HAProxy community

Some h2pec test cases for HTTP/2 failed, are those bugs for haproxy?


#1

I am a follower of haproxy. I tested HTTP/2 fuction in haproxy_1.8.17 with the tool h2spec, but some test cases failed. I wonder if those are bugs for haproxy.
See the tool here https://github.com/summerwind/h2spec .

Those failed cases are as follow:

gaohd@host:~/.golang/gopath/src/github.com/summerwind/h2spec$./h2spec http2 -h www.axddos.com -p 443 -t -k

Failures:

Generic tests for HTTP/2 server

  1. Frame Definitions
3.10. CONTINUATION

  × 1: Sends a CONTINUATION frame

    -> The endpoint MUST accept CONTINUATION frame.

       Expected: HEADERS Frame (stream_id:1)

         Actual: Connection closed

  × 2: Sends multiple CONTINUATION frames

    -> The endpoint MUST accept multiple CONTINUATION frames.

       Expected: HEADERS Frame (stream_id:1)

         Actual: Connection closed
  1. HTTP Message Exchanges
× 4: Sends a POST request with trailers

  -> The endpoint MUST respond to the request.

     Expected: HEADERS Frame (stream_id:1)

       Actual: Connection closed

Hypertext Transfer Protocol Version 2 (HTTP/2)

  1. HTTP Frames
4.2. Frame Size

  × 3: Sends a large size HEADERS frame that exceeds the SETTINGS_MAX_FRAME_SIZE

    -> The endpoint MUST respond with a connection error of type FRAME_SIZE_ERROR.

       Expected: GOAWAY Frame (Error Code: FRAME_SIZE_ERROR)

                 Connection closed

         Actual: DATA Frame (length:624, flags:0x01, stream_id:1)
  1. Streams and Multiplexing
5.1. Stream States

  × 13: closed: Sends a CONTINUATION frame

    -> The endpoint MUST treat this as a connection error of type STREAM_CLOSED.

       Expected: GOAWAY Frame (Error Code: STREAM_CLOSED)

                 GOAWAY Frame (Error Code: PROTOCOL_ERROR)

                 Connection closed

         Actual: RST_STREAM Frame (length:4, flags:0x00, stream_id:1)
  1. Frame Definitions
6.10. CONTINUATION

  × 1: Sends multiple CONTINUATION frames preceded by a HEADERS frame

    -> The endpoint must accept the frame.

       Expected: HEADERS Frame (stream_id:1)

         Actual: Connection closed

  × 4: Sends a CONTINUATION frame preceded by a HEADERS frame with END_HEADERS flag

    -> The endpoint MUST respond with a connection error of type PROTOCOL_ERROR.

       Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)

                 Connection closed

         Actual: RST_STREAM Frame (length:4, flags:0x00, stream_id:1)
  1. HTTP Message Exchanges
8.1. HTTP Request/Response Exchange

  8.1.2. HTTP Header Fields

    8.1.2.6. Malformed Requests and Responses

      × 1: Sends a HEADERS frame with the "content-length" header field which does not equal the DATA frame payload length

        -> The endpoint MUST treat this as a stream error of type PROTOCOL_ERROR.

           Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)

                     RST_STREAM Frame (Error Code: PROTOCOL_ERROR)

                     Connection closed

             Actual: DATA Frame (length:182, flags:0x01, stream_id:1)

      × 2: Sends a HEADERS frame with the "content-length" header field which does not equal the sum of the multiple DATA frames payload length

        -> The endpoint MUST treat this as a stream error of type PROTOCOL_ERROR.

           Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)

                     RST_STREAM Frame (Error Code: PROTOCOL_ERROR)

                     Connection closed

             Actual: DATA Frame (length:182, flags:0x01, stream_id:1)

HPACK: Header Compression for HTTP/2

  1. Binary Format
6.3. Dynamic Table Size Update

  × 1: Sends a dynamic table size update larger than the value of SETTINGS_HEADER_TABLE_SIZE

    -> The endpoint MUST treat this as a decoding error.

       Expected: GOAWAY Frame (Error Code: COMPRESSION_ERROR)

                 Connection closed

         Actual: DATA Frame (length:624, flags:0x01, stream_id:1)

Finished in 18.9586 seconds

145 tests, 135 passed, 0 skipped, 10 failed

gaohd@host: ~/open_source/haproxy-1.8.17$ ./haproxy -vv
HA-Proxy version 1.8.17 2019/01/08
Copyright 2000-2019 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_TFO=1 USE_NS=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
Running on OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace

haproxy config as follow:

global

ulimit-n 900
maxconn 400000
maxconnrate 0
nbproc 1
tune.http.cookielen 2048
tune.http.maxhdr 101

tune.bufsize 24576
log global
maxconn 30000
backlog 8192
option clitcpka
option redispatch

frontend http
bind ipv4@0.0.0.0:80
mode http
log global
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %{+Q}r
rate-limit sessions 500000
option httplog
option forwardfor
capture request header Host len 256
capture request header User-Agent len 256
capture request header Referer len 256
capture request header Cookie len 256
capture request header X-Forwarded-For len 256
default_backend http_backend

frontend https
bind 0.0.0.0:443 ssl crt /usr/local/l7/resource/l7/crt/sina.pem alpn h2,http/1.1
mode http
log global
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %{+Q}r
rate-limit sessions 500000
option httplog
option forwardfor
capture request header Host len 256
capture request header User-Agent len 256
capture request header Referer len 256
capture request header Cookie len 256
capture request header X-Forwarded-For len 256
default_backend https_backend

backend http_backend
log global
mode http
balance roundrobin
option http-server-close
server myserver 10.6.130.69:80

backend https_backend
log global
mode http
balance roundrobin
option http-server-close
server MyHttps 10.6.130.69:80 check inter 5000


#2

There is no need to double post on the mailing list and here, in fact, most often this generates twice the load as people usually are not aware of the other post.

As per my response on the mailing list:
https://www.mail-archive.com/haproxy@formilux.org/msg32538.html

1.9.2 resolves most of this issues.