Bug ID 654086: Incorrect handling of HTTP2 data frames larger than minimal frame size

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
14.0.0, 13.1.0, 12.1.3.4

Opened: Mar 29, 2017
Severity: 3-Major
Related AskF5 Article:
K18323013

Symptoms

HTTP2 can vary frame size between 16K bytes (included) and 16 Mbytes (not included). When a client sends a data frame spawning more than one TCP segment, the BIG-IP system incorrectly decrements the frame size twice from the receive window. If the proxy flow control is disabled, this just creates an additional window update frame. If the proxy is in flow control, this causes a flow control error.

Impact

HTTP2 resets the stream with FLOW_CONTROL_ERROR.

Conditions

-- HTTP2 profile is configured on a virtual server. -- Client sends a data frame larger than 16384 bytes, violating RFC. Note: The receiving maximum frame size of the BIG-IP is permanently set at 16384 bytes.

Workaround

There is no workaround at this time.

Fix Information

When a client sends HTTP2 a data frame exceeding a negotiated maximum frame size, the BIG-IP system correctly resets the stream.

Behavior Change