Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7386:9200b41db765 stable-1.14
HTTP/2: limit the number of idle state switches.
An attack that continuously switches HTTP/2 connection between
idle and active states can result in excessive CPU usage.
This is because when a connection switches to the idle state,
all of its memory pool caches are freed.
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection.
Initially reported by Gal Goldshtein from F5 Networks.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Tue, 06 Nov 2018 16:29:49 +0300 |
| parents | 1c6b6163c039 |
| children |
comparison
equal
deleted
inserted
replaced
| 7385:1c6b6163c039 | 7386:9200b41db765 |
|---|---|
| 4479 } | 4479 } |
| 4480 } | 4480 } |
| 4481 | 4481 |
| 4482 #endif | 4482 #endif |
| 4483 | 4483 |
| 4484 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, | |
| 4485 ngx_http_v2_module); | |
| 4486 | |
| 4487 if (h2c->idle++ > 10 * h2scf->max_requests) { | |
| 4488 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
| 4489 "http2 flood detected"); | |
| 4490 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR); | |
| 4491 return; | |
| 4492 } | |
| 4493 | |
| 4484 c->destroyed = 0; | 4494 c->destroyed = 0; |
| 4485 ngx_reusable_connection(c, 0); | 4495 ngx_reusable_connection(c, 0); |
| 4486 | |
| 4487 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, | |
| 4488 ngx_http_v2_module); | |
| 4489 | 4496 |
| 4490 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); | 4497 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); |
| 4491 if (h2c->pool == NULL) { | 4498 if (h2c->pool == NULL) { |
| 4492 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); | 4499 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); |
| 4493 return; | 4500 return; |