Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.h @ 7378:e7f19d268c72
HTTP/2: limit the number of idle state switches.
An attack that continuously switches HTTP/2 connection between
idle and active states can result in excessive CPU usage.
This is because when a connection switches to the idle state,
all of its memory pool caches are freed.
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection.
Initially reported by Gal Goldshtein from F5 Networks.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Tue, 06 Nov 2018 16:29:49 +0300 |
| parents | d4448892a294 |
| children | 99257b06b0bd |
comparison
equal
deleted
inserted
replaced
| 7377:d4448892a294 | 7378:e7f19d268c72 |
|---|---|
| 119 ngx_connection_t *connection; | 119 ngx_connection_t *connection; |
| 120 ngx_http_connection_t *http_connection; | 120 ngx_http_connection_t *http_connection; |
| 121 | 121 |
| 122 ngx_uint_t processing; | 122 ngx_uint_t processing; |
| 123 ngx_uint_t frames; | 123 ngx_uint_t frames; |
| 124 ngx_uint_t idle; | |
| 124 | 125 |
| 125 ngx_uint_t pushing; | 126 ngx_uint_t pushing; |
| 126 ngx_uint_t concurrent_pushes; | 127 ngx_uint_t concurrent_pushes; |
| 127 | 128 |
| 128 size_t send_window; | 129 size_t send_window; |