Commit Graph

442 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa bb6f842b37 Check request/response submission error based side of session
Disallow request from server, and response from client respectively.
When the violation is detected, return NGHTTP2_ERR_PROTO from
nghttp2_submit_request, nghttp2_submit_response,
nghttp2_submit_headers.

We also did some refactoring, and now self-dependency detection is
placed where it is only required.
2016-01-11 16:18:39 +09:00
kumagi f3a37b2ef1 fix typos: heder->header alreay->already reponse->response 2016-01-05 22:19:33 +09:00
Tatsuhiro Tsujikawa 8716dd05d4 Return error from nghttp2_submit_{headers,request} when self dependency is made
Return NGHTTP2_ERR_INVALID_ARGUMENT from nghttp2_submit_headers() if
given stream ID and pri_spec->stream_id are the same (thus trying to
depend on itself).

Also return NGHTTP2_ERR_INVALID_ARGUMENT from nghttp2_submit_request()
and nghttp2_submit_headers() with stream_id == 1, when new stream ID
equals to pri_spec->stream_id.

Previously, these cases are not checked, and just sent to peer.
2015-12-25 21:37:18 +09:00
Tatsuhiro Tsujikawa a151a44caf Set max number of outgoing concurrent streams to 100 by default
Instead of using nonsensical large value for max outgoing concurrent
streams, use more sensible value, 100.
2015-12-03 23:45:03 +09:00
Tatsuhiro Tsujikawa 2288ee8060 Create stream object for pushed resource during nghttp2_submit_push_promise()
Previously, stream object for pushed resource was not created during
nghttp2_submit_push_promise().  It was created just before
nghttp2_before_frame_send_callback was called for that PUSH_PROMISE
frame.  This means that application could not call
nghttp2_submit_response for the pushed resource before
nghttp2_before_frame_send_callback was called.  This could be solved
by callback chaining, but for web server with back pressure from
backend stream, it is a bit unnecessarily hard to use.

This commit changes nghttp2_submit_push_promise() behaviour so that
stream object is created during that call.  It makes application call
nghttp2_submit_response right after successful
nghttp2_submit_push_promise call.
2015-12-02 21:16:30 +09:00
Tatsuhiro Tsujikawa 2754d9e2bb Update doc 2015-11-28 15:24:13 +09:00
Tatsuhiro Tsujikawa 12b2e0a2b3 Add nghttp2_session_create_idle_stream() API
See GH-436
2015-11-28 15:23:44 +09:00
Tatsuhiro Tsujikawa b08d5b1975 Explicitly treat stream_id 0 as error in nghttp2_session_change_stream_priority 2015-11-24 22:34:36 +09:00
Tatsuhiro Tsujikawa aa317c89ea Add API to change stream priority without sending PRIORITY frame
The added API is nghttp2_session_change_stream_priority().  This
provides the same functionality to re-prioritize stream when PRIORITY
frame.  is received, but we do it without PRIORITY frame.  This could
be useful for server to change pushed stream's priority silently.
2015-11-21 18:32:42 +09:00
Tatsuhiro Tsujikawa 63a50b1ccf Add nghttp2_session_check_server_session() API
This is very simple API, and it returns nonzero if session is
initialized as server.
2015-11-21 15:07:55 +09:00
Tatsuhiro Tsujikawa c6ef1c02b9 Switch to clang-format-3.6 2015-11-13 00:53:29 +09:00
Tatsuhiro Tsujikawa 269a100081 Add nghttp2_session_upgrade2(), deprecate nghttp2_session_upgrade()
To validate actual response body length against the value declared in
content-length response header field, we first check request method.
If request method is HEAD, respose body must be 0 regardless of the
value in content-length.  nghttp2_session_upgrade() has no parameter
to indicate the request method is HEAD, so we failed to validate
response body if HEAD is used with HTTP Upgrade.  New
nghttp2_session_upgrade2() accepts new parameter to indicate that
request method is HEAD or not to fix this issue.  Although, this issue
affects client side only, we deprecate nghttp2_session_upgrade() in
favor of nghttp2_session_upgrade2() for both client and server side.
2015-11-07 16:13:06 +09:00
Tatsuhiro Tsujikawa 43b230685f Introduce NGHTTP2_NV_FLAG_NO_COPY_NAME and NGHTTP2_NV_FLAG_NO_COPY_VALUE 2015-11-05 22:48:30 +09:00
Tatsuhiro Tsujikawa be0d0e2995 Rename nghttp2_session_request_allowed as nghttp2_session_check_request_allowed 2015-10-30 22:48:27 +09:00
Tatsuhiro Tsujikawa 1c37abc0dd Add nghttp2_session_request_allowed() API function
This function is useful for the client application to know that there
is a chance that request can be sent.  If this function returns 0,
there is zero chance to make a request.

This commit also set error_code passed to
nghttp2_on_stream_close_callback to NGHTTP2_REFUSED_STREAM if request
is not sent.
2015-10-29 22:53:30 +09:00
Tatsuhiro Tsujikawa 5d3d377c03 Add missing NGHTTP2_EXTERN to public functions 2015-10-25 16:51:50 +09:00
Tatsuhiro Tsujikawa ce74a30990 Use -fvisibility=hidden for internal functions
This will improve performance since we can avoid indirect call of
internal functions.  The downside is we now require libnghttp2 static
library to run unit tests.
2015-10-23 00:08:15 +09:00
Tatsuhiro Tsujikawa b1de6ca390 Update doc 2015-10-04 10:36:09 +09:00
Tatsuhiro Tsujikawa 45d4c9dece Add new error code NGHTTP2_ERR_PAUSE to send_data_callback
If application returns NGHTTP2_ERR_PAUSE from send_data_callback, it
means application processed all data, but wants to make
nghttp2_session_mem_send or nghttp2_session_send return immediately.
This is useful if application writes to fixed sized buffers, and there
is no room to write more data.
2015-10-03 17:16:42 +09:00
Tatsuhiro Tsujikawa d22ced77c0 Return fatal error if flooding is detected to close session immediately
This change adds new return error code from nghttp2_session_mem_recv
and nghttp2_session_recv functions, namely NGHTTP2_ERR_FLOODED.  It is
fatal error, and is returned when flooding was detected.
2015-09-30 22:19:03 +09:00
Tatsuhiro Tsujikawa 928a81885c Limit the number of incoming reserved (remote) streams
RFC 7540 does not enforce any limit on the number of incoming reserved
streams (in RFC 7540 terms, streams in reserved (remote) state).  This
only affects client side, since only server can push streams.
Malicious server can push arbitrary number of streams, and make
client's memory exhausted.  The new option,
nghttp2_set_max_reserved_remote_streams, can set the maximum number of
such incoming streams to avoid possible memory exhaustion.  If this
option is set, and pushed streams are automatically closed on
reception, without calling user provided callback, if they exceed the
given limit.  The default value is 200.  If session is configured as
server side, this option has no effect.  Server can control the number
of streams to push.
2015-08-23 21:43:41 +09:00
Tatsuhiro Tsujikawa 059280d1a5 Add stream public API
The intention of this stream API is give server application about
stream dependency information, so that it can utilize it for better
scheduling of stream processing.  We have no plan to add object
oriented API based on stream object.
2015-08-19 23:04:06 +09:00
Tatsuhiro Tsujikawa 7f71fed963 Allow multiple in-flight SETTINGS 2015-07-23 00:36:00 +09:00
Tatsuhiro Tsujikawa f3288092e8 Strictly check occurrence of dynamic table size update
RFC 7541 requires that dynamic table size update must occur at the
beginning of the first header block, and is signaled as SETTINGS
acknowledgement.  This commit checks these conditions.  If dynamic
table size update appears other than the beginning of the first header
block, it is treated as error.  If SETTINGS ACK is received, and next
HEADERS header block does not have dynamic table size update, it is
treated as error.
2015-07-22 00:11:23 +09:00
Tatsuhiro Tsujikawa 693fba3b64 Add more docs about NGHTTP2_ERR_DATA_EXIST and its condition
This commit documents NGHTTP2_ERR_DATA_EXIST also occurs if HEADERS
has been already attached to stream too.  This commit also fixes
possible assertion error, and now nghttp2_submit_headers() and
nghttp2_submit_response() may return NGHTTP2_ERR_DATA_EXIST.  But we
recommend to use nghttp2_submit_request() and
nghttp2_submit_response(), and using them will avoid this error.
2015-07-08 00:35:07 +09:00
Tatsuhiro Tsujikawa 3973d9ce12 Fix typo 2015-07-04 16:02:28 +09:00
Tatsuhiro Tsujikawa 1f7e6ea3fe Define NGHTTP2_EXTERN to __declspec(dllimport) when using nghttp2
The private global variable nghttp2_enable_strict_preface is also
marked as NGHTTP2_EXTERN, but it is test purpose only (test with
.dll), and not part of public API.  It could be removed in the future
release.
2015-05-28 22:36:43 +09:00
Tatsuhiro Tsujikawa 1ddff5bbf9 Include stdint.h instead of inttypes.h when compiled with MSVC < 2013 2015-05-20 22:33:57 +09:00
Tatsuhiro Tsujikawa 3a4c8bc8f1 Document about small write 2015-05-19 22:56:23 +09:00
Tatsuhiro Tsujikawa 0b27f005e0 Merge branch 'master' into v1.0.0
Conflicts:
	src/HttpServer.cc
2015-05-15 23:24:19 +09:00
Tatsuhiro Tsujikawa 53bfc70c9e Include inttypes.h (or cintypes for C++) instead of stdint.h
From autoconf manual, section 5.6.1 Portability of Headers, says:

"""
The C99 standard says that inttypes.h includes stdint.h, so there's no
need to include stdint.h separately in a standard environment. Some
implementations have inttypes.h but not stdint.h (e.g., Solaris 7),
but we don't know of any implementation that has stdint.h but not
inttypes.h.
"""
2015-05-14 00:17:45 +09:00
Tatsuhiro Tsujikawa e63d6e490a Merge branch 'master' into v1.0.0
Conflicts:
	lib/nghttp2_option.h
	lib/nghttp2_session.h
	src/HttpServer.cc
2015-05-08 19:21:51 +09:00
Tatsuhiro Tsujikawa 73e79130d1 Update doc 2015-05-07 21:14:21 +09:00
Tatsuhiro Tsujikawa f9a50333d2 Fix doc for nghttp2_select_next_protocol
We have to return this error code to notify OpenSSL that we have not
filled any values in |*out| and |*outlen|.
2015-04-28 23:12:27 +09:00
Tatsuhiro Tsujikawa 1c4df1832b Update doc, mainly for RFC numbers 2015-04-28 23:05:00 +09:00
Tatsuhiro Tsujikawa db4a68454a Merge branch 'master' into v1.0.0
Conflicts:
	lib/includes/nghttp2/nghttp2.h
2015-04-24 00:13:15 +09:00
Tatsuhiro Tsujikawa 6b0b8ea7d5 Update doc 2015-04-24 00:05:10 +09:00
Tatsuhiro Tsujikawa 514558afc0 Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from nghttp2_on_begin_headers_callback
Since application most likely allocates the stream object in
nghttp2_on_begin_headers_callback, it is desirable to handle its
failure as stream error.  But previously it only signals success or
fatal error.  Submitting RST_STREAM does not prevent
nghttp2_on_header_callback from being invoked.  This commit improves
this situation by allowing NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_begin_headers_callback.  If that value is returned, library
submits RST_STREAM with error code INTERNAL_ERROR, and
nghttp2_on_header_callback and nghttp2_on_frame_recv_callback for that
frame are not invoked.  Note that for PUSH_PROMISE frame, the stream
to be reset is promised stream.
2015-04-23 23:43:30 +09:00
Tatsuhiro Tsujikawa b9f602b9a2 Update doc 2015-04-23 21:14:09 +09:00
Tatsuhiro Tsujikawa 5937b4b6f7 Merge branch 'master' into v1.0.0 2015-04-19 23:13:38 +09:00
Tatsuhiro Tsujikawa 7323d4c639 Fix bug that nghttp2_session_set_next_stream_id accepts invalid stream_id 2015-04-17 00:12:47 +09:00
Tatsuhiro Tsujikawa cf0576253f Merge branch 'master' into v1.0.0 2015-04-08 18:10:04 +09:00
Tatsuhiro Tsujikawa d56ecd7414 Add nghttp2_session_consume_{connection,stream} to consume bytes independently
The existing nghttp2_session_consume() affects both connection and
stream level flow control windows.  The new functions only affects
either connection or stream.  There is some interesting use cases.
For example, we may want to pause a stream by not sending
WINDOW_UPDATE, meanwhile we want to continue to process other streams.
In this case, we use nghttp2_session_consume_connection() to tell
library that only connection level window is recovered.  The relevant
discussion: https://code.google.com/p/chromium/issues/detail?id=473259
2015-04-07 00:14:18 +09:00
Tatsuhiro Tsujikawa ef4e39be55 Update doc 2015-04-06 23:57:48 +09:00
Tatsuhiro Tsujikawa 3e50ef439d Announce h2, final HTTP/2 ALPN identifier 2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa d0c27d5229 Send 24 bytes client magic byte string by library
Previously nghttp2_session_send() and nghttp2_session_mem_send() did
not send 24 bytes client magic byte string (MAGIC).  We made
nghttp2_session_recv() and nghttp2_session_mem_recv() process MAGIC by
default, so it is natural to make library send MAGIC as well.  This
commit makes nghttp2_session_send() and nghttp2_session_mem_send()
send MAGIC.  This commit also replace "connection preface" with
"client magic", since we call MAGIC as "connection preface" but it is
just a part of connection preface.  NGHTTP2_CLIENT_CONNECTION_PREFACE
macro was replaced with NGHTTP2_CLIENT_MAGIC.  The already deprecated
NGHTTP2_CLIENT_CONNECTION_HEADER macro was removed permanently.
nghttp2_option_set_no_recv_client_preface() was renamed as
nghttp2_option_set_no_recv_client_magic().  NGHTTP2_ERR_BAD_PREFACE
was renamed as NGHTTP2_ERR_BAD_CLIENT_MAGIC.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa ebf214c8fc nghttp2_on_invalid_frame_recv_callback should have lib_error_code as param
nghttp2_error_code is HTTP/2 standard error code and is too coarse to
know what's going on.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 250ea53e4b Deal with 24 bytes client connection preface by default
Since HTTP/2 spec requires for client to send connection preface, it
is reasonable to make this option enabled by default.  It is still a
use case to disable this, so replace this option with
nghttp2_option_set_no_recv_client_preface().
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 01af6ea70c Remove ALTSVC related code
HTTP/2 and HPACK are going to be published as RFC, but ALTSVC is still
in draft state.  To make our API stable, it would be better to remove
ALTSVC API for 1.0.0 release.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 9eff511c5e Add nghttp2_send_data_callback to send DATA payload without copying
To avoid buffer copy in nghttp2_data_source_read_callback, this commit
introduces NGHTTP2_DATA_FLAG_NO_COPY and nghttp2_send_data_callback.
By using NGHTTP2_DATA_FLAG_NO_COPY in
nghttp2_data_source_read_callback, application can avoid to copy
application data to given buffer.  Instead, application has to
implement nghttp2_send_data_callback to send complete DATA frame by
itself.  We see noticeable performance increase in nghttpd and
tiny-nghttpd using this new feature.  On the other hand, nghttpx does
not show such difference, probably because buffer copy is not
bottleneck.  Using nghttp2_send_data_callback adds complexity, so it
is recommended to measure the performance to see whether this extra
complexity worth it.
2015-04-04 21:23:50 +09:00