mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-14 02:57:01 +02:00
2ecc5290f2
session_check_idle_conn() is called by muxes when a connection becomes idle. It ensures that the session idle limit is not yet reached. Else, the connection is removed from the session and it can be freed. Prior to this patch, session_check_idle_conn() was compatible with a NULL session argument. In this case, it would return true, considering that no limit was reached and connection not removed. However, this renders the function error-prone and subject to future bugs. This patch streamlines it by ensuring it is never called with a NULL argument. Thus it can now only returns true if connection is kept in the session or false if it was removed, as first intended.
379 lines
11 KiB
C
379 lines
11 KiB
C
/*
|
|
* include/haproxy/session.h
|
|
* This file contains functions used to manage sessions.
|
|
*
|
|
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef _HAPROXY_SESSION_H
|
|
#define _HAPROXY_SESSION_H
|
|
|
|
#include <haproxy/api.h>
|
|
#include <haproxy/connection.h>
|
|
#include <haproxy/global-t.h>
|
|
#include <haproxy/obj_type-t.h>
|
|
#include <haproxy/pool.h>
|
|
#include <haproxy/server.h>
|
|
#include <haproxy/session-t.h>
|
|
#include <haproxy/stick_table.h>
|
|
|
|
extern struct pool_head *pool_head_session;
|
|
extern struct pool_head *pool_head_sess_priv_conns;
|
|
|
|
struct session *session_new(struct proxy *fe, struct listener *li, enum obj_type *origin);
|
|
void session_free(struct session *sess);
|
|
void conn_session_free(struct connection *conn);
|
|
int session_accept_fd(struct connection *cli_conn);
|
|
int conn_complete_session(struct connection *conn);
|
|
struct task *session_expire_embryonic(struct task *t, void *context, unsigned int state);
|
|
void __session_add_glitch_ctr(struct session *sess, uint inc);
|
|
void session_embryonic_build_legacy_err(struct session *sess, struct buffer *out);
|
|
|
|
|
|
/* Remove the refcount from the session to the tracked counters, and clear the
|
|
* pointer to ensure this is only performed once. The caller is responsible for
|
|
* ensuring that the pointer is valid first.
|
|
*/
|
|
static inline void session_store_counters(struct session *sess)
|
|
{
|
|
void *ptr;
|
|
int i;
|
|
struct stksess *ts;
|
|
|
|
if (unlikely(!sess->stkctr)) // pool not allocated yet
|
|
return;
|
|
|
|
for (i = 0; i < global.tune.nb_stk_ctr; i++) {
|
|
struct stkctr *stkctr = &sess->stkctr[i];
|
|
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts)
|
|
continue;
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_CONN_CUR);
|
|
if (ptr) {
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
if (stktable_data_cast(ptr, std_t_uint) > 0)
|
|
stktable_data_cast(ptr, std_t_uint)--;
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(stkctr->table, ts, 0);
|
|
}
|
|
|
|
stkctr_set_entry(stkctr, NULL);
|
|
stksess_kill_if_expired(stkctr->table, ts);
|
|
}
|
|
}
|
|
|
|
/* Increase the number of cumulated HTTP requests in the tracked counters */
|
|
static inline void session_inc_http_req_ctr(struct session *sess)
|
|
{
|
|
int i;
|
|
|
|
if (unlikely(!sess->stkctr)) // pool not allocated yet
|
|
return;
|
|
|
|
for (i = 0; i < global.tune.nb_stk_ctr; i++)
|
|
stkctr_inc_http_req_ctr(&sess->stkctr[i]);
|
|
}
|
|
|
|
/* Increase the number of cumulated failed HTTP requests in the tracked
|
|
* counters. Only 4xx requests should be counted here so that we can
|
|
* distinguish between errors caused by client behaviour and other ones.
|
|
* Note that even 404 are interesting because they're generally caused by
|
|
* vulnerability scans.
|
|
*/
|
|
static inline void session_inc_http_err_ctr(struct session *sess)
|
|
{
|
|
int i;
|
|
|
|
if (unlikely(!sess->stkctr)) // pool not allocated yet
|
|
return;
|
|
|
|
for (i = 0; i < global.tune.nb_stk_ctr; i++)
|
|
stkctr_inc_http_err_ctr(&sess->stkctr[i]);
|
|
}
|
|
|
|
/* Increase the number of cumulated failed HTTP responses in the tracked
|
|
* counters. Only some 5xx responses should be counted here so that we can
|
|
* distinguish between server failures and errors triggered by the client
|
|
* (i.e. 501 and 505 may be triggered and must be ignored).
|
|
*/
|
|
static inline void session_inc_http_fail_ctr(struct session *sess)
|
|
{
|
|
int i;
|
|
|
|
if (unlikely(!sess->stkctr)) // pool not allocated yet
|
|
return;
|
|
|
|
for (i = 0; i < global.tune.nb_stk_ctr; i++)
|
|
stkctr_inc_http_fail_ctr(&sess->stkctr[i]);
|
|
}
|
|
|
|
/* Add <inc> to the number of cumulated glitches in the tracked counters, and
|
|
* implicitly update the rate if also tracked.
|
|
*/
|
|
static inline void session_add_glitch_ctr(struct session *sess, uint inc)
|
|
{
|
|
if (sess->stkctr && inc)
|
|
__session_add_glitch_ctr(sess, inc);
|
|
}
|
|
|
|
/* Remove the connection from the session list, and destroy sess_priv_conns
|
|
* element if it's now empty.
|
|
*/
|
|
static inline void session_unown_conn(struct session *sess, struct connection *conn)
|
|
{
|
|
struct sess_priv_conns *pconns = NULL;
|
|
|
|
BUG_ON(objt_listener(conn->target));
|
|
|
|
/* WT: this currently is a workaround for an inconsistency between
|
|
* the link status of the connection in the session list and the
|
|
* connection's owner. This should be removed as soon as all this
|
|
* is addressed. Right now it's possible to enter here with a non-null
|
|
* conn->owner that points to a dead session, but in this case the
|
|
* element is not linked.
|
|
*/
|
|
if (!LIST_INLIST(&conn->sess_el))
|
|
return;
|
|
|
|
if (conn->flags & CO_FL_SESS_IDLE)
|
|
sess->idle_conns--;
|
|
LIST_DEL_INIT(&conn->sess_el);
|
|
conn->owner = NULL;
|
|
list_for_each_entry(pconns, &sess->priv_conns, sess_el) {
|
|
if (pconns->target == conn->target) {
|
|
if (LIST_ISEMPTY(&pconns->conn_list)) {
|
|
LIST_DELETE(&pconns->sess_el);
|
|
MT_LIST_DELETE(&pconns->srv_el);
|
|
pool_free(pool_head_sess_priv_conns, pconns);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Add the connection <conn> to the private conns list of session <sess>. Each
|
|
* connection is indexed by their respective target in the session. Nothing is
|
|
* performed if the connection is already in the session list.
|
|
*
|
|
* Returns true if conn is inserted or already present else false if a failure
|
|
* occurs during insertion.
|
|
*/
|
|
static inline int session_add_conn(struct session *sess, struct connection *conn)
|
|
{
|
|
struct sess_priv_conns *pconns = NULL;
|
|
struct server *srv = objt_server(conn->target);
|
|
int found = 0;
|
|
|
|
/* Connection target is used to index it in the session. Only BE conns are expected in session list. */
|
|
BUG_ON(!conn->target || objt_listener(conn->target));
|
|
|
|
/* A connection cannot be attached already to another session. */
|
|
BUG_ON(conn->owner && conn->owner != sess);
|
|
|
|
/* Already attach to the session */
|
|
if (!LIST_ISEMPTY(&conn->sess_el))
|
|
return 1;
|
|
|
|
list_for_each_entry(pconns, &sess->priv_conns, sess_el) {
|
|
if (pconns->target == conn->target) {
|
|
found = 1;
|
|
break;
|
|
}
|
|
}
|
|
if (!found) {
|
|
/* The session has no connection for the server, create a new entry */
|
|
pconns = pool_alloc(pool_head_sess_priv_conns);
|
|
if (!pconns)
|
|
return 0;
|
|
pconns->target = conn->target;
|
|
LIST_INIT(&pconns->conn_list);
|
|
LIST_APPEND(&sess->priv_conns, &pconns->sess_el);
|
|
|
|
MT_LIST_INIT(&pconns->srv_el);
|
|
if (srv)
|
|
MT_LIST_APPEND(&srv->sess_conns, &pconns->srv_el);
|
|
|
|
pconns->tid = tid;
|
|
}
|
|
LIST_APPEND(&pconns->conn_list, &conn->sess_el);
|
|
|
|
/* Ensure owner is set for connection. It could have been reset
|
|
* prior on after a session_add_conn() failure.
|
|
*/
|
|
conn->owner = sess;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/* Check that session <sess> is able to keep idle connection <conn>. This must
|
|
* be called each time a connection stored in a session becomes idle.
|
|
*
|
|
* Returns 0 if the connection is kept, else non-zero if the connection was
|
|
* explicitely removed from session.
|
|
*/
|
|
static inline int session_check_idle_conn(struct session *sess, struct connection *conn)
|
|
{
|
|
/* Connection must be attached to session prior to this function call. */
|
|
BUG_ON(!conn->owner || conn->owner != sess);
|
|
|
|
/* Connection is not attached to a session. */
|
|
if (!conn->owner)
|
|
return 0;
|
|
|
|
/* Ensure conn is not already accounted as idle to prevent sess idle count excess increment. */
|
|
BUG_ON(conn->flags & CO_FL_SESS_IDLE);
|
|
|
|
if (sess->idle_conns >= sess->fe->max_out_conns) {
|
|
session_unown_conn(sess, conn);
|
|
conn->owner = NULL;
|
|
return -1;
|
|
}
|
|
else {
|
|
conn->flags |= CO_FL_SESS_IDLE;
|
|
sess->idle_conns++;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* Look for an available connection matching the target <target> in the server
|
|
* list of the session <sess>. It returns a connection if found. Otherwise it
|
|
* returns NULL.
|
|
*/
|
|
static inline struct connection *session_get_conn(struct session *sess, void *target, int64_t hash)
|
|
{
|
|
struct connection *srv_conn = NULL;
|
|
struct sess_priv_conns *pconns;
|
|
|
|
list_for_each_entry(pconns, &sess->priv_conns, sess_el) {
|
|
if (pconns->target == target) {
|
|
list_for_each_entry(srv_conn, &pconns->conn_list, sess_el) {
|
|
if ((srv_conn->hash_node && srv_conn->hash_node->node.key == hash) &&
|
|
srv_conn->mux &&
|
|
(srv_conn->mux->avail_streams(srv_conn) > 0) &&
|
|
!(srv_conn->flags & CO_FL_WAIT_XPRT)) {
|
|
if (srv_conn->flags & CO_FL_SESS_IDLE) {
|
|
srv_conn->flags &= ~CO_FL_SESS_IDLE;
|
|
sess->idle_conns--;
|
|
}
|
|
goto end;
|
|
}
|
|
}
|
|
srv_conn = NULL; /* No available connection found */
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
end:
|
|
return srv_conn;
|
|
}
|
|
|
|
/* Returns the source address of the session and fallbacks on the client
|
|
* connection if not set. It returns a const address on success or NULL on
|
|
* failure.
|
|
*/
|
|
static inline const struct sockaddr_storage *sess_src(struct session *sess)
|
|
{
|
|
struct connection *cli_conn = objt_conn(sess->origin);
|
|
|
|
if (sess->src)
|
|
return sess->src;
|
|
if (cli_conn && conn_get_src(cli_conn))
|
|
return conn_src(cli_conn);
|
|
return NULL;
|
|
}
|
|
|
|
/* Returns the destination address of the session and fallbacks on the client
|
|
* connection if not set. It returns a const address on success or NULL on
|
|
* failure.
|
|
*/
|
|
static inline const struct sockaddr_storage *sess_dst(struct session *sess)
|
|
{
|
|
struct connection *cli_conn = objt_conn(sess->origin);
|
|
|
|
if (sess->dst)
|
|
return sess->dst;
|
|
if (cli_conn && conn_get_dst(cli_conn))
|
|
return conn_dst(cli_conn);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
/* Retrieves the source address of the session <sess>. Returns non-zero on
|
|
* success or zero on failure. The operation is only performed once and the
|
|
* address is stored in the session for future use. On the first call, the
|
|
* session source address is copied from the client connection one.
|
|
*/
|
|
static inline int sess_get_src(struct session *sess)
|
|
{
|
|
struct connection *cli_conn = objt_conn(sess->origin);
|
|
const struct sockaddr_storage *src = NULL;
|
|
|
|
if (sess->src)
|
|
return 1;
|
|
|
|
if (cli_conn && conn_get_src(cli_conn))
|
|
src = conn_src(cli_conn);
|
|
if (!src)
|
|
return 0;
|
|
|
|
if (!sockaddr_alloc(&sess->src, src, sizeof(*src)))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
|
|
/* Retrieves the destination address of the session <sess>. Returns non-zero on
|
|
* success or zero on failure. The operation is only performed once and the
|
|
* address is stored in the session for future use. On the first call, the
|
|
* session destination address is copied from the client connection one.
|
|
*/
|
|
static inline int sess_get_dst(struct session *sess)
|
|
{
|
|
struct connection *cli_conn = objt_conn(sess->origin);
|
|
const struct sockaddr_storage *dst = NULL;
|
|
|
|
if (sess->dst)
|
|
return 1;
|
|
|
|
if (cli_conn && conn_get_dst(cli_conn))
|
|
dst = conn_dst(cli_conn);
|
|
if (!dst)
|
|
return 0;
|
|
|
|
if (!sockaddr_alloc(&sess->dst, dst, sizeof(*dst)))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
#endif /* _HAPROXY_SESSION_H */
|
|
|
|
/*
|
|
* Local variables:
|
|
* c-indent-level: 8
|
|
* c-basic-offset: 8
|
|
* End:
|
|
*/
|