diff --git a/CHANGELOG.md b/CHANGELOG.md index 031cb30a..28d1fa9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -69,8 +69,8 @@ Users may have to change how they access the system ### Minor features * Restconf native HTTP/2: - * Added option `CLICON_RESTCONF_HTTP2_PLAIN` - * if disabled non-tls HTTP/2 is disabled: both direct and upgrade + * Added option `CLICON_RESTCONF_HTTP2_PLAIN` for non-TLS http + * Default disabled, set to true to enable HTTP/2 direct and switch/upgrade HTTP/1->HTTP/2 * Restconf internal start: fail early if clixon_restconf binary is not found * If CLICON_BACKEND_RESTCONF_PROCESS is true * Added linenumbers to all YANG symbols for better debug and errors diff --git a/test/test_restconf.sh b/test/test_restconf.sh index 440eaaa6..6d32d836 100755 --- a/test/test_restconf.sh +++ b/test/test_restconf.sh @@ -223,7 +223,11 @@ function testrun() # http/1 + http/2 new "restconf GET http/2 switch protocol" - expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/2 200" "" "" "" # Only if http: HTTP/1.1 101 Switching Protocols + if [ $proto = http ]; then # see (2) https to http port in restconf_main_native.c + expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/1.1 200" "" "" "" + else + expectpart "$(curl $CURLOPTS --http2 -X GET $proto://$addr/.well-known/host-meta)" 0 "" "HTTP/2 200" "" "" "" # Only if https: HTTP/1.1 101 Switching Protocols + fi else # http/1 only Try http/2 - go back to http/1.1 new "restconf GET http/2 switch protocol" @@ -487,6 +491,11 @@ if [ "${WITH_RESTCONF}" = "native" ]; then protos="$protos https" fi for proto in $protos; do + if [ $proto = https ]; then + HVER=2 + else + HVER=1.1 + fi addrs="127.0.0.1" if $IPv6 ; then addrs="$addrs \[::1\]" diff --git a/test/test_restconf_basic_auth.sh b/test/test_restconf_basic_auth.sh index 7eb968c7..5ebe2be8 100755 --- a/test/test_restconf_basic_auth.sh +++ b/test/test_restconf_basic_auth.sh @@ -28,6 +28,7 @@ fyang=$dir/myexample.yang # No ssl RCPROTO=http +HVER=1.1 # Start with common config, then append fcgi/native specific config cat < $cfg diff --git a/test/test_restconf_err.sh b/test/test_restconf_err.sh index dadb9486..457aced9 100755 --- a/test/test_restconf_err.sh +++ b/test/test_restconf_err.sh @@ -31,7 +31,7 @@ fyang2=$dir/augment.yang fxml=$dir/initial.xml fstate=$dir/state.xml RCPROTO=http # Force to http due to netcat - +HVER=1.1 # Define default restconfig config: RESTCONFIG RESTCONFIG=$(restconf_config none false) diff --git a/test/test_restconf_internal.sh b/test/test_restconf_internal.sh index 336c9452..6192d834 100755 --- a/test/test_restconf_internal.sh +++ b/test/test_restconf_internal.sh @@ -22,6 +22,7 @@ startupdb=$dir/startup_db # Restconf debug RESTCONFDBG=$DBG RCPROTO=http # no ssl here +HVER=1.1 # log-destination in restconf xml: syslog or file : ${LOGDST:=syslog} diff --git a/test/test_restconf_internal_usecases.sh b/test/test_restconf_internal_usecases.sh index 446bf26f..5fd9c3a8 100755 --- a/test/test_restconf_internal_usecases.sh +++ b/test/test_restconf_internal_usecases.sh @@ -33,6 +33,7 @@ startupdb=$dir/startup_db # Restconf debug RESTCONFDBG=$DBG RCPROTO=http # no ssl here +HVER=1.1 INVALIDADDR=251.1.1.1 # used by fourth usecase as invalid diff --git a/test/test_restconf_netns.sh b/test/test_restconf_netns.sh index fe680059..1f23e90e 100755 --- a/test/test_restconf_netns.sh +++ b/test/test_restconf_netns.sh @@ -172,8 +172,9 @@ expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO]]>]]>" "^]]>]]>$" +# NOTE http/1.1 new "restconf http get config on default netns" -expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 200" 'a42
' +expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table)" 0 "HTTP/1.1 200" 'a42
' new "restconf http get config on addr:$vaddr in netns:$netns" expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 200" 'a42
' @@ -184,8 +185,9 @@ expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: applic new "restconf https/SSL put table b" expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X POST -H 'Content-Type: application/yang-data+xml' -d 'b99' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/$HVER 201" +# NOTE http/1.1 new "restconf http get table b on default ns" -expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table/parameter=b)" 0 "HTTP/$HVER 200" 'b99' +expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table/parameter=b)" 0 "HTTP/1.1 200" 'b99' # Negative new "restconf get config on wrong port in netns:$netns" diff --git a/yang/clixon/clixon-config@2021-07-11.yang b/yang/clixon/clixon-config@2021-07-11.yang index bf7f34b8..55839147 100644 --- a/yang/clixon/clixon-config@2021-07-11.yang +++ b/yang/clixon/clixon-config@2021-07-11.yang @@ -586,13 +586,13 @@ module clixon-config { } leaf CLICON_RESTCONF_HTTP2_PLAIN { type boolean; - default true; + default false; description "Applies to plan (non-tls) http/2 ie when clixon is configured with --enable-nghttp2 If false, disable direct and upgrade for plain(non-tls) HTTP/2. If true, allows direct and upgrade for plain(non-tls) HTTP/2. - This is especially useful in http/1 + http/2 mode to avoid the complex upgrade/switch - from http/1 to http/2. + It may especially useful to disable in http/1 + http/2 mode to avoid the complex + upgrade/switch from http/1 to http/2. Note this also disables plain http/2 in prior-knowledge, that is, in http/2-only mode. HTTP/2 in https(TLS) is unaffected"; }