git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 18 Oct 2024 15:46:06 +0000 (17:46 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Mon, 21 Oct 2024 09:08:27 +0000 (11:08 +0200)
commit	adf76aa501f7859774b745eca45fce35d40ba820
tree	8938d23777fd53ec53d04e8be7cf60b51c7afb68	tree
parent	1cae481c4cd406546b3fd5bab4a83cf12e2d3f6a	commit \| diff

BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent

A stream may be shut without any HTX EOM reported. This is the case for
QCS instances flagged with QC_SF_UNKNOWN_PL_LENGTH. In this case, shut
is conducted with an empty FIN emission instead of a RESET_STREAM. This
has been implemented since the following patch :

24962dd1784dd22babc8da09a5fc8769617f89e3
BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length

However, in case of HTTP/3, an empty FIN should only be done after a
full message is emitted, which requires a HEADERS frame. If an empty FIN
is emitted without it, client may interpret this as invalid and close
the connection. To prevent this, fallback to a RESET_STREAM emission if
not data were emitted on the stream.

This was reproduced using ngtcp2-client with 10% loss (-r 0.1) on a
remote host, with httpterm request "/?s=100k&C=1&b=0&P=400". An error
ERR_H3_FRAME_UNEXPECTED is returned by ngtcp2-client when the bug occurs.

Note that this change is incomplete. The message validity depends solely
on the application protocol in use. As such, a new app_ops callback
should be implemented to ensure the stream is closed accordingly.
However, this first patch ensures that at least HTTP/3 case is valid
while keeping a minimal backport process.

This should be backported up to 2.8.