-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe CONNECT method #100
Conversation
used with HTTP proxies to establish a TLS session with an origin server for the | ||
purposes of interacting with "https" resources. In HTTP/2, the CONNECT method is | ||
used to establish a tunnel over a single HTTP/2 stream to a remote host for | ||
similar purposes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably needs to use QUIC rather than HTTP/2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was intentional: "HTTP/1.1 does this; HTTP/2 does this. Here's how it works in HTTP/QUIC:" If that's not clear, any suggestions on how to improve it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would move the second sentence to be the first, this establishes the purpose. Then you can say how: In HTTP/1.x, CONNECT is used to convert an entire connection into a tunnel to a remote host; in HTTP/2 a single stream is converted into a tunnel.
Then the rest flows naturally.
series status code to the client, as defined in {{!RFC7231}}, Section 4.3.6, on | ||
the message control stream. | ||
|
||
All activity on the message data stream corresponds to data sent on the TCP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/activity/STREAM frames sent/
the message control stream. | ||
|
||
All activity on the message data stream corresponds to data sent on the TCP | ||
connection. Any data sent by the client is transmitted by the proxy to the TCP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any STREAM frame
data stream, the proxy will set the FIN bit on its connection to the TCP server. | ||
When the proxy receives a packet with the FIN bit set, it will half-close the | ||
corresponding data stream. Note that the size and number of TCP segments is not | ||
guaranteed to map predictably to the size and number of QUIC STREAM frames. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Move this last sentence to the previous paragraph.
used with HTTP proxies to establish a TLS session with an origin server for the | ||
purposes of interacting with "https" resources. In HTTP/2, the CONNECT method is | ||
used to establish a tunnel over a single HTTP/2 stream to a remote host for | ||
similar purposes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would move the second sentence to be the first, this establishes the purpose. Then you can say how: In HTTP/1.x, CONNECT is used to convert an entire connection into a tunnel to a remote host; in HTTP/2 a single stream is converted into a tunnel.
Then the rest flows naturally.
The TCP connection can be closed by either peer. When the client half-closes the | ||
data stream, the proxy will set the FIN bit on its connection to the TCP server. | ||
When the proxy receives a packet with the FIN bit set, it will half-close the | ||
corresponding data stream. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I realize now that there is a hole in the definition in h2: when the TCP server sends a packet with the FIN bit, the proxy needs to forward this to the client. This isn't a RST_STREAM it's a stream half-close. The expectation is that the client also respond to the half-close, but we don't say that the client MUST close. I think we should.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Half-closed TCP connections with ongoing data are valid, albeit rare. I'm ambivalent about excluding them from the use of CONNECT.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think @MikeBishop is right.. should probably also call this out for the reader's attention
For #95; uses HTTP_CONNECT_ERROR error code out of #96, but is otherwise independent. Can be fixed up to correspond with whatever we decide to do there.