You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Aryeh Friedman <ar...@gmail.com> on 2022/12/08 21:55:06 UTC
Receiving HTTP (any version but 3 prefered) over UDP
I just tried the following command to test if tomcat does in fact listen on UDP:
aryeh@sarek1024% nc -u localhost 8080
GET / HTTP/1.1
aryeh@sarek1024%
Which is nice to see tomcat is listening but it is not apparently
processing any requests since doing the same on TCP yields:
aryeh@sarek1024% nc localhost 8080
GET / HTTP/1.1
HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1859
Date: Thu, 08 Dec 2022 21:51:11 GMT
Connection: close
<!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad
Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
{color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 400 – Bad Request</h1><hr class="line" /><p><b>Type</b>
Exception Report</p><p><b>Message</b> Invalid character found in the
HTTP protocol [HTTP/1.1...]</p><p><b>Description</b> The server
cannot or will not process the request due to something that is
perceived to be a client error (e.g., malformed request syntax,
invalid request message framing, or deceptive request
routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException:
Invalid character found in the HTTP protocol [HTTP/1.1...]
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:559)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748)
</pre><p><b>Note</b> The full stack trace of the root cause is
available in the server logs.</p><hr class="line" /><h3>Apache
Tomcat/9.0.41</h3></body></html>
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Alex <al...@none.at>.
Hi.
On 11.12.22 17:44, Shawn Heisey wrote:
> On 12/10/22 15:15, Aryeh Friedman wrote:
>> Is there any browser support for direct UDP sockets in any browser
>> besides Chrome? I know WebRTC and Websockets force TCP. I know
>> Chrome does support UDP but can find no evidence one way for the other
>> browsers.
>
> I'm sure you know that if Chrome is doing it, you can be sure that the
> other browsers either already do or are planning to have it in a new
> release very soon.
>
>> As far I can tell there are no web servers and/or major hosting
>> companies (i.e. AWS, etc.) that support UIUC/HTTP3. For that reason,
>> I am playing with different options for making a stripped down UDP
>> HTTP server (prefer 3 but forcing TLS seems to be a deal breaker for
>> anyone except name brand sites like Google -- E.g. my main client had
>> a total cow over the $500/yr fee for a Comodo multi-domain cert even
>> though due to being healthcare it is a legal requirement.)
>
> I'm not in touch with which of the major web servers can do H3/QUIC.
> Almost all of my web servers are behind haproxy, to offload TLS and make
> decisions about which webserver will receive each request. Except in
> cases where it just wasn't possible for one reason or another (like
> plex) all backend communication in haproxy is unencrypted. At this
> time, haproxy only supports H3/QUIC on the front end, not the back end.
> Most of the backends are h2c, some only do http/1.1. (side note ... I
> am still seeing http/1.0 requests in my logs, and even a few 0.9.)
>
> If I ever find myself in a situation where I need to make a container
> like Tomcat reachable from the Internet, I will be using haproxy as the
> front end, not the common choice of Apache of Nginx. The only reason I
> can see for using one of those webservers is to have a separate logfile
> for each domain. The log that haproxy produces is good enough for me.
JFYI: There are some Webservers out there which already support H3.
Caddyserver https://caddyserver.com/docs/caddyfile/options#protocols
H2o https://github.com/h2o/h2o/
There is a overview page about interoperability of different Quic and H3
Tools
https://interop.seemann.io/
> I have another haproxy installation in AWS on my mail server, configured
> the same way as the main install in my basement. Mostly for my webmail,
> but I do have a few other websites on that install. It handles
> UDP/443. This little website is running on my AWS instance:
>
> https://http3test.elyograg.org/
>
> If you visit that page and look at the cert, you'll see it's made by
> LetsEncrypt. Renewal and deployment of that cert is completely
> automated, so the 90 day lifetime is not the administrative hassle that
> it could be. I am planning to implement the same automated LE
> certificate deployment at $DAYJOB that I already have for my personal
> domains. I work for a company that handles healthcare data, and nobody
> has raised a concern about HITRUST not allowing free certificates.
>
> Thanks,
> Shawn
Regards
Ales
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Shawn Heisey <ap...@elyograg.org>.
On 12/10/22 15:15, Aryeh Friedman wrote:
> Is there any browser support for direct UDP sockets in any browser
> besides Chrome? I know WebRTC and Websockets force TCP. I know
> Chrome does support UDP but can find no evidence one way for the other
> browsers.
I'm sure you know that if Chrome is doing it, you can be sure that the
other browsers either already do or are planning to have it in a new
release very soon.
> As far I can tell there are no web servers and/or major hosting
> companies (i.e. AWS, etc.) that support UIUC/HTTP3. For that reason,
> I am playing with different options for making a stripped down UDP
> HTTP server (prefer 3 but forcing TLS seems to be a deal breaker for
> anyone except name brand sites like Google -- E.g. my main client had
> a total cow over the $500/yr fee for a Comodo multi-domain cert even
> though due to being healthcare it is a legal requirement.)
I'm not in touch with which of the major web servers can do H3/QUIC.
Almost all of my web servers are behind haproxy, to offload TLS and make
decisions about which webserver will receive each request. Except in
cases where it just wasn't possible for one reason or another (like
plex) all backend communication in haproxy is unencrypted. At this
time, haproxy only supports H3/QUIC on the front end, not the back end.
Most of the backends are h2c, some only do http/1.1. (side note ... I
am still seeing http/1.0 requests in my logs, and even a few 0.9.)
If I ever find myself in a situation where I need to make a container
like Tomcat reachable from the Internet, I will be using haproxy as the
front end, not the common choice of Apache of Nginx. The only reason I
can see for using one of those webservers is to have a separate logfile
for each domain. The log that haproxy produces is good enough for me.
I have another haproxy installation in AWS on my mail server, configured
the same way as the main install in my basement. Mostly for my webmail,
but I do have a few other websites on that install. It handles
UDP/443. This little website is running on my AWS instance:
https://http3test.elyograg.org/
If you visit that page and look at the cert, you'll see it's made by
LetsEncrypt. Renewal and deployment of that cert is completely
automated, so the 90 day lifetime is not the administrative hassle that
it could be. I am planning to implement the same automated LE
certificate deployment at $DAYJOB that I already have for my personal
domains. I work for a company that handles healthcare data, and nobody
has raised a concern about HITRUST not allowing free certificates.
Thanks,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Hiran CHAUDHURI <hi...@amadeus.com.INVALID>.
CONFIDENTIAL & RESTRICTED
You seem to know that domain.
Would it make sense if you tried to create that HTTP/UDP support such that it could be integrated into future Tomcats?
Hiran
-----Original Message-----
From: Aryeh Friedman <ar...@gmail.com>
Sent: Saturday, December 10, 2022 23:16
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: Re: Receiving HTTP (any version but 3 prefered) over UDP
[...]
Due to my soon forthcoming project being a streaming media site, true real time delivery is the most important thing, and from my past work as a protocol designer, I can say without any qualification that TCP is absolutely the wrong protocol (there are other good end-to-end reliable UDP protocols besides QUIC).
As far I can tell there are no web servers and/or major hosting companies (i.e. AWS, etc.) that support UIUC/HTTP3. For that reason, I am playing with different options for making a stripped down UDP HTTP server (prefer 3 but forcing TLS seems to be a deal breaker for anyone except name brand sites like Google -- E.g. my main client had a total cow over the $500/yr fee for a Comodo multi-domain cert even though due to being healthcare it is a legal requirement.)
IMPORTANT - CONFIDENTIALITY NOTICE - This e-mail is intended only for the use of the individual or entity shown above as addressees . It may contain information which is privileged, confidential or otherwise protected from disclosure under applicable laws . If the reader of this transmission is not the intended recipient, you are hereby notified that any dissemination, printing, distribution, copying, disclosure or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify us by reply e-mail or using the address below and delete the message and any attachments from your system. Amadeus Data Processing GmbH Geschaftsfuhrer: Sven Fuhrmeister Sitz der Gesellschaft: Erding HR Munchen 212770 Berghamer Strasse 6 85435 Erding Germany.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Aryeh Friedman <ar...@gmail.com>.
On Sat, Dec 10, 2022 at 4:59 PM Shawn Heisey <ap...@elyograg.org> wrote:
>
> On 12/9/2022 2:12 PM, Aryeh Friedman wrote:
> > For example the following code works against port 7 (UDP echo service)
> > but not against 8080 (my local tomcat):
>
> I suspect that you are running into the fact that HTTP/3 *always* uses
> TLS. It's baked into the protocol and NOT optional as with earlier HTTP
> versions. As far as I know, HTTP/3 is the only version of HTTP that
> uses UDP transport.
Is there any browser support for direct UDP sockets in any browser
besides Chrome? I know WebRTC and Websockets force TCP. I know
Chrome does support UDP but can find no evidence one way for the other
browsers.
Due to my soon forthcoming project being a streaming media site, true
real time delivery is the most important thing, and from my past work
as a protocol designer, I can say without any qualification that TCP
is absolutely the wrong protocol (there are other good end-to-end
reliable UDP protocols besides QUIC).
As far I can tell there are no web servers and/or major hosting
companies (i.e. AWS, etc.) that support UIUC/HTTP3. For that reason,
I am playing with different options for making a stripped down UDP
HTTP server (prefer 3 but forcing TLS seems to be a deal breaker for
anyone except name brand sites like Google -- E.g. my main client had
a total cow over the $500/yr fee for a Comodo multi-domain cert even
though due to being healthcare it is a legal requirement.)
