[PATCH] SPDY/3.1 protocol implementation

Piotr Sikora piotr at cloudflare.com
Tue Jan 28 03:05:39 UTC 2014


Hey Valentin,

> Not that simple, on each such frame client have to send WINDOW_UPDATE
> for another two bytes.
>
> There is a lot of absolutely legal ways in SPDY to force a server to
> do useless job, e.g. you can send hundreds of SYN_STREAMs followed by
> RST_STREAMs with CANCEL status.
>
> And the one you mentioned seems to me like a drop in the ocean.
>
> Currently there is no way to protect from all of the possible cases
> without occasionally breaking some clients.  This is one of cons that
> users should consider when they decide whether enable spdy or not.

Agreed, but it's the web server's job to protect itself from such abuses.

And I'm not saying that this is something that needs to be done right
away or included with this change, but something that should be added
down the road...

Best regards,
Piotr Sikora



More information about the nginx-devel mailing list