Using strncasecmp to match HTTP headers can give unexpected results when
the strings to be compared match up until the end of one string, but the
other string contains additional characters. This can result in falsely
matching a HTTP header value, for example:
strncasecmp("Upgrade-Something", "Upgrade", sizeof("Upgrade") - 1) --> 0
In this case we know that both strings are NULL terminated since one is
a string literal and we have just length-checked and explicitly NULL
terminated the other. So we can just use strcasecmp without a max
length.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
http1_headers_sent flag has to be cleared when entering
HTTP_SERVER_REQUEST_STATE and not only on the client init. Otherwise,
serving multiple HTTP1 POST requests over the same connection does not
work as intended (headers were not sent for the second and further
requests).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
adds filesystem as a resource for the http_server which serves static
(gzipped) files from a filesystem to the client.
Signed-off-by: Gerhard Jörges <joerges@metratec.com>
In case no "Connection: close" header is present in the request, the
server should keep the connection open for the client. Hence, after
serving a request, we need to check if the header was present (the
parser sets a flag for it), and only close the connection immediately,
if the client requested it. In case the client remains silent, the
connection will be closed anyway after the inactivity timer kicks in.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case there were active connections when restarting the server, it
can't be re-initialized immediately, as binding to the server port will
fail. We need to wait for the TCP connection teardown, as even with
REUSEADDR socket option set, binding will fail if the sockets are not in
TCP TIMED_WAIT state (i. e. connections are active).
Because of this, add a configurable delay when restarting the server.
Additionally, make server initialization failures non-fatal, i. e. try
to restart the server again after the delay if the initialization fails.
It's been observed with Chromium, that it tends to keep connections open
even after closing them on the server side (socket lingers in FIN_WAIT_2
state), so the server re-initialization may fail even with delay, so
it's beneficial in such case to keep retrying the server
re-initialization.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case of fatal errors (during poll() or when handling listening
socket), the server operation is restarted. It was missed however, that
sockets opened for the server should be closed in such case.
Additionally, in case there were active client connections, it's needed
to cleanup related resources, otherwise running timers may trigger a
crash.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In previous batch of fixes it was overlooked that streams are
HTTP2-specific concept. While for HTTP2 we need to track headers reply
state for each individual stream, at HTTP1 level we need to track this
at the client level. Hence, reintroduce respective flags to track
headers reply state, but only for HTTP1.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The information about replied headers or END_OF_STREAM flag are
stream-specific and not general for a client. Hence, need to move them
to the stream context.
For the upgrade case, we need to allocate a new stream now when HTTP1
request /w upgrade field is received. The stream ID in such case is
assumed to be 1 according to RFC.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case client decides to send a trailing headers frame, the last data
frame will not carry END_STREAM flag. In result, with current logic
server would not include END_STREAM flag either, causing the connection
to stall. This commit fixes this logic, so that the server replies
accordingly in case END_STREAM flag is present in the trailing headers
frame.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONTINUATION frames are tricky, because individual header fields can be
split between HEADERS frame and CONTINUATION frame, or two CONTINUATION
frames. Therefore, some extra logic is needed when header parsing
returns -EAGAIN, as we may need to remove the CONTINUATION frame header
from the stream before proceeding with headers parsing.
This commit implements the above logic and additionally adds more checks
to detect when CONTINUATION frame is expected. Not receiving a
CONTINUATION frame when expect should be treated as a protocol error.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Frame printouts should not be done from the state handlers, but rather
during state transition, otherwise a single frame can be printed several
times as new data arrive. This also simplifies code a bit, as we just
print the frame in a single place, instead of duplicating code.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There's really no good reason to have an upper bound on the buffer sizes
and this limits testing in some cases, so just remove them.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case RST_STREAM frame is received it should not be ignored, but the
corresponding stream should be closed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case priority flag is present in the HTTP2 headers frame header, we
should expect additional priority fields before the actual frame
content.
The stream priority signalling has been deprecated by RFC 9113, however
we should still be able to handle this in case some implementation
(nghttp for instance) sends them.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Data and header frames can contain padding - we need to take this into
account when parsing them, otherwise the stream is broken.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of multiplying function to check header flags, just have a
single one, with flag mask as parameter.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
For HTTP2-specific structures and enums, use "http2_" prefix to clearly
indicate the distinction from the generic HTTP stuff.
Additionally, some structures/enums describing HTTP2 protocol details
had "server" in the name, while in reality they describe nothing
server-specific. Hence, drop the "server" part where applicable.
Remove unused macros.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
* Remove unneeded variable.
* Use system utilities to read big endian numbers instead of parsing
manually.
* Remove `payload` member from the http_frame structure. It's not used
for anything useful, and could actually be misleading, as in case of
large frames, where not entire frame is parsed at once it will point
to incorrect location.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If we couldn't send all (or any data) via the socket,
invoke poll instead of blindly retrying and flooding the socket.
Respect timeout through http_client_req
Signed-off-by: Andrey Dodonov <Andrey.Dodonov@endress.com>
This file uses strnlen() but the C library
is not require to expose its prototype unless
_POSIX_C_SOURCE is defined.
So let's define it to avoid an implicit function
declaration warning.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
The chunked response was not sent properly. There were extra
"\r\n" before the chunk lenght and the length of the string
to be sent was calculated incorrectly.
Fixes#72887
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify resource string using wildcard characters
so that multiple URL paths can be served with just one handler.
Fixes#73367
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
After upgrading the HTTP connection to websocket, call the
application registered callback to transfer the ownership of
the socket to the application.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow connection to be upgraded from HTTP/1.1 to websocket.
This commit does nothing yet with the upgraded connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Check what kind of upgrading we are doing and return error
if we receive upgrade that we do not support.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Original code developed as a GSoC 2023 project by Emna Rekik.
Code refactored in order to provide better bisectability
as the origical commits were not bisectable.
The server supports static and dynamic resources, managed by
HTTP_SERVICE/HTTP_RESOURCE macros.
Fixes#59685Fixes#59686Fixes#59688Fixes#59690Fixes#59670Fixes#59700Fixes#59684Fixes#59693Fixes#59693Fixes#59694Fixes#59699Fixes#59696Fixes#59688Fixes#59690Fixes#59670Fixes#59700Fixes#59685Fixes#59686Fixes#59688Fixes#59691
Signed-off-by: Emna Rekik <emna.rekik007@gmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add HTTP/2 helper libraries to encode and decode HPACK encoded headers,
according to RFC7541.
HPACK string encoding requires to support certain set of Huffman codes,
therefore implement Huffman encoder/decoder as well.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Correct various small edge-case behaviors that have been accidentally
introduced in the http_client.
- http_client_req no longer incorrectly returns -ETIMEDOUT on NULL HTTP
resonse. -ETIMEDOUT is now only returned when the underlying TLS
socket times out.
- http_client_req now returns -ECONRESET upon incomplete (but non-NULL)
HTTP response. The request callback is no longer called in this case
(as with any other error state).
- http_wait_data has been refactored slightly to increase clarity.
Signed-off-by: Georges Oates_Larsen <georges.larsen@nordicsemi.no>
Return error to the caller if no data was received or there
was some other error. Earlier we did not check the error
condition properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Provide a means of declaring zero or more HTTP services, each
with zero or more static HTTP resources.
Static HTTP resources are those which have fixed paths[1] which
are known prior to system initialization. Some examples of
static http resources would be
* a forwarder from '/' to '/index.html'
* a REST endpoint with fixed path '/api/foo' and detail
pointing at some implementation-specific function
* a Javascript file in string form with fixed path '/js/util.js'
* a 'construction' image with path '/res/work.png'
* a gzip-compressed 'Hello' HTML file at '/hello.html'
Without describing in any detail how static HTTP resources are
organized or served by any given HTTP server, we can describe
what static resources exist on a system in a common way that
does not require any optional facilities (e.g. filesystem) and
relies only on addressable memory.
Additionally, for the purposes of simply allowing others
to implement custom HTTP servers in a consistent way, or
benchmarking implementations, or having a consistent testsuite
to use across multiple implementations, it is helpful to have
a common method to declare HTTP services and static resources
for Zephyr.
[1] https://en.wikipedia.org/wiki/URL
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Use internal constant ZSOCK_POLLIN instead of POLLIN to
make the http_client source file compile without error with
CONFIG_NET_SOCKETS_POSIX_NAMES disabled.
Fixes#55423
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Change the http timeout mechanism to use poll instead of shutdown.
This should fix a problem where the shutdown will be called in a
different thread context which can lead to deadlocks on certain
driver implementations like offloaded modem drivers.
Fixes#53967
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
Some minor housekeeping prior to adding an http server
implementation. There are already a number of http headers
and that number will likely increase with subsequent work.
Moving them into a common directory cleans up the
`include/net` directory a bit.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
http_client_req() was supposed to return the number of bytes sent as a
HTTP request. The return value was not riht however due to some bugs in
helper functions:
* http_send_data() returned the current buffer position istead of the
number of bytes actually sent. This could result in counting the same
data into the total request size several times. A helper variable was
added to track how many bytes were actually sent to the network.
* http_flush_data() forwarded the return value of sendall() helper
function. That function however did not return number of bytes sent,
but 0 or a negative error code.
Additionally, change the return type of sendall() function - according
to standard the ssize_t type is only capable of holding -1 negative
value, but the function could return the full range of negative errno
values. Use int instead.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Following #42026, the body_start pointer now points to the
start of the body fragment in the recv_buffer as long as there
is body in it, either entirely or partially.
Rename the body_start to body_frag_start to better reflect
what it represents.
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Adds an official behavior in response to null response from HTTP
endpoint.
Fixes#42988
Signed-off-by: Georges Oates_Larsen <georges.larsen@nordicsemi.no>
So far close() was called on underlying socket when timeout has expired.
This is wrong in several ways. First of all POSIX specification of
close() does not specify what should happen on blocking recv() call and
different systems have different behaviors (e.g. Linux does not wake up
recv() caller if there was no new incoming data, while other systems
might wakeup recv() caller immediately). Another (and much more severe)
problem is that HTTP client user does not know whether underlying socket
was already closed or not after HTTP request has finished. As a result
it was not clear whether close() should be called by HTTP client user.
Use shutdown(..., SHUT_RD) in internal HTTP client implementation, so
that recv() is woken up immediately with 0 as result (which means EOF).
This will allow to gracefully handle timeouts and make it clear that it
is application responsibility to always call close() after HTTP
request (successful or not).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
A common pattern here was to take the work item as the subfield of a
containing object. But the contained field is not a k_work, it's a
k_work_delayable.
Things were working only because the work field was first, so the
pointers had the same value. Do things right and fix things to
produce correct code if/when that field ever moves within delayable.
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
