W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: Proposal: New Frame Size Text (was: Re: Design Issue: Frame Size Items)

From: James M Snell <jasnell@gmail.com>
Date: Fri, 10 May 2013 10:07:42 -0700
Message-ID: <CABP7Rbd-VfTFYurZ-JEKjHKOeKvZCKoYLGMXf+0mi-_wbdKYqA@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Martin Thomson <martin.thomson@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>, Hasan Khalil <hkhalil@google.com>
This is now pull request #92: https://github.com/http2/http2-spec/pull/92

On Thu, May 9, 2013 at 2:20 PM, James M Snell <jasnell@gmail.com> wrote:
> On Thu, May 9, 2013 at 2:01 PM, William Chan (陈智昌)
> <willchan@chromium.org> wrote:
>> I discussed this with Roberto and Hasan. Here are some thoughts on including
>> header blocks within flow control:
>>
>
> Note that my proposal does not explicitly state that the header blocks
> would be put covered by flow control, only that the current window
> size be used to limit the maximum allowed size of those frames.
> Whether or not headers count towards the flow control limits is a
> separate (but definitely related) question... with that in mind, some
> responses below...
>
>> * In the proposed text, it appears that only the compressed header block is
>> counting towards the window. Is that really what's desirable in order to
>> properly control memory? Processing the header block requires decompressing
>> it, and that's what will be kept in memory buffers until drained by the
>> sink.
>
> Yes, I think it is desirable. The memory management for the
> decompressor state is separate from the notion of how much data the
> receiver is willing to accept over the network. It's likely, for
> instance, that the data in a DATA frame could be compressed as well.
> It would not really make sense to count the decompressed bytes there
> towards the flow control limits.
>
>> * One problem with having headers count toward the per-stream flow control
>> window is that, in non-HTTP semantic layering, the header metadata could be
>> used as a control channel for the stream. Similar to how it would be
>> unfortunate to block connection control frames with the session flow control
>> window, it might also be unfortunate to block stream header/control frames
>> on the per-stream flow control window.
>
> Agreed. That said, however, because header blocks contain user
> provided data, not including these in flow control opens the distinct
> likelihood for abuse. For instance, if an application is not able to
> get it's data passed through in DATA frames because of flow control
> issues, they could simply bypass flow control by packaging the data up
> into headers frames. Whether that's a realistic risk or not, I don't
> know, but I've learned to never underestimate the ingenuity of
> developers who are motivated enough to work around MUST and SHOULD
> level requirements. :-)
>
> - James
>
>> * As previously noted in other threads, it's unfortunate that stream headers
>> aren't counted toward any flow control windows, since that means we may have
>> to use the last-resort option to prevent further memory consumption - stop
>> calling read().
>>
>>
>> On Wed, May 8, 2013 at 9:12 PM, James M Snell <jasnell@gmail.com> wrote:
>>>
>>> Suggested replacement text for the current "Frame Size" discussion in
>>> the spec...
>>>
>>> ...
>>>    While the flow control protocol and framing mechanisms defined by
>>> this specification are largely independent of one another, the flow
>>> control WINDOW_SIZE places an upper limit on the total amount of data
>>> an endpoint can send to a peer at any given time. DATA, HEADERS,
>>> HEADERS+PRIORITY and PUSH_PROMISE frame sizes MUST NOT exceed the
>>> current WINDOW_SIZE for the stream or connection and MUST NOT be
>>> greater than 65,535 bytes. The 8 bytes of the frame header are not
>>> counted toward this limit.
>>>
>>>    When a new connection is established, both endpoints are permitted
>>> to begin sending frames prior to the establishment of an initial flow
>>> control WINDOW_SIZE. Accordingly, there is a risk that an endpoint
>>> might initially send frames that are too large for the peer to handle.
>>> To mitigate this risk, it is RECOMMENDED that, until the initial
>>> WINDOW_SIZE is established, the total size of individual
>>> header-bearing frames not exceed the current TCP Maximum Segment Size
>>> (MSS) and that individual DATA frames are no larger than 4096 bytes.
>>> The 8-byte frame header is included in these limits.
>>>
>>> If an endpoint is unable to process a frame due to its size and the
>>> frame specifies any stream identifier field value other than 0x0, the
>>> endpoint MUST respond with a <xref target="StreamErrorHandler">stream
>>> error</xref> using the FRAME_TOO_LARGE error code. If the stream
>>> identifier field value is 0x0, the endpoint MUST send a <xref
>>> target="ConnectionErrorHandler">connection error</xref> using the
>>> FRAME_TOO_LARGE error code.
>>> ...
>>>
>>> - James
>>>
>>>
>>>
>>> On Wed, May 8, 2013 at 1:56 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>
>>> wrote:
>>> > In message
>>> > <CABP7Rbc8rs4-ktyGKwVxVC4MztcvYtARqBDoyEBYujfcpo4YDw@mail.gmail.com>
>>> > , James M Snell writes:
>>> >
>>> >>Going back through this, here's a counter proposal:
>>> >>
>>> >>Let's get rid of the 8192 frame size rule and simply say that the
>>> >>maximum size for all DATA, HEADERS, HEADERS+PRIORITY and PUSH_PROMISE
>>> >>frames is either 65,535 or the current flow control WINDOW_SIZE,
>>> >>whichever is less.
>>> >
>>> > Hmm, *now* you're talking...
>>> >
>>> > I like it.
>>> >
>>> > --
>>> > Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>>> > phk@FreeBSD.ORG         | TCP/IP since RFC 956
>>> > FreeBSD committer       | BSD since 4.3-tahoe
>>> > Never attribute to malice what can adequately be explained by
>>> > incompetence.
>>
>>
Received on Friday, 10 May 2013 17:08:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:13 UTC