Version in base suite: 8.1.9+ds-1~deb11u1 Base version: trafficserver_8.1.9+ds-1~deb11u1 Target version: trafficserver_8.1.10+ds-1~deb11u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/trafficserver/trafficserver_8.1.9+ds-1~deb11u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/t/trafficserver/trafficserver_8.1.10+ds-1~deb11u1.dsc CHANGELOG-8.1.10 | 4 configure | 30 ++--- configure.ac | 4 debian/changelog | 8 + doc/admin-guide/files/records.config.en.rst | 11 + doc/admin-guide/monitoring/statistics/core/http-connection.en.rst | 11 + doc/admin-guide/plugins/block_errors.en.rst | 4 include/tscore/Ptr.h | 1 mgmt/RecordsConfig.cc | 2 proxy/http2/HTTP2.cc | 56 +++++----- proxy/http2/HTTP2.h | 2 proxy/http2/Http2ConnectionState.cc | 25 ++++ proxy/http2/Http2ConnectionState.h | 3 tools/package/trafficserver.spec | 2 14 files changed, 113 insertions(+), 50 deletions(-) diff -Nru trafficserver-8.1.9+ds/CHANGELOG-8.1.10 trafficserver-8.1.10+ds/CHANGELOG-8.1.10 --- trafficserver-8.1.9+ds/CHANGELOG-8.1.10 1970-01-01 00:00:00.000000000 +0000 +++ trafficserver-8.1.10+ds/CHANGELOG-8.1.10 2024-04-03 15:43:16.000000000 +0000 @@ -0,0 +1,4 @@ +Changes with Apache Traffic Server 8.1.10 + #10618 - Fix typo in block_errors documentation (#10591) + #10623 - Fix H2 debug message for a rate limit (#10583) + #11207 - Add proxy.config.http2.max_continuation_frames_per_minute diff -Nru trafficserver-8.1.9+ds/configure trafficserver-8.1.10+ds/configure --- trafficserver-8.1.9+ds/configure 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/configure 2024-04-03 15:43:16.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Apache Traffic Server 8.1.9. +# Generated by GNU Autoconf 2.69 for Apache Traffic Server 8.1.10. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='Apache Traffic Server' PACKAGE_TARNAME='trafficserver' -PACKAGE_VERSION='8.1.9' -PACKAGE_STRING='Apache Traffic Server 8.1.9' +PACKAGE_VERSION='8.1.10' +PACKAGE_STRING='Apache Traffic Server 8.1.10' PACKAGE_BUGREPORT='dev@trafficserver.apache.org' PACKAGE_URL='http://trafficserver.apache.org' @@ -1673,7 +1673,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Apache Traffic Server 8.1.9 to adapt to many kinds of systems. +\`configure' configures Apache Traffic Server 8.1.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1744,7 +1744,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Apache Traffic Server 8.1.9:";; + short | recursive ) echo "Configuration of Apache Traffic Server 8.1.10:";; esac cat <<\_ACEOF @@ -1985,7 +1985,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Apache Traffic Server configure 8.1.9 +Apache Traffic Server configure 8.1.10 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2815,7 +2815,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Apache Traffic Server $as_me 8.1.9, which was +It was created by Apache Traffic Server $as_me 8.1.10, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3684,7 +3684,7 @@ # Define the identity of the package. PACKAGE='trafficserver' - VERSION='8.1.9' + VERSION='8.1.10' cat >>confdefs.h <<_ACEOF @@ -3972,13 +3972,13 @@ # convention that attempts to solve problems that most people just # don't have and which just causes confusion for most end users. # -TS_VERSION_MAJOR=$((8001009 / 1000000 )) -TS_VERSION_MINOR=$(((8001009 / 1000) % 1000 )) -TS_VERSION_MICRO=$((8001009 % 1000 )) +TS_VERSION_MAJOR=$((8001010 / 1000000 )) +TS_VERSION_MINOR=$(((8001010 / 1000) % 1000 )) +TS_VERSION_MICRO=$((8001010 % 1000 )) TS_LIBTOOL_MAJOR=`echo $((${TS_VERSION_MAJOR} + ${TS_VERSION_MINOR}))` TS_LIBTOOL_VERSION=$TS_LIBTOOL_MAJOR:$TS_VERSION_MICRO:$TS_VERSION_MINOR -TS_VERSION_STRING=8.1.9 -TS_VERSION_NUMBER=8001009 +TS_VERSION_STRING=8.1.10 +TS_VERSION_NUMBER=8001010 # # Substitute the above version numbers into the various files below. @@ -30808,7 +30808,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Apache Traffic Server $as_me 8.1.9, which was +This file was extended by Apache Traffic Server $as_me 8.1.10, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30875,7 +30875,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Apache Traffic Server config.status 8.1.9 +Apache Traffic Server config.status 8.1.10 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru trafficserver-8.1.9+ds/configure.ac trafficserver-8.1.10+ds/configure.ac --- trafficserver-8.1.9+ds/configure.ac 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/configure.ac 2024-04-03 15:43:16.000000000 +0000 @@ -32,8 +32,8 @@ # Version number is calculated as MAJOR * 1000000 + MINOR * 1000 + MICRO # Version string is in the form of MAJOR.MINOR.MICRO[sufix] # -m4_define([TS_VERSION_S],[8.1.9]) -m4_define([TS_VERSION_N],[8001009]) +m4_define([TS_VERSION_S],[8.1.10]) +m4_define([TS_VERSION_N],[8001010]) AC_INIT([Apache Traffic Server], TS_VERSION_S(), [dev@trafficserver.apache.org], [trafficserver],[http://trafficserver.apache.org]) AC_PREREQ([2.59]) diff -Nru trafficserver-8.1.9+ds/debian/changelog trafficserver-8.1.10+ds/debian/changelog --- trafficserver-8.1.9+ds/debian/changelog 2023-11-02 16:00:26.000000000 +0000 +++ trafficserver-8.1.10+ds/debian/changelog 2024-04-13 09:54:31.000000000 +0000 @@ -1,3 +1,11 @@ +trafficserver (8.1.10+ds-1~deb11u1) bullseye-security; urgency=medium + + * New upstream version 8.1.10+ds + * CVEs fix (Closes: #1068417) + - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack + + -- Jean Baptiste Favre Sat, 13 Apr 2024 11:54:31 +0200 + trafficserver (8.1.9+ds-1~deb11u1) bullseye-security; urgency=medium * New upstream version 8.1.9+ds diff -Nru trafficserver-8.1.9+ds/doc/admin-guide/files/records.config.en.rst trafficserver-8.1.10+ds/doc/admin-guide/files/records.config.en.rst --- trafficserver-8.1.9+ds/doc/admin-guide/files/records.config.en.rst 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/doc/admin-guide/files/records.config.en.rst 2024-04-03 15:43:16.000000000 +0000 @@ -3689,8 +3689,15 @@ .. ts:cv:: CONFIG proxy.config.http2.max_rst_stream_frames_per_minute INT 14 :reloadable: - Specifies how many RST_STREAM frames |TS| receives for a minute at maximum. - Clients exceeded this limit will be immediately disconnected with an error + Specifies how many RST_STREAM frames |TS| receives per minute at maximum. + Clients exceeding this limit will be immediately disconnected with an error + code of ENHANCE_YOUR_CALM. + +.. ts:cv:: CONFIG proxy.config.http2.max_continuation_frames_per_minute INT 120 + :reloadable: + + Specifies how many CONTINUATION frames |TS| receives per minute at maximum. + Clients exceeding this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM. .. ts:cv:: CONFIG proxy.config.http2.min_avg_window_update FLOAT 2560.0 diff -Nru trafficserver-8.1.9+ds/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst trafficserver-8.1.10+ds/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst --- trafficserver-8.1.9+ds/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst 2024-04-03 15:43:16.000000000 +0000 @@ -241,10 +241,17 @@ .. ts:stat:: global proxy.process.http2.max_rst_stream_frames_per_minute_exceeded integer :type: counter - Represents the total number of closed HTTP/2 connections for exceeding the - maximum allowed number of rst_stream frames per minute limit which is configured by + Represents the total number of HTTP/2 connections closed for exceeding the + maximum allowed number of ``RST_STREAM`` frames per minute limit which is configured by :ts:cv:`proxy.config.http2.max_rst_stream_frames_per_minute`. +.. ts:stat:: global proxy.process.http2.max_continuation_frames_per_minute_exceeded integer + :type: counter + + Represents the total number of HTTP/2 connections closed for exceeding the + maximum allowed number of ``CONTINUATION`` frames per minute limit which is + configured by :ts:cv:`proxy.config.http2.max_continuation_frames_per_minute`. + .. ts:stat:: global proxy.process.http2.insufficient_avg_window_update integer :type: counter diff -Nru trafficserver-8.1.9+ds/doc/admin-guide/plugins/block_errors.en.rst trafficserver-8.1.10+ds/doc/admin-guide/plugins/block_errors.en.rst --- trafficserver-8.1.9+ds/doc/admin-guide/plugins/block_errors.en.rst 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/doc/admin-guide/plugins/block_errors.en.rst 2024-04-03 15:43:16.000000000 +0000 @@ -57,7 +57,7 @@ - ``block_errors.error_limit``: Set the error limit. Takes a single argument, the number of errors allowed before blocking the client. - ``block_errors.timeout``: Set the block timeout. Takes a single argument, the number of minutes to block the client. -- ``block_errors.enable``: Enable or disable the plugin. Takes a single argument, 0 to disable, 1 to enable. +- ``block_errors.enabled``: Enable or disable the plugin. Takes a single argument, 0 to disable, 1 to enable. Example Run Time Configuration ============================== @@ -66,4 +66,4 @@ traffic_ctl plugin msg block_errors.timeout 10 - traffic_ctl plugin msg block_errors.enable 1 + traffic_ctl plugin msg block_errors.enabled 1 diff -Nru trafficserver-8.1.9+ds/include/tscore/Ptr.h trafficserver-8.1.10+ds/include/tscore/Ptr.h --- trafficserver-8.1.9+ds/include/tscore/Ptr.h 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/include/tscore/Ptr.h 2024-04-03 15:43:16.000000000 +0000 @@ -24,6 +24,7 @@ #pragma once #include "tscore/ink_atomic.h" +#include //////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////// diff -Nru trafficserver-8.1.9+ds/mgmt/RecordsConfig.cc trafficserver-8.1.10+ds/mgmt/RecordsConfig.cc --- trafficserver-8.1.9+ds/mgmt/RecordsConfig.cc 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/mgmt/RecordsConfig.cc 2024-04-03 15:43:16.000000000 +0000 @@ -1348,6 +1348,8 @@ , {RECT_CONFIG, "proxy.config.http2.max_rst_stream_frames_per_minute", RECD_INT, "200", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} , + {RECT_CONFIG, "proxy.config.http2.max_continuation_frames_per_minute", RECD_INT, "120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} + , {RECT_CONFIG, "proxy.config.http2.min_avg_window_update", RECD_FLOAT, "2560.0", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , {RECT_CONFIG, "proxy.config.http2.header_table_size_limit", RECD_INT, "65536", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} diff -Nru trafficserver-8.1.9+ds/proxy/http2/HTTP2.cc trafficserver-8.1.10+ds/proxy/http2/HTTP2.cc --- trafficserver-8.1.9+ds/proxy/http2/HTTP2.cc 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/proxy/http2/HTTP2.cc 2024-04-03 15:43:16.000000000 +0000 @@ -73,6 +73,8 @@ "proxy.process.http2.max_priority_frames_per_minute_exceeded"; static const char *const HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED_NAME = "proxy.process.http2.max_rst_stream_frames_per_minute_exceeded"; +static const char *const HTTP2_STAT_MAX_CONTINUATION_FRAMES_PER_MINUTE_EXCEEDED_NAME = + "proxy.process.http2.max_continuation_frames_per_minute_exceeded"; static const char *const HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE_NAME = "proxy.process.http2.insufficient_avg_window_update"; union byte_pointer { @@ -728,31 +730,32 @@ } // Initialize this subsystem with librecords configs (for now) -uint32_t Http2::max_concurrent_streams_in = 100; -uint32_t Http2::min_concurrent_streams_in = 10; -uint32_t Http2::max_active_streams_in = 0; -bool Http2::throttling = false; -uint32_t Http2::stream_priority_enabled = 0; -uint32_t Http2::initial_window_size = 65535; -uint32_t Http2::max_frame_size = 16384; -uint32_t Http2::header_table_size = 4096; -uint32_t Http2::max_header_list_size = 4294967295; -uint32_t Http2::accept_no_activity_timeout = 120; -uint32_t Http2::no_activity_timeout_in = 120; -uint32_t Http2::active_timeout_in = 0; -uint32_t Http2::push_diary_size = 256; -uint32_t Http2::zombie_timeout_in = 0; -float Http2::stream_error_rate_threshold = 0.1; -uint32_t Http2::max_settings_per_frame = 7; -uint32_t Http2::max_settings_per_minute = 14; -uint32_t Http2::max_settings_frames_per_minute = 14; -uint32_t Http2::max_ping_frames_per_minute = 60; -uint32_t Http2::max_priority_frames_per_minute = 120; -uint32_t Http2::max_rst_stream_frames_per_minute = 200; -float Http2::min_avg_window_update = 2560.0; -uint32_t Http2::con_slow_log_threshold = 0; -uint32_t Http2::stream_slow_log_threshold = 0; -uint32_t Http2::header_table_size_limit = 65536; +uint32_t Http2::max_concurrent_streams_in = 100; +uint32_t Http2::min_concurrent_streams_in = 10; +uint32_t Http2::max_active_streams_in = 0; +bool Http2::throttling = false; +uint32_t Http2::stream_priority_enabled = 0; +uint32_t Http2::initial_window_size = 65535; +uint32_t Http2::max_frame_size = 16384; +uint32_t Http2::header_table_size = 4096; +uint32_t Http2::max_header_list_size = 4294967295; +uint32_t Http2::accept_no_activity_timeout = 120; +uint32_t Http2::no_activity_timeout_in = 120; +uint32_t Http2::active_timeout_in = 0; +uint32_t Http2::push_diary_size = 256; +uint32_t Http2::zombie_timeout_in = 0; +float Http2::stream_error_rate_threshold = 0.1; +uint32_t Http2::max_settings_per_frame = 7; +uint32_t Http2::max_settings_per_minute = 14; +uint32_t Http2::max_settings_frames_per_minute = 14; +uint32_t Http2::max_ping_frames_per_minute = 60; +uint32_t Http2::max_priority_frames_per_minute = 120; +uint32_t Http2::max_rst_stream_frames_per_minute = 200; +uint32_t Http2::max_continuation_frames_per_minute = 120; +float Http2::min_avg_window_update = 2560.0; +uint32_t Http2::con_slow_log_threshold = 0; +uint32_t Http2::stream_slow_log_threshold = 0; +uint32_t Http2::header_table_size_limit = 65536; void Http2::init() @@ -777,6 +780,7 @@ REC_EstablishStaticConfigInt32U(max_ping_frames_per_minute, "proxy.config.http2.max_ping_frames_per_minute"); REC_EstablishStaticConfigInt32U(max_priority_frames_per_minute, "proxy.config.http2.max_priority_frames_per_minute"); REC_EstablishStaticConfigInt32U(max_rst_stream_frames_per_minute, "proxy.config.http2.max_rst_stream_frames_per_minute"); + REC_EstablishStaticConfigInt32U(max_continuation_frames_per_minute, "proxy.config.http2.max_continuation_frames_per_minute"); REC_EstablishStaticConfigFloat(min_avg_window_update, "proxy.config.http2.min_avg_window_update"); REC_EstablishStaticConfigInt32U(con_slow_log_threshold, "proxy.config.http2.connection.slow.log.threshold"); REC_EstablishStaticConfigInt32U(stream_slow_log_threshold, "proxy.config.http2.stream.slow.log.threshold"); @@ -845,6 +849,8 @@ static_cast(HTTP2_STAT_MAX_PRIORITY_FRAMES_PER_MINUTE_EXCEEDED), RecRawStatSyncSum); RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED_NAME, RECD_INT, RECP_PERSISTENT, static_cast(HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED), RecRawStatSyncSum); + RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_MAX_CONTINUATION_FRAMES_PER_MINUTE_EXCEEDED_NAME, RECD_INT, + RECP_PERSISTENT, static_cast(HTTP2_STAT_MAX_CONTINUATION_FRAMES_PER_MINUTE_EXCEEDED), RecRawStatSyncSum); RecRegisterRawStat(http2_rsb, RECT_PROCESS, HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE_NAME, RECD_INT, RECP_PERSISTENT, static_cast(HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE), RecRawStatSyncSum); } diff -Nru trafficserver-8.1.9+ds/proxy/http2/HTTP2.h trafficserver-8.1.10+ds/proxy/http2/HTTP2.h --- trafficserver-8.1.9+ds/proxy/http2/HTTP2.h 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/proxy/http2/HTTP2.h 2024-04-03 15:43:16.000000000 +0000 @@ -93,6 +93,7 @@ HTTP2_STAT_MAX_PING_FRAMES_PER_MINUTE_EXCEEDED, HTTP2_STAT_MAX_PRIORITY_FRAMES_PER_MINUTE_EXCEEDED, HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED, + HTTP2_STAT_MAX_CONTINUATION_FRAMES_PER_MINUTE_EXCEEDED, HTTP2_STAT_INSUFFICIENT_AVG_WINDOW_UPDATE, HTTP2_N_STATS // Terminal counter, NOT A STAT INDEX. @@ -390,6 +391,7 @@ static uint32_t max_ping_frames_per_minute; static uint32_t max_priority_frames_per_minute; static uint32_t max_rst_stream_frames_per_minute; + static uint32_t max_continuation_frames_per_minute; static float min_avg_window_update; static uint32_t con_slow_log_threshold; static uint32_t stream_slow_log_threshold; diff -Nru trafficserver-8.1.9+ds/proxy/http2/Http2ConnectionState.cc trafficserver-8.1.10+ds/proxy/http2/Http2ConnectionState.cc --- trafficserver-8.1.9+ds/proxy/http2/Http2ConnectionState.cc 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/proxy/http2/Http2ConnectionState.cc 2024-04-03 15:43:16.000000000 +0000 @@ -528,7 +528,7 @@ if (cstate.get_received_rst_stream_frame_count() > Http2::max_rst_stream_frames_per_minute) { HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_MAX_RST_STREAM_FRAMES_PER_MINUTE_EXCEEDED, this_ethread()); Http2StreamDebug(cstate.ua_session, stream_id, "Observed too frequent RST_STREAM frames: %u frames within a last minute", - cstate.get_received_settings_frame_count()); + cstate.get_received_rst_stream_frame_count()); return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_ENHANCE_YOUR_CALM, "reset too frequent RST_STREAM frames"); } @@ -907,6 +907,17 @@ } } + // Update CONTINUATION frame count per minute. + cstate.increment_received_continuation_frame_count(); + // Close this connection if its CONTINUATION frame count exceeds a limit. + if (cstate.get_received_continuation_frame_count() > Http2::max_continuation_frames_per_minute) { + HTTP2_INCREMENT_THREAD_DYN_STAT(HTTP2_STAT_MAX_CONTINUATION_FRAMES_PER_MINUTE_EXCEEDED, this_ethread()); + Http2StreamDebug(cstate.ua_session, stream_id, "Observed too frequent CONTINUATION frames: %u frames within a last minute", + cstate.get_received_continuation_frame_count()); + return Http2Error(Http2ErrorClass::HTTP2_ERROR_CLASS_CONNECTION, Http2ErrorCode::HTTP2_ERROR_ENHANCE_YOUR_CALM, + "reset too frequent CONTINUATION frames"); + } + // keep track of how many bytes we get in the frame stream->request_header_length += payload_length; if (stream->request_header_length > Http2::max_header_list_size) { @@ -1976,6 +1987,18 @@ return this->_received_rst_stream_frame_counter.get_count(); } +void +Http2ConnectionState::increment_received_continuation_frame_count() +{ + this->_received_continuation_frame_counter.increment(); +} + +uint32_t +Http2ConnectionState::get_received_continuation_frame_count() +{ + return this->_received_continuation_frame_counter.get_count(); +} + // Return min_concurrent_streams_in when current client streams number is larger than max_active_streams_in. // Main purpose of this is preventing DDoS Attacks. unsigned diff -Nru trafficserver-8.1.9+ds/proxy/http2/Http2ConnectionState.h trafficserver-8.1.10+ds/proxy/http2/Http2ConnectionState.h --- trafficserver-8.1.9+ds/proxy/http2/Http2ConnectionState.h 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/proxy/http2/Http2ConnectionState.h 2024-04-03 15:43:16.000000000 +0000 @@ -325,6 +325,8 @@ uint32_t get_received_priority_frame_count(); void increment_received_rst_stream_frame_count(); uint32_t get_received_rst_stream_frame_count(); + void increment_received_continuation_frame_count(); + uint32_t get_received_continuation_frame_count(); ssize_t client_rwnd() const; Http2ErrorCode increment_client_rwnd(size_t amount); @@ -371,6 +373,7 @@ Http2FrequencyCounter _received_ping_frame_counter; Http2FrequencyCounter _received_priority_frame_counter; Http2FrequencyCounter _received_rst_stream_frame_counter; + Http2FrequencyCounter _received_continuation_frame_counter; // NOTE: Id of stream which MUST receive CONTINUATION frame. // - [RFC 7540] 6.2 HEADERS diff -Nru trafficserver-8.1.9+ds/tools/package/trafficserver.spec trafficserver-8.1.10+ds/tools/package/trafficserver.spec --- trafficserver-8.1.9+ds/tools/package/trafficserver.spec 2023-10-10 14:52:37.000000000 +0000 +++ trafficserver-8.1.10+ds/tools/package/trafficserver.spec 2024-04-03 15:43:16.000000000 +0000 @@ -26,7 +26,7 @@ Summary: Apache Traffic Server, a reverse, forward and transparent HTTP proxy cache Name: trafficserver -Version: 8.1.9 +Version: 8.1.10 Release: %{release}%{?dist} License: Apache Software License 2.0 (AL2) Group: System Environment/Daemons