1 #include "first.h" 2 3 #include "buffer.h" 4 #include "server.h" 5 #include "keyvalue.h" 6 #include "log.h" 7 8 #include "http_chunk.h" 9 #include "fdevent.h" 10 #include "connections.h" 11 #include "response.h" 12 #include "joblist.h" 13 14 #include "plugin.h" 15 16 #include "inet_ntop_cache.h" 17 #include "crc32.h" 18 19 #include <sys/types.h> 20 21 #include <unistd.h> 22 #include <errno.h> 23 #include <fcntl.h> 24 #include <string.h> 25 #include <stdlib.h> 26 #include <ctype.h> 27 #include <assert.h> 28 29 #include <stdio.h> 30 31 #include "sys-socket.h" 32 33 #define data_proxy data_fastcgi 34 #define data_proxy_init data_fastcgi_init 35 36 #define PROXY_RETRY_TIMEOUT 60 37 38 /** 39 * 40 * the proxy module is based on the fastcgi module 41 * 42 * 28.06.2004 Jan Kneschke The first release 43 * 01.07.2004 Evgeny Rodichev Several bugfixes and cleanups 44 * - co-ordinate up- and downstream flows correctly (proxy_demux_response 45 * and proxy_handle_fdevent) 46 * - correctly transfer upstream http_response_status; 47 * - some unused structures removed. 48 * 49 * TODO: - delay upstream read if write_queue is too large 50 * (to prevent memory eating, like in apache). Shoud be 51 * configurable). 52 * - persistent connection with upstream servers 53 * - HTTP/1.1 54 */ 55 typedef enum { 56 PROXY_BALANCE_UNSET, 57 PROXY_BALANCE_FAIR, 58 PROXY_BALANCE_HASH, 59 PROXY_BALANCE_RR 60 } proxy_balance_t; 61 62 typedef struct { 63 array *extensions; 64 unsigned short debug; 65 66 proxy_balance_t balance; 67 } plugin_config; 68 69 typedef struct { 70 PLUGIN_DATA; 71 72 buffer *parse_response; 73 buffer *balance_buf; 74 75 plugin_config **config_storage; 76 77 plugin_config conf; 78 } plugin_data; 79 80 typedef enum { 81 PROXY_STATE_INIT, 82 PROXY_STATE_CONNECT, 83 PROXY_STATE_PREPARE_WRITE, 84 PROXY_STATE_WRITE, 85 PROXY_STATE_READ 86 } proxy_connection_state_t; 87 88 enum { PROXY_STDOUT, PROXY_END_REQUEST }; 89 90 typedef struct { 91 proxy_connection_state_t state; 92 time_t state_timestamp; 93 94 data_proxy *host; 95 96 buffer *response; 97 buffer *response_header; 98 99 chunkqueue *wb; 100 101 int fd; /* fd to the proxy process */ 102 int fde_ndx; /* index into the fd-event buffer */ 103 104 size_t path_info_offset; /* start of path_info in uri.path */ 105 106 connection *remote_conn; /* dump pointer */ 107 plugin_data *plugin_data; /* dump pointer */ 108 } handler_ctx; 109 110 111 /* ok, we need a prototype */ 112 static handler_t proxy_handle_fdevent(server *srv, void *ctx, int revents); 113 114 static handler_ctx * handler_ctx_init(void) { 115 handler_ctx * hctx; 116 117 118 hctx = calloc(1, sizeof(*hctx)); 119 120 hctx->state = PROXY_STATE_INIT; 121 hctx->host = NULL; 122 123 hctx->response = buffer_init(); 124 hctx->response_header = buffer_init(); 125 126 hctx->wb = chunkqueue_init(); 127 128 hctx->fd = -1; 129 hctx->fde_ndx = -1; 130 131 return hctx; 132 } 133 134 static void handler_ctx_free(handler_ctx *hctx) { 135 buffer_free(hctx->response); 136 buffer_free(hctx->response_header); 137 chunkqueue_free(hctx->wb); 138 139 free(hctx); 140 } 141 142 INIT_FUNC(mod_proxy_init) { 143 plugin_data *p; 144 145 p = calloc(1, sizeof(*p)); 146 147 p->parse_response = buffer_init(); 148 p->balance_buf = buffer_init(); 149 150 return p; 151 } 152 153 154 FREE_FUNC(mod_proxy_free) { 155 plugin_data *p = p_d; 156 157 UNUSED(srv); 158 159 buffer_free(p->parse_response); 160 buffer_free(p->balance_buf); 161 162 if (p->config_storage) { 163 size_t i; 164 for (i = 0; i < srv->config_context->used; i++) { 165 plugin_config *s = p->config_storage[i]; 166 167 if (NULL == s) continue; 168 169 array_free(s->extensions); 170 171 free(s); 172 } 173 free(p->config_storage); 174 } 175 176 free(p); 177 178 return HANDLER_GO_ON; 179 } 180 181 SETDEFAULTS_FUNC(mod_proxy_set_defaults) { 182 plugin_data *p = p_d; 183 data_unset *du; 184 size_t i = 0; 185 186 config_values_t cv[] = { 187 { "proxy.server", NULL, T_CONFIG_LOCAL, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 188 { "proxy.