Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 54310dcde1b8a8ef0fd0b84b3c201dedd42e8f20
commit54310dcde1b8a8ef0fd0b84b3c201dedd42e8f20[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Fri Jan 12 18:36:57 2024 +0100
committerChristopher Faulet <cfaulet@haproxy.com>Wed Jan 17 14:31:47 2024 +0100
treea984b21281a5152373e478961580d97adc465beb
parent61e9109ad739416cf6610225964f77f6b0705688 [diff]
BUG/MINOR: mux-h2: also count streams for refused ones

There are a few places where we can reject an incoming stream based on
technical errors such as decoded headers that are too large for the
internal buffers, or memory allocation errors. In this case we send
an RST_STREAM to abort the request, but the total stream counter was
not incremented. That's not really a problem, until one starts to try
to enforce a total stream limit using tune.h2.fe.max-total-streams,
and which will not count such faulty streams. Typically a client that
learns too large cookies and tries to replay them in a way that
overflows the maximum buffer size would be rejected and depending on
how they're implemented, they might retry forever.

This patch removes the stream count increment from h2s_new() and moves
it instead to the calling functions, so that it translates the decision
to process a new stream instead of a successfully decoded stream. The
result is that such a bogus client will now be blocked after reaching
the total stream limit.

This can be validated this way:

  global
        tune.h2.fe.max-total-streams 128
        expose-experimental-directives
        trace h2 sink stdout
        trace h2 level developer
        trace h2 verbosity complete
        trace h2 start now

  frontend h
        bind :8080
        mode http
        redirect location /

Sending this will fill frames with 15972 bytes of cookie headers that
expand to 16500 for storage+index once decoded, causing "message too large"
events:

  (dev/h2/mkhdr.sh -t p;dev/h2/mkhdr.sh -t s;
   for sid in {0..1000}; do
     dev/h2/mkhdr.sh  -t h -i $((sid*2+1)) -f es,eh \
       -R "828684410f7777772e6578616d706c652e636f6d \
           $(for i in {1..66}; do
             echo -n 60 7F 73 433d $(for j in {1..24}; do
               echo -n 2e313233343536373839; done);
            done) ";
   done) | nc 0 8080

Now it properly stops after sending 128 streams.

This may be backported wherever commit 983ac4397 ("MINOR: mux-h2:
support limiting the total number of H2 streams per connection") is
present, since without it, that commit is less effective.

(cherry picked from commit 7021a8c4d8bd8b280d04f481a153a1487deb08d1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 4216dfd7197dfe9e03c46722ca8e94d9e88ac8aa)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: a984b21281a5152373e478961580d97adc465beb
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. BSDmakefile
  19. CHANGELOG
  20. CONTRIBUTING
  21. INSTALL
  22. LICENSE
  23. MAINTAINERS
  24. Makefile
  25. README
  26. SUBVERS
  27. VERDATE
  28. VERSION