Skip to content

Commit

Permalink
Copy rapid reset parameters to the h2 session
Browse files Browse the repository at this point in the history
This will allow per-session adjustments and also significantly
lower the risk of inconsistent calculations in the rate limit
code during parameter changes.

Ref varnishcache#3996
  • Loading branch information
nigoroll committed Oct 18, 2023
1 parent 4d584dd commit f820f80
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 12 deletions.
7 changes: 7 additions & 0 deletions bin/varnishd/http2/cache_http2.h
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,13 @@ struct h2_sess {
VTAILQ_HEAD(,h2_req) txqueue;

h2_error error;

// rst rate limit parameters, copied from h2_* parameters
vtim_dur rapid_reset;
int64_t rapid_reset_limit;
vtim_dur rapid_reset_period;

// rst rate limit state
double rst_budget;
vtim_real last_rst;
};
Expand Down
10 changes: 5 additions & 5 deletions bin/varnishd/http2/cache_http2_proto.c
Original file line number Diff line number Diff line change
Expand Up @@ -331,20 +331,20 @@ h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
ASSERT_RXTHR(h2);
CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC);

if (cache_param->h2_rapid_reset_limit == 0)
if (h2->rapid_reset_limit == 0)
return (0);

now = VTIM_real();
CHECK_OBJ_NOTNULL(r2->req, REQ_MAGIC);
AN(r2->req->t_first);
if (now - r2->req->t_first > cache_param->h2_rapid_reset)
if (now - r2->req->t_first > h2->rapid_reset)
return (0);

d = now - h2->last_rst;
h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
cache_param->h2_rapid_reset_period;
h2->rst_budget += h2->rapid_reset_limit * d /
h2->rapid_reset_period;
h2->rst_budget = vmin_t(double, h2->rst_budget,
cache_param->h2_rapid_reset_limit);
h2->rapid_reset_limit);
h2->last_rst = now;

if (h2->rst_budget < 1.0) {
Expand Down
7 changes: 6 additions & 1 deletion bin/varnishd/http2/cache_http2_session.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,12 @@ h2_init_sess(struct sess *sp,
h2_local_settings(&h2->local_settings);
h2->remote_settings = H2_proto_settings;
h2->decode = decode;
h2->rst_budget = cache_param->h2_rapid_reset_limit;

h2->rapid_reset = cache_param->h2_rapid_reset;
h2->rapid_reset_limit = cache_param->h2_rapid_reset_limit;
h2->rapid_reset_period = cache_param->h2_rapid_reset_period;

h2->rst_budget = h2->rapid_reset_limit;
h2->last_rst = sp->t_open;
AZ(isnan(h2->last_rst));

Expand Down
14 changes: 8 additions & 6 deletions include/tbl/params.h
Original file line number Diff line number Diff line change
Expand Up @@ -1257,6 +1257,8 @@ PARAM_SIMPLE(
"HTTP2 maximum size of an uncompressed header list."
)

#define H2_RR_INFO \
"Changes to this parameter affect the default for new HTTP2 sessions"
PARAM_SIMPLE(
/* name */ h2_rapid_reset,
/* typ */ timeout,
Expand All @@ -1268,8 +1270,8 @@ PARAM_SIMPLE(
"The upper threshold for how soon an http/2 RST_STREAM frame has "
"to be parsed after a HEADERS frame for it to be treated as "
"suspect and subjected to the rate limits specified by "
"h2_rapid_reset_limit and h2_rapid_reset_period.",
/* flags */ EXPERIMENTAL,
"h2_rapid_reset_limit and h2_rapid_reset_period.\n" H2_RR_INFO,
/* flags */ EXPERIMENTAL|DELAYED_EFFECT,
)

PARAM_SIMPLE(
Expand All @@ -1283,8 +1285,8 @@ PARAM_SIMPLE(
"HTTP2 RST Allowance.\n"
"Specifies the maximum number of allowed stream resets issued by\n"
"a client over a time period before the connection is closed.\n"
"Setting this parameter to 0 disables the limit.",
/* flags */ EXPERIMENTAL,
"Setting this parameter to 0 disables the limit.\n" H2_RR_INFO,
/* flags */ EXPERIMENTAL|DELAYED_EFFECT,
)

PARAM_SIMPLE(
Expand All @@ -1295,8 +1297,8 @@ PARAM_SIMPLE(
/* def */ "60.000",
/* units */ "seconds",
/* descr */
"HTTP2 sliding window duration for h2_rapid_reset_limit.",
/* flags */ EXPERIMENTAL|WIZARD,
"HTTP2 sliding window duration for h2_rapid_reset_limit.\n" H2_RR_INFO,
/* flags */ EXPERIMENTAL|DELAYED_EFFECT|WIZARD,
)

/*--------------------------------------------------------------------
Expand Down

0 comments on commit f820f80

Please sign in to comment.