QUIC: limited the total number of frames.

Exceeding 10000 allocated frames is considered a flood.
author: Roman Arutyunyan <arut@nginx.com> 2021-10-13 14:46:51 +0300
committer: Roman Arutyunyan <arut@nginx.com> 2021-10-13 14:46:51 +0300
commit: da28a4c6267b8b29d9188f89ab8fad6de08ea688 (patch)
tree: 8f01b5a580066e7e222504737bf4e45c74ddb763 /src/event/quic/ngx_event_quic_frames.c
parent: 6e58593a593804cfad04a8ddbea086fec1872ef0 (diff)
download: nginx-da28a4c6267b8b29d9188f89ab8fad6de08ea688.tar.gz
nginx-da28a4c6267b8b29d9188f89ab8fad6de08ea688.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/event/quic/ngx_event_quic_frames.c b/src/event/quic/ngx_event_quic_frames.c
index 438565858..8d9fe24c2 100644
--- a/src/event/quic/ngx_event_quic_frames.c
+++ b/src/event/quic/ngx_event_quic_frames.c
@@ -38,18 +38,22 @@ ngx_quic_alloc_frame(ngx_connection_t *c)
                        "quic reuse frame n:%ui", qc->nframes);
 #endif
 
-    } else {
+    } else if (qc->nframes < 10000) {
         frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t));
         if (frame == NULL) {
             return NULL;
         }
 
-#ifdef NGX_QUIC_DEBUG_ALLOC
         ++qc->nframes;
 
+#ifdef NGX_QUIC_DEBUG_ALLOC
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "quic alloc frame n:%ui", qc->nframes);
 #endif
+
+    } else {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
+        return NULL;
     }
 
     ngx_memzero(frame, sizeof(ngx_quic_frame_t));
author	Roman Arutyunyan <arut@nginx.com>	2021-10-13 14:46:51 +0300
committer	Roman Arutyunyan <arut@nginx.com>	2021-10-13 14:46:51 +0300
commit	da28a4c6267b8b29d9188f89ab8fad6de08ea688 (patch)
tree	8f01b5a580066e7e222504737bf4e45c74ddb763 /src/event/quic/ngx_event_quic_frames.c
parent	6e58593a593804cfad04a8ddbea086fec1872ef0 (diff)
download	nginx-da28a4c6267b8b29d9188f89ab8fad6de08ea688.tar.gz nginx-da28a4c6267b8b29d9188f89ab8fad6de08ea688.zip