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Shawn Heisey <ap...@elyograg.org>.
On 12/9/2022 2:12 PM, Aryeh Friedman wrote:
> For example the following code works against port 7 (UDP echo service)
> but not against 8080 (my local tomcat):
I suspect that you are running into the fact that HTTP/3 *always* uses
TLS. It's baked into the protocol and NOT optional as with earlier HTTP
versions. As far as I know, HTTP/3 is the only version of HTTP that
uses UDP transport.
Thanks,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Aryeh Friedman <ar...@gmail.com>.
On Fri, Dec 9, 2022 at 4:02 AM Mark Thomas <ma...@apache.org> wrote:
>
> On 08/12/2022 21:55, Aryeh Friedman wrote:
> > I just tried the following command to test if tomcat does in fact listen on UDP:
> >
> > aryeh@sarek1024% nc -u localhost 8080
> > GET / HTTP/1.1
> >
> >
> > aryeh@sarek1024%
> >
> > Which is nice to see tomcat is listening
>
> That command doesn't do what you think it does.
>
> UDP doesn't work the way you think it does.
Please don't make assumptions about my background or about how I think
UDP works. I have designed and implemented several transport
protocols over UDP (in C not Java) see ecip.org.
The man page for nc does take the connectionless nature of UDP into
consideration. For example here is an nc session working with the
echo server on UDP port 7:
aryeh@sarek1024% nc -u 127.0.0.1 7
Hi there I am an echo
Hi there I am an echo
^C
>
> Even if Tomcat was listening for UDP packets, HTTP/3 has a completely
> different wire format to HTTP/1.1 and the above wouldn't work.
I was not attempting to use HTTP (3 or 1.1). I was only testing if I
got any response at all (or if I would get an ICMP Port Unavailable
exception/error).
For example the following code works against port 7 (UDP echo service)
but not against 8080 (my local tomcat):
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.SocketAddress;
public class UDPHttp
{
public static void main(String[] args)
throws Throwable
{
int port=7;
DatagramSocket sock=new DatagramSocket();
InetAddress addr=InetAddress.getByName("localhost");
SocketAddress sockAddr=new InetSocketAddress(addr,port);
sock.connect(sockAddr);
String msg="GET / HTTP/1.1\r\n\r\n";
byte[] buf=msg.getBytes();
DatagramPacket packet=
new DatagramPacket(buf,buf.length,sockAddr);
sock.send(packet);
byte[] out=new byte[buf.length];
packet=new DatagramPacket(out,out.length,sockAddr);
sock.receive(packet);
System.out.print(new String(out));
}
}
Yields the original value of msg
Going to 8080 gives:
Exception in thread "main" java.net.PortUnreachableException: ICMP
Port Unreachable
at java.net.PlainDatagramSocketImpl.receive0(Native Method)
at java.net.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:143)
at java.net.DatagramSocket.receive(DatagramSocket.java:812)
at UDPHttp.main(UDPHttp.java:29)
>
> Tomcat is NOT listening for UDP packets.
>
> Tomcat does not support HTTP/3 or QUIC.
Any plans in this direction?
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Rémy Maucherat <re...@apache.org>.
On Fri, Dec 9, 2022 at 10:02 AM Mark Thomas <ma...@apache.org> wrote:
>
> On 08/12/2022 21:55, Aryeh Friedman wrote:
> > I just tried the following command to test if tomcat does in fact listen on UDP:
> >
> > aryeh@sarek1024% nc -u localhost 8080
> > GET / HTTP/1.1
> >
> >
> > aryeh@sarek1024%
> >
> > Which is nice to see tomcat is listening
>
> That command doesn't do what you think it does.
>
> UDP doesn't work the way you think it does.
>
> Even if Tomcat was listening for UDP packets, HTTP/3 has a completely
> different wire format to HTTP/1.1 and the above wouldn't work.
>
> Tomcat is NOT listening for UDP packets.
>
> Tomcat does not support HTTP/3 or QUIC.
>
> <snip/>
According to the roadmap: https://www.openssl.org/roadmap.html
I'll look at it with 3.3, basically.
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receiving HTTP (any version but 3 prefered) over UDP
Posted by Mark Thomas <ma...@apache.org>.
On 08/12/2022 21:55, Aryeh Friedman wrote:
> I just tried the following command to test if tomcat does in fact listen on UDP:
>
> aryeh@sarek1024% nc -u localhost 8080
> GET / HTTP/1.1
>
>
> aryeh@sarek1024%
>
> Which is nice to see tomcat is listening
That command doesn't do what you think it does.
UDP doesn't work the way you think it does.
Even if Tomcat was listening for UDP packets, HTTP/3 has a completely
different wire format to HTTP/1.1 and the above wouldn't work.
Tomcat is NOT listening for UDP packets.
Tomcat does not support HTTP/3 or QUIC.
<snip/>
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org