From: Witold Kręcicki Date: Sat, 31 Oct 2020 19:42:18 +0000 (+0100) Subject: nghttp2-based HTTP layer in netmgr X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16966e5174fd3aef5e14b3d828c18f6c363c0af5;p=thirdparty%2Fbind9.git nghttp2-based HTTP layer in netmgr This commit includes work-in-progress implementation of DNS-over-HTTP(S). Server-side code remains mostly untested, and there is only support for POST requests. --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6412ea52ae8..d6156b99e06 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -285,6 +285,7 @@ stages: "with-openssl=C:/OpenSSL" "with-libxml2=C:/libxml2" "with-libuv=C:/libuv" + "with-nghttp2=C:/nghttp2" "without-python" "with-system-tests" x64' diff --git a/COPYRIGHT b/COPYRIGHT index 830bcaa1290..ecb9bc38ea3 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -367,3 +367,25 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +----------------------------------------------------------------------------- + +Copyright Joyent, Inc. and other Node contributors. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to +deal in the Software without restriction, including without limitation the +rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp index 06db5164253..b4711ed1803 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.cpp +++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp @@ -138,7 +138,8 @@ const FileData installFiles[] = {"libdns.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, {"libirs.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, {"libeay32.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, - {"libuv.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, + {"nghttp2.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, + {"uv.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, #ifdef HAVE_LIBXML2 {"libxml2.dll", FileData::BinDir, FileData::Critical, FALSE, TRUE}, #endif diff --git a/configure.ac b/configure.ac index 2944b3ca444..1ff23d73c11 100644 --- a/configure.ac +++ b/configure.ac @@ -124,7 +124,7 @@ AS_IF([test "$enable_static" != "no" && test "$enable_developer" != "yes"], # # Set the default CFLAGS and CPPFLAGS # -STD_CFLAGS="-Wall -Wextra -Wwrite-strings -Wcast-qual -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow" +STD_CFLAGS="-Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow" # These should be always errors STD_CFLAGS="$STD_CFLAGS -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes" @@ -574,6 +574,15 @@ LIBS="$LIBS $LIBUV_LIBS" AC_CHECK_FUNCS([uv_handle_get_data uv_handle_set_data uv_import uv_udp_connect uv_translate_sys_error]) AX_RESTORE_FLAGS([libuv]) +# libnghttp2 +AC_MSG_CHECKING([for libnghttp2]) +PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0], [], + [AC_MSG_ERROR([libnghttp2 not found])]) +AX_SAVE_FLAGS([libnghttp2]) + +CFLAGS="$CFLAGS $LIBNGHTTP2_CFLAGS" +LIBS="$LIBS $LIBNGHTTP2_LIBS" + # # flockfile is usually provided by pthreads # diff --git a/lib/isc/Makefile.am b/lib/isc/Makefile.am index c84832b2943..48ead7c17f4 100644 --- a/lib/isc/Makefile.am +++ b/lib/isc/Makefile.am @@ -90,6 +90,7 @@ libisc_la_HEADERS = \ include/isc/tls.h \ include/isc/tm.h \ include/isc/types.h \ + include/isc/url.h \ include/isc/utf8.h \ include/isc/util.h \ pthreads/include/isc/condition.h\ @@ -124,6 +125,7 @@ libisc_la_SOURCES = \ $(libisc_la_HEADERS) \ $(pk11_HEADERS) \ $(pkcs11_HEADERS) \ + netmgr/http.c \ netmgr/netmgr-int.h \ netmgr/netmgr.c \ netmgr/tcp.c \ @@ -150,6 +152,7 @@ libisc_la_SOURCES = \ unix/stdtime.c \ unix/syslog.c \ unix/time.c \ + url.c \ pk11.c \ pk11_result.c \ aes.c \ diff --git a/lib/isc/include/isc/netmgr.h b/lib/isc/include/isc/netmgr.h index b97c2f8e42d..d2e4ef4c0ad 100644 --- a/lib/isc/include/isc/netmgr.h +++ b/lib/isc/include/isc/netmgr.h @@ -506,3 +506,41 @@ isc_nm_tlsdnsconnect(isc_nm_t *mgr, isc_nmiface_t *local, isc_nmiface_t *peer, * 'cb'. */ +typedef void (*isc_nm_http_cb_t)(isc_nmhandle_t *handle, isc_result_t eresult, + isc_region_t *postdata, isc_region_t *getdata, + void *cbarg); +/*%< + * Callback function to be used when receiving an HTTP request. + * + * 'handle' the handle that can be used to send back the answer. + * 'eresult' the result of the event. + * 'postdata' contains the received POST data, if any. It will be freed + * after return by caller. + * 'getdata' contains the received GET data (past '?'), if any. It will be + * freed after return by caller. + * 'cbarg' the callback argument passed to listen function. + */ + +isc_result_t +isc_nm_doh_request(isc_nm_t *mgr, const char *uri, isc_region_t *message, + isc_nm_recv_cb_t cb, void *cbarg, isc_ssl_ctx_t *ctx); + +isc_result_t +isc_nm_httpsconnect(isc_nm_t *mgr, isc_nmiface_t *local, isc_nmiface_t *peer, + const char *uri, isc_nm_cb_t cb, void *cbarg, + unsigned int timeout, size_t extrahandlesize); + +isc_result_t +isc_nm_listenhttps(isc_nm_t *mgr, isc_nmiface_t *iface, int backlog, + isc_quota_t *quota, isc_ssl_ctx_t *ctx, + isc_nmsocket_t **sockp); + +isc_result_t +isc_nm_http_add_endpoint(isc_nmsocket_t *sock, const char *uri, + isc_nm_http_cb_t cb, void *cbarg, + size_t extrahandlesize); + +isc_result_t +isc_nm_http_add_doh_endpoint(isc_nmsocket_t *sock, const char *uri, + isc_nm_recv_cb_t cb, void *cbarg, + size_t extrahandlesize); diff --git a/lib/isc/include/isc/url.h b/lib/isc/include/isc/url.h new file mode 100644 index 00000000000..9dd95245c30 --- /dev/null +++ b/lib/isc/include/isc/url.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Copyright Joyent, Inc. and other Node contributors. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include +#include + +#include + +/* + * Compile with -DHTTP_PARSER_STRICT=0 to make less checks, but run + * faster + */ +#ifndef HTTP_PARSER_STRICT +#define HTTP_PARSER_STRICT 1 +#endif + +typedef enum { + ISC_UF_SCHEMA = 0, + ISC_UF_HOST = 1, + ISC_UF_PORT = 2, + ISC_UF_PATH = 3, + ISC_UF_QUERY = 4, + ISC_UF_FRAGMENT = 5, + ISC_UF_USERINFO = 6, + ISC_UF_MAX = 7 +} isc_url_field_t; + +/* Result structure for isc_url_parse(). + * + * Callers should index into field_data[] with UF_* values iff field_set + * has the relevant (1 << UF_*) bit set. As a courtesy to clients (and + * because we probably have padding left over), we convert any port to + * a uint16_t. + */ +typedef struct { + uint16_t field_set; /* Bitmask of (1 << UF_*) values */ + uint16_t port; /* Converted UF_PORT string */ + + struct { + uint16_t off; /* Offset into buffer in which field starts */ + uint16_t len; /* Length of run in buffer */ + } field_data[ISC_UF_MAX]; +} isc_url_parser_t; + +isc_result_t +isc_url_parse(const char *buf, size_t buflen, bool is_connect, + isc_url_parser_t *up); +/*%< + * Parse a URL; return nonzero on failure + */ diff --git a/lib/isc/netmgr/http.c b/lib/isc/netmgr/http.c new file mode 100644 index 00000000000..b26f587dfa8 --- /dev/null +++ b/lib/isc/netmgr/http.c @@ -0,0 +1,1077 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include + +#include "netmgr-int.h" + +#define AUTHEXTRA 7 + +typedef struct http2_client_stream { + isc_nm_recv_cb_t cb; + void *cbarg; + + char *uri; + isc_url_parser_t up; + + char *authority; + size_t authoritylen; + char *path; + + uint8_t rbuf[65535]; + size_t rbufsize; + + size_t pathlen; + int32_t stream_id; + isc_region_t *postdata; + size_t postdata_pos; +} http2_client_stream_t; + +#define HTTP2_SESSION_MAGIC ISC_MAGIC('H', '2', 'S', 'S') +#define VALID_HTTP2_SESSION(t) ISC_MAGIC_VALID(t, HTTP2_SESSION_MAGIC) + +struct isc_nm_http2_session { + unsigned int magic; + isc_mem_t *mctx; + bool sending; + bool closed; + bool reading; + + nghttp2_session *ngsession; + http2_client_stream_t *cstream; + ISC_LIST(isc_nmsocket_h2_t) sstreams; + + isc_nmhandle_t *handle; + isc_nmsocket_t *serversocket; + + isc_region_t r; + uint8_t buf[65535]; + size_t bufsize; + + SSL_CTX *ctx; +}; + +static bool +http2_do_bio(isc_nm_http2_session_t *session); + +static isc_result_t +get_http2_client_stream(isc_mem_t *mctx, http2_client_stream_t **streamp, + const char *uri, uint16_t *port) { + http2_client_stream_t *stream = NULL; + int rv; + + REQUIRE(streamp != NULL && *streamp == NULL); + REQUIRE(uri != NULL); + REQUIRE(port != NULL); + + stream = isc_mem_get(mctx, sizeof(http2_client_stream_t)); + *stream = (http2_client_stream_t){ .stream_id = -1 }; + + stream->uri = isc_mem_strdup(mctx, uri); + + rv = isc_url_parse(stream->uri, strlen(stream->uri), 0, &stream->up); + if (rv != 0) { + isc_mem_put(mctx, stream, sizeof(http2_client_stream_t)); + isc_mem_free(mctx, stream->uri); + return (ISC_R_FAILURE); + } + + stream->authoritylen = stream->up.field_data[ISC_UF_HOST].len; + stream->authority = isc_mem_get(mctx, stream->authoritylen + AUTHEXTRA); + memmove(stream->authority, &uri[stream->up.field_data[ISC_UF_HOST].off], + stream->up.field_data[ISC_UF_HOST].len); + + if (stream->up.field_set & (1 << ISC_UF_PORT)) { + stream->authoritylen += (size_t)snprintf( + stream->authority + + stream->up.field_data[ISC_UF_HOST].len, + AUTHEXTRA, ":%u", stream->up.port); + } + + /* If we don't have path in URI, we use "/" as path. */ + stream->pathlen = 1; + if (stream->up.field_set & (1 << ISC_UF_PATH)) { + stream->pathlen = stream->up.field_data[ISC_UF_PATH].len; + } + if (stream->up.field_set & (1 << ISC_UF_QUERY)) { + /* +1 for '?' character */ + stream->pathlen += + (size_t)(stream->up.field_data[ISC_UF_QUERY].len + 1); + } + + stream->path = isc_mem_get(mctx, stream->pathlen); + if (stream->up.field_set & (1 << ISC_UF_PATH)) { + memmove(stream->path, + &uri[stream->up.field_data[ISC_UF_PATH].off], + stream->up.field_data[ISC_UF_PATH].len); + } else { + stream->path[0] = '/'; + } + + if (stream->up.field_set & (1 << ISC_UF_QUERY)) { + stream->path[stream->pathlen - + stream->up.field_data[ISC_UF_QUERY].len - 1] = '?'; + memmove(stream->path + stream->pathlen - + stream->up.field_data[ISC_UF_QUERY].len, + &uri[stream->up.field_data[ISC_UF_QUERY].off], + stream->up.field_data[ISC_UF_QUERY].len); + } + + *port = 443; + if ((stream->up.field_set & (1 << ISC_UF_PORT)) != 0) { + *port = stream->up.port; + } + + *streamp = stream; + + return (ISC_R_SUCCESS); +} + +static void +put_http2_client_stream(isc_mem_t *mctx, http2_client_stream_t *stream) { + isc_mem_put(mctx, stream->path, stream->pathlen); + isc_mem_put(mctx, stream->authority, stream->authoritylen + AUTHEXTRA); + isc_mem_put(mctx, stream, sizeof(http2_client_stream_t)); +} + +static void +delete_http2_session(isc_nm_http2_session_t *session) { + if (session->handle != NULL) { + isc_nm_pauseread(session->handle); + isc_nmhandle_detach(&session->handle); + } + if (session->ngsession != NULL) { + nghttp2_session_del(session->ngsession); + session->ngsession = NULL; + } + if (session->cstream != NULL) { + put_http2_client_stream(session->mctx, session->cstream); + session->cstream = NULL; + } + + /* + * There might be leftover callbacks waiting to be received + */ + if (session->sending) { + session->closed = true; + } else if (!session->reading) { + session->magic = 0; + isc_mem_putanddetach(&session->mctx, session, + sizeof(isc_nm_http2_session_t)); + } +} + +static int +on_data_chunk_recv_callback(nghttp2_session *ngsession, uint8_t flags, + int32_t stream_id, const uint8_t *data, size_t len, + void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + + UNUSED(ngsession); + UNUSED(flags); + + if (session->cstream != NULL) { + if (session->cstream->stream_id == stream_id) { + /* TODO buffer overrun! */ + memmove(session->cstream->rbuf + + session->cstream->rbufsize, + data, len); + session->cstream->rbufsize += len; + } + } else { + isc_nmsocket_h2_t *sock_h2 = ISC_LIST_HEAD(session->sstreams); + while (sock_h2 != NULL) { + if (stream_id == sock_h2->stream_id) { + memmove(sock_h2->buf + sock_h2->bufsize, + data, len); + sock_h2->bufsize += len; + break; + } + sock_h2 = ISC_LIST_NEXT(sock_h2, link); + } + } + + return (0); +} + +static int +on_stream_close_callback(nghttp2_session *ngsession, int32_t stream_id, + uint32_t error_code, void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + + REQUIRE(VALID_HTTP2_SESSION(session)); + + UNUSED(error_code); + + if (session->cstream != NULL) { + if (session->cstream->stream_id == stream_id) { + int rv; + + session->cstream->cb( + NULL, ISC_R_SUCCESS, + &(isc_region_t){ session->cstream->rbuf, + session->cstream->rbufsize }, + session->cstream->cbarg); + rv = nghttp2_session_terminate_session( + ngsession, NGHTTP2_NO_ERROR); + if (rv != 0) { + return (NGHTTP2_ERR_CALLBACK_FAILURE); + } + } + } else { + /* XXX */ + } + + /* XXXWPK TODO we need to close the session */ + + return (0); +} + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* + * NPN TLS extension client callback. We check that server advertised + * the HTTP/2 protocol the nghttp2 library supports. If not, exit the + * program. + */ +static int +select_next_proto_cb(SSL *ssl, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) { + UNUSED(ssl); + UNUSED(arg); + + if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) { + /* TODO */ + } + return (SSL_TLSEXT_ERR_OK); +} +#endif /* !OPENSSL_NO_NEXTPROTONEG */ + +/* Create SSL_CTX. */ +static SSL_CTX * +create_ssl_ctx(void) { + SSL_CTX *ssl_ctx = NULL; + + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + RUNTIME_CHECK(ssl_ctx != NULL); + + SSL_CTX_set_options( + ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + SSL_OP_NO_COMPRESSION | + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL); +#endif /* !OPENSSL_NO_NEXTPROTONEG */ + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3); +#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */ + + return (ssl_ctx); +} + +static void +initialize_nghttp2_client_session(isc_nm_http2_session_t *session) { + nghttp2_session_callbacks *callbacks = NULL; + + nghttp2_session_callbacks_new(&callbacks); + + nghttp2_session_callbacks_set_on_data_chunk_recv_callback( + callbacks, on_data_chunk_recv_callback); + + nghttp2_session_callbacks_set_on_stream_close_callback( + callbacks, on_stream_close_callback); + + nghttp2_session_client_new(&session->ngsession, callbacks, session); + + nghttp2_session_callbacks_del(callbacks); +} + +static void +send_client_connection_header(isc_nm_http2_session_t *session) { + nghttp2_settings_entry iv[1] = { + { NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100 } + }; + int rv; + + rv = nghttp2_submit_settings(session->ngsession, NGHTTP2_FLAG_NONE, iv, + 1); + if (rv != 0) { + /* TODO */ + } + + http2_do_bio(session); +} + +#define MAKE_NV(NAME, VALUE, VALUELEN) \ + { \ + (uint8_t *)(uintptr_t)(NAME), (uint8_t *)(uintptr_t)(VALUE), \ + sizeof(NAME) - 1, VALUELEN, NGHTTP2_NV_FLAG_NONE \ + } + +#define MAKE_NV2(NAME, VALUE) \ + { \ + (uint8_t *)(uintptr_t)(NAME), (uint8_t *)(uintptr_t)(VALUE), \ + sizeof(NAME) - 1, sizeof(VALUE) - 1, \ + NGHTTP2_NV_FLAG_NONE \ + } + +static ssize_t +client_post_read_callback(nghttp2_session *ngsession, int32_t stream_id, + uint8_t *buf, size_t length, uint32_t *data_flags, + nghttp2_data_source *source, void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + + REQUIRE(session->cstream != NULL); + + UNUSED(ngsession); + UNUSED(source); + + if (session->cstream->stream_id == stream_id) { + size_t len = session->cstream->postdata->length - + session->cstream->postdata_pos; + + if (len > length) { + len = length; + } + + memmove(buf, + session->cstream->postdata->base + + session->cstream->postdata_pos, + len); + session->cstream->postdata_pos += len; + + if (session->cstream->postdata_pos == + session->cstream->postdata->length) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + + return (len); + } + + return (0); +} + +/* Send HTTP request to the remote peer */ +static isc_result_t +client_submit_request(isc_nm_http2_session_t *session) { + int32_t stream_id; + http2_client_stream_t *stream = session->cstream; + char *uri = stream->uri; + isc_url_parser_t *up = &stream->up; + nghttp2_data_provider dp; + char p[64]; + + snprintf(p, 64, "%u", stream->postdata->length); + + nghttp2_nv hdrs[] = { + MAKE_NV2(":method", "POST"), + MAKE_NV(":scheme", &uri[up->field_data[ISC_UF_SCHEMA].off], + up->field_data[ISC_UF_SCHEMA].len), + MAKE_NV(":authority", stream->authority, stream->authoritylen), + MAKE_NV(":path", stream->path, stream->pathlen), + MAKE_NV2("content-type", "application/dns-message"), + MAKE_NV2("accept", "application/dns-message"), + MAKE_NV("content-length", p, strlen(p)), + }; + + dp = (nghttp2_data_provider){ .read_callback = + client_post_read_callback }; + stream_id = nghttp2_submit_request(session->ngsession, NULL, hdrs, 7, + &dp, stream); + if (stream_id < 0) { + return (ISC_R_FAILURE); + } + + stream->stream_id = stream_id; + http2_do_bio(session); + + return (ISC_R_SUCCESS); +} + +/* + * Read callback from TLS socket. + */ +static void +https_readcb(isc_nmhandle_t *handle, isc_result_t result, isc_region_t *region, + void *data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)data; + ssize_t readlen; + + REQUIRE(VALID_HTTP2_SESSION(session)); + + UNUSED(handle); + UNUSED(result); + + if (result != ISC_R_SUCCESS) { + session->reading = false; + delete_http2_session(session); + /* TODO callback! */ + return; + } + + readlen = nghttp2_session_mem_recv(session->ngsession, region->base, + region->length); + if (readlen < 0) { + delete_http2_session(session); + /* TODO callback! */ + return; + } + + if (readlen < region->length) { + INSIST(session->bufsize == 0); + INSIST(region->length - readlen < 65535); + memmove(session->buf, region->base, region->length - readlen); + session->bufsize = region->length - readlen; + isc_nm_pauseread(session->handle); + } + + /* We might have something to receive or send, do IO */ + http2_do_bio(session); +} + +static void +https_writecb(isc_nmhandle_t *handle, isc_result_t result, void *arg) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)arg; + + REQUIRE(VALID_HTTP2_SESSION(session)); + + UNUSED(handle); + UNUSED(result); + + session->sending = false; + isc_mem_put(session->mctx, session->r.base, session->r.length); + session->r.base = NULL; + http2_do_bio(session); +} + +static bool +http2_do_bio(isc_nm_http2_session_t *session) { + REQUIRE(VALID_HTTP2_SESSION(session)); + + if (session->closed || + (nghttp2_session_want_read(session->ngsession) == 0 && + nghttp2_session_want_write(session->ngsession) == 0)) + { + delete_http2_session(session); + return (false); + } + + if (nghttp2_session_want_read(session->ngsession) != 0) { + if (!session->reading) { + /* We have not yet started reading from this handle */ + isc_nm_read(session->handle, https_readcb, session); + session->reading = true; + } else if (session->bufsize > 0) { + /* Leftover data in the buffer, use it */ + size_t readlen = nghttp2_session_mem_recv( + session->ngsession, session->buf, + session->bufsize); + + if (readlen == session->bufsize) { + session->bufsize = 0; + } else { + memmove(session->buf, session->buf + readlen, + session->bufsize - readlen); + session->bufsize -= readlen; + } + + http2_do_bio(session); + return (false); + } else { + /* Resume reading, it's idempotent, wait for more */ + isc_nm_resumeread(session->handle); + } + } else { + /* We don't want more data, stop reading for now */ + isc_nm_pauseread(session->handle); + } + + if (!session->sending && + nghttp2_session_want_write(session->ngsession) != 0) { + const uint8_t *data = NULL; + size_t sz; + + /* + * XXXWPK TODO + * This function may produce a very small byte string. If + * that is the case, and application disables Nagle + * algorithm (``TCP_NODELAY``), then writing this small + * chunk leads to a very small packet, and it is very + * inefficient. An application should be responsible to + * buffer up small chunks of data as necessary to avoid + * this situation. + */ + sz = nghttp2_session_mem_send(session->ngsession, &data); + INSIST(session->r.base == NULL); + session->r.base = isc_mem_get(session->mctx, sz); + session->r.length = sz; + memmove(session->r.base, data, sz); + session->sending = true; + isc_nm_send(session->handle, &session->r, https_writecb, + session); + return (true); + } + + return (false); +} + +static void +https_connect_cb(isc_nmhandle_t *handle, isc_result_t result, void *arg) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)arg; + + if (result != ISC_R_SUCCESS) { + delete_http2_session(session); + return; + } + + isc_nmhandle_attach(handle, &session->handle); + +#if 0 +/* TODO H2 */ +#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen); +#endif +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + if (alpn == NULL) { + SSL_get0_alpn_selected(ssl, &alpn, &alpnlen); + } +#endif + + if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) { + delete_http2_session(session); + return; + } +#endif + + initialize_nghttp2_client_session(session); + send_client_connection_header(session); + client_submit_request(session); + http2_do_bio(session); +} + +isc_result_t +isc_nm_httpsconnect(isc_nm_t *mgr, isc_nmiface_t *local, isc_nmiface_t *peer, + const char *uri, isc_nm_cb_t cb, void *cbarg, + unsigned int timeout, size_t extrahandlesize) { + REQUIRE(VALID_NM(mgr)); + + UNUSED(local); + UNUSED(peer); + UNUSED(uri); + UNUSED(cb); + UNUSED(cbarg); + UNUSED(timeout); + UNUSED(extrahandlesize); + + return (ISC_R_NOTIMPLEMENTED); +} + +isc_result_t +isc_nm_doh_request(isc_nm_t *mgr, const char *uri, isc_region_t *region, + isc_nm_recv_cb_t cb, void *cbarg, SSL_CTX *ctx) { + uint16_t port; + char *host = NULL; + isc_nm_http2_session_t *session = NULL; + http2_client_stream_t *cstream = NULL; + struct addrinfo hints; + struct addrinfo *res = NULL; + isc_sockaddr_t local, peer; + isc_result_t result; + int s; + + if (ctx == NULL) { + ctx = create_ssl_ctx(); + } + + session = isc_mem_get(mgr->mctx, sizeof(isc_nm_http2_session_t)); + *session = (isc_nm_http2_session_t){ .magic = HTTP2_SESSION_MAGIC, + .ctx = ctx }; + isc_mem_attach(mgr->mctx, &session->mctx); + + result = get_http2_client_stream(mgr->mctx, &cstream, uri, &port); + if (result != ISC_R_SUCCESS) { + delete_http2_session(session); + return (result); + } + + cstream->postdata = region; + cstream->postdata_pos = 0; + cstream->cb = cb; + cstream->cbarg = cbarg; + + session->cstream = cstream; + +#ifndef WIN32 /* FIXME */ + hints = (struct addrinfo){ .ai_family = PF_UNSPEC, + .ai_socktype = SOCK_STREAM, + .ai_flags = AI_CANONNAME }; + host = isc_mem_strndup(mgr->mctx, cstream->authority, + cstream->authoritylen + 1); + + s = getaddrinfo(host, NULL, &hints, &res); + isc_mem_free(mgr->mctx, host); + if (s != 0) { + delete_http2_session(session); + return (ISC_R_FAILURE); + } +#endif /* WIN32 */ + + isc_sockaddr_fromsockaddr(&peer, res->ai_addr); + isc_sockaddr_setport(&peer, port); + isc_sockaddr_anyofpf(&local, res->ai_family); + + freeaddrinfo(res); + + result = isc_nm_tlsconnect(mgr, (isc_nmiface_t *)&local, + (isc_nmiface_t *)&peer, https_connect_cb, + session, ctx, 30000, 0); + /* XXX: timeout is hard-coded to 30 seconds - make it a parameter */ + if (result != ISC_R_SUCCESS) { + return (result); + } + + return (ISC_R_SUCCESS); +} + +static int +server_on_begin_headers_callback(nghttp2_session *ngsession, + const nghttp2_frame *frame, void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + isc_nmsocket_t *socket = NULL; + isc_sockaddr_t iface; + + if (frame->hd.type != NGHTTP2_HEADERS || + frame->headers.cat != NGHTTP2_HCAT_REQUEST) + { + return (0); + } + + socket = isc_mem_get(session->mctx, sizeof(isc_nmsocket_t)); + iface = isc_nmhandle_localaddr(session->handle); + isc__nmsocket_init(socket, session->serversocket->mgr, + isc_nm_httpstream, (isc_nmiface_t *)&iface); + socket->h2 = (isc_nmsocket_h2_t){ .bufpos = 0, + .bufsize = 0, + .psock = socket, + .handler = NULL, + .request_path = NULL, + .query_data = NULL, + .stream_id = frame->hd.stream_id, + .session = session }; + + ISC_LINK_INIT(&socket->h2, link); + ISC_LIST_APPEND(session->sstreams, &socket->h2, link); + nghttp2_session_set_stream_user_data(ngsession, frame->hd.stream_id, + socket); + return (0); +} + +static int +server_on_header_callback(nghttp2_session *session, const nghttp2_frame *frame, + const uint8_t *name, size_t namelen, + const uint8_t *value, size_t valuelen, uint8_t flags, + void *user_data) { + isc_nmsocket_t *socket = NULL; + const char path[] = ":path"; + + UNUSED(flags); + UNUSED(user_data); + + switch (frame->hd.type) { + case NGHTTP2_HEADERS: + if (frame->headers.cat != NGHTTP2_HCAT_REQUEST) { + break; + } + + socket = nghttp2_session_get_stream_user_data( + session, frame->hd.stream_id); + if (socket == NULL || socket->h2.request_path != NULL) { + break; + } + + if (namelen == sizeof(path) - 1 && + memcmp(path, name, namelen) == 0) { + size_t j; + for (j = 0; j < valuelen && value[j] != '?'; ++j) + ; + socket->h2.request_path = isc_mem_strndup( + socket->mgr->mctx, (const char *)value, j + 1); + if (j < valuelen) { + socket->h2.query_data = isc_mem_strndup( + socket->mgr->mctx, (char *)value + j, + valuelen - j); + } + } + break; + } + + return (0); +} + +static ssize_t +server_read_callback(nghttp2_session *ngsession, int32_t stream_id, + uint8_t *buf, size_t length, uint32_t *data_flags, + nghttp2_data_source *source, void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + isc_nmsocket_t *socket = (isc_nmsocket_t *)source->ptr; + size_t buflen; + + REQUIRE(socket->h2.stream_id == stream_id); + + UNUSED(ngsession); + UNUSED(session); + + buflen = socket->h2.bufsize - socket->h2.bufpos; + if (buflen > length) { + buflen = length; + } + + memmove(buf, socket->h2.buf + socket->h2.bufpos, buflen); + socket->h2.bufpos += buflen; + if (socket->h2.bufpos == socket->h2.bufsize) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + + return (buflen); +} + +static int +server_send_response(nghttp2_session *ngsession, int32_t stream_id, + const nghttp2_nv *nva, size_t nvlen, + isc_nmsocket_t *socket) { + int rv; + nghttp2_data_provider data_prd; + data_prd.source.ptr = socket; + data_prd.read_callback = server_read_callback; + + rv = nghttp2_submit_response(ngsession, stream_id, nva, nvlen, + &data_prd); + if (rv != 0) { + return (-1); + } + return (0); +} + +static const char ERROR_HTML[] = "404" + "

404 Not Found

"; + +static int +error_reply(nghttp2_session *ngsession, isc_nmsocket_t *socket) { + const nghttp2_nv hdrs[] = { MAKE_NV2(":status", "404") }; + + memmove(socket->h2.buf, ERROR_HTML, sizeof(ERROR_HTML)); + socket->h2.bufsize = sizeof(ERROR_HTML); + socket->h2.bufpos = 0; + + server_send_response(ngsession, socket->h2.stream_id, hdrs, + sizeof(hdrs) / sizeof(nghttp2_nv), socket); + return (0); +} + +static int +server_on_request_recv(nghttp2_session *ngsession, + isc_nm_http2_session_t *session, + isc_nmsocket_t *socket) { + isc_nm_http2_server_handler_t *handler = NULL; + isc_nmhandle_t *handle = NULL; + isc_sockaddr_t addr; + + if (!socket->h2.request_path) { + if (error_reply(ngsession, socket) != 0) { + return (NGHTTP2_ERR_CALLBACK_FAILURE); + } + return (0); + } + + for (handler = ISC_LIST_HEAD(session->serversocket->handlers); + handler != NULL; handler = ISC_LIST_NEXT(handler, link)) + { + if (!strcmp(socket->h2.request_path, handler->path)) { + break; + } + } + + if (handler == NULL) { + if (error_reply(ngsession, socket) != 0) { + return (NGHTTP2_ERR_CALLBACK_FAILURE); + } + return (0); + } + + socket->extrahandlesize = handler->extrahandlesize; + addr = isc_nmhandle_peeraddr(session->handle); + handle = isc__nmhandle_get(socket, &addr, NULL); + handler->cb(handle, ISC_R_SUCCESS, + &(isc_region_t){ socket->h2.buf, socket->h2.bufsize }, + &(isc_region_t){ (unsigned char *)socket->h2.query_data, + strlen(socket->h2.query_data) + 1 }, + handler->cbarg); + return (0); +} + +void +isc__nm_http_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg) { + const nghttp2_nv hdrs[] = { MAKE_NV2(":status", "200") }; + isc_nmsocket_t *sock = handle->sock; + + /* TODO FIXME do it asynchronously!!! */ + memcpy(sock->h2.buf, region->base, region->length); + sock->h2.bufsize = region->length; + if (server_send_response(handle->httpsession->ngsession, + sock->h2.stream_id, hdrs, + sizeof(hdrs) / sizeof(nghttp2_nv), sock) != 0) + { + cb(handle, ISC_R_FAILURE, cbarg); + } else { + cb(handle, ISC_R_SUCCESS, cbarg); + } +} + +static int +server_on_frame_recv_callback(nghttp2_session *ngsession, + const nghttp2_frame *frame, void *user_data) { + isc_nm_http2_session_t *session = (isc_nm_http2_session_t *)user_data; + isc_nmsocket_t *socket = NULL; + + switch (frame->hd.type) { + case NGHTTP2_DATA: + case NGHTTP2_HEADERS: + /* Check that the client request has finished */ + if (frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { + socket = nghttp2_session_get_stream_user_data( + ngsession, frame->hd.stream_id); + + /* + * For DATA and HEADERS frame, this callback may be + * called after on_stream_close_callback. Check that + * the stream is still alive. + */ + if (socket == NULL) { + return (0); + } + + return (server_on_request_recv(ngsession, session, + socket)); + } + break; + default: + break; + } + return (0); +} + +static void +initialize_nghttp2_server_session(isc_nm_http2_session_t *session) { + nghttp2_session_callbacks *callbacks = NULL; + + nghttp2_session_callbacks_new(&callbacks); + + nghttp2_session_callbacks_set_on_data_chunk_recv_callback( + callbacks, on_data_chunk_recv_callback); + + nghttp2_session_callbacks_set_on_stream_close_callback( + callbacks, on_stream_close_callback); + + nghttp2_session_callbacks_set_on_header_callback( + callbacks, server_on_header_callback); + + nghttp2_session_callbacks_set_on_begin_headers_callback( + callbacks, server_on_begin_headers_callback); + + nghttp2_session_callbacks_set_on_frame_recv_callback( + callbacks, server_on_frame_recv_callback); + + nghttp2_session_server_new(&session->ngsession, callbacks, session); + + nghttp2_session_callbacks_del(callbacks); +} + +static int +server_send_connection_header(isc_nm_http2_session_t *session) { + nghttp2_settings_entry iv[1] = { + { NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100 } + }; + int rv; + + rv = nghttp2_submit_settings(session->ngsession, NGHTTP2_FLAG_NONE, iv, + 1); + if (rv != 0) { + return (-1); + } + return (0); +} + +static isc_result_t +httplisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { + isc_nmsocket_t *httplistensock = (isc_nmsocket_t *)cbarg; + isc_nm_http2_session_t *session = NULL; + + if (result != ISC_R_SUCCESS) { + /* XXXWPK do nothing? */ + return (result); + } + + session = isc_mem_get(httplistensock->mgr->mctx, + sizeof(isc_nm_http2_session_t)); + *session = (isc_nm_http2_session_t){ .magic = HTTP2_SESSION_MAGIC }; + initialize_nghttp2_server_session(session); + + isc_mem_attach(httplistensock->mgr->mctx, &session->mctx); + isc_nmhandle_attach(handle, &session->handle); + isc__nmsocket_attach(httplistensock, &session->serversocket); + server_send_connection_header(session); + + /* TODO H2 */ + http2_do_bio(session); + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_nm_listenhttps(isc_nm_t *mgr, isc_nmiface_t *iface, int backlog, + isc_quota_t *quota, SSL_CTX *ctx, isc_nmsocket_t **sockp) { + isc_nmsocket_t *sock = NULL; + isc_result_t result; + + isc_mem_get(mgr->mctx, sizeof(*sock)); + isc__nmsocket_init(sock, mgr, isc_nm_httplistener, iface); + + if (ctx != NULL) { + result = isc_nm_listentls(mgr, iface, httplisten_acceptcb, sock, + sizeof(isc_nm_http2_session_t), + backlog, quota, ctx, &sock->outer); + } else { + result = isc_nm_listentcp(mgr, iface, httplisten_acceptcb, sock, + sizeof(isc_nm_http2_session_t), + backlog, quota, &sock->outer); + } + + if (result != ISC_R_SUCCESS) { + atomic_store(&sock->closed, true); + isc__nmsocket_detach(&sock); + return (result); + } + + atomic_store(&sock->listening, true); + *sockp = sock; + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_nm_http_add_endpoint(isc_nmsocket_t *sock, const char *uri, + isc_nm_http_cb_t cb, void *cbarg, + size_t extrahandlesize) { + isc_nm_http2_server_handler_t *handler = NULL; + + REQUIRE(VALID_NMSOCK(sock)); + REQUIRE(sock->type == isc_nm_httplistener); + + handler = isc_mem_get(sock->mgr->mctx, sizeof(*handler)); + *handler = (isc_nm_http2_server_handler_t){ + .cb = cb, + .cbarg = cbarg, + .extrahandlesize = extrahandlesize, + .path = isc_mem_strdup(sock->mgr->mctx, uri) + }; + + ISC_LINK_INIT(handler, link); + ISC_LIST_APPEND(sock->handlers, handler, link); + + return (ISC_R_SUCCESS); +} + +typedef struct { + isc_nm_recv_cb_t cb; + void *cbarg; +} cbarg_t; + +static unsigned char doh_error[] = + "No request" + "

No request

"; + +static const isc_region_t doh_error_r = { doh_error, sizeof(doh_error) }; + +static void +https_sendcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { + UNUSED(handle); + UNUSED(result); + UNUSED(cbarg); +} + +/* + * In DoH we just need to intercept the request - the response can be sent + * to the client code via the nmhandle directly as it's always just the + * http * content. + */ +static void +doh_callback(isc_nmhandle_t *handle, isc_result_t result, isc_region_t *post, + isc_region_t *get, void *arg) { + cbarg_t *dohcbarg = arg; + isc_region_t *data = NULL; + + REQUIRE(VALID_NMHANDLE(handle)); + + UNUSED(result); + UNUSED(get); + + if (result != ISC_R_SUCCESS) { + /* Shut down the client, then ourselves */ + dohcbarg->cb(NULL, result, NULL, dohcbarg->cbarg); + /* XXXWPK FREE */ + return; + } + + if (post != NULL) { + data = post; + } else if (get != NULL) { + /* XXXWPK PARSE */ + data = NULL; /* FIXME */ + } else { + /* Invalid request, just send the error response */ + isc_nm_send(handle, &doh_error_r, https_sendcb, dohcbarg); + return; + } + + dohcbarg->cb(handle, result, data, dohcbarg->cbarg); +} + +isc_result_t +isc_nm_http_add_doh_endpoint(isc_nmsocket_t *sock, const char *uri, + isc_nm_recv_cb_t cb, void *cbarg, + size_t extrahandlesize) { + isc_result_t result; + cbarg_t *dohcbarg = NULL; + + REQUIRE(VALID_NMSOCK(sock)); + REQUIRE(sock->type == isc_nm_httplistener); + + dohcbarg = isc_mem_get(sock->mgr->mctx, sizeof(cbarg_t)); + *dohcbarg = (cbarg_t){ cb, cbarg }; + + result = isc_nm_http_add_endpoint(sock, uri, doh_callback, dohcbarg, + extrahandlesize); + if (result != ISC_R_SUCCESS) { + isc_mem_put(sock->mgr->mctx, dohcbarg, sizeof(cbarg_t)); + } + + return (result); +} diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h index 6dacd7cf51c..3ad09823bf9 100644 --- a/lib/isc/netmgr/netmgr-int.h +++ b/lib/isc/netmgr/netmgr-int.h @@ -155,6 +155,8 @@ isc__nm_dump_active(isc_nm_t *nm); #define isc__nmsocket_prep_destroy(sock) isc___nmsocket_prep_destroy(sock) #endif +typedef struct isc_nm_http2_session isc_nm_http2_session_t; + /* * Single network event loop worker. */ @@ -207,6 +209,8 @@ struct isc_nmhandle { isc_nmsocket_t *sock; size_t ah_pos; /* Position in the socket's 'active handles' array */ + isc_nm_http2_session_t *httpsession; + isc_sockaddr_t peer; isc_sockaddr_t local; isc_nm_opaquecb_t doreset; /* reset extra callback, external */ @@ -293,11 +297,22 @@ typedef enum isc__netievent_type { typedef union { isc_nm_recv_cb_t recv; + isc_nm_http_cb_t http; isc_nm_cb_t send; isc_nm_cb_t connect; isc_nm_accept_cb_t accept; } isc__nm_cb_t; +typedef struct isc_nm_http2_server_handler isc_nm_http2_server_handler_t; + +struct isc_nm_http2_server_handler { + char *path; + isc_nm_http_cb_t cb; + void *cbarg; + size_t extrahandlesize; + LINK(isc_nm_http2_server_handler_t) link; +}; + /* * Wrapper around uv_req_t with 'our' fields in it. req->data should * always point to its parent. Note that we always allocate more than @@ -652,7 +667,9 @@ typedef enum isc_nmsocket_type { isc_nm_tlslistener, isc_nm_tlssocket, isc_nm_tlsdnslistener, - isc_nm_tlsdnssocket + isc_nm_tlsdnssocket, + isc_nm_httplistener, + isc_nm_httpstream } isc_nmsocket_type; /*% @@ -679,18 +696,31 @@ enum { STATID_ACTIVE = 10 }; - typedef struct isc_nmsocket_tls_send_req { isc_nmsocket_t *tlssock; isc_region_t data; } isc_nmsocket_tls_send_req_t; +typedef struct isc_nmsocket_h2 { + isc_nmsocket_t *psock; /* owner of the structure */ + char *request_path; + char *query_data; + isc_nm_http2_server_handler_t *handler; + + uint8_t buf[65535]; + size_t bufsize; + size_t bufpos; + + int32_t stream_id; + LINK(struct isc_nmsocket_h2) link; +} isc_nmsocket_h2_t; struct isc_nmsocket { /*% Unlocked, RO */ int magic; int tid; isc_nmsocket_type type; isc_nm_t *mgr; + /*% Parent socket for multithreaded listeners */ isc_nmsocket_t *parent; /*% Listener socket this connection was accepted on */ @@ -741,6 +771,7 @@ struct isc_nmsocket { ISC_LIST(isc__nm_uvreq_t) sends; } tlsstream; + isc_nmsocket_h2_t h2; /*% * quota is the TCP client, attached when a TCP connection * is established. pquota is a non-attached pointer to the @@ -942,6 +973,9 @@ struct isc_nmsocket { void *accept_cbarg; atomic_int_fast32_t active_child_connections; + + ISC_LIST(isc_nm_http2_server_handler_t) handlers; + #ifdef NETMGR_TRACE void *backtrace[TRACE_SIZE]; int backtrace_size; @@ -1106,8 +1140,8 @@ isc__nm_async_shutdown(isc__networker_t *worker, isc__netievent_t *ev0); */ void -isc__nm_udp_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg); +isc__nm_udp_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg); /*%< * Back-end implementation of isc_nm_send() for UDP handles. */ @@ -1168,8 +1202,8 @@ isc__nm_async_udpclose(isc__networker_t *worker, isc__netievent_t *ev0); */ void -isc__nm_tcp_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg); +isc__nm_tcp_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg); /*%< * Back-end implementation of isc_nm_send() for TCP handles. */ @@ -1350,6 +1384,10 @@ void isc__nm_tlsdns_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, void *cbarg); +void +isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg); + void isc__nm_tls_cancelread(isc_nmhandle_t *handle); @@ -1406,10 +1444,6 @@ isc__nm_tlsdns_cancelread(isc_nmhandle_t *handle); * Stop reading on a connected TLSDNS handle. */ -void -isc__nm_tls_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg); - void isc__nm_tls_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg); @@ -1438,6 +1472,10 @@ isc__nm_tls_cleanup_data(isc_nmsocket_t *sock); void isc__nm_tls_stoplistening(isc_nmsocket_t *sock); +void +isc__nm_http_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg); + #define isc__nm_uverr2result(x) \ isc___nm_uverr2result(x, true, __FILE__, __LINE__, __func__) isc_result_t diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index 3253dab9994..d1331cea2b1 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -1696,6 +1696,9 @@ isc_nm_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, case isc_nm_tlsdnssocket: isc__nm_tlsdns_send(handle, region, cb, cbarg); break; + case isc_nm_httpstream: + isc__nm_http_send(handle, region, cb, cbarg); + break; default: INSIST(0); ISC_UNREACHABLE(); diff --git a/lib/isc/netmgr/tcp.c b/lib/isc/netmgr/tcp.c index 24f43c9856d..6c52aed62c6 100644 --- a/lib/isc/netmgr/tcp.c +++ b/lib/isc/netmgr/tcp.c @@ -1155,8 +1155,8 @@ failure: } void -isc__nm_tcp_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg) { +isc__nm_tcp_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg) { REQUIRE(VALID_NMHANDLE(handle)); REQUIRE(VALID_NMSOCK(handle->sock)); diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 3b4c01f11d3..a2d4f80d623 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -559,11 +559,12 @@ isc__nm_async_tlssend(isc__networker_t *worker, isc__netievent_t *ev0) { } void -isc__nm_tls_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg) { +isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg) { isc__netievent_tlssend_t *ievent = NULL; isc__nm_uvreq_t *uvreq = NULL; isc_nmsocket_t *sock = NULL; + REQUIRE(VALID_NMHANDLE(handle)); REQUIRE(VALID_NMSOCK(handle->sock)); @@ -875,7 +876,6 @@ isc__nm_async_tlsconnect(isc__networker_t *worker, isc__netievent_t *ev0) { if (result != ISC_R_SUCCESS) { goto error; } - return; error: tlshandle = isc__nmhandle_get(tlssock, NULL, NULL); diff --git a/lib/isc/netmgr/udp.c b/lib/isc/netmgr/udp.c index 411b8deacfb..8651fd2c00a 100644 --- a/lib/isc/netmgr/udp.c +++ b/lib/isc/netmgr/udp.c @@ -478,8 +478,8 @@ free: * another thread. */ void -isc__nm_udp_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb, - void *cbarg) { +isc__nm_udp_send(isc_nmhandle_t *handle, const isc_region_t *region, + isc_nm_cb_t cb, void *cbarg) { isc_nmsocket_t *sock = handle->sock; isc_nmsocket_t *psock = NULL, *rsock = sock; isc_sockaddr_t *peer = &handle->peer; diff --git a/lib/isc/url.c b/lib/isc/url.c new file mode 100644 index 00000000000..e64bcd8ae0b --- /dev/null +++ b/lib/isc/url.c @@ -0,0 +1,667 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Copyright Joyent, Inc. and other Node contributors. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include +#include +#include +#include + +#include +#include + +#ifndef BIT_AT +#define BIT_AT(a, i) \ + (!!((unsigned int)(a)[(unsigned int)(i) >> 3] & \ + (1 << ((unsigned int)(i)&7)))) +#endif + +#if HTTP_PARSER_STRICT +#define T(v) 0 +#else +#define T(v) v +#endif + +static const uint8_t normal_url_char[32] = { + /* 0 nul 1 soh 2 stx 3 etx 4 eot 5 enq 6 ack 7 bel */ + 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0, + /* 8 bs 9 ht 10 nl 11 vt 12 np 13 cr 14 so 15 si */ + 0 | T(2) | 0 | 0 | T(16) | 0 | 0 | 0, + /* 16 dle 17 dc1 18 dc2 19 dc3 20 dc4 21 nak 22 syn 23 etb */ + 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0, + /* 24 can 25 em 26 sub 27 esc 28 fs 29 gs 30 rs 31 us */ + 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0, + /* 32 sp 33 ! 34 " 35 # 36 $ 37 % 38 & 39 ' */ + 0 | 2 | 4 | 0 | 16 | 32 | 64 | 128, + /* 40 ( 41 ) 42 * 43 + 44 , 45 - 46 . 47 / */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 48 0 49 1 50 2 51 3 52 4 53 5 54 6 55 7 */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 56 8 57 9 58 : 59 ; 60 < 61 = 62 > 63 ? */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 0, + /* 64 @ 65 A 66 B 67 C 68 D 69 E 70 F 71 G */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 72 H 73 I 74 J 75 K 76 L 77 M 78 N 79 O */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 80 P 81 Q 82 R 83 S 84 T 85 U 86 V 87 W */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 88 X 89 Y 90 Z 91 [ 92 \ 93 ] 94 ^ 95 _ */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 96 ` 97 a 98 b 99 c 100 d 101 e 102 f 103 g */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 104 h 105 i 106 j 107 k 108 l 109 m 110 n 111 o */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 112 p 113 q 114 r 115 s 116 t 117 u 118 v 119 w */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + /* 120 x 121 y 122 z 123 { 124 | 125 } 126 ~ 127 del */ + 1 | 2 | 4 | 8 | 16 | 32 | 64 | 0, +}; + +#undef T + +typedef enum { + s_dead = 1, /* important that this is > 0 */ + + s_start_req_or_res, + s_res_or_resp_H, + s_start_res, + s_res_H, + s_res_HT, + s_res_HTT, + s_res_HTTP, + s_res_http_major, + s_res_http_dot, + s_res_http_minor, + s_res_http_end, + s_res_first_status_code, + s_res_status_code, + s_res_status_start, + s_res_status, + s_res_line_almost_done, + + s_start_req, + + s_req_method, + s_req_spaces_before_url, + s_req_schema, + s_req_schema_slash, + s_req_schema_slash_slash, + s_req_server_start, + s_req_server, + s_req_server_with_at, + s_req_path, + s_req_query_string_start, + s_req_query_string, + s_req_fragment_start, + s_req_fragment, + s_req_http_start, + s_req_http_H, + s_req_http_HT, + s_req_http_HTT, + s_req_http_HTTP, + s_req_http_I, + s_req_http_IC, + s_req_http_major, + s_req_http_dot, + s_req_http_minor, + s_req_http_end, + s_req_line_almost_done, + + s_header_field_start, + s_header_field, + s_header_value_discard_ws, + s_header_value_discard_ws_almost_done, + s_header_value_discard_lws, + s_header_value_start, + s_header_value, + s_header_value_lws, + + s_header_almost_done, + + s_chunk_size_start, + s_chunk_size, + s_chunk_parameters, + s_chunk_size_almost_done, + + s_headers_almost_done, + s_headers_done, + + /* + * Important: 's_headers_done' must be the last 'header' state. All + * states beyond this must be 'body' states. It is used for overflow + * checking. See the PARSING_HEADER() macro. + */ + + s_chunk_data, + s_chunk_data_almost_done, + s_chunk_data_done, + + s_body_identity, + s_body_identity_eof, + + s_message_done +} state_t; + +typedef enum { + s_http_host_dead = 1, + s_http_userinfo_start, + s_http_userinfo, + s_http_host_start, + s_http_host_v6_start, + s_http_host, + s_http_host_v6, + s_http_host_v6_end, + s_http_host_v6_zone_start, + s_http_host_v6_zone, + s_http_host_port_start, + s_http_host_port +} host_state_t; + +/* Macros for character classes; depends on strict-mode */ +#define IS_MARK(c) \ + ((c) == '-' || (c) == '_' || (c) == '.' || (c) == '!' || (c) == '~' || \ + (c) == '*' || (c) == '\'' || (c) == '(' || (c) == ')') +#define IS_USERINFO_CHAR(c) \ + (isalnum(c) || IS_MARK(c) || (c) == '%' || (c) == ';' || (c) == ':' || \ + (c) == '&' || (c) == '=' || (c) == '+' || (c) == '$' || (c) == ',') + +#if HTTP_PARSER_STRICT +#define IS_URL_CHAR(c) (BIT_AT(normal_url_char, (unsigned char)c)) +#define IS_HOST_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '-') +#else +#define IS_URL_CHAR(c) (BIT_AT(normal_url_char, (unsigned char)c) || ((c)&0x80)) +#define IS_HOST_CHAR(c) (isalnum(c) || (c) == '.' || (c) == '-' || (c) == '_') +#endif + +/* + * Our URL parser. + * + * This is designed to be shared by http_parser_execute() for URL validation, + * hence it has a state transition + byte-for-byte interface. In addition, it + * is meant to be embedded in http_parser_parse_url(), which does the dirty + * work of turning state transitions URL components for its API. + * + * This function should only be invoked with non-space characters. It is + * assumed that the caller cares about (and can detect) the transition between + * URL and non-URL states by looking for these. + */ +static state_t +parse_url_char(state_t s, const char ch) { + if (ch == ' ' || ch == '\r' || ch == '\n') { + return (s_dead); + } + +#if HTTP_PARSER_STRICT + if (ch == '\t' || ch == '\f') { + return (s_dead); + } +#endif + + switch (s) { + case s_req_spaces_before_url: + /* Proxied requests are followed by scheme of an absolute URI + * (alpha). All methods except CONNECT are followed by '/' or + * '*'. + */ + + if (ch == '/' || ch == '*') { + return (s_req_path); + } + + if (isalpha(ch)) { + return (s_req_schema); + } + + break; + + case s_req_schema: + if (isalpha(ch)) { + return (s); + } + + if (ch == ':') { + return (s_req_schema_slash); + } + + break; + + case s_req_schema_slash: + if (ch == '/') { + return (s_req_schema_slash_slash); + } + + break; + + case s_req_schema_slash_slash: + if (ch == '/') { + return (s_req_server_start); + } + + break; + + case s_req_server_with_at: + if (ch == '@') { + return (s_dead); + } + + /* FALLTHROUGH */ + case s_req_server_start: + case s_req_server: + if (ch == '/') { + return (s_req_path); + } + + if (ch == '?') { + return (s_req_query_string_start); + } + + if (ch == '@') { + return (s_req_server_with_at); + } + + if (IS_USERINFO_CHAR(ch) || ch == '[' || ch == ']') { + return (s_req_server); + } + + break; + + case s_req_path: + if (IS_URL_CHAR(ch)) { + return (s); + } + + switch (ch) { + case '?': + return (s_req_query_string_start); + + case '#': + return (s_req_fragment_start); + } + + break; + + case s_req_query_string_start: + case s_req_query_string: + if (IS_URL_CHAR(ch)) { + return (s_req_query_string); + } + + switch (ch) { + case '?': + /* allow extra '?' in query string */ + return (s_req_query_string); + + case '#': + return (s_req_fragment_start); + } + + break; + + case s_req_fragment_start: + if (IS_URL_CHAR(ch)) { + return (s_req_fragment); + } + + switch (ch) { + case '?': + return (s_req_fragment); + + case '#': + return (s); + } + + break; + + case s_req_fragment: + if (IS_URL_CHAR(ch)) { + return (s); + } + + switch (ch) { + case '?': + case '#': + return (s); + } + + break; + + default: + break; + } + + /* + * We should never fall out of the switch above unless there's an + * error. + */ + return (s_dead); +} + +static host_state_t +http_parse_host_char(host_state_t s, const char ch) { + switch (s) { + case s_http_userinfo: + case s_http_userinfo_start: + if (ch == '@') { + return (s_http_host_start); + } + + if (IS_USERINFO_CHAR(ch)) { + return (s_http_userinfo); + } + break; + + case s_http_host_start: + if (ch == '[') { + return (s_http_host_v6_start); + } + + if (IS_HOST_CHAR(ch)) { + return (s_http_host); + } + + break; + + case s_http_host: + if (IS_HOST_CHAR(ch)) { + return (s_http_host); + } + + /* FALLTHROUGH */ + case s_http_host_v6_end: + if (ch == ':') { + return (s_http_host_port_start); + } + + break; + + case s_http_host_v6: + if (ch == ']') { + return (s_http_host_v6_end); + } + + /* FALLTHROUGH */ + case s_http_host_v6_start: + if (isxdigit(ch) || ch == ':' || ch == '.') { + return (s_http_host_v6); + } + + if (s == s_http_host_v6 && ch == '%') { + return (s_http_host_v6_zone_start); + } + break; + + case s_http_host_v6_zone: + if (ch == ']') { + return (s_http_host_v6_end); + } + + /* FALLTHROUGH */ + case s_http_host_v6_zone_start: + /* RFC 6874 Zone ID consists of 1*( unreserved / pct-encoded) */ + if (isalnum(ch) || ch == '%' || ch == '.' || ch == '-' || + ch == '_' || ch == '~') + { + return (s_http_host_v6_zone); + } + break; + + case s_http_host_port: + case s_http_host_port_start: + if (isdigit(ch)) { + return (s_http_host_port); + } + + break; + + default: + break; + } + + return (s_http_host_dead); +} + +static isc_result_t +http_parse_host(const char *buf, isc_url_parser_t *up, int found_at) { + host_state_t s; + const char *p = NULL; + size_t buflen = up->field_data[ISC_UF_HOST].off + + up->field_data[ISC_UF_HOST].len; + + REQUIRE((up->field_set & (1 << ISC_UF_HOST)) != 0); + + up->field_data[ISC_UF_HOST].len = 0; + + s = found_at ? s_http_userinfo_start : s_http_host_start; + + for (p = buf + up->field_data[ISC_UF_HOST].off; p < buf + buflen; p++) { + host_state_t new_s = http_parse_host_char(s, *p); + + if (new_s == s_http_host_dead) { + return (ISC_R_FAILURE); + } + + switch (new_s) { + case s_http_host: + if (s != s_http_host) { + up->field_data[ISC_UF_HOST].off = + (uint16_t)(p - buf); + } + up->field_data[ISC_UF_HOST].len++; + break; + + case s_http_host_v6: + if (s != s_http_host_v6) { + up->field_data[ISC_UF_HOST].off = + (uint16_t)(p - buf); + } + up->field_data[ISC_UF_HOST].len++; + break; + + case s_http_host_v6_zone_start: + case s_http_host_v6_zone: + up->field_data[ISC_UF_HOST].len++; + break; + + case s_http_host_port: + if (s != s_http_host_port) { + up->field_data[ISC_UF_PORT].off = + (uint16_t)(p - buf); + up->field_data[ISC_UF_PORT].len = 0; + up->field_set |= (1 << ISC_UF_PORT); + } + up->field_data[ISC_UF_PORT].len++; + break; + + case s_http_userinfo: + if (s != s_http_userinfo) { + up->field_data[ISC_UF_USERINFO].off = + (uint16_t)(p - buf); + up->field_data[ISC_UF_USERINFO].len = 0; + up->field_set |= (1 << ISC_UF_USERINFO); + } + up->field_data[ISC_UF_USERINFO].len++; + break; + + default: + break; + } + + s = new_s; + } + + /* Make sure we don't end somewhere unexpected */ + switch (s) { + case s_http_host_start: + case s_http_host_v6_start: + case s_http_host_v6: + case s_http_host_v6_zone_start: + case s_http_host_v6_zone: + case s_http_host_port_start: + case s_http_userinfo: + case s_http_userinfo_start: + return (ISC_R_FAILURE); + default: + break; + } + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_url_parse(const char *buf, size_t buflen, bool is_connect, + isc_url_parser_t *up) { + state_t s; + isc_url_field_t uf, old_uf; + int found_at = 0; + const char *p = NULL; + + if (buflen == 0) { + return (ISC_R_FAILURE); + } + + up->port = up->field_set = 0; + s = is_connect ? s_req_server_start : s_req_spaces_before_url; + old_uf = ISC_UF_MAX; + + for (p = buf; p < buf + buflen; p++) { + s = parse_url_char(s, *p); + + /* Figure out the next field that we're operating on */ + switch (s) { + case s_dead: + return (ISC_R_FAILURE); + + /* Skip delimiters */ + case s_req_schema_slash: + case s_req_schema_slash_slash: + case s_req_server_start: + case s_req_query_string_start: + case s_req_fragment_start: + continue; + + case s_req_schema: + uf = ISC_UF_SCHEMA; + break; + + case s_req_server_with_at: + found_at = 1; + /* FALLTHROUGH */ + case s_req_server: + uf = ISC_UF_HOST; + break; + + case s_req_path: + uf = ISC_UF_PATH; + break; + + case s_req_query_string: + uf = ISC_UF_QUERY; + break; + + case s_req_fragment: + uf = ISC_UF_FRAGMENT; + break; + + default: + INSIST(0); + ISC_UNREACHABLE(); + } + + /* Nothing's changed; soldier on */ + if (uf == old_uf) { + up->field_data[uf].len++; + continue; + } + + up->field_data[uf].off = (uint16_t)(p - buf); + up->field_data[uf].len = 1; + + up->field_set |= (1 << uf); + old_uf = uf; + } + + /* host must be present if there is a schema */ + /* parsing http:///toto will fail */ + if ((up->field_set & (1 << ISC_UF_SCHEMA)) && + (up->field_set & (1 << ISC_UF_HOST)) == 0) + { + return (ISC_R_FAILURE); + } + + if (up->field_set & (1 << ISC_UF_HOST)) { + isc_result_t result; + + result = http_parse_host(buf, up, found_at); + if (result != ISC_R_SUCCESS) { + return (result); + } + } + + /* CONNECT requests can only contain "hostname:port" */ + if (is_connect && + up->field_set != ((1 << ISC_UF_HOST) | (1 << ISC_UF_PORT))) { + return (ISC_R_FAILURE); + } + + if (up->field_set & (1 << ISC_UF_PORT)) { + uint16_t off; + uint16_t len; + const char *pp = NULL; + const char *end = NULL; + unsigned long v; + + off = up->field_data[ISC_UF_PORT].off; + len = up->field_data[ISC_UF_PORT].len; + end = buf + off + len; + + /* + * NOTE: The characters are already validated and are in the + * [0-9] range + */ + INSIST(off + len <= buflen); + + v = 0; + for (pp = buf + off; pp < end; p++) { + v *= 10; + v += *pp - '0'; + + /* Ports have a max value of 2^16 */ + if (v > 0xffff) { + return (ISC_R_RANGE); + } + } + + up->port = (uint16_t)v; + } + + return (ISC_R_SUCCESS); +} diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in index c780fc2b5e9..e08c04753ca 100644 --- a/lib/isc/win32/libisc.def.in +++ b/lib/isc/win32/libisc.def.in @@ -448,6 +448,7 @@ isc_nm_cancelread isc_nm_closedown isc_nm_destroy isc_nm_detach +isc_nm_listenhttps isc_nm_listentcpdns isc_nm_listentls isc_nm_listentlsdns @@ -708,6 +709,7 @@ isc_tlsctx_createserver isc_tlsctx_free isc_tm_timegm isc_tm_strptime +isc_url_parse isc_utf8_bom isc_utf8_valid isc_win32os_versioncheck diff --git a/lib/isc/win32/libisc.vcxproj.filters.in b/lib/isc/win32/libisc.vcxproj.filters.in index 7b6dc36a783..aab1a899ae9 100644 --- a/lib/isc/win32/libisc.vcxproj.filters.in +++ b/lib/isc/win32/libisc.vcxproj.filters.in @@ -260,6 +260,9 @@ Library Header Files + + Library Header Files + Library Header Files @@ -614,6 +617,9 @@ Library Source Files + + Library Source Files + Library Source Files diff --git a/lib/isc/win32/libisc.vcxproj.in b/lib/isc/win32/libisc.vcxproj.in index a06a1e810d8..7d989c5591d 100644 --- a/lib/isc/win32/libisc.vcxproj.in +++ b/lib/isc/win32/libisc.vcxproj.in @@ -62,11 +62,11 @@ @IF PKCS11 BIND9;@PK11_LIB_LOCATION@WIN32;_DEBUG;_WINDOWS;_USRDLL;LIBISC_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions) ..\..\..\config.h - .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;..\..\dns\win32\include;..\..\dns\include;%(AdditionalIncludeDirectories) + .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@NGHTTP2_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;..\..\dns\win32\include;..\..\dns\include;%(AdditionalIncludeDirectories) @ELSE PKCS11 BIND9;WIN32;_DEBUG;_WINDOWS;_USRDLL;LIBISC_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions) ..\..\..\config.h - .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;%(AdditionalIncludeDirectories) + .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@NGHTTP2_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;%(AdditionalIncludeDirectories) @END PKCS11 true .\$(Configuration)\$(TargetName).pch @@ -80,7 +80,7 @@ Console true ..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt) - @OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@@LIBUV_LIB@@LIBXML2_LIB@@ZLIB_LIB@ws2_32.lib;%(AdditionalDependencies) + @OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@@LIBUV_LIB@@NGHTTP2_LIB@@LIBXML2_LIB@@ZLIB_LIB@ws2_32.lib;%(AdditionalDependencies) $(ProjectName).def .\$(Configuration)\$(ProjectName).lib @@ -116,6 +116,9 @@ echo Copying the libxml DLL. copy @LIBXML2_DLL@ ..\Build\Debug\ @END LIBXML2 +echo Copying nghttp2 DLL. +copy @NGHTTP2_DLL@ ..\Build\Debug\ + @IF GSSAPI echo Copying the GSSAPI and KRB5 DLLs. @@ -163,11 +166,11 @@ copy InstallFiles ..\Build\Debug\ @IF PKCS11 BIND9;@PK11_LIB_LOCATION@WIN32;NDEBUG;_WINDOWS;_USRDLL;LIBISC_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions) ..\..\..\config.h - .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;..\..\dns\win32\include;..\..\dns\include;%(AdditionalIncludeDirectories) + .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@NGHTTP2_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;..\..\dns\win32\include;..\..\dns\include;%(AdditionalIncludeDirectories) @ELSE PKCS11 BIND9;WIN32;_DEBUG;_WINDOWS;_USRDLL;LIBISC_EXPORTS;%(PreprocessorDefinitions);%(PreprocessorDefinitions) ..\..\..\config.h - .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;%(AdditionalIncludeDirectories) + .\;..\..\..\;@LIBXML2_INC@@LIBUV_INC@@NGHTTP2_INC@@OPENSSL_INC@@ZLIB_INC@include;..\include;..\;win32;..\..\isccfg\include;%(AdditionalIncludeDirectories) @END PKCS11 OnlyExplicitInline false @@ -184,7 +187,7 @@ copy InstallFiles ..\Build\Debug\ true true ..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt) - @OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@@LIBUV_LIB@@LIBXML2_LIB@@ZLIB_LIB@ws2_32.lib;%(AdditionalDependencies) + @OPENSSL_LIBCRYPTO@@OPENSSL_LIBSSL@@LIBUV_LIB@@NGHTTP2_LIB@@LIBXML2_LIB@@ZLIB_LIB@ws2_32.lib;%(AdditionalDependencies) $(ProjectName).def .\$(Configuration)\$(ProjectName).lib Default @@ -211,6 +214,9 @@ copy @OPENSSL_PATH@\LICENSE ..\Build\Release\OpenSSL-LICENSE echo Copying libuv DLL. copy @LIBUV_DLL@ ..\Build\Release\ +echo Copying nghttp2 DLL. +copy @NGHTTP2_DLL@ ..\Build\Release\ + @IF LIBXML2 echo Copying the libxml DLL. @@ -337,6 +343,7 @@ copy InstallFiles ..\Build\Release\ + @IF PKCS11 @@ -408,14 +415,15 @@ copy InstallFiles ..\Build\Release\ + - - - + + + @@ -443,6 +451,7 @@ copy InstallFiles ..\Build\Release\ + @IF PKCS11 diff --git a/win32utils/Configure b/win32utils/Configure index 7ae633d40f7..57e94d70a43 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -221,6 +221,7 @@ my @substinc = ("GSSAPI_INC", "IDN_INC", "LIBXML2_INC", "LIBUV_INC", + "NGHTTP2_INC", "OPENSSL_INC", "READLINE_INC", "ZLIB_INC"); @@ -235,6 +236,7 @@ my @substlib = ("GSSAPI_LIB", "KRB5_LIB", "LIBXML2_LIB", "LIBUV_LIB", + "NGHTTP2_LIB", "OPENSSL_LIBCRYPTO", "OPENSSL_LIBSSL", "READLINE_LIB", @@ -253,6 +255,7 @@ my @substdll = ("COMERR_DLL", "K5SPRT_DLL", "LIBXML2_DLL", "LIBUV_DLL", + "NGHTTP2_DLL", "OPENSSL_DLLCRYPTO", "OPENSSL_DLLSSL", "WSHELP_DLL", @@ -341,6 +344,7 @@ my @withlist = ("aes", "idn", "openssl", "libxml2", + "nghttp2", "pkcs11", "pssuspend", "python", @@ -389,6 +393,7 @@ my @help = ( " with-samples build with sample programs\n", " with-openssl[=PATH] build with OpenSSL yes|path (mandatory)\n", " with-libuv[=PATH] build with libuv yes|path (mandatory)\n", +" with-nghttp2[=PATH] build with nghttp2 yes|path (mandatory)\n", " with-pkcs11[=PATH] build with PKCS#11 support yes|no|provider-path\n", " with-gssapi[=PATH] build with MIT KfW GSSAPI yes|no|path\n", " with-libxml2[=PATH] build with libxml2 library yes|no|path\n", @@ -431,6 +436,8 @@ my $use_stests = "no"; my $use_samples = "no"; my $use_libuv = "auto"; my $libuv_path = "../../"; +my $nghttp2_path = "../../"; +my $use_nghttp2 = "auto"; my $use_openssl = "auto"; my $openssl_path = "../../"; my $use_pkcs11 = "no"; @@ -758,6 +765,13 @@ sub mywith { $use_libuv = "yes"; $libuv_path = $val; } + } elsif ($key =~ /^nghttp2$/i) { + if ($val =~ /^no$/i) { + die "nghttp2 is required\n"; + } elsif ($val !~ /^yes$/i) { + $use_nghttp2 = "yes"; + $nghttp2_path = $val; + } } elsif ($key =~ /^pkcs11$/i) { if ($val =~ /^yes$/i) { $use_pkcs11 = "yes"; @@ -949,6 +963,7 @@ if ($verbose) { print "querytrace: disabled\n"; } print "libuv-path: $libuv_path\n"; + print "nghttp2-path: $nghttp2_path\n"; print "openssl-path: $openssl_path\n"; if ($use_tests eq "yes") { print "tests: enabled\n"; @@ -1327,6 +1342,63 @@ if ($use_libuv eq "yes") { # $configdefh{"HAVE_UV_IMPORT"} = 1; } +# with-nghttp2 +if ($use_nghttp2 eq "auto") { + if ($verbose) { + print "checking for an nghttp2 built directory at sibling root\n"; + } + opendir DIR, $nghttp2_path || die "No Directory: $!\n"; + my @dirlist = grep (/^nghttp2-[0-9]+\.[0-9]+\.[0-9]+$/i, readdir(DIR)); + closedir(DIR); + + # Make sure we have something + if (scalar(@dirlist) == 0) { + die "can't find an nghttp2 at sibling root\n"; + } + # Now see if we have a directory or just a file. + # Make sure we are case insensitive + my $file; + foreach $file (sort {uc($b) cmp uc($a)} @dirlist) { + if (-f File::Spec->catfile($nghttp2_path, + $file, + "include", "nghttp2", "nghttp2.h")) { + $nghttp2_path = File::Spec->catdir($nghttp2_path, $file); + $use_nghttp2 = "yes"; + last; + } + } + + # If we have one use it otherwise report the error + if ($use_nghttp2 eq "auto") { + die "can't find an nghttp2 built directory at sibling root\n"; + } +} + +if ($use_nghttp2 eq "yes") { + $nghttp2_path = File::Spec->rel2abs($nghttp2_path); + if ($verbose) { + print "checking for nghttp2 directory at \"$nghttp2_path\"\n"; + } + if (!-f File::Spec->catfile($nghttp2_path, + "include", "nghttp2", "nghttp2.h")) { + die "can't find nghttp2 nghttp2.h include\n"; + } + my $nghttp2_inc = File::Spec->catdir($nghttp2_path, "include"); + my $nghttp2_bindir = File::Spec->catdir($nghttp2_path, "bin"); + my $nghttp2_libdir = File::Spec->catdir($nghttp2_path, "lib"); + my $nghttp2_dll = File::Spec->catfile($nghttp2_bindir, "nghttp2.dll"); + my $nghttp2_lib = File::Spec->catfile($nghttp2_libdir, "nghttp2.lib"); + if (!-f $nghttp2_lib) { + die "can't find nghttp2.lib library\n"; + } + if (!-f $nghttp2_dll) { + die "can't find nghttp2.dll library\n"; + } + $configinc{"NGHTTP2_INC"} = "$nghttp2_inc"; + $configlib{"NGHTTP2_LIB"} = "$nghttp2_lib"; + $configdll{"NGHTTP2_DLL"} = "$nghttp2_dll"; +} + # with-openssl if ($use_openssl eq "auto") { if ($verbose) { @@ -2433,6 +2505,7 @@ sub makeinstallfile { print LOUT "libdns.dll-BCFT\n"; print LOUT "libirs.dll-BCFT\n"; print LOUT "libns.dll-BCFT\n"; + print LOUT "nghttp2.dll-BCFT\n"; print LOUT "uv.dll-BCFT\n"; if ($use_openssl eq "yes") { my $v;