[PATCH] SPDY/3.1 protocol implementation

Piotr Sikora piotr at cloudflare.com
Mon Jan 27 23:42:26 UTC 2014

Hey Valentin,

> Current receiving flow control implementation is pretty simple and effective:
> we allow browser to send as much data as it wants.  That's why it is hardcoded
> to the maximum value.
> (...)
> No, it's actually browser's will to properly prioritize POST requests.

But now you're relying on the browser to do the right thing vs forcing
the correct behavior via SPDY's flow control.

> The receiving flow control has two uses for server:

I'd argue that making sure that requests are multiplexed is also a
valid use case ;)

In any case, I'd prefer if this would be configureable value.

Also, it seems that we should be forcing minimum value for the
client's window size, otherwise client can set window size to 2 bytes
and make nginx return thousands of DATA frames and use way too many
resources to serve a small static page (same is true for Google's &
Twitter's web servers). This could be a huge (D)DoS-vector.

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list