Hello. Thanks for the suggestion. Exceptions have completely disappeared after increasing the threshold to 40:
jetty.http2.rateControl.maxEventsPerSecond=40 Should the default be increased? Regards, Óscar On Wed, Oct 30, 2019 at 1:33 PM Greg Wilkins <[email protected]> wrote: > > Those exceptions are due to a new DOS protection feature introduced as the > result of CVE-2019-9512 <https://nvd.nist.gov/vuln/detail/CVE-2019-9512> > and associated CVEs. > > HTTP2 now has a new jetty.http2.rateControl.maxEventsPerSecond parameter > that defaults to 20 per connection for all pings, bad frames, settings > frames, priority changes etc. It may be that 20 is too low for you or > that you are under attack? > > These are not really ignorable as the connection over which they come is > closed, which can be disruptive if these are false positives. > > regards > > > > > > On Wed, 30 Oct 2019 at 21:37, Óscar Frías Barranco <[email protected]> > wrote: > >> Hi again. >> >> We are also seeing a similar exception which I copy below, any feedback >> about it too? >> >> java.io.IOException: 11/invalid_ping_frame_rate >> at >> org.eclipse.jetty.http2.HTTP2Session.onConnectionFailure(HTTP2Session.java:513) >> at >> org.eclipse.jetty.http2.HTTP2Session.onConnectionFailure(HTTP2Session.java:508) >> at >> org.eclipse.jetty.http2.parser.Parser$Listener$Wrapper.onConnectionFailure(Parser.java:414) >> at >> org.eclipse.jetty.http2.HTTP2Connection$ParserListener.onConnectionFailure(HTTP2Connection.java:384) >> at >> org.eclipse.jetty.http2.parser.BodyParser.notifyConnectionFailure(BodyParser.java:223) >> at >> org.eclipse.jetty.http2.parser.BodyParser.connectionFailure(BodyParser.java:215) >> at >> org.eclipse.jetty.http2.parser.PingBodyParser.onPing(PingBodyParser.java:99) >> at >> org.eclipse.jetty.http2.parser.PingBodyParser.parse(PingBodyParser.java:69) >> at >> org.eclipse.jetty.http2.parser.Parser.parseBody(Parser.java:198) >> at org.eclipse.jetty.http2.parser.Parser.parse(Parser.java:127) >> at >> org.eclipse.jetty.http2.parser.ServerParser.parse(ServerParser.java:115) >> at >> org.eclipse.jetty.http2.HTTP2Connection$HTTP2Producer.produce(HTTP2Connection.java:248) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produceTask(EatWhatYouKill.java:360) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:184) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) >> at >> org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170) >> at >> org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:125) >> at >> org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:348) >> at org.eclipse.jetty.io >> .FillInterest.fillable(FillInterest.java:103) >> at org.eclipse.jetty.io >> .ChannelEndPoint$2.run(ChannelEndPoint.java:117) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) >> at >> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) >> at >> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) >> at java.base/java.lang.Thread.run(Thread.java:834) >> Suppressed: java.lang.Throwable: HttpInput failure >> at >> org.eclipse.jetty.server.HttpInput.failed(HttpInput.java:823) >> at >> org.eclipse.jetty.http2.server.HttpChannelOverHTTP2.onFailure(HttpChannelOverHTTP2.java:323) >> at >> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onStreamFailure(HTTP2ServerConnection.java:221) >> at >> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onSessionFailure(HTTP2ServerConnection.java:261) >> at >> org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory$HTTPServerSessionListener.onFailure(HTTP2ServerConnectionFactory.java:128) >> at >> org.eclipse.jetty.http2.HTTP2Session.notifyFailure(HTTP2Session.java:1156) >> ... 29 more >> >> Thanks! >> Óscar >> >> >> >> On Wed, Oct 30, 2019 at 11:22 AM Óscar Frías Barranco <[email protected]> >> wrote: >> >>> Hello. >>> >>> We are randomly seeing this error on some of the requests to our server >>> after we migrated from Jetty 9.4.20 to 9.4.22 >>> >>> What does it mean? Can we ignore it? >>> >>> java.io.IOException: 11/invalid_priority_frame_rate >>> at >>> org.eclipse.jetty.http2.HTTP2Session.onConnectionFailure(HTTP2Session.java:513) >>> at >>> org.eclipse.jetty.http2.HTTP2Session.onConnectionFailure(HTTP2Session.java:508) >>> at >>> org.eclipse.jetty.http2.parser.Parser$Listener$Wrapper.onConnectionFailure(Parser.java:414) >>> at >>> org.eclipse.jetty.http2.HTTP2Connection$ParserListener.onConnectionFailure(HTTP2Connection.java:384) >>> at >>> org.eclipse.jetty.http2.parser.BodyParser.notifyConnectionFailure(BodyParser.java:223) >>> at >>> org.eclipse.jetty.http2.parser.BodyParser.connectionFailure(BodyParser.java:215) >>> at >>> org.eclipse.jetty.http2.parser.PriorityBodyParser.onPriority(PriorityBodyParser.java:121) >>> at >>> org.eclipse.jetty.http2.parser.PriorityBodyParser.parse(PriorityBodyParser.java:106) >>> at >>> org.eclipse.jetty.http2.parser.Parser.parseBody(Parser.java:198) >>> at org.eclipse.jetty.http2.parser.Parser.parse(Parser.java:127) >>> at >>> org.eclipse.jetty.http2.parser.ServerParser.parse(ServerParser.java:115) >>> at >>> org.eclipse.jetty.http2.HTTP2Connection$HTTP2Producer.produce(HTTP2Connection.java:248) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produceTask(EatWhatYouKill.java:360) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:184) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) >>> at >>> org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170) >>> at >>> org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:125) >>> at >>> org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:348) >>> at org.eclipse.jetty.io >>> .FillInterest.fillable(FillInterest.java:103) >>> at org.eclipse.jetty.io >>> .ChannelEndPoint$2.run(ChannelEndPoint.java:117) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) >>> at >>> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) >>> at >>> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388) >>> at >>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) >>> at >>> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) >>> at java.base/java.lang.Thread.run(Thread.java:834) >>> Suppressed: java.lang.Throwable: HttpInput failure >>> at >>> org.eclipse.jetty.server.HttpInput.failed(HttpInput.java:823) >>> at >>> org.eclipse.jetty.http2.server.HttpChannelOverHTTP2.onFailure(HttpChannelOverHTTP2.java:323) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onStreamFailure(HTTP2ServerConnection.java:221) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onSessionFailure(HTTP2ServerConnection.java:261) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory$HTTPServerSessionListener.onFailure(HTTP2ServerConnectionFactory.java:128) >>> at >>> org.eclipse.jetty.http2.HTTP2Session.notifyFailure(HTTP2Session.java:1156) >>> ... 29 more >>> Suppressed: java.lang.Throwable: HttpInput failure >>> at >>> org.eclipse.jetty.server.HttpInput.failed(HttpInput.java:823) >>> at >>> org.eclipse.jetty.http2.server.HttpChannelOverHTTP2.onFailure(HttpChannelOverHTTP2.java:323) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onStreamFailure(HTTP2ServerConnection.java:221) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onSessionFailure(HTTP2ServerConnection.java:261) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory$HTTPServerSessionListener.onFailure(HTTP2ServerConnectionFactory.java:128) >>> at >>> org.eclipse.jetty.http2.HTTP2Session.notifyFailure(HTTP2Session.java:1156) >>> ... 29 more >>> Suppressed: java.lang.Throwable: HttpInput failure >>> at >>> org.eclipse.jetty.server.HttpInput.failed(HttpInput.java:823) >>> at >>> org.eclipse.jetty.http2.server.HttpChannelOverHTTP2.onFailure(HttpChannelOverHTTP2.java:323) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onStreamFailure(HTTP2ServerConnection.java:221) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onSessionFailure(HTTP2ServerConnection.java:261) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory$HTTPServerSessionListener.onFailure(HTTP2ServerConnectionFactory.java:128) >>> at >>> org.eclipse.jetty.http2.HTTP2Session.notifyFailure(HTTP2Session.java:1156) >>> ... 29 more >>> Suppressed: java.lang.Throwable: HttpInput failure >>> at >>> org.eclipse.jetty.server.HttpInput.failed(HttpInput.java:823) >>> at >>> org.eclipse.jetty.http2.server.HttpChannelOverHTTP2.onFailure(HttpChannelOverHTTP2.java:323) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onStreamFailure(HTTP2ServerConnection.java:221) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onSessionFailure(HTTP2ServerConnection.java:261) >>> at >>> org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory$HTTPServerSessionListener.onFailure(HTTP2ServerConnectionFactory.java:128) >>> at >>> org.eclipse.jetty.http2.HTTP2Session.notifyFailure(HTTP2Session.java:1156) >>> ... 29 more >>> >>> Thanks for your help! >>> Óscar >>> >>> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > > > -- > Greg Wilkins <[email protected]> CTO http://webtide.com > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
