grpc 1.56.0.pre3 → 1.56.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 82eb96446f478b61dff7f478ccd62182999f29b69cc834cfcb730fcebd3daf7d
-  data.tar.gz: 8be8ef333de3ebac5750b7e90932c8fdfee6f207ff0c2fa405210749390f0e93
+  metadata.gz: 3481eedf57501bb8ae2f09cd0c0a3ad03300047a9e47bee671a6899f1794e4ba
+  data.tar.gz: 62506671a0935ef989fe57777830f658c70e0d9393f01c9a4a2d572448d0f975
 SHA512:
-  metadata.gz: 50143535fc2dc6cdd48d5e03f9776dc9afab5a1dd5597c17111a0ba344caf479fbc133c785c8bfa3a3d81ee4db6532f64d89c094e351d2a2f4e8e41f971a37f0
-  data.tar.gz: ee5b69ace3899823ea7bbf51a50b839ec03c6a1480406337ca4f926b33345551b87db6d28eedaaf2888a35af004af356bf74c0a257740b126f5de2a4b511aa15
+  metadata.gz: d349ee4daea9488acb1467cb2decc7acbf9d0944a264d1ccb1418fbe2f76e68a5dfbc6f5b38617aa89254a11650fed7988ccbbdf08617c1d491ab5bd2b7756a3
+  data.tar.gz: 985dce4d0fa51fa2a2b38449185bdb4959cd43f3dacb70deeab16615974fabb09330288ca71837372978a3a6131c3bebaf7ab1a3d4c6f0a2da9d9dfef61c2fa0

data/Makefile

@@ -411,8 +411,8 @@ Q = @
 endif
 
 CORE_VERSION = 33.0.0
-CPP_VERSION = 1.56.0-pre3
-CSHARP_VERSION = 2.56.0-pre3
+CPP_VERSION = 1.56.2
+CSHARP_VERSION = 2.56.2
 
 CPPFLAGS_NO_ARCH += $(addprefix -I, $(INCLUDES)) $(addprefix -D, $(DEFINES))
 CPPFLAGS += $(CPPFLAGS_NO_ARCH) $(ARCH_FLAGS)
@@ -1058,6 +1058,7 @@ LIBGRPC_SRC = \
     src/core/ext/transport/chttp2/transport/frame_window_update.cc \
     src/core/ext/transport/chttp2/transport/hpack_encoder.cc \
     src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc \
+    src/core/ext/transport/chttp2/transport/hpack_parse_result.cc \
     src/core/ext/transport/chttp2/transport/hpack_parser.cc \
     src/core/ext/transport/chttp2/transport/hpack_parser_table.cc \
     src/core/ext/transport/chttp2/transport/http2_settings.cc \
@@ -1931,6 +1932,7 @@ LIBGRPC_UNSECURE_SRC = \
     src/core/ext/transport/chttp2/transport/frame_window_update.cc \
     src/core/ext/transport/chttp2/transport/hpack_encoder.cc \
     src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc \
+    src/core/ext/transport/chttp2/transport/hpack_parse_result.cc \
     src/core/ext/transport/chttp2/transport/hpack_parser.cc \
     src/core/ext/transport/chttp2/transport/hpack_parser_table.cc \
     src/core/ext/transport/chttp2/transport/http2_settings.cc \

data/include/grpc/grpc_security.h

@@ -21,6 +21,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include <stdbool.h>
+
 #include <grpc/grpc.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
@@ -896,6 +898,23 @@ GRPCAPI void grpc_tls_credentials_options_set_crl_directory(
 GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert(
     grpc_tls_credentials_options* options, int verify_server_cert);
 
+/**
+ * EXPERIMENTAL API - Subject to change
+ *
+ * Sets whether or not a TLS server should send a list of CA names in the
+ * ServerHello. This list of CA names is read from the server's trust bundle, so
+ * that the client can use this list as a hint to know which certificate it
+ * should send to the server.
+ *
+ * WARNING: This API is extremely dangerous and should not be used. If the
+ * server's trust bundle is too large, then the TLS server will be unable to
+ * form a ServerHello, and hence will be unusable. The definition of "too large"
+ * depends on the underlying SSL library being used and on the size of the CN
+ * fields of the certificates in the trust bundle.
+ */
+GRPCAPI void grpc_tls_credentials_options_set_send_client_ca_list(
+    grpc_tls_credentials_options* options, bool send_client_ca_list);
+
 /**
  * EXPERIMENTAL API - Subject to change
  *

data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc

@@ -299,7 +299,7 @@ class OutlierDetectionLb : public LoadBalancingPolicy {
     }
 
     void DisableEjection() {
-      Uneject();
+      if (ejection_time_.has_value()) Uneject();
       multiplier_ = 0;
     }
 

data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc

@@ -909,12 +909,21 @@ void WeightedRoundRobin::WeightedRoundRobinSubchannelData::
     subchannel()->RequestConnection();
   } else if (new_state == GRPC_CHANNEL_READY) {
     // If we transition back to READY state, restart the blackout period.
+    // Skip this if this is the initial notification for this
+    // subchannel (which happens whenever we get updated addresses and
+    // create a new endpoint list).  Also skip it if the previous state
+    // was READY (which should never happen in practice, but we've seen
+    // at least one bug that caused this in the outlier_detection
+    // policy, so let's be defensive here).
+    //
     // Note that we cannot guarantee that we will never receive
     // lingering callbacks for backend metric reports from the previous
     // connection after the new connection has been established, but they
     // should be masked by new backend metric reports from the new
     // connection by the time the blackout period ends.
-    weight_->ResetNonEmptySince();
+    if (old_state.has_value() && old_state != GRPC_CHANNEL_READY) {
+      weight_->ResetNonEmptySince();
+    }
   }
   // Update logical connectivity state.
   UpdateLogicalConnectivityStateLocked(new_state);

data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc

@@ -0,0 +1,176 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/ext/transport/chttp2/transport/hpack_parse_result.h"
+
+#include <stddef.h>
+
+#include <initializer_list>
+
+#include "absl/strings/str_format.h"
+
+#include "src/core/ext/transport/chttp2/transport/hpack_constants.h"
+#include "src/core/lib/gprpp/status_helper.h"
+#include "src/core/lib/iomgr/error.h"
+#include "src/core/lib/slice/slice.h"
+
+namespace grpc_core {
+
+namespace {
+class MetadataSizeLimitExceededEncoder {
+ public:
+  explicit MetadataSizeLimitExceededEncoder(std::string& summary)
+      : summary_(summary) {}
+
+  void Encode(const Slice& key, const Slice& value) {
+    AddToSummary(key.as_string_view(), value.size());
+  }
+
+  template <typename Key, typename Value>
+  void Encode(Key, const Value& value) {
+    AddToSummary(Key::key(), EncodedSizeOfKey(Key(), value));
+  }
+
+ private:
+  void AddToSummary(absl::string_view key,
+                    size_t value_length) GPR_ATTRIBUTE_NOINLINE {
+    absl::StrAppend(&summary_, " ", key, ":",
+                    hpack_constants::SizeForEntry(key.size(), value_length),
+                    "B");
+  }
+  std::string& summary_;
+};
+
+absl::Status MakeStreamError(absl::Status error) {
+  GPR_DEBUG_ASSERT(!error.ok());
+  return grpc_error_set_int(std::move(error), StatusIntProperty::kStreamId, 0);
+}
+}  // namespace
+
+absl::Status HpackParseResult::Materialize() const {
+  if (materialized_status_.has_value()) return *materialized_status_;
+  materialized_status_ = BuildMaterialized();
+  return *materialized_status_;
+}
+
+absl::Status HpackParseResult::BuildMaterialized() const {
+  switch (status_.get()) {
+    case HpackParseStatus::kOk:
+      return absl::OkStatus();
+    case HpackParseStatus::kEof:
+      Crash("Materialize() called on EOF");
+      break;
+    case HpackParseStatus::kMovedFrom:
+      Crash("Materialize() called on moved-from object");
+      break;
+    case HpackParseStatus::kInvalidMetadata:
+      if (key_.empty()) {
+        return MakeStreamError(absl::InternalError(
+            ValidateMetadataResultToString(validate_metadata_result_)));
+      } else {
+        return MakeStreamError(absl::InternalError(absl::StrCat(
+            ValidateMetadataResultToString(validate_metadata_result_), ": ",
+            key_)));
+      }
+    case HpackParseStatus::kSoftMetadataLimitExceeded:
+    case HpackParseStatus::kHardMetadataLimitExceeded: {
+      const auto& e = metadata_limit_exceeded_;
+      // Collect a summary of sizes so far for debugging
+      // Do not collect contents, for fear of exposing PII.
+      std::string summary;
+      if (e.prior != nullptr) {
+        MetadataSizeLimitExceededEncoder encoder(summary);
+        e.prior->Encode(&encoder);
+      }
+      return MakeStreamError(absl::ResourceExhaustedError(absl::StrCat(
+          "received metadata size exceeds ",
+          status_.get() == HpackParseStatus::kSoftMetadataLimitExceeded
+              ? "soft"
+              : "hard",
+          " limit (", e.frame_length, " vs. ", e.limit, ")",
+          summary.empty() ? "" : "; ", summary)));
+    }
+    case HpackParseStatus::kHardMetadataLimitExceededByKey: {
+      const auto& e = metadata_limit_exceeded_by_atom_;
+      return MakeStreamError(absl::ResourceExhaustedError(
+          absl::StrCat("received metadata size exceeds hard limit (key length ",
+                       e.atom_length, " vs. ", e.limit, ")")));
+    }
+    case HpackParseStatus::kHardMetadataLimitExceededByValue: {
+      const auto& e = metadata_limit_exceeded_by_atom_;
+      return MakeStreamError(absl::ResourceExhaustedError(absl::StrCat(
+          "received metadata size exceeds hard limit (value length ",
+          e.atom_length, " vs. ", e.limit, ")")));
+    }
+    case HpackParseStatus::kMetadataParseError:
+      if (!key_.empty()) {
+        return MakeStreamError(absl::InternalError(
+            absl::StrCat("Error parsing '", key_, "' metadata")));
+      } else {
+        return MakeStreamError(absl::InternalError("Error parsing metadata"));
+      }
+    case HpackParseStatus::kUnbase64Failed:
+      if (!key_.empty()) {
+        return MakeStreamError(absl::InternalError(absl::StrCat(
+            "Error parsing '", key_, "' metadata: illegal base64 encoding")));
+      } else {
+        return MakeStreamError(absl::InternalError(
+            absl::StrCat("Failed base64 decoding metadata")));
+      }
+    case HpackParseStatus::kIncompleteHeaderAtBoundary:
+      return absl::InternalError(
+          "Incomplete header at the end of a header/continuation sequence");
+    case HpackParseStatus::kVarintOutOfRange:
+      return absl::InternalError(absl::StrFormat(
+          "integer overflow in hpack integer decoding: have 0x%08x, "
+          "got byte 0x%02x",
+          varint_out_of_range_.value, varint_out_of_range_.last_byte));
+    case HpackParseStatus::kIllegalTableSizeChange:
+      return absl::InternalError(absl::StrCat(
+          "Attempt to make hpack table ", illegal_table_size_change_.new_size,
+          " bytes when max is ", illegal_table_size_change_.max_size,
+          " bytes"));
+    case HpackParseStatus::kAddBeforeTableSizeUpdated:
+      return absl::InternalError(
+          absl::StrCat("HPACK max table size reduced to ",
+                       illegal_table_size_change_.new_size,
+                       " but not reflected by hpack stream (still at ",
+                       illegal_table_size_change_.max_size, ")"));
+    case HpackParseStatus::kParseHuffFailed:
+      if (!key_.empty()) {
+        return absl::InternalError(
+            absl::StrCat("Failed huffman decoding '", key_, "' metadata"));
+      } else {
+        return absl::InternalError(
+            absl::StrCat("Failed huffman decoding metadata"));
+      }
+      break;
+    case HpackParseStatus::kTooManyDynamicTableSizeChanges:
+      return absl::InternalError(
+          "More than two max table size changes in a single frame");
+    case HpackParseStatus::kMaliciousVarintEncoding:
+      return absl::InternalError(
+          "Malicious varint encoding detected in HPACK stream");
+    case HpackParseStatus::kInvalidHpackIndex:
+      return absl::InternalError(absl::StrFormat(
+          "Invalid HPACK index received (%d)", invalid_hpack_index_));
+    case HpackParseStatus::kIllegalHpackOpCode:
+      return absl::InternalError("Illegal hpack op code");
+  }
+  GPR_UNREACHABLE_CODE(return absl::UnknownError("Should never reach here"));
+}
+
+}  // namespace grpc_core

data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h

@@ -0,0 +1,325 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef GRPC_SRC_CORE_EXT_TRANSPORT_CHTTP2_TRANSPORT_HPACK_PARSE_RESULT_H
+#define GRPC_SRC_CORE_EXT_TRANSPORT_CHTTP2_TRANSPORT_HPACK_PARSE_RESULT_H
+
+#include <grpc/support/port_platform.h>
+
+#include <stdint.h>
+
+#include <string>
+#include <utility>
+
+#include "absl/status/status.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/string_view.h"
+#include "absl/types/optional.h"
+
+#include <grpc/support/log.h>
+
+#include "src/core/lib/gprpp/crash.h"
+#include "src/core/lib/surface/validate_metadata.h"
+#include "src/core/lib/transport/metadata_batch.h"
+
+namespace grpc_core {
+
+// Result of parsing
+// Makes it trivial to identify stream vs connection errors (via a range check)
+enum class HpackParseStatus : uint8_t {
+  ///////////////////////////////////////////////////////
+  // Non-Errors
+
+  // Parsed OK
+  kOk,
+  // Parse reached end of the current frame
+  kEof,
+  // Moved from - used to denote a HpackParseResult that has been moved into a
+  // different object, and so the original should be deemed invalid.
+  kMovedFrom,
+
+  ///////////////////////////////////////////////////////////////////
+  // Stream Errors - result in a stream cancellation
+
+  // Sentinel value used to denote the first error that is a stream error.
+  // All stream errors are hence >= kFirstStreamError and <
+  // kFirstConnectionError.
+  // Should not be used in switch statements, instead the first error message
+  // after this one should be assigned the same value.
+  kFirstStreamError,
+  kInvalidMetadata = kFirstStreamError,
+  // Hard metadata limit exceeded by the total set of metadata
+  kHardMetadataLimitExceeded,
+  kSoftMetadataLimitExceeded,
+  // Hard metadata limit exceeded by a single key string
+  kHardMetadataLimitExceededByKey,
+  // Hard metadata limit exceeded by a single value string
+  kHardMetadataLimitExceededByValue,
+  kMetadataParseError,
+  // Parse failed due to a base64 decode error
+  kUnbase64Failed,
+
+  ///////////////////////////////////////////////////////////////////
+  // Connection Errors - result in the tcp connection closing
+
+  // Sentinel value used to denote the first error that is a connection error.
+  // All connection errors are hence >= kFirstConnectionError.
+  // Should not be used in switch statements, instead the first error message
+  // after this one should be assigned the same value.
+  kFirstConnectionError,
+  // Incomplete header at end of header boundary
+  kIncompleteHeaderAtBoundary = kFirstConnectionError,
+  // Varint out of range
+  kVarintOutOfRange,
+  // Invalid HPACK index
+  kInvalidHpackIndex,
+  // Illegal HPACK table size change
+  kIllegalTableSizeChange,
+  // Trying to add to the hpack table prior to reducing after a settings change
+  kAddBeforeTableSizeUpdated,
+  // Parse failed due to a huffman decode error
+  kParseHuffFailed,
+  // Too many dynamic table size changes in one frame
+  kTooManyDynamicTableSizeChanges,
+  // Maliciously long varint encoding
+  // We don't read past 16 repeated 0x80 prefixes on a varint (all zeros)
+  // because no reasonable varint encoder would emit that (16 is already quite
+  // generous!)
+  // Because we stop reading we don't parse the rest of the bytes and so we
+  // can't recover parsing and would end up with a hpack table desync if we
+  // tried, so this is a connection error.
+  kMaliciousVarintEncoding,
+  // Illegal hpack op code
+  kIllegalHpackOpCode,
+};
+
+inline bool IsStreamError(HpackParseStatus status) {
+  return status >= HpackParseStatus::kFirstStreamError &&
+         status < HpackParseStatus::kFirstConnectionError;
+}
+
+inline bool IsConnectionError(HpackParseStatus status) {
+  return status >= HpackParseStatus::kFirstConnectionError;
+}
+
+inline bool IsEphemeralError(HpackParseStatus status) {
+  switch (status) {
+    case HpackParseStatus::kSoftMetadataLimitExceeded:
+    case HpackParseStatus::kHardMetadataLimitExceeded:
+      return true;
+    default:
+      return false;
+  }
+}
+
+class HpackParseResult {
+ public:
+  HpackParseResult() : HpackParseResult{HpackParseStatus::kOk} {}
+
+  bool ok() const { return status_.get() == HpackParseStatus::kOk; }
+  bool stream_error() const { return IsStreamError(status_.get()); }
+  bool connection_error() const { return IsConnectionError(status_.get()); }
+  bool ephemeral() const { return IsEphemeralError(status_.get()); }
+
+  HpackParseResult PersistentStreamErrorOrOk() const {
+    if (connection_error() || ephemeral()) return HpackParseResult();
+    return *this;
+  }
+
+  static HpackParseResult FromStatus(HpackParseStatus status) {
+    // Most statuses need some payloads, and we only need this functionality
+    // rarely - so allow list the statuses that we can include here.
+    switch (status) {
+      case HpackParseStatus::kUnbase64Failed:
+      case HpackParseStatus::kParseHuffFailed:
+        return HpackParseResult{status};
+      default:
+        Crash(
+            absl::StrCat("Invalid HpackParseStatus for FromStatus: ", status));
+    }
+  }
+
+  static HpackParseResult FromStatusWithKey(HpackParseStatus status,
+                                            absl::string_view key) {
+    auto r = FromStatus(status);
+    r.key_ = std::string(key);
+    return r;
+  }
+
+  static HpackParseResult MetadataParseError(absl::string_view key) {
+    HpackParseResult r{HpackParseStatus::kMetadataParseError};
+    r.key_ = std::string(key);
+    return r;
+  }
+
+  static HpackParseResult AddBeforeTableSizeUpdated(uint32_t current_size,
+                                                    uint32_t max_size) {
+    HpackParseResult p{HpackParseStatus::kAddBeforeTableSizeUpdated};
+    p.illegal_table_size_change_ =
+        IllegalTableSizeChange{current_size, max_size};
+    return p;
+  }
+
+  static HpackParseResult MaliciousVarintEncodingError() {
+    return HpackParseResult{HpackParseStatus::kMaliciousVarintEncoding};
+  }
+
+  static HpackParseResult IllegalHpackOpCode() {
+    return HpackParseResult{HpackParseStatus::kIllegalHpackOpCode};
+  }
+
+  static HpackParseResult InvalidMetadataError(ValidateMetadataResult result,
+                                               absl::string_view key) {
+    GPR_DEBUG_ASSERT(result != ValidateMetadataResult::kOk);
+    HpackParseResult p{HpackParseStatus::kInvalidMetadata};
+    p.key_ = std::string(key);
+    p.validate_metadata_result_ = result;
+    return p;
+  }
+
+  static HpackParseResult IncompleteHeaderAtBoundaryError() {
+    return HpackParseResult{HpackParseStatus::kIncompleteHeaderAtBoundary};
+  }
+
+  static HpackParseResult VarintOutOfRangeError(uint32_t value,
+                                                uint8_t last_byte) {
+    HpackParseResult p{HpackParseStatus::kVarintOutOfRange};
+    p.varint_out_of_range_ = VarintOutOfRange{last_byte, value};
+    return p;
+  }
+
+  static HpackParseResult InvalidHpackIndexError(uint32_t index) {
+    HpackParseResult p{HpackParseStatus::kInvalidHpackIndex};
+    p.invalid_hpack_index_ = index;
+    return p;
+  }
+
+  static HpackParseResult IllegalTableSizeChangeError(uint32_t new_size,
+                                                      uint32_t max_size) {
+    HpackParseResult p{HpackParseStatus::kIllegalTableSizeChange};
+    p.illegal_table_size_change_ = IllegalTableSizeChange{new_size, max_size};
+    return p;
+  }
+
+  static HpackParseResult TooManyDynamicTableSizeChangesError() {
+    return HpackParseResult{HpackParseStatus::kTooManyDynamicTableSizeChanges};
+  }
+
+  static HpackParseResult SoftMetadataLimitExceededError(
+      grpc_metadata_batch* metadata, uint32_t frame_length, uint32_t limit) {
+    HpackParseResult p{HpackParseStatus::kSoftMetadataLimitExceeded};
+    p.metadata_limit_exceeded_ =
+        MetadataLimitExceeded{frame_length, limit, metadata};
+    return p;
+  }
+
+  static HpackParseResult HardMetadataLimitExceededError(
+      grpc_metadata_batch* metadata, uint32_t frame_length, uint32_t limit) {
+    HpackParseResult p{HpackParseStatus::kHardMetadataLimitExceeded};
+    p.metadata_limit_exceeded_ =
+        MetadataLimitExceeded{frame_length, limit, metadata};
+    return p;
+  }
+
+  static HpackParseResult HardMetadataLimitExceededByKeyError(
+      uint32_t key_length, uint32_t limit) {
+    HpackParseResult p{HpackParseStatus::kHardMetadataLimitExceededByKey};
+    p.metadata_limit_exceeded_by_atom_ =
+        MetadataLimitExceededByAtom{key_length, limit};
+    return p;
+  }
+
+  static HpackParseResult HardMetadataLimitExceededByValueError(
+      absl::string_view key, uint32_t value_length, uint32_t limit) {
+    HpackParseResult p{HpackParseStatus::kHardMetadataLimitExceededByValue};
+    p.metadata_limit_exceeded_by_atom_ =
+        MetadataLimitExceededByAtom{value_length, limit};
+    p.key_ = std::string(key);
+    return p;
+  }
+
+  // Compute the absl::Status that goes along with this HpackParseResult.
+  // (may be cached, so this is not thread safe)
+  absl::Status Materialize() const;
+
+ private:
+  explicit HpackParseResult(HpackParseStatus status) : status_(status) {}
+  absl::Status BuildMaterialized() const;
+
+  struct VarintOutOfRange {
+    uint8_t last_byte;
+    uint32_t value;
+  };
+
+  struct MetadataLimitExceeded {
+    uint32_t frame_length;
+    uint32_t limit;
+    grpc_metadata_batch* prior;
+  };
+
+  // atom here means one of either a key or a value - so this is used for when a
+  // metadata limit is consumed by either of these.
+  struct MetadataLimitExceededByAtom {
+    uint32_t atom_length;
+    uint32_t limit;
+  };
+
+  struct IllegalTableSizeChange {
+    uint32_t new_size;
+    uint32_t max_size;
+  };
+
+  class StatusWrapper {
+   public:
+    explicit StatusWrapper(HpackParseStatus status) : status_(status) {}
+
+    StatusWrapper(const StatusWrapper&) = default;
+    StatusWrapper& operator=(const StatusWrapper&) = default;
+    StatusWrapper(StatusWrapper&& other) noexcept
+        : status_(std::exchange(other.status_, HpackParseStatus::kMovedFrom)) {}
+    StatusWrapper& operator=(StatusWrapper&& other) noexcept {
+      status_ = std::exchange(other.status_, HpackParseStatus::kMovedFrom);
+      return *this;
+    }
+
+    HpackParseStatus get() const { return status_; }
+
+   private:
+    HpackParseStatus status_;
+  };
+
+  StatusWrapper status_;
+  union {
+    // Set if status == kInvalidMetadata
+    ValidateMetadataResult validate_metadata_result_;
+    // Set if status == kVarintOutOfRange
+    VarintOutOfRange varint_out_of_range_;
+    // Set if status == kInvalidHpackIndex
+    uint32_t invalid_hpack_index_;
+    // Set if status == kHardMetadataLimitExceeded or
+    // kSoftMetadataLimitExceeded
+    MetadataLimitExceeded metadata_limit_exceeded_;
+    // Set if status == kHardMetadataLimitExceededByKey or
+    // kHardMetadataLimitExceededByValue
+    MetadataLimitExceededByAtom metadata_limit_exceeded_by_atom_;
+    // Set if status == kIllegalTableSizeChange
+    IllegalTableSizeChange illegal_table_size_change_;
+  };
+  std::string key_;
+  mutable absl::optional<absl::Status> materialized_status_;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_SRC_CORE_EXT_TRANSPORT_CHTTP2_TRANSPORT_HPACK_PARSE_RESULT_H