]> git.kaiwu.me - nginx.git/commitdiff
QUIC: stream limits in "hq" mode.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 2 Aug 2021 12:48:21 +0000 (15:48 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Mon, 2 Aug 2021 12:48:21 +0000 (15:48 +0300)
The "hq" mode is HTTP/0.9-1.1 over QUIC.  The following limits are introduced:

- uni streams are not allowed
- keepalive_requests is enforced
- keepalive_time is enforced

In case of error, QUIC connection is finalized with 0x101 code.  This code
corresponds to HTTP/3 General Protocol Error.

src/http/modules/ngx_http_quic_module.c

index ab84583f22058ceaae379773c45da4906c716545..b41c069b657b07faff15522ff094f84a6ed5049c 100644 (file)
@@ -188,6 +188,7 @@ static ngx_str_t  ngx_http_quic_salt = ngx_string("ngx_quic");
 ngx_int_t
 ngx_http_quic_init(ngx_connection_t *c)
 {
+    uint64_t                   n;
     ngx_quic_conf_t           *qcf;
     ngx_http_connection_t     *hc, *phc;
     ngx_http_core_loc_conf_t  *clcf;
@@ -208,6 +209,40 @@ ngx_http_quic_init(ngx_connection_t *c)
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http init quic stream");
 
+#if (NGX_HTTP_V3)
+    if (!hc->addr_conf->http3)
+#endif
+    {
+        /* Use HTTP/3 General Protocol Error Code 0x101 for finalization */
+
+        if (c->quic->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) {
+            ngx_quic_finalize_connection(c->quic->parent, 0x101,
+                                         "unexpected uni stream");
+            ngx_http_close_connection(c);
+            return NGX_DONE;
+        }
+
+        clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module);
+
+        n = c->quic->id >> 2;
+
+        if (n >= clcf->keepalive_requests) {
+            ngx_quic_finalize_connection(c->quic->parent, 0x101,
+                                         "reached maximum number of requests");
+            ngx_http_close_connection(c);
+            return NGX_DONE;
+        }
+
+        if (ngx_current_msec - c->quic->parent->start_time
+            > clcf->keepalive_time)
+        {
+            ngx_quic_finalize_connection(c->quic->parent, 0x101,
+                                          "reached maximum time for requests");
+            ngx_http_close_connection(c);
+            return NGX_DONE;
+        }
+    }
+
     phc = ngx_http_quic_get_connection(c);
 
     if (phc->ssl_servername) {