-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP/3: Conflicting error codes for DATA frame on control stream #4842
Comments
Seems fine to me. Its always an error to send DATA on a control stream. There's a precedence between the two conditions, if we try to articulate that in every case the text could become quite unwieldy. |
I don't feel the need to address this. There are multiple situations in which a particular behavior can be wrong in more than one way, and it's implementation-dependent which failure it notices and errors on first. @quicwg/chairs, does this need any process, as this is a design question? |
I'm not seeing any compelling reason to challenge a design principle. In this case specifically there's never a reason to send DATA on control streams, so it's a completely broken implementation. We try to make it clear that endpoints shouldn't read too much into the specific error codes that they get and in this case the error is terminal for the connection, so there's not much the offender can do when it receives an error. |
Responses along the lines of "a behavior may be wrong in more than one way" and "endpoints should not read too much into error codes" go against the spirit of the specification, with its registry of error codes and big bold MUST pronouncements about which error code is to be used under which circumstances. It's inconsistent: what's the point of all the error codes, then, if we allow an implementation just to pick one of the error codes (as in this example)? This is not a rhetorical question. From the application perspective, how is a spec-verification tool, such as |
Not really. Section 8 is pretty clear: Stream errors can be upgraded to connection errors and any error condition can be reported as H3_GENERAL_PROTOCOL_ERROR if the implementation chooses to do so.
the MUST applies to how to treat the event of a protocol violation - must close the connection. Error codes are a nice feature on the top - users of HTTP/3 should be entirely prepared for them to be used wrongly. In this specific case, it sounds like you're asking for something like a blanket requirement for every frame that cannot be sent on the control stream to say something like
As @MikeBishop points out, this can be viewed as a design change for implementations that don't follow the guidance exactly like that. I think its too late to revisit this because there is no interoperability or security issues associated with the current design.
Since such tools have to accommodate any error condition being a connection error, and any error type being a H3_GENERAL_PROTOCOL_ERROR, my advise is that they validate error test cases as so:
|
The first clause in this general guidance (in transport, but it should apply to h3 well enough) would seem to make this question moot:
Indeed, this exact kind of situation is what motivated the inclusion of this text. These debates are commonplace and waste a lot of time and they also place unnatural constraints on implementations. What an implementation does here might determine which code is reported and that is OK. Both codes are applicable. Reporting either achieves the ultimate goal, which is identifying a bug. Forcing a choice only leads to wasteful discussions like this one. The answer is that |
This avoids conflict with test for Sec 7.2.1. quicwg/base-drafts#4842
Talking about |
Just circling back to this. The proposal was to do nothing and there's since the document is with the RFC editor, the next logical action is to close the issue. |
When a DATA frame is received as the first frame on the control stream, HTTP/3 ID-34 mandates two different error codes:
Section 6.2.1:
Section 7.2.1:
(Found by @kazu-yamamoto's
h3spec
tool while testing lsquic.)The text was updated successfully, but these errors were encountered: