source: squid-ssl/trunk/fuentes/src/client_side_reply.cc @ 5496

Last change on this file since 5496 was 5496, checked in by Juanma, 22 months ago

Initial release

File size: 73.1 KB
Line 
1/*
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/* DEBUG: section 88    Client-side Reply Routines */
10
11#include "squid.h"
12#include "acl/FilledChecklist.h"
13#include "acl/Gadgets.h"
14#include "anyp/PortCfg.h"
15#include "client_side_reply.h"
16#include "errorpage.h"
17#include "ETag.h"
18#include "fd.h"
19#include "fde.h"
20#include "format/Token.h"
21#include "FwdState.h"
22#include "globals.h"
23#include "globals.h"
24#include "HttpHeaderTools.h"
25#include "HttpReply.h"
26#include "HttpRequest.h"
27#include "ip/QosConfig.h"
28#include "ipcache.h"
29#include "log/access_log.h"
30#include "MemObject.h"
31#include "mime_header.h"
32#include "neighbors.h"
33#include "refresh.h"
34#include "RequestFlags.h"
35#include "SquidConfig.h"
36#include "SquidTime.h"
37#include "Store.h"
38#include "StrList.h"
39#include "tools.h"
40#include "URL.h"
41#if USE_AUTH
42#include "auth/UserRequest.h"
43#endif
44#if USE_DELAY_POOLS
45#include "DelayPools.h"
46#endif
47#if USE_SQUID_ESI
48#include "esi/Esi.h"
49#endif
50
51#include <memory>
52
53CBDATA_CLASS_INIT(clientReplyContext);
54
55/* Local functions */
56extern "C" CSS clientReplyStatus;
57ErrorState *clientBuildError(err_type, Http::StatusCode, char const *, Ip::Address &, HttpRequest *);
58
59/* privates */
60
61clientReplyContext::~clientReplyContext()
62{
63    deleting = true;
64    /* This may trigger a callback back into SendMoreData as the cbdata
65     * is still valid
66     */
67    removeClientStoreReference(&sc, http);
68    /* old_entry might still be set if we didn't yet get the reply
69     * code in HandleIMSReply() */
70    removeStoreReference(&old_sc, &old_entry);
71    safe_free(tempBuffer.data);
72    cbdataReferenceDone(http);
73    HTTPMSGUNLOCK(reply);
74}
75
76clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL), old_sc(NULL), deleting(false)
77{}
78
79/** Create an error in the store awaiting the client side to read it.
80 *
81 * This may be better placed in the clientStream logic, but it has not been
82 * relocated there yet
83 */
84void
85clientReplyContext::setReplyToError(
86    err_type err, Http::StatusCode status, const HttpRequestMethod& method, char const *uri,
87    Ip::Address &addr, HttpRequest * failedrequest, const char *unparsedrequest,
88#if USE_AUTH
89    Auth::UserRequest::Pointer auth_user_request
90#else
91    void*
92#endif
93)
94{
95    ErrorState *errstate = clientBuildError(err, status, uri, addr, failedrequest);
96
97    if (unparsedrequest)
98        errstate->request_hdrs = xstrdup(unparsedrequest);
99
100#if USE_AUTH
101    errstate->auth_user_request = auth_user_request;
102#endif
103    setReplyToError(method, errstate);
104}
105
106void clientReplyContext::setReplyToError(const HttpRequestMethod& method, ErrorState *errstate)
107{
108    if (errstate->httpStatus == Http::scNotImplemented && http->request)
109        /* prevent confusion over whether we default to persistent or not */
110        http->request->flags.proxyKeepalive = false;
111
112    http->al->http.code = errstate->httpStatus;
113
114    if (http->request)
115        http->request->ignoreRange("responding with a Squid-generated error");
116
117    createStoreEntry(method, RequestFlags());
118    assert(errstate->callback_data == NULL);
119    errorAppendEntry(http->storeEntry(), errstate);
120    /* Now the caller reads to get this */
121}
122
123void
124clientReplyContext::setReplyToReply(HttpReply *futureReply)
125{
126    Must(futureReply);
127    http->al->http.code = futureReply->sline.status();
128
129    HttpRequestMethod method;
130    if (http->request) { // nil on responses to unparsable requests
131        http->request->ignoreRange("responding with a Squid-generated reply");
132        method = http->request->method;
133    }
134
135    createStoreEntry(method, RequestFlags());
136
137    http->storeEntry()->storeErrorResponse(futureReply);
138    /* Now the caller reads to get futureReply */
139}
140
141// Assumes that the entry contains an error response without Content-Range.
142// To use with regular entries, make HTTP Range header removal conditional.
143void clientReplyContext::setReplyToStoreEntry(StoreEntry *entry, const char *reason)
144{
145    entry->lock("clientReplyContext::setReplyToStoreEntry"); // removeClientStoreReference() unlocks
146    sc = storeClientListAdd(entry, this);
147#if USE_DELAY_POOLS
148    sc->setDelayId(DelayId::DelayClient(http));
149#endif
150    reqofs = 0;
151    reqsize = 0;
152    if (http->request)
153        http->request->ignoreRange(reason);
154    flags.storelogiccomplete = 1;
155    http->storeEntry(entry);
156}
157
158void
159clientReplyContext::removeStoreReference(store_client ** scp,
160        StoreEntry ** ep)
161{
162    StoreEntry *e;
163    store_client *sc_tmp = *scp;
164
165    if ((e = *ep) != NULL) {
166        *ep = NULL;
167        storeUnregister(sc_tmp, e, this);
168        *scp = NULL;
169        e->unlock("clientReplyContext::removeStoreReference");
170    }
171}
172
173void
174clientReplyContext::removeClientStoreReference(store_client **scp, ClientHttpRequest *aHttpRequest)
175{
176    StoreEntry *reference = aHttpRequest->storeEntry();
177    removeStoreReference(scp, &reference);
178    aHttpRequest->storeEntry(reference);
179}
180
181void
182clientReplyContext::saveState()
183{
184    assert(old_sc == NULL);
185    debugs(88, 3, "clientReplyContext::saveState: saving store context");
186    old_entry = http->storeEntry();
187    old_sc = sc;
188    old_reqsize = reqsize;
189    tempBuffer.offset = reqofs;
190    /* Prevent accessing the now saved entries */
191    http->storeEntry(NULL);
192    sc = NULL;
193    reqsize = 0;
194    reqofs = 0;
195}
196
197void
198clientReplyContext::restoreState()
199{
200    assert(old_sc != NULL);
201    debugs(88, 3, "clientReplyContext::restoreState: Restoring store context");
202    removeClientStoreReference(&sc, http);
203    http->storeEntry(old_entry);
204    sc = old_sc;
205    reqsize = old_reqsize;
206    reqofs = tempBuffer.offset;
207    /* Prevent accessed the old saved entries */
208    old_entry = NULL;
209    old_sc = NULL;
210    old_reqsize = 0;
211    tempBuffer.offset = 0;
212}
213
214void
215clientReplyContext::startError(ErrorState * err)
216{
217    createStoreEntry(http->request->method, RequestFlags());
218    triggerInitialStoreRead();
219    errorAppendEntry(http->storeEntry(), err);
220}
221
222clientStreamNode *
223clientReplyContext::getNextNode() const
224{
225    return (clientStreamNode *)ourNode->node.next->data;
226}
227
228/* This function is wrong - the client parameters don't include the
229 * header offset
230 */
231void
232clientReplyContext::triggerInitialStoreRead()
233{
234    /* when confident, 0 becomes reqofs, and then this factors into
235     * startSendProcess
236     */
237    assert(reqofs == 0);
238    StoreIOBuffer localTempBuffer (next()->readBuffer.length, 0, next()->readBuffer.data);
239    storeClientCopy(sc, http->storeEntry(), localTempBuffer, SendMoreData, this);
240}
241
242/* there is an expired entry in the store.
243 * setup a temporary buffer area and perform an IMS to the origin
244 */
245void
246clientReplyContext::processExpired()
247{
248    const char *url = storeId();
249    StoreEntry *entry = NULL;
250    debugs(88, 3, "clientReplyContext::processExpired: '" << http->uri << "'");
251    assert(http->storeEntry()->lastmod >= 0);
252    /*
253     * check if we are allowed to contact other servers
254     * @?@: Instead of a 504 (Gateway Timeout) reply, we may want to return
255     *      a stale entry *if* it matches client requirements
256     */
257
258    if (http->onlyIfCached()) {
259        processOnlyIfCachedMiss();
260        return;
261    }
262
263    http->request->flags.refresh = true;
264#if STORE_CLIENT_LIST_DEBUG
265    /* Prevent a race with the store client memory free routines
266     */
267    assert(storeClientIsThisAClient(sc, this));
268#endif
269    /* Prepare to make a new temporary request */
270    saveState();
271    entry = storeCreateEntry(url,
272                             http->log_uri, http->request->flags, http->request->method);
273    /* NOTE, don't call StoreEntry->lock(), storeCreateEntry() does it */
274    sc = storeClientListAdd(entry, this);
275#if USE_DELAY_POOLS
276    /* delay_id is already set on original store client */
277    sc->setDelayId(DelayId::DelayClient(http));
278#endif
279
280    http->request->lastmod = old_entry->lastmod;
281
282    if (!http->request->header.has(HDR_IF_NONE_MATCH)) {
283        ETag etag = {NULL, -1}; // TODO: make that a default ETag constructor
284        if (old_entry->hasEtag(etag) && !etag.weak)
285            http->request->etag = etag.str;
286    }
287
288    debugs(88, 5, "clientReplyContext::processExpired : lastmod " << entry->lastmod );
289    http->storeEntry(entry);
290    assert(http->out.offset == 0);
291    assert(http->request->clientConnectionManager == http->getConn());
292
293    /*
294     * A refcounted pointer so that FwdState stays around as long as
295     * this clientReplyContext does
296     */
297    Comm::ConnectionPointer conn = http->getConn() != NULL ? http->getConn()->clientConnection : NULL;
298    FwdState::Start(conn, http->storeEntry(), http->request, http->al);
299
300    /* Register with storage manager to receive updates when data comes in. */
301
302    if (EBIT_TEST(entry->flags, ENTRY_ABORTED))
303        debugs(88, DBG_CRITICAL, "clientReplyContext::processExpired: Found ENTRY_ABORTED object");
304
305    {
306        /* start counting the length from 0 */
307        StoreIOBuffer localTempBuffer(HTTP_REQBUF_SZ, 0, tempbuf);
308        storeClientCopy(sc, entry, localTempBuffer, HandleIMSReply, this);
309    }
310}
311
312void
313clientReplyContext::sendClientUpstreamResponse()
314{
315    StoreIOBuffer tempresult;
316    removeStoreReference(&old_sc, &old_entry);
317    /* here the data to send is the data we just received */
318    tempBuffer.offset = 0;
319    old_reqsize = 0;
320    /* sendMoreData tracks the offset as well.
321     * Force it back to zero */
322    reqofs = 0;
323    assert(!EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED));
324    /* TODO: provide sendMoreData with the ready parsed reply */
325    tempresult.length = reqsize;
326    tempresult.data = tempbuf;
327    sendMoreData(tempresult);
328}
329
330void
331clientReplyContext::HandleIMSReply(void *data, StoreIOBuffer result)
332{
333    clientReplyContext *context = (clientReplyContext *)data;
334    context->handleIMSReply(result);
335}
336
337void
338clientReplyContext::sendClientOldEntry()
339{
340    /* Get the old request back */
341    restoreState();
342    /* here the data to send is in the next nodes buffers already */
343    assert(!EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED));
344    /* sendMoreData tracks the offset as well.
345     * Force it back to zero */
346    reqofs = 0;
347    StoreIOBuffer tempresult (reqsize, reqofs, next()->readBuffer.data);
348    sendMoreData(tempresult);
349}
350
351/* This is the workhorse of the HandleIMSReply callback.
352 *
353 * It is called when we've got data back from the origin following our
354 * IMS request to revalidate a stale entry.
355 */
356void
357clientReplyContext::handleIMSReply(StoreIOBuffer result)
358{
359    if (deleting)
360        return;
361
362    debugs(88, 3, "handleIMSReply: " << http->storeEntry()->url() << ", " << (long unsigned) result.length << " bytes" );
363
364    if (http->storeEntry() == NULL)
365        return;
366
367    if (result.flags.error && !EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED))
368        return;
369
370    /* update size of the request */
371    reqsize = result.length + reqofs;
372
373    const Http::StatusCode status = http->storeEntry()->getReply()->sline.status();
374
375    // request to origin was aborted
376    if (EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) {
377        debugs(88, 3, "handleIMSReply: request to origin aborted '" << http->storeEntry()->url() << "', sending old entry to client" );
378        http->logType = LOG_TCP_REFRESH_FAIL_OLD;
379        sendClientOldEntry();
380    }
381
382    HttpReply *old_rep = (HttpReply *) old_entry->getReply();
383
384    // origin replied 304
385    if (status == Http::scNotModified) {
386        http->logType = LOG_TCP_REFRESH_UNMODIFIED;
387        http->request->flags.staleIfHit = false; // old_entry is no longer stale
388
389        // update headers on existing entry
390        old_rep->updateOnNotModified(http->storeEntry()->getReply());
391        old_entry->timestampsSet();
392
393        // if client sent IMS
394
395        if (http->request->flags.ims && !old_entry->modifiedSince(http->request)) {
396            // forward the 304 from origin
397            debugs(88, 3, "handleIMSReply: origin replied 304, revalidating existing entry and forwarding 304 to client");
398            sendClientUpstreamResponse();
399        } else {
400            // send existing entry, it's still valid
401            debugs(88, 3, "handleIMSReply: origin replied 304, revalidating existing entry and sending " <<
402                   old_rep->sline.status() << " to client");
403            sendClientOldEntry();
404        }
405    }
406
407    // origin replied with a non-error code
408    else if (status > Http::scNone && status < Http::scInternalServerError) {
409        // forward response from origin
410        http->logType = LOG_TCP_REFRESH_MODIFIED;
411        debugs(88, 3, "handleIMSReply: origin replied " << status << ", replacing existing entry and forwarding to client");
412        sendClientUpstreamResponse();
413    }
414
415    // origin replied with an error
416    else if (http->request->flags.failOnValidationError) {
417        http->logType = LOG_TCP_REFRESH_FAIL_ERR;
418        debugs(88, 3, "handleIMSReply: origin replied with error " << status <<
419               ", forwarding to client due to fail_on_validation_err");
420        sendClientUpstreamResponse();
421    } else {
422        // ignore and let client have old entry
423        http->logType = LOG_TCP_REFRESH_FAIL_OLD;
424        debugs(88, 3, "handleIMSReply: origin replied with error " <<
425               status << ", sending old entry (" << old_rep->sline.status() << ") to client");
426        sendClientOldEntry();
427    }
428}
429
430SQUIDCEXTERN CSR clientGetMoreData;
431SQUIDCEXTERN CSD clientReplyDetach;
432
433/**
434 * clientReplyContext::cacheHit Should only be called until the HTTP reply headers
435 * have been parsed.  Normally this should be a single call, but
436 * it might take more than one.  As soon as we have the headers,
437 * we hand off to clientSendMoreData, processExpired, or
438 * processMiss.
439 */
440void
441clientReplyContext::CacheHit(void *data, StoreIOBuffer result)
442{
443    clientReplyContext *context = (clientReplyContext *)data;
444    context->cacheHit(result);
445}
446
447/**
448 * Process a possible cache HIT.
449 */
450void
451clientReplyContext::cacheHit(StoreIOBuffer result)
452{
453    /** Ignore if the HIT object is being deleted. */
454    if (deleting) {
455        debugs(88, 3, "HIT object being deleted. Ignore the HIT.");
456        return;
457    }
458
459    StoreEntry *e = http->storeEntry();
460
461    HttpRequest *r = http->request;
462
463    debugs(88, 3, "clientCacheHit: " << http->uri << ", " << result.length << " bytes");
464
465    if (http->storeEntry() == NULL) {
466        debugs(88, 3, "clientCacheHit: request aborted");
467        return;
468    } else if (result.flags.error) {
469        /* swap in failure */
470        debugs(88, 3, "clientCacheHit: swapin failure for " << http->uri);
471        http->logType = LOG_TCP_SWAPFAIL_MISS;
472        removeClientStoreReference(&sc, http);
473        processMiss();
474        return;
475    }
476
477    if (result.length == 0) {
478        debugs(88, 5, "store IO buffer has no content. MISS");
479        /* the store couldn't get enough data from the file for us to id the
480         * object
481         */
482        /* treat as a miss */
483        http->logType = LOG_TCP_MISS;
484        processMiss();
485        return;
486    }
487
488    assert(!EBIT_TEST(e->flags, ENTRY_ABORTED));
489    /* update size of the request */
490    reqsize = result.length + reqofs;
491
492    /*
493     * Got the headers, now grok them
494     */
495    assert(http->logType == LOG_TCP_HIT);
496
497    if (strcmp(e->mem_obj->storeId(), http->request->storeId()) != 0) {
498        debugs(33, DBG_IMPORTANT, "clientProcessHit: URL mismatch, '" << e->mem_obj->storeId() << "' != '" << http->request->storeId() << "'");
499        http->logType = LOG_TCP_MISS; // we lack a more precise LOG_*_MISS code
500        processMiss();
501        return;
502    }
503
504    switch (varyEvaluateMatch(e, r)) {
505
506    case VARY_NONE:
507        /* No variance detected. Continue as normal */
508        break;
509
510    case VARY_MATCH:
511        /* This is the correct entity for this request. Continue */
512        debugs(88, 2, "clientProcessHit: Vary MATCH!");
513        break;
514
515    case VARY_OTHER:
516        /* This is not the correct entity for this request. We need
517         * to requery the cache.
518         */
519        removeClientStoreReference(&sc, http);
520        e = NULL;
521        /* Note: varyEvalyateMatch updates the request with vary information
522         * so we only get here once. (it also takes care of cancelling loops)
523         */
524        debugs(88, 2, "clientProcessHit: Vary detected!");
525        clientGetMoreData(ourNode, http);
526        return;
527
528    case VARY_CANCEL:
529        /* varyEvaluateMatch found a object loop. Process as miss */
530        debugs(88, DBG_IMPORTANT, "clientProcessHit: Vary object loop!");
531        http->logType = LOG_TCP_MISS; // we lack a more precise LOG_*_MISS code
532        processMiss();
533        return;
534    }
535
536    if (r->method == Http::METHOD_PURGE) {
537        debugs(88, 5, "PURGE gets a HIT");
538        removeClientStoreReference(&sc, http);
539        e = NULL;
540        purgeRequest();
541        return;
542    }
543
544    if (e->checkNegativeHit() && !r->flags.noCacheHack()) {
545        debugs(88, 5, "negative-HIT");
546        http->logType = LOG_TCP_NEGATIVE_HIT;
547        sendMoreData(result);
548    } else if (blockedHit()) {
549        debugs(88, 5, "send_hit forces a MISS");
550        http->logType = LOG_TCP_MISS;
551        processMiss();
552        return;
553    } else if (!http->flags.internal && refreshCheckHTTP(e, r)) {
554        debugs(88, 5, "clientCacheHit: in refreshCheck() block");
555        /*
556         * We hold a stale copy; it needs to be validated
557         */
558        /*
559         * The 'needValidation' flag is used to prevent forwarding
560         * loops between siblings.  If our copy of the object is stale,
561         * then we should probably only use parents for the validation
562         * request.  Otherwise two siblings could generate a loop if
563         * both have a stale version of the object.
564         */
565        r->flags.needValidation = true;
566
567        if (e->lastmod < 0) {
568            debugs(88, 3, "validate HIT object? NO. Missing Last-Modified header. Do MISS.");
569            /*
570             * Previous reply didn't have a Last-Modified header,
571             * we cannot revalidate it.
572             */
573            http->logType = LOG_TCP_MISS;
574            processMiss();
575        } else if (r->flags.noCache) {
576            debugs(88, 3, "validate HIT object? NO. Client sent CC:no-cache. Do CLIENT_REFRESH_MISS");
577            /*
578             * This did not match a refresh pattern that overrides no-cache
579             * we should honour the client no-cache header.
580             */
581            http->logType = LOG_TCP_CLIENT_REFRESH_MISS;
582            processMiss();
583        } else if (r->url.getScheme() == AnyP::PROTO_HTTP) {
584            debugs(88, 3, "validate HIT object? YES.");
585            /*
586             * Object needs to be revalidated
587             * XXX This could apply to FTP as well, if Last-Modified is known.
588             */
589            processExpired();
590        } else {
591            debugs(88, 3, "validate HIT object? NO. Client protocol non-HTTP. Do MISS.");
592            /*
593             * We don't know how to re-validate other protocols. Handle
594             * them as if the object has expired.
595             */
596            http->logType = LOG_TCP_MISS;
597            processMiss();
598        }
599    } else if (r->conditional()) {
600        debugs(88, 5, "conditional HIT");
601        processConditional(result);
602    } else {
603        /*
604         * plain ol' cache hit
605         */
606        debugs(88, 5, "plain old HIT");
607
608#if USE_DELAY_POOLS
609        if (e->store_status != STORE_OK)
610            http->logType = LOG_TCP_MISS;
611        else
612#endif
613            if (e->mem_status == IN_MEMORY)
614                http->logType = LOG_TCP_MEM_HIT;
615            else if (Config.onoff.offline)
616                http->logType = LOG_TCP_OFFLINE_HIT;
617
618        sendMoreData(result);
619    }
620}
621
622/**
623 * Prepare to fetch the object as it's a cache miss of some kind.
624 */
625void
626clientReplyContext::processMiss()
627{
628    char *url = http->uri;
629    HttpRequest *r = http->request;
630    ErrorState *err = NULL;
631    debugs(88, 4, r->method << ' ' << url);
632
633    /**
634     * We might have a left-over StoreEntry from a failed cache hit
635     * or IMS request.
636     */
637    if (http->storeEntry()) {
638        if (EBIT_TEST(http->storeEntry()->flags, ENTRY_SPECIAL)) {
639            debugs(88, DBG_CRITICAL, "clientProcessMiss: miss on a special object (" << url << ").");
640            debugs(88, DBG_CRITICAL, "\tlog_type = " << LogTags_str[http->logType]);
641            http->storeEntry()->dump(1);
642        }
643
644        removeClientStoreReference(&sc, http);
645    }
646
647    /** Check if its a PURGE request to be actioned. */
648    if (r->method == Http::METHOD_PURGE) {
649        purgeRequest();
650        return;
651    }
652
653    /** Check if its an 'OTHER' request. Purge all cached entries if so and continue. */
654    if (r->method == Http::METHOD_OTHER) {
655        purgeAllCached();
656    }
657
658    /** Check if 'only-if-cached' flag is set. Action if so. */
659    if (http->onlyIfCached()) {
660        processOnlyIfCachedMiss();
661        return;
662    }
663
664    /// Deny loops
665    if (r->flags.loopDetected) {
666        http->al->http.code = Http::scForbidden;
667        err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, NULL, http->getConn()->clientConnection->remote, http->request);
668        createStoreEntry(r->method, RequestFlags());
669        errorAppendEntry(http->storeEntry(), err);
670        triggerInitialStoreRead();
671        return;
672    } else {
673        assert(http->out.offset == 0);
674        createStoreEntry(r->method, r->flags);
675        triggerInitialStoreRead();
676
677        if (http->redirect.status) {
678            HttpReply *rep = new HttpReply;
679            http->logType = LOG_TCP_REDIRECT;
680            http->storeEntry()->releaseRequest();
681            rep->redirect(http->redirect.status, http->redirect.location);
682            http->storeEntry()->replaceHttpReply(rep);
683            http->storeEntry()->complete();
684            return;
685        }
686
687        assert(r->clientConnectionManager == http->getConn());
688
689        /** Start forwarding to get the new object from network */
690        Comm::ConnectionPointer conn = http->getConn() != NULL ? http->getConn()->clientConnection : NULL;
691        FwdState::Start(conn, http->storeEntry(), r, http->al);
692    }
693}
694
695/**
696 * client issued a request with an only-if-cached cache-control directive;
697 * we did not find a cached object that can be returned without
698 *     contacting other servers;
699 * respond with a 504 (Gateway Timeout) as suggested in [RFC 2068]
700 */
701void
702clientReplyContext::processOnlyIfCachedMiss()
703{
704    debugs(88, 4, http->request->method << ' ' << http->uri);
705    http->al->http.code = Http::scGatewayTimeout;
706    ErrorState *err = clientBuildError(ERR_ONLY_IF_CACHED_MISS, Http::scGatewayTimeout, NULL,
707                                       http->getConn()->clientConnection->remote, http->request);
708    removeClientStoreReference(&sc, http);
709    startError(err);
710}
711
712/// process conditional request from client
713void
714clientReplyContext::processConditional(StoreIOBuffer &result)
715{
716    StoreEntry *const e = http->storeEntry();
717
718    if (e->getReply()->sline.status() != Http::scOkay) {
719        debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
720               e->getReply()->sline.status() << " != 200");
721        http->logType = LOG_TCP_MISS;
722        processMiss();
723        return;
724    }
725
726    HttpRequest &r = *http->request;
727
728    if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
729        // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
730        sendPreconditionFailedError();
731        return;
732    }
733
734    bool matchedIfNoneMatch = false;
735    if (r.header.has(HDR_IF_NONE_MATCH)) {
736        if (!e->hasIfNoneMatchEtag(r)) {
737            // RFC 2616: ignore IMS if If-None-Match did not match
738            r.flags.ims = false;
739            r.ims = -1;
740            r.imslen = 0;
741            r.header.delById(HDR_IF_MODIFIED_SINCE);
742            http->logType = LOG_TCP_MISS;
743            sendMoreData(result);
744            return;
745        }
746
747        if (!r.flags.ims) {
748            // RFC 2616: if If-None-Match matched and there is no IMS,
749            // reply with 304 Not Modified or 412 Precondition Failed
750            sendNotModifiedOrPreconditionFailedError();
751            return;
752        }
753
754        // otherwise check IMS below to decide if we reply with 304 or 412
755        matchedIfNoneMatch = true;
756    }
757
758    if (r.flags.ims) {
759        // handle If-Modified-Since requests from the client
760        if (e->modifiedSince(&r)) {
761            http->logType = LOG_TCP_IMS_HIT;
762            sendMoreData(result);
763            return;
764        }
765
766        if (matchedIfNoneMatch) {
767            // If-None-Match matched, reply with 304 Not Modified or
768            // 412 Precondition Failed
769            sendNotModifiedOrPreconditionFailedError();
770            return;
771        }
772
773        // otherwise reply with 304 Not Modified
774        sendNotModified();
775    }
776}
777
778/// whether squid.conf send_hit prevents us from serving this hit
779bool
780clientReplyContext::blockedHit() const
781{
782    if (!Config.accessList.sendHit)
783        return false; // hits are not blocked by default
784
785    if (http->flags.internal)
786        return false; // internal content "hits" cannot be blocked
787
788    if (const HttpReply *rep = http->storeEntry()->getReply()) {
789        std::unique_ptr<ACLFilledChecklist> chl(clientAclChecklistCreate(Config.accessList.sendHit, http));
790        chl->reply = const_cast<HttpReply*>(rep); // ACLChecklist API bug
791        HTTPMSGLOCK(chl->reply);
792        return chl->fastCheck() != ACCESS_ALLOWED; // when in doubt, block
793    }
794
795    // This does not happen, I hope, because we are called from CacheHit, which
796    // is called via a storeClientCopy() callback, and store should initialize
797    // the reply before calling that callback.
798    debugs(88, 3, "Missing reply!");
799    return false;
800}
801
802void
803clientReplyContext::purgeRequestFindObjectToPurge()
804{
805    /* Try to find a base entry */
806    http->flags.purging = true;
807    lookingforstore = 1;
808
809    // TODO: can we use purgeAllCached() here instead of doing the
810    // getPublicByRequestMethod() dance?
811    StoreEntry::getPublicByRequestMethod(this, http->request, Http::METHOD_GET);
812}
813
814// Purges all entries with a given url
815// TODO: move to SideAgent parent, when we have one
816/*
817 * We probably cannot purge Vary-affected responses because their MD5
818 * keys depend on vary headers.
819 */
820void
821purgeEntriesByUrl(HttpRequest * req, const char *url)
822{
823#if USE_HTCP
824    bool get_or_head_sent = false;
825#endif
826
827    for (HttpRequestMethod m(Http::METHOD_NONE); m != Http::METHOD_ENUM_END; ++m) {
828        if (m.respMaybeCacheable()) {
829            if (StoreEntry *entry = storeGetPublic(url, m)) {
830                debugs(88, 5, "purging " << *entry << ' ' << m << ' ' << url);
831#if USE_HTCP
832                neighborsHtcpClear(entry, url, req, m, HTCP_CLR_INVALIDATION);
833                if (m == Http::METHOD_GET || m == Http::METHOD_HEAD) {
834                    get_or_head_sent = true;
835                }
836#endif
837                entry->release();
838            }
839        }
840    }
841
842#if USE_HTCP
843    if (!get_or_head_sent) {
844        neighborsHtcpClear(NULL, url, req, HttpRequestMethod(Http::METHOD_GET), HTCP_CLR_INVALIDATION);
845    }
846#endif
847}
848
849void
850clientReplyContext::purgeAllCached()
851{
852    const char *url = urlCanonical(http->request);
853    purgeEntriesByUrl(http->request, url);
854}
855
856void
857clientReplyContext::created(StoreEntry *newEntry)
858{
859    if (lookingforstore == 1)
860        purgeFoundGet(newEntry);
861    else if (lookingforstore == 2)
862        purgeFoundHead(newEntry);
863    else if (lookingforstore == 3)
864        purgeDoPurgeGet(newEntry);
865    else if (lookingforstore == 4)
866        purgeDoPurgeHead(newEntry);
867    else if (lookingforstore == 5)
868        identifyFoundObject(newEntry);
869}
870
871void
872clientReplyContext::purgeFoundGet(StoreEntry *newEntry)
873{
874    if (newEntry->isNull()) {
875        lookingforstore = 2;
876        StoreEntry::getPublicByRequestMethod(this, http->request, Http::METHOD_HEAD);
877    } else
878        purgeFoundObject (newEntry);
879}
880
881void
882clientReplyContext::purgeFoundHead(StoreEntry *newEntry)
883{
884    if (newEntry->isNull())
885        purgeDoMissPurge();
886    else
887        purgeFoundObject (newEntry);
888}
889
890void
891clientReplyContext::purgeFoundObject(StoreEntry *entry)
892{
893    assert (entry && !entry->isNull());
894
895    if (EBIT_TEST(entry->flags, ENTRY_SPECIAL)) {
896        http->logType = LOG_TCP_DENIED;
897        ErrorState *err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, NULL,
898                                           http->getConn()->clientConnection->remote, http->request);
899        startError(err);
900        return; // XXX: leaking unused entry if some store does not keep it
901    }
902
903    StoreIOBuffer localTempBuffer;
904    /* Swap in the metadata */
905    http->storeEntry(entry);
906
907    http->storeEntry()->lock("clientReplyContext::purgeFoundObject");
908    http->storeEntry()->createMemObject(storeId(), http->log_uri,
909                                        http->request->method);
910
911    sc = storeClientListAdd(http->storeEntry(), this);
912
913    http->logType = LOG_TCP_HIT;
914
915    reqofs = 0;
916
917    localTempBuffer.offset = http->out.offset;
918
919    localTempBuffer.length = next()->readBuffer.length;
920
921    localTempBuffer.data = next()->readBuffer.data;
922
923    storeClientCopy(sc, http->storeEntry(),
924                    localTempBuffer, CacheHit, this);
925}
926
927void
928clientReplyContext::purgeRequest()
929{
930    debugs(88, 3, "Config2.onoff.enable_purge = " <<
931           Config2.onoff.enable_purge);
932
933    if (!Config2.onoff.enable_purge) {
934        http->logType = LOG_TCP_DENIED;
935        ErrorState *err = clientBuildError(ERR_ACCESS_DENIED, Http::scForbidden, NULL, http->getConn()->clientConnection->remote, http->request);
936        startError(err);
937        return;
938    }
939
940    /* Release both IP cache */
941    ipcacheInvalidate(http->request->GetHost());
942
943    if (!http->flags.purging)
944        purgeRequestFindObjectToPurge();
945    else
946        purgeDoMissPurge();
947}
948
949void
950clientReplyContext::purgeDoMissPurge()
951{
952    http->logType = LOG_TCP_MISS;
953    lookingforstore = 3;
954    StoreEntry::getPublicByRequestMethod(this,http->request, Http::METHOD_GET);
955}
956
957void
958clientReplyContext::purgeDoPurgeGet(StoreEntry *newEntry)
959{
960    assert (newEntry);
961    /* Move to new() when that is created */
962    purgeStatus = Http::scNotFound;
963
964    if (!newEntry->isNull()) {
965        /* Release the cached URI */
966        debugs(88, 4, "clientPurgeRequest: GET '" << newEntry->url() << "'" );
967#if USE_HTCP
968        neighborsHtcpClear(newEntry, NULL, http->request, HttpRequestMethod(Http::METHOD_GET), HTCP_CLR_PURGE);
969#endif
970        newEntry->release();
971        purgeStatus = Http::scOkay;
972    }
973
974    lookingforstore = 4;
975    StoreEntry::getPublicByRequestMethod(this, http->request, Http::METHOD_HEAD);
976}
977
978void
979clientReplyContext::purgeDoPurgeHead(StoreEntry *newEntry)
980{
981    if (newEntry && !newEntry->isNull()) {
982        debugs(88, 4, "clientPurgeRequest: HEAD '" << newEntry->url() << "'" );
983#if USE_HTCP
984        neighborsHtcpClear(newEntry, NULL, http->request, HttpRequestMethod(Http::METHOD_HEAD), HTCP_CLR_PURGE);
985#endif
986        newEntry->release();
987        purgeStatus = Http::scOkay;
988    }
989
990    /* And for Vary, release the base URI if none of the headers was included in the request */
991
992    if (http->request->vary_headers
993            && !strstr(http->request->vary_headers, "=")) {
994        StoreEntry *entry = storeGetPublic(urlCanonical(http->request), Http::METHOD_GET);
995
996        if (entry) {
997            debugs(88, 4, "clientPurgeRequest: Vary GET '" << entry->url() << "'" );
998#if USE_HTCP
999            neighborsHtcpClear(entry, NULL, http->request, HttpRequestMethod(Http::METHOD_GET), HTCP_CLR_PURGE);
1000#endif
1001            entry->release();
1002            purgeStatus = Http::scOkay;
1003        }
1004
1005        entry = storeGetPublic(urlCanonical(http->request), Http::METHOD_HEAD);
1006
1007        if (entry) {
1008            debugs(88, 4, "clientPurgeRequest: Vary HEAD '" << entry->url() << "'" );
1009#if USE_HTCP
1010            neighborsHtcpClear(entry, NULL, http->request, HttpRequestMethod(Http::METHOD_HEAD), HTCP_CLR_PURGE);
1011#endif
1012            entry->release();
1013            purgeStatus = Http::scOkay;
1014        }
1015    }
1016
1017    /*
1018     * Make a new entry to hold the reply to be written
1019     * to the client.
1020     */
1021    /* FIXME: This doesn't need to go through the store. Simply
1022     * push down the client chain
1023     */
1024    createStoreEntry(http->request->method, RequestFlags());
1025
1026    triggerInitialStoreRead();
1027
1028    HttpReply *rep = new HttpReply;
1029    rep->setHeaders(purgeStatus, NULL, NULL, 0, 0, -1);
1030    http->storeEntry()->replaceHttpReply(rep);
1031    http->storeEntry()->complete();
1032}
1033
1034void
1035clientReplyContext::traceReply(clientStreamNode * node)
1036{
1037    clientStreamNode *nextNode = (clientStreamNode *)node->node.next->data;
1038    StoreIOBuffer localTempBuffer;
1039    createStoreEntry(http->request->method, RequestFlags());
1040    localTempBuffer.offset = nextNode->readBuffer.offset + headers_sz;
1041    localTempBuffer.length = nextNode->readBuffer.length;
1042    localTempBuffer.data = nextNode->readBuffer.data;
1043    storeClientCopy(sc, http->storeEntry(),
1044                    localTempBuffer, SendMoreData, this);
1045    http->storeEntry()->releaseRequest();
1046    http->storeEntry()->buffer();
1047    HttpReply *rep = new HttpReply;
1048    rep->setHeaders(Http::scOkay, NULL, "text/plain", http->request->prefixLen(), 0, squid_curtime);
1049    http->storeEntry()->replaceHttpReply(rep);
1050    http->request->swapOut(http->storeEntry());
1051    http->storeEntry()->complete();
1052}
1053
1054#define SENDING_BODY 0
1055#define SENDING_HDRSONLY 1
1056int
1057clientReplyContext::checkTransferDone()
1058{
1059    StoreEntry *entry = http->storeEntry();
1060
1061    if (entry == NULL)
1062        return 0;
1063
1064    /*
1065     * For now, 'done_copying' is used for special cases like
1066     * Range and HEAD requests.
1067     */
1068    if (http->flags.done_copying)
1069        return 1;
1070
1071    if (http->request->flags.chunkedReply && !flags.complete) {
1072        // last-chunk was not sent
1073        return 0;
1074    }
1075
1076    /*
1077     * Handle STORE_OK objects.
1078     * objectLen(entry) will be set proprely.
1079     * RC: Does objectLen(entry) include the Headers?
1080     * RC: Yes.
1081     */
1082    if (entry->store_status == STORE_OK) {
1083        return storeOKTransferDone();
1084    } else {
1085        return storeNotOKTransferDone();
1086    }
1087}
1088
1089int
1090clientReplyContext::storeOKTransferDone() const
1091{
1092    assert(http->storeEntry()->objectLen() >= 0);
1093    assert(http->storeEntry()->objectLen() >= headers_sz);
1094    if (http->out.offset >= http->storeEntry()->objectLen() - headers_sz) {
1095        debugs(88,3,HERE << "storeOKTransferDone " <<
1096               " out.offset=" << http->out.offset <<
1097               " objectLen()=" << http->storeEntry()->objectLen() <<
1098               " headers_sz=" << headers_sz);
1099        return 1;
1100    }
1101
1102    return 0;
1103}
1104
1105int
1106clientReplyContext::storeNotOKTransferDone() const
1107{
1108    /*
1109     * Now, handle STORE_PENDING objects
1110     */
1111    MemObject *mem = http->storeEntry()->mem_obj;
1112    assert(mem != NULL);
1113    assert(http->request != NULL);
1114    /* mem->reply was wrong because it uses the UPSTREAM header length!!! */
1115    HttpReply const *curReply = mem->getReply();
1116
1117    if (headers_sz == 0)
1118        /* haven't found end of headers yet */
1119        return 0;
1120
1121    /*
1122     * Figure out how much data we are supposed to send.
1123     * If we are sending a body and we don't have a content-length,
1124     * then we must wait for the object to become STORE_OK.
1125     */
1126    if (curReply->content_length < 0)
1127        return 0;
1128
1129    int64_t expectedLength = curReply->content_length + http->out.headers_sz;
1130
1131    if (http->out.size < expectedLength)
1132        return 0;
1133    else {
1134        debugs(88,3,HERE << "storeNotOKTransferDone " <<
1135               " out.size=" << http->out.size <<
1136               " expectedLength=" << expectedLength);
1137        return 1;
1138    }
1139}
1140
1141/* A write has completed, what is the next status based on the
1142 * canonical request data?
1143 * 1 something is wrong
1144 * 0 nothing is wrong.
1145 *
1146 */
1147int
1148clientHttpRequestStatus(int fd, ClientHttpRequest const *http)
1149{
1150#if SIZEOF_INT64_T == 4
1151    if (http->out.size > 0x7FFF0000) {
1152        debugs(88, DBG_IMPORTANT, "WARNING: closing FD " << fd << " to prevent out.size counter overflow");
1153        debugs(88, DBG_IMPORTANT, "\tclient " << http->getConn()->peer);
1154        debugs(88, DBG_IMPORTANT, "\treceived " << http->out.size << " bytes");
1155        debugs(88, DBG_IMPORTANT, "\tURI " << http->log_uri);
1156        return 1;
1157    }
1158
1159    if (http->out.offset > 0x7FFF0000) {
1160        debugs(88, DBG_IMPORTANT, "WARNING: closing FD " << fd < " to prevent out.offset counter overflow");
1161        debugs(88, DBG_IMPORTANT, "\tclient " << http->getConn()->peer);
1162        debugs(88, DBG_IMPORTANT, "\treceived " << http->out.size << " bytes, offset " << http->out.offset);
1163        debugs(88, DBG_IMPORTANT, "\tURI " << http->log_uri);
1164        return 1;
1165    }
1166
1167#endif
1168    return 0;
1169}
1170
1171/* Preconditions:
1172 * *http is a valid structure.
1173 * fd is either -1, or an open fd.
1174 *
1175 * TODO: enumify this
1176 *
1177 * This function is used by any http request sink, to determine the status
1178 * of the object.
1179 */
1180clientStream_status_t
1181clientReplyStatus(clientStreamNode * aNode, ClientHttpRequest * http)
1182{
1183    clientReplyContext *context = dynamic_cast<clientReplyContext *>(aNode->data.getRaw());
1184    assert (context);
1185    assert (context->http == http);
1186    return context->replyStatus();
1187}
1188
1189clientStream_status_t
1190clientReplyContext::replyStatus()
1191{
1192    int done;
1193    /* Here because lower nodes don't need it */
1194
1195    if (http->storeEntry() == NULL) {
1196        debugs(88, 5, "clientReplyStatus: no storeEntry");
1197        return STREAM_FAILED;   /* yuck, but what can we do? */
1198    }
1199
1200    if (EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) {
1201        /* TODO: Could upstream read errors (result.flags.error) be
1202         * lost, and result in undersize requests being considered
1203         * complete. Should we tcp reset such connections ?
1204         */
1205        debugs(88, 5, "clientReplyStatus: aborted storeEntry");
1206        return STREAM_FAILED;
1207    }
1208
1209    if ((done = checkTransferDone()) != 0 || flags.complete) {
1210        debugs(88, 5, "clientReplyStatus: transfer is DONE: " << done << flags.complete);
1211        /* Ok we're finished, but how? */
1212
1213        const int64_t expectedBodySize =
1214            http->storeEntry()->getReply()->bodySize(http->request->method);
1215        if (!http->request->flags.proxyKeepalive && expectedBodySize < 0) {
1216            debugs(88, 5, "clientReplyStatus: closing, content_length < 0");
1217            return STREAM_FAILED;
1218        }
1219
1220        if (EBIT_TEST(http->storeEntry()->flags, ENTRY_BAD_LENGTH)) {
1221            debugs(88, 5, "clientReplyStatus: truncated response body");
1222            return STREAM_UNPLANNED_COMPLETE;
1223        }
1224
1225        if (!done) {
1226            debugs(88, 5, "clientReplyStatus: closing, !done, but read 0 bytes");
1227            return STREAM_FAILED;
1228        }
1229
1230        if (expectedBodySize >= 0 && !http->gotEnough()) {
1231            debugs(88, 5, "clientReplyStatus: client didn't get all it expected");
1232            return STREAM_UNPLANNED_COMPLETE;
1233        }
1234
1235        debugs(88, 5, "clientReplyStatus: stream complete; keepalive=" <<
1236               http->request->flags.proxyKeepalive);
1237        return STREAM_COMPLETE;
1238    }
1239
1240    // XXX: Should this be checked earlier? We could return above w/o checking.
1241    if (reply->receivedBodyTooLarge(*http->request, http->out.offset - 4096)) {
1242        /* 4096 is a margin for the HTTP headers included in out.offset */
1243        debugs(88, 5, "clientReplyStatus: client reply body is too large");
1244        return STREAM_FAILED;
1245    }
1246
1247    return STREAM_NONE;
1248}
1249
1250/* Responses with no body will not have a content-type header,
1251 * which breaks the rep_mime_type acl, which
1252 * coincidentally, is the most common acl for reply access lists.
1253 * A better long term fix for this is to allow acl matchs on the various
1254 * status codes, and then supply a default ruleset that puts these
1255 * codes before any user defines access entries. That way the user
1256 * can choose to block these responses where appropriate, but won't get
1257 * mysterious breakages.
1258 */
1259bool
1260clientReplyContext::alwaysAllowResponse(Http::StatusCode sline) const
1261{
1262    bool result;
1263
1264    switch (sline) {
1265
1266    case Http::scContinue:
1267
1268    case Http::scSwitchingProtocols:
1269
1270    case Http::scProcessing:
1271
1272    case Http::scNoContent:
1273
1274    case Http::scNotModified:
1275        result = true;
1276        break;
1277
1278    default:
1279        result = false;
1280    }
1281
1282    return result;
1283}
1284
1285/**
1286 * Generate the reply headers sent to client.
1287 *
1288 * Filters out unwanted entries and hop-by-hop from original reply header
1289 * then adds extra entries if we have more info than origin server
1290 * then adds Squid specific entries
1291 */
1292void
1293clientReplyContext::buildReplyHeader()
1294{
1295    HttpHeader *hdr = &reply->header;
1296    int is_hit = logTypeIsATcpHit(http->logType);
1297    HttpRequest *request = http->request;
1298#if DONT_FILTER_THESE
1299    /* but you might want to if you run Squid as an HTTP accelerator */
1300    /* hdr->delById(HDR_ACCEPT_RANGES); */
1301    hdr->delById(HDR_ETAG);
1302#endif
1303
1304    if (is_hit)
1305        hdr->delById(HDR_SET_COOKIE);
1306    // TODO: RFC 2965 : Must honour Cache-Control: no-cache="set-cookie2" and remove header.
1307
1308    // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
1309    // remove the Proxy-Authenticate header
1310    if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
1311        reply->header.delById(HDR_PROXY_AUTHENTICATE);
1312
1313    reply->header.removeHopByHopEntries();
1314
1315    //    if (request->range)
1316    //      clientBuildRangeHeader(http, reply);
1317
1318    /*
1319     * Add a estimated Age header on cache hits.
1320     */
1321    if (is_hit) {
1322        /*
1323         * Remove any existing Age header sent by upstream caches
1324         * (note that the existing header is passed along unmodified
1325         * on cache misses)
1326         */
1327        hdr->delById(HDR_AGE);
1328        /*
1329         * This adds the calculated object age. Note that the details of the
1330         * age calculation is performed by adjusting the timestamp in
1331         * StoreEntry::timestampsSet(), not here.
1332         */
1333        if (EBIT_TEST(http->storeEntry()->flags, ENTRY_SPECIAL)) {
1334            hdr->delById(HDR_DATE);
1335            hdr->insertTime(HDR_DATE, squid_curtime);
1336        } else if (http->getConn() && http->getConn()->port->actAsOrigin) {
1337            // Swap the Date: header to current time if we are simulating an origin
1338            HttpHeaderEntry *h = hdr->findEntry(HDR_DATE);
1339            if (h)
1340                hdr->putExt("X-Origin-Date", h->value.termedBuf());
1341            hdr->delById(HDR_DATE);
1342            hdr->insertTime(HDR_DATE, squid_curtime);
1343            h = hdr->findEntry(HDR_EXPIRES);
1344            if (h && http->storeEntry()->expires >= 0) {
1345                hdr->putExt("X-Origin-Expires", h->value.termedBuf());
1346                hdr->delById(HDR_EXPIRES);
1347                hdr->insertTime(HDR_EXPIRES, squid_curtime + http->storeEntry()->expires - http->storeEntry()->timestamp);
1348            }
1349            if (http->storeEntry()->timestamp <= squid_curtime) {
1350                // put X-Cache-Age: instead of Age:
1351                char age[64];
1352                snprintf(age, sizeof(age), "%" PRId64, static_cast<int64_t>(squid_curtime - http->storeEntry()->timestamp));
1353                hdr->putExt("X-Cache-Age", age);
1354            }
1355        } else if (http->storeEntry()->timestamp <= squid_curtime) {
1356            hdr->putInt(HDR_AGE,
1357                        squid_curtime - http->storeEntry()->timestamp);
1358            /* Signal old objects.  NB: rfc 2616 is not clear,
1359             * by implication, on whether we should do this to all
1360             * responses, or only cache hits.
1361             * 14.46 states it ONLY applys for heuristically caclulated
1362             * freshness values, 13.2.4 doesn't specify the same limitation.
1363             * We interpret RFC 2616 under the combination.
1364             */
1365            /* TODO: if maxage or s-maxage is present, don't do this */
1366
1367            if (squid_curtime - http->storeEntry()->timestamp >= 86400) {
1368                char tbuf[512];
1369                snprintf (tbuf, sizeof(tbuf), "%s %s %s",
1370                          "113", ThisCache,
1371                          "This cache hit is still fresh and more than 1 day old");
1372                hdr->putStr(HDR_WARNING, tbuf);
1373            }
1374        }
1375    }
1376
1377    /* RFC 2616: Section 14.18
1378     *
1379     * Add a Date: header if missing.
1380     * We have access to a clock therefore are required to amend any shortcoming in servers.
1381     *
1382     * NP: done after Age: to prevent ENTRY_SPECIAL double-handling this header.
1383     */
1384    if ( !hdr->has(HDR_DATE) ) {
1385        if (!http->storeEntry())
1386            hdr->insertTime(HDR_DATE, squid_curtime);
1387        else if (http->storeEntry()->timestamp > 0)
1388            hdr->insertTime(HDR_DATE, http->storeEntry()->timestamp);
1389        else {
1390            debugs(88,DBG_IMPORTANT,"BUG 3279: HTTP reply without Date:");
1391            /* dump something useful about the problem */
1392            http->storeEntry()->dump(DBG_IMPORTANT);
1393        }
1394    }
1395
1396    // add Warnings required by RFC 2616 if serving a stale hit
1397    if (http->request->flags.staleIfHit && logTypeIsATcpHit(http->logType)) {
1398        hdr->putWarning(110, "Response is stale");
1399        if (http->request->flags.needValidation)
1400            hdr->putWarning(111, "Revalidation failed");
1401    }
1402
1403    /* Filter unproxyable authentication types */
1404    if (http->logType != LOG_TCP_DENIED &&
1405            hdr->has(HDR_WWW_AUTHENTICATE)) {
1406        HttpHeaderPos pos = HttpHeaderInitPos;
1407        HttpHeaderEntry *e;
1408
1409        int connection_auth_blocked = 0;
1410        while ((e = hdr->getEntry(&pos))) {
1411            if (e->id == HDR_WWW_AUTHENTICATE) {
1412                const char *value = e->value.rawBuf();
1413
1414                if ((strncasecmp(value, "NTLM", 4) == 0 &&
1415                        (value[4] == '\0' || value[4] == ' '))
1416                        ||
1417                        (strncasecmp(value, "Negotiate", 9) == 0 &&
1418                         (value[9] == '\0' || value[9] == ' '))
1419                        ||
1420                        (strncasecmp(value, "Kerberos", 8) == 0 &&
1421                         (value[8] == '\0' || value[8] == ' '))) {
1422                    if (request->flags.connectionAuthDisabled) {
1423                        hdr->delAt(pos, connection_auth_blocked);
1424                        continue;
1425                    }
1426                    request->flags.mustKeepalive = true;
1427                    if (!request->flags.accelerated && !request->flags.intercepted) {
1428                        httpHeaderPutStrf(hdr, HDR_PROXY_SUPPORT, "Session-Based-Authentication");
1429                        /*
1430                          We send "Connection: Proxy-Support" header to mark
1431                          Proxy-Support as a hop-by-hop header for intermediaries that do not
1432                          understand the semantics of this header. The RFC should have included
1433                          this recommendation.
1434                        */
1435                        httpHeaderPutStrf(hdr, HDR_CONNECTION, "Proxy-support");
1436                    }
1437                    break;
1438                }
1439            }
1440        }
1441
1442        if (connection_auth_blocked)
1443            hdr->refreshMask();
1444    }
1445
1446#if USE_AUTH
1447    /* Handle authentication headers */
1448    if (http->logType == LOG_TCP_DENIED &&
1449            ( reply->sline.status() == Http::scProxyAuthenticationRequired ||
1450              reply->sline.status() == Http::scUnauthorized)
1451       ) {
1452        /* Add authentication header */
1453        /*! \todo alter errorstate to be accel on|off aware. The 0 on the next line
1454         * depends on authenticate behaviour: all schemes to date send no extra
1455         * data on 407/401 responses, and do not check the accel state on 401/407
1456         * responses
1457         */
1458        authenticateFixHeader(reply, request->auth_user_request, request, 0, 1);
1459    } else if (request->auth_user_request != NULL)
1460        authenticateFixHeader(reply, request->auth_user_request, request, http->flags.accel, 0);
1461#endif
1462
1463    /* Append X-Cache */
1464    httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s",
1465                      is_hit ? "HIT" : "MISS", getMyHostname());
1466
1467#if USE_CACHE_DIGESTS
1468    /* Append X-Cache-Lookup: -- temporary hack, to be removed @?@ @?@ */
1469    httpHeaderPutStrf(hdr, HDR_X_CACHE_LOOKUP, "%s from %s:%d",
1470                      lookup_type ? lookup_type : "NONE",
1471                      getMyHostname(), getMyPort());
1472
1473#endif
1474
1475    const bool maySendChunkedReply = !request->multipartRangeRequest() &&
1476                                     reply->sline.protocol == AnyP::PROTO_HTTP && // response is HTTP
1477                                     (request->http_ver >= Http::ProtocolVersion(1, 1));
1478
1479    /* Check whether we should send keep-alive */
1480    if (!Config.onoff.error_pconns && reply->sline.status() >= 400 && !request->flags.mustKeepalive) {
1481        debugs(33, 3, "clientBuildReplyHeader: Error, don't keep-alive");
1482        request->flags.proxyKeepalive = false;
1483    } else if (!Config.onoff.client_pconns && !request->flags.mustKeepalive) {
1484        debugs(33, 2, "clientBuildReplyHeader: Connection Keep-Alive not requested by admin or client");
1485        request->flags.proxyKeepalive = false;
1486    } else if (request->flags.proxyKeepalive && shutting_down) {
1487        debugs(88, 3, "clientBuildReplyHeader: Shutting down, don't keep-alive.");
1488        request->flags.proxyKeepalive = false;
1489    } else if (request->flags.connectionAuth && !reply->keep_alive) {
1490        debugs(33, 2, "clientBuildReplyHeader: Connection oriented auth but server side non-persistent");
1491        request->flags.proxyKeepalive = false;
1492    } else if (reply->bodySize(request->method) < 0 && !maySendChunkedReply) {
1493        debugs(88, 3, "clientBuildReplyHeader: can't keep-alive, unknown body size" );
1494        request->flags.proxyKeepalive = false;
1495    } else if (fdUsageHigh()&& !request->flags.mustKeepalive) {
1496        debugs(88, 3, "clientBuildReplyHeader: Not many unused FDs, can't keep-alive");
1497        request->flags.proxyKeepalive = false;
1498    } else if (request->flags.sslBumped && !reply->persistent()) {
1499        // We do not really have to close, but we pretend we are a tunnel.
1500        debugs(88, 3, "clientBuildReplyHeader: bumped reply forces close");
1501        request->flags.proxyKeepalive = false;
1502    } else if (request->pinnedConnection() && !reply->persistent()) {
1503        // The peer wants to close the pinned connection
1504        debugs(88, 3, "pinned reply forces close");
1505        request->flags.proxyKeepalive = false;
1506    } else if (http->getConn() && http->getConn()->port->listenConn == NULL) {
1507        // The listening port closed because of a reconfigure
1508        debugs(88, 3, "listening port closed");
1509        request->flags.proxyKeepalive = false;
1510    }
1511
1512    // Decide if we send chunked reply
1513    if (maySendChunkedReply &&
1514            request->flags.proxyKeepalive &&
1515            reply->bodySize(request->method) < 0) {
1516        debugs(88, 3, "clientBuildReplyHeader: chunked reply");
1517        request->flags.chunkedReply = true;
1518        hdr->putStr(HDR_TRANSFER_ENCODING, "chunked");
1519    }
1520
1521    /* Append VIA */
1522    if (Config.onoff.via) {
1523        LOCAL_ARRAY(char, bbuf, MAX_URL + 32);
1524        String strVia;
1525        hdr->getList(HDR_VIA, &strVia);
1526        snprintf(bbuf, MAX_URL + 32, "%d.%d %s",
1527                 reply->sline.version.major,
1528                 reply->sline.version.minor,
1529                 ThisCache);
1530        strListAdd(&strVia, bbuf, ',');
1531        hdr->delById(HDR_VIA);
1532        hdr->putStr(HDR_VIA, strVia.termedBuf());
1533    }
1534    /* Signal keep-alive or close explicitly */
1535    hdr->putStr(HDR_CONNECTION, request->flags.proxyKeepalive ? "keep-alive" : "close");
1536
1537#if ADD_X_REQUEST_URI
1538    /*
1539     * Knowing the URI of the request is useful when debugging persistent
1540     * connections in a client; we cannot guarantee the order of http headers,
1541     * but X-Request-URI is likely to be the very last header to ease use from a
1542     * debugger [hdr->entries.count-1].
1543     */
1544    hdr->putStr(HDR_X_REQUEST_URI,
1545                http->memOjbect()->url ? http->memObject()->url : http->uri);
1546
1547#endif
1548
1549    /* Surrogate-Control requires Surrogate-Capability from upstream to pass on */
1550    if ( hdr->has(HDR_SURROGATE_CONTROL) ) {
1551        if (!request->header.has(HDR_SURROGATE_CAPABILITY)) {
1552            hdr->delById(HDR_SURROGATE_CONTROL);
1553        }
1554        /* TODO: else case: drop any controls intended specifically for our surrogate ID */
1555    }
1556
1557    httpHdrMangleList(hdr, request, ROR_REPLY);
1558}
1559
1560void
1561clientReplyContext::cloneReply()
1562{
1563    assert(reply == NULL);
1564
1565    reply = http->storeEntry()->getReply()->clone();
1566    HTTPMSGLOCK(reply);
1567
1568    if (reply->sline.protocol == AnyP::PROTO_HTTP) {
1569        /* RFC 2616 requires us to advertise our 1.1 version (but only on real HTTP traffic) */
1570        reply->sline.version = Http::ProtocolVersion(1,1);
1571    }
1572
1573    /* do header conversions */
1574    buildReplyHeader();
1575}
1576
1577/// Safely disposes of an entry pointing to a cache hit that we do not want.
1578/// We cannot just ignore the entry because it may be locking or otherwise
1579/// holding an associated cache resource of some sort.
1580void
1581clientReplyContext::forgetHit()
1582{
1583    StoreEntry *e = http->storeEntry();
1584    assert(e); // or we are not dealing with a hit
1585    // We probably have not locked the entry earlier, unfortunately. We lock it
1586    // now so that we can unlock two lines later (and trigger cleanup).
1587    // Ideally, ClientHttpRequest::storeEntry() should lock/unlock, but it is
1588    // used so inconsistently that simply adding locking there leads to bugs.
1589    e->lock("clientReplyContext::forgetHit");
1590    http->storeEntry(NULL);
1591    e->unlock("clientReplyContext::forgetHit"); // may delete e
1592}
1593
1594void
1595clientReplyContext::identifyStoreObject()
1596{
1597    HttpRequest *r = http->request;
1598
1599    if (r->flags.cachable || r->flags.internal) {
1600        lookingforstore = 5;
1601        StoreEntry::getPublicByRequest (this, r);
1602    } else {
1603        identifyFoundObject (NullStoreEntry::getInstance());
1604    }
1605}
1606
1607/**
1608 * Check state of the current StoreEntry object.
1609 * to see if we can determine the final status of the request.
1610 */
1611void
1612clientReplyContext::identifyFoundObject(StoreEntry *newEntry)
1613{
1614    StoreEntry *e = newEntry;
1615    HttpRequest *r = http->request;
1616
1617    /** \li If the entry received isNull() then we ignore it. */
1618    if (e->isNull()) {
1619        http->storeEntry(NULL);
1620    } else {
1621        http->storeEntry(e);
1622    }
1623
1624    e = http->storeEntry();
1625
1626    /* Release IP-cache entries on reload */
1627    /** \li If the request has no-cache flag set or some no_cache HACK in operation we
1628      * 'invalidate' the cached IP entries for this request ???
1629      */
1630    if (r->flags.noCache || r->flags.noCacheHack())
1631        ipcacheInvalidateNegative(r->GetHost());
1632
1633#if USE_CACHE_DIGESTS
1634    lookup_type = http->storeEntry() ? "HIT" : "MISS";
1635#endif
1636
1637    if (NULL == http->storeEntry()) {
1638        /** \li If no StoreEntry object is current assume this object isn't in the cache set MISS*/
1639        debugs(85, 3, "StoreEntry is NULL -  MISS");
1640        http->logType = LOG_TCP_MISS;
1641        doGetMoreData();
1642        return;
1643    }
1644
1645    if (Config.onoff.offline) {
1646        /** \li If we are running in offline mode set to HIT */
1647        debugs(85, 3, "offline HIT " << *e);
1648        http->logType = LOG_TCP_HIT;
1649        doGetMoreData();
1650        return;
1651    }
1652
1653    if (http->redirect.status) {
1654        /** \li If redirection status is True force this to be a MISS */
1655        debugs(85, 3, "REDIRECT status forced StoreEntry to NULL (no body on 3XX responses) " << *e);
1656        forgetHit();
1657        http->logType = LOG_TCP_REDIRECT;
1658        doGetMoreData();
1659        return;
1660    }
1661
1662    if (!e->validToSend()) {
1663        debugs(85, 3, "!storeEntryValidToSend MISS " << *e);
1664        forgetHit();
1665        http->logType = LOG_TCP_MISS;
1666        doGetMoreData();
1667        return;
1668    }
1669
1670    if (EBIT_TEST(e->flags, ENTRY_SPECIAL)) {
1671        /* \li Special entries are always hits, no matter what the client says */
1672        debugs(85, 3, "ENTRY_SPECIAL HIT " << *e);
1673        http->logType = LOG_TCP_HIT;
1674        doGetMoreData();
1675        return;
1676    }
1677
1678    if (r->flags.noCache) {
1679        debugs(85, 3, "no-cache REFRESH MISS " << *e);
1680        forgetHit();
1681        http->logType = LOG_TCP_CLIENT_REFRESH_MISS;
1682        doGetMoreData();
1683        return;
1684    }
1685
1686    debugs(85, 3, "default HIT " << *e);
1687    http->logType = LOG_TCP_HIT;
1688    doGetMoreData();
1689}
1690
1691/**
1692 * Request more data from the store for the client Stream
1693 * This is *the* entry point to this module.
1694 *
1695 * Preconditions:
1696 *  - This is the head of the list.
1697 *  - There is at least one more node.
1698 *  - Data context is not null
1699 */
1700void
1701clientGetMoreData(clientStreamNode * aNode, ClientHttpRequest * http)
1702{
1703    /* Test preconditions */
1704    assert(aNode != NULL);
1705    assert(cbdataReferenceValid(aNode));
1706    assert(aNode->node.prev == NULL);
1707    assert(aNode->node.next != NULL);
1708    clientReplyContext *context = dynamic_cast<clientReplyContext *>(aNode->data.getRaw());
1709    assert (context);
1710    assert(context->http == http);
1711
1712    clientStreamNode *next = ( clientStreamNode *)aNode->node.next->data;
1713
1714    if (!context->ourNode)
1715        context->ourNode = aNode;
1716
1717    /* no cbdatareference, this is only used once, and safely */
1718    if (context->flags.storelogiccomplete) {
1719        StoreIOBuffer tempBuffer;
1720        tempBuffer.offset = next->readBuffer.offset + context->headers_sz;
1721        tempBuffer.length = next->readBuffer.length;
1722        tempBuffer.data = next->readBuffer.data;
1723
1724        storeClientCopy(context->sc, http->storeEntry(),
1725                        tempBuffer, clientReplyContext::SendMoreData, context);
1726        return;
1727    }
1728
1729    if (context->http->request->method == Http::METHOD_PURGE) {
1730        context->purgeRequest();
1731        return;
1732    }
1733
1734    // OPTIONS with Max-Forwards:0 handled in clientProcessRequest()
1735
1736    if (context->http->request->method == Http::METHOD_TRACE) {
1737        if (context->http->request->header.getInt64(HDR_MAX_FORWARDS) == 0) {
1738            context->traceReply(aNode);
1739            return;
1740        }
1741
1742        /* continue forwarding, not finished yet. */
1743        http->logType = LOG_TCP_MISS;
1744
1745        context->doGetMoreData();
1746    } else
1747        context->identifyStoreObject();
1748}
1749
1750void
1751clientReplyContext::doGetMoreData()
1752{
1753    /* We still have to do store logic processing - vary, cache hit etc */
1754    if (http->storeEntry() != NULL) {
1755        /* someone found the object in the cache for us */
1756        StoreIOBuffer localTempBuffer;
1757
1758        http->storeEntry()->lock("clientReplyContext::doGetMoreData");
1759
1760        MemObject *mem_obj = http->storeEntry()->makeMemObject();
1761        if (!mem_obj->hasUris()) {
1762            /*
1763             * This if-block exists because we don't want to clobber
1764             * a preexiting mem_obj->method value if the mem_obj
1765             * already exists.  For example, when a HEAD request
1766             * is a cache hit for a GET response, we want to keep
1767             * the method as GET.
1768             */
1769            mem_obj->setUris(storeId(), http->log_uri, http->request->method);
1770            /**
1771             * Here we can see if the object was
1772             * created using URL or alternative StoreID from helper.
1773             */
1774            debugs(88, 3, "storeId: " << http->storeEntry()->mem_obj->storeId());
1775        }
1776
1777        sc = storeClientListAdd(http->storeEntry(), this);
1778#if USE_DELAY_POOLS
1779        sc->setDelayId(DelayId::DelayClient(http));
1780#endif
1781
1782        assert(http->logType == LOG_TCP_HIT);
1783        reqofs = 0;
1784        /* guarantee nothing has been sent yet! */
1785        assert(http->out.size == 0);
1786        assert(http->out.offset == 0);
1787
1788        if (Ip::Qos::TheConfig.isHitTosActive()) {
1789            Ip::Qos::doTosLocalHit(http->getConn()->clientConnection);
1790        }
1791
1792        if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
1793            Ip::Qos::doNfmarkLocalHit(http->getConn()->clientConnection);
1794        }
1795
1796        localTempBuffer.offset = reqofs;
1797        localTempBuffer.length = getNextNode()->readBuffer.length;
1798        localTempBuffer.data = getNextNode()->readBuffer.data;
1799        storeClientCopy(sc, http->storeEntry(), localTempBuffer, CacheHit, this);
1800    } else {
1801        /* MISS CASE, http->logType is already set! */
1802        processMiss();
1803    }
1804}
1805
1806/** The next node has removed itself from the stream. */
1807void
1808clientReplyDetach(clientStreamNode * node, ClientHttpRequest * http)
1809{
1810    /** detach from the stream */
1811    clientStreamDetach(node, http);
1812}
1813
1814/**
1815 * Accepts chunk of a http message in buf, parses prefix, filters headers and
1816 * such, writes processed message to the message recipient
1817 */
1818void
1819clientReplyContext::SendMoreData(void *data, StoreIOBuffer result)
1820{
1821    clientReplyContext *context = static_cast<clientReplyContext *>(data);
1822    context->sendMoreData (result);
1823}
1824
1825void
1826clientReplyContext::makeThisHead()
1827{
1828    /* At least, I think thats what this does */
1829    dlinkDelete(&http->active, &ClientActiveRequests);
1830    dlinkAdd(http, &http->active, &ClientActiveRequests);
1831}
1832
1833bool
1834clientReplyContext::errorInStream(StoreIOBuffer const &result, size_t const &sizeToProcess)const
1835{
1836    return /* aborted request */
1837        (http->storeEntry() && EBIT_TEST(http->storeEntry()->flags, ENTRY_ABORTED)) ||
1838        /* Upstream read error */ (result.flags.error) ||
1839        /* Upstream EOF */ (sizeToProcess == 0);
1840}
1841
1842void
1843clientReplyContext::sendStreamError(StoreIOBuffer const &result)
1844{
1845    /** call clientWriteComplete so the client socket gets closed
1846     *
1847     * We call into the stream, because we don't know that there is a
1848     * client socket!
1849     */
1850    debugs(88, 5, "clientReplyContext::sendStreamError: A stream error has occured, marking as complete and sending no data.");
1851    StoreIOBuffer localTempBuffer;
1852    flags.complete = 1;
1853    http->request->flags.streamError = true;
1854    localTempBuffer.flags.error = result.flags.error;
1855    clientStreamCallback((clientStreamNode*)http->client_stream.head->data, http, NULL,
1856                         localTempBuffer);
1857}
1858
1859void
1860clientReplyContext::pushStreamData(StoreIOBuffer const &result, char *source)
1861{
1862    StoreIOBuffer localTempBuffer;
1863
1864    if (result.length == 0) {
1865        debugs(88, 5, "clientReplyContext::pushStreamData: marking request as complete due to 0 length store result");
1866        flags.complete = 1;
1867    }
1868
1869    assert(result.offset - headers_sz == next()->readBuffer.offset);
1870    localTempBuffer.offset = result.offset - headers_sz;
1871    localTempBuffer.length = result.length;
1872
1873    if (localTempBuffer.length)
1874        localTempBuffer.data = source;
1875
1876    clientStreamCallback((clientStreamNode*)http->client_stream.head->data, http, NULL,
1877                         localTempBuffer);
1878}
1879
1880clientStreamNode *
1881clientReplyContext::next() const
1882{
1883    assert ( (clientStreamNode*)http->client_stream.head->next->data == getNextNode());
1884    return getNextNode();
1885}
1886
1887void
1888clientReplyContext::sendBodyTooLargeError()
1889{
1890    Ip::Address tmp_noaddr;
1891    tmp_noaddr.setNoAddr(); // TODO: make a global const
1892    http->logType = LOG_TCP_DENIED_REPLY;
1893    ErrorState *err = clientBuildError(ERR_TOO_BIG, Http::scForbidden, NULL,
1894                                       http->getConn() != NULL ? http->getConn()->clientConnection->remote : tmp_noaddr,
1895                                       http->request);
1896    removeClientStoreReference(&(sc), http);
1897    HTTPMSGUNLOCK(reply);
1898    startError(err);
1899
1900}
1901
1902/// send 412 (Precondition Failed) to client
1903void
1904clientReplyContext::sendPreconditionFailedError()
1905{
1906    http->logType = LOG_TCP_HIT;
1907    ErrorState *const err =
1908        clientBuildError(ERR_PRECONDITION_FAILED, Http::scPreconditionFailed,
1909                         NULL, http->getConn()->clientConnection->remote, http->request);
1910    removeClientStoreReference(&sc, http);
1911    HTTPMSGUNLOCK(reply);
1912    startError(err);
1913}
1914
1915/// send 304 (Not Modified) to client
1916void
1917clientReplyContext::sendNotModified()
1918{
1919    StoreEntry *e = http->storeEntry();
1920    const time_t timestamp = e->timestamp;
1921    HttpReply *const temprep = e->getReply()->make304();
1922    http->logType = LOG_TCP_IMS_HIT;
1923    removeClientStoreReference(&sc, http);
1924    createStoreEntry(http->request->method, RequestFlags());
1925    e = http->storeEntry();
1926    // Copy timestamp from the original entry so the 304
1927    // reply has a meaningful Age: header.
1928    e->timestampsSet();
1929    e->timestamp = timestamp;
1930    e->replaceHttpReply(temprep);
1931    e->complete();
1932    /*
1933     * TODO: why put this in the store and then serialise it and
1934     * then parse it again. Simply mark the request complete in
1935     * our context and write the reply struct to the client side.
1936     */
1937    triggerInitialStoreRead();
1938}
1939
1940/// send 304 (Not Modified) or 412 (Precondition Failed) to client
1941/// depending on request method
1942void
1943clientReplyContext::sendNotModifiedOrPreconditionFailedError()
1944{
1945    if (http->request->method == Http::METHOD_GET ||
1946            http->request->method == Http::METHOD_HEAD)
1947        sendNotModified();
1948    else
1949        sendPreconditionFailedError();
1950}
1951
1952void
1953clientReplyContext::processReplyAccess ()
1954{
1955    /* NP: this should probably soft-fail to a zero-sized-reply error ?? */
1956    assert(reply);
1957
1958    /** Don't block our own responses or HTTP status messages */
1959    if (http->logType == LOG_TCP_DENIED ||
1960            http->logType == LOG_TCP_DENIED_REPLY ||
1961            alwaysAllowResponse(reply->sline.status())) {
1962        headers_sz = reply->hdr_sz;
1963        processReplyAccessResult(ACCESS_ALLOWED);
1964        return;
1965    }
1966
1967    /** Check for reply to big error */
1968    if (reply->expectedBodyTooLarge(*http->request)) {
1969        sendBodyTooLargeError();
1970        return;
1971    }
1972
1973    headers_sz = reply->hdr_sz;
1974
1975    /** check for absent access controls (permit by default) */
1976    if (!Config.accessList.reply) {
1977        processReplyAccessResult(ACCESS_ALLOWED);
1978        return;
1979    }
1980
1981    /** Process http_reply_access lists */
1982    ACLFilledChecklist *replyChecklist =
1983        clientAclChecklistCreate(Config.accessList.reply, http);
1984    replyChecklist->reply = reply;
1985    HTTPMSGLOCK(replyChecklist->reply);
1986    replyChecklist->nonBlockingCheck(ProcessReplyAccessResult, this);
1987}
1988
1989void
1990clientReplyContext::ProcessReplyAccessResult(allow_t rv, void *voidMe)
1991{
1992    clientReplyContext *me = static_cast<clientReplyContext *>(voidMe);
1993    me->processReplyAccessResult(rv);
1994}
1995
1996void
1997clientReplyContext::processReplyAccessResult(const allow_t &accessAllowed)
1998{
1999    debugs(88, 2, "The reply for " << http->request->method
2000           << ' ' << http->uri << " is " << accessAllowed << ", because it matched "
2001           << (AclMatchedName ? AclMatchedName : "NO ACL's"));
2002
2003    if (accessAllowed != ACCESS_ALLOWED) {
2004        ErrorState *err;
2005        err_type page_id;
2006        page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, 1);
2007
2008        http->logType = LOG_TCP_DENIED_REPLY;
2009
2010        if (page_id == ERR_NONE)
2011            page_id = ERR_ACCESS_DENIED;
2012
2013        Ip::Address tmp_noaddr;
2014        tmp_noaddr.setNoAddr();
2015        err = clientBuildError(page_id, Http::scForbidden, NULL,
2016                               http->getConn() != NULL ? http->getConn()->clientConnection->remote : tmp_noaddr,
2017                               http->request);
2018
2019        removeClientStoreReference(&sc, http);
2020
2021        HTTPMSGUNLOCK(reply);
2022
2023        startError(err);
2024
2025        return;
2026    }
2027
2028    /* Ok, the reply is allowed, */
2029    http->loggingEntry(http->storeEntry());
2030
2031    ssize_t body_size = reqofs - reply->hdr_sz;
2032    if (body_size < 0) {
2033        reqofs = reply->hdr_sz;
2034        body_size = 0;
2035    }
2036
2037    debugs(88, 3, "clientReplyContext::sendMoreData: Appending " <<
2038           (int) body_size << " bytes after " << reply->hdr_sz <<
2039           " bytes of headers");
2040
2041#if USE_SQUID_ESI
2042
2043    if (http->flags.accel && reply->sline.status() != Http::scForbidden &&
2044            !alwaysAllowResponse(reply->sline.status()) &&
2045            esiEnableProcessing(reply)) {
2046        debugs(88, 2, "Enabling ESI processing for " << http->uri);
2047        clientStreamInsertHead(&http->client_stream, esiStreamRead,
2048                               esiProcessStream, esiStreamDetach, esiStreamStatus, NULL);
2049    }
2050
2051#endif
2052
2053    if (http->request->method == Http::METHOD_HEAD) {
2054        /* do not forward body for HEAD replies */
2055        body_size = 0;
2056        http->flags.done_copying = true;
2057        flags.complete = 1;
2058    }
2059
2060    assert (!flags.headersSent);
2061    flags.headersSent = true;
2062
2063    StoreIOBuffer localTempBuffer;
2064    char *buf = next()->readBuffer.data;
2065    char *body_buf = buf + reply->hdr_sz;
2066
2067    //Server side may disable ranges under some circumstances.
2068
2069    if ((!http->request->range))
2070        next()->readBuffer.offset = 0;
2071
2072    body_buf -= next()->readBuffer.offset;
2073
2074    if (next()->readBuffer.offset != 0) {
2075        if (next()->readBuffer.offset > body_size) {
2076            /* Can't use any of the body we received. send nothing */
2077            localTempBuffer.length = 0;
2078            localTempBuffer.data = NULL;
2079        } else {
2080            localTempBuffer.length = body_size - next()->readBuffer.offset;
2081            localTempBuffer.data = body_buf + next()->readBuffer.offset;
2082        }
2083    } else {
2084        localTempBuffer.length = body_size;
2085        localTempBuffer.data = body_buf;
2086    }
2087
2088    /* TODO??: move the data in the buffer back by the request header size */
2089    clientStreamCallback((clientStreamNode *)http->client_stream.head->data,
2090                         http, reply, localTempBuffer);
2091
2092    return;
2093}
2094
2095void
2096clientReplyContext::sendMoreData (StoreIOBuffer result)
2097{
2098    if (deleting)
2099        return;
2100
2101    StoreEntry *entry = http->storeEntry();
2102
2103    ConnStateData * conn = http->getConn();
2104
2105    // too late, our conn is closing
2106    // TODO: should we also quit?
2107    if (conn == NULL) {
2108        debugs(33,3, "not sending more data to a closed connection" );
2109        return;
2110    }
2111    if (!conn->isOpen()) {
2112        debugs(33,3, "not sending more data to closing connection " << conn->clientConnection);
2113        return;
2114    }
2115    if (conn->pinning.zeroReply) {
2116        debugs(33,3, "not sending more data after a pinned zero reply " << conn->clientConnection);
2117        return;
2118    }
2119
2120    char *buf = next()->readBuffer.data;
2121
2122    if (buf != result.data) {
2123        /* we've got to copy some data */
2124        assert(result.length <= next()->readBuffer.length);
2125        memcpy(buf, result.data, result.length);
2126    }
2127
2128    if (reqofs==0 && !logTypeIsATcpHit(http->logType) && Comm::IsConnOpen(conn->clientConnection)) {
2129        if (Ip::Qos::TheConfig.isHitTosActive()) {
2130            Ip::Qos::doTosLocalMiss(conn->clientConnection, http->request->hier.code);
2131        }
2132        if (Ip::Qos::TheConfig.isHitNfmarkActive()) {
2133            Ip::Qos::doNfmarkLocalMiss(conn->clientConnection, http->request->hier.code);
2134        }
2135    }
2136
2137    /* We've got the final data to start pushing... */
2138    flags.storelogiccomplete = 1;
2139
2140    reqofs += result.length;
2141
2142    assert(reqofs <= HTTP_REQBUF_SZ || flags.headersSent);
2143
2144    assert(http->request != NULL);
2145
2146    /* ESI TODO: remove this assert once everything is stable */
2147    assert(http->client_stream.head->data
2148           && cbdataReferenceValid(http->client_stream.head->data));
2149
2150    makeThisHead();
2151
2152    debugs(88, 5, "clientReplyContext::sendMoreData: " << http->uri << ", " <<
2153           reqofs << " bytes (" << result.length <<
2154           " new bytes)");
2155    debugs(88, 5, "clientReplyContext::sendMoreData:"
2156           << conn->clientConnection <<
2157           " '" << entry->url() << "'" <<
2158           " out.offset=" << http->out.offset);
2159
2160    /* update size of the request */
2161    reqsize = reqofs;
2162
2163    if (errorInStream(result, reqofs)) {
2164        sendStreamError(result);
2165        return;
2166    }
2167
2168    if (flags.headersSent) {
2169        pushStreamData (result, buf);
2170        return;
2171    }
2172
2173    cloneReply();
2174
2175    /* handle headers */
2176
2177    if (Config.onoff.log_mime_hdrs) {
2178        size_t k;
2179
2180        if ((k = headersEnd(buf, reqofs))) {
2181            safe_free(http->al->headers.reply);
2182            http->al->headers.reply = (char *)xcalloc(k + 1, 1);
2183            xstrncpy(http->al->headers.reply, buf, k);
2184        }
2185    }
2186
2187    holdingBuffer = result;
2188    processReplyAccess();
2189    return;
2190}
2191
2192/* Using this breaks the client layering just a little!
2193 */
2194void
2195clientReplyContext::createStoreEntry(const HttpRequestMethod& m, RequestFlags reqFlags)
2196{
2197    assert(http != NULL);
2198    /*
2199     * For erroneous requests, we might not have a h->request,
2200     * so make a fake one.
2201     */
2202
2203    if (http->request == NULL) {
2204        http->request = new HttpRequest(m, AnyP::PROTO_NONE, null_string);
2205        HTTPMSGLOCK(http->request);
2206    }
2207
2208    StoreEntry *e = storeCreateEntry(storeId(), http->log_uri, reqFlags, m);
2209
2210    // Make entry collapsable ASAP, to increase collapsing chances for others,
2211    // TODO: every must-revalidate and similar request MUST reach the origin,
2212    // but do we have to prohibit others from collapsing on that request?
2213    if (Config.onoff.collapsed_forwarding && reqFlags.cachable &&
2214            !reqFlags.needValidation &&
2215            (m == Http::METHOD_GET || m == Http::METHOD_HEAD)) {
2216        // make the entry available for future requests now
2217        Store::Root().allowCollapsing(e, reqFlags, m);
2218    }
2219
2220    sc = storeClientListAdd(e, this);
2221
2222#if USE_DELAY_POOLS
2223    sc->setDelayId(DelayId::DelayClient(http));
2224#endif
2225
2226    reqofs = 0;
2227
2228    reqsize = 0;
2229
2230    /* I don't think this is actually needed! -- adrian */
2231    /* http->reqbuf = http->norm_reqbuf; */
2232    //    assert(http->reqbuf == http->norm_reqbuf);
2233    /* The next line is illegal because we don't know if the client stream
2234     * buffers have been set up
2235     */
2236    //    storeClientCopy(http->sc, e, 0, HTTP_REQBUF_SZ, http->reqbuf,
2237    //        SendMoreData, this);
2238    /* So, we mark the store logic as complete */
2239    flags.storelogiccomplete = 1;
2240
2241    /* and get the caller to request a read, from whereever they are */
2242    /* NOTE: after ANY data flows down the pipe, even one step,
2243     * this function CAN NOT be used to manage errors
2244     */
2245    http->storeEntry(e);
2246}
2247
2248ErrorState *
2249clientBuildError(err_type page_id, Http::StatusCode status, char const *url,
2250                 Ip::Address &src_addr, HttpRequest * request)
2251{
2252    ErrorState *err = new ErrorState(page_id, status, request);
2253    err->src_addr = src_addr;
2254
2255    if (url)
2256        err->url = xstrdup(url);
2257
2258    return err;
2259}
2260
Note: See TracBrowser for help on using the repository browser.