-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upstream H2 connection reset when sending invalid TE header value #30362
Comments
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
@alyssawilk I see you created a PR for this issue. Is that something that will realistically be released in the next few months? Also can we keep this issue from being closed by the "stalebot"? |
tagged nostalebot. it's in my queue but I've also been on leave so when it failed CI and I couldn't repro locally it got punted down the priority queue. I'll try to knock it out in December so it makes the January release |
Changes Envoy to clear TE header by default, as it is a hop by hop header and should not be forwarded on. Risk Level: medium (behavioral change) Testing: new e2e test Docs Changes: n/a Release Notes: inline. [Optional Runtime guard:] yes. Fixes #30362 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
follow-up PR #32255 |
Title: Upstream H2 connection reset when sending invalid TE header value
Description:
We have a scenario where a client using HTTP/1.1 will receive a 503 error if the upstream is using H2 and if the request contains the
TE
header with a value other thantrailers
. This is how the proxies are setup between the client and the application:When this happens the connection appears to be reset and any other client requests using the same H2 connection seems to also be reset.
The envoy proxy I'm have control over is the first in the chain and that is running v1.27.2, and I expected that envoy would not forward HTTP headers that are not valid for HTTP/2 to the upstream.
Repro steps:
I've created this docker compose to simulate the problem:
To reproduce I used this cURL request:
curl -v --http1.1 -H 'te: chunked;q=1.0' 'localhost:9090/anything/testing?test=1'
and get this response:
If I remove the
"te: chunked;q=1.0"
or replace the value withtrailers
then the request succeeds with HTTP 200 status code as expected.Config:
These are the config files for each envoy instance in the above docker-compose file.
envoy1.yaml
envoy2.yaml
Logs:
The first envoy proxy in the request path doesn't produce any error log entries but I do have this entry from the second envoy proxy though.
[2023-10-21 02:49:06.149][31][debug][http2] [source/common/http/http2/codec_impl.cc:1250] [Tags: "ConnectionId":"0"] invalid http2: Invalid HTTP header field was received: frame type: 1, stream: 3, name: [te], value: [chunked;q=1.0]
Here are the complete logs: trace_logs.txt
The text was updated successfully, but these errors were encountered: