Bug ID 745291: The BIG-IP HTTP2 filter makes inappropriate assumptions about requests and responses without content lengths

Last Modified: Nov 27, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2

Fixed In:
15.0.0

Opened: Sep 26, 2018
Severity: 3-Major

Symptoms

HTTP2 differs from HTTP1 in that it is possible to have a request or response without a Content-Length header, and have the connection remain open afterwards. The HTTP2 framing allows the end of such a request or response to be detected. This difference can cause the HTTP framework within the BIG-IP system to become confused in certain HTTP2 scenarios. This can lead to inappropriate traffic handling of HTTP2 requests and responses.

Impact

-- HTTP2 traffic handling can fail if no Content-Length header exists, and one is expected in HTTP 1.x. -- The Data Frames are not sent to the HTTP1 server side. -- In certain scenarios, the HTTP1 side sends the pool member response back to the pool member . That will result in RST of the backend side connection with the following message in /var/log/ltm " [F5RST(peer): HTTP2 internal error (bad state transition in egress_complete)]

Conditions

-- An HTTP2 request or response is seen without a Content-Length header. -- The HTTP2 request is either sent in multiple frames, or single frame + followed by one or more Data frames. -- That request or response would require a Content-Length (or Transfer-Encoding: Chunked) in HTTP 1.x.

Workaround

None.

Fix Information

HTTP2 traffic without a Content-Length is successfully converted to chunked HTTP1 requests or responses. HTTP2 traffic without a Content-Length when such a header is required by HTTP1, does not cause HTTP2 stream failure.

Behavior Change