-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add http2 per iteration stream handling limit patch
- Loading branch information
1 parent
f66d3f8
commit 97de185
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
53 changes: 53 additions & 0 deletions
53
patch/1.21.4/nginx-http2_per_iteration_stream_handling_limit.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| diff --git src/http/v2/ngx_http_v2.c src/http/v2/ngx_http_v2.c | ||
| index 3afa8b638..228b060bf 100644 | ||
| --- src/http/v2/ngx_http_v2.c | ||
| +++ src/http/v2/ngx_http_v2.c | ||
| @@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) | ||
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); | ||
|
|
||
| h2c->blocked = 1; | ||
| + h2c->new_streams = 0; | ||
|
|
||
| if (c->close) { | ||
| c->close = 0; | ||
| @@ -1321,6 +1322,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, | ||
| goto rst_stream; | ||
| } | ||
|
|
||
| + if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { | ||
| + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | ||
| + "client sent too many streams at once"); | ||
| + | ||
| + status = NGX_HTTP_V2_REFUSED_STREAM; | ||
| + goto rst_stream; | ||
| + } | ||
| + | ||
| if (!h2c->settings_ack | ||
| && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) | ||
| && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) | ||
| @@ -1386,6 +1395,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, | ||
|
|
||
| rst_stream: | ||
|
|
||
| + if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { | ||
| + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | ||
| + "client sent too many refused streams"); | ||
| + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); | ||
| + } | ||
| + | ||
| if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { | ||
| return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); | ||
| } | ||
| diff --git src/http/v2/ngx_http_v2.h src/http/v2/ngx_http_v2.h | ||
| index 0eceae3d5..aef40bbb8 100644 | ||
| --- src/http/v2/ngx_http_v2.h | ||
| +++ src/http/v2/ngx_http_v2.h | ||
| @@ -124,6 +124,8 @@ struct ngx_http_v2_connection_s { | ||
| ngx_uint_t processing; | ||
| ngx_uint_t frames; | ||
| ngx_uint_t idle; | ||
| + ngx_uint_t new_streams; | ||
| + ngx_uint_t refused_streams; | ||
| ngx_uint_t priority_limit; | ||
|
|
||
| ngx_uint_t pushing; |