FwdState.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 17 Request Forwarding */
10 
11 #include "squid.h"
12 #include "AccessLogEntry.h"
13 #include "acl/Address.h"
14 #include "acl/FilledChecklist.h"
15 #include "acl/Gadgets.h"
16 #include "anyp/PortCfg.h"
17 #include "CacheManager.h"
18 #include "CachePeer.h"
19 #include "client_side.h"
20 #include "clients/forward.h"
21 #include "clients/HttpTunneler.h"
22 #include "comm/Connection.h"
23 #include "comm/ConnOpener.h"
24 #include "comm/Loops.h"
25 #include "CommCalls.h"
26 #include "errorpage.h"
27 #include "event.h"
28 #include "fd.h"
29 #include "fde.h"
30 #include "FwdState.h"
31 #include "globals.h"
32 #include "gopher.h"
33 #include "HappyConnOpener.h"
34 #include "hier_code.h"
35 #include "http.h"
36 #include "http/Stream.h"
37 #include "HttpReply.h"
38 #include "HttpRequest.h"
39 #include "icmp/net_db.h"
40 #include "internal.h"
41 #include "ip/Intercept.h"
42 #include "ip/NfMarkConfig.h"
43 #include "ip/QosConfig.h"
44 #include "ip/tools.h"
45 #include "MemObject.h"
46 #include "mgr/Registration.h"
47 #include "neighbors.h"
48 #include "pconn.h"
49 #include "PeerPoolMgr.h"
50 #include "ResolvedPeers.h"
52 #include "SquidConfig.h"
53 #include "SquidTime.h"
55 #include "Store.h"
56 #include "StoreClient.h"
57 #include "urn.h"
58 #include "whois.h"
59 #if USE_OPENSSL
61 #include "ssl/Config.h"
62 #include "ssl/helper.h"
63 #include "ssl/ServerBump.h"
64 #include "ssl/support.h"
65 #else
67 #endif
68 
69 #include <cerrno>
70 
72 
73 static OBJH fwdStats;
74 
75 #define MAX_FWD_STATS_IDX 9
77 
78 PconnPool *fwdPconnPool = new PconnPool("server-peers", nullptr);
79 
81 
83 {
84 public:
86 
88  method_(method), fwd_(fwd), answer_() {}
89 
90  /* CallDialer API */
91  virtual bool canDial(AsyncCall &) { return fwd_.valid(); }
92  void dial(AsyncCall &) { ((&(*fwd_))->*method_)(answer_); }
93  virtual void print(std::ostream &os) const {
94  os << '(' << fwd_.get() << ", " << answer_ << ')';
95  }
96 
97  /* Security::PeerConnector::CbDialer API */
98  virtual Security::EncryptorAnswer &answer() { return answer_; }
99 
100 private:
104 };
105 
106 void
108 {
109  Pointer tmp = fwd; // Grab a temporary pointer to keep the object alive during our scope.
110 
111  if (Comm::IsConnOpen(fwd->serverConnection())) {
112  fwd->closeServerConnection("store entry aborted");
113  } else {
114  debugs(17, 7, HERE << "store entry aborted; no connection to close");
115  }
116  fwd->stopAndDestroy("store entry aborted");
117 }
118 
119 void
121 {
122  debugs(17, 3, "because " << reason << "; " << conn);
123  assert(!serverConn);
125  if (IsConnOpen(conn)) {
126  fwdPconnPool->noteUses(fd_table[conn->fd].pconn.uses);
127  conn->close();
128  }
129 }
130 
131 void
133 {
134  debugs(17, 3, "because " << reason << "; " << serverConn);
137  closeHandler = NULL;
138  fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses);
139  serverConn->close();
140 }
141 
142 /**** PUBLIC INTERFACE ********************************************************/
143 
145  entry(e),
146  request(r),
147  al(alp),
148  err(NULL),
149  clientConn(client),
150  start_t(squid_curtime),
151  n_tries(0),
152  destinations(new ResolvedPeers()),
153  pconnRace(raceImpossible),
154  storedWholeReply_(nullptr)
155 {
156  debugs(17, 2, "Forwarding client request " << client << ", url=" << e->url());
158  e->lock("FwdState");
159  flags.connected_okay = false;
160  flags.dont_retry = false;
161  flags.forward_completed = false;
162  flags.destinationsFound = false;
163  debugs(17, 3, "FwdState constructed, this=" << this);
164 }
165 
166 // Called once, right after object creation, when it is safe to set self
168 {
169  // Protect ourselves from being destroyed when the only Server pointing
170  // to us is gone (while we expect to talk to more Servers later).
171  // Once we set self, we are responsible for clearing it when we do not
172  // expect to talk to any servers.
173  self = aSelf; // refcounted
174 
175  // We hope that either the store entry aborts or peer is selected.
176  // Otherwise we are going to leak our object.
177 
178  // Ftp::Relay needs to preserve control connection on data aborts
179  // so it registers its own abort handler that calls ours when needed.
180  if (!request->flags.ftpNative) {
181  AsyncCall::Pointer call = asyncCall(17, 4, "FwdState::Abort", cbdataDialer(&FwdState::HandleStoreAbort, this));
183  }
184 
185  // just in case; should already be initialized to false
186  request->flags.pinned = false;
187 
188 #if STRICT_ORIGINAL_DST
189  // Bug 3243: CVE 2009-0801
190  // Bypass of browser same-origin access control in intercepted communication
191  // To resolve this we must force DIRECT and only to the original client destination.
192  const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.interceptTproxy);
193  const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified);
194  if (isIntercepted && useOriginalDst) {
195  selectPeerForIntercepted();
196  return;
197  }
198 #endif
199 
200  // do full route options selection
202 }
203 
205 void
206 FwdState::stopAndDestroy(const char *reason)
207 {
208  debugs(17, 3, "for " << reason);
209 
210  cancelStep(reason);
211 
212  PeerSelectionInitiator::subscribed = false; // may already be false
213  self = nullptr; // we hope refcounting destroys us soon; may already be nil
214  /* do not place any code here as this object may be gone by now */
215 }
216 
220 void
221 FwdState::cancelStep(const char *reason)
222 {
223  transportWait.cancel(reason);
224  encryptionWait.cancel(reason);
225  peerWait.cancel(reason);
226 }
227 
228 #if STRICT_ORIGINAL_DST
229 void
231 FwdState::selectPeerForIntercepted()
232 {
233  // We do not support re-wrapping inside CONNECT.
234  // Our only alternative is to fake a noteDestination() call.
235 
236  // use pinned connection if available
237  if (ConnStateData *client = request->pinnedConnection()) {
238  // emulate the PeerSelector::selectPinned() "Skip ICP" effect
240 
241  usePinned();
242  return;
243  }
244 
245  // use client original destination as second preferred choice
246  const auto p = new Comm::Connection();
247  p->peerType = ORIGINAL_DST;
248  p->remote = clientConn->local;
250 
251  debugs(17, 3, HERE << "using client original destination: " << *p);
252  destinations->addPath(p);
255  useDestinations();
256 }
257 #endif
258 
260 void
262 {
263  if (!err || !al)
264  return;
265 
266  LogTagsErrors lte;
267  lte.timedout = (err->xerrno == ETIMEDOUT || err->type == ERR_READ_TIMEOUT);
268  al->cache.code.err.update(lte);
269  if (!err->detail) {
270  static const auto d = MakeNamedErrorDetail("WITH_SERVER");
271  err->detailError(d);
272  }
274 }
275 
276 void
278 {
279  if (flags.forward_completed) {
280  debugs(17, DBG_IMPORTANT, HERE << "FwdState::completed called on a completed request! Bad!");
281  return;
282  }
283 
284  flags.forward_completed = true;
285 
286  request->hier.stopPeerClock(false);
287 
289  debugs(17, 3, HERE << "entry aborted");
290  return ;
291  }
292 
293 #if URL_CHECKSUM_DEBUG
294 
295  entry->mem_obj->checkUrlChecksum();
296 #endif
297 
298  if (entry->store_status == STORE_PENDING) {
299  if (entry->isEmpty()) {
301  if (!err) // we quit (e.g., fd closed) before an error or content
303  assert(err);
306  err = NULL;
307 #if USE_OPENSSL
311  // no flags.dont_retry: completed() is a post-reforward() act
312  }
313 #endif
314  } else {
315  updateAleWithFinalError(); // if any
316  if (storedWholeReply_)
318  else
319  entry->completeTruncated("FwdState default");
320  }
321  }
322 
323  if (storePendingNClients(entry) > 0)
325 
326 }
327 
329 {
330  debugs(17, 3, "FwdState destructor start");
331 
332  if (! flags.forward_completed)
333  completed();
334 
335  doneWithRetries();
336 
338 
339  delete err;
340 
341  entry->unregisterAbortCallback("FwdState object destructed");
342 
343  entry->unlock("FwdState");
344 
345  entry = NULL;
346 
347  cancelStep("~FwdState");
348 
350  closeServerConnection("~FwdState");
351 
352  debugs(17, 3, "FwdState destructed, this=" << this);
353 }
354 
360 void
362 {
377  ch.al = al;
379  ch.syncAle(request, nullptr);
380  if (ch.fastCheck().denied()) {
381  err_type page_id;
383 
384  if (page_id == ERR_NONE)
385  page_id = ERR_FORWARDING_DENIED;
386 
387  const auto anErr = new ErrorState(page_id, Http::scForbidden, request, al);
388  errorAppendEntry(entry, anErr); // frees anErr
389  return;
390  }
391  }
392 
393  debugs(17, 3, HERE << "'" << entry->url() << "'");
394  /*
395  * This seems like an odd place to bind mem_obj and request.
396  * Might want to assert that request is NULL at this point
397  */
399 #if URL_CHECKSUM_DEBUG
400 
401  entry->mem_obj->checkUrlChecksum();
402 #endif
403 
404  if (shutting_down) {
405  /* more yuck */
407  errorAppendEntry(entry, anErr); // frees anErr
408  return;
409  }
410 
411  if (request->flags.internal) {
412  debugs(17, 2, "calling internalStart() due to request flag");
414  return;
415  }
416 
417  switch (request->url.getScheme()) {
418 
420  debugs(17, 2, "calling CacheManager due to request scheme " << request->url.getScheme());
422  return;
423 
424  case AnyP::PROTO_URN:
426  return;
427 
428  default:
430  fwd->start(fwd);
431  return;
432  }
433 
434  /* NOTREACHED */
435 }
436 
437 void
439 {
440  // Hides AccessLogEntry.h from code that does not supply ALE anyway.
442 }
443 
446 static inline time_t
447 diffOrZero(const time_t larger, const time_t smaller)
448 {
449  return (larger > smaller) ? (larger - smaller) : 0;
450 }
451 
453 time_t
454 FwdState::ForwardTimeout(const time_t fwdStart)
455 {
456  // time already spent on forwarding (0 if clock went backwards)
457  const time_t timeSpent = diffOrZero(squid_curtime, fwdStart);
458  return diffOrZero(Config.Timeout.forward, timeSpent);
459 }
460 
461 bool
462 FwdState::EnoughTimeToReForward(const time_t fwdStart)
463 {
464  return ForwardTimeout(fwdStart) > 0;
465 }
466 
467 void
469 {
470  if (!destinations->empty()) {
471  connectStart();
472  } else {
474  debugs(17, 4, "wait for more destinations to try");
475  return; // expect a noteDestination*() call
476  }
477 
478  debugs(17, 3, HERE << "Connection failed: " << entry->url());
479  if (!err) {
481  fail(anErr);
482  } // else use actual error from last connection attempt
483 
484  stopAndDestroy("tried all destinations");
485  }
486 }
487 
488 void
490 {
491  debugs(17, 3, err_type_str[errorState->type] << " \"" << Http::StatusCodeString(errorState->httpStatus) << "\"\n\t" << entry->url());
492 
493  delete err;
494  err = errorState;
495 
496  if (!errorState->request)
497  errorState->request = request;
498 
499  if (err->type == ERR_ZERO_SIZE_OBJECT)
501 
502  destinationReceipt = nullptr; // may already be nil
503 }
504 
506 void
508 {
510 
511  if (pconnRace == racePossible) {
512  debugs(17, 5, HERE << "pconn race happened");
514  if (destinationReceipt) {
516  destinationReceipt = nullptr;
517  }
518  }
519 
520  if (ConnStateData *pinned_connection = request->pinnedConnection()) {
521  pinned_connection->pinning.zeroReply = true;
522  debugs(17, 4, "zero reply on pinned connection");
523  }
524 }
525 
529 void
531 {
532  debugs(17, 3, HERE << entry->url() );
536  closeHandler = NULL;
537  serverConn = NULL;
538  destinationReceipt = nullptr;
539 }
540 
541 // \deprecated use unregister(Comm::ConnectionPointer &conn) instead
542 void
544 {
545  debugs(17, 3, HERE << entry->url() );
546  assert(fd == serverConnection()->fd);
548 }
549 
556 void
558 {
559  const auto replyStatus = entry->mem().baseReply().sline.status();
560  debugs(17, 3, *entry << " status " << replyStatus << ' ' << entry->url());
561 #if URL_CHECKSUM_DEBUG
562 
563  entry->mem_obj->checkUrlChecksum();
564 #endif
565 
566  logReplyStatus(n_tries, replyStatus);
567 
568  if (reforward()) {
569  debugs(17, 3, "re-forwarding " << replyStatus << " " << entry->url());
570 
573  serverConn = nullptr;
574  destinationReceipt = nullptr;
575 
576  storedWholeReply_ = nullptr;
577  entry->reset();
578 
579  useDestinations();
580 
581  } else {
583  debugs(17, 3, "server FD " << serverConnection()->fd << " not re-forwarding status " << replyStatus);
584  else
585  debugs(17, 3, "server (FD closed) not re-forwarding status " << replyStatus);
586 
587  completed();
588 
589  stopAndDestroy("forwarding completed");
590  }
591 }
592 
593 bool
595 {
597 }
598 
599 void
600 FwdState::markStoredReplyAsWhole(const char * const whyWeAreSure)
601 {
602  debugs(17, 5, whyWeAreSure << " for " << *entry);
603 
604  // the caller wrote everything to Store, but Store may silently abort writes
606  return;
607 
608  storedWholeReply_ = whyWeAreSure;
609 }
610 
611 void
613 {
614  flags.destinationsFound = true;
615 
616  if (!path) {
617  // We can call usePinned() without fear of clashing with an earlier
618  // forwarding attempt because PINNED must be the first destination.
620  usePinned();
621  return;
622  }
623 
624  debugs(17, 3, path);
625 
626  destinations->addPath(path);
627 
628  if (usingDestination()) {
629  // We are already using a previously opened connection, so we cannot be
630  // waiting for it. We still receive destinations for backup.
632  return;
633  }
634 
635  if (transportWait) {
637  return; // and continue to wait for FwdState::noteConnection() callback
638  }
639 
640  // This is the first path candidate we have seen. Use it.
641  useDestinations();
642 }
643 
644 void
646 {
649 
650  if (!flags.destinationsFound) {
651  if (selectionError) {
652  debugs(17, 3, "Will abort forwarding because path selection has failed.");
653  Must(!err); // if we tried to connect, then path selection succeeded
654  fail(selectionError);
655  }
656  else if (err)
657  debugs(17, 3, "Will abort forwarding because all found paths have failed.");
658  else
659  debugs(17, 3, "Will abort forwarding because path selection found no paths.");
660 
661  useDestinations(); // will detect and handle the lack of paths
662  return;
663  }
664  // else continue to use one of the previously noted destinations;
665  // if all of them fail, forwarding as whole will fail
666  Must(!selectionError); // finding at least one path means selection succeeded
667 
668  if (usingDestination()) {
669  // We are already using a previously opened connection, so we cannot be
670  // waiting for it. We were receiving destinations for backup.
672  return;
673  }
674 
675  Must(transportWait); // or we would be stuck with nothing to do or wait for
677  // and continue to wait for FwdState::noteConnection() callback
678 }
679 
681 void
683 {
685  debugs(17, 7, "reusing pending notification about " << *destinations);
686  } else {
687  debugs(17, 7, "notifying about " << *destinations);
689  CallJobHere(17, 5, transportWait.job(), HappyConnOpener, noteCandidatesChange);
690  }
691 }
692 
693 /**** CALLBACK WRAPPERS ************************************************************/
694 
695 static void
697 {
698  FwdState *fwd = (FwdState *)params.data;
699  fwd->serverClosed();
700 }
701 
702 /**** PRIVATE *****************************************************************/
703 
704 /*
705  * FwdState::checkRetry
706  *
707  * Return TRUE if the request SHOULD be retried. This method is
708  * called when the HTTP connection fails, or when the connection
709  * is closed before reading the end of HTTP headers from the server.
