Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-03 19:17:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: disable h3 for unix domain socket (#6769)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Waiting to run
Details
Tests / test (s390x on IBM Z) (push) Waiting to run
Details
Tests / goreleaser-check (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Details
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, aix) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, darwin) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, illumos) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, linux) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, solaris) (push) Waiting to run
Details
Cross-Build / build (~1.23.0, 1.23, windows) (push) Waiting to run
Details
Lint / lint (macos-14, mac) (push) Waiting to run
Details
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Details
Lint / lint (windows-latest, windows) (push) Waiting to run
Details
Lint / govulncheck (push) Waiting to run
Details

Browse Source
This commit is contained in:
Hyeonggeun Oh 2025-01-07 16:21:57 -08:00 committed by GitHub
parent 1bd567d7ad
commit 50778b5542
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
modules/caddyhttp/app.go
View File

@ -529,21 +529,6 @@ func (app *App) Start() error {
// enable TLS if there is a policy and if this is not the HTTP port
useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort()
// enable HTTP/3 if configured
if h3ok && useTLS {
app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport))
if err := srv.serveHTTP3(listenAddr.At(portOffset), tlsCfg); err != nil {
return err
}
}
if h3ok && !useTLS {
// Can only serve h3 with TLS enabled
app.logger.Warn("HTTP/3 skipped because it requires TLS",
zap.String("network", listenAddr.Network),
zap.String("addr", hostport))
}
if h1ok || h2ok && useTLS || h2cok {
// create the listener for this socket
lnAny, err := listenAddr.Listen(app.ctx, portOffset, net.ListenConfig{KeepAlive: time.Duration(srv.KeepAliveInterval)})
@ -614,6 +599,33 @@ func (app *App) Start() error {
zap.String("network", listenAddr.Network),
zap.String("addr", hostport))
}
if h3ok {
// Can't serve HTTP/3 on the same socket as HTTP/1 and 2 because it uses
// a different transport mechanism... which is fine, but the OS doesn't
// differentiate between a SOCK_STREAM file and a SOCK_DGRAM file; they
// are still one file on the system. So even though "unixpacket" and
// "unixgram" are different network types just as "tcp" and "udp" are,
// the OS will not let us use the same file as both STREAM and DGRAM.
if listenAddr.IsUnixNetwork() {
app.logger.Warn("HTTP/3 disabled because Unix can't multiplex STREAM and DGRAM on same socket",
zap.String("file", hostport))
continue
}
if useTLS {
// enable HTTP/3 if configured
app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport))
if err := srv.serveHTTP3(listenAddr.At(portOffset), tlsCfg); err != nil {
return err
}
} else {
// Can only serve h3 with TLS enabled
app.logger.Warn("HTTP/3 skipped because it requires TLS",
zap.String("network", listenAddr.Network),
zap.String("addr", hostport))
}
}
}
}