maskit commented on code in PR #8963: URL: https://github.com/apache/trafficserver/pull/8963#discussion_r941017142
########## proxy/http2/Http2ServerSession.cc: ########## @@ -0,0 +1,420 @@ +/** @file + + Http2ServerSession. + + @section license License + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */ + +#include "Http2ServerSession.h" +#include "HttpDebugNames.h" +#include "tscore/ink_base64.h" +#include "Http2CommonSessionInternal.h" +#include "HttpSessionManager.h" +#include "P_SSLNetVConnection.h" + +ClassAllocator<Http2ServerSession> http2ServerSessionAllocator("http2ServerSessionAllocator"); + +static int +send_connection_event(Continuation *cont, int event, void *edata) +{ + SCOPED_MUTEX_LOCK(lock, cont->mutex, this_ethread()); + return cont->handleEvent(event, edata); +} + +Http2ServerSession::Http2ServerSession() = default; + +void +Http2ServerSession::destroy() +{ + if (!in_destroy) { + in_destroy = true; + write_vio = nullptr; + this->remove_session(); + this->release_outbound_connection_tracking(); + REMEMBER(NO_EVENT, this->recursion) + Http2SsnDebug("session destroy"); + if (_vc) { + _vc->do_io_close(); + _vc = nullptr; + } + free(); + } +} + +void +Http2ServerSession::free() +{ + auto mutex_thread = this->mutex->thread_holding; + if (Http2CommonSession::common_free(this)) { + HTTP2_DECREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT, mutex_thread); + THREAD_FREE(this, http2ServerSessionAllocator, mutex_thread); + } +} + +void +Http2ServerSession::start() +{ + SCOPED_MUTEX_LOCK(lock, this->mutex, this_ethread()); + + SET_HANDLER(&Http2ServerSession::main_event_handler); + HTTP2_SET_SESSION_HANDLER(&Http2ServerSession::state_start_frame_read); + + VIO *read_vio = this->do_io_read(this, INT64_MAX, this->read_buffer); + write_vio = this->do_io_write(this, INT64_MAX, this->_write_buffer_reader); + + this->connection_state.init(this); + + // 3.5 HTTP/2 Connection Preface. Upon establishment of a TCP connection and + // determination that HTTP/2 will be used by both peers, each endpoint MUST + // send a connection preface as a final confirmation ... + // This is the preface string sent by the client + this->write_buffer->write(HTTP2_CONNECTION_PREFACE, HTTP2_CONNECTION_PREFACE_LEN); + total_write_len += HTTP2_CONNECTION_PREFACE_LEN; + // write_vio->nbytes = total_write_len; + write_reenable(); + this->connection_state.send_connection_preface(); + Http2SsnDebug("Sent Connection Preface"); + + this->handleEvent(VC_EVENT_READ_READY, read_vio); +} + +void +Http2ServerSession::new_connection(NetVConnection *new_vc, MIOBuffer *iobuf, IOBufferReader *reader) +{ + ink_assert(new_vc->mutex->thread_holding == this_ethread()); + HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_CURRENT_SERVER_SESSION_COUNT, new_vc->mutex->thread_holding); + HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_TOTAL_SERVER_CONNECTION_COUNT, new_vc->mutex->thread_holding); + this->_milestones.mark(Http2SsnMilestone::OPEN); + + // Unique client session identifier. + this->con_id = ProxySession::next_connection_id(); + this->_vc = new_vc; + _vc->set_inactivity_timeout(HRTIME_SECONDS(Http2::accept_no_activity_timeout)); + this->schedule_event = nullptr; + this->mutex = new_vc->mutex; + + this->connection_state.mutex = this->mutex; + + TLSEarlyDataSupport *eds = dynamic_cast<TLSEarlyDataSupport *>(new_vc); + if (eds != nullptr) { + this->read_from_early_data = eds->get_early_data_len(); + Debug("ssl_early_data", "read_from_early_data = %" PRId64, this->read_from_early_data); + } + + Http2SsnDebug("session born, netvc %p", this->_vc); + + this->_vc->set_tcp_congestion_control(CLIENT_SIDE); + + this->read_buffer = iobuf ? iobuf : new_MIOBuffer(HTTP2_HEADER_BUFFER_SIZE_INDEX); + this->read_buffer->water_mark = connection_state.local_settings.get(HTTP2_SETTINGS_MAX_FRAME_SIZE); + this->_read_buffer_reader = reader ? reader : this->read_buffer->alloc_reader(); + + // Set write buffer size to max size of TLS record (16KB) + // This block size is the buffer size that we pass to SSLWriteBuffer + auto buffer_block_size_index = iobuffer_size_to_index(Http2::write_buffer_block_size, MAX_BUFFER_SIZE_INDEX); + this->write_buffer = new_MIOBuffer(buffer_block_size_index); + this->_write_buffer_reader = this->write_buffer->alloc_reader(); + this->_write_size_threshold = index_to_buffer_size(buffer_block_size_index) * Http2::write_size_threshold; + + this->_handle_if_ssl(new_vc); + + do_api_callout(TS_HTTP_SSN_START_HOOK); + + this->add_session(); +} + +// implement that. After we send a GOAWAY, there +// are scenarios where we would like to complete the outstanding streams. + +void +Http2ServerSession::do_io_close(int alerrno) +{ + REMEMBER(NO_EVENT, this->recursion) + + if (!this->connection_state.is_state_closed()) { + Http2SsnDebug("session closed"); + this->remove_session(); + + ink_assert(this->mutex->thread_holding == this_ethread()); + send_connection_event(&this->connection_state, HTTP2_SESSION_EVENT_FINI, this); + + // Destroy will be called from connection_state.release_stream() once the number of active streams goes to 0 + } +} + +int +Http2ServerSession::main_event_handler(int event, void *edata) +{ + ink_assert(this->mutex->thread_holding == this_ethread()); + int retval; + + recursion++; + + Event *e = static_cast<Event *>(edata); + if (e == schedule_event) { + schedule_event = nullptr; + } + + Http2SsnDebug("main_event_handler=%d edata=%p", event, edata); + + switch (event) { + case VC_EVENT_READ_COMPLETE: + case VC_EVENT_READ_READY: { + bool is_zombie = connection_state.get_zombie_event() != nullptr; + retval = (this->*session_handler)(event, edata); + if (is_zombie && connection_state.get_zombie_event() != nullptr) { + Warning("Processed read event for zombie session %" PRId64, connection_id()); + } + break; + } + + case HTTP2_SESSION_EVENT_REENABLE: + // VIO will be reenableed in this handler + retval = (this->*session_handler)(VC_EVENT_READ_READY, static_cast<VIO *>(e->cookie)); + // Clear the event after calling session_handler to not reschedule REENABLE in it + this->_reenable_event = nullptr; + break; + + case VC_EVENT_ACTIVE_TIMEOUT: + case VC_EVENT_INACTIVITY_TIMEOUT: + case VC_EVENT_ERROR: + case VC_EVENT_EOS: + this->set_dying_event(event); + this->do_io_close(); + retval = 0; + break; + + case VC_EVENT_WRITE_READY: + case VC_EVENT_WRITE_COMPLETE: + this->connection_state.restart_streams(); + if ((Thread::get_hrtime() >= this->_write_buffer_last_flush + HRTIME_MSECONDS(this->_write_time_threshold))) { + this->flush(); + } + + retval = 0; + break; + + case HTTP2_SESSION_EVENT_XMIT: + default: + Http2SsnDebug("unexpected event=%d edata=%p", event, edata); + ink_release_assert(0); + retval = 0; + break; + } + + if (!this->is_draining() && this->connection_state.get_shutdown_reason() == Http2ErrorCode::HTTP2_ERROR_MAX) { + this->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NONE); + } + + if (this->connection_state.get_shutdown_state() == HTTP2_SHUTDOWN_NONE) { + if (this->is_draining()) { // For a case we already checked Connection header and it didn't exist + Http2SsnDebug("Preparing for graceful shutdown because of draining state"); + this->connection_state.set_shutdown_state(HTTP2_SHUTDOWN_NOT_INITIATED); + } /*else if (this->connection_state.get_stream_error_rate() > Review Comment: I don't think this part should be completely removed. If ATS is used as a forward proxy, it could be attacked by malicious/misbehaving origin servers. There's no graceful shutdown mechanism defined on the spec, but we could stop making new requests on the connection that has high error rate to make the connection inactive and close it sooner rather than later. We could also mark the origin server as a bad H2 server and use H1 on future connections. It should work as fallback mechanism. I think we need this kind of marking in the future anyway to choose a transport protocol (TCP or QUIC) for an origin server. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