710  */
711 bool
713 {
714  if (shutting_down)
715  return false;
716 
717  if (!self) { // we have aborted before the server called us back
718  debugs(17, 5, HERE << "not retrying because of earlier abort");
719  // we will be destroyed when the server clears its Pointer to us
720  return false;
721  }
722 
724  return false;
725 
726  if (!entry->isEmpty())
727  return false;
728 
729  if (exhaustedTries())
730  return false;
731 
732  if (request->flags.pinned && !pinnedCanRetry())
733  return false;
734 
736  return false;
737 
738  if (flags.dont_retry)
739  return false;
740 
741  if (request->bodyNibbled())
742  return false;
743 
744  // NP: not yet actually connected anywhere. retry is safe.
745  if (!flags.connected_okay)
746  return true;
747 
748  if (!checkRetriable())
749  return false;
750 
751  return true;
752 }
753 
755 bool
757 {
758  // Optimize: A compliant proxy may retry PUTs, but Squid lacks the [rather
759  // complicated] code required to protect the PUT request body from being
760  // nibbled during the first try. Thus, Squid cannot retry some PUTs today.
761  if (request->body_pipe != NULL)
762  return false;
763 
764  // RFC2616 9.1 Safe and Idempotent Methods
766 }
767 
768 void
770 {
771  // XXX: This method logic attempts to tolerate Connection::close() called
772  // for serverConn earlier, by one of our dispatch()ed jobs. If that happens,
773  // serverConn will already be closed here or, worse, it will already be open
774  // for the next forwarding attempt. The current code prevents us getting
775  // stuck, but the long term solution is to stop sharing serverConn.
776  debugs(17, 2, serverConn);
778  const auto uses = fd_table[serverConn->fd].pconn.uses;
779  debugs(17, 3, "prior uses: " << uses);
780  fwdPconnPool->noteUses(uses); // XXX: May not have come from fwdPconnPool
782  }
783  serverConn = nullptr;
784  closeHandler = nullptr;
785  destinationReceipt = nullptr;
786  retryOrBail();
787 }
788 
789 void
791 {
792  if (checkRetry()) {
793  debugs(17, 3, HERE << "re-forwarding (" << n_tries << " tries, " << (squid_curtime - start_t) << " secs)");
794  useDestinations();
795  return;
796  }
797 
798  // TODO: should we call completed() here and move doneWithRetries there?
799  doneWithRetries();
800 
801  request->hier.stopPeerClock(false);
802 
803  if (self != NULL && !err && shutting_down && entry->isEmpty()) {
805  errorAppendEntry(entry, anErr);
806  }
807 
808  stopAndDestroy("cannot retry");
809 }
810 
811 // If the Server quits before nibbling at the request body, the body sender
812 // will not know (so that we can retry). Call this if we will not retry. We
813 // will notify the sender so that it does not get stuck waiting for space.
814 void
816 {
817  if (request && request->body_pipe != NULL)
819 }
820 
821 // called by the server that failed after calling unregister()
822 void
824 {
825  debugs(17, 2, HERE << "self=" << self << " err=" << err << ' ' << entry->url());
827  serverConn = nullptr;
828  destinationReceipt = nullptr;
829  retryOrBail();
830 }
831 
833 template <typename StepStart>
834 void
835 FwdState::advanceDestination(const char *stepDescription, const Comm::ConnectionPointer &conn, const StepStart &startStep)
836 {
837  // TODO: Extract destination-specific handling from FwdState so that all the
838  // awkward, limited-scope advanceDestination() calls can be replaced with a
839  // single simple try/catch,retry block.
840  try {
841  startStep();
842  // now wait for the step callback
843  } catch (...) {
844  debugs (17, 2, "exception while trying to " << stepDescription << ": " << CurrentException);
845  closePendingConnection(conn, "connection preparation exception");
846  if (!err)
848  retryOrBail();
849  }
850 }
851 
854 void
856 {
858 
859  transportWait.finish();
860 
861  Must(n_tries <= answer.n_tries); // n_tries cannot decrease
862  n_tries = answer.n_tries;
863 
864  ErrorState *error = nullptr;
865  if ((error = answer.error.get())) {
866  flags.dont_retry = true; // or HappyConnOpener would not have given up
867  syncHierNote(answer.conn, request->url.host());
868  Must(!Comm::IsConnOpen(answer.conn));
869  answer.error.clear(); // preserve error for errorSendComplete()
870  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
871  // The socket could get closed while our callback was queued. Sync
872  // Connection. XXX: Connection::fd may already be stale/invalid here.
873  // We do not know exactly why the connection got closed, so we play it
874  // safe, allowing retries only for persistent (reused) connections
875  if (answer.reused) {
876  destinationReceipt = answer.conn;
878  }
879  syncHierNote(answer.conn, request->url.host());
880  closePendingConnection(answer.conn, "conn was closed while waiting for noteConnection");
882  } else {
883  assert(!error);
884  destinationReceipt = answer.conn;
886  // serverConn remains nil until syncWithServerConn()
887  }
888 
889  if (error) {
890  fail(error);
891  retryOrBail();
892  return;
893  }
894 
895  if (answer.reused) {
896  syncWithServerConn(answer.conn, request->url.host(), answer.reused);
897  return dispatch();
898  }
899 
900  // Check if we need to TLS before use
901  if (const auto *peer = answer.conn->getPeer()) {
902  // Assume that it is only possible for the client-first from the
903  // bumping modes to try connect to a remote server. The bumped
904  // requests with other modes are using pinned connections or fails.
905  const bool clientFirstBump = request->flags.sslBumped;
906  // We need a CONNECT tunnel to send encrypted traffic through a proxy,
907  // but we do not support TLS inside TLS, so we exclude HTTPS proxies.
908  const bool originWantsEncryptedTraffic =
910  request->flags.sslPeek ||
911  clientFirstBump;
912  if (originWantsEncryptedTraffic && // the "encrypted traffic" part
913  !peer->options.originserver && // the "through a proxy" part
914  !peer->secure.encryptTransport) // the "exclude HTTPS proxies" part
915  return advanceDestination("establish tunnel through proxy", answer.conn, [this,&answer] {
916  establishTunnelThruProxy(answer.conn);
917  });
918  }
919 
921 }
922 
923 void
925 {
926  AsyncCall::Pointer callback = asyncCall(17,4,
927  "FwdState::tunnelEstablishmentDone",
929  HttpRequest::Pointer requestPointer = request;
930  const auto tunneler = new Http::Tunneler(conn, requestPointer, callback, connectingTimeout(conn), al);
931 
932  // TODO: Replace this hack with proper Comm::Connection-Pool association
933  // that is not tied to fwdPconnPool and can handle disappearing pools.
934  tunneler->noteFwdPconnUse = true;
935 
936 #if USE_DELAY_POOLS
937  Must(conn);
938  Must(conn->getPeer());
939  if (!conn->getPeer()->options.no_delay)
940  tunneler->setDelayId(entry->mem_obj->mostBytesAllowed());
941 #endif
942  peerWait.start(tunneler, callback);
943 }
944 
946 void
948 {
949  peerWait.finish();
950 
951  ErrorState *error = nullptr;
952  if (!answer.positive()) {
953  Must(!answer.conn);
954  error = answer.squidError.get();
955  Must(error);
956  answer.squidError.clear(); // preserve error for fail()
957  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
958  // The socket could get closed while our callback was queued. Sync
959  // Connection. XXX: Connection::fd may already be stale/invalid here.
960  closePendingConnection(answer.conn, "conn was closed while waiting for tunnelEstablishmentDone");
962  } else if (!answer.leftovers.isEmpty()) {
963  // This should not happen because TLS servers do not speak first. If we
964  // have to handle this, then pass answer.leftovers via a PeerConnector
965  // to ServerBio. See ClientBio::setReadBufData().
