|
 |
0abed9 |
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
|
|
0abed9 |
index 12214e1..3b7f892 100644
|
|
|
0abed9 |
--- a/src/http/v2/ngx_http_v2.c
|
|
|
0abed9 |
+++ b/src/http/v2/ngx_http_v2.c
|
|
|
0abed9 |
@@ -4335,6 +4335,8 @@ ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc)
|
|
|
0abed9 |
*/
|
|
|
0abed9 |
pool = stream->pool;
|
|
|
0abed9 |
|
|
|
0abed9 |
+ h2c->frames -= stream->frames;
|
|
|
0abed9 |
+
|
|
|
0abed9 |
ngx_http_free_request(stream->request, rc);
|
|
|
0abed9 |
|
|
|
0abed9 |
if (pool != h2c->state.pool) {
|
|
|
0abed9 |
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
|
|
0abed9 |
index bec2216..715b7d3 100644
|
|
|
0abed9 |
--- a/src/http/v2/ngx_http_v2.h
|
|
|
0abed9 |
+++ b/src/http/v2/ngx_http_v2.h
|
|
|
0abed9 |
@@ -192,6 +192,8 @@ struct ngx_http_v2_stream_s {
|
|
|
0abed9 |
|
|
|
0abed9 |
ngx_buf_t *preread;
|
|
|
0abed9 |
|
|
|
0abed9 |
+ ngx_uint_t frames;
|
|
|
0abed9 |
+
|
|
|
0abed9 |
ngx_http_v2_out_frame_t *free_frames;
|
|
|
0abed9 |
ngx_chain_t *free_frame_headers;
|
|
|
0abed9 |
ngx_chain_t *free_bufs;
|
|
|
0abed9 |
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
|
|
|
0abed9 |
index 029e8ec..c7ee553 100644
|
|
|
0abed9 |
--- a/src/http/v2/ngx_http_v2_filter_module.c
|
|
|
0abed9 |
+++ b/src/http/v2/ngx_http_v2_filter_module.c
|
|
|
0abed9 |
@@ -1661,22 +1661,34 @@ static ngx_http_v2_out_frame_t *
|
|
|
0abed9 |
ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream,
|
|
|
0abed9 |
size_t len, ngx_chain_t *first, ngx_chain_t *last)
|
|
|
0abed9 |
{
|
|
|
0abed9 |
- u_char flags;
|
|
|
0abed9 |
- ngx_buf_t *buf;
|
|
|
0abed9 |
- ngx_chain_t *cl;
|
|
|
0abed9 |
- ngx_http_v2_out_frame_t *frame;
|
|
|
0abed9 |
+ u_char flags;
|
|
|
0abed9 |
+ ngx_buf_t *buf;
|
|
|
0abed9 |
+ ngx_chain_t *cl;
|
|
|
0abed9 |
+ ngx_http_v2_out_frame_t *frame;
|
|
|
0abed9 |
+ ngx_http_v2_connection_t *h2c;
|
|
|
0abed9 |
|
|
|
0abed9 |
frame = stream->free_frames;
|
|
|
0abed9 |
+ h2c = stream->connection;
|
|
|
0abed9 |
|
|
|
0abed9 |
if (frame) {
|
|
|
0abed9 |
stream->free_frames = frame->next;
|
|
|
0abed9 |
|
|
|
0abed9 |
- } else {
|
|
|
0abed9 |
+ } else if (h2c->frames < 10000) {
|
|
|
0abed9 |
frame = ngx_palloc(stream->request->pool,
|
|
|
0abed9 |
sizeof(ngx_http_v2_out_frame_t));
|
|
|
0abed9 |
if (frame == NULL) {
|
|
|
0abed9 |
return NULL;
|
|
|
0abed9 |
}
|
|
|
0abed9 |
+
|
|
|
0abed9 |
+ stream->frames++;
|
|
|
0abed9 |
+ h2c->frames++;
|
|
|
0abed9 |
+
|
|
|
0abed9 |
+ } else {
|
|
|
0abed9 |
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
|
|
0abed9 |
+ "http2 flood detected");
|
|
|
0abed9 |
+
|
|
|
0abed9 |
+ h2c->connection->error = 1;
|
|
|
0abed9 |
+ return NULL;
|
|
|
0abed9 |
}
|
|
|
0abed9 |
|
|
|
0abed9 |
flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0;
|