BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks
On H3 DATA frame transfer from the client, some streams are not properly
closed by the upper layer, despite all transfer operation completed.
Data integrity is not impacted but this will prevent the stream timeout
to fire and thus keep the owner session opened.
In most cases, sessions are closed on QUIC idle timeout, but it may stay
forever if a client emits PING frames at a regular interval to maintain
it.
This bug is caused by a missing EOI stream desc flag on certain
condition in qc_rcv_buf(). To be triggered, we have to use the
optimization when conn-stream buffer is empty and can be swapped with
qcs buffer. The problem is that it will skip the function body for
default copy but also a condition to check if EOI must be set. Thus this
bug does not happens for every H3 post requets : it requires that
conn-stream buffer is empty on last qc_rcv_buf() invocation.
This was reproduced more frequently when using ngtcp2 client with one or
multiple streams :
$ ngtcp2-client -m POST -d ~/infra/html/10K 127.0.0.1 20443 \
http://127.0.0.1:20443/post
This may fix at least partially github issue #1801.
This must be backported up to 2.6.
diff --git a/src/mux_quic.c b/src/mux_quic.c
index 055c82d..d485157 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -1916,6 +1916,10 @@
cs_htx = htx_from_buf(buf);
if (htx_is_empty(cs_htx) && htx_used_space(qcs_htx) <= count) {
+ /* EOM will be copied to cs_htx via b_xfer(). */
+ if (qcs_htx->flags & HTX_FL_EOM)
+ fin = 1;
+
htx_to_buf(cs_htx, buf);
htx_to_buf(qcs_htx, &qcs->rx.app_buf);
b_xfer(buf, &qcs->rx.app_buf, b_data(&qcs->rx.app_buf));
@@ -1945,6 +1949,7 @@
if (se_fl_test(qcs->sd, SE_FL_ERR_PENDING))
se_fl_set(qcs->sd, SE_FL_ERROR);
+ /* Set end-of-input if FIN received and all data extracted. */
if (fin)
se_fl_set(qcs->sd, SE_FL_EOI);