netty5

History

Eric Anderson 0754dac14d codec-http2: Correct last-stream-id for HEADERS-triggered connection error (#10775 ) Motivation: When parsing HEADERS, connection errors can occur (e.g., too large of headers, such that we don't want to HPACK decode them). These trigger a GOAWAY with a last-stream-id telling the client which streams haven't been processed. Unfortunately that last-stream-id didn't include the stream for the HEADERS that triggered the error. Since clients are free to silently retry streams not included in last-stream-id, the client is free to retransmit the request on a new connection, which will fail the connection with the wrong last-stream-id, and the client is still free to retransmit the request. Modifications: Have fatal connection errors (those that hard-cut the connection) include all streams in last-stream-id, which guarantees the HEADERS' stream is included and thus should not be silently retried by the HTTP/2 client. This modification is heavy-handed, as it will cause racing streams to also fail, but alternatives that provide precise last-stream-id tracking are much more invasive. Hard-cutting the connection is already heavy-handed and so is rare. Result: Fixes #10670	2020-11-05 09:54:49 +01:00
..
src	codec-http2: Correct last-stream-id for HEADERS-triggered connection error (#10775 )	2020-11-05 09:54:49 +01:00
pom.xml	Enable nohttp check during the build (#10708 )	2020-10-23 15:26:25 +02:00

Eric Anderson 0754dac14d codec-http2: Correct last-stream-id for HEADERS-triggered connection error (#10775 )

Motivation:

When parsing HEADERS, connection errors can occur (e.g., too large of
headers, such that we don't want to HPACK decode them). These trigger a
GOAWAY with a last-stream-id telling the client which streams haven't
been processed.

Unfortunately that last-stream-id didn't include the stream for the
HEADERS that triggered the error. Since clients are free to silently
retry streams not included in last-stream-id, the client is free to
retransmit the request on a new connection, which will fail the
connection with the wrong last-stream-id, and the client is still free
to retransmit the request.

Modifications:

Have fatal connection errors (those that hard-cut the connection)
include all streams in last-stream-id, which guarantees the HEADERS'
stream is included and thus should not be silently retried by the HTTP/2
client.

This modification is heavy-handed, as it will cause racing streams to
also fail, but alternatives that provide precise last-stream-id tracking
are much more invasive. Hard-cutting the connection is already
heavy-handed and so is rare.

Result:

Fixes #10670

2020-11-05 09:54:49 +01:00

src

codec-http2: Correct last-stream-id for HEADERS-triggered connection error (#10775 )

2020-11-05 09:54:49 +01:00

pom.xml

Enable nohttp check during the build (#10708 )

2020-10-23 15:26:25 +02:00