Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7549:45415228990b
HTTP/2: limited number of PRIORITY frames.
Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams. Fix is to limit the number of PRIORITY frames.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Tue, 13 Aug 2019 15:43:40 +0300 |
| parents | 99257b06b0bd |
| children | 9f1f9d6e056a |
comparison
equal
deleted
inserted
replaced
| 7548:99257b06b0bd | 7549:45415228990b |
|---|---|
| 271 h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; | 271 h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; |
| 272 | 272 |
| 273 h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); | 273 h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); |
| 274 | 274 |
| 275 h2c->concurrent_pushes = h2scf->concurrent_pushes; | 275 h2c->concurrent_pushes = h2scf->concurrent_pushes; |
| 276 h2c->priority_limit = h2scf->concurrent_streams; | |
| 276 | 277 |
| 277 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); | 278 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); |
| 278 if (h2c->pool == NULL) { | 279 if (h2c->pool == NULL) { |
| 279 ngx_http_close_connection(c); | 280 ngx_http_close_connection(c); |
| 280 return; | 281 return; |
| 1800 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 1801 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
| 1801 "client sent PRIORITY frame with incorrect length %uz", | 1802 "client sent PRIORITY frame with incorrect length %uz", |
| 1802 h2c->state.length); | 1803 h2c->state.length); |
| 1803 | 1804 |
| 1804 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 1805 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
| 1806 } | |
| 1807 | |
| 1808 if (--h2c->priority_limit == 0) { | |
| 1809 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 1810 "client sent too many PRIORITY frames"); | |
| 1811 | |
| 1812 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM); | |
| 1805 } | 1813 } |
| 1806 | 1814 |
| 1807 if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) { | 1815 if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) { |
| 1808 return ngx_http_v2_state_save(h2c, pos, end, | 1816 return ngx_http_v2_state_save(h2c, pos, end, |
| 1809 ngx_http_v2_state_priority); | 1817 ngx_http_v2_state_priority); |
| 3117 h2c->pushing++; | 3125 h2c->pushing++; |
| 3118 | 3126 |
| 3119 } else { | 3127 } else { |
| 3120 h2c->processing++; | 3128 h2c->processing++; |
| 3121 } | 3129 } |
| 3130 | |
| 3131 h2c->priority_limit += h2scf->concurrent_streams; | |
| 3122 | 3132 |
| 3123 return stream; | 3133 return stream; |
| 3124 } | 3134 } |
| 3125 | 3135 |
| 3126 | 3136 |