FwdState.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 17 Request Forwarding */
10 
11 #include "squid.h"
12 #include "AccessLogEntry.h"
13 #include "acl/Address.h"
14 #include "acl/FilledChecklist.h"
15 #include "acl/Gadgets.h"
16 #include "anyp/PortCfg.h"
17 #include "CacheManager.h"
18 #include "CachePeer.h"
19 #include "client_side.h"
20 #include "clients/forward.h"
21 #include "clients/HttpTunneler.h"
22 #include "comm/Connection.h"
23 #include "comm/ConnOpener.h"
24 #include "comm/Loops.h"
25 #include "CommCalls.h"
26 #include "errorpage.h"
27 #include "event.h"
28 #include "fd.h"
29 #include "fde.h"
30 #include "FwdState.h"
31 #include "globals.h"
32 #include "gopher.h"
33 #include "HappyConnOpener.h"
34 #include "hier_code.h"
35 #include "http.h"
36 #include "http/Stream.h"
37 #include "HttpReply.h"
38 #include "HttpRequest.h"
39 #include "icmp/net_db.h"
40 #include "internal.h"
41 #include "ip/Intercept.h"
42 #include "ip/NfMarkConfig.h"
43 #include "ip/QosConfig.h"
44 #include "ip/tools.h"
45 #include "MemObject.h"
46 #include "mgr/Registration.h"
47 #include "neighbors.h"
48 #include "pconn.h"
49 #include "PeerPoolMgr.h"
50 #include "ResolvedPeers.h"
52 #include "SquidConfig.h"
53 #include "SquidTime.h"
55 #include "Store.h"
56 #include "StoreClient.h"
57 #include "urn.h"
58 #include "whois.h"
59 #if USE_OPENSSL
61 #include "ssl/Config.h"
62 #include "ssl/ErrorDetail.h"
63 #include "ssl/helper.h"
64 #include "ssl/ServerBump.h"
65 #include "ssl/support.h"
66 #else
68 #endif
69 
70 #include <cerrno>
71 
73 
74 static OBJH fwdStats;
75 
76 #define MAX_FWD_STATS_IDX 9
78 
79 PconnPool *fwdPconnPool = new PconnPool("server-peers", nullptr);
80 
82 
84 {
85 public:
87 
89  method_(method), fwd_(fwd), answer_() {}
90 
91  /* CallDialer API */
92  virtual bool canDial(AsyncCall &call) { return fwd_.valid(); }
93  void dial(AsyncCall &call) { ((&(*fwd_))->*method_)(answer_); }
94  virtual void print(std::ostream &os) const {
95  os << '(' << fwd_.get() << ", " << answer_ << ')';
96  }
97 
98  /* Security::PeerConnector::CbDialer API */
99  virtual Security::EncryptorAnswer &answer() { return answer_; }
100 
101 private:
105 };
106 
107 void
109 {
110  Pointer tmp = fwd; // Grab a temporary pointer to keep the object alive during our scope.
111 
112  if (Comm::IsConnOpen(fwd->serverConnection())) {
113  fwd->closeServerConnection("store entry aborted");
114  } else {
115  debugs(17, 7, HERE << "store entry aborted; no connection to close");
116  }
117  fwd->stopAndDestroy("store entry aborted");
118 }
119 
120 void
122 {
123  debugs(17, 3, "because " << reason << "; " << conn);
124  assert(!serverConn);
126  if (IsConnOpen(conn)) {
127  fwdPconnPool->noteUses(fd_table[conn->fd].pconn.uses);
128  conn->close();
129  }
130 }
131 
132 void
134 {
135  debugs(17, 3, "because " << reason << "; " << serverConn);
138  closeHandler = NULL;
139  fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses);
140  serverConn->close();
141 }
142 
143 /**** PUBLIC INTERFACE ********************************************************/
144 
146  entry(e),
147  request(r),
148  al(alp),
149  err(NULL),
150  clientConn(client),
151  start_t(squid_curtime),
152  n_tries(0),
153  destinations(new ResolvedPeers()),
154  pconnRace(raceImpossible)
155 {
156  debugs(17, 2, "Forwarding client request " << client << ", url=" << e->url());
158  e->lock("FwdState");
159  flags.connected_okay = false;
160  flags.dont_retry = false;
161  flags.forward_completed = false;
162  flags.destinationsFound = false;
163  debugs(17, 3, "FwdState constructed, this=" << this);
164 }
165 
166 // Called once, right after object creation, when it is safe to set self
168 {
169  // Protect ourselves from being destroyed when the only Server pointing
170  // to us is gone (while we expect to talk to more Servers later).
171  // Once we set self, we are responsible for clearing it when we do not
172  // expect to talk to any servers.
173  self = aSelf; // refcounted
174 
175  // We hope that either the store entry aborts or peer is selected.
176  // Otherwise we are going to leak our object.
177 
178  // Ftp::Relay needs to preserve control connection on data aborts
179  // so it registers its own abort handler that calls ours when needed.
180  if (!request->flags.ftpNative) {
181  AsyncCall::Pointer call = asyncCall(17, 4, "FwdState::Abort", cbdataDialer(&FwdState::HandleStoreAbort, this));
183  }
184 
185  // just in case; should already be initialized to false
186  request->flags.pinned = false;
187 
188 #if STRICT_ORIGINAL_DST
189  // Bug 3243: CVE 2009-0801
190  // Bypass of browser same-origin access control in intercepted communication
191  // To resolve this we must force DIRECT and only to the original client destination.
192  const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.interceptTproxy);
193  const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified);
194  if (isIntercepted && useOriginalDst) {
195  selectPeerForIntercepted();
196  return;
197  }
198 #endif
199 
200  // do full route options selection
202 }
203 
205 void
206 FwdState::stopAndDestroy(const char *reason)
207 {
208  debugs(17, 3, "for " << reason);
209 
210  if (opening())
211  cancelOpening(reason);
212 
213  PeerSelectionInitiator::subscribed = false; // may already be false
214  self = nullptr; // we hope refcounting destroys us soon; may already be nil
215  /* do not place any code here as this object may be gone by now */
216 }
217 
222 void
223 FwdState::cancelOpening(const char *reason)
224 {
225  assert(calls.connector);
226  calls.connector->cancel(reason);
227  calls.connector = nullptr;
229  connOpener.clear();
230 }
231 
232 #if STRICT_ORIGINAL_DST
233 void
235 FwdState::selectPeerForIntercepted()
236 {
237  // We do not support re-wrapping inside CONNECT.
238  // Our only alternative is to fake a noteDestination() call.
239 
240  // use pinned connection if available
241  if (ConnStateData *client = request->pinnedConnection()) {
242  // emulate the PeerSelector::selectPinned() "Skip ICP" effect
244 
245  usePinned();
246  return;
247  }
248 
249  // use client original destination as second preferred choice
250  const auto p = new Comm::Connection();
251  p->peerType = ORIGINAL_DST;
252  p->remote = clientConn->local;
254 
255  debugs(17, 3, HERE << "using client original destination: " << *p);
256  destinations->addPath(p);
259  useDestinations();
260 }
261 #endif
262 
263 void
265 {
266  if (flags.forward_completed) {
267  debugs(17, DBG_IMPORTANT, HERE << "FwdState::completed called on a completed request! Bad!");
268  return;
269  }
270 
271  flags.forward_completed = true;
272 
273  request->hier.stopPeerClock(false);
274 
276  debugs(17, 3, HERE << "entry aborted");
277  return ;
278  }
279 
280 #if URL_CHECKSUM_DEBUG
281 
282  entry->mem_obj->checkUrlChecksum();
283 #endif
284 
285  if (entry->store_status == STORE_PENDING) {
286  if (entry->isEmpty()) {
287  if (!err) // we quit (e.g., fd closed) before an error or content
289  assert(err);
291  err = NULL;
292 #if USE_OPENSSL
296  }
297 #endif
298  } else {
299  entry->complete();
301  }
302  }
303 
304  if (storePendingNClients(entry) > 0)
306 
307 }
308 
310 {
311  debugs(17, 3, "FwdState destructor start");
312 
313  if (! flags.forward_completed)
314  completed();
315 
316  doneWithRetries();
317 
319 
320  delete err;
321 
322  entry->unregisterAbortCallback("FwdState object destructed");
323 
324  entry->unlock("FwdState");
325 
326  entry = NULL;
327 
328  if (opening())
329  cancelOpening("~FwdState");
330 
332  closeServerConnection("~FwdState");
333 
334  debugs(17, 3, "FwdState destructed, this=" << this);
335 }
336 
342 void
344 {
359  ch.al = al;
361  ch.syncAle(request, nullptr);
362  if (ch.fastCheck().denied()) {
363  err_type page_id;
365 
366  if (page_id == ERR_NONE)
367  page_id = ERR_FORWARDING_DENIED;
368 
369  const auto anErr = new ErrorState(page_id, Http::scForbidden, request, al);
370  errorAppendEntry(entry, anErr); // frees anErr
371  return;
372  }
373  }
374 
375  debugs(17, 3, HERE << "'" << entry->url() << "'");
376  /*
377  * This seems like an odd place to bind mem_obj and request.
