client_side.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 33 Client-side Routines */
10 
11 #ifndef SQUID_CLIENTSIDE_H
12 #define SQUID_CLIENTSIDE_H
13 
14 #include "base/RunnersRegistry.h"
15 #include "clientStreamForward.h"
16 #include "comm.h"
17 #include "helper/forward.h"
18 #include "http/forward.h"
19 #include "HttpControlMsg.h"
20 #include "ipc/FdNotes.h"
21 #include "sbuf/SBuf.h"
22 #include "servers/Server.h"
23 #if USE_AUTH
24 #include "auth/UserRequest.h"
25 #endif
26 #if USE_OPENSSL
27 #include "security/Handshake.h"
28 #include "ssl/support.h"
29 #endif
30 #if USE_DELAY_POOLS
31 #include "MessageBucket.h"
32 #endif
33 
34 #include <iosfwd>
35 
36 class ClientHttpRequest;
37 class HttpHdrRangeSpec;
38 
41 
42 #if USE_OPENSSL
43 namespace Ssl
44 {
45 class ServerBump;
46 }
47 #endif
48 
74 {
75 
76 public:
77  explicit ConnStateData(const MasterXactionPointer &xact);
78  virtual ~ConnStateData();
79 
80  /* ::Server API */
81  virtual void receivedFirstByte();
82  virtual bool handleReadData();
83  virtual void afterClientRead();
84  virtual void afterClientWrite(size_t);
85 
86  /* HttpControlMsgSink API */
87  virtual void sendControlMsg(HttpControlMsg);
88  virtual void doneWithControlMsg();
89 
91  bool clientParseRequests();
92  void readNextRequest();
93 
95  void kick();
96 
97  bool isOpen() const;
98 
100 
107  int64_t mayNeedToReadMoreBody() const;
108 
109 #if USE_AUTH
110 
114  const Auth::UserRequest::Pointer &getAuth() const { return auth_; }
115 
124  void setAuth(const Auth::UserRequest::Pointer &aur, const char *cause);
125 #endif
126 
128 
129  struct {
130  bool readMore;
131  bool swanSang; // XXX: temporary flag to check proper cleanup
132  } flags;
133  struct {
134  Comm::ConnectionPointer serverConnection; /* pinned server side connection */
135  char *host; /* host name of pinned connection */
136  int port; /* port of pinned connection */
137  bool pinned; /* this connection was pinned */
138  bool auth; /* pinned for www authentication */
139  bool reading;
140  bool zeroReply;
141  CachePeer *peer; /* CachePeer the connection goes via */
143  AsyncCall::Pointer closeHandler; /*The close handler for pinned server side connection*/
144  } pinning;
145 
146  bool transparent() const;
147 
149  const char *stoppedReceiving() const { return stoppedReceiving_; }
151  const char *stoppedSending() const { return stoppedSending_; }
153  void stopReceiving(const char *error);
155  void stopSending(const char *error);
156 
157  void expectNoForwarding();
158 
159  /* BodyPipe API */
162  virtual void noteBodyConsumerAborted(BodyPipe::Pointer) = 0;
163 
164  bool handleRequestBodyData();
165 
168  {
169  public:
171 
174  };
175 
180  void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request);
182  void unpinConnection(const bool andClose);
196  CachePeer *pinnedPeer() const {return pinning.peer;}
197  bool pinnedAuth() const {return pinning.auth;}
198 
201 
202  // pining related comm callbacks
203  virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
204 
205  // comm callbacks
206  void clientReadFtpData(const CommIoCbParams &io);
207  void connStateClosed(const CommCloseCbParams &io);
208  void requestTimeout(const CommTimeoutCbParams &params);
209 
210  // AsyncJob API
211  virtual void start();
212  virtual bool doneAll() const { return BodyProducer::doneAll() && false;}
213  virtual void swanSong();
214 
217  void quitAfterError(HttpRequest *request); // meant to be private
218 
221 
222 #if USE_OPENSSL
223  void postHttpsAccept();
225 
227  void startPeekAndSplice();
228 
232  void doPeekAndSpliceStep();
234  void httpsPeeked(PinnedIdleContext pic);
235 
237  bool splice();
238 
240  void getSslContextStart();
241 
244 
246  static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply);
