[6.0] e55509391 h2: Add a rate limit facility for h/2 RST handling
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Wed Oct 18 16:40:07 UTC 2023
commit e555093912df07fd06ba8fb164517eb92267db3a
Author: Dag Haavi Finstad <daghf at varnish-software.com>
Date: Wed Oct 11 15:16:36 2023 +0200
h2: Add a rate limit facility for h/2 RST handling
This adds parameters h2_rapid_reset_limit and h2_rapid_reset_period,
which govern the rate of which we permit clients to reset streams.
If the limit is exceeded the connection is closed.
Related to: #1851
Conflicts:
include/tbl/params.h
diff --git a/bin/varnishd/http2/cache_http2.h b/bin/varnishd/http2/cache_http2.h
index 533e00fa8..80e8a165d 100644
--- a/bin/varnishd/http2/cache_http2.h
+++ b/bin/varnishd/http2/cache_http2.h
@@ -193,6 +193,8 @@ struct h2_sess {
h2_error error;
int open_streams;
+ double rst_budget;
+ vtim_real last_rst;
};
#define ASSERT_RXTHR(h2) do {assert(h2->rxthr == pthread_self());} while(0)
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index df3c041aa..514285213 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -314,9 +314,41 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
/**********************************************************************
*/
+static h2_error
+h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
+{
+ vtim_real now;
+ vtim_dur d;
+
+ CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
+ ASSERT_RXTHR(h2);
+ CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC);
+
+ if (cache_param->h2_rapid_reset_limit == 0)
+ return (0);
+
+ now = VTIM_real();
+ d = now - h2->last_rst;
+ h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
+ cache_param->h2_rapid_reset_period;
+ h2->rst_budget = vmin_t(double, h2->rst_budget,
+ cache_param->h2_rapid_reset_limit);
+ h2->last_rst = now;
+
+ if (h2->rst_budget < 1.0) {
+ Lck_Lock(&h2->sess->mtx);
+ VSLb(h2->vsl, SLT_Error, "H2: Hit RST limit. Closing session.");
+ Lck_Unlock(&h2->sess->mtx);
+ return (H2CE_ENHANCE_YOUR_CALM);
+ }
+ h2->rst_budget -= 1.0;
+ return (0);
+}
+
static h2_error v_matchproto_(h2_rxframe_f)
h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
{
+ h2_error h2e;
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
ASSERT_RXTHR(h2);
@@ -326,8 +358,9 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
return (H2CE_FRAME_SIZE_ERROR);
if (r2 == NULL)
return (0);
+ h2e = h2_rapid_reset(wrk, h2, r2);
h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data)));
- return (0);
+ return (h2e);
}
/**********************************************************************
diff --git a/bin/varnishd/http2/cache_http2_session.c b/bin/varnishd/http2/cache_http2_session.c
index add9b7d6c..b45b6e3ac 100644
--- a/bin/varnishd/http2/cache_http2_session.c
+++ b/bin/varnishd/http2/cache_http2_session.c
@@ -127,6 +127,9 @@ h2_init_sess(const struct worker *wrk, struct sess *sp,
h2_local_settings(&h2->local_settings);
h2->remote_settings = H2_proto_settings;
h2->decode = decode;
+ h2->rst_budget = cache_param->h2_rapid_reset_limit;
+ h2->last_rst = sp->t_open;
+ AZ(isnan(h2->last_rst));
AZ(VHT_Init(h2->dectbl, h2->local_settings.header_table_size));
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
new file mode 100644
index 000000000..4d7ff8c51
--- /dev/null
+++ b/bin/varnishtest/tests/r03996.vtc
@@ -0,0 +1,56 @@
+varnishtest "h2 rapid reset"
+
+barrier b1 sock 2 -cyclic
+barrier b2 sock 5 -cyclic
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+varnish v1 -cliok "param.set h2_rapid_reset_limit 3"
+
+varnish v1 -vcl+backend {
+ import vtc;
+
+ sub vcl_recv {
+ if (req.http.barrier) {
+ vtc.barrier_sync(req.http.barrier);
+ }
+ vtc.barrier_sync("${b2_sock}");
+ }
+
+} -start
+
+client c1 {
+ stream 0 {
+ rxgoaway
+ expect goaway.err == ENHANCE_YOUR_CALM
+ } -start
+
+ stream 1 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 3 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 5 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+ stream 7 {
+ txreq -hdr barrier ${b1_sock}
+ barrier b1 sync
+ txrst
+ } -run
+
+ barrier b2 sync
+ stream 0 -wait
+} -run
diff --git a/include/tbl/params.h b/include/tbl/params.h
index 59280f9cc..914384357 100644
--- a/include/tbl/params.h
+++ b/include/tbl/params.h
@@ -1896,6 +1896,38 @@ PARAM(
)
#endif
+PARAM(
+ /* name */ h2_rapid_reset_limit,
+ /* typ */ uint,
+ /* min */ "0",
+ /* max */ NULL,
+ /* default */ "0",
+ /* units */ NULL,
+ /* flags */ EXPERIMENTAL,
+ /* s-text */
+ "HTTP2 RST Allowance.\n\n"
+ "Specifies the maximum number of allowed stream resets issued by "
+ "a client over a time period before the connection is closed. Setting "
+ "this parameter to 0 disables the limit.",
+ /* l-text */ "",
+ /* func */ NULL
+)
+
+
+PARAM(
+ /* name */ h2_rapid_reset_period,
+ /* typ */ timeout,
+ /* min */ "1.000",
+ /* max */ NULL,
+ /* default */ "60.000",
+ /* units */ "seconds",
+ /* flags */ EXPERIMENTAL|WIZARD,
+ /* s-text */
+ "HTTP2 sliding window duration for h2_rapid_reset_limit.",
+ /* l-text */ "",
+ /* func */ NULL
+)
+
#undef PARAM
/*lint -restore */
More information about the varnish-commit
mailing list