summaryrefslogtreecommitdiffstats
path: root/src/shrpx_downstream.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/shrpx_downstream.h628
1 files changed, 628 insertions, 0 deletions
diff --git a/src/shrpx_downstream.h b/src/shrpx_downstream.h
new file mode 100644
index 0000000..146cae5
--- /dev/null
+++ b/src/shrpx_downstream.h
@@ -0,0 +1,628 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2012 Tatsuhiro Tsujikawa
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef SHRPX_DOWNSTREAM_H
+#define SHRPX_DOWNSTREAM_H
+
+#include "shrpx.h"
+
+#include <cinttypes>
+#include <vector>
+#include <string>
+#include <memory>
+#include <chrono>
+#include <algorithm>
+
+#include <ev.h>
+
+#include <nghttp2/nghttp2.h>
+
+#ifdef ENABLE_HTTP3
+# include <nghttp3/nghttp3.h>
+#endif // ENABLE_HTTP3
+
+#include "llhttp.h"
+
+#include "shrpx_io_control.h"
+#include "shrpx_log_config.h"
+#include "http2.h"
+#include "memchunk.h"
+#include "allocator.h"
+
+using namespace nghttp2;
+
+namespace shrpx {
+
+class Upstream;
+class DownstreamConnection;
+struct BlockedLink;
+struct DownstreamAddrGroup;
+struct DownstreamAddr;
+
+class FieldStore {
+public:
+ FieldStore(BlockAllocator &balloc, size_t headers_initial_capacity)
+ : content_length(-1),
+ balloc_(balloc),
+ buffer_size_(0),
+ header_key_prev_(false),
+ trailer_key_prev_(false) {
+ headers_.reserve(headers_initial_capacity);
+ }
+
+ const HeaderRefs &headers() const { return headers_; }
+ const HeaderRefs &trailers() const { return trailers_; }
+
+ HeaderRefs &headers() { return headers_; }
+ HeaderRefs &trailers() { return trailers_; }
+
+ const void add_extra_buffer_size(size_t n) { buffer_size_ += n; }
+ size_t buffer_size() const { return buffer_size_; }
+
+ size_t num_fields() const { return headers_.size() + trailers_.size(); }
+
+ // Returns pointer to the header field with the name |name|. If
+ // multiple header have |name| as name, return last occurrence from
+ // the beginning. If no such header is found, returns nullptr.
+ const HeaderRefs::value_type *header(int32_t token) const;
+ HeaderRefs::value_type *header(int32_t token);
+ // Returns pointer to the header field with the name |name|. If no
+ // such header is found, returns nullptr.
+ const HeaderRefs::value_type *header(const StringRef &name) const;
+
+ void add_header_token(const StringRef &name, const StringRef &value,
+ bool no_index, int32_t token);
+
+ // Adds header field name |name|. First, the copy of header field
+ // name pointed by name.c_str() of length name.size() is made, and
+ // stored.
+ void alloc_add_header_name(const StringRef &name);
+
+ void append_last_header_key(const char *data, size_t len);
+ void append_last_header_value(const char *data, size_t len);
+
+ bool header_key_prev() const { return header_key_prev_; }
+
+ // Parses content-length, and records it in the field. If there are
+ // multiple Content-Length, returns -1.
+ int parse_content_length();
+
+ // Empties headers.
+ void clear_headers();
+
+ void add_trailer_token(const StringRef &name, const StringRef &value,
+ bool no_index, int32_t token);
+
+ // Adds trailer field name |name|. First, the copy of trailer field
+ // name pointed by name.c_str() of length name.size() is made, and
+ // stored.
+ void alloc_add_trailer_name(const StringRef &name);
+
+ void append_last_trailer_key(const char *data, size_t len);
+ void append_last_trailer_value(const char *data, size_t len);
+
+ bool trailer_key_prev() const { return trailer_key_prev_; }
+
+ // erase_content_length_and_transfer_encoding erases content-length
+ // and transfer-encoding header fields.
+ void erase_content_length_and_transfer_encoding();
+
+ // content-length, -1 if it is unknown.
+ int64_t content_length;
+
+private:
+ BlockAllocator &balloc_;
+ HeaderRefs headers_;
+ // trailer fields. For HTTP/1.1, trailer fields are only included
+ // with chunked encoding. For HTTP/2, there is no such limit.
+ HeaderRefs trailers_;
+ // Sum of the length of name and value in headers_ and trailers_.
+ // This could also be increased by add_extra_buffer_size() to take
+ // into account for request URI in case of HTTP/1.x request.
+ size_t buffer_size_;
+ bool header_key_prev_;
+ bool trailer_key_prev_;
+};
+
+// Protocols allowed in HTTP/2 :protocol header field.
+enum class ConnectProto {
+ NONE,
+ WEBSOCKET,
+};
+
+struct Request {
+ Request(BlockAllocator &balloc)
+ : fs(balloc, 16),
+ recv_body_length(0),
+ unconsumed_body_length(0),
+ method(-1),
+ http_major(1),
+ http_minor(1),
+ connect_proto(ConnectProto::NONE),
+ upgrade_request(false),
+ http2_upgrade_seen(false),
+ connection_close(false),
+ http2_expect_body(false),
+ no_authority(false),
+ forwarded_once(false) {}
+
+ void consume(size_t len) {
+ assert(unconsumed_body_length >= len);
+ unconsumed_body_length -= len;
+ }
+
+ bool regular_connect_method() const {
+ return method == HTTP_CONNECT && connect_proto == ConnectProto::NONE;
+ }
+
+ bool extended_connect_method() const {
+ return connect_proto != ConnectProto::NONE;
+ }
+
+ FieldStore fs;
+ // Timestamp when all request header fields are received.
+ std::shared_ptr<Timestamp> tstamp;
+ // Request scheme. For HTTP/2, this is :scheme header field value.
+ // For HTTP/1.1, this is deduced from URI or connection.
+ StringRef scheme;
+ // Request authority. This is HTTP/2 :authority header field value
+ // or host header field value. We may deduce it from absolute-form
+ // HTTP/1 request. We also store authority-form HTTP/1 request.
+ // This could be empty if request comes from HTTP/1.0 without Host
+ // header field and origin-form.
+ StringRef authority;
+ // Request path, including query component. For HTTP/1.1, this is
+ // request-target. For HTTP/2, this is :path header field value.
+ // For CONNECT request, this is empty.
+ StringRef path;
+ // This is original authority which cannot be changed by per-pattern
+ // mruby script.
+ StringRef orig_authority;
+ // This is original path which cannot be changed by per-pattern
+ // mruby script.
+ StringRef orig_path;
+ // the length of request body received so far
+ int64_t recv_body_length;
+ // The number of bytes not consumed by the application yet.
+ size_t unconsumed_body_length;
+ int method;
+ // HTTP major and minor version
+ int http_major, http_minor;
+ // connect_proto specified in HTTP/2 :protocol pseudo header field
+ // which enables extended CONNECT method. This field is also set if
+ // WebSocket upgrade is requested in h1 frontend for convenience.
+ ConnectProto connect_proto;
+ // Returns true if the request is HTTP upgrade (HTTP Upgrade or
+ // CONNECT method). Upgrade to HTTP/2 is excluded. For HTTP/2
+ // Upgrade, check get_http2_upgrade_request().
+ bool upgrade_request;
+ // true if h2c is seen in Upgrade header field.
+ bool http2_upgrade_seen;
+ bool connection_close;
+ // true if this is HTTP/2, and request body is expected. Note that
+ // we don't take into account HTTP method here.
+ bool http2_expect_body;
+ // true if request does not have any information about authority.
+ // This happens when: For HTTP/2 request, :authority is missing.
+ // For HTTP/1 request, origin or asterisk form is used.
+ bool no_authority;
+ // true if backend selection is done for request once.
+ // orig_authority and orig_path have the authority and path which
+ // are used for the first backend selection.
+ bool forwarded_once;
+};
+
+struct Response {
+ Response(BlockAllocator &balloc)
+ : fs(balloc, 32),
+ recv_body_length(0),
+ unconsumed_body_length(0),
+ http_status(0),
+ http_major(1),
+ http_minor(1),
+ connection_close(false),
+ headers_only(false) {}
+
+ void consume(size_t len) {
+ assert(unconsumed_body_length >= len);
+ unconsumed_body_length -= len;
+ }
+
+ // returns true if a resource denoted by scheme, authority, and path
+ // has already been pushed.
+ bool is_resource_pushed(const StringRef &scheme, const StringRef &authority,
+ const StringRef &path) const {
+ if (!pushed_resources) {
+ return false;
+ }
+ return std::find(std::begin(*pushed_resources), std::end(*pushed_resources),
+ std::make_tuple(scheme, authority, path)) !=
+ std::end(*pushed_resources);
+ }
+
+ // remember that a resource denoted by scheme, authority, and path
+ // is pushed.
+ void resource_pushed(const StringRef &scheme, const StringRef &authority,
+ const StringRef &path) {
+ if (!pushed_resources) {
+ pushed_resources = std::make_unique<
+ std::vector<std::tuple<StringRef, StringRef, StringRef>>>();
+ }
+ pushed_resources->emplace_back(scheme, authority, path);
+ }
+
+ FieldStore fs;
+ // array of the tuple of scheme, authority, and path of pushed
+ // resource. This is required because RFC 8297 says that server
+ // typically includes header fields appeared in non-final response
+ // header fields in final response header fields. Without checking
+ // that a particular resource has already been pushed, or not, we
+ // end up pushing the same resource at least twice. It is unknown
+ // that we should use more complex data structure (e.g., std::set)
+ // to find the resources faster.
+ std::unique_ptr<std::vector<std::tuple<StringRef, StringRef, StringRef>>>
+ pushed_resources;
+ // the length of response body received so far
+ int64_t recv_body_length;
+ // The number of bytes not consumed by the application yet. This is
+ // mainly for HTTP/2 backend.
+ size_t unconsumed_body_length;
+ // HTTP status code
+ unsigned int http_status;
+ int http_major, http_minor;
+ bool connection_close;
+ // true if response only consists of HEADERS, and it bears
+ // END_STREAM. This is used to tell Http2Upstream that it can send
+ // response with single HEADERS with END_STREAM flag only.
+ bool headers_only;
+};
+
+enum class DownstreamState {
+ INITIAL,
+ HEADER_COMPLETE,
+ MSG_COMPLETE,
+ STREAM_CLOSED,
+ CONNECT_FAIL,
+ MSG_RESET,
+ // header contains invalid header field. We can safely send error
+ // response (502) to a client.
+ MSG_BAD_HEADER,
+ // header fields in HTTP/1 request exceed the configuration limit.
+ // This state is only transitioned from INITIAL state, and solely
+ // used to signal 431 status code to the client.
+ HTTP1_REQUEST_HEADER_TOO_LARGE,
+};
+
+enum class DispatchState {
+ NONE,
+ PENDING,
+ BLOCKED,
+ ACTIVE,
+ FAILURE,
+};
+
+class Downstream {
+public:
+ Downstream(Upstream *upstream, MemchunkPool *mcpool, int64_t stream_id);
+ ~Downstream();
+ void reset_upstream(Upstream *upstream);
+ Upstream *get_upstream() const;
+ void set_stream_id(int64_t stream_id);
+ int64_t get_stream_id() const;
+ void set_assoc_stream_id(int64_t stream_id);
+ int64_t get_assoc_stream_id() const;
+ void pause_read(IOCtrlReason reason);
+ int resume_read(IOCtrlReason reason, size_t consumed);
+ void force_resume_read();
+ // Set stream ID for downstream HTTP2 connection.
+ void set_downstream_stream_id(int64_t stream_id);
+ int64_t get_downstream_stream_id() const;
+
+ int attach_downstream_connection(std::unique_ptr<DownstreamConnection> dconn);
+ void detach_downstream_connection();
+ DownstreamConnection *get_downstream_connection();
+ // Returns dconn_ and nullifies dconn_.
+ std::unique_ptr<DownstreamConnection> pop_downstream_connection();
+
+ // Returns true if output buffer is full. If underlying dconn_ is
+ // NULL, this function always returns false.
+ bool request_buf_full();
+ // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in
+ // h1 backend. This should not depend on inspect_http1_response().
+ void check_upgrade_fulfilled_http1();
+ // Returns true if upgrade (HTTP Upgrade or CONNECT) is succeeded in
+ // h2 backend.
+ void check_upgrade_fulfilled_http2();
+ // Returns true if the upgrade is succeeded as a result of the call
+ // check_upgrade_fulfilled_http*(). HTTP/2 Upgrade is excluded.
+ bool get_upgraded() const;
+ // Inspects HTTP/2 request.
+ void inspect_http2_request();
+ // Inspects HTTP/1 request. This checks whether the request is
+ // upgrade request and tranfer-encoding etc.
+ void inspect_http1_request();
+ // Returns true if the request is HTTP Upgrade for HTTP/2
+ bool get_http2_upgrade_request() const;
+ // Returns the value of HTTP2-Settings request header field.
+ StringRef get_http2_settings() const;
+
+ // downstream request API
+ const Request &request() const { return req_; }
+ Request &request() { return req_; }
+
+ // Count number of crumbled cookies
+ size_t count_crumble_request_cookie();
+ // Crumbles (split cookie by ";") in request_headers_ and adds them
+ // in |nva|. Headers::no_index is inherited.
+ void crumble_request_cookie(std::vector<nghttp2_nv> &nva);
+ // Assembles request cookies. The opposite operation against
+ // crumble_request_cookie().
+ StringRef assemble_request_cookie();
+
+ void
+ set_request_start_time(std::chrono::high_resolution_clock::time_point time);
+ const std::chrono::high_resolution_clock::time_point &
+ get_request_start_time() const;
+ int push_request_headers();
+ bool get_chunked_request() const;
+ void set_chunked_request(bool f);
+ int push_upload_data_chunk(const uint8_t *data, size_t datalen);
+ int end_upload_data();
+ // Validates that received request body length and content-length
+ // matches.
+ bool validate_request_recv_body_length() const;
+ void set_request_downstream_host(const StringRef &host);
+ bool expect_response_body() const;
+ bool expect_response_trailer() const;
+ void set_request_state(DownstreamState state);
+ DownstreamState get_request_state() const;
+ DefaultMemchunks *get_request_buf();
+ void set_request_pending(bool f);
+ bool get_request_pending() const;
+ void set_request_header_sent(bool f);
+ bool get_request_header_sent() const;
+ // Returns true if request is ready to be submitted to downstream.
+ // When sending pending request, get_request_pending() should be
+ // checked too because this function may return true when
+ // get_request_pending() returns false.
+ bool request_submission_ready() const;
+
+ DefaultMemchunks *get_blocked_request_buf();
+ bool get_blocked_request_data_eof() const;
+ void set_blocked_request_data_eof(bool f);
+
+ // downstream response API
+ const Response &response() const { return resp_; }
+ Response &response() { return resp_; }
+
+ // Rewrites the location response header field.
+ void rewrite_location_response_header(const StringRef &upstream_scheme);
+
+ bool get_chunked_response() const;
+ void set_chunked_response(bool f);
+
+ void set_response_state(DownstreamState state);
+ DownstreamState get_response_state() const;
+ DefaultMemchunks *get_response_buf();
+ bool response_buf_full();
+ // Validates that received response body length and content-length
+ // matches.
+ bool validate_response_recv_body_length() const;
+ uint32_t get_response_rst_stream_error_code() const;
+ void set_response_rst_stream_error_code(uint32_t error_code);
+ // Inspects HTTP/1 response. This checks tranfer-encoding etc.
+ void inspect_http1_response();
+ // Clears some of member variables for response.
+ void reset_response();
+ // True if the response is non-final (1xx status code). Note that
+ // if connection was upgraded, 101 status code is treated as final.
+ bool get_non_final_response() const;
+ // True if protocol version used by client supports non final
+ // response. Only HTTP/1.1 and HTTP/2 clients support it.
+ bool supports_non_final_response() const;
+ void set_expect_final_response(bool f);
+ bool get_expect_final_response() const;
+
+ // Call this method when there is incoming data in downstream
+ // connection.
+ int on_read();
+
+ // Resets upstream read timer. If it is active, timeout value is
+ // reset. If it is not active, timer will be started.
+ void reset_upstream_rtimer();
+ // Resets upstream write timer. If it is active, timeout value is
+ // reset. If it is not active, timer will be started. This
+ // function also resets read timer if it has been started.
+ void reset_upstream_wtimer();
+ // Makes sure that upstream write timer is started. If it has been
+ // started, do nothing. Otherwise, write timer will be started.
+ void ensure_upstream_wtimer();
+ // Disables upstream read timer.
+ void disable_upstream_rtimer();
+ // Disables upstream write timer.
+ void disable_upstream_wtimer();
+
+ // Downstream timer functions. They works in a similar way just
+ // like the upstream timer function.
+ void reset_downstream_rtimer();
+ void reset_downstream_wtimer();
+ void ensure_downstream_wtimer();
+ void disable_downstream_rtimer();
+ void disable_downstream_wtimer();
+
+ // Returns true if accesslog can be written for this downstream.
+ bool accesslog_ready() const;
+
+ // Increment retry count
+ void add_retry();
+ // true if retry attempt should not be done.
+ bool no_more_retry() const;
+
+ DispatchState get_dispatch_state() const;
+ void set_dispatch_state(DispatchState s);
+
+ void attach_blocked_link(BlockedLink *l);
+ BlockedLink *detach_blocked_link();
+
+ // Returns true if downstream_connection can be detached and reused.
+ bool can_detach_downstream_connection() const;
+
+ DefaultMemchunks pop_response_buf();
+
+ BlockAllocator &get_block_allocator();
+
+ void add_rcbuf(nghttp2_rcbuf *rcbuf);
+#ifdef ENABLE_HTTP3
+ void add_rcbuf(nghttp3_rcbuf *rcbuf);
+#endif // ENABLE_HTTP3
+
+ void
+ set_downstream_addr_group(const std::shared_ptr<DownstreamAddrGroup> &group);
+ void set_addr(const DownstreamAddr *addr);
+
+ const DownstreamAddr *get_addr() const;
+
+ void set_accesslog_written(bool f);
+
+ // Finds affinity cookie from request header fields. The name of
+ // cookie is given in |name|. If an affinity cookie is found, it is
+ // assigned to a member function, and is returned. If it is not
+ // found, or is malformed, returns 0.
+ uint32_t find_affinity_cookie(const StringRef &name);
+ // Set |h| as affinity cookie.
+ void renew_affinity_cookie(uint32_t h);
+ // Returns affinity cookie to send. If it does not need to be sent,
+ // for example, because the value is retrieved from a request header
+ // field, returns 0.
+ uint32_t get_affinity_cookie_to_send() const;
+
+ void set_ws_key(const StringRef &key);
+
+ bool get_expect_100_continue() const;
+
+ bool get_stop_reading() const;
+ void set_stop_reading(bool f);
+
+ enum {
+ EVENT_ERROR = 0x1,
+ EVENT_TIMEOUT = 0x2,
+ };
+
+ Downstream *dlnext, *dlprev;
+
+ // the length of response body sent to upstream client
+ int64_t response_sent_body_length;
+
+private:
+ BlockAllocator balloc_;
+
+ std::vector<nghttp2_rcbuf *> rcbufs_;
+#ifdef ENABLE_HTTP3
+ std::vector<nghttp3_rcbuf *> rcbufs3_;
+#endif // ENABLE_HTTP3
+
+ Request req_;
+ Response resp_;
+
+ std::chrono::high_resolution_clock::time_point request_start_time_;
+
+ // host we requested to downstream. This is used to rewrite
+ // location header field to decide the location should be rewritten
+ // or not.
+ StringRef request_downstream_host_;
+
+ // Data arrived in frontend before sending header fields to backend
+ // are stored in this buffer.
+ DefaultMemchunks blocked_request_buf_;
+ DefaultMemchunks request_buf_;
+ DefaultMemchunks response_buf_;
+
+ // The Sec-WebSocket-Key field sent to the peer. This field is used
+ // if frontend uses RFC 8441 WebSocket bootstrapping via HTTP/2.
+ StringRef ws_key_;
+
+ ev_timer upstream_rtimer_;
+ ev_timer upstream_wtimer_;
+
+ ev_timer downstream_rtimer_;
+ ev_timer downstream_wtimer_;
+
+ Upstream *upstream_;
+ std::unique_ptr<DownstreamConnection> dconn_;
+
+ // only used by HTTP/2 upstream
+ BlockedLink *blocked_link_;
+ // The backend address used to fulfill this request. These are for
+ // logging purpose.
+ std::shared_ptr<DownstreamAddrGroup> group_;
+ const DownstreamAddr *addr_;
+ // How many times we tried in backend connection
+ size_t num_retry_;
+ // The stream ID in frontend connection
+ int64_t stream_id_;
+ // The associated stream ID in frontend connection if this is pushed
+ // stream.
+ int64_t assoc_stream_id_;
+ // stream ID in backend connection
+ int64_t downstream_stream_id_;
+ // RST_STREAM error_code from downstream HTTP2 connection
+ uint32_t response_rst_stream_error_code_;
+ // An affinity cookie value.
+ uint32_t affinity_cookie_;
+ // request state
+ DownstreamState request_state_;
+ // response state
+ DownstreamState response_state_;
+ // only used by HTTP/2 upstream
+ DispatchState dispatch_state_;
+ // true if the connection is upgraded (HTTP Upgrade or CONNECT),
+ // excluding upgrade to HTTP/2.
+ bool upgraded_;
+ // true if backend request uses chunked transfer-encoding
+ bool chunked_request_;
+ // true if response to client uses chunked transfer-encoding
+ bool chunked_response_;
+ // true if we have not got final response code
+ bool expect_final_response_;
+ // true if downstream request is pending because backend connection
+ // has not been established or should be checked before use;
+ // currently used only with HTTP/2 connection.
+ bool request_pending_;
+ // true if downstream request header is considered to be sent.
+ bool request_header_sent_;
+ // true if access.log has been written.
+ bool accesslog_written_;
+ // true if affinity cookie is generated for this request.
+ bool new_affinity_cookie_;
+ // true if eof is received from client before sending header fields
+ // to backend.
+ bool blocked_request_data_eof_;
+ // true if request contains "expect: 100-continue" header field.
+ bool expect_100_continue_;
+ bool stop_reading_;
+};
+
+} // namespace shrpx
+
+#endif // SHRPX_DOWNSTREAM_H