Mercurial > hg > nginx
changeset 8883:404de224517e quic
QUIC: limited the total number of frames.
Exceeding 10000 allocated frames is considered a flood.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 13 Oct 2021 14:46:51 +0300 |
parents | 6204120cf37f |
children | 1798acc01970 |
files | src/event/quic/ngx_event_quic_connection.h src/event/quic/ngx_event_quic_frames.c |
diffstat | 2 files changed, 7 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_connection.h Wed Oct 13 14:41:46 2021 +0300 +++ b/src/event/quic/ngx_event_quic_connection.h Wed Oct 13 14:46:51 2021 +0300 @@ -228,8 +228,8 @@ ngx_chain_t *free_bufs; ngx_buf_t *free_shadow_bufs; + ngx_uint_t nframes; #ifdef NGX_QUIC_DEBUG_ALLOC - ngx_uint_t nframes; ngx_uint_t nbufs; #endif
--- a/src/event/quic/ngx_event_quic_frames.c Wed Oct 13 14:41:46 2021 +0300 +++ b/src/event/quic/ngx_event_quic_frames.c Wed Oct 13 14:46:51 2021 +0300 @@ -38,18 +38,22 @@ "quic reuse frame n:%ui", qc->nframes); #endif - } else { + } else if (qc->nframes < 10000) { frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t)); if (frame == NULL) { return NULL; } -#ifdef NGX_QUIC_DEBUG_ALLOC ++qc->nframes; +#ifdef NGX_QUIC_DEBUG_ALLOC ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic alloc frame n:%ui", qc->nframes); #endif + + } else { + ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected"); + return NULL; } ngx_memzero(frame, sizeof(ngx_quic_frame_t));