blob: 746caed4be7e720b7c6d6a68c0683b26dedb319a [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreauf68a15a2011-01-06 16:53:21 +01004 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreaub05405a2012-01-23 15:35:52 +010026#include <netinet/tcp.h>
27
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010029#include <common/base64.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020030#include <common/chunk.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/compat.h>
32#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010033#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020034#include <common/memory.h>
35#include <common/mini-clist.h>
36#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020037#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020038#include <common/time.h>
39#include <common/uri_auth.h>
40#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
42#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020043#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044
Willy Tarreau8797c062007-05-07 00:55:35 +020045#include <proto/acl.h>
Willy Tarreau61612d42012-04-19 18:42:05 +020046#include <proto/arg.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010047#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/backend.h>
Willy Tarreauc7e42382012-08-24 19:22:53 +020049#include <proto/channel.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010050#include <proto/checks.h>
William Lallemand82fe75c2012-10-23 10:25:10 +020051#include <proto/compression.h>
Willy Tarreau91861262007-10-17 17:06:05 +020052#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020053#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020054#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020055#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010056#include <proto/hdr_idx.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010057#include <proto/pattern.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020058#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020059#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010060#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020061#include <proto/queue.h>
Willy Tarreaucd3b0942012-04-27 21:52:18 +020062#include <proto/sample.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010063#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020064#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010065#include <proto/stream_interface.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020066#include <proto/task.h>
67
Willy Tarreau522d6c02009-12-06 18:49:18 +010068const char HTTP_100[] =
69 "HTTP/1.1 100 Continue\r\n\r\n";
70
71const struct chunk http_100_chunk = {
72 .str = (char *)&HTTP_100,
73 .len = sizeof(HTTP_100)-1
74};
75
Willy Tarreaua9679ac2010-01-03 17:32:57 +010076/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020077const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010078 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010079 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020080 "Location: "; /* not terminated since it will be concatenated with the URL */
81
Willy Tarreau0f772532006-12-23 20:51:41 +010082const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010083 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010084 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010085 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010086 "Location: "; /* not terminated since it will be concatenated with the URL */
87
88/* same as 302 except that the browser MUST retry with the GET method */
89const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010090 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010091 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010092 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010093 "Location: "; /* not terminated since it will be concatenated with the URL */
94
Yves Lafon3e8d1ae2013-03-11 11:06:05 -040095
96/* same as 302 except that the browser MUST retry with the same method */
97const char *HTTP_307 =
98 "HTTP/1.1 307 Temporary Redirect\r\n"
99 "Cache-Control: no-cache\r\n"
100 "Content-length: 0\r\n"
101 "Location: "; /* not terminated since it will be concatenated with the URL */
102
103/* same as 301 except that the browser MUST retry with the same method */
104const char *HTTP_308 =
105 "HTTP/1.1 308 Permanent Redirect\r\n"
106 "Content-length: 0\r\n"
107 "Location: "; /* not terminated since it will be concatenated with the URL */
108
Willy Tarreaubaaee002006-06-26 02:48:02 +0200109/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
110const char *HTTP_401_fmt =
111 "HTTP/1.0 401 Unauthorized\r\n"
112 "Cache-Control: no-cache\r\n"
113 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200114 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200115 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
116 "\r\n"
117 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
118
Willy Tarreau844a7e72010-01-31 21:46:18 +0100119const char *HTTP_407_fmt =
120 "HTTP/1.0 407 Unauthorized\r\n"
121 "Cache-Control: no-cache\r\n"
122 "Connection: close\r\n"
123 "Content-Type: text/html\r\n"
124 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
125 "\r\n"
126 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
127
Willy Tarreau0f772532006-12-23 20:51:41 +0100128
129const int http_err_codes[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200130 [HTTP_ERR_200] = 200, /* used by "monitor-uri" */
Willy Tarreau0f772532006-12-23 20:51:41 +0100131 [HTTP_ERR_400] = 400,
132 [HTTP_ERR_403] = 403,
133 [HTTP_ERR_408] = 408,
134 [HTTP_ERR_500] = 500,
135 [HTTP_ERR_502] = 502,
136 [HTTP_ERR_503] = 503,
137 [HTTP_ERR_504] = 504,
138};
139
Willy Tarreau80587432006-12-24 17:47:20 +0100140static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreauae94d4d2011-05-11 16:28:49 +0200141 [HTTP_ERR_200] =
142 "HTTP/1.0 200 OK\r\n"
143 "Cache-Control: no-cache\r\n"
144 "Connection: close\r\n"
145 "Content-Type: text/html\r\n"
146 "\r\n"
147 "<html><body><h1>200 OK</h1>\nService ready.\n</body></html>\n",
148
Willy Tarreau0f772532006-12-23 20:51:41 +0100149 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100150 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100151 "Cache-Control: no-cache\r\n"
152 "Connection: close\r\n"
153 "Content-Type: text/html\r\n"
154 "\r\n"
155 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
156
157 [HTTP_ERR_403] =
158 "HTTP/1.0 403 Forbidden\r\n"
159 "Cache-Control: no-cache\r\n"
160 "Connection: close\r\n"
161 "Content-Type: text/html\r\n"
162 "\r\n"
163 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
164
165 [HTTP_ERR_408] =
166 "HTTP/1.0 408 Request Time-out\r\n"
167 "Cache-Control: no-cache\r\n"
168 "Connection: close\r\n"
169 "Content-Type: text/html\r\n"
170 "\r\n"
171 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
172
173 [HTTP_ERR_500] =
174 "HTTP/1.0 500 Server Error\r\n"
175 "Cache-Control: no-cache\r\n"
176 "Connection: close\r\n"
177 "Content-Type: text/html\r\n"
178 "\r\n"
179 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
180
181 [HTTP_ERR_502] =
182 "HTTP/1.0 502 Bad Gateway\r\n"
183 "Cache-Control: no-cache\r\n"
184 "Connection: close\r\n"
185 "Content-Type: text/html\r\n"
186 "\r\n"
187 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
188
189 [HTTP_ERR_503] =
190 "HTTP/1.0 503 Service Unavailable\r\n"
191 "Cache-Control: no-cache\r\n"
192 "Connection: close\r\n"
193 "Content-Type: text/html\r\n"
194 "\r\n"
195 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
196
197 [HTTP_ERR_504] =
198 "HTTP/1.0 504 Gateway Time-out\r\n"
199 "Cache-Control: no-cache\r\n"
200 "Connection: close\r\n"
201 "Content-Type: text/html\r\n"
202 "\r\n"
203 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
204
205};
206
Cyril Bonté19979e12012-04-04 12:57:21 +0200207/* status codes available for the stats admin page (strictly 4 chars length) */
208const char *stat_status_codes[STAT_STATUS_SIZE] = {
209 [STAT_STATUS_DENY] = "DENY",
210 [STAT_STATUS_DONE] = "DONE",
211 [STAT_STATUS_ERRP] = "ERRP",
212 [STAT_STATUS_EXCD] = "EXCD",
213 [STAT_STATUS_NONE] = "NONE",
214 [STAT_STATUS_PART] = "PART",
215 [STAT_STATUS_UNKN] = "UNKN",
216};
217
218
Willy Tarreau80587432006-12-24 17:47:20 +0100219/* We must put the messages here since GCC cannot initialize consts depending
220 * on strlen().
221 */
222struct chunk http_err_chunks[HTTP_ERR_SIZE];
223
Willy Tarreaua890d072013-04-02 12:01:06 +0200224/* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */
225static struct hdr_ctx static_hdr_ctx;
226
Willy Tarreau42250582007-04-01 01:30:43 +0200227#define FD_SETS_ARE_BITFIELDS
228#ifdef FD_SETS_ARE_BITFIELDS
229/*
230 * This map is used with all the FD_* macros to check whether a particular bit
231 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
232 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
233 * byte should be encoded. Be careful to always pass bytes from 0 to 255
234 * exclusively to the macros.
235 */
236fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
237fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100238fd_set http_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
Willy Tarreau42250582007-04-01 01:30:43 +0200239
240#else
241#error "Check if your OS uses bitfields for fd_sets"
242#endif
243
Willy Tarreau80587432006-12-24 17:47:20 +0100244void init_proto_http()
245{
Willy Tarreau42250582007-04-01 01:30:43 +0200246 int i;
247 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100248 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200249
Willy Tarreau80587432006-12-24 17:47:20 +0100250 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
251 if (!http_err_msgs[msg]) {
252 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
253 abort();
254 }
255
256 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
257 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
258 }
Willy Tarreau42250582007-04-01 01:30:43 +0200259
260 /* initialize the log header encoding map : '{|}"#' should be encoded with
261 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
262 * URL encoding only requires '"', '#' to be encoded as well as non-
263 * printable characters above.
264 */
265 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
266 memset(url_encode_map, 0, sizeof(url_encode_map));
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100267 memset(http_encode_map, 0, sizeof(url_encode_map));
Willy Tarreau42250582007-04-01 01:30:43 +0200268 for (i = 0; i < 32; i++) {
269 FD_SET(i, hdr_encode_map);
270 FD_SET(i, url_encode_map);
271 }
272 for (i = 127; i < 256; i++) {
273 FD_SET(i, hdr_encode_map);
274 FD_SET(i, url_encode_map);
275 }
276
277 tmp = "\"#{|}";
278 while (*tmp) {
279 FD_SET(*tmp, hdr_encode_map);
280 tmp++;
281 }
282
283 tmp = "\"#";
284 while (*tmp) {
285 FD_SET(*tmp, url_encode_map);
286 tmp++;
287 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200288
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +0100289 /* initialize the http header encoding map. The draft httpbis define the
290 * header content as:
291 *
292 * HTTP-message = start-line
293 * *( header-field CRLF )
294 * CRLF
295 * [ message-body ]
296 * header-field = field-name ":" OWS field-value OWS
297 * field-value = *( field-content / obs-fold )
298 * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
299 * obs-fold = CRLF 1*( SP / HTAB )
300 * field-vchar = VCHAR / obs-text
301 * VCHAR = %x21-7E
302 * obs-text = %x80-FF
303 *
304 * All the chars are encoded except "VCHAR", "obs-text", SP and HTAB.
305 * The encoded chars are form 0x00 to 0x08, 0x0a to 0x1f and 0x7f. The
306 * "obs-fold" is volontary forgotten because haproxy remove this.
307 */
308 memset(http_encode_map, 0, sizeof(http_encode_map));
309 for (i = 0x00; i <= 0x08; i++)
310 FD_SET(i, http_encode_map);
311 for (i = 0x0a; i <= 0x1f; i++)
312 FD_SET(i, http_encode_map);
313 FD_SET(0x7f, http_encode_map);
314
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200315 /* memory allocations */
316 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
William Lallemanda73203e2012-03-12 12:48:57 +0100317 pool2_uniqueid = create_pool("uniqueid", UNIQUEID_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100318}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200319
Willy Tarreau53b6c742006-12-17 13:37:46 +0100320/*
321 * We have 26 list of methods (1 per first letter), each of which can have
322 * up to 3 entries (2 valid, 1 null).
323 */
324struct http_method_desc {
Willy Tarreauc8987b32013-12-06 23:43:17 +0100325 enum http_meth_t meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100326 int len;
327 const char text[8];
328};
329
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100330const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100331 ['C' - 'A'] = {
332 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
333 },
334 ['D' - 'A'] = {
335 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
336 },
337 ['G' - 'A'] = {
338 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
339 },
340 ['H' - 'A'] = {
341 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
342 },
343 ['P' - 'A'] = {
344 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
345 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
346 },
347 ['T' - 'A'] = {
348 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
349 },
350 /* rest is empty like this :
351 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
352 */
353};
354
Thierry FOURNIERd4373142013-12-17 01:10:10 +0100355const struct http_method_name http_known_methods[HTTP_METH_OTHER] = {
356 [HTTP_METH_NONE] = { "", 0 },
357 [HTTP_METH_OPTIONS] = { "OPTIONS", 7 },
358 [HTTP_METH_GET] = { "GET", 3 },
359 [HTTP_METH_HEAD] = { "HEAD", 4 },
360 [HTTP_METH_POST] = { "POST", 4 },
361 [HTTP_METH_PUT] = { "PUT", 3 },
362 [HTTP_METH_DELETE] = { "DELETE", 6 },
363 [HTTP_METH_TRACE] = { "TRACE", 5 },
364 [HTTP_METH_CONNECT] = { "CONNECT", 7 },
365};
366
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100367/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200368 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100369 * RFC2616 for those chars.
370 */
371
372const char http_is_spht[256] = {
373 [' '] = 1, ['\t'] = 1,
374};
375
376const char http_is_crlf[256] = {
377 ['\r'] = 1, ['\n'] = 1,
378};
379
380const char http_is_lws[256] = {
381 [' '] = 1, ['\t'] = 1,
382 ['\r'] = 1, ['\n'] = 1,
383};
384
385const char http_is_sep[256] = {
386 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
387 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
388 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
389 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
390 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
391};
392
393const char http_is_ctl[256] = {
394 [0 ... 31] = 1,
395 [127] = 1,
396};
397
398/*
399 * A token is any ASCII char that is neither a separator nor a CTL char.
400 * Do not overwrite values in assignment since gcc-2.95 will not handle
401 * them correctly. Instead, define every non-CTL char's status.
402 */
403const char http_is_token[256] = {
404 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
405 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
406 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
407 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
408 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
409 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
410 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
411 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
412 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
413 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
414 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
415 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
416 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
417 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
418 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
419 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
420 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
421 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
422 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
423 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
424 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
425 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
426 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
427 ['|'] = 1, ['}'] = 0, ['~'] = 1,
428};
429
430
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100431/*
432 * An http ver_token is any ASCII which can be found in an HTTP version,
433 * which includes 'H', 'T', 'P', '/', '.' and any digit.
434 */
435const char http_is_ver_token[256] = {
436 ['.'] = 1, ['/'] = 1,
437 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
438 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
439 ['H'] = 1, ['P'] = 1, ['T'] = 1,
440};
441
442
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100443/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100444 * Adds a header and its CRLF at the tail of the message's buffer, just before
445 * the last CRLF. Text length is measured first, so it cannot be NULL.
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100446 * The header is also automatically added to the index <hdr_idx>, and the end
447 * of headers is automatically adjusted. The number of bytes added is returned
448 * on success, otherwise <0 is returned indicating an error.
449 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100450int http_header_add_tail(struct http_msg *msg, struct hdr_idx *hdr_idx, const char *text)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100451{
452 int bytes, len;
453
454 len = strlen(text);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200455 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100456 if (!bytes)
457 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100458 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100459 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
460}
461
462/*
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100463 * Adds a header and its CRLF at the tail of the message's buffer, just before
464 * the last CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100465 * the buffer is only opened and the space reserved, but nothing is copied.
466 * The header is also automatically added to the index <hdr_idx>, and the end
467 * of headers is automatically adjusted. The number of bytes added is returned
468 * on success, otherwise <0 is returned indicating an error.
469 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100470int http_header_add_tail2(struct http_msg *msg,
471 struct hdr_idx *hdr_idx, const char *text, int len)
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100472{
473 int bytes;
474
Willy Tarreau9b28e032012-10-12 23:49:43 +0200475 bytes = buffer_insert_line2(msg->chn->buf, msg->chn->buf->p + msg->eoh, text, len);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100476 if (!bytes)
477 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100478 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100479 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
480}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200481
482/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100483 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
484 * If so, returns the position of the first non-space character relative to
485 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
486 * to return a pointer to the place after the first space. Returns 0 if the
487 * header name does not match. Checks are case-insensitive.
488 */
489int http_header_match2(const char *hdr, const char *end,
490 const char *name, int len)
491{
492 const char *val;
493
494 if (hdr + len >= end)
495 return 0;
496 if (hdr[len] != ':')
497 return 0;
498 if (strncasecmp(hdr, name, len) != 0)
499 return 0;
500 val = hdr + len + 1;
501 while (val < end && HTTP_IS_SPHT(*val))
502 val++;
503 if ((val >= end) && (len + 2 <= end - hdr))
504 return len + 2; /* we may replace starting from second space */
505 return val - hdr;
506}
507
Willy Tarreau04ff9f12013-06-10 18:39:42 +0200508/* Find the first or next occurrence of header <name> in message buffer <sol>
509 * using headers index <idx>, and return it in the <ctx> structure. This
510 * structure holds everything necessary to use the header and find next
511 * occurrence. If its <idx> member is 0, the header is searched from the
512 * beginning. Otherwise, the next occurrence is returned. The function returns
513 * 1 when it finds a value, and 0 when there is no more. It is very similar to
514 * http_find_header2() except that it is designed to work with full-line headers
515 * whose comma is not a delimiter but is part of the syntax. As a special case,
516 * if ctx->val is NULL when searching for a new values of a header, the current
517 * header is rescanned. This allows rescanning after a header deletion.
518 */
519int http_find_full_header2(const char *name, int len,
520 char *sol, struct hdr_idx *idx,
521 struct hdr_ctx *ctx)
522{
523 char *eol, *sov;
524 int cur_idx, old_idx;
525
526 cur_idx = ctx->idx;
527 if (cur_idx) {
528 /* We have previously returned a header, let's search another one */
529 sol = ctx->line;
530 eol = sol + idx->v[cur_idx].len;
531 goto next_hdr;
532 }
533
534 /* first request for this header */
535 sol += hdr_idx_first_pos(idx);
536 old_idx = 0;
537 cur_idx = hdr_idx_first_idx(idx);
538 while (cur_idx) {
539 eol = sol + idx->v[cur_idx].len;
540
541 if (len == 0) {
542 /* No argument was passed, we want any header.
543 * To achieve this, we simply build a fake request. */
544 while (sol + len < eol && sol[len] != ':')
545 len++;
546 name = sol;
547 }
548
549 if ((len < eol - sol) &&
550 (sol[len] == ':') &&
551 (strncasecmp(sol, name, len) == 0)) {
552 ctx->del = len;
553 sov = sol + len + 1;
554 while (sov < eol && http_is_lws[(unsigned char)*sov])
555 sov++;
556
557 ctx->line = sol;
558 ctx->prev = old_idx;
559 ctx->idx = cur_idx;
560 ctx->val = sov - sol;
561 ctx->tws = 0;
562 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
563 eol--;
564 ctx->tws++;
565 }
566 ctx->vlen = eol - sov;
567 return 1;
568 }
569 next_hdr:
570 sol = eol + idx->v[cur_idx].cr + 1;
571 old_idx = cur_idx;
572 cur_idx = idx->v[cur_idx].next;
573 }
574 return 0;
575}
576
Willy Tarreau68085d82010-01-18 14:54:04 +0100577/* Find the end of the header value contained between <s> and <e>. See RFC2616,
578 * par 2.2 for more information. Note that it requires a valid header to return
579 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200580 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100581char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200582{
583 int quoted, qdpair;
584
585 quoted = qdpair = 0;
586 for (; s < e; s++) {
587 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200588 else if (quoted) {
589 if (*s == '\\') qdpair = 1;
590 else if (*s == '"') quoted = 0;
591 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200592 else if (*s == '"') quoted = 1;
593 else if (*s == ',') return s;
594 }
595 return s;
596}
597
598/* Find the first or next occurrence of header <name> in message buffer <sol>
599 * using headers index <idx>, and return it in the <ctx> structure. This
600 * structure holds everything necessary to use the header and find next
601 * occurrence. If its <idx> member is 0, the header is searched from the
602 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100603 * 1 when it finds a value, and 0 when there is no more. It is designed to work
604 * with headers defined as comma-separated lists. As a special case, if ctx->val
605 * is NULL when searching for a new values of a header, the current header is
606 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200607 */
608int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100609 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200610 struct hdr_ctx *ctx)
611{
Willy Tarreau68085d82010-01-18 14:54:04 +0100612 char *eol, *sov;
613 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200614
Willy Tarreau68085d82010-01-18 14:54:04 +0100615 cur_idx = ctx->idx;
616 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200617 /* We have previously returned a value, let's search
618 * another one on the same line.
619 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200620 sol = ctx->line;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200621 ctx->del = ctx->val + ctx->vlen + ctx->tws;
Willy Tarreau68085d82010-01-18 14:54:04 +0100622 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200623 eol = sol + idx->v[cur_idx].len;
624
625 if (sov >= eol)
626 /* no more values in this header */
627 goto next_hdr;
628
Willy Tarreau68085d82010-01-18 14:54:04 +0100629 /* values remaining for this header, skip the comma but save it
630 * for later use (eg: for header deletion).
631 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200632 sov++;
633 while (sov < eol && http_is_lws[(unsigned char)*sov])
634 sov++;
635
636 goto return_hdr;
637 }
638
639 /* first request for this header */
640 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100641 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200642 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200643 while (cur_idx) {
644 eol = sol + idx->v[cur_idx].len;
645
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200646 if (len == 0) {
647 /* No argument was passed, we want any header.
648 * To achieve this, we simply build a fake request. */
649 while (sol + len < eol && sol[len] != ':')
650 len++;
651 name = sol;
652 }
653
Willy Tarreau33a7e692007-06-10 19:45:56 +0200654 if ((len < eol - sol) &&
655 (sol[len] == ':') &&
656 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100657 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200658 sov = sol + len + 1;
659 while (sov < eol && http_is_lws[(unsigned char)*sov])
660 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100661
Willy Tarreau33a7e692007-06-10 19:45:56 +0200662 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100663 ctx->prev = old_idx;
664 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200665 ctx->idx = cur_idx;
666 ctx->val = sov - sol;
667
668 eol = find_hdr_value_end(sov, eol);
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200669 ctx->tws = 0;
Willy Tarreau275600b2011-09-16 08:11:26 +0200670 while (eol > sov && http_is_lws[(unsigned char)*(eol - 1)]) {
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200671 eol--;
672 ctx->tws++;
673 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200674 ctx->vlen = eol - sov;
675 return 1;
676 }
677 next_hdr:
678 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100679 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200680 cur_idx = idx->v[cur_idx].next;
681 }
682 return 0;
683}
684
685int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100686 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200687 struct hdr_ctx *ctx)
688{
689 return http_find_header2(name, strlen(name), sol, idx, ctx);
690}
691
Willy Tarreau68085d82010-01-18 14:54:04 +0100692/* Remove one value of a header. This only works on a <ctx> returned by one of
693 * the http_find_header functions. The value is removed, as well as surrounding
694 * commas if any. If the removed value was alone, the whole header is removed.
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100695 * The ctx is always updated accordingly, as well as the buffer and HTTP
Willy Tarreau68085d82010-01-18 14:54:04 +0100696 * message <msg>. The new index is returned. If it is zero, it means there is
697 * no more header, so any processing may stop. The ctx is always left in a form
698 * that can be handled by http_find_header2() to find next occurrence.
699 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +0100700int http_remove_header2(struct http_msg *msg, struct hdr_idx *idx, struct hdr_ctx *ctx)
Willy Tarreau68085d82010-01-18 14:54:04 +0100701{
702 int cur_idx = ctx->idx;
703 char *sol = ctx->line;
704 struct hdr_idx_elem *hdr;
705 int delta, skip_comma;
706
707 if (!cur_idx)
708 return 0;
709
710 hdr = &idx->v[cur_idx];
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200711 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen + ctx->tws == hdr->len) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100712 /* This was the only value of the header, we must now remove it entirely. */
Willy Tarreau9b28e032012-10-12 23:49:43 +0200713 delta = buffer_replace2(msg->chn->buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
Willy Tarreau68085d82010-01-18 14:54:04 +0100714 http_msg_move_end(msg, delta);
715 idx->used--;
716 hdr->len = 0; /* unused entry */
717 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100718 if (idx->tail == ctx->idx)
719 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100720 ctx->idx = ctx->prev; /* walk back to the end of previous header */
721 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
722 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200723 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100724 return ctx->idx;
725 }
726
727 /* This was not the only value of this header. We have to remove between
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200728 * ctx->del+1 and ctx->val+ctx->vlen+ctx->tws+1 included. If it is the
729 * last entry of the list, we remove the last separator.
Willy Tarreau68085d82010-01-18 14:54:04 +0100730 */
731
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200732 skip_comma = (ctx->val + ctx->vlen + ctx->tws == hdr->len) ? 0 : 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +0200733 delta = buffer_replace2(msg->chn->buf, sol + ctx->del + skip_comma,
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200734 sol + ctx->val + ctx->vlen + ctx->tws + skip_comma,
Willy Tarreau68085d82010-01-18 14:54:04 +0100735 NULL, 0);
736 hdr->len += delta;
737 http_msg_move_end(msg, delta);
738 ctx->val = ctx->del;
Willy Tarreau588bd4f2011-09-01 22:22:28 +0200739 ctx->tws = ctx->vlen = 0;
Willy Tarreau68085d82010-01-18 14:54:04 +0100740 return ctx->idx;
741}
742
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100743/* This function handles a server error at the stream interface level. The
744 * stream interface is assumed to be already in a closed state. An optional
745 * message is copied into the input buffer, and an HTTP status code stored.
746 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100747 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200748 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200749static void http_server_error(struct session *s, struct stream_interface *si,
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100750 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200751{
Willy Tarreau8263d2b2012-08-28 00:06:31 +0200752 channel_auto_read(si->ob);
753 channel_abort(si->ob);
754 channel_auto_close(si->ob);
755 channel_erase(si->ob);
756 channel_auto_close(si->ib);
757 channel_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100758 if (status > 0 && msg) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200759 s->txn.status = status;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +0200760 bo_inject(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200761 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +0200762 if (!(s->flags & SN_ERR_MASK))
763 s->flags |= err;
764 if (!(s->flags & SN_FINST_MASK))
765 s->flags |= finst;
Willy Tarreaubaaee002006-06-26 02:48:02 +0200766}
767
Willy Tarreau80587432006-12-24 17:47:20 +0100768/* This function returns the appropriate error location for the given session
769 * and message.
770 */
771
Willy Tarreau783f2582012-09-04 12:19:04 +0200772struct chunk *http_error_message(struct session *s, int msgnum)
Willy Tarreau80587432006-12-24 17:47:20 +0100773{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200774 if (s->be->errmsg[msgnum].str)
775 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100776 else if (s->fe->errmsg[msgnum].str)
777 return &s->fe->errmsg[msgnum];
778 else
779 return &http_err_chunks[msgnum];
780}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200781
Willy Tarreau53b6c742006-12-17 13:37:46 +0100782/*
783 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
784 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
785 */
Thierry FOURNIERd4373142013-12-17 01:10:10 +0100786enum http_meth_t find_http_meth(const char *str, const int len)
Willy Tarreau53b6c742006-12-17 13:37:46 +0100787{
788 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100789 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100790
791 m = ((unsigned)*str - 'A');
792
793 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100794 for (h = http_methods[m]; h->len > 0; h++) {
795 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100796 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100797 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100798 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100799 };
800 return HTTP_METH_OTHER;
801 }
802 return HTTP_METH_NONE;
803
804}
805
Willy Tarreau21d2af32008-02-14 20:25:24 +0100806/* Parse the URI from the given transaction (which is assumed to be in request
807 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
808 * It is returned otherwise.
809 */
810static char *
811http_get_path(struct http_txn *txn)
812{
813 char *ptr, *end;
814
Willy Tarreau9b28e032012-10-12 23:49:43 +0200815 ptr = txn->req.chn->buf->p + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100816 end = ptr + txn->req.sl.rq.u_l;
817
818 if (ptr >= end)
819 return NULL;
820
821 /* RFC2616, par. 5.1.2 :
822 * Request-URI = "*" | absuri | abspath | authority
823 */
824
825 if (*ptr == '*')
826 return NULL;
827
828 if (isalpha((unsigned char)*ptr)) {
829 /* this is a scheme as described by RFC3986, par. 3.1 */
830 ptr++;
831 while (ptr < end &&
832 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
833 ptr++;
834 /* skip '://' */
835 if (ptr == end || *ptr++ != ':')
836 return NULL;
837 if (ptr == end || *ptr++ != '/')
838 return NULL;
839 if (ptr == end || *ptr++ != '/')
840 return NULL;
841 }
842 /* skip [user[:passwd]@]host[:[port]] */
843
844 while (ptr < end && *ptr != '/')
845 ptr++;
846
847 if (ptr == end)
848 return NULL;
849
850 /* OK, we got the '/' ! */
851 return ptr;
852}
853
William Lallemand65ad6e12014-01-31 15:08:02 +0100854/* Parse the URI from the given string and look for the "/" beginning the PATH.
855 * If not found, return NULL. It is returned otherwise.
856 */
857static char *
858http_get_path_from_string(char *str)
859{
860 char *ptr = str;
861
862 /* RFC2616, par. 5.1.2 :
863 * Request-URI = "*" | absuri | abspath | authority
864 */
865
866 if (*ptr == '*')
867 return NULL;
868
869 if (isalpha((unsigned char)*ptr)) {
870 /* this is a scheme as described by RFC3986, par. 3.1 */
871 ptr++;
872 while (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.')
873 ptr++;
874 /* skip '://' */
875 if (*ptr == '\0' || *ptr++ != ':')
876 return NULL;
877 if (*ptr == '\0' || *ptr++ != '/')
878 return NULL;
879 if (*ptr == '\0' || *ptr++ != '/')
880 return NULL;
881 }
882 /* skip [user[:passwd]@]host[:[port]] */
883
884 while (*ptr != '\0' && *ptr != ' ' && *ptr != '/')
885 ptr++;
886
887 if (*ptr == '\0' || *ptr == ' ')
888 return NULL;
889
890 /* OK, we got the '/' ! */
891 return ptr;
892}
893
Willy Tarreau71241ab2012-12-27 11:30:54 +0100894/* Returns a 302 for a redirectable request that reaches a server working in
895 * in redirect mode. This may only be called just after the stream interface
896 * has moved to SI_ST_ASS. Unprocessable requests are left unchanged and will
897 * follow normal proxy processing. NOTE: this function is designed to support
898 * being called once data are scheduled for forwarding.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100899 */
Willy Tarreau71241ab2012-12-27 11:30:54 +0100900void http_perform_server_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100901{
902 struct http_txn *txn;
Willy Tarreau827aee92011-03-10 16:55:02 +0100903 struct server *srv;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100904 char *path;
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200905 int len, rewind;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100906
907 /* 1: create the response header */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100908 trash.len = strlen(HTTP_302);
909 memcpy(trash.str, HTTP_302, trash.len);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100910
Willy Tarreau3fdb3662012-11-12 00:42:33 +0100911 srv = objt_server(s->target);
Willy Tarreau827aee92011-03-10 16:55:02 +0100912
Willy Tarreauefb453c2008-10-26 20:49:47 +0100913 /* 2: add the server's prefix */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100914 if (trash.len + srv->rdr_len > trash.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100915 return;
916
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100917 /* special prefix "/" means don't change URL */
Willy Tarreau827aee92011-03-10 16:55:02 +0100918 if (srv->rdr_len != 1 || *srv->rdr_pfx != '/') {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100919 memcpy(trash.str + trash.len, srv->rdr_pfx, srv->rdr_len);
920 trash.len += srv->rdr_len;
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100921 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100922
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200923 /* 3: add the request URI. Since it was already forwarded, we need
924 * to temporarily rewind the buffer.
925 */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100926 txn = &s->txn;
Willy Tarreau211cdec2014-04-17 20:18:08 +0200927 b_rew(s->req->buf, rewind = http_hdr_rewind(&txn->req));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200928
Willy Tarreauefb453c2008-10-26 20:49:47 +0100929 path = http_get_path(txn);
Willy Tarreau9b28e032012-10-12 23:49:43 +0200930 len = buffer_count(s->req->buf, path, b_ptr(s->req->buf, txn->req.sl.rq.u + txn->req.sl.rq.u_l));
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200931
Willy Tarreau9b28e032012-10-12 23:49:43 +0200932 b_adv(s->req->buf, rewind);
Willy Tarreaucde18fc2012-05-30 07:59:54 +0200933
Willy Tarreauefb453c2008-10-26 20:49:47 +0100934 if (!path)
935 return;
936
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100937 if (trash.len + len > trash.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100938 return;
939
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100940 memcpy(trash.str + trash.len, path, len);
941 trash.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100942
943 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100944 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
945 trash.len += 29;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100946 } else {
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100947 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
948 trash.len += 23;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100949 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100950
951 /* prepare to return without error. */
Willy Tarreau73b013b2012-05-21 16:31:45 +0200952 si_shutr(si);
953 si_shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100954 si->err_type = SI_ET_NONE;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100955 si->state = SI_ST_CLO;
956
957 /* send the message */
Willy Tarreau570f2212013-06-10 16:42:09 +0200958 http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100959
960 /* FIXME: we should increase a counter of redirects per server and per backend. */
Willy Tarreau4521ba62013-01-24 01:25:25 +0100961 srv_inc_sess_ctr(srv);
Bhaskar Maddalaa20cb852014-02-03 16:26:46 -0500962 srv_set_sess_last(srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100963}
964
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100965/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100966 * that the server side is closed. Note that err_type is actually a
967 * bitmask, where almost only aborts may be cumulated with other
968 * values. We consider that aborted operations are more important
969 * than timeouts or errors due to the fact that nobody else in the
970 * logs might explain incomplete retries. All others should avoid
971 * being cumulated. It should normally not be possible to have multiple
972 * aborts at once, but just in case, the first one in sequence is reported.
Willy Tarreau6b726ad2013-12-15 19:31:37 +0100973 * Note that connection errors appearing on the second request of a keep-alive
974 * connection are not reported since this allows the client to retry.
Willy Tarreauefb453c2008-10-26 20:49:47 +0100975 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100976void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100977{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100978 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100979
980 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100981 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200982 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100983 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100984 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +0100985 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
986 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100987 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100988 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200989 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100990 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100991 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
Willy Tarreau783f2582012-09-04 12:19:04 +0200992 503, http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100993 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100994 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +0100995 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
996 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100997 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100998 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
Willy Tarreau36346242014-02-24 18:26:30 +0100999 503, (s->flags & SN_SRV_REUSED) ? NULL :
Willy Tarreau6b726ad2013-12-15 19:31:37 +01001000 http_error_message(s, HTTP_ERR_503));
Willy Tarreau2d400bb2012-05-14 12:11:47 +02001001 else if (err_type & SI_ET_CONN_RES)
1002 http_server_error(s, si, SN_ERR_RESOURCE, SN_FINST_C,
Willy Tarreau6b726ad2013-12-15 19:31:37 +01001003 503, (s->txn.flags & TX_NOT_FIRST) ? NULL :
1004 http_error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001005 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +01001006 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
Willy Tarreau783f2582012-09-04 12:19:04 +02001007 500, http_error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +01001008}
1009
Willy Tarreau42250582007-04-01 01:30:43 +02001010extern const char sess_term_cond[8];
1011extern const char sess_fin_state[8];
1012extern const char *monthname[12];
Willy Tarreau332f8bf2007-05-13 21:36:56 +02001013struct pool_head *pool2_requri;
Willy Tarreau193b8c62012-11-22 00:17:38 +01001014struct pool_head *pool2_capture = NULL;
William Lallemanda73203e2012-03-12 12:48:57 +01001015struct pool_head *pool2_uniqueid;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001016
Willy Tarreau117f59e2007-03-04 18:17:17 +01001017/*
1018 * Capture headers from message starting at <som> according to header list
1019 * <cap_hdr>, and fill the <idx> structure appropriately.
1020 */
1021void capture_headers(char *som, struct hdr_idx *idx,
1022 char **cap, struct cap_hdr *cap_hdr)
1023{
1024 char *eol, *sol, *col, *sov;
1025 int cur_idx;
1026 struct cap_hdr *h;
1027 int len;
1028
1029 sol = som + hdr_idx_first_pos(idx);
1030 cur_idx = hdr_idx_first_idx(idx);
1031
1032 while (cur_idx) {
1033 eol = sol + idx->v[cur_idx].len;
1034
1035 col = sol;
1036 while (col < eol && *col != ':')
1037 col++;
1038
1039 sov = col + 1;
1040 while (sov < eol && http_is_lws[(unsigned char)*sov])
1041 sov++;
1042
1043 for (h = cap_hdr; h; h = h->next) {
1044 if ((h->namelen == col - sol) &&
1045 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1046 if (cap[h->index] == NULL)
1047 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001048 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001049
1050 if (cap[h->index] == NULL) {
1051 Alert("HTTP capture : out of memory.\n");
1052 continue;
1053 }
1054
1055 len = eol - sov;
1056 if (len > h->len)
1057 len = h->len;
1058
1059 memcpy(cap[h->index], sov, len);
1060 cap[h->index][len]=0;
1061 }
1062 }
1063 sol = eol + idx->v[cur_idx].cr + 1;
1064 cur_idx = idx->v[cur_idx].next;
1065 }
1066}
1067
1068
Willy Tarreau42250582007-04-01 01:30:43 +02001069/* either we find an LF at <ptr> or we jump to <bad>.
1070 */
1071#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1072
1073/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1074 * otherwise to <http_msg_ood> with <state> set to <st>.
1075 */
1076#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1077 ptr++; \
1078 if (likely(ptr < end)) \
1079 goto good; \
1080 else { \
1081 state = (st); \
1082 goto http_msg_ood; \
1083 } \
1084 } while (0)
1085
1086
Willy Tarreaubaaee002006-06-26 02:48:02 +02001087/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001088 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001089 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1090 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1091 * will give undefined results.
1092 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1093 * and that msg->sol points to the beginning of the response.
1094 * If a complete line is found (which implies that at least one CR or LF is
1095 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1096 * returned indicating an incomplete line (which does not mean that parts have
1097 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1098 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1099 * upon next call.
1100 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001101 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001102 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1103 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001104 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001105 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001106const char *http_parse_stsline(struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01001107 enum ht_state state, const char *ptr, const char *end,
1108 unsigned int *ret_ptr, enum ht_state *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001109{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001110 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001111
Willy Tarreau8973c702007-01-21 23:58:29 +01001112 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001113 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001114 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001115 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001116 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1117
1118 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001119 msg->sl.st.v_l = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001120 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1121 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001122 state = HTTP_MSG_ERROR;
1123 break;
1124
Willy Tarreau8973c702007-01-21 23:58:29 +01001125 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001126 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001127 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001128 msg->sl.st.c = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001129 goto http_msg_rpcode;
1130 }
1131 if (likely(HTTP_IS_SPHT(*ptr)))
1132 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1133 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001134 state = HTTP_MSG_ERROR;
1135 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001136
Willy Tarreau8973c702007-01-21 23:58:29 +01001137 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001138 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +01001139 if (likely(!HTTP_IS_LWS(*ptr)))
1140 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1141
1142 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001143 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001144 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1145 }
1146
1147 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001148 msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001149 http_msg_rsp_reason:
1150 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001151 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001152 msg->sl.st.r_l = 0;
1153 goto http_msg_rpline_eol;
1154
Willy Tarreau8973c702007-01-21 23:58:29 +01001155 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001156 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001157 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001158 msg->sl.st.r = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001159 goto http_msg_rpreason;
1160 }
1161 if (likely(HTTP_IS_SPHT(*ptr)))
1162 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1163 /* so it's a CR/LF, so there is no reason phrase */
1164 goto http_msg_rsp_reason;
1165
Willy Tarreau8973c702007-01-21 23:58:29 +01001166 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001167 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001168 if (likely(!HTTP_IS_CRLF(*ptr)))
1169 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreauea1175a2012-03-05 15:52:30 +01001170 msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001171 http_msg_rpline_eol:
1172 /* We have seen the end of line. Note that we do not
1173 * necessarily have the \n yet, but at least we know that we
1174 * have EITHER \r OR \n, otherwise the response would not be
1175 * complete. We can then record the response length and return
1176 * to the caller which will be able to register it.
1177 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001178 msg->sl.st.l = ptr - msg_start - msg->sol;
Willy Tarreau8973c702007-01-21 23:58:29 +01001179 return ptr;
1180
Willy Tarreau8973c702007-01-21 23:58:29 +01001181 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001182#ifdef DEBUG_FULL
Willy Tarreau8973c702007-01-21 23:58:29 +01001183 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1184 exit(1);
1185#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001186 ;
Willy Tarreau8973c702007-01-21 23:58:29 +01001187 }
1188
1189 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001190 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001191 if (ret_state)
1192 *ret_state = state;
1193 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001194 *ret_ptr = ptr - msg_start;
Willy Tarreau8973c702007-01-21 23:58:29 +01001195 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001196}
1197
Willy Tarreau8973c702007-01-21 23:58:29 +01001198/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001199 * This function parses a request line between <ptr> and <end>, starting with
1200 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1201 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1202 * will give undefined results.
1203 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1204 * and that msg->sol points to the beginning of the request.
1205 * If a complete line is found (which implies that at least one CR or LF is
1206 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1207 * returned indicating an incomplete line (which does not mean that parts have
1208 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1209 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1210 * upon next call.
1211 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001212 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001213 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1214 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001215 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001216 */
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001217const char *http_parse_reqline(struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01001218 enum ht_state state, const char *ptr, const char *end,
1219 unsigned int *ret_ptr, enum ht_state *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001220{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001221 const char *msg_start = msg->chn->buf->p;
Willy Tarreau62f791e2012-03-09 11:32:30 +01001222
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001223 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001224 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001225 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001226 if (likely(HTTP_IS_TOKEN(*ptr)))
1227 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001228
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001229 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001230 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001231 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1232 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001233
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001234 if (likely(HTTP_IS_CRLF(*ptr))) {
1235 /* HTTP 0.9 request */
Willy Tarreauea1175a2012-03-05 15:52:30 +01001236 msg->sl.rq.m_l = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001237 http_msg_req09_uri:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001238 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001239 http_msg_req09_uri_e:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001240 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001241 http_msg_req09_ver:
Willy Tarreauea1175a2012-03-05 15:52:30 +01001242 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001243 msg->sl.rq.v_l = 0;
1244 goto http_msg_rqline_eol;
1245 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001246 state = HTTP_MSG_ERROR;
1247 break;
1248
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001249 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001250 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001251 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001252 msg->sl.rq.u = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001253 goto http_msg_rquri;
1254 }
1255 if (likely(HTTP_IS_SPHT(*ptr)))
1256 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1257 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1258 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001259
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001260 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001261 http_msg_rquri:
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001262 if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001263 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001264
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001265 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001266 msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001267 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1268 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001269
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001270 if (likely((unsigned char)*ptr >= 128)) {
Willy Tarreau422246e2012-01-07 23:54:13 +01001271 /* non-ASCII chars are forbidden unless option
1272 * accept-invalid-http-request is enabled in the frontend.
1273 * In any case, we capture the faulty char.
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001274 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001275 if (msg->err_pos < -1)
1276 goto invalid_char;
1277 if (msg->err_pos == -1)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001278 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001279 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
1280 }
1281
1282 if (likely(HTTP_IS_CRLF(*ptr))) {
1283 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1284 goto http_msg_req09_uri_e;
1285 }
1286
1287 /* OK forbidden chars, 0..31 or 127 */
Willy Tarreau422246e2012-01-07 23:54:13 +01001288 invalid_char:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001289 msg->err_pos = ptr - msg_start;
Willy Tarreau2e9506d2012-01-07 23:22:31 +01001290 state = HTTP_MSG_ERROR;
1291 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001292
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001293 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001294 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001295 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001296 msg->sl.rq.v = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001297 goto http_msg_rqver;
1298 }
1299 if (likely(HTTP_IS_SPHT(*ptr)))
1300 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1301 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1302 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001303
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001304 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001305 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001306 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001307 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001308
1309 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreauea1175a2012-03-05 15:52:30 +01001310 msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001311 http_msg_rqline_eol:
1312 /* We have seen the end of line. Note that we do not
1313 * necessarily have the \n yet, but at least we know that we
1314 * have EITHER \r OR \n, otherwise the request would not be
1315 * complete. We can then record the request length and return
1316 * to the caller which will be able to register it.
1317 */
Willy Tarreau3a215be2012-03-09 21:39:51 +01001318 msg->sl.rq.l = ptr - msg_start - msg->sol;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001319 return ptr;
1320 }
1321
1322 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001323 state = HTTP_MSG_ERROR;
1324 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001325
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001326 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001327#ifdef DEBUG_FULL
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001328 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1329 exit(1);
1330#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001331 ;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001332 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001333
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001334 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001335 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001336 if (ret_state)
1337 *ret_state = state;
1338 if (ret_ptr)
Willy Tarreaua458b672012-03-05 11:17:50 +01001339 *ret_ptr = ptr - msg_start;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001340 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001341}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001342
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001343/*
1344 * Returns the data from Authorization header. Function may be called more
1345 * than once so data is stored in txn->auth_data. When no header is found
1346 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
Thierry FOURNIER98d96952014-01-23 12:13:02 +01001347 * searching again for something we are unable to find anyway. However, if
1348 * the result if valid, the cache is not reused because we would risk to
1349 * have the credentials overwritten by another session in parallel.
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001350 */
1351
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01001352/* This bufffer is initialized in the file 'src/haproxy.c'. This length is
1353 * set according to global.tune.bufsize.
1354 */
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001355char *get_http_auth_buff;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001356
1357int
1358get_http_auth(struct session *s)
1359{
1360
1361 struct http_txn *txn = &s->txn;
1362 struct chunk auth_method;
1363 struct hdr_ctx ctx;
1364 char *h, *p;
1365 int len;
1366
1367#ifdef DEBUG_AUTH
1368 printf("Auth for session %p: %d\n", s, txn->auth.method);
1369#endif
1370
1371 if (txn->auth.method == HTTP_AUTH_WRONG)
1372 return 0;
1373
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001374 txn->auth.method = HTTP_AUTH_WRONG;
1375
1376 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001377
1378 if (txn->flags & TX_USE_PX_CONN) {
1379 h = "Proxy-Authorization";
1380 len = strlen(h);
1381 } else {
1382 h = "Authorization";
1383 len = strlen(h);
1384 }
1385
Willy Tarreau9b28e032012-10-12 23:49:43 +02001386 if (!http_find_header2(h, len, s->req->buf->p, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001387 return 0;
1388
1389 h = ctx.line + ctx.val;
1390
1391 p = memchr(h, ' ', ctx.vlen);
1392 if (!p || p == h)
1393 return 0;
1394
1395 chunk_initlen(&auth_method, h, 0, p-h);
1396 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1397
1398 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1399
1400 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
Willy Tarreau7e2c6472012-10-29 20:44:36 +01001401 get_http_auth_buff, global.tune.bufsize - 1);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001402
1403 if (len < 0)
1404 return 0;
1405
1406
1407 get_http_auth_buff[len] = '\0';
1408
1409 p = strchr(get_http_auth_buff, ':');
1410
1411 if (!p)
1412 return 0;
1413
1414 txn->auth.user = get_http_auth_buff;
1415 *p = '\0';
1416 txn->auth.pass = p+1;
1417
1418 txn->auth.method = HTTP_AUTH_BASIC;
1419 return 1;
1420 }
1421
1422 return 0;
1423}
1424
Willy Tarreau58f10d72006-12-04 02:26:12 +01001425
Willy Tarreau8973c702007-01-21 23:58:29 +01001426/*
1427 * This function parses an HTTP message, either a request or a response,
Willy Tarreau8b1323e2012-03-09 14:46:19 +01001428 * depending on the initial msg->msg_state. The caller is responsible for
1429 * ensuring that the message does not wrap. The function can be preempted
1430 * everywhere when data are missing and recalled at the exact same location
1431 * with no information loss. The message may even be realigned between two
1432 * calls. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001433 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau26927362012-05-18 23:22:52 +02001434 * fields. Note that msg->sol will be initialized after completing the first
1435 * state, so that none of the msg pointers has to be initialized prior to the
1436 * first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001437 */
Willy Tarreaua560c212012-03-09 13:50:57 +01001438void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001439{
Willy Tarreau3770f232013-12-07 00:01:53 +01001440 enum ht_state state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001441 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001442 struct buffer *buf;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001443
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001444 state = msg->msg_state;
Willy Tarreau9b28e032012-10-12 23:49:43 +02001445 buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001446 ptr = buf->p + msg->next;
1447 end = buf->p + buf->i;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001448
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001449 if (unlikely(ptr >= end))
1450 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001451
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001452 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001453 /*
1454 * First, states that are specific to the response only.
1455 * We check them first so that request and headers are
1456 * closer to each other (accessed more often).
1457 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001458 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001459 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001460 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001461 /* we have a start of message, but we have to check
1462 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001463 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001464 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001465 if (unlikely(ptr != buf->p)) {
1466 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001467 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001468 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001469 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8973c702007-01-21 23:58:29 +01001470 }
Willy Tarreau26927362012-05-18 23:22:52 +02001471 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001472 msg->sl.st.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001473 hdr_idx_init(idx);
1474 state = HTTP_MSG_RPVER;
1475 goto http_msg_rpver;
1476 }
1477
1478 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1479 goto http_msg_invalid;
1480
1481 if (unlikely(*ptr == '\n'))
1482 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1483 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1484 /* stop here */
1485
Willy Tarreau8973c702007-01-21 23:58:29 +01001486 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001487 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001488 EXPECT_LF_HERE(ptr, http_msg_invalid);
1489 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1490 /* stop here */
1491
Willy Tarreau8973c702007-01-21 23:58:29 +01001492 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001493 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001494 case HTTP_MSG_RPVER_SP:
1495 case HTTP_MSG_RPCODE:
1496 case HTTP_MSG_RPCODE_SP:
1497 case HTTP_MSG_RPREASON:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001498 ptr = (char *)http_parse_stsline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001499 state, ptr, end,
1500 &msg->next, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001501 if (unlikely(!ptr))
1502 return;
1503
1504 /* we have a full response and we know that we have either a CR
1505 * or an LF at <ptr>.
1506 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001507 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1508
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001509 msg->sol = ptr - buf->p;
Willy Tarreau8973c702007-01-21 23:58:29 +01001510 if (likely(*ptr == '\r'))
1511 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1512 goto http_msg_rpline_end;
1513
Willy Tarreau8973c702007-01-21 23:58:29 +01001514 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001515 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001516 /* msg->sol must point to the first of CR or LF. */
1517 EXPECT_LF_HERE(ptr, http_msg_invalid);
1518 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1519 /* stop here */
1520
1521 /*
1522 * Second, states that are specific to the request only
1523 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001524 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001525 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001526 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001527 /* we have a start of message, but we have to check
1528 * first if we need to remove some CRLF. We can only
Willy Tarreau2e046c62012-03-01 16:08:30 +01001529 * do this when o=0.
Willy Tarreau15de77e2010-01-02 21:59:16 +01001530 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001531 if (likely(ptr != buf->p)) {
1532 if (buf->o)
Willy Tarreau15de77e2010-01-02 21:59:16 +01001533 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001534 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001535 bi_fast_delete(buf, ptr - buf->p);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001536 }
Willy Tarreau26927362012-05-18 23:22:52 +02001537 msg->sol = 0;
Willy Tarreaue92693a2012-09-24 21:13:39 +02001538 msg->sl.rq.l = 0; /* used in debug mode */
Willy Tarreau8973c702007-01-21 23:58:29 +01001539 state = HTTP_MSG_RQMETH;
1540 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001541 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001542
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001543 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1544 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001545
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001546 if (unlikely(*ptr == '\n'))
1547 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1548 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001549 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001550
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001551 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001552 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001553 EXPECT_LF_HERE(ptr, http_msg_invalid);
1554 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001555 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001556
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001557 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001558 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001559 case HTTP_MSG_RQMETH_SP:
1560 case HTTP_MSG_RQURI:
1561 case HTTP_MSG_RQURI_SP:
1562 case HTTP_MSG_RQVER:
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001563 ptr = (char *)http_parse_reqline(msg,
Willy Tarreaua458b672012-03-05 11:17:50 +01001564 state, ptr, end,
1565 &msg->next, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001566 if (unlikely(!ptr))
1567 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001568
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001569 /* we have a full request and we know that we have either a CR
1570 * or an LF at <ptr>.
1571 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001572 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001573
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001574 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001575 if (likely(*ptr == '\r'))
1576 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001577 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001578
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001579 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001580 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001581 /* check for HTTP/0.9 request : no version information available.
1582 * msg->sol must point to the first of CR or LF.
1583 */
1584 if (unlikely(msg->sl.rq.v_l == 0))
1585 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001586
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001587 EXPECT_LF_HERE(ptr, http_msg_invalid);
1588 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001589 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001590
Willy Tarreau8973c702007-01-21 23:58:29 +01001591 /*
1592 * Common states below
1593 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001594 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001595 http_msg_hdr_first:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001596 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001597 if (likely(!HTTP_IS_CRLF(*ptr))) {
1598 goto http_msg_hdr_name;
1599 }
1600
1601 if (likely(*ptr == '\r'))
1602 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1603 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001604
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001605 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001606 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001607 /* assumes msg->sol points to the first char */
1608 if (likely(HTTP_IS_TOKEN(*ptr)))
1609 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001610
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001611 if (likely(*ptr == ':'))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001612 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001613
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001614 if (likely(msg->err_pos < -1) || *ptr == '\n')
1615 goto http_msg_invalid;
1616
1617 if (msg->err_pos == -1) /* capture error pointer */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001618 msg->err_pos = ptr - buf->p; /* >= 0 now */
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001619
1620 /* and we still accept this non-token character */
1621 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001622
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001623 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001624 http_msg_hdr_l1_sp:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001625 /* assumes msg->sol points to the first char */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001626 if (likely(HTTP_IS_SPHT(*ptr)))
1627 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001628
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001629 /* header value can be basically anything except CR/LF */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001630 msg->sov = ptr - buf->p;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001631
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001632 if (likely(!HTTP_IS_CRLF(*ptr))) {
1633 goto http_msg_hdr_val;
1634 }
1635
1636 if (likely(*ptr == '\r'))
1637 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1638 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001639
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001640 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001641 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001642 EXPECT_LF_HERE(ptr, http_msg_invalid);
1643 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001644
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001645 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001646 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001647 if (likely(HTTP_IS_SPHT(*ptr))) {
1648 /* replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001649 for (; buf->p + msg->sov < ptr; msg->sov++)
1650 buf->p[msg->sov] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001651 goto http_msg_hdr_l1_sp;
1652 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001653 /* we had a header consisting only in spaces ! */
Willy Tarreau12e48b32012-03-05 16:57:34 +01001654 msg->eol = msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001655 goto http_msg_complete_header;
1656
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001657 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001658 http_msg_hdr_val:
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001659 /* assumes msg->sol points to the first char, and msg->sov
1660 * points to the first character of the value.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001661 */
1662 if (likely(!HTTP_IS_CRLF(*ptr)))
1663 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001664
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001665 msg->eol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001666 /* Note: we could also copy eol into ->eoh so that we have the
1667 * real header end in case it ends with lots of LWS, but is this
1668 * really needed ?
1669 */
1670 if (likely(*ptr == '\r'))
1671 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1672 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001673
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001674 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001675 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001676 EXPECT_LF_HERE(ptr, http_msg_invalid);
1677 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001678
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001679 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001680 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001681 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1682 /* LWS: replace HT,CR,LF with spaces */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001683 for (; buf->p + msg->eol < ptr; msg->eol++)
1684 buf->p[msg->eol] = ' ';
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001685 goto http_msg_hdr_val;
1686 }
1687 http_msg_complete_header:
1688 /*
1689 * It was a new header, so the last one is finished.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01001690 * Assumes msg->sol points to the first char, msg->sov points
1691 * to the first character of the value and msg->eol to the
1692 * first CR or LF so we know how the line ends. We insert last
1693 * header into the index.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001694 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001695 if (unlikely(hdr_idx_add(msg->eol - msg->sol, buf->p[msg->eol] == '\r',
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001696 idx, idx->tail) < 0))
1697 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001698
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001699 msg->sol = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001700 if (likely(!HTTP_IS_CRLF(*ptr))) {
1701 goto http_msg_hdr_name;
1702 }
1703
1704 if (likely(*ptr == '\r'))
1705 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1706 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001707
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001708 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001709 http_msg_last_lf:
Willy Tarreau0558a022014-03-13 15:48:45 +01001710 /* Assumes msg->sol points to the first of either CR or LF.
1711 * Sets ->sov and ->next to the total header length, ->eoh to
1712 * the last CRLF, and ->eol to the last CRLF length (1 or 2).
1713 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001714 EXPECT_LF_HERE(ptr, http_msg_invalid);
1715 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001716 msg->sov = msg->next = ptr - buf->p;
Willy Tarreau3a215be2012-03-09 21:39:51 +01001717 msg->eoh = msg->sol;
1718 msg->sol = 0;
Willy Tarreau0558a022014-03-13 15:48:45 +01001719 msg->eol = msg->sov - msg->eoh;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001720 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001721 return;
Willy Tarreaub56928a2012-04-16 14:51:55 +02001722
1723 case HTTP_MSG_ERROR:
1724 /* this may only happen if we call http_msg_analyser() twice with an error */
1725 break;
1726
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001727 default:
Willy Tarreau3770f232013-12-07 00:01:53 +01001728#ifdef DEBUG_FULL
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001729 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1730 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001731#endif
Willy Tarreau3770f232013-12-07 00:01:53 +01001732 ;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001733 }
1734 http_msg_ood:
1735 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001736 msg->msg_state = state;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001737 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001738 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001739
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001740 http_msg_invalid:
1741 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001742 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001743 msg->next = ptr - buf->p;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001744 return;
1745}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001746
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001747/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1748 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1749 * nothing is done and 1 is returned.
1750 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001751static int http_upgrade_v09_to_v10(struct http_txn *txn)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001752{
1753 int delta;
1754 char *cur_end;
Willy Tarreau418bfcc2012-03-09 13:56:20 +01001755 struct http_msg *msg = &txn->req;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001756
1757 if (msg->sl.rq.v_l != 0)
1758 return 1;
1759
Apollon Oikonomopoulos25a15222014-04-06 02:46:00 +03001760 /* RFC 1945 allows only GET for HTTP/0.9 requests */
1761 if (txn->meth != HTTP_METH_GET)
1762 return 0;
1763
Willy Tarreau9b28e032012-10-12 23:49:43 +02001764 cur_end = msg->chn->buf->p + msg->sl.rq.l;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001765 delta = 0;
1766
1767 if (msg->sl.rq.u_l == 0) {
Apollon Oikonomopoulos25a15222014-04-06 02:46:00 +03001768 /* HTTP/0.9 requests *must* have a request URI, per RFC 1945 */
1769 return 0;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001770 }
1771 /* add HTTP version */
Willy Tarreau9b28e032012-10-12 23:49:43 +02001772 delta = buffer_replace2(msg->chn->buf, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001773 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001774 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02001775 cur_end = (char *)http_parse_reqline(msg,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001776 HTTP_MSG_RQMETH,
Willy Tarreau9b28e032012-10-12 23:49:43 +02001777 msg->chn->buf->p, cur_end + 1,
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001778 NULL, NULL);
1779 if (unlikely(!cur_end))
1780 return 0;
1781
1782 /* we have a full HTTP/1.0 request now and we know that
1783 * we have either a CR or an LF at <ptr>.
1784 */
1785 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1786 return 1;
1787}
1788
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001789/* Parse the Connection: header of an HTTP request, looking for both "close"
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001790 * and "keep-alive" values. If we already know that some headers may safely
1791 * be removed, we remove them now. The <to_del> flags are used for that :
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001792 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1793 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
Willy Tarreau50fc7772012-11-11 22:19:57 +01001794 * Presence of the "Upgrade" token is also checked and reported.
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001795 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1796 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1797 * harmless combinations may be removed. Do not call that after changes have
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001798 * been processed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001799 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001800void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001801{
Willy Tarreau5b154472009-12-21 20:11:07 +01001802 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001803 const char *hdr_val = "Connection";
1804 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001805
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001806 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001807 return;
1808
Willy Tarreau88d349d2010-01-25 12:15:43 +01001809 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1810 hdr_val = "Proxy-Connection";
1811 hdr_len = 16;
1812 }
1813
Willy Tarreau5b154472009-12-21 20:11:07 +01001814 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001815 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001816 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001817 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1818 txn->flags |= TX_HDR_CONN_KAL;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001819 if (to_del & 2)
1820 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001821 else
1822 txn->flags |= TX_CON_KAL_SET;
1823 }
1824 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1825 txn->flags |= TX_HDR_CONN_CLO;
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001826 if (to_del & 1)
1827 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001828 else
1829 txn->flags |= TX_CON_CLO_SET;
1830 }
Willy Tarreau50fc7772012-11-11 22:19:57 +01001831 else if (ctx.vlen >= 7 && word_match(ctx.line + ctx.val, ctx.vlen, "upgrade", 7)) {
1832 txn->flags |= TX_HDR_CONN_UPG;
1833 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001834 }
1835
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001836 txn->flags |= TX_HDR_CONN_PRS;
1837 return;
1838}
Willy Tarreau5b154472009-12-21 20:11:07 +01001839
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001840/* Apply desired changes on the Connection: header. Values may be removed and/or
1841 * added depending on the <wanted> flags, which are exclusively composed of
1842 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
1843 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
1844 */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001845void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, int wanted)
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001846{
1847 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001848 const char *hdr_val = "Connection";
1849 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001850
1851 ctx.idx = 0;
1852
Willy Tarreau88d349d2010-01-25 12:15:43 +01001853
1854 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1855 hdr_val = "Proxy-Connection";
1856 hdr_len = 16;
1857 }
1858
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001859 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau9b28e032012-10-12 23:49:43 +02001860 while (http_find_header2(hdr_val, hdr_len, msg->chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001861 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
1862 if (wanted & TX_CON_KAL_SET)
1863 txn->flags |= TX_CON_KAL_SET;
1864 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001865 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01001866 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001867 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
1868 if (wanted & TX_CON_CLO_SET)
1869 txn->flags |= TX_CON_CLO_SET;
1870 else
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001871 http_remove_header2(msg, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01001872 }
Willy Tarreau5b154472009-12-21 20:11:07 +01001873 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001874
1875 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
1876 return;
1877
1878 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
1879 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001880 hdr_val = "Connection: close";
1881 hdr_len = 17;
1882 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1883 hdr_val = "Proxy-Connection: close";
1884 hdr_len = 23;
1885 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001886 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001887 }
1888
1889 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
1890 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001891 hdr_val = "Connection: keep-alive";
1892 hdr_len = 22;
1893 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1894 hdr_val = "Proxy-Connection: keep-alive";
1895 hdr_len = 28;
1896 }
Willy Tarreau6acf7c92012-03-09 13:30:45 +01001897 http_header_add_tail2(msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001898 }
1899 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01001900}
1901
Willy Tarreauc24715e2014-04-17 15:21:20 +02001902/* Parse the chunk size at msg->next. Once done, it adjusts ->next to point to
1903 * the first byte of data after the chunk size, so that we know we can forward
1904 * exactly msg->next bytes. msg->sol contains the exact number of bytes forming
1905 * the chunk size. That way it is always possible to differentiate between the
1906 * start of the body and the start of the data.
Willy Tarreau115acb92009-12-26 13:56:06 +01001907 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01001908 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01001909 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02001910static inline int http_parse_chunk_size(struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01001911{
Willy Tarreau9b28e032012-10-12 23:49:43 +02001912 const struct buffer *buf = msg->chn->buf;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001913 const char *ptr = b_ptr(buf, msg->next);
Willy Tarreau4baf44b2012-03-09 14:10:20 +01001914 const char *ptr_old = ptr;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001915 const char *end = buf->data + buf->size;
1916 const char *stop = bi_end(buf);
Willy Tarreau115acb92009-12-26 13:56:06 +01001917 unsigned int chunk = 0;
1918
1919 /* The chunk size is in the following form, though we are only
1920 * interested in the size and CRLF :
1921 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
1922 */
1923 while (1) {
1924 int c;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001925 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001926 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001927 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01001928 if (c < 0) /* not a hex digit anymore */
1929 break;
Willy Tarreau0161d622013-04-02 01:26:55 +02001930 if (unlikely(++ptr >= end))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001931 ptr = buf->data;
Willy Tarreau431946e2012-02-24 19:20:12 +01001932 if (chunk & 0xF8000000) /* integer overflow will occur if result >= 2GB */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001933 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001934 chunk = (chunk << 4) + c;
1935 }
1936
Willy Tarreaud98cf932009-12-27 22:54:55 +01001937 /* empty size not allowed */
Willy Tarreau0161d622013-04-02 01:26:55 +02001938 if (unlikely(ptr == ptr_old))
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001939 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001940
1941 while (http_is_spht[(unsigned char)*ptr]) {
1942 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001943 ptr = buf->data;
Willy Tarreau0161d622013-04-02 01:26:55 +02001944 if (unlikely(ptr == stop))
Willy Tarreau115acb92009-12-26 13:56:06 +01001945 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01001946 }
1947
Willy Tarreaud98cf932009-12-27 22:54:55 +01001948 /* Up to there, we know that at least one byte is present at *ptr. Check
1949 * for the end of chunk size.
1950 */
1951 while (1) {
1952 if (likely(HTTP_IS_CRLF(*ptr))) {
1953 /* we now have a CR or an LF at ptr */
1954 if (likely(*ptr == '\r')) {
1955 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001956 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001957 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001958 return 0;
1959 }
Willy Tarreau115acb92009-12-26 13:56:06 +01001960
Willy Tarreaud98cf932009-12-27 22:54:55 +01001961 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001962 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001963 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001964 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001965 /* done */
1966 break;
1967 }
1968 else if (*ptr == ';') {
1969 /* chunk extension, ends at next CRLF */
1970 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001971 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001972 if (ptr == stop)
Willy Tarreau115acb92009-12-26 13:56:06 +01001973 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001974
1975 while (!HTTP_IS_CRLF(*ptr)) {
1976 if (++ptr >= end)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001977 ptr = buf->data;
Willy Tarreau363a5bb2012-03-02 20:14:45 +01001978 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01001979 return 0;
1980 }
1981 /* we have a CRLF now, loop above */
1982 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01001983 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01001984 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01001985 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01001986 }
1987
Willy Tarreaud98cf932009-12-27 22:54:55 +01001988 /* OK we found our CRLF and now <ptr> points to the next byte,
Willy Tarreauc24715e2014-04-17 15:21:20 +02001989 * which may or may not be present. We save that into ->next,
1990 * and the number of bytes parsed into msg->sol.
Willy Tarreau115acb92009-12-26 13:56:06 +01001991 */
Willy Tarreauc24715e2014-04-17 15:21:20 +02001992 msg->sol = ptr - ptr_old;
Willy Tarreau0161d622013-04-02 01:26:55 +02001993 if (unlikely(ptr < ptr_old))
Willy Tarreauc24715e2014-04-17 15:21:20 +02001994 msg->sol += buf->size;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02001995 msg->next = buffer_count(buf, buf->p, ptr);
Willy Tarreau124d9912011-03-01 20:30:48 +01001996 msg->chunk_len = chunk;
1997 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01001998 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01001999 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002000 error:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002001 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002002 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01002003}
2004
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002005/* This function skips trailers in the buffer associated with HTTP
Willy Tarreaua458b672012-03-05 11:17:50 +01002006 * message <msg>. The first visited position is msg->next. If the end of
Willy Tarreaud98cf932009-12-27 22:54:55 +01002007 * the trailers is found, it is automatically scheduled to be forwarded,
2008 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
2009 * If not enough data are available, the function does not change anything
Willy Tarreauc24715e2014-04-17 15:21:20 +02002010 * except maybe msg->next if it could parse some lines, and returns zero.
2011 * If a parse error is encountered, the function returns < 0 and does not
2012 * change anything except maybe msg->next. Note that the message must
2013 * already be in HTTP_MSG_TRAILERS state before calling this function,
Willy Tarreau638cd022010-01-03 07:42:04 +01002014 * which implies that all non-trailers data have already been scheduled for
Willy Tarreauc24715e2014-04-17 15:21:20 +02002015 * forwarding, and that msg->next exactly matches the length of trailers
2016 * already parsed and not forwarded. It is also important to note that this
2017 * function is designed to be able to parse wrapped headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002018 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002019static int http_forward_trailers(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002020{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002021 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002022
Willy Tarreaua458b672012-03-05 11:17:50 +01002023 /* we have msg->next which points to next line. Look for CRLF. */
Willy Tarreaud98cf932009-12-27 22:54:55 +01002024 while (1) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002025 const char *p1 = NULL, *p2 = NULL;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002026 const char *ptr = b_ptr(buf, msg->next);
2027 const char *stop = bi_end(buf);
Willy Tarreau638cd022010-01-03 07:42:04 +01002028 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002029
2030 /* scan current line and stop at LF or CRLF */
2031 while (1) {
Willy Tarreau363a5bb2012-03-02 20:14:45 +01002032 if (ptr == stop)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002033 return 0;
2034
2035 if (*ptr == '\n') {
2036 if (!p1)
2037 p1 = ptr;
2038 p2 = ptr;
2039 break;
2040 }
2041
2042 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002043 if (p1) {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002044 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002045 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002046 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002047 p1 = ptr;
2048 }
2049
2050 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002051 if (ptr >= buf->data + buf->size)
2052 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002053 }
2054
2055 /* after LF; point to beginning of next line */
2056 p2++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002057 if (p2 >= buf->data + buf->size)
2058 p2 = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002059
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002060 bytes = p2 - b_ptr(buf, msg->next);
Willy Tarreau638cd022010-01-03 07:42:04 +01002061 if (bytes < 0)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002062 bytes += buf->size;
Willy Tarreau638cd022010-01-03 07:42:04 +01002063
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002064 if (p1 == b_ptr(buf, msg->next)) {
Willy Tarreau638cd022010-01-03 07:42:04 +01002065 /* LF/CRLF at beginning of line => end of trailers at p2.
2066 * Everything was scheduled for forwarding, there's nothing
2067 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01002068 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002069 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002070 msg->msg_state = HTTP_MSG_DONE;
2071 return 1;
2072 }
2073 /* OK, next line then */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002074 msg->next = buffer_count(buf, buf->p, p2);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002075 }
2076}
2077
Willy Tarreauc24715e2014-04-17 15:21:20 +02002078/* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF
2079 * or a possible LF alone at the end of a chunk. It automatically adjusts
2080 * msg->next in order to include this part into the next forwarding phase.
Willy Tarreaua458b672012-03-05 11:17:50 +01002081 * Note that the caller must ensure that ->p points to the first byte to parse.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002082 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
2083 * not enough data are available, the function does not change anything and
2084 * returns zero. If a parse error is encountered, the function returns < 0 and
2085 * does not change anything. Note: this function is designed to parse wrapped
2086 * CRLF at the end of the buffer.
2087 */
Willy Tarreau24e6d972012-10-26 00:49:52 +02002088static inline int http_skip_chunk_crlf(struct http_msg *msg)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002089{
Willy Tarreau9b28e032012-10-12 23:49:43 +02002090 const struct buffer *buf = msg->chn->buf;
Willy Tarreau4baf44b2012-03-09 14:10:20 +01002091 const char *ptr;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002092 int bytes;
2093
2094 /* NB: we'll check data availabilty at the end. It's not a
2095 * problem because whatever we match first will be checked
2096 * against the correct length.
2097 */
2098 bytes = 1;
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002099 ptr = b_ptr(buf, msg->next);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002100 if (*ptr == '\r') {
2101 bytes++;
2102 ptr++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002103 if (ptr >= buf->data + buf->size)
2104 ptr = buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002105 }
2106
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002107 if (msg->next + bytes > buf->i)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002108 return 0;
2109
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002110 if (*ptr != '\n') {
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002111 msg->err_pos = buffer_count(buf, buf->p, ptr);
Willy Tarreaud98cf932009-12-27 22:54:55 +01002112 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002113 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002114
2115 ptr++;
Willy Tarreau0161d622013-04-02 01:26:55 +02002116 if (unlikely(ptr >= buf->data + buf->size))
Willy Tarreaucdbdd522012-10-12 22:51:15 +02002117 ptr = buf->data;
Willy Tarreauc24715e2014-04-17 15:21:20 +02002118 /* Advance ->next to allow the CRLF to be forwarded */
Willy Tarreau0669d7d2014-04-17 11:40:10 +02002119 msg->next += bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002120 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2121 return 1;
2122}
Willy Tarreau5b154472009-12-21 20:11:07 +01002123
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002124/* Parses a qvalue and returns it multipled by 1000, from 0 to 1000. If the
2125 * value is larger than 1000, it is bound to 1000. The parser consumes up to
2126 * 1 digit, one dot and 3 digits and stops on the first invalid character.
2127 * Unparsable qvalues return 1000 as "q=1.000".
2128 */
Thierry FOURNIERad903512014-04-11 17:51:01 +02002129int parse_qvalue(const char *qvalue, const char **end)
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002130{
2131 int q = 1000;
2132
2133 if (!isdigit(*qvalue))
2134 goto out;
2135 q = (*qvalue++ - '0') * 1000;
2136
2137 if (*qvalue++ != '.')
2138 goto out;
2139
2140 if (!isdigit(*qvalue))
2141 goto out;
2142 q += (*qvalue++ - '0') * 100;
2143
2144 if (!isdigit(*qvalue))
2145 goto out;
2146 q += (*qvalue++ - '0') * 10;
2147
2148 if (!isdigit(*qvalue))
2149 goto out;
2150 q += (*qvalue++ - '0') * 1;
2151 out:
2152 if (q > 1000)
2153 q = 1000;
Willy Tarreau38b3aa52014-04-22 23:32:05 +02002154 if (end)
Thierry FOURNIERad903512014-04-11 17:51:01 +02002155 *end = qvalue;
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002156 return q;
2157}
William Lallemand82fe75c2012-10-23 10:25:10 +02002158
2159/*
2160 * Selects a compression algorithm depending on the client request.
Willy Tarreau05d84602012-10-26 02:11:25 +02002161 */
William Lallemand82fe75c2012-10-23 10:25:10 +02002162int select_compression_request_header(struct session *s, struct buffer *req)
2163{
2164 struct http_txn *txn = &s->txn;
Willy Tarreau70737d12012-10-27 00:34:28 +02002165 struct http_msg *msg = &txn->req;
William Lallemand82fe75c2012-10-23 10:25:10 +02002166 struct hdr_ctx ctx;
2167 struct comp_algo *comp_algo = NULL;
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002168 struct comp_algo *comp_algo_back = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002169
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002170 /* Disable compression for older user agents announcing themselves as "Mozilla/4"
2171 * unless they are known good (MSIE 6 with XP SP2, or MSIE 7 and later).
Willy Tarreau05d84602012-10-26 02:11:25 +02002172 * See http://zoompf.com/2012/02/lose-the-wait-http-compression for more details.
2173 */
2174 ctx.idx = 0;
2175 if (http_find_header2("User-Agent", 10, req->p, &txn->hdr_idx, &ctx) &&
2176 ctx.vlen >= 9 &&
Finn Arne Gangstadcbb9a4b2012-10-29 21:43:01 +01002177 memcmp(ctx.line + ctx.val, "Mozilla/4", 9) == 0 &&
2178 (ctx.vlen < 31 ||
2179 memcmp(ctx.line + ctx.val + 25, "MSIE ", 5) != 0 ||
2180 ctx.line[ctx.val + 30] < '6' ||
2181 (ctx.line[ctx.val + 30] == '6' &&
2182 (ctx.vlen < 54 || memcmp(ctx.line + 51, "SV1", 3) != 0)))) {
2183 s->comp_algo = NULL;
2184 return 0;
Willy Tarreau05d84602012-10-26 02:11:25 +02002185 }
2186
William Lallemand82fe75c2012-10-23 10:25:10 +02002187 /* search for the algo in the backend in priority or the frontend */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002188 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002189 int best_q = 0;
2190
William Lallemand82fe75c2012-10-23 10:25:10 +02002191 ctx.idx = 0;
2192 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002193 const char *qval;
2194 int q;
2195 int toklen;
2196
2197 /* try to isolate the token from the optional q-value */
2198 toklen = 0;
2199 while (toklen < ctx.vlen && http_is_token[(unsigned char)*(ctx.line + ctx.val + toklen)])
2200 toklen++;
2201
2202 qval = ctx.line + ctx.val + toklen;
2203 while (1) {
2204 while (qval < ctx.line + ctx.val + ctx.vlen && http_is_lws[(unsigned char)*qval])
2205 qval++;
2206
2207 if (qval >= ctx.line + ctx.val + ctx.vlen || *qval != ';') {
2208 qval = NULL;
2209 break;
2210 }
2211 qval++;
Willy Tarreau70737d12012-10-27 00:34:28 +02002212
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002213 while (qval < ctx.line + ctx.val + ctx.vlen && http_is_lws[(unsigned char)*qval])
2214 qval++;
Willy Tarreau70737d12012-10-27 00:34:28 +02002215
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002216 if (qval >= ctx.line + ctx.val + ctx.vlen) {
2217 qval = NULL;
2218 break;
William Lallemand82fe75c2012-10-23 10:25:10 +02002219 }
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002220 if (strncmp(qval, "q=", MIN(ctx.line + ctx.val + ctx.vlen - qval, 2)) == 0)
2221 break;
2222
2223 while (qval < ctx.line + ctx.val + ctx.vlen && *qval != ';')
2224 qval++;
2225 }
2226
2227 /* here we have qval pointing to the first "q=" attribute or NULL if not found */
Thierry FOURNIERad903512014-04-11 17:51:01 +02002228 q = qval ? parse_qvalue(qval + 2, NULL) : 1000;
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002229
2230 if (q <= best_q)
2231 continue;
2232
2233 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
2234 if (*(ctx.line + ctx.val) == '*' ||
2235 word_match(ctx.line + ctx.val, toklen, comp_algo->name, comp_algo->name_len)) {
2236 s->comp_algo = comp_algo;
2237 best_q = q;
2238 break;
2239 }
2240 }
2241 }
2242 }
2243
2244 /* remove all occurrences of the header when "compression offload" is set */
2245 if (s->comp_algo) {
2246 if ((s->be->comp && s->be->comp->offload) || (s->fe->comp && s->fe->comp->offload)) {
2247 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2248 ctx.idx = 0;
2249 while (http_find_header2("Accept-Encoding", 15, req->p, &txn->hdr_idx, &ctx)) {
2250 http_remove_header2(msg, &txn->hdr_idx, &ctx);
William Lallemand82fe75c2012-10-23 10:25:10 +02002251 }
2252 }
Willy Tarreau0e9b1b42014-03-19 12:07:52 +01002253 return 1;
William Lallemand82fe75c2012-10-23 10:25:10 +02002254 }
2255
2256 /* identity is implicit does not require headers */
Willy Tarreau3c7b97b2012-10-26 14:50:26 +02002257 if ((s->be->comp && (comp_algo_back = s->be->comp->algos)) || (s->fe->comp && (comp_algo_back = s->fe->comp->algos))) {
2258 for (comp_algo = comp_algo_back; comp_algo; comp_algo = comp_algo->next) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002259 if (comp_algo->add_data == identity_add_data) {
2260 s->comp_algo = comp_algo;
2261 return 1;
2262 }
2263 }
2264 }
2265
2266 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002267 return 0;
2268}
2269
2270/*
2271 * Selects a comression algorithm depending of the server response.
2272 */
2273int select_compression_response_header(struct session *s, struct buffer *res)
2274{
2275 struct http_txn *txn = &s->txn;
2276 struct http_msg *msg = &txn->rsp;
2277 struct hdr_ctx ctx;
2278 struct comp_type *comp_type;
William Lallemand82fe75c2012-10-23 10:25:10 +02002279
2280 /* no common compression algorithm was found in request header */
2281 if (s->comp_algo == NULL)
2282 goto fail;
2283
2284 /* HTTP < 1.1 should not be compressed */
Willy Tarreau72575502013-12-24 14:41:35 +01002285 if (!(msg->flags & HTTP_MSGF_VER_11) || !(txn->req.flags & HTTP_MSGF_VER_11))
William Lallemand82fe75c2012-10-23 10:25:10 +02002286 goto fail;
2287
William Lallemandd3002612012-11-26 14:34:47 +01002288 /* 200 only */
2289 if (txn->status != 200)
2290 goto fail;
2291
William Lallemand82fe75c2012-10-23 10:25:10 +02002292 /* Content-Length is null */
2293 if (!(msg->flags & HTTP_MSGF_TE_CHNK) && msg->body_len == 0)
2294 goto fail;
2295
2296 /* content is already compressed */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002297 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002298 if (http_find_header2("Content-Encoding", 16, res->p, &txn->hdr_idx, &ctx))
2299 goto fail;
2300
Willy Tarreau56e9ffa2013-01-05 16:20:35 +01002301 /* no compression when Cache-Control: no-transform is present in the message */
2302 ctx.idx = 0;
2303 while (http_find_header2("Cache-Control", 13, res->p, &txn->hdr_idx, &ctx)) {
2304 if (word_match(ctx.line + ctx.val, ctx.vlen, "no-transform", 12))
2305 goto fail;
2306 }
2307
William Lallemand82fe75c2012-10-23 10:25:10 +02002308 comp_type = NULL;
2309
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002310 /* we don't want to compress multipart content-types, nor content-types that are
2311 * not listed in the "compression type" directive if any. If no content-type was
2312 * found but configuration requires one, we don't compress either. Backend has
2313 * the priority.
William Lallemand82fe75c2012-10-23 10:25:10 +02002314 */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002315 ctx.idx = 0;
2316 if (http_find_header2("Content-Type", 12, res->p, &txn->hdr_idx, &ctx)) {
2317 if (ctx.vlen >= 9 && strncasecmp("multipart", ctx.line+ctx.val, 9) == 0)
2318 goto fail;
2319
2320 if ((s->be->comp && (comp_type = s->be->comp->types)) ||
2321 (s->fe->comp && (comp_type = s->fe->comp->types))) {
William Lallemand82fe75c2012-10-23 10:25:10 +02002322 for (; comp_type; comp_type = comp_type->next) {
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002323 if (ctx.vlen >= comp_type->name_len &&
2324 strncasecmp(ctx.line+ctx.val, comp_type->name, comp_type->name_len) == 0)
William Lallemand82fe75c2012-10-23 10:25:10 +02002325 /* this Content-Type should be compressed */
2326 break;
2327 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002328 /* this Content-Type should not be compressed */
2329 if (comp_type == NULL)
2330 goto fail;
William Lallemand82fe75c2012-10-23 10:25:10 +02002331 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002332 }
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002333 else { /* no content-type header */
2334 if ((s->be->comp && s->be->comp->types) || (s->fe->comp && s->fe->comp->types))
2335 goto fail; /* a content-type was required */
William Lallemandd3002612012-11-26 14:34:47 +01002336 }
2337
William Lallemandd85f9172012-11-09 17:05:39 +01002338 /* limit compression rate */
2339 if (global.comp_rate_lim > 0)
2340 if (read_freq_ctr(&global.comp_bps_in) > global.comp_rate_lim)
2341 goto fail;
2342
William Lallemand072a2bf2012-11-20 17:01:01 +01002343 /* limit cpu usage */
2344 if (idle_pct < compress_min_idle)
2345 goto fail;
2346
William Lallemand4c49fae2012-11-07 15:00:23 +01002347 /* initialize compression */
William Lallemandf3747832012-11-09 12:33:10 +01002348 if (s->comp_algo->init(&s->comp_ctx, global.tune.comp_maxlevel) < 0)
William Lallemand4c49fae2012-11-07 15:00:23 +01002349 goto fail;
2350
William Lallemandec3e3892012-11-12 17:02:18 +01002351 s->flags |= SN_COMP_READY;
2352
William Lallemand82fe75c2012-10-23 10:25:10 +02002353 /* remove Content-Length header */
Willy Tarreau0a80a8d2012-11-26 16:33:37 +01002354 ctx.idx = 0;
William Lallemand82fe75c2012-10-23 10:25:10 +02002355 if ((msg->flags & HTTP_MSGF_CNT_LEN) && http_find_header2("Content-Length", 14, res->p, &txn->hdr_idx, &ctx))
2356 http_remove_header2(msg, &txn->hdr_idx, &ctx);
2357
2358 /* add Transfer-Encoding header */
2359 if (!(msg->flags & HTTP_MSGF_TE_CHNK))
2360 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, "Transfer-Encoding: chunked", 26);
2361
2362 /*
2363 * Add Content-Encoding header when it's not identity encoding.
2364 * RFC 2616 : Identity encoding: This content-coding is used only in the
2365 * Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding
2366 * header.
2367 */
2368 if (s->comp_algo->add_data != identity_add_data) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002369 trash.len = 18;
2370 memcpy(trash.str, "Content-Encoding: ", trash.len);
2371 memcpy(trash.str + trash.len, s->comp_algo->name, s->comp_algo->name_len);
2372 trash.len += s->comp_algo->name_len;
2373 trash.str[trash.len] = '\0';
2374 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
William Lallemand82fe75c2012-10-23 10:25:10 +02002375 }
William Lallemand82fe75c2012-10-23 10:25:10 +02002376 return 1;
2377
2378fail:
Willy Tarreaub97b6192012-11-19 14:55:02 +01002379 s->comp_algo = NULL;
William Lallemand82fe75c2012-10-23 10:25:10 +02002380 return 0;
2381}
2382
2383
Willy Tarreaud787e662009-07-07 10:14:51 +02002384/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2385 * processing can continue on next analysers, or zero if it either needs more
2386 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2387 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2388 * when it has nothing left to do, and may remove any analyser when it wants to
2389 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002390 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02002391int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002392{
Willy Tarreau59234e92008-11-30 23:51:27 +01002393 /*
2394 * We will parse the partial (or complete) lines.
2395 * We will check the request syntax, and also join multi-line
2396 * headers. An index of all the lines will be elaborated while
2397 * parsing.
2398 *
2399 * For the parsing, we use a 28 states FSM.
2400 *
2401 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02002402 * req->buf->p = beginning of request
2403 * req->buf->p + msg->eoh = end of processed headers / start of current one
2404 * req->buf->p + req->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02002405 * msg->eol = end of current header or line (LF or CRLF)
2406 * msg->next = first non-visited byte
Willy Tarreaud787e662009-07-07 10:14:51 +02002407 *
2408 * At end of parsing, we may perform a capture of the error (if any), and
Willy Tarreau877e78d2013-04-07 18:48:08 +02002409 * we will set a few fields (txn->meth, sn->flags/SN_REDIRECTABLE).
Willy Tarreaud787e662009-07-07 10:14:51 +02002410 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2411 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002412 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002413
Willy Tarreau59234e92008-11-30 23:51:27 +01002414 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002415 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002416 struct http_txn *txn = &s->txn;
2417 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002418 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002419
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01002420 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau6bf17362009-02-24 10:48:35 +01002421 now_ms, __FUNCTION__,
2422 s,
2423 req,
2424 req->rex, req->wex,
2425 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02002426 req->buf->i,
Willy Tarreau6bf17362009-02-24 10:48:35 +01002427 req->analysers);
2428
Willy Tarreau52a0c602009-08-16 22:45:38 +02002429 /* we're speaking HTTP here, so let's speak HTTP to the client */
2430 s->srv_error = http_return_srv_error;
2431
Willy Tarreau83e3af02009-12-28 17:39:57 +01002432 /* There's a protected area at the end of the buffer for rewriting
2433 * purposes. We don't want to start to parse the request if the
2434 * protected area is affected, because we may have to move processed
2435 * data later, which is much more complicated.
2436 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002437 if (buffer_not_empty(req->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02002438 if (txn->flags & TX_NOT_FIRST) {
2439 if (unlikely(!channel_reserved(req))) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002440 if (req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002441 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002442 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002443 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002444 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01002445 req->flags |= CF_WAKE_WRITE;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002446 return 0;
2447 }
Willy Tarreau379357a2013-06-08 12:55:46 +02002448 if (unlikely(bi_end(req->buf) < b_ptr(req->buf, msg->next) ||
2449 bi_end(req->buf) > req->buf->data + req->buf->size - global.tune.maxrewrite))
2450 buffer_slow_realign(req->buf);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002451 }
2452
Willy Tarreau065e8332010-01-08 00:30:20 +01002453 /* Note that we have the same problem with the response ; we
2454 * may want to send a redirect, error or anything which requires
2455 * some spare space. So we'll ensure that we have at least
2456 * maxrewrite bytes available in the response buffer before
2457 * processing that one. This will only affect pipelined
2458 * keep-alive requests.
2459 */
2460 if ((txn->flags & TX_NOT_FIRST) &&
Willy Tarreau379357a2013-06-08 12:55:46 +02002461 unlikely(!channel_reserved(s->rep) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02002462 bi_end(s->rep->buf) < b_ptr(s->rep->buf, txn->rsp.next) ||
2463 bi_end(s->rep->buf) > s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)) {
2464 if (s->rep->buf->o) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002465 if (s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
Willy Tarreau64648412010-03-05 10:41:54 +01002466 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002467 /* don't let a connection request be initiated */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002468 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002469 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01002470 s->rep->flags |= CF_WAKE_WRITE;
Willy Tarreau0499e352010-12-17 07:13:42 +01002471 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002472 return 0;
2473 }
2474 }
2475
Willy Tarreau9b28e032012-10-12 23:49:43 +02002476 if (likely(msg->next < req->buf->i)) /* some unparsed data are available */
Willy Tarreaua560c212012-03-09 13:50:57 +01002477 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002478 }
2479
Willy Tarreau59234e92008-11-30 23:51:27 +01002480 /* 1: we might have to print this header in debug mode */
2481 if (unlikely((global.mode & MODE_DEBUG) &&
2482 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002483 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002484 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002485
Willy Tarreau9b28e032012-10-12 23:49:43 +02002486 sol = req->buf->p;
Willy Tarreaue92693a2012-09-24 21:13:39 +02002487 /* this is a bit complex : in case of error on the request line,
2488 * we know that rq.l is still zero, so we display only the part
2489 * up to the end of the line (truncated by debug_hdr).
2490 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002491 eol = sol + (msg->sl.rq.l ? msg->sl.rq.l : req->buf->i);
Willy Tarreau59234e92008-11-30 23:51:27 +01002492 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002493
Willy Tarreau59234e92008-11-30 23:51:27 +01002494 sol += hdr_idx_first_pos(&txn->hdr_idx);
2495 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002496
Willy Tarreau59234e92008-11-30 23:51:27 +01002497 while (cur_idx) {
2498 eol = sol + txn->hdr_idx.v[cur_idx].len;
2499 debug_hdr("clihdr", s, sol, eol);
2500 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2501 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002502 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002503 }
2504
Willy Tarreau58f10d72006-12-04 02:26:12 +01002505
Willy Tarreau59234e92008-11-30 23:51:27 +01002506 /*
2507 * Now we quickly check if we have found a full valid request.
2508 * If not so, we check the FD and buffer states before leaving.
2509 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002510 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002511 * requests are checked first. When waiting for a second request
2512 * on a keep-alive session, if we encounter and error, close, t/o,
2513 * we note the error in the session flags but don't set any state.
2514 * Since the error will be noted there, it will not be counted by
2515 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002516 * Last, we may increase some tracked counters' http request errors on
2517 * the cases that are deliberately the client's fault. For instance,
2518 * a timeout or connection reset is not counted as an error. However
2519 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002520 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002521
Willy Tarreau655dce92009-11-08 13:10:58 +01002522 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002523 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002524 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002525 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002526 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002527 session_inc_http_req_ctr(s);
2528 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002529 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002530 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002531 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002532
Willy Tarreau59234e92008-11-30 23:51:27 +01002533 /* 1: Since we are in header mode, if there's no space
2534 * left for headers, we won't be able to free more
2535 * later, so the session will never terminate. We
2536 * must terminate it now.
2537 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002538 if (unlikely(buffer_full(req->buf, global.tune.maxrewrite))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002539 /* FIXME: check if URI is set and return Status
2540 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002541 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002542 session_inc_http_req_ctr(s);
2543 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002544 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreaufec4d892011-09-02 20:04:57 +02002545 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02002546 msg->err_pos = req->buf->i;
Willy Tarreau59234e92008-11-30 23:51:27 +01002547 goto return_bad_req;
2548 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002549
Willy Tarreau59234e92008-11-30 23:51:27 +01002550 /* 2: have we encountered a read error ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002551 else if (req->flags & CF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002552 if (!(s->flags & SN_ERR_MASK))
2553 s->flags |= SN_ERR_CLICL;
2554
Willy Tarreaufcffa692010-01-10 14:21:19 +01002555 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002556 goto failed_keep_alive;
2557
Willy Tarreau59234e92008-11-30 23:51:27 +01002558 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002559 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002560 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002561 session_inc_http_err_ctr(s);
2562 }
2563
Willy Tarreaudc979f22012-12-04 10:39:01 +01002564 txn->status = 400;
2565 stream_int_retnclose(req->prod, NULL);
Willy Tarreau59234e92008-11-30 23:51:27 +01002566 msg->msg_state = HTTP_MSG_ERROR;
2567 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002568
Willy Tarreauda7ff642010-06-23 11:44:09 +02002569 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002570 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002571 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002572 if (s->listener->counters)
2573 s->listener->counters->failed_req++;
2574
Willy Tarreau59234e92008-11-30 23:51:27 +01002575 if (!(s->flags & SN_FINST_MASK))
2576 s->flags |= SN_FINST_R;
2577 return 0;
2578 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002579
Willy Tarreau59234e92008-11-30 23:51:27 +01002580 /* 3: has the read timeout expired ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002581 else if (req->flags & CF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002582 if (!(s->flags & SN_ERR_MASK))
2583 s->flags |= SN_ERR_CLITO;
2584
Willy Tarreaufcffa692010-01-10 14:21:19 +01002585 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002586 goto failed_keep_alive;
2587
Willy Tarreau59234e92008-11-30 23:51:27 +01002588 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002589 if (msg->err_pos >= 0) {
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002590 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002591 session_inc_http_err_ctr(s);
2592 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002593 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02002594 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau59234e92008-11-30 23:51:27 +01002595 msg->msg_state = HTTP_MSG_ERROR;
2596 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002597
Willy Tarreauda7ff642010-06-23 11:44:09 +02002598 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002599 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002600 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002601 if (s->listener->counters)
2602 s->listener->counters->failed_req++;
2603
Willy Tarreau59234e92008-11-30 23:51:27 +01002604 if (!(s->flags & SN_FINST_MASK))
2605 s->flags |= SN_FINST_R;
2606 return 0;
2607 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002608
Willy Tarreau59234e92008-11-30 23:51:27 +01002609 /* 4: have we encountered a close ? */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002610 else if (req->flags & CF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002611 if (!(s->flags & SN_ERR_MASK))
2612 s->flags |= SN_ERR_CLICL;
2613
Willy Tarreaufcffa692010-01-10 14:21:19 +01002614 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002615 goto failed_keep_alive;
2616
Willy Tarreau4076a152009-04-02 15:18:36 +02002617 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002618 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002619 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002620 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau59234e92008-11-30 23:51:27 +01002621 msg->msg_state = HTTP_MSG_ERROR;
2622 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002623
Willy Tarreauda7ff642010-06-23 11:44:09 +02002624 session_inc_http_err_ctr(s);
2625 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002626 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002627 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002628 if (s->listener->counters)
2629 s->listener->counters->failed_req++;
2630
Willy Tarreau59234e92008-11-30 23:51:27 +01002631 if (!(s->flags & SN_FINST_MASK))
2632 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002633 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002634 }
2635
Willy Tarreau8263d2b2012-08-28 00:06:31 +02002636 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002637 req->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
2638 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau5e205522011-12-17 16:34:27 +01002639#ifdef TCP_QUICKACK
Willy Tarreau3c728722014-01-23 13:50:42 +01002640 if (s->listener->options & LI_O_NOQUICKACK && req->buf->i && objt_conn(s->req->prod->end) && conn_ctrl_ready(__objt_conn(s->req->prod->end))) {
Willy Tarreau5e205522011-12-17 16:34:27 +01002641 /* We need more data, we have to re-enable quick-ack in case we
2642 * previously disabled it, otherwise we might cause the client
2643 * to delay next data.
2644 */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002645 setsockopt(__objt_conn(s->req->prod->end)->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01002646 }
2647#endif
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002648
Willy Tarreaufcffa692010-01-10 14:21:19 +01002649 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2650 /* If the client starts to talk, let's fall back to
2651 * request timeout processing.
2652 */
2653 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002654 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002655 }
2656
Willy Tarreau59234e92008-11-30 23:51:27 +01002657 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002658 if (!tick_isset(req->analyse_exp)) {
2659 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2660 (txn->flags & TX_WAIT_NEXT_RQ) &&
2661 tick_isset(s->be->timeout.httpka))
2662 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2663 else
2664 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2665 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002666
Willy Tarreau59234e92008-11-30 23:51:27 +01002667 /* we're not ready yet */
2668 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002669
2670 failed_keep_alive:
2671 /* Here we process low-level errors for keep-alive requests. In
2672 * short, if the request is not the first one and it experiences
2673 * a timeout, read error or shutdown, we just silently close so
2674 * that the client can try again.
2675 */
2676 txn->status = 0;
2677 msg->msg_state = HTTP_MSG_RQBEFORE;
2678 req->analysers = 0;
2679 s->logs.logwait = 0;
Willy Tarreauabcd5142013-06-11 17:18:02 +02002680 s->logs.level = 0;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02002681 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002682 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002683 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002684 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002685
Willy Tarreaud787e662009-07-07 10:14:51 +02002686 /* OK now we have a complete HTTP request with indexed headers. Let's
2687 * complete the request parsing by setting a few fields we will need
Willy Tarreau9b28e032012-10-12 23:49:43 +02002688 * later. At this point, we have the last CRLF at req->buf->data + msg->eoh.
Willy Tarreaufa355d42009-11-29 18:12:29 +01002689 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
Willy Tarreaua458b672012-03-05 11:17:50 +01002690 * points to the CRLF of the request line. msg->next points to the first
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01002691 * byte after the last LF. msg->sov points to the first byte of data.
2692 * msg->eol cannot be trusted because it may have been left uninitialized
2693 * (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002694 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002695
Willy Tarreauda7ff642010-06-23 11:44:09 +02002696 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002697 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2698
Willy Tarreaub16a5742010-01-10 14:46:16 +01002699 if (txn->flags & TX_WAIT_NEXT_RQ) {
2700 /* kill the pending keep-alive timeout */
2701 txn->flags &= ~TX_WAIT_NEXT_RQ;
2702 req->analyse_exp = TICK_ETERNITY;
2703 }
2704
2705
Willy Tarreaud787e662009-07-07 10:14:51 +02002706 /* Maybe we found in invalid header name while we were configured not
2707 * to block on that, so we have to capture it now.
2708 */
2709 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002710 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002711
Willy Tarreau59234e92008-11-30 23:51:27 +01002712 /*
2713 * 1: identify the method
2714 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02002715 txn->meth = find_http_meth(req->buf->p, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002716
2717 /* we can make use of server redirect on GET and HEAD */
2718 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2719 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002720
Willy Tarreau59234e92008-11-30 23:51:27 +01002721 /*
2722 * 2: check if the URI matches the monitor_uri.
2723 * We have to do this for every request which gets in, because
2724 * the monitor-uri is defined by the frontend.
2725 */
2726 if (unlikely((s->fe->monitor_uri_len != 0) &&
2727 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002728 !memcmp(req->buf->p + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002729 s->fe->monitor_uri,
2730 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002731 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002732 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002733 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002734 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002735
Willy Tarreau59234e92008-11-30 23:51:27 +01002736 s->flags |= SN_MONITOR;
Willy Tarreaueabea072011-09-10 23:29:44 +02002737 s->fe->fe_counters.intercepted_req++;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002738
Willy Tarreau59234e92008-11-30 23:51:27 +01002739 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002740 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02002741 int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau11382812008-07-09 16:18:21 +02002742
Willy Tarreau59234e92008-11-30 23:51:27 +01002743 ret = acl_pass(ret);
2744 if (cond->pol == ACL_COND_UNLESS)
2745 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002746
Willy Tarreau59234e92008-11-30 23:51:27 +01002747 if (ret) {
2748 /* we fail this request, let's return 503 service unavail */
2749 txn->status = 503;
Willy Tarreau783f2582012-09-04 12:19:04 +02002750 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
Willy Tarreau570f2212013-06-10 16:42:09 +02002751 if (!(s->flags & SN_ERR_MASK))
2752 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002753 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002754 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002755 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002756
Willy Tarreau59234e92008-11-30 23:51:27 +01002757 /* nothing to fail, let's reply normaly */
2758 txn->status = 200;
Willy Tarreau783f2582012-09-04 12:19:04 +02002759 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
Willy Tarreau570f2212013-06-10 16:42:09 +02002760 if (!(s->flags & SN_ERR_MASK))
2761 s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
Willy Tarreau59234e92008-11-30 23:51:27 +01002762 goto return_prx_cond;
2763 }
2764
2765 /*
2766 * 3: Maybe we have to copy the original REQURI for the logs ?
2767 * Note: we cannot log anymore if the request has been
2768 * classified as invalid.
2769 */
2770 if (unlikely(s->logs.logwait & LW_REQ)) {
2771 /* we have a complete HTTP request that we must log */
2772 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2773 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002774
Willy Tarreau59234e92008-11-30 23:51:27 +01002775 if (urilen >= REQURI_LEN)
2776 urilen = REQURI_LEN - 1;
Willy Tarreau9b28e032012-10-12 23:49:43 +02002777 memcpy(txn->uri, req->buf->p, urilen);
Willy Tarreau59234e92008-11-30 23:51:27 +01002778 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002779
Willy Tarreaud79a3b22012-12-28 09:40:16 +01002780 if (!(s->logs.logwait &= ~(LW_REQ|LW_INIT)))
Willy Tarreau59234e92008-11-30 23:51:27 +01002781 s->do_log(s);
2782 } else {
2783 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002784 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002785 }
Willy Tarreau06619262006-12-17 08:37:22 +01002786
Willy Tarreau59234e92008-11-30 23:51:27 +01002787 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau418bfcc2012-03-09 13:56:20 +01002788 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002789 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002790
Willy Tarreau5b154472009-12-21 20:11:07 +01002791 /* ... and check if the request is HTTP/1.1 or above */
2792 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002793 ((req->buf->p[msg->sl.rq.v + 5] > '1') ||
2794 ((req->buf->p[msg->sl.rq.v + 5] == '1') &&
2795 (req->buf->p[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002796 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01002797
2798 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01002799 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL | TX_HDR_CONN_UPG);
Willy Tarreau5b154472009-12-21 20:11:07 +01002800
Willy Tarreau88d349d2010-01-25 12:15:43 +01002801 /* if the frontend has "option http-use-proxy-header", we'll check if
2802 * we have what looks like a proxied connection instead of a connection,
2803 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2804 * Note that this is *not* RFC-compliant, however browsers and proxies
2805 * happen to do that despite being non-standard :-(
2806 * We consider that a request not beginning with either '/' or '*' is
2807 * a proxied connection, which covers both "scheme://location" and
2808 * CONNECT ip:port.
2809 */
2810 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002811 req->buf->p[msg->sl.rq.u] != '/' && req->buf->p[msg->sl.rq.u] != '*')
Willy Tarreau88d349d2010-01-25 12:15:43 +01002812 txn->flags |= TX_USE_PX_CONN;
2813
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002814 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002815 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002816
Willy Tarreau59234e92008-11-30 23:51:27 +01002817 /* 5: we may need to capture headers */
Willy Tarreau42f7d892012-03-24 08:28:09 +01002818 if (unlikely((s->logs.logwait & LW_REQHDR) && txn->req.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02002819 capture_headers(req->buf->p, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002820 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002821
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002822 /* 6: determine the transfer-length.
2823 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2824 * the presence of a message-body in a REQUEST and its transfer length
2825 * must be determined that way (in order of precedence) :
2826 * 1. The presence of a message-body in a request is signaled by the
2827 * inclusion of a Content-Length or Transfer-Encoding header field
2828 * in the request's header fields. When a request message contains
2829 * both a message-body of non-zero length and a method that does
2830 * not define any semantics for that request message-body, then an
2831 * origin server SHOULD either ignore the message-body or respond
2832 * with an appropriate error message (e.g., 413). A proxy or
2833 * gateway, when presented the same request, SHOULD either forward
2834 * the request inbound with the message- body or ignore the
2835 * message-body when determining a response.
2836 *
2837 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2838 * and the "chunked" transfer-coding (Section 6.2) is used, the
2839 * transfer-length is defined by the use of this transfer-coding.
2840 * If a Transfer-Encoding header field is present and the "chunked"
2841 * transfer-coding is not present, the transfer-length is defined
2842 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002843 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002844 * 3. If a Content-Length header field is present, its decimal value in
2845 * OCTETs represents both the entity-length and the transfer-length.
2846 * If a message is received with both a Transfer-Encoding header
2847 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002848 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002849 * 4. By the server closing the connection. (Closing the connection
2850 * cannot be used to indicate the end of a request body, since that
2851 * would leave no possibility for the server to send back a response.)
2852 *
2853 * Whenever a transfer-coding is applied to a message-body, the set of
2854 * transfer-codings MUST include "chunked", unless the message indicates
2855 * it is terminated by closing the connection. When the "chunked"
2856 * transfer-coding is used, it MUST be the last transfer-coding applied
2857 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002858 */
2859
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002860 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002861 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002862 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002863 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002864 http_find_header2("Transfer-Encoding", 17, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002865 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002866 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
2867 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002868 /* bad transfer-encoding (chunked followed by something else) */
2869 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002870 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002871 break;
2872 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002873 }
2874
Willy Tarreau32b47f42009-10-18 20:55:02 +02002875 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002876 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02002877 http_find_header2("Content-Length", 14, req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau32b47f42009-10-18 20:55:02 +02002878 signed long long cl;
2879
Willy Tarreauad14f752011-09-02 20:33:27 +02002880 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002881 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002882 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002883 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002884
Willy Tarreauad14f752011-09-02 20:33:27 +02002885 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002886 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002887 goto return_bad_req; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02002888 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002889
Willy Tarreauad14f752011-09-02 20:33:27 +02002890 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002891 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002892 goto return_bad_req;
Willy Tarreauad14f752011-09-02 20:33:27 +02002893 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002894
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002895 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02002896 msg->err_pos = ctx.line + ctx.val - req->buf->p;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002897 goto return_bad_req; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02002898 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002899
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002900 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002901 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002902 }
2903
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002904 /* bodyless requests have a known length */
2905 if (!use_close_only)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01002906 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002907
Willy Tarreaud787e662009-07-07 10:14:51 +02002908 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002909 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002910 req->analyse_exp = TICK_ETERNITY;
2911 return 1;
2912
2913 return_bad_req:
2914 /* We centralize bad requests processing here */
2915 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2916 /* we detected a parsing error. We want to archive this request
2917 * in the dedicated proxy area for later troubleshooting.
2918 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01002919 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002920 }
2921
2922 txn->req.msg_state = HTTP_MSG_ERROR;
2923 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02002924 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002925
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01002926 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002927 if (s->listener->counters)
2928 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002929
2930 return_prx_cond:
2931 if (!(s->flags & SN_ERR_MASK))
2932 s->flags |= SN_ERR_PRXCOND;
2933 if (!(s->flags & SN_FINST_MASK))
2934 s->flags |= SN_FINST_R;
2935
2936 req->analysers = 0;
2937 req->analyse_exp = TICK_ETERNITY;
2938 return 0;
2939}
2940
Willy Tarreau4f8a83c2012-06-04 00:26:23 +02002941
Willy Tarreau347a35d2013-11-22 17:51:09 +01002942/* This function prepares an applet to handle the stats. It can deal with the
2943 * "100-continue" expectation, check that admin rules are met for POST requests,
2944 * and program a response message if something was unexpected. It cannot fail
2945 * and always relies on the stats applet to complete the job. It does not touch
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002946 * analysers nor counters, which are left to the caller. It does not touch
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002947 * s->target which is supposed to already point to the stats applet. The caller
2948 * is expected to have already assigned an appctx to the session.
Willy Tarreau1facd6d2012-12-22 22:03:39 +01002949 */
2950int http_handle_stats(struct session *s, struct channel *req)
2951{
2952 struct stats_admin_rule *stats_admin_rule;
2953 struct stream_interface *si = s->rep->prod;
2954 struct http_txn *txn = &s->txn;
2955 struct http_msg *msg = &txn->req;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002956 struct uri_auth *uri_auth = s->be->uri_auth;
2957 const char *uri, *h, *lookup;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002958 struct appctx *appctx;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002959
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002960 appctx = si_appctx(si);
2961 memset(&appctx->ctx.stats, 0, sizeof(appctx->ctx.stats));
2962 appctx->st1 = appctx->st2 = 0;
2963 appctx->ctx.stats.st_code = STAT_STATUS_INIT;
2964 appctx->ctx.stats.flags |= STAT_FMT_HTML; /* assume HTML mode by default */
Willy Tarreauaf3cf702014-04-22 22:19:53 +02002965 if ((msg->flags & HTTP_MSGF_VER_11) && (s->txn.meth != HTTP_METH_HEAD))
2966 appctx->ctx.stats.flags |= STAT_CHUNKED;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002967
2968 uri = msg->chn->buf->p + msg->sl.rq.u;
2969 lookup = uri + uri_auth->uri_len;
2970
2971 for (h = lookup; h <= uri + msg->sl.rq.u_l - 3; h++) {
2972 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002973 appctx->ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002974 break;
2975 }
2976 }
2977
2978 if (uri_auth->refresh) {
2979 for (h = lookup; h <= uri + msg->sl.rq.u_l - 10; h++) {
2980 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002981 appctx->ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002982 break;
2983 }
2984 }
2985 }
2986
2987 for (h = lookup; h <= uri + msg->sl.rq.u_l - 4; h++) {
2988 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002989 appctx->ctx.stats.flags &= ~STAT_FMT_HTML;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002990 break;
2991 }
2992 }
2993
2994 for (h = lookup; h <= uri + msg->sl.rq.u_l - 8; h++) {
2995 if (memcmp(h, ";st=", 4) == 0) {
2996 int i;
2997 h += 4;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01002998 appctx->ctx.stats.st_code = STAT_STATUS_UNKN;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01002999 for (i = STAT_STATUS_INIT + 1; i < STAT_STATUS_SIZE; i++) {
3000 if (strncmp(stat_status_codes[i], h, 4) == 0) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003001 appctx->ctx.stats.st_code = i;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003002 break;
3003 }
3004 }
3005 break;
3006 }
3007 }
3008
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003009 appctx->ctx.stats.scope_str = 0;
3010 appctx->ctx.stats.scope_len = 0;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003011 for (h = lookup; h <= uri + msg->sl.rq.u_l - 8; h++) {
3012 if (memcmp(h, STAT_SCOPE_INPUT_NAME "=", strlen(STAT_SCOPE_INPUT_NAME) + 1) == 0) {
3013 int itx = 0;
3014 const char *h2;
3015 char scope_txt[STAT_SCOPE_TXT_MAXLEN + 1];
3016 const char *err;
3017
3018 h += strlen(STAT_SCOPE_INPUT_NAME) + 1;
3019 h2 = h;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003020 appctx->ctx.stats.scope_str = h2 - msg->chn->buf->p;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003021 while (*h != ';' && *h != '\0' && *h != '&' && *h != ' ' && *h != '\n') {
3022 itx++;
3023 h++;
3024 }
3025
3026 if (itx > STAT_SCOPE_TXT_MAXLEN)
3027 itx = STAT_SCOPE_TXT_MAXLEN;
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003028 appctx->ctx.stats.scope_len = itx;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003029
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003030 /* scope_txt = search query, appctx->ctx.stats.scope_len is always <= STAT_SCOPE_TXT_MAXLEN */
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003031 memcpy(scope_txt, h2, itx);
3032 scope_txt[itx] = '\0';
3033 err = invalid_char(scope_txt);
3034 if (err) {
3035 /* bad char in search text => clear scope */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003036 appctx->ctx.stats.scope_str = 0;
3037 appctx->ctx.stats.scope_len = 0;
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003038 }
3039 break;
3040 }
3041 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003042
3043 /* now check whether we have some admin rules for this request */
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003044 list_for_each_entry(stats_admin_rule, &uri_auth->admin_rules, list) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003045 int ret = 1;
3046
3047 if (stats_admin_rule->cond) {
3048 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
3049 ret = acl_pass(ret);
3050 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3051 ret = !ret;
3052 }
3053
3054 if (ret) {
3055 /* no rule, or the rule matches */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003056 appctx->ctx.stats.flags |= STAT_ADMIN;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003057 break;
3058 }
3059 }
3060
3061 /* Was the status page requested with a POST ? */
Willy Tarreau347a35d2013-11-22 17:51:09 +01003062 if (unlikely(txn->meth == HTTP_METH_POST && txn->req.body_len > 0)) {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003063 if (appctx->ctx.stats.flags & STAT_ADMIN) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003064 if (msg->msg_state < HTTP_MSG_100_SENT) {
3065 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3066 * send an HTTP/1.1 100 Continue intermediate response.
3067 */
3068 if (msg->flags & HTTP_MSGF_VER_11) {
3069 struct hdr_ctx ctx;
3070 ctx.idx = 0;
3071 /* Expect is allowed in 1.1, look for it */
3072 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
3073 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3074 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
3075 }
3076 }
3077 msg->msg_state = HTTP_MSG_100_SENT;
3078 s->logs.tv_request = now; /* update the request timer to reflect full request */
3079 }
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003080 appctx->st0 = STAT_HTTP_POST;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003081 }
Willy Tarreau347a35d2013-11-22 17:51:09 +01003082 else {
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003083 appctx->ctx.stats.st_code = STAT_STATUS_DENY;
3084 appctx->st0 = STAT_HTTP_LAST;
de Lafond Guillaume88c278f2013-04-15 19:27:10 +02003085 }
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003086 }
Willy Tarreau347a35d2013-11-22 17:51:09 +01003087 else {
3088 /* So it was another method (GET/HEAD) */
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003089 appctx->st0 = STAT_HTTP_HEAD;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003090 }
3091
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003092 s->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003093 return 1;
3094}
3095
Lukas Tribus67db8df2013-06-23 17:37:13 +02003096/* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
3097 * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
3098 */
3099static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
3100{
3101#ifdef IP_TOS
3102 if (from.ss_family == AF_INET)
3103 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3104#endif
3105#ifdef IPV6_TCLASS
3106 if (from.ss_family == AF_INET6) {
3107 if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
3108 /* v4-mapped addresses need IP_TOS */
3109 setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
3110 else
3111 setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos));
3112 }
3113#endif
3114}
3115
Willy Tarreau20b0de52012-12-24 15:45:22 +01003116/* Executes the http-request rules <rules> for session <s>, proxy <px> and
Willy Tarreau96257ec2012-12-27 10:46:37 +01003117 * transaction <txn>. Returns the first rule that prevents further processing
3118 * of the request (auth, deny, ...) or NULL if it executed all rules or stopped
3119 * on an allow. It may set the TX_CLDENY on txn->flags if it encounters a deny
3120 * rule.
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003121 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003122static struct http_req_rule *
Willy Tarreau96257ec2012-12-27 10:46:37 +01003123http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003124{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003125 struct connection *cli_conn;
Willy Tarreauff011f22011-01-06 17:51:27 +01003126 struct http_req_rule *rule;
Willy Tarreau20b0de52012-12-24 15:45:22 +01003127 struct hdr_ctx ctx;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003128
Willy Tarreauff011f22011-01-06 17:51:27 +01003129 list_for_each_entry(rule, rules, list) {
Willy Tarreauff011f22011-01-06 17:51:27 +01003130 if (rule->action >= HTTP_REQ_ACT_MAX)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003131 continue;
3132
Willy Tarreau96257ec2012-12-27 10:46:37 +01003133 /* check optional condition */
Willy Tarreauff011f22011-01-06 17:51:27 +01003134 if (rule->cond) {
Willy Tarreau96257ec2012-12-27 10:46:37 +01003135 int ret;
3136
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003137 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003138 ret = acl_pass(ret);
3139
Willy Tarreauff011f22011-01-06 17:51:27 +01003140 if (rule->cond->pol == ACL_COND_UNLESS)
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003141 ret = !ret;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003142
3143 if (!ret) /* condition not matched */
3144 continue;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003145 }
3146
Willy Tarreau20b0de52012-12-24 15:45:22 +01003147
Willy Tarreau96257ec2012-12-27 10:46:37 +01003148 switch (rule->action) {
3149 case HTTP_REQ_ACT_ALLOW:
3150 return NULL; /* "allow" rules are OK */
3151
3152 case HTTP_REQ_ACT_DENY:
3153 txn->flags |= TX_CLDENY;
3154 return rule;
3155
Willy Tarreauccbcc372012-12-27 12:37:57 +01003156 case HTTP_REQ_ACT_TARPIT:
3157 txn->flags |= TX_CLTARPIT;
3158 return rule;
3159
Willy Tarreau96257ec2012-12-27 10:46:37 +01003160 case HTTP_REQ_ACT_AUTH:
3161 return rule;
3162
Willy Tarreau81499eb2012-12-27 12:19:02 +01003163 case HTTP_REQ_ACT_REDIR:
3164 return rule;
3165
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003166 case HTTP_REQ_ACT_SET_NICE:
3167 s->task->nice = rule->arg.nice;
3168 break;
3169
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003170 case HTTP_REQ_ACT_SET_TOS:
Willy Tarreau3c728722014-01-23 13:50:42 +01003171 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003172 inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003173 break;
3174
Willy Tarreau51347ed2013-06-11 19:34:13 +02003175 case HTTP_REQ_ACT_SET_MARK:
3176#ifdef SO_MARK
Willy Tarreau3c728722014-01-23 13:50:42 +01003177 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003178 setsockopt(cli_conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
Willy Tarreau51347ed2013-06-11 19:34:13 +02003179#endif
3180 break;
3181
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003182 case HTTP_REQ_ACT_SET_LOGL:
3183 s->logs.level = rule->arg.loglevel;
3184 break;
3185
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003186 case HTTP_REQ_ACT_DEL_HDR:
Willy Tarreau96257ec2012-12-27 10:46:37 +01003187 case HTTP_REQ_ACT_SET_HDR:
3188 ctx.idx = 0;
3189 /* remove all occurrences of the header */
3190 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3191 txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
3192 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Willy Tarreau20b0de52012-12-24 15:45:22 +01003193 }
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003194 if (rule->action == HTTP_REQ_ACT_DEL_HDR)
3195 break;
Willy Tarreau96257ec2012-12-27 10:46:37 +01003196 /* now fall through to header addition */
3197
3198 case HTTP_REQ_ACT_ADD_HDR:
3199 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3200 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3201 trash.len = rule->arg.hdr_add.name_len;
3202 trash.str[trash.len++] = ':';
3203 trash.str[trash.len++] = ' ';
3204 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3205 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len);
3206 break;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003207 }
3208 }
Willy Tarreau96257ec2012-12-27 10:46:37 +01003209
3210 /* we reached the end of the rules, nothing to report */
Willy Tarreau418c1a02012-12-25 20:52:58 +01003211 return NULL;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003212}
3213
Willy Tarreau71241ab2012-12-27 11:30:54 +01003214
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003215/* Executes the http-response rules <rules> for session <s>, proxy <px> and
3216 * transaction <txn>. Returns the first rule that prevents further processing
3217 * of the response (deny, ...) or NULL if it executed all rules or stopped
3218 * on an allow. It may set the TX_SVDENY on txn->flags if it encounters a deny
3219 * rule.
3220 */
3221static struct http_res_rule *
3222http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session *s, struct http_txn *txn)
3223{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003224 struct connection *cli_conn;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003225 struct http_res_rule *rule;
3226 struct hdr_ctx ctx;
3227
3228 list_for_each_entry(rule, rules, list) {
3229 if (rule->action >= HTTP_RES_ACT_MAX)
3230 continue;
3231
3232 /* check optional condition */
3233 if (rule->cond) {
3234 int ret;
3235
3236 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
3237 ret = acl_pass(ret);
3238
3239 if (rule->cond->pol == ACL_COND_UNLESS)
3240 ret = !ret;
3241
3242 if (!ret) /* condition not matched */
3243 continue;
3244 }
3245
3246
3247 switch (rule->action) {
3248 case HTTP_RES_ACT_ALLOW:
3249 return NULL; /* "allow" rules are OK */
3250
3251 case HTTP_RES_ACT_DENY:
3252 txn->flags |= TX_SVDENY;
3253 return rule;
3254
Willy Tarreauf4c43c12013-06-11 17:01:13 +02003255 case HTTP_RES_ACT_SET_NICE:
3256 s->task->nice = rule->arg.nice;
3257 break;
3258
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003259 case HTTP_RES_ACT_SET_TOS:
Willy Tarreau3c728722014-01-23 13:50:42 +01003260 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003261 inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
Willy Tarreau42cf39e2013-06-11 18:51:32 +02003262 break;
3263
Willy Tarreau51347ed2013-06-11 19:34:13 +02003264 case HTTP_RES_ACT_SET_MARK:
3265#ifdef SO_MARK
Willy Tarreau3c728722014-01-23 13:50:42 +01003266 if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003267 setsockopt(cli_conn->t.sock.fd, SOL_SOCKET, SO_MARK, &rule->arg.mark, sizeof(rule->arg.mark));
Willy Tarreau51347ed2013-06-11 19:34:13 +02003268#endif
3269 break;
3270
Willy Tarreau9a355ec2013-06-11 17:45:46 +02003271 case HTTP_RES_ACT_SET_LOGL:
3272 s->logs.level = rule->arg.loglevel;
3273 break;
3274
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003275 case HTTP_RES_ACT_DEL_HDR:
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003276 case HTTP_RES_ACT_SET_HDR:
3277 ctx.idx = 0;
3278 /* remove all occurrences of the header */
3279 while (http_find_header2(rule->arg.hdr_add.name, rule->arg.hdr_add.name_len,
3280 txn->rsp.chn->buf->p, &txn->hdr_idx, &ctx)) {
3281 http_remove_header2(&txn->rsp, &txn->hdr_idx, &ctx);
3282 }
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02003283 if (rule->action == HTTP_RES_ACT_DEL_HDR)
3284 break;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02003285 /* now fall through to header addition */
3286
3287 case HTTP_RES_ACT_ADD_HDR:
3288 chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
3289 memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
3290 trash.len = rule->arg.hdr_add.name_len;
3291 trash.str[trash.len++] = ':';
3292 trash.str[trash.len++] = ' ';
3293 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->arg.hdr_add.fmt);
3294 http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len);
3295 break;
3296 }
3297 }
3298
3299 /* we reached the end of the rules, nothing to report */
3300 return NULL;
3301}
3302
3303
Willy Tarreau71241ab2012-12-27 11:30:54 +01003304/* Perform an HTTP redirect based on the information in <rule>. The function
3305 * returns non-zero on success, or zero in case of a, irrecoverable error such
3306 * as too large a request to build a valid response.
3307 */
3308static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *s, struct http_txn *txn)
3309{
3310 struct http_msg *msg = &txn->req;
3311 const char *msg_fmt;
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003312 const char *location;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003313
3314 /* build redirect message */
3315 switch(rule->code) {
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04003316 case 308:
3317 msg_fmt = HTTP_308;
3318 break;
3319 case 307:
3320 msg_fmt = HTTP_307;
3321 break;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003322 case 303:
3323 msg_fmt = HTTP_303;
3324 break;
3325 case 301:
3326 msg_fmt = HTTP_301;
3327 break;
3328 case 302:
3329 default:
3330 msg_fmt = HTTP_302;
3331 break;
3332 }
3333
3334 if (unlikely(!chunk_strcpy(&trash, msg_fmt)))
3335 return 0;
3336
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003337 location = trash.str + trash.len;
3338
Willy Tarreau71241ab2012-12-27 11:30:54 +01003339 switch(rule->type) {
3340 case REDIRECT_TYPE_SCHEME: {
3341 const char *path;
3342 const char *host;
3343 struct hdr_ctx ctx;
3344 int pathlen;
3345 int hostlen;
3346
3347 host = "";
3348 hostlen = 0;
3349 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +02003350 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01003351 host = ctx.line + ctx.val;
3352 hostlen = ctx.vlen;
3353 }
3354
3355 path = http_get_path(txn);
3356 /* build message using path */
3357 if (path) {
3358 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3359 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3360 int qs = 0;
3361 while (qs < pathlen) {
3362 if (path[qs] == '?') {
3363 pathlen = qs;
3364 break;
3365 }
3366 qs++;
3367 }
3368 }
3369 } else {
3370 path = "/";
3371 pathlen = 1;
3372 }
3373
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003374 if (rule->rdr_str) { /* this is an old "redirect" rule */
3375 /* check if we can add scheme + "://" + host + path */
3376 if (trash.len + rule->rdr_len + 3 + hostlen + pathlen > trash.size - 4)
3377 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003378
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003379 /* add scheme */
3380 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3381 trash.len += rule->rdr_len;
3382 }
3383 else {
3384 /* add scheme with executing log format */
3385 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
Willy Tarreau71241ab2012-12-27 11:30:54 +01003386
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003387 /* check if we can add scheme + "://" + host + path */
3388 if (trash.len + 3 + hostlen + pathlen > trash.size - 4)
3389 return 0;
3390 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003391 /* add "://" */
3392 memcpy(trash.str + trash.len, "://", 3);
3393 trash.len += 3;
3394
3395 /* add host */
3396 memcpy(trash.str + trash.len, host, hostlen);
3397 trash.len += hostlen;
3398
3399 /* add path */
3400 memcpy(trash.str + trash.len, path, pathlen);
3401 trash.len += pathlen;
3402
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003403 /* append a slash at the end of the location if needed and missing */
Willy Tarreau71241ab2012-12-27 11:30:54 +01003404 if (trash.len && trash.str[trash.len - 1] != '/' &&
3405 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3406 if (trash.len > trash.size - 5)
3407 return 0;
3408 trash.str[trash.len] = '/';
3409 trash.len++;
3410 }
3411
3412 break;
3413 }
3414 case REDIRECT_TYPE_PREFIX: {
3415 const char *path;
3416 int pathlen;
3417
3418 path = http_get_path(txn);
3419 /* build message using path */
3420 if (path) {
3421 pathlen = txn->req.sl.rq.u_l + (txn->req.chn->buf->p + txn->req.sl.rq.u) - path;
3422 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3423 int qs = 0;
3424 while (qs < pathlen) {
3425 if (path[qs] == '?') {
3426 pathlen = qs;
3427 break;
3428 }
3429 qs++;
3430 }
3431 }
3432 } else {
3433 path = "/";
3434 pathlen = 1;
3435 }
3436
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003437 if (rule->rdr_str) { /* this is an old "redirect" rule */
3438 if (trash.len + rule->rdr_len + pathlen > trash.size - 4)
3439 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003440
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003441 /* add prefix. Note that if prefix == "/", we don't want to
3442 * add anything, otherwise it makes it hard for the user to
3443 * configure a self-redirection.
3444 */
3445 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
3446 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3447 trash.len += rule->rdr_len;
3448 }
3449 }
3450 else {
3451 /* add prefix with executing log format */
3452 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
3453
3454 /* Check length */
3455 if (trash.len + pathlen > trash.size - 4)
3456 return 0;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003457 }
3458
3459 /* add path */
3460 memcpy(trash.str + trash.len, path, pathlen);
3461 trash.len += pathlen;
3462
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003463 /* append a slash at the end of the location if needed and missing */
Willy Tarreau71241ab2012-12-27 11:30:54 +01003464 if (trash.len && trash.str[trash.len - 1] != '/' &&
3465 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3466 if (trash.len > trash.size - 5)
3467 return 0;
3468 trash.str[trash.len] = '/';
3469 trash.len++;
3470 }
3471
3472 break;
3473 }
3474 case REDIRECT_TYPE_LOCATION:
3475 default:
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003476 if (rule->rdr_str) { /* this is an old "redirect" rule */
3477 if (trash.len + rule->rdr_len > trash.size - 4)
3478 return 0;
3479
3480 /* add location */
3481 memcpy(trash.str + trash.len, rule->rdr_str, rule->rdr_len);
3482 trash.len += rule->rdr_len;
3483 }
3484 else {
3485 /* add location with executing log format */
3486 trash.len += build_logline(s, trash.str + trash.len, trash.size - trash.len, &rule->rdr_fmt);
Willy Tarreau71241ab2012-12-27 11:30:54 +01003487
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003488 /* Check left length */
3489 if (trash.len > trash.size - 4)
3490 return 0;
3491 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003492 break;
3493 }
3494
3495 if (rule->cookie_len) {
3496 memcpy(trash.str + trash.len, "\r\nSet-Cookie: ", 14);
3497 trash.len += 14;
3498 memcpy(trash.str + trash.len, rule->cookie_str, rule->cookie_len);
3499 trash.len += rule->cookie_len;
3500 memcpy(trash.str + trash.len, "\r\n", 2);
3501 trash.len += 2;
3502 }
3503
3504 /* add end of headers and the keep-alive/close status.
3505 * We may choose to set keep-alive if the Location begins
3506 * with a slash, because the client will come back to the
3507 * same server.
3508 */
3509 txn->status = rule->code;
3510 /* let's log the request time */
3511 s->logs.tv_request = now;
3512
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01003513 if (*location == '/' &&
Willy Tarreau71241ab2012-12-27 11:30:54 +01003514 (msg->flags & HTTP_MSGF_XFER_LEN) &&
3515 !(msg->flags & HTTP_MSGF_TE_CHNK) && !txn->req.body_len &&
3516 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3517 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3518 /* keep-alive possible */
3519 if (!(msg->flags & HTTP_MSGF_VER_11)) {
3520 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3521 memcpy(trash.str + trash.len, "\r\nProxy-Connection: keep-alive", 30);
3522 trash.len += 30;
3523 } else {
3524 memcpy(trash.str + trash.len, "\r\nConnection: keep-alive", 24);
3525 trash.len += 24;
3526 }
3527 }
3528 memcpy(trash.str + trash.len, "\r\n\r\n", 4);
3529 trash.len += 4;
3530 bo_inject(txn->rsp.chn, trash.str, trash.len);
3531 /* "eat" the request */
3532 bi_fast_delete(txn->req.chn->buf, msg->sov);
3533 msg->sov = 0;
3534 txn->req.chn->analysers = AN_REQ_HTTP_XFER_BODY;
3535 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3536 txn->req.msg_state = HTTP_MSG_CLOSED;
3537 txn->rsp.msg_state = HTTP_MSG_DONE;
3538 } else {
3539 /* keep-alive not possible */
3540 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3541 memcpy(trash.str + trash.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3542 trash.len += 29;
3543 } else {
3544 memcpy(trash.str + trash.len, "\r\nConnection: close\r\n\r\n", 23);
3545 trash.len += 23;
3546 }
3547 stream_int_retnclose(txn->req.chn->prod, &trash);
3548 txn->req.chn->analysers = 0;
3549 }
3550
3551 if (!(s->flags & SN_ERR_MASK))
Willy Tarreau570f2212013-06-10 16:42:09 +02003552 s->flags |= SN_ERR_LOCAL;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003553 if (!(s->flags & SN_FINST_MASK))
3554 s->flags |= SN_FINST_R;
3555
3556 return 1;
3557}
3558
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003559/* This stream analyser runs all HTTP request processing which is common to
3560 * frontends and backends, which means blocking ACLs, filters, connection-close,
3561 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02003562 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003563 * either needs more data or wants to immediately abort the request (eg: deny,
3564 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02003565 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003566int http_process_req_common(struct session *s, struct channel *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02003567{
Willy Tarreaud787e662009-07-07 10:14:51 +02003568 struct http_txn *txn = &s->txn;
3569 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003570 struct acl_cond *cond;
Willy Tarreauff011f22011-01-06 17:51:27 +01003571 struct http_req_rule *http_req_last_rule = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003572 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01003573 struct cond_wordlist *wl;
Willy Tarreaud787e662009-07-07 10:14:51 +02003574
Willy Tarreau655dce92009-11-08 13:10:58 +01003575 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003576 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003577 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003578 return 0;
3579 }
3580
Willy Tarreau3a816292009-07-07 10:55:49 +02003581 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02003582 req->analyse_exp = TICK_ETERNITY;
3583
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003584 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaud787e662009-07-07 10:14:51 +02003585 now_ms, __FUNCTION__,
3586 s,
3587 req,
3588 req->rex, req->wex,
3589 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003590 req->buf->i,
Willy Tarreaud787e662009-07-07 10:14:51 +02003591 req->analysers);
3592
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003593 /* first check whether we have some ACLs set to block this request */
3594 list_for_each_entry(cond, &px->block_cond, list) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003595 int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02003596
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003597 ret = acl_pass(ret);
3598 if (cond->pol == ACL_COND_UNLESS)
3599 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01003600
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003601 if (ret) {
3602 txn->status = 403;
3603 /* let's log the request time */
3604 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003605 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003606 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003607 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01003608 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003609 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003610
Willy Tarreau5d5b5d82012-12-09 12:00:04 +01003611 /* just in case we have some per-backend tracking */
3612 session_inc_be_http_req_ctr(s);
3613
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003614 /* evaluate http-request rules */
Willy Tarreau96257ec2012-12-27 10:46:37 +01003615 http_req_last_rule = http_req_get_intercept_rule(px, &px->http_req_rules, s, txn);
Willy Tarreau51425942010-02-01 10:40:19 +01003616
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003617 /* evaluate stats http-request rules only if http-request is OK */
Willy Tarreauff011f22011-01-06 17:51:27 +01003618 if (!http_req_last_rule) {
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003619 if (stats_check_uri(s->rep->prod, txn, px)) {
3620 s->target = &http_stats_applet.obj_type;
Willy Tarreau1fbe1c92013-12-01 09:35:41 +01003621 if (unlikely(!stream_int_register_handler(s->rep->prod, objt_applet(s->target)))) {
3622 txn->status = 500;
3623 s->logs.tv_request = now;
3624 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau7b4b4992013-12-01 09:15:12 +01003625
Willy Tarreau1fbe1c92013-12-01 09:35:41 +01003626 if (!(s->flags & SN_ERR_MASK))
3627 s->flags |= SN_ERR_RESOURCE;
3628 goto return_prx_cond;
3629 }
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003630 /* parse the whole stats request and extract the relevant information */
3631 http_handle_stats(s, req);
Willy Tarreau96257ec2012-12-27 10:46:37 +01003632 http_req_last_rule = http_req_get_intercept_rule(px, &px->uri_auth->http_req_rules, s, txn);
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003633 }
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003634 }
3635
Willy Tarreau3b44e722013-11-16 10:28:23 +01003636 /* only apply req{,i}{rep/deny/tarpit} if the request was not yet
3637 * blocked by an http-request rule.
3638 */
3639 if (!(txn->flags & (TX_CLDENY|TX_CLTARPIT)) && (px->req_exp != NULL)) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003640 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003641 goto return_bad_req;
Willy Tarreau3b44e722013-11-16 10:28:23 +01003642 }
Willy Tarreau06619262006-12-17 08:37:22 +01003643
Willy Tarreau3b44e722013-11-16 10:28:23 +01003644 /* return a 403 if either rule has blocked */
3645 if (txn->flags & (TX_CLDENY|TX_CLTARPIT)) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003646 if (txn->flags & TX_CLDENY) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003647 txn->status = 403;
Willy Tarreau59234e92008-11-30 23:51:27 +01003648 s->logs.tv_request = now;
Willy Tarreau783f2582012-09-04 12:19:04 +02003649 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003650 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003651 s->fe->fe_counters.denied_req++;
3652 if (s->fe != s->be)
3653 s->be->be_counters.denied_req++;
3654 if (s->listener->counters)
3655 s->listener->counters->denied_req++;
Willy Tarreau59234e92008-11-30 23:51:27 +01003656 goto return_prx_cond;
3657 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003658
3659 /* When a connection is tarpitted, we use the tarpit timeout,
3660 * which may be the same as the connect timeout if unspecified.
3661 * If unset, then set it to zero because we really want it to
3662 * eventually expire. We build the tarpit as an analyser.
3663 */
3664 if (txn->flags & TX_CLTARPIT) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003665 channel_erase(s->req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003666 /* wipe the request out so that we can drop the connection early
3667 * if the client closes first.
3668 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003669 channel_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003670 req->analysers = 0; /* remove switching rules etc... */
3671 req->analysers |= AN_REQ_HTTP_TARPIT;
3672 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3673 if (!req->analyse_exp)
3674 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003675 session_inc_http_err_ctr(s);
Willy Tarreau687ba132013-11-16 10:13:35 +01003676 s->fe->fe_counters.denied_req++;
3677 if (s->fe != s->be)
3678 s->be->be_counters.denied_req++;
3679 if (s->listener->counters)
3680 s->listener->counters->denied_req++;
Willy Tarreauc465fd72009-08-31 00:17:18 +02003681 return 1;
3682 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003683 }
Willy Tarreau06619262006-12-17 08:37:22 +01003684
Willy Tarreau70dffda2014-01-30 03:07:23 +01003685 /* Until set to anything else, the connection mode is set as Keep-Alive. It will
Willy Tarreau5b154472009-12-21 20:11:07 +01003686 * only change if both the request and the config reference something else.
Willy Tarreau70dffda2014-01-30 03:07:23 +01003687 * Option httpclose by itself sets tunnel mode where headers are mangled.
3688 * However, if another mode is set, it will affect it (eg: server-close/
3689 * keep-alive + httpclose = close). Note that we avoid to redo the same work
3690 * if FE and BE have the same settings (common). The method consists in
3691 * checking if options changed between the two calls (implying that either
3692 * one is non-null, or one of them is non-null and we are there for the first
3693 * time.
Willy Tarreau42736642009-10-18 21:04:35 +02003694 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003695
Willy Tarreau416ce612014-01-31 15:45:34 +01003696 if (!(txn->flags & TX_HDR_CONN_PRS) ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003697 ((s->fe->options & PR_O_HTTP_MODE) != (s->be->options & PR_O_HTTP_MODE))) {
Willy Tarreau70dffda2014-01-30 03:07:23 +01003698 int tmp = TX_CON_WANT_KAL;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003699
Willy Tarreau70dffda2014-01-30 03:07:23 +01003700 if (!((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)) {
3701 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN ||
3702 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
3703 tmp = TX_CON_WANT_TUN;
3704
3705 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
3706 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
3707 tmp = TX_CON_WANT_TUN;
3708 }
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003709
3710 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL ||
Willy Tarreau70dffda2014-01-30 03:07:23 +01003711 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL) {
3712 /* option httpclose + server_close => forceclose */
3713 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
3714 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
3715 tmp = TX_CON_WANT_CLO;
3716 else
3717 tmp = TX_CON_WANT_SCL;
3718 }
Willy Tarreau02bce8b2014-01-30 00:15:28 +01003719
3720 if ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL ||
3721 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL)
Willy Tarreau5b154472009-12-21 20:11:07 +01003722 tmp = TX_CON_WANT_CLO;
3723
Willy Tarreau5b154472009-12-21 20:11:07 +01003724 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3725 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003726
Willy Tarreau416ce612014-01-31 15:45:34 +01003727 if (!(txn->flags & TX_HDR_CONN_PRS) &&
3728 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003729 /* parse the Connection header and possibly clean it */
3730 int to_del = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003731 if ((msg->flags & HTTP_MSGF_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003732 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3733 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003734 to_del |= 2; /* remove "keep-alive" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003735 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003736 to_del |= 1; /* remove "close" */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003737 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003738 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003739
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003740 /* check if client or config asks for explicit close in KAL/SCL */
3741 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3742 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3743 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003744 (!(msg->flags & HTTP_MSGF_VER_11) && !(txn->flags & TX_HDR_CONN_KAL)) || /* no "connection: k-a" in 1.0 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01003745 !(msg->flags & HTTP_MSGF_XFER_LEN) || /* no length known => close */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003746 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003747 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3748 }
Willy Tarreau78599912009-10-17 20:12:21 +02003749
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003750 /* we can be blocked here because the request needs to be authenticated,
3751 * either to pass or to access stats.
3752 */
Willy Tarreau20b0de52012-12-24 15:45:22 +01003753 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_AUTH) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01003754 char *realm = http_req_last_rule->arg.auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003755
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003756 if (!realm)
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003757 realm = (objt_applet(s->target) == &http_stats_applet) ? STATS_DEFAULT_REALM : px->id;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003758
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003759 chunk_printf(&trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003760 txn->status = 401;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003761 stream_int_retnclose(req->prod, &trash);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003762 /* on 401 we still count one error, because normal browsing
3763 * won't significantly increase the counter but brute force
3764 * attempts will.
3765 */
3766 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003767 goto return_prx_cond;
3768 }
3769
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003770 /* add request headers from the rule sets in the same order */
3771 list_for_each_entry(wl, &px->req_add, list) {
3772 if (wl->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003773 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003774 ret = acl_pass(ret);
3775 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3776 ret = !ret;
3777 if (!ret)
3778 continue;
3779 }
3780
Willy Tarreau6acf7c92012-03-09 13:30:45 +01003781 if (unlikely(http_header_add_tail(&txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003782 goto return_bad_req;
Willy Tarreau81499eb2012-12-27 12:19:02 +01003783 }
3784
3785 if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_REDIR) {
3786 if (!http_apply_redirect_rule(http_req_last_rule->arg.redir, s, txn))
3787 goto return_bad_req;
3788 req->analyse_exp = TICK_ETERNITY;
3789 return 1;
Willy Tarreauf68a15a2011-01-06 16:53:21 +01003790 }
3791
Willy Tarreau414e9bb2013-11-23 00:30:38 +01003792 if (unlikely(objt_applet(s->target) == &http_stats_applet)) {
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003793 /* process the stats request now */
Willy Tarreau347a35d2013-11-22 17:51:09 +01003794 if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
3795 s->fe->fe_counters.intercepted_req++;
3796
3797 if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
3798 s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
3799 if (!(s->flags & SN_FINST_MASK))
3800 s->flags |= SN_FINST_R;
3801
3802 req->analyse_exp = TICK_ETERNITY;
Willy Tarreauaf3cf702014-04-22 22:19:53 +02003803 req->analysers = AN_REQ_HTTP_XFER_BODY;
Willy Tarreau1facd6d2012-12-22 22:03:39 +01003804 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003805 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003806
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003807 /* check whether we have some ACLs set to redirect this request */
3808 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01003809 if (rule->cond) {
Willy Tarreau71241ab2012-12-27 11:30:54 +01003810 int ret;
3811
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02003812 ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreauf285f542010-01-03 20:03:03 +01003813 ret = acl_pass(ret);
3814 if (rule->cond->pol == ACL_COND_UNLESS)
3815 ret = !ret;
Willy Tarreau71241ab2012-12-27 11:30:54 +01003816 if (!ret)
3817 continue;
Willy Tarreauf285f542010-01-03 20:03:03 +01003818 }
Willy Tarreau71241ab2012-12-27 11:30:54 +01003819 if (!http_apply_redirect_rule(rule, s, txn))
3820 goto return_bad_req;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003821
Willy Tarreau71241ab2012-12-27 11:30:54 +01003822 req->analyse_exp = TICK_ETERNITY;
3823 return 1;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003824 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003825
Willy Tarreau2be39392010-01-03 17:24:51 +01003826 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
3827 * If this happens, then the data will not come immediately, so we must
3828 * send all what we have without waiting. Note that due to the small gain
3829 * in waiting for the body of the request, it's easier to simply put the
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003830 * CF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
Willy Tarreau2be39392010-01-03 17:24:51 +01003831 * itself once used.
3832 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02003833 req->flags |= CF_SEND_DONTWAIT;
Willy Tarreau2be39392010-01-03 17:24:51 +01003834
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003835 /* that's OK for us now, let's move on to next analysers */
3836 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02003837
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003838 return_bad_req:
3839 /* We centralize bad requests processing here */
3840 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
3841 /* we detected a parsing error. We want to archive this request
3842 * in the dedicated proxy area for later troubleshooting.
3843 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01003844 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003845 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003846
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003847 txn->req.msg_state = HTTP_MSG_ERROR;
3848 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02003849 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003850
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01003851 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003852 if (s->listener->counters)
3853 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003854
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003855 return_prx_cond:
3856 if (!(s->flags & SN_ERR_MASK))
3857 s->flags |= SN_ERR_PRXCOND;
3858 if (!(s->flags & SN_FINST_MASK))
3859 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01003860
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003861 req->analysers = 0;
3862 req->analyse_exp = TICK_ETERNITY;
3863 return 0;
3864}
Willy Tarreau58f10d72006-12-04 02:26:12 +01003865
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003866/* This function performs all the processing enabled for the current request.
3867 * It returns 1 if the processing can continue on next analysers, or zero if it
3868 * needs more data, encounters an error, or wants to immediately abort the
3869 * request. It relies on buffers flags, and updates s->req->analysers.
3870 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02003871int http_process_request(struct session *s, struct channel *req, int an_bit)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003872{
3873 struct http_txn *txn = &s->txn;
3874 struct http_msg *msg = &txn->req;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003875 struct connection *cli_conn = objt_conn(req->prod->end);
Willy Tarreau58f10d72006-12-04 02:26:12 +01003876
Willy Tarreau655dce92009-11-08 13:10:58 +01003877 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003878 /* we need more data */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02003879 channel_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003880 return 0;
3881 }
3882
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01003883 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003884 now_ms, __FUNCTION__,
3885 s,
3886 req,
3887 req->rex, req->wex,
3888 req->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02003889 req->buf->i,
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003890 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01003891
William Lallemand82fe75c2012-10-23 10:25:10 +02003892 if (s->fe->comp || s->be->comp)
3893 select_compression_request_header(s, req->buf);
3894
Willy Tarreau59234e92008-11-30 23:51:27 +01003895 /*
3896 * Right now, we know that we have processed the entire headers
3897 * and that unwanted requests have been filtered out. We can do
3898 * whatever we want with the remaining request. Also, now we
3899 * may have separate values for ->fe, ->be.
3900 */
Willy Tarreau06619262006-12-17 08:37:22 +01003901
Willy Tarreau59234e92008-11-30 23:51:27 +01003902 /*
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003903 * If HTTP PROXY is set we simply get remote server address parsing
3904 * incoming request. Note that this requires that a connection is
3905 * allocated on the server side.
Willy Tarreau59234e92008-11-30 23:51:27 +01003906 */
3907 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02003908 struct connection *conn;
Willy Tarreaue8df1e12013-12-16 14:30:55 +01003909 char *path;
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02003910
Willy Tarreau9471b8c2013-12-15 13:31:35 +01003911 /* Note that for now we don't reuse existing proxy connections */
3912 if (unlikely((conn = si_alloc_conn(req->cons, 0)) == NULL)) {
Willy Tarreau32e3c6a2013-10-11 19:34:20 +02003913 txn->req.msg_state = HTTP_MSG_ERROR;
3914 txn->status = 500;
3915 req->analysers = 0;
3916 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
3917
3918 if (!(s->flags & SN_ERR_MASK))
3919 s->flags |= SN_ERR_RESOURCE;
3920 if (!(s->flags & SN_FINST_MASK))
3921 s->flags |= SN_FINST_R;
3922
3923 return 0;
3924 }
Willy Tarreaue8df1e12013-12-16 14:30:55 +01003925
3926 path = http_get_path(txn);
3927 url2sa(req->buf->p + msg->sl.rq.u,
3928 path ? path - (req->buf->p + msg->sl.rq.u) : msg->sl.rq.u_l,
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01003929 &conn->addr.to, NULL);
Willy Tarreaue8df1e12013-12-16 14:30:55 +01003930 /* if the path was found, we have to remove everything between
3931 * req->buf->p + msg->sl.rq.u and path (excluded). If it was not
3932 * found, we need to replace from req->buf->p + msg->sl.rq.u for
3933 * u_l characters by a single "/".
3934 */
3935 if (path) {
3936 char *cur_ptr = req->buf->p;
3937 char *cur_end = cur_ptr + txn->req.sl.rq.l;
3938 int delta;
3939
3940 delta = buffer_replace2(req->buf, req->buf->p + msg->sl.rq.u, path, NULL, 0);
3941 http_msg_move_end(&txn->req, delta);
3942 cur_end += delta;
3943 if (http_parse_reqline(&txn->req, HTTP_MSG_RQMETH, cur_ptr, cur_end + 1, NULL, NULL) == NULL)
3944 goto return_bad_req;
3945 }
3946 else {
3947 char *cur_ptr = req->buf->p;
3948 char *cur_end = cur_ptr + txn->req.sl.rq.l;
3949 int delta;
3950
3951 delta = buffer_replace2(req->buf, req->buf->p + msg->sl.rq.u,
3952 req->buf->p + msg->sl.rq.u + msg->sl.rq.u_l, "/", 1);
3953 http_msg_move_end(&txn->req, delta);
3954 cur_end += delta;
3955 if (http_parse_reqline(&txn->req, HTTP_MSG_RQMETH, cur_ptr, cur_end + 1, NULL, NULL) == NULL)
3956 goto return_bad_req;
3957 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003958 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003959
Willy Tarreau59234e92008-11-30 23:51:27 +01003960 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003961 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01003962 * Note that doing so might move headers in the request, but
3963 * the fields will stay coherent and the URI will not move.
3964 * This should only be performed in the backend.
3965 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02003966 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01003967 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
3968 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02003969
Willy Tarreau59234e92008-11-30 23:51:27 +01003970 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003971 * 8: the appsession cookie was looked up very early in 1.2,
3972 * so let's do the same now.
3973 */
3974
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003975 /* It needs to look into the URI unless persistence must be ignored */
3976 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02003977 get_srv_from_appsession(s, req->buf->p + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01003978 }
3979
William Lallemanda73203e2012-03-12 12:48:57 +01003980 /* add unique-id if "header-unique-id" is specified */
3981
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003982 if (!LIST_ISEMPTY(&s->fe->format_unique_id)) {
3983 if ((s->unique_id = pool_alloc2(pool2_uniqueid)) == NULL)
3984 goto return_bad_req;
3985 s->unique_id[0] = '\0';
William Lallemanda73203e2012-03-12 12:48:57 +01003986 build_logline(s, s->unique_id, UNIQUEID_LEN, &s->fe->format_unique_id);
William Lallemand5b7ea3a2013-08-28 15:44:19 +02003987 }
William Lallemanda73203e2012-03-12 12:48:57 +01003988
3989 if (s->fe->header_unique_id && s->unique_id) {
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003990 chunk_printf(&trash, "%s: %s", s->fe->header_unique_id, s->unique_id);
3991 if (trash.len < 0)
William Lallemanda73203e2012-03-12 12:48:57 +01003992 goto return_bad_req;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01003993 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, trash.len) < 0))
William Lallemanda73203e2012-03-12 12:48:57 +01003994 goto return_bad_req;
3995 }
3996
Cyril Bontéb21570a2009-11-29 20:04:48 +01003997 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01003998 * 9: add X-Forwarded-For if either the frontend or the backend
3999 * asks for it.
4000 */
4001 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02004002 struct hdr_ctx ctx = { .idx = 0 };
Willy Tarreau87cf5142011-08-19 22:57:24 +02004003 if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
Cyril Bontéa32d2752012-05-29 23:27:41 +02004004 http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
4005 s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
Willy Tarreau9b28e032012-10-12 23:49:43 +02004006 req->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreau87cf5142011-08-19 22:57:24 +02004007 /* The header is set to be added only if none is present
4008 * and we found it, so don't do anything.
4009 */
4010 }
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004011 else if (cli_conn && cli_conn->addr.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01004012 /* Add an X-Forwarded-For header unless the source IP is
4013 * in the 'except' network range.
4014 */
4015 if ((!s->fe->except_mask.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004016 (((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01004017 != s->fe->except_net.s_addr) &&
4018 (!s->be->except_mask.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004019 (((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01004020 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01004021 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01004022 unsigned char *pn;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004023 pn = (unsigned char *)&((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02004024
4025 /* Note: we rely on the backend to get the header name to be used for
4026 * x-forwarded-for, because the header is really meant for the backends.
4027 * However, if the backend did not specify any option, we have to rely
4028 * on the frontend's header name.
4029 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004030 if (s->be->fwdfor_hdr_len) {
4031 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004032 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02004033 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01004034 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004035 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004036 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004037 len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01004038
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004039 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01004040 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01004041 }
4042 }
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004043 else if (cli_conn && cli_conn->addr.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01004044 /* FIXME: for the sake of completeness, we should also support
4045 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004046 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004047 int len;
4048 char pn[INET6_ADDRSTRLEN];
4049 inet_ntop(AF_INET6,
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004050 (const void *)&((struct sockaddr_in6 *)(&cli_conn->addr.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01004051 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004052
Willy Tarreau59234e92008-11-30 23:51:27 +01004053 /* Note: we rely on the backend to get the header name to be used for
4054 * x-forwarded-for, because the header is really meant for the backends.
4055 * However, if the backend did not specify any option, we have to rely
4056 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004057 */
Willy Tarreau59234e92008-11-30 23:51:27 +01004058 if (s->be->fwdfor_hdr_len) {
4059 len = s->be->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004060 memcpy(trash.str, s->be->fwdfor_hdr_name, len);
Willy Tarreau59234e92008-11-30 23:51:27 +01004061 } else {
4062 len = s->fe->fwdfor_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004063 memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02004064 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004065 len += snprintf(trash.str + len, trash.size - len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02004066
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004067 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01004068 goto return_bad_req;
4069 }
4070 }
4071
4072 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02004073 * 10: add X-Original-To if either the frontend or the backend
4074 * asks for it.
4075 */
4076 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
4077
4078 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004079 if (cli_conn && cli_conn->addr.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004080 /* Add an X-Original-To header unless the destination IP is
4081 * in the 'except' network range.
4082 */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004083 conn_get_to_addr(cli_conn);
Maik Broemme2850cb42009-04-17 18:53:21 +02004084
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004085 if (cli_conn->addr.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02004086 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004087 (((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004088 != s->fe->except_to.s_addr) &&
4089 (!s->be->except_mask_to.s_addr ||
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004090 (((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02004091 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02004092 int len;
4093 unsigned char *pn;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004094 pn = (unsigned char *)&((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02004095
4096 /* Note: we rely on the backend to get the header name to be used for
4097 * x-original-to, because the header is really meant for the backends.
4098 * However, if the backend did not specify any option, we have to rely
4099 * on the frontend's header name.
4100 */
4101 if (s->be->orgto_hdr_len) {
4102 len = s->be->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004103 memcpy(trash.str, s->be->orgto_hdr_name, len);
Maik Broemme2850cb42009-04-17 18:53:21 +02004104 } else {
4105 len = s->fe->orgto_hdr_len;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004106 memcpy(trash.str, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01004107 }
Willy Tarreaue9187f82014-04-14 15:27:14 +02004108 len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Maik Broemme2850cb42009-04-17 18:53:21 +02004109
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004110 if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02004111 goto return_bad_req;
4112 }
4113 }
4114 }
4115
Willy Tarreau50fc7772012-11-11 22:19:57 +01004116 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set.
4117 * If an "Upgrade" token is found, the header is left untouched in order not to have
4118 * to deal with some servers bugs : some of them fail an Upgrade if anything but
4119 * "Upgrade" is present in the Connection header.
4120 */
4121 if (!(txn->flags & TX_HDR_CONN_UPG) &&
4122 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004123 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
4124 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004125 unsigned int want_flags = 0;
4126
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004127 if (msg->flags & HTTP_MSGF_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02004128 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004129 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
4130 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)) &&
Willy Tarreau22a95342010-09-29 14:31:41 +02004131 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004132 want_flags |= TX_CON_CLO_SET;
4133 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02004134 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
Willy Tarreau02bce8b2014-01-30 00:15:28 +01004135 ((s->fe->options & PR_O_HTTP_MODE) != PR_O_HTTP_PCL &&
4136 (s->be->options & PR_O_HTTP_MODE) != PR_O_HTTP_PCL)) ||
Willy Tarreau22a95342010-09-29 14:31:41 +02004137 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004138 want_flags |= TX_CON_KAL_SET;
4139 }
4140
4141 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004142 http_change_connection_header(txn, msg, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01004143 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004144
Willy Tarreaubbf0b372010-01-18 16:54:40 +01004145
Willy Tarreau522d6c02009-12-06 18:49:18 +01004146 /* If we have no server assigned yet and we're balancing on url_param
4147 * with a POST request, we may be interested in checking the body for
4148 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01004149 */
4150 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
4151 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004152 (msg->flags & (HTTP_MSGF_CNT_LEN|HTTP_MSGF_TE_CHNK))) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004153 channel_dont_connect(req);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004154 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01004155 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004156
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004157 if (msg->flags & HTTP_MSGF_XFER_LEN) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01004158 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau5e205522011-12-17 16:34:27 +01004159#ifdef TCP_QUICKACK
4160 /* We expect some data from the client. Unless we know for sure
4161 * we already have a full request, we have to re-enable quick-ack
4162 * in case we previously disabled it, otherwise we might cause
4163 * the client to delay further data.
4164 */
4165 if ((s->listener->options & LI_O_NOQUICKACK) &&
Willy Tarreau3c728722014-01-23 13:50:42 +01004166 cli_conn && conn_ctrl_ready(cli_conn) &&
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004167 ((msg->flags & HTTP_MSGF_TE_CHNK) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004168 (msg->body_len > req->buf->i - txn->req.eoh - 2)))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02004169 setsockopt(cli_conn->t.sock.fd, IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
Willy Tarreau5e205522011-12-17 16:34:27 +01004170#endif
4171 }
Willy Tarreau03945942009-12-22 16:50:27 +01004172
Willy Tarreau59234e92008-11-30 23:51:27 +01004173 /*************************************************************
4174 * OK, that's finished for the headers. We have done what we *
4175 * could. Let's switch to the DATA state. *
4176 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01004177 req->analyse_exp = TICK_ETERNITY;
4178 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004179
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004180 /* if the server closes the connection, we want to immediately react
4181 * and close the socket to save packets and syscalls.
4182 */
Willy Tarreau40f151a2012-12-20 12:10:09 +01004183 if (!(req->analysers & AN_REQ_HTTP_XFER_BODY))
4184 req->cons->flags |= SI_FL_NOHALF;
Willy Tarreau7bb68ab2012-05-13 14:48:59 +02004185
Willy Tarreau59234e92008-11-30 23:51:27 +01004186 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01004187 /* OK let's go on with the BODY now */
4188 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01004189
Willy Tarreau59234e92008-11-30 23:51:27 +01004190 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02004191 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01004192 /* we detected a parsing error. We want to archive this request
4193 * in the dedicated proxy area for later troubleshooting.
4194 */
Willy Tarreau8a0cef22012-03-09 13:39:23 +01004195 http_capture_bad_message(&s->fe->invalid_req, s, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01004196 }
Willy Tarreau4076a152009-04-02 15:18:36 +02004197
Willy Tarreau59234e92008-11-30 23:51:27 +01004198 txn->req.msg_state = HTTP_MSG_ERROR;
4199 txn->status = 400;
4200 req->analysers = 0;
Willy Tarreau783f2582012-09-04 12:19:04 +02004201 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004202
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004203 s->fe->fe_counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004204 if (s->listener->counters)
4205 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004206
Willy Tarreau59234e92008-11-30 23:51:27 +01004207 if (!(s->flags & SN_ERR_MASK))
4208 s->flags |= SN_ERR_PRXCOND;
4209 if (!(s->flags & SN_FINST_MASK))
4210 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02004211 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004212}
Willy Tarreauadfb8562008-08-11 15:24:42 +02004213
Willy Tarreau60b85b02008-11-30 23:28:40 +01004214/* This function is an analyser which processes the HTTP tarpit. It always
4215 * returns zero, at the beginning because it prevents any other processing
4216 * from occurring, and at the end because it terminates the request.
4217 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004218int http_process_tarpit(struct session *s, struct channel *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01004219{
4220 struct http_txn *txn = &s->txn;
4221
4222 /* This connection is being tarpitted. The CLIENT side has
4223 * already set the connect expiration date to the right
4224 * timeout. We just have to check that the client is still
4225 * there and that the timeout has not expired.
4226 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004227 channel_dont_connect(req);
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004228 if ((req->flags & (CF_SHUTR|CF_READ_ERROR)) == 0 &&
Willy Tarreau60b85b02008-11-30 23:28:40 +01004229 !tick_is_expired(req->analyse_exp, now_ms))
4230 return 0;
4231
4232 /* We will set the queue timer to the time spent, just for
4233 * logging purposes. We fake a 500 server error, so that the
4234 * attacker will not suspect his connection has been tarpitted.
4235 * It will not cause trouble to the logs because we can exclude
4236 * the tarpitted connections by filtering on the 'PT' status flags.
4237 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01004238 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
4239
4240 txn->status = 500;
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004241 if (!(req->flags & CF_READ_ERROR))
Willy Tarreau783f2582012-09-04 12:19:04 +02004242 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_500));
Willy Tarreau60b85b02008-11-30 23:28:40 +01004243
4244 req->analysers = 0;
4245 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02004246
Willy Tarreau60b85b02008-11-30 23:28:40 +01004247 if (!(s->flags & SN_ERR_MASK))
4248 s->flags |= SN_ERR_PRXCOND;
4249 if (!(s->flags & SN_FINST_MASK))
4250 s->flags |= SN_FINST_T;
4251 return 0;
4252}
4253
Willy Tarreau5a8f9472014-04-10 11:16:06 +02004254/* This function is an analyser which waits for the HTTP request body. It waits
4255 * for either the buffer to be full, or the full advertised contents to have
4256 * reached the buffer. It must only be called after the standard HTTP request
4257 * processing has occurred, because it expects the request to be parsed and will
4258 * look for the Expect header. It may send a 100-Continue interim response. It
4259 * takes in input any state starting from HTTP_MSG_BODY and leaves with one of
4260 * HTTP_MSG_CHK_SIZE, HTTP_MSG_DATA or HTTP_MSG_TRAILERS. It returns zero if it
4261 * needs to read more data, or 1 once it has completed its analysis.
Willy Tarreaud34af782008-11-30 23:36:37 +01004262 */
Willy Tarreau5a8f9472014-04-10 11:16:06 +02004263int http_wait_for_request_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01004264{
Willy Tarreau522d6c02009-12-06 18:49:18 +01004265 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01004266 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01004267
4268 /* We have to parse the HTTP request body to find any required data.
4269 * "balance url_param check_post" should have been the only way to get
4270 * into this. We were brought here after HTTP header analysis, so all
4271 * related structures are ready.
4272 */
4273
Willy Tarreau890988f2014-04-10 11:59:33 +02004274 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
4275 /* This is the first call */
4276 if (msg->msg_state < HTTP_MSG_BODY)
4277 goto missing_data;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004278
Willy Tarreau890988f2014-04-10 11:59:33 +02004279 if (msg->msg_state < HTTP_MSG_100_SENT) {
4280 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
4281 * send an HTTP/1.1 100 Continue intermediate response.
4282 */
4283 if (msg->flags & HTTP_MSGF_VER_11) {
4284 struct hdr_ctx ctx;
4285 ctx.idx = 0;
4286 /* Expect is allowed in 1.1, look for it */
4287 if (http_find_header2("Expect", 6, req->buf->p, &txn->hdr_idx, &ctx) &&
4288 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
4289 bo_inject(s->rep, http_100_chunk.str, http_100_chunk.len);
4290 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004291 }
Willy Tarreau890988f2014-04-10 11:59:33 +02004292 msg->msg_state = HTTP_MSG_100_SENT;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004293 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004294
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004295 /* we have msg->sov which points to the first byte of message body.
Willy Tarreau877e78d2013-04-07 18:48:08 +02004296 * req->buf->p still points to the beginning of the message. We
4297 * must save the body in msg->next because it survives buffer
4298 * re-alignments.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004299 */
Willy Tarreauea1175a2012-03-05 15:52:30 +01004300 msg->next = msg->sov;
Willy Tarreaua458b672012-03-05 11:17:50 +01004301
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01004302 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau522d6c02009-12-06 18:49:18 +01004303 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4304 else
4305 msg->msg_state = HTTP_MSG_DATA;
4306 }
4307
Willy Tarreau890988f2014-04-10 11:59:33 +02004308 if (!(msg->flags & HTTP_MSGF_TE_CHNK)) {
4309 /* We're in content-length mode, we just have to wait for enough data. */
4310 if (req->buf->i - msg->sov < msg->body_len)
4311 goto missing_data;
4312
4313 /* OK we have everything we need now */
4314 goto http_end;
4315 }
4316
4317 /* OK here we're parsing a chunked-encoded message */
4318
Willy Tarreau522d6c02009-12-06 18:49:18 +01004319 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004320 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaua458b672012-03-05 11:17:50 +01004321 * set ->sov and ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01004322 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01004323 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01004324 int ret = http_parse_chunk_size(msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01004325
Willy Tarreau115acb92009-12-26 13:56:06 +01004326 if (!ret)
4327 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004328 else if (ret < 0) {
4329 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01004330 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004331 }
Willy Tarreaud34af782008-11-30 23:36:37 +01004332 }
4333
Willy Tarreaud98cf932009-12-27 22:54:55 +01004334 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreaufa4a03c2012-03-09 21:28:54 +01004335 * We have the first data byte is in msg->sov. We're waiting for at
Willy Tarreau226071e2014-04-10 11:55:45 +02004336 * least a whole chunk or the whole content length bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01004337 */
Willy Tarreau890988f2014-04-10 11:59:33 +02004338 if (msg->msg_state == HTTP_MSG_TRAILERS)
4339 goto http_end;
4340
Willy Tarreau226071e2014-04-10 11:55:45 +02004341 if (req->buf->i - msg->sov >= msg->body_len) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01004342 goto http_end;
4343
4344 missing_data:
Willy Tarreau31a19952014-04-10 11:50:37 +02004345 /* we get here if we need to wait for more data. If the buffer is full,
4346 * we have the maximum we can expect.
4347 */
4348 if (buffer_full(req->buf, global.tune.maxrewrite))
4349 goto http_end;
Willy Tarreau115acb92009-12-26 13:56:06 +01004350
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004351 if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01004352 txn->status = 408;
Willy Tarreau783f2582012-09-04 12:19:04 +02004353 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02004354
4355 if (!(s->flags & SN_ERR_MASK))
4356 s->flags |= SN_ERR_CLITO;
4357 if (!(s->flags & SN_FINST_MASK))
4358 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004359 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01004360 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004361
4362 /* we get here if we need to wait for more data */
Willy Tarreau31a19952014-04-10 11:50:37 +02004363 if (!(req->flags & (CF_SHUTR | CF_READ_ERROR))) {
Willy Tarreaud34af782008-11-30 23:36:37 +01004364 /* Not enough data. We'll re-use the http-request
4365 * timeout here. Ideally, we should set the timeout
4366 * relative to the accept() date. We just set the
4367 * request timeout once at the beginning of the
4368 * request.
4369 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004370 channel_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01004371 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02004372 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01004373 return 0;
4374 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01004375
4376 http_end:
4377 /* The situation will not evolve, so let's give up on the analysis. */
4378 s->logs.tv_request = now; /* update the request timer to reflect full request */
4379 req->analysers &= ~an_bit;
4380 req->analyse_exp = TICK_ETERNITY;
4381 return 1;
4382
4383 return_bad_req: /* let's centralize all bad requests */
4384 txn->req.msg_state = HTTP_MSG_ERROR;
4385 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02004386 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreau522d6c02009-12-06 18:49:18 +01004387
Willy Tarreau79ebac62010-06-07 13:47:49 +02004388 if (!(s->flags & SN_ERR_MASK))
4389 s->flags |= SN_ERR_PRXCOND;
4390 if (!(s->flags & SN_FINST_MASK))
4391 s->flags |= SN_FINST_R;
4392
Willy Tarreau522d6c02009-12-06 18:49:18 +01004393 return_err_msg:
4394 req->analysers = 0;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004395 s->fe->fe_counters.failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004396 if (s->listener->counters)
4397 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01004398 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01004399}
4400
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004401/* send a server's name with an outgoing request over an established connection.
4402 * Note: this function is designed to be called once the request has been scheduled
4403 * for being forwarded. This is the reason why it rewinds the buffer before
4404 * proceeding.
4405 */
Willy Tarreau45c0d982012-03-09 12:11:57 +01004406int http_send_name_header(struct http_txn *txn, struct proxy* be, const char* srv_name) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004407
4408 struct hdr_ctx ctx;
4409
Mark Lamourinec2247f02012-01-04 13:02:01 -05004410 char *hdr_name = be->server_id_hdr_name;
4411 int hdr_name_len = be->server_id_hdr_len;
Willy Tarreau394db372012-10-12 22:40:39 +02004412 struct channel *chn = txn->req.chn;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004413 char *hdr_val;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004414 unsigned int old_o, old_i;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004415
William Lallemandd9e90662012-01-30 17:27:17 +01004416 ctx.idx = 0;
4417
Willy Tarreau211cdec2014-04-17 20:18:08 +02004418 old_o = http_hdr_rewind(&txn->req);
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004419 if (old_o) {
4420 /* The request was already skipped, let's restore it */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004421 b_rew(chn->buf, old_o);
Willy Tarreau877e78d2013-04-07 18:48:08 +02004422 txn->req.next += old_o;
4423 txn->req.sov += old_o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004424 }
4425
Willy Tarreau9b28e032012-10-12 23:49:43 +02004426 old_i = chn->buf->i;
4427 while (http_find_header2(hdr_name, hdr_name_len, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Mark Lamourinec2247f02012-01-04 13:02:01 -05004428 /* remove any existing values from the header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01004429 http_remove_header2(&txn->req, &txn->hdr_idx, &ctx);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004430 }
4431
4432 /* Add the new header requested with the server value */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004433 hdr_val = trash.str;
Mark Lamourinec2247f02012-01-04 13:02:01 -05004434 memcpy(hdr_val, hdr_name, hdr_name_len);
4435 hdr_val += hdr_name_len;
4436 *hdr_val++ = ':';
4437 *hdr_val++ = ' ';
Willy Tarreau19d14ef2012-10-29 16:51:55 +01004438 hdr_val += strlcpy2(hdr_val, srv_name, trash.str + trash.size - hdr_val);
4439 http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, hdr_val - trash.str);
Mark Lamourinec2247f02012-01-04 13:02:01 -05004440
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004441 if (old_o) {
4442 /* If this was a forwarded request, we must readjust the amount of
4443 * data to be forwarded in order to take into account the size
Willy Tarreau877e78d2013-04-07 18:48:08 +02004444 * variations. Note that the current state is >= HTTP_MSG_BODY,
4445 * so we don't have to adjust ->sol.
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004446 */
Willy Tarreau877e78d2013-04-07 18:48:08 +02004447 old_o += chn->buf->i - old_i;
4448 b_adv(chn->buf, old_o);
4449 txn->req.next -= old_o;
4450 txn->req.sov -= old_o;
Willy Tarreaud1de8af2012-05-18 22:12:14 +02004451 }
4452
Mark Lamourinec2247f02012-01-04 13:02:01 -05004453 return 0;
4454}
4455
Willy Tarreau610ecce2010-01-04 21:15:02 +01004456/* Terminate current transaction and prepare a new one. This is very tricky
4457 * right now but it works.
4458 */
4459void http_end_txn_clean_session(struct session *s)
4460{
Willy Tarreau068621e2013-12-23 15:11:25 +01004461 int prev_status = s->txn.status;
4462
Willy Tarreau610ecce2010-01-04 21:15:02 +01004463 /* FIXME: We need a more portable way of releasing a backend's and a
4464 * server's connections. We need a safer way to reinitialize buffer
4465 * flags. We also need a more accurate method for computing per-request
4466 * data.
4467 */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004468
Willy Tarreau4213a112013-12-15 10:25:42 +01004469 /* unless we're doing keep-alive, we want to quickly close the connection
4470 * to the server.
4471 */
4472 if (((s->txn.flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) ||
4473 !si_conn_ready(s->req->cons)) {
4474 s->req->cons->flags |= SI_FL_NOLINGER | SI_FL_NOHALF;
4475 si_shutr(s->req->cons);
4476 si_shutw(s->req->cons);
4477 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004478
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004479 if (s->flags & SN_BE_ASSIGNED) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004480 s->be->beconn--;
Willy Tarreau2d5cd472012-03-01 23:34:37 +01004481 if (unlikely(s->srv_conn))
4482 sess_change_server(s, NULL);
4483 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004484
4485 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
4486 session_process_counters(s);
Willy Tarreauf3338342014-01-28 21:40:28 +01004487 session_stop_content_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004488
4489 if (s->txn.status) {
4490 int n;
4491
4492 n = s->txn.status / 100;
4493 if (n < 1 || n > 5)
4494 n = 0;
4495
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004496 if (s->fe->mode == PR_MODE_HTTP) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004497 s->fe->fe_counters.p.http.rsp[n]++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004498 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004499 s->fe->fe_counters.p.http.comp_rsp++;
4500 }
Willy Tarreau24657792010-02-26 10:30:28 +01004501 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004502 (s->be->mode == PR_MODE_HTTP)) {
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004503 s->be->be_counters.p.http.rsp[n]++;
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004504 s->be->be_counters.p.http.cum_req++;
Willy Tarreau8139b992012-11-27 07:35:31 +01004505 if (s->comp_algo && (s->flags & SN_COMP_READY))
Willy Tarreau5e16cbc2012-11-24 14:54:13 +01004506 s->be->be_counters.p.http.comp_rsp++;
4507 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004508 }
4509
4510 /* don't count other requests' data */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004511 s->logs.bytes_in -= s->req->buf->i;
4512 s->logs.bytes_out -= s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004513
4514 /* let's do a final log if we need it */
Willy Tarreaud79a3b22012-12-28 09:40:16 +01004515 if (!LIST_ISEMPTY(&s->fe->logformat) && s->logs.logwait &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004516 !(s->flags & SN_MONITOR) &&
4517 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
4518 s->do_log(s);
4519 }
4520
4521 s->logs.accept_date = date; /* user-visible date for logging */
4522 s->logs.tv_accept = now; /* corrected date for internal use */
4523 tv_zero(&s->logs.tv_request);
4524 s->logs.t_queue = -1;
4525 s->logs.t_connect = -1;
4526 s->logs.t_data = -1;
4527 s->logs.t_close = 0;
4528 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
4529 s->logs.srv_queue_size = 0; /* we will get this number soon */
4530
Willy Tarreau9b28e032012-10-12 23:49:43 +02004531 s->logs.bytes_in = s->req->total = s->req->buf->i;
4532 s->logs.bytes_out = s->rep->total = s->rep->buf->i;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004533
4534 if (s->pend_pos)
4535 pendconn_free(s->pend_pos);
4536
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004537 if (objt_server(s->target)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004538 if (s->flags & SN_CURR_SESS) {
4539 s->flags &= ~SN_CURR_SESS;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004540 objt_server(s->target)->cur_sess--;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004541 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004542 if (may_dequeue_tasks(objt_server(s->target), s->be))
4543 process_srv_queue(objt_server(s->target));
Willy Tarreau610ecce2010-01-04 21:15:02 +01004544 }
4545
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004546 s->target = NULL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004547
Willy Tarreau4213a112013-12-15 10:25:42 +01004548 /* only release our endpoint if we don't intend to reuse the
4549 * connection.
4550 */
4551 if (((s->txn.flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) ||
4552 !si_conn_ready(s->req->cons)) {
4553 si_release_endpoint(s->req->cons);
4554 }
4555
Willy Tarreau610ecce2010-01-04 21:15:02 +01004556 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004557 s->req->cons->err_type = SI_ET_NONE;
Willy Tarreau0b3a4112011-03-27 19:16:56 +02004558 s->req->cons->conn_retries = 0; /* used for logging too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004559 s->req->cons->exp = TICK_ETERNITY;
Willy Tarreauc9200962013-12-31 23:03:09 +01004560 s->req->cons->flags &= SI_FL_DONT_WAKE; /* we're in the context of process_session */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004561 s->req->flags &= ~(CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CONNECT|CF_WRITE_ERROR|CF_STREAMER|CF_STREAMER_FAST|CF_NEVER_WAIT);
4562 s->rep->flags &= ~(CF_SHUTR|CF_SHUTR_NOW|CF_READ_ATTACHED|CF_READ_ERROR|CF_READ_NOEXP|CF_STREAMER|CF_STREAMER_FAST|CF_WRITE_PARTIAL|CF_NEVER_WAIT);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02004563 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau36346242014-02-24 18:26:30 +01004564 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE|SN_SRV_REUSED);
Willy Tarreau543db622012-11-15 16:41:22 +01004565
Willy Tarreau610ecce2010-01-04 21:15:02 +01004566 s->txn.meth = 0;
4567 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01004568 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreau068621e2013-12-23 15:11:25 +01004569
4570 if (prev_status == 401 || prev_status == 407) {
4571 /* In HTTP keep-alive mode, if we receive a 401, we still have
4572 * a chance of being able to send the visitor again to the same
4573 * server over the same connection. This is required by some
4574 * broken protocols such as NTLM, and anyway whenever there is
4575 * an opportunity for sending the challenge to the proper place,
4576 * it's better to do it (at least it helps with debugging).
4577 */
4578 s->txn.flags |= TX_PREFER_LAST;
4579 }
4580
Willy Tarreauee55dc02010-06-01 10:56:34 +02004581 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01004582 s->req->cons->flags |= SI_FL_INDEP_STR;
4583
Willy Tarreau96e31212011-05-30 18:10:30 +02004584 if (s->fe->options2 & PR_O2_NODELAY) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004585 s->req->flags |= CF_NEVER_WAIT;
4586 s->rep->flags |= CF_NEVER_WAIT;
Willy Tarreau96e31212011-05-30 18:10:30 +02004587 }
4588
Willy Tarreau610ecce2010-01-04 21:15:02 +01004589 /* if the request buffer is not empty, it means we're
4590 * about to process another request, so send pending
4591 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01004592 * Just don't do this if the buffer is close to be full,
4593 * because the request will wait for it to flush a little
4594 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004595 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02004596 if (s->req->buf->i) {
4597 if (s->rep->buf->o &&
4598 !buffer_full(s->rep->buf, global.tune.maxrewrite) &&
4599 bi_end(s->rep->buf) <= s->rep->buf->data + s->rep->buf->size - global.tune.maxrewrite)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004600 s->rep->flags |= CF_EXPECT_MORE;
Willy Tarreau065e8332010-01-08 00:30:20 +01004601 }
Willy Tarreau90deb182010-01-07 00:20:41 +01004602
4603 /* we're removing the analysers, we MUST re-enable events detection */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004604 channel_auto_read(s->req);
4605 channel_auto_close(s->req);
4606 channel_auto_read(s->rep);
4607 channel_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004608
Willy Tarreau27375622013-12-17 00:00:28 +01004609 /* we're in keep-alive with an idle connection, monitor it */
4610 si_idle_conn(s->req->cons);
4611
Willy Tarreau342b11c2010-11-24 16:22:09 +01004612 s->req->analysers = s->listener->analysers;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004613 s->rep->analysers = 0;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004614}
4615
4616
4617/* This function updates the request state machine according to the response
4618 * state machine and buffer flags. It returns 1 if it changes anything (flag
4619 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4620 * it is only used to find when a request/response couple is complete. Both
4621 * this function and its equivalent should loop until both return zero. It
4622 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4623 */
4624int http_sync_req_state(struct session *s)
4625{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004626 struct channel *chn = s->req;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004627 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004628 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004629 unsigned int old_state = txn->req.msg_state;
4630
Willy Tarreau610ecce2010-01-04 21:15:02 +01004631 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4632 return 0;
4633
4634 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004635 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004636 * We can shut the read side unless we want to abort_on_close,
4637 * or we have a POST request. The issue with POST requests is
4638 * that some browsers still send a CRLF after the request, and
4639 * this CRLF must be read so that it does not remain in the kernel
4640 * buffers, otherwise a close could cause an RST on some systems
4641 * (eg: Linux).
Willy Tarreau3988d932013-12-27 23:03:08 +01004642 * Note that if we're using keep-alive on the client side, we'd
4643 * rather poll now and keep the polling enabled for the whole
4644 * session's life than enabling/disabling it between each
4645 * response and next request.
Willy Tarreau90deb182010-01-07 00:20:41 +01004646 */
Willy Tarreau3988d932013-12-27 23:03:08 +01004647 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_SCL) &&
4648 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) &&
4649 !(s->be->options & PR_O_ABRT_CLOSE) &&
4650 txn->meth != HTTP_METH_POST)
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004651 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004652
Willy Tarreau40f151a2012-12-20 12:10:09 +01004653 /* if the server closes the connection, we want to immediately react
4654 * and close the socket to save packets and syscalls.
4655 */
4656 chn->cons->flags |= SI_FL_NOHALF;
4657
Willy Tarreau610ecce2010-01-04 21:15:02 +01004658 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4659 goto wait_other_side;
4660
4661 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4662 /* The server has not finished to respond, so we
4663 * don't want to move in order not to upset it.
4664 */
4665 goto wait_other_side;
4666 }
4667
4668 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4669 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004670 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004671 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004672 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004673 goto wait_other_side;
4674 }
4675
4676 /* When we get here, it means that both the request and the
4677 * response have finished receiving. Depending on the connection
4678 * mode, we'll have to wait for the last bytes to leave in either
4679 * direction, and sometimes for a close to be effective.
4680 */
4681
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004682 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4683 /* Server-close mode : queue a connection close to the server */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004684 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW)))
4685 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004686 }
4687 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4688 /* Option forceclose is set, or either side wants to close,
4689 * let's enforce it now that we're not expecting any new
4690 * data to come. The caller knows the session is complete
4691 * once both states are CLOSED.
4692 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004693 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4694 channel_shutr_now(chn);
4695 channel_shutw_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004696 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004697 }
4698 else {
Willy Tarreau4213a112013-12-15 10:25:42 +01004699 /* The last possible modes are keep-alive and tunnel. Tunnel mode
4700 * will not have any analyser so it needs to poll for reads.
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004701 */
Willy Tarreau4213a112013-12-15 10:25:42 +01004702 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN) {
4703 channel_auto_read(chn);
4704 txn->req.msg_state = HTTP_MSG_TUNNEL;
4705 chn->flags |= CF_NEVER_WAIT;
4706 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004707 }
4708
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004709 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004710 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004711 chn->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004712
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004713 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004714 txn->req.msg_state = HTTP_MSG_CLOSING;
4715 goto http_msg_closing;
4716 }
4717 else {
4718 txn->req.msg_state = HTTP_MSG_CLOSED;
4719 goto http_msg_closed;
4720 }
4721 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004722 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004723 }
4724
4725 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4726 http_msg_closing:
4727 /* nothing else to forward, just waiting for the output buffer
4728 * to be empty and for the shutw_now to take effect.
4729 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004730 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004731 txn->req.msg_state = HTTP_MSG_CLOSED;
4732 goto http_msg_closed;
4733 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004734 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004735 txn->req.msg_state = HTTP_MSG_ERROR;
4736 goto wait_other_side;
4737 }
4738 }
4739
4740 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4741 http_msg_closed:
Willy Tarreau3988d932013-12-27 23:03:08 +01004742 /* see above in MSG_DONE why we only do this in these states */
4743 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_SCL) &&
4744 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_KAL) &&
4745 !(s->be->options & PR_O_ABRT_CLOSE))
Willy Tarreau2e7a1652013-12-15 15:32:10 +01004746 channel_dont_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004747 goto wait_other_side;
4748 }
4749
4750 wait_other_side:
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004751 return txn->req.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004752}
4753
4754
4755/* This function updates the response state machine according to the request
4756 * state machine and buffer flags. It returns 1 if it changes anything (flag
4757 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4758 * it is only used to find when a request/response couple is complete. Both
4759 * this function and its equivalent should loop until both return zero. It
4760 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4761 */
4762int http_sync_res_state(struct session *s)
4763{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004764 struct channel *chn = s->rep;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004765 struct http_txn *txn = &s->txn;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004766 unsigned int old_flags = chn->flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004767 unsigned int old_state = txn->rsp.msg_state;
4768
Willy Tarreau610ecce2010-01-04 21:15:02 +01004769 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4770 return 0;
4771
4772 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4773 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004774 * still monitor the server connection for a possible close
4775 * while the request is being uploaded, so we don't disable
4776 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004777 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004778 /* channel_dont_read(chn); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004779
4780 if (txn->req.msg_state == HTTP_MSG_ERROR)
4781 goto wait_other_side;
4782
4783 if (txn->req.msg_state < HTTP_MSG_DONE) {
4784 /* The client seems to still be sending data, probably
4785 * because we got an error response during an upload.
4786 * We have the choice of either breaking the connection
4787 * or letting it pass through. Let's do the later.
4788 */
4789 goto wait_other_side;
4790 }
4791
4792 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
4793 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004794 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004795 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreaufc47f912012-10-20 10:38:09 +02004796 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004797 goto wait_other_side;
4798 }
4799
4800 /* When we get here, it means that both the request and the
4801 * response have finished receiving. Depending on the connection
4802 * mode, we'll have to wait for the last bytes to leave in either
4803 * direction, and sometimes for a close to be effective.
4804 */
4805
4806 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4807 /* Server-close mode : shut read and wait for the request
4808 * side to close its output buffer. The caller will detect
4809 * when we're in DONE and the other is in CLOSED and will
4810 * catch that for the final cleanup.
4811 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004812 if (!(chn->flags & (CF_SHUTR|CF_SHUTR_NOW)))
4813 channel_shutr_now(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004814 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004815 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4816 /* Option forceclose is set, or either side wants to close,
4817 * let's enforce it now that we're not expecting any new
4818 * data to come. The caller knows the session is complete
4819 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004820 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004821 if (!(chn->flags & (CF_SHUTW|CF_SHUTW_NOW))) {
4822 channel_shutr_now(chn);
4823 channel_shutw_now(chn);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004824 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004825 }
4826 else {
Willy Tarreau4213a112013-12-15 10:25:42 +01004827 /* The last possible modes are keep-alive and tunnel. Tunnel will
4828 * need to forward remaining data. Keep-alive will need to monitor
4829 * for connection closing.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004830 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004831 channel_auto_read(chn);
Willy Tarreaufc47f912012-10-20 10:38:09 +02004832 chn->flags |= CF_NEVER_WAIT;
Willy Tarreau4213a112013-12-15 10:25:42 +01004833 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
4834 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004835 }
4836
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004837 if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004838 /* if we've just closed an output, let's switch */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004839 if (!channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004840 txn->rsp.msg_state = HTTP_MSG_CLOSING;
4841 goto http_msg_closing;
4842 }
4843 else {
4844 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4845 goto http_msg_closed;
4846 }
4847 }
4848 goto wait_other_side;
4849 }
4850
4851 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
4852 http_msg_closing:
4853 /* nothing else to forward, just waiting for the output buffer
4854 * to be empty and for the shutw_now to take effect.
4855 */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004856 if (channel_is_empty(chn)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004857 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4858 goto http_msg_closed;
4859 }
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004860 else if (chn->flags & CF_SHUTW) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004861 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01004862 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004863 if (objt_server(s->target))
4864 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004865 goto wait_other_side;
4866 }
4867 }
4868
4869 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
4870 http_msg_closed:
4871 /* drop any pending data */
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004872 bi_erase(chn);
4873 channel_auto_close(chn);
4874 channel_auto_read(chn);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004875 goto wait_other_side;
4876 }
4877
4878 wait_other_side:
Willy Tarreaufc47f912012-10-20 10:38:09 +02004879 /* We force the response to leave immediately if we're waiting for the
4880 * other side, since there is no pending shutdown to push it out.
4881 */
4882 if (!channel_is_empty(chn))
4883 chn->flags |= CF_SEND_DONTWAIT;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02004884 return txn->rsp.msg_state != old_state || chn->flags != old_flags;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004885}
4886
4887
4888/* Resync the request and response state machines. Return 1 if either state
4889 * changes.
4890 */
4891int http_resync_states(struct session *s)
4892{
4893 struct http_txn *txn = &s->txn;
4894 int old_req_state = txn->req.msg_state;
4895 int old_res_state = txn->rsp.msg_state;
4896
Willy Tarreau610ecce2010-01-04 21:15:02 +01004897 http_sync_req_state(s);
4898 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004899 if (!http_sync_res_state(s))
4900 break;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004901 if (!http_sync_req_state(s))
4902 break;
4903 }
Willy Tarreau3ce10ff2014-04-22 08:24:38 +02004904
Willy Tarreau610ecce2010-01-04 21:15:02 +01004905 /* OK, both state machines agree on a compatible state.
4906 * There are a few cases we're interested in :
4907 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
4908 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
4909 * directions, so let's simply disable both analysers.
4910 * - HTTP_MSG_CLOSED on the response only means we must abort the
4911 * request.
4912 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
4913 * with server-close mode means we've completed one request and we
4914 * must re-initialize the server connection.
4915 */
4916
4917 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
4918 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
4919 (txn->req.msg_state == HTTP_MSG_CLOSED &&
4920 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
4921 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004922 channel_auto_close(s->req);
4923 channel_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004924 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004925 channel_auto_close(s->rep);
4926 channel_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004927 }
Willy Tarreau40f151a2012-12-20 12:10:09 +01004928 else if ((txn->req.msg_state >= HTTP_MSG_DONE &&
4929 (txn->rsp.msg_state == HTTP_MSG_CLOSED || (s->rep->flags & CF_SHUTW))) ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004930 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau40f151a2012-12-20 12:10:09 +01004931 txn->req.msg_state == HTTP_MSG_ERROR) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004932 s->rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004933 channel_auto_close(s->rep);
4934 channel_auto_read(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01004935 s->req->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02004936 channel_abort(s->req);
4937 channel_auto_close(s->req);
4938 channel_auto_read(s->req);
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02004939 bi_erase(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004940 }
Willy Tarreau4213a112013-12-15 10:25:42 +01004941 else if ((txn->req.msg_state == HTTP_MSG_DONE ||
4942 txn->req.msg_state == HTTP_MSG_CLOSED) &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01004943 txn->rsp.msg_state == HTTP_MSG_DONE &&
Willy Tarreau4213a112013-12-15 10:25:42 +01004944 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
4945 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
4946 /* server-close/keep-alive: terminate this transaction,
4947 * possibly killing the server connection and reinitialize
4948 * a fresh-new transaction.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004949 */
4950 http_end_txn_clean_session(s);
4951 }
4952
Willy Tarreau610ecce2010-01-04 21:15:02 +01004953 return txn->req.msg_state != old_req_state ||
4954 txn->rsp.msg_state != old_res_state;
4955}
4956
Willy Tarreaud98cf932009-12-27 22:54:55 +01004957/* This function is an analyser which forwards request body (including chunk
4958 * sizes if any). It is called as soon as we must forward, even if we forward
4959 * zero byte. The only situation where it must not be called is when we're in
4960 * tunnel mode and we want to forward till the close. It's used both to forward
4961 * remaining data and to resync after end of body. It expects the msg_state to
4962 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4963 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01004964 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreauc24715e2014-04-17 15:21:20 +02004965 * bytes of pending data + the headers if not already done.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004966 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02004967int http_request_forward_body(struct session *s, struct channel *req, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01004968{
4969 struct http_txn *txn = &s->txn;
4970 struct http_msg *msg = &s->txn.req;
4971
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004972 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4973 return 0;
4974
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02004975 if ((req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02004976 ((req->flags & CF_SHUTW) && (req->to_forward || req->buf->o))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02004977 /* Output closed while we were sending data. We must abort and
4978 * wake the other side up.
4979 */
4980 msg->msg_state = HTTP_MSG_ERROR;
4981 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004982 return 1;
4983 }
4984
Willy Tarreaud98cf932009-12-27 22:54:55 +01004985 /* Note that we don't have to send 100-continue back because we don't
4986 * need the data to complete our job, and it's up to the server to
4987 * decide whether to return 100, 417 or anything else in return of
4988 * an "Expect: 100-continue" header.
4989 */
4990
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02004991 if (msg->sov) {
4992 /* we have msg->sov which points to the first byte of message
4993 * body, and req->buf.p still points to the beginning of the
4994 * message. We forward the headers now, as we don't need them
4995 * anymore, and we want to flush them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01004996 */
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02004997 b_adv(req->buf, msg->sov);
4998 msg->next -= msg->sov;
4999 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01005000
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02005001 /* The previous analysers guarantee that the state is somewhere
5002 * between MSG_BODY and the first MSG_DATA. So msg->sol and
5003 * msg->next are always correct.
5004 */
5005 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
5006 if (msg->flags & HTTP_MSGF_TE_CHNK)
5007 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
5008 else
5009 msg->msg_state = HTTP_MSG_DATA;
5010 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005011 }
5012
Willy Tarreau7ba23542014-04-17 21:50:00 +02005013 /* Some post-connect processing might want us to refrain from starting to
5014 * forward data. Currently, the only reason for this is "balance url_param"
5015 * whichs need to parse/process the request after we've enabled forwarding.
5016 */
5017 if (unlikely(msg->flags & HTTP_MSGF_WAIT_CONN)) {
5018 if (!(s->rep->flags & CF_READ_ATTACHED)) {
5019 channel_auto_connect(req);
5020 goto missing_data;
5021 }
5022 msg->flags &= ~HTTP_MSGF_WAIT_CONN;
5023 }
5024
Willy Tarreau80a92c02014-03-12 10:41:13 +01005025 /* in most states, we should abort in case of early close */
5026 channel_auto_close(req);
5027
Willy Tarreauefdf0942014-04-24 20:08:57 +02005028 if (req->to_forward) {
5029 /* We can't process the buffer's contents yet */
5030 req->flags |= CF_WAKE_WRITE;
5031 goto missing_data;
5032 }
5033
Willy Tarreaud98cf932009-12-27 22:54:55 +01005034 while (1) {
Willy Tarreaucaabe412010-01-03 23:08:28 +01005035 if (msg->msg_state == HTTP_MSG_DATA) {
5036 /* must still forward */
Willy Tarreaubed410e2014-04-22 08:19:34 +02005037 /* we may have some pending data starting at req->buf->p */
5038 if (msg->chunk_len > req->buf->i - msg->next) {
Willy Tarreau4afd70a2014-01-25 02:26:39 +01005039 req->flags |= CF_WAKE_WRITE;
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005040 goto missing_data;
Willy Tarreau4afd70a2014-01-25 02:26:39 +01005041 }
Willy Tarreaubed410e2014-04-22 08:19:34 +02005042 msg->next += msg->chunk_len;
5043 msg->chunk_len = 0;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005044
5045 /* nothing left to forward */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005046 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005047 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005048 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01005049 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005050 }
5051 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01005052 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreauc24715e2014-04-17 15:21:20 +02005053 * set ->next to point to the body and switch to DATA or
Willy Tarreaud98cf932009-12-27 22:54:55 +01005054 * TRAILERS state.
5055 */
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005056 int ret = http_parse_chunk_size(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005057
Willy Tarreau54d23df2012-10-25 19:04:45 +02005058 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005059 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005060 else if (ret < 0) {
5061 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005062 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005063 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005064 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005065 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005066 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005067 }
Willy Tarreau54d23df2012-10-25 19:04:45 +02005068 else if (msg->msg_state == HTTP_MSG_CHUNK_CRLF) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01005069 /* we want the CRLF after the data */
Willy Tarreau54d23df2012-10-25 19:04:45 +02005070 int ret = http_skip_chunk_crlf(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005071
5072 if (ret == 0)
5073 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005074 else if (ret < 0) {
5075 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005076 if (msg->err_pos >= 0)
Willy Tarreau54d23df2012-10-25 19:04:45 +02005077 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_CHUNK_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005078 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005079 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005080 /* we're in MSG_CHUNK_SIZE now */
5081 }
5082 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
Willy Tarreau4baf44b2012-03-09 14:10:20 +01005083 int ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005084
5085 if (ret == 0)
5086 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005087 else if (ret < 0) {
5088 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005089 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005090 http_capture_bad_message(&s->fe->invalid_req, s, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005091 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005092 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005093 /* we're in HTTP_MSG_DONE now */
5094 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005095 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005096 int old_state = msg->msg_state;
5097
Willy Tarreau610ecce2010-01-04 21:15:02 +01005098 /* other states, DONE...TUNNEL */
Willy Tarreaubed410e2014-04-22 08:19:34 +02005099
5100 /* we may have some pending data starting at req->buf->p
5101 * such as last chunk of data or trailers.
5102 */
5103 b_adv(req->buf, msg->next);
5104 msg->next = 0;
5105
Willy Tarreau4fe41902010-06-07 22:27:41 +02005106 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005107 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5108 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005109 channel_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005110 if (http_resync_states(s)) {
5111 /* some state changes occurred, maybe the analyser
5112 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01005113 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005114 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005115 if (req->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005116 /* request errors are most likely due to
5117 * the server aborting the transfer.
5118 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005119 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005120 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005121 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005122 http_capture_bad_message(&s->fe->invalid_req, s, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005123 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005124 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005125 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005126 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005127
5128 /* If "option abortonclose" is set on the backend, we
5129 * want to monitor the client's connection and forward
5130 * any shutdown notification to the server, which will
5131 * decide whether to close or to go on processing the
5132 * request.
5133 */
5134 if (s->be->options & PR_O_ABRT_CLOSE) {
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005135 channel_auto_read(req);
5136 channel_auto_close(req);
Willy Tarreau5c54c712010-07-17 08:02:58 +02005137 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005138 else if (s->txn.meth == HTTP_METH_POST) {
5139 /* POST requests may require to read extra CRLF
5140 * sent by broken browsers and which could cause
5141 * an RST to be sent upon close on some systems
5142 * (eg: Linux).
5143 */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005144 channel_auto_read(req);
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02005145 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02005146
Willy Tarreau610ecce2010-01-04 21:15:02 +01005147 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005148 }
5149 }
5150
Willy Tarreaud98cf932009-12-27 22:54:55 +01005151 missing_data:
Willy Tarreaubed410e2014-04-22 08:19:34 +02005152 /* we may have some pending data starting at req->buf->p */
5153 b_adv(req->buf, msg->next);
5154 msg->next = 0;
5155 msg->chunk_len -= channel_forward(req, msg->chunk_len);
5156
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005157 /* stop waiting for data if the input is closed before the end */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005158 if (req->flags & CF_SHUTR) {
Willy Tarreau79ebac62010-06-07 13:47:49 +02005159 if (!(s->flags & SN_ERR_MASK))
5160 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005161 if (!(s->flags & SN_FINST_MASK)) {
5162 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5163 s->flags |= SN_FINST_H;
5164 else
5165 s->flags |= SN_FINST_D;
5166 }
5167
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005168 s->fe->fe_counters.cli_aborts++;
5169 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005170 if (objt_server(s->target))
5171 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005172
5173 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02005174 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005175
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005176 /* waiting for the last bits to leave the buffer */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005177 if (req->flags & CF_SHUTW)
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005178 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01005179
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005180 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005181 * chunks even if the client has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005182 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005183 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005184 channel_dont_close(req);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005185
Willy Tarreau5c620922011-05-11 19:56:11 +02005186 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005187 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02005188 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01005189 * modes are already handled by the stream sock layer. We must not do
5190 * this in content-length mode because it could present the MSG_MORE
5191 * flag with the last block of forwarded data, which would cause an
5192 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02005193 */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005194 if (msg->flags & HTTP_MSGF_TE_CHNK)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005195 req->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02005196
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005197 return 0;
5198
Willy Tarreaud98cf932009-12-27 22:54:55 +01005199 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005200 s->fe->fe_counters.failed_req++;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005201 if (s->listener->counters)
5202 s->listener->counters->failed_req++;
Willy Tarreaubed410e2014-04-22 08:19:34 +02005203
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005204 return_bad_req_stats_ok:
Willy Tarreaubed410e2014-04-22 08:19:34 +02005205 /* we may have some pending data starting at req->buf->p */
5206 b_adv(req->buf, msg->next);
5207 msg->next = 0;
5208
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005209 txn->req.msg_state = HTTP_MSG_ERROR;
5210 if (txn->status) {
5211 /* Note: we don't send any error if some data were already sent */
5212 stream_int_retnclose(req->prod, NULL);
5213 } else {
5214 txn->status = 400;
Willy Tarreau783f2582012-09-04 12:19:04 +02005215 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_400));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005216 }
5217 req->analysers = 0;
5218 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005219
5220 if (!(s->flags & SN_ERR_MASK))
5221 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005222 if (!(s->flags & SN_FINST_MASK)) {
5223 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5224 s->flags |= SN_FINST_H;
5225 else
5226 s->flags |= SN_FINST_D;
5227 }
5228 return 0;
5229
5230 aborted_xfer:
5231 txn->req.msg_state = HTTP_MSG_ERROR;
5232 if (txn->status) {
5233 /* Note: we don't send any error if some data were already sent */
5234 stream_int_retnclose(req->prod, NULL);
5235 } else {
5236 txn->status = 502;
Willy Tarreau783f2582012-09-04 12:19:04 +02005237 stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_502));
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005238 }
5239 req->analysers = 0;
5240 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
5241
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005242 s->fe->fe_counters.srv_aborts++;
5243 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005244 if (objt_server(s->target))
5245 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005246
5247 if (!(s->flags & SN_ERR_MASK))
5248 s->flags |= SN_ERR_SRVCL;
5249 if (!(s->flags & SN_FINST_MASK)) {
5250 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
5251 s->flags |= SN_FINST_H;
5252 else
5253 s->flags |= SN_FINST_D;
5254 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005255 return 0;
5256}
5257
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005258/* This stream analyser waits for a complete HTTP response. It returns 1 if the
5259 * processing can continue on next analysers, or zero if it either needs more
5260 * data or wants to immediately abort the response (eg: timeout, error, ...). It
5261 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
5262 * when it has nothing left to do, and may remove any analyser when it wants to
5263 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005264 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02005265int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02005266{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005267 struct http_txn *txn = &s->txn;
5268 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005269 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005270 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005271 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005272 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02005273
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005274 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02005275 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005276 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005277 rep,
5278 rep->rex, rep->wex,
5279 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005280 rep->buf->i,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02005281 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02005282
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005283 /*
5284 * Now parse the partial (or complete) lines.
5285 * We will check the response syntax, and also join multi-line
5286 * headers. An index of all the lines will be elaborated while
5287 * parsing.
5288 *
5289 * For the parsing, we use a 28 states FSM.
5290 *
5291 * Here is the information we currently have :
Willy Tarreau9b28e032012-10-12 23:49:43 +02005292 * rep->buf->p = beginning of response
5293 * rep->buf->p + msg->eoh = end of processed headers / start of current one
5294 * rep->buf->p + rep->buf->i = end of input data
Willy Tarreau26927362012-05-18 23:22:52 +02005295 * msg->eol = end of current header or line (LF or CRLF)
5296 * msg->next = first non-visited byte
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005297 */
5298
Willy Tarreau628c40c2014-04-24 19:11:26 +02005299 next_one:
Willy Tarreau83e3af02009-12-28 17:39:57 +01005300 /* There's a protected area at the end of the buffer for rewriting
5301 * purposes. We don't want to start to parse the request if the
5302 * protected area is affected, because we may have to move processed
5303 * data later, which is much more complicated.
5304 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005305 if (buffer_not_empty(rep->buf) && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau379357a2013-06-08 12:55:46 +02005306 if (unlikely(!channel_reserved(rep))) {
5307 /* some data has still not left the buffer, wake us once that's done */
5308 if (rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_WRITE_ERROR|CF_WRITE_TIMEOUT))
5309 goto abort_response;
5310 channel_dont_close(rep);
5311 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaud7ad9f52013-12-31 17:26:25 +01005312 rep->flags |= CF_WAKE_WRITE;
Willy Tarreau379357a2013-06-08 12:55:46 +02005313 return 0;
Willy Tarreau83e3af02009-12-28 17:39:57 +01005314 }
5315
Willy Tarreau379357a2013-06-08 12:55:46 +02005316 if (unlikely(bi_end(rep->buf) < b_ptr(rep->buf, msg->next) ||
5317 bi_end(rep->buf) > rep->buf->data + rep->buf->size - global.tune.maxrewrite))
5318 buffer_slow_realign(rep->buf);
5319
Willy Tarreau9b28e032012-10-12 23:49:43 +02005320 if (likely(msg->next < rep->buf->i))
Willy Tarreaua560c212012-03-09 13:50:57 +01005321 http_msg_analyzer(msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01005322 }
5323
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005324 /* 1: we might have to print this header in debug mode */
5325 if (unlikely((global.mode & MODE_DEBUG) &&
5326 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreau655dce92009-11-08 13:10:58 +01005327 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005328 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005329
Willy Tarreau9b28e032012-10-12 23:49:43 +02005330 sol = rep->buf->p;
5331 eol = sol + (msg->sl.st.l ? msg->sl.st.l : rep->buf->i);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005332 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005333
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005334 sol += hdr_idx_first_pos(&txn->hdr_idx);
5335 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005336
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005337 while (cur_idx) {
5338 eol = sol + txn->hdr_idx.v[cur_idx].len;
5339 debug_hdr("srvhdr", s, sol, eol);
5340 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
5341 cur_idx = txn->hdr_idx.v[cur_idx].next;
5342 }
5343 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005344
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005345 /*
5346 * Now we quickly check if we have found a full valid response.
5347 * If not so, we check the FD and buffer states before leaving.
5348 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01005349 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005350 * responses are checked first.
5351 *
5352 * Depending on whether the client is still there or not, we
5353 * may send an error response back or not. Note that normally
5354 * we should only check for HTTP status there, and check I/O
5355 * errors somewhere else.
5356 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005357
Willy Tarreau655dce92009-11-08 13:10:58 +01005358 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005359 /* Invalid response */
5360 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
5361 /* we detected a parsing error. We want to archive this response
5362 * in the dedicated proxy area for later troubleshooting.
5363 */
5364 hdr_response_bad:
5365 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005366 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005367
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005368 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005369 if (objt_server(s->target)) {
5370 objt_server(s->target)->counters.failed_resp++;
5371 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005372 }
Willy Tarreau64648412010-03-05 10:41:54 +01005373 abort_response:
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005374 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005375 rep->analysers = 0;
5376 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005377 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005378 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005379 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005380
5381 if (!(s->flags & SN_ERR_MASK))
5382 s->flags |= SN_ERR_PRXCOND;
5383 if (!(s->flags & SN_FINST_MASK))
5384 s->flags |= SN_FINST_H;
5385
5386 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005387 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005388
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005389 /* too large response does not fit in buffer. */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005390 else if (buffer_full(rep->buf, global.tune.maxrewrite)) {
Willy Tarreaufec4d892011-09-02 20:04:57 +02005391 if (msg->err_pos < 0)
Willy Tarreau9b28e032012-10-12 23:49:43 +02005392 msg->err_pos = rep->buf->i;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005393 goto hdr_response_bad;
5394 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005395
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005396 /* read error */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005397 else if (rep->flags & CF_READ_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005398 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005399 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005400 else if (txn->flags & TX_NOT_FIRST)
5401 goto abort_keep_alive;
Willy Tarreau4076a152009-04-02 15:18:36 +02005402
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005403 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005404 if (objt_server(s->target)) {
5405 objt_server(s->target)->counters.failed_resp++;
5406 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_ERROR);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005407 }
Willy Tarreau461f6622008-08-15 23:43:19 +02005408
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005409 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005410 rep->analysers = 0;
5411 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005412 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005413 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005414 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02005415
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005416 if (!(s->flags & SN_ERR_MASK))
5417 s->flags |= SN_ERR_SRVCL;
5418 if (!(s->flags & SN_FINST_MASK))
5419 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02005420 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005421 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005422
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005423 /* read timeout : return a 504 to the client. */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005424 else if (rep->flags & CF_READ_TIMEOUT) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005425 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005426 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005427 else if (txn->flags & TX_NOT_FIRST)
5428 goto abort_keep_alive;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005429
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005430 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005431 if (objt_server(s->target)) {
5432 objt_server(s->target)->counters.failed_resp++;
5433 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_READ_TIMEOUT);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005434 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005435
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005436 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005437 rep->analysers = 0;
5438 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005439 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005440 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005441 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02005442
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005443 if (!(s->flags & SN_ERR_MASK))
5444 s->flags |= SN_ERR_SRVTO;
5445 if (!(s->flags & SN_FINST_MASK))
5446 s->flags |= SN_FINST_H;
5447 return 0;
5448 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02005449
Willy Tarreauf003d372012-11-26 13:35:37 +01005450 /* client abort with an abortonclose */
5451 else if ((rep->flags & CF_SHUTR) && ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))) {
5452 s->fe->fe_counters.cli_aborts++;
5453 s->be->be_counters.cli_aborts++;
5454 if (objt_server(s->target))
5455 objt_server(s->target)->counters.cli_aborts++;
5456
5457 rep->analysers = 0;
5458 channel_auto_close(rep);
5459
5460 txn->status = 400;
5461 bi_erase(rep);
5462 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_400));
5463
5464 if (!(s->flags & SN_ERR_MASK))
5465 s->flags |= SN_ERR_CLICL;
5466 if (!(s->flags & SN_FINST_MASK))
5467 s->flags |= SN_FINST_H;
5468
5469 /* process_session() will take care of the error */
5470 return 0;
5471 }
5472
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005473 /* close from server, capture the response if the server has started to respond */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005474 else if (rep->flags & CF_SHUTR) {
Willy Tarreau3b8c08a2011-09-02 20:16:24 +02005475 if (msg->msg_state >= HTTP_MSG_RPVER || msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005476 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005477 else if (txn->flags & TX_NOT_FIRST)
5478 goto abort_keep_alive;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005479
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005480 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005481 if (objt_server(s->target)) {
5482 objt_server(s->target)->counters.failed_resp++;
5483 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_BROKEN_PIPE);
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005484 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005485
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005486 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005487 rep->analysers = 0;
5488 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005489 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau9dab5fc2012-05-07 11:56:55 +02005490 bi_erase(rep);
Willy Tarreau783f2582012-09-04 12:19:04 +02005491 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01005492
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005493 if (!(s->flags & SN_ERR_MASK))
5494 s->flags |= SN_ERR_SRVCL;
5495 if (!(s->flags & SN_FINST_MASK))
5496 s->flags |= SN_FINST_H;
5497 return 0;
5498 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005499
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005500 /* write error to client (we don't send any message then) */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02005501 else if (rep->flags & CF_WRITE_ERROR) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005502 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005503 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005504 else if (txn->flags & TX_NOT_FIRST)
5505 goto abort_keep_alive;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02005506
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01005507 s->be->be_counters.failed_resp++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005508 rep->analysers = 0;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005509 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005510
5511 if (!(s->flags & SN_ERR_MASK))
5512 s->flags |= SN_ERR_CLICL;
5513 if (!(s->flags & SN_FINST_MASK))
5514 s->flags |= SN_FINST_H;
5515
5516 /* process_session() will take care of the error */
5517 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005518 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005519
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005520 channel_dont_close(rep);
Willy Tarreau3f3997e2013-12-15 15:21:32 +01005521 rep->flags |= CF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005522 return 0;
5523 }
5524
5525 /* More interesting part now : we know that we have a complete
5526 * response which at least looks like HTTP. We have an indicator
5527 * of each header's length, so we can parse them quickly.
5528 */
5529
5530 if (unlikely(msg->err_pos >= 0))
Willy Tarreau8a0cef22012-03-09 13:39:23 +01005531 http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005532
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005533 /*
5534 * 1: get the status code
5535 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02005536 n = rep->buf->p[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005537 if (n < 1 || n > 5)
5538 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02005539 /* when the client triggers a 4xx from the server, it's most often due
5540 * to a missing object or permission. These events should be tracked
5541 * because if they happen often, it may indicate a brute force or a
5542 * vulnerability scan.
5543 */
5544 if (n == 4)
5545 session_inc_http_err_ctr(s);
5546
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005547 if (objt_server(s->target))
5548 objt_server(s->target)->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005549
Willy Tarreau5b154472009-12-21 20:11:07 +01005550 /* check if the response is HTTP/1.1 or above */
5551 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005552 ((rep->buf->p[5] > '1') ||
5553 ((rep->buf->p[5] == '1') && (rep->buf->p[7] >= '1'))))
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005554 msg->flags |= HTTP_MSGF_VER_11;
Willy Tarreau5b154472009-12-21 20:11:07 +01005555
5556 /* "connection" has not been parsed yet */
Willy Tarreau50fc7772012-11-11 22:19:57 +01005557 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_HDR_CONN_UPG|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01005558
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005559 /* transfer length unknown*/
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005560 msg->flags &= ~HTTP_MSGF_XFER_LEN;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005561
Willy Tarreau9b28e032012-10-12 23:49:43 +02005562 txn->status = strl2ui(rep->buf->p + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005563
Willy Tarreau39650402010-03-15 19:44:39 +01005564 /* Adjust server's health based on status code. Note: status codes 501
5565 * and 505 are triggered on demand by client request, so we must not
5566 * count them as server failures.
5567 */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005568 if (objt_server(s->target)) {
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005569 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005570 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_OK);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005571 else
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005572 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_STS);
Willy Tarreaud45b3d52010-05-20 11:49:03 +02005573 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005574
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005575 /*
5576 * 2: check for cacheability.
5577 */
5578
5579 switch (txn->status) {
Willy Tarreau628c40c2014-04-24 19:11:26 +02005580 case 100:
5581 /*
5582 * We may be facing a 100-continue response, in which case this
5583 * is not the right response, and we're waiting for the next one.
5584 * Let's allow this response to go to the client and wait for the
5585 * next one.
5586 */
5587 hdr_idx_init(&txn->hdr_idx);
5588 msg->next -= channel_forward(rep, msg->next);
5589 msg->msg_state = HTTP_MSG_RPBEFORE;
5590 txn->status = 0;
5591 s->logs.t_data = -1; /* was not a response yet */
5592 goto next_one;
5593
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005594 case 200:
5595 case 203:
5596 case 206:
5597 case 300:
5598 case 301:
5599 case 410:
5600 /* RFC2616 @13.4:
5601 * "A response received with a status code of
5602 * 200, 203, 206, 300, 301 or 410 MAY be stored
5603 * by a cache (...) unless a cache-control
5604 * directive prohibits caching."
5605 *
5606 * RFC2616 @9.5: POST method :
5607 * "Responses to this method are not cacheable,
5608 * unless the response includes appropriate
5609 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005610 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005611 if (likely(txn->meth != HTTP_METH_POST) &&
Willy Tarreau67402132012-05-31 20:40:20 +02005612 ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005613 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
5614 break;
5615 default:
5616 break;
5617 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005618
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005619 /*
5620 * 3: we may need to capture headers
5621 */
5622 s->logs.logwait &= ~LW_RESP;
Willy Tarreau42f7d892012-03-24 08:28:09 +01005623 if (unlikely((s->logs.logwait & LW_RSPHDR) && txn->rsp.cap))
Willy Tarreau9b28e032012-10-12 23:49:43 +02005624 capture_headers(rep->buf->p, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005625 txn->rsp.cap, s->fe->rsp_cap);
5626
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005627 /* 4: determine the transfer-length.
