Sample procedure to use curl to make a gRPC call.
gRPC is built on top of HTTP2 and is used to make remote procedure calls using protocol buffers.
gRPC by design is fast, efficient, extensible and portable across many languages. The only real way to invoke the remote procedure is to use a generated gRPC client which internally does all the marshalling to encode the protbuf messages into gRPC's wire format:
The procedure described below is a mechanism to invoke a remote GRPC call using and http2-enabled curl
This does not serve any real practical purposes other than an investigation into dissecting what goes on in the RPC. The only usage for this is if running a full gRPC client is not possible and what is available is the serialized protocol buffer message to transmit.
You can run the sample here by either installing protobuf and gRPC or entirely through the docker container salrashid123/grpc_curl.
Set up a client to run the gRPC server locally as well as the client to generate and save the protobuf files.
This is preferably done through virtualenv:
git clone https://github.com/salrashid123/grpc_curl
cd grpc_curl/src/
# Use python3
virtualenv env
source env/bin/activate
pip3 install grpcio-tools hexdump
python3 -m grpc_tools.protoc -I . --python_out=. --grpc_python_out=. echo.proto
The first step is to actually write the protobuf message to a file in the wireformat.
The following python code creates a protobuf message and converts it to the wireformat:
def w(filename):
req = echo_pb2.EchoRequest(firstname='john', lastname='doe')
msg = binascii.b2a_hex(req.SerializeToString())
## wireformat
#frame = '00' + hex(len(msg)//2).lstrip("0x").zfill(8) + msg.decode("utf-8")
## raw
frame = msg.decode("utf-8")
print('Raw Encode: ' + frame)
f = open(filename, "wb+")
f.write(binascii.a2b_hex(frame))
f.close()
to invoke this command, simply run:
python3 message_util.py write frame.bin
The above snippet writes the message to a binary file in your local directory. For manual encoding to wireformat starting with just the protobuf:
Start with the protbuf in a file by itself (no encoding done as above; just save a binary file with req.SerializeToString())
$ xxd frame.bin
00000000: 0a04 6a6f 686e 1203 646f 65 ..john..doe
$ xxd -p frame.bin
0a046a6f686e1203646f65
$ echo `xxd -p frame.bin` | xxd -r -p | protoc --decode_raw
1: "john"
2: "doe"
then
edit message_uti.py
, and set to output and save the wireformat message:
>>> msg = '0a046a6f686e1203646f65'
>>> print '00' + hex(len(msg)/2).lstrip("0x").zfill(8) + msg.decode("utf-8")
000000000b0a046a6f686e1203646f65
echo -n '000000000b0a046a6f686e1203646f65' | xxd -r -p - frame.bin
What is contained in frame.bin
is the gRPC wireformat message in its required format:
From: https://grpc.io/docs/guides/wire.html
Delimited-Message → Compressed-Flag Message-Length Message
Compressed-Flag → 0 / 1 # encoded as 1 byte unsigned integer
Message-Length → {length of Message} # encoded as 4 byte unsigned integer
Message → *{binary octet}
compression:
00
message-length =>11(decimal) octets =>b(hex)
0000000b
msg:
0a046a6f686e1203646f65
so the Delimited-Message is
000000000b0a046a6f686e1203646f65
Now run the gRPC server again since we want to transmit this:
You can either run the gRPC server directly if you have gRPC tools available:
cd src
python3 server.py
Now that we have a file 'frame.bin' which is the data we want to transmit and save the output to 'resp.bin':
you can use either curl client:
curl -v --raw -X POST --http2 \
--cacert CA_crt.pem \
--resolve server.domain.com:50051:127.0.0.1 \
-H "Content-Type: application/grpc" \
-H "TE: trailers" \
--data-binary @frame.bin \
https://server.domain.com:50051/echo.EchoServer/SayHello -o resp.bin
The response message is also in formatted so do the inverse of encoding
xxd -p resp.bin
00000000120a1048656c6c6f2c206a6f686e20646f6521
which is:
-
compression : 00
-
message length: 00000012 -> 18 decimal
-
message: 0a1048656c6c6f2c206a6f686e20646f6521
$ echo 0a1048656c6c6f2c206a6f686e20646f6521 | xxd -r -p | protoc --decode_raw
1: "Hello, john doe!"
You can use the message utility file do this decoding using the protobuf decoder to do the delimited message -> proto decoder:
$ python3 message_util.py read resp.bin
Got wire_message: 00000000120a1048656c6c6f2c206a6f686e20646f6521
Proto Decode: Hello, john doe!
def r(filename):
f = open(filename, "rb")
wire_msg = binascii.b2a_hex(f.read())
f.close()
print('Got wire_message: ' + wire_msg)
message_length = wire_msg[2:10]
msg = wire_msg[10:10+int(message_length, 16)*2]
r = echo_pb2.EchoReply()
r.ParseFromString(binascii.a2b_hex(msg))
print('Proto Decode: ' + r.message)
The following simply details invoking the gRPC client/server as normal; nothing to do with curl+gRPC
Assuming you have setup the virtualenv and installed grpc tools
python3 server.py
then
# add server.domain.com to /etc/hosts 127.0.0.1
python3 client.py server.domain.com 50051
You can set some environment variables if you use client.py library for gRPC.
export GRPC_TRACE=all
export GRPC_VERBOSITY=DEBUG
The following traces captures the request and response streams while done over a plain HTTP call:
The gRPC server also has response streaming enabled on the "/echo.EchoServer/SayHelloStream" endpoint.
curl -vv -k --raw --http2 \
-H "Content-Type: application/grpc" \
-H "TE: trailers" \
--data-binary @frame.bin \
https://server.domain.com:50051/echo.EchoServer/SayHelloStream -o resp.bin
where the response is in the format:
xxd resp.bin
00000000: 0000 0000 1f0a 1d53 7472 6561 6d69 6e67 .......Streaming
00000010: 2048 656c 6c6f 2031 202c 206a 6f68 6e20 Hello 1 , john
00000020: 646f 6521 0000 0000 1e0a 1c53 7472 6561 doe!.......Strea
00000030: 6d69 6e67 2048 656c 6c6f 2032 2c20 6a6f ming Hello 2, jo
00000040: 686e 2064 6f65 21 hn doe!
$ xxd -p resp.bin
000000001f
0a1d53747265616d696e672048656c6c6f2031202c206a6f686e20646f6521
000000001e
0a1c53747265616d696e672048656c6c6f20322c206a6f686e20646f6521
$ echo 0a1d53747265616d696e672048656c6c6f2031202c206a6f686e20646f6521 | xxd -r -p | protoc --decode_raw
1: "Streaming Hello 1 , john doe!"
$ echo 0a1c53747265616d696e672048656c6c6f20322c206a6f686e20646f6521 | xxd -r -p | protoc --decode_raw
1: "Streaming Hello 2, john doe!"
Wireshark provides mechanisms to decode protobuf messages given the .proto
file.
Decoding with wireshark for this specific guide involves two steps since we used TLS and will work when used with curl
-
Start gRPC server
-
Start Wireshark Listen on interface
l0
with filtertcp.port=50051
Configure wirshark's TLS preferences to read Master Keys from/tmp/keylog.log
- Instruct curl to output the SSL keys and invoke client We do this so that wireshark can observe the TLS session keys used in the transport
export SSLKEYLOGFILE=/tmp/keylog.log
curl -vv -k --raw --http2 \
-H "Content-Type: application/grpc" \
-H "TE: trailers" \
--data-binary @frame.bin \
https://server.domain.com:50051/echo.EchoServer/SayHelloStream -o resp.bin
- Decode a given protobuf message
Wireshark should decrypt the TLS messages and then with the protobuf decoder, you should be able to see the actual underlying message
You must provide the path to the echo.proto
file contained in the repo: