[6.0] 969c7e51f Add param h2_rapid_reset

Dridi Boukelmoune dridi.boukelmoune at gmail.com
Wed Oct 18 16:40:07 UTC 2023 

commit 969c7e51fa1ec54ba6bc988c1c492c95020da31a
Author: Dag Haavi Finstad <daghf at varnish-software.com>
Date:   Mon Oct 16 15:56:37 2023 +0200

    Add param h2_rapid_reset
    
    Only RST frames received earlier than this duration will be considered
    rapid.
    
    Includes backports of the following upstream doc-touchups:
    - 151f4d50f98ed43ad04b60208e65697ddb71dbf7
    - 46d4f82386ab10ea4798637a70dc7122a9b81bba
    
    Conflicts:
            include/tbl/params.h

diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index fc93d2b33..e6ac6a6c4 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -329,6 +329,11 @@ h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
 		return (0);
 
 	now = VTIM_real();
+	CHECK_OBJ_NOTNULL(r2->req, REQ_MAGIC);
+	AN(r2->req->t_first);
+	if (now - r2->req->t_first > cache_param->h2_rapid_reset)
+		return (0);
+
 	d = now - h2->last_rst;
 	h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
 	    cache_param->h2_rapid_reset_period;
diff --git a/bin/varnishtest/tests/r03996.vtc b/bin/varnishtest/tests/r03996.vtc
index c9b1a4c37..d9493d1f9 100644
--- a/bin/varnishtest/tests/r03996.vtc
+++ b/bin/varnishtest/tests/r03996.vtc
@@ -11,6 +11,7 @@ server s1 {
 varnish v1 -cliok "param.set feature +http2"
 varnish v1 -cliok "param.set debug +syncvsl"
 varnish v1 -cliok "param.set h2_rapid_reset_limit 3"
+varnish v1 -cliok "param.set h2_rapid_reset 5"
 
 varnish v1 -vcl+backend {
 	import vtc;
diff --git a/include/tbl/params.h b/include/tbl/params.h
index 914384357..78a793470 100644
--- a/include/tbl/params.h
+++ b/include/tbl/params.h
@@ -1896,6 +1896,24 @@ PARAM(
 )
 #endif
 
+PARAM(
+	/* name */	h2_rapid_reset,
+	/* typ */	timeout,
+	/* min */	"0",
+	/* max */	NULL,
+	/* default */	"1.0",
+	/* units */	"seconds",
+	/* flags */	EXPERIMENTAL,
+	/* s-text */
+	"The upper threshold for how soon an http/2 RST_STREAM frame has "
+	"to be parsed after a HEADERS frame for it to be treated as "
+	"suspect and subjected to the rate limits specified by "
+	"h2_rapid_reset_limit and h2_rapid_reset_period.",
+	/* l-text */	"",
+	/* func */	NULL
+)
+
+
 PARAM(
 	/* name */	h2_rapid_reset_limit,
 	/* typ */	uint,

More information about the varnish-commit mailing list