Le 22/05/2026 à 7:58 PM, Chad Lavoie a écrit :
commit 72fd357814e1 ("MEDIUM: mux-h1: Return an error on h2 upgrade attempts if not allowed") added an h1_report_glitch() call on the new 405 path but exits via "goto no_parsing", which skips the session_add_glitch_ctr() call at the end of the parse block. As a result fc_glitches increments correctly but the per-session stick counters never see it, breaking sc_glitch_cnt-based rate limiting of the H2-preface-over-H1 abuse pattern. No backport needed beyond the branches that took 72fd357814. --- src/mux_h1.c | 2 ++ 1 file changed, 2 insertions(+)diff --git a/src/mux_h1.c b/src/mux_h1.c index ec97d020d..996cc6320 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -4210,6 +4210,8 @@ static int h1_process(struct h1c * h1c) TRACE_ERROR("H2 upgrade not allowed", H1_EV_H1C_WAKE|H1_EV_H1C_ERR); h1_report_glitch(h1c, 1, "H2 upgrade not allowed"); h1_handle_parsing_error(h1c); + if (h1c->glitches != prev_glitches && !(h1c->flags & H1C_F_IS_BACK)) + session_add_glitch_ctr(sess, h1c->glitches - prev_glitches); goto no_parsing; } }
Thanks Chad, now merged. I sightly modified the patch. Instead of duplicating the call to session_add_glitch_ctr(), I moved the "no_parsing" label.
-- Christopher Faulet