248  void sslCrtdHandleReply(const Helper::Reply &reply);
249 
250  void switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode);
251  void parseTlsHandshake();
252  bool switchedToHttps() const { return switchedToHttps_; }
254  inline void setServerBump(Ssl::ServerBump *srvBump) {
255  if (!sslServerBump)
256  sslServerBump = srvBump;
257  else
258  assert(sslServerBump == srvBump);
259  }
260  const SBuf &sslCommonName() const {return sslCommonName_;}
261  void resetSslCommonName(const char *name) {sslCommonName_ = name;}
262  const SBuf &tlsClientSni() const { return tlsClientSni_; }
271 
273 
277 #else
278  bool switchedToHttps() const { return false; }
279 #endif
280 
282  virtual bool writeControlMsgAndCall(HttpReply *rep, AsyncCall::Pointer &call) = 0;
283 
286  virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData) = 0;
287 
289  void consumeInput(const size_t byteCount);
290 
291  /* TODO: Make the methods below (at least) non-public when possible. */
292 
294  Http::Stream *abortRequestParsing(const char *const errUri);
295 
298  bool fakeAConnectRequest(const char *reason, const SBuf &payload);
299 
301  bool initiateTunneledRequest(HttpRequest::Pointer const &cause, Http::MethodType const method, const char *reason, const SBuf &payload);
302 
305 
307  ClientHttpRequest *buildFakeRequest(Http::MethodType const method, SBuf &useHost, unsigned short usePort, const SBuf &payload);
308 
312 
313  /* Registered Runner API */
314  virtual void startShutdown();
315  virtual void endingShutdown();
316 
320  bool hasNotes() const { return bool(theNotes) && !theNotes->empty(); }
321 
322 protected:
323  void startDechunkingRequest();
324  void finishDechunkingRequest(bool withSuccess);
327 
330 #if USE_OPENSSL
335 #endif
336 
340  virtual Http::Stream *parseOneRequest() = 0;
341 
343  virtual void processParsedRequest(Http::StreamPointer &) = 0;
344 
346  virtual int pipelinePrefetchMax() const;
347 
349  virtual time_t idleTimeout() const = 0;
350 
353  void whenClientIpKnown();
354 
356 
357 private:
358  /* ::Server API */
359  virtual bool connFinishedWithConn(int size);
360  virtual void checkLogging();
361 
363  bool concurrentRequestQueueFilled() const;
364 
365  void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest &request);
366 
367  /* PROXY protocol functionality */
370  bool parseProxy1p0();
371  bool parseProxy2p0();
372  bool proxyProtocolError(const char *reason);
373 
374 #if USE_OPENSSL
375  Security::ContextPointer getTlsContextFromCache(const SBuf &cacheKey, const Ssl::CertificateProperties &certProperties);
377 
380  void storeTlsContextToCache(const SBuf &cacheKey, Security::ContextPointer &ctx);
381 #endif
382 
385 
386 #if USE_AUTH
389 #endif
390 
393 
394 #if USE_OPENSSL
397 
401 
405 
409 #endif
410 
412  const char *stoppedSending_;
414  const char *stoppedReceiving_;
419 };
420 
421 void setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl = false);
422 
423 const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL);
424 
425 int varyEvaluateMatch(StoreEntry * entry, HttpRequest * req);
426 
429 
430 void clientOpenListenSockets(void);
431 void clientConnectionsClose(void);
432 void httpRequestFree(void *);
433 
436 
438 void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *);
439 
441 void clientPackTermBound(String boundary, MemBuf *);
442 
443 /* misplaced declaratrions of Stream callbacks provided/used by client side */
449 
450 /* TODO: Move to HttpServer. Warning: Move requires large code nonchanges! */
454 
455 std::ostream &operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic);
456 
457 #endif /* SQUID_CLIENTSIDE_H */
458 
bool switchedToHttps() const
Definition: client_side.h:252
bool splice()
Splice a bumped client connection on peek-and-splice mode.
virtual ~ConnStateData()
Definition: client_side.cc:614
virtual bool doneAll() const
whether positive goal has been reached
Definition: AsyncJob.cc:96
void clientPostHttpsAccept(ConnStateData *)
CachePeer * peer
Definition: client_side.h:141
void setAuth(const Auth::UserRequest::Pointer &aur, const char *cause)
Definition: client_side.cc:503
Ssl::ServerBump * serverBump()
Definition: client_side.h:253
NotePairs::Pointer theNotes
Definition: client_side.h:418
#define assert(EX)
Definition: assert.h:17
bool concurrentRequestQueueFilled() const
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:56
AsyncCall::Pointer readHandler
detects serverConnection closure
Definition: client_side.h:142
void parseTlsHandshake()
const SBuf & tlsClientSni() const
Definition: client_side.h:262
virtual Http::Stream * parseOneRequest()=0
Definition: Server.h:28
err_type handleChunkedRequestBody()
parses available chunked encoded body bytes, checks size, returns errors
ConnStateData(const MasterXactionPointer &xact)
HttpRequest::Pointer request
to-server request that initiated serverConnection
Definition: client_side.h:173
bool needProxyProtocolHeader_
whether PROXY protocol header is still expected
Definition: client_side.h:384
virtual void afterClientRead()
processing to be done after a Comm::Read()
void resetSslCommonName(const char *name)
Definition: client_side.h:261
Definition: SBuf.h:87
bool fakeAConnectRequest(const char *reason, const SBuf &payload)
void startPinnedConnectionMonitoring()
SQUIDCEXTERN CSD clientReplyDetach
Definition: client_side.h:446
void setLogUri(ClientHttpRequest *http, char const *uri, bool cleanUrl=false)
ClientHttpRequest * buildFakeRequest(Http::MethodType const method, SBuf &useHost, unsigned short usePort, const SBuf &payload)
build a fake http request
bool transparent() const
bool reading
we are monitoring for peer connection closure
Definition: client_side.h:139
virtual bool connFinishedWithConn(int size)
??
Ssl::ServerBump * sslServerBump
HTTPS server cert. fetching state for bump-ssl-server-first.
Definition: client_side.h:407
#define SQUIDCEXTERN
Definition: squid.h:26
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
void error(char *format,...)
SBuf sslBumpCertKey
Key to use to store/retrieve generated certificate.
Definition: client_side.h:404
SBuf preservedClientData
Definition: client_side.h:311
String sslConnectHostOrIp
The SSL server host name appears in CONNECT request or the server ip address for the intercepted requ...
Definition: client_side.h:399
void stopPinnedConnectionMonitoring()
The caller assumes responsibility for connection closure detection.
bool mayTunnelUnsupportedProto()
whether tunneling of unsupported protocol is allowed for this connection
bool pinnedAuth() const
Definition: client_side.h:197
Auth::UserRequest::Pointer auth_
some user details that can be used to perform authentication on this connection
Definition: client_side.h:388
virtual void swanSong()
Definition: client_side.cc:584
void doPeekAndSpliceStep()
int varyEvaluateMatch(StoreEntry *entry, HttpRequest *req)
int conn
the current server connection FD
Definition: Transport.cc:26
void notePinnedConnectionBecameIdle(PinnedIdleContext pic)
Called when a pinned connection becomes available for forwarding the next request.
void connStateClosed(const CommCloseCbParams &io)
Definition: client_side.cc:496
Ssl::CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: client_side.h:408
Ip::Address log_addr
Definition: client_side.h:127
CachePeer * pinnedPeer() const
Definition: client_side.h:196
void requestTimeout(const CommTimeoutCbParams &params)
void finishDechunkingRequest(bool withSuccess)
put parsed content into input buffer and clean up
Comm::ConnectionPointer serverConnection
Definition: client_side.h:134
bool readMore
needs comm_read (for this request or new requests)
Definition: client_side.h:130
void startPeekAndSplice()
Initializes and starts a peek-and-splice negotiation with the SSL client.
void clientStartListeningOn(AnyP::PortCfgPointer &port, const RefCount< CommCbFunPtrCallT< CommAcceptCbPtrFun > > &subCall, const Ipc::FdNoteId noteId)
accept requests to a given port and inform subCall about them
void stopSending(const char *error)
note response sending error and close as soon as we read the request
Definition: client_side.cc:973
PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req)
Definition: client_side.h:170
FdNoteId
We cannot send char* FD notes to other processes. Pass int IDs and convert.
