File streams interrupted with Apache 2.4.35

[pesc]

Hi

Not sure if I'm at the right place but I have a problem with h2 since the Apache 2.4.35 update:

t=39441 [st= 757]    HTTP2_SESSION_RECV_HEADERS
                     --> fin = false
                     --> :status: 200

                         date: Tue, 09 Oct 2018 08:32:52 GMT
                         server: Apache/2.4
                         expires: Thu, 19 Nov 1981 08:52:00 GMT
                         cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                         pragma: no-cache
                         access-control-allow-origin: *
                         access-control-allow-methods: GET, POST,PUT
                         content-type: text/html; charset=UTF-8
                     --> stream_id = 87
t=39441 [st= 757]    HTTP2_SESSION_RECV_DATA
                     --> fin = false
                     --> size = 2
                     --> stream_id = 87
t=39441 [st= 757]    HTTP2_SESSION_UPDATE_RECV_WINDOW
                     --> delta = -2
                     --> window_size = 15728638
t=39441 [st= 757]    HTTP2_SESSION_RECV_DATA
                     --> fin = true
                     --> size = 0
                     --> stream_id = 87
t=39441 [st= 757]    HTTP2_SESSION_UPDATE_RECV_WINDOW
                     --> delta = 2
                     --> window_size = 15728640
t=44652 [st=5968]    HTTP2_SESSION_RECV_GOAWAY
                     --> active_streams = 0
                     --> debug_data = "timeout"
                     --> error_code = "0 (NO_ERROR)"
                     --> last_accepted_stream_id = 87
                     --> unclaimed_streams = 0
t=44652 [st=5968]    HTTP2_SESSION_CLOSE
                     --> description = "Finished going away"
                     --> net_error = 0 (?)
t=44652 [st=5968]    HTTP2_SESSION_POOL_REMOVE_SESSION
t=44653 [st=5969] -HTTP2_SESSION

Does it have something to do with "low: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)"?

Greetings Pascal

[icing]

Trying to parse this. You receive a complete response to stream 757 and then, after 5 seconds, the connection is closed. Am I reading this right?

There were changes related to connection timeout handling and idleness. Connected to the issue, but there were other fixes in connection timeout as well.

The 5 seconds is the default for KeepAliveTimeout in Apache. What behaviour do you expect and/or does it change when you set another keepalive timeout?

[pesc]

Yes that's right. In Chrome I get an "net::ERR_CONNECTION_CLOSED" error. And when I disable http2/spdy in my browser or disable h2 in Apache it works without problems. And it just started after updating from Apache 2.4.34 to 2.4.35.

[icing]

Will this go away if you set

KeepAliveTimeout 120

?

[pesc]

t=  1029 [st=    80]  HTTP2_SESSION_RECV_HEADERS
                      --> fin = false
                      --> :status: 200
                          date: Wed, 10 Oct 2018 07:42:54 GMT
                          server: Apache/2.4
                          access-control-allow-origin: *
                          access-control-allow-methods: GET, POST,PUT
                          content-type: text/html; charset=UTF-8
                      --> stream_id = 767
t=  1029 [st=    80]  HTTP2_SESSION_RECV_DATA
                      --> fin = false
                      --> size = 1291
                      --> stream_id = 767
t=  1029 [st=    80]  HTTP2_SESSION_UPDATE_RECV_WINDOW
                      --> delta = -1291
                      --> window_size = 15727349
t=  1048 [st=    99]  HTTP2_SESSION_UPDATE_RECV_WINDOW
                      --> delta = 1291
                      --> window_size = 15728640
t=121343 [st=120394]  HTTP2_SESSION_RECV_GOAWAY
                      --> active_streams = 1
                      --> debug_data = "timeout"
                      --> error_code = "0 (NO_ERROR)"
                      --> last_accepted_stream_id = 767
                      --> unclaimed_streams = 0
t=121347 [st=120398]  HTTP2_SESSION_CLOSE
                      --> description = "Connection closed"
                      --> net_error = -100 (ERR_CONNECTION_CLOSED)
t=121347 [st=120398]  HTTP2_SESSION_POOL_REMOVE_SESSION
t=121347 [st=120398] -HTTP2_SESSION

Same thing, but my browser tab is freezed for the 120 seconds

[icing]

Do you have a URL where I can try that with chrome?

[icing]

Upon looking at that second log, I see that the stream is not closed. That would explain the hanging. In your first example the --> fin = true was there.

[icing]

More questions: is this a static file or html generated by some php/cgi backend? (See #167 for another issue with missing fin)

[icing]

And one more: I could really use a error_log at LogLevel http2:trace2 for such a request. :-D
(Mail it to icing at apache.org, in case data may be sensitive)

[pesc]

Do you have a URL where I can try that with chrome?

Not right now. Trying to get a public instance of it

More questions: is this a static file or html generated by some php/cgi backend? (See #167 for another issue with missing fin)

It's generated by php.

And one more: I could really use a error_log at LogLevel http2:trace2 for such a request. :-D
(Mail it to icing at apache.org, in case data may be sensitive)

Ok, I'll give it a try.

[pesc]

And one more: I could really use a error_log at LogLevel http2:trace2 for such a request. :-D
(Mail it to icing at apache.org, in case data may be sensitive)

I have just sent the e-mail

[icing]

Thanks! Just released a (hopefully correct) fix...

[pesc]

Problem seems gone with "mod_http2 (v1.11.3-git.." 👍

[icing]

Wonderful, thanks! Will try to get that added to 2.4.36. Cheers, Stefan

…

Am 10.10.2018 um 14:12 schrieb Pascal Christen ***@***.***>: Problem seems gone with "mod_http2 (v1.11.3-git.." 👍 — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.