1'use strict'; 2 3const common = require('../common'); 4 5if (!common.hasCrypto) 6 common.skip('missing crypto'); 7 8const h2 = require('http2'); 9const net = require('net'); 10 11const preamble = Buffer.from([ 12 0x50, 0x52, 0x49, 0x20, 0x2a, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 13 0x32, 0x2e, 0x30, 0x0d, 0x0a, 0x0d, 0x0a, 0x53, 0x4d, 0x0d, 0x0a, 14 0x0d, 0x0a, 0x00, 0x00, 0x0c, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 15 0x00, 0x03, 0x00, 0x00, 0x00, 0x64, 0x00, 0x04, 0x00, 0x00, 0xff, 16 0xff, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 17 0x00, 0x05, 0x02, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 18 0x00, 0xc8, 0x00, 0x00, 0x05, 0x02, 0x00, 0x00, 0x00, 0x00, 0x05, 19 0x00, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x05, 0x02, 0x00, 0x00, 20 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 21 0x02, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x07, 0x00, 22 0x00, 0x00, 0x05, 0x02, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 23 0x00, 0x03, 0x00, 0x00, 0x00, 0x2c, 0x01, 0x24, 0x00, 0x00, 0x00, 24 0x0d, 0x00, 0x00, 0x00, 0x0b, 0x0f, 0x83, 0x84, 0x86, 0x41, 0x8a, 25 0xa0, 0xe4, 0x1d, 0x13, 0x9d, 0x09, 0xb8, 0xf0, 0x1e, 0x07, 0x53, 26 0x03, 0x2a, 0x2f, 0x2a, 0x90, 0x7a, 0x8a, 0xaa, 0x69, 0xd2, 0x9a, 27 0xc4, 0xc0, 0x57, 0x0b, 0xcb, 0x87, 0x0f, 0x0d, 0x83, 0x08, 0x00, 28 0x0f, 29]); 30 31const data = Buffer.from([ 32 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 33 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x0a, 0x68, 0x65, 0x6c, 34 0x6c, 0x6f, 0x0a, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x0a, 35]); 36 37// This is testing the case of a misbehaving client that is not paying 38// attention to flow control. The initial window size is set to data 39// payload * 2, which in this case is 36, the stream is paused so 40// WINDOW_UPDATE frames are not being sent, which means the window 41// size is not being updated. A well behaved client is supposed to 42// stop sending until the window size is expanded again. 43// 44// However, our malicious client keeps sending data beyond the flow 45// control window! 46// 47// Bad client! Bad! 48// 49// Fortunately, nghttp2 handles this situation for us by keeping track 50// of the flow control window and responding with a FLOW_CONTROL_ERROR 51// causing the stream to get shut down... 52// 53// At least, that's what is supposed to happen. 54 55let client; 56 57const server = h2.createServer({ settings: { initialWindowSize: 36 } }); 58server.on('stream', (stream) => { 59 // Set the high water mark to zero, since otherwise we still accept 60 // reads from the source stream (if we can consume them). 61 stream._readableState.highWaterMark = 0; 62 stream.pause(); 63 stream.on('error', common.expectsError({ 64 code: 'ERR_HTTP2_STREAM_ERROR', 65 name: 'Error', 66 message: 'Stream closed with error code NGHTTP2_FLOW_CONTROL_ERROR' 67 })); 68 stream.on('close', common.mustCall(() => { 69 server.close(); 70 client.destroy(); 71 })); 72 stream.on('end', common.mustNotCall()); 73}); 74 75server.listen(0, () => { 76 client = net.connect(server.address().port, () => { 77 client.write(preamble); 78 client.write(data); 79 client.write(data); 80 client.write(data); 81 }); 82}); 83