Commit Graph

1967 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa add067ed7e Provide timegm replacement and android build fix 2013-03-07 21:17:55 +09:00
Tatsuhiro Tsujikawa eddd48b783 shrpx: Don't issue RST_STREAM on downstream tunnel connection EOF
The RST_STREAM will be issued in spdy_data_read_callback.
2013-03-01 20:43:35 +09:00
Tatsuhiro Tsujikawa 2d23ae3741 shrpx: Fix missing delete 2013-03-01 00:07:00 +09:00
Tatsuhiro Tsujikawa cf1cfca51f shrpx: Fix not send RST_STREAM when downstream gets valid EOF 2013-03-01 00:05:57 +09:00
Tatsuhiro Tsujikawa da36fc3953 shrpx: Fix WINDOW_UPDATE may block until SpdyUpstream::send()
spdy_data_read_callback in SpdyDownstreamConnection calls
SpdyUpstream::resume_read() which submits WINDOW_UPDATE, but after
that they are not call SpdyUpstream::send(). This means that if no
pending outgoing data in upstream, then WINDOW_UPDATE is blocked until
SpdyUpstream::send() from somewhere. This change adds
SpdyUpstream::send() to resume_read() so that WINDOW_UPDATE is not
blocked.
2013-02-27 22:55:44 +09:00
Tatsuhiro Tsujikawa 7b3f57cef8 shrpx: Fix blocking upstream RST_STREAM and propagate REFUSED_STREAM
This change fixes upstream RST_STREAM is blocked until
SpdyUpstream::send() is called. Now downstream REFUSED_STREAM is
propagated to upstream client so that client can reset request.  The
RST_STREAM error code when downstream went wrong is changed from
CANCEL to INTERNAL_ERROR.
2013-02-27 22:39:44 +09:00
Tatsuhiro Tsujikawa dbb0df5c5b Remove strerror(3) from code which may run in multi-thread 2013-02-25 22:43:44 +09:00
Tatsuhiro Tsujikawa c487d152b2 shrpx: Add non-TLS SPDY backend connection support
Use --backend-spdy-no-tls to disable TLS on backend SPDY connection.
The SPDY protocol used there must be configured by
--backend-spdy-proto option.
2013-02-22 22:54:54 +09:00
Tatsuhiro Tsujikawa fc26f08af2 shrpx: Fix Proxy-Authorization is alwasy sent even if userinfo is empty
Surprisingly, field_set & UF_USERINFO is nonzero even if userinfo
component is empty string.
2013-02-22 21:23:59 +09:00
Tatsuhiro Tsujikawa 78523c6701 shrpx: Fix backend SPDY connection does not go through proxy 2013-02-22 19:30:15 +09:00
Tatsuhiro Tsujikawa 64fcac48b7 shrpx: Fix bug in building certificate lookup tree 2013-02-16 17:51:38 +09:00
Tatsuhiro Tsujikawa c8167234fa shrpx: Fix bug in certificate lookup 2013-02-16 02:33:16 +09:00
Tatsuhiro Tsujikawa abe5fd1e39 spdycat: Fix -d option in usage 2013-02-14 21:25:46 +09:00
Tatsuhiro Tsujikawa 54d5dda6c4 spdycat: Add --multiply option 2013-02-14 21:24:57 +09:00
Tatsuhiro Tsujikawa 3d2ef18afb spdycat: Fix error handling of spdylay_gzip_inflate() 2013-02-14 21:12:16 +09:00
Tatsuhiro Tsujikawa 291cbc639b shrpx: Use patricia trie for cert lookup 2013-02-14 00:28:55 +09:00
Tatsuhiro Tsujikawa e322af8a6f src: Add missing base64.h 2013-02-11 21:49:04 +09:00
Tatsuhiro Tsujikawa e28f169228 shrpx: More backend EOF handling
Now we set Downstream::set_response_connection_close(true) for
tunneled connections. Also call
Upstream::on_downstream_body_complete() callback when setting
MSG_COMPLETE in SpdySession when RST_STREAM is caught.  Clean up EOF
handling in https_downstream_readcb.
2013-02-11 17:20:52 +09:00
Tatsuhiro Tsujikawa d830e099a6 shrpx: Send pending response data before RST_STREAM in tunnel connection 2013-02-11 02:05:11 +09:00
Tatsuhiro Tsujikawa 734d7bced8 shrpx: Handle downstream response_state == MSG_RESET case in SPDY upstream 2013-02-09 23:20:29 +09:00
Tatsuhiro Tsujikawa 8b6fbbf3a6 shrpx: Update --backend-http-proxy-uri usage 2013-02-09 19:08:02 +09:00
Tatsuhiro Tsujikawa 39df51188c shrpx: Log stream ID when submitting RST_STREAM to downstream 2013-02-09 17:56:44 +09:00
Tatsuhiro Tsujikawa ceba5539a1 shrpx: Fix client mode does not work 2013-02-09 17:45:57 +09:00
Tatsuhiro Tsujikawa 18dc6384d4 shrpx: Remove x-forwarded-proto header from SPDY downstream
SPDY frame has :scheme header field, so x-forwarded-proto is not
necessary.
2013-02-09 17:22:33 +09:00
Tatsuhiro Tsujikawa b43b31c362 shrpx: Remove x-forwarded-spdy header field 2013-02-09 17:21:46 +09:00
Tatsuhiro Tsujikawa 4876412f7d shrpx: Check return value of HttpsUpstream::resume_read()
Currently, resume_read() fails if on_read() returns -1 in case that
evbuffer_add failed, which means, most likely, memory allocation
failure. ClientHandler is marked "should be closed", but if
evbuffer_add is failed, write callback will not be invoked and its
marking is not evaluated. It will eventually be deleted when the
client is disconnected or backend failure though.
2013-02-09 17:03:03 +09:00
Tatsuhiro Tsujikawa 99b687ceca shrpx: Documented --spdy-bridge 2013-02-09 16:55:49 +09:00
Tatsuhiro Tsujikawa cb8b8050b5 shprx: Add --backend-http-proxy-uri option
Specify proxy URI in the form http://[USER:PASS]PROXY:PORT. USER and
PASS are optional and if they exist they must be properly
percent-encoded. This proxy is used when the backend connection is
SPDY. First, make a CONNECT request to the proxy and it connects to
the backend on behalf of shrpx. This forms tunnel. After that, shrpx
performs SSL/TLS handshake with the downstream through the tunnel. The
timeouts when connecting and making CONNECT request can be specified
by --backend-read-timeout and --backend-write-timeout options.
2013-02-09 16:55:39 +09:00
Tatsuhiro Tsujikawa 9ba19df813 shrpx: Add --spdy-bridge option
With --spdy-bridge option, it listens SPDY/HTTPS connections from
front end and forwards them to the backend in SPDY. The usage will be
written later. This change fixes the crash when more than 2
outstanding SpdyDownstreamConnection objects are added to SpdySession
and establishing connection to SPDY backend is failed.
2013-02-08 21:46:58 +09:00
Tatsuhiro Tsujikawa 8925c58d71 shrpx: Send RST_STREAM when downstream becomes stale 2013-02-08 00:22:22 +09:00
Tatsuhiro Tsujikawa 9b4245368a shrpx: Refactor spdy downstream header field handling 2013-02-07 21:53:20 +09:00
Tatsuhiro Tsujikawa c707125839 shrpx: Explicitly hold server SSL_CTX and client SSL_CTX 2013-02-07 21:13:36 +09:00
Tatsuhiro Tsujikawa b18af854af shrpx: Add --subcert option to add additional certificate/private key
This option specifies additional certificate and private key
file. Shrpx will choose certificates based on the hostname indicated
by client using TLS SNI extension. This option can be used multiple
times.
2013-02-06 23:41:28 +09:00
Tatsuhiro Tsujikawa e3401b0159 shrpx: Lowercase x-forwarded-proto 2013-02-01 23:36:08 +09:00
Tatsuhiro Tsujikawa ae0533334c shrpx: Relay Connection: upgrade header field for HTTP/1.1 connections 2013-02-01 23:30:12 +09:00
Tatsuhiro Tsujikawa d9611e65ac spdycat: Send "accept-encoding: gzip, deflate" header field 2013-02-01 00:17:28 +09:00
Tatsuhiro Tsujikawa 2e3cd7d04f spdycat: Output error messages to std::cerr 2013-01-30 21:50:36 +09:00
Tatsuhiro Tsujikawa 37cb94d154 src: Use clock_gettime instead of gettimeofday if available 2013-01-27 17:16:13 +09:00
Tatsuhiro Tsujikawa 09154c61f6 spdycat, spdyd: Color verbose output 2013-01-27 16:27:17 +09:00
Tatsuhiro Tsujikawa 964c0d1005 shrpx: Don't return chunked response for pre-HTTP/1.1 request 2013-01-27 16:20:14 +09:00
Tatsuhiro Tsujikawa 817f35f3e4 spdycat: Free fd and SSL object on error 2013-01-25 23:15:34 +09:00
Tatsuhiro Tsujikawa ac01e48f7a spdycat: Initialize SpdySession::sc 2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa f6c0061117 spdycat: Log if set_tcp_nodelay() failed 2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa f0fc026799 shrpx: Check return value of library functions 2013-01-25 22:58:07 +09:00
Tatsuhiro Tsujikawa 9f28b3056f spdyd: Initialize Config::on_request_recv_callback 2013-01-25 21:37:43 +09:00
Tatsuhiro Tsujikawa 6732219dc7 spdyd: ListenEventHandler creation fix 2013-01-25 21:27:54 +09:00
Tatsuhiro Tsujikawa 5774f8110d shrpx: Fix resource leak 2013-01-25 21:26:03 +09:00
Tatsuhiro Tsujikawa 29bec93eb9 shrpx: Don't run expensive INFO log code
INFO log and its surrounding code are now guarded by
LOG_ENABLED(SEVERITY) macro so that they don't run if log level
threshold is higher. This increases performance because log formatting
is somewhat expensive.
2013-01-21 22:48:08 +09:00
Tatsuhiro Tsujikawa 87c1f07013 shrpx: HttpsUpstream::error_reply() without std::stringstream 2013-01-16 22:51:33 +09:00
Tatsuhiro Tsujikawa c48fb56d3f shrpx: Add content-length header field to SPDY upstream error page
create_error_html() is rewritten without std::stringstream.
2013-01-16 22:47:39 +09:00
Tatsuhiro Tsujikawa dc2fe52e57 shrpx: Add missing \n to help message 2013-01-12 16:42:48 +09:00
Tatsuhiro Tsujikawa ae8e5b7a95 spdycat: Add -d option to POST data 2013-01-11 00:15:45 +09:00
Tatsuhiro Tsujikawa 28489fd6a8 shrpx: Set TCP_NODELAY to downstream sockets 2013-01-11 00:11:41 +09:00
Tatsuhiro Tsujikawa e454cc1301 shrpx: Remove warn log from upstream_{read,write}cb 2013-01-11 00:10:08 +09:00
Tatsuhiro Tsujikawa c306402a20 shrpx: Capitalize header field name in HTTP downstream connection 2013-01-09 22:55:29 +09:00
Tatsuhiro Tsujikawa c45fa16f94 shrpx: Add --no-via option
If --no-via option is given, shrpx does not append to Via header
field. If Via header field is received, it is left unaltered.
2013-01-09 22:03:49 +09:00
Tatsuhiro Tsujikawa 4d1f1f2395 shrpx: Log IP version number when getaddrinfo failed 2013-01-09 22:03:34 +09:00
Tatsuhiro Tsujikawa 6da492c4e8 Remove uri.{cc,h} and use http_parser_parse_url() instead 2013-01-09 00:42:06 +09:00
Tatsuhiro Tsujikawa 633e85246f Include http-parser/http_parser.h locally 2013-01-05 23:21:09 +09:00
Tatsuhiro Tsujikawa 6a4a0e7f8c Remove useless extern "C" 2013-01-05 23:20:18 +09:00
Tatsuhiro Tsujikawa be5066c450 Updated http-parser 2012-12-23 01:13:02 +09:00
Tatsuhiro Tsujikawa 92260ccc81 Add patch for http-parser to handle tunneling connection transparently 2012-12-20 01:05:51 +09:00
Tatsuhiro Tsujikawa 9425f8a45f shrpx: Handle graceful shutdown in SPDY backend 2012-12-17 01:10:45 +09:00
Tatsuhiro Tsujikawa 3ba73db7d7 shrpx: Remove unused function modify_location_header_value 2012-12-14 01:14:42 +09:00
Tatsuhiro Tsujikawa 4d80a26188 spdycat: Log error when no supported SPDY version was negotiated 2012-12-12 23:28:32 +09:00
Tatsuhiro Tsujikawa 8c456674cf shrpx: Remove upstream_spdy_stream and upstream_spdy_stream_close
upstream_response logs more detailed information.
2012-12-09 23:30:11 +09:00
Tatsuhiro Tsujikawa 90eebbc88c shrpx: Log status code, method, path and HTTP version in accesslog 2012-12-09 23:29:43 +09:00
Tatsuhiro Tsujikawa 6ef9b7430d shrpx: Color HTTP headers in console log 2012-12-09 21:36:02 +09:00
Tatsuhiro Tsujikawa 9b1f36d274 shrpx: Color severity level in terminal
Color severity level if stderr refers to a terminal.
2012-12-09 21:02:48 +09:00
Tatsuhiro Tsujikawa bbf6c18575 shrpx: Log format change
Added macros which log messages from the following components are
prefixed with their component name + object pointer address:

ListenHandler: LISTEN
ThreadEventReceiver: THREAD_RECV
Upstream: UPSTREAM
Downstream: DOWNSTREAM
DownstreamConnection: DCONN
SpdySession: DSPDY
2012-12-09 19:15:14 +09:00
Tatsuhiro Tsujikawa 65e965791f shrpx: Replace strncpy + putting null with memcpy in ssl_pem_passwd_cb 2012-12-07 23:42:58 +09:00
Tatsuhiro Tsujikawa 06220f7fdf shrpx: Make is_secure() static 2012-12-07 23:14:20 +09:00
Raul Gutierrez Segales cbf8ccf7d1 [shrpx] read private key's passwd from a file
This avoids the need to provide the password for your
private key interactively.

It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.

The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.

If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).

If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa f97110f092 spdycat, spdyd: Support SPDY without SSL/TLS
Use --no-tls option to disable SSL/TLS and specify SPDY protocol
version using -2 or -3.
2012-11-25 21:58:44 +09:00
Tatsuhiro Tsujikawa 50211bc1ad shrpx: Replace "https" with "http" in log message in shrpx_https_upstream.cc 2012-11-23 21:30:57 +09:00
Tatsuhiro Tsujikawa 282b8b567a shrpx: Log upstream https request headers 2012-11-23 21:30:17 +09:00
Tatsuhiro Tsujikawa 8f62441112 src: Rewrite util::stripIter 2012-11-23 21:14:39 +09:00
Tatsuhiro Tsujikawa baf2dc3ddf shrpx: Add --backend-ipv4 and --backend-ipv6 options. 2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa 7a21905312 shrpx: Remove Config ctor and fill all initial values in fill_default_config() 2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa c1332a35a5 shrpx: Add -v, --version option 2012-11-22 23:08:36 +09:00
Tatsuhiro Tsujikawa 774e64d2b4 shrpx: Group up options in -h output 2012-11-22 23:04:27 +09:00
Tatsuhiro Tsujikawa 9c70c1b867 shrpx: Code cleanup 2012-11-22 22:05:52 +09:00
Tatsuhiro Tsujikawa 4349d42988 shrpx: Add usage for <PRIVATE_KEY> <CERT> 2012-11-22 22:00:38 +09:00
Tatsuhiro Tsujikawa 9aa7af2c7f shrpx: Use SNI TLS extension in client mode 2012-11-22 21:51:11 +09:00
Tatsuhiro Tsujikawa d589f4c74c shrpx: Verify backend server's certificate in client mode
The -k, --insecure option is added to skip this verification.  The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa 8a5db1751e shrpx: Check the length of output buffer in write callback
Possibly because of deferred callback, we may get this callback when
the output buffer is not empty.
2012-11-22 03:13:30 +09:00
Tatsuhiro Tsujikawa 81adb6bc7f shrpx: Implement downstream SPDY flow control 2012-11-21 23:47:48 +09:00
Tatsuhiro Tsujikawa 0bf15a7694 Rename --client-mode as --client and add --client-proxy
With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
2012-11-21 22:10:35 +09:00
Tatsuhiro Tsujikawa fa552c6788 shrpx: Share SPDY session among multiple frontend connections per thread
In client mode, now SPDY connection to the backend server is
established per thread.  The frontend connections which belong to the
same thread share the SPDY connection.
2012-11-21 01:29:39 +09:00
Tatsuhiro Tsujikawa ae30e7f71b shrpx: Split request path into SPDY specific headers 2012-11-19 21:40:59 +09:00
Tatsuhiro Tsujikawa bebea5e16a Update http-parser 2012-11-19 02:16:42 +09:00
Tatsuhiro Tsujikawa 542fd6420b Fix recursive HttpsUpstream::on_read() call
Don't call HttpsUpstream::resume_read() from the call tree of
on_read().  Avoid parsing next http data after parse error.
2012-11-19 02:11:46 +09:00
Tatsuhiro Tsujikawa 077275e783 Fix typo SPDY/3 2012-11-19 02:10:58 +09:00
Tatsuhiro Tsujikawa aa07076f29 shrpx: Don't propagate expect: 100-continue to backend 2012-11-18 23:49:41 +09:00
Tatsuhiro Tsujikawa 52c4d26927 shrpx: Deadlock with upload data in clinet mode 2012-11-18 23:48:55 +09:00
Tatsuhiro Tsujikawa 19bf97b3e5 Support x-forwarded-proto and x-forwarded-for in SpdyDownstreamConnection 2012-11-18 23:04:14 +09:00
Tatsuhiro Tsujikawa 026f4ca3a2 Add --client-mode option
With --client-mode option, shrpx now accepts unencrypted HTTP
connections and communicates with backend server in SPDY.  In short,
this is the "reversed" operation mode against normal mode.  This may
be useful for testing purpose because it can sit between HTTP client
and shrpx "normal" mode.
2012-11-18 21:46:07 +09:00
Tatsuhiro Tsujikawa aa64a7f7f5 Don't send response-body for 304 response 2012-11-18 21:22:08 +09:00
Tatsuhiro Tsujikawa 4748443899 shrpx: Log detailed error description in SSL code 2012-11-14 21:14:11 +09:00
Raul Gutierrez Segales 6f6f6ffc41 [shrpx] fix password handling for certs keys
We should only call daemon() after ListenHandler is
instantiated, where  SSL_CTX_use_PrivateKey_file is called,
otherwise we have no stdin/stdout to get the password for
keyfile.
2012-10-27 22:29:27 -07:00
Tatsuhiro Tsujikawa fdc19550fc spdyd: Open file with O_BINARY flag 2012-10-16 22:57:26 +09:00
Tatsuhiro Tsujikawa 22840dbfaf spdycat: Handle timeout in connect and SSL/TLS handshake 2012-10-14 23:39:41 +09:00
Tatsuhiro Tsujikawa a28e1c6e7d Add src/.gitignore and edit examples/.gitignore 2012-10-06 00:01:13 +09:00
Tatsuhiro Tsujikawa 2ea0c1c1b0 Add missing url_parser.c 2012-10-05 23:56:26 +09:00
Tatsuhiro Tsujikawa 9378b74fc3 spdycat: Rewritten time_delta 2012-10-04 23:54:39 +09:00
Tatsuhiro Tsujikawa c0577602d1 shrpx: Made SPDY/3 default protocol in SPDY proxy mode
The reason why we choose SPDY/2 as default for SPDY prxy was due to
Chrome's window update bug. Now its fix is available in Chrome stable,
we make SPDY/3 as default.
2012-10-01 23:01:44 +09:00
Tatsuhiro Tsujikawa e69947a054 Removed trailing spaces 2012-10-01 21:51:24 +09:00
Tatsuhiro Tsujikawa 9d6257a4cc spdycat: Just return in check_response_header if stream_user_data is NULL
We cannot use assert(stream_user_data) because server-pushed stream
does not have stream_user_data.
2012-09-22 16:07:49 +09:00
Tatsuhiro Tsujikawa 00172f827a spdycat: Add missing break after handling -H option 2012-09-22 16:05:20 +09:00
Tatsuhiro Tsujikawa abf2ddc3a6 shrpx: Use request HTTP version in HTTPS upstream response 2012-09-20 22:36:17 +09:00
Tatsuhiro Tsujikawa 5597ee68da shrpx: Use raw pointer for downstream instead of deque 2012-09-20 22:28:40 +09:00
Tatsuhiro Tsujikawa c78e0ca055 shrpx: Log when SPDY stream is closed 2012-09-15 17:27:20 +09:00
Tatsuhiro Tsujikawa 7f481e42b0 shrpx: Add more spdylay callback
The on_ctrl_not_send_callback, on_ctrl_recv_parse_error_callback and
on_unknown_ctrl_recv_callback were added. The latter 2 callbacks are
purely debugging purpose.  In on_ctrl_not_send_callback, If sending
SYN_REPLY failed, issue RST_STREAM to avoid a stream hanging around.
2012-09-15 17:19:58 +09:00
Tatsuhiro Tsujikawa 436b201d6f shrpx: Check request_connection_close_ when deciding closing connection
When deciding whether to close the client connection, check
request_connection_close_ of Downstream in addition of
response_connection_close_. Also we only add "Connection: Keep-Alive"
header to the HTTP/1.0 or HTTP/0.9 clients.
2012-09-13 21:33:35 +09:00
Tatsuhiro Tsujikawa 427b9ebfdb shrpx: Update http-parser 2012-09-11 00:12:23 +09:00
Tatsuhiro Tsujikawa ca415a2a15 Add --enable-src configure option
When --enable-src is given, the programs in src directory will be
built. If --disable-src is given, those programs will not be built. If
none of them are given, --enable-src is assumed.
2012-09-10 21:51:08 +09:00
Tatsuhiro Tsujikawa b0fcd68783 Move spdycat, spdyd and shrpx from examples to src
To distinguish the to-be-installed programs and non-installable
example source code, the former programs, spdycat, spdydyd and shrpx,
were moved to src directory. spdynative was removed from Makefile
because it does not appeal to any users much.
2012-09-10 21:39:51 +09:00