mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-08-06 06:46:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: limited the total number of frames.

Browse Source 
Exceeding 10000 allocated frames is considered a flood.
This commit is contained in:
Roman Arutyunyan 2021-10-13 14:46:51 +03:00
parent 6e58593a59
commit da28a4c626
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/quic/ngx_event_quic_connection.h
View File

@ -228,8 +228,8 @@ struct ngx_quic_connection_s {
ngx_chain_t *free_bufs; ngx_chain_t *free_bufs;
ngx_buf_t *free_shadow_bufs; ngx_buf_t *free_shadow_bufs;
#ifdef NGX_QUIC_DEBUG_ALLOC
ngx_uint_t nframes; ngx_uint_t nframes;
#ifdef NGX_QUIC_DEBUG_ALLOC
ngx_uint_t nbufs; ngx_uint_t nbufs;
#endif #endif

8
src/event/quic/ngx_event_quic_frames.c
View File

@ -38,18 +38,22 @@ ngx_quic_alloc_frame(ngx_connection_t *c)
"quic reuse frame n:%ui", qc->nframes); "quic reuse frame n:%ui", qc->nframes);
#endif #endif
} else { } else if (qc->nframes < 10000) {
frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t)); frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t));
if (frame == NULL) { if (frame == NULL) {
return NULL; return NULL;
} }
#ifdef NGX_QUIC_DEBUG_ALLOC
++qc->nframes; ++qc->nframes;
#ifdef NGX_QUIC_DEBUG_ALLOC
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic alloc frame n:%ui", qc->nframes); "quic alloc frame n:%ui", qc->nframes);
#endif #endif
} else {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
return NULL;
} }
ngx_memzero(frame, sizeof(ngx_quic_frame_t)); ngx_memzero(frame, sizeof(ngx_quic_frame_t));