Limit the number of Continuation frames per HTTP2 Headers #13969
Conversation
Motivation: We should limit the number of continuation frames that the remote peer is allowed to sent per headers. Modifications: - Limit the number of continuation frames by default to 16 and allow the user to change this. - Add unit test Result: Do some more validations to guard against resource usage
normanmaurer
requested review from
idelpivnitskiy,
chrisvest and
bryce-anderson
|
Since the default is getting set to 16, this looks like it would break existing users that allow MAX_HEADER_LIST_SIZE > 256 KiB. I'm also not wild about a config option like this which needs a reasonable amount of understanding of how other settings work together. Could we instead base this off of MAX_HEADER_LIST_SIZE? Or only count CONTINUATIONS that are less than half of 16 KiB (which seems better than half of MAX_FRAME_SIZE), and only allow 1ish of such CONTINUATIONS? Or more simply "reject a CONTINUATION with END_HEADERS=0 if it is less than 8 KiB." Even if we have configuration for these, virtually nobody would need to actually use the setting. |
|
The implementation looks good but I agree with Eric about his concern regarding a fix number of frames. I do like his solution of rejecting < 8KiB non-terminal continuation frames. The exact size of rejecting could be the tuning parameter where 0 is 'not checked'. |
Motivation:
We should limit the number of continuation frames that the remote peer is allowed to sent per headers.
Modifications:
Result:
Do some more validations to guard against resource usage