2 * nghttp2 - HTTP/2 C Library
4 * Copyright (c) 2012 Tatsuhiro Tsujikawa
6 * Permission is hereby granted, free of charge, to any person obtaining
7 * a copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to
11 * permit persons to whom the Software is furnished to do so, subject to
12 * the following conditions:
14 * The above copyright notice and this permission notice shall be
15 * included in all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 #include "shrpx_client_handler.h"
29 #endif // HAVE_UNISTD_H
32 #include "shrpx_upstream.h"
33 #include "shrpx_http2_upstream.h"
34 #include "shrpx_https_upstream.h"
35 #include "shrpx_config.h"
36 #include "shrpx_http_downstream_connection.h"
37 #include "shrpx_http2_downstream_connection.h"
38 #include "shrpx_ssl.h"
39 #include "shrpx_worker.h"
40 #include "shrpx_downstream_connection_pool.h"
41 #include "shrpx_downstream.h"
43 #include "shrpx_spdy_upstream.h"
44 #endif // HAVE_SPDYLAY
48 using namespace nghttp2;
53 void timeoutcb(struct ev_loop *loop, ev_timer *w, int revents) {
54 auto conn = static_cast<Connection *>(w->data);
55 auto handler = static_cast<ClientHandler *>(conn->data);
57 if (LOG_ENABLED(INFO)) {
58 CLOG(INFO, handler) << "Time out";
66 void shutdowncb(struct ev_loop *loop, ev_timer *w, int revents) {
67 auto handler = static_cast<ClientHandler *>(w->data);
69 if (LOG_ENABLED(INFO)) {
70 CLOG(INFO, handler) << "Close connection due to TLS renegotiation";
78 void readcb(struct ev_loop *loop, ev_io *w, int revents) {
79 auto conn = static_cast<Connection *>(w->data);
80 auto handler = static_cast<ClientHandler *>(conn->data);
82 if (handler->do_read() != 0) {
86 if (handler->do_write() != 0) {
94 void writecb(struct ev_loop *loop, ev_io *w, int revents) {
95 auto conn = static_cast<Connection *>(w->data);
96 auto handler = static_cast<ClientHandler *>(conn->data);
98 if (handler->do_write() != 0) {
105 int ClientHandler::read_clear() {
106 ev_timer_again(conn_.loop, &conn_.rt);
109 if (rb_.rleft() && on_read() != 0) {
112 if (rb_.rleft() == 0) {
114 } else if (rb_.wleft() == 0) {
115 conn_.rlimit.stopw();
119 auto nread = conn_.read_clear(rb_.last, rb_.wleft());
133 int ClientHandler::write_clear() {
134 ev_timer_again(conn_.loop, &conn_.rt);
137 if (wb_.rleft() > 0) {
138 auto nwrite = conn_.write_clear(wb_.pos, wb_.rleft());
149 if (on_write() != 0) {
152 if (wb_.rleft() == 0) {
157 conn_.wlimit.stopw();
158 ev_timer_stop(conn_.loop, &conn_.wt);
163 int ClientHandler::tls_handshake() {
164 ev_timer_again(conn_.loop, &conn_.rt);
168 auto rv = conn_.tls_handshake();
170 if (rv == SHRPX_ERR_INPROGRESS) {
178 if (LOG_ENABLED(INFO)) {
179 CLOG(INFO, this) << "SSL/TLS handshake completed";
182 if (validate_next_proto() != 0) {
186 read_ = &ClientHandler::read_tls;
187 write_ = &ClientHandler::write_tls;
192 int ClientHandler::read_tls() {
193 ev_timer_again(conn_.loop, &conn_.rt);
198 // we should process buffered data first before we read EOF.
199 if (rb_.rleft() && on_read() != 0) {
202 if (rb_.rleft() == 0) {
204 } else if (rb_.wleft() == 0) {
205 conn_.rlimit.stopw();
209 auto nread = conn_.read_tls(rb_.last, rb_.wleft());
223 int ClientHandler::write_tls() {
224 ev_timer_again(conn_.loop, &conn_.rt);
229 if (wb_.rleft() > 0) {
230 auto nwrite = conn_.write_tls(wb_.pos, wb_.rleft());
245 if (on_write() != 0) {
248 if (wb_.rleft() == 0) {
253 conn_.wlimit.stopw();
254 ev_timer_stop(conn_.loop, &conn_.wt);
259 int ClientHandler::upstream_noop() { return 0; }
261 int ClientHandler::upstream_read() {
263 if (upstream_->on_read() != 0) {
269 int ClientHandler::upstream_write() {
271 if (upstream_->on_write() != 0) {
275 if (get_should_close_after_write() && wb_.rleft() == 0) {
282 int ClientHandler::upstream_http2_connhd_read() {
283 auto nread = std::min(left_connhd_len_, rb_.rleft());
284 if (memcmp(NGHTTP2_CLIENT_MAGIC + NGHTTP2_CLIENT_MAGIC_LEN - left_connhd_len_,
285 rb_.pos, nread) != 0) {
286 // There is no downgrade path here. Just drop the connection.
287 if (LOG_ENABLED(INFO)) {
288 CLOG(INFO, this) << "invalid client connection header";
294 left_connhd_len_ -= nread;
296 conn_.rlimit.startw();
298 if (left_connhd_len_ == 0) {
299 on_read_ = &ClientHandler::upstream_read;
300 // Run on_read to process data left in buffer since they are not
302 if (on_read() != 0) {
311 int ClientHandler::upstream_http1_connhd_read() {
312 auto nread = std::min(left_connhd_len_, rb_.rleft());
313 if (memcmp(NGHTTP2_CLIENT_MAGIC + NGHTTP2_CLIENT_MAGIC_LEN - left_connhd_len_,
314 rb_.pos, nread) != 0) {
315 if (LOG_ENABLED(INFO)) {
316 CLOG(INFO, this) << "This is HTTP/1.1 connection, "
317 << "but may be upgraded to HTTP/2 later.";
320 // Reset header length for later HTTP/2 upgrade
321 left_connhd_len_ = NGHTTP2_CLIENT_MAGIC_LEN;
322 on_read_ = &ClientHandler::upstream_read;
323 on_write_ = &ClientHandler::upstream_write;
325 if (on_read() != 0) {
332 left_connhd_len_ -= nread;
334 conn_.rlimit.startw();
336 if (left_connhd_len_ == 0) {
337 if (LOG_ENABLED(INFO)) {
338 CLOG(INFO, this) << "direct HTTP/2 connection";
341 direct_http2_upgrade();
342 on_read_ = &ClientHandler::upstream_read;
343 on_write_ = &ClientHandler::upstream_write;
345 // Run on_read to process data left in buffer since they are not
347 if (on_read() != 0) {
357 ClientHandler::ClientHandler(Worker *worker, int fd, SSL *ssl,
358 const char *ipaddr, const char *port)
359 : conn_(worker->get_loop(), fd, ssl, get_config()->upstream_write_timeout,
360 get_config()->upstream_read_timeout, get_config()->write_rate,
361 get_config()->write_burst, get_config()->read_rate,
362 get_config()->read_burst, writecb, readcb, timeoutcb, this),
363 ipaddr_(ipaddr), port_(port), worker_(worker),
364 http2session_(worker_->next_http2_session()),
365 left_connhd_len_(NGHTTP2_CLIENT_MAGIC_LEN),
366 should_close_after_write_(false) {
368 ++worker_->get_worker_stat()->num_connections;
370 ev_timer_init(&reneg_shutdown_timer_, shutdowncb, 0., 0.);
372 reneg_shutdown_timer_.data = this;
374 conn_.rlimit.startw();
375 ev_timer_again(conn_.loop, &conn_.rt);
378 SSL_set_app_data(conn_.tls.ssl, &conn_);
379 read_ = write_ = &ClientHandler::tls_handshake;
380 on_read_ = &ClientHandler::upstream_noop;
381 on_write_ = &ClientHandler::upstream_write;
383 // For non-TLS version, first create HttpsUpstream. It may be
384 // upgraded to HTTP/2 through HTTP Upgrade or direct HTTP/2
386 upstream_ = make_unique<HttpsUpstream>(this);
388 read_ = &ClientHandler::read_clear;
389 write_ = &ClientHandler::write_clear;
390 on_read_ = &ClientHandler::upstream_http1_connhd_read;
391 on_write_ = &ClientHandler::upstream_noop;
395 ClientHandler::~ClientHandler() {
396 if (LOG_ENABLED(INFO)) {
397 CLOG(INFO, this) << "Deleting";
401 upstream_->on_handler_delete();
404 auto worker_stat = worker_->get_worker_stat();
405 --worker_stat->num_connections;
407 if (worker_stat->num_connections == 0) {
408 worker_->schedule_clear_mcpool();
411 ev_timer_stop(conn_.loop, &reneg_shutdown_timer_);
413 // TODO If backend is http/2, and it is in CONNECTED state, signal
414 // it and make it loopbreak when output is zero.
415 if (worker_->get_graceful_shutdown() && worker_stat->num_connections == 0) {
416 ev_break(conn_.loop);
419 if (LOG_ENABLED(INFO)) {
420 CLOG(INFO, this) << "Deleted";
424 Upstream *ClientHandler::get_upstream() { return upstream_.get(); }
426 struct ev_loop *ClientHandler::get_loop() const {
430 void ClientHandler::reset_upstream_read_timeout(ev_tstamp t) {
432 if (ev_is_active(&conn_.rt)) {
433 ev_timer_again(conn_.loop, &conn_.rt);
437 void ClientHandler::reset_upstream_write_timeout(ev_tstamp t) {
439 if (ev_is_active(&conn_.wt)) {
440 ev_timer_again(conn_.loop, &conn_.wt);
444 int ClientHandler::validate_next_proto() {
445 const unsigned char *next_proto = nullptr;
446 unsigned int next_proto_len;
449 // First set callback for catch all cases
450 on_read_ = &ClientHandler::upstream_read;
452 SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
453 for (int i = 0; i < 2; ++i) {
455 if (LOG_ENABLED(INFO)) {
456 std::string proto(next_proto, next_proto + next_proto_len);
457 CLOG(INFO, this) << "The negotiated next protocol: " << proto;
459 if (!ssl::in_proto_list(get_config()->npn_list, next_proto,
463 if (util::check_h2_is_selected(next_proto, next_proto_len)) {
465 on_read_ = &ClientHandler::upstream_http2_connhd_read;
467 auto http2_upstream = make_unique<Http2Upstream>(this);
469 if (!ssl::check_http2_requirement(conn_.tls.ssl)) {
470 rv = http2_upstream->terminate_session(NGHTTP2_INADEQUATE_SECURITY);
477 upstream_ = std::move(http2_upstream);
478 alpn_.assign(next_proto, next_proto + next_proto_len);
480 // At this point, input buffer is already filled with some
481 // bytes. The read callback is not called until new data
482 // come. So consume input buffer here.
483 if (on_read() != 0) {
490 uint16_t version = spdylay_npn_get_version(next_proto, next_proto_len);
492 upstream_ = make_unique<SpdyUpstream>(version, this);
495 case SPDYLAY_PROTO_SPDY2:
498 case SPDYLAY_PROTO_SPDY3:
501 case SPDYLAY_PROTO_SPDY3_1:
505 alpn_ = "spdy/unknown";
508 // At this point, input buffer is already filled with some
509 // bytes. The read callback is not called until new data
510 // come. So consume input buffer here.
511 if (on_read() != 0) {
517 #endif // HAVE_SPDYLAY
518 if (next_proto_len == 8 && memcmp("http/1.1", next_proto, 8) == 0) {
519 upstream_ = make_unique<HttpsUpstream>(this);
522 // At this point, input buffer is already filled with some
523 // bytes. The read callback is not called until new data
524 // come. So consume input buffer here.
525 if (on_read() != 0) {
534 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
535 SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
536 #else // OPENSSL_VERSION_NUMBER < 0x10002000L
538 #endif // OPENSSL_VERSION_NUMBER < 0x10002000L
541 if (LOG_ENABLED(INFO)) {
542 CLOG(INFO, this) << "No protocol negotiated. Fallback to HTTP/1.1";
544 upstream_ = make_unique<HttpsUpstream>(this);
547 // At this point, input buffer is already filled with some bytes.
548 // The read callback is not called until new data come. So consume
549 // input buffer here.
550 if (on_read() != 0) {
556 if (LOG_ENABLED(INFO)) {
557 CLOG(INFO, this) << "The negotiated protocol is not supported";
562 int ClientHandler::do_read() { return read_(*this); }
563 int ClientHandler::do_write() { return write_(*this); }
565 int ClientHandler::on_read() {
566 auto rv = on_read_(*this);
570 conn_.handle_tls_pending_read();
573 int ClientHandler::on_write() { return on_write_(*this); }
575 const std::string &ClientHandler::get_ipaddr() const { return ipaddr_; }
577 bool ClientHandler::get_should_close_after_write() const {
578 return should_close_after_write_;
581 void ClientHandler::set_should_close_after_write(bool f) {
582 should_close_after_write_ = f;
585 void ClientHandler::pool_downstream_connection(
586 std::unique_ptr<DownstreamConnection> dconn) {
587 if (!dconn->poolable()) {
590 if (LOG_ENABLED(INFO)) {
591 CLOG(INFO, this) << "Pooling downstream connection DCONN:" << dconn.get();
593 dconn->set_client_handler(nullptr);
594 auto dconn_pool = worker_->get_dconn_pool();
595 dconn_pool->add_downstream_connection(std::move(dconn));
598 void ClientHandler::remove_downstream_connection(DownstreamConnection *dconn) {
599 if (LOG_ENABLED(INFO)) {
600 CLOG(INFO, this) << "Removing downstream connection DCONN:" << dconn
603 auto dconn_pool = worker_->get_dconn_pool();
604 dconn_pool->remove_downstream_connection(dconn);
607 std::unique_ptr<DownstreamConnection>
608 ClientHandler::get_downstream_connection() {
609 auto dconn_pool = worker_->get_dconn_pool();
610 auto dconn = dconn_pool->pop_downstream_connection();
613 if (LOG_ENABLED(INFO)) {
614 CLOG(INFO, this) << "Downstream connection pool is empty."
615 << " Create new one";
618 auto dconn_pool = worker_->get_dconn_pool();
621 dconn = make_unique<Http2DownstreamConnection>(dconn_pool, http2session_);
623 dconn = make_unique<HttpDownstreamConnection>(dconn_pool, conn_.loop);
625 dconn->set_client_handler(this);
629 dconn->set_client_handler(this);
631 if (LOG_ENABLED(INFO)) {
632 CLOG(INFO, this) << "Reuse downstream connection DCONN:" << dconn.get()
639 MemchunkPool *ClientHandler::get_mcpool() { return worker_->get_mcpool(); }
641 SSL *ClientHandler::get_ssl() const { return conn_.tls.ssl; }
643 ConnectBlocker *ClientHandler::get_connect_blocker() const {
644 return worker_->get_connect_blocker();
647 void ClientHandler::direct_http2_upgrade() {
648 upstream_ = make_unique<Http2Upstream>(this);
649 alpn_ = NGHTTP2_CLEARTEXT_PROTO_VERSION_ID;
650 on_read_ = &ClientHandler::upstream_read;
653 int ClientHandler::perform_http2_upgrade(HttpsUpstream *http) {
654 auto upstream = make_unique<Http2Upstream>(this);
655 if (upstream->upgrade_upstream(http) != 0) {
658 // http pointer is now owned by upstream.
660 upstream_ = std::move(upstream);
661 // TODO We might get other version id in HTTP2-settings, if we
662 // support aliasing for h2, but we just use library default for now.
663 alpn_ = NGHTTP2_CLEARTEXT_PROTO_VERSION_ID;
664 on_read_ = &ClientHandler::upstream_http2_connhd_read;
666 static char res[] = "HTTP/1.1 101 Switching Protocols\r\n"
667 "Connection: Upgrade\r\n"
668 "Upgrade: " NGHTTP2_CLEARTEXT_PROTO_VERSION_ID "\r\n"
670 wb_.write(res, sizeof(res) - 1);
675 bool ClientHandler::get_http2_upgrade_allowed() const { return !conn_.tls.ssl; }
677 std::string ClientHandler::get_upstream_scheme() const {
685 void ClientHandler::start_immediate_shutdown() {
686 ev_timer_start(conn_.loop, &reneg_shutdown_timer_);
690 // Construct absolute request URI from |downstream|, mainly to log
691 // request URI for proxy request (HTTP/2 proxy or client proxy). This
692 // is mostly same routine found in
693 // HttpDownstreamConnection::push_request_headers(), but vastly
694 // simplified since we only care about absolute URI.
695 std::string construct_absolute_request_uri(Downstream *downstream) {
696 const char *authority = nullptr, *host = nullptr;
697 if (!downstream->get_request_http2_authority().empty()) {
698 authority = downstream->get_request_http2_authority().c_str();
700 auto h = downstream->get_request_header(http2::HD_HOST);
702 host = h->value.c_str();
704 if (!authority && !host) {
705 return downstream->get_request_path();
708 if (downstream->get_request_http2_scheme().empty()) {
709 // this comes from HTTP/1 upstream without scheme. Just use http.
712 uri += downstream->get_request_http2_scheme();
721 // Server-wide OPTIONS takes following form in proxy request:
723 // OPTIONS http://example.org HTTP/1.1
725 // Notice that no slash after authority. See
726 // http://tools.ietf.org/html/rfc7230#section-5.3.4
727 if (downstream->get_request_path() != "*") {
728 uri += downstream->get_request_path();
734 void ClientHandler::write_accesslog(Downstream *downstream) {
736 get_config()->accesslog_format,
738 downstream, ipaddr_.c_str(), downstream->get_request_method().c_str(),
740 (downstream->get_request_method() != "CONNECT" &&
741 (get_config()->http2_proxy || get_config()->client_proxy))
742 ? construct_absolute_request_uri(downstream).c_str()
743 : downstream->get_request_path().empty()
744 ? downstream->get_request_http2_authority().c_str()
745 : downstream->get_request_path().c_str(),
749 std::chrono::system_clock::now(), // time_now
750 downstream->get_request_start_time(), // request_start_time
751 std::chrono::high_resolution_clock::now(), // request_end_time
753 downstream->get_request_major(), downstream->get_request_minor(),
754 downstream->get_response_http_status(),
755 downstream->get_response_sent_bodylen(), port_.c_str(),
756 get_config()->port, get_config()->pid,
760 void ClientHandler::write_accesslog(int major, int minor, unsigned int status,
761 int64_t body_bytes_sent) {
762 auto time_now = std::chrono::system_clock::now();
763 auto highres_now = std::chrono::high_resolution_clock::now();
765 upstream_accesslog(get_config()->accesslog_format,
767 nullptr, ipaddr_.c_str(),
770 alpn_.c_str(), time_now,
771 highres_now, // request_start_time TODO is
772 // there a better value?
773 highres_now, // request_end_time
774 major, minor, // major, minor
775 status, body_bytes_sent, port_.c_str(),
776 get_config()->port, get_config()->pid,
780 ClientHandler::WriteBuf *ClientHandler::get_wb() { return &wb_; }
782 ClientHandler::ReadBuf *ClientHandler::get_rb() { return &rb_; }
784 void ClientHandler::signal_write() { conn_.wlimit.startw(); }
786 RateLimit *ClientHandler::get_rlimit() { return &conn_.rlimit; }
787 RateLimit *ClientHandler::get_wlimit() { return &conn_.wlimit; }
789 ev_io *ClientHandler::get_wev() { return &conn_.wev; }
791 Worker *ClientHandler::get_worker() const { return worker_; }
projects / platform / upstream / nghttp2.git / blob