Skip to content

Commit

Permalink
h2: Add a rate limit facility for h/2 RST handling
Browse files Browse the repository at this point in the history
This adds parameters h2_rst_allowance and h2_rst_allowance_period,
which govern the rate of which we allow clients to reset h/2 streams.

If the limit is exceeded the connection is closed.

Mitigates: #3996
  • Loading branch information
daghf committed Oct 17, 2023
1 parent 7332bdf commit cafeb6c
Show file tree
Hide file tree
Showing 5 changed files with 116 additions and 1 deletion.
2 changes: 2 additions & 0 deletions bin/varnishd/http2/cache_http2.h
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,8 @@ struct h2_sess {
VTAILQ_HEAD(,h2_req) txqueue;

h2_error error;
double rst_budget;
vtim_real last_rst;
};

#define ASSERT_RXTHR(h2) do {assert(h2->rxthr == pthread_self());} while(0)
Expand Down
35 changes: 34 additions & 1 deletion bin/varnishd/http2/cache_http2_proto.c
Original file line number Diff line number Diff line change
Expand Up @@ -320,9 +320,41 @@ h2_rx_push_promise(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
/**********************************************************************
*/

static h2_error
h2_rapid_reset(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
{
vtim_real now;
vtim_dur d;

CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
ASSERT_RXTHR(h2);
CHECK_OBJ_NOTNULL(r2, H2_REQ_MAGIC);

if (cache_param->h2_rapid_reset_limit == 0)
return (0);

now = VTIM_real();
d = now - h2->last_rst;
h2->rst_budget += cache_param->h2_rapid_reset_limit * d /
cache_param->h2_rapid_reset_period;
h2->rst_budget = vmin_t(double, h2->rst_budget,
cache_param->h2_rapid_reset_limit);
h2->last_rst = now;

if (h2->rst_budget < 1.0) {
Lck_Lock(&h2->sess->mtx);
VSLb(h2->vsl, SLT_Error, "H2: Hit RST limit. Closing session.");
Lck_Unlock(&h2->sess->mtx);
return (H2CE_ENHANCE_YOUR_CALM);
}
h2->rst_budget -= 1.0;
return (0);
}

static h2_error v_matchproto_(h2_rxframe_f)
h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
{
h2_error h2e;

CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
ASSERT_RXTHR(h2);
Expand All @@ -332,8 +364,9 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
return (H2CE_FRAME_SIZE_ERROR);
if (r2 == NULL)
return (0);
h2e = h2_rapid_reset(wrk, h2, r2);
h2_kill_req(wrk, h2, r2, h2_streamerror(vbe32dec(h2->rxf_data)));
return (0);
return (h2e);
}

/**********************************************************************
Expand Down
3 changes: 3 additions & 0 deletions bin/varnishd/http2/cache_http2_session.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,9 @@ h2_init_sess(struct sess *sp,
h2_local_settings(&h2->local_settings);
h2->remote_settings = H2_proto_settings;
h2->decode = decode;
h2->rst_budget = cache_param->h2_rapid_reset_limit;
h2->last_rst = sp->t_open;
AZ(isnan(h2->last_rst));

AZ(VHT_Init(h2->dectbl, h2->local_settings.header_table_size));

Expand Down
49 changes: 49 additions & 0 deletions bin/varnishtest/tests/r03996.vtc
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
varnishtest "h2 rapid reset"

barrier b1 sock 5

server s1 {
rxