HTTP/2: flood detection.
Fixed uncontrolled memory growth in case peer is flooding us with some frames (e.g., SETTINGS and PING) and doesn't read data. Fix is to limit the number of allocated control frames.
This commit is contained in:
parent
07b5f8e603
commit
5f1bba7d82
2 changed files with 12 additions and 1 deletions
|
@ -664,6 +664,7 @@ ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
|
||||||
|
|
||||||
h2c->pool = NULL;
|
h2c->pool = NULL;
|
||||||
h2c->free_frames = NULL;
|
h2c->free_frames = NULL;
|
||||||
|
h2c->frames = 0;
|
||||||
h2c->free_fake_connections = NULL;
|
h2c->free_fake_connections = NULL;
|
||||||
|
|
||||||
#if (NGX_HTTP_SSL)
|
#if (NGX_HTTP_SSL)
|
||||||
|
@ -2895,7 +2896,7 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length,
|
||||||
|
|
||||||
frame->blocked = 0;
|
frame->blocked = 0;
|
||||||
|
|
||||||
} else {
|
} else if (h2c->frames < 10000) {
|
||||||
pool = h2c->pool ? h2c->pool : h2c->connection->pool;
|
pool = h2c->pool ? h2c->pool : h2c->connection->pool;
|
||||||
|
|
||||||
frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
|
frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
|
||||||
|
@ -2919,6 +2920,15 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length,
|
||||||
frame->last = frame->first;
|
frame->last = frame->first;
|
||||||
|
|
||||||
frame->handler = ngx_http_v2_frame_handler;
|
frame->handler = ngx_http_v2_frame_handler;
|
||||||
|
|
||||||
|
h2c->frames++;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
||||||
|
"http2 flood detected");
|
||||||
|
|
||||||
|
h2c->connection->error = 1;
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if (NGX_DEBUG)
|
#if (NGX_DEBUG)
|
||||||
|
|
|
@ -120,6 +120,7 @@ struct ngx_http_v2_connection_s {
|
||||||
ngx_http_connection_t *http_connection;
|
ngx_http_connection_t *http_connection;
|
||||||
|
|
||||||
ngx_uint_t processing;
|
ngx_uint_t processing;
|
||||||
|
ngx_uint_t frames;
|
||||||
|
|
||||||
ngx_uint_t pushing;
|
ngx_uint_t pushing;
|
||||||
ngx_uint_t concurrent_pushes;
|
ngx_uint_t concurrent_pushes;
|
||||||
|
|
Loading…
Reference in a new issue