Re: HTTP/2 response completed before its request

In message <>, Johnny Graettinger writes

>Like TCP, HTTP/2 streams are full duplex. From the server's perspective,
>the stream was in a half-closed-local state. As in TCP, a stream in such a
>state must be consumed or reset to avoid a stall. The server had the choice
>of either, and did neither.

Sorry, but that's a rubish argument.  When the HTTP server has sent you 
a 3xx, 4xx or 5xx, that is like getting a RST on a TCP stream:  The other
end told you "We're done, go away" and that's why your application does
not even get asked before the TCP stack replies with RST.

>Without knowing the application context, it's impossible to say what would
>have been sensible client behavior, but it doesn't matter here.

We know the application context:  The server closed the stream, and
well-behaved clients can only respect that and shut up ASAP.

The servers problem is that this is YADAV[1] in HTTP/2, so it needs a
heurstic to tell inept clients form malicious clients.


[1] Yet Another Dos Attack Vector

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 1 July 2014 19:58:53 UTC