From 3228da90be742b1b09d9f231c4f0699f043efa76 Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 14 Jun 2024 16:46:13 +0200 Subject: [PATCH 01/10] Switch to http2 --- fleetspeak/src/client/https/https.go | 6 ++++-- fleetspeak/src/client/https/streaming.go | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index 6fd3a7ef..c70e9212 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -36,6 +36,8 @@ import ( "github.com/google/fleetspeak/fleetspeak/src/client/comms" "github.com/google/fleetspeak/fleetspeak/src/client/stats" "github.com/google/fleetspeak/fleetspeak/src/common" + + "golang.org/x/net/http2" ) const ( @@ -45,7 +47,7 @@ const ( closeWaitThreshold = 30 * time.Second // Matches IdleTimeout in server/https. ) -func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, addr string) (net.Conn, error)) (common.ClientID, *http.Transport, []byte, error) { +func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, addr string) (net.Conn, error)) (common.ClientID, *http2.Transport, []byte, error) { ci, err := cctx.CurrentIdentity() if err != nil { return common.ClientID{}, nil, nil, err @@ -92,7 +94,7 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add proxy = http.ProxyURL(si.Proxy) } - return ci.ID, &http.Transport{ + return ci.ID, &http2.Transport{ Proxy: proxy, TLSClientConfig: &tls.Config{ RootCAs: si.TrustedCerts, diff --git a/fleetspeak/src/client/https/streaming.go b/fleetspeak/src/client/https/streaming.go index 6c7066ca..b7630252 100644 --- a/fleetspeak/src/client/https/streaming.go +++ b/fleetspeak/src/client/https/streaming.go @@ -339,6 +339,7 @@ func (c *StreamingCommunicator) connect(ctx context.Context, host string, maxLif c.cctx.Stats().OutboundContactData(host, len(buf), err) return fail(err) } + log.V(2).Infof("-------------> POST to %v succeeded with status: %v and protocol: %v", host, resp.StatusCode, resp.Proto) c.cctx.Stats().OutboundContactData(host, len(buf), nil) body := bufio.NewReader(resp.Body) cd, err := ret.readContact(body) From fdddae68a1a214724e27121aa9f65219abc4b53f Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 14 Jun 2024 17:10:58 +0200 Subject: [PATCH 02/10] Fix http2 transport gen --- fleetspeak/src/client/https/https.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index c70e9212..ca298a9d 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -47,7 +47,7 @@ const ( closeWaitThreshold = 30 * time.Second // Matches IdleTimeout in server/https. ) -func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, addr string) (net.Conn, error)) (common.ClientID, *http2.Transport, []byte, error) { +func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, addr string) (net.Conn, error)) (common.ClientID, *http.Transport, []byte, error) { ci, err := cctx.CurrentIdentity() if err != nil { return common.ClientID{}, nil, nil, err @@ -94,7 +94,7 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add proxy = http.ProxyURL(si.Proxy) } - return ci.ID, &http2.Transport{ + tr := &http.Transport{ Proxy: proxy, TLSClientConfig: &tls.Config{ RootCAs: si.TrustedCerts, @@ -112,12 +112,16 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, VerifyPeerCertificate: cv, ServerName: si.ServerName, + NextProtos: []string{"h2", "http/1.1"}, }, MaxIdleConns: 10, DialContext: dc, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, - }, certBytes, nil + } + + err = http2.ConfigureTransport(tr) + return ci.ID, tr, certBytes, err } // jitter adds up to 50% random jitter, and converts to time.Duration. From 7411ed93a373cfc98fd58be2f2c10ec27b40345a Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 13:39:28 +0200 Subject: [PATCH 03/10] Adds preferHttp transport config --- fleetspeak/src/client/comms.go | 1 + fleetspeak/src/client/comms/comms.go | 3 +++ fleetspeak/src/client/config/config.go | 3 +++ .../proto/fleetspeak_client_generic/config.proto | 3 +++ fleetspeak/src/client/https/https.go | 13 +++++++++++-- fleetspeak/src/client/https/streaming.go | 2 +- 6 files changed, 22 insertions(+), 3 deletions(-) diff --git a/fleetspeak/src/client/comms.go b/fleetspeak/src/client/comms.go index 6ab2fd28..bb2ad757 100644 --- a/fleetspeak/src/client/comms.go +++ b/fleetspeak/src/client/comms.go @@ -158,6 +158,7 @@ func (c commsContext) ServerInfo() (comms.ServerInfo, error) { Proxy: cfg.Proxy, ClientCertificateHeader: cfg.ClientCertificateHeader, ServerName: cfg.ServerName, + PreferHttp2: cfg.PreferHttp2, }, nil } diff --git a/fleetspeak/src/client/comms/comms.go b/fleetspeak/src/client/comms/comms.go index 57dd9476..3ed79507 100644 --- a/fleetspeak/src/client/comms/comms.go +++ b/fleetspeak/src/client/comms/comms.go @@ -83,6 +83,9 @@ type ServerInfo struct { // If set, used for SNI and certificate validation. ServerName string + + // If true, then prefer HTTP2 Transport + PreferHttp2 bool } // A Context describes the view of the Fleetspeak client provided to a Communicator. diff --git a/fleetspeak/src/client/config/config.go b/fleetspeak/src/client/config/config.go index 916d1b7b..2878a6f5 100644 --- a/fleetspeak/src/client/config/config.go +++ b/fleetspeak/src/client/config/config.go @@ -79,6 +79,9 @@ type Configuration struct { // This should be used if TLS is terminated at the load balancer and client certificates // can be passed upstream to the fleetspeak server as an http header. ClientCertificateHeader string + + // If true, then prefer comms with HTTP2 Transport + PreferHttp2 bool } // PersistenceHandler manages client's configuration storage. diff --git a/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto b/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto index 9a52f970..ca3bbd92 100644 --- a/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto +++ b/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto @@ -38,6 +38,9 @@ message Config { // If set, used for SNI and certificate validation. string server_name = 9; + + // If set, the client will prefer HTTP as a Transport + bool prefer_http2 = 10; } message FilesystemHandler { diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index ca298a9d..19e5ac7a 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -94,6 +94,13 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add proxy = http.ProxyURL(si.Proxy) } + // We'll make the Transport configurable so we can be both backwards compatible but also forward looking + nextProtos := []string{"http/1.1"} + preferHttp2 := si.PreferHttp2 + if preferHttp2 { + nextProtos = []string{"h2", "http/1.1"} + } + tr := &http.Transport{ Proxy: proxy, TLSClientConfig: &tls.Config{ @@ -112,7 +119,7 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, VerifyPeerCertificate: cv, ServerName: si.ServerName, - NextProtos: []string{"h2", "http/1.1"}, + NextProtos: nextProtos, }, MaxIdleConns: 10, DialContext: dc, @@ -120,7 +127,9 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add ExpectContinueTimeout: 1 * time.Second, } - err = http2.ConfigureTransport(tr) + if preferHttp2 { + err = http2.ConfigureTransport(tr) + } return ci.ID, tr, certBytes, err } diff --git a/fleetspeak/src/client/https/streaming.go b/fleetspeak/src/client/https/streaming.go index b7630252..eb9b2b2e 100644 --- a/fleetspeak/src/client/https/streaming.go +++ b/fleetspeak/src/client/https/streaming.go @@ -339,7 +339,7 @@ func (c *StreamingCommunicator) connect(ctx context.Context, host string, maxLif c.cctx.Stats().OutboundContactData(host, len(buf), err) return fail(err) } - log.V(2).Infof("-------------> POST to %v succeeded with status: %v and protocol: %v", host, resp.StatusCode, resp.Proto) + log.Infof("POST to %v succeeded with status: %v and protocol: %v", host, resp.StatusCode, resp.Proto) c.cctx.Stats().OutboundContactData(host, len(buf), nil) body := bufio.NewReader(resp.Body) cd, err := ret.readContact(body) From 8bd873985a712245a0a08ea7ad6cf7fd763c9861 Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 14:22:38 +0200 Subject: [PATCH 04/10] Add debug output --- fleetspeak/src/client/comms.go | 2 ++ fleetspeak/src/client/https/https.go | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/fleetspeak/src/client/comms.go b/fleetspeak/src/client/comms.go index bb2ad757..47c1e5fe 100644 --- a/fleetspeak/src/client/comms.go +++ b/fleetspeak/src/client/comms.go @@ -152,6 +152,8 @@ func (c commsContext) CurrentIdentity() (comms.ClientIdentity, error) { func (c commsContext) ServerInfo() (comms.ServerInfo, error) { cfg := c.c.config.Configuration() + log.Infof("--------------------- PreferHttp2: %t", cfg.PreferHttp2) + return comms.ServerInfo{ TrustedCerts: cfg.TrustedCerts, Servers: cfg.Servers, diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index 19e5ac7a..34fc6fc9 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -38,6 +38,8 @@ import ( "github.com/google/fleetspeak/fleetspeak/src/common" "golang.org/x/net/http2" + + log "github.com/golang/glog" ) const ( @@ -97,9 +99,13 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add // We'll make the Transport configurable so we can be both backwards compatible but also forward looking nextProtos := []string{"http/1.1"} preferHttp2 := si.PreferHttp2 + log.Infof("---------- got preferHttp2:", %t) if preferHttp2 { + log.Infof("---------- preferHttp2 is:", %t) nextProtos = []string{"h2", "http/1.1"} - } + } else { + log.Infof("---------- preferHttp2 is:", %t) + } tr := &http.Transport{ Proxy: proxy, @@ -128,6 +134,7 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add } if preferHttp2 { + log.Infof("---------- running http2.configureTransport because preferHttp2 is:", %t) err = http2.ConfigureTransport(tr) } return ci.ID, tr, certBytes, err From e627c9d57a1650595799ab2810dfae4771fa37fb Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 14:31:03 +0200 Subject: [PATCH 05/10] Fixes formatting string --- fleetspeak/src/client/https/https.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index 34fc6fc9..2f0fd485 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -99,12 +99,12 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add // We'll make the Transport configurable so we can be both backwards compatible but also forward looking nextProtos := []string{"http/1.1"} preferHttp2 := si.PreferHttp2 - log.Infof("---------- got preferHttp2:", %t) + log.Infof("---------- got preferHttp2: %t", preferHttp2) if preferHttp2 { - log.Infof("---------- preferHttp2 is:", %t) + log.Infof("---------- preferHttp2 is: %t", preferHttp2) nextProtos = []string{"h2", "http/1.1"} } else { - log.Infof("---------- preferHttp2 is:", %t) + log.Infof("---------- preferHttp2 is: %t", preferHttp2) } tr := &http.Transport{ @@ -134,7 +134,7 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add } if preferHttp2 { - log.Infof("---------- running http2.configureTransport because preferHttp2 is:", %t) + log.Infof("---------- running http2.configureTransport because preferHttp2 is: %t", preferHttp2) err = http2.ConfigureTransport(tr) } return ci.ID, tr, certBytes, err From 11fe2cb042b06de5c886c3f48bcc6dad1fdd90ee Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 14:46:17 +0200 Subject: [PATCH 06/10] Copy prefer_http2 from config --- fleetspeak/src/client/generic/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/fleetspeak/src/client/generic/config.go b/fleetspeak/src/client/generic/config.go index bbe17e48..c2f02ed2 100644 --- a/fleetspeak/src/client/generic/config.go +++ b/fleetspeak/src/client/generic/config.go @@ -79,5 +79,6 @@ func MakeConfiguration(cfg *gpb.Config) (config.Configuration, error) { Proxy: proxy, ClientCertificateHeader: cfg.ClientCertificateHeader, ServerName: cfg.ServerName, + PreferHttp2: cfg.PreferHttp2, }, nil } From 1d2010521bc52d6e2f3e8daa20ced20ea9acaa18 Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 15:08:55 +0200 Subject: [PATCH 07/10] Updates envoy and config.textproto for all sandboxes --- .../config/fleetspeak-client/config.textproto | 1 + sandboxes/cleartext-header-mode/envoy-https-http.yaml | 1 + .../config/fleetspeak-client/config.textproto | 1 + sandboxes/cleartext-xfcc-mode/envoy-https-http.yaml | 1 + .../direct-mtls-mode/config/fleetspeak-client/config.textproto | 1 + .../https-header-mode/config/fleetspeak-client/config.textproto | 1 + sandboxes/https-header-mode/envoy-https-https.yaml | 1 + .../passthrough-mode/config/fleetspeak-client/config.textproto | 1 + 8 files changed, 8 insertions(+) diff --git a/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto b/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto index bfbabd54..db6fac8e 100644 --- a/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto @@ -7,3 +7,4 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true +prefer_http2:true diff --git a/sandboxes/cleartext-header-mode/envoy-https-http.yaml b/sandboxes/cleartext-header-mode/envoy-https-http.yaml index d4e3b67a..64ba5c7f 100644 --- a/sandboxes/cleartext-header-mode/envoy-https-http.yaml +++ b/sandboxes/cleartext-header-mode/envoy-https-http.yaml @@ -80,6 +80,7 @@ static_resources: common_tls_context: validation_context: trust_chain_verification: ACCEPT_UNTRUSTED + alpn_protocols: ["h2,http/1.1"] tls_certificates: # The following self-signed certificate pair is