|
Lines 1-5
Link Here
|
| 1 |
--- ./modules/proxy/mod_proxy_connect.c.orig 2009-11-19 09:07:46.000000000 -0500 |
1 |
--- ./modules/proxy/mod_proxy_connect.c.orig 2010-12-08 20:31:34.000000000 +0100 |
| 2 |
+++ ./modules/proxy/mod_proxy_connect.c 2010-05-06 19:37:54.227730259 -0400 |
2 |
+++ ./modules/proxy/mod_proxy_connect.c 2012-02-02 17:12:20.000000000 +0100 |
| 3 |
@@ -21,6 +21,8 @@ |
3 |
@@ -21,6 +21,8 @@ |
| 4 |
#include "mod_proxy.h" |
4 |
#include "mod_proxy.h" |
| 5 |
#include "apr_poll.h" |
5 |
#include "apr_poll.h" |
|
Lines 25-51
Link Here
|
| 25 |
+ do { |
25 |
+ do { |
| 26 |
+ apr_brigade_cleanup(bb); |
26 |
+ apr_brigade_cleanup(bb); |
| 27 |
+ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES, |
27 |
+ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES, |
| 28 |
+ APR_NONBLOCK_READ, CONN_BLKSZ); |
28 |
+ APR_NONBLOCK_READ, CONN_BLKSZ); |
| 29 |
+ if (rv == APR_SUCCESS) { |
29 |
+ if (rv == APR_SUCCESS) { |
| 30 |
+ if (APR_BRIGADE_EMPTY(bb)) |
30 |
+ if (APR_BRIGADE_EMPTY(bb)) |
| 31 |
+ break; |
31 |
+ break; |
| 32 |
+#ifdef DEBUGGING |
32 |
+#ifdef DEBUGGING |
| 33 |
+ len = -1; |
33 |
+ len = -1; |
| 34 |
+ apr_brigade_length(bb, 0, &len); |
34 |
+ apr_brigade_length(bb, 0, &len); |
| 35 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
35 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 36 |
+ "proxy: CONNECT: read %" APR_OFF_T_FMT |
36 |
+ "proxy: CONNECT: read %" APR_OFF_T_FMT |
| 37 |
+ " bytes from %s", len, name); |
37 |
+ " bytes from %s", len, name); |
| 38 |
+#endif |
38 |
+#endif |
| 39 |
+ rv = ap_pass_brigade(c_o->output_filters, bb); |
39 |
+ rv = ap_pass_brigade(c_o->output_filters, bb); |
| 40 |
+ if (rv == APR_SUCCESS) { |
40 |
+ if (rv == APR_SUCCESS) { |
| 41 |
+ ap_fflush(c_o->output_filters, bb); |
41 |
+ ap_fflush(c_o->output_filters, bb); |
| 42 |
+ } else { |
42 |
+ } else { |
| 43 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
43 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| 44 |
+ "proxy: CONNECT: error on %s - ap_pass_brigade", |
44 |
+ "proxy: CONNECT: error on %s - ap_pass_brigade", |
| 45 |
+ name); |
45 |
+ name); |
| 46 |
+ } |
46 |
+ } |
| 47 |
+ } else if (!APR_STATUS_IS_EAGAIN(rv)) { |
47 |
+ } else if (!APR_STATUS_IS_EAGAIN(rv)) { |
| 48 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, |
48 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, |
| 49 |
+ "proxy: CONNECT: error on %s - ap_get_brigade", |
49 |
+ "proxy: CONNECT: error on %s - ap_get_brigade", |
| 50 |
+ name); |
50 |
+ name); |
| 51 |
+ } |
51 |
+ } |
|
Lines 69-76
Link Here
|
| 69 |
+ |
69 |
+ |
| 70 |
+ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); |
70 |
+ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); |
| 71 |
apr_status_t err, rv; |
71 |
apr_status_t err, rv; |
| 72 |
- apr_size_t i, o, nbytes; |
72 |
apr_size_t i, o, nbytes; |
| 73 |
+ apr_size_t nbytes; |
|
|
| 74 |
char buffer[HUGE_STRING_LEN]; |
73 |
char buffer[HUGE_STRING_LEN]; |
| 75 |
- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); |
74 |
- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); |
| 76 |
- int failed; |
75 |
- int failed; |
|
Lines 85-109
Link Here
|
| 85 |
default: |
84 |
default: |
| 86 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
85 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
| 87 |
- return HTTP_FORBIDDEN; |
86 |
- return HTTP_FORBIDDEN; |
| 88 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
87 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
| 89 |
} |
88 |
} |
| 90 |
} else if(!allowed_port(conf, uri.port)) { |
89 |
} else if(!allowed_port(conf, uri.port)) { |
| 91 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
90 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
| 92 |
- return HTTP_FORBIDDEN; |
91 |
- return HTTP_FORBIDDEN; |
| 93 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
92 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
| 94 |
} |
93 |
} |
| 95 |
|
94 |
|
| 96 |
/* |
95 |
/* |
| 97 |
@@ -205,18 +253,57 @@ |
96 |
@@ -205,19 +253,57 @@ |
| 98 |
} |
97 |
} |
| 99 |
} |
98 |
} |
| 100 |
|
99 |
|
| 101 |
+ /* setup polling for connection */ |
100 |
+ /* setup polling for connection */ |
| 102 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
101 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 103 |
+ "proxy: CONNECT: setting up poll()"); |
102 |
+ "proxy: CONNECT: setting up poll()"); |
| 104 |
+ |
103 |
+ |
| 105 |
+ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
104 |
+ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
| 106 |
+ apr_socket_close(sock); |
105 |
+ apr_socket_close(sock); |
| 107 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
106 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| 108 |
+ "proxy: CONNECT: error apr_pollset_create()"); |
107 |
+ "proxy: CONNECT: error apr_pollset_create()"); |
| 109 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
108 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
|
Lines 133-206
Link Here
|
| 133 |
- */ |
132 |
- */ |
| 134 |
- r->output_filters = NULL; |
133 |
- r->output_filters = NULL; |
| 135 |
- r->connection->output_filters = NULL; |
134 |
- r->connection->output_filters = NULL; |
|
|
135 |
- |
| 136 |
+ backconn = ap_run_create_connection(c->pool, r->server, sock, |
136 |
+ backconn = ap_run_create_connection(c->pool, r->server, sock, |
| 137 |
+ c->id, c->sbh, c->bucket_alloc); |
137 |
+ c->id, c->sbh, c->bucket_alloc); |
| 138 |
+ if (!backconn) { |
138 |
+ if (!backconn) { |
| 139 |
+ /* peer reset */ |
139 |
+ /* peer reset */ |
| 140 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
140 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
| 141 |
+ "proxy: an error occurred creating a new connection " |
141 |
+ "proxy: an error occurred creating a new connection " |
| 142 |
+ "to %pI (%s)", connect_addr, connectname); |
142 |
+ "to %pI (%s)", connect_addr, connectname); |
| 143 |
+ apr_socket_close(sock); |
143 |
+ apr_socket_close(sock); |
| 144 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
144 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
| 145 |
+ } |
145 |
+ } |
| 146 |
+ ap_proxy_ssl_disable(backconn); |
146 |
+ ap_proxy_ssl_disable(backconn); |
| 147 |
+ rc = ap_run_pre_connection(backconn, sock); |
147 |
+ rc = ap_run_pre_connection(backconn, sock); |
| 148 |
+ if (rc != OK && rc != DONE) { |
148 |
+ if (rc != OK && rc != DONE) { |
| 149 |
+ backconn->aborted = 1; |
149 |
+ backconn->aborted = 1; |
| 150 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
|
|
| 151 |
+ "proxy: CONNECT: pre_connection setup failed (%d)", rc); |
| 152 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
| 153 |
+ } |
| 154 |
+ |
| 155 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
150 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 156 |
+ "proxy: CONNECT: connection complete to %pI (%s)", |
151 |
+ "proxy: CONNECT: pre_connection setup failed (%d)", rc); |
| 157 |
+ connect_addr, connectname); |
152 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
| 158 |
|
153 |
+ } |
|
|
154 |
+ |
| 155 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 156 |
+ "proxy: CONNECT: connection complete to %pI (%s)", |
| 157 |
+ connect_addr, connectname); |
| 159 |
|
158 |
|
| 160 |
/* If we are connecting through a remote proxy, we need to pass |
159 |
/* If we are connecting through a remote proxy, we need to pass |
| 161 |
@@ -227,12 +314,11 @@ |
160 |
* the CONNECT request on to it. |
|
|
161 |
@@ -227,12 +313,11 @@ |
| 162 |
*/ |
162 |
*/ |
| 163 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
163 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 164 |
"proxy: CONNECT: sending the CONNECT request to the remote proxy"); |
164 |
"proxy: CONNECT: sending the CONNECT request to the remote proxy"); |
| 165 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
165 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
| 166 |
+ ap_fprintf(backconn->output_filters, bb, |
166 |
+ ap_fprintf(backconn->output_filters, bb, |
| 167 |
"CONNECT %s HTTP/1.0" CRLF, r->uri); |
167 |
"CONNECT %s HTTP/1.0" CRLF, r->uri); |
| 168 |
- apr_socket_send(sock, buffer, &nbytes); |
168 |
- apr_socket_send(sock, buffer, &nbytes); |
| 169 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
169 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
| 170 |
- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
170 |
- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
| 171 |
- apr_socket_send(sock, buffer, &nbytes); |
171 |
- apr_socket_send(sock, buffer, &nbytes); |
| 172 |
+ ap_fprintf(backconn->output_filters, bb, |
172 |
+ ap_fprintf(backconn->output_filters, bb, |
| 173 |
+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); |
173 |
+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); |
| 174 |
+ ap_fflush(backconn->output_filters, bb); |
174 |
+ ap_fflush(backconn->output_filters, bb); |
| 175 |
} |
175 |
} |
| 176 |
else { |
176 |
else { |
| 177 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
177 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 178 |
@@ -240,11 +326,12 @@ |
178 |
@@ -240,11 +325,12 @@ |
| 179 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
179 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
| 180 |
"HTTP/1.0 200 Connection Established" CRLF); |
180 |
"HTTP/1.0 200 Connection Established" CRLF); |
| 181 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
181 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
| 182 |
- apr_socket_send(client_socket, buffer, &nbytes); |
182 |
- apr_socket_send(client_socket, buffer, &nbytes); |
| 183 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
183 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
| 184 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
184 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
| 185 |
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
185 |
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
| 186 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
186 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
| 187 |
- apr_socket_send(client_socket, buffer, &nbytes); |
187 |
- apr_socket_send(client_socket, buffer, &nbytes); |
| 188 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
188 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
| 189 |
+ ap_fflush(c->output_filters, bb); |
189 |
+ ap_fflush(c->output_filters, bb); |
| 190 |
#if 0 |
190 |
#if 0 |
| 191 |
/* This is safer code, but it doesn't work yet. I'm leaving it |
191 |
/* This is safer code, but it doesn't work yet. I'm leaving it |
| 192 |
* here so that I can fix it later. |
192 |
* here so that I can fix it later. |
| 193 |
@@ -265,27 +352,15 @@ |
193 |
@@ -264,28 +350,16 @@ |
|
|
194 |
* |
| 194 |
* Handle two way transfer of data over the socket (this is a tunnel). |
195 |
* Handle two way transfer of data over the socket (this is a tunnel). |
| 195 |
*/ |
196 |
*/ |
|
|
197 |
+ /* we are now acting as a tunnel - the input/output filter stacks should |
| 198 |
+ * not contain any non-connection filters. |
| 199 |
+ */ |
| 200 |
+ r->output_filters = c->output_filters; |
| 201 |
+ r->proto_output_filters = c->output_filters; |
| 202 |
+ r->input_filters = c->input_filters; |
| 203 |
+ r->proto_input_filters = c->input_filters; |
| 196 |
|
204 |
|
| 197 |
+ /* we are now acting as a tunnel - the input/output filter stacks should |
|
|
| 198 |
+ * not contain any non-connection filters. |
| 199 |
+ */ |
| 200 |
+ r->output_filters = c->output_filters; |
| 201 |
+ r->proto_output_filters = c->output_filters; |
| 202 |
+ r->input_filters = c->input_filters; |
| 203 |
+ r->proto_input_filters = c->input_filters; |
| 204 |
/* r->sent_bodyct = 1;*/ |
205 |
/* r->sent_bodyct = 1;*/ |
| 205 |
|
206 |
|
| 206 |
- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
207 |
- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
|
Lines 224-231
Link Here
|
| 224 |
- |
225 |
- |
| 225 |
while (1) { /* Infinite loop until error (one side closes the connection) */ |
226 |
while (1) { /* Infinite loop until error (one side closes the connection) */ |
| 226 |
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { |
227 |
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { |
| 227 |
apr_socket_close(sock); |
228 |
if (APR_STATUS_IS_EINTR(rv)) { |
| 228 |
@@ -294,7 +369,7 @@ |
229 |
@@ -297,7 +371,7 @@ |
| 229 |
} |
230 |
} |
| 230 |
#ifdef DEBUGGING |
231 |
#ifdef DEBUGGING |
| 231 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
232 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
|
Lines 234-246
Link Here
|
| 234 |
#endif |
235 |
#endif |
| 235 |
|
236 |
|
| 236 |
for (pi = 0; pi < pollcnt; pi++) { |
237 |
for (pi = 0; pi < pollcnt; pi++) { |
| 237 |
@@ -304,72 +379,32 @@ |
238 |
@@ -307,72 +381,31 @@ |
| 238 |
pollevent = cur->rtnevents; |
239 |
pollevent = cur->rtnevents; |
| 239 |
if (pollevent & APR_POLLIN) { |
240 |
if (pollevent & APR_POLLIN) { |
| 240 |
#ifdef DEBUGGING |
241 |
#ifdef DEBUGGING |
| 241 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
242 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 242 |
- "proxy: CONNECT: sock was set"); |
243 |
- "proxy: CONNECT: sock was set"); |
| 243 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
244 |
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 244 |
+ "proxy: CONNECT: sock was readable"); |
245 |
+ "proxy: CONNECT: sock was readable"); |
| 245 |
#endif |
246 |
#endif |
| 246 |
- nbytes = sizeof(buffer); |
247 |
- nbytes = sizeof(buffer); |
|
Lines 267-275
Link Here
|
| 267 |
} |
268 |
} |
| 268 |
- else |
269 |
- else |
| 269 |
- break; |
270 |
- break; |
| 270 |
+ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { |
271 |
+ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { |
| 271 |
+ rv = APR_EPIPE; |
272 |
+ rv = APR_EPIPE; |
| 272 |
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn"); |
273 |
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn"); |
| 273 |
} |
274 |
} |
| 274 |
- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) |
275 |
- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) |
| 275 |
- break; |
276 |
- break; |
|
Lines 289-296
Link Here
|
| 289 |
-#ifdef DEBUGGING |
290 |
-#ifdef DEBUGGING |
| 290 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
291 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 291 |
- "proxy: CONNECT: read %d from client", i); |
292 |
- "proxy: CONNECT: read %d from client", i); |
| 292 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
293 |
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 293 |
+ "proxy: CONNECT: client was readable"); |
294 |
+ "proxy: CONNECT: client was readable"); |
| 294 |
#endif |
295 |
#endif |
| 295 |
- while(i > 0) |
296 |
- while(i > 0) |
| 296 |
- { |
297 |
- { |
|
Lines 310-327
Link Here
|
| 310 |
- rv = APR_EOF; |
311 |
- rv = APR_EOF; |
| 311 |
- break; |
312 |
- break; |
| 312 |
} |
313 |
} |
| 313 |
+ else { |
314 |
+ else { |
| 314 |
+ rv = APR_EBADF; |
315 |
+ rv = APR_EBADF; |
| 315 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
316 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
| 316 |
+ "proxy: CONNECT: unknown socket in pollset"); |
317 |
+ "proxy: CONNECT: unknown socket in pollset"); |
| 317 |
} |
318 |
} |
| 318 |
- else |
319 |
- else |
| 319 |
- break; |
320 |
- break; |
| 320 |
+ |
|
|
| 321 |
} |
321 |
} |
| 322 |
if (rv != APR_SUCCESS) { |
322 |
if (rv != APR_SUCCESS) { |
| 323 |
break; |
323 |
break; |
| 324 |
@@ -385,7 +420,9 @@ |
324 |
@@ -388,7 +421,9 @@ |
| 325 |
* Close the socket and clean up |
325 |
* Close the socket and clean up |
| 326 |
*/ |
326 |
*/ |