966  static int occurrences = 0;
967  const auto level = (occurrences++ < 100) ? DBG_IMPORTANT : 2;
968  debugs(17, level, "ERROR: Early data after CONNECT response. " <<
969  "Found " << answer.leftovers.length() << " bytes. " <<
970  "Closing " << answer.conn);
972  closePendingConnection(answer.conn, "server spoke before tunnelEstablishmentDone");
973  }
974  if (error) {
975  fail(error);
976  retryOrBail();
977  return;
978  }
979 
981 }
982 
984 void
986 {
988 
989  const auto p = conn->getPeer();
990  const bool peerWantsTls = p && p->secure.encryptTransport;
991  // userWillTlsToPeerForUs assumes CONNECT == HTTPS
992  const bool userWillTlsToPeerForUs = p && p->options.originserver &&
994  const bool needTlsToPeer = peerWantsTls && !userWillTlsToPeerForUs;
995  const bool clientFirstBump = request->flags.sslBumped; // client-first (already) bumped connection
996  const bool needsBump = request->flags.sslPeek || clientFirstBump;
997 
998  // 'GET https://...' requests. If a peer is used the request is forwarded
999  // as is
1000  const bool needTlsToOrigin = !p && request->url.getScheme() == AnyP::PROTO_HTTPS && !clientFirstBump;
1001 
1002  if (needTlsToPeer || needTlsToOrigin || needsBump) {
1003  return advanceDestination("secure connection to peer", conn, [this,&conn] {
1005  });
1006  }
1007 
1008  // if not encrypting just run the post-connect actions
1010 }
1011 
1013 void
1015 {
1016  HttpRequest::Pointer requestPointer = request;
1017  AsyncCall::Pointer callback = asyncCall(17,4,
1018  "FwdState::ConnectedToPeer",
1020  const auto sslNegotiationTimeout = connectingTimeout(conn);
1021  Security::PeerConnector *connector = nullptr;
1022 #if USE_OPENSSL
1023  if (request->flags.sslPeek)
1024  connector = new Ssl::PeekingPeerConnector(requestPointer, conn, clientConn, callback, al, sslNegotiationTimeout);
1025  else
1026 #endif
1027  connector = new Security::BlindPeerConnector(requestPointer, conn, callback, al, sslNegotiationTimeout);
1028  connector->noteFwdPconnUse = true;
1029  encryptionWait.start(connector, callback);
1030 }
1031 
1033 void
1035 {
1036  encryptionWait.finish();
1037 
1038  ErrorState *error = nullptr;
1039  if ((error = answer.error.get())) {
1040  assert(!answer.conn);
1041  answer.error.clear(); // preserve error for errorSendComplete()
1042  } else if (answer.tunneled) {
1043  assert(!answer.conn);
1044  // TODO: When ConnStateData establishes tunnels, its state changes
1045  // [in ways that may affect logging?]. Consider informing
1046  // ConnStateData about our tunnel or otherwise unifying tunnel
1047  // establishment [side effects].
1048  flags.dont_retry = true; // TunnelStateData took forwarding control
1049  entry->abort();
1050  complete(); // destroys us
1051  return;
1052  } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd].closing()) {
1053  // The socket could get closed while our callback was queued. Sync
1054  // Connection. XXX: Connection::fd may already be stale/invalid here.
1055  closePendingConnection(answer.conn, "conn was closed while waiting for connectedToPeer");
1057  }
1058 
1059  if (error) {
1060  fail(error);
1061  retryOrBail();
1062  return;
1063  }
1064 
1066 }
1067 
1069 void
1071 {
1072  syncWithServerConn(conn, request->url.host(), false);
1073 
1074  // should reach ConnStateData before the dispatched Client job starts
1077 
1078  if (serverConnection()->getPeer())
1079  peerConnectSucceded(serverConnection()->getPeer());
1080 
1081  dispatch();
1082 }
1083 
1085 void
1086 FwdState::syncWithServerConn(const Comm::ConnectionPointer &conn, const char *host, const bool reused)
1087 {
1088  Must(IsConnOpen(conn));
1089  serverConn = conn;
1090  // no effect on destinationReceipt (which may even be nil here)
1091 
1093 
1094  if (reused) {
1097  } else {
1099  // Comm::ConnOpener already applied proper/current markings
1100  }
1101 
1102  syncHierNote(serverConn, host);
1103 }
1104 
1105 void
1107 {
1108  if (request)
1110  if (al)
1111  al->hier.resetPeerNotes(server, host);
1112 }
1113 
1119 void
1121 {
1122  debugs(17, 3, *destinations << " to " << entry->url());
1123 
1125 
1126  assert(!destinations->empty());
1128 
1129  // Ditch error page if it was created before.
1130  // A new one will be created if there's another problem
1131  delete err;
1132  err = nullptr;
1133  request->clearError();
1134 
1136 
1137  AsyncCall::Pointer callback = asyncCall(17, 5, "FwdState::noteConnection", HappyConnOpener::CbDialer<FwdState>(&FwdState::noteConnection, this));
1138 
1139  HttpRequest::Pointer cause = request;
1140  const auto cs = new HappyConnOpener(destinations, callback, cause, start_t, n_tries, al);
1141  cs->setHost(request->url.host());
1142  bool retriable = checkRetriable();
1143  if (!retriable && Config.accessList.serverPconnForNonretriable) {
1145  ch.al = al;
1146  ch.syncAle(request, nullptr);
1147  retriable = ch.fastCheck().allowed();
1148  }
1149  cs->setRetriable(retriable);
1150  cs->allowPersistent(pconnRace != raceHappened);
1151  destinations->notificationPending = true; // start() is async
1152  transportWait.start(cs, callback);
1153 }
1154 
1156 void
1158 {
1159  const auto connManager = request->pinnedConnection();
1160  debugs(17, 7, "connection manager: " << connManager);
1161 
1162  try {
1163  // TODO: Refactor syncWithServerConn() and callers to always set
1164  // serverConn inside that method.
1166  debugs(17, 5, "connection: " << serverConn);
1167  } catch (ErrorState * const anErr) {
1168  syncHierNote(nullptr, connManager ? connManager->pinning.host : request->url.host());
1169  serverConn = nullptr;
1170  fail(anErr);
1171  // Connection managers monitor their idle pinned to-server
1172  // connections and close from-client connections upon seeing
1173  // a to-server connection closure. Retrying here is futile.
1174  stopAndDestroy("pinned connection failure");
1175  return;
1176  }
1177 
1178  ++n_tries;
1179  request->flags.pinned = true;
1180 
1181  assert(connManager);
1182  if (connManager->pinnedAuth())
1183  request->flags.auth = true;
1184 
1185  // the server may close the pinned connection before this request
1186  const auto reused = true;
1187  syncWithServerConn(serverConn, connManager->pinning.host, reused);
1188 
1189  dispatch();
1190 }
1191 
1192 void
1194 {
1195  debugs(17, 3, clientConn << ": Fetching " << request->method << ' ' << entry->url());
1196  /*
1197  * Assert that server_fd is set. This is to guarantee that fwdState
1198  * is attached to something and will be deallocated when server_fd
1199  * is closed.
1200  */
1202 
1203  fd_note(serverConnection()->fd, entry->url());
1204 
1205  fd_table[serverConnection()->fd].noteUse();
1206 
1207  /*assert(!EBIT_TEST(entry->flags, ENTRY_DISPATCHED)); */
1209 
1210  assert(entry->locked());
1211 
1213 
1214  flags.connected_okay = true;
1215 
1217 
1218  /* Retrieves remote server TOS or MARK value, and stores it as part of the
1219  * original client request FD object. It is later used to forward
1220  * remote server's TOS/MARK in the response to the client in case of a MISS.
1221  */
1222  if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
1224  fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos
1225  /* Get the netfilter CONNMARK */
1227  }
1228  }
1229 
1230 #if _SQUID_LINUX_
1231  /* Bug 2537: The TOS forward part of QOS only applies to patched Linux kernels. */
1232  if (Ip::Qos::TheConfig.isHitTosActive()) {
1234  fde * clientFde = &fd_table[clientConn->fd]; // XXX: move the fd_table access into Ip::Qos
1235  /* Get the TOS value for the packet */
1237  }
1238  }
1239 #endif
1240 
1241 #if USE_OPENSSL
1242  if (request->flags.sslPeek) {
1243  // we were just asked to peek at the server, and we did that
1246  unregister(serverConn); // async call owns it now
1247  flags.dont_retry = true; // we gave up forwarding control
1248  entry->abort();
1249  complete(); // destroys us
1250  return;
1251  }
1252 #endif
1253 
1254  if (const auto peer = serverConnection()->getPeer()) {
1255  ++peer->stats.fetches;
1256  request->prepForPeering(*peer);
1257  httpStart(this);
1258  } else {
1261 
1262  switch (request->url.getScheme()) {
1263 
1264  case AnyP::PROTO_HTTPS:
1265  httpStart(this);
1266  break;
1267 
1268  case AnyP::PROTO_HTTP:
1269  httpStart(this);
1270  break;
1271 
1272  case AnyP::PROTO_GOPHER:
1273  gopherStart(this);
1274  break;
1275 
1276  case AnyP::PROTO_FTP:
1277  if (request->flags.ftpNative)
1278  Ftp::StartRelay(this);
1279  else
1280  Ftp::StartGateway(this);
1281  break;
1282 
1284 
1285  case AnyP::PROTO_URN:
1286  fatal_dump("Should never get here");
1287  break;
1288 
1289  case AnyP::PROTO_WHOIS:
1290  whoisStart(this);
1291  break;
1292 
1293  case AnyP::PROTO_WAIS: /* Not implemented */
1294 
1295  default:
1296  debugs(17, DBG_IMPORTANT, "WARNING: Cannot retrieve '" << entry->url() << "'.");
1297  const auto anErr = new ErrorState(ERR_UNSUP_REQ, Http::scBadRequest, request, al);
1298  fail(anErr);
1299  // Set the dont_retry flag because this is not a transient (network) error.
1300  flags.dont_retry = true;
1302  serverConn->close(); // trigger cleanup
1303  }
1304  break;
1305  }
1306  }
1307 }
1308 
1309 /*
1310  * FwdState::reforward
1311  *
1312  * returns TRUE if the transaction SHOULD be re-forwarded to the
1313  * next choice in the serverDestinations list. This method is called when
1314  * peer communication completes normally, or experiences
1315  * some error after receiving the end of HTTP headers.
1316  */
1317 int
1319 {
1320  StoreEntry *e = entry;
1321 
1322  if (EBIT_TEST(e->flags, ENTRY_ABORTED)) {
1323  debugs(17, 3, HERE << "entry aborted");
1324  return 0;
1325  }
1326 
1328  assert(e->mem_obj);
1329 #if URL_CHECKSUM_DEBUG
1330 
1331  e->mem_obj->checkUrlChecksum();
1332 #endif
1333 
1334  debugs(17, 3, HERE << e->url() << "?" );
1335 
1336  if (request->flags.pinned && !pinnedCanRetry()) {
1337  debugs(17, 3, "pinned connection; cannot retry");
1338  return 0;
1339  }
1340 
1341  if (!EBIT_TEST(e->flags, ENTRY_FWD_HDR_WAIT)) {
1342  debugs(17, 3, HERE << "No, ENTRY_FWD_HDR_WAIT isn't set");
1343  return 0;
1344  }
1345 
1346  if (exhaustedTries())
1347  return 0;
1348 
1349  if (request->bodyNibbled())
1350  return 0;
1351 
1353  debugs(17, 3, HERE << "No alternative forwarding paths left");
1354  return 0;
1355  }
1356 
1357  const auto s = entry->mem().baseReply().sline.status();
1358  debugs(17, 3, HERE << "status " << s);
1359  return reforwardableStatus(s);
1360 }
1361 
1362 static void
1364 {
1365  int i;
1366  int j;
1367  storeAppendPrintf(s, "Status");
1368 
1369  for (j = 1; j < MAX_FWD_STATS_IDX; ++j) {
1370  storeAppendPrintf(s, "\ttry#%d", j);
1371  }
1372 
1373  storeAppendPrintf(s, "\n");
1374 
1375  for (i = 0; i <= (int) Http::scInvalidHeader; ++i) {
1376  if (FwdReplyCodes[0][i] == 0)
1377  continue;
1378 
1379  storeAppendPrintf(s, "%3d", i);
1380 
1381  for (j = 0; j <= MAX_FWD_STATS_IDX; ++j) {
1382  storeAppendPrintf(s, "\t%d", FwdReplyCodes[j][i]);
1383  }
1384 
1385  storeAppendPrintf(s, "\n");
1386  }
1387 }
1388 
1389 /**** STATIC MEMBER FUNCTIONS *************************************************/
1390 
1391 bool
1393 {
1394  switch (s) {
1395 
1396  case Http::scBadGateway:
1397 
1399  return true;
1400 
1401  case Http::scForbidden:
1402 
1404 
1406 
1408  return Config.retry.onerror;
1409 
1410  default:
1411  return false;
1412  }
1413 
1414  /* NOTREACHED */
1415 }
1416 
1417 void
1419 {
1421 }
1422 
1423 void
1425 {
1426  Mgr::RegisterAction("forward", "Request Forwarding Statistics", fwdStats, 0, 1);
1427 }
1428 
1429 void
1431 {
1432  if (status > Http::scInvalidHeader)
1433  return;
1434 
1435  assert(tries >= 0);
1436 
1437  if (tries > MAX_FWD_STATS_IDX)
1438  tries = MAX_FWD_STATS_IDX;
1439 
1440  ++ FwdReplyCodes[tries][status];
1441 }
1442 
1443 bool
1445 {
1446  return n_tries >= Config.forward_max_tries;
1447 }
1448 
1449 bool
1451 {
1453 
1454  // pconn race on pinned connection: Currently we do not have any mechanism
1455  // to retry current pinned connection path.
1456  if (pconnRace == raceHappened)
1457  return false;
1458 
1459  // If a bumped connection was pinned, then the TLS client was given our peer
1460  // details. Do not retry because we do not ensure that those details stay
1461  // constant. Step1-bumped connections do not get our TLS peer details, are
1462  // never pinned, and, hence, never reach this method.
1463  if (request->flags.sslBumped)
1464  return false;
1465 
1466  // The other pinned cases are FTP proxying and connection-based HTTP
1467  // authentication. TODO: Do these cases have restrictions?
1468  return true;
1469 }
1470 
1471 time_t
1473 {
1474  const auto connTimeout = conn->connectTimeout(start_t);
1475  return positiveTimeout(connTimeout);
1476 }
1477 
1478 /**** PRIVATE NON-MEMBER FUNCTIONS ********************************************/
1479 
1480 /*
1481  * DPW 2007-05-19
1482  * Formerly static, but now used by client_side_request.cc
1483  */
1485 tos_t
1487 {
1488  for (acl_tos *l = head; l; l = l->next) {
1489  if (!l->aclList || ch->fastCheck(l->aclList).allowed())
1490  return l->tos;
1491  }
1492 
1493  return 0;
1494 }
1495 
1499 {
1500  for (acl_nfmark *l = head; l; l = l->next) {
1501  if (!l->aclList || ch->fastCheck(l->aclList).allowed())
1502  return l->markConfig;
1503  }
1504 
1505  return {};
1506 }
1507 
1508 void
1510 {
1511  // skip if an outgoing address is already set.
1512  if (!conn->local.isAnyAddr()) return;
1513 
1514  // ensure that at minimum the wildcard local matches remote protocol
1515  if (conn->remote.isIPv4())
1516  conn->local.setIPv4();
1517 
1518  // maybe use TPROXY client address
1519  if (request && request->flags.spoofClientIp) {
1520  if (!conn->getPeer() || !conn->getPeer()->options.no_tproxy) {
1521 #if FOLLOW_X_FORWARDED_FOR && LINUX_NETFILTER
1523  conn->local = request->indirect_client_addr;
1524  else
1525 #endif
1526  conn->local = request->client_addr;
1527  conn->local.port(0); // let OS pick the source port to prevent address clashes
1528  // some flags need setting on the socket to use this address
1529  conn->flags |= COMM_DOBIND;
1530  conn->flags |= COMM_TRANSPARENT;
1531  return;
1532  }
1533  // else no tproxy today ...
1534  }
1535 
1537  return; // anything will do.
1538  }
1539 
1541  ch.dst_peer_name = conn->getPeer() ? conn->getPeer()->name : NULL;
1542  ch.dst_addr = conn->remote;
1543 
1544  // TODO use the connection details in ACL.
1545  // needs a bit of rework in ACLFilledChecklist to use Comm::Connection instead of ConnStateData
1546 
1547  for (Acl::Address *l = Config.accessList.outgoing_address; l; l = l->next) {
1548 
1549  /* check if the outgoing address is usable to the destination */
1550  if (conn->remote.isIPv4() != l->addr.isIPv4()) continue;
1551 
1552  /* check ACLs for this outgoing address */
1553  if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
1554  conn->local = l->addr;
1555  return;
1556  }
1557  }
1558 }
1559 
1561 static tos_t
1563 {
1564  if (!Ip::Qos::TheConfig.tosToServer)
1565  return 0;
1566 
1568  ch.dst_peer_name = conn.getPeer() ? conn.getPeer()->name : nullptr;
1569  ch.dst_addr = conn.remote;
1570  return aclMapTOS(Ip::Qos::TheConfig.tosToServer, &ch);
1571 }
1572 
1574 static nfmark_t
1576 {
1577  if (!Ip::Qos::TheConfig.nfmarkToServer)
1578  return 0;
1579 
1581  ch.dst_peer_name = conn.getPeer() ? conn.getPeer()->name : nullptr;
1582  ch.dst_addr = conn.remote;
1583  const auto mc = aclFindNfMarkConfig(Ip::Qos::TheConfig.nfmarkToServer, &ch);
1584  return mc.mark;
1585 }
1586 
1587 void
1589 {
1590  // Get the server side TOS and Netfilter mark to be set on the connection.
