Combine obtaining resource, host, method into one operation (#6465)

This also adds a reduced timeout for errant connections, to
be quickly closed if they can't even send HTTP headers properly.

Fixes #6459
master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent 63c03758e6
commit e3777b1dd9
  1. 204
      cmd/http/listener.go
  2. 22
      cmd/http/listener_test.go

@ -73,11 +73,40 @@ func isHTTPMethod(s string) bool {
return false return false
} }
func getResourceHost(bufConn *BufConn, maxHeaderBytes, methodLen int) (resource string, host string, err error) { func getPlainText(bufConn *BufConn) (bool, error) {
defer bufConn.setReadTimeout()
if bufConn.canSetReadDeadline() {
// Set deadline such that we close the connection quickly
// of no data was received from the Peek()
bufConn.SetReadDeadline(time.Now().UTC().Add(time.Second * 3))
}
b, err := bufConn.Peek(1)
if err != nil {
return false, err
}
for _, method := range methods {
if b[0] == method[0] {
return true, nil
}
}
return false, nil
}
func getResourceHost(bufConn *BufConn, maxHeaderBytes int) (resource string, method string, host string, err error) {
defer bufConn.setReadTimeout()
var data []byte var data []byte
for dataLen := 0; methodLen+dataLen < maxHeaderBytes; dataLen += 8 { for dataLen := 1; dataLen < maxHeaderBytes; dataLen++ {
if data, err = bufConn.Peek(methodLen + dataLen); err != nil { if bufConn.canSetReadDeadline() {
return "", "", err // Set deadline such that we close the connection quickly
// of no data was received from the Peek()
bufConn.SetReadDeadline(time.Now().UTC().Add(time.Second * 3))
}
data, err = bufConn.bufReader.Peek(dataLen)
if err != nil {
return "", "", "", err
} }
tokens := strings.Split(string(data), "\n") tokens := strings.Split(string(data), "\n")
@ -85,8 +114,17 @@ func getResourceHost(bufConn *BufConn, maxHeaderBytes, methodLen int) (resource
continue continue
} }
if resource == "" { if method == "" && resource == "" {
resource = strings.SplitN(tokens[0][methodLen:], " ", 2)[0] if i := strings.IndexByte(tokens[0], ' '); i == -1 {
return "", "", "", fmt.Errorf("malformed HTTP request %s, from %s", tokens[0], bufConn.LocalAddr())
}
httpTokens := strings.SplitN(tokens[0], " ", 3)
if len(httpTokens) < 3 {
return "", "", "", fmt.Errorf("malformed HTTP request %s, from %s", tokens[0], bufConn.LocalAddr())
}
method = httpTokens[0]
resource = httpTokens[1]
} }
for _, token := range tokens[1:] { for _, token := range tokens[1:] {
@ -99,7 +137,7 @@ func getResourceHost(bufConn *BufConn, maxHeaderBytes, methodLen int) (resource
token = strings.ToLower(token) token = strings.ToLower(token)
if strings.HasPrefix(token, "host: ") { if strings.HasPrefix(token, "host: ") {
host = strings.TrimPrefix(strings.TrimSuffix(token, "\r"), "host: ") host = strings.TrimPrefix(strings.TrimSuffix(token, "\r"), "host: ")
return resource, host, nil return resource, method, host, nil
} }
} }
@ -108,7 +146,7 @@ func getResourceHost(bufConn *BufConn, maxHeaderBytes, methodLen int) (resource
} }
} }
return resource, host, nil return "", "", "", fmt.Errorf("malformed HTTP request from %s", bufConn.LocalAddr())
} }
type acceptResult struct { type acceptResult struct {
@ -175,38 +213,14 @@ func (listener *httpListener) start() {
tcpConn.SetKeepAlivePeriod(listener.tcpKeepAliveTimeout) tcpConn.SetKeepAlivePeriod(listener.tcpKeepAliveTimeout)
bufconn := newBufConn(tcpConn, listener.readTimeout, listener.writeTimeout) bufconn := newBufConn(tcpConn, listener.readTimeout, listener.writeTimeout)
if listener.tlsConfig != nil {
// Peek bytes of maximum length of all HTTP methods. ok, err := getPlainText(bufconn)
data, err := bufconn.Peek(methodMaxLen) if err != nil {
if err != nil { // Peek could fail legitimately when clients abruptly close
// Peek could fail legitimately when clients abruptly close // connection. E.g. Chrome browser opens connections speculatively to
// connection. E.g. Chrome browser opens connections speculatively to // speed up loading of a web page. Peek may also fail due to network
// speed up loading of a web page. Peek may also fail due to network // saturation on a transport with read timeout set. All other kind of
// saturation on a transport with read timeout set. All other kind of // errors should be logged for further investigation. Thanks @brendanashworth.
// errors should be logged for further investigation. Thanks @brendanashworth.
if !isRoutineNetErr(err) {
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
ctx := logger.SetReqInfo(context.Background(), reqInfo)
logger.LogIf(ctx, err)
}
bufconn.Close()
return
}
// Return bufconn if read data is a valid HTTP method.
tokens := strings.SplitN(string(data), " ", 2)
if isHTTPMethod(tokens[0]) {
if listener.tlsConfig != nil {
// As TLS is configured and we got plain text HTTP request,
// return 403 (forbidden) error.
bufconn.Write(sslRequiredErrMsg)
bufconn.Close()
return
}
var resource, host string
if resource, host, err = getResourceHost(bufconn, listener.maxHeaderBytes, len(tokens[0])+1); err != nil {
if !isRoutineNetErr(err) { if !isRoutineNetErr(err) {
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String()) reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String()) reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
@ -216,27 +230,16 @@ func (listener *httpListener) start() {
bufconn.Close() bufconn.Close()
return return
} }
if ok {
header := make(http.Header) // As TLS is configured and we got plain text HTTP request,
if host != "" { // return 403 (forbidden) error.
header.Add("Host", host) bufconn.Write(sslRequiredErrMsg)
bufconn.Close()
return
} }
bufconn.setRequest(&http.Request{
Method: tokens[0],
URL: &url.URL{Path: resource},
Host: bufconn.LocalAddr().String(),
Header: header,
})
bufconn.setUpdateFuncs(listener.updateBytesReadFunc, listener.updateBytesWrittenFunc)
send(acceptResult{bufconn, nil}, doneCh)
return
}
if listener.tlsConfig != nil {
// As the listener is configured with TLS, try to do TLS handshake, drop the connection if it fails. // As the listener is configured with TLS, try to do TLS handshake, drop the connection if it fails.
tlsConn := tls.Server(bufconn, listener.tlsConfig) tlsConn := tls.Server(bufconn, listener.tlsConfig)
if err = tlsConn.Handshake(); err != nil { if err := tlsConn.Handshake(); err != nil {
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String()) reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String()) reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
ctx := logger.SetReqInfo(context.Background(), reqInfo) ctx := logger.SetReqInfo(context.Background(), reqInfo)
@ -244,61 +247,50 @@ func (listener *httpListener) start() {
bufconn.Close() bufconn.Close()
return return
} }
// Check whether the connection contains HTTP request or not.
bufconn = newBufConn(tlsConn, listener.readTimeout, listener.writeTimeout) bufconn = newBufConn(tlsConn, listener.readTimeout, listener.writeTimeout)
}
// Peek bytes of maximum length of all HTTP methods. resource, method, host, err := getResourceHost(bufconn, listener.maxHeaderBytes)
data, err = bufconn.Peek(methodMaxLen) if err != nil {
if err != nil { // Peek could fail legitimately when clients abruptly close
if !isRoutineNetErr(err) { // connection. E.g. Chrome browser opens connections speculatively to
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String()) // speed up loading of a web page. Peek may also fail due to network
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String()) // saturation on a transport with read timeout set. All other kind of
ctx := logger.SetReqInfo(context.Background(), reqInfo) // errors should be logged for further investigation. Thanks @brendanashworth.
logger.LogIf(ctx, err) if !isRoutineNetErr(err) {
} reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
bufconn.Close() reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
return ctx := logger.SetReqInfo(context.Background(), reqInfo)
logger.LogIf(ctx, err)
} }
bufconn.Close()
return
}
// Return bufconn if read data is a valid HTTP method. // Return bufconn if read data is a valid HTTP method.
tokens := strings.SplitN(string(data), " ", 2) if !isHTTPMethod(method) {
if isHTTPMethod(tokens[0]) { reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
var resource, host string reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
if resource, host, err = getResourceHost(bufconn, listener.maxHeaderBytes, len(tokens[0])+1); err != nil { ctx := logger.SetReqInfo(context.Background(), reqInfo)
if !isRoutineNetErr(err) { logger.LogIf(ctx, fmt.Errorf("malformed HTTP invalid HTTP method %s", method))
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
ctx := logger.SetReqInfo(context.Background(), reqInfo)
logger.LogIf(ctx, err)
}
bufconn.Close()
return
}
header := make(http.Header) bufconn.Close()
if host != "" { return
header.Add("Host", host)
}
bufconn.setRequest(&http.Request{
Method: tokens[0],
URL: &url.URL{Path: resource},
Host: bufconn.LocalAddr().String(),
Header: header,
})
bufconn.setUpdateFuncs(listener.updateBytesReadFunc, listener.updateBytesWrittenFunc)
send(acceptResult{bufconn, nil}, doneCh)
return
}
} }
reqInfo := (&logger.ReqInfo{}).AppendTags("remoteAddr", bufconn.RemoteAddr().String())
reqInfo.AppendTags("localAddr", bufconn.LocalAddr().String())
ctx := logger.SetReqInfo(context.Background(), reqInfo)
logger.LogIf(ctx, err)
bufconn.Close() header := make(http.Header)
return if host != "" {
header.Add("Host", host)
}
bufconn.setRequest(&http.Request{
Method: method,
URL: &url.URL{Path: resource},
Host: bufconn.LocalAddr().String(),
Header: header,
})
bufconn.setUpdateFuncs(listener.updateBytesReadFunc, listener.updateBytesWrittenFunc)
send(acceptResult{bufconn, nil}, doneCh)
} }
// Closure to handle TCPListener until done channel is closed. // Closure to handle TCPListener until done channel is closed.

@ -393,11 +393,11 @@ func TestHTTPListenerAccept(t *testing.T) {
{[]string{"localhost:0"}, nil, "GET / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "GET / HTTP/1.0\r\n"}, {[]string{"localhost:0"}, nil, "GET / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "GET / HTTP/1.0\r\n"},
{[]string{nonLoopBackIP + ":0"}, nil, "POST / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "POST / HTTP/1.0\r\n"}, {[]string{nonLoopBackIP + ":0"}, nil, "POST / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "POST / HTTP/1.0\r\n"},
{[]string{nonLoopBackIP + ":0"}, nil, "HEAD / HTTP/1.0\r\nhost: example.org\r\n\r\n", "200 OK\r\n", "HEAD / HTTP/1.0\r\n"}, {[]string{nonLoopBackIP + ":0"}, nil, "HEAD / HTTP/1.0\r\nhost: example.org\r\n\r\n", "200 OK\r\n", "HEAD / HTTP/1.0\r\n"},
{[]string{"127.0.0.1:0", nonLoopBackIP + ":0"}, nil, "CONNECT \r\nHost: www.example.org\r\n\r\n", "200 OK\r\n", "CONNECT \r\n"}, {[]string{"127.0.0.1:0", nonLoopBackIP + ":0"}, nil, "CONNECT / HTTP/1.0\r\nHost: www.example.org\r\n\r\n", "200 OK\r\n", "CONNECT / HTTP/1.0\r\n"},
{[]string{"localhost:0"}, tlsConfig, "GET / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "GET / HTTP/1.0\r\n"}, {[]string{"localhost:0"}, tlsConfig, "GET / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "GET / HTTP/1.0\r\n"},
{[]string{nonLoopBackIP + ":0"}, tlsConfig, "POST / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "POST / HTTP/1.0\r\n"}, {[]string{nonLoopBackIP + ":0"}, tlsConfig, "POST / HTTP/1.0\r\nHost: example.org\r\n\r\n", "200 OK\r\n", "POST / HTTP/1.0\r\n"},
{[]string{nonLoopBackIP + ":0"}, tlsConfig, "HEAD / HTTP/1.0\r\nhost: example.org\r\n\r\n", "200 OK\r\n", "HEAD / HTTP/1.0\r\n"}, {[]string{nonLoopBackIP + ":0"}, tlsConfig, "HEAD / HTTP/1.0\r\nhost: example.org\r\n\r\n", "200 OK\r\n", "HEAD / HTTP/1.0\r\n"},
{[]string{"127.0.0.1:0", nonLoopBackIP + ":0"}, tlsConfig, "CONNECT \r\nHost: www.example.org\r\n\r\n", "200 OK\r\n", "CONNECT \r\n"}, {[]string{"127.0.0.1:0", nonLoopBackIP + ":0"}, tlsConfig, "CONNECT / HTTP/1.0\r\nHost: www.example.org\r\n\r\n", "200 OK\r\n", "CONNECT / HTTP/1.0\r\n"},
} }
for i, testCase := range testCases { for i, testCase := range testCases {
@ -643,11 +643,25 @@ func TestHTTPListenerAcceptError(t *testing.T) {
} }
}() }()
if !testCase.secureClient && testCase.tlsConfig != nil {
buf := make([]byte, len(sslRequiredErrMsg))
var n int
n, err = io.ReadFull(conn, buf)
if err != nil {
t.Fatalf("Test %d: reply read: expected = <nil> got = %v", i+1, err)
} else if n != len(buf) {
t.Fatalf("Test %d: reply length: expected = %v got = %v", i+1, len(buf), n)
} else if !bytes.Equal(buf, sslRequiredErrMsg) {
t.Fatalf("Test %d: reply: expected = %v got = %v", i+1, string(sslRequiredErrMsg), string(buf))
}
continue
}
_, err = bufio.NewReader(conn).ReadString('\n') _, err = bufio.NewReader(conn).ReadString('\n')
if err == nil { if err == nil {
t.Fatalf("Test %d: reply read: expected = EOF got = <nil>", i+1) t.Errorf("Test %d: reply read: expected = EOF got = <nil>", i+1)
} else if err.Error() != "EOF" { } else if err.Error() != "EOF" {
t.Fatalf("Test %d: reply read: expected = EOF got = %v", i+1, err) t.Errorf("Test %d: reply read: expected = EOF got = %v", i+1, err)
} }
conn.Close() conn.Close()

Loading…
Cancel
Save