------------------------------------------------------------ revno: 13882 revision-id: squid3@treenet.co.nz-20150808040445-hhyntmns3iqr47f5 parent: squid3@treenet.co.nz-20150808021824-jhjbujrrovbi3dty committer: Amos Jeffries branch nick: 3.5 timestamp: Fri 2015-08-07 21:04:45 -0700 message: Cleanup: de-duplicate fake-CONNECT code Over the course of the peek-n-splice development and followup patches the code generating fake CONNECT requests to tunnel various intercepted traffic has been copy-n-pasted several times. Add a new method fakeAConnectRequest() that takes a debug reason and SBuf containing any payload to preserve from the original I/O buffer. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150808040445-hhyntmns3iqr47f5 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: f8b0e696e8b81b6abc6b887123aace2474bc5dfd # timestamp: 2015-08-08 04:51:35 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20150808021824-\ # jhjbujrrovbi3dty # # Begin patch === modified file 'src/client_side.cc' --- src/client_side.cc 2015-07-24 13:30:14 +0000 +++ src/client_side.cc 2015-08-08 04:04:45 +0000 @@ -3890,22 +3890,7 @@ debugs(33, 2, HERE << "sslBump not needed for " << connState->clientConnection); connState->sslBumpMode = Ssl::bumpNone; } - - // fake a CONNECT request to force connState to tunnel - static char ip[MAX_IPSTRLEN]; - connState->clientConnection->local.toUrl(ip, sizeof(ip)); - // Pre-pend this fake request to the TLS bits already in the buffer - SBuf retStr; - retStr.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n"); - connState->in.buf = retStr.append(connState->in.buf); - bool ret = connState->handleReadData(); - if (ret) - ret = connState->clientParseRequests(); - - if (!ret) { - debugs(33, 2, "Failed to start fake CONNECT request for SSL bumped connection: " << connState->clientConnection); - connState->clientConnection->close(); - } + connState->fakeAConnectRequest("ssl-bump", connState->in.buf); } /** handle a new HTTPS connection */ @@ -4358,17 +4343,10 @@ if (connState->transparent()) { // fake a CONNECT request to force connState to tunnel - static char ip[MAX_IPSTRLEN]; - connState->clientConnection->local.toUrl(ip, sizeof(ip)); - connState->in.buf.assign("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n").append(rbuf.content(), rbuf.contentSize()); - bool ret = connState->handleReadData(); - if (ret) - ret = connState->clientParseRequests(); - - if (!ret) { - debugs(33, 2, "Failed to start fake CONNECT request for ssl spliced connection: " << connState->clientConnection); - connState->clientConnection->close(); - } + // XXX: copy from MemBuf reallocates, not a regression since old code did too + SBuf temp; + temp.append(rbuf.content(), rbuf.contentSize()); + connState->fakeAConnectRequest("intercepted TLS spliced", temp); } else { // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message connState->in.buf.append(rbuf.content(), rbuf.contentSize()); @@ -4435,6 +4413,31 @@ #endif /* USE_OPENSSL */ +void +ConnStateData::fakeAConnectRequest(const char *reason, const SBuf &payload) +{ + // fake a CONNECT request to force connState to tunnel + static char ip[MAX_IPSTRLEN]; + clientConnection->local.toUrl(ip, sizeof(ip)); + // Pre-pend this fake request to the TLS bits already in the buffer + SBuf retStr; + retStr.append("CONNECT "); + retStr.append(ip); + retStr.append(" HTTP/1.1\r\nHost: "); + retStr.append(ip); + retStr.append("\r\n\r\n"); + retStr.append(payload); + in.buf = retStr; + bool ret = handleReadData(); + if (ret) + ret = clientParseRequests(); + + if (!ret) { + debugs(33, 2, "Failed to start fake CONNECT request for " << reason << " connection: " << clientConnection); + clientConnection->close(); + } +} + /// check FD after clientHttp[s]ConnectionOpened, adjust HttpSockets as needed static bool OpenedHttpSocket(const Comm::ConnectionPointer &c, const Ipc::FdNoteId portType) === modified file 'src/client_side.h' --- src/client_side.h 2015-07-24 13:30:14 +0000 +++ src/client_side.h 2015-08-08 04:04:45 +0000 @@ -400,6 +400,10 @@ /// stop parsing the request and create context for relaying error info ClientSocketContext *abortRequestParsing(const char *const errUri); + /// generate a fake CONNECT request with the given payload + /// at the beginning of the client I/O buffer + void fakeAConnectRequest(const char *reason, const SBuf &payload); + /* Registered Runner API */ virtual void startShutdown(); virtual void endingShutdown();