HTTP/2 support
HTTP/2 gives a number of optimizations, while keeping support for the
protocol. HTTP/2 support was recently added to the Redfish
specification. The largest performance increase in bmc usage is likely
header compression. Almost all requests reuse the same header values,
so the hpack based compression scheme in HTTP/2 allows OpenBMC to be
more efficient as a transport, and has the potential to significantly
reduce the number of bytes we're sending on the wire.
This commit adds HTTP2 support to bmcweb through nghttp2 library. When
static linked into bmcweb, this support adds 53.4KB to the bmcweb binary
size. nghttp2 is available in meta-oe already.
Given the experimental nature of this option, it is added under the
meson option "experimental-http2" and disabled by default. The hope is
to enable it at some point in the future.
To accomplish the above, there a new class, HTTP2Connection is created.
This is intended to isolate HTTP/2 connections code from HttpConnection
such that it is far less likely to cause bugs, although it does
duplicate about 20 lines of code (async_read_some, async_write_some,
buffers, etc). This seems worth it for the moment.
In a similar way to Websockets, when an HTTP/2 connection is detected
through ALPN, the HTTP2Connection class will be instantiated, and the
socket object passed to it, thus allowing the Connection class to be
destroyed, and the HTTP2Connection to take over for the user.
Tested: Redfish service validator passes with option enabled
With option disabled
GET /redfish/v1 in curl shows ALPN non negotiation, and fallback to
http1.1
With the option enable
GET /redfish/v1 in curl shows ALPN negotiates to HTTP2
Change-Id: I7839e457e0ba918b0695e04babddd0925ed3383c
Signed-off-by: Ed Tanous <edtanous@google.com>
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index db61db9..0794fdc 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -3,6 +3,10 @@
#include "logging.hpp"
#include "random.hpp"
+extern "C"
+{
+#include <nghttp2/nghttp2.h>
+}
#include <openssl/bio.h>
#include <openssl/dh.h>
#include <openssl/dsa.h>
@@ -423,6 +427,36 @@
}
}
+inline int nextProtoCallback(SSL* /*unused*/, const unsigned char** data,
+ unsigned int* len, void* /*unused*/)
+{
+ // First byte is the length.
+ constexpr std::string_view h2 = "\x02h2";
+ *data = std::bit_cast<const unsigned char*>(h2.data());
+ *len = static_cast<unsigned int>(h2.size());
+ return SSL_TLSEXT_ERR_OK;
+}
+
+inline int alpnSelectProtoCallback(SSL* /*unused*/, const unsigned char** out,
+ unsigned char* outlen,
+ const unsigned char* in, unsigned int inlen,
+ void* /*unused*/)
+{
+ // There's a mismatch in constness for nghttp2_select_next_protocol. The
+ // examples in nghttp2 don't show this problem. Unclear what the right fix
+ // is here.
+
+ // NOLINTNEXTLINE(cppcoreguidelines-pro-type-const-cast)
+ unsigned char** outNew = const_cast<unsigned char**>(out);
+ int rv = nghttp2_select_next_protocol(outNew, outlen, in, inlen);
+ if (rv != 1)
+ {
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ return SSL_TLSEXT_ERR_OK;
+}
+
inline std::shared_ptr<boost::asio::ssl::context>
getSslContext(const std::string& sslPemFile)
{
@@ -450,6 +484,14 @@
mSslContext->use_private_key_file(sslPemFile,
boost::asio::ssl::context::pem);
+ if constexpr (bmcwebEnableHTTP2)
+ {
+ SSL_CTX_set_next_protos_advertised_cb(mSslContext->native_handle(),
+ nextProtoCallback, nullptr);
+
+ SSL_CTX_set_alpn_select_cb(mSslContext->native_handle(),
+ alpnSelectProtoCallback, nullptr);
+ }
// Set up EC curves to auto (boost asio doesn't have a method for this)
// There is a pull request to add this. Once this is included in an asio
// drop, use the right way