1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
/*
* include/haproxy/session.h
* This file contains functions used to manage sessions.
*
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _HAPROXY_SESSION_H
#define _HAPROXY_SESSION_H
#include <haproxy/api.h>
#include <haproxy/connection.h>
#include <haproxy/global-t.h>
#include <haproxy/obj_type-t.h>
#include <haproxy/pool.h>
#include <haproxy/server.h>
#include <haproxy/session-t.h>
#include <haproxy/stick_table.h>
extern struct pool_head *pool_head_session;
extern struct pool_head *pool_head_sess_srv_list;
struct session *session_new(struct proxy *fe, struct listener *li, enum obj_type *origin);
void session_free(struct session *sess);
int session_accept_fd(struct connection *cli_conn);
int conn_complete_session(struct connection *conn);
struct task *session_expire_embryonic(struct task *t, void *context, unsigned int state);
/* Remove the refcount from the session to the tracked counters, and clear the
* pointer to ensure this is only performed once. The caller is responsible for
* ensuring that the pointer is valid first.
*/
static inline void session_store_counters(struct session *sess)
{
void *ptr;
int i;
struct stksess *ts;
if (unlikely(!sess->stkctr)) // pool not allocated yet
return;
for (i = 0; i < global.tune.nb_stk_ctr; i++) {
struct stkctr *stkctr = &sess->stkctr[i];
ts = stkctr_entry(stkctr);
if (!ts)
continue;
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_CONN_CUR);
if (ptr) {
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
if (stktable_data_cast(ptr, std_t_uint) > 0)
stktable_data_cast(ptr, std_t_uint)--;
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
/* If data was modified, we need to touch to re-schedule sync */
stktable_touch_local(stkctr->table, ts, 0);
}
stkctr_set_entry(stkctr, NULL);
stksess_kill_if_expired(stkctr->table, ts, 1);
}
}
/* Increase the number of cumulated HTTP requests in the tracked counters */
static inline void session_inc_http_req_ctr(struct session *sess)
{
int i;
if (unlikely(!sess->stkctr)) // pool not allocated yet
return;
for (i = 0; i < global.tune.nb_stk_ctr; i++)
stkctr_inc_http_req_ctr(&sess->stkctr[i]);
}
/* Increase the number of cumulated failed HTTP requests in the tracked
* counters. Only 4xx requests should be counted here so that we can
* distinguish between errors caused by client behaviour and other ones.
* Note that even 404 are interesting because they're generally caused by
* vulnerability scans.
*/
static inline void session_inc_http_err_ctr(struct session *sess)
{
int i;
if (unlikely(!sess->stkctr)) // pool not allocated yet
return;
for (i = 0; i < global.tune.nb_stk_ctr; i++)
stkctr_inc_http_err_ctr(&sess->stkctr[i]);
}
/* Increase the number of cumulated failed HTTP responses in the tracked
* counters. Only some 5xx responses should be counted here so that we can
* distinguish between server failures and errors triggered by the client
* (i.e. 501 and 505 may be triggered and must be ignored).
*/
static inline void session_inc_http_fail_ctr(struct session *sess)
{
int i;
if (unlikely(!sess->stkctr)) // pool not allocated yet
return;
for (i = 0; i < global.tune.nb_stk_ctr; i++)
stkctr_inc_http_fail_ctr(&sess->stkctr[i]);
}
/* Remove the connection from the session list, and destroy the srv_list if it's now empty */
static inline void session_unown_conn(struct session *sess, struct connection *conn)
{
struct sess_srv_list *srv_list = NULL;
BUG_ON(objt_listener(conn->target));
/* WT: this currently is a workaround for an inconsistency between
* the link status of the connection in the session list and the
* connection's owner. This should be removed as soon as all this
* is addressed. Right now it's possible to enter here with a non-null
* conn->owner that points to a dead session, but in this case the
* element is not linked.
*/
if (!LIST_INLIST(&conn->session_list))
return;
if (conn->flags & CO_FL_SESS_IDLE)
sess->idle_conns--;
LIST_DEL_INIT(&conn->session_list);
conn->owner = NULL;
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == conn->target) {
if (LIST_ISEMPTY(&srv_list->conn_list)) {
LIST_DELETE(&srv_list->srv_list);
pool_free(pool_head_sess_srv_list, srv_list);
}
break;
}
}
}
/* Add the connection <conn> to the server list of the session <sess>. This
* function is called only if the connection is private. Nothing is performed if
* the connection is already in the session sever list or if the session does
* not own the connection.
*/
static inline int session_add_conn(struct session *sess, struct connection *conn, void *target)
{
struct sess_srv_list *srv_list = NULL;
int found = 0;
BUG_ON(objt_listener(conn->target));
/* Already attach to the session or not the connection owner */
if (!LIST_ISEMPTY(&conn->session_list) || (conn->owner && conn->owner != sess))
return 1;
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == target) {
found = 1;
break;
}
}
if (!found) {
/* The session has no connection for the server, create a new entry */
srv_list = pool_alloc(pool_head_sess_srv_list);
if (!srv_list)
return 0;
srv_list->target = target;
LIST_INIT(&srv_list->conn_list);
LIST_APPEND(&sess->srv_list, &srv_list->srv_list);
}
LIST_APPEND(&srv_list->conn_list, &conn->session_list);
/* Ensure owner is set for connection. It could have been resetted
* prior on after a session_add_conn() failure.
*/
conn->owner = sess;
return 1;
}
/* Returns 0 if the session can keep the idle conn, -1 if it was destroyed. The
* connection must be private.
*/
static inline int session_check_idle_conn(struct session *sess, struct connection *conn)
{
/* Another session owns this connection */
if (conn->owner != sess)
return 0;
if (sess->idle_conns >= sess->fe->max_out_conns) {
session_unown_conn(sess, conn);
conn->owner = NULL;
conn->flags &= ~CO_FL_SESS_IDLE;
conn->mux->destroy(conn->ctx);
return -1;
} else {
conn->flags |= CO_FL_SESS_IDLE;
sess->idle_conns++;
}
return 0;
}
/* Look for an available connection matching the target <target> in the server
* list of the session <sess>. It returns a connection if found. Otherwise it
* returns NULL.
*/
static inline struct connection *session_get_conn(struct session *sess, void *target, int64_t hash)
{
struct connection *srv_conn = NULL;
struct sess_srv_list *srv_list;
list_for_each_entry(srv_list, &sess->srv_list, srv_list) {
if (srv_list->target == target) {
list_for_each_entry(srv_conn, &srv_list->conn_list, session_list) {
if ((srv_conn->hash_node && srv_conn->hash_node->node.key == hash) &&
srv_conn->mux &&
(srv_conn->mux->avail_streams(srv_conn) > 0) &&
!(srv_conn->flags & CO_FL_WAIT_XPRT)) {
if (srv_conn->flags & CO_FL_SESS_IDLE) {
srv_conn->flags &= ~CO_FL_SESS_IDLE;
sess->idle_conns--;
}
goto end;
}
}
srv_conn = NULL; /* No available connection found */
goto end;
}
}
end:
return srv_conn;
}
/* Returns the source address of the session and fallbacks on the client
* connection if not set. It returns a const address on success or NULL on
* failure.
*/
static inline const struct sockaddr_storage *sess_src(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
if (sess->src)
return sess->src;
if (cli_conn && conn_get_src(cli_conn))
return conn_src(cli_conn);
return NULL;
}
/* Returns the destination address of the session and fallbacks on the client
* connection if not set. It returns a const address on success or NULL on
* failure.
*/
static inline const struct sockaddr_storage *sess_dst(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
if (sess->dst)
return sess->dst;
if (cli_conn && conn_get_dst(cli_conn))
return conn_dst(cli_conn);
return NULL;
}
/* Retrieves the source address of the session <sess>. Returns non-zero on
* success or zero on failure. The operation is only performed once and the
* address is stored in the session for future use. On the first call, the
* session source address is copied from the client connection one.
*/
static inline int sess_get_src(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
const struct sockaddr_storage *src = NULL;
if (sess->src)
return 1;
if (cli_conn && conn_get_src(cli_conn))
src = conn_src(cli_conn);
if (!src)
return 0;
if (!sockaddr_alloc(&sess->src, src, sizeof(*src)))
return 0;
return 1;
}
/* Retrieves the destination address of the session <sess>. Returns non-zero on
* success or zero on failure. The operation is only performed once and the
* address is stored in the session for future use. On the first call, the
* session destination address is copied from the client connection one.
*/
static inline int sess_get_dst(struct session *sess)
{
struct connection *cli_conn = objt_conn(sess->origin);
const struct sockaddr_storage *dst = NULL;
if (sess->dst)
return 1;
if (cli_conn && conn_get_dst(cli_conn))
dst = conn_dst(cli_conn);
if (!dst)
return 0;
if (!sockaddr_alloc(&sess->dst, dst, sizeof(*dst)))
return 0;
return 1;
}
#endif /* _HAPROXY_SESSION_H */
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
|
