You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/04/05 15:22:36 UTC

[GitHub] [trafficserver] SolidWallOfCode opened a new issue #7677: Explicit proxy doesn't wait for TCP handshake to complete before sending 200 OK

SolidWallOfCode opened a new issue #7677:
URL: https://github.com/apache/trafficserver/issues/7677


   If ATS is used as an explicit proxy, that is the user agent sends a `CONNECT` request, ATS only waits for being able to send a `SYN` to the upstream target, it does not verify the TCP handshake succeeds, before sending a "200 OK" to the user agent. This can be seen by attempting to `CONNECT` to a not in service port on the upstream. A packet capture shows the sequence
   
   * `CONNECT` is received by ATS
   * ATS sends a `SYN` to the upstream (at least validating the host name is valid and resolvable)
   * ATS sends "200 OK" to the user agent.
   * User agent sends "Client HELLO" to ATS.
   * ATS receives a `RESET` from the upstream because the port is invalid (no process listening on that port).
   * ATS closes the upstream and user agent connections.
   * User agent gets a mysterious write failure.
   
   ATS should at verify it can establish a TCP connection to the upstream before sending the 200 OK, otherwise the error on the user agent side is hard to debug.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] bryancall commented on issue #7677: Explicit proxy doesn't wait for TCP handshake to complete before sending 200 OK

Posted by GitBox <gi...@apache.org>.

bryancall commented on issue #7677:
URL: https://github.com/apache/trafficserver/issues/7677#issuecomment-818264517


   What do we log this as?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org