nginx.git/src/http/v2, branch release-1.19.0 nginx HTTP/2: invalid connection preface logging (ticket #1981). 2020-05-25T15:33:42+00:00 Maxim Dounin mdounin@mdounin.ru 2020-05-25T15:33:42+00:00 4056ce4f4ee4d80d41c56af8c1b4fd41b76144c8 Previously, invalid connection preface errors were only logged at debug level, providing no visible feedback, in particular, when a plain text HTTP/2 listening socket is erroneously used for HTTP/1.x connections. Now these are explicitly logged at the info level, much like other client-related errors. 
Previously, invalid connection preface errors were only logged at debug
level, providing no visible feedback, in particular, when a plain text
HTTP/2 listening socket is erroneously used for HTTP/1.x connections.
Now these are explicitly logged at the info level, much like other
client-related errors.
HTTP/2: fixed socket leak with an incomplete HEADERS frame. 2020-02-05T13:29:23+00:00 Sergey Kandaurov pluknet@nginx.com 2020-02-05T13:29:23+00:00 16168dcb01ed5dbf6365be0d9ea0da68bf479194 A connection could get stuck without timers if a client has partially sent the HEADERS frame such that it was split on the individual header boundary. In this case, it cannot be processed without the rest of the HEADERS frame. The fix is to call ngx_http_v2_state_headers_save() in this case. Normally, it would be called from the ngx_http_v2_state_header_block() handler on the next iteration, when there is not enough data to continue processing. This isn't the case if recv_buffer became empty and there's no more data to read. 
A connection could get stuck without timers if a client has partially sent
the HEADERS frame such that it was split on the individual header boundary.
In this case, it cannot be processed without the rest of the HEADERS frame.

The fix is to call ngx_http_v2_state_headers_save() in this case.  Normally,
it would be called from the ngx_http_v2_state_header_block() handler on the
next iteration, when there is not enough data to continue processing.  This
isn't the case if recv_buffer became empty and there's no more data to read.
HTTP/2: removed ngx_debug_point() call. 2020-01-14T11:20:08+00:00 Daniil Bondarev bondarev@amazon.com 2020-01-14T11:20:08+00:00 60f648f035fa05667b9ccbbea1b3a60d83534d9a      With the recent change to prevent frames flood in d4448892a294, nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR whenever flood is detected, causing nginx aborting or stopping if the debug_points directive is used in nginx config. 
    
With the recent change to prevent frames flood in d4448892a294,
nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR
whenever flood is detected, causing nginx aborting or stopping if
the debug_points directive is used in nginx config.
HTTP/2: introduced separate handler to retry stream close. 2019-12-23T18:25:21+00:00 Maxim Dounin mdounin@mdounin.ru 2019-12-23T18:25:21+00:00 810559665a704957431b387572af99a82039162a When ngx_http_v2_close_stream_handler() is used to retry stream close after queued frames are sent, client timeouts on the stream can be logged multiple times and/or in addition to already happened errors. To resolve this, separate ngx_http_v2_retry_close_stream_handler() was introduced, which does not try to log timeouts. 
When ngx_http_v2_close_stream_handler() is used to retry stream close
after queued frames are sent, client timeouts on the stream can be
logged multiple times and/or in addition to already happened errors.
To resolve this, separate ngx_http_v2_retry_close_stream_handler()
was introduced, which does not try to log timeouts.
HTTP/2: fixed socket leak with queued frames (ticket #1689). 2019-12-23T18:25:17+00:00 Maxim Dounin mdounin@mdounin.ru 2019-12-23T18:25:17+00:00 49709f75b262c483550cc826471839f624765ab1 If a stream is closed with queued frames, it is possible that no further write events will occur on the stream, leading to the socket leak. To fix this, the stream's fake connection read handler is set to ngx_http_v2_close_stream_handler(), to make sure that finalizing the connection with ngx_http_v2_finalize_connection() will be able to close the stream regardless of the current number of queued frames. Additionally, the stream's fake connection fc->error flag is explicitly set, so ngx_http_v2_handle_stream() will post a write event when queued frames are finally sent even if stream flow control window is exhausted. 
If a stream is closed with queued frames, it is possible that no further
write events will occur on the stream, leading to the socket leak.
To fix this, the stream's fake connection read handler is set to
ngx_http_v2_close_stream_handler(), to make sure that finalizing the
connection with ngx_http_v2_finalize_connection() will be able to
close the stream regardless of the current number of queued frames.

Additionally, the stream's fake connection fc->error flag is explicitly
set, so ngx_http_v2_handle_stream() will post a write event when queued
frames are finally sent even if stream flow control window is exhausted.
HTTP/2: fixed worker_shutdown_timeout. 2019-09-23T12:45:36+00:00 Ruslan Ermilov ru@nginx.com 2019-09-23T12:45:36+00:00 6052881a987fc5cd39c8666a9b39ddfeadc895ee 






HTTP/2: fixed possible alert about left open socket on shutdown.
2019-09-23T12:45:32+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-23T12:45:32+00:00

f878492af35224a4ade84f6f6c15aca2892d3821

This could happen when graceful shutdown configured by worker_shutdown_timeout
times out and is then followed by another timeout such as proxy_read_timeout.
In this case, the HEADERS frame is added to the output queue, but attempt to
send it fails (due to c->error forcibly set during graceful shutdown timeout).
This triggers request finalization which attempts to close the stream.  But the
stream cannot be closed because there is a frame in the output queue, and the
connection cannot be finalized.  This leaves the connection open without any
timer events leading to alert.

The fix is to post write event when sending output queue fails on c->error.
That will finalize the connection.





This could happen when graceful shutdown configured by worker_shutdown_timeout
times out and is then followed by another timeout such as proxy_read_timeout.
In this case, the HEADERS frame is added to the output queue, but attempt to
send it fails (due to c->error forcibly set during graceful shutdown timeout).
This triggers request finalization which attempts to close the stream.  But the
stream cannot be closed because there is a frame in the output queue, and the
connection cannot be finalized.  This leaves the connection open without any
timer events leading to alert.

The fix is to post write event when sending output queue fails on c->error.
That will finalize the connection.







HTTP/2: traffic-based flood detection.
2019-09-18T17:28:12+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-09-18T17:28:12+00:00

af0e284b967d0ecff1abcdce6558ed4635e3e757

With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field.  As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.





With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field.  As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.







HTTP/2: switched back to RST_STREAM with NO_ERROR.
2019-09-18T17:28:09+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-09-18T17:28:09+00:00

4d4201fafd46bb97c29a9c86733331d8e7479f54

In 8df664ebe037, we've switched to maximizing stream window instead
of sending RST_STREAM.  Since then handling of RST_STREAM with NO_ERROR
was fixed at least in Chrome, hence we switch back to using RST_STREAM.

This allows more effective rejecting of large bodies, and also minimizes
non-payload traffic to be accounted in the next patch.





In 8df664ebe037, we've switched to maximizing stream window instead
of sending RST_STREAM.  Since then handling of RST_STREAM with NO_ERROR
was fixed at least in Chrome, hence we switch back to using RST_STREAM.

This allows more effective rejecting of large bodies, and also minimizes
non-payload traffic to be accounted in the next patch.







HTTP/2: close connection on zero WINDOW_UPDATE.
2019-09-10T12:33:38+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-10T12:33:38+00:00

c3f8098712d16e17a6577e203a8c0dc76331a1ee

Don't waste server resources by sending RST_STREAM frames.  Instead,
reject WINDOW_UPDATE frames with invalid zero increment by closing
connection with PROTOCOL_ERROR.





Don't waste server resources by sending RST_STREAM frames.  Instead,
reject WINDOW_UPDATE frames with invalid zero increment by closing
connection with PROTOCOL_ERROR.