net, grpc_support: Set NetworkIsolationKey from header

If BidirectionalStream request contains a -network-isolation-key
header, it is used to set the network isolation key of the stream.
The header itself is removed and not transmitted.

The header value should be a valid URL with different host and port
for each different network isolation key. Invalid header value is
reported by returning error from bidirectional_stream_start.

Network isolation takes effect only if it is enabled by experimental
option of

  "feature_list": {
    "enable-features": "PartitionConnectionsByNetworkIsolationKey"
  }
This commit is contained in:
klzgrad 2022-05-22 01:31:43 +08:00
parent 495771d38b
commit 1f98137564
2 changed files with 22 additions and 1 deletions

View File

@ -21,6 +21,7 @@
#include "net/base/io_buffer.h" #include "net/base/io_buffer.h"
#include "net/base/net_errors.h" #include "net/base/net_errors.h"
#include "net/base/request_priority.h" #include "net/base/request_priority.h"
#include "net/base/schemeful_site.h"
#include "net/http/bidirectional_stream.h" #include "net/http/bidirectional_stream.h"
#include "net/http/bidirectional_stream_request_info.h" #include "net/http/bidirectional_stream_request_info.h"
#include "net/http/http_network_session.h" #include "net/http/http_network_session.h"
@ -96,8 +97,20 @@ int BidirectionalStream::Start(const char* url,
request_info->priority = static_cast<net::RequestPriority>(priority); request_info->priority = static_cast<net::RequestPriority>(priority);
// Http method is a token, just as header name. // Http method is a token, just as header name.
request_info->method = method; request_info->method = method;
if (!net::HttpUtil::IsValidHeaderName(request_info->method)) if (!net::HttpUtil::IsValidHeaderName(request_info->method)) {
LOG(ERROR) << "Invalid method " << request_info->method;
return -1; return -1;
}
std::string network_isolation_key_header;
if (headers.GetHeader("-network-isolation-key",
&network_isolation_key_header)) {
net::SchemefulSite site(GURL{network_isolation_key_header});
if (site.opaque()) {
LOG(ERROR) << "Invalid -network-isolation-key "
<< network_isolation_key_header;
return -1;
}
}
request_info->extra_headers.CopyFrom(headers); request_info->extra_headers.CopyFrom(headers);
request_info->end_stream_on_headers = end_of_stream; request_info->end_stream_on_headers = end_of_stream;
write_end_of_stream_ = end_of_stream; write_end_of_stream_ = end_of_stream;

View File

@ -205,6 +205,14 @@ void BidirectionalStream::StartRequest(const SSLConfig& ssl_config) {
HttpRequestInfo http_request_info; HttpRequestInfo http_request_info;
http_request_info.url = request_info_->url; http_request_info.url = request_info_->url;
http_request_info.method = request_info_->method; http_request_info.method = request_info_->method;
std::string network_isolation_key_header;
if (request_info_->extra_headers.GetHeader("-network-isolation-key",
&network_isolation_key_header)) {
request_info_->extra_headers.RemoveHeader("-network-isolation-key");
net::SchemefulSite site(GURL{network_isolation_key_header});
CHECK(!site.opaque());
http_request_info.network_isolation_key = NetworkIsolationKey(site, site);
}
http_request_info.extra_headers = request_info_->extra_headers; http_request_info.extra_headers = request_info_->extra_headers;
http_request_info.socket_tag = request_info_->socket_tag; http_request_info.socket_tag = request_info_->socket_tag;
stream_request_ = stream_request_ =