[HTTP/2] implement protocol error handling out of dispatch context #12280
Labels
area/http
enhancement
Feature requests. Not bugs or questions.
no stalebot
Disables stalebot from closing an issue
untrusted-upstreams
Required before considering upstreams untrusted
HTTP/2 codec uses private sendPendingFrames() for building outbound wire bytes. This method may fail if higher level protocol constraints are violated. It is also possible that nghttp2 methods for building frames fail. The high level protocol constraints checked by the codec, consist of limits on the number of outbound frames of different types, and only implemented for server codecs at this point.
There are presently 11 call sites of this method in the codec. Only the call site in the dispatch() method checks and handles the error code returned (or thrown in the legacy implementation) by the sendPendingFrames() method. The other 10 call sites cause abnormal program termination if the sendPendingFrames() encounters an error.
The error handling is implemented by adding a variable tracking (latching) the error state of the codec and a closure that is executed when codec is transitioned into the error state. The closure is executed by the event dispatcher after all events in the current event loop iteration have been processed.
The error state has to be tracked by codec to handle the case where an I/O event is pending for failed codec in the current event loop iteration. The error state is checked before the dispatch() method is invoked and if the codec is in the failed state it is torn down instead of processing inbound data.
Error handling will be added to each **sendPendingFrames()**call site one by one to minimize the risk and amount of changes needed to be reviewed in each PR. When the sendPendingFrames() method returns an error code (or throws an exception in the legacy implementation) the error state of codec is changed to failed and the closure for tearing down the codec is scheduled to run by the event dispatcher at the end of the current iteration.
Depends on #12279
Sub-task of #12278
The text was updated successfully, but these errors were encountered: