-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP/2: Should we restrict value range for SETTINGS_MAX_CONCURRENT_STREAMS? #13371
Comments
Sounds like setting I don't understand how netty is prevented from connecting to etcd? |
For reference, this is the discussion that etcd had about this default value: https://github.com/etcd-io/etcd/pull/14169/files#r913763470 |
Is there a problem today? It sounds like "everything is fine, but if we change something it could break things." I don't see any proposed gain for adding validation.
Well, sorta. If it is |
Exactly. Today Netty behaves like (1), changing the behavior to (2) will not allow connecting to etcd until etcd changes the value to the range we require.
No issues with Confusion is when it receives values above 2^31 - 1 ( If changing the validation can break things, will it make sense to add netty/codec-http2/src/main/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoder.java Line 478 in 6a18f8f
|
Http2Settings
validate the value range based on values inHttp2CodecUtil
:netty/codec-http2/src/main/java/io/netty/handler/codec/http2/Http2CodecUtil.java
Line 92 in 6a18f8f
It accepts any value from 0 to an unsigned 32-bit integer (4,294,967,295). This seems legal because RFC reserves 32-bits for a value in
Settings
frame: https://datatracker.ietf.org/doc/html/rfc9113#section-6.5.1Following Section 6.5.2 Defined Settings applies additional restrictions to some settings, like
SETTINGS_ENABLE_PUSH
,SETTINGS_INITIAL_WINDOW_SIZE
,SETTINGS_MAX_FRAME_SIZE
, and clarifies what to do when value is out of the specified range. There are no explicit clarifications about the value range forSETTINGS_MAX_CONCURRENT_STREAMS
.However, Section 5.1.1 Stream Identifiers says:
This means there could be no streams with an id greater than 2,147,483,647 and each side can have no more than 1,073,741,824 streams total.
Http2Stream#id()
return type isint
.DefaultHttp2Connection.canOpenStream()
also operates with integers.Since RFC doesn't define behavior for
SETTINGS_MAX_CONCURRENT_STREAMS
values outside this range, what would be your expected behavior?netty/codec-http2/src/main/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoder.java
Lines 476 to 479 in 6a18f8f
2^31 - 1
or maybe even2^30
.The main issue with (1) is that every Netty-based library should be aware of this silent behavior and do the same if it reads
Http2Settings.maxConcurrentStreams()
as aLong
value.On the other hand, there are deployed systems (etcd) that use unsigned 32-bit integer (4,294,967,295) as the default value. Making this change in Netty will mean it won't be able to connect until those systems change the default value.
WDYT?
The text was updated successfully, but these errors were encountered: