0] = '\0';
5688 memcpy(asession->serverid, t->srv->id, server_id_len);
5689
5690 asession->request_count = 0;
5691 appsession_hash_insert(&(t->be->htbl_proxy), asession);
5692 }
5693
5694 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
5695 asession->request_count++;
5696 }
5697
5698#if defined(DEBUG_HASH)
5699 Alert("manage_server_side_cookies\n");
5700 appsession_hash_dump(&(t->be->htbl_proxy));
5701#endif
Willy Tarreaua15645d2007-03-18 16:22:39 +01005702}
5703
5704
5705
5706/*
5707 * Check if response is cacheable or not. Updates t->flags.
5708 */
5709void check_response_for_cacheability(struct session *t, struct buffer *rtr)
5710{
5711 struct http_txn *txn = &t->txn;
5712 char *p1, *p2;
5713
5714 char *cur_ptr, *cur_end, *cur_next;
5715 int cur_idx;
5716
Willy Tarreau5df51872007-11-25 16:20:08 +01005717 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005718 return;
5719
5720 /* Iterate through the headers.
5721 * we start with the start line.
5722 */
5723 cur_idx = 0;
5724 cur_next = rtr->data + txn->rsp.som + hdr_idx_first_pos(&txn->hdr_idx);
5725
5726 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5727 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005728 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005729
5730 cur_hdr = &txn->hdr_idx.v[cur_idx];
5731 cur_ptr = cur_next;
5732 cur_end = cur_ptr + cur_hdr->len;
5733 cur_next = cur_end + cur_hdr->cr + 1;
5734
5735 /* We have one full header between cur_ptr and cur_end, and the
5736 * next header starts at cur_next. We're only interested in
5737 * "Cookie:" headers.
5738 */
5739
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005740 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
5741 if (val) {
5742 if ((cur_end - (cur_ptr + val) >= 8) &&
5743 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
5744 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5745 return;
5746 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005747 }
5748
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005749 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
5750 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01005751 continue;
5752
5753 /* OK, right now we know we have a cache-control header at cur_ptr */
5754
Willy Tarreauaa9dce32007-03-18 23:50:16 +01005755 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005756
5757 if (p1 >= cur_end) /* no more info */
5758 continue;
5759
5760 /* p1 is at the beginning of the value */
5761 p2 = p1;
5762
Willy Tarreau8f8e6452007-06-17 21:51:38 +02005763 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01005764 p2++;
5765
5766 /* we have a complete value between p1 and p2 */
5767 if (p2 < cur_end && *p2 == '=') {
5768 /* we have something of the form no-cache="set-cookie" */
5769 if ((cur_end - p1 >= 21) &&
5770 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
5771 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01005772 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005773 continue;
5774 }
5775
5776 /* OK, so we know that either p2 points to the end of string or to a comma */
5777 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
5778 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
5779 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
5780 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005781 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005782 return;
5783 }
5784
5785 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005786 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005787 continue;
5788 }
5789 }
5790}
5791
5792
Willy Tarreau58f10d72006-12-04 02:26:12 +01005793/*
5794 * Try to retrieve a known appsession in the URI, then the associated server.
5795 * If the server is found, it's assigned to the session.
5796 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005797void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005798{
Cyril Bontéb21570a2009-11-29 20:04:48 +01005799 char *end_params, *first_param, *cur_param, *next_param;
5800 char separator;
5801 int value_len;
5802
5803 int mode = t->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005804
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005805 if (t->be->appsession_name == NULL ||
Cyril Bontéb21570a2009-11-29 20:04:48 +01005806 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005807 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01005808 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005809
Cyril Bontéb21570a2009-11-29 20:04:48 +01005810 first_param = NULL;
5811 switch (mode) {
5812 case PR_O2_AS_M_PP:
5813 first_param = memchr(begin, ';', len);
5814 break;
5815 case PR_O2_AS_M_QS:
5816 first_param = memchr(begin, '?', len);
5817 break;
5818 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005819
Cyril Bontéb21570a2009-11-29 20:04:48 +01005820 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01005821 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01005822 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005823
Cyril Bontéb21570a2009-11-29 20:04:48 +01005824 switch (mode) {
5825 case PR_O2_AS_M_PP:
5826 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
5827 end_params = (char *) begin + len;
5828 }
5829 separator = ';';
5830 break;
5831 case PR_O2_AS_M_QS:
5832 end_params = (char *) begin + len;
5833 separator = '&';
5834 break;
5835 default:
5836 /* unknown mode, shouldn't happen */
5837 return;
5838 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005839
Cyril Bontéb21570a2009-11-29 20:04:48 +01005840 cur_param = next_param = end_params;
5841 while (cur_param > first_param) {
5842 cur_param--;
5843 if ((cur_param[0] == separator) || (cur_param == first_param)) {
5844 /* let's see if this is the appsession parameter */
5845 if ((cur_param + t->be->appsession_name_len + 1 < next_param) &&
5846 ((t->be->options2 & PR_O2_AS_PFX) || cur_param[t->be->appsession_name_len + 1] == '=') &&
5847 (strncasecmp(cur_param + 1, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
5848 /* Cool... it's the right one */
5849 cur_param += t->be->appsession_name_len + (t->be->options2 & PR_O2_AS_PFX ? 1 : 2);
5850 value_len = MIN(t->be->appsession_len, next_param - cur_param);
5851 if (value_len > 0) {
5852 manage_client_side_appsession(t, cur_param, value_len);
5853 }
5854 break;
5855 }
5856 next_param = cur_param;
5857 }
5858 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005859#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02005860 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02005861 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01005862#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01005863}
5864
5865
Willy Tarreaub2513902006-12-17 14:52:38 +01005866/*
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005867 * In a GET or HEAD request, check if the requested URI matches the stats uri
5868 * for the current backend, and if an authorization has been passed and is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01005869 *
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005870 * It is assumed that the request is either a HEAD or GET and that the
Willy Tarreaue2e27a52007-04-01 00:01:37 +02005871 * t->be->uri_auth field is valid. An HTTP/401 response may be sent, or
Willy Tarreaub0c9bc42009-10-04 15:56:38 +02005872 * the stats I/O handler will be registered to start sending data.
Willy Tarreaub2513902006-12-17 14:52:38 +01005873 *
5874 * Returns 1 if the session's state changes, otherwise 0.
5875 */
5876int stats_check_uri_auth(struct session *t, struct proxy *backend)
5877{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005878 struct http_txn *txn = &t->txn;
Willy Tarreaub2513902006-12-17 14:52:38 +01005879 struct uri_auth *uri_auth = backend->uri_auth;
5880 struct user_auth *user;
5881 int authenticated, cur_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005882 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01005883
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005884 memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
5885
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005886 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005887 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01005888 return 0;
5889
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005890 h = t->req->data + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005891
Willy Tarreau0214c3a2007-01-07 13:47:30 +01005892 /* the URI is in h */
5893 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01005894 return 0;
5895
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005896 h += uri_auth->uri_len;
5897 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
5898 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005899 t->data_ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005900 break;
5901 }
5902 h++;
5903 }
5904
5905 if (uri_auth->refresh) {
5906 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5907 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
5908 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005909 t->data_ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02005910 break;
5911 }
5912 h++;
5913 }
5914 }
5915
Willy Tarreau55bb8452007-10-17 18:44:57 +02005916 h = t->req->data + txn->req.sl.rq.u + uri_auth->uri_len;
5917 while (h <= t->req->data + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
5918 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005919 t->data_ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02005920 break;
5921 }
5922 h++;
5923 }
5924
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005925 t->data_ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
5926
Willy Tarreaub2513902006-12-17 14:52:38 +01005927 /* we are in front of a interceptable URI. Let's check
5928 * if there's an authentication and if it's valid.
5929 */
5930 user = uri_auth->users;
5931 if (!user) {
5932 /* no user auth required, it's OK */
5933 authenticated = 1;
5934 } else {
5935 authenticated = 0;
5936
5937 /* a user list is defined, we have to check.
5938 * skip 21 chars for "Authorization: Basic ".
5939 */
5940
5941 /* FIXME: this should move to an earlier place */
5942 cur_idx = 0;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005943 h = t->req->data + txn->req.som + hdr_idx_first_pos(&txn->hdr_idx);
5944 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
5945 int len = txn->hdr_idx.v[cur_idx].len;
Willy Tarreaub2513902006-12-17 14:52:38 +01005946 if (len > 14 &&
5947 !strncasecmp("Authorization:", h, 14)) {
Krzysztof Piotr Oledzki6f61b212009-10-04 23:34:15 +02005948 chunk_initlen(&txn->auth_hdr, h, 0, len);
Willy Tarreaub2513902006-12-17 14:52:38 +01005949 break;
5950 }
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005951 h += len + txn->hdr_idx.v[cur_idx].cr + 1;
Willy Tarreaub2513902006-12-17 14:52:38 +01005952 }
5953
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005954 if (txn->auth_hdr.len < 21 ||
5955 memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
Willy Tarreaub2513902006-12-17 14:52:38 +01005956 user = NULL;
5957
5958 while (user) {
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005959 if ((txn->auth_hdr.len == user->user_len + 14 + 7)
5960 && !memcmp(txn->auth_hdr.str + 14 + 7,
Willy Tarreaub2513902006-12-17 14:52:38 +01005961 user->user_pwd, user->user_len)) {
5962 authenticated = 1;
5963 break;
5964 }
5965 user = user->next;
5966 }
5967 }
5968
5969 if (!authenticated) {
Willy Tarreau0f772532006-12-23 20:51:41 +01005970 struct chunk msg;
Willy Tarreaub2513902006-12-17 14:52:38 +01005971
5972 /* no need to go further */
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +02005973 sprintf(trash, HTTP_401_fmt, uri_auth->auth_realm);
5974 chunk_initlen(&msg, trash, sizeof(trash), strlen(trash));
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01005975 txn->status = 401;
Willy Tarreaudded32d2008-11-30 19:48:07 +01005976 stream_int_retnclose(t->req->prod, &msg);
Willy Tarreau2df28e82008-08-17 15:20:19 +02005977 t->req->analysers = 0;
Willy Tarreaub2513902006-12-17 14:52:38 +01005978 if (!(t->flags & SN_ERR_MASK))
5979 t->flags |= SN_ERR_PRXCOND;
5980 if (!(t->flags & SN_FINST_MASK))
5981 t->flags |= SN_FINST_R;
5982 return 1;
5983 }
5984
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01005985 /* The request is valid, the user is authenticated. Let's start sending
Willy Tarreaub2513902006-12-17 14:52:38 +01005986 * data.
5987 */
Willy Tarreau70089872008-06-13 21:12:51 +02005988 t->logs.tv_request = now;
Willy Tarreaub2513902006-12-17 14:52:38 +01005989 t->data_source = DATA_SRC_STATS;
5990 t->data_state = DATA_ST_INIT;
Willy Tarreau91e99932008-06-30 07:51:00 +02005991 t->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub0c9bc42009-10-04 15:56:38 +02005992 stream_int_register_handler(t->rep->prod, http_stats_io_handler);
5993 t->rep->prod->private = t;
5994 t->rep->prod->st0 = t->rep->prod->st1 = 0;
Willy Tarreaub2513902006-12-17 14:52:38 +01005995 return 1;
5996}
5997
Willy Tarreau4076a152009-04-02 15:18:36 +02005998/*
5999 * Capture a bad request or response and archive it in the proxy's structure.
6000 */
6001void http_capture_bad_message(struct error_snapshot *es, struct session *s,
6002 struct buffer *buf, struct http_msg *msg,
6003 struct proxy *other_end)
6004{
Willy Tarreau2df8d712009-05-01 11:33:17 +02006005 es->len = buf->r - (buf->data + msg->som);
6006 memcpy(es->buf, buf->data + msg->som, MIN(es->len, sizeof(es->buf)));
Willy Tarreau4076a152009-04-02 15:18:36 +02006007 if (msg->err_pos >= 0)
Willy Tarreau2df8d712009-05-01 11:33:17 +02006008 es->pos = msg->err_pos - msg->som;
Willy Tarreau4076a152009-04-02 15:18:36 +02006009 else
Willy Tarreau2df8d712009-05-01 11:33:17 +02006010 es->pos = buf->lr - (buf->data + msg->som);
Willy Tarreau4076a152009-04-02 15:18:36 +02006011 es->when = date; // user-visible date
6012 es->sid = s->uniq_id;
6013 es->srv = s->srv;
6014 es->oe = other_end;
6015 es->src = s->cli_addr;
6016}
Willy Tarreaub2513902006-12-17 14:52:38 +01006017
Willy Tarreaubaaee002006-06-26 02:48:02 +02006018/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01006019 * Print a debug line with a header
6020 */
6021void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
6022{
6023 int len, max;
6024 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02006025 dir, (unsigned short)t->req->prod->fd, (unsigned short)t->req->cons->fd);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006026 max = end - start;
6027 UBOUND(max, sizeof(trash) - len - 1);
6028 len += strlcpy2(trash + len, start, max + 1);
6029 trash[len++] = '\n';
6030 write(1, trash, len);
6031}
6032
Willy Tarreau0937bc42009-12-22 15:03:09 +01006033/*
6034 * Initialize a new HTTP transaction for session <s>. It is assumed that all
6035 * the required fields are properly allocated and that we only need to (re)init
6036 * them. This should be used before processing any new request.
6037 */
6038void http_init_txn(struct session *s)
6039{
6040 struct http_txn *txn = &s->txn;
6041 struct proxy *fe = s->fe;
6042
6043 txn->flags = 0;
6044 txn->status = -1;
6045
6046 txn->req.sol = txn->req.eol = NULL;
6047 txn->req.som = txn->req.eoh = 0; /* relative to the buffer */
6048 txn->rsp.sol = txn->rsp.eol = NULL;
6049 txn->rsp.som = txn->rsp.eoh = 0; /* relative to the buffer */
6050 txn->req.hdr_content_len = 0LL;
6051 txn->rsp.hdr_content_len = 0LL;
6052 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
6053 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
6054 chunk_reset(&txn->auth_hdr);
6055
6056 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
6057 if (fe->options2 & PR_O2_REQBUG_OK)
6058 txn->req.err_pos = -1; /* let buggy requests pass */
6059
6060 if (txn->req.cap)
6061 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
6062
6063 if (txn->rsp.cap)
6064 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
6065
6066 if (txn->hdr_idx.v)
6067 hdr_idx_init(&txn->hdr_idx);
6068}
6069
6070/* to be used at the end of a transaction */
6071void http_end_txn(struct session *s)
6072{
6073 struct http_txn *txn = &s->txn;
6074
6075 /* these ones will have been dynamically allocated */
6076 pool_free2(pool2_requri, txn->uri);
6077 pool_free2(pool2_capture, txn->cli_cookie);
6078 pool_free2(pool2_capture, txn->srv_cookie);
6079 txn->uri = NULL;
6080 txn->srv_cookie = NULL;
6081 txn->cli_cookie = NULL;
6082}
6083
6084/* to be used at the end of a transaction to prepare a new one */
6085void http_reset_txn(struct session *s)
6086{
6087 http_end_txn(s);
6088 http_init_txn(s);
6089
6090 s->be = s->fe;
6091 s->req->analysers = s->listener->analysers;
6092 s->logs.logwait = s->fe->to_log;
6093 s->srv = s->prev_srv = s->srv_conn = NULL;
6094 s->pend_pos = NULL;
6095 s->conn_retries = s->be->conn_retries;
6096
6097 s->req->flags |= BF_READ_DONTWAIT; /* one read is usually enough */
6098
6099 s->req->rto = s->fe->timeout.client;
6100 s->req->wto = s->be->timeout.server;
6101 s->req->cto = s->be->timeout.connect;
6102
6103 s->rep->rto = s->be->timeout.server;
6104 s->rep->wto = s->fe->timeout.client;
6105 s->rep->cto = TICK_ETERNITY;
6106
6107 s->req->rex = TICK_ETERNITY;
6108 s->req->wex = TICK_ETERNITY;
6109 s->req->analyse_exp = TICK_ETERNITY;
6110 s->rep->rex = TICK_ETERNITY;
6111 s->rep->wex = TICK_ETERNITY;
6112 s->rep->analyse_exp = TICK_ETERNITY;
6113}
Willy Tarreau58f10d72006-12-04 02:26:12 +01006114
Willy Tarreau8797c062007-05-07 00:55:35 +02006115/************************************************************************/
6116/* The code below is dedicated to ACL parsing and matching */
6117/************************************************************************/
6118
6119
6120
6121
6122/* 1. Check on METHOD
6123 * We use the pre-parsed method if it is known, and store its number as an
6124 * integer. If it is unknown, we use the pointer and the length.
6125 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02006126static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02006127{
6128 int len, meth;
6129
Willy Tarreauae8b7962007-06-09 23:10:04 +02006130 len = strlen(*text);
6131 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02006132
6133 pattern->val.i = meth;
6134 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02006135 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02006136 if (!pattern->ptr.str)
6137 return 0;
6138 pattern->len = len;
6139 }
6140 return 1;
6141}
6142
Willy Tarreaud41f8d82007-06-10 10:06:18 +02006143static int
Willy Tarreau97be1452007-06-10 11:47:14 +02006144acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
6145 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02006146{
6147 int meth;
6148 struct http_txn *txn = l7;
6149
Willy Tarreaub6866442008-07-14 23:54:42 +02006150 if (!txn)
6151 return 0;
6152
Willy Tarreau655dce92009-11-08 13:10:58 +01006153 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006154 return 0;
6155
Willy Tarreau8797c062007-05-07 00:55:35 +02006156 meth = txn->meth;
6157 test->i = meth;
6158 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02006159 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6160 /* ensure the indexes are not affected */
6161 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02006162 test->len = txn->req.sl.rq.m_l;
6163 test->ptr = txn->req.sol;
6164 }
6165 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
6166 return 1;
6167}
6168
6169static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
6170{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02006171 int icase;
6172
Willy Tarreau8797c062007-05-07 00:55:35 +02006173 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02006174 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02006175
6176 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02006177 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02006178
6179 /* Other method, we must compare the strings */
6180 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02006181 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02006182
6183 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
6184 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
6185 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02006186 return ACL_PAT_FAIL;
6187 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02006188}
6189
6190/* 2. Check on Request/Status Version
6191 * We simply compare strings here.
6192 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02006193static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02006194{
Willy Tarreauae8b7962007-06-09 23:10:04 +02006195 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02006196 if (!pattern->ptr.str)
6197 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02006198 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02006199 return 1;
6200}
6201
Willy Tarreaud41f8d82007-06-10 10:06:18 +02006202static int
Willy Tarreau97be1452007-06-10 11:47:14 +02006203acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
6204 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02006205{
6206 struct http_txn *txn = l7;
6207 char *ptr;
6208 int len;
6209
Willy Tarreaub6866442008-07-14 23:54:42 +02006210 if (!txn)
6211 return 0;
6212
Willy Tarreau655dce92009-11-08 13:10:58 +01006213 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006214 return 0;
6215
Willy Tarreau8797c062007-05-07 00:55:35 +02006216 len = txn->req.sl.rq.v_l;
6217 ptr = txn->req.sol + txn->req.sl.rq.v - txn->req.som;
6218
6219 while ((len-- > 0) && (*ptr++ != '/'));
6220 if (len <= 0)
6221 return 0;
6222
6223 test->ptr = ptr;
6224 test->len = len;
6225
6226 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
6227 return 1;
6228}
6229
Willy Tarreaud41f8d82007-06-10 10:06:18 +02006230static int
Willy Tarreau97be1452007-06-10 11:47:14 +02006231acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
6232 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02006233{
6234 struct http_txn *txn = l7;
6235 char *ptr;
6236 int len;
6237
Willy Tarreaub6866442008-07-14 23:54:42 +02006238 if (!txn)
6239 return 0;
6240
Willy Tarreau655dce92009-11-08 13:10:58 +01006241 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006242 return 0;
6243
Willy Tarreau8797c062007-05-07 00:55:35 +02006244 len = txn->rsp.sl.st.v_l;
6245 ptr = txn->rsp.sol;
6246
6247 while ((len-- > 0) && (*ptr++ != '/'));
6248 if (len <= 0)
6249 return 0;
6250
6251 test->ptr = ptr;
6252 test->len = len;
6253
6254 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
6255 return 1;
6256}
6257
6258/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02006259static int
Willy Tarreau97be1452007-06-10 11:47:14 +02006260acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
6261 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02006262{
6263 struct http_txn *txn = l7;
6264 char *ptr;
6265 int len;
6266
Willy Tarreaub6866442008-07-14 23:54:42 +02006267 if (!txn)
6268 return 0;
6269
Willy Tarreau655dce92009-11-08 13:10:58 +01006270 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006271 return 0;
6272
Willy Tarreau8797c062007-05-07 00:55:35 +02006273 len = txn->rsp.sl.st.c_l;
6274 ptr = txn->rsp.sol + txn->rsp.sl.st.c - txn->rsp.som;
6275
6276 test->i = __strl2ui(ptr, len);
6277 test->flags = ACL_TEST_F_VOL_1ST;
6278 return 1;
6279}
6280
6281/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02006282static int
Willy Tarreau97be1452007-06-10 11:47:14 +02006283acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
6284 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02006285{
6286 struct http_txn *txn = l7;
6287
Willy Tarreaub6866442008-07-14 23:54:42 +02006288 if (!txn)
6289 return 0;
6290
Willy Tarreau655dce92009-11-08 13:10:58 +01006291 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006292 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006293
Willy Tarreauc11416f2007-06-17 16:58:38 +02006294 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6295 /* ensure the indexes are not affected */
6296 return 0;
6297
Willy Tarreau8797c062007-05-07 00:55:35 +02006298 test->len = txn->req.sl.rq.u_l;
Willy Tarreaua95a1f42010-01-03 13:04:35 +01006299 test->ptr = txn->req.sol - txn->req.som + txn->req.sl.rq.u;
Willy Tarreau8797c062007-05-07 00:55:35 +02006300
Willy Tarreauf3d25982007-05-08 22:45:09 +02006301 /* we do not need to set READ_ONLY because the data is in a buffer */
6302 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02006303 return 1;
6304}
6305
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006306static int
6307acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
6308 struct acl_expr *expr, struct acl_test *test)
6309{
6310 struct http_txn *txn = l7;
6311
Willy Tarreaub6866442008-07-14 23:54:42 +02006312 if (!txn)
6313 return 0;
6314
Willy Tarreau655dce92009-11-08 13:10:58 +01006315 if (txn->req.msg_state < HTTP_MSG_BODY)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006316 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006317
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006318 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6319 /* ensure the indexes are not affected */
6320 return 0;
6321
6322 /* Parse HTTP request */
Willy Tarreaua95a1f42010-01-03 13:04:35 +01006323 url2sa(txn->req.sol - txn->req.som + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006324 test->ptr = (void *)&((struct sockaddr_in *)&l4->srv_addr)->sin_addr;
6325 test->i = AF_INET;
6326
6327 /*
6328 * If we are parsing url in frontend space, we prepare backend stage
6329 * to not parse again the same url ! optimization lazyness...
6330 */
6331 if (px->options & PR_O_HTTP_PROXY)
6332 l4->flags |= SN_ADDR_SET;
6333
6334 test->flags = ACL_TEST_F_READ_ONLY;
6335 return 1;
6336}
6337
6338static int
6339acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
6340 struct acl_expr *expr, struct acl_test *test)
6341{
6342 struct http_txn *txn = l7;
6343
Willy Tarreaub6866442008-07-14 23:54:42 +02006344 if (!txn)
6345 return 0;
6346
Willy Tarreau655dce92009-11-08 13:10:58 +01006347 if (txn->req.msg_state < HTTP_MSG_BODY)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006348 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006349
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006350 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6351 /* ensure the indexes are not affected */
6352 return 0;
6353
6354 /* Same optimization as url_ip */
Willy Tarreaua95a1f42010-01-03 13:04:35 +01006355 url2sa(txn->req.sol - txn->req.som + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->srv_addr);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01006356 test->i = ntohs(((struct sockaddr_in *)&l4->srv_addr)->sin_port);
6357
6358 if (px->options & PR_O_HTTP_PROXY)
6359 l4->flags |= SN_ADDR_SET;
6360
6361 test->flags = ACL_TEST_F_READ_ONLY;
6362 return 1;
6363}
6364
Willy Tarreauc11416f2007-06-17 16:58:38 +02006365/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
6366 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
6367 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02006368static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02006369acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02006370 struct acl_expr *expr, struct acl_test *test)
6371{
6372 struct http_txn *txn = l7;
6373 struct hdr_idx *idx = &txn->hdr_idx;
6374 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02006375
Willy Tarreaub6866442008-07-14 23:54:42 +02006376 if (!txn)
6377 return 0;
6378
Willy Tarreau33a7e692007-06-10 19:45:56 +02006379 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
6380 /* search for header from the beginning */
6381 ctx->idx = 0;
6382
Willy Tarreau33a7e692007-06-10 19:45:56 +02006383 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
6384 test->flags |= ACL_TEST_F_FETCH_MORE;
6385 test->flags |= ACL_TEST_F_VOL_HDR;
6386 test->len = ctx->vlen;
6387 test->ptr = (char *)ctx->line + ctx->val;
6388 return 1;
6389 }
6390
6391 test->flags &= ~ACL_TEST_F_FETCH_MORE;
6392 test->flags |= ACL_TEST_F_VOL_HDR;
6393 return 0;
6394}
6395
Willy Tarreau33a7e692007-06-10 19:45:56 +02006396static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02006397acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
6398 struct acl_expr *expr, struct acl_test *test)
6399{
6400 struct http_txn *txn = l7;
6401
Willy Tarreaub6866442008-07-14 23:54:42 +02006402 if (!txn)
6403 return 0;
6404
Willy Tarreau655dce92009-11-08 13:10:58 +01006405 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006406 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006407
Willy Tarreauc11416f2007-06-17 16:58:38 +02006408 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6409 /* ensure the indexes are not affected */
6410 return 0;
6411
6412 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
6413}
6414
6415static int
6416acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
6417 struct acl_expr *expr, struct acl_test *test)
6418{
6419 struct http_txn *txn = l7;
6420
Willy Tarreaub6866442008-07-14 23:54:42 +02006421 if (!txn)
6422 return 0;
6423
Willy Tarreau655dce92009-11-08 13:10:58 +01006424 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006425 return 0;
6426
6427 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
6428}
6429
6430/* 6. Check on HTTP header count. The number of occurrences is returned.
6431 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
6432 */
6433static int
6434acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02006435 struct acl_expr *expr, struct acl_test *test)
6436{
6437 struct http_txn *txn = l7;
6438 struct hdr_idx *idx = &txn->hdr_idx;
6439 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02006440 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02006441
Willy Tarreaub6866442008-07-14 23:54:42 +02006442 if (!txn)
6443 return 0;
6444
Willy Tarreau33a7e692007-06-10 19:45:56 +02006445 ctx.idx = 0;
6446 cnt = 0;
6447 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
6448 cnt++;
6449
6450 test->i = cnt;
6451 test->flags = ACL_TEST_F_VOL_HDR;
6452 return 1;
6453}
6454
Willy Tarreauc11416f2007-06-17 16:58:38 +02006455static int
6456acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
6457 struct acl_expr *expr, struct acl_test *test)
6458{
6459 struct http_txn *txn = l7;
6460
Willy Tarreaub6866442008-07-14 23:54:42 +02006461 if (!txn)
6462 return 0;
6463
Willy Tarreau655dce92009-11-08 13:10:58 +01006464 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006465 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006466
Willy Tarreauc11416f2007-06-17 16:58:38 +02006467 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6468 /* ensure the indexes are not affected */
6469 return 0;
6470
6471 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
6472}
6473
6474static int
6475acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
6476 struct acl_expr *expr, struct acl_test *test)
6477{
6478 struct http_txn *txn = l7;
6479
Willy Tarreaub6866442008-07-14 23:54:42 +02006480 if (!txn)
6481 return 0;
6482
Willy Tarreau655dce92009-11-08 13:10:58 +01006483 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006484 return 0;
6485
6486 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
6487}
6488
Willy Tarreau33a7e692007-06-10 19:45:56 +02006489/* 7. Check on HTTP header's integer value. The integer value is returned.
6490 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02006491 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02006492 */
6493static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02006494acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02006495 struct acl_expr *expr, struct acl_test *test)
6496{
6497 struct http_txn *txn = l7;
6498 struct hdr_idx *idx = &txn->hdr_idx;
6499 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02006500
Willy Tarreaub6866442008-07-14 23:54:42 +02006501 if (!txn)
6502 return 0;
6503
Willy Tarreau33a7e692007-06-10 19:45:56 +02006504 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
6505 /* search for header from the beginning */
6506 ctx->idx = 0;
6507
Willy Tarreau33a7e692007-06-10 19:45:56 +02006508 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
6509 test->flags |= ACL_TEST_F_FETCH_MORE;
6510 test->flags |= ACL_TEST_F_VOL_HDR;
6511 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
6512 return 1;
6513 }
6514
6515 test->flags &= ~ACL_TEST_F_FETCH_MORE;
6516 test->flags |= ACL_TEST_F_VOL_HDR;
6517 return 0;
6518}
6519
Willy Tarreauc11416f2007-06-17 16:58:38 +02006520static int
6521acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
6522 struct acl_expr *expr, struct acl_test *test)
6523{
6524 struct http_txn *txn = l7;
6525
Willy Tarreaub6866442008-07-14 23:54:42 +02006526 if (!txn)
6527 return 0;
6528
Willy Tarreau655dce92009-11-08 13:10:58 +01006529 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006530 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006531
Willy Tarreauc11416f2007-06-17 16:58:38 +02006532 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6533 /* ensure the indexes are not affected */
6534 return 0;
6535
6536 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
6537}
6538
6539static int
6540acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
6541 struct acl_expr *expr, struct acl_test *test)
6542{
6543 struct http_txn *txn = l7;
6544
Willy Tarreaub6866442008-07-14 23:54:42 +02006545 if (!txn)
6546 return 0;
6547
Willy Tarreau655dce92009-11-08 13:10:58 +01006548 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006549 return 0;
6550
6551 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
6552}
6553
Willy Tarreau106f9792009-09-19 07:54:16 +02006554/* 7. Check on HTTP header's IPv4 address value. The IPv4 address is returned.
6555 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
6556 */
6557static int
6558acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, char *sol,
6559 struct acl_expr *expr, struct acl_test *test)
6560{
6561 struct http_txn *txn = l7;
6562 struct hdr_idx *idx = &txn->hdr_idx;
6563 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
6564
6565 if (!txn)
6566 return 0;
6567
6568 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
6569 /* search for header from the beginning */
6570 ctx->idx = 0;
6571
6572 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
6573 test->flags |= ACL_TEST_F_FETCH_MORE;
6574 test->flags |= ACL_TEST_F_VOL_HDR;
6575 /* Same optimization as url_ip */
6576 memset(&l4->srv_addr.sin_addr, 0, sizeof(l4->srv_addr.sin_addr));
6577 url2ip((char *)ctx->line + ctx->val, &l4->srv_addr.sin_addr);
6578 test->ptr = (void *)&l4->srv_addr.sin_addr;
6579 test->i = AF_INET;
6580 return 1;
6581 }
6582
6583 test->flags &= ~ACL_TEST_F_FETCH_MORE;
6584 test->flags |= ACL_TEST_F_VOL_HDR;
6585 return 0;
6586}
6587
6588static int
6589acl_fetch_chdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
6590 struct acl_expr *expr, struct acl_test *test)
6591{
6592 struct http_txn *txn = l7;
6593
6594 if (!txn)
6595 return 0;
6596
Willy Tarreau655dce92009-11-08 13:10:58 +01006597 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreau106f9792009-09-19 07:54:16 +02006598 return 0;
6599
6600 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6601 /* ensure the indexes are not affected */
6602 return 0;
6603
6604 return acl_fetch_hdr_ip(px, l4, txn, txn->req.sol, expr, test);
6605}
6606
6607static int
6608acl_fetch_shdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
6609 struct acl_expr *expr, struct acl_test *test)
6610{
6611 struct http_txn *txn = l7;
6612
6613 if (!txn)
6614 return 0;
6615
Willy Tarreau655dce92009-11-08 13:10:58 +01006616 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreau106f9792009-09-19 07:54:16 +02006617 return 0;
6618
6619 return acl_fetch_hdr_ip(px, l4, txn, txn->rsp.sol, expr, test);
6620}
6621
Willy Tarreau737b0c12007-06-10 21:28:46 +02006622/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
6623 * the first '/' after the possible hostname, and ends before the possible '?'.
6624 */
6625static int
6626acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
6627 struct acl_expr *expr, struct acl_test *test)
6628{
6629 struct http_txn *txn = l7;
6630 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02006631
Willy Tarreaub6866442008-07-14 23:54:42 +02006632 if (!txn)
6633 return 0;
6634
Willy Tarreau655dce92009-11-08 13:10:58 +01006635 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02006636 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02006637
Willy Tarreauc11416f2007-06-17 16:58:38 +02006638 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
6639 /* ensure the indexes are not affected */
6640 return 0;
6641
Willy Tarreaua95a1f42010-01-03 13:04:35 +01006642 end = txn->req.sol - txn->req.som + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01006643 ptr = http_get_path(txn);
6644 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02006645 return 0;
6646
6647 /* OK, we got the '/' ! */
6648 test->ptr = ptr;
6649
6650 while (ptr < end && *ptr != '?')
6651 ptr++;
6652
6653 test->len = ptr - test->ptr;
6654
6655 /* we do not need to set READ_ONLY because the data is in a buffer */
6656 test->flags = ACL_TEST_F_VOL_1ST;
6657 return 1;
6658}
6659
Willy Tarreau2492d5b2009-07-11 00:06:00 +02006660static int
6661acl_fetch_proto_http(struct proxy *px, struct session *s, void *l7, int dir,
6662 struct acl_expr *expr, struct acl_test *test)
6663{
6664 struct buffer *req = s->req;
6665 struct http_txn *txn = &s->txn;
6666 struct http_msg *msg = &txn->req;
Willy Tarreau737b0c12007-06-10 21:28:46 +02006667
Willy Tarreau2492d5b2009-07-11 00:06:00 +02006668 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
6669 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
6670 */
6671
6672 if (!s || !req)
6673 return 0;
6674
Willy Tarreau655dce92009-11-08 13:10:58 +01006675 if (unlikely(msg->msg_state >= HTTP_MSG_BODY)) {
Willy Tarreau2492d5b2009-07-11 00:06:00 +02006676 /* Already decoded as OK */
6677 test->flags |= ACL_TEST_F_SET_RES_PASS;
6678 return 1;
6679 }
6680
6681 /* Try to decode HTTP request */
6682 if (likely(req->lr < req->r))
6683 http_msg_analyzer(req, msg, &txn->hdr_idx);
6684
Willy Tarreau655dce92009-11-08 13:10:58 +01006685 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau2492d5b2009-07-11 00:06:00 +02006686 if ((msg->msg_state == HTTP_MSG_ERROR) || (req->flags & BF_FULL)) {
6687 test->flags |= ACL_TEST_F_SET_RES_FAIL;
6688 return 1;
6689 }
6690 /* wait for final state */
6691 test->flags |= ACL_TEST_F_MAY_CHANGE;
6692 return 0;
6693 }
6694
6695 /* OK we got a valid HTTP request. We have some minor preparation to
6696 * perform so that further checks can rely on HTTP tests.
6697 */
6698 msg->sol = req->data + msg->som;
6699 txn->meth = find_http_meth(&req->data[msg->som], msg->sl.rq.m_l);
6700 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
6701 s->flags |= SN_REDIRECTABLE;
6702
6703 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(req, msg, txn)) {
6704 test->flags |= ACL_TEST_F_SET_RES_FAIL;
6705 return 1;
6706 }
6707
6708 test->flags |= ACL_TEST_F_SET_RES_PASS;
6709 return 1;
6710}
6711
Willy Tarreau8797c062007-05-07 00:55:35 +02006712
6713/************************************************************************/
6714/* All supported keywords must be declared here. */
6715/************************************************************************/
6716
6717/* Note: must not be declared <const> as its list will be overwritten */
6718static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02006719 { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT },
6720
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02006721 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
6722 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
6723 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
6724 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02006725
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02006726 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
6727 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
6728 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
6729 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
6730 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
6731 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
6732 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
6733 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
6734 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02006735
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02006736 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
6737 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
6738 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
6739 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
6740 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
6741 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
6742 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
6743 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
6744 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
6745 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau106f9792009-09-19 07:54:16 +02006746 { "hdr_ip", acl_parse_ip, acl_fetch_chdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
Willy Tarreauc11416f2007-06-17 16:58:38 +02006747
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02006748 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
6749 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
6750 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
6751 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
6752 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
6753 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
6754 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
6755 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
6756 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau106f9792009-09-19 07:54:16 +02006757 { "shdr_ip", acl_parse_ip, acl_fetch_shdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02006758
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02006759 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
6760 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
6761 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
6762 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
6763 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
6764 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
6765 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02006766
Willy Tarreauf3d25982007-05-08 22:45:09 +02006767 { NULL, NULL, NULL, NULL },
6768
6769#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02006770 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
6771 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
6772 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
6773 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
6774 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
6775 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
6776 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
6777
Willy Tarreau8797c062007-05-07 00:55:35 +02006778 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
6779 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
6780 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
6781 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
6782 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
6783 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
6784 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
6785 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
6786
6787 { "auth_user", acl_parse_str, acl_fetch_user, acl_match_str },
6788 { "auth_regex", acl_parse_reg, acl_fetch_user, acl_match_reg },
6789 { "auth_clear", acl_parse_str, acl_fetch_auth, acl_match_str },
6790 { "auth_md5", acl_parse_str, acl_fetch_auth, acl_match_md5 },
6791 { NULL, NULL, NULL, NULL },
6792#endif
6793}};
6794
6795
6796__attribute__((constructor))
6797static void __http_protocol_init(void)
6798{
6799 acl_register_keywords(&acl_kws);
6800}
6801
6802
Willy Tarreau58f10d72006-12-04 02:26:12 +01006803/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02006804 * Local variables:
6805 * c-indent-level: 8
6806 * c-basic-offset: 8
6807 * End:
6808 */