Expand description
Transport layer: bytes on and off the wire.
Owns protocol framing and, in a later slice, TLS termination behind the
CryptoProvider seam (docs/07) and pooled upstream connections (docs/04
§7). It knows nothing about routing decisions or tenancy semantics.
M1 implements the HTTP/1.1 cleartext ingress: serve accepts
connections, parses each request into an owned IngressRequest (with its
EndpointKind classified by classify()),
invokes an IngressHandler, and writes the IngressResponse. The handler,
implemented by the binary, is where the request meets the engine pipeline.
Structs§
- Classified
- The result of classifying a request path.
- Incoming
- The streamed request body type for
IngressHandler::handle_forward, re-exported so handlers can name it without depending onhyperdirectly. A stream ofBytes, used when receiving bodies from the network. - Ingress
Limits - Per-ingress memory bounds. Sized for bulk:
max_body_bytesis the largest single body buffered,inflight_ceilingthe largest sum across concurrent requests before new ones are shed with429. - Ingress
Request - A parsed, owned client request ready for the pipeline.
- Ingress
Response - The response a handler returns for the transport to write back.
- Ring
Provider - A
CryptoProviderbacked by rustls’s pure-Rustringmodule (non-fipsfeature). Not FIPS-validated,fips_mode()is alwaysfalse. Server-auth and mutual-TLS, built from PEM. - Streaming
Response - A streaming response a handler returns for a verbatim forward (ADR-014): a status, extra headers, and a body piped to the client without buffering.
Enums§
- TlsError
- A failure building a
RingProviderfrom PEM material.
Constants§
- DRAIN_
DEADLINE - How long graceful shutdown waits for in-flight requests to drain before giving up and dropping the remainder (NFR-R5).
- FIPS_
APPROVED_ SUITES - The FIPS-approved TLS cipher suites the proxy offers (
docs/07§2 caveat 3, NFR-S5): TLS 1.3 and TLS 1.2 AES-GCM only. CHACHA20-POLY1305 is deliberately excluded, it is not a FIPS-approved suite. This wire policy is applied to every provider, FIPS-validated or not, so the suites negotiated are identical regardless of the underlying module; the FIPS module changes validation, not the suites on the wire. The set is keyed on the provider-independentCipherSuiteidentifier so the aws-lc-rs provider pins the exact same list.
Traits§
- Crypto
Provider - The pluggable TLS backend.
- Ingress
Handler - Handles a parsed ingress request, producing a response.
Functions§
- buffered_
response - Wraps fully-buffered bytes as a
ResponseBody(the buffered response path). - classify
- Classifies a
method+pathinto an endpoint, logical index, and doc id. - serve
- Serves HTTP/1.1 requests on
listenerwith the defaultIngressLimits. - serve_
grpc - Serves the gRPC
DocumentServiceonlistener, dispatching each RPC throughhandler(the same pipeline the HTTP ingress drives), until it errors. - serve_
grpc_ tls - Serves the gRPC
DocumentServiceonlistenerover TLS, terminating each connection withprovider’s configuration (mutual TLS when the provider requires a client certificate, whose identity reaches the handler). - serve_
tls - Serves HTTPS requests on
listener, terminating TLS withprovider’s configuration, until the listener errors. - serve_
tls_ with_ limits - Serves HTTPS requests on
listenerunder the given memorylimits, terminating TLS withprovider’s configuration, until the listener errors. - serve_
tls_ with_ shutdown - Like
serve_tls, but drains in-flight requests whenshutdownresolves (NFR-R5), bounded byDRAIN_DEADLINE. - serve_
with_ limits - Serves HTTP/1.1 requests on
listener, dispatching each tohandlerunder the given memorylimits(per-request413, in-flight429), until the listener errors. - serve_
with_ shutdown - Like
serve, but stops accepting and drains in-flight requests whenshutdownresolves (NFR-R5). In-flight connections finish their current request and close; the drain is bounded byDRAIN_DEADLINE.
Type Aliases§
- Default
Crypto Provider - The crypto provider the active build selected:
RingProviderundernon-fips,AwsLcFipsProviderunderfips. Server/wiring code names this alias so it never hard-codes a concrete provider or branches on the feature. - Response
Body - The transport’s HTTP response body: boxed so a response may be buffered bytes
or a live stream piped from the upstream without buffering (ADR-014).
Unsync, the server only needs
Send. Structurally identical toosproxy-sink’sByteBody, so a streamed upstream response flows through as-is, no copy.