1#include "buffer.h" 2#include "server.h" 3#include "keyvalue.h" 4#include "log.h" 5 6#include "http_chunk.h" 7#include "fdevent.h" 8#include "connections.h" 9#include "response.h" 10#include "joblist.h" 11 12#include "plugin.h" 13 14#include "inet_ntop_cache.h" 15#include "crc32.h" 16 17#include <sys/types.h> 18 19#include <unistd.h> 20#include <errno.h> 21#include <fcntl.h> 22#include <string.h> 23#include <stdlib.h> 24#include <ctype.h> 25#include <assert.h> 26 27#include <stdio.h> 28 29#ifdef HAVE_SYS_FILIO_H 30# include <sys/filio.h> 31#endif 32 33#include "sys-socket.h" 34 35#define data_proxy data_fastcgi 36#define data_proxy_init data_fastcgi_init 37 38#define PROXY_RETRY_TIMEOUT 60 39 40/** 41 * 42 * the proxy module is based on the fastcgi module 43 * 44 * 28.06.2004 Jan Kneschke The first release 45 * 01.07.2004 Evgeny Rodichev Several bugfixes and cleanups 46 * - co-ordinate up- and downstream flows correctly (proxy_demux_response 47 * and proxy_handle_fdevent) 48 * - correctly transfer upstream http_response_status; 49 * - some unused structures removed. 50 * 51 * TODO: - delay upstream read if write_queue is too large 52 * (to prevent memory eating, like in apache). Shoud be 53 * configurable). 54 * - persistent connection with upstream servers 55 * - HTTP/1.1 56 */ 57typedef enum { 58 PROXY_BALANCE_UNSET, 59 PROXY_BALANCE_FAIR, 60 PROXY_BALANCE_HASH, 61 PROXY_BALANCE_RR 62} proxy_balance_t; 63 64typedef struct { 65 array *extensions; 66 unsigned short debug; 67 68 proxy_balance_t balance; 69} plugin_config; 70 71typedef struct { 72 PLUGIN_DATA; 73 74 buffer *parse_response; 75 buffer *balance_buf; 76 77 plugin_config **config_storage; 78 79 plugin_config conf; 80} plugin_data; 81 82typedef enum { 83 PROXY_STATE_INIT, 84 PROXY_STATE_CONNECT, 85 PROXY_STATE_PREPARE_WRITE, 86 PROXY_STATE_WRITE, 87 PROXY_STATE_READ, 88 PROXY_STATE_ERROR 89} proxy_connection_state_t; 90 91enum { PROXY_STDOUT, PROXY_END_REQUEST }; 92 93typedef struct { 94 proxy_connection_state_t state; 95 time_t state_timestamp; 96 97 data_proxy *host; 98 99 buffer *response; 100 buffer *response_header; 101 102 chunkqueue *wb; 103 104 int fd; /* fd to the proxy process */ 105 int fde_ndx; /* index into the fd-event buffer */ 106 107 size_t path_info_offset; /* start of path_info in uri.path */ 108 109 connection *remote_conn; /* dump pointer */ 110 plugin_data *plugin_data; /* dump pointer */ 111} handler_ctx; 112 113 114/* ok, we need a prototype */ 115static handler_t proxy_handle_fdevent(server *srv, void *ctx, int revents); 116 117static handler_ctx * handler_ctx_init(void) { 118 handler_ctx * hctx; 119 120 121 hctx = calloc(1, sizeof(*hctx)); 122 123 hctx->state = PROXY_STATE_INIT; 124 hctx->host = NULL; 125 126 hctx->response = buffer_init(); 127 hctx->response_header = buffer_init(); 128 129 hctx->wb = chunkqueue_init(); 130 131 hctx->fd = -1; 132 hctx->fde_ndx = -1; 133 134 return hctx; 135} 136 137static void handler_ctx_free(handler_ctx *hctx) { 138 buffer_free(hctx->response); 139 buffer_free(hctx->response_header); 140 chunkqueue_free(hctx->wb); 141 142 free(hctx); 143} 144 145INIT_FUNC(mod_proxy_init) { 146 plugin_data *p; 147 148 p = calloc(1, sizeof(*p)); 149 150 p->parse_response = buffer_init(); 151 p->balance_buf = buffer_init(); 152 153 return p; 154} 155 156 157FREE_FUNC(mod_proxy_free) { 158 plugin_data *p = p_d; 159 160 UNUSED(srv); 161 162 buffer_free(p->parse_response); 163 buffer_free(p->balance_buf); 164 165 if (p->config_storage) { 166 size_t i; 167 for (i = 0; i < srv->config_context->used; i++) { 168 plugin_config *s = p->config_storage[i]; 169 170 if (NULL == s) continue; 171 172 array_free(s->extensions); 173 174 free(s); 175 } 176 free(p->config_storage); 177 } 178 179 free(p); 180 181 return HANDLER_GO_ON; 182} 183 184SETDEFAULTS_FUNC(mod_proxy_set_defaults) { 185 plugin_data *p = p_d; 186 data_unset *du; 187 size_t i = 0; 188 189 config_values_t cv[] = { 190 { "proxy.server", NULL, T_CONFIG_LOCAL, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 191 { "proxy.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 192 { "proxy.balance", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 193 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 194 }; 195 196 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); 197 198 for (i = 0; i < srv->config_context->used; i++) { 199 data_config const* config = (data_config const*)srv->config_context->data[i]; 200 plugin_config *s; 201 202 s = malloc(sizeof(plugin_config)); 203 s->extensions = array_init(); 204 s->debug = 0; 205 206 cv[0].destination = s->extensions; 207 cv[1].destination = &(s->debug); 208 cv[2].destination = p->balance_buf; 209 210 buffer_reset(p->balance_buf); 211 212 p->config_storage[i] = s; 213 214 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { 215 return HANDLER_ERROR; 216 } 217 218 if (buffer_string_is_empty(p->balance_buf)) { 219 s->balance = PROXY_BALANCE_FAIR; 220 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("fair"))) { 221 s->balance = PROXY_BALANCE_FAIR; 222 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("round-robin"))) { 223 s->balance = PROXY_BALANCE_RR; 224 } else if (buffer_is_equal_string(p->balance_buf, CONST_STR_LEN("hash"))) { 225 s->balance = PROXY_BALANCE_HASH; 226 } else { 227 log_error_write(srv, __FILE__, __LINE__, "sb", 228 "proxy.balance has to be one of: fair, round-robin, hash, but not:", p->balance_buf); 229 return HANDLER_ERROR; 230 } 231 232 if (NULL != (du = array_get_element(config->value, "proxy.server"))) { 233 size_t j; 234 data_array *da = (data_array *)du; 235 236 if (du->type != TYPE_ARRAY) { 237 log_error_write(srv, __FILE__, __LINE__, "sss", 238 "unexpected type for key: ", "proxy.server", "array of strings"); 239 240 return HANDLER_ERROR; 241 } 242 243 /* 244 * proxy.server = ( "<ext>" => ..., 245 * "<ext>" => ... ) 246 */ 247 248 for (j = 0; j < da->value->used; j++) { 249 data_array *da_ext = (data_array *)da->value->data[j]; 250 size_t n; 251 252 if (da_ext->type != TYPE_ARRAY) { 253 log_error_write(srv, __FILE__, __LINE__, "sssbs", 254 "unexpected type for key: ", "proxy.server", 255 "[", da->value->data[j]->key, "](string)"); 256 257 return HANDLER_ERROR; 258 } 259 260 /* 261 * proxy.server = ( "<ext>" => 262 * ( "<host>" => ( ... ), 263 * "<host>" => ( ... ) 264 * ), 265 * "<ext>" => ... ) 266 */ 267 268 for (n = 0; n < da_ext->value->used; n++) { 269 data_array *da_host = (data_array *)da_ext->value->data[n]; 270 271 data_proxy *df; 272 data_array *dfa; 273 274 config_values_t pcv[] = { 275 { "host", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 276 { "port", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 277 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } 278 }; 279 280 if (da_host->type != TYPE_ARRAY) { 281 log_error_write(srv, __FILE__, __LINE__, "ssSBS", 282 "unexpected type for key:", 283 "proxy.server", 284 "[", da_ext->value->data[n]->key, "](string)"); 285 286 return HANDLER_ERROR; 287 } 288 289 df = data_proxy_init(); 290 291 df->port = 80; 292 293 buffer_copy_buffer(df->key, da_host->key); 294 295 pcv[0].destination = df->host; 296 pcv[1].destination = &(df->port); 297 298 if (0 != config_insert_values_internal(srv, da_host->value, pcv, T_CONFIG_SCOPE_CONNECTION)) { 299 df->free((data_unset*) df); 300 return HANDLER_ERROR; 301 } 302 303 if (buffer_string_is_empty(df->host)) { 304 log_error_write(srv, __FILE__, __LINE__, "sbbbs", 305 "missing key (string):", 306 da->key, 307 da_ext->key, 308 da_host->key, 309 "host"); 310 311 df->free((data_unset*) df); 312 return HANDLER_ERROR; 313 } 314 315 /* if extension already exists, take it */ 316 317 if (NULL == (dfa = (data_array *)array_get_element(s->extensions, da_ext->key->ptr))) { 318 dfa = data_array_init(); 319 320 buffer_copy_buffer(dfa->key, da_ext->key); 321 322 array_insert_unique(dfa->value, (data_unset *)df); 323 array_insert_unique(s->extensions, (data_unset *)dfa); 324 } else { 325 array_insert_unique(dfa->value, (data_unset *)df); 326 } 327 } 328 } 329 } 330 } 331 332 return HANDLER_GO_ON; 333} 334 335static void proxy_connection_close(server *srv, handler_ctx *hctx) { 336 plugin_data *p; 337 connection *con; 338 339 if (NULL == hctx) return; 340 341 p = hctx->plugin_data; 342 con = hctx->remote_conn; 343 344 if (hctx->fd != -1) { 345 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 346 fdevent_unregister(srv->ev, hctx->fd); 347 348 close(hctx->fd); 349 srv->cur_fds--; 350 } 351 352 if (hctx->host) { 353 hctx->host->usage--; 354 } 355 356 handler_ctx_free(hctx); 357 con->plugin_ctx[p->id] = NULL; 358} 359 360static int proxy_establish_connection(server *srv, handler_ctx *hctx) { 361 struct sockaddr *proxy_addr; 362 struct sockaddr_in proxy_addr_in; 363#if defined(HAVE_SYS_UN_H) 364 struct sockaddr_un proxy_addr_un; 365#endif 366#if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 367 struct sockaddr_in6 proxy_addr_in6; 368#endif 369 socklen_t servlen; 370 371 plugin_data *p = hctx->plugin_data; 372 data_proxy *host= hctx->host; 373 int proxy_fd = hctx->fd; 374 375 376#if defined(HAVE_SYS_UN_H) 377 if (strstr(host->host->ptr, "/")) { 378 if (buffer_string_length(host->host) + 1 > sizeof(proxy_addr_un.sun_path)) { 379 log_error_write(srv, __FILE__, __LINE__, "sB", 380 "ERROR: Unix Domain socket filename too long:", 381 host->host); 382 return -1; 383 } 384 385 memset(&proxy_addr_un, 0, sizeof(proxy_addr_un)); 386 proxy_addr_un.sun_family = AF_UNIX; 387 strcpy(proxy_addr_un.sun_path, host->host->ptr); 388 servlen = sizeof(proxy_addr_un); 389 proxy_addr = (struct sockaddr *) &proxy_addr_un; 390 } else 391#endif 392#if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 393 if (strstr(host->host->ptr, ":")) { 394 memset(&proxy_addr_in6, 0, sizeof(proxy_addr_in6)); 395 proxy_addr_in6.sin6_family = AF_INET6; 396 inet_pton(AF_INET6, host->host->ptr, (char *) &proxy_addr_in6.sin6_addr); 397 proxy_addr_in6.sin6_port = htons(host->port); 398 servlen = sizeof(proxy_addr_in6); 399 proxy_addr = (struct sockaddr *) &proxy_addr_in6; 400 } else 401#endif 402 { 403 memset(&proxy_addr_in, 0, sizeof(proxy_addr_in)); 404 proxy_addr_in.sin_family = AF_INET; 405 proxy_addr_in.sin_addr.s_addr = inet_addr(host->host->ptr); 406 proxy_addr_in.sin_port = htons(host->port); 407 servlen = sizeof(proxy_addr_in); 408 proxy_addr = (struct sockaddr *) &proxy_addr_in; 409 } 410 411 412 if (-1 == connect(proxy_fd, proxy_addr, servlen)) { 413 if (errno == EINPROGRESS || errno == EALREADY) { 414 if (p->conf.debug) { 415 log_error_write(srv, __FILE__, __LINE__, "sd", 416 "connect delayed:", proxy_fd); 417 } 418 419 return 1; 420 } else { 421 422 log_error_write(srv, __FILE__, __LINE__, "sdsd", 423 "connect failed:", proxy_fd, strerror(errno), errno); 424 425 return -1; 426 } 427 } 428 if (p->conf.debug) { 429 log_error_write(srv, __FILE__, __LINE__, "sd", 430 "connect succeeded: ", proxy_fd); 431 } 432 433 return 0; 434} 435 436static void proxy_set_header(connection *con, const char *key, const char *value) { 437 data_string *ds_dst; 438 439 if (NULL == (ds_dst = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) { 440 ds_dst = data_string_init(); 441 } 442 443 buffer_copy_string(ds_dst->key, key); 444 buffer_copy_string(ds_dst->value, value); 445 array_insert_unique(con->request.headers, (data_unset *)ds_dst); 446} 447 448static void proxy_append_header(connection *con, const char *key, const char *value) { 449 data_string *ds_dst; 450 451 if (NULL == (ds_dst = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) { 452 ds_dst = data_string_init(); 453 } 454 455 buffer_copy_string(ds_dst->key, key); 456 buffer_append_string(ds_dst->value, value); 457 array_insert_unique(con->request.headers, (data_unset *)ds_dst); 458} 459 460 461static int proxy_create_env(server *srv, handler_ctx *hctx) { 462 size_t i; 463 464 connection *con = hctx->remote_conn; 465 buffer *b; 466 467 /* build header */ 468 469 b = buffer_init(); 470 471 /* request line */ 472 buffer_copy_string(b, get_http_method_name(con->request.http_method)); 473 buffer_append_string_len(b, CONST_STR_LEN(" ")); 474 475 buffer_append_string_buffer(b, con->request.uri); 476 buffer_append_string_len(b, CONST_STR_LEN(" HTTP/1.0\r\n")); 477 478 proxy_append_header(con, "X-Forwarded-For", (char *)inet_ntop_cache_get_ip(srv, &(con->dst_addr))); 479 /* http_host is NOT is just a pointer to a buffer 480 * which is NULL if it is not set */ 481 if (!buffer_string_is_empty(con->request.http_host)) { 482 proxy_set_header(con, "X-Host", con->request.http_host->ptr); 483 } 484 proxy_set_header(con, "X-Forwarded-Proto", con->uri.scheme->ptr); 485 486 /* request header */ 487 for (i = 0; i < con->request.headers->used; i++) { 488 data_string *ds; 489 490 ds = (data_string *)con->request.headers->data[i]; 491 492 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { 493 if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Connection"))) continue; 494 if (buffer_is_equal_string(ds->key, CONST_STR_LEN("Proxy-Connection"))) continue; 495 496 buffer_append_string_buffer(b, ds->key); 497 buffer_append_string_len(b, CONST_STR_LEN(": ")); 498 buffer_append_string_buffer(b, ds->value); 499 buffer_append_string_len(b, CONST_STR_LEN("\r\n")); 500 } 501 } 502 503 buffer_append_string_len(b, CONST_STR_LEN("\r\n")); 504 505 chunkqueue_append_buffer(hctx->wb, b); 506 buffer_free(b); 507 508 /* body */ 509 510 if (con->request.content_length) { 511 chunkqueue *req_cq = con->request_content_queue; 512 513 chunkqueue_steal(hctx->wb, req_cq, req_cq->bytes_in); 514 } 515 516 return 0; 517} 518 519static int proxy_set_state(server *srv, handler_ctx *hctx, proxy_connection_state_t state) { 520 hctx->state = state; 521 hctx->state_timestamp = srv->cur_ts; 522 523 return 0; 524} 525 526 527static int proxy_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) { 528 char *s, *ns; 529 int http_response_status = -1; 530 531 UNUSED(srv); 532 533 /* \r\n -> \0\0 */ 534 535 buffer_copy_buffer(p->parse_response, in); 536 537 for (s = p->parse_response->ptr; NULL != (ns = strstr(s, "\r\n")); s = ns + 2) { 538 char *key, *value; 539 int key_len; 540 data_string *ds; 541 int copy_header; 542 543 ns[0] = '\0'; 544 ns[1] = '\0'; 545 546 if (-1 == http_response_status) { 547 /* The first line of a Response message is the Status-Line */ 548 549 for (key=s; *key && *key != ' '; key++); 550 551 if (*key) { 552 http_response_status = (int) strtol(key, NULL, 10); 553 if (http_response_status <= 0) http_response_status = 502; 554 } else { 555 http_response_status = 502; 556 } 557 558 con->http_status = http_response_status; 559 con->parsed_response |= HTTP_STATUS; 560 continue; 561 } 562 563 if (NULL == (value = strchr(s, ':'))) { 564 /* now we expect: "<key>: <value>\n" */ 565 566 continue; 567 } 568 569 key = s; 570 key_len = value - key; 571 572 value++; 573 /* strip WS */ 574 while (*value == ' ' || *value == '\t') value++; 575 576 copy_header = 1; 577 578 switch(key_len) { 579 case 4: 580 if (0 == strncasecmp(key, "Date", key_len)) { 581 con->parsed_response |= HTTP_DATE; 582 } 583 break; 584 case 8: 585 if (0 == strncasecmp(key, "Location", key_len)) { 586 con->parsed_response |= HTTP_LOCATION; 587 } 588 break; 589 case 10: 590 if (0 == strncasecmp(key, "Connection", key_len)) { 591 copy_header = 0; 592 } 593 break; 594 case 14: 595 if (0 == strncasecmp(key, "Content-Length", key_len)) { 596 con->response.content_length = strtol(value, NULL, 10); 597 con->parsed_response |= HTTP_CONTENT_LENGTH; 598 } 599 break; 600 default: 601 break; 602 } 603 604 if (copy_header) { 605 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 606 ds = data_response_init(); 607 } 608 buffer_copy_string_len(ds->key, key, key_len); 609 buffer_copy_string(ds->value, value); 610 611 array_insert_unique(con->response.headers, (data_unset *)ds); 612 } 613 } 614 615 return 0; 616} 617 618 619static int proxy_demux_response(server *srv, handler_ctx *hctx) { 620 int fin = 0; 621 int b; 622 ssize_t r; 623 624 plugin_data *p = hctx->plugin_data; 625 connection *con = hctx->remote_conn; 626 int proxy_fd = hctx->fd; 627 628 /* check how much we have to read */ 629 if (ioctl(hctx->fd, FIONREAD, &b)) { 630 log_error_write(srv, __FILE__, __LINE__, "sd", 631 "ioctl failed: ", 632 proxy_fd); 633 return -1; 634 } 635 636 637 if (p->conf.debug) { 638 log_error_write(srv, __FILE__, __LINE__, "sd", 639 "proxy - have to read:", b); 640 } 641 642 if (b > 0) { 643 buffer_string_prepare_append(hctx->response, b); 644 645 if (-1 == (r = read(hctx->fd, hctx->response->ptr + buffer_string_length(hctx->response), buffer_string_space(hctx->response)))) { 646 if (errno == EAGAIN) return 0; 647 log_error_write(srv, __FILE__, __LINE__, "sds", 648 "unexpected end-of-file (perhaps the proxy process died):", 649 proxy_fd, strerror(errno)); 650 return -1; 651 } 652 653 /* this should be catched by the b > 0 above */ 654 force_assert(r); 655 656 buffer_commit(hctx->response, r); 657 658#if 0 659 log_error_write(srv, __FILE__, __LINE__, "sdsbs", 660 "demux: Response buffer len", hctx->response->used, ":", hctx->response, ":"); 661#endif 662 663 if (0 == con->got_response) { 664 con->got_response = 1; 665 buffer_string_prepare_copy(hctx->response_header, 1023); 666 } 667 668 if (0 == con->file_started) { 669 char *c; 670 671 /* search for the \r\n\r\n in the string */ 672 if (NULL != (c = buffer_search_string_len(hctx->response, CONST_STR_LEN("\r\n\r\n")))) { 673 size_t hlen = c - hctx->response->ptr + 4; 674 size_t blen = buffer_string_length(hctx->response) - hlen; 675 /* found */ 676 677 buffer_append_string_len(hctx->response_header, hctx->response->ptr, hlen); 678#if 0 679 log_error_write(srv, __FILE__, __LINE__, "sb", "Header:", hctx->response_header); 680#endif 681 /* parse the response header */ 682 proxy_response_parse(srv, con, p, hctx->response_header); 683 684 /* enable chunked-transfer-encoding */ 685 if (con->request.http_version == HTTP_VERSION_1_1 && 686 !(con->parsed_response & HTTP_CONTENT_LENGTH)) { 687 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED; 688 } 689 690 con->file_started = 1; 691 if (blen > 0) http_chunk_append_mem(srv, con, c + 4, blen); 692 buffer_reset(hctx->response); 693 joblist_append(srv, con); 694 } 695 } else { 696 http_chunk_append_buffer(srv, con, hctx->response); 697 joblist_append(srv, con); 698 buffer_reset(hctx->response); 699 } 700 701 } else { 702 /* reading from upstream done */ 703 con->file_finished = 1; 704 705 http_chunk_close(srv, con); 706 joblist_append(srv, con); 707 708 fin = 1; 709 } 710 711 return fin; 712} 713 714 715static handler_t proxy_write_request(server *srv, handler_ctx *hctx) { 716 data_proxy *host= hctx->host; 717 connection *con = hctx->remote_conn; 718 719 int ret; 720 721 if (!host || buffer_string_is_empty(host->host) || !host->port) return -1; 722 723 switch(hctx->state) { 724 case PROXY_STATE_CONNECT: 725 /* wait for the connect() to finish */ 726 727 /* connect failed ? */ 728 if (-1 == hctx->fde_ndx) return HANDLER_ERROR; 729 730 /* wait */ 731 return HANDLER_WAIT_FOR_EVENT; 732 733 break; 734 735 case PROXY_STATE_INIT: 736#if defined(HAVE_SYS_UN_H) 737 if (strstr(host->host->ptr,"/")) { 738 if (-1 == (hctx->fd = socket(AF_UNIX, SOCK_STREAM, 0))) { 739 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 740 return HANDLER_ERROR; 741 } 742 } else 743#endif 744#if defined(HAVE_IPV6) && defined(HAVE_INET_PTON) 745 if (strstr(host->host->ptr,":")) { 746 if (-1 == (hctx->fd = socket(AF_INET6, SOCK_STREAM, 0))) { 747 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 748 return HANDLER_ERROR; 749 } 750 } else 751#endif 752 { 753 if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) { 754 log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno)); 755 return HANDLER_ERROR; 756 } 757 } 758 hctx->fde_ndx = -1; 759 760 srv->cur_fds++; 761 762 fdevent_register(srv->ev, hctx->fd, proxy_handle_fdevent, hctx); 763 764 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) { 765 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 766 767 return HANDLER_ERROR; 768 } 769 770 switch (proxy_establish_connection(srv, hctx)) { 771 case 1: 772 proxy_set_state(srv, hctx, PROXY_STATE_CONNECT); 773 774 /* connection is in progress, wait for an event and call getsockopt() below */ 775 776 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 777 778 return HANDLER_WAIT_FOR_EVENT; 779 case -1: 780 /* if ECONNREFUSED choose another connection -> FIXME */ 781 hctx->fde_ndx = -1; 782 783 return HANDLER_ERROR; 784 default: 785 /* everything is ok, go on */ 786 proxy_set_state(srv, hctx, PROXY_STATE_PREPARE_WRITE); 787 break; 788 } 789 790 /* fall through */ 791 792 case PROXY_STATE_PREPARE_WRITE: 793 proxy_create_env(srv, hctx); 794 795 proxy_set_state(srv, hctx, PROXY_STATE_WRITE); 796 797 /* fall through */ 798 case PROXY_STATE_WRITE:; 799 ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT); 800 801 chunkqueue_remove_finished_chunks(hctx->wb); 802 803 if (-1 == ret) { /* error on our side */ 804 log_error_write(srv, __FILE__, __LINE__, "ssd", "write failed:", strerror(errno), errno); 805 806 return HANDLER_ERROR; 807 } else if (-2 == ret) { /* remote close */ 808 log_error_write(srv, __FILE__, __LINE__, "ssd", "write failed, remote connection close:", strerror(errno), errno); 809 810 return HANDLER_ERROR; 811 } 812 813 if (hctx->wb->bytes_out == hctx->wb->bytes_in) { 814 proxy_set_state(srv, hctx, PROXY_STATE_READ); 815 816 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 817 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 818 } else { 819 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT); 820 821 return HANDLER_WAIT_FOR_EVENT; 822 } 823 824 return HANDLER_WAIT_FOR_EVENT; 825 case PROXY_STATE_READ: 826 /* waiting for a response */ 827 return HANDLER_WAIT_FOR_EVENT; 828 default: 829 log_error_write(srv, __FILE__, __LINE__, "s", "(debug) unknown state"); 830 return HANDLER_ERROR; 831 } 832 833 return HANDLER_GO_ON; 834} 835 836#define PATCH(x) \ 837 p->conf.x = s->x; 838static int mod_proxy_patch_connection(server *srv, connection *con, plugin_data *p) { 839 size_t i, j; 840 plugin_config *s = p->config_storage[0]; 841 842 PATCH(extensions); 843 PATCH(debug); 844 PATCH(balance); 845 846 /* skip the first, the global context */ 847 for (i = 1; i < srv->config_context->used; i++) { 848 data_config *dc = (data_config *)srv->config_context->data[i]; 849 s = p->config_storage[i]; 850 851 /* condition didn't match */ 852 if (!config_check_cond(srv, con, dc)) continue; 853 854 /* merge config */ 855 for (j = 0; j < dc->value->used; j++) { 856 data_unset *du = dc->value->data[j]; 857 858 if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.server"))) { 859 PATCH(extensions); 860 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.debug"))) { 861 PATCH(debug); 862 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("proxy.balance"))) { 863 PATCH(balance); 864 } 865 } 866 } 867 868 return 0; 869} 870#undef PATCH 871 872SUBREQUEST_FUNC(mod_proxy_handle_subrequest) { 873 plugin_data *p = p_d; 874 875 handler_ctx *hctx = con->plugin_ctx[p->id]; 876 data_proxy *host; 877 878 if (NULL == hctx) return HANDLER_GO_ON; 879 880 mod_proxy_patch_connection(srv, con, p); 881 882 host = hctx->host; 883 884 /* not my job */ 885 if (con->mode != p->id) return HANDLER_GO_ON; 886 887 /* ok, create the request */ 888 switch(proxy_write_request(srv, hctx)) { 889 case HANDLER_ERROR: 890 log_error_write(srv, __FILE__, __LINE__, "sbdd", "proxy-server disabled:", 891 host->host, 892 host->port, 893 hctx->fd); 894 895 /* disable this server */ 896 host->is_disabled = 1; 897 host->disable_ts = srv->cur_ts; 898 899 proxy_connection_close(srv, hctx); 900 901 /* reset the enviroment and restart the sub-request */ 902 buffer_reset(con->physical.path); 903 con->mode = DIRECT; 904 905 joblist_append(srv, con); 906 907 /* mis-using HANDLER_WAIT_FOR_FD to break out of the loop 908 * and hope that the childs will be restarted 909 * 910 */ 911 912 return HANDLER_WAIT_FOR_FD; 913 case HANDLER_WAIT_FOR_EVENT: 914 break; 915 case HANDLER_WAIT_FOR_FD: 916 return HANDLER_WAIT_FOR_FD; 917 default: 918 break; 919 } 920 921 if (con->file_started == 1) { 922 return HANDLER_FINISHED; 923 } else { 924 return HANDLER_WAIT_FOR_EVENT; 925 } 926} 927 928static handler_t proxy_handle_fdevent(server *srv, void *ctx, int revents) { 929 handler_ctx *hctx = ctx; 930 connection *con = hctx->remote_conn; 931 plugin_data *p = hctx->plugin_data; 932 933 934 if ((revents & FDEVENT_IN) && 935 hctx->state == PROXY_STATE_READ) { 936 937 if (p->conf.debug) { 938 log_error_write(srv, __FILE__, __LINE__, "sd", 939 "proxy: fdevent-in", hctx->state); 940 } 941 942 switch (proxy_demux_response(srv, hctx)) { 943 case 0: 944 break; 945 case 1: 946 /* we are done */ 947 proxy_connection_close(srv, hctx); 948 949 joblist_append(srv, con); 950 return HANDLER_FINISHED; 951 case -1: 952 if (con->file_started == 0) { 953 /* nothing has been send out yet, send a 500 */ 954 connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST); 955 con->http_status = 500; 956 con->mode = DIRECT; 957 } else { 958 /* response might have been already started, kill the connection */ 959 connection_set_state(srv, con, CON_STATE_ERROR); 960 } 961 962 joblist_append(srv, con); 963 return HANDLER_FINISHED; 964 } 965 } 966 967 if (revents & FDEVENT_OUT) { 968 if (p->conf.debug) { 969 log_error_write(srv, __FILE__, __LINE__, "sd", 970 "proxy: fdevent-out", hctx->state); 971 } 972 973 if (hctx->state == PROXY_STATE_CONNECT) { 974 int socket_error; 975 socklen_t socket_error_len = sizeof(socket_error); 976 977 /* we don't need it anymore */ 978 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 979 hctx->fde_ndx = -1; 980 981 /* try to finish the connect() */ 982 if (0 != getsockopt(hctx->fd, SOL_SOCKET, SO_ERROR, &socket_error, &socket_error_len)) { 983 log_error_write(srv, __FILE__, __LINE__, "ss", 984 "getsockopt failed:", strerror(errno)); 985 986 joblist_append(srv, con); 987 return HANDLER_FINISHED; 988 } 989 if (socket_error != 0) { 990 log_error_write(srv, __FILE__, __LINE__, "ss", 991 "establishing connection failed:", strerror(socket_error), 992 "port:", hctx->host->port); 993 994 joblist_append(srv, con); 995 return HANDLER_FINISHED; 996 } 997 if (p->conf.debug) { 998 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - connect - delayed success"); 999 } 1000 1001 proxy_set_state(srv, hctx, PROXY_STATE_PREPARE_WRITE); 1002 } 1003 1004 if (hctx->state == PROXY_STATE_PREPARE_WRITE || 1005 hctx->state == PROXY_STATE_WRITE) { 1006 /* we are allowed to send something out 1007 * 1008 * 1. after a just finished connect() call 1009 * 2. in a unfinished write() call (long POST request) 1010 */ 1011 return mod_proxy_handle_subrequest(srv, con, p); 1012 } else { 1013 log_error_write(srv, __FILE__, __LINE__, "sd", 1014 "proxy: out", hctx->state); 1015 } 1016 } 1017 1018 /* perhaps this issue is already handled */ 1019 if (revents & FDEVENT_HUP) { 1020 if (p->conf.debug) { 1021 log_error_write(srv, __FILE__, __LINE__, "sd", 1022 "proxy: fdevent-hup", hctx->state); 1023 } 1024 1025 if (hctx->state == PROXY_STATE_CONNECT) { 1026 /* connect() -> EINPROGRESS -> HUP */ 1027 1028 /** 1029 * what is proxy is doing if it can't reach the next hop ? 1030 * 1031 */ 1032 1033 if (hctx->host) { 1034 hctx->host->is_disabled = 1; 1035 hctx->host->disable_ts = srv->cur_ts; 1036 log_error_write(srv, __FILE__, __LINE__, "sbdd", "proxy-server disabled:", 1037 hctx->host->host, 1038 hctx->host->port, 1039 hctx->fd); 1040 1041 /* disable this server */ 1042 hctx->host->is_disabled = 1; 1043 hctx->host->disable_ts = srv->cur_ts; 1044 1045 proxy_connection_close(srv, hctx); 1046 1047 /* reset the enviroment and restart the sub-request */ 1048 buffer_reset(con->physical.path); 1049 con->mode = DIRECT; 1050 1051 joblist_append(srv, con); 1052 } else { 1053 proxy_connection_close(srv, hctx); 1054 joblist_append(srv, con); 1055 1056 con->mode = DIRECT; 1057 con->http_status = 503; 1058 } 1059 1060 return HANDLER_FINISHED; 1061 } 1062 1063 if (!con->file_finished) { 1064 http_chunk_close(srv, con); 1065 } 1066 1067 con->file_finished = 1; 1068 proxy_connection_close(srv, hctx); 1069 joblist_append(srv, con); 1070 } else if (revents & FDEVENT_ERR) { 1071 /* kill all connections to the proxy process */ 1072 1073 log_error_write(srv, __FILE__, __LINE__, "sd", "proxy-FDEVENT_ERR, but no HUP", revents); 1074 1075 con->file_finished = 1; 1076 joblist_append(srv, con); 1077 proxy_connection_close(srv, hctx); 1078 } 1079 1080 return HANDLER_FINISHED; 1081} 1082 1083static handler_t mod_proxy_check_extension(server *srv, connection *con, void *p_d) { 1084 plugin_data *p = p_d; 1085 size_t s_len; 1086 unsigned long last_max = ULONG_MAX; 1087 int max_usage = INT_MAX; 1088 int ndx = -1; 1089 size_t k; 1090 buffer *fn; 1091 data_array *extension = NULL; 1092 size_t path_info_offset; 1093 1094 if (con->mode != DIRECT) return HANDLER_GO_ON; 1095 1096 /* Possibly, we processed already this request */ 1097 if (con->file_started == 1) return HANDLER_GO_ON; 1098 1099 mod_proxy_patch_connection(srv, con, p); 1100 1101 fn = con->uri.path; 1102 if (buffer_string_is_empty(fn)) return HANDLER_ERROR; 1103 s_len = buffer_string_length(fn); 1104 1105 path_info_offset = 0; 1106 1107 if (p->conf.debug) { 1108 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - start"); 1109 } 1110 1111 /* check if extension matches */ 1112 for (k = 0; k < p->conf.extensions->used; k++) { 1113 data_array *ext = NULL; 1114 size_t ct_len; 1115 1116 ext = (data_array *)p->conf.extensions->data[k]; 1117 1118 if (buffer_is_empty(ext->key)) continue; 1119 1120 ct_len = buffer_string_length(ext->key); 1121 1122 if (s_len < ct_len) continue; 1123 1124 /* check extension in the form "/proxy_pattern" */ 1125 if (*(ext->key->ptr) == '/') { 1126 if (strncmp(fn->ptr, ext->key->ptr, ct_len) == 0) { 1127 if (s_len > ct_len + 1) { 1128 char *pi_offset; 1129 1130 if (NULL != (pi_offset = strchr(fn->ptr + ct_len + 1, '/'))) { 1131 path_info_offset = pi_offset - fn->ptr; 1132 } 1133 } 1134 extension = ext; 1135 break; 1136 } 1137 } else if (0 == strncmp(fn->ptr + s_len - ct_len, ext->key->ptr, ct_len)) { 1138 /* check extension in the form ".fcg" */ 1139 extension = ext; 1140 break; 1141 } 1142 } 1143 1144 if (NULL == extension) { 1145 return HANDLER_GO_ON; 1146 } 1147 1148 if (p->conf.debug) { 1149 log_error_write(srv, __FILE__, __LINE__, "s", "proxy - ext found"); 1150 } 1151 1152 if (extension->value->used == 1) { 1153 if ( ((data_proxy *)extension->value->data[0])->is_disabled ) { 1154 ndx = -1; 1155 } else { 1156 ndx = 0; 1157 } 1158 } else if (extension->value->used != 0) switch(p->conf.balance) { 1159 case PROXY_BALANCE_HASH: 1160 /* hash balancing */ 1161 1162 if (p->conf.debug) { 1163 log_error_write(srv, __FILE__, __LINE__, "sd", 1164 "proxy - used hash balancing, hosts:", extension->value->used); 1165 } 1166 1167 for (k = 0, ndx = -1, last_max = ULONG_MAX; k < extension->value->used; k++) { 1168 data_proxy *host = (data_proxy *)extension->value->data[k]; 1169 unsigned long cur_max; 1170 1171 if (host->is_disabled) continue; 1172 1173 cur_max = generate_crc32c(CONST_BUF_LEN(con->uri.path)) + 1174 generate_crc32c(CONST_BUF_LEN(host->host)) + /* we can cache this */ 1175 generate_crc32c(CONST_BUF_LEN(con->uri.authority)); 1176 1177 if (p->conf.debug) { 1178 log_error_write(srv, __FILE__, __LINE__, "sbbbd", 1179 "proxy - election:", 1180 con->uri.path, 1181 host->host, 1182 con->uri.authority, 1183 cur_max); 1184 } 1185 1186 if ((last_max == ULONG_MAX) || /* first round */ 1187 (cur_max > last_max)) { 1188 last_max = cur_max; 1189 1190 ndx = k; 1191 } 1192 } 1193 1194 break; 1195 case PROXY_BALANCE_FAIR: 1196 /* fair balancing */ 1197 if (p->conf.debug) { 1198 log_error_write(srv, __FILE__, __LINE__, "s", 1199 "proxy - used fair balancing"); 1200 } 1201 1202 for (k = 0, ndx = -1, max_usage = INT_MAX; k < extension->value->used; k++) { 1203 data_proxy *host = (data_proxy *)extension->value->data[k]; 1204 1205 if (host->is_disabled) continue; 1206 1207 if (host->usage < max_usage) { 1208 max_usage = host->usage; 1209 1210 ndx = k; 1211 } 1212 } 1213 1214 break; 1215 case PROXY_BALANCE_RR: { 1216 data_proxy *host; 1217 1218 /* round robin */ 1219 if (p->conf.debug) { 1220 log_error_write(srv, __FILE__, __LINE__, "s", 1221 "proxy - used round-robin balancing"); 1222 } 1223 1224 /* just to be sure */ 1225 force_assert(extension->value->used < INT_MAX); 1226 1227 host = (data_proxy *)extension->value->data[0]; 1228 1229 /* Use last_used_ndx from first host in list */ 1230 k = host->last_used_ndx; 1231 ndx = k + 1; /* use next host after the last one */ 1232 if (ndx < 0) ndx = 0; 1233 1234 /* Search first active host after last_used_ndx */ 1235 while ( ndx < (int) extension->value->used 1236 && (host = (data_proxy *)extension->value->data[ndx])->is_disabled ) ndx++; 1237 1238 if (ndx >= (int) extension->value->used) { 1239 /* didn't found a higher id, wrap to the start */ 1240 for (ndx = 0; ndx <= (int) k; ndx++) { 1241 host = (data_proxy *)extension->value->data[ndx]; 1242 if (!host->is_disabled) break; 1243 } 1244 1245 /* No active host found */ 1246 if (host->is_disabled) ndx = -1; 1247 } 1248 1249 /* Save new index for next round */ 1250 ((data_proxy *)extension->value->data[0])->last_used_ndx = ndx; 1251 1252 break; 1253 } 1254 default: 1255 break; 1256 } 1257 1258 /* found a server */ 1259 if (ndx != -1) { 1260 data_proxy *host = (data_proxy *)extension->value->data[ndx]; 1261 1262 /* 1263 * if check-local is disabled, use the uri.path handler 1264 * 1265 */ 1266 1267 /* init handler-context */ 1268 handler_ctx *hctx; 1269 hctx = handler_ctx_init(); 1270 1271 hctx->path_info_offset = path_info_offset; 1272 hctx->remote_conn = con; 1273 hctx->plugin_data = p; 1274 hctx->host = host; 1275 1276 con->plugin_ctx[p->id] = hctx; 1277 1278 host->usage++; 1279 1280 con->mode = p->id; 1281 1282 if (p->conf.debug) { 1283 log_error_write(srv, __FILE__, __LINE__, "sbd", 1284 "proxy - found a host", 1285 host->host, host->port); 1286 } 1287 1288 return HANDLER_GO_ON; 1289 } else { 1290 /* no handler found */ 1291 con->http_status = 500; 1292 1293 log_error_write(srv, __FILE__, __LINE__, "sb", 1294 "no proxy-handler found for:", 1295 fn); 1296 1297 return HANDLER_FINISHED; 1298 } 1299 return HANDLER_GO_ON; 1300} 1301 1302static handler_t mod_proxy_connection_close_callback(server *srv, connection *con, void *p_d) { 1303 plugin_data *p = p_d; 1304 1305 proxy_connection_close(srv, con->plugin_ctx[p->id]); 1306 1307 return HANDLER_GO_ON; 1308} 1309 1310/** 1311 * 1312 * the trigger re-enables the disabled connections after the timeout is over 1313 * 1314 * */ 1315 1316TRIGGER_FUNC(mod_proxy_trigger) { 1317 plugin_data *p = p_d; 1318 1319 if (p->config_storage) { 1320 size_t i, n, k; 1321 for (i = 0; i < srv->config_context->used; i++) { 1322 plugin_config *s = p->config_storage[i]; 1323 1324 if (!s) continue; 1325 1326 /* get the extensions for all configs */ 1327 1328 for (k = 0; k < s->extensions->used; k++) { 1329 data_array *extension = (data_array *)s->extensions->data[k]; 1330 1331 /* get all hosts */ 1332 for (n = 0; n < extension->value->used; n++) { 1333 data_proxy *host = (data_proxy *)extension->value->data[n]; 1334 1335 if (!host->is_disabled || 1336 srv->cur_ts - host->disable_ts < 5) continue; 1337 1338 log_error_write(srv, __FILE__, __LINE__, "sbd", 1339 "proxy - re-enabled:", 1340 host->host, host->port); 1341 1342 host->is_disabled = 0; 1343 } 1344 } 1345 } 1346 } 1347 1348 return HANDLER_GO_ON; 1349} 1350 1351 1352int mod_proxy_plugin_init(plugin *p); 1353int mod_proxy_plugin_init(plugin *p) { 1354 p->version = LIGHTTPD_VERSION_ID; 1355 p->name = buffer_init_string("proxy"); 1356 1357 p->init = mod_proxy_init; 1358 p->cleanup = mod_proxy_free; 1359 p->set_defaults = mod_proxy_set_defaults; 1360 p->connection_reset = mod_proxy_connection_close_callback; /* end of req-resp cycle */ 1361 p->handle_connection_close = mod_proxy_connection_close_callback; /* end of client connection */ 1362 p->handle_uri_clean = mod_proxy_check_extension; 1363 p->handle_subrequest = mod_proxy_handle_subrequest; 1364 p->handle_trigger = mod_proxy_trigger; 1365 1366 p->data = NULL; 1367 1368 return 0; 1369} 1370