1591  conn.tos = GetTosToServer(request, conn);
1592  conn.nfmark = GetNfmarkToServer(request, conn);
1593  debugs(17, 3, "from " << conn.local << " tos " << int(conn.tos) << " netfilter mark " << conn.nfmark);
1594 }
1595 
1596 void
1598 {
1600 
1601  // TODO: Avoid these calls if markings has not changed.
1602  if (conn.tos)
1603  Ip::Qos::setSockTos(&conn, conn.tos);
1604  if (conn.nfmark)
1605  Ip::Qos::setSockNfmark(&conn, conn.nfmark);
1606 }
1607 
bool bodyNibbled() const
Definition: HttpRequest.cc:441
Cbc * get() const
a temporary valid raw Cbc pointer or NULL
Definition: CbcPointer.h:162
AsyncCall::Pointer comm_add_close_handler(int fd, CLCB *handler, void *data)
Definition: comm.cc:935
JobPointer job() const
Definition: JobWait.h:76
bool tunneled
whether we spliced the connections instead of negotiating encryption
void noteConnection(HappyConnOpenerAnswer &)
Definition: FwdState.cc:855
FwdStatePeerAnswerDialer(Method method, FwdState *fwd)
Definition: FwdState.cc:87
static OBJH fwdStats
Definition: FwdState.cc:73
#define MAX_FWD_STATS_IDX
Definition: FwdState.cc:75
struct SquidConfig::@97 Timeout
Ip::Address dst_addr
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
bool interceptTproxy
Set for requests handled by a "tproxy" port.
Definition: RequestFlags.h:66
@ ERR_READ_ERROR
Definition: forward.h:28
Cbc * valid() const
was set and is valid
Definition: CbcPointer.h:41
LogTagsErrors err
various problems augmenting the primary log tag
Definition: LogTags.h:84
BodyPipe::Pointer body_pipe
optional pipeline to receive message body
Definition: Message.h:98
Comm::ConnectionPointer serverConn
a successfully opened connection to a server.
Definition: FwdState.h:202
Acl::Address * outgoing_address
Definition: SquidConfig.h:387
struct squidaio_request_t * next
Definition: aiops.cc:51
time_t start_t
Definition: FwdState.h:181
void unregisterAbortCallback(const char *reason)
Definition: store.cc:1515
void whoisStart(FwdState *fwd)
Definition: whois.cc:56
@ ERR_GATEWAY_FAILURE
Definition: forward.h:67
Ip::Address src_addr
void stopPeerClock(const bool force)
Definition: access_log.cc:304
@ scBadRequest
Definition: StatusCode.h:44
void reactToZeroSizeObject()
ERR_ZERO_SIZE_OBJECT requires special adjustments.
Definition: FwdState.cc:507
int setSockNfmark(const Comm::ConnectionPointer &conn, nfmark_t mark)
Definition: QosConfig.cc:601
bool destinationsFinalized
whether all of the available candidate paths received from DNS
Definition: ResolvedPeers.h:81
JobWait< Http::Tunneler > peerWait
Definition: FwdState.h:199
@ Error
Definition: ResultCode.h:19
void(FwdState::* Method)(Security::EncryptorAnswer &)
Definition: FwdState.cc:85
void fd_note(int fd, const char *s)
Definition: fd.cc:247
CbcPointer< ErrorState > error
problem details (nil on success)
#define EBIT_SET(flag, bit)
Definition: defines.h:67
void errorAppendEntry(StoreEntry *entry, ErrorState *err)
Definition: errorpage.cc:720
bool isEmpty() const
Definition: SBuf.h:424
const char * StatusCodeString(const Http::StatusCode status)
Definition: StatusCode.cc:14
MemObject * mem_obj
Definition: Store.h:222
RequestFlags flags
Definition: HttpRequest.h:141
CbcPointer< ErrorState > error
problem details (nil on success)
void clearError()
clear error details, useful for retries/repeats
Definition: HttpRequest.cc:466
static void initModule()
Definition: FwdState.cc:1418
void addPath(const Comm::ConnectionPointer &)
add a candidate path to try after all the existing paths
void update(const LogTagsErrors &other)
Definition: LogTags.cc:14
void syncWithServerConn(const Comm::ConnectionPointer &server, const char *host, const bool reused)
commits to using the given open to-peer connection
Definition: FwdState.cc:1086
const char * url() const
Definition: store.cc:1592
void updateError(const Error &)
sets (or updates the already stored) transaction error as needed
@ ENTRY_FWD_HDR_WAIT
Definition: enums.h:111
MemObject & mem()
Definition: Store.h:52
void useDestinations()
Definition: FwdState.cc:468
static CLCB fwdServerClosedWrapper
Definition: FwdState.cc:71
void secureConnectionToPeerIfNeeded(const Comm::ConnectionPointer &)
handles an established TCP connection to peer (including origin servers)
Definition: FwdState.cc:985
void storeAppendPrintf(StoreEntry *e, const char *fmt,...)
Definition: store.cc:872
void lock(const char *context)
Definition: store.cc:460
void error(char *format,...)
unsigned int nfConnmarkFromServer
Definition: fde.h:171
AccessLogEntryPointer al
info for the future access.log entry
Definition: FwdState.h:172
bool isHttpSafe() const
void startSelectingDestinations(HttpRequest *request, const AccessLogEntry::Pointer &ale, StoreEntry *entry)
Definition: peer_select.cc:335
@ ERR_UNSUP_REQ
Definition: forward.h:44
void getTosFromServer(const Comm::ConnectionPointer &server, fde *clientFde)
Definition: QosConfig.cc:42
int tproxy_uses_indirect_client
Definition: SquidConfig.h:337
acl_access * miss
Definition: SquidConfig.h:369
@ PING_WAITING
Sent ICP queries to peers and still awaiting responses.
Definition: enums.h:43
void internalStart(const Comm::ConnectionPointer &clientConn, HttpRequest *request, StoreEntry *entry, const AccessLogEntry::Pointer &ale)
Definition: internal.cc:33
@ raceHappened
Definition: FwdState.h:208
JobWait< HappyConnOpener > transportWait
waits for a transport connection to the peer to be established/opened
Definition: FwdState.h:192
time_t connectingTimeout(const Comm::ConnectionPointer &conn) const
Definition: FwdState.cc:1472
DelayId mostBytesAllowed() const
Definition: MemObject.cc:465
virtual void print(std::ostream &os) const
Definition: FwdState.cc:93
bool hostVerified
Definition: RequestFlags.h:64
PconnPool * fwdPconnPool
a collection of previously used persistent Squid-to-peer HTTP(S) connections
Definition: FwdState.cc:78
void noteUses(int uses)
Definition: pconn.cc:536
void advanceDestination(const char *stepDescription, const Comm::ConnectionPointer &conn, const StepStart &startStep)
starts a preparation step for an established connection; retries on failures
Definition: FwdState.cc:835
const char * err_type_str[]
Definition: stub_liberror.cc:8
void dial(AsyncCall &)
Definition: FwdState.cc:92
HierarchyLogEntry hier
void connectStart()
Definition: FwdState.cc:1120
unsigned char tos_t
Definition: forward.h:27
uint16_t flags
Definition: Store.h:233
void detailError(const ErrorDetail::Pointer &dCode)
set error type-specific detail code
Definition: errorpage.h:109
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
Acl::Answer const & fastCheck()
Definition: Checklist.cc:336
bool IsConnOpen(const Comm::ConnectionPointer &conn)
Definition: Connection.cc:27
@ dirOpened
opened (by Squid to an origin server or peer)
Definition: QosConfig.h:68
void usePinned()
send request on an existing connection dedicated to the requesting client
Definition: FwdState.cc:1157
Http::StatusLine sline
Definition: HttpReply.h:56
void HTTPMSGUNLOCK(M *&a)
Definition: Message.h:150
void syncHierNote(const Comm::ConnectionPointer &server, const char *host)
Definition: FwdState.cc:1106
void tunnelEstablishmentDone(Http::TunnelerAnswer &answer)
resumes operations after the (possibly failed) HTTP CONNECT exchange
Definition: FwdState.cc:947
@ ERR_NONE
Definition: forward.h:15
void cancelStep(const char *reason)
Definition: FwdState.cc:221
StatusCode
Definition: StatusCode.h:20
err_type
Definition: forward.h:14
static CacheManager * GetInstance()
void unregister(Comm::ConnectionPointer &conn)
Definition: FwdState.cc:530
void CLCB(const CommCloseCbParams &params)
Definition: CommCalls.h:42
void fail(ErrorState *err)
Definition: FwdState.cc:489
Acl::Address * next
Definition: Address.h:27
A PeerConnector for HTTP origin servers. Capable of SslBumping.
acl_access * serverPconnForNonretriable
Definition: SquidConfig.h:412
static void Start(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *, const AccessLogEntryPointer &alp)
Initiates request forwarding to a peer or origin server.
Definition: FwdState.cc:361
@ ORIGINAL_DST
Definition: hier_code.h:36
void reset()
Definition: store.cc:1647
#define DBG_IMPORTANT
Definition: Debug.h:41
AclDenyInfoList * denyInfoList
Definition: SquidConfig.h:415
static time_t diffOrZero(const time_t larger, const time_t smaller)
Definition: FwdState.cc:447
Callback dialer API to allow Tunneler to set the answer.
Definition: HttpTunneler.h:40
bool isIdempotent() const
Definition: fde.h:52
static void RegisterWithCacheManager(void)
Definition: FwdState.cc:1424
Security::EncryptorAnswer answer_
Definition: FwdState.cc:103
AnyP::UriScheme const & getScheme() const
Definition: Uri.h:67
static void HandleStoreAbort(FwdState *)
called by Store if the entry is no longer usable
Definition: FwdState.cc:107
@ racePossible
Definition: FwdState.h:208
bool empty() const
whether we lack any known candidate paths
Definition: ResolvedPeers.h:45
list of address-based ACLs.
Definition: Address.h:20
void getOutgoingAddress(HttpRequest *request, const Comm::ConnectionPointer &conn)
Definition: FwdState.cc:1509
@ ENTRY_ABORTED
Definition: enums.h:115
virtual void noteDestination(Comm::ConnectionPointer conn) override
called when a new unique destination has been found
Definition: FwdState.cc:612
CbcPointer< FwdState > fwd_
Definition: FwdState.cc:102
void stopAndDestroy(const char *reason)
ends forwarding; relies on refcounting so the effect may not be immediate
Definition: FwdState.cc:206
@ PROTO_URN
Definition: ProtocolType.h:37
void closeServerConnection(const char *reason)
stops monitoring server connection for closure and updates pconn stats
Definition: FwdState.cc:132
@ scGatewayTimeout
Definition: StatusCode.h:75
#define COMM_TRANSPARENT
Definition: Connection.h:50
UnaryCbdataDialer< Argument1 > cbdataDialer(typename UnaryCbdataDialer< Argument1 >::Handler *handler, Argument1 *arg1)
const char * AclMatchedName
Definition: Acl.cc:30
Comm::ConnectionPointer conn
peer connection (secured on success)
void peerConnectSucceded(CachePeer *p)
Definition: neighbors.cc:1306
bool exhaustedTries() const
whether we have used up all permitted forwarding attempts
Definition: FwdState.cc:1444
parameters for the async notePinnedConnectionBecameIdle() call
Definition: client_side.h:184
void OBJH(StoreEntry *)
Definition: forward.h:44
#define NULL
Definition: types.h:166
static nfmark_t GetNfmarkToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1575
@ scForbidden
Definition: StatusCode.h:47
err_type aclGetDenyInfoPage(AclDenyInfoList **head, const char *name, int redirect_allowed)
Definition: Gadgets.cc:42
void ResetMarkingsToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1597
void dispatch()
Definition: FwdState.cc:1193
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
bool pinnedCanRetry() const
Definition: FwdState.cc:1450
@ scNotImplemented
Definition: StatusCode.h:72
Http::StatusCode status() const
retrieve the status code for this status line
Definition: StatusLine.h:45
const HttpReply & baseReply() const
Definition: MemObject.h:59
void updateAleWithFinalError()
updates ALE when we finalize the transaction error (if any)
Definition: FwdState.cc:261
void abort()
Definition: store.cc:1094
void doneWithRetries()
Definition: FwdState.cc:815
err_type type
Definition: errorpage.h:168
void start(const Comm::ConnectionPointer &client, HttpRequest *request, StoreEntry *entry, const AccessLogEntryPointer &ale)
HttpRequestPointer request
Definition: errorpage.h:175
virtual ~FwdState()
Definition: FwdState.cc:328
@ scBadGateway
Definition: StatusCode.h:73
ConnStateData * pinnedConnection()
Definition: HttpRequest.cc:733
Ip::Address local
Definition: Connection.h:144
#define EBIT_TEST(flag, bit)
Definition: defines.h:69
CachePeer * getPeer() const
Definition: Connection.cc:124
bool subscribed
whether noteDestination() and noteDestinationsEnd() calls are allowed
std::ostream & HERE(std::ostream &s)
Definition: Debug.h:152
ping_status_t ping_status
Definition: Store.h:243
void successfullyConnectedToPeer(const Comm::ConnectionPointer &)
called when all negotiations with the peer have been completed
Definition: FwdState.cc:1070
void httpsPeeked(PinnedIdleContext pic)
called by FwdState when it is done bumping the server
@ METHOD_CONNECT
Definition: MethodType.h:29
void establishTunnelThruProxy(const Comm::ConnectionPointer &)
Definition: FwdState.cc:924
Callback dialer API to allow PeerConnector to set the answer.
Definition: PeerConnector.h:57
JobWait< Security::PeerConnector > encryptionWait
waits for the established transport connection to be secured/encrypted
Definition: FwdState.h:195
#define CallJobHere(debugSection, debugLevel, job, Class, method)
Definition: AsyncJobCalls.h:58
int unlock(const char *context)
Definition: store.cc:484
Comm::ConnectionPointer clientConn
a possibly open connection to the client.
Definition: FwdState.h:180
virtual void noteDestinationsEnd(ErrorState *selectionError) override
Definition: FwdState.cc:645
bool denied() const
Definition: Acl.h:149
FwdState(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *, const AccessLogEntryPointer &alp)
Definition: FwdState.cc:144
AsyncCall::Pointer closeHandler
The serverConn close handler.
Definition: FwdState.h:205
int n_tries
the number of forwarding attempts so far
Definition: FwdState.h:182
int client_dst_passthru
Definition: SquidConfig.h:345
store_status_t store_status
Definition: Store.h:245
struct SquidConfig::@112 accessList
static tos_t GetTosToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1562
@ ERR_ZERO_SIZE_OBJECT
Definition: forward.h:46
int conn
the current server connection FD
Definition: Transport.cc:26
#define assert(EX)
Definition: assert.h:19
void startPeerClock()
Start recording total time spent communicating with peers.
Definition: access_log.cc:297
SSL Connection
Definition: Session.h:45
bool intercepted
Definition: RequestFlags.h:62
class AccessLogEntry::CacheDetails cache
uint32_t nfmark_t
Definition: forward.h:26
HierarchyLogEntry hier
Definition: HttpRequest.h:157
struct FwdState::@71 flags
virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const
assigns uninitialized adapted_request and url ALE components
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:161
static bool EnoughTimeToReForward(const time_t fwdStart)
Definition: FwdState.cc:462
std::ostream & CurrentException(std::ostream &os)
prints active (i.e., thrown but not yet handled) exception
static time_t ForwardTimeout(const time_t fwdStart)
time left to finish the whole forwarding process (which started at fwdStart)
Definition: FwdState.cc:454
void clear()
make pointer not set; does not invalidate cbdata
Definition: CbcPointer.h:144
@ scServiceUnavailable
Definition: StatusCode.h:74
void retryOrBail()
Definition: FwdState.cc:790
bool checkRetry()
Definition: FwdState.cc:712
ErrorState * err
Definition: FwdState.h:179
@ PROTO_GOPHER
Definition: ProtocolType.h:30
@ scInternalServerError
Definition: StatusCode.h:71
void completed()
Definition: FwdState.cc:277
ErrorDetail::Pointer detail
Definition: errorpage.h:204
#define CBDATA_CLASS_INIT(type)
Definition: cbdata.h:318
void fatal_dump(const char *message)
Definition: fatal.cc:78
size_type length() const
Returns the number of bytes stored in SBuf.
Definition: SBuf.h:408
time_t squid_curtime
Definition: stub_time.cc:17
static void logReplyStatus(int tries, const Http::StatusCode status)
Definition: FwdState.cc:1430
bool isNoAddr() const
Definition: Address.cc:284
virtual Security::EncryptorAnswer & answer()
gives PeerConnector access to the in-dialer answer
Definition: FwdState.cc:98
int xerrno
Definition: errorpage.h:177
void completeSuccessfully(const char *whyWeAreSureWeStoredTheWholeReply)
Definition: store.cc:1034
bool notificationPending
whether HappyConnOpener::noteCandidatesChange() is scheduled to fire
Definition: ResolvedPeers.h:84
Final result (an open connection or an error) sent to the job initiator.
A simple PeerConnector for SSL/TLS cache_peers. No SslBump capabilities.
virtual void notePeerConnection(Comm::ConnectionPointer)
called just before a FwdState-dispatched job starts using connection
Definition: client_side.h:208
@ PROTO_CACHE_OBJECT
Definition: ProtocolType.h:32
#define fd_table
Definition: fde.h:189
void urnStart(HttpRequest *r, StoreEntry *e, const AccessLogEntryPointer &ale)
Definition: urn.cc:212
void start(const JobPointer &aJob, const AsyncCall::Pointer &aCallback)
starts waiting for the given job to call the given callback
Definition: JobWait.h:69
@ ERR_READ_TIMEOUT
Definition: forward.h:26
tos_t aclMapTOS(acl_tos *head, ACLChecklist *ch)
Checks for a TOS value to apply depending on the ACL.
Definition: FwdState.cc:1486
static Comm::ConnectionPointer BorrowPinnedConnection(HttpRequest *, const AccessLogEntryPointer &)
#define COMM_DOBIND
Definition: Connection.h:49
@ PROTO_WHOIS
Definition: ProtocolType.h:38
time_t positiveTimeout(const time_t timeout)
Definition: neighbors.cc:1196
@ PROTO_HTTPS
Definition: ProtocolType.h:27
HttpRequestMethod method
Definition: HttpRequest.h:114
Config TheConfig
Globally available instance of Qos::Config.
Definition: QosConfig.cc:282
@ ERR_SHUTTING_DOWN
Definition: forward.h:72
Comm::ConnectionPointer conn
@ PROTO_FTP
Definition: ProtocolType.h:26
@ PING_DONE
Definition: enums.h:46
PeerConnectionPointer conn
nfmark_t getNfConnmark(const Comm::ConnectionPointer &conn, const ConnectionDirection connDir)
Definition: QosConfig.cc:145
@ PROTO_HTTP
Definition: ProtocolType.h:25
bool allowed() const
Definition: Acl.h:143
const char * storedWholeReply_
Definition: FwdState.h:213
void prepForPeering(const CachePeer &peer)
get ready to be sent to the given cache_peer, including originserver
Definition: HttpRequest.cc:447
a netfilter mark/mask pair
Definition: NfMarkConfig.h:21
bool timedout
_TIMEDOUT: terminated due to a lifetime or I/O timeout
Definition: LogTags.h:25
@ ERR_FORWARDING_DENIED
Definition: forward.h:21
struct SquidConfig::@111 onoff
void reinstatePath(const PeerConnectionPointer &)
void complete()
Definition: FwdState.cc:557
int reforward()
Definition: FwdState.cc:1318
squidaio_request_t * head
Definition: aiops.cc:127
void StartRelay(FwdState *const fwdState)
A new FTP Relay job.
Definition: FtpRelay.cc:808
@ raceImpossible
Definition: FwdState.h:208
@ PROTO_WAIS
Definition: ProtocolType.h:31
static char server[MAXLINE]
void connectedToPeer(Security::EncryptorAnswer &answer)
called when all negotiations with the TLS-speaking peer have been completed
Definition: FwdState.cc:1034
void expectNoConsumption()
there will be no more setConsumer() calls
Definition: BodyPipe.cc:267
static int FwdReplyCodes[MAX_FWD_STATS_IDX+1][Http::scInvalidHeader+1]
Definition: FwdState.cc:76
bool isEmpty() const
Definition: Store.h:67
void StartGateway(FwdState *const fwdState)
A new FTP Gateway job.
Definition: FtpGateway.cc:2685
@ ERR_CONNECT_FAIL
Definition: forward.h:30
bool reforwardableStatus(const Http::StatusCode s) const
Definition: FwdState.cc:1392
AsyncCall dialer for our callback. Gives us access to callback Answer.
#define Must(condition)
Like assert() but throws an exception instead of aborting the process.
Definition: TextException.h:73
Ip::NfMarkConfig aclFindNfMarkConfig(acl_nfmark *head, ACLChecklist *ch)
Checks for a netfilter mark value to apply depending on the ACL.
Definition: FwdState.cc:1498
PeerConnectionPointer destinationReceipt
peer selection result (or nil)
Definition: FwdState.h:203
SBuf leftovers
peer-generated bytes after a positive answer (or empty)
AsyncCall * asyncCall(int aDebugSection, int aDebugLevel, const char *aName, const Dialer &aDialer)
Definition: AsyncCall.h:156
void resetPeerNotes(const Comm::ConnectionPointer &server, const char *requestedHost)
Definition: access_log.cc:251
StoreEntry * entry
Definition: FwdState.h:170
bool reused
whether conn was open earlier, by/for somebody else
int setSockTos(const Comm::ConnectionPointer &conn, tos_t tos)
Definition: QosConfig.cc:569
@ scInvalidHeader
Definition: StatusCode.h:86
void secureConnectionToPeer(const Comm::ConnectionPointer &)
encrypts an established TCP connection to peer (including origin servers)
Definition: FwdState.cc:1014
time_t forward
Definition: SquidConfig.h:114
int shutting_down
bool usingDestination() const
Definition: FwdState.cc:594
int forward_max_tries
Definition: SquidConfig.h:358
static void fwdStart(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *)
Same as Start() but no master xaction info (AccessLogEntry) available.
Definition: FwdState.cc:438
PconnRace pconnRace
current pconn race state
Definition: FwdState.h:209
void prepForDirect()
get ready to be sent directly to an origin server, excluding originserver
Definition: HttpRequest.cc:457
@ ERR_CANNOT_FORWARD
Definition: forward.h:23
@ ENTRY_DISPATCHED
Definition: enums.h:101
int locked() const
Definition: Store.h:145
void markStoredReplyAsWhole(const char *whyWeAreSure)
Definition: FwdState.cc:600
void start(Pointer aSelf)
Definition: FwdState.cc:167
void registerAbortCallback(const AsyncCall::Pointer &)
notify the StoreEntry writer of a 3rd-party initiated StoreEntry abort
Definition: store.cc:1507
void RegisterAction(char const *action, char const *desc, OBJH *handler, int pw_req_flag, int atomic)
Definition: Registration.cc:16
bool noteFwdPconnUse
hack: whether the connection requires fwdPconnPool->noteUses()
Definition: PeerConnector.h:72
static StatHist s
void gopherStart(FwdState *fwd)
Definition: gopher.cc:945
HttpRequest * request
Definition: FwdState.h:171
Ip::Address client_addr
Definition: HttpRequest.h:149
void serverClosed()
Definition: FwdState.cc:769
void host(const char *src)
Definition: Uri.cc:98
void netdbPingSite(const char *hostname)
Definition: net_db.cc:908
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
void closePendingConnection(const Comm::ConnectionPointer &conn, const char *reason)
get rid of a to-server connection that failed to become serverConn
Definition: FwdState.cc:120
HttpRequestPointer request
Definition: MemObject.h:188
bool checkRetriable()
Whether we may try sending this request again after a failure.
Definition: FwdState.cc:756
void completeTruncated(const char *whyWeConsiderTheReplyTruncated)
Definition: store.cc:1041
void comm_remove_close_handler(int fd, CLCB *handler, void *data)
Definition: comm.cc:962
Comm::ConnectionPointer const & serverConnection() const
Definition: FwdState.h:106
Http::StatusCode httpStatus
Definition: errorpage.h:171
struct SquidConfig::@115 retry
CbcPointer< ErrorState > squidError
problem details (or nil)
CbcPointer< ConnStateData > clientConnectionManager
Definition: HttpRequest.h:232
bool ftpNative
carries a representation of an FTP command [received on ftp_port]
Definition: RequestFlags.h:103
void handleUnregisteredServerEnd()
Definition: FwdState.cc:823
class SquidConfig Config
Definition: SquidConfig.cc:12
void GetMarkingsToServer(HttpRequest *request, Comm::Connection &conn)
Definition: FwdState.cc:1588
ResolvedPeersPointer destinations
paths for forwarding the request
Definition: FwdState.h:201
int unsigned int
Definition: stub_fd.cc:19
int storePendingNClients(const StoreEntry *e)
void httpStart(FwdState *fwd)
Definition: http.cc:2464
virtual bool canDial(AsyncCall &)
Definition: FwdState.cc:91
ErrorDetail::Pointer MakeNamedErrorDetail(const char *name)
Definition: Detail.cc:54
void notifyConnOpener()
makes sure connection opener knows that the destinations have changed
Definition: FwdState.cc:682
#define CallJobHere1(debugSection, debugLevel, job, Class, method, arg1)
Definition: AsyncJobCalls.h:63
@ STORE_PENDING
Definition: enums.h:51

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors