haproxy public development tree
Go to file
Willy Tarreau 198b50770d BUG/MINOR: mux-h2: mark the stream as open before processing it not after
When a client doesn't respect the h2 MAX_CONCURRENT_STREAMS setting, we
rightfully send RST_STREAM to it so that the client closes. But the
max_id is only updated on the successful path of h2c_handle_stream_new(),
which may be reentered for partial frames or CONTINUATION frames, and as
a result we don't increment it if an extraneous stream ID is rejected.

Normally it doesn't have any consequence. But on a POST it can have some
if the DATA frame immediately follows the faulty HEADERS frame: with
max_id not incremented, the stream remains in IDLE state, and the DATA
frame now lands in an invalid state from a protocol's perspective, which
must lead to a connection error instead of a stream error.

This can be tested by modifying the code to send an arbitrarily large
MAX_CONCURRENT_STREAM setting and using h2load to send more concurrent
streams than configured: with a GET, only a tiny fraction of them will
report an error (e.g. 101 streams for 100 accepted will result in ~1%
failure), but when sending data, most of the streams will be reported
as failed because the connection will be closed. By updating the max_id
earlier, the stream is now considered as closed when the DATA frame
arrives and it's silently discarded.

This must be backported to all versions but only if the code is exactly
the same. Under no circumstance this ID may be updated for a partial frame
(i.e. only update it before or just after calling h2c_frt_steam_new()).
2022-05-12 09:29:58 +02:00
.github
addons
admin
dev
doc MEDIUM: ssl: ignore dotfiles when loading a dir w/ crt 2022-05-09 10:41:51 +02:00
examples
include BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket 2022-05-11 15:20:10 +02:00
reg-tests
scripts
src BUG/MINOR: mux-h2: mark the stream as open before processing it not after 2022-05-12 09:29:58 +02:00
tests
.cirrus.yml
.gitattributes
.gitignore
.mailmap
.travis.yml
BRANCHES
CHANGELOG [RELEASE] Released version 2.6-dev9 2022-05-08 11:44:15 +02:00
CONTRIBUTING
INSTALL DOC: install: update gcc version requirements 2022-05-11 11:31:15 +02:00
LICENSE
MAINTAINERS
Makefile BUILD: makefile: add -Wfatal-errors to the default flags 2022-05-11 11:32:41 +02:00
README
ROADMAP
SUBVERS
VERDATE [RELEASE] Released version 2.6-dev9 2022-05-08 11:44:15 +02:00
VERSION [RELEASE] Released version 2.6-dev9 2022-05-08 11:44:15 +02:00

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)