Line data Source code
1 : #define _GNU_SOURCE
2 : #include "fd_sshttp_private.h"
3 : #include "fd_ssarchive.h"
4 :
5 : #include "../../../waltz/http/picohttpparser.h"
6 : #include "../../../waltz/openssl/fd_openssl_tile.h"
7 : #include "../../../waltz/openssl/fd_openssl.h"
8 : #include "../../../util/log/fd_log.h"
9 : #include "../../../flamenco/types/fd_types_custom.h"
10 :
11 : #include <unistd.h>
12 : #include <errno.h>
13 : #include <poll.h>
14 : #include <stdlib.h>
15 :
16 : #include <sys/socket.h>
17 : #include <netinet/in.h>
18 :
19 : _Bool fd_sshttp_fuzz = 0;
20 :
21 : FD_FN_CONST ulong
22 0 : fd_sshttp_align( void ) {
23 0 : return alignof(fd_sshttp_t);
24 0 : }
25 :
26 : FD_FN_CONST ulong
27 0 : fd_sshttp_footprint( void ) {
28 0 : ulong l;
29 0 : l = FD_LAYOUT_INIT;
30 0 : l = FD_LAYOUT_APPEND( l, alignof(fd_sshttp_t), sizeof(fd_sshttp_t) );
31 0 : return FD_LAYOUT_FINI( l, fd_sshttp_align() );
32 0 : }
33 :
34 : void *
35 0 : fd_sshttp_new( void * shmem ) {
36 0 : if( FD_UNLIKELY( !shmem ) ) {
37 0 : FD_LOG_WARNING(( "NULL shmem" ));
38 0 : return NULL;
39 0 : }
40 :
41 0 : if( FD_UNLIKELY( !fd_ulong_is_aligned( (ulong)shmem, fd_sshttp_align() ) ) ) {
42 0 : FD_LOG_WARNING(( "unaligned shmem" ));
43 0 : return NULL;
44 0 : }
45 :
46 0 : FD_SCRATCH_ALLOC_INIT( l, shmem );
47 0 : fd_sshttp_t * sshttp = FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_sshttp_t), sizeof(fd_sshttp_t) );
48 :
49 0 : sshttp->state = FD_SSHTTP_STATE_INIT;
50 0 : sshttp->content_len = 0UL;
51 0 : fd_cstr_fini( sshttp->snapshot_name );
52 :
53 0 : #if FD_HAS_OPENSSL
54 0 : sshttp->ssl = NULL;
55 0 : sshttp->ssl_ctx = NULL;
56 :
57 0 : if( !fd_sshttp_fuzz ) {
58 0 : SSL_CTX * ssl_ctx = SSL_CTX_new( TLS_client_method() );
59 0 : if( FD_UNLIKELY( !ssl_ctx ) ) {
60 0 : FD_LOG_ERR(( "SSL_CTX_new failed" ));
61 0 : }
62 :
63 0 : if( FD_UNLIKELY( !SSL_CTX_set_min_proto_version( ssl_ctx, TLS1_3_VERSION ) ) ) {
64 0 : FD_LOG_ERR(( "SSL_CTX_set_min_proto_version(ssl_ctx,TLS1_3_VERSION) failed" ));
65 0 : }
66 :
67 : /* transfering ownership of ssl_ctx by assignment */
68 0 : sshttp->ssl_ctx = ssl_ctx;
69 :
70 0 : fd_ossl_load_certs( sshttp->ssl_ctx );
71 0 : }
72 0 : #endif
73 :
74 0 : FD_COMPILER_MFENCE();
75 0 : sshttp->magic = FD_SSHTTP_MAGIC;
76 0 : FD_COMPILER_MFENCE();
77 :
78 0 : return (void *)sshttp;
79 0 : }
80 :
81 : fd_sshttp_t *
82 0 : fd_sshttp_join( void * shhttp ) {
83 0 : if( FD_UNLIKELY( !shhttp ) ) {
84 0 : FD_LOG_WARNING(( "NULL shhttp" ));
85 0 : return NULL;
86 0 : }
87 :
88 0 : if( FD_UNLIKELY( !fd_ulong_is_aligned( (ulong)shhttp, fd_sshttp_align() ) ) ) {
89 0 : FD_LOG_WARNING(( "misaligned shhttp" ));
90 0 : return NULL;
91 0 : }
92 :
93 0 : fd_sshttp_t * sshttp = (fd_sshttp_t *)shhttp;
94 :
95 0 : if( FD_UNLIKELY( sshttp->magic!=FD_SSHTTP_MAGIC ) ) {
96 0 : FD_LOG_WARNING(( "bad magic" ));
97 0 : return NULL;
98 0 : }
99 :
100 0 : return sshttp;
101 0 : }
102 :
103 : #if FD_HAS_OPENSSL
104 : static void
105 0 : http_init_ssl( fd_sshttp_t * http ) {
106 0 : FD_TEST( http->hostname );
107 0 : FD_TEST( http->ssl_ctx );
108 :
109 0 : http->ssl = SSL_new( http->ssl_ctx );
110 0 : if( FD_UNLIKELY( !http->ssl ) ) {
111 0 : FD_LOG_ERR(( "SSL_new failed for %s", http->hostname ));
112 0 : }
113 :
114 0 : static uchar const alpn_protos[] = { 8, 'h', 't', 't', 'p', '/', '1', '.', '1' };
115 0 : int alpn_res = SSL_set_alpn_protos( http->ssl, alpn_protos, sizeof(alpn_protos) );
116 0 : if( FD_UNLIKELY( alpn_res!=0 ) ) {
117 0 : FD_LOG_ERR(( "SSL_set_alpn_protos failed (%d) for %s", alpn_res, http->hostname ));
118 0 : }
119 :
120 : /* set SNI */
121 0 : int set1_host_res = SSL_set1_host( http->ssl, http->hostname );
122 0 : if( FD_UNLIKELY( !set1_host_res ) ) {
123 0 : FD_LOG_ERR(( "SSL_set1_host failed (%d) for %s", set1_host_res, http->hostname ));
124 0 : }
125 0 : }
126 : #endif
127 :
128 : void
129 : fd_sshttp_init( fd_sshttp_t * http,
130 : fd_ip4_port_t addr,
131 : char const * hostname,
132 : int is_https,
133 : char const * path,
134 : ulong path_len,
135 0 : long now ) {
136 0 : FD_TEST( http->state==FD_SSHTTP_STATE_INIT );
137 :
138 0 : http->hostname = hostname;
139 0 : http->is_https = is_https;
140 :
141 0 : if( FD_LIKELY( is_https ) ) {
142 0 : #if FD_HAS_OPENSSL
143 0 : http_init_ssl( http );
144 : #else
145 : FD_LOG_ERR(( "cannot make HTTPS connection without OpenSSL" ));
146 : #endif
147 0 : }
148 :
149 0 : http->hops = 4UL;
150 0 : http->request_sent = 0UL;
151 0 : if( FD_LIKELY( is_https ) ) {
152 0 : FD_TEST( fd_cstr_printf_check( http->request, sizeof(http->request), &http->request_len,
153 0 : "GET %.*s HTTP/1.1\r\n"
154 0 : "User-Agent: Firedancer\r\n"
155 0 : "Accept: */*\r\n"
156 0 : "Accept-Encoding: identity\r\n"
157 0 : "Host: %s\r\n\r\n",
158 0 : (int)path_len, path, hostname ) );
159 0 : } else {
160 0 : FD_TEST( fd_cstr_printf_check( http->request, sizeof(http->request), &http->request_len,
161 0 : "GET %.*s HTTP/1.1\r\n"
162 0 : "User-Agent: Firedancer\r\n"
163 0 : "Accept: */*\r\n"
164 0 : "Accept-Encoding: identity\r\n"
165 0 : "Host: " FD_IP4_ADDR_FMT "\r\n\r\n",
166 0 : (int)path_len, path, FD_IP4_ADDR_FMT_ARGS( addr.addr ) ) );
167 0 : }
168 :
169 0 : http->response_len = 0UL;
170 0 : http->content_len = 0UL;
171 0 : http->content_read = 0UL;
172 0 : http->empty_recvs = 0UL;
173 :
174 0 : http->addr = addr;
175 0 : http->sockfd = socket( AF_INET, SOCK_STREAM|SOCK_NONBLOCK, 0 );
176 0 : if( FD_UNLIKELY( -1==http->sockfd ) ) FD_LOG_ERR(( "socket() failed (%d-%s) for " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
177 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
178 :
179 0 : struct sockaddr_in addr_in = {
180 0 : .sin_family = AF_INET,
181 0 : .sin_port = addr.port,
182 0 : .sin_addr = { .s_addr = addr.addr }
183 0 : };
184 :
185 0 : if( FD_LIKELY( -1==connect( http->sockfd, fd_type_pun_const( &addr_in ), sizeof(addr_in) ) ) ) {
186 0 : if( FD_UNLIKELY( errno!=EINPROGRESS ) ) {
187 0 : FD_LOG_WARNING(( "connect() failed (%d-%s) to " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
188 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
189 0 : if( FD_UNLIKELY( -1==close( http->sockfd ) ) ) FD_LOG_ERR(( "close() failed (%d-%s) for " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
190 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
191 0 : http->sockfd = -1;
192 0 : #if FD_HAS_OPENSSL
193 0 : if( FD_LIKELY( http->ssl ) ) { SSL_free( http->ssl ); http->ssl = NULL; }
194 0 : #endif
195 0 : return;
196 0 : }
197 0 : }
198 :
199 0 : if( FD_LIKELY( is_https ) ) {
200 0 : #if FD_HAS_OPENSSL
201 0 : FD_TEST( fd_openssl_ssl_set_fd( http->ssl, http->sockfd ) );
202 0 : #endif
203 0 : http->state = FD_SSHTTP_STATE_CONNECT;
204 0 : http->deadline = now + FD_SSHTTP_DEADLINE_NANOS;
205 0 : } else {
206 0 : http->state = FD_SSHTTP_STATE_REQ;
207 0 : http->deadline = now + FD_SSHTTP_DEADLINE_NANOS;
208 0 : }
209 0 : }
210 :
211 : #if FD_HAS_OPENSSL
212 : static int
213 : http_connect_ssl( fd_sshttp_t * http,
214 0 : long now ) {
215 0 : if( FD_UNLIKELY( now>http->deadline ) ) {
216 0 : FD_LOG_WARNING(( "deadline exceeded during connect to " FD_IP4_ADDR_FMT ":%hu",
217 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
218 0 : fd_sshttp_cancel( http );
219 0 : return FD_SSHTTP_ADVANCE_ERROR;
220 0 : }
221 :
222 0 : FD_TEST( http->ssl );
223 0 : int ssl_err = SSL_connect( http->ssl );
224 0 : if( FD_UNLIKELY( ssl_err!=1 ) ) {
225 0 : int ssl_err_code = SSL_get_error( http->ssl, ssl_err );
226 0 : if( FD_UNLIKELY( ssl_err_code!=SSL_ERROR_WANT_READ && ssl_err_code!=SSL_ERROR_WANT_WRITE ) ) {
227 0 : FD_LOG_WARNING(( "SSL_connect failed (%d-%s) to " FD_IP4_ADDR_FMT ":%hu", ssl_err_code, fd_openssl_ssl_strerror( ssl_err_code ),
228 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
229 0 : SSL_free( http->ssl );
230 0 : http->ssl = NULL;
231 0 : return FD_SSHTTP_ADVANCE_ERROR;
232 0 : }
233 : /* in progress */
234 0 : return FD_SSHTTP_ADVANCE_AGAIN;
235 0 : }
236 :
237 0 : http->state = FD_SSHTTP_STATE_REQ;
238 0 : http->deadline = now + FD_SSHTTP_DEADLINE_NANOS;
239 0 : return FD_SSHTTP_ADVANCE_AGAIN;
240 0 : }
241 :
242 : static int
243 : http_shutdown_ssl( fd_sshttp_t * http,
244 0 : long now ) {
245 0 : if( FD_UNLIKELY( now>http->deadline ) ) {
246 0 : FD_LOG_WARNING(( "deadline exceeded during shutdown for " FD_IP4_ADDR_FMT ":%hu",
247 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
248 0 : fd_sshttp_cancel( http );
249 0 : return FD_SSHTTP_ADVANCE_ERROR;
250 0 : }
251 :
252 0 : int res = SSL_shutdown( http->ssl );
253 0 : if( FD_LIKELY( res<=0 ) ) {
254 0 : int ssl_err_code = SSL_get_error( http->ssl, res );
255 0 : if( FD_UNLIKELY( ssl_err_code!=SSL_ERROR_WANT_READ && ssl_err_code!=SSL_ERROR_WANT_WRITE && res!=0 ) ) {
256 0 : FD_LOG_WARNING(( "SSL_shutdown failed (%d-%s) for " FD_IP4_ADDR_FMT ":%hu", ssl_err_code, fd_openssl_ssl_strerror( ssl_err_code ),
257 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
258 0 : SSL_free( http->ssl );
259 0 : http->ssl = NULL;
260 0 : return FD_SSHTTP_ADVANCE_ERROR;
261 0 : }
262 :
263 0 : return FD_SSHTTP_ADVANCE_AGAIN;
264 0 : }
265 :
266 0 : http->state = http->next_state;
267 0 : return FD_SSHTTP_ADVANCE_AGAIN;
268 0 : }
269 :
270 : static long
271 : http_recv_ssl( fd_sshttp_t * http,
272 : void * buf,
273 0 : ulong bufsz ) {
274 0 : int read_res = SSL_read( http->ssl, buf, (int)bufsz );
275 0 : if( FD_UNLIKELY( read_res<=0 ) ) {
276 0 : int ssl_err = SSL_get_error( http->ssl, read_res );
277 :
278 0 : if( FD_UNLIKELY( ssl_err!=SSL_ERROR_WANT_READ && ssl_err!=SSL_ERROR_WANT_WRITE ) ) {
279 0 : FD_LOG_WARNING(( "SSL_read failed (%d-%s) from " FD_IP4_ADDR_FMT ":%hu", ssl_err, fd_openssl_ssl_strerror( ssl_err ),
280 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
281 0 : return FD_SSHTTP_ADVANCE_ERROR;
282 0 : }
283 :
284 0 : return FD_SSHTTP_ADVANCE_AGAIN;
285 0 : }
286 :
287 0 : return (long)read_res;
288 0 : }
289 :
290 : static long
291 : http_send_ssl( fd_sshttp_t * http,
292 : void * buf,
293 0 : ulong bufsz ) {
294 0 : int write_res = SSL_write( http->ssl, buf, (int)bufsz );
295 0 : if( FD_UNLIKELY( write_res<=0 ) ) {
296 0 : int ssl_err = SSL_get_error( http->ssl, write_res );
297 :
298 0 : if( FD_UNLIKELY( ssl_err!=SSL_ERROR_WANT_READ && ssl_err!=SSL_ERROR_WANT_WRITE ) ) {
299 0 : FD_LOG_WARNING(( "SSL_write failed (%d-%s) to " FD_IP4_ADDR_FMT ":%hu", ssl_err, fd_openssl_ssl_strerror( ssl_err ),
300 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
301 0 : return FD_SSHTTP_ADVANCE_ERROR;
302 0 : }
303 :
304 0 : return FD_SSHTTP_ADVANCE_AGAIN;
305 0 : }
306 :
307 0 : return (long)write_res;
308 0 : }
309 :
310 : static int
311 : setup_redirect( fd_sshttp_t * http,
312 0 : long now ) {
313 0 : fd_sshttp_cancel( http );
314 0 : fd_sshttp_init( http, http->addr, http->hostname, http->is_https, http->location, http->location_len, now );
315 0 : return FD_SSHTTP_ADVANCE_AGAIN;
316 0 : }
317 :
318 : #endif
319 :
320 : void
321 0 : fd_sshttp_cancel( fd_sshttp_t * http ) {
322 0 : if( FD_LIKELY( http->state!=FD_SSHTTP_STATE_INIT && -1!=http->sockfd ) ) {
323 0 : if( FD_UNLIKELY( -1==close( http->sockfd ) ) ) FD_LOG_ERR(( "close() failed (%d-%s) for " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
324 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
325 0 : http->sockfd = -1;
326 0 : }
327 0 : http->state = FD_SSHTTP_STATE_INIT;
328 :
329 0 : #if FD_HAS_OPENSSL
330 0 : if( FD_LIKELY( http->ssl ) ) {
331 0 : SSL_free( http->ssl );
332 0 : http->ssl = NULL;
333 0 : }
334 0 : #endif
335 0 : }
336 :
337 : static long
338 : http_send( fd_sshttp_t * http,
339 : void * buf,
340 0 : ulong bufsz ) {
341 0 : #if FD_HAS_OPENSSL
342 0 : if( FD_LIKELY( http->is_https ) ) return http_send_ssl( http, buf, bufsz );
343 0 : #endif
344 :
345 0 : long sent = sendto( http->sockfd, buf, bufsz, MSG_NOSIGNAL, NULL, 0 );
346 0 : if( FD_UNLIKELY( -1==sent && errno==EAGAIN ) ) return FD_SSHTTP_ADVANCE_AGAIN;
347 0 : else if( FD_UNLIKELY( -1==sent ) ) {
348 0 : FD_LOG_WARNING(( "sendto() failed (%d-%s) to " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
349 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
350 0 : fd_sshttp_cancel( http );
351 0 : return FD_SSHTTP_ADVANCE_ERROR;
352 0 : }
353 :
354 0 : return sent;
355 0 : }
356 :
357 : static long
358 : http_recv( fd_sshttp_t * http,
359 : void * buf,
360 0 : ulong bufsz ) {
361 0 : #if FD_HAS_OPENSSL
362 0 : if( FD_LIKELY( http->is_https ) ) return http_recv_ssl( http, buf, bufsz );
363 0 : #endif
364 :
365 0 : long read = recvfrom( http->sockfd, buf, bufsz, 0, NULL, NULL );
366 0 : if( FD_UNLIKELY( -1==read && errno==EAGAIN ) ) {
367 0 : if( FD_UNLIKELY( ++http->empty_recvs>8UL && !fd_sshttp_fuzz ) ) {
368 : /* If we have gone several iterations without having any data to
369 : read, sleep the thread for up to one millisecond, or until
370 : the socket is readable again, whichever comes first. */
371 0 : struct pollfd pfd = {
372 0 : .fd = http->sockfd,
373 0 : .events = POLLIN,
374 0 : };
375 0 : if( -1==fd_syscall_poll( &pfd, 1 /*fds*/, 1 /*ms*/ ) ) {
376 0 : FD_LOG_ERR(( "fd_syscall_poll() failed (%d-%s) for " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
377 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
378 0 : }
379 0 : }
380 0 : return FD_SSHTTP_ADVANCE_AGAIN;
381 0 : } else if( FD_UNLIKELY( -1==read ) ) {
382 0 : FD_LOG_WARNING(( "recvfrom() failed (%d-%s) from " FD_IP4_ADDR_FMT ":%hu", errno, fd_io_strerror( errno ),
383 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
384 0 : fd_sshttp_cancel( http );
385 0 : return FD_SSHTTP_ADVANCE_ERROR;
386 0 : }
387 0 : http->empty_recvs = 0UL;
388 :
389 0 : return read;
390 0 : }
391 :
392 : static int
393 : send_request( fd_sshttp_t * http,
394 0 : long now ) {
395 0 : if( FD_UNLIKELY( now>http->deadline ) ) {
396 0 : FD_LOG_WARNING(( "timeout sending request to " FD_IP4_ADDR_FMT ":%hu",
397 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
398 0 : fd_sshttp_cancel( http );
399 0 : return FD_SSHTTP_ADVANCE_ERROR;
400 0 : }
401 :
402 0 : long sent = http_send( http, http->request+http->request_sent, http->request_len-http->request_sent );
403 0 : if( FD_UNLIKELY( sent<=0 ) ) return (int)sent;
404 :
405 0 : http->request_sent += (ulong)sent;
406 0 : if( FD_UNLIKELY( http->request_sent==http->request_len ) ) {
407 0 : http->state = FD_SSHTTP_STATE_RESP;
408 0 : http->response_len = 0UL;
409 0 : http->deadline = now + FD_SSHTTP_DEADLINE_NANOS;
410 0 : }
411 :
412 0 : return FD_SSHTTP_ADVANCE_AGAIN;
413 0 : }
414 :
415 : static int
416 : follow_redirect( fd_sshttp_t * http,
417 : struct phr_header * headers,
418 : ulong header_cnt,
419 0 : long now ) {
420 0 : if( FD_UNLIKELY( !http->hops ) ) {
421 0 : FD_LOG_WARNING(( "too many redirects (remaining %lu) from " FD_IP4_ADDR_FMT ":%hu", http->hops,
422 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
423 0 : fd_sshttp_cancel( http );
424 0 : return FD_SSHTTP_ADVANCE_ERROR;
425 0 : }
426 : /* The check above guarantees hops>0. */
427 0 : http->hops--;
428 :
429 0 : ulong location_len = 0UL;
430 0 : char const * location = NULL;
431 :
432 0 : for( ulong i=0UL; i<header_cnt; i++ ) {
433 0 : if( FD_UNLIKELY( headers[ i ].name_len == 8 && !strncasecmp( headers[ i ].name, "location", headers[ i ].name_len ) ) ) {
434 0 : if( FD_UNLIKELY( !headers [ i ].value_len || headers[ i ].value[ 0 ]!='/' ) ) {
435 0 : FD_LOG_WARNING(( "invalid location header `%.*s` from " FD_IP4_ADDR_FMT ":%hu", (int)headers[ i ].value_len, headers[ i ].value,
436 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
437 0 : fd_sshttp_cancel( http );
438 0 : return FD_SSHTTP_ADVANCE_ERROR;
439 0 : }
440 :
441 0 : location_len = headers[ i ].value_len;
442 0 : location = headers[ i ].value;
443 :
444 0 : if( FD_UNLIKELY( location_len>=PATH_MAX-1UL ) ) {
445 0 : FD_LOG_WARNING(( "location header too long `%.*s` from " FD_IP4_ADDR_FMT ":%hu", (int)location_len, location,
446 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
447 0 : fd_sshttp_cancel( http );
448 0 : return FD_SSHTTP_ADVANCE_ERROR;
449 0 : }
450 :
451 0 : char snapshot_name[ PATH_MAX ];
452 0 : fd_memcpy( snapshot_name, location+1UL, location_len-1UL );
453 0 : snapshot_name[ location_len-1UL ] = '\0';
454 :
455 0 : int is_zstd;
456 0 : ulong full_entry_slot, incremental_entry_slot;
457 0 : uchar decoded_hash[ FD_HASH_FOOTPRINT ];
458 0 : int err = fd_ssarchive_parse_filename( snapshot_name, &full_entry_slot, &incremental_entry_slot, decoded_hash, &is_zstd );
459 :
460 0 : if( FD_UNLIKELY( err || !is_zstd ) ) {
461 0 : FD_LOG_WARNING(( "unrecognized snapshot file `%s` in redirect location header from " FD_IP4_ADDR_FMT ":%hu", snapshot_name,
462 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
463 0 : fd_sshttp_cancel( http );
464 0 : return FD_SSHTTP_ADVANCE_ERROR;
465 0 : }
466 :
467 0 : char encoded_hash[ FD_BASE58_ENCODED_32_SZ ];
468 0 : fd_base58_encode_32( decoded_hash, NULL, encoded_hash );
469 :
470 0 : if( FD_LIKELY( incremental_entry_slot!=ULONG_MAX ) ) {
471 0 : FD_TEST( fd_cstr_printf_check( http->snapshot_name, PATH_MAX, NULL, "incremental-snapshot-%lu-%lu-%s.tar.zst", full_entry_slot, incremental_entry_slot, encoded_hash ) );
472 0 : } else {
473 0 : FD_TEST( fd_cstr_printf_check( http->snapshot_name, PATH_MAX, NULL, "snapshot-%lu-%s.tar.zst", full_entry_slot, encoded_hash ) );
474 0 : }
475 0 : break;
476 0 : }
477 0 : }
478 :
479 0 : if( FD_UNLIKELY( !location_len ) ) {
480 0 : FD_LOG_WARNING(( "no location header in redirect response from " FD_IP4_ADDR_FMT ":%hu",
481 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
482 0 : fd_sshttp_cancel( http );
483 0 : return FD_SSHTTP_ADVANCE_ERROR;
484 0 : }
485 :
486 0 : if( FD_UNLIKELY( !fd_cstr_printf_check( http->request, sizeof(http->request), &http->request_len,
487 0 : "GET %.*s HTTP/1.1\r\n"
488 0 : "User-Agent: Firedancer\r\n"
489 0 : "Accept: */*\r\n"
490 0 : "Accept-Encoding: identity\r\n"
491 0 : "Host: " FD_IP4_ADDR_FMT "\r\n\r\n",
492 0 : (int)location_len, location, FD_IP4_ADDR_FMT_ARGS( http->addr.addr ) ) ) ) {
493 0 : FD_LOG_WARNING(( "redirect request too long `%.*s` from " FD_IP4_ADDR_FMT ":%hu", (int)location_len, location,
494 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
495 0 : fd_sshttp_cancel( http );
496 0 : return FD_SSHTTP_ADVANCE_ERROR;
497 0 : }
498 :
499 0 : FD_LOG_NOTICE(( "following redirect to %s://" FD_IP4_ADDR_FMT ":%hu%.*s", http->is_https ? "https" : "http",
500 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ),
501 0 : (int)location_len, location ));
502 :
503 0 : if( FD_UNLIKELY( http->is_https ) ) {
504 0 : http->next_state = FD_SSHTTP_STATE_REDIRECT;
505 0 : http->state = FD_SSHTTP_STATE_SHUTTING_DOWN;
506 0 : http->location_len = location_len;
507 0 : FD_TEST( location_len<PATH_MAX-1UL );
508 0 : fd_memcpy( http->location, location, location_len );
509 0 : http->location[ location_len ] = '\0';
510 0 : } else {
511 0 : if( FD_LIKELY( !fd_sshttp_fuzz ) ) {
512 0 : fd_sshttp_cancel( http );
513 0 : fd_sshttp_init( http, http->addr, http->hostname, http->is_https, location, location_len, now );
514 0 : } else {
515 0 : http->state = FD_SSHTTP_STATE_RESP;
516 0 : http->response_len = 0UL;
517 0 : }
518 0 : }
519 :
520 0 : return FD_SSHTTP_ADVANCE_AGAIN;
521 0 : }
522 :
523 : static int
524 : read_response( fd_sshttp_t * http,
525 : ulong * data_len,
526 : uchar * data,
527 0 : long now ) {
528 0 : if( FD_UNLIKELY( now>http->deadline ) ) {
529 0 : FD_LOG_WARNING(( "timeout reading response from " FD_IP4_ADDR_FMT ":%hu",
530 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
531 0 : fd_sshttp_cancel( http );
532 0 : return FD_SSHTTP_ADVANCE_ERROR;
533 0 : }
534 :
535 0 : long read = http_recv( http, http->response+http->response_len, sizeof(http->response)-http->response_len );
536 0 : if( FD_UNLIKELY( read<=0 ) ) return (int)read;
537 :
538 0 : http->response_len += (ulong)read;
539 :
540 0 : int minor_version;
541 0 : int status;
542 0 : const char * message;
543 0 : ulong message_len;
544 0 : struct phr_header headers[ 128UL ];
545 0 : ulong header_cnt = 128UL;
546 0 : int parsed = phr_parse_response( http->response,
547 0 : http->response_len,
548 0 : &minor_version,
549 0 : &status,
550 0 : &message,
551 0 : &message_len,
552 0 : headers,
553 0 : &header_cnt,
554 0 : http->response_len - (ulong)read );
555 0 : if( FD_UNLIKELY( parsed==-1 ) ) {
556 0 : FD_LOG_WARNING(( "malformed response headers from " FD_IP4_ADDR_FMT ":%hu",
557 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
558 0 : fd_sshttp_cancel( http );
559 0 : return FD_SSHTTP_ADVANCE_ERROR;
560 0 : } else if( parsed==-2 ) {
561 0 : return FD_SSHTTP_ADVANCE_AGAIN;
562 0 : }
563 :
564 0 : int is_redirect = (status==301) | (status==302) | (status==303) | (status==304) | (status==307) | (status==308);
565 0 : if( FD_UNLIKELY( is_redirect ) ) {
566 0 : return follow_redirect( http, headers, header_cnt, now );
567 0 : }
568 :
569 0 : if( FD_UNLIKELY( status!=200 ) ) {
570 0 : FD_LOG_WARNING(( "unexpected response status %d %.*s from " FD_IP4_ADDR_FMT ":%hu", status, (int)message_len, message,
571 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
572 0 : fd_sshttp_cancel( http );
573 0 : return FD_SSHTTP_ADVANCE_ERROR;
574 0 : }
575 :
576 0 : http->content_read = 0UL;
577 0 : http->content_len = ULONG_MAX;
578 0 : for( ulong i=0UL; i<header_cnt; i++ ) {
579 0 : if( FD_LIKELY( headers[i].name_len!=14UL ) ) continue;
580 0 : if( FD_LIKELY( strncasecmp( headers[i].name, "content-length", 14UL ) ) ) continue;
581 :
582 0 : http->content_len = strtoul( headers[i].value, NULL, 10 );
583 0 : break;
584 0 : }
585 :
586 0 : if( FD_UNLIKELY( http->content_len==ULONG_MAX ) ) {
587 0 : FD_LOG_WARNING(( "no content-length header in response from " FD_IP4_ADDR_FMT ":%hu",
588 0 : FD_IP4_ADDR_FMT_ARGS( http->addr.addr ), fd_ushort_bswap( http->addr.port ) ));
589 0 : fd_sshttp_cancel( http );
590 0 : return FD_SSHTTP_ADVANCE_ERROR;
591 0 : }
592 :
593 0 : http->state = FD_SSHTTP_STATE_DL;
594 0 : if( FD_UNLIKELY( (ulong)parsed<http->response_len ) ) {
595 0 : ulong need_len = http->response_len - (ulong)parsed;
596 0 : if( FD_UNLIKELY( *data_len<need_len ) ) {
597 0 : FD_LOG_WARNING(( "data buffer too small (data_len=%lu required=%lu response_len=%lu parsed=%lu)",
598 0 : *data_len, need_len, http->response_len, (ulong)parsed ));
599 0 : fd_sshttp_cancel( http );
600 0 : return FD_SSHTTP_ADVANCE_ERROR;
601 0 : }
602 0 : *data_len = need_len;
603 0 : fd_memcpy( data, http->response+parsed, *data_len );
604 0 : http->content_read += *data_len;
605 0 : return FD_SSHTTP_ADVANCE_DATA;
606 0 : } else {
607 0 : FD_TEST( http->response_len==(ulong)parsed );
608 0 : return FD_SSHTTP_ADVANCE_AGAIN;
609 0 : }
610 0 : }
611 :
612 : static int
613 : read_body( fd_sshttp_t * http,
614 : ulong * data_len,
615 : uchar * data,
616 0 : long now ) {
617 0 : if( FD_UNLIKELY( http->content_read>=http->content_len ) ) {
618 0 : if( FD_UNLIKELY( http->is_https ) ) {
619 0 : http->next_state = FD_SSHTTP_STATE_DONE;
620 0 : http->state = FD_SSHTTP_STATE_SHUTTING_DOWN;
621 0 : http->deadline = now + FD_SSHTTP_DEADLINE_NANOS;
622 0 : return FD_SSHTTP_ADVANCE_AGAIN;
623 0 : } else {
624 0 : fd_sshttp_cancel( http );
625 0 : http->state = FD_SSHTTP_STATE_INIT;
626 0 : return FD_SSHTTP_ADVANCE_DONE;
627 0 : }
628 0 : }
629 :
630 0 : FD_TEST( http->content_read<http->content_len );
631 0 : long read = http_recv( http, data, fd_ulong_min( *data_len, http->content_len-http->content_read ) );
632 0 : if( FD_UNLIKELY( read<=0 ) ) return (int)read;
633 :
634 0 : if( FD_UNLIKELY( !read ) ) return FD_SSHTTP_ADVANCE_AGAIN;
635 :
636 0 : *data_len = (ulong)read;
637 0 : http->content_read += (ulong)read;
638 :
639 0 : return FD_SSHTTP_ADVANCE_DATA;
640 0 : }
641 :
642 : char const *
643 0 : fd_sshttp_snapshot_name( fd_sshttp_t const * http ) {
644 0 : return http->snapshot_name;
645 0 : }
646 :
647 : ulong
648 0 : fd_sshttp_content_len( fd_sshttp_t const * http ) {
649 0 : return http->content_len;
650 0 : }
651 :
652 : int
653 : fd_sshttp_advance( fd_sshttp_t * http,
654 : ulong * data_len,
655 : uchar * data,
656 : int * downloading,
657 0 : long now ) {
658 0 : *downloading = 0;
659 0 : switch( http->state ) {
660 0 : case FD_SSHTTP_STATE_INIT: return FD_SSHTTP_ADVANCE_AGAIN;
661 0 : #if FD_HAS_OPENSSL
662 0 : case FD_SSHTTP_STATE_CONNECT: return http_connect_ssl( http, now );
663 0 : case FD_SSHTTP_STATE_SHUTTING_DOWN: return http_shutdown_ssl( http, now );
664 0 : case FD_SSHTTP_STATE_REDIRECT: return setup_redirect( http, now );
665 0 : #endif
666 0 : case FD_SSHTTP_STATE_REQ: return send_request( http, now );
667 0 : case FD_SSHTTP_STATE_RESP: return read_response( http, data_len, data, now );
668 0 : case FD_SSHTTP_STATE_DL: *downloading = 1; return read_body( http, data_len, data, now );
669 0 : case FD_SSHTTP_STATE_DONE:
670 0 : fd_sshttp_cancel( http );
671 0 : http->state = FD_SSHTTP_STATE_INIT;
672 0 : return FD_SSHTTP_ADVANCE_DONE;
673 0 : default: return FD_SSHTTP_ADVANCE_ERROR;
674 0 : }
675 0 : }
|