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 189 { "proxy.balance", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 190 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 191 }; 192 193 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); 194 195 for (i = 0; i < srv->config_context->used; i++) { 196 data_config const* config = (data_config const*)srv->config_context->data[i]; 197 plugin_config *s; 198 199 s = malloc(sizeof(plugin_config)); 200 s->extensions = array_init(); 201 s->debug = 0; 202 203 cv[0].destination = s->extensions; 204 cv[1].destination = &(s->debug); 205 cv[2].destination = p->balance_buf; 206 207 buffer_reset(p->balance_buf); 208 209 p->config_storage[i] = s; 210 211 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { 212 return HANDLER_ERROR; 213 } 214 215 if (buffer_string_is_empty(p->balance_buf)) { 216 s->balance = PROXY_BALANCE_FAIR; 217 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("fair"))) { 218 s->balance = PROXY_BALANCE_FAIR; 219 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("round-robin"))) { 220 s->balance = PROXY_BALANCE_RR; 221 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("hash"))) { 222 s->balance = PROXY_BALANCE_HASH; 223 } else { 224 log_error_write(srv, __FILE__, __LINE__, "sb", 225 "proxy.balance has to be one of: fair, round-robin, hash, but not:", p->balance_buf); 226 return HANDLER_ERROR; 227 } 228 229 if (NULL != (du = array_get_element(config->value, "proxy.server"))) { 230 size_t j; 231 data_array *da = (data_array *)du; 232 233 if (du->type != TYPE_ARRAY) { 234 log_error_write(srv, __FILE__, __LINE__, "sss", 235 "unexpected type for key: ", "proxy.server", "expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 236 237 return HANDLER_ERROR; 238 } 239 240 /* 241 * proxy.server = ( "<ext>" => ..., 242 * "<ext>" => ... ) 243 */ 244 245 for (j = 0; j < da->value->used; j++) { 246 data_array *da_ext = (data_array *)da->value->data[j]; 247 size_t n; 248 249 if (da_ext->type != TYPE_ARRAY) { 250 log_error_write(srv, __FILE__, __LINE__, "sssbs", 251 "unexpected type for key: ", "proxy.server", 252 "[", da->value->data[j]->key, "](string); expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 253 254 return HANDLER_ERROR; 255 } 256 257 /* 258 * proxy.server = ( "<ext>" => 259 * ( "<host>" => ( ... ), 260 * "<host>" => ( ... ) 261 * ), 262 * "<ext>" => ... ) 263 */ 264 265 for (n = 0; n < da_ext->value->used; n++) { 266 data_array *da_host = (data_array *)da_ext->value->data[n]; 267 268 data_proxy *df; 269 data_array *dfa; 270 271 config_values_t pcv[] = { 272 { "host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 273 { "port", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 274 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 275 }; 276 277 if (da_host->type != TYPE_ARRAY) { 278 log_error_write(srv, __FILE__, __LINE__, "ssSBS", 279 "unexpected type for key:", 280 "proxy.server", 281 "[", da_ext->value->data[n]->key, "](string); expected ( \"ext\" => ( \"backend-label\" => ( \"key\" => \"value\" )))"); 282 283 return HANDLER_ERROR; 284 } 285 286 df = data_proxy_init(); 287 288 df->port = 80; 289 290 buffer_copy_buffer(df->key, da_host->key); 291 292 pcv[0].destination = df->host; 293 pcv[1].destination = &(df->port); 294 295 if (0 != config_insert_values_internal(srv, da_host->value, pcv, T_CONFIG_SCOPE_CONNECTION)) { 296 df->free((data_unset*) df); 297 return HANDLER_ERROR; 298 } 299 300 if (buffer_string_is_empty(df->host)) { 301 log_error_write(srv, __FILE__, __LINE__, "sbbbs", 302 "missing key (string):", 303 da->key, 304 da_ext->key, 305 da_host->key, 306 "host"); 307 308 df->free((data_unset*) df); 309 return HANDLER_ERROR; 310 } 311 312 /* if extension already exists, take it */ 313 314 if (NULL == (dfa = (data_array *)array_get_element(s->extensions, da_ext->key->ptr))) { 315 dfa = data_array_init(); 316 317 buffer_copy_buffer(dfa->key, da_ext->key); 318 319 array_insert_unique(dfa->value, (data_unset *)df); 320 array_insert_unique(s->extensions, (data_unset *)dfa); 321 } else { 322 array_insert_unique(dfa->value, (data_unset *)df); 323 } 324 } 325 } 326 } 327 } 328 329 return HANDLER_GO_ON; 330 } 331 332 static void proxy_connection_close(server *srv, handler_ctx *hctx) { 333 plugin_data *p; 334 connection *con; 335 336 p = hctx->plugin_data; 337 con = hctx->remote_conn; 338 339 if (hctx->fd != -1) { 340 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 341 fdevent_unregister(srv->ev, hctx->fd); 342 343 close(hctx->fd); 344 srv->cur_fds--; 345 } 346 347 if (hctx->host) { 348 hctx->host->usage--; 349 } 350 351 handler_ctx_free(hctx); 352 con->plugin_ctx[p->id] = NULL; 353 354 /* finish response (if not already finished) */ 355 if (con->mode == p->id 356 && (con->state == CON_STATE_HANDLE_REQUEST || con->state == CON_STATE_READ_POST)) { 357 /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END, 358 * i.e. not called from proxy_connection_reset()) */ 359 360 /* Send an error if we haven't sent any data yet */ 361 if (0 == con->file_started) { 362 con->http_status = 500; 363 con->mode = DIRECT; 364 } 365 else if (!con->file_finished) { 366 http_chunk_close(srv, con); 367 con->file_finished = 1; 368 } 369 } 370 } 371 372 static int proxy_establish_connection(server *srv, handler_ctx *hctx) { 373 struct sockaddr *proxy_addr; 374 struct sockaddr_in proxy_addr_in; 375 #if defined(HAVE_SYS_UN_H) 376 struct sockaddr_un proxy_addr_un; 377 #endif 378 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 379 struct sockaddr_in6 proxy_addr_in6; 380 #endif 381 socklen_t servlen; 382 383 plugin_data *p = hctx->plugin_data; 384 data_proxy *host= hctx->host; 385 int proxy_fd = hctx->fd; 386 387 388 #if defined(HAVE_SYS_UN_H) 389 if (strstr(host->host->ptr, "/")) { 390 if (buffer_string_length(host->host) + 1 > sizeof(proxy_addr_un.sun_path)) { 391 log_error_write(srv, __FILE__, __LINE__, "sB", 392 "ERROR: Unix Domain socket filename too long:", 393 host->host); 394 return -1; 395 } 396 397 memset(&proxy_addr_un, 0, sizeof(proxy_addr_un)); 398 proxy_addr_un.sun_family = AF_UNIX; 399 strcpy(proxy_addr_un.sun_path, host->host->ptr); 400 servlen = sizeof(proxy_addr_un); 401 proxy_addr = (struct sockaddr *) &proxy_addr_un; 402 } else 403 #endif 404 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 405 if (strstr(host->host->ptr, ":")) { 406 memset(&proxy_addr_in6, 0, sizeof(proxy_addr_in6)); 407 proxy_addr_in6.sin6_family = AF_INET6; 408 inet_pton(AF_INET6, host->host->ptr, (char *) &proxy_addr_in6.sin6_addr); 409 proxy_addr_in6.sin6_port = htons(host->port); 410 servlen = sizeof(proxy_addr_in6); 411 proxy_addr = (struct sockaddr *) &proxy_addr_in6; 412 } else 413 #endif 414 { 415 memset(&proxy_addr_in, 0, sizeof(proxy_addr_in)); 416 proxy_addr_in.sin_family = AF_INET; 417 proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr); 418 proxy_addr_in.sin_port = htons(host->port); 419 servlen = sizeof(proxy_addr_in); 420 proxy_addr = (struct sockaddr *) &proxy_addr_in; 421 } 422 423 424 if (-1 == connect(proxy_fd, proxy_addr, servlen)) { 425 if (errno == EINPROGRESS || errno == EALREADY) { 426 if (p->conf.debug) { 427 log_error_write(srv, __FILE__, __LINE__, "sd", 428 "connect delayed:", proxy_fd); 429 } 430 431 return 1; 432 } else { 433 434 log_error_write(srv, __FILE__, __LINE__, "sdsd", 435 "connect failed:", proxy_fd, strerror(errno), errno); 436 437 return -1; 438 } 439 } 440 if (p->conf.debug) { 441 log_error_write(srv, __FILE__, __LINE__, "sd", 442 "connect succeeded: ", proxy_fd); 443 } 444 445 return 0; 446 } 447 448 static void proxy_set_header(connection *con, const char *key, const char *value) { 449 data_string *ds_dst; 450 451 if (NULL == (ds_dst = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) { 452 ds_dst = data_string_init(); 453 } 454 455 buffer_copy_string(ds_dst->key, key); 456 buffer_copy_string(ds_dst->value, value); 457 array_insert_unique(con->request.headers, (data_unset *)ds_dst); 458 } 459 460 static void proxy_append_header(connection *con, const char *key, const char *value) { 461 data_string *ds_dst; 462 463 if (NULL == (ds_dst = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) { 464 ds_dst = data_string_init(); 465 } 466 467 buffer_copy_string(ds_dst->key, key); 468 buffer_append_string(ds_dst->value, value); 469 array_insert_unique(con->request.headers, (data_unset *)ds_dst); 470 } 471 472 473 static int proxy_create_env(server *srv, handler_ctx *hctx) { 474 size_t i; 475 476 connection *con = hctx->remote_conn; 477 buffer *b; 478 479 /* build header */ 480 481 b = buffer_init(); 482 483 /* request line */ 484 buffer_copy_string(b, get_http_method_name(con->request.http_method)); 485 buffer_append_string_len(b, CONST_STR_LEN(" ")); 486 487 buffer_append_string_buffer(b, con->request.uri); 488 buffer_append_string_len(b, CONST_STR_LEN(" HTTP/1.0\r\n")); 489 490 proxy_append_header(con, "X-Forwarded-For", (char *)inet_ntop_cache_get_ip(srv, &(con->dst_addr))); 491 /* http_host is NOT is just a pointer to a buffer 492 * which is NULL if it is not set */ 493 if (!buffer_string_is_empty(con->request.http_host)) { 494 proxy_set_header(con, "X-Host", con->request.http_host->ptr); 495 } 496 proxy_set_header(con, "X-Forwarded-Proto", con->uri.scheme->ptr); 497 498 /* request header */ 499 for (i = 0; i < con->request.headers->used; i++) { 500 data_string *ds; 501 502 ds = (data_string *)con->request.headers->data[i]; 503 504 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { 505 if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Connection"))) continue; 506 if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy-Connection"))) continue; 507 508 buffer_append_string_buffer(b, ds->key); 509 buffer_append_string_len(b, CONST_STR_LEN(": ")); 510 buffer_append_string_buffer(b, ds->value); 511 buffer_append_string_len(b, CONST_STR_LEN("\r\n")); 512 } 513 } 514 515 buffer_append_string_len(b, CONST_STR_LEN("Connection: close\r\n\r\n")); 516 517 chunkqueue_append_buffer(hctx->wb, b); 518 buffer_free(b); 519 520 /* body */ 521 522 if (con->request.content_length) { 523 chunkqueue *req_cq = con->request_content_queue; 524 525 chunkqueue_steal(hctx->wb, req_cq, req_cq->bytes_in); 526 } 527 528 return 0; 529 } 530 531 static int proxy_set_state(server *srv, handler_ctx *hctx, proxy_connection_state_t state) { 532 hctx->state = state; 533 hctx->state_timestamp = srv->cur_ts; 534 535 return 0; 536 } 537 538 539 static int proxy_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) { 540 char *s, *ns; 541 int http_response_status = -1; 542 543 UNUSED(srv); 544 545 /* [\r]\n -> [\0]\0 */ 546 547 buffer_copy_buffer(p->parse_response, in); 548 549 for (s = p->parse_response->ptr; NULL != (ns = strchr(s, '\n')); s = ns + 1) { 550 char *key, *value; 551 int key_len; 552 data_string *ds; 553 int copy_header; 554 555 ns[0] = '\0'; 556 if (s != ns && ns[-1] == '\r') ns[-1] = '\0'; 557 558 if (-1 == http_response_status) { 559 /* The first line of a Response message is the Status-Line */ 560 561 for (key=s; *key && *key != ' '; key++); 562 563 if (*key) { 564 http_response_status = (int) strtol(key, NULL, 10); 565 if (http_response_status < 100 || http_response_status >= 1000) http_response_status = 502; 566 } else { 567 http_response_status = 502; 568 } 569 570 con->http_status = http_response_status; 571 con->parsed_response |= HTTP_STATUS; 572 continue; 573 } 574 575 if (NULL == (value = strchr(s, ':'))) { 576 /* now we expect: "<key>: <value>\n" */ 577 578 continue; 579 } 580 581 key = s; 582 key_len = value - key; 583 584 value++; 585 /* strip WS */ 586 while (*value == ' ' || *value == '\t') value++; 587 588 copy_header = 1; 589 590 switch(key_len) { 591 case 4: 592 if (0 == strncasecmp(key, "Date", key_len)) { 593 con->parsed_response |= HTTP_DATE; 594 } 595 break; 596 case 8: 597 if (0 == strncasecmp(key, "Location", key_len)) { 598 con->parsed_response |= HTTP_LOCATION; 599 } 600 break; 601 case 10: 602 if (0 == strncasecmp(key, "Connection", key_len)) { 603 copy_header = 0; 604 } 605 break; 606 case 14: 607 if (0 == strncasecmp(key, "Content-Length", key_len)) { 608 con->response.content_length = strtoul(value, NULL, 10); 609 con->parsed_response |= HTTP_CONTENT_LENGTH; 610 } 611 break; 612 default: 613 break; 614 } 615 616 if (copy_header) { 617 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 618 ds = data_response_init(); 619 } 620 buffer_copy_string_len(ds->key, key, key_len); 621 buffer_copy_string(ds->value, value); 622 623 array_insert_unique(con->response.headers, (data_unset *)ds); 624 } 625 } 626 627 return 0; 628 } 629 630 631 static int proxy_demux_response(server *srv, handler_ctx *hctx) { 632 int fin = 0; 633 int b; 634 ssize_t r; 635 636 plugin_data *p = hctx->plugin_data; 637 connection *con = hctx->remote_conn; 638 int proxy_fd = hctx->fd; 639 640 /* check how much we have to read */ 641 if (ioctl(hctx->fd, FIONREAD, &b)) { 642 log_error_write(srv, __FILE__, __LINE__, "sd", 643 "ioctl failed: ", 644 proxy_fd); 645 return -1; 646 } 647 648 649 if (p->conf.debug) { 650 log_error_write(srv, __FILE__, __LINE__, "sd", 651 "proxy - have to read:", b); 652 } 653 654 if (b > 0) { 655 buffer_string_prepare_append(hctx->response, b); 656 657 if (-1 == (r = read(hctx->fd, hctx->response->ptr + buffer_string_length(hctx->response), buffer_string_space(hctx->response)))) { 658 if (errno == EAGAIN) return 0; 659 log_error_write(srv, __FILE__, __LINE__, "sds", 660 "unexpected end-of-file (perhaps the proxy process died):", 661 proxy_fd, strerror(errno)); 662 return -1; 663 } 664 665 /* this should be catched by the b > 0 above */ 666 force_assert(r); 667 668 buffer_commit(hctx->response, r); 669 670 #if 0 671 log_error_write(srv, __FILE__, __LINE__, "sdsbs", 672 "demux: Response buffer len", hctx->response->used, ":", hctx->response, ":"); 673 #endif 674 675 if (0 == con->got_response) { 676 con->got_response = 1; 677 buffer_string_prepare_copy(hctx->response_header, 1023); 678 } 679 680 if (0 == con->file_started) { 681 char *c; 682 683 /* search for the \r\n\r\n in the string */ 684 if (NULL != (c = buffer_search_string_len(hctx->response, CONST_STR_LEN("\r\n\r\n")))) { 685 size_t hlen = c - hctx->response->ptr + 4; 686 size_t blen = buffer_string_length(hctx->response) - hlen; 687 /* found */ 688 689 buffer_append_string_len(hctx->response_header, hctx->response->ptr, hlen); 690 #if 0 691 log_error_write(srv, __FILE__, __LINE__, "sb", "Header:", hctx->response_header); 692 #endif 693 /* parse the response header */ 694 proxy_response_parse(srv, con, p, hctx->response_header); 695 696 /* enable chunked-transfer-encoding */ 697 if (con->request.http_version == HTTP_VERSION_1_1 && 698 !(con->parsed_response & HTTP_CONTENT_LENGTH)) { 699 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED; 700 } 701 702 con->file_started = 1; 703 if (blen > 0) http_chunk_append_mem(srv, con, c + 4, blen); 704 buffer_reset(hctx->response); 705 } 706 } else { 707 http_chunk_append_buffer(srv, con, hctx->response); 708 buffer_reset(hctx->response); 709 } 710 711 } else { 712 /* reading from upstream done */ 713 con->file_finished = 1; 714 715 http_chunk_close(srv, con); 716 717 fin = 1; 718 } 719 720 return fin; 721 } 722 723 724 static handler_t proxy_write_request(server *srv, handler_ctx *hctx) { 725 data_proxy *host= hctx->host; 726 connection *con = hctx->remote_conn; 727 728 int ret; 729 730 if (!host || buffer_string_is_empty(host->host) || !host->port) return HANDLER_ERROR; 731 732 switch(hctx->state) { 733 case PROXY_STATE_CONNECT: 734 /* wait for the connect() to finish */ 735 736 /* connect failed ? */ 737 if (-1 == hctx->fde_ndx) return HANDLER_ERROR; 738 739 /* wait */ 740 return HANDLER_WAIT_FOR_EVENT; 741 742 case PROXY_STATE_INIT: 743 #if defined(HAVE_SYS_UN_H) 744 if (strstr(host->host->ptr,"/")) { 745 if (-1 == (hctx->fd = socket(AF_UNIX, SOCK_STREAM, 0))) { 746 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 747 return HANDLER_ERROR; 748 } 749 } else 750 #endif 751 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 752 if (strstr(host->host->ptr,":")) { 753 if (-1 == (hctx->fd = socket(AF_INET6, SOCK_STREAM, 0))) { 754 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 755 return HANDLER_ERROR; 756 } 757 } else 758 #endif 759 { 760 if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) { 761 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 762 return HANDLER_ERROR; 763 } 764 } 765 hctx->fde_ndx = -1; 766 767 srv->cur_fds++; 768 769 fdevent_register(srv->ev, hctx->fd, proxy_handle_fdevent, hctx); 770 771 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) { 772 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 773 774 return HANDLER_ERROR; 775 } 776 777 switch (proxy_establish_connection(srv, hctx)) { 778 case 1: 779 proxy_set_state(srv, hctx, PROXY_STATE_CONNECT); 780 781 /* connection is in progress, wait for an event and call getsockopt() below */ 782 783 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 784 785 return HANDLER_WAIT_FOR_EVENT; 786 case -1: 787 /* if ECONNREFUSED choose another connection -> FIXME */ 788 hctx->fde_ndx = -1; 789 790 return HANDLER_ERROR; 791 default: 792 /* everything is ok, go on */ 793 proxy_set_state(srv, hctx, PROXY_STATE_PREPARE_WRITE); 794 break; 795 } 796 797 /* fall through */ 798 799 case PROXY_STATE_PREPARE_WRITE: 800 proxy_create_env(srv, hctx); 801 802 proxy_set_state(srv, hctx, PROXY_STATE_WRITE); 803 804 /* fall through */ 805 case PROXY_STATE_WRITE:; 806 ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT); 807 808 chunkqueue_remove_finished_chunks(hctx->wb); 809 810 if (-1 == ret) { /* error on our side */ 811 log_error_write(srv, __FILE__, __LINE__, "ssd", "write failed:", strerror(errno), errno); 812 813 return HANDLER_ERROR; 814 } else if (-2 == ret) { /* remote close */ 815 log_error_write(srv, __FILE__, __LINE__, "ssd", "write failed, remote connection close:", strerror(errno), errno); 816 817 return HANDLER_ERROR; 818 } 819 820 if (hctx->wb->bytes_out == hctx->wb->bytes_in) { 821 proxy_set_state(srv, hctx, PROXY_STATE_READ); 822 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 823 } else { 824 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN|FDEVENT_OUT); 825 } 826 827 return HANDLER_WAIT_FOR_EVENT; 828 case PROXY_STATE_READ: 829 /* waiting for a response */ 830 return HANDLER_WAIT_FOR_EVENT; 831 default: 832 log_error_write(srv, __FILE__, __LINE__, "s", "(debug) unknown state"); 833 return HANDLER_ERROR; 834 } 835 } 836 837 #define PATCH(x) \ 838 p->conf.x = s->x; 839 static int mod_proxy_patch_connection(server *srv, connection *con, plugin_data *p) { 840 size_t i, j; 841 plugin_config *s = p->config_storage[0]; 842 843 PATCH(extensions); 844 PATCH(debug); 845 PATCH(balance); 846 847 /* skip