Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] http/2 的多个问题 #1429

Closed
01101sam opened this issue Mar 10, 2025 · 6 comments
Closed

[bug] http/2 的多个问题 #1429

01101sam opened this issue Mar 10, 2025 · 6 comments
Assignees
@MegatronKing
Labels
bug Something isn't working

Comments

@01101sam
Copy link

Describe the bug

  1. SETTINGS frame 中 settings 数值被固定 (如: INITIAL_WINDOW_SIZE 固定为 2147483647, 一些 Safari 的自定义 settings 被移除等)
  2. HEADERS frame 不尊重 Priority (0x20) flag

To Reproduce
Steps to reproduce the behavior:

  1. 以 http2 请求 https://tls.peet.ws/api/all
  2. 在回应中, 查看 http2 -> sent_frames

Expected behavior

{
    "sent_frames": [
      {
        "frame_type": "SETTINGS",
        "length": 18,
        "settings": [
          "ENABLE_PUSH = 0",
          "INITIAL_WINDOW_SIZE = 2097152",
          "MAX_CONCURRENT_STREAMS = 100"
        ]
      },
      {
        "frame_type": "WINDOW_UPDATE",
        "length": 4,
        "increment": 10485760
      },
      {
        "frame_type": "HEADERS",
        "stream_id": 1,
        "length": 274,
        "headers": [
          ":method: GET",
          ":scheme: https",
          ":path: /api/all",
          ":authority: tls.peet.ws",
          // ...
        ],
        "flags": [
          "EndStream (0x1)",
          "EndHeaders (0x4)",
          "Priority (0x20)"
        ],
        "priority": {
          "weight": 255,
          "depends_on": 0,
          "exclusive": 0
        }
      }
    ]
  }

Unexpected behavior

{
    "sent_frames": [
      {
        "frame_type": "SETTINGS",
        "length": 24,
        "settings": [
          "MAX_CONCURRENT_STREAMS = 128",
          "MAX_FRAME_SIZE = 16384",
          "INITIAL_WINDOW_SIZE = 2147483647",
          "ENABLE_PUSH = 0"
        ]
      },
      {
        "frame_type": "WINDOW_UPDATE",
        "length": 4,
        "increment": 1073741823
      },
      {
        "frame_type": "HEADERS",
        "stream_id": 1,
        "length": 20,
        "headers": [
          ":authority: tls.peet.ws",
          ":method: GET",
          ":path: /api/all",
          ":scheme: https"
        ],
        "flags": [
          "EndStream (0x1)",
          "EndHeaders (0x4)"
        ]
      }
    ]
  }

Information
已在多个平台测试,理论上全部Reqable都会受此bug影响

  • Platform: macOS, Android, iOS
  • OS:
    • macOS: Darwin MacBook-Pro.local 24.3.0 Darwin Kernel Version 24.3.0: Thu Jan 2 20:24:23 PST 2025; root:xnu-11215.81.4~3/RELEASE_ARM64_T6031 arm64
    • Android: 13
    • iOS: 18.3.1
  • Arch: 已提供
  • App Version:
    • macOS: 2.33.2 (142) (arm64)
    • Android: `2.32.5 (18) (arm64)
    • iOS: 2.33.0 (140) (arm64)
@01101sam 01101sam added the bug Something isn't working label Mar 10, 2025
@MegatronKing
Copy link
Member

@01101sam 您好,感谢反馈,确实有你说的这个问题。

  1. frame未还原

为什么没有还原HTTP2的frame帧,主要是考虑中间数据修改会导致原来的帧异常,比如客户端发送了请求Stream 1,用户使用中间人Reqable屏蔽或者修改了这个请求,这个就会导致Reqable中间人没办法按照原来的方式传递数据。Reqable确实会固定Settings帧,这也是策略,没办法还原的情况下,有些值回设置得比较大,避免后续更新,确实有点trick。

  1. HEADERS frame 不尊重 Priority (0x20) flag

这个在实现上确实没有考虑到。Reqable中的HTTP2协议栈只实现了基本的功能,例如server_push等也都没有实现。

另外,请问这些case具体会导致什么问题,请求失败?

@01101sam
Copy link
Author

@01101sam 您好,感谢反馈,确实有你说的这个问题。

  1. frame未还原

为什么没有还原HTTP2的frame帧,主要是考虑中间数据修改会导致原来的帧异常,比如客户端发送了请求Stream 1,用户使用中间人Reqable屏蔽或者修改了这个请求,这个就会导致Reqable中间人没办法按照原来的方式传递数据。Reqable确实会固定Settings帧,这也是策略,没办法还原的情况下,有些值回设置得比较大,避免后续更新,确实有点trick。

  1. HEADERS frame 不尊重 Priority (0x20) flag

这个在实现上确实没有考虑到。Reqable中的HTTP2协议栈只实现了基本的功能,例如server_push等也都没有实现。

另外,请问这些case具体会导致什么问题,请求失败?

感谢回覆。

抓包时有可能会导致被检测到特征,参考akamai白皮书

@01101sam
Copy link
Author

用户使用中间人Reqable屏蔽或者修改了这个请求

SETTINGS frame 应该不会影响到修改请求, HEADERS 被修改了我能理解

@MegatronKing
Copy link
Member

用户使用中间人Reqable屏蔽或者修改了这个请求

SETTINGS frame 应该不会影响到修改请求, HEADERS 被修改了我能理解

是的,我重新梳理了下,SETTINGS应该可以保持一致。

简单看了下akamai的那个HTTP2帧特征检测机制,对Reqable来讲,只有WINDOW_UPDATE帧没办法还原,其他的特征应该都还好。WINDOW_UPDATE涉及到HTTP2得流控机制,而流控是和实际数据量相关的。如果中间用户修改了请求或者响应,数据量发生变化,流控也要跟着变化,Reqable本身没有实现流控机制,而是提前设置一个非常大的窗口,避免触发流控。如果中间不修改数据的话,WINDOW_UPDATE也能还原,但是我们没法提前知道用户是否会修改数据,修改的数据量变化是多少,所以只能提前设置这个非常大的WINDOW_UPDATE值。也许后续可以提供一个开关选项,是否严格还原HTTP2帧。

@MegatronKing
Copy link
Member

@01101sam 你可以试试这个版本,SETTINGS帧一致了:https://reqable-generic.pkg.coding.net/package/app/reqable-app-macos-arm64-http2.dmg?version=latest

补充说明:Reqable是跨平台是一套代码,所有平台行为是一致的,不需要每个平台都测试。

@01101sam
Copy link
Author

Image

👍 没问题了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MegatronKing MegatronKing

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MegatronKing @01101sam