WIP: Supporting HTTP/2 ingress traffic

- Basic integration test for HTTP/2 traffic
- Still need to backfill unit tests
- Running into some difficulties sending HTTP/1.0 requests via
http.Client :sweatsmile:

[cloudfoundry/routing-release#200]

Co-authored-by: Carson Long <[email protected]>
Co-authored-by: Greg Cobb <[email protected]>

Author: 3 people

handlers/protocolcheck.go

@@ -59,5 +59,5 @@ func (p *protocolCheck) hijack(rw http.ResponseWriter) (net.Conn, *bufio.ReadWri
 }
 
 func isProtocolSupported(request *http.Request) bool {
-	return request.ProtoMajor == 1 && (request.ProtoMinor == 0 || request.ProtoMinor == 1)
+	return request.ProtoMajor == 2 || (request.ProtoMajor == 1 && (request.ProtoMinor == 0 || request.ProtoMinor == 1))
 }

handlers/protocolcheck_test.go

@@ -48,14 +48,14 @@ var _ = Describe("Protocolcheck", func() {
 		server.Close()
 	})
 
-	Context("http 1.1", func() {
+	Context("http2", func() {
 		It("passes the request through", func() {
 			conn, err := net.Dial("tcp", server.Addr())
 			defer conn.Close()
 			Expect(err).ToNot(HaveOccurred())
 			respReader := bufio.NewReader(conn)
 
-			conn.Write([]byte("GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"))
+			conn.Write([]byte("PRI * HTTP/2.0\r\nHost: example.com\r\n\r\n"))
 			resp, err := http.ReadResponse(respReader, nil)
 			Expect(err).ToNot(HaveOccurred())
 
@@ -64,14 +64,14 @@ var _ = Describe("Protocolcheck", func() {
 		})
 	})
 
-	Context("http 1.0", func() {
+	Context("http 1.1", func() {
 		It("passes the request through", func() {
 			conn, err := net.Dial("tcp", server.Addr())
 			defer conn.Close()
 			Expect(err).ToNot(HaveOccurred())
 			respReader := bufio.NewReader(conn)
 
-			conn.Write([]byte("GET / HTTP/1.0\r\nHost: example.com\r\n\r\n"))
+			conn.Write([]byte("GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"))
 			resp, err := http.ReadResponse(respReader, nil)
 			Expect(err).ToNot(HaveOccurred())
 
@@ -80,32 +80,34 @@ var _ = Describe("Protocolcheck", func() {
 		})
 	})
 
-	Context("unsupported versions of http", func() {
-		It("returns a 400 bad request", func() {
+	Context("http 1.0", func() {
+		It("passes the request through", func() {
 			conn, err := net.Dial("tcp", server.Addr())
+			defer conn.Close()
 			Expect(err).ToNot(HaveOccurred())
 			respReader := bufio.NewReader(conn)
 
-			conn.Write([]byte("GET / HTTP/1.5\r\nHost: example.com\r\n\r\n"))
+			conn.Write([]byte("GET / HTTP/1.0\r\nHost: example.com\r\n\r\n"))
 			resp, err := http.ReadResponse(respReader, nil)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(resp.StatusCode).To(Equal(http.StatusBadRequest))
 
-			Expect(nextCalled).To(BeFalse())
+			Expect(resp.StatusCode).To(Equal(200))
+			Expect(nextCalled).To(BeTrue())
 		})
 	})
 
-	Context("http2", func() {
+	Context("unsupported versions of http", func() {
 		It("returns a 400 bad request", func() {
 			conn, err := net.Dial("tcp", server.Addr())
 			Expect(err).ToNot(HaveOccurred())
 			respReader := bufio.NewReader(conn)
 
-			conn.Write([]byte("PRI * HTTP/2.0\r\nHost: example.com\r\n\r\n"))
-
+			conn.Write([]byte("GET / HTTP/1.5\r\nHost: example.com\r\n\r\n"))
 			resp, err := http.ReadResponse(respReader, nil)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(resp.StatusCode).To(Equal(http.StatusBadRequest))
+
+			Expect(nextCalled).To(BeFalse())
 		})
 	})
 })

integration/main_test.go

@@ -20,6 +20,8 @@ import (
 	"syscall"
 	"time"
 
+	"golang.org/x/net/http2"
+
 	tls_helpers "code.cloudfoundry.org/cf-routing-test-helpers/tls"
 	"code.cloudfoundry.org/gorouter/config"
 	"code.cloudfoundry.org/gorouter/mbus"
@@ -248,6 +250,51 @@ var _ = Describe("Router Integration", func() {
 		})
 	})
 
+	Describe("HTTP/2 traffic", func() {
+		var (
+			clientTLSConfig *tls.Config
+			mbusClient      *nats.Conn
+		)
+		BeforeEach(func() {
+			cfg, clientTLSConfig = createSSLConfig(statusPort, proxyPort, sslPort, natsPort)
+
+		})
+		JustBeforeEach(func() {
+			var err error
+			writeConfig(cfg, cfgFile)
+			mbusClient, err = newMessageBus(cfg)
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		It("serves HTTP/2 traffic", func() {
+			gorouterSession = startGorouterSession(cfgFile)
+			runningApp1 := test.NewGreetApp([]route.Uri{"test." + test_util.LocalhostDNS}, proxyPort, mbusClient, nil)
+			runningApp1.Register()
+			runningApp1.Listen()
+			routesUri := fmt.Sprintf("http://%s:%s@%s:%d/routes", cfg.Status.User, cfg.Status.Pass, localIP, statusPort)
+
+			heartbeatInterval := 200 * time.Millisecond
+			runningTicker := time.NewTicker(heartbeatInterval)
+			done := make(chan bool, 1)
+			defer func() { done <- true }()
+			go func() {
+				for {
+					select {
+					case <-runningTicker.C:
+						runningApp1.Register()
+					case <-done:
+						return
+					}
+				}
+			}()
+			Eventually(func() bool { return appRegistered(routesUri, runningApp1) }).Should(BeTrue())
+			client := &http.Client{Transport: &http2.Transport{TLSClientConfig: clientTLSConfig}}
+			resp, err := client.Get(fmt.Sprintf("https://test.%s:%d", test_util.LocalhostDNS, cfg.SSLPort))
+			Expect(err).ToNot(HaveOccurred())
+			Expect(resp.StatusCode).To(Equal(http.StatusOK))
+		})
+	})
+
 	Context("Drain", func() {
 
 		BeforeEach(func() {

proxy/proxy_test.go

@@ -74,6 +74,25 @@ var _ = Describe("Proxy", func() {
 			Expect(resp.StatusCode).To(Equal(http.StatusOK))
 		})
 
+		// FIt("responds to HTTP/2", func() {
+		// 	ln := test_util.RegisterHandler(r, "test", func(conn *test_util.HttpConn) {
+		// 		conn.CheckLine("GET / HTTP/2")
+
+		// 		conn.WriteResponse(test_util.NewResponse(http.StatusOK))
+		// 	})
+		// 	defer ln.Close()
+
+		// 	conn := dialProxy(proxyServer)
+
+		// 	conn.WriteLines([]string{
+		// 		"GET / HTTP/2",
+		// 		"Host: test",
+		// 	})
+
+		// 	resp, _ := conn.ReadResponse()
+		// 	Expect(resp.StatusCode).To(Equal(http.StatusOK))
+		// })
+
 		It("does not respond to unsupported HTTP versions", func() {
 			conn := dialProxy(proxyServer)
 

router/router.go

@@ -228,6 +228,7 @@ func (r *Router) serveHTTPS(server *http.Server, errChan chan error) error {
 	}
 
 	tlsConfig := &tls.Config{
+		NextProtos:   []string{"h2", "http/1.1"},
 		Certificates: r.config.SSLCertificates,
 		CipherSuites: r.config.CipherSuites,
 		MinVersion:   r.config.MinTLSVersion,

router/router_test.go

@@ -1350,6 +1350,59 @@ var _ = Describe("Router", func() {
 
 	})
 
+	Context("serving multiple http versions", func() {
+		var (
+			// cert []byte
+
+			rootCAs *x509.CertPool
+		)
+		BeforeEach(func() {
+			certChain := test_util.CreateSignedCertWithRootCA(test_util.CertNames{CommonName: "test." + test_util.LocalhostDNS})
+			config.CACerts = string(certChain.CACertPEM)
+			config.SSLCertificates = append(config.SSLCertificates, certChain.TLSCert())
+			// cert = certChain.CertPEM
+
+			rootCAs = x509.NewCertPool()
+			rootCAs.AddCert(certChain.CACert)
+		})
+
+		FIt("can serve HTTP/1.0 requests", func() {
+			tlsClientConfig := &tls.Config{
+				NextProtos: []string{"http/1.0"},
+				RootCAs:    rootCAs,
+			}
+			client := &http.Client{Transport: &http.Transport{
+				TLSClientConfig: tlsClientConfig,
+			}}
+
+			app := test.NewGreetApp([]route.Uri{"test." + test_util.LocalhostDNS}, config.Port, mbusClient, nil)
+			app.RegisterAndListen()
+			Eventually(func() bool {
+				return appRegistered(registry, app)
+			}).Should(BeTrue())
+
+			uri := fmt.Sprintf("https://test.%s:%d/", test_util.LocalhostDNS, config.SSLPort)
+			req, _ := http.NewRequest("GET", uri, nil)
+			req.Proto = "HTTP/1.0"
+
+			resp, err := client.Do(req)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(resp).ToNot(BeNil())
+
+			Expect(resp.Proto).To(Equal("HTTP/1.0"))
+			Expect(resp.StatusCode).To(Equal(http.StatusOK))
+
+			bytes, err := ioutil.ReadAll(resp.Body)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(bytes).To(ContainSubstring("Hello"))
+			defer resp.Body.Close()
+		})
+		It("can serve HTTP/1.1 requests", func() {
+		})
+		It("can serve HTTP/2.0 requests", func() {
+		})
+	})
+
 	Context("serving https", func() {
 		var (
 			cert []byte