walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Add experimental websocket with extended CONNECT

This commit is contained in:
Tatsuhiro Tsujikawa 2018-03-11 12:02:18 +09:00
parent a26eb08a89
commit 19d28365e9
9 changed files with 104 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
genheaderfunc.py
View File

@ -9,6 +9,7 @@ HEADERS = [
':scheme', ':scheme',
':status', ':status',
':host', # for spdy ':host', # for spdy
':protocol',
'expect', 'expect',
'host', 'host',
'if-modified-since', 'if-modified-since',
@ -31,6 +32,7 @@ HEADERS = [
"user-agent", "user-agent",
"date", "date",
"content-type", "content-type",
"sec-websocket-accept",
# disallowed h1 headers # disallowed h1 headers
'connection', 'connection',
'keep-alive', 'keep-alive',

22
src/http2.cc
View File

@ -438,6 +438,11 @@ void copy_headers_to_nva_internal(std::vector<nghttp2_nv> &nva,
kv = &(*it_via); kv = &(*it_via);
it_via = it; it_via = it;
break; break;
case HD_SEC_WEBSOCKET_ACCEPT:
if (flags & HDOP_STRIP_SEC_WEBSOCKET_ACCEPT) {
continue;
}
break;
} }
nva.push_back( nva.push_back(
make_nv_internal(kv->name, kv->value, kv->no_index, nv_flags)); make_nv_internal(kv->name, kv->value, kv->no_index, nv_flags));
@ -821,6 +826,11 @@ int lookup_token(const uint8_t *name, size_t namelen) {
return HD_FORWARDED; return HD_FORWARDED;
} }
break; break;
case 'l':
if (util::streq_l(":protoco", name, 8)) {
return HD__PROTOCOL;
}
break;
} }
break; break;
case 10: case 10:
@ -926,6 +936,15 @@ int lookup_token(const uint8_t *name, size_t namelen) {
break; break;
} }
break; break;
case 20:
switch (name[19]) {
case 't':
if (util::streq_l("sec-websocket-accep", name, 19)) {
return HD_SEC_WEBSOCKET_ACCEPT;
}
break;
}
break;
} }
return -1; return -1;
} }
@ -1313,7 +1332,8 @@ std::string path_join(const StringRef &base_path, const StringRef &base_query,
} }
bool expect_response_body(int status_code) { bool expect_response_body(int status_code) {
return status_code / 100 != 1 && status_code != 304 && status_code != 204; return status_code == 101 ||
(status_code / 100 != 1 && status_code != 304 && status_code != 204);
} }
bool expect_response_body(const std::string &method, int status_code) { bool expect_response_body(const std::string &method, int status_code) {

4
src/http2.h
View File

@ -206,6 +206,8 @@ enum HeaderBuildOp {
// Strip above all header fields. // Strip above all header fields.
HDOP_STRIP_ALL = HDOP_STRIP_FORWARDED | HDOP_STRIP_X_FORWARDED_FOR | HDOP_STRIP_ALL = HDOP_STRIP_FORWARDED | HDOP_STRIP_X_FORWARDED_FOR |
HDOP_STRIP_X_FORWARDED_PROTO | HDOP_STRIP_VIA, HDOP_STRIP_X_FORWARDED_PROTO | HDOP_STRIP_VIA,
// Sec-WebSocket-Accept header field must be stripped.
HDOP_STRIP_SEC_WEBSOCKET_ACCEPT = 1 << 4,
}; };
// Appends headers in |headers| to |nv|. |headers| must be indexed // Appends headers in |headers| to |nv|. |headers| must be indexed
@ -293,6 +295,7 @@ enum {
HD__HOST, HD__HOST,
HD__METHOD, HD__METHOD,
HD__PATH, HD__PATH,
HD__PROTOCOL,
HD__SCHEME, HD__SCHEME,
HD__STATUS, HD__STATUS,
HD_ACCEPT_ENCODING, HD_ACCEPT_ENCODING,
@ -313,6 +316,7 @@ enum {
HD_LINK, HD_LINK,
HD_LOCATION, HD_LOCATION,
HD_PROXY_CONNECTION, HD_PROXY_CONNECTION,
HD_SEC_WEBSOCKET_ACCEPT,
HD_SERVER, HD_SERVER,
HD_TE, HD_TE,
HD_TRAILER, HD_TRAILER,

2
src/shrpx_client_handler.cc
View File

@ -978,7 +978,7 @@ ClientHandler::get_downstream_connection(int &err, Downstream *downstream) {
StringRef path; StringRef path;
// CONNECT method does not have path. But we requires path in // CONNECT method does not have path. But we requires path in
// host-path mapping. As workaround, we assume that path is "/". // host-path mapping. As workaround, we assume that path is "/".
if (req.method != HTTP_CONNECT) { if (!req.regular_connect_method()) {
path = req.path; path = req.path;
} }

5
src/shrpx_downstream.cc
View File

@ -722,7 +722,12 @@ bool Downstream::validate_response_recv_body_length() const {
void Downstream::check_upgrade_fulfilled() { void Downstream::check_upgrade_fulfilled() {
if (req_.method == HTTP_CONNECT) { if (req_.method == HTTP_CONNECT) {
if (req_.connect_proto) {
// TODO For websocket, check Sec-WebSocket-Accept header field.
upgraded_ = resp_.http_status == 101;
} else {
upgraded_ = 200 <= resp_.http_status && resp_.http_status < 300; upgraded_ = 200 <= resp_.http_status && resp_.http_status < 300;
}
return; return;
} }

17
src/shrpx_downstream.h
View File

@ -134,6 +134,12 @@ private:
bool trailer_key_prev_; bool trailer_key_prev_;
}; };
// Protocols allowed in HTTP/2 :protocol header field.
enum shrpx_connect_proto {
CONNECT_PROTO_NONE,
CONNECT_PROTO_WEBSOCKET,
};
struct Request { struct Request {
Request(BlockAllocator &balloc) Request(BlockAllocator &balloc)
: fs(balloc, 16), : fs(balloc, 16),
@ -153,6 +159,14 @@ struct Request {
unconsumed_body_length -= len; unconsumed_body_length -= len;
} }
bool regular_connect_method() const {
return method == HTTP_CONNECT && !connect_proto;
}
bool extended_connect_method() const {
return method == HTTP_CONNECT && connect_proto;
}
FieldStore fs; FieldStore fs;
// Timestamp when all request header fields are received. // Timestamp when all request header fields are received.
std::shared_ptr<Timestamp> tstamp; std::shared_ptr<Timestamp> tstamp;
@ -176,6 +190,9 @@ struct Request {
int method; int method;
// HTTP major and minor version // HTTP major and minor version
int http_major, http_minor; int http_major, http_minor;
// connect_protocol specified in HTTP/2 :protocol pseudo header
// field which enables extended CONNECT method.
int connect_proto;
// Returns true if the request is HTTP upgrade (HTTP Upgrade or // Returns true if the request is HTTP upgrade (HTTP Upgrade or
// CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2 // CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2
// Upgrade, check get_http2_upgrade_request(). // Upgrade, check get_http2_upgrade_request().

8
src/shrpx_http2_downstream_connection.cc
View File

@ -250,7 +250,7 @@ int Http2DownstreamConnection::push_request_headers() {
auto &http2conf = config->http2; auto &http2conf = config->http2;
auto no_host_rewrite = httpconf.no_host_rewrite || config->http2_proxy || auto no_host_rewrite = httpconf.no_host_rewrite || config->http2_proxy ||
req.method == HTTP_CONNECT; req.regular_connect_method();
// http2session_ has already in CONNECTED state, so we can get // http2session_ has already in CONNECTED state, so we can get
// addr_idx here. // addr_idx here.
@ -288,7 +288,7 @@ int Http2DownstreamConnection::push_request_headers() {
nva.push_back( nva.push_back(
http2::make_nv_ls_nocopy(":method", http2::to_method_string(req.method))); http2::make_nv_ls_nocopy(":method", http2::to_method_string(req.method)));
if (req.method != HTTP_CONNECT) { if (!req.regular_connect_method()) {
assert(!req.scheme.empty()); assert(!req.scheme.empty());
auto addr = http2session_->get_addr(); auto addr = http2session_->get_addr();
@ -339,7 +339,7 @@ int Http2DownstreamConnection::push_request_headers() {
if (fwdconf.params) { if (fwdconf.params) {
auto params = fwdconf.params; auto params = fwdconf.params;
if (config->http2_proxy || req.method == HTTP_CONNECT) { if (config->http2_proxy || req.regular_connect_method()) {
params &= ~FORWARDED_PROTO; params &= ~FORWARDED_PROTO;
} }
@ -380,7 +380,7 @@ int Http2DownstreamConnection::push_request_headers() {
nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-for", xff->value)); nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-for", xff->value));
} }
if (!config->http2_proxy && req.method != HTTP_CONNECT) { if (!config->http2_proxy && !req.regular_connect_method()) {
auto xfp = xfpconf.strip_incoming auto xfp = xfpconf.strip_incoming
? nullptr ? nullptr
: req.fs.header(http2::HD_X_FORWARDED_PROTO); : req.fs.header(http2::HD_X_FORWARDED_PROTO);

41
src/shrpx_http2_upstream.cc
View File

@ -391,6 +391,19 @@ int Http2Upstream::on_request_headers(Downstream *downstream,
} }
} }
if (!config->http2_proxy) {
auto connect_proto = req.fs.header(http2::HD__PROTOCOL);
if (connect_proto) {
if (connect_proto->value != "websocket") {
if (error_reply(downstream, 400) != 0) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
}
return 0;
}
req.connect_proto = CONNECT_PROTO_WEBSOCKET;
}
}
if (!(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { if (!(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) {
req.http2_expect_body = true; req.http2_expect_body = true;
} else if (req.fs.content_length == -1) { } else if (req.fs.content_length == -1) {
@ -1001,8 +1014,8 @@ Http2Upstream::Http2Upstream(ClientHandler *handler)
flow_control_ = true; flow_control_ = true;
// TODO Maybe call from outside? // TODO Maybe call from outside?
std::array<nghttp2_settings_entry, 3> entry; std::array<nghttp2_settings_entry, 4> entry;
size_t nentry = 2; size_t nentry = 3;
entry[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; entry[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
entry[0].value = http2conf.upstream.max_concurrent_streams; entry[0].value = http2conf.upstream.max_concurrent_streams;
@ -1014,6 +1027,9 @@ Http2Upstream::Http2Upstream(ClientHandler *handler)
entry[1].value = http2conf.upstream.window_size; entry[1].value = http2conf.upstream.window_size;
} }
entry[2].settings_id = NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL;
entry[2].value = 1;
if (http2conf.upstream.decoder_dynamic_table_size != if (http2conf.upstream.decoder_dynamic_table_size !=
NGHTTP2_DEFAULT_HEADER_TABLE_SIZE) { NGHTTP2_DEFAULT_HEADER_TABLE_SIZE) {
entry[nentry].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE; entry[nentry].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
@ -1662,11 +1678,11 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
nva.reserve(resp.fs.headers().size() + 5 + nva.reserve(resp.fs.headers().size() + 5 +
httpconf.add_response_headers.size()); httpconf.add_response_headers.size());
if (downstream->get_non_final_response()) {
auto response_status = http2::stringify_status(balloc, resp.http_status); auto response_status = http2::stringify_status(balloc, resp.http_status);
nva.push_back(http2::make_nv_ls_nocopy(":status", response_status)); nva.push_back(http2::make_nv_ls_nocopy(":status", response_status));
if (downstream->get_non_final_response()) {
http2::copy_headers_to_nva_nocopy(nva, resp.fs.headers(), http2::copy_headers_to_nva_nocopy(nva, resp.fs.headers(),
http2::HDOP_STRIP_ALL); http2::HDOP_STRIP_ALL);
@ -1688,8 +1704,19 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
return 0; return 0;
} }
http2::copy_headers_to_nva_nocopy( auto striphd_flags = http2::HDOP_STRIP_ALL & ~http2::HDOP_STRIP_VIA;
nva, resp.fs.headers(), http2::HDOP_STRIP_ALL & ~http2::HDOP_STRIP_VIA); StringRef response_status;
if (req.connect_proto && resp.http_status == 101) {
response_status = http2::stringify_status(balloc, 200);
striphd_flags |= http2::HDOP_STRIP_SEC_WEBSOCKET_ACCEPT;
} else {
response_status = http2::stringify_status(balloc, resp.http_status);
}
nva.push_back(http2::make_nv_ls_nocopy(":status", response_status));
http2::copy_headers_to_nva_nocopy(nva, resp.fs.headers(), striphd_flags);
if (!config->http2_proxy && !httpconf.no_server_rewrite) { if (!config->http2_proxy && !httpconf.no_server_rewrite) {
nva.push_back(http2::make_nv_ls_nocopy("server", httpconf.server_name)); nva.push_back(http2::make_nv_ls_nocopy("server", httpconf.server_name));
@ -1700,7 +1727,7 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
} }
} }
if (req.method != HTTP_CONNECT || !downstream->get_upgraded()) { if (!req.regular_connect_method() || !downstream->get_upgraded()) {
auto affinity_cookie = downstream->get_affinity_cookie_to_send(); auto affinity_cookie = downstream->get_affinity_cookie_to_send();
if (affinity_cookie) { if (affinity_cookie) {
auto dconn = downstream->get_downstream_connection(); auto dconn = downstream->get_downstream_connection();
@ -1874,7 +1901,7 @@ int Http2Upstream::on_downstream_abort_request_with_https_redirect(
int Http2Upstream::redirect_to_https(Downstream *downstream) { int Http2Upstream::redirect_to_https(Downstream *downstream) {
auto &req = downstream->request(); auto &req = downstream->request();
if (req.method == HTTP_CONNECT || req.scheme != "http") { if (req.regular_connect_method() || req.scheme != "http") {
return error_reply(downstream, 400); return error_reply(downstream, 400);
} }

18
src/shrpx_http_downstream_connection.cc
View File

@ -484,7 +484,7 @@ int HttpDownstreamConnection::push_request_headers() {
auto &balloc = downstream_->get_block_allocator(); auto &balloc = downstream_->get_block_allocator();
auto connect_method = req.method == HTTP_CONNECT; auto connect_method = req.regular_connect_method();
auto config = get_config(); auto config = get_config();
auto &httpconf = config->http; auto &httpconf = config->http;
@ -508,7 +508,8 @@ int HttpDownstreamConnection::push_request_headers() {
auto buf = downstream_->get_request_buf(); auto buf = downstream_->get_request_buf();
// Assume that method and request path do not contain \r\n. // Assume that method and request path do not contain \r\n.
auto meth = http2::to_method_string(req.method); auto meth = http2::to_method_string(
req.connect_proto == CONNECT_PROTO_WEBSOCKET ? HTTP_GET : req.method);
buf->append(meth); buf->append(meth);
buf->append(' '); buf->append(' ');
@ -552,7 +553,8 @@ int HttpDownstreamConnection::push_request_headers() {
// set transfer-encoding only when content-length is unknown and // set transfer-encoding only when content-length is unknown and
// request body is expected. // request body is expected.
if (!connect_method && req.http2_expect_body && req.fs.content_length == -1) { if (req.method != HTTP_CONNECT && req.http2_expect_body &&
req.fs.content_length == -1) {
downstream_->set_chunked_request(true); downstream_->set_chunked_request(true);
buf->append("Transfer-Encoding: chunked\r\n"); buf->append("Transfer-Encoding: chunked\r\n");
} }
@ -561,7 +563,11 @@ int HttpDownstreamConnection::push_request_headers() {
buf->append("Connection: close\r\n"); buf->append("Connection: close\r\n");
} }
if (!connect_method && req.upgrade_request) { if (req.connect_proto == CONNECT_PROTO_WEBSOCKET) {
// TODO Generate Sec-WebSocket-Key
buf->append("Upgrade: websocket\r\nConnection: "
"Upgrade\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\n");
} else if (!connect_method && req.upgrade_request) {
auto connection = req.fs.header(http2::HD_CONNECTION); auto connection = req.fs.header(http2::HD_CONNECTION);
if (connection) { if (connection) {
buf->append("Connection: "); buf->append("Connection: ");
@ -693,7 +699,7 @@ int HttpDownstreamConnection::push_request_headers() {
// Don't call signal_write() if we anticipate request body. We call // Don't call signal_write() if we anticipate request body. We call
// signal_write() when we received request body chunk, and it // signal_write() when we received request body chunk, and it
// enables us to send headers and data in one writev system call. // enables us to send headers and data in one writev system call.
if (connect_method || if (connect_method || req.connect_proto ||
(!req.http2_expect_body && req.fs.content_length == 0)) { (!req.http2_expect_body && req.fs.content_length == 0)) {
signal_write(); signal_write();
} }
@ -901,7 +907,7 @@ int htp_hdrs_completecb(http_parser *htp) {
return -1; return -1;
} }
} else if (resp.http_status / 100 == 1 || } else if (resp.http_status / 100 == 1 ||
(resp.http_status == 200 && req.method == HTTP_CONNECT)) { (resp.http_status == 200 && req.regular_connect_method())) {
if (resp.fs.header(http2::HD_CONTENT_LENGTH) || if (resp.fs.header(http2::HD_CONTENT_LENGTH) ||
resp.fs.header(http2::HD_TRANSFER_ENCODING)) { resp.fs.header(http2::HD_TRANSFER_ENCODING)) {
return -1; return -1;