the first, the global context */ 848 for (i = 1; i < srv->config_context->used; i++) { 849 data_config *dc = (data_config *)srv->config_context->data[i]; 850 s = p->config_storage[i]; 851 852 /* condition didn't match */ 853 if (!config_check_cond(srv, con, dc)) continue; 854 855 /* merge config */ 856 for (j = 0; j < dc->value->used; j++) { 857 data_unset *du = dc->value->data[j]; 858 859 if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.server"))) { 860 PATCH(extensions); 861 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.debug"))) { 862 PATCH(debug); 863 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.balance"))) { 864 PATCH(balance); 865 } 866 } 867 } 868 869 return 0; 870 } 871 #undef PATCH 872 873 static handler_t proxy_send_request(server *srv, handler_ctx *hctx) { 874 /* ok, create the request */ 875 handler_t rc = proxy_write_request(srv, hctx); 876 if (HANDLER_ERROR != rc) { 877 return rc; 878 } else { 879 data_proxy *host = hctx->host; 880 connection *con = hctx->remote_conn; 881 log_error_write(srv, __FILE__, __LINE__, "sbdd", "proxy-server disabled:", 882 host->host, 883 host->port, 884 hctx->fd); 885 886 /* disable this server */ 887 host->is_disabled = 1; 888 host->disable_ts = srv->cur_ts; 889 890 /* reset the enviroment and restart the sub-request */ 891 con->mode = DIRECT;/*(avoid changing con->state, con->http_status)*/ 892 proxy_connection_close(srv, hctx); 893 con->mode = hctx->plugin_data->id; /* p->id */ 894 895 return HANDLER_COMEBACK; 896 } 897 } 898 899 SUBREQUEST_FUNC(mod_proxy_handle_subrequest) { 900 plugin_data *p = p_d; 901 902 handler_ctx *hctx = con->plugin_ctx[p->id]; 903 904 if (NULL == hctx) return HANDLER_GO_ON; 905 906 /* not my job */ 907 if (con->mode != p->id) return HANDLER_GO_ON; 908 909 if (con->state == CON_STATE_READ_POST) { 910 handler_t r = connection_handle_read_post_state(srv, con); 911 if (r != HANDLER_GO_ON) return r; 912 } 913 914 return (hctx->state != PROXY_STATE_READ) 915 ? proxy_send_request(srv, hctx) 916 : HANDLER_WAIT_FOR_EVENT; 917 } 918 919 static handler_t proxy_handle_fdevent(server *srv, void *ctx, int revents) { 920 handler_ctx *hctx = ctx; 921 connection *con = hctx->remote_conn; 922 plugin_data *p = hctx->plugin_data; 923 924 joblist_append(srv, con); 925 926 if ((revents & FDEVENT_IN) && 927 hctx->state == PROXY_STATE_READ) { 928 929 if (p->conf.debug) { 930 log_error_write(srv, __FILE__, __LINE__, "sd", 931 "proxy: fdevent-in", hctx->state); 932 } 933 934 switch (proxy_demux_response(srv, hctx)) { 935 case 0: 936 break; 937 case 1: 938 /* we are done */ 939 proxy_connection_close(srv, hctx); 940 941 return HANDLER_FINISHED; 942 case -1: 943 if (con->file_started == 0) { 944 /* reading response headers failed */ 945 } else { 946 /* response might have been already started, kill the connection */ 947 con->keep_alive = 0; 948 con->file_finished = 1; 949 con->mode = DIRECT; /*(avoid sending final chunked block)*/ 950 } 951 952 proxy_connection_close(srv, hctx); 953 954 return HANDLER_FINISHED; 955 } 956 } 957 958 if (revents & FDEVENT_OUT) { 959 if (p->conf.debug) { 960 log_error_write(srv, __FILE__, __LINE__, "sd", 961 "proxy: fdevent-out", hctx->state); 962 } 963 964 if (hctx->state == PROXY_STATE_CONNECT) { 965 int socket_error; 966 socklen_t socket_error_len = sizeof(socket_error); 967 968 /* try to finish the connect() */ 969 if (0 != getsockopt(hctx->fd, SOL_SOCKET, SO_ERROR, &socket_error, &socket_error_len)) { 970 log_error_write(srv, __FILE__, __LINE__, "ss", 971 "getsockopt failed:", strerror(errno)); 972 973 return HANDLER_FINISHED; 974 } 975 if (socket_error != 0) { 976 log_error_write(srv, __FILE__, __LINE__, "ss", 977 "establishing connection failed:", strerror(socket_error), 978 "port:", hctx->host->port); 979 980 return HANDLER_FINISHED; 981 } 982 if (p->conf.debug) { 983 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - connect - delayed success"); 984 } 985 986 proxy_set_state(srv, hctx, PROXY_STATE_PREPARE_WRITE); 987 } 988 989 if (hctx->state == PROXY_STATE_PREPARE_WRITE || 990 hctx->state == PROXY_STATE_WRITE) { 991 /* we are allowed to send something out 992 * 993 * 1. after a just finished connect() call 994 * 2. in a unfinished write() call (long POST request) 995 */ 996 return proxy_send_request(srv, hctx); /*(might invalidate hctx)*/ 997 } else { 998 log_error_write(srv, __FILE__, __LINE__, "sd", 999 "proxy: out", hctx->state); 1000 } 1001 } 1002 1003 /* perhaps this issue is already handled */ 1004 if (revents & FDEVENT_HUP) { 1005 if (p->conf.debug) { 1006 log_error_write(srv, __FILE__, __LINE__, "sd", 1007 "proxy: fdevent-hup", hctx->state); 1008 } 1009 1010 if (hctx->state == PROXY_STATE_CONNECT) { 1011 /* connect() -> EINPROGRESS -> HUP */ 1012 1013 /** 1014 * what is proxy is doing if it can't reach the next hop ? 1015 * 1016 */ 1017 1018 if (hctx->host) { 1019 hctx->host->is_disabled = 1; 1020 hctx->host->disable_ts = srv->cur_ts; 1021 log_error_write(srv, __FILE__, __LINE__, "sbdd", "proxy-server disabled:", 1022 hctx->host->host, 1023 hctx->host->port, 1024 hctx->fd); 1025 1026 /* disable this server */ 1027 hctx->host->is_disabled = 1; 1028 hctx->host->disable_ts = srv->cur_ts; 1029 1030 /* reset the environment and restart the sub-request */ 1031 con->mode = DIRECT;/*(avoid changing con->state, con->http_status)*/ 1032 proxy_connection_close(srv, hctx); 1033 con->mode = p->id; 1034 } else { 1035 proxy_connection_close(srv, hctx); 1036 con->http_status = 503; 1037 } 1038 } else { 1039 proxy_connection_close(srv, hctx); 1040 } 1041 } else if (revents & FDEVENT_ERR) { 1042 log_error_write(srv, __FILE__, __LINE__, "sd", "proxy-FDEVENT_ERR, but no HUP", revents); 1043 1044 if (con->file_started) { 1045 con->keep_alive = 0; 1046 con->file_finished = 1; 1047 con->mode = DIRECT; /*(avoid sending final chunked block)*/ 1048 } 1049 proxy_connection_close(srv, hctx); 1050 } 1051 1052 return HANDLER_FINISHED; 1053 } 1054 1055 static handler_t mod_proxy_check_extension(server *srv, connection *con, void *p_d) { 1056 plugin_data *p = p_d; 1057 size_t s_len; 1058 unsigned long last_max = ULONG_MAX; 1059 int max_usage = INT_MAX; 1060 int ndx = -1; 1061 size_t k; 1062 buffer *fn; 1063 data_array *extension = NULL; 1064 size_t path_info_offset; 1065 1066 if (con->mode != DIRECT) return HANDLER_GO_ON; 1067 1068 /* Possibly, we processed already this request */ 1069 if (con->file_started == 1) return HANDLER_GO_ON; 1070 1071 mod_proxy_patch_connection(srv, con, p); 1072 1073 fn = con->uri.path; 1074 if (buffer_string_is_empty(fn)) return HANDLER_ERROR; 1075 s_len = buffer_string_length(fn); 1076 1077 path_info_offset = 0; 1078 1079 if (p->conf.debug) { 1080 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - start"); 1081 } 1082 1083 /* check if extension matches */ 1084 for (k = 0; k < p->conf.extensions->used; k++) { 1085 data_array *ext = NULL; 1086 size_t ct_len; 1087 1088 ext = (data_array *)p->conf.extensions->data[k]; 1089 1090 if (buffer_is_empty(ext->key)) continue; 1091 1092 ct_len = buffer_string_length(ext->key); 1093 1094 if (s_len < ct_len) continue; 1095 1096 /* check extension in the form "/proxy_pattern" */ 1097 if (*(ext->key->ptr) == '/') { 1098 if (strncmp(fn->ptr, ext->key->ptr, ct_len) == 0) { 1099 if (s_len > ct_len + 1) { 1100 char *pi_offset; 1101 1102 if (NULL != (pi_offset = strchr(fn->ptr + ct_len + 1, '/'))) { 1103 path_info_offset = pi_offset - fn->ptr; 1104 } 1105 } 1106 extension = ext; 1107 break; 1108 } 1109 } else if (0 == strncmp(fn->ptr + s_len - ct_len, ext->key->ptr, ct_len)) { 1110 /* check extension in the form ".fcg" */ 1111 extension = ext; 1112 break; 1113 } 1114 } 1115 1116 if (NULL == extension) { 1117 return HANDLER_GO_ON; 1118 } 1119 1120 if (p->conf.debug) { 1121 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - ext found"); 1122 } 1123 1124 if (extension->value->used == 1) { 1125 if ( ((data_proxy *)extension->value->data[0])->is_disabled ) { 1126 ndx = -1; 1127 } else { 1128 ndx = 0; 1129 } 1130 } else if (extension->value->used != 0) switch(p->conf.balance) { 1131 case PROXY_BALANCE_HASH: 1132 /* hash balancing */ 1133 1134 if (p->conf.debug) { 1135 log_error_write(srv, __FILE__, __LINE__, "sd", 1136 "proxy - used hash balancing, hosts:", extension->value->used); 1137 } 1138 1139 for (k = 0, ndx = -1, last_max = ULONG_MAX; k < extension->value->used; k++) { 1140 data_proxy *host = (data_proxy *)extension->value->data[k]; 1141 unsigned long cur_max; 1142 1143 if (host->is_disabled) continue; 1144 1145 cur_max = generate_crc32c(CONST_BUF_LEN(con->uri.path)) + 1146 generate_crc32c(CONST_BUF_LEN(host->host)) + /* we can cache this */ 1147 generate_crc32c(CONST_BUF_LEN(con->uri.authority)); 1148 1149 if (p->conf.debug) { 1150 log_error_write(srv, __FILE__, __LINE__, "sbbbd", 1151 "proxy - election:", 1152 con->uri.path, 1153 host->host, 1154 con->uri.authority, 1155 cur_max); 1156 } 1157 1158 if ((last_max == ULONG_MAX) || /* first round */ 1159 (cur_max > last_max)) { 1160 last_max = cur_max; 1161 1162 ndx = k; 1163 } 1164 } 1165 1166 break; 1167 case PROXY_BALANCE_FAIR: 1168 /* fair balancing */ 1169 if (p->conf.debug) { 1170 log_error_write(srv, __FILE__, __LINE__, "s", 1171 "proxy - used fair balancing"); 1172 } 1173 1174 for (k = 0, ndx = -1, max_usage = INT_MAX; k < extension->value->used; k++) { 1175 data_proxy *host = (data_proxy *)extension->value->data[k]; 1176 1177 if (host->is_disabled) continue; 1178 1179 if (host->usage < max_usage) { 1180 max_usage = host->usage; 1181 1182 ndx = k; 1183 } 1184 } 1185 1186 break; 1187 case PROXY_BALANCE_RR: { 1188 data_proxy *host; 1189 1190 /* round robin */ 1191 if (p->conf.debug) { 1192 log_error_write(srv, __FILE__, __LINE__, "s", 1193 "proxy - used round-robin balancing"); 1194 } 1195 1196 /* just to be sure */ 1197 force_assert(extension->value->used < INT_MAX); 1198 1199 host = (data_proxy *)extension->value->data[0]; 1200 1201 /* Use last_used_ndx from first host in list */ 1202 k = host->last_used_ndx; 1203 ndx = k + 1; /* use next host after the last one */ 1204 if (ndx < 0) ndx = 0; 1205 1206 /* Search first active host after last_used_ndx */ 1207 while ( ndx < (int) extension->value->used 1208 && (host = (data_proxy *)extension->value->data[ndx])->is_disabled ) ndx++; 1209 1210 if (ndx >= (int) extension->value->used) { 1211 /* didn't found a higher id, wrap to the start */ 1212 for (ndx = 0; ndx <= (int) k; ndx++) { 1213 host = (data_proxy *)extension->value->data[ndx]; 1214 if (!host->is_disabled) break; 1215 } 1216 1217 /* No active host found */ 1218 if (host->is_disabled) ndx = -1; 1219 } 1220 1221 /* Save new index for next round */ 1222 ((data_proxy *)extension->value->data[0])->last_used_ndx = ndx; 1223 1224 break; 1225 } 1226 default: 1227 break; 1228 } 1229 1230 /* found a server */ 1231 if (ndx != -1) { 1232 data_proxy *host = (data_proxy *)extension->value->data[ndx]; 1233 1234 /* 1235 * if check-local is disabled, use the uri.path handler 1236 * 1237 */ 1238 1239 /* init handler-context */ 1240 handler_ctx *hctx; 1241 hctx = handler_ctx_init(); 1242 1243 hctx->path_info_offset = path_info_offset; 1244 hctx->remote_conn = con; 1245 hctx->plugin_data = p; 1246 hctx->host = host; 1247 1248 con->plugin_ctx[p->id] = hctx; 1249 1250 host->usage++; 1251 1252 con->mode = p->id; 1253 1254 if (p->conf.debug) { 1255 log_error_write(srv, __FILE__, __LINE__, "sbd", 1256 "proxy - found a host", 1257 host->host, host->port); 1258 } 1259 1260 return HANDLER_GO_ON; 1261 } else { 1262 /* no handler found */ 1263 con->http_status = 500; 1264 1265 log_error_write(srv, __FILE__, __LINE__, "sb", 1266 "no proxy-handler found for:", 1267 fn); 1268 1269 return HANDLER_FINISHED; 1270 } 1271 return HANDLER_GO_ON; 1272 } 1273 1274 static handler_t mod_proxy_connection_reset(server *srv, connection *con, void *p_d) { 1275 plugin_data *p = p_d; 1276 handler_ctx *hctx = con->plugin_ctx[p->id]; 1277 if (hctx) proxy_connection_close(srv, hctx); 1278 1279 return HANDLER_GO_ON; 1280 } 1281 1282 /** 1283 * 1284 * the trigger re-enables the disabled connections after the timeout is over 1285 * 1286 * */ 1287 1288 TRIGGER_FUNC(mod_proxy_trigger) { 1289 plugin_data *p = p_d; 1290 1291 if (p->config_storage) { 1292 size_t i, n, k; 1293 for (i = 0; i < srv->config_context->used; i++) { 1294 plugin_config *s = p->config_storage[i]; 1295 1296 if (!s) continue; 1297 1298 /* get the extensions for all configs */ 1299 1300 for (k = 0; k < s->extensions->used; k++) { 1301 data_array *extension = (data_array *)s->extensions->data[k]; 1302 1303 /* get all hosts */ 1304 for (n = 0; n < extension->value->used; n++) { 1305 data_proxy *host = (data_proxy *)extension->value->data[n]; 1306 1307 if (!host->is_disabled || 1308 srv->cur_ts - host->disable_ts < 5) continue; 1309 1310 log_error_write(srv, __FILE__, __LINE__, "sbd", 1311 "proxy - re-enabled:", 1312 host->host, host->port); 1313 1314 host->is_disabled = 0; 1315 } 1316 } 1317 } 1318 } 1319 1320 return HANDLER_GO_ON; 1321 } 1322 1323 1324 int mod_proxy_plugin_init(plugin *p); 1325 int mod_proxy_plugin_init(plugin *p) { 1326 p->version = LIGHTTPD_VERSION_ID; 1327 p->name = buffer_init_string("proxy"); 1328 1329 p->init = mod_proxy_init; 1330 p->cleanup = mod_proxy_free; 1331 p->set_defaults = mod_proxy_set_defaults; 1332 p->connection_reset = mod_proxy_connection_reset; /* end of req-resp cycle */ 1333 p->handle_connection_close = mod_proxy_connection_reset; /* end of client connection */ 1334 p->handle_uri_clean = mod_proxy_check_extension; 1335 p->handle_subrequest = mod_proxy_handle_subrequest; 1336 p->handle_trigger = mod_proxy_trigger; 1337 1338 p->data = NULL; 1339 1340 return 0; 1341 } 1342