| /* |
| * nghttp2 - HTTP/2 C Library |
| * |
| * Copyright (c) 2012 Tatsuhiro Tsujikawa |
| * |
| * Permission is hereby granted, free of charge, to any person obtaining |
| * a copy of this software and associated documentation files (the |
| * "Software"), to deal in the Software without restriction, including |
| * without limitation the rights to use, copy, modify, merge, publish, |
| * distribute, sublicense, and/or sell copies of the Software, and to |
| * permit persons to whom the Software is furnished to do so, subject to |
| * the following conditions: |
| * |
| * The above copyright notice and this permission notice shall be |
| * included in all copies or substantial portions of the Software. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
| * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
| * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| */ |
| #ifndef SHRPX_DOWNSTREAM_H |
| #define SHRPX_DOWNSTREAM_H |
| |
| #include "shrpx.h" |
| |
| #include <cinttypes> |
| #include <vector> |
| #include <string> |
| #include <memory> |
| #include <chrono> |
| #include <algorithm> |
| |
| #include <ev.h> |
| |
| #include <nghttp2/nghttp2.h> |
| |
| #ifdef ENABLE_HTTP3 |
| # include <nghttp3/nghttp3.h> |
| #endif // ENABLE_HTTP3 |
| |
| #include "llhttp.h" |
| |
| #include "shrpx_io_control.h" |
| #include "shrpx_log_config.h" |
| #include "http2.h" |
| #include "memchunk.h" |
| #include "allocator.h" |
| |
| using namespace nghttp2; |
| |
| namespace shrpx { |
| |
| class Upstream; |
| class DownstreamConnection; |
| struct BlockedLink; |
| struct DownstreamAddrGroup; |
| struct DownstreamAddr; |
| |
| class FieldStore { |
| public: |
| FieldStore(BlockAllocator &balloc, size_t headers_initial_capacity) |
| : content_length(-1), |
| balloc_(balloc), |
| buffer_size_(0), |
| header_key_prev_(false), |
| trailer_key_prev_(false) { |
| headers_.reserve(headers_initial_capacity); |
| } |
| |
| const HeaderRefs &headers() const { return headers_; } |
| const HeaderRefs &trailers() const { return trailers_; } |
| |
| HeaderRefs &headers() { return headers_; } |
| |
| const void add_extra_buffer_size(size_t n) { buffer_size_ += n; } |
| size_t buffer_size() const { return buffer_size_; } |
| |
| size_t num_fields() const { return headers_.size() + trailers_.size(); } |
| |
| // Returns pointer to the header field with the name |name|. If |
| // multiple header have |name| as name, return last occurrence from |
| // the beginning. If no such header is found, returns nullptr. |
| const HeaderRefs::value_type *header(int32_t token) const; |
| HeaderRefs::value_type *header(int32_t token); |
| // Returns pointer to the header field with the name |name|. If no |
| // such header is found, returns nullptr. |
| const HeaderRefs::value_type *header(const StringRef &name) const; |
| |
| void add_header_token(const StringRef &name, const StringRef &value, |
| bool no_index, int32_t token); |
| |
| // Adds header field name |name|. First, the copy of header field |
| // name pointed by name.c_str() of length name.size() is made, and |
| // stored. |
| void alloc_add_header_name(const StringRef &name); |
| |
| void append_last_header_key(const char *data, size_t len); |
| void append_last_header_value(const char *data, size_t len); |
| |
| bool header_key_prev() const { return header_key_prev_; } |
| |
| // Parses content-length, and records it in the field. If there are |
| // multiple Content-Length, returns -1. |
| int parse_content_length(); |
| |
| // Empties headers. |
| void clear_headers(); |
| |
| void add_trailer_token(const StringRef &name, const StringRef &value, |
| bool no_index, int32_t token); |
| |
| // Adds trailer field name |name|. First, the copy of trailer field |
| // name pointed by name.c_str() of length name.size() is made, and |
| // stored. |
