nghttp2/nghttp2
1
0
Fork 0
mirror of https://github.com/nghttp2/nghttp2.git synced 2025-12-08 02:58:53 +08:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nghttp2:v1.63.0
Branches Tags
nghttp2:master nghttp2:src-slist nghttp2:copilot/find-unused-functions-and-macros nghttp2:v1.67.x nghttp2:v1.62.x nghttp2:invoke-result nghttp2:v1.55.x nghttp2:android-docker nghttp2:v1.45.x nghttp2:nghttpx-http3 nghttp2:quic nghttp2:gh-actions nghttp2:v1.39.x nghttp2:v1.35.x nghttp2:v1.32.x nghttp2:ws nghttp2:v1.31.x nghttp2:tls13-early-data-strike-reg nghttp2:v1.23.x nghttp2:nproc nghttp2:v1.21.x nghttp2:nghttpx-usr2-graceful-shutdown nghttp2:asio_threading nghttp2:boringssl-tls13 nghttp2:v1.18.x nghttp2:v1.16.x nghttp2:v1.14.x nghttp2:cache-digest nghttp2:v1.11.x nghttp2:http-parser-unknown-method nghttp2:v1.9.x nghttp2:v1.7.x nghttp2:hpack-8bits nghttp2:gh-pages nghttp2:v0.3-fix
nghttp2:v1.68.0 nghttp2:v1.67.1 nghttp2:v1.67.0 nghttp2:v1.66.0 nghttp2:v1.65.0 nghttp2:v1.64.0 nghttp2:v1.63.0 nghttp2:v1.62.1 nghttp2:v1.62.0 nghttp2:v1.61.0 nghttp2:v1.60.0 nghttp2:v1.59.0 nghttp2:v1.58.0 nghttp2:v1.57.0 nghttp2:v1.56.0 nghttp2:v1.55.1 nghttp2:v1.55.0 nghttp2:v1.54.0 nghttp2:v1.53.0 nghttp2:v1.52.0 nghttp2:v1.51.0 nghttp2:v1.50.0 nghttp2:v1.49.0 nghttp2:v1.48.0 nghttp2:v1.47.0 nghttp2:v1.46.0 nghttp2:v1.45.1 nghttp2:v1.45.0 nghttp2:v1.44.0 nghttp2:v1.43.0 nghttp2:v1.42.0 nghttp2:v1.41.0 nghttp2:v1.40.0 nghttp2:v1.39.2 nghttp2:v1.39.1 nghttp2:v1.39.0 nghttp2:v1.38.0 nghttp2:v1.37.0 nghttp2:v1.36.0 nghttp2:v1.35.1 nghttp2:v1.35.0 nghttp2:v1.34.0 nghttp2:v1.33.0 nghttp2:v1.32.1 nghttp2:v1.32.0 nghttp2:v1.31.1 nghttp2:v1.31.0 nghttp2:v1.30.0 nghttp2:v1.29.0 nghttp2:v1.28.0 nghttp2:v1.27.0 nghttp2:v1.26.0 nghttp2:v1.25.0 nghttp2:v1.24.0 nghttp2:v1.23.1 nghttp2:v1.23.0 nghttp2:v1.22.0 nghttp2:v1.21.1 nghttp2:v1.21.0 nghttp2:v1.20.0 nghttp2:v1.19.0 nghttp2:v1.18.1 nghttp2:v1.18.0 nghttp2:v1.17.0 nghttp2:v1.16.1 nghttp2:v1.16.0 nghttp2:v1.15.0 nghttp2:v1.14.1 nghttp2:v1.14.0 nghttp2:v1.13.0 nghttp2:v1.12.0 nghttp2:v1.11.1 nghttp2:v1.11.0 nghttp2:v1.10.0 nghttp2:v1.9.2 nghttp2:v1.9.1 nghttp2:v1.9.0 nghttp2:v1.8.0 nghttp2:v1.7.1 nghttp2:v1.7.0 nghttp2:v1.6.0 nghttp2:v1.5.0 nghttp2:v1.4.0 nghttp2:v1.3.4 nghttp2:v1.3.3 nghttp2:v1.3.2 nghttp2:v1.3.1 nghttp2:v1.3.0 nghttp2:v1.2.1 nghttp2:v1.2.0 nghttp2:v1.1.2 nghttp2:v1.1.1 nghttp2:v1.1.0 nghttp2:v1.0.5 nghttp2:v1.0.4 nghttp2:v1.0.3 nghttp2:v1.0.2 nghttp2:v1.0.1 nghttp2:v1.0.0 nghttp2:v0.7.15 nghttp2:v0.7.14 nghttp2:v0.7.13 nghttp2:v0.7.12 nghttp2:v0.7.11 nghttp2:v0.7.10 nghttp2:v0.7.9 nghttp2:v0.7.8 nghttp2:v0.7.7 nghttp2:v0.7.6 nghttp2:v0.7.5 nghttp2:v0.7.4 nghttp2:v0.7.3 nghttp2:v0.7.2 nghttp2:v0.7.1 nghttp2:v0.7.0 nghttp2:v0.6.7 nghttp2:v0.6.6 nghttp2:v0.6.5 nghttp2:v0.6.4 nghttp2:v0.6.3 nghttp2:v0.6.2 nghttp2:v0.6.1 nghttp2:v0.6.0 nghttp2:v0.5.1 nghttp2:v0.5.0 nghttp2:v0.4.1 nghttp2:v0.4.0 nghttp2:v0.3.2 nghttp2:v0.3.1 nghttp2:v0.3.0 nghttp2:v0.2.0 nghttp2:v0.1.0
..
compare: nghttp2:v1.55.x
Branches Tags
nghttp2:master nghttp2:src-slist nghttp2:copilot/find-unused-functions-and-macros nghttp2:v1.67.x nghttp2:v1.62.x nghttp2:invoke-result nghttp2:v1.55.x nghttp2:android-docker nghttp2:v1.45.x nghttp2:nghttpx-http3 nghttp2:quic nghttp2:gh-actions nghttp2:v1.39.x nghttp2:v1.35.x nghttp2:v1.32.x nghttp2:ws nghttp2:v1.31.x nghttp2:tls13-early-data-strike-reg nghttp2:v1.23.x nghttp2:nproc nghttp2:v1.21.x nghttp2:nghttpx-usr2-graceful-shutdown nghttp2:asio_threading nghttp2:boringssl-tls13 nghttp2:v1.18.x nghttp2:v1.16.x nghttp2:v1.14.x nghttp2:cache-digest nghttp2:v1.11.x nghttp2:http-parser-unknown-method nghttp2:v1.9.x nghttp2:v1.7.x nghttp2:hpack-8bits nghttp2:gh-pages nghttp2:v0.3-fix
nghttp2:v1.68.0 nghttp2:v1.67.1 nghttp2:v1.67.0 nghttp2:v1.66.0 nghttp2:v1.65.0 nghttp2:v1.64.0 nghttp2:v1.63.0 nghttp2:v1.62.1 nghttp2:v1.62.0 nghttp2:v1.61.0 nghttp2:v1.60.0 nghttp2:v1.59.0 nghttp2:v1.58.0 nghttp2:v1.57.0 nghttp2:v1.56.0 nghttp2:v1.55.1 nghttp2:v1.55.0 nghttp2:v1.54.0 nghttp2:v1.53.0 nghttp2:v1.52.0 nghttp2:v1.51.0 nghttp2:v1.50.0 nghttp2:v1.49.0 nghttp2:v1.48.0 nghttp2:v1.47.0 nghttp2:v1.46.0 nghttp2:v1.45.1 nghttp2:v1.45.0 nghttp2:v1.44.0 nghttp2:v1.43.0 nghttp2:v1.42.0 nghttp2:v1.41.0 nghttp2:v1.40.0 nghttp2:v1.39.2 nghttp2:v1.39.1 nghttp2:v1.39.0 nghttp2:v1.38.0 nghttp2:v1.37.0 nghttp2:v1.36.0 nghttp2:v1.35.1 nghttp2:v1.35.0 nghttp2:v1.34.0 nghttp2:v1.33.0 nghttp2:v1.32.1 nghttp2:v1.32.0 nghttp2:v1.31.1 nghttp2:v1.31.0 nghttp2:v1.30.0 nghttp2:v1.29.0 nghttp2:v1.28.0 nghttp2:v1.27.0 nghttp2:v1.26.0 nghttp2:v1.25.0 nghttp2:v1.24.0 nghttp2:v1.23.1 nghttp2:v1.23.0 nghttp2:v1.22.0 nghttp2:v1.21.1 nghttp2:v1.21.0 nghttp2:v1.20.0 nghttp2:v1.19.0 nghttp2:v1.18.1 nghttp2:v1.18.0 nghttp2:v1.17.0 nghttp2:v1.16.1 nghttp2:v1.16.0 nghttp2:v1.15.0 nghttp2:v1.14.1 nghttp2:v1.14.0 nghttp2:v1.13.0 nghttp2:v1.12.0 nghttp2:v1.11.1 nghttp2:v1.11.0 nghttp2:v1.10.0 nghttp2:v1.9.2 nghttp2:v1.9.1 nghttp2:v1.9.0 nghttp2:v1.8.0 nghttp2:v1.7.1 nghttp2:v1.7.0 nghttp2:v1.6.0 nghttp2:v1.5.0 nghttp2:v1.4.0 nghttp2:v1.3.4 nghttp2:v1.3.3 nghttp2:v1.3.2 nghttp2:v1.3.1 nghttp2:v1.3.0 nghttp2:v1.2.1 nghttp2:v1.2.0 nghttp2:v1.1.2 nghttp2:v1.1.1 nghttp2:v1.1.0 nghttp2:v1.0.5 nghttp2:v1.0.4 nghttp2:v1.0.3 nghttp2:v1.0.2 nghttp2:v1.0.1 nghttp2:v1.0.0 nghttp2:v0.7.15 nghttp2:v0.7.14 nghttp2:v0.7.13 nghttp2:v0.7.12 nghttp2:v0.7.11 nghttp2:v0.7.10 nghttp2:v0.7.9 nghttp2:v0.7.8 nghttp2:v0.7.7 nghttp2:v0.7.6 nghttp2:v0.7.5 nghttp2:v0.7.4 nghttp2:v0.7.3 nghttp2:v0.7.2 nghttp2:v0.7.1 nghttp2:v0.7.0 nghttp2:v0.6.7 nghttp2:v0.6.6 nghttp2:v0.6.5 nghttp2:v0.6.4 nghttp2:v0.6.3 nghttp2:v0.6.2 nghttp2:v0.6.1 nghttp2:v0.6.0 nghttp2:v0.5.1 nghttp2:v0.5.0 nghttp2:v0.4.1 nghttp2:v0.4.0 nghttp2:v0.3.2 nghttp2:v0.3.1 nghttp2:v0.3.0 nghttp2:v0.2.0 nghttp2:v0.1.0

4 Commits
v1.63.0 ... v1.55.x

Author SHA1 Message Date
Tatsuhiro Tsujikawa
781057e156 Update manual pages 2023-07-14 22:36:35 +09:00
Tatsuhiro Tsujikawa
2f87b9c4f8 Bump package and library versions 2023-07-14 22:31:21 +09:00
Tatsuhiro Tsujikawa
299d2fdaf9 doc: Bump boringssl 2023-07-14 22:21:19 +09:00
Tatsuhiro Tsujikawa
8720afa304 Fix memory leak 
This commit fixes memory leak that happens when PUSH_PROMISE or
HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback
fails with a fatal error.  For example, if GOAWAY frame has been
received, a HEADERS frame that opens new stream cannot be sent.

This issue has already been made public via CVE-2023-35945 [1] issued
by envoyproxy/envoy project.  During embargo period, the patch to fix
this bug was accidentally submitted to nghttp2/nghttp2 repository [2].
And they decided to disclose CVE early.  I was notified just 1.5 hours
before disclosure.  I had no time to respond.

PoC described in [1] is quite simple, but I think it is not enough to
trigger this bug.  While it is true that receiving GOAWAY prevents a
client from opening new stream, and nghttp2 enters error handling
branch, in order to cause the memory leak,
nghttp2_session_close_stream function must return a fatal error.
nghttp2 defines 2 fatal error codes:

- NGHTTP2_ERR_NOMEM
- NGHTTP2_ERR_CALLBACK_FAILURE

NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory.  It
is unlikely that a process gets short of memory with this simple PoC
scenario unless application does something memory heavy processing.

NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined
callback function (nghttp2_on_stream_close_callback, in this case),
which indicates something fatal happened inside a callback, and a
connection must be closed immediately without any further action.  As
nghttp2_on_stream_close_error_callback documentation says, any error
code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code.  More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned.  I guess that envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated
into NGHTTP2_ERR_CALLBACK_FAILURE.

[1] https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
[2] https://github.com/nghttp2/nghttp2/pull/1929
 2023-07-14 21:57:59 +09:00
265 changed files with 24563 additions and 20002 deletions
Expand all files Collapse all files

120
.clang-format
View File

@@ -3,54 +3,21 @@ Language: Cpp
AccessModifierOffset: -2
AlignAfterOpenBracket: Align
AlignArrayOfStructures: None
AlignConsecutiveAssignments:
Enabled: false
AcrossEmptyLines: false
AcrossComments: false
AlignCompound: false
AlignFunctionPointers: false
PadOperators: true
AlignConsecutiveBitFields:
Enabled: false
AcrossEmptyLines: false
AcrossComments: false
AlignCompound: false
AlignFunctionPointers: false
PadOperators: true
AlignConsecutiveDeclarations:
Enabled: false
AcrossEmptyLines: false
AcrossComments: false
AlignCompound: false
AlignFunctionPointers: false
PadOperators: true
AlignConsecutiveMacros:
Enabled: false
AcrossEmptyLines: false
AcrossComments: false
AlignCompound: false
AlignFunctionPointers: false
PadOperators: true
AlignConsecutiveShortCaseStatements:
Enabled: false
AcrossEmptyLines: false
AcrossComments: false
AlignCaseColons: false
AlignConsecutiveMacros: None
AlignConsecutiveAssignments: None
AlignConsecutiveBitFields: None
AlignConsecutiveDeclarations: None
AlignEscapedNewlines: Right
AlignOperands: Align
AlignTrailingComments:
Kind: Always
OverEmptyLines: 0
AlignTrailingComments: true
AllowAllArgumentsOnNextLine: true
AllowAllParametersOfDeclarationOnNextLine: true
AllowBreakBeforeNoexceptSpecifier: Never
AllowShortEnumsOnASingleLine: true
AllowShortBlocksOnASingleLine: Never
AllowShortCaseLabelsOnASingleLine: false
AllowShortCompoundRequirementOnASingleLine: true
AllowShortEnumsOnASingleLine: true
AllowShortFunctionsOnASingleLine: All
AllowShortIfStatementsOnASingleLine: Never
AllowShortLambdasOnASingleLine: All
AllowShortIfStatementsOnASingleLine: Never
AllowShortLoopsOnASingleLine: false
AlwaysBreakAfterDefinitionReturnType: None
AlwaysBreakAfterReturnType: None
@@ -60,18 +27,17 @@ AttributeMacros:
- __capability
BinPackArguments: true
BinPackParameters: true
BitFieldColonSpacing: Both
BraceWrapping:
AfterCaseLabel: false
AfterClass: false
AfterControlStatement: Never
AfterEnum: false
AfterExternBlock: false
AfterFunction: false
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: false
AfterUnion: false
AfterExternBlock: false
BeforeCatch: false
BeforeElse: false
BeforeLambdaBody: false
@@ -80,29 +46,33 @@ BraceWrapping:
SplitEmptyFunction: true
SplitEmptyRecord: true
SplitEmptyNamespace: true
BreakAdjacentStringLiterals: true
BreakAfterAttributes: Leave
BreakAfterJavaFieldAnnotations: false
BreakArrays: true
BreakBeforeBinaryOperators: None
BreakBeforeConceptDeclarations: Always
BreakBeforeConceptDeclarations: true
BreakBeforeBraces: Attach
BreakBeforeInlineASMColon: OnlyMultiline
BreakBeforeTernaryOperators: true
BreakConstructorInitializers: BeforeColon
BreakBeforeInheritanceComma: false
BreakInheritanceList: BeforeColon
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakConstructorInitializers: BeforeColon
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
ColumnLimit: 80
CommentPragmas: '^ IWYU pragma:'
QualifierAlignment: Leave
CompactNamespaces: false
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
Cpp11BracedListStyle: true
DeriveLineEnding: true
DerivePointerAlignment: false
DisableFormat: false
EmptyLineAfterAccessModifier: Never
EmptyLineBeforeAccessModifier: LogicalBlock
ExperimentalAutoDetectBinPacking: false
PackConstructorInitializers: NextLine
BasedOnStyle: ''
ConstructorInitializerAllOnOneLineOrOnePerLine: false
AllowAllConstructorInitializersOnNextLine: true
FixNamespaceComments: true
ForEachMacros:
- foreach
@@ -127,30 +97,19 @@ IncludeCategories:
IncludeIsMainRegex: '$'
IncludeIsMainSourceRegex: ''
IndentAccessModifiers: false
IndentCaseBlocks: false
IndentCaseLabels: false
IndentExternBlock: AfterExternBlock
IndentCaseBlocks: false
IndentGotoLabels: true
IndentPPDirectives: AfterHash
IndentRequiresClause: false
IndentExternBlock: AfterExternBlock
IndentRequires: false
IndentWidth: 2
IndentWrappedFunctionNames: false
InsertBraces: false
InsertNewlineAtEOF: false
InsertTrailingCommas: None
IntegerLiteralSeparator:
Binary: 0
BinaryMinDigits: 0
Decimal: 0
DecimalMinDigits: 0
Hex: 0
HexMinDigits: 0
JavaScriptQuotes: Leave
JavaScriptWrapImports: true
KeepEmptyLinesAtTheStartOfBlocks: true
KeepEmptyLinesAtEOF: false
LambdaBodyIndentation: Signature
LineEnding: DeriveLF
MacroBlockBegin: ''
MacroBlockEnd: ''
MaxEmptyLinesToKeep: 1
@@ -160,44 +119,34 @@ ObjCBlockIndentWidth: 2
ObjCBreakBeforeNestedBlockParam: true
ObjCSpaceAfterProperty: false
ObjCSpaceBeforeProtocolList: true
PackConstructorInitializers: NextLine
PenaltyBreakAssignment: 2
PenaltyBreakBeforeFirstCallParameter: 19
PenaltyBreakComment: 300
PenaltyBreakFirstLessLess: 120
PenaltyBreakOpenParenthesis: 0
PenaltyBreakScopeResolution: 500
PenaltyBreakString: 1000
PenaltyBreakTemplateDeclaration: 10
PenaltyExcessCharacter: 1000000
PenaltyIndentedWhitespace: 0
PenaltyReturnTypeOnItsOwnLine: 60
PenaltyIndentedWhitespace: 0
PointerAlignment: Right
PPIndentWidth: -1
QualifierAlignment: Leave
ReferenceAlignment: Pointer
ReflowComments: true
RemoveBracesLLVM: false
RemoveParentheses: Leave
RemoveSemicolon: false
RequiresClausePosition: OwnLine
RequiresExpressionIndentation: OuterScope
SeparateDefinitionBlocks: Leave
ShortNamespaceLines: 1
SkipMacroDefinitionBody: false
SortIncludes: Never
SortJavaStaticImport: Before
SortUsingDeclarations: LexicographicNumeric
SortUsingDeclarations: true
SpaceAfterCStyleCast: false
SpaceAfterLogicalNot: false
SpaceAfterTemplateKeyword: true
SpaceAroundPointerQualifiers: Default
SpaceBeforeAssignmentOperators: true
SpaceBeforeCaseColon: false
SpaceBeforeCpp11BracedList: false
SpaceBeforeCtorInitializerColon: true
SpaceBeforeInheritanceColon: true
SpaceBeforeJsonColon: false
SpaceBeforeParens: ControlStatements
SpaceBeforeParensOptions:
AfterControlStatements: true
@@ -206,26 +155,23 @@ SpaceBeforeParensOptions:
AfterFunctionDeclarationName: false
AfterIfMacros: true
AfterOverloadedOperator: false
AfterPlacementOperator: true
AfterRequiresInClause: false
AfterRequiresInExpression: false
BeforeNonEmptyParentheses: false
SpaceAroundPointerQualifiers: Default
SpaceBeforeRangeBasedForLoopColon: true
SpaceBeforeSquareBrackets: false
SpaceInEmptyBlock: false
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 1
SpacesInAngles: Never
SpacesInConditionalStatement: false
SpacesInContainerLiterals: true
SpacesInCStyleCastParentheses: false
SpacesInLineCommentPrefix:
Minimum: 1
Maximum: -1
SpacesInParens: Never
SpacesInParensOptions:
InCStyleCasts: false
InConditionalStatements: false
InEmptyParentheses: false
Other: false
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpaceBeforeSquareBrackets: false
BitFieldColonSpacing: Both
Standard: Latest
StatementAttributeLikeMacros:
- Q_EMIT
@@ -233,8 +179,8 @@ StatementMacros:
- Q_UNUSED
- QT_REQUIRE_VERSION
TabWidth: 8
UseCRLF: false
UseTab: Never
VerilogBreakBetweenInstancePorts: true
WhitespaceSensitiveMacros:
- STRINGIZE
- PP_STRINGIZE

10
.github/dependabot.yml vendored
View File

@@ -1,10 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"

446
.github/workflows/build.yml vendored
View File

@@ -5,95 +5,75 @@ on: [push, pull_request]
permissions: read-all
env:
LIBBPF_VERSION: v1.4.5
OPENSSL1_VERSION: 1_1_1w+quic
OPENSSL3_VERSION: 3.1.5+quic
BORINGSSL_VERSION: e13f7e2ff5432205f09b4679c8a7715f1c130372
AWSLC_VERSION: v1.34.2
NGHTTP3_VERSION: v1.5.0
NGTCP2_VERSION: v1.7.0
WOLFSSL_VERSION: v5.7.2-stable
LIBBPF_VERSION: v1.2.0
OPENSSL1_VERSION: 1_1_1u+quic
OPENSSL3_VERSION: 3.1.0+quic
BORINGSSL_VERSION: 80dcb67d4481fb1194b9669917e35580c32dc388
NGHTTP3_VERSION: v0.13.0
NGTCP2_VERSION: v0.17.0
jobs:
build-cache:
strategy:
matrix:
os: [ubuntu-22.04, macos-13, macos-14]
os: [ubuntu-22.04, macos-12]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Restore libbpf cache
id: cache-libbpf
uses: actions/cache@v4
uses: actions/cache@v3
if: runner.os == 'Linux'
with:
path: libbpf/build
key: ${{ matrix.os }}-libbpf-${{ env.LIBBPF_VERSION }}
key: ${{ runner.os }}-libbpf-${{ env.LIBBPF_VERSION }}
- name: Restore OpenSSL v1.1.1 cache
id: cache-openssl1
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: openssl1/build
key: ${{ matrix.os }}-openssl-${{ env.OPENSSL1_VERSION }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL1_VERSION }}
- name: Restore OpenSSL v3.x cache
id: cache-openssl3
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: openssl3/build
key: ${{ matrix.os }}-openssl-${{ env.OPENSSL3_VERSION }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL3_VERSION }}
- name: Restore BoringSSL cache
id: cache-boringssl
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: |
boringssl/build/crypto/libcrypto.a
boringssl/build/ssl/libssl.a
boringssl/include
key: ${{ matrix.os }}-boringssl-${{ env.BORINGSSL_VERSION }}
- name: Restore aws-lc cache
id: cache-awslc
uses: actions/cache@v4
with:
path: |
aws-lc/build/crypto/libcrypto.a
aws-lc/build/ssl/libssl.a
aws-lc/include
key: ${{ matrix.os }}-awslc-${{ env.AWSLC_VERSION }}
- name: Restore wolfSSL cache
id: cache-wolfssl
uses: actions/cache@v4
with:
path: wolfssl/build
key: ${{ matrix.os }}-wolfssl-${{ env.WOLFSSL_VERSION }}
key: ${{ runner.os }}-boringssl-${{ env.BORINGSSL_VERSION }}
- name: Restore nghttp3 cache
id: cache-nghttp3
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: nghttp3/build
key: ${{ matrix.os }}-nghttp3-${{ env.NGHTTP3_VERSION }}
key: ${{ runner.os }}-nghttp3-${{ env.NGHTTP3_VERSION }}
- name: Restore ngtcp2 + quictls/openssl v1.1.1 cache
id: cache-ngtcp2-openssl1
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: ngtcp2-openssl1/build
key: ${{ matrix.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL1_VERSION }}
key: ${{ runner.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL1_VERSION }}
- name: Restore ngtcp2 + quictls/openssl v3.x cache
id: cache-ngtcp2-openssl3
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: ngtcp2-openssl3/build
key: ${{ matrix.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL3_VERSION }}
key: ${{ runner.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL3_VERSION }}
- id: settings
if: |
(steps.cache-libbpf.outputs.cache-hit != 'true' && runner.os == 'Linux') ||
steps.cache-openssl1.outputs.cache-hit != 'true' ||
steps.cache-openssl3.outputs.cache-hit != 'true' ||
steps.cache-boringssl.outputs.cache-hit != 'true' ||
steps.cache-awslc.outputs.cache-hit != 'true' ||
steps.cache-wolfssl.outputs.cache-hit != 'true' ||
steps.cache-nghttp3.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2-openssl1.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2-openssl3.outputs.cache-hit != 'true'
@@ -102,10 +82,9 @@ jobs:
- name: Linux setup
if: runner.os == 'Linux' && steps.settings.outputs.needs-build == 'true'
run: |
sudo apt-get update
sudo apt-get install \
g++-12 \
clang-15 \
clang-14 \
autoconf \
automake \
autotools-dev \
@@ -125,13 +104,13 @@ jobs:
- name: Build libbpf
if: steps.cache-libbpf.outputs.cache-hit != 'true' && runner.os == 'Linux'
run: |
git clone --recursive --shallow-submodules -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf
git clone -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf
cd libbpf
make -C src install PREFIX=$PWD/build
- name: Build quictls/openssl v1.1.1
if: steps.cache-openssl1.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1
git clone --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1
cd openssl1
./config --prefix=$PWD/build
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
@@ -139,7 +118,7 @@ jobs:
- name: Build quictls/openssl v3.x
if: steps.cache-openssl3.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3
git clone --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3
cd openssl3
./config enable-ktls --prefix=$PWD/build --libdir=$PWD/build/lib
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
@@ -147,69 +126,45 @@ jobs:
- name: Build BoringSSL
if: steps.cache-boringssl.outputs.cache-hit != 'true'
run: |
mkdir boringssl
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
git init
git remote add origin https://boringssl.googlesource.com/boringssl
git fetch origin --depth 1 ${{ env.BORINGSSL_VERSION }}
git checkout ${{ env.BORINGSSL_VERSION }}
mkdir build
cd build
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=ON ..
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
- name: Build aws-lc
if: steps.cache-awslc.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b "${AWSLC_VERSION}" https://github.com/aws/aws-lc
cd aws-lc
cmake -B build -DDISABLE_GO=ON
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" -C build
- name: Build wolfSSL
if: steps.cache-wolfssl.outputs.cache-hit != 'true'
run: |
git clone --depth 1 -b ${{ env.WOLFSSL_VERSION }} https://github.com/wolfSSL/wolfssl
cd wolfssl
autoreconf -i
./configure --disable-dependency-tracking --prefix=$PWD/build \
--enable-all --enable-harden --disable-ech
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
make install
- name: Build nghttp3
if: steps.cache-nghttp3.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3
git clone --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3
cd nghttp3
autoreconf -i
./configure --disable-dependency-tracking --prefix=$PWD/build \
--enable-lib-only
./configure --prefix=$PWD/build --enable-lib-only
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
make install
- name: Build ngtcp2 + quictls/openssl v1.1.1 + BoringSSL
- name: Build ngtcp2 + quictls/openssl v1.1.1
if: steps.cache-ngtcp2-openssl1.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1
git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1
cd ngtcp2-openssl1
autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only \
PKG_CONFIG_PATH="../openssl1/build/lib/pkgconfig:../wolfssl/build/lib/pkgconfig" \
PKG_CONFIG_PATH="../openssl1/build/lib/pkgconfig" \
BORINGSSL_CFLAGS="-I$PWD/../boringssl/include/" \
BORINGSSL_LIBS="-L$PWD/../boringssl/build/ssl -lssl -L$PWD/../boringssl/build/crypto -lcrypto" \
--disable-dependency-tracking \
--with-boringssl \
--with-wolfssl
--with-boringssl
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
make install
- name: Build ngtcp2 + quictls/openssl v3.x + aws-lc
- name: Build ngtcp2 + quictls/openssl v3.x
if: steps.cache-ngtcp2-openssl3.outputs.cache-hit != 'true'
run: |
git clone --recursive --shallow-submodules --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3
git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3
cd ngtcp2-openssl3
autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only \
PKG_CONFIG_PATH="../openssl3/build/lib/pkgconfig" \
BORINGSSL_CFLAGS="-I$PWD/../aws-lc/include/" \
BORINGSSL_LIBS="-L$PWD/../aws-lc/build/ssl -lssl -L$PWD/../aws-lc/build/crypto -lcrypto" \
--disable-dependency-tracking \
BORINGSSL_CFLAGS="-I$PWD/../boringssl/include/" \
BORINGSSL_LIBS="-L$PWD/../boringssl/build/ssl -lssl -L$PWD/../boringssl/build/crypto -lcrypto" \
--with-boringssl
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
make install
@@ -220,71 +175,45 @@ jobs:
strategy:
matrix:
os: [ubuntu-22.04, macos-13, macos-14]
os: [ubuntu-22.04, macos-12]
compiler: [gcc, clang]
buildtool: [autotools, cmake]
http3: [http3, no-http3]
openssl: [openssl1, openssl3, boringssl, awslc, wolfssl]
openssl: [openssl1, openssl3, boringssl]
exclude:
- os: macos-13
openssl: openssl3
- os: macos-14
- os: macos-12
openssl: openssl3
- http3: no-http3
openssl: openssl3
- os: macos-13
compiler: gcc
- os: macos-14
- os: macos-12
compiler: gcc
- # disable macos cmake because of include path issue
os: macos-13
os: macos-12
buildtool: cmake
- # disable macos cmake because of include path issue
os: macos-14
buildtool: cmake
- os: macos-13
openssl: boringssl
- os: macos-14
- os: macos-12
openssl: boringssl
- openssl: boringssl
buildtool: cmake
- openssl: boringssl
compiler: gcc
- os: macos-13
openssl: awslc
- os: macos-14
openssl: awslc
- openssl: awslc
buildtool: cmake
- openssl: awslc
compiler: gcc
include:
- os: ubuntu-22.04
compiler: clang
buildtool: distcheck
http3: http3
openssl: awslc
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/checkout@v3
- name: Linux setup
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install \
g++-12 \
clang-15 \
clang-14 \
autoconf \
automake \
autotools-dev \
libtool \
pkg-config \
zlib1g-dev \
libcunit1-dev \
libssl-dev \
libxml2-dev \
libev-dev \
@@ -293,32 +222,29 @@ jobs:
libjemalloc-dev \
libc-ares-dev \
libelf-dev \
libbrotli-dev \
cmake \
cmake-data
echo 'CPPFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -g' >> $GITHUB_ENV
echo 'LDFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined' >> $GITHUB_ENV
# https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
sudo sysctl vm.mmap_rnd_bits=28
- name: MacOS setup
if: runner.os == 'macOS'
run: |
brew install \
libev \
libevent \
c-ares \
cunit \
libressl \
autoconf \
automake \
pkg-config \
libtool
echo 'PKG_CONFIG_PATH=/usr/local/opt/libressl/lib/pkgconfig:/usr/local/opt/libxml2/lib/pkgconfig' >> $GITHUB_ENV
- name: Setup clang (Linux)
if: runner.os == 'Linux' && matrix.compiler == 'clang'
run: |
echo 'CC=clang-15' >> $GITHUB_ENV
echo 'CXX=clang++-15' >> $GITHUB_ENV
echo 'CC=clang-14' >> $GITHUB_ENV
echo 'CXX=clang++-14' >> $GITHUB_ENV
- name: Setup clang (MacOS)
if: runner.os == 'macOS' && matrix.compiler == 'clang'
run: |
@@ -329,91 +255,57 @@ jobs:
run: |
echo 'CC=gcc-12' >> $GITHUB_ENV
echo 'CXX=g++-12' >> $GITHUB_ENV
# g++-12 is known to produce false positive warnings.
echo 'CXXFLAGS=-Wno-restrict' >> $GITHUB_ENV
- name: Setup gcc (MacOS)
if: runner.os == 'macOS' && matrix.compiler == 'gcc'
run: |
echo 'CC=gcc' >> $GITHUB_ENV
echo 'CXX=g++' >> $GITHUB_ENV
- name: Restore libbpf cache
uses: actions/cache/restore@v4
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3' && matrix.compiler == 'clang' && runner.os == 'Linux'
with:
path: libbpf/build
key: ${{ matrix.os }}-libbpf-${{ env.LIBBPF_VERSION }}
key: ${{ runner.os }}-libbpf-${{ env.LIBBPF_VERSION }}
fail-on-cache-miss: true
- name: Set libbpf variables
if: matrix.http3 == 'http3' && matrix.compiler == 'clang' && runner.os == 'Linux'
run: |
cd libbpf
EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --with-libbpf"
EXTRA_CMAKE_OPTS="$EXTRA_CMAKE_OPTS -DWITH_LIBBPF=1"
EXTRA_AUTOTOOLS_OPTS="--with-libbpf"
EXTRA_CMAKE_OPTS="-DWITH_LIBBPF=1"
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
echo 'EXTRA_CMAKE_OPTS='"$EXTRA_CMAKE_OPTS" >> $GITHUB_ENV
- name: Setup libev variables
if: matrix.os == 'macos-14'
run: |
LIBEV_CFLAGS="-I/opt/homebrew/Cellar/libev/4.33/include"
LIBEV_LIBS="-L/opt/homebrew/Cellar/libev/4.33/lib -lev"
echo 'LIBEV_CFLAGS='"$LIBEV_CFLAGS" >> $GITHUB_ENV
echo 'LIBEV_LIBS='"$LIBEV_LIBS" >> $GITHUB_ENV
- name: Restore quictls/openssl v1.1.1 cache
uses: actions/cache/restore@v4
if: matrix.openssl == 'openssl1'
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3' && matrix.openssl == 'openssl1'
with:
path: openssl1/build
key: ${{ matrix.os }}-openssl-${{ env.OPENSSL1_VERSION }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL1_VERSION }}
fail-on-cache-miss: true
- name: Restore quictls/openssl v3.x cache
uses: actions/cache/restore@v4
if: matrix.openssl == 'openssl3'
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3' && matrix.openssl == 'openssl3'
with:
path: openssl3/build
key: ${{ matrix.os }}-openssl-${{ env.OPENSSL3_VERSION }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL3_VERSION }}
fail-on-cache-miss: true
- name: Restore BoringSSL cache
uses: actions/cache/restore@v4
uses: actions/cache/restore@v3
if: matrix.openssl == 'boringssl'
with:
path: |
boringssl/build/crypto/libcrypto.a
boringssl/build/ssl/libssl.a
boringssl/include
key: ${{ matrix.os }}-boringssl-${{ env.BORINGSSL_VERSION }}
fail-on-cache-miss: true
- name: Restore aws-lc cache
uses: actions/cache/restore@v4
if: matrix.openssl == 'awslc'
with:
path: |
aws-lc/build/crypto/libcrypto.a
aws-lc/build/ssl/libssl.a
aws-lc/include
key: ${{ matrix.os }}-awslc-${{ env.AWSLC_VERSION }}
key: ${{ runner.os }}-boringssl-${{ env.BORINGSSL_VERSION }}
fail-on-cache-miss: true
- name: Set BoringSSL variables
if: matrix.openssl == 'boringssl'
run: |
cd boringssl
OPENSSL_CFLAGS="-I$PWD/include/"
OPENSSL_LIBS="-L$PWD/build/ssl -lssl -L$PWD/build/crypto -lcrypto -pthread"
EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc --disable-examples"
echo 'OPENSSL_CFLAGS='"$OPENSSL_CFLAGS" >> $GITHUB_ENV
echo 'OPENSSL_LIBS='"$OPENSSL_LIBS" >> $GITHUB_ENV
echo 'BORINGSSL_CFLAGS='"$OPENSSL_CFLAGS" >> $GITHUB_ENV
echo 'BORINGSSL_LIBS='"$OPENSSL_LIBS" >> $GITHUB_ENV
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
- name: Set aws-lc variables
if: matrix.openssl == 'awslc'
run: |
cd aws-lc
OPENSSL_CFLAGS="-I$PWD/include/"
OPENSSL_LIBS="-L$PWD/build/ssl -lssl -L$PWD/build/crypto -lcrypto -pthread"
EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc"
@@ -423,125 +315,96 @@ jobs:
echo 'BORINGSSL_CFLAGS='"$OPENSSL_CFLAGS" >> $GITHUB_ENV
echo 'BORINGSSL_LIBS='"$OPENSSL_LIBS" >> $GITHUB_ENV
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
- name: Restore wolfSSL cache
uses: actions/cache/restore@v4
if: matrix.openssl == 'wolfssl'
with:
path: wolfssl/build
key: ${{ matrix.os }}-wolfssl-${{ env.WOLFSSL_VERSION }}
fail-on-cache-miss: true
- name: Set wolfSSL variables
if: matrix.openssl == 'wolfssl'
run: |
EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --with-wolfssl --without-neverbleed"
EXTRA_CMAKE_OPTS="$EXTRA_CMAKE_OPTS -DWITH_WOLFSSL=1 -DWITH_NEVERBLEED=0 -DENABLE_EXAMPLES=0"
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
echo 'EXTRA_CMAKE_OPTS='"$EXTRA_CMAKE_OPTS" >> $GITHUB_ENV
- name: Restore nghttp3 cache
uses: actions/cache/restore@v4
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3'
with:
path: nghttp3/build
key: ${{ matrix.os }}-nghttp3-${{ env.NGHTTP3_VERSION }}
key: ${{ runner.os }}-nghttp3-${{ env.NGHTTP3_VERSION }}
fail-on-cache-miss: true
- name: Restore ngtcp2 + quictls/openssl v1.1.1 cache + BoringSSL
uses: actions/cache/restore@v4
if: matrix.http3 == 'http3' && (matrix.openssl == 'openssl1' || matrix.openssl == 'boringssl' || matrix.openssl == 'wolfssl')
- name: Restore ngtcp2 + quictls/openssl v1.1.1 cache
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3' && (matrix.openssl == 'openssl1' || matrix.openssl == 'boringssl')
with:
path: ngtcp2-openssl1/build
key: ${{ matrix.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL1_VERSION }}
key: ${{ runner.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL1_VERSION }}
fail-on-cache-miss: true
- name: Restore ngtcp2 + quictls/openssl v3.x cache + aws-lc
uses: actions/cache/restore@v4
if: matrix.http3 == 'http3' && (matrix.openssl == 'openssl3' || matrix.openssl == 'awslc')
- name: Restore ngtcp2 + quictls/openssl v3.x cache
uses: actions/cache/restore@v3
if: matrix.http3 == 'http3' && matrix.openssl == 'openssl3'
with:
path: ngtcp2-openssl3/build
key: ${{ matrix.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL3_VERSION }}
key: ${{ runner.os }}-ngtcp2-${{ env.NGTCP2_VERSION }}-openssl-${{ env.OPENSSL3_VERSION }}
fail-on-cache-miss: true
- name: Setup extra environment variables
if: matrix.http3 == 'no-http3'
run: |
PKG_CONFIG_PATH="$PWD/openssl1/build/lib/pkgconfig:$PWD/openssl3/build/lib/pkgconfig:$PWD/wolfssl/build/lib/pkgconfig:$PKG_CONFIG_PATH"
LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/openssl1/build/lib -Wl,-rpath,$PWD/openssl3/build/lib"
echo 'PKG_CONFIG_PATH='"$PKG_CONFIG_PATH" >> $GITHUB_ENV
echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV
- name: Setup extra environment variables for HTTP/3
if: matrix.http3 == 'http3'
run: |
PKG_CONFIG_PATH="$PWD/openssl1/build/lib/pkgconfig:$PWD/openssl3/build/lib/pkgconfig:$PWD/wolfssl/build/lib/pkgconfig:$PWD/nghttp3/build/lib/pkgconfig:$PWD/ngtcp2-openssl1/build/lib/pkgconfig:$PWD/ngtcp2-openssl3/build/lib/pkgconfig:$PWD/libbpf/build/lib64/pkgconfig:$PKG_CONFIG_PATH"
PKG_CONFIG_PATH="$PWD/openssl1/build/lib/pkgconfig:$PWD/openssl3/build/lib/pkgconfig:$PWD/nghttp3/build/lib/pkgconfig:$PWD/ngtcp2-openssl1/build/lib/pkgconfig:$PWD/ngtcp2-openssl3/build/lib/pkgconfig:$PWD/libbpf/build/lib64/pkgconfig:$PKG_CONFIG_PATH"
LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/openssl1/build/lib -Wl,-rpath,$PWD/openssl3/build/lib -Wl,-rpath,$PWD/libbpf/build/lib64"
EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --enable-http3"
EXTRA_CMAKE_OPTS="$EXTRA_CMAKE_OPTS -DENABLE_HTTP3=1"
EXTRA_AUTOTOOLS_OPTS="--enable-http3 $EXTRA_AUTOTOOLS_OPTS"
EXTRA_CMAKE_OPTS="-DENABLE_HTTP3=1 $EXTRA_CMAKE_OPTS"
echo 'PKG_CONFIG_PATH='"$PKG_CONFIG_PATH" >> $GITHUB_ENV
echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
echo 'EXTRA_CMAKE_OPTS='"$EXTRA_CMAKE_OPTS" >> $GITHUB_ENV
- name: Setup git submodules
run: |
git submodule update --init
- name: Configure autotools
run: |
autoreconf -i
./configure --disable-dependency-tracking
- name: Make distribution and unpack
if: matrix.buildtool != 'distcheck'
./configure
- name: Configure cmake (Linux)
if: matrix.buildtool == 'cmake' && runner.os == 'Linux'
run: |
make dist
VERSION=$(grep PACKAGE_VERSION config.h | cut -d' ' -f3 | tr -d '"')
tar xf nghttp2-$VERSION.tar.gz
cd nghttp2-$VERSION
echo 'NGHTTP2_BUILD_DIR='"$PWD" >> $GITHUB_ENV
- name: Configure cmake (Linux)
if: matrix.buildtool == 'cmake' && runner.os == 'Linux'
run: |
cd $NGHTTP2_BUILD_DIR
echo 'NGHTTP2_CMAKE_DIR='"$PWD" >> $GITHUB_ENV
cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON .
cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" .
- name: Configure cmake (MacOS)
if: matrix.buildtool == 'cmake' && runner.os == 'macOS'
run: |
make dist
VERSION=$(grep PACKAGE_VERSION config.h | cut -d' ' -f3 | tr -d '"')
tar xf nghttp2-$VERSION.tar.gz
cd nghttp2-$VERSION
echo 'NGHTTP2_CMAKE_DIR='"$PWD" >> $GITHUB_ENV
# This fixes infamous 'stdio.h not found' error.
echo 'SDKROOT='"$(xcrun --sdk macosx --show-sdk-path)" >> $GITHUB_ENV
cd $NGHTTP2_BUILD_DIR
cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON .
cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" .
- name: Build nghttp2 with autotools (Linux)
if: matrix.buildtool == 'autotools' && runner.os == 'Linux'
run: |
cd $NGHTTP2_BUILD_DIR
./configure --disable-dependency-tracking --with-mruby --with-neverbleed --with-libev --with-libbrotlienc --with-libbrotlidec --enable-werror $EXTRA_AUTOTOOLS_OPTS
make -j"$(nproc)" check
make -j"$(nproc)" distcheck \
DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-neverbleed --with-libev --enable-werror $EXTRA_AUTOTOOLS_OPTS CPPFLAGS=\"$CPPFLAGS\" LDFLAGS=\"$LDFLAGS\""
- name: Build nghttp2 with autotools (MacOS)
if: matrix.buildtool == 'autotools' && runner.os == 'macOS'
run: |
cd $NGHTTP2_BUILD_DIR
./configure --disable-dependency-tracking --with-mruby --with-libev --with-libbrotlienc --with-libbrotlidec --enable-werror $EXTRA_AUTOTOOLS_OPTS
make -j"$(sysctl -n hw.ncpu)" check
- name: Build nghttp2 with autotools (distcheck)
if: matrix.buildtool == 'distcheck'
run: |
make -j"$(nproc)" distcheck \
DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-neverbleed --with-libev --with-libbrotlienc --with-libbrotlidec --enable-werror $EXTRA_AUTOTOOLS_OPTS CPPFLAGS=\"$CPPFLAGS\" LDFLAGS=\"$LDFLAGS\""
make -j"$(sysctl -n hw.ncpu)" distcheck \
DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-libev --enable-werror $EXTRA_AUTOTOOLS_OPTS CPPFLAGS=\"$CPPFLAGS\" LDFLAGS=\"$LDFLAGS\""
- name: Build nghttp2 with cmake
if: matrix.buildtool == 'cmake'
run: |
cd $NGHTTP2_BUILD_DIR
cd $NGHTTP2_CMAKE_DIR
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
- uses: actions/setup-go@v5
if: matrix.buildtool != 'distcheck'
- uses: actions/setup-go@v3
if: matrix.buildtool == 'cmake'
with:
go-version: "1.22"
go-version-file: go.mod
- name: Integration test
# Integration tests for nghttpx; autotools erases build
# artifacts.
if: matrix.buildtool != 'distcheck'
if: matrix.buildtool == 'cmake'
run: |
cd $NGHTTP2_BUILD_DIR/integration-tests
make it
cd $NGHTTP2_CMAKE_DIR/integration-tests
make itprep it
build-cross:
strategy:
@@ -554,10 +417,7 @@ jobs:
HOST: ${{ matrix.host }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/checkout@v3
- name: Linux setup
run: |
sudo dpkg --add-architecture i386
@@ -570,12 +430,19 @@ jobs:
libtool \
pkg-config \
wine
- name: Build CUnit
run: |
curl -LO https://jaist.dl.sourceforge.net/project/cunit/CUnit/2.1-3/CUnit-2.1-3.tar.bz2
tar xf CUnit-2.1-3.tar.bz2
cd CUnit-2.1-3
./bootstrap
./configure --disable-shared --host="$HOST" --prefix="$PWD/build"
make -j$(nproc) install
- name: Configure autotools
run: |
autoreconf -i && \
./configure --disable-dependency-tracking --enable-werror \
--enable-lib-only --host="$HOST" \
CFLAGS="-g -O2 -D_WIN32_WINNT=0x0600" LIBS="-pthread"
./configure --enable-werror --enable-lib-only --with-cunit \
--host="$HOST" PKG_CONFIG_PATH="$PWD/CUnit-2.1-3/build/lib/pkgconfig"
- name: Build nghttp2
run: |
make -j$(nproc)
@@ -583,7 +450,6 @@ jobs:
- name: Run tests
if: matrix.host == 'x86_64-w64-mingw32'
run: |
export WINEPATH=/usr/x86_64-w64-mingw32/lib
cd tests
wine main.exe
@@ -600,84 +466,16 @@ jobs:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- uses: microsoft/setup-msbuild@v2
- uses: actions/checkout@v3
- uses: microsoft/setup-msbuild@v1
- run: |
vcpkg --triplet=${{ matrix.arch }}-windows install cunit
- name: Configure cmake
run: cmake -B build -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON
run: |
mkdir build
cd build
cmake -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows ..
- name: Build nghttp2
run: |
cmake --build build
cmake --build build --target check
release:
if: github.ref_type == 'tag'
needs:
- build
- build-cross
- build-windows
permissions:
contents: write
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Make artifacts
run: |
ver='${{ github.ref_name }}'
prev_ver=$(git tag --sort v:refname | grep -v -F "${ver}" | \
grep 'v[0-9]\+\.[0-9]\+\.0' | tail -n1)
echo -n "$GPG_KEY" | gpg --batch --pinentry-mode loopback --import
./makerelease.sh "${ver}" "${prev_ver}"
env:
GPG_KEY: ${{ secrets.GPG_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Make release
uses: actions/github-script@v7
with:
script: |
const fs = require('fs')
let ver = '${{ github.ref_name }}'
let {data: release} = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: ver,
name: `nghttp2 ${ver}`,
draft: true,
generate_release_notes: true,
discussion_category_name: 'Announcements',
})
let v = ver.substring(1)
let files = [
'checksums.txt',
`nghttp2-${v}.tar.bz2`,
`nghttp2-${v}.tar.bz2.asc`,
`nghttp2-${v}.tar.gz`,
`nghttp2-${v}.tar.gz.asc`,
`nghttp2-${v}.tar.xz`,
`nghttp2-${v}.tar.xz.asc`,
]
await Promise.all(files.map(elem =>
github.rest.repos.uploadReleaseAsset({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: release.id,
name: elem,
data: fs.readFileSync(elem),
})
))

24
.github/workflows/docker.yaml vendored
View File

@@ -1,24 +0,0 @@
name: docker-build
on:
push:
paths:
- docker/Dockerfile
branches:
- '**'
permissions: read-all
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/build-push-action@v6
with:
context: docker
build-args: NGHTTP2_BRANCH=${{ github.ref_name }}

9
.github/workflows/fuzz.yml vendored
View File

@@ -5,13 +5,6 @@ jobs:
Fuzzing:
runs-on: ubuntu-latest
steps:
- name: LLVM workaround
run: |
# https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
sudo sysctl vm.mmap_rnd_bits=28
- name: Build Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
@@ -24,7 +17,7 @@ jobs:
fuzz-seconds: 600
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v1
if: failure()
with:
name: artifacts

20
.github/workflows/stale.yaml vendored
View File

@@ -1,20 +0,0 @@
name: 'Close stale issues'
on:
schedule:
- cron: '30 1 * * *'
permissions:
issues: write
jobs:
stale:
runs-on: ubuntu-22.04
steps:
- uses: actions/stale@v9
with:
stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
days-before-stale: 30
days-before-close: 7
exempt-all-milestones: true

8
.gitignore vendored
View File

@@ -42,7 +42,6 @@ rules.ninja
lib*.so
lib*.so.*
lib*.a
# generated by "make test" with cmake
Testing/
@@ -55,10 +54,3 @@ _VC_ROOT/
.depend.MSVC
*.pyd
*.egg-info/
# Build Directories
build/
# IDEs
cmake-*
.idea/

3
.gitmodules vendored
View File

@@ -5,6 +5,3 @@
path = third-party/neverbleed
url = https://github.com/tatsuhiro-t/neverbleed.git
branch = nghttp2
[submodule "tests/munit"]
path = tests/munit
url = https://github.com/ngtcp2/munit

11
AUTHORS
View File

@@ -17,10 +17,8 @@ github issues [2].
Adam Gołębiowski
Alek Storm
Alex Nalivko
Alexandr Vlasov
Alexandros Konstantinakis-Karmis
Alexis La Goutte
Alyssa Ross
Amir Livneh
Amir Pakdel
Anders Bakken
@@ -30,12 +28,10 @@ Andy Davies
Angus Gratton
Anna Henningsen
Ant Bryan
Anthony Alayo
Asra Ali
Benedikt Christoph Wolters
Benjamin Peterson
Bernard Spil
Bernhard Walle
Brendan Heinonen
Brian Card
Brian Suh
@@ -46,7 +42,6 @@ Dave Reisner
David Beitey
David Korczynski
David Weekly
Deel
Dimitris Apostolou
Dmitri Tikhonov
Dmitriy Vetutnev
@@ -74,8 +69,6 @@ Jay Satiro
Jeff 'Raid' Baitis
Jianqing Wang
Jim Morrison
Jiwoo Park
Jonas Kvinge
Josh Braegger
José F. Calcerrada
Kamil Dudka
@@ -113,11 +106,9 @@ Richard Wolfert
Rick Lei
Ross Smith II
Rudi Heitbaum
Ryan Carsten Schmidt
Ryo Ota
Scott Mitchell
Sebastiaan Deckers
Sergey Fedorov
Shelley Vohr
Simon Frankenberger
Simone Basso
@@ -130,7 +121,6 @@ Syohei YOSHIDA
Tapanito
Tatsuhiko Kubo
Tatsuhiro Tsujikawa
Thomas Devoogdt
Tobias Geerinckx-Rice
Tom Harwood
Tomas Krizek
@@ -152,7 +142,6 @@ dalf
dawg
es
fangdingjun
hrxi
jwchoi
kumagi
lhuang04

237
CMakeLists.txt
View File

@@ -22,15 +22,15 @@
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
cmake_minimum_required(VERSION 3.14)
cmake_minimum_required(VERSION 3.0)
# XXX using 1.8.90 instead of 1.9.0-DEV
project(nghttp2 VERSION 1.63.0 LANGUAGES C)
project(nghttp2 VERSION 1.55.1)
# See versioning rule:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
set(LT_CURRENT 42)
set(LT_REVISION 2)
set(LT_AGE 28)
set(LT_CURRENT 38)
set(LT_REVISION 3)
set(LT_AGE 24)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
include(Version)
@@ -51,47 +51,28 @@ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
endif()
include(GNUInstallDirs)
include(CMakeDependentOption)
# For documentation
find_package(Python3 COMPONENTS Interpreter)
# Auto-detection of features that can be toggled
if(NOT ENABLE_LIB_ONLY)
enable_language(CXX)
find_package(Libev 4.11)
find_package(Libcares 1.7.5)
find_package(ZLIB 1.2.3)
find_package(Libbrotlienc 1.0.9)
find_package(Libbrotlidec 1.0.9)
find_package(OpenSSL 1.0.1)
find_package(Libev 4.11)
find_package(Libcares 1.7.5)
find_package(ZLIB 1.2.3)
find_package(Libngtcp2 0.0.0)
find_package(Libngtcp2_crypto_quictls 0.0.0)
if(LIBNGTCP2_CRYPTO_QUICTLS_FOUND)
set(HAVE_LIBNGTCP2_CRYPTO_QUICTLS 1)
endif()
if(WITH_WOLFSSL)
find_package(WolfSSL 5.7.0)
else()
find_package(OpenSSL 1.1.1)
endif()
find_package(Libngtcp2 1.0.0)
if(OPENSSL_FOUND)
find_package(Libngtcp2_crypto_quictls 1.0.0)
if(LIBNGTCP2_CRYPTO_QUICTLS_FOUND)
set(HAVE_LIBNGTCP2_CRYPTO_QUICTLS 1)
endif()
endif()
if(WOLFSSL_FOUND)
find_package(Libngtcp2_crypto_wolfssl 1.0.0)
if(LIBNGTCP2_CRYPTO_WOLFSSL_FOUND)
set(HAVE_LIBNGTCP2_CRYPTO_WOLFSSL 1)
endif()
endif()
find_package(Libnghttp3 1.1.0)
find_package(Libnghttp3 0.0.0)
if(WITH_LIBBPF)
find_package(Libbpf 0.7.0)
find_package(Libbpf 0.4.0)
if(NOT LIBBPF_FOUND)
message(FATAL_ERROR "libbpf was requested (WITH_LIBBPF=1) but not found.")
endif()
endif()
if((OPENSSL_FOUND OR WOLFSSL_FOUND) AND LIBEV_FOUND AND ZLIB_FOUND)
if(OPENSSL_FOUND AND LIBEV_FOUND AND ZLIB_FOUND)
set(ENABLE_APP_DEFAULT ON)
else()
set(ENABLE_APP_DEFAULT OFF)
@@ -136,31 +117,30 @@ else()
set(HINT_NORETURN)
endif()
if(NOT ENABLE_LIB_ONLY)
include(ExtractValidFlags)
foreach(_cxx1x_flag -std=c++20)
extract_valid_cxx_flags(_cxx1x_flag_supported ${_cxx1x_flag})
if(_cxx1x_flag_supported)
set(CXX1XCXXFLAGS ${_cxx1x_flag})
break()
endif()
endforeach()
include(ExtractValidFlags)
foreach(_cxx1x_flag -std=c++14)
extract_valid_cxx_flags(_cxx1x_flag_supported ${_cxx1x_flag})
if(_cxx1x_flag_supported)
set(CXX1XCXXFLAGS ${_cxx1x_flag})
break()
endif()
endforeach()
include(CMakePushCheckState)
include(CheckCXXSourceCompiles)
cmake_push_check_state()
set(CMAKE_REQUIRED_DEFINITIONS "${CXX1XCXXFLAGS}")
# Check that std::future is available.
check_cxx_source_compiles("
#include <vector>
#include <future>
int main() { std::vector<std::future<int>> v; }" HAVE_STD_FUTURE)
# Check that std::map::emplace is available for g++-4.7.
check_cxx_source_compiles("
#include <map>
int main() { std::map<int, int>().emplace(1, 2); }" HAVE_STD_MAP_EMPLACE)
cmake_pop_check_state()
include(CMakePushCheckState)
include(CheckCXXSourceCompiles)
cmake_push_check_state()
set(CMAKE_REQUIRED_DEFINITIONS "${CXX1XCXXFLAGS}")
# Check that std::future is available.
check_cxx_source_compiles("
#include <vector>
#include <future>
int main() { std::vector<std::future<int>> v; }" HAVE_STD_FUTURE)
# Check that std::map::emplace is available for g++-4.7.
check_cxx_source_compiles("
#include <map>
int main() { std::map<int, int>().emplace(1, 2); }" HAVE_STD_MAP_EMPLACE)
cmake_pop_check_state()
endif()
# Checks for libraries.
# Additional libraries required for programs under src directory.
@@ -182,13 +162,17 @@ endif()
# XXX shouldn't ${CMAKE_DL_LIBS} be appended to OPENSSL_LIBRARIES instead of
# APP_LIBRARIES if it is really specific to OpenSSL?
find_package(CUnit 2.1)
enable_testing()
add_custom_target(check COMMAND ${CMAKE_CTEST_COMMAND})
set(HAVE_CUNIT ${CUNIT_FOUND})
if(HAVE_CUNIT)
add_custom_target(check COMMAND ${CMAKE_CTEST_COMMAND})
endif()
# openssl (for src)
include(CheckSymbolExists)
set(HAVE_OPENSSL ${OPENSSL_FOUND})
if(NOT ENABLE_LIB_ONLY AND OPENSSL_FOUND)
if(OPENSSL_FOUND)
set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
cmake_push_check_state()
set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}")
@@ -196,33 +180,15 @@ if(NOT ENABLE_LIB_ONLY AND OPENSSL_FOUND)
if(WIN32)
set(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES}" "ws2_32" "bcrypt")
endif()
if(ENABLE_HTTP3)
check_symbol_exists(SSL_provide_quic_data "openssl/ssl.h" HAVE_SSL_PROVIDE_QUIC_DATA)
if(NOT HAVE_SSL_PROVIDE_QUIC_DATA)
message(WARNING "OpenSSL in ${OPENSSL_LIBRARIES} does not have SSL_provide_quic_data. HTTP/3 support cannot be enabled")
endif()
check_symbol_exists(SSL_is_quic "openssl/ssl.h" HAVE_SSL_IS_QUIC)
if(NOT HAVE_SSL_IS_QUIC)
message(WARNING "OpenSSL in ${OPENSSL_LIBRARIES} does not have SSL_is_quic. HTTP/3 support cannot be enabled")
endif()
cmake_pop_check_state()
else()
set(OPENSSL_INCLUDE_DIRS "")
set(OPENSSL_LIBRARIES "")
endif()
# wolfSSL (for src)
set(HAVE_WOLFSSL ${WOLFSSL_FOUND})
if(WOLFSSL_FOUND)
set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR})
cmake_push_check_state()
set(CMAKE_REQUIRED_INCLUDES "${WOLFSSL_INCLUDE_DIR}")
set(CMAKE_REQUIRED_LIBRARIES "${WOLFSSL_LIBRARIES}")
check_symbol_exists(SSL_provide_quic_data "wolfssl/options.h;wolfssl/ssl.h" HAVE_WOLFSSL_SSL_PROVIDE_QUIC_DATA)
if(NOT HAVE_WOLFSSL_SSL_PROVIDE_QUIC_DATA)
message(WARNING "wolfSSL in ${WOLFSSL_LIBRARIES} does not have SSL_provide_quic_data. HTTP/3 support cannot be enabled")
endif()
cmake_pop_check_state()
else()
set(WOLFSSL_INCLUDE_DIRS "")
set(WOLFSSL_LIBRARIES "")
endif()
# libev (for src)
set(HAVE_LIBEV ${LIBEV_FOUND})
set(HAVE_ZLIB ${ZLIB_FOUND})
@@ -253,13 +219,6 @@ endif()
# jemalloc
set(HAVE_JEMALLOC ${JEMALLOC_FOUND})
# libbrotli (for src)
set(HAVE_LIBBROTLIENC ${LIBBROTLIENC_FOUND})
set(HAVE_LIBBROTLIDEC ${LIBBROTLIDEC_FOUND})
if(LIBBROTLIENC_FOUND AND LIBBROTLIDEC_FOUND)
set(HAVE_LIBBROTLI 1)
endif()
# libbpf (for bpf)
set(HAVE_LIBBPF ${LIBBPF_FOUND})
if(LIBBPF_FOUND)
@@ -275,16 +234,13 @@ int main() { enum bpf_stats_type foo; (void)foo; }" HAVE_BPF_STATS_TYPE)
endif()
# The nghttp, nghttpd and nghttpx under src depend on zlib, OpenSSL and libev
if(ENABLE_APP AND NOT (ZLIB_FOUND AND (OPENSSL_FOUND OR WOLFSSL_FOUND) AND LIBEV_FOUND))
if(ENABLE_APP AND NOT (ZLIB_FOUND AND OPENSSL_FOUND AND LIBEV_FOUND))
message(FATAL_ERROR "Applications were requested (ENABLE_APP=1) but dependencies are not met.")
endif()
# HTTP/3 requires libngtcp2 + (quictls/openssl +
# libngtcp2_crypto_quictls or wolfSSL + libngtcp2_crypto_wolfssl) and
# libnghttp3.
if(ENABLE_HTTP3 AND NOT (LIBNGTCP2_FOUND AND LIBNGHTTP3_FOUND AND
((HAVE_SSL_PROVIDE_QUIC_DATA AND LIBNGTCP2_CRYPTO_QUICTLS_FOUND) OR
(HAVE_WOLFSSL_SSL_PROVIDE_QUIC_DATA AND LIBNGTCP2_CRYPTO_WOLFSSL_FOUND))))
# HTTP/3 requires quictls/openssl, libngtcp2, libngtcp2_crypto_quictls
# and libnghttp3.
if(ENABLE_HTTP3 AND NOT (HAVE_SSL_IS_QUIC AND LIBNGTCP2_FOUND AND LIBNGTCP2_CRYPTO_QUICTLS_FOUND AND LIBNGHTTP3_FOUND))
message(FATAL_ERROR "HTTP/3 was requested (ENABLE_HTTP3=1) but dependencies are not met.")
endif()
@@ -317,13 +273,12 @@ check_include_file("inttypes.h" HAVE_INTTYPES_H)
check_include_file("limits.h" HAVE_LIMITS_H)
check_include_file("netdb.h" HAVE_NETDB_H)
check_include_file("netinet/in.h" HAVE_NETINET_IN_H)
check_include_file("netinet/ip.h" HAVE_NETINET_IP_H)
check_include_file("pwd.h" HAVE_PWD_H)
check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H)
check_include_file("sys/time.h" HAVE_SYS_TIME_H)
check_include_file("syslog.h" HAVE_SYSLOG_H)
check_include_file("time.h" HAVE_TIME_H)
check_include_file("unistd.h" HAVE_UNISTD_H)
check_include_file("windows.h" HAVE_WINDOWS_H)
include(CheckTypeSize)
# Checks for typedefs, structures, and compiler characteristics.
@@ -353,15 +308,15 @@ endif()
include(CheckStructHasMember)
check_struct_has_member("struct tm" tm_gmtoff time.h HAVE_STRUCT_TM_TM_GMTOFF)
# Check size of pointer to decide we need 8 bytes alignment adjustment.
check_type_size("int *" SIZEOF_INT_P)
check_type_size("time_t" SIZEOF_TIME_T)
# Checks for library functions.
include(CheckFunctionExists)
check_function_exists(_Exit HAVE__EXIT)
check_function_exists(accept4 HAVE_ACCEPT4)
check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
check_function_exists(mkostemp HAVE_MKOSTEMP)
check_function_exists(pipe2 HAVE_PIPE2)
check_symbol_exists(GetTickCount64 sysinfoapi.h HAVE_GETTICKCOUNT64)
include(CheckSymbolExists)
# XXX does this correctly detect initgroups (un)availability on cygwin?
@@ -374,8 +329,6 @@ if(NOT HAVE_DECL_INITGROUPS AND HAVE_UNISTD_H)
endif()
endif()
check_symbol_exists(CLOCK_MONOTONIC "time.h" HAVE_DECL_CLOCK_MONOTONIC)
set(WARNCFLAGS)
set(WARNCXXFLAGS)
if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
@@ -385,12 +338,65 @@ if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
endif()
else()
if(ENABLE_WERROR)
set(WARNCFLAGS "-Werror")
set(WARNCXXFLAGS "-Werror")
extract_valid_c_flags(WARNCFLAGS -Werror)
extract_valid_c_flags(WARNCXXFLAGS -Werror)
endif()
include(PickyWarningsC)
include(PickyWarningsCXX)
# For C compiler
extract_valid_c_flags(WARNCFLAGS
-Wall
-Wextra
-Wmissing-prototypes
-Wstrict-prototypes
-Wmissing-declarations
-Wpointer-arith
-Wdeclaration-after-statement
-Wformat-security
-Wwrite-strings
-Wshadow
-Winline
-Wnested-externs
-Wfloat-equal
-Wundef
-Wendif-labels
-Wempty-body
-Wcast-align
-Wclobbered
-Wvla
-Wpragmas
-Wunreachable-code
-Waddress
-Wattributes
-Wdiv-by-zero
-Wshorten-64-to-32
-Wconversion
-Wextended-offsetof
-Wformat-nonliteral
-Wlanguage-extension-token
-Wmissing-field-initializers
-Wmissing-noreturn
-Wmissing-variable-declarations
# Not used because we cannot change public structs
# -Wpadded
-Wsign-conversion
# Not used because this basically disallows default case
# -Wswitch-enum
-Wunreachable-code-break
-Wunused-macros
-Wunused-parameter
-Wredundant-decls
# Only work with Clang for the moment
-Wheader-guard
# This is required because we pass format string as "const char*.
-Wno-format-nonliteral
)
extract_valid_cxx_flags(WARNCXXFLAGS
# For C++ compiler
-Wall
-Wformat-security
)
endif()
if(ENABLE_STATIC_CRT)
@@ -469,11 +475,9 @@ add_subdirectory(lib)
add_subdirectory(third-party)
add_subdirectory(src)
add_subdirectory(examples)
if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME AND BUILD_TESTING)
add_subdirectory(tests)
#add_subdirectory(tests/testdata)
add_subdirectory(integration-tests)
endif()
add_subdirectory(tests)
#add_subdirectory(tests/testdata)
add_subdirectory(integration-tests)
if(ENABLE_DOC)
add_subdirectory(doc)
endif()
@@ -497,22 +501,19 @@ message(STATUS "summary of build options:
CXXFLAGS: ${CMAKE_CXX_FLAGS_${_build_type}} ${CMAKE_CXX_FLAGS}
WARNCFLAGS: ${WARNCFLAGS}
CXX1XCXXFLAGS: ${CXX1XCXXFLAGS}
WARNCXXFLAGS: ${WARNCXXFLAGS}
Python:
Python: ${Python3_EXECUTABLE}
Python3_VERSION: ${Python3_VERSION}
Test:
CUnit: ${HAVE_CUNIT} (LIBS='${CUNIT_LIBRARIES}')
Failmalloc: ${ENABLE_FAILMALLOC}
Build Test: ${BUILD_TESTING}
Libs:
OpenSSL: ${HAVE_OPENSSL} (LIBS='${OPENSSL_LIBRARIES}')
wolfSSL: ${HAVE_WOLFSSL} (LIBS='${WOLFSSL_LIBRARIES}')
Libxml2: ${HAVE_LIBXML2} (LIBS='${LIBXML2_LIBRARIES}')
Libev: ${HAVE_LIBEV} (LIBS='${LIBEV_LIBRARIES}')
Libc-ares: ${HAVE_LIBCARES} (LIBS='${LIBCARES_LIBRARIES}')
Libngtcp2: ${HAVE_LIBNGTCP2} (LIBS='${LIBNGTCP2_LIBRARIES}')
Libngtcp2_crypto_quictls: ${HAVE_LIBNGTCP2_CRYPTO_QUICTLS} (LIBS='${LIBNGTCP2_CRYPTO_QUICTLS_LIBRARIES}')
Libngtcp2_crypto_wolfssl: ${HAVE_LIBNGTCP2_CRYPTO_WOLFSSL} (LIBS='${LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARIES}')
Libnghttp3: ${HAVE_LIBNGHTTP3} (LIBS='${LIBNGHTTP3_LIBRARIES}')
Libbpf: ${HAVE_LIBBPF} (LIBS='${LIBBPF_LIBRARIES}')
Libevent(SSL): ${HAVE_LIBEVENT_OPENSSL} (LIBS='${LIBEVENT_OPENSSL_LIBRARIES}')
@@ -520,8 +521,6 @@ message(STATUS "summary of build options:
Jemalloc: ${HAVE_JEMALLOC} (LIBS='${JEMALLOC_LIBRARIES}')
Zlib: ${HAVE_ZLIB} (LIBS='${ZLIB_LIBRARIES}')
Systemd: ${HAVE_SYSTEMD} (LIBS='${SYSTEMD_LIBRARIES}')
Libbrotlienc: ${HAVE_LIBBROTLIENC} (LIBS='${LIBBROTLIENC_LIBRARIES}')
Libbrotlidec: ${HAVE_LIBBROTLIDEC} (LIBS='${LIBBROTLIDEC_LIBRARIES}')
Third-party:
http-parser: ${ENABLE_THIRD_PARTY}
MRuby: ${HAVE_MRUBY}

6
CMakeOptions.txt
View File

@@ -11,12 +11,11 @@ option(ENABLE_EXAMPLES "Build examples"
${ENABLE_EXAMPLES_DEFAULT})
option(ENABLE_FAILMALLOC "Build failmalloc test program" ON)
option(ENABLE_LIB_ONLY "Build libnghttp2 only. This is a short hand for -DENABLE_APP=0 -DENABLE_EXAMPLES=0 -DENABLE_HPACK_TOOLS=0")
option(BUILD_SHARED_LIBS "Build libnghttp2 as a shared library" ON)
option(BUILD_STATIC_LIBS "Build libnghttp2 in static mode also" OFF)
option(ENABLE_STATIC_LIB "Build libnghttp2 in static mode also")
option(ENABLE_SHARED_LIB "Build libnghttp2 as a shared library" ON)
option(ENABLE_STATIC_CRT "Build libnghttp2 against the MS LIBCMT[d]")
option(ENABLE_HTTP3 "Enable HTTP/3 support" OFF)
option(ENABLE_DOC "Build documentation" ON)
cmake_dependent_option(BUILD_TESTING "Enable tests" ON "BUILD_STATIC_LIBS" OFF)
option(WITH_LIBXML2 "Use libxml2"
${WITH_LIBXML2_DEFAULT})
@@ -25,6 +24,5 @@ option(WITH_JEMALLOC "Use jemalloc"
option(WITH_MRUBY "Use mruby")
option(WITH_NEVERBLEED "Use neverbleed")
option(WITH_LIBBPF "Use libbpf")
option(WITH_WOLFSSL "Use wolfSSL")
# vim: ft=cmake:

13
Dockerfile.android
View File

@@ -15,7 +15,7 @@
FROM ubuntu:22.04
MAINTAINER Tatsuhiro Tsujikawa
ENV NDK_VERSION r26d
ENV NDK_VERSION r25b
ENV NDK /root/android-ndk-$NDK_VERSION
ENV TOOLCHAIN $NDK/toolchains/llvm/prebuilt/linux-x86_64
ENV TARGET aarch64-linux-android
@@ -42,9 +42,9 @@ RUN curl -L -O https://dl.google.com/android/repository/android-ndk-$NDK_VERSION
rm android-ndk-$NDK_VERSION-linux.zip
# Setup version of libraries
ENV OPENSSL_VERSION 1.1.1w
ENV OPENSSL_VERSION 1.1.1q
ENV LIBEV_VERSION 4.33
ENV ZLIB_VERSION 1.3.1
ENV ZLIB_VERSION 1.2.13
ENV CARES_VERSION 1.18.1
ENV NGHTTP2_VERSION master
@@ -65,7 +65,6 @@ RUN curl -L -O http://dist.schmorp.de/libev/Attic/libev-$LIBEV_VERSION.tar.gz &&
WORKDIR /root/build/libev-$LIBEV_VERSION
RUN ./configure \
--disable-dependency-tracking \
--host=$TARGET \
--build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
--prefix=$PREFIX \
@@ -76,7 +75,7 @@ RUN ./configure \
make install
WORKDIR /root/build
RUN curl -L -O https://github.com/madler/zlib/releases/download/v$ZLIB_VERSION/zlib-$ZLIB_VERSION.tar.gz && \
RUN curl -L -O https://zlib.net/zlib-$ZLIB_VERSION.tar.gz && \
tar xf zlib-$ZLIB_VERSION.tar.gz && \
rm zlib-$ZLIB_VERSION.tar.gz
@@ -91,13 +90,12 @@ RUN HOST=$TARGET \
WORKDIR /root/build
RUN curl -L -O https://github.com/c-ares/c-ares/releases/download/cares-1_18_1/c-ares-$CARES_VERSION.tar.gz && \
RUN curl -L -O https://c-ares.haxx.se/download/c-ares-$CARES_VERSION.tar.gz && \
tar xf c-ares-$CARES_VERSION.tar.gz && \
rm c-ares-$CARES_VERSION.tar.gz
WORKDIR /root/build/c-ares-$CARES_VERSION
RUN ./configure \
--disable-dependency-tracking \
--host=$TARGET \
--build=`dpkg-architecture -qDEB_BUILD_GNU_TYPE` \
--prefix=$PREFIX \
@@ -109,7 +107,6 @@ RUN git clone https://github.com/nghttp2/nghttp2 -b $NGHTTP2_VERSION --depth 1
WORKDIR /root/build/nghttp2
RUN autoreconf -i && \
./configure \
--disable-dependency-tracking \
--enable-app \
--disable-shared \
--host=$TARGET \

11
Makefile.am
View File

@@ -35,6 +35,7 @@ EXTRA_DIST = nghttpx.conf.sample proxy.pac.sample android-config android-env \
cmake/ExtractValidFlags.cmake \
cmake/FindJemalloc.cmake \
cmake/FindLibev.cmake \
cmake/FindCUnit.cmake \
cmake/Version.cmake \
cmake/FindLibevent.cmake \
cmake/FindJansson.cmake \
@@ -43,13 +44,7 @@ EXTRA_DIST = nghttpx.conf.sample proxy.pac.sample android-config android-env \
cmake/FindLibbpf.cmake \
cmake/FindLibnghttp3.cmake \
cmake/FindLibngtcp2.cmake \
cmake/FindLibngtcp2_crypto_quictls.cmake \
cmake/FindLibbrotlienc.cmake \
cmake/FindLibbrotlidec.cmake \
cmake/FindLibngtcp2_crypto_wolfssl.cmake \
cmake/FindWolfSSL.cmake \
cmake/PickyWarningsC.cmake \
cmake/PickyWarningsCXX.cmake
cmake/FindLibngtcp2_crypto_quictls.cmake
.PHONY: clang-format
@@ -60,5 +55,5 @@ clang-format:
CLANGFORMAT=`git config --get clangformat.binary`; \
test -z $${CLANGFORMAT} && CLANGFORMAT="clang-format"; \
$${CLANGFORMAT} -i lib/*.{c,h} lib/includes/nghttp2/*.h \
src/*.{c,cc,h} examples/*.c \
src/*.{c,cc,h} examples/*.{c,cc} \
tests/*.{c,h} bpf/*.c fuzz/*.cc

123
README.rst
View File

@@ -29,10 +29,10 @@ Public Test Server
The following endpoints are available to try out our nghttp2
implementation.
* https://nghttp2.org/ (TLS + ALPN and HTTP/3)
* https://nghttp2.org/ (TLS + ALPN/NPN and HTTP/3)
This endpoint supports ``h2``, ``h2-16``, ``h2-14``, and
``http/1.1`` via ALPN and requires TLSv1.2 for HTTP/2
``http/1.1`` via ALPN/NPN and requires TLSv1.2 for HTTP/2
connection.
It also supports HTTP/3.
@@ -48,6 +48,11 @@ The following package is required to build the libnghttp2 library:
* pkg-config >= 0.20
To build and run the unit test programs, the following package is
required:
* cunit >= 2.1
To build the documentation, you need to install:
* sphinx (http://sphinx-doc.org/)
@@ -61,12 +66,15 @@ To build and run the application programs (``nghttp``, ``nghttpd``,
``nghttpx`` and ``h2load``) in the ``src`` directory, the following packages
are required:
* OpenSSL >= 1.1.1; or wolfSSL >= 5.7.0; or LibreSSL >= 3.8.1; or
aws-lc >= 1.19.0; or BoringSSL
* OpenSSL >= 1.0.1
* libev >= 4.11
* zlib >= 1.2.3
* libc-ares >= 1.7.5
ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
features than LibreSSL at the time of this writing.
To enable ``-a`` option (getting linked assets from the downloaded
resource) in ``nghttp``, the following package is required:
@@ -95,15 +103,10 @@ To mitigate heap fragmentation in long running server programs
Alpine Linux currently does not support malloc replacement
due to musl limitations. See details in issue `#762 <https://github.com/nghttp2/nghttp2/issues/762>`_.
For BoringSSL or aws-lc build, to enable :rfc:`8879` TLS Certificate
Compression in applications, the following library is required:
* libbrotli-dev >= 1.0.9
To enable mruby support for nghttpx, `mruby
<https://github.com/mruby/mruby>`_ is required. We need to build
mruby with C++ ABI explicitly turned on, and probably need other
mrgems, mruby is managed by git submodule under third-party/mruby
mrgems, mruby is manged by git submodule under third-party/mruby
directory. Currently, mruby support for nghttpx is disabled by
default. To enable mruby support, use ``--with-mruby`` configure
option. Note that at the time of this writing, libmruby-dev and mruby
@@ -115,21 +118,20 @@ required:
* bison
nghttpx supports `neverbleed <https://github.com/h2o/neverbleed>`_,
privilege separation engine for OpenSSL. In short, it minimizes the
risk of private key leakage when serious bug like Heartbleed is
exploited. The neverbleed is disabled by default. To enable it, use
``--with-neverbleed`` configure option.
privilege separation engine for OpenSSL / LibreSSL. In short, it
minimizes the risk of private key leakage when serious bug like
Heartbleed is exploited. The neverbleed is disabled by default. To
enable it, use ``--with-neverbleed`` configure option.
To enable the experimental HTTP/3 support for h2load and nghttpx, the
following libraries are required:
* `OpenSSL with QUIC support
<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1w+quic>`_; or
wolfSSL; or LibreSSL (does not support 0RTT); or aws-lc; or
<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1u+quic>`_; or
`BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit
e13f7e2ff5432205f09b4679c8a7715f1c130372)
* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 1.4.0
* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 1.1.0
80dcb67d4481fb1194b9669917e35580c32dc388)
* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ 0.17.x
* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ 0.13.x
Use ``--enable-http3`` configure option to enable HTTP/3 feature for
h2load and nghttpx.
@@ -144,14 +146,14 @@ Use ``--with-libbpf`` configure option to build eBPF program.
libelf-dev is needed to build libbpf.
For Ubuntu 20.04, you can build libbpf from `the source code
<https://github.com/libbpf/libbpf/releases>`_. nghttpx requires eBPF
program for reloading its configuration and hot swapping its
executable.
<https://github.com/libbpf/libbpf/releases/tag/v1.2.0>`_. nghttpx
requires eBPF program for reloading its configuration and hot swapping
its executable.
Compiling libnghttp2 C source code requires a C99 compiler. gcc 4.8
is known to be adequate. In order to compile the C++ source code,
C++20 compliant compiler is required. At least g++ >= 12 and
clang++ >= 15 are known to work.
is known to be adequate. In order to compile the C++ source code, gcc
>= 6.0 or clang >= 6.0 is required. C++ source code requires C++14
language features.
.. note::
@@ -205,7 +207,7 @@ required packages:
sudo apt-get install g++ clang make binutils autoconf automake \
autotools-dev libtool pkg-config \
zlib1g-dev libssl-dev libxml2-dev libev-dev \
zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev \
libevent-dev libjansson-dev \
libc-ares-dev libjemalloc-dev libsystemd-dev \
ruby-dev bison libelf-dev
@@ -337,24 +339,23 @@ connections alive during reload.
The detailed steps to build HTTP/3 enabled h2load and nghttpx follow.
Build aws-lc:
Build custom OpenSSL:
.. code-block:: text
$ git clone --depth 1 -b v1.34.2 https://github.com/aws/aws-lc
$ cd aws-lc
$ cmake -B build -DDISABLE_GO=ON --install-prefix=$PWD/opt
$ make -j$(nproc) -C build
$ cmake --install build
$ git clone --depth 1 -b OpenSSL_1_1_1u+quic https://github.com/quictls/openssl
$ cd openssl
$ ./config --prefix=$PWD/build --openssldir=/etc/ssl
$ make -j$(nproc)
$ make install_sw
$ cd ..
Build nghttp3:
.. code-block:: text
$ git clone --depth 1 -b v1.5.0 https://github.com/ngtcp2/nghttp3
$ git clone --depth 1 -b v0.13.0 https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ git submodule update --init --depth 1
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only
$ make -j$(nproc)
@@ -365,13 +366,11 @@ Build ngtcp2:
.. code-block:: text
$ git clone --depth 1 -b v1.7.0 https://github.com/ngtcp2/ngtcp2
$ git clone --depth 1 -b v0.17.0 https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ git submodule update --init --depth 1
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only --with-boringssl \
BORINGSSL_CFLAGS="-I$PWD/../aws-lc/opt/include" \
BORINGSSL_LIBS="-L$PWD/../aws-lc/opt/lib -lssl -lcrypto"
$ ./configure --prefix=$PWD/build --enable-lib-only \
PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig"
$ make -j$(nproc)
$ make install
$ cd ..
@@ -381,7 +380,7 @@ from source:
.. code-block:: text
$ git clone --depth 1 -b v1.4.5 https://github.com/libbpf/libbpf
$ git clone --depth 1 -b v1.2.0 https://github.com/libbpf/libbpf
$ cd libbpf
$ PREFIX=$PWD/build make -C src install
$ cd ..
@@ -394,10 +393,10 @@ Build nghttp2:
$ cd nghttp2
$ git submodule update --init
$ autoreconf -i
$ ./configure --with-mruby --enable-http3 --with-libbpf \
CC=clang-15 CXX=clang++-15 \
PKG_CONFIG_PATH="$PWD/../aws-lc/opt/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig:$PWD/../ngtcp2/build/lib/pkgconfig:$PWD/../libbpf/build/lib64/pkgconfig" \
LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/../aws-lc/opt/lib -Wl,-rpath,$PWD/../libbpf/build/lib64"
$ ./configure --with-mruby --with-neverbleed --enable-http3 --with-libbpf \
CC=clang-14 CXX=clang++-14 \
PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig:$PWD/../ngtcp2/build/lib/pkgconfig:$PWD/../libbpf/build/lib64/pkgconfig" \
LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/../openssl/build/lib -Wl,-rpath,$PWD/../libbpf/build/lib64"
$ make -j$(nproc)
The eBPF program ``reuseport_kern.o`` should be found under bpf
@@ -482,7 +481,7 @@ Previously nghttp2 library did not send client magic, which is first
24 bytes byte string of client connection preface, and client
applications have to send it by themselves. Since v1.0.0, client
magic is sent by library via first call of ``nghttp2_session_send()``
or ``nghttp2_session_mem_send2()``.
or ``nghttp2_session_mem_send()``.
The client applications which send client magic must remove the
relevant code.
@@ -540,7 +539,7 @@ nghttp - client
+++++++++++++++
``nghttp`` is a HTTP/2 client. It can connect to the HTTP/2 server
with prior knowledge, HTTP Upgrade and ALPN TLS extension.
with prior knowledge, HTTP Upgrade and NPN/ALPN TLS extension.
It has verbose output mode for framing information. Here is sample
output from ``nghttp`` client:
@@ -766,8 +765,8 @@ nghttpd - server
By default, it uses SSL/TLS connection. Use ``--no-tls`` option to
disable it.
``nghttpd`` only accepts HTTP/2 connections via ALPN or direct HTTP/2
connections. No HTTP Upgrade is supported.
``nghttpd`` only accepts HTTP/2 connections via NPN/ALPN or direct
HTTP/2 connections. No HTTP Upgrade is supported.
The ``-p`` option allows users to configure server push.
@@ -848,7 +847,7 @@ to know how to migrate from earlier releases.
``nghttpx`` implements `important performance-oriented features
<https://istlsfastyet.com/#server-performance>`_ in TLS, such as
session IDs, session tickets (with automatic key rotation), OCSP
stapling, dynamic record sizing, ALPN, forward secrecy and HTTP/2.
stapling, dynamic record sizing, ALPN/NPN, forward secrecy and HTTP/2.
``nghttpx`` also offers the functionality to share session cache and
ticket keys among multiple ``nghttpx`` instances via memcached.
@@ -975,15 +974,12 @@ threads to avoid saturating a single core on client side.
servers.
If the experimental HTTP/3 is enabled, h2load can send requests to
HTTP/3 server. To do this, specify ``h3`` to ``--alpn-list`` option
HTTP/3 server. To do this, specify ``h3`` to ``--npn-list`` option
like so:
.. code-block:: text
$ h2load --alpn-list h3 https://127.0.0.1:4433
For nghttp2 v1.58 or earlier, use ``--npn-list`` instead of
``--alpn-list``.
$ h2load --npn-list h3 https://127.0.0.1:4433
HPACK tools
-----------
@@ -1449,10 +1445,23 @@ See `Contribution Guidelines
<https://nghttp2.org/documentation/contribute.html>`_ for more
details.
Versioning
----------
Reporting vulnerability
-----------------------
In general, we follow `Semantic Versioning <http://semver.org/>`_.
If you find a vulnerability in our software, please send the email to
"tatsuhiro.t at gmail dot com" about its details instead of submitting
issues on github issue page. It is a standard practice not to
disclose vulnerability information publicly until a fixed version is
released, or mitigation is worked out.
In the future, we may setup a dedicated mail address for this purpose.
Release schedule
----------------
In general, we follow `Semantic Versioning <http://semver.org/>`_. We
release MINOR version update every month, and usually we ship it
around 25th day of every month.
We may release PATCH releases between the regular releases, mainly for
severe security bug fixes.

31
SECURITY.md
View File

@@ -1,31 +0,0 @@
# Security Process
If you find a vulnerability in our software, please report it via
GitHub "Private vulnerability reporting" feature at
https://github.com/nghttp2/nghttp2/security instead of submitting
issues on github issue page. It is a standard practice not to
disclose vulnerability information publicly until a fixed version is
released, or mitigation is worked out.
If we identify that the reported issue is really a vulnerability, we
open a new security advisory draft using [GitHub security
feature](https://github.com/nghttp2/nghttp2/security) and discuss the
mitigation and bug fixes there. The fixes are committed to the
private repository.
We write the security advisory and get CVE number from GitHub
privately. We also discuss the disclosure date to the public.
We make a new release with the fix at the same time when the
vulnerability is disclosed to public.
At least 7 days before the public disclosure date, we open a new issue
on [nghttp2 issue tracker](https://github.com/nghttp2/nghttp2/issues)
which notifies that the upcoming release will have a security fix.
The `SECURITY` label is attached to this kind of issue. The issue is
not opened if a vulnerability is already disclosed, and it is publicly
known that nghttp2 is affected by that.
Before few hours of new release, we merge the fixes to the master
branch (and/or a release branch if necessary) and make a new release.
Security advisory is disclosed on GitHub.

182
bpf/reuseport_kern.c
View File

@@ -42,6 +42,11 @@
License is Public Domain. Commit hash:
12e7744b4919e9d55de75b7ab566326a1c8e7a67 */
#define AES_BLOCKLEN \
16 /* Block length in bytes - AES is 128b block \
only */
#define AES_KEYLEN 16 /* Key length in bytes */
#define AES_keyExpSize 176
struct AES_ctx {
@@ -52,6 +57,7 @@ struct AES_ctx {
in AES. Value=4 */
#define Nb 4
#define Nk 4 /* The number of 32 bit words in a key. */
#define Nr 10 /* The number of rounds in AES Cipher. */
/* state - array holding the intermediate results during
@@ -62,6 +68,31 @@ typedef __u8 state_t[4][4];
read-only storage instead of RAM The numbers below can be computed
dynamically trading ROM for RAM - This can be useful in (embedded)
bootloader applications, where ROM is often limited. */
static const __u8 sbox[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
0xb0, 0x54, 0xbb, 0x16};
static const __u8 rsbox[256] = {
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -86,6 +117,78 @@ static const __u8 rsbox[256] = {
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
0x55, 0x21, 0x0c, 0x7d};
/* The round constant word array, Rcon[i], contains the values given
by x to the power (i-1) being powers of x (x is denoted as {02}) in
the field GF(2^8) */
static const __u8 Rcon[11] = {0x8d, 0x01, 0x02, 0x04, 0x08, 0x10,
0x20, 0x40, 0x80, 0x1b, 0x36};
#define getSBoxValue(num) (sbox[(num)])
/* This function produces Nb(Nr+1) round keys. The round keys are used
in each round to decrypt the states. */
static void KeyExpansion(__u8 *RoundKey, const __u8 *Key) {
unsigned i, j, k;
__u8 tempa[4]; /* Used for the column/row operations */
/* The first round key is the key itself. */
for (i = 0; i < Nk; ++i) {
RoundKey[(i * 4) + 0] = Key[(i * 4) + 0];
RoundKey[(i * 4) + 1] = Key[(i * 4) + 1];
RoundKey[(i * 4) + 2] = Key[(i * 4) + 2];
RoundKey[(i * 4) + 3] = Key[(i * 4) + 3];
}
/* All other round keys are found from the previous round keys. */
for (i = Nk; i < Nb * (Nr + 1); ++i) {
{
k = (i - 1) * 4;
tempa[0] = RoundKey[k + 0];
tempa[1] = RoundKey[k + 1];
tempa[2] = RoundKey[k + 2];
tempa[3] = RoundKey[k + 3];
}
if (i % Nk == 0) {
/* This function shifts the 4 bytes in a word to the left once.
[a0,a1,a2,a3] becomes [a1,a2,a3,a0] */
/* Function RotWord() */
{
const __u8 u8tmp = tempa[0];
tempa[0] = tempa[1];
tempa[1] = tempa[2];
tempa[2] = tempa[3];
tempa[3] = u8tmp;
}
/* SubWord() is a function that takes a four-byte input word and
applies the S-box to each of the four bytes to produce an
output word. */
/* Function Subword() */
{
tempa[0] = getSBoxValue(tempa[0]);
tempa[1] = getSBoxValue(tempa[1]);
tempa[2] = getSBoxValue(tempa[2]);
tempa[3] = getSBoxValue(tempa[3]);
}
tempa[0] = tempa[0] ^ Rcon[i / Nk];
}
j = i * 4;
k = (i - Nk) * 4;
RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0];
RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1];
RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2];
RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3];
}
}
static void AES_init_ctx(struct AES_ctx *ctx, const __u8 *key) {
KeyExpansion(ctx->RoundKey, key);
}
/* This function adds the round key to state. The round key is added
to the state by an XOR function. */
static void AddRoundKey(__u8 round, state_t *state, const __u8 *RoundKey) {
@@ -325,7 +428,7 @@ struct {
__uint(max_entries, 255);
__type(key, __u64);
__type(value, __u32);
} worker_id_map SEC(".maps");
} cid_prefix_map SEC(".maps");
struct {
__uint(type, BPF_MAP_TYPE_REUSEPORT_SOCKARRAY);
@@ -336,18 +439,11 @@ struct {
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(max_entries, 1);
__uint(max_entries, 3);
__type(key, __u32);
__type(value, __u64);
} sk_info SEC(".maps");
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(max_entries, 1);
__type(key, __u32);
__type(value, struct AES_ctx);
} aes_key SEC(".maps");
typedef struct quic_hd {
__u8 *dcid;
__u32 dcidlen;
@@ -355,11 +451,11 @@ typedef struct quic_hd {
__u8 type;
} quic_hd;
#define SV_DCIDLEN 17
#define SV_DCIDLEN 20
#define MAX_DCIDLEN 20
#define MIN_DCIDLEN 8
#define WORKER_IDLEN 8
#define WORKER_ID_OFFSET 1
#define CID_PREFIXLEN 8
#define CID_PREFIX_OFFSET 1
enum {
NGTCP2_PKT_INITIAL = 0x0,
@@ -477,39 +573,14 @@ static __u32 sk_index_from_dcid(const quic_hd *qhd,
SEC("sk_reuseport")
int select_reuseport(struct sk_reuseport_md *reuse_md) {
__u32 sk_index, *psk_index;
__u64 *pnum_socks;
__u32 zero = 0;
__u64 *pnum_socks, *pkey;
__u32 zero = 0, key_high_idx = 1, key_low_idx = 2;
int rv;
quic_hd qhd;
__u8 qpktbuf[6 + MAX_DCIDLEN];
struct AES_ctx *aes_ctx;
__u8 *worker_id;
__u16 remote_port;
__u8 *data = reuse_md->data;
/* Packets less than 22 bytes never be a valid QUIC packet. */
if (reuse_md->len < sizeof(struct udphdr) + 22) {
return SK_DROP;
}
if (reuse_md->data + sizeof(struct udphdr) > reuse_md->data_end) {
return SK_DROP;
}
remote_port = (data[0] << 8) + data[1];
switch (remote_port) {
case 1900:
case 5353:
case 11211:
case 20800:
case 27015:
return SK_DROP;
default:
if (remote_port < 1024) {
return SK_DROP;
}
}
struct AES_ctx aes_ctx;
__u8 key[AES_KEYLEN];
__u8 *cid_prefix;
if (bpf_skb_load_bytes(reuse_md, sizeof(struct udphdr), qpktbuf,
sizeof(qpktbuf)) != 0) {
@@ -521,24 +592,35 @@ int select_reuseport(struct sk_reuseport_md *reuse_md) {
return SK_DROP;
}
aes_ctx = bpf_map_lookup_elem(&aes_key, &zero);
if (aes_ctx == NULL) {
pkey = bpf_map_lookup_elem(&sk_info, &key_high_idx);
if (pkey == NULL) {
return SK_DROP;
}
__builtin_memcpy(key, pkey, sizeof(*pkey));
pkey = bpf_map_lookup_elem(&sk_info, &key_low_idx);
if (pkey == NULL) {
return SK_DROP;
}
__builtin_memcpy(key + sizeof(*pkey), pkey, sizeof(*pkey));
rv = parse_quic(&qhd, qpktbuf, qpktbuf + sizeof(qpktbuf));
if (rv != 0) {
return SK_DROP;
}
AES_init_ctx(&aes_ctx, key);
switch (qhd.type) {
case NGTCP2_PKT_INITIAL:
case NGTCP2_PKT_0RTT:
if (qhd.dcidlen == SV_DCIDLEN) {
worker_id = qhd.dcid + WORKER_ID_OFFSET;
AES_ECB_decrypt(aes_ctx, worker_id);
cid_prefix = qhd.dcid + CID_PREFIX_OFFSET;
AES_ECB_decrypt(&aes_ctx, cid_prefix);
psk_index = bpf_map_lookup_elem(&worker_id_map, worker_id);
psk_index = bpf_map_lookup_elem(&cid_prefix_map, cid_prefix);
if (psk_index != NULL) {
sk_index = *psk_index;
@@ -555,10 +637,10 @@ int select_reuseport(struct sk_reuseport_md *reuse_md) {
return SK_DROP;
}
worker_id = qhd.dcid + WORKER_ID_OFFSET;
AES_ECB_decrypt(aes_ctx, worker_id);
cid_prefix = qhd.dcid + CID_PREFIX_OFFSET;
AES_ECB_decrypt(&aes_ctx, cid_prefix);
psk_index = bpf_map_lookup_elem(&worker_id_map, worker_id);
psk_index = bpf_map_lookup_elem(&cid_prefix_map, cid_prefix);
if (psk_index == NULL) {
sk_index = sk_index_from_dcid(&qhd, reuse_md, *pnum_socks);

40
cmake/FindCUnit.cmake Normal file
View File

@@ -0,0 +1,40 @@
# - Try to find cunit
# Once done this will define
# CUNIT_FOUND - System has cunit
# CUNIT_INCLUDE_DIRS - The cunit include directories
# CUNIT_LIBRARIES - The libraries needed to use cunit
find_package(PkgConfig QUIET)
pkg_check_modules(PC_CUNIT QUIET cunit)
find_path(CUNIT_INCLUDE_DIR
NAMES CUnit/CUnit.h
HINTS ${PC_CUNIT_INCLUDE_DIRS}
)
find_library(CUNIT_LIBRARY
NAMES cunit
HINTS ${PC_CUNIT_LIBRARY_DIRS}
)
if(CUNIT_INCLUDE_DIR)
set(_version_regex "^#define[ \t]+CU_VERSION[ \t]+\"([^\"]+)\".*")
file(STRINGS "${CUNIT_INCLUDE_DIR}/CUnit/CUnit.h"
CUNIT_VERSION REGEX "${_version_regex}")
string(REGEX REPLACE "${_version_regex}" "\\1"
CUNIT_VERSION "${CUNIT_VERSION}")
unset(_version_regex)
endif()
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set CUNIT_FOUND to TRUE
# if all listed variables are TRUE and the requested version matches.
find_package_handle_standard_args(CUnit REQUIRED_VARS
CUNIT_LIBRARY CUNIT_INCLUDE_DIR
VERSION_VAR CUNIT_VERSION)
if(CUNIT_FOUND)
set(CUNIT_LIBRARIES ${CUNIT_LIBRARY})
set(CUNIT_INCLUDE_DIRS ${CUNIT_INCLUDE_DIR})
endif()
mark_as_advanced(CUNIT_INCLUDE_DIR CUNIT_LIBRARY)

36
cmake/FindLibbrotlidec.cmake
View File

@@ -1,36 +0,0 @@
# - Try to find libbrotlidec
# Once done this will define
# LIBBROTLIDEC_FOUND - System has libbrotlidec
# LIBBROTLIDEC_INCLUDE_DIRS - The libbrotlidec include directories
# LIBBROTLIDEC_LIBRARIES - The libraries needed to use libbrotlidec
find_package(PkgConfig QUIET)
pkg_check_modules(PC_LIBBROTLIDEC QUIET libbrotlidec)
find_path(LIBBROTLIDEC_INCLUDE_DIR
NAMES brotli/decode.h
HINTS ${PC_LIBBROTLIDEC_INCLUDE_DIRS}
)
find_library(LIBBROTLIDEC_LIBRARY
NAMES brotlidec
HINTS ${PC_LIBBROTLIDEC_LIBRARY_DIRS}
)
if(PC_LIBBROTLIDEC_FOUND)
set(LIBBROTLIDEC_VERSION ${PC_LIBBROTLIDEC_VERSION})
endif()
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set LIBBROTLIDEC_FOUND
# to TRUE if all listed variables are TRUE and the requested version
# matches.
find_package_handle_standard_args(Libbrotlidec REQUIRED_VARS
LIBBROTLIDEC_LIBRARY LIBBROTLIDEC_INCLUDE_DIR
VERSION_VAR LIBBROTLIDEC_VERSION)
if(LIBBROTLIDEC_FOUND)
set(LIBBROTLIDEC_LIBRARIES ${LIBBROTLIDEC_LIBRARY})
set(LIBBROTLIDEC_INCLUDE_DIRS ${LIBBROTLIDEC_INCLUDE_DIR})
endif()
mark_as_advanced(LIBBROTLIDEC_INCLUDE_DIR LIBBROTLIDEC_LIBRARY)

36
cmake/FindLibbrotlienc.cmake
View File

@@ -1,36 +0,0 @@
# - Try to find libbrotlienc
# Once done this will define
# LIBBROTLIENC_FOUND - System has libbrotlienc
# LIBBROTLIENC_INCLUDE_DIRS - The libbrotlienc include directories
# LIBBROTLIENC_LIBRARIES - The libraries needed to use libbrotlienc
find_package(PkgConfig QUIET)
pkg_check_modules(PC_LIBBROTLIENC QUIET libbrotlienc)
find_path(LIBBROTLIENC_INCLUDE_DIR
NAMES brotli/encode.h
HINTS ${PC_LIBBROTLIENC_INCLUDE_DIRS}
)
find_library(LIBBROTLIENC_LIBRARY
NAMES brotlienc
HINTS ${PC_LIBBROTLIENC_LIBRARY_DIRS}
)
if(PC_LIBBROTLIENC_FOUND)
set(LIBBROTLIENC_VERSION ${PC_LIBBROTLIENC_VERSION})
endif()
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set LIBBROTLIENC_FOUND
# to TRUE if all listed variables are TRUE and the requested version
# matches.
find_package_handle_standard_args(Libbrotlienc REQUIRED_VARS
LIBBROTLIENC_LIBRARY LIBBROTLIENC_INCLUDE_DIR
VERSION_VAR LIBBROTLIENC_VERSION)
if(LIBBROTLIENC_FOUND)
set(LIBBROTLIENC_LIBRARIES ${LIBBROTLIENC_LIBRARY})
set(LIBBROTLIENC_INCLUDE_DIRS ${LIBBROTLIENC_INCLUDE_DIR})
endif()
mark_as_advanced(LIBBROTLIENC_INCLUDE_DIR LIBBROTLIENC_LIBRARY)

43
cmake/FindLibngtcp2_crypto_wolfssl.cmake
View File

@@ -1,43 +0,0 @@
# - Try to find libngtcp2_crypto_wolfssl
# Once done this will define
# LIBNGTCP2_CRYPTO_WOLFSSL_FOUND - System has libngtcp2_crypto_wolfssl
# LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIRS - The libngtcp2_crypto_wolfssl include directories
# LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARIES - The libraries needed to use libngtcp2_crypto_wolfssl
find_package(PkgConfig QUIET)
pkg_check_modules(PC_LIBNGTCP2_CRYPTO_WOLFSSL QUIET libngtcp2_crypto_wolfssl)
find_path(LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR
NAMES ngtcp2/ngtcp2_crypto_wolfssl.h
HINTS ${PC_LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIRS}
)
find_library(LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARY
NAMES ngtcp2_crypto_wolfssl
HINTS ${PC_LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARY_DIRS}
)
if(LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR)
set(_version_regex "^#define[ \t]+NGTCP2_VERSION[ \t]+\"([^\"]+)\".*")
file(STRINGS "${LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR}/ngtcp2/version.h"
LIBNGTCP2_CRYPTO_WOLFSSL_VERSION REGEX "${_version_regex}")
string(REGEX REPLACE "${_version_regex}" "\\1"
LIBNGTCP2_CRYPTO_WOLFSSL_VERSION "${LIBNGTCP2_CRYPTO_WOLFSSL_VERSION}")
unset(_version_regex)
endif()
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set
# LIBNGTCP2_CRYPTO_WOLFSSL_FOUND to TRUE if all listed variables are
# TRUE and the requested version matches.
find_package_handle_standard_args(Libngtcp2_crypto_wolfssl REQUIRED_VARS
LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARY
LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR
VERSION_VAR LIBNGTCP2_CRYPTO_WOLFSSL_VERSION)
if(LIBNGTCP2_CRYPTO_WOLFSSL_FOUND)
set(LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARIES ${LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARY})
set(LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIRS ${LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR})
endif()
mark_as_advanced(LIBNGTCP2_CRYPTO_WOLFSSL_INCLUDE_DIR
LIBNGTCP2_CRYPTO_WOLFSSL_LIBRARY)

41
cmake/FindWolfSSL.cmake
View File

@@ -1,41 +0,0 @@
# - Try to find wolfssl
# Once done this will define
# WOLFSSL_FOUND - System has wolfssl
# WOLFSSL_INCLUDE_DIRS - The wolfssl include directories
# WOLFSSL_LIBRARIES - The libraries needed to use wolfssl
find_package(PkgConfig QUIET)
pkg_check_modules(PC_WOLFSSL QUIET wolfssl)
find_path(WOLFSSL_INCLUDE_DIR
NAMES wolfssl/ssl.h
HINTS ${PC_WOLFSSL_INCLUDE_DIRS}
)
find_library(WOLFSSL_LIBRARY
NAMES wolfssl
HINTS ${PC_WOLFSSL_LIBRARY_DIRS}
)
if(WOLFSSL_INCLUDE_DIR)
set(_version_regex "^#define[ \t]+LIBWOLFSSL_VERSION_STRING[ \t]+\"([^\"]+)\".*")
file(STRINGS "${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h"
WOLFSSL_VERSION REGEX "${_version_regex}")
string(REGEX REPLACE "${_version_regex}" "\\1"
WOLFSSL_VERSION "${WOLFSSL_VERSION}")
unset(_version_regex)
endif()
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set WOLFSSL_FOUND
# to TRUE if all listed variables are TRUE and the requested version
# matches.
find_package_handle_standard_args(WolfSSL REQUIRED_VARS
WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIR
VERSION_VAR WOLFSSL_VERSION)
if(WOLFSSL_FOUND)
set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY})
set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR})
endif()
mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY)

162
cmake/PickyWarningsC.cmake
View File

@@ -1,162 +0,0 @@
# nghttp2
#
# Copyright (c) 2023 nghttp2 contributors
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# C
include(CheckCCompilerFlag)
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_C_COMPILER_ID MATCHES "Clang")
# https://clang.llvm.org/docs/DiagnosticsReference.html
# https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
# WPICKY_ENABLE = Options we want to enable as-is.
# WPICKY_DETECT = Options we want to test first and enable if available.
# Prefer the -Wextra alias with clang.
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
set(WPICKY_ENABLE "-Wextra")
else()
set(WPICKY_ENABLE "-W")
endif()
list(APPEND WPICKY_ENABLE
-Wall
)
# ----------------------------------
# Add new options here, if in doubt:
# ----------------------------------
set(WPICKY_DETECT
)
# Assume these options always exist with both clang and gcc.
# Require clang 3.0 / gcc 2.95 or later.
list(APPEND WPICKY_ENABLE
-Wconversion # clang 3.0 gcc 2.95
-Winline # clang 1.0 gcc 1.0
-Wmissing-declarations # clang 1.0 gcc 2.7
-Wmissing-prototypes # clang 1.0 gcc 1.0
-Wnested-externs # clang 1.0 gcc 2.7
-Wpointer-arith # clang 1.0 gcc 1.4
-Wshadow # clang 1.0 gcc 2.95
-Wundef # clang 1.0 gcc 2.95
-Wwrite-strings # clang 1.0 gcc 1.4
)
# Always enable with clang, version dependent with gcc
set(WPICKY_COMMON_OLD
-Waddress # clang 3.0 gcc 4.3
-Wattributes # clang 3.0 gcc 4.1
-Wcast-align # clang 1.0 gcc 4.2
-Wdeclaration-after-statement # clang 1.0 gcc 3.4
-Wdiv-by-zero # clang 3.0 gcc 4.1
-Wempty-body # clang 3.0 gcc 4.3
-Wendif-labels # clang 1.0 gcc 3.3
-Wfloat-equal # clang 1.0 gcc 2.96 (3.0)
-Wformat-nonliteral # clang 3.0 gcc 4.1
-Wformat-security # clang 3.0 gcc 4.1
-Wmissing-field-initializers # clang 3.0 gcc 4.1
-Wmissing-noreturn # clang 3.0 gcc 4.1
-Wno-format-nonliteral # clang 1.0 gcc 2.96 (3.0) # This is required because we pass format string as "const char*"
# -Wpadded # clang 3.0 gcc 4.1 # Not used because we cannot change public structs
-Wredundant-decls # clang 3.0 gcc 4.1
-Wsign-conversion # clang 3.0 gcc 4.3
-Wstrict-prototypes # clang 1.0 gcc 3.3
# -Wswitch-enum # clang 3.0 gcc 4.1 # Not used because this basically disallows default case
-Wunreachable-code # clang 3.0 gcc 4.1
-Wunused-parameter # clang 3.0 gcc 4.1
-Wvla # clang 2.8 gcc 4.3
)
set(WPICKY_COMMON
-Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0
)
if(CMAKE_C_COMPILER_ID MATCHES "Clang")
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON_OLD}
-Wshorten-64-to-32 # clang 1.0
-Wlanguage-extension-token # clang 3.0
)
# Enable based on compiler version
if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR
(CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3))
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON}
-Wunreachable-code-break # clang 3.5 appleclang 6.0
-Wheader-guard # clang 3.4 appleclang 5.1
)
endif()
if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.9) OR
(CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.3))
list(APPEND WPICKY_ENABLE
-Wmissing-variable-declarations # clang 3.2 appleclang 4.6
)
endif()
if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) OR
(CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.4))
list(APPEND WPICKY_ENABLE
)
endif()
if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) OR
(CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.3))
list(APPEND WPICKY_ENABLE
)
endif()
else() # gcc
list(APPEND WPICKY_DETECT
${WPICKY_COMMON}
)
# Enable based on compiler version
if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.3)
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON_OLD}
-Wclobbered # gcc 4.3
)
endif()
endif()
#
unset(_wpicky)
foreach(_CCOPT IN LISTS WPICKY_ENABLE)
set(_wpicky "${_wpicky} ${_CCOPT}")
endforeach()
foreach(_CCOPT IN LISTS WPICKY_DETECT)
# surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new
# test result in.
string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname)
# GCC only warns about unknown -Wno- options if there are also other diagnostic messages,
# so test for the positive form instead
string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}")
check_c_compiler_flag(${_CCOPT_ON} ${_optvarname})
if(${_optvarname})
set(_wpicky "${_wpicky} ${_CCOPT}")
endif()
endforeach()
set(WARNCFLAGS "${WARNCFLAGS} ${_wpicky}")
endif()

117
cmake/PickyWarningsCXX.cmake
View File

@@ -1,117 +0,0 @@
# nghttp2
#
# Copyright (c) 2023 nghttp2 contributors
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# C++
include(CheckCXXCompilerFlag)
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")
# https://clang.llvm.org/docs/DiagnosticsReference.html
# https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
# WPICKY_ENABLE = Options we want to enable as-is.
# WPICKY_DETECT = Options we want to test first and enable if available.
set(WPICKY_ENABLE "-Wall")
# ----------------------------------
# Add new options here, if in doubt:
# ----------------------------------
set(WPICKY_DETECT
)
# Assume these options always exist with both clang and gcc.
# Require clang 3.0 / gcc 2.95 or later.
list(APPEND WPICKY_ENABLE
)
# Always enable with clang, version dependent with gcc
set(WPICKY_COMMON_OLD
-Wformat-security # clang 3.0 gcc 4.1
)
set(WPICKY_COMMON
)
if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON_OLD}
)
# Enable based on compiler version
if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 3.6) OR
(CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 6.3))
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON}
)
endif()
if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 3.9) OR
(CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 8.3))
list(APPEND WPICKY_ENABLE
)
endif()
if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 5.0) OR
(CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 9.4))
list(APPEND WPICKY_ENABLE
)
endif()
if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 7.0) OR
(CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 10.3))
list(APPEND WPICKY_ENABLE
)
endif()
else() # gcc
list(APPEND WPICKY_DETECT
${WPICKY_COMMON}
)
# Enable based on compiler version
if(NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.3)
list(APPEND WPICKY_ENABLE
${WPICKY_COMMON_OLD}
)
endif()
endif()
#
unset(_wpicky)
foreach(_CCOPT IN LISTS WPICKY_ENABLE)
set(_wpicky "${_wpicky} ${_CCOPT}")
endforeach()
foreach(_CCOPT IN LISTS WPICKY_DETECT)
# surprisingly, CHECK_CXX_COMPILER_FLAG needs a new variable to store each new
# test result in.
string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname)
# GCC only warns about unknown -Wno- options if there are also other diagnostic messages,
# so test for the positive form instead
string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}")
check_cxx_compiler_flag(${_CCOPT_ON} ${_optvarname})
if(${_optvarname})
set(_wpicky "${_wpicky} ${_CCOPT}")
endif()
endforeach()
set(WARNCXXFLAGS "${WARNCXXFLAGS} ${_wpicky}")
endif()

36
cmakeconfig.h.in
View File

@@ -19,30 +19,24 @@
/* Define to 1 if you have `neverbleed` library. */
#cmakedefine HAVE_NEVERBLEED 1
/* sizeof(int *) */
#cmakedefine SIZEOF_INT_P @SIZEOF_INT_P@
/* sizeof(time_t) */
#cmakedefine SIZEOF_TIME_T @SIZEOF_TIME_T@
/* Define to 1 if you have the `_Exit` function. */
#cmakedefine HAVE__EXIT 1
/* Define to 1 if you have the `accept4` function. */
#cmakedefine HAVE_ACCEPT4 1
/* Define to 1 if you have the `clock_gettime` function. */
#cmakedefine HAVE_CLOCK_GETTIME 1
/* Define to 1 if you have the `mkostemp` function. */
#cmakedefine HAVE_MKOSTEMP 1
/* Define to 1 if you have the `pipe2` function. */
#cmakedefine HAVE_PIPE2 1
/* Define to 1 if you have the `GetTickCount64` function. */
#cmakedefine HAVE_GETTICKCOUNT64 1
/* Define to 1 if you have the `initgroups` function. */
#cmakedefine01 HAVE_DECL_INITGROUPS
/* Define to 1 if you have the `CLOCK_MONOTONIC` defined. */
#cmakedefine01 HAVE_DECL_CLOCK_MONOTONIC
/* Define to 1 to enable debug output. */
#cmakedefine DEBUGBUILD 1
@@ -67,9 +61,6 @@
/* Define to 1 if you have the <netinet/in.h> header file. */
#cmakedefine HAVE_NETINET_IN_H 1
/* Define to 1 if you have the <netinet/ip.h> header file. */
#cmakedefine HAVE_NETINET_IP_H 1
/* Define to 1 if you have the <pwd.h> header file. */
#cmakedefine HAVE_PWD_H 1
@@ -82,12 +73,12 @@
/* Define to 1 if you have the <syslog.h> header file. */
#cmakedefine HAVE_SYSLOG_H 1
/* Define to 1 if you have the <time.h> header file. */
#cmakedefine HAVE_TIME_H 1
/* Define to 1 if you have the <unistd.h> header file. */
#cmakedefine HAVE_UNISTD_H 1
/* Define to 1 if you have the <windows.h> header file. */
#cmakedefine HAVE_WINDOWS_H 1
/* Define to 1 if HTTP/3 is enabled. */
#cmakedefine ENABLE_HTTP3 1
@@ -100,14 +91,5 @@
/* Define to 1 if you have `libngtcp2_crypto_quictls` library. */
#cmakedefine HAVE_LIBNGTCP2_CRYPTO_QUICTLS
/* Define to 1 if you have `libngtcp2_crypto_wolfssl` library. */
#cmakedefine HAVE_LIBNGTCP2_CRYPTO_WOLFSSL 1
/* Define to 1 if you have `libev` library. */
#cmakedefine HAVE_LIBEV 1
/* Define to 1 if you have `libbrotlienc` and `libbrotlidec` libraries. */
#cmakedefine HAVE_LIBBROTLI 1
/* Define to 1 if you have `wolfssl` library. */
#cmakedefine HAVE_WOLFSSL 1

280
configure.ac
View File

@@ -25,7 +25,7 @@ dnl Do not change user variables!
dnl https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
AC_PREREQ(2.61)
AC_INIT([nghttp2], [1.63.0], [t-tujikawa@users.sourceforge.net])
AC_INIT([nghttp2], [1.55.1], [t-tujikawa@users.sourceforge.net])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])
@@ -38,15 +38,15 @@ AC_CANONICAL_BUILD
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([subdir-objects tar-pax])
AM_INIT_AUTOMAKE([subdir-objects])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
dnl See versioning rule:
dnl https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
AC_SUBST(LT_CURRENT, 42)
AC_SUBST(LT_REVISION, 2)
AC_SUBST(LT_AGE, 28)
AC_SUBST(LT_CURRENT, 38)
AC_SUBST(LT_REVISION, 3)
AC_SUBST(LT_AGE, 24)
major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/[^0-9]//g"`
minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/[^0-9]//g"`
@@ -127,11 +127,6 @@ AC_ARG_WITH([libcares],
[Use libc-ares [default=check]])],
[request_libcares=$withval], [request_libcares=check])
AC_ARG_WITH([wolfssl],
[AS_HELP_STRING([--with-wolfssl],
[Use wolfSSL [default=check]])],
[request_wolfssl=$withval], [request_wolfssl=check])
AC_ARG_WITH([openssl],
[AS_HELP_STRING([--with-openssl],
[Use openssl [default=check]])],
@@ -142,6 +137,11 @@ AC_ARG_WITH([libev],
[Use libev [default=check]])],
[request_libev=$withval], [request_libev=check])
AC_ARG_WITH([cunit],
[AS_HELP_STRING([--with-cunit],
[Use cunit [default=check]])],
[request_cunit=$withval], [request_cunit=check])
AC_ARG_WITH([jemalloc],
[AS_HELP_STRING([--with-jemalloc],
[Use jemalloc [default=check]])],
@@ -177,16 +177,6 @@ AC_ARG_WITH([libbpf],
[Use libbpf [default=no]])],
[request_libbpf=$withval], [request_libbpf=no])
AC_ARG_WITH([libbrotlienc],
[AS_HELP_STRING([--with-libbrotlienc],
[Use libbrotlienc [default=no]])],
[request_libbrotlienc=$withval], [request_libbrotlienc=no])
AC_ARG_WITH([libbrotlidec],
[AS_HELP_STRING([--with-libbrotlidec],
[Use libbrotlidec [default=no]])],
[request_libbrotlidec=$withval], [request_libbrotlidec=no])
dnl Define variables
AC_ARG_VAR([LIBEV_CFLAGS], [C compiler flags for libev, skipping any checks])
AC_ARG_VAR([LIBEV_LIBS], [linker flags for libev, skipping any checks])
@@ -243,7 +233,7 @@ fi
save_CXXFLAGS="$CXXFLAGS"
CXXFLAGS=
AX_CXX_COMPILE_STDCXX([20], [], [optional])
AX_CXX_COMPILE_STDCXX([14], [noext], [optional])
CXX1XCXXFLAGS="$CXXFLAGS"
CXXFLAGS="$save_CXXFLAGS"
@@ -288,20 +278,21 @@ std::map<int, int>().emplace(1, 2);
[have_std_map_emplace=no
AC_MSG_RESULT([no])])
# Check that std::atomic<std::shared_ptr<T>> is supported.
AC_MSG_CHECKING([whether std::atomic<std::shared_ptr<T>> is supported])
# Check that std::atomic_* overloads for std::shared_ptr are
# available.
AC_MSG_CHECKING([whether std::atomic_* overloads for std::shared_ptr are available])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
[[
#include <memory>
]],
[[
auto a = std::atomic<std::shared_ptr<int>>(std::make_shared<int>(1000000007));
auto p = a.load();
auto a = std::make_shared<int>(1000000007);
auto p = std::atomic_load(&a);
++*p;
a.store(p);
std::atomic_store(&a, p);
]])],
[AC_DEFINE([HAVE_ATOMIC_STD_SHARED_PTR], [1],
[Define to 1 if you have the std::atomic<std::shared_ptr<T>> is supported.])
[Define to 1 if you have the std::atomic_* overloads for std::shared_ptr.])
have_atomic_std_shared_ptr=yes
AC_MSG_RESULT([yes])],
[have_atomic_std_shared_ptr=no
@@ -338,7 +329,7 @@ case "$host_os" in
*android*)
android_build=yes
# android does not need -pthread, but needs following 2 libs for C++
APPLDFLAGS="$APPLDFLAGS -latomic"
APPLDFLAGS="$APPLDFLAGS -lstdc++ -latomic"
;;
*)
PTHREAD_LDFLAGS="-pthread"
@@ -386,6 +377,43 @@ case "${host_os}" in
;;
esac
# cunit
have_cunit=no
if test "x${request_cunit}" != "xno"; then
PKG_CHECK_MODULES([CUNIT], [cunit >= 2.1], [have_cunit=yes], [have_cunit=no])
# If pkg-config does not find cunit, check it using AC_CHECK_LIB. We
# do this because Debian (Ubuntu) lacks pkg-config file for cunit.
if test "x${have_cunit}" = "xno"; then
AC_MSG_WARN([${CUNIT_PKG_ERRORS}])
AC_CHECK_LIB([cunit], [CU_initialize_registry],
[have_cunit=yes], [have_cunit=no])
if test "x${have_cunit}" = "xyes"; then
CUNIT_LIBS="-lcunit"
CUNIT_CFLAGS=""
AC_SUBST([CUNIT_LIBS])
AC_SUBST([CUNIT_CFLAGS])
fi
fi
if test "x${have_cunit}" = "xyes"; then
# cunit in Mac OS X requires ncurses. Note that in Mac OS X, test
# program can be built without -lncurses, but it emits runtime
# error.
case "${build}" in
*-apple-darwin*)
CUNIT_LIBS="$CUNIT_LIBS -lncurses"
AC_SUBST([CUNIT_LIBS])
;;
esac
fi
fi
if test "x${request_cunit}" = "xyes" &&
test "x${have_cunit}" != "xyes"; then
AC_MSG_ERROR([cunit was requested (--with-cunit) but not found])
fi
AM_CONDITIONAL([HAVE_CUNIT], [ test "x${have_cunit}" = "xyes" ])
# libev (for src)
have_libev=no
if test "x${request_libev}" != "xno"; then
@@ -416,39 +444,30 @@ if test "x${request_libev}" = "xyes" &&
AC_MSG_ERROR([libev was requested (--with-libev) but not found])
fi
if test "x${request_openssl}" = "xyes" &&
test "x${request_wolfssl}" = "xyes"; then
AC_MSG_ERROR([Requesting both OpenSSL and wolfSSL is not allowed])
fi
# openssl (for src)
have_openssl=no
if test "x${request_openssl}" != "xno" &&
test "x${request_wolfssl}" != "xyes"; then
PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.1.1],
if test "x${request_openssl}" != "xno"; then
PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.0.1],
[have_openssl=yes], [have_openssl=no])
if test "x${have_openssl}" = "xno"; then
AC_MSG_NOTICE($OPENSSL_PKG_ERRORS)
else
# Use C++ compiler because boringssl needs C++ runtime.
AC_LANG_PUSH(C++)
save_CXXFLAGS="$CXXFLAGS"
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"
CFLAGS="$OPENSSL_CFLAGS $CFLAGS"
LIBS="$OPENSSL_LIBS $LIBS"
# quictls/openssl has SSL_provide_quic_data. boringssl also has
# it. We will deal with it later.
have_ssl_provide_quic_data=no
AC_MSG_CHECKING([for SSL_provide_quic_data])
# quictls/openssl has SSL_is_quic.
have_ssl_is_quic=no
AC_MSG_CHECKING([for SSL_is_quic])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/ssl.h>
]], [[
SSL_provide_quic_data(NULL, (ssl_encryption_level_t)0, NULL, 0);
SSL *ssl = NULL;
SSL_is_quic(ssl);
]])],
[AC_MSG_RESULT([yes]); have_ssl_provide_quic_data=yes],
[AC_MSG_RESULT([no]); have_ssl_provide_quic_data=no])
[AC_MSG_RESULT([yes]); have_ssl_is_quic=yes],
[AC_MSG_RESULT([no]); have_ssl_is_quic=no])
# boringssl has SSL_set_quic_early_data_context.
AC_MSG_CHECKING([for SSL_set_quic_early_data_context])
@@ -461,10 +480,8 @@ if test "x${request_openssl}" != "xno" &&
[AC_MSG_RESULT([yes]); have_boringssl_quic=yes],
[AC_MSG_RESULT([no]); have_boringssl_quic=no])
CXXFLAGS="$save_CXXFLAGS"
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
AC_LANG_POP()
fi
fi
@@ -473,49 +490,10 @@ if test "x${request_openssl}" = "xyes" &&
AC_MSG_ERROR([openssl was requested (--with-openssl) but not found])
fi
# wolfSSL (for src)
have_wolfssl=no
if test "x${request_wolfssl}" != "xno" &&
test "x${request_openssl}" != "xyes" &&
test "x${have_openssl}" != "xyes"; then
PKG_CHECK_MODULES([WOLFSSL], [wolfssl >= 5.7.0],
[have_wolfssl=yes], [have_wolfssl=no])
if test "x${have_wolfssl}" = "xno"; then
AC_MSG_NOTICE($WOLFSSL_PKG_ERRORS)
else
AC_DEFINE([HAVE_WOLFSSL], [1],
[Define to 1 if you have 'wolfssl' library.])
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
CFLAGS="$WOLFSSL_CFLAGS $CFLAGS"
LIBS="$WOLFSSL_LIBS $LIBS"
have_wolfssl_quic=no
AC_MSG_CHECKING([for wolfSSL QUIC])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <wolfssl/options.h>
#include <wolfssl/openssl/ssl.h>
]], [[
SSL_provide_quic_data(NULL, 0, NULL, 0);
]])],
[AC_MSG_RESULT([yes]); have_wolfssl_quic=yes],
[AC_MSG_RESULT([no]); have_wolfssl_quic=no])
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
fi
fi
if test "x${request_wolfssl}" = "xyes" &&
test "x${have_wolfssl}" != "xyes"; then
AC_MSG_ERROR([wolfSSL was requested (--with-wolfssl) but not found])
fi
# c-ares (for src)
have_libcares=no
if test "x${request_libcares}" != "xno"; then
PKG_CHECK_MODULES([LIBCARES], [libcares >= 1.16.0], [have_libcares=yes],
PKG_CHECK_MODULES([LIBCARES], [libcares >= 1.7.5], [have_libcares=yes],
[have_libcares=no])
if test "x${have_libcares}" = "xno"; then
AC_MSG_NOTICE($LIBCARES_PKG_ERRORS)
@@ -530,7 +508,7 @@ fi
# ngtcp2 (for src)
have_libngtcp2=no
if test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 1.4.0], [have_libngtcp2=yes],
PKG_CHECK_MODULES([LIBNGTCP2], [libngtcp2 >= 0.17.0], [have_libngtcp2=yes],
[have_libngtcp2=no])
if test "x${have_libngtcp2}" = "xno"; then
AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS)
@@ -542,35 +520,12 @@ if test "x${request_libngtcp2}" = "xyes" &&
AC_MSG_ERROR([libngtcp2 was requested (--with-libngtcp2) but not found])
fi
# ngtcp2_crypto_wolfssl (for src)
have_libngtcp2_crypto_wolfssl=no
if test "x${have_wolfssl_quic}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_WOLFSSL],
[libngtcp2_crypto_wolfssl >= 1.0.0],
[have_libngtcp2_crypto_wolfssl=yes],
[have_libngtcp2_crypto_wolfssl=no])
if test "x${have_libngtcp2_crypto_wolfssl}" = "xno"; then
AC_MSG_NOTICE($LIBNGTCP2_CRYPTO_WOLFSSL_PKG_ERRORS)
else
AC_DEFINE([HAVE_LIBNGTCP2_CRYPTO_WOLFSSL], [1],
[Define to 1 if you have `libngtcp2_crypto_wolfssl` library.])
fi
fi
if test "x${have_wolfssl_quic}" = "xyes" &&
test "x${request_libngtcp2}" = "xyes" &&
test "x${have_libngtcp2_crypto_wolfssl}" != "xyes"; then
AC_MSG_ERROR([libngtcp2_crypto_wolfssl was requested (--with-libngtcp2) but not found])
fi
# ngtcp2_crypto_quictls (for src)
have_libngtcp2_crypto_quictls=no
if test "x${have_ssl_provide_quic_data}" = "xyes" &&
test "x${have_boringssl_quic}" != "xyes" &&
if test "x${have_ssl_is_quic}" = "xyes" &&
test "x${request_libngtcp2}" != "xno"; then
PKG_CHECK_MODULES([LIBNGTCP2_CRYPTO_QUICTLS],
[libngtcp2_crypto_quictls >= 1.0.0],
[libngtcp2_crypto_quictls >= 0.17.0],
[have_libngtcp2_crypto_quictls=yes],
[have_libngtcp2_crypto_quictls=no])
if test "x${have_libngtcp2_crypto_quictls}" = "xno"; then
@@ -581,8 +536,7 @@ if test "x${have_ssl_provide_quic_data}" = "xyes" &&
fi
fi
if test "x${have_ssl_provide_quic_data}" = "xyes" &&
test "x${have_boringssl_quic}" != "xyes" &&
if test "x${have_ssl_is_quic}" = "xyes" &&
test "x${request_libngtcp2}" = "xyes" &&
test "x${have_libngtcp2_crypto_quictls}" != "xyes"; then
AC_MSG_ERROR([libngtcp2_crypto_quictls was requested (--with-libngtcp2) but not found])
@@ -613,7 +567,7 @@ fi
# nghttp3 (for src)
have_libnghttp3=no
if test "x${request_libnghttp3}" != "xno"; then
PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 1.1.0], [have_libnghttp3=yes],
PKG_CHECK_MODULES([LIBNGHTTP3], [libnghttp3 >= 0.13.0], [have_libnghttp3=yes],
[have_libnghttp3=no])
if test "x${have_libnghttp3}" = "xno"; then
AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS)
@@ -670,47 +624,6 @@ fi
AM_CONDITIONAL([HAVE_LIBBPF], [ test "x${have_libbpf}" = "xyes" ])
# libbrotlienc (for src)
have_libbrotlienc=no
if test "x${request_libbrotlienc}" != "xno"; then
PKG_CHECK_MODULES([LIBBROTLIENC], [libbrotlienc >= 1.0.9],
[have_libbrotlienc=yes],
[have_libbrotlienc=no])
if test "x${have_libbrotlienc}" = "xno"; then
AC_MSG_NOTICE($LIBBROTLIENC_PKG_ERRORS)
fi
fi
if test "x${request_libbrotlienc}" = "xyes" &&
test "x${have_libbrotlienc}" != "xyes"; then
AC_MSG_ERROR([libbrotlienc was requested (--with-libbrotlienc) but not found])
fi
# libbrotlidec (for src)
have_libbrotlidec=no
if test "x${request_libbrotlidec}" != "xno"; then
PKG_CHECK_MODULES([LIBBROTLIDEC], [libbrotlidec >= 1.0.9],
[have_libbrotlidec=yes],
[have_libbrotlidec=no])
if test "x${have_libbrotlidec}" = "xno"; then
AC_MSG_NOTICE($LIBBROTLIDEC_PKG_ERRORS)
fi
fi
if test "x${request_libbrotlidec}" = "xyes" &&
test "x${have_libbrotlidec}" != "xyes"; then
AC_MSG_ERROR([libbrotlidec was requested (--with-libbrotlidec) but not found])
fi
have_libbrotli=no
if test "x${have_libbrotlienc}" = "xyes" &&
test "x${have_libbrotlidec}" = "xyes"; then
have_libbrotli=yes
AC_DEFINE([HAVE_LIBBROTLI], [1],
[Define to 1 if you have `libbrotlienc` and `libbrotlidec` libraries.])
fi
# libevent_openssl (for examples)
# 2.0.8 is required because we use evconnlistener_set_error_cb()
have_libevent_openssl=no
@@ -823,7 +736,7 @@ fi
enable_app=no
if test "x${request_app}" != "xno" &&
test "x${have_zlib}" = "xyes" &&
(test "x${have_openssl}" = "xyes" || test "x${have_wolfssl}" = "xyes") &&
test "x${have_openssl}" = "xyes" &&
test "x${have_libev}" = "xyes" &&
test "x${have_libcares}" = "xyes"; then
enable_app=yes
@@ -839,9 +752,10 @@ AM_CONDITIONAL([ENABLE_APP], [ test "x${enable_app}" = "xyes" ])
# Check HTTP/3 support
enable_http3=no
if test "x${request_http3}" != "xno" &&
(test "x${have_ssl_is_quic}" = "xyes" ||
test "x${have_boringssl_quic}" = "xyes") &&
test "x${have_libngtcp2}" = "xyes" &&
(test "x${have_libngtcp2_crypto_wolfssl}" = "xyes" ||
test "x${have_libngtcp2_crypto_quictls}" = "xyes" ||
(test "x${have_libngtcp2_crypto_quictls}" = "xyes" ||
test "x${have_libngtcp2_crypto_boringssl}" = "xyes") &&
test "x${have_libnghttp3}" = "xyes"; then
enable_http3=yes
@@ -933,7 +847,6 @@ AC_CHECK_HEADERS([ \
limits.h \
netdb.h \
netinet/in.h \
netinet/ip.h \
pwd.h \
stddef.h \
stdint.h \
@@ -942,8 +855,8 @@ AC_CHECK_HEADERS([ \
sys/socket.h \
sys/time.h \
syslog.h \
time.h \
unistd.h \
windows.h \
])
# Checks for typedefs, structures, and compiler characteristics.
@@ -993,6 +906,12 @@ if test "x$have_struct_tm_tm_gmtoff" = "xyes"; then
[Define to 1 if you have `struct tm.tm_gmtoff` member.])
fi
# Check size of pointer to decide we need 8 bytes alignment
# adjustment.
AC_CHECK_SIZEOF([int *])
AC_CHECK_SIZEOF([time_t])
# Checks for library functions.
# Don't check malloc, since it does not play nicely with C++ stdlib
@@ -1009,7 +928,6 @@ AC_FUNC_STRNLEN
AC_CHECK_FUNCS([ \
_Exit \
accept4 \
clock_gettime \
dup2 \
getcwd \
getpwnam \
@@ -1018,7 +936,6 @@ AC_CHECK_FUNCS([ \
memmove \
memset \
mkostemp \
pipe2 \
socket \
sqrt \
strchr \
@@ -1036,25 +953,6 @@ AC_CHECK_FUNCS([ \
AC_CHECK_FUNC([timerfd_create],
[have_timerfd_create=yes], [have_timerfd_create=no])
AC_MSG_CHECKING([checking for GetTickCount64])
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[
#include <windows.h>
]],
[[
GetTickCount64();
]])],
[have_gettickcount64=yes],
[have_gettickcount64=no])
if test "x${have_gettickcount64}" = "xyes"; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAVE_GETTICKCOUNT64], [1],
[Define to 1 if you have `GetTickCount64` function.])
else
AC_MSG_RESULT([no])
fi
# For cygwin: we can link initgroups, so AC_CHECK_FUNCS succeeds, but
# cygwin disables initgroups due to feature test macro magic with our
# configuration. FreeBSD declares initgroups() in unistd.h.
@@ -1065,10 +963,6 @@ AC_CHECK_DECLS([initgroups], [], [], [[
#include <grp.h>
]])
AC_CHECK_DECLS([CLOCK_MONOTONIC], [], [], [[
#include <time.h>
]])
save_CFLAGS=$CFLAGS
save_CXXFLAGS=$CXXFLAGS
@@ -1242,9 +1136,9 @@ AC_MSG_NOTICE([summary of build options:
Python: ${PYTHON}
PYTHON_VERSION: ${PYTHON_VERSION}
Test:
CUnit: ${have_cunit} (CFLAGS='${CUNIT_CFLAGS}' LIBS='${CUNIT_LIBS}')
Failmalloc: ${enable_failmalloc}
Libs:
wolfSSL: ${have_wolfssl} (CFLAGS='${WOLFSSL_CFLAGS}' LIBS='${WOLFSSL_LIBS}')
OpenSSL: ${have_openssl} (CFLAGS='${OPENSSL_CFLAGS}' LIBS='${OPENSSL_LIBS}')
Libxml2: ${have_libxml2} (CFLAGS='${LIBXML2_CFLAGS}' LIBS='${LIBXML2_LIBS}')
Libev: ${have_libev} (CFLAGS='${LIBEV_CFLAGS}' LIBS='${LIBEV_LIBS}')
@@ -1259,8 +1153,6 @@ AC_MSG_NOTICE([summary of build options:
Jemalloc: ${have_jemalloc} (CFLAGS='${JEMALLOC_CFLAGS}' LIBS='${JEMALLOC_LIBS}')
Zlib: ${have_zlib} (CFLAGS='${ZLIB_CFLAGS}' LIBS='${ZLIB_LIBS}')
Systemd: ${have_libsystemd} (CFLAGS='${SYSTEMD_CFLAGS}' LIBS='${SYSTEMD_LIBS}')
Libbrotlienc: ${have_libbrotlienc} (CFLAGS="${LIBBROTLIENC_CFLAGS}' LIBS='${LIBBROTLIENC_LIBS}')
Libbrotlidec: ${have_libbrotlidec} (CFLAGS="${LIBBROTLIDEC_CFLAGS}' LIBS='${LIBBROTLIDEC_LIBS}')
Third-party:
http-parser: ${enable_third_party}
MRuby: ${have_mruby} (CFLAGS='${LIBMRUBY_CFLAGS}' LIBS='${LIBMRUBY_LIBS}')

20
doc/Makefile.am
View File

@@ -33,7 +33,6 @@ APIDOCS= \
nghttp2_check_header_value_rfc9113.rst \
nghttp2_check_method.rst \
nghttp2_check_path.rst \
nghttp2_extpri_parse_priority.rst \
nghttp2_hd_deflate_bound.rst \
nghttp2_hd_deflate_change_table_size.rst \
nghttp2_hd_deflate_del.rst \
@@ -42,9 +41,7 @@ APIDOCS= \
nghttp2_hd_deflate_get_num_table_entries.rst \
nghttp2_hd_deflate_get_table_entry.rst \
nghttp2_hd_deflate_hd.rst \
nghttp2_hd_deflate_hd2.rst \
nghttp2_hd_deflate_hd_vec.rst \
nghttp2_hd_deflate_hd_vec2.rst \
nghttp2_hd_deflate_new.rst \
nghttp2_hd_deflate_new2.rst \
nghttp2_hd_inflate_change_table_size.rst \
@@ -56,7 +53,6 @@ APIDOCS= \
nghttp2_hd_inflate_get_table_entry.rst \
nghttp2_hd_inflate_hd.rst \
nghttp2_hd_inflate_hd2.rst \
nghttp2_hd_inflate_hd3.rst \
nghttp2_hd_inflate_new.rst \
nghttp2_hd_inflate_new2.rst \
nghttp2_http2_strerror.rst \
@@ -77,12 +73,9 @@ APIDOCS= \
nghttp2_option_set_peer_max_concurrent_streams.rst \
nghttp2_option_set_server_fallback_rfc7540_priorities.rst \
nghttp2_option_set_user_recv_extension_type.rst \
nghttp2_option_set_max_continuations.rst \
nghttp2_option_set_max_outbound_ack.rst \
nghttp2_option_set_max_settings.rst \
nghttp2_option_set_stream_reset_rate_limit.rst \
nghttp2_pack_settings_payload.rst \
nghttp2_pack_settings_payload2.rst \
nghttp2_priority_spec_check_default.rst \
nghttp2_priority_spec_default_init.rst \
nghttp2_priority_spec_init.rst \
@@ -91,12 +84,10 @@ APIDOCS= \
nghttp2_rcbuf_incref.rst \
nghttp2_rcbuf_is_static.rst \
nghttp2_select_next_protocol.rst \
nghttp2_select_alpn.rst \
nghttp2_session_callbacks_del.rst \
nghttp2_session_callbacks_new.rst \
nghttp2_session_callbacks_set_before_frame_send_callback.rst \
nghttp2_session_callbacks_set_data_source_read_length_callback.rst \
nghttp2_session_callbacks_set_data_source_read_length_callback2.rst \
nghttp2_session_callbacks_set_error_callback.rst \
nghttp2_session_callbacks_set_error_callback2.rst \
nghttp2_session_callbacks_set_on_begin_frame_callback.rst \
@@ -113,13 +104,9 @@ APIDOCS= \
nghttp2_session_callbacks_set_on_invalid_header_callback2.rst \
nghttp2_session_callbacks_set_on_stream_close_callback.rst \
nghttp2_session_callbacks_set_pack_extension_callback.rst \
nghttp2_session_callbacks_set_pack_extension_callback2.rst \
nghttp2_session_callbacks_set_recv_callback.rst \
nghttp2_session_callbacks_set_recv_callback2.rst \
nghttp2_session_callbacks_set_select_padding_callback.rst \
nghttp2_session_callbacks_set_select_padding_callback2.rst \
nghttp2_session_callbacks_set_send_callback.rst \
nghttp2_session_callbacks_set_send_callback2.rst \
nghttp2_session_callbacks_set_send_data_callback.rst \
nghttp2_session_callbacks_set_unpack_extension_callback.rst \
nghttp2_session_change_extpri_stream_priority.rst \
@@ -137,7 +124,6 @@ APIDOCS= \
nghttp2_session_find_stream.rst \
nghttp2_session_get_effective_local_window_size.rst \
nghttp2_session_get_effective_recv_data_length.rst \
nghttp2_session_get_extpri_stream_priority.rst \
nghttp2_session_get_hd_deflate_dynamic_table_size.rst \
nghttp2_session_get_hd_inflate_dynamic_table_size.rst \
nghttp2_session_get_last_proc_stream_id.rst \
@@ -156,9 +142,7 @@ APIDOCS= \
nghttp2_session_get_stream_remote_window_size.rst \
nghttp2_session_get_stream_user_data.rst \
nghttp2_session_mem_recv.rst \
nghttp2_session_mem_recv2.rst \
nghttp2_session_mem_send.rst \
nghttp2_session_mem_send2.rst \
nghttp2_session_recv.rst \
nghttp2_session_resume_data.rst \
nghttp2_session_send.rst \
@@ -186,7 +170,6 @@ APIDOCS= \
nghttp2_strerror.rst \
nghttp2_submit_altsvc.rst \
nghttp2_submit_data.rst \
nghttp2_submit_data2.rst \
nghttp2_submit_extension.rst \
nghttp2_submit_goaway.rst \
nghttp2_submit_headers.rst \
@@ -196,9 +179,7 @@ APIDOCS= \
nghttp2_submit_priority_update.rst \
nghttp2_submit_push_promise.rst \
nghttp2_submit_request.rst \
nghttp2_submit_request2.rst \
nghttp2_submit_response.rst \
nghttp2_submit_response2.rst \
nghttp2_submit_rst_stream.rst \
nghttp2_submit_settings.rst \
nghttp2_submit_shutdown_notice.rst \
@@ -227,6 +208,7 @@ EXTRA_DIST = \
sources/h2load-howto.rst \
sources/building-android-binary.rst \
sources/contribute.rst \
sources/security.rst \
_exts/rubydomain/LICENSE.rubydomain \
_exts/rubydomain/__init__.py \
_exts/rubydomain/rubydomain.py \

2
doc/README.rst
View File

@@ -68,7 +68,7 @@ The example follows::
* Callback function invoked when |session| wants to send data to
* remote peer.
*/
typedef nghttp2_ssize (*nghttp2_send_callback2)
typedef ssize_t (*nghttp2_send_callback)
(nghttp2_session *session,
const uint8_t *data, size_t length, int flags, void *user_data);

2
doc/bash_completion/h2load
View File

@@ -8,7 +8,7 @@ _h2load()
_get_comp_words_by_ref cur prev
case $cur in
-*)
COMPREPLY=( $( compgen -W '--requests --clients --threads --input-file --max-concurrent-streams --max-frame-size --window-bits --connection-window-bits --header --ciphers --tls13-ciphers --no-tls-proto --data --rate --rate-period --duration --warm-up-time --connection-active-timeout --connection-inactivity-timeout --timing-script-file --base-uri --alpn-list --h1 --header-table-size --encoder-header-table-size --log-file --qlog-file-base --connect-to --rps --groups --no-udp-gso --max-udp-payload-size --ktls --sni --verbose --version --help ' -- "$cur" ) )
COMPREPLY=( $( compgen -W '--requests --clients --threads --input-file --max-concurrent-streams --max-frame-size --window-bits --connection-window-bits --header --ciphers --tls13-ciphers --no-tls-proto --data --rate --rate-period --duration --warm-up-time --connection-active-timeout --connection-inactivity-timeout --timing-script-file --base-uri --npn-list --h1 --header-table-size --encoder-header-table-size --log-file --qlog-file-base --connect-to --rps --groups --no-udp-gso --max-udp-payload-size --ktls --verbose --version --help ' -- "$cur" ) )
;;
*)
_filedir

2
doc/bash_completion/nghttpx
View File

@@ -8,7 +8,7 @@ _nghttpx()
_get_comp_words_by_ref cur prev
case $cur in
-*)
COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-idle-timeout --frontend-http3-idle-timeout --frontend-write-timeout --frontend-keep-alive-timeout --frontend-header-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --ecdh-curves --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --alpn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --fetch-ocsp-response-file --ocsp-update-interval --ocsp-startup --no-verify-ocsp --no-ocsp --tls-session-cache-memcached --tls-session-cache-memcached-address-family --tls-session-cache-memcached-cert-file --tls-session-cache-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) )
COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-read-timeout --frontend-http3-read-timeout --frontend-read-timeout --frontend-write-timeout --frontend-keep-alive-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --ecdh-curves --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --npn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --fetch-ocsp-response-file --ocsp-update-interval --ocsp-startup --no-verify-ocsp --no-ocsp --tls-session-cache-memcached --tls-session-cache-memcached-address-family --tls-session-cache-memcached-cert-file --tls-session-cache-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) )
;;
*)
_filedir

19
doc/h2load.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "H2LOAD" "1" "Aug 27, 2024" "1.63.0" "nghttp2"
.TH "H2LOAD" "1" "Jul 14, 2023" "1.55.1" "nghttp2"
.SH NAME
h2load \- HTTP/2 benchmarking tool
.SH SYNOPSIS
@@ -255,19 +255,20 @@ input files as usual.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-alpn\-list=<LIST>
.B \-\-npn\-list=<LIST>
Comma delimited list of ALPN protocol identifier sorted
in the order of preference. That means most desirable
protocol comes first. The parameter must be delimited
by a single comma only and any white spaces are treated
as a part of protocol string.
protocol comes first. This is used in both ALPN and
NPN. The parameter must be delimited by a single comma
only and any white spaces are treated as a part of
protocol string.
.sp
Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-h1
Short hand for \fI\%\-\-alpn\-list\fP=http/1.1
Short hand for \fI\%\-\-npn\-list\fP=http/1.1
\fI\%\-\-no\-tls\-proto\fP=http/1.1, which effectively force
http/1.1 for both http and https URI.
.UNINDENT
@@ -344,12 +345,6 @@ Enable ktls.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-sni=<DNSNAME>
Send <DNSNAME> in TLS SNI, overriding the host name
specified in URI.
.UNINDENT
.INDENT 0.0
.TP
.B \-v, \-\-verbose
Output debug information.
.UNINDENT

16
doc/h2load.1.rst
View File

@@ -213,19 +213,20 @@ OPTIONS
the first URI appeared in the command line or inside
input files as usual.
.. option:: --alpn-list=<LIST>
.. option:: --npn-list=<LIST>
Comma delimited list of ALPN protocol identifier sorted
in the order of preference. That means most desirable
protocol comes first. The parameter must be delimited
by a single comma only and any white spaces are treated
as a part of protocol string.
protocol comes first. This is used in both ALPN and
NPN. The parameter must be delimited by a single comma
only and any white spaces are treated as a part of
protocol string.
Default: ``h2,h2-16,h2-14,http/1.1``
.. option:: --h1
Short hand for :option:`--alpn-list`\=http/1.1
Short hand for :option:`--npn-list`\=http/1.1
:option:`--no-tls-proto`\=http/1.1, which effectively force
http/1.1 for both http and https URI.
@@ -290,11 +291,6 @@ OPTIONS
Enable ktls.
.. option:: --sni=<DNSNAME>
Send <DNSNAME> in TLS SNI, overriding the host name
specified in URI.
.. option:: -v, --verbose
Output debug information.

2
doc/nghttp.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTP" "1" "Aug 27, 2024" "1.63.0" "nghttp2"
.TH "NGHTTP" "1" "Jul 14, 2023" "1.55.1" "nghttp2"
.SH NAME
nghttp \- HTTP/2 client
.SH SYNOPSIS

2
doc/nghttpd.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTPD" "1" "Aug 27, 2024" "1.63.0" "nghttp2"
.TH "NGHTTPD" "1" "Jul 14, 2023" "1.55.1" "nghttp2"
.SH NAME
nghttpd \- HTTP/2 server
.SH SYNOPSIS

89
doc/nghttpx.1
View File

@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NGHTTPX" "1" "Aug 27, 2024" "1.63.0" "nghttp2"
.TH "NGHTTPX" "1" "Jul 14, 2023" "1.55.1" "nghttp2"
.SH NAME
nghttpx \- HTTP/2 proxy
.SH SYNOPSIS
@@ -371,7 +371,7 @@ Default: \fBauto\fP
.TP
.B \-\-backend\-http\-proxy\-uri=<URI>
Specify proxy URI in the form
\X'tty: link http:/'\fI\%http:/\fP\X'tty: link'/[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy
\fI\%http:/\fP/[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy
requires authentication, specify <USER> and <PASS>.
Note that they must be properly percent\-encoded. This
proxy is used when the backend connection is HTTP/2.
@@ -555,24 +555,27 @@ this option will be simply ignored.
.SS Timeout
.INDENT 0.0
.TP
.B \-\-frontend\-http2\-idle\-timeout=<DURATION>
Specify idle timeout for HTTP/2 frontend connection. If
no active streams exist for this duration, connection is
closed.
.B \-\-frontend\-http2\-read\-timeout=<DURATION>
Specify read timeout for HTTP/2 frontend connection.
.sp
Default: \fB3m\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-frontend\-http3\-idle\-timeout=<DURATION>
Specify idle timeout for HTTP/3 frontend connection. If
no active streams exist for this duration, connection is
closed.
.B \-\-frontend\-http3\-read\-timeout=<DURATION>
Specify read timeout for HTTP/3 frontend connection.
.sp
Default: \fB3m\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-frontend\-read\-timeout=<DURATION>
Specify read timeout for HTTP/1.1 frontend connection.
.sp
Default: \fB1m\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-frontend\-write\-timeout=<DURATION>
Specify write timeout for all frontend connections.
.sp
@@ -588,17 +591,6 @@ Default: \fB1m\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-frontend\-header\-timeout=<DURATION>
Specify duration that the server waits for an HTTP
request header fields to be received completely. On
timeout, HTTP/1 and HTTP/2 connections are closed. For
HTTP/3, the stream is shutdown, and the connection
itself is left intact.
.sp
Default: \fB1m\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-stream\-read\-timeout=<DURATION>
Specify read timeout for HTTP/2 streams. 0 means no
timeout.
@@ -791,12 +783,13 @@ available.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-alpn\-list=<LIST>
.B \-\-npn\-list=<LIST>
Comma delimited list of ALPN protocol identifier sorted
in the order of preference. That means most desirable
protocol comes first. The parameter must be delimited
by a single comma only and any white spaces are treated
as a part of protocol string.
protocol comes first. This is used in both ALPN and
NPN. The parameter must be delimited by a single comma
only and any white spaces are treated as a part of
protocol string.
.sp
Default: \fBh2,h2\-16,h2\-14,http/1.1\fP
.UNINDENT
@@ -1057,7 +1050,7 @@ Default: \fB1s\fP
.B \-\-no\-http2\-cipher\-block\-list
Allow block listed cipher suite on frontend HTTP/2
connection. See
\X'tty: link https://tools.ietf.org/html/rfc7540#appendix-A'\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP\X'tty: link' for the
\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP for the
complete HTTP/2 cipher suites block list.
.UNINDENT
.INDENT 0.0
@@ -1065,7 +1058,7 @@ complete HTTP/2 cipher suites block list.
.B \-\-client\-no\-http2\-cipher\-block\-list
Allow block listed cipher suite on backend HTTP/2
connection. See
\X'tty: link https://tools.ietf.org/html/rfc7540#appendix-A'\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP\X'tty: link' for the
\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP for the
complete HTTP/2 cipher suites block list.
.UNINDENT
.INDENT 0.0
@@ -1553,20 +1546,18 @@ in HTTP/2 frontend.
.TP
.B \-\-add\-request\-header=<HEADER>
Specify additional header field to add to request header
set. The field name must be lowercase. This option
just appends header field and won\(aqt replace anything
already set. This option can be used several times to
specify multiple header fields.
set. This option just appends header field and won\(aqt
replace anything already set. This option can be used
several times to specify multiple header fields.
Example: \fI\%\-\-add\-request\-header\fP=\(dqfoo: bar\(dq
.UNINDENT
.INDENT 0.0
.TP
.B \-\-add\-response\-header=<HEADER>
Specify additional header field to add to response
header set. The field name must be lowercase. This
option just appends header field and won\(aqt replace
anything already set. This option can be used several
times to specify multiple header fields.
header set. This option just appends header field and
won\(aqt replace anything already set. This option can be
used several times to specify multiple header fields.
Example: \fI\%\-\-add\-response\-header\fP=\(dqfoo: bar\(dq
.UNINDENT
.INDENT 0.0
@@ -1841,8 +1832,8 @@ NEW_TOKEN frame in the previous connection.
.TP
.B \-\-frontend\-quic\-congestion\-controller=<CC>
Specify a congestion controller algorithm for a frontend
QUIC connection. <CC> should be either \(dqcubic\(dq or
\(dqbbr\(dq.
QUIC connection. <CC> should be one of \(dqcubic\(dq, \(dqbbr\(dq,
and \(dqbbr2\(dq.
.sp
Default: \fBcubic\fP
.UNINDENT
@@ -1854,12 +1845,12 @@ as QUIC keying materials. It is used to derive keys for
encrypting tokens and Connection IDs. It is not used to
encrypt QUIC packets. Each line of this file must
contain exactly 136 bytes hex\-encoded string (when
decoded the byte string is 68 bytes long). The first 3
decoded the byte string is 68 bytes long). The first 2
bits of decoded byte string are used to identify the
keying material. An empty line or a line which starts
\(aq#\(aq is ignored. The file can contain more than one
keying materials. Because the identifier is 3 bits, at
most 8 keying materials are read and the remaining data
keying materials. Because the identifier is 2 bits, at
most 4 keying materials are read and the remaining data
is discarded. The first keying material in the file is
primarily used for encryption and decryption for new
connection. The other ones are used to decrypt data for
@@ -2116,9 +2107,9 @@ than main process.
.SH SERVER PUSH
.sp
nghttpx supports HTTP/2 server push in default mode with Link header
field. nghttpx looks for Link header field (\X'tty: link http://tools.ietf.org/html/rfc5988'\fI\%RFC 5988\fP\X'tty: link') in response headers from
field. nghttpx looks for Link header field (\fI\%RFC 5988\fP) in response headers from
backend server and extracts URI\-reference with parameter
\fBrel=preload\fP (see \X'tty: link http://w3c.github.io/preload/#interoperability-with-http-link-header'\fI\%preload\fP\X'tty: link')
\fBrel=preload\fP (see \fI\%preload\fP)
and pushes those URIs to the frontend client. Here is a sample Link
header field to initiate server push:
.INDENT 0.0
@@ -2164,7 +2155,7 @@ delete the socket and continues to use it.
.sp
OCSP query is done using external Python script
\fBfetch\-ocsp\-response\fP, which has been originally developed in Perl
as part of h2o project (\X'tty: link https://github.com/h2o/h2o'\fI\%https://github.com/h2o/h2o\fP\X'tty: link'), and was
as part of h2o project (\fI\%https://github.com/h2o/h2o\fP), and was
translated into Python.
.sp
The script file is usually installed under
@@ -2260,15 +2251,15 @@ automatically. To rotate key, one has to restart nghttpx (see
SIGNALS).
.SH CERTIFICATE TRANSPARENCY
.sp
nghttpx supports TLS \fBsigned_certificate_timestamp\fP extension (\X'tty: link https://tools.ietf.org/html/rfc6962'\fI\%RFC
6962\fP\X'tty: link'). The relevant options
nghttpx supports TLS \fBsigned_certificate_timestamp\fP extension (\fI\%RFC
6962\fP). The relevant options
are \fI\%\-\-tls\-sct\-dir\fP and \fBsct\-dir\fP parameter in
\fI\%\-\-subcert\fP\&. They takes a directory, and nghttpx reads all
files whose extension is \fB\&.sct\fP under the directory. The \fB*.sct\fP
files are encoded as \fBSignedCertificateTimestamp\fP struct described
in \X'tty: link https://tools.ietf.org/html/rfc6962#section-3.2'\fI\%section 3.2 of RFC 69662\fP\X'tty: link'\&. This format is
the same one used by \X'tty: link https://github.com/grahamedgecombe/nginx-ct'\fI\%nginx\-ct\fP\X'tty: link' and \X'tty: link https://httpd.apache.org/docs/trunk/mod/mod_ssl_ct.html'\fI\%mod_ssl_ct\fP\X'tty: link'\&.
\X'tty: link https://github.com/grahamedgecombe/ct-submit'\fI\%ct\-submit\fP\X'tty: link' can be
in \fI\%section 3.2 of RFC 69662\fP\&. This format is
the same one used by \fI\%nginx\-ct\fP and \fI\%mod_ssl_ct\fP\&.
\fI\%ct\-submit\fP can be
used to submit certificates to log servers, and obtain the
\fBSignedCertificateTimestamp\fP struct which can be used with nghttpx.
.SH MRUBY SCRIPTING
@@ -2512,7 +2503,7 @@ On assignment, copy of given value is assigned. The path does
not include authority component of URI. This may include
query component. nghttpx makes certain normalization for
path. It decodes percent\-encoding for unreserved characters
(see \X'tty: link https://tools.ietf.org/html/rfc3986#section-2.3'\fI\%https://tools.ietf.org/html/rfc3986#section\-2.3\fP\X'tty: link'), and
(see \fI\%https://tools.ietf.org/html/rfc3986#section\-2.3\fP), and
resolves \(dq..\(dq and \(dq.\(dq. But it may leave characters which
should be percent\-encoded as is. So be careful when comparing
path against desired string.

61
doc/nghttpx.1.rst
View File

@@ -522,22 +522,24 @@ Performance
Timeout
~~~~~~~
.. option:: --frontend-http2-idle-timeout=<DURATION>
.. option:: --frontend-http2-read-timeout=<DURATION>
Specify idle timeout for HTTP/2 frontend connection. If
no active streams exist for this duration, connection is
closed.
Specify read timeout for HTTP/2 frontend connection.
Default: ``3m``
.. option:: --frontend-http3-idle-timeout=<DURATION>
.. option:: --frontend-http3-read-timeout=<DURATION>
Specify idle timeout for HTTP/3 frontend connection. If
no active streams exist for this duration, connection is
closed.
Specify read timeout for HTTP/3 frontend connection.
Default: ``3m``
.. option:: --frontend-read-timeout=<DURATION>
Specify read timeout for HTTP/1.1 frontend connection.
Default: ``1m``
.. option:: --frontend-write-timeout=<DURATION>
Specify write timeout for all frontend connections.
@@ -551,16 +553,6 @@ Timeout
Default: ``1m``
.. option:: --frontend-header-timeout=<DURATION>
Specify duration that the server waits for an HTTP
request header fields to be received completely. On
timeout, HTTP/1 and HTTP/2 connections are closed. For
HTTP/3, the stream is shutdown, and the connection
itself is left intact.
Default: ``1m``
.. option:: --stream-read-timeout=<DURATION>
Specify read timeout for HTTP/2 streams. 0 means no
@@ -736,13 +728,14 @@ SSL/TLS
Without this option, DHE cipher suites are not
available.
.. option:: --alpn-list=<LIST>
.. option:: --npn-list=<LIST>
Comma delimited list of ALPN protocol identifier sorted
in the order of preference. That means most desirable
protocol comes first. The parameter must be delimited
by a single comma only and any white spaces are treated
as a part of protocol string.
protocol comes first. This is used in both ALPN and
NPN. The parameter must be delimited by a single comma
only and any white spaces are treated as a part of
protocol string.
Default: ``h2,h2-16,h2-14,http/1.1``
@@ -1409,19 +1402,17 @@ HTTP
.. option:: --add-request-header=<HEADER>
Specify additional header field to add to request header
set. The field name must be lowercase. This option
just appends header field and won't replace anything
already set. This option can be used several times to
specify multiple header fields.
set. This option just appends header field and won't
replace anything already set. This option can be used
several times to specify multiple header fields.
Example: :option:`--add-request-header`\="foo: bar"
.. option:: --add-response-header=<HEADER>
Specify additional header field to add to response
header set. The field name must be lowercase. This
option just appends header field and won't replace
anything already set. This option can be used several
times to specify multiple header fields.
header set. This option just appends header field and
won't replace anything already set. This option can be
used several times to specify multiple header fields.
Example: :option:`--add-response-header`\="foo: bar"
.. option:: --request-header-field-buffer=<SIZE>
@@ -1682,8 +1673,8 @@ HTTP/3 and QUIC
.. option:: --frontend-quic-congestion-controller=<CC>
Specify a congestion controller algorithm for a frontend
QUIC connection. <CC> should be either "cubic" or
"bbr".
QUIC connection. <CC> should be one of "cubic", "bbr",
and "bbr2".
Default: ``cubic``
@@ -1694,12 +1685,12 @@ HTTP/3 and QUIC
encrypting tokens and Connection IDs. It is not used to
encrypt QUIC packets. Each line of this file must
contain exactly 136 bytes hex-encoded string (when
decoded the byte string is 68 bytes long). The first 3
decoded the byte string is 68 bytes long). The first 2
bits of decoded byte string are used to identify the
keying material. An empty line or a line which starts
'#' is ignored. The file can contain more than one
keying materials. Because the identifier is 3 bits, at
most 8 keying materials are read and the remaining data
keying materials. Because the identifier is 2 bits, at
most 4 keying materials are read and the remaining data
is discarded. The first keying material in the file is
primarily used for encryption and decryption for new
connection. The other ones are used to decrypt data for

42
doc/programmers-guide.rst
View File

@@ -40,28 +40,28 @@ most event-based architecture applications use is single thread per
core, and handling one connection I/O is done by single thread.
To feed input to :type:`nghttp2_session` object, one can use
`nghttp2_session_recv()` or `nghttp2_session_mem_recv2()` functions.
`nghttp2_session_recv()` or `nghttp2_session_mem_recv()` functions.
They behave similarly, and the difference is that
`nghttp2_session_recv()` will use :type:`nghttp2_read_callback` to get
input. On the other hand, `nghttp2_session_mem_recv2()` will take
input as its parameter. If in doubt, use
`nghttp2_session_mem_recv2()` since it is simpler, and could be faster
since it avoids calling callback function.
input. On the other hand, `nghttp2_session_mem_recv()` will take
input as its parameter. If in doubt, use `nghttp2_session_mem_recv()`
since it is simpler, and could be faster since it avoids calling
callback function.
To get output from :type:`nghttp2_session` object, one can use
`nghttp2_session_send()` or `nghttp2_session_mem_send2()`. The
`nghttp2_session_send()` or `nghttp2_session_mem_send()`. The
difference between them is that the former uses
:type:`nghttp2_send_callback` to pass output to an application. On
the other hand, the latter returns the output to the caller. If in
doubt, use `nghttp2_session_mem_send2()` since it is simpler. But
doubt, use `nghttp2_session_mem_send()` since it is simpler. But
`nghttp2_session_send()` might be easier to use if the output buffer
an application has is fixed sized.
In general, an application should call `nghttp2_session_mem_send2()`
In general, an application should call `nghttp2_session_mem_send()`
when it gets input from underlying connection. Since there is great
chance to get something pushed into transmission queue while the call
of `nghttp2_session_mem_send2()`, it is recommended to call
`nghttp2_session_mem_recv2()` after `nghttp2_session_mem_send2()`.
of `nghttp2_session_mem_send()`, it is recommended to call
`nghttp2_session_mem_recv()` after `nghttp2_session_mem_send()`.
There is a question when we are safe to close HTTP/2 session without
waiting for the closure of underlying connection. We offer 2 API
@@ -70,7 +70,7 @@ calls for this: `nghttp2_session_want_read()` and
can destroy :type:`nghttp2_session`, and then close the underlying
connection. But make sure that the buffered output has been
transmitted to the peer before closing the connection when
`nghttp2_session_mem_send2()` is used, since
`nghttp2_session_mem_send()` is used, since
`nghttp2_session_want_write()` does not take into account the
transmission of the buffered data outside of :type:`nghttp2_session`.
@@ -87,18 +87,18 @@ The header files are also available online: :doc:`nghttp2.h` and
Remarks
-------
Do not call `nghttp2_session_send()`, `nghttp2_session_mem_send2()`,
`nghttp2_session_recv()` or `nghttp2_session_mem_recv2()` from the
Do not call `nghttp2_session_send()`, `nghttp2_session_mem_send()`,
`nghttp2_session_recv()` or `nghttp2_session_mem_recv()` from the
nghttp2 callback functions directly or indirectly. It will lead to the
crash. You can submit requests or frames in the callbacks then call
these functions outside the callbacks.
`nghttp2_session_send()` and `nghttp2_session_mem_send2()` send first
`nghttp2_session_send()` and `nghttp2_session_mem_send()` send first
24 bytes of client magic string (MAGIC)
(:macro:`NGHTTP2_CLIENT_MAGIC`) on client configuration. The
applications are responsible to send SETTINGS frame as part of
connection preface using `nghttp2_submit_settings()`. Similarly,
`nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` consume
`nghttp2_session_recv()` and `nghttp2_session_mem_recv()` consume
MAGIC on server configuration unless
`nghttp2_option_set_no_recv_client_magic()` is used with nonzero
option value.
@@ -222,7 +222,7 @@ above, the following code does not work:
.. code-block:: c
nghttp2_submit_response2(...)
nghttp2_submit_response(...)
nghttp2_submit_rst_stream(...)
RST_STREAM cancels HEADERS (and DATA), and just RST_STREAM is sent.
@@ -258,9 +258,9 @@ For example, we will illustrate how to send `ALTSVC
const char *field;
} alt_svc;
nghttp2_ssize pack_extension_callback(nghttp2_session *session, uint8_t *buf,
size_t len, const nghttp2_frame *frame,
void *user_data) {
ssize_t pack_extension_callback(nghttp2_session *session, uint8_t *buf,
size_t len, const nghttp2_frame *frame,
void *user_data) {
const alt_svc *altsvc = (const alt_svc *)frame->ext.payload;
size_t originlen = strlen(altsvc->origin);
size_t fieldlen = strlen(altsvc->field);
@@ -497,8 +497,8 @@ order to receive and process PRIORITY_UPDATE frame, server has to call
NGHTTP2_PRIORITY_UPDATE)`` (see the above section), and pass the
option to `nghttp2_session_server_new2()` or
`nghttp2_session_server_new3()` to create a server session. Client
can send Priority header field via `nghttp2_submit_request2()`. It
can also send PRIORITY_UPDATE frame via
can send Priority header field via `nghttp2_submit_request()`. It can
also send PRIORITY_UPDATE frame via
`nghttp2_submit_priority_update()`. Server processes Priority header
field in a request header field and updates the stream priority unless
HTTP messaging rule enforcement is disabled (see

1
doc/security.rst Normal file
View File

@@ -0,0 +1 @@
.. include:: ../doc/sources/security.rst

4
doc/sources/contribute.rst
View File

@@ -26,7 +26,7 @@ Coding style
We use clang-format to format source code consistently. The
clang-format configuration file .clang-format is located at the root
directory. Since clang-format produces slightly different results
between versions, we currently use clang-format-18.
between versions, we currently use clang-format-14.
To detect any violation to the coding style, we recommend to setup git
pre-commit hook to check coding style of the changes you introduced.
@@ -34,7 +34,7 @@ The pre-commit file is located at the root directory. Copy it under
.git/hooks and make sure that it is executable. The pre-commit script
uses clang-format-diff.py to detect any style errors. If it is not in
your PATH or it exists under different name (e.g.,
clang-format-diff-18 in debian), either add it to PATH variable or add
clang-format-diff-14 in debian), either add it to PATH variable or add
git option ``clangformatdiff.binary`` to point to the script.
For emacs users, integrating clang-format to emacs is very easy.

6
doc/sources/h2load-howto.rst
View File

@@ -30,8 +30,8 @@ In order to set benchmark settings, specify following 3 options.
:option:`-m`
The max concurrent streams to issue per client. Default: 1
For SSL/TLS connection, the protocol will be negotiated via ALPN. You
can set specific protocols in :option:`--alpn-list` option. For
For SSL/TLS connection, the protocol will be negotiated via ALPN/NPN.
You can set specific protocols in :option:`--npn-list` option. For
cleartext connection, the default protocol is HTTP/2. To change the
protocol in cleartext connection, use :option:`--no-tls-proto` option.
For convenience, :option:`--h1` option forces HTTP/1.1 for both
@@ -139,4 +139,4 @@ h2load supports HTTP/3 if it is built with HTTP/3 enabled. HTTP/3
support is experimental.
In order to send HTTP/3 request, specify ``h3`` to
:option:`--alpn-list`.
:option:`--npn-list`.

1
doc/sources/index.rst
View File

@@ -18,6 +18,7 @@ Contents:
package_README
contribute
security
building-android-binary
tutorial-client
tutorial-server

6
doc/sources/nghttpx-howto.rst
View File

@@ -20,7 +20,7 @@ known as "HTTP/2 router".
By default, frontend connection is encrypted using SSL/TLS. So
server's private key and certificate must be supplied to the command
line (or through configuration file). In this case, the frontend
protocol selection will be done via ALPN.
protocol selection will be done via ALPN or NPN.
To turn off encryption on frontend connection, use ``no-tls`` keyword
in :option:`--frontend` option. HTTP/2 and HTTP/1 are available on
@@ -546,8 +546,8 @@ keys in order to keep the existing connections alive during reload.
The construction of Connection ID closely follows Block Cipher CID
Algorithm described in `QUIC-LB draft
<https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers>`_.
A Connection ID that nghttpx generates is always 17 bytes long. It
uses first 3 bits as a configuration ID. The remaining bits in the
A Connection ID that nghttpx generates is always 20 bytes long. It
uses first 2 bits as a configuration ID. The remaining bits in the
first byte are reserved and random. The next 4 bytes are server ID.
The next 4 bytes are used to route UDP datagram to a correct
``SO_REUSEPORT`` socket. The remaining bytes are randomly generated.

38
doc/sources/security.rst Normal file
View File

@@ -0,0 +1,38 @@
Security Process
================
If you find a vulnerability in our software, please send the email to
"tatsuhiro.t at gmail dot com" about its details instead of submitting
issues on github issue page. It is a standard practice not to
disclose vulnerability information publicly until a fixed version is
released, or mitigation is worked out. In the future, we may setup a
dedicated mail address for this purpose.
If we identify that the reported issue is really a vulnerability, we
open a new security advisory draft using `GitHub security feature
<https://github.com/nghttp2/nghttp2/security>`_ and discuss the
mitigation and bug fixes there. The fixes are committed to the
private repository.
We write the security advisory and get CVE number from GitHub
privately. We also discuss the disclosure date to the public.
We make a new release with the fix at the same time when the
vulnerability is disclosed to public.
At least 7 days before the public disclosure date, we will post
security advisory (which includes all the details of the vulnerability
and the possible mitigation strategies) and the patches to fix the
issue to `distros@openwall
<https://oss-security.openwall.org/wiki/mailing-lists/distros>`_
mailing list. We also open a new issue on `nghttp2 issue tracker
<https://github.com/nghttp2/nghttp2/issues>`_ which notifies that the
upcoming release will have a security fix. The ``SECURITY`` label is
attached to this kind of issue.
Before few hours of new release, we merge the fixes to the master
branch (and/or a release branch if necessary) and make a new release.
Security advisory is disclosed on GitHub. We also post the
vulnerability information to `oss-security
<https://oss-security.openwall.org/wiki/mailing-lists/oss-security>`_
mailing list.

67
doc/sources/tutorial-client.rst
View File

@@ -18,8 +18,34 @@ note that nghttp2 itself does not depend on libevent.
The client starts with some libevent and OpenSSL setup in the
``main()`` and ``run()`` functions. This setup isn't specific to
nghttp2, but one thing you should look at is setup of ALPN. Client
tells application protocols that it supports to server via ALPN::
nghttp2, but one thing you should look at is setup of the NPN
callback. The NPN callback is used by the client to select the next
application protocol over TLS. In this tutorial, we use the
`nghttp2_select_next_protocol()` helper function to select the HTTP/2
protocol the library supports::
static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg _U_) {
if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
}
return SSL_TLSEXT_ERR_OK;
}
If you are following TLS related RFC, you know that NPN is not the
standardized way to negotiate HTTP/2. NPN itself is not event
published as RFC. The standard way to negotiate HTTP/2 is ALPN,
Application-Layer Protocol Negotiation Extension, defined in `RFC 7301
<https://tools.ietf.org/html/rfc7301>`_. The one caveat of ALPN is
that OpenSSL >= 1.0.2 is required. We use macro to enable/disable
ALPN support depending on OpenSSL version. OpenSSL's ALPN
implementation does not require callback function like the above. But
we have to instruct OpenSSL SSL_CTX to use ALPN, which we'll talk
about soon.
The callback is added to the SSL_CTX object using
``SSL_CTX_set_next_proto_select_cb()``::
static SSL_CTX *create_ssl_ctx(void) {
SSL_CTX *ssl_ctx;
@@ -32,8 +58,11 @@ tells application protocols that it supports to server via ALPN::
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
return ssl_ctx;
}
@@ -126,7 +155,12 @@ underlying network socket::
ssl = bufferevent_openssl_get_ssl(session_data->bev);
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
}
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "h2 is not negotiated\n");
@@ -171,7 +205,7 @@ session object and several callbacks::
nghttp2_session_callbacks_new(&callbacks);
nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -246,8 +280,8 @@ HTTP request in the ``submit_request()`` function::
MAKE_NV(":path", stream_data->path, stream_data->pathlen)};
fprintf(stderr, "Request headers:\n");
print_headers(stderr, hdrs, ARRLEN(hdrs));
stream_id = nghttp2_submit_request2(session_data->session, NULL, hdrs,
ARRLEN(hdrs), NULL, stream_data);
stream_id = nghttp2_submit_request(session_data->session, NULL, hdrs,
ARRLEN(hdrs), NULL, stream_data);
if (stream_id < 0) {
errx(1, "Could not submit HTTP request: %s", nghttp2_strerror(stream_id));
}
@@ -258,11 +292,11 @@ HTTP request in the ``submit_request()`` function::
We build the HTTP request header fields in ``hdrs``, which is an array
of :type:`nghttp2_nv`. There are four header fields to be sent:
``:method``, ``:scheme``, ``:authority``, and ``:path``. To queue the
HTTP request, we call `nghttp2_submit_request2()`. The ``stream_data``
HTTP request, we call `nghttp2_submit_request()`. The ``stream_data``
is passed via the *stream_user_data* parameter, which is helpfully
later passed back to callback functions.
`nghttp2_submit_request2()` returns the newly assigned stream ID for
`nghttp2_submit_request()` returns the newly assigned stream ID for
the request.
The next bufferevent callback is ``readcb()``, which is invoked when
@@ -270,12 +304,12 @@ data is available to read from the bufferevent input buffer::
static void readcb(struct bufferevent *bev, void *ptr) {
http2_session_data *session_data = (http2_session_data *)ptr;
nghttp2_ssize readlen;
ssize_t readlen;
struct evbuffer *input = bufferevent_get_input(bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
delete_http2_session_data(session_data);
@@ -293,8 +327,8 @@ data is available to read from the bufferevent input buffer::
}
In this function we feed all unprocessed, received data to the nghttp2
session object using the `nghttp2_session_mem_recv2()` function.
`nghttp2_session_mem_recv2()` processes the received data and may
session object using the `nghttp2_session_mem_recv()` function.
`nghttp2_session_mem_recv()` processes the received data and may
invoke nghttp2 callbacks and queue frames for transmission. Since
there may be pending frames for transmission, we call immediately
``session_send()`` to send them. ``session_send()`` is defined as
@@ -313,16 +347,15 @@ follows::
The `nghttp2_session_send()` function serializes pending frames into
wire format and calls the ``send_callback()`` function to send them.
``send_callback()`` has type :type:`nghttp2_send_callback2` and is
``send_callback()`` has type :type:`nghttp2_send_callback` and is
defined as::
static nghttp2_ssize send_callback(nghttp2_session *session _U_,
const uint8_t *data, size_t length,
int flags _U_, void *user_data) {
static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
size_t length, int flags _U_, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
bufferevent_write(bev, data, length);
return (nghttp2_ssize)length;
return (ssize_t)length;
}
Since we use bufferevent to abstract network I/O, we just write the

30
doc/sources/tutorial-hpack.rst
View File

@@ -24,11 +24,11 @@ deflater object for the dynamic header table. If in doubt, just
specify 4096 here, which is the default upper bound of dynamic header
table buffer size.
To encode header fields, use the `nghttp2_hd_deflate_hd2()` function::
To encode header fields, use the `nghttp2_hd_deflate_hd()` function::
nghttp2_ssize nghttp2_hd_deflate_hd2(nghttp2_hd_deflater *deflater,
uint8_t *buf, size_t buflen,
const nghttp2_nv *nva, size_t nvlen);
ssize_t nghttp2_hd_deflate_hd(nghttp2_hd_deflater *deflater,
uint8_t *buf, size_t buflen,
const nghttp2_nv *nva, size_t nvlen);
The *deflater* is the deflater object initialized by
`nghttp2_hd_deflate_new()` described above. The encoded byte string is
@@ -44,7 +44,7 @@ cookies), set the :macro:`NGHTTP2_NV_FLAG_NO_INDEX` flag in
sensitive header fields by compression based attacks: This is achieved
by not inserting the header field into the dynamic header table.
`nghttp2_hd_deflate_hd2()` processes all headers given in *nva*. The
`nghttp2_hd_deflate_hd()` processes all headers given in *nva*. The
*nva* must include all request or response header fields to be sent in
one HEADERS (or optionally following (multiple) CONTINUATION
frame(s)). The *buf* must have enough space to store the encoded
@@ -55,13 +55,13 @@ of the encoded result length, use `nghttp2_hd_deflate_bound()`::
const nghttp2_nv *nva, size_t nvlen);
Pass this function the same parameters (*deflater*, *nva*, and
*nvlen*) which will be passed to `nghttp2_hd_deflate_hd2()`.
*nvlen*) which will be passed to `nghttp2_hd_deflate_hd()`.
Subsequent calls to `nghttp2_hd_deflate_hd2()` will use the current
Subsequent calls to `nghttp2_hd_deflate_hd()` will use the current
encoder state and perform differential encoding, which yields HPAC's
fundamental compression gain.
If `nghttp2_hd_deflate_hd2()` fails, the failure is fatal and any
If `nghttp2_hd_deflate_hd()` fails, the failure is fatal and any
further calls with the same deflater object will fail. Thus it's very
important to use `nghttp2_hd_deflate_bound()` to determine the
required size of the output buffer.
@@ -78,14 +78,14 @@ header data. To initialize the object, use
int nghttp2_hd_inflate_new(nghttp2_hd_inflater **inflater_ptr);
To inflate header data, use `nghttp2_hd_inflate_hd3()`::
To inflate header data, use `nghttp2_hd_inflate_hd2()`::
nghttp2_ssize nghttp2_hd_inflate_hd3(nghttp2_hd_inflater *inflater,
nghttp2_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen,
int in_final);
ssize_t nghttp2_hd_inflate_hd2(nghttp2_hd_inflater *inflater,
nghttp2_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen,
int in_final);
`nghttp2_hd_inflate_hd3()` reads a stream of bytes and outputs a
`nghttp2_hd_inflate_hd2()` reads a stream of bytes and outputs a
single header field at a time. Multiple calls are normally required to
read a full stream of bytes and output all of the header fields.
@@ -119,7 +119,7 @@ If *in_final* is zero and the :macro:`NGHTTP2_HD_INFLATE_EMIT` flag is
not set, it indicates that all given data was processed. The caller
is required to pass additional data.
Example usage of `nghttp2_hd_inflate_hd3()` is shown in the
Example usage of `nghttp2_hd_inflate_hd2()` is shown in the
`inflate_header_block()` function in `deflate.c`_.
Finally, to delete a :type:`nghttp2_hd_inflater` object, use

111
doc/sources/tutorial-server.rst
View File

@@ -21,18 +21,41 @@ note that nghttp2 itself does not depend on libevent.
The server starts with some libevent and OpenSSL setup in the
``main()`` and ``run()`` functions. This setup isn't specific to
nghttp2, but one thing you should look at is setup of ALPN callback.
The ALPN callback is used by the server to select application
protocols offered by client. In ALPN, client sends the list of
supported application protocols, and server selects one of them. We
provide the callback for it::
nghttp2, but one thing you should look at is setup of the NPN
callback. The NPN callback is used by the server to advertise which
application protocols the server supports to a client. In this
example program, when creating the ``SSL_CTX`` object, we store the
application protocol name in the wire format of NPN in a statically
allocated buffer. This is safe because we only create one ``SSL_CTX``
object in the program's entire lifetime.
If you are following TLS related RFC, you know that NPN is not the
standardized way to negotiate HTTP/2. NPN itself is not even
published as RFC. The standard way to negotiate HTTP/2 is ALPN,
Application-Layer Protocol Negotiation Extension, defined in `RFC 7301
<https://tools.ietf.org/html/rfc7301>`_. The one caveat of ALPN is
that OpenSSL >= 1.0.2 is required. We use macro to enable/disable
ALPN support depending on OpenSSL version. In ALPN, client sends the
list of supported application protocols, and server selects one of
them. We provide the callback for it::
static unsigned char next_proto_list[256];
static size_t next_proto_list_len;
static int next_proto_cb(SSL *s _U_, const unsigned char **data,
unsigned int *len, void *arg _U_) {
*data = next_proto_list;
*len = (unsigned int)next_proto_list_len;
return SSL_TLSEXT_ERR_OK;
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg _U_) {
int rv;
rv = nghttp2_select_alpn(out, outlen, in, inlen);
rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, inlen);
if (rv != 1) {
return SSL_TLSEXT_ERR_NOACK;
@@ -40,6 +63,7 @@ provide the callback for it::
return SSL_TLSEXT_ERR_OK;
}
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
SSL_CTX *ssl_ctx;
@@ -49,14 +73,33 @@ provide the callback for it::
...
next_proto_list[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
memcpy(&next_proto_list[1], NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN);
next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
return ssl_ctx;
}
In ``alpn_select_proto_cb()``, we use `nghttp2_select_alpn()` to
select application protocol. The `nghttp2_select_alpn()` returns 1
only if it selected h2 (ALPN identifier for HTTP/2), and out
The wire format of NPN is a sequence of length prefixed strings, with
exactly one byte used to specify the length of each protocol
identifier. In this tutorial, we advertise the specific HTTP/2
protocol version the current nghttp2 library supports, which is
exported in the identifier :macro:`NGHTTP2_PROTO_VERSION_ID`. The
``next_proto_cb()`` function is the server-side NPN callback. In the
OpenSSL implementation, we just assign the pointer to the NPN buffers
we filled in earlier. The NPN callback function is set to the
``SSL_CTX`` object using ``SSL_CTX_set_next_protos_advertised_cb()``.
In ``alpn_select_proto_cb()``, we use `nghttp2_select_next_protocol()`
to select application protocol. The `nghttp2_select_next_protocol()`
returns 1 only if it selected h2 (ALPN identifier for HTTP/2), and out
parameters were assigned accordingly.
Next, let's take a look at the main structures used by the example
@@ -170,7 +213,12 @@ underlying network socket::
ssl = bufferevent_openssl_get_ssl(session_data->bev);
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
}
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);
@@ -220,7 +268,7 @@ session object and several callbacks::
nghttp2_session_callbacks_new(&callbacks);
nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -275,12 +323,12 @@ this pending data. To process the received data, we call the
``session_recv()`` function::
static int session_recv(http2_session_data *session_data) {
nghttp2_ssize readlen;
ssize_t readlen;
struct evbuffer *input = bufferevent_get_input(session_data->bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
return -1;
@@ -296,9 +344,9 @@ this pending data. To process the received data, we call the
}
In this function, we feed all unprocessed but already received data to
the nghttp2 session object using the `nghttp2_session_mem_recv2()`
function. The `nghttp2_session_mem_recv2()` function processes the
data and may both invoke the previously setup callbacks and also queue
the nghttp2 session object using the `nghttp2_session_mem_recv()`
function. The `nghttp2_session_mem_recv()` function processes the data
and may both invoke the previously setup callbacks and also queue
outgoing frames. To send any pending outgoing frames, we immediately
call ``session_send()``.
@@ -316,12 +364,11 @@ The ``session_send()`` function is defined as follows::
The `nghttp2_session_send()` function serializes the frame into wire
format and calls the ``send_callback()``, which is of type
:type:`nghttp2_send_callback2`. The ``send_callback()`` is defined as
:type:`nghttp2_send_callback`. The ``send_callback()`` is defined as
follows::
static nghttp2_ssize send_callback(nghttp2_session *session _U_,
const uint8_t *data, size_t length,
int flags _U_, void *user_data) {
static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
size_t length, int flags _U_, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
/* Avoid excessive buffering in server side. */
@@ -330,7 +377,7 @@ follows::
return NGHTTP2_ERR_WOULDBLOCK;
}
bufferevent_write(bev, data, length);
return (nghttp2_ssize)length;
return (ssize_t)length;
}
Since we use bufferevent to abstract network I/O, we just write the
@@ -510,11 +557,11 @@ Sending the file content is performed by the ``send_response()`` function::
static int send_response(nghttp2_session *session, int32_t stream_id,
nghttp2_nv *nva, size_t nvlen, int fd) {
int rv;
nghttp2_data_provider2 data_prd;
nghttp2_data_provider data_prd;
data_prd.source.fd = fd;
data_prd.read_callback = file_read_callback;
rv = nghttp2_submit_response2(session, stream_id, nva, nvlen, &data_prd);
rv = nghttp2_submit_response(session, stream_id, nva, nvlen, &data_prd);
if (rv != 0) {
warnx("Fatal error: %s", nghttp2_strerror(rv));
return -1;
@@ -522,7 +569,7 @@ Sending the file content is performed by the ``send_response()`` function::
return 0;
}
nghttp2 uses the :type:`nghttp2_data_provider2` structure to send the
nghttp2 uses the :type:`nghttp2_data_provider` structure to send the
entity body to the remote peer. The ``source`` member of this
structure is a union, which can be either a void pointer or an int
(which is intended to be used as file descriptor). In this example
@@ -530,11 +577,11 @@ server, we use it as a file descriptor. We also set the
``file_read_callback()`` callback function to read the contents of the
file::
static nghttp2_ssize file_read_callback(nghttp2_session *session _U_,
int32_t stream_id _U_, uint8_t *buf,
size_t length, uint32_t *data_flags,
nghttp2_data_source *source,
void *user_data _U_) {
static ssize_t file_read_callback(nghttp2_session *session _U_,
int32_t stream_id _U_, uint8_t *buf,
size_t length, uint32_t *data_flags,
nghttp2_data_source *source,
void *user_data _U_) {
int fd = source->fd;
ssize_t r;
while ((r = read(fd, buf, length)) == -1 && errno == EINTR)
@@ -545,7 +592,7 @@ file::
if (r == 0) {
*data_flags |= NGHTTP2_DATA_FLAG_EOF;
}
return (nghttp2_ssize)r;
return r;
}
If an error occurs while reading the file, we return
@@ -554,8 +601,8 @@ library to send RST_STREAM to the stream. When all data has been
read, the :macro:`NGHTTP2_DATA_FLAG_EOF` flag is set to signal nghttp2
that we have finished reading the file.
The `nghttp2_submit_response2()` function is used to send the response
to the remote peer.
The `nghttp2_submit_response()` function is used to send the response to the
remote peer.
The ``on_stream_close_callback()`` function is invoked when the stream
is about to close::

56
docker/Dockerfile
View File

@@ -1,84 +1,78 @@
FROM debian:12 as build
ARG NGHTTP2_BRANCH=master
FROM debian:11 as build
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
apt-get install -y --no-install-recommends \
git clang make binutils autoconf automake autotools-dev libtool \
pkg-config cmake cmake-data \
pkg-config \
zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison \
libelf-dev libbrotli-dev
libelf-dev
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.34.2 https://github.com/aws/aws-lc && \
cd aws-lc && \
cmake -B build -DDISABLE_GO=ON && \
make -j$(nproc) -C build && \
cmake --install build && \
RUN git clone --depth 1 -b OpenSSL_1_1_1u+quic https://github.com/quictls/openssl && \
cd openssl && \
./config --openssldir=/etc/ssl && \
make -j$(nproc) && \
make install_sw && \
cd .. && \
rm -rf aws-lc
rm -rf openssl
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.5.0 https://github.com/ngtcp2/nghttp3 && \
RUN git clone --depth 1 -b v0.13.0 https://github.com/ngtcp2/nghttp3 && \
cd nghttp3 && \
autoreconf -i && \
./configure --disable-dependency-tracking --enable-lib-only && \
./configure --enable-lib-only && \
make -j$(nproc) && \
make install-strip && \
cd .. && \
rm -rf nghttp3
RUN git clone --recursive --shallow-submodules --depth 1 -b v1.7.0 https://github.com/ngtcp2/ngtcp2 && \
RUN git clone --depth 1 -b v0.17.0 https://github.com/ngtcp2/ngtcp2 && \
cd ngtcp2 && \
autoreconf -i && \
./configure --disable-dependency-tracking --enable-lib-only \
--with-boringssl \
./configure --enable-lib-only \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
BORINGSSL_LIBS="-l:libssl.a -l:libcrypto.a" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -lpthread" \
PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
make -j$(nproc) && \
make install-strip && \
cd .. && \
rm -rf ngtcp2
RUN git clone --depth 1 -b v1.4.5 https://github.com/libbpf/libbpf && \
RUN git clone --depth 1 -b v1.2.0 https://github.com/libbpf/libbpf && \
cd libbpf && \
PREFIX=/usr/local make -C src install && \
cd .. && \
rm -rf libbpf
RUN git clone --recursive --shallow-submodules --depth 1 -b $NGHTTP2_BRANCH https://github.com/nghttp2/nghttp2 && \
RUN git clone --depth 1 https://github.com/nghttp2/nghttp2.git && \
cd nghttp2 && \
git submodule update --init && \
autoreconf -i && \
./configure --disable-dependency-tracking --disable-examples \
--disable-hpack-tools \
--with-mruby \
./configure --disable-examples --disable-hpack-tools \
--with-mruby --with-neverbleed \
--enable-http3 --with-libbpf \
--with-libbrotlienc --with-libbrotlidec \
CC=clang CXX=clang++ \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -pthread" \
LIBEV_LIBS="-l:libev.a" \
JEMALLOC_LIBS="-l:libjemalloc.a" \
LIBCARES_LIBS="-l:libcares.a" \
ZLIB_LIBS="-l:libz.a" \
LIBBPF_LIBS="-L/usr/local/lib64 -l:libbpf.a -l:libelf.a" \
LIBBROTLIENC_LIBS="-l:libbrotlienc.a -l:libbrotlicommon.a" \
LIBBROTLIDEC_LIBS="-l:libbrotlidec.a -l:libbrotlicommon.a" \
LDFLAGS="-static-libgcc -static-libstdc++" \
PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
make -j$(nproc) install-strip && \
cd .. && \
rm -rf nghttp2
FROM gcr.io/distroless/base-nossl-debian12
FROM gcr.io/distroless/base-debian11
COPY --from=build --link \
COPY --from=build \
/usr/local/share/nghttp2/ \
/usr/local/share/nghttp2/
COPY --from=build --link \
COPY --from=build \
/usr/local/bin/h2load \
/usr/local/bin/nghttpx \
/usr/local/bin/nghttp \
/usr/local/bin/nghttpd \
/usr/local/bin/
COPY --from=build --link /usr/local/lib/nghttp2/reuseport_kern.o \
COPY --from=build /usr/local/lib/nghttp2/reuseport_kern.o \
/usr/local/lib/nghttp2/

79
examples/client.c
View File

@@ -56,7 +56,6 @@
#include <string.h>
#include <errno.h>
#define NGHTTP2_NO_SSIZE_T
#include <nghttp2/nghttp2.h>
#include <openssl/ssl.h>
@@ -67,14 +66,14 @@ enum { IO_NONE, WANT_READ, WANT_WRITE };
#define MAKE_NV(NAME, VALUE) \
{ \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, \
sizeof(VALUE) - 1, NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, sizeof(VALUE) - 1, \
NGHTTP2_NV_FLAG_NONE \
}
#define MAKE_NV_CS(NAME, VALUE) \
{ \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, \
strlen(VALUE), NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, strlen(VALUE), \
NGHTTP2_NV_FLAG_NONE \
}
struct Connection {
@@ -155,14 +154,13 @@ static void diec(const char *func, int error_code) {
}
/*
* The implementation of nghttp2_send_callback2 type. Here we write
* The implementation of nghttp2_send_callback type. Here we write
* |data| with size |length| to the network and return the number of
* bytes actually written. See the documentation of
* nghttp2_send_callback for the details.
*/
static nghttp2_ssize send_callback(nghttp2_session *session,
const uint8_t *data, size_t length,
int flags, void *user_data) {
static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
size_t length, int flags, void *user_data) {
struct Connection *connection;
int rv;
(void)session;
@@ -186,14 +184,13 @@ static nghttp2_ssize send_callback(nghttp2_session *session,
}
/*
* The implementation of nghttp2_recv_callback2 type. Here we read
* data from the network and write them in |buf|. The capacity of
* |buf| is |length| bytes. Returns the number of bytes stored in
* |buf|. See the documentation of nghttp2_recv_callback for the
* details.
* The implementation of nghttp2_recv_callback type. Here we read data
* from the network and write them in |buf|. The capacity of |buf| is
* |length| bytes. Returns the number of bytes stored in |buf|. See
* the documentation of nghttp2_recv_callback for the details.
*/
static nghttp2_ssize recv_callback(nghttp2_session *session, uint8_t *buf,
size_t length, int flags, void *user_data) {
static ssize_t recv_callback(nghttp2_session *session, uint8_t *buf,
size_t length, int flags, void *user_data) {
struct Connection *connection;
int rv;
(void)session;
@@ -331,9 +328,9 @@ static int on_data_chunk_recv_callback(nghttp2_session *session, uint8_t flags,
* recv_callback is also required.
*/
static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
nghttp2_session_callbacks_set_recv_callback2(callbacks, recv_callback);
nghttp2_session_callbacks_set_recv_callback(callbacks, recv_callback);
nghttp2_session_callbacks_set_on_frame_send_callback(callbacks,
on_frame_send_callback);
@@ -348,6 +345,29 @@ static void setup_nghttp2_callbacks(nghttp2_session_callbacks *callbacks) {
callbacks, on_data_chunk_recv_callback);
}
#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Callback function for TLS NPN. Since this program only supports
* HTTP/2 protocol, if server does not offer HTTP/2 the nghttp2
* library supports, we terminate program.
*/
static int select_next_proto_cb(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg) {
int rv;
(void)ssl;
(void)arg;
/* nghttp2_select_next_protocol() selects HTTP/2 protocol the
nghttp2 library supports. */
rv = nghttp2_select_next_protocol(out, outlen, in, inlen);
if (rv <= 0) {
die("Server did not advertise HTTP/2 protocol");
}
return SSL_TLSEXT_ERR_OK;
}
#endif /* !OPENSSL_NO_NEXTPROTONEG */
/*
* Setup SSL/TLS context.
*/
@@ -356,8 +376,14 @@ static void init_ssl_ctx(SSL_CTX *ssl_ctx) {
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
/* Set NPN callback */
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
}
static void ssl_handshake(SSL *ssl, int fd) {
@@ -461,8 +487,8 @@ static void submit_request(struct Connection *connection, struct Request *req) {
MAKE_NV("accept", "*/*"),
MAKE_NV("user-agent", "nghttp2/" NGHTTP2_VERSION)};
stream_id = nghttp2_submit_request2(connection->session, NULL, nva,
sizeof(nva) / sizeof(nva[0]), NULL, req);
stream_id = nghttp2_submit_request(connection->session, NULL, nva,
sizeof(nva) / sizeof(nva[0]), NULL, req);
if (stream_id < 0) {
diec("nghttp2_submit_request", stream_id);
@@ -693,6 +719,19 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, 0);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
rv = parse_uri(&uri, argv[1]);
if (rv != 0) {
die("parse_uri failed");

18
examples/deflate.c
View File

@@ -29,13 +29,12 @@
#include <stdio.h>
#include <string.h>
#define NGHTTP2_NO_SSIZE_T
#include <nghttp2/nghttp2.h>
#define MAKE_NV(K, V) \
{ \
(uint8_t *)K, (uint8_t *)V, sizeof(K) - 1, \
sizeof(V) - 1, NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)K, (uint8_t *)V, sizeof(K) - 1, sizeof(V) - 1, \
NGHTTP2_NV_FLAG_NONE \
}
static void deflate(nghttp2_hd_deflater *deflater,
@@ -94,7 +93,7 @@ int main(void) {
static void deflate(nghttp2_hd_deflater *deflater,
nghttp2_hd_inflater *inflater, const nghttp2_nv *const nva,
size_t nvlen) {
nghttp2_ssize rv;
ssize_t rv;
uint8_t *buf;
size_t buflen;
size_t outlen;
@@ -119,10 +118,10 @@ static void deflate(nghttp2_hd_deflater *deflater,
buflen = nghttp2_hd_deflate_bound(deflater, nva, nvlen);
buf = malloc(buflen);
rv = nghttp2_hd_deflate_hd2(deflater, buf, buflen, nva, nvlen);
rv = nghttp2_hd_deflate_hd(deflater, buf, buflen, nva, nvlen);
if (rv < 0) {
fprintf(stderr, "nghttp2_hd_deflate_hd2() failed with error: %s\n",
fprintf(stderr, "nghttp2_hd_deflate_hd() failed with error: %s\n",
nghttp2_strerror((int)rv));
free(buf);
@@ -167,18 +166,17 @@ static void deflate(nghttp2_hd_deflater *deflater,
int inflate_header_block(nghttp2_hd_inflater *inflater, uint8_t *in,
size_t inlen, int final) {
nghttp2_ssize rv;
ssize_t rv;
for (;;) {
nghttp2_nv nv;
int inflate_flags = 0;
size_t proclen;
rv =
nghttp2_hd_inflate_hd3(inflater, &nv, &inflate_flags, in, inlen, final);
rv = nghttp2_hd_inflate_hd(inflater, &nv, &inflate_flags, in, inlen, final);
if (rv < 0) {
fprintf(stderr, "inflate failed with error code %td", rv);
fprintf(stderr, "inflate failed with error code %zd", rv);
return -1;
}

72
examples/libevent-client.c
View File

@@ -63,7 +63,6 @@ char *strndup(const char *s, size_t size);
#include <event2/bufferevent_ssl.h>
#include <event2/dns.h>
#define NGHTTP2_NO_SSIZE_T
#include <nghttp2/nghttp2.h>
#include "url-parser/url_parser.h"
@@ -197,19 +196,18 @@ static void print_headers(FILE *f, nghttp2_nv *nva, size_t nvlen) {
fprintf(f, "\n");
}
/* nghttp2_send_callback2. Here we transmit the |data|, |length|
bytes, to the network. Because we are using libevent bufferevent,
we just write those bytes into bufferevent buffer. */
static nghttp2_ssize send_callback(nghttp2_session *session,
const uint8_t *data, size_t length,
int flags, void *user_data) {
/* nghttp2_send_callback. Here we transmit the |data|, |length| bytes,
to the network. Because we are using libevent bufferevent, we just
write those bytes into bufferevent buffer. */
static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
size_t length, int flags, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
(void)session;
(void)flags;
bufferevent_write(bev, data, length);
return (nghttp2_ssize)length;
return (ssize_t)length;
}
/* nghttp2_on_header_callback: Called when nghttp2 library emits
@@ -310,6 +308,23 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
return 0;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
/* NPN TLS extension client callback. We check that server advertised
the HTTP/2 protocol the nghttp2 library supports. If not, exit
the program. */
static int select_next_proto_cb(SSL *ssl, unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg) {
(void)ssl;
(void)arg;
if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
}
return SSL_TLSEXT_ERR_OK;
}
#endif /* !OPENSSL_NO_NEXTPROTONEG */
/* Create SSL_CTX. */
static SSL_CTX *create_ssl_ctx(void) {
SSL_CTX *ssl_ctx;
@@ -322,8 +337,13 @@ static SSL_CTX *create_ssl_ctx(void) {
SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
return ssl_ctx;
}
@@ -344,7 +364,7 @@ static void initialize_nghttp2_session(http2_session_data *session_data) {
nghttp2_session_callbacks_new(&callbacks);
nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -381,14 +401,14 @@ static void send_client_connection_header(http2_session_data *session_data) {
#define MAKE_NV(NAME, VALUE, VALUELEN) \
{ \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, \
VALUELEN, NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, VALUELEN, \
NGHTTP2_NV_FLAG_NONE \
}
#define MAKE_NV2(NAME, VALUE) \
{ \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, \
sizeof(VALUE) - 1, NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, sizeof(VALUE) - 1, \
NGHTTP2_NV_FLAG_NONE \
}
/* Send HTTP request to the remote peer */
@@ -405,8 +425,8 @@ static void submit_request(http2_session_data *session_data) {
MAKE_NV(":path", stream_data->path, stream_data->pathlen)};
fprintf(stderr, "Request headers:\n");
print_headers(stderr, hdrs, ARRLEN(hdrs));
stream_id = nghttp2_submit_request2(session_data->session, NULL, hdrs,
ARRLEN(hdrs), NULL, stream_data);
stream_id = nghttp2_submit_request(session_data->session, NULL, hdrs,
ARRLEN(hdrs), NULL, stream_data);
if (stream_id < 0) {
errx(1, "Could not submit HTTP request: %s", nghttp2_strerror(stream_id));
}
@@ -433,12 +453,12 @@ static int session_send(http2_session_data *session_data) {
context. To send them, we call session_send() in the end. */
static void readcb(struct bufferevent *bev, void *ptr) {
http2_session_data *session_data = (http2_session_data *)ptr;
nghttp2_ssize readlen;
ssize_t readlen;
struct evbuffer *input = bufferevent_get_input(bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
delete_http2_session_data(session_data);
@@ -488,9 +508,14 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
ssl = bufferevent_openssl_get_ssl(session_data->bev);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "h2 is not negotiated\n");
@@ -592,6 +617,19 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
run(argv[1]);
return 0;
}

88
examples/libevent-server.c
View File

@@ -71,7 +71,6 @@
#include <event2/bufferevent_ssl.h>
#include <event2/listener.h>
#define NGHTTP2_NO_SSIZE_T
#include <nghttp2/nghttp2.h>
#define OUTPUT_WOULDBLOCK_THRESHOLD (1 << 16)
@@ -80,8 +79,8 @@
#define MAKE_NV(NAME, VALUE) \
{ \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, \
sizeof(VALUE) - 1, NGHTTP2_NV_FLAG_NONE, \
(uint8_t *)NAME, (uint8_t *)VALUE, sizeof(NAME) - 1, sizeof(VALUE) - 1, \
NGHTTP2_NV_FLAG_NONE \
}
struct app_context;
@@ -107,6 +106,22 @@ struct app_context {
struct event_base *evbase;
};
static unsigned char next_proto_list[256];
static size_t next_proto_list_len;
#ifndef OPENSSL_NO_NEXTPROTONEG
static int next_proto_cb(SSL *ssl, const unsigned char **data,
unsigned int *len, void *arg) {
(void)ssl;
(void)arg;
*data = next_proto_list;
*len = (unsigned int)next_proto_list_len;
return SSL_TLSEXT_ERR_OK;
}
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg) {
@@ -114,7 +129,7 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
(void)ssl;
(void)arg;
rv = nghttp2_select_alpn(out, outlen, in, inlen);
rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, inlen);
if (rv != 1) {
return SSL_TLSEXT_ERR_NOACK;
@@ -122,6 +137,7 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
return SSL_TLSEXT_ERR_OK;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
/* Create SSL_CTX. */
static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
@@ -161,7 +177,18 @@ static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
errx(1, "Could not read certificate file %s", cert_file);
}
next_proto_list[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
memcpy(&next_proto_list[1], NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN);
next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
return ssl_ctx;
}
@@ -278,16 +305,16 @@ static int session_send(http2_session_data *session_data) {
}
/* Read the data in the bufferevent and feed them into nghttp2 library
function. Invocation of nghttp2_session_mem_recv2() may make
function. Invocation of nghttp2_session_mem_recv() may make
additional pending frames, so call session_send() at the end of the
function. */
static int session_recv(http2_session_data *session_data) {
nghttp2_ssize readlen;
ssize_t readlen;
struct evbuffer *input = bufferevent_get_input(session_data->bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
return -1;
@@ -302,9 +329,8 @@ static int session_recv(http2_session_data *session_data) {
return 0;
}
static nghttp2_ssize send_callback(nghttp2_session *session,
const uint8_t *data, size_t length,
int flags, void *user_data) {
static ssize_t send_callback(nghttp2_session *session, const uint8_t *data,
size_t length, int flags, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
(void)session;
@@ -316,7 +342,7 @@ static nghttp2_ssize send_callback(nghttp2_session *session,
return NGHTTP2_ERR_WOULDBLOCK;
}
bufferevent_write(bev, data, length);
return (nghttp2_ssize)length;
return (ssize_t)length;
}
/* Returns nonzero if the string |s| ends with the substring |sub| */
@@ -372,11 +398,11 @@ static char *percent_decode(const uint8_t *value, size_t valuelen) {
return res;
}
static nghttp2_ssize file_read_callback(nghttp2_session *session,
int32_t stream_id, uint8_t *buf,
size_t length, uint32_t *data_flags,
nghttp2_data_source *source,
void *user_data) {
static ssize_t file_read_callback(nghttp2_session *session, int32_t stream_id,
uint8_t *buf, size_t length,
uint32_t *data_flags,
nghttp2_data_source *source,
void *user_data) {
int fd = source->fd;
ssize_t r;
(void)session;
@@ -391,17 +417,17 @@ static nghttp2_ssize file_read_callback(nghttp2_session *session,
if (r == 0) {
*data_flags |= NGHTTP2_DATA_FLAG_EOF;
}
return (nghttp2_ssize)r;
return r;
}
static int send_response(nghttp2_session *session, int32_t stream_id,
nghttp2_nv *nva, size_t nvlen, int fd) {
int rv;
nghttp2_data_provider2 data_prd;
nghttp2_data_provider data_prd;
data_prd.source.fd = fd;
data_prd.read_callback = file_read_callback;
rv = nghttp2_submit_response2(session, stream_id, nva, nvlen, &data_prd);
rv = nghttp2_submit_response(session, stream_id, nva, nvlen, &data_prd);
if (rv != 0) {
warnx("Fatal error: %s", nghttp2_strerror(rv));
return -1;
@@ -592,7 +618,7 @@ static void initialize_nghttp2_session(http2_session_data *session_data) {
nghttp2_session_callbacks_new(&callbacks);
nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -676,7 +702,14 @@ static void eventcb(struct bufferevent *bev, short events, void *ptr) {
ssl = bufferevent_openssl_get_ssl(session_data->bev);
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
#endif /* !OPENSSL_NO_NEXTPROTONEG */
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (alpn == NULL) {
SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);
@@ -784,6 +817,19 @@ int main(int argc, char **argv) {
act.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &act, NULL);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
/* No explicit initialization is required. */
#elif defined(OPENSSL_IS_BORINGSSL)
CRYPTO_library_init();
#else /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
#endif /* !(OPENSSL_VERSION_NUMBER >= 0x1010000fL) && \
!defined(OPENSSL_IS_BORINGSSL) */
run(argv[1], argv[2], argv[3]);
return 0;
}

4
fuzz/fuzz_target.cc
View File

@@ -40,7 +40,7 @@ namespace {
void send_pending(nghttp2_session *session) {
for (;;) {
const uint8_t *data;
auto n = nghttp2_session_mem_send2(session, &data);
auto n = nghttp2_session_mem_send(session, &data);
if (n == 0) {
return;
}
@@ -70,7 +70,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
nghttp2_settings_entry iv{NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100};
nghttp2_submit_settings(session, NGHTTP2_FLAG_NONE, &iv, 1);
send_pending(session);
nghttp2_session_mem_recv2(session, data, size);
nghttp2_session_mem_recv(session, data, size);
send_pending(session);
nghttp2_session_del(session);

4
fuzz/fuzz_target_fdp.cc
View File

@@ -44,7 +44,7 @@ namespace {
void send_pending(nghttp2_session *session) {
for (;;) {
const uint8_t *data;
auto n = nghttp2_session_mem_send2(session, &data);
auto n = nghttp2_session_mem_send(session, &data);
if (n == 0) {
return;
}
@@ -87,7 +87,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
send_pending(session);
std::vector<uint8_t> d = data_provider.ConsumeRemainingBytes<uint8_t>();
nghttp2_session_mem_recv2(session, d.data(), d.size());
nghttp2_session_mem_recv(session, d.data(), d.size());
send_pending(session);

1
genheaderfunc.py
View File

@@ -35,7 +35,6 @@ HEADERS = [
"early-data",
"sec-websocket-accept",
"sec-websocket-key",
"priority",
# disallowed h1 headers
'connection',
'keep-alive',

8
gennghttpxfun.py
View File

@@ -200,10 +200,6 @@ OPTIONS = [
"frontend-quic-initial-rtt",
"require-http-scheme",
"tls-ktls",
"alpn-list",
"frontend-header-timeout",
"frontend-http2-idle-timeout",
"frontend-http3-idle-timeout",
]
LOGVARS = [
@@ -241,5 +237,5 @@ LOGVARS = [
]
if __name__ == '__main__':
gentokenlookup(OPTIONS, 'SHRPX_OPTID_', comp_fun='util::strieq')
gentokenlookup(LOGVARS, 'LogFragmentType::', comp_fun='util::strieq', return_type='LogFragmentType', fail_value='LogFragmentType::NONE')
gentokenlookup(OPTIONS, 'SHRPX_OPTID_', value_type='char', comp_fun='util::strieq_l')
gentokenlookup(LOGVARS, 'LogFragmentType::', value_type='char', comp_fun='util::strieq_l', return_type='LogFragmentType', fail_value='LogFragmentType::NONE')

12
gentokenlookup.py
View File

@@ -33,10 +33,10 @@ enum {''')
{}MAXIDX,
}};'''.format(prefix))
def gen_index_header(tokens, prefix, comp_fun, return_type, fail_value):
def gen_index_header(tokens, prefix, value_type, comp_fun, return_type, fail_value):
print('''\
{} lookup_token(const StringRef &name) {{
switch (name.size()) {{'''.format(return_type))
{} lookup_token(const {} *name, size_t namelen) {{
switch (namelen) {{'''.format(return_type, value_type))
b = build_header(tokens)
for size in sorted(b.keys()):
ents = b[size]
@@ -50,7 +50,7 @@ def gen_index_header(tokens, prefix, comp_fun, return_type, fail_value):
case '{}':'''.format(c))
for k in headers:
print('''\
if ({}("{}"_sr, name, {})) {{
if ({}("{}", name, {})) {{
return {};
}}'''.format(comp_fun, k[:-1], size - 1, to_enum_hd(k, prefix)))
print('''\
@@ -63,7 +63,7 @@ def gen_index_header(tokens, prefix, comp_fun, return_type, fail_value):
return {};
}}'''.format(fail_value))
def gentokenlookup(tokens, prefix, comp_fun='util::streq', return_type='int', fail_value='-1'):
def gentokenlookup(tokens, prefix, value_type='uint8_t', comp_fun='util::streq_l', return_type='int', fail_value='-1'):
gen_enum(tokens, prefix)
print()
gen_index_header(tokens, prefix, comp_fun, return_type, fail_value)
gen_index_header(tokens, prefix, value_type, comp_fun, return_type, fail_value)

30
go.mod
View File

@@ -1,24 +1,26 @@
module github.com/nghttp2/nghttp2
go 1.22.0
go 1.20
require (
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874
github.com/quic-go/quic-go v0.46.0
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8
golang.org/x/net v0.28.0
github.com/bradfitz/gomemcache v0.0.0-20230124162541-5f7a7d875746
github.com/quic-go/quic-go v0.35.1
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20150408091349-4742878d9c90
golang.org/x/net v0.10.0
)
require (
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
github.com/onsi/ginkgo/v2 v2.9.5 // indirect
github.com/onsi/ginkgo/v2 v2.2.0 // indirect
github.com/quic-go/qpack v0.4.0 // indirect
go.uber.org/mock v0.4.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/sys v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
golang.org/x/crypto v0.4.0 // indirect
golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/tools v0.6.0 // indirect
)

105
go.sum
View File

@@ -1,61 +1,78 @@
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
github.com/bradfitz/gomemcache v0.0.0-20230124162541-5f7a7d875746 h1:wAIE/kN63Oig1DdOzN7O+k4AbFh2cCJoKMFXrwRJtzk=
github.com/bradfitz/gomemcache v0.0.0-20230124162541-5f7a7d875746/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI=
github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk=
github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
github.com/quic-go/quic-go v0.46.0 h1:uuwLClEEyk1DNvchH8uCByQVjo3yKL9opKulExNDs7Y=
github.com/quic-go/quic-go v0.46.0/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo=
github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8 h1:zKJxuRe+a0O34V81GAZWOrotuU6mveT30QLjJ7OPMMg=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20240121064059-46ccb0a462a8/go.mod h1:gTqc3Q4boc+cKRlSFywTYdX9t6VGRcsThlNIWwaL3Dc=
go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20150408091349-4742878d9c90 h1:ccVm9C6f5YMcVv6t9MXahIDkqVvzD6vklkJTIE4D2nY=
github.com/tatsuhiro-t/go-nghttp2 v0.0.0-20150408091349-4742878d9c90/go.mod h1:YZhsh86DfZgAShPKeg1eBLVrmuQxWcR9H4TdpgNvSnw=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

13
integration-tests/CMakeLists.txt
View File

@@ -2,7 +2,6 @@ set(GO_FILES
nghttpx_http1_test.go
nghttpx_http2_test.go
server_tester.go
server_tester_http3.go
)
# XXX unused
@@ -19,6 +18,12 @@ set(EXTRA_DIST
resp-return.rb
)
add_custom_target(itprep
COMMAND go get -d -v golang.org/x/net/http2
COMMAND go get -d -v github.com/tatsuhiro-t/go-nghttp2
COMMAND go get -d -v golang.org/x/net/websocket
)
# 'go test' requires both config.go and the test files in the same directory.
# For out-of-tree builds, config.go is normally not placed next to the source
# files, so copy the tests to the build directory as a workaround.
@@ -35,11 +40,7 @@ if(NOT CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_CURRENT_BINARY_DIR)
endforeach()
endif()
if(ENABLE_HTTP3)
set(GO_TEST_TAGS quic)
endif()
add_custom_target(it
COMMAND sh setenv go test -v --tags=${GO_TEST_TAGS}
COMMAND sh setenv go test -v
DEPENDS ${GO_BUILD_FILES}
)

3
integration-tests/Makefile.am
View File

@@ -25,8 +25,7 @@ GO_FILES = \
nghttpx_http1_test.go \
nghttpx_http2_test.go \
nghttpx_http3_test.go \
server_tester.go \
server_tester_http3.go
server_tester.go
EXTRA_DIST = \
CMakeLists.txt \

309
integration-tests/nghttpx_http1_test.go
View File

@@ -4,7 +4,6 @@ import (
"bufio"
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
@@ -59,11 +58,10 @@ func TestH1H1PlainGETClose(t *testing.T) {
// 501 status code
func TestH1H1InvalidMethod(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -84,11 +82,10 @@ func TestH1H1InvalidMethod(t *testing.T) {
// contains multiple Content-Length header fields.
func TestH1H1MultipleRequestCL(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -136,7 +133,6 @@ func TestH1H1AffinityCookie(t *testing.T) {
opts := options{
args: []string{"--affinity-cookie"},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -153,7 +149,6 @@ func TestH1H1AffinityCookie(t *testing.T) {
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar`
validCookie := regexp.MustCompile(pattern)
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
}
@@ -166,7 +161,6 @@ func TestH1H1AffinityCookieTLS(t *testing.T) {
args: []string{"--alpn-h1", "--affinity-cookie"},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -183,7 +177,6 @@ func TestH1H1AffinityCookieTLS(t *testing.T) {
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar; Secure`
validCookie := regexp.MustCompile(pattern)
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
}
@@ -228,8 +221,7 @@ func TestH1H1GracefulShutdown(t *testing.T) {
want := io.EOF
b := make([]byte, 256)
if _, err := st.conn.Read(b); !errors.Is(err, want) {
if _, err := st.conn.Read(b); err == nil || err != want {
t.Errorf("st.conn.Read(): %v; want %v", err, want)
}
}
@@ -242,7 +234,6 @@ func TestH1H1HostRewrite(t *testing.T) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -252,11 +243,9 @@ func TestH1H1HostRewrite(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := res.header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
@@ -266,18 +255,16 @@ func TestH1H1HostRewrite(t *testing.T) {
// characters in host header field.
func TestH1H1BadHost(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, "GET / HTTP/1.1\r\nTest-Case: TestH1H1HBadHost\r\nHost: foo\"bar\r\n\r\n"); err != nil {
t.Fatalf("Error io.WriteString() = %v", err)
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil)
if err != nil {
t.Fatalf("Error http.ReadResponse() = %v", err)
@@ -294,18 +281,16 @@ func TestH1H1BadHost(t *testing.T) {
// bad characters in authority component of requset URI.
func TestH1H1BadAuthority(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, "GET http://foo\"bar/ HTTP/1.1\r\nTest-Case: TestH1H1HBadAuthority\r\nHost: foobar\r\n\r\n"); err != nil {
t.Fatalf("Error io.WriteString() = %v", err)
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil)
if err != nil {
t.Fatalf("Error http.ReadResponse() = %v", err)
@@ -322,18 +307,16 @@ func TestH1H1BadAuthority(t *testing.T) {
// bad characters in scheme component of requset URI.
func TestH1H1BadScheme(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, "GET http*://example.com/ HTTP/1.1\r\nTest-Case: TestH1H1HBadScheme\r\nHost: example.com\r\n\r\n"); err != nil {
t.Fatalf("Error io.WriteString() = %v", err)
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil)
if err != nil {
t.Fatalf("Error http.ReadResponse() = %v", err)
@@ -354,7 +337,6 @@ func TestH1H1HTTP10(t *testing.T) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -372,7 +354,6 @@ func TestH1H1HTTP10(t *testing.T) {
if got, want := resp.StatusCode, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := resp.Header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
@@ -387,7 +368,6 @@ func TestH1H1HTTP10NoHostRewrite(t *testing.T) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -405,7 +385,6 @@ func TestH1H1HTTP10NoHostRewrite(t *testing.T) {
if got, want := resp.StatusCode, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := resp.Header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
@@ -415,15 +394,14 @@ func TestH1H1HTTP10NoHostRewrite(t *testing.T) {
// backend.
func TestH1H1RequestTrailer(t *testing.T) {
opts := options{
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
buf := make([]byte, 4096)
for {
_, err := r.Body.Read(buf)
if err == io.EOF {
break
}
if err != nil {
if errors.Is(err, io.EOF) {
break
}
t.Fatalf("r.Body.Read() = %v", err)
}
}
@@ -432,7 +410,6 @@ func TestH1H1RequestTrailer(t *testing.T) {
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -446,7 +423,6 @@ func TestH1H1RequestTrailer(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -460,11 +436,10 @@ func TestH1H1HeaderFieldBufferPath(t *testing.T) {
// limit.
opts := options{
args: []string{"--request-header-field-buffer=100"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("execution path should not be here")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -475,7 +450,6 @@ func TestH1H1HeaderFieldBufferPath(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusRequestHeaderFieldsTooLarge; got != want {
t.Errorf("status: %v; want %v", got, want)
}
@@ -486,11 +460,10 @@ func TestH1H1HeaderFieldBufferPath(t *testing.T) {
func TestH1H1HeaderFieldBuffer(t *testing.T) {
opts := options{
args: []string{"--request-header-field-buffer=10"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("execution path should not be here")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -500,7 +473,6 @@ func TestH1H1HeaderFieldBuffer(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusRequestHeaderFieldsTooLarge; got != want {
t.Errorf("status: %v; want %v", got, want)
}
@@ -511,11 +483,10 @@ func TestH1H1HeaderFieldBuffer(t *testing.T) {
func TestH1H1HeaderFields(t *testing.T) {
opts := options{
args: []string{"--max-request-header-fields=1"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("execution path should not be here")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -530,7 +501,6 @@ func TestH1H1HeaderFields(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusRequestHeaderFieldsTooLarge; got != want {
t.Errorf("status: %v; want %v", got, want)
}
@@ -545,7 +515,6 @@ func TestH1H1Websocket(t *testing.T) {
}
}).ServeHTTP,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -554,7 +523,6 @@ func TestH1H1Websocket(t *testing.T) {
name: "TestH1H1Websocket",
body: content,
})
if got, want := res.body, content; !bytes.Equal(got, want) {
t.Errorf("echo: %q; want %q", got, want)
}
@@ -565,13 +533,12 @@ func TestH1H1Websocket(t *testing.T) {
func TestH1H1ReqPhaseSetHeader(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-set-header.rb"},
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("User-Agent"), "mruby"; got != want {
t.Errorf("User-Agent = %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -592,11 +559,10 @@ func TestH1H1ReqPhaseSetHeader(t *testing.T) {
func TestH1H1ReqPhaseReturn(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -633,11 +599,10 @@ func TestH1H1ReqPhaseReturn(t *testing.T) {
func TestH1H1ReqPhaseReturnCONNECTMethod(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -705,7 +670,6 @@ func TestH1H1RespPhaseSetHeader(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/resp-set-header.rb"},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -731,7 +695,6 @@ func TestH1H1RespPhaseReturn(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/resp-return.rb"},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -769,7 +732,6 @@ func TestH1H1HTTPSRedirect(t *testing.T) {
opts := options{
args: []string{"--redirect-if-not-tls"},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -783,7 +745,6 @@ func TestH1H1HTTPSRedirect(t *testing.T) {
if got, want := res.status, http.StatusPermanentRedirect; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, want := res.header.Get("location"), "https://127.0.0.1/"; got != want {
t.Errorf("location: %v; want %v", got, want)
}
@@ -798,7 +759,6 @@ func TestH1H1HTTPSRedirectPort(t *testing.T) {
"--redirect-https-port=8443",
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -813,7 +773,6 @@ func TestH1H1HTTPSRedirectPort(t *testing.T) {
if got, want := res.status, http.StatusPermanentRedirect; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, want := res.header.Get("location"), "https://127.0.0.1:8443/foo?bar"; got != want {
t.Errorf("location: %v; want %v", got, want)
}
@@ -832,7 +791,6 @@ func TestH1H1POSTRequests(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -844,7 +802,6 @@ func TestH1H1POSTRequests(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -860,7 +817,6 @@ func TestH1H1CONNECTMethodFailure(t *testing.T) {
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -928,11 +884,10 @@ func TestH1H1CONNECTMethodFailure(t *testing.T) {
func TestH1H2NoHost(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -962,7 +917,6 @@ func TestH1H2HTTP10(t *testing.T) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -980,7 +934,6 @@ func TestH1H2HTTP10(t *testing.T) {
if got, want := resp.StatusCode, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := resp.Header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
@@ -996,7 +949,6 @@ func TestH1H2HTTP10NoHostRewrite(t *testing.T) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1014,7 +966,6 @@ func TestH1H2HTTP10NoHostRewrite(t *testing.T) {
if got, want := resp.StatusCode, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := resp.Header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
@@ -1027,13 +978,12 @@ func TestH1H2HTTP10NoHostRewrite(t *testing.T) {
func TestH1H2CrumbleCookie(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Cookie"), "alpha; bravo; charlie"; got != want {
t.Errorf("Cookie: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1046,7 +996,6 @@ func TestH1H2CrumbleCookie(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
@@ -1057,13 +1006,12 @@ func TestH1H2CrumbleCookie(t *testing.T) {
func TestH1H2GenerateVia(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Via"), "1.1 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1073,7 +1021,6 @@ func TestH1H2GenerateVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.header.Get("Via"), "2 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -1091,7 +1038,6 @@ func TestH1H2AppendVia(t *testing.T) {
w.Header().Add("Via", "bar")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1104,7 +1050,6 @@ func TestH1H2AppendVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.header.Get("Via"), "bar, 2 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -1122,7 +1067,6 @@ func TestH1H2NoVia(t *testing.T) {
w.Header().Add("Via", "bar")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1135,7 +1079,6 @@ func TestH1H2NoVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.header.Get("Via"), "bar"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -1149,11 +1092,10 @@ func TestH1H2ReqPhaseReturn(t *testing.T) {
"--http2-bridge",
"--mruby-file=" + testDir + "/req-return.rb",
},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1194,7 +1136,6 @@ func TestH1H2RespPhaseReturn(t *testing.T) {
"--mruby-file=" + testDir + "/resp-return.rb",
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1231,13 +1172,12 @@ func TestH1H2RespPhaseReturn(t *testing.T) {
func TestH1H2TE(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("te"), "trailers"; got != want {
t.Errorf("te: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1250,7 +1190,6 @@ func TestH1H2TE(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("status: %v; want %v", got, want)
}
@@ -1261,12 +1200,11 @@ func TestH1H2TE(t *testing.T) {
func TestH1APIBackendconfig(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1282,21 +1220,18 @@ backend=127.0.0.1,3011
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
if err := json.Unmarshal(res.body, &apiResp); err != nil {
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
@@ -1307,12 +1242,11 @@ backend=127.0.0.1,3011
func TestH1APIBackendconfigQuery(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1328,21 +1262,18 @@ backend=127.0.0.1,3011
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
if err := json.Unmarshal(res.body, &apiResp); err != nil {
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
@@ -1353,12 +1284,11 @@ backend=127.0.0.1,3011
func TestH1APIBackendconfigBadMethod(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1374,21 +1304,18 @@ backend=127.0.0.1,3011
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusMethodNotAllowed; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
if err := json.Unmarshal(res.body, &apiResp); err != nil {
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Failure"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 405; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
@@ -1398,12 +1325,11 @@ backend=127.0.0.1,3011
func TestH1APIConfigrevision(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1415,28 +1341,23 @@ func TestH1APIConfigrevision(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want = %v", got, want)
}
var apiResp APIResponse
d := json.NewDecoder(bytes.NewBuffer(res.body))
d.UseNumber()
if err := d.Decode(&apiResp); err != nil {
err = d.Decode(&apiResp)
if err != nil {
t.Fatalf("Error unmarshalling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Data["configRevision"], json.Number("0"); got != want {
t.Errorf(`apiResp.Data["configRevision"]: %v %t; want %v`, got, got, want)
}
@@ -1447,12 +1368,11 @@ func TestH1APIConfigrevision(t *testing.T) {
func TestH1APINotFound(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1468,21 +1388,18 @@ backend=127.0.0.1,3011
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusNotFound; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
if err := json.Unmarshal(res.body, &apiResp); err != nil {
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Failure"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 404; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
@@ -1492,12 +1409,11 @@ backend=127.0.0.1,3011
func TestH1Healthmon(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3011;healthmon;no-tls"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3011,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1508,7 +1424,6 @@ func TestH1Healthmon(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -1519,11 +1434,10 @@ func TestH1Healthmon(t *testing.T) {
func TestH1ResponseBeforeRequestEnd(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1548,7 +1462,7 @@ func TestH1ResponseBeforeRequestEnd(t *testing.T) {
// if the backend chunked encoded response ends prematurely.
func TestH1H1ChunkedEndsPrematurely(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, _ *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
@@ -1566,7 +1480,6 @@ func TestH1H1ChunkedEndsPrematurely(t *testing.T) {
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
@@ -1577,147 +1490,3 @@ func TestH1H1ChunkedEndsPrematurely(t *testing.T) {
t.Fatal("st.http1() should fail")
}
}
// TestH1H1RequestMalformedTransferEncoding tests that server rejects
// request which contains malformed transfer-encoding.
func TestH1H1RequestMalformedTransferEncoding(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, fmt.Sprintf("GET / HTTP/1.1\r\nHost: %v\r\nTest-Case: TestH1H1RequestMalformedTransferEncoding\r\nTransfer-Encoding: ,chunked\r\n\r\n",
st.authority)); err != nil {
t.Fatalf("Error io.WriteString() = %v", err)
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil)
if err != nil {
t.Fatalf("Error http.ReadResponse() = %v", err)
}
defer resp.Body.Close()
if got, want := resp.StatusCode, http.StatusBadRequest; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH1H1ResponseMalformedTransferEncoding tests a request fails if
// its response contains malformed transfer-encoding.
func TestH1H1ResponseMalformedTransferEncoding(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, _ *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
if _, err := bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: ,chunked\r\n\r\n"); err != nil {
t.Fatalf("Error bufrw.WriteString() = %v", err)
}
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http1(requestParam{
name: "TestH1H1ResponseMalformedTransferEncoding",
})
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, http.StatusBadGateway; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH1H1ResponseUnknownTransferEncoding tests a request succeeds if
// its response contains unknown transfer-encoding.
func TestH1H1ResponseUnknownTransferEncoding(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, _ *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
if _, err := bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: foo\r\n\r\n"); err != nil {
t.Fatalf("Error bufrw.WriteString() = %v", err)
}
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, fmt.Sprintf("GET / HTTP/1.1\r\nHost: %v\r\nTest-Case: TestH1H1ResponseUnknownTransferEncoding\r\n\r\n",
st.authority)); err != nil {
t.Fatalf("Error: io.WriteString() = %v", err)
}
r := bufio.NewReader(st.conn)
resp := make([]byte, 4096)
resplen, err := r.Read(resp)
if err != nil {
t.Fatalf("Error: r.Read() = %v", err)
}
resp = resp[:resplen]
const expect = "HTTP/1.1 200 OK\r\nTransfer-Encoding: foo\r\nConnection: close\r\nServer: nghttpx\r\nVia: 1.1 nghttpx\r\n\r\n"
if got, want := string(resp), expect; got != want {
t.Errorf("resp = %v, want %v", got, want)
}
}
// TestH1H1RequestHTTP10TransferEncoding tests that server rejects
// HTTP/1.0 request which contains transfer-encoding.
func TestH1H1RequestHTTP10TransferEncoding(t *testing.T) {
opts := options{
handler: func(http.ResponseWriter, *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
if _, err := io.WriteString(st.conn, "GET / HTTP/1.0\r\nTest-Case: TestH1H1RequestHTTP10TransferEncoding\r\nTransfer-Encoding: chunked\r\n\r\n"); err != nil {
t.Fatalf("Error io.WriteString() = %v", err)
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil)
if err != nil {
t.Fatalf("Error http.ReadResponse() = %v", err)
}
defer resp.Body.Close()
if got, want := resp.StatusCode, http.StatusBadRequest; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}

427
integration-tests/nghttpx_http2_test.go
View File

File diff suppressed because it is too large Load Diff

33
integration-tests/nghttpx_http3_test.go
View File

@@ -5,7 +5,6 @@ package nghttp2
import (
"bytes"
"crypto/rand"
"errors"
"io"
"net/http"
"regexp"
@@ -36,14 +35,13 @@ func TestH3H1PlainGET(t *testing.T) {
// TestH3H1RequestBody tests HTTP/3 request with body works.
func TestH3H1RequestBody(t *testing.T) {
body := make([]byte, 3333)
_, err := rand.Read(body)
if err != nil {
t.Fatalf("Unable to create request body: %v", err)
}
opts := options{
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
buf := make([]byte, 4096)
buflen := 0
p := buf
@@ -59,7 +57,7 @@ func TestH3H1RequestBody(t *testing.T) {
buflen += n
if err != nil {
if errors.Is(err, io.EOF) {
if err == io.EOF {
break
}
@@ -75,7 +73,6 @@ func TestH3H1RequestBody(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -86,7 +83,6 @@ func TestH3H1RequestBody(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http3() = %v", err)
}
if got, want := res.status, http.StatusOK; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -96,14 +92,13 @@ func TestH3H1RequestBody(t *testing.T) {
// and from backend server.
func TestH3H1GenerateVia(t *testing.T) {
opts := options{
handler: func(_ http.ResponseWriter, r *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Via"), "3 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -113,7 +108,6 @@ func TestH3H1GenerateVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http3() = %v", err)
}
if got, want := res.header.Get("Via"), "1.1 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -131,7 +125,6 @@ func TestH3H1AppendVia(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -144,7 +137,6 @@ func TestH3H1AppendVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http3() = %v", err)
}
if got, want := res.header.Get("Via"), "bar, 1.1 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -163,7 +155,6 @@ func TestH3H1NoVia(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -176,7 +167,6 @@ func TestH3H1NoVia(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http3() = %v", err)
}
if got, want := res.header.Get("Via"), "bar"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
@@ -187,7 +177,7 @@ func TestH3H1NoVia(t *testing.T) {
// response body size.
func TestH3H1BadResponseCL(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, _ *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
// we set content-length: 1024, but only send 3 bytes.
w.Header().Add("Content-Length", "1024")
if _, err := w.Write([]byte("foo")); err != nil {
@@ -196,7 +186,6 @@ func TestH3H1BadResponseCL(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -215,7 +204,6 @@ func TestH3H1HTTPSRedirect(t *testing.T) {
args: []string{"--redirect-if-not-tls"},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -238,7 +226,6 @@ func TestH3H1AffinityCookieTLS(t *testing.T) {
args: []string{"--affinity-cookie"},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -256,7 +243,6 @@ func TestH3H1AffinityCookieTLS(t *testing.T) {
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar; Secure`
validCookie := regexp.MustCompile(pattern)
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
}
@@ -270,12 +256,11 @@ func TestH3H2ReqPhaseReturn(t *testing.T) {
"--http2-bridge",
"--mruby-file=" + testDir + "/req-return.rb",
},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -317,7 +302,6 @@ func TestH3H2RespPhaseReturn(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -354,12 +338,11 @@ func TestH3H2RespPhaseReturn(t *testing.T) {
func TestH3ResponseBeforeRequestEnd(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(http.ResponseWriter, *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("request should not be forwarded")
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()
@@ -370,7 +353,6 @@ func TestH3ResponseBeforeRequestEnd(t *testing.T) {
if err != nil {
t.Fatalf("Error st.http3() = %v", err)
}
if got, want := res.status, http.StatusNotFound; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
@@ -380,7 +362,7 @@ func TestH3ResponseBeforeRequestEnd(t *testing.T) {
// backend chunked encoded response ends prematurely.
func TestH3H1ChunkedEndsPrematurely(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, _ *http.Request) {
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
@@ -399,7 +381,6 @@ func TestH3H1ChunkedEndsPrematurely(t *testing.T) {
},
quic: true,
}
st := newServerTester(t, opts)
defer st.Close()

257
integration-tests/server_tester.go
View File

@@ -3,7 +3,6 @@ package nghttp2
import (
"bufio"
"bytes"
"cmp"
"context"
"crypto/tls"
"encoding/binary"
@@ -16,13 +15,14 @@ import (
"net/url"
"os"
"os/exec"
"slices"
"sort"
"strconv"
"strings"
"syscall"
"testing"
"time"
"github.com/quic-go/quic-go/http3"
"github.com/tatsuhiro-t/go-nghttp2"
"golang.org/x/net/http2"
"golang.org/x/net/http2/hpack"
@@ -95,17 +95,14 @@ func newServerTester(t *testing.T, opts options) *serverTester {
if opts.handler == nil {
opts.handler = noopHandler
}
if opts.connectPort == 0 {
opts.connectPort = serverPort
}
ts := httptest.NewUnstartedServer(opts.handler)
var (
args []string
backendTLS, dns, externalDNS, acceptProxyProtocol, redirectIfNotTLS, affinityCookie, alpnH1 bool
)
var args []string
var backendTLS, dns, externalDNS, acceptProxyProtocol, redirectIfNotTLS, affinityCookie, alpnH1 bool
for _, k := range opts.args {
switch k {
@@ -128,7 +125,6 @@ func newServerTester(t *testing.T, opts options) *serverTester {
args = append(args, k)
}
}
if backendTLS {
nghttp2.ConfigureServer(ts.Config, &nghttp2.Server{})
// According to httptest/server.go, we have to set
@@ -137,17 +133,13 @@ func newServerTester(t *testing.T, opts options) *serverTester {
ts.TLS = new(tls.Config)
ts.TLS.NextProtos = append(ts.TLS.NextProtos, "h2")
ts.StartTLS()
args = append(args, "-k")
} else {
ts.Start()
}
scheme := "http"
if opts.tls {
scheme = "https"
args = append(args, testDir+"/server.key", testDir+"/server.crt")
}
@@ -159,7 +151,6 @@ func newServerTester(t *testing.T, opts options) *serverTester {
// URL.Host looks like "127.0.0.1:8080", but we want
// "127.0.0.1,8080"
b := "-b"
if !externalDNS {
b += fmt.Sprintf("%v;", strings.Replace(backendURL.Host, ":", ",", -1))
} else {
@@ -167,7 +158,6 @@ func newServerTester(t *testing.T, opts options) *serverTester {
if sep == -1 {
t.Fatalf("backendURL.Host %v does not contain separator ':'", backendURL.Host)
}
// We use awesome service nip.io.
b += fmt.Sprintf("%v.nip.io,%v;", backendURL.Host[:sep], backendURL.Host[sep+1:])
}
@@ -175,7 +165,6 @@ func newServerTester(t *testing.T, opts options) *serverTester {
if backendTLS {
b += ";proto=h2;tls"
}
if dns {
b += ";dns"
}
@@ -189,13 +178,11 @@ func newServerTester(t *testing.T, opts options) *serverTester {
}
noTLS := ";no-tls"
if opts.tls {
noTLS = ""
}
var proxyProto string
if acceptProxyProtocol {
proxyProto = ";proxyproto"
}
@@ -232,7 +219,6 @@ func newServerTester(t *testing.T, opts options) *serverTester {
}
retry := 0
for {
time.Sleep(50 * time.Millisecond)
@@ -246,41 +232,32 @@ func newServerTester(t *testing.T, opts options) *serverTester {
}
var tlsConfig *tls.Config
if opts.tlsConfig == nil {
tlsConfig = new(tls.Config)
} else {
tlsConfig = opts.tlsConfig.Clone()
}
tlsConfig.InsecureSkipVerify = true
if alpnH1 {
tlsConfig.NextProtos = []string{"http/1.1"}
} else {
tlsConfig.NextProtos = []string{"h2"}
}
tlsConn := tls.Client(conn, tlsConfig)
err = tlsConn.Handshake()
if err == nil {
conn = tlsConn
}
}
if err != nil {
retry++
if retry >= 100 {
st.Close()
st.t.Fatalf("Error server is not responding too long; server command-line arguments may be invalid")
}
continue
}
st.conn = conn
break
}
@@ -297,15 +274,12 @@ func (st *serverTester) Close() {
if st.conn != nil {
st.conn.Close()
}
if st.cmd != nil {
done := make(chan struct{})
go func() {
if err := st.cmd.Wait(); err != nil {
st.t.Errorf("Error st.cmd.Wait() = %v", err)
}
close(done)
}()
@@ -319,11 +293,9 @@ func (st *serverTester) Close() {
if err := st.cmd.Process.Kill(); err != nil {
st.t.Errorf("Error st.cmd.Process.Kill() = %v", err)
}
<-done
}
}
if st.ts != nil {
st.ts.Close()
}
@@ -336,7 +308,6 @@ func (st *serverTester) readFrame() (http2.Frame, error) {
st.errCh <- err
return
}
st.frCh <- f
}()
@@ -377,12 +348,10 @@ func (cbr *chunkedBodyReader) Read(p []byte) (n int, err error) {
// after request was sent and before body returns EOF.
if !cbr.trailerWritten {
cbr.trailerWritten = true
for _, h := range cbr.trailer {
cbr.req.Trailer.Set(h.Name, h.Value)
}
}
return cbr.body.Read(p)
}
@@ -395,7 +364,6 @@ func (st *serverTester) websocket(rp requestParam) *serverResponse {
}
config.Header.Add("Test-Case", rp.name)
for _, h := range rp.header {
config.Header.Add(h.Name, h.Value)
}
@@ -410,9 +378,7 @@ func (st *serverTester) websocket(rp requestParam) *serverResponse {
}
msg := make([]byte, 1024)
var n int
if n, err = ws.Read(msg); err != nil {
st.t.Fatalf("ws.Read() returned error: %v", err)
}
@@ -424,29 +390,28 @@ func (st *serverTester) websocket(rp requestParam) *serverResponse {
return res
}
func (st *serverTester) http1(rp requestParam) (*serverResponse, error) {
method := "GET"
func (st *serverTester) http3(rp requestParam) (*serverResponse, error) {
rt := &http3.RoundTripper{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
defer rt.Close()
c := &http.Client{
Transport: rt,
}
method := "GET"
if rp.method != "" {
method = rp.method
}
var (
body io.Reader
cbr *chunkedBodyReader
)
var body io.Reader
if rp.body != nil {
body = bytes.NewBuffer(rp.body)
if len(rp.trailer) != 0 {
cbr = &chunkedBodyReader{
trailer: rp.trailer,
body: body,
}
body = cbr
}
}
reqURL := st.url
@@ -456,7 +421,6 @@ func (st *serverTester) http1(rp requestParam) (*serverResponse, error) {
if err != nil {
st.t.Fatalf("Error parsing URL from st.url %v: %v", st.url, err)
}
u.Path = ""
u.RawQuery = ""
reqURL = u.String() + rp.path
@@ -476,31 +440,93 @@ func (st *serverTester) http1(rp requestParam) (*serverResponse, error) {
req.Header.Add("Test-Case", rp.name)
if cbr != nil {
cbr.req = req
// this makes request use chunked encoding
req.ContentLength = -1
req.Trailer = make(http.Header)
// TODO http3 package does not support trailer at the time of
// this writing.
for _, h := range cbr.trailer {
req.Trailer.Set(h.Name, "")
}
}
if err := req.Write(st.conn); err != nil {
return nil, err
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), req)
resp, err := c.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
respBody, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
res := &serverResponse{
status: resp.StatusCode,
header: resp.Header,
body: respBody,
connClose: resp.Close,
}
return res, nil
}
func (st *serverTester) http1(rp requestParam) (*serverResponse, error) {
method := "GET"
if rp.method != "" {
method = rp.method
}
var body io.Reader
var cbr *chunkedBodyReader
if rp.body != nil {
body = bytes.NewBuffer(rp.body)
if len(rp.trailer) != 0 {
cbr = &chunkedBodyReader{
trailer: rp.trailer,
body: body,
}
body = cbr
}
}
reqURL := st.url
if rp.path != "" {
u, err := url.Parse(st.url)
if err != nil {
st.t.Fatalf("Error parsing URL from st.url %v: %v", st.url, err)
}
u.Path = ""
u.RawQuery = ""
reqURL = u.String() + rp.path
}
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
req, err := http.NewRequestWithContext(ctx, method, reqURL, body)
if err != nil {
return nil, err
}
for _, h := range rp.header {
req.Header.Add(h.Name, h.Value)
}
req.Header.Add("Test-Case", rp.name)
if cbr != nil {
cbr.req = req
// this makes request use chunked encoding
req.ContentLength = -1
req.Trailer = make(http.Header)
for _, h := range cbr.trailer {
req.Trailer.Set(h.Name, "")
}
}
if err := req.Write(st.conn); err != nil {
return nil, err
}
resp, err := http.ReadResponse(bufio.NewReader(st.conn), req)
if err != nil {
return nil, err
}
respBody, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
resp.Body.Close()
res := &serverResponse{
@@ -518,7 +544,6 @@ func (st *serverTester) http2(rp requestParam) (*serverResponse, error) {
st.header = make(http.Header)
var id uint32
if rp.streamID != 0 {
id = rp.streamID
if id >= st.nextStreamID && id%2 == 1 {
@@ -532,7 +557,6 @@ func (st *serverTester) http2(rp requestParam) (*serverResponse, error) {
if !st.h2PrefaceSent {
st.h2PrefaceSent = true
fmt.Fprint(st.conn, "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")
if err := st.fr.WriteSettings(); err != nil {
return nil, err
}
@@ -550,32 +574,26 @@ func (st *serverTester) http2(rp requestParam) (*serverResponse, error) {
if rp.method != "" {
method = rp.method
}
_ = st.enc.WriteField(pair(":method", method))
scheme := "http"
if rp.scheme != "" {
scheme = rp.scheme
}
_ = st.enc.WriteField(pair(":scheme", scheme))
authority := st.authority
if rp.authority != "" {
authority = rp.authority
}
_ = st.enc.WriteField(pair(":authority", authority))
path := "/"
if rp.path != "" {
path = rp.path
}
_ = st.enc.WriteField(pair(":path", path))
_ = st.enc.WriteField(pair("test-case", rp.name))
for _, h := range rp.header {
@@ -601,11 +619,9 @@ func (st *serverTester) http2(rp requestParam) (*serverResponse, error) {
if len(rp.trailer) != 0 {
st.headerBlkBuf.Reset()
for _, h := range rp.trailer {
_ = st.enc.WriteField(h)
}
err := st.fr.WriteHeaders(http2.HeadersFrameParam{
StreamID: id,
EndStream: true,
@@ -623,65 +639,56 @@ loop:
if err != nil {
return res, err
}
switch f := fr.(type) {
case *http2.HeadersFrame:
_, err := st.dec.Write(f.HeaderBlockFragment())
if err != nil {
return res, err
}
sr, ok := streams[f.FrameHeader.StreamID]
if !ok {
st.header = make(http.Header)
break
}
sr.header = cloneHeader(st.header)
var status int
status, err = strconv.Atoi(sr.header.Get(":status"))
if err != nil {
return res, fmt.Errorf("Error parsing status code: %w", err)
}
sr.status = status
if f.StreamEnded() && streamEnded(res, streams, sr) {
break loop
if f.StreamEnded() {
if streamEnded(res, streams, sr) {
break loop
}
}
case *http2.PushPromiseFrame:
_, err := st.dec.Write(f.HeaderBlockFragment())
if err != nil {
return res, err
}
sr := &serverResponse{
streamID: f.PromiseID,
reqHeader: cloneHeader(st.header),
}
streams[sr.streamID] = sr
case *http2.DataFrame:
sr, ok := streams[f.FrameHeader.StreamID]
if !ok {
break
}
sr.body = append(sr.body, f.Data()...)
if f.StreamEnded() && streamEnded(res, streams, sr) {
break loop
if f.StreamEnded() {
if streamEnded(res, streams, sr) {
break loop
}
}
case *http2.RSTStreamFrame:
sr, ok := streams[f.FrameHeader.StreamID]
if !ok {
break
}
sr.errCode = f.ErrCode
if streamEnded(res, streams, sr) {
break loop
}
@@ -689,36 +696,27 @@ loop:
if f.ErrCode == http2.ErrCodeNo {
break
}
res.errCode = f.ErrCode
res.connErr = true
break loop
case *http2.SettingsFrame:
if f.IsAck() {
break
}
if err := st.fr.WriteSettingsAck(); err != nil {
return res, err
}
}
}
slices.SortFunc(res.pushResponse, func(a, b *serverResponse) int {
return cmp.Compare(a.streamID, b.streamID)
})
sort.Sort(ByStreamID(res.pushResponse))
return res, nil
}
func streamEnded(mainSr *serverResponse, streams map[uint32]*serverResponse, sr *serverResponse) bool {
delete(streams, sr.streamID)
if mainSr.streamID != sr.streamID {
mainSr.pushResponse = append(mainSr.pushResponse, sr)
}
return len(streams) == 0
}
@@ -730,19 +728,31 @@ type serverResponse struct {
errCode http2.ErrCode // error code received in HTTP/2 RST_STREAM or GOAWAY
connErr bool // true if HTTP/2 connection error
connClose bool // Connection: close is included in response header in HTTP/1 test
reqHeader http.Header // http request header, currently only stores pushed request header
reqHeader http.Header // http request header, currently only sotres pushed request header
pushResponse []*serverResponse // pushed response
}
type ByStreamID []*serverResponse
func (b ByStreamID) Len() int {
return len(b)
}
func (b ByStreamID) Swap(i, j int) {
b[i], b[j] = b[j], b[i]
}
func (b ByStreamID) Less(i, j int) bool {
return b[i].streamID < b[j].streamID
}
func cloneHeader(h http.Header) http.Header {
h2 := make(http.Header, len(h))
for k, vv := range h {
vv2 := make([]string, len(vv))
copy(vv2, vv)
h2[k] = vv2
}
return h2
}
@@ -793,7 +803,6 @@ func writeProxyProtocolV2(w io.Writer, hdr proxyProtocolV2) error {
if _, err := w.Write([]byte{0x0D, 0x0A, 0x0D, 0x0A, 0x00, 0x0D, 0x0A, 0x51, 0x55, 0x49, 0x54, 0x0A}); err != nil {
return err
}
if _, err := w.Write([]byte{byte(0x20 | hdr.command)}); err != nil {
return err
}
@@ -801,59 +810,44 @@ func writeProxyProtocolV2(w io.Writer, hdr proxyProtocolV2) error {
switch srcAddr := hdr.sourceAddress.(type) {
case *net.TCPAddr:
dstAddr := hdr.destinationAddress.(*net.TCPAddr)
if len(srcAddr.IP) != len(dstAddr.IP) {
panic("len(srcAddr.IP) != len(dstAddr.IP)")
}
var fam byte
if len(srcAddr.IP) == 4 {
fam = byte(proxyProtocolV2FamilyInet << 4)
} else {
fam = byte(proxyProtocolV2FamilyInet6 << 4)
}
fam |= byte(proxyProtocolV2ProtocolStream)
if _, err := w.Write([]byte{fam}); err != nil {
return err
}
length := uint16(len(srcAddr.IP)*2 + 4 + len(hdr.additionalData))
if err := binary.Write(w, binary.BigEndian, length); err != nil {
return err
}
if _, err := w.Write(srcAddr.IP); err != nil {
return err
}
if _, err := w.Write(dstAddr.IP); err != nil {
return err
}
if err := binary.Write(w, binary.BigEndian, uint16(srcAddr.Port)); err != nil {
return err
}
if err := binary.Write(w, binary.BigEndian, uint16(dstAddr.Port)); err != nil {
return err
}
case *net.UnixAddr:
dstAddr := hdr.destinationAddress.(*net.UnixAddr)
if len(srcAddr.Name) > 108 {
panic("too long Unix source address")
}
if len(dstAddr.Name) > 108 {
panic("too long Unix destination address")
}
fam := byte(proxyProtocolV2FamilyUnix << 4)
switch srcAddr.Net {
case "unix":
fam |= byte(proxyProtocolV2ProtocolStream)
@@ -862,43 +856,32 @@ func writeProxyProtocolV2(w io.Writer, hdr proxyProtocolV2) error {
default:
fam |= byte(proxyProtocolV2ProtocolUnspec)
}
if _, err := w.Write([]byte{fam}); err != nil {
return err
}
length := uint16(216 + len(hdr.additionalData))
if err := binary.Write(w, binary.BigEndian, length); err != nil {
return err
}
zeros := make([]byte, 108)
if _, err := w.Write([]byte(srcAddr.Name)); err != nil {
return err
}
if _, err := w.Write(zeros[:108-len(srcAddr.Name)]); err != nil {
return err
}
if _, err := w.Write([]byte(dstAddr.Name)); err != nil {
return err
}
if _, err := w.Write(zeros[:108-len(dstAddr.Name)]); err != nil {
return err
}
default:
fam := byte(proxyProtocolV2FamilyUnspec<<4) | byte(proxyProtocolV2ProtocolUnspec)
if _, err := w.Write([]byte{fam}); err != nil {
return err
}
length := uint16(len(hdr.additionalData))
if err := binary.Write(w, binary.BigEndian, length); err != nil {
return err
}

91
integration-tests/server_tester_http3.go
View File

@@ -1,91 +0,0 @@
//go:build quic
package nghttp2
import (
"bytes"
"context"
"crypto/tls"
"io"
"net/http"
"net/url"
"time"
"github.com/quic-go/quic-go/http3"
)
func (st *serverTester) http3(rp requestParam) (*serverResponse, error) {
rt := &http3.RoundTripper{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
defer rt.Close()
c := &http.Client{
Transport: rt,
}
method := "GET"
if rp.method != "" {
method = rp.method
}
var body io.Reader
if rp.body != nil {
body = bytes.NewBuffer(rp.body)
}
reqURL := st.url
if rp.path != "" {
u, err := url.Parse(st.url)
if err != nil {
st.t.Fatalf("Error parsing URL from st.url %v: %v", st.url, err)
}
u.Path = ""
u.RawQuery = ""
reqURL = u.String() + rp.path
}
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
req, err := http.NewRequestWithContext(ctx, method, reqURL, body)
if err != nil {
return nil, err
}
for _, h := range rp.header {
req.Header.Add(h.Name, h.Value)
}
req.Header.Add("Test-Case", rp.name)
// TODO http3 package does not support trailer at the time of
// this writing.
resp, err := c.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
respBody, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
res := &serverResponse{
status: resp.StatusCode,
header: resp.Header,
body: respBody,
connClose: resp.Close,
}
return res, nil
}

1
integration-tests/setenv.in
View File

@@ -9,6 +9,5 @@ export CGO_CFLAGS="-I@abs_top_srcdir@/lib/includes -I@abs_top_builddir@/lib/incl
export CGO_CPPFLAGS="@CPPFLAGS@"
export CGO_LDFLAGS="-L$libdir @LDFLAGS@"
export LD_LIBRARY_PATH="$libdir"
export DYLD_LIBRARY_PATH="$libdir"
export GODEBUG=cgocheck=0
"$@"

69
lib/CMakeLists.txt
View File

@@ -14,7 +14,7 @@ set(NGHTTP2_SOURCES
nghttp2_stream.c nghttp2_outbound_item.c
nghttp2_session.c nghttp2_submit.c
nghttp2_helper.c
nghttp2_alpn.c
nghttp2_npn.c
nghttp2_hd.c nghttp2_hd_huffman.c nghttp2_hd_huffman_data.c
nghttp2_version.c
nghttp2_priority_spec.c
@@ -24,19 +24,11 @@ set(NGHTTP2_SOURCES
nghttp2_http.c
nghttp2_rcbuf.c
nghttp2_extpri.c
nghttp2_ratelim.c
nghttp2_time.c
nghttp2_debug.c
sfparse.c
)
set(NGHTTP2_RES "")
set(STATIC_LIB "nghttp2_static")
set(SHARED_LIB "nghttp2")
if(BUILD_SHARED_LIBS AND BUILD_STATIC_LIBS AND MSVC AND NOT STATIC_LIB_SUFFIX)
set(STATIC_LIB_SUFFIX "_static")
endif()
if(WIN32)
configure_file(
@@ -47,61 +39,40 @@ if(WIN32)
set(NGHTTP2_RES ${CMAKE_CURRENT_BINARY_DIR}/version.rc)
endif()
set(EXPORT_SET "${PROJECT_NAME}-targets")
# Public shared library
if(BUILD_SHARED_LIBS)
add_library(${SHARED_LIB} SHARED ${NGHTTP2_SOURCES} ${NGHTTP2_RES})
set_target_properties(${SHARED_LIB} PROPERTIES
if(ENABLE_SHARED_LIB)
add_library(nghttp2 SHARED ${NGHTTP2_SOURCES} ${NGHTTP2_RES})
set_target_properties(nghttp2 PROPERTIES
COMPILE_FLAGS "${WARNCFLAGS}"
VERSION ${LT_VERSION} SOVERSION ${LT_SOVERSION}
C_VISIBILITY_PRESET hidden
)
target_include_directories(${SHARED_LIB} INTERFACE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/includes>
$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/includes>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
target_include_directories(nghttp2 INTERFACE
"${CMAKE_CURRENT_BINARY_DIR}/includes"
"${CMAKE_CURRENT_SOURCE_DIR}/includes"
)
install(TARGETS ${SHARED_LIB} EXPORT ${EXPORT_SET})
list(APPEND nghttp2_exports ${SHARED_LIB})
install(TARGETS nghttp2
ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}"
LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}"
RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}")
endif()
# Static library (for unittests because of symbol visibility)
if(BUILD_STATIC_LIBS)
add_library(${STATIC_LIB} STATIC ${NGHTTP2_SOURCES})
set_target_properties(${STATIC_LIB} PROPERTIES
if(HAVE_CUNIT OR ENABLE_STATIC_LIB)
# Static library (for unittests because of symbol visibility)
add_library(nghttp2_static STATIC ${NGHTTP2_SOURCES})
set_target_properties(nghttp2_static PROPERTIES
COMPILE_FLAGS "${WARNCFLAGS}"
VERSION ${LT_VERSION} SOVERSION ${LT_SOVERSION}
ARCHIVE_OUTPUT_NAME nghttp2${STATIC_LIB_SUFFIX}
)
target_include_directories(${STATIC_LIB} INTERFACE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/includes>
$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/includes>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
)
target_compile_definitions(${STATIC_LIB} PUBLIC "-DNGHTTP2_STATICLIB")
install(TARGETS ${STATIC_LIB} EXPORT ${EXPORT_SET})
list(APPEND nghttp2_exports ${STATIC_LIB})
target_compile_definitions(nghttp2_static PUBLIC "-DNGHTTP2_STATICLIB")
if(ENABLE_STATIC_LIB)
install(TARGETS nghttp2_static
DESTINATION "${CMAKE_INSTALL_LIBDIR}")
endif()
endif()
if(BUILD_SHARED_LIBS)
set(LIB_SELECTED ${SHARED_LIB})
else()
set(LIB_SELECTED ${STATIC_LIB})
endif()
add_library(${PROJECT_NAME}::nghttp2 ALIAS ${LIB_SELECTED})
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libnghttp2.pc"
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
install(EXPORT ${EXPORT_SET}
DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}
NAMESPACE ${PROJECT_NAME}::)

8
lib/Makefile.am
View File

@@ -41,7 +41,7 @@ OBJECTS = nghttp2_pq.c nghttp2_map.c nghttp2_queue.c \
nghttp2_stream.c nghttp2_outbound_item.c \
nghttp2_session.c nghttp2_submit.c \
nghttp2_helper.c \
nghttp2_alpn.c \
nghttp2_npn.c \
nghttp2_hd.c nghttp2_hd_huffman.c nghttp2_hd_huffman_data.c \
nghttp2_version.c \
nghttp2_priority_spec.c \
@@ -51,8 +51,6 @@ OBJECTS = nghttp2_pq.c nghttp2_map.c nghttp2_queue.c \
nghttp2_http.c \
nghttp2_rcbuf.c \
nghttp2_extpri.c \
nghttp2_ratelim.c \
nghttp2_time.c \
nghttp2_debug.c \
sfparse.c
@@ -60,7 +58,7 @@ HFILES = nghttp2_pq.h nghttp2_int.h nghttp2_map.h nghttp2_queue.h \
nghttp2_frame.h \
nghttp2_buf.h \
nghttp2_session.h nghttp2_helper.h nghttp2_stream.h nghttp2_int.h \
nghttp2_alpn.h \
nghttp2_npn.h \
nghttp2_submit.h nghttp2_outbound_item.h \
nghttp2_net.h \
nghttp2_hd.h nghttp2_hd_huffman.h \
@@ -71,8 +69,6 @@ HFILES = nghttp2_pq.h nghttp2_int.h nghttp2_map.h nghttp2_queue.h \
nghttp2_http.h \
nghttp2_rcbuf.h \
nghttp2_extpri.h \
nghttp2_ratelim.h \
nghttp2_time.h \
nghttp2_debug.h \
sfparse.h

2
lib/Makefile.msvc
View File

@@ -74,7 +74,7 @@ NGHTTP2_SRC := nghttp2_pq.c \
nghttp2_session.c \
nghttp2_submit.c \
nghttp2_helper.c \
nghttp2_alpn.c \
nghttp2_npn.c \
nghttp2_hd.c \
nghttp2_hd_huffman.c \
nghttp2_hd_huffman_data.c \

1412
lib/includes/nghttp2/nghttp2.h
View File

File diff suppressed because it is too large Load Diff

8
lib/nghttp2_buf.c
View File

@@ -61,7 +61,7 @@ int nghttp2_buf_reserve(nghttp2_buf *buf, size_t new_cap, nghttp2_mem *mem) {
return 0;
}
new_cap = nghttp2_max_size(new_cap, cap * 2);
new_cap = nghttp2_max(new_cap, cap * 2);
ptr = nghttp2_mem_realloc(mem, buf->begin, new_cap);
if (ptr == NULL) {
@@ -343,7 +343,7 @@ int nghttp2_bufs_add(nghttp2_bufs *bufs, const void *data, size_t len) {
while (len) {
buf = &bufs->cur->buf;
nwrite = nghttp2_min_size(nghttp2_buf_avail(buf), len);
nwrite = nghttp2_min(nghttp2_buf_avail(buf), len);
if (nwrite == 0) {
rv = bufs_alloc_chain(bufs);
if (rv != 0) {
@@ -430,7 +430,7 @@ int nghttp2_bufs_orb_hold(nghttp2_bufs *bufs, uint8_t b) {
return 0;
}
nghttp2_ssize nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out) {
ssize_t nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out) {
size_t len;
nghttp2_buf_chain *chain;
nghttp2_buf *buf;
@@ -462,7 +462,7 @@ nghttp2_ssize nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out) {
*out = res;
return (nghttp2_ssize)len;
return (ssize_t)len;
}
size_t nghttp2_bufs_remove_copy(nghttp2_bufs *bufs, uint8_t *out) {

2
lib/nghttp2_buf.h
View File

@@ -349,7 +349,7 @@ int nghttp2_bufs_orb_hold(nghttp2_bufs *bufs, uint8_t b);
* NGHTTP2_ERR_NOMEM
* Out of memory
*/
nghttp2_ssize nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out);
ssize_t nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out);
/*
* Copies all data stored in |bufs| to |out|. This function assumes

28
lib/nghttp2_callbacks.c
View File

@@ -45,21 +45,11 @@ void nghttp2_session_callbacks_set_send_callback(
cbs->send_callback = send_callback;
}
void nghttp2_session_callbacks_set_send_callback2(
nghttp2_session_callbacks *cbs, nghttp2_send_callback2 send_callback) {
cbs->send_callback2 = send_callback;
}
void nghttp2_session_callbacks_set_recv_callback(
nghttp2_session_callbacks *cbs, nghttp2_recv_callback recv_callback) {
cbs->recv_callback = recv_callback;
}
void nghttp2_session_callbacks_set_recv_callback2(
nghttp2_session_callbacks *cbs, nghttp2_recv_callback2 recv_callback) {
cbs->recv_callback2 = recv_callback;
}
void nghttp2_session_callbacks_set_on_frame_recv_callback(
nghttp2_session_callbacks *cbs,
nghttp2_on_frame_recv_callback on_frame_recv_callback) {
@@ -138,24 +128,12 @@ void nghttp2_session_callbacks_set_select_padding_callback(
cbs->select_padding_callback = select_padding_callback;
}
void nghttp2_session_callbacks_set_select_padding_callback2(
nghttp2_session_callbacks *cbs,
nghttp2_select_padding_callback2 select_padding_callback) {
cbs->select_padding_callback2 = select_padding_callback;
}
void nghttp2_session_callbacks_set_data_source_read_length_callback(
nghttp2_session_callbacks *cbs,
nghttp2_data_source_read_length_callback data_source_read_length_callback) {
cbs->read_length_callback = data_source_read_length_callback;
}
void nghttp2_session_callbacks_set_data_source_read_length_callback2(
nghttp2_session_callbacks *cbs, nghttp2_data_source_read_length_callback2
data_source_read_length_callback) {
cbs->read_length_callback2 = data_source_read_length_callback;
}
void nghttp2_session_callbacks_set_on_begin_frame_callback(
nghttp2_session_callbacks *cbs,
nghttp2_on_begin_frame_callback on_begin_frame_callback) {
@@ -174,12 +152,6 @@ void nghttp2_session_callbacks_set_pack_extension_callback(
cbs->pack_extension_callback = pack_extension_callback;
}
void nghttp2_session_callbacks_set_pack_extension_callback2(
nghttp2_session_callbacks *cbs,
nghttp2_pack_extension_callback2 pack_extension_callback) {
cbs->pack_extension_callback2 = pack_extension_callback;
}
void nghttp2_session_callbacks_set_unpack_extension_callback(
nghttp2_session_callbacks *cbs,
nghttp2_unpack_extension_callback unpack_extension_callback) {

47
lib/nghttp2_callbacks.h
View File

@@ -36,33 +36,19 @@
*/
struct nghttp2_session_callbacks {
/**
* Deprecated. Use send_callback2 instead. Callback function
* invoked when the session wants to send data to the remote peer.
* This callback is not necessary if the application uses solely
* `nghttp2_session_mem_send()` to serialize data to transmit.
* Callback function invoked when the session wants to send data to
* the remote peer. This callback is not necessary if the
* application uses solely `nghttp2_session_mem_send()` to serialize
* data to transmit.
*/
nghttp2_send_callback send_callback;
/**
* Callback function invoked when the session wants to send data to
* the remote peer. This callback is not necessary if the
* application uses solely `nghttp2_session_mem_send2()` to
* serialize data to transmit.
*/
nghttp2_send_callback2 send_callback2;
/**
* Deprecated. Use recv_callback2 instead. Callback function
* invoked when the session wants to receive data from the remote
* peer. This callback is not necessary if the application uses
* solely `nghttp2_session_mem_recv()` to process received data.
*/
nghttp2_recv_callback recv_callback;
/**
* Callback function invoked when the session wants to receive data
* from the remote peer. This callback is not necessary if the
* application uses solely `nghttp2_session_mem_recv2()` to process
* application uses solely `nghttp2_session_mem_recv()` to process
* received data.
*/
nghttp2_recv_callback2 recv_callback2;
nghttp2_recv_callback recv_callback;
/**
* Callback function invoked by `nghttp2_session_recv()` when a
* frame is received.
@@ -113,40 +99,23 @@ struct nghttp2_session_callbacks {
*/
nghttp2_on_invalid_header_callback on_invalid_header_callback;
nghttp2_on_invalid_header_callback2 on_invalid_header_callback2;
/**
* Deprecated. Use select_padding_callback2 instead. Callback
* function invoked when the library asks application how many
* padding bytes are required for the transmission of the given
* frame.
*/
nghttp2_select_padding_callback select_padding_callback;
/**
* Callback function invoked when the library asks application how
* many padding bytes are required for the transmission of the given
* frame.
*/
nghttp2_select_padding_callback2 select_padding_callback2;
nghttp2_select_padding_callback select_padding_callback;
/**
* Deprecated. Use read_length_callback2 instead. The callback
* function used to determine the length allowed in
* The callback function used to determine the length allowed in
* `nghttp2_data_source_read_callback()`
*/
nghttp2_data_source_read_length_callback read_length_callback;
/**
* The callback function used to determine the length allowed in
* `nghttp2_data_source_read_callback2()`
*/
nghttp2_data_source_read_length_callback2 read_length_callback2;
/**
* Sets callback function invoked when a frame header is received.
*/
nghttp2_on_begin_frame_callback on_begin_frame_callback;
nghttp2_send_data_callback send_data_callback;
/**
* Deprecated. Use pack_extension_callback2 instead.
*/
nghttp2_pack_extension_callback pack_extension_callback;
nghttp2_pack_extension_callback2 pack_extension_callback2;
nghttp2_unpack_extension_callback unpack_extension_callback;
nghttp2_on_extension_chunk_recv_callback on_extension_chunk_recv_callback;
nghttp2_error_callback error_callback;

6
lib/nghttp2_extpri.c
View File

@@ -24,7 +24,6 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include "nghttp2_extpri.h"
#include "nghttp2_http.h"
uint8_t nghttp2_extpri_to_uint8(const nghttp2_extpri *extpri) {
return (uint8_t)((uint32_t)extpri->inc << 7 | extpri->urgency);
@@ -34,8 +33,3 @@ void nghttp2_extpri_from_uint8(nghttp2_extpri *extpri, uint8_t u8extpri) {
extpri->urgency = nghttp2_extpri_uint8_urgency(u8extpri);
extpri->inc = nghttp2_extpri_uint8_inc(u8extpri);
}
int nghttp2_extpri_parse_priority(nghttp2_extpri *extpri, const uint8_t *value,
size_t len) {
return nghttp2_http_parse_priority(extpri, value, len);
}

2
lib/nghttp2_extpri.h
View File

@@ -60,6 +60,6 @@ void nghttp2_extpri_from_uint8(nghttp2_extpri *extpri, uint8_t u8extpri);
* nghttp2_extpri_uint8_inc extracts inc from |PRI| which is supposed to
* be constructed by nghttp2_extpri_to_uint8.
*/
#define nghttp2_extpri_uint8_inc(PRI) (((PRI) & NGHTTP2_EXTPRI_INC_MASK) != 0)
#define nghttp2_extpri_uint8_inc(PRI) (((PRI)&NGHTTP2_EXTPRI_INC_MASK) != 0)
#endif /* NGHTTP2_EXTPRI_H */

49
lib/nghttp2_frame.c
View File

@@ -418,8 +418,8 @@ void nghttp2_frame_unpack_priority_spec(nghttp2_priority_spec *pri_spec,
nghttp2_priority_spec_init(pri_spec, dep_stream_id, weight, exclusive);
}
void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
const uint8_t *payload) {
int nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
const uint8_t *payload) {
if (frame->hd.flags & NGHTTP2_FLAG_PRIORITY) {
nghttp2_frame_unpack_priority_spec(&frame->pri_spec, payload);
} else {
@@ -428,9 +428,11 @@ void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
frame->nva = NULL;
frame->nvlen = 0;
return 0;
}
void nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame) {
int nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame) {
nghttp2_buf *buf;
assert(bufs->head == bufs->cur);
@@ -446,6 +448,8 @@ void nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame) {
nghttp2_frame_pack_priority_spec(buf->last, &frame->pri_spec);
buf->last += NGHTTP2_PRIORITY_SPECLEN;
return 0;
}
void nghttp2_frame_unpack_priority_payload(nghttp2_priority *frame,
@@ -453,8 +457,8 @@ void nghttp2_frame_unpack_priority_payload(nghttp2_priority *frame,
nghttp2_frame_unpack_priority_spec(&frame->pri_spec, payload);
}
void nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs,
nghttp2_rst_stream *frame) {
int nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs,
nghttp2_rst_stream *frame) {
nghttp2_buf *buf;
assert(bufs->head == bufs->cur);
@@ -469,6 +473,8 @@ void nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs,
nghttp2_put_uint32be(buf->last, frame->error_code);
buf->last += 4;
return 0;
}
void nghttp2_frame_unpack_rst_stream_payload(nghttp2_rst_stream *frame,
@@ -586,15 +592,16 @@ int nghttp2_frame_pack_push_promise(nghttp2_bufs *bufs,
return frame_pack_headers_shared(bufs, &frame->hd);
}
void nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame,
const uint8_t *payload) {
int nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame,
const uint8_t *payload) {
frame->promised_stream_id =
nghttp2_get_uint32(payload) & NGHTTP2_STREAM_ID_MASK;
frame->nva = NULL;
frame->nvlen = 0;
return 0;
}
void nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame) {
int nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame) {
nghttp2_buf *buf;
assert(bufs->head == bufs->cur);
@@ -609,6 +616,8 @@ void nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame) {
buf->last =
nghttp2_cpymem(buf->last, frame->opaque_data, sizeof(frame->opaque_data));
return 0;
}
void nghttp2_frame_unpack_ping_payload(nghttp2_ping *frame,
@@ -688,8 +697,8 @@ int nghttp2_frame_unpack_goaway_payload2(nghttp2_goaway *frame,
return 0;
}
void nghttp2_frame_pack_window_update(nghttp2_bufs *bufs,
nghttp2_window_update *frame) {
int nghttp2_frame_pack_window_update(nghttp2_bufs *bufs,
nghttp2_window_update *frame) {
nghttp2_buf *buf;
assert(bufs->head == bufs->cur);
@@ -704,6 +713,8 @@ void nghttp2_frame_pack_window_update(nghttp2_bufs *bufs,
nghttp2_put_uint32be(buf->last, (uint32_t)frame->window_size_increment);
buf->last += 4;
return 0;
}
void nghttp2_frame_unpack_window_update_payload(nghttp2_window_update *frame,
@@ -712,7 +723,7 @@ void nghttp2_frame_unpack_window_update_payload(nghttp2_window_update *frame,
nghttp2_get_uint32(payload) & NGHTTP2_WINDOW_SIZE_INCREMENT_MASK;
}
void nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *frame) {
int nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *frame) {
int rv;
nghttp2_buf *buf;
nghttp2_ext_altsvc *altsvc;
@@ -741,6 +752,8 @@ void nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *frame) {
rv = nghttp2_bufs_add(bufs, altsvc->field_value, altsvc->field_value_len);
assert(rv == 0);
return 0;
}
void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame,
@@ -888,8 +901,8 @@ int nghttp2_frame_unpack_origin_payload(nghttp2_extension *frame,
return 0;
}
void nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs,
nghttp2_extension *frame) {
int nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs,
nghttp2_extension *frame) {
int rv;
nghttp2_buf *buf;
nghttp2_ext_priority_update *priority_update;
@@ -914,6 +927,8 @@ void nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs,
priority_update->field_value_len);
assert(rv == 0);
return 0;
}
void nghttp2_frame_unpack_priority_update_payload(nghttp2_extension *frame,
@@ -1171,14 +1186,14 @@ static void frame_set_pad(nghttp2_buf *buf, size_t padlen, int framehd_only) {
buf->last += trail_padlen;
}
void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
size_t padlen, int framehd_only) {
int nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
size_t padlen, int framehd_only) {
nghttp2_buf *buf;
if (padlen == 0) {
DEBUGF("send: padlen = 0, nothing to do\n");
return;
return 0;
}
/*
@@ -1211,4 +1226,6 @@ void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
hd->flags |= NGHTTP2_FLAG_PADDED;
DEBUGF("send: final payloadlen=%zu, padlen=%zu\n", hd->length, padlen);
return 0;
}

62
lib/nghttp2_frame.h
View File

@@ -143,9 +143,11 @@ int nghttp2_frame_pack_headers(nghttp2_bufs *bufs, nghttp2_headers *frame,
* Unpacks HEADERS frame byte sequence into |frame|. This function
* only unapcks bytes that come before name/value header block and
* after possible Pad Length field.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
const uint8_t *payload);
int nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
const uint8_t *payload);
/*
* Packs PRIORITY frame |frame| in wire format and store it in
@@ -153,8 +155,10 @@ void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame);
int nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame);
/*
* Unpacks PRIORITY wire format into |frame|.
@@ -168,9 +172,11 @@ void nghttp2_frame_unpack_priority_payload(nghttp2_priority *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs,
nghttp2_rst_stream *frame);
int nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs,
nghttp2_rst_stream *frame);
/*
* Unpacks RST_STREAM frame byte sequence into |frame|.
@@ -259,9 +265,15 @@ int nghttp2_frame_pack_push_promise(nghttp2_bufs *bufs,
* Unpacks PUSH_PROMISE frame byte sequence into |frame|. This
* function only unapcks bytes that come before name/value header
* block and after possible Pad Length field.
*
* This function returns 0 if it succeeds or one of the following
* negative error codes:
*
* NGHTTP2_ERR_PROTO
* TODO END_HEADERS flag is not set
*/
void nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame,
const uint8_t *payload);
int nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame,
const uint8_t *payload);
/*
* Packs PING frame |frame| in wire format and store it in
@@ -269,8 +281,10 @@ void nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame);
int nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame);
/*
* Unpacks PING wire format into |frame|.
@@ -329,9 +343,11 @@ int nghttp2_frame_unpack_goaway_payload2(nghttp2_goaway *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_window_update(nghttp2_bufs *bufs,
nghttp2_window_update *frame);
int nghttp2_frame_pack_window_update(nghttp2_bufs *bufs,
nghttp2_window_update *frame);
/*
* Unpacks WINDOW_UPDATE frame byte sequence into |frame|.
@@ -345,13 +361,17 @@ void nghttp2_frame_unpack_window_update_payload(nghttp2_window_update *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *ext);
int nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *ext);
/*
* Unpacks ALTSVC wire format into |frame|. The |payload| of
* |payloadlen| bytes contains frame payload. This function assumes
* that frame->payload points to the nghttp2_ext_altsvc object.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame,
size_t origin_len, uint8_t *payload,
@@ -411,15 +431,19 @@ int nghttp2_frame_unpack_origin_payload(nghttp2_extension *frame,
*
* The caller must make sure that nghttp2_bufs_reset(bufs) is called
* before calling this function.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs,
nghttp2_extension *ext);
int nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs,
nghttp2_extension *ext);
/*
* Unpacks PRIORITY_UPDATE wire format into |frame|. The |payload| of
* |payloadlen| bytes contains frame payload. This function assumes
* that frame->payload points to the nghttp2_ext_priority_update
* object.
*
* This function always succeeds and returns 0.
*/
void nghttp2_frame_unpack_priority_update_payload(nghttp2_extension *frame,
uint8_t *payload,
@@ -630,8 +654,16 @@ int nghttp2_iv_check(const nghttp2_settings_entry *iv, size_t niv);
* |padlen| including Pad Length field. The |hd| is the frame header
* for the serialized data. This function fills zeros padding region
* unless framehd_only is nonzero.
*
* This function returns 0 if it succeeds, or one of the following
* negative error codes:
*
* NGHTTP2_ERR_NOMEM
* Out of memory.
* NGHTTP2_ERR_FRAME_SIZE_ERROR
* The length of the resulting frame is too large.
*/
void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
size_t padlen, int framehd_only);
int nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd,
size_t padlen, int framehd_only);
#endif /* NGHTTP2_FRAME_H */

135
lib/nghttp2_hd.c
View File

@@ -35,11 +35,10 @@
/* Make scalar initialization form of nghttp2_hd_entry */
#define MAKE_STATIC_ENT(N, V, T, H) \
{ \
{NULL, NULL, (uint8_t *)(N), sizeof((N)) - 1, -1}, \
{NULL, NULL, (uint8_t *)(V), sizeof((V)) - 1, -1}, \
{(uint8_t *)(N), (uint8_t *)(V), sizeof((N)) - 1, sizeof((V)) - 1, 0}, \
T, \
H, \
{NULL, NULL, (uint8_t *)(N), sizeof((N)) - 1, -1}, \
{NULL, NULL, (uint8_t *)(V), sizeof((V)) - 1, -1}, \
{(uint8_t *)(N), (uint8_t *)(V), sizeof((N)) - 1, sizeof((V)) - 1, 0}, \
T, H \
}
/* Generated by mkstatictbl.py */
@@ -851,10 +850,9 @@ static size_t encode_length(uint8_t *buf, size_t n, size_t prefix) {
* in the next call will be stored in |*shift_ptr|) and returns number
* of bytes processed, or returns -1, indicating decoding error.
*/
static nghttp2_ssize decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
uint32_t initial, size_t shift,
const uint8_t *in, const uint8_t *last,
size_t prefix) {
static ssize_t decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
uint32_t initial, size_t shift, const uint8_t *in,
const uint8_t *last, size_t prefix) {
uint32_t k = (uint8_t)((1 << prefix) - 1);
uint32_t n = initial;
const uint8_t *start = in;
@@ -873,7 +871,7 @@ static nghttp2_ssize decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
if (++in == last) {
*res = n;
return (nghttp2_ssize)(in - start);
return (ssize_t)(in - start);
}
}
@@ -908,12 +906,12 @@ static nghttp2_ssize decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
if (in == last) {
*res = n;
return (nghttp2_ssize)(in - start);
return (ssize_t)(in - start);
}
*res = n;
*fin = 1;
return (nghttp2_ssize)(in + 1 - start);
return (ssize_t)(in + 1 - start);
}
static int emit_table_size(nghttp2_bufs *bufs, size_t table_size) {
@@ -1166,7 +1164,7 @@ static int add_hd_table_incremental(nghttp2_hd_context *context,
}
typedef struct {
nghttp2_ssize index;
ssize_t index;
/* Nonzero if both name and value are matched. */
int name_value_match;
} search_result;
@@ -1215,8 +1213,8 @@ static search_result search_hd_table(nghttp2_hd_context *context,
return res;
}
res.index = (nghttp2_ssize)(context->next_seq - 1 - ent->seq +
NGHTTP2_STATIC_TABLE_LENGTH);
res.index =
(ssize_t)(context->next_seq - 1 - ent->seq + NGHTTP2_STATIC_TABLE_LENGTH);
res.name_value_match = exact_match;
return res;
@@ -1246,13 +1244,13 @@ static void hd_context_shrink_table_size(nghttp2_hd_context *context,
int nghttp2_hd_deflate_change_table_size(
nghttp2_hd_deflater *deflater, size_t settings_max_dynamic_table_size) {
size_t next_bufsize = nghttp2_min_size(
settings_max_dynamic_table_size, deflater->deflate_hd_table_bufsize_max);
size_t next_bufsize = nghttp2_min(settings_max_dynamic_table_size,
deflater->deflate_hd_table_bufsize_max);
deflater->ctx.hd_table_bufsize_max = next_bufsize;
deflater->min_hd_table_bufsize_max =
nghttp2_min_size(deflater->min_hd_table_bufsize_max, next_bufsize);
nghttp2_min(deflater->min_hd_table_bufsize_max, next_bufsize);
deflater->notify_table_size_change = 1;
@@ -1345,7 +1343,7 @@ static int deflate_nv(nghttp2_hd_deflater *deflater, nghttp2_bufs *bufs,
const nghttp2_nv *nv) {
int rv;
search_result res;
nghttp2_ssize idx;
ssize_t idx;
int indexing_mode;
int32_t token;
nghttp2_mem *mem;
@@ -1381,7 +1379,7 @@ static int deflate_nv(nghttp2_hd_deflater *deflater, nghttp2_bufs *bufs,
if (res.name_value_match) {
DEBUGF("deflatehd: name/value match index=%td\n", idx);
DEBUGF("deflatehd: name/value match index=%zd\n", idx);
rv = emit_indexed_block(bufs, (size_t)idx);
if (rv != 0) {
@@ -1392,7 +1390,7 @@ static int deflate_nv(nghttp2_hd_deflater *deflater, nghttp2_bufs *bufs,
}
if (res.index != -1) {
DEBUGF("deflatehd: name match index=%td\n", res.index);
DEBUGF("deflatehd: name match index=%zd\n", res.index);
}
if (indexing_mode == NGHTTP2_HD_WITH_INDEXING) {
@@ -1493,12 +1491,6 @@ fail:
ssize_t nghttp2_hd_deflate_hd(nghttp2_hd_deflater *deflater, uint8_t *buf,
size_t buflen, const nghttp2_nv *nv,
size_t nvlen) {
return (ssize_t)nghttp2_hd_deflate_hd2(deflater, buf, buflen, nv, nvlen);
}
nghttp2_ssize nghttp2_hd_deflate_hd2(nghttp2_hd_deflater *deflater,
uint8_t *buf, size_t buflen,
const nghttp2_nv *nv, size_t nvlen) {
nghttp2_bufs bufs;
int rv;
nghttp2_mem *mem;
@@ -1525,18 +1517,12 @@ nghttp2_ssize nghttp2_hd_deflate_hd2(nghttp2_hd_deflater *deflater,
return rv;
}
return (nghttp2_ssize)buflen;
return (ssize_t)buflen;
}
ssize_t nghttp2_hd_deflate_hd_vec(nghttp2_hd_deflater *deflater,
const nghttp2_vec *vec, size_t veclen,
const nghttp2_nv *nv, size_t nvlen) {
return (ssize_t)nghttp2_hd_deflate_hd_vec2(deflater, vec, veclen, nv, nvlen);
}
nghttp2_ssize nghttp2_hd_deflate_hd_vec2(nghttp2_hd_deflater *deflater,
const nghttp2_vec *vec, size_t veclen,
const nghttp2_nv *nv, size_t nvlen) {
nghttp2_bufs bufs;
int rv;
nghttp2_mem *mem;
@@ -1564,7 +1550,7 @@ nghttp2_ssize nghttp2_hd_deflate_hd_vec2(nghttp2_hd_deflater *deflater,
return rv;
}
return (nghttp2_ssize)buflen;
return (ssize_t)buflen;
}
size_t nghttp2_hd_deflate_bound(nghttp2_hd_deflater *deflater,
@@ -1657,11 +1643,10 @@ static void hd_inflate_set_huffman_encoded(nghttp2_hd_inflater *inflater,
* NGHTTP2_ERR_HEADER_COMP
* Integer decoding failed
*/
static nghttp2_ssize hd_inflate_read_len(nghttp2_hd_inflater *inflater,
int *rfin, const uint8_t *in,
const uint8_t *last, size_t prefix,
size_t maxlen) {
nghttp2_ssize rv;
static ssize_t hd_inflate_read_len(nghttp2_hd_inflater *inflater, int *rfin,
const uint8_t *in, const uint8_t *last,
size_t prefix, size_t maxlen) {
ssize_t rv;
uint32_t out;
*rfin = 0;
@@ -1699,10 +1684,10 @@ static nghttp2_ssize hd_inflate_read_len(nghttp2_hd_inflater *inflater,
* NGHTTP2_ERR_HEADER_COMP
* Huffman decoding failed
*/
static nghttp2_ssize hd_inflate_read_huff(nghttp2_hd_inflater *inflater,
nghttp2_buf *buf, const uint8_t *in,
const uint8_t *last) {
nghttp2_ssize readlen;
static ssize_t hd_inflate_read_huff(nghttp2_hd_inflater *inflater,
nghttp2_buf *buf, const uint8_t *in,
const uint8_t *last) {
ssize_t readlen;
int fin = 0;
if ((size_t)(last - in) >= inflater->left) {
last = in + inflater->left;
@@ -1736,15 +1721,14 @@ static nghttp2_ssize hd_inflate_read_huff(nghttp2_hd_inflater *inflater,
* NGHTTP2_ERR_HEADER_COMP
* Header decompression failed
*/
static nghttp2_ssize hd_inflate_read(nghttp2_hd_inflater *inflater,
nghttp2_buf *buf, const uint8_t *in,
const uint8_t *last) {
size_t len = nghttp2_min_size((size_t)(last - in), inflater->left);
static ssize_t hd_inflate_read(nghttp2_hd_inflater *inflater, nghttp2_buf *buf,
const uint8_t *in, const uint8_t *last) {
size_t len = nghttp2_min((size_t)(last - in), inflater->left);
buf->last = nghttp2_cpymem(buf->last, in, len);
inflater->left -= len;
return (nghttp2_ssize)len;
return (ssize_t)len;
}
/*
@@ -1859,15 +1843,7 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, nghttp2_nv *nv_out,
ssize_t nghttp2_hd_inflate_hd2(nghttp2_hd_inflater *inflater,
nghttp2_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen, int in_final) {
return (nghttp2_ssize)nghttp2_hd_inflate_hd3(inflater, nv_out, inflate_flags,
in, inlen, in_final);
}
nghttp2_ssize nghttp2_hd_inflate_hd3(nghttp2_hd_inflater *inflater,
nghttp2_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen,
int in_final) {
nghttp2_ssize rv;
ssize_t rv;
nghttp2_hd_nv hd_nv;
rv = nghttp2_hd_inflate_hd_nv(inflater, &hd_nv, inflate_flags, in, inlen,
@@ -1890,11 +1866,11 @@ nghttp2_ssize nghttp2_hd_inflate_hd3(nghttp2_hd_inflater *inflater,
return rv;
}
nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
nghttp2_hd_nv *nv_out,
int *inflate_flags, const uint8_t *in,
size_t inlen, int in_final) {
nghttp2_ssize rv = 0;
ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
nghttp2_hd_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen,
int in_final) {
ssize_t rv = 0;
const uint8_t *first = in;
const uint8_t *last = in + inlen;
int rfin = 0;
@@ -1963,8 +1939,8 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
rfin = 0;
rv = hd_inflate_read_len(
inflater, &rfin, in, last, 5,
nghttp2_min_size(inflater->min_hd_table_bufsize_max,
inflater->settings_hd_table_bufsize_max));
nghttp2_min(inflater->min_hd_table_bufsize_max,
inflater->settings_hd_table_bufsize_max));
if (rv < 0) {
goto fail;
}
@@ -2016,7 +1992,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
inflater->state = NGHTTP2_HD_STATE_OPCODE;
*inflate_flags |= NGHTTP2_HD_INFLATE_EMIT;
return (nghttp2_ssize)(in - first);
return (ssize_t)(in - first);
} else {
inflater->index = inflater->left;
--inflater->index;
@@ -2074,7 +2050,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
in += rv;
DEBUGF("inflatehd: %td bytes read\n", rv);
DEBUGF("inflatehd: %zd bytes read\n", rv);
if (inflater->left) {
DEBUGF("inflatehd: still %zu bytes to go\n", inflater->left);
@@ -2096,7 +2072,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
in += rv;
DEBUGF("inflatehd: %td bytes read\n", rv);
DEBUGF("inflatehd: %zd bytes read\n", rv);
if (inflater->left) {
DEBUGF("inflatehd: still %zu bytes to go\n", inflater->left);
@@ -2162,7 +2138,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
in += rv;
DEBUGF("inflatehd: %td bytes read\n", rv);
DEBUGF("inflatehd: %zd bytes read\n", rv);
if (inflater->left) {
DEBUGF("inflatehd: still %zu bytes to go\n", inflater->left);
@@ -2186,18 +2162,18 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
inflater->state = NGHTTP2_HD_STATE_OPCODE;
*inflate_flags |= NGHTTP2_HD_INFLATE_EMIT;
return (nghttp2_ssize)(in - first);
return (ssize_t)(in - first);
case NGHTTP2_HD_STATE_READ_VALUE:
rv = hd_inflate_read(inflater, &inflater->valuebuf, in, last);
if (rv < 0) {
DEBUGF("inflatehd: value read failure %td: %s\n", rv,
DEBUGF("inflatehd: value read failure %zd: %s\n", rv,
nghttp2_strerror((int)rv));
goto fail;
}
in += rv;
DEBUGF("inflatehd: %td bytes read\n", rv);
DEBUGF("inflatehd: %zd bytes read\n", rv);
if (inflater->left) {
DEBUGF("inflatehd: still %zu bytes to go\n", inflater->left);
@@ -2220,7 +2196,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
inflater->state = NGHTTP2_HD_STATE_OPCODE;
*inflate_flags |= NGHTTP2_HD_INFLATE_EMIT;
return (nghttp2_ssize)(in - first);
return (ssize_t)(in - first);
}
}
@@ -2240,7 +2216,7 @@ nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
}
*inflate_flags |= NGHTTP2_HD_INFLATE_FINAL;
}
return (nghttp2_ssize)(in - first);
return (ssize_t)(in - first);
almost_ok:
if (in_final) {
@@ -2250,10 +2226,10 @@ almost_ok:
goto fail;
}
return (nghttp2_ssize)(in - first);
return (ssize_t)(in - first);
fail:
DEBUGF("inflatehd: error return %td\n", rv);
DEBUGF("inflatehd: error return %zd\n", rv);
inflater->ctx.bad = 1;
return rv;
@@ -2321,10 +2297,9 @@ int nghttp2_hd_emit_table_size(nghttp2_bufs *bufs, size_t table_size) {
return emit_table_size(bufs, table_size);
}
nghttp2_ssize nghttp2_hd_decode_length(uint32_t *res, size_t *shift_ptr,
int *fin, uint32_t initial, size_t shift,
uint8_t *in, uint8_t *last,
size_t prefix) {
ssize_t nghttp2_hd_decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
uint32_t initial, size_t shift, uint8_t *in,
uint8_t *last, size_t prefix) {
return decode_length(res, shift_ptr, fin, initial, shift, in, last, prefix);
}

20
lib/nghttp2_hd.h
View File

@@ -357,10 +357,9 @@ void nghttp2_hd_inflate_free(nghttp2_hd_inflater *inflater);
* that return values and semantics are the same as
* nghttp2_hd_inflate_hd().
*/
nghttp2_ssize nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
nghttp2_hd_nv *nv_out,
int *inflate_flags, const uint8_t *in,
size_t inlen, int in_final);
ssize_t nghttp2_hd_inflate_hd_nv(nghttp2_hd_inflater *inflater,
nghttp2_hd_nv *nv_out, int *inflate_flags,
const uint8_t *in, size_t inlen, int in_final);
/* For unittesting purpose */
int nghttp2_hd_emit_indname_block(nghttp2_bufs *bufs, size_t index,
@@ -377,10 +376,9 @@ int nghttp2_hd_emit_table_size(nghttp2_bufs *bufs, size_t table_size);
nghttp2_hd_nv nghttp2_hd_table_get(nghttp2_hd_context *context, size_t index);
/* For unittesting purpose */
nghttp2_ssize nghttp2_hd_decode_length(uint32_t *res, size_t *shift_ptr,
int *fin, uint32_t initial, size_t shift,
uint8_t *in, uint8_t *last,
size_t prefix);
ssize_t nghttp2_hd_decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
uint32_t initial, size_t shift, uint8_t *in,
uint8_t *last, size_t prefix);
/* Huffman encoding/decoding functions */
@@ -429,9 +427,9 @@ void nghttp2_hd_huff_decode_context_init(nghttp2_hd_huff_decode_context *ctx);
* NGHTTP2_ERR_HEADER_COMP
* Decoding process has failed.
*/
nghttp2_ssize nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
nghttp2_buf *buf, const uint8_t *src,
size_t srclen, int fin);
ssize_t nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
nghttp2_buf *buf, const uint8_t *src,
size_t srclen, int fin);
/*
* nghttp2_hd_huff_decode_failure_state returns nonzero if |ctx|

12
lib/nghttp2_hd_huffman.c
View File

@@ -107,18 +107,16 @@ void nghttp2_hd_huff_decode_context_init(nghttp2_hd_huff_decode_context *ctx) {
ctx->fstate = NGHTTP2_HUFF_ACCEPTED;
}
nghttp2_ssize nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
nghttp2_buf *buf, const uint8_t *src,
size_t srclen, int final) {
ssize_t nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
nghttp2_buf *buf, const uint8_t *src,
size_t srclen, int final) {
const uint8_t *end = src + srclen;
nghttp2_huff_decode node = {ctx->fstate, 0};
const nghttp2_huff_decode *t = &node;
uint8_t c;
/* We use the decoding algorithm described in
- http://graphics.ics.uci.edu/pub/Prefix.pdf [!!! NO LONGER VALID !!!]
- https://ics.uci.edu/~dan/pubs/Prefix.pdf
- https://github.com/nghttp2/nghttp2/files/15141264/Prefix.pdf */
http://graphics.ics.uci.edu/pub/Prefix.pdf */
for (; src != end;) {
c = *src++;
t = &huff_decode_table[t->fstate & 0x1ff][c >> 4];
@@ -138,7 +136,7 @@ nghttp2_ssize nghttp2_hd_huff_decode(nghttp2_hd_huff_decode_context *ctx,
return NGHTTP2_ERR_HEADER_COMP;
}
return (nghttp2_ssize)srclen;
return (ssize_t)srclen;
}
int nghttp2_hd_huff_decode_failure_state(nghttp2_hd_huff_decode_context *ctx) {

8
lib/nghttp2_helper.c
View File

@@ -160,7 +160,7 @@ int nghttp2_adjust_local_window_size(int32_t *local_window_size_ptr,
int32_t recv_reduction_delta;
int32_t delta;
int32_t new_recv_window_size =
nghttp2_max_int32(0, *recv_window_size_ptr) - *delta_ptr;
nghttp2_max(0, *recv_window_size_ptr) - *delta_ptr;
if (new_recv_window_size >= 0) {
*recv_window_size_ptr = new_recv_window_size;
@@ -177,7 +177,7 @@ int nghttp2_adjust_local_window_size(int32_t *local_window_size_ptr,
*local_window_size_ptr += delta;
/* If there is recv_reduction due to earlier window_size
reduction, we have to adjust it too. */
recv_reduction_delta = nghttp2_min_int32(*recv_reduction_ptr, delta);
recv_reduction_delta = nghttp2_min(*recv_reduction_ptr, delta);
*recv_reduction_ptr -= recv_reduction_delta;
if (*recv_window_size_ptr < 0) {
*recv_window_size_ptr += recv_reduction_delta;
@@ -233,7 +233,7 @@ int nghttp2_increase_local_window_size(int32_t *local_window_size_ptr,
*local_window_size_ptr += delta;
/* If there is recv_reduction due to earlier window_size
reduction, we have to adjust it too. */
recv_reduction_delta = nghttp2_min_int32(*recv_reduction_ptr, delta);
recv_reduction_delta = nghttp2_min(*recv_reduction_ptr, delta);
*recv_reduction_ptr -= recv_reduction_delta;
*recv_window_size_ptr += recv_reduction_delta;
@@ -336,8 +336,6 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}

29
lib/nghttp2_helper.h
View File

@@ -35,36 +35,13 @@
#include <nghttp2/nghttp2.h>
#include "nghttp2_mem.h"
#define nghttp2_max_def(SUFFIX, T) \
static inline T nghttp2_max_##SUFFIX(T a, T b) { return a < b ? b : a; }
nghttp2_max_def(int8, int8_t);
nghttp2_max_def(int16, int16_t);
nghttp2_max_def(int32, int32_t);
nghttp2_max_def(int64, int64_t);
nghttp2_max_def(uint8, uint8_t);
nghttp2_max_def(uint16, uint16_t);
nghttp2_max_def(uint32, uint32_t);
nghttp2_max_def(uint64, uint64_t);
nghttp2_max_def(size, size_t);
#define nghttp2_min_def(SUFFIX, T) \
static inline T nghttp2_min_##SUFFIX(T a, T b) { return a < b ? a : b; }
nghttp2_min_def(int8, int8_t);
nghttp2_min_def(int16, int16_t);
nghttp2_min_def(int32, int32_t);
nghttp2_min_def(int64, int64_t);
nghttp2_min_def(uint8, uint8_t);
nghttp2_min_def(uint16, uint16_t);
nghttp2_min_def(uint32, uint32_t);
nghttp2_min_def(uint64, uint64_t);
nghttp2_min_def(size, size_t);
#define nghttp2_min(A, B) ((A) < (B) ? (A) : (B))
#define nghttp2_max(A, B) ((A) > (B) ? (A) : (B))
#define lstreq(A, B, N) ((sizeof((A)) - 1) == (N) && memcmp((A), (B), (N)) == 0)
#define nghttp2_struct_of(ptr, type, member) \
((type *)(void *)((char *)(ptr) - offsetof(type, member)))
((type *)(void *)((char *)(ptr)-offsetof(type, member)))
/*
* Copies 2 byte unsigned integer |n| in host byte order to |buf| in

2
lib/nghttp2_map.c
View File

@@ -126,7 +126,6 @@ static void map_bucket_set_data(nghttp2_map_bucket *bkt, uint32_t hash,
bkt->data = data;
}
#ifndef WIN32
void nghttp2_map_print_distance(nghttp2_map *map) {
uint32_t i;
size_t idx;
@@ -146,7 +145,6 @@ void nghttp2_map_print_distance(nghttp2_map *map) {
distance(map->tablelen, map->tablelenbits, bkt, idx));
}
}
#endif /* !WIN32 */
static int insert(nghttp2_map_bucket *table, uint32_t tablelen,
uint32_t tablelenbits, uint32_t hash,

2
lib/nghttp2_map.h
View File

@@ -131,8 +131,6 @@ size_t nghttp2_map_size(nghttp2_map *map);
int nghttp2_map_each(nghttp2_map *map, int (*func)(void *data, void *ptr),
void *ptr);
#ifndef WIN32
void nghttp2_map_print_distance(nghttp2_map *map);
#endif /* !WIN32 */
#endif /* NGHTTP2_MAP_H */

29
lib/nghttp2_alpn.c → lib/nghttp2_npn.c
View File

@@ -22,13 +22,13 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include "nghttp2_alpn.h"
#include "nghttp2_npn.h"
#include <string.h>
static int select_alpn(const unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const char *key, unsigned int keylen) {
static int select_next_protocol(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const char *key, unsigned int keylen) {
unsigned int i;
for (i = 0; i + keylen <= inlen; i += (unsigned int)(in[i] + 1)) {
if (memcmp(&in[i], key, keylen) == 0) {
@@ -45,25 +45,12 @@ static int select_alpn(const unsigned char **out, unsigned char *outlen,
int nghttp2_select_next_protocol(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen) {
if (select_alpn((const unsigned char **)out, outlen, in, inlen,
NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN) == 0) {
if (select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_ALPN,
NGHTTP2_PROTO_ALPN_LEN) == 0) {
return 1;
}
if (select_alpn((const unsigned char **)out, outlen, in, inlen,
NGHTTP2_HTTP_1_1_ALPN, NGHTTP2_HTTP_1_1_ALPN_LEN) == 0) {
return 0;
}
return -1;
}
int nghttp2_select_alpn(const unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen) {
if (select_alpn(out, outlen, in, inlen, NGHTTP2_PROTO_ALPN,
NGHTTP2_PROTO_ALPN_LEN) == 0) {
return 1;
}
if (select_alpn(out, outlen, in, inlen, NGHTTP2_HTTP_1_1_ALPN,
NGHTTP2_HTTP_1_1_ALPN_LEN) == 0) {
if (select_next_protocol(out, outlen, in, inlen, NGHTTP2_HTTP_1_1_ALPN,
NGHTTP2_HTTP_1_1_ALPN_LEN) == 0) {
return 0;
}
return -1;

6
lib/nghttp2_alpn.h → lib/nghttp2_npn.h
View File

@@ -22,8 +22,8 @@
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef NGHTTP2_ALPN_H
#define NGHTTP2_ALPN_H
#ifndef NGHTTP2_NPN_H
#define NGHTTP2_NPN_H
#ifdef HAVE_CONFIG_H
# include <config.h>
@@ -31,4 +31,4 @@
#include <nghttp2/nghttp2.h>
#endif /* NGHTTP2_ALPN_H */
#endif /* NGHTTP2_NPN_H */

12
lib/nghttp2_option.c
View File

@@ -143,15 +143,3 @@ void nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION;
option->no_rfc9113_leading_and_trailing_ws_validation = val;
}
void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate) {
option->opt_set_mask |= NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT;
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
option->max_continuations = val;
}

11
lib/nghttp2_option.h
View File

@@ -70,19 +70,12 @@ typedef enum {
NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
* Struct to store option values for nghttp2_session.
*/
struct nghttp2_option {
/**
* NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT
*/
uint64_t stream_reset_burst;
uint64_t stream_reset_rate;
/**
* NGHTTP2_OPT_MAX_SEND_HEADER_BLOCK_LENGTH
*/
@@ -99,10 +92,6 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
/**
* NGHTTP2_OPT_MAX_CONTINUATIONS
*/
size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.

26
lib/nghttp2_outbound_item.c
View File

@@ -27,32 +27,6 @@
#include <assert.h>
#include <string.h>
nghttp2_data_provider_wrap *
nghttp2_data_provider_wrap_v1(nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider *data_prd) {
if (!data_prd) {
return NULL;
}
dpw->version = NGHTTP2_DATA_PROVIDER_V1;
dpw->data_prd.v1 = *data_prd;
return dpw;
}
nghttp2_data_provider_wrap *
nghttp2_data_provider_wrap_v2(nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider2 *data_prd) {
if (!data_prd) {
return NULL;
}
dpw->version = NGHTTP2_DATA_PROVIDER_V2;
dpw->data_prd.v2 = *data_prd;
return dpw;
}
void nghttp2_outbound_item_init(nghttp2_outbound_item *item) {
item->cycle = 0;
item->qnext = NULL;

27
lib/nghttp2_outbound_item.h
View File

@@ -33,32 +33,9 @@
#include "nghttp2_frame.h"
#include "nghttp2_mem.h"
#define NGHTTP2_DATA_PROVIDER_V1 1
#define NGHTTP2_DATA_PROVIDER_V2 2
typedef struct nghttp2_data_provider_wrap {
int version;
union {
struct {
nghttp2_data_source source;
void *read_callback;
};
nghttp2_data_provider v1;
nghttp2_data_provider2 v2;
} data_prd;
} nghttp2_data_provider_wrap;
nghttp2_data_provider_wrap *
nghttp2_data_provider_wrap_v1(nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider *data_prd);
nghttp2_data_provider_wrap *
nghttp2_data_provider_wrap_v2(nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider2 *data_prd);
/* struct used for HEADERS and PUSH_PROMISE frame */
typedef struct {
nghttp2_data_provider_wrap dpw;
nghttp2_data_provider data_prd;
void *stream_user_data;
/* error code when request HEADERS is canceled by RST_STREAM while
it is in queue. */
@@ -73,7 +50,7 @@ typedef struct {
/**
* The data to be sent for this DATA frame.
*/
nghttp2_data_provider_wrap dpw;
nghttp2_data_provider data_prd;
/**
* The flags of DATA frame. We use separate flags here and
* nghttp2_data frame. The latter contains flags actually sent to

2
lib/nghttp2_pq.c
View File

@@ -69,7 +69,7 @@ int nghttp2_pq_push(nghttp2_pq *pq, nghttp2_pq_entry *item) {
void *nq;
size_t ncapacity;
ncapacity = nghttp2_max_size(4, (pq->capacity * 2));
ncapacity = nghttp2_max(4, (pq->capacity * 2));
nq = nghttp2_mem_realloc(pq->mem, pq->q,
ncapacity * sizeof(nghttp2_pq_entry *));

75
lib/nghttp2_ratelim.c
View File

@@ -1,75 +0,0 @@
/*
* nghttp2 - HTTP/2 C Library
*
* Copyright (c) 2023 nghttp2 contributors
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include "nghttp2_ratelim.h"
#include "nghttp2_helper.h"
void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate) {
rl->val = rl->burst = burst;
rl->rate = rate;
rl->tstamp = 0;
}
void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp) {
uint64_t d, gain;
if (tstamp == rl->tstamp) {
return;
}
if (tstamp > rl->tstamp) {
d = tstamp - rl->tstamp;
} else {
d = 1;
}
rl->tstamp = tstamp;
if (UINT64_MAX / d < rl->rate) {
rl->val = rl->burst;
return;
}
gain = rl->rate * d;
if (UINT64_MAX - gain < rl->val) {
rl->val = rl->burst;
return;
}
rl->val += gain;
rl->val = nghttp2_min_uint64(rl->val, rl->burst);
}
int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n) {
if (rl->val < n) {
return -1;
}
rl->val -= n;
return 0;
}

57
lib/nghttp2_ratelim.h
View File

@@ -1,57 +0,0 @@
/*
* nghttp2 - HTTP/2 C Library
*
* Copyright (c) 2023 nghttp2 contributors
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef NGHTTP2_RATELIM_H
#define NGHTTP2_RATELIM_H
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#include <nghttp2/nghttp2.h>
typedef struct nghttp2_ratelim {
/* burst is the maximum value of val. */
uint64_t burst;
/* rate is the amount of value that is regenerated per 1 tstamp. */
uint64_t rate;
/* val is the amount of value available to drain. */
uint64_t val;
/* tstamp is the last timestamp in second resolution that is known
to this object. */
uint64_t tstamp;
} nghttp2_ratelim;
/* nghttp2_ratelim_init initializes |rl| with the given parameters. */
void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate);
/* nghttp2_ratelim_update updates rl->val with the current |tstamp|
given in second resolution. */
void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp);
/* nghttp2_ratelim_drain drains |n| from rl->val. It returns 0 if it
succeeds, or -1. */
int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n);
#endif /* NGHTTP2_RATELIM_H */

671
lib/nghttp2_session.c
View File

File diff suppressed because it is too large Load Diff

22
lib/nghttp2_session.h
View File

@@ -39,7 +39,6 @@
#include "nghttp2_buf.h"
#include "nghttp2_callbacks.h"
#include "nghttp2_mem.h"
#include "nghttp2_ratelim.h"
/* The global variable for tests where we want to disable strict
preface handling. */
@@ -106,14 +105,6 @@ typedef struct {
/* The default value of maximum number of concurrent streams. */
#define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu
/* The default values for stream reset rate limiter. */
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
/* The default max number of CONTINUATION frames following an incoming
HEADER frame. */
#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -187,9 +178,7 @@ typedef enum {
/* Flag means GOAWAY was sent */
NGHTTP2_GOAWAY_SENT = 0x4,
/* Flag means GOAWAY was received */
NGHTTP2_GOAWAY_RECV = 0x8,
/* Flag means GOAWAY has been submitted at least once */
NGHTTP2_GOAWAY_SUBMITTED = 0x10
NGHTTP2_GOAWAY_RECV = 0x8
} nghttp2_goaway_flag;
/* nghttp2_inflight_settings stores the SETTINGS entries which local
@@ -246,9 +235,6 @@ struct nghttp2_session {
/* Queue of In-flight SETTINGS values. SETTINGS bearing ACK is not
considered as in-flight. */
nghttp2_inflight_settings *inflight_settings_head;
/* Stream reset rate limiter. If receiving excessive amount of
stream resets, GOAWAY will be sent. */
nghttp2_ratelim stream_reset_ratelim;
/* Sequential number across all streams to process streams in
FIFO. */
uint64_t stream_seq;
@@ -294,12 +280,6 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
/* The maximum number of CONTINUATION frames following an incoming
HEADER frame. */
size_t max_continuations;
/* The number of CONTINUATION frames following an incoming HEADER
frame. This variable is reset when END_HEADERS flag is seen. */
size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,

18
lib/nghttp2_stream.c
View File

@@ -312,7 +312,7 @@ int32_t nghttp2_stream_dep_distributed_weight(nghttp2_stream *stream,
int32_t weight) {
weight = stream->weight * weight / stream->sum_dep_weight;
return nghttp2_max_int32(1, weight);
return nghttp2_max(1, weight);
}
#ifdef STREAM_DEP_DEBUG
@@ -465,12 +465,14 @@ static int stream_update_dep_on_attach_item(nghttp2_stream *stream) {
return 0;
}
static void stream_update_dep_on_detach_item(nghttp2_stream *stream) {
static int stream_update_dep_on_detach_item(nghttp2_stream *stream) {
if (nghttp2_pq_empty(&stream->obq)) {
stream_obq_remove(stream);
}
validate_tree(stream);
return 0;
}
int nghttp2_stream_attach_item(nghttp2_stream *stream,
@@ -501,20 +503,20 @@ int nghttp2_stream_attach_item(nghttp2_stream *stream,
return 0;
}
void nghttp2_stream_detach_item(nghttp2_stream *stream) {
int nghttp2_stream_detach_item(nghttp2_stream *stream) {
DEBUGF("stream: stream=%d detach item=%p\n", stream->stream_id, stream->item);
stream->item = NULL;
stream->flags = (uint8_t)(stream->flags & ~NGHTTP2_STREAM_FLAG_DEFERRED_ALL);
if (stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) {
return;
return 0;
}
stream_update_dep_on_detach_item(stream);
return stream_update_dep_on_detach_item(stream);
}
void nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags) {
int nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags) {
assert(stream->item);
DEBUGF("stream: stream=%d defer item=%p cause=%02x\n", stream->stream_id,
@@ -523,10 +525,10 @@ void nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags) {
stream->flags |= flags;
if (stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) {
return;
return 0;
}
stream_update_dep_on_detach_item(stream);
return stream_update_dep_on_detach_item(stream);
}
int nghttp2_stream_resume_deferred_item(nghttp2_stream *stream, uint8_t flags) {

16
lib/nghttp2_stream.h
View File

@@ -258,8 +258,14 @@ void nghttp2_stream_shutdown(nghttp2_stream *stream, nghttp2_shut_flag flag);
* more of NGHTTP2_STREAM_FLAG_DEFERRED_USER and
* NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL. The |flags| indicates
* the reason of this action.
*
* This function returns 0 if it succeeds, or one of the following
* negative error codes:
*
* NGHTTP2_ERR_NOMEM
* Out of memory
*/
void nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags);
int nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags);
/*
* Put back deferred data in this stream to active state. The |flags|
@@ -373,8 +379,14 @@ int nghttp2_stream_attach_item(nghttp2_stream *stream,
/*
* Detaches |stream->item|. This function does not free
* |stream->item|. The caller must free it.
*
* This function returns 0 if it succeeds, or one of the following
* negative error codes:
*
* NGHTTP2_ERR_NOMEM
* Out of memory
*/
void nghttp2_stream_detach_item(nghttp2_stream *stream);
int nghttp2_stream_detach_item(nghttp2_stream *stream);
/*
* Makes the |stream| depend on the |dep_stream|. This dependency is

129
lib/nghttp2_submit.c
View File

@@ -68,7 +68,7 @@ static int32_t submit_headers_shared(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_priority_spec *pri_spec,
nghttp2_nv *nva_copy, size_t nvlen,
const nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider *data_prd,
void *stream_user_data) {
int rv;
uint8_t flags_copy;
@@ -87,8 +87,8 @@ static int32_t submit_headers_shared(nghttp2_session *session, uint8_t flags,
nghttp2_outbound_item_init(item);
if (dpw != NULL && dpw->data_prd.read_callback != NULL) {
item->aux_data.headers.dpw = *dpw;
if (data_prd != NULL && data_prd->read_callback != NULL) {
item->aux_data.headers.data_prd = *data_prd;
}
item->aux_data.headers.stream_user_data = stream_user_data;
@@ -143,7 +143,7 @@ static int32_t submit_headers_shared_nva(nghttp2_session *session,
uint8_t flags, int32_t stream_id,
const nghttp2_priority_spec *pri_spec,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider_wrap *dpw,
const nghttp2_data_provider *data_prd,
void *stream_user_data) {
int rv;
nghttp2_nv *nva_copy;
@@ -165,7 +165,7 @@ static int32_t submit_headers_shared_nva(nghttp2_session *session,
}
return submit_headers_shared(session, flags, stream_id, &copy_pri_spec,
nva_copy, nvlen, dpw, stream_user_data);
nva_copy, nvlen, data_prd, stream_user_data);
}
int nghttp2_submit_trailer(nghttp2_session *session, int32_t stream_id,
@@ -411,10 +411,10 @@ int nghttp2_submit_window_update(nghttp2_session *session, uint8_t flags,
if (window_size_increment > 0) {
if (stream_id == 0) {
session->consumed_size =
nghttp2_max_int32(0, session->consumed_size - window_size_increment);
nghttp2_max(0, session->consumed_size - window_size_increment);
} else {
stream->consumed_size =
nghttp2_max_int32(0, stream->consumed_size - window_size_increment);
nghttp2_max(0, stream->consumed_size - window_size_increment);
}
return nghttp2_session_add_window_update(session, 0, stream_id,
@@ -740,9 +740,9 @@ fail_item_malloc:
}
static uint8_t set_request_flags(const nghttp2_priority_spec *pri_spec,
const nghttp2_data_provider_wrap *dpw) {
const nghttp2_data_provider *data_prd) {
uint8_t flags = NGHTTP2_FLAG_NONE;
if (dpw == NULL || dpw->data_prd.read_callback == NULL) {
if (data_prd == NULL || data_prd->read_callback == NULL) {
flags |= NGHTTP2_FLAG_END_STREAM;
}
@@ -753,11 +753,11 @@ static uint8_t set_request_flags(const nghttp2_priority_spec *pri_spec,
return flags;
}
static int32_t submit_request_shared(nghttp2_session *session,
const nghttp2_priority_spec *pri_spec,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider_wrap *dpw,
void *stream_user_data) {
int32_t nghttp2_submit_request(nghttp2_session *session,
const nghttp2_priority_spec *pri_spec,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider *data_prd,
void *stream_user_data) {
uint8_t flags;
int rv;
@@ -775,47 +775,23 @@ static int32_t submit_request_shared(nghttp2_session *session,
pri_spec = NULL;
}
flags = set_request_flags(pri_spec, dpw);
flags = set_request_flags(pri_spec, data_prd);
return submit_headers_shared_nva(session, flags, -1, pri_spec, nva, nvlen,
dpw, stream_user_data);
data_prd, stream_user_data);
}
int32_t nghttp2_submit_request(nghttp2_session *session,
const nghttp2_priority_spec *pri_spec,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider *data_prd,
void *stream_user_data) {
nghttp2_data_provider_wrap dpw;
return submit_request_shared(session, pri_spec, nva, nvlen,
nghttp2_data_provider_wrap_v1(&dpw, data_prd),
stream_user_data);
}
int32_t nghttp2_submit_request2(nghttp2_session *session,
const nghttp2_priority_spec *pri_spec,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider2 *data_prd,
void *stream_user_data) {
nghttp2_data_provider_wrap dpw;
return submit_request_shared(session, pri_spec, nva, nvlen,
nghttp2_data_provider_wrap_v2(&dpw, data_prd),
stream_user_data);
}
static uint8_t set_response_flags(const nghttp2_data_provider_wrap *dpw) {
static uint8_t set_response_flags(const nghttp2_data_provider *data_prd) {
uint8_t flags = NGHTTP2_FLAG_NONE;
if (dpw == NULL || dpw->data_prd.read_callback == NULL) {
if (data_prd == NULL || data_prd->read_callback == NULL) {
flags |= NGHTTP2_FLAG_END_STREAM;
}
return flags;
}
static int submit_response_shared(nghttp2_session *session, int32_t stream_id,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider_wrap *dpw) {
int nghttp2_submit_response(nghttp2_session *session, int32_t stream_id,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider *data_prd) {
uint8_t flags;
if (stream_id <= 0) {
@@ -826,32 +802,14 @@ static int submit_response_shared(nghttp2_session *session, int32_t stream_id,
return NGHTTP2_ERR_PROTO;
}
flags = set_response_flags(dpw);
flags = set_response_flags(data_prd);
return submit_headers_shared_nva(session, flags, stream_id, NULL, nva, nvlen,
dpw, NULL);
data_prd, NULL);
}
int nghttp2_submit_response(nghttp2_session *session, int32_t stream_id,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider *data_prd) {
nghttp2_data_provider_wrap dpw;
return submit_response_shared(session, stream_id, nva, nvlen,
nghttp2_data_provider_wrap_v1(&dpw, data_prd));
}
int nghttp2_submit_response2(nghttp2_session *session, int32_t stream_id,
const nghttp2_nv *nva, size_t nvlen,
const nghttp2_data_provider2 *data_prd) {
nghttp2_data_provider_wrap dpw;
return submit_response_shared(session, stream_id, nva, nvlen,
nghttp2_data_provider_wrap_v2(&dpw, data_prd));
}
int nghttp2_submit_data_shared(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider_wrap *dpw) {
int nghttp2_submit_data(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider *data_prd) {
int rv;
nghttp2_outbound_item *item;
nghttp2_frame *frame;
@@ -874,7 +832,7 @@ int nghttp2_submit_data_shared(nghttp2_session *session, uint8_t flags,
frame = &item->frame;
aux_data = &item->aux_data.data;
aux_data->dpw = *dpw;
aux_data->data_prd = *data_prd;
aux_data->eof = 0;
aux_data->flags = nflags;
@@ -890,37 +848,9 @@ int nghttp2_submit_data_shared(nghttp2_session *session, uint8_t flags,
return 0;
}
int nghttp2_submit_data(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider *data_prd) {
nghttp2_data_provider_wrap dpw;
assert(data_prd);
return nghttp2_submit_data_shared(
session, flags, stream_id, nghttp2_data_provider_wrap_v1(&dpw, data_prd));
}
int nghttp2_submit_data2(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider2 *data_prd) {
nghttp2_data_provider_wrap dpw;
assert(data_prd);
return nghttp2_submit_data_shared(
session, flags, stream_id, nghttp2_data_provider_wrap_v2(&dpw, data_prd));
}
ssize_t nghttp2_pack_settings_payload(uint8_t *buf, size_t buflen,
const nghttp2_settings_entry *iv,
size_t niv) {
return (ssize_t)nghttp2_pack_settings_payload2(buf, buflen, iv, niv);
}
nghttp2_ssize nghttp2_pack_settings_payload2(uint8_t *buf, size_t buflen,
const nghttp2_settings_entry *iv,
size_t niv) {
if (!nghttp2_iv_check(iv, niv)) {
return NGHTTP2_ERR_INVALID_ARGUMENT;
}
@@ -929,7 +859,7 @@ nghttp2_ssize nghttp2_pack_settings_payload2(uint8_t *buf, size_t buflen,
return NGHTTP2_ERR_INSUFF_BUFSIZE;
}
return (nghttp2_ssize)nghttp2_frame_pack_settings_payload(buf, iv, niv);
return (ssize_t)nghttp2_frame_pack_settings_payload(buf, iv, niv);
}
int nghttp2_submit_extension(nghttp2_session *session, uint8_t type,
@@ -945,8 +875,7 @@ int nghttp2_submit_extension(nghttp2_session *session, uint8_t type,
return NGHTTP2_ERR_INVALID_ARGUMENT;
}
if (!session->callbacks.pack_extension_callback2 &&
!session->callbacks.pack_extension_callback) {
if (!session->callbacks.pack_extension_callback) {
return NGHTTP2_ERR_INVALID_STATE;
}

6
lib/nghttp2_submit.h
View File

@@ -31,10 +31,4 @@
#include <nghttp2/nghttp2.h>
#include "nghttp2_outbound_item.h"
int nghttp2_submit_data_shared(nghttp2_session *session, uint8_t flags,
int32_t stream_id,
const nghttp2_data_provider_wrap *dpw);
#endif /* NGHTTP2_SUBMIT_H */

63
lib/nghttp2_time.c
View File

@@ -1,63 +0,0 @@
/*
* nghttp2 - HTTP/2 C Library
*
* Copyright (c) 2023 nghttp2 contributors
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include "nghttp2_time.h"
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif /* HAVE_WINDOWS_H */
#include <time.h>
#if !defined(HAVE_GETTICKCOUNT64) || defined(__CYGWIN__)
static uint64_t time_now_sec(void) {
time_t t = time(NULL);
if (t == -1) {
return 0;
}
return (uint64_t)t;
}
#endif /* !HAVE_GETTICKCOUNT64 || __CYGWIN__ */
#if defined(HAVE_GETTICKCOUNT64) && !defined(__CYGWIN__)
uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; }
#elif defined(HAVE_CLOCK_GETTIME) && defined(HAVE_DECL_CLOCK_MONOTONIC) && \
HAVE_DECL_CLOCK_MONOTONIC
uint64_t nghttp2_time_now_sec(void) {
struct timespec tp;
int rv = clock_gettime(CLOCK_MONOTONIC, &tp);
if (rv == -1) {
return time_now_sec();
}
return (uint64_t)tp.tv_sec;
}
#else /* (!HAVE_CLOCK_GETTIME || !HAVE_DECL_CLOCK_MONOTONIC) && \
(!HAVE_GETTICKCOUNT64 || __CYGWIN__)) */
uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); }
#endif /* (!HAVE_CLOCK_GETTIME || !HAVE_DECL_CLOCK_MONOTONIC) && \
(!HAVE_GETTICKCOUNT64 || __CYGWIN__)) */

Some files were not shown because too many files have changed in this diff Show More