nghttp2.org

HTTP/2 C library and tools

Nghttp2 v1.14.0

We released nghttp2 v1.14.0. We summarizes the changes below per category.

libnghttp2

Wenfeng Liu contributed several commits to mainly HPACK related code. Most notably, Wenfeng added nghttp2_hd_deflate_hd_vec() function, which can takes multiple output buffers to encode HTTP header fields, in a same spirit of writev(2). Wenfeng also cleaned up source code, and added optimizations.

We added nghttp2_on_invalid_header_callback to pass the invalid header fields to application. We say header field is invalid if it contains a character which is now allowed in header field. Previously, libnghttp2 silently ignored them. Now application can use this callback to catch these header fields, and it can reset a stream if it wishes.

HTTP/2 priority handling is complex thing, but we fixed a bug that libnghttp2 performs wrong tree operation to avoid dependency cycle. https://tools.ietf.org/html/rfc7540#section-5.3.3 explains how to transform dependency tree to avoid circular dependency. Previously, we wrongly always moved the dependent stream under the root stream. The correct destination is the parent stream of the stream to reprioritize. This is not a security bug.

We have deprecated NGHTTP2_INITIAL_MAX_CONCURRENT_STREAMS macro, which was defined as INT32_MAX. Actually, the SETTINGS value can contain 32 bit unsigned integer, it is not really an initial value. We think deprecation does not affect most of the application, since typically they requires much lower concurrent stream limit (say, 100).

We have tightened up stream state handling for server side session, and now nghttpx and nghttpd can pass all h2spec tests with strict mode enabled.

Documentation

We removed old documentation about HPACK differential coding. It was removed when we ditched reference set from HPACK specification.

We also mention about ALPN support in nghttpx HOW-TO.

nghttpx

We have got several bug report about the issue that the backend connection cannot be established. We added several WARN level log messages to debug this situation easier.

Previously, we silently changed pushed stream’s priority if it is CSS, Javascript, or html, by mutating server side priority tree, so that they can be sent along with associated resource (usually, parent html). There is a discussion in httpbis mailing list which argues that dependency tree is for client, and changing it in server side is not what client expects. Ideally, it is a browser’s job to prioritize pushed resource, but we need 1 RTT to get this PRIORITY frame from browser. We will work on better approach how to prioritize pushed stream in initial phase.

nghttpx can now log the backend host and port in access log file. See --accesslog-format option for more details.

We have fixed the bug that api and healthmon parameter do not work with --http2-proxy option.

nghttpx now reloads configuration file when it receives SIGHUP.

nghttp

nghttp now accepts multiple -p option to set weight for corresponding URI in command-line.

deflatehd

We fixed it so that it only emits dynamic header table size update when header table size is changed from default.