git.kaiwu.me - haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 6 May 2026 20:30:54 +0000 (22:30 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Thu, 7 May 2026 12:59:28 +0000 (14:59 +0200)
commit	72fd357814e1a7618435650580d95709dc4f7e28
tree	0963026b133bd82a09e8d4e2d584696ae907cf62	tree \| snapshot
parent	419cc6e2f6d2bb8fd1a761ecb44ce9730bcbcb3e	commit \| diff

MEDIUM: mux-h1: Return an error on h2 upgrade attempts if not allowed

If h1 to h2 upgrades are not allowed, a 405-method-not-allowed error is now
returned from the H1 multiplexer itself instead of dealing with "PRI *
HTTP/2.0\r\n\r\n" request as a normal request.

Before this kind of request was caught by the HTTP analyzers and a
400-bad-request was returned. This was added before the multiplexers era to
protect backend apps against unexpected H1 to H2 uprade on server side.

Now, it is possible to handle the error in the H1 multiplexer. One benefit
is to be able to increment the glichtes counters. However, the error is
still handled in HTTP analyzers to be sure to detect unwanted upgrades that
can be hidden in H2 or H3 requests.

There is a special case. TCP > H1 > H2 upgrades. In that case, a H1 stream
exist. So we must report an error to the upper layer too.

A reg-test script was added to validate the feature. In addition,
tcp_to_http_upgrade.vtc was updated accordingly.

reg-tests/connection/tcp_to_http_upgrade.vtc		diff \| blob \| history
reg-tests/http-messaging/h1_to_h2_upgrade.vtc	[new file with mode: 0644]	blob
src/mux_h1.c		diff \| blob \| history