pub struct HttpContext {Show 39 fields
pub keep_alive_backend: bool,
pub keep_alive_frontend: bool,
pub sticky_session_found: Option<String>,
pub method: Option<Method>,
pub authority: Option<String>,
pub path: Option<String>,
pub status: Option<u16>,
pub reason: Option<String>,
pub user_agent: Option<String>,
pub x_request_id: Option<String>,
pub xff_chain: Option<String>,
pub closing: bool,
pub session_id: Ulid,
pub id: Ulid,
pub backend_id: Option<String>,
pub cluster_id: Option<String>,
pub protocol: Protocol,
pub public_address: SocketAddr,
pub session_address: Option<SocketAddr>,
pub sticky_name: String,
pub sticky_session: Option<String>,
pub backend_address: Option<SocketAddr>,
pub tls_server_name: Option<String>,
pub tls_cert_names: Option<Arc<Vec<String>>>,
pub strict_sni_binding: bool,
pub elide_x_real_ip: bool,
pub send_x_real_ip: bool,
pub tls_version: Option<&'static str>,
pub tls_cipher: Option<&'static str>,
pub tls_alpn: Option<&'static str>,
pub sozu_id_header: String,
pub redirect_location: Option<String>,
pub www_authenticate: Option<String>,
pub original_authority: Option<String>,
pub headers_response: Vec<HeaderEditSnapshot>,
pub retry_after_seconds: Option<u32>,
pub frontend_redirect_template: Option<String>,
pub redirect_status: Option<u16>,
pub access_log_message: Option<&'static str>,
}Expand description
This is the container used to store and use information about the session from within a Kawa parser callback
Fields§
§keep_alive_backend: boolset to false if Kawa finds a “Connection” header with a “close” value in the response
keep_alive_frontend: boolset to false if Kawa finds a “Connection” header with a “close” value in the request
sticky_session_found: Option<String>the value of the sticky session cookie in the request
method: Option<Method>the value of the method in the request line
the value of the authority of the request (in the request line of “Host” header)
path: Option<String>the value of the path in the request line
status: Option<u16>the value of the status code in the response line
reason: Option<String>the value of the reason in the response line
user_agent: Option<String>§x_request_id: Option<String>Value of the x-request-id header observed (if propagated from the
client/upstream LB) or generated (from self.id). Universal correlation
header — populated unconditionally by on_request_headers so the access
log can record the exact value forwarded to the backend.
xff_chain: Option<String>Verbatim value of the client-supplied X-Forwarded-For header as
observed before Sōzu appended its own hop. Captured here, not at
request edit time, so the access log records the upstream-attested
chain even when Sōzu also appends its own peer to the forwarded
header. None if the request had no X-Forwarded-For header.
closing: boolsignals wether Kawa should write a “Connection” header with a “close” value (request and response)
session_id: UlidConnection/session ULID — stable across all requests multiplexed on this
TCP or TLS connection. Used as the first slot in the legacy log-context
bracket [session req cluster backend] and emitted into
ProtobufAccessLog.session_id.
id: Ulidthe value of the custom header, named “Sozu-Id”, that Kawa should write (request and response)
backend_id: Option<String>§cluster_id: Option<String>§protocol: Protocolthe value of the protocol Kawa should write in the Forwarded headers of the request
public_address: SocketAddrthe value of the public address Kawa should write in the Forwarded headers of the request
session_address: Option<SocketAddr>the value of the session address Kawa should write in the Forwarded headers of the request
sticky_name: Stringthe name of the cookie Kawa should read from the request to get the sticky session
sticky_session: Option<String>the sticky session that should be used used to create a “Set-Cookie” header in the response in case it differs from sticky_session_found
backend_address: Option<SocketAddr>the address of the backend server
tls_server_name: Option<String>The TLS Server Name Indication (SNI) hostname negotiated at handshake.
Populated for HTTPS listeners when the client sent an SNI extension (see
https.rs::upgrade_handshake). Used by the routing layer to enforce the
TLS trust boundary against the HTTP :authority / Host header — without
this check, an attacker holding a valid certificate for tenant A could
open TLS with SNI=A then send requests with :authority=tenantB and
reach tenant B’s backend (CWE-346 / CWE-444).
None when the listener is plaintext HTTP or the client omitted SNI.
Stored pre-lowercased and without a port for direct exact-match comparison.
tls_cert_names: Option<Arc<Vec<String>>>Snapshot of the SAN set of the certificate Sōzu actually served at
the TLS handshake. Captured once in https.rs::upgrade_handshake
from the resolver and frozen for the connection lifetime so H2
stream coalescing (RFC 7540 §9.1.1 / RFC 9113 §9.1.1) accepts any
:authority covered by the certificate, with RFC 6125 §6.4.3
wildcard handling. None for plaintext listeners or when SNI was
absent (router falls back to the legacy exact-match predicate).
Some(empty) when the default cert was served — every
:authority is rejected. Arc so the snapshot is shared across
every per-stream HttpContext without re-allocation.
strict_sni_binding: boolWhether the router must reject this request when tls_server_name
does not exact-match its authority (CWE-346 / CWE-444). Mirrors
HttpsListenerConfig::strict_sni_binding. Set from the mux
Context at stream creation time (see Context::create_stream).
Plaintext listeners still never hit the check because
tls_server_name is None.
elide_x_real_ip: boolWhen true, the request-side block walk in on_request_headers
strips any client-supplied X-Real-IP header before forwarding
(anti-spoofing). Mirrors HttpListenerConfig::elide_x_real_ip /
HttpsListenerConfig::elide_x_real_ip. Set from the mux Context
at stream creation (see Context::create_stream); listener-scoped
and never reset across keep-alive requests. Independent of
send_x_real_ip. The same flag is plumbed into
pkawa::handle_trailer so trailer HEADERS frames cannot bypass
the elision.
send_x_real_ip: boolWhen true, on_request_headers injects a proxy-generated
X-Real-IP header carrying session_address.ip() (post-PROXY-v2
unwrap, i.e. the original client IP). Mirrors
HttpListenerConfig::send_x_real_ip /
HttpsListenerConfig::send_x_real_ip. Set from the mux Context
at stream creation (see Context::create_stream); listener-scoped
and never reset across keep-alive requests. Independent of
elide_x_real_ip. When session_address is None (raw socket
without a peer), no header is appended — identical to the
existing X-Forwarded-For / Forwarded synthesis behaviour.
tls_version: Option<&'static str>Negotiated TLS protocol version as a short label (e.g. "TLSv1.3").
Captured from rustls_version_label at handshake completion and
propagated from the mux Context. None for plaintext listeners.
tls_cipher: Option<&'static str>Negotiated TLS cipher suite as a short label (e.g.
"TLS_AES_128_GCM_SHA256"). Captured from rustls_ciphersuite_label
at handshake completion and propagated from the mux Context. None
for plaintext listeners.
tls_alpn: Option<&'static str>Negotiated ALPN protocol (e.g. "h2", "http/1.1"). Captured from
rustls at handshake completion and propagated from the mux Context.
None for plaintext listeners or when no ALPN was negotiated.
sozu_id_header: StringName of the correlation header Sozu injects into every request and
response. Defaults to "Sozu-Id" via [L7ListenerHandler::get_sozu_id_header].
Populated at stream creation from the listener config’s sozu_id_header
knob. Stored as an owned String so it survives a listener hot-reload
that changes the value.
redirect_location: Option<String>Resolved Location URL stashed by the routing layer when a frontend
triggers a permanent redirect (RedirectPolicy::PERMANENT or the
legacy cluster.https_redirect). Read by the default-answer 301
path so the response carries the correct target URL — including
optional cluster.https_redirect_port and rewrite-template captures.
None when the request is not redirecting.
www_authenticate: Option<String>WWW-Authenticate realm stashed by the routing layer when a
frontend rejects an unauthenticated request (required_auth = true
without a valid Authorization: Basic header, or
RedirectPolicy::UNAUTHORIZED). Read by the default-answer 401
path so the response carries the cluster’s configured
www_authenticate value. None falls back to template default
(header is elided when no realm is configured).
Original authority captured before a rewrite-host fired; emitted
back to the backend as X-Forwarded-Host so the backend can
reconstruct the public URL even though :authority / Host was
rewritten on the wire. None when no host rewrite happened.
headers_response: Vec<HeaderEditSnapshot>Per-frontend response-side header edits (set/replace/delete)
stashed by the routing layer for the emission boundary in
mux/h1.rs::writable and mux/h2.rs::write_streams to apply
before kawa.prepare(...). Empty when the frontend has no
response-side header policy. An entry with an empty val
deletes the header by name (HAProxy del-header parity); a
non-empty val set/replaces.
retry_after_seconds: Option<u32>Resolved Retry-After value (seconds) for an HTTP 429 default
answer. Computed in Router::connect when the per-(cluster,
source-IP) connection limit is hit, by folding the cluster’s
retry_after override over the global default. None (or
Some(0)) tells the answer engine to omit the Retry-After
header entirely — Retry-After: 0 invites an immediate retry
that defeats the limit. Unused for any other status code.
frontend_redirect_template: Option<String>Frontend-supplied template body that overrides the listener /
cluster default http.301.redirection for a single
RedirectPolicy::PERMANENT request. Stashed by the routing layer
from RouteResult::redirect_template and consumed by the 301
branch of mux::answers::set_default_answer_with_retry_after,
which compiles the body via HttpAnswers::render_inline_301 and
renders it with the same (REDIRECT_LOCATION, ROUTE, REQUEST_ID) variable schema as the persistent template chain.
None falls back to the cluster / listener default. Unused for
any other status code or for the legacy
cluster.https_redirect = true path (which never sets it).
redirect_status: Option<u16>Resolved redirect status code stashed by the routing layer when
a frontend’s RedirectPolicy is one of the redirect variants.
301 = Permanent, 302 = Found, 308 = PermanentRedirect.
None falls back to 301 for the legacy
cluster.https_redirect = true path. Closes #1009.
access_log_message: Option<&'static str>Stable, structured discriminator surfaced as the access-log
message field when the session terminates on a timeout. Set by
the timeout handlers in kawa_h1::timeout and MuxState::timeout
before the default-answer or forcefully_terminate_answer
path consumes it. The vocabulary is operator-visible API once
shipped — see the access-log section of doc/configure.md for
the full token list (client_timeout,
client_timeout_during_response, backend_timeout,
backend_response_timeout). None for non-timeout sessions, in
which case the access log emits message: None as before.
Implementations§
Source§impl HttpContext
impl HttpContext
Sourcepub fn new(
session_id: Ulid,
request_id: Ulid,
protocol: Protocol,
public_address: SocketAddr,
session_address: Option<SocketAddr>,
sticky_name: String,
sozu_id_header: String,
elide_x_real_ip: bool,
send_x_real_ip: bool,
) -> Self
pub fn new( session_id: Ulid, request_id: Ulid, protocol: Protocol, public_address: SocketAddr, session_address: Option<SocketAddr>, sticky_name: String, sozu_id_header: String, elide_x_real_ip: bool, send_x_real_ip: bool, ) -> Self
Creates a new instance