Fix ipv6 address format in Host header #28578
Conversation
| using (HttpClientHandler handler = CreateHttpClientHandler()) | ||
| using (var client = new HttpClient(handler)) | ||
| { | ||
| handler.Proxy = new WebProxy(proxyUri); |
There was a problem hiding this comment.
Actually you taught me this. : )
There was a problem hiding this comment.
Heh, ok, at least I'm consistent :)
| [Fact] | ||
| public async Task GetAsync_IPv6AddressInHostHeader_CorrectlyFormatted() | ||
| { | ||
| string host = "[::1234]:8080"; |
There was a problem hiding this comment.
Can you make the test a theory and validate with and without a port?
| @@ -269,7 +269,8 @@ private void ConsumeFromRemainingBuffer(int bytesToConsume) | |||
| else | |||
| { | |||
| Debug.Assert(_pool.UsingProxy); | |||
| await WriteAsciiStringAsync(uri.IdnHost).ConfigureAwait(false); | |||
| await WriteAsciiStringAsync(uri.HostNameType == UriHostNameType.IPv6 ? | |||
| "[" + uri.IdnHost + "]" : uri.IdnHost).ConfigureAwait(false); | |||
There was a problem hiding this comment.
How about using string interpolation instead of string concatenation manually i.e. $"[{uri.IdnHost}]"
There was a problem hiding this comment.
String interpolation would be more expensive here.
There was a problem hiding this comment.
Does string interpolation has significant performance difference than string concatenation. I believe, string interpolation has better readability.
There was a problem hiding this comment.
In this case it'll compile down to a call to string.Concat:
string.Concat("[", uri.IdnHost, "]");which will incur just a single allocation for the destination string, with the data from each constituent string blitted into it. In contrast, the string interpolation would compile down to the equivalent of:
string.Format("[{0}]", new object[] { uri.IdnHost });and would thus incur at least the destination string and an object array allocation, plus the work that has to be done inside of Format, which involves a StringBuilder.
There was a problem hiding this comment.
Another useful note on string.Concat vs. string.Format #8025 (comment) (I want "bookmark favorite comment" feature in GitHub) 
There was a problem hiding this comment.
@stephentoub : Thank you for explaining it with implementation side. @kasper3 : Thank you for commenting with interesting thread.
There was a problem hiding this comment.
Since we're now using uri.Host in the GetConnectionKey path, seems like it would make sense to use it here as well for consistency and to avoid the extra alloc (maybe?).
There was a problem hiding this comment.
I agree, will change and add comment as well.
| public async Task GetAsync_IPv6AddressInHostHeader_CorrectlyFormatted() | ||
| [Theory] | ||
| [InlineData("http://", "[::1234]")] | ||
| [InlineData("http://", "[::1234]:8080")] |
There was a problem hiding this comment.
Nit: the scheme doesn't need to be parameterized
|
I was trying to add test data for |
| [Theory] | ||
| [InlineData("http://", "[::1234]")] | ||
| [InlineData("http://", "[::1234]:8080")] | ||
| public async Task GetAsync_IPv6AddressInHostHeader_CorrectlyFormatted(string scheme, string host) |
There was a problem hiding this comment.
I assume this test fails without your product change? Just checking.
There was a problem hiding this comment.
Without product change:
Assert.Contains() Failure
Not found: Host: [::1234]
In value: List<String> ["GET http://::1234/ HTTP/1.1", "Host: ::1234"]
There was a problem hiding this comment.
Only semi-related, is the Uri we're sending to the proxy correctly formatted, or does it also need [] around the IPv6 address?
There was a problem hiding this comment.
On WinHttpHandler, we will append [] around the IPv6 address.
"GET http://[::1234]/ HTTP/1.1", "Proxy-Connection: Keep-Alive", "Host: [::1234]"
On SocketsHttpHandler, currently we don't:
"GET http://::1234/ HTTP/1.1", "Host: [::1234]"
Per RFC (https://tools.ietf.org/html/rfc3986#section-3.2.2), I think we should do that for the URI we are sending as well.
There was a problem hiding this comment.
I found another issue that for SocketsHttpHandler, the port number is missing in uri sent to the proxy as well.
Opened #28609 to track this.
|
To provide more confidence, by stepping into the code, I can see in |
| @@ -269,7 +269,8 @@ private void ConsumeFromRemainingBuffer(int bytesToConsume) | |||
| else | |||
| { | |||
| Debug.Assert(_pool.UsingProxy); | |||
| await WriteAsciiStringAsync(uri.IdnHost).ConfigureAwait(false); | |||
There was a problem hiding this comment.
What about the if block above? Don't we need to fix that case as well?
There was a problem hiding this comment.
Yes, we need to fix that as well. The fix there is more involved because it needs to happen as part of the construction of the connection key -- basically we should detect that the hostname is an IPv6 address when constructing the key, and construct the hostname using [].
You won't be able to test this using a proxy as you're doing here. But you should at least be able to test against IPv6Loopback. There's already a test for IP address based Uris -- GetAsync_IPBasedUri_Success. Unfortunately it's not validating the Host header. It should be modified to validate the Host header. And it would be nice to add https cases to that test as well.
There was a problem hiding this comment.
Thanks for pointing this out! I will make a fix and add tests to it.
There was a problem hiding this comment.
Fix the above if by changing GetConnectionKey method.
We still need to special case this else statement for Proxy case, because for this case, we pass null as host, thus _pool.HostHeaderValueBytes == null, and here is the only place to append []
That's because those schemes will try to tunnel through your proxy. |
|
New commit explanation: Fix the IPv6 missing |
|
@dotnet-bot test Linux x64 Release Build CI hang. |
| @@ -140,11 +140,12 @@ private static string ParseHostNameFromHeader(string hostHeader) | |||
| private static HttpConnectionKey GetConnectionKey(HttpRequestMessage request, Uri proxyUri, bool isProxyConnect) | |||
| { | |||
| Uri uri = request.RequestUri; | |||
| string host = uri.HostNameType == UriHostNameType.IPv6 ? "[" + uri.IdnHost + "]" : uri.IdnHost; | |||
There was a problem hiding this comment.
This is adding an allocation for every request using an IPv6 address as a host name. Is that necessary? Since the resulting HttpConnectionKey is used to choose the pool to use, can't this be cached on the pool instead? And if not, can we skip doing this if proxyUri == null?
There was a problem hiding this comment.
can't this be cached on the pool instead?
I think it's possible. I didn't do that in the first place, because we will need a helper logic to determine if the address we passed in is IPv6 or not (we pass in string, not uri), and I thought the helper logic could result in additional allocation. I will try to explore this option, if not able to come up with efficient way, we may need to try the second appraoch -> skip doing this if proxyUri == null.
There was a problem hiding this comment.
IPv6 host names are unusual, saving a few extra allocations for them is not a high priority.
|
@stephentoub Do you think this change will result in smaller allocation? |
| @@ -117,12 +117,15 @@ public HttpConnectionPool(HttpConnectionPoolManager poolManager, HttpConnectionK | |||
|
|
|||
| if (_host != null) | |||
| { | |||
| bool isHostTypeIPv6 = _host.Split(':').Length - 1 > 1; | |||
There was a problem hiding this comment.
Should it be just _host.Contains(':')? Why does it check for 2+ :?
There was a problem hiding this comment.
A valid IPv6 address contains at least two :, so I check it for two times.
There was a problem hiding this comment.
Split allocates unnecessarily - even if just per ConnectionPool, what about using IndexOf on the string twice?
There was a problem hiding this comment.
if it's performance critical, then I think more efficient way is:
var count = 0;
var isHostTypeIPv6 = false;
foreach (char c in _host)
{
if (c == ':' && ++count > 1)
{
isHostTypeIPv6 = true;
break;
}
}There was a problem hiding this comment.
Consider host is not a long string, IndexOf can make the code cleaner.
| from useSsl in new[] { true, false } | ||
| select new object[] { address, useSsl }; | ||
|
|
||
| [OuterLoop] |
There was a problem hiding this comment.
Add to outerloop since the execution for this test is long, will cause Linux catastrophic failure in innerloop run.
There was a problem hiding this comment.
Why is the text execution long?
Why does it cause catastrophic failure on Linux?
This seems like a straightforward test, what am I missing?
There was a problem hiding this comment.
The Linux catastrophic failure confused me a lot as well. Here is my observation:
- Before adding this test, the CI is green.
- After I added the test, it will consistently (every time ) cause catastrophic failure on Centos, Fedora, RedHat, and Ubuntu 1804, while passing on other distros. No matter I put it in innerloop/outerloop.
- After I disable the test on CurlHandler, no catastrophic failure with
System.Net.Http. (There is one withSystem.Runtime.Extensions.Tests, I think it's totally unrelated).
Why is the text execution long?
That's my guess. The execution log didn't show any test failure. So I doubt the execution failed is because of hang, then timeout.
Why does it cause catastrophic failure on Linux?
The test consistently cause catastrophic failure on Centos, Fedora, RedHat, and Ubuntu 1804, while passing on other distros. I think it could be (very likely) different CurlHandler version causing the issue. (Since Windows run is green every time).
To summary: I think it's a strange issue with CurlHandler causing the catastrophic failure. To unblock the PR, I will open a new issue to tract this, and disable the test against CurlHandler.
| @@ -117,12 +117,16 @@ public HttpConnectionPool(HttpConnectionPoolManager poolManager, HttpConnectionK | |||
|
|
|||
| if (_host != null) | |||
| { | |||
| int posColon = -1; | |||
| bool isHostTypeIPv6 = (-1 != (posColon = _host.IndexOf(':')) && -1 != (posColon = _host.IndexOf(':', posColon))); | |||
There was a problem hiding this comment.
Isn't the second _host.IndexOf always going to succeed, because you're passing in posColon rather than posColon+1? Seems like we need some more tests, too, to catch this kind of thing.
Is it true that every IPv6 address contains at least two colons, and that if an address contains two colons it must be an IPv6 address? If so, with the aforementioned change, the logic seems fine.
If it's not true, a better approach might be to augment the HttpConnectionPool ctor to accept a "Uri exemplarUri", then at the ctor call site pass in the request.Uri, and here use Uri.HostNameType instead of doing this check manually.
There was a problem hiding this comment.
Yes, every ipv6 contains at least two colons and nothing else does.
There was a problem hiding this comment.
Ok, then with the index fix, this looks good, e.g.
bool isHostTypeIPv6 = (posColon = _host.IndexOf(':')) != -1 && _host.IndexOf(':', posColon+1) != -1;
|
The new test I added: I will disable the test against Linux, to see if this is the issue. |
|
@dotnet-bot test Outerloop Windows x64 Debug Build |
| int posColon = -1; | ||
| bool isHostTypeIPv6 = (posColon = _host.IndexOf(':')) != -1 && _host.IndexOf(':', posColon+1) != -1; | ||
| string hostAddress = isHostTypeIPv6 ? "[" + _host + "]" : _host; | ||
|
|
There was a problem hiding this comment.
Can we just use Uri.CheckHostName here?
There was a problem hiding this comment.
Alternatively, can we just go back to checking for HostNameType == IPv6 in GetConnectionKey, but use uri.Host instead of uri.IdnHost in that case? I think that will return the address with [], right?
I'm kinda queasy about doing our own parsing here. Uri does all sorts of stuff for us already, let's just use it if possible instead of trying to duplicate the logic ourselves.
There was a problem hiding this comment.
I will also point out that retrieving parts of the Uri (e.g. hostname) is already a bit of a perf bottleneck. Uri.IdnHost is allocating a string. I believe we also end up allocating later when we retrieve path/query etc.
We should look at optimizing this better, but not for 2.1.
In the meantime let's just do something simple and correct, and we can optimize interaction with Uri in the future.
There was a problem hiding this comment.
can we just go back to checking for HostNameType == IPv6 in GetConnectionKey, but use uri.Host instead of uri.IdnHost in that case?
WinHttp clearly documented that it will only accept Punycode host name. Changing to uri.Host may bring regression for SocketsHttpHandler, and I think that's risky for 2.1.
I think that will return the address with [], right?
Yes, uri.Host will return the address with [].
I'm kinda queasy about doing our own parsing here.
I will change to Uri.CheckHostName.
There was a problem hiding this comment.
WinHttp clearly documented that it will only accept Punycode host name. Changing to uri.Host may bring regression for SocketsHttpHandler, and I think that's risky for 2.1.
I'm not suggesting we change it in all cases. Obviously that would break Punycode handling. Just in the case where it's an IP address.
There was a problem hiding this comment.
I think that should work. I will push a new commit.
|
|
||
| if (isProxyConnect) | ||
| { | ||
| Debug.Assert(uri == proxyUri); | ||
| return new HttpConnectionKey(HttpConnectionKind.ProxyConnect, uri.IdnHost, uri.Port, null, proxyUri); | ||
| return new HttpConnectionKey(HttpConnectionKind.ProxyConnect, isIPv6Address ? uri.Host: uri.IdnHost, uri.Port, null, proxyUri); |
There was a problem hiding this comment.
Nit: space before colon in conditional expression, here and below
There was a problem hiding this comment.
Oops T.T, will fix.
| @@ -140,11 +140,12 @@ private static string ParseHostNameFromHeader(string hostHeader) | |||
| private static HttpConnectionKey GetConnectionKey(HttpRequestMessage request, Uri proxyUri, bool isProxyConnect) | |||
| { | |||
| Uri uri = request.RequestUri; | |||
| bool isIPv6Address = uri.HostNameType == UriHostNameType.IPv6; | |||
There was a problem hiding this comment.
We should add a comment here, something like:
// If the hostname is an IPv6 address, uri.IdnHost will return the address without enclosing [].
// In this case, use uri.Host instead, which will correctly enclose with [].
// Note we don't need punycode encoding if it's an IP address, so using uri.Host is fine.
| { | ||
| if (useSsl) | ||
| { | ||
| handler.ServerCertificateCustomValidationCallback = delegate { return true; }; |
There was a problem hiding this comment.
You mentioned in a separate issue that you were seeing this test hang with CurlHandler on some OSes. Have you tried using HttpClientHandler.DangerousAcceptAnyServerCertificateValidator here instead of delegate { return true; }?
There was a problem hiding this comment.
No I didn't. I will try it and enable the test to see if this can resolve the hang.
| if (useSsl) | ||
| { | ||
| handler.ServerCertificateCustomValidationCallback = delegate { return true; }; | ||
| handler.ClientCertificateOptions = ClientCertificateOption.Automatic; |
There was a problem hiding this comment.
Why is this setting of ClientCertificateOptions needed?
|
Changing to @dotnet-bot test NETFX x86 Release Build |
| handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; | ||
| handler.ServerCertificateCustomValidationCallback = | ||
| #if netcoreapp | ||
| HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; |
|
Unrelated failure. @dotnet-bot test Linux x64 Release Build |
ghost
mentioned this pull request
* fix ipv6 format in host header * address feedback * address feedback * fix common case * reduce allocation * address feedback * fix indexof issue * disable on curlhandler * revert to simple fix * address feedback and add comment * address test issue, enable on curlhandler * fix framework failure * address feedback Commit migrated from dotnet/corefx@24889e2
Per discussion in #28557. If this change looks ok, I will fix the WinHttp as well.
Fix: #28557 (moved to dotnet/runtime#25661)