icp_v2.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 12 Internet Cache Protocol (ICP) */
10 
16 #include "squid.h"
17 #include "AccessLogEntry.h"
18 #include "acl/Acl.h"
19 #include "acl/FilledChecklist.h"
20 #include "client_db.h"
21 #include "comm.h"
22 #include "comm/Connection.h"
23 #include "comm/Loops.h"
24 #include "comm/UdpOpenDialer.h"
25 #include "fd.h"
26 #include "HttpRequest.h"
27 #include "icmp/net_db.h"
28 #include "ICP.h"
29 #include "ip/Address.h"
30 #include "ip/tools.h"
31 #include "ipcache.h"
32 #include "md5.h"
33 #include "multicast.h"
34 #include "neighbors.h"
35 #include "refresh.h"
36 #include "rfc1738.h"
37 #include "SquidConfig.h"
38 #include "SquidTime.h"
39 #include "StatCounters.h"
40 #include "Store.h"
41 #include "store_key_md5.h"
42 #include "tools.h"
43 #include "wordlist.h"
44 
45 // for tvSubUsec() which should be in SquidTime.h
46 #include "util.h"
47 
48 #include <cerrno>
49 
51 class DelayedUdpSend {
52 public:
53  Ip::Address address;
54  icp_common_t *msg = nullptr;
55  DelayedUdpSend *next = nullptr;
56  AccessLogEntryPointer ale;
57  struct timeval queue_time = {};
58 };
59 
60 static void icpIncomingConnectionOpened(const Comm::ConnectionPointer &conn, int errNo);
61 
63 static void icpLogIcp(const Ip::Address &, const LogTags_ot, int, const char *, const int, AccessLogEntryPointer &);
64 
66 static void icpHandleIcpV2(int, Ip::Address &, char *, int);
67 
69 static void icpCount(void *, int, size_t, int);
70 
71 static LogTags_ot icpLogFromICPCode(icp_opcode);
72 
73 static int icpUdpSend(int fd, const Ip::Address &to, icp_common_t * msg, int delay, AccessLogEntryPointer al);
74 
75 static void
76 icpSyncAle(AccessLogEntryPointer &al, const Ip::Address &caddr, const char *url, int len, int delay)
77 {
78  if (!al)
79  al = new AccessLogEntry();
80  al->icp.opcode = ICP_QUERY;
81  al->cache.caddr = caddr;
82  al->url = url;
83  al->setVirginUrlForMissingRequest(al->url);
84  // XXX: move to use icp.clientReply instead
85  al->http.clientReplySz.payloadData = len;
86  al->cache.start_time = current_time;
87  al->cache.start_time.tv_sec -= delay;
88  al->cache.trTime.tv_sec = delay;
89  al->cache.trTime.tv_usec = 0;
90 }
91 
97 static DelayedUdpSend *IcpQueueHead = NULL;
99 static DelayedUdpSend *IcpQueueTail = NULL;
100 
102 Comm::ConnectionPointer icpIncomingConn = NULL;
104 Comm::ConnectionPointer icpOutgoingConn = NULL;
105 
106 /* icp_common_t */
107 icp_common_t::icp_common_t() :
108  opcode(ICP_INVALID), version(0), length(0), reqnum(0),
109  flags(0), pad(0), shostid(0)
110 {}
111 
112 icp_common_t::icp_common_t(char *buf, unsigned int len) :
113  opcode(ICP_INVALID), version(0), reqnum(0), flags(0), pad(0), shostid(0)
114 {
115  if (len < sizeof(icp_common_t)) {
116  /* mark as invalid */
117  length = len + 1;
118  return;
119  }
120 
121  memcpy(this, buf, sizeof(icp_common_t));
122  /*
123  * Convert network order sensitive fields
124  */
125  length = ntohs(length);
126  reqnum = ntohl(reqnum);
127  flags = ntohl(flags);
128  pad = ntohl(pad);
129 }
130 
131 icp_opcode
132 icp_common_t::getOpCode() const
133 {
134  if (opcode > static_cast<char>(icp_opcode::ICP_END))
135  return ICP_INVALID;
136 
137  return static_cast<icp_opcode>(opcode);
138 }
139 
140 /* ICPState */
141 
142 ICPState::ICPState(icp_common_t &aHeader, HttpRequest *aRequest):
143  header(aHeader),
144  request(aRequest),
145  fd(-1),
146  url(NULL)
147 {
148  HTTPMSGLOCK(request);
149 }
150 
151 ICPState::~ICPState()
152 {
153  safe_free(url);
154  HTTPMSGUNLOCK(request);
155 }
156 
157 bool
158 ICPState::isHit() const
159 {
160  const auto e = storeGetPublic(url, Http::METHOD_GET);
161 
162  const auto hit = e && confirmAndPrepHit(*e);
163 
164  if (e)
165  e->abandon(__FUNCTION__);
166 
167  return hit;
168 }
169 
170 bool
171 ICPState::confirmAndPrepHit(const StoreEntry &e) const
172 {
173  if (!e.validToSend())
174  return false;
175 
176  if (!Config.onoff.icp_hit_stale && refreshCheckICP(&e, request))
177  return false;
178 
179  if (e.hittingRequiresCollapsing() && !startCollapsingOn(e, false))
180  return false;
181 
182  return true;
183 }
184 
185 LogTags *
186 ICPState::loggingTags() const
187 {
188  // calling icpSyncAle(LOG_TAG_NONE) here would not change cache.code
189  if (!al)
190  al = new AccessLogEntry();
191  return &al->cache.code;
192 }
193 
194 void
195 ICPState::fillChecklist(ACLFilledChecklist &checklist) const
196 {
197  checklist.setRequest(request);
198  icpSyncAle(al, from, url, 0, 0);
199  checklist.al = al;
200 }
201 
202 /* End ICPState */
203 
204 /* ICP2State */
205 
207 class ICP2State: public ICPState
208 {
209 
210 public:
211  ICP2State(icp_common_t & aHeader, HttpRequest *aRequest):
212  ICPState(aHeader, aRequest),rtt(0),src_rtt(0),flags(0) {}
213 
214  ~ICP2State();
215 
216  int rtt;
217  int src_rtt;
218  uint32_t flags;
219 };
220 
221 ICP2State::~ICP2State()
222 {}
223 
224 /* End ICP2State */
225 
227 static void
228 icpLogIcp(const Ip::Address &caddr, const LogTags_ot logcode, const int len, const char *url, int delay, AccessLogEntry::Pointer &al)
229 {
230  assert(logcode != LOG_TAG_NONE);
231 
232  // Optimization: No premature (ALE creation in) icpSyncAle().
233  if (al) {
234  icpSyncAle(al, caddr, url, len, delay);
235  al->cache.code.update(logcode);
236  }
237 
238  if (logcode == LOG_ICP_QUERY)
239  return; // we never log queries
240 
241  if (!Config.onoff.log_udp) {
242  clientdbUpdate(caddr, al ? al->cache.code : LogTags(logcode), AnyP::PROTO_ICP, len);
243  return;
244  }
245 
246  if (!al) {
247  // The above attempt to optimize ALE creation has failed. We do need it.
248  icpSyncAle(al, caddr, url, len, delay);
249  al->cache.code.update(logcode);
250  }
251  clientdbUpdate(caddr, al->cache.code, AnyP::PROTO_ICP, len);
252  accessLogLog(al, NULL);
253 }
254 
256 static void
257 icpUdpSendQueue(int fd, void *)
258 {
259  DelayedUdpSend *q;
260 
261  while ((q = IcpQueueHead) != NULL) {
262  int delay = tvSubUsec(q->queue_time, current_time);
263  /* increment delay to prevent looping */
264  const int x = icpUdpSend(fd, q->address, q->msg, ++delay, q->ale);
265  IcpQueueHead = q->next;
266  delete q;
267 
268  if (x < 0)
269  break;
270  }
271 }
272 
273 icp_common_t *
274 icp_common_t::CreateMessage(
275  icp_opcode opcode,
276  int flags,
277  const char *url,
278  int reqnum,
279  int pad)
280 {
281  char *buf = NULL;
282  icp_common_t *headerp = NULL;
283  char *urloffset = NULL;
284  int buf_len;
285  buf_len = sizeof(icp_common_t) + strlen(url) + 1;
286 
287  if (opcode == ICP_QUERY)
288  buf_len += sizeof(uint32_t);
289 
290  buf = (char *) xcalloc(buf_len, 1);
291 
292  headerp = (icp_common_t *) (void *) buf;
293 
294  headerp->opcode = (char) opcode;
295 
296  headerp->version = ICP_VERSION_CURRENT;
297 
298  headerp->length = (uint16_t) htons(buf_len);
299 
300  headerp->reqnum = htonl(reqnum);
301 
302  headerp->flags = htonl(flags);
303 
304  headerp->pad = htonl(pad);
305 
306  headerp->shostid = 0;
307 
308  urloffset = buf + sizeof(icp_common_t);
309 
310  if (opcode == ICP_QUERY)
311  urloffset += sizeof(uint32_t);
312 
313  memcpy(urloffset, url, strlen(url));
314 
315  return (icp_common_t *)buf;
316 }
317 
318 // TODO: Move retries to icpCreateAndSend(); the other caller does not retry.
321 static int
322 icpUdpSend(int fd,
323  const Ip::Address &to,
324  icp_common_t * msg,
325  int delay,
326  AccessLogEntryPointer al)
327 {
328  int x;
329  int len;
330  len = (int) ntohs(msg->length);
331  debugs(12, 5, "icpUdpSend: FD " << fd << " sending " <<
332  icp_opcode_str[msg->opcode] << ", " << len << " bytes to " << to);
333 
334  x = comm_udp_sendto(fd, to, msg, len);
335 
336  if (x >= 0) {
337  /* successfully written */
338  const auto logcode = icpLogFromICPCode(static_cast<icp_opcode>(msg->opcode));
339  icpLogIcp(to, logcode, len, (char *) (msg + 1), delay, al);
340  icpCount(msg, SENT, (size_t) len, delay);
341  safe_free(msg);
342  } else if (0 == delay) {
343  /* send failed, but queue it */
344  const auto queue = new DelayedUdpSend();
345  queue->address = to;
346  queue->msg = msg;
347  queue->queue_time = current_time;
348  queue->ale = al;
349 
350  if (IcpQueueHead == NULL) {
351  IcpQueueHead = queue;
352  IcpQueueTail = queue;
353  } else if (IcpQueueTail == IcpQueueHead) {
354  IcpQueueTail = queue;
355  IcpQueueHead->next = queue;
356  } else {
357  IcpQueueTail->next = queue;
358  IcpQueueTail = queue;
359  }
360 
361  Comm::SetSelect(fd, COMM_SELECT_WRITE, icpUdpSendQueue, NULL, 0);
362  ++statCounter.icp.replies_queued;
363  } else {
364  /* don't queue it */
365  // XXX: safe_free(msg)
366  ++statCounter.icp.replies_dropped;
367  }
368 
369  return x;
370 }
371 
378 icp_opcode
379 icpGetCommonOpcode()
380 {
381  /* if store is rebuilding, return a UDP_MISS_NOFETCH */
382 
383  if ((StoreController::store_dirs_rebuilding && opt_reload_hit_only) ||
384  hit_only_mode_until > squid_curtime) {
385  return ICP_MISS_NOFETCH;
386  }
387 
388  return ICP_ERR;
389 }
390 
391 static LogTags_ot
392 icpLogFromICPCode(icp_opcode opcode)
393 {
394  if (opcode == ICP_ERR)
395  return LOG_UDP_INVALID;
396 
397  if (opcode == ICP_DENIED)
398  return LOG_UDP_DENIED;
399 
400  if (opcode == ICP_HIT)
401  return LOG_UDP_HIT;
402 
403  if (opcode == ICP_MISS)
404  return LOG_UDP_MISS;
405 
406  if (opcode == ICP_MISS_NOFETCH)
407  return LOG_UDP_MISS_NOFETCH;
408 
409  if (opcode == ICP_DECHO)
410  return LOG_ICP_QUERY;
411 
412  if (opcode == ICP_QUERY)
413  return LOG_ICP_QUERY;
414 
415  fatal("expected ICP opcode\n");
416 
417  return LOG_UDP_INVALID;
418 }
419 
420 void
421 icpCreateAndSend(icp_opcode opcode, int flags, char const *url, int reqnum, int pad, int fd, const Ip::Address &from, AccessLogEntry::Pointer al)
422 {
423  // update potentially shared ALE ASAP; the ICP query itself may be delayed
424  if (al)
425  al->cache.code.update(icpLogFromICPCode(opcode));
426  icp_common_t *reply = icp_common_t::CreateMessage(opcode, flags, url, reqnum, pad);
427  icpUdpSend(fd, from, reply, 0, al);
428 }
429 
430 void
431 icpDenyAccess(Ip::Address &from, char *url, int reqnum, int fd)
432 {
433  debugs(12, 2, "icpDenyAccess: Access Denied for " << from << " by " << AclMatchedName << ".");
434 
435  if (clientdbCutoffDenied(from)) {
436  /*
437  * count this DENIED query in the clientdb, even though
438  * we're not sending an ICP reply...
439  */
440  clientdbUpdate(from, LogTags(LOG_UDP_DENIED), AnyP::PROTO_ICP, 0);
441  } else {
442  icpCreateAndSend(ICP_DENIED, 0, url, reqnum, 0, fd, from, nullptr);
443  }
444 }
445 
446 bool
447 icpAccessAllowed(Ip::Address &from, HttpRequest * icp_request)
448 {
449  /* absent any explicit rules, we deny all */
450  if (!Config.accessList.icp)
451  return false;
452 
453  ACLFilledChecklist checklist(Config.accessList.icp, icp_request, NULL);
454  checklist.src_addr = from;
455  checklist.my_addr.setNoAddr();
456  return checklist.fastCheck().allowed();
457 }
458 
459 HttpRequest *
460 icpGetRequest(char *url, int reqnum, int fd, Ip::Address &from)
461 {
462  if (strpbrk(url, w_space)) {
463  url = rfc1738_escape(url);
464  icpCreateAndSend(ICP_ERR, 0, rfc1738_escape(url), reqnum, 0, fd, from, nullptr);
465  return NULL;
466  }
467 
468  const MasterXaction::Pointer mx = new MasterXaction(XactionInitiator::initIcp);
469  auto *result = HttpRequest::FromUrlXXX(url, mx);
470  if (!result)
471  icpCreateAndSend(ICP_ERR, 0, url, reqnum, 0, fd, from, nullptr);
472 
473  return result;
474 
475 }
476 
477 static void
478 doV2Query(int fd, Ip::Address &from, char *buf, icp_common_t header)
479 {
480  int rtt = 0;
481  int src_rtt = 0;
482  uint32_t flags = 0;
483  /* We have a valid packet */
484  char *url = buf + sizeof(icp_common_t) + sizeof(uint32_t);
485  HttpRequest *icp_request = icpGetRequest(url, header.reqnum, fd, from);
486 
487  if (!icp_request)
488  return;
489 
490  HTTPMSGLOCK(icp_request);
491 
492  if (!icpAccessAllowed(from, icp_request)) {
493  icpDenyAccess(from, url, header.reqnum, fd);
494  HTTPMSGUNLOCK(icp_request);
495  return;
496  }
497 #if USE_ICMP
498  if (header.flags & ICP_FLAG_SRC_RTT) {
499  rtt = netdbHostRtt(icp_request->url.host());
500  int hops = netdbHostHops(icp_request->url.host());
501  src_rtt = ((hops & 0xFFFF) << 16) | (rtt & 0xFFFF);
502 
503  if (rtt)
504  flags |= ICP_FLAG_SRC_RTT;
505  }
506 #endif /* USE_ICMP */
507 
508  /* The peer is allowed to use this cache */
509  ICP2State state(header, icp_request);
510  state.fd = fd;
511  state.from = from;
512  state.url = xstrdup(url);
513  state.flags = flags;
514  state.rtt = rtt;
515  state.src_rtt = src_rtt;
516 
517  icp_opcode codeToSend;
518 
519  if (state.isHit()) {
520  codeToSend = ICP_HIT;
521  } else {
522 #if USE_ICMP
523  if (Config.onoff.test_reachability && state.rtt == 0) {
524  if ((state.rtt = netdbHostRtt(state.request->url.host())) == 0)
525  netdbPingSite(state.request->url.host());
526  }
527 #endif /* USE_ICMP */
528 
529  if (icpGetCommonOpcode() != ICP_ERR)
530  codeToSend = icpGetCommonOpcode();
531  else if (Config.onoff.test_reachability && rtt == 0)
532  codeToSend = ICP_MISS_NOFETCH;
533  else
534  codeToSend = ICP_MISS;
535  }
536 
537  icpCreateAndSend(codeToSend, flags, url, header.reqnum, src_rtt, fd, from, state.al);
538 
539  HTTPMSGUNLOCK(icp_request);
540 }
541 
542 void
543 icp_common_t::handleReply(char *buf, Ip::Address &from)
544 {
545  if (neighbors_do_private_keys && reqnum == 0) {
546  debugs(12, DBG_CRITICAL, "icpHandleIcpV2: Neighbor " << from << " returned reqnum = 0");
547  debugs(12, DBG_CRITICAL, "icpHandleIcpV2: Disabling use of private keys");
548  neighbors_do_private_keys = 0;
549  }
550 
551  char *url = buf + sizeof(icp_common_t);
552  debugs(12, 3, "icpHandleIcpV2: " << icp_opcode_str[opcode] << " from " << from << " for '" << url << "'");
553 
554  const cache_key *key = icpGetCacheKey(url, (int) reqnum);
555  /* call neighborsUdpAck even if ping_status != PING_WAITING */
556  neighborsUdpAck(key, this, from);
557 }
558 
559 static void
560 icpHandleIcpV2(int fd, Ip::Address &from, char *buf, int len)
561 {
562  if (len <= 0) {
563  debugs(12, 3, "icpHandleIcpV2: ICP message is too small");
564  return;
565  }
566 
567  icp_common_t header(buf, len);
568  /*
569  * Length field should match the number of bytes read
570  */
571 
572  if (len != header.length) {
573  debugs(12, 3, "icpHandleIcpV2: ICP message is too small");
574  return;
575  }
576 
577  debugs(12, 5, "OPCODE " << icp_opcode_str[header.getOpCode()] << '=' << uint8_t(header.opcode));
578 
579  switch (header.opcode) {
580 
581  case ICP_QUERY:
582  /* We have a valid packet */
583  doV2Query(fd, from, buf, header);
584  break;
585 
586  case ICP_HIT:
587 
588  case ICP_DECHO:
589 
590  case ICP_MISS:
591 
592  case ICP_DENIED:
593 
594  case ICP_MISS_NOFETCH:
595  header.handleReply(buf, from);
596  break;
597 
598  case ICP_INVALID:
599 
600  case ICP_ERR:
601  break;
602 
603  default:
604  debugs(12, DBG_CRITICAL, "icpHandleIcpV2: UNKNOWN OPCODE: " << header.opcode << " from " << from);
605 
606  break;
607  }
608 }
609 
610 #ifdef ICP_PKT_DUMP
611 static void
612 icpPktDump(icp_common_t * pkt)
613 {
614  Ip::Address a;
615 
616  debugs(12, 9, "opcode: " << std::setw(3) << pkt->opcode << " " << icp_opcode_str[pkt->opcode]);
617  debugs(12, 9, "version: "<< std::left << std::setw(8) << pkt->version);
618  debugs(12, 9, "length: "<< std::left << std::setw(8) << ntohs(pkt->length));
619  debugs(12, 9, "reqnum: "<< std::left << std::setw(8) << ntohl(pkt->reqnum));
620  debugs(12, 9, "flags: "<< std::left << std::hex << std::setw(8) << ntohl(pkt->flags));
621  a = (struct in_addr)pkt->shostid;
622  debugs(12, 9, "shostid: " << a );
623  debugs(12, 9, "payload: " << (char *) pkt + sizeof(icp_common_t));
624 }
625 
626 #endif
627 
628 void
629 icpHandleUdp(int sock, void *)
630 {
631  int *N = &incoming_sockets_accepted;
632 
633  Ip::Address from;
634  LOCAL_ARRAY(char, buf, SQUID_UDP_SO_RCVBUF);
635  int len;
636  int icp_version;
637  int max = INCOMING_UDP_MAX;
638  Comm::SetSelect(sock, COMM_SELECT_READ, icpHandleUdp, NULL, 0);
639 
640  while (max) {
641  --max;
642  len = comm_udp_recvfrom(sock,
643  buf,
644  SQUID_UDP_SO_RCVBUF - 1,
645  0,
646  from);
647 
648  if (len == 0)
649  break;
650 
651  if (len < 0) {
652  int xerrno = errno;
653  if (ignoreErrno(xerrno))
654  break;
655 
656 #if _SQUID_LINUX_
657  /* Some Linux systems seem to set the FD for reading and then
658  * return ECONNREFUSED when sendto() fails and generates an ICMP
659  * port unreachable message. */
660  /* or maybe an EHOSTUNREACH "No route to host" message */
661  if (xerrno != ECONNREFUSED && xerrno != EHOSTUNREACH)
662 #endif
663  debugs(50, DBG_IMPORTANT, "icpHandleUdp: FD " << sock << " recvfrom: " << xstrerr(xerrno));
664 
665  break;
666  }
667 
668  ++(*N);
669  icpCount(buf, RECV, (size_t) len, 0);
670  buf[len] = '\0';
671  debugs(12, 4, "icpHandleUdp: FD " << sock << ": received " <<
672  (unsigned long int)len << " bytes from " << from);
673 
674 #ifdef ICP_PACKET_DUMP
675 
676  icpPktDump(buf);
677 #endif
678 
679  if ((size_t) len < sizeof(icp_common_t)) {
680  debugs(12, 4, "icpHandleUdp: Ignoring too-small UDP packet");
681  break;
682  }
683 
684  icp_version = (int) buf[1]; /* cheat! */
685 
686  if (icpOutgoingConn->local == from)
687  // ignore ICP packets which loop back (multicast usually)
688  debugs(12, 4, "icpHandleUdp: Ignoring UDP packet sent by myself");
689  else if (icp_version == ICP_VERSION_2)
690  icpHandleIcpV2(sock, from, buf, len);
691  else if (icp_version == ICP_VERSION_3)
692  icpHandleIcpV3(sock, from, buf, len);
693  else
694  debugs(12, DBG_IMPORTANT, "WARNING: Unused ICP version " << icp_version <<
695  " received from " << from);
696  }
697 }
698 
699 void
700 icpOpenPorts(void)
701 {
702  uint16_t port;
703 
704  if ((port = Config.Port.icp) <= 0)
705  return;
706 
707  icpIncomingConn = new Comm::Connection;
708  icpIncomingConn->local = Config.Addrs.udp_incoming;
709  icpIncomingConn->local.port(port);
710 
711  if (!Ip::EnableIpv6 && !icpIncomingConn->local.setIPv4()) {
712  debugs(12, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << icpIncomingConn->local << " is not an IPv4 address.");
713  fatal("ICP port cannot be opened.");
714  }
715  /* split-stack for now requires default IPv4-only ICP */
716  if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && icpIncomingConn->local.isAnyAddr()) {
717  icpIncomingConn->local.setIPv4();
718  }
719 
720  AsyncCall::Pointer call = asyncCall(12, 2,
721  "icpIncomingConnectionOpened",
722  Comm::UdpOpenDialer(&icpIncomingConnectionOpened));
723 
724  Ipc::StartListening(SOCK_DGRAM,
725  IPPROTO_UDP,
726  icpIncomingConn,
727  Ipc::fdnInIcpSocket, call);
728 
729  if ( !Config.Addrs.udp_outgoing.isNoAddr() ) {
730  icpOutgoingConn = new Comm::Connection;
731  icpOutgoingConn->local = Config.Addrs.udp_outgoing;
732  icpOutgoingConn->local.port(port);
733 
734  if (!Ip::EnableIpv6 && !icpOutgoingConn->local.setIPv4()) {
735  debugs(49, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << icpOutgoingConn->local << " is not an IPv4 address.");
736  fatal("ICP port cannot be opened.");
737  }
738  /* split-stack for now requires default IPv4-only ICP */
739  if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && icpOutgoingConn->local.isAnyAddr()) {
740  icpOutgoingConn->local.setIPv4();
741  }
742 
743  enter_suid();
744  comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, icpOutgoingConn, "Outgoing ICP Port");
745  leave_suid();
746 
747  if (!Comm::IsConnOpen(icpOutgoingConn))
748  fatal("Cannot open Outgoing ICP Port");
749 
750  debugs(12, DBG_CRITICAL, "Sending ICP messages from " << icpOutgoingConn->local);
751 
752  Comm::SetSelect(icpOutgoingConn->fd, COMM_SELECT_READ, icpHandleUdp, NULL, 0);
753  fd_note(icpOutgoingConn->fd, "Outgoing ICP socket");
754  }
755 }
756 
757 static void
758 icpIncomingConnectionOpened(const Comm::ConnectionPointer &conn, int)
759 {
760  if (!Comm::IsConnOpen(conn))
761  fatal("Cannot open ICP Port");
762 
763  Comm::SetSelect(conn->fd, COMM_SELECT_READ, icpHandleUdp, NULL, 0);
764 
765  for (const wordlist *s = Config.mcast_group_list; s; s = s->next)
766  ipcache_nbgethostbyname(s->key, mcastJoinGroups, NULL); // XXX: pass the conn for mcastJoinGroups usage.
767 
768  debugs(12, DBG_IMPORTANT, "Accepting ICP messages on " << conn->local);
769 
770  fd_note(conn->fd, "Incoming ICP port");
771 
772  if (Config.Addrs.udp_outgoing.isNoAddr()) {
773  icpOutgoingConn = conn;
774  debugs(12, DBG_IMPORTANT, "Sending ICP messages from " << icpOutgoingConn->local);
775  }
776 }
777 
782 void
783 icpConnectionShutdown(void)
784 {
785  if (!Comm::IsConnOpen(icpIncomingConn))
786  return;
787 
788  debugs(12, DBG_IMPORTANT, "Stop receiving ICP on " << icpIncomingConn->local);
789 
794  icpIncomingConn = NULL;
795 
802  assert(Comm::IsConnOpen(icpOutgoingConn));
803 
804  Comm::SetSelect(icpOutgoingConn->fd, COMM_SELECT_READ, NULL, NULL, 0);
805 }
806 
807 void
808 icpClosePorts(void)
809 {
810  icpConnectionShutdown();
811 
812  if (icpOutgoingConn != NULL) {
813  debugs(12, DBG_IMPORTANT, "Stop sending ICP from " << icpOutgoingConn->local);
814  icpOutgoingConn = NULL;
815  }
816 }
817 
818 static void
819 icpCount(void *buf, int which, size_t len, int delay)
820 {
821  icp_common_t *icp = (icp_common_t *) buf;
822 
823  if (len < sizeof(*icp))
824  return;
825 
826  if (SENT == which) {
827  ++statCounter.icp.pkts_sent;
828  statCounter.icp.kbytes_sent += len;
829 
830  if (ICP_QUERY == icp->opcode) {
831  ++statCounter.icp.queries_sent;
832  statCounter.icp.q_kbytes_sent += len;
833  } else {
834  ++statCounter.icp.replies_sent;
835  statCounter.icp.r_kbytes_sent += len;
836  /* this is the sent-reply service time */
837  statCounter.icp.replySvcTime.count(delay);
838  }
839 
840  if (ICP_HIT == icp->opcode)
841  ++statCounter.icp.hits_sent;
842  } else if (RECV == which) {
843  ++statCounter.icp.pkts_recv;
844  statCounter.icp.kbytes_recv += len;
845 
846  if (ICP_QUERY == icp->opcode) {
847  ++statCounter.icp.queries_recv;
848  statCounter.icp.q_kbytes_recv += len;
849  } else {
850  ++statCounter.icp.replies_recv;
851  statCounter.icp.r_kbytes_recv += len;
852  /* statCounter.icp.querySvcTime set in clientUpdateCounters */
853  }
854 
855  if (ICP_HIT == icp->opcode)
856  ++statCounter.icp.hits_recv;
857  }
858 }
859 
860 #define N_QUERIED_KEYS 8192
861 #define N_QUERIED_KEYS_MASK 8191
862 static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH];
863 
864 int
865 icpSetCacheKey(const cache_key * key)
866 {
867  static int reqnum = 0;
868 
869  if (++reqnum < 0)
870  reqnum = 1;
871 
872  storeKeyCopy(queried_keys[reqnum & N_QUERIED_KEYS_MASK], key);
873 
874  return reqnum;
875 }
876 
877 const cache_key *
878 icpGetCacheKey(const char *url, int reqnum)
879 {
880  if (neighbors_do_private_keys && reqnum)
881  return queried_keys[reqnum & N_QUERIED_KEYS_MASK];
882 
883  return storeKeyPublic(url, Http::METHOD_GET);
884 }
885 
ICPState::al
AccessLogEntryPointer al
Definition: ICP.h:77
fatal
void fatal(const char *message)
Definition: fatal.cc:28
xstrerr
const char * xstrerr(int error)
Definition: xstrerror.cc:83
icpHandleIcpV3
void icpHandleIcpV3(int, Ip::Address &, char *, int)
Definition: icp_v3.cc:71
icpAccessAllowed
bool icpAccessAllowed(Ip::Address &from, HttpRequest *icp_request)
Definition: icp_v2.cc:447
ICPState::url
char * url
Definition: ICP.h:76
icp_common_t::reqnum
uint32_t reqnum
Definition: ICP.h:44
DelayedUdpSend::ale
AccessLogEntryPointer ale
sender's master transaction summary
Definition: icp_v2.cc:56
xcalloc
void * xcalloc(size_t n, size_t sz)
Definition: xalloc.cc:72
DelayedUdpSend::msg
icp_common_t * msg
ICP message with network byte order fields.
Definition: icp_v2.cc:54
incoming_sockets_accepted
int incoming_sockets_accepted
ICP_ERR
@ ICP_ERR
Definition: icp_opcode.h:19
StatCounters::replies_dropped
int replies_dropped
Definition: StatCounters.h:75
HttpRequest::url
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
SquidConfig::udp_incoming
Ip::Address udp_incoming
Definition: SquidConfig.h:240
ACLFilledChecklist::src_addr
Ip::Address src_addr
Definition: FilledChecklist.h:73
LOCAL_ARRAY
#define LOCAL_ARRAY(type, name, size)
Definition: squid.h:75
StatCounters::r_kbytes_recv
ByteCounter r_kbytes_recv
Definition: StatCounters.h:81
cache_key
unsigned char cache_key
Store key.
Definition: forward.h:29
fd_note
void fd_note(int fd, const char *s)
Definition: fd.cc:247
ICPState::loggingTags
virtual LogTags * loggingTags() const override
Definition: icp_v2.cc:186
icpDenyAccess
void icpDenyAccess(Ip::Address &from, char *url, int reqnum, int fd)
Definition: icp_v2.cc:431
storeKeyPublic
const cache_key * storeKeyPublic(const char *url, const HttpRequestMethod &method, const KeyScope keyScope)
Definition: store_key_md5.cc:97
ICPState::fd
int fd
Definition: ICP.h:73
mcastJoinGroups
IPH mcastJoinGroups
SquidConfig::icp
unsigned short icp
Definition: SquidConfig.h:139
icpUdpSendQueue
static void icpUdpSendQueue(int fd, void *)
Definition: icp_v2.cc:257
ICPState::ICPState
ICPState(icp_common_t &aHeader, HttpRequest *aRequest)
Definition: icp_v2.cc:142
client_db.h
comm_udp_sendto
int comm_udp_sendto(int fd, const Ip::Address &to_addr, const void *buf, int len)
Definition: comm.cc:901
refreshCheckICP
int refreshCheckICP(const StoreEntry *entry, HttpRequest *request)
Definition: refresh.cc:597
StatCounters::replySvcTime
StatHist replySvcTime
Definition: StatCounters.h:83
StatCounters::replies_queued
int replies_queued
Definition: StatCounters.h:74
icpOutgoingConn
Comm::ConnectionPointer icpOutgoingConn
Definition: icp_v2.cc:104
xstrdup
#define xstrdup
Definition: negotiate_wrapper.cc:51
ICP_DECHO
@ ICP_DECHO
Definition: icp_opcode.h:26
clientdbUpdate
void clientdbUpdate(const Ip::Address &addr, const LogTags &ltype, AnyP::ProtocolType p, size_t size)
Definition: client_db.cc:139
SquidConfig::test_reachability
int test_reachability
Definition: SquidConfig.h:295
DelayedUdpSend::queue_time
struct timeval queue_time
queuing timestamp
Definition: icp_v2.cc:57
icpHandleIcpV2
static void icpHandleIcpV2(int, Ip::Address &, char *, int)
Definition: icp_v2.cc:560
ACLFilledChecklist::al
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
Definition: FilledChecklist.h:98
ACLChecklist::fastCheck
Acl::Answer const & fastCheck()
Definition: Checklist.cc:336
Comm::IsConnOpen
bool IsConnOpen(const Comm::ConnectionPointer &conn)
Definition: Connection.cc:27
accessLogLog
void accessLogLog(const AccessLogEntryPointer &, ACLChecklist *)
Definition: access_log.cc:148
rfc1738_escape
#define rfc1738_escape(x)
Definition: rfc1738.h:52
icpCreateAndSend
void icpCreateAndSend(icp_opcode opcode, int flags, char const *url, int reqnum, int pad, int fd, const Ip::Address &from, AccessLogEntry::Pointer al)
Definition: icp_v2.cc:421
HTTPMSGUNLOCK
void HTTPMSGUNLOCK(M *&a)
Definition: Message.h:150
netdbHostRtt
int netdbHostRtt(const char *host)
Definition: net_db.cc:1056
DBG_CRITICAL
#define DBG_CRITICAL
Definition: Debug.h:40
hit_only_mode_until
time_t hit_only_mode_until
ICPState::request
HttpRequest * request
Definition: ICP.h:72
DBG_IMPORTANT
#define DBG_IMPORTANT
Definition: Debug.h:41
w_space
#define w_space
Definition: compat_shared.h:157
port
static int port
Definition: ldap_backend.cc:69
icpCount
static void icpCount(void *, int, size_t, int)
Definition: icp_v2.cc:819
max
A const & max(A const &lhs, A const &rhs)
Definition: compat_shared.h:142
clientdbCutoffDenied
int clientdbCutoffDenied(const Ip::Address &addr)
Definition: client_db.cc:210
StatCounters::kbytes_sent
ByteCounter kbytes_sent
Definition: StatCounters.h:76
Ipc::fdnInIcpSocket
@ fdnInIcpSocket
Definition: FdNotes.h:24
icp_common_t::length
unsigned short length
Definition: ICP.h:42
icpGetRequest
HttpRequest * icpGetRequest(char *url, int reqnum, int fd, Ip::Address &from)
Definition: icp_v2.cc:460
ICP_FLAG_SRC_RTT
#define ICP_FLAG_SRC_RTT
Definition: defines.h:41
StoreEntry::validToSend
int validToSend() const
Definition: store.cc:1379
comm_open_listener
void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note)
Definition: comm.cc:233
Comm::UdpOpenDialer
dials a UDP port-opened call
Definition: UdpOpenDialer.h:20
ICP_MISS_NOFETCH
@ ICP_MISS_NOFETCH
Definition: icp_opcode.h:36
AclMatchedName
const char * AclMatchedName
Definition: Acl.cc:30
leave_suid
void leave_suid(void)
Definition: tools.cc:506
SQUID_MD5_DIGEST_LENGTH
#define SQUID_MD5_DIGEST_LENGTH
Definition: md5.h:66
ICP_INVALID
@ ICP_INVALID
Definition: icp_opcode.h:15
INCOMING_UDP_MAX
#define INCOMING_UDP_MAX
Definition: Loops.h:50
icp_common_t::shostid
uint32_t shostid
Definition: ICP.h:48
icp_common_t::opcode
unsigned char opcode
Definition: ICP.h:38
DelayedUdpSend::next
DelayedUdpSend * next
invasive FIFO queue of delayed ICP messages
Definition: icp_v2.cc:55
SquidConfig::Addrs
struct SquidConfig::@106 Addrs
NULL
#define NULL
Definition: types.h:166
ICP2State::flags
uint32_t flags
Definition: icp_v2.cc:218
LOG_UDP_HIT
@ LOG_UDP_HIT
Definition: LogTags.h:57
ICPState::from
Ip::Address from
Definition: ICP.h:75
Ipc::StartListening
void StartListening(int sock_type, int proto, const Comm::ConnectionPointer &listenConn, FdNoteId fdNote, AsyncCall::Pointer &callback)
Definition: StartListening.cc:35
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
SQUID_UDP_SO_RCVBUF
#define SQUID_UDP_SO_RCVBUF
Definition: squid.h:55
Ip::Address::setNoAddr
void setNoAddr()
Definition: Address.cc:292
StatCounters::icp
struct StatCounters::@130 icp
ICP2State::ICP2State
ICP2State(icp_common_t &aHeader, HttpRequest *aRequest)
Definition: icp_v2.cc:211
net_db.h
RECV
@ RECV
Definition: enums.h:176
ICP2State::rtt
int rtt
Definition: icp_v2.cc:216
neighborsUdpAck
void neighborsUdpAck(const cache_key *key, icp_common_t *header, const Ip::Address &from)
Definition: neighbors.cc:1012
SquidConfig::Port
struct SquidConfig::@98 Port
LOG_TAG_NONE
@ LOG_TAG_NONE
Definition: LogTags.h:38
icpGetCommonOpcode
icp_opcode icpGetCommonOpcode()
Definition: icp_v2.cc:379
tvSubUsec
SQUIDCEXTERN int tvSubUsec(struct timeval, struct timeval)
Definition: util.c:39
ICPState::~ICPState
virtual ~ICPState()
Definition: icp_v2.cc:151
ipcache_nbgethostbyname
void ipcache_nbgethostbyname(const char *name, IPH *handler, void *handlerData)
Definition: ipcache.cc:600
ICPState::isHit
bool isHit() const
whether the cache contains the requested entry
Definition: icp_v2.cc:158
icpGetCacheKey
const cache_key * icpGetCacheKey(const char *url, int reqnum)
Definition: icp_v2.cc:878
SquidConfig::udp_outgoing
Ip::Address udp_outgoing
Definition: SquidConfig.h:241
IcpQueueTail
static DelayedUdpSend * IcpQueueTail
Definition: icp_v2.cc:99
icpHandleUdp
void icpHandleUdp(int sock, void *)
Definition: icp_v2.cc:629
icpLogFromICPCode
static LogTags_ot icpLogFromICPCode(icp_opcode)
Definition: icp_v2.cc:392
ICP2State::~ICP2State
~ICP2State()
Definition: icp_v2.cc:221
safe_free
#define safe_free(x)
Definition: xalloc.h:73
icpConnectionShutdown
void icpConnectionShutdown(void)
Definition: icp_v2.cc:783
doV2Query
static void doV2Query(int fd, Ip::Address &from, char *buf, icp_common_t header)
Definition: icp_v2.cc:478
SquidConfig::accessList
struct SquidConfig::@112 accessList
StatHist::count
void count(double val)
Definition: StatHist.cc:57
storeKeyCopy
cache_key * storeKeyCopy(cache_key *dst, const cache_key *src)
Definition: store_key_md5.cc:149
neighbors_do_private_keys
int neighbors_do_private_keys
conn
int conn
the current server connection FD
Definition: Transport.cc:26
ICPState::fillChecklist
virtual void fillChecklist(ACLFilledChecklist &) const override
configure the given checklist (to reflect the current transaction state)
Definition: icp_v2.cc:195
LOG_UDP_INVALID
@ LOG_UDP_INVALID
Definition: LogTags.h:60
assert
#define assert(EX)
Definition: assert.h:19
Security::Connection
SSL Connection
Definition: Session.h:45
AccessLogEntry::cache
class AccessLogEntry::CacheDetails cache
IPV6_SPECIAL_SPLITSTACK
#define IPV6_SPECIAL_SPLITSTACK
Definition: tools.h:22
icpSyncAle
static void icpSyncAle(AccessLogEntryPointer &al, const Ip::Address &caddr, const char *url, int len, int delay)
Definition: icp_v2.cc:76
version
static int version
Definition: basic_ldap_auth.cc:162
ICP_HIT
@ ICP_HIT
Definition: icp_opcode.h:17
HTTPMSGLOCK
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:161
COMM_SELECT_READ
#define COMM_SELECT_READ
Definition: defines.h:24
store_key_md5.h
icp_common_t::getOpCode
icp_opcode getOpCode() const
Definition: icp_v2.cc:132
Store::Controller::store_dirs_rebuilding
static int store_dirs_rebuilding
the number of cache_dirs being rebuilt; TODO: move to Disks::Rebuilding
Definition: Controller.h:139
squid_curtime
time_t squid_curtime
Definition: stub_time.cc:17
Ip::Address::isNoAddr
bool isNoAddr() const
Definition: Address.cc:284
icpIncomingConn
Comm::ConnectionPointer icpIncomingConn
Definition: icp_v2.cc:102
ICP_VERSION_3
#define ICP_VERSION_3
Definition: defines.h:45
StoreClient::startCollapsingOn
bool startCollapsingOn(const StoreEntry &, const bool doingRevalidation) const
Definition: store_client.cc:66
ignoreErrno
int ignoreErrno(int ierrno)
Definition: comm.cc:1424
icpLogIcp
static void icpLogIcp(const Ip::Address &, const LogTags_ot, int, const char *, const int, AccessLogEntryPointer &)
updates ALE (if any) and logs the transaction (if needed)
Definition: icp_v2.cc:228
DelayedUdpSend::address
Ip::Address address
remote peer (which may not be a cache_peer)
Definition: icp_v2.cc:53
ICP_QUERY
@ ICP_QUERY
Definition: icp_opcode.h:16
ICP_MISS
@ ICP_MISS
Definition: icp_opcode.h:18
opt_reload_hit_only
int opt_reload_hit_only
icp_common_t::version
unsigned char version
Definition: ICP.h:40
icpOpenPorts
void icpOpenPorts(void)
Definition: icp_v2.cc:700
current_time
struct timeval current_time
Definition: stub_time.cc:15
netdbHostHops
int netdbHostHops(const char *host)
Definition: net_db.cc:1040
Acl::Answer::allowed
bool allowed() const
Definition: Acl.h:143
icp_common_t::pad
uint32_t pad
Definition: ICP.h:46
SquidConfig::onoff
struct SquidConfig::@111 onoff
SquidConfig::mcast_group_list
wordlist * mcast_group_list
Definition: SquidConfig.h:251
DelayedUdpSend
a delayed icpUdpSend() call
Definition: icp_v2.cc:51
SENT
@ SENT
Definition: enums.h:175
StatCounters::q_kbytes_sent
ByteCounter q_kbytes_sent
Definition: StatCounters.h:77
Comm::SetSelect
void SetSelect(int, unsigned int, PF *, void *, time_t)
Mark an FD to be watched for its IO status.
Definition: ModDevPoll.cc:225
N_QUERIED_KEYS
#define N_QUERIED_KEYS
Definition: icp_v2.cc:860
ACLFilledChecklist::setRequest
void setRequest(HttpRequest *)
configure client request-related fields for the first time
Definition: FilledChecklist.cc:250
icpClosePorts
void icpClosePorts(void)
Definition: icp_v2.cc:808
icp_common_t::handleReply
void handleReply(char *buf, Ip::Address &from)
Definition: icp_v2.cc:543
HttpRequest::FromUrlXXX
static HttpRequest * FromUrlXXX(const char *url, const MasterXaction::Pointer &, const HttpRequestMethod &method=Http::METHOD_GET)
Definition: HttpRequest.cc:529
StatCounters::q_kbytes_recv
ByteCounter q_kbytes_recv
Definition: StatCounters.h:80
icpUdpSend
static int icpUdpSend(int fd, const Ip::Address &to, icp_common_t *msg, int delay, AccessLogEntryPointer al)
Definition: icp_v2.cc:322
icp_common_t::icp_common_t
icp_common_t()
Definition: icp_v2.cc:107
enter_suid
void enter_suid(void)
Definition: tools.cc:577
LogTags_ot
LogTags_ot
Definition: LogTags.h:37
asyncCall
AsyncCall * asyncCall(int aDebugSection, int aDebugLevel, const char *aName, const Dialer &aDialer)
Definition: AsyncCall.h:156
ICP_END
@ ICP_END
Definition: icp_opcode.h:39
storeGetPublic
StoreEntry * storeGetPublic(const char *uri, const HttpRequestMethod &method)
Definition: store.cc:519
queried_keys
static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH]
Definition: icp_v2.cc:862
icpIncomingConnectionOpened
static void icpIncomingConnectionOpened(const Comm::ConnectionPointer &conn, int errNo)
Definition: icp_v2.cc:758
ICP_DENIED
@ ICP_DENIED
Definition: icp_opcode.h:37
icp_common_t::CreateMessage
static icp_common_t * CreateMessage(icp_opcode opcode, int flags, const char *url, int reqnum, int pad)
Definition: icp_v2.cc:274
comm_udp_recvfrom
int comm_udp_recvfrom(int fd, void *buf, size_t len, int flags, Ip::Address &from)
Definition: comm.cc:122
StoreEntry::hittingRequiresCollapsing
bool hittingRequiresCollapsing() const
whether this entry can feed collapsed requests and only them
Definition: Store.h:217
LOG_UDP_MISS_NOFETCH
@ LOG_UDP_MISS_NOFETCH
Definition: LogTags.h:61
icp_common_t::flags
uint32_t flags
Definition: ICP.h:45
ICP_VERSION_2
#define ICP_VERSION_2
Definition: defines.h:44
ICP_VERSION_CURRENT
#define ICP_VERSION_CURRENT
Definition: defines.h:46
icp_common_t
Definition: ICP.h:35
icp_opcode
icp_opcode
Definition: icp_opcode.h:13
Http::METHOD_GET
@ METHOD_GET
Definition: MethodType.h:25
LOG_UDP_DENIED
@ LOG_UDP_DENIED
Definition: LogTags.h:59
Ip::EnableIpv6
int EnableIpv6
Whether IPv6 is supported and type of support.
Definition: tools.h:25
s
static StatHist s
Definition: stub_SBufDetailedStats.cc:17
N_QUERIED_KEYS_MASK
#define N_QUERIED_KEYS_MASK
Definition: icp_v2.cc:861
AnyP::Uri::host
void host(const char *src)
Definition: Uri.cc:98
netdbPingSite
void netdbPingSite(const char *hostname)
Definition: net_db.cc:908
request
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
StatCounters::kbytes_recv
ByteCounter kbytes_recv
Definition: StatCounters.h:79
XactionInitiator::initIcp
@ initIcp
the ICP/neighbors subsystem
Definition: XactionInitiator.h:24
COMM_SELECT_WRITE
#define COMM_SELECT_WRITE
Definition: defines.h:25
ICPState
Definition: ICP.h:62
ICP2State::src_rtt
int src_rtt
Definition: icp_v2.cc:217
icpSetCacheKey
int icpSetCacheKey(const cache_key *key)
Definition: icp_v2.cc:865
AnyP::PROTO_ICP
@ PROTO_ICP
Definition: ProtocolType.h:33
icp_opcode_str
const char * icp_opcode_str[]
LOG_ICP_QUERY
@ LOG_ICP_QUERY
Definition: LogTags.h:62
Config
class SquidConfig Config
Definition: SquidConfig.cc:12
int
int unsigned int
Definition: stub_fd.cc:19
statCounter
StatCounters statCounter
Definition: StatCounters.cc:12
LOG_UDP_MISS
@ LOG_UDP_MISS
Definition: LogTags.h:58
SquidConfig::icp_hit_stale
int icp_hit_stale
Definition: SquidConfig.h:288
StatCounters::r_kbytes_sent
ByteCounter r_kbytes_sent
Definition: StatCounters.h:78
IcpQueueHead
static DelayedUdpSend * IcpQueueHead
Definition: icp_v2.cc:97
ICPState::confirmAndPrepHit
bool confirmAndPrepHit(const StoreEntry &) const
either confirms and starts processing a cache hit or returns false
Definition: icp_v2.cc:171

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors