From d6391623e54c65d415b31b03b26712e959a115f5 Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 18 Aug 2024 10:56:59 +0800 Subject: [PATCH] Raise HTTP/2 receive window sizes --- src/net/tools/naive/naive_proxy_bin.cc | 33 +++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/net/tools/naive/naive_proxy_bin.cc b/src/net/tools/naive/naive_proxy_bin.cc index c0e40f142d..080be85215 100644 --- a/src/net/tools/naive/naive_proxy_bin.cc +++ b/src/net/tools/naive/naive_proxy_bin.cc @@ -173,6 +173,37 @@ std::unique_ptr BuildURLRequestContext( URLRequestContextBuilder builder; builder.DisableHttpCache(); + + // Overrides HTTP/2 initial window size default values to accommodate + // high BDP links. + // See net/http/http_network_session.cc for the default values. + // Alternative implementations than fixed large windows: + // (1) Dynamic window scaling, see + // https://github.com/dotnet/runtime/pull/54755 + // and https://grpc.io/blog/grpc-go-perf-improvements/ + // This approach estimates throughput and RTT in userspace + // and incurs big architectural complexity. + // (2) Obtains TCP receive windows from Linux-specific TCP_INFO. + // This approach is not portable. + // Security impact: + // This use of non-default settings creates a fingerprinting feature + // that is visible to proxy servers, though this is only exploitable + // if the proxy servers can be MITM'd. + + constexpr int kMaxBandwidthMBps = 125; + constexpr double kTypicalRttSecond = 0.256; + constexpr int kMaxBdpMB = kMaxBandwidthMBps * kTypicalRttSecond; + + // The windows size should be twice the BDP because WINDOW_UPDATEs + // are sent after half the window is unacknowledged. + constexpr int kTypicalWindow = kMaxBdpMB * 2 * 1024 * 1024; + HttpNetworkSessionParams http_network_session_params; + http_network_session_params.spdy_session_max_recv_window_size = + kTypicalWindow * 2; + http_network_session_params + .http2_settings[spdy::SETTINGS_INITIAL_WINDOW_SIZE] = kTypicalWindow; + builder.set_http_network_session_params(http_network_session_params); + builder.set_net_log(net_log); ProxyConfig proxy_config; @@ -198,7 +229,7 @@ std::unique_ptr BuildURLRequestContext( CertVerifier::CreateDefault(std::move(cert_net_fetcher))); builder.set_proxy_delegate(std::make_unique( - config.extra_headers, + config.extra_headers, std::vector{PaddingType::kVariant1, PaddingType::kNone})); if (config.no_post_quantum == true) {