You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/15 16:24:29 UTC
[tomcat] branch main updated: Change the starting overhead count
from -10 to -10*overheadCountFactor
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 99ffff7 Change the starting overhead count from -10 to -10*overheadCountFactor
99ffff7 is described below
commit 99ffff7bc16954def53d55c7fbee4d5063e880cb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jun 14 21:59:06 2021 +0100
Change the starting overhead count from -10 to -10*overheadCountFactor
---
java/org/apache/coyote/http2/Http2UpgradeHandler.java | 10 +++++++++-
webapps/docs/changelog.xml | 7 +++++++
webapps/docs/config/http2.xml | 12 ++++++------
3 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index e12daf5..2f9f0da 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -143,7 +143,7 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH
private Queue<StreamRunnable> queuedRunnable = null;
// Track 'overhead' frames vs 'request/response' frames
- private final AtomicLong overheadCount = new AtomicLong(-10);
+ private final AtomicLong overheadCount;
private volatile int lastNonFinalDataPayload;
private volatile int lastWindowUpdate;
@@ -154,6 +154,14 @@ class Http2UpgradeHandler extends AbstractStream implements InternalHttpUpgradeH
this.adapter = adapter;
this.connectionId = Integer.toString(connectionIdGenerator.getAndIncrement());
+ // Defaults to -10 * the count factor.
+ // i.e. when the connection opens, 10 'overhead' frames in a row will
+ // cause the connection to be closed.
+ // Over time the count should be a slowly decreasing negative number.
+ // Therefore, the longer a connection is 'well-behaved', the greater
+ // tolerance it will have for a period of 'bad' behaviour.
+ overheadCount = new AtomicLong(-10 * protocol.getOverheadCountFactor());
+
lastNonFinalDataPayload = protocol.getOverheadDataThreshold() * 2;
lastWindowUpdate = protocol.getOverheadWindowUpdateThreshold() * 2;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 93af7a2..d013cc5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,13 @@
1. This means that, over time, the overhead count for a well-behaved
connection will trend downwards. (markt)
</update>
+ <update>
+ Change the initial HTTP/2 overhead count from <code>-10</code> to
+ <code>-10 * overheadCountFactor</code>. This means that, regardless of
+ the value chosen for <code>overheadCountFactor</code>, when a connection
+ opens 10 overhead frames in a row will be required to trigger the
+ overhead protection. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/http2.xml b/webapps/docs/config/http2.xml
index 9e5a148..8a4c9c1 100644
--- a/webapps/docs/config/http2.xml
+++ b/webapps/docs/config/http2.xml
@@ -136,12 +136,12 @@
<attribute name="overheadCountFactor" required="false">
<p>The factor to apply when counting overhead frames to determine if a
connection has too high an overhead and should be closed. The overhead
- count starts at <code>-10</code>. The count is decreased by 2 for each
- data frame sent or received and each headers frame received. The count is
- increased by the <code>overheadCountFactor</code>for each setting
- received, priority frame received and ping received. If the overhead count
- exceeds zero, the connection is closed. A value of less than
- <code>1</code> disables this protection. In normal usage a value of
+ count starts at <code>-10 * overheadCountFactor</code>. The count is
+ decreased by 2 for each data frame sent or received and each headers frame
+ received. The count is increased by the <code>overheadCountFactor</code>
+ for each setting received, priority frame received and ping received. If
+ the overhead count exceeds zero, the connection is closed. A value of less
+ than <code>1</code> disables this protection. In normal usage a value of
<code>3</code> or more will close the connection before any streams can
complete. If not specified, a default value of <code>1</code> will be
used.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org