http2: Filter out all connection-specific headers

Now that http_DoConnection() is used without respecting the SC_RX_BAD
return value it should not return early when encountering a well-known
header.

bin/varnishd/cache/cache_http.c

@@ -718,17 +718,21 @@ http_DoConnection(struct http *hp)
 	AN(h);
 	while (http_split(&h, NULL, ",", &b, &e)) {
 		u = pdiff(b, e);
-		if (u == 5 && !strncasecmp(b, "close", u))
+		if (u == 5 && retval != SC_RX_BAD &&
+		    !strncasecmp(b, "close", u))
 			retval = SC_REQ_CLOSE;
-		if (u == 10 && !strncasecmp(b, "keep-alive", u))
+		if (u == 10 && retval != SC_RX_BAD &&
+		    !strncasecmp(b, "keep-alive", u))
 			retval = SC_NULL;
 
 		/* Refuse removal of well-known-headers if they would pass. */
 /*lint -save -e506 [constant value boolean] */
 #define HTTPH(a, x, c)						\
 		if (!((c) & HTTPH_R_PASS) &&			\
-		    strlen(a) == u && !strncasecmp(a, b, u))	\
-			return (SC_RX_BAD);
+		    strlen(a) == u && !strncasecmp(a, b, u)) {	\
+			retval = SC_RX_BAD;			\
+			continue;				\
+		}
 #include "tbl/http_headers.h"
 /*lint -restore */
 

bin/varnishtest/tests/r03416.vtc

@@ -2,15 +2,16 @@ varnishtest "Filter hop-by-hop headers out of h2 responses"
 
 server s1 {
 	rxreq
-	txresp
+	txresp -body "water"
 } -start
 
 varnish v1 -cliok "param.set feature +http2"
 varnish v1 -vcl+backend {
 	sub vcl_deliver {
 		set resp.http.Keep-Alive = "timeout=5, max=1000";
-		set resp.http.Connection = "other";
+		set resp.http.Connection = "other, Content-Length, another";
 		set resp.http.Other = "foo";
+		set resp.http.Another = "bar";
 	}
 } -start
 
@@ -21,5 +22,7 @@ client c1 {
 		expect resp.http.keep-alive == <undef>
 		expect resp.http.connection == <undef>
 		expect resp.http.other == <undef>
+		expect resp.http.another == <undef>
+		expect resp.http.Content-Length == 5
 	} -run
 } -run