1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Source: https://trac.nginx.org/nginx/changeset/cdda286c0f1b4b10f30d4eb6a63fefb9b8708ecc/nginx
This patch was modified from upstream in the following way(s):
* Update path so that the patch applies correctly
* dos2unix
Index: src/http/v2/ngx_http_v2.c
===================================================================
--- a/src/http/v2/ngx_http_v2.c (revision 9121)
+++ b/src/http/v2/ngx_http_v2.c (revision 9165)
@@ -348,4 +348,5 @@
h2c->blocked = 1;
+ h2c->new_streams = 0;
if (c->close) {
@@ -1285,4 +1286,12 @@
}
+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many streams at once");
+
+ status = NGX_HTTP_V2_REFUSED_STREAM;
+ goto rst_stream;
+ }
+
if (!h2c->settings_ack
&& !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG)
@@ -1349,4 +1358,10 @@
rst_stream:
+
+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many refused streams");
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR);
+ }
if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) {
Index: src/http/v2/ngx_http_v2.h
===================================================================
--- a/src/http/v2/ngx_http_v2.h (revision 9121)
+++ b/src/http/v2/ngx_http_v2.h (revision 9165)
@@ -132,4 +132,6 @@
ngx_uint_t frames;
ngx_uint_t idle;
+ ngx_uint_t new_streams;
+ ngx_uint_t refused_streams;
ngx_uint_t priority_limit;
|