Copilot commented on code in PR #13351:
URL: https://github.com/apache/trafficserver/pull/13351#discussion_r3507603807
##########
src/proxy/http2/Http2ConnectionState.cc:
##########
@@ -510,6 +533,15 @@ Http2ConnectionState::rcv_headers_frame(const Http2Frame
&frame)
"recv data bad payload length");
}
+ // Discard an interim (1xx) response from the
+ // origin and wait for the final response on this stream.
+ if (is_outbound_interim_response(stream)) {
+ Http2StreamDebug(this->session, stream_id, "received interim 1xx
response from origin; awaiting final response");
+ stream->reset_receive_headers();
+ this->session->interrupt_reading_frames();
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+ }
Review Comment:
When discarding an interim 1xx origin response, the stream's decoded headers
are reset but the previously allocated `header_blocks` buffer is not
freed/reset. The next (final) response HEADERS will overwrite
`stream->header_blocks` without freeing the interim buffer, leaking memory (and
potentially repeated for multiple interim responses). Free and reset
`header_blocks`/`header_blocks_length` alongside `reset_receive_headers()` when
handling an interim response.
##########
src/proxy/http2/Http2ConnectionState.cc:
##########
@@ -1125,6 +1166,15 @@ Http2ConnectionState::rcv_continuation_frame(const
Http2Frame &frame)
"recv data bad payload length");
}
+ // Discard an interim (1xx) response from the
+ // origin and wait for the final response on this stream.
+ if (is_outbound_interim_response(stream)) {
+ Http2StreamDebug(this->session, stream_id, "received interim 1xx
response from origin; awaiting final response");
+ stream->reset_receive_headers();
+ this->session->interrupt_reading_frames();
+ return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_NONE);
+ }
+
Review Comment:
Same as the HEADERS path: when discarding an interim 1xx origin response
after CONTINUATION decoding, `header_blocks` is left allocated. The next header
block will overwrite `stream->header_blocks` without freeing, leaking memory
for each interim response. Free/reset `header_blocks` and
`header_blocks_length` here as well.
##########
tests/gold_tests/h2/h2_interim_origin.py:
##########
@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+"""An HTTP/2 (TLS) origin that sends a 1xx interim response before the final
200.
+
+Proxy Verifier cannot emit interim/1xx responses, so this hand-frames HTTP/2
so we
+can exercise ATS origin-side handling of 1xx interim responses.
+
+Modes (chosen by --mode):
+ single : 103 Early Hints, then 200 (the deepwiki/Vercel case)
+ multi : 103, 103, 100, then 200 (multiple sequential
interims)
+ continue : 100 Continue, then 200
+ cont : a single 103 whose header block is split across
HEADERS+CONTINUATION,
+ then 200 (multi-frame interim)
+ none : 200 only (control; must always pass)
+"""
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import socket
+import ssl
+import struct
+import subprocess
+import sys
+import tempfile
+import threading
+
+BODY = b"interim-origin-body"
+
+
+def frame(ftype, flags, sid, payload):
+ return struct.pack(">I", len(payload))[1:] + bytes([ftype, flags]) +
struct.pack(">I", sid) + payload
+
+
+def lit(name, value):
+ # HPACK literal header field without indexing, new name, no Huffman.
+ n = name.encode()
+ v = value.encode()
+ return b"\x00" + bytes([len(n)]) + n + bytes([len(v)]) + v
+
+
+def final_block():
+ return b"\x88" + lit("content-type", "text/plain") # :status 200 (static
idx 8)
+
+
+def interim_block(status):
+ return lit(":status", status) + lit("link", "</style.css>; rel=preload;
as=style")
+
+
+def send_response(sock, mode, sid):
+ if mode == "single":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ elif mode == "multi":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("100")))
+ elif mode == "continue":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("100")))
+ elif mode == "cont":
+ blk = interim_block("103")
+ half = len(blk) // 2
+ sock.sendall(frame(0x1, 0x0, sid, blk[:half])) # HEADERS, no
END_HEADERS
+ sock.sendall(frame(0x9, 0x4, sid, blk[half:])) # CONTINUATION,
END_HEADERS
+ # mode "none": no interim
+ sock.sendall(frame(0x1, 0x4, sid, final_block())) # final HEADERS,
END_HEADERS
+ sock.sendall(frame(0x0, 0x1, sid, BODY)) # DATA, END_STREAM
+
+
+def handle(sock, mode):
+ sock.sendall(frame(0x4, 0x0, 0, b"")) # server SETTINGS
+ sock.sendall(frame(0x4, 0x1, 0, b"")) # SETTINGS ACK
Review Comment:
This test origin sends a SETTINGS frame with the ACK flag immediately,
before it has received the client's SETTINGS frame. RFC 7540 requires SETTINGS
ACK to be sent only in response to a received SETTINGS; sending it unprompted
can be treated as a protocol error and could make the test flaky depending on
timing. Removing the premature ACK keeps the handshake ordering valid.
##########
tests/gold_tests/h2/http2_origin_interim_response.test.py:
##########
@@ -0,0 +1,89 @@
+'''
+Verify ATS handles HTTP/2 1xx interim responses from the origin.
+'''
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import sys
+from ports import get_port
+
+Test.Summary = '''
+Verify ATS correctly handles 1xx interim responses (e.g. 103 Early Hints)
received
+from an origin over HTTP/2, returning the final 200 to the client.
+'''
+Test.ContinueOnFail = True
+
+ORIGIN = os.path.join(Test.TestDirectory, 'h2_interim_origin.py')
+
+# Each mode is a distinct origin behavior, routed by request path.
+# single : 103 then 200 (the deepwiki/Vercel case)
+# multi : 103,103,100 then 200 (multiple sequential interims)
+# continue : 100 then 200
+# cont : 103 split across HEADERS+CONTINUATION, then 200
+# none : 200 only (control)
+MODES = ['single', 'multi', 'continue', 'cont', 'none']
+
+ts = Test.MakeATSProcess("ts", enable_tls=True)
+ts.addDefaultSSLFiles()
+ts.Disk.ssl_multicert_yaml.AddLines(
+ """
+ssl_multicert:
+ - dest_ip: "*"
+ ssl_cert_name: server.pem
+ ssl_key_name: server.key
+""".split("\n"))
+
+# Create an origin process per mode and build the remap table from their ports.
+origins = {}
+remap_lines = []
+for mode in MODES:
+ origin = Test.Processes.Process(f"origin-{mode}")
+ port = get_port(origin, f"port_{mode}")
+ origin.Command = f"{sys.executable} {ORIGIN} 127.0.0.1 {port} --mode
{mode}"
+ origin.Ready = When.PortOpenv4(port)
+ origins[mode] = origin
+ remap_lines.append(f"map http://ats.test/{mode} https://127.0.0.1:{port}/")
+
+ts.Disk.remap_config.AddLines(remap_lines)
+ts.Disk.records_config.update(
+ {
+ 'proxy.config.ssl.server.cert.path': ts.Variables.SSLDir,
+ 'proxy.config.ssl.server.private_key.path': ts.Variables.SSLDir,
+ 'proxy.config.ssl.client.alpn_protocols': 'h2,http/1.1',
+ 'proxy.config.ssl.client.verify.server.policy': 'PERMISSIVE',
+ 'proxy.config.http.server_session_sharing.pool': 'thread',
+ 'proxy.config.exec_thread.autoconfig.enabled': 0,
+ 'proxy.config.exec_thread.limit': 4,
+ 'proxy.config.diags.debug.enabled': 1,
+ 'proxy.config.diags.debug.tags': 'http2',
+ })
+
+first = True
+for mode in MODES:
+ tr = Test.AddTestRun(f"h2 origin interim response: mode={mode}")
+ if first:
+ for m in MODES:
+ tr.Processes.Default.StartBefore(origins[m])
+ tr.Processes.Default.StartBefore(ts)
+ first = False
+ tr.MakeCurlCommand(f'-v -s -H "Host: ats.test"
http://127.0.0.1:{ts.Variables.port}/{mode}', ts=ts)
+ tr.Processes.Default.ReturnCode = 0
+ tr.StillRunningAfter = ts
+ tr.Processes.Default.Streams.All += Testers.ContainsExpression(
Review Comment:
The origin helper processes are started only in the first test run, but
later runs don't mark them as `StillRunningAfter`. Other gold tests that reuse
long-lived server processes across runs add them to `StillRunningAfter` in each
run; otherwise the harness may terminate them at the end of a run, causing
subsequent modes to fail without restarting the origins.
##########
tests/gold_tests/h2/h2_interim_origin.py:
##########
@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+"""An HTTP/2 (TLS) origin that sends a 1xx interim response before the final
200.
+
+Proxy Verifier cannot emit interim/1xx responses, so this hand-frames HTTP/2
so we
+can exercise ATS origin-side handling of 1xx interim responses.
+
+Modes (chosen by --mode):
+ single : 103 Early Hints, then 200 (the deepwiki/Vercel case)
+ multi : 103, 103, 100, then 200 (multiple sequential
interims)
+ continue : 100 Continue, then 200
+ cont : a single 103 whose header block is split across
HEADERS+CONTINUATION,
+ then 200 (multi-frame interim)
+ none : 200 only (control; must always pass)
+"""
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import socket
+import ssl
+import struct
+import subprocess
+import sys
+import tempfile
+import threading
+
+BODY = b"interim-origin-body"
+
+
+def frame(ftype, flags, sid, payload):
+ return struct.pack(">I", len(payload))[1:] + bytes([ftype, flags]) +
struct.pack(">I", sid) + payload
+
+
+def lit(name, value):
+ # HPACK literal header field without indexing, new name, no Huffman.
+ n = name.encode()
+ v = value.encode()
+ return b"\x00" + bytes([len(n)]) + n + bytes([len(v)]) + v
+
+
+def final_block():
+ return b"\x88" + lit("content-type", "text/plain") # :status 200 (static
idx 8)
+
+
+def interim_block(status):
+ return lit(":status", status) + lit("link", "</style.css>; rel=preload;
as=style")
+
+
+def send_response(sock, mode, sid):
+ if mode == "single":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ elif mode == "multi":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("103")))
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("100")))
+ elif mode == "continue":
+ sock.sendall(frame(0x1, 0x4, sid, interim_block("100")))
+ elif mode == "cont":
+ blk = interim_block("103")
+ half = len(blk) // 2
+ sock.sendall(frame(0x1, 0x0, sid, blk[:half])) # HEADERS, no
END_HEADERS
+ sock.sendall(frame(0x9, 0x4, sid, blk[half:])) # CONTINUATION,
END_HEADERS
+ # mode "none": no interim
+ sock.sendall(frame(0x1, 0x4, sid, final_block())) # final HEADERS,
END_HEADERS
+ sock.sendall(frame(0x0, 0x1, sid, BODY)) # DATA, END_STREAM
+
+
+def handle(sock, mode):
+ sock.sendall(frame(0x4, 0x0, 0, b"")) # server SETTINGS
+ sock.sendall(frame(0x4, 0x1, 0, b"")) # SETTINGS ACK
+ preface = b"PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
+ buf = b""
+ preface_done = False
+ while True:
+ data = sock.recv(65535)
+ if not data:
+ return
+ buf += data
+ if not preface_done:
+ if len(buf) < len(preface):
+ continue
+ buf = buf[len(preface):]
+ preface_done = True
+ while len(buf) >= 9:
+ ln = int.from_bytes(buf[0:3], "big")
+ if len(buf) < 9 + ln:
+ break
+ ftype = buf[3]
+ sid = int.from_bytes(buf[5:9], "big") & 0x7FFFFFFF
+ buf = buf[9 + ln:]
+ if ftype == 0x1: # a request HEADERS -> respond on the same stream
+ send_response(sock, mode, sid)
Review Comment:
After removing the premature SETTINGS ACK, the origin should still ACK the
client's SETTINGS frame when it is received (RFC 7540 ยง6.5.3). Adding a minimal
SETTINGS handler here makes the helper origin more protocol-correct and less
timing-dependent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]