[master] 3ba899d Be more consistent about per-hop/end-to-end headers.

Tue Jan 6 11:57:16 CET 2015

commit 3ba899d4cf13d45ff1f21fd45f8edfc320dd7a24
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Jan 6 10:55:21 2015 +0000

    Be more consistent about per-hop/end-to-end headers.

diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c
index e655fa0..eff9408 100644
--- a/bin/varnishd/cache/cache_http.c
+++ b/bin/varnishd/cache/cache_http.c
@@ -265,23 +265,6 @@ http_findhdr(const struct http *hp, unsigned l, const char *hdr)
 }
 
 /*--------------------------------------------------------------------
- */
-
-static void
-http_MarkHeader(const struct http *hp, const char *hdr, unsigned hdrlen,
-    uint8_t flag)
-{
-	unsigned u;
-
-	CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
-
-	u = http_findhdr(hp, hdrlen, hdr);
-	if (u == 0)
-		return;
-	hp->hdf[u] |= flag;
-}
-
-/*--------------------------------------------------------------------
  * Count how many instances we have of this header
  */
 
@@ -655,7 +638,7 @@ http_DoConnection(struct http *hp)
 {
 	const char *h, *b, *e;
 	enum sess_close retval;
-	unsigned u;
+	unsigned u, v;
 
 	if (hp->protover < 11)
 		retval = SC_REQ_HTTP10;
@@ -672,7 +655,20 @@ http_DoConnection(struct http *hp)
 			retval = SC_REQ_CLOSE;
 		if (u == 10 && !strncasecmp(b, "keep-alive", u))
 			retval = SC_NULL;
-		http_MarkHeader(hp, b, u, HDF_FILTER);
+
+		/* Refuse removal of well-known-headers if they would pass. */
+/*lint -save -e506 */
+#define HTTPH(a, x, c)						\
+		if (!((c) & HTTPH_R_PASS) &&			\
+		    strlen(a) == u && !strncasecmp(a, b, u))	\
+				return (SC_RX_BAD);
+#include "tbl/http_headers.h"
+#undef HTTPH
+/*lint -restore */
+
+		v = http_findhdr(hp, u, b);
+		if (v > 0)
+			hp->hdf[v] |= HDF_FILTER;
 	}
 	return (retval);
 }
diff --git a/bin/varnishd/http1/cache_http1_fsm.c b/bin/varnishd/http1/cache_http1_fsm.c
index 29bd789..910dfac 100644
--- a/bin/varnishd/http1/cache_http1_fsm.c
+++ b/bin/varnishd/http1/cache_http1_fsm.c
@@ -304,6 +304,13 @@ http1_dissect(struct worker *wrk, struct req *req)
 	req->ws_req = WS_Snapshot(req->ws);
 
 	req->doclose = http_DoConnection(req->http);
+	if (req->doclose == SC_RX_BAD) {
+		r = write(req->sp->fd, r_400, strlen(r_400));
+		if (r > 0)
+			req->acct.resp_hdrbytes += r;
+		SES_Close(req->sp, req->doclose);
+		return (REQ_FSM_DONE);
+	}
 
 	assert(req->req_body_status != REQ_BODY_INIT);
 
diff --git a/bin/varnishtest/tests/c00016.vtc b/bin/varnishtest/tests/c00016.vtc
index 83c9527..3e0b2be 100644
--- a/bin/varnishtest/tests/c00016.vtc
+++ b/bin/varnishtest/tests/c00016.vtc
@@ -23,3 +23,9 @@ client c1 {
 	rxresp
 	expect req.http.Bar == <undef>
 } -run
+
+client c1 {
+	txreq -hdr "foo: 1" -hdr "Age: 200" -hdr "Connection: Age"
+	rxresp
+	expect resp.status == 400
+} -run
diff --git a/include/tbl/sess_close.h b/include/tbl/sess_close.h
index 5b77eba..351cc58 100644
--- a/include/tbl/sess_close.h
+++ b/include/tbl/sess_close.h
@@ -29,18 +29,19 @@
 
 /*lint -save -e525 -e539 */
 
-SESS_CLOSE(REM_CLOSE,	"Client Closed")
-SESS_CLOSE(REQ_CLOSE,	"Client requested close")
-SESS_CLOSE(REQ_HTTP10,	"Proto < HTTP/1.1")
-SESS_CLOSE(RX_BODY,	"Failure receiving req.body")
-SESS_CLOSE(RX_JUNK,	"Received junk data")
-SESS_CLOSE(RX_OVERFLOW,	"Received buffer overflow")
-SESS_CLOSE(RX_TIMEOUT,	"Receive timeout")
-SESS_CLOSE(TX_PIPE,	"Piped transaction")
-SESS_CLOSE(TX_ERROR,	"Error transaction")
-SESS_CLOSE(TX_EOF,	"EOF transmission")
-SESS_CLOSE(RESP_CLOSE,	"Backend/VCL requested close")
-SESS_CLOSE(OVERLOAD,	"Out of some resource")
+SESS_CLOSE(REM_CLOSE,		"Client Closed")
+SESS_CLOSE(REQ_CLOSE,		"Client requested close")
+SESS_CLOSE(REQ_HTTP10,		"Proto < HTTP/1.1")
+SESS_CLOSE(RX_BAD,		"Received bad request")
+SESS_CLOSE(RX_BODY,		"Failure receiving req.body")
+SESS_CLOSE(RX_JUNK,		"Received junk data")
+SESS_CLOSE(RX_OVERFLOW,		"Received buffer overflow")
+SESS_CLOSE(RX_TIMEOUT,		"Receive timeout")
+SESS_CLOSE(TX_PIPE,		"Piped transaction")
+SESS_CLOSE(TX_ERROR,		"Error transaction")
+SESS_CLOSE(TX_EOF,		"EOF transmission")
+SESS_CLOSE(RESP_CLOSE,		"Backend/VCL requested close")
+SESS_CLOSE(OVERLOAD,		"Out of some resource")
 SESS_CLOSE(SESS_PIPE_OVERFLOW,	"Session pipe overflow")
 
 /*lint -restore */

