HTTP/3: http3_max_uni_streams directive.

The directive limits the number of uni streams client is allowed to create.

3 files changed, 28 insertions, 0 deletions

diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h
index e693af7d8..bea560864 100644
--- a/src/http/v3/ngx_http_v3.h
+++ b/src/http/v3/ngx_http_v3.h
@@ -53,6 +53,7 @@
 #define NGX_HTTP_V3_DEFAULT_MAX_TABLE_CAPACITY     16384
 #define NGX_HTTP_V3_DEFAULT_MAX_BLOCKED_STREAMS    16
 #define NGX_HTTP_V3_DEFAULT_MAX_CONCURRENT_PUSHES  10
+#define NGX_HTTP_V3_DEFAULT_MAX_UNI_STREAMS        3
 
 /* HTTP/3 errors */
 #define NGX_HTTP_V3_ERR_NO_ERROR                   0x100
@@ -99,6 +100,7 @@ typedef struct {
     size_t                        max_table_capacity;
     ngx_uint_t                    max_blocked_streams;
     ngx_uint_t                    max_concurrent_pushes;
+    ngx_uint_t                    max_uni_streams;
 } ngx_http_v3_srv_conf_t;
 
 
diff --git a/src/http/v3/ngx_http_v3_module.c b/src/http/v3/ngx_http_v3_module.c
index 3b651f044..873ebb2f3 100644
--- a/src/http/v3/ngx_http_v3_module.c
+++ b/src/http/v3/ngx_http_v3_module.c
@@ -42,6 +42,13 @@ static ngx_command_t  ngx_http_v3_commands[] = {
       offsetof(ngx_http_v3_srv_conf_t, max_concurrent_pushes),
       NULL },
 
+    { ngx_string("http3_max_uni_streams"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_v3_srv_conf_t, max_uni_streams),
+      NULL },
+
     { ngx_string("http3_push"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
       ngx_http_v3_push,
@@ -104,6 +111,7 @@ ngx_http_v3_create_srv_conf(ngx_conf_t *cf)
     h3scf->max_table_capacity = NGX_CONF_UNSET_SIZE;
     h3scf->max_blocked_streams = NGX_CONF_UNSET_UINT;
     h3scf->max_concurrent_pushes = NGX_CONF_UNSET_UINT;
+    h3scf->max_uni_streams = NGX_CONF_UNSET_UINT;
 
     return h3scf;
 }
@@ -127,6 +135,10 @@ ngx_http_v3_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
                               prev->max_concurrent_pushes,
                               NGX_HTTP_V3_DEFAULT_MAX_CONCURRENT_PUSHES);
 
+    ngx_conf_merge_uint_value(conf->max_uni_streams,
+                              prev->max_uni_streams,
+                              NGX_HTTP_V3_DEFAULT_MAX_UNI_STREAMS);
+
     return NGX_CONF_OK;
 }
 
diff --git a/src/http/v3/ngx_http_v3_streams.c b/src/http/v3/ngx_http_v3_streams.c
index 693225b89..1b0f91454 100644
--- a/src/http/v3/ngx_http_v3_streams.c
+++ b/src/http/v3/ngx_http_v3_streams.c
@@ -35,10 +35,24 @@ static ngx_connection_t *ngx_http_v3_get_uni_stream(ngx_connection_t *c,
 void
 ngx_http_v3_init_uni_stream(ngx_connection_t *c)
 {
+    uint64_t                   n;
+    ngx_http_v3_srv_conf_t    *h3scf;
     ngx_http_v3_uni_stream_t  *us;
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 init uni stream");
 
+    h3scf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module);
+
+    n = c->quic->id >> 2;
+
+    if (n >= h3scf->max_uni_streams) {
+        ngx_http_v3_finalize_connection(c,
+                                      NGX_HTTP_V3_ERR_STREAM_CREATION_ERROR,
+                                      "reached maximum number of uni streams");
+        ngx_http_close_connection(c);
+        return;
+    }
+
     c->quic->cancelable = 1;
 
     us = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_uni_stream_t));