-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP2 over Unix Domain Sockets requires :authority
header
#32326
Comments
According to RFC7540, either Node.JS currently forbids the |
Okay, I've investigated a bit more and it seems like it's failing because the go-client sets I guess NodeJS is following the spec. It's just a bit pitty but I guess it's nothing node can reasonably do 😭 |
Since there is no standard for how to do HTTP/2 on UDS, maybe we could exceptionally (for UDS only) allow It would break applications that forward requests to a regular TCP session, among other things. I'm not sure it's a good idea. |
I mean, it's not that UDS is just unspecified, but the rfc defines it to specifically be over TCP, I believe:
This is similar to how the new HTTP/3 is defined to be over QUIC, but differs from HTTP/1 which says any reliable transport. (All of the above is just my own understanding of the specs) |
AFAIK, |
Ultimately, the thing in question here is the authority. It sounds like you are saying the authority would be the same, as you are saying the only difference between UDS and TCP is the actual carrier. So should the authority for UDS be |
Yes, I think so. |
Yea, that is what I'm kind of thinking too. The HTTP/2 is pretty specific about what is allowed in the |
UDS has stream semantics, but shouldn't use TCP at all. |
can you better qualify if you mean the first, can you point me to a doc that says so? when I checked, all the life cycle management functions of UDS invoke the |
@gireeshpunathil However, I don’t know how much code is shared between the TCP and Unix domain socket streams implementations in kernels, but I can’t imagine it’s much given how much more complex TCP is, and @mildsunrise knows better than me anyway. |
Yes... in fact UDS skips the whole network stack (interfaces, firewall, routing, traffic control, etc). They're more like a FIFO once the connection is established, AFAIK. |
Could anybody give me pointers as to where I would need to start if I want to temporarily support this anyway in a fork? (Given this will take a long while to be fixed in upstream go grpc library, let alone kubernetes, we're probably speaking > 1 year before we can use normal node, so in between a fork might be useful, but I wouldn't know where to start) |
It shouldn't take greater than a year for Node.js to fix an interop problem with go. I think what's needed is just a plan of what to do. Worst/most-complex case, node could have a go-compatible but standard non-conformant behaviour that was enabled with either a http2 runtime option or CLI/env var setting. |
That would be awesome. This is the actual bug in grpc-go (grpc/grpc-go#2628). The problem is that they send the file path as authority header with the slashes in it which is not a valid header, so node should accept this in this mode. Potentially this mode could be automatically enabled for UDS (which doesn't seem to have a real spec anyway) |
What steps will reproduce the bug?
It seems that opening an HTTP2 server over unix domain sockets requires the
:authority
header to be set tolocalhost
. However this breaksgrpc
as most implementations don't send that headerSee also https://github.com/entropitor/grpc-js-bug-258
When adding
-authority localhost
to the unix one, it works:How often does it reproduce? Is there a required condition?
Always
What is the expected behavior?
The
-authority
flag / header should not be passedWhat do you see instead?
A connection reset because the authority header is not passed
Additional information
See also ticket grpc/grpc-node#258 (comment)
The text was updated successfully, but these errors were encountered: