client_side.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 33 Client-side Routines */
10 
11 #ifndef SQUID_CLIENTSIDE_H
12 #define SQUID_CLIENTSIDE_H
13 
14 #include "base/RunnersRegistry.h"
15 #include "clientStreamForward.h"
16 #include "comm.h"
17 #include "helper/forward.h"
18 #include "http/forward.h"
19 #include "HttpControlMsg.h"
20 #include "ipc/FdNotes.h"
21 #include "proxyp/forward.h"
22 #include "sbuf/SBuf.h"
23 #include "servers/Server.h"
24 #if USE_AUTH
25 #include "auth/UserRequest.h"
26 #endif
27 #if USE_OPENSSL
28 #include "security/Handshake.h"
29 #include "ssl/support.h"
30 #endif
31 #if USE_DELAY_POOLS
32 #include "MessageBucket.h"
33 #endif
34 
35 #include <iosfwd>
36 
37 class ClientHttpRequest;
38 class HttpHdrRangeSpec;
39 
42 
43 #if USE_OPENSSL
44 namespace Ssl
45 {
46 class ServerBump;
47 }
48 #endif
49 
75 {
76 
77 public:
78  explicit ConnStateData(const MasterXactionPointer &xact);
79  virtual ~ConnStateData();
80 
81  /* ::Server API */
82  virtual void receivedFirstByte();
83  virtual bool handleReadData();
84  virtual void afterClientRead();
85  virtual void afterClientWrite(size_t);
86 
87  /* HttpControlMsgSink API */
88  virtual void sendControlMsg(HttpControlMsg);
89  virtual void doneWithControlMsg();
90 
92  bool clientParseRequests();
93  void readNextRequest();
94 
96  void kick();
97 
98  bool isOpen() const;
99 
101 
108  int64_t mayNeedToReadMoreBody() const;
109 
110 #if USE_AUTH
111 
115  const Auth::UserRequest::Pointer &getAuth() const { return auth_; }
116 
125  void setAuth(const Auth::UserRequest::Pointer &aur, const char *cause);
126 #endif
127 
129 
130  struct {
131  bool readMore;
132  bool swanSang; // XXX: temporary flag to check proper cleanup
133  } flags;
134  struct {
135  Comm::ConnectionPointer serverConnection; /* pinned server side connection */
136  char *host; /* host name of pinned connection */
137  int port; /* port of pinned connection */
138  bool pinned; /* this connection was pinned */
139  bool auth; /* pinned for www authentication */
140  bool reading;
141  bool zeroReply;
142  CachePeer *peer; /* CachePeer the connection goes via */
144  AsyncCall::Pointer closeHandler; /*The close handler for pinned server side connection*/
145  } pinning;
146 
147  bool transparent() const;
148 
150  const char *stoppedReceiving() const { return stoppedReceiving_; }
152  const char *stoppedSending() const { return stoppedSending_; }
154  void stopReceiving(const char *error);
156  void stopSending(const char *error);
157 
158  void expectNoForwarding();
159 
160  /* BodyPipe API */
161  BodyPipe::Pointer expectRequestBody(int64_t size);
162  virtual void noteMoreBodySpaceAvailable(BodyPipe::Pointer) = 0;
163  virtual void noteBodyConsumerAborted(BodyPipe::Pointer) = 0;
164 
165  bool handleRequestBodyData();
166 
169  {
170  public:
171  PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req): connection(conn), request(req) {}
172 
175  };
176 
178  void notePinnedConnectionBecameIdle(PinnedIdleContext pic);
181  void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request);
183  void unpinConnection(const bool andClose);
192  const Comm::ConnectionPointer validatePinnedConnection(HttpRequest *request);
196  CachePeer *pinnedPeer() const {return pinning.peer;}
197  bool pinnedAuth() const {return pinning.auth;}
198 
201 
202  // pining related comm callbacks
203  virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
204 
205  // comm callbacks
206  void clientReadFtpData(const CommIoCbParams &io);
207  void connStateClosed(const CommCloseCbParams &io);
208  void requestTimeout(const CommTimeoutCbParams &params);
209 
210  // AsyncJob API
211  virtual void start();
212  virtual bool doneAll() const { return BodyProducer::doneAll() && false;}
213  virtual void swanSong();
214 
217  void quitAfterError(HttpRequest *request); // meant to be private
218 
220  void stopPinnedConnectionMonitoring();
221 
223  void postHttpsAccept();
224 
225 #if USE_OPENSSL
226  void startPeekAndSplice();
228 
232  void doPeekAndSpliceStep();
234  void httpsPeeked(PinnedIdleContext pic);
235 
237  bool splice();
238 
240  void getSslContextStart();
241 
243  void getSslContextDone(Security::ContextPointer &);
244 
246  static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply);
248  void sslCrtdHandleReply(const Helper::Reply &reply);
249 
250  void switchToHttps(ClientHttpRequest *, Ssl::BumpMode bumpServerMode);
251  void parseTlsHandshake();
252  bool switchedToHttps() const { return switchedToHttps_; }
253  Ssl::ServerBump *serverBump() {return sslServerBump;}
254  inline void setServerBump(Ssl::ServerBump *srvBump) {
255  if (!sslServerBump)
256  sslServerBump = srvBump;
257  else
258  assert(sslServerBump == srvBump);
259  }
260  const SBuf &sslCommonName() const {return sslCommonName_;}
261  void resetSslCommonName(const char *name) {sslCommonName_ = name;}
262  const SBuf &tlsClientSni() const { return tlsClientSni_; }
265  void buildSslCertGenerationParams(Ssl::CertificateProperties &certProperties);
270  bool serveDelayedError(Http::Stream *);
271 
273 
277 #else
278  bool switchedToHttps() const { return false; }
279 #endif
280  char *prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp);
281 
283  virtual bool writeControlMsgAndCall(HttpReply *rep, AsyncCall::Pointer &call) = 0;
284 
287  virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData) = 0;
288 
290  void consumeInput(const size_t byteCount);
291 
292  /* TODO: Make the methods below (at least) non-public when possible. */
293 
295  Http::Stream *abortRequestParsing(const char *const errUri);
296 
299  bool fakeAConnectRequest(const char *reason, const SBuf &payload);
300 
302  bool initiateTunneledRequest(HttpRequest::Pointer const &cause, Http::MethodType const method, const char *reason, const SBuf &payload);
303 
305  bool mayTunnelUnsupportedProto();
306 
308  ClientHttpRequest *buildFakeRequest(Http::MethodType const method, SBuf &useHost, unsigned short usePort, const SBuf &payload);
309 
313 
314  /* Registered Runner API */
315  virtual void startShutdown();
316  virtual void endingShutdown();
317 
320  NotePairs::Pointer notes();
321  bool hasNotes() const { return bool(theNotes) && !theNotes->empty(); }
322 
323  const ProxyProtocol::HeaderPointer &proxyProtocolHeader() const { return proxyProtocolHeader_; }
324 
325 protected:
326  void startDechunkingRequest();
327  void finishDechunkingRequest(bool withSuccess);
328  void abortChunkedRequestBody(const err_type error);
329  err_type handleChunkedRequestBody();
330 
331  void startPinnedConnectionMonitoring();
332  void clientPinnedConnectionRead(const CommIoCbParams &io);
333 #if USE_OPENSSL
334  bool handleIdleClientPinnedTlsRead();
338 #endif
339 
343  virtual Http::Stream *parseOneRequest() = 0;
344 
346  virtual void processParsedRequest(Http::StreamPointer &) = 0;
347 
349  virtual int pipelinePrefetchMax() const;
350 
352  virtual time_t idleTimeout() const = 0;
353 
356  void whenClientIpKnown();
357 
359 
360 private:
361  /* ::Server API */
362  virtual bool connFinishedWithConn(int size);
363  virtual void checkLogging();
364 
365  void clientAfterReadingRequests();
366  bool concurrentRequestQueueFilled() const;
367 
368  void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest &request);
369 
370  /* PROXY protocol functionality */
371  bool proxyProtocolValidateClient();
372  bool parseProxyProtocolHeader();
373  bool proxyProtocolError(const char *reason);
374 
375 #if USE_OPENSSL
376  Security::ContextPointer getTlsContextFromCache(const SBuf &cacheKey, const Ssl::CertificateProperties &certProperties);
378 
381  void storeTlsContextToCache(const SBuf &cacheKey, Security::ContextPointer &ctx);
382 #endif
383 
386 
389 
390 #if USE_AUTH
393 #endif
394 
397 
398 #if USE_OPENSSL
401 
404  unsigned short tlsConnectPort;
406 
410 
414 #endif
415 
417  const char *stoppedSending_;
419  const char *stoppedReceiving_;
424 };
425 
426 const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL);
427 
428 int varyEvaluateMatch(StoreEntry * entry, HttpRequest * req);
429 
432 
433 void clientOpenListenSockets(void);
434 void clientConnectionsClose(void);
435 void httpRequestFree(void *);
436 
439 
441 void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *);
442 
444 void clientPackTermBound(String boundary, MemBuf *);
445 
446 /* misplaced declaratrions of Stream callbacks provided/used by client side */
452 
453 /* TODO: Move to HttpServer. Warning: Move requires large code nonchanges! */
457 
458 std::ostream &operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic);
459 
460 #endif /* SQUID_CLIENTSIDE_H */
461 
virtual bool doneAll() const
whether positive goal has been reached
Definition: client_side.h:212
void clientPostHttpsAccept(ConnStateData *)
CachePeer * peer
Definition: client_side.h:142
Ssl::ServerBump * serverBump()
Definition: client_side.h:253
NotePairs::Pointer theNotes
Definition: client_side.h:423
#define assert(EX)
Definition: assert.h:17
bool isOpen(const int fd)
Definition: comm.cc:86
const char * stoppedReceiving() const
true if we stopped receiving the request
Definition: client_side.h:150
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:56
AsyncCall::Pointer readHandler
detects serverConnection closure
Definition: client_side.h:143
Definition: Server.h:28
HttpRequest::Pointer request
to-server request that initiated serverConnection
Definition: client_side.h:174
bool needProxyProtocolHeader_
whether PROXY protocol header is still expected
Definition: client_side.h:385
void resetSslCommonName(const char *name)
Definition: client_side.h:261
Definition: SBuf.h:86
CachePeer * pinnedPeer() const
Definition: client_side.h:196
SQUIDCEXTERN CSD clientReplyDetach
Definition: client_side.h:449
bool reading
we are monitoring for peer connection closure
Definition: client_side.h:140
Ssl::ServerBump * sslServerBump
HTTPS server cert. fetching state for bump-ssl-server-first.
Definition: client_side.h:412
#define SQUIDCEXTERN
Definition: squid.h:26
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
void error(char *format,...)
SBuf sslBumpCertKey
Key to use to store/retrieve generated certificate.
Definition: client_side.h:409
SBuf preservedClientData
Definition: client_side.h:312
String sslConnectHostOrIp
The SSL server host name appears in CONNECT request or the server ip address for the intercepted requ...
Definition: client_side.h:403
bool pinnedAuth() const
Definition: client_side.h:197
int varyEvaluateMatch(StoreEntry *entry, HttpRequest *req)
int conn
the current server connection FD
Definition: Transport.cc:26
Ssl::CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: client_side.h:413
Ip::Address log_addr
Definition: client_side.h:128
Comm::ConnectionPointer serverConnection
Definition: client_side.h:135
static Comm::ConnectionPointer borrowPinnedConnection(HttpRequest *request)
Definition: tunnel.cc:1015
bool readMore
needs comm_read (for this request or new requests)
Definition: client_side.h:131
void clientStartListeningOn(AnyP::PortCfgPointer &port, const RefCount< CommCbFunPtrCallT< CommAcceptCbPtrFun > > &subCall, const Ipc::FdNoteId noteId)
accept requests to a given port and inform subCall about them
PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req)
Definition: client_side.h:171
FdNoteId
We cannot send char* FD notes to other processes. Pass int IDs and convert.
Definition: FdNotes.h:20
const char * findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end=NULL)
const ProxyProtocol::HeaderPointer & proxyProtocolHeader() const
Definition: client_side.h:323
parameters for the async notePinnedConnectionBecameIdle() call
Definition: client_side.h:168
const char * stoppedSending() const
true if we stopped sending the response
Definition: client_side.h:152
const char * stoppedReceiving_
the reason why we no longer read the request or nil
Definition: client_side.h:419
void const char HLPCB void * data
Definition: stub_helper.cc:16
void clientConnectionsClose(void)
Http1::TeChunkedParser * bodyParser
parses HTTP/1.1 chunked request body
Definition: client_side.h:100
void clientOpenListenSockets(void)
enum Http::_method_t MethodType
void CSCB(clientStreamNode *, ClientHttpRequest *, HttpReply *, StoreIOBuffer)
client stream read callback
CertSignAlgorithm
Definition: gadgets.h:150
SQUIDCEXTERN CSR clientGetMoreData
Definition: client_side.h:447
AsyncCall::Pointer closeHandler
Definition: client_side.h:144
bundles HTTP 1xx reply and the "successfully forwarded" callback
Http::Stream * parseHttpRequest(ConnStateData *, const Http1::RequestParserPointer &)
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *)
append a "part" HTTP header (as in a multi-part/range reply) to the buffer
Definition: client_side.cc:700
bool zeroReply
server closed w/o response (ERR_ZERO_SIZE_OBJECT)
Definition: client_side.h:141
static int port
Definition: ldap_backend.cc:69
sends a single control message, notifying the Sink
bool switchedToHttps() const
Definition: client_side.h:252
Security::HandshakeParser tlsParser
Definition: client_side.h:276
unsigned short tlsConnectPort
The TLS server port number as passed in the CONNECT request.
Definition: client_side.h:404
A RegisteredRunner with lifetime determined by forces outside the Registry.
void clientProcessRequest(ConnStateData *, const Http1::RequestParserPointer &, Http::Stream *)
void setServerBump(Ssl::ServerBump *srvBump)
Definition: client_side.h:254
virtual void notePeerConnection(Comm::ConnectionPointer)
called just before a FwdState-dispatched job starts using connection
Definition: client_side.h:200
SBuf sslCommonName_
CN name for SSL certificate generation.
Definition: client_side.h:405
Definition: Xaction.cc:47
const char * stoppedSending_
the reason why we no longer write the response or nil
Definition: client_side.h:417
std::ostream & operator<<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic)
virtual bool doneAll() const
whether positive goal has been reached
Definition: AsyncJob.cc:96
SQUIDCEXTERN CSS clientReplyStatus
Definition: client_side.h:448
CSCB clientSocketRecipient
Definition: client_side.h:450
Http1::RequestParserPointer parser_
the parser state for current HTTP/1.x input buffer processing
Definition: client_side.h:396
bool hasNotes() const
Definition: client_side.h:321
ProxyProtocol::HeaderPointer proxyProtocolHeader_
the parsed PROXY protocol header
Definition: client_side.h:388
size_t HttpReply *STUB StoreEntry const KeyScope scope const HttpRequestMethod & method
Definition: stub_store.cc:112
void clientPackTermBound(String boundary, MemBuf *)
put terminating boundary for multiparts to the buffer
Definition: client_side.cc:693
Definition: MemBuf.h:23
BodyPipe::Pointer bodyPipe
set when we are reading request body
Definition: client_side.h:358
clientStream_status_t CSS(clientStreamNode *, ClientHttpRequest *)
CSD clientSocketDetach
Definition: client_side.h:451
Ssl::BumpMode sslBumpMode
ssl_bump decision (Ssl::bumpEnd if n/a).
Definition: client_side.h:272
Comm::ConnectionPointer connection
to-server connection to be pinned
Definition: client_side.h:173
BumpMode
Definition: support.h:135
RefCount< MasterXaction > MasterXactionPointer
Definition: client_side.h:40
SBuf tlsClientSni_
TLS client delivered SNI value. Empty string if none has been received.
Definition: client_side.h:408
bool parsingTlsHandshake
whether we are getting/parsing TLS Hello bytes
Definition: client_side.h:400
void CSD(clientStreamNode *, ClientHttpRequest *)
client stream detach
void CSR(clientStreamNode *, ClientHttpRequest *)
client stream read
const Auth::UserRequest::Pointer & getAuth() const
Definition: client_side.h:115
#define NULL
Definition: types.h:166
const SBuf & tlsClientSni() const
Definition: client_side.h:262
void httpRequestFree(void *)
Definition: client_side.cc:487
int size
Definition: ModDevPoll.cc:77
const SBuf & sslCommonName() const
Definition: client_side.h:260
bool switchedToHttps_
Definition: client_side.h:399
err_type
Definition: err_type.h:12
void clientSetKeepaliveFlag(ClientHttpRequest *http)
decide whether to expect multiple requests on the corresponding connection
Definition: client_side.cc:640

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors