Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7549:45415228990b
HTTP/2: limited number of PRIORITY frames.
Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams. Fix is to limit the number of PRIORITY frames.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 13 Aug 2019 15:43:40 +0300 |
parents | 99257b06b0bd |
children | 9f1f9d6e056a |
comparison
equal
deleted
inserted
replaced
7548:99257b06b0bd | 7549:45415228990b |
---|---|
271 h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; | 271 h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; |
272 | 272 |
273 h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); | 273 h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); |
274 | 274 |
275 h2c->concurrent_pushes = h2scf->concurrent_pushes; | 275 h2c->concurrent_pushes = h2scf->concurrent_pushes; |
276 h2c->priority_limit = h2scf->concurrent_streams; | |
276 | 277 |
277 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); | 278 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); |
278 if (h2c->pool == NULL) { | 279 if (h2c->pool == NULL) { |
279 ngx_http_close_connection(c); | 280 ngx_http_close_connection(c); |
280 return; | 281 return; |
1800 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | 1801 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, |
1801 "client sent PRIORITY frame with incorrect length %uz", | 1802 "client sent PRIORITY frame with incorrect length %uz", |
1802 h2c->state.length); | 1803 h2c->state.length); |
1803 | 1804 |
1804 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); | 1805 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); |
1806 } | |
1807 | |
1808 if (--h2c->priority_limit == 0) { | |
1809 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
1810 "client sent too many PRIORITY frames"); | |
1811 | |
1812 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM); | |
1805 } | 1813 } |
1806 | 1814 |
1807 if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) { | 1815 if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) { |
1808 return ngx_http_v2_state_save(h2c, pos, end, | 1816 return ngx_http_v2_state_save(h2c, pos, end, |
1809 ngx_http_v2_state_priority); | 1817 ngx_http_v2_state_priority); |
3117 h2c->pushing++; | 3125 h2c->pushing++; |
3118 | 3126 |
3119 } else { | 3127 } else { |
3120 h2c->processing++; | 3128 h2c->processing++; |
3121 } | 3129 } |
3130 | |
3131 h2c->priority_limit += h2scf->concurrent_streams; | |
3122 | 3132 |
3123 return stream; | 3133 return stream; |
3124 } | 3134 } |
3125 | 3135 |
3126 | 3136 |