Definition: FdNotes.h:20
const char * findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end=NULL)
Security::ContextPointer getTlsContextFromCache(const SBuf &cacheKey, const Ssl::CertificateProperties &certProperties)
const char * stoppedSending() const
true if we stopped sending the response
Definition: client_side.h:151
parameters for the async notePinnedConnectionBecameIdle() call
Definition: client_side.h:167
void storeTlsContextToCache(const SBuf &cacheKey, Security::ContextPointer &ctx)
const char * stoppedReceiving_
the reason why we no longer read the request or nil
Definition: client_side.h:414
virtual time_t idleTimeout() const =0
timeout to use when waiting for the next request
void const char HLPCB void * data
Definition: stub_helper.cc:16
void clientConnectionsClose(void)
bool parseProxy2p0()
parse the PROXY/2.0 protocol header from the connection read buffer
virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io)
Our close handler called by Comm when the pinned connection is closed.
void clientReadFtpData(const CommIoCbParams &io)
virtual void sendControlMsg(HttpControlMsg)
called to send the 1xx message and notify the Source
bool parseProxyProtocolHeader()
Http1::TeChunkedParser * bodyParser
parses HTTP/1.1 chunked request body
Definition: client_side.h:99
void clientOpenListenSockets(void)
void sslCrtdHandleReply(const Helper::Reply &reply)
Proccess response from ssl_crtd.
bool empty() const
Definition: Notes.h:242
virtual bool writeControlMsgAndCall(HttpReply *rep, AsyncCall::Pointer &call)=0
handle a control message received by context from a peer and call back
NotePairs::Pointer notes()
void unpinConnection(const bool andClose)
Undo pinConnection() and, optionally, close the pinned connection.
void expectNoForwarding()
cleans up virgin request [body] forwarding state
enum Http::_method_t MethodType
void CSCB(clientStreamNode *, ClientHttpRequest *, HttpReply *, StoreIOBuffer)
client stream read callback
CertSignAlgorithm
Definition: gadgets.h:150
virtual void endingShutdown()
SQUIDCEXTERN CSR clientGetMoreData
Definition: client_side.h:444
void quitAfterError(HttpRequest *request)
AsyncCall::Pointer closeHandler
Definition: client_side.h:143
bool initiateTunneledRequest(HttpRequest::Pointer const &cause, Http::MethodType const method, const char *reason, const SBuf &payload)
generates and sends to tunnel.cc a fake request with a given payload
BodyPipe::Pointer expectRequestBody(int64_t size)
void getSslContextDone(Security::ContextPointer &)
finish configuring the newly created SSL context"
bundles HTTP 1xx reply and the "successfully forwarded" callback
Http::Stream * parseHttpRequest(ConnStateData *, const Http1::RequestParserPointer &)
virtual void afterClientWrite(size_t)
processing to sync state after a Comm::Write()
Definition: client_side.cc:997
void stopReceiving(const char *error)
note request receiving error and close as soon as we write the response
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:28
void abortChunkedRequestBody(const err_type error)
quit on errors related to chunked request body handling
bool handleRequestBodyData()
void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *)
append a "part" HTTP header (as in a multi-part/range reply) to the buffer
Definition: client_side.cc:701
bool zeroReply
server closed w/o response (ERR_ZERO_SIZE_OBJECT)
Definition: client_side.h:140
bool isOpen() const
Definition: client_side.cc:607
const Comm::ConnectionPointer validatePinnedConnection(HttpRequest *request, const CachePeer *peer)
static int port
Definition: ldap_backend.cc:69
virtual void doneWithControlMsg()
sends a single control message, notifying the Sink
virtual void noteMoreBodySpaceAvailable(BodyPipe::Pointer)=0
Security::HandshakeParser tlsParser
Definition: client_side.h:276
bool proxyProtocolError(const char *reason)
A RegisteredRunner with lifetime determined by forces outside the Registry.
virtual void receivedFirstByte()
Update flags and timeout after the first byte received.
bool handleIdleClientPinnedTlsRead()
void clientProcessRequest(ConnStateData *, const Http1::RequestParserPointer &, Http::Stream *)
bool serveDelayedError(Http::Stream *)
void postHttpsAccept()
the second part of old httpsAccept, waiting for future HttpsServer home
bool clientParseRequests()
Traffic parsing.
Http::Stream * abortRequestParsing(const char *const errUri)
stop parsing the request and create context for relaying error info
void setServerBump(Ssl::ServerBump *srvBump)
Definition: client_side.h:254
virtual void notePeerConnection(Comm::ConnectionPointer)
called just before a FwdState-dispatched job starts using connection
Definition: client_side.h:200
SBuf sslCommonName_
CN name for SSL certificate generation.
Definition: client_side.h:400
bool proxyProtocolValidateClient()
void kick()
try to make progress on a transaction or read more I/O
Definition: client_side.cc:892
void readNextRequest()
Definition: client_side.cc:852
const char * stoppedSending_
the reason why we no longer write the response or nil
Definition: client_side.h:412
std::ostream & operator<<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic)
void getSslContextStart()
Start to create dynamic Security::ContextPointer for host or uses static port SSL context...
void httpsPeeked(PinnedIdleContext pic)
called by FwdState when it is done bumping the server
virtual bool handleReadData()
SQUIDCEXTERN CSS clientReplyStatus
Definition: client_side.h:445
bool parseProxy1p0()
parse the PROXY/1.0 protocol header from the connection read buffer
CSCB clientSocketRecipient
Definition: client_side.h:447
Http1::RequestParserPointer parser_
the parser state for current HTTP/1.x input buffer processing
Definition: client_side.h:392
virtual int pipelinePrefetchMax() const
returning N allows a pipeline of 1+N requests (see pipeline_prefetch)
const SBuf & sslCommonName() const
Definition: client_side.h:260
void startDechunkingRequest()
initialize dechunking state
struct ConnStateData::@39 flags
size_t HttpReply *STUB StoreEntry const KeyScope scope const HttpRequestMethod & method
Definition: stub_store.cc:126
const char * stoppedReceiving() const
true if we stopped receiving the request
Definition: client_side.h:149
void clientPackTermBound(String boundary, MemBuf *)
put terminating boundary for multiparts to the buffer
Definition: client_side.cc:694
Definition: MemBuf.h:23
BodyPipe::Pointer bodyPipe
set when we are reading request body
Definition: client_side.h:355
clientStream_status_t CSS(clientStreamNode *, ClientHttpRequest *)
virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData)=0
CSD clientSocketDetach
Definition: client_side.h:448
virtual void processParsedRequest(Http::StreamPointer &)=0
start processing a freshly parsed request
Ssl::BumpMode sslBumpMode
ssl_bump decision (Ssl::bumpEnd if n/a).
Definition: client_side.h:272
Comm::ConnectionPointer connection
to-server connection to be pinned
Definition: client_side.h:172
void whenClientIpKnown()
void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest &request)
Forward future client requests using the given server connection.
void switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode)
BumpMode
Definition: support.h:125
RefCount< MasterXaction > MasterXactionPointer
Definition: client_side.h:39
bool hasNotes() const
Definition: client_side.h:320
struct ConnStateData::@40 pinning
SBuf tlsClientSni_
TLS client delivered SNI value. Empty string if none has been received.
Definition: client_side.h:403
bool parsingTlsHandshake
whether we are getting/parsing TLS Hello bytes
Definition: client_side.h:396
void CSD(clientStreamNode *, ClientHttpRequest *)
client stream detach
void CSR(clientStreamNode *, ClientHttpRequest *)
client stream read
virtual bool doneAll() const
whether positive goal has been reached
Definition: client_side.h:212
static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply)
Callback function. It is called when squid receive message from ssl_crtd.
void clientAfterReadingRequests()
virtual void checkLogging()
Log the current [attempt at] transaction if nobody else will.
void clientPinnedConnectionRead(const CommIoCbParams &io)
int64_t mayNeedToReadMoreBody() const
#define NULL
Definition: types.h:166
void consumeInput(const size_t byteCount)
remove no longer needed leading bytes from the input buffer
const Auth::UserRequest::Pointer & getAuth() const
Definition: client_side.h:114
Comm::ConnectionPointer borrowPinnedConnection(HttpRequest *request, const CachePeer *aPeer)
Returns validated pinnned server connection (and stops its monitoring).
void httpRequestFree(void *)
Definition: client_side.cc:488
void buildSslCertGenerationParams(Ssl::CertificateProperties &certProperties)
int size
Definition: ModDevPoll.cc:77
void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request)
virtual void start()
called by AsyncStart; do not call directly
bool switchedToHttps_
Definition: client_side.h:395
virtual void startShutdown()
virtual void noteBodyConsumerAborted(BodyPipe::Pointer)=0
err_type
Definition: err_type.h:12
void clientSetKeepaliveFlag(ClientHttpRequest *http)
decide whether to expect multiple requests on the corresponding connection
Definition: client_side.cc:641

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors