[PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments
piotrsikora at google.com
Tue Mar 28 10:36:50 UTC 2017
> I'm not sure that strictly following RFC here is worth the effort.
> It seems there's no other "harm" from zero window updates except that it
> allows to reset timers without any progress. That's only slightly worse
> than 1-bytes window updates.
Flow control interoperability and deadlocks between various HTTP/2
implementations are the biggest issues with the protocol, so while
there is no real harm in allowing 0 window updates, they indicate
broken client, and resetting stream and/or connection as soon as such
thing happens makes it much easier to find issues.
> The downside is additional code and intolerance to potential client bugs.
Catching client bugs early on is the upside, IMHO.
> Also note that in your implementation if zero window update is received
> for unknown stream then it's silently ignored.
Good catch, thanks! I'll send fixed version shortly.
More information about the nginx-devel