Merge pull request #6918 from skorhone/fix/hijacked_connection_handling

Fix: Correct connection counters for hijacked connections
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-07-10 22:03:56 +0200
committer: GitHub <noreply@github.com> 2020-07-10 22:03:56 +0200
commit: 1d7175314c350b61b84ca4b2237d662e9b3f6c09 (patch)
tree: f6b0a8c94882669ce96fee0ddae5390f3b9aa2e7 /pkg/api/handlers/compat/containers_attach.go
parent: 2ac8c6953481eb7391a6a7594709811f7ae3167f (diff)
parent: 324a02ec609f24aaba923a96266657d125228033 (diff)
download: podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.tar.gz
podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.tar.bz2
podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.zip
1 files changed, 61 insertions, 18 deletions
diff --git a/pkg/api/handlers/compat/containers_attach.go b/pkg/api/handlers/compat/containers_attach.go
index 325f96b40..71586fca4 100644
--- a/pkg/api/handlers/compat/containers_attach.go
+++ b/pkg/api/handlers/compat/containers_attach.go
@@ -1,23 +1,22 @@
 package compat
 
 import (
+	"bufio"
 	"fmt"
+	"io"
+	"net"
 	"net/http"
+	"strings"
 
 	"github.com/containers/libpod/v2/libpod"
 	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/containers/libpod/v2/pkg/api/handlers/utils"
+	"github.com/containers/libpod/v2/pkg/api/server/idletracker"
 	"github.com/gorilla/schema"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
-// AttachHeader is the literal header sent for upgraded/hijacked connections for
-// attach, sourced from Docker at:
-// https://raw.githubusercontent.com/moby/moby/b95fad8e51bd064be4f4e58a996924f343846c85/api/server/router/container/container_routes.go
-// Using literally to ensure compatibility with existing clients.
-const AttachHeader = "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n"
-
 func AttachContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
@@ -98,21 +97,11 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Hijack the connection
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		utils.InternalServerError(w, errors.Errorf("unable to hijack connection"))
-		return
-	}
-
-	connection, buffer, err := hijacker.Hijack()
+	connection, buffer, err := AttachConnection(w, r)
 	if err != nil {
-		utils.InternalServerError(w, errors.Wrapf(err, "error hijacking connection"))
+		utils.InternalServerError(w, err)
 		return
 	}
-
-	fmt.Fprintf(connection, AttachHeader)
-
 	logrus.Debugf("Hijack for attach of container %s successful", ctr.ID())
 
 	// Perform HTTP attach.
@@ -126,3 +115,57 @@ func AttachContainer(w http.ResponseWriter, r *http.Request) {
 
 	logrus.Debugf("Attach for container %s completed successfully", ctr.ID())
 }
+
+type HijackedConnection struct {
+	net.Conn                             // Connection
+	idleTracker *idletracker.IdleTracker // Connection tracker
+}
+
+func (c HijackedConnection) Close() error {
+	logrus.Debugf("Hijacked connection closed")
+
+	c.idleTracker.TrackHijackedClosed()
+	return c.Conn.Close()
+}
+
+func AttachConnection(w http.ResponseWriter, r *http.Request) (net.Conn, *bufio.ReadWriter, error) {
+	idleTracker := r.Context().Value("idletracker").(*idletracker.IdleTracker)
+
+	// Hijack the connection
+	hijacker, ok := w.(http.Hijacker)
+	if !ok {
+		return nil, nil, errors.Errorf("unable to hijack connection")
+	}
+
+	connection, buffer, err := hijacker.Hijack()
+	if err != nil {
+		return nil, nil, errors.Wrapf(err, "error hijacking connection")
+	}
+	trackedConnection := HijackedConnection{
+		Conn:        connection,
+		idleTracker: idleTracker,
+	}
+
+	WriteAttachHeaders(r, trackedConnection)
+
+	return trackedConnection, buffer, nil
+}
+
+func WriteAttachHeaders(r *http.Request, connection io.Writer) {
+	// AttachHeader is the literal header sent for upgraded/hijacked connections for
+	// attach, sourced from Docker at:
+	// https://raw.githubusercontent.com/moby/moby/b95fad8e51bd064be4f4e58a996924f343846c85/api/server/router/container/container_routes.go
+	// Using literally to ensure compatibility with existing clients.
+	c := r.Header.Get("Connection")
+	proto := r.Header.Get("Upgrade")
+	if len(proto) == 0 || !strings.EqualFold(c, "Upgrade") {
+		// OK - can't upgrade if not requested or protocol is not specified
+		fmt.Fprintf(connection,
+			"HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
+	} else {
+		// Upraded
+		fmt.Fprintf(connection,
+			"HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: %s\r\n\r\n",
+			proto)
+	}
+}
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-07-10 22:03:56 +0200
committer	GitHub <noreply@github.com>	2020-07-10 22:03:56 +0200
commit	1d7175314c350b61b84ca4b2237d662e9b3f6c09 (patch)
tree	f6b0a8c94882669ce96fee0ddae5390f3b9aa2e7 /pkg/api/handlers/compat/containers_attach.go
parent	2ac8c6953481eb7391a6a7594709811f7ae3167f (diff)
parent	324a02ec609f24aaba923a96266657d125228033 (diff)
download	podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.tar.gz podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.tar.bz2 podman-1d7175314c350b61b84ca4b2237d662e9b3f6c09.zip