| void alloc_add_trailer_name(const StringRef &name); |
| |
| void append_last_trailer_key(const char *data, size_t len); |
| void append_last_trailer_value(const char *data, size_t len); |
| |
| bool trailer_key_prev() const { return trailer_key_prev_; } |
| |
| // erase_content_length_and_transfer_encoding erases content-length |
| // and transfer-encoding header fields. |
| void erase_content_length_and_transfer_encoding(); |
| |
| // content-length, -1 if it is unknown. |
| int64_t content_length; |
| |
| private: |
| BlockAllocator &balloc_; |
| HeaderRefs headers_; |
| // trailer fields. For HTTP/1.1, trailer fields are only included |
| // with chunked encoding. For HTTP/2, there is no such limit. |
| HeaderRefs trailers_; |
| // Sum of the length of name and value in headers_ and trailers_. |
| // This could also be increased by add_extra_buffer_size() to take |
| // into account for request URI in case of HTTP/1.x request. |
| size_t buffer_size_; |
| bool header_key_prev_; |
| bool trailer_key_prev_; |
| }; |
| |
| // Protocols allowed in HTTP/2 :protocol header field. |
| enum class ConnectProto { |
| NONE, |
| WEBSOCKET, |
| }; |
| |
| struct Request { |
| Request(BlockAllocator &balloc) |
| : fs(balloc, 16), |
| recv_body_length(0), |
| unconsumed_body_length(0), |
| method(-1), |
| http_major(1), |
| http_minor(1), |
| connect_proto(ConnectProto::NONE), |
| upgrade_request(false), |
| http2_upgrade_seen(false), |
| connection_close(false), |
| http2_expect_body(false), |
| no_authority(false), |
| forwarded_once(false) {} |
| |
| void consume(size_t len) { |
| assert(unconsumed_body_length >= len); |
| unconsumed_body_length -= len; |
| } |
| |
| bool regular_connect_method() const { |
| return method == HTTP_CONNECT && connect_proto == ConnectProto::NONE; |
| } |
| |
| bool extended_connect_method() const { |
| return connect_proto != ConnectProto::NONE; |
| } |
| |
| FieldStore fs; |
| // Timestamp when all request header fields are received. |
| std::shared_ptr<Timestamp> tstamp; |
| // Request scheme. For HTTP/2, this is :scheme header field value. |
| // For HTTP/1.1, this is deduced from URI or connection. |
| StringRef scheme; |
| // Request authority. This is HTTP/2 :authority header field value |
| // or host header field value. We may deduce it from absolute-form |
| // HTTP/1 request. We also store authority-form HTTP/1 request. |
| // This could be empty if request comes from HTTP/1.0 without Host |
| // header field and origin-form. |
| StringRef authority; |
| // Request path, including query component. For HTTP/1.1, this is |
| // request-target. For HTTP/2, this is :path header field value. |
| // For CONNECT request, this is empty. |
| StringRef path; |
| // This is original authority which cannot be changed by per-pattern |
| // mruby script. |
| StringRef orig_authority; |
| // This is original path which cannot be changed by per-pattern |
| // mruby script. |
| StringRef orig_path; |
| // the length of request body received so far |
| int64_t recv_body_length; |
| // The number of bytes not consumed by the application yet. |
| size_t unconsumed_body_length; |
| int method; |
| // HTTP major and minor version |
| int http_major, http_minor; |
| // connect_proto specified in HTTP/2 :protocol pseudo header field |
| // which enables extended CONNECT method. This field is also set if |
| // WebSocket upgrade is requested in h1 frontend for convenience. |
| ConnectProto connect_proto; |
| // Returns true if the request is HTTP upgrade (HTTP Upgrade or |
| // CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2 |
| // Upgrade, check get_http2_upgrade_request(). |
| bool upgrade_request; |
| // true if h2c is seen in Upgrade header field. |
| bool http2_upgrade_seen; |
| bool connection_close; |
| // true if this is HTTP/2, and request body is expected. Note that |
| // we don't take into account HTTP method here. |
| bool http2_expect_body; |
| // true if request does not have any information about authority. |
| // This happens when: For HTTP/2 request, :authority is missing. |
| // For HTTP/1 request, origin or asterisk form is used. |
| bool no_authority; |
| // true if backend selection is done for request once. |
| // orig_authority and orig_path have the authority and path which |
| // are used for the first backend selection. |
| bool forwarded_once; |
| }; |
| |
| struct Response { |
| Response(BlockAllocator &balloc) |
| : fs(balloc, 32), |
| recv_body_length(0), |
| unconsumed_body_length(0), |
| http_status(0), |
| http_major(1), |
| http_minor(1), |
| connection_close(false), |
| headers_only(false) {} |
| |
| void consume(size_t len) { |
| assert(unconsumed_body_length >= len); |
| unconsumed_body_length -= len; |
| } |
| |
| // returns true if a resource denoted by scheme, authority, and path |
| // has already been pushed. |
| bool is_resource_pushed(const StringRef &scheme, const StringRef &authority, |
| const StringRef &path) const { |
| if (!pushed_resources) { |
| return false; |
| } |
| return std::find(std::begin(*pushed_resources), std::end(*pushed_resources), |
| std::make_tuple(scheme, authority, path)) != |
| std::end(*pushed_resources); |
| } |
| |
| // remember that a resource denoted by scheme, authority, and path |
| // is pushed. |
| void resource_pushed(const StringRef &scheme, const StringRef &authority, |
| const StringRef &path) { |
| if (!pushed_resources) { |
| pushed_resources = std::make_unique< |
| std::vector<std::tuple<StringRef, StringRef, StringRef>>>(); |
| } |
| pushed_resources->emplace_back(scheme, authority, path); |
| } |
| |
| FieldStore fs; |
| // array of the tuple of scheme, authority, and path of pushed |
| // resource. This is required because RFC 8297 says that server |
| // typically includes header fields appeared in non-final response |
| // header fields in final response header fields. Without checking |
| // that a particular resource has already been pushed, or not, we |
| // end up pushing the same resource at least twice. It is unknown |
| // that we should use more complex data structure (e.g., std::set) |
| // to find the resources faster. |
| std::unique_ptr<std::vector<std::tuple<StringRef, StringRef, StringRef>>> |
| pushed_resources; |
| // the length of response body received so far |
| int64_t recv_body_length; |
| // The number of bytes not consumed by the application yet. This is |
| // mainly for HTTP/2 backend. |
| size_t unconsumed_body_length; |
| // HTTP status code |
| unsigned int http_status; |
| int http_major, http_minor; |
| bool connection_close; |
| // true if response only consists of HEADERS, and it bears |
| // END_STREAM. This is used to tell Http2Upstream that it can send |
| // response with single HEADERS with END_STREAM flag only. |
| bool headers_only; |
| }; |
| |
| enum class DownstreamState { |
| INITIAL, |
| HEADER_COMPLETE, |
| MSG_COMPLETE, |
| STREAM_CLOSED, |
| CONNECT_FAIL, |
| MSG_RESET, |
| // header contains invalid header field. We can safely send error |
| // response (502) to a client. |
| MSG_BAD_HEADER, |
| // header fields in HTTP/1 request exceed the configuration limit. |
| // This state is only transitioned from INITIAL state, and solely |
| // used to signal 431 status code to the client. |
| HTTP1_REQUEST_HEADER_TOO_LARGE, |
| }; |
| |
| enum class DispatchState { |
| NONE, |
| PENDING, |
| BLOCKED, |
| ACTIVE, |
| FAILURE, |
| }; |
| |
| class Downstream { |
| public: |
| Downstream(Upstream *upstream, MemchunkPool *mcpool, int64_t stream_id); |
| ~Downstream(); |
| void reset_upstream(Upstream *upstream); |
| Upstream *get_upstream() const; |
| void set_stream_id(int64_t stream_id); |
| int64_t get_stream_id() const; |
| void set_assoc_stream_id(int64_t stream_id); |
| int64_t get_assoc_stream_id() const; |
| void pause_read(IOCtrlReason reason); |
| int resume_read(IOCtrlReason reason, size_t consumed); |
| void force_resume_read(); |
| // Set stream ID for downstream HTTP2 connection. |
| void set_downstream_stream_id(int64_t stream_id); |
| int64_t get_downstream_stream_id() const; |
| |
| int attach_downstream_connection(std::unique_ptr<DownstreamConnection> dconn); |
| void detach_downstream_connection(); |
| DownstreamConnection *get_downstream_connection(); |
| // Returns dconn_ and nullifies dconn_. |
| std::unique_ptr<DownstreamConnection> pop_downstream_connection(); |
| |
| // Returns true if output buffer is full. If underlying dconn_ is |
| // NULL, this function always returns false. |
| bool request_buf_full(); |
| // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in |
| // h1 backend. This should not depend on inspect_http1_response(). |
| void check_upgrade_fulfilled_http1(); |
| // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in |
| // h2 backend. |
| void check_upgrade_fulfilled_http2(); |
| // Returns true if the upgrade is succeeded as a result of the call |
| // check_upgrade_fulfilled_http*(). HTTP/2 Upgrade is excluded. |
| bool get_upgraded() const; |
| // Inspects HTTP/2 request. |
| void inspect_http2_request(); |
| // Inspects HTTP/1 request. This checks whether the request is |
| // upgrade request and tranfer-encoding etc. |
| void inspect_http1_request(); |
| // Returns true if the request is HTTP Upgrade for HTTP/2 |
| bool get_http2_upgrade_request() const; |
| // Returns the value of HTTP2-Settings request header field. |
| StringRef get_http2_settings() const; |
| |
| // downstream request API |
| const Request &request() const { return req_; } |
| Request &request() { return req_; } |
| |
| // Count number of crumbled cookies |
| size_t count_crumble_request_cookie(); |
| // Crumbles (split cookie by ";") in request_headers_ and adds them |
| // in |nva|. Headers::no_index is inherited. |
| void crumble_request_cookie(std::vector<nghttp2_nv> &nva); |
| // Assembles request cookies. The opposite operation against |
| // crumble_request_cookie(). |
| StringRef assemble_request_cookie(); |
| |
| void |
| set_request_start_time(std::chrono::high_resolution_clock::time_point time); |
| const std::chrono::high_resolution_clock::time_point & |
| get_request_start_time() const; |
| int push_request_headers(); |
| bool get_chunked_request() const; |
| void set_chunked_request(bool f); |
| int push_upload_data_chunk(const uint8_t *data, size_t datalen); |
| int end_upload_data(); |
| // Validates that received request body length and content-length |
| // matches. |
| bool validate_request_recv_body_length() const; |
| void set_request_downstream_host(const StringRef &host); |
| bool expect_response_body() const; |
| bool expect_response_trailer() const; |
| void set_request_state(DownstreamState state); |
| DownstreamState get_request_state() const; |
| DefaultMemchunks *get_request_buf(); |
| void set_request_pending(bool f); |
| bool get_request_pending() const; |
| void set_request_header_sent(bool f); |
| bool get_request_header_sent() const; |
| // Returns true if request is ready to be submitted to downstream. |
| // When sending pending request, get_request_pending() should be |
| // checked too because this function may return true when |
| // get_request_pending() returns false. |
| bool request_submission_ready() const; |
| |
| DefaultMemchunks *get_blocked_request_buf(); |
| bool get_blocked_request_data_eof() const; |
| void set_blocked_request_data_eof(bool f); |
| |
| // downstream response API |
| const Response &response() const { return resp_; } |
| Response &response() { return resp_; } |
| |
| // Rewrites the location response header field. |
| void rewrite_location_response_header(const StringRef &upstream_scheme); |
| |
| bool get_chunked_response() const; |
| void set_chunked_response(bool f); |
| |
| void set_response_state(DownstreamState state); |
| DownstreamState get_response_state() const; |
| DefaultMemchunks *get_response_buf(); |
| bool response_buf_full(); |
| // Validates that received response body length and content-length |
| // matches. |
| bool validate_response_recv_body_length() const; |
| uint32_t get_response_rst_stream_error_code() const; |
| void set_response_rst_stream_error_code(uint32_t error_code); |
| // Inspects HTTP/1 response. This checks tranfer-encoding etc. |
| void inspect_http1_response(); |
| // Clears some of member variables for response. |
| void reset_response(); |
| // True if the response is non-final (1xx status code). Note that |
| // if connection was upgraded, 101 status code is treated as final. |
| bool get_non_final_response() const; |
| // True if protocol version used by client supports non final |
| // response. Only HTTP/1.1 and HTTP/2 clients support it. |
| bool supports_non_final_response() const; |
| void set_expect_final_response(bool f); |
| bool get_expect_final_response() const; |
| |
| // Call this method when there is incoming data in downstream |
| // connection. |
| int on_read(); |
| |
| // Resets upstream read timer. If it is active, timeout value is |
| // reset. If it is not active, timer will be started. |
| void reset_upstream_rtimer(); |
| // Resets upstream write timer. If it is active, timeout value is |
| // reset. If it is not active, timer will be started. This |
| // function also resets read timer if it has been started. |
| void reset_upstream_wtimer(); |
| // Makes sure that upstream write timer is started. If it has been |
| // started, do nothing. Otherwise, write timer will be started. |
| void ensure_upstream_wtimer(); |
| // Disables upstream read timer. |
| void disable_upstream_rtimer(); |
| // Disables upstream write timer. |
| void disable_upstream_wtimer(); |
| |
| // Downstream timer functions. They works in a similar way just |
| // like the upstream timer function. |
| void reset_downstream_rtimer(); |
| void reset_downstream_wtimer(); |
| void ensure_downstream_wtimer(); |
| void disable_downstream_rtimer(); |
| void disable_downstream_wtimer(); |
| |
| // Returns true if accesslog can be written for this downstream. |
| bool accesslog_ready() const; |
| |
| // Increment retry count |
| void add_retry(); |
| // true if retry attempt should not be done. |
| bool no_more_retry() const; |
| |
| DispatchState get_dispatch_state() const; |
| void set_dispatch_state(DispatchState s); |
| |
| void attach_blocked_link(BlockedLink *l); |
| BlockedLink *detach_blocked_link(); |
| |
| // Returns true if downstream_connection can be detached and reused. |
| bool can_detach_downstream_connection() const; |
| |
| DefaultMemchunks pop_response_buf(); |
| |
| BlockAllocator &get_block_allocator(); |
| |
| void add_rcbuf(nghttp2_rcbuf *rcbuf); |
| #ifdef ENABLE_HTTP3 |
| void add_rcbuf(nghttp3_rcbuf *rcbuf); |
| #endif // ENABLE_HTTP3 |
| |
| void |
| set_downstream_addr_group(const std::shared_ptr<DownstreamAddrGroup> &group); |
| void set_addr(const DownstreamAddr *addr); |
| |
| const DownstreamAddr *get_addr() const; |
| |
| void set_accesslog_written(bool f); |
| |
| // Finds affinity cookie from request header fields. The name of |
| // cookie is given in |name|. If an affinity cookie is found, it is |
| // assigned to a member function, and is returned. If it is not |
| // found, or is malformed, returns 0. |
| uint32_t find_affinity_cookie(const StringRef &name); |
| // Set |h| as affinity cookie. |
| void renew_affinity_cookie(uint32_t h); |
| // Returns affinity cookie to send. If it does not need to be sent, |
| // for example, because the value is retrieved from a request header |
| // field, returns 0. |
| uint32_t get_affinity_cookie_to_send() const; |
| |
| void set_ws_key(const StringRef &key); |
| |
| bool get_expect_100_continue() const; |
| |
| bool get_stop_reading() const; |
| void set_stop_reading(bool f); |
| |
| enum { |
| EVENT_ERROR = 0x1, |
| EVENT_TIMEOUT = 0x2, |
| }; |
| |
| Downstream *dlnext, *dlprev; |
| |
| // the length of response body sent to upstream client |
| int64_t response_sent_body_length; |
| |
| private: |
| BlockAllocator balloc_; |
| |
| std::vector<nghttp2_rcbuf *> rcbufs_; |
| #ifdef ENABLE_HTTP3 |
| std::vector<nghttp3_rcbuf *> rcbufs3_; |
| #endif // ENABLE_HTTP3 |
| |
| Request req_; |
| Response resp_; |
| |
| std::chrono::high_resolution_clock::time_point request_start_time_; |
| |
| // host we requested to downstream. This is used to rewrite |
| // location header field to decide the location should be rewritten |
| // or not. |
| StringRef request_downstream_host_; |
| |
| // Data arrived in frontend before sending header fields to backend |
| // are stored in this buffer. |
| DefaultMemchunks blocked_request_buf_; |
| DefaultMemchunks request_buf_; |
| DefaultMemchunks response_buf_; |
| |
| // The Sec-WebSocket-Key field sent to the peer. This field is used |
| // if frontend uses RFC 8441 WebSocket bootstrapping via HTTP/2. |
| StringRef ws_key_; |
| |
| ev_timer upstream_rtimer_; |
| ev_timer upstream_wtimer_; |
| |
| ev_timer downstream_rtimer_; |
| ev_timer downstream_wtimer_; |
| |
| Upstream *upstream_; |
| std::unique_ptr<DownstreamConnection> dconn_; |
| |
| // only used by HTTP/2 upstream |
| BlockedLink *blocked_link_; |
| // The backend address used to fulfill this request. These are for |
| // logging purpose. |
| std::shared_ptr<DownstreamAddrGroup> group_; |
| const DownstreamAddr *addr_; |
| // How many times we tried in backend connection |
| size_t num_retry_; |
| // The stream ID in frontend connection |
| int64_t stream_id_; |
| // The associated stream ID in frontend connection if this is pushed |
| // stream. |
| int64_t assoc_stream_id_; |
| // stream ID in backend connection |
| int64_t downstream_stream_id_; |
| // RST_STREAM error_code from downstream HTTP2 connection |
| uint32_t response_rst_stream_error_code_; |
| // An affinity cookie value. |
| uint32_t affinity_cookie_; |
| // request state |
| DownstreamState request_state_; |
| // response state |
| DownstreamState response_state_; |
| // only used by HTTP/2 upstream |
| DispatchState dispatch_state_; |
| // true if the connection is upgraded (HTTP Upgrade or CONNECT), |
| // excluding upgrade to HTTP/2. |
| bool upgraded_; |
| // true if backend request uses chunked transfer-encoding |
| bool chunked_request_; |
| // true if response to client uses chunked transfer-encoding |
| bool chunked_response_; |
| // true if we have not got final response code |
| bool expect_final_response_; |
| // true if downstream request is pending because backend connection |
| // has not been established or should be checked before use; |
| // currently used only with HTTP/2 connection. |
| bool request_pending_; |
| // true if downstream request header is considered to be sent. |
| bool request_header_sent_; |
| // true if access.log has been written. |
| bool accesslog_written_; |
| // true if affinity cookie is generated for this request. |
| bool new_affinity_cookie_; |
| // true if eof is received from client before sending header fields |
| // to backend. |
| bool blocked_request_data_eof_; |
| // true if request contains "expect: 100-continue" header field. |
| bool expect_100_continue_; |
| bool stop_reading_; |
| }; |
| |
| } // namespace shrpx |
| |
| #endif // SHRPX_DOWNSTREAM_H |
