Mercurial > hg > nginx

comparison src/http/modules/ngx_http_grpc_module.c @ 7233:2713b2dbf5bb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
The gRPC proxy module. The module allows passing requests to upstream gRPC servers. The module is built by default as long as HTTP/2 support is compiled in. Example configuration: grpc_pass 127.0.0.1:9000; Alternatively, the "grpc://" scheme can be used: grpc_pass grpc://127.0.0.1:9000; Keepalive support is available via the upstream keepalive module. Note that keepalive connections won't currently work with grpc-go as it fails to handle SETTINGS_HEADER_TABLE_SIZE. To use with SSL: grpc_pass grpcs://127.0.0.1:9000; SSL connections use ALPN "h2" when available. At least grpc-go works fine without ALPN, so if ALPN is not available we just establish a connection without it. Tested with grpc-c++ and grpc-go.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 17 Mar 2018 23:04:24 +0300
parents
children c693daca57f7
comparison
equal deleted inserted replaced
7232:a7ed15573ae9 7233:2713b2dbf5bb
1
2 /*
3 * Copyright (C) Maxim Dounin
4 * Copyright (C) Nginx, Inc.
5 */
6
7
8 #include <ngx_config.h>
9 #include <ngx_core.h>
10 #include <ngx_http.h>
11
12
13 typedef struct {
14 ngx_array_t *flushes;
15 ngx_array_t *lengths;
16 ngx_array_t *values;
17 ngx_hash_t hash;
18 } ngx_http_grpc_headers_t;
19
20
21 typedef struct {
22 ngx_http_upstream_conf_t upstream;
23
24 ngx_http_grpc_headers_t headers;
25 ngx_array_t *headers_source;
26
27 ngx_str_t host;
28 ngx_uint_t host_set;
29
30 #if (NGX_HTTP_SSL)
31 ngx_uint_t ssl;
32 ngx_uint_t ssl_protocols;
33 ngx_str_t ssl_ciphers;
34 ngx_uint_t ssl_verify_depth;
35 ngx_str_t ssl_trusted_certificate;
36 ngx_str_t ssl_crl;
37 ngx_str_t ssl_certificate;
38 ngx_str_t ssl_certificate_key;
39 ngx_array_t *ssl_passwords;
40 #endif
41 } ngx_http_grpc_loc_conf_t;
42
43
44 typedef enum {
45 ngx_http_grpc_st_start = 0,
46 ngx_http_grpc_st_length_2,
47 ngx_http_grpc_st_length_3,
48 ngx_http_grpc_st_type,
49 ngx_http_grpc_st_flags,
50 ngx_http_grpc_st_stream_id,
51 ngx_http_grpc_st_stream_id_2,
52 ngx_http_grpc_st_stream_id_3,
53 ngx_http_grpc_st_stream_id_4,
54 ngx_http_grpc_st_payload,
55 ngx_http_grpc_st_padding
56 } ngx_http_grpc_state_e;
57
58
59 typedef struct {
60 size_t init_window;
61 size_t send_window;
62 size_t recv_window;
63 ngx_uint_t last_stream_id;
64 } ngx_http_grpc_conn_t;
65
66
67 typedef struct {
68 ngx_http_grpc_state_e state;
69 ngx_uint_t frame_state;
70 ngx_uint_t fragment_state;
71
72 ngx_chain_t *in;
73 ngx_chain_t *out;
74 ngx_chain_t *free;
75 ngx_chain_t *busy;
76
77 ngx_http_grpc_conn_t *connection;
78
79 ngx_uint_t id;
80
81 ssize_t send_window;
82 size_t recv_window;
83
84 size_t rest;
85 ngx_uint_t stream_id;
86 u_char type;
87 u_char flags;
88 u_char padding;
89
90 ngx_uint_t error;
91 ngx_uint_t window_update;
92
93 ngx_uint_t setting_id;
94 ngx_uint_t setting_value;
95
96 u_char ping_data[8];
97
98 ngx_uint_t index;
99 ngx_str_t name;
100 ngx_str_t value;
101
102 u_char *field_end;
103 size_t field_length;
104 size_t field_rest;
105 u_char field_state;
106
107 unsigned literal:1;
108 unsigned field_huffman:1;
109
110 unsigned header_sent:1;
111 unsigned output_closed:1;
112 unsigned parsing_headers:1;
113 unsigned end_stream:1;
114 unsigned status:1;
115
116 ngx_http_request_t *request;
117 } ngx_http_grpc_ctx_t;
118
119
120 typedef struct {
121 u_char length_0;
122 u_char length_1;
123 u_char length_2;
124 u_char type;
125 u_char flags;
126 u_char stream_id_0;
127 u_char stream_id_1;
128 u_char stream_id_2;
129 u_char stream_id_3;
130 } ngx_http_grpc_frame_t;
131
132
133 static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r);
134 static ngx_int_t ngx_http_grpc_reinit_request(ngx_http_request_t *r);
135 static ngx_int_t ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in);
136 static ngx_int_t ngx_http_grpc_process_header(ngx_http_request_t *r);
137 static ngx_int_t ngx_http_grpc_filter_init(void *data);
138 static ngx_int_t ngx_http_grpc_filter(void *data, ssize_t bytes);
139
140 static ngx_int_t ngx_http_grpc_parse_frame(ngx_http_request_t *r,
141 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
142 static ngx_int_t ngx_http_grpc_parse_header(ngx_http_request_t *r,
143 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
144 static ngx_int_t ngx_http_grpc_parse_fragment(ngx_http_request_t *r,
145 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
146 static ngx_int_t ngx_http_grpc_validate_header_name(ngx_http_request_t *r,
147 ngx_str_t *s);
148 static ngx_int_t ngx_http_grpc_validate_header_value(ngx_http_request_t *r,
149 ngx_str_t *s);
150 static ngx_int_t ngx_http_grpc_parse_rst_stream(ngx_http_request_t *r,
151 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
152 static ngx_int_t ngx_http_grpc_parse_goaway(ngx_http_request_t *r,
153 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
154 static ngx_int_t ngx_http_grpc_parse_window_update(ngx_http_request_t *r,
155 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
156 static ngx_int_t ngx_http_grpc_parse_settings(ngx_http_request_t *r,
157 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
158 static ngx_int_t ngx_http_grpc_parse_ping(ngx_http_request_t *r,
159 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
160
161 static ngx_int_t ngx_http_grpc_send_settings_ack(ngx_http_request_t *r,
162 ngx_http_grpc_ctx_t *ctx);
163 static ngx_int_t ngx_http_grpc_send_ping_ack(ngx_http_request_t *r,
164 ngx_http_grpc_ctx_t *ctx);
165 static ngx_int_t ngx_http_grpc_send_window_update(ngx_http_request_t *r,
166 ngx_http_grpc_ctx_t *ctx);
167
168 static ngx_chain_t *ngx_http_grpc_get_buf(ngx_http_request_t *r,
169 ngx_http_grpc_ctx_t *ctx);
170 static ngx_http_grpc_ctx_t *ngx_http_grpc_get_ctx(ngx_http_request_t *r);
171 static ngx_int_t ngx_http_grpc_get_connection_data(ngx_http_request_t *r,
172 ngx_http_grpc_ctx_t *ctx, ngx_peer_connection_t *pc);
173 static void ngx_http_grpc_cleanup(void *data);
174
175 static void ngx_http_grpc_abort_request(ngx_http_request_t *r);
176 static void ngx_http_grpc_finalize_request(ngx_http_request_t *r,
177 ngx_int_t rc);
178
179 static void *ngx_http_grpc_create_loc_conf(ngx_conf_t *cf);
180 static char *ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf,
181 void *parent, void *child);
182 static ngx_int_t ngx_http_grpc_init_headers(ngx_conf_t *cf,
183 ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_headers_t *headers,
184 ngx_keyval_t *default_headers);
185
186 static char *ngx_http_grpc_pass(ngx_conf_t *cf, ngx_command_t *cmd,
187 void *conf);
188
189 #if (NGX_HTTP_SSL)
190 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
191 ngx_command_t *cmd, void *conf);
192 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
193 ngx_http_grpc_loc_conf_t *glcf);
194 #endif
195
196
197 static ngx_conf_bitmask_t ngx_http_grpc_next_upstream_masks[] = {
198 { ngx_string("error"), NGX_HTTP_UPSTREAM_FT_ERROR },
199 { ngx_string("timeout"), NGX_HTTP_UPSTREAM_FT_TIMEOUT },
200 { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER },
201 { ngx_string("non_idempotent"), NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT },
202 { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 },
203 { ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 },
204 { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 },
205 { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 },
206 { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 },
207 { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 },
208 { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 },
209 { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF },
210 { ngx_null_string, 0 }
211 };
212
213
214 #if (NGX_HTTP_SSL)
215
216 static ngx_conf_bitmask_t ngx_http_grpc_ssl_protocols[] = {
217 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
218 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
219 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
220 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
221 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
222 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
223 { ngx_null_string, 0 }
224 };
225
226 #endif
227
228
229 static ngx_command_t ngx_http_grpc_commands[] = {
230
231 { ngx_string("grpc_pass"),
232 NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
233 ngx_http_grpc_pass,
234 NGX_HTTP_LOC_CONF_OFFSET,
235 0,
236 NULL },
237
238 { ngx_string("grpc_bind"),
239 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
240 ngx_http_upstream_bind_set_slot,
241 NGX_HTTP_LOC_CONF_OFFSET,
242 offsetof(ngx_http_grpc_loc_conf_t, upstream.local),
243 NULL },
244
245 { ngx_string("grpc_connect_timeout"),
246 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
247 ngx_conf_set_msec_slot,
248 NGX_HTTP_LOC_CONF_OFFSET,
249 offsetof(ngx_http_grpc_loc_conf_t, upstream.connect_timeout),
250 NULL },
251
252 { ngx_string("grpc_send_timeout"),
253 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
254 ngx_conf_set_msec_slot,
255 NGX_HTTP_LOC_CONF_OFFSET,
256 offsetof(ngx_http_grpc_loc_conf_t, upstream.send_timeout),
257 NULL },
258
259 { ngx_string("grpc_intercept_errors"),
260 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
261 ngx_conf_set_flag_slot,
262 NGX_HTTP_LOC_CONF_OFFSET,
263 offsetof(ngx_http_grpc_loc_conf_t, upstream.intercept_errors),
264 NULL },
265
266 { ngx_string("grpc_buffer_size"),
267 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
268 ngx_conf_set_size_slot,
269 NGX_HTTP_LOC_CONF_OFFSET,
270 offsetof(ngx_http_grpc_loc_conf_t, upstream.buffer_size),
271 NULL },
272
273 { ngx_string("grpc_read_timeout"),
274 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
275 ngx_conf_set_msec_slot,
276 NGX_HTTP_LOC_CONF_OFFSET,
277 offsetof(ngx_http_grpc_loc_conf_t, upstream.read_timeout),
278 NULL },
279
280 { ngx_string("grpc_next_upstream"),
281 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
282 ngx_conf_set_bitmask_slot,
283 NGX_HTTP_LOC_CONF_OFFSET,
284 offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream),
285 &ngx_http_grpc_next_upstream_masks },
286
287 { ngx_string("grpc_next_upstream_tries"),
288 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
289 ngx_conf_set_num_slot,
290 NGX_HTTP_LOC_CONF_OFFSET,
291 offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_tries),
292 NULL },
293
294 { ngx_string("grpc_next_upstream_timeout"),
295 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
296 ngx_conf_set_msec_slot,
297 NGX_HTTP_LOC_CONF_OFFSET,
298 offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_timeout),
299 NULL },
300
301 { ngx_string("grpc_set_header"),
302 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
303 ngx_conf_set_keyval_slot,
304 NGX_HTTP_LOC_CONF_OFFSET,
305 offsetof(ngx_http_grpc_loc_conf_t, headers_source),
306 NULL },
307
308 { ngx_string("grpc_pass_header"),
309 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
310 ngx_conf_set_str_array_slot,
311 NGX_HTTP_LOC_CONF_OFFSET,
312 offsetof(ngx_http_grpc_loc_conf_t, upstream.pass_headers),
313 NULL },
314
315 { ngx_string("grpc_hide_header"),
316 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
317 ngx_conf_set_str_array_slot,
318 NGX_HTTP_LOC_CONF_OFFSET,
319 offsetof(ngx_http_grpc_loc_conf_t, upstream.hide_headers),
320 NULL },
321
322 { ngx_string("grpc_ignore_headers"),
323 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
324 ngx_conf_set_bitmask_slot,
325 NGX_HTTP_LOC_CONF_OFFSET,
326 offsetof(ngx_http_grpc_loc_conf_t, upstream.ignore_headers),
327 &ngx_http_upstream_ignore_headers_masks },
328
329 #if (NGX_HTTP_SSL)
330
331 { ngx_string("grpc_ssl_session_reuse"),
332 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
333 ngx_conf_set_flag_slot,
334 NGX_HTTP_LOC_CONF_OFFSET,
335 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_session_reuse),
336 NULL },
337
338 { ngx_string("grpc_ssl_protocols"),
339 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
340 ngx_conf_set_bitmask_slot,
341 NGX_HTTP_LOC_CONF_OFFSET,
342 offsetof(ngx_http_grpc_loc_conf_t, ssl_protocols),
343 &ngx_http_grpc_ssl_protocols },
344
345 { ngx_string("grpc_ssl_ciphers"),
346 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
347 ngx_conf_set_str_slot,
348 NGX_HTTP_LOC_CONF_OFFSET,
349 offsetof(ngx_http_grpc_loc_conf_t, ssl_ciphers),
350 NULL },
351
352 { ngx_string("grpc_ssl_name"),
353 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
354 ngx_http_set_complex_value_slot,
355 NGX_HTTP_LOC_CONF_OFFSET,
356 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_name),
357 NULL },
358
359 { ngx_string("grpc_ssl_server_name"),
360 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
361 ngx_conf_set_flag_slot,
362 NGX_HTTP_LOC_CONF_OFFSET,
363 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_server_name),
364 NULL },
365
366 { ngx_string("grpc_ssl_verify"),
367 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
368 ngx_conf_set_flag_slot,
369 NGX_HTTP_LOC_CONF_OFFSET,
370 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_verify),
371 NULL },
372
373 { ngx_string("grpc_ssl_verify_depth"),
374 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
375 ngx_conf_set_num_slot,
376 NGX_HTTP_LOC_CONF_OFFSET,
377 offsetof(ngx_http_grpc_loc_conf_t, ssl_verify_depth),
378 NULL },
379
380 { ngx_string("grpc_ssl_trusted_certificate"),
381 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
382 ngx_conf_set_str_slot,
383 NGX_HTTP_LOC_CONF_OFFSET,
384 offsetof(ngx_http_grpc_loc_conf_t, ssl_trusted_certificate),
385 NULL },
386
387 { ngx_string("grpc_ssl_crl"),
388 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
389 ngx_conf_set_str_slot,
390 NGX_HTTP_LOC_CONF_OFFSET,
391 offsetof(ngx_http_grpc_loc_conf_t, ssl_crl),
392 NULL },
393
394 { ngx_string("grpc_ssl_certificate"),
395 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
396 ngx_conf_set_str_slot,
397 NGX_HTTP_LOC_CONF_OFFSET,
398 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate),
399 NULL },
400
401 { ngx_string("grpc_ssl_certificate_key"),
402 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
403 ngx_conf_set_str_slot,
404 NGX_HTTP_LOC_CONF_OFFSET,
405 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key),
406 NULL },
407
408 { ngx_string("grpc_ssl_password_file"),
409 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
410 ngx_http_grpc_ssl_password_file,
411 NGX_HTTP_LOC_CONF_OFFSET,
412 0,
413 NULL },
414
415 #endif
416
417 ngx_null_command
418 };
419
420
421 static ngx_http_module_t ngx_http_grpc_module_ctx = {
422 NULL, /* preconfiguration */
423 NULL, /* postconfiguration */
424
425 NULL, /* create main configuration */
426 NULL, /* init main configuration */
427
428 NULL, /* create server configuration */
429 NULL, /* merge server configuration */
430
431 ngx_http_grpc_create_loc_conf, /* create location configuration */
432 ngx_http_grpc_merge_loc_conf /* merge location configuration */
433 };
434
435
436 ngx_module_t ngx_http_grpc_module = {
437 NGX_MODULE_V1,
438 &ngx_http_grpc_module_ctx, /* module context */
439 ngx_http_grpc_commands, /* module directives */
440 NGX_HTTP_MODULE, /* module type */
441 NULL, /* init master */
442 NULL, /* init module */
443 NULL, /* init process */
444 NULL, /* init thread */
445 NULL, /* exit thread */
446 NULL, /* exit process */
447 NULL, /* exit master */
448 NGX_MODULE_V1_PADDING
449 };
450
451
452 static u_char ngx_http_grpc_connection_start[] =
453 "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" /* connection preface */
454
455 "\x00\x00\x12\x04\x00\x00\x00\x00\x00" /* settings frame */
456 "\x00\x01\x00\x00\x00\x00" /* header table size */
457 "\x00\x02\x00\x00\x00\x00" /* disable push */
458 "\x00\x04\x7f\xff\xff\xff" /* initial window */
459
460 "\x00\x00\x04\x08\x00\x00\x00\x00\x00" /* window update frame */
461 "\x7f\xff\x00\x00";
462
463
464 static ngx_keyval_t ngx_http_grpc_headers[] = {
465 { ngx_string("Content-Length"), ngx_string("$content_length") },
466 { ngx_string("Host"), ngx_string("") },
467 { ngx_string("Connection"), ngx_string("") },
468 { ngx_string("Transfer-Encoding"), ngx_string("") },
469 { ngx_string("TE"), ngx_string("") },
470 { ngx_string("Keep-Alive"), ngx_string("") },
471 { ngx_string("Expect"), ngx_string("") },
472 { ngx_string("Upgrade"), ngx_string("") },
473 { ngx_null_string, ngx_null_string }
474 };
475
476
477 static ngx_str_t ngx_http_grpc_hide_headers[] = {
478 ngx_string("Date"),
479 ngx_string("Server"),
480 ngx_string("X-Accel-Expires"),
481 ngx_string("X-Accel-Redirect"),
482 ngx_string("X-Accel-Limit-Rate"),
483 ngx_string("X-Accel-Buffering"),
484 ngx_string("X-Accel-Charset"),
485 ngx_null_string
486 };
487
488
489 static ngx_int_t
490 ngx_http_grpc_handler(ngx_http_request_t *r)
491 {
492 ngx_int_t rc;
493 ngx_http_upstream_t *u;
494 ngx_http_grpc_ctx_t *ctx;
495 ngx_http_grpc_loc_conf_t *glcf;
496
497 if (ngx_http_upstream_create(r) != NGX_OK) {
498 return NGX_HTTP_INTERNAL_SERVER_ERROR;
499 }
500
501 glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module);
502
503 u = r->upstream;
504
505 #if (NGX_HTTP_SSL)
506 u->ssl = (glcf->upstream.ssl != NULL);
507
508 if (u->ssl) {
509 ngx_str_set(&u->schema, "grpcs://");
510
511 } else {
512 ngx_str_set(&u->schema, "grpc://");
513 }
514 #else
515 ngx_str_set(&u->schema, "grpc://");
516 #endif
517
518 u->output.tag = (ngx_buf_tag_t) &ngx_http_grpc_module;
519
520 u->conf = &glcf->upstream;
521
522 u->create_request = ngx_http_grpc_create_request;
523 u->reinit_request = ngx_http_grpc_reinit_request;
524 u->process_header = ngx_http_grpc_process_header;
525 u->abort_request = ngx_http_grpc_abort_request;
526 u->finalize_request = ngx_http_grpc_finalize_request;
527
528 ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t));
529 if (ctx == NULL) {
530 return NGX_HTTP_INTERNAL_SERVER_ERROR;
531 }
532
533 ctx->request = r;
534
535 ngx_http_set_ctx(r, ctx, ngx_http_grpc_module);
536
537 u->input_filter_init = ngx_http_grpc_filter_init;
538 u->input_filter = ngx_http_grpc_filter;
539 u->input_filter_ctx = ctx;
540
541 r->request_body_no_buffering = 1;
542
543 rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init);
544
545 if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
546 return rc;
547 }
548
549 return NGX_DONE;
550 }
551
552
553 static ngx_int_t
554 ngx_http_grpc_create_request(ngx_http_request_t *r)
555 {
556 u_char *p, *tmp, *key_tmp, *val_tmp, *headers_frame;
557 size_t len, tmp_len, key_len, val_len, uri_len;
558 uintptr_t escape;
559 ngx_buf_t *b;
560 ngx_uint_t i, next;
561 ngx_chain_t *cl, *body;
562 ngx_list_part_t *part;
563 ngx_table_elt_t *header;
564 ngx_http_upstream_t *u;
565 ngx_http_grpc_frame_t *f;
566 ngx_http_script_code_pt code;
567 ngx_http_grpc_loc_conf_t *glcf;
568 ngx_http_script_engine_t e, le;
569 ngx_http_script_len_code_pt lcode;
570
571 u = r->upstream;
572
573 glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module);
574
575 len = sizeof(ngx_http_grpc_connection_start) - 1
576 + sizeof(ngx_http_grpc_frame_t); /* headers frame */
577
578 /* :method header */
579
580 if (r->method == NGX_HTTP_GET || r->method == NGX_HTTP_POST) {
581 len += 1;
582 tmp_len = 0;
583
584 } else {
585 len += 1 + NGX_HTTP_V2_INT_OCTETS + r->method_name.len;
586 tmp_len = r->method_name.len;
587 }
588
589 /* :scheme header */
590
591 len += 1;
592
593 /* :path header */
594
595 if (r->valid_unparsed_uri) {
596 escape = 0;
597 uri_len = r->unparsed_uri.len;
598
599 } else {
600 escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len,
601 NGX_ESCAPE_URI);
602 uri_len = r->uri.len + escape + sizeof("?") - 1 + r->args.len;
603 }
604
605 len += 1 + NGX_HTTP_V2_INT_OCTETS + uri_len;
606
607 if (tmp_len < uri_len) {
608 tmp_len = uri_len;
609 }
610
611 /* :authority header */
612
613 if (!glcf->host_set) {
614 len += 1 + NGX_HTTP_V2_INT_OCTETS + glcf->host.len;
615
616 if (tmp_len < glcf->host.len) {
617 tmp_len = glcf->host.len;
618 }
619 }
620
621 /* other headers */
622
623 ngx_http_script_flush_no_cacheable_variables(r, glcf->headers.flushes);
624 ngx_memzero(&le, sizeof(ngx_http_script_engine_t));
625
626 le.ip = glcf->headers.lengths->elts;
627 le.request = r;
628 le.flushed = 1;
629
630 while (*(uintptr_t *) le.ip) {
631
632 lcode = *(ngx_http_script_len_code_pt *) le.ip;
633 key_len = lcode(&le);
634
635 for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
636 lcode = *(ngx_http_script_len_code_pt *) le.ip;
637 }
638 le.ip += sizeof(uintptr_t);
639
640 if (val_len == 0) {
641 continue;
642 }
643
644 len += 1 + NGX_HTTP_V2_INT_OCTETS + key_len
645 + NGX_HTTP_V2_INT_OCTETS + val_len;
646
647 if (tmp_len < key_len) {
648 tmp_len = key_len;
649 }
650
651 if (tmp_len < val_len) {
652 tmp_len = val_len;
653 }
654 }
655
656 if (glcf->upstream.pass_request_headers) {
657 part = &r->headers_in.headers.part;
658 header = part->elts;
659
660 for (i = 0; /* void */; i++) {
661
662 if (i >= part->nelts) {
663 if (part->next == NULL) {
664 break;
665 }
666
667 part = part->next;
668 header = part->elts;
669 i = 0;
670 }
671
672 if (ngx_hash_find(&glcf->headers.hash, header[i].hash,
673 header[i].lowcase_key, header[i].key.len))
674 {
675 continue;
676 }
677
678 len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len
679 + NGX_HTTP_V2_INT_OCTETS + header[i].value.len;
680
681 if (tmp_len < header[i].key.len) {
682 tmp_len = header[i].key.len;
683 }
684
685 if (tmp_len < header[i].value.len) {
686 tmp_len = header[i].value.len;
687 }
688 }
689 }
690
691 /* continuation frames */
692
693 len += sizeof(ngx_http_grpc_frame_t)
694 * (len / NGX_HTTP_V2_DEFAULT_FRAME_SIZE);
695
696
697 b = ngx_create_temp_buf(r->pool, len);
698 if (b == NULL) {
699 return NGX_ERROR;
700 }
701
702 cl = ngx_alloc_chain_link(r->pool);
703 if (cl == NULL) {
704 return NGX_ERROR;
705 }
706
707 cl->buf = b;
708 cl->next = NULL;
709
710 tmp = ngx_palloc(r->pool, tmp_len * 3);
711 if (tmp == NULL) {
712 return NGX_ERROR;
713 }
714
715 key_tmp = tmp + tmp_len;
716 val_tmp = tmp + 2 * tmp_len;
717
718 /* connection preface */
719
720 b->last = ngx_copy(b->last, ngx_http_grpc_connection_start,
721 sizeof(ngx_http_grpc_connection_start) - 1);
722
723 /* headers frame */
724
725 headers_frame = b->last;
726
727 f = (ngx_http_grpc_frame_t *) b->last;
728 b->last += sizeof(ngx_http_grpc_frame_t);
729
730 f->length_0 = 0;
731 f->length_1 = 0;
732 f->length_2 = 0;
733 f->type = NGX_HTTP_V2_HEADERS_FRAME;
734 f->flags = 0;
735 f->stream_id_0 = 0;
736 f->stream_id_1 = 0;
737 f->stream_id_2 = 0;
738 f->stream_id_3 = 1;
739
740 if (r->method == NGX_HTTP_GET) {
741 *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_GET_INDEX);
742
743 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
744 "grpc header: \":method: GET\"");
745
746 } else if (r->method == NGX_HTTP_POST) {
747 *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_POST_INDEX);
748
749 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
750 "grpc header: \":method: POST\"");
751
752 } else {
753 *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_METHOD_INDEX);
754 b->last = ngx_http_v2_write_value(b->last, r->method_name.data,
755 r->method_name.len, tmp);
756
757 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
758 "grpc header: \":method: %V\"", &r->method_name);
759 }
760
761 #if (NGX_HTTP_SSL)
762 if (glcf->ssl) {
763 *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX);
764
765 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
766 "grpc header: \":scheme: https\"");
767 } else
768 #endif
769 {
770 *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
771
772 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
773 "grpc header: \":scheme: http\"");
774 }
775
776 if (r->valid_unparsed_uri) {
777
778 if (r->unparsed_uri.len == 1 && r->unparsed_uri.data[0] == '/') {
779 *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_PATH_ROOT_INDEX);
780
781 } else {
782 *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
783 b->last = ngx_http_v2_write_value(b->last, r->unparsed_uri.data,
784 r->unparsed_uri.len, tmp);
785 }
786
787 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
788 "grpc header: \":path: %V\"", &r->unparsed_uri);
789
790 } else if (escape || r->args.len > 0) {
791 p = val_tmp;
792
793 if (escape) {
794 p = (u_char *) ngx_escape_uri(p, r->uri.data, r->uri.len,
795 NGX_ESCAPE_URI);
796
797 } else {
798 p = ngx_copy(p, r->uri.data, r->uri.len);
799 }
800
801 if (r->args.len > 0) {
802 *p++ = '?';
803 p = ngx_copy(p, r->args.data, r->args.len);
804 }
805
806 *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
807 b->last = ngx_http_v2_write_value(b->last, val_tmp, p - val_tmp, tmp);
808
809 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
810 "grpc header: \":path: %*s\"", p - val_tmp, val_tmp);
811
812 } else {
813 *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
814 b->last = ngx_http_v2_write_value(b->last, r->uri.data,
815 r->uri.len, tmp);
816
817 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
818 "grpc header: \":path: %V\"", &r->uri);
819 }
820
821 if (!glcf->host_set) {
822 *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_AUTHORITY_INDEX);
823 b->last = ngx_http_v2_write_value(b->last, glcf->host.data,
824 glcf->host.len, tmp);
825
826 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
827 "grpc header: \":authority: %V\"", &glcf->host);
828 }
829
830 ngx_memzero(&e, sizeof(ngx_http_script_engine_t));
831
832 e.ip = glcf->headers.values->elts;
833 e.request = r;
834 e.flushed = 1;
835
836 le.ip = glcf->headers.lengths->elts;
837
838 while (*(uintptr_t *) le.ip) {
839
840 lcode = *(ngx_http_script_len_code_pt *) le.ip;
841 key_len = lcode(&le);
842
843 for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
844 lcode = *(ngx_http_script_len_code_pt *) le.ip;
845 }
846 le.ip += sizeof(uintptr_t);
847
848 if (val_len == 0) {
849 e.skip = 1;
850
851 while (*(uintptr_t *) e.ip) {
852 code = *(ngx_http_script_code_pt *) e.ip;
853 code((ngx_http_script_engine_t *) &e);
854 }
855 e.ip += sizeof(uintptr_t);
856
857 e.skip = 0;
858
859 continue;
860 }
861
862 *b->last++ = 0;
863
864 e.pos = key_tmp;
865
866 code = *(ngx_http_script_code_pt *) e.ip;
867 code((ngx_http_script_engine_t *) &e);
868
869 b->last = ngx_http_v2_write_name(b->last, key_tmp, key_len, tmp);
870
871 e.pos = val_tmp;
872
873 while (*(uintptr_t *) e.ip) {
874 code = *(ngx_http_script_code_pt *) e.ip;
875 code((ngx_http_script_engine_t *) &e);
876 }
877 e.ip += sizeof(uintptr_t);
878
879 b->last = ngx_http_v2_write_value(b->last, val_tmp, val_len, tmp);
880
881 #if (NGX_DEBUG)
882 if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
883 ngx_strlow(key_tmp, key_tmp, key_len);
884
885 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
886 "grpc header: \"%*s: %*s\"",
887 key_len, key_tmp, val_len, val_tmp);
888 }
889 #endif
890 }
891
892 if (glcf->upstream.pass_request_headers) {
893 part = &r->headers_in.headers.part;
894 header = part->elts;
895
896 for (i = 0; /* void */; i++) {
897
898 if (i >= part->nelts) {
899 if (part->next == NULL) {
900 break;
901 }
902
903 part = part->next;
904 header = part->elts;
905 i = 0;
906 }
907
908 if (ngx_hash_find(&glcf->headers.hash, header[i].hash,
909 header[i].lowcase_key, header[i].key.len))
910 {
911 continue;
912 }
913
914 *b->last++ = 0;
915
916 b->last = ngx_http_v2_write_name(b->last, header[i].key.data,
917 header[i].key.len, tmp);
918
919 b->last = ngx_http_v2_write_value(b->last, header[i].value.data,
920 header[i].value.len, tmp);
921
922 #if (NGX_DEBUG)
923 if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
924 ngx_strlow(tmp, header[i].key.data, header[i].key.len);
925
926 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
927 "grpc header: \"%*s: %V\"",
928 header[i].key.len, tmp, &header[i].value);
929 }
930 #endif
931 }
932 }
933
934 /* update headers frame length */
935
936 len = b->last - headers_frame - sizeof(ngx_http_grpc_frame_t);
937
938 if (len > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) {
939 len = NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
940 next = 1;
941
942 } else {
943 next = 0;
944 }
945
946 f = (ngx_http_grpc_frame_t *) headers_frame;
947
948 f->length_0 = (u_char) ((len >> 16) & 0xff);
949 f->length_1 = (u_char) ((len >> 8) & 0xff);
950 f->length_2 = (u_char) (len & 0xff);
951
952 /* create additional continuation frames */
953
954 p = headers_frame;
955
956 while (next) {
957 p += sizeof(ngx_http_grpc_frame_t) + NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
958 len = b->last - p;
959
960 ngx_memmove(p + sizeof(ngx_http_grpc_frame_t), p, len);
961 b->last += sizeof(ngx_http_grpc_frame_t);
962
963 if (len > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) {
964 len = NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
965 next = 1;
966
967 } else {
968 next = 0;
969 }
970
971 f = (ngx_http_grpc_frame_t *) p;
972
973 f->length_0 = (u_char) ((len >> 16) & 0xff);
974 f->length_1 = (u_char) ((len >> 8) & 0xff);
975 f->length_2 = (u_char) (len & 0xff);
976 f->type = NGX_HTTP_V2_CONTINUATION_FRAME;
977 f->flags = 0;
978 f->stream_id_0 = 0;
979 f->stream_id_1 = 0;
980 f->stream_id_2 = 0;
981 f->stream_id_3 = 1;
982 }
983
984 f->flags |= NGX_HTTP_V2_END_HEADERS_FLAG;
985
986 #if (NGX_DEBUG)
987 if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
988 u_char buf[512];
989 size_t n, m;
990
991 n = ngx_min(b->last - b->pos, 256);
992 m = ngx_hex_dump(buf, b->pos, n) - buf;
993
994 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
995 "grpc header: %*s%s, len: %uz",
996 m, buf, b->last - b->pos > 256 ? "..." : "",
997 b->last - b->pos);
998 }
999 #endif
1000
1001 if (r->request_body_no_buffering) {
1002
1003 u->request_bufs = cl;
1004
1005 } else {
1006
1007 body = u->request_bufs;
1008 u->request_bufs = cl;
1009
1010 if (body == NULL) {
1011 f = (ngx_http_grpc_frame_t *) headers_frame;
1012 f->flags |= NGX_HTTP_V2_END_STREAM_FLAG;
1013 }
1014
1015 while (body) {
1016 b = ngx_alloc_buf(r->pool);
1017 if (b == NULL) {
1018 return NGX_ERROR;
1019 }
1020
1021 ngx_memcpy(b, body->buf, sizeof(ngx_buf_t));
1022
1023 cl->next = ngx_alloc_chain_link(r->pool);
1024 if (cl->next == NULL) {
1025 return NGX_ERROR;
1026 }
1027
1028 cl = cl->next;
1029 cl->buf = b;
1030
1031 body = body->next;
1032 }
1033
1034 b->last_buf = 1;
1035 }
1036
1037 u->output.output_filter = ngx_http_grpc_body_output_filter;
1038 u->output.filter_ctx = r;
1039
1040 b->flush = 1;
1041 cl->next = NULL;
1042
1043 return NGX_OK;
1044 }
1045
1046
1047 static ngx_int_t
1048 ngx_http_grpc_reinit_request(ngx_http_request_t *r)
1049 {
1050 ngx_http_grpc_ctx_t *ctx;
1051
1052 ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module);
1053
1054 if (ctx == NULL) {
1055 return NGX_OK;
1056 }
1057
1058 ctx->state = 0;
1059 ctx->header_sent = 0;
1060 ctx->output_closed = 0;
1061 ctx->parsing_headers = 0;
1062 ctx->end_stream = 0;
1063 ctx->status = 0;
1064 ctx->connection = NULL;
1065
1066 return NGX_OK;
1067 }
1068
1069
1070 static ngx_int_t
1071 ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in)
1072 {
1073 ngx_http_request_t *r = data;
1074
1075 off_t file_pos;
1076 u_char *p, *pos, *start;
1077 size_t len, limit;
1078 ngx_buf_t *b;
1079 ngx_int_t rc;
1080 ngx_uint_t next, last;
1081 ngx_chain_t *cl, *out, **ll;
1082 ngx_http_grpc_ctx_t *ctx;
1083 ngx_http_grpc_frame_t *f;
1084
1085 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1086 "grpc output filter");
1087
1088 ctx = ngx_http_grpc_get_ctx(r);
1089
1090 if (ctx == NULL) {
1091 return NGX_ERROR;
1092 }
1093
1094 if (in) {
1095 if (ngx_chain_add_copy(r->pool, &ctx->in, in) != NGX_OK) {
1096 return NGX_ERROR;
1097 }
1098 }
1099
1100 out = NULL;
1101 ll = &out;
1102
1103 if (!ctx->header_sent) {
1104 /* first buffer contains headers */
1105
1106 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1107 "grpc output header");
1108
1109 ctx->header_sent = 1;
1110
1111 if (ctx->id != 1) {
1112 /*
1113 * keepalive connection: skip connection preface,
1114 * update stream identifiers
1115 */
1116
1117 b = ctx->in->buf;
1118 b->pos += sizeof(ngx_http_grpc_connection_start) - 1;
1119
1120 p = b->pos;
1121
1122 while (p < b->last) {
1123 f = (ngx_http_grpc_frame_t *) p;
1124 p += sizeof(ngx_http_grpc_frame_t);
1125
1126 f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff);
1127 f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff);
1128 f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff);
1129 f->stream_id_3 = (u_char) (ctx->id & 0xff);
1130
1131 p += (f->length_0 << 16) + (f->length_1 << 8) + f->length_2;
1132 }
1133 }
1134
1135 if (ctx->in->buf->last_buf) {
1136 ctx->output_closed = 1;
1137 }
1138
1139 *ll = ctx->in;
1140 ll = &ctx->in->next;
1141
1142 ctx->in = ctx->in->next;
1143 }
1144
1145 if (ctx->out) {
1146 /* queued control frames */
1147
1148 *ll = ctx->out;
1149
1150 for (cl = ctx->out, ll = &cl->next; cl; cl = cl->next) {
1151 ll = &cl->next;
1152 }
1153
1154 ctx->out = NULL;
1155 }
1156
1157 f = NULL;
1158 last = 0;
1159
1160 limit = ngx_max(0, ctx->send_window);
1161
1162 if (limit > ctx->connection->send_window) {
1163 limit = ctx->connection->send_window;
1164 }
1165
1166 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1167 "grpc output limit: %uz w:%z:%uz",
1168 limit, ctx->send_window, ctx->connection->send_window);
1169
1170 #if (NGX_SUPPRESS_WARN)
1171 file_pos = 0;
1172 pos = NULL;
1173 cl = NULL;
1174 #endif
1175
1176 in = ctx->in;
1177
1178 while (in && limit > 0) {
1179
1180 ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0,
1181 "grpc output in l:%d f:%d %p, pos %p, size: %z "
1182 "file: %O, size: %O",
1183 in->buf->last_buf,
1184 in->buf->in_file,
1185 in->buf->start, in->buf->pos,
1186 in->buf->last - in->buf->pos,
1187 in->buf->file_pos,
1188 in->buf->file_last - in->buf->file_pos);
1189
1190 if (ngx_buf_special(in->buf)) {
1191 goto next;
1192 }
1193
1194 if (in->buf->in_file) {
1195 file_pos = in->buf->file_pos;
1196
1197 } else {
1198 pos = in->buf->pos;
1199 }
1200
1201 next = 0;
1202
1203 do {
1204
1205 cl = ngx_http_grpc_get_buf(r, ctx);
1206 if (cl == NULL) {
1207 return NGX_ERROR;
1208 }
1209
1210 b = cl->buf;
1211
1212 f = (ngx_http_grpc_frame_t *) b->last;
1213 b->last += sizeof(ngx_http_grpc_frame_t);
1214
1215 *ll = cl;
1216 ll = &cl->next;
1217
1218 cl = ngx_chain_get_free_buf(r->pool, &ctx->free);
1219 if (cl == NULL) {
1220 return NGX_ERROR;
1221 }
1222
1223 b = cl->buf;
1224 start = b->start;
1225
1226 ngx_memcpy(b, in->buf, sizeof(ngx_buf_t));
1227
1228 /*
1229 * restore b->start to preserve memory allocated in the buffer,
1230 * to reuse it later for headers and control frames
1231 */
1232
1233 b->start = start;
1234
1235 if (in->buf->in_file) {
1236 b->file_pos = file_pos;
1237 file_pos += ngx_min(NGX_HTTP_V2_DEFAULT_FRAME_SIZE, limit);
1238
1239 if (file_pos >= in->buf->file_last) {
1240 file_pos = in->buf->file_last;
1241 next = 1;
1242 }
1243
1244 b->file_last = file_pos;
1245 len = (ngx_uint_t) (file_pos - b->file_pos);
1246
1247 } else {
1248 b->pos = pos;
1249 pos += ngx_min(NGX_HTTP_V2_DEFAULT_FRAME_SIZE, limit);
1250
1251 if (pos >= in->buf->last) {
1252 pos = in->buf->last;
1253 next = 1;
1254 }
1255
1256 b->last = pos;
1257 len = (ngx_uint_t) (pos - b->pos);
1258 }
1259
1260 b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter;
1261 b->shadow = in->buf;
1262 b->last_shadow = next;
1263
1264 b->last_buf = 0;
1265 b->last_in_chain = 0;
1266
1267 *ll = cl;
1268 ll = &cl->next;
1269
1270 f->length_0 = (u_char) ((len >> 16) & 0xff);
1271 f->length_1 = (u_char) ((len >> 8) & 0xff);
1272 f->length_2 = (u_char) (len & 0xff);
1273 f->type = NGX_HTTP_V2_DATA_FRAME;
1274 f->flags = 0;
1275 f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff);
1276 f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff);
1277 f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff);
1278 f->stream_id_3 = (u_char) (ctx->id & 0xff);
1279
1280 limit -= len;
1281 ctx->send_window -= len;
1282 ctx->connection->send_window -= len;
1283
1284 } while (!next && limit > 0);
1285
1286 if (!next) {
1287 /*
1288 * if the buffer wasn't fully sent due to flow control limits,
1289 * preserve position for future use
1290 */
1291
1292 if (in->buf->in_file) {
1293 in->buf->file_pos = file_pos;
1294
1295 } else {
1296 in->buf->pos = pos;
1297 }
1298
1299 break;
1300 }
1301
1302 next:
1303
1304 if (in->buf->last_buf) {
1305 last = 1;
1306 }
1307
1308 in = in->next;
1309 }
1310
1311 ctx->in = in;
1312
1313 if (last) {
1314
1315 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1316 "grpc output last");
1317
1318 ctx->output_closed = 1;
1319
1320 if (f) {
1321 f->flags |= NGX_HTTP_V2_END_STREAM_FLAG;
1322
1323 } else {
1324 cl = ngx_http_grpc_get_buf(r, ctx);
1325 if (cl == NULL) {
1326 return NGX_ERROR;
1327 }
1328
1329 b = cl->buf;
1330
1331 f = (ngx_http_grpc_frame_t *) b->last;
1332 b->last += sizeof(ngx_http_grpc_frame_t);
1333
1334 f->length_0 = 0;
1335 f->length_1 = 0;
1336 f->length_2 = 0;
1337 f->type = NGX_HTTP_V2_DATA_FRAME;
1338 f->flags = NGX_HTTP_V2_END_STREAM_FLAG;
1339 f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff);
1340 f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff);
1341 f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff);
1342 f->stream_id_3 = (u_char) (ctx->id & 0xff);
1343
1344 *ll = cl;
1345 ll = &cl->next;
1346 }
1347
1348 cl->buf->last_buf = 1;
1349 }
1350
1351 *ll = NULL;
1352
1353 #if (NGX_DEBUG)
1354
1355 for (cl = out; cl; cl = cl->next) {
1356 ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0,
1357 "grpc output out l:%d f:%d %p, pos %p, size: %z "
1358 "file: %O, size: %O",
1359 cl->buf->last_buf,
1360 cl->buf->in_file,
1361 cl->buf->start, cl->buf->pos,
1362 cl->buf->last - cl->buf->pos,
1363 cl->buf->file_pos,
1364 cl->buf->file_last - cl->buf->file_pos);
1365 }
1366
1367 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1368 "grpc output limit: %uz w:%z:%uz",
1369 limit, ctx->send_window, ctx->connection->send_window);
1370
1371 #endif
1372
1373 rc = ngx_chain_writer(&r->upstream->writer, out);
1374
1375 ngx_chain_update_chains(r->pool, &ctx->free, &ctx->busy, &out,
1376 (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter);
1377
1378 for (cl = ctx->free; cl; cl = cl->next) {
1379
1380 /* mark original buffers as sent */
1381
1382 if (cl->buf->shadow) {
1383 if (cl->buf->last_shadow) {
1384 b = cl->buf->shadow;
1385 b->pos = b->last;
1386 }
1387
1388 cl->buf->shadow = NULL;
1389 }
1390 }
1391
1392 if (rc == NGX_OK && ctx->in) {
1393 rc = NGX_AGAIN;
1394 }
1395
1396 return rc;
1397 }
1398
1399
1400 static ngx_int_t
1401 ngx_http_grpc_process_header(ngx_http_request_t *r)
1402 {
1403 ngx_str_t *status_line;
1404 ngx_int_t rc, status;
1405 ngx_buf_t *b;
1406 ngx_table_elt_t *h;
1407 ngx_http_upstream_t *u;
1408 ngx_http_grpc_ctx_t *ctx;
1409 ngx_http_upstream_header_t *hh;
1410 ngx_http_upstream_main_conf_t *umcf;
1411
1412 u = r->upstream;
1413 b = &u->buffer;
1414
1415 #if (NGX_DEBUG)
1416 if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
1417 u_char buf[512];
1418 size_t n, m;
1419
1420 n = ngx_min(b->last - b->pos, 256);
1421 m = ngx_hex_dump(buf, b->pos, n) - buf;
1422
1423 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1424 "grpc response: %*s%s, len: %uz",
1425 m, buf, b->last - b->pos > 256 ? "..." : "",
1426 b->last - b->pos);
1427 }
1428 #endif
1429
1430 ctx = ngx_http_grpc_get_ctx(r);
1431
1432 if (ctx == NULL) {
1433 return NGX_ERROR;
1434 }
1435
1436 umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
1437
1438 for ( ;; ) {
1439
1440 if (ctx->state < ngx_http_grpc_st_payload) {
1441
1442 rc = ngx_http_grpc_parse_frame(r, ctx, b);
1443
1444 if (rc == NGX_AGAIN) {
1445
1446 /*
1447 * there can be a lot of window update frames,
1448 * so we reset buffer if it is empty and we haven't
1449 * started parsing headers yet
1450 */
1451
1452 if (!ctx->parsing_headers) {
1453 b->pos = b->start;
1454 b->last = b->pos;
1455 }
1456
1457 return NGX_AGAIN;
1458 }
1459
1460 if (rc == NGX_ERROR) {
1461 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1462 }
1463
1464 /*
1465 * RFC 7540 says that implementations MUST discard frames
1466 * that have unknown or unsupported types. However, extension
1467 * frames that appear in the middle of a header block are
1468 * not permitted. Also, for obvious reasons CONTINUATION frames
1469 * cannot appear before headers, and DATA frames are not expected
1470 * to appear before all headers are parsed.
1471 */
1472
1473 if (ctx->type == NGX_HTTP_V2_DATA_FRAME
1474 || (ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME
1475 && !ctx->parsing_headers)
1476 || (ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME
1477 && ctx->parsing_headers))
1478 {
1479 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1480 "upstream sent unexpected http2 frame: %d",
1481 ctx->type);
1482 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1483 }
1484
1485 if (ctx->stream_id && ctx->stream_id != ctx->id) {
1486 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1487 "upstream sent frame for unknown stream %ui",
1488 ctx->stream_id);
1489 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1490 }
1491 }
1492
1493 /* frame payload */
1494
1495 if (ctx->type == NGX_HTTP_V2_RST_STREAM_FRAME) {
1496
1497 rc = ngx_http_grpc_parse_rst_stream(r, ctx, b);
1498
1499 if (rc == NGX_AGAIN) {
1500 return NGX_AGAIN;
1501 }
1502
1503 if (rc == NGX_ERROR) {
1504 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1505 }
1506
1507 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1508 "upstream rejected request with error %ui",
1509 ctx->error);
1510
1511 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1512 }
1513
1514 if (ctx->type == NGX_HTTP_V2_GOAWAY_FRAME) {
1515
1516 rc = ngx_http_grpc_parse_goaway(r, ctx, b);
1517
1518 if (rc == NGX_AGAIN) {
1519 return NGX_AGAIN;
1520 }
1521
1522 if (rc == NGX_ERROR) {
1523 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1524 }
1525
1526 /*
1527 * If stream_id is lower than one we use, our
1528 * request won't be processed and needs to be retried.
1529 * If stream_id is greater or equal to the one we use,
1530 * we can continue normally (except we can't use this
1531 * connection for additional requests). If there is
1532 * a real error, the connection will be closed.
1533 */
1534
1535 if (ctx->stream_id < ctx->id) {
1536
1537 /* TODO: we can retry non-idempotent requests */
1538
1539 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1540 "upstream sent goaway with error %ui",
1541 ctx->error);
1542
1543 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1544 }
1545
1546 continue;
1547 }
1548
1549 if (ctx->type == NGX_HTTP_V2_WINDOW_UPDATE_FRAME) {
1550
1551 rc = ngx_http_grpc_parse_window_update(r, ctx, b);
1552
1553 if (rc == NGX_AGAIN) {
1554 return NGX_AGAIN;
1555 }
1556
1557 if (rc == NGX_ERROR) {
1558 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1559 }
1560
1561 if (ctx->in) {
1562 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
1563 }
1564
1565 continue;
1566 }
1567
1568 if (ctx->type == NGX_HTTP_V2_SETTINGS_FRAME) {
1569
1570 rc = ngx_http_grpc_parse_settings(r, ctx, b);
1571
1572 if (rc == NGX_AGAIN) {
1573 return NGX_AGAIN;
1574 }
1575
1576 if (rc == NGX_ERROR) {
1577 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1578 }
1579
1580 if (ctx->in) {
1581 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
1582 }
1583
1584 continue;
1585 }
1586
1587 if (ctx->type == NGX_HTTP_V2_PING_FRAME) {
1588
1589 rc = ngx_http_grpc_parse_ping(r, ctx, b);
1590
1591 if (rc == NGX_AGAIN) {
1592 return NGX_AGAIN;
1593 }
1594
1595 if (rc == NGX_ERROR) {
1596 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1597 }
1598
1599 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
1600 continue;
1601 }
1602
1603 if (ctx->type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) {
1604 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1605 "upstream sent unexpected push promise frame");
1606 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1607 }
1608
1609 if (ctx->type != NGX_HTTP_V2_HEADERS_FRAME
1610 && ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME)
1611 {
1612 /* priority, unknown frames */
1613
1614 if (b->last - b->pos < (ssize_t) ctx->rest) {
1615 ctx->rest -= b->last - b->pos;
1616 b->pos = b->last;
1617 return NGX_AGAIN;
1618 }
1619
1620 b->pos += ctx->rest;
1621 ctx->rest = 0;
1622 ctx->state = ngx_http_grpc_st_start;
1623
1624 continue;
1625 }
1626
1627 /* headers */
1628
1629 for ( ;; ) {
1630
1631 rc = ngx_http_grpc_parse_header(r, ctx, b);
1632
1633 if (rc == NGX_AGAIN) {
1634 break;
1635 }
1636
1637 if (rc == NGX_OK) {
1638
1639 /* a header line has been parsed successfully */
1640
1641 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1642 "grpc header: \"%V: %V\"",
1643 &ctx->name, &ctx->value);
1644
1645 if (ctx->name.len && ctx->name.data[0] == ':') {
1646
1647 if (ctx->name.len != sizeof(":status") - 1
1648 || ngx_strncmp(ctx->name.data, ":status",
1649 sizeof(":status") - 1)
1650 != 0)
1651 {
1652 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1653 "upstream sent invalid header \"%V: %V\"",
1654 &ctx->name, &ctx->value);
1655 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1656 }
1657
1658 if (ctx->status) {
1659 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1660 "upstream sent duplicate :status header");
1661 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1662 }
1663
1664 status_line = &ctx->value;
1665
1666 if (status_line->len != 3) {
1667 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1668 "upstream sent invalid :status \"%V\"",
1669 status_line);
1670 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1671 }
1672
1673 status = ngx_atoi(status_line->data, 3);
1674
1675 if (status == NGX_ERROR) {
1676 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1677 "upstream sent invalid :status \"%V\"",
1678 status_line);
1679 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1680 }
1681
1682 if (status < NGX_HTTP_OK) {
1683 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1684 "upstream sent unexpected :status \"%V\"",
1685 status_line);
1686 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1687 }
1688
1689 u->headers_in.status_n = status;
1690
1691 if (u->state && u->state->status == 0) {
1692 u->state->status = status;
1693 }
1694
1695 ctx->status = 1;
1696
1697 continue;
1698
1699 } else if (!ctx->status) {
1700 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1701 "upstream sent no :status header");
1702 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1703 }
1704
1705 h = ngx_list_push(&u->headers_in.headers);
1706 if (h == NULL) {
1707 return NGX_ERROR;
1708 }
1709
1710 h->key = ctx->name;
1711 h->value = ctx->value;
1712 h->lowcase_key = h->key.data;
1713 h->hash = ngx_hash_key(h->key.data, h->key.len);
1714
1715 hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
1716 h->lowcase_key, h->key.len);
1717
1718 if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
1719 return NGX_ERROR;
1720 }
1721
1722 continue;
1723 }
1724
1725 if (rc == NGX_HTTP_PARSE_HEADER_DONE) {
1726
1727 /* a whole header has been parsed successfully */
1728
1729 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1730 "grpc header done");
1731
1732 if (ctx->end_stream
1733 && ctx->in == NULL
1734 && ctx->out == NULL
1735 && ctx->output_closed
1736 && b->last == b->pos)
1737 {
1738 u->keepalive = 1;
1739 }
1740
1741 return NGX_OK;
1742 }
1743
1744 /* there was error while a header line parsing */
1745
1746 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1747 "upstream sent invalid header");
1748
1749 return NGX_HTTP_UPSTREAM_INVALID_HEADER;
1750 }
1751
1752 /* rc == NGX_AGAIN */
1753
1754 if (ctx->rest == 0) {
1755 ctx->state = ngx_http_grpc_st_start;
1756 continue;
1757 }
1758
1759 return NGX_AGAIN;
1760 }
1761 }
1762
1763
1764 static ngx_int_t
1765 ngx_http_grpc_filter_init(void *data)
1766 {
1767 ngx_http_grpc_ctx_t *ctx = data;
1768
1769 ngx_http_request_t *r;
1770 ngx_http_upstream_t *u;
1771
1772 r = ctx->request;
1773 u = r->upstream;
1774
1775 u->length = 1;
1776
1777 if (ctx->end_stream) {
1778 u->length = 0;
1779 }
1780
1781 return NGX_OK;
1782 }
1783
1784
1785 static ngx_int_t
1786 ngx_http_grpc_filter(void *data, ssize_t bytes)
1787 {
1788 ngx_http_grpc_ctx_t *ctx = data;
1789
1790 ngx_int_t rc;
1791 ngx_buf_t *b, *buf;
1792 ngx_chain_t *cl, **ll;
1793 ngx_table_elt_t *h;
1794 ngx_http_request_t *r;
1795 ngx_http_upstream_t *u;
1796
1797 r = ctx->request;
1798 u = r->upstream;
1799 b = &u->buffer;
1800
1801 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
1802 "grpc filter bytes:%z", bytes);
1803
1804 b->pos = b->last;
1805 b->last += bytes;
1806
1807 for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) {
1808 ll = &cl->next;
1809 }
1810
1811 for ( ;; ) {
1812
1813 if (ctx->state < ngx_http_grpc_st_payload) {
1814
1815 rc = ngx_http_grpc_parse_frame(r, ctx, b);
1816
1817 if (rc == NGX_AGAIN) {
1818 return NGX_AGAIN;
1819 }
1820
1821 if (rc == NGX_ERROR) {
1822 return NGX_ERROR;
1823 }
1824
1825 if ((ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME
1826 && !ctx->parsing_headers)
1827 || (ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME
1828 && ctx->parsing_headers))
1829 {
1830 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1831 "upstream sent unexpected http2 frame: %d",
1832 ctx->type);
1833 return NGX_ERROR;
1834 }
1835
1836 if (ctx->type == NGX_HTTP_V2_DATA_FRAME) {
1837
1838 if (ctx->stream_id != ctx->id) {
1839 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1840 "upstream sent data frame "
1841 "for unknown stream %ui",
1842 ctx->stream_id);
1843 return NGX_ERROR;
1844 }
1845
1846 if (ctx->rest > ctx->recv_window) {
1847 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1848 "upstream violated stream flow control, "
1849 "received %uz data frame with window %uz",
1850 ctx->rest, ctx->recv_window);
1851 return NGX_ERROR;
1852 }
1853
1854 if (ctx->rest > ctx->connection->recv_window) {
1855 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1856 "upstream violated connection flow control, "
1857 "received %uz data frame with window %uz",
1858 ctx->rest, ctx->connection->recv_window);
1859 return NGX_ERROR;
1860 }
1861
1862 ctx->recv_window -= ctx->rest;
1863 ctx->connection->recv_window -= ctx->rest;
1864
1865 if (ctx->connection->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4
1866 || ctx->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4)
1867 {
1868 if (ngx_http_grpc_send_window_update(r, ctx) != NGX_OK) {
1869 return NGX_ERROR;
1870 }
1871
1872 ngx_post_event(u->peer.connection->write,
1873 &ngx_posted_events);
1874 }
1875 }
1876
1877 if (ctx->stream_id && ctx->stream_id != ctx->id) {
1878 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1879 "upstream sent frame for unknown stream %ui",
1880 ctx->stream_id);
1881 return NGX_ERROR;
1882 }
1883
1884 ctx->padding = 0;
1885 }
1886
1887 if (ctx->state == ngx_http_grpc_st_padding) {
1888
1889 if (b->last - b->pos < (ssize_t) ctx->rest) {
1890 ctx->rest -= b->last - b->pos;
1891 b->pos = b->last;
1892 return NGX_AGAIN;
1893 }
1894
1895 b->pos += ctx->rest;
1896 ctx->rest = 0;
1897 ctx->state = ngx_http_grpc_st_start;
1898
1899 if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) {
1900 u->length = 0;
1901
1902 if (ctx->in == NULL
1903 && ctx->out == NULL
1904 && ctx->output_closed
1905 && b->last == b->pos)
1906 {
1907 u->keepalive = 1;
1908 }
1909
1910 break;
1911 }
1912
1913 continue;
1914 }
1915
1916 /* frame payload */
1917
1918 if (ctx->type == NGX_HTTP_V2_RST_STREAM_FRAME) {
1919
1920 rc = ngx_http_grpc_parse_rst_stream(r, ctx, b);
1921
1922 if (rc == NGX_AGAIN) {
1923 return NGX_AGAIN;
1924 }
1925
1926 if (rc == NGX_ERROR) {
1927 return NGX_ERROR;
1928 }
1929
1930 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1931 "upstream rejected request with error %ui",
1932 ctx->error);
1933
1934 return NGX_ERROR;
1935 }
1936
1937 if (ctx->type == NGX_HTTP_V2_GOAWAY_FRAME) {
1938
1939 rc = ngx_http_grpc_parse_goaway(r, ctx, b);
1940
1941 if (rc == NGX_AGAIN) {
1942 return NGX_AGAIN;
1943 }
1944
1945 if (rc == NGX_ERROR) {
1946 return NGX_ERROR;
1947 }
1948
1949 /*
1950 * If stream_id is lower than one we use, our
1951 * request won't be processed and needs to be retried.
1952 * If stream_id is greater or equal to the one we use,
1953 * we can continue normally (except we can't use this
1954 * connection for additional requests). If there is
1955 * a real error, the connection will be closed.
1956 */
1957
1958 if (ctx->stream_id < ctx->id) {
1959
1960 /* TODO: we can retry non-idempotent requests */
1961
1962 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
1963 "upstream sent goaway with error %ui",
1964 ctx->error);
1965
1966 return NGX_ERROR;
1967 }
1968
1969 continue;
1970 }
1971
1972 if (ctx->type == NGX_HTTP_V2_WINDOW_UPDATE_FRAME) {
1973
1974 rc = ngx_http_grpc_parse_window_update(r, ctx, b);
1975
1976 if (rc == NGX_AGAIN) {
1977 return NGX_AGAIN;
1978 }
1979
1980 if (rc == NGX_ERROR) {
1981 return NGX_ERROR;
1982 }
1983
1984 if (ctx->in) {
1985 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
1986 }
1987
1988 continue;
1989 }
1990
1991 if (ctx->type == NGX_HTTP_V2_SETTINGS_FRAME) {
1992
1993 rc = ngx_http_grpc_parse_settings(r, ctx, b);
1994
1995 if (rc == NGX_AGAIN) {
1996 return NGX_AGAIN;
1997 }
1998
1999 if (rc == NGX_ERROR) {
2000 return NGX_ERROR;
2001 }
2002
2003 if (ctx->in) {
2004 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
2005 }
2006
2007 continue;
2008 }
2009
2010 if (ctx->type == NGX_HTTP_V2_PING_FRAME) {
2011
2012 rc = ngx_http_grpc_parse_ping(r, ctx, b);
2013
2014 if (rc == NGX_AGAIN) {
2015 return NGX_AGAIN;
2016 }
2017
2018 if (rc == NGX_ERROR) {
2019 return NGX_ERROR;
2020 }
2021
2022 ngx_post_event(u->peer.connection->write, &ngx_posted_events);
2023 continue;
2024 }
2025
2026 if (ctx->type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) {
2027 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2028 "upstream sent unexpected push promise frame");
2029 return NGX_ERROR;
2030 }
2031
2032 if (ctx->type == NGX_HTTP_V2_HEADERS_FRAME
2033 || ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME)
2034 {
2035 for ( ;; ) {
2036
2037 rc = ngx_http_grpc_parse_header(r, ctx, b);
2038
2039 if (rc == NGX_AGAIN) {
2040 break;
2041 }
2042
2043 if (rc == NGX_OK) {
2044
2045 /* a header line has been parsed successfully */
2046
2047 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2048 "grpc trailer: \"%V: %V\"",
2049 &ctx->name, &ctx->value);
2050
2051 if (ctx->name.len && ctx->name.data[0] == ':') {
2052 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2053 "upstream sent invalid "
2054 "trailer \"%V: %V\"",
2055 &ctx->name, &ctx->value);
2056 return NGX_ERROR;
2057 }
2058
2059 h = ngx_list_push(&u->headers_in.trailers);
2060 if (h == NULL) {
2061 return NGX_ERROR;
2062 }
2063
2064 h->key = ctx->name;
2065 h->value = ctx->value;
2066 h->lowcase_key = h->key.data;
2067 h->hash = ngx_hash_key(h->key.data, h->key.len);
2068
2069 continue;
2070 }
2071
2072 if (rc == NGX_HTTP_PARSE_HEADER_DONE) {
2073
2074 /* a whole header has been parsed successfully */
2075
2076 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2077 "grpc trailer done");
2078
2079 if (ctx->end_stream) {
2080 u->length = 0;
2081
2082 if (ctx->in == NULL
2083 && ctx->out == NULL
2084 && ctx->output_closed
2085 && b->last == b->pos)
2086 {
2087 u->keepalive = 1;
2088 }
2089
2090 return NGX_OK;
2091 }
2092
2093 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2094 "upstream sent trailer without "
2095 "end stream flag");
2096 return NGX_ERROR;
2097 }
2098
2099 /* there was error while a header line parsing */
2100
2101 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2102 "upstream sent invalid trailer");
2103
2104 return NGX_ERROR;
2105 }
2106
2107 /* rc == NGX_AGAIN */
2108
2109 if (ctx->rest == 0) {
2110 ctx->state = ngx_http_grpc_st_start;
2111 continue;
2112 }
2113
2114 return NGX_AGAIN;
2115 }
2116
2117 if (ctx->type != NGX_HTTP_V2_DATA_FRAME) {
2118
2119 /* priority, unknown frames */
2120
2121 if (b->last - b->pos < (ssize_t) ctx->rest) {
2122 ctx->rest -= b->last - b->pos;
2123 b->pos = b->last;
2124 return NGX_AGAIN;
2125 }
2126
2127 b->pos += ctx->rest;
2128 ctx->rest = 0;
2129 ctx->state = ngx_http_grpc_st_start;
2130
2131 continue;
2132 }
2133
2134 /*
2135 * data frame:
2136 *
2137 * +---------------+
2138 * |Pad Length? (8)|
2139 * +---------------+-----------------------------------------------+
2140 * | Data (*) ...
2141 * +---------------------------------------------------------------+
2142 * | Padding (*) ...
2143 * +---------------------------------------------------------------+
2144 */
2145
2146 if (ctx->flags & NGX_HTTP_V2_PADDED_FLAG) {
2147
2148 if (ctx->rest == 0) {
2149 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2150 "upstream sent too short http2 frame");
2151 return NGX_ERROR;
2152 }
2153
2154 if (b->pos == b->last) {
2155 return NGX_AGAIN;
2156 }
2157
2158 ctx->flags &= ~NGX_HTTP_V2_PADDED_FLAG;
2159 ctx->padding = *b->pos++;
2160 ctx->rest -= 1;
2161
2162 if (ctx->padding > ctx->rest) {
2163 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2164 "upstream sent http2 frame with too long "
2165 "padding: %d in frame %uz",
2166 ctx->padding, ctx->rest);
2167 return NGX_ERROR;
2168 }
2169
2170 continue;
2171 }
2172
2173 if (ctx->rest == ctx->padding) {
2174 goto done;
2175 }
2176
2177 if (b->pos == b->last) {
2178 return NGX_AGAIN;
2179 }
2180
2181 cl = ngx_chain_get_free_buf(r->pool, &u->free_bufs);
2182 if (cl == NULL) {
2183 return NGX_ERROR;
2184 }
2185
2186 *ll = cl;
2187 ll = &cl->next;
2188
2189 buf = cl->buf;
2190
2191 buf->flush = 1;
2192 buf->memory = 1;
2193
2194 buf->pos = b->pos;
2195 buf->tag = u->output.tag;
2196
2197 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2198 "grpc output buf %p", buf->pos);
2199
2200 if (b->last - b->pos < (ssize_t) ctx->rest - ctx->padding) {
2201
2202 ctx->rest -= b->last - b->pos;
2203 b->pos = b->last;
2204 buf->last = b->pos;
2205
2206 return NGX_AGAIN;
2207 }
2208
2209 b->pos += ctx->rest - ctx->padding;
2210 buf->last = b->pos;
2211 ctx->rest = ctx->padding;
2212
2213 done:
2214
2215 if (ctx->padding) {
2216 ctx->state = ngx_http_grpc_st_padding;
2217 continue;
2218 }
2219
2220 ctx->state = ngx_http_grpc_st_start;
2221
2222 if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) {
2223 u->length = 0;
2224
2225 if (ctx->in == NULL
2226 && ctx->out == NULL
2227 && ctx->output_closed
2228 && b->last == b->pos)
2229 {
2230 u->keepalive = 1;
2231 }
2232
2233 break;
2234 }
2235 }
2236
2237 return NGX_OK;
2238 }
2239
2240
2241 static ngx_int_t
2242 ngx_http_grpc_parse_frame(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
2243 ngx_buf_t *b)
2244 {
2245 u_char ch, *p;
2246 ngx_http_grpc_state_e state;
2247
2248 state = ctx->state;
2249
2250 for (p = b->pos; p < b->last; p++) {
2251 ch = *p;
2252
2253 #if 0
2254 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2255 "grpc frame byte: %02Xd, s:%d", ch, state);
2256 #endif
2257
2258 switch (state) {
2259
2260 case ngx_http_grpc_st_start:
2261 ctx->rest = ch << 16;
2262 state = ngx_http_grpc_st_length_2;
2263 break;
2264
2265 case ngx_http_grpc_st_length_2:
2266 ctx->rest |= ch << 8;
2267 state = ngx_http_grpc_st_length_3;
2268 break;
2269
2270 case ngx_http_grpc_st_length_3:
2271 ctx->rest |= ch;
2272
2273 if (ctx->rest > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) {
2274 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2275 "upstream sent too large http2 frame: %uz",
2276 ctx->rest);
2277 return NGX_ERROR;
2278 }
2279
2280 state = ngx_http_grpc_st_type;
2281 break;
2282
2283 case ngx_http_grpc_st_type:
2284 ctx->type = ch;
2285 state = ngx_http_grpc_st_flags;
2286 break;
2287
2288 case ngx_http_grpc_st_flags:
2289 ctx->flags = ch;
2290 state = ngx_http_grpc_st_stream_id;
2291 break;
2292
2293 case ngx_http_grpc_st_stream_id:
2294 ctx->stream_id = (ch & 0x7f) << 24;
2295 state = ngx_http_grpc_st_stream_id_2;
2296 break;
2297
2298 case ngx_http_grpc_st_stream_id_2:
2299 ctx->stream_id |= ch << 16;
2300 state = ngx_http_grpc_st_stream_id_3;
2301 break;
2302
2303 case ngx_http_grpc_st_stream_id_3:
2304 ctx->stream_id |= ch << 8;
2305 state = ngx_http_grpc_st_stream_id_4;
2306 break;
2307
2308 case ngx_http_grpc_st_stream_id_4:
2309 ctx->stream_id |= ch;
2310
2311 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2312 "grpc frame: %d, len: %uz, f:%d, i:%ui",
2313 ctx->type, ctx->rest, ctx->flags, ctx->stream_id);
2314
2315 b->pos = p + 1;
2316
2317 ctx->state = ngx_http_grpc_st_payload;
2318 ctx->frame_state = 0;
2319
2320 return NGX_OK;
2321
2322 /* suppress warning */
2323 case ngx_http_grpc_st_payload:
2324 case ngx_http_grpc_st_padding:
2325 break;
2326 }
2327 }
2328
2329 b->pos = p;
2330 ctx->state = state;
2331
2332 return NGX_AGAIN;
2333 }
2334
2335
2336 static ngx_int_t
2337 ngx_http_grpc_parse_header(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
2338 ngx_buf_t *b)
2339 {
2340 u_char ch, *p, *last;
2341 size_t min;
2342 ngx_int_t rc;
2343 enum {
2344 sw_start = 0,
2345 sw_padding_length,
2346 sw_dependency,
2347 sw_dependency_2,
2348 sw_dependency_3,
2349 sw_dependency_4,
2350 sw_weight,
2351 sw_fragment,
2352 sw_padding
2353 } state;
2354
2355 state = ctx->frame_state;
2356
2357 if (state == sw_start) {
2358
2359 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2360 "grpc parse header: start");
2361
2362 if (ctx->type == NGX_HTTP_V2_HEADERS_FRAME) {
2363 ctx->parsing_headers = 1;
2364 ctx->fragment_state = 0;
2365
2366 min = (ctx->flags & NGX_HTTP_V2_PADDED_FLAG ? 1 : 0)
2367 + (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG ? 5 : 0);
2368
2369 if (ctx->rest < min) {
2370 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2371 "upstream sent headers frame "
2372 "with invalid length: %uz",
2373 ctx->rest);
2374 return NGX_ERROR;
2375 }
2376
2377 if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) {
2378 ctx->end_stream = 1;
2379 }
2380
2381 if (ctx->flags & NGX_HTTP_V2_PADDED_FLAG) {
2382 state = sw_padding_length;
2383
2384 } else if (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG) {
2385 state = sw_dependency;
2386
2387 } else {
2388 state = sw_fragment;
2389 }
2390
2391 } else if (ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME) {
2392 state = sw_fragment;
2393 }
2394
2395 ctx->padding = 0;
2396 }
2397
2398 if (state < sw_fragment) {
2399
2400 if (b->last - b->pos < (ssize_t) ctx->rest) {
2401 last = b->last;
2402
2403 } else {
2404 last = b->pos + ctx->rest;
2405 }
2406
2407 for (p = b->pos; p < last; p++) {
2408 ch = *p;
2409
2410 #if 0
2411 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2412 "grpc header byte: %02Xd s:%d", ch, state);
2413 #endif
2414
2415 /*
2416 * headers frame:
2417 *
2418 * +---------------+
2419 * |Pad Length? (8)|
2420 * +-+-------------+----------------------------------------------+
2421 * |E| Stream Dependency? (31) |
2422 * +-+-------------+----------------------------------------------+
2423 * | Weight? (8) |
2424 * +-+-------------+----------------------------------------------+
2425 * | Header Block Fragment (*) ...
2426 * +--------------------------------------------------------------+
2427 * | Padding (*) ...
2428 * +--------------------------------------------------------------+
2429 */
2430
2431 switch (state) {
2432
2433 case sw_padding_length:
2434
2435 ctx->padding = ch;
2436
2437 if (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG) {
2438 state = sw_dependency;
2439 break;
2440 }
2441
2442 goto fragment;
2443
2444 case sw_dependency:
2445 state = sw_dependency_2;
2446 break;
2447
2448 case sw_dependency_2:
2449 state = sw_dependency_3;
2450 break;
2451
2452 case sw_dependency_3:
2453 state = sw_dependency_4;
2454 break;
2455
2456 case sw_dependency_4:
2457 state = sw_weight;
2458 break;
2459
2460 case sw_weight:
2461 goto fragment;
2462
2463 /* suppress warning */
2464 case sw_start:
2465 case sw_fragment:
2466 case sw_padding:
2467 break;
2468 }
2469 }
2470
2471 ctx->rest -= p - b->pos;
2472 b->pos = p;
2473
2474 ctx->frame_state = state;
2475 return NGX_AGAIN;
2476
2477 fragment:
2478
2479 p++;
2480 ctx->rest -= p - b->pos;
2481 b->pos = p;
2482
2483 if (ctx->padding > ctx->rest) {
2484 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2485 "upstream sent http2 frame with too long "
2486 "padding: %d in frame %uz",
2487 ctx->padding, ctx->rest);
2488 return NGX_ERROR;
2489 }
2490
2491 state = sw_fragment;
2492 ctx->frame_state = state;
2493 }
2494
2495 if (state == sw_fragment) {
2496
2497 rc = ngx_http_grpc_parse_fragment(r, ctx, b);
2498
2499 if (rc == NGX_AGAIN) {
2500 return NGX_AGAIN;
2501 }
2502
2503 if (rc == NGX_ERROR) {
2504 return NGX_ERROR;
2505 }
2506
2507 if (rc == NGX_OK) {
2508 return NGX_OK;
2509 }
2510
2511 /* rc == NGX_DONE */
2512
2513 state = sw_padding;
2514 ctx->frame_state = state;
2515 }
2516
2517 if (state == sw_padding) {
2518
2519 if (b->last - b->pos < (ssize_t) ctx->rest) {
2520
2521 ctx->rest -= b->last - b->pos;
2522 b->pos = b->last;
2523
2524 return NGX_AGAIN;
2525 }
2526
2527 b->pos += ctx->rest;
2528 ctx->rest = 0;
2529
2530 ctx->state = ngx_http_grpc_st_start;
2531
2532 if (ctx->flags & NGX_HTTP_V2_END_HEADERS_FLAG) {
2533
2534 if (ctx->fragment_state) {
2535 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2536 "upstream sent truncated http2 header");
2537 return NGX_ERROR;
2538 }
2539
2540 ctx->parsing_headers = 0;
2541
2542 return NGX_HTTP_PARSE_HEADER_DONE;
2543 }
2544
2545 return NGX_AGAIN;
2546 }
2547
2548 /* unreachable */
2549
2550 return NGX_ERROR;
2551 }
2552
2553
2554 static ngx_int_t
2555 ngx_http_grpc_parse_fragment(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
2556 ngx_buf_t *b)
2557 {
2558 u_char ch, *p, *last;
2559 size_t size;
2560 ngx_uint_t index, size_update;
2561 enum {
2562 sw_start = 0,
2563 sw_index,
2564 sw_name_length,
2565 sw_name_length_2,
2566 sw_name_length_3,
2567 sw_name_length_4,
2568 sw_name,
2569 sw_name_bytes,
2570 sw_value_length,
2571 sw_value_length_2,
2572 sw_value_length_3,
2573 sw_value_length_4,
2574 sw_value,
2575 sw_value_bytes
2576 } state;
2577
2578 /* header block fragment */
2579
2580 #if 0
2581 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2582 "grpc header fragment %p:%p rest:%uz",
2583 b->pos, b->last, ctx->rest);
2584 #endif
2585
2586 if (b->last - b->pos < (ssize_t) ctx->rest - ctx->padding) {
2587 last = b->last;
2588
2589 } else {
2590 last = b->pos + ctx->rest - ctx->padding;
2591 }
2592
2593 state = ctx->fragment_state;
2594
2595 for (p = b->pos; p < last; p++) {
2596 ch = *p;
2597
2598 #if 0
2599 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2600 "grpc header byte: %02Xd s:%d", ch, state);
2601 #endif
2602
2603 switch (state) {
2604
2605 case sw_start:
2606 ctx->index = 0;
2607
2608 if ((ch & 0x80) == 0x80) {
2609 /*
2610 * indexed header:
2611 *
2612 * 0 1 2 3 4 5 6 7
2613 * +---+---+---+---+---+---+---+---+
2614 * | 1 | Index (7+) |
2615 * +---+---------------------------+
2616 */
2617
2618 index = ch & ~0x80;
2619
2620 if (index == 0 || index > 61) {
2621 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2622 "upstream sent invalid http2 "
2623 "table index: %ui", index);
2624 return NGX_ERROR;
2625 }
2626
2627 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2628 "grpc indexed header: %ui", index);
2629
2630 ctx->index = index;
2631 ctx->literal = 0;
2632
2633 goto done;
2634
2635 } else if ((ch & 0xc0) == 0x40) {
2636 /*
2637 * literal header with incremental indexing:
2638 *
2639 * 0 1 2 3 4 5 6 7
2640 * +---+---+---+---+---+---+---+---+
2641 * | 0 | 1 | Index (6+) |
2642 * +---+---+-----------------------+
2643 * | H | Value Length (7+) |
2644 * +---+---------------------------+
2645 * | Value String (Length octets) |
2646 * +-------------------------------+
2647 *
2648 * 0 1 2 3 4 5 6 7
2649 * +---+---+---+---+---+---+---+---+
2650 * | 0 | 1 | 0 |
2651 * +---+---+-----------------------+
2652 * | H | Name Length (7+) |
2653 * +---+---------------------------+
2654 * | Name String (Length octets) |
2655 * +---+---------------------------+
2656 * | H | Value Length (7+) |
2657 * +---+---------------------------+
2658 * | Value String (Length octets) |
2659 * +-------------------------------+
2660 */
2661
2662 index = ch & ~0xc0;
2663
2664 if (index > 61) {
2665 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2666 "upstream sent invalid http2 "
2667 "table index: %ui", index);
2668 return NGX_ERROR;
2669 }
2670
2671 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2672 "grpc literal header: %ui", index);
2673
2674 if (index == 0) {
2675 state = sw_name_length;
2676 break;
2677 }
2678
2679 ctx->index = index;
2680 ctx->literal = 1;
2681
2682 state = sw_value_length;
2683 break;
2684
2685 } else if ((ch & 0xe0) == 0x20) {
2686 /*
2687 * dynamic table size update:
2688 *
2689 * 0 1 2 3 4 5 6 7
2690 * +---+---+---+---+---+---+---+---+
2691 * | 0 | 0 | 1 | Max size (5+) |
2692 * +---+---------------------------+
2693 */
2694
2695 size_update = ch & ~0xe0;
2696
2697 if (size_update > 0) {
2698 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2699 "upstream sent invalid http2 "
2700 "dynamic table size update: %ui",
2701 size_update);
2702 return NGX_ERROR;
2703 }
2704
2705 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2706 "grpc table size update: %ui", size_update);
2707
2708 break;
2709
2710 } else if ((ch & 0xf0) == 0x10) {
2711 /*
2712 * literal header field never indexed:
2713 *
2714 * 0 1 2 3 4 5 6 7
2715 * +---+---+---+---+---+---+---+---+
2716 * | 0 | 0 | 0 | 1 | Index (4+) |
2717 * +---+---+-----------------------+
2718 * | H | Value Length (7+) |
2719 * +---+---------------------------+
2720 * | Value String (Length octets) |
2721 * +-------------------------------+
2722 *
2723 * 0 1 2 3 4 5 6 7
2724 * +---+---+---+---+---+---+---+---+
2725 * | 0 | 0 | 0 | 1 | 0 |
2726 * +---+---+-----------------------+
2727 * | H | Name Length (7+) |
2728 * +---+---------------------------+
2729 * | Name String (Length octets) |
2730 * +---+---------------------------+
2731 * | H | Value Length (7+) |
2732 * +---+---------------------------+
2733 * | Value String (Length octets) |
2734 * +-------------------------------+
2735 */
2736
2737 index = ch & ~0xf0;
2738
2739 if (index == 0x0f) {
2740 ctx->index = index;
2741 ctx->literal = 1;
2742 state = sw_index;
2743 break;
2744 }
2745
2746 if (index == 0) {
2747 state = sw_name_length;
2748 break;
2749 }
2750
2751 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2752 "grpc literal header never indexed: %ui",
2753 index);
2754
2755 ctx->index = index;
2756 ctx->literal = 1;
2757
2758 state = sw_value_length;
2759 break;
2760
2761 } else if ((ch & 0xf0) == 0x00) {
2762 /*
2763 * literal header field without indexing:
2764 *
2765 * 0 1 2 3 4 5 6 7
2766 * +---+---+---+---+---+---+---+---+
2767 * | 0 | 0 | 0 | 0 | Index (4+) |
2768 * +---+---+-----------------------+
2769 * | H | Value Length (7+) |
2770 * +---+---------------------------+
2771 * | Value String (Length octets) |
2772 * +-------------------------------+
2773 *
2774 * 0 1 2 3 4 5 6 7
2775 * +---+---+---+---+---+---+---+---+
2776 * | 0 | 0 | 0 | 0 | 0 |
2777 * +---+---+-----------------------+
2778 * | H | Name Length (7+) |
2779 * +---+---------------------------+
2780 * | Name String (Length octets) |
2781 * +---+---------------------------+
2782 * | H | Value Length (7+) |
2783 * +---+---------------------------+
2784 * | Value String (Length octets) |
2785 * +-------------------------------+
2786 */
2787
2788 index = ch & ~0xf0;
2789
2790 if (index == 0x0f) {
2791 ctx->index = index;
2792 ctx->literal = 1;
2793 state = sw_index;
2794 break;
2795 }
2796
2797 if (index == 0) {
2798 state = sw_name_length;
2799 break;
2800 }
2801
2802 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2803 "grpc literal header without indexing: %ui",
2804 index);
2805
2806 ctx->index = index;
2807 ctx->literal = 1;
2808
2809 state = sw_value_length;
2810 break;
2811 }
2812
2813 /* not reached */
2814
2815 return NGX_ERROR;
2816
2817 case sw_index:
2818 ctx->index = ctx->index + (ch & ~0x80);
2819
2820 if (ch & 0x80) {
2821 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2822 "upstream sent http2 table index "
2823 "with continuation flag");
2824 return NGX_ERROR;
2825 }
2826
2827 if (ctx->index > 61) {
2828 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2829 "upstream sent invalid http2 "
2830 "table index: %ui", ctx->index);
2831 return NGX_ERROR;
2832 }
2833
2834 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2835 "grpc header index: %ui", ctx->index);
2836
2837 state = sw_value_length;
2838 break;
2839
2840 case sw_name_length:
2841 ctx->field_huffman = ch & 0x80 ? 1 : 0;
2842 ctx->field_length = ch & ~0x80;
2843
2844 if (ctx->field_length == 0x7f) {
2845 state = sw_name_length_2;
2846 break;
2847 }
2848
2849 if (ctx->field_length == 0) {
2850 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2851 "upstream sent zero http2 "
2852 "header name length");
2853 return NGX_ERROR;
2854 }
2855
2856 state = sw_name;
2857 break;
2858
2859 case sw_name_length_2:
2860 ctx->field_length += ch & ~0x80;
2861
2862 if (ch & 0x80) {
2863 state = sw_name_length_3;
2864 break;
2865 }
2866
2867 state = sw_name;
2868 break;
2869
2870 case sw_name_length_3:
2871 ctx->field_length += (ch & ~0x80) << 7;
2872
2873 if (ch & 0x80) {
2874 state = sw_name_length_4;
2875 break;
2876 }
2877
2878 state = sw_name;
2879 break;
2880
2881 case sw_name_length_4:
2882 ctx->field_length += (ch & ~0x80) << 14;
2883
2884 if (ch & 0x80) {
2885 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2886 "upstream sent too large http2 "
2887 "header name length");
2888 return NGX_ERROR;
2889 }
2890
2891 state = sw_name;
2892 break;
2893
2894 case sw_name:
2895 ctx->name.len = ctx->field_huffman ?
2896 ctx->field_length * 8 / 5 : ctx->field_length;
2897
2898 ctx->name.data = ngx_pnalloc(r->pool, ctx->name.len + 1);
2899 if (ctx->name.data == NULL) {
2900 return NGX_ERROR;
2901 }
2902
2903 ctx->field_end = ctx->name.data;
2904 ctx->field_rest = ctx->field_length;
2905 ctx->field_state = 0;
2906
2907 state = sw_name_bytes;
2908
2909 /* fall through */
2910
2911 case sw_name_bytes:
2912
2913 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
2914 "grpc name: len:%uz h:%d last:%uz, rest:%uz",
2915 ctx->field_length,
2916 ctx->field_huffman,
2917 last - p,
2918 ctx->rest - (p - b->pos));
2919
2920 size = ngx_min(last - p, (ssize_t) ctx->field_rest);
2921 ctx->field_rest -= size;
2922
2923 if (ctx->field_huffman) {
2924 if (ngx_http_v2_huff_decode(&ctx->field_state, p, size,
2925 &ctx->field_end,
2926 ctx->field_rest == 0,
2927 r->connection->log)
2928 != NGX_OK)
2929 {
2930 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2931 "upstream sent invalid encoded header");
2932 return NGX_ERROR;
2933 }
2934
2935 ctx->name.len = ctx->field_end - ctx->name.data;
2936 ctx->name.data[ctx->name.len] = '\0';
2937
2938 } else {
2939 ngx_memcpy(ctx->field_end, p, size);
2940 ctx->name.data[ctx->name.len] = '\0';
2941 }
2942
2943 p += size - 1;
2944
2945 if (ctx->field_rest == 0) {
2946 state = sw_value_length;
2947 }
2948
2949 break;
2950
2951 case sw_value_length:
2952 ctx->field_huffman = ch & 0x80 ? 1 : 0;
2953 ctx->field_length = ch & ~0x80;
2954
2955 if (ctx->field_length == 0x7f) {
2956 state = sw_value_length_2;
2957 break;
2958 }
2959
2960 if (ctx->field_length == 0) {
2961 ngx_str_set(&ctx->value, "");
2962 goto done;
2963 }
2964
2965 state = sw_value;
2966 break;
2967
2968 case sw_value_length_2:
2969 ctx->field_length += ch & ~0x80;
2970
2971 if (ch & 0x80) {
2972 state = sw_value_length_3;
2973 break;
2974 }
2975
2976 state = sw_value;
2977 break;
2978
2979 case sw_value_length_3:
2980 ctx->field_length += (ch & ~0x80) << 7;
2981
2982 if (ch & 0x80) {
2983 state = sw_value_length_4;
2984 break;
2985 }
2986
2987 state = sw_value;
2988 break;
2989
2990 case sw_value_length_4:
2991 ctx->field_length += (ch & ~0x80) << 14;
2992
2993 if (ch & 0x80) {
2994 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
2995 "upstream sent too large http2 "
2996 "header value length");
2997 return NGX_ERROR;
2998 }
2999
3000 state = sw_value;
3001 break;
3002
3003 case sw_value:
3004 ctx->value.len = ctx->field_huffman ?
3005 ctx->field_length * 8 / 5 : ctx->field_length;
3006
3007 ctx->value.data = ngx_pnalloc(r->pool, ctx->value.len + 1);
3008 if (ctx->value.data == NULL) {
3009 return NGX_ERROR;
3010 }
3011
3012 ctx->field_end = ctx->value.data;
3013 ctx->field_rest = ctx->field_length;
3014 ctx->field_state = 0;
3015
3016 state = sw_value_bytes;
3017
3018 /* fall through */
3019
3020 case sw_value_bytes:
3021
3022 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3023 "grpc value: len:%uz h:%d last:%uz, rest:%uz",
3024 ctx->field_length,
3025 ctx->field_huffman,
3026 last - p,
3027 ctx->rest - (p - b->pos));
3028
3029 size = ngx_min(last - p, (ssize_t) ctx->field_rest);
3030 ctx->field_rest -= size;
3031
3032 if (ctx->field_huffman) {
3033 if (ngx_http_v2_huff_decode(&ctx->field_state, p, size,
3034 &ctx->field_end,
3035 ctx->field_rest == 0,
3036 r->connection->log)
3037 != NGX_OK)
3038 {
3039 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3040 "upstream sent invalid encoded header");
3041 return NGX_ERROR;
3042 }
3043
3044 ctx->value.len = ctx->field_end - ctx->value.data;
3045 ctx->value.data[ctx->value.len] = '\0';
3046
3047 } else {
3048 ngx_memcpy(ctx->field_end, p, size);
3049 ctx->value.data[ctx->value.len] = '\0';
3050 }
3051
3052 p += size - 1;
3053
3054 if (ctx->field_rest == 0) {
3055 goto done;
3056 }
3057
3058 break;
3059 }
3060
3061 continue;
3062
3063 done:
3064
3065 p++;
3066 ctx->rest -= p - b->pos;
3067 ctx->fragment_state = sw_start;
3068 b->pos = p;
3069
3070 if (ctx->index) {
3071 ctx->name = *ngx_http_v2_get_static_name(ctx->index);
3072 }
3073
3074 if (ctx->index && !ctx->literal) {
3075 ctx->value = *ngx_http_v2_get_static_value(ctx->index);
3076 }
3077
3078 if (!ctx->index) {
3079 if (ngx_http_grpc_validate_header_name(r, &ctx->name) != NGX_OK) {
3080 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3081 "upstream sent invalid header: \"%V: %V\"",
3082 &ctx->name, &ctx->value);
3083 return NGX_ERROR;
3084 }
3085 }
3086
3087 if (!ctx->index || ctx->literal) {
3088 if (ngx_http_grpc_validate_header_value(r, &ctx->value) != NGX_OK) {
3089 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3090 "upstream sent invalid header: \"%V: %V\"",
3091 &ctx->name, &ctx->value);
3092 return NGX_ERROR;
3093 }
3094 }
3095
3096 return NGX_OK;
3097 }
3098
3099 ctx->rest -= p - b->pos;
3100 ctx->fragment_state = state;
3101 b->pos = p;
3102
3103 if (ctx->rest > ctx->padding) {
3104 return NGX_AGAIN;
3105 }
3106
3107 return NGX_DONE;
3108 }
3109
3110
3111 static ngx_int_t
3112 ngx_http_grpc_validate_header_name(ngx_http_request_t *r, ngx_str_t *s)
3113 {
3114 u_char ch;
3115 ngx_uint_t i;
3116
3117 for (i = 0; i < s->len; i++) {
3118 ch = s->data[i];
3119
3120 if (ch == ':' && i > 0) {
3121 return NGX_ERROR;
3122 }
3123
3124 if (ch >= 'A' && ch <= 'Z') {
3125 return NGX_ERROR;
3126 }
3127
3128 if (ch == '\0' || ch == CR || ch == LF) {
3129 return NGX_ERROR;
3130 }
3131 }
3132
3133 return NGX_OK;
3134 }
3135
3136
3137 static ngx_int_t
3138 ngx_http_grpc_validate_header_value(ngx_http_request_t *r, ngx_str_t *s)
3139 {
3140 u_char ch;
3141 ngx_uint_t i;
3142
3143 for (i = 0; i < s->len; i++) {
3144 ch = s->data[i];
3145
3146 if (ch == '\0' || ch == CR || ch == LF) {
3147 return NGX_ERROR;
3148 }
3149 }
3150
3151 return NGX_OK;
3152 }
3153
3154
3155 static ngx_int_t
3156 ngx_http_grpc_parse_rst_stream(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
3157 ngx_buf_t *b)
3158 {
3159 u_char ch, *p, *last;
3160 enum {
3161 sw_start = 0,
3162 sw_error_2,
3163 sw_error_3,
3164 sw_error_4
3165 } state;
3166
3167 if (b->last - b->pos < (ssize_t) ctx->rest) {
3168 last = b->last;
3169
3170 } else {
3171 last = b->pos + ctx->rest;
3172 }
3173
3174 state = ctx->frame_state;
3175
3176 if (state == sw_start) {
3177 if (ctx->rest != 4) {
3178 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3179 "upstream sent rst stream frame "
3180 "with invalid length: %uz",
3181 ctx->rest);
3182 return NGX_ERROR;
3183 }
3184 }
3185
3186 for (p = b->pos; p < last; p++) {
3187 ch = *p;
3188
3189 #if 0
3190 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3191 "grpc rst byte: %02Xd s:%d", ch, state);
3192 #endif
3193
3194 switch (state) {
3195
3196 case sw_start:
3197 ctx->error = ch << 24;
3198 state = sw_error_2;
3199 break;
3200
3201 case sw_error_2:
3202 ctx->error |= ch << 16;
3203 state = sw_error_3;
3204 break;
3205
3206 case sw_error_3:
3207 ctx->error |= ch << 8;
3208 state = sw_error_4;
3209 break;
3210
3211 case sw_error_4:
3212 ctx->error |= ch;
3213 state = sw_start;
3214
3215 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3216 "grpc error: %ui", ctx->error);
3217
3218 break;
3219 }
3220 }
3221
3222 ctx->rest -= p - b->pos;
3223 ctx->frame_state = state;
3224 b->pos = p;
3225
3226 if (ctx->rest > 0) {
3227 return NGX_AGAIN;
3228 }
3229
3230 return NGX_OK;
3231 }
3232
3233
3234 static ngx_int_t
3235 ngx_http_grpc_parse_goaway(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
3236 ngx_buf_t *b)
3237 {
3238 u_char ch, *p, *last;
3239 enum {
3240 sw_start = 0,
3241 sw_last_stream_id_2,
3242 sw_last_stream_id_3,
3243 sw_last_stream_id_4,
3244 sw_error,
3245 sw_error_2,
3246 sw_error_3,
3247 sw_error_4,
3248 sw_debug
3249 } state;
3250
3251 if (b->last - b->pos < (ssize_t) ctx->rest) {
3252 last = b->last;
3253
3254 } else {
3255 last = b->pos + ctx->rest;
3256 }
3257
3258 state = ctx->frame_state;
3259
3260 if (state == sw_start) {
3261
3262 if (ctx->stream_id) {
3263 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3264 "upstream sent goaway frame "
3265 "with non-zero stream id: %ui",
3266 ctx->stream_id);
3267 return NGX_ERROR;
3268 }
3269
3270 if (ctx->rest < 8) {
3271 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3272 "upstream sent goaway frame "
3273 "with invalid length: %uz",
3274 ctx->rest);
3275 return NGX_ERROR;
3276 }
3277 }
3278
3279 for (p = b->pos; p < last; p++) {
3280 ch = *p;
3281
3282 #if 0
3283 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3284 "grpc goaway byte: %02Xd s:%d", ch, state);
3285 #endif
3286
3287 switch (state) {
3288
3289 case sw_start:
3290 ctx->stream_id = (ch & 0x7f) << 24;
3291 state = sw_last_stream_id_2;
3292 break;
3293
3294 case sw_last_stream_id_2:
3295 ctx->stream_id |= ch << 16;
3296 state = sw_last_stream_id_3;
3297 break;
3298
3299 case sw_last_stream_id_3:
3300 ctx->stream_id |= ch << 8;
3301 state = sw_last_stream_id_4;
3302 break;
3303
3304 case sw_last_stream_id_4:
3305 ctx->stream_id |= ch;
3306 state = sw_error;
3307 break;
3308
3309 case sw_error:
3310 ctx->error = ch << 24;
3311 state = sw_error_2;
3312 break;
3313
3314 case sw_error_2:
3315 ctx->error |= ch << 16;
3316 state = sw_error_3;
3317 break;
3318
3319 case sw_error_3:
3320 ctx->error |= ch << 8;
3321 state = sw_error_4;
3322 break;
3323
3324 case sw_error_4:
3325 ctx->error |= ch;
3326 state = sw_debug;
3327 break;
3328
3329 case sw_debug:
3330 break;
3331 }
3332 }
3333
3334 ctx->rest -= p - b->pos;
3335 ctx->frame_state = state;
3336 b->pos = p;
3337
3338 if (ctx->rest > 0) {
3339 return NGX_AGAIN;
3340 }
3341
3342 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3343 "grpc goaway: %ui, stream %ui",
3344 ctx->error, ctx->stream_id);
3345
3346 ctx->state = ngx_http_grpc_st_start;
3347
3348 return NGX_OK;
3349 }
3350
3351
3352 static ngx_int_t
3353 ngx_http_grpc_parse_window_update(ngx_http_request_t *r,
3354 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b)
3355 {
3356 u_char ch, *p, *last;
3357 enum {
3358 sw_start = 0,
3359 sw_size_2,
3360 sw_size_3,
3361 sw_size_4
3362 } state;
3363
3364 if (b->last - b->pos < (ssize_t) ctx->rest) {
3365 last = b->last;
3366
3367 } else {
3368 last = b->pos + ctx->rest;
3369 }
3370
3371 state = ctx->frame_state;
3372
3373 if (state == sw_start) {
3374 if (ctx->rest != 4) {
3375 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3376 "upstream sent window update frame "
3377 "with invalid length: %uz",
3378 ctx->rest);
3379 return NGX_ERROR;
3380 }
3381 }
3382
3383 for (p = b->pos; p < last; p++) {
3384 ch = *p;
3385
3386 #if 0
3387 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3388 "grpc window update byte: %02Xd s:%d", ch, state);
3389 #endif
3390
3391 switch (state) {
3392
3393 case sw_start:
3394 ctx->window_update = (ch & 0x7f) << 24;
3395 state = sw_size_2;
3396 break;
3397
3398 case sw_size_2:
3399 ctx->window_update |= ch << 16;
3400 state = sw_size_3;
3401 break;
3402
3403 case sw_size_3:
3404 ctx->window_update |= ch << 8;
3405 state = sw_size_4;
3406 break;
3407
3408 case sw_size_4:
3409 ctx->window_update |= ch;
3410 state = sw_start;
3411 break;
3412 }
3413 }
3414
3415 ctx->rest -= p - b->pos;
3416 ctx->frame_state = state;
3417 b->pos = p;
3418
3419 if (ctx->rest > 0) {
3420 return NGX_AGAIN;
3421 }
3422
3423 ctx->state = ngx_http_grpc_st_start;
3424
3425 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3426 "grpc window update: %ui", ctx->window_update);
3427
3428 if (ctx->stream_id) {
3429
3430 if (ctx->window_update > (size_t) NGX_HTTP_V2_MAX_WINDOW
3431 - ctx->send_window)
3432 {
3433 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3434 "upstream sent too large window update");
3435 return NGX_ERROR;
3436 }
3437
3438 ctx->send_window += ctx->window_update;
3439
3440 } else {
3441
3442 if (ctx->window_update > NGX_HTTP_V2_MAX_WINDOW
3443 - ctx->connection->send_window)
3444 {
3445 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3446 "upstream sent too large window update");
3447 return NGX_ERROR;
3448 }
3449
3450 ctx->connection->send_window += ctx->window_update;
3451 }
3452
3453 return NGX_OK;
3454 }
3455
3456
3457 static ngx_int_t
3458 ngx_http_grpc_parse_settings(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
3459 ngx_buf_t *b)
3460 {
3461 u_char ch, *p, *last;
3462 ssize_t window_update;
3463 enum {
3464 sw_start = 0,
3465 sw_id,
3466 sw_id_2,
3467 sw_value,
3468 sw_value_2,
3469 sw_value_3,
3470 sw_value_4
3471 } state;
3472
3473 if (b->last - b->pos < (ssize_t) ctx->rest) {
3474 last = b->last;
3475
3476 } else {
3477 last = b->pos + ctx->rest;
3478 }
3479
3480 state = ctx->frame_state;
3481
3482 if (state == sw_start) {
3483
3484 if (ctx->stream_id) {
3485 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3486 "upstream sent settings frame "
3487 "with non-zero stream id: %ui",
3488 ctx->stream_id);
3489 return NGX_ERROR;
3490 }
3491
3492 if (ctx->flags & NGX_HTTP_V2_ACK_FLAG) {
3493 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3494 "grpc settings ack");
3495
3496 if (ctx->rest != 0) {
3497 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3498 "upstream sent settings frame "
3499 "with ack flag and non-zero length: %uz",
3500 ctx->rest);
3501 return NGX_ERROR;
3502 }
3503
3504 ctx->state = ngx_http_grpc_st_start;
3505
3506 return NGX_OK;
3507 }
3508
3509 if (ctx->rest % 6 != 0) {
3510 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3511 "upstream sent settings frame "
3512 "with invalid length: %uz",
3513 ctx->rest);
3514 return NGX_ERROR;
3515 }
3516 }
3517
3518 for (p = b->pos; p < last; p++) {
3519 ch = *p;
3520
3521 #if 0
3522 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3523 "grpc settings byte: %02Xd s:%d", ch, state);
3524 #endif
3525
3526 switch (state) {
3527
3528 case sw_start:
3529 case sw_id:
3530 ctx->setting_id = ch << 8;
3531 state = sw_id_2;
3532 break;
3533
3534 case sw_id_2:
3535 ctx->setting_id |= ch;
3536 state = sw_value;
3537 break;
3538
3539 case sw_value:
3540 ctx->setting_value = ch << 24;
3541 state = sw_value_2;
3542 break;
3543
3544 case sw_value_2:
3545 ctx->setting_value |= ch << 16;
3546 state = sw_value_3;
3547 break;
3548
3549 case sw_value_3:
3550 ctx->setting_value |= ch << 8;
3551 state = sw_value_4;
3552 break;
3553
3554 case sw_value_4:
3555 ctx->setting_value |= ch;
3556 state = sw_id;
3557
3558 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3559 "grpc setting: %ui %ui",
3560 ctx->setting_id, ctx->setting_value);
3561
3562 /*
3563 * The following settings are defined by the protocol:
3564 *
3565 * SETTINGS_HEADER_TABLE_SIZE, SETTINGS_ENABLE_PUSH,
3566 * SETTINGS_MAX_CONCURRENT_STREAMS, SETTINGS_INITIAL_WINDOW_SIZE,
3567 * SETTINGS_MAX_FRAME_SIZE, SETTINGS_MAX_HEADER_LIST_SIZE
3568 *
3569 * Only SETTINGS_INITIAL_WINDOW_SIZE seems to be needed in
3570 * a simple client.
3571 */
3572
3573 if (ctx->setting_id == 0x04) {
3574 /* SETTINGS_INITIAL_WINDOW_SIZE */
3575
3576 if (ctx->setting_value > NGX_HTTP_V2_MAX_WINDOW) {
3577 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3578 "upstream sent settings frame "
3579 "with too large initial window size: %ui",
3580 ctx->setting_value);
3581 return NGX_ERROR;
3582 }
3583
3584 window_update = ctx->setting_value
3585 - ctx->connection->init_window;
3586 ctx->connection->init_window = ctx->setting_value;
3587
3588 if (ctx->send_window > 0
3589 && window_update > (ssize_t) NGX_HTTP_V2_MAX_WINDOW
3590 - ctx->send_window)
3591 {
3592 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3593 "upstream sent settings frame "
3594 "with too large initial window size: %ui",
3595 ctx->setting_value);
3596 return NGX_ERROR;
3597 }
3598
3599 ctx->send_window += window_update;
3600 }
3601
3602 break;
3603 }
3604 }
3605
3606 ctx->rest -= p - b->pos;
3607 ctx->frame_state = state;
3608 b->pos = p;
3609
3610 if (ctx->rest > 0) {
3611 return NGX_AGAIN;
3612 }
3613
3614 ctx->state = ngx_http_grpc_st_start;
3615
3616 return ngx_http_grpc_send_settings_ack(r, ctx);
3617 }
3618
3619
3620 static ngx_int_t
3621 ngx_http_grpc_parse_ping(ngx_http_request_t *r,
3622 ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b)
3623 {
3624 u_char ch, *p, *last;
3625 enum {
3626 sw_start = 0,
3627 sw_data_2,
3628 sw_data_3,
3629 sw_data_4,
3630 sw_data_5,
3631 sw_data_6,
3632 sw_data_7,
3633 sw_data_8
3634 } state;
3635
3636 if (b->last - b->pos < (ssize_t) ctx->rest) {
3637 last = b->last;
3638
3639 } else {
3640 last = b->pos + ctx->rest;
3641 }
3642
3643 state = ctx->frame_state;
3644
3645 if (state == sw_start) {
3646
3647 if (ctx->stream_id) {
3648 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3649 "upstream sent ping frame "
3650 "with non-zero stream id: %ui",
3651 ctx->stream_id);
3652 return NGX_ERROR;
3653 }
3654
3655 if (ctx->rest != 8) {
3656 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3657 "upstream sent ping frame "
3658 "with invalid length: %uz",
3659 ctx->rest);
3660 return NGX_ERROR;
3661 }
3662
3663 if (ctx->flags & NGX_HTTP_V2_ACK_FLAG) {
3664 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
3665 "upstream sent ping frame with ack flag");
3666 return NGX_ERROR;
3667 }
3668 }
3669
3670 for (p = b->pos; p < last; p++) {
3671 ch = *p;
3672
3673 #if 0
3674 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3675 "grpc ping byte: %02Xd s:%d", ch, state);
3676 #endif
3677
3678 if (state < sw_data_8) {
3679 ctx->ping_data[state] = ch;
3680 state++;
3681
3682 } else {
3683 ctx->ping_data[7] = ch;
3684 state = sw_start;
3685
3686 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3687 "grpc ping");
3688 }
3689 }
3690
3691 ctx->rest -= p - b->pos;
3692 ctx->frame_state = state;
3693 b->pos = p;
3694
3695 if (ctx->rest > 0) {
3696 return NGX_AGAIN;
3697 }
3698
3699 ctx->state = ngx_http_grpc_st_start;
3700
3701 return ngx_http_grpc_send_ping_ack(r, ctx);
3702 }
3703
3704
3705 static ngx_int_t
3706 ngx_http_grpc_send_settings_ack(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx)
3707 {
3708 ngx_chain_t *cl, **ll;
3709 ngx_http_grpc_frame_t *f;
3710
3711 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3712 "grpc send settings ack");
3713
3714 for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) {
3715 ll = &cl->next;
3716 }
3717
3718 cl = ngx_http_grpc_get_buf(r, ctx);
3719 if (cl == NULL) {
3720 return NGX_ERROR;
3721 }
3722
3723 f = (ngx_http_grpc_frame_t *) cl->buf->last;
3724 cl->buf->last += sizeof(ngx_http_grpc_frame_t);
3725
3726 f->length_0 = 0;
3727 f->length_1 = 0;
3728 f->length_2 = 0;
3729 f->type = NGX_HTTP_V2_SETTINGS_FRAME;
3730 f->flags = NGX_HTTP_V2_ACK_FLAG;
3731 f->stream_id_0 = 0;
3732 f->stream_id_1 = 0;
3733 f->stream_id_2 = 0;
3734 f->stream_id_3 = 0;
3735
3736 *ll = cl;
3737
3738 return NGX_OK;
3739 }
3740
3741
3742 static ngx_int_t
3743 ngx_http_grpc_send_ping_ack(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx)
3744 {
3745 ngx_chain_t *cl, **ll;
3746 ngx_http_grpc_frame_t *f;
3747
3748 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3749 "grpc send ping ack");
3750
3751 for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) {
3752 ll = &cl->next;
3753 }
3754
3755 cl = ngx_http_grpc_get_buf(r, ctx);
3756 if (cl == NULL) {
3757 return NGX_ERROR;
3758 }
3759
3760 f = (ngx_http_grpc_frame_t *) cl->buf->last;
3761 cl->buf->last += sizeof(ngx_http_grpc_frame_t);
3762
3763 f->length_0 = 0;
3764 f->length_1 = 0;
3765 f->length_2 = 8;
3766 f->type = NGX_HTTP_V2_PING_FRAME;
3767 f->flags = NGX_HTTP_V2_ACK_FLAG;
3768 f->stream_id_0 = 0;
3769 f->stream_id_1 = 0;
3770 f->stream_id_2 = 0;
3771 f->stream_id_3 = 0;
3772
3773 cl->buf->last = ngx_copy(cl->buf->last, ctx->ping_data, 8);
3774
3775 *ll = cl;
3776
3777 return NGX_OK;
3778 }
3779
3780
3781 static ngx_int_t
3782 ngx_http_grpc_send_window_update(ngx_http_request_t *r,
3783 ngx_http_grpc_ctx_t *ctx)
3784 {
3785 size_t n;
3786 ngx_chain_t *cl, **ll;
3787 ngx_http_grpc_frame_t *f;
3788
3789 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3790 "grpc send window update: %uz %uz",
3791 ctx->connection->recv_window, ctx->recv_window);
3792
3793 for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) {
3794 ll = &cl->next;
3795 }
3796
3797 cl = ngx_http_grpc_get_buf(r, ctx);
3798 if (cl == NULL) {
3799 return NGX_ERROR;
3800 }
3801
3802 f = (ngx_http_grpc_frame_t *) cl->buf->last;
3803 cl->buf->last += sizeof(ngx_http_grpc_frame_t);
3804
3805 f->length_0 = 0;
3806 f->length_1 = 0;
3807 f->length_2 = 4;
3808 f->type = NGX_HTTP_V2_WINDOW_UPDATE_FRAME;
3809 f->flags = 0;
3810 f->stream_id_0 = 0;
3811 f->stream_id_1 = 0;
3812 f->stream_id_2 = 0;
3813 f->stream_id_3 = 0;
3814
3815 n = NGX_HTTP_V2_MAX_WINDOW - ctx->connection->recv_window;
3816 ctx->connection->recv_window = NGX_HTTP_V2_MAX_WINDOW;
3817
3818 *cl->buf->last++ = (u_char) ((n >> 24) & 0xff);
3819 *cl->buf->last++ = (u_char) ((n >> 16) & 0xff);
3820 *cl->buf->last++ = (u_char) ((n >> 8) & 0xff);
3821 *cl->buf->last++ = (u_char) (n & 0xff);
3822
3823 f = (ngx_http_grpc_frame_t *) cl->buf->last;
3824 cl->buf->last += sizeof(ngx_http_grpc_frame_t);
3825
3826 f->length_0 = 0;
3827 f->length_1 = 0;
3828 f->length_2 = 4;
3829 f->type = NGX_HTTP_V2_WINDOW_UPDATE_FRAME;
3830 f->flags = 0;
3831 f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff);
3832 f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff);
3833 f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff);
3834 f->stream_id_3 = (u_char) (ctx->id & 0xff);
3835
3836 n = NGX_HTTP_V2_MAX_WINDOW - ctx->recv_window;
3837 ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW;
3838
3839 *cl->buf->last++ = (u_char) ((n >> 24) & 0xff);
3840 *cl->buf->last++ = (u_char) ((n >> 16) & 0xff);
3841 *cl->buf->last++ = (u_char) ((n >> 8) & 0xff);
3842 *cl->buf->last++ = (u_char) (n & 0xff);
3843
3844 *ll = cl;
3845
3846 return NGX_OK;
3847 }
3848
3849
3850 static ngx_chain_t *
3851 ngx_http_grpc_get_buf(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx)
3852 {
3853 ngx_buf_t *b;
3854 ngx_chain_t *cl;
3855
3856 cl = ngx_chain_get_free_buf(r->pool, &ctx->free);
3857 if (cl == NULL) {
3858 return NULL;
3859 }
3860
3861 b = cl->buf;
3862
3863 b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter;
3864 b->temporary = 1;
3865 b->flush = 1;
3866
3867 if (b->start == NULL) {
3868
3869 /*
3870 * each buffer is large enough to hold two window update
3871 * frames in a row
3872 */
3873
3874 b->start = ngx_palloc(r->pool, 2 * sizeof(ngx_http_grpc_frame_t) + 8);
3875 if (b->start == NULL) {
3876 return NULL;
3877 }
3878
3879 b->pos = b->start;
3880 b->last = b->start;
3881
3882 b->end = b->start + 2 * sizeof(ngx_http_grpc_frame_t) + 8;
3883 }
3884
3885 return cl;
3886 }
3887
3888
3889 static ngx_http_grpc_ctx_t *
3890 ngx_http_grpc_get_ctx(ngx_http_request_t *r)
3891 {
3892 ngx_http_grpc_ctx_t *ctx;
3893 ngx_http_upstream_t *u;
3894
3895 ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module);
3896
3897 if (ctx->connection == NULL) {
3898 u = r->upstream;
3899
3900 if (ngx_http_grpc_get_connection_data(r, ctx, &u->peer) != NGX_OK) {
3901 return NULL;
3902 }
3903 }
3904
3905 return ctx;
3906 }
3907
3908
3909 static ngx_int_t
3910 ngx_http_grpc_get_connection_data(ngx_http_request_t *r,
3911 ngx_http_grpc_ctx_t *ctx, ngx_peer_connection_t *pc)
3912 {
3913 ngx_connection_t *c;
3914 ngx_pool_cleanup_t *cln;
3915
3916 c = pc->connection;
3917
3918 if (pc->cached) {
3919
3920 /*
3921 * for cached connections, connection data can be found
3922 * in the cleanup handler
3923 */
3924
3925 for (cln = c->pool->cleanup; cln; cln = cln->next) {
3926 if (cln->handler == ngx_http_grpc_cleanup) {
3927 ctx->connection = cln->data;
3928 break;
3929 }
3930 }
3931
3932 if (ctx->connection == NULL) {
3933 ngx_log_error(NGX_LOG_ERR, c->log, 0,
3934 "no connection data found for "
3935 "keepalive http2 connection");
3936 return NGX_ERROR;
3937 }
3938
3939 ctx->send_window = ctx->connection->init_window;
3940 ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW;
3941
3942 ctx->connection->last_stream_id += 2;
3943 ctx->id = ctx->connection->last_stream_id;
3944
3945 return NGX_OK;
3946 }
3947
3948 cln = ngx_pool_cleanup_add(c->pool, sizeof(ngx_http_grpc_conn_t));
3949 if (cln == NULL) {
3950 return NGX_ERROR;
3951 }
3952
3953 cln->handler = ngx_http_grpc_cleanup;
3954 ctx->connection = cln->data;
3955
3956 ctx->connection->init_window = NGX_HTTP_V2_DEFAULT_WINDOW;
3957 ctx->connection->send_window = NGX_HTTP_V2_DEFAULT_WINDOW;
3958 ctx->connection->recv_window = NGX_HTTP_V2_MAX_WINDOW;
3959
3960 ctx->send_window = NGX_HTTP_V2_DEFAULT_WINDOW;
3961 ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW;
3962
3963 ctx->id = 1;
3964 ctx->connection->last_stream_id = 1;
3965
3966 return NGX_OK;
3967 }
3968
3969
3970 static void
3971 ngx_http_grpc_cleanup(void *data)
3972 {
3973 #if 0
3974 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,
3975 "grpc cleanup");
3976 #endif
3977 return;
3978 }
3979
3980
3981 static void
3982 ngx_http_grpc_abort_request(ngx_http_request_t *r)
3983 {
3984 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3985 "abort grpc request");
3986 return;
3987 }
3988
3989
3990 static void
3991 ngx_http_grpc_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
3992 {
3993 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3994 "finalize grpc request");
3995 return;
3996 }
3997
3998
3999 static void *
4000 ngx_http_grpc_create_loc_conf(ngx_conf_t *cf)
4001 {
4002 ngx_http_grpc_loc_conf_t *conf;
4003
4004 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_grpc_loc_conf_t));
4005 if (conf == NULL) {
4006 return NULL;
4007 }
4008
4009 /*
4010 * set by ngx_pcalloc():
4011 *
4012 * conf->upstream.ignore_headers = 0;
4013 * conf->upstream.next_upstream = 0;
4014 * conf->upstream.hide_headers_hash = { NULL, 0 };
4015 * conf->upstream.ssl_name = NULL;
4016 *
4017 * conf->headers_source = NULL;
4018 * conf->headers.lengths = NULL;
4019 * conf->headers.values = NULL;
4020 * conf->headers.hash = { NULL, 0 };
4021 * conf->host = { 0, NULL };
4022 * conf->host_set = 0;
4023 * conf->ssl = 0;
4024 * conf->ssl_protocols = 0;
4025 * conf->ssl_ciphers = { 0, NULL };
4026 * conf->ssl_trusted_certificate = { 0, NULL };
4027 * conf->ssl_crl = { 0, NULL };
4028 * conf->ssl_certificate = { 0, NULL };
4029 * conf->ssl_certificate_key = { 0, NULL };
4030 */
4031
4032 conf->upstream.local = NGX_CONF_UNSET_PTR;
4033 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT;
4034 conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
4035 conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
4036 conf->upstream.read_timeout = NGX_CONF_UNSET_MSEC;
4037 conf->upstream.next_upstream_timeout = NGX_CONF_UNSET_MSEC;
4038
4039 conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
4040
4041 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
4042 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
4043
4044 conf->upstream.intercept_errors = NGX_CONF_UNSET;
4045
4046 #if (NGX_HTTP_SSL)
4047 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
4048 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
4049 conf->upstream.ssl_verify = NGX_CONF_UNSET;
4050 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
4051 conf->ssl_passwords = NGX_CONF_UNSET_PTR;
4052 #endif
4053
4054 /* the hardcoded values */
4055 conf->upstream.cyclic_temp_file = 0;
4056 conf->upstream.buffering = 0;
4057 conf->upstream.ignore_client_abort = 0;
4058 conf->upstream.send_lowat = 0;
4059 conf->upstream.bufs.num = 0;
4060 conf->upstream.busy_buffers_size = 0;
4061 conf->upstream.max_temp_file_size = 0;
4062 conf->upstream.temp_file_write_size = 0;
4063 conf->upstream.pass_request_headers = 1;
4064 conf->upstream.pass_request_body = 1;
4065 conf->upstream.force_ranges = 0;
4066 conf->upstream.pass_trailers = 1;
4067 conf->upstream.preserve_output = 1;
4068
4069 ngx_str_set(&conf->upstream.module, "grpc");
4070
4071 return conf;
4072 }
4073
4074
4075 static char *
4076 ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
4077 {
4078 ngx_http_grpc_loc_conf_t *prev = parent;
4079 ngx_http_grpc_loc_conf_t *conf = child;
4080
4081 ngx_int_t rc;
4082 ngx_hash_init_t hash;
4083 ngx_http_core_loc_conf_t *clcf;
4084
4085 ngx_conf_merge_ptr_value(conf->upstream.local,
4086 prev->upstream.local, NULL);
4087
4088 ngx_conf_merge_uint_value(conf->upstream.next_upstream_tries,
4089 prev->upstream.next_upstream_tries, 0);
4090
4091 ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
4092 prev->upstream.connect_timeout, 60000);
4093
4094 ngx_conf_merge_msec_value(conf->upstream.send_timeout,
4095 prev->upstream.send_timeout, 60000);
4096
4097 ngx_conf_merge_msec_value(conf->upstream.read_timeout,
4098 prev->upstream.read_timeout, 60000);
4099
4100 ngx_conf_merge_msec_value(conf->upstream.next_upstream_timeout,
4101 prev->upstream.next_upstream_timeout, 0);
4102
4103 ngx_conf_merge_size_value(conf->upstream.buffer_size,
4104 prev->upstream.buffer_size,
4105 (size_t) ngx_pagesize);
4106
4107 ngx_conf_merge_bitmask_value(conf->upstream.ignore_headers,
4108 prev->upstream.ignore_headers,
4109 NGX_CONF_BITMASK_SET);
4110
4111 ngx_conf_merge_bitmask_value(conf->upstream.next_upstream,
4112 prev->upstream.next_upstream,
4113 (NGX_CONF_BITMASK_SET
4114 |NGX_HTTP_UPSTREAM_FT_ERROR
4115 |NGX_HTTP_UPSTREAM_FT_TIMEOUT));
4116
4117 if (conf->upstream.next_upstream & NGX_HTTP_UPSTREAM_FT_OFF) {
4118 conf->upstream.next_upstream = NGX_CONF_BITMASK_SET
4119 |NGX_HTTP_UPSTREAM_FT_OFF;
4120 }
4121
4122 ngx_conf_merge_value(conf->upstream.intercept_errors,
4123 prev->upstream.intercept_errors, 0);
4124
4125 #if (NGX_HTTP_SSL)
4126
4127 ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
4128 prev->upstream.ssl_session_reuse, 1);
4129
4130 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
4131 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
4132 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
4133
4134 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
4135 "DEFAULT");
4136
4137 if (conf->upstream.ssl_name == NULL) {
4138 conf->upstream.ssl_name = prev->upstream.ssl_name;
4139 }
4140
4141 ngx_conf_merge_value(conf->upstream.ssl_server_name,
4142 prev->upstream.ssl_server_name, 0);
4143 ngx_conf_merge_value(conf->upstream.ssl_verify,
4144 prev->upstream.ssl_verify, 0);
4145 ngx_conf_merge_uint_value(conf->ssl_verify_depth,
4146 prev->ssl_verify_depth, 1);
4147 ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
4148 prev->ssl_trusted_certificate, "");
4149 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
4150
4151 ngx_conf_merge_str_value(conf->ssl_certificate,
4152 prev->ssl_certificate, "");
4153 ngx_conf_merge_str_value(conf->ssl_certificate_key,
4154 prev->ssl_certificate_key, "");
4155 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
4156
4157 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) {
4158 return NGX_CONF_ERROR;
4159 }
4160
4161 #endif
4162
4163 hash.max_size = 512;
4164 hash.bucket_size = ngx_align(64, ngx_cacheline_size);
4165 hash.name = "grpc_headers_hash";
4166
4167 if (ngx_http_upstream_hide_headers_hash(cf, &conf->upstream,
4168 &prev->upstream, ngx_http_grpc_hide_headers, &hash)
4169 != NGX_OK)
4170 {
4171 return NGX_CONF_ERROR;
4172 }
4173
4174 clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
4175
4176 if (clcf->noname && conf->upstream.upstream == NULL) {
4177 conf->upstream.upstream = prev->upstream.upstream;
4178 conf->host = prev->host;
4179 #if (NGX_HTTP_SSL)
4180 conf->upstream.ssl = prev->upstream.ssl;
4181 #endif
4182 }
4183
4184 if (clcf->lmt_excpt && clcf->handler == NULL && conf->upstream.upstream) {
4185 clcf->handler = ngx_http_grpc_handler;
4186 }
4187
4188 if (conf->headers_source == NULL) {
4189 conf->headers = prev->headers;
4190 conf->headers_source = prev->headers_source;
4191 conf->host_set = prev->host_set;
4192 }
4193
4194 rc = ngx_http_grpc_init_headers(cf, conf, &conf->headers,
4195 ngx_http_grpc_headers);
4196 if (rc != NGX_OK) {
4197 return NGX_CONF_ERROR;
4198 }
4199
4200 /*
4201 * special handling to preserve conf->headers in the "http" section
4202 * to inherit it to all servers
4203 */
4204
4205 if (prev->headers.hash.buckets == NULL
4206 && conf->headers_source == prev->headers_source)
4207 {
4208 prev->headers = conf->headers;
4209 prev->host_set = conf->host_set;
4210 }
4211
4212 return NGX_CONF_OK;
4213 }
4214
4215
4216 static ngx_int_t
4217 ngx_http_grpc_init_headers(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf,
4218 ngx_http_grpc_headers_t *headers, ngx_keyval_t *default_headers)
4219 {
4220 u_char *p;
4221 size_t size;
4222 uintptr_t *code;
4223 ngx_uint_t i;
4224 ngx_array_t headers_names, headers_merged;
4225 ngx_keyval_t *src, *s, *h;
4226 ngx_hash_key_t *hk;
4227 ngx_hash_init_t hash;
4228 ngx_http_script_compile_t sc;
4229 ngx_http_script_copy_code_t *copy;
4230
4231 if (headers->hash.buckets) {
4232 return NGX_OK;
4233 }
4234
4235 if (ngx_array_init(&headers_names, cf->temp_pool, 4, sizeof(ngx_hash_key_t))
4236 != NGX_OK)
4237 {
4238 return NGX_ERROR;
4239 }
4240
4241 if (ngx_array_init(&headers_merged, cf->temp_pool, 4, sizeof(ngx_keyval_t))
4242 != NGX_OK)
4243 {
4244 return NGX_ERROR;
4245 }
4246
4247 headers->lengths = ngx_array_create(cf->pool, 64, 1);
4248 if (headers->lengths == NULL) {
4249 return NGX_ERROR;
4250 }
4251
4252 headers->values = ngx_array_create(cf->pool, 512, 1);
4253 if (headers->values == NULL) {
4254 return NGX_ERROR;
4255 }
4256
4257 if (conf->headers_source) {
4258
4259 src = conf->headers_source->elts;
4260 for (i = 0; i < conf->headers_source->nelts; i++) {
4261
4262 if (src[i].key.len == 4
4263 && ngx_strncasecmp(src[i].key.data, (u_char *) "Host", 4) == 0)
4264 {
4265 conf->host_set = 1;
4266 }
4267
4268 s = ngx_array_push(&headers_merged);
4269 if (s == NULL) {
4270 return NGX_ERROR;
4271 }
4272
4273 *s = src[i];
4274 }
4275 }
4276
4277 h = default_headers;
4278
4279 while (h->key.len) {
4280
4281 src = headers_merged.elts;
4282 for (i = 0; i < headers_merged.nelts; i++) {
4283 if (ngx_strcasecmp(h->key.data, src[i].key.data) == 0) {
4284 goto next;
4285 }
4286 }
4287
4288 s = ngx_array_push(&headers_merged);
4289 if (s == NULL) {
4290 return NGX_ERROR;
4291 }
4292
4293 *s = *h;
4294
4295 next:
4296
4297 h++;
4298 }
4299
4300
4301 src = headers_merged.elts;
4302 for (i = 0; i < headers_merged.nelts; i++) {
4303
4304 hk = ngx_array_push(&headers_names);
4305 if (hk == NULL) {
4306 return NGX_ERROR;
4307 }
4308
4309 hk->key = src[i].key;
4310 hk->key_hash = ngx_hash_key_lc(src[i].key.data, src[i].key.len);
4311 hk->value = (void *) 1;
4312
4313 if (src[i].value.len == 0) {
4314 continue;
4315 }
4316
4317 copy = ngx_array_push_n(headers->lengths,
4318 sizeof(ngx_http_script_copy_code_t));
4319 if (copy == NULL) {
4320 return NGX_ERROR;
4321 }
4322
4323 copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
4324 copy->len = src[i].key.len;
4325
4326 size = (sizeof(ngx_http_script_copy_code_t)
4327 + src[i].key.len + sizeof(uintptr_t) - 1)
4328 & ~(sizeof(uintptr_t) - 1);
4329
4330 copy = ngx_array_push_n(headers->values, size);
4331 if (copy == NULL) {
4332 return NGX_ERROR;
4333 }
4334
4335 copy->code = ngx_http_script_copy_code;
4336 copy->len = src[i].key.len;
4337
4338 p = (u_char *) copy + sizeof(ngx_http_script_copy_code_t);
4339 ngx_memcpy(p, src[i].key.data, src[i].key.len);
4340
4341 ngx_memzero(&sc, sizeof(ngx_http_script_compile_t));
4342
4343 sc.cf = cf;
4344 sc.source = &src[i].value;
4345 sc.flushes = &headers->flushes;
4346 sc.lengths = &headers->lengths;
4347 sc.values = &headers->values;
4348
4349 if (ngx_http_script_compile(&sc) != NGX_OK) {
4350 return NGX_ERROR;
4351 }
4352
4353 code = ngx_array_push_n(headers->lengths, sizeof(uintptr_t));
4354 if (code == NULL) {
4355 return NGX_ERROR;
4356 }
4357
4358 *code = (uintptr_t) NULL;
4359
4360 code = ngx_array_push_n(headers->values, sizeof(uintptr_t));
4361 if (code == NULL) {
4362 return NGX_ERROR;
4363 }
4364
4365 *code = (uintptr_t) NULL;
4366 }
4367
4368 code = ngx_array_push_n(headers->lengths, sizeof(uintptr_t));
4369 if (code == NULL) {
4370 return NGX_ERROR;
4371 }
4372
4373 *code = (uintptr_t) NULL;
4374
4375
4376 hash.hash = &headers->hash;
4377 hash.key = ngx_hash_key_lc;
4378 hash.max_size = 512;
4379 hash.bucket_size = 64;
4380 hash.name = "grpc_headers_hash";
4381 hash.pool = cf->pool;
4382 hash.temp_pool = NULL;
4383
4384 return ngx_hash_init(&hash, headers_names.elts, headers_names.nelts);
4385 }
4386
4387
4388 static char *
4389 ngx_http_grpc_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
4390 {
4391 ngx_http_grpc_loc_conf_t *glcf = conf;
4392
4393 size_t add;
4394 ngx_str_t *value, *url;
4395 ngx_url_t u;
4396 ngx_http_core_loc_conf_t *clcf;
4397
4398 if (glcf->upstream.upstream) {
4399 return "is duplicate";
4400 }
4401
4402 value = cf->args->elts;
4403 url = &value[1];
4404
4405 if (ngx_strncasecmp(url->data, (u_char *) "grpc://", 7) == 0) {
4406 add = 7;
4407
4408 } else if (ngx_strncasecmp(url->data, (u_char *) "grpcs://", 8) == 0) {
4409
4410 #if (NGX_HTTP_SSL)
4411 glcf->ssl = 1;
4412
4413 add = 8;
4414 #else
4415 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4416 "grpcs protocol requires SSL support");
4417 return NGX_CONF_ERROR;
4418 #endif
4419
4420 } else {
4421 add = 0;
4422 }
4423
4424 ngx_memzero(&u, sizeof(ngx_url_t));
4425
4426 u.url.len = url->len - add;
4427 u.url.data = url->data + add;
4428 u.no_resolve = 1;
4429
4430 glcf->upstream.upstream = ngx_http_upstream_add(cf, &u, 0);
4431 if (glcf->upstream.upstream == NULL) {
4432 return NGX_CONF_ERROR;
4433 }
4434
4435 if (u.family != AF_UNIX) {
4436
4437 if (u.no_port) {
4438 glcf->host = u.host;
4439
4440 } else {
4441 glcf->host.len = u.host.len + 1 + u.port_text.len;
4442 glcf->host.data = u.host.data;
4443 }
4444
4445 } else {
4446 ngx_str_set(&glcf->host, "localhost");
4447 }
4448
4449 clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
4450
4451 clcf->handler = ngx_http_grpc_handler;
4452
4453 if (clcf->name.data[clcf->name.len - 1] == '/') {
4454 clcf->auto_redirect = 1;
4455 }
4456
4457 return NGX_CONF_OK;
4458 }
4459
4460
4461 #if (NGX_HTTP_SSL)
4462
4463 static char *
4464 ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
4465 {
4466 ngx_http_grpc_loc_conf_t *glcf = conf;
4467
4468 ngx_str_t *value;
4469
4470 if (glcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
4471 return "is duplicate";
4472 }
4473
4474 value = cf->args->elts;
4475
4476 glcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
4477
4478 if (glcf->ssl_passwords == NULL) {
4479 return NGX_CONF_ERROR;
4480 }
4481
4482 return NGX_CONF_OK;
4483 }
4484
4485
4486 static ngx_int_t
4487 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
4488 {
4489 ngx_pool_cleanup_t *cln;
4490
4491 glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
4492 if (glcf->upstream.ssl == NULL) {
4493 return NGX_ERROR;
4494 }
4495
4496 glcf->upstream.ssl->log = cf->log;
4497
4498 if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL)
4499 != NGX_OK)
4500 {
4501 return NGX_ERROR;
4502 }
4503
4504 cln = ngx_pool_cleanup_add(cf->pool, 0);
4505 if (cln == NULL) {
4506 return NGX_ERROR;
4507 }
4508
4509 cln->handler = ngx_ssl_cleanup_ctx;
4510 cln->data = glcf->upstream.ssl;
4511
4512 if (glcf->ssl_certificate.len) {
4513
4514 if (glcf->ssl_certificate_key.len == 0) {
4515 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
4516 "no \"grpc_ssl_certificate_key\" is defined "
4517 "for certificate \"%V\"", &glcf->ssl_certificate);
4518 return NGX_ERROR;
4519 }
4520
4521 if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->ssl_certificate,
4522 &glcf->ssl_certificate_key, glcf->ssl_passwords)
4523 != NGX_OK)
4524 {
4525 return NGX_ERROR;
4526 }
4527 }
4528
4529 if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0)
4530 != NGX_OK)
4531 {
4532 return NGX_ERROR;
4533 }
4534
4535 if (glcf->upstream.ssl_verify) {
4536 if (glcf->ssl_trusted_certificate.len == 0) {
4537 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
4538 "no grpc_ssl_trusted_certificate for grpc_ssl_verify");
4539 return NGX_ERROR;
4540 }
4541
4542 if (ngx_ssl_trusted_certificate(cf, glcf->upstream.ssl,
4543 &glcf->ssl_trusted_certificate,
4544 glcf->ssl_verify_depth)
4545 != NGX_OK)
4546 {
4547 return NGX_ERROR;
4548 }
4549
4550 if (ngx_ssl_crl(cf, glcf->upstream.ssl, &glcf->ssl_crl) != NGX_OK) {
4551 return NGX_ERROR;
4552 }
4553 }
4554
4555 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4556
4557 if (SSL_CTX_set_alpn_protos(glcf->upstream.ssl->ctx,
4558 (u_char *) "\x02h2", 3)
4559 != 0)
4560 {
4561 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
4562 "SSL_CTX_set_alpn_protos() failed");
4563 return NGX_ERROR;
4564 }
4565
4566 #endif
4567
4568 return NGX_OK;
4569 }
4570
4571 #endif