Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 20936 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP pipelining broken after upgrade to UTM 9.3

ondrej.holas
In 9.2, the HTTP pipelining works well on HTTP proxy:

telnet 192.168.1.22 8080
Trying 192.168.1.22...
Connected to 192.168.1.22.
Escape character is '^]'.
GET 192.168.1.2/.../1.1
Host: 192.168.1.2

GET 192.168.1.2/.../1.1
Host: 192.168.1.2

HTTP/1.1 200 OK
Date: Fri, 26 Dec 2014 19:59:05 GMT
Server: Apache
Last-Modified: Fri, 26 Dec 2014 19:24:08 GMT
Accept-Ranges: bytes
Content-Length: 6
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Content-Type: text/plain
Proxy-Connection: Keep-Alive

test1
HTTP/1.1 200 OK
Date: Fri, 26 Dec 2014 19:59:05 GMT
Server: Apache
Last-Modified: Fri, 26 Dec 2014 19:24:12 GMT
Accept-Ranges: bytes
Content-Length: 6
X-Frame-Options: deny
Keep-Alive: timeout=5, max=99
Content-Type: text/plain
Proxy-Connection: Keep-Alive

test2
^]
telnet> q
Connection closed.


In 9.3 (tested on 9.304-9 and 9.305-4), HTTP proxy processes only the first request and times out after one minute:

telnet 192.168.1.22 8080
Trying 192.168.1.22...
Connected to 192.168.1.22.
Escape character is '^]'.
GET 192.168.1.2/.../1.1
Host: 192.168.1.2

GET 192.168.1.2/.../1.1
Host: 192.168.1.2

HTTP/1.1 200 OK
Date: Fri, 26 Dec 2014 20:11:57 GMT
Server: Apache
Last-Modified: Fri, 26 Dec 2014 19:24:08 GMT
Accept-Ranges: bytes
Content-Length: 6
X-Frame-Options: deny
Keep-Alive: timeout=5, max=100
Content-Type: text/plain
Proxy-Connection: keep-alive

test1
Connection closed by foreign host.


The second request is neither processed nor logged in /var/log/http.log.

Real world scenario affected by this bug is Debian apt configured to pipeline requests (by default in squeeze).

Maybe something to do with changes in ID31116.

Brgds,

Ondrej


This thread was automatically locked due to age.
Parents
  • 0
    I'm not disputing your findings, Ondrej, but we now have run a beta for several months and have over ten thousand UTMs on 9.3 in production systems.  So far none of them have reported this problem, at least that has gotten to Dev.  That suggest that even if there is a difference in 9.2 and 9.3 the real world impact might not be noticeable.

    As a QA person, I think every defect in a product should get fixed.  The reality is that prioritization must go to defects that are affecting paid customers that they are reporting to us.
Reply
  • 0
    I'm not disputing your findings, Ondrej, but we now have run a beta for several months and have over ten thousand UTMs on 9.3 in production systems.  So far none of them have reported this problem, at least that has gotten to Dev.  That suggest that even if there is a difference in 9.2 and 9.3 the real world impact might not be noticeable.

    As a QA person, I think every defect in a product should get fixed.  The reality is that prioritization must go to defects that are affecting paid customers that they are reporting to us.
Children
No Data
Unfiltered HTML