IETF Logo Mail Archive

HTTP/2 client behaviour on receiving illegal PUSH_PROMISE frames

Alan Egerton <eggyal@gmail.com> Tue, 22 September 2020 17:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DBE63A03FC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Sep 2020 10:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.771
X-Spam-Level:
X-Spam-Status: No, score=-2.771 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WV8liL4fOZWW for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Sep 2020 10:29:59 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 361D53A0AFF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Sep 2020 10:29:51 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kKm4V-0002vD-Ug for ietf-http-wg-dist@listhub.w3.org; Tue, 22 Sep 2020 17:27:20 +0000
Resent-Date: Tue, 22 Sep 2020 17:27:19 +0000
Resent-Message-Id: <E1kKm4V-0002vD-Ug@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <eggyal@gmail.com>) id 1kKm4S-0002uS-4m for ietf-http-wg@listhub.w3.org; Tue, 22 Sep 2020 17:27:16 +0000
Received: from mail-pg1-x52f.google.com ([2607:f8b0:4864:20::52f]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <eggyal@gmail.com>) id 1kKm4Q-00021D-6j for ietf-http-wg@w3.org; Tue, 22 Sep 2020 17:27:15 +0000
Received: by mail-pg1-x52f.google.com with SMTP id o25so7586034pgm.0 for <ietf-http-wg@w3.org>; Tue, 22 Sep 2020 10:27:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=tVQbnpIekiZcHlFYI9QJnXnmWQ5CA57C6kOpHMXutKY=; b=VmF+DIOH//omr/JZKr53dPAe6jZRf44HhJg2zxpBk+bz5r9JsByOBnvHTeOS8L1PJP QgBqggwptQlScBAn32Pbdajg3cZI0/s/MTwFkjEpd8YkZf+rC+uEnVknKwDtAFDAjR16 RUA6AIs8zDTEYCSDH8gS/tYoj+ABUQaN4HiQSj0wwzRoOdfyndfBCo2sxJY1Nmcf2kjp HRDQ4BVWkjvU2yD/f7ds5HQc0tSubR9S8gf+15lAxnsKAxc1QCcEYaKFaaBHPj1iiB32 8Za/rDyE29Ias/m0wrzkUzDz9GtSqGCoYtEwqWAo9fcZza0y1kbxbWz2/2Mw4/qulrMF SQTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tVQbnpIekiZcHlFYI9QJnXnmWQ5CA57C6kOpHMXutKY=; b=fseZ4eqFh/Re5XOt7RlpVXMpTSTByhihr7wPGYeTIq8gYcf35apxSkiyI1FJhWm8fN fiC9iA9hQ7Qtqt7DXXQoa9buDHuc3qpkAhIXJf3uNqwyJhUSQcZI96vsXYQDvP54PIVN XoWa51Z6Yg6oNOfm90lviufFpbORYoX9Hri6epWjNeZhaItvGW8CR8EzbV3I6dZS6piF 5YjI0z1sx2+dP7PlYY1hPRIBkJD3+LDpZY5YDTkI4D+Vz1z9t97Z2mH7OAK9oegOZld/ msa0QW5tgTpjswfOWG7mxZMl78sJv12+A2A0Yjx5Q6lqXGjOWE8o5Yu0jJCcKli0W9D2 nqbg==
X-Gm-Message-State: AOAM53356oB998h5jZG8VvbjV5K4KpaPl6+CjkuFKV6Kde4dypJ6nkm3 U5Kw4A110F2opOdxjiojgPYgO4qZl/pWagsNj5vRaYbP3Dw=
X-Google-Smtp-Source: ABdhPJz6leEkbN4Hh7L4Z3+w2OZJbRBcSbt37C4hX+TGvTfEy0S7tcBTzBE7cNMXLy3o85HNAN30GDqHHocwzJFttX0=
X-Received: by 2002:a65:60d0:: with SMTP id r16mr4480645pgv.348.1600795622426; Tue, 22 Sep 2020 10:27:02 -0700 (PDT)
MIME-Version: 1.0
From: Alan Egerton <eggyal@gmail.com>
Date: Tue, 22 Sep 2020 18:26:51 +0100
Message-ID: <CA+phaeeHSjyKx8Dv_DqUmL=1TuYyahsFEW364TQT3Kw5j4U5xw@mail.gmail.com>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="0000000000006ecc1d05afea4608"
Received-SPF: pass client-ip=2607:f8b0:4864:20::52f; envelope-from=eggyal@gmail.com; helo=mail-pg1-x52f.google.com
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kKm4Q-00021D-6j c504dcc71e2520e970898cc04c107074
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP/2 client behaviour on receiving illegal PUSH_PROMISE frames
Archived-At: <https://www.w3.org/mid/CA+phaeeHSjyKx8Dv_DqUmL=1TuYyahsFEW364TQT3Kw5j4U5xw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38055
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I'm a little unclear exactly how clients should behave upon receiving
PUSH_PROMISE frames in certain illegal states.  In particular,
sections 5.1 and 6.6 of RFC 7540 appear to state contradictory
requirements:

+------------------------------+-----------------+-----------------+
| Client state                 |   Section 5.1   |   Section 6.6   |
+------------------------------+-----------------+-----------------+
| half-closed(remote)          |       S:SC      |       C:PE      |
|                              |                 |                 |
| closed (RST_STREAM received) |       S:SC      |       C:PE      |
| closed (END_STREAM received) |       C:SC      |       C:PE      |
| closed (RST_STREAM sent)     |    Ignore/P:?   |   Handle/C:PE   |
+------------------------------+-----------------+-----------------+
KEY
S: = Stream error
C: = Connection error
P: = Reset promised stream (error type not stated)
:SC = STREAM_CLOSED
:PE = PROTOCOL_ERROR


So, which is correct?  And where RST_STREAM has been sent, should the
PUSH_PROMISE be ignored or handled (beyond sending RST_STREAM for the
promised stream, in which case what should be the error type)?


The relevant extracts from Section 5.1 are:

In "half-closed(remote)":

> If an endpoint receives additional frames, other than WINDOW_UPDATE,
> PRIORITY, or RST_STREAM, for a stream that is in this state, it MUST
> respond with a stream error (Section 5.4.2) of type STREAM_CLOSED.

In "closed":

> An endpoint that receives any frame other than PRIORITY after
> receiving a RST_STREAM MUST treat that as a stream error (Section
> 5.4.2) of type STREAM_CLOSED. Similarly, an endpoint that receives any
> frames after receiving a frame with the END_STREAM flag set MUST treat
> that as a connection error (Section 5.4.1) of type STREAM_CLOSED,
> unless the frame is permitted as described below.

and

> An endpoint MUST ignore frames that it receives on closed streams
> after it has sent a RST_STREAM frame.
>
> [deletia]
>
> An endpoint might receive a PUSH_PROMISE frame after it sends
> RST_STREAM. PUSH_PROMISE causes a stream to become "reserved" even if
> the associated stream has been reset. Therefore, a RST_STREAM is
> needed to close an unwanted promised stream.


And from Section 6.6 PUSH_PROMISE:

> A receiver MUST treat the receipt of a PUSH_PROMISE on a stream that
> is neither "open" nor "half-closed (local)" as a connection error
> (Section 5.4.1) of type PROTOCOL_ERROR. However, an endpoint that has
> sent RST_STREAM on the associated stream MUST handle PUSH_PROMISE
> frames that might have been created before the RST_STREAM frame is
> received and processed.

-- Alan

v2.23.0 | Report a Bug | By Email