Skip to content

Commit

Permalink
h2: Pad RST_STREAM frames
Browse files Browse the repository at this point in the history
Clients sending too many RST_STREAM is an irregular behavior.

Hack in a preceding END_STREAM DATA frame padded towards [48, 72]
before RST_STREAM so that the TLS record looks like a HEADERS frame.

The server often replies to this with a WINDOW_UPDATE because padding
is accounted in flow control. Whether this constitudes a new irregular
behavior is still unclear.
  • Loading branch information
klzgrad committed Mar 30, 2022
1 parent a9bdea4 commit 5f91e9d
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions src/net/spdy/spdy_session.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2315,6 +2315,25 @@ void SpdySession::EnqueueResetStreamFrame(spdy::SpdyStreamId stream_id,
DCHECK(buffered_spdy_framer_.get());
std::unique_ptr<spdy::SpdySerializedFrame> rst_frame(
buffered_spdy_framer_->CreateRstStream(stream_id, error_code));
// Can't send padding if the send window is very tight.
if (session_send_window_size_ >= 72) {
constexpr int kNonPaddingSize =
spdy::kDataFrameMinimumSize + spdy::kRstStreamFrameSize;
uint8_t padding_length = base::RandInt(48, 72) - kNonPaddingSize;
size_t expected_length = kNonPaddingSize + padding_length;
spdy::SpdyFrameBuilder builder(expected_length);
builder.BeginNewFrame(spdy::SpdyFrameType::DATA,
spdy::DATA_FLAG_FIN | spdy::DATA_FLAG_PADDED,
stream_id, padding_length);
builder.WriteUInt8(padding_length - 1);
std::string padding(padding_length - 1, 0);
builder.WriteBytes(padding.data(), padding.size());
builder.BeginNewFrame(spdy::SpdyFrameType::RST_STREAM, 0, stream_id, 4);
builder.WriteUInt32(error_code);
DCHECK_EQ(expected_length, builder.length());
rst_frame = std::make_unique<spdy::SpdySerializedFrame>(builder.take());
DecreaseSendWindowSize(padding_length);
}

EnqueueSessionWrite(priority, spdy::SpdyFrameType::RST_STREAM,
std::move(rst_frame));
Expand Down

0 comments on commit 5f91e9d

Please sign in to comment.