378  * Might want to assert that request is NULL at this point
379  */
381 #if URL_CHECKSUM_DEBUG
382 
383  entry->mem_obj->checkUrlChecksum();
384 #endif
385 
386  if (shutting_down) {
387  /* more yuck */
389  errorAppendEntry(entry, anErr); // frees anErr
390  return;
391  }
392 
393  if (request->flags.internal) {
394  debugs(17, 2, "calling internalStart() due to request flag");
396  return;
397  }
398 
399  switch (request->url.getScheme()) {
400 
402  debugs(17, 2, "calling CacheManager due to request scheme " << request->url.getScheme());
404  return;
405 
406  case AnyP::PROTO_URN:
408  return;
409 
410  default:
412  fwd->start(fwd);
413  return;
414  }
415 
416  /* NOTREACHED */
417 }
418 
419 void
421 {
422  // Hides AccessLogEntry.h from code that does not supply ALE anyway.
424 }
425 
428 static inline time_t
429 diffOrZero(const time_t larger, const time_t smaller)
430 {
431  return (larger > smaller) ? (larger - smaller) : 0;
432 }
433 
435 time_t
436 FwdState::ForwardTimeout(const time_t fwdStart)
437 {
438  // time already spent on forwarding (0 if clock went backwards)
439  const time_t timeSpent = diffOrZero(squid_curtime, fwdStart);
440  return diffOrZero(Config.Timeout.forward, timeSpent);
441 }
442 
443 bool
444 FwdState::EnoughTimeToReForward(const time_t fwdStart)
445 {
446  return ForwardTimeout(fwdStart) > 0;
447 }
448 
449 void
451 {
452  if (!destinations->empty()) {
453  connectStart();
454  } else {
456  debugs(17, 4, "wait for more destinations to try");
457  return; // expect a noteDestination*() call
458  }
459 
460  debugs(17, 3, HERE << "Connection failed: " << entry->url());
461  if (!err) {
463  fail(anErr);
464  } // else use actual error from last connection attempt
465 
466  stopAndDestroy("tried all destinations");
467  }
468 }
469 
470 void
472 {
473  debugs(17, 3, err_type_str[errorState->type] << " \"" << Http::StatusCodeString(errorState->httpStatus) << "\"\n\t" << entry->url());
474 
475  delete err;
476  err = errorState;
477 
478  if (!errorState->request)
479  errorState->request = request;
480 
481  if (err->type != ERR_ZERO_SIZE_OBJECT)
482  return;
483 
484  if (pconnRace == racePossible) {
485  debugs(17, 5, HERE << "pconn race happened");
487  if (destinationReceipt) {
489  destinationReceipt = nullptr;
490  }
491  }
492 
493  if (ConnStateData *pinned_connection = request->pinnedConnection()) {
494  pinned_connection->pinning.zeroReply = true;
495  debugs(17, 4, "zero reply on pinned connection");
496  }
497 }
498 
502 void
504 {
505  debugs(17, 3, HERE << entry->url() );
509  closeHandler = NULL;
510  serverConn = NULL;
511  destinationReceipt = nullptr;
512 }
513 
514 // \deprecated use unregister(Comm::ConnectionPointer &conn) instead
515 void
517 {
518  debugs(17, 3, HERE << entry->url() );
519  assert(fd == serverConnection()->fd);
521 }
522 
529 void
531 {
532  const auto replyStatus = entry->mem().baseReply().sline.status();
533  debugs(17, 3, *entry << " status " << replyStatus << ' ' << entry->url());
534 #if URL_CHECKSUM_DEBUG
535 
536  entry->mem_obj->checkUrlChecksum();
537 #endif
538 
539  logReplyStatus(n_tries, replyStatus);
540 
541  if (reforward()) {
542  debugs(17, 3, "re-forwarding " << replyStatus << " " << entry->url());
543 
546 
547  entry->reset();
548 
549  useDestinations();
550 
551  } else {
553  debugs(17, 3, "server FD " << serverConnection()->fd << " not re-forwarding status " << replyStatus);
554  else
555  debugs(17, 3, "server (FD closed) not re-forwarding status " << replyStatus);
556  entry->complete();
557 
559  completed();
560 
561  stopAndDestroy("forwarding completed");
562  }
563 }
564 
565 void
567 {
568  flags.destinationsFound = true;
569 
570  if (!path) {
571  // We can call usePinned() without fear of clashing with an earlier
572  // forwarding attempt because PINNED must be the first destination.
574  usePinned();
575  return;
576  }
577 
578  debugs(17, 3, path);
579 
580  destinations->addPath(path);
581 
583  // We are already using a previously opened connection, so we cannot be
584  // waiting for connOpener. We still receive destinations for backup.
585  Must(!opening());
586  return;
587  }
588 
589  if (opening()) {
591  return; // and continue to wait for FwdState::noteConnection() callback
592  }
593 
594  // This is the first path candidate we have seen. Create connOpener.
595  useDestinations();
596 }
597 
598 void
600 {
603 
604  if (!flags.destinationsFound) {
605  if (selectionError) {
606  debugs(17, 3, "Will abort forwarding because path selection has failed.");
607  Must(!err); // if we tried to connect, then path selection succeeded
608  fail(selectionError);
609  }
610  else if (err)
611  debugs(17, 3, "Will abort forwarding because all found paths have failed.");
612  else
613  debugs(17, 3, "Will abort forwarding because path selection found no paths.");
614 
615  useDestinations(); // will detect and handle the lack of paths
616  return;
617  }
618  // else continue to use one of the previously noted destinations;
619  // if all of them fail, forwarding as whole will fail
620  Must(!selectionError); // finding at least one path means selection succeeded
621 
623  // We are already using a previously opened connection, so we cannot be
624  // waiting for connOpener. We were receiving destinations for backup.
625  Must(!opening());
626  return;
627  }
628 
629  Must(opening()); // or we would be stuck with nothing to do or wait for
631  // and continue to wait for FwdState::noteConnection() callback
632 }
633 
635 void
637 {
639  debugs(17, 7, "reusing pending notification about " << *destinations);
640  } else {
641  debugs(17, 7, "notifying about " << *destinations);
643  CallJobHere(17, 5, connOpener, HappyConnOpener, noteCandidatesChange);
644  }
645 }
646 
647 /**** CALLBACK WRAPPERS ************************************************************/
648 
649 static void
651 {
652  FwdState *fwd = (FwdState *)params.data;
653  fwd->serverClosed(params.fd);
654 }
655 
656 /**** PRIVATE *****************************************************************/
657 
658 /*
659  * FwdState::checkRetry
660  *
661  * Return TRUE if the request SHOULD be retried. This method is
662  * called when the HTTP connection fails, or when the connection
663  * is closed before reading the end of HTTP headers from the server.
664  */
665 bool
667 {
668  if (shutting_down)
669  return false;
670 
671  if (!self) { // we have aborted before the server called us back
672  debugs(17, 5, HERE << "not retrying because of earlier abort");
673  // we will be destroyed when the server clears its Pointer to us
674  return false;
675  }
676 
678  return false;
679 
680  if (!entry->isEmpty())
681  return false;
682 
683  if (exhaustedTries())
684  return false;
685 
686  if (request->flags.pinned && !pinnedCanRetry())
687  return false;
688 
690  return false;
691 
692  if (flags.dont_retry)
693  return false;
694 
695  if (request->bodyNibbled())
696  return false;
697 
698  // NP: not yet actually connected anywhere. retry is safe.
699  if (!flags.connected_okay)
700  return true;
701 
702  if (!checkRetriable())
703  return false;
704 
705  return true;
706 }
707 
709 bool
711 {
712  // Optimize: A compliant proxy may retry PUTs, but Squid lacks the [rather
713  // complicated] code required to protect the PUT request body from being
714  // nibbled during the first try. Thus, Squid cannot retry some PUTs today.
715  if (request->body_pipe != NULL)
716  return false;
717 
718  // RFC2616 9.1 Safe and Idempotent Methods
720 }
721 
722 void
724 {
725  // XXX: fd is often -1 here
726  debugs(17, 2, "FD " << fd << " " << entry->url() << " after " <<
727  (fd >= 0 ? fd_table[fd].pconn.uses : -1) << " requests");
728  if (fd >= 0 && serverConnection()->fd == fd)
729  fwdPconnPool->noteUses(fd_table[fd].pconn.uses);
730  retryOrBail();
731 }
732 
733 void
735 {
736  if (checkRetry()) {
737  debugs(17, 3, HERE << "re-forwarding (" << n_tries << " tries, " << (squid_curtime - start_t) << " secs)");
738  useDestinations();
739  return;
740  }
741 
742  // TODO: should we call completed() here and move doneWithRetries there?
743  doneWithRetries();
744 
745  request->hier.stopPeerClock(false);
746 
747  if (self != NULL && !err && shutting_down && entry->isEmpty()) {
749  errorAppendEntry(entry, anErr);
750  }
751 
752  stopAndDestroy("cannot retry");
753 }
754 
755 // If the Server quits before nibbling at the request body, the body sender
756 // will not know (so that we can retry). Call this if we will not retry. We
757 // will notify the sender so that it does not get stuck waiting for space.
758 void
760 {
761  if (request && request->body_pipe != NULL)
763 }
764 
765 // called by the server that failed after calling unregister()
766 void
768 {
769  debugs(17, 2, HERE << "self=" << self << " err=" << err << ' ' << entry->url());
771  retryOrBail();
772 }
773 
775 template <typename StepStart>
776 void
777 FwdState::advanceDestination(const char *stepDescription, const Comm::ConnectionPointer &conn, const StepStart &startStep)
778 {
779  // TODO: Extract destination-specific handling from FwdState so that all the
780  // awkward, limited-scope advanceDestination() calls can be replaced with a
781  // single simple try/catch,retry block.
782  try {
783  startStep();
784  // now wait for the step callback
785  } catch (...) {
786  debugs (17, 2, "exception while trying to " << stepDescription << ": " << CurrentException);
787  closePendingConnection(conn, "connection preparation exception");
788  retryOrBail();
789  }
790 }
791 
794 void
796 {
798 
799  calls.connector = nullptr;
800  connOpener.clear();
801 
802  Must(n_tries <= answer.n_tries); // n_tries cannot decrease
803  n_tries = answer.n_tries;
804 
805  ErrorState *error = nullptr;
806  if ((error = answer.error.get())) {
807  flags.dont_retry = true; // or HappyConnOpener would not have given up
808  syncHierNote(answer.conn, request->url.host());
809  Must(!Comm::IsConnOpen(answer.conn));
810  answer.error.clear(); // preserve error for errorSendComplete()
811  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
812  // We do not know exactly why the connection got closed, so we play it
813  // safe, allowing retries only for persistent (reused) connections
814  if (answer.reused) {
815  destinationReceipt = answer.conn;
817  }
818  syncHierNote(answer.conn, request->url.host());
819  closePendingConnection(answer.conn, "conn was closed while waiting for noteConnection");
821  } else {
822  assert(!error);
823  destinationReceipt = answer.conn;
825  // serverConn remains nil until syncWithServerConn()
826  }
827 
828  if (error) {
829  fail(error);
830  retryOrBail();
831  return;
832  }
833 
834  if (answer.reused) {
835  syncWithServerConn(answer.conn, request->url.host(), answer.reused);
836  return dispatch();
837  }
838 
839  // Check if we need to TLS before use
840  if (const auto *peer = answer.conn->getPeer()) {
841  // Assume that it is only possible for the client-first from the
842  // bumping modes to try connect to a remote server. The bumped
843  // requests with other modes are using pinned connections or fails.
844  const bool clientFirstBump = request->flags.sslBumped;
845  // We need a CONNECT tunnel to send encrypted traffic through a proxy,
846  // but we do not support TLS inside TLS, so we exclude HTTPS proxies.
847  const bool originWantsEncryptedTraffic =
849  request->flags.sslPeek ||
850  clientFirstBump;
851  if (originWantsEncryptedTraffic && // the "encrypted traffic" part
852  !peer->options.originserver && // the "through a proxy" part
853  !peer->secure.encryptTransport) // the "exclude HTTPS proxies" part
854  return advanceDestination("establish tunnel through proxy", answer.conn, [this,&answer] {
855  establishTunnelThruProxy(answer.conn);
856  });
857  }
858 
860 }
861 
862 void
864 {
866  "FwdState::tunnelEstablishmentDone",
868  HttpRequest::Pointer requestPointer = request;
869  const auto tunneler = new Http::Tunneler(conn, requestPointer, callback, connectingTimeout(conn), al);
870 
871  // TODO: Replace this hack with proper Comm::Connection-Pool association
872  // that is not tied to fwdPconnPool and can handle disappearing pools.
873  tunneler->noteFwdPconnUse = true;
874 
875 #if USE_DELAY_POOLS
876  Must(conn);
877  Must(conn->getPeer());
878  if (!conn->getPeer()->options.no_delay)
879  tunneler->setDelayId(entry->mem_obj->mostBytesAllowed());
880 #endif
881  AsyncJob::Start(tunneler);
882  // and wait for the tunnelEstablishmentDone() call
883 }
884 
886 void
888 {
889  ErrorState *error = nullptr;
890  if (!answer.positive()) {
891  Must(!Comm::IsConnOpen(answer.conn));
892  error = answer.squidError.get();
893  Must(error);
894  answer.squidError.clear(); // preserve error for fail()
895  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
896  // The socket could get closed while our callback was queued.
897  // We close Connection here to sync Connection::fd.
898  closePendingConnection(answer.conn, "conn was closed while waiting for tunnelEstablishmentDone");
900  } else if (!answer.leftovers.isEmpty()) {
901  // This should not happen because TLS servers do not speak first. If we
902  // have to handle this, then pass answer.leftovers via a PeerConnector
903  // to ServerBio. See ClientBio::setReadBufData().
904  static int occurrences = 0;
905  const auto level = (occurrences++ < 100) ? DBG_IMPORTANT : 2;
906  debugs(17, level, "ERROR: Early data after CONNECT response. " <<
907  "Found " << answer.leftovers.length() << " bytes. " <<
908  "Closing " << answer.conn);
910  closePendingConnection(answer.conn, "server spoke before tunnelEstablishmentDone");
911  }
912  if (error) {
913  fail(error);
914  retryOrBail();
915  return;
916  }
917 
919 }
920 
922 void
924 {
926 
927  const auto p = conn->getPeer();
928  const bool peerWantsTls = p && p->secure.encryptTransport;
929  // userWillTlsToPeerForUs assumes CONNECT == HTTPS
930  const bool userWillTlsToPeerForUs = p && p->options.originserver &&
932  const bool needTlsToPeer = peerWantsTls && !userWillTlsToPeerForUs;
933  const bool clientFirstBump = request->flags.sslBumped; // client-first (already) bumped connection
934  const bool needsBump = request->flags.sslPeek || clientFirstBump;
935 
936  // 'GET https://...' requests. If a peer is used the request is forwarded
937  // as is
938  const bool needTlsToOrigin = !p && request->url.getScheme() == AnyP::PROTO_HTTPS && !clientFirstBump;
939 
940  if (needTlsToPeer || needTlsToOrigin || needsBump) {
941  return advanceDestination("secure connection to peer", conn, [this,&conn] {
943  });
944  }
945 
946  // if not encrypting just run the post-connect actions
948 }
949 
951 void
953 {
954  HttpRequest::Pointer requestPointer = request;
956  "FwdState::ConnectedToPeer",
958  const auto sslNegotiationTimeout = connectingTimeout(conn);
960 #if USE_OPENSSL
961  if (request->flags.sslPeek)
962  connector = new Ssl::PeekingPeerConnector(requestPointer, conn, clientConn, callback, al, sslNegotiationTimeout);
963  else
964 #endif
965  connector = new Security::BlindPeerConnector(requestPointer, conn, callback, al, sslNegotiationTimeout);
966  connector->noteFwdPconnUse = true;
967  AsyncJob::Start(connector); // will call our callback
968 }
969 
971 void
973 {
974  ErrorState *error = nullptr;
975  if ((error = answer.error.get())) {
976  Must(!Comm::IsConnOpen(answer.conn));
977  answer.error.clear(); // preserve error for errorSendComplete()
978  } else if (answer.tunneled) {
979  // TODO: When ConnStateData establishes tunnels, its state changes
980  // [in ways that may affect logging?]. Consider informing
981  // ConnStateData about our tunnel or otherwise unifying tunnel
982  // establishment [side effects].
983  complete(); // destroys us
984  return;
985  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
986  closePendingConnection(answer.conn, "conn was closed while waiting for connectedToPeer");
988  }
989 
990  if (error) {
991  fail(error);
992  retryOrBail();
993  return;
994  }
995 
997 }
998 
1000 void
1002 {
1003  syncWithServerConn(conn, request->url.host(), false);
1004 
1005  // should reach ConnStateData before the dispatched Client job starts
1008 
1009  if (serverConnection()->getPeer())
1010  peerConnectSucceded(serverConnection()->getPeer());
1011 
1012  dispatch();
1013 }
1014 
1016 void
1017 FwdState::syncWithServerConn(const Comm::ConnectionPointer &conn, const char *host, const bool reused)
1018 {
1019  Must(IsConnOpen(conn));
1020  serverConn = conn;
1021  // no effect on destinationReceipt (which may even be nil here)
1022 
1024 
1025  if (reused) {
1028  } else {
1030  // Comm::ConnOpener already applied proper/current markings
1031  }
1032 
1033  syncHierNote(serverConn, host);
1034 }
1035 
1036 void
1038 {
1039  if (request)
1041  if (al)
1042  al->hier.resetPeerNotes(server, host);
1043 }
1044 
1050 void
1052 {
1053  debugs(17, 3, *destinations << " to " << entry->url());
1054 
1056 
1057  assert(!destinations->empty());
1058  assert(!opening());
1059 
1060  // Ditch error page if it was created before.
1061  // A new one will be created if there's another problem
1062  delete err;
1063  err = nullptr;
1064  request->clearError();
1065  serverConn = nullptr;
1066  destinationReceipt = nullptr;
1067 
1069 
1070  calls.connector = asyncCall(17, 5, "FwdState::noteConnection", HappyConnOpener::CbDialer<FwdState>(&FwdState::noteConnection, this));
1071 
1072  HttpRequest::Pointer cause = request;
1073  const auto cs = new HappyConnOpener(destinations, calls.connector, cause, start_t, n_tries, al);
1074  cs->setHost(request->url.host());
1075  bool retriable = checkRetriable();
1076  if (!retriable && Config.accessList.serverPconnForNonretriable) {
1078  ch.al = al;
1079  ch.syncAle(request, nullptr);
1080  retriable = ch.fastCheck().allowed();
1081  }
1082  cs->setRetriable(retriable);
1083  cs->allowPersistent(pconnRace != raceHappened);
1084  destinations->notificationPending = true; // start() is async
1085  connOpener = cs;
1086  AsyncJob::Start(cs);
1087 }
1088 
1090 void
1092 {
1093  const auto connManager = request->pinnedConnection();
1094  debugs(17, 7, "connection manager: " << connManager);
1095 
1096  try {
1097  // TODO: Refactor syncWithServerConn() and callers to always set
1098  // serverConn inside that method.
1100  debugs(17, 5, "connection: " << serverConn);
1101  } catch (ErrorState * const anErr) {
1102  syncHierNote(nullptr, connManager ? connManager->pinning.host : request->url.host());
1103  serverConn = nullptr;
1104  fail(anErr);
1105  // Connection managers monitor their idle pinned to-server
1106  // connections and close from-client connections upon seeing
1107  // a to-server connection closure. Retrying here is futile.
1108  stopAndDestroy("pinned connection failure");
1109  return;
1110  }
1111 
1112  ++n_tries;
1113  request->flags.pinned = true;
1114 
1115  assert(connManager);
1116  if (connManager->pinnedAuth())
1117  request->flags.auth = true;
1118 
1119  // the server may close the pinned connection before this request
1120  const auto reused = true;
1121  syncWithServerConn(serverConn, connManager->pinning.host, reused);
1122 
1123  dispatch();
1124 }
1125 
1126 void
1128 {
1129  debugs(17, 3, clientConn << ": Fetching " << request->method << ' ' << entry->url());
1130  /*
1131  * Assert that server_fd is set. This is to guarantee that fwdState
1132  * is attached to something and will be deallocated when server_fd
1133  * is closed.
1134  */
1136 
1137  fd_note(serverConnection()->fd, entry->url());
1138 
1139  fd_table[serverConnection()->fd].noteUse();
1140 
1141  /*assert(!EBIT_TEST(entry->flags, ENTRY_DISPATCHED)); */
1143 
1144  assert(entry->locked());
1145 
1147 
1148  flags.connected_okay = true;
1149 
1151 
1152  /* Retrieves remote server TOS or MARK value, and stores it as part of the
1153  * original client request FD object. It is later used to forward
1154  * remote server's TOS/MARK in the response to the client in case of a MISS.
1155  */
1156  if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
1158  fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos
1159  /* Get the netfilter CONNMARK */
1161  }
1162  }
1163 
1164 #if _SQUID_LINUX_
1165  /* Bug 2537: The TOS forward part of QOS only applies to patched Linux kernels. */
1166  if (Ip::Qos::TheConfig.isHitTosActive()) {
1168  fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos
1169  /* Get the TOS value for the packet */
1171  }
1172  }
1173 #endif
1174 
1175 #if USE_OPENSSL
1176  if (request->flags.sslPeek) {
1179  unregister(serverConn); // async call owns it now
1180  complete(); // destroys us
1181  return;
1182  }
1183 #endif
1184 
1185  if (const auto peer = serverConnection()->getPeer()) {
1186  ++peer->stats.fetches;
1187  request->prepForPeering(*peer);
1188  httpStart(this);
1189  } else {
1192 
1193  switch (request->url.getScheme()) {
1194 
1195  case AnyP::PROTO_HTTPS:
1196  httpStart(this);
1197  break;
1198 
1199  case AnyP::PROTO_HTTP:
1200  httpStart(this);
1201  break;
1202 
1203  case AnyP::PROTO_GOPHER:
1204  gopherStart(this);
1205  break;
1206 
1207  case AnyP::PROTO_FTP:
1208  if (request->flags.ftpNative)
1209  Ftp::StartRelay(this);
1210  else
1211  Ftp::StartGateway(this);
1212  break;
1213 
1215 
1216  case AnyP::PROTO_URN:
1217  fatal_dump("Should never get here");
1218  break;
1219 
1220  case AnyP::PROTO_WHOIS:
1221  whoisStart(this);
1222  break;
1223 
1224  case AnyP::PROTO_WAIS: /* Not implemented */
1225 
1226  default:
1227  debugs(17, DBG_IMPORTANT, "WARNING: Cannot retrieve '" << entry->url() << "'.");
1228  const auto anErr = new ErrorState(ERR_UNSUP_REQ, Http::scBadRequest, request, al);
1229  fail(anErr);
1230  // Set the dont_retry flag because this is not a transient (network) error.
1231  flags.dont_retry = true;
1233  serverConn->close(); // trigger cleanup
1234  }
1235  break;
1236  }
1237  }
1238 }
1239 
1240 /*
1241  * FwdState::reforward
1242  *
1243  * returns TRUE if the transaction SHOULD be re-forwarded to the
1244  * next choice in the serverDestinations list. This method is called when
1245  * peer communication completes normally, or experiences
1246  * some error after receiving the end of HTTP headers.
1247  */
1248 int
1250 {
1251  StoreEntry *e = entry;
1252 
1253  if (EBIT_TEST(e->flags, ENTRY_ABORTED)) {
1254  debugs(17, 3, HERE << "entry aborted");
1255  return 0;
1256  }
1257 
1259  assert(e->mem_obj);
1260 #if URL_CHECKSUM_DEBUG
1261 
1262  e->mem_obj->checkUrlChecksum();
1263 #endif
1264 
1265  debugs(17, 3, HERE << e->url() << "?" );
1266 
1267  if (request->flags.pinned && !pinnedCanRetry()) {
1268  debugs(17, 3, "pinned connection; cannot retry");
1269  return 0;
1270  }
1271 
1272  if (!EBIT_TEST(e->flags, ENTRY_FWD_HDR_WAIT)) {
1273  debugs(17, 3, HERE << "No, ENTRY_FWD_HDR_WAIT isn't set");
1274  return 0;
1275  }
1276 
1277  if (exhaustedTries())
1278  return 0;
1279 
1280  if (request->bodyNibbled())
1281  return 0;
1282 
1284  debugs(17, 3, HERE << "No alternative forwarding paths left");
1285  return 0;
1286  }
1287 
1288  const auto s = entry->mem().baseReply().sline.status();
1289  debugs(17, 3, HERE << "status " << s);
1290  return reforwardableStatus(s);
1291 }
1292 
1293 static void
1295 {
1296  int i;
1297  int j;
1298  storeAppendPrintf(s, "Status");
1299 
1300  for (j = 1; j < MAX_FWD_STATS_IDX; ++j) {
1301  storeAppendPrintf(s, "\ttry#%d", j);
1302  }
1303 
1304  storeAppendPrintf(s, "\n");
1305 
1306  for (i = 0; i <= (int) Http::scInvalidHeader; ++i) {
1307  if (FwdReplyCodes[0][i] == 0)
1308  continue;
1309 
1310  storeAppendPrintf(s, "%3d", i);
1311 
1312  for (j = 0; j <= MAX_FWD_STATS_IDX; ++j) {
1313  storeAppendPrintf(s, "\t%d", FwdReplyCodes[j][i]);
1314  }
1315 
1316  storeAppendPrintf(s, "\n");
1317  }
1318 }
1319 
1320 /**** STATIC MEMBER FUNCTIONS *************************************************/
1321 
1322 bool
1324 {
1325  switch (s) {
1326 
1327  case Http::scBadGateway:
1328 
1330  return true;
1331 
1332  case Http::scForbidden:
1333 
1335 
1337 
1339  return Config.retry.onerror;
1340 
1341  default:
1342  return false;
1343  }
1344 
1345  /* NOTREACHED */
1346 }
1347 
1348 void
1350 {
1352 }
1353 
1354 void
1356 {
1357  Mgr::RegisterAction("forward", "Request Forwarding Statistics", fwdStats, 0, 1);
1358 }
1359 
1360 void
1362 {
1363  if (status > Http::scInvalidHeader)
1364  return;
1365 
1366  assert(tries >= 0);
1367 
1368  if (tries > MAX_FWD_STATS_IDX)
1369  tries = MAX_FWD_STATS_IDX;
1370 
1371  ++ FwdReplyCodes[tries][status];
1372 }
1373 
1374 bool
1376 {
1377  return n_tries >= Config.forward_max_tries;
1378 }
1379 
1380 bool
1382 {
1384 
1385  // pconn race on pinned connection: Currently we do not have any mechanism
1386  // to retry current pinned connection path.
1387  if (pconnRace == raceHappened)
1388  return false;
1389 
1390  // If a bumped connection was pinned, then the TLS client was given our peer
1391  // details. Do not retry because we do not ensure that those details stay
1392  // constant. Step1-bumped connections do not get our TLS peer details, are
1393  // never pinned, and, hence, never reach this method.
1394  if (request->flags.sslBumped)
1395  return false;
1396 
1397  // The other pinned cases are FTP proxying and connection-based HTTP
1398  // authentication. TODO: Do these cases have restrictions?
1399  return true;
1400 }
1401 
1402 time_t
1404 {
1405  const auto connTimeout = conn->connectTimeout(start_t);
1406  return positiveTimeout(connTimeout);
1407 }
1408 
1409 /**** PRIVATE NON-MEMBER FUNCTIONS ********************************************/
1410 
1411 /*
1412  * DPW 2007-05-19
1413  * Formerly static, but now used by client_side_request.cc
1414  */
1416 tos_t
1418 {
1419  for (acl_tos *l = head; l; l = l->next) {
1420  if (!l->aclList || ch->fastCheck(l->aclList).allowed())
1421  return l->tos;
1422  }
1423 
1424  return 0;
1425 }
1426 
1430 {
1431  for (acl_nfmark *l = head; l; l = l->next) {
1432  if (!l->aclList || ch->fastCheck(l->aclList).allowed())
1433  return l->markConfig;
1434  }
1435 
1436  return {};
1437 }
1438 
1439 void
1441 {
1442  // skip if an outgoing address is already set.
1443  if (!conn->local.isAnyAddr()) return;
1444 
1445  // ensure that at minimum the wildcard local matches remote protocol
1446  if (conn->remote.isIPv4())
1447  conn->local.setIPv4();
1448 
1449  // maybe use TPROXY client address
1450  if (request && request->flags.spoofClientIp) {
1451  if (!conn->getPeer() || !conn->getPeer()->options.no_tproxy) {
1452 #if FOLLOW_X_FORWARDED_FOR && LINUX_NETFILTER
1454  conn->local = request->indirect_client_addr;
1455  else
1456 #endif
1457  conn->local = request->client_addr;
1458  conn->local.port(0); // let OS pick the source port to prevent address clashes
1459  // some flags need setting on the socket to use this address
1460  conn->flags |= COMM_DOBIND;
1461  conn->flags |= COMM_TRANSPARENT;
1462  return;
1463  }
1464  // else no tproxy today ...
1465  }
1466 
1468  return; // anything will do.
1469  }
1470 
1472  ch.dst_peer_name = conn->getPeer() ? conn->getPeer()->name : NULL;
1473  ch.dst_addr = conn->remote;
1474 
1475  // TODO use the connection details in ACL.
1476  // needs a bit of rework in ACLFilledChecklist to use Comm::Connection instead of ConnStateData
1477 
1478  for (Acl::Address *l = Config.accessList.outgoing_address; l; l = l->next) {
1479 
1480  /* check if the outgoing address is usable to the destination */
1481  if (conn->remote.isIPv4() != l->addr.isIPv4()) continue;
1482 
1483  /* check ACLs for this outgoing address */
1484  if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
1485  conn->local = l->addr;
1486  return;
1487  }
1488  }
1489 }
1490 
1492 static tos_t
1494 {
1495  if (!Ip::Qos::TheConfig.tosToServer)
1496  return 0;
1497 
1499  ch.dst_peer_name = conn.getPeer() ? conn.getPeer()->name : nullptr;
1500  ch.dst_addr = conn.remote;
1501  return aclMapTOS(Ip::Qos::TheConfig.tosToServer, &ch);
1502 }
1503 
1505 static nfmark_t
1507 {
1508  if (!Ip::Qos::TheConfig.nfmarkToServer)
1509  return 0;
1510 
1512  ch.dst_peer_name = conn.getPeer() ? conn.getPeer()->name : nullptr;
1513  ch.dst_addr = conn.remote;
1514  const auto mc = aclFindNfMarkConfig(Ip::Qos::TheConfig.nfmarkToServer, &ch);
1515  return mc.mark;
1516 }
1517 
1518 void
1520 {
1521  // Get the server side TOS and Netfilter mark to be set on the connection.
1522  conn.tos = GetTosToServer(request, conn);
1523  conn.nfmark = GetNfmarkToServer(request, conn);
1524  debugs(17, 3, "from " << conn.local << " tos " << int(conn.tos) << " netfilter mark " << conn.nfmark);
1525 }
1526 
1527 void
1529 {
1531 
1532  // TODO: Avoid these calls if markings has not changed.
1533  if (conn.tos)
1534  Ip::Qos::setSockTos(&conn, conn.tos);
1535  if (conn.nfmark)
1536  Ip::Qos::setSockNfmark(&conn, conn.nfmark);
1537 }
1538 
bool bodyNibbled() const
Definition: HttpRequest.cc:443
Cbc * get() const
a temporary valid raw Cbc pointer or NULL
Definition: CbcPointer.h:162
AsyncCall::Pointer comm_add_close_handler(int fd, CLCB *handler, void *data)
Definition: comm.cc:983
bool tunneled
whether we spliced the connections instead of negotiating encryption
void noteConnection(HappyConnOpenerAnswer &)
Definition: FwdState.cc:795
FwdStatePeerAnswerDialer(Method method, FwdState *fwd)
Definition: FwdState.cc:88
static OBJH fwdStats
Definition: FwdState.cc:74
#define MAX_FWD_STATS_IDX
Definition: FwdState.cc:76
Ip::Address dst_addr
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
bool interceptTproxy
Set for requests handled by a "tproxy" port.
Definition: RequestFlags.h:66
BodyPipe::Pointer body_pipe
optional pipeline to receive message body
Definition: Message.h:98
Comm::ConnectionPointer serverConn
a successfully opened connection to a server.
Definition: FwdState.h:200
Acl::Address * outgoing_address
Definition: SquidConfig.h:384
struct squidaio_request_t * next
Definition: aiops.cc:51
time_t start_t
Definition: FwdState.h:183
void unregisterAbortCallback(const char *reason)
Definition: store.cc:1524
void releaseRequest(const bool shareable=false)
Definition: store.cc:472
void whoisStart(FwdState *fwd)
Definition: whois.cc:55
Ip::Address src_addr
void stopPeerClock(const bool force)
Definition: access_log.cc:303
@ scBadRequest
Definition: StatusCode.h:44
int setSockNfmark(const Comm::ConnectionPointer &conn, nfmark_t mark)
Definition: QosConfig.cc:586
bool destinationsFinalized
whether all of the available candidate paths received from DNS
Definition: ResolvedPeers.h:81
void(FwdState::* Method)(Security::EncryptorAnswer &)
Definition: FwdState.cc:86
void fd_note(int fd, const char *s)
Definition: fd.cc:246
CbcPointer< ErrorState > error
problem details (nil on success)
#define EBIT_SET(flag, bit)
Definition: defines.h:105
void errorAppendEntry(StoreEntry *entry, ErrorState *err)
Definition: errorpage.cc:711
bool isEmpty() const
Definition: SBuf.h:420
const char * StatusCodeString(const Http::StatusCode status)
Definition: StatusCode.cc:14
MemObject * mem_obj
Definition: Store.h:213
RequestFlags flags
Definition: HttpRequest.h:141
CbcPointer< ErrorState > error
problem details (nil on success)
void clearError()
clear error details, useful for retries/repeats
Definition: HttpRequest.cc:482
static void initModule()
Definition: FwdState.cc:1349
void addPath(const Comm::ConnectionPointer &)
add a candidate path to try after all the existing paths
void syncWithServerConn(const Comm::ConnectionPointer &server, const char *host, const bool reused)
commits to using the given open to-peer connection
Definition: FwdState.cc:1017
const char * url() const
Definition: store.cc:1601
MemObject & mem()
Definition: Store.h:52
void useDestinations()
Definition: FwdState.cc:450
@ ERR_NONE
Definition: err_type.h:13
static CLCB fwdServerClosedWrapper
Definition: FwdState.cc:72
void secureConnectionToPeerIfNeeded(const Comm::ConnectionPointer &)
handles an established TCP connection to peer (including origin servers)
Definition: FwdState.cc:923
void storeAppendPrintf(StoreEntry *e, const char *fmt,...)
Definition: store.cc:880
void lock(const char *context)
Definition: store.cc:459
struct SquidConfig::@116 retry
void error(char *format,...)
unsigned int nfConnmarkFromServer
Definition: fde.h:171
struct SquidConfig::@113 accessList
AccessLogEntryPointer al
info for the future access.log entry
Definition: FwdState.h:174
bool isHttpSafe() const
void startSelectingDestinations(HttpRequest *request, const AccessLogEntry::Pointer &ale, StoreEntry *entry)
Definition: peer_select.cc:334
void getTosFromServer(const Comm::ConnectionPointer &server, fde *clientFde)
Definition: QosConfig.cc:41
int tproxy_uses_indirect_client
Definition: SquidConfig.h:336
acl_access * miss
Definition: SquidConfig.h:366
@ PING_WAITING
Sent ICP queries to peers and still awaiting responses.
Definition: enums.h:43
int const char int
Definition: stub_libmem.cc:75
void internalStart(const Comm::ConnectionPointer &clientConn, HttpRequest *request, StoreEntry *entry, const AccessLogEntry::Pointer &ale)
Definition: internal.cc:32
@ raceHappened
Definition: FwdState.h:206
time_t connectingTimeout(const Comm::ConnectionPointer &conn) const
Definition: FwdState.cc:1403
DelayId mostBytesAllowed() const
Definition: MemObject.cc:478
virtual void print(std::ostream &os) const
Definition: FwdState.cc:94
bool hostVerified
Definition: RequestFlags.h:64
PconnPool * fwdPconnPool
a collection of previously used persistent Squid-to-peer HTTP(S) connections
Definition: FwdState.cc:79
void noteUses(int uses)
Definition: pconn.cc:536
void advanceDestination(const char *stepDescription, const Comm::ConnectionPointer &conn, const StepStart &startStep)
starts a preparation step for an established connection; retries on failures
Definition: FwdState.cc:777
int fd
FD which the call was about. Set by the async call creator.
Definition: CommCalls.h:90
void cancelOpening(const char *reason)
Definition: FwdState.cc:223
HierarchyLogEntry hier
void connectStart()
Definition: FwdState.cc:1051
unsigned char tos_t
Definition: forward.h:26
uint16_t flags
Definition: Store.h:224
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
bool IsConnOpen(const Comm::ConnectionPointer &conn)
Definition: Connection.cc:26
@ dirOpened
opened (by Squid to an origin server or peer)
Definition: QosConfig.h:68
void usePinned()
send request on an existing connection dedicated to the requesting client
Definition: FwdState.cc:1091
Http::StatusLine sline
Definition: HttpReply.h:60
void HTTPMSGUNLOCK(M *&a)
Definition: Message.h:149
void syncHierNote(const Comm::ConnectionPointer &server, const char *host)
Definition: FwdState.cc:1037
void tunnelEstablishmentDone(Http::TunnelerAnswer &answer)
resumes operations after the (possibly failed) HTTP CONNECT exchange
Definition: FwdState.cc:887
StatusCode
Definition: StatusCode.h:20
static CacheManager * GetInstance()
void unregister(Comm::ConnectionPointer &conn)
Definition: FwdState.cc:503
void CLCB(const CommCloseCbParams &params)
Definition: CommCalls.h:42
void fail(ErrorState *err)
Definition: FwdState.cc:471
Acl::Address * next
Definition: Address.h:27
A PeerConnector for HTTP origin servers. Capable of SslBumping.
acl_access * serverPconnForNonretriable
Definition: SquidConfig.h:409
AsyncCall::Pointer connector
a call linking us to the ConnOpener producing serverConn.
Definition: FwdState.h:188
static void Start(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *, const AccessLogEntryPointer &alp)
Initiates request forwarding to a peer or origin server.
Definition: FwdState.cc:343
@ ORIGINAL_DST
Definition: hier_code.h:36
@ ERR_CANNOT_FORWARD
Definition: err_type.h:21
void reset()
Definition: store.cc:1656
#define DBG_IMPORTANT
Definition: Debug.h:46
struct FwdState::@72 calls
AclDenyInfoList * denyInfoList
Definition: SquidConfig.h:412
static time_t diffOrZero(const time_t larger, const time_t smaller)
Definition: FwdState.cc:429
Callback dialer API to allow Tunneler to set the answer.
Definition: HttpTunneler.h:39
bool isIdempotent() const
Definition: fde.h:51
static void RegisterWithCacheManager(void)
Definition: FwdState.cc:1355
Security::EncryptorAnswer answer_
Definition: FwdState.cc:104
static void HandleStoreAbort(FwdState *)
called by Store if the entry is no longer usable
Definition: FwdState.cc:108
@ racePossible
Definition: FwdState.h:206
bool empty() const
whether we lack any known candidate paths
Definition: ResolvedPeers.h:45
list of address-based ACLs.
Definition: Address.h:19
void getOutgoingAddress(HttpRequest *request, const Comm::ConnectionPointer &conn)
Definition: FwdState.cc:1440
virtual void noteDestination(Comm::ConnectionPointer conn) override
called when a new unique destination has been found
Definition: FwdState.cc:566
CbcPointer< FwdState > fwd_
Definition: FwdState.cc:103
void stopAndDestroy(const char *reason)
ends forwarding; relies on refcounting so the effect may not be immediate
Definition: FwdState.cc:206
@ PROTO_URN
Definition: ProtocolType.h:37
void closeServerConnection(const char *reason)
stops monitoring server connection for closure and updates pconn stats
Definition: FwdState.cc:133
@ scGatewayTimeout
Definition: StatusCode.h:75
@ ENTRY_FWD_HDR_WAIT
Definition: enums.h:111
#define COMM_TRANSPARENT
Definition: Connection.h:50
UnaryCbdataDialer< Argument1 > cbdataDialer(typename UnaryCbdataDialer< Argument1 >::Handler *handler, Argument1 *arg1)
const char * AclMatchedName
Definition: Acl.cc:30
Comm::ConnectionPointer conn
peer connection (secured on success)
void peerConnectSucceded(CachePeer *p)
Definition: neighbors.cc:1297
const char * err_type_str[]
bool exhaustedTries() const
whether we have used up all permitted forwarding attempts
Definition: FwdState.cc:1375
parameters for the async notePinnedConnectionBecameIdle() call
Definition: client_side.h:170
void serverClosed(int fd)
Definition: FwdState.cc:723
void OBJH(StoreEntry *)
Definition: forward.h:44
#define NULL
Definition: types.h:166
static nfmark_t GetNfmarkToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1506
@ scForbidden
Definition: StatusCode.h:47
err_type aclGetDenyInfoPage(AclDenyInfoList **head, const char *name, int redirect_allowed)
Definition: Gadgets.cc:41
void ResetMarkingsToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1528
void dispatch()
Definition: FwdState.cc:1127
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:128
bool pinnedCanRetry() const
Definition: FwdState.cc:1381
@ scNotImplemented
Definition: StatusCode.h:72
Http::StatusCode status() const
retrieve the status code for this status line
Definition: StatusLine.h:45
const HttpReply & baseReply() const
Definition: MemObject.h:59
const Comm::ConnectionPointer & serverConnection() const
Definition: FwdState.h:110
void doneWithRetries()
Definition: FwdState.cc:759
err_type type
Definition: errorpage.h:171
void start(const Comm::ConnectionPointer &client, HttpRequest *request, StoreEntry *entry, const AccessLogEntryPointer &ale)
HttpRequestPointer request
Definition: errorpage.h:178
const Acl::Answer & fastCheck()
Definition: Checklist.cc:336
static Pointer Start(AsyncJob *job)
starts a freshly created job (i.e., makes the job asynchronous)
Definition: AsyncJob.cc:23
virtual ~FwdState()
Definition: FwdState.cc:309
@ scBadGateway
Definition: StatusCode.h:73
ConnStateData * pinnedConnection()
Definition: HttpRequest.cc:686
@ ERR_CONNECT_FAIL
Definition: err_type.h:28
Ip::Address local
Definition: Connection.h:156
#define EBIT_TEST(flag, bit)
Definition: defines.h:107
CachePeer * getPeer() const
Definition: Connection.cc:105
bool subscribed
whether noteDestination() and noteDestinationsEnd() calls are allowed
std::ostream & HERE(std::ostream &s)
Definition: Debug.h:157
ping_status_t ping_status
Definition: Store.h:234
void successfullyConnectedToPeer(const Comm::ConnectionPointer &)
called when all negotiations with the peer have been completed
Definition: FwdState.cc:1001
void httpsPeeked(PinnedIdleContext pic)
called by FwdState when it is done bumping the server
err_type
Definition: err_type.h:12
@ METHOD_CONNECT
Definition: MethodType.h:29
void establishTunnelThruProxy(const Comm::ConnectionPointer &)
Definition: FwdState.cc:863
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:49
#define CallJobHere(debugSection, debugLevel, job, Class, method)
Definition: AsyncJobCalls.h:58
int unlock(const char *context)
Definition: store.cc:483
@ ERR_UNSUP_REQ
Definition: err_type.h:42
Comm::ConnectionPointer clientConn
a possibly open connection to the client.
Definition: FwdState.h:182
virtual void noteDestinationsEnd(ErrorState *selectionError) override
Definition: FwdState.cc:599
bool denied() const
Definition: Acl.h:149
FwdState(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *, const AccessLogEntryPointer &alp)
Definition: FwdState.cc:145
AsyncCall::Pointer closeHandler
The serverConn close handler.
Definition: FwdState.h:203
int n_tries
the number of forwarding attempts so far
Definition: FwdState.h:184
int client_dst_passthru
Definition: SquidConfig.h:344
store_status_t store_status
Definition: Store.h:236
static tos_t GetTosToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1493
int conn
the current server connection FD
Definition: Transport.cc:26
#define assert(EX)
Definition: assert.h:19
void startPeerClock()
Start recording total time spent communicating with peers.
Definition: access_log.cc:296
bool intercepted
Definition: RequestFlags.h:62
virtual bool canDial(AsyncCall &call)
Definition: FwdState.cc:92
uint32_t nfmark_t
Definition: forward.h:25
HierarchyLogEntry hier
Definition: HttpRequest.h:157
virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const
assigns uninitialized adapted_request and url ALE components
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:160
static bool EnoughTimeToReForward(const time_t fwdStart)
Definition: FwdState.cc:444
std::ostream & CurrentException(std::ostream &os)
prints active (i.e., thrown but not yet handled) exception
static time_t ForwardTimeout(const time_t fwdStart)
time left to finish the whole forwarding process (which started at fwdStart)
Definition: FwdState.cc:436
void clear()
make pointer not set; does not invalidate cbdata
Definition: CbcPointer.h:144
@ scServiceUnavailable
Definition: StatusCode.h:74
@ ERR_READ_ERROR
Definition: err_type.h:26
const AnyP::UriScheme & getScheme() const
Definition: Uri.h:67
void retryOrBail()
Definition: FwdState.cc:734
bool checkRetry()
Definition: FwdState.cc:666
ErrorState * err
Definition: FwdState.h:181
@ PROTO_GOPHER
Definition: ProtocolType.h:30
@ scInternalServerError
Definition: StatusCode.h:71
void completed()
Definition: FwdState.cc:264
@ ERR_FORWARDING_DENIED
Definition: err_type.h:19
AsyncJobPointer StartGateway(FwdState *const fwdState)
A new FTP Gateway job.
Definition: FtpGateway.cc:2730
#define CBDATA_CLASS_INIT(type)
Definition: cbdata.h:318
void fatal_dump(const char *message)
Definition: fatal.cc:78
size_type length() const
Returns the number of bytes stored in SBuf.
Definition: SBuf.h:404
time_t squid_curtime
Definition: stub_time.cc:17
static void logReplyStatus(int tries, const Http::StatusCode status)
Definition: FwdState.cc:1361
bool isNoAddr() const
Definition: Address.cc:284
virtual Security::EncryptorAnswer & answer()
gives PeerConnector access to the in-dialer answer
Definition: FwdState.cc:99
struct SquidConfig::@112 onoff
bool notificationPending
whether HappyConnOpener::noteCandidatesChange() is scheduled to fire
Definition: ResolvedPeers.h:84
@ ENTRY_DISPATCHED
Definition: enums.h:101
struct FwdState::@73 flags
@ ERR_ZERO_SIZE_OBJECT
Definition: err_type.h:44
Final result (an open connection or an error) sent to the job initiator.
A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities.
virtual void notePeerConnection(Comm::ConnectionPointer)
called just before a FwdState-dispatched job starts using connection
Definition: client_side.h:195
@ PROTO_CACHE_OBJECT
Definition: ProtocolType.h:32
#define fd_table
Definition: fde.h:189
void complete()
Definition: store.cc:1057
void urnStart(HttpRequest *r, StoreEntry *e, const AccessLogEntryPointer &ale)
Definition: urn.cc:212
tos_t aclMapTOS(acl_tos *head, ACLChecklist *ch)
Checks for a TOS value to apply depending on the ACL.
Definition: FwdState.cc:1417
static Comm::ConnectionPointer BorrowPinnedConnection(HttpRequest *, const AccessLogEntryPointer &)
#define COMM_DOBIND
Definition: Connection.h:49
@ PROTO_WHOIS
Definition: ProtocolType.h:38
time_t positiveTimeout(const time_t timeout)
Definition: neighbors.cc:1187
@ PROTO_HTTPS
Definition: ProtocolType.h:27
bool opening() const
Definition: FwdState.h:165
HttpRequestMethod method
Definition: HttpRequest.h:114
Config TheConfig
Globally available instance of Qos::Config.
Definition: QosConfig.cc:271
Comm::ConnectionPointer conn
@ PROTO_FTP
Definition: ProtocolType.h:26
@ ENTRY_ABORTED
Definition: enums.h:115
@ PING_DONE
Definition: enums.h:46
PeerConnectionPointer conn
nfmark_t getNfConnmark(const Comm::ConnectionPointer &conn, const ConnectionDirection connDir)
Definition: QosConfig.cc:141
@ PROTO_HTTP
Definition: ProtocolType.h:25
bool allowed() const
Definition: Acl.h:143
void prepForPeering(const CachePeer &peer)
get ready to be sent to the given cache_peer, including originserver
Definition: HttpRequest.cc:449
a netfilter mark/mask pair
Definition: NfMarkConfig.h:20
void reinstatePath(const PeerConnectionPointer &)
void complete()
Definition: FwdState.cc:530
int reforward()
Definition: FwdState.cc:1249
squidaio_request_t * head
Definition: aiops.cc:127
@ raceImpossible
Definition: FwdState.h:206
@ PROTO_WAIS
Definition: ProtocolType.h:31
static char server[MAXLINE]
void connectedToPeer(Security::EncryptorAnswer &answer)
called when all negotiations with the TLS-speaking peer have been completed
Definition: FwdState.cc:972
void expectNoConsumption()
there will be no more setConsumer() calls
Definition: BodyPipe.cc:267
static int FwdReplyCodes[MAX_FWD_STATS_IDX+1][Http::scInvalidHeader+1]
Definition: FwdState.cc:77
bool isEmpty() const
Definition: Store.h:67
size_t HttpReply *STUB StoreEntry const KeyScope scope const HttpRequestMethod & method
Definition: stub_store.cc:105
bool reforwardableStatus(const Http::StatusCode s) const
Definition: FwdState.cc:1323
AsyncCall dialer for our callback. Gives us access to callback Answer.
#define Must(condition)
Like assert() but throws an exception instead of aborting the process.
Definition: TextException.h:69
Ip::NfMarkConfig aclFindNfMarkConfig(acl_nfmark *head, ACLChecklist *ch)
Checks for a netfilter mark value to apply depending on the ACL.
Definition: FwdState.cc:1429
PeerConnectionPointer destinationReceipt
peer selection result (or nil)
Definition: FwdState.h:201
void dial(AsyncCall &call)
Definition: FwdState.cc:93
void const char HLPCB * callback
Definition: stub_helper.cc:16
SBuf leftovers
peer-generated bytes after a positive answer (or empty)
AsyncCall * asyncCall(int aDebugSection, int aDebugLevel, const char *aName, const Dialer &aDialer)
Definition: AsyncCall.h:156
void resetPeerNotes(const Comm::ConnectionPointer &server, const char *requestedHost)
Definition: access_log.cc:250
StoreEntry * entry
Definition: FwdState.h:172
bool reused
whether conn was open earlier, by/for somebody else
int setSockTos(const Comm::ConnectionPointer &conn, tos_t tos)
Definition: QosConfig.cc:558
@ scInvalidHeader
Definition: StatusCode.h:86
AsyncJobPointer StartRelay(FwdState *const fwdState)
A new FTP Relay job.
Definition: FtpRelay.cc:801
void secureConnectionToPeer(const Comm::ConnectionPointer &)
encrypts an established TCP connection to peer (including origin servers)
Definition: FwdState.cc:952
time_t forward
Definition: SquidConfig.h:113
int shutting_down
int forward_max_tries
Definition: SquidConfig.h:355
static void fwdStart(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *)
Same as Start() but no master xaction info (AccessLogEntry) available.
Definition: FwdState.cc:420
PconnRace pconnRace
current pconn race state
Definition: FwdState.h:207
void prepForDirect()
get ready to be sent directly to an origin server, excluding originserver
Definition: HttpRequest.cc:459
struct SquidConfig::@98 Timeout
int locked() const
Definition: Store.h:136
void start(Pointer aSelf)
Definition: FwdState.cc:167
void registerAbortCallback(const AsyncCall::Pointer &)
notify the StoreEntry writer of a 3rd-party initiated StoreEntry abort
Definition: store.cc:1516
void RegisterAction(char const *action, char const *desc, OBJH *handler, int pw_req_flag, int atomic)
Definition: Registration.cc:16
HappyConnOpenerPointer connOpener
current connection opening job
Definition: FwdState.h:198
@ ERR_SHUTTING_DOWN
Definition: err_type.h:70
void gopherStart(FwdState *fwd)
Definition: gopher.cc:928
HttpRequest * request
Definition: FwdState.h:173
Ip::Address client_addr
Definition: HttpRequest.h:149
void host(const char *src)
Definition: Uri.cc:98
void netdbPingSite(const char *hostname)
Definition: net_db.cc:908
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
void closePendingConnection(const Comm::ConnectionPointer &conn, const char *reason)
get rid of a to-server connection that failed to become serverConn
Definition: FwdState.cc:121
HttpRequestPointer request
Definition: MemObject.h:188
bool checkRetriable()
Whether we may try sending this request again after a failure.
Definition: FwdState.cc:710
void comm_remove_close_handler(int fd, CLCB *handler, void *data)
Definition: comm.cc:1010
Http::StatusCode httpStatus
Definition: errorpage.h:174
CbcPointer< ErrorState > squidError
problem details (or nil)
CbcPointer< ConnStateData > clientConnectionManager
Definition: HttpRequest.h:233
bool ftpNative
carries a representation of an FTP command [received on ftp_port]
Definition: RequestFlags.h:103
void handleUnregisteredServerEnd()
Definition: FwdState.cc:767
class SquidConfig Config
Definition: SquidConfig.cc:12
void GetMarkingsToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1519
ResolvedPeersPointer destinations
paths for forwarding the request
Definition: FwdState.h:199
int storePendingNClients(const StoreEntry *e)
void httpStart(FwdState *fwd)
Definition: http.cc:2495
void notifyConnOpener()
makes sure connOpener knows that destinations have changed
Definition: FwdState.cc:636
#define CallJobHere1(debugSection, debugLevel, job, Class, method, arg1)
Definition: AsyncJobCalls.h:63
@ STORE_PENDING
Definition: enums.h:51

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors