From a63a5cfdc0498fca2e7379c11707dde63ca1b047 Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Thu, 29 Jul 2021 12:17:56 +0300 Subject: [PATCH] HTTP/3: http3_max_uni_streams directive. The directive limits the number of uni streams client is allowed to create. --- src/http/v3/ngx_http_v3.h | 2 ++ src/http/v3/ngx_http_v3_module.c | 12 ++++++++++++ src/http/v3/ngx_http_v3_streams.c | 14 ++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h index e693af7d8..bea560864 100644 --- a/src/http/v3/ngx_http_v3.h +++ b/src/http/v3/ngx_http_v3.h @@ -53,6 +53,7 @@ #define NGX_HTTP_V3_DEFAULT_MAX_TABLE_CAPACITY 16384 #define NGX_HTTP_V3_DEFAULT_MAX_BLOCKED_STREAMS 16 #define NGX_HTTP_V3_DEFAULT_MAX_CONCURRENT_PUSHES 10 +#define NGX_HTTP_V3_DEFAULT_MAX_UNI_STREAMS 3 /* HTTP/3 errors */ #define NGX_HTTP_V3_ERR_NO_ERROR 0x100 @@ -99,6 +100,7 @@ typedef struct { size_t max_table_capacity; ngx_uint_t max_blocked_streams; ngx_uint_t max_concurrent_pushes; + ngx_uint_t max_uni_streams; } ngx_http_v3_srv_conf_t; diff --git a/src/http/v3/ngx_http_v3_module.c b/src/http/v3/ngx_http_v3_module.c index 3b651f044..873ebb2f3 100644 --- a/src/http/v3/ngx_http_v3_module.c +++ b/src/http/v3/ngx_http_v3_module.c @@ -42,6 +42,13 @@ static ngx_command_t ngx_http_v3_commands[] = { offsetof(ngx_http_v3_srv_conf_t, max_concurrent_pushes), NULL }, + { ngx_string("http3_max_uni_streams"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_v3_srv_conf_t, max_uni_streams), + NULL }, + { ngx_string("http3_push"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_http_v3_push, @@ -104,6 +111,7 @@ ngx_http_v3_create_srv_conf(ngx_conf_t *cf) h3scf->max_table_capacity = NGX_CONF_UNSET_SIZE; h3scf->max_blocked_streams = NGX_CONF_UNSET_UINT; h3scf->max_concurrent_pushes = NGX_CONF_UNSET_UINT; + h3scf->max_uni_streams = NGX_CONF_UNSET_UINT; return h3scf; } @@ -127,6 +135,10 @@ ngx_http_v3_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) prev->max_concurrent_pushes, NGX_HTTP_V3_DEFAULT_MAX_CONCURRENT_PUSHES); + ngx_conf_merge_uint_value(conf->max_uni_streams, + prev->max_uni_streams, + NGX_HTTP_V3_DEFAULT_MAX_UNI_STREAMS); + return NGX_CONF_OK; } diff --git a/src/http/v3/ngx_http_v3_streams.c b/src/http/v3/ngx_http_v3_streams.c index 693225b89..1b0f91454 100644 --- a/src/http/v3/ngx_http_v3_streams.c +++ b/src/http/v3/ngx_http_v3_streams.c @@ -35,10 +35,24 @@ static ngx_connection_t *ngx_http_v3_get_uni_stream(ngx_connection_t *c, void ngx_http_v3_init_uni_stream(ngx_connection_t *c) { + uint64_t n; + ngx_http_v3_srv_conf_t *h3scf; ngx_http_v3_uni_stream_t *us; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 init uni stream"); + h3scf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module); + + n = c->quic->id >> 2; + + if (n >= h3scf->max_uni_streams) { + ngx_http_v3_finalize_connection(c, + NGX_HTTP_V3_ERR_STREAM_CREATION_ERROR, + "reached maximum number of uni streams"); + ngx_http_close_connection(c); + return; + } + c->quic->cancelable = 1; us = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_uni_stream_t));