Willy Tarreau | ce04094 | 2017-05-30 18:46:58 +0200 | [diff] [blame] | 1 | /* |
| 2 | * HPACK header table management (RFC7541) |
| 3 | * |
| 4 | * Copyright (C) 2014-2017 Willy Tarreau <willy@haproxy.org> |
| 5 | * Copyright (C) 2017 HAProxy Technologies |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, to any person obtaining |
| 8 | * a copy of this software and associated documentation files (the |
| 9 | * "Software"), to deal in the Software without restriction, including |
| 10 | * without limitation the rights to use, copy, modify, merge, publish, |
| 11 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 12 | * permit persons to whom the Software is furnished to do so, subject to |
| 13 | * the following conditions: |
| 14 | * |
| 15 | * The above copyright notice and this permission notice shall be |
| 16 | * included in all copies or substantial portions of the Software. |
| 17 | * |
| 18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 19 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| 20 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 21 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| 22 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 23 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 24 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 25 | * OTHER DEALINGS IN THE SOFTWARE. |
| 26 | */ |
| 27 | |
| 28 | #include <stdint.h> |
| 29 | #include <stdio.h> |
| 30 | #include <stdlib.h> |
| 31 | #include <string.h> |
| 32 | |
| 33 | #include <common/hpack-huff.h> |
| 34 | #include <common/hpack-tbl.h> |
| 35 | #include <common/ist.h> |
| 36 | |
| 37 | #include <types/global.h> |
| 38 | |
| 39 | /* static header table as in RFC7541 Appendix A. [0] unused. */ |
| 40 | const struct http_hdr hpack_sht[HPACK_SHT_SIZE] = { |
| 41 | [ 1] = { .n = IST(":authority"), .v = IST("") }, |
| 42 | [ 2] = { .n = IST(":method"), .v = IST("GET") }, |
| 43 | [ 3] = { .n = IST(":method"), .v = IST("POST") }, |
| 44 | [ 4] = { .n = IST(":path"), .v = IST("/") }, |
| 45 | [ 5] = { .n = IST(":path"), .v = IST("/index.html") }, |
| 46 | [ 6] = { .n = IST(":scheme"), .v = IST("http") }, |
| 47 | [ 7] = { .n = IST(":scheme"), .v = IST("https") }, |
| 48 | [ 8] = { .n = IST(":status"), .v = IST("200") }, |
| 49 | [ 9] = { .n = IST(":status"), .v = IST("204") }, |
| 50 | [10] = { .n = IST(":status"), .v = IST("206") }, |
| 51 | [11] = { .n = IST(":status"), .v = IST("304") }, |
| 52 | [12] = { .n = IST(":status"), .v = IST("400") }, |
| 53 | [13] = { .n = IST(":status"), .v = IST("404") }, |
| 54 | [14] = { .n = IST(":status"), .v = IST("500") }, |
| 55 | [15] = { .n = IST("accept-charset"), .v = IST("") }, |
| 56 | [16] = { .n = IST("accept-encoding"), .v = IST("gzip, deflate") }, |
| 57 | [17] = { .n = IST("accept-language"), .v = IST("") }, |
| 58 | [18] = { .n = IST("accept-ranges"), .v = IST("") }, |
| 59 | [19] = { .n = IST("accept"), .v = IST("") }, |
| 60 | [20] = { .n = IST("access-control-allow-origin"), .v = IST("") }, |
| 61 | [21] = { .n = IST("age"), .v = IST("") }, |
| 62 | [22] = { .n = IST("allow"), .v = IST("") }, |
| 63 | [23] = { .n = IST("authorization"), .v = IST("") }, |
| 64 | [24] = { .n = IST("cache-control"), .v = IST("") }, |
| 65 | [25] = { .n = IST("content-disposition"), .v = IST("") }, |
| 66 | [26] = { .n = IST("content-encoding"), .v = IST("") }, |
| 67 | [27] = { .n = IST("content-language"), .v = IST("") }, |
| 68 | [28] = { .n = IST("content-length"), .v = IST("") }, |
| 69 | [29] = { .n = IST("content-location"), .v = IST("") }, |
| 70 | [30] = { .n = IST("content-range"), .v = IST("") }, |
| 71 | [31] = { .n = IST("content-type") , .v = IST("") }, |
| 72 | [32] = { .n = IST("cookie"), .v = IST("") }, |
| 73 | [33] = { .n = IST("date"), .v = IST("") }, |
| 74 | [34] = { .n = IST("etag"), .v = IST("") }, |
| 75 | [35] = { .n = IST("expect"), .v = IST("") }, |
| 76 | [36] = { .n = IST("expires"), .v = IST("") }, |
| 77 | [37] = { .n = IST("from"), .v = IST("") }, |
| 78 | [38] = { .n = IST("host"), .v = IST("") }, |
| 79 | [39] = { .n = IST("if-match"), .v = IST("") }, |
| 80 | [40] = { .n = IST("if-modified-since"), .v = IST("") }, |
| 81 | [41] = { .n = IST("if-none-match"), .v = IST("") }, |
| 82 | [42] = { .n = IST("if-range"), .v = IST("") }, |
| 83 | [43] = { .n = IST("if-unmodified-since"), .v = IST("") }, |
| 84 | [44] = { .n = IST("last-modified"), .v = IST("") }, |
| 85 | [45] = { .n = IST("link"), .v = IST("") }, |
| 86 | [46] = { .n = IST("location"), .v = IST("") }, |
| 87 | [47] = { .n = IST("max-forwards"), .v = IST("") }, |
| 88 | [48] = { .n = IST("proxy-authenticate"), .v = IST("") }, |
| 89 | [49] = { .n = IST("proxy-authorization"), .v = IST("") }, |
| 90 | [50] = { .n = IST("range"), .v = IST("") }, |
| 91 | [51] = { .n = IST("referer"), .v = IST("") }, |
| 92 | [52] = { .n = IST("refresh"), .v = IST("") }, |
| 93 | [53] = { .n = IST("retry-after"), .v = IST("") }, |
| 94 | [54] = { .n = IST("server"), .v = IST("") }, |
| 95 | [55] = { .n = IST("set-cookie"), .v = IST("") }, |
| 96 | [56] = { .n = IST("strict-transport-security"), .v = IST("") }, |
| 97 | [57] = { .n = IST("transfer-encoding"), .v = IST("") }, |
| 98 | [58] = { .n = IST("user-agent"), .v = IST("") }, |
| 99 | [59] = { .n = IST("vary"), .v = IST("") }, |
| 100 | [60] = { .n = IST("via"), .v = IST("") }, |
| 101 | [61] = { .n = IST("www-authenticate"), .v = IST("") }, |
| 102 | }; |
| 103 | |
| 104 | /* returns the slot number of the oldest entry (tail). Must not be used on an |
| 105 | * empty table. |
| 106 | */ |
| 107 | static inline unsigned int hpack_dht_get_tail(const struct hpack_dht *dht) |
| 108 | { |
| 109 | return ((dht->head + 1U < dht->used) ? dht->wrap : 0) + dht->head + 1U - dht->used; |
| 110 | } |
| 111 | |
| 112 | #ifdef DEBUG_HPACK |
| 113 | /* dump the whole dynamic header table */ |
| 114 | static void hpack_dht_dump(const struct hpack_dht *dht) |
| 115 | { |
| 116 | int i; |
| 117 | unsigned int slot; |
| 118 | char name[4096], value[4096]; |
| 119 | |
| 120 | for (i = HPACK_SHT_SIZE; i < HPACK_SHT_SIZE + dht->used; i++) { |
| 121 | slot = (hpack_get_dte(dht, i - HPACK_SHT_SIZE + 1) - dht->dte); |
| 122 | fprintf(stderr, "idx=%d slot=%u name=<%s> value=<%s> addr=%u-%u\n", |
| 123 | i, slot, |
| 124 | istpad(name, hpack_idx_to_name(dht, i)).ptr, |
| 125 | istpad(value, hpack_idx_to_value(dht, i)).ptr, |
| 126 | dht->dte[slot].addr, dht->dte[slot].addr+dht->dte[slot].nlen+dht->dte[slot].vlen-1); |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | /* check for the whole dynamic header table consistency, abort on failures */ |
| 131 | static void hpack_dht_check_consistency(const struct hpack_dht *dht) |
| 132 | { |
| 133 | unsigned slot = hpack_dht_get_tail(dht); |
| 134 | unsigned used2 = dht->used; |
| 135 | unsigned total = 0; |
| 136 | |
| 137 | if (!dht->used) |
| 138 | return; |
| 139 | |
| 140 | if (dht->front >= dht->wrap) |
| 141 | abort(); |
| 142 | |
| 143 | if (dht->used > dht->wrap) |
| 144 | abort(); |
| 145 | |
| 146 | if (dht->head >= dht->wrap) |
| 147 | abort(); |
| 148 | |
| 149 | while (used2--) { |
| 150 | total += dht->dte[slot].nlen + dht->dte[slot].vlen; |
| 151 | slot++; |
| 152 | if (slot >= dht->wrap) |
| 153 | slot = 0; |
| 154 | } |
| 155 | |
| 156 | if (total != dht->total) { |
| 157 | fprintf(stderr, "%d: total=%u dht=%u\n", __LINE__, total, dht->total); |
| 158 | abort(); |
| 159 | } |
| 160 | } |
| 161 | #endif // DEBUG_HPACK |
| 162 | |
| 163 | /* rebuild a new dynamic header table from <dht> with an unwrapped index and |
| 164 | * contents at the end. The new table is returned, the caller must not use the |
| 165 | * previous one anymore. NULL may be returned if no table could be allocated. |
| 166 | */ |
| 167 | static struct hpack_dht *hpack_dht_defrag(struct hpack_dht *dht) |
| 168 | { |
| 169 | struct hpack_dht *alt_dht; |
| 170 | uint16_t old, new; |
| 171 | uint32_t addr; |
| 172 | |
| 173 | /* Note: for small tables we could use alloca() instead but |
| 174 | * portability especially for large tables can be problematic. |
| 175 | */ |
| 176 | alt_dht = hpack_dht_alloc(dht->size); |
| 177 | if (!alt_dht) |
| 178 | return NULL; |
| 179 | |
| 180 | alt_dht->total = dht->total; |
| 181 | alt_dht->used = dht->used; |
| 182 | alt_dht->wrap = dht->used; |
| 183 | |
| 184 | new = 0; |
| 185 | addr = alt_dht->size; |
| 186 | |
| 187 | if (dht->used) { |
| 188 | /* start from the tail */ |
| 189 | old = hpack_dht_get_tail(dht); |
| 190 | do { |
| 191 | alt_dht->dte[new].nlen = dht->dte[old].nlen; |
| 192 | alt_dht->dte[new].vlen = dht->dte[old].vlen; |
| 193 | addr -= dht->dte[old].nlen + dht->dte[old].vlen; |
| 194 | alt_dht->dte[new].addr = addr; |
| 195 | |
| 196 | memcpy((void *)alt_dht + alt_dht->dte[new].addr, |
| 197 | (void *)dht + dht->dte[old].addr, |
| 198 | dht->dte[old].nlen + dht->dte[old].vlen); |
| 199 | |
| 200 | old++; |
| 201 | if (old >= dht->wrap) |
| 202 | old = 0; |
| 203 | new++; |
| 204 | } while (new < dht->used); |
| 205 | } |
| 206 | |
| 207 | alt_dht->front = alt_dht->head = new - 1; |
| 208 | |
| 209 | memcpy(dht, alt_dht, dht->size); |
| 210 | hpack_dht_free(alt_dht); |
| 211 | |
| 212 | return dht; |
| 213 | } |
| 214 | |
| 215 | /* Purges table dht until a header field of <needed> bytes fits according to |
| 216 | * the protocol (adding 32 bytes overhead). Returns non-zero on success, zero |
| 217 | * on failure (ie: table empty but still not sufficient). It must only be |
| 218 | * called when the table is not large enough to suit the new entry and there |
| 219 | * are some entries left. In case of doubt, use dht_make_room() instead. |
| 220 | */ |
| 221 | int __hpack_dht_make_room(struct hpack_dht *dht, unsigned int needed) |
| 222 | { |
| 223 | unsigned int used = dht->used; |
| 224 | unsigned int wrap = dht->wrap; |
| 225 | unsigned int tail; |
| 226 | |
| 227 | do { |
| 228 | tail = ((dht->head + 1U < used) ? wrap : 0) + dht->head + 1U - used; |
| 229 | dht->total -= dht->dte[tail].nlen + dht->dte[tail].vlen; |
| 230 | if (tail == dht->front) |
| 231 | dht->front = dht->head; |
| 232 | used--; |
| 233 | } while (used && used * 32 + dht->total + needed + 32 > dht->size); |
| 234 | |
| 235 | dht->used = used; |
| 236 | |
| 237 | /* realign if empty */ |
| 238 | if (!used) |
| 239 | dht->front = dht->head = 0; |
| 240 | |
| 241 | /* pack the table if it doesn't wrap anymore */ |
| 242 | if (dht->head + 1U >= used) |
| 243 | dht->wrap = dht->head + 1; |
| 244 | |
| 245 | /* no need to check for 'used' here as if it doesn't fit, used==0 */ |
| 246 | return needed + 32 <= dht->size; |
| 247 | } |
| 248 | |
| 249 | /* tries to insert a new header <name>:<value> in front of the current head. A |
| 250 | * negative value is returned on error. |
| 251 | */ |
| 252 | int hpack_dht_insert(struct hpack_dht *dht, struct ist name, struct ist value) |
| 253 | { |
| 254 | unsigned int used; |
| 255 | unsigned int head; |
| 256 | unsigned int prev; |
| 257 | unsigned int wrap; |
| 258 | unsigned int tail; |
| 259 | uint32_t headroom, tailroom; |
| 260 | |
| 261 | if (!hpack_dht_make_room(dht, name.len + value.len)) |
| 262 | return -1; |
| 263 | |
| 264 | used = dht->used; |
| 265 | prev = head = dht->head; |
| 266 | wrap = dht->wrap; |
| 267 | tail = hpack_dht_get_tail(dht); |
| 268 | |
| 269 | /* Now there is enough room in the table, that's guaranteed by the |
| 270 | * protocol, but not necessarily where we need it. |
| 271 | */ |
| 272 | |
| 273 | if (!used) { |
| 274 | /* easy, the table was empty */ |
| 275 | dht->front = dht->head = 0; |
| 276 | dht->wrap = dht->used = 1; |
| 277 | dht->total = 0; |
| 278 | head = 0; |
| 279 | dht->dte[head].addr = dht->size - (name.len + value.len); |
| 280 | goto copy; |
| 281 | } |
| 282 | |
| 283 | /* compute the new head, used and wrap position */ |
| 284 | used++; |
| 285 | head++; |
| 286 | |
| 287 | if (head >= wrap) { |
| 288 | /* head is leading the entries, we either need to push the |
| 289 | * table further or to loop back to released entries. We could |
| 290 | * force to loop back when at least half of the allocatable |
| 291 | * entries are free but in practice it never happens. |
| 292 | */ |
| 293 | if ((sizeof(*dht) + (wrap + 1) * sizeof(dht->dte[0]) <= dht->dte[dht->front].addr)) |
| 294 | wrap++; |
| 295 | else if (head >= used) /* there's a hole at the beginning */ |
| 296 | head = 0; |
| 297 | else { |
| 298 | /* no more room, head hits tail and the index cannot be |
| 299 | * extended, we have to realign the whole table. |
| 300 | */ |
| 301 | if (!hpack_dht_defrag(dht)) |
| 302 | return -1; |
| 303 | |
| 304 | wrap = dht->wrap + 1; |
| 305 | head = dht->head + 1; |
| 306 | prev = head - 1; |
| 307 | tail = 0; |
| 308 | } |
| 309 | } |
| 310 | else if (used >= wrap) { |
| 311 | /* we've hit the tail, we need to reorganize the index so that |
| 312 | * the head is at the end (but not necessarily move the data). |
| 313 | */ |
| 314 | if (!hpack_dht_defrag(dht)) |
| 315 | return -1; |
| 316 | |
| 317 | wrap = dht->wrap + 1; |
| 318 | head = dht->head + 1; |
| 319 | prev = head - 1; |
| 320 | tail = 0; |
| 321 | } |
| 322 | |
| 323 | /* Now we have updated head, used and wrap, we know that there is some |
| 324 | * available room at least from the protocol's perspective. This space |
| 325 | * is split in two areas : |
| 326 | * |
| 327 | * 1: if the previous head was the front cell, the space between the |
| 328 | * end of the index table and the front cell's address. |
| 329 | * 2: if the previous head was the front cell, the space between the |
| 330 | * end of the tail and the end of the table ; or if the previous |
| 331 | * head was not the front cell, the space between the end of the |
| 332 | * tail and the head's address. |
| 333 | */ |
| 334 | if (prev == dht->front) { |
| 335 | /* the area was contiguous */ |
| 336 | headroom = dht->dte[dht->front].addr - (sizeof(*dht) + wrap * sizeof(dht->dte[0])); |
| 337 | tailroom = dht->size - dht->dte[tail].addr - dht->dte[tail].nlen - dht->dte[tail].vlen; |
| 338 | } |
| 339 | else { |
| 340 | /* it's already wrapped so we can't store anything in the headroom */ |
| 341 | headroom = 0; |
| 342 | tailroom = dht->dte[prev].addr - dht->dte[tail].addr - dht->dte[tail].nlen - dht->dte[tail].vlen; |
| 343 | } |
| 344 | |
| 345 | /* We can decide to stop filling the headroom as soon as there's enough |
| 346 | * room left in the tail to suit the protocol, but tests show that in |
| 347 | * practice it almost never happens in other situations so the extra |
| 348 | * test is useless and we simply fill the headroom as long as it's |
| 349 | * available. |
| 350 | */ |
| 351 | if (headroom >= name.len + value.len) { |
| 352 | /* install upfront and update ->front */ |
| 353 | dht->dte[head].addr = dht->dte[dht->front].addr - (name.len + value.len); |
| 354 | dht->front = head; |
| 355 | } |
| 356 | else if (tailroom >= name.len + value.len) { |
| 357 | dht->dte[head].addr = dht->dte[tail].addr + dht->dte[tail].nlen + dht->dte[tail].vlen + tailroom - (name.len + value.len); |
| 358 | } |
| 359 | else { |
| 360 | /* need to defragment the table before inserting upfront */ |
| 361 | dht = hpack_dht_defrag(dht); |
| 362 | wrap = dht->wrap + 1; |
| 363 | head = dht->head + 1; |
| 364 | dht->dte[head].addr = dht->dte[dht->front].addr - (name.len + value.len); |
| 365 | dht->front = head; |
| 366 | } |
| 367 | |
| 368 | dht->wrap = wrap; |
| 369 | dht->head = head; |
| 370 | dht->used = used; |
| 371 | |
| 372 | copy: |
| 373 | dht->total += name.len + value.len; |
| 374 | dht->dte[head].nlen = name.len; |
| 375 | dht->dte[head].vlen = value.len; |
| 376 | |
| 377 | memcpy((void *)dht + dht->dte[head].addr, name.ptr, name.len); |
| 378 | memcpy((void *)dht + dht->dte[head].addr + name.len, value.ptr, value.len); |
| 379 | return 0; |
| 380 | } |