From 9b6d0f2106be4f0ef3aabf23a414dcc3b8e7068e Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Fri, 20 Nov 2015 15:13:11 +0000 Subject: [PATCH] update of mod_http2 with current trunk version git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715371 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 41 ++ docs/manual/mod/mod_http2.xml | 297 ++++++++- modules/http2/config.m4 | 4 +- modules/http2/h2_bucket_eoc.c | 108 ++++ modules/http2/h2_bucket_eoc.h | 31 + modules/http2/h2_bucket_eos.c | 109 ++++ modules/http2/h2_bucket_eos.h | 30 + modules/http2/h2_config.c | 159 ++++- modules/http2/h2_config.h | 11 + modules/http2/h2_conn.c | 347 +++------- modules/http2/h2_conn.h | 22 +- modules/http2/h2_conn_io.c | 182 ++++-- modules/http2/h2_conn_io.h | 19 +- modules/http2/h2_ctx.c | 10 +- modules/http2/h2_ctx.h | 8 +- modules/http2/h2_from_h1.c | 29 +- modules/http2/h2_from_h1.h | 14 +- modules/http2/h2_h2.c | 560 ++++++++++++++-- modules/http2/h2_h2.h | 63 +- modules/http2/h2_io.c | 152 ++++- modules/http2/h2_io.h | 42 +- modules/http2/h2_io_set.c | 51 +- modules/http2/h2_io_set.h | 3 +- modules/http2/h2_mplx.c | 438 ++++++++----- modules/http2/h2_mplx.h | 61 +- modules/http2/h2_push.c | 400 ++++++++++++ modules/http2/h2_push.h | 33 + modules/http2/h2_request.c | 286 ++++++--- modules/http2/h2_request.h | 48 +- modules/http2/h2_response.c | 145 +---- modules/http2/h2_response.h | 22 +- modules/http2/h2_session.c | 1106 ++++++++++++++++++++------------ modules/http2/h2_session.h | 81 ++- modules/http2/h2_stream.c | 600 +++++++++++++---- modules/http2/h2_stream.h | 246 ++++++- modules/http2/h2_stream_set.c | 177 +++-- modules/http2/h2_stream_set.h | 17 +- modules/http2/h2_switch.c | 30 +- modules/http2/h2_task.c | 231 +++---- modules/http2/h2_task.h | 122 +--- modules/http2/h2_task_input.c | 75 +-- modules/http2/h2_task_input.h | 6 +- modules/http2/h2_task_output.c | 34 +- modules/http2/h2_task_output.h | 7 +- modules/http2/h2_task_queue.c | 153 ++++- modules/http2/h2_task_queue.h | 141 ++-- modules/http2/h2_to_h1.c | 305 --------- modules/http2/h2_to_h1.h | 87 --- modules/http2/h2_util.c | 382 ++++++++++- modules/http2/h2_util.h | 75 ++- modules/http2/h2_version.h | 4 +- modules/http2/h2_worker.c | 62 +- modules/http2/h2_worker.h | 14 +- modules/http2/h2_workers.c | 78 ++- modules/http2/h2_workers.h | 1 + modules/http2/mod_http2.dsp | 16 +- 56 files changed, 5205 insertions(+), 2570 deletions(-) create mode 100644 modules/http2/h2_bucket_eoc.c create mode 100644 modules/http2/h2_bucket_eoc.h create mode 100644 modules/http2/h2_bucket_eos.c create mode 100644 modules/http2/h2_bucket_eos.h create mode 100644 modules/http2/h2_push.c create mode 100644 modules/http2/h2_push.h delete mode 100644 modules/http2/h2_to_h1.c delete mode 100644 modules/http2/h2_to_h1.h diff --git a/CHANGES b/CHANGES index 870e76fbac..f3f5c1bb03 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,47 @@ Changes with Apache 2.4.18 + *) mod_http2: incoming trailers (headers after request body) are properly + forwarded to the processing engine. [Stefan Eissing] + + *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server + pushes a server/virtual host. Pushes are initiated by the presence + of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing] + + *) mod_http2: write performance of http2 improved for larger resources, + especially static files. [Stefan Eissing] + + *) core: if the first HTTP/1.1 request on a connection goes to a server that + prefers different protocols, these protocols are announced in a Upgrade: + header on the response, mentioning the preferred protocols. + [Stefan Eissing] + + *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs' + to control TLS record sizes during connection lifetime. + [Stefan Eissing] + + *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security + requirements of RFC 7540 on TLS connections. [Stefan Eissing] + + *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols + that a client could possibly upgrade to. Use in first request on a + connection to announce protocol choices. [Stefan Eissing] + + *) mod_http2: reworked deallocation on connection shutdown and worker + abort. Separate parent pool for all workers. worker threads are joined + on planned worker shutdown. [Yann Ylavic, Stefan Eissing] + + *) mod_ssl: when receiving requests for other virtual hosts than the handshake + server, the SSL parameters are checked for equality. With equal + configuration, requests are passed for processing. Any change will trigger + the old behaviour of "421 Misdirected Request". + SSL now remembers the cipher suite that was used for the last handshake. + This is compared against for any vhost/directory cipher specification. + Detailed examination of renegotiation is only done when these do not + match. + Renegotiation is 403ed when a master connection is present. Exact reason + is given additionally in a request note. [Stefan Eissing] + *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit alignment (SPARC64, PPC64). [Yann Ylavic] diff --git a/docs/manual/mod/mod_http2.xml b/docs/manual/mod/mod_http2.xml index 90ecff84dd..0771e3c44e 100644 --- a/docs/manual/mod/mod_http2.xml +++ b/docs/manual/mod/mod_http2.xml @@ -42,13 +42,22 @@ release relative to other standard modules. Users are encouraged to consult the "CHANGES" file for potential updates.

+ +

You must enable HTTP/2 via Protocols in order to use the + functionality described in this document:

+ + + Protocols h2 http/1.1 + + H2Direct H2 Direct Protocol Switch H2Direct on|off - H2Direct on (for non TLS) + H2Direct on for h2c, off for h2 protocol server config virtual host @@ -60,12 +69,31 @@ should be used inside a VirtualHost section to enable direct HTTP/2 communication for that virtual host. +

+

Direct communication means that if the first bytes received by the server on a connection match the HTTP/2 preamble, the HTTP/2 protocol is switched to immediately without further negotiation. - This mode falls outside the RFC 7540 but has become widely implemented - as it is very convenient for development and testing. - By default the direct HTTP/2 mode is enabled. + This mode is defined in RFC 7540 for the cleartext (h2c) case. Its + use on TLS connections not mandated by the standard. +

+

+ When a server/vhost does not have h2 or h2c enabled via + Protocols, + the connection is never inspected for a HTTP/2 preamble. H2Direct + does not matter then. This is important for connections that + use protocols where an initial read might hang indefinitely, such + as NNTP. +

+

+ For clients that have out-of-band knowledge about a server + supporting h2c, direct HTTP/2 saves the client from having to + perform an HTTP/1.1 upgrade, resulting in better performance + and avoiding the Upgrade restrictions on request bodies. +

+

+ This makes direct h2c attractive for server to server communication + as well, when the connection can be trusted or is secured by other means.

Example @@ -74,6 +102,122 @@ + + + H2Push + H2 Server Push Switch + H2Push on|off + H2Push on + + server config + virtual host + + + +

+ This directive toggles the usage of the HTTP/2 server push + protocol feature. This should be used inside a + VirtualHost + section to enable direct HTTP/2 communication for that virtual host. +

+

+ The HTTP/2 protocol allows the server to push other resources to + a client when it asked for a particular one. This is helpful + if those resources are connected in some way and the client can + be expected to ask for it anyway. The pushing then saves the + time it takes the client to ask for the resources itself. On the + other hand, pushing resources the client never needs or already + has is a waste of bandwidth. +

+

+ Server pushes are detected by inspecting the Link headers of + responses (see https://tools.ietf.org/html/rfc5988 for the + specification). When a link thus specified has the rel=preload + attribute, it is treated as a resource to be pushed. +

+

+ Link headers in responses are either set by the application or + can be configured via mod_headers as: +

+ mod_headers example + +<Location /index.html> + Header add Link "</css/site.css>;rel=preload" + Header add Link "</images/logo.jpg>;rel=preload" +</Location> + + +

+ As the example shows, there can be several link headers added + to a response, resulting in several pushes being triggered. There + are no checks in the module to avoid pushing the same resource + twice or more to one client. Use with care. +

+

+ HTTP/2 server pushes are enabled by default. This directive + allows it to be switch off on all resources of this server/virtual + host. +

+ Example + + H2Push off + + +

+ Last but not least, pushes happen only when the client signals + its willingness to accept those. Most browsers do, some, like Safari 9, + do not. +

+ + + + + H2Upgrade + H2 Upgrade Protocol Switch + H2Upgrade on|off + H2Upgrade on for h2c, off for h2 protocol + + server config + virtual host + + + +

+ This directive toggles the usage of the HTTP/1.1 Upgrade method + for switching to HTTP/2. This + should be used inside a + VirtualHost + section to enable Upgrades to HTTP/2 for that virtual host. +

+

+ This method of switching protocols is defined in HTTP/1.1 and + uses the "Upgrade" header (thus the name) to announce willingness + to use another protocol. This may happen on any request of a + HTTP/1.1 connection. +

+

+ This method of protocol switching is enabled by default on cleartext + (potential h2c) connections and disabled on TLS (potential h2), + as mandated by RFC 7540. +

+

+ Please be aware that Upgrades are only accepted for requests + that carry no body. POSTs and PUTs with content will never + trigger an upgrade to HTTP/2. + See H2Direct for an + alternative to Upgrade. +

+

+ This mode only has an effect when h2 or h2c is enabled via + the Protocols. +

+ Example + + H2Upgrade on + + + + H2MaxSessionStreams @@ -230,7 +374,7 @@

This directive sets maximum number of extra file handles a HTTP/2 session is allowed to use. A file handle is counted as - extra when it is transfered from a h2 worker thread to + extra when it is transferred from a h2 worker thread to the main HTTP/2 connection handling. This commonly happens when serving static files.

@@ -282,4 +426,147 @@ + + H2ModernTLSOnly + Require HTTP/2 connections to be "modern TLS" only + H2ModernTLSOnly on|off + H2ModernTLSOnly on + + server config + virtual host + + + +

+ This directive toggles the security checks on HTTP/2 connections + in TLS mode (https:). This can be used server wide or for specific + VirtualHosts. +

+

+ The security checks require that the TSL protocol is at least + TLSv1.2 and that none of the ciphers listed in RFC 7540, Appendix A + is used. These checks will be extended once new security requirements + come into place. +

+

+ The name stems from the + Security/Server Side TLS + definitions at mozilla where "modern compatibility" is defined. Mozilla Firefox and + other browsers require modern compatibility for HTTP/2 connections. As everything + in OpSec, this is a moving target and can be expected to evolve in the future. +

+

+ One purpose of having these checks in mod_http2 is to enforce this + security level for all connections, not only those from browsers. The other + purpose is to prevent the negotiation of HTTP/2 as a protocol should + the requirements not be met. +

+

+ Ultimately, the security of the TLS connection is determined by the + server configuration directives for mod_ssl. +

+ Example + + H2ModernTLSOnly off + + + + + + + H2TLSWarmUpSize + + H2TLSWarmUpSize amount + H2TLSWarmUpSize 1048576 + + server config + virtual host + + + +

+ This directive sets the number of bytes to be sent in small + TLS records (~1300 bytes) until doing maximum sized writes (16k) + on https: HTTP/2 connections. + This can be used server wide or for specific + VirtualHosts. +

+

+ Measurements by google performance + labs show that best performance on TLS connections is reached, + if initial record sizes stay below the MTU level, to allow a + complete record to fit into an IP packet. +

+

+ While TCP adjust its flow-control and window sizes, longer TLS + records can get stuck in queues or get lost and need retransmission. + This is of course true for all packets. TLS however needs the + whole record in order to decrypt it. Any missing bytes at the end + will stall usage of the received ones. +

+

+ After a sufficient number of bytes have been send successfully, + the TCP state of the connection is stable and maximum TLS record + sizes (16 KB) can be used for optimal performance. +

+

+ In deployments where servers are reached locally or over reliable + connections only, the value might be decreased with 0 disabling + any warmup phase altogether. +

+

+ The following example sets the size to zero, effectively disabling + any warmup phase. +

+ Example + + H2TLSWarmUpSize 0 + + + + + + + H2TLSCoolDownSecs + + H2TLSCoolDownSecs seconds + H2TLSCoolDownSecs 1 + + server config + virtual host + + + +

+ This directive sets the number of seconds of idle time on a TLS + connection before the TLS write size falls back to small (~1300 bytes) + length. + This can be used server wide or for specific + VirtualHosts. +

+

+ See H2TLSWarmUpSize for a + description of TLS warmup. H2TLSCoolDownSecs reflects the fact + that connections may deteriorate over time (and TCP flow adjusts) + for idle connections as well. It is beneficial to overall performance + to fall back to the pre-warmup phase after a number of seconds that + no data has been sent. +

+

+ In deployments where connections can be considered reliable, this + timer can be disabled by setting it to 0. +

+

+ The following example sets the seconds to zero, effectively disabling + any cool down. Warmed up TLS connections stay on maximum record + size. +

+ Example + + H2TLSCoolDownSecs 0 + + + + + diff --git a/modules/http2/config.m4 b/modules/http2/config.m4 index 9c5eb86740..f383b3cd83 100644 --- a/modules/http2/config.m4 +++ b/modules/http2/config.m4 @@ -20,6 +20,8 @@ dnl # list of module object files http2_objs="dnl mod_http2.lo dnl h2_alt_svc.lo dnl +h2_bucket_eoc.lo dnl +h2_bucket_eos.lo dnl h2_config.lo dnl h2_conn.lo dnl h2_conn_io.lo dnl @@ -29,6 +31,7 @@ h2_h2.lo dnl h2_io.lo dnl h2_io_set.lo dnl h2_mplx.lo dnl +h2_push.lo dnl h2_request.lo dnl h2_response.lo dnl h2_session.lo dnl @@ -39,7 +42,6 @@ h2_task.lo dnl h2_task_input.lo dnl h2_task_output.lo dnl h2_task_queue.lo dnl -h2_to_h1.lo dnl h2_util.lo dnl h2_worker.lo dnl h2_workers.lo dnl diff --git a/modules/http2/h2_bucket_eoc.c b/modules/http2/h2_bucket_eoc.c new file mode 100644 index 0000000000..8b145cf29e --- /dev/null +++ b/modules/http2/h2_bucket_eoc.c @@ -0,0 +1,108 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_session.h" +#include "h2_bucket_eoc.h" + +typedef struct { + apr_bucket_refcount refcount; + h2_session *session; +} h2_bucket_eoc; + +static apr_status_t bucket_cleanup(void *data) +{ + h2_session **psession = data; + + if (*psession) { + /* + * If bucket_destroy is called after us, this prevents + * bucket_destroy from trying to destroy the pool again. + */ + *psession = NULL; + } + return APR_SUCCESS; +} + +static apr_status_t bucket_read(apr_bucket *b, const char **str, + apr_size_t *len, apr_read_type_e block) +{ + (void)b; + (void)block; + *str = NULL; + *len = 0; + return APR_SUCCESS; +} + +apr_bucket * h2_bucket_eoc_make(apr_bucket *b, h2_session *session) +{ + h2_bucket_eoc *h; + + h = apr_bucket_alloc(sizeof(*h), b->list); + h->session = session; + + b = apr_bucket_shared_make(b, h, 0, 0); + b->type = &h2_bucket_type_eoc; + + return b; +} + +apr_bucket * h2_bucket_eoc_create(apr_bucket_alloc_t *list, h2_session *session) +{ + apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); + + APR_BUCKET_INIT(b); + b->free = apr_bucket_free; + b->list = list; + b = h2_bucket_eoc_make(b, session); + if (session) { + h2_bucket_eoc *h = b->data; + apr_pool_pre_cleanup_register(session->pool, &h->session, bucket_cleanup); + } + return b; +} + +static void bucket_destroy(void *data) +{ + h2_bucket_eoc *h = data; + + if (apr_bucket_shared_destroy(h)) { + h2_session *session = h->session; + if (session) { + h2_session_eoc_callback(session); + } + apr_bucket_free(h); + } +} + +const apr_bucket_type_t h2_bucket_type_eoc = { + "H2EOC", 5, APR_BUCKET_METADATA, + bucket_destroy, + bucket_read, + apr_bucket_setaside_noop, + apr_bucket_split_notimpl, + apr_bucket_shared_copy +}; + diff --git a/modules/http2/h2_bucket_eoc.h b/modules/http2/h2_bucket_eoc.h new file mode 100644 index 0000000000..f1cd6f8135 --- /dev/null +++ b/modules/http2/h2_bucket_eoc.h @@ -0,0 +1,31 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef mod_http2_h2_bucket_eoc_h +#define mod_http2_h2_bucket_eoc_h + +struct h2_session; + +/** End Of HTTP/2 SESSION (H2EOC) bucket */ +extern const apr_bucket_type_t h2_bucket_type_eoc; + + +apr_bucket * h2_bucket_eoc_make(apr_bucket *b, + struct h2_session *session); + +apr_bucket * h2_bucket_eoc_create(apr_bucket_alloc_t *list, + struct h2_session *session); + +#endif /* mod_http2_h2_bucket_eoc_h */ diff --git a/modules/http2/h2_bucket_eos.c b/modules/http2/h2_bucket_eos.c new file mode 100644 index 0000000000..98a0b365c6 --- /dev/null +++ b/modules/http2/h2_bucket_eos.c @@ -0,0 +1,109 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_stream.h" +#include "h2_bucket_eos.h" + +typedef struct { + apr_bucket_refcount refcount; + h2_stream *stream; +} h2_bucket_eos; + +static apr_status_t bucket_cleanup(void *data) +{ + h2_stream **pstream = data; + + if (*pstream) { + /* + * If bucket_destroy is called after us, this prevents + * bucket_destroy from trying to destroy the pool again. + */ + *pstream = NULL; + } + return APR_SUCCESS; +} + +static apr_status_t bucket_read(apr_bucket *b, const char **str, + apr_size_t *len, apr_read_type_e block) +{ + (void)b; + (void)block; + *str = NULL; + *len = 0; + return APR_SUCCESS; +} + +apr_bucket *h2_bucket_eos_make(apr_bucket *b, h2_stream *stream) +{ + h2_bucket_eos *h; + + h = apr_bucket_alloc(sizeof(*h), b->list); + h->stream = stream; + + b = apr_bucket_shared_make(b, h, 0, 0); + b->type = &h2_bucket_type_eos; + + return b; +} + +apr_bucket *h2_bucket_eos_create(apr_bucket_alloc_t *list, + h2_stream *stream) +{ + apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); + + APR_BUCKET_INIT(b); + b->free = apr_bucket_free; + b->list = list; + b = h2_bucket_eos_make(b, stream); + if (stream) { + h2_bucket_eos *h = b->data; + apr_pool_pre_cleanup_register(stream->pool, &h->stream, bucket_cleanup); + } + return b; +} + +static void bucket_destroy(void *data) +{ + h2_bucket_eos *h = data; + + if (apr_bucket_shared_destroy(h)) { + h2_stream *stream = h->stream; + if (stream) { + h2_stream_cleanup(stream); + } + apr_bucket_free(h); + } +} + +const apr_bucket_type_t h2_bucket_type_eos = { + "H2EOS", 5, APR_BUCKET_METADATA, + bucket_destroy, + bucket_read, + apr_bucket_setaside_noop, + apr_bucket_split_notimpl, + apr_bucket_shared_copy +}; + diff --git a/modules/http2/h2_bucket_eos.h b/modules/http2/h2_bucket_eos.h new file mode 100644 index 0000000000..bd3360db5a --- /dev/null +++ b/modules/http2/h2_bucket_eos.h @@ -0,0 +1,30 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef mod_http2_h2_bucket_stream_eos_h +#define mod_http2_h2_bucket_stream_eos_h + +struct h2_stream; + +/** End Of HTTP/2 STREAM (H2EOS) bucket */ +extern const apr_bucket_type_t h2_bucket_type_eos; + + +apr_bucket *h2_bucket_eos_make(apr_bucket *b, struct h2_stream *stream); + +apr_bucket *h2_bucket_eos_create(apr_bucket_alloc_t *list, + struct h2_stream *stream); + +#endif /* mod_http2_h2_bucket_stream_eos_h */ diff --git a/modules/http2/h2_config.c b/modules/http2/h2_config.c index 6db702eca8..7ac4297b32 100644 --- a/modules/http2/h2_config.c +++ b/modules/http2/h2_config.c @@ -29,6 +29,7 @@ #include "h2_ctx.h" #include "h2_conn.h" #include "h2_config.h" +#include "h2_h2.h" #include "h2_private.h" #define DEF_VAL (-1) @@ -38,17 +39,22 @@ static h2_config defconf = { "default", - 100, /* max_streams */ - 64 * 1024, /* window_size */ - -1, /* min workers */ - -1, /* max workers */ - 10 * 60, /* max workers idle secs */ - 64 * 1024, /* stream max mem size */ - NULL, /* no alt-svcs */ - -1, /* alt-svc max age */ - 0, /* serialize headers */ - -1, /* h2 direct mode */ - -1, /* # session extra files */ + 100, /* max_streams */ + H2_INITIAL_WINDOW_SIZE, /* window_size */ + -1, /* min workers */ + -1, /* max workers */ + 10 * 60, /* max workers idle secs */ + 64 * 1024, /* stream max mem size */ + NULL, /* no alt-svcs */ + -1, /* alt-svc max age */ + 0, /* serialize headers */ + -1, /* h2 direct mode */ + -1, /* # session extra files */ + 1, /* modern TLS only */ + -1, /* HTTP/1 Upgrade support */ + 1024*1024, /* TLS warmup size */ + 1, /* TLS cooldown secs */ + 1, /* HTTP/2 server push enabled */ }; static int files_per_session = 0; @@ -100,6 +106,12 @@ static void *h2_config_create(apr_pool_t *pool, conf->serialize_headers = DEF_VAL; conf->h2_direct = DEF_VAL; conf->session_extra_files = DEF_VAL; + conf->modern_tls_only = DEF_VAL; + conf->h2_upgrade = DEF_VAL; + conf->tls_warmup_size = DEF_VAL; + conf->tls_cooldown_secs = DEF_VAL; + conf->h2_push = DEF_VAL; + return conf; } @@ -127,22 +139,32 @@ void *h2_config_merge(apr_pool_t *pool, void *basev, void *addv) strcat(name, "]"); n->name = name; - n->h2_max_streams = H2_CONFIG_GET(add, base, h2_max_streams); - n->h2_window_size = H2_CONFIG_GET(add, base, h2_window_size); - n->min_workers = H2_CONFIG_GET(add, base, min_workers); - n->max_workers = H2_CONFIG_GET(add, base, max_workers); + n->h2_max_streams = H2_CONFIG_GET(add, base, h2_max_streams); + n->h2_window_size = H2_CONFIG_GET(add, base, h2_window_size); + n->min_workers = H2_CONFIG_GET(add, base, min_workers); + n->max_workers = H2_CONFIG_GET(add, base, max_workers); n->max_worker_idle_secs = H2_CONFIG_GET(add, base, max_worker_idle_secs); - n->stream_max_mem_size = H2_CONFIG_GET(add, base, stream_max_mem_size); - n->alt_svcs = add->alt_svcs? add->alt_svcs : base->alt_svcs; - n->alt_svc_max_age = H2_CONFIG_GET(add, base, alt_svc_max_age); - n->serialize_headers = H2_CONFIG_GET(add, base, serialize_headers); - n->h2_direct = H2_CONFIG_GET(add, base, h2_direct); - n->session_extra_files = H2_CONFIG_GET(add, base, session_extra_files); + n->stream_max_mem_size = H2_CONFIG_GET(add, base, stream_max_mem_size); + n->alt_svcs = add->alt_svcs? add->alt_svcs : base->alt_svcs; + n->alt_svc_max_age = H2_CONFIG_GET(add, base, alt_svc_max_age); + n->serialize_headers = H2_CONFIG_GET(add, base, serialize_headers); + n->h2_direct = H2_CONFIG_GET(add, base, h2_direct); + n->session_extra_files = H2_CONFIG_GET(add, base, session_extra_files); + n->modern_tls_only = H2_CONFIG_GET(add, base, modern_tls_only); + n->h2_upgrade = H2_CONFIG_GET(add, base, h2_upgrade); + n->tls_warmup_size = H2_CONFIG_GET(add, base, tls_warmup_size); + n->tls_cooldown_secs = H2_CONFIG_GET(add, base, tls_cooldown_secs); + n->h2_push = H2_CONFIG_GET(add, base, h2_push); return n; } int h2_config_geti(h2_config *conf, h2_config_var_t var) +{ + return (int)h2_config_geti64(conf, var); +} + +apr_int64_t h2_config_geti64(h2_config *conf, h2_config_var_t var) { int n; switch(var) { @@ -162,6 +184,10 @@ int h2_config_geti(h2_config *conf, h2_config_var_t var) return H2_CONFIG_GET(conf, &defconf, alt_svc_max_age); case H2_CONF_SER_HEADERS: return H2_CONFIG_GET(conf, &defconf, serialize_headers); + case H2_CONF_MODERN_TLS_ONLY: + return H2_CONFIG_GET(conf, &defconf, modern_tls_only); + case H2_CONF_UPGRADE: + return H2_CONFIG_GET(conf, &defconf, h2_upgrade); case H2_CONF_DIRECT: return H2_CONFIG_GET(conf, &defconf, h2_direct); case H2_CONF_SESSION_FILES: @@ -170,6 +196,12 @@ int h2_config_geti(h2_config *conf, h2_config_var_t var) n = files_per_session; } return n; + case H2_CONF_TLS_WARMUP_SIZE: + return H2_CONFIG_GET(conf, &defconf, tls_warmup_size); + case H2_CONF_TLS_COOLDOWN_SECS: + return H2_CONFIG_GET(conf, &defconf, tls_cooldown_secs); + case H2_CONF_PUSH: + return H2_CONFIG_GET(conf, &defconf, h2_push); default: return DEF_VAL; } @@ -290,8 +322,8 @@ static const char *h2_conf_set_session_extra_files(cmd_parms *parms, { h2_config *cfg = h2_config_sget(parms->server); apr_int64_t max = (int)apr_atoi64(value); - if (max <= 0) { - return "value must be a positive number"; + if (max < 0) { + return "value must be a non-negative number"; } cfg->session_extra_files = (int)max; (void)arg; @@ -332,8 +364,77 @@ static const char *h2_conf_set_direct(cmd_parms *parms, return "value must be On or Off"; } -#define AP_END_CMD AP_INIT_TAKE1(NULL, NULL, NULL, RSRC_CONF, NULL) +static const char *h2_conf_set_push(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + if (!strcasecmp(value, "On")) { + cfg->h2_push = 1; + return NULL; + } + else if (!strcasecmp(value, "Off")) { + cfg->h2_push = 0; + return NULL; + } + + (void)arg; + return "value must be On or Off"; +} + +static const char *h2_conf_set_modern_tls_only(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + if (!strcasecmp(value, "On")) { + cfg->modern_tls_only = 1; + return NULL; + } + else if (!strcasecmp(value, "Off")) { + cfg->modern_tls_only = 0; + return NULL; + } + + (void)arg; + return "value must be On or Off"; +} + +static const char *h2_conf_set_upgrade(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + if (!strcasecmp(value, "On")) { + cfg->h2_upgrade = 1; + return NULL; + } + else if (!strcasecmp(value, "Off")) { + cfg->h2_upgrade = 0; + return NULL; + } + + (void)arg; + return "value must be On or Off"; +} + +static const char *h2_conf_set_tls_warmup_size(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->tls_warmup_size = apr_atoi64(value); + (void)arg; + return NULL; +} +static const char *h2_conf_set_tls_cooldown_secs(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->tls_cooldown_secs = (int)apr_atoi64(value); + (void)arg; + return NULL; +} + + +#define AP_END_CMD AP_INIT_TAKE1(NULL, NULL, NULL, RSRC_CONF, NULL) const command_rec h2_cmds[] = { AP_INIT_TAKE1("H2MaxSessionStreams", h2_conf_set_max_streams, NULL, @@ -354,10 +455,20 @@ const command_rec h2_cmds[] = { RSRC_CONF, "set the maximum age (in seconds) that client can rely on alt-svc information"), AP_INIT_TAKE1("H2SerializeHeaders", h2_conf_set_serialize_headers, NULL, RSRC_CONF, "on to enable header serialization for compatibility"), + AP_INIT_TAKE1("H2ModernTLSOnly", h2_conf_set_modern_tls_only, NULL, + RSRC_CONF, "off to not impose RFC 7540 restrictions on TLS"), + AP_INIT_TAKE1("H2Upgrade", h2_conf_set_upgrade, NULL, + RSRC_CONF, "on to allow HTTP/1 Upgrades to h2/h2c"), AP_INIT_TAKE1("H2Direct", h2_conf_set_direct, NULL, RSRC_CONF, "on to enable direct HTTP/2 mode"), AP_INIT_TAKE1("H2SessionExtraFiles", h2_conf_set_session_extra_files, NULL, RSRC_CONF, "number of extra file a session might keep open"), + AP_INIT_TAKE1("H2TLSWarmUpSize", h2_conf_set_tls_warmup_size, NULL, + RSRC_CONF, "number of bytes on TLS connection before doing max writes"), + AP_INIT_TAKE1("H2TLSCoolDownSecs", h2_conf_set_tls_cooldown_secs, NULL, + RSRC_CONF, "seconds of idle time on TLS before shrinking writes"), + AP_INIT_TAKE1("H2Push", h2_conf_set_push, NULL, + RSRC_CONF, "off to disable HTTP/2 server push"), AP_END_CMD }; diff --git a/modules/http2/h2_config.h b/modules/http2/h2_config.h index 931af59d30..7d2ed0fa28 100644 --- a/modules/http2/h2_config.h +++ b/modules/http2/h2_config.h @@ -34,6 +34,11 @@ typedef enum { H2_CONF_SER_HEADERS, H2_CONF_DIRECT, H2_CONF_SESSION_FILES, + H2_CONF_MODERN_TLS_ONLY, + H2_CONF_UPGRADE, + H2_CONF_TLS_WARMUP_SIZE, + H2_CONF_TLS_COOLDOWN_SECS, + H2_CONF_PUSH, } h2_config_var_t; /* Apache httpd module configuration for h2. */ @@ -51,6 +56,11 @@ typedef struct h2_config { processing, better compatibility */ int h2_direct; /* if mod_h2 is active directly */ int session_extra_files; /* # of extra files a session may keep open */ + int modern_tls_only; /* Accept only modern TLS in HTTP/2 connections */ + int h2_upgrade; /* Allow HTTP/1 upgrade to h2/h2c */ + apr_int64_t tls_warmup_size; /* Amount of TLS data to send before going full write size */ + int tls_cooldown_secs; /* Seconds of idle time before going back to small TLS records */ + int h2_push; /* if HTTP/2 server push is enabled */ } h2_config; @@ -67,6 +77,7 @@ h2_config *h2_config_sget(server_rec *s); h2_config *h2_config_rget(request_rec *r); int h2_config_geti(h2_config *conf, h2_config_var_t var); +apr_int64_t h2_config_geti64(h2_config *conf, h2_config_var_t var); void h2_config_init(apr_pool_t *pool); diff --git a/modules/http2/h2_conn.c b/modules/http2/h2_conn.c index 8bffbc4269..d4f56c6630 100644 --- a/modules/http2/h2_conn.c +++ b/modules/http2/h2_conn.c @@ -32,6 +32,7 @@ #include "h2_session.h" #include "h2_stream.h" #include "h2_stream_set.h" +#include "h2_h2.h" #include "h2_task.h" #include "h2_worker.h" #include "h2_workers.h" @@ -39,11 +40,8 @@ static struct h2_workers *workers; -static apr_status_t h2_session_process(h2_session *session); - static h2_mpm_type_t mpm_type = H2_MPM_UNKNOWN; static module *mpm_module; -static module *ssl_module; static int checked; static void check_modules(void) @@ -64,9 +62,6 @@ static void check_modules(void) mpm_type = H2_MPM_PREFORK; mpm_module = m; } - else if (!strcmp("mod_ssl.c", m->name)) { - ssl_module = m; - } } checked = 1; } @@ -103,9 +98,6 @@ apr_status_t h2_conn_child_init(apr_pool_t *pool, server_rec *s) mpm_type = H2_MPM_PREFORK; mpm_module = m; } - else if (!strcmp("mod_ssl.c", m->name)) { - ssl_module = m; - } } if (minw <= 0) { @@ -139,228 +131,70 @@ static module *h2_conn_mpm_module(void) { return mpm_module; } -apr_status_t h2_conn_rprocess(request_rec *r) +apr_status_t h2_conn_process(conn_rec *c, request_rec *r) { - h2_config *config = h2_config_rget(r); + apr_status_t status; h2_session *session; + h2_config *config; + int rv; - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "h2_conn_process start"); if (!workers) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02911) + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02911) "workers not initialized"); return APR_EGENERAL; } - session = h2_session_rcreate(r, config, workers); - if (!session) { - return APR_EGENERAL; - } - - return h2_session_process(session); -} - -apr_status_t h2_conn_main(conn_rec *c) -{ - h2_config *config = h2_config_get(c); - h2_session *session; - apr_status_t status; + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "h2_conn_process start"); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "h2_conn_main start"); - if (!workers) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02912) - "workers not initialized"); - return APR_EGENERAL; + if (r) { + config = h2_config_rget(r); + session = h2_session_rcreate(r, config, workers); } - - session = h2_session_create(c, config, workers); - if (!session) { - return APR_EGENERAL; + else { + config = h2_config_get(c); + session = h2_session_create(c, config, workers); } - status = h2_session_process(session); - - /* Make sure this connection gets closed properly. */ - c->keepalive = AP_CONN_CLOSE; - if (c->cs) { - c->cs->state = CONN_STATE_WRITE_COMPLETION; - } + if (!h2_is_acceptable_connection(c, 1)) { + nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, 0, + NGHTTP2_INADEQUATE_SECURITY, NULL, 0); + } - return status; -} - -apr_status_t h2_session_process(h2_session *session) -{ - apr_status_t status = APR_SUCCESS; - int rv = 0; - apr_interval_time_t wait_micros = 0; - static const int MAX_WAIT_MICROS = 200 * 1000; - - /* Start talking to the client. Apart from protocol meta data, - * we mainly will see new http/2 streams opened by the client, which - * basically are http requests we need to dispatch. - * - * There will be bursts of new streams, to be served concurrently, - * followed by long pauses of no activity. - * - * Since the purpose of http/2 is to allow siumultaneous streams, we - * need to dispatch the handling of each stream into a separate worker - * thread, keeping this thread open for sending responses back as - * soon as they arrive. - * At the same time, we need to continue reading new frames from - * our client, which may be meta (WINDOWS_UPDATEs, PING, SETTINGS) or - * new streams. - * - * As long as we have streams open in this session, we cannot really rest - * since there are two conditions to wait on: 1. new data from the client, - * 2. new data from the open streams to send back. - * - * Only when we have no more streams open, can we do a blocking read - * on our connection. - * - * TODO: implement graceful GO_AWAY after configurable idle time - */ - - ap_update_child_status_from_conn(session->c->sbh, SERVER_BUSY_READ, - session->c); - - if (APLOGctrace2(session->c)) { - ap_filter_t *filter = session->c->input_filters; - while (filter) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, - "h2_conn(%ld), has connection filter %s", - session->id, filter->frec->name); - filter = filter->next; - } - } - + ap_update_child_status_from_conn(c->sbh, SERVER_BUSY_READ, c); status = h2_session_start(session, &rv); ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, "h2_session(%ld): starting on %s:%d", session->id, - session->c->base_server->defn_name, + session->c->base_server->server_hostname, session->c->local_addr->port); if (status != APR_SUCCESS) { h2_session_abort(session, status, rv); - h2_session_destroy(session); + h2_session_eoc_callback(session); return status; } - while (!h2_session_is_done(session)) { - int have_written = 0; - int have_read = 0; - int got_streams; - - status = h2_session_write(session, wait_micros); - if (status == APR_SUCCESS) { - have_written = 1; - wait_micros = 0; - } - else if (status == APR_EAGAIN) { - /* nop */ - } - else if (status == APR_TIMEUP) { - wait_micros *= 2; - if (wait_micros > MAX_WAIT_MICROS) { - wait_micros = MAX_WAIT_MICROS; - } - } - else { - ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, - "h2_session(%ld): writing, terminating", - session->id); - h2_session_abort(session, status, 0); - break; - } - - /* We would like to do blocking reads as often as possible as they - * are more efficient in regard to server resources. - * We can do them under the following circumstances: - * - we have no open streams and therefore have nothing to write - * - we have just started the session and are waiting for the first - * two frames to come in. There will always be at least 2 frames as - * * h2 will send SETTINGS and SETTINGS-ACK - * * h2c will count the header settings as one frame and we - * submit our settings and need the ACK. - */ - got_streams = !h2_stream_set_is_empty(session->streams); - status = h2_session_read(session, - (!got_streams - || session->frames_received <= 1)? - APR_BLOCK_READ : APR_NONBLOCK_READ); - switch (status) { - case APR_SUCCESS: /* successful read, reset our idle timers */ - have_read = 1; - wait_micros = 0; - break; - case APR_EAGAIN: /* non-blocking read, nothing there */ - break; - case APR_EBADF: /* connection is not there any more */ - case APR_EOF: - case APR_ECONNABORTED: - case APR_ECONNRESET: - case APR_TIMEUP: /* blocked read, timed out */ - ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, - "h2_session(%ld): reading", - session->id); - h2_session_abort(session, status, 0); - break; - default: - ap_log_cerror( APLOG_MARK, APLOG_INFO, status, session->c, - APLOGNO(02950) - "h2_session(%ld): error reading, terminating", - session->id); - h2_session_abort(session, status, 0); - break; - } - - if (!have_read && !have_written - && !h2_stream_set_is_empty(session->streams)) { - /* Nothing to read or write, we have streams, but - * the have no data yet ready to be delivered. Slowly - * back off to give others a chance to do their work. - */ - if (wait_micros == 0) { - wait_micros = 10; - } - } - } - + status = h2_session_process(session); + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, "h2_session(%ld): done", session->id); - - ap_update_child_status_from_conn(session->c->sbh, SERVER_CLOSING, - session->c); - h2_session_close(session); - h2_session_destroy(session); + h2_session_flush(session); + /* hereafter session might be gone */ - return DONE; + /* Make sure this connection gets closed properly. */ + ap_update_child_status_from_conn(c->sbh, SERVER_CLOSING, c); + c->keepalive = AP_CONN_CLOSE; + if (c->cs) { + c->cs->state = CONN_STATE_WRITE_COMPLETION; + } + + return status; } static void fix_event_conn(conn_rec *c, conn_rec *master); -/* - * We would like to create the connection more lightweight like - * slave connections in 2.5-DEV. But we get 500 responses on long - * cgi tests in modules/h2.t as the script parsing seems to see an - * EOF from the cgi before anything is sent. - * -conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *pool) -{ - conn_rec *c = (conn_rec *) apr_palloc(pool, sizeof(conn_rec)); - - memcpy(c, master, sizeof(conn_rec)); - c->id = (master->id & (long)pool); - c->slaves = NULL; - c->master = master; - c->input_filters = NULL; - c->output_filters = NULL; - c->pool = pool; - - return c; -} -*/ +static int SLAVE_CONN_25DEV_STYLE = 1; conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *pool) { @@ -368,39 +202,56 @@ conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *pool) conn_rec *c; AP_DEBUG_ASSERT(master); - - /* CAVEAT: it seems necessary to setup the conn_rec in the master - * connection thread. Other attempts crashed. - * HOWEVER: we setup the connection using the pools and other items - * from the master connection, since we do not want to allocate - * lots of resources here. - * Lets allocated pools and everything else when we actually start - * working on this new connection. - */ - /* Not sure about the scoreboard handle. Reusing the one from the main - * connection could make sense, is not really correct, but we cannot - * easily create new handles for our worker threads either. - * TODO - */ - socket = ap_get_module_config(master->conn_config, &core_module); - c = ap_run_create_connection(pool, master->base_server, - socket, - master->id^((long)pool), - master->sbh, - master->bucket_alloc); + + if (SLAVE_CONN_25DEV_STYLE) { + /* This is like the slave connection creation from 2.5-DEV. A + * very efficient way - not sure how compatible this is, since + * the core hooks are no longer run. + * But maybe it's is better this way, not sure yet. + */ + c = (conn_rec *) apr_palloc(pool, sizeof(conn_rec)); + + memcpy(c, master, sizeof(conn_rec)); + c->id = (master->id & (long)pool); + c->master = master; + c->input_filters = NULL; + c->output_filters = NULL; + c->pool = pool; + } + else { + /* CAVEAT: it seems necessary to setup the conn_rec in the master + * connection thread. Other attempts crashed. + * HOWEVER: we setup the connection using the pools and other items + * from the master connection, since we do not want to allocate + * lots of resources here. + * Lets allocated pools and everything else when we actually start + * working on this new connection. + */ + /* Not sure about the scoreboard handle. Reusing the one from the main + * connection could make sense, is not really correct, but we cannot + * easily create new handles for our worker threads either. + * TODO + */ + socket = ap_get_module_config(master->conn_config, &core_module); + c = ap_run_create_connection(pool, master->base_server, + socket, + master->id^((long)pool), + master->sbh, + master->bucket_alloc); + } if (c == NULL) { ap_log_perror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, pool, APLOGNO(02913) "h2_task: creating conn"); - return NULL; } return c; } -apr_status_t h2_conn_setup(h2_task_env *env, struct h2_worker *worker) +apr_status_t h2_conn_setup(h2_task *task, apr_bucket_alloc_t *bucket_alloc, + apr_thread_t *thread, apr_socket_t *socket) { - conn_rec *master = env->mplx->c; + conn_rec *master = task->mplx->c; - ap_log_perror(APLOG_MARK, APLOG_TRACE3, 0, env->pool, + ap_log_perror(APLOG_MARK, APLOG_TRACE3, 0, task->pool, "h2_conn(%ld): created from master", master->id); /* Ok, we are just about to start processing the connection and @@ -409,28 +260,17 @@ apr_status_t h2_conn_setup(h2_task_env *env, struct h2_worker *worker) * sub-resources from it, so that we get a nice reuse of * pools. */ - env->c.pool = env->pool; - env->c.bucket_alloc = h2_worker_get_bucket_alloc(worker); - env->c.current_thread = h2_worker_get_thread(worker); + task->c->pool = task->pool; + task->c->current_thread = thread; + task->c->bucket_alloc = bucket_alloc; - env->c.conn_config = ap_create_conn_config(env->pool); - env->c.notes = apr_table_make(env->pool, 5); + task->c->conn_config = ap_create_conn_config(task->pool); + task->c->notes = apr_table_make(task->pool, 5); - ap_set_module_config(env->c.conn_config, &core_module, - h2_worker_get_socket(worker)); + /* In order to do this in 2.4.x, we need to add a member to conn_rec */ + task->c->master = master; - /* If we serve http:// requests over a TLS connection, we do - * not want any mod_ssl vars to be visible. - */ - if (ssl_module && (!env->scheme || strcmp("http", env->scheme))) { - /* See #19, there is a range of SSL variables to be gotten from - * the main connection that should be available in request handlers - */ - void *sslcfg = ap_get_module_config(master->conn_config, ssl_module); - if (sslcfg) { - ap_set_module_config(env->c.conn_config, ssl_module, sslcfg); - } - } + ap_set_module_config(task->c->conn_config, &core_module, socket); /* This works for mpm_worker so far. Other mpm modules have * different needs, unfortunately. The most interesting one @@ -441,7 +281,7 @@ apr_status_t h2_conn_setup(h2_task_env *env, struct h2_worker *worker) /* all fine */ break; case H2_MPM_EVENT: - fix_event_conn(&env->c, master); + fix_event_conn(task->c, master); break; default: /* fingers crossed */ @@ -453,26 +293,7 @@ apr_status_t h2_conn_setup(h2_task_env *env, struct h2_worker *worker) * 400 Bad Request * when names do not match. We prefer a predictable 421 status. */ - env->c.keepalives = 1; - - return APR_SUCCESS; -} - -apr_status_t h2_conn_post(conn_rec *c, h2_worker *worker) -{ - (void)worker; - - /* be sure no one messes with this any more */ - memset(c, 0, sizeof(*c)); - return APR_SUCCESS; -} - -apr_status_t h2_conn_process(conn_rec *c, apr_socket_t *socket) -{ - AP_DEBUG_ASSERT(c); - - c->clogging_input_filters = 1; - ap_process_connection(c, socket); + task->c->keepalives = 1; return APR_SUCCESS; } diff --git a/modules/http2/h2_conn.h b/modules/http2/h2_conn.h index 49a70db850..84cf8d83c4 100644 --- a/modules/http2/h2_conn.h +++ b/modules/http2/h2_conn.h @@ -17,20 +17,16 @@ #define __mod_h2__h2_conn__ struct h2_task; -struct h2_task_env; -struct h2_worker; -/* Process the connection that is now starting the HTTP/2 - * conversation. Return when the HTTP/2 session is done - * and the connection will close. - */ -apr_status_t h2_conn_main(conn_rec *c); - -/* Process the request that has been upgraded to a HTTP/2 +/** + * Process the connection that is now starting the HTTP/2 * conversation. Return when the HTTP/2 session is done * and the connection will close. + * + * @param c the connection HTTP/2 is starting on + * @param r the upgrad requestion that still awaits an answer, optional */ -apr_status_t h2_conn_rprocess(request_rec *r); +apr_status_t h2_conn_process(conn_rec *c, request_rec *r); /* Initialize this child process for h2 connection work, * to be called once during child init before multi processing @@ -52,9 +48,7 @@ h2_mpm_type_t h2_conn_mpm_type(void); conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *stream_pool); -apr_status_t h2_conn_setup(struct h2_task_env *env, struct h2_worker *worker); -apr_status_t h2_conn_post(conn_rec *c, struct h2_worker *worker); - -apr_status_t h2_conn_process(conn_rec *c, apr_socket_t *socket); +apr_status_t h2_conn_setup(struct h2_task *task, apr_bucket_alloc_t *bucket_alloc, + apr_thread_t *thread, apr_socket_t *socket); #endif /* defined(__mod_h2__h2_conn__) */ diff --git a/modules/http2/h2_conn_io.c b/modules/http2/h2_conn_io.c index 08d00a4f3a..aa8d4d5802 100644 --- a/modules/http2/h2_conn_io.c +++ b/modules/http2/h2_conn_io.c @@ -28,31 +28,33 @@ #include "h2_h2.h" #include "h2_util.h" -#define WRITE_BUFFER_SIZE (64*1024) +#define TLS_DATA_MAX (16*1024) + +/* Calculated like this: assuming MTU 1500 bytes + * 1500 - 40 (IP) - 20 (TCP) - 40 (TCP options) + * - TLS overhead (60-100) + * ~= 1300 bytes */ #define WRITE_SIZE_INITIAL 1300 -#define WRITE_SIZE_MAX (16*1024) -#define WRITE_SIZE_IDLE_USEC (1*APR_USEC_PER_SEC) -#define WRITE_SIZE_THRESHOLD (1*1024*1024) +/* Calculated like this: max TLS record size 16*1024 + * - 40 (IP) - 20 (TCP) - 40 (TCP options) + * - TLS overhead (60-100) + * which seems to create less TCP packets overall + */ +#define WRITE_SIZE_MAX (TLS_DATA_MAX - 100) + +#define WRITE_BUFFER_SIZE (8*WRITE_SIZE_MAX) apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c) { - io->connection = c; - io->input = apr_brigade_create(c->pool, c->bucket_alloc); - io->output = apr_brigade_create(c->pool, c->bucket_alloc); - io->buflen = 0; - /* That is where we start with, - * see https://issues.apache.org/jira/browse/TS-2503 */ - io->write_size = WRITE_SIZE_INITIAL; - io->last_write = 0; - io->buffer_output = h2_h2_is_tls(c); - - /* Currently we buffer only for TLS output. The reason this gives - * improved performance is that buckets send to the mod_ssl network - * filter will be encrypted in chunks. There is a special filter - * that tries to aggregate data, but that does not work well when - * bucket sizes alternate between tiny frame headers and large data - * chunks. - */ + h2_config *cfg = h2_config_get(c); + + io->connection = c; + io->input = apr_brigade_create(c->pool, c->bucket_alloc); + io->output = apr_brigade_create(c->pool, c->bucket_alloc); + io->buflen = 0; + io->is_tls = h2_h2_is_tls(c); + io->buffer_output = io->is_tls; + if (io->buffer_output) { io->bufsize = WRITE_BUFFER_SIZE; io->buffer = apr_pcalloc(c->pool, io->bufsize); @@ -61,13 +63,33 @@ apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c) io->bufsize = 0; } + if (io->is_tls) { + /* That is where we start with, + * see https://issues.apache.org/jira/browse/TS-2503 */ + io->warmup_size = h2_config_geti64(cfg, H2_CONF_TLS_WARMUP_SIZE); + io->cooldown_usecs = (h2_config_geti(cfg, H2_CONF_TLS_COOLDOWN_SECS) + * APR_USEC_PER_SEC); + io->write_size = WRITE_SIZE_INITIAL; + } + else { + io->warmup_size = 0; + io->cooldown_usecs = 0; + io->write_size = io->bufsize; + } + + if (APLOGctrace1(c)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, + "h2_conn_io(%ld): init, buffering=%d, warmup_size=%ld, cd_secs=%f", + io->connection->id, io->buffer_output, (long)io->warmup_size, + ((float)io->cooldown_usecs/APR_USEC_PER_SEC)); + } + return APR_SUCCESS; } -void h2_conn_io_destroy(h2_conn_io *io) +int h2_conn_io_is_buffered(h2_conn_io *io) { - io->input = NULL; - io->output = NULL; + return io->bufsize > 0; } static apr_status_t h2_conn_io_bucket_read(h2_conn_io *io, @@ -159,7 +181,7 @@ apr_status_t h2_conn_io_read(h2_conn_io *io, status = ap_get_brigade(io->connection->input_filters, io->input, AP_MODE_READBYTES, - block, 16 * 4096); + block, 64 * 4096); switch (status) { case APR_SUCCESS: return h2_conn_io_bucket_read(io, block, on_read_cb, puser, &done); @@ -174,15 +196,22 @@ apr_status_t h2_conn_io_read(h2_conn_io *io, return status; } -static apr_status_t flush_out(apr_bucket_brigade *bb, void *ctx) +static apr_status_t pass_out(apr_bucket_brigade *bb, void *ctx) { h2_conn_io *io = (h2_conn_io*)ctx; apr_status_t status; apr_off_t bblen; + if (APR_BRIGADE_EMPTY(bb)) { + return APR_SUCCESS; + } + ap_update_child_status(io->connection->sbh, SERVER_BUSY_WRITE, NULL); - status = apr_brigade_length(bb, 1, &bblen); + status = apr_brigade_length(bb, 0, &bblen); if (status == APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, + "h2_conn_io(%ld): pass_out brigade %ld bytes", + io->connection->id, (long)bblen); status = ap_pass_brigade(io->connection->output_filters, bb); if (status == APR_SUCCESS) { io->bytes_written += (apr_size_t)bblen; @@ -193,14 +222,18 @@ static apr_status_t flush_out(apr_bucket_brigade *bb, void *ctx) return status; } +/* Bring the current buffer content into the output brigade, appropriately + * chunked. + */ static apr_status_t bucketeer_buffer(h2_conn_io *io) { const char *data = io->buffer; apr_size_t remaining = io->buflen; apr_bucket *b; int bcount, i; - if (io->write_size > WRITE_SIZE_INITIAL - && (apr_time_now() - io->last_write) >= WRITE_SIZE_IDLE_USEC) { + if (io->write_size > WRITE_SIZE_INITIAL + && (io->cooldown_usecs > 0) + && (apr_time_now() - io->last_write) >= io->cooldown_usecs) { /* long time not written, reset write size */ io->write_size = WRITE_SIZE_INITIAL; io->bytes_written = 0; @@ -209,7 +242,7 @@ static apr_status_t bucketeer_buffer(h2_conn_io *io) { (long)io->connection->id, (long)io->write_size); } else if (io->write_size < WRITE_SIZE_MAX - && io->bytes_written >= WRITE_SIZE_THRESHOLD) { + && io->bytes_written >= io->warmup_size) { /* connection is hot, use max size */ io->write_size = WRITE_SIZE_MAX; ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, @@ -238,16 +271,22 @@ apr_status_t h2_conn_io_write(h2_conn_io *io, const char *buf, size_t length) { apr_status_t status = APR_SUCCESS; - io->unflushed = 1; - if (io->buffer_output) { + io->unflushed = 1; + if (io->bufsize > 0) { ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, "h2_conn_io: buffering %ld bytes", (long)length); + + if (!APR_BRIGADE_EMPTY(io->output)) { + status = h2_conn_io_pass(io); + io->unflushed = 1; + } + while (length > 0 && (status == APR_SUCCESS)) { apr_size_t avail = io->bufsize - io->buflen; if (avail <= 0) { bucketeer_buffer(io); - status = flush_out(io->output, io); + status = pass_out(io->output, io); io->buflen = 0; } else if (length > avail) { @@ -266,47 +305,78 @@ apr_status_t h2_conn_io_write(h2_conn_io *io, } else { - status = apr_brigade_write(io->output, flush_out, io, buf, length); - if (status != APR_SUCCESS) { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, io->connection, - "h2_conn_io: write error"); - } + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, io->connection, + "h2_conn_io: writing %ld bytes to brigade", (long)length); + status = apr_brigade_write(io->output, pass_out, io, buf, length); } return status; } +apr_status_t h2_conn_io_writeb(h2_conn_io *io, apr_bucket *b) +{ + APR_BRIGADE_INSERT_TAIL(io->output, b); + io->unflushed = 1; + return APR_SUCCESS; +} -apr_status_t h2_conn_io_flush(h2_conn_io *io) +apr_status_t h2_conn_io_consider_flush(h2_conn_io *io) { + apr_status_t status = APR_SUCCESS; + + /* The HTTP/1.1 network output buffer/flush behaviour does not + * give optimal performance in the HTTP/2 case, as the pattern of + * buckets (data/eor/eos) is different. + * As long as we have not found out the "best" way to deal with + * this, force a flush at least every WRITE_BUFFER_SIZE amount + * of data. + */ if (io->unflushed) { - apr_status_t status; + apr_off_t len = 0; + if (!APR_BRIGADE_EMPTY(io->output)) { + apr_brigade_length(io->output, 0, &len); + } + len += io->buflen; + if (len >= WRITE_BUFFER_SIZE) { + return h2_conn_io_pass(io); + } + } + return status; +} + +static apr_status_t h2_conn_io_flush_int(h2_conn_io *io, int force) +{ + if (io->unflushed || force) { if (io->buflen > 0) { + /* something in the buffer, put it in the output brigade */ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, "h2_conn_io: flush, flushing %ld bytes", (long)io->buflen); bucketeer_buffer(io); io->buflen = 0; } - /* Append flush. - */ - APR_BRIGADE_INSERT_TAIL(io->output, - apr_bucket_flush_create(io->output->bucket_alloc)); - - /* Send it out through installed filters (TLS) to the client */ - status = flush_out(io->output, io); - if (status == APR_SUCCESS) { - /* These are all fine and no reason for concern. Everything else - * is interesting. */ - io->unflushed = 0; - } - else { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, io->connection, - "h2_conn_io: flush error"); + if (force) { + APR_BRIGADE_INSERT_TAIL(io->output, + apr_bucket_flush_create(io->output->bucket_alloc)); } - return status; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, + "h2_conn_io: flush"); + /* Send it out */ + io->unflushed = 0; + return pass_out(io->output, io); + /* no more access after this, as we might have flushed an EOC bucket + * that de-allocated us all. */ } return APR_SUCCESS; } +apr_status_t h2_conn_io_flush(h2_conn_io *io) +{ + return h2_conn_io_flush_int(io, 1); +} + +apr_status_t h2_conn_io_pass(h2_conn_io *io) +{ + return h2_conn_io_flush_int(io, 0); +} \ No newline at end of file diff --git a/modules/http2/h2_conn_io.h b/modules/http2/h2_conn_io.h index 084445ef2b..4406261a33 100644 --- a/modules/http2/h2_conn_io.h +++ b/modules/http2/h2_conn_io.h @@ -26,11 +26,16 @@ typedef struct { conn_rec *connection; apr_bucket_brigade *input; apr_bucket_brigade *output; - int buffer_output; - int write_size; + + int is_tls; + apr_time_t cooldown_usecs; + apr_int64_t warmup_size; + + apr_size_t write_size; apr_time_t last_write; - apr_size_t bytes_written; + apr_int64_t bytes_written; + int buffer_output; char *buffer; apr_size_t buflen; apr_size_t bufsize; @@ -38,7 +43,8 @@ typedef struct { } h2_conn_io; apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c); -void h2_conn_io_destroy(h2_conn_io *io); + +int h2_conn_io_is_buffered(h2_conn_io *io); typedef apr_status_t (*h2_conn_io_on_read_cb)(const char *data, apr_size_t len, apr_size_t *readlen, int *done, @@ -52,7 +58,12 @@ apr_status_t h2_conn_io_read(h2_conn_io *io, apr_status_t h2_conn_io_write(h2_conn_io *io, const char *buf, size_t length); + +apr_status_t h2_conn_io_writeb(h2_conn_io *io, apr_bucket *b); + +apr_status_t h2_conn_io_consider_flush(h2_conn_io *io); +apr_status_t h2_conn_io_pass(h2_conn_io *io); apr_status_t h2_conn_io_flush(h2_conn_io *io); #endif /* defined(__mod_h2__h2_conn_io__) */ diff --git a/modules/http2/h2_ctx.c b/modules/http2/h2_ctx.c index 422835c2df..08bdd8612d 100644 --- a/modules/http2/h2_ctx.c +++ b/modules/http2/h2_ctx.c @@ -32,11 +32,11 @@ static h2_ctx *h2_ctx_create(const conn_rec *c) return ctx; } -h2_ctx *h2_ctx_create_for(const conn_rec *c, h2_task_env *env) +h2_ctx *h2_ctx_create_for(const conn_rec *c, h2_task *task) { h2_ctx *ctx = h2_ctx_create(c); if (ctx) { - ctx->task_env = env; + ctx->task = task; } return ctx; } @@ -76,7 +76,7 @@ h2_ctx *h2_ctx_server_set(h2_ctx *ctx, server_rec *s) int h2_ctx_is_task(h2_ctx *ctx) { - return ctx && !!ctx->task_env; + return ctx && !!ctx->task; } int h2_ctx_is_active(h2_ctx *ctx) @@ -84,7 +84,7 @@ int h2_ctx_is_active(h2_ctx *ctx) return ctx && ctx->is_h2; } -struct h2_task_env *h2_ctx_get_task(h2_ctx *ctx) +struct h2_task *h2_ctx_get_task(h2_ctx *ctx) { - return ctx->task_env; + return ctx->task; } diff --git a/modules/http2/h2_ctx.h b/modules/http2/h2_ctx.h index 86c59206ed..e4bc7506ae 100644 --- a/modules/http2/h2_ctx.h +++ b/modules/http2/h2_ctx.h @@ -16,7 +16,7 @@ #ifndef __mod_h2__h2_ctx__ #define __mod_h2__h2_ctx__ -struct h2_task_env; +struct h2_task; struct h2_config; /** @@ -30,7 +30,7 @@ struct h2_config; typedef struct h2_ctx { int is_h2; /* h2 engine is used */ const char *protocol; /* the protocol negotiated */ - struct h2_task_env *task_env; /* the h2_task environment or NULL */ + struct h2_task *task; /* the h2_task executing or NULL */ const char *hostname; /* hostname negotiated via SNI, optional */ server_rec *server; /* httpd server config selected. */ struct h2_config *config; /* effective config in this context */ @@ -38,7 +38,7 @@ typedef struct h2_ctx { h2_ctx *h2_ctx_get(const conn_rec *c); h2_ctx *h2_ctx_rget(const request_rec *r); -h2_ctx *h2_ctx_create_for(const conn_rec *c, struct h2_task_env *env); +h2_ctx *h2_ctx_create_for(const conn_rec *c, struct h2_task *task); /* Set the h2 protocol established on this connection context or @@ -58,6 +58,6 @@ const char *h2_ctx_protocol_get(const conn_rec *c); int h2_ctx_is_task(h2_ctx *ctx); int h2_ctx_is_active(h2_ctx *ctx); -struct h2_task_env *h2_ctx_get_task(h2_ctx *ctx); +struct h2_task *h2_ctx_get_task(h2_ctx *ctx); #endif /* defined(__mod_h2__h2_ctx__) */ diff --git a/modules/http2/h2_from_h1.c b/modules/http2/h2_from_h1.c index be11f5c317..43a4f0822b 100644 --- a/modules/http2/h2_from_h1.c +++ b/modules/http2/h2_from_h1.c @@ -59,11 +59,6 @@ apr_status_t h2_from_h1_destroy(h2_from_h1 *from_h1) return APR_SUCCESS; } -h2_from_h1_state_t h2_from_h1_get_state(h2_from_h1 *from_h1) -{ - return from_h1->state; -} - static void set_state(h2_from_h1 *from_h1, h2_from_h1_state_t state) { if (from_h1->state != state) { @@ -78,16 +73,9 @@ h2_response *h2_from_h1_get_response(h2_from_h1 *from_h1) static apr_status_t make_h2_headers(h2_from_h1 *from_h1, request_rec *r) { - from_h1->response = h2_response_create(from_h1->stream_id, - from_h1->status, from_h1->hlines, - from_h1->pool); - if (from_h1->response == NULL) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EINVAL, r->connection, - APLOGNO(02915) - "h2_from_h1(%d): unable to create resp_head", - from_h1->stream_id); - return APR_EINVAL; - } + from_h1->response = h2_response_create(from_h1->stream_id, 0, + from_h1->http_status, from_h1->hlines, + from_h1->pool); from_h1->content_length = from_h1->response->content_length; from_h1->chunked = r->chunked; @@ -202,8 +190,7 @@ apr_status_t h2_from_h1_read_response(h2_from_h1 *from_h1, ap_filter_t* f, } if (from_h1->state == H2_RESP_ST_STATUS_LINE) { /* instead of parsing, just take it directly */ - from_h1->status = apr_psprintf(from_h1->pool, - "%d", f->r->status); + from_h1->http_status = f->r->status; from_h1->state = H2_RESP_ST_HEADERS; } else if (line[0] == '\0') { @@ -417,7 +404,7 @@ static h2_response *create_response(h2_from_h1 *from_h1, request_rec *r) } if (!apr_is_empty_array(r->content_languages)) { - int i; + unsigned int i; char *token; char **languages = (char **)(r->content_languages->elts); const char *field = apr_table_get(r->headers_out, "Content-Language"); @@ -492,8 +479,8 @@ static h2_response *create_response(h2_from_h1 *from_h1, request_rec *r) apr_status_t h2_response_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) { - h2_task_env *env = f->ctx; - h2_from_h1 *from_h1 = env->output? env->output->from_h1 : NULL; + h2_task *task = f->ctx; + h2_from_h1 *from_h1 = task->output? task->output->from_h1 : NULL; request_rec *r = f->r; apr_bucket *b; ap_bucket_error *eb = NULL; @@ -503,7 +490,7 @@ apr_status_t h2_response_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, "h2_from_h1(%d): output_filter called", from_h1->stream_id); - if (r->header_only && env->output && from_h1->response) { + if (r->header_only && task->output && from_h1->response) { /* throw away any data after we have compiled the response */ apr_brigade_cleanup(bb); return OK; diff --git a/modules/http2/h2_from_h1.h b/modules/http2/h2_from_h1.h index 115a314266..4f5ebad618 100644 --- a/modules/http2/h2_from_h1.h +++ b/modules/http2/h2_from_h1.h @@ -48,35 +48,25 @@ struct h2_from_h1 { apr_pool_t *pool; apr_bucket_brigade *bb; - apr_size_t content_length; + apr_off_t content_length; int chunked; - const char *status; + int http_status; apr_array_header_t *hlines; struct h2_response *response; }; -typedef void h2_from_h1_state_change_cb(struct h2_from_h1 *resp, - h2_from_h1_state_t prevstate, - void *cb_ctx); - h2_from_h1 *h2_from_h1_create(int stream_id, apr_pool_t *pool); apr_status_t h2_from_h1_destroy(h2_from_h1 *response); -void h2_from_h1_set_state_change_cb(h2_from_h1 *from_h1, - h2_from_h1_state_change_cb *callback, - void *cb_ctx); - apr_status_t h2_from_h1_read_response(h2_from_h1 *from_h1, ap_filter_t* f, apr_bucket_brigade* bb); struct h2_response *h2_from_h1_get_response(h2_from_h1 *from_h1); -h2_from_h1_state_t h2_from_h1_get_state(h2_from_h1 *from_h1); - apr_status_t h2_response_output_filter(ap_filter_t *f, apr_bucket_brigade *bb); #endif /* defined(__mod_h2__h2_from_h1__) */ diff --git a/modules/http2/h2_h2.c b/modules/http2/h2_h2.c index 221f5118df..54fe9e0fa0 100644 --- a/modules/http2/h2_h2.c +++ b/modules/http2/h2_h2.c @@ -53,6 +53,383 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec*)); static int (*opt_ssl_engine_disable)(conn_rec*); static int (*opt_ssl_is_https)(conn_rec*); +/******************************************************************************* + * SSL var lookup + */ +APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, + (apr_pool_t *, server_rec *, + conn_rec *, request_rec *, + char *)); +static char *(*opt_ssl_var_lookup)(apr_pool_t *, server_rec *, + conn_rec *, request_rec *, + char *); + + +/******************************************************************************* + * HTTP/2 error stuff + */ +static const char *h2_err_descr[] = { + "no error", /* 0x0 */ + "protocol error", + "internal error", + "flow control error", + "settings timeout", + "stream closed", /* 0x5 */ + "frame size error", + "refused stream", + "cancel", + "compression error", + "connect error", /* 0xa */ + "enhance your calm", + "inadequate security", + "http/1.1 required", +}; + +const char *h2_h2_err_description(unsigned int h2_error) +{ + if (h2_error < (sizeof(h2_err_descr)/sizeof(h2_err_descr[0]))) { + return h2_err_descr[h2_error]; + } + return "unknown http/2 errotr code"; +} + +/******************************************************************************* + * Check connection security requirements of RFC 7540 + */ + +/* + * Black Listed Ciphers from RFC 7549 Appendix A + * + */ +static const char *RFC7540_names[] = { + /* ciphers with NULL encrpytion */ + "NULL-MD5", /* TLS_NULL_WITH_NULL_NULL */ + /* same */ /* TLS_RSA_WITH_NULL_MD5 */ + "NULL-SHA", /* TLS_RSA_WITH_NULL_SHA */ + "NULL-SHA256", /* TLS_RSA_WITH_NULL_SHA256 */ + "PSK-NULL-SHA", /* TLS_PSK_WITH_NULL_SHA */ + "DHE-PSK-NULL-SHA", /* TLS_DHE_PSK_WITH_NULL_SHA */ + "RSA-PSK-NULL-SHA", /* TLS_RSA_PSK_WITH_NULL_SHA */ + "PSK-NULL-SHA256", /* TLS_PSK_WITH_NULL_SHA256 */ + "PSK-NULL-SHA384", /* TLS_PSK_WITH_NULL_SHA384 */ + "DHE-PSK-NULL-SHA256", /* TLS_DHE_PSK_WITH_NULL_SHA256 */ + "DHE-PSK-NULL-SHA384", /* TLS_DHE_PSK_WITH_NULL_SHA384 */ + "RSA-PSK-NULL-SHA256", /* TLS_RSA_PSK_WITH_NULL_SHA256 */ + "RSA-PSK-NULL-SHA384", /* TLS_RSA_PSK_WITH_NULL_SHA384 */ + "ECDH-ECDSA-NULL-SHA", /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ + "ECDHE-ECDSA-NULL-SHA", /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ + "ECDH-RSA-NULL-SHA", /* TLS_ECDH_RSA_WITH_NULL_SHA */ + "ECDHE-RSA-NULL-SHA", /* TLS_ECDHE_RSA_WITH_NULL_SHA */ + "AECDH-NULL-SHA", /* TLS_ECDH_anon_WITH_NULL_SHA */ + "ECDHE-PSK-NULL-SHA", /* TLS_ECDHE_PSK_WITH_NULL_SHA */ + "ECDHE-PSK-NULL-SHA256", /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ + "ECDHE-PSK-NULL-SHA384", /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */ + + /* DES/3DES ciphers */ + "PSK-3DES-EDE-CBC-SHA", /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */ + "DHE-PSK-3DES-EDE-CBC-SHA", /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */ + "RSA-PSK-3DES-EDE-CBC-SHA", /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */ + "ECDH-ECDSA-DES-CBC3-SHA", /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ + "ECDHE-ECDSA-DES-CBC3-SHA", /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ + "ECDH-RSA-DES-CBC3-SHA", /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ + "ECDHE-RSA-DES-CBC3-SHA", /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ + "AECDH-DES-CBC3-SHA", /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ + "SRP-3DES-EDE-CBC-SHA", /* TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA */ + "SRP-RSA-3DES-EDE-CBC-SHA", /* TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA */ + "SRP-DSS-3DES-EDE-CBC-SHA", /* TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA */ + "ECDHE-PSK-3DES-EDE-CBC-SHA", /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */ + "DES-CBC-SHA", /* TLS_RSA_WITH_DES_CBC_SHA */ + "DES-CBC3-SHA", /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ + "DHE-DSS-DES-CBC3-SHA", /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ + "DHE-RSA-DES-CBC-SHA", /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ + "DHE-RSA-DES-CBC3-SHA", /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ + "ADH-DES-CBC-SHA", /* TLS_DH_anon_WITH_DES_CBC_SHA */ + "ADH-DES-CBC3-SHA", /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ + "EXP-DH-DSS-DES-CBC-SHA", /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ + "DH-DSS-DES-CBC-SHA", /* TLS_DH_DSS_WITH_DES_CBC_SHA */ + "DH-DSS-DES-CBC3-SHA", /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ + "EXP-DH-RSA-DES-CBC-SHA", /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ + "DH-RSA-DES-CBC-SHA", /* TLS_DH_RSA_WITH_DES_CBC_SHA */ + "DH-RSA-DES-CBC3-SHA", /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ + + /* blacklisted EXPORT ciphers */ + "EXP-RC4-MD5", /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ + "EXP-RC2-CBC-MD5", /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ + "EXP-DES-CBC-SHA", /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ + "EXP-DHE-DSS-DES-CBC-SHA", /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ + "EXP-DHE-RSA-DES-CBC-SHA", /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ + "EXP-ADH-DES-CBC-SHA", /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ + "EXP-ADH-RC4-MD5", /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ + + /* blacklisted RC4 encryption */ + "RC4-MD5", /* TLS_RSA_WITH_RC4_128_MD5 */ + "RC4-SHA", /* TLS_RSA_WITH_RC4_128_SHA */ + "ADH-RC4-MD5", /* TLS_DH_anon_WITH_RC4_128_MD5 */ + "KRB5-RC4-SHA", /* TLS_KRB5_WITH_RC4_128_SHA */ + "KRB5-RC4-MD5", /* TLS_KRB5_WITH_RC4_128_MD5 */ + "EXP-KRB5-RC4-SHA", /* TLS_KRB5_EXPORT_WITH_RC4_40_SHA */ + "EXP-KRB5-RC4-MD5", /* TLS_KRB5_EXPORT_WITH_RC4_40_MD5 */ + "PSK-RC4-SHA", /* TLS_PSK_WITH_RC4_128_SHA */ + "DHE-PSK-RC4-SHA", /* TLS_DHE_PSK_WITH_RC4_128_SHA */ + "RSA-PSK-RC4-SHA", /* TLS_RSA_PSK_WITH_RC4_128_SHA */ + "ECDH-ECDSA-RC4-SHA", /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ + "ECDHE-ECDSA-RC4-SHA", /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ + "ECDH-RSA-RC4-SHA", /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ + "ECDHE-RSA-RC4-SHA", /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ + "AECDH-RC4-SHA", /* TLS_ECDH_anon_WITH_RC4_128_SHA */ + "ECDHE-PSK-RC4-SHA", /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */ + + /* blacklisted AES128 encrpytion ciphers */ + "AES128-SHA256", /* TLS_RSA_WITH_AES_128_CBC_SHA */ + "DH-DSS-AES128-SHA", /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ + "DH-RSA-AES128-SHA", /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ + "DHE-DSS-AES128-SHA", /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ + "DHE-RSA-AES128-SHA", /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ + "ADH-AES128-SHA", /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ + "AES128-SHA256", /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ + "DH-DSS-AES128-SHA256", /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ + "DH-RSA-AES128-SHA256", /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ + "DHE-DSS-AES128-SHA256", /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ + "DHE-RSA-AES128-SHA256", /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ + "ECDH-ECDSA-AES128-SHA", /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ + "ECDHE-ECDSA-AES128-SHA", /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ + "ECDH-RSA-AES128-SHA", /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ + "ECDHE-RSA-AES128-SHA", /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ + "AECDH-AES128-SHA", /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ + "ECDHE-ECDSA-AES128-SHA256", /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ + "ECDH-ECDSA-AES128-SHA256", /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ + "ECDHE-RSA-AES128-SHA256", /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ + "ECDH-RSA-AES128-SHA256", /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ + "ADH-AES128-SHA256", /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ + "PSK-AES128-CBC-SHA", /* TLS_PSK_WITH_AES_128_CBC_SHA */ + "DHE-PSK-AES128-CBC-SHA", /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ + "RSA-PSK-AES128-CBC-SHA", /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */ + "PSK-AES128-CBC-SHA256", /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ + "DHE-PSK-AES128-CBC-SHA256", /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ + "RSA-PSK-AES128-CBC-SHA256", /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */ + "ECDHE-PSK-AES128-CBC-SHA", /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */ + "ECDHE-PSK-AES128-CBC-SHA256", /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ + "AES128-CCM", /* TLS_RSA_WITH_AES_128_CCM */ + "AES128-CCM8", /* TLS_RSA_WITH_AES_128_CCM_8 */ + "PSK-AES128-CCM", /* TLS_PSK_WITH_AES_128_CCM */ + "PSK-AES128-CCM8", /* TLS_PSK_WITH_AES_128_CCM_8 */ + "AES128-GCM-SHA256", /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ + "DH-RSA-AES128-GCM-SHA256", /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */ + "DH-DSS-AES128-GCM-SHA256", /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */ + "ADH-AES128-GCM-SHA256", /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ + "PSK-AES128-GCM-SHA256", /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ + "RSA-PSK-AES128-GCM-SHA256", /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */ + "ECDH-ECDSA-AES128-GCM-SHA256", /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ + "ECDH-RSA-AES128-GCM-SHA256", /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ + "SRP-AES-128-CBC-SHA", /* TLS_SRP_SHA_WITH_AES_128_CBC_SHA */ + "SRP-RSA-AES-128-CBC-SHA", /* TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA */ + "SRP-DSS-AES-128-CBC-SHA", /* TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA */ + + /* blacklisted AES256 encrpytion ciphers */ + "AES256-SHA", /* TLS_RSA_WITH_AES_256_CBC_SHA */ + "DH-DSS-AES256-SHA", /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ + "DH-RSA-AES256-SHA", /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ + "DHE-DSS-AES256-SHA", /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ + "DHE-RSA-AES256-SHA", /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ + "ADH-AES256-SHA", /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ + "AES256-SHA256", /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ + "DH-DSS-AES256-SHA256", /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ + "DH-RSA-AES256-SHA256", /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ + "DHE-DSS-AES256-SHA256", /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ + "DHE-RSA-AES256-SHA256", /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ + "ADH-AES256-SHA256", /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ + "ECDH-ECDSA-AES256-SHA", /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ + "ECDHE-ECDSA-AES256-SHA", /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ + "ECDH-RSA-AES256-SHA", /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ + "ECDHE-RSA-AES256-SHA", /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ + "AECDH-AES256-SHA", /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ + "ECDHE-ECDSA-AES256-SHA384", /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ + "ECDH-ECDSA-AES256-SHA384", /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ + "ECDHE-RSA-AES256-SHA384", /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ + "ECDH-RSA-AES256-SHA384", /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ + "PSK-AES256-CBC-SHA", /* TLS_PSK_WITH_AES_256_CBC_SHA */ + "DHE-PSK-AES256-CBC-SHA", /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ + "RSA-PSK-AES256-CBC-SHA", /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */ + "PSK-AES256-CBC-SHA384", /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ + "DHE-PSK-AES256-CBC-SHA384", /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ + "RSA-PSK-AES256-CBC-SHA384", /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */ + "ECDHE-PSK-AES256-CBC-SHA", /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */ + "ECDHE-PSK-AES256-CBC-SHA384", /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */ + "SRP-AES-256-CBC-SHA", /* TLS_SRP_SHA_WITH_AES_256_CBC_SHA */ + "SRP-RSA-AES-256-CBC-SHA", /* TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA */ + "SRP-DSS-AES-256-CBC-SHA", /* TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA */ + "AES256-CCM", /* TLS_RSA_WITH_AES_256_CCM */ + "AES256-CCM8", /* TLS_RSA_WITH_AES_256_CCM_8 */ + "PSK-AES256-CCM", /* TLS_PSK_WITH_AES_256_CCM */ + "PSK-AES256-CCM8", /* TLS_PSK_WITH_AES_256_CCM_8 */ + "AES256-GCM-SHA384", /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ + "DH-RSA-AES256-GCM-SHA384", /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */ + "DH-DSS-AES256-GCM-SHA384", /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */ + "ADH-AES256-GCM-SHA384", /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ + "PSK-AES256-GCM-SHA384", /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ + "RSA-PSK-AES256-GCM-SHA384", /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */ + "ECDH-ECDSA-AES256-GCM-SHA384", /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ + "ECDH-RSA-AES256-GCM-SHA384", /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ + + /* blacklisted CAMELLIA128 encrpytion ciphers */ + "CAMELLIA128-SHA", /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ + "DH-DSS-CAMELLIA128-SHA", /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */ + "DH-RSA-CAMELLIA128-SHA", /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */ + "DHE-DSS-CAMELLIA128-SHA", /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */ + "DHE-RSA-CAMELLIA128-SHA", /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ + "ADH-CAMELLIA128-SHA", /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ + "ECDHE-ECDSA-CAMELLIA128-SHA256", /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "ECDH-ECDSA-CAMELLIA128-SHA256", /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "ECDHE-RSA-CAMELLIA128-SHA256", /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "ECDH-RSA-CAMELLIA128-SHA256", /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "PSK-CAMELLIA128-SHA256", /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ + "DHE-PSK-CAMELLIA128-SHA256", /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ + "RSA-PSK-CAMELLIA128-SHA256", /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ + "ECDHE-PSK-CAMELLIA128-SHA256", /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ + "CAMELLIA128-GCM-SHA256", /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ + "DH-RSA-CAMELLIA128-GCM-SHA256", /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ + "DH-DSS-CAMELLIA128-GCM-SHA256", /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ + "ADH-CAMELLIA128-GCM-SHA256", /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */ + "ECDH-ECDSA-CAMELLIA128-GCM-SHA256",/* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ + "ECDH-RSA-CAMELLIA128-GCM-SHA256", /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ + "PSK-CAMELLIA128-GCM-SHA256", /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ + "RSA-PSK-CAMELLIA128-GCM-SHA256", /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ + "CAMELLIA128-SHA256", /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "DH-DSS-CAMELLIA128-SHA256", /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ + "DH-RSA-CAMELLIA128-SHA256", /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "DHE-DSS-CAMELLIA128-SHA256", /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ + "DHE-RSA-CAMELLIA128-SHA256", /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ + "ADH-CAMELLIA128-SHA256", /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */ + + /* blacklisted CAMELLIA256 encrpytion ciphers */ + "CAMELLIA256-SHA", /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ + "DH-RSA-CAMELLIA256-SHA", /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */ + "DH-DSS-CAMELLIA256-SHA", /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */ + "DHE-DSS-CAMELLIA256-SHA", /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ + "DHE-RSA-CAMELLIA256-SHA", /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ + "ADH-CAMELLIA256-SHA", /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ + "ECDHE-ECDSA-CAMELLIA256-SHA384", /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ + "ECDH-ECDSA-CAMELLIA256-SHA384", /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ + "ECDHE-RSA-CAMELLIA256-SHA384", /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ + "ECDH-RSA-CAMELLIA256-SHA384", /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ + "PSK-CAMELLIA256-SHA384", /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ + "DHE-PSK-CAMELLIA256-SHA384", /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ + "RSA-PSK-CAMELLIA256-SHA384", /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ + "ECDHE-PSK-CAMELLIA256-SHA384", /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ + "CAMELLIA256-SHA256", /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ + "DH-DSS-CAMELLIA256-SHA256", /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ + "DH-RSA-CAMELLIA256-SHA256", /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ + "DHE-DSS-CAMELLIA256-SHA256", /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ + "DHE-RSA-CAMELLIA256-SHA256", /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ + "ADH-CAMELLIA256-SHA256", /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */ + "CAMELLIA256-GCM-SHA384", /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ + "DH-RSA-CAMELLIA256-GCM-SHA384", /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ + "DH-DSS-CAMELLIA256-GCM-SHA384", /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ + "ADH-CAMELLIA256-GCM-SHA384", /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */ + "ECDH-ECDSA-CAMELLIA256-GCM-SHA384",/* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ + "ECDH-RSA-CAMELLIA256-GCM-SHA384", /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ + "PSK-CAMELLIA256-GCM-SHA384", /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ + "RSA-PSK-CAMELLIA256-GCM-SHA384", /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ + + /* The blacklisted ARIA encrpytion ciphers */ + "ARIA128-SHA256", /* TLS_RSA_WITH_ARIA_128_CBC_SHA256 */ + "ARIA256-SHA384", /* TLS_RSA_WITH_ARIA_256_CBC_SHA384 */ + "DH-DSS-ARIA128-SHA256", /* TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 */ + "DH-DSS-ARIA256-SHA384", /* TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 */ + "DH-RSA-ARIA128-SHA256", /* TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 */ + "DH-RSA-ARIA256-SHA384", /* TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 */ + "DHE-DSS-ARIA128-SHA256", /* TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 */ + "DHE-DSS-ARIA256-SHA384", /* TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 */ + "DHE-RSA-ARIA128-SHA256", /* TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 */ + "DHE-RSA-ARIA256-SHA384", /* TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 */ + "ADH-ARIA128-SHA256", /* TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 */ + "ADH-ARIA256-SHA384", /* TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 */ + "ECDHE-ECDSA-ARIA128-SHA256", /* TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 */ + "ECDHE-ECDSA-ARIA256-SHA384", /* TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 */ + "ECDH-ECDSA-ARIA128-SHA256", /* TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 */ + "ECDH-ECDSA-ARIA256-SHA384", /* TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 */ + "ECDHE-RSA-ARIA128-SHA256", /* TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 */ + "ECDHE-RSA-ARIA256-SHA384", /* TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 */ + "ECDH-RSA-ARIA128-SHA256", /* TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 */ + "ECDH-RSA-ARIA256-SHA384", /* TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 */ + "ARIA128-GCM-SHA256", /* TLS_RSA_WITH_ARIA_128_GCM_SHA256 */ + "ARIA256-GCM-SHA384", /* TLS_RSA_WITH_ARIA_256_GCM_SHA384 */ + "DH-DSS-ARIA128-GCM-SHA256", /* TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 */ + "DH-DSS-ARIA256-GCM-SHA384", /* TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 */ + "DH-RSA-ARIA128-GCM-SHA256", /* TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 */ + "DH-RSA-ARIA256-GCM-SHA384", /* TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 */ + "ADH-ARIA128-GCM-SHA256", /* TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 */ + "ADH-ARIA256-GCM-SHA384", /* TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 */ + "ECDH-ECDSA-ARIA128-GCM-SHA256", /* TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 */ + "ECDH-ECDSA-ARIA256-GCM-SHA384", /* TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 */ + "ECDH-RSA-ARIA128-GCM-SHA256", /* TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 */ + "ECDH-RSA-ARIA256-GCM-SHA384", /* TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 */ + "PSK-ARIA128-SHA256", /* TLS_PSK_WITH_ARIA_128_CBC_SHA256 */ + "PSK-ARIA256-SHA384", /* TLS_PSK_WITH_ARIA_256_CBC_SHA384 */ + "DHE-PSK-ARIA128-SHA256", /* TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 */ + "DHE-PSK-ARIA256-SHA384", /* TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 */ + "RSA-PSK-ARIA128-SHA256", /* TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 */ + "RSA-PSK-ARIA256-SHA384", /* TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 */ + "ARIA128-GCM-SHA256", /* TLS_PSK_WITH_ARIA_128_GCM_SHA256 */ + "ARIA256-GCM-SHA384", /* TLS_PSK_WITH_ARIA_256_GCM_SHA384 */ + "RSA-PSK-ARIA128-GCM-SHA256", /* TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 */ + "RSA-PSK-ARIA256-GCM-SHA384", /* TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 */ + "ECDHE-PSK-ARIA128-SHA256", /* TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 */ + "ECDHE-PSK-ARIA256-SHA384", /* TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 */ + + /* blacklisted SEED encryptions */ + "SEED-SHA", /*TLS_RSA_WITH_SEED_CBC_SHA */ + "DH-DSS-SEED-SHA", /* TLS_DH_DSS_WITH_SEED_CBC_SHA */ + "DH-RSA-SEED-SHA", /* TLS_DH_RSA_WITH_SEED_CBC_SHA */ + "DHE-DSS-SEED-SHA", /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */ + "DHE-RSA-SEED-SHA", /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */ + "ADH-SEED-SHA", /* TLS_DH_anon_WITH_SEED_CBC_SHA */ + + /* blacklisted KRB5 ciphers */ + "KRB5-DES-CBC-SHA", /* TLS_KRB5_WITH_DES_CBC_SHA */ + "KRB5-DES-CBC3-SHA", /* TLS_KRB5_WITH_3DES_EDE_CBC_SHA */ + "KRB5-IDEA-CBC-SHA", /* TLS_KRB5_WITH_IDEA_CBC_SHA */ + "KRB5-DES-CBC-MD5", /* TLS_KRB5_WITH_DES_CBC_MD5 */ + "KRB5-DES-CBC3-MD5", /* TLS_KRB5_WITH_3DES_EDE_CBC_MD5 */ + "KRB5-IDEA-CBC-MD5", /* TLS_KRB5_WITH_IDEA_CBC_MD5 */ + "EXP-KRB5-DES-CBC-SHA", /* TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA */ + "EXP-KRB5-DES-CBC-MD5", /* TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 */ + "EXP-KRB5-RC2-CBC-SHA", /* TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA */ + "EXP-KRB5-RC2-CBC-MD5", /* TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 */ + + /* blacklisted exoticas */ + "DHE-DSS-CBC-SHA", /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ + "IDEA-CBC-SHA", /* TLS_RSA_WITH_IDEA_CBC_SHA */ + + /* not really sure if the following names are correct */ + "SSL3_CK_SCSV", /* TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ + "SSL3_CK_FALLBACK_SCSV" +}; +static size_t RFC7540_names_LEN = sizeof(RFC7540_names)/sizeof(RFC7540_names[0]); + + +static apr_hash_t *BLCNames; + +static void cipher_init(apr_pool_t *pool) +{ + apr_hash_t *hash = apr_hash_make(pool); + const char *source; + unsigned int i; + + source = "rfc7540"; + for (i = 0; i < RFC7540_names_LEN; ++i) { + apr_hash_set(hash, RFC7540_names[i], APR_HASH_KEY_STRING, source); + } + + BLCNames = hash; +} + +static int cipher_is_blacklisted(const char *cipher, const char **psource) +{ + *psource = apr_hash_get(BLCNames, cipher, APR_HASH_KEY_STRING); + return !!*psource; +} + /******************************************************************************* * Hooks for processing incoming connections: * - pre_conn_before_tls switches SSL off for stream connections @@ -72,12 +449,15 @@ apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "h2_h2, child_init"); opt_ssl_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable); opt_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); + opt_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); - if (!opt_ssl_is_https) { + if (!opt_ssl_is_https || !opt_ssl_var_lookup) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02951) "mod_ssl does not seem to be enabled"); } + cipher_init(pool); + return APR_SUCCESS; } @@ -86,18 +466,95 @@ int h2_h2_is_tls(conn_rec *c) return opt_ssl_is_https && opt_ssl_is_https(c); } -int h2_tls_disable(conn_rec *c) +int h2_is_acceptable_connection(conn_rec *c, int require_all) { - if (opt_ssl_engine_disable) { - return opt_ssl_engine_disable(c); + int is_tls = h2_h2_is_tls(c); + h2_config *cfg = h2_config_get(c); + + if (is_tls && h2_config_geti(cfg, H2_CONF_MODERN_TLS_ONLY) > 0) { + /* Check TLS connection for modern TLS parameters, as defined in + * RFC 7540 and https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + */ + apr_pool_t *pool = c->pool; + server_rec *s = c->base_server; + char *val; + + if (!opt_ssl_var_lookup) { + /* unable to check */ + return 0; + } + + /* Need Tlsv1.2 or higher, rfc 7540, ch. 9.2 + */ + val = opt_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_PROTOCOL"); + if (val && *val) { + if (strncmp("TLS", val, 3) + || !strcmp("TLSv1", val) + || !strcmp("TLSv1.1", val)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "h2_h2(%ld): tls protocol not suitable: %s", + (long)c->id, val); + return 0; + } + } + else if (require_all) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "h2_h2(%ld): tls protocol is indetermined", (long)c->id); + return 0; + } + + /* Check TLS cipher blacklist + */ + val = opt_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_CIPHER"); + if (val && *val) { + const char *source; + if (cipher_is_blacklisted(val, &source)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "h2_h2(%ld): tls cipher %s blacklisted by %s", + (long)c->id, val, source); + return 0; + } + } + else if (require_all) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "h2_h2(%ld): tls cipher is indetermined", (long)c->id); + return 0; + } } - return 0; + return 1; +} + +int h2_allows_h2_direct(conn_rec *c) +{ + h2_config *cfg = h2_config_get(c); + int h2_direct = h2_config_geti(cfg, H2_CONF_DIRECT); + + if (h2_direct < 0) { + if (h2_h2_is_tls(c)) { + /* disabled by default on TLS */ + h2_direct = 0; + } + else { + /* enabled if "Protocols h2c" is configured */ + h2_direct = ap_is_allowed_protocol(c, NULL, NULL, "h2c"); + } + } + return !!h2_direct; +} + +int h2_allows_h2_upgrade(conn_rec *c) +{ + h2_config *cfg = h2_config_get(c); + int h2_upgrade = h2_config_geti(cfg, H2_CONF_UPGRADE); + + return h2_upgrade > 0 || (h2_upgrade < 0 && !h2_h2_is_tls(c)); } /******************************************************************************* * Register various hooks */ static const char *const mod_reqtimeout[] = { "reqtimeout.c", NULL}; +static const char* const mod_ssl[] = {"mod_ssl.c", NULL}; void h2_h2_register_hooks(void) { @@ -105,7 +562,8 @@ void h2_h2_register_hooks(void) * take over, if h2* was selected as protocol. */ ap_hook_process_connection(h2_h2_process_conn, - NULL, NULL, APR_HOOK_FIRST); + mod_ssl, NULL, APR_HOOK_MIDDLE); + /* Perform connection cleanup before the actual processing happens. */ ap_hook_process_connection(h2_h2_remove_timeout, @@ -119,7 +577,7 @@ void h2_h2_register_hooks(void) ap_hook_post_read_request(h2_h2_post_read_req, NULL, NULL, APR_HOOK_REALLY_FIRST); } -int h2_h2_remove_timeout(conn_rec* c) +static int h2_h2_remove_timeout(conn_rec* c) { h2_ctx *ctx = h2_ctx_get(c); @@ -134,9 +592,6 @@ int h2_h2_remove_timeout(conn_rec* c) int h2_h2_process_conn(conn_rec* c) { h2_ctx *ctx = h2_ctx_get(c); - h2_config *cfg = h2_config_get(c); - apr_bucket_brigade* temp; - int is_tls = h2_h2_is_tls(c); ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "h2_h2, process_conn"); if (h2_ctx_is_task(ctx)) { @@ -144,53 +599,50 @@ int h2_h2_process_conn(conn_rec* c) return DECLINED; } - /* If we have not already switched to a h2* protocol and the connection - * is on "http/1.1" - * -> sniff for the magic PRIamble. On TLS, this might trigger the ALPN. - */ - if (!h2_ctx_protocol_get(c) - && !strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { + if (h2_ctx_protocol_get(c)) { + /* Something has been negotiated */ + } + else if (!strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c)) + && h2_allows_h2_direct(c) + && h2_is_acceptable_connection(c, 1)) { + /* connection still is on http/1.1 and H2Direct is enabled. + * Otherwise connection is in a fully acceptable state. + * -> peek at the first 24 incoming bytes + */ + apr_bucket_brigade *temp; apr_status_t status; + char *s = NULL; + apr_size_t slen; temp = apr_brigade_create(c->pool, c->bucket_alloc); status = ap_get_brigade(c->input_filters, temp, AP_MODE_SPECULATIVE, APR_BLOCK_READ, 24); - - if (status == APR_SUCCESS) { - if (h2_ctx_protocol_get(c) - || strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { - /* h2 or another protocol has been selected. */ - } - else { - /* ALPN might have been triggered, but we're still on - * http/1.1. Check the actual bytes read for the H2 Magic - * Token, *if* H2Direct mode is enabled here. - */ - int direct_mode = h2_config_geti(cfg, H2_CONF_DIRECT); - if (direct_mode > 0 || (direct_mode < 0 && !is_tls)) { - char *s = NULL; - apr_size_t slen; - - apr_brigade_pflatten(temp, &s, &slen, c->pool); - if ((slen >= 24) && !memcmp(H2_MAGIC_TOKEN, s, 24)) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, - "h2_h2, direct mode detected"); - h2_ctx_protocol_set(ctx, is_tls? "h2" : "h2c"); - } - else { - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, - "h2_h2, not detected in %d bytes: %s", - (int)slen, s); - } - } - } - } - else { + + if (status != APR_SUCCESS) { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, c, "h2_h2, error reading 24 bytes speculative"); + apr_brigade_destroy(temp); + return DECLINED; + } + + apr_brigade_pflatten(temp, &s, &slen, c->pool); + if ((slen >= 24) && !memcmp(H2_MAGIC_TOKEN, s, 24)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, + "h2_h2, direct mode detected"); + h2_ctx_protocol_set(ctx, h2_h2_is_tls(c)? "h2" : "h2c"); } + else { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, + "h2_h2, not detected in %d bytes: %s", + (int)slen, s); + } + apr_brigade_destroy(temp); } + else { + /* the connection is not HTTP/1.1 or not for us, don't touch it */ + return DECLINED; + } /* If "h2" was selected as protocol (by whatever mechanism), take over * the connection. @@ -199,7 +651,7 @@ int h2_h2_process_conn(conn_rec* c) ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "h2_h2, connection, h2 active"); - return h2_conn_main(c); + return h2_conn_process(c, NULL); } ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "h2_h2, declined"); @@ -209,21 +661,21 @@ int h2_h2_process_conn(conn_rec* c) static int h2_h2_post_read_req(request_rec *r) { h2_ctx *ctx = h2_ctx_rget(r); - struct h2_task_env *env = h2_ctx_get_task(ctx); - if (env) { + struct h2_task *task = h2_ctx_get_task(ctx); + if (task) { /* h2_task connection for a stream, not for h2c */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, "adding h1_to_h2_resp output filter"); - if (env->serialize_headers) { + if (task->serialize_headers) { ap_remove_output_filter_byhandle(r->output_filters, "H1_TO_H2_RESP"); - ap_add_output_filter("H1_TO_H2_RESP", env, r, r->connection); + ap_add_output_filter("H1_TO_H2_RESP", task, r, r->connection); } else { /* replace the core http filter that formats response headers * in HTTP/1 with our own that collects status and headers */ ap_remove_output_filter_byhandle(r->output_filters, "HTTP_HEADER"); ap_remove_output_filter_byhandle(r->output_filters, "H2_RESPONSE"); - ap_add_output_filter("H2_RESPONSE", env, r, r->connection); + ap_add_output_filter("H2_RESPONSE", task, r, r->connection); } } return DECLINED; diff --git a/modules/http2/h2_h2.h b/modules/http2/h2_h2.h index 9a1184d8b6..4974d86611 100644 --- a/modules/http2/h2_h2.h +++ b/modules/http2/h2_h2.h @@ -34,6 +34,37 @@ extern const char *h2_tls_protos[]; */ extern const char *H2_MAGIC_TOKEN; +#define H2_ERR_NO_ERROR (0x00) +#define H2_ERR_PROTOCOL_ERROR (0x01) +#define H2_ERR_INTERNAL_ERROR (0x02) +#define H2_ERR_FLOW_CONTROL_ERROR (0x03) +#define H2_ERR_SETTINGS_TIMEOUT (0x04) +#define H2_ERR_STREAM_CLOSED (0x05) +#define H2_ERR_FRAME_SIZE_ERROR (0x06) +#define H2_ERR_REFUSED_STREAM (0x07) +#define H2_ERR_CANCEL (0x08) +#define H2_ERR_COMPRESSION_ERROR (0x09) +#define H2_ERR_CONNECT_ERROR (0x0a) +#define H2_ERR_ENHANCE_YOUR_CALM (0x0b) +#define H2_ERR_INADEQUATE_SECURITY (0x0c) +#define H2_ERR_HTTP_1_1_REQUIRED (0x0d) + +/* Maximum number of padding bytes in a frame, rfc7540 */ +#define H2_MAX_PADLEN 256 +/* Initial default window size, RFC 7540 ch. 6.5.2 */ +#define H2_INITIAL_WINDOW_SIZE ((64*1024)-1) + +#define H2_HTTP_2XX(a) ((a) >= 200 && (a) < 300) + +#define H2_STREAM_CLIENT_INITIATED(id) (id&0x01) + +/** + * Provide a user readable description of the HTTP/2 error code- + * @param h2_error http/2 error code, as in rfc 7540, ch. 7 + * @return textual description of code or that it is unknown. + */ +const char *h2_h2_err_description(unsigned int h2_error); + /* * One time, post config intialization. */ @@ -43,15 +74,35 @@ apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s); */ int h2_h2_is_tls(conn_rec *c); -/* Disable SSL for this connection, can only be invoked in a pre- - * connection hook before mod_ssl. - * @return != 0 iff disable worked - */ -int h2_tls_disable(conn_rec *c); - /* Register apache hooks for h2 protocol */ void h2_h2_register_hooks(void); +/** + * Check if the given connection fulfills the requirements as configured. + * @param c the connection + * @param require_all != 0 iff any missing connection properties make + * the test fail. For example, a cipher might not have been selected while + * the handshake is still ongoing. + * @return != 0 iff connection requirements are met + */ +int h2_is_acceptable_connection(conn_rec *c, int require_all); + +/** + * Check if the "direct" HTTP/2 mode of protocol handling is enabled + * for the given connection. + * @param c the connection to check + * @return != 0 iff direct mode is enabled + */ +int h2_allows_h2_direct(conn_rec *c); + +/** + * Check if the "Upgrade" HTTP/1.1 mode of protocol switching is enabled + * for the given connection. + * @param c the connection to check + * @return != 0 iff Upgrade switching is enabled + */ +int h2_allows_h2_upgrade(conn_rec *c); + #endif /* defined(__mod_h2__h2_h2__) */ diff --git a/modules/http2/h2_io.c b/modules/http2/h2_io.c index 42734430fa..b33faee1f3 100644 --- a/modules/http2/h2_io.c +++ b/modules/http2/h2_io.c @@ -23,6 +23,7 @@ #include "h2_private.h" #include "h2_io.h" #include "h2_response.h" +#include "h2_task.h" #include "h2_util.h" h2_io *h2_io_create(int id, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc) @@ -31,33 +32,50 @@ h2_io *h2_io_create(int id, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc) if (io) { io->id = id; io->pool = pool; + io->bucket_alloc = bucket_alloc; io->bbin = NULL; - io->bbout = apr_brigade_create(pool, bucket_alloc); + io->bbout = NULL; } return io; } -static void h2_io_cleanup(h2_io *io) +void h2_io_destroy(h2_io *io) { - (void)io; + if (io->pool) { + apr_pool_destroy(io->pool); + /* gone */ + } } -void h2_io_destroy(h2_io *io) +void h2_io_set_response(h2_io *io, h2_response *response) +{ + AP_DEBUG_ASSERT(io->pool); + AP_DEBUG_ASSERT(response); + AP_DEBUG_ASSERT(!io->response); + io->response = h2_response_copy(io->pool, response); + if (response->rst_error) { + h2_io_rst(io, response->rst_error); + } +} + + +void h2_io_rst(h2_io *io, int error) { - h2_io_cleanup(io); + io->rst_error = error; + io->eos_in = 1; } int h2_io_in_has_eos_for(h2_io *io) { - return io->eos_in || (io->bbin && h2_util_has_eos(io->bbin, 0)); + return io->eos_in || (io->bbin && h2_util_has_eos(io->bbin, -1)); } int h2_io_out_has_data(h2_io *io) { - return h2_util_bb_has_data_or_eos(io->bbout); + return io->bbout && h2_util_bb_has_data_or_eos(io->bbout); } -apr_size_t h2_io_out_length(h2_io *io) +apr_off_t h2_io_out_length(h2_io *io) { if (io->bbout) { apr_off_t len = 0; @@ -74,14 +92,17 @@ apr_status_t h2_io_in_read(h2_io *io, apr_bucket_brigade *bb, apr_bucket *last; apr_status_t status; + if (io->rst_error) { + return APR_ECONNABORTED; + } + if (!io->bbin || APR_BRIGADE_EMPTY(io->bbin)) { return io->eos_in? APR_EOF : APR_EAGAIN; } apr_brigade_length(bb, 1, &start_len); last = APR_BRIGADE_LAST(bb); - status = h2_util_move(bb, io->bbin, maxlen, 0, - "h2_io_in_read"); + status = h2_util_move(bb, io->bbin, maxlen, NULL, "h2_io_in_read"); if (status == APR_SUCCESS) { apr_bucket *nlast = APR_BRIGADE_LAST(bb); apr_off_t end_len = 0; @@ -96,22 +117,29 @@ apr_status_t h2_io_in_read(h2_io *io, apr_bucket_brigade *bb, apr_status_t h2_io_in_write(h2_io *io, apr_bucket_brigade *bb) { + if (io->rst_error) { + return APR_ECONNABORTED; + } + if (io->eos_in) { return APR_EOF; } - io->eos_in = h2_util_has_eos(bb, 0); + io->eos_in = h2_util_has_eos(bb, -1); if (!APR_BRIGADE_EMPTY(bb)) { if (!io->bbin) { - io->bbin = apr_brigade_create(io->bbout->p, - io->bbout->bucket_alloc); + io->bbin = apr_brigade_create(io->pool, io->bucket_alloc); } - return h2_util_move(io->bbin, bb, 0, 0, "h2_io_in_write"); + return h2_util_move(io->bbin, bb, -1, NULL, "h2_io_in_write"); } return APR_SUCCESS; } apr_status_t h2_io_in_close(h2_io *io) { + if (io->rst_error) { + return APR_ECONNABORTED; + } + if (io->bbin) { APR_BRIGADE_INSERT_TAIL(io->bbin, apr_bucket_eos_create(io->bbin->bucket_alloc)); @@ -122,18 +150,93 @@ apr_status_t h2_io_in_close(h2_io *io) apr_status_t h2_io_out_readx(h2_io *io, h2_io_data_cb *cb, void *ctx, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { + apr_status_t status; + + if (io->rst_error) { + return APR_ECONNABORTED; + } + + if (io->eos_out) { + *plen = 0; + *peos = 1; + return APR_SUCCESS; + } + else if (!io->bbout) { + *plen = 0; + *peos = 0; + return APR_EAGAIN; + } + if (cb == NULL) { /* just checking length available */ - return h2_util_bb_avail(io->bbout, plen, peos); + status = h2_util_bb_avail(io->bbout, plen, peos); + } + else { + status = h2_util_bb_readx(io->bbout, cb, ctx, plen, peos); + if (status == APR_SUCCESS) { + io->eos_out = *peos; + } } - return h2_util_bb_readx(io->bbout, cb, ctx, plen, peos); + + return status; +} + +apr_status_t h2_io_out_read_to(h2_io *io, apr_bucket_brigade *bb, + apr_off_t *plen, int *peos) +{ + if (io->rst_error) { + return APR_ECONNABORTED; + } + + if (io->eos_out) { + *plen = 0; + *peos = 1; + return APR_SUCCESS; + } + else if (!io->bbout) { + *plen = 0; + *peos = 0; + return APR_EAGAIN; + } + + io->eos_out = *peos = h2_util_has_eos(io->bbout, *plen); + return h2_util_move(bb, io->bbout, *plen, NULL, "h2_io_read_to"); } apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, apr_size_t maxlen, int *pfile_handles_allowed) { + apr_status_t status; + int start_allowed; + + if (io->rst_error) { + return APR_ECONNABORTED; + } + + if (io->eos_out) { + apr_off_t len; + /* We have already delivered an EOS bucket to a reader, no + * sense in storing anything more here. + */ + status = apr_brigade_length(bb, 1, &len); + if (status == APR_SUCCESS) { + if (len > 0) { + /* someone tries to write real data after EOS, that + * does not look right. */ + status = APR_EOF; + } + /* cleanup, as if we had moved the data */ + apr_brigade_cleanup(bb); + } + return status; + } + + if (!io->bbout) { + io->bbout = apr_brigade_create(io->pool, io->bucket_alloc); + } + /* Let's move the buckets from the request processing in here, so * that the main thread can read them when it has time/capacity. * @@ -144,8 +247,7 @@ apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, * many open files already buffered. Otherwise we will run out of * file handles. */ - int start_allowed = *pfile_handles_allowed; - apr_status_t status; + start_allowed = *pfile_handles_allowed; status = h2_util_move(io->bbout, bb, maxlen, pfile_handles_allowed, "h2_io_out_write"); /* track # file buckets moved into our pool */ @@ -158,7 +260,15 @@ apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, apr_status_t h2_io_out_close(h2_io *io) { - APR_BRIGADE_INSERT_TAIL(io->bbout, - apr_bucket_eos_create(io->bbout->bucket_alloc)); + if (io->rst_error) { + return APR_ECONNABORTED; + } + if (!io->bbout) { + io->bbout = apr_brigade_create(io->pool, io->bucket_alloc); + } + if (!io->eos_out && !h2_util_has_eos(io->bbout, -1)) { + APR_BRIGADE_INSERT_TAIL(io->bbout, + apr_bucket_eos_create(io->bbout->bucket_alloc)); + } return APR_SUCCESS; } diff --git a/modules/http2/h2_io.h b/modules/http2/h2_io.h index 946ee44334..1fd1167747 100644 --- a/modules/http2/h2_io.h +++ b/modules/http2/h2_io.h @@ -18,11 +18,12 @@ struct h2_response; struct apr_thread_cond_t; -struct h2_task; +struct h2_request; -typedef apr_status_t h2_io_data_cb(void *ctx, - const char *data, apr_size_t len); +typedef apr_status_t h2_io_data_cb(void *ctx, const char *data, apr_off_t len); + +typedef int h2_stream_pri_cmp(int stream_id1, int stream_id2, void *ctx); typedef struct h2_io h2_io; @@ -30,17 +31,24 @@ typedef struct h2_io h2_io; struct h2_io { int id; /* stream identifier */ apr_pool_t *pool; /* stream pool */ - apr_bucket_brigade *bbin; /* input data for stream */ - int eos_in; - int task_done; + int orphaned; /* h2_stream is gone for this io */ - apr_size_t input_consumed; /* how many bytes have been read */ + int task_done; + const struct h2_request *request; /* request on this io */ + int request_body; /* == 0 iff request has no body */ + struct h2_response *response;/* response for submit, once created */ + int rst_error; + + int eos_in; + apr_bucket_brigade *bbin; /* input data for stream */ struct apr_thread_cond_t *input_arrived; /* block on reading */ + apr_size_t input_consumed; /* how many bytes have been read */ + int eos_out; apr_bucket_brigade *bbout; /* output data from stream */ + apr_bucket_alloc_t *bucket_alloc; struct apr_thread_cond_t *output_drained; /* block on writing */ - struct h2_response *response;/* submittable response created */ int files_handles_owned; }; @@ -58,6 +66,16 @@ h2_io *h2_io_create(int id, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc); */ void h2_io_destroy(h2_io *io); +/** + * Set the response of this stream. + */ +void h2_io_set_response(h2_io *io, struct h2_response *response); + +/** + * Reset the stream with the given error code. + */ +void h2_io_rst(h2_io *io, int error); + /** * The input data is completely queued. Blocked reads will return immediately * and give either data or EOF. @@ -105,7 +123,11 @@ apr_status_t h2_io_in_close(h2_io *io); */ apr_status_t h2_io_out_readx(h2_io *io, h2_io_data_cb *cb, void *ctx, - apr_size_t *plen, int *peos); + apr_off_t *plen, int *peos); + +apr_status_t h2_io_out_read_to(h2_io *io, + apr_bucket_brigade *bb, + apr_off_t *plen, int *peos); apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, apr_size_t maxlen, int *pfile_buckets_allowed); @@ -120,7 +142,7 @@ apr_status_t h2_io_out_close(h2_io *io); * Gives the overall length of the data that is currently queued for * output. */ -apr_size_t h2_io_out_length(h2_io *io); +apr_off_t h2_io_out_length(h2_io *io); #endif /* defined(__mod_h2__h2_io__) */ diff --git a/modules/http2/h2_io_set.c b/modules/http2/h2_io_set.c index 91afde8f1f..74ab508fef 100644 --- a/modules/http2/h2_io_set.c +++ b/modules/http2/h2_io_set.c @@ -78,19 +78,6 @@ h2_io *h2_io_set_get(h2_io_set *sp, int stream_id) return ps? *ps : NULL; } -h2_io *h2_io_set_get_highest_prio(h2_io_set *set) -{ - h2_io *highest = NULL; - int i; - for (i = 0; i < set->list->nelts; ++i) { - h2_io *io = h2_io_IDX(set->list, i); - if (!highest /*|| io-prio even higher */ ) { - highest = io; - } - } - return highest; -} - static void h2_io_set_sort(h2_io_set *sp) { qsort(sp->list->elts, sp->list->nelts, sp->list->elt_size, @@ -118,28 +105,46 @@ apr_status_t h2_io_set_add(h2_io_set *sp, h2_io *io) return APR_SUCCESS; } +static void remove_idx(h2_io_set *sp, int idx) +{ + int n; + --sp->list->nelts; + n = sp->list->nelts - idx; + if (n > 0) { + /* Close the hole in the array by moving the upper + * parts down one step. + */ + h2_io **selts = (h2_io**)sp->list->elts; + memmove(selts + idx, selts + idx + 1, n * sizeof(h2_io*)); + } +} + h2_io *h2_io_set_remove(h2_io_set *sp, h2_io *io) { int i; for (i = 0; i < sp->list->nelts; ++i) { h2_io *e = h2_io_IDX(sp->list, i); if (e == io) { - int n; - --sp->list->nelts; - n = sp->list->nelts - i; - if (n > 0) { - /* Close the hole in the array by moving the upper - * parts down one step. - */ - h2_io **selts = (h2_io**)sp->list->elts; - memmove(selts+i, selts+i+1, n * sizeof(h2_io*)); - } + remove_idx(sp, i); return e; } } return NULL; } +h2_io *h2_io_set_pop_highest_prio(h2_io_set *set) +{ + /* For now, this just removes the first element in the set. + * the name is misleading... + */ + if (set->list->nelts > 0) { + h2_io *io = h2_io_IDX(set->list, 0); + remove_idx(set, 0); + return io; + } + return NULL; +} + void h2_io_set_destroy_all(h2_io_set *sp) { int i; diff --git a/modules/http2/h2_io_set.h b/modules/http2/h2_io_set.h index a9c6546c70..5e7555af92 100644 --- a/modules/http2/h2_io_set.h +++ b/modules/http2/h2_io_set.h @@ -30,7 +30,6 @@ void h2_io_set_destroy(h2_io_set *set); apr_status_t h2_io_set_add(h2_io_set *set, struct h2_io *io); h2_io *h2_io_set_get(h2_io_set *set, int stream_id); -h2_io *h2_io_set_get_highest_prio(h2_io_set *set); h2_io *h2_io_set_remove(h2_io_set *set, struct h2_io *io); void h2_io_set_remove_all(h2_io_set *set); @@ -44,4 +43,6 @@ typedef int h2_io_set_iter_fn(void *ctx, struct h2_io *io); void h2_io_set_iter(h2_io_set *set, h2_io_set_iter_fn *iter, void *ctx); +h2_io *h2_io_set_pop_highest_prio(h2_io_set *set); + #endif /* defined(__mod_h2__h2_io_set__) */ diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c index 2d07b1eb6c..3908590985 100644 --- a/modules/http2/h2_mplx.c +++ b/modules/http2/h2_mplx.c @@ -29,6 +29,7 @@ #include "h2_private.h" #include "h2_config.h" #include "h2_conn.h" +#include "h2_h2.h" #include "h2_io.h" #include "h2_io_set.h" #include "h2_response.h" @@ -40,7 +41,22 @@ #include "h2_task_input.h" #include "h2_task_output.h" #include "h2_task_queue.h" +#include "h2_worker.h" #include "h2_workers.h" +#include "h2_util.h" + + +#define H2_MPLX_IO_OUT(lvl,m,io,msg) \ + do { \ + if (APLOG_C_IS_LEVEL((m)->c,lvl)) \ + h2_util_bb_log((m)->c,(io)->id,lvl,msg,(io)->bbout); \ + } while(0) + +#define H2_MPLX_IO_IN(lvl,m,io,msg) \ + do { \ + if (APLOG_C_IS_LEVEL((m)->c,lvl)) \ + h2_util_bb_log((m)->c,(io)->id,lvl,msg,(io)->bbin); \ + } while(0) static int is_aborted(h2_mplx *m, apr_status_t *pstatus) { @@ -58,10 +74,6 @@ static void h2_mplx_destroy(h2_mplx *m) { AP_DEBUG_ASSERT(m); m->aborted = 1; - if (m->q) { - h2_tq_destroy(m->q); - m->q = NULL; - } if (m->ready_ios) { h2_io_set_destroy(m->ready_ios); m->ready_ios = NULL; @@ -76,6 +88,10 @@ static void h2_mplx_destroy(h2_mplx *m) m->lock = NULL; } + if (m->spare_pool) { + apr_pool_destroy(m->spare_pool); + m->spare_pool = NULL; + } if (m->pool) { apr_pool_destroy(m->pool); } @@ -109,7 +125,7 @@ h2_mplx *h2_mplx_create(conn_rec *c, apr_pool_t *parent, h2_workers *workers) if (m) { m->id = c->id; APR_RING_ELEM_INIT(m, link); - apr_atomic_set32(&m->refs, 1); + m->refs = 1; m->c = c; apr_pool_create_ex(&m->pool, parent, NULL, allocator); if (!m->pool) { @@ -126,10 +142,9 @@ h2_mplx *h2_mplx_create(conn_rec *c, apr_pool_t *parent, h2_workers *workers) m->bucket_alloc = apr_bucket_alloc_create(m->pool); - m->q = h2_tq_create(m->id, m->pool); + m->q = h2_tq_create(m->pool, h2_config_geti(conf, H2_CONF_MAX_STREAMS)); m->stream_ios = h2_io_set_create(m->pool); m->ready_ios = h2_io_set_create(m->pool); - m->closed = h2_stream_set_create(m->pool); m->stream_max_mem = h2_config_geti(conf, H2_CONF_STREAM_MAX_MEM); m->workers = workers; @@ -138,27 +153,31 @@ h2_mplx *h2_mplx_create(conn_rec *c, apr_pool_t *parent, h2_workers *workers) return m; } -static void reference(h2_mplx *m) +static void release(h2_mplx *m, int lock) { - apr_atomic_inc32(&m->refs); -} - -static void release(h2_mplx *m) -{ - if (!apr_atomic_dec32(&m->refs)) { + if (lock) { + apr_thread_mutex_lock(m->lock); + --m->refs; if (m->join_wait) { apr_thread_cond_signal(m->join_wait); } + apr_thread_mutex_unlock(m->lock); + } + else { + --m->refs; } } void h2_mplx_reference(h2_mplx *m) { - reference(m); + apr_thread_mutex_lock(m->lock); + ++m->refs; + apr_thread_mutex_unlock(m->lock); } + void h2_mplx_release(h2_mplx *m) { - release(m); + release(m, 1); } static void workers_register(h2_mplx *m) { @@ -187,29 +206,17 @@ apr_status_t h2_mplx_release_and_join(h2_mplx *m, apr_thread_cond_t *wait) status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - int attempts = 0; - - release(m); - while (apr_atomic_read32(&m->refs) > 0) { + release(m, 0); + while (m->refs > 0) { m->join_wait = wait; - ap_log_cerror(APLOG_MARK, (attempts? APLOG_INFO : APLOG_DEBUG), - 0, m->c, + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, "h2_mplx(%ld): release_join, refs=%d, waiting...", m->id, m->refs); - apr_thread_cond_timedwait(wait, m->lock, apr_time_from_sec(10)); - if (++attempts >= 6) { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, - APLOGNO(02952) - "h2_mplx(%ld): join attempts exhausted, refs=%d", - m->id, m->refs); - break; - } + apr_thread_cond_wait(wait, m->lock); } - if (m->join_wait) { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, - "h2_mplx(%ld): release_join -> destroy", m->id); - } - m->join_wait = NULL; + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, + "h2_mplx(%ld): release_join -> destroy", m->id); + m->pool = NULL; apr_thread_mutex_unlock(m->lock); h2_mplx_destroy(m); } @@ -230,43 +237,19 @@ void h2_mplx_abort(h2_mplx *m) } -h2_stream *h2_mplx_open_io(h2_mplx *m, int stream_id) +static void io_destroy(h2_mplx *m, h2_io *io) { - h2_stream *stream = NULL; - apr_status_t status; - h2_io *io; - - if (m->aborted) { - return NULL; - } - status = apr_thread_mutex_lock(m->lock); - if (APR_SUCCESS == status) { - apr_pool_t *stream_pool = m->spare_pool; - - if (!stream_pool) { - apr_pool_create(&stream_pool, m->pool); - } - else { - m->spare_pool = NULL; - } - - stream = h2_stream_create(stream_id, stream_pool, m); - stream->state = H2_STREAM_ST_OPEN; - - io = h2_io_set_get(m->stream_ios, stream_id); - if (!io) { - io = h2_io_create(stream_id, stream_pool, m->bucket_alloc); - h2_io_set_add(m->stream_ios, io); - } - status = io? APR_SUCCESS : APR_ENOMEM; - apr_thread_mutex_unlock(m->lock); - } - return stream; -} - -static void stream_destroy(h2_mplx *m, h2_stream *stream, h2_io *io) -{ - apr_pool_t *pool = h2_stream_detach_pool(stream); + apr_pool_t *pool = io->pool; + + io->pool = NULL; + /* The pool is cleared/destroyed which also closes all + * allocated file handles. Give this count back to our + * file handle pool. */ + m->file_handles_allowed += io->files_handles_owned; + h2_io_set_remove(m->stream_ios, io); + h2_io_set_remove(m->ready_ios, io); + h2_io_destroy(io); + if (pool) { apr_pool_clear(pool); if (m->spare_pool) { @@ -274,33 +257,40 @@ static void stream_destroy(h2_mplx *m, h2_stream *stream, h2_io *io) } m->spare_pool = pool; } - h2_stream_destroy(stream); - if (io) { - /* The pool is cleared/destroyed which also closes all - * allocated file handles. Give this count back to our - * file handle pool. */ - m->file_handles_allowed += io->files_handles_owned; - h2_io_set_remove(m->stream_ios, io); - h2_io_set_remove(m->ready_ios, io); - h2_io_destroy(io); - } } -apr_status_t h2_mplx_cleanup_stream(h2_mplx *m, h2_stream *stream) +apr_status_t h2_mplx_stream_done(h2_mplx *m, int stream_id, int rst_error) { apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - h2_io *io = h2_io_set_get(m->stream_ios, stream->id); - if (!io || io->task_done) { - /* No more io or task already done -> cleanup immediately */ - stream_destroy(m, stream, io); - } - else { - /* Add stream to closed set for cleanup when task is done */ - h2_stream_set_add(m->closed, stream); + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + + /* there should be an h2_io, once the stream has been scheduled + * for processing, e.g. when we received all HEADERs. But when + * a stream is cancelled very early, it will not exist. */ + if (io) { + /* Remove io from ready set, we will never submit it */ + h2_io_set_remove(m->ready_ios, io); + if (io->task_done || h2_tq_remove(m->q, io->id)) { + /* already finished or not even started yet */ + io_destroy(m, io); + } + else { + /* cleanup once task is done */ + io->orphaned = 1; + if (rst_error) { + h2_io_rst(io, rst_error); + } + } + } + apr_thread_mutex_unlock(m->lock); } return status; @@ -310,21 +300,17 @@ void h2_mplx_task_done(h2_mplx *m, int stream_id) { apr_status_t status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - h2_stream *stream = h2_stream_set_get(m->closed, stream_id); h2_io *io = h2_io_set_get(m->stream_ios, stream_id); ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c, "h2_mplx(%ld): task(%d) done", m->id, stream_id); - if (stream) { - /* stream was already closed by main connection and is in - * zombie state. Now that the task is done with it, we - * can free its resources. */ - h2_stream_set_remove(m->closed, stream); - stream_destroy(m, stream, io); - } - else if (io) { - /* main connection has not finished stream. Mark task as done - * so that eventual cleanup can start immediately. */ + if (io) { io->task_done = 1; + if (io->orphaned) { + io_destroy(m, io); + } + else { + /* hang around until the stream deregisteres */ + } } apr_thread_mutex_unlock(m->lock); } @@ -342,15 +328,17 @@ apr_status_t h2_mplx_in_read(h2_mplx *m, apr_read_type_e block, status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { io->input_arrived = iowait; - status = h2_io_in_read(io, bb, 0); - while (status == APR_EAGAIN + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_in_read_pre"); + status = h2_io_in_read(io, bb, -1); + while (APR_STATUS_IS_EAGAIN(status) && !is_aborted(m, &status) && block == APR_BLOCK_READ) { apr_thread_cond_wait(io->input_arrived, m->lock); - status = h2_io_in_read(io, bb, 0); + status = h2_io_in_read(io, bb, -1); } + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_in_read_post"); io->input_arrived = NULL; } else { @@ -372,8 +360,10 @@ apr_status_t h2_mplx_in_write(h2_mplx *m, int stream_id, status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_in_write_pre"); status = h2_io_in_write(io, bb); + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_in_write_post"); if (io->input_arrived) { apr_thread_cond_signal(io->input_arrived); } @@ -396,8 +386,9 @@ apr_status_t h2_mplx_in_close(h2_mplx *m, int stream_id) status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { status = h2_io_in_close(io); + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_in_close"); if (io->input_arrived) { apr_thread_cond_signal(io->input_arrived); } @@ -456,7 +447,7 @@ apr_status_t h2_mplx_in_update_windows(h2_mplx *m, apr_status_t h2_mplx_out_readx(h2_mplx *m, int stream_id, h2_io_data_cb *cb, void *ctx, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { apr_status_t status; AP_DEBUG_ASSERT(m); @@ -466,8 +457,42 @@ apr_status_t h2_mplx_out_readx(h2_mplx *m, int stream_id, status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_readx_pre"); + status = h2_io_out_readx(io, cb, ctx, plen, peos); + + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_readx_post"); + if (status == APR_SUCCESS && cb && io->output_drained) { + apr_thread_cond_signal(io->output_drained); + } + } + else { + status = APR_ECONNABORTED; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +apr_status_t h2_mplx_out_read_to(h2_mplx *m, int stream_id, + apr_bucket_brigade *bb, + apr_off_t *plen, int *peos) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io && !io->orphaned) { + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_read_to_pre"); + + status = h2_io_out_read_to(io, bb, plen, peos); + + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_read_to_post"); if (status == APR_SUCCESS && io->output_drained) { apr_thread_cond_signal(io->output_drained); } @@ -490,24 +515,42 @@ h2_stream *h2_mplx_next_submit(h2_mplx *m, h2_stream_set *streams) } status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - h2_io *io = h2_io_set_get_highest_prio(m->ready_ios); + h2_io *io = h2_io_set_pop_highest_prio(m->ready_ios); if (io) { - h2_response *response = io->response; - - AP_DEBUG_ASSERT(response); - h2_io_set_remove(m->ready_ios, io); - - stream = h2_stream_set_get(streams, response->stream_id); + stream = h2_stream_set_get(streams, io->id); if (stream) { - h2_stream_set_response(stream, response, io->bbout); - if (io->output_drained) { - apr_thread_cond_signal(io->output_drained); + if (io->rst_error) { + h2_stream_rst(stream, io->rst_error); + } + else { + AP_DEBUG_ASSERT(io->response); + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_next_submit_pre"); + h2_stream_set_response(stream, io->response, io->bbout); + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_next_submit_post"); } + } else { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_NOTFOUND, m->c, - APLOGNO(02953) "h2_mplx(%ld): stream for response %d", - m->id, response->stream_id); + /* We have the io ready, but the stream has gone away, maybe + * reset by the client. Should no longer happen since such + * streams should clear io's from the ready queue. + */ + ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, m->c, APLOGNO(02953) + "h2_mplx(%ld): stream for response %d closed, " + "resetting io to close request processing", + m->id, io->id); + io->orphaned = 1; + if (io->task_done) { + io_destroy(m, io); + } + else { + /* hang around until the h2_task is done */ + h2_io_rst(io, H2_ERR_STREAM_CLOSED); + } + } + + if (io->output_drained) { + apr_thread_cond_signal(io->output_drained); } } apr_thread_mutex_unlock(m->lock); @@ -531,7 +574,6 @@ static apr_status_t out_write(h2_mplx *m, h2_io *io, status = h2_io_out_write(io, bb, m->stream_max_mem, &m->file_handles_allowed); - /* Wait for data to drain until there is room again */ while (!APR_BRIGADE_EMPTY(bb) && iowait @@ -549,6 +591,7 @@ static apr_status_t out_write(h2_mplx *m, h2_io *io, } } apr_brigade_cleanup(bb); + return status; } @@ -559,15 +602,15 @@ static apr_status_t out_open(h2_mplx *m, int stream_id, h2_response *response, apr_status_t status = APR_SUCCESS; h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { if (f) { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, - "h2_mplx(%ld-%d): open response: %s", - m->id, stream_id, response->status); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_mplx(%ld-%d): open response: %d, rst=%d", + m->id, stream_id, response->http_status, + response->rst_error); } - io->response = h2_response_copy(io->pool, response); - AP_DEBUG_ASSERT(io->response); + h2_io_set_response(io, response); h2_io_set_add(m->ready_ios, io); if (bb) { status = out_write(m, io, f, bb, iowait); @@ -592,6 +635,9 @@ apr_status_t h2_mplx_out_open(h2_mplx *m, int stream_id, h2_response *response, status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { status = out_open(m, stream_id, response, f, bb, iowait); + if (APLOGctrace1(m->c)) { + h2_util_bb_log(m->c, stream_id, APLOG_TRACE1, "h2_mplx_out_open", bb); + } if (m->aborted) { return APR_ECONNABORTED; } @@ -614,8 +660,10 @@ apr_status_t h2_mplx_out_write(h2_mplx *m, int stream_id, if (APR_SUCCESS == status) { if (!m->aborted) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { + if (io && !io->orphaned) { status = out_write(m, io, f, bb, iowait); + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_write"); + have_out_data_for(m, stream_id); if (m->aborted) { return APR_ECONNABORTED; @@ -644,17 +692,22 @@ apr_status_t h2_mplx_out_close(h2_mplx *m, int stream_id) if (APR_SUCCESS == status) { if (!m->aborted) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); - if (io) { - if (!io->response || !io->response->ngheader) { + if (io && !io->orphaned) { + if (!io->response && !io->rst_error) { /* In case a close comes before a response was created, * insert an error one so that our streams can properly * reset. */ - h2_response *r = h2_response_create(stream_id, - "500", NULL, m->pool); + h2_response *r = h2_response_create(stream_id, 0, + 500, NULL, m->pool); status = out_open(m, stream_id, r, NULL, NULL, NULL); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, m->c, + "h2_mplx(%ld-%d): close, no response, no rst", + m->id, io->id); } status = h2_io_out_close(io); + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_close"); + have_out_data_for(m, stream_id); if (m->aborted) { /* if we were the last output, the whole session might @@ -672,6 +725,38 @@ apr_status_t h2_mplx_out_close(h2_mplx *m, int stream_id) return status; } +apr_status_t h2_mplx_out_rst(h2_mplx *m, int stream_id, int error) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + if (!m->aborted) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io && !io->rst_error && !io->orphaned) { + h2_io_rst(io, error); + if (!io->response) { + h2_io_set_add(m->ready_ios, io); + } + H2_MPLX_IO_OUT(APLOG_TRACE2, m, io, "h2_mplx_out_rst"); + + have_out_data_for(m, stream_id); + if (io->output_drained) { + apr_thread_cond_signal(io->output_drained); + } + } + else { + status = APR_ECONNABORTED; + } + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + int h2_mplx_in_has_eos_for(h2_mplx *m, int stream_id) { int has_eos = 0; @@ -684,7 +769,7 @@ int h2_mplx_in_has_eos_for(h2_mplx *m, int stream_id) if (APR_SUCCESS == status) { h2_io *io = h2_io_set_get(m->stream_ios, stream_id); if (io) { - has_eos = h2_io_in_has_eos_for(io); + has_eos = io->orphaned || h2_io_in_has_eos_for(io); } apr_thread_mutex_unlock(m->lock); } @@ -742,61 +827,104 @@ static void have_out_data_for(h2_mplx *m, int stream_id) } } -apr_status_t h2_mplx_do_task(h2_mplx *m, struct h2_task *task) +apr_status_t h2_mplx_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx) { apr_status_t status; + AP_DEBUG_ASSERT(m); if (m->aborted) { return APR_ECONNABORTED; } status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - /* TODO: needs to sort queue by priority */ + h2_tq_sort(m->q, cmp, ctx); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c, - "h2_mplx: do task(%s)", task->id); - h2_tq_append(m->q, task); + "h2_mplx(%ld): reprioritize tasks", m->id); apr_thread_mutex_unlock(m->lock); } workers_register(m); return status; } -h2_task *h2_mplx_pop_task(h2_mplx *m, int *has_more) +static h2_io *open_io(h2_mplx *m, int stream_id) +{ + apr_pool_t *io_pool = m->spare_pool; + h2_io *io; + + if (!io_pool) { + apr_pool_create(&io_pool, m->pool); + } + else { + m->spare_pool = NULL; + } + + io = h2_io_create(stream_id, io_pool, m->bucket_alloc); + h2_io_set_add(m->stream_ios, io); + + return io; +} + + +apr_status_t h2_mplx_process(h2_mplx *m, int stream_id, + const h2_request *req, int eos, + h2_stream_pri_cmp *cmp, void *ctx) { - h2_task *task = NULL; apr_status_t status; + AP_DEBUG_ASSERT(m); if (m->aborted) { - *has_more = 0; - return NULL; + return APR_ECONNABORTED; } status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - task = h2_tq_pop_first(m->q); - if (task) { - h2_task_set_started(task); + h2_io *io = open_io(m, stream_id); + io->request = req; + io->request_body = !eos; + + if (eos) { + status = h2_io_in_close(io); } - *has_more = !h2_tq_empty(m->q); + + h2_tq_add(m->q, io->id, cmp, ctx); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, m->c, + "h2_mplx(%ld-%d): process", m->c->id, stream_id); + H2_MPLX_IO_IN(APLOG_TRACE2, m, io, "h2_mplx_process"); apr_thread_mutex_unlock(m->lock); } - return task; + + if (status == APR_SUCCESS) { + workers_register(m); + } + return status; } -apr_status_t h2_mplx_create_task(h2_mplx *m, struct h2_stream *stream) +h2_task *h2_mplx_pop_task(h2_mplx *m, h2_worker *w, int *has_more) { + h2_task *task = NULL; apr_status_t status; + AP_DEBUG_ASSERT(m); if (m->aborted) { - return APR_ECONNABORTED; + *has_more = 0; + return NULL; } status = apr_thread_mutex_lock(m->lock); if (APR_SUCCESS == status) { - conn_rec *c = h2_conn_create(m->c, stream->pool); - stream->task = h2_task_create(m->id, stream->id, - stream->pool, m, c); - + int sid; + while (!task && (sid = h2_tq_shift(m->q)) > 0) { + /* Anything not already setup correctly in the task + * needs to be so now, as task will be executed right about + * when this method returns. */ + h2_io *io = h2_io_set_get(m->stream_ios, sid); + if (io) { + task = h2_worker_create_task(w, m, io->request, !io->request_body); + } + } + *has_more = !h2_tq_empty(m->q); apr_thread_mutex_unlock(m->lock); } - return status; + return task; } diff --git a/modules/http2/h2_mplx.h b/modules/http2/h2_mplx.h index 62977d6157..5c950b9c27 100644 --- a/modules/http2/h2_mplx.h +++ b/modules/http2/h2_mplx.h @@ -41,8 +41,10 @@ struct h2_config; struct h2_response; struct h2_task; struct h2_stream; +struct h2_request; struct h2_io_set; struct apr_thread_cond_t; +struct h2_worker; struct h2_workers; struct h2_stream_set; struct h2_task_queue; @@ -54,7 +56,7 @@ typedef struct h2_mplx h2_mplx; struct h2_mplx { long id; APR_RING_ENTRY(h2_mplx) link; - volatile apr_uint32_t refs; + volatile int refs; conn_rec *c; apr_pool_t *pool; apr_bucket_alloc_t *bucket_alloc; @@ -70,12 +72,13 @@ struct h2_mplx { int aborted; apr_size_t stream_max_mem; - apr_pool_t *spare_pool; /* spare pool, ready for next stream */ - struct h2_stream_set *closed; /* streams closed, but task ongoing */ + apr_pool_t *spare_pool; /* spare pool, ready for next io */ struct h2_workers *workers; int file_handles_allowed; }; + + /******************************************************************************* * Object lifecycle and information. ******************************************************************************/ @@ -96,6 +99,7 @@ void h2_mplx_reference(h2_mplx *m); * Decreases the reference counter of this mplx. */ void h2_mplx_release(h2_mplx *m); + /** * Decreases the reference counter of this mplx and waits for it * to reached 0, destroy the mplx afterwards. @@ -117,15 +121,16 @@ void h2_mplx_task_done(h2_mplx *m, int stream_id); /******************************************************************************* * IO lifetime of streams. ******************************************************************************/ -/** - * Prepares the multiplexer to handle in-/output on the given stream id. - */ -struct h2_stream *h2_mplx_open_io(h2_mplx *mplx, int stream_id); /** - * Ends cleanup of a stream in sync with execution thread. + * Notifies mplx that a stream has finished processing. + * + * @param m the mplx itself + * @param stream_id the id of the stream being done + * @param rst_error if != 0, the stream was reset with the error given + * */ -apr_status_t h2_mplx_cleanup_stream(h2_mplx *m, struct h2_stream *stream); +apr_status_t h2_mplx_stream_done(h2_mplx *m, int stream_id, int rst_error); /* Return != 0 iff the multiplexer has data for the given stream. */ @@ -143,13 +148,29 @@ apr_status_t h2_mplx_out_trywait(h2_mplx *m, apr_interval_time_t timeout, ******************************************************************************/ /** - * Perform the task on the given stream. + * Process a stream request. + * + * @param m the multiplexer + * @param stream_id the identifier of the stream + * @param r the request to be processed + * @param eos if input is complete + * @param cmp the stream priority compare function + * @param ctx context data for the compare function */ -apr_status_t h2_mplx_do_task(h2_mplx *mplx, struct h2_task *task); +apr_status_t h2_mplx_process(h2_mplx *m, int stream_id, + const struct h2_request *r, int eos, + h2_stream_pri_cmp *cmp, void *ctx); -struct h2_task *h2_mplx_pop_task(h2_mplx *mplx, int *has_more); +/** + * Stream priorities have changed, reschedule pending tasks. + * + * @param m the multiplexer + * @param cmp the stream priority compare function + * @param ctx context data for the compare function + */ +apr_status_t h2_mplx_reprioritize(h2_mplx *m, h2_stream_pri_cmp *cmp, void *ctx); -apr_status_t h2_mplx_create_task(h2_mplx *mplx, struct h2_stream *stream); +struct h2_task *h2_mplx_pop_task(h2_mplx *mplx, struct h2_worker *w, int *has_more); /******************************************************************************* * Input handling of streams. @@ -188,7 +209,7 @@ int h2_mplx_in_has_eos_for(h2_mplx *m, int stream_id); * Callback invoked for every stream that had input data read since * the last invocation. */ -typedef void h2_mplx_consumed_cb(void *ctx, int stream_id, apr_size_t consumed); +typedef void h2_mplx_consumed_cb(void *ctx, int stream_id, apr_off_t consumed); /** * Invoke the callback for all streams that had bytes read since the last @@ -219,7 +240,15 @@ struct h2_stream *h2_mplx_next_submit(h2_mplx *m, */ apr_status_t h2_mplx_out_readx(h2_mplx *mplx, int stream_id, h2_io_data_cb *cb, void *ctx, - apr_size_t *plen, int *peos); + apr_off_t *plen, int *peos); + +/** + * Reads output data into the given brigade. Will never block, but + * return APR_EAGAIN until data arrives or the stream is closed. + */ +apr_status_t h2_mplx_out_read_to(h2_mplx *mplx, int stream_id, + apr_bucket_brigade *bb, + apr_off_t *plen, int *peos); /** * Opens the output for the given stream with the specified response. @@ -247,6 +276,8 @@ apr_status_t h2_mplx_out_write(h2_mplx *mplx, int stream_id, */ apr_status_t h2_mplx_out_close(h2_mplx *m, int stream_id); +apr_status_t h2_mplx_out_rst(h2_mplx *m, int stream_id, int error); + /******************************************************************************* * h2_mplx list Manipulation. ******************************************************************************/ diff --git a/modules/http2/h2_push.c b/modules/http2/h2_push.c new file mode 100644 index 0000000000..703ea761a0 --- /dev/null +++ b/modules/http2/h2_push.c @@ -0,0 +1,400 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include + +#include +#include +#include + +#include "h2_private.h" +#include "h2_h2.h" +#include "h2_util.h" +#include "h2_push.h" +#include "h2_request.h" +#include "h2_response.h" + + +typedef struct { + const h2_request *req; + apr_pool_t *pool; + apr_array_header_t *pushes; + const char *s; + size_t slen; + size_t i; + + const char *link; + apr_table_t *params; + char b[4096]; +} link_ctx; + +static int attr_char(char c) +{ + switch (c) { + case '!': + case '#': + case '$': + case '&': + case '+': + case '-': + case '.': + case '^': + case '_': + case '`': + case '|': + case '~': + return 1; + default: + return apr_isalnum(c); + } +} + +static int ptoken_char(char c) +{ + switch (c) { + case '!': + case '#': + case '$': + case '&': + case '\'': + case '(': + case ')': + case '*': + case '+': + case '-': + case '.': + case '/': + case ':': + case '<': + case '=': + case '>': + case '?': + case '@': + case '[': + case ']': + case '^': + case '_': + case '`': + case '{': + case '|': + case '}': + case '~': + return 1; + default: + return apr_isalnum(c); + } +} + +static int skip_ws(link_ctx *ctx) +{ + char c; + while (ctx->i < ctx->slen + && (((c = ctx->s[ctx->i]) == ' ') || (c == '\t'))) { + ++ctx->i; + } + return (ctx->i < ctx->slen); +} + +static int find_chr(link_ctx *ctx, char c, size_t *pidx) +{ + size_t j; + for (j = ctx->i; j < ctx->slen; ++j) { + if (ctx->s[j] == c) { + *pidx = j; + return 1; + } + } + return 0; +} + +static int read_chr(link_ctx *ctx, char c) +{ + if (ctx->i < ctx->slen && ctx->s[ctx->i] == c) { + ++ctx->i; + return 1; + } + return 0; +} + +static char *mk_str(link_ctx *ctx, size_t end) +{ + if (ctx->i < end) { + return apr_pstrndup(ctx->pool, ctx->s + ctx->i, end - ctx->i); + } + return ""; +} + +static int read_qstring(link_ctx *ctx, char **ps) +{ + if (skip_ws(ctx) && read_chr(ctx, '\"')) { + size_t end; + if (find_chr(ctx, '\"', &end)) { + *ps = mk_str(ctx, end); + ctx->i = end + 1; + return 1; + } + } + return 0; +} + +static int read_ptoken(link_ctx *ctx, char **ps) +{ + if (skip_ws(ctx)) { + size_t i; + for (i = ctx->i; i < ctx->slen && ptoken_char(ctx->s[i]); ++i) { + /* nop */ + } + if (i > ctx->i) { + *ps = mk_str(ctx, i); + ctx->i = i; + return 1; + } + } + return 0; +} + + +static int read_link(link_ctx *ctx) +{ + if (skip_ws(ctx) && read_chr(ctx, '<')) { + size_t end; + if (find_chr(ctx, '>', &end)) { + ctx->link = mk_str(ctx, end); + ctx->i = end + 1; + return 1; + } + } + return 0; +} + +static int read_pname(link_ctx *ctx, char **pname) +{ + if (skip_ws(ctx)) { + size_t i; + for (i = ctx->i; i < ctx->slen && attr_char(ctx->s[i]); ++i) { + /* nop */ + } + if (i > ctx->i) { + *pname = mk_str(ctx, i); + ctx->i = i; + return 1; + } + } + return 0; +} + +static int read_pvalue(link_ctx *ctx, char **pvalue) +{ + if (skip_ws(ctx) && read_chr(ctx, '=')) { + if (read_qstring(ctx, pvalue) || read_ptoken(ctx, pvalue)) { + return 1; + } + } + return 0; +} + +static int read_param(link_ctx *ctx) +{ + if (skip_ws(ctx) && read_chr(ctx, ';')) { + char *name, *value = ""; + if (read_pname(ctx, &name)) { + read_pvalue(ctx, &value); /* value is optional */ + apr_table_setn(ctx->params, name, value); + return 1; + } + } + return 0; +} + +static int read_sep(link_ctx *ctx) +{ + if (skip_ws(ctx) && read_chr(ctx, ',')) { + return 1; + } + return 0; +} + +static void init_params(link_ctx *ctx) +{ + if (!ctx->params) { + ctx->params = apr_table_make(ctx->pool, 5); + } + else { + apr_table_clear(ctx->params); + } +} + +static int same_authority(const h2_request *req, const apr_uri_t *uri) +{ + if (uri->scheme != NULL && strcmp(uri->scheme, req->scheme)) { + return 0; + } + if (uri->hostinfo != NULL && strcmp(uri->hostinfo, req->authority)) { + return 0; + } + return 1; +} + +static int set_header(void *ctx, const char *key, const char *value) +{ + apr_table_setn(ctx, key, value); + return 1; +} + + +static int add_push(link_ctx *ctx) +{ + /* so, we have read a Link header and need to decide + * if we transform it into a push. + */ + const char *rel = apr_table_get(ctx->params, "rel"); + if (rel && !strcmp("preload", rel)) { + apr_uri_t uri; + if (apr_uri_parse(ctx->pool, ctx->link, &uri) == APR_SUCCESS) { + if (uri.path && same_authority(ctx->req, &uri)) { + char *path; + apr_table_t *headers; + h2_request *req; + h2_push *push; + + /* We only want to generate pushes for resources in the + * same authority than the original request. + * icing: i think that is wise, otherwise we really need to + * check that the vhost/server is available and uses the same + * TLS (if any) parameters. + */ + path = apr_uri_unparse(ctx->pool, &uri, APR_URI_UNP_OMITSITEPART); + + push = apr_pcalloc(ctx->pool, sizeof(*push)); + push->initiating_id = ctx->req->id; + + headers = apr_table_make(ctx->pool, 5); + apr_table_do(set_header, headers, ctx->req->headers, + "User-Agent", + "Cache-Control", + "Accept-Language", + NULL); + /* TODO: which headers do we add here? + */ + + req = h2_request_createn(0, ctx->pool, + ctx->req->method, + ctx->req->scheme, + ctx->req->authority, + path, headers); + h2_request_end_headers(req, ctx->pool, 1); + push->req = req; + + if (!ctx->pushes) { + ctx->pushes = apr_array_make(ctx->pool, 5, sizeof(h2_push*)); + } + APR_ARRAY_PUSH(ctx->pushes, h2_push*) = push; + } + } + } + return 0; +} + +static void inspect_link(link_ctx *ctx, const char *s, size_t slen) +{ + /* RFC 5988 + Link = "Link" ":" #link-value + link-value = "<" URI-Reference ">" *( ";" link-param ) + link-param = ( ( "rel" "=" relation-types ) + | ( "anchor" "=" <"> URI-Reference <"> ) + | ( "rev" "=" relation-types ) + | ( "hreflang" "=" Language-Tag ) + | ( "media" "=" ( MediaDesc | ( <"> MediaDesc <"> ) ) ) + | ( "title" "=" quoted-string ) + | ( "title*" "=" ext-value ) + | ( "type" "=" ( media-type | quoted-mt ) ) + | ( link-extension ) ) + link-extension = ( parmname [ "=" ( ptoken | quoted-string ) ] ) + | ( ext-name-star "=" ext-value ) + ext-name-star = parmname "*" ; reserved for RFC2231-profiled + ; extensions. Whitespace NOT + ; allowed in between. + ptoken = 1*ptokenchar + ptokenchar = "!" | "#" | "$" | "%" | "&" | "'" | "(" + | ")" | "*" | "+" | "-" | "." | "/" | DIGIT + | ":" | "<" | "=" | ">" | "?" | "@" | ALPHA + | "[" | "]" | "^" | "_" | "`" | "{" | "|" + | "}" | "~" + media-type = type-name "/" subtype-name + quoted-mt = <"> media-type <"> + relation-types = relation-type + | <"> relation-type *( 1*SP relation-type ) <"> + relation-type = reg-rel-type | ext-rel-type + reg-rel-type = LOALPHA *( LOALPHA | DIGIT | "." | "-" ) + ext-rel-type = URI + + and from + parmname = 1*attr-char + attr-char = ALPHA / DIGIT + / "!" / "#" / "$" / "&" / "+" / "-" / "." + / "^" / "_" / "`" / "|" / "~" + */ + + ctx->s = s; + ctx->slen = slen; + ctx->i = 0; + + while (read_link(ctx)) { + init_params(ctx); + while (read_param(ctx)) { + /* nop */ + } + add_push(ctx); + if (!read_sep(ctx)) { + break; + } + } +} + +static int head_iter(void *ctx, const char *key, const char *value) +{ + if (!apr_strnatcasecmp("link", key)) { + inspect_link(ctx, value, strlen(value)); + } + return 1; +} + +apr_array_header_t *h2_push_collect(apr_pool_t *p, const h2_request *req, + const h2_response *res) +{ + /* Collect push candidates from the request/response pair. + * + * One source for pushes are "rel=preload" link headers + * in the response. + * + * TODO: This may be extended in the future by hooks or callbacks + * where other modules can provide push information directly. + */ + if (res->header) { + link_ctx ctx; + + memset(&ctx, 0, sizeof(ctx)); + ctx.req = req; + ctx.pool = p; + + apr_table_do(head_iter, &ctx, res->header, NULL); + return ctx.pushes; + } + return NULL; +} diff --git a/modules/http2/h2_push.h b/modules/http2/h2_push.h new file mode 100644 index 0000000000..64edee65d1 --- /dev/null +++ b/modules/http2/h2_push.h @@ -0,0 +1,33 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __mod_h2__h2_push__ +#define __mod_h2__h2_push__ + +struct h2_request; +struct h2_response; +struct h2_ngheader; + +typedef struct h2_push { + int initiating_id; + const struct h2_request *req; + const char *as; +} h2_push; + + +apr_array_header_t *h2_push_collect(apr_pool_t *p, + const struct h2_request *req, + const struct h2_response *res); + +#endif /* defined(__mod_h2__h2_push__) */ diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c index ca9a362cb5..a5f7d9d4fb 100644 --- a/modules/http2/h2_request.c +++ b/modules/http2/h2_request.c @@ -19,68 +19,146 @@ #include #include +#include #include #include #include "h2_private.h" #include "h2_mplx.h" -#include "h2_to_h1.h" #include "h2_request.h" #include "h2_task.h" #include "h2_util.h" -h2_request *h2_request_create(int id, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc) +h2_request *h2_request_create(int id, apr_pool_t *pool) +{ + return h2_request_createn(id, pool, NULL, NULL, NULL, NULL, NULL); +} + +h2_request *h2_request_createn(int id, apr_pool_t *pool, + const char *method, const char *scheme, + const char *authority, const char *path, + apr_table_t *header) { h2_request *req = apr_pcalloc(pool, sizeof(h2_request)); - if (req) { - req->id = id; - req->pool = pool; - req->bucket_alloc = bucket_alloc; - } + + req->id = id; + req->method = method; + req->scheme = scheme; + req->authority = authority; + req->path = path; + req->headers = header? header : apr_table_make(pool, 10); + return req; } void h2_request_destroy(h2_request *req) { - if (req->to_h1) { - h2_to_h1_destroy(req->to_h1); - req->to_h1 = NULL; +} + +static apr_status_t inspect_clen(h2_request *req, const char *s) +{ + char *end; + req->content_length = apr_strtoi64(s, &end, 10); + return (s == end)? APR_EINVAL : APR_SUCCESS; +} + +static apr_status_t add_h1_header(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen) +{ + char *hname, *hvalue; + + if (h2_req_ignore_header(name, nlen)) { + return APR_SUCCESS; + } + else if (H2_HD_MATCH_LIT("cookie", name, nlen)) { + const char *existing = apr_table_get(req->headers, "cookie"); + if (existing) { + char *nval; + + /* Cookie header come separately in HTTP/2, but need + * to be merged by "; " (instead of default ", ") + */ + hvalue = apr_pstrndup(pool, value, vlen); + nval = apr_psprintf(pool, "%s; %s", existing, hvalue); + apr_table_setn(req->headers, "Cookie", nval); + return APR_SUCCESS; + } + } + else if (H2_HD_MATCH_LIT("host", name, nlen)) { + if (apr_table_get(req->headers, "Host")) { + return APR_SUCCESS; /* ignore duplicate */ + } + } + + hname = apr_pstrndup(pool, name, nlen); + hvalue = apr_pstrndup(pool, value, vlen); + h2_util_camel_case_header(hname, nlen); + apr_table_mergen(req->headers, hname, hvalue); + + return APR_SUCCESS; +} + +typedef struct { + h2_request *req; + apr_pool_t *pool; +} h1_ctx; + +static int set_h1_header(void *ctx, const char *key, const char *value) +{ + h1_ctx *x = ctx; + size_t klen = strlen(key); + if (!h2_req_ignore_header(key, klen)) { + add_h1_header(x->req, x->pool, key, klen, value, strlen(value)); } + return 1; +} + +static apr_status_t add_all_h1_header(h2_request *req, apr_pool_t *pool, + apr_table_t *header) +{ + h1_ctx x; + x.req = req; + x.pool = pool; + apr_table_do(set_h1_header, &x, header, NULL); + return APR_SUCCESS; } -static apr_status_t insert_request_line(h2_request *req, h2_mplx *m); -apr_status_t h2_request_rwrite(h2_request *req, request_rec *r, h2_mplx *m) +apr_status_t h2_request_rwrite(h2_request *req, request_rec *r) { apr_status_t status; - req->method = r->method; + + req->method = r->method; + req->scheme = (r->parsed_uri.scheme? r->parsed_uri.scheme + : ap_http_scheme(r)); req->authority = r->hostname; - req->path = r->uri; - if (!ap_strchr_c(req->authority, ':') && r->parsed_uri.port_str) { - req->authority = apr_psprintf(req->pool, "%s:%s", req->authority, - r->parsed_uri.port_str); + req->path = apr_uri_unparse(r->pool, &r->parsed_uri, + APR_URI_UNP_OMITSITEPART); + + if (!ap_strchr_c(req->authority, ':') && r->server) { + req->authority = apr_psprintf(r->pool, "%s:%d", req->authority, + (int)r->server->port); } - req->scheme = NULL; - - status = insert_request_line(req, m); - if (status == APR_SUCCESS) { - status = h2_to_h1_add_headers(req->to_h1, r->headers_in); - } + AP_DEBUG_ASSERT(req->scheme); + AP_DEBUG_ASSERT(req->authority); + AP_DEBUG_ASSERT(req->path); + AP_DEBUG_ASSERT(req->method); + + status = add_all_h1_header(req, r->pool, r->headers_in); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, - "h2_request(%d): written request %s %s, host=%s", - req->id, req->method, req->path, req->authority); - + "h2_request(%d): rwrite %s host=%s://%s%s", + req->id, req->method, req->scheme, req->authority, req->path); + return status; } -apr_status_t h2_request_write_header(h2_request *req, - const char *name, size_t nlen, - const char *value, size_t vlen, - h2_mplx *m) +apr_status_t h2_request_add_header(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen) { apr_status_t status = APR_SUCCESS; @@ -90,8 +168,8 @@ apr_status_t h2_request_write_header(h2_request *req, if (name[0] == ':') { /* pseudo header, see ch. 8.1.2.3, always should come first */ - if (req->to_h1) { - ap_log_perror(APLOG_MARK, APLOG_ERR, 0, req->pool, + if (!apr_is_empty_table(req->headers)) { + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, pool, APLOGNO(02917) "h2_request(%d): pseudo header after request start", req->id); @@ -100,25 +178,25 @@ apr_status_t h2_request_write_header(h2_request *req, if (H2_HEADER_METHOD_LEN == nlen && !strncmp(H2_HEADER_METHOD, name, nlen)) { - req->method = apr_pstrndup(req->pool, value, vlen); + req->method = apr_pstrndup(pool, value, vlen); } else if (H2_HEADER_SCHEME_LEN == nlen && !strncmp(H2_HEADER_SCHEME, name, nlen)) { - req->scheme = apr_pstrndup(req->pool, value, vlen); + req->scheme = apr_pstrndup(pool, value, vlen); } else if (H2_HEADER_PATH_LEN == nlen && !strncmp(H2_HEADER_PATH, name, nlen)) { - req->path = apr_pstrndup(req->pool, value, vlen); + req->path = apr_pstrndup(pool, value, vlen); } else if (H2_HEADER_AUTH_LEN == nlen && !strncmp(H2_HEADER_AUTH, name, nlen)) { - req->authority = apr_pstrndup(req->pool, value, vlen); + req->authority = apr_pstrndup(pool, value, vlen); } else { char buffer[32]; memset(buffer, 0, 32); strncpy(buffer, name, (nlen > 31)? 31 : nlen); - ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, req->pool, + ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, pool, APLOGNO(02954) "h2_request(%d): ignoring unknown pseudo header %s", req->id, buffer); @@ -126,57 +204,121 @@ apr_status_t h2_request_write_header(h2_request *req, } else { /* non-pseudo header, append to work bucket of stream */ - if (!req->to_h1) { - status = insert_request_line(req, m); - if (status != APR_SUCCESS) { - return status; - } - } - - if (status == APR_SUCCESS) { - status = h2_to_h1_add_header(req->to_h1, - name, nlen, value, vlen); - } + status = add_h1_header(req, pool, name, nlen, value, vlen); } return status; } -apr_status_t h2_request_write_data(h2_request *req, - const char *data, size_t len) +apr_status_t h2_request_end_headers(h2_request *req, apr_pool_t *pool, int eos) { - return h2_to_h1_add_data(req->to_h1, data, len); -} + const char *s; + + if (req->eoh) { + return APR_EINVAL; + } -apr_status_t h2_request_end_headers(h2_request *req, struct h2_mplx *m, - h2_task *task, int eos) -{ - if (!req->to_h1) { - apr_status_t status = insert_request_line(req, m); - if (status != APR_SUCCESS) { - return status; + /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */ + if (!req->authority) { + return APR_BADARG; + } + apr_table_setn(req->headers, "Host", req->authority); + + s = apr_table_get(req->headers, "Content-Length"); + if (s) { + if (inspect_clen(req, s) != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, pool, + APLOGNO(02959) + "h2_request(%d): content-length value not parsed: %s", + req->id, s); + return APR_EINVAL; + } + } + else { + /* no content-length given */ + req->content_length = -1; + if (!eos) { + /* We have not seen a content-length and have no eos, + * simulate a chunked encoding for our HTTP/1.1 infrastructure, + * in case we have "H2SerializeHeaders on" here + */ + req->chunked = 1; + apr_table_mergen(req->headers, "Transfer-Encoding", "chunked"); + } + else if (apr_table_get(req->headers, "Content-Type")) { + /* If we have a content-type, but already see eos, no more + * data will come. Signal a zero content length explicitly. + */ + apr_table_setn(req->headers, "Content-Length", "0"); + } + } + + req->eoh = 1; + + /* In the presence of trailers, force behaviour of chunked encoding */ + s = apr_table_get(req->headers, "Trailer"); + if (s && s[0]) { + req->trailers = apr_table_make(pool, 5); + if (!req->chunked) { + req->chunked = 1; + apr_table_mergen(req->headers, "Transfer-Encoding", "chunked"); } } - return h2_to_h1_end_headers(req->to_h1, task, eos); + + return APR_SUCCESS; } -apr_status_t h2_request_close(h2_request *req) +static apr_status_t add_h1_trailer(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen) { - return h2_to_h1_close(req->to_h1); + char *hname, *hvalue; + + if (h2_req_ignore_trailer(name, nlen)) { + return APR_SUCCESS; + } + + hname = apr_pstrndup(pool, name, nlen); + hvalue = apr_pstrndup(pool, value, vlen); + h2_util_camel_case_header(hname, nlen); + + apr_table_mergen(req->trailers, hname, hvalue); + + return APR_SUCCESS; } -static apr_status_t insert_request_line(h2_request *req, h2_mplx *m) + +apr_status_t h2_request_add_trailer(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen) { - req->to_h1 = h2_to_h1_create(req->id, req->pool, req->bucket_alloc, - req->method, - req->scheme, - req->authority, - req->path, m); - return req->to_h1? APR_SUCCESS : APR_ENOMEM; + if (!req->trailers) { + ap_log_perror(APLOG_MARK, APLOG_DEBUG, APR_EINVAL, pool, + "h2_request(%d): unanounced trailers", + req->id); + return APR_EINVAL; + } + if (nlen == 0 || name[0] == ':') { + ap_log_perror(APLOG_MARK, APLOG_DEBUG, APR_EINVAL, pool, + "h2_request(%d): pseudo header in trailer", + req->id); + return APR_EINVAL; + } + return add_h1_trailer(req, pool, name, nlen, value, vlen); } -apr_status_t h2_request_flush(h2_request *req) +#define OPT_COPY(p, s) ((s)? apr_pstrdup(p, s) : NULL) + +void h2_request_copy(apr_pool_t *p, h2_request *dst, const h2_request *src) { - return h2_to_h1_flush(req->to_h1); + /* keep the dst id */ + dst->method = OPT_COPY(p, src->method); + dst->scheme = OPT_COPY(p, src->scheme); + dst->authority = OPT_COPY(p, src->authority); + dst->path = OPT_COPY(p, src->path); + dst->headers = apr_table_clone(p, src->headers); + dst->content_length = src->content_length; + dst->chunked = src->chunked; + dst->eoh = src->eoh; } diff --git a/modules/http2/h2_request.h b/modules/http2/h2_request.h index aa5e0bc3c0..19005a88e6 100644 --- a/modules/http2/h2_request.h +++ b/modules/http2/h2_request.h @@ -19,9 +19,6 @@ /* h2_request is the transformer of HTTP2 streams into HTTP/1.1 internal * format that will be fed to various httpd input filters to finally * become a request_rec to be handled by soemone. - * - * Ideally, we would make a request_rec without serializing the headers - * we have only to make someone else parse them back. */ struct h2_to_h1; struct h2_mplx; @@ -30,38 +27,45 @@ struct h2_task; typedef struct h2_request h2_request; struct h2_request { - int id; /* http2 stream id */ - apr_pool_t *pool; - apr_bucket_alloc_t *bucket_alloc; - struct h2_to_h1 *to_h1; /* Converter to HTTP/1.1 format*/ - + int id; /* stream id */ + /* pseudo header values, see ch. 8.1.2.3 */ const char *method; const char *scheme; const char *authority; const char *path; + + apr_table_t *headers; + apr_table_t *trailers; + + apr_off_t content_length; + int chunked; + int eoh; }; -h2_request *h2_request_create(int id, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc); +h2_request *h2_request_create(int id, apr_pool_t *pool); + +h2_request *h2_request_createn(int id, apr_pool_t *pool, + const char *method, const char *scheme, + const char *authority, const char *path, + apr_table_t *headers); + void h2_request_destroy(h2_request *req); -apr_status_t h2_request_flush(h2_request *req); +apr_status_t h2_request_rwrite(h2_request *req, request_rec *r); + +apr_status_t h2_request_add_header(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen); -apr_status_t h2_request_write_header(h2_request *req, - const char *name, size_t nlen, - const char *value, size_t vlen, - struct h2_mplx *m); +apr_status_t h2_request_add_trailer(h2_request *req, apr_pool_t *pool, + const char *name, size_t nlen, + const char *value, size_t vlen); -apr_status_t h2_request_write_data(h2_request *request, - const char *data, size_t len); +apr_status_t h2_request_end_headers(h2_request *req, apr_pool_t *pool, int eos); -apr_status_t h2_request_end_headers(h2_request *req, struct h2_mplx *m, - struct h2_task *task, int eos); +void h2_request_copy(apr_pool_t *p, h2_request *dst, const h2_request *src); -apr_status_t h2_request_close(h2_request *req); -apr_status_t h2_request_rwrite(h2_request *req, request_rec *r, - struct h2_mplx *m); #endif /* defined(__mod_h2__h2_request__) */ diff --git a/modules/http2/h2_response.c b/modules/http2/h2_response.c index 9cedd85561..2751f2d377 100644 --- a/modules/http2/h2_response.c +++ b/modules/http2/h2_response.c @@ -25,23 +25,14 @@ #include #include "h2_private.h" +#include "h2_h2.h" #include "h2_util.h" #include "h2_response.h" -static h2_ngheader *make_ngheader(apr_pool_t *pool, const char *status, - apr_table_t *header); - -static int ignore_header(const char *name) -{ - return (H2_HD_MATCH_LIT_CS("connection", name) - || H2_HD_MATCH_LIT_CS("proxy-connection", name) - || H2_HD_MATCH_LIT_CS("upgrade", name) - || H2_HD_MATCH_LIT_CS("keep-alive", name) - || H2_HD_MATCH_LIT_CS("transfer-encoding", name)); -} h2_response *h2_response_create(int stream_id, - const char *http_status, + int rst_error, + int http_status, apr_array_header_t *hlines, apr_pool_t *pool) { @@ -53,7 +44,8 @@ h2_response *h2_response_create(int stream_id, } response->stream_id = stream_id; - response->status = http_status; + response->rst_error = rst_error; + response->http_status = http_status? http_status : 500; response->content_length = -1; if (hlines) { @@ -72,10 +64,8 @@ h2_response *h2_response_create(int stream_id, while (*sep == ' ' || *sep == '\t') { ++sep; } - if (ignore_header(hline)) { - /* never forward, ch. 8.1.2.2 */ - } - else { + + if (!h2_util_ignore_header(hline)) { apr_table_merge(header, hline, sep); if (*sep && H2_HD_MATCH_LIT_CS("content-length", hline)) { char *end; @@ -96,7 +86,7 @@ h2_response *h2_response_create(int stream_id, header = apr_table_make(pool, 0); } - response->rheader = header; + response->header = header; return response; } @@ -109,9 +99,22 @@ h2_response *h2_response_rcreate(int stream_id, request_rec *r, } response->stream_id = stream_id; - response->status = apr_psprintf(pool, "%d", r->status); + response->http_status = r->status; response->content_length = -1; - response->rheader = header; + response->header = header; + + if (response->http_status == HTTP_FORBIDDEN) { + const char *cause = apr_table_get(r->notes, "ssl-renegotiate-forbidden"); + if (cause) { + /* This request triggered a TLS renegotiation that is now allowed + * in HTTP/2. Tell the client that it should use HTTP/1.1 for this. + */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, response->http_status, r, + "h2_response(%ld-%d): renegotiate forbidden, cause: %s", + (long)r->connection->id, stream_id, cause); + response->rst_error = H2_ERR_HTTP_1_1_REQUIRED; + } + } return response; } @@ -125,108 +128,12 @@ h2_response *h2_response_copy(apr_pool_t *pool, h2_response *from) { h2_response *to = apr_pcalloc(pool, sizeof(h2_response)); to->stream_id = from->stream_id; - to->status = apr_pstrdup(pool, from->status); + to->http_status = from->http_status; to->content_length = from->content_length; - if (from->rheader) { - to->ngheader = make_ngheader(pool, to->status, from->rheader); + if (from->header) { + to->header = apr_table_clone(pool, from->header); } return to; } -typedef struct { - nghttp2_nv *nv; - size_t nvlen; - size_t nvstrlen; - size_t offset; - char *strbuf; - apr_pool_t *pool; -} nvctx_t; - -static int count_header(void *ctx, const char *key, const char *value) -{ - if (!ignore_header(key)) { - nvctx_t *nvctx = (nvctx_t*)ctx; - nvctx->nvlen++; - nvctx->nvstrlen += strlen(key) + strlen(value) + 2; - } - return 1; -} - -#define NV_ADD_LIT_CS(nv, k, v) addnv_lit_cs(nv, k, sizeof(k) - 1, v, strlen(v)) -#define NV_ADD_CS_CS(nv, k, v) addnv_cs_cs(nv, k, strlen(k), v, strlen(v)) -#define NV_BUF_ADD(nv, s, len) memcpy(nv->strbuf, s, len); \ -s = nv->strbuf; \ -nv->strbuf += len + 1 - -static void addnv_cs_cs(nvctx_t *ctx, const char *key, size_t key_len, - const char *value, size_t val_len) -{ - nghttp2_nv *nv = &ctx->nv[ctx->offset]; - - NV_BUF_ADD(ctx, key, key_len); - NV_BUF_ADD(ctx, value, val_len); - - nv->name = (uint8_t*)key; - nv->namelen = key_len; - nv->value = (uint8_t*)value; - nv->valuelen = val_len; - - ctx->offset++; -} - -static void addnv_lit_cs(nvctx_t *ctx, const char *key, size_t key_len, - const char *value, size_t val_len) -{ - nghttp2_nv *nv = &ctx->nv[ctx->offset]; - - NV_BUF_ADD(ctx, value, val_len); - - nv->name = (uint8_t*)key; - nv->namelen = key_len; - nv->value = (uint8_t*)value; - nv->valuelen = val_len; - - ctx->offset++; -} - -static int add_header(void *ctx, const char *key, const char *value) -{ - if (!ignore_header(key)) { - nvctx_t *nvctx = (nvctx_t*)ctx; - NV_ADD_CS_CS(nvctx, key, value); - } - return 1; -} - -static h2_ngheader *make_ngheader(apr_pool_t *pool, const char *status, - apr_table_t *header) -{ - size_t n; - h2_ngheader *h; - nvctx_t ctx; - - ctx.nv = NULL; - ctx.nvlen = 1; - ctx.nvstrlen = strlen(status) + 1; - ctx.offset = 0; - ctx.strbuf = NULL; - ctx.pool = pool; - - apr_table_do(count_header, &ctx, header, NULL); - - n = (sizeof(h2_ngheader) - + (ctx.nvlen * sizeof(nghttp2_nv)) + ctx.nvstrlen); - h = apr_pcalloc(pool, n); - if (h) { - ctx.nv = (nghttp2_nv*)(h + 1); - ctx.strbuf = (char*)&ctx.nv[ctx.nvlen]; - - NV_ADD_LIT_CS(&ctx, ":status", status); - apr_table_do(add_header, &ctx, header, NULL); - - h->nv = ctx.nv; - h->nvlen = ctx.nvlen; - } - return h; -} diff --git a/modules/http2/h2_response.h b/modules/http2/h2_response.h index 456d2226ed..4085a41bdf 100644 --- a/modules/http2/h2_response.h +++ b/modules/http2/h2_response.h @@ -16,26 +16,22 @@ #ifndef __mod_h2__h2_response__ #define __mod_h2__h2_response__ -/* h2_response is just the data belonging the the head of a HTTP response, - * suitable prepared to be fed to nghttp2 for response submit. - */ -typedef struct h2_ngheader { - nghttp2_nv *nv; - apr_size_t nvlen; -} h2_ngheader; +struct h2_push; typedef struct h2_response { int stream_id; - const char *status; + int rst_error; + int http_status; apr_off_t content_length; - apr_table_t *rheader; - h2_ngheader *ngheader; + apr_table_t *header; + apr_table_t *trailer; } h2_response; h2_response *h2_response_create(int stream_id, - const char *http_status, - apr_array_header_t *hlines, - apr_pool_t *pool); + int rst_error, + int http_status, + apr_array_header_t *hlines, + apr_pool_t *pool); h2_response *h2_response_rcreate(int stream_id, request_rec *r, apr_table_t *header, apr_pool_t *pool); diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c index c3456a0654..d70eefd296 100644 --- a/modules/http2/h2_session.c +++ b/modules/http2/h2_session.c @@ -24,9 +24,13 @@ #include #include "h2_private.h" +#include "h2_bucket_eoc.h" +#include "h2_bucket_eos.h" #include "h2_config.h" #include "h2_h2.h" #include "h2_mplx.h" +#include "h2_push.h" +#include "h2_request.h" #include "h2_response.h" #include "h2_stream.h" #include "h2_stream_set.h" @@ -41,57 +45,110 @@ static int frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen); static int h2_session_status_from_apr_status(apr_status_t rv) { - switch (rv) { - case APR_SUCCESS: - return NGHTTP2_NO_ERROR; - case APR_EAGAIN: - case APR_TIMEUP: - return NGHTTP2_ERR_WOULDBLOCK; - case APR_EOF: + if (rv == APR_SUCCESS) { + return NGHTTP2_NO_ERROR; + } + else if (APR_STATUS_IS_EAGAIN(rv)) { + return NGHTTP2_ERR_WOULDBLOCK; + } + else if (APR_STATUS_IS_EOF(rv)) { return NGHTTP2_ERR_EOF; - default: - return NGHTTP2_ERR_PROTO; } + return NGHTTP2_ERR_PROTO; } -static int stream_open(h2_session *session, int stream_id) +h2_stream *h2_session_open_stream(h2_session *session, int stream_id) { h2_stream * stream; + apr_pool_t *stream_pool; if (session->aborted) { - return NGHTTP2_ERR_CALLBACK_FAILURE; + return NULL; } - stream = h2_mplx_open_io(session->mplx, stream_id); - if (stream) { - h2_stream_set_add(session->streams, stream); - if (stream->id > session->max_stream_received) { - session->max_stream_received = stream->id; - } - - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_session: stream(%ld-%d): opened", - session->id, stream_id); + if (session->spare) { + stream_pool = session->spare; + session->spare = NULL; + } + else { + apr_pool_create(&stream_pool, session->pool); + } + + stream = h2_stream_open(stream_id, stream_pool, session); + + h2_stream_set_add(session->streams, stream); + if (H2_STREAM_CLIENT_INITIATED(stream_id) + && stream_id > session->max_stream_received) { + session->max_stream_received = stream->id; + } + + return stream; +} + +apr_status_t h2_session_flush(h2_session *session) +{ + return h2_conn_io_flush(&session->io); +} + +/** + * Determine the importance of streams when scheduling tasks. + * - if both stream depend on the same one, compare weights + * - if one stream is closer to the root, prioritize that one + * - if both are on the same level, use the weight of their root + * level ancestors + */ +static int spri_cmp(int sid1, nghttp2_stream *s1, + int sid2, nghttp2_stream *s2, h2_session *session) +{ + nghttp2_stream *p1, *p2; + + p1 = nghttp2_stream_get_parent(s1); + p2 = nghttp2_stream_get_parent(s2); + + if (p1 == p2) { + int32_t w1, w2; - return 0; + w1 = nghttp2_stream_get_weight(s1); + w2 = nghttp2_stream_get_weight(s2); + return w2 - w1; + } + else if (!p1) { + /* stream 1 closer to root */ + return -1; } + else if (!p2) { + /* stream 2 closer to root */ + return 1; + } + return spri_cmp(sid1, p1, sid2, p2, session); +} + +static int stream_pri_cmp(int sid1, int sid2, void *ctx) +{ + h2_session *session = ctx; + nghttp2_stream *s1, *s2; - ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, session->c, - APLOGNO(02918) - "h2_session: stream(%ld-%d): unable to create", - session->id, stream_id); - return NGHTTP2_ERR_INVALID_STREAM_ID; + s1 = nghttp2_session_find_stream(session->ngh2, sid1); + s2 = nghttp2_session_find_stream(session->ngh2, sid2); + + if (s1 == s2) { + return 0; + } + else if (!s1) { + return 1; + } + else if (!s2) { + return -1; + } + return spri_cmp(sid1, s1, sid2, s2, session); } -static apr_status_t stream_end_headers(h2_session *session, - h2_stream *stream, int eos) +static apr_status_t stream_schedule(h2_session *session, + h2_stream *stream, int eos) { (void)session; - return h2_stream_write_eoh(stream, eos); + return h2_stream_schedule(stream, eos, stream_pri_cmp, session); } -static apr_status_t send_data(h2_session *session, const char *data, - apr_size_t length); - /* * Callback when nghttp2 wants to send bytes back to the client. */ @@ -100,14 +157,15 @@ static ssize_t send_cb(nghttp2_session *ngh2, int flags, void *userp) { h2_session *session = (h2_session *)userp; - apr_status_t status = send_data(session, (const char *)data, length); + apr_status_t status; (void)ngh2; (void)flags; + status = h2_conn_io_write(&session->io, (const char *)data, length); if (status == APR_SUCCESS) { return length; } - if (status == APR_EAGAIN || status == APR_TIMEUP) { + if (APR_STATUS_IS_EAGAIN(status)) { return NGHTTP2_ERR_WOULDBLOCK; } ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, @@ -140,19 +198,19 @@ static int on_data_chunk_recv_cb(nghttp2_session *ngh2, uint8_t flags, int32_t stream_id, const uint8_t *data, size_t len, void *userp) { - int rv; h2_session *session = (h2_session *)userp; + apr_status_t status = APR_SUCCESS; h2_stream * stream; - apr_status_t status; + int rv; (void)flags; if (session->aborted) { return NGHTTP2_ERR_CALLBACK_FAILURE; } - stream = h2_stream_set_get(session->streams, stream_id); + + stream = h2_session_get_stream(session, stream_id); if (!stream) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, - APLOGNO(02919) + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, "h2_session: stream(%ld-%d): on_data_chunk for unknown stream", session->id, (int)stream_id); rv = nghttp2_submit_rst_stream(ngh2, NGHTTP2_FLAG_NONE, stream_id, @@ -165,11 +223,11 @@ static int on_data_chunk_recv_cb(nghttp2_session *ngh2, uint8_t flags, status = h2_stream_write_data(stream, (const char *)data, len); ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, session->c, - "h2_stream(%ld-%d): written DATA, length %d", - session->id, stream_id, (int)len); + "h2_stream(%ld-%d): data_chunk_recv, written %ld bytes", + session->id, stream_id, (long)len); if (status != APR_SUCCESS) { rv = nghttp2_submit_rst_stream(ngh2, NGHTTP2_FLAG_NONE, stream_id, - NGHTTP2_INTERNAL_ERROR); + H2_STREAM_RST(stream, H2_ERR_INTERNAL_ERROR)); if (nghttp2_is_fatal(rv)) { return NGHTTP2_ERR_CALLBACK_FAILURE; } @@ -177,56 +235,7 @@ static int on_data_chunk_recv_cb(nghttp2_session *ngh2, uint8_t flags, return 0; } -static int before_frame_send_cb(nghttp2_session *ngh2, - const nghttp2_frame *frame, - void *userp) -{ - h2_session *session = (h2_session *)userp; - (void)ngh2; - - if (session->aborted) { - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - if (APLOGctrace2(session->c)) { - char buffer[256]; - frame_print(frame, buffer, sizeof(buffer)/sizeof(buffer[0])); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_session(%ld): before_frame_send %s", - session->id, buffer); - } - return 0; -} - -static int on_frame_send_cb(nghttp2_session *ngh2, - const nghttp2_frame *frame, - void *userp) -{ - h2_session *session = (h2_session *)userp; - (void)ngh2; (void)frame; - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, - "h2_session(%ld): on_frame_send", session->id); - return 0; -} - -static int on_frame_not_send_cb(nghttp2_session *ngh2, - const nghttp2_frame *frame, - int lib_error_code, void *userp) -{ - h2_session *session = (h2_session *)userp; - (void)ngh2; - - if (APLOGctrace2(session->c)) { - char buffer[256]; - - frame_print(frame, buffer, sizeof(buffer)/sizeof(buffer[0])); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_session: callback on_frame_not_send error=%d %s", - lib_error_code, buffer); - } - return 0; -} - -static apr_status_t stream_destroy(h2_session *session, +static apr_status_t stream_release(h2_session *session, h2_stream *stream, uint32_t error_code) { @@ -242,11 +251,13 @@ static apr_status_t stream_destroy(h2_session *session, ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, "h2_stream(%ld-%d): closing with err=%d %s", session->id, (int)stream->id, (int)error_code, - nghttp2_strerror(error_code)); + h2_h2_err_description(error_code)); + h2_stream_rst(stream, error_code); } - h2_stream_set_remove(session->streams, stream); - return h2_mplx_cleanup_stream(session->mplx, stream); + return h2_conn_io_writeb(&session->io, + h2_bucket_eos_create(session->c->bucket_alloc, + stream)); } static int on_stream_close_cb(nghttp2_session *ngh2, int32_t stream_id, @@ -259,33 +270,30 @@ static int on_stream_close_cb(nghttp2_session *ngh2, int32_t stream_id, if (session->aborted) { return NGHTTP2_ERR_CALLBACK_FAILURE; } - stream = h2_stream_set_get(session->streams, stream_id); + stream = h2_session_get_stream(session, stream_id); if (stream) { - stream_destroy(session, stream, error_code); + stream_release(session, stream, error_code); } - - if (error_code) { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_stream(%ld-%d): close error %d", - session->id, (int)stream_id, error_code); - } - return 0; } static int on_begin_headers_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, void *userp) { - /* This starts a new stream. */ - int rv; + h2_session *session = (h2_session *)userp; + h2_stream *s; + + /* We may see HEADERs at the start of a stream or after all DATA + * streams to carry trailers. */ (void)ngh2; - rv = stream_open((h2_session *)userp, frame->hd.stream_id); - if (rv != NGHTTP2_ERR_CALLBACK_FAILURE) { - /* on_header_cb or on_frame_recv_cb will dectect that stream - does not exist and submit RST_STREAM. */ - return 0; + s = h2_session_get_stream(session, frame->hd.stream_id); + if (s) { + /* nop */ } - return NGHTTP2_ERR_CALLBACK_FAILURE; + else { + s = h2_session_open_stream((h2_session *)userp, frame->hd.stream_id); + } + return s? 0 : NGHTTP2_ERR_CALLBACK_FAILURE; } static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, @@ -303,8 +311,8 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, if (session->aborted) { return NGHTTP2_ERR_CALLBACK_FAILURE; } - stream = h2_stream_set_get(session->streams, - frame->hd.stream_id); + + stream = h2_session_get_stream(session, frame->hd.stream_id); if (!stream) { ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, APLOGNO(02920) @@ -313,9 +321,9 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; } - status = h2_stream_write_header(stream, - (const char *)name, namelen, - (const char *)value, valuelen); + status = h2_stream_add_header(stream, (const char *)name, namelen, + (const char *)value, valuelen); + if (status != APR_SUCCESS) { return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; } @@ -331,63 +339,67 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, const nghttp2_frame *frame, void *userp) { - int rv; h2_session *session = (h2_session *)userp; apr_status_t status = APR_SUCCESS; + h2_stream *stream; + if (session->aborted) { return NGHTTP2_ERR_CALLBACK_FAILURE; } - ++session->frames_received; - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, - "h2_session(%ld): on_frame_rcv #%ld, type=%d", session->id, + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_stream(%ld-%d): on_frame_rcv #%ld, type=%d", + session->id, frame->hd.stream_id, (long)session->frames_received, frame->hd.type); + + ++session->frames_received; switch (frame->hd.type) { - case NGHTTP2_HEADERS: { - int eos; - h2_stream * stream = h2_stream_set_get(session->streams, - frame->hd.stream_id); - if (stream == NULL) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, - APLOGNO(02921) - "h2_session: stream(%ld-%d): HEADERS frame " - "for unknown stream", session->id, - (int)frame->hd.stream_id); - rv = nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_INTERNAL_ERROR); - if (nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; + case NGHTTP2_HEADERS: + /* This can be HEADERS for a new stream, defining the request, + * or HEADER may come after DATA at the end of a stream as in + * trailers */ + stream = h2_session_get_stream(session, frame->hd.stream_id); + if (stream) { + int eos = (frame->hd.flags & NGHTTP2_FLAG_END_STREAM); + + if (h2_stream_is_scheduled(stream)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_stream(%ld-%d): TRAILER, eos=%d", + session->id, frame->hd.stream_id, eos); + if (eos) { + status = h2_stream_close_input(stream); + } + } + else { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_stream(%ld-%d): HEADER, eos=%d", + session->id, frame->hd.stream_id, eos); + status = stream_schedule(session, stream, eos); } - return 0; } - - eos = (frame->hd.flags & NGHTTP2_FLAG_END_STREAM); - status = stream_end_headers(session, stream, eos); - + else { + status = APR_EINVAL; + } break; - } - case NGHTTP2_DATA: { - h2_stream * stream = h2_stream_set_get(session->streams, - frame->hd.stream_id); - if (stream == NULL) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, - APLOGNO(02922) - "h2_session: stream(%ld-%d): DATA frame " - "for unknown stream", session->id, - (int)frame->hd.stream_id); - rv = nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, - frame->hd.stream_id, - NGHTTP2_INTERNAL_ERROR); - if (nghttp2_is_fatal(rv)) { - return NGHTTP2_ERR_CALLBACK_FAILURE; + case NGHTTP2_DATA: + stream = h2_session_get_stream(session, frame->hd.stream_id); + if (stream) { + int eos = (frame->hd.flags & NGHTTP2_FLAG_END_STREAM); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_stream(%ld-%d): DATA, len=%ld, eos=%d", + session->id, frame->hd.stream_id, + (long)frame->hd.length, eos); + if (eos) { + status = h2_stream_close_input(stream); } - return 0; + } + else { + status = APR_EINVAL; } break; - } - case NGHTTP2_PRIORITY: { - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + case NGHTTP2_PRIORITY: + session->reprioritize = 1; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, "h2_session: stream(%ld-%d): PRIORITY frame " " weight=%d, dependsOn=%d, exclusive=%d", session->id, (int)frame->hd.stream_id, @@ -395,7 +407,13 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, frame->priority.pri_spec.stream_id, frame->priority.pri_spec.exclusive); break; - } + case NGHTTP2_WINDOW_UPDATE: + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_session: stream(%ld-%d): WINDOW_UPDATE " + "incr=%d", + session->id, (int)frame->hd.stream_id, + frame->window_update.window_size_increment); + break; default: if (APLOGctrace2(session->c)) { char buffer[256]; @@ -408,23 +426,10 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, break; } - /* only DATA and HEADERS frame can bear END_STREAM flag. Other - frame types may have other flag which has the same value, so we - have to check the frame type first. */ - if ((frame->hd.type == NGHTTP2_DATA || frame->hd.type == NGHTTP2_HEADERS) && - frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { - h2_stream * stream = h2_stream_set_get(session->streams, - frame->hd.stream_id); - if (stream != NULL) { - status = h2_stream_write_eos(stream); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, - "h2_stream(%ld-%d): input closed", - session->id, (int)frame->hd.stream_id); - } - } - if (status != APR_SUCCESS) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + int rv; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, APLOGNO(02923) "h2_session: stream(%ld-%d): error handling frame", session->id, (int)frame->hd.stream_id); @@ -434,24 +439,20 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, if (nghttp2_is_fatal(rv)) { return NGHTTP2_ERR_CALLBACK_FAILURE; } - return 0; } return 0; } -static apr_status_t send_data(h2_session *session, const char *data, - apr_size_t length) -{ - return h2_conn_io_write(&session->io, data, length); -} - static apr_status_t pass_data(void *ctx, - const char *data, apr_size_t length) + const char *data, apr_off_t length) { - return send_data((h2_session*)ctx, data, length); + return h2_conn_io_write(&((h2_session*)ctx)->io, data, length); } + +static char immortal_zeros[H2_MAX_PADLEN]; + static int on_send_data_cb(nghttp2_session *ngh2, nghttp2_frame *frame, const uint8_t *framehd, @@ -462,7 +463,7 @@ static int on_send_data_cb(nghttp2_session *ngh2, apr_status_t status = APR_SUCCESS; h2_session *session = (h2_session *)userp; int stream_id = (int)frame->hd.stream_id; - const unsigned char padlen = frame->data.padlen; + unsigned char padlen; int eos; h2_stream *stream; @@ -472,7 +473,12 @@ static int on_send_data_cb(nghttp2_session *ngh2, return NGHTTP2_ERR_CALLBACK_FAILURE; } - stream = h2_stream_set_get(session->streams, stream_id); + if (frame->data.padlen > H2_MAX_PADLEN) { + return NGHTTP2_ERR_PROTO; + } + padlen = (unsigned char)frame->data.padlen; + + stream = h2_session_get_stream(session, stream_id); if (!stream) { ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_NOTFOUND, session->c, APLOGNO(02924) @@ -481,45 +487,74 @@ static int on_send_data_cb(nghttp2_session *ngh2, return NGHTTP2_ERR_CALLBACK_FAILURE; } - status = send_data(session, (const char *)framehd, 9); - if (status == APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_stream(%ld-%d): send_data_cb for %ld bytes", + session->id, (int)stream_id, (long)length); + + if (h2_conn_io_is_buffered(&session->io)) { + status = h2_conn_io_write(&session->io, (const char *)framehd, 9); + if (status == APR_SUCCESS) { + if (padlen) { + status = h2_conn_io_write(&session->io, (const char *)&padlen, 1); + } + + if (status == APR_SUCCESS) { + apr_off_t len = length; + status = h2_stream_readx(stream, pass_data, session, &len, &eos); + if (status == APR_SUCCESS && len != length) { + status = APR_EINVAL; + } + } + + if (status == APR_SUCCESS && padlen) { + if (padlen) { + status = h2_conn_io_write(&session->io, immortal_zeros, padlen); + } + } + } + } + else { + apr_bucket *b; + char *header = apr_pcalloc(stream->pool, 10); + memcpy(header, (const char *)framehd, 9); if (padlen) { - status = send_data(session, (const char *)&padlen, 1); + header[9] = (char)padlen; } - + b = apr_bucket_pool_create(header, padlen? 10 : 9, + stream->pool, session->c->bucket_alloc); + status = h2_conn_io_writeb(&session->io, b); + if (status == APR_SUCCESS) { - apr_size_t len = length; - status = h2_stream_readx(stream, pass_data, session, - &len, &eos); + apr_off_t len = length; + status = h2_stream_read_to(stream, session->io.output, &len, &eos); if (status == APR_SUCCESS && len != length) { status = APR_EINVAL; } } - + if (status == APR_SUCCESS && padlen) { - if (padlen) { - char pad[256]; - memset(pad, 0, padlen); - status = send_data(session, pad, padlen); - } + b = apr_bucket_immortal_create(immortal_zeros, padlen, + session->c->bucket_alloc); + status = h2_conn_io_writeb(&session->io, b); } } + if (status == APR_SUCCESS) { + stream->data_frames_sent++; + h2_conn_io_consider_flush(&session->io); return 0; } - else if (status != APR_EOF) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, APLOGNO(02925) "h2_stream(%ld-%d): failed send_data_cb", session->id, (int)stream_id); - return NGHTTP2_ERR_CALLBACK_FAILURE; } return h2_session_status_from_apr_status(status); } - #define NGH2_SET_CALLBACK(callbacks, name, fn)\ nghttp2_session_callbacks_set_##name##_callback(callbacks, fn) @@ -537,9 +572,6 @@ static apr_status_t init_callbacks(conn_rec *c, nghttp2_session_callbacks **pcb) NGH2_SET_CALLBACK(*pcb, on_frame_recv, on_frame_recv_cb); NGH2_SET_CALLBACK(*pcb, on_invalid_frame_recv, on_invalid_frame_recv_cb); NGH2_SET_CALLBACK(*pcb, on_data_chunk_recv, on_data_chunk_recv_cb); - NGH2_SET_CALLBACK(*pcb, before_frame_send, before_frame_send_cb); - NGH2_SET_CALLBACK(*pcb, on_frame_send, on_frame_send_cb); - NGH2_SET_CALLBACK(*pcb, on_frame_not_send, on_frame_not_send_cb); NGH2_SET_CALLBACK(*pcb, on_stream_close, on_stream_close_cb); NGH2_SET_CALLBACK(*pcb, on_begin_headers, on_begin_headers_cb); NGH2_SET_CALLBACK(*pcb, on_header, on_header_cb); @@ -548,6 +580,16 @@ static apr_status_t init_callbacks(conn_rec *c, nghttp2_session_callbacks **pcb) return APR_SUCCESS; } +static apr_status_t session_pool_cleanup(void *data) +{ + h2_session *session = data; + + /* keep us from destroying the pool, since that is already ongoing. */ + session->pool = NULL; + h2_session_destroy(session); + return APR_SUCCESS; +} + static h2_session *h2_session_create_int(conn_rec *c, request_rec *r, h2_config *config, @@ -570,6 +612,8 @@ static h2_session *h2_session_create_int(conn_rec *c, session->c = c; session->r = r; + apr_pool_pre_cleanup_register(pool, session, session_pool_cleanup); + session->max_stream_count = h2_config_geti(config, H2_CONF_MAX_STREAMS); session->max_stream_mem = h2_config_geti(config, H2_CONF_STREAM_MAX_MEM); @@ -580,7 +624,7 @@ static h2_session *h2_session_create_int(conn_rec *c, return NULL; } - session->streams = h2_stream_set_create(session->pool); + session->streams = h2_stream_set_create(session->pool, session->max_stream_count); session->workers = workers; session->mplx = h2_mplx_create(c, session->pool, workers); @@ -641,15 +685,37 @@ h2_session *h2_session_rcreate(request_rec *r, h2_config *config, return h2_session_create_int(r->connection, r, config, workers); } -void h2_session_destroy(h2_session *session) +static void h2_session_cleanup(h2_session *session) { AP_DEBUG_ASSERT(session); + /* This is an early cleanup of the session that may + * discard what is no longer necessary for *new* streams + * and general HTTP/2 processing. + * At this point, all frames are in transit or somehwere in + * our buffers or passed down output filters. + * h2 streams might still being written out. + */ + if (session->ngh2) { + nghttp2_session_del(session->ngh2); + session->ngh2 = NULL; + } + if (session->spare) { + apr_pool_destroy(session->spare); + session->spare = NULL; + } if (session->mplx) { h2_mplx_release_and_join(session->mplx, session->iowait); session->mplx = NULL; } +} + +void h2_session_destroy(h2_session *session) +{ + AP_DEBUG_ASSERT(session); + h2_session_cleanup(session); + if (session->streams) { - if (h2_stream_set_size(session->streams)) { + if (!h2_stream_set_is_empty(session->streams)) { ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, "h2_session(%ld): destroy, %d streams open", session->id, (int)h2_stream_set_size(session->streams)); @@ -657,35 +723,37 @@ void h2_session_destroy(h2_session *session) h2_stream_set_destroy(session->streams); session->streams = NULL; } - if (session->ngh2) { - nghttp2_session_del(session->ngh2); - session->ngh2 = NULL; - } - h2_conn_io_destroy(&session->io); - - if (session->iowait) { - apr_thread_cond_destroy(session->iowait); - session->iowait = NULL; - } - if (session->pool) { apr_pool_destroy(session->pool); } } + +void h2_session_eoc_callback(h2_session *session) +{ + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "session(%ld): cleanup and destroy", session->id); + apr_pool_cleanup_kill(session->pool, session, session_pool_cleanup); + h2_session_destroy(session); +} + static apr_status_t h2_session_abort_int(h2_session *session, int reason) { AP_DEBUG_ASSERT(session); if (!session->aborted) { session->aborted = 1; - if (session->ngh2) { - - if (!reason) { + + if (session->ngh2) { + if (NGHTTP2_ERR_EOF == reason) { + /* This is our way of indication that the connection is + * gone. No use to send any GOAWAY frames. */ + nghttp2_session_terminate_session(session->ngh2, reason); + } + else if (!reason) { nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, session->max_stream_received, reason, NULL, 0); nghttp2_session_send(session->ngh2); - h2_conn_io_flush(&session->io); } else { const char *err = nghttp2_strerror(reason); @@ -694,21 +762,13 @@ static apr_status_t h2_session_abort_int(h2_session *session, int reason) "session(%ld): aborting session, reason=%d %s", session->id, reason, err); - if (NGHTTP2_ERR_EOF == reason) { - /* This is our way of indication that the connection is - * gone. No use to send any GOAWAY frames. */ - nghttp2_session_terminate_session(session->ngh2, reason); - } - else { - /* The connection might still be there and we shut down - * with GOAWAY and reason information. */ - nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, - session->max_stream_received, - reason, (const uint8_t *)err, - strlen(err)); - nghttp2_session_send(session->ngh2); - h2_conn_io_flush(&session->io); - } + /* The connection might still be there and we shut down + * with GOAWAY and reason information. */ + nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, + session->max_stream_received, + reason, (const uint8_t *)err, + strlen(err)); + nghttp2_session_send(session->ngh2); } } h2_mplx_abort(session->mplx); @@ -731,10 +791,12 @@ apr_status_t h2_session_abort(h2_session *session, apr_status_t reason, int rv) rv = 0; /* ...gracefully shut down */ break; case APR_EBADF: /* connection unusable, terminate silently */ - case APR_ECONNABORTED: - rv = NGHTTP2_ERR_EOF; - break; default: + if (APR_STATUS_IS_ECONNABORTED(reason) + || APR_STATUS_IS_ECONNRESET(reason) + || APR_STATUS_IS_EBADF(reason)) { + rv = NGHTTP2_ERR_EOF; + } break; } } @@ -746,6 +808,8 @@ apr_status_t h2_session_start(h2_session *session, int *rv) apr_status_t status = APR_SUCCESS; h2_config *config; nghttp2_settings_entry settings[3]; + size_t slen; + int i; AP_DEBUG_ASSERT(session); /* Start the conversation by submitting our SETTINGS frame */ @@ -789,8 +853,8 @@ apr_status_t h2_session_start(h2_session *session, int *rv) } /* Now we need to auto-open stream 1 for the request we got. */ - *rv = stream_open(session, 1); - if (*rv != 0) { + stream = h2_session_open_stream(session, 1); + if (!stream) { status = APR_EGENERAL; ap_log_rerror(APLOG_MARK, APLOG_ERR, status, session->r, APLOGNO(02933) "open stream 1: %s", @@ -798,34 +862,29 @@ apr_status_t h2_session_start(h2_session *session, int *rv) return status; } - stream = h2_stream_set_get(session->streams, 1); - if (stream == NULL) { - status = APR_EGENERAL; - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, session->r, - APLOGNO(02934) "lookup of stream 1"); - return status; - } - - status = h2_stream_rwrite(stream, session->r); + status = h2_stream_set_request(stream, session->r); if (status != APR_SUCCESS) { return status; } - status = stream_end_headers(session, stream, 1); + status = stream_schedule(session, stream, 1); if (status != APR_SUCCESS) { return status; } } - settings[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; - settings[0].value = (uint32_t)session->max_stream_count; - settings[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; - settings[1].value = h2_config_geti(config, H2_CONF_WIN_SIZE); - settings[2].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE; - settings[2].value = 64*1024; + slen = 0; + settings[slen].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; + settings[slen].value = (uint32_t)session->max_stream_count; + ++slen; + i = h2_config_geti(config, H2_CONF_WIN_SIZE); + if (i != H2_INITIAL_WINDOW_SIZE) { + settings[slen].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; + settings[slen].value = i; + ++slen; + } *rv = nghttp2_submit_settings(session->ngh2, NGHTTP2_FLAG_NONE, - settings, - sizeof(settings)/sizeof(settings[0])); + settings, slen); if (*rv != 0) { status = APR_EGENERAL; ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, @@ -836,11 +895,6 @@ apr_status_t h2_session_start(h2_session *session, int *rv) return status; } -static int h2_session_want_write(h2_session *session) -{ - return nghttp2_session_want_write(session->ngh2); -} - typedef struct { h2_session *session; int resume_count; @@ -853,7 +907,7 @@ static int resume_on_data(void *ctx, h2_stream *stream) { AP_DEBUG_ASSERT(stream); if (h2_stream_is_suspended(stream)) { - if (h2_mplx_out_has_data_for(stream->m, stream->id)) { + if (h2_mplx_out_has_data_for(stream->session->mplx, stream->id)) { int rv; h2_stream_set_suspended(stream, 0); ++rctx->resume_count; @@ -886,98 +940,18 @@ static int h2_session_resume_streams_with_data(h2_session *session) { return 0; } -static void update_window(void *ctx, int stream_id, apr_size_t bytes_read) +static void update_window(void *ctx, int stream_id, apr_off_t bytes_read) { h2_session *session = (h2_session*)ctx; nghttp2_session_consume(session->ngh2, stream_id, bytes_read); } -static apr_status_t h2_session_update_windows(h2_session *session) -{ - return h2_mplx_in_update_windows(session->mplx, update_window, session); -} - -apr_status_t h2_session_write(h2_session *session, apr_interval_time_t timeout) -{ - apr_status_t status = APR_EAGAIN; - h2_stream *stream = NULL; - int flush_output = 0; - - AP_DEBUG_ASSERT(session); - - /* Check that any pending window updates are sent. */ - status = h2_session_update_windows(session); - if (status == APR_SUCCESS) { - flush_output = 1; - } - else if (status != APR_EAGAIN) { - return status; - } - - if (h2_session_want_write(session)) { - int rv; - status = APR_SUCCESS; - rv = nghttp2_session_send(session->ngh2); - if (rv != 0) { - ap_log_cerror( APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_session: send: %s", nghttp2_strerror(rv)); - if (nghttp2_is_fatal(rv)) { - h2_session_abort_int(session, rv); - status = APR_ECONNABORTED; - } - } - flush_output = 1; - } - - /* If we have responses ready, submit them now. */ - while ((stream = h2_mplx_next_submit(session->mplx, - session->streams)) != NULL) { - status = h2_session_handle_response(session, stream); - flush_output = 1; - } - - if (h2_session_resume_streams_with_data(session) > 0) { - flush_output = 1; - } - - if (!flush_output && timeout > 0 && !h2_session_want_write(session)) { - status = h2_mplx_out_trywait(session->mplx, timeout, session->iowait); - - if (status != APR_TIMEUP - && h2_session_resume_streams_with_data(session) > 0) { - flush_output = 1; - } - else { - /* nothing happened to ongoing streams, do some house-keeping */ - } - } - - if (h2_session_want_write(session)) { - int rv; - status = APR_SUCCESS; - rv = nghttp2_session_send(session->ngh2); - if (rv != 0) { - ap_log_cerror( APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_session: send2: %s", nghttp2_strerror(rv)); - if (nghttp2_is_fatal(rv)) { - h2_session_abort_int(session, rv); - status = APR_ECONNABORTED; - } - } - flush_output = 1; - } - - if (flush_output) { - h2_conn_io_flush(&session->io); - } - - return status; -} - h2_stream *h2_session_get_stream(h2_session *session, int stream_id) { - AP_DEBUG_ASSERT(session); - return h2_stream_set_get(session->streams, stream_id); + if (!session->last_stream || stream_id != session->last_stream->id) { + session->last_stream = h2_stream_set_get(session->streams, stream_id); + } + return session->last_stream; } /* h2_io_on_read_cb implementation that offers the data read @@ -1010,20 +984,21 @@ static apr_status_t session_receive(const char *data, apr_size_t len, return APR_SUCCESS; } -apr_status_t h2_session_read(h2_session *session, apr_read_type_e block) -{ - AP_DEBUG_ASSERT(session); - return h2_conn_io_read(&session->io, block, session_receive, session); -} - apr_status_t h2_session_close(h2_session *session) { AP_DEBUG_ASSERT(session); - return session->aborted? APR_SUCCESS : h2_conn_io_flush(&session->io); + if (!session->aborted) { + h2_session_abort_int(session, 0); + } + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0,session->c, + "h2_session: closing, writing eoc"); + + h2_session_cleanup(session); + return h2_conn_io_writeb(&session->io, + h2_bucket_eoc_create(session->c->bucket_alloc, + session)); } -/* The session wants to send more DATA for the given stream. - */ static ssize_t stream_data_cb(nghttp2_session *ng2s, int32_t stream_id, uint8_t *buf, @@ -1033,18 +1008,27 @@ static ssize_t stream_data_cb(nghttp2_session *ng2s, void *puser) { h2_session *session = (h2_session *)puser; - apr_size_t nread = length; + apr_off_t nread = length; int eos = 0; apr_status_t status; h2_stream *stream; AP_DEBUG_ASSERT(session); + /* The session wants to send more DATA for the stream. We need + * to find out how much of the requested length we can send without + * blocking. + * Indicate EOS when we encounter it or DEFERRED if the stream + * should be suspended. + * TODO: for handling of TRAILERS, the EOF indication needs + * to be aware of that. + */ + (void)ng2s; (void)buf; (void)source; - stream = h2_stream_set_get(session->streams, stream_id); + stream = h2_session_get_stream(session, stream_id); if (!stream) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_NOTFOUND, session->c, + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, APLOGNO(02937) "h2_stream(%ld-%d): data requested but stream not found", session->id, (int)stream_id); @@ -1062,6 +1046,10 @@ static ssize_t stream_data_cb(nghttp2_session *ng2s, case APR_SUCCESS: break; + case APR_ECONNRESET: + return nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, + stream->id, stream->rst_error); + case APR_EAGAIN: /* If there is no data available, our session will automatically * suspend this stream and not ask for more data until we resume @@ -1088,6 +1076,18 @@ static ssize_t stream_data_cb(nghttp2_session *ng2s, } if (eos) { + apr_table_t *trailers = h2_stream_get_trailers(stream); + if (trailers && !apr_is_empty_table(trailers)) { + h2_ngheader *nh; + int rv; + + nh = h2_util_ngheader_make(stream->pool, trailers); + rv = nghttp2_submit_trailer(ng2s, stream->id, nh->nv, nh->nvlen); + if (rv < 0) { + nread = rv; + } + } + *data_flags |= NGHTTP2_DATA_FLAG_EOF; } @@ -1100,57 +1100,75 @@ typedef struct { size_t offset; } nvctx_t; -static int submit_response(h2_session *session, h2_response *response) -{ - nghttp2_data_provider provider; - int rv; - - memset(&provider, 0, sizeof(provider)); - provider.source.fd = response->stream_id; - provider.read_callback = stream_data_cb; - - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, - "h2_stream(%ld-%d): submitting response %s", - session->id, response->stream_id, response->status); - - rv = nghttp2_submit_response(session->ngh2, response->stream_id, - response->ngheader->nv, - response->ngheader->nvlen, &provider); - - if (rv != 0) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, - APLOGNO(02939) "h2_stream(%ld-%d): submit_response: %s", - session->id, response->stream_id, nghttp2_strerror(rv)); - } - else { - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - "h2_stream(%ld-%d): submitted response %s, rv=%d", - session->id, response->stream_id, - response->status, rv); - } - return rv; -} - -/* Start submitting the response to a stream request. This is possible +/** + * Start submitting the response to a stream request. This is possible * once we have all the response headers. The response body will be * read by the session using the callback we supply. */ -apr_status_t h2_session_handle_response(h2_session *session, h2_stream *stream) +static apr_status_t submit_response(h2_session *session, h2_stream *stream) { apr_status_t status = APR_SUCCESS; int rv = 0; AP_DEBUG_ASSERT(session); AP_DEBUG_ASSERT(stream); - AP_DEBUG_ASSERT(stream->response); + AP_DEBUG_ASSERT(stream->response || stream->rst_error); - if (stream->response->ngheader) { - rv = submit_response(session, stream->response); + if (stream->submitted) { + rv = NGHTTP2_PROTOCOL_ERROR; + } + else if (stream->response && stream->response->header) { + nghttp2_data_provider provider; + h2_response *response = stream->response; + h2_ngheader *ngh; + + memset(&provider, 0, sizeof(provider)); + provider.source.fd = stream->id; + provider.read_callback = stream_data_cb; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): submit response %d", + session->id, stream->id, response->http_status); + + ngh = h2_util_ngheader_make_res(stream->pool, response->http_status, + response->header); + rv = nghttp2_submit_response(session->ngh2, response->stream_id, + ngh->nv, ngh->nvlen, &provider); + + /* If the submit worked, + * and this stream is not a pushed one itself, + * and HTTP/2 server push is enabled here, + * and the response is in the range 200-299 *), + * and the remote side has pushing enabled, + * -> find and perform any pushes on this stream + * + * *) the response code is relevant, as we do not want to + * make pushes on 401 or 403 codes, neiterh on 301/302 + * and friends. And if we see a 304, we do not push either + * as the client, having this resource in its cache, might + * also have the pushed ones as well. + */ + if (!rv + && !stream->initiated_on + && h2_config_geti(h2_config_get(session->c), H2_CONF_PUSH) + && H2_HTTP_2XX(response->http_status) + && h2_session_push_enabled(session)) { + + h2_stream_submit_pushes(stream); + } } else { + int err = H2_STREAM_RST(stream, H2_ERR_PROTOCOL_ERROR); + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): RST_STREAM, err=%d", + session->id, stream->id, err); + rv = nghttp2_submit_rst_stream(session->ngh2, NGHTTP2_FLAG_NONE, - stream->id, NGHTTP2_PROTOCOL_ERROR); + stream->id, err); } + stream->submitted = 1; + if (nghttp2_is_fatal(rv)) { status = APR_EGENERAL; h2_session_abort_int(session, rv); @@ -1158,37 +1176,88 @@ apr_status_t h2_session_handle_response(h2_session *session, h2_stream *stream) APLOGNO(02940) "submit_response: %s", nghttp2_strerror(rv)); } + return status; } -int h2_session_is_done(h2_session *session) +struct h2_stream *h2_session_push(h2_session *session, h2_stream *is, + h2_push *push) { - AP_DEBUG_ASSERT(session); - return (session->aborted - || !session->ngh2 - || (!nghttp2_session_want_read(session->ngh2) - && !nghttp2_session_want_write(session->ngh2))); -} + apr_status_t status; + h2_stream *stream; + h2_ngheader *ngh; + int nid; + + ngh = h2_util_ngheader_make_req(is->pool, push->req); + nid = nghttp2_submit_push_promise(session->ngh2, 0, push->initiating_id, + ngh->nv, ngh->nvlen, NULL); + + if (nid <= 0) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): submitting push promise fail: %s", + session->id, push->initiating_id, + nghttp2_strerror(nid)); + return NULL; + } + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): promised new stream %d for %s %s", + session->id, push->initiating_id, nid, + push->req->method, push->req->path); + + stream = h2_session_open_stream(session, nid); + if (stream) { + h2_stream_set_h2_request(stream, is->id, push->req); + status = stream_schedule(session, stream, 1); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_stream(%ld-%d): scheduling push stream", + session->id, stream->id); + h2_stream_cleanup(stream); + stream = NULL; + } + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): failed to create stream obj %d", + session->id, push->initiating_id, nid); + } -static int log_stream(void *ctx, h2_stream *stream) -{ - h2_session *session = (h2_session *)ctx; - AP_DEBUG_ASSERT(session); - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, - "h2_stream(%ld-%d): in set, suspended=%d, aborted=%d, " - "has_data=%d", - session->id, stream->id, stream->suspended, stream->aborted, - h2_mplx_out_has_data_for(session->mplx, stream->id)); - return 1; + if (!stream) { + /* try to tell the client that it should not wait. */ + nghttp2_submit_rst_stream(session->ngh2, NGHTTP2_FLAG_NONE, nid, + NGHTTP2_INTERNAL_ERROR); + } + + return stream; } -void h2_session_log_stats(h2_session *session) +apr_status_t h2_session_stream_destroy(h2_session *session, h2_stream *stream) { - AP_DEBUG_ASSERT(session); - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, - "h2_session(%ld): %d open streams", - session->id, (int)h2_stream_set_size(session->streams)); - h2_stream_set_iter(session->streams, log_stream, session); + apr_pool_t *pool = h2_stream_detach_pool(stream); + + /* this may be called while the session has already freed + * some internal structures. */ + if (session->mplx) { + h2_mplx_stream_done(session->mplx, stream->id, stream->rst_error); + if (session->last_stream == stream) { + session->last_stream = NULL; + } + } + + if (session->streams) { + h2_stream_set_remove(session->streams, stream->id); + } + h2_stream_destroy(stream); + + if (pool) { + apr_pool_clear(pool); + if (session->spare) { + apr_pool_destroy(session->spare); + } + session->spare = pool; + } + return APR_SUCCESS; } static int frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen) @@ -1268,3 +1337,184 @@ static int frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen) } } +int h2_session_push_enabled(h2_session *session) +{ + return nghttp2_session_get_remote_settings(session->ngh2, + NGHTTP2_SETTINGS_ENABLE_PUSH); +} + + +apr_status_t h2_session_process(h2_session *session) +{ + apr_status_t status = APR_SUCCESS; + apr_interval_time_t wait_micros = 0; + static const int MAX_WAIT_MICROS = 200 * 1000; + int got_streams = 0; + + while (!session->aborted && (nghttp2_session_want_read(session->ngh2) + || nghttp2_session_want_write(session->ngh2))) { + int have_written = 0; + int have_read = 0; + + /* Send data as long as we have it and window sizes allow. We are + * a server after all. + */ + if (nghttp2_session_want_write(session->ngh2)) { + int rv; + + rv = nghttp2_session_send(session->ngh2); + if (rv != 0) { + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session: send: %s", nghttp2_strerror(rv)); + if (nghttp2_is_fatal(rv)) { + h2_session_abort(session, status, rv); + goto end_process; + } + } + else { + have_written = 1; + wait_micros = 0; + } + } + + if (wait_micros > 0) { + ap_log_cerror( APLOG_MARK, APLOG_TRACE3, 0, session->c, + "h2_session: wait for data, %ld micros", (long)(wait_micros)); + h2_conn_io_pass(&session->io); + status = h2_mplx_out_trywait(session->mplx, wait_micros, session->iowait); + + if (status == APR_TIMEUP) { + if (wait_micros < MAX_WAIT_MICROS) { + wait_micros *= 2; + } + } + } + + if (nghttp2_session_want_read(session->ngh2)) + { + /* When we + * - and have no streams at all + * - or have streams, but none is suspended or needs submit and + * have nothing written on the last try + * + * or, the other way around + * - have only streams where data can be sent, but could + * not send anything + * + * then we are waiting on frames from the client (for + * example WINDOW_UPDATE or HEADER) and without new frames + * from the client, we cannot make any progress, + * + * and *then* we can safely do a blocking read. + */ + int may_block = (session->frames_received <= 1); + if (!may_block) { + if (got_streams) { + may_block = (!have_written + && !h2_stream_set_has_unsubmitted(session->streams) + && !h2_stream_set_has_suspended(session->streams)); + } + else { + may_block = 1; + } + } + + if (may_block) { + h2_conn_io_flush(&session->io); + if (session->c->cs) { + session->c->cs->state = (got_streams? CONN_STATE_HANDLER + : CONN_STATE_WRITE_COMPLETION); + } + status = h2_conn_io_read(&session->io, APR_BLOCK_READ, + session_receive, session); + } + else { + if (session->c->cs) { + session->c->cs->state = CONN_STATE_HANDLER; + } + status = h2_conn_io_read(&session->io, APR_NONBLOCK_READ, + session_receive, session); + } + + switch (status) { + case APR_SUCCESS: /* successful read, reset our idle timers */ + have_read = 1; + wait_micros = 0; + break; + case APR_EAGAIN: /* non-blocking read, nothing there */ + break; + default: + if (APR_STATUS_IS_ETIMEDOUT(status) + || APR_STATUS_IS_ECONNABORTED(status) + || APR_STATUS_IS_ECONNRESET(status) + || APR_STATUS_IS_EOF(status) + || APR_STATUS_IS_EBADF(status)) { + /* common status for a client that has left */ + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session(%ld): terminating", + session->id); + /* Stolen from mod_reqtimeout to speed up lingering when + * a read timeout happened. + */ + apr_table_setn(session->c->notes, "short-lingering-close", "1"); + } + else { + /* uncommon status, log on INFO so that we see this */ + ap_log_cerror( APLOG_MARK, APLOG_INFO, status, session->c, + APLOGNO(02950) + "h2_session(%ld): error reading, terminating", + session->id); + } + h2_session_abort(session, status, 0); + goto end_process; + } + } + + got_streams = !h2_stream_set_is_empty(session->streams); + if (got_streams) { + h2_stream *stream; + + if (session->reprioritize) { + h2_mplx_reprioritize(session->mplx, stream_pri_cmp, session); + session->reprioritize = 0; + } + + if (!have_read && !have_written) { + /* Nothing read or written. That means no data yet ready to + * be send out. Slowly back off... + */ + if (wait_micros == 0) { + wait_micros = 10; + } + } + + if (h2_stream_set_has_open_input(session->streams)) { + /* Check that any pending window updates are sent. */ + status = h2_mplx_in_update_windows(session->mplx, update_window, session); + if (APR_STATUS_IS_EAGAIN(status)) { + status = APR_SUCCESS; + } + else if (status == APR_SUCCESS) { + /* need to flush window updates onto the connection asap */ + h2_conn_io_flush(&session->io); + } + } + + h2_session_resume_streams_with_data(session); + + if (h2_stream_set_has_unsubmitted(session->streams)) { + /* If we have responses ready, submit them now. */ + while ((stream = h2_mplx_next_submit(session->mplx, session->streams))) { + status = submit_response(session, stream); + } + } + } + + if (have_written) { + h2_conn_io_flush(&session->io); + } + } + +end_process: + return status; +} diff --git a/modules/http2/h2_session.h b/modules/http2/h2_session.h index 12768a90fb..90052fc9e7 100644 --- a/modules/http2/h2_session.h +++ b/modules/http2/h2_session.h @@ -41,6 +41,7 @@ struct apr_thread_mutext_t; struct apr_thread_cond_t; struct h2_config; struct h2_mplx; +struct h2_push; struct h2_response; struct h2_session; struct h2_stream; @@ -58,6 +59,8 @@ struct h2_session { request_rec *r; /* the request that started this in case * of 'h2c', NULL otherwise */ int aborted; /* this session is being aborted */ + int reprioritize; /* scheduled streams priority needs to + * be re-evaluated */ apr_size_t frames_received; /* number of http/2 frames received */ apr_size_t max_stream_count; /* max number of open streams */ apr_size_t max_stream_mem; /* max buffer memory for a single stream */ @@ -69,11 +72,14 @@ struct h2_session { h2_conn_io io; /* io on httpd conn filters */ struct h2_mplx *mplx; /* multiplexer for stream data */ + struct h2_stream *last_stream; /* last stream worked with */ struct h2_stream_set *streams; /* streams handled by this session */ int max_stream_received; /* highest stream id created */ int max_stream_handled; /* highest stream id handled successfully */ + apr_pool_t *spare; /* spare stream pool */ + struct nghttp2_session *ngh2; /* the nghttp2 session (internal use) */ struct h2_workers *workers; /* for executing stream tasks */ }; @@ -101,6 +107,14 @@ h2_session *h2_session_create(conn_rec *c, struct h2_config *cfg, h2_session *h2_session_rcreate(request_rec *r, struct h2_config *cfg, struct h2_workers *workers); +/** + * Process the given HTTP/2 session until it is ended or a fatal + * error occured. + * + * @param session the sessionm to process + */ +apr_status_t h2_session_process(h2_session *session); + /** * Destroy the session and all objects it still contains. This will not * destroy h2_task instances that have not finished yet. @@ -108,6 +122,13 @@ h2_session *h2_session_rcreate(request_rec *r, struct h2_config *cfg, */ void h2_session_destroy(h2_session *session); +/** + * Cleanup the session and all objects it still contains. This will not + * destroy h2_task instances that have not finished yet. + * @param session the session to destroy + */ +void h2_session_eoc_callback(h2_session *session); + /** * Called once at start of session. * Sets up the session and sends the initial SETTINGS frame. @@ -117,12 +138,6 @@ void h2_session_destroy(h2_session *session); */ apr_status_t h2_session_start(h2_session *session, int *rv); -/** - * Determine if session is finished. - * @return != 0 iff session is finished and connection can be closed. - */ -int h2_session_is_done(h2_session *session); - /** * Called when an error occured and the session needs to shut down. * @param session the session to shut down @@ -133,22 +148,15 @@ int h2_session_is_done(h2_session *session); apr_status_t h2_session_abort(h2_session *session, apr_status_t reason, int rv); /** - * Called before a session gets destroyed, might flush output etc. + * Pass any buffered output data through the connection filters. + * @param session the session to flush */ -apr_status_t h2_session_close(h2_session *session); - -/* Read more data from the client connection. Used normally with blocking - * APR_NONBLOCK_READ, which will return APR_EAGAIN when no data is available. - * Use with APR_BLOCK_READ only when certain that no data needs to be written - * while waiting. */ -apr_status_t h2_session_read(h2_session *session, apr_read_type_e block); +apr_status_t h2_session_flush(h2_session *session); -/* Write data out to the client, if there is any. Otherwise, wait for - * a maximum of timeout micro-seconds and return to the caller. If timeout - * occurred, APR_TIMEUP will be returned. +/** + * Called before a session gets destroyed, might flush output etc. */ -apr_status_t h2_session_write(h2_session *session, - apr_interval_time_t timeout); +apr_status_t h2_session_close(h2_session *session); /* Start submitting the response to a stream request. This is possible * once we have all the response headers. */ @@ -158,6 +166,39 @@ apr_status_t h2_session_handle_response(h2_session *session, /* Get the h2_stream for the given stream idenrtifier. */ struct h2_stream *h2_session_get_stream(h2_session *session, int stream_id); -void h2_session_log_stats(h2_session *session); +/** + * Create and register a new stream under the given id. + * + * @param session the session to register in + * @param stream_id the new stream identifier + * @return the new stream + */ +struct h2_stream *h2_session_open_stream(h2_session *session, int stream_id); + +/** + * Returns if client settings have push enabled. + * @param != 0 iff push is enabled in client settings + */ +int h2_session_push_enabled(h2_session *session); + +/** + * Destroy the stream and release it everywhere. Reclaim all resources. + * @param session the session to which the stream belongs + * @param stream the stream to destroy + */ +apr_status_t h2_session_stream_destroy(h2_session *session, + struct h2_stream *stream); + +/** + * Submit a push promise on the stream and schedule the new steam for + * processing.. + * + * @param session the session to work in + * @param is the stream initiating the push + * @param push the push to promise + * @return the new promised stream or NULL + */ +struct h2_stream *h2_session_push(h2_session *session, + struct h2_stream *is, struct h2_push *push); #endif /* defined(__mod_h2__h2_session__) */ diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c index 52781d8474..ad7f5df102 100644 --- a/modules/http2/h2_stream.c +++ b/modules/http2/h2_stream.c @@ -16,8 +16,6 @@ #include #include -#define APR_POOL_DEBUG 7 - #include #include #include @@ -27,9 +25,12 @@ #include "h2_private.h" #include "h2_conn.h" +#include "h2_h2.h" #include "h2_mplx.h" +#include "h2_push.h" #include "h2_request.h" #include "h2_response.h" +#include "h2_session.h" #include "h2_stream.h" #include "h2_task.h" #include "h2_ctx.h" @@ -38,57 +39,153 @@ #include "h2_util.h" -static void set_state(h2_stream *stream, h2_stream_state_t state) +#define H2_STREAM_OUT(lvl,s,msg) \ + do { \ + if (APLOG_C_IS_LEVEL((s)->session->c,lvl)) \ + h2_util_bb_log((s)->session->c,(s)->id,lvl,msg,(s)->bbout); \ + } while(0) +#define H2_STREAM_IN(lvl,s,msg) \ + do { \ + if (APLOG_C_IS_LEVEL((s)->session->c,lvl)) \ + h2_util_bb_log((s)->session->c,(s)->id,lvl,msg,(s)->bbin); \ + } while(0) + + +static int state_transition[][7] = { + /* ID OP RL RR CI CO CL */ +/*ID*/{ 1, 0, 0, 0, 0, 0, 0 }, +/*OP*/{ 1, 1, 0, 0, 0, 0, 0 }, +/*RL*/{ 0, 0, 1, 0, 0, 0, 0 }, +/*RR*/{ 0, 0, 0, 1, 0, 0, 0 }, +/*CI*/{ 1, 1, 0, 0, 1, 0, 0 }, +/*CO*/{ 1, 1, 0, 0, 0, 1, 0 }, +/*CL*/{ 1, 1, 0, 0, 1, 1, 1 }, +}; + +static int set_state(h2_stream *stream, h2_stream_state_t state) { - AP_DEBUG_ASSERT(stream); - if (stream->state != state) { + int allowed = state_transition[state][stream->state]; + if (allowed) { stream->state = state; + return 1; } + + ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, stream->session->c, + "h2_stream(%ld-%d): invalid state transition from %d to %d", + stream->session->id, stream->id, stream->state, state); + return 0; } -h2_stream *h2_stream_create(int id, apr_pool_t *pool, struct h2_mplx *m) +static int close_input(h2_stream *stream) { - h2_stream *stream = apr_pcalloc(pool, sizeof(h2_stream)); - if (stream != NULL) { - stream->id = id; - stream->state = H2_STREAM_ST_IDLE; - stream->pool = pool; - stream->m = m; - stream->request = h2_request_create(id, pool, m->c->bucket_alloc); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, - "h2_stream(%ld-%d): created", m->id, stream->id); + switch (stream->state) { + case H2_STREAM_ST_CLOSED_INPUT: + case H2_STREAM_ST_CLOSED: + return 0; /* ignore, idempotent */ + case H2_STREAM_ST_CLOSED_OUTPUT: + /* both closed now */ + set_state(stream, H2_STREAM_ST_CLOSED); + break; + default: + /* everything else we jump to here */ + set_state(stream, H2_STREAM_ST_CLOSED_INPUT); + break; } - return stream; + return 1; } -static void h2_stream_cleanup(h2_stream *stream) +static int input_closed(h2_stream *stream) { - if (stream->request) { - h2_request_destroy(stream->request); - stream->request = NULL; + switch (stream->state) { + case H2_STREAM_ST_OPEN: + case H2_STREAM_ST_CLOSED_OUTPUT: + return 0; + default: + return 1; + } +} + +static int close_output(h2_stream *stream) +{ + switch (stream->state) { + case H2_STREAM_ST_CLOSED_OUTPUT: + case H2_STREAM_ST_CLOSED: + return 0; /* ignore, idempotent */ + case H2_STREAM_ST_CLOSED_INPUT: + /* both closed now */ + set_state(stream, H2_STREAM_ST_CLOSED); + break; + default: + /* everything else we jump to here */ + set_state(stream, H2_STREAM_ST_CLOSED_OUTPUT); + break; } + return 1; +} + +static int input_open(h2_stream *stream) +{ + switch (stream->state) { + case H2_STREAM_ST_OPEN: + case H2_STREAM_ST_CLOSED_OUTPUT: + return 1; + default: + return 0; + } +} + +static int output_open(h2_stream *stream) +{ + switch (stream->state) { + case H2_STREAM_ST_OPEN: + case H2_STREAM_ST_CLOSED_INPUT: + return 1; + default: + return 0; + } +} + +h2_stream *h2_stream_create(int id, apr_pool_t *pool, h2_session *session) +{ + h2_stream *stream = apr_pcalloc(pool, sizeof(h2_stream)); + stream->id = id; + stream->state = H2_STREAM_ST_IDLE; + stream->pool = pool; + stream->session = session; + return stream; +} + +h2_stream *h2_stream_open(int id, apr_pool_t *pool, h2_session *session) +{ + h2_stream *stream = h2_stream_create(id, pool, session); + set_state(stream, H2_STREAM_ST_OPEN); + stream->request = h2_request_create(id, pool); + stream->bbout = apr_brigade_create(stream->pool, + stream->session->c->bucket_alloc); + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): opened", session->id, stream->id); + return stream; } apr_status_t h2_stream_destroy(h2_stream *stream) { AP_DEBUG_ASSERT(stream); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->m->c, - "h2_stream(%ld-%d): destroy", stream->m->id, stream->id); - h2_stream_cleanup(stream); - - if (stream->task) { - h2_task_destroy(stream->task); - stream->task = NULL; + if (stream->request) { + h2_request_destroy(stream->request); + stream->request = NULL; } + if (stream->pool) { apr_pool_destroy(stream->pool); } return APR_SUCCESS; } -void h2_stream_attach_pool(h2_stream *stream, apr_pool_t *pool) +void h2_stream_cleanup(h2_stream *stream) { - stream->pool = pool; + h2_session_stream_destroy(stream->session, stream); + /* stream is gone */ } apr_pool_t *h2_stream_detach_pool(h2_stream *stream) @@ -98,171 +195,402 @@ apr_pool_t *h2_stream_detach_pool(h2_stream *stream) return pool; } -void h2_stream_abort(h2_stream *stream) +void h2_stream_rst(h2_stream *stream, int error_code) { - AP_DEBUG_ASSERT(stream); - stream->aborted = 1; + stream->rst_error = error_code; + close_input(stream); + close_output(stream); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): reset, error=%d", + stream->session->id, stream->id, error_code); } apr_status_t h2_stream_set_response(h2_stream *stream, h2_response *response, apr_bucket_brigade *bb) { + apr_status_t status = APR_SUCCESS; + if (!output_open(stream)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): output closed", + stream->session->id, stream->id); + return APR_ECONNRESET; + } + stream->response = response; if (bb && !APR_BRIGADE_EMPTY(bb)) { - if (!stream->bbout) { - stream->bbout = apr_brigade_create(stream->pool, - stream->m->c->bucket_alloc); - } - return h2_util_move(stream->bbout, bb, 16 * 1024, NULL, - "h2_stream_set_response"); + int move_all = INT_MAX; + /* we can move file handles from h2_mplx into this h2_stream as many + * as we want, since the lifetimes are the same and we are not freeing + * the ones in h2_mplx->io before this stream is done. */ + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream set_response_pre"); + status = h2_util_move(stream->bbout, bb, -1, &move_all, + "h2_stream_set_response"); + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream set_response_post"); } - return APR_SUCCESS; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, stream->session->c, + "h2_stream(%ld-%d): set_response(%d)", + stream->session->id, stream->id, response->http_status); + return status; } -static int set_closed(h2_stream *stream) +apr_status_t h2_stream_set_request(h2_stream *stream, request_rec *r) { - switch (stream->state) { - case H2_STREAM_ST_CLOSED_INPUT: - case H2_STREAM_ST_CLOSED: - return 0; /* ignore, idempotent */ - case H2_STREAM_ST_CLOSED_OUTPUT: - /* both closed now */ - set_state(stream, H2_STREAM_ST_CLOSED); - break; - default: - /* everything else we jump to here */ - set_state(stream, H2_STREAM_ST_CLOSED_INPUT); - break; + apr_status_t status; + AP_DEBUG_ASSERT(stream); + if (stream->rst_error) { + return APR_ECONNRESET; } - return 1; + set_state(stream, H2_STREAM_ST_OPEN); + status = h2_request_rwrite(stream->request, r); + return status; } -apr_status_t h2_stream_rwrite(h2_stream *stream, request_rec *r) +void h2_stream_set_h2_request(h2_stream *stream, int initiated_on, + const h2_request *req) +{ + h2_request_copy(stream->pool, stream->request, req); + stream->initiated_on = initiated_on; + stream->request->eoh = 0; +} + +apr_status_t h2_stream_add_header(h2_stream *stream, + const char *name, size_t nlen, + const char *value, size_t vlen) { - apr_status_t status; AP_DEBUG_ASSERT(stream); - set_state(stream, H2_STREAM_ST_OPEN); - status = h2_request_rwrite(stream->request, r, stream->m); - return status; + if (h2_stream_is_scheduled(stream)) { + return h2_request_add_trailer(stream->request, stream->pool, + name, nlen, value, vlen); + } + else { + if (!input_open(stream)) { + return APR_ECONNRESET; + } + return h2_request_add_header(stream->request, stream->pool, + name, nlen, value, vlen); + } } -apr_status_t h2_stream_write_eoh(h2_stream *stream, int eos) +apr_status_t h2_stream_schedule(h2_stream *stream, int eos, + h2_stream_pri_cmp *cmp, void *ctx) { apr_status_t status; AP_DEBUG_ASSERT(stream); + AP_DEBUG_ASSERT(stream->session); + AP_DEBUG_ASSERT(stream->session->mplx); + + if (!output_open(stream)) { + return APR_ECONNRESET; + } + if (stream->scheduled) { + return APR_EINVAL; + } + if (eos) { + close_input(stream); + } /* Seeing the end-of-headers, we have everything we need to * start processing it. */ - status = h2_mplx_create_task(stream->m, stream); + status = h2_request_end_headers(stream->request, stream->pool, eos); if (status == APR_SUCCESS) { - status = h2_request_end_headers(stream->request, - stream->m, stream->task, eos); - if (status == APR_SUCCESS) { - status = h2_mplx_do_task(stream->m, stream->task); - } - if (eos) { - status = h2_stream_write_eos(stream); + if (!eos) { + stream->bbin = apr_brigade_create(stream->pool, + stream->session->c->bucket_alloc); } - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, stream->m->c, - "h2_mplx(%ld-%d): start stream, task %s %s (%s)", - stream->m->id, stream->id, - stream->request->method, stream->request->path, - stream->request->authority); + stream->input_remaining = stream->request->content_length; + status = h2_mplx_process(stream->session->mplx, stream->id, + stream->request, eos, cmp, ctx); + stream->scheduled = 1; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): scheduled %s %s://%s%s", + stream->session->id, stream->id, + stream->request->method, stream->request->scheme, + stream->request->authority, stream->request->path); + } + else { + h2_stream_rst(stream, H2_ERR_INTERNAL_ERROR); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): RST=2 (internal err) %s %s://%s%s", + stream->session->id, stream->id, + stream->request->method, stream->request->scheme, + stream->request->authority, stream->request->path); } + return status; } -apr_status_t h2_stream_write_eos(h2_stream *stream) +int h2_stream_is_scheduled(h2_stream *stream) { - AP_DEBUG_ASSERT(stream); - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->m->c, - "h2_stream(%ld-%d): closing input", - stream->m->id, stream->id); - if (set_closed(stream)) { - return h2_request_close(stream->request); + return stream->scheduled; +} + +static apr_status_t h2_stream_input_flush(h2_stream *stream) +{ + apr_status_t status = APR_SUCCESS; + if (stream->bbin && !APR_BRIGADE_EMPTY(stream->bbin)) { + + status = h2_mplx_in_write(stream->session->mplx, stream->id, stream->bbin); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, stream->session->mplx->c, + "h2_stream(%ld-%d): flushing input data", + stream->session->id, stream->id); + } } - return APR_SUCCESS; + return status; +} + +static apr_status_t input_flush(apr_bucket_brigade *bb, void *ctx) +{ + (void)bb; + return h2_stream_input_flush(ctx); } -apr_status_t h2_stream_write_header(h2_stream *stream, - const char *name, size_t nlen, - const char *value, size_t vlen) +static apr_status_t input_add_data(h2_stream *stream, + const char *data, size_t len, int chunked) { + apr_status_t status = APR_SUCCESS; + + if (chunked) { + status = apr_brigade_printf(stream->bbin, input_flush, stream, + "%lx\r\n", (unsigned long)len); + if (status == APR_SUCCESS) { + status = apr_brigade_write(stream->bbin, input_flush, stream, data, len); + if (status == APR_SUCCESS) { + status = apr_brigade_puts(stream->bbin, input_flush, stream, "\r\n"); + } + } + } + else { + status = apr_brigade_write(stream->bbin, input_flush, stream, data, len); + } + return status; +} + +static int input_add_header(void *str, const char *key, const char *value) +{ + h2_stream *stream = str; + apr_status_t status = input_add_data(stream, key, strlen(key), 0); + if (status == APR_SUCCESS) { + status = input_add_data(stream, ": ", 2, 0); + if (status == APR_SUCCESS) { + status = input_add_data(stream, value, strlen(value), 0); + if (status == APR_SUCCESS) { + status = input_add_data(stream, "\r\n", 2, 0); + } + } + } + return (status == APR_SUCCESS); +} + +apr_status_t h2_stream_close_input(h2_stream *stream) +{ + apr_status_t status = APR_SUCCESS; + AP_DEBUG_ASSERT(stream); - switch (stream->state) { - case H2_STREAM_ST_IDLE: - set_state(stream, H2_STREAM_ST_OPEN); - break; - case H2_STREAM_ST_OPEN: - break; - default: - return APR_EINVAL; + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): closing input", + stream->session->id, stream->id); + + if (stream->rst_error) { + return APR_ECONNRESET; + } + + H2_STREAM_IN(APLOG_TRACE2, stream, "close_pre"); + if (close_input(stream) && stream->bbin) { + if (stream->request->chunked) { + apr_table_t *trailers = stream->request->trailers; + if (trailers && !apr_is_empty_table(trailers)) { + status = input_add_data(stream, "0\r\n", 3, 0); + apr_table_do(input_add_header, stream, trailers, NULL); + status = input_add_data(stream, "\r\n", 2, 0); + } + else { + status = input_add_data(stream, "0\r\n\r\n", 5, 0); + } + } + + if (status == APR_SUCCESS) { + status = h2_stream_input_flush(stream); + } + if (status == APR_SUCCESS) { + status = h2_mplx_in_close(stream->session->mplx, stream->id); + } } - return h2_request_write_header(stream->request, name, nlen, - value, vlen, stream->m); + H2_STREAM_IN(APLOG_TRACE2, stream, "close_post"); + return status; } apr_status_t h2_stream_write_data(h2_stream *stream, const char *data, size_t len) { + apr_status_t status = APR_SUCCESS; + AP_DEBUG_ASSERT(stream); - AP_DEBUG_ASSERT(stream); - switch (stream->state) { - case H2_STREAM_ST_OPEN: - break; - default: - return APR_EINVAL; + if (input_closed(stream) || !stream->request->eoh || !stream->bbin) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): writing denied, closed=%d, eoh=%d, bbin=%d", + stream->session->id, stream->id, input_closed(stream), + stream->request->eoh, !!stream->bbin); + return APR_EINVAL; + } + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->session->c, + "h2_stream(%ld-%d): add %ld input bytes", + stream->session->id, stream->id, (long)len); + + H2_STREAM_IN(APLOG_TRACE2, stream, "write_data_pre"); + if (stream->request->chunked) { + /* if input may have a body and we have not seen any + * content-length header, we need to chunk the input data. + */ + status = input_add_data(stream, data, len, 1); } - return h2_request_write_data(stream->request, data, len); + else { + stream->input_remaining -= len; + if (stream->input_remaining < 0) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, stream->session->c, + APLOGNO(02961) + "h2_stream(%ld-%d): got %ld more content bytes than announced " + "in content-length header: %ld", + stream->session->id, stream->id, + (long)stream->request->content_length, + -(long)stream->input_remaining); + h2_stream_rst(stream, H2_ERR_PROTOCOL_ERROR); + return APR_ECONNABORTED; + } + status = input_add_data(stream, data, len, 0); + } + if (status == APR_SUCCESS) { + status = h2_stream_input_flush(stream); + } + H2_STREAM_IN(APLOG_TRACE2, stream, "write_data_post"); + return status; } apr_status_t h2_stream_prep_read(h2_stream *stream, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { apr_status_t status = APR_SUCCESS; const char *src; + int test_read = (*plen == 0); - if (stream->bbout && !APR_BRIGADE_EMPTY(stream->bbout)) { + if (stream->rst_error) { + return APR_ECONNRESET; + } + + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream prep_read_pre"); + if (!APR_BRIGADE_EMPTY(stream->bbout)) { src = "stream"; status = h2_util_bb_avail(stream->bbout, plen, peos); - if (status == APR_SUCCESS && !*peos && !*plen) { + if (!test_read && status == APR_SUCCESS && !*peos && !*plen) { apr_brigade_cleanup(stream->bbout); return h2_stream_prep_read(stream, plen, peos); } } else { src = "mplx"; - status = h2_mplx_out_readx(stream->m, stream->id, + status = h2_mplx_out_readx(stream->session->mplx, stream->id, NULL, NULL, plen, peos); } - if (status == APR_SUCCESS && !*peos && !*plen) { + if (!test_read && status == APR_SUCCESS && !*peos && !*plen) { status = APR_EAGAIN; } - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, stream->m->c, + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream prep_read_post"); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, stream->session->c, "h2_stream(%ld-%d): prep_read %s, len=%ld eos=%d", - stream->m->id, stream->id, - src, (long)*plen, *peos); + stream->session->id, stream->id, src, (long)*plen, *peos); return status; } apr_status_t h2_stream_readx(h2_stream *stream, h2_io_data_cb *cb, void *ctx, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { - if (stream->bbout && !APR_BRIGADE_EMPTY(stream->bbout)) { - return h2_util_bb_readx(stream->bbout, cb, ctx, plen, peos); + apr_status_t status = APR_SUCCESS; + const char *src; + + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream readx_pre"); + if (stream->rst_error) { + return APR_ECONNRESET; + } + *peos = 0; + if (!APR_BRIGADE_EMPTY(stream->bbout)) { + apr_off_t origlen = *plen; + + src = "stream"; + status = h2_util_bb_readx(stream->bbout, cb, ctx, plen, peos); + if (status == APR_SUCCESS && !*peos && !*plen) { + apr_brigade_cleanup(stream->bbout); + *plen = origlen; + return h2_stream_readx(stream, cb, ctx, plen, peos); + } } - return h2_mplx_out_readx(stream->m, stream->id, - cb, ctx, plen, peos); + else { + src = "mplx"; + status = h2_mplx_out_readx(stream->session->mplx, stream->id, + cb, ctx, plen, peos); + } + + if (status == APR_SUCCESS && !*peos && !*plen) { + status = APR_EAGAIN; + } + + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream prep_readx_post"); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, stream->session->c, + "h2_stream(%ld-%d): readx %s, len=%ld eos=%d", + stream->session->id, stream->id, src, (long)*plen, *peos); + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream readx_post"); + + return status; } +apr_status_t h2_stream_read_to(h2_stream *stream, apr_bucket_brigade *bb, + apr_off_t *plen, int *peos) +{ + apr_status_t status = APR_SUCCESS; + + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream read_to_pre"); + if (stream->rst_error) { + return APR_ECONNRESET; + } + + if (APR_BRIGADE_EMPTY(stream->bbout)) { + apr_off_t tlen = *plen; + int eos; + status = h2_mplx_out_read_to(stream->session->mplx, stream->id, + stream->bbout, &tlen, &eos); + } + + if (status == APR_SUCCESS && !APR_BRIGADE_EMPTY(stream->bbout)) { + status = h2_transfer_brigade(bb, stream->bbout, stream->pool, + plen, peos); + } + else { + *plen = 0; + *peos = 0; + } + + if (status == APR_SUCCESS && !*peos && !*plen) { + status = APR_EAGAIN; + } + H2_STREAM_OUT(APLOG_TRACE2, stream, "h2_stream read_to_post"); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, stream->session->c, + "h2_stream(%ld-%d): read_to, len=%ld eos=%d", + stream->session->id, stream->id, (long)*plen, *peos); + return status; +} void h2_stream_set_suspended(h2_stream *stream, int suspended) { AP_DEBUG_ASSERT(stream); stream->suspended = !!suspended; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, stream->session->c, + "h2_stream(%ld-%d): suspended=%d", + stream->session->id, stream->id, stream->suspended); } int h2_stream_is_suspended(h2_stream *stream) @@ -271,3 +599,49 @@ int h2_stream_is_suspended(h2_stream *stream) return stream->suspended; } +int h2_stream_input_is_open(h2_stream *stream) +{ + return input_open(stream); +} + +int h2_stream_needs_submit(h2_stream *stream) +{ + switch (stream->state) { + case H2_STREAM_ST_OPEN: + case H2_STREAM_ST_CLOSED_INPUT: + case H2_STREAM_ST_CLOSED_OUTPUT: + case H2_STREAM_ST_CLOSED: + return !stream->submitted; + default: + return 0; + } +} + +apr_status_t h2_stream_submit_pushes(h2_stream *stream) +{ + apr_status_t status = APR_SUCCESS; + apr_array_header_t *pushes; + int i; + + pushes = h2_push_collect(stream->pool, stream->request, stream->response); + if (pushes && !apr_is_empty_array(pushes)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, stream->session->c, + "h2_stream(%ld-%d): found %d push candidates", + stream->session->id, stream->id, pushes->nelts); + for (i = 0; i < pushes->nelts; ++i) { + h2_push *push = APR_ARRAY_IDX(pushes, i, h2_push*); + h2_stream *s = h2_session_push(stream->session, stream, push); + if (!s) { + status = APR_ECONNRESET; + break; + } + } + } + return status; +} + +apr_table_t *h2_stream_get_trailers(h2_stream *stream) +{ + /* TODO */ + return NULL; +} diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h index 0608f2f340..79801722f4 100644 --- a/modules/http2/h2_stream.h +++ b/modules/http2/h2_stream.h @@ -19,19 +19,14 @@ /** * A HTTP/2 stream, e.g. a client request+response in HTTP/1.1 terms. * - * Ok, not quite, but close enough, since we do not implement server - * pushes yet. - * * A stream always belongs to a h2_session, the one managing the * connection to the client. The h2_session writes to the h2_stream, * adding HEADERS and DATA and finally an EOS. When headers are done, - * h2_stream can create a h2_task that can be scheduled to fullfill the - * request. + * h2_stream is scheduled for handling, which is expected to produce + * a h2_response. * - * This response headers are added directly to the h2_mplx of the session, - * but the response DATA can be read via h2_stream. Reading data will - * never block but return APR_EAGAIN when there currently is no data (and - * no eos) in the multiplexer for this stream. + * The h2_response gives the HEADER frames to sent to the client, followed + * by DATA frames read from the h2_stream until EOS is reached. */ #include "h2_io.h" @@ -48,60 +43,261 @@ typedef enum { struct h2_mplx; struct h2_request; struct h2_response; +struct h2_session; struct h2_task; typedef struct h2_stream h2_stream; struct h2_stream { int id; /* http2 stream id */ + int initiated_on; /* http2 stream id this was initiated on or 0 */ h2_stream_state_t state; /* http/2 state of this stream */ - struct h2_mplx *m; /* the multiplexer to work with */ + struct h2_session *session; /* the session this stream belongs to */ + + apr_pool_t *pool; /* the memory pool for this stream */ + struct h2_request *request; /* the request made in this stream */ + struct h2_response *response; /* the response, once ready */ int aborted; /* was aborted */ int suspended; /* DATA sending has been suspended */ + int rst_error; /* stream error for RST_STREAM */ + int scheduled; /* stream has been scheduled */ + int submitted; /* response HEADER has been sent */ - apr_pool_t *pool; /* the memory pool for this stream */ - struct h2_request *request; /* the request made in this stream */ + apr_off_t input_remaining; /* remaining bytes on input as advertised via content-length */ + apr_bucket_brigade *bbin; /* input DATA */ - struct h2_task *task; /* task created for this stream */ - struct h2_response *response; /* the response, once ready */ apr_bucket_brigade *bbout; /* output DATA */ + apr_off_t data_frames_sent; /* # of DATA frames sent out for this stream */ }; -h2_stream *h2_stream_create(int id, apr_pool_t *pool, struct h2_mplx *m); +#define H2_STREAM_RST(s, def) (s->rst_error? s->rst_error : (def)) + +/** + * Create a stream in IDLE state. + * @param id the stream identifier + * @param pool the memory pool to use for this stream + * @param session the session this stream belongs to + * @return the newly created IDLE stream + */ +h2_stream *h2_stream_create(int id, apr_pool_t *pool, struct h2_session *session); + +/** + * Create a stream in OPEN state. + * @param id the stream identifier + * @param pool the memory pool to use for this stream + * @param session the session this stream belongs to + * @return the newly opened stream + */ +h2_stream *h2_stream_open(int id, apr_pool_t *pool, struct h2_session *session); +/** + * Destroy any resources held by this stream. Will destroy memory pool + * if still owned by the stream. + * + * @param stream the stream to destroy + */ apr_status_t h2_stream_destroy(h2_stream *stream); +/** + * Removes stream from h2_session and destroys it. + * + * @param stream the stream to cleanup + */ +void h2_stream_cleanup(h2_stream *stream); + +/** + * Detach the memory pool from the stream. Will prevent stream + * destruction to take the pool with it. + * + * @param stream the stream to detach the pool from + * @param the detached memmory pool or NULL if stream no longer has one + */ apr_pool_t *h2_stream_detach_pool(h2_stream *stream); -void h2_stream_attach_pool(h2_stream *stream, apr_pool_t *pool); -void h2_stream_abort(h2_stream *stream); -apr_status_t h2_stream_rwrite(h2_stream *stream, request_rec *r); +/** + * Initialize stream->request with the given request_rec. + * + * @param stream stream to write request to + * @param r the request with all the meta data + */ +apr_status_t h2_stream_set_request(h2_stream *stream, request_rec *r); -apr_status_t h2_stream_write_eos(h2_stream *stream); +/** + * Initialize stream->request with the given h2_request. + * + * @param stream the stream to init the request for + * @param req the request for initializing, will be copied + */ +void h2_stream_set_h2_request(h2_stream *stream, int initiated_on, + const struct h2_request *req); -apr_status_t h2_stream_write_header(h2_stream *stream, - const char *name, size_t nlen, - const char *value, size_t vlen); +/* + * Add a HTTP/2 header (including pseudo headers) or trailer + * to the given stream, depending on stream state. + * + * @param stream stream to write the header to + * @param name the name of the HTTP/2 header + * @param nlen the number of characters in name + * @param value the header value + * @param vlen the number of characters in value + */ +apr_status_t h2_stream_add_header(h2_stream *stream, + const char *name, size_t nlen, + const char *value, size_t vlen); -apr_status_t h2_stream_write_eoh(h2_stream *stream, int eos); +/** + * Closes the stream's input. + * + * @param stream stream to close intput of + */ +apr_status_t h2_stream_close_input(h2_stream *stream); +/* + * Write a chunk of DATA to the stream. + * + * @param stream stream to write the data to + * @param data the beginning of the bytes to write + * @param len the number of bytes to write + */ apr_status_t h2_stream_write_data(h2_stream *stream, const char *data, size_t len); +/** + * Reset the stream. Stream write/reads will return errors afterwards. + * + * @param stream the stream to reset + * @param error_code the HTTP/2 error code + */ +void h2_stream_rst(h2_stream *streamm, int error_code); + +/** + * Schedule the stream for execution. All header information must be + * present. Use the given priority comparision callback to determine + * order in queued streams. + * + * @param stream the stream to schedule + * @param eos != 0 iff no more input will arrive + * @param cmp priority comparision + * @param ctx context for comparision + */ +apr_status_t h2_stream_schedule(h2_stream *stream, int eos, + h2_stream_pri_cmp *cmp, void *ctx); + +/** + * Determine if stream has been scheduled already. + * @param stream the stream to check on + * @return != 0 iff stream has been scheduled + */ +int h2_stream_is_scheduled(h2_stream *stream); + +/** + * Set the response for this stream. Invoked when all meta data for + * the stream response has been collected. + * + * @param stream the stream to set the response for + * @param resonse the response data for the stream + * @param bb bucket brigade with output data for the stream. Optional, + * may be incomplete. + */ apr_status_t h2_stream_set_response(h2_stream *stream, struct h2_response *response, apr_bucket_brigade *bb); +/** + * Do a speculative read on the stream output to determine the + * amount of data that can be read. + * + * @param stream the stream to speculatively read from + * @param plen (in-/out) number of bytes requested and on return amount of bytes that + * may be read without blocking + * @param peos (out) != 0 iff end of stream will be reached when reading plen + * bytes (out value). + * @return APR_SUCCESS if out information was computed successfully. + * APR_EAGAIN if not data is available and end of stream has not been + * reached yet. + */ apr_status_t h2_stream_prep_read(h2_stream *stream, - apr_size_t *plen, int *peos); + apr_off_t *plen, int *peos); +/** + * Read data from the stream output. + * + * @param stream the stream to read from + * @param cb callback to invoke for byte chunks read. Might be invoked + * multiple times (with different values) for one read operation. + * @param ctx context data for callback + * @param plen (in-/out) max. number of bytes to read and on return actual + * number of bytes read + * @param peos (out) != 0 iff end of stream has been reached while reading + * @return APR_SUCCESS if out information was computed successfully. + * APR_EAGAIN if not data is available and end of stream has not been + * reached yet. + */ apr_status_t h2_stream_readx(h2_stream *stream, h2_io_data_cb *cb, - void *ctx, apr_size_t *plen, int *peos); + void *ctx, apr_off_t *plen, int *peos); + +/** + * Read a maximum number of bytes into the bucket brigade. + * + * @param stream the stream to read from + * @param bb the brigade to append output to + * @param plen (in-/out) max. number of bytes to append and on return actual + * number of bytes appended to brigade + * @param peos (out) != 0 iff end of stream has been reached while reading + * @return APR_SUCCESS if out information was computed successfully. + * APR_EAGAIN if not data is available and end of stream has not been + * reached yet. + */ +apr_status_t h2_stream_read_to(h2_stream *stream, apr_bucket_brigade *bb, + apr_off_t *plen, int *peos); +/** + * Set the suspended state of the stream. + * @param stream the stream to change state on + * @param suspended boolean value if stream is suspended + */ void h2_stream_set_suspended(h2_stream *stream, int suspended); + +/** + * Check if the stream has been suspended. + * @param stream the stream to check + * @return != 0 iff stream is suspended. + */ int h2_stream_is_suspended(h2_stream *stream); +/** + * Check if the stream has open input. + * @param stream the stream to check + * @return != 0 iff stream has open input. + */ +int h2_stream_input_is_open(h2_stream *stream); + +/** + * Check if the stream has not submitted a response or RST yet. + * @param stream the stream to check + * @return != 0 iff stream has not submitted a response or RST. + */ +int h2_stream_needs_submit(h2_stream *stream); + +/** + * Submit any server push promises on this stream and schedule + * the tasks connection with these. + * + * @param stream the stream for which to submit + */ +apr_status_t h2_stream_submit_pushes(h2_stream *stream); + +/** + * Get optional trailers for this stream, may be NULL. Meaningful + * results can only be expected when the end of the response body has + * been reached. + * + * @param stream to ask for trailers + * @return trailers for NULL + */ +apr_table_t *h2_stream_get_trailers(h2_stream *stream); + #endif /* defined(__mod_h2__h2_stream__) */ diff --git a/modules/http2/h2_stream_set.c b/modules/http2/h2_stream_set.c index dddd2e3990..aa0f8c6501 100644 --- a/modules/http2/h2_stream_set.c +++ b/modules/http2/h2_stream_set.c @@ -16,34 +16,31 @@ #include #include +#include #include #include -#include -#include #include #include "h2_private.h" -#include "h2_session.h" #include "h2_stream.h" -#include "h2_task.h" #include "h2_stream_set.h" -#define H2_STREAM_IDX(list, i) ((h2_stream**)(list)->elts)[i] struct h2_stream_set { - apr_array_header_t *list; + apr_hash_t *hash; }; -h2_stream_set *h2_stream_set_create(apr_pool_t *pool) +static unsigned int stream_hash(const char *key, apr_ssize_t *klen) +{ + return (unsigned int)(*((int*)key)); +} + +h2_stream_set *h2_stream_set_create(apr_pool_t *pool, int max) { h2_stream_set *sp = apr_pcalloc(pool, sizeof(h2_stream_set)); - if (sp) { - sp->list = apr_array_make(pool, 100, sizeof(h2_stream*)); - if (!sp->list) { - return NULL; - } - } + sp->hash = apr_hash_make_custom(pool, stream_hash); + return sp; } @@ -52,113 +49,97 @@ void h2_stream_set_destroy(h2_stream_set *sp) (void)sp; } -static int h2_stream_id_cmp(const void *s1, const void *s2) +h2_stream *h2_stream_set_get(h2_stream_set *sp, int stream_id) { - h2_stream **pstream1 = (h2_stream **)s1; - h2_stream **pstream2 = (h2_stream **)s2; - return (*pstream1)->id - (*pstream2)->id; + return apr_hash_get(sp->hash, &stream_id, sizeof(stream_id)); } -h2_stream *h2_stream_set_get(h2_stream_set *sp, int stream_id) +void h2_stream_set_add(h2_stream_set *sp, h2_stream *stream) { - /* we keep the array sorted by id, so lookup can be done - * by bsearch. - */ - h2_stream key; - h2_stream *pkey, **ps; - memset(&key, 0, sizeof(key)); - key.id = stream_id; - pkey = &key; - ps = bsearch(&pkey, sp->list->elts, sp->list->nelts, - sp->list->elt_size, h2_stream_id_cmp); - return ps? *ps : NULL; -} - -static void h2_stream_set_sort(h2_stream_set *sp) -{ - qsort(sp->list->elts, sp->list->nelts, sp->list->elt_size, - h2_stream_id_cmp); -} - -apr_status_t h2_stream_set_add(h2_stream_set *sp, h2_stream *stream) -{ - h2_stream *existing = h2_stream_set_get(sp, stream->id); - if (!existing) { - int last; - APR_ARRAY_PUSH(sp->list, h2_stream*) = stream; - /* Normally, streams get added in ascending order if id. We - * keep the array sorted, so we just need to check of the newly - * appended stream has a lower id than the last one. if not, - * sorting is not necessary. - */ - last = sp->list->nelts - 1; - if (last > 0 - && (H2_STREAM_IDX(sp->list, last)->id - < H2_STREAM_IDX(sp->list, last-1)->id)) { - h2_stream_set_sort(sp); - } - } - return APR_SUCCESS; -} - -h2_stream *h2_stream_set_remove(h2_stream_set *sp, h2_stream *stream) -{ - int i; - for (i = 0; i < sp->list->nelts; ++i) { - h2_stream *s = H2_STREAM_IDX(sp->list, i); - if (s == stream) { - int n; - --sp->list->nelts; - n = sp->list->nelts - i; - if (n > 0) { - /* Close the hole in the array by moving the upper - * parts down one step. - */ - h2_stream **selts = (h2_stream**)sp->list->elts; - memmove(selts+i, selts+i+1, n * sizeof(h2_stream*)); - } - return s; - } - } - return NULL; + apr_hash_set(sp->hash, &stream->id, sizeof(stream->id), stream); } -void h2_stream_set_remove_all(h2_stream_set *sp) +void h2_stream_set_remove(h2_stream_set *sp, int stream_id) { - sp->list->nelts = 0; + apr_hash_set(sp->hash, &stream_id, sizeof(stream_id), NULL); } int h2_stream_set_is_empty(h2_stream_set *sp) { - AP_DEBUG_ASSERT(sp); - return sp->list->nelts == 0; + return apr_hash_count(sp->hash) == 0; } -h2_stream *h2_stream_set_find(h2_stream_set *sp, - h2_stream_set_match_fn *match, void *ctx) +apr_size_t h2_stream_set_size(h2_stream_set *sp) { - h2_stream *s = NULL; - int i; - for (i = 0; !s && i < sp->list->nelts; ++i) { - s = match(ctx, H2_STREAM_IDX(sp->list, i)); - } - return s; + return apr_hash_count(sp->hash); +} + +typedef struct { + h2_stream_set_iter_fn *iter; + void *ctx; +} iter_ctx; + +static int hash_iter(void *ctx, const void *key, apr_ssize_t klen, + const void *val) +{ + iter_ctx *ictx = ctx; + return ictx->iter(ictx->ctx, (h2_stream*)val); } void h2_stream_set_iter(h2_stream_set *sp, h2_stream_set_iter_fn *iter, void *ctx) { - int i; - for (i = 0; i < sp->list->nelts; ++i) { - h2_stream *s = H2_STREAM_IDX(sp->list, i); - if (!iter(ctx, s)) { - break; - } + iter_ctx ictx; + ictx.iter = iter; + ictx.ctx = ctx; + apr_hash_do(hash_iter, &ictx, sp->hash); +} + +static int unsubmitted_iter(void *ctx, h2_stream *stream) +{ + if (h2_stream_needs_submit(stream)) { + *((int *)ctx) = 1; + return 0; } + return 1; } -apr_size_t h2_stream_set_size(h2_stream_set *sp) +int h2_stream_set_has_unsubmitted(h2_stream_set *sp) +{ + int has_unsubmitted = 0; + h2_stream_set_iter(sp, unsubmitted_iter, &has_unsubmitted); + return has_unsubmitted; +} + +static int input_open_iter(void *ctx, h2_stream *stream) +{ + if (h2_stream_input_is_open(stream)) { + *((int *)ctx) = 1; + return 0; + } + return 1; +} + +int h2_stream_set_has_open_input(h2_stream_set *sp) +{ + int has_input_open = 0; + h2_stream_set_iter(sp, input_open_iter, &has_input_open); + return has_input_open; +} + +static int suspended_iter(void *ctx, h2_stream *stream) +{ + if (h2_stream_is_suspended(stream)) { + *((int *)ctx) = 1; + return 0; + } + return 1; +} + +int h2_stream_set_has_suspended(h2_stream_set *sp) { - return sp->list->nelts; + int has_suspended = 0; + h2_stream_set_iter(sp, suspended_iter, &has_suspended); + return has_suspended; } diff --git a/modules/http2/h2_stream_set.h b/modules/http2/h2_stream_set.h index 5607583455..d0041c4843 100644 --- a/modules/http2/h2_stream_set.h +++ b/modules/http2/h2_stream_set.h @@ -27,26 +27,25 @@ typedef int h2_stream_set_iter_fn(void *ctx, h2_stream *stream); typedef struct h2_stream_set h2_stream_set; -h2_stream_set *h2_stream_set_create(apr_pool_t *pool); +h2_stream_set *h2_stream_set_create(apr_pool_t *pool, int max); void h2_stream_set_destroy(h2_stream_set *sp); -apr_status_t h2_stream_set_add(h2_stream_set *sp, h2_stream *stream); +void h2_stream_set_add(h2_stream_set *sp, h2_stream *stream); h2_stream *h2_stream_set_get(h2_stream_set *sp, int stream_id); -h2_stream *h2_stream_set_remove(h2_stream_set *sp,h2_stream *stream); +void h2_stream_set_remove(h2_stream_set *sp, int stream_id); -void h2_stream_set_remove_all(h2_stream_set *sp); +void h2_stream_set_iter(h2_stream_set *sp, + h2_stream_set_iter_fn *iter, void *ctx); int h2_stream_set_is_empty(h2_stream_set *sp); apr_size_t h2_stream_set_size(h2_stream_set *sp); -h2_stream *h2_stream_set_find(h2_stream_set *sp, - h2_stream_set_match_fn *match, void *ctx); - -void h2_stream_set_iter(h2_stream_set *sp, - h2_stream_set_iter_fn *iter, void *ctx); +int h2_stream_set_has_unsubmitted(h2_stream_set *sp); +int h2_stream_set_has_open_input(h2_stream_set *sp); +int h2_stream_set_has_suspended(h2_stream_set *sp); #endif /* defined(__mod_h2__h2_stream_set__) */ diff --git a/modules/http2/h2_switch.c b/modules/http2/h2_switch.c index 23c34490ea..c107db8e73 100644 --- a/modules/http2/h2_switch.c +++ b/modules/http2/h2_switch.c @@ -34,17 +34,6 @@ #include "h2_h2.h" #include "h2_switch.h" -/******************************************************************************* - * SSL var lookup - */ -APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, - (apr_pool_t *, server_rec *, - conn_rec *, request_rec *, - char *)); -static char *(*opt_ssl_var_lookup)(apr_pool_t *, server_rec *, - conn_rec *, request_rec *, - char *); - /******************************************************************************* * Once per lifetime init, retrieve optional functions */ @@ -52,7 +41,6 @@ apr_status_t h2_switch_init(apr_pool_t *pool, server_rec *s) { (void)pool; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "h2_switch init"); - opt_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return APR_SUCCESS; } @@ -63,7 +51,8 @@ static int h2_protocol_propose(conn_rec *c, request_rec *r, apr_array_header_t *proposals) { int proposed = 0; - const char **protos = h2_h2_is_tls(c)? h2_tls_protos : h2_clear_protos; + int is_tls = h2_h2_is_tls(c); + const char **protos = is_tls? h2_tls_protos : h2_clear_protos; (void)s; if (strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { @@ -74,12 +63,23 @@ static int h2_protocol_propose(conn_rec *c, request_rec *r, return DECLINED; } + if (!h2_is_acceptable_connection(c, 0)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "protocol propose: connection requirements not met"); + return DECLINED; + } + if (r) { - const char *p; /* So far, this indicates an HTTP/1 Upgrade header initiated * protocol switch. For that, the HTTP2-Settings header needs * to be present and valid for the connection. */ + const char *p; + + if (!h2_allows_h2_upgrade(c)) { + return DECLINED; + } + p = apr_table_get(r->headers_in, "HTTP2-Settings"); if (!p) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, @@ -154,7 +154,7 @@ static int h2_protocol_switch(conn_rec *c, request_rec *r, server_rec *s, ap_remove_input_filter_byhandle(r->input_filters, "reqtimeout"); /* Ok, start an h2_conn on this one. */ - status = h2_conn_rprocess(r); + status = h2_conn_process(r->connection, r); if (status != DONE) { /* Nothing really to do about this. */ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, diff --git a/modules/http2/h2_task.c b/modules/http2/h2_task.c index bbea7b20f8..b7d48a1bf6 100644 --- a/modules/http2/h2_task.c +++ b/modules/http2/h2_task.c @@ -38,6 +38,7 @@ #include "h2_from_h1.h" #include "h2_h2.h" #include "h2_mplx.h" +#include "h2_request.h" #include "h2_session.h" #include "h2_stream.h" #include "h2_task_input.h" @@ -52,35 +53,37 @@ static apr_status_t h2_filter_stream_input(ap_filter_t* filter, ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { - h2_task_env *env = filter->ctx; - AP_DEBUG_ASSERT(env); - if (!env->input) { + h2_task *task = filter->ctx; + AP_DEBUG_ASSERT(task); + if (!task->input) { return APR_ECONNABORTED; } - return h2_task_input_read(env->input, filter, brigade, + return h2_task_input_read(task->input, filter, brigade, mode, block, readbytes); } static apr_status_t h2_filter_stream_output(ap_filter_t* filter, apr_bucket_brigade* brigade) { - h2_task_env *env = filter->ctx; - AP_DEBUG_ASSERT(env); - if (!env->output) { + h2_task *task = filter->ctx; + AP_DEBUG_ASSERT(task); + if (!task->output) { return APR_ECONNABORTED; } - return h2_task_output_write(env->output, filter, brigade); + return h2_task_output_write(task->output, filter, brigade); } static apr_status_t h2_filter_read_response(ap_filter_t* f, apr_bucket_brigade* bb) { - h2_task_env *env = f->ctx; - AP_DEBUG_ASSERT(env); - if (!env->output || !env->output->from_h1) { + h2_task *task = f->ctx; + AP_DEBUG_ASSERT(task); + if (!task->output || !task->output->from_h1) { return APR_ECONNABORTED; } - return h2_from_h1_read_response(env->output->from_h1, f, bb); + return h2_from_h1_read_response(task->output->from_h1, f, bb); } +static apr_status_t h2_task_process_request(h2_task *task); + /******************************************************************************* * Register various hooks */ @@ -119,21 +122,15 @@ static int h2_task_pre_conn(conn_rec* c, void *arg) (void)arg; if (h2_ctx_is_task(ctx)) { - h2_task_env *env = h2_ctx_get_task(ctx); - - /* This connection is a pseudo-connection used for a h2_task. - * Since we read/write directly from it ourselves, we need - * to disable a possible ssl connection filter. - */ - h2_tls_disable(c); + h2_task *task = h2_ctx_get_task(ctx); ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, "h2_h2, pre_connection, found stream task"); /* Add our own, network level in- and output filters. */ - ap_add_input_filter("H2_TO_H1", env, NULL, c); - ap_add_output_filter("H1_TO_H2", env, NULL, c); + ap_add_input_filter("H2_TO_H1", task, NULL, c); + ap_add_output_filter("H1_TO_H2", task, NULL, c); } return OK; } @@ -143,61 +140,43 @@ static int h2_task_process_conn(conn_rec* c) h2_ctx *ctx = h2_ctx_get(c); if (h2_ctx_is_task(ctx)) { - if (!ctx->task_env->serialize_headers) { + if (!ctx->task->serialize_headers) { ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, "h2_h2, processing request directly"); - h2_task_process_request(ctx->task_env); + h2_task_process_request(ctx->task); return DONE; } ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, - "h2_task(%s), serialized handling", ctx->task_env->id); + "h2_task(%s), serialized handling", ctx->task->id); } return DECLINED; } -h2_task *h2_task_create(long session_id, - int stream_id, - apr_pool_t *stream_pool, - h2_mplx *mplx, conn_rec *c) +h2_task *h2_task_create(long session_id, const h2_request *req, + apr_pool_t *pool, h2_mplx *mplx, int eos) { - h2_task *task = apr_pcalloc(stream_pool, sizeof(h2_task)); + h2_task *task = apr_pcalloc(pool, sizeof(h2_task)); if (task == NULL) { - ap_log_perror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, stream_pool, + ap_log_perror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, pool, APLOGNO(02941) "h2_task(%ld-%d): create stream task", - session_id, stream_id); - h2_mplx_out_close(mplx, stream_id); + session_id, req->id); + h2_mplx_out_close(mplx, req->id); return NULL; } - APR_RING_ELEM_INIT(task, link); - - task->id = apr_psprintf(stream_pool, "%ld-%d", session_id, stream_id); - task->stream_id = stream_id; + task->id = apr_psprintf(pool, "%ld-%d", session_id, req->id); + task->stream_id = req->id; + task->pool = pool; task->mplx = mplx; + task->c = h2_conn_create(mplx->c, task->pool); + + task->request = req; + task->input_eos = eos; - task->c = c; - - ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, stream_pool, - "h2_task(%s): created", task->id); return task; } -void h2_task_set_request(h2_task *task, - const char *method, - const char *scheme, - const char *authority, - const char *path, - apr_table_t *headers, int eos) -{ - task->method = method; - task->scheme = scheme; - task->authority = authority; - task->path = path; - task->headers = headers; - task->input_eos = eos; -} - apr_status_t h2_task_destroy(h2_task *task) { (void)task; @@ -208,121 +187,56 @@ apr_status_t h2_task_do(h2_task *task, h2_worker *worker) { apr_status_t status = APR_SUCCESS; h2_config *cfg = h2_config_get(task->mplx->c); - h2_task_env env; AP_DEBUG_ASSERT(task); - memset(&env, 0, sizeof(env)); - - env.id = task->id; - env.stream_id = task->stream_id; - env.mplx = task->mplx; - task->mplx = NULL; - - env.input_eos = task->input_eos; - env.serialize_headers = h2_config_geti(cfg, H2_CONF_SER_HEADERS); - - /* Create a subpool from the worker one to be used for all things - * with life-time of this task_env execution. - */ - apr_pool_create(&env.pool, h2_worker_get_pool(worker)); + task->serialize_headers = h2_config_geti(cfg, H2_CONF_SER_HEADERS); - /* Link the env to the worker which provides useful things such - * as mutex, a socket etc. */ - env.io = h2_worker_get_cond(worker); - - /* Clone fields, so that lifetimes become (more) independent. */ - env.method = apr_pstrdup(env.pool, task->method); - env.scheme = apr_pstrdup(env.pool, task->scheme); - env.authority = apr_pstrdup(env.pool, task->authority); - env.path = apr_pstrdup(env.pool, task->path); - env.headers = apr_table_clone(env.pool, task->headers); + status = h2_worker_setup_task(worker, task); - /* Setup the pseudo connection to use our own pool and bucket_alloc */ - env.c = *task->c; - task->c = NULL; - status = h2_conn_setup(&env, worker); - - /* save in connection that this one is a pseudo connection, prevents - * other hooks from messing with it. */ - h2_ctx_create_for(&env.c, &env); + /* save in connection that this one is a pseudo connection */ + h2_ctx_create_for(task->c, task); if (status == APR_SUCCESS) { - env.input = h2_task_input_create(&env, env.pool, - env.c.bucket_alloc); - env.output = h2_task_output_create(&env, env.pool, - env.c.bucket_alloc); - status = h2_conn_process(&env.c, h2_worker_get_socket(worker)); - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, &env.c, - "h2_task(%s): processing done", env.id); + task->input = h2_task_input_create(task, task->pool, + task->c->bucket_alloc); + task->output = h2_task_output_create(task, task->pool); + + ap_process_connection(task->c, h2_worker_get_socket(worker)); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, task->c, + "h2_task(%s): processing done", task->id); } else { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, &env.c, - APLOGNO(02957) "h2_task(%s): error setting up h2_task_env", - env.id); + ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, task->c, + APLOGNO(02957) "h2_task(%s): error setting up h2_task", + task->id); } - if (env.input) { - h2_task_input_destroy(env.input); - env.input = NULL; + if (task->input) { + h2_task_input_destroy(task->input); + task->input = NULL; } - if (env.output) { - h2_task_output_close(env.output); - h2_task_output_destroy(env.output); - env.output = NULL; + if (task->output) { + h2_task_output_close(task->output); + h2_task_output_destroy(task->output); + task->output = NULL; } - h2_task_set_finished(task); - if (env.io) { - apr_thread_cond_signal(env.io); + if (task->io) { + apr_thread_cond_signal(task->io); } - if (env.pool) { - apr_pool_destroy(env.pool); - env.pool = NULL; - } - - if (env.c.id) { - h2_conn_post(&env.c, worker); - } - - h2_mplx_task_done(env.mplx, env.stream_id); + h2_mplx_task_done(task->mplx, task->stream_id); + h2_worker_release_task(worker, task); return status; } -int h2_task_has_started(h2_task *task) -{ - AP_DEBUG_ASSERT(task); - return apr_atomic_read32(&task->has_started); -} - -void h2_task_set_started(h2_task *task) +static request_rec *h2_task_create_request(h2_task *task) { - AP_DEBUG_ASSERT(task); - apr_atomic_set32(&task->has_started, 1); -} - -int h2_task_has_finished(h2_task *task) -{ - return apr_atomic_read32(&task->has_finished); -} - -void h2_task_set_finished(h2_task *task) -{ - apr_atomic_set32(&task->has_finished, 1); -} - -void h2_task_die(h2_task_env *env, int status, request_rec *r) -{ - (void)env; - ap_die(status, r); -} - -static request_rec *h2_task_create_request(h2_task_env *env) -{ - conn_rec *conn = &env->c; + conn_rec *conn = task->c; request_rec *r; apr_pool_t *p; int access_status = HTTP_OK; @@ -340,7 +254,7 @@ static request_rec *h2_task_create_request(h2_task_env *env) r->allowed_methods = ap_make_method_list(p, 2); - r->headers_in = apr_table_copy(r->pool, env->headers); + r->headers_in = apr_table_copy(r->pool, task->request->headers); r->trailers_in = apr_table_make(r->pool, 5); r->subprocess_env = apr_table_make(r->pool, 25); r->headers_out = apr_table_make(r->pool, 12); @@ -379,18 +293,19 @@ static request_rec *h2_task_create_request(h2_task_env *env) /* Time to populate r with the data we have. */ r->request_time = apr_time_now(); - r->the_request = apr_psprintf(r->pool, "%s %s HTTP/1.1", - env->method, env->path); - r->method = env->method; + r->method = task->request->method; /* Provide quick information about the request method as soon as known */ r->method_number = ap_method_number_of(r->method); if (r->method_number == M_GET && r->method[0] == 'H') { r->header_only = 1; } - ap_parse_uri(r, env->path); + ap_parse_uri(r, task->request->path); r->protocol = (char*)"HTTP/2"; r->proto_num = HTTP_VERSION(2, 0); + + r->the_request = apr_psprintf(r->pool, "%s %s %s", + r->method, task->request->path, r->protocol); /* update what we think the virtual host is based on the headers we've * now read. may update status. @@ -417,7 +332,7 @@ static request_rec *h2_task_create_request(h2_task_env *env) /* Request check post hooks failed. An example of this would be a * request for a vhost where h2 is disabled --> 421. */ - h2_task_die(env, access_status, r); + ap_die(access_status, r); ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); ap_run_log_transaction(r); r = NULL; @@ -434,13 +349,13 @@ traceout: } -apr_status_t h2_task_process_request(h2_task_env *env) +static apr_status_t h2_task_process_request(h2_task *task) { - conn_rec *c = &env->c; + conn_rec *c = task->c; request_rec *r; conn_state_t *cs = c->cs; - r = h2_task_create_request(env); + r = h2_task_create_request(task); if (r && (r->status == HTTP_OK)) { ap_update_child_status(c->sbh, SERVER_BUSY_READ, r); @@ -454,6 +369,8 @@ apr_status_t h2_task_process_request(h2_task_env *env) * will result in a segfault immediately instead * of nondeterministic failures later. */ + if (cs) + cs->state = CONN_STATE_WRITE_COMPLETION; r = NULL; } ap_update_child_status(c->sbh, SERVER_BUSY_WRITE, NULL); diff --git a/modules/http2/h2_task.h b/modules/http2/h2_task.h index b66ce38c25..7cf0f20de2 100644 --- a/modules/http2/h2_task.h +++ b/modules/http2/h2_task.h @@ -39,149 +39,39 @@ struct apr_thread_cond_t; struct h2_conn; struct h2_mplx; struct h2_task; +struct h2_request; struct h2_resp_head; struct h2_worker; typedef struct h2_task h2_task; struct h2_task { - /** Links to the rest of the tasks */ - APR_RING_ENTRY(h2_task) link; - const char *id; int stream_id; struct h2_mplx *mplx; - volatile apr_uint32_t has_started; - volatile apr_uint32_t has_finished; - - const char *method; - const char *scheme; - const char *authority; - const char *path; - apr_table_t *headers; + const struct h2_request *request; int input_eos; - struct conn_rec *c; -}; + int serialize_headers; -typedef struct h2_task_env h2_task_env; + struct conn_rec *c; -struct h2_task_env { - const char *id; - int stream_id; - struct h2_mplx *mplx; - apr_pool_t *pool; /* pool for task lifetime things */ apr_bucket_alloc_t *bucket_alloc; - - const char *method; - const char *scheme; - const char *authority; - const char *path; - apr_table_t *headers; - int input_eos; - - int serialize_headers; - - struct conn_rec c; struct h2_task_input *input; struct h2_task_output *output; struct apr_thread_cond_t *io; /* used to wait for events on */ }; -/** - * The magic pointer value that indicates the head of a h2_task list - * @param b The task list - * @return The magic pointer value - */ -#define H2_TASK_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_task, link) - -/** - * Determine if the task list is empty - * @param b The list to check - * @return true or false - */ -#define H2_TASK_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_task, link) - -/** - * Return the first task in a list - * @param b The list to query - * @return The first task in the list - */ -#define H2_TASK_LIST_FIRST(b) APR_RING_FIRST(b) - -/** - * Return the last task in a list - * @param b The list to query - * @return The last task int he list - */ -#define H2_TASK_LIST_LAST(b) APR_RING_LAST(b) - -/** - * Insert a single task at the front of a list - * @param b The list to add to - * @param e The task to insert - */ -#define H2_TASK_LIST_INSERT_HEAD(b, e) do { \ - h2_task *ap__b = (e); \ - APR_RING_INSERT_HEAD((b), ap__b, h2_task, link); \ -} while (0) - -/** - * Insert a single task at the end of a list - * @param b The list to add to - * @param e The task to insert - */ -#define H2_TASK_LIST_INSERT_TAIL(b, e) do { \ - h2_task *ap__b = (e); \ - APR_RING_INSERT_TAIL((b), ap__b, h2_task, link); \ -} while (0) - -/** - * Get the next task in the list - * @param e The current task - * @return The next task - */ -#define H2_TASK_NEXT(e) APR_RING_NEXT((e), link) -/** - * Get the previous task in the list - * @param e The current task - * @return The previous task - */ -#define H2_TASK_PREV(e) APR_RING_PREV((e), link) - -/** - * Remove a task from its list - * @param e The task to remove - */ -#define H2_TASK_REMOVE(e) APR_RING_REMOVE((e), link) - - -h2_task *h2_task_create(long session_id, int stream_id, - apr_pool_t *pool, struct h2_mplx *mplx, - conn_rec *c); +h2_task *h2_task_create(long session_id, const struct h2_request *req, + apr_pool_t *pool, struct h2_mplx *mplx, int eos); apr_status_t h2_task_destroy(h2_task *task); -void h2_task_set_request(h2_task *task, - const char *method, - const char *scheme, - const char *authority, - const char *path, - apr_table_t *headers, int eos); - - apr_status_t h2_task_do(h2_task *task, struct h2_worker *worker); -apr_status_t h2_task_process_request(h2_task_env *env); - -int h2_task_has_started(h2_task *task); -void h2_task_set_started(h2_task *task); -int h2_task_has_finished(h2_task *task); -void h2_task_set_finished(h2_task *task); void h2_task_register_hooks(void); -void h2_task_die(h2_task_env *env, int status, request_rec *r); #endif /* defined(__mod_h2__h2_task__) */ diff --git a/modules/http2/h2_task_input.c b/modules/http2/h2_task_input.c index 487f7e6069..49be7cfd22 100644 --- a/modules/http2/h2_task_input.c +++ b/modules/http2/h2_task_input.c @@ -23,6 +23,7 @@ #include "h2_private.h" #include "h2_conn.h" #include "h2_mplx.h" +#include "h2_request.h" #include "h2_session.h" #include "h2_stream.h" #include "h2_task_input.h" @@ -42,49 +43,34 @@ static int ser_header(void *ctx, const char *name, const char *value) return 1; } -h2_task_input *h2_task_input_create(h2_task_env *env, apr_pool_t *pool, +h2_task_input *h2_task_input_create(h2_task *task, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc) { h2_task_input *input = apr_pcalloc(pool, sizeof(h2_task_input)); if (input) { - input->env = env; + input->task = task; input->bb = NULL; - if (env->serialize_headers) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, &env->c, + if (task->serialize_headers) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, task->c, "h2_task_input(%s): serialize request %s %s", - env->id, env->method, env->path); + task->id, task->request->method, task->request->path); input->bb = apr_brigade_create(pool, bucket_alloc); apr_brigade_printf(input->bb, NULL, NULL, "%s %s HTTP/1.1\r\n", - env->method, env->path); - apr_table_do(ser_header, input, env->headers, NULL); + task->request->method, task->request->path); + apr_table_do(ser_header, input, task->request->headers, NULL); apr_brigade_puts(input->bb, NULL, NULL, "\r\n"); - if (input->env->input_eos) { + if (input->task->input_eos) { APR_BRIGADE_INSERT_TAIL(input->bb, apr_bucket_eos_create(bucket_alloc)); } } - else if (!input->env->input_eos) { + else if (!input->task->input_eos) { input->bb = apr_brigade_create(pool, bucket_alloc); } else { /* We do not serialize and have eos already, no need to * create a bucket brigade. */ } - - if (APLOGcdebug(&env->c)) { - char buffer[1024]; - apr_size_t len = sizeof(buffer)-1; - if (input->bb) { - apr_brigade_flatten(input->bb, buffer, &len); - } - else { - len = 0; - } - buffer[len] = 0; - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, &env->c, - "h2_task_input(%s): request is: %s", - env->id, buffer); - } } return input; } @@ -104,32 +90,31 @@ apr_status_t h2_task_input_read(h2_task_input *input, apr_status_t status = APR_SUCCESS; apr_off_t bblen = 0; - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, "h2_task_input(%s): read, block=%d, mode=%d, readbytes=%ld", - input->env->id, block, mode, (long)readbytes); + input->task->id, block, mode, (long)readbytes); + + if (mode == AP_MODE_INIT) { + return ap_get_brigade(f->c->input_filters, bb, mode, block, readbytes); + } if (is_aborted(f)) { ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, - "h2_task_input(%s): is aborted", - input->env->id); + "h2_task_input(%s): is aborted", input->task->id); return APR_ECONNABORTED; } - if (mode == AP_MODE_INIT) { - return APR_SUCCESS; - } - if (input->bb) { status = apr_brigade_length(input->bb, 1, &bblen); if (status != APR_SUCCESS) { ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, f->c, APLOGNO(02958) "h2_task_input(%s): brigade length fail", - input->env->id); + input->task->id); return status; } } - if ((bblen == 0) && input->env->input_eos) { + if ((bblen == 0) && input->task->input_eos) { return APR_EOF; } @@ -139,19 +124,19 @@ apr_status_t h2_task_input_read(h2_task_input *input, ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_input(%s): get more data from mplx, block=%d, " "readbytes=%ld, queued=%ld", - input->env->id, block, + input->task->id, block, (long)readbytes, (long)bblen); /* Although we sometimes get called with APR_NONBLOCK_READs, we seem to fill our buffer blocking. Otherwise we get EAGAIN, return that to our caller and everyone throws up their hands, never calling us again. */ - status = h2_mplx_in_read(input->env->mplx, APR_BLOCK_READ, - input->env->stream_id, input->bb, - input->env->io); + status = h2_mplx_in_read(input->task->mplx, APR_BLOCK_READ, + input->task->stream_id, input->bb, + input->task->io); ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_input(%s): mplx in read returned", - input->env->id); + input->task->id); if (status != APR_SUCCESS) { return status; } @@ -160,27 +145,27 @@ apr_status_t h2_task_input_read(h2_task_input *input, return status; } if ((bblen == 0) && (block == APR_NONBLOCK_READ)) { - return h2_util_has_eos(input->bb, 0)? APR_EOF : APR_EAGAIN; + return h2_util_has_eos(input->bb, -1)? APR_EOF : APR_EAGAIN; } ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_input(%s): mplx in read, %ld bytes in brigade", - input->env->id, (long)bblen); + input->task->id, (long)bblen); } ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_input(%s): read, mode=%d, block=%d, " "readbytes=%ld, queued=%ld", - input->env->id, mode, block, + input->task->id, mode, block, (long)readbytes, (long)bblen); if (!APR_BRIGADE_EMPTY(input->bb)) { if (mode == AP_MODE_EXHAUSTIVE) { /* return all we have */ - return h2_util_move(bb, input->bb, readbytes, 0, + return h2_util_move(bb, input->bb, readbytes, NULL, "task_input_read(exhaustive)"); } else if (mode == AP_MODE_READBYTES) { - return h2_util_move(bb, input->bb, readbytes, 0, + return h2_util_move(bb, input->bb, readbytes, NULL, "task_input_read(readbytes)"); } else if (mode == AP_MODE_SPECULATIVE) { @@ -199,7 +184,7 @@ apr_status_t h2_task_input_read(h2_task_input *input, buffer[len] = 0; ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_input(%s): getline: %s", - input->env->id, buffer); + input->task->id, buffer); } return status; } diff --git a/modules/http2/h2_task_input.h b/modules/http2/h2_task_input.h index 32adc1770d..ed0a99faba 100644 --- a/modules/http2/h2_task_input.h +++ b/modules/http2/h2_task_input.h @@ -22,16 +22,16 @@ */ struct apr_thread_cond_t; struct h2_mplx; -struct h2_task_env; +struct h2_task; typedef struct h2_task_input h2_task_input; struct h2_task_input { - struct h2_task_env *env; + struct h2_task *task; apr_bucket_brigade *bb; }; -h2_task_input *h2_task_input_create(struct h2_task_env *env, apr_pool_t *pool, +h2_task_input *h2_task_input_create(struct h2_task *task, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc); void h2_task_input_destroy(h2_task_input *input); diff --git a/modules/http2/h2_task_output.c b/modules/http2/h2_task_output.c index 879cb5fa21..06a5d7aafb 100644 --- a/modules/http2/h2_task_output.c +++ b/modules/http2/h2_task_output.c @@ -24,6 +24,7 @@ #include "h2_private.h" #include "h2_conn.h" #include "h2_mplx.h" +#include "h2_request.h" #include "h2_session.h" #include "h2_stream.h" #include "h2_from_h1.h" @@ -33,16 +34,14 @@ #include "h2_util.h" -h2_task_output *h2_task_output_create(h2_task_env *env, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc) +h2_task_output *h2_task_output_create(h2_task *task, apr_pool_t *pool) { h2_task_output *output = apr_pcalloc(pool, sizeof(h2_task_output)); - (void)bucket_alloc; if (output) { - output->env = env; + output->task = task; output->state = H2_TASK_OUT_INIT; - output->from_h1 = h2_from_h1_create(env->stream_id, pool); + output->from_h1 = h2_from_h1_create(task->stream_id, pool); if (!output->from_h1) { return NULL; } @@ -73,18 +72,19 @@ static apr_status_t open_if_needed(h2_task_output *output, ap_filter_t *f, ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, "h2_task_output(%s): write without response " "for %s %s %s", - output->env->id, output->env->method, - output->env->authority, output->env->path); + output->task->id, output->task->request->method, + output->task->request->authority, + output->task->request->path); f->c->aborted = 1; } - if (output->env->io) { - apr_thread_cond_broadcast(output->env->io); + if (output->task->io) { + apr_thread_cond_broadcast(output->task->io); } return APR_ECONNABORTED; } - return h2_mplx_out_open(output->env->mplx, output->env->stream_id, - response, f, bb, output->env->io); + return h2_mplx_out_open(output->task->mplx, output->task->stream_id, + response, f, bb, output->task->io); } return APR_EOF; } @@ -93,7 +93,7 @@ void h2_task_output_close(h2_task_output *output) { open_if_needed(output, NULL, NULL); if (output->state != H2_TASK_OUT_DONE) { - h2_mplx_out_close(output->env->mplx, output->env->stream_id); + h2_mplx_out_close(output->task->mplx, output->task->stream_id); output->state = H2_TASK_OUT_DONE; } } @@ -113,7 +113,7 @@ apr_status_t h2_task_output_write(h2_task_output *output, apr_status_t status; if (APR_BRIGADE_EMPTY(bb)) { ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, - "h2_task_output(%s): empty write", output->env->id); + "h2_task_output(%s): empty write", output->task->id); return APR_SUCCESS; } @@ -121,12 +121,12 @@ apr_status_t h2_task_output_write(h2_task_output *output, if (status != APR_EOF) { ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, "h2_task_output(%s): opened and passed brigade", - output->env->id); + output->task->id); return status; } ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, - "h2_task_output(%s): write brigade", output->env->id); - return h2_mplx_out_write(output->env->mplx, output->env->stream_id, - f, bb, output->env->io); + "h2_task_output(%s): write brigade", output->task->id); + return h2_mplx_out_write(output->task->mplx, output->task->stream_id, + f, bb, output->task->io); } diff --git a/modules/http2/h2_task_output.h b/modules/http2/h2_task_output.h index 86571a1e10..a326c49096 100644 --- a/modules/http2/h2_task_output.h +++ b/modules/http2/h2_task_output.h @@ -23,7 +23,7 @@ */ struct apr_thread_cond_t; struct h2_mplx; -struct h2_task_env; +struct h2_task; struct h2_from_h1; typedef enum { @@ -35,13 +35,12 @@ typedef enum { typedef struct h2_task_output h2_task_output; struct h2_task_output { - struct h2_task_env *env; + struct h2_task *task; h2_task_output_state_t state; struct h2_from_h1 *from_h1; }; -h2_task_output *h2_task_output_create(struct h2_task_env *env, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc); +h2_task_output *h2_task_output_create(struct h2_task *task, apr_pool_t *pool); void h2_task_output_destroy(h2_task_output *output); diff --git a/modules/http2/h2_task_queue.c b/modules/http2/h2_task_queue.c index a81cc100fb..23bad194b9 100644 --- a/modules/http2/h2_task_queue.c +++ b/modules/http2/h2_task_queue.c @@ -23,65 +23,158 @@ #include "h2_task_queue.h" -h2_task_queue *h2_tq_create(long id, apr_pool_t *pool) +static void tq_grow(h2_task_queue *q, int nlen); +static void tq_swap(h2_task_queue *q, int i, int j); +static int tq_bubble_up(h2_task_queue *q, int i, int top, + h2_tq_cmp *cmp, void *ctx); +static int tq_bubble_down(h2_task_queue *q, int i, int bottom, + h2_tq_cmp *cmp, void *ctx); + +h2_task_queue *h2_tq_create(apr_pool_t *pool, int capacity) { h2_task_queue *q = apr_pcalloc(pool, sizeof(h2_task_queue)); if (q) { - q->id = id; - APR_RING_ELEM_INIT(q, link); - APR_RING_INIT(&q->tasks, h2_task, link); + q->pool = pool; + tq_grow(q, capacity); + q->nelts = 0; } return q; } -void h2_tq_destroy(h2_task_queue *q) +int h2_tq_empty(h2_task_queue *q) +{ + return q->nelts == 0; +} + +void h2_tq_add(h2_task_queue *q, int sid, h2_tq_cmp *cmp, void *ctx) { - while (!H2_TASK_LIST_EMPTY(&q->tasks)) { - h2_task *task = H2_TASK_LIST_FIRST(&q->tasks); - H2_TASK_REMOVE(task); + int i; + + if (q->nelts >= q->nalloc) { + tq_grow(q, q->nalloc * 2); } + + i = (q->head + q->nelts) % q->nalloc; + q->elts[i] = sid; + ++q->nelts; + + /* bubble it to the front of the queue */ + tq_bubble_up(q, i, q->head, cmp, ctx); } -static int in_list(h2_task_queue *q, h2_task *task) +int h2_tq_remove(h2_task_queue *q, int sid) { - h2_task *e; - for (e = H2_TASK_LIST_FIRST(&q->tasks); - e != H2_TASK_LIST_SENTINEL(&q->tasks); - e = H2_TASK_NEXT(e)) { - if (e == task) { - return 1; + int i; + for (i = 0; i < q->nelts; ++i) { + if (sid == q->elts[(q->head + i) % q->nalloc]) { + break; } } + + if (i < q->nelts) { + ++i; + for (; i < q->nelts; ++i) { + q->elts[(q->head+i-1)%q->nalloc] = q->elts[(q->head+i)%q->nalloc]; + } + --q->nelts; + return 1; + } return 0; } -int h2_tq_empty(h2_task_queue *q) +void h2_tq_sort(h2_task_queue *q, h2_tq_cmp *cmp, void *ctx) { - return H2_TASK_LIST_EMPTY(&q->tasks); + /* Assume that changes in ordering are minimal. This needs, + * best case, q->nelts - 1 comparisions to check that nothing + * changed. + */ + if (q->nelts > 0) { + int i, ni, prev, last; + + /* Start at the end of the queue and create a tail of sorted + * entries. Make that tail one element longer in each iteration. + */ + last = i = (q->head + q->nelts - 1) % q->nalloc; + while (i != q->head) { + prev = (q->nalloc + i - 1) % q->nalloc; + + ni = tq_bubble_up(q, i, prev, cmp, ctx); + if (ni == prev) { + /* i bubbled one up, bubble the new i down, which + * keeps all tasks below i sorted. */ + tq_bubble_down(q, i, last, cmp, ctx); + } + i = prev; + }; + } +} + + +int h2_tq_shift(h2_task_queue *q) +{ + int sid; + + if (q->nelts <= 0) { + return 0; + } + + sid = q->elts[q->head]; + q->head = (q->head + 1) % q->nalloc; + q->nelts--; + + return sid; +} + +static void tq_grow(h2_task_queue *q, int nlen) +{ + AP_DEBUG_ASSERT(q->nalloc <= nlen); + if (nlen > q->nalloc) { + int *nq = apr_pcalloc(q->pool, sizeof(h2_task *) * nlen); + if (q->nelts > 0) { + int l = ((q->head + q->nelts) % q->nalloc) - q->head; + + memmove(nq, q->elts + q->head, sizeof(int) * l); + if (l < q->nelts) { + /* elts wrapped, append elts in [0, remain] to nq */ + int remain = q->nelts - l; + memmove(nq + l, q->elts, sizeof(int) * remain); + } + } + q->elts = nq; + q->nalloc = nlen; + q->head = 0; + } } -void h2_tq_append(h2_task_queue *q, struct h2_task *task) +static void tq_swap(h2_task_queue *q, int i, int j) { - H2_TASK_LIST_INSERT_TAIL(&q->tasks, task); + int x = q->elts[i]; + q->elts[i] = q->elts[j]; + q->elts[j] = x; } -apr_status_t h2_tq_remove(h2_task_queue *q, struct h2_task *task) +static int tq_bubble_up(h2_task_queue *q, int i, int top, + h2_tq_cmp *cmp, void *ctx) { - if (in_list(q, task)) { - H2_TASK_REMOVE(task); - return APR_SUCCESS; + int prev; + while (((prev = (q->nalloc + i - 1) % q->nalloc), i != top) + && (*cmp)(q->elts[i], q->elts[prev], ctx) < 0) { + tq_swap(q, prev, i); + i = prev; } - return APR_NOTFOUND; + return i; } -h2_task *h2_tq_pop_first(h2_task_queue *q) +static int tq_bubble_down(h2_task_queue *q, int i, int bottom, + h2_tq_cmp *cmp, void *ctx) { - if (!H2_TASK_LIST_EMPTY(&q->tasks)) { - h2_task *task = H2_TASK_LIST_FIRST(&q->tasks); - H2_TASK_REMOVE(task); - return task; + int next; + while (((next = (q->nalloc + i + 1) % q->nalloc), i != bottom) + && (*cmp)(q->elts[i], q->elts[next], ctx) > 0) { + tq_swap(q, next, i); + i = next; } - return NULL; + return i; } diff --git a/modules/http2/h2_task_queue.h b/modules/http2/h2_task_queue.h index d93d74ac50..dcc46d037a 100644 --- a/modules/http2/h2_task_queue.h +++ b/modules/http2/h2_task_queue.h @@ -19,29 +19,38 @@ struct h2_task; /** - * A simple ring of rings that keeps a list of h2_tasks and can - * be ringed itself, using the APR RING macros. + * h2_task_queue keeps a list of sorted h2_task* in ascending order. */ typedef struct h2_task_queue h2_task_queue; struct h2_task_queue { - APR_RING_ENTRY(h2_task_queue) link; - APR_RING_HEAD(h2_tasks, h2_task) tasks; - long id; + int *elts; + int head; + int nelts; + int nalloc; + apr_pool_t *pool; }; /** - * Allocate a new queue from the pool and initialize. - * @param id the identifier of the queue - * @param pool the memory pool + * Comparator for two task to determine their order. + * + * @param s1 stream id to compare + * @param s2 stream id to compare + * @param ctx provided user data + * @return value is the same as for strcmp() and has the effect: + * == 0: s1 and s2 are treated equal in ordering + * < 0: s1 should be sorted before s2 + * > 0: s2 should be sorted before s1 */ -h2_task_queue *h2_tq_create(long id, apr_pool_t *pool); +typedef int h2_tq_cmp(int s1, int s2, void *ctx); + /** - * Release all queue tasks. - * @param q the queue to destroy + * Allocate a new queue from the pool and initialize. + * @param id the identifier of the queue + * @param pool the memory pool */ -void h2_tq_destroy(h2_task_queue *q); +h2_task_queue *h2_tq_create(apr_pool_t *pool, int capacity); /** * Return != 0 iff there are no tasks in the queue. @@ -50,99 +59,41 @@ void h2_tq_destroy(h2_task_queue *q); int h2_tq_empty(h2_task_queue *q); /** - * Append the task to the end of the queue. + * Add a stream idto the queue. + * * @param q the queue to append the task to - * @param task the task to append - */ -void h2_tq_append(h2_task_queue *q, struct h2_task *task); - -/** - * Remove a task from the queue. Return APR_SUCCESS if the task - * was indeed queued, APR_NOTFOUND otherwise. - * @param q the queue to remove from - * @param task the task to remove - */ -apr_status_t h2_tq_remove(h2_task_queue *q, struct h2_task *task); - -/** - * Get the first task from the queue or NULL if the queue is empty. The - * task will be removed. - * @param q the queue to pop the first task from - */ -h2_task *h2_tq_pop_first(h2_task_queue *q); - -/******************************************************************************* - * Queue Manipulation. - ******************************************************************************/ - -/** - * The magic pointer value that indicates the head of a h2_task_queue list - * @param b The queue list - * @return The magic pointer value + * @param sid the stream id to add + * @param cmp the comparator for sorting + * @param ctx user data for comparator */ -#define H2_TQ_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_task_queue, link) +void h2_tq_add(h2_task_queue *q, int sid, h2_tq_cmp *cmp, void *ctx); /** - * Determine if the queue list is empty - * @param b The list to check - * @return true or false + * Remove the stream id from the queue. Return != 0 iff task + * was found in queue. + * @param q the task queue + * @param sid the stream id to remove + * @return != 0 iff task was found in queue */ -#define H2_TQ_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_task_queue, link) +int h2_tq_remove(h2_task_queue *q, int sid); /** - * Return the first queue in a list - * @param b The list to query - * @return The first queue in the list - */ -#define H2_TQ_LIST_FIRST(b) APR_RING_FIRST(b) - -/** - * Return the last queue in a list - * @param b The list to query - * @return The last queue int he list - */ -#define H2_TQ_LIST_LAST(b) APR_RING_LAST(b) - -/** - * Insert a single queue at the front of a list - * @param b The list to add to - * @param e The queue to insert - */ -#define H2_TQ_LIST_INSERT_HEAD(b, e) do { \ -h2_task_queue *ap__b = (e); \ -APR_RING_INSERT_HEAD((b), ap__b, h2_task_queue, link); \ -} while (0) - -/** - * Insert a single queue at the end of a list - * @param b The list to add to - * @param e The queue to insert - */ -#define H2_TQ_LIST_INSERT_TAIL(b, e) do { \ -h2_task_queue *ap__b = (e); \ -APR_RING_INSERT_TAIL((b), ap__b, h2_task_queue, link); \ -} while (0) - -/** - * Get the next queue in the list - * @param e The current queue - * @return The next queue - */ -#define H2_TQ_NEXT(e) APR_RING_NEXT((e), link) -/** - * Get the previous queue in the list - * @param e The current queue - * @return The previous queue + * Sort the stream idqueue again. Call if the task ordering + * has changed. + * + * @param q the queue to sort + * @param cmp the comparator for sorting + * @param ctx user data for the comparator */ -#define H2_TQ_PREV(e) APR_RING_PREV((e), link) +void h2_tq_sort(h2_task_queue *q, h2_tq_cmp *cmp, void *ctx); /** - * Remove a queue from its list - * @param e The queue to remove + * Get the first stream id from the queue or NULL if the queue is empty. + * The task will be removed. + * + * @param q the queue to get the first task from + * @return the first stream id of the queue, 0 if empty */ -#define H2_TQ_REMOVE(e) APR_RING_REMOVE((e), link) - - -#define H2_TQ_EMPTY(e) H2_TASK_LIST_EMPTY(&(e)->tasks) +int h2_tq_shift(h2_task_queue *q); #endif /* defined(__mod_h2__h2_task_queue__) */ diff --git a/modules/http2/h2_to_h1.c b/modules/http2/h2_to_h1.c deleted file mode 100644 index 8dacfe801f..0000000000 --- a/modules/http2/h2_to_h1.c +++ /dev/null @@ -1,305 +0,0 @@ -/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include - -#include -#include -#include -#include - -#include "h2_private.h" -#include "h2_mplx.h" -#include "h2_response.h" -#include "h2_task.h" -#include "h2_to_h1.h" -#include "h2_util.h" - - -h2_to_h1 *h2_to_h1_create(int stream_id, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc, - const char *method, - const char *scheme, - const char *authority, - const char *path, - struct h2_mplx *m) -{ - h2_to_h1 *to_h1; - if (!method) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, m->c, - APLOGNO(02943) - "h2_to_h1: header start but :method missing"); - return NULL; - } - if (!path) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, m->c, - APLOGNO(02944) - "h2_to_h1: header start but :path missing"); - return NULL; - } - - to_h1 = apr_pcalloc(pool, sizeof(h2_to_h1)); - if (to_h1) { - to_h1->stream_id = stream_id; - to_h1->pool = pool; - to_h1->method = method; - to_h1->scheme = scheme; - to_h1->authority = authority; - to_h1->path = path; - to_h1->m = m; - to_h1->headers = apr_table_make(to_h1->pool, 10); - to_h1->bb = apr_brigade_create(pool, bucket_alloc); - to_h1->chunked = 0; /* until we see a content-type and no length */ - to_h1->content_len = -1; - } - return to_h1; -} - -void h2_to_h1_destroy(h2_to_h1 *to_h1) -{ - to_h1->bb = NULL; -} - -apr_status_t h2_to_h1_add_header(h2_to_h1 *to_h1, - const char *name, size_t nlen, - const char *value, size_t vlen) -{ - char *hname, *hvalue; - if (H2_HD_MATCH_LIT("transfer-encoding", name, nlen)) { - if (!apr_strnatcasecmp("chunked", value)) { - /* This should never arrive here in a HTTP/2 request */ - ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_BADARG, to_h1->m->c, - APLOGNO(02945) - "h2_to_h1: 'transfer-encoding: chunked' received"); - return APR_BADARG; - } - } - else if (H2_HD_MATCH_LIT("content-length", name, nlen)) { - char *end; - to_h1->content_len = apr_strtoi64(value, &end, 10); - if (value == end) { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, to_h1->m->c, - APLOGNO(02959) - "h2_request(%d): content-length value not parsed: %s", - to_h1->stream_id, value); - return APR_EINVAL; - } - to_h1->remain_len = to_h1->content_len; - to_h1->chunked = 0; - } - else if (H2_HD_MATCH_LIT("content-type", name, nlen)) { - /* If we see a content-type and have no length (yet), - * we need to chunk. */ - to_h1->chunked = (to_h1->content_len == -1); - } - else if ((to_h1->seen_host && H2_HD_MATCH_LIT("host", name, nlen)) - || H2_HD_MATCH_LIT("expect", name, nlen) - || H2_HD_MATCH_LIT("upgrade", name, nlen) - || H2_HD_MATCH_LIT("connection", name, nlen) - || H2_HD_MATCH_LIT("proxy-connection", name, nlen) - || H2_HD_MATCH_LIT("keep-alive", name, nlen) - || H2_HD_MATCH_LIT("http2-settings", name, nlen)) { - /* ignore these. */ - return APR_SUCCESS; - } - else if (H2_HD_MATCH_LIT("cookie", name, nlen)) { - const char *existing = apr_table_get(to_h1->headers, "cookie"); - if (existing) { - char *nval; - - /* Cookie headers come separately in HTTP/2, but need - * to be merged by "; " (instead of default ", ") - */ - hvalue = apr_pstrndup(to_h1->pool, value, vlen); - nval = apr_psprintf(to_h1->pool, "%s; %s", existing, hvalue); - apr_table_setn(to_h1->headers, "Cookie", nval); - return APR_SUCCESS; - } - } - else if (H2_HD_MATCH_LIT("host", name, nlen)) { - to_h1->seen_host = 1; - } - - hname = apr_pstrndup(to_h1->pool, name, nlen); - hvalue = apr_pstrndup(to_h1->pool, value, vlen); - h2_util_camel_case_header(hname, nlen); - apr_table_mergen(to_h1->headers, hname, hvalue); - - return APR_SUCCESS; -} - -static int set_header(void *ctx, const char *key, const char *value) -{ - h2_to_h1 *to_h1 = (h2_to_h1*)ctx; - h2_to_h1_add_header(to_h1, key, strlen(key), value, strlen(value)); - return 1; -} - -apr_status_t h2_to_h1_add_headers(h2_to_h1 *to_h1, apr_table_t *headers) -{ - apr_table_do(set_header, to_h1, headers, NULL); - return APR_SUCCESS; -} - -apr_status_t h2_to_h1_end_headers(h2_to_h1 *to_h1, h2_task *task, int eos) -{ - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, to_h1->m->c, - "h2_to_h1(%ld-%d): end headers", - to_h1->m->id, to_h1->stream_id); - - if (to_h1->eoh) { - return APR_EINVAL; - } - - if (!to_h1->seen_host) { - /* Need to add a "Host" header if not already there to - * make virtual hosts work correctly. */ - if (!to_h1->authority) { - return APR_BADARG; - } - apr_table_set(to_h1->headers, "Host", to_h1->authority); - } - - if (eos && to_h1->chunked) { - /* We had chunking figured out, but the EOS is already there. - * unmark chunking and set a definitive content-length. - */ - to_h1->chunked = 0; - apr_table_setn(to_h1->headers, "Content-Length", "0"); - } - else if (to_h1->chunked) { - /* We have not seen a content-length. We therefore must - * pass any request content in chunked form. - */ - apr_table_mergen(to_h1->headers, "Transfer-Encoding", "chunked"); - } - - h2_task_set_request(task, to_h1->method, - to_h1->scheme, - to_h1->authority, - to_h1->path, - to_h1->headers, eos); - to_h1->eoh = 1; - - if (eos) { - apr_status_t status = h2_to_h1_close(to_h1); - if (status != APR_SUCCESS) { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, to_h1->m->c, - APLOGNO(02960) - "h2_to_h1(%ld-%d): end headers, eos=%d", - to_h1->m->id, to_h1->stream_id, eos); - } - return status; - } - return APR_SUCCESS; -} - -static apr_status_t flush(apr_bucket_brigade *bb, void *ctx) -{ - (void)bb; - return h2_to_h1_flush((h2_to_h1*)ctx); -} - -static apr_status_t h2_to_h1_add_data_raw(h2_to_h1 *to_h1, - const char *data, size_t len) -{ - apr_status_t status = APR_SUCCESS; - - if (to_h1->eos || !to_h1->eoh) { - return APR_EINVAL; - } - - status = apr_brigade_write(to_h1->bb, flush, to_h1, data, len); - if (status == APR_SUCCESS) { - status = h2_to_h1_flush(to_h1); - } - return status; -} - - -apr_status_t h2_to_h1_add_data(h2_to_h1 *to_h1, - const char *data, size_t len) -{ - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, to_h1->m->c, - "h2_to_h1(%ld-%d): add %ld data bytes", - to_h1->m->id, to_h1->stream_id, (long)len); - - if (to_h1->chunked) { - /* if input may have a body and we have not seen any - * content-length header, we need to chunk the input data. - */ - apr_status_t status = apr_brigade_printf(to_h1->bb, NULL, NULL, - "%lx\r\n", (unsigned long)len); - if (status == APR_SUCCESS) { - status = h2_to_h1_add_data_raw(to_h1, data, len); - if (status == APR_SUCCESS) { - status = apr_brigade_puts(to_h1->bb, NULL, NULL, "\r\n"); - } - } - return status; - } - else { - to_h1->remain_len -= len; - if (to_h1->remain_len < 0) { - ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, to_h1->m->c, - APLOGNO(02961) - "h2_to_h1(%ld-%d): got %ld more content bytes than announced " - "in content-length header: %ld", - to_h1->m->id, to_h1->stream_id, - (long)to_h1->content_len, -(long)to_h1->remain_len); - } - return h2_to_h1_add_data_raw(to_h1, data, len); - } -} - -apr_status_t h2_to_h1_flush(h2_to_h1 *to_h1) -{ - apr_status_t status = APR_SUCCESS; - if (!APR_BRIGADE_EMPTY(to_h1->bb)) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, to_h1->m->c, - "h2_to_h1(%ld-%d): flush request bytes", - to_h1->m->id, to_h1->stream_id); - - status = h2_mplx_in_write(to_h1->m, to_h1->stream_id, to_h1->bb); - if (status != APR_SUCCESS) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, status, to_h1->m->c, - APLOGNO(02946) "h2_request(%d): pushing request data", - to_h1->stream_id); - } - } - return status; -} - -apr_status_t h2_to_h1_close(h2_to_h1 *to_h1) -{ - apr_status_t status = APR_SUCCESS; - if (!to_h1->eos) { - if (to_h1->chunked) { - status = h2_to_h1_add_data_raw(to_h1, "0\r\n\r\n", 5); - } - to_h1->eos = 1; - status = h2_to_h1_flush(to_h1); - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, to_h1->m->c, - "h2_to_h1(%d): close", to_h1->stream_id); - - status = h2_mplx_in_close(to_h1->m, to_h1->stream_id); - } - return status; -} - - diff --git a/modules/http2/h2_to_h1.h b/modules/http2/h2_to_h1.h deleted file mode 100644 index 74586e2b7e..0000000000 --- a/modules/http2/h2_to_h1.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __mod_h2__h2_to_h1__ -#define __mod_h2__h2_to_h1__ - -struct h2_mplx; -struct h2_task; -typedef struct h2_to_h1 h2_to_h1; - -struct h2_to_h1 { - int stream_id; - apr_pool_t *pool; - h2_mplx *m; - - const char *method; - const char *scheme; - const char *authority; - const char *path; - - int chunked; - int eoh; - int eos; - int flushed; - int seen_host; - - apr_off_t content_len; - apr_off_t remain_len; - apr_table_t *headers; - apr_bucket_brigade *bb; -}; - -/* Create a converter from a HTTP/2 request to a serialzation in - * HTTP/1.1 format. The serialized data will be written onto the - * given h2_mplx instance. - */ -h2_to_h1 *h2_to_h1_create(int stream_id, apr_pool_t *pool, - apr_bucket_alloc_t *bucket_alloc, - const char *method, - const char *scheme, - const char *authority, - const char *path, - struct h2_mplx *m); - -/* Destroy the converter and free resources. */ -void h2_to_h1_destroy(h2_to_h1 *to_h1); - -/* Add a header to the serialization. Only valid to call after start - * and before end_headers. - */ -apr_status_t h2_to_h1_add_header(h2_to_h1 *to_h1, - const char *name, size_t nlen, - const char *value, size_t vlen); - -apr_status_t h2_to_h1_add_headers(h2_to_h1 *to_h1, apr_table_t *headers); - -/** End the request headers. - */ -apr_status_t h2_to_h1_end_headers(h2_to_h1 *to_h1, - struct h2_task *task, int eos); - -/* Add request body data. - */ -apr_status_t h2_to_h1_add_data(h2_to_h1 *to_h1, - const char *data, size_t len); - -/* Flush the converted data onto the h2_mplx instance. - */ -apr_status_t h2_to_h1_flush(h2_to_h1 *to_h1); - -/* Close the request, flushed automatically. - */ -apr_status_t h2_to_h1_close(h2_to_h1 *to_h1); - -#endif /* defined(__mod_h2__h2_to_h1__) */ diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c index 9d141be93b..76ecc27642 100644 --- a/modules/http2/h2_util.c +++ b/modules/http2/h2_util.c @@ -20,10 +20,12 @@ #include #include #include +#include #include #include "h2_private.h" +#include "h2_request.h" #include "h2_util.h" size_t h2_util_hex_dump(char *buffer, size_t maxlen, @@ -204,6 +206,10 @@ const char *h2_util_first_token_match(apr_pool_t *pool, const char *s, return NULL; } +/******************************************************************************* + * h2_util for bucket brigades + ******************************************************************************/ + /* DEEP_COPY==0 crashes under load. I think the setaside is fine, * however buckets moved to another thread will still be * free'd against the old bucket_alloc. *And* if the old @@ -214,7 +220,7 @@ static const int DEEP_COPY = 1; static const int FILE_MOVE = 1; static apr_status_t last_not_included(apr_bucket_brigade *bb, - apr_size_t maxlen, + apr_off_t maxlen, int same_alloc, int *pfile_buckets_allowed, apr_bucket **pend) @@ -223,7 +229,7 @@ static apr_status_t last_not_included(apr_bucket_brigade *bb, apr_status_t status = APR_SUCCESS; int files_allowed = pfile_buckets_allowed? *pfile_buckets_allowed : 0; - if (maxlen > 0) { + if (maxlen >= 0) { /* Find the bucket, up to which we reach maxlen/mem bytes */ for (b = APR_BRIGADE_FIRST(bb); (b != APR_BRIGADE_SENTINEL(bb)); @@ -274,7 +280,7 @@ static apr_status_t last_not_included(apr_bucket_brigade *bb, #define LOG_LEVEL APLOG_INFO apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, - apr_size_t maxlen, int *pfile_handles_allowed, + apr_off_t maxlen, int *pfile_handles_allowed, const char *msg) { apr_status_t status = APR_SUCCESS; @@ -406,7 +412,7 @@ apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, } apr_status_t h2_util_copy(apr_bucket_brigade *to, apr_bucket_brigade *from, - apr_size_t maxlen, const char *msg) + apr_off_t maxlen, const char *msg) { apr_status_t status = APR_SUCCESS; int same_alloc; @@ -482,7 +488,7 @@ int h2_util_has_flush_or_eos(apr_bucket_brigade *bb) { return 0; } -int h2_util_has_eos(apr_bucket_brigade *bb, apr_size_t len) +int h2_util_has_eos(apr_bucket_brigade *bb, apr_off_t len) { apr_bucket *b, *end; @@ -536,7 +542,7 @@ int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb) } apr_status_t h2_util_bb_avail(apr_bucket_brigade *bb, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { apr_status_t status; apr_off_t blen = 0; @@ -549,36 +555,29 @@ apr_status_t h2_util_bb_avail(apr_bucket_brigade *bb, else if (blen == 0) { /* empty brigade, does it have an EOS bucket somwhere? */ *plen = 0; - *peos = h2_util_has_eos(bb, 0); + *peos = h2_util_has_eos(bb, -1); } - else if (blen > 0) { + else { /* data in the brigade, limit the length returned. Check for EOS * bucket only if we indicate data. This is required since plen == 0 * means "the whole brigade" for h2_util_hash_eos() */ - if (blen < (apr_off_t)*plen) { + if (blen < *plen || *plen < 0) { *plen = blen; } - *peos = (*plen > 0)? h2_util_has_eos(bb, *plen) : 0; - } - else if (blen < 0) { - /* famous SHOULD NOT HAPPEN, sinc we told apr_brigade_length to readall - */ - *plen = 0; - *peos = h2_util_has_eos(bb, 0); - return APR_EINVAL; + *peos = h2_util_has_eos(bb, *plen); } return APR_SUCCESS; } apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, h2_util_pass_cb *cb, void *ctx, - apr_size_t *plen, int *peos) + apr_off_t *plen, int *peos) { apr_status_t status = APR_SUCCESS; int consume = (cb != NULL); - apr_size_t written = 0; - apr_size_t avail = *plen; + apr_off_t written = 0; + apr_off_t avail = *plen; apr_bucket *next, *b; /* Pass data in our brigade through the callback until the length @@ -606,8 +605,7 @@ apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, if (b->length == ((apr_size_t)-1)) { /* read to determine length */ - status = apr_bucket_read(b, &data, &data_len, - APR_NONBLOCK_READ); + status = apr_bucket_read(b, &data, &data_len, APR_NONBLOCK_READ); } else { data_len = b->length; @@ -647,3 +645,343 @@ apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, return status; } +void h2_util_bb_log(conn_rec *c, int stream_id, int level, + const char *tag, apr_bucket_brigade *bb) +{ + char buffer[16 * 1024]; + const char *line = "(null)"; + apr_size_t bmax = sizeof(buffer)/sizeof(buffer[0]); + int off = 0; + apr_bucket *b; + + if (bb) { + memset(buffer, 0, bmax--); + for (b = APR_BRIGADE_FIRST(bb); + bmax && (b != APR_BRIGADE_SENTINEL(bb)); + b = APR_BUCKET_NEXT(b)) { + + if (APR_BUCKET_IS_METADATA(b)) { + if (APR_BUCKET_IS_EOS(b)) { + off += apr_snprintf(buffer+off, bmax-off, "eos "); + } + else if (APR_BUCKET_IS_FLUSH(b)) { + off += apr_snprintf(buffer+off, bmax-off, "flush "); + } + else if (AP_BUCKET_IS_EOR(b)) { + off += apr_snprintf(buffer+off, bmax-off, "eor "); + } + else { + off += apr_snprintf(buffer+off, bmax-off, "meta(unknown) "); + } + } + else { + const char *btype = "data"; + if (APR_BUCKET_IS_FILE(b)) { + btype = "file"; + } + else if (APR_BUCKET_IS_PIPE(b)) { + btype = "pipe"; + } + else if (APR_BUCKET_IS_SOCKET(b)) { + btype = "socket"; + } + else if (APR_BUCKET_IS_HEAP(b)) { + btype = "heap"; + } + else if (APR_BUCKET_IS_TRANSIENT(b)) { + btype = "transient"; + } + else if (APR_BUCKET_IS_IMMORTAL(b)) { + btype = "immortal"; + } +#if APR_HAS_MMAP + else if (APR_BUCKET_IS_MMAP(b)) { + btype = "mmap"; + } +#endif + else if (APR_BUCKET_IS_POOL(b)) { + btype = "pool"; + } + + off += apr_snprintf(buffer+off, bmax-off, "%s[%ld] ", + btype, + (long)(b->length == ((apr_size_t)-1)? + -1 : b->length)); + } + } + line = *buffer? buffer : "(empty)"; + } + ap_log_cerror(APLOG_MARK, level, 0, c, "bb_dump(%ld-%d)-%s: %s", + c->id, stream_id, tag, line); + +} + +apr_status_t h2_transfer_brigade(apr_bucket_brigade *to, + apr_bucket_brigade *from, + apr_pool_t *p, + apr_off_t *plen, + int *peos) +{ + apr_bucket *e; + apr_off_t len = 0, remain = *plen; + apr_status_t rv; + + *peos = 0; + + while (!APR_BRIGADE_EMPTY(from)) { + e = APR_BRIGADE_FIRST(from); + + if (APR_BUCKET_IS_METADATA(e)) { + if (APR_BUCKET_IS_EOS(e)) { + *peos = 1; + } + } + else { + if (remain > 0 && e->length == ((apr_size_t)-1)) { + const char *ign; + apr_size_t ilen; + rv = apr_bucket_read(e, &ign, &ilen, APR_BLOCK_READ); + if (rv != APR_SUCCESS) { + return rv; + } + } + + if (remain < e->length) { + if (remain <= 0) { + return APR_SUCCESS; + } + apr_bucket_split(e, remain); + } + } + + rv = apr_bucket_setaside(e, p); + + /* If the bucket type does not implement setaside, then + * (hopefully) morph it into a bucket type which does, and set + * *that* aside... */ + if (rv == APR_ENOTIMPL) { + const char *s; + apr_size_t n; + + rv = apr_bucket_read(e, &s, &n, APR_BLOCK_READ); + if (rv == APR_SUCCESS) { + rv = apr_bucket_setaside(e, p); + } + } + + if (rv != APR_SUCCESS) { + /* Return an error but still save the brigade if + * ->setaside() is really not implemented. */ + if (rv != APR_ENOTIMPL) { + return rv; + } + } + + APR_BUCKET_REMOVE(e); + APR_BRIGADE_INSERT_TAIL(to, e); + len += e->length; + remain -= e->length; + } + + *plen = len; + return APR_SUCCESS; +} + +/******************************************************************************* + * h2_ngheader + ******************************************************************************/ + +int h2_util_ignore_header(const char *name) +{ + /* never forward, ch. 8.1.2.2 */ + return (H2_HD_MATCH_LIT_CS("connection", name) + || H2_HD_MATCH_LIT_CS("proxy-connection", name) + || H2_HD_MATCH_LIT_CS("upgrade", name) + || H2_HD_MATCH_LIT_CS("keep-alive", name) + || H2_HD_MATCH_LIT_CS("transfer-encoding", name)); +} + +static int count_header(void *ctx, const char *key, const char *value) +{ + if (!h2_util_ignore_header(key)) { + (*((size_t*)ctx))++; + } + return 1; +} + +#define NV_ADD_LIT_CS(nv, k, v) add_header(nv, k, sizeof(k) - 1, v, strlen(v)) +#define NV_ADD_CS_CS(nv, k, v) add_header(nv, k, strlen(k), v, strlen(v)) + +static int add_header(h2_ngheader *ngh, + const char *key, size_t key_len, + const char *value, size_t val_len) +{ + nghttp2_nv *nv = &ngh->nv[ngh->nvlen++]; + + nv->name = (uint8_t*)key; + nv->namelen = key_len; + nv->value = (uint8_t*)value; + nv->valuelen = val_len; + return 1; +} + +static int add_table_header(void *ctx, const char *key, const char *value) +{ + if (!h2_util_ignore_header(key)) { + add_header(ctx, key, strlen(key), value, strlen(value)); + } + return 1; +} + + +h2_ngheader *h2_util_ngheader_make(apr_pool_t *p, apr_table_t *header) +{ + h2_ngheader *ngh; + size_t n; + + n = 0; + apr_table_do(count_header, &n, header, NULL); + + ngh = apr_pcalloc(p, sizeof(h2_ngheader)); + ngh->nv = apr_pcalloc(p, n * sizeof(nghttp2_nv)); + apr_table_do(add_table_header, ngh, header, NULL); + + return ngh; +} + +h2_ngheader *h2_util_ngheader_make_res(apr_pool_t *p, + int http_status, + apr_table_t *header) +{ + h2_ngheader *ngh; + size_t n; + + n = 1; + apr_table_do(count_header, &n, header, NULL); + + ngh = apr_pcalloc(p, sizeof(h2_ngheader)); + ngh->nv = apr_pcalloc(p, n * sizeof(nghttp2_nv)); + NV_ADD_LIT_CS(ngh, ":status", apr_psprintf(p, "%d", http_status)); + apr_table_do(add_table_header, ngh, header, NULL); + + return ngh; +} + +h2_ngheader *h2_util_ngheader_make_req(apr_pool_t *p, + const struct h2_request *req) +{ + + h2_ngheader *ngh; + size_t n; + + AP_DEBUG_ASSERT(req); + AP_DEBUG_ASSERT(req->scheme); + AP_DEBUG_ASSERT(req->authority); + AP_DEBUG_ASSERT(req->path); + AP_DEBUG_ASSERT(req->method); + + n = 4; + apr_table_do(count_header, &n, req->headers, NULL); + + ngh = apr_pcalloc(p, sizeof(h2_ngheader)); + ngh->nv = apr_pcalloc(p, n * sizeof(nghttp2_nv)); + NV_ADD_LIT_CS(ngh, ":scheme", req->scheme); + NV_ADD_LIT_CS(ngh, ":authority", req->authority); + NV_ADD_LIT_CS(ngh, ":path", req->path); + NV_ADD_LIT_CS(ngh, ":method", req->method); + apr_table_do(add_table_header, ngh, req->headers, NULL); + + return ngh; +} + +/******************************************************************************* + * header HTTP/1 <-> HTTP/2 conversions + ******************************************************************************/ + + +typedef struct { + const char *name; + size_t len; +} literal; + +#define H2_DEF_LITERAL(n) { (n), (sizeof(n)-1) } +#define H2_ALEN(a) (sizeof(a)/sizeof((a)[0])) +#define H2_LIT_ARGS(a) (a),H2_ALEN(a) + +static literal IgnoredRequestHeaders[] = { + H2_DEF_LITERAL("host"), + H2_DEF_LITERAL("expect"), + H2_DEF_LITERAL("upgrade"), + H2_DEF_LITERAL("connection"), + H2_DEF_LITERAL("keep-alive"), + H2_DEF_LITERAL("http2-settings"), + H2_DEF_LITERAL("proxy-connection"), + H2_DEF_LITERAL("transfer-encoding"), +}; +static literal IgnoredRequestTrailers[] = { /* Ignore, see rfc7230, ch. 4.1.2 */ + H2_DEF_LITERAL("te"), + H2_DEF_LITERAL("host"), + H2_DEF_LITERAL("range"), + H2_DEF_LITERAL("cookie"), + H2_DEF_LITERAL("expect"), + H2_DEF_LITERAL("pragma"), + H2_DEF_LITERAL("max-forwards"), + H2_DEF_LITERAL("cache-control"), + H2_DEF_LITERAL("authorization"), + H2_DEF_LITERAL("content-length"), + H2_DEF_LITERAL("proxy-authorization"), +}; +static literal IgnoredResponseTrailers[] = { + H2_DEF_LITERAL("age"), + H2_DEF_LITERAL("date"), + H2_DEF_LITERAL("vary"), + H2_DEF_LITERAL("cookie"), + H2_DEF_LITERAL("expires"), + H2_DEF_LITERAL("warning"), + H2_DEF_LITERAL("location"), + H2_DEF_LITERAL("retry-after"), + H2_DEF_LITERAL("cache-control"), + H2_DEF_LITERAL("www-authenticate"), + H2_DEF_LITERAL("proxy-authenticate"), +}; + +static int ignore_header(const literal *lits, size_t llen, + const char *name, size_t nlen) +{ + const literal *lit; + int i; + + for (i = 0; i < llen; ++i) { + lit = &lits[i]; + if (lit->len == nlen && !apr_strnatcasecmp(lit->name, name)) { + return 1; + } + } + return 0; +} + +int h2_req_ignore_header(const char *name, size_t len) +{ + return ignore_header(H2_LIT_ARGS(IgnoredRequestHeaders), name, len); +} + +int h2_req_ignore_trailer(const char *name, size_t len) +{ + return (h2_req_ignore_header(name, len) + || ignore_header(H2_LIT_ARGS(IgnoredRequestTrailers), name, len)); +} + +int h2_res_ignore_trailer(const char *name, size_t len) +{ + return ignore_header(H2_LIT_ARGS(IgnoredResponseTrailers), name, len); +} + +void h2_req_strip_ignored_header(apr_table_t *headers) +{ + int i; + for (i = 0; i < H2_ALEN(IgnoredRequestHeaders); ++i) { + apr_table_unset(headers, IgnoredRequestHeaders[i].name); + } +} + + diff --git a/modules/http2/h2_util.h b/modules/http2/h2_util.h index 9a1b5c6d35..8f8be2993e 100644 --- a/modules/http2/h2_util.h +++ b/modules/http2/h2_util.h @@ -16,6 +16,7 @@ #ifndef __mod_h2__h2_util__ #define __mod_h2__h2_util__ +struct h2_request; struct nghttp2_frame; size_t h2_util_hex_dump(char *buffer, size_t maxlen, @@ -29,6 +30,11 @@ char *h2_strlwr(char *s); void h2_util_camel_case_header(char *s, size_t len); +int h2_req_ignore_header(const char *name, size_t len); +int h2_req_ignore_trailer(const char *name, size_t len); +void h2_req_strip_ignored_header(apr_table_t *headers); +int h2_res_ignore_trailer(const char *name, size_t len); + /** * Return != 0 iff the string s contains the token, as specified in * HTTP header syntax, rfc7230. @@ -67,19 +73,33 @@ apr_size_t h2_util_base64url_decode(const char **decoded, nv->value = (uint8_t *)VALUE; \ nv->valuelen = strlen(VALUE) +int h2_util_ignore_header(const char *name); + +typedef struct h2_ngheader { + nghttp2_nv *nv; + apr_size_t nvlen; +} h2_ngheader; + +h2_ngheader *h2_util_ngheader_make(apr_pool_t *p, apr_table_t *header); +h2_ngheader *h2_util_ngheader_make_res(apr_pool_t *p, + int http_status, + apr_table_t *header); +h2_ngheader *h2_util_ngheader_make_req(apr_pool_t *p, + const struct h2_request *req); + /** * Moves data from one brigade into another. If maxlen > 0, it only * moves up to maxlen bytes into the target brigade, making bucket splits * if needed. * @param to the brigade to move the data to * @param from the brigade to get the data from - * @param maxlen of bytes to move, 0 for all + * @param maxlen of bytes to move, <= 0 for all * @param pfile_buckets_allowed how many file buckets may be moved, * may be 0 or NULL * @param msg message for use in logging */ apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, - apr_size_t maxlen, int *pfile_buckets_allowed, + apr_off_t maxlen, int *pfile_buckets_allowed, const char *msg); /** @@ -88,11 +108,11 @@ apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, * if needed. * @param to the brigade to copy the data to * @param from the brigade to get the data from - * @param maxlen of bytes to copy, 0 for all + * @param maxlen of bytes to copy, <= 0 for all * @param msg message for use in logging */ apr_status_t h2_util_copy(apr_bucket_brigade *to, apr_bucket_brigade *from, - apr_size_t maxlen, const char *msg); + apr_off_t maxlen, const char *msg); /** * Return != 0 iff there is a FLUSH or EOS bucket in the brigade. @@ -100,7 +120,7 @@ apr_status_t h2_util_copy(apr_bucket_brigade *to, apr_bucket_brigade *from, * @return != 0 iff brigade holds FLUSH or EOS bucket (or both) */ int h2_util_has_flush_or_eos(apr_bucket_brigade *bb); -int h2_util_has_eos(apr_bucket_brigade *bb, apr_size_t len); +int h2_util_has_eos(apr_bucket_brigade *bb, apr_off_t len); int h2_util_bb_has_data(apr_bucket_brigade *bb); int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb); @@ -112,13 +132,52 @@ int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb); * @param on return, if eos has been reached */ apr_status_t h2_util_bb_avail(apr_bucket_brigade *bb, - apr_size_t *plen, int *peos); + apr_off_t *plen, int *peos); typedef apr_status_t h2_util_pass_cb(void *ctx, - const char *data, apr_size_t len); + const char *data, apr_off_t len); +/** + * Read at most *plen bytes from the brigade and pass them into the + * given callback. If cb is NULL, just return the amount of data that + * could have been read. + * If an EOS was/would be encountered, set *peos != 0. + * @param bb the brigade to read from + * @param cb the callback to invoke for the read data + * @param ctx optional data passed to callback + * @param plen inout, as input gives the maximum number of bytes to read, + * on return specifies the actual/would be number of bytes + * @param peos != 0 iff an EOS bucket was/would be encountered. + */ apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, h2_util_pass_cb *cb, void *ctx, - apr_size_t *plen, int *peos); + apr_off_t *plen, int *peos); + +/** + * Logs the bucket brigade (which bucket types with what length) + * to the log at the given level. + * @param c the connection to log for + * @param stream_id the stream identifier this brigade belongs to + * @param level the log level (as in APLOG_*) + * @param tag a short message text about the context + * @param bb the brigade to log + */ +void h2_util_bb_log(conn_rec *c, int stream_id, int level, + const char *tag, apr_bucket_brigade *bb); + +/** + * Transfer buckets from one brigade to another with a limit on the + * maximum amount of bytes transfered. + * @param to brigade to transfer buckets to + * @param from brigades to remove buckets from + * @param p pool that buckets should be setaside to + * @param plen maximum bytes to transfer, actual bytes transferred + * @param peos if an EOS bucket was transferred + */ +apr_status_t h2_transfer_brigade(apr_bucket_brigade *to, + apr_bucket_brigade *from, + apr_pool_t *p, + apr_off_t *plen, + int *peos); #endif /* defined(__mod_h2__h2_util__) */ diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h index 7a03865c87..98a431b3bf 100644 --- a/modules/http2/h2_version.h +++ b/modules/http2/h2_version.h @@ -20,7 +20,7 @@ * @macro * Version number of the h2 module as c string */ -#define MOD_HTTP2_VERSION "1.0.0" +#define MOD_HTTP2_VERSION "1.0.5-DEV" /** * @macro @@ -28,7 +28,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_HTTP2_VERSION_NUM 0x010000 +#define MOD_HTTP2_VERSION_NUM 0x010005 #endif /* mod_h2_h2_version_h */ diff --git a/modules/http2/h2_worker.c b/modules/http2/h2_worker.c index 8145b7aaa5..b11e8549ff 100644 --- a/modules/http2/h2_worker.c +++ b/modules/http2/h2_worker.c @@ -22,7 +22,9 @@ #include #include "h2_private.h" +#include "h2_conn.h" #include "h2_mplx.h" +#include "h2_request.h" #include "h2_task.h" #include "h2_worker.h" @@ -55,7 +57,7 @@ static void* APR_THREAD_FUNC execute(apr_thread_t *thread, void *wctx) if (worker->task) { h2_task_do(worker->task, worker); worker->task = NULL; - apr_thread_cond_signal(h2_worker_get_cond(worker)); + apr_thread_cond_signal(worker->io); } } @@ -71,6 +73,19 @@ static void* APR_THREAD_FUNC execute(apr_thread_t *thread, void *wctx) return NULL; } +static apr_status_t cleanup_join_thread(void *ctx) +{ + h2_worker *w = ctx; + /* do the join only when the worker is aborted. Otherwise, + * we are probably in a process shutdown. + */ + if (w->thread && w->aborted) { + apr_status_t rv; + apr_thread_join(&rv, w->thread); + } + return APR_SUCCESS; +} + h2_worker *h2_worker_create(int id, apr_pool_t *parent_pool, apr_threadattr_t *attr, @@ -99,7 +114,6 @@ h2_worker *h2_worker_create(int id, w->id = id; w->pool = pool; - w->bucket_alloc = apr_bucket_alloc_create(pool); w->get_next = get_next; w->worker_done = worker_done; @@ -110,7 +124,9 @@ h2_worker *h2_worker_create(int id, return NULL; } - apr_thread_create(&w->thread, attr, execute, w, pool); + apr_pool_pre_cleanup_register(w->pool, w, cleanup_join_thread); + apr_thread_create(&w->thread, attr, execute, w, w->pool); + apr_pool_create(&w->task_pool, w->pool); } return w; } @@ -143,28 +159,42 @@ int h2_worker_is_aborted(h2_worker *worker) return worker->aborted; } -apr_thread_t *h2_worker_get_thread(h2_worker *worker) +h2_task *h2_worker_create_task(h2_worker *worker, h2_mplx *m, + const h2_request *req, int eos) { - return worker->thread; + h2_task *task; + + /* Create a subpool from the worker one to be used for all things + * with life-time of this task execution. + */ + task = h2_task_create(m->id, req, worker->task_pool, m, eos); + /* Link the task to the worker which provides useful things such + * as mutex, a socket etc. */ + task->io = worker->io; + + return task; } -apr_thread_cond_t *h2_worker_get_cond(h2_worker *worker) -{ - return worker->io; +apr_status_t h2_worker_setup_task(h2_worker *worker, h2_task *task) { + apr_status_t status; + + + status = h2_conn_setup(task, apr_bucket_alloc_create(task->pool), + worker->thread, worker->socket); + + return status; } -apr_socket_t *h2_worker_get_socket(h2_worker *worker) +void h2_worker_release_task(h2_worker *worker, struct h2_task *task) { - return worker->socket; + task->io = NULL; + task->pool = NULL; + apr_pool_clear(worker->task_pool); } -apr_pool_t *h2_worker_get_pool(h2_worker *worker) +apr_socket_t *h2_worker_get_socket(h2_worker *worker) { - return worker->pool; + return worker->socket; } -apr_bucket_alloc_t *h2_worker_get_bucket_alloc(h2_worker *worker) -{ - return worker->bucket_alloc; -} diff --git a/modules/http2/h2_worker.h b/modules/http2/h2_worker.h index 9c69e6b57a..035448e5db 100644 --- a/modules/http2/h2_worker.h +++ b/modules/http2/h2_worker.h @@ -18,6 +18,7 @@ struct apr_thread_cond_t; struct h2_mplx; +struct h2_request; struct h2_task; /* h2_worker is a basically a apr_thread_t that reads fromt he h2_workers @@ -44,7 +45,7 @@ struct h2_worker { int id; apr_thread_t *thread; apr_pool_t *pool; - apr_bucket_alloc_t *bucket_alloc; + apr_pool_t *task_pool; struct apr_thread_cond_t *io; apr_socket_t *socket; @@ -142,14 +143,11 @@ int h2_worker_get_id(h2_worker *worker); int h2_worker_is_aborted(h2_worker *worker); -apr_pool_t *h2_worker_get_pool(h2_worker *worker); - -apr_bucket_alloc_t *h2_worker_get_bucket_alloc(h2_worker *worker); +struct h2_task *h2_worker_create_task(h2_worker *worker, struct h2_mplx *m, + const struct h2_request *req, int eos); +apr_status_t h2_worker_setup_task(h2_worker *worker, struct h2_task *task); +void h2_worker_release_task(h2_worker *worker, struct h2_task *task); apr_socket_t *h2_worker_get_socket(h2_worker *worker); -apr_thread_t *h2_worker_get_thread(h2_worker *worker); - -struct apr_thread_cond_t *h2_worker_get_cond(h2_worker *worker); - #endif /* defined(__mod_h2__h2_worker__) */ diff --git a/modules/http2/h2_workers.c b/modules/http2/h2_workers.c index cf3009585b..3c08ff35d1 100644 --- a/modules/http2/h2_workers.c +++ b/modules/http2/h2_workers.c @@ -42,6 +42,22 @@ static int in_list(h2_workers *workers, h2_mplx *m) return 0; } +static void cleanup_zombies(h2_workers *workers, int lock) { + if (lock) { + apr_thread_mutex_lock(workers->lock); + } + while (!H2_WORKER_LIST_EMPTY(&workers->zombies)) { + h2_worker *zombie = H2_WORKER_LIST_FIRST(&workers->zombies); + H2_WORKER_REMOVE(zombie); + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_workers: cleanup zombie %d", zombie->id); + h2_worker_destroy(zombie); + } + if (lock) { + apr_thread_mutex_unlock(workers->lock); + } +} + /** * Get the next task for the given worker. Will block until a task arrives @@ -63,7 +79,7 @@ static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, if (*pm && ptask != NULL) { /* We have a h2_mplx instance and the worker wants the next task. * Try to get one from the given mplx. */ - *ptask = h2_mplx_pop_task(*pm, &has_more); + *ptask = h2_mplx_pop_task(*pm, worker, &has_more); if (*ptask) { return APR_SUCCESS; } @@ -108,7 +124,7 @@ static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, m = H2_MPLX_LIST_FIRST(&workers->mplxs); H2_MPLX_REMOVE(m); - task = h2_mplx_pop_task(m, &has_more); + task = h2_mplx_pop_task(m, worker, &has_more); if (task) { if (has_more) { H2_MPLX_LIST_INSERT_TAIL(&workers->mplxs, m); @@ -123,23 +139,12 @@ static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, if (!task) { /* Need to wait for either a new mplx to arrive. */ + cleanup_zombies(workers, 0); + if (workers->worker_count > workers->min_size) { apr_time_t now = apr_time_now(); if (now >= (start_wait + max_wait)) { /* waited long enough without getting a task. */ - status = APR_TIMEUP; - } - else { - ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, - "h2_worker(%d): waiting signal, " - "worker_count=%d", worker->id, - (int)workers->worker_count); - status = apr_thread_cond_timedwait(workers->mplx_added, - workers->lock, max_wait); - } - - if (status == APR_TIMEUP) { - /* waited long enough */ if (workers->worker_count > workers->min_size) { ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, @@ -148,6 +153,12 @@ static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, break; } } + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_worker(%d): waiting signal, " + "worker_count=%d", worker->id, + (int)workers->worker_count); + apr_thread_cond_timedwait(workers->mplx_added, + workers->lock, max_wait); } else { ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, @@ -163,7 +174,7 @@ static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, * needed to give up with more than enough workers. */ if (task) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, workers->s, + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, "h2_worker(%d): start task(%s)", h2_worker_get_id(worker), task->id); /* Since we hand out a reference to the worker, we increase @@ -194,11 +205,11 @@ static void worker_done(h2_worker *worker, void *ctx) h2_workers *workers = (h2_workers *)ctx; apr_status_t status = apr_thread_mutex_lock(workers->lock); if (status == APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, workers->s, + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, "h2_worker(%d): done", h2_worker_get_id(worker)); H2_WORKER_REMOVE(worker); --workers->worker_count; - h2_worker_destroy(worker); + H2_WORKER_LIST_INSERT_TAIL(&workers->zombies, worker); apr_thread_mutex_unlock(workers->lock); } @@ -213,7 +224,7 @@ static apr_status_t add_worker(h2_workers *workers) if (!w) { return APR_ENOMEM; } - ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, workers->s, + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, "h2_workers: adding worker(%d)", h2_worker_get_id(w)); ++workers->worker_count; H2_WORKER_LIST_INSERT_TAIL(&workers->workers, w); @@ -235,15 +246,22 @@ static apr_status_t h2_workers_start(h2_workers *workers) { return status; } -h2_workers *h2_workers_create(server_rec *s, apr_pool_t *pool, +h2_workers *h2_workers_create(server_rec *s, apr_pool_t *server_pool, int min_size, int max_size) { apr_status_t status; h2_workers *workers; + apr_pool_t *pool; + AP_DEBUG_ASSERT(s); - AP_DEBUG_ASSERT(pool); - status = APR_SUCCESS; + AP_DEBUG_ASSERT(server_pool); + /* let's have our own pool that will be parent to all h2_worker + * instances we create. This happens in various threads, but always + * guarded by our lock. Without this pool, all subpool creations would + * happen on the pool handed to us, which we do not guard. + */ + apr_pool_create(&pool, server_pool); workers = apr_pcalloc(pool, sizeof(h2_workers)); if (workers) { workers->s = s; @@ -255,6 +273,7 @@ h2_workers *h2_workers_create(server_rec *s, apr_pool_t *pool, apr_threadattr_create(&workers->thread_attr, workers->pool); APR_RING_INIT(&workers->workers, h2_worker, link); + APR_RING_INIT(&workers->zombies, h2_worker, link); APR_RING_INIT(&workers->mplxs, h2_mplx, link); status = apr_thread_mutex_create(&workers->lock, @@ -278,6 +297,9 @@ h2_workers *h2_workers_create(server_rec *s, apr_pool_t *pool, void h2_workers_destroy(h2_workers *workers) { + /* before we go, cleanup any zombie workers that may have accumulated */ + cleanup_zombies(workers, 1); + if (workers->mplx_added) { apr_thread_cond_destroy(workers->mplx_added); workers->mplx_added = NULL; @@ -294,13 +316,17 @@ void h2_workers_destroy(h2_workers *workers) h2_worker *w = H2_WORKER_LIST_FIRST(&workers->workers); H2_WORKER_REMOVE(w); } + if (workers->pool) { + apr_pool_destroy(workers->pool); + /* workers is gone */ + } } apr_status_t h2_workers_register(h2_workers *workers, struct h2_mplx *m) { apr_status_t status = apr_thread_mutex_lock(workers->lock); if (status == APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, status, workers->s, + ap_log_error(APLOG_MARK, APLOG_TRACE2, status, workers->s, "h2_workers: register mplx(%ld)", m->id); if (in_list(workers, m)) { status = APR_EAGAIN; @@ -320,6 +346,9 @@ apr_status_t h2_workers_register(h2_workers *workers, struct h2_mplx *m) add_worker(workers); } + /* cleanup any zombie workers that may have accumulated */ + cleanup_zombies(workers, 0); + apr_thread_mutex_unlock(workers->lock); } return status; @@ -334,6 +363,9 @@ apr_status_t h2_workers_unregister(h2_workers *workers, struct h2_mplx *m) H2_MPLX_REMOVE(m); status = APR_SUCCESS; } + /* cleanup any zombie workers that may have accumulated */ + cleanup_zombies(workers, 0); + apr_thread_mutex_unlock(workers->lock); } return status; diff --git a/modules/http2/h2_workers.h b/modules/http2/h2_workers.h index 50fd6b8ad5..99aa1f4daf 100644 --- a/modules/http2/h2_workers.h +++ b/modules/http2/h2_workers.h @@ -42,6 +42,7 @@ struct h2_workers { apr_threadattr_t *thread_attr; APR_RING_HEAD(h2_worker_list, h2_worker) workers; + APR_RING_HEAD(h2_worker_zombies, h2_worker) zombies; APR_RING_HEAD(h2_mplx_list, h2_mplx) mplxs; int worker_count; diff --git a/modules/http2/mod_http2.dsp b/modules/http2/mod_http2.dsp index c3e139e955..12a3abfe98 100644 --- a/modules/http2/mod_http2.dsp +++ b/modules/http2/mod_http2.dsp @@ -105,6 +105,14 @@ SOURCE=./h2_alt_svc.c # End Source File # Begin Source File +SOURCE=./h2_bucket_eoc.c +# End Source File +# Begin Source File + +SOURCE=./h2_bucket_eos.c +# End Source File +# Begin Source File + SOURCE=./h2_config.c # End Source File # Begin Source File @@ -141,6 +149,10 @@ SOURCE=./h2_mplx.c # End Source File # Begin Source File +SOURCE=./h2_push.c +# End Source File +# Begin Source File + SOURCE=./h2_request.c # End Source File # Begin Source File @@ -181,10 +193,6 @@ SOURCE=./h2_task_queue.c # End Source File # Begin Source File -SOURCE=./h2_to_h1.c -# End Source File -# Begin Source File - SOURCE=./h2_util.c # End Source File # Begin Source File -- 2.40.0