mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-24 05:32:21 +00:00
haproxy public development tree
198b50770d
When a client doesn't respect the h2 MAX_CONCURRENT_STREAMS setting, we rightfully send RST_STREAM to it so that the client closes. But the max_id is only updated on the successful path of h2c_handle_stream_new(), which may be reentered for partial frames or CONTINUATION frames, and as a result we don't increment it if an extraneous stream ID is rejected. Normally it doesn't have any consequence. But on a POST it can have some if the DATA frame immediately follows the faulty HEADERS frame: with max_id not incremented, the stream remains in IDLE state, and the DATA frame now lands in an invalid state from a protocol's perspective, which must lead to a connection error instead of a stream error. This can be tested by modifying the code to send an arbitrarily large MAX_CONCURRENT_STREAM setting and using h2load to send more concurrent streams than configured: with a GET, only a tiny fraction of them will report an error (e.g. 101 streams for 100 accepted will result in ~1% failure), but when sending data, most of the streams will be reported as failed because the connection will be closed. By updating the max_id earlier, the stream is now considered as closed when the DATA frame arrives and it's silently discarded. This must be backported to all versions but only if the code is exactly the same. Under no circumstance this ID may be updated for a partial frame (i.e. only update it before or just after calling h2c_frt_steam_new()). |
||
---|---|---|
.github | ||
addons | ||
admin | ||
dev | ||
doc | ||
examples | ||
include | ||
reg-tests | ||
scripts | ||
src | ||
tests | ||
.cirrus.yml | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.travis.yml | ||
BRANCHES | ||
CHANGELOG | ||
CONTRIBUTING | ||
INSTALL | ||
LICENSE | ||
MAINTAINERS | ||
Makefile | ||
README | ||
ROADMAP | ||
SUBVERS | ||
VERDATE | ||
VERSION |
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)