Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7386:9200b41db765 stable-1.14
HTTP/2: limit the number of idle state switches.
An attack that continuously switches HTTP/2 connection between
idle and active states can result in excessive CPU usage.
This is because when a connection switches to the idle state,
all of its memory pool caches are freed.
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection.
Initially reported by Gal Goldshtein from F5 Networks.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 06 Nov 2018 16:29:49 +0300 |
parents | 1c6b6163c039 |
children |
comparison
equal
deleted
inserted
replaced
7385:1c6b6163c039 | 7386:9200b41db765 |
---|---|
4479 } | 4479 } |
4480 } | 4480 } |
4481 | 4481 |
4482 #endif | 4482 #endif |
4483 | 4483 |
4484 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, | |
4485 ngx_http_v2_module); | |
4486 | |
4487 if (h2c->idle++ > 10 * h2scf->max_requests) { | |
4488 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
4489 "http2 flood detected"); | |
4490 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR); | |
4491 return; | |
4492 } | |
4493 | |
4484 c->destroyed = 0; | 4494 c->destroyed = 0; |
4485 ngx_reusable_connection(c, 0); | 4495 ngx_reusable_connection(c, 0); |
4486 | |
4487 h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, | |
4488 ngx_http_v2_module); | |
4489 | 4496 |
4490 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); | 4497 h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); |
4491 if (h2c->pool == NULL) { | 4498 if (h2c->pool == NULL) { |
4492 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); | 4499 ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); |
4493 return; | 4500 return; |