-
Notifications
You must be signed in to change notification settings - Fork 4.8k
/
codec_impl.cc
1644 lines (1426 loc) · 67 KB
/
codec_impl.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#include "source/common/http/http1/codec_impl.h"
#include <cstdint>
#include <memory>
#include <string>
#include "envoy/buffer/buffer.h"
#include "envoy/common/optref.h"
#include "envoy/http/codec.h"
#include "envoy/http/header_map.h"
#include "envoy/network/connection.h"
#include "source/common/common/cleanup.h"
#include "source/common/common/dump_state_utils.h"
#include "source/common/common/enum_to_int.h"
#include "source/common/common/scope_tracker.h"
#include "source/common/common/statusor.h"
#include "source/common/common/utility.h"
#include "source/common/grpc/common.h"
#include "source/common/http/exception.h"
#include "source/common/http/header_utility.h"
#include "source/common/http/headers.h"
#include "source/common/http/http1/balsa_parser.h"
#include "source/common/http/http1/header_formatter.h"
#include "source/common/http/http1/legacy_parser_impl.h"
#include "source/common/http/utility.h"
#include "source/common/runtime/runtime_features.h"
#include "absl/container/fixed_array.h"
#include "absl/strings/ascii.h"
namespace Envoy {
namespace Http {
namespace Http1 {
namespace {
// Changes or additions to details should be reflected in
// docs/root/configuration/http/http_conn_man/response_code_details.rst
struct Http1ResponseCodeDetailValues {
const absl::string_view TooManyHeaders = "http1.too_many_headers";
const absl::string_view HeadersTooLarge = "http1.headers_too_large";
const absl::string_view HttpCodecError = "http1.codec_error";
const absl::string_view InvalidCharacters = "http1.invalid_characters";
const absl::string_view ConnectionHeaderSanitization = "http1.connection_header_rejected";
const absl::string_view InvalidUrl = "http1.invalid_url";
const absl::string_view InvalidTransferEncoding = "http1.invalid_transfer_encoding";
const absl::string_view BodyDisallowed = "http1.body_disallowed";
const absl::string_view TransferEncodingNotAllowed = "http1.transfer_encoding_not_allowed";
const absl::string_view ContentLengthNotAllowed = "http1.content_length_not_allowed";
const absl::string_view InvalidUnderscore = "http1.unexpected_underscore";
const absl::string_view ChunkedContentLength = "http1.content_length_and_chunked_not_allowed";
const absl::string_view HttpsInPlaintext = "http1.https_url_on_plaintext_connection";
const absl::string_view InvalidScheme = "http1.invalid_scheme";
};
struct Http1HeaderTypesValues {
const absl::string_view Headers = "headers";
const absl::string_view Trailers = "trailers";
};
// Pipelining is generally not well supported on the internet and has a series of dangerous
// overflow bugs. As such Envoy disabled it.
static constexpr uint32_t kMaxOutboundResponses = 2;
using Http1ResponseCodeDetails = ConstSingleton<Http1ResponseCodeDetailValues>;
using Http1HeaderTypes = ConstSingleton<Http1HeaderTypesValues>;
const StringUtil::CaseUnorderedSet& caseUnorderdSetContainingUpgradeAndHttp2Settings() {
CONSTRUCT_ON_FIRST_USE(StringUtil::CaseUnorderedSet,
Http::Headers::get().ConnectionValues.Upgrade,
Http::Headers::get().ConnectionValues.Http2Settings);
}
HeaderKeyFormatterConstPtr encodeOnlyFormatterFromSettings(const Http::Http1Settings& settings) {
if (settings.header_key_format_ == Http1Settings::HeaderKeyFormat::ProperCase) {
return std::make_unique<ProperCaseHeaderKeyFormatter>();
}
return nullptr;
}
StatefulHeaderKeyFormatterPtr statefulFormatterFromSettings(const Http::Http1Settings& settings) {
if (settings.header_key_format_ == Http1Settings::HeaderKeyFormat::StatefulFormatter) {
return settings.stateful_header_key_formatter_->create();
}
return nullptr;
}
constexpr size_t CRLF_SIZE = 2;
} // namespace
static constexpr absl::string_view CRLF = "\r\n";
// Last chunk as defined here https://tools.ietf.org/html/rfc7230#section-4.1
static constexpr absl::string_view LAST_CHUNK = "0\r\n";
static constexpr absl::string_view SPACE = " ";
static constexpr absl::string_view COLON_SPACE = ": ";
StreamEncoderImpl::StreamEncoderImpl(ConnectionImpl& connection,
StreamInfo::BytesMeterSharedPtr&& bytes_meter)
: connection_(connection), disable_chunk_encoding_(false), chunk_encoding_(true),
connect_request_(false), is_tcp_tunneling_(false), is_response_to_head_request_(false),
is_response_to_connect_request_(false), bytes_meter_(std::move(bytes_meter)) {
if (!bytes_meter_) {
bytes_meter_ = std::make_shared<StreamInfo::BytesMeter>();
}
if (connection_.connection().aboveHighWatermark()) {
runHighWatermarkCallbacks();
}
}
void StreamEncoderImpl::encodeHeader(absl::string_view key, absl::string_view value) {
ASSERT(!key.empty());
const uint64_t header_size = connection_.buffer().addFragments({key, COLON_SPACE, value, CRLF});
bytes_meter_->addHeaderBytesSent(header_size);
}
void StreamEncoderImpl::encodeFormattedHeader(absl::string_view key, absl::string_view value,
HeaderKeyFormatterOptConstRef formatter) {
if (formatter.has_value()) {
encodeHeader(formatter->format(key), value);
} else {
encodeHeader(key, value);
}
}
void ResponseEncoderImpl::encode1xxHeaders(const ResponseHeaderMap& headers) {
ASSERT(HeaderUtility::isSpecial1xx(headers));
encodeHeaders(headers, false);
// Don't consider 100-continue responses as the actual response.
started_response_ = false;
}
void StreamEncoderImpl::encodeHeadersBase(const RequestOrResponseHeaderMap& headers,
absl::optional<uint64_t> status, bool end_stream,
bool bodiless_request) {
HeaderKeyFormatterOptConstRef formatter(headers.formatter());
if (!formatter.has_value()) {
formatter = connection_.formatter();
}
const Http::HeaderValues& header_values = Http::Headers::get();
bool saw_content_length = false;
headers.iterate(
[this, &header_values, formatter](const HeaderEntry& header) -> HeaderMap::Iterate {
absl::string_view key_to_use = header.key().getStringView();
uint32_t key_size_to_use = header.key().size();
// Translate :authority -> host so that upper layers do not need to deal with this.
if (key_size_to_use > 1 && key_to_use[0] == ':' && key_to_use[1] == 'a') {
key_to_use = absl::string_view(header_values.HostLegacy.get());
key_size_to_use = header_values.HostLegacy.get().size();
}
// Skip all headers starting with ':' that make it here.
if (key_to_use[0] == ':') {
return HeaderMap::Iterate::Continue;
}
encodeFormattedHeader(key_to_use, header.value().getStringView(), formatter);
return HeaderMap::Iterate::Continue;
});
if (headers.ContentLength()) {
saw_content_length = true;
}
ASSERT(!headers.TransferEncoding());
// Assume we are chunk encoding unless we are passed a content length or this is a header only
// response. Upper layers generally should strip transfer-encoding since it only applies to
// HTTP/1.1. The codec will infer it based on the type of response.
// for streaming (e.g. SSE stream sent to hystrix dashboard), we do not want
// chunk transfer encoding but we don't have a content-length so disable_chunk_encoding_ is
// consulted before enabling chunk encoding.
//
// Note that for HEAD requests Envoy does best-effort guessing when there is no
// content-length. If a client makes a HEAD request for an upstream resource
// with no bytes but the upstream response doesn't include "Content-length: 0",
// Envoy will incorrectly assume a subsequent response to GET will be chunk encoded.
if (saw_content_length || disable_chunk_encoding_) {
chunk_encoding_ = false;
} else {
if (status && (*status < 200 || *status == 204)) {
// For 1xx and 204 responses, do not send the chunked encoding header or enable chunked
// encoding: https://tools.ietf.org/html/rfc7230#section-3.3.1
chunk_encoding_ = false;
} else if (status && *status == 304) {
// For 304 response, since it should never have a body, we should not need to chunk_encode at
// all.
chunk_encoding_ = false;
} else if (end_stream && !is_response_to_head_request_) {
// If this is a headers-only stream, append an explicit "Content-Length: 0" unless it's a
// response to a HEAD request.
// For 204s and 1xx where content length is disallowed, don't append the content length but
// also don't chunk encode.
// Also do not add content length for requests which should not have a
// body, per https://tools.ietf.org/html/rfc7230#section-3.3.2
if (!status || (*status >= 200 && *status != 204)) {
if (!bodiless_request) {
encodeFormattedHeader(header_values.ContentLength.get(), "0", formatter);
}
}
chunk_encoding_ = false;
} else if (connection_.protocol() == Protocol::Http10) {
chunk_encoding_ = false;
} else {
// For responses to connect requests, do not send the chunked encoding header:
// https://tools.ietf.org/html/rfc7231#section-4.3.6.
if (!is_response_to_connect_request_) {
encodeFormattedHeader(header_values.TransferEncoding.get(),
header_values.TransferEncodingValues.Chunked, formatter);
}
// We do not apply chunk encoding for HTTP upgrades, including CONNECT style upgrades.
// If there is a body in a response on the upgrade path, the chunks will be
// passed through via maybeDirectDispatch so we need to avoid appending
// extra chunk boundaries.
//
// When sending a response to a HEAD request Envoy may send an informational
// "Transfer-Encoding: chunked" header, but should not send a chunk encoded body.
chunk_encoding_ = !Utility::isUpgrade(headers) && !is_response_to_head_request_ &&
!is_response_to_connect_request_;
}
}
connection_.buffer().add(CRLF);
if (end_stream) {
endEncode();
} else {
flushOutput();
}
}
void StreamEncoderImpl::encodeData(Buffer::Instance& data, bool end_stream) {
// end_stream may be indicated with a zero length data buffer. If that is the case, so not
// actually write the zero length buffer out.
if (data.length() > 0) {
if (chunk_encoding_) {
std::string chunk_header = absl::StrCat(absl::Hex(data.length()), CRLF);
connection_.buffer().add(std::move(chunk_header));
}
connection_.buffer().move(data);
if (chunk_encoding_) {
connection_.buffer().add(CRLF);
}
}
if (end_stream) {
endEncode();
} else {
flushOutput();
}
}
void StreamEncoderImpl::flushOutput(bool end_encode) {
auto encoded_bytes = connection_.flushOutput(end_encode);
bytes_meter_->addWireBytesSent(encoded_bytes);
}
void StreamEncoderImpl::encodeTrailersBase(const HeaderMap& trailers) {
if (!connection_.enableTrailers()) {
return endEncode();
}
// Trailers only matter if it is a chunk transfer encoding
// https://tools.ietf.org/html/rfc7230#section-4.4
if (chunk_encoding_) {
// Finalize the body
connection_.buffer().add(LAST_CHUNK);
// TODO(mattklein123): Wire up the formatter if someone actually asks for this (very unlikely).
trailers.iterate([this](const HeaderEntry& header) -> HeaderMap::Iterate {
encodeFormattedHeader(header.key().getStringView(), header.value().getStringView(),
HeaderKeyFormatterOptConstRef());
return HeaderMap::Iterate::Continue;
});
connection_.buffer().add(CRLF);
}
flushOutput();
notifyEncodeComplete();
}
void StreamEncoderImpl::encodeMetadata(const MetadataMapVector&) {
connection_.stats().metadata_not_supported_error_.inc();
}
void StreamEncoderImpl::endEncode() {
if (chunk_encoding_) {
connection_.buffer().addFragments({LAST_CHUNK, CRLF});
}
flushOutput(true);
notifyEncodeComplete();
// With CONNECT or TCP tunneling, half-closing the connection is used to signal end stream so
// don't delay that signal.
if (connect_request_ || is_tcp_tunneling_) {
connection_.connection().close(
Network::ConnectionCloseType::FlushWrite,
StreamInfo::LocalCloseReasons::get().CloseForConnectRequestOrTcpTunneling);
}
}
void StreamEncoderImpl::notifyEncodeComplete() {
if (codec_callbacks_) {
codec_callbacks_->onCodecEncodeComplete();
}
connection_.onEncodeComplete();
}
void ServerConnectionImpl::maybeAddSentinelBufferFragment(Buffer::Instance& output_buffer) {
// It's messy and complicated to try to tag the final write of an HTTP response for response
// tracking for flood protection. Instead, write an empty buffer fragment after the response,
// to allow for tracking.
// When the response is written out, the fragment will be deleted and the counter will be updated
// by ServerConnectionImpl::releaseOutboundResponse()
auto fragment =
Buffer::OwnedBufferFragmentImpl::create(absl::string_view("", 0), response_buffer_releasor_);
output_buffer.addBufferFragment(*fragment.release());
ASSERT(outbound_responses_ < kMaxOutboundResponses);
outbound_responses_++;
}
Status ServerConnectionImpl::doFloodProtectionChecks() const {
ASSERT(dispatching_);
// Before processing another request, make sure that we are below the response flood protection
// threshold.
if (outbound_responses_ >= kMaxOutboundResponses) {
ENVOY_CONN_LOG(trace, "error accepting request: too many pending responses queued",
connection_);
stats_.response_flood_.inc();
return bufferFloodError("Too many responses queued.");
}
return okStatus();
}
uint64_t ConnectionImpl::flushOutput(bool end_encode) {
if (end_encode) {
// If this is an HTTP response in ServerConnectionImpl, track outbound responses for flood
// protection
maybeAddSentinelBufferFragment(*output_buffer_);
}
const uint64_t bytes_encoded = output_buffer_->length();
connection().write(*output_buffer_, false);
ASSERT(0UL == output_buffer_->length());
return bytes_encoded;
}
CodecEventCallbacks*
StreamEncoderImpl::registerCodecEventCallbacks(CodecEventCallbacks* codec_callbacks) {
std::swap(codec_callbacks, codec_callbacks_);
return codec_callbacks;
}
void StreamEncoderImpl::resetStream(StreamResetReason reason) {
connection_.onResetStreamBase(reason);
}
void ResponseEncoderImpl::resetStream(StreamResetReason reason) {
// Clear the downstream on the account since we're resetting the downstream.
if (buffer_memory_account_) {
buffer_memory_account_->clearDownstream();
}
// For H1, we use idleTimeouts to cancel streams unless there was an
// explicit protocol error prior to sending a response to the downstream
// in which case we send a local reply.
// TODO(kbaichoo): If we want snappier resets of H1 streams we can
// 1) Send local reply if no response data sent yet
// 2) Invoke the idle timeout sooner to close underlying connection
StreamEncoderImpl::resetStream(reason);
}
void StreamEncoderImpl::readDisable(bool disable) {
if (disable) {
++read_disable_calls_;
} else {
ASSERT(read_disable_calls_ != 0);
if (read_disable_calls_ != 0) {
--read_disable_calls_;
}
}
connection_.readDisable(disable);
}
uint32_t StreamEncoderImpl::bufferLimit() const { return connection_.bufferLimit(); }
const Network::ConnectionInfoProvider& StreamEncoderImpl::connectionInfoProvider() {
return connection_.connection().connectionInfoProvider();
}
static constexpr absl::string_view RESPONSE_PREFIX = "HTTP/1.1 ";
static constexpr absl::string_view HTTP_10_RESPONSE_PREFIX = "HTTP/1.0 ";
void ResponseEncoderImpl::encodeHeaders(const ResponseHeaderMap& headers, bool end_stream) {
started_response_ = true;
// The contract is that client codecs must ensure that :status is present and valid.
ASSERT(headers.Status() != nullptr);
uint64_t numeric_status = Utility::getResponseStatus(headers);
absl::string_view response_prefix;
if (connection_.protocol() == Protocol::Http10 && connection_.supportsHttp10()) {
response_prefix = HTTP_10_RESPONSE_PREFIX;
} else {
response_prefix = RESPONSE_PREFIX;
}
StatefulHeaderKeyFormatterOptConstRef formatter(headers.formatter());
absl::string_view reason_phrase;
if (formatter.has_value() && !formatter->getReasonPhrase().empty()) {
reason_phrase = formatter->getReasonPhrase();
} else {
const char* status_string = CodeUtility::toString(static_cast<Code>(numeric_status));
uint32_t status_string_len = strlen(status_string);
reason_phrase = {status_string, status_string_len};
}
connection_.buffer().addFragments(
{response_prefix, absl::StrCat(numeric_status), SPACE, reason_phrase, CRLF});
if (numeric_status >= 300) {
// Don't do special CONNECT logic if the CONNECT was rejected.
is_response_to_connect_request_ = false;
}
encodeHeadersBase(headers, absl::make_optional<uint64_t>(numeric_status), end_stream, false);
}
static constexpr absl::string_view REQUEST_POSTFIX = " HTTP/1.1\r\n";
Status RequestEncoderImpl::encodeHeaders(const RequestHeaderMap& headers, bool end_stream) {
#ifndef ENVOY_ENABLE_UHV
// Headers are now validated by UHV before encoding by the codec. Two checks below are not needed
// when UHV is enabled.
//
// Required headers must be present. This can only happen by some erroneous processing after the
// downstream codecs decode.
RETURN_IF_ERROR(HeaderUtility::checkRequiredRequestHeaders(headers));
// Verify that a filter hasn't added an invalid header key or value.
RETURN_IF_ERROR(HeaderUtility::checkValidRequestHeaders(headers));
#endif
const HeaderEntry* method = headers.Method();
const HeaderEntry* path = headers.Path();
const HeaderEntry* host = headers.Host();
bool is_connect = HeaderUtility::isConnect(headers);
const Http::HeaderValues& header_values = Http::Headers::get();
if (method->value() == header_values.MethodValues.Head) {
head_request_ = true;
} else if (method->value() == header_values.MethodValues.Connect) {
disableChunkEncoding();
connection_.connection().enableHalfClose(true);
connect_request_ = true;
}
if (Utility::isUpgrade(headers)) {
upgrade_request_ = true;
// If the flag is flipped from true to false all outstanding upgrade requests that are waiting
// for upstream connections will become invalid, as Envoy will add chunk encoding to the
// protocol stream. This will likely cause the server to disconnect, since it will be unable to
// parse the protocol.
disableChunkEncoding();
}
if (connection_.sendFullyQualifiedUrl() && !is_connect) {
const HeaderEntry* scheme = headers.Scheme();
if (!scheme) {
return absl::InvalidArgumentError(
absl::StrCat("missing required header: ", Envoy::Http::Headers::get().Scheme.get()));
}
if (!host) {
return absl::InvalidArgumentError(
absl::StrCat("missing required header: ", Envoy::Http::Headers::get().Host.get()));
}
ASSERT(path);
ASSERT(host);
std::string url = absl::StrCat(scheme->value().getStringView(), "://",
host->value().getStringView(), path->value().getStringView());
ENVOY_CONN_LOG(trace, "Sending fully qualified URL: {}", connection_.connection(), url);
connection_.buffer().addFragments(
{method->value().getStringView(), SPACE, url, REQUEST_POSTFIX});
} else {
absl::string_view host_or_path_view;
if (is_connect) {
host_or_path_view = host->value().getStringView();
} else {
host_or_path_view = path->value().getStringView();
}
connection_.buffer().addFragments(
{method->value().getStringView(), SPACE, host_or_path_view, REQUEST_POSTFIX});
}
encodeHeadersBase(headers, absl::nullopt, end_stream,
HeaderUtility::requestShouldHaveNoBody(headers));
return okStatus();
}
CallbackResult ConnectionImpl::setAndCheckCallbackStatus(Status&& status) {
ASSERT(codec_status_.ok());
codec_status_ = std::move(status);
return codec_status_.ok() ? CallbackResult::Success : CallbackResult::Error;
}
CallbackResult
ConnectionImpl::setAndCheckCallbackStatusOr(Envoy::StatusOr<CallbackResult>&& statusor) {
ASSERT(codec_status_.ok());
if (statusor.ok()) {
return statusor.value();
} else {
codec_status_ = std::move(statusor.status());
return CallbackResult::Error;
}
}
ConnectionImpl::ConnectionImpl(Network::Connection& connection, CodecStats& stats,
const Http1Settings& settings, MessageType type,
uint32_t max_headers_kb, const uint32_t max_headers_count)
: connection_(connection), stats_(stats), codec_settings_(settings),
encode_only_header_key_formatter_(encodeOnlyFormatterFromSettings(settings)),
processing_trailers_(false), handling_upgrade_(false), reset_stream_called_(false),
deferred_end_stream_headers_(false), dispatching_(false), max_headers_kb_(max_headers_kb),
max_headers_count_(max_headers_count) {
if (codec_settings_.use_balsa_parser_) {
parser_ = std::make_unique<BalsaParser>(type, this, max_headers_kb_ * 1024, enableTrailers(),
codec_settings_.allow_custom_methods_);
} else {
parser_ = std::make_unique<LegacyHttpParserImpl>(type, this);
}
}
Status ConnectionImpl::completeCurrentHeader() {
ASSERT(dispatching_);
ENVOY_CONN_LOG(trace, "completed header: key={} value={}", connection_,
current_header_field_.getStringView(), current_header_value_.getStringView());
auto& headers_or_trailers = headersOrTrailers();
// Account for ":" and "\r\n" bytes between the header key value pair.
getBytesMeter().addHeaderBytesReceived(CRLF_SIZE + 1);
// TODO(10646): Switch to use HeaderUtility::checkHeaderNameForUnderscores().
RETURN_IF_ERROR(checkHeaderNameForUnderscores());
if (!current_header_field_.empty()) {
// Strip trailing whitespace of the current header value if any. Leading whitespace was trimmed
// in ConnectionImpl::onHeaderValue. http_parser does not strip leading or trailing whitespace
// as the spec requires: https://tools.ietf.org/html/rfc7230#section-3.2.4
current_header_value_.rtrim();
// If there is a stateful formatter installed, remember the original header key before
// converting to lower case.
auto formatter = headers_or_trailers.formatter();
if (formatter.has_value()) {
formatter->processKey(current_header_field_.getStringView());
}
current_header_field_.inlineTransform([](char c) { return absl::ascii_tolower(c); });
headers_or_trailers.addViaMove(std::move(current_header_field_),
std::move(current_header_value_));
}
// Check if the number of headers exceeds the limit.
if (headers_or_trailers.size() > max_headers_count_) {
error_code_ = Http::Code::RequestHeaderFieldsTooLarge;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().TooManyHeaders));
const absl::string_view header_type =
processing_trailers_ ? Http1HeaderTypes::get().Trailers : Http1HeaderTypes::get().Headers;
return codecProtocolError(
absl::StrCat("http/1.1 protocol error: ", header_type, " count exceeds limit"));
}
header_parsing_state_ = HeaderParsingState::Field;
ASSERT(current_header_field_.empty());
ASSERT(current_header_value_.empty());
return okStatus();
}
Status ConnectionImpl::onMessageBeginImpl() {
ENVOY_CONN_LOG(trace, "message begin", connection_);
// Make sure that if HTTP/1.0 and HTTP/1.1 requests share a connection Envoy correctly sets
// protocol for each request. Envoy defaults to 1.1 but sets the protocol to 1.0 where applicable
// in onHeadersCompleteBase
protocol_ = Protocol::Http11;
processing_trailers_ = false;
header_parsing_state_ = HeaderParsingState::Field;
allocHeaders(statefulFormatterFromSettings(codec_settings_));
return onMessageBeginBase();
}
uint32_t ConnectionImpl::getHeadersSize() {
return current_header_field_.size() + current_header_value_.size() +
headersOrTrailers().byteSize();
}
Status ConnectionImpl::checkMaxHeadersSize() {
const uint32_t total = getHeadersSize();
if (total > (max_headers_kb_ * 1024)) {
const absl::string_view header_type =
processing_trailers_ ? Http1HeaderTypes::get().Trailers : Http1HeaderTypes::get().Headers;
error_code_ = Http::Code::RequestHeaderFieldsTooLarge;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().HeadersTooLarge));
return codecProtocolError(
absl::StrCat("http/1.1 protocol error: ", header_type, " size exceeds limit"));
}
return okStatus();
}
bool ConnectionImpl::maybeDirectDispatch(Buffer::Instance& data) {
if (!handling_upgrade_) {
// Only direct dispatch for Upgrade requests.
return false;
}
ENVOY_CONN_LOG(trace, "direct-dispatched {} bytes", connection_, data.length());
onBody(data);
data.drain(data.length());
return true;
}
void ConnectionImpl::onDispatch(const Buffer::Instance& data) {
getBytesMeter().addWireBytesReceived(data.length());
}
Http::Status ClientConnectionImpl::dispatch(Buffer::Instance& data) {
Http::Status status = ConnectionImpl::dispatch(data);
if (status.ok() && data.length() > 0) {
// The HTTP/1.1 codec pauses dispatch after a single response is complete. Extraneous data
// after a response is complete indicates an error.
return codecProtocolError("http/1.1 protocol error: extraneous data after response complete");
}
return status;
}
Http::Status ConnectionImpl::dispatch(Buffer::Instance& data) {
// Add self to the Dispatcher's tracked object stack.
ScopeTrackerScopeState scope(this, connection_.dispatcher());
ENVOY_CONN_LOG(trace, "parsing {} bytes", connection_, data.length());
// Make sure that dispatching_ is set to false after dispatching, even when
// http_parser exits early with an error code.
Cleanup cleanup([this]() { dispatching_ = false; });
ASSERT(!dispatching_);
ASSERT(codec_status_.ok());
ASSERT(buffered_body_.length() == 0);
dispatching_ = true;
onDispatch(data);
if (maybeDirectDispatch(data)) {
return Http::okStatus();
}
// Always resume before dispatch.
parser_->resume();
ssize_t total_parsed = 0;
if (data.length() > 0) {
current_dispatching_buffer_ = &data;
while (data.length() > 0) {
auto slice = data.frontSlice();
dispatching_slice_already_drained_ = false;
auto statusor_parsed = dispatchSlice(static_cast<const char*>(slice.mem_), slice.len_);
if (!statusor_parsed.ok()) {
return statusor_parsed.status();
}
if (!dispatching_slice_already_drained_) {
ASSERT(statusor_parsed.value() <= slice.len_);
data.drain(statusor_parsed.value());
}
total_parsed += statusor_parsed.value();
if (parser_->getStatus() != ParserStatus::Ok) {
// Parse errors trigger an exception in dispatchSlice so we are guaranteed to be paused at
// this point.
ASSERT(parser_->getStatus() == ParserStatus::Paused);
break;
}
}
current_dispatching_buffer_ = nullptr;
dispatchBufferedBody();
} else {
auto result = dispatchSlice(nullptr, 0);
if (!result.ok()) {
return result.status();
}
}
ASSERT(buffered_body_.length() == 0);
ENVOY_CONN_LOG(trace, "parsed {} bytes", connection_, total_parsed);
// If an upgrade has been handled and there is body data or early upgrade
// payload to send on, send it on.
maybeDirectDispatch(data);
return Http::okStatus();
}
Envoy::StatusOr<size_t> ConnectionImpl::dispatchSlice(const char* slice, size_t len) {
ASSERT(codec_status_.ok() && dispatching_);
const size_t nread = parser_->execute(slice, len);
if (!codec_status_.ok()) {
return codec_status_;
}
const ParserStatus status = parser_->getStatus();
if (status != ParserStatus::Ok && status != ParserStatus::Paused) {
absl::string_view error = Http1ResponseCodeDetails::get().HttpCodecError;
if (codec_settings_.use_balsa_parser_) {
if (parser_->errorMessage() == "headers size exceeds limit" ||
parser_->errorMessage() == "trailers size exceeds limit") {
error_code_ = Http::Code::RequestHeaderFieldsTooLarge;
error = Http1ResponseCodeDetails::get().HeadersTooLarge;
} else if (parser_->errorMessage() == "header value contains invalid chars") {
error = Http1ResponseCodeDetails::get().InvalidCharacters;
}
}
RETURN_IF_ERROR(sendProtocolError(error));
// Avoid overwriting the codec_status_ set in the callbacks.
ASSERT(codec_status_.ok());
codec_status_ =
codecProtocolError(absl::StrCat("http/1.1 protocol error: ", parser_->errorMessage()));
return codec_status_;
}
return nread;
}
CallbackResult ConnectionImpl::onMessageBegin() {
return setAndCheckCallbackStatus(onMessageBeginImpl());
}
CallbackResult ConnectionImpl::onUrl(const char* data, size_t length) {
return setAndCheckCallbackStatus(onUrlBase(data, length));
}
CallbackResult ConnectionImpl::onStatus(const char* data, size_t length) {
return setAndCheckCallbackStatus(onStatusBase(data, length));
}
CallbackResult ConnectionImpl::onHeaderField(const char* data, size_t length) {
return setAndCheckCallbackStatus(onHeaderFieldImpl(data, length));
}
CallbackResult ConnectionImpl::onHeaderValue(const char* data, size_t length) {
return setAndCheckCallbackStatus(onHeaderValueImpl(data, length));
}
CallbackResult ConnectionImpl::onHeadersComplete() {
return setAndCheckCallbackStatusOr(onHeadersCompleteImpl());
}
void ConnectionImpl::bufferBody(const char* data, size_t length) {
auto slice = current_dispatching_buffer_->frontSlice();
if (data == slice.mem_ && length == slice.len_) {
buffered_body_.move(*current_dispatching_buffer_, length);
dispatching_slice_already_drained_ = true;
} else {
buffered_body_.add(data, length);
}
}
CallbackResult ConnectionImpl::onMessageComplete() {
return setAndCheckCallbackStatusOr(onMessageCompleteImpl());
}
void ConnectionImpl::onChunkHeader(bool is_final_chunk) {
if (is_final_chunk) {
// Dispatch body before parsing trailers, so body ends up dispatched even if an error is found
// while processing trailers.
dispatchBufferedBody();
}
}
Status ConnectionImpl::onHeaderFieldImpl(const char* data, size_t length) {
ASSERT(dispatching_);
getBytesMeter().addHeaderBytesReceived(length);
// We previously already finished up the headers, these headers are
// now trailers.
if (header_parsing_state_ == HeaderParsingState::Done) {
if (!enableTrailers()) {
// Ignore trailers.
return okStatus();
}
processing_trailers_ = true;
header_parsing_state_ = HeaderParsingState::Field;
allocTrailers();
}
if (header_parsing_state_ == HeaderParsingState::Value) {
RETURN_IF_ERROR(completeCurrentHeader());
}
current_header_field_.append(data, length);
return checkMaxHeadersSize();
}
Status ConnectionImpl::onHeaderValueImpl(const char* data, size_t length) {
ASSERT(dispatching_);
getBytesMeter().addHeaderBytesReceived(length);
if (header_parsing_state_ == HeaderParsingState::Done && !enableTrailers()) {
// Ignore trailers.
return okStatus();
}
absl::string_view header_value{data, length};
if (!Http::HeaderUtility::headerValueIsValid(header_value)) {
ENVOY_CONN_LOG(debug, "invalid header value: {}", connection_, header_value);
error_code_ = Http::Code::BadRequest;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().InvalidCharacters));
return codecProtocolError("http/1.1 protocol error: header value contains invalid chars");
}
header_parsing_state_ = HeaderParsingState::Value;
if (current_header_value_.empty()) {
// Strip leading whitespace if the current header value input contains the first bytes of the
// encoded header value. Trailing whitespace is stripped once the full header value is known in
// ConnectionImpl::completeCurrentHeader. http_parser does not strip leading or trailing
// whitespace as the spec requires: https://tools.ietf.org/html/rfc7230#section-3.2.4 .
header_value = StringUtil::ltrim(header_value);
}
current_header_value_.append(header_value.data(), header_value.length());
return checkMaxHeadersSize();
}
StatusOr<CallbackResult> ConnectionImpl::onHeadersCompleteImpl() {
ASSERT(!processing_trailers_);
ASSERT(dispatching_);
ENVOY_CONN_LOG(trace, "onHeadersCompleteImpl", connection_);
RETURN_IF_ERROR(completeCurrentHeader());
if (!parser_->isHttp11()) {
// This is not necessarily true, but it's good enough since higher layers only care if this is
// HTTP/1.1 or not.
protocol_ = Protocol::Http10;
}
RequestOrResponseHeaderMap& request_or_response_headers = requestOrResponseHeaders();
const Http::HeaderValues& header_values = Http::Headers::get();
if (Utility::isUpgrade(request_or_response_headers) && upgradeAllowed()) {
// Ignore h2c upgrade requests until we support them.
// See https://github.com/envoyproxy/envoy/issues/7161 for details.
if (absl::EqualsIgnoreCase(request_or_response_headers.getUpgradeValue(),
header_values.UpgradeValues.H2c)) {
ENVOY_CONN_LOG(trace, "removing unsupported h2c upgrade headers.", connection_);
request_or_response_headers.removeUpgrade();
if (request_or_response_headers.Connection()) {
const auto& tokens_to_remove = caseUnorderdSetContainingUpgradeAndHttp2Settings();
std::string new_value = StringUtil::removeTokens(
request_or_response_headers.getConnectionValue(), ",", tokens_to_remove, ",");
if (new_value.empty()) {
request_or_response_headers.removeConnection();
} else {
request_or_response_headers.setConnection(new_value);
}
}
request_or_response_headers.remove(header_values.Http2Settings);
} else {
ENVOY_CONN_LOG(trace, "codec entering upgrade mode.", connection_);
handling_upgrade_ = true;
}
}
if (parser_->methodName() == header_values.MethodValues.Connect) {
if (request_or_response_headers.ContentLength()) {
if (request_or_response_headers.getContentLengthValue() == "0") {
request_or_response_headers.removeContentLength();
} else {
// Per https://tools.ietf.org/html/rfc7231#section-4.3.6 a payload with a
// CONNECT request has no defined semantics, and may be rejected.
error_code_ = Http::Code::BadRequest;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().BodyDisallowed));
return codecProtocolError("http/1.1 protocol error: unsupported content length");
}
}
ENVOY_CONN_LOG(trace, "codec entering upgrade mode for CONNECT request.", connection_);
handling_upgrade_ = true;
}
// https://tools.ietf.org/html/rfc7230#section-3.3.3
// If a message is received with both a Transfer-Encoding and a
// Content-Length header field, the Transfer-Encoding overrides the
// Content-Length. Such a message might indicate an attempt to
// perform request smuggling (Section 9.5) or response splitting
// (Section 9.4) and ought to be handled as an error. A sender MUST
// remove the received Content-Length field prior to forwarding such
// a message.
#ifndef ENVOY_ENABLE_UHV
// This check is moved into default header validator.
// TODO(yanavlasov): use runtime override here when UHV is moved into the main build
// Reject message with Http::Code::BadRequest if both Transfer-Encoding and Content-Length
// headers are present or if allowed by http1 codec settings and 'Transfer-Encoding'
// is chunked - remove Content-Length and serve request.
if (parser_->hasTransferEncoding() != 0 && request_or_response_headers.ContentLength()) {
if (parser_->isChunked() && codec_settings_.allow_chunked_length_) {
request_or_response_headers.removeContentLength();
} else {
error_code_ = Http::Code::BadRequest;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().ChunkedContentLength));
return codecProtocolError(
"http/1.1 protocol error: both 'Content-Length' and 'Transfer-Encoding' are set.");
}
}
// Per https://tools.ietf.org/html/rfc7230#section-3.3.1 Envoy should reject
// transfer-codings it does not understand.
// Per https://tools.ietf.org/html/rfc7231#section-4.3.6 a payload with a
// CONNECT request has no defined semantics, and may be rejected.
if (request_or_response_headers.TransferEncoding()) {
const absl::string_view encoding = request_or_response_headers.getTransferEncodingValue();
if (!absl::EqualsIgnoreCase(encoding, header_values.TransferEncodingValues.Chunked) ||
parser_->methodName() == header_values.MethodValues.Connect) {
error_code_ = Http::Code::NotImplemented;
RETURN_IF_ERROR(sendProtocolError(Http1ResponseCodeDetails::get().InvalidTransferEncoding));
return codecProtocolError("http/1.1 protocol error: unsupported transfer encoding");
}
}
#endif
auto statusor = onHeadersCompleteBase();
if (!statusor.ok()) {
RETURN_IF_ERROR(statusor.status());
}
header_parsing_state_ = HeaderParsingState::Done;
// Returning CallbackResult::NoBodyData informs http_parser to not expect a body or further data
// on this connection.
return handling_upgrade_ ? CallbackResult::NoBodyData : statusor.value();
}
StatusOr<CallbackResult> ConnectionImpl::onMessageCompleteImpl() {
ENVOY_CONN_LOG(trace, "message complete", connection_);
dispatchBufferedBody();
if (handling_upgrade_) {
// If this is an upgrade request, swallow the onMessageComplete. The
// upgrade payload will be treated as stream body.
ASSERT(!deferred_end_stream_headers_);
ENVOY_CONN_LOG(trace, "Pausing parser due to upgrade.", connection_);
return parser_->pause();
}
// If true, this indicates we were processing trailers and must
// move the last header into current_header_map_
if (header_parsing_state_ == HeaderParsingState::Value) {
RETURN_IF_ERROR(completeCurrentHeader());
}
return onMessageCompleteBase();
}
void ConnectionImpl::dispatchBufferedBody() {
ASSERT(parser_->getStatus() == ParserStatus::Ok || parser_->getStatus() == ParserStatus::Paused);
ASSERT(codec_status_.ok());
if (buffered_body_.length() > 0) {
onBody(buffered_body_);
buffered_body_.drain(buffered_body_.length());
}
}
void ConnectionImpl::onResetStreamBase(StreamResetReason reason) {
ASSERT(!reset_stream_called_);
reset_stream_called_ = true;
onResetStream(reason);
}
OptRef<const StreamInfo::StreamInfo> ConnectionImpl::trackedStream() const {
return connection_.trackedStream();
}
void ConnectionImpl::dumpState(std::ostream& os, int indent_level) const {
const char* spaces = spacesForLevel(indent_level);
os << spaces << "Http1::ConnectionImpl " << this << DUMP_MEMBER(dispatching_)
<< DUMP_MEMBER(dispatching_slice_already_drained_) << DUMP_MEMBER(reset_stream_called_)
<< DUMP_MEMBER(handling_upgrade_) << DUMP_MEMBER(deferred_end_stream_headers_)
<< DUMP_MEMBER(processing_trailers_) << DUMP_MEMBER(buffered_body_.length());
// Dump header parsing state, and any progress on headers.
os << DUMP_MEMBER(header_parsing_state_);
os << DUMP_MEMBER_AS(current_header_field_, current_header_field_.getStringView());
os << DUMP_MEMBER_AS(current_header_value_, current_header_value_.getStringView());
// Dump Child
os << '\n';
dumpAdditionalState(os, indent_level);
// Dump the first slice of the dispatching buffer if not drained escaping
// certain characters. We do this last as the slice could be rather large.
if (current_dispatching_buffer_ == nullptr || dispatching_slice_already_drained_) {