416bbdcff3
An attack that continuously switches HTTP/2 connection between idle and active states can result in excessive CPU usage. This is because when a connection switches to the idle state, all of its memory pool caches are freed. This change limits the maximum allowed number of idle state switches to 10 * http2_max_requests (i.e., 10000 by default). This limits possible CPU usage in one connection, and also imposes a limit on the maximum lifetime of a connection. Initially reported by Gal Goldshtein from F5 Networks. |
||
---|---|---|
.. | ||
ngx_http_v2.c | ||
ngx_http_v2.h | ||
ngx_http_v2_encode.c | ||
ngx_http_v2_filter_module.c | ||
ngx_http_v2_huff_decode.c | ||
ngx_http_v2_huff_encode.c | ||
ngx_http_v2_module.c | ||
ngx_http_v2_module.h | ||
ngx_http_v2_table.c |