Klaus Demo nginx / 65b2c00
HTTP/2: flood detection. Fixed uncontrolled memory growth in case peer is flooding us with some frames (e.g., SETTINGS and PING) and doesn't read data. Fix is to limit the number of allocated control frames. Ruslan Ermilov 2 years ago
2 changed file(s) with 12 addition(s) and 1 deletion(s). Raw diff Collapse all Expand all
663663
664664 h2c->pool = NULL;
665665 h2c->free_frames = NULL;
666 h2c->frames = 0;
666667 h2c->free_fake_connections = NULL;
667668
668669 #if (NGX_HTTP_SSL)
28942895
28952896 frame->blocked = 0;
28962897
2897 } else {
2898 } else if (h2c->frames < 10000) {
28982899 pool = h2c->pool ? h2c->pool : h2c->connection->pool;
28992900
29002901 frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
29182919 frame->last = frame->first;
29192920
29202921 frame->handler = ngx_http_v2_frame_handler;
2922
2923 h2c->frames++;
2924
2925 } else {
2926 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
2927 "http2 flood detected");
2928
2929 h2c->connection->error = 1;
2930 return NULL;
29212931 }
29222932
29232933 #if (NGX_DEBUG)
119119 ngx_http_connection_t *http_connection;
120120
121121 ngx_uint_t processing;
122 ngx_uint_t frames;
122123
123124 ngx_uint_t pushing;
124125 ngx_uint_t concurrent_pushes;