generated using: # $ openssl req -x509 -newkey rsa:2048 -keyout a/front-proxy-key.pem -out a/front-proxy-crt.pem -days 3650 -nodes -subj '/CN=front-envoy' diff --git a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto index b6643133..e4db05d2 100644 --- a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto @@ -6,3 +6,4 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true +prefer_http2:true diff --git a/sandboxes/cleartext-xfcc-mode/envoy-https-http.yaml b/sandboxes/cleartext-xfcc-mode/envoy-https-http.yaml index fafb0822..46551027 100644 --- a/sandboxes/cleartext-xfcc-mode/envoy-https-http.yaml +++ b/sandboxes/cleartext-xfcc-mode/envoy-https-http.yaml @@ -47,6 +47,7 @@ static_resources: common_tls_context: validation_context: trust_chain_verification: ACCEPT_UNTRUSTED + alpn_protocols: ["h2,http/1.1"] tls_certificates: # The following self-signed certificate pair is generated using: # $ openssl req -x509 -newkey rsa:2048 -keyout a/front-proxy-key.pem -out a/front-proxy-crt.pem -days 3650 -nodes -subj '/CN=front-envoy' diff --git a/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto b/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto index b6b6fe34..84b6e656 100644 --- a/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto @@ -6,3 +6,4 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true +prefer_http2:true diff --git a/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto b/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto index bfbabd54..db6fac8e 100644 --- a/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto @@ -7,3 +7,4 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true +prefer_http2:true diff --git a/sandboxes/https-header-mode/envoy-https-https.yaml b/sandboxes/https-header-mode/envoy-https-https.yaml index 077446c7..69894521 100644 --- a/sandboxes/https-header-mode/envoy-https-https.yaml +++ b/sandboxes/https-header-mode/envoy-https-https.yaml @@ -80,6 +80,7 @@ static_resources: common_tls_context: validation_context: trust_chain_verification: ACCEPT_UNTRUSTED + alpn_protocols: ["h2,http/1.1"] tls_certificates: # The following self-signed certificate pair is generated using: # $ openssl req -x509 -newkey rsa:2048 -keyout a/front-proxy-key.pem -out a/front-proxy-crt.pem -days 3650 -nodes -subj '/CN=front-envoy' diff --git a/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto b/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto index 269bf9d9..3c46e519 100644 --- a/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto @@ -6,3 +6,4 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true +prefer_http2:true From 708362bac920e177c927afc6f1c9baaf4741c7cf Mon Sep 17 00:00:00 2001 From: Dan Aschwanden Date: Fri, 21 Jun 2024 15:33:38 +0200 Subject: [PATCH 08/10] Remove unrequired log lines --- fleetspeak/src/client/comms.go | 2 -- fleetspeak/src/client/https/https.go | 7 ------- 2 files changed, 9 deletions(-) diff --git a/fleetspeak/src/client/comms.go b/fleetspeak/src/client/comms.go index 47c1e5fe..bb2ad757 100644 --- a/fleetspeak/src/client/comms.go +++ b/fleetspeak/src/client/comms.go @@ -152,8 +152,6 @@ func (c commsContext) CurrentIdentity() (comms.ClientIdentity, error) { func (c commsContext) ServerInfo() (comms.ServerInfo, error) { cfg := c.c.config.Configuration() - log.Infof("--------------------- PreferHttp2: %t", cfg.PreferHttp2) - return comms.ServerInfo{ TrustedCerts: cfg.TrustedCerts, Servers: cfg.Servers, diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index 2f0fd485..ec171735 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -38,8 +38,6 @@ import ( "github.com/google/fleetspeak/fleetspeak/src/common" "golang.org/x/net/http2" - - log "github.com/golang/glog" ) const ( @@ -99,12 +97,8 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add // We'll make the Transport configurable so we can be both backwards compatible but also forward looking nextProtos := []string{"http/1.1"} preferHttp2 := si.PreferHttp2 - log.Infof("---------- got preferHttp2: %t", preferHttp2) if preferHttp2 { - log.Infof("---------- preferHttp2 is: %t", preferHttp2) nextProtos = []string{"h2", "http/1.1"} - } else { - log.Infof("---------- preferHttp2 is: %t", preferHttp2) } tr := &http.Transport{ @@ -134,7 +128,6 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add } if preferHttp2 { - log.Infof("---------- running http2.configureTransport because preferHttp2 is: %t", preferHttp2) err = http2.ConfigureTransport(tr) } return ci.ID, tr, certBytes, err From 54ba6f00d2a9a4c863337213cfb36c2c9358fcf1 Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 28 Jun 2024 14:08:53 +0000 Subject: [PATCH 09/10] Incorporates reviewer feedback --- fleetspeak/src/client/comms.go | 1 - fleetspeak/src/client/comms/comms.go | 3 -- fleetspeak/src/client/config/config.go | 3 -- fleetspeak/src/client/generic/config.go | 1 - .../fleetspeak_client_generic/config.proto | 3 -- fleetspeak/src/client/https/https.go | 5 ++- fleetspeak/src/client/https/streaming.go | 2 +- .../proto/fleetspeak_client/client.pb.go | 43 ++++++++++++------- .../proto/fleetspeak_client/client.proto | 3 ++ .../config/fleetspeak-client/communicator.txt | 1 + .../config/fleetspeak-client/communicator.txt | 1 + .../config/fleetspeak-client/communicator.txt | 1 + .../config/fleetspeak-client/communicator.txt | 1 + .../config/fleetspeak-client/communicator.txt | 1 + 14 files changed, 40 insertions(+), 29 deletions(-) diff --git a/fleetspeak/src/client/comms.go b/fleetspeak/src/client/comms.go index bb2ad757..6ab2fd28 100644 --- a/fleetspeak/src/client/comms.go +++ b/fleetspeak/src/client/comms.go @@ -158,7 +158,6 @@ func (c commsContext) ServerInfo() (comms.ServerInfo, error) { Proxy: cfg.Proxy, ClientCertificateHeader: cfg.ClientCertificateHeader, ServerName: cfg.ServerName, - PreferHttp2: cfg.PreferHttp2, }, nil } diff --git a/fleetspeak/src/client/comms/comms.go b/fleetspeak/src/client/comms/comms.go index 3ed79507..57dd9476 100644 --- a/fleetspeak/src/client/comms/comms.go +++ b/fleetspeak/src/client/comms/comms.go @@ -83,9 +83,6 @@ type ServerInfo struct { // If set, used for SNI and certificate validation. ServerName string - - // If true, then prefer HTTP2 Transport - PreferHttp2 bool } // A Context describes the view of the Fleetspeak client provided to a Communicator. diff --git a/fleetspeak/src/client/config/config.go b/fleetspeak/src/client/config/config.go index 2878a6f5..916d1b7b 100644 --- a/fleetspeak/src/client/config/config.go +++ b/fleetspeak/src/client/config/config.go @@ -79,9 +79,6 @@ type Configuration struct { // This should be used if TLS is terminated at the load balancer and client certificates // can be passed upstream to the fleetspeak server as an http header. ClientCertificateHeader string - - // If true, then prefer comms with HTTP2 Transport - PreferHttp2 bool } // PersistenceHandler manages client's configuration storage. diff --git a/fleetspeak/src/client/generic/config.go b/fleetspeak/src/client/generic/config.go index c2f02ed2..bbe17e48 100644 --- a/fleetspeak/src/client/generic/config.go +++ b/fleetspeak/src/client/generic/config.go @@ -79,6 +79,5 @@ func MakeConfiguration(cfg *gpb.Config) (config.Configuration, error) { Proxy: proxy, ClientCertificateHeader: cfg.ClientCertificateHeader, ServerName: cfg.ServerName, - PreferHttp2: cfg.PreferHttp2, }, nil } diff --git a/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto b/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto index ca3bbd92..9a52f970 100644 --- a/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto +++ b/fleetspeak/src/client/generic/proto/fleetspeak_client_generic/config.proto @@ -38,9 +38,6 @@ message Config { // If set, used for SNI and certificate validation. string server_name = 9; - - // If set, the client will prefer HTTP as a Transport - bool prefer_http2 = 10; } message FilesystemHandler { diff --git a/fleetspeak/src/client/https/https.go b/fleetspeak/src/client/https/https.go index ec171735..964ffac6 100644 --- a/fleetspeak/src/client/https/https.go +++ b/fleetspeak/src/client/https/https.go @@ -96,7 +96,10 @@ func makeTransport(cctx comms.Context, dc func(ctx context.Context, network, add // We'll make the Transport configurable so we can be both backwards compatible but also forward looking nextProtos := []string{"http/1.1"} - preferHttp2 := si.PreferHttp2 + preferHttp2 := false + if cctx.CommunicatorConfig() != nil { + preferHttp2 = cctx.CommunicatorConfig().PreferHttp2 + } if preferHttp2 { nextProtos = []string{"h2", "http/1.1"} } diff --git a/fleetspeak/src/client/https/streaming.go b/fleetspeak/src/client/https/streaming.go index f2d528c5..536f37bd 100644 --- a/fleetspeak/src/client/https/streaming.go +++ b/fleetspeak/src/client/https/streaming.go @@ -345,7 +345,7 @@ func (c *StreamingCommunicator) connect(ctx context.Context, host string, maxLif c.cctx.Stats().OutboundContactData(host, len(buf), err) return fail(err) } - log.Infof("POST to %v succeeded with status: %v and protocol: %v", host, resp.StatusCode, resp.Proto) + log.V(2).Infof("POST to %v succeeded with status: %v and protocol: %v", host, resp.StatusCode, resp.Proto) c.cctx.Stats().OutboundContactData(host, len(buf), nil) body := bufio.NewReader(resp.Body) cd, err := ret.readContact(body) diff --git a/fleetspeak/src/client/proto/fleetspeak_client/client.pb.go b/fleetspeak/src/client/proto/fleetspeak_client/client.pb.go index 104c56d5..5b2b1d04 100644 --- a/fleetspeak/src/client/proto/fleetspeak_client/client.pb.go +++ b/fleetspeak/src/client/proto/fleetspeak_client/client.pb.go @@ -52,6 +52,8 @@ type CommunicatorConfig struct { // // No compression is applied if unset. Compression fleetspeak.CompressionAlgorithm `protobuf:"varint,6,opt,name=compression,proto3,enum=fleetspeak.CompressionAlgorithm" json:"compression,omitempty"` + // If set, the client will prefer comms with HTTP2 Transport + PreferHttp2 bool `protobuf:"varint,7,opt,name=prefer_http2,json=preferHttp2,proto3" json:"prefer_http2,omitempty"` } func (x *CommunicatorConfig) Reset() { @@ -121,6 +123,13 @@ func (x *CommunicatorConfig) GetCompression() fleetspeak.CompressionAlgorithm { return fleetspeak.CompressionAlgorithm(0) } +func (x *CommunicatorConfig) GetPreferHttp2() bool { + if x != nil { + return x.PreferHttp2 + } + return false +} + // ClientState contains the state of the client which should be persisted across // restarts. type ClientState struct { @@ -202,7 +211,7 @@ var file_fleetspeak_src_client_proto_fleetspeak_client_client_proto_rawDesc = [] 0x33, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc2, 0x02, 0x0a, 0x12, 0x43, 0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe5, 0x02, 0x0a, 0x12, 0x43, 0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x33, 0x0a, 0x16, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x6d, 0x61, 0x78, @@ -222,21 +231,23 @@ var file_fleetspeak_src_client_proto_fleetspeak_client_client_proto_rawDesc = [] 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x0b, 0x63, 0x6f, - 0x6d, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x89, 0x01, 0x0a, 0x0b, 0x43, 0x6c, - 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x65, 0x71, 0x75, - 0x65, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x0f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x4e, 0x6f, - 0x6e, 0x63, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, - 0x0c, 0x52, 0x12, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x53, 0x65, - 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, - 0x73, 0x70, 0x65, 0x61, 0x6b, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, - 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x5f, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6d, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x72, 0x65, + 0x66, 0x65, 0x72, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x32, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0b, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x48, 0x74, 0x74, 0x70, 0x32, 0x22, 0x89, 0x01, 0x0a, + 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x29, 0x0a, 0x10, 0x73, + 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x69, 0x6e, + 0x67, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x08, + 0x20, 0x03, 0x28, 0x0c, 0x52, 0x12, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, + 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x42, 0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x66, 0x6c, + 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, + 0x65, 0x61, 0x6b, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x66, 0x6c, 0x65, 0x65, 0x74, 0x73, 0x70, 0x65, 0x61, 0x6b, 0x5f, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/fleetspeak/src/client/proto/fleetspeak_client/client.proto b/fleetspeak/src/client/proto/fleetspeak_client/client.proto index 96fa7d94..7ecdf1dc 100644 --- a/fleetspeak/src/client/proto/fleetspeak_client/client.proto +++ b/fleetspeak/src/client/proto/fleetspeak_client/client.proto @@ -37,6 +37,9 @@ message CommunicatorConfig { // // No compression is applied if unset. fleetspeak.CompressionAlgorithm compression = 6; + + // If set, the client will prefer comms with HTTP2 Transport + bool prefer_http2 = 7; } // ClientState contains the state of the client which should be persisted across diff --git a/sandboxes/cleartext-header-mode/config/fleetspeak-client/communicator.txt b/sandboxes/cleartext-header-mode/config/fleetspeak-client/communicator.txt index e69de29b..758ec85e 100644 --- a/sandboxes/cleartext-header-mode/config/fleetspeak-client/communicator.txt +++ b/sandboxes/cleartext-header-mode/config/fleetspeak-client/communicator.txt @@ -0,0 +1 @@ +prefer_http2: true diff --git a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/communicator.txt b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/communicator.txt index e69de29b..758ec85e 100644 --- a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/communicator.txt +++ b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/communicator.txt @@ -0,0 +1 @@ +prefer_http2: true diff --git a/sandboxes/direct-mtls-mode/config/fleetspeak-client/communicator.txt b/sandboxes/direct-mtls-mode/config/fleetspeak-client/communicator.txt index e69de29b..758ec85e 100644 --- a/sandboxes/direct-mtls-mode/config/fleetspeak-client/communicator.txt +++ b/sandboxes/direct-mtls-mode/config/fleetspeak-client/communicator.txt @@ -0,0 +1 @@ +prefer_http2: true diff --git a/sandboxes/https-header-mode/config/fleetspeak-client/communicator.txt b/sandboxes/https-header-mode/config/fleetspeak-client/communicator.txt index e69de29b..758ec85e 100644 --- a/sandboxes/https-header-mode/config/fleetspeak-client/communicator.txt +++ b/sandboxes/https-header-mode/config/fleetspeak-client/communicator.txt @@ -0,0 +1 @@ +prefer_http2: true diff --git a/sandboxes/passthrough-mode/config/fleetspeak-client/communicator.txt b/sandboxes/passthrough-mode/config/fleetspeak-client/communicator.txt index e69de29b..758ec85e 100644 --- a/sandboxes/passthrough-mode/config/fleetspeak-client/communicator.txt +++ b/sandboxes/passthrough-mode/config/fleetspeak-client/communicator.txt @@ -0,0 +1 @@ +prefer_http2: true From 5b111d5f90543d1d79f3d0affb91b592bbeb6cc1 Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 28 Jun 2024 14:26:26 +0000 Subject: [PATCH 10/10] adapts sandbox demo client config --- .../config/fleetspeak-client/config.textproto | 1 - .../config/fleetspeak-client/config.textproto | 1 - .../direct-mtls-mode/config/fleetspeak-client/config.textproto | 1 - .../https-header-mode/config/fleetspeak-client/config.textproto | 1 - .../passthrough-mode/config/fleetspeak-client/config.textproto | 1 - 5 files changed, 5 deletions(-) diff --git a/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto b/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto index db6fac8e..bfbabd54 100644 --- a/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/cleartext-header-mode/config/fleetspeak-client/config.textproto @@ -7,4 +7,3 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true -prefer_http2:true diff --git a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto index e4db05d2..b6643133 100644 --- a/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/cleartext-xfcc-mode/config/fleetspeak-client/config.textproto @@ -6,4 +6,3 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true -prefer_http2:true diff --git a/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto b/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto index 84b6e656..b6b6fe34 100644 --- a/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/direct-mtls-mode/config/fleetspeak-client/config.textproto @@ -6,4 +6,3 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true -prefer_http2:true diff --git a/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto b/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto index db6fac8e..bfbabd54 100644 --- a/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/https-header-mode/config/fleetspeak-client/config.textproto @@ -7,4 +7,3 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true -prefer_http2:true diff --git a/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto b/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto index 3c46e519..269bf9d9 100644 --- a/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto +++ b/sandboxes/passthrough-mode/config/fleetspeak-client/config.textproto @@ -6,4 +6,3 @@ filesystem_handler: { state_file:"/fleetspeak-client.state" } streaming:true -prefer_http2:true