From: Willy Tarreau Date: Tue, 31 Oct 2017 06:41:55 +0000 (+0100) Subject: MEDIUM: h2: send a GOAWAY frame when dealing with an empty response X-Git-Tag: v1.8-rc1~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1349f020787ee7355c0d088f8054713fa25e069;p=thirdparty%2Fhaproxy.git MEDIUM: h2: send a GOAWAY frame when dealing with an empty response Given that we're processing data produced by haproxy, we know that the situations where haproxy doesn't return anything are : - request timeout with option http-ignore-probes : there's no reason to hit this since we're creating the stream with the request into it ; - tcp-request content reject : this definitely means we want to kill the connection and abort keep-alive and any further processing ; - using /dev/null as the error file to hide an error In practice it appears that using the abort on empty response as a hint to trigger a connection close is very appropriate to continue to give the control over the connection management. This patch thus tries to send a GOAWAY frame with the max_id presented as the last stream ID, then sends an RST_STREAM for the current stream. For the client, this means that the connection must be shut down immediately after processing the last pending streams and that the current stream is aborted. This way it's still possible to force connections to be closed using tcp-request rules. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index 28eb5d802c..07800522e7 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -2168,6 +2168,14 @@ static void h2_shutw(struct conn_stream *cs, enum cs_shw_mode mode) if (h2_send_empty_data_es(h2s) <= 0) return; } else { + /* let's signal a wish to close the connection if no headers + * were seen as this usually means it's a tcp-request rule which + * has aborted the response. + */ + if (!(h2s->h2c->flags & (H2_CF_GOAWAY_SENT|H2_CF_GOAWAY_FAILED)) && + h2c_send_goaway_error(h2s->h2c, h2s) <= 0) + return; + if (h2c_send_rst_stream(h2s->h2c, h2s) <= 0) return; }