Re: Proposal: New Frame Size Text (was: Re: Design Issue: Frame Size Items)

[James M Snell <jasnell@gmail.com>]

On Fri, May 10, 2013 at 10:27 AM, Roberto Peon <grmocg@gmail.com> wrote:
> I'm strongly against including header frames in flow control.
>
> Header frames and other control frames must not be part of the flow control,
> else session flow control is useless. Session flow control exists *to allow
> us to process header frames* and other control frames with a high likelihood
> of not having to stop reading from the socket.
>

To be clear: this proposal *does not* put header and control frames
into flow control. It does, however, use the WINDOW_SIZE as a max-size
for headers frames. The data contained in the headers frames, however,
are not counted towards the flow control limits. In fact, this
proposal makes ZERO changes to the existing flow control mechanism. It
is focused 100% on frame size ONLY.

ALL this proposal is doing is using the window_size as a reasonable
limitation for frame size (particularly given that an endpoint will
rarely, if ever, desire for an individual frame to ever exceed the
WINDOW_SIZE).


> Flow control is never perfect, and implementations must already be ready to
> cease reading from the socket. This is true regardless of whether header
> frames are part of flow control
>
> Since it might be conflated (I don't believe it was so far): as a reminder:
> the number of header frames has zip to do with the size of the compressor
> state, and, the number of streams also has zip to do with the size of the
> compressor state.
>
> Thus, the only thing we're worried about is the size of the receive buffer
> and/or the size of the decompressed header. And, if an implementation
> believes that it is hitting its memory limit, it does need to stop reading
> from the TCP buffer or decompressing the headers. Since the decompressor
> would have to know the size of the output that it is creating, passing a
> constant to it would suffice to ensure that it can cease processing before
> hitting whatever arbitrary memory limit.
> Furthermore, a reasonable implementation of the compressor will not create
> many copies of the headers, but rather give you immutable pointers to them
> (with the memory resident either in the receive buffer, or in the
> compression context), which means that the amount of memory used by
> decompressing headers is likely to be orders of magnitude smaller than the
> size of the receive buffer.
>
> Again, I'm very strongly against including header frames in the flow control
> limit.
>
>
> -=R
>
>
>
> On Thu, May 9, 2013 at 2:20 PM, James M Snell <jasnell@gmail.com> wrote:
>>
>> On Thu, May 9, 2013 at 2:01 PM, William Chan (陈智昌)
>> <willchan@chromium.org> wrote:
>> > I discussed this with Roberto and Hasan. Here are some thoughts on
>> > including
>> > header blocks within flow control:
>> >
>>
>> Note that my proposal does not explicitly state that the header blocks
>> would be put covered by flow control, only that the current window
>> size be used to limit the maximum allowed size of those frames.
>> Whether or not headers count towards the flow control limits is a
>> separate (but definitely related) question... with that in mind, some
>> responses below...
>>
>> > * In the proposed text, it appears that only the compressed header block
>> > is
>> > counting towards the window. Is that really what's desirable in order to
>> > properly control memory? Processing the header block requires
>> > decompressing
>> > it, and that's what will be kept in memory buffers until drained by the
>> > sink.
>>
>> Yes, I think it is desirable. The memory management for the
>> decompressor state is separate from the notion of how much data the
>> receiver is willing to accept over the network. It's likely, for
>> instance, that the data in a DATA frame could be compressed as well.
>> It would not really make sense to count the decompressed bytes there
>> towards the flow control limits.
>>
>> > * One problem with having headers count toward the per-stream flow
>> > control
>> > window is that, in non-HTTP semantic layering, the header metadata could
>> > be
>> > used as a control channel for the stream. Similar to how it would be
>> > unfortunate to block connection control frames with the session flow
>> > control
>> > window, it might also be unfortunate to block stream header/control
>> > frames
>> > on the per-stream flow control window.
>>
>> Agreed. That said, however, because header blocks contain user
>> provided data, not including these in flow control opens the distinct
>> likelihood for abuse. For instance, if an application is not able to
>> get it's data passed through in DATA frames because of flow control
>> issues, they could simply bypass flow control by packaging the data up
>> into headers frames. Whether that's a realistic risk or not, I don't
>> know, but I've learned to never underestimate the ingenuity of
>> developers who are motivated enough to work around MUST and SHOULD
>> level requirements. :-)
>>
>> - James
>>
>> > * As previously noted in other threads, it's unfortunate that stream
>> > headers
>> > aren't counted toward any flow control windows, since that means we may
>> > have
>> > to use the last-resort option to prevent further memory consumption -
>> > stop
>> > calling read().
>> >
>> >
>> > On Wed, May 8, 2013 at 9:12 PM, James M Snell <jasnell@gmail.com> wrote:
>> >>
>> >> Suggested replacement text for the current "Frame Size" discussion in
>> >> the spec...
>> >>
>> >> ...
>> >>    While the flow control protocol and framing mechanisms defined by
>> >> this specification are largely independent of one another, the flow
>> >> control WINDOW_SIZE places an upper limit on the total amount of data
>> >> an endpoint can send to a peer at any given time. DATA, HEADERS,
>> >> HEADERS+PRIORITY and PUSH_PROMISE frame sizes MUST NOT exceed the
>> >> current WINDOW_SIZE for the stream or connection and MUST NOT be
>> >> greater than 65,535 bytes. The 8 bytes of the frame header are not
>> >> counted toward this limit.
>> >>
>> >>    When a new connection is established, both endpoints are permitted
>> >> to begin sending frames prior to the establishment of an initial flow
>> >> control WINDOW_SIZE. Accordingly, there is a risk that an endpoint
>> >> might initially send frames that are too large for the peer to handle.
>> >> To mitigate this risk, it is RECOMMENDED that, until the initial
>> >> WINDOW_SIZE is established, the total size of individual
>> >> header-bearing frames not exceed the current TCP Maximum Segment Size
>> >> (MSS) and that individual DATA frames are no larger than 4096 bytes.
>> >> The 8-byte frame header is included in these limits.
>> >>
>> >> If an endpoint is unable to process a frame due to its size and the
>> >> frame specifies any stream identifier field value other than 0x0, the
>> >> endpoint MUST respond with a <xref target="StreamErrorHandler">stream
>> >> error</xref> using the FRAME_TOO_LARGE error code. If the stream
>> >> identifier field value is 0x0, the endpoint MUST send a <xref
>> >> target="ConnectionErrorHandler">connection error</xref> using the
>> >> FRAME_TOO_LARGE error code.
>> >> ...
>> >>
>> >> - James
>> >>
>> >>
>> >>
>> >> On Wed, May 8, 2013 at 1:56 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>
>> >> wrote:
>> >> > In message
>> >> > <CABP7Rbc8rs4-ktyGKwVxVC4MztcvYtARqBDoyEBYujfcpo4YDw@mail.gmail.com>
>> >> > , James M Snell writes:
>> >> >
>> >> >>Going back through this, here's a counter proposal:
>> >> >>
>> >> >>Let's get rid of the 8192 frame size rule and simply say that the
>> >> >>maximum size for all DATA, HEADERS, HEADERS+PRIORITY and PUSH_PROMISE
>> >> >>frames is either 65,535 or the current flow control WINDOW_SIZE,
>> >> >>whichever is less.
>> >> >
>> >> > Hmm, *now* you're talking...
>> >> >
>> >> > I like it.
>> >> >
>> >> > --
>> >> > Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>> >> > phk@FreeBSD.ORG         | TCP/IP since RFC 956
>> >> > FreeBSD committer       | BSD since 4.3-tahoe
>> >> > Never attribute to malice what can adequately be explained by
>> >> > incompetence.
>> >
>> >
>
>