serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Kotkov <evgeny.kot...@visualsvn.com>
Subject [PATCH] HTTP/2: Fix improper handling of SETTINGS_INITIAL_WINDOW_SIZE
Date Fri, 17 Mar 2017 11:53:29 GMT
Hi,

I noticed that Serf currently errors out during certain HTTP/2 requests,
for example:

    > serf_get --http2 https://www.cloudflare.com
    Error running context: (120153) HTTP2 flow control limits exceeded

See the http2_handle_settings() function at http2_protocol.c:827, which
is responsible for processing SETTINGS_INITIAL_WINDOW_SIZE value
in a SETTINGS frame.

Serf uses the incoming value to update the size of the connection
flow-control window.  This violates RFC 7540, 6.9.2 [1], which states that
the SETTINGS_INITIAL_WINDOW_SIZE value in the SETTINGS frame
*cannot* alter the connection flow-control window size, and that
it only affects the initial window size for new streams.

Here is what happens in the example above (I think, this is how most of
the nginx servers currently behave):

    (Initial window size is 65535)

    <-  SETTINGS
    SETTINGS_INITIAL_WINDOW_SIZE: 65536

    (Serf incorrectly increases connection flow-control window by 1 byte,
     from 65535 to 65536, although this value should only be used for
     new streams.)

    <-  WINDOW_UPDATE
    Window Size Increment: 2147418112

    (The server is not interested in flow-control capabilities, and it
     advertises a flow-control window of the maximum size (2^31-1).
     While 65535 + 2147418112 is 2^31-1, Serf incorrectly thinks that
     it's current flow-control window is 65536, and 65536 + 2147418112
     is more than the allowed maximum of 2^31-1.  This triggers an error.)


The attached patch contains a fix for this issue.  The log message is
included in the beginning of the patch file.

[1] https://tools.ietf.org/html/rfc7540#section-6.9.2


Regards,
Evgeny Kotkov

Mime
View raw message