Skip to content

Increase Http2 Header limit size to the MaxFrameSize #12625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 26, 2019
Merged

Increase Http2 Header limit size to the MaxFrameSize #12625

merged 2 commits into from
Jul 26, 2019

Conversation

jkotalik
Copy link
Contributor

@jkotalik jkotalik commented Jul 26, 2019
edited
Loading

Part of #12213

Increased the limit to the default max frame size.

@jkotalik jkotalik requested review from halter73 and Tratcher July 26, 2019 19:09
@jkotalik jkotalik requested a review from analogrelay as a code owner July 26, 2019 19:09
@jkotalik jkotalik added tell-mode Indicates a PR which is being merged during tell-mode area-servers labels Jul 26, 2019
@jkotalik
Copy link
Contributor Author

I don't believe this address all issues. The Http2Stream still calls ResetAndAbort with a protocol violation here: https://github.com/aspnet/AspNetCore/blob/caa910ceeba5f2b2c02c47a23ead0ca31caea6f0/src/Servers/Kestrel/Core/src/Internal/Http2/Http2Stream.cs#L207. I believe this is the real issue the stress app is hitting.

@analogrelay analogrelay added this to the 3.0.0-preview8 milestone Jul 26, 2019
@halter73
Copy link
Member

I agree that ProtocolError seems wrong for going over a server-configured limit that's not configured as part of the protocol. What do we think is better than Http2ErrorCode.PROTOCOL_ERROR though? My feeling is that Http2ErrorCode.INTERNAL is probably best.

halter73
halter73 reviewed Jul 26, 2019
View reviewed changes
src/Servers/Kestrel/Core/src/Http2Limits.cs
@@ -81,7 +81,7 @@ public int MaxFrameSize
/// <summary>
/// Indicates the size of the maximum allowed size of a request header field sequence. This limit applies to both name and value sequences in their compressed and uncompressed representations.
/// <para>
/// Value must be greater than 0, defaults to 8192
/// Value must be greater than 0, defaults to 2^14 (16,384)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I think it's OK just to use 16,384. People who care whether or not it's a power of two will intuitively know that it is.

@jkotalik
Copy link
Contributor Author

I think this PR is fine for now, but I'll keep the original issue open to address the request line issues.

@jkotalik jkotalik merged commit 4aebd29 into master Jul 26, 2019
@ghost ghost deleted the jkotalik/http2Limits branch July 26, 2019 21:31
@Tratcher
Copy link
Member

We should work out how we can send a 4XX response before resetting.

@halter73
Copy link
Member

halter73 commented Jul 26, 2019
edited
Loading

I think if you RST a connection, no response at all is better than a 4XX. That aligns better with an HTTP/1.1 connection reset. We wont be able to write a 4XX anyway if the app has already started writing a response.

@Tratcher
Copy link
Member

These are h2 stream resets, not tcp resets. They also happen as the request is received and prevent it from being dispatched to the app. Sending a 4XX would align with how we handle this class of errors in HTTP/1.1.

@halter73
Copy link
Member

I think I understand what you're saying. I was thinking of receiving a HTTP/2 stream reset, not a tcp reset, but you're right I lost some of the context. Sending a 4XX for too-large headers is the right thing to do.

@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halter73 halter73 halter73 approved these changes

@Tratcher Tratcher Tratcher approved these changes

@analogrelay analogrelay Awaiting requested review from analogrelay

Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions tell-mode Indicates a PR which is being merged during tell-mode
Projects
None yet
Milestone
3.0.0-preview8
Development

Successfully merging this pull request may close these issues.
5 participants
@jkotalik @halter73 @Tratcher @analogrelay @amcasey