Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 1 | /* |
| 2 | * include/proto/h1.h |
| 3 | * This file contains HTTP/1 protocol definitions. |
| 4 | * |
| 5 | * Copyright (C) 2000-2017 Willy Tarreau - w@1wt.eu |
| 6 | * |
| 7 | * This library is free software; you can redistribute it and/or |
| 8 | * modify it under the terms of the GNU Lesser General Public |
| 9 | * License as published by the Free Software Foundation, version 2.1 |
| 10 | * exclusively. |
| 11 | * |
| 12 | * This library is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | * Lesser General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU Lesser General Public |
| 18 | * License along with this library; if not, write to the Free Software |
| 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 20 | */ |
| 21 | |
| 22 | #ifndef _PROTO_H1_H |
| 23 | #define _PROTO_H1_H |
| 24 | |
Willy Tarreau | db4893d | 2017-09-21 08:40:02 +0200 | [diff] [blame^] | 25 | #include <common/buffer.h> |
Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 26 | #include <common/compiler.h> |
| 27 | #include <common/config.h> |
Willy Tarreau | db4893d | 2017-09-21 08:40:02 +0200 | [diff] [blame^] | 28 | #include <common/standard.h> |
Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 29 | #include <types/h1.h> |
Willy Tarreau | db4893d | 2017-09-21 08:40:02 +0200 | [diff] [blame^] | 30 | #include <types/proto_http.h> |
Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 31 | |
| 32 | extern const uint8_t h1_char_classes[256]; |
Willy Tarreau | db4893d | 2017-09-21 08:40:02 +0200 | [diff] [blame^] | 33 | int http_forward_trailers(struct http_msg *msg); |
Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 34 | |
| 35 | #define H1_FLG_CTL 0x01 |
| 36 | #define H1_FLG_SEP 0x02 |
| 37 | #define H1_FLG_LWS 0x04 |
| 38 | #define H1_FLG_SPHT 0x08 |
| 39 | #define H1_FLG_CRLF 0x10 |
| 40 | #define H1_FLG_TOK 0x20 |
| 41 | #define H1_FLG_VER 0x40 |
| 42 | |
| 43 | #define HTTP_IS_CTL(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_CTL) |
| 44 | #define HTTP_IS_SEP(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_SEP) |
| 45 | #define HTTP_IS_LWS(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_LWS) |
| 46 | #define HTTP_IS_SPHT(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_SPHT) |
| 47 | #define HTTP_IS_CRLF(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_CRLF) |
| 48 | #define HTTP_IS_TOKEN(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_TOK) |
| 49 | #define HTTP_IS_VER_TOKEN(x) (h1_char_classes[(uint8_t)(x)] & H1_FLG_VER) |
| 50 | |
| 51 | |
| 52 | /* Macros used in the HTTP/1 parser, to check for the expected presence of |
| 53 | * certain bytes (ef: LF) or to skip to next byte and yield in case of failure. |
| 54 | */ |
| 55 | |
| 56 | |
| 57 | /* Expects to find an LF at <ptr>. If not, set <state> to <where> and jump to |
| 58 | * <bad>. |
| 59 | */ |
| 60 | #define EXPECT_LF_HERE(ptr, bad, state, where) \ |
| 61 | do { \ |
| 62 | if (unlikely(*(ptr) != '\n')) { \ |
| 63 | state = (where); \ |
| 64 | goto bad; \ |
| 65 | } \ |
| 66 | } while (0) |
| 67 | |
| 68 | /* Increments pointer <ptr>, continues to label <more> if it's still below |
| 69 | * pointer <end>, or goes to <stop> and sets <state> to <where> if the end |
| 70 | * of buffer was reached. |
| 71 | */ |
| 72 | #define EAT_AND_JUMP_OR_RETURN(ptr, end, more, stop, state, where) \ |
| 73 | do { \ |
| 74 | if (likely(++(ptr) < (end))) \ |
| 75 | goto more; \ |
| 76 | else { \ |
| 77 | state = (where); \ |
| 78 | goto stop; \ |
| 79 | } \ |
| 80 | } while (0) |
| 81 | |
| 82 | /* for debugging, reports the HTTP/1 message state name */ |
| 83 | static inline const char *h1_msg_state_str(enum h1_state msg_state) |
| 84 | { |
| 85 | switch (msg_state) { |
| 86 | case HTTP_MSG_RQBEFORE: return "MSG_RQBEFORE"; |
| 87 | case HTTP_MSG_RQBEFORE_CR: return "MSG_RQBEFORE_CR"; |
| 88 | case HTTP_MSG_RQMETH: return "MSG_RQMETH"; |
| 89 | case HTTP_MSG_RQMETH_SP: return "MSG_RQMETH_SP"; |
| 90 | case HTTP_MSG_RQURI: return "MSG_RQURI"; |
| 91 | case HTTP_MSG_RQURI_SP: return "MSG_RQURI_SP"; |
| 92 | case HTTP_MSG_RQVER: return "MSG_RQVER"; |
| 93 | case HTTP_MSG_RQLINE_END: return "MSG_RQLINE_END"; |
| 94 | case HTTP_MSG_RPBEFORE: return "MSG_RPBEFORE"; |
| 95 | case HTTP_MSG_RPBEFORE_CR: return "MSG_RPBEFORE_CR"; |
| 96 | case HTTP_MSG_RPVER: return "MSG_RPVER"; |
| 97 | case HTTP_MSG_RPVER_SP: return "MSG_RPVER_SP"; |
| 98 | case HTTP_MSG_RPCODE: return "MSG_RPCODE"; |
| 99 | case HTTP_MSG_RPCODE_SP: return "MSG_RPCODE_SP"; |
| 100 | case HTTP_MSG_RPREASON: return "MSG_RPREASON"; |
| 101 | case HTTP_MSG_RPLINE_END: return "MSG_RPLINE_END"; |
| 102 | case HTTP_MSG_HDR_FIRST: return "MSG_HDR_FIRST"; |
| 103 | case HTTP_MSG_HDR_NAME: return "MSG_HDR_NAME"; |
| 104 | case HTTP_MSG_HDR_COL: return "MSG_HDR_COL"; |
| 105 | case HTTP_MSG_HDR_L1_SP: return "MSG_HDR_L1_SP"; |
| 106 | case HTTP_MSG_HDR_L1_LF: return "MSG_HDR_L1_LF"; |
| 107 | case HTTP_MSG_HDR_L1_LWS: return "MSG_HDR_L1_LWS"; |
| 108 | case HTTP_MSG_HDR_VAL: return "MSG_HDR_VAL"; |
| 109 | case HTTP_MSG_HDR_L2_LF: return "MSG_HDR_L2_LF"; |
| 110 | case HTTP_MSG_HDR_L2_LWS: return "MSG_HDR_L2_LWS"; |
| 111 | case HTTP_MSG_LAST_LF: return "MSG_LAST_LF"; |
| 112 | case HTTP_MSG_ERROR: return "MSG_ERROR"; |
| 113 | case HTTP_MSG_BODY: return "MSG_BODY"; |
| 114 | case HTTP_MSG_100_SENT: return "MSG_100_SENT"; |
| 115 | case HTTP_MSG_CHUNK_SIZE: return "MSG_CHUNK_SIZE"; |
| 116 | case HTTP_MSG_DATA: return "MSG_DATA"; |
| 117 | case HTTP_MSG_CHUNK_CRLF: return "MSG_CHUNK_CRLF"; |
| 118 | case HTTP_MSG_TRAILERS: return "MSG_TRAILERS"; |
| 119 | case HTTP_MSG_ENDING: return "MSG_ENDING"; |
| 120 | case HTTP_MSG_DONE: return "MSG_DONE"; |
| 121 | case HTTP_MSG_CLOSING: return "MSG_CLOSING"; |
| 122 | case HTTP_MSG_CLOSED: return "MSG_CLOSED"; |
| 123 | case HTTP_MSG_TUNNEL: return "MSG_TUNNEL"; |
| 124 | default: return "MSG_??????"; |
| 125 | } |
| 126 | } |
| 127 | |
Willy Tarreau | db4893d | 2017-09-21 08:40:02 +0200 | [diff] [blame^] | 128 | /* This function may be called only in HTTP_MSG_CHUNK_CRLF. It reads the CRLF or |
| 129 | * a possible LF alone at the end of a chunk. The caller should adjust msg->next |
| 130 | * in order to include this part into the next forwarding phase. Note that the |
| 131 | * caller must ensure that ->p points to the first byte to parse. It returns |
| 132 | * the number of bytes parsed on success, so the caller can set msg_state to |
| 133 | * HTTP_MSG_CHUNK_SIZE. If not enough data are available, the function does not |
| 134 | * change anything and returns zero. If a parse error is encountered, the |
| 135 | * function returns < 0. Note: this function is designed to parse wrapped CRLF |
| 136 | * at the end of the buffer. |
| 137 | */ |
| 138 | static inline int http_skip_chunk_crlf(struct http_msg *msg) |
| 139 | { |
| 140 | const struct buffer *buf = msg->chn->buf; |
| 141 | const char *ptr; |
| 142 | int bytes; |
| 143 | |
| 144 | /* NB: we'll check data availabilty at the end. It's not a |
| 145 | * problem because whatever we match first will be checked |
| 146 | * against the correct length. |
| 147 | */ |
| 148 | bytes = 1; |
| 149 | ptr = b_ptr(buf, msg->next); |
| 150 | if (*ptr == '\r') { |
| 151 | bytes++; |
| 152 | ptr++; |
| 153 | if (ptr >= buf->data + buf->size) |
| 154 | ptr = buf->data; |
| 155 | } |
| 156 | |
| 157 | if (msg->next + bytes > buf->i) |
| 158 | return 0; |
| 159 | |
| 160 | if (*ptr != '\n') { |
| 161 | msg->err_pos = buffer_count(buf, buf->p, ptr); |
| 162 | return -1; |
| 163 | } |
| 164 | return bytes; |
| 165 | } |
| 166 | |
| 167 | /* Parse the chunk size at msg->next. Once done, caller should adjust ->next to |
| 168 | * point to the first byte of data after the chunk size, so that we know we can |
| 169 | * forward exactly msg->next bytes. msg->sol contains the exact number of bytes |
| 170 | * forming the chunk size. That way it is always possible to differentiate |
| 171 | * between the start of the body and the start of the data. Return the number |
| 172 | * of byte parsed on success, 0 when some data is missing, <0 on error. Note: |
| 173 | * this function is designed to parse wrapped CRLF at the end of the buffer. |
| 174 | */ |
| 175 | static inline int http_parse_chunk_size(struct http_msg *msg) |
| 176 | { |
| 177 | const struct buffer *buf = msg->chn->buf; |
| 178 | const char *ptr = b_ptr(buf, msg->next); |
| 179 | const char *ptr_old = ptr; |
| 180 | const char *end = buf->data + buf->size; |
| 181 | const char *stop = bi_end(buf); |
| 182 | unsigned int chunk = 0; |
| 183 | |
| 184 | /* The chunk size is in the following form, though we are only |
| 185 | * interested in the size and CRLF : |
| 186 | * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF |
| 187 | */ |
| 188 | while (1) { |
| 189 | int c; |
| 190 | if (ptr == stop) |
| 191 | return 0; |
| 192 | c = hex2i(*ptr); |
| 193 | if (c < 0) /* not a hex digit anymore */ |
| 194 | break; |
| 195 | if (unlikely(++ptr >= end)) |
| 196 | ptr = buf->data; |
| 197 | if (unlikely(chunk & 0xF8000000)) /* integer overflow will occur if result >= 2GB */ |
| 198 | goto error; |
| 199 | chunk = (chunk << 4) + c; |
| 200 | } |
| 201 | |
| 202 | /* empty size not allowed */ |
| 203 | if (unlikely(ptr == ptr_old)) |
| 204 | goto error; |
| 205 | |
| 206 | while (HTTP_IS_SPHT(*ptr)) { |
| 207 | if (++ptr >= end) |
| 208 | ptr = buf->data; |
| 209 | if (unlikely(ptr == stop)) |
| 210 | return 0; |
| 211 | } |
| 212 | |
| 213 | /* Up to there, we know that at least one byte is present at *ptr. Check |
| 214 | * for the end of chunk size. |
| 215 | */ |
| 216 | while (1) { |
| 217 | if (likely(HTTP_IS_CRLF(*ptr))) { |
| 218 | /* we now have a CR or an LF at ptr */ |
| 219 | if (likely(*ptr == '\r')) { |
| 220 | if (++ptr >= end) |
| 221 | ptr = buf->data; |
| 222 | if (ptr == stop) |
| 223 | return 0; |
| 224 | } |
| 225 | |
| 226 | if (unlikely(*ptr != '\n')) |
| 227 | goto error; |
| 228 | if (++ptr >= end) |
| 229 | ptr = buf->data; |
| 230 | /* done */ |
| 231 | break; |
| 232 | } |
| 233 | else if (likely(*ptr == ';')) { |
| 234 | /* chunk extension, ends at next CRLF */ |
| 235 | if (++ptr >= end) |
| 236 | ptr = buf->data; |
| 237 | if (ptr == stop) |
| 238 | return 0; |
| 239 | |
| 240 | while (!HTTP_IS_CRLF(*ptr)) { |
| 241 | if (++ptr >= end) |
| 242 | ptr = buf->data; |
| 243 | if (ptr == stop) |
| 244 | return 0; |
| 245 | } |
| 246 | /* we have a CRLF now, loop above */ |
| 247 | continue; |
| 248 | } |
| 249 | else |
| 250 | goto error; |
| 251 | } |
| 252 | |
| 253 | /* OK we found our CRLF and now <ptr> points to the next byte, which may |
| 254 | * or may not be present. We save the number of bytes parsed into |
| 255 | * msg->sol. |
| 256 | */ |
| 257 | msg->sol = ptr - ptr_old; |
| 258 | if (unlikely(ptr < ptr_old)) |
| 259 | msg->sol += buf->size; |
| 260 | msg->chunk_len = chunk; |
| 261 | msg->body_len += chunk; |
| 262 | return msg->sol; |
| 263 | error: |
| 264 | msg->err_pos = buffer_count(buf, buf->p, ptr); |
| 265 | return -1; |
| 266 | } |
| 267 | |
Willy Tarreau | 0da5b3b | 2017-09-21 09:30:46 +0200 | [diff] [blame] | 268 | |
| 269 | #endif /* _PROTO_H1_H */ |