diff src/http/v3/ngx_http_v3.h @ 8881:72b304f6207c quic

HTTP/3: traffic-based flood detection. With this patch, all traffic over HTTP/3 bidi and uni streams is counted in the h3c->total_bytes field, and payload traffic is counted in the h3c->payload_bytes field. As long as total traffic is many times larger than payload traffic, we consider this to be a flood. Request header traffic is counted as if all fields are literal. Response header traffic is counted as is.
author Roman Arutyunyan <arut@nginx.com>
date Thu, 07 Oct 2021 13:22:42 +0300
parents 4f922f611135
children 0d3bf08eaac0
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3.h
+++ b/src/http/v3/ngx_http_v3.h
@@ -128,6 +128,9 @@ struct ngx_http_v3_session_s {
     uint64_t                      max_push_id;
     uint64_t                      goaway_push_id;
 
+    off_t                         total_bytes;
+    off_t                         payload_bytes;
+
     ngx_uint_t                    goaway;  /* unsigned  goaway:1; */
 
     ngx_connection_t             *known_streams[NGX_HTTP_V3_MAX_KNOWN_STREAM];
@@ -136,6 +139,7 @@ struct ngx_http_v3_session_s {
 
 void ngx_http_v3_init(ngx_connection_t *c);
 ngx_int_t ngx_http_v3_init_session(ngx_connection_t *c);
+ngx_int_t ngx_http_v3_check_flood(ngx_connection_t *c);
 
 ngx_int_t ngx_http_v3_read_request_body(ngx_http_request_t *r);
 ngx_int_t ngx_http_v3_read_unbuffered_request_body(ngx_http_request_t *r);