pub fn validate_h2_flood_knobs_http(
patch: &UpdateHttpListenerConfig,
) -> Result<(), StateError>Expand description
Validate all H2 flood knobs in an HTTP listener patch.
Every flood-detector knob (including stream-0 WINDOW_UPDATE) requires a
value >= 1. Passing 0 would disable the detector entirely and leave the
proxy open to CVE-2023-44487 and related attacks. The runtime constructor
H2FloodConfig::new() applies the same .max(1) clamping, but a raw
protobuf client can bypass the CLI layer, so we enforce the bound here too.
h2_max_concurrent_streams and h2_stream_shrink_ratio are connection-
config knobs that also require >= 1.
h2_graceful_shutdown_deadline_seconds = 0 is intentionally allowed —
it means “wait forever (no forced close after GOAWAY)”.