nginx: src/event/quic/ngx_event

comparison src/event/quic/ngx_event_quic.c @ 8882:6204120cf37f quic

QUIC: traffic-based flood detection. With this patch, all traffic over a QUIC connection is compared to traffic over QUIC streams. As long as total traffic is many times larger than stream traffic, we consider this to be a flood.

author	Roman Arutyunyan <arut@nginx.com>
date	Wed, 13 Oct 2021 14:41:46 +0300
parents	c4f249d485e3
children	d041b8d6ab0b

comparison

equal deleted inserted replaced

-:72b304f6207c
+:6204120cf37f
 static ngx_int_t
 ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf)
 {
-u_char             *p;
+size_t                  size;
-ngx_int_t           rc;
+u_char                 *p;
-ngx_uint_t          good;
+ngx_int_t               rc;
-ngx_quic_header_t   pkt;
+ngx_uint_t              good;
+ngx_quic_header_t       pkt;
+ngx_quic_connection_t  *qc;
 good = 0;
+size = b->last - b->pos;
 p = b->pos;
 while (p < b->last) {
 b->pos = pkt.data + pkt.len;
 p = b->pos;
 }
-return good ? NGX_OK : NGX_DECLINED;
+if (!good) {
+return NGX_DECLINED;
+}
+qc = ngx_quic_get_connection(c);
+if (qc) {
+qc->received += size;
+if ((uint64_t) (c->sent + qc->received) / 8 >
+(qc->streams.sent + qc->streams.recv_last) + 1048576)
+{
+ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
+qc->error = NGX_QUIC_ERR_NO_ERROR;
+qc->error_reason = "QUIC flood detected";
+return NGX_ERROR;
+}
+}
+return NGX_OK;
 }
 static ngx_int_t
 ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic.c @ 8882:6204120cf37f quic