Commit 5ae726912654da10a9a81b2c8436829f3e94f69f - nginx

HTTP/2: limited number of PRIORITY frames. Fixed excessive CPU usage caused by a peer that continuously shuffles priority of streams. Fix is to limit the number of PRIORITY frames. Ruslan Ermilov 2 years ago

2 changed file(s) with 11 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

+10

-0

src/http/v2/ngx_http_v2.c less more

272	272	h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
273	273
274	274	h2c->concurrent_pushes = h2scf->concurrent_pushes;
	275	h2c->priority_limit = h2scf->concurrent_streams;
275	276
276	277	h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
277	278	if (h2c->pool == NULL) {

1801	1802	h2c->state.length);
1802	1803
1803	1804	return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
	1805	}
	1806
	1807	if (--h2c->priority_limit == 0) {
	1808	ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
	1809	"client sent too many PRIORITY frames");
	1810
	1811	return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM);
1804	1812	}
1805	1813
1806	1814	if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) {

3118	3126	} else {
3119	3127	h2c->processing++;
3120	3128	}
	3129
	3130	h2c->priority_limit += h2scf->concurrent_streams;
3121	3131
3122	3132	return stream;
3123	3133	}

-0

src/http/v2/ngx_http_v2.h less more

121	121	ngx_uint_t processing;
122	122	ngx_uint_t frames;
123	123	ngx_uint_t idle;
	124	ngx_uint_t priority_limit;
124	125
125	126	ngx_uint_t pushing;
126	127	ngx_uint_t concurrent_pushes;