From 7c8cb3a0ce08b3a2244e339654cca98033328acc Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Thu, 4 Oct 2018 12:04:15 +0900 Subject: [PATCH] nghttpx: Improve CONNECT response status handling --- src/shrpx_downstream.cc | 20 ++++++-------------- src/shrpx_http2_session.cc | 2 +- src/shrpx_http_downstream_connection.cc | 4 ++-- src/shrpx_https_upstream.cc | 2 +- 4 files changed, 10 insertions(+), 18 deletions(-) diff --git a/src/shrpx_downstream.cc b/src/shrpx_downstream.cc index 100cd965..2538aa95 100644 --- a/src/shrpx_downstream.cc +++ b/src/shrpx_downstream.cc @@ -764,19 +764,11 @@ bool Downstream::validate_response_recv_body_length() const { } void Downstream::check_upgrade_fulfilled_http2() { - if (req_.method == HTTP_CONNECT) { - // This handles nonzero req_.connect_proto as well. - upgraded_ = 200 <= resp_.http_status && resp_.http_status < 300; - - return; - } - - if (req_.connect_proto == CONNECT_PROTO_WEBSOCKET) { - // h1 frontend requests WebSocket upgrade - upgraded_ = resp_.http_status == 200; - - return; - } + // This handles nonzero req_.connect_proto and h1 frontend requests + // WebSocket upgrade. + upgraded_ = (req_.method == HTTP_CONNECT || + req_.connect_proto == CONNECT_PROTO_WEBSOCKET) && + resp_.http_status / 100 == 2; } void Downstream::check_upgrade_fulfilled_http1() { @@ -798,7 +790,7 @@ void Downstream::check_upgrade_fulfilled_http1() { upgraded_ = expected != "" && expected == accept->value; } else { - upgraded_ = 200 <= resp_.http_status && resp_.http_status < 300; + upgraded_ = resp_.http_status / 100 == 2; } return; diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc index b48a93c6..5342a14c 100644 --- a/src/shrpx_http2_session.cc +++ b/src/shrpx_http2_session.cc @@ -620,7 +620,7 @@ int htp_hdrs_completecb(http_parser *htp) { http_parser_pause(htp, 1); // We just check status code here - if (htp->status_code == 200) { + if (htp->status_code / 100 == 2) { if (LOG_ENABLED(INFO)) { SSLOG(INFO, http2session) << "Tunneling success"; } diff --git a/src/shrpx_http_downstream_connection.cc b/src/shrpx_http_downstream_connection.cc index b93c8e80..31f48a24 100644 --- a/src/shrpx_http_downstream_connection.cc +++ b/src/shrpx_http_downstream_connection.cc @@ -938,7 +938,7 @@ int htp_hdrs_completecb(http_parser *htp) { // Server MUST NOT send Transfer-Encoding with a status code 1xx or // 204. Also server MUST NOT send Transfer-Encoding with a status - // code 200 to a CONNECT request. Same holds true with + // code 2xx to a CONNECT request. Same holds true with // Content-Length. if (resp.http_status == 204) { if (resp.fs.header(http2::HD_TRANSFER_ENCODING)) { @@ -960,7 +960,7 @@ int htp_hdrs_completecb(http_parser *htp) { return -1; } } else if (resp.http_status / 100 == 1 || - (resp.http_status == 200 && req.method == HTTP_CONNECT)) { + (resp.http_status / 100 == 2 && req.method == HTTP_CONNECT)) { if (resp.fs.header(http2::HD_CONTENT_LENGTH) || resp.fs.header(http2::HD_TRANSFER_ENCODING)) { return -1; diff --git a/src/shrpx_https_upstream.cc b/src/shrpx_https_upstream.cc index ce800cc8..b6953a76 100644 --- a/src/shrpx_https_upstream.cc +++ b/src/shrpx_https_upstream.cc @@ -1147,7 +1147,7 @@ int HttpsUpstream::on_downstream_header_complete(Downstream *downstream) { if (!connect_method && downstream->get_upgraded()) { if (req.connect_proto == CONNECT_PROTO_WEBSOCKET && - resp.http_status == 200) { + resp.http_status / 100 == 2) { buf->append("Upgrade: websocket\r\nConnection: Upgrade\r\n"); auto key = req.fs.header(http2::HD_SEC_WEBSOCKET_KEY); if (!key || key->value.size() != base64::encode_length(16)) {