Beispiel #1
0
func (s *httpService) handle(req *http.Request, sc *httputil.ServerConn, tls, sticky bool) (done bool) {
	req.Header.Set("X-Request-Start", strconv.FormatInt(time.Now().UnixNano()/int64(time.Millisecond), 10))
	req.Header.Set("X-Request-Id", random.UUID())

	var backend *httputil.ClientConn
	var stickyCookie *http.Cookie
	if sticky {
		backend, stickyCookie = s.getBackendSticky(req)
	} else {
		backend = s.getBackend()
	}
	if backend == nil {
		log.Println("no backend found")
		fail(sc, req, 503, "Service Unavailable")
		return
	}
	defer backend.Close()

	req.Proto = "HTTP/1.1"
	req.ProtoMajor = 1
	req.ProtoMinor = 1
	delete(req.Header, "Te")
	delete(req.Header, "Transfer-Encoding")

	if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
		// If we aren't the first proxy retain prior
		// X-Forwarded-For information as a comma+space
		// separated list and fold multiple headers into one.
		if prior, ok := req.Header["X-Forwarded-For"]; ok {
			clientIP = strings.Join(prior, ", ") + ", " + clientIP
		}
		req.Header.Set("X-Forwarded-For", clientIP)
	}
	if tls {
		req.Header.Set("X-Forwarded-Proto", "https")
	} else {
		req.Header.Set("X-Forwarded-Proto", "http")
	}
	// TODO: Set X-Forwarded-Port

	// Pass the Request-URI verbatim without any modifications
	req.URL.Opaque = strings.Split(strings.TrimPrefix(req.RequestURI, req.URL.Scheme+":"), "?")[0]

	if err := backend.Write(req); err != nil {
		log.Println("server write err:", err)
		// TODO: return error to client here
		return true
	}
	res, err := backend.Read(req)
	if res != nil {
		if stickyCookie != nil {
			res.Header.Add("Set-Cookie", stickyCookie.String())
		}
		if res.StatusCode == http.StatusSwitchingProtocols {
			res.Body = nil
		}
		if err := sc.Write(req, res); err != nil {
			if err != io.EOF && err != httputil.ErrPersistEOF {
				log.Println("client write err:", err)
				// TODO: log error
			}
			return true
		}
	}
	if err != nil {
		if err != io.EOF && err != httputil.ErrPersistEOF {
			log.Println("server read err:", err)
			// TODO: log error
			fail(sc, req, 502, "Bad Gateway")
		}
		return
	}

	// TODO: Proxy HTTP CONNECT? (example: Go RPC over HTTP)
	if res.StatusCode == http.StatusSwitchingProtocols {
		serverW, serverR := backend.Hijack()
		clientW, clientR := sc.Hijack()
		defer serverW.Close()
		done := make(chan struct{})
		go func() {
			serverR.WriteTo(clientW)
			if cw, ok := clientW.(writeCloser); ok {
				cw.CloseWrite()
			}
			close(done)
		}()
		clientR.WriteTo(serverW)
		serverW.(writeCloser).CloseWrite()
		<-done
		return true
	}

	return
}
Beispiel #2
0
func (s *httpService) handle(req *http.Request, sc *httputil.ServerConn, tls, sticky bool) {
	for {
		req.Header.Set("X-Request-Start", strconv.FormatInt(time.Now().UnixNano()/int64(time.Millisecond), 10))

		var backend *httputil.ClientConn
		var stickyCookie *http.Cookie
		if sticky {
			backend, stickyCookie = s.getBackendSticky(req)
		} else {
			backend = s.getBackend()
		}
		if backend == nil {
			log.Println("no backend found")
			fail(sc, req, 503, "Service Unavailable")
			return
		}

		if req.Method != "GET" && req.Method != "POST" && req.Method != "HEAD" &&
			req.Method != "OPTIONS" && req.Method != "PUT" && req.Method != "DELETE" && req.Method != "TRACE" {
			fail(sc, req, 405, "Method not allowed")
			return
		}

		req.Proto = "HTTP/1.1"
		req.ProtoMajor = 1
		req.ProtoMinor = 1
		delete(req.Header, "Te")
		delete(req.Header, "Transfer-Encoding")

		if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
			// If we aren't the first proxy retain prior
			// X-Forwarded-For information as a comma+space
			// separated list and fold multiple headers into one.
			if prior, ok := req.Header["X-Forwarded-For"]; ok {
				clientIP = strings.Join(prior, ", ") + ", " + clientIP
			}
			req.Header.Set("X-Forwarded-For", clientIP)
		}
		if tls {
			req.Header.Set("X-Forwarded-Proto", "https")
		} else {
			req.Header.Set("X-Forwarded-Proto", "http")
		}
		// TODO: Set X-Forwarded-Port

		if err := backend.Write(req); err != nil {
			log.Println("server write err:", err)
			return
		}
		res, err := backend.Read(req)
		if res != nil {
			if stickyCookie != nil {
				res.Header.Add("Set-Cookie", stickyCookie.String())
			}
			if res.StatusCode == http.StatusSwitchingProtocols {
				res.Body = nil
			}
			if err := sc.Write(req, res); err != nil {
				if err != io.EOF && err != httputil.ErrPersistEOF {
					log.Println("client write err:", err)
					// TODO: log error
				}
				return
			}
		}
		if err != nil {
			if err != io.EOF && err != httputil.ErrPersistEOF {
				log.Println("server read err:", err)
				// TODO: log error
				fail(sc, req, 502, "Bad Gateway")
			}
			return
		}

		// TODO: Proxy HTTP CONNECT? (example: Go RPC over HTTP)
		if res.StatusCode == http.StatusSwitchingProtocols {
			serverW, serverR := backend.Hijack()
			clientW, clientR := sc.Hijack()
			defer serverW.Close()
			done := make(chan struct{})
			go func() {
				serverR.WriteTo(clientW)
				if cw, ok := clientW.(writeCloser); ok {
					cw.CloseWrite()
				}
				close(done)
			}()
			clientR.WriteTo(serverW)
			serverW.(writeCloser).CloseWrite()
			<-done
			return
		}

		// close the backend connection, so we don't accidently send to
		// a closed socket on the backend
		backend.Close()

		// TODO: http pipelining
		req, err = sc.Read()
		if err != nil {
			if err != io.EOF && err != httputil.ErrPersistEOF {
				log.Println("client read err:", err)
			}
			return
		}
	}
}
Beispiel #3
0
// function to do the actual testing and output the necessary bits
// we don't really care about ordering here otherwise we'd need to do a better job of organizing the output
func (w *Worker) testHost(work *Work) {

	// more debug
	w.dbg(3, "Ok.. prepping to test %s\n", work.target)

	// pre-define myConn/tlsConn/client
	var myConn net.Conn
	var tlsConn *tls.Conn
	var client *httputil.ClientConn

	// need a couple of vars for holding ip addresses and default them to being empty
	var ip4 string = ""
	var ip6 string = ""

	// and a var to stash our full host:port combo in
	var address string = ""

	// create a buffer we'll use later for reading client body
	buffer := make([]byte, 1024)

	// build our request
	request, err := http.NewRequest("GET", work.url, nil)
	if err != nil {
		w.dbgError("Failed to build request for %s : %s\n", work.url, err)
		return
	}
	if config.ua == "" {
		request.Header.Set("User-Agent", version)
	} else {
		request.Header.Set("User-Agent", config.ua)
	}

	// debug
	w.dbg(3, "Request: %+v\n", request)

	// set a timer for the connection
	timestart := time.Now()

	ipaddr, ierr := net.LookupHost(work.target)
	if ierr != nil {
		w.dbgError("Failed to lookup %s : %s", work.target, ierr)
		return
	}

	for _, x := range ipaddr {
		if len(x) > 16 {
			if ip6 == "" {
				ip6 = x
			}
		} else if ip4 == "" {
			ip4 = x
		}
	}

	timestop := time.Now()
	iplookup := (timestop.Sub(timestart))

	// build our address string
	if config.tcpfour {
		address = fmt.Sprintf("%s:%d", ip4, work.port)
	} else {
		address = fmt.Sprintf("[%s]:%d", ip6, work.port)
	}

	// debug
	w.dbg(1, "Attempting to connect to %s\n", address)

	// since we want some very low level access to bits and pieces, we're going to have to use tcp dial vs the native http client
	// create a net.conn
	w.dbg(1, "Connecting to %s\n", address)
	if config.tcpfour {
		myConn, err = net.DialTimeout("tcp4", address, time.Duration(config.timeout)*time.Second)
	} else if config.tcpsix {
		myConn, err = net.DialTimeout("tcp6", address, time.Duration(config.timeout)*time.Second)
	} else {
		myConn, err = net.DialTimeout("tcp", address, time.Duration(config.timeout)*time.Second)
	}

	if err != nil {
		w.dbgError("Could not connect to %s : %s\n", address, err)
		return
	}
	w.dbg(2, "Connected to %s\n", address)

	// get a time reading on how long it took to connect to the socket
	timestop = time.Now()
	tcpConnect := (timestop.Sub(timestart))

	// defer close
	defer myConn.Close()

	// need to add some deadlines so we don't sit around indefintely - 5s is more than sufficient
	myConn.SetDeadline(time.Now().Add(time.Duration(5 * time.Second)))

	// if we're an ssl connection, we need a few extra steps here
	if work.ssl {
		w.dbg(1, "Starting SSL procedures...\n")

		// default to allowing insecure ssl
		tlsConfig := tls.Config{InsecureSkipVerify: true}

		// create a real tls connection
		tlsConn = tls.Client(myConn, &tlsConfig)

		// do our SSL negotiation
		err = tlsConn.Handshake()
		if err != nil {
			w.dbgError("Could not negotiate tls handshake on %s : %s\n", address, err)
			return
		}

		// defer closing this connection as well
		defer tlsConn.Close()
	}

	// get a time reading on how long it took to negotiate ssl
	timestop = time.Now()
	sslHandshake := (timestop.Sub(timestart))

	// get our state
	if work.ssl {
		state := tlsConn.ConnectionState()
		w.dbg(2, "Handshake Complete: %t\n", state.HandshakeComplete)
		w.dbg(2, "Mutual: %t\n", state.NegotiatedProtocolIsMutual)
	}

	// debug
	w.dbg(3, "Converting to an HTTP client connection...\n")

	// convert to an http connection
	if work.ssl {
		client = httputil.NewProxyClientConn(tlsConn, nil)
	} else {
		client = httputil.NewProxyClientConn(myConn, nil)
	}

	// debug
	w.dbg(1, "Making GET request\n")

	// write our request to the socket
	err = client.Write(request)
	if err != nil {
		w.dbgError("Error writing request : %s\n", err)
		return
	}

	// read our response headers
	response, err := client.Read(request)
	if err != nil {
		// did we get a 400?
		if response.StatusCode == 400 {
			w.dbgError("400 response received.. \n")
			return
		}
		// did we get a 404?
		if response.StatusCode == 404 {
			w.dbgError("404 response received.. \n")
			return
		}
		// any other error, exit out
		w.dbgError("Error reading response : %s\n", err)
		return
	}

	w.dbg(1, "Status: %s\n", response.Status)

	// did we get a response?
	if len(response.Header) == 0 {
		w.dbgError("0 length response, something probably broke")
		return
	}

	// measure response header time
	timestop = time.Now()
	respTime := (timestop.Sub(timestart))

	// defer close since we still want to read the body of the object
	defer response.Body.Close()

	// build a reader
	br := bufio.NewReader(response.Body)

	// now read the first byte
	c, err := br.ReadByte()
	if err != nil {
		w.dbgError("Could not read data: %s\n", err)
		return
	}

	// measure our first byte time, this is normally 0ms however longer periods could be indicative of a problem
	timestop = time.Now()
	byteTime := (timestop.Sub(timestart))

	// ok, read the rest of the response
	n, err := br.Read(buffer)
	count := n
	for err != io.EOF {
		n, err = br.Read(buffer)
		count += n
	}

	// did we fail to read everything?
	if err != nil && err != io.EOF {
		w.dbgError("Error on data read, continuing with only %d bytes of %s read\n", count+1, response.Header.Get("Content-Length"))
	}

	// measure our overall time to proccess the entire transaction
	timestop = time.Now()
	totalTime := (timestop.Sub(timestart))

	w.dbg(2, "Received %d bytes total\n", count+1)
	w.dbg(3, "Response: %s%s\n", string(c), string(buffer))

	// shut down the client
	client.Close()

	// properly close out our other connections
	myConn.Close()
	if work.ssl {
		tlsConn.Close()
	}

	if work.gph != nil {
		// Graphite selected
		w.dbg(2, "Graphite selected...\n")
		gname := strings.Replace(work.target, ".", "_", -1)
		prefix := ""
		if config.prefix != "" {
			prefix = fmt.Sprintf("%s/", config.prefix)
		}
		if work.ssl {
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/dns_time", prefix, gname, work.port), float64(iplookup/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/connect_time", prefix, gname, work.port), float64(tcpConnect/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/ssl_time", prefix, gname, work.port), float64(sslHandshake/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/response_time", prefix, gname, work.port), float64(respTime/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/byte_time", prefix, gname, work.port), float64(byteTime/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/ssl_port_%d/total_time", prefix, gname, work.port), float64(totalTime/1000000))
		} else {
			work.gph.PostOne(fmt.Sprintf("%s%s/http_port_%d/dns_time", prefix, gname, work.port), float64(iplookup/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/http_port_%d/connect_time", prefix, gname, work.port), float64(tcpConnect/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/http_port_%d/response_time", prefix, gname, work.port), float64(respTime/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/http_port_%d/byte_time", prefix, gname, work.port), float64(byteTime/1000000))
			work.gph.PostOne(fmt.Sprintf("%s%s/http_port_%d/total_time", prefix, gname, work.port), float64(totalTime/1000000))
		}

		// if we've defined multiple, output in all defined formats + stdout
		if !config.multiple {
			return
		}
	}

	// PublishMetric(host string, instance string, key string, value int64) (error Error) {

	// add tsdb writing
	if config.tval != "" {
		w.dbg(2, "Writing to tsdb server...\n")
		var METRIC []interface{}
		var tags map[string]interface{}
		var metric map[string]interface{}

		tstamp := int64(time.Now().Unix())

		if work.ssl {
			tags = map[string]interface{}{"host": work.target, "port": work.port, "type": "ssl"}
			metric = map[string]interface{}{"metric": "handshake_time", "value": int64(sslHandshake / 1000000), "timestamp": tstamp, "tags": tags}
			METRIC = append(METRIC, metric)
		} else {
			tags = map[string]interface{}{"Host": work.target, "Port": work.port, "Type": "http"}
		}
		metric = map[string]interface{}{"metric": "dns_lookup", "value": int64(iplookup / 1000000), "timestamp": tstamp, "tags": tags}
		METRIC = append(METRIC, metric)
		metric = map[string]interface{}{"metric": "connect_time", "value": int64(tcpConnect / 1000000), "timestamp": tstamp, "tags": tags}
		METRIC = append(METRIC, metric)
		metric = map[string]interface{}{"metric": "response_time", "value": int64(respTime / 1000000), "timestamp": tstamp, "tags": tags}
		METRIC = append(METRIC, metric)
		metric = map[string]interface{}{"metric": "firstbyte_time", "value": int64(byteTime / 1000000), "timestamp": tstamp, "tags": tags}
		METRIC = append(METRIC, metric)
		metric = map[string]interface{}{"metric": "total_time", "value": int64(totalTime / 1000000), "timestamp": tstamp, "tags": tags}
		METRIC = append(METRIC, metric)

		b, _ := json.Marshal(METRIC)
		err = writeTSDB(b)
		if err != nil {
			dbg(1, "Error writing to tsdb server: %s\n", err)
		}

		// if we've defined multiple, output in all defined formats + stdout
		if !config.multiple {
			return
		}
	}

	// add collectd style output
	if config.collectd {
		if work.ssl {
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-dns_time interval=%d N:%d\n", work.target, work.port, config.interval, iplookup/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-connect_time interval=%d N:%d\n", work.target, work.port, config.interval, tcpConnect/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-ssl_time interval=%d N:%d\n", work.target, work.port, config.interval, sslHandshake/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-response_time interval=%d N:%d\n", work.target, work.port, config.interval, respTime/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-byte_time interval=%d N:%d\n", work.target, work.port, config.interval, byteTime/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/ssl_port_%d/milliseconds-total_time interval=%d N:%d\n", work.target, work.port, config.interval, totalTime/1000000)
		} else {
			fmt.Fprintf(os.Stdout, "PUTVAL %s/http_port_%d/milliseconds-dns_time interval=%d N:%d\n", work.target, work.port, config.interval, iplookup/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/http_port_%d/milliseconds-connect_time interval=%d N:%d\n", work.target, work.port, config.interval, tcpConnect/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/http_port_%d/milliseconds-response_time interval=%d N:%d\n", work.target, work.port, config.interval, respTime/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/http_port_%d/milliseconds-byte_time interval=%d N:%d\n", work.target, work.port, config.interval, byteTime/1000000)
			fmt.Fprintf(os.Stdout, "PUTVAL %s/http_port_%d/milliseconds-total_time interval=%d N:%d\n", work.target, work.port, config.interval, totalTime/1000000)
		}

		// if we've defined multiple, output in all defined formats + stdout
		if !config.multiple {
			return
		}
	}

	// add function for zabbix
	if config.zabbix {
		if work.ssl {
			fmt.Fprintf(os.Stdout, "https_host=%s, port=%d, dns_lookup=%dms, socket_connect=%dms, ssl_negotiation=%dms, response_time=%dms, first_byte=%dms, total_time=%dms ",
				work.target, work.port, iplookup/1000000, tcpConnect/1000000, sslHandshake/1000000, respTime/1000000, byteTime/1000000, totalTime/1000000)
			if config.expires {
				i := 0
				state := tlsConn.ConnectionState()
				for _, v := range state.PeerCertificates {
					if i == 0 {
						myT := time.Now()
						myExpires := v.NotAfter.Sub(myT)
						fmt.Fprintf(os.Stdout, "expires=%dd\n", myExpires/8.64e13)
						i++
					}
				}
			} else {
				fmt.Fprintf(os.Stdout, "\n")
			}
		} else {
			fmt.Fprintf(os.Stdout, "host=%s, port=%d, dns_lookup=%dms, socket_connect=%dms, response_time=%dms, first_byte=%dms, total_time=%dms\n",
				work.target, work.port, iplookup/1000000, tcpConnect/1000000, respTime/1000000, byteTime/1000000, totalTime/1000000)
		}

		// if we've defined multiple, output in all defined formats + stdout
		if !config.multiple {
			return
		}
	}

	// print out our values
	if (!config.multiple) || (config.verbose) {
		if work.ssl {
			log.Printf("Host: %s -> DNS Lookup: %dms, Socket Connect: %dms, SSL Negotiation: %dms, Response Time: %dms, 1st Byte: %dms, Total Time: %dms\n",
				work.target, iplookup/1000000, tcpConnect/1000000, sslHandshake/1000000, respTime/1000000, byteTime/1000000, totalTime/1000000)
		} else {
			log.Printf("Host: %s -> DNS Lookup: %dms, Socket Connect: %dms, Response Time: %dms, 1st Byte: %dms, Total Time: %dms\n",
				work.target, iplookup/1000000, tcpConnect/1000000, respTime/1000000, byteTime/1000000, totalTime/1000000)
		}

		if work.ssl {
			if config.expires == true {
				i := 0
				state := tlsConn.ConnectionState()
				for _, v := range state.PeerCertificates {
					if i == 0 {
						myT := time.Now()
						myExpires := v.NotAfter.Sub(myT)
						fmt.Fprintf(os.Stdout, "Cert expires in: %d days\n", myExpires/8.64e13)
						i++
					}
				}
			}
		}
	}

	if config.verbose {

		log.Printf("StatusCode: %d\n", response.StatusCode)
		log.Printf("ProtoCol: %s\n", response.Proto)
		for k, v := range response.Header {
			log.Printf("%s: %v\n", k, v)
		}
		if work.ssl {
			if config.printcert == true {
				i := 0
				state := tlsConn.ConnectionState()
				for _, v := range state.PeerCertificates {
					if i == 0 {
						sslFrom := v.NotBefore
						sslTo := v.NotAfter
						log.Printf("Server key information:")
						log.Printf("\tCN:\t%v\n\tOU:\t%v\n\tOrg:\t%v\n", v.Subject.CommonName, v.Subject.OrganizationalUnit, v.Subject.Organization)
						log.Printf("\tCity:\t%v\n\tState:\t%v\n\tCountry:%v\n", v.Subject.Locality, v.Subject.Province, v.Subject.Country)
						log.Printf("SSL Certificate Valid:\n\tFrom: %v\n\tTo: %v\n", sslFrom, sslTo)
						log.Printf("Valid Certificate DNS:\n")
						if len(v.DNSNames) >= 1 {
							for dns := range v.DNSNames {
								log.Printf("\t%v\n", v.DNSNames[dns])
							}
						} else {
							log.Printf("\t%v\n", v.Subject.CommonName)
						}
						i++
					} else if i == 1 {
						log.Printf("Issued by:\n\t%v\n\t%v\n\t%v\n", v.Subject.CommonName, v.Subject.OrganizationalUnit, v.Subject.Organization)
						i++
					} else {
						// we're done here, lets move on
						break
					}
				}
			}
		}

		// throw in a new line to pretty it up
		log.Printf("")
	}

	return

}