5628 * According to RFC2616 #4.4, amended by the HTTPbis working group,
5629 * the presence of a message-body in a RESPONSE and its transfer length
5630 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005631 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005632 * All responses to the HEAD request method MUST NOT include a
5633 * message-body, even though the presence of entity-header fields
5634 * might lead one to believe they do. All 1xx (informational), 204
5635 * (No Content), and 304 (Not Modified) responses MUST NOT include a
5636 * message-body. All other responses do include a message-body,
5637 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005638 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005639 * 1. Any response which "MUST NOT" include a message-body (such as the
5640 * 1xx, 204 and 304 responses and any response to a HEAD request) is
5641 * always terminated by the first empty line after the header fields,
5642 * regardless of the entity-header fields present in the message.
5643 *
5644 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
5645 * the "chunked" transfer-coding (Section 6.2) is used, the
5646 * transfer-length is defined by the use of this transfer-coding.
5647 * If a Transfer-Encoding header field is present and the "chunked"
5648 * transfer-coding is not present, the transfer-length is defined by
5649 * the sender closing the connection.
5650 *
5651 * 3. If a Content-Length header field is present, its decimal value in
5652 * OCTETs represents both the entity-length and the transfer-length.
5653 * If a message is received with both a Transfer-Encoding header
5654 * field and a Content-Length header field, the latter MUST be ignored.
5655 *
5656 * 4. If the message uses the media type "multipart/byteranges", and
5657 * the transfer-length is not otherwise specified, then this self-
5658 * delimiting media type defines the transfer-length. This media
5659 * type MUST NOT be used unless the sender knows that the recipient
5660 * can parse it; the presence in a request of a Range header with
5661 * multiple byte-range specifiers from a 1.1 client implies that the
5662 * client can parse multipart/byteranges responses.
5663 *
5664 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005665 */
5666
5667 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01005668 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005669 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005670 * FIXME: should we parse anyway and return an error on chunked encoding ?
5671 */
5672 if (txn->meth == HTTP_METH_HEAD ||
5673 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005674 txn->status == 204 || txn->status == 304) {
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005675 msg->flags |= HTTP_MSGF_XFER_LEN;
Willy Tarreau91015352012-11-27 07:31:33 +01005676 s->comp_algo = NULL;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005677 goto skip_content_length;
5678 }
5679
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005680 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005681 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005682 while ((msg->flags & HTTP_MSGF_VER_11) &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005683 http_find_header2("Transfer-Encoding", 17, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005684 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005685 msg->flags |= (HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
5686 else if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005687 /* bad transfer-encoding (chunked followed by something else) */
5688 use_close_only = 1;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005689 msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN);
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005690 break;
5691 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005692 }
5693
5694 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
5695 ctx.idx = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005696 while (!(msg->flags & HTTP_MSGF_TE_CHNK) && !use_close_only &&
Willy Tarreau9b28e032012-10-12 23:49:43 +02005697 http_find_header2("Content-Length", 14, rep->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005698 signed long long cl;
5699
Willy Tarreauad14f752011-09-02 20:33:27 +02005700 if (!ctx.vlen) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005701 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005702 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005703 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005704
Willy Tarreauad14f752011-09-02 20:33:27 +02005705 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005706 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005707 goto hdr_response_bad; /* parse failure */
Willy Tarreauad14f752011-09-02 20:33:27 +02005708 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005709
Willy Tarreauad14f752011-09-02 20:33:27 +02005710 if (cl < 0) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005711 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005712 goto hdr_response_bad;
Willy Tarreauad14f752011-09-02 20:33:27 +02005713 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005714
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005715 if ((msg->flags & HTTP_MSGF_CNT_LEN) && (msg->chunk_len != cl)) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02005716 msg->err_pos = ctx.line + ctx.val - rep->buf->p;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005717 goto hdr_response_bad; /* already specified, was different */
Willy Tarreauad14f752011-09-02 20:33:27 +02005718 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005719
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005720 msg->flags |= HTTP_MSGF_CNT_LEN | HTTP_MSGF_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005721 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005722 }
5723
William Lallemand82fe75c2012-10-23 10:25:10 +02005724 if (s->fe->comp || s->be->comp)
5725 select_compression_response_header(s, rep->buf);
5726
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005727 /* FIXME: we should also implement the multipart/byterange method.
5728 * For now on, we resort to close mode in this case (unknown length).
5729 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005730skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005731
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005732 /* end of job, return OK */
5733 rep->analysers &= ~an_bit;
5734 rep->analyse_exp = TICK_ETERNITY;
Willy Tarreau8263d2b2012-08-28 00:06:31 +02005735 channel_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005736 return 1;
Willy Tarreau6b726ad2013-12-15 19:31:37 +01005737
5738 abort_keep_alive:
5739 /* A keep-alive request to the server failed on a network error.
5740 * The client is required to retry. We need to close without returning
5741 * any other information so that the client retries.
5742 */
5743 txn->status = 0;
5744 rep->analysers = 0;
5745 s->req->analysers = 0;
5746 channel_auto_close(rep);
5747 s->logs.logwait = 0;
5748 s->logs.level = 0;
5749 s->rep->flags &= ~CF_EXPECT_MORE; /* speed up sending a previous response */
5750 bi_erase(rep);
5751 stream_int_retnclose(rep->cons, NULL);
5752 return 0;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005753}
5754
5755/* This function performs all the processing enabled for the current response.
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005756 * It normally returns 1 unless it wants to break. It relies on buffers flags,
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005757 * and updates s->rep->analysers. It might make sense to explode it into several
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005758 * other functions. It works like process_request (see indications above).
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005759 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005760int http_process_res_common(struct session *s, struct channel *rep, int an_bit, struct proxy *px)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005761{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005762 struct http_txn *txn = &s->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005763 struct http_msg *msg = &txn->rsp;
5764 struct proxy *cur_proxy;
Willy Tarreauf4f04122010-01-28 18:10:50 +01005765 struct cond_wordlist *wl;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005766 struct http_res_rule *http_res_last_rule = NULL;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005767
Willy Tarreau02d6cfc2012-03-01 18:19:58 +01005768 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005769 now_ms, __FUNCTION__,
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005770 s,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005771 rep,
5772 rep->rex, rep->wex,
5773 rep->flags,
Willy Tarreau9b28e032012-10-12 23:49:43 +02005774 rep->buf->i,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005775 rep->analysers);
5776
Willy Tarreau655dce92009-11-08 13:10:58 +01005777 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005778 return 0;
5779
5780 rep->analysers &= ~an_bit;
5781 rep->analyse_exp = TICK_ETERNITY;
5782
Willy Tarreau5b154472009-12-21 20:11:07 +01005783 /* Now we have to check if we need to modify the Connection header.
5784 * This is more difficult on the response than it is on the request,
5785 * because we can have two different HTTP versions and we don't know
5786 * how the client will interprete a response. For instance, let's say
5787 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5788 * HTTP/1.1 response without any header. Maybe it will bound itself to
5789 * HTTP/1.0 because it only knows about it, and will consider the lack
5790 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5791 * the lack of header as a keep-alive. Thus we will use two flags
5792 * indicating how a request MAY be understood by the client. In case
5793 * of multiple possibilities, we'll fix the header to be explicit. If
5794 * ambiguous cases such as both close and keepalive are seen, then we
5795 * will fall back to explicit close. Note that we won't take risks with
5796 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005797 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005798 */
5799
Willy Tarreaudc008c52010-02-01 16:20:08 +01005800 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5801 txn->status == 101)) {
5802 /* Either we've established an explicit tunnel, or we're
5803 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005804 * to understand the next protocols. We have to switch to tunnel
5805 * mode, so that we transfer the request and responses then let
5806 * this protocol pass unmodified. When we later implement specific
5807 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005808 * header which contains information about that protocol for
5809 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005810 */
5811 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5812 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005813 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5814 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005815 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
5816 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005817 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005818
Willy Tarreau70dffda2014-01-30 03:07:23 +01005819 /* this situation happens when combining pretend-keepalive with httpclose. */
5820 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005821 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
5822 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))
Willy Tarreau70dffda2014-01-30 03:07:23 +01005823 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
5824
Willy Tarreau60466522010-01-18 19:08:45 +01005825 /* on unknown transfer length, we must close */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005826 if (!(msg->flags & HTTP_MSGF_XFER_LEN) &&
Willy Tarreau60466522010-01-18 19:08:45 +01005827 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5828 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005829
Willy Tarreau60466522010-01-18 19:08:45 +01005830 /* now adjust header transformations depending on current state */
5831 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5832 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5833 to_del |= 2; /* remove "keep-alive" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005834 if (!(msg->flags & HTTP_MSGF_VER_11))
Willy Tarreau60466522010-01-18 19:08:45 +01005835 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005836 }
Willy Tarreau60466522010-01-18 19:08:45 +01005837 else { /* SCL / KAL */
5838 to_del |= 1; /* remove "close" on any response */
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005839 if (txn->req.flags & msg->flags & HTTP_MSGF_VER_11)
Willy Tarreau60466522010-01-18 19:08:45 +01005840 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005841 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005842
Willy Tarreau60466522010-01-18 19:08:45 +01005843 /* Parse and remove some headers from the connection header */
Willy Tarreau6acf7c92012-03-09 13:30:45 +01005844 http_parse_connection_header(txn, msg, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005845
Willy Tarreau60466522010-01-18 19:08:45 +01005846 /* Some keep-alive responses are converted to Server-close if
5847 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01005848 */
Willy Tarreau60466522010-01-18 19:08:45 +01005849 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
5850 if ((txn->flags & TX_HDR_CONN_CLO) ||
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01005851 (!(txn->flags & TX_HDR_CONN_KAL) && !(msg->flags & HTTP_MSGF_VER_11)))
Willy Tarreau60466522010-01-18 19:08:45 +01005852 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005853 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005854 }
5855
Willy Tarreau7959a552013-09-23 16:44:27 +02005856 /* we want to have the response time before we start processing it */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02005857 s->logs.t_data = tv_ms_elapsed(&s->logs.tv_accept, &now);
Willy Tarreau7959a552013-09-23 16:44:27 +02005858
Willy Tarreau58975672014-04-24 21:13:57 +02005859 /*
5860 * We will have to evaluate the filters.
5861 * As opposed to version 1.2, now they will be evaluated in the
5862 * filters order and not in the header order. This means that
5863 * each filter has to be validated among all headers.
5864 *
5865 * Filters are tried with ->be first, then with ->fe if it is
5866 * different from ->be.
5867 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005868
Willy Tarreau58975672014-04-24 21:13:57 +02005869 cur_proxy = s->be;
5870 while (1) {
5871 struct proxy *rule_set = cur_proxy;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005872
Willy Tarreau58975672014-04-24 21:13:57 +02005873 /* evaluate http-response rules */
5874 if (!http_res_last_rule)
5875 http_res_last_rule = http_res_get_intercept_rule(cur_proxy, &cur_proxy->http_res_rules, s, txn);
Willy Tarreaue365c0b2013-06-11 16:06:12 +02005876
Willy Tarreau58975672014-04-24 21:13:57 +02005877 /* try headers filters */
5878 if (rule_set->rsp_exp != NULL) {
5879 if (apply_filters_to_response(s, rep, rule_set) < 0) {
5880 return_bad_resp:
5881 if (objt_server(s->target)) {
5882 objt_server(s->target)->counters.failed_resp++;
5883 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_RSP);
Willy Tarreau21d2af32008-02-14 20:25:24 +01005884 }
Willy Tarreau58975672014-04-24 21:13:57 +02005885 s->be->be_counters.failed_resp++;
5886 return_srv_prx_502:
5887 rep->analysers = 0;
5888 txn->status = 502;
5889 s->logs.t_data = -1; /* was not a valid response */
5890 rep->prod->flags |= SI_FL_NOLINGER;
5891 bi_erase(rep);
5892 stream_int_retnclose(rep->cons, http_error_message(s, HTTP_ERR_502));
5893 if (!(s->flags & SN_ERR_MASK))
5894 s->flags |= SN_ERR_PRXCOND;
5895 if (!(s->flags & SN_FINST_MASK))
5896 s->flags |= SN_FINST_H;
5897 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005898 }
Willy Tarreau58975672014-04-24 21:13:57 +02005899 }
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005900
Willy Tarreau58975672014-04-24 21:13:57 +02005901 /* has the response been denied ? */
5902 if (txn->flags & TX_SVDENY) {
5903 if (objt_server(s->target))
5904 objt_server(s->target)->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005905
Willy Tarreau58975672014-04-24 21:13:57 +02005906 s->be->be_counters.denied_resp++;
5907 s->fe->fe_counters.denied_resp++;
5908 if (s->listener->counters)
5909 s->listener->counters->denied_resp++;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005910
Willy Tarreau58975672014-04-24 21:13:57 +02005911 goto return_srv_prx_502;
5912 }
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02005913
Willy Tarreau58975672014-04-24 21:13:57 +02005914 /* add response headers from the rule sets in the same order */
5915 list_for_each_entry(wl, &rule_set->rsp_add, list) {
5916 if (txn->status < 200)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005917 break;
Willy Tarreau58975672014-04-24 21:13:57 +02005918 if (wl->cond) {
5919 int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
5920 ret = acl_pass(ret);
5921 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
5922 ret = !ret;
5923 if (!ret)
5924 continue;
5925 }
5926 if (unlikely(http_header_add_tail(&txn->rsp, &txn->hdr_idx, wl->s) < 0))
5927 goto return_bad_resp;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005928 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005929
Willy Tarreau58975672014-04-24 21:13:57 +02005930 /* check whether we're already working on the frontend */
5931 if (cur_proxy == s->fe)
5932 break;
5933 cur_proxy = s->fe;
5934 }
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005935
Willy Tarreau58975672014-04-24 21:13:57 +02005936 /* OK that's all we can do for 1xx responses */
5937 if (unlikely(txn->status < 200))
5938 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005939
Willy Tarreau58975672014-04-24 21:13:57 +02005940 /*
5941 * Now check for a server cookie.
5942 */
5943 if (s->be->cookie_name || s->be->appsession_name || s->fe->capture_name ||
5944 (s->be->options & PR_O_CHK_CACHE))
5945 manage_server_side_cookies(s, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005946
Willy Tarreau58975672014-04-24 21:13:57 +02005947 /*
5948 * Check for cache-control or pragma headers if required.
5949 */
5950 if ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC))
5951 check_response_for_cacheability(s, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005952
Willy Tarreau58975672014-04-24 21:13:57 +02005953 /*
5954 * Add server cookie in the response if needed
5955 */
5956 if (objt_server(s->target) && (s->be->ck_opts & PR_CK_INS) &&
5957 !((txn->flags & TX_SCK_FOUND) && (s->be->ck_opts & PR_CK_PSV)) &&
5958 (!(s->flags & SN_DIRECT) ||
5959 ((s->be->cookie_maxidle || txn->cookie_last_date) &&
5960 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
5961 (s->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
5962 (!s->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
5963 (!(s->be->ck_opts & PR_CK_POST) || (txn->meth == HTTP_METH_POST)) &&
5964 !(s->flags & SN_IGNORE_PRST)) {
5965 /* the server is known, it's not the one the client requested, or the
5966 * cookie's last seen date needs to be refreshed. We have to
5967 * insert a set-cookie here, except if we want to insert only on POST
5968 * requests and this one isn't. Note that servers which don't have cookies
5969 * (eg: some backup servers) will return a full cookie removal request.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005970 */
Willy Tarreau58975672014-04-24 21:13:57 +02005971 if (!objt_server(s->target)->cookie) {
5972 chunk_printf(&trash,
5973 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
5974 s->be->cookie_name);
5975 }
5976 else {
5977 chunk_printf(&trash, "Set-Cookie: %s=%s", s->be->cookie_name, objt_server(s->target)->cookie);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005978
Willy Tarreau58975672014-04-24 21:13:57 +02005979 if (s->be->cookie_maxidle || s->be->cookie_maxlife) {
5980 /* emit last_date, which is mandatory */
5981 trash.str[trash.len++] = COOKIE_DELIM_DATE;
5982 s30tob64((date.tv_sec+3) >> 2, trash.str + trash.len);
5983 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005984
Willy Tarreau58975672014-04-24 21:13:57 +02005985 if (s->be->cookie_maxlife) {
5986 /* emit first_date, which is either the original one or
5987 * the current date.
5988 */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005989 trash.str[trash.len++] = COOKIE_DELIM_DATE;
Willy Tarreau58975672014-04-24 21:13:57 +02005990 s30tob64(txn->cookie_first_date ?
5991 txn->cookie_first_date >> 2 :
5992 (date.tv_sec+3) >> 2, trash.str + trash.len);
Willy Tarreau19d14ef2012-10-29 16:51:55 +01005993 trash.len += 5;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005994 }
Willy Tarreauef4f3912010-10-07 21:00:29 +02005995 }
Willy Tarreau58975672014-04-24 21:13:57 +02005996 chunk_appendf(&trash, "; path=/");
5997 }
Willy Tarreau4992dd22012-05-31 21:02:17 +02005998
Willy Tarreau58975672014-04-24 21:13:57 +02005999 if (s->be->cookie_domain)
6000 chunk_appendf(&trash, "; domain=%s", s->be->cookie_domain);
Willy Tarreauef4f3912010-10-07 21:00:29 +02006001
Willy Tarreau58975672014-04-24 21:13:57 +02006002 if (s->be->ck_opts & PR_CK_HTTPONLY)
6003 chunk_appendf(&trash, "; HttpOnly");
Willy Tarreaubaaee002006-06-26 02:48:02 +02006004
Willy Tarreau58975672014-04-24 21:13:57 +02006005 if (s->be->ck_opts & PR_CK_SECURE)
6006 chunk_appendf(&trash, "; Secure");
Willy Tarreaubaaee002006-06-26 02:48:02 +02006007
Willy Tarreau58975672014-04-24 21:13:57 +02006008 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx, trash.str, trash.len) < 0))
6009 goto return_bad_resp;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006010
Willy Tarreau58975672014-04-24 21:13:57 +02006011 txn->flags &= ~TX_SCK_MASK;
6012 if (objt_server(s->target)->cookie && (s->flags & SN_DIRECT))
6013 /* the server did not change, only the date was updated */
6014 txn->flags |= TX_SCK_UPDATED;
6015 else
6016 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006017
Willy Tarreau58975672014-04-24 21:13:57 +02006018 /* Here, we will tell an eventual cache on the client side that we don't
6019 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
6020 * Some caches understand the correct form: 'no-cache="set-cookie"', but
6021 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006022 */
Willy Tarreau58975672014-04-24 21:13:57 +02006023 if ((s->be->ck_opts & PR_CK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006024
Willy Tarreau58975672014-04-24 21:13:57 +02006025 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02006026
Willy Tarreau58975672014-04-24 21:13:57 +02006027 if (unlikely(http_header_add_tail2(&txn->rsp, &txn->hdr_idx,
6028 "Cache-control: private", 22) < 0))
6029 goto return_bad_resp;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006030 }
Willy Tarreau58975672014-04-24 21:13:57 +02006031 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006032
Willy Tarreau58975672014-04-24 21:13:57 +02006033 /*
6034 * Check if result will be cacheable with a cookie.
6035 * We'll block the response if security checks have caught
6036 * nasty things such as a cacheable cookie.
6037 */
6038 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
6039 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
6040 (s->be->options & PR_O_CHK_CACHE)) {
6041 /* we're in presence of a cacheable response containing
6042 * a set-cookie header. We'll block it as requested by
6043 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006044 */
Willy Tarreau58975672014-04-24 21:13:57 +02006045 if (objt_server(s->target))
6046 objt_server(s->target)->counters.failed_secu++;
Willy Tarreau60466522010-01-18 19:08:45 +01006047
Willy Tarreau58975672014-04-24 21:13:57 +02006048 s->be->be_counters.denied_resp++;
6049 s->fe->fe_counters.denied_resp++;
6050 if (s->listener->counters)
6051 s->listener->counters->denied_resp++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006052
Willy Tarreau58975672014-04-24 21:13:57 +02006053 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
6054 s->be->id, objt_server(s->target) ? objt_server(s->target)->id : "<dispatch>");
6055 send_log(s->be, LOG_ALERT,
6056 "Blocking cacheable cookie in response from instance %s, server %s.\n",
6057 s->be->id, objt_server(s->target) ? objt_server(s->target)->id : "<dispatch>");
6058 goto return_srv_prx_502;
6059 }
Willy Tarreau03945942009-12-22 16:50:27 +01006060
Willy Tarreau58975672014-04-24 21:13:57 +02006061 /*
6062 * Adjust "Connection: close" or "Connection: keep-alive" if needed.
6063 * If an "Upgrade" token is found, the header is left untouched in order
6064 * not to have to deal with some client bugs : some of them fail an upgrade
6065 * if anything but "Upgrade" is present in the Connection header.
6066 */
6067 if (!(txn->flags & TX_HDR_CONN_UPG) &&
6068 (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
6069 ((s->fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL ||
6070 (s->be->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL))) {
6071 unsigned int want_flags = 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02006072
Willy Tarreau58975672014-04-24 21:13:57 +02006073 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6074 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
6075 /* we want a keep-alive response here. Keep-alive header
6076 * required if either side is not 1.1.
6077 */
6078 if (!(txn->req.flags & msg->flags & HTTP_MSGF_VER_11))
6079 want_flags |= TX_CON_KAL_SET;
6080 }
6081 else {
6082 /* we want a close response here. Close header required if
6083 * the server is 1.1, regardless of the client.
6084 */
6085 if (msg->flags & HTTP_MSGF_VER_11)
6086 want_flags |= TX_CON_CLO_SET;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006087 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006088
Willy Tarreau58975672014-04-24 21:13:57 +02006089 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
6090 http_change_connection_header(txn, msg, want_flags);
6091 }
6092
6093 skip_header_mangling:
6094 if ((msg->flags & HTTP_MSGF_XFER_LEN) ||
6095 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
6096 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006097
Willy Tarreau58975672014-04-24 21:13:57 +02006098 /* if the user wants to log as soon as possible, without counting
6099 * bytes from the server, then this is the right moment. We have
6100 * to temporarily assign bytes_out to log what we currently have.
6101 */
6102 if (!LIST_ISEMPTY(&s->fe->logformat) && !(s->logs.logwait & LW_BYTES)) {
6103 s->logs.t_close = s->logs.t_data; /* to get a valid end date */
6104 s->logs.bytes_out = txn->rsp.eoh;
6105 s->do_log(s);
6106 s->logs.bytes_out = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006107 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01006108 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02006109}
Willy Tarreaua15645d2007-03-18 16:22:39 +01006110
Willy Tarreaud98cf932009-12-27 22:54:55 +01006111/* This function is an analyser which forwards response body (including chunk
6112 * sizes if any). It is called as soon as we must forward, even if we forward
6113 * zero byte. The only situation where it must not be called is when we're in
6114 * tunnel mode and we want to forward till the close. It's used both to forward
6115 * remaining data and to resync after end of body. It expects the msg_state to
6116 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
6117 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreaud3510212014-04-21 11:24:13 +02006118 *
6119 * It is capable of compressing response data both in content-length mode and
6120 * in chunked mode. The state machines follows different flows depending on
6121 * whether content-length and chunked modes are used, since there are no
6122 * trailers in content-length :
6123 *
6124 * chk-mode cl-mode
6125 * ,----- BODY -----.
6126 * / \
6127 * V size > 0 V chk-mode
6128 * .--> SIZE -------------> DATA -------------> CRLF
6129 * | | size == 0 | last byte |
6130 * | v final crlf v inspected |
6131 * | TRAILERS -----------> DONE |
6132 * | |
6133 * `----------------------------------------------'
6134 *
6135 * Compression only happens in the DATA state, and must be flushed in final
6136 * states (TRAILERS/DONE) or when leaving on missing data. Normal forwarding
6137 * is performed at once on final states for all bytes parsed, or when leaving
6138 * on missing data.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006139 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006140int http_response_forward_body(struct session *s, struct channel *res, int an_bit)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006141{
6142 struct http_txn *txn = &s->txn;
6143 struct http_msg *msg = &s->txn.rsp;
William Lallemand82fe75c2012-10-23 10:25:10 +02006144 static struct buffer *tmpbuf = NULL;
6145 int compressing = 0;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006146 int ret;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006147
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006148 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
6149 return 0;
6150
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006151 if ((res->flags & (CF_READ_ERROR|CF_READ_TIMEOUT|CF_WRITE_ERROR|CF_WRITE_TIMEOUT)) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02006152 ((res->flags & CF_SHUTW) && (res->to_forward || res->buf->o)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01006153 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02006154 /* Output closed while we were sending data. We must abort and
6155 * wake the other side up.
6156 */
6157 msg->msg_state = HTTP_MSG_ERROR;
6158 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01006159 return 1;
6160 }
6161
Willy Tarreau4fe41902010-06-07 22:27:41 +02006162 /* in most states, we should abort in case of early close */
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006163 channel_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01006164
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006165 if (msg->sov) {
6166 /* we have msg->sov which points to the first byte of message
6167 * body, and res->buf.p still points to the beginning of the
6168 * message. We forward the headers now, as we don't need them
6169 * anymore, and we want to flush them.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006170 */
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006171 b_adv(res->buf, msg->sov);
6172 msg->next -= msg->sov;
6173 msg->sov = 0;
Willy Tarreaua458b672012-03-05 11:17:50 +01006174
Willy Tarreaub59c7bf2014-04-22 14:29:58 +02006175 /* The previous analysers guarantee that the state is somewhere
6176 * between MSG_BODY and the first MSG_DATA. So msg->sol and
6177 * msg->next are always correct.
6178 */
6179 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
6180 if (msg->flags & HTTP_MSGF_TE_CHNK)
6181 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
6182 else
6183 msg->msg_state = HTTP_MSG_DATA;
6184 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01006185 }
6186
Willy Tarreauefdf0942014-04-24 20:08:57 +02006187 if (res->to_forward) {
6188 /* We can't process the buffer's contents yet */
6189 res->flags |= CF_WAKE_WRITE;
6190 goto missing_data;
6191 }
6192
Willy Tarreau32b5ab22014-04-21 11:27:29 +02006193 if (unlikely(s->comp_algo != NULL) && msg->msg_state < HTTP_MSG_TRAILERS) {
6194 /* We need a compression buffer in the DATA state to put the
6195 * output of compressed data, and in CRLF state to let the
6196 * TRAILERS state finish the job of removing the trailing CRLF.
6197 */
6198 if (unlikely(tmpbuf == NULL)) {
6199 /* this is the first time we need the compression buffer */
6200 tmpbuf = pool_alloc2(pool2_buffer);
6201 if (tmpbuf == NULL)
6202 goto aborted_xfer; /* no memory */
6203 }
6204
6205 ret = http_compression_buffer_init(s, res->buf, tmpbuf);
Willy Tarreau4afd70a2014-01-25 02:26:39 +01006206 if (ret < 0) {
6207 res->flags |= CF_WAKE_WRITE;
William Lallemand82fe75c2012-10-23 10:25:10 +02006208 goto missing_data; /* not enough spaces in buffers */
Willy Tarreau4afd70a2014-01-25 02:26:39 +01006209 }
William Lallemand82fe75c2012-10-23 10:25:10 +02006210 compressing = 1;
6211 }
6212
Willy Tarreaud98cf932009-12-27 22:54:55 +01006213 while (1) {
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006214 switch (msg->msg_state - HTTP_MSG_DATA) {
6215 case HTTP_MSG_DATA - HTTP_MSG_DATA: /* must still forward */
Willy Tarreauc623c172014-04-18 09:53:50 +02006216 /* we may have some pending data starting at res->buf->p */
6217 if (unlikely(s->comp_algo)) {
Willy Tarreau7f2f8d52014-04-18 00:20:14 +02006218 ret = http_compression_buffer_add_data(s, res->buf, tmpbuf);
William Lallemandbf3ae612012-11-19 12:35:37 +01006219 if (ret < 0)
6220 goto aborted_xfer;
Willy Tarreauc623c172014-04-18 09:53:50 +02006221
Willy Tarreaud5a67832014-04-21 10:54:27 +02006222 if (msg->chunk_len) {
6223 /* input empty or output full */
6224 if (res->buf->i > msg->next)
6225 res->flags |= CF_WAKE_WRITE;
Willy Tarreauc623c172014-04-18 09:53:50 +02006226 goto missing_data;
6227 }
William Lallemandbf3ae612012-11-19 12:35:37 +01006228 }
Willy Tarreauc623c172014-04-18 09:53:50 +02006229 else {
Willy Tarreaud5a67832014-04-21 10:54:27 +02006230 if (msg->chunk_len > res->buf->i - msg->next) {
6231 /* output full */
6232 res->flags |= CF_WAKE_WRITE;
6233 goto missing_data;
6234 }
Willy Tarreauc623c172014-04-18 09:53:50 +02006235 msg->next += msg->chunk_len;
6236 msg->chunk_len = 0;
6237 }
Willy Tarreaucaabe412010-01-03 23:08:28 +01006238
6239 /* nothing left to forward */
William Lallemandbf3ae612012-11-19 12:35:37 +01006240 if (msg->flags & HTTP_MSGF_TE_CHNK) {
Willy Tarreau54d23df2012-10-25 19:04:45 +02006241 msg->msg_state = HTTP_MSG_CHUNK_CRLF;
William Lallemandbf3ae612012-11-19 12:35:37 +01006242 } else {
Willy Tarreaucaabe412010-01-03 23:08:28 +01006243 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006244 break;
William Lallemandbf3ae612012-11-19 12:35:37 +01006245 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006246 /* fall through for HTTP_MSG_CHUNK_CRLF */
6247
6248 case HTTP_MSG_CHUNK_CRLF - HTTP_MSG_DATA:
6249 /* we want the CRLF after the data */
6250
6251 ret = http_skip_chunk_crlf(msg);
6252 if (ret == 0)
6253 goto missing_data;
6254 else if (ret < 0) {
6255 if (msg->err_pos >= 0)
6256 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_CRLF, s->fe);
6257 goto return_bad_res;
6258 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006259 /* we're in MSG_CHUNK_SIZE now, fall through */
6260
6261 case HTTP_MSG_CHUNK_SIZE - HTTP_MSG_DATA:
Willy Tarreau124d9912011-03-01 20:30:48 +01006262 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreauc24715e2014-04-17 15:21:20 +02006263 * set ->next to point to the body and switch to DATA or
Willy Tarreaua458b672012-03-05 11:17:50 +01006264 * TRAILERS state.
Willy Tarreaud98cf932009-12-27 22:54:55 +01006265 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01006266
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006267 ret = http_parse_chunk_size(msg);
Willy Tarreau54d23df2012-10-25 19:04:45 +02006268 if (ret == 0)
Willy Tarreaud98cf932009-12-27 22:54:55 +01006269 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006270 else if (ret < 0) {
6271 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006272 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006273 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006274 }
Willy Tarreau0161d622013-04-02 01:26:55 +02006275 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006276 break;
Willy Tarreau5523b322009-12-29 12:05:52 +01006277
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006278 case HTTP_MSG_TRAILERS - HTTP_MSG_DATA:
Willy Tarreau168ebc52014-04-18 00:53:43 +02006279 if (unlikely(compressing)) {
6280 /* we need to flush output contents before syncing FSMs */
6281 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6282 compressing = 0;
6283 }
6284
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006285 ret = http_forward_trailers(msg);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006286 if (ret == 0)
6287 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006288 else if (ret < 0) {
6289 if (msg->err_pos >= 0)
Willy Tarreau8a0cef22012-03-09 13:39:23 +01006290 http_capture_bad_message(&s->be->invalid_rep, s, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006291 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006292 }
Willy Tarreau168ebc52014-04-18 00:53:43 +02006293 /* we're in HTTP_MSG_DONE now, fall through */
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006294
6295 default:
Willy Tarreau610ecce2010-01-04 21:15:02 +01006296 /* other states, DONE...TUNNEL */
Willy Tarreau168ebc52014-04-18 00:53:43 +02006297 if (unlikely(compressing)) {
6298 /* we need to flush output contents before syncing FSMs */
6299 http_compression_buffer_end(s, &res->buf, &tmpbuf, 1);
6300 compressing = 0;
6301 }
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006302
Willy Tarreauc623c172014-04-18 09:53:50 +02006303 /* we may have some pending data starting at res->buf->p
6304 * such as a last chunk of data or trailers.
6305 */
6306 b_adv(res->buf, msg->next);
6307 msg->next = 0;
6308
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006309 ret = msg->msg_state;
Willy Tarreau4fe41902010-06-07 22:27:41 +02006310 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006311 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6312 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006313 channel_dont_close(res);
Willy Tarreau3ce10ff2014-04-22 08:24:38 +02006314
Willy Tarreau610ecce2010-01-04 21:15:02 +01006315 if (http_resync_states(s)) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01006316 /* some state changes occurred, maybe the analyser
6317 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01006318 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006319 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006320 if (res->flags & CF_SHUTW) {
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006321 /* response errors are most likely due to
6322 * the client aborting the transfer.
6323 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006324 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006325 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01006326 if (msg->err_pos >= 0)
Willy Tarreaud655ffe2013-04-02 01:48:58 +02006327 http_capture_bad_message(&s->be->invalid_rep, s, msg, ret, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01006328 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01006329 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006330 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01006331 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01006332 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006333 }
6334 }
6335
Willy Tarreaud98cf932009-12-27 22:54:55 +01006336 missing_data:
Willy Tarreauc623c172014-04-18 09:53:50 +02006337 /* we may have some pending data starting at res->buf->p */
Willy Tarreau168ebc52014-04-18 00:53:43 +02006338 if (unlikely(compressing)) {
6339 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
William Lallemand82fe75c2012-10-23 10:25:10 +02006340 compressing = 0;
6341 }
Willy Tarreauf003d372012-11-26 13:35:37 +01006342
Willy Tarreauc623c172014-04-18 09:53:50 +02006343 if ((s->comp_algo == NULL || msg->msg_state >= HTTP_MSG_TRAILERS)) {
6344 b_adv(res->buf, msg->next);
6345 msg->next = 0;
6346 msg->chunk_len -= channel_forward(res, msg->chunk_len);
6347 }
6348
Willy Tarreauf003d372012-11-26 13:35:37 +01006349 if (res->flags & CF_SHUTW)
6350 goto aborted_xfer;
6351
6352 /* stop waiting for data if the input is closed before the end. If the
6353 * client side was already closed, it means that the client has aborted,
6354 * so we don't want to count this as a server abort. Otherwise it's a
6355 * server abort.
6356 */
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006357 if (res->flags & CF_SHUTR) {
Willy Tarreaub2c6a782014-04-23 20:29:01 +02006358 if ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))
Willy Tarreauf003d372012-11-26 13:35:37 +01006359 goto aborted_xfer;
Willy Tarreau40dba092010-03-04 18:14:51 +01006360 if (!(s->flags & SN_ERR_MASK))
6361 s->flags |= SN_ERR_SRVCL;
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006362 s->be->be_counters.srv_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006363 if (objt_server(s->target))
6364 objt_server(s->target)->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006365 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01006366 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01006367
Willy Tarreau40dba092010-03-04 18:14:51 +01006368 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01006369 if (!s->req->analysers)
6370 goto return_bad_res;
6371
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006372 /* When TE: chunked is used, we need to get there again to parse remaining
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006373 * chunks even if the server has closed, so we don't want to set CF_DONTCLOSE.
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006374 * Similarly, with keep-alive on the client side, we don't want to forward a
6375 * close.
6376 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006377 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo ||
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006378 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
6379 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
Willy Tarreau8263d2b2012-08-28 00:06:31 +02006380 channel_dont_close(res);
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02006381
Willy Tarreau5c620922011-05-11 19:56:11 +02006382 /* We know that more data are expected, but we couldn't send more that
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006383 * what we did. So we always set the CF_EXPECT_MORE flag so that the
Willy Tarreau07293032011-05-30 18:29:28 +02006384 * system knows it must not set a PUSH on this first part. Interactive
Willy Tarreau869fc1e2012-03-05 08:29:20 +01006385 * modes are already handled by the stream sock layer. We must not do
6386 * this in content-length mode because it could present the MSG_MORE
6387 * flag with the last block of forwarded data, which would cause an
6388 * additional delay to be observed by the receiver.
Willy Tarreau5c620922011-05-11 19:56:11 +02006389 */
Willy Tarreau08b4d792012-10-27 01:36:34 +02006390 if ((msg->flags & HTTP_MSGF_TE_CHNK) || s->comp_algo)
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02006391 res->flags |= CF_EXPECT_MORE;
Willy Tarreau5c620922011-05-11 19:56:11 +02006392
Willy Tarreaud98cf932009-12-27 22:54:55 +01006393 /* the session handler will take care of timeouts and errors */
6394 return 0;
6395
Willy Tarreau40dba092010-03-04 18:14:51 +01006396 return_bad_res: /* let's centralize all bad responses */
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006397 s->be->be_counters.failed_resp++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006398 if (objt_server(s->target))
6399 objt_server(s->target)->counters.failed_resp++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006400
6401 return_bad_res_stats_ok:
Willy Tarreaud01f4262014-04-21 11:00:13 +02006402 if (unlikely(compressing)) {
Willy Tarreau168ebc52014-04-18 00:53:43 +02006403 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
Willy Tarreaud01f4262014-04-21 11:00:13 +02006404 compressing = 0;
6405 }
6406
Willy Tarreauc623c172014-04-18 09:53:50 +02006407 /* we may have some pending data starting at res->buf->p */
6408 if (s->comp_algo == NULL) {
6409 b_adv(res->buf, msg->next);
6410 msg->next = 0;
6411 }
6412
Willy Tarreaud98cf932009-12-27 22:54:55 +01006413 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01006414 /* don't send any error message as we're in the body */
6415 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006416 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006417 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006418 if (objt_server(s->target))
6419 health_adjust(objt_server(s->target), HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01006420
6421 if (!(s->flags & SN_ERR_MASK))
6422 s->flags |= SN_ERR_PRXCOND;
6423 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01006424 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006425 return 0;
6426
6427 aborted_xfer:
Willy Tarreau6fef8ae2014-04-22 21:22:06 +02006428 if (unlikely(compressing)) {
6429 http_compression_buffer_end(s, &res->buf, &tmpbuf, msg->msg_state >= HTTP_MSG_TRAILERS);
6430 compressing = 0;
6431 }
6432
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006433 txn->rsp.msg_state = HTTP_MSG_ERROR;
6434 /* don't send any error message as we're in the body */
6435 stream_int_retnclose(res->cons, NULL);
6436 res->analysers = 0;
6437 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
6438
Willy Tarreau7d0aaf32011-03-10 23:25:56 +01006439 s->fe->fe_counters.cli_aborts++;
6440 s->be->be_counters.cli_aborts++;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01006441 if (objt_server(s->target))
6442 objt_server(s->target)->counters.cli_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01006443
6444 if (!(s->flags & SN_ERR_MASK))
6445 s->flags |= SN_ERR_CLICL;
6446 if (!(s->flags & SN_FINST_MASK))
6447 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01006448 return 0;
6449}
6450
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006451/* Iterate the same filter through all request headers.
6452 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006453 * Since it can manage the switch to another backend, it updates the per-proxy
6454 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006455 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006456int apply_filter_to_req_headers(struct session *s, struct channel *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006457{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006458 char term;
6459 char *cur_ptr, *cur_end, *cur_next;
6460 int cur_idx, old_idx, last_hdr;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006461 struct http_txn *txn = &s->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006462 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006463 int delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01006464
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006465 last_hdr = 0;
6466
Willy Tarreau9b28e032012-10-12 23:49:43 +02006467 cur_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006468 old_idx = 0;
6469
6470 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006471 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006472 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006473 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006474 (exp->action == ACT_ALLOW ||
6475 exp->action == ACT_DENY ||
6476 exp->action == ACT_TARPIT))
6477 return 0;
6478
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006479 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006480 if (!cur_idx)
6481 break;
6482
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006483 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006484 cur_ptr = cur_next;
6485 cur_end = cur_ptr + cur_hdr->len;
6486 cur_next = cur_end + cur_hdr->cr + 1;
6487
6488 /* Now we have one header between cur_ptr and cur_end,
6489 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006490 */
6491
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006492 /* The annoying part is that pattern matching needs
6493 * that we modify the contents to null-terminate all
6494 * strings before testing them.
6495 */
6496
6497 term = *cur_end;
6498 *cur_end = '\0';
6499
6500 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6501 switch (exp->action) {
6502 case ACT_SETBE:
6503 /* It is not possible to jump a second time.
6504 * FIXME: should we return an HTTP/500 here so that
6505 * the admin knows there's a problem ?
6506 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006507 if (s->be != s->fe)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006508 break;
6509
6510 /* Swithing Proxy */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006511 session_set_backend(s, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006512 last_hdr = 1;
6513 break;
6514
6515 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006516 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006517 last_hdr = 1;
6518 break;
6519
6520 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006521 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006522 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006523 break;
6524
6525 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006526 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006527 last_hdr = 1;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006528 break;
6529
6530 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006531 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6532 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006533 /* FIXME: if the user adds a newline in the replacement, the
6534 * index will not be recalculated for now, and the new line
6535 * will not be counted as a new header.
6536 */
6537
6538 cur_end += delta;
6539 cur_next += delta;
6540 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006541 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006542 break;
6543
6544 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02006545 delta = buffer_replace2(req->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006546 cur_next += delta;
6547
Willy Tarreaufa355d42009-11-29 18:12:29 +01006548 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006549 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6550 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006551 cur_hdr->len = 0;
6552 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006553 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006554 break;
6555
6556 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006557 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006558 if (cur_end)
6559 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006560
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006561 /* keep the link from this header to next one in case of later
6562 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006563 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006564 old_idx = cur_idx;
6565 }
6566 return 0;
6567}
6568
6569
6570/* Apply the filter to the request line.
6571 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6572 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006573 * Since it can manage the switch to another backend, it updates the per-proxy
6574 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006575 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006576int apply_filter_to_req_line(struct session *s, struct channel *req, struct hdr_exp *exp)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006577{
6578 char term;
6579 char *cur_ptr, *cur_end;
6580 int done;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006581 struct http_txn *txn = &s->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006582 int delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006583
Willy Tarreau3d300592007-03-18 18:34:41 +01006584 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006585 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006586 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006587 (exp->action == ACT_ALLOW ||
6588 exp->action == ACT_DENY ||
6589 exp->action == ACT_TARPIT))
6590 return 0;
6591 else if (exp->action == ACT_REMOVE)
6592 return 0;
6593
6594 done = 0;
6595
Willy Tarreau9b28e032012-10-12 23:49:43 +02006596 cur_ptr = req->buf->p;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006597 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006598
6599 /* Now we have the request line between cur_ptr and cur_end */
6600
6601 /* The annoying part is that pattern matching needs
6602 * that we modify the contents to null-terminate all
6603 * strings before testing them.
6604 */
6605
6606 term = *cur_end;
6607 *cur_end = '\0';
6608
6609 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6610 switch (exp->action) {
6611 case ACT_SETBE:
6612 /* It is not possible to jump a second time.
6613 * FIXME: should we return an HTTP/500 here so that
6614 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01006615 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006616 if (s->be != s->fe)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006617 break;
6618
6619 /* Swithing Proxy */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006620 session_set_backend(s, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006621 done = 1;
6622 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006623
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006624 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006625 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006626 done = 1;
6627 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006628
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006629 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006630 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006631 done = 1;
6632 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006633
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006634 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01006635 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006636 done = 1;
6637 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01006638
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006639 case ACT_REPLACE:
6640 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01006641 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
6642 delta = buffer_replace2(req->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006643 /* FIXME: if the user adds a newline in the replacement, the
6644 * index will not be recalculated for now, and the new line
6645 * will not be counted as a new header.
6646 */
Willy Tarreaua496b602006-12-17 23:15:24 +01006647
Willy Tarreaufa355d42009-11-29 18:12:29 +01006648 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006649 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02006650 cur_end = (char *)http_parse_reqline(&txn->req,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006651 HTTP_MSG_RQMETH,
6652 cur_ptr, cur_end + 1,
6653 NULL, NULL);
6654 if (unlikely(!cur_end))
6655 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01006656
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006657 /* we have a full request and we know that we have either a CR
6658 * or an LF at <ptr>.
6659 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006660 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
6661 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006662 /* there is no point trying this regex on headers */
6663 return 1;
6664 }
6665 }
6666 *cur_end = term; /* restore the string terminator */
6667 return done;
6668}
Willy Tarreau97de6242006-12-27 17:18:38 +01006669
Willy Tarreau58f10d72006-12-04 02:26:12 +01006670
Willy Tarreau58f10d72006-12-04 02:26:12 +01006671
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006672/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01006673 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006674 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01006675 * unparsable request. Since it can manage the switch to another backend, it
6676 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006677 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02006678int apply_filters_to_request(struct session *s, struct channel *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006679{
Willy Tarreau6c123b12010-01-28 20:22:06 +01006680 struct http_txn *txn = &s->txn;
6681 struct hdr_exp *exp;
6682
6683 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006684 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006685
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006686 /*
6687 * The interleaving of transformations and verdicts
6688 * makes it difficult to decide to continue or stop
6689 * the evaluation.
6690 */
6691
Willy Tarreau6c123b12010-01-28 20:22:06 +01006692 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
6693 break;
6694
Willy Tarreau3d300592007-03-18 18:34:41 +01006695 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006696 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01006697 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006698 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01006699
6700 /* if this filter had a condition, evaluate it now and skip to
6701 * next filter if the condition does not match.
6702 */
6703 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02006704 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
Willy Tarreau6c123b12010-01-28 20:22:06 +01006705 ret = acl_pass(ret);
6706 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6707 ret = !ret;
6708
6709 if (!ret)
6710 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006711 }
6712
6713 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006714 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006715 if (unlikely(ret < 0))
6716 return -1;
6717
6718 if (likely(ret == 0)) {
6719 /* The filter did not match the request, it can be
6720 * iterated through all headers.
6721 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01006722 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006723 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006724 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006725 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006726}
6727
6728
Willy Tarreaua15645d2007-03-18 16:22:39 +01006729
Willy Tarreau58f10d72006-12-04 02:26:12 +01006730/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006731 * Try to retrieve the server associated to the appsession.
6732 * If the server is found, it's assigned to the session.
6733 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006734void manage_client_side_appsession(struct session *s, const char *buf, int len) {
6735 struct http_txn *txn = &s->txn;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006736 appsess *asession = NULL;
6737 char *sessid_temp = NULL;
6738
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006739 if (len > s->be->appsession_len) {
6740 len = s->be->appsession_len;
Cyril Bontéb21570a2009-11-29 20:04:48 +01006741 }
6742
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006743 if (s->be->options2 & PR_O2_AS_REQL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006744 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006745 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006746 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006747 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006748 }
6749
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006750 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006751 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006752 send_log(s->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006753 return;
6754 }
6755
Willy Tarreaua3377ee2010-01-10 10:49:11 +01006756 memcpy(txn->sessid, buf, len);
6757 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006758 }
6759
6760 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
6761 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006762 send_log(s->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006763 return;
6764 }
6765
Cyril Bontéb21570a2009-11-29 20:04:48 +01006766 memcpy(sessid_temp, buf, len);
6767 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006768
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006769 asession = appsession_hash_lookup(&(s->be->htbl_proxy), sessid_temp);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006770 /* free previously allocated memory */
6771 pool_free2(apools.sessid, sessid_temp);
6772
6773 if (asession != NULL) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006774 asession->expire = tick_add_ifset(now_ms, s->be->timeout.appsession);
6775 if (!(s->be->options2 & PR_O2_AS_REQL))
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006776 asession->request_count++;
6777
6778 if (asession->serverid != NULL) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006779 struct server *srv = s->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02006780
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006781 while (srv) {
6782 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01006783 if ((srv->state & SRV_RUNNING) ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006784 (s->be->options & PR_O_PERSIST) ||
6785 (s->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006786 /* we found the server and it's usable */
6787 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01006788 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006789 s->flags |= SN_DIRECT | SN_ASSIGNED;
6790 s->target = &srv->obj_type;
Willy Tarreau664beb82011-03-10 11:38:29 +01006791
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006792 break;
6793 } else {
6794 txn->flags &= ~TX_CK_MASK;
6795 txn->flags |= TX_CK_DOWN;
6796 }
6797 }
6798 srv = srv->next;
6799 }
6800 }
6801 }
6802}
6803
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006804/* Find the end of a cookie value contained between <s> and <e>. It works the
6805 * same way as with headers above except that the semi-colon also ends a token.
6806 * See RFC2965 for more information. Note that it requires a valid header to
6807 * return a valid result.
6808 */
6809char *find_cookie_value_end(char *s, const char *e)
6810{
6811 int quoted, qdpair;
6812
6813 quoted = qdpair = 0;
6814 for (; s < e; s++) {
6815 if (qdpair) qdpair = 0;
6816 else if (quoted) {
6817 if (*s == '\\') qdpair = 1;
6818 else if (*s == '"') quoted = 0;
6819 }
6820 else if (*s == '"') quoted = 1;
6821 else if (*s == ',' || *s == ';') return s;
6822 }
6823 return s;
6824}
6825
6826/* Delete a value in a header between delimiters <from> and <next> in buffer
6827 * <buf>. The number of characters displaced is returned, and the pointer to
6828 * the first delimiter is updated if required. The function tries as much as
6829 * possible to respect the following principles :
6830 * - replace <from> delimiter by the <next> one unless <from> points to a
6831 * colon, in which case <next> is simply removed
6832 * - set exactly one space character after the new first delimiter, unless
6833 * there are not enough characters in the block being moved to do so.
6834 * - remove unneeded spaces before the previous delimiter and after the new
6835 * one.
6836 *
6837 * It is the caller's responsibility to ensure that :
6838 * - <from> points to a valid delimiter or the colon ;
6839 * - <next> points to a valid delimiter or the final CR/LF ;
6840 * - there are non-space chars before <from> ;
6841 * - there is a CR/LF at or after <next>.
6842 */
Willy Tarreauaf819352012-08-27 22:08:00 +02006843int del_hdr_value(struct buffer *buf, char **from, char *next)
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006844{
6845 char *prev = *from;
6846
6847 if (*prev == ':') {
6848 /* We're removing the first value, preserve the colon and add a
6849 * space if possible.
6850 */
6851 if (!http_is_crlf[(unsigned char)*next])
6852 next++;
6853 prev++;
6854 if (prev < next)
6855 *prev++ = ' ';
6856
6857 while (http_is_spht[(unsigned char)*next])
6858 next++;
6859 } else {
6860 /* Remove useless spaces before the old delimiter. */
6861 while (http_is_spht[(unsigned char)*(prev-1)])
6862 prev--;
6863 *from = prev;
6864
6865 /* copy the delimiter and if possible a space if we're
6866 * not at the end of the line.
6867 */
6868 if (!http_is_crlf[(unsigned char)*next]) {
6869 *prev++ = *next++;
6870 if (prev + 1 < next)
6871 *prev++ = ' ';
6872 while (http_is_spht[(unsigned char)*next])
6873 next++;
6874 }
6875 }
6876 return buffer_replace2(buf, prev, next, NULL, 0);
6877}
6878
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006879/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006880 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006881 * desirable to call it only when needed. This code is quite complex because
6882 * of the multiple very crappy and ambiguous syntaxes we have to support. it
6883 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01006884 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006885void manage_client_side_cookies(struct session *s, struct channel *req)
Willy Tarreau58f10d72006-12-04 02:26:12 +01006886{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02006887 struct http_txn *txn = &s->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006888 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006889 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006890 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
6891 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006892
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006893 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01006894 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02006895 hdr_next = req->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006896
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006897 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006898 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006899 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006900
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006901 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006902 hdr_beg = hdr_next;
6903 hdr_end = hdr_beg + cur_hdr->len;
6904 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006905
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006906 /* We have one full header between hdr_beg and hdr_end, and the
6907 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01006908 * "Cookie:" headers.
6909 */
6910
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006911 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006912 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006913 old_idx = cur_idx;
6914 continue;
6915 }
6916
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006917 del_from = NULL; /* nothing to be deleted */
6918 preserve_hdr = 0; /* assume we may kill the whole header */
6919
Willy Tarreau58f10d72006-12-04 02:26:12 +01006920 /* Now look for cookies. Conforming to RFC2109, we have to support
6921 * attributes whose name begin with a '$', and associate them with
6922 * the right cookie, if we want to delete this cookie.
6923 * So there are 3 cases for each cookie read :
6924 * 1) it's a special attribute, beginning with a '$' : ignore it.
6925 * 2) it's a server id cookie that we *MAY* want to delete : save
6926 * some pointers on it (last semi-colon, beginning of cookie...)
6927 * 3) it's an application cookie : we *MAY* have to delete a previous
6928 * "special" cookie.
6929 * At the end of loop, if a "special" cookie remains, we may have to
6930 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006931 * *MUST* delete it.
6932 *
6933 * Note: RFC2965 is unclear about the processing of spaces around
6934 * the equal sign in the ATTR=VALUE form. A careful inspection of
6935 * the RFC explicitly allows spaces before it, and not within the
6936 * tokens (attrs or values). An inspection of RFC2109 allows that
6937 * too but section 10.1.3 lets one think that spaces may be allowed
6938 * after the equal sign too, resulting in some (rare) buggy
6939 * implementations trying to do that. So let's do what servers do.
6940 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
6941 * allowed quoted strings in values, with any possible character
6942 * after a backslash, including control chars and delimitors, which
6943 * causes parsing to become ambiguous. Browsers also allow spaces
6944 * within values even without quotes.
6945 *
6946 * We have to keep multiple pointers in order to support cookie
6947 * removal at the beginning, middle or end of header without
6948 * corrupting the header. All of these headers are valid :
6949 *
6950 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
6951 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
6952 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
6953 * | | | | | | | | |
6954 * | | | | | | | | hdr_end <--+
6955 * | | | | | | | +--> next
6956 * | | | | | | +----> val_end
6957 * | | | | | +-----------> val_beg
6958 * | | | | +--------------> equal
6959 * | | | +----------------> att_end
6960 * | | +---------------------> att_beg
6961 * | +--------------------------> prev
6962 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01006963 */
6964
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006965 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
6966 /* Iterate through all cookies on this line */
6967
6968 /* find att_beg */
6969 att_beg = prev + 1;
6970 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6971 att_beg++;
6972
6973 /* find att_end : this is the first character after the last non
6974 * space before the equal. It may be equal to hdr_end.
6975 */
6976 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006977
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006978 while (equal < hdr_end) {
6979 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01006980 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006981 if (http_is_spht[(unsigned char)*equal++])
6982 continue;
6983 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006984 }
6985
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006986 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6987 * is between <att_beg> and <equal>, both may be identical.
6988 */
6989
6990 /* look for end of cookie if there is an equal sign */
6991 if (equal < hdr_end && *equal == '=') {
6992 /* look for the beginning of the value */
6993 val_beg = equal + 1;
6994 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6995 val_beg++;
6996
6997 /* find the end of the value, respecting quotes */
6998 next = find_cookie_value_end(val_beg, hdr_end);
6999
7000 /* make val_end point to the first white space or delimitor after the value */
7001 val_end = next;
7002 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7003 val_end--;
7004 } else {
7005 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01007006 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007007
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007008 /* We have nothing to do with attributes beginning with '$'. However,
7009 * they will automatically be removed if a header before them is removed,
7010 * since they're supposed to be linked together.
7011 */
7012 if (*att_beg == '$')
7013 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007014
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007015 /* Ignore cookies with no equal sign */
7016 if (equal == next) {
7017 /* This is not our cookie, so we must preserve it. But if we already
7018 * scheduled another cookie for removal, we cannot remove the
7019 * complete header, but we can remove the previous block itself.
7020 */
7021 preserve_hdr = 1;
7022 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007023 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007024 val_end += delta;
7025 next += delta;
7026 hdr_end += delta;
7027 hdr_next += delta;
7028 cur_hdr->len += delta;
7029 http_msg_move_end(&txn->req, delta);
7030 prev = del_from;
7031 del_from = NULL;
7032 }
7033 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01007034 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007035
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007036 /* if there are spaces around the equal sign, we need to
7037 * strip them otherwise we'll get trouble for cookie captures,
7038 * or even for rewrites. Since this happens extremely rarely,
7039 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01007040 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007041 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7042 int stripped_before = 0;
7043 int stripped_after = 0;
7044
7045 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007046 stripped_before = buffer_replace2(req->buf, att_end, equal, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007047 equal += stripped_before;
7048 val_beg += stripped_before;
7049 }
7050
7051 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007052 stripped_after = buffer_replace2(req->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007053 val_beg += stripped_after;
7054 stripped_before += stripped_after;
7055 }
7056
7057 val_end += stripped_before;
7058 next += stripped_before;
7059 hdr_end += stripped_before;
7060 hdr_next += stripped_before;
7061 cur_hdr->len += stripped_before;
7062 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007063 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007064 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007065
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007066 /* First, let's see if we want to capture this cookie. We check
7067 * that we don't already have a client side cookie, because we
7068 * can only capture one. Also as an optimisation, we ignore
7069 * cookies shorter than the declared name.
7070 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007071 if (s->fe->capture_name != NULL && txn->cli_cookie == NULL &&
7072 (val_end - att_beg >= s->fe->capture_namelen) &&
7073 memcmp(att_beg, s->fe->capture_name, s->fe->capture_namelen) == 0) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007074 int log_len = val_end - att_beg;
7075
7076 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
7077 Alert("HTTP logging : out of memory.\n");
7078 } else {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007079 if (log_len > s->fe->capture_len)
7080 log_len = s->fe->capture_len;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007081 memcpy(txn->cli_cookie, att_beg, log_len);
7082 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007083 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007084 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007085
Willy Tarreaubca99692010-10-06 19:25:55 +02007086 /* Persistence cookies in passive, rewrite or insert mode have the
7087 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007088 *
Willy Tarreaubca99692010-10-06 19:25:55 +02007089 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007090 *
Willy Tarreaubca99692010-10-06 19:25:55 +02007091 * For cookies in prefix mode, the form is :
7092 *
7093 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007094 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007095 if ((att_end - att_beg == s->be->cookie_len) && (s->be->cookie_name != NULL) &&
7096 (memcmp(att_beg, s->be->cookie_name, att_end - att_beg) == 0)) {
7097 struct server *srv = s->be->srv;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007098 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007099
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007100 /* if we're in cookie prefix mode, we'll search the delimitor so that we
7101 * have the server ID between val_beg and delim, and the original cookie between
7102 * delim+1 and val_end. Otherwise, delim==val_end :
7103 *
7104 * Cookie: NAME=SRV; # in all but prefix modes
7105 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
7106 * | || || | |+-> next
7107 * | || || | +--> val_end
7108 * | || || +---------> delim
7109 * | || |+------------> val_beg
7110 * | || +-------------> att_end = equal
7111 * | |+-----------------> att_beg
7112 * | +------------------> prev
7113 * +-------------------------> hdr_beg
7114 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007115
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007116 if (s->be->ck_opts & PR_CK_PFX) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007117 for (delim = val_beg; delim < val_end; delim++)
7118 if (*delim == COOKIE_DELIM)
7119 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02007120 } else {
7121 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007122 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02007123 /* Now check if the cookie contains a date field, which would
7124 * appear after a vertical bar ('|') just after the server name
7125 * and before the delimiter.
7126 */
7127 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
7128 if (vbar1) {
7129 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02007130 * right is the last seen date. It is a base64 encoded
7131 * 30-bit value representing the UNIX date since the
7132 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02007133 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02007134 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02007135 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02007136 if (val_end - vbar1 >= 5) {
7137 val = b64tos30(vbar1);
7138 if (val > 0)
7139 txn->cookie_last_date = val << 2;
7140 }
7141 /* look for a second vertical bar */
7142 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
7143 if (vbar1 && (val_end - vbar1 > 5)) {
7144 val = b64tos30(vbar1 + 1);
7145 if (val > 0)
7146 txn->cookie_first_date = val << 2;
7147 }
Willy Tarreaubca99692010-10-06 19:25:55 +02007148 }
7149 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007150
Willy Tarreauf64d1412010-10-07 20:06:11 +02007151 /* if the cookie has an expiration date and the proxy wants to check
7152 * it, then we do that now. We first check if the cookie is too old,
7153 * then only if it has expired. We detect strict overflow because the
7154 * time resolution here is not great (4 seconds). Cookies with dates
7155 * in the future are ignored if their offset is beyond one day. This
7156 * allows an admin to fix timezone issues without expiring everyone
7157 * and at the same time avoids keeping unwanted side effects for too
7158 * long.
7159 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007160 if (txn->cookie_first_date && s->be->cookie_maxlife &&
7161 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)s->be->cookie_maxlife) ||
Willy Tarreauef4f3912010-10-07 21:00:29 +02007162 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007163 txn->flags &= ~TX_CK_MASK;
7164 txn->flags |= TX_CK_OLD;
7165 delim = val_beg; // let's pretend we have not found the cookie
7166 txn->cookie_first_date = 0;
7167 txn->cookie_last_date = 0;
7168 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007169 else if (txn->cookie_last_date && s->be->cookie_maxidle &&
7170 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)s->be->cookie_maxidle) ||
Willy Tarreauef4f3912010-10-07 21:00:29 +02007171 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02007172 txn->flags &= ~TX_CK_MASK;
7173 txn->flags |= TX_CK_EXPIRED;
7174 delim = val_beg; // let's pretend we have not found the cookie
7175 txn->cookie_first_date = 0;
7176 txn->cookie_last_date = 0;
7177 }
7178
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007179 /* Here, we'll look for the first running server which supports the cookie.
7180 * This allows to share a same cookie between several servers, for example
7181 * to dedicate backup servers to specific servers only.
7182 * However, to prevent clients from sticking to cookie-less backup server
7183 * when they have incidentely learned an empty cookie, we simply ignore
7184 * empty cookies and mark them as invalid.
7185 * The same behaviour is applied when persistence must be ignored.
7186 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007187 if ((delim == val_beg) || (s->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007188 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007189
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007190 while (srv) {
7191 if (srv->cookie && (srv->cklen == delim - val_beg) &&
7192 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
7193 if ((srv->state & SRV_RUNNING) ||
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007194 (s->be->options & PR_O_PERSIST) ||
7195 (s->flags & SN_FORCE_PRST)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007196 /* we found the server and we can use it */
7197 txn->flags &= ~TX_CK_MASK;
7198 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007199 s->flags |= SN_DIRECT | SN_ASSIGNED;
7200 s->target = &srv->obj_type;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007201 break;
7202 } else {
7203 /* we found a server, but it's down,
7204 * mark it as such and go on in case
7205 * another one is available.
7206 */
7207 txn->flags &= ~TX_CK_MASK;
7208 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007209 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007210 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007211 srv = srv->next;
7212 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007213
Willy Tarreauf64d1412010-10-07 20:06:11 +02007214 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007215 /* no server matched this cookie or we deliberately skipped it */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007216 txn->flags &= ~TX_CK_MASK;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007217 if ((s->flags & (SN_IGNORE_PRST | SN_ASSIGNED)))
Willy Tarreauc89ccb62012-04-05 21:18:22 +02007218 txn->flags |= TX_CK_UNUSED;
7219 else
7220 txn->flags |= TX_CK_INVALID;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007221 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007222
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007223 /* depending on the cookie mode, we may have to either :
7224 * - delete the complete cookie if we're in insert+indirect mode, so that
7225 * the server never sees it ;
7226 * - remove the server id from the cookie value, and tag the cookie as an
7227 * application cookie so that it does not get accidentely removed later,
7228 * if we're in cookie prefix mode
7229 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007230 if ((s->be->ck_opts & PR_CK_PFX) && (delim != val_end)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007231 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007232
Willy Tarreau9b28e032012-10-12 23:49:43 +02007233 delta = buffer_replace2(req->buf, val_beg, delim + 1, NULL, 0);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007234 val_end += delta;
7235 next += delta;
7236 hdr_end += delta;
7237 hdr_next += delta;
7238 cur_hdr->len += delta;
7239 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007240
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007241 del_from = NULL;
7242 preserve_hdr = 1; /* we want to keep this cookie */
7243 }
7244 else if (del_from == NULL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007245 (s->be->ck_opts & (PR_CK_INS | PR_CK_IND)) == (PR_CK_INS | PR_CK_IND)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007246 del_from = prev;
7247 }
7248 } else {
7249 /* This is not our cookie, so we must preserve it. But if we already
7250 * scheduled another cookie for removal, we cannot remove the
7251 * complete header, but we can remove the previous block itself.
7252 */
7253 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007254
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007255 if (del_from != NULL) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007256 int delta = del_hdr_value(req->buf, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01007257 if (att_beg >= del_from)
7258 att_beg += delta;
7259 if (att_end >= del_from)
7260 att_end += delta;
7261 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007262 val_end += delta;
7263 next += delta;
7264 hdr_end += delta;
7265 hdr_next += delta;
7266 cur_hdr->len += delta;
7267 http_msg_move_end(&txn->req, delta);
7268 prev = del_from;
7269 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007270 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007271 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007272
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007273 /* Look for the appsession cookie unless persistence must be ignored */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007274 if (!(s->flags & SN_IGNORE_PRST) && (s->be->appsession_name != NULL)) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007275 int cmp_len, value_len;
7276 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007277
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007278 if (s->be->options2 & PR_O2_AS_PFX) {
7279 cmp_len = MIN(val_end - att_beg, s->be->appsession_name_len);
7280 value_begin = att_beg + s->be->appsession_name_len;
7281 value_len = val_end - att_beg - s->be->appsession_name_len;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007282 } else {
7283 cmp_len = att_end - att_beg;
7284 value_begin = val_beg;
7285 value_len = val_end - val_beg;
7286 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007287
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007288 /* let's see if the cookie is our appcookie */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007289 if (cmp_len == s->be->appsession_name_len &&
7290 memcmp(att_beg, s->be->appsession_name, cmp_len) == 0) {
7291 manage_client_side_appsession(s, value_begin, value_len);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007292 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007293 }
7294
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007295 /* continue with next cookie on this header line */
7296 att_beg = next;
7297 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007298
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007299 /* There are no more cookies on this line.
7300 * We may still have one (or several) marked for deletion at the
7301 * end of the line. We must do this now in two ways :
7302 * - if some cookies must be preserved, we only delete from the
7303 * mark to the end of line ;
7304 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01007305 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007306 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007307 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007308 if (preserve_hdr) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007309 delta = del_hdr_value(req->buf, &del_from, hdr_end);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007310 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007311 cur_hdr->len += delta;
7312 } else {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007313 delta = buffer_replace2(req->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007314
7315 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007316 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7317 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007318 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007319 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007320 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007321 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007322 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007323 }
7324
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007325 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01007326 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02007327 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007328}
7329
7330
Willy Tarreaua15645d2007-03-18 16:22:39 +01007331/* Iterate the same filter through all response headers contained in <rtr>.
7332 * Returns 1 if this filter can be stopped upon return, otherwise 0.
7333 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007334int apply_filter_to_resp_headers(struct session *s, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007335{
7336 char term;
7337 char *cur_ptr, *cur_end, *cur_next;
7338 int cur_idx, old_idx, last_hdr;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007339 struct http_txn *txn = &s->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007340 struct hdr_idx_elem *cur_hdr;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007341 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007342
7343 last_hdr = 0;
7344
Willy Tarreau9b28e032012-10-12 23:49:43 +02007345 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007346 old_idx = 0;
7347
7348 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007349 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007350 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007351 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007352 (exp->action == ACT_ALLOW ||
7353 exp->action == ACT_DENY))
7354 return 0;
7355
7356 cur_idx = txn->hdr_idx.v[old_idx].next;
7357 if (!cur_idx)
7358 break;
7359
7360 cur_hdr = &txn->hdr_idx.v[cur_idx];
7361 cur_ptr = cur_next;
7362 cur_end = cur_ptr + cur_hdr->len;
7363 cur_next = cur_end + cur_hdr->cr + 1;
7364
7365 /* Now we have one header between cur_ptr and cur_end,
7366 * and the next header starts at cur_next.
7367 */
7368
7369 /* The annoying part is that pattern matching needs
7370 * that we modify the contents to null-terminate all
7371 * strings before testing them.
7372 */
7373
7374 term = *cur_end;
7375 *cur_end = '\0';
7376
7377 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7378 switch (exp->action) {
7379 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007380 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007381 last_hdr = 1;
7382 break;
7383
7384 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007385 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007386 last_hdr = 1;
7387 break;
7388
7389 case ACT_REPLACE:
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007390 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7391 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007392 /* FIXME: if the user adds a newline in the replacement, the
7393 * index will not be recalculated for now, and the new line
7394 * will not be counted as a new header.
7395 */
7396
7397 cur_end += delta;
7398 cur_next += delta;
7399 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007400 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007401 break;
7402
7403 case ACT_REMOVE:
Willy Tarreau9b28e032012-10-12 23:49:43 +02007404 delta = buffer_replace2(rtr->buf, cur_ptr, cur_next, NULL, 0);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007405 cur_next += delta;
7406
Willy Tarreaufa355d42009-11-29 18:12:29 +01007407 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007408 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7409 txn->hdr_idx.used--;
7410 cur_hdr->len = 0;
7411 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01007412 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007413 break;
7414
7415 }
7416 }
7417 if (cur_end)
7418 *cur_end = term; /* restore the string terminator */
7419
7420 /* keep the link from this header to next one in case of later
7421 * removal of next header.
7422 */
7423 old_idx = cur_idx;
7424 }
7425 return 0;
7426}
7427
7428
7429/* Apply the filter to the status line in the response buffer <rtr>.
7430 * Returns 0 if nothing has been done, 1 if the filter has been applied,
7431 * or -1 if a replacement resulted in an invalid status line.
7432 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007433int apply_filter_to_sts_line(struct session *s, struct channel *rtr, struct hdr_exp *exp)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007434{
7435 char term;
7436 char *cur_ptr, *cur_end;
7437 int done;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007438 struct http_txn *txn = &s->txn;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007439 int delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007440
7441
Willy Tarreau3d300592007-03-18 18:34:41 +01007442 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007443 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01007444 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007445 (exp->action == ACT_ALLOW ||
7446 exp->action == ACT_DENY))
7447 return 0;
7448 else if (exp->action == ACT_REMOVE)
7449 return 0;
7450
7451 done = 0;
7452
Willy Tarreau9b28e032012-10-12 23:49:43 +02007453 cur_ptr = rtr->buf->p;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007454 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007455
7456 /* Now we have the status line between cur_ptr and cur_end */
7457
7458 /* The annoying part is that pattern matching needs
7459 * that we modify the contents to null-terminate all
7460 * strings before testing them.
7461 */
7462
7463 term = *cur_end;
7464 *cur_end = '\0';
7465
7466 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
7467 switch (exp->action) {
7468 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01007469 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007470 done = 1;
7471 break;
7472
7473 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01007474 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007475 done = 1;
7476 break;
7477
7478 case ACT_REPLACE:
7479 *cur_end = term; /* restore the string terminator */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01007480 trash.len = exp_replace(trash.str, cur_ptr, exp->replace, pmatch);
7481 delta = buffer_replace2(rtr->buf, cur_ptr, cur_end, trash.str, trash.len);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007482 /* FIXME: if the user adds a newline in the replacement, the
7483 * index will not be recalculated for now, and the new line
7484 * will not be counted as a new header.
7485 */
7486
Willy Tarreaufa355d42009-11-29 18:12:29 +01007487 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007488 cur_end += delta;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02007489 cur_end = (char *)http_parse_stsline(&txn->rsp,
Willy Tarreau02785762007-04-03 14:45:44 +02007490 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01007491 cur_ptr, cur_end + 1,
7492 NULL, NULL);
7493 if (unlikely(!cur_end))
7494 return -1;
7495
7496 /* we have a full respnse and we know that we have either a CR
7497 * or an LF at <ptr>.
7498 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007499 txn->status = strl2ui(rtr->buf->p + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02007500 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01007501 /* there is no point trying this regex on headers */
7502 return 1;
7503 }
7504 }
7505 *cur_end = term; /* restore the string terminator */
7506 return done;
7507}
7508
7509
7510
7511/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007512 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007513 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
7514 * unparsable response.
7515 */
Willy Tarreau7421efb2012-07-02 15:11:27 +02007516int apply_filters_to_response(struct session *s, struct channel *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007517{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007518 struct http_txn *txn = &s->txn;
7519 struct hdr_exp *exp;
7520
7521 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007522 int ret;
7523
7524 /*
7525 * The interleaving of transformations and verdicts
7526 * makes it difficult to decide to continue or stop
7527 * the evaluation.
7528 */
7529
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007530 if (txn->flags & TX_SVDENY)
7531 break;
7532
Willy Tarreau3d300592007-03-18 18:34:41 +01007533 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01007534 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
7535 exp->action == ACT_PASS)) {
7536 exp = exp->next;
7537 continue;
7538 }
7539
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007540 /* if this filter had a condition, evaluate it now and skip to
7541 * next filter if the condition does not match.
7542 */
7543 if (exp->cond) {
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02007544 ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007545 ret = acl_pass(ret);
7546 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
7547 ret = !ret;
7548 if (!ret)
7549 continue;
7550 }
7551
Willy Tarreaua15645d2007-03-18 16:22:39 +01007552 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007553 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007554 if (unlikely(ret < 0))
7555 return -1;
7556
7557 if (likely(ret == 0)) {
7558 /* The filter did not match the response, it can be
7559 * iterated through all headers.
7560 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01007561 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007562 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007563 }
7564 return 0;
7565}
7566
7567
Willy Tarreaua15645d2007-03-18 16:22:39 +01007568/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01007569 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02007570 * desirable to call it only when needed. This function is also used when we
7571 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01007572 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007573void manage_server_side_cookies(struct session *s, struct channel *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007574{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007575 struct http_txn *txn = &s->txn;
Willy Tarreau827aee92011-03-10 16:55:02 +01007576 struct server *srv;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007577 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007578 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007579 char *hdr_beg, *hdr_end, *hdr_next;
7580 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007581
Willy Tarreaua15645d2007-03-18 16:22:39 +01007582 /* Iterate through the headers.
7583 * we start with the start line.
7584 */
7585 old_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007586 hdr_next = res->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007587
7588 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
7589 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007590 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007591
7592 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02007593 hdr_beg = hdr_next;
7594 hdr_end = hdr_beg + cur_hdr->len;
7595 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007596
Willy Tarreau24581ba2010-08-31 22:39:35 +02007597 /* We have one full header between hdr_beg and hdr_end, and the
7598 * next header starts at hdr_next. We're only interested in
7599 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007600 */
7601
Willy Tarreau24581ba2010-08-31 22:39:35 +02007602 is_cookie2 = 0;
7603 prev = hdr_beg + 10;
7604 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007605 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007606 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
7607 if (!val) {
7608 old_idx = cur_idx;
7609 continue;
7610 }
7611 is_cookie2 = 1;
7612 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007613 }
7614
Willy Tarreau24581ba2010-08-31 22:39:35 +02007615 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
7616 * <prev> points to the colon.
7617 */
Willy Tarreauf1348312010-10-07 15:54:11 +02007618 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007619
Willy Tarreau24581ba2010-08-31 22:39:35 +02007620 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
7621 * check-cache is enabled) and we are not interested in checking
7622 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02007623 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007624 if (s->be->cookie_name == NULL &&
7625 s->be->appsession_name == NULL &&
7626 s->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007627 return;
7628
Willy Tarreau24581ba2010-08-31 22:39:35 +02007629 /* OK so now we know we have to process this response cookie.
7630 * The format of the Set-Cookie header is slightly different
7631 * from the format of the Cookie header in that it does not
7632 * support the comma as a cookie delimiter (thus the header
7633 * cannot be folded) because the Expires attribute described in
7634 * the original Netscape's spec may contain an unquoted date
7635 * with a comma inside. We have to live with this because
7636 * many browsers don't support Max-Age and some browsers don't
7637 * support quoted strings. However the Set-Cookie2 header is
7638 * clean.
7639 *
7640 * We have to keep multiple pointers in order to support cookie
7641 * removal at the beginning, middle or end of header without
7642 * corrupting the header (in case of set-cookie2). A special
7643 * pointer, <scav> points to the beginning of the set-cookie-av
7644 * fields after the first semi-colon. The <next> pointer points
7645 * either to the end of line (set-cookie) or next unquoted comma
7646 * (set-cookie2). All of these headers are valid :
7647 *
7648 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
7649 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7650 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
7651 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
7652 * | | | | | | | | | |
7653 * | | | | | | | | +-> next hdr_end <--+
7654 * | | | | | | | +------------> scav
7655 * | | | | | | +--------------> val_end
7656 * | | | | | +--------------------> val_beg
7657 * | | | | +----------------------> equal
7658 * | | | +------------------------> att_end
7659 * | | +----------------------------> att_beg
7660 * | +------------------------------> prev
7661 * +-----------------------------------------> hdr_beg
7662 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007663
Willy Tarreau24581ba2010-08-31 22:39:35 +02007664 for (; prev < hdr_end; prev = next) {
7665 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007666
Willy Tarreau24581ba2010-08-31 22:39:35 +02007667 /* find att_beg */
7668 att_beg = prev + 1;
7669 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
7670 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007671
Willy Tarreau24581ba2010-08-31 22:39:35 +02007672 /* find att_end : this is the first character after the last non
7673 * space before the equal. It may be equal to hdr_end.
7674 */
7675 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007676
Willy Tarreau24581ba2010-08-31 22:39:35 +02007677 while (equal < hdr_end) {
7678 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
7679 break;
7680 if (http_is_spht[(unsigned char)*equal++])
7681 continue;
7682 att_end = equal;
7683 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007684
Willy Tarreau24581ba2010-08-31 22:39:35 +02007685 /* here, <equal> points to '=', a delimitor or the end. <att_end>
7686 * is between <att_beg> and <equal>, both may be identical.
7687 */
7688
7689 /* look for end of cookie if there is an equal sign */
7690 if (equal < hdr_end && *equal == '=') {
7691 /* look for the beginning of the value */
7692 val_beg = equal + 1;
7693 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
7694 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007695
Willy Tarreau24581ba2010-08-31 22:39:35 +02007696 /* find the end of the value, respecting quotes */
7697 next = find_cookie_value_end(val_beg, hdr_end);
7698
7699 /* make val_end point to the first white space or delimitor after the value */
7700 val_end = next;
7701 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
7702 val_end--;
7703 } else {
7704 /* <equal> points to next comma, semi-colon or EOL */
7705 val_beg = val_end = next = equal;
7706 }
7707
7708 if (next < hdr_end) {
7709 /* Set-Cookie2 supports multiple cookies, and <next> points to
7710 * a colon or semi-colon before the end. So skip all attr-value
7711 * pairs and look for the next comma. For Set-Cookie, since
7712 * commas are permitted in values, skip to the end.
7713 */
7714 if (is_cookie2)
7715 next = find_hdr_value_end(next, hdr_end);
7716 else
7717 next = hdr_end;
7718 }
7719
7720 /* Now everything is as on the diagram above */
7721
7722 /* Ignore cookies with no equal sign */
7723 if (equal == val_end)
7724 continue;
7725
7726 /* If there are spaces around the equal sign, we need to
7727 * strip them otherwise we'll get trouble for cookie captures,
7728 * or even for rewrites. Since this happens extremely rarely,
7729 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007730 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007731 if (unlikely(att_end != equal || val_beg > equal + 1)) {
7732 int stripped_before = 0;
7733 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007734
Willy Tarreau24581ba2010-08-31 22:39:35 +02007735 if (att_end != equal) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007736 stripped_before = buffer_replace2(res->buf, att_end, equal, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007737 equal += stripped_before;
7738 val_beg += stripped_before;
7739 }
7740
7741 if (val_beg > equal + 1) {
Willy Tarreau9b28e032012-10-12 23:49:43 +02007742 stripped_after = buffer_replace2(res->buf, equal + 1, val_beg, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007743 val_beg += stripped_after;
7744 stripped_before += stripped_after;
7745 }
7746
7747 val_end += stripped_before;
7748 next += stripped_before;
7749 hdr_end += stripped_before;
7750 hdr_next += stripped_before;
7751 cur_hdr->len += stripped_before;
Willy Tarreau1fc1f452011-04-07 22:35:37 +02007752 http_msg_move_end(&txn->rsp, stripped_before);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007753 }
7754
7755 /* First, let's see if we want to capture this cookie. We check
7756 * that we don't already have a server side cookie, because we
7757 * can only capture one. Also as an optimisation, we ignore
7758 * cookies shorter than the declared name.
7759 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007760 if (s->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01007761 txn->srv_cookie == NULL &&
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007762 (val_end - att_beg >= s->fe->capture_namelen) &&
7763 memcmp(att_beg, s->fe->capture_name, s->fe->capture_namelen) == 0) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007764 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02007765 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007766 Alert("HTTP logging : out of memory.\n");
7767 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01007768 else {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007769 if (log_len > s->fe->capture_len)
7770 log_len = s->fe->capture_len;
Willy Tarreauf70fc752010-11-19 11:27:18 +01007771 memcpy(txn->srv_cookie, att_beg, log_len);
7772 txn->srv_cookie[log_len] = 0;
7773 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007774 }
7775
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007776 srv = objt_server(s->target);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007777 /* now check if we need to process it for persistence */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007778 if (!(s->flags & SN_IGNORE_PRST) &&
7779 (att_end - att_beg == s->be->cookie_len) && (s->be->cookie_name != NULL) &&
7780 (memcmp(att_beg, s->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02007781 /* assume passive cookie by default */
7782 txn->flags &= ~TX_SCK_MASK;
7783 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007784
7785 /* If the cookie is in insert mode on a known server, we'll delete
7786 * this occurrence because we'll insert another one later.
7787 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02007788 * a direct access.
7789 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007790 if (s->be->ck_opts & PR_CK_PSV) {
Willy Tarreauba4c5be2010-10-23 12:46:42 +02007791 /* The "preserve" flag was set, we don't want to touch the
7792 * server's cookie.
7793 */
7794 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007795 else if ((srv && (s->be->ck_opts & PR_CK_INS)) ||
7796 ((s->flags & SN_DIRECT) && (s->be->ck_opts & PR_CK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007797 /* this cookie must be deleted */
7798 if (*prev == ':' && next == hdr_end) {
7799 /* whole header */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007800 delta = buffer_replace2(res->buf, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007801 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
7802 txn->hdr_idx.used--;
7803 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01007804 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007805 hdr_next += delta;
7806 http_msg_move_end(&txn->rsp, delta);
7807 /* note: while both invalid now, <next> and <hdr_end>
7808 * are still equal, so the for() will stop as expected.
7809 */
7810 } else {
7811 /* just remove the value */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007812 int delta = del_hdr_value(res->buf, &prev, next);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007813 next = prev;
7814 hdr_end += delta;
7815 hdr_next += delta;
7816 cur_hdr->len += delta;
7817 http_msg_move_end(&txn->rsp, delta);
7818 }
Willy Tarreauf1348312010-10-07 15:54:11 +02007819 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01007820 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007821 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007822 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007823 else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007824 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01007825 * with this server since we know it.
7826 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007827 delta = buffer_replace2(res->buf, val_beg, val_end, srv->cookie, srv->cklen);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007828 next += delta;
7829 hdr_end += delta;
7830 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007831 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007832 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007833
Willy Tarreauf1348312010-10-07 15:54:11 +02007834 txn->flags &= ~TX_SCK_MASK;
7835 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007836 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007837 else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007838 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02007839 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01007840 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02007841 delta = buffer_replace2(res->buf, val_beg, val_beg, srv->cookie, srv->cklen + 1);
Willy Tarreau24581ba2010-08-31 22:39:35 +02007842 next += delta;
7843 hdr_end += delta;
7844 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007845 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007846 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007847
Willy Tarreau827aee92011-03-10 16:55:02 +01007848 val_beg[srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02007849 txn->flags &= ~TX_SCK_MASK;
7850 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007851 }
7852 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02007853 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007854 else if (!(s->flags & SN_IGNORE_PRST) && (s->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007855 int cmp_len, value_len;
7856 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007857
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007858 if (s->be->options2 & PR_O2_AS_PFX) {
7859 cmp_len = MIN(val_end - att_beg, s->be->appsession_name_len);
7860 value_begin = att_beg + s->be->appsession_name_len;
7861 value_len = MIN(s->be->appsession_len, val_end - att_beg - s->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01007862 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007863 cmp_len = att_end - att_beg;
7864 value_begin = val_beg;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007865 value_len = MIN(s->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007866 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007867
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007868 if ((cmp_len == s->be->appsession_name_len) &&
7869 (memcmp(att_beg, s->be->appsession_name, s->be->appsession_name_len) == 0)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007870 /* free a possibly previously allocated memory */
7871 pool_free2(apools.sessid, txn->sessid);
7872
Cyril Bontéb21570a2009-11-29 20:04:48 +01007873 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007874 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007875 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007876 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bontéb21570a2009-11-29 20:04:48 +01007877 return;
7878 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007879 memcpy(txn->sessid, value_begin, value_len);
7880 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007881 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02007882 }
7883 /* that's done for this cookie, check the next one on the same
7884 * line when next != hdr_end (only if is_cookie2).
7885 */
7886 }
7887 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007888 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007889 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007890
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007891 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007892 appsess *asession = NULL;
7893 /* only do insert, if lookup fails */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007894 asession = appsession_hash_lookup(&(s->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007895 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01007896 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007897 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
7898 Alert("Not enough Memory process_srv():asession:calloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007899 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007900 return;
7901 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007902 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
7903
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007904 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
7905 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007906 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7907 s->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007908 return;
7909 }
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007910 memcpy(asession->sessid, txn->sessid, s->be->appsession_len);
7911 asession->sessid[s->be->appsession_len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007912
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007913 server_id_len = strlen(objt_server(s->target)->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007914 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007915 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007916 send_log(s->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7917 s->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007918 return;
7919 }
7920 asession->serverid[0] = '\0';
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007921 memcpy(asession->serverid, objt_server(s->target)->id, server_id_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007922
7923 asession->request_count = 0;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007924 appsession_hash_insert(&(s->be->htbl_proxy), asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007925 }
7926
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007927 asession->expire = tick_add_ifset(now_ms, s->be->timeout.appsession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007928 asession->request_count++;
7929 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007930}
7931
7932
Willy Tarreaua15645d2007-03-18 16:22:39 +01007933/*
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007934 * Check if response is cacheable or not. Updates s->flags.
Willy Tarreaua15645d2007-03-18 16:22:39 +01007935 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007936void check_response_for_cacheability(struct session *s, struct channel *rtr)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007937{
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02007938 struct http_txn *txn = &s->txn;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007939 char *p1, *p2;
7940
7941 char *cur_ptr, *cur_end, *cur_next;
7942 int cur_idx;
7943
Willy Tarreau5df51872007-11-25 16:20:08 +01007944 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007945 return;
7946
7947 /* Iterate through the headers.
7948 * we start with the start line.
7949 */
7950 cur_idx = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02007951 cur_next = rtr->buf->p + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007952
7953 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
7954 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007955 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007956
7957 cur_hdr = &txn->hdr_idx.v[cur_idx];
7958 cur_ptr = cur_next;
7959 cur_end = cur_ptr + cur_hdr->len;
7960 cur_next = cur_end + cur_hdr->cr + 1;
7961
7962 /* We have one full header between cur_ptr and cur_end, and the
7963 * next header starts at cur_next. We're only interested in
7964 * "Cookie:" headers.
7965 */
7966
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007967 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
7968 if (val) {
7969 if ((cur_end - (cur_ptr + val) >= 8) &&
7970 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
7971 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
7972 return;
7973 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007974 }
7975
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007976 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
7977 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007978 continue;
7979
7980 /* OK, right now we know we have a cache-control header at cur_ptr */
7981
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007982 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007983
7984 if (p1 >= cur_end) /* no more info */
7985 continue;
7986
7987 /* p1 is at the beginning of the value */
7988 p2 = p1;
7989
Willy Tarreau8f8e6452007-06-17 21:51:38 +02007990 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007991 p2++;
7992
7993 /* we have a complete value between p1 and p2 */
7994 if (p2 < cur_end && *p2 == '=') {
7995 /* we have something of the form no-cache="set-cookie" */
7996 if ((cur_end - p1 >= 21) &&
7997 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
7998 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01007999 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008000 continue;
8001 }
8002
8003 /* OK, so we know that either p2 points to the end of string or to a comma */
8004 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
Willy Tarreau5b15f902013-07-04 12:46:56 +02008005 ((p2 - p1 == 8) && strncasecmp(p1, "no-cache", 8) == 0) ||
Willy Tarreaua15645d2007-03-18 16:22:39 +01008006 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
8007 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
8008 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01008009 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008010 return;
8011 }
8012
8013 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01008014 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01008015 continue;
8016 }
8017 }
8018}
8019
8020
Willy Tarreau58f10d72006-12-04 02:26:12 +01008021/*
8022 * Try to retrieve a known appsession in the URI, then the associated server.
8023 * If the server is found, it's assigned to the session.
8024 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008025void get_srv_from_appsession(struct session *s, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01008026{
Cyril Bontéb21570a2009-11-29 20:04:48 +01008027 char *end_params, *first_param, *cur_param, *next_param;
8028 char separator;
8029 int value_len;
8030
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008031 int mode = s->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01008032
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008033 if (s->be->appsession_name == NULL ||
8034 (s->txn.meth != HTTP_METH_GET && s->txn.meth != HTTP_METH_POST && s->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01008035 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01008036 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008037
Cyril Bontéb21570a2009-11-29 20:04:48 +01008038 first_param = NULL;
8039 switch (mode) {
8040 case PR_O2_AS_M_PP:
8041 first_param = memchr(begin, ';', len);
8042 break;
8043 case PR_O2_AS_M_QS:
8044 first_param = memchr(begin, '?', len);
8045 break;
8046 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008047
Cyril Bontéb21570a2009-11-29 20:04:48 +01008048 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01008049 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01008050 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008051
Cyril Bontéb21570a2009-11-29 20:04:48 +01008052 switch (mode) {
8053 case PR_O2_AS_M_PP:
8054 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
8055 end_params = (char *) begin + len;
8056 }
8057 separator = ';';
8058 break;
8059 case PR_O2_AS_M_QS:
8060 end_params = (char *) begin + len;
8061 separator = '&';
8062 break;
8063 default:
8064 /* unknown mode, shouldn't happen */
8065 return;
8066 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008067
Cyril Bontéb21570a2009-11-29 20:04:48 +01008068 cur_param = next_param = end_params;
8069 while (cur_param > first_param) {
8070 cur_param--;
8071 if ((cur_param[0] == separator) || (cur_param == first_param)) {
8072 /* let's see if this is the appsession parameter */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008073 if ((cur_param + s->be->appsession_name_len + 1 < next_param) &&
8074 ((s->be->options2 & PR_O2_AS_PFX) || cur_param[s->be->appsession_name_len + 1] == '=') &&
8075 (strncasecmp(cur_param + 1, s->be->appsession_name, s->be->appsession_name_len) == 0)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01008076 /* Cool... it's the right one */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008077 cur_param += s->be->appsession_name_len + (s->be->options2 & PR_O2_AS_PFX ? 1 : 2);
8078 value_len = MIN(s->be->appsession_len, next_param - cur_param);
Cyril Bontéb21570a2009-11-29 20:04:48 +01008079 if (value_len > 0) {
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008080 manage_client_side_appsession(s, cur_param, value_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01008081 }
8082 break;
8083 }
8084 next_param = cur_param;
8085 }
8086 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01008087#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02008088 Alert("get_srv_from_appsession\n");
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008089 appsession_hash_dump(&(s->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01008090#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01008091}
8092
Willy Tarreaub2513902006-12-17 14:52:38 +01008093/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02008094 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008095 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01008096 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02008097 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01008098 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01008099 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008100 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01008101 */
Willy Tarreau295a8372011-03-10 11:25:07 +01008102int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01008103{
8104 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau3a215be2012-03-09 21:39:51 +01008105 struct http_msg *msg = &txn->req;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008106 const char *uri = msg->chn->buf->p+ msg->sl.rq.u;
Willy Tarreaub2513902006-12-17 14:52:38 +01008107
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008108 if (!uri_auth)
8109 return 0;
8110
Cyril Bonté70be45d2010-10-12 00:14:35 +02008111 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01008112 return 0;
8113
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01008114 /* check URI size */
Willy Tarreau3a215be2012-03-09 21:39:51 +01008115 if (uri_auth->uri_len > msg->sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01008116 return 0;
8117
Willy Tarreau414e9bb2013-11-23 00:30:38 +01008118 if (memcmp(uri, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01008119 return 0;
8120
Willy Tarreaub2513902006-12-17 14:52:38 +01008121 return 1;
8122}
8123
Willy Tarreau4076a152009-04-02 15:18:36 +02008124/*
8125 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008126 * By default it tries to report the error position as msg->err_pos. However if
8127 * this one is not set, it will then report msg->next, which is the last known
8128 * parsing point. The function is able to deal with wrapping buffers. It always
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008129 * displays buffers as a contiguous area starting at buf->p.
Willy Tarreau4076a152009-04-02 15:18:36 +02008130 */
8131void http_capture_bad_message(struct error_snapshot *es, struct session *s,
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008132 struct http_msg *msg,
Willy Tarreau3770f232013-12-07 00:01:53 +01008133 enum ht_state state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02008134{
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008135 struct channel *chn = msg->chn;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008136 int len1, len2;
Willy Tarreau8a0cef22012-03-09 13:39:23 +01008137
Willy Tarreau9b28e032012-10-12 23:49:43 +02008138 es->len = MIN(chn->buf->i, sizeof(es->buf));
8139 len1 = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008140 len1 = MIN(len1, es->len);
8141 len2 = es->len - len1; /* remaining data if buffer wraps */
8142
Willy Tarreau9b28e032012-10-12 23:49:43 +02008143 memcpy(es->buf, chn->buf->p, len1);
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008144 if (len2)
Willy Tarreau9b28e032012-10-12 23:49:43 +02008145 memcpy(es->buf + len1, chn->buf->data, len2);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008146
Willy Tarreau4076a152009-04-02 15:18:36 +02008147 if (msg->err_pos >= 0)
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008148 es->pos = msg->err_pos;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008149 else
Willy Tarreau69d8c5d2012-05-08 09:44:41 +02008150 es->pos = msg->next;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01008151
Willy Tarreau4076a152009-04-02 15:18:36 +02008152 es->when = date; // user-visible date
8153 es->sid = s->uniq_id;
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008154 es->srv = objt_server(s->target);
Willy Tarreau4076a152009-04-02 15:18:36 +02008155 es->oe = other_end;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008156 if (objt_conn(s->req->prod->end))
8157 es->src = __objt_conn(s->req->prod->end)->addr.from;
8158 else
8159 memset(&es->src, 0, sizeof(es->src));
8160
Willy Tarreau078272e2010-12-12 12:46:33 +01008161 es->state = state;
Willy Tarreau10479e42010-12-12 14:00:34 +01008162 es->ev_id = error_snapshot_id++;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008163 es->b_flags = chn->flags;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008164 es->s_flags = s->flags;
8165 es->t_flags = s->txn.flags;
8166 es->m_flags = msg->flags;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008167 es->b_out = chn->buf->o;
8168 es->b_wrap = chn->buf->data + chn->buf->size - chn->buf->p;
Willy Tarreaucdbdd522012-10-12 22:51:15 +02008169 es->b_tot = chn->total;
Willy Tarreaud04b1bc2012-05-08 11:03:10 +02008170 es->m_clen = msg->chunk_len;
8171 es->m_blen = msg->body_len;
Willy Tarreau4076a152009-04-02 15:18:36 +02008172}
Willy Tarreaub2513902006-12-17 14:52:38 +01008173
Willy Tarreau294c4732011-12-16 21:35:50 +01008174/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8175 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8176 * performed over the whole headers. Otherwise it must contain a valid header
8177 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8178 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8179 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8180 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008181 * -1. The value fetch stops at commas, so this function is suited for use with
8182 * list headers.
Willy Tarreau294c4732011-12-16 21:35:50 +01008183 * The return value is 0 if nothing was found, or non-zero otherwise.
Willy Tarreaubce70882009-09-07 11:51:47 +02008184 */
Willy Tarreau185b5c42012-04-26 15:11:51 +02008185unsigned int http_get_hdr(const struct http_msg *msg, const char *hname, int hlen,
Willy Tarreau294c4732011-12-16 21:35:50 +01008186 struct hdr_idx *idx, int occ,
8187 struct hdr_ctx *ctx, char **vptr, int *vlen)
Willy Tarreaubce70882009-09-07 11:51:47 +02008188{
Willy Tarreau294c4732011-12-16 21:35:50 +01008189 struct hdr_ctx local_ctx;
8190 char *ptr_hist[MAX_HDR_HISTORY];
8191 int len_hist[MAX_HDR_HISTORY];
Willy Tarreaubce70882009-09-07 11:51:47 +02008192 unsigned int hist_ptr;
Willy Tarreau294c4732011-12-16 21:35:50 +01008193 int found;
Willy Tarreaubce70882009-09-07 11:51:47 +02008194
Willy Tarreau294c4732011-12-16 21:35:50 +01008195 if (!ctx) {
8196 local_ctx.idx = 0;
8197 ctx = &local_ctx;
8198 }
8199
Willy Tarreaubce70882009-09-07 11:51:47 +02008200 if (occ >= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008201 /* search from the beginning */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008202 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreaubce70882009-09-07 11:51:47 +02008203 occ--;
8204 if (occ <= 0) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008205 *vptr = ctx->line + ctx->val;
8206 *vlen = ctx->vlen;
8207 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008208 }
8209 }
Willy Tarreau294c4732011-12-16 21:35:50 +01008210 return 0;
Willy Tarreaubce70882009-09-07 11:51:47 +02008211 }
8212
8213 /* negative occurrence, we scan all the list then walk back */
8214 if (-occ > MAX_HDR_HISTORY)
8215 return 0;
8216
Willy Tarreau294c4732011-12-16 21:35:50 +01008217 found = hist_ptr = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02008218 while (http_find_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
Willy Tarreau294c4732011-12-16 21:35:50 +01008219 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8220 len_hist[hist_ptr] = ctx->vlen;
8221 if (++hist_ptr >= MAX_HDR_HISTORY)
Willy Tarreaubce70882009-09-07 11:51:47 +02008222 hist_ptr = 0;
8223 found++;
8224 }
8225 if (-occ > found)
8226 return 0;
8227 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
Willy Tarreau67dad272013-06-12 22:27:44 +02008228 * find occurrence -occ. 0 <= hist_ptr < MAX_HDR_HISTORY, and we have
8229 * -10 <= occ <= -1. So we have to check [hist_ptr%MAX_HDR_HISTORY+occ]
8230 * to remain in the 0..9 range.
Willy Tarreaubce70882009-09-07 11:51:47 +02008231 */
Willy Tarreau67dad272013-06-12 22:27:44 +02008232 hist_ptr += occ + MAX_HDR_HISTORY;
Willy Tarreaubce70882009-09-07 11:51:47 +02008233 if (hist_ptr >= MAX_HDR_HISTORY)
8234 hist_ptr -= MAX_HDR_HISTORY;
Willy Tarreau294c4732011-12-16 21:35:50 +01008235 *vptr = ptr_hist[hist_ptr];
8236 *vlen = len_hist[hist_ptr];
8237 return 1;
Willy Tarreaubce70882009-09-07 11:51:47 +02008238}
8239
Willy Tarreau04ff9f12013-06-10 18:39:42 +02008240/* Return in <vptr> and <vlen> the pointer and length of occurrence <occ> of
8241 * header whose name is <hname> of length <hlen>. If <ctx> is null, lookup is
8242 * performed over the whole headers. Otherwise it must contain a valid header
8243 * context, initialised with ctx->idx=0 for the first lookup in a series. If
8244 * <occ> is positive or null, occurrence #occ from the beginning (or last ctx)
8245 * is returned. Occ #0 and #1 are equivalent. If <occ> is negative (and no less
8246 * than -MAX_HDR_HISTORY), the occurrence is counted from the last one which is
8247 * -1. This function differs from http_get_hdr() in that it only returns full
8248 * line header values and does not stop at commas.
8249 * The return value is 0 if nothing was found, or non-zero otherwise.
8250 */
8251unsigned int http_get_fhdr(const struct http_msg *msg, const char *hname, int hlen,
8252 struct hdr_idx *idx, int occ,
8253 struct hdr_ctx *ctx, char **vptr, int *vlen)
8254{
8255 struct hdr_ctx local_ctx;
8256 char *ptr_hist[MAX_HDR_HISTORY];
8257 int len_hist[MAX_HDR_HISTORY];
8258 unsigned int hist_ptr;
8259 int found;
8260
8261 if (!ctx) {
8262 local_ctx.idx = 0;
8263 ctx = &local_ctx;
8264 }
8265
8266 if (occ >= 0) {
8267 /* search from the beginning */
8268 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8269 occ--;
8270 if (occ <= 0) {
8271 *vptr = ctx->line + ctx->val;
8272 *vlen = ctx->vlen;
8273 return 1;
8274 }
8275 }
8276 return 0;
8277 }
8278
8279 /* negative occurrence, we scan all the list then walk back */
8280 if (-occ > MAX_HDR_HISTORY)
8281 return 0;
8282
8283 found = hist_ptr = 0;
8284 while (http_find_full_header2(hname, hlen, msg->chn->buf->p, idx, ctx)) {
8285 ptr_hist[hist_ptr] = ctx->line + ctx->val;
8286 len_hist[hist_ptr] = ctx->vlen;
8287 if (++hist_ptr >= MAX_HDR_HISTORY)
8288 hist_ptr = 0;
8289 found++;
8290 }
8291 if (-occ > found)
8292 return 0;
8293 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
8294 * find occurrence -occ, so we have to check [hist_ptr+occ].
8295 */
8296 hist_ptr += occ;
8297 if (hist_ptr >= MAX_HDR_HISTORY)
8298 hist_ptr -= MAX_HDR_HISTORY;
8299 *vptr = ptr_hist[hist_ptr];
8300 *vlen = len_hist[hist_ptr];
8301 return 1;
8302}
8303
Willy Tarreaubaaee002006-06-26 02:48:02 +02008304/*
Willy Tarreaue92693a2012-09-24 21:13:39 +02008305 * Print a debug line with a header. Always stop at the first CR or LF char,
8306 * so it is safe to pass it a full buffer if needed. If <err> is not NULL, an
8307 * arrow is printed after the line which contains the pointer.
Willy Tarreau58f10d72006-12-04 02:26:12 +01008308 */
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008309void debug_hdr(const char *dir, struct session *s, const char *start, const char *end)
Willy Tarreau58f10d72006-12-04 02:26:12 +01008310{
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008311 int max;
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008312 chunk_printf(&trash, "%08x:%s.%s[%04x:%04x]: ", s->uniq_id, s->be->id,
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008313 dir,
Willy Tarreauf1fd9dc2014-04-24 20:47:57 +02008314 objt_conn(s->req->prod->end) ? (unsigned short)objt_conn(s->req->prod->end)->t.sock.fd : -1,
8315 objt_conn(s->req->cons->end) ? (unsigned short)objt_conn(s->req->cons->end)->t.sock.fd : -1);
Willy Tarreaue92693a2012-09-24 21:13:39 +02008316
8317 for (max = 0; start + max < end; max++)
8318 if (start[max] == '\r' || start[max] == '\n')
8319 break;
8320
Willy Tarreau19d14ef2012-10-29 16:51:55 +01008321 UBOUND(max, trash.size - trash.len - 3);
8322 trash.len += strlcpy2(trash.str + trash.len, start, max + 1);
8323 trash.str[trash.len++] = '\n';
Willy Tarreau89efaed2013-12-13 15:14:55 +01008324 shut_your_big_mouth_gcc(write(1, trash.str, trash.len));
Willy Tarreau58f10d72006-12-04 02:26:12 +01008325}
8326
Willy Tarreau0937bc42009-12-22 15:03:09 +01008327/*
8328 * Initialize a new HTTP transaction for session <s>. It is assumed that all
8329 * the required fields are properly allocated and that we only need to (re)init
8330 * them. This should be used before processing any new request.
8331 */
8332void http_init_txn(struct session *s)
8333{
8334 struct http_txn *txn = &s->txn;
8335 struct proxy *fe = s->fe;
8336
8337 txn->flags = 0;
8338 txn->status = -1;
8339
Willy Tarreauf64d1412010-10-07 20:06:11 +02008340 txn->cookie_first_date = 0;
8341 txn->cookie_last_date = 0;
8342
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008343 txn->req.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008344 txn->req.sol = txn->req.eol = txn->req.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008345 txn->req.next = 0;
Willy Tarreaua36fc4d2012-02-17 17:39:37 +01008346 txn->rsp.flags = 0;
Willy Tarreau26927362012-05-18 23:22:52 +02008347 txn->rsp.sol = txn->rsp.eol = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreaua458b672012-03-05 11:17:50 +01008348 txn->rsp.next = 0;
Willy Tarreau124d9912011-03-01 20:30:48 +01008349 txn->req.chunk_len = 0LL;
8350 txn->req.body_len = 0LL;
8351 txn->rsp.chunk_len = 0LL;
8352 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008353 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
8354 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Willy Tarreau394db372012-10-12 22:40:39 +02008355 txn->req.chn = s->req;
8356 txn->rsp.chn = s->rep;
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008357
8358 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008359
8360 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
8361 if (fe->options2 & PR_O2_REQBUG_OK)
8362 txn->req.err_pos = -1; /* let buggy requests pass */
8363
Willy Tarreau46023632010-01-07 22:51:47 +01008364 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008365 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
8366
Willy Tarreau46023632010-01-07 22:51:47 +01008367 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01008368 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
8369
8370 if (txn->hdr_idx.v)
8371 hdr_idx_init(&txn->hdr_idx);
8372}
8373
8374/* to be used at the end of a transaction */
8375void http_end_txn(struct session *s)
8376{
8377 struct http_txn *txn = &s->txn;
8378
Willy Tarreau75195602014-03-11 15:48:55 +01008379 /* release any possible compression context */
8380 if (s->flags & SN_COMP_READY)
8381 s->comp_algo->end(&s->comp_ctx);
8382 s->comp_algo = NULL;
8383 s->flags &= ~SN_COMP_READY;
8384
Willy Tarreau0937bc42009-12-22 15:03:09 +01008385 /* these ones will have been dynamically allocated */
8386 pool_free2(pool2_requri, txn->uri);
8387 pool_free2(pool2_capture, txn->cli_cookie);
8388 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008389 pool_free2(apools.sessid, txn->sessid);
William Lallemanda73203e2012-03-12 12:48:57 +01008390 pool_free2(pool2_uniqueid, s->unique_id);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008391
William Lallemanda73203e2012-03-12 12:48:57 +01008392 s->unique_id = NULL;
Willy Tarreaua3377ee2010-01-10 10:49:11 +01008393 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008394 txn->uri = NULL;
8395 txn->srv_cookie = NULL;
8396 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01008397
8398 if (txn->req.cap) {
8399 struct cap_hdr *h;
8400 for (h = s->fe->req_cap; h; h = h->next)
8401 pool_free2(h->pool, txn->req.cap[h->index]);
8402 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
8403 }
8404
8405 if (txn->rsp.cap) {
8406 struct cap_hdr *h;
8407 for (h = s->fe->rsp_cap; h; h = h->next)
8408 pool_free2(h->pool, txn->rsp.cap[h->index]);
8409 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
8410 }
8411
Willy Tarreau0937bc42009-12-22 15:03:09 +01008412}
8413
8414/* to be used at the end of a transaction to prepare a new one */
8415void http_reset_txn(struct session *s)
8416{
8417 http_end_txn(s);
8418 http_init_txn(s);
8419
8420 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008421 s->logs.logwait = s->fe->to_log;
Willy Tarreauabcd5142013-06-11 17:18:02 +02008422 s->logs.level = 0;
Simon Hormanaf514952011-06-21 14:34:57 +09008423 session_del_srv_conn(s);
Willy Tarreau3fdb3662012-11-12 00:42:33 +01008424 s->target = NULL;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008425 /* re-init store persistence */
8426 s->store_count = 0;
Willy Tarreau1f0da242014-01-25 11:01:50 +01008427 s->uniq_id = global.req_count++;
Emeric Brunb982a3d2010-01-04 15:45:53 +01008428
Willy Tarreau0937bc42009-12-22 15:03:09 +01008429 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008430
Willy Tarreau03cdb7c2012-08-27 23:14:58 +02008431 s->req->flags |= CF_READ_DONTWAIT; /* one read is usually enough */
Willy Tarreau0937bc42009-12-22 15:03:09 +01008432
Willy Tarreau739cfba2010-01-25 23:11:14 +01008433 /* We must trim any excess data from the response buffer, because we
8434 * may have blocked an invalid response from a server that we don't
8435 * want to accidentely forward once we disable the analysers, nor do
8436 * we want those data to come along with next response. A typical
8437 * example of such data would be from a buggy server responding to
8438 * a HEAD with some data, or sending more than the advertised
8439 * content-length.
