QUIC: limited the total number of frames.

Exceeding 10000 allocated frames is considered a flood.
2025-02-25 18:55:26 -06:00 · 2021-10-13 14:46:51 +03:00 · 2021-10-13 14:46:51 +03:00 · da28a4c626
commit da28a4c626
parent 6e58593a59
2 changed files with 7 additions and 3 deletions
--- a/src/event/quic/ngx_event_quic_connection.h
+++ b/src/event/quic/ngx_event_quic_connection.h
@ -228,8 +228,8 @@ struct ngx_quic_connection_s {
    ngx_chain_t                      *free_bufs;
    ngx_buf_t                        *free_shadow_bufs;

-#ifdef NGX_QUIC_DEBUG_ALLOC
    ngx_uint_t                        nframes;
+#ifdef NGX_QUIC_DEBUG_ALLOC
    ngx_uint_t                        nbufs;
 #endif

--- a/src/event/quic/ngx_event_quic_frames.c
+++ b/src/event/quic/ngx_event_quic_frames.c
@ -38,18 +38,22 @@ ngx_quic_alloc_frame(ngx_connection_t *c)
                       "quic reuse frame n:%ui", qc->nframes);
 #endif

-    } else {
+    } else if (qc->nframes < 10000) {
        frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t));
        if (frame == NULL) {
            return NULL;
        }

-#ifdef NGX_QUIC_DEBUG_ALLOC
        ++qc->nframes;

+#ifdef NGX_QUIC_DEBUG_ALLOC
        ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                       "quic alloc frame n:%ui", qc->nframes);
 #endif
+
+    } else {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
+        return NULL;
    }

    ngx_memzero(frame, sizeof(ngx_quic_frame_t));