Lines 1-5
Link Here
|
1 |
--- ./modules/proxy/mod_proxy_connect.c.orig 2009-11-19 09:07:46.000000000 -0500 |
1 |
--- ./modules/proxy/mod_proxy_connect.c.orig 2010-12-08 20:31:34.000000000 +0100 |
2 |
+++ ./modules/proxy/mod_proxy_connect.c 2010-05-06 19:37:54.227730259 -0400 |
2 |
+++ ./modules/proxy/mod_proxy_connect.c 2012-02-02 17:12:20.000000000 +0100 |
3 |
@@ -21,6 +21,8 @@ |
3 |
@@ -21,6 +21,8 @@ |
4 |
#include "mod_proxy.h" |
4 |
#include "mod_proxy.h" |
5 |
#include "apr_poll.h" |
5 |
#include "apr_poll.h" |
Lines 25-51
Link Here
|
25 |
+ do { |
25 |
+ do { |
26 |
+ apr_brigade_cleanup(bb); |
26 |
+ apr_brigade_cleanup(bb); |
27 |
+ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES, |
27 |
+ rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES, |
28 |
+ APR_NONBLOCK_READ, CONN_BLKSZ); |
28 |
+ APR_NONBLOCK_READ, CONN_BLKSZ); |
29 |
+ if (rv == APR_SUCCESS) { |
29 |
+ if (rv == APR_SUCCESS) { |
30 |
+ if (APR_BRIGADE_EMPTY(bb)) |
30 |
+ if (APR_BRIGADE_EMPTY(bb)) |
31 |
+ break; |
31 |
+ break; |
32 |
+#ifdef DEBUGGING |
32 |
+#ifdef DEBUGGING |
33 |
+ len = -1; |
33 |
+ len = -1; |
34 |
+ apr_brigade_length(bb, 0, &len); |
34 |
+ apr_brigade_length(bb, 0, &len); |
35 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
35 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
36 |
+ "proxy: CONNECT: read %" APR_OFF_T_FMT |
36 |
+ "proxy: CONNECT: read %" APR_OFF_T_FMT |
37 |
+ " bytes from %s", len, name); |
37 |
+ " bytes from %s", len, name); |
38 |
+#endif |
38 |
+#endif |
39 |
+ rv = ap_pass_brigade(c_o->output_filters, bb); |
39 |
+ rv = ap_pass_brigade(c_o->output_filters, bb); |
40 |
+ if (rv == APR_SUCCESS) { |
40 |
+ if (rv == APR_SUCCESS) { |
41 |
+ ap_fflush(c_o->output_filters, bb); |
41 |
+ ap_fflush(c_o->output_filters, bb); |
42 |
+ } else { |
42 |
+ } else { |
43 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
43 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
44 |
+ "proxy: CONNECT: error on %s - ap_pass_brigade", |
44 |
+ "proxy: CONNECT: error on %s - ap_pass_brigade", |
45 |
+ name); |
45 |
+ name); |
46 |
+ } |
46 |
+ } |
47 |
+ } else if (!APR_STATUS_IS_EAGAIN(rv)) { |
47 |
+ } else if (!APR_STATUS_IS_EAGAIN(rv)) { |
48 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, |
48 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, |
49 |
+ "proxy: CONNECT: error on %s - ap_get_brigade", |
49 |
+ "proxy: CONNECT: error on %s - ap_get_brigade", |
50 |
+ name); |
50 |
+ name); |
51 |
+ } |
51 |
+ } |
Lines 69-76
Link Here
|
69 |
+ |
69 |
+ |
70 |
+ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); |
70 |
+ apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); |
71 |
apr_status_t err, rv; |
71 |
apr_status_t err, rv; |
72 |
- apr_size_t i, o, nbytes; |
72 |
apr_size_t i, o, nbytes; |
73 |
+ apr_size_t nbytes; |
|
|
74 |
char buffer[HUGE_STRING_LEN]; |
73 |
char buffer[HUGE_STRING_LEN]; |
75 |
- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); |
74 |
- apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); |
76 |
- int failed; |
75 |
- int failed; |
Lines 85-109
Link Here
|
85 |
default: |
84 |
default: |
86 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
85 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
87 |
- return HTTP_FORBIDDEN; |
86 |
- return HTTP_FORBIDDEN; |
88 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
87 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
89 |
} |
88 |
} |
90 |
} else if(!allowed_port(conf, uri.port)) { |
89 |
} else if(!allowed_port(conf, uri.port)) { |
91 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
90 |
- /* XXX can we call ap_proxyerror() here to get a nice log message? */ |
92 |
- return HTTP_FORBIDDEN; |
91 |
- return HTTP_FORBIDDEN; |
93 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
92 |
+ return ap_proxyerror(r, HTTP_FORBIDDEN, "Connect to remote machine blocked"); |
94 |
} |
93 |
} |
95 |
|
94 |
|
96 |
/* |
95 |
/* |
97 |
@@ -205,18 +253,57 @@ |
96 |
@@ -205,19 +253,57 @@ |
98 |
} |
97 |
} |
99 |
} |
98 |
} |
100 |
|
99 |
|
101 |
+ /* setup polling for connection */ |
100 |
+ /* setup polling for connection */ |
102 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
101 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
103 |
+ "proxy: CONNECT: setting up poll()"); |
102 |
+ "proxy: CONNECT: setting up poll()"); |
104 |
+ |
103 |
+ |
105 |
+ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
104 |
+ if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
106 |
+ apr_socket_close(sock); |
105 |
+ apr_socket_close(sock); |
107 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
106 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
108 |
+ "proxy: CONNECT: error apr_pollset_create()"); |
107 |
+ "proxy: CONNECT: error apr_pollset_create()"); |
109 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
108 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
Lines 133-206
Link Here
|
133 |
- */ |
132 |
- */ |
134 |
- r->output_filters = NULL; |
133 |
- r->output_filters = NULL; |
135 |
- r->connection->output_filters = NULL; |
134 |
- r->connection->output_filters = NULL; |
|
|
135 |
- |
136 |
+ backconn = ap_run_create_connection(c->pool, r->server, sock, |
136 |
+ backconn = ap_run_create_connection(c->pool, r->server, sock, |
137 |
+ c->id, c->sbh, c->bucket_alloc); |
137 |
+ c->id, c->sbh, c->bucket_alloc); |
138 |
+ if (!backconn) { |
138 |
+ if (!backconn) { |
139 |
+ /* peer reset */ |
139 |
+ /* peer reset */ |
140 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
140 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
141 |
+ "proxy: an error occurred creating a new connection " |
141 |
+ "proxy: an error occurred creating a new connection " |
142 |
+ "to %pI (%s)", connect_addr, connectname); |
142 |
+ "to %pI (%s)", connect_addr, connectname); |
143 |
+ apr_socket_close(sock); |
143 |
+ apr_socket_close(sock); |
144 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
144 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
145 |
+ } |
145 |
+ } |
146 |
+ ap_proxy_ssl_disable(backconn); |
146 |
+ ap_proxy_ssl_disable(backconn); |
147 |
+ rc = ap_run_pre_connection(backconn, sock); |
147 |
+ rc = ap_run_pre_connection(backconn, sock); |
148 |
+ if (rc != OK && rc != DONE) { |
148 |
+ if (rc != OK && rc != DONE) { |
149 |
+ backconn->aborted = 1; |
149 |
+ backconn->aborted = 1; |
150 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
|
|
151 |
+ "proxy: CONNECT: pre_connection setup failed (%d)", rc); |
152 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
153 |
+ } |
154 |
+ |
155 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
150 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
156 |
+ "proxy: CONNECT: connection complete to %pI (%s)", |
151 |
+ "proxy: CONNECT: pre_connection setup failed (%d)", rc); |
157 |
+ connect_addr, connectname); |
152 |
+ return HTTP_INTERNAL_SERVER_ERROR; |
158 |
|
153 |
+ } |
|
|
154 |
+ |
155 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
156 |
+ "proxy: CONNECT: connection complete to %pI (%s)", |
157 |
+ connect_addr, connectname); |
159 |
|
158 |
|
160 |
/* If we are connecting through a remote proxy, we need to pass |
159 |
/* If we are connecting through a remote proxy, we need to pass |
161 |
@@ -227,12 +314,11 @@ |
160 |
* the CONNECT request on to it. |
|
|
161 |
@@ -227,12 +313,11 @@ |
162 |
*/ |
162 |
*/ |
163 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
163 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
164 |
"proxy: CONNECT: sending the CONNECT request to the remote proxy"); |
164 |
"proxy: CONNECT: sending the CONNECT request to the remote proxy"); |
165 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
165 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
166 |
+ ap_fprintf(backconn->output_filters, bb, |
166 |
+ ap_fprintf(backconn->output_filters, bb, |
167 |
"CONNECT %s HTTP/1.0" CRLF, r->uri); |
167 |
"CONNECT %s HTTP/1.0" CRLF, r->uri); |
168 |
- apr_socket_send(sock, buffer, &nbytes); |
168 |
- apr_socket_send(sock, buffer, &nbytes); |
169 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
169 |
- nbytes = apr_snprintf(buffer, sizeof(buffer), |
170 |
- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
170 |
- "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
171 |
- apr_socket_send(sock, buffer, &nbytes); |
171 |
- apr_socket_send(sock, buffer, &nbytes); |
172 |
+ ap_fprintf(backconn->output_filters, bb, |
172 |
+ ap_fprintf(backconn->output_filters, bb, |
173 |
+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); |
173 |
+ "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); |
174 |
+ ap_fflush(backconn->output_filters, bb); |
174 |
+ ap_fflush(backconn->output_filters, bb); |
175 |
} |
175 |
} |
176 |
else { |
176 |
else { |
177 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
177 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
178 |
@@ -240,11 +326,12 @@ |
178 |
@@ -240,11 +325,12 @@ |
179 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
179 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
180 |
"HTTP/1.0 200 Connection Established" CRLF); |
180 |
"HTTP/1.0 200 Connection Established" CRLF); |
181 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
181 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
182 |
- apr_socket_send(client_socket, buffer, &nbytes); |
182 |
- apr_socket_send(client_socket, buffer, &nbytes); |
183 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
183 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
184 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
184 |
nbytes = apr_snprintf(buffer, sizeof(buffer), |
185 |
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
185 |
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); |
186 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
186 |
ap_xlate_proto_to_ascii(buffer, nbytes); |
187 |
- apr_socket_send(client_socket, buffer, &nbytes); |
187 |
- apr_socket_send(client_socket, buffer, &nbytes); |
188 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
188 |
+ ap_fwrite(c->output_filters, bb, buffer, nbytes); |
189 |
+ ap_fflush(c->output_filters, bb); |
189 |
+ ap_fflush(c->output_filters, bb); |
190 |
#if 0 |
190 |
#if 0 |
191 |
/* This is safer code, but it doesn't work yet. I'm leaving it |
191 |
/* This is safer code, but it doesn't work yet. I'm leaving it |
192 |
* here so that I can fix it later. |
192 |
* here so that I can fix it later. |
193 |
@@ -265,27 +352,15 @@ |
193 |
@@ -264,28 +350,16 @@ |
|
|
194 |
* |
194 |
* Handle two way transfer of data over the socket (this is a tunnel). |
195 |
* Handle two way transfer of data over the socket (this is a tunnel). |
195 |
*/ |
196 |
*/ |
|
|
197 |
+ /* we are now acting as a tunnel - the input/output filter stacks should |
198 |
+ * not contain any non-connection filters. |
199 |
+ */ |
200 |
+ r->output_filters = c->output_filters; |
201 |
+ r->proto_output_filters = c->output_filters; |
202 |
+ r->input_filters = c->input_filters; |
203 |
+ r->proto_input_filters = c->input_filters; |
196 |
|
204 |
|
197 |
+ /* we are now acting as a tunnel - the input/output filter stacks should |
|
|
198 |
+ * not contain any non-connection filters. |
199 |
+ */ |
200 |
+ r->output_filters = c->output_filters; |
201 |
+ r->proto_output_filters = c->output_filters; |
202 |
+ r->input_filters = c->input_filters; |
203 |
+ r->proto_input_filters = c->input_filters; |
204 |
/* r->sent_bodyct = 1;*/ |
205 |
/* r->sent_bodyct = 1;*/ |
205 |
|
206 |
|
206 |
- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
207 |
- if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) { |
Lines 224-231
Link Here
|
224 |
- |
225 |
- |
225 |
while (1) { /* Infinite loop until error (one side closes the connection) */ |
226 |
while (1) { /* Infinite loop until error (one side closes the connection) */ |
226 |
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { |
227 |
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) { |
227 |
apr_socket_close(sock); |
228 |
if (APR_STATUS_IS_EINTR(rv)) { |
228 |
@@ -294,7 +369,7 @@ |
229 |
@@ -297,7 +371,7 @@ |
229 |
} |
230 |
} |
230 |
#ifdef DEBUGGING |
231 |
#ifdef DEBUGGING |
231 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
232 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
Lines 234-246
Link Here
|
234 |
#endif |
235 |
#endif |
235 |
|
236 |
|
236 |
for (pi = 0; pi < pollcnt; pi++) { |
237 |
for (pi = 0; pi < pollcnt; pi++) { |
237 |
@@ -304,72 +379,32 @@ |
238 |
@@ -307,72 +381,31 @@ |
238 |
pollevent = cur->rtnevents; |
239 |
pollevent = cur->rtnevents; |
239 |
if (pollevent & APR_POLLIN) { |
240 |
if (pollevent & APR_POLLIN) { |
240 |
#ifdef DEBUGGING |
241 |
#ifdef DEBUGGING |
241 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
242 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
242 |
- "proxy: CONNECT: sock was set"); |
243 |
- "proxy: CONNECT: sock was set"); |
243 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
244 |
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, |
244 |
+ "proxy: CONNECT: sock was readable"); |
245 |
+ "proxy: CONNECT: sock was readable"); |
245 |
#endif |
246 |
#endif |
246 |
- nbytes = sizeof(buffer); |
247 |
- nbytes = sizeof(buffer); |
Lines 267-275
Link Here
|
267 |
} |
268 |
} |
268 |
- else |
269 |
- else |
269 |
- break; |
270 |
- break; |
270 |
+ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { |
271 |
+ else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) { |
271 |
+ rv = APR_EPIPE; |
272 |
+ rv = APR_EPIPE; |
272 |
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn"); |
273 |
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "proxy: CONNECT: err/hup on backconn"); |
273 |
} |
274 |
} |
274 |
- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) |
275 |
- else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) |
275 |
- break; |
276 |
- break; |
Lines 289-296
Link Here
|
289 |
-#ifdef DEBUGGING |
290 |
-#ifdef DEBUGGING |
290 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
291 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
291 |
- "proxy: CONNECT: read %d from client", i); |
292 |
- "proxy: CONNECT: read %d from client", i); |
292 |
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
293 |
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r, |
293 |
+ "proxy: CONNECT: client was readable"); |
294 |
+ "proxy: CONNECT: client was readable"); |
294 |
#endif |
295 |
#endif |
295 |
- while(i > 0) |
296 |
- while(i > 0) |
296 |
- { |
297 |
- { |
Lines 310-327
Link Here
|
310 |
- rv = APR_EOF; |
311 |
- rv = APR_EOF; |
311 |
- break; |
312 |
- break; |
312 |
} |
313 |
} |
313 |
+ else { |
314 |
+ else { |
314 |
+ rv = APR_EBADF; |
315 |
+ rv = APR_EBADF; |
315 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
316 |
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
316 |
+ "proxy: CONNECT: unknown socket in pollset"); |
317 |
+ "proxy: CONNECT: unknown socket in pollset"); |
317 |
} |
318 |
} |
318 |
- else |
319 |
- else |
319 |
- break; |
320 |
- break; |
320 |
+ |
|
|
321 |
} |
321 |
} |
322 |
if (rv != APR_SUCCESS) { |
322 |
if (rv != APR_SUCCESS) { |
323 |
break; |
323 |
break; |
324 |
@@ -385,7 +420,9 @@ |
324 |
@@ -388,7 +421,9 @@ |
325 |
* Close the socket and clean up |
325 |
* Close the socket and clean up |
326 |
*/ |
326 |
*/ |