/* * nghttp2 - HTTP/2 C Library * * Copyright (c) 2012 Tatsuhiro Tsujikawa * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #ifndef SHRPX_DOWNSTREAM_H #define SHRPX_DOWNSTREAM_H #include "shrpx.h" #include #include #include #include #include #include #include #include #ifdef ENABLE_HTTP3 # include #endif // ENABLE_HTTP3 #include "llhttp.h" #include "shrpx_io_control.h" #include "shrpx_log_config.h" #include "http2.h" #include "memchunk.h" #include "allocator.h" using namespace nghttp2; namespace shrpx { class Upstream; class DownstreamConnection; struct BlockedLink; struct DownstreamAddrGroup; struct DownstreamAddr; class FieldStore { public: FieldStore(BlockAllocator &balloc, size_t headers_initial_capacity) : content_length(-1), balloc_(balloc), buffer_size_(0), header_key_prev_(false), trailer_key_prev_(false) { headers_.reserve(headers_initial_capacity); } const HeaderRefs &headers() const { return headers_; } const HeaderRefs &trailers() const { return trailers_; } HeaderRefs &headers() { return headers_; } HeaderRefs &trailers() { return trailers_; } const void add_extra_buffer_size(size_t n) { buffer_size_ += n; } size_t buffer_size() const { return buffer_size_; } size_t num_fields() const { return headers_.size() + trailers_.size(); } // Returns pointer to the header field with the name |name|. If // multiple header have |name| as name, return last occurrence from // the beginning. If no such header is found, returns nullptr. const HeaderRefs::value_type *header(int32_t token) const; HeaderRefs::value_type *header(int32_t token); // Returns pointer to the header field with the name |name|. If no // such header is found, returns nullptr. const HeaderRefs::value_type *header(const StringRef &name) const; void add_header_token(const StringRef &name, const StringRef &value, bool no_index, int32_t token); // Adds header field name |name|. First, the copy of header field // name pointed by name.c_str() of length name.size() is made, and // stored. void alloc_add_header_name(const StringRef &name); void append_last_header_key(const char *data, size_t len); void append_last_header_value(const char *data, size_t len); bool header_key_prev() const { return header_key_prev_; } // Parses content-length, and records it in the field. If there are // multiple Content-Length, returns -1. int parse_content_length(); // Empties headers. void clear_headers(); void add_trailer_token(const StringRef &name, const StringRef &value, bool no_index, int32_t token); // Adds trailer field name |name|. First, the copy of trailer field // name pointed by name.c_str() of length name.size() is made, and // stored. void alloc_add_trailer_name(const StringRef &name); void append_last_trailer_key(const char *data, size_t len); void append_last_trailer_value(const char *data, size_t len); bool trailer_key_prev() const { return trailer_key_prev_; } // erase_content_length_and_transfer_encoding erases content-length // and transfer-encoding header fields. void erase_content_length_and_transfer_encoding(); // content-length, -1 if it is unknown. int64_t content_length; private: BlockAllocator &balloc_; HeaderRefs headers_; // trailer fields. For HTTP/1.1, trailer fields are only included // with chunked encoding. For HTTP/2, there is no such limit. HeaderRefs trailers_; // Sum of the length of name and value in headers_ and trailers_. // This could also be increased by add_extra_buffer_size() to take // into account for request URI in case of HTTP/1.x request. size_t buffer_size_; bool header_key_prev_; bool trailer_key_prev_; }; // Protocols allowed in HTTP/2 :protocol header field. enum class ConnectProto { NONE, WEBSOCKET, }; struct Request { Request(BlockAllocator &balloc) : fs(balloc, 16), recv_body_length(0), unconsumed_body_length(0), method(-1), http_major(1), http_minor(1), connect_proto(ConnectProto::NONE), upgrade_request(false), http2_upgrade_seen(false), connection_close(false), http2_expect_body(false), no_authority(false), forwarded_once(false) {} void consume(size_t len) { assert(unconsumed_body_length >= len); unconsumed_body_length -= len; } bool regular_connect_method() const { return method == HTTP_CONNECT && connect_proto == ConnectProto::NONE; } bool extended_connect_method() const { return connect_proto != ConnectProto::NONE; } FieldStore fs; // Timestamp when all request header fields are received. std::shared_ptr tstamp; // Request scheme. For HTTP/2, this is :scheme header field value. // For HTTP/1.1, this is deduced from URI or connection. StringRef scheme; // Request authority. This is HTTP/2 :authority header field value // or host header field value. We may deduce it from absolute-form // HTTP/1 request. We also store authority-form HTTP/1 request. // This could be empty if request comes from HTTP/1.0 without Host // header field and origin-form. StringRef authority; // Request path, including query component. For HTTP/1.1, this is // request-target. For HTTP/2, this is :path header field value. // For CONNECT request, this is empty. StringRef path; // This is original authority which cannot be changed by per-pattern // mruby script. StringRef orig_authority; // This is original path which cannot be changed by per-pattern // mruby script. StringRef orig_path; // the length of request body received so far int64_t recv_body_length; // The number of bytes not consumed by the application yet. size_t unconsumed_body_length; int method; // HTTP major and minor version int http_major, http_minor; // connect_proto specified in HTTP/2 :protocol pseudo header field // which enables extended CONNECT method. This field is also set if // WebSocket upgrade is requested in h1 frontend for convenience. ConnectProto connect_proto; // Returns true if the request is HTTP upgrade (HTTP Upgrade or // CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2 // Upgrade, check get_http2_upgrade_request(). bool upgrade_request; // true if h2c is seen in Upgrade header field. bool http2_upgrade_seen; bool connection_close; // true if this is HTTP/2, and request body is expected. Note that // we don't take into account HTTP method here. bool http2_expect_body; // true if request does not have any information about authority. // This happens when: For HTTP/2 request, :authority is missing. // For HTTP/1 request, origin or asterisk form is used. bool no_authority; // true if backend selection is done for request once. // orig_authority and orig_path have the authority and path which // are used for the first backend selection. bool forwarded_once; }; struct Response { Response(BlockAllocator &balloc) : fs(balloc, 32), recv_body_length(0), unconsumed_body_length(0), http_status(0), http_major(1), http_minor(1), connection_close(false), headers_only(false) {} void consume(size_t len) { assert(unconsumed_body_length >= len); unconsumed_body_length -= len; } // returns true if a resource denoted by scheme, authority, and path // has already been pushed. bool is_resource_pushed(const StringRef &scheme, const StringRef &authority, const StringRef &path) const { if (!pushed_resources) { return false; } return std::find(std::begin(*pushed_resources), std::end(*pushed_resources), std::make_tuple(scheme, authority, path)) != std::end(*pushed_resources); } // remember that a resource denoted by scheme, authority, and path // is pushed. void resource_pushed(const StringRef &scheme, const StringRef &authority, const StringRef &path) { if (!pushed_resources) { pushed_resources = std::make_unique< std::vector>>(); } pushed_resources->emplace_back(scheme, authority, path); } FieldStore fs; // array of the tuple of scheme, authority, and path of pushed // resource. This is required because RFC 8297 says that server // typically includes header fields appeared in non-final response // header fields in final response header fields. Without checking // that a particular resource has already been pushed, or not, we // end up pushing the same resource at least twice. It is unknown // that we should use more complex data structure (e.g., std::set) // to find the resources faster. std::unique_ptr>> pushed_resources; // the length of response body received so far int64_t recv_body_length; // The number of bytes not consumed by the application yet. This is // mainly for HTTP/2 backend. size_t unconsumed_body_length; // HTTP status code unsigned int http_status; int http_major, http_minor; bool connection_close; // true if response only consists of HEADERS, and it bears // END_STREAM. This is used to tell Http2Upstream that it can send // response with single HEADERS with END_STREAM flag only. bool headers_only; }; enum class DownstreamState { INITIAL, HEADER_COMPLETE, MSG_COMPLETE, STREAM_CLOSED, CONNECT_FAIL, MSG_RESET, // header contains invalid header field. We can safely send error // response (502) to a client. MSG_BAD_HEADER, // header fields in HTTP/1 request exceed the configuration limit. // This state is only transitioned from INITIAL state, and solely // used to signal 431 status code to the client. HTTP1_REQUEST_HEADER_TOO_LARGE, }; enum class DispatchState { NONE, PENDING, BLOCKED, ACTIVE, FAILURE, }; class Downstream { public: Downstream(Upstream *upstream, MemchunkPool *mcpool, int64_t stream_id); ~Downstream(); void reset_upstream(Upstream *upstream); Upstream *get_upstream() const; void set_stream_id(int64_t stream_id); int64_t get_stream_id() const; void set_assoc_stream_id(int64_t stream_id); int64_t get_assoc_stream_id() const; void pause_read(IOCtrlReason reason); int resume_read(IOCtrlReason reason, size_t consumed); void force_resume_read(); // Set stream ID for downstream HTTP2 connection. void set_downstream_stream_id(int64_t stream_id); int64_t get_downstream_stream_id() const; int attach_downstream_connection(std::unique_ptr dconn); void detach_downstream_connection(); DownstreamConnection *get_downstream_connection(); // Returns dconn_ and nullifies dconn_. std::unique_ptr pop_downstream_connection(); // Returns true if output buffer is full. If underlying dconn_ is // NULL, this function always returns false. bool request_buf_full(); // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in // h1 backend. This should not depend on inspect_http1_response(). void check_upgrade_fulfilled_http1(); // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in // h2 backend. void check_upgrade_fulfilled_http2(); // Returns true if the upgrade is succeeded as a result of the call // check_upgrade_fulfilled_http*(). HTTP/2 Upgrade is excluded. bool get_upgraded() const; // Inspects HTTP/2 request. void inspect_http2_request(); // Inspects HTTP/1 request. This checks whether the request is // upgrade request and tranfer-encoding etc. void inspect_http1_request(); // Returns true if the request is HTTP Upgrade for HTTP/2 bool get_http2_upgrade_request() const; // Returns the value of HTTP2-Settings request header field. StringRef get_http2_settings() const; // downstream request API const Request &request() const { return req_; } Request &request() { return req_; } // Count number of crumbled cookies size_t count_crumble_request_cookie(); // Crumbles (split cookie by ";") in request_headers_ and adds them // in |nva|. Headers::no_index is inherited. void crumble_request_cookie(std::vector &nva); // Assembles request cookies. The opposite operation against // crumble_request_cookie(). StringRef assemble_request_cookie(); void set_request_start_time(std::chrono::high_resolution_clock::time_point time); const std::chrono::high_resolution_clock::time_point & get_request_start_time() const; int push_request_headers(); bool get_chunked_request() const; void set_chunked_request(bool f); int push_upload_data_chunk(const uint8_t *data, size_t datalen); int end_upload_data(); // Validates that received request body length and content-length // matches. bool validate_request_recv_body_length() const; void set_request_downstream_host(const StringRef &host); bool expect_response_body() const; bool expect_response_trailer() const; void set_request_state(DownstreamState state); DownstreamState get_request_state() const; DefaultMemchunks *get_request_buf(); void set_request_pending(bool f); bool get_request_pending() const; void set_request_header_sent(bool f); bool get_request_header_sent() const; // Returns true if request is ready to be submitted to downstream. // When sending pending request, get_request_pending() should be // checked too because this function may return true when // get_request_pending() returns false. bool request_submission_ready() const; DefaultMemchunks *get_blocked_request_buf(); bool get_blocked_request_data_eof() const; void set_blocked_request_data_eof(bool f); // downstream response API const Response &response() const { return resp_; } Response &response() { return resp_; } // Rewrites the location response header field. void rewrite_location_response_header(const StringRef &upstream_scheme); bool get_chunked_response() const; void set_chunked_response(bool f); void set_response_state(DownstreamState state); DownstreamState get_response_state() const; DefaultMemchunks *get_response_buf(); bool response_buf_full(); // Validates that received response body length and content-length // matches. bool validate_response_recv_body_length() const; uint32_t get_response_rst_stream_error_code() const; void set_response_rst_stream_error_code(uint32_t error_code); // Inspects HTTP/1 response. This checks tranfer-encoding etc. void inspect_http1_response(); // Clears some of member variables for response. void reset_response(); // True if the response is non-final (1xx status code). Note that // if connection was upgraded, 101 status code is treated as final. bool get_non_final_response() const; // True if protocol version used by client supports non final // response. Only HTTP/1.1 and HTTP/2 clients support it. bool supports_non_final_response() const; void set_expect_final_response(bool f); bool get_expect_final_response() const; // Call this method when there is incoming data in downstream // connection. int on_read(); // Resets upstream read timer. If it is active, timeout value is // reset. If it is not active, timer will be started. void reset_upstream_rtimer(); // Resets upstream write timer. If it is active, timeout value is // reset. If it is not active, timer will be started. This // function also resets read timer if it has been started. void reset_upstream_wtimer(); // Makes sure that upstream write timer is started. If it has been // started, do nothing. Otherwise, write timer will be started. void ensure_upstream_wtimer(); // Disables upstream read timer. void disable_upstream_rtimer(); // Disables upstream write timer. void disable_upstream_wtimer(); // Downstream timer functions. They works in a similar way just // like the upstream timer function. void reset_downstream_rtimer(); void reset_downstream_wtimer(); void ensure_downstream_wtimer(); void disable_downstream_rtimer(); void disable_downstream_wtimer(); // Returns true if accesslog can be written for this downstream. bool accesslog_ready() const; // Increment retry count void add_retry(); // true if retry attempt should not be done. bool no_more_retry() const; DispatchState get_dispatch_state() const; void set_dispatch_state(DispatchState s); void attach_blocked_link(BlockedLink *l); BlockedLink *detach_blocked_link(); // Returns true if downstream_connection can be detached and reused. bool can_detach_downstream_connection() const; DefaultMemchunks pop_response_buf(); BlockAllocator &get_block_allocator(); void add_rcbuf(nghttp2_rcbuf *rcbuf); #ifdef ENABLE_HTTP3 void add_rcbuf(nghttp3_rcbuf *rcbuf); #endif // ENABLE_HTTP3 void set_downstream_addr_group(const std::shared_ptr &group); void set_addr(const DownstreamAddr *addr); const DownstreamAddr *get_addr() const; void set_accesslog_written(bool f); // Finds affinity cookie from request header fields. The name of // cookie is given in |name|. If an affinity cookie is found, it is // assigned to a member function, and is returned. If it is not // found, or is malformed, returns 0. uint32_t find_affinity_cookie(const StringRef &name); // Set |h| as affinity cookie. void renew_affinity_cookie(uint32_t h); // Returns affinity cookie to send. If it does not need to be sent, // for example, because the value is retrieved from a request header // field, returns 0. uint32_t get_affinity_cookie_to_send() const; void set_ws_key(const StringRef &key); bool get_expect_100_continue() const; bool get_stop_reading() const; void set_stop_reading(bool f); enum { EVENT_ERROR = 0x1, EVENT_TIMEOUT = 0x2, }; Downstream *dlnext, *dlprev; // the length of response body sent to upstream client int64_t response_sent_body_length; private: BlockAllocator balloc_; std::vector rcbufs_; #ifdef ENABLE_HTTP3 std::vector rcbufs3_; #endif // ENABLE_HTTP3 Request req_; Response resp_; std::chrono::high_resolution_clock::time_point request_start_time_; // host we requested to downstream. This is used to rewrite // location header field to decide the location should be rewritten // or not. StringRef request_downstream_host_; // Data arrived in frontend before sending header fields to backend // are stored in this buffer. DefaultMemchunks blocked_request_buf_; DefaultMemchunks request_buf_; DefaultMemchunks response_buf_; // The Sec-WebSocket-Key field sent to the peer. This field is used // if frontend uses RFC 8441 WebSocket bootstrapping via HTTP/2. StringRef ws_key_; ev_timer upstream_rtimer_; ev_timer upstream_wtimer_; ev_timer downstream_rtimer_; ev_timer downstream_wtimer_; Upstream *upstream_; std::unique_ptr dconn_; // only used by HTTP/2 upstream BlockedLink *blocked_link_; // The backend address used to fulfill this request. These are for // logging purpose. std::shared_ptr group_; const DownstreamAddr *addr_; // How many times we tried in backend connection size_t num_retry_; // The stream ID in frontend connection int64_t stream_id_; // The associated stream ID in frontend connection if this is pushed // stream. int64_t assoc_stream_id_; // stream ID in backend connection int64_t downstream_stream_id_; // RST_STREAM error_code from downstream HTTP2 connection uint32_t response_rst_stream_error_code_; // An affinity cookie value. uint32_t affinity_cookie_; // request state DownstreamState request_state_; // response state DownstreamState response_state_; // only used by HTTP/2 upstream DispatchState dispatch_state_; // true if the connection is upgraded (HTTP Upgrade or CONNECT), // excluding upgrade to HTTP/2. bool upgraded_; // true if backend request uses chunked transfer-encoding bool chunked_request_; // true if response to client uses chunked transfer-encoding bool chunked_response_; // true if we have not got final response code bool expect_final_response_; // true if downstream request is pending because backend connection // has not been established or should be checked before use; // currently used only with HTTP/2 connection. bool request_pending_; // true if downstream request header is considered to be sent. bool request_header_sent_; // true if access.log has been written. bool accesslog_written_; // true if affinity cookie is generated for this request. bool new_affinity_cookie_; // true if eof is received from client before sending header fields // to backend. bool blocked_request_data_eof_; // true if request contains "expect: 100-continue" header field. bool expect_100_continue_; bool stop_reading_; }; } // namespace shrpx #endif // SHRPX_DOWNSTREAM_H