Commit Graph

375 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 271f7fbbb6 Add nghttp2_on_invalid_header_callback
nghttp2_on_invalid_header_callback is similar to
nghttp2_on_header_callback, but the former is only called when the
invalid header field is received which is silently ignored when the
callback is not set.  With this callback, application inspects the
incoming invalid field, and it also can reset stream from this
callback by returning NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE, or using
nghttp2_submit_rst_stream() directly with the error code of choice.

We also added nghttp2_on_invalid_header_callback2, which uses
reference counted header fields.
2016-08-04 00:03:58 +09:00
Tatsuhiro Tsujikawa d2addbc1ed Add test for canceling PUSH_PROMISE 2016-07-02 21:19:54 +09:00
Tatsuhiro Tsujikawa 110ca3131a Cancel frame transmission from before_frame_send_callback
We define the behaviour when NGHTTP2_ERR_CANCEL is returned from
before_frame_send_callback.  That is to cancel the frame passed to the
callback.
2016-07-02 19:21:08 +09:00
Tatsuhiro Tsujikawa c7b0e04498 Add nghttp2_option_set_max_send_header_block_length API function
This function sets the maximum length of header block (a set of header
fields per HEADERS frame) to send.  The length of given set of header
fields is calculated using nghttp2_hd_deflate_bound().  Previously,
this is hard-coded, and is 64KiB.
2016-06-15 00:05:15 +09:00
Tatsuhiro Tsujikawa 204f9a3ec7 Add nghttp2_session_set_local_window_size() API function 2016-05-29 23:13:11 +09:00
Tatsuhiro Tsujikawa 9c0bd8c60a Fix compile error (again) with gcc and --enable-werror 2016-04-09 22:01:15 +09:00
Tatsuhiro Tsujikawa 16647622f5 Fix compile error with gcc and --enable-werror 2016-04-09 19:37:35 +09:00
Tatsuhiro Tsujikawa d4144a7475 altsvc: Add tests, ignore altsvc if stream does not exist 2016-04-09 19:14:15 +09:00
Tatsuhiro Tsujikawa efbd48b122 altsvc: Add tx tests 2016-04-08 23:25:56 +09:00
Tatsuhiro Tsujikawa e453759637 Add nghttp2_option_set_no_auto_ping_ack() option
This option prevents the nghttp2 library from sending PING frame with
ACK flag set in the reply to incoming PING frame.  To allow the
application to send PING with ACK flag set, nghttp2_submit_ping() now
recognizes NGHTTP2_FLAG_PING in its flags parameter.
2016-02-29 23:39:50 +09:00
Tatsuhiro Tsujikawa 34bf153653 Merge branch 'master' into simple-extensions 2016-02-24 23:21:03 +09:00
Peter Wu 63e43bff99 tests: remove unused macros
Since v0.6.2-7-g1d138ac ("Unify DATA and other frames in
nghttp2_outbound_item and save malloc()"), the macros are unused and the
builds fails on -Werror=unused-macros.
2016-02-15 10:20:13 +01:00
Tatsuhiro Tsujikawa fc39f2d9d2 Merge branch 'master' into simple-extensions 2016-02-07 21:09:08 +09:00
Tatsuhiro Tsujikawa 4a78f59e7b Rename nghttp2_session.sent_stream_id as last_sent_stream_id
This is more accurate, and there is symmetric relation between
last_sent_stream_id and last_recv_stream_id, which is bettern fit in
my sense.
2016-01-23 14:47:39 +09:00
Tatsuhiro Tsujikawa 1f7032088d Add test which covers remote stream window size overflow case 2016-01-23 12:01:29 +09:00
Tatsuhiro Tsujikawa 4ceb9fd767 Cancel stream if flow control window gets overflow
Previously, we did terminate session, but it did not actually cancel
streams.  Now we just cancel streams in this case.
2016-01-23 00:24:12 +09:00
Tatsuhiro Tsujikawa a23c9244d4 Make sure that upgraded response can be received from server 2016-01-15 17:03:13 +09:00
Tatsuhiro Tsujikawa e14da859b6 Merge branch 'master' into simple-extensions 2016-01-11 16:39:35 +09:00
Tatsuhiro Tsujikawa bb6f842b37 Check request/response submission error based side of session
Disallow request from server, and response from client respectively.
When the violation is detected, return NGHTTP2_ERR_PROTO from
nghttp2_submit_request, nghttp2_submit_response,
nghttp2_submit_headers.

We also did some refactoring, and now self-dependency detection is
placed where it is only required.
2016-01-11 16:18:39 +09:00
Tatsuhiro Tsujikawa 8f225ae88d Fix broken test_nghttp2_session_pop_next_ob_item 2016-01-11 00:46:44 +09:00
Tatsuhiro Tsujikawa 9cea986819 Strict outgoing idle stream detection
Previously, we use session->next_stream_id to detect that given stream
ID was idle or not.  But this was suboptimal, since it was updated
when stream ID was assigned, and it did not necessarily mean that it
actually has been sent to the peer.  Now we introduced
session->sent_stream_id, which only updated when HEADERS/PUSH_PROMISE
has sent.  Using sent_stream_id instead of next_stream_id tightens
idle stream detection, and misbehaved peer which sends frame with
stream ID that has not been generated.

This commit also overhauls test code which involves opening streams.
Now we have some wrapper functions for nghttp2_session_open_stream()
which also take care of updating next_stream_id and
last_recv_stream_id.  They are crucial for some tests.
2016-01-11 00:31:52 +09:00
Tatsuhiro Tsujikawa 0caefe20ef Merge branch 'master' into simple-extensions 2016-01-09 19:08:28 +09:00
Tatsuhiro Tsujikawa 3a9cb85d7a Add test to make sure idle streams are reduced 2015-12-26 00:30:55 +09:00
Tatsuhiro Tsujikawa 8716dd05d4 Return error from nghttp2_submit_{headers,request} when self dependency is made
Return NGHTTP2_ERR_INVALID_ARGUMENT from nghttp2_submit_headers() if
given stream ID and pri_spec->stream_id are the same (thus trying to
depend on itself).

Also return NGHTTP2_ERR_INVALID_ARGUMENT from nghttp2_submit_request()
and nghttp2_submit_headers() with stream_id == 1, when new stream ID
equals to pri_spec->stream_id.

Previously, these cases are not checked, and just sent to peer.
2015-12-25 21:37:18 +09:00
Tatsuhiro Tsujikawa 894c1bd02e Create idle stream on client side
With the presence of idle stream related API (e.g.,
nghttp2_create_idle_stream()), it is more predictable for client to
create idle streams with its dependency to another idle stream.
Previously, we didn't create complete parent idle stream in this case.
Now we create idle streams as we do on server side.
2015-12-25 00:10:37 +09:00
Tatsuhiro Tsujikawa 8122bc5aef Fix compile error with gcc ASAN enabled 2015-12-23 17:14:36 +09:00
Tatsuhiro Tsujikawa bd9a19e23b Add test for 92a56d034f 2015-12-23 17:10:33 +09:00
Tatsuhiro Tsujikawa 92a56d034f Fix bug that idle/closed stream may be destroyed while it is referenced 2015-12-23 16:38:30 +09:00
Tatsuhiro Tsujikawa dd93b29397 clang-format 2015-12-20 12:48:39 +09:00
Tatsuhiro Tsujikawa feae76fbc0 Remove unused commented lines 2015-12-18 22:44:08 +09:00
Tatsuhiro Tsujikawa 9f8fc7b2bb Strict error handling for frames which are not allowed after closed (remote)
This makes h2spec strict mode a bit happier.  We still one failing
test with h2spec -S (strict mode).
2015-12-17 21:31:20 +09:00
Tatsuhiro Tsujikawa ab93db2259 Add test when client sends push response to server 2015-12-11 00:18:27 +09:00
Tatsuhiro Tsujikawa 9c84f60ba0 Merge branch 'master' into simple-extensions 2015-12-04 23:48:40 +09:00
Tatsuhiro Tsujikawa 93d8636fb0 Keep incoming streams only at server side
We should only keep incoming closed streams because we only keep at
most max concurrent streams, which only applied to incoming streams.
2015-12-03 22:48:41 +09:00
Tatsuhiro Tsujikawa 2288ee8060 Create stream object for pushed resource during nghttp2_submit_push_promise()
Previously, stream object for pushed resource was not created during
nghttp2_submit_push_promise().  It was created just before
nghttp2_before_frame_send_callback was called for that PUSH_PROMISE
frame.  This means that application could not call
nghttp2_submit_response for the pushed resource before
nghttp2_before_frame_send_callback was called.  This could be solved
by callback chaining, but for web server with back pressure from
backend stream, it is a bit unnecessarily hard to use.

This commit changes nghttp2_submit_push_promise() behaviour so that
stream object is created during that call.  It makes application call
nghttp2_submit_response right after successful
nghttp2_submit_push_promise call.
2015-12-02 21:16:30 +09:00
Tatsuhiro Tsujikawa 12b2e0a2b3 Add nghttp2_session_create_idle_stream() API
See GH-436
2015-11-28 15:23:44 +09:00
Tatsuhiro Tsujikawa a70445e122 Retain stream in reserved state on client side
Application may use it using nghttp2_stream_* functions, and traverse
its dependency.
2015-11-27 22:54:55 +09:00
Tatsuhiro Tsujikawa f23e34fa3c Handle response in nghttp2_on_begin_frame_callback
Previously, nghttp2_session_end_request_headers_received assumes
stream is still writable (in other words, local endpoint has not sent
END_STREAM).  But this assumption is false, because application can
send response in nghttp2_on_begin_frame_callback.  Probably, this
assumption was made before the callback was introduced.  This commit
addresses this issue.  Since all
nghttp2_session_end_*_headers_received functions are identical, we
refactored them into one function.
2015-11-27 22:50:13 +09:00
Tatsuhiro Tsujikawa 3048bb9d90 Fix test: stream_id is not incremented 2015-11-25 22:18:54 +09:00
Tatsuhiro Tsujikawa b08d5b1975 Explicitly treat stream_id 0 as error in nghttp2_session_change_stream_priority 2015-11-24 22:34:36 +09:00
Tatsuhiro Tsujikawa b53b1381b7 Fix bug that nghttp2_session_find_stream(session, 0) returned NULL
Previously, nghttp2_session_find_stream(session, 0) returned NULL
despite the fact that documentation said that it should return root
stream.  Now it is corrected, and it returns root stream as
documented.
2015-11-24 22:30:12 +09:00
Tatsuhiro Tsujikawa d62bc26b62 Add test for nghttp2_session_change_stream_priority() 2015-11-23 19:48:51 +09:00
Tatsuhiro Tsujikawa d7b0768ab8 Fix bug that dep_stream->sum_dep_weight was not updated 2015-11-20 21:24:54 +09:00
Tatsuhiro Tsujikawa 83cc2511e3 Remove flags parameter from nghttp2_pack_extension_callback
It has no usecase at the moment.  It is most likely that applications
know the flags when it submitted extension frame, no need to modify it
later.  Possibly feature bloat.
2015-11-17 21:29:21 +09:00
Tatsuhiro Tsujikawa b918f9650a Don't send push response if GOAWAY has been received 2015-11-16 22:47:12 +09:00
Tatsuhiro Tsujikawa 7463493259 Use error code CANCEL to reset pushed reserved stream from remote 2015-11-16 22:20:27 +09:00
Tatsuhiro Tsujikawa eb4e402aae Merge branch 'master' into simple-extensions 2015-11-14 22:31:52 +09:00
Tatsuhiro Tsujikawa c6ef1c02b9 Switch to clang-format-3.6 2015-11-13 00:53:29 +09:00
Tatsuhiro Tsujikawa 269a100081 Add nghttp2_session_upgrade2(), deprecate nghttp2_session_upgrade()
To validate actual response body length against the value declared in
content-length response header field, we first check request method.
If request method is HEAD, respose body must be 0 regardless of the
value in content-length.  nghttp2_session_upgrade() has no parameter
to indicate the request method is HEAD, so we failed to validate
response body if HEAD is used with HTTP Upgrade.  New
nghttp2_session_upgrade2() accepts new parameter to indicate that
request method is HEAD or not to fix this issue.  Although, this issue
affects client side only, we deprecate nghttp2_session_upgrade() in
favor of nghttp2_session_upgrade2() for both client and server side.
2015-11-07 16:13:06 +09:00
Tatsuhiro Tsujikawa af4c3cb2cf Fix travis gcc build 2015-11-07 11:34:05 +09:00
Tatsuhiro Tsujikawa 5e7e479c6c Workaround HTTP upgrade with HEAD request
By default, we check the length of response body matches
content-length.  For HEAD request, this is not necessarily true, so we
sniff request method, and if it is HEAD, make sure that response body
length is 0.  But this does not work for HTTP Upgrade, since
nghttp2_session_upgrade() has no parameter to tell the request method
was HEAD.  This commit disables this response body length validation
for the stream upgraded by HTTP Upgrade.  We will add new version of
nghttp2_session_upgrade with the parameter to pass the request method
information so that we can handle this situation properly.
2015-11-07 10:56:40 +09:00
Tatsuhiro Tsujikawa 5d611d2e24 Merge branch 'master' into simple-extensions 2015-10-29 23:24:34 +09:00
Tatsuhiro Tsujikawa 25bf567cd7 Don't always expect dynamic table size update
The encoder is not required to send dynamic table size update if the
table size is not changed from the previous value after accepting new
maximum value.
2015-10-24 17:49:51 +09:00
Tatsuhiro Tsujikawa 061a557839 Add nghttp2_option_set_user_recv_extension_type to opt-in incoming extension type 2015-10-15 00:17:07 +09:00
Tatsuhiro Tsujikawa d9893d014c Add tests 2015-10-11 17:46:23 +09:00
Tatsuhiro Tsujikawa ba08948307 Merge branch 'master' of https://github.com/alagoutte/nghttp2 into alagoutte-master 2015-10-04 22:02:47 +09:00
Alexis La Goutte 81addc77b4 Add (and fix) -Wredundant-decls 2015-10-04 14:48:32 +02:00
Tatsuhiro Tsujikawa cea76226b1 Avoid excessive WINDOW_UPDATE queuing 2015-10-01 01:19:57 +09:00
Tatsuhiro Tsujikawa d22ced77c0 Return fatal error if flooding is detected to close session immediately
This change adds new return error code from nghttp2_session_mem_recv
and nghttp2_session_recv functions, namely NGHTTP2_ERR_FLOODED.  It is
fatal error, and is returned when flooding was detected.
2015-09-30 22:19:03 +09:00
Tatsuhiro Tsujikawa 0cb8c82125 Detect flooding and tear down session 2015-09-30 00:44:08 +09:00
Tatsuhiro Tsujikawa 93ba75b602 Fix bug that headers in CONTINUATION were ignored after HEADERS with padding 2015-09-25 22:28:03 +09:00
Tatsuhiro Tsujikawa 50ec17c4af Add more tests for handling padding in DATA frame 2015-09-23 18:26:18 +09:00
Tatsuhiro Tsujikawa 170f2a144a Fix warning with gcc 2015-09-23 18:26:02 +09:00
Tatsuhiro Tsujikawa 28fe3e7e89 More warning flags for --enable-werror 2015-09-23 16:49:45 +09:00
Tatsuhiro Tsujikawa 928a81885c Limit the number of incoming reserved (remote) streams
RFC 7540 does not enforce any limit on the number of incoming reserved
streams (in RFC 7540 terms, streams in reserved (remote) state).  This
only affects client side, since only server can push streams.
Malicious server can push arbitrary number of streams, and make
client's memory exhausted.  The new option,
nghttp2_set_max_reserved_remote_streams, can set the maximum number of
such incoming streams to avoid possible memory exhaustion.  If this
option is set, and pushed streams are automatically closed on
reception, without calling user provided callback, if they exceed the
given limit.  The default value is 200.  If session is configured as
server side, this option has no effect.  Server can control the number
of streams to push.
2015-08-23 21:43:41 +09:00
Tatsuhiro Tsujikawa 059280d1a5 Add stream public API
The intention of this stream API is give server application about
stream dependency information, so that it can utilize it for better
scheduling of stream processing.  We have no plan to add object
oriented API based on stream object.
2015-08-19 23:04:06 +09:00
Tatsuhiro Tsujikawa 5b59e46e2b Rewrite priority handling
We now use priority queue per stream, which contains the stream which
has ready to send a frame, or one of its descendants have a frame to
send.  We maintain invariant that if a stream is queued, then its
ancestors are also queued (except for root).  When we re-schedule
stream after transmission, we re-schedule all ancestors, so that
streams on the other path can get a chance to send.  This is basically
the same mechanism h2o project uses, but there are differences in the
details.
2015-08-17 22:35:50 +09:00
Tatsuhiro Tsujikawa d1e49a196d Remove restriction in regard to number of stream in dependency tree
Previously, the number of stream in one dependency tree (not including
root) is limited to 120.  This is due to the fact that we use
recursive calls to traverse trees.  Now we replaced recursive calls
with loop, we can remove this limitation.  Also now all streams are
descendant of root stream, rather than linked list of individual
subtree root.
2015-08-15 00:53:09 +09:00
Tatsuhiro Tsujikawa c941bff929 Fix compile error with gcc 2015-07-31 21:27:36 +09:00
Tatsuhiro Tsujikawa e66bd490a4 Fix crash if response or data is submitted to closing stream 2015-07-31 21:11:16 +09:00
Tatsuhiro Tsujikawa f6a8c8d078 Remove unused variable 2015-07-23 00:44:54 +09:00
Tatsuhiro Tsujikawa 7f71fed963 Allow multiple in-flight SETTINGS 2015-07-23 00:36:00 +09:00
Tatsuhiro Tsujikawa 764cd17316 Add test when nghttp2_http_on_data_chunk failed without auto flow control 2015-07-08 22:56:40 +09:00
Tatsuhiro Tsujikawa d6ca95a0c9 Fix sibling's item is not queued when ancestor's item is detached 2015-06-24 22:18:07 +09:00
Tatsuhiro Tsujikawa 1945d0f02a Fix assertion failure in nghttp2_stream.c
This is regression introduced in
46b70c1db8.
2015-06-23 23:04:53 +09:00
Tatsuhiro Tsujikawa a7031da364 Fix bug that idle self-depending PRIORITY is not handled gracefully
Previously, we did not handle PRIORITY frame which depends on itself
and for idle stream.  As a result, nghttp2_session_mem_recv (or
nghttp2_session_recv) returne NGHTTP2_ERR_NOMEM.  The error code was
still misleading.  It was not out of memory, and we failed to insert
hash map because of duplicated key, which was treated as out of
memory.  This commit fixes this issue, by explicitly checking
dependency for incoming PRIORITY for all cases.
2015-06-21 16:02:32 +09:00
Tatsuhiro Tsujikawa 46b70c1db8 Optimize dependency based priority code to Firefox style tree
While this commit optimizes dependency routine to Firefox style tree,
the other use cases (e.g., linear chain) are also improved
dramatically as well.
2015-06-20 22:11:24 +09:00
Tatsuhiro Tsujikawa b5717cd288 Fix bug that data are not consumed for connection in race condition
When we know that stream is closed at time we read DATA frame header,
we use NGHTTP2_IB_IGN_DATA, and consume data for connection if
nghttp2_option_set_no_auto_window_update() is used.  However, if
stream is closed while we are in NGHTTP2_IB_READ_DATA, those bytes are
not consumed for connection, nor notified to application via callback,
so it eventually fills up connection window and connection will
freeze.  This commit fixes this issue by consuming these data for
connection when stream is closed or does not exist.
2015-06-11 23:34:30 +09:00
Alexis La Goutte ddee5d3896 fix Value stored to 'rv' is never read found by Clang Analyzer 2015-05-15 18:11:59 +02:00
Tatsuhiro Tsujikawa 1ad1fe6005 Merge branch 'master' into v1.0.0 2015-04-28 22:48:34 +09:00
Tatsuhiro Tsujikawa 9e1b068a4b Fix bug that promised stream was not reset on decompression error 2015-04-28 21:38:52 +09:00
Tatsuhiro Tsujikawa c41f413978 Fix compile error with --enable-werror 2015-04-25 02:23:01 +09:00
Tatsuhiro Tsujikawa f2cf2b625c Replace priority queue with linear queue where possible
After reviewing codebase, only queue for DATA frames requires
priorities.  Other frames can be replaced multiple linear queues.
Replacing priority queue with linear queue allows us to simplify
codebase a bit; for example, now nghttp2_session.next_seq is gone.
2015-04-25 00:56:46 +09:00
Tatsuhiro Tsujikawa db4a68454a Merge branch 'master' into v1.0.0
Conflicts:
	lib/includes/nghttp2/nghttp2.h
2015-04-24 00:13:15 +09:00
Tatsuhiro Tsujikawa c925c32233 Fix bug that promised stream is not reset on temporal failure from on_header_callback 2015-04-23 23:57:39 +09:00
Tatsuhiro Tsujikawa 514558afc0 Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from nghttp2_on_begin_headers_callback
Since application most likely allocates the stream object in
nghttp2_on_begin_headers_callback, it is desirable to handle its
failure as stream error.  But previously it only signals success or
fatal error.  Submitting RST_STREAM does not prevent
nghttp2_on_header_callback from being invoked.  This commit improves
this situation by allowing NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_begin_headers_callback.  If that value is returned, library
submits RST_STREAM with error code INTERNAL_ERROR, and
nghttp2_on_header_callback and nghttp2_on_frame_recv_callback for that
frame are not invoked.  Note that for PUSH_PROMISE frame, the stream
to be reset is promised stream.
2015-04-23 23:43:30 +09:00
Tatsuhiro Tsujikawa 5937b4b6f7 Merge branch 'master' into v1.0.0 2015-04-19 23:13:38 +09:00
Tatsuhiro Tsujikawa 57644e0256 Effectively revert 03c4092862
This is not mandated by spec.  Also it may work badly with Firefox
style dependency tree usage.
2015-04-17 21:04:17 +09:00
Tatsuhiro Tsujikawa d0c27d5229 Send 24 bytes client magic byte string by library
Previously nghttp2_session_send() and nghttp2_session_mem_send() did
not send 24 bytes client magic byte string (MAGIC).  We made
nghttp2_session_recv() and nghttp2_session_mem_recv() process MAGIC by
default, so it is natural to make library send MAGIC as well.  This
commit makes nghttp2_session_send() and nghttp2_session_mem_send()
send MAGIC.  This commit also replace "connection preface" with
"client magic", since we call MAGIC as "connection preface" but it is
just a part of connection preface.  NGHTTP2_CLIENT_CONNECTION_PREFACE
macro was replaced with NGHTTP2_CLIENT_MAGIC.  The already deprecated
NGHTTP2_CLIENT_CONNECTION_HEADER macro was removed permanently.
nghttp2_option_set_no_recv_client_preface() was renamed as
nghttp2_option_set_no_recv_client_magic().  NGHTTP2_ERR_BAD_PREFACE
was renamed as NGHTTP2_ERR_BAD_CLIENT_MAGIC.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa ebf214c8fc nghttp2_on_invalid_frame_recv_callback should have lib_error_code as param
nghttp2_error_code is HTTP/2 standard error code and is too coarse to
know what's going on.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 250ea53e4b Deal with 24 bytes client connection preface by default
Since HTTP/2 spec requires for client to send connection preface, it
is reasonable to make this option enabled by default.  It is still a
use case to disable this, so replace this option with
nghttp2_option_set_no_recv_client_preface().
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 9eff511c5e Add nghttp2_send_data_callback to send DATA payload without copying
To avoid buffer copy in nghttp2_data_source_read_callback, this commit
introduces NGHTTP2_DATA_FLAG_NO_COPY and nghttp2_send_data_callback.
By using NGHTTP2_DATA_FLAG_NO_COPY in
nghttp2_data_source_read_callback, application can avoid to copy
application data to given buffer.  Instead, application has to
implement nghttp2_send_data_callback to send complete DATA frame by
itself.  We see noticeable performance increase in nghttpd and
tiny-nghttpd using this new feature.  On the other hand, nghttpx does
not show such difference, probably because buffer copy is not
bottleneck.  Using nghttp2_send_data_callback adds complexity, so it
is recommended to measure the performance to see whether this extra
complexity worth it.
2015-04-04 21:23:50 +09:00
Alexis La Goutte 5f05135d1b Fix some "Value stored to 'stream' is never read" found by Clang Analyzer 2015-04-01 13:03:22 +02:00
Tatsuhiro Tsujikawa ef913bc929 Validate :path header field
For "http" or "https" URIs, :path header field must start with "/".
The only exception is OPTIONS method, which can contain "*" to
represent system-wide OPTIONS request.
2015-03-21 23:03:37 +09:00
Tatsuhiro Tsujikawa 2f2a535113 Add a way to send trailer with nghttp2_submit_request/nghttp2_submit_response
nghttp2_submit_request and nghttp2_submit_response will set
NGHTTP2_FLAG_END_STREAM after all given data is sent (data could be
0).  This means we have no way to send trailers.  In this commit, we
added NGHTTP2_DATA_FLAG_NO_END_STREAM flag.  The application can set
this flag in *data_flags inside nghttp2_data_source_read_callback.  If
NGHTTP2_DATA_FLAG_EOF is set, library automatically set
NGHTTP2_FLAG_END_STREAM.  But if both NGHTTP2_DATA_FLAG_EOF and
NGHTTP2_DATA_FLAG_NO_END_STREAM are set, NGHTTP2_FLAG_END_STREAM will
not set by library.  Then application can use new
nghttp2_submit_trailer() to send trailers.  nghttp2_submit_trailer()
will set NGHTTP2_FLAG_END_STREAM and it is actually thing wrapper of
nghttp2_submit_headers().
2015-03-07 17:09:29 +09:00
Tatsuhiro Tsujikawa 505a300d93 Refuse PUSH_PROMISE while unacked local ENABLE_PUSH is 0
After we sent SETTINGS including ENABLE_PUSH = 0, peer may already
issue PUSH_PROMISE before receiving our SETTINGS and react it to
SETTINGS ACK.  Previously we accept this PUSH_PROMISE.  In this
commit, we check the pending ENABLE_PUSH value and if it means
disabling push, we refuse PUSH_PROMISE with RST_STREAM of error
REFUSED_STREAM.
2015-03-07 16:17:40 +09:00
Tatsuhiro Tsujikawa a2a9f15307 tests: Use nghttp2_mem instead of raw malloc()/free()
Fixes GH-170
2015-03-03 23:23:43 +09:00
Tatsuhiro Tsujikawa 05b8901d69 Call on_invalid_frame_recv_callback on bad HTTP messaging 2015-02-26 22:59:07 +09:00
Tatsuhiro Tsujikawa 814c7e68e0 Ignore regular headers if it includes illegal characters.
This commit only affects the library behaviour unless
nghttp2_option_set_no_http_messaging() is used.

We like strict validation against header field name and value against
RFC 7230, but we have already so much web sites and libraries in
public internet which do not obey these rules.  Simply just
terminating stream because of this may break web sites and it is too
disruptive.  So we decided that we should be conservative here so
those header fields containing illegal characters are just ignored.
But we are conservative only for regular headers.  We are strict for
pseudo headers since it is new to HTTP/2 and new implementations
should know the rules better.
2015-02-22 23:13:27 +09:00
Tatsuhiro Tsujikawa 6051ff63e0 tests: Fix compile error with gcc-4.7 2015-02-22 17:43:00 +09:00