search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.37k stars 9.99k forks source link

Eliminate Microsoft.AspNetCore.Server.Kestrel.Http2.MaxConnectionFlowControlQueueSize #51309

Open amcasey opened 1 year ago

amcasey commented 1 year ago

Is there an existing issue for this?

Describe the bug

We introduced an AppContext property in #51304 because it was less risky that improving the clean-up code to prevent _waitingForMoreConnectionWindow from overflowing in the first place. It should probably be pruned as streams are closed.

Expected Behavior

No response

Steps To Reproduce

The queue grows very quickly during Rapid Reset attacks when Microsoft.AspNetCore.Server.Kestrel.Http2.MaxConnectionFlowControlQueueSize is disabled (e.g. by setting it to 0).

Exceptions (if any)

No response

.NET Version

No response

Anything else?

No response

amcasey commented 1 year ago

I believe @halter73 has concrete improvements in mind and can probably better explain what needs to be done.