2012-07-06 08:13:49 -04:00
|
|
|
/*
|
|
|
|
|
* Connection management functions
|
|
|
|
|
*
|
|
|
|
|
* Copyright 2000-2012 Willy Tarreau <w@1wt.eu>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
|
* 2 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
2012-10-04 18:10:55 -04:00
|
|
|
#include <errno.h>
|
|
|
|
|
|
2012-07-06 08:13:49 -04:00
|
|
|
#include <common/compat.h>
|
|
|
|
|
#include <common/config.h>
|
|
|
|
|
|
2012-08-24 12:12:41 -04:00
|
|
|
#include <proto/connection.h>
|
2012-09-02 16:34:23 -04:00
|
|
|
#include <proto/fd.h>
|
2012-10-04 17:55:57 -04:00
|
|
|
#include <proto/frontend.h>
|
2012-07-23 09:07:23 -04:00
|
|
|
#include <proto/proto_tcp.h>
|
2012-08-31 10:01:23 -04:00
|
|
|
#include <proto/session.h>
|
2012-07-06 11:12:34 -04:00
|
|
|
#include <proto/stream_interface.h>
|
2012-07-06 08:13:49 -04:00
|
|
|
|
2012-05-18 09:47:34 -04:00
|
|
|
#ifdef USE_OPENSSL
|
|
|
|
|
#include <proto/ssl_sock.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-10-26 14:10:28 -04:00
|
|
|
struct pool_head *pool2_connection;
|
|
|
|
|
|
|
|
|
|
/* perform minimal intializations, report 0 in case of error, 1 if OK. */
|
|
|
|
|
int init_connection()
|
|
|
|
|
{
|
|
|
|
|
pool2_connection = create_pool("connection", sizeof (struct connection), MEM_F_SHARED);
|
|
|
|
|
return pool2_connection != NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-06 08:13:49 -04:00
|
|
|
/* I/O callback for fd-based connections. It calls the read/write handlers
|
2012-08-09 08:45:22 -04:00
|
|
|
* provided by the connection's sock_ops, which must be valid. It returns 0.
|
2012-07-06 08:13:49 -04:00
|
|
|
*/
|
|
|
|
|
int conn_fd_handler(int fd)
|
|
|
|
|
{
|
2012-07-06 08:54:49 -04:00
|
|
|
struct connection *conn = fdtab[fd].owner;
|
2012-10-03 15:04:48 -04:00
|
|
|
unsigned int flags;
|
2012-07-06 08:13:49 -04:00
|
|
|
|
2012-07-12 09:32:13 -04:00
|
|
|
if (unlikely(!conn))
|
2012-08-31 10:01:23 -04:00
|
|
|
return 0;
|
2012-07-06 08:13:49 -04:00
|
|
|
|
2012-12-16 13:19:13 -05:00
|
|
|
conn_refresh_polling_flags(conn);
|
|
|
|
|
flags = conn->flags & ~CO_FL_ERROR; /* ensure to call the wake handler upon error */
|
2012-12-10 10:33:38 -05:00
|
|
|
|
2012-07-12 09:32:13 -04:00
|
|
|
process_handshake:
|
2012-08-17 11:33:53 -04:00
|
|
|
/* The handshake callbacks are called in sequence. If either of them is
|
|
|
|
|
* missing something, it must enable the required polling at the socket
|
|
|
|
|
* layer of the connection. Polling state is not guaranteed when entering
|
|
|
|
|
* these handlers, so any handshake handler which does not complete its
|
2013-11-25 02:41:15 -05:00
|
|
|
* work must explicitly disable events it's not interested in. Error
|
|
|
|
|
* handling is also performed here in order to reduce the number of tests
|
|
|
|
|
* around.
|
2012-08-17 11:33:53 -04:00
|
|
|
*/
|
2013-11-25 02:41:15 -05:00
|
|
|
while (unlikely(conn->flags & (CO_FL_HANDSHAKE | CO_FL_ERROR))) {
|
2014-01-22 13:46:33 -05:00
|
|
|
if (unlikely(conn->flags & CO_FL_ERROR))
|
2012-07-06 11:12:34 -04:00
|
|
|
goto leave;
|
2012-07-06 08:13:49 -04:00
|
|
|
|
2012-08-31 11:43:29 -04:00
|
|
|
if (conn->flags & CO_FL_ACCEPT_PROXY)
|
|
|
|
|
if (!conn_recv_proxy(conn, CO_FL_ACCEPT_PROXY))
|
|
|
|
|
goto leave;
|
|
|
|
|
|
2013-10-24 16:01:26 -04:00
|
|
|
if (conn->flags & CO_FL_SEND_PROXY)
|
|
|
|
|
if (!conn_si_send_proxy(conn, CO_FL_SEND_PROXY))
|
2012-10-04 17:55:57 -04:00
|
|
|
goto leave;
|
2012-05-18 09:47:34 -04:00
|
|
|
#ifdef USE_OPENSSL
|
|
|
|
|
if (conn->flags & CO_FL_SSL_WAIT_HS)
|
|
|
|
|
if (!ssl_sock_handshake(conn, CO_FL_SSL_WAIT_HS))
|
|
|
|
|
goto leave;
|
|
|
|
|
#endif
|
2012-07-12 09:32:13 -04:00
|
|
|
}
|
|
|
|
|
|
2012-08-17 11:33:53 -04:00
|
|
|
/* Once we're purely in the data phase, we disable handshake polling */
|
|
|
|
|
if (!(conn->flags & CO_FL_POLL_SOCK))
|
|
|
|
|
__conn_sock_stop_both(conn);
|
2012-07-12 09:32:13 -04:00
|
|
|
|
2012-10-02 19:39:48 -04:00
|
|
|
/* The data layer might not be ready yet (eg: when using embryonic
|
|
|
|
|
* sessions). If we're about to move data, we must initialize it first.
|
|
|
|
|
* The function may fail and cause the connection to be destroyed, thus
|
2012-08-31 10:01:23 -04:00
|
|
|
* we must not use it anymore and should immediately leave instead.
|
|
|
|
|
*/
|
2012-10-02 19:39:48 -04:00
|
|
|
if ((conn->flags & CO_FL_INIT_DATA) && conn->data->init(conn) < 0)
|
2012-08-31 10:01:23 -04:00
|
|
|
return 0;
|
|
|
|
|
|
2012-10-22 16:47:55 -04:00
|
|
|
/* The data transfer starts here and stops on error and handshakes. Note
|
|
|
|
|
* that we must absolutely test conn->xprt at each step in case it suddenly
|
|
|
|
|
* changes due to a quick unexpected close().
|
|
|
|
|
*/
|
2014-01-21 05:01:08 -05:00
|
|
|
if (conn->xprt && fd_recv_ready(fd) &&
|
|
|
|
|
((conn->flags & (CO_FL_DATA_RD_ENA|CO_FL_WAIT_ROOM|CO_FL_ERROR|CO_FL_HANDSHAKE)) == CO_FL_DATA_RD_ENA)) {
|
2012-10-05 15:29:37 -04:00
|
|
|
/* force detection of a flag change : it's impossible to have both
|
|
|
|
|
* CONNECTED and WAIT_CONN so we're certain to trigger a change.
|
2012-10-03 15:04:48 -04:00
|
|
|
*/
|
2012-10-05 15:29:37 -04:00
|
|
|
flags = CO_FL_WAIT_L4_CONN | CO_FL_CONNECTED;
|
2012-10-02 18:41:04 -04:00
|
|
|
conn->data->recv(conn);
|
2012-10-03 15:04:48 -04:00
|
|
|
}
|
2012-07-06 08:13:49 -04:00
|
|
|
|
2014-01-21 05:01:08 -05:00
|
|
|
if (conn->xprt && fd_send_ready(fd) &&
|
|
|
|
|
((conn->flags & (CO_FL_DATA_WR_ENA|CO_FL_WAIT_DATA|CO_FL_ERROR|CO_FL_HANDSHAKE)) == CO_FL_DATA_WR_ENA)) {
|
2012-10-05 15:29:37 -04:00
|
|
|
/* force detection of a flag change : it's impossible to have both
|
|
|
|
|
* CONNECTED and WAIT_CONN so we're certain to trigger a change.
|
2012-10-03 15:04:48 -04:00
|
|
|
*/
|
2012-10-05 15:29:37 -04:00
|
|
|
flags = CO_FL_WAIT_L4_CONN | CO_FL_CONNECTED;
|
2012-10-02 18:41:04 -04:00
|
|
|
conn->data->send(conn);
|
2012-10-03 15:04:48 -04:00
|
|
|
}
|
2012-07-23 09:07:23 -04:00
|
|
|
|
2012-07-12 09:32:13 -04:00
|
|
|
/* It may happen during the data phase that a handshake is
|
|
|
|
|
* enabled again (eg: SSL)
|
|
|
|
|
*/
|
2013-11-25 02:41:15 -05:00
|
|
|
if (unlikely(conn->flags & (CO_FL_HANDSHAKE | CO_FL_ERROR)))
|
2012-07-12 09:32:13 -04:00
|
|
|
goto process_handshake;
|
|
|
|
|
|
2014-01-20 09:13:07 -05:00
|
|
|
if (unlikely(conn->flags & CO_FL_WAIT_L4_CONN)) {
|
2012-09-01 11:59:22 -04:00
|
|
|
/* still waiting for a connection to establish and nothing was
|
|
|
|
|
* attempted yet to probe the connection. Then let's retry the
|
|
|
|
|
* connect().
|
2012-07-23 09:07:23 -04:00
|
|
|
*/
|
2012-07-23 12:53:03 -04:00
|
|
|
if (!tcp_connect_probe(conn))
|
2012-08-09 08:45:22 -04:00
|
|
|
goto leave;
|
2012-07-23 09:07:23 -04:00
|
|
|
}
|
|
|
|
|
|
2012-07-06 11:12:34 -04:00
|
|
|
leave:
|
2012-10-03 15:12:16 -04:00
|
|
|
/* The wake callback may be used to process a critical error and abort the
|
|
|
|
|
* connection. If so, we don't want to go further as the connection will
|
|
|
|
|
* have been released and the FD destroyed.
|
|
|
|
|
*/
|
|
|
|
|
if ((conn->flags & CO_FL_WAKE_DATA) &&
|
|
|
|
|
((conn->flags ^ flags) & CO_FL_CONN_STATE) &&
|
|
|
|
|
conn->data->wake(conn) < 0)
|
|
|
|
|
return 0;
|
2012-07-23 12:24:25 -04:00
|
|
|
|
2012-07-23 13:45:44 -04:00
|
|
|
/* Last check, verify if the connection just established */
|
2012-07-12 09:32:13 -04:00
|
|
|
if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED))))
|
2012-07-23 13:45:44 -04:00
|
|
|
conn->flags |= CO_FL_CONNECTED;
|
|
|
|
|
|
2012-07-23 06:14:26 -04:00
|
|
|
/* remove the events before leaving */
|
2012-12-06 18:09:43 -05:00
|
|
|
fdtab[fd].ev &= FD_POLL_STICKY;
|
2012-08-17 11:33:53 -04:00
|
|
|
|
|
|
|
|
/* commit polling changes */
|
|
|
|
|
conn_cond_update_polling(conn);
|
2012-08-09 08:45:22 -04:00
|
|
|
return 0;
|
2012-07-06 08:13:49 -04:00
|
|
|
}
|
2012-08-17 05:55:04 -04:00
|
|
|
|
2012-09-01 11:26:16 -04:00
|
|
|
/* Update polling on connection <c>'s file descriptor depending on its current
|
|
|
|
|
* state as reported in the connection's CO_FL_CURR_* flags, reports of EAGAIN
|
|
|
|
|
* in CO_FL_WAIT_*, and the data layer expectations indicated by CO_FL_DATA_*.
|
|
|
|
|
* The connection flags are updated with the new flags at the end of the
|
2012-10-04 16:21:15 -04:00
|
|
|
* operation. Polling is totally disabled if an error was reported.
|
2012-08-17 05:55:04 -04:00
|
|
|
*/
|
2012-09-01 11:26:16 -04:00
|
|
|
void conn_update_data_polling(struct connection *c)
|
2012-08-17 05:55:04 -04:00
|
|
|
{
|
2012-09-01 11:26:16 -04:00
|
|
|
unsigned int f = c->flags;
|
2012-08-17 05:55:04 -04:00
|
|
|
|
2014-01-23 07:50:42 -05:00
|
|
|
if (!conn_ctrl_ready(c))
|
MAJOR: connection: add two new flags to indicate readiness of control/transport
Currently the control and transport layers of a connection are supposed
to be initialized when their respective pointers are not NULL. This will
not work anymore when we plan to reuse connections, because there is an
asymmetry between the accept() side and the connect() side :
- on accept() side, the fd is set first, then the ctrl layer then the
transport layer ; upon error, they must be undone in the reverse order,
then the FD must be closed. The FD must not be deleted if the control
layer was not yet initialized ;
- on the connect() side, the fd is set last and there is no reliable way
to know if it has been initialized or not. In practice it's initialized
to -1 first but this is hackish and supposes that local FDs only will
be used forever. Also, there are even less solutions for keeping trace
of the transport layer's state.
Also it is possible to support delayed close() when something (eg: logs)
tracks some information requiring the transport and/or control layers,
making it even more difficult to clean them.
So the proposed solution is to add two flags to the connection :
- CO_FL_CTRL_READY is set when the control layer is initialized (fd_insert)
and cleared after it's released (fd_delete).
- CO_FL_XPRT_READY is set when the control layer is initialized (xprt->init)
and cleared after it's released (xprt->close).
The functions have been adapted to rely on this and not on the pointers
anymore. conn_xprt_close() was unused and dangerous : it did not close
the control layer (eg: the socket itself) but still marks the transport
layer as closed, preventing any future call to conn_full_close() from
finishing the job.
The problem comes from conn_full_close() in fact. It needs to close the
xprt and ctrl layers independantly. After that we're still having an issue :
we don't know based on ->ctrl alone whether the fd was registered or not.
For this we use the two new flags CO_FL_XPRT_READY and CO_FL_CTRL_READY. We
now rely on this and not on conn->xprt nor conn->ctrl anymore to decide what
remains to be done on the connection.
In order not to miss some flag assignments, we introduce conn_ctrl_init()
to initialize the control layer, register the fd using fd_insert() and set
the flag, and conn_ctrl_close() which unregisters the fd and removes the
flag, but only if the transport layer was closed.
Similarly, at the transport layer, conn_xprt_init() calls ->init and sets
the flag, while conn_xprt_close() checks the flag, calls ->close and clears
the flag, regardless xprt_ctx or xprt_st. This also ensures that the ->init
and the ->close functions are called only once each and in the correct order.
Note that conn_xprt_close() does nothing if the transport layer is still
tracked.
conn_full_close() now simply calls conn_xprt_close() then conn_full_close()
in turn, which do nothing if CO_FL_XPRT_TRACKED is set.
In order to handle the error path, we also provide conn_force_close() which
ignores CO_FL_XPRT_TRACKED and closes the transport and the control layers
in turns. All relevant instances of fd_delete() have been replaced with
conn_force_close(). Now we always know what state the connection is in and
we can expect to split its initialization.
2013-10-21 10:30:56 -04:00
|
|
|
return;
|
|
|
|
|
|
2012-08-17 05:55:04 -04:00
|
|
|
/* update read status if needed */
|
2014-01-22 13:46:33 -05:00
|
|
|
if (unlikely((f & (CO_FL_CURR_RD_ENA|CO_FL_DATA_RD_ENA)) == CO_FL_DATA_RD_ENA)) {
|
2012-08-17 05:55:04 -04:00
|
|
|
fd_want_recv(c->t.sock.fd);
|
2012-11-05 11:52:26 -05:00
|
|
|
f |= CO_FL_CURR_RD_ENA;
|
|
|
|
|
}
|
|
|
|
|
else if (unlikely((f & (CO_FL_CURR_RD_ENA|CO_FL_DATA_RD_ENA)) == CO_FL_CURR_RD_ENA)) {
|
|
|
|
|
fd_stop_recv(c->t.sock.fd);
|
|
|
|
|
f &= ~CO_FL_CURR_RD_ENA;
|
2012-09-01 11:26:16 -04:00
|
|
|
}
|
2012-08-17 05:55:04 -04:00
|
|
|
|
|
|
|
|
/* update write status if needed */
|
2014-01-22 13:46:33 -05:00
|
|
|
if (unlikely((f & (CO_FL_CURR_WR_ENA|CO_FL_DATA_WR_ENA)) == CO_FL_DATA_WR_ENA)) {
|
2012-08-17 05:55:04 -04:00
|
|
|
fd_want_send(c->t.sock.fd);
|
2012-11-05 11:52:26 -05:00
|
|
|
f |= CO_FL_CURR_WR_ENA;
|
|
|
|
|
}
|
|
|
|
|
else if (unlikely((f & (CO_FL_CURR_WR_ENA|CO_FL_DATA_WR_ENA)) == CO_FL_CURR_WR_ENA)) {
|
|
|
|
|
fd_stop_send(c->t.sock.fd);
|
|
|
|
|
f &= ~CO_FL_CURR_WR_ENA;
|
2012-09-01 11:26:16 -04:00
|
|
|
}
|
2014-01-22 13:46:33 -05:00
|
|
|
c->flags = f;
|
2012-09-01 11:26:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update polling on connection <c>'s file descriptor depending on its current
|
|
|
|
|
* state as reported in the connection's CO_FL_CURR_* flags, reports of EAGAIN
|
|
|
|
|
* in CO_FL_WAIT_*, and the sock layer expectations indicated by CO_FL_SOCK_*.
|
|
|
|
|
* The connection flags are updated with the new flags at the end of the
|
2012-10-04 16:21:15 -04:00
|
|
|
* operation. Polling is totally disabled if an error was reported.
|
2012-09-01 11:26:16 -04:00
|
|
|
*/
|
|
|
|
|
void conn_update_sock_polling(struct connection *c)
|
|
|
|
|
{
|
|
|
|
|
unsigned int f = c->flags;
|
2012-08-17 05:55:04 -04:00
|
|
|
|
2014-01-23 07:50:42 -05:00
|
|
|
if (!conn_ctrl_ready(c))
|
MAJOR: connection: add two new flags to indicate readiness of control/transport
Currently the control and transport layers of a connection are supposed
to be initialized when their respective pointers are not NULL. This will
not work anymore when we plan to reuse connections, because there is an
asymmetry between the accept() side and the connect() side :
- on accept() side, the fd is set first, then the ctrl layer then the
transport layer ; upon error, they must be undone in the reverse order,
then the FD must be closed. The FD must not be deleted if the control
layer was not yet initialized ;
- on the connect() side, the fd is set last and there is no reliable way
to know if it has been initialized or not. In practice it's initialized
to -1 first but this is hackish and supposes that local FDs only will
be used forever. Also, there are even less solutions for keeping trace
of the transport layer's state.
Also it is possible to support delayed close() when something (eg: logs)
tracks some information requiring the transport and/or control layers,
making it even more difficult to clean them.
So the proposed solution is to add two flags to the connection :
- CO_FL_CTRL_READY is set when the control layer is initialized (fd_insert)
and cleared after it's released (fd_delete).
- CO_FL_XPRT_READY is set when the control layer is initialized (xprt->init)
and cleared after it's released (xprt->close).
The functions have been adapted to rely on this and not on the pointers
anymore. conn_xprt_close() was unused and dangerous : it did not close
the control layer (eg: the socket itself) but still marks the transport
layer as closed, preventing any future call to conn_full_close() from
finishing the job.
The problem comes from conn_full_close() in fact. It needs to close the
xprt and ctrl layers independantly. After that we're still having an issue :
we don't know based on ->ctrl alone whether the fd was registered or not.
For this we use the two new flags CO_FL_XPRT_READY and CO_FL_CTRL_READY. We
now rely on this and not on conn->xprt nor conn->ctrl anymore to decide what
remains to be done on the connection.
In order not to miss some flag assignments, we introduce conn_ctrl_init()
to initialize the control layer, register the fd using fd_insert() and set
the flag, and conn_ctrl_close() which unregisters the fd and removes the
flag, but only if the transport layer was closed.
Similarly, at the transport layer, conn_xprt_init() calls ->init and sets
the flag, while conn_xprt_close() checks the flag, calls ->close and clears
the flag, regardless xprt_ctx or xprt_st. This also ensures that the ->init
and the ->close functions are called only once each and in the correct order.
Note that conn_xprt_close() does nothing if the transport layer is still
tracked.
conn_full_close() now simply calls conn_xprt_close() then conn_full_close()
in turn, which do nothing if CO_FL_XPRT_TRACKED is set.
In order to handle the error path, we also provide conn_force_close() which
ignores CO_FL_XPRT_TRACKED and closes the transport and the control layers
in turns. All relevant instances of fd_delete() have been replaced with
conn_force_close(). Now we always know what state the connection is in and
we can expect to split its initialization.
2013-10-21 10:30:56 -04:00
|
|
|
return;
|
|
|
|
|
|
2012-09-01 11:26:16 -04:00
|
|
|
/* update read status if needed */
|
2014-01-22 13:46:33 -05:00
|
|
|
if (unlikely((f & (CO_FL_CURR_RD_ENA|CO_FL_SOCK_RD_ENA)) == CO_FL_SOCK_RD_ENA)) {
|
2012-09-01 11:26:16 -04:00
|
|
|
fd_want_recv(c->t.sock.fd);
|
2012-11-05 11:52:26 -05:00
|
|
|
f |= CO_FL_CURR_RD_ENA;
|
|
|
|
|
}
|
|
|
|
|
else if (unlikely((f & (CO_FL_CURR_RD_ENA|CO_FL_SOCK_RD_ENA)) == CO_FL_CURR_RD_ENA)) {
|
|
|
|
|
fd_stop_recv(c->t.sock.fd);
|
|
|
|
|
f &= ~CO_FL_CURR_RD_ENA;
|
2012-09-01 11:26:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* update write status if needed */
|
2014-01-22 13:46:33 -05:00
|
|
|
if (unlikely((f & (CO_FL_CURR_WR_ENA|CO_FL_SOCK_WR_ENA)) == CO_FL_SOCK_WR_ENA)) {
|
2012-09-01 11:26:16 -04:00
|
|
|
fd_want_send(c->t.sock.fd);
|
2012-11-05 11:52:26 -05:00
|
|
|
f |= CO_FL_CURR_WR_ENA;
|
|
|
|
|
}
|
|
|
|
|
else if (unlikely((f & (CO_FL_CURR_WR_ENA|CO_FL_SOCK_WR_ENA)) == CO_FL_CURR_WR_ENA)) {
|
|
|
|
|
fd_stop_send(c->t.sock.fd);
|
|
|
|
|
f &= ~CO_FL_CURR_WR_ENA;
|
2012-09-01 11:26:16 -04:00
|
|
|
}
|
2014-01-22 13:46:33 -05:00
|
|
|
c->flags = f;
|
2012-08-17 05:55:04 -04:00
|
|
|
}
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
/* This handshake handler waits a PROXY protocol header at the beginning of the
|
|
|
|
|
* raw data stream. The header looks like this :
|
|
|
|
|
*
|
|
|
|
|
* "PROXY" <SP> PROTO <SP> SRC3 <SP> DST3 <SP> SRC4 <SP> <DST4> "\r\n"
|
|
|
|
|
*
|
|
|
|
|
* There must be exactly one space between each field. Fields are :
|
|
|
|
|
* - PROTO : layer 4 protocol, which must be "TCP4" or "TCP6".
|
|
|
|
|
* - SRC3 : layer 3 (eg: IP) source address in standard text form
|
|
|
|
|
* - DST3 : layer 3 (eg: IP) destination address in standard text form
|
|
|
|
|
* - SRC4 : layer 4 (eg: TCP port) source address in standard text form
|
|
|
|
|
* - DST4 : layer 4 (eg: TCP port) destination address in standard text form
|
|
|
|
|
*
|
|
|
|
|
* This line MUST be at the beginning of the buffer and MUST NOT wrap.
|
|
|
|
|
*
|
|
|
|
|
* The header line is small and in all cases smaller than the smallest normal
|
|
|
|
|
* TCP MSS. So it MUST always be delivered as one segment, which ensures we
|
|
|
|
|
* can safely use MSG_PEEK and avoid buffering.
|
|
|
|
|
*
|
|
|
|
|
* Once the data is fetched, the values are set in the connection's address
|
|
|
|
|
* fields, and data are removed from the socket's buffer. The function returns
|
|
|
|
|
* zero if it needs to wait for more data or if it fails, or 1 if it completed
|
|
|
|
|
* and removed itself.
|
|
|
|
|
*/
|
|
|
|
|
int conn_recv_proxy(struct connection *conn, int flag)
|
|
|
|
|
{
|
|
|
|
|
char *line, *end;
|
|
|
|
|
|
|
|
|
|
/* we might have been called just after an asynchronous shutr */
|
|
|
|
|
if (conn->flags & CO_FL_SOCK_RD_SH)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2014-01-23 07:50:42 -05:00
|
|
|
if (!conn_ctrl_ready(conn))
|
MAJOR: connection: add two new flags to indicate readiness of control/transport
Currently the control and transport layers of a connection are supposed
to be initialized when their respective pointers are not NULL. This will
not work anymore when we plan to reuse connections, because there is an
asymmetry between the accept() side and the connect() side :
- on accept() side, the fd is set first, then the ctrl layer then the
transport layer ; upon error, they must be undone in the reverse order,
then the FD must be closed. The FD must not be deleted if the control
layer was not yet initialized ;
- on the connect() side, the fd is set last and there is no reliable way
to know if it has been initialized or not. In practice it's initialized
to -1 first but this is hackish and supposes that local FDs only will
be used forever. Also, there are even less solutions for keeping trace
of the transport layer's state.
Also it is possible to support delayed close() when something (eg: logs)
tracks some information requiring the transport and/or control layers,
making it even more difficult to clean them.
So the proposed solution is to add two flags to the connection :
- CO_FL_CTRL_READY is set when the control layer is initialized (fd_insert)
and cleared after it's released (fd_delete).
- CO_FL_XPRT_READY is set when the control layer is initialized (xprt->init)
and cleared after it's released (xprt->close).
The functions have been adapted to rely on this and not on the pointers
anymore. conn_xprt_close() was unused and dangerous : it did not close
the control layer (eg: the socket itself) but still marks the transport
layer as closed, preventing any future call to conn_full_close() from
finishing the job.
The problem comes from conn_full_close() in fact. It needs to close the
xprt and ctrl layers independantly. After that we're still having an issue :
we don't know based on ->ctrl alone whether the fd was registered or not.
For this we use the two new flags CO_FL_XPRT_READY and CO_FL_CTRL_READY. We
now rely on this and not on conn->xprt nor conn->ctrl anymore to decide what
remains to be done on the connection.
In order not to miss some flag assignments, we introduce conn_ctrl_init()
to initialize the control layer, register the fd using fd_insert() and set
the flag, and conn_ctrl_close() which unregisters the fd and removes the
flag, but only if the transport layer was closed.
Similarly, at the transport layer, conn_xprt_init() calls ->init and sets
the flag, while conn_xprt_close() checks the flag, calls ->close and clears
the flag, regardless xprt_ctx or xprt_st. This also ensures that the ->init
and the ->close functions are called only once each and in the correct order.
Note that conn_xprt_close() does nothing if the transport layer is still
tracked.
conn_full_close() now simply calls conn_xprt_close() then conn_full_close()
in turn, which do nothing if CO_FL_XPRT_TRACKED is set.
In order to handle the error path, we also provide conn_force_close() which
ignores CO_FL_XPRT_TRACKED and closes the transport and the control layers
in turns. All relevant instances of fd_delete() have been replaced with
conn_force_close(). Now we always know what state the connection is in and
we can expect to split its initialization.
2013-10-21 10:30:56 -04:00
|
|
|
goto fail;
|
|
|
|
|
|
2014-01-20 09:13:07 -05:00
|
|
|
if (!fd_recv_ready(conn->t.sock.fd))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2012-10-04 18:10:55 -04:00
|
|
|
do {
|
2012-10-29 11:51:55 -04:00
|
|
|
trash.len = recv(conn->t.sock.fd, trash.str, trash.size, MSG_PEEK);
|
|
|
|
|
if (trash.len < 0) {
|
2012-10-04 18:10:55 -04:00
|
|
|
if (errno == EINTR)
|
|
|
|
|
continue;
|
|
|
|
|
if (errno == EAGAIN) {
|
2014-01-22 14:02:06 -05:00
|
|
|
fd_cant_recv(conn->t.sock.fd);
|
2012-10-04 18:10:55 -04:00
|
|
|
return 0;
|
|
|
|
|
}
|
2012-12-03 09:41:18 -05:00
|
|
|
goto recv_abort;
|
2012-10-04 18:10:55 -04:00
|
|
|
}
|
|
|
|
|
} while (0);
|
|
|
|
|
|
2012-12-03 09:41:18 -05:00
|
|
|
if (!trash.len) {
|
|
|
|
|
/* client shutdown */
|
|
|
|
|
conn->err_code = CO_ER_PRX_EMPTY;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-29 11:51:55 -04:00
|
|
|
if (trash.len < 6)
|
2012-10-04 18:10:55 -04:00
|
|
|
goto missing;
|
|
|
|
|
|
2012-10-29 11:51:55 -04:00
|
|
|
line = trash.str;
|
|
|
|
|
end = trash.str + trash.len;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
/* Decode a possible proxy request, fail early if it does not match */
|
2012-12-03 09:41:18 -05:00
|
|
|
if (strncmp(line, "PROXY ", 6) != 0) {
|
|
|
|
|
conn->err_code = CO_ER_PRX_NOT_HDR;
|
2012-10-04 18:10:55 -04:00
|
|
|
goto fail;
|
2012-12-03 09:41:18 -05:00
|
|
|
}
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
line += 6;
|
2012-10-29 11:51:55 -04:00
|
|
|
if (trash.len < 18) /* shortest possible line */
|
2012-10-04 18:10:55 -04:00
|
|
|
goto missing;
|
|
|
|
|
|
|
|
|
|
if (!memcmp(line, "TCP4 ", 5) != 0) {
|
|
|
|
|
u32 src3, dst3, sport, dport;
|
|
|
|
|
|
|
|
|
|
line += 5;
|
|
|
|
|
|
|
|
|
|
src3 = inetaddr_host_lim_ret(line, end, &line);
|
|
|
|
|
if (line == end)
|
|
|
|
|
goto missing;
|
|
|
|
|
if (*line++ != ' ')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
dst3 = inetaddr_host_lim_ret(line, end, &line);
|
|
|
|
|
if (line == end)
|
|
|
|
|
goto missing;
|
|
|
|
|
if (*line++ != ' ')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
sport = read_uint((const char **)&line, end);
|
|
|
|
|
if (line == end)
|
|
|
|
|
goto missing;
|
|
|
|
|
if (*line++ != ' ')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
dport = read_uint((const char **)&line, end);
|
|
|
|
|
if (line > end - 2)
|
|
|
|
|
goto missing;
|
|
|
|
|
if (*line++ != '\r')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
if (*line++ != '\n')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
/* update the session's addresses and mark them set */
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.from)->sin_family = AF_INET;
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.from)->sin_addr.s_addr = htonl(src3);
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.from)->sin_port = htons(sport);
|
|
|
|
|
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.to)->sin_family = AF_INET;
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.to)->sin_addr.s_addr = htonl(dst3);
|
|
|
|
|
((struct sockaddr_in *)&conn->addr.to)->sin_port = htons(dport);
|
|
|
|
|
conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
|
|
|
|
|
}
|
|
|
|
|
else if (!memcmp(line, "TCP6 ", 5) != 0) {
|
|
|
|
|
u32 sport, dport;
|
|
|
|
|
char *src_s;
|
|
|
|
|
char *dst_s, *sport_s, *dport_s;
|
|
|
|
|
struct in6_addr src3, dst3;
|
|
|
|
|
|
|
|
|
|
line += 5;
|
|
|
|
|
|
|
|
|
|
src_s = line;
|
|
|
|
|
dst_s = sport_s = dport_s = NULL;
|
|
|
|
|
while (1) {
|
|
|
|
|
if (line > end - 2) {
|
|
|
|
|
goto missing;
|
|
|
|
|
}
|
|
|
|
|
else if (*line == '\r') {
|
|
|
|
|
*line = 0;
|
|
|
|
|
line++;
|
|
|
|
|
if (*line++ != '\n')
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (*line == ' ') {
|
|
|
|
|
*line = 0;
|
|
|
|
|
if (!dst_s)
|
|
|
|
|
dst_s = line + 1;
|
|
|
|
|
else if (!sport_s)
|
|
|
|
|
sport_s = line + 1;
|
|
|
|
|
else if (!dport_s)
|
|
|
|
|
dport_s = line + 1;
|
|
|
|
|
}
|
|
|
|
|
line++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!dst_s || !sport_s || !dport_s)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
sport = read_uint((const char **)&sport_s,dport_s - 1);
|
|
|
|
|
if (*sport_s != 0)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
dport = read_uint((const char **)&dport_s,line - 2);
|
|
|
|
|
if (*dport_s != 0)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
if (inet_pton(AF_INET6, src_s, (void *)&src3) != 1)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
if (inet_pton(AF_INET6, dst_s, (void *)&dst3) != 1)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto bad_header;
|
2012-10-04 18:10:55 -04:00
|
|
|
|
|
|
|
|
/* update the session's addresses and mark them set */
|
|
|
|
|
((struct sockaddr_in6 *)&conn->addr.from)->sin6_family = AF_INET6;
|
|
|
|
|
memcpy(&((struct sockaddr_in6 *)&conn->addr.from)->sin6_addr, &src3, sizeof(struct in6_addr));
|
|
|
|
|
((struct sockaddr_in6 *)&conn->addr.from)->sin6_port = htons(sport);
|
|
|
|
|
|
|
|
|
|
((struct sockaddr_in6 *)&conn->addr.to)->sin6_family = AF_INET6;
|
|
|
|
|
memcpy(&((struct sockaddr_in6 *)&conn->addr.to)->sin6_addr, &dst3, sizeof(struct in6_addr));
|
|
|
|
|
((struct sockaddr_in6 *)&conn->addr.to)->sin6_port = htons(dport);
|
|
|
|
|
conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
|
|
|
|
|
}
|
|
|
|
|
else {
|
2012-12-03 09:41:18 -05:00
|
|
|
/* The protocol does not match something known (TCP4/TCP6) */
|
|
|
|
|
conn->err_code = CO_ER_PRX_BAD_PROTO;
|
2012-10-04 18:10:55 -04:00
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* remove the PROXY line from the request. For this we re-read the
|
|
|
|
|
* exact line at once. If we don't get the exact same result, we
|
|
|
|
|
* fail.
|
|
|
|
|
*/
|
2012-10-29 11:51:55 -04:00
|
|
|
trash.len = line - trash.str;
|
2012-10-04 18:10:55 -04:00
|
|
|
do {
|
2012-10-29 11:51:55 -04:00
|
|
|
int len2 = recv(conn->t.sock.fd, trash.str, trash.len, 0);
|
2012-10-04 18:10:55 -04:00
|
|
|
if (len2 < 0 && errno == EINTR)
|
|
|
|
|
continue;
|
2012-10-29 11:51:55 -04:00
|
|
|
if (len2 != trash.len)
|
2012-12-03 09:41:18 -05:00
|
|
|
goto recv_abort;
|
2012-10-04 18:10:55 -04:00
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
conn->flags &= ~flag;
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
missing:
|
|
|
|
|
/* Missing data. Since we're using MSG_PEEK, we can only poll again if
|
|
|
|
|
* we have not read anything. Otherwise we need to fail because we won't
|
|
|
|
|
* be able to poll anymore.
|
|
|
|
|
*/
|
2012-12-03 09:41:18 -05:00
|
|
|
conn->err_code = CO_ER_PRX_TRUNCATED;
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
bad_header:
|
|
|
|
|
/* This is not a valid proxy protocol header */
|
|
|
|
|
conn->err_code = CO_ER_PRX_BAD_HDR;
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
recv_abort:
|
|
|
|
|
conn->err_code = CO_ER_PRX_ABORT;
|
2013-12-04 17:44:10 -05:00
|
|
|
conn->flags |= CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH;
|
2012-12-03 09:41:18 -05:00
|
|
|
goto fail;
|
|
|
|
|
|
2012-10-04 18:10:55 -04:00
|
|
|
fail:
|
2012-12-10 11:03:52 -05:00
|
|
|
__conn_sock_stop_both(conn);
|
2012-10-04 18:10:55 -04:00
|
|
|
conn->flags |= CO_FL_ERROR;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Makes a PROXY protocol line from the two addresses. The output is sent to
|
|
|
|
|
* buffer <buf> for a maximum size of <buf_len> (including the trailing zero).
|
|
|
|
|
* It returns the number of bytes composing this line (including the trailing
|
|
|
|
|
* LF), or zero in case of failure (eg: not enough space). It supports TCP4,
|
2013-10-01 05:41:55 -04:00
|
|
|
* TCP6 and "UNKNOWN" formats. If any of <src> or <dst> is null, UNKNOWN is
|
|
|
|
|
* emitted as well.
|
2012-10-04 18:10:55 -04:00
|
|
|
*/
|
|
|
|
|
int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
2013-10-01 05:41:55 -04:00
|
|
|
if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET) {
|
2012-10-04 18:10:55 -04:00
|
|
|
ret = snprintf(buf + ret, buf_len - ret, "PROXY TCP4 ");
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* IPv4 src */
|
|
|
|
|
if (!inet_ntop(src->ss_family, &((struct sockaddr_in *)src)->sin_addr, buf + ret, buf_len - ret))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ret += strlen(buf + ret);
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
buf[ret++] = ' ';
|
|
|
|
|
|
|
|
|
|
/* IPv4 dst */
|
|
|
|
|
if (!inet_ntop(dst->ss_family, &((struct sockaddr_in *)dst)->sin_addr, buf + ret, buf_len - ret))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ret += strlen(buf + ret);
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* source and destination ports */
|
|
|
|
|
ret += snprintf(buf + ret, buf_len - ret, " %u %u\r\n",
|
|
|
|
|
ntohs(((struct sockaddr_in *)src)->sin_port),
|
|
|
|
|
ntohs(((struct sockaddr_in *)dst)->sin_port));
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-10-01 05:41:55 -04:00
|
|
|
else if (src && dst && src->ss_family == dst->ss_family && src->ss_family == AF_INET6) {
|
2012-10-04 18:10:55 -04:00
|
|
|
ret = snprintf(buf + ret, buf_len - ret, "PROXY TCP6 ");
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* IPv6 src */
|
|
|
|
|
if (!inet_ntop(src->ss_family, &((struct sockaddr_in6 *)src)->sin6_addr, buf + ret, buf_len - ret))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ret += strlen(buf + ret);
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
buf[ret++] = ' ';
|
|
|
|
|
|
|
|
|
|
/* IPv6 dst */
|
|
|
|
|
if (!inet_ntop(dst->ss_family, &((struct sockaddr_in6 *)dst)->sin6_addr, buf + ret, buf_len - ret))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ret += strlen(buf + ret);
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* source and destination ports */
|
|
|
|
|
ret += snprintf(buf + ret, buf_len - ret, " %u %u\r\n",
|
|
|
|
|
ntohs(((struct sockaddr_in6 *)src)->sin6_port),
|
|
|
|
|
ntohs(((struct sockaddr_in6 *)dst)->sin6_port));
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
/* unknown family combination */
|
|
|
|
|
ret = snprintf(buf, buf_len, "PROXY UNKNOWN\r\n");
|
|
|
|
|
if (ret >= buf_len)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
