Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.h @ 7378:e7f19d268c72
HTTP/2: limit the number of idle state switches.
An attack that continuously switches HTTP/2 connection between
idle and active states can result in excessive CPU usage.
This is because when a connection switches to the idle state,
all of its memory pool caches are freed.
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection.
Initially reported by Gal Goldshtein from F5 Networks.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 06 Nov 2018 16:29:49 +0300 |
parents | d4448892a294 |
children | 99257b06b0bd |
comparison
equal
deleted
inserted
replaced
7377:d4448892a294 | 7378:e7f19d268c72 |
---|---|
119 ngx_connection_t *connection; | 119 ngx_connection_t *connection; |
120 ngx_http_connection_t *http_connection; | 120 ngx_http_connection_t *http_connection; |
121 | 121 |
122 ngx_uint_t processing; | 122 ngx_uint_t processing; |
123 ngx_uint_t frames; | 123 ngx_uint_t frames; |
124 ngx_uint_t idle; | |
124 | 125 |
125 ngx_uint_t pushing; | 126 ngx_uint_t pushing; |
126 ngx_uint_t concurrent_pushes; | 127 ngx_uint_t concurrent_pushes; |
127 | 128 |
128 size_t send_window; | 129 size_t send_window; |