nghttpx: Add experimental websocket with extended CONNECT

This commit is contained in:
Tatsuhiro Tsujikawa 2018-03-11 12:02:18 +09:00
parent a26eb08a89
commit 19d28365e9
9 changed files with 104 additions and 23 deletions

View File

@ -9,6 +9,7 @@ HEADERS = [
':scheme',
':status',
':host', # for spdy
':protocol',
'expect',
'host',
'if-modified-since',
@ -31,6 +32,7 @@ HEADERS = [
"user-agent",
"date",
"content-type",
"sec-websocket-accept",
# disallowed h1 headers
'connection',
'keep-alive',

View File

@ -438,6 +438,11 @@ void copy_headers_to_nva_internal(std::vector<nghttp2_nv> &nva,
kv = &(*it_via);
it_via = it;
break;
case HD_SEC_WEBSOCKET_ACCEPT:
if (flags & HDOP_STRIP_SEC_WEBSOCKET_ACCEPT) {
continue;
}
break;
}
nva.push_back(
make_nv_internal(kv->name, kv->value, kv->no_index, nv_flags));
@ -821,6 +826,11 @@ int lookup_token(const uint8_t *name, size_t namelen) {
return HD_FORWARDED;
}
break;
case 'l':
if (util::streq_l(":protoco", name, 8)) {
return HD__PROTOCOL;
}
break;
}
break;
case 10:
@ -926,6 +936,15 @@ int lookup_token(const uint8_t *name, size_t namelen) {
break;
}
break;
case 20:
switch (name[19]) {
case 't':
if (util::streq_l("sec-websocket-accep", name, 19)) {
return HD_SEC_WEBSOCKET_ACCEPT;
}
break;
}
break;
}
return -1;
}
@ -1313,7 +1332,8 @@ std::string path_join(const StringRef &base_path, const StringRef &base_query,
}
bool expect_response_body(int status_code) {
return status_code / 100 != 1 && status_code != 304 && status_code != 204;
return status_code == 101 ||
(status_code / 100 != 1 && status_code != 304 && status_code != 204);
}
bool expect_response_body(const std::string &method, int status_code) {

View File

@ -206,6 +206,8 @@ enum HeaderBuildOp {
// Strip above all header fields.
HDOP_STRIP_ALL = HDOP_STRIP_FORWARDED | HDOP_STRIP_X_FORWARDED_FOR |
HDOP_STRIP_X_FORWARDED_PROTO | HDOP_STRIP_VIA,
// Sec-WebSocket-Accept header field must be stripped.
HDOP_STRIP_SEC_WEBSOCKET_ACCEPT = 1 << 4,
};
// Appends headers in |headers| to |nv|. |headers| must be indexed
@ -293,6 +295,7 @@ enum {
HD__HOST,
HD__METHOD,
HD__PATH,
HD__PROTOCOL,
HD__SCHEME,
HD__STATUS,
HD_ACCEPT_ENCODING,
@ -313,6 +316,7 @@ enum {
HD_LINK,
HD_LOCATION,
HD_PROXY_CONNECTION,
HD_SEC_WEBSOCKET_ACCEPT,
HD_SERVER,
HD_TE,
HD_TRAILER,

View File

@ -978,7 +978,7 @@ ClientHandler::get_downstream_connection(int &err, Downstream *downstream) {
StringRef path;
// CONNECT method does not have path. But we requires path in
// host-path mapping. As workaround, we assume that path is "/".
if (req.method != HTTP_CONNECT) {
if (!req.regular_connect_method()) {
path = req.path;
}

View File

@ -722,7 +722,12 @@ bool Downstream::validate_response_recv_body_length() const {
void Downstream::check_upgrade_fulfilled() {
if (req_.method == HTTP_CONNECT) {
if (req_.connect_proto) {
// TODO For websocket, check Sec-WebSocket-Accept header field.
upgraded_ = resp_.http_status == 101;
} else {
upgraded_ = 200 <= resp_.http_status && resp_.http_status < 300;
}
return;
}

View File

@ -134,6 +134,12 @@ private:
bool trailer_key_prev_;
};
// Protocols allowed in HTTP/2 :protocol header field.
enum shrpx_connect_proto {
CONNECT_PROTO_NONE,
CONNECT_PROTO_WEBSOCKET,
};
struct Request {
Request(BlockAllocator &balloc)
: fs(balloc, 16),
@ -153,6 +159,14 @@ struct Request {
unconsumed_body_length -= len;
}
bool regular_connect_method() const {
return method == HTTP_CONNECT && !connect_proto;
}
bool extended_connect_method() const {
return method == HTTP_CONNECT && connect_proto;
}
FieldStore fs;
// Timestamp when all request header fields are received.
std::shared_ptr<Timestamp> tstamp;
@ -176,6 +190,9 @@ struct Request {
int method;
// HTTP major and minor version
int http_major, http_minor;
// connect_protocol specified in HTTP/2 :protocol pseudo header
// field which enables extended CONNECT method.
int connect_proto;
// Returns true if the request is HTTP upgrade (HTTP Upgrade or
// CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2
// Upgrade, check get_http2_upgrade_request().

View File

@ -250,7 +250,7 @@ int Http2DownstreamConnection::push_request_headers() {
auto &http2conf = config->http2;
auto no_host_rewrite = httpconf.no_host_rewrite || config->http2_proxy ||
req.method == HTTP_CONNECT;
req.regular_connect_method();
// http2session_ has already in CONNECTED state, so we can get
// addr_idx here.
@ -288,7 +288,7 @@ int Http2DownstreamConnection::push_request_headers() {
nva.push_back(
http2::make_nv_ls_nocopy(":method", http2::to_method_string(req.method)));
if (req.method != HTTP_CONNECT) {
if (!req.regular_connect_method()) {
assert(!req.scheme.empty());
auto addr = http2session_->get_addr();
@ -339,7 +339,7 @@ int Http2DownstreamConnection::push_request_headers() {
if (fwdconf.params) {
auto params = fwdconf.params;
if (config->http2_proxy || req.method == HTTP_CONNECT) {
if (config->http2_proxy || req.regular_connect_method()) {
params &= ~FORWARDED_PROTO;
}
@ -380,7 +380,7 @@ int Http2DownstreamConnection::push_request_headers() {
nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-for", xff->value));
}
if (!config->http2_proxy && req.method != HTTP_CONNECT) {
if (!config->http2_proxy && !req.regular_connect_method()) {
auto xfp = xfpconf.strip_incoming
? nullptr
: req.fs.header(http2::HD_X_FORWARDED_PROTO);

View File

@ -391,6 +391,19 @@ int Http2Upstream::on_request_headers(Downstream *downstream,
}
}
if (!config->http2_proxy) {
auto connect_proto = req.fs.header(http2::HD__PROTOCOL);
if (connect_proto) {
if (connect_proto->value != "websocket") {
if (error_reply(downstream, 400) != 0) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
}
return 0;
}
req.connect_proto = CONNECT_PROTO_WEBSOCKET;
}
}
if (!(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) {
req.http2_expect_body = true;
} else if (req.fs.content_length == -1) {
@ -1001,8 +1014,8 @@ Http2Upstream::Http2Upstream(ClientHandler *handler)
flow_control_ = true;
// TODO Maybe call from outside?
std::array<nghttp2_settings_entry, 3> entry;
size_t nentry = 2;
std::array<nghttp2_settings_entry, 4> entry;
size_t nentry = 3;
entry[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
entry[0].value = http2conf.upstream.max_concurrent_streams;
@ -1014,6 +1027,9 @@ Http2Upstream::Http2Upstream(ClientHandler *handler)
entry[1].value = http2conf.upstream.window_size;
}
entry[2].settings_id = NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL;
entry[2].value = 1;
if (http2conf.upstream.decoder_dynamic_table_size !=
NGHTTP2_DEFAULT_HEADER_TABLE_SIZE) {
entry[nentry].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
@ -1662,11 +1678,11 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
nva.reserve(resp.fs.headers().size() + 5 +
httpconf.add_response_headers.size());
if (downstream->get_non_final_response()) {
auto response_status = http2::stringify_status(balloc, resp.http_status);
nva.push_back(http2::make_nv_ls_nocopy(":status", response_status));
if (downstream->get_non_final_response()) {
http2::copy_headers_to_nva_nocopy(nva, resp.fs.headers(),
http2::HDOP_STRIP_ALL);
@ -1688,8 +1704,19 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
return 0;
}
http2::copy_headers_to_nva_nocopy(
nva, resp.fs.headers(), http2::HDOP_STRIP_ALL & ~http2::HDOP_STRIP_VIA);
auto striphd_flags = http2::HDOP_STRIP_ALL & ~http2::HDOP_STRIP_VIA;
StringRef response_status;
if (req.connect_proto && resp.http_status == 101) {
response_status = http2::stringify_status(balloc, 200);
striphd_flags |= http2::HDOP_STRIP_SEC_WEBSOCKET_ACCEPT;
} else {
response_status = http2::stringify_status(balloc, resp.http_status);
}
nva.push_back(http2::make_nv_ls_nocopy(":status", response_status));
http2::copy_headers_to_nva_nocopy(nva, resp.fs.headers(), striphd_flags);
if (!config->http2_proxy && !httpconf.no_server_rewrite) {
nva.push_back(http2::make_nv_ls_nocopy("server", httpconf.server_name));
@ -1700,7 +1727,7 @@ int Http2Upstream::on_downstream_header_complete(Downstream *downstream) {
}
}
if (req.method != HTTP_CONNECT || !downstream->get_upgraded()) {
if (!req.regular_connect_method() || !downstream->get_upgraded()) {
auto affinity_cookie = downstream->get_affinity_cookie_to_send();
if (affinity_cookie) {
auto dconn = downstream->get_downstream_connection();
@ -1874,7 +1901,7 @@ int Http2Upstream::on_downstream_abort_request_with_https_redirect(
int Http2Upstream::redirect_to_https(Downstream *downstream) {
auto &req = downstream->request();
if (req.method == HTTP_CONNECT || req.scheme != "http") {
if (req.regular_connect_method() || req.scheme != "http") {
return error_reply(downstream, 400);
}

View File

@ -484,7 +484,7 @@ int HttpDownstreamConnection::push_request_headers() {
auto &balloc = downstream_->get_block_allocator();
auto connect_method = req.method == HTTP_CONNECT;
auto connect_method = req.regular_connect_method();
auto config = get_config();
auto &httpconf = config->http;
@ -508,7 +508,8 @@ int HttpDownstreamConnection::push_request_headers() {
auto buf = downstream_->get_request_buf();
// Assume that method and request path do not contain \r\n.
auto meth = http2::to_method_string(req.method);
auto meth = http2::to_method_string(
req.connect_proto == CONNECT_PROTO_WEBSOCKET ? HTTP_GET : req.method);
buf->append(meth);
buf->append(' ');
@ -552,7 +553,8 @@ int HttpDownstreamConnection::push_request_headers() {
// set transfer-encoding only when content-length is unknown and
// request body is expected.
if (!connect_method && req.http2_expect_body && req.fs.content_length == -1) {
if (req.method != HTTP_CONNECT && req.http2_expect_body &&
req.fs.content_length == -1) {
downstream_->set_chunked_request(true);
buf->append("Transfer-Encoding: chunked\r\n");
}
@ -561,7 +563,11 @@ int HttpDownstreamConnection::push_request_headers() {
buf->append("Connection: close\r\n");
}
if (!connect_method && req.upgrade_request) {
if (req.connect_proto == CONNECT_PROTO_WEBSOCKET) {
// TODO Generate Sec-WebSocket-Key
buf->append("Upgrade: websocket\r\nConnection: "
"Upgrade\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\n");
} else if (!connect_method && req.upgrade_request) {
auto connection = req.fs.header(http2::HD_CONNECTION);
if (connection) {
buf->append("Connection: ");
@ -693,7 +699,7 @@ int HttpDownstreamConnection::push_request_headers() {
// Don't call signal_write() if we anticipate request body. We call
// signal_write() when we received request body chunk, and it
// enables us to send headers and data in one writev system call.
if (connect_method ||
if (connect_method || req.connect_proto ||
(!req.http2_expect_body && req.fs.content_length == 0)) {
signal_write();
}
@ -901,7 +907,7 @@ int htp_hdrs_completecb(http_parser *htp) {
return -1;
}
} else if (resp.http_status / 100 == 1 ||
(resp.http_status == 200 && req.method == HTTP_CONNECT)) {
(resp.http_status == 200 && req.regular_connect_method())) {
if (resp.fs.header(http2::HD_CONTENT_LENGTH) ||
resp.fs.header(http2::HD_TRANSFER_ENCODING)) {
return -1;