[PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments

Piotr Sikora piotrsikora at google.com
Tue Mar 28 10:36:50 UTC 2017

Hey Valentin,

> I'm not sure that strictly following RFC here is worth the effort.
> It seems there's no other "harm" from zero window updates except that it
> allows to reset timers without any progress.  That's only slightly worse
> than 1-bytes window updates.

Flow control interoperability and deadlocks between various HTTP/2
implementations are the biggest issues with the protocol, so while
there is no real harm in allowing 0 window updates, they indicate
broken client, and resetting stream and/or connection as soon as such
thing happens makes it much easier to find issues.

> The downside is additional code and intolerance to potential client bugs.

Catching client bugs early on is the upside, IMHO.

> Also note that in your implementation if zero window update is received
> for unknown stream then it's silently ignored.

Good catch, thanks! I'll send fixed version shortly.

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list