Maxim Dounin
August 13, 2019 01:02PM
details: https://hg.nginx.org/nginx/rev/a23a7e6edac4
branches: stable-1.16
changeset: 7556:a23a7e6edac4
user: Ruslan Ermilov <ru@nginx.com>
date: Tue Aug 13 15:43:40 2019 +0300
description:
HTTP/2: limited number of PRIORITY frames.

Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams. Fix is to limit the number of PRIORITY frames.

diffstat:

src/http/v2/ngx_http_v2.c | 10 ++++++++++
src/http/v2/ngx_http_v2.h | 1 +
2 files changed, 11 insertions(+), 0 deletions(-)

diffs (45 lines):

diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -273,6 +273,7 @@ ngx_http_v2_init(ngx_event_t *rev)
h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);

h2c->concurrent_pushes = h2scf->concurrent_pushes;
+ h2c->priority_limit = h2scf->concurrent_streams;

h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
if (h2c->pool == NULL) {
@@ -1804,6 +1805,13 @@ ngx_http_v2_state_priority(ngx_http_v2_c
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
}

+ if (--h2c->priority_limit == 0) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many PRIORITY frames");
+
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM);
+ }
+
if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) {
return ngx_http_v2_state_save(h2c, pos, end,
ngx_http_v2_state_priority);
@@ -3120,6 +3128,8 @@ ngx_http_v2_create_stream(ngx_http_v2_co
h2c->processing++;
}

+ h2c->priority_limit += h2scf->concurrent_streams;
+
return stream;
}

diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h
+++ b/src/http/v2/ngx_http_v2.h
@@ -122,6 +122,7 @@ struct ngx_http_v2_connection_s {
ngx_uint_t processing;
ngx_uint_t frames;
ngx_uint_t idle;
+ ngx_uint_t priority_limit;

ngx_uint_t pushing;
ngx_uint_t concurrent_pushes;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] HTTP/2: limited number of PRIORITY frames.

Maxim Dounin 66 August 13, 2019 01:02PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 131
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready