diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2021-08-02 15:48:21 +0300 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2021-08-02 15:48:21 +0300 |
| commit | b93ae5d0670f265bec60cd616dd42b0ce96d8e2d (patch) | |
| tree | db8a59de872ba9eaa3008c7a643bbf2a7a1c5fb3 /src/http/modules/ngx_http_quic_module.c | |
| parent | 2f833198b8229842dbbc57f7e86b00b19ed3b294 (diff) | |
| download | nginx-b93ae5d0670f265bec60cd616dd42b0ce96d8e2d.tar.gz nginx-b93ae5d0670f265bec60cd616dd42b0ce96d8e2d.zip | |
QUIC: stream limits in "hq" mode.
The "hq" mode is HTTP/0.9-1.1 over QUIC. The following limits are introduced:
- uni streams are not allowed
- keepalive_requests is enforced
- keepalive_time is enforced
In case of error, QUIC connection is finalized with 0x101 code. This code
corresponds to HTTP/3 General Protocol Error.
Diffstat (limited to 'src/http/modules/ngx_http_quic_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_quic_module.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c index ab84583f2..b41c069b6 100644 --- a/src/http/modules/ngx_http_quic_module.c +++ b/src/http/modules/ngx_http_quic_module.c @@ -188,6 +188,7 @@ static ngx_str_t ngx_http_quic_salt = ngx_string("ngx_quic"); ngx_int_t ngx_http_quic_init(ngx_connection_t *c) { + uint64_t n; ngx_quic_conf_t *qcf; ngx_http_connection_t *hc, *phc; ngx_http_core_loc_conf_t *clcf; @@ -208,6 +209,40 @@ ngx_http_quic_init(ngx_connection_t *c) ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http init quic stream"); +#if (NGX_HTTP_V3) + if (!hc->addr_conf->http3) +#endif + { + /* Use HTTP/3 General Protocol Error Code 0x101 for finalization */ + + if (c->quic->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) { + ngx_quic_finalize_connection(c->quic->parent, 0x101, + "unexpected uni stream"); + ngx_http_close_connection(c); + return NGX_DONE; + } + + clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module); + + n = c->quic->id >> 2; + + if (n >= clcf->keepalive_requests) { + ngx_quic_finalize_connection(c->quic->parent, 0x101, + "reached maximum number of requests"); + ngx_http_close_connection(c); + return NGX_DONE; + } + + if (ngx_current_msec - c->quic->parent->start_time + > clcf->keepalive_time) + { + ngx_quic_finalize_connection(c->quic->parent, 0x101, + "reached maximum time for requests"); + ngx_http_close_connection(c); + return NGX_DONE; + } + } + phc = ngx_http_quic_get_connection(c); if (phc->ssl_servername) { |