8440 */
Willy Tarreau9b28e032012-10-12 23:49:43 +02008441 if (unlikely(s->rep->buf->i))
8442 s->rep->buf->i = 0;
Willy Tarreau739cfba2010-01-25 23:11:14 +01008443
Willy Tarreau0937bc42009-12-22 15:03:09 +01008444 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02008445 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008446
Willy Tarreaud04e8582010-05-31 12:31:35 +02008447 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008448 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01008449
8450 s->req->rex = TICK_ETERNITY;
8451 s->req->wex = TICK_ETERNITY;
8452 s->req->analyse_exp = TICK_ETERNITY;
8453 s->rep->rex = TICK_ETERNITY;
8454 s->rep->wex = TICK_ETERNITY;
8455 s->rep->analyse_exp = TICK_ETERNITY;
8456}
Willy Tarreau58f10d72006-12-04 02:26:12 +01008457
Willy Tarreauff011f22011-01-06 17:51:27 +01008458void free_http_req_rules(struct list *r) {
8459 struct http_req_rule *tr, *pr;
8460
8461 list_for_each_entry_safe(pr, tr, r, list) {
8462 LIST_DEL(&pr->list);
Willy Tarreau20b0de52012-12-24 15:45:22 +01008463 if (pr->action == HTTP_REQ_ACT_AUTH)
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008464 free(pr->arg.auth.realm);
Willy Tarreauff011f22011-01-06 17:51:27 +01008465
8466 free(pr);
8467 }
8468}
8469
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008470/* parse an "http-request" rule */
Willy Tarreauff011f22011-01-06 17:51:27 +01008471struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8472{
8473 struct http_req_rule *rule;
8474 int cur_arg;
8475
8476 rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
8477 if (!rule) {
8478 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008479 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008480 }
8481
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008482 if (!strcmp(args[0], "allow")) {
Willy Tarreauff011f22011-01-06 17:51:27 +01008483 rule->action = HTTP_REQ_ACT_ALLOW;
8484 cur_arg = 1;
8485 } else if (!strcmp(args[0], "deny")) {
8486 rule->action = HTTP_REQ_ACT_DENY;
8487 cur_arg = 1;
Willy Tarreauccbcc372012-12-27 12:37:57 +01008488 } else if (!strcmp(args[0], "tarpit")) {
8489 rule->action = HTTP_REQ_ACT_TARPIT;
8490 cur_arg = 1;
Willy Tarreauff011f22011-01-06 17:51:27 +01008491 } else if (!strcmp(args[0], "auth")) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008492 rule->action = HTTP_REQ_ACT_AUTH;
Willy Tarreauff011f22011-01-06 17:51:27 +01008493 cur_arg = 1;
8494
8495 while(*args[cur_arg]) {
8496 if (!strcmp(args[cur_arg], "realm")) {
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008497 rule->arg.auth.realm = strdup(args[cur_arg + 1]);
Willy Tarreauff011f22011-01-06 17:51:27 +01008498 cur_arg+=2;
8499 continue;
8500 } else
8501 break;
8502 }
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008503 } else if (!strcmp(args[0], "set-nice")) {
8504 rule->action = HTTP_REQ_ACT_SET_NICE;
8505 cur_arg = 1;
8506
8507 if (!*args[cur_arg] ||
8508 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8509 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer value).\n",
8510 file, linenum, args[0]);
8511 goto out_err;
8512 }
8513 rule->arg.nice = atoi(args[cur_arg]);
8514 if (rule->arg.nice < -1024)
8515 rule->arg.nice = -1024;
8516 else if (rule->arg.nice > 1024)
8517 rule->arg.nice = 1024;
8518 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008519 } else if (!strcmp(args[0], "set-tos")) {
8520#ifdef IP_TOS
8521 char *err;
8522 rule->action = HTTP_REQ_ACT_SET_TOS;
8523 cur_arg = 1;
8524
8525 if (!*args[cur_arg] ||
8526 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8527 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8528 file, linenum, args[0]);
8529 goto out_err;
8530 }
8531
8532 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8533 if (err && *err != '\0') {
8534 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8535 file, linenum, err, args[0]);
8536 goto out_err;
8537 }
8538 cur_arg++;
8539#else
8540 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8541 goto out_err;
8542#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008543 } else if (!strcmp(args[0], "set-mark")) {
8544#ifdef SO_MARK
8545 char *err;
8546 rule->action = HTTP_REQ_ACT_SET_MARK;
8547 cur_arg = 1;
8548
8549 if (!*args[cur_arg] ||
8550 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8551 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (integer/hex value).\n",
8552 file, linenum, args[0]);
8553 goto out_err;
8554 }
8555
8556 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8557 if (err && *err != '\0') {
8558 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-request %s' (integer/hex value expected).\n",
8559 file, linenum, err, args[0]);
8560 goto out_err;
8561 }
8562 cur_arg++;
8563 global.last_checks |= LSTCHK_NETADM;
8564#else
8565 Alert("parsing [%s:%d]: 'http-request %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8566 goto out_err;
8567#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008568 } else if (!strcmp(args[0], "set-log-level")) {
8569 rule->action = HTTP_REQ_ACT_SET_LOGL;
8570 cur_arg = 1;
8571
8572 if (!*args[cur_arg] ||
8573 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8574 bad_log_level:
8575 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument (log level name or 'silent').\n",
8576 file, linenum, args[0]);
8577 goto out_err;
8578 }
8579 if (strcmp(args[cur_arg], "silent") == 0)
8580 rule->arg.loglevel = -1;
8581 else if ((rule->arg.loglevel = get_log_level(args[cur_arg]) + 1) == 0)
8582 goto bad_log_level;
8583 cur_arg++;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008584 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8585 rule->action = *args[0] == 'a' ? HTTP_REQ_ACT_ADD_HDR : HTTP_REQ_ACT_SET_HDR;
8586 cur_arg = 1;
8587
Willy Tarreau8d1c5162013-04-03 14:13:58 +02008588 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8589 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
Willy Tarreau20b0de52012-12-24 15:45:22 +01008590 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
8591 file, linenum, args[0]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008592 goto out_err;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008593 }
8594
8595 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8596 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8597 LIST_INIT(&rule->arg.hdr_add.fmt);
Willy Tarreaua4312fa2013-04-02 16:34:32 +02008598
Thierry FOURNIER1c0054f2013-11-20 15:09:52 +01008599 proxy->conf.args.ctx = ARGC_HRQ;
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01008600 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01008601 (proxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8602 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01008603 free(proxy->conf.lfs_file);
8604 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8605 proxy->conf.lfs_line = proxy->conf.args.line;
Willy Tarreau20b0de52012-12-24 15:45:22 +01008606 cur_arg += 2;
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02008607 } else if (strcmp(args[0], "del-header") == 0) {
8608 rule->action = HTTP_REQ_ACT_DEL_HDR;
8609 cur_arg = 1;
8610
8611 if (!*args[cur_arg] ||
8612 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8613 Alert("parsing [%s:%d]: 'http-request %s' expects exactly 1 argument.\n",
8614 file, linenum, args[0]);
8615 goto out_err;
8616 }
8617
8618 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8619 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8620
8621 proxy->conf.args.ctx = ARGC_HRQ;
8622 free(proxy->conf.lfs_file);
8623 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8624 proxy->conf.lfs_line = proxy->conf.args.line;
8625 cur_arg += 1;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008626 } else if (strcmp(args[0], "redirect") == 0) {
8627 struct redirect_rule *redir;
Willy Tarreau6d4890c2013-11-18 18:04:25 +01008628 char *errmsg = NULL;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008629
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008630 if ((redir = http_parse_redirect_rule(file, linenum, proxy, (const char **)args + 1, &errmsg, 1)) == NULL) {
Willy Tarreau81499eb2012-12-27 12:19:02 +01008631 Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
8632 file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
8633 goto out_err;
8634 }
8635
8636 /* this redirect rule might already contain a parsed condition which
8637 * we'll pass to the http-request rule.
8638 */
8639 rule->action = HTTP_REQ_ACT_REDIR;
8640 rule->arg.redir = redir;
8641 rule->cond = redir->cond;
8642 redir->cond = NULL;
8643 cur_arg = 2;
8644 return rule;
Willy Tarreauff011f22011-01-06 17:51:27 +01008645 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008646 Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', 'tarpit', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreau5c2e1982012-12-24 12:00:25 +01008647 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
Willy Tarreau81499eb2012-12-27 12:19:02 +01008648 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008649 }
8650
8651 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8652 struct acl_cond *cond;
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008653 char *errmsg = NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008654
Willy Tarreaub7451bb2012-04-27 12:38:15 +02008655 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8656 Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
8657 file, linenum, args[0], errmsg);
8658 free(errmsg);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008659 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008660 }
8661 rule->cond = cond;
8662 }
8663 else if (*args[cur_arg]) {
8664 Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
8665 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8666 file, linenum, args[0], args[cur_arg]);
Willy Tarreau81499eb2012-12-27 12:19:02 +01008667 goto out_err;
Willy Tarreauff011f22011-01-06 17:51:27 +01008668 }
8669
8670 return rule;
Willy Tarreau81499eb2012-12-27 12:19:02 +01008671 out_err:
8672 free(rule);
8673 return NULL;
Willy Tarreauff011f22011-01-06 17:51:27 +01008674}
8675
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008676/* parse an "http-respose" rule */
8677struct http_res_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
8678{
8679 struct http_res_rule *rule;
8680 int cur_arg;
8681
8682 rule = calloc(1, sizeof(*rule));
8683 if (!rule) {
8684 Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
8685 goto out_err;
8686 }
8687
8688 if (!strcmp(args[0], "allow")) {
8689 rule->action = HTTP_RES_ACT_ALLOW;
8690 cur_arg = 1;
8691 } else if (!strcmp(args[0], "deny")) {
8692 rule->action = HTTP_RES_ACT_DENY;
8693 cur_arg = 1;
Willy Tarreauf4c43c12013-06-11 17:01:13 +02008694 } else if (!strcmp(args[0], "set-nice")) {
8695 rule->action = HTTP_RES_ACT_SET_NICE;
8696 cur_arg = 1;
8697
8698 if (!*args[cur_arg] ||
8699 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8700 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer value).\n",
8701 file, linenum, args[0]);
8702 goto out_err;
8703 }
8704 rule->arg.nice = atoi(args[cur_arg]);
8705 if (rule->arg.nice < -1024)
8706 rule->arg.nice = -1024;
8707 else if (rule->arg.nice > 1024)
8708 rule->arg.nice = 1024;
8709 cur_arg++;
Willy Tarreau42cf39e2013-06-11 18:51:32 +02008710 } else if (!strcmp(args[0], "set-tos")) {
8711#ifdef IP_TOS
8712 char *err;
8713 rule->action = HTTP_RES_ACT_SET_TOS;
8714 cur_arg = 1;
8715
8716 if (!*args[cur_arg] ||
8717 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8718 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8719 file, linenum, args[0]);
8720 goto out_err;
8721 }
8722
8723 rule->arg.tos = strtol(args[cur_arg], &err, 0);
8724 if (err && *err != '\0') {
8725 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8726 file, linenum, err, args[0]);
8727 goto out_err;
8728 }
8729 cur_arg++;
8730#else
8731 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (IP_TOS undefined).\n", file, linenum, args[0]);
8732 goto out_err;
8733#endif
Willy Tarreau51347ed2013-06-11 19:34:13 +02008734 } else if (!strcmp(args[0], "set-mark")) {
8735#ifdef SO_MARK
8736 char *err;
8737 rule->action = HTTP_RES_ACT_SET_MARK;
8738 cur_arg = 1;
8739
8740 if (!*args[cur_arg] ||
8741 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8742 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (integer/hex value).\n",
8743 file, linenum, args[0]);
8744 goto out_err;
8745 }
8746
8747 rule->arg.mark = strtoul(args[cur_arg], &err, 0);
8748 if (err && *err != '\0') {
8749 Alert("parsing [%s:%d]: invalid character starting at '%s' in 'http-response %s' (integer/hex value expected).\n",
8750 file, linenum, err, args[0]);
8751 goto out_err;
8752 }
8753 cur_arg++;
8754 global.last_checks |= LSTCHK_NETADM;
8755#else
8756 Alert("parsing [%s:%d]: 'http-response %s' is not supported on this platform (SO_MARK undefined).\n", file, linenum, args[0]);
8757 goto out_err;
8758#endif
Willy Tarreau9a355ec2013-06-11 17:45:46 +02008759 } else if (!strcmp(args[0], "set-log-level")) {
8760 rule->action = HTTP_RES_ACT_SET_LOGL;
8761 cur_arg = 1;
8762
8763 if (!*args[cur_arg] ||
8764 (*args[cur_arg + 1] && strcmp(args[cur_arg + 1], "if") != 0 && strcmp(args[cur_arg + 1], "unless") != 0)) {
8765 bad_log_level:
8766 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument (log level name or 'silent').\n",
8767 file, linenum, args[0]);
8768 goto out_err;
8769 }
8770 if (strcmp(args[cur_arg], "silent") == 0)
8771 rule->arg.loglevel = -1;
8772 else if ((rule->arg.loglevel = get_log_level(args[cur_arg] + 1)) == 0)
8773 goto bad_log_level;
8774 cur_arg++;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008775 } else if (strcmp(args[0], "add-header") == 0 || strcmp(args[0], "set-header") == 0) {
8776 rule->action = *args[0] == 'a' ? HTTP_RES_ACT_ADD_HDR : HTTP_RES_ACT_SET_HDR;
8777 cur_arg = 1;
8778
8779 if (!*args[cur_arg] || !*args[cur_arg+1] ||
8780 (*args[cur_arg+2] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
8781 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 2 arguments.\n",
8782 file, linenum, args[0]);
8783 goto out_err;
8784 }
8785
8786 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8787 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8788 LIST_INIT(&rule->arg.hdr_add.fmt);
8789
Thierry FOURNIER1c0054f2013-11-20 15:09:52 +01008790 proxy->conf.args.ctx = ARGC_HRS;
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01008791 parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01008792 (proxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
8793 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01008794 free(proxy->conf.lfs_file);
8795 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8796 proxy->conf.lfs_line = proxy->conf.args.line;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008797 cur_arg += 2;
Thierry FOURNIERdad3d1d2014-04-22 18:07:25 +02008798 } else if (strcmp(args[0], "del-header") == 0) {
8799 rule->action = HTTP_RES_ACT_DEL_HDR;
8800 cur_arg = 1;
8801
8802 if (!*args[cur_arg] ||
8803 (*args[cur_arg+1] && strcmp(args[cur_arg+1], "if") != 0 && strcmp(args[cur_arg+1], "unless") != 0)) {
8804 Alert("parsing [%s:%d]: 'http-response %s' expects exactly 1 argument.\n",
8805 file, linenum, args[0]);
8806 goto out_err;
8807 }
8808
8809 rule->arg.hdr_add.name = strdup(args[cur_arg]);
8810 rule->arg.hdr_add.name_len = strlen(rule->arg.hdr_add.name);
8811
8812 proxy->conf.args.ctx = ARGC_HRS;
8813 free(proxy->conf.lfs_file);
8814 proxy->conf.lfs_file = strdup(proxy->conf.args.file);
8815 proxy->conf.lfs_line = proxy->conf.args.line;
8816 cur_arg += 1;
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008817 } else {
Willy Tarreau51347ed2013-06-11 19:34:13 +02008818 Alert("parsing [%s:%d]: 'http-response' expects 'allow', 'deny', 'redirect', 'add-header', 'set-header', 'set-nice', 'set-tos', 'set-mark', 'set-log-level', but got '%s'%s.\n",
Willy Tarreaue365c0b2013-06-11 16:06:12 +02008819 file, linenum, args[0], *args[0] ? "" : " (missing argument)");
8820 goto out_err;
8821 }
8822
8823 if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
8824 struct acl_cond *cond;
8825 char *errmsg = NULL;
8826
8827 if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg, &errmsg)) == NULL) {
8828 Alert("parsing [%s:%d] : error detected while parsing an 'http-response %s' condition : %s.\n",
8829 file, linenum, args[0], errmsg);
8830 free(errmsg);
8831 goto out_err;
8832 }
8833 rule->cond = cond;
8834 }
8835 else if (*args[cur_arg]) {
8836 Alert("parsing [%s:%d]: 'http-response %s' expects"
8837 " either 'if' or 'unless' followed by a condition but found '%s'.\n",
8838 file, linenum, args[0], args[cur_arg]);
8839 goto out_err;
8840 }
8841
8842 return rule;
8843 out_err:
8844 free(rule);
8845 return NULL;
8846}
8847
Willy Tarreau4baae242012-12-27 12:00:31 +01008848/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008849 * with <err> filled with the error message. If <use_fmt> is not null, builds a
8850 * dynamic log-format rule instead of a static string.
Willy Tarreau4baae242012-12-27 12:00:31 +01008851 */
8852struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008853 const char **args, char **errmsg, int use_fmt)
Willy Tarreau4baae242012-12-27 12:00:31 +01008854{
8855 struct redirect_rule *rule;
8856 int cur_arg;
8857 int type = REDIRECT_TYPE_NONE;
8858 int code = 302;
8859 const char *destination = NULL;
8860 const char *cookie = NULL;
8861 int cookie_set = 0;
8862 unsigned int flags = REDIRECT_FLAG_NONE;
8863 struct acl_cond *cond = NULL;
8864
8865 cur_arg = 0;
8866 while (*(args[cur_arg])) {
8867 if (strcmp(args[cur_arg], "location") == 0) {
8868 if (!*args[cur_arg + 1])
8869 goto missing_arg;
8870
8871 type = REDIRECT_TYPE_LOCATION;
8872 cur_arg++;
8873 destination = args[cur_arg];
8874 }
8875 else if (strcmp(args[cur_arg], "prefix") == 0) {
8876 if (!*args[cur_arg + 1])
8877 goto missing_arg;
8878
8879 type = REDIRECT_TYPE_PREFIX;
8880 cur_arg++;
8881 destination = args[cur_arg];
8882 }
8883 else if (strcmp(args[cur_arg], "scheme") == 0) {
8884 if (!*args[cur_arg + 1])
8885 goto missing_arg;
8886
8887 type = REDIRECT_TYPE_SCHEME;
8888 cur_arg++;
8889 destination = args[cur_arg];
8890 }
8891 else if (strcmp(args[cur_arg], "set-cookie") == 0) {
8892 if (!*args[cur_arg + 1])
8893 goto missing_arg;
8894
8895 cur_arg++;
8896 cookie = args[cur_arg];
8897 cookie_set = 1;
8898 }
8899 else if (strcmp(args[cur_arg], "clear-cookie") == 0) {
8900 if (!*args[cur_arg + 1])
8901 goto missing_arg;
8902
8903 cur_arg++;
8904 cookie = args[cur_arg];
8905 cookie_set = 0;
8906 }
8907 else if (strcmp(args[cur_arg], "code") == 0) {
8908 if (!*args[cur_arg + 1])
8909 goto missing_arg;
8910
8911 cur_arg++;
8912 code = atol(args[cur_arg]);
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008913 if (code < 301 || code > 308 || (code > 303 && code < 307)) {
Willy Tarreau4baae242012-12-27 12:00:31 +01008914 memprintf(errmsg,
Yves Lafon3e8d1ae2013-03-11 11:06:05 -04008915 "'%s': unsupported HTTP code '%s' (must be one of 301, 302, 303, 307 or 308)",
Willy Tarreau4baae242012-12-27 12:00:31 +01008916 args[cur_arg - 1], args[cur_arg]);
8917 return NULL;
8918 }
8919 }
8920 else if (!strcmp(args[cur_arg],"drop-query")) {
8921 flags |= REDIRECT_FLAG_DROP_QS;
8922 }
8923 else if (!strcmp(args[cur_arg],"append-slash")) {
8924 flags |= REDIRECT_FLAG_APPEND_SLASH;
8925 }
8926 else if (strcmp(args[cur_arg], "if") == 0 ||
8927 strcmp(args[cur_arg], "unless") == 0) {
8928 cond = build_acl_cond(file, linenum, curproxy, (const char **)args + cur_arg, errmsg);
8929 if (!cond) {
8930 memprintf(errmsg, "error in condition: %s", *errmsg);
8931 return NULL;
8932 }
8933 break;
8934 }
8935 else {
8936 memprintf(errmsg,
8937 "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
8938 args[cur_arg]);
8939 return NULL;
8940 }
8941 cur_arg++;
8942 }
8943
8944 if (type == REDIRECT_TYPE_NONE) {
8945 memprintf(errmsg, "redirection type expected ('prefix', 'location', or 'scheme')");
8946 return NULL;
8947 }
8948
8949 rule = (struct redirect_rule *)calloc(1, sizeof(*rule));
8950 rule->cond = cond;
Willy Tarreau60e08382013-12-03 00:48:45 +01008951 LIST_INIT(&rule->rdr_fmt);
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008952
8953 if (!use_fmt) {
8954 /* old-style static redirect rule */
8955 rule->rdr_str = strdup(destination);
8956 rule->rdr_len = strlen(destination);
8957 }
8958 else {
8959 /* log-format based redirect rule */
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008960
8961 /* Parse destination. Note that in the REDIRECT_TYPE_PREFIX case,
8962 * if prefix == "/", we don't want to add anything, otherwise it
8963 * makes it hard for the user to configure a self-redirection.
8964 */
8965 proxy->conf.args.ctx = ARGC_RDR;
8966 if (!(type == REDIRECT_TYPE_PREFIX && destination[0] == '/' && destination[1] == '\0')) {
Thierry FOURNIERd048d8b2014-03-13 16:46:18 +01008967 parse_logformat_string(destination, curproxy, &rule->rdr_fmt, LOG_OPT_HTTP,
Thierry FOURNIEReeaa9512014-02-11 14:00:19 +01008968 (curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
8969 file, linenum);
Willy Tarreau59ad1a22014-01-29 14:39:58 +01008970 free(curproxy->conf.lfs_file);
8971 curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
8972 curproxy->conf.lfs_line = curproxy->conf.args.line;
Thierry FOURNIERd18cd0f2013-11-29 12:15:45 +01008973 }
8974 }
8975
Willy Tarreau4baae242012-12-27 12:00:31 +01008976 if (cookie) {
8977 /* depending on cookie_set, either we want to set the cookie, or to clear it.
8978 * a clear consists in appending "; path=/; Max-Age=0;" at the end.
8979 */
8980 rule->cookie_len = strlen(cookie);
8981 if (cookie_set) {
8982 rule->cookie_str = malloc(rule->cookie_len + 10);
8983 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8984 memcpy(rule->cookie_str + rule->cookie_len, "; path=/;", 10);
8985 rule->cookie_len += 9;
8986 } else {
8987 rule->cookie_str = malloc(rule->cookie_len + 21);
8988 memcpy(rule->cookie_str, cookie, rule->cookie_len);
8989 memcpy(rule->cookie_str + rule->cookie_len, "; path=/; Max-Age=0;", 21);
8990 rule->cookie_len += 20;
8991 }
8992 }
8993 rule->type = type;
8994 rule->code = code;
8995 rule->flags = flags;
8996 LIST_INIT(&rule->list);
8997 return rule;
8998
8999 missing_arg:
9000 memprintf(errmsg, "missing argument for '%s'", args[cur_arg]);
9001 return NULL;
9002}
9003
Willy Tarreau8797c062007-05-07 00:55:35 +02009004/************************************************************************/
9005/* The code below is dedicated to ACL parsing and matching */
9006/************************************************************************/
9007
9008
Willy Tarreau14174bc2012-04-16 14:34:04 +02009009/* This function ensures that the prerequisites for an L7 fetch are ready,
9010 * which means that a request or response is ready. If some data is missing,
9011 * a parsing attempt is made. This is useful in TCP-based ACLs which are able
Willy Tarreau24e32d82012-04-23 23:55:44 +02009012 * to extract data from L7. If <req_vol> is non-null during a request prefetch,
9013 * another test is made to ensure the required information is not gone.
Willy Tarreau14174bc2012-04-16 14:34:04 +02009014 *
9015 * The function returns :
Willy Tarreau506d0502013-07-06 13:29:24 +02009016 * 0 with SMP_F_MAY_CHANGE in the sample flags if some data is missing to
9017 * decide whether or not an HTTP message is present ;
9018 * 0 if the requested data cannot be fetched or if it is certain that
9019 * we'll never have any HTTP message there ;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009020 * 1 if an HTTP message is ready
9021 */
9022static int
Willy Tarreau506d0502013-07-06 13:29:24 +02009023smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreau24e32d82012-04-23 23:55:44 +02009024 const struct arg *args, struct sample *smp, int req_vol)
Willy Tarreau14174bc2012-04-16 14:34:04 +02009025{
9026 struct http_txn *txn = l7;
9027 struct http_msg *msg = &txn->req;
9028
9029 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
9030 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
9031 */
9032
9033 if (unlikely(!s || !txn))
9034 return 0;
9035
9036 /* Check for a dependency on a request */
Willy Tarreauf853c462012-04-23 18:53:56 +02009037 smp->type = SMP_T_BOOL;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009038
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009039 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02009040 if (unlikely(!s->req))
9041 return 0;
9042
Willy Tarreauaae75e32013-03-29 12:31:49 +01009043 /* If the buffer does not leave enough free space at the end,
9044 * we must first realign it.
9045 */
9046 if (s->req->buf->p > s->req->buf->data &&
9047 s->req->buf->i + s->req->buf->p > s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)
9048 buffer_slow_realign(s->req->buf);
9049
Willy Tarreau14174bc2012-04-16 14:34:04 +02009050 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
Willy Tarreau472b1ee2013-10-14 22:41:30 +02009051 if (msg->msg_state == HTTP_MSG_ERROR)
Willy Tarreau506d0502013-07-06 13:29:24 +02009052 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009053
9054 /* Try to decode HTTP request */
Willy Tarreau9b28e032012-10-12 23:49:43 +02009055 if (likely(msg->next < s->req->buf->i))
Willy Tarreau14174bc2012-04-16 14:34:04 +02009056 http_msg_analyzer(msg, &txn->hdr_idx);
9057
9058 /* Still no valid request ? */
9059 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau3bf1b2b2012-08-27 20:46:07 +02009060 if ((msg->msg_state == HTTP_MSG_ERROR) ||
Willy Tarreau9b28e032012-10-12 23:49:43 +02009061 buffer_full(s->req->buf, global.tune.maxrewrite)) {
Willy Tarreau506d0502013-07-06 13:29:24 +02009062 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009063 }
9064 /* wait for final state */
Willy Tarreau37406352012-04-23 16:16:37 +02009065 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009066 return 0;
9067 }
9068
9069 /* OK we just got a valid HTTP request. We have some minor
9070 * preparation to perform so that further checks can rely
9071 * on HTTP tests.
9072 */
Willy Tarreauaae75e32013-03-29 12:31:49 +01009073
9074 /* If the request was parsed but was too large, we must absolutely
9075 * return an error so that it is not processed. At the moment this
9076 * cannot happen, but if the parsers are to change in the future,
9077 * we want this check to be maintained.
9078 */
9079 if (unlikely(s->req->buf->i + s->req->buf->p >
9080 s->req->buf->data + s->req->buf->size - global.tune.maxrewrite)) {
9081 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau506d0502013-07-06 13:29:24 +02009082 smp->data.uint = 1;
Willy Tarreauaae75e32013-03-29 12:31:49 +01009083 return 1;
9084 }
9085
Willy Tarreau9b28e032012-10-12 23:49:43 +02009086 txn->meth = find_http_meth(msg->chn->buf->p, msg->sl.rq.m_l);
Willy Tarreau14174bc2012-04-16 14:34:04 +02009087 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
9088 s->flags |= SN_REDIRECTABLE;
9089
Willy Tarreau506d0502013-07-06 13:29:24 +02009090 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(txn))
9091 return 0;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009092 }
9093
Willy Tarreau506d0502013-07-06 13:29:24 +02009094 if (req_vol && txn->rsp.msg_state != HTTP_MSG_RPBEFORE) {
Willy Tarreau14174bc2012-04-16 14:34:04 +02009095 return 0; /* data might have moved and indexes changed */
Willy Tarreau506d0502013-07-06 13:29:24 +02009096 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02009097
9098 /* otherwise everything's ready for the request */
9099 }
Willy Tarreau24e32d82012-04-23 23:55:44 +02009100 else {
9101 /* Check for a dependency on a response */
Willy Tarreau506d0502013-07-06 13:29:24 +02009102 if (txn->rsp.msg_state < HTTP_MSG_BODY) {
9103 smp->flags |= SMP_F_MAY_CHANGE;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009104 return 0;
Willy Tarreau506d0502013-07-06 13:29:24 +02009105 }
Willy Tarreau14174bc2012-04-16 14:34:04 +02009106 }
9107
9108 /* everything's OK */
Willy Tarreau506d0502013-07-06 13:29:24 +02009109 smp->data.uint = 1;
Willy Tarreau14174bc2012-04-16 14:34:04 +02009110 return 1;
9111}
Willy Tarreau8797c062007-05-07 00:55:35 +02009112
Willy Tarreauc0239e02012-04-16 14:42:55 +02009113#define CHECK_HTTP_MESSAGE_FIRST() \
Willy Tarreau506d0502013-07-06 13:29:24 +02009114 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
Willy Tarreauc0239e02012-04-16 14:42:55 +02009115
Willy Tarreau24e32d82012-04-23 23:55:44 +02009116#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
Willy Tarreau506d0502013-07-06 13:29:24 +02009117 do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
Willy Tarreau24e32d82012-04-23 23:55:44 +02009118
Willy Tarreau8797c062007-05-07 00:55:35 +02009119
9120/* 1. Check on METHOD
9121 * We use the pre-parsed method if it is known, and store its number as an
9122 * integer. If it is unknown, we use the pointer and the length.
9123 */
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009124static int pat_parse_meth(const char *text, struct pattern *pattern, char **err)
Willy Tarreau8797c062007-05-07 00:55:35 +02009125{
9126 int len, meth;
Thierry FOURNIER0b2fe4a2013-12-06 20:33:50 +01009127 struct chunk *trash;
Willy Tarreau8797c062007-05-07 00:55:35 +02009128
Thierry FOURNIER580c32c2014-01-24 10:58:12 +01009129 len = strlen(text);
9130 meth = find_http_meth(text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02009131
9132 pattern->val.i = meth;
9133 if (meth == HTTP_METH_OTHER) {
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009134 trash = get_trash_chunk();
9135 if (trash->size < len) {
9136 memprintf(err, "no space avalaible in the buffer. expect %d, provides %d",
9137 len, trash->size);
9138 return 0;
Thierry FOURNIER0b2fe4a2013-12-06 20:33:50 +01009139 }
Thierry FOURNIERedc15c32013-12-13 15:36:59 +01009140 pattern->ptr.str = trash->str;
Willy Tarreau8797c062007-05-07 00:55:35 +02009141 pattern->len = len;
9142 }
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009143 else {
9144 pattern->ptr.str = NULL;
9145 pattern->len = 0;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009146 }
Willy Tarreau8797c062007-05-07 00:55:35 +02009147 return 1;
9148}
9149
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009150/* This function fetches the method of current HTTP request and stores
9151 * it in the global pattern struct as a chunk. There are two possibilities :
9152 * - if the method is known (not HTTP_METH_OTHER), its identifier is stored
9153 * in <len> and <ptr> is NULL ;
9154 * - if the method is unknown (HTTP_METH_OTHER), <ptr> points to the text and
9155 * <len> to its length.
Thierry FOURNIERa65b3432013-11-28 18:22:00 +01009156 * This is intended to be used with pat_match_meth() only.
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009157 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009158static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009159smp_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009160 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009161{
9162 int meth;
9163 struct http_txn *txn = l7;
9164
Willy Tarreau24e32d82012-04-23 23:55:44 +02009165 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009166
Willy Tarreau8797c062007-05-07 00:55:35 +02009167 meth = txn->meth;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009168 smp->type = SMP_T_METH;
9169 smp->data.meth.meth = meth;
Willy Tarreau8797c062007-05-07 00:55:35 +02009170 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02009171 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
9172 /* ensure the indexes are not affected */
9173 return 0;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009174 smp->flags |= SMP_F_CONST;
Thierry FOURNIERd4373142013-12-17 01:10:10 +01009175 smp->data.meth.str.len = txn->req.sl.rq.m_l;
9176 smp->data.meth.str.str = txn->req.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009177 }
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009178 smp->flags |= SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009179 return 1;
9180}
9181
Willy Tarreau8e5e9552011-12-16 15:38:49 +01009182/* See above how the method is stored in the global pattern */
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009183static struct pattern *pat_match_meth(struct sample *smp, struct pattern_expr *expr, int fill)
Willy Tarreau8797c062007-05-07 00:55:35 +02009184{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009185 int icase;
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009186 struct pattern_list *lst;
9187 struct pattern *pattern;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009188
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009189 list_for_each_entry(lst, &expr->patterns, list) {
9190 pattern = &lst->pat;
Willy Tarreau8797c062007-05-07 00:55:35 +02009191
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009192 /* well-known method */
9193 if (pattern->val.i != HTTP_METH_OTHER) {
9194 if (smp->data.meth.meth == pattern->val.i)
9195 return pattern;
9196 else
9197 continue;
9198 }
Willy Tarreauc8d7c962007-06-17 08:20:33 +02009199
Thierry FOURNIER5338eea2013-12-16 14:22:13 +01009200 /* Other method, we must compare the strings */
9201 if (pattern->len != smp->data.meth.str.len)
9202 continue;
9203
9204 icase = pattern->flags & PAT_F_IGNORE_CASE;
9205 if ((icase && strncasecmp(pattern->ptr.str, smp->data.meth.str.str, smp->data.meth.str.len) != 0) ||
9206 (!icase && strncmp(pattern->ptr.str, smp->data.meth.str.str, smp->data.meth.str.len) != 0))
9207 return pattern;
9208 }
9209 return NULL;
Willy Tarreau8797c062007-05-07 00:55:35 +02009210}
9211
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009212static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009213smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009214 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009215{
9216 struct http_txn *txn = l7;
9217 char *ptr;
9218 int len;
9219
Willy Tarreauc0239e02012-04-16 14:42:55 +02009220 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009221
Willy Tarreau8797c062007-05-07 00:55:35 +02009222 len = txn->req.sl.rq.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009223 ptr = txn->req.chn->buf->p + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02009224
9225 while ((len-- > 0) && (*ptr++ != '/'));
9226 if (len <= 0)
9227 return 0;
9228
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009229 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009230 smp->data.str.str = ptr;
9231 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009232
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009233 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009234 return 1;
9235}
9236
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009237static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009238smp_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009239 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009240{
9241 struct http_txn *txn = l7;
9242 char *ptr;
9243 int len;
9244
Willy Tarreauc0239e02012-04-16 14:42:55 +02009245 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009246
Willy Tarreauf26b2522012-12-14 08:33:14 +01009247 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9248 return 0;
9249
Willy Tarreau8797c062007-05-07 00:55:35 +02009250 len = txn->rsp.sl.st.v_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009251 ptr = txn->rsp.chn->buf->p;
Willy Tarreau8797c062007-05-07 00:55:35 +02009252
9253 while ((len-- > 0) && (*ptr++ != '/'));
9254 if (len <= 0)
9255 return 0;
9256
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009257 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009258 smp->data.str.str = ptr;
9259 smp->data.str.len = len;
Willy Tarreau8797c062007-05-07 00:55:35 +02009260
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009261 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009262 return 1;
9263}
9264
9265/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009266static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009267smp_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009268 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009269{
9270 struct http_txn *txn = l7;
9271 char *ptr;
9272 int len;
9273
Willy Tarreauc0239e02012-04-16 14:42:55 +02009274 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009275
Willy Tarreauf26b2522012-12-14 08:33:14 +01009276 if (txn->rsp.msg_state < HTTP_MSG_BODY)
9277 return 0;
9278
Willy Tarreau8797c062007-05-07 00:55:35 +02009279 len = txn->rsp.sl.st.c_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009280 ptr = txn->rsp.chn->buf->p + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02009281
Willy Tarreauf853c462012-04-23 18:53:56 +02009282 smp->type = SMP_T_UINT;
9283 smp->data.uint = __strl2ui(ptr, len);
Willy Tarreau37406352012-04-23 16:16:37 +02009284 smp->flags = SMP_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009285 return 1;
9286}
9287
9288/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02009289static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009290smp_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009291 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8797c062007-05-07 00:55:35 +02009292{
9293 struct http_txn *txn = l7;
9294
Willy Tarreauc0239e02012-04-16 14:42:55 +02009295 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009296
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009297 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009298 smp->data.str.len = txn->req.sl.rq.u_l;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009299 smp->data.str.str = txn->req.chn->buf->p + txn->req.sl.rq.u;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009300 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau8797c062007-05-07 00:55:35 +02009301 return 1;
9302}
9303
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009304static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009305smp_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009306 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009307{
9308 struct http_txn *txn = l7;
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009309 struct sockaddr_storage addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009310
Willy Tarreauc0239e02012-04-16 14:42:55 +02009311 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009312
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01009313 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &addr, NULL);
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009314 if (((struct sockaddr_in *)&addr)->sin_family != AF_INET)
Willy Tarreauf4362b32011-12-16 17:49:52 +01009315 return 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009316
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009317 smp->type = SMP_T_IPV4;
9318 smp->data.ipv4 = ((struct sockaddr_in *)&addr)->sin_addr;
Willy Tarreau37406352012-04-23 16:16:37 +02009319 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009320 return 1;
9321}
9322
9323static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009324smp_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009325 const struct arg *args, struct sample *smp, const char *kw)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009326{
9327 struct http_txn *txn = l7;
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009328 struct sockaddr_storage addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009329
Willy Tarreauc0239e02012-04-16 14:42:55 +02009330 CHECK_HTTP_MESSAGE_FIRST();
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009331
Thierry FOURNIER9f95e402014-03-21 14:51:46 +01009332 url2sa(txn->req.chn->buf->p + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &addr, NULL);
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009333 if (((struct sockaddr_in *)&addr)->sin_family != AF_INET)
9334 return 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009335
Willy Tarreau4c804ec2013-09-30 14:37:14 +02009336 smp->type = SMP_T_UINT;
9337 smp->data.uint = ntohs(((struct sockaddr_in *)&addr)->sin_port);
Willy Tarreau21e5b0e2012-04-23 19:25:44 +02009338 smp->flags = 0;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01009339 return 1;
9340}
9341
Willy Tarreau185b5c42012-04-26 15:11:51 +02009342/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9343 * Accepts an optional argument of type string containing the header field name,
9344 * and an optional argument of type signed or unsigned integer to request an
9345 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009346 * headers are considered from the first one. It does not stop on commas and
9347 * returns full lines instead (useful for User-Agent or Date for example).
9348 */
9349static int
9350smp_fetch_fhdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009351 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009352{
9353 struct http_txn *txn = l7;
9354 struct hdr_idx *idx = &txn->hdr_idx;
9355 struct hdr_ctx *ctx = smp->ctx.a[0];
9356 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9357 int occ = 0;
9358 const char *name_str = NULL;
9359 int name_len = 0;
9360
9361 if (!ctx) {
9362 /* first call */
9363 ctx = &static_hdr_ctx;
9364 ctx->idx = 0;
9365 smp->ctx.a[0] = ctx;
9366 }
9367
9368 if (args) {
9369 if (args[0].type != ARGT_STR)
9370 return 0;
9371 name_str = args[0].data.str.str;
9372 name_len = args[0].data.str.len;
9373
9374 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9375 occ = args[1].data.uint;
9376 }
9377
9378 CHECK_HTTP_MESSAGE_FIRST();
9379
9380 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
9381 /* search for header from the beginning */
9382 ctx->idx = 0;
9383
9384 if (!occ && !(opt & SMP_OPT_ITERATE))
9385 /* no explicit occurrence and single fetch => last header by default */
9386 occ = -1;
9387
9388 if (!occ)
9389 /* prepare to report multiple occurrences for ACL fetches */
9390 smp->flags |= SMP_F_NOT_LAST;
9391
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009392 smp->type = SMP_T_STR;
9393 smp->flags |= SMP_F_VOL_HDR | SMP_F_CONST;
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009394 if (http_get_fhdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
9395 return 1;
9396
9397 smp->flags &= ~SMP_F_NOT_LAST;
9398 return 0;
9399}
9400
9401/* 6. Check on HTTP header count. The number of occurrences is returned.
9402 * Accepts exactly 1 argument of type string. It does not stop on commas and
9403 * returns full lines instead (useful for User-Agent or Date for example).
9404 */
9405static int
9406smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009407 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04ff9f12013-06-10 18:39:42 +02009408{
9409 struct http_txn *txn = l7;
9410 struct hdr_idx *idx = &txn->hdr_idx;
9411 struct hdr_ctx ctx;
9412 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
9413 int cnt;
9414
9415 if (!args || args->type != ARGT_STR)
9416 return 0;
9417
9418 CHECK_HTTP_MESSAGE_FIRST();
9419
9420 ctx.idx = 0;
9421 cnt = 0;
9422 while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
9423 cnt++;
9424
9425 smp->type = SMP_T_UINT;
9426 smp->data.uint = cnt;
9427 smp->flags = SMP_F_VOL_HDR;
9428 return 1;
9429}
9430
9431/* Fetch an HTTP header. A pointer to the beginning of the value is returned.
9432 * Accepts an optional argument of type string containing the header field name,
9433 * and an optional argument of type signed or unsigned integer to request an
9434 * explicit occurrence of the header. Note that in the event of a missing name,
Willy Tarreau185b5c42012-04-26 15:11:51 +02009435 * headers are considered from the first one.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009436 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02009437static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009438smp_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009439 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009440{
9441 struct http_txn *txn = l7;
9442 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009443 struct hdr_ctx *ctx = smp->ctx.a[0];
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009444 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009445 int occ = 0;
9446 const char *name_str = NULL;
9447 int name_len = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009448
Willy Tarreaua890d072013-04-02 12:01:06 +02009449 if (!ctx) {
9450 /* first call */
9451 ctx = &static_hdr_ctx;
9452 ctx->idx = 0;
Willy Tarreauffb6f082013-04-02 23:16:53 +02009453 smp->ctx.a[0] = ctx;
Willy Tarreaua890d072013-04-02 12:01:06 +02009454 }
9455
Willy Tarreau185b5c42012-04-26 15:11:51 +02009456 if (args) {
9457 if (args[0].type != ARGT_STR)
9458 return 0;
9459 name_str = args[0].data.str.str;
9460 name_len = args[0].data.str.len;
9461
9462 if (args[1].type == ARGT_UINT || args[1].type == ARGT_SINT)
9463 occ = args[1].data.uint;
9464 }
Willy Tarreau34db1082012-04-19 17:16:54 +02009465
Willy Tarreaue333ec92012-04-16 16:26:40 +02009466 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau33a7e692007-06-10 19:45:56 +02009467
Willy Tarreau185b5c42012-04-26 15:11:51 +02009468 if (ctx && !(smp->flags & SMP_F_NOT_LAST))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009469 /* search for header from the beginning */
9470 ctx->idx = 0;
9471
Willy Tarreau185b5c42012-04-26 15:11:51 +02009472 if (!occ && !(opt & SMP_OPT_ITERATE))
9473 /* no explicit occurrence and single fetch => last header by default */
9474 occ = -1;
9475
9476 if (!occ)
9477 /* prepare to report multiple occurrences for ACL fetches */
Willy Tarreau37406352012-04-23 16:16:37 +02009478 smp->flags |= SMP_F_NOT_LAST;
Willy Tarreau664092c2011-12-16 19:11:42 +01009479
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009480 smp->type = SMP_T_STR;
9481 smp->flags |= SMP_F_VOL_HDR | SMP_F_CONST;
Willy Tarreau185b5c42012-04-26 15:11:51 +02009482 if (http_get_hdr(msg, name_str, name_len, idx, occ, ctx, &smp->data.str.str, &smp->data.str.len))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009483 return 1;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009484
Willy Tarreau37406352012-04-23 16:16:37 +02009485 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009486 return 0;
9487}
9488
Willy Tarreauc11416f2007-06-17 16:58:38 +02009489/* 6. Check on HTTP header count. The number of occurrences is returned.
Willy Tarreau34db1082012-04-19 17:16:54 +02009490 * Accepts exactly 1 argument of type string.
Willy Tarreauc11416f2007-06-17 16:58:38 +02009491 */
9492static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009493smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009494 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009495{
9496 struct http_txn *txn = l7;
9497 struct hdr_idx *idx = &txn->hdr_idx;
9498 struct hdr_ctx ctx;
Willy Tarreau32a6f2e2012-04-25 10:13:36 +02009499 const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009500 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02009501
Willy Tarreau24e32d82012-04-23 23:55:44 +02009502 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009503 return 0;
9504
Willy Tarreaue333ec92012-04-16 16:26:40 +02009505 CHECK_HTTP_MESSAGE_FIRST();
9506
Willy Tarreau33a7e692007-06-10 19:45:56 +02009507 ctx.idx = 0;
9508 cnt = 0;
Willy Tarreau9b28e032012-10-12 23:49:43 +02009509 while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
Willy Tarreau33a7e692007-06-10 19:45:56 +02009510 cnt++;
9511
Willy Tarreauf853c462012-04-23 18:53:56 +02009512 smp->type = SMP_T_UINT;
9513 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +02009514 smp->flags = SMP_F_VOL_HDR;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009515 return 1;
9516}
9517
Willy Tarreau185b5c42012-04-26 15:11:51 +02009518/* Fetch an HTTP header's integer value. The integer value is returned. It
9519 * takes a mandatory argument of type string and an optional one of type int
9520 * to designate a specific occurrence. It returns an unsigned integer, which
9521 * may or may not be appropriate for everything.
Willy Tarreau33a7e692007-06-10 19:45:56 +02009522 */
9523static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009524smp_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009525 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau33a7e692007-06-10 19:45:56 +02009526{
Willy Tarreauef38c392013-07-22 16:29:32 +02009527 int ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw);
Willy Tarreaue333ec92012-04-16 16:26:40 +02009528
Willy Tarreauf853c462012-04-23 18:53:56 +02009529 if (ret > 0) {
9530 smp->type = SMP_T_UINT;
9531 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
9532 }
Willy Tarreau33a7e692007-06-10 19:45:56 +02009533
Willy Tarreaud53e2422012-04-16 17:21:11 +02009534 return ret;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009535}
9536
Cyril Bonté69fa9922012-10-25 00:01:06 +02009537/* Fetch an HTTP header's IP value. takes a mandatory argument of type string
9538 * and an optional one of type int to designate a specific occurrence.
9539 * It returns an IPv4 or IPv6 address.
Willy Tarreau106f9792009-09-19 07:54:16 +02009540 */
9541static int
Willy Tarreau185b5c42012-04-26 15:11:51 +02009542smp_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009543 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau106f9792009-09-19 07:54:16 +02009544{
Willy Tarreaud53e2422012-04-16 17:21:11 +02009545 int ret;
Willy Tarreaue333ec92012-04-16 16:26:40 +02009546
Willy Tarreauef38c392013-07-22 16:29:32 +02009547 while ((ret = smp_fetch_hdr(px, l4, l7, opt, args, smp, kw)) > 0) {
Cyril Bonté69fa9922012-10-25 00:01:06 +02009548 if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) {
9549 smp->type = SMP_T_IPV4;
Willy Tarreaud53e2422012-04-16 17:21:11 +02009550 break;
Cyril Bonté69fa9922012-10-25 00:01:06 +02009551 } else {
Willy Tarreau47ca5452012-12-23 20:22:19 +01009552 struct chunk *temp = get_trash_chunk();
Cyril Bonté69fa9922012-10-25 00:01:06 +02009553 if (smp->data.str.len < temp->size - 1) {
9554 memcpy(temp->str, smp->data.str.str, smp->data.str.len);
9555 temp->str[smp->data.str.len] = '\0';
9556 if (inet_pton(AF_INET6, temp->str, &smp->data.ipv6)) {
9557 smp->type = SMP_T_IPV6;
9558 break;
9559 }
9560 }
9561 }
9562
Willy Tarreaud53e2422012-04-16 17:21:11 +02009563 /* if the header doesn't match an IP address, fetch next one */
Willy Tarreau185b5c42012-04-26 15:11:51 +02009564 if (!(smp->flags & SMP_F_NOT_LAST))
9565 return 0;
Willy Tarreau106f9792009-09-19 07:54:16 +02009566 }
Willy Tarreaud53e2422012-04-16 17:21:11 +02009567 return ret;
Willy Tarreau106f9792009-09-19 07:54:16 +02009568}
9569
Willy Tarreau737b0c12007-06-10 21:28:46 +02009570/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
9571 * the first '/' after the possible hostname, and ends before the possible '?'.
9572 */
9573static int
Willy Tarreau6812bcf2012-04-29 09:28:50 +02009574smp_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009575 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009576{
9577 struct http_txn *txn = l7;
9578 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02009579
Willy Tarreauc0239e02012-04-16 14:42:55 +02009580 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreauc11416f2007-06-17 16:58:38 +02009581
Willy Tarreau9b28e032012-10-12 23:49:43 +02009582 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01009583 ptr = http_get_path(txn);
9584 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02009585 return 0;
9586
9587 /* OK, we got the '/' ! */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009588 smp->type = SMP_T_STR;
Willy Tarreauf853c462012-04-23 18:53:56 +02009589 smp->data.str.str = ptr;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009590
9591 while (ptr < end && *ptr != '?')
9592 ptr++;
9593
Willy Tarreauf853c462012-04-23 18:53:56 +02009594 smp->data.str.len = ptr - smp->data.str.str;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009595 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
Willy Tarreau737b0c12007-06-10 21:28:46 +02009596 return 1;
9597}
9598
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009599/* This produces a concatenation of the first occurrence of the Host header
9600 * followed by the path component if it begins with a slash ('/'). This means
9601 * that '*' will not be added, resulting in exactly the first Host entry.
9602 * If no Host header is found, then the path is returned as-is. The returned
9603 * value is stored in the trash so it does not need to be marked constant.
Willy Tarreaub169eba2013-12-16 15:14:43 +01009604 * The returned sample is of type string.
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009605 */
9606static int
9607smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009608 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009609{
9610 struct http_txn *txn = l7;
9611 char *ptr, *end, *beg;
9612 struct hdr_ctx ctx;
9613
9614 CHECK_HTTP_MESSAGE_FIRST();
9615
9616 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +02009617 if (!http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx) || !ctx.vlen)
Willy Tarreauef38c392013-07-22 16:29:32 +02009618 return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009619
9620 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009621 memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009622 smp->type = SMP_T_STR;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01009623 smp->data.str.str = trash.str;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009624 smp->data.str.len = ctx.vlen;
9625
9626 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +02009627 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreaua7ad50c2012-04-29 15:39:40 +02009628 beg = http_get_path(txn);
9629 if (!beg)
9630 beg = end;
9631
9632 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9633
9634 if (beg < ptr && *beg == '/') {
9635 memcpy(smp->data.str.str + smp->data.str.len, beg, ptr - beg);
9636 smp->data.str.len += ptr - beg;
9637 }
9638
9639 smp->flags = SMP_F_VOL_1ST;
9640 return 1;
9641}
9642
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009643/* This produces a 32-bit hash of the concatenation of the first occurrence of
9644 * the Host header followed by the path component if it begins with a slash ('/').
9645 * This means that '*' will not be added, resulting in exactly the first Host
9646 * entry. If no Host header is found, then the path is used. The resulting value
Neil - HAProxy List39c63c52013-11-04 13:48:42 +00009647 * is hashed using the path hash followed by a full avalanche hash and provides a
9648 * 32-bit integer value. This fetch is useful for tracking per-path activity on
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009649 * high-traffic sites without having to store whole paths.
9650 */
9651static int
9652smp_fetch_base32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009653 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009654{
9655 struct http_txn *txn = l7;
9656 struct hdr_ctx ctx;
9657 unsigned int hash = 0;
9658 char *ptr, *beg, *end;
9659 int len;
9660
9661 CHECK_HTTP_MESSAGE_FIRST();
9662
9663 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +02009664 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009665 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
9666 ptr = ctx.line + ctx.val;
9667 len = ctx.vlen;
9668 while (len--)
9669 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
9670 }
9671
9672 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +02009673 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreauab1f7b72012-12-09 13:38:54 +01009674 beg = http_get_path(txn);
9675 if (!beg)
9676 beg = end;
9677
9678 for (ptr = beg; ptr < end && *ptr != '?'; ptr++);
9679
9680 if (beg < ptr && *beg == '/') {
9681 while (beg < ptr)
9682 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
9683 }
9684 hash = full_hash(hash);
9685
9686 smp->type = SMP_T_UINT;
9687 smp->data.uint = hash;
9688 smp->flags = SMP_F_VOL_1ST;
9689 return 1;
9690}
9691
Willy Tarreau4a550602012-12-09 14:53:32 +01009692/* This concatenates the source address with the 32-bit hash of the Host and
Neil - HAProxy List39c63c52013-11-04 13:48:42 +00009693 * path as returned by smp_fetch_base32(). The idea is to have per-source and
9694 * per-path counters. The result is a binary block from 8 to 20 bytes depending
9695 * on the source address length. The path hash is stored before the address so
Willy Tarreau4a550602012-12-09 14:53:32 +01009696 * that in environments where IPv6 is insignificant, truncating the output to
9697 * 8 bytes would still work.
9698 */
9699static int
9700smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009701 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a550602012-12-09 14:53:32 +01009702{
Willy Tarreau47ca5452012-12-23 20:22:19 +01009703 struct chunk *temp;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02009704 struct connection *cli_conn = objt_conn(l4->si[0].end);
9705
9706 if (!cli_conn)
9707 return 0;
Willy Tarreau4a550602012-12-09 14:53:32 +01009708
Willy Tarreauef38c392013-07-22 16:29:32 +02009709 if (!smp_fetch_base32(px, l4, l7, opt, args, smp, kw))
Willy Tarreau4a550602012-12-09 14:53:32 +01009710 return 0;
9711
Willy Tarreau47ca5452012-12-23 20:22:19 +01009712 temp = get_trash_chunk();
Willy Tarreau4a550602012-12-09 14:53:32 +01009713 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
9714 temp->len += sizeof(smp->data.uint);
9715
Willy Tarreaub363a1f2013-10-01 10:45:07 +02009716 switch (cli_conn->addr.from.ss_family) {
Willy Tarreau4a550602012-12-09 14:53:32 +01009717 case AF_INET:
Willy Tarreaub363a1f2013-10-01 10:45:07 +02009718 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr, 4);
Willy Tarreau4a550602012-12-09 14:53:32 +01009719 temp->len += 4;
9720 break;
9721 case AF_INET6:
Willy Tarreaub363a1f2013-10-01 10:45:07 +02009722 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, 16);
Willy Tarreau4a550602012-12-09 14:53:32 +01009723 temp->len += 16;
9724 break;
9725 default:
9726 return 0;
9727 }
9728
9729 smp->data.str = *temp;
9730 smp->type = SMP_T_BIN;
9731 return 1;
9732}
9733
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009734static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009735smp_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009736 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009737{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009738 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
9739 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
9740 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009741
Willy Tarreau24e32d82012-04-23 23:55:44 +02009742 CHECK_HTTP_MESSAGE_FIRST_PERM();
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009743
Willy Tarreauf853c462012-04-23 18:53:56 +02009744 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009745 smp->data.uint = 1;
Willy Tarreau2492d5b2009-07-11 00:06:00 +02009746 return 1;
9747}
9748
Willy Tarreau7f18e522010-10-22 20:04:13 +02009749/* return a valid test if the current request is the first one on the connection */
9750static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009751smp_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009752 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7f18e522010-10-22 20:04:13 +02009753{
9754 if (!s)
9755 return 0;
9756
Willy Tarreauf853c462012-04-23 18:53:56 +02009757 smp->type = SMP_T_BOOL;
Willy Tarreau197e10a2012-04-23 19:18:42 +02009758 smp->data.uint = !(s->txn.flags & TX_NOT_FIRST);
Willy Tarreau7f18e522010-10-22 20:04:13 +02009759 return 1;
9760}
9761
Willy Tarreau34db1082012-04-19 17:16:54 +02009762/* Accepts exactly 1 argument of type userlist */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009763static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009764smp_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009765 const struct arg *args, struct sample *smp, const char *kw)
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009766{
9767
Willy Tarreau24e32d82012-04-23 23:55:44 +02009768 if (!args || args->type != ARGT_USR)
Willy Tarreau34db1082012-04-19 17:16:54 +02009769 return 0;
9770
Willy Tarreauc0239e02012-04-16 14:42:55 +02009771 CHECK_HTTP_MESSAGE_FIRST();
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009772
Willy Tarreauc0239e02012-04-16 14:42:55 +02009773 if (!get_http_auth(l4))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009774 return 0;
9775
Willy Tarreauf853c462012-04-23 18:53:56 +02009776 smp->type = SMP_T_BOOL;
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01009777 smp->data.uint = check_user(args->data.usr, l4->txn.auth.user, l4->txn.auth.pass);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01009778 return 1;
9779}
Willy Tarreau8797c062007-05-07 00:55:35 +02009780
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009781/* Accepts exactly 1 argument of type userlist */
9782static int
Willy Tarreau409bcde2013-01-08 00:31:00 +01009783smp_fetch_http_auth_grp(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02009784 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009785{
9786
9787 if (!args || args->type != ARGT_USR)
9788 return 0;
9789
9790 CHECK_HTTP_MESSAGE_FIRST();
9791
9792 if (!get_http_auth(l4))
9793 return 0;
9794
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009795 /* if the user does not belong to the userlist or has a wrong password,
9796 * report that it unconditionally does not match. Otherwise we return
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01009797 * a string containing the username.
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009798 */
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01009799 if (!check_user(args->data.usr, l4->txn.auth.user, l4->txn.auth.pass))
9800 return 0;
9801
9802 /* pat_match_auth() will need the user list */
9803 smp->ctx.a[0] = args->data.usr;
9804
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009805 smp->type = SMP_T_STR;
9806 smp->flags = SMP_F_CONST;
Thierry FOURNIER9eec0a62014-01-22 18:38:02 +01009807 smp->data.str.str = l4->txn.auth.user;
9808 smp->data.str.len = strlen(l4->txn.auth.user);
Willy Tarreau4a3fd4c2012-05-10 23:18:26 +02009809
9810 return 1;
9811}
9812
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009813/* Try to find the next occurrence of a cookie name in a cookie header value.
9814 * The lookup begins at <hdr>. The pointer and size of the next occurrence of
9815 * the cookie value is returned into *value and *value_l, and the function
9816 * returns a pointer to the next pointer to search from if the value was found.
9817 * Otherwise if the cookie was not found, NULL is returned and neither value
9818 * nor value_l are touched. The input <hdr> string should first point to the
9819 * header's value, and the <hdr_end> pointer must point to the first character
9820 * not part of the value. <list> must be non-zero if value may represent a list
9821 * of values (cookie headers). This makes it faster to abort parsing when no
9822 * list is expected.
9823 */
9824static char *
9825extract_cookie_value(char *hdr, const char *hdr_end,
9826 char *cookie_name, size_t cookie_name_l, int list,
Willy Tarreau3fb818c2012-04-11 17:21:08 +02009827 char **value, int *value_l)
Willy Tarreau04aa6a92012-04-06 18:57:55 +02009828{
9829 char *equal, *att_end, *att_beg, *val_beg, *val_end;
9830 char *next;
9831
9832 /* we search at least a cookie name followed by an equal, and more
9833 * generally something like this :
9834 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
9835 */
9836 for (att_beg = hdr; att_beg + cookie_name_l + 1 < hdr_end; att_beg = next + 1) {
9837 /* Iterate through all cookies on this line */
9838
9839 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
9840 att_beg++;
9841
9842 /* find att_end : this is the first character after the last non
9843 * space before the equal. It may be equal to hdr_end.
9844 */
9845 equal = att_end = att_beg;
9846
9847 while (equal < hdr_end) {
9848 if (*equal == '=' || *equal == ';' || (list && *equal == ','))
9849 break;
9850 if (http_is_spht[(unsigned char)*equal++])
9851 continue;
9852 att_end = equal;
9853 }
9854
9855 /* here, <equal> points to '=', a delimitor or the end. <att_end>
9856 * is between <att_beg> and <equal>, both may be identical.
9857 */
9858
9859 /* look for end of cookie if there is an equal sign */
9860 if (equal < hdr_end && *equal == '=') {
9861 /* look for the beginning of the value */
9862 val_beg = equal + 1;
9863 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
9864 val_beg++;
9865
9866 /* find the end of the value, respecting quotes */
9867 next = find_cookie_value_end(val_beg, hdr_end);
9868
9869 /* make val_end point to the first white space or delimitor after the value */
9870 val_end = next;
9871 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
9872 val_end--;
9873 } else {
9874 val_beg = val_end = next = equal;
9875 }
9876
9877 /* We have nothing to do with attributes beginning with '$'. However,
9878 * they will automatically be removed if a header before them is removed,
9879 * since they're supposed to be linked together.
9880 */
9881 if (*att_beg == '$')
9882 continue;
9883
9884 /* Ignore cookies with no equal sign */
9885 if (equal == next)
9886 continue;
9887
9888 /* Now we have the cookie name between att_beg and att_end, and
9889 * its value between val_beg and val_end.
9890 */
9891
9892 if (att_end - att_beg == cookie_name_l &&
9893 memcmp(att_beg, cookie_name, cookie_name_l) == 0) {
9894 /* let's return this value and indicate where to go on from */
9895 *value = val_beg;
9896 *value_l = val_end - val_beg;
9897 return next + 1;
9898 }
9899
9900 /* Set-Cookie headers only have the name in the first attr=value part */
9901 if (!list)
9902 break;
9903 }
9904
9905 return NULL;
9906}
9907
William Lallemanda43ba4e2014-01-28 18:14:25 +01009908/* Fetch a captured HTTP request header. The index is the position of
9909 * the "capture" option in the configuration file
9910 */
9911static int
9912smp_fetch_capture_header_req(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
9913 const struct arg *args, struct sample *smp, const char *kw)
9914{
9915 struct proxy *fe = l4->fe;
9916 struct http_txn *txn = l7;
9917 int idx;
9918
9919 if (!args || args->type != ARGT_UINT)
9920 return 0;
9921
9922 idx = args->data.uint;
9923
9924 if (idx > (fe->nb_req_cap - 1) || txn->req.cap == NULL || txn->req.cap[idx] == NULL)
9925 return 0;
9926
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009927 smp->type = SMP_T_STR;
9928 smp->flags |= SMP_F_CONST;
William Lallemanda43ba4e2014-01-28 18:14:25 +01009929 smp->data.str.str = txn->req.cap[idx];
9930 smp->data.str.len = strlen(txn->req.cap[idx]);
9931
9932 return 1;
9933}
9934
9935/* Fetch a captured HTTP response header. The index is the position of
9936 * the "capture" option in the configuration file
9937 */
9938static int
9939smp_fetch_capture_header_res(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
9940 const struct arg *args, struct sample *smp, const char *kw)
9941{
9942 struct proxy *fe = l4->fe;
9943 struct http_txn *txn = l7;
9944 int idx;
9945
9946 if (!args || args->type != ARGT_UINT)
9947 return 0;
9948
9949 idx = args->data.uint;
9950
9951 if (idx > (fe->nb_rsp_cap - 1) || txn->rsp.cap == NULL || txn->rsp.cap[idx] == NULL)
9952 return 0;
9953
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009954 smp->type = SMP_T_STR;
9955 smp->flags |= SMP_F_CONST;
William Lallemanda43ba4e2014-01-28 18:14:25 +01009956 smp->data.str.str = txn->rsp.cap[idx];
9957 smp->data.str.len = strlen(txn->rsp.cap[idx]);
9958
9959 return 1;
9960}
9961
William Lallemand65ad6e12014-01-31 15:08:02 +01009962/* Extracts the METHOD in the HTTP request, the txn->uri should be filled before the call */
9963static int
9964smp_fetch_capture_req_method(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
9965 const struct arg *args, struct sample *smp, const char *kw)
9966{
9967 struct chunk *temp;
9968 struct http_txn *txn = l7;
William Lallemand96a77852014-02-05 00:30:02 +01009969 char *ptr;
William Lallemand65ad6e12014-01-31 15:08:02 +01009970
9971 if (!txn->uri)
9972 return 0;
9973
William Lallemand96a77852014-02-05 00:30:02 +01009974 ptr = txn->uri;
William Lallemand65ad6e12014-01-31 15:08:02 +01009975
William Lallemand96a77852014-02-05 00:30:02 +01009976 while (*ptr != ' ' && *ptr != '\0') /* find first space */
9977 ptr++;
William Lallemand65ad6e12014-01-31 15:08:02 +01009978
William Lallemand96a77852014-02-05 00:30:02 +01009979 temp = get_trash_chunk();
9980 temp->str = txn->uri;
9981 temp->len = ptr - txn->uri;
William Lallemand65ad6e12014-01-31 15:08:02 +01009982 smp->data.str = *temp;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009983 smp->type = SMP_T_STR;
9984 smp->flags = SMP_F_CONST;
William Lallemand65ad6e12014-01-31 15:08:02 +01009985
9986 return 1;
9987
9988}
9989
9990/* Extracts the path in the HTTP request, the txn->uri should be filled before the call */
9991static int
9992smp_fetch_capture_req_uri(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
9993 const struct arg *args, struct sample *smp, const char *kw)
9994{
9995 struct chunk *temp;
9996 struct http_txn *txn = l7;
9997 char *ptr;
William Lallemand65ad6e12014-01-31 15:08:02 +01009998
9999 if (!txn->uri)
10000 return 0;
William Lallemand96a77852014-02-05 00:30:02 +010010001
William Lallemand65ad6e12014-01-31 15:08:02 +010010002 ptr = txn->uri;
10003
10004 while (*ptr != ' ' && *ptr != '\0') /* find first space */
10005 ptr++;
William Lallemand96a77852014-02-05 00:30:02 +010010006
William Lallemand65ad6e12014-01-31 15:08:02 +010010007 if (!*ptr)
10008 return 0;
10009
10010 ptr++; /* skip the space */
10011
10012 temp = get_trash_chunk();
William Lallemand96a77852014-02-05 00:30:02 +010010013 ptr = temp->str = http_get_path_from_string(ptr);
William Lallemand65ad6e12014-01-31 15:08:02 +010010014 if (!ptr)
10015 return 0;
10016 while (*ptr != ' ' && *ptr != '\0') /* find space after URI */
10017 ptr++;
William Lallemand65ad6e12014-01-31 15:08:02 +010010018
10019 smp->data.str = *temp;
William Lallemand96a77852014-02-05 00:30:02 +010010020 smp->data.str.len = ptr - temp->str;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010021 smp->type = SMP_T_STR;
10022 smp->flags = SMP_F_CONST;
William Lallemand65ad6e12014-01-31 15:08:02 +010010023
10024 return 1;
10025}
10026
10027
Willy Tarreaue333ec92012-04-16 16:26:40 +020010028/* Iterate over all cookies present in a message. The context is stored in
Willy Tarreau37406352012-04-23 16:16:37 +020010029 * smp->ctx.a[0] for the in-header position, smp->ctx.a[1] for the
Willy Tarreaua890d072013-04-02 12:01:06 +020010030 * end-of-header-value, and smp->ctx.a[2] for the hdr_ctx. Depending on
Willy Tarreaue333ec92012-04-16 16:26:40 +020010031 * the direction, multiple cookies may be parsed on the same line or not.
Willy Tarreau24e32d82012-04-23 23:55:44 +020010032 * The cookie name is in args and the name length in args->data.str.len.
Willy Tarreau28376d62012-04-26 21:26:10 +020010033 * Accepts exactly 1 argument of type string. If the input options indicate
10034 * that no iterating is desired, then only last value is fetched if any.
Willy Tarreaub169eba2013-12-16 15:14:43 +010010035 * The returned sample is of type CSTR.
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010036 */
10037static int
Willy Tarreau51539362012-05-08 12:46:28 +020010038smp_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010039 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010040{
10041 struct http_txn *txn = l7;
10042 struct hdr_idx *idx = &txn->hdr_idx;
Willy Tarreaua890d072013-04-02 12:01:06 +020010043 struct hdr_ctx *ctx = smp->ctx.a[2];
Willy Tarreaue333ec92012-04-16 16:26:40 +020010044 const struct http_msg *msg;
10045 const char *hdr_name;
10046 int hdr_name_len;
10047 char *sol;
Willy Tarreau28376d62012-04-26 21:26:10 +020010048 int occ = 0;
10049 int found = 0;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010050
Willy Tarreau24e32d82012-04-23 23:55:44 +020010051 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +020010052 return 0;
10053
Willy Tarreaua890d072013-04-02 12:01:06 +020010054 if (!ctx) {
10055 /* first call */
10056 ctx = &static_hdr_ctx;
10057 ctx->idx = 0;
10058 smp->ctx.a[2] = ctx;
10059 }
10060
Willy Tarreaue333ec92012-04-16 16:26:40 +020010061 CHECK_HTTP_MESSAGE_FIRST();
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010062
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010063 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +020010064 msg = &txn->req;
10065 hdr_name = "Cookie";
10066 hdr_name_len = 6;
10067 } else {
10068 msg = &txn->rsp;
10069 hdr_name = "Set-Cookie";
10070 hdr_name_len = 10;
10071 }
10072
Willy Tarreau28376d62012-04-26 21:26:10 +020010073 if (!occ && !(opt & SMP_OPT_ITERATE))
10074 /* no explicit occurrence and single fetch => last cookie by default */
10075 occ = -1;
10076
10077 /* OK so basically here, either we want only one value and it's the
10078 * last one, or we want to iterate over all of them and we fetch the
10079 * next one.
10080 */
10081
Willy Tarreau9b28e032012-10-12 23:49:43 +020010082 sol = msg->chn->buf->p;
Willy Tarreau37406352012-04-23 16:16:37 +020010083 if (!(smp->flags & SMP_F_NOT_LAST)) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010084 /* search for the header from the beginning, we must first initialize
10085 * the search parameters.
10086 */
Willy Tarreau37406352012-04-23 16:16:37 +020010087 smp->ctx.a[0] = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010088 ctx->idx = 0;
10089 }
10090
Willy Tarreau28376d62012-04-26 21:26:10 +020010091 smp->flags |= SMP_F_VOL_HDR;
10092
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010093 while (1) {
Willy Tarreau37406352012-04-23 16:16:37 +020010094 /* Note: smp->ctx.a[0] == NULL every time we need to fetch a new header */
10095 if (!smp->ctx.a[0]) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010096 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, ctx))
10097 goto out;
10098
Willy Tarreau24e32d82012-04-23 23:55:44 +020010099 if (ctx->vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010100 continue;
10101
Willy Tarreau37406352012-04-23 16:16:37 +020010102 smp->ctx.a[0] = ctx->line + ctx->val;
10103 smp->ctx.a[1] = smp->ctx.a[0] + ctx->vlen;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010104 }
10105
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010106 smp->type = SMP_T_STR;
10107 smp->flags |= SMP_F_CONST;
Willy Tarreau37406352012-04-23 16:16:37 +020010108 smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
Willy Tarreau24e32d82012-04-23 23:55:44 +020010109 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010110 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +020010111 &smp->data.str.str,
10112 &smp->data.str.len);
Willy Tarreau37406352012-04-23 16:16:37 +020010113 if (smp->ctx.a[0]) {
Willy Tarreau28376d62012-04-26 21:26:10 +020010114 found = 1;
10115 if (occ >= 0) {
10116 /* one value was returned into smp->data.str.{str,len} */
10117 smp->flags |= SMP_F_NOT_LAST;
10118 return 1;
10119 }
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010120 }
Willy Tarreau28376d62012-04-26 21:26:10 +020010121 /* if we're looking for last occurrence, let's loop */
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010122 }
Willy Tarreau28376d62012-04-26 21:26:10 +020010123 /* all cookie headers and values were scanned. If we're looking for the
10124 * last occurrence, we may return it now.
10125 */
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010126 out:
Willy Tarreau37406352012-04-23 16:16:37 +020010127 smp->flags &= ~SMP_F_NOT_LAST;
Willy Tarreau28376d62012-04-26 21:26:10 +020010128 return found;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010129}
10130
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010131/* Iterate over all cookies present in a request to count how many occurrences
Willy Tarreau24e32d82012-04-23 23:55:44 +020010132 * match the name in args and args->data.str.len. If <multi> is non-null, then
Willy Tarreaub169eba2013-12-16 15:14:43 +010010133 * multiple cookies may be parsed on the same line. The returned sample is of
10134 * type UINT. Accepts exactly 1 argument of type string.
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010135 */
10136static int
Willy Tarreau409bcde2013-01-08 00:31:00 +010010137smp_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010138 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010139{
10140 struct http_txn *txn = l7;
10141 struct hdr_idx *idx = &txn->hdr_idx;
10142 struct hdr_ctx ctx;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010143 const struct http_msg *msg;
10144 const char *hdr_name;
10145 int hdr_name_len;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010146 int cnt;
10147 char *val_beg, *val_end;
Willy Tarreaue333ec92012-04-16 16:26:40 +020010148 char *sol;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010149
Willy Tarreau24e32d82012-04-23 23:55:44 +020010150 if (!args || args->type != ARGT_STR)
Willy Tarreau34db1082012-04-19 17:16:54 +020010151 return 0;
10152
Willy Tarreaue333ec92012-04-16 16:26:40 +020010153 CHECK_HTTP_MESSAGE_FIRST();
10154
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010155 if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
Willy Tarreaue333ec92012-04-16 16:26:40 +020010156 msg = &txn->req;
10157 hdr_name = "Cookie";
10158 hdr_name_len = 6;
10159 } else {
10160 msg = &txn->rsp;
10161 hdr_name = "Set-Cookie";
10162 hdr_name_len = 10;
10163 }
10164
Willy Tarreau9b28e032012-10-12 23:49:43 +020010165 sol = msg->chn->buf->p;
Willy Tarreau46787ed2012-04-11 17:28:40 +020010166 val_end = val_beg = NULL;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010167 ctx.idx = 0;
10168 cnt = 0;
10169
10170 while (1) {
10171 /* Note: val_beg == NULL every time we need to fetch a new header */
10172 if (!val_beg) {
10173 if (!http_find_header2(hdr_name, hdr_name_len, sol, idx, &ctx))
10174 break;
10175
Willy Tarreau24e32d82012-04-23 23:55:44 +020010176 if (ctx.vlen < args->data.str.len + 1)
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010177 continue;
10178
10179 val_beg = ctx.line + ctx.val;
10180 val_end = val_beg + ctx.vlen;
10181 }
10182
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010183 smp->type = SMP_T_STR;
10184 smp->flags |= SMP_F_CONST;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010185 while ((val_beg = extract_cookie_value(val_beg, val_end,
Willy Tarreau24e32d82012-04-23 23:55:44 +020010186 args->data.str.str, args->data.str.len,
Willy Tarreau32a6f2e2012-04-25 10:13:36 +020010187 (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
Willy Tarreauf853c462012-04-23 18:53:56 +020010188 &smp->data.str.str,
10189 &smp->data.str.len))) {
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010190 cnt++;
10191 }
10192 }
10193
Willy Tarreaub169eba2013-12-16 15:14:43 +010010194 smp->type = SMP_T_UINT;
Willy Tarreauf853c462012-04-23 18:53:56 +020010195 smp->data.uint = cnt;
Willy Tarreau37406352012-04-23 16:16:37 +020010196 smp->flags |= SMP_F_VOL_HDR;
Willy Tarreau04aa6a92012-04-06 18:57:55 +020010197 return 1;
10198}
10199
Willy Tarreau51539362012-05-08 12:46:28 +020010200/* Fetch an cookie's integer value. The integer value is returned. It
10201 * takes a mandatory argument of type string. It relies on smp_fetch_cookie().
10202 */
10203static int
10204smp_fetch_cookie_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010205 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau51539362012-05-08 12:46:28 +020010206{
Willy Tarreauef38c392013-07-22 16:29:32 +020010207 int ret = smp_fetch_cookie(px, l4, l7, opt, args, smp, kw);
Willy Tarreau51539362012-05-08 12:46:28 +020010208
10209 if (ret > 0) {
10210 smp->type = SMP_T_UINT;
10211 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10212 }
10213
10214 return ret;
10215}
10216
Willy Tarreau8797c062007-05-07 00:55:35 +020010217/************************************************************************/
Willy Tarreau12785782012-04-27 21:37:17 +020010218/* The code below is dedicated to sample fetches */
Willy Tarreau4a568972010-05-12 08:08:50 +020010219/************************************************************************/
10220
David Cournapeau16023ee2010-12-23 20:55:41 +090010221/*
10222 * Given a path string and its length, find the position of beginning of the
10223 * query string. Returns NULL if no query string is found in the path.
10224 *
10225 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
10226 *
10227 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
10228 */
bedis4c75cca2012-10-05 08:38:24 +020010229static inline char *find_param_list(char *path, size_t path_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010230{
10231 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +020010232
bedis4c75cca2012-10-05 08:38:24 +020010233 p = memchr(path, delim, path_l);
David Cournapeau16023ee2010-12-23 20:55:41 +090010234 return p ? p + 1 : NULL;
10235}
10236
bedis4c75cca2012-10-05 08:38:24 +020010237static inline int is_param_delimiter(char c, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010238{
bedis4c75cca2012-10-05 08:38:24 +020010239 return c == '&' || c == ';' || c == delim;
David Cournapeau16023ee2010-12-23 20:55:41 +090010240}
10241
10242/*
10243 * Given a url parameter, find the starting position of the first occurence,
10244 * or NULL if the parameter is not found.
10245 *
10246 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
10247 * the function will return query_string+8.
10248 */
10249static char*
10250find_url_param_pos(char* query_string, size_t query_string_l,
bedis4c75cca2012-10-05 08:38:24 +020010251 char* url_param_name, size_t url_param_name_l,
10252 char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010253{
10254 char *pos, *last;
10255
10256 pos = query_string;
10257 last = query_string + query_string_l - url_param_name_l - 1;
10258
10259 while (pos <= last) {
10260 if (pos[url_param_name_l] == '=') {
10261 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
10262 return pos;
10263 pos += url_param_name_l + 1;
10264 }
bedis4c75cca2012-10-05 08:38:24 +020010265 while (pos <= last && !is_param_delimiter(*pos, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010266 pos++;
10267 pos++;
10268 }
10269 return NULL;
10270}
10271
10272/*
10273 * Given a url parameter name, returns its value and size into *value and
10274 * *value_l respectively, and returns non-zero. If the parameter is not found,
10275 * zero is returned and value/value_l are not touched.
10276 */
10277static int
10278find_url_param_value(char* path, size_t path_l,
10279 char* url_param_name, size_t url_param_name_l,
bedis4c75cca2012-10-05 08:38:24 +020010280 char** value, int* value_l, char delim)
David Cournapeau16023ee2010-12-23 20:55:41 +090010281{
10282 char *query_string, *qs_end;
10283 char *arg_start;
10284 char *value_start, *value_end;
10285
bedis4c75cca2012-10-05 08:38:24 +020010286 query_string = find_param_list(path, path_l, delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010287 if (!query_string)
10288 return 0;
10289
10290 qs_end = path + path_l;
10291 arg_start = find_url_param_pos(query_string, qs_end - query_string,
bedis4c75cca2012-10-05 08:38:24 +020010292 url_param_name, url_param_name_l,
10293 delim);
David Cournapeau16023ee2010-12-23 20:55:41 +090010294 if (!arg_start)
10295 return 0;
10296
10297 value_start = arg_start + url_param_name_l + 1;
10298 value_end = value_start;
10299
bedis4c75cca2012-10-05 08:38:24 +020010300 while ((value_end < qs_end) && !is_param_delimiter(*value_end, delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010301 value_end++;
10302
10303 *value = value_start;
10304 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +010010305 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +090010306}
10307
10308static int
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010309smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010310 const struct arg *args, struct sample *smp, const char *kw)
David Cournapeau16023ee2010-12-23 20:55:41 +090010311{
bedis4c75cca2012-10-05 08:38:24 +020010312 char delim = '?';
David Cournapeau16023ee2010-12-23 20:55:41 +090010313 struct http_txn *txn = l7;
10314 struct http_msg *msg = &txn->req;
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010315
bedis4c75cca2012-10-05 08:38:24 +020010316 if (!args || args[0].type != ARGT_STR ||
10317 (args[1].type && args[1].type != ARGT_STR))
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010318 return 0;
10319
10320 CHECK_HTTP_MESSAGE_FIRST();
David Cournapeau16023ee2010-12-23 20:55:41 +090010321
bedis4c75cca2012-10-05 08:38:24 +020010322 if (args[1].type)
10323 delim = *args[1].data.str.str;
10324
Willy Tarreau9b28e032012-10-12 23:49:43 +020010325 if (!find_url_param_value(msg->chn->buf->p + msg->sl.rq.u, msg->sl.rq.u_l,
bedis4c75cca2012-10-05 08:38:24 +020010326 args->data.str.str, args->data.str.len,
10327 &smp->data.str.str, &smp->data.str.len,
10328 delim))
David Cournapeau16023ee2010-12-23 20:55:41 +090010329 return 0;
10330
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010331 smp->type = SMP_T_STR;
10332 smp->flags = SMP_F_VOL_1ST | SMP_F_CONST;
David Cournapeau16023ee2010-12-23 20:55:41 +090010333 return 1;
10334}
10335
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010336/* Return the signed integer value for the specified url parameter (see url_param
10337 * above).
10338 */
10339static int
10340smp_fetch_url_param_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +020010341 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010342{
Willy Tarreauef38c392013-07-22 16:29:32 +020010343 int ret = smp_fetch_url_param(px, l4, l7, opt, args, smp, kw);
Willy Tarreaua9fddca2012-07-31 07:51:48 +020010344
10345 if (ret > 0) {
10346 smp->type = SMP_T_UINT;
10347 smp->data.uint = strl2ic(smp->data.str.str, smp->data.str.len);
10348 }
10349
10350 return ret;
10351}
10352
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010353/* This produces a 32-bit hash of the concatenation of the first occurrence of
10354 * the Host header followed by the path component if it begins with a slash ('/').
10355 * This means that '*' will not be added, resulting in exactly the first Host
10356 * entry. If no Host header is found, then the path is used. The resulting value
10357 * is hashed using the url hash followed by a full avalanche hash and provides a
10358 * 32-bit integer value. This fetch is useful for tracking per-URL activity on
10359 * high-traffic sites without having to store whole paths.
10360 * this differs from the base32 functions in that it includes the url parameters
10361 * as well as the path
10362 */
10363static int
10364smp_fetch_url32(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010365 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010366{
10367 struct http_txn *txn = l7;
10368 struct hdr_ctx ctx;
10369 unsigned int hash = 0;
10370 char *ptr, *beg, *end;
10371 int len;
10372
10373 CHECK_HTTP_MESSAGE_FIRST();
10374
10375 ctx.idx = 0;
Willy Tarreau877e78d2013-04-07 18:48:08 +020010376 if (http_find_header2("Host", 4, txn->req.chn->buf->p, &txn->hdr_idx, &ctx)) {
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010377 /* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
10378 ptr = ctx.line + ctx.val;
10379 len = ctx.vlen;
10380 while (len--)
10381 hash = *(ptr++) + (hash << 6) + (hash << 16) - hash;
10382 }
10383
10384 /* now retrieve the path */
Willy Tarreau877e78d2013-04-07 18:48:08 +020010385 end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010386 beg = http_get_path(txn);
10387 if (!beg)
10388 beg = end;
10389
10390 for (ptr = beg; ptr < end ; ptr++);
10391
10392 if (beg < ptr && *beg == '/') {
10393 while (beg < ptr)
10394 hash = *(beg++) + (hash << 6) + (hash << 16) - hash;
10395 }
10396 hash = full_hash(hash);
10397
10398 smp->type = SMP_T_UINT;
10399 smp->data.uint = hash;
10400 smp->flags = SMP_F_VOL_1ST;
10401 return 1;
10402}
10403
10404/* This concatenates the source address with the 32-bit hash of the Host and
10405 * URL as returned by smp_fetch_base32(). The idea is to have per-source and
10406 * per-url counters. The result is a binary block from 8 to 20 bytes depending
10407 * on the source address length. The URL hash is stored before the address so
10408 * that in environments where IPv6 is insignificant, truncating the output to
10409 * 8 bytes would still work.
10410 */
10411static int
10412smp_fetch_url32_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreaue155ec22013-11-18 18:33:22 +010010413 const struct arg *args, struct sample *smp, const char *kw)
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010414{
10415 struct chunk *temp;
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010416 struct connection *cli_conn = objt_conn(l4->si[0].end);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010417
Willy Tarreaue155ec22013-11-18 18:33:22 +010010418 if (!smp_fetch_url32(px, l4, l7, opt, args, smp, kw))
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010419 return 0;
10420
10421 temp = get_trash_chunk();
10422 memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
10423 temp->len += sizeof(smp->data.uint);
10424
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010425 switch (cli_conn->addr.from.ss_family) {
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010426 case AF_INET:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010427 memcpy(temp->str + temp->len, &((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr, 4);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010428 temp->len += 4;
10429 break;
10430 case AF_INET6:
Willy Tarreaub363a1f2013-10-01 10:45:07 +020010431 memcpy(temp->str + temp->len, &((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, 16);
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010432 temp->len += 16;
10433 break;
10434 default:
10435 return 0;
10436 }
10437
10438 smp->data.str = *temp;
10439 smp->type = SMP_T_BIN;
10440 return 1;
10441}
10442
Willy Tarreau185b5c42012-04-26 15:11:51 +020010443/* This function is used to validate the arguments passed to any "hdr" fetch
10444 * keyword. These keywords support an optional positive or negative occurrence
10445 * number. We must ensure that the number is greater than -MAX_HDR_HISTORY. It
10446 * is assumed that the types are already the correct ones. Returns 0 on error,
10447 * non-zero if OK. If <err> is not NULL, it will be filled with a pointer to an
10448 * error message in case of error, that the caller is responsible for freeing.
10449 * The initial location must either be freeable or NULL.
10450 */
10451static int val_hdr(struct arg *arg, char **err_msg)
10452{
10453 if (arg && arg[1].type == ARGT_SINT && arg[1].data.sint < -MAX_HDR_HISTORY) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +020010454 memprintf(err_msg, "header occurrence must be >= %d", -MAX_HDR_HISTORY);
Willy Tarreau185b5c42012-04-26 15:11:51 +020010455 return 0;
10456 }
10457 return 1;
10458}
10459
Willy Tarreau276fae92013-07-25 14:36:01 +020010460/* takes an UINT value on input supposed to represent the time since EPOCH,
10461 * adds an optional offset found in args[0] and emits a string representing
10462 * the date in RFC-1123/5322 format.
10463 */
10464static int sample_conv_http_date(const struct arg *args, struct sample *smp)
10465{
10466 const char day[7][4] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
10467 const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
10468 struct chunk *temp;
10469 struct tm *tm;
10470 time_t curr_date = smp->data.uint;
10471
10472 /* add offset */
10473 if (args && (args[0].type == ARGT_SINT || args[0].type == ARGT_UINT))
10474 curr_date += args[0].data.sint;
10475
10476 tm = gmtime(&curr_date);
10477
10478 temp = get_trash_chunk();
10479 temp->len = snprintf(temp->str, temp->size - temp->len,
10480 "%s, %02d %s %04d %02d:%02d:%02d GMT",
10481 day[tm->tm_wday], tm->tm_mday, mon[tm->tm_mon], 1900+tm->tm_year,
10482 tm->tm_hour, tm->tm_min, tm->tm_sec);
10483
10484 smp->data.str = *temp;
10485 smp->type = SMP_T_STR;
10486 return 1;
10487}
10488
Thierry FOURNIERad903512014-04-11 17:51:01 +020010489/* Match language range with language tag. RFC2616 14.4:
10490 *
10491 * A language-range matches a language-tag if it exactly equals
10492 * the tag, or if it exactly equals a prefix of the tag such
10493 * that the first tag character following the prefix is "-".
10494 *
10495 * Return 1 if the strings match, else return 0.
10496 */
10497static inline int language_range_match(const char *range, int range_len,
10498 const char *tag, int tag_len)
10499{
10500 const char *end = range + range_len;
10501 const char *tend = tag + tag_len;
10502 while (range < end) {
10503 if (*range == '-' && tag == tend)
10504 return 1;
10505 if (*range != *tag || tag == tend)
10506 return 0;
10507 range++;
10508 tag++;
10509 }
10510 /* Return true only if the last char of the tag is matched. */
10511 return tag == tend;
10512}
10513
10514/* Arguments: The list of expected value, the number of parts returned and the separator */
10515static int sample_conv_q_prefered(const struct arg *args, struct sample *smp)
10516{
10517 const char *al = smp->data.str.str;
10518 const char *end = al + smp->data.str.len;
10519 const char *token;
10520 int toklen;
10521 int qvalue;
10522 const char *str;
10523 const char *w;
10524 int best_q = 0;
10525
10526 /* Set the constant to the sample, because the output of the
10527 * function will be peek in the constant configuration string.
10528 */
10529 smp->flags |= SMP_F_CONST;
10530 smp->data.str.size = 0;
10531 smp->data.str.str = "";
10532 smp->data.str.len = 0;
10533
10534 /* Parse the accept language */
10535 while (1) {
10536
10537 /* Jump spaces, quit if the end is detected. */
10538 while (al < end && isspace(*al))
10539 al++;
10540 if (al >= end)
10541 break;
10542
10543 /* Start of the fisrt word. */
10544 token = al;
10545
10546 /* Look for separator: isspace(), ',' or ';'. Next value if 0 length word. */
10547 while (al < end && *al != ';' && *al != ',' && !isspace(*al))
10548 al++;
10549 if (al == token)
10550 goto expect_comma;
10551
10552 /* Length of the token. */
10553 toklen = al - token;
10554 qvalue = 1000;
10555
10556 /* Check if the token exists in the list. If the token not exists,
10557 * jump to the next token.
10558 */
10559 str = args[0].data.str.str;
10560 w = str;
10561 while (1) {
10562 if (*str == ';' || *str == '\0') {
10563 if (language_range_match(token, toklen, w, str-w))
10564 goto look_for_q;
10565 if (*str == '\0')
10566 goto expect_comma;
10567 w = str + 1;
10568 }
10569 str++;
10570 }
10571 goto expect_comma;
10572
10573look_for_q:
10574
10575 /* Jump spaces, quit if the end is detected. */
10576 while (al < end && isspace(*al))
10577 al++;
10578 if (al >= end)
10579 goto process_value;
10580
10581 /* If ',' is found, process the result */
10582 if (*al == ',')
10583 goto process_value;
10584
10585 /* If the character is different from ';', look
10586 * for the end of the header part in best effort.
10587 */
10588 if (*al != ';')
10589 goto expect_comma;
10590
10591 /* Assumes that the char is ';', now expect "q=". */
10592 al++;
10593
10594 /* Jump spaces, process value if the end is detected. */
10595 while (al < end && isspace(*al))
10596 al++;
10597 if (al >= end)
10598 goto process_value;
10599
10600 /* Expect 'q'. If no 'q', continue in best effort */
10601 if (*al != 'q')
10602 goto process_value;
10603 al++;
10604
10605 /* Jump spaces, process value if the end is detected. */
10606 while (al < end && isspace(*al))
10607 al++;
10608 if (al >= end)
10609 goto process_value;
10610
10611 /* Expect '='. If no '=', continue in best effort */
10612 if (*al != '=')
10613 goto process_value;
10614 al++;
10615
10616 /* Jump spaces, process value if the end is detected. */
10617 while (al < end && isspace(*al))
10618 al++;
10619 if (al >= end)
10620 goto process_value;
10621
10622 /* Parse the q value. */
10623 qvalue = parse_qvalue(al, &al);
10624
10625process_value:
10626
10627 /* If the new q value is the best q value, then store the associated
10628 * language in the response. If qvalue is the biggest value (1000),
10629 * break the process.
10630 */
10631 if (qvalue > best_q) {
10632 smp->data.str.str = (char *)w;
10633 smp->data.str.len = str - w;
10634 if (qvalue >= 1000)
10635 break;
10636 best_q = qvalue;
10637 }
10638
10639expect_comma:
10640
10641 /* Expect comma or end. If the end is detected, quit the loop. */
10642 while (al < end && *al != ',')
10643 al++;
10644 if (al >= end)
10645 break;
10646
10647 /* Comma is found, jump it and restart the analyzer. */
10648 al++;
10649 }
10650
10651 /* Set default value if required. */
10652 if (smp->data.str.len == 0 && args[1].type == ARGT_STR) {
10653 smp->data.str.str = args[1].data.str.str;
10654 smp->data.str.len = args[1].data.str.len;
10655 }
10656
10657 /* Return true only if a matching language was found. */
10658 return smp->data.str.len != 0;
10659}
10660
Willy Tarreau4a568972010-05-12 08:08:50 +020010661/************************************************************************/
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010662/* All supported ACL keywords must be declared here. */
10663/************************************************************************/
10664
10665/* Note: must not be declared <const> as its list will be overwritten.
10666 * Please take care of keeping this list alphabetically sorted.
10667 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010668static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010669 { "base", "base", PAT_MATCH_STR },
10670 { "base_beg", "base", PAT_MATCH_BEG },
10671 { "base_dir", "base", PAT_MATCH_DIR },
10672 { "base_dom", "base", PAT_MATCH_DOM },
10673 { "base_end", "base", PAT_MATCH_END },
10674 { "base_len", "base", PAT_MATCH_LEN },
10675 { "base_reg", "base", PAT_MATCH_REG },
10676 { "base_sub", "base", PAT_MATCH_SUB },
Willy Tarreaua7ad50c2012-04-29 15:39:40 +020010677
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010678 { "cook", "req.cook", PAT_MATCH_STR },
10679 { "cook_beg", "req.cook", PAT_MATCH_BEG },
10680 { "cook_dir", "req.cook", PAT_MATCH_DIR },
10681 { "cook_dom", "req.cook", PAT_MATCH_DOM },
10682 { "cook_end", "req.cook", PAT_MATCH_END },
10683 { "cook_len", "req.cook", PAT_MATCH_LEN },
10684 { "cook_reg", "req.cook", PAT_MATCH_REG },
10685 { "cook_sub", "req.cook", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010686
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010687 { "hdr", "req.hdr", PAT_MATCH_STR },
10688 { "hdr_beg", "req.hdr", PAT_MATCH_BEG },
10689 { "hdr_dir", "req.hdr", PAT_MATCH_DIR },
10690 { "hdr_dom", "req.hdr", PAT_MATCH_DOM },
10691 { "hdr_end", "req.hdr", PAT_MATCH_END },
10692 { "hdr_len", "req.hdr", PAT_MATCH_LEN },
10693 { "hdr_reg", "req.hdr", PAT_MATCH_REG },
10694 { "hdr_sub", "req.hdr", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010695
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010696 /* these two declarations uses strings with list storage (in place
10697 * of tree storage). The basic match is PAT_MATCH_STR, but the indexation
10698 * and delete functions are relative to the list management. The parse
10699 * and match method are related to the corresponding fetch methods. This
10700 * is very particular ACL declaration mode.
10701 */
10702 { "http_auth_group", NULL, PAT_MATCH_STR, NULL, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_auth },
10703 { "method", NULL, PAT_MATCH_STR, pat_parse_meth, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_meth },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010704
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010705 { "path", "path", PAT_MATCH_STR },
10706 { "path_beg", "path", PAT_MATCH_BEG },
10707 { "path_dir", "path", PAT_MATCH_DIR },
10708 { "path_dom", "path", PAT_MATCH_DOM },
10709 { "path_end", "path", PAT_MATCH_END },
10710 { "path_len", "path", PAT_MATCH_LEN },
10711 { "path_reg", "path", PAT_MATCH_REG },
10712 { "path_sub", "path", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010713
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010714 { "req_ver", "req.ver", PAT_MATCH_STR },
10715 { "resp_ver", "res.ver", PAT_MATCH_STR },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010716
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010717 { "scook", "res.cook", PAT_MATCH_STR },
10718 { "scook_beg", "res.cook", PAT_MATCH_BEG },
10719 { "scook_dir", "res.cook", PAT_MATCH_DIR },
10720 { "scook_dom", "res.cook", PAT_MATCH_DOM },
10721 { "scook_end", "res.cook", PAT_MATCH_END },
10722 { "scook_len", "res.cook", PAT_MATCH_LEN },
10723 { "scook_reg", "res.cook", PAT_MATCH_REG },
10724 { "scook_sub", "res.cook", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010725
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010726 { "shdr", "res.hdr", PAT_MATCH_STR },
10727 { "shdr_beg", "res.hdr", PAT_MATCH_BEG },
10728 { "shdr_dir", "res.hdr", PAT_MATCH_DIR },
10729 { "shdr_dom", "res.hdr", PAT_MATCH_DOM },
10730 { "shdr_end", "res.hdr", PAT_MATCH_END },
10731 { "shdr_len", "res.hdr", PAT_MATCH_LEN },
10732 { "shdr_reg", "res.hdr", PAT_MATCH_REG },
10733 { "shdr_sub", "res.hdr", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010734
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010735 { "url", "url", PAT_MATCH_STR },
10736 { "url_beg", "url", PAT_MATCH_BEG },
10737 { "url_dir", "url", PAT_MATCH_DIR },
10738 { "url_dom", "url", PAT_MATCH_DOM },
10739 { "url_end", "url", PAT_MATCH_END },
10740 { "url_len", "url", PAT_MATCH_LEN },
10741 { "url_reg", "url", PAT_MATCH_REG },
10742 { "url_sub", "url", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010743
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010010744 { "urlp", "urlp", PAT_MATCH_STR },
10745 { "urlp_beg", "urlp", PAT_MATCH_BEG },
10746 { "urlp_dir", "urlp", PAT_MATCH_DIR },
10747 { "urlp_dom", "urlp", PAT_MATCH_DOM },
10748 { "urlp_end", "urlp", PAT_MATCH_END },
10749 { "urlp_len", "urlp", PAT_MATCH_LEN },
10750 { "urlp_reg", "urlp", PAT_MATCH_REG },
10751 { "urlp_sub", "urlp", PAT_MATCH_SUB },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010752
Willy Tarreau8ed669b2013-01-11 15:49:37 +010010753 { /* END */ },
Willy Tarreau25c1ebc2012-04-25 16:21:44 +020010754}};
10755
10756/************************************************************************/
10757/* All supported pattern keywords must be declared here. */
Willy Tarreau4a568972010-05-12 08:08:50 +020010758/************************************************************************/
10759/* Note: must not be declared <const> as its list will be overwritten */
Willy Tarreaudc13c112013-06-21 23:16:39 +020010760static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010761 { "base", smp_fetch_base, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010762 { "base32", smp_fetch_base32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10763 { "base32+src", smp_fetch_base32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
10764
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010765 { "capture.req.uri", smp_fetch_capture_req_uri, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
10766 { "capture.req.method", smp_fetch_capture_req_method, 0, NULL, SMP_T_STR, SMP_USE_HRQHP },
William Lallemand65ad6e12014-01-31 15:08:02 +010010767
William Lallemanda43ba4e2014-01-28 18:14:25 +010010768 /* capture are allocated and are permanent in the session */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010769 { "capture.req.hdr", smp_fetch_capture_header_req, ARG1(1, UINT), NULL, SMP_T_STR, SMP_USE_HRQHP },
10770 { "capture.res.hdr", smp_fetch_capture_header_res, ARG1(1, UINT), NULL, SMP_T_STR, SMP_USE_HRSHP },
William Lallemanda43ba4e2014-01-28 18:14:25 +010010771
Willy Tarreau409bcde2013-01-08 00:31:00 +010010772 /* cookie is valid in both directions (eg: for "stick ...") but cook*
10773 * are only here to match the ACL's name, are request-only and are used
10774 * for ACL compatibility only.
10775 */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010776 { "cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
10777 { "cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV|SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010778 { "cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10779 { "cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10780
10781 /* hdr is valid in both directions (eg: for "stick ...") but hdr_* are
10782 * only here to match the ACL's name, are request-only and are used for
10783 * ACL compatibility only.
10784 */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010785 { "hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV|SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010786 { "hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10787 { "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10788 { "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10789
Willy Tarreau0a0daec2013-04-02 22:44:58 +020010790 { "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010791 { "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010792 { "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Thierry FOURNIERd4373142013-12-17 01:10:10 +010010793 { "method", smp_fetch_meth, 0, NULL, SMP_T_METH, SMP_USE_HRQHP },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010794 { "path", smp_fetch_path, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010795
10796 /* HTTP protocol on the request path */
10797 { "req.proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010798 { "req_proto_http", smp_fetch_proto_http, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010799
10800 /* HTTP version on the request path */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010801 { "req.ver", smp_fetch_rqver, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
10802 { "req_ver", smp_fetch_rqver, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010803
10804 /* HTTP version on the response path */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010805 { "res.ver", smp_fetch_stver, 0, NULL, SMP_T_STR, SMP_USE_HRSHV },
10806 { "resp_ver", smp_fetch_stver, 0, NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010807
Willy Tarreau18ed2562013-01-14 15:56:36 +010010808 /* explicit req.{cook,hdr} are used to force the fetch direction to be request-only */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010809 { "req.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010810 { "req.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10811 { "req.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10812
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010813 { "req.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010814 { "req.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010815 { "req.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010816 { "req.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10817 { "req.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
10818 { "req.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRQHV },
10819
10820 /* explicit req.{cook,hdr} are used to force the fetch direction to be response-only */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010821 { "res.cook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010822 { "res.cook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10823 { "res.cook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10824
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010825 { "res.fhdr", smp_fetch_fhdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau04ff9f12013-06-10 18:39:42 +020010826 { "res.fhdr_cnt", smp_fetch_fhdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010827 { "res.hdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau18ed2562013-01-14 15:56:36 +010010828 { "res.hdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10829 { "res.hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10830 { "res.hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10831
Willy Tarreau409bcde2013-01-08 00:31:00 +010010832 /* scook is valid only on the response and is used for ACL compatibility */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010833 { "scook", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010834 { "scook_cnt", smp_fetch_cookie_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10835 { "scook_val", smp_fetch_cookie_val, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010836 { "set-cookie", smp_fetch_cookie, ARG1(0,STR), NULL, SMP_T_STR, SMP_USE_HRSHV }, /* deprecated */
Willy Tarreau409bcde2013-01-08 00:31:00 +010010837
10838 /* shdr is valid only on the response and is used for ACL compatibility */
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010839 { "shdr", smp_fetch_hdr, ARG2(0,STR,SINT), val_hdr, SMP_T_STR, SMP_USE_HRSHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010840 { "shdr_cnt", smp_fetch_hdr_cnt, ARG1(0,STR), NULL, SMP_T_UINT, SMP_USE_HRSHV },
10841 { "shdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRSHV },
10842 { "shdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_UINT, SMP_USE_HRSHV },
10843
10844 { "status", smp_fetch_stcode, 0, NULL, SMP_T_UINT, SMP_USE_HRSHP },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010845 { "url", smp_fetch_url, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
Neil - HAProxy List39c63c52013-11-04 13:48:42 +000010846 { "url32", smp_fetch_url32, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
10847 { "url32+src", smp_fetch_url32_src, 0, NULL, SMP_T_BIN, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010848 { "url_ip", smp_fetch_url_ip, 0, NULL, SMP_T_IPV4, SMP_USE_HRQHV },
10849 { "url_port", smp_fetch_url_port, 0, NULL, SMP_T_UINT, SMP_USE_HRQHV },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010010850 { "url_param", smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
10851 { "urlp" , smp_fetch_url_param, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_USE_HRQHV },
Willy Tarreau409bcde2013-01-08 00:31:00 +010010852 { "urlp_val", smp_fetch_url_param_val, ARG2(1,STR,STR), NULL, SMP_T_UINT, SMP_USE_HRQHV },
10853 { /* END */ },
Willy Tarreau4a568972010-05-12 08:08:50 +020010854}};
10855
Willy Tarreau8797c062007-05-07 00:55:35 +020010856
Willy Tarreau276fae92013-07-25 14:36:01 +020010857/* Note: must not be declared <const> as its list will be overwritten */
10858static struct sample_conv_kw_list sample_conv_kws = {ILH, {
Thierry FOURNIERad903512014-04-11 17:51:01 +020010859 { "http_date", sample_conv_http_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_T_STR},
10860 { "language", sample_conv_q_prefered, ARG2(1,STR,STR), NULL, SMP_T_STR, SMP_T_STR},
Willy Tarreau276fae92013-07-25 14:36:01 +020010861 { NULL, NULL, 0, 0, 0 },
10862}};
10863
Willy Tarreau8797c062007-05-07 00:55:35 +020010864__attribute__((constructor))
10865static void __http_protocol_init(void)
10866{
10867 acl_register_keywords(&acl_kws);
Willy Tarreau12785782012-04-27 21:37:17 +020010868 sample_register_fetches(&sample_fetch_keywords);
Willy Tarreau276fae92013-07-25 14:36:01 +020010869 sample_register_convs(&sample_conv_kws);
Willy Tarreau8797c062007-05-07 00:55:35 +020010870}
10871
10872
Willy Tarreau58f10d72006-12-04 02:26:12 +010010873/*
Willy Tarreaubaaee002006-06-26 02:48:02 +020010874 * Local variables:
10875 * c-indent-level: 8
10876 * c-basic-offset: 8
10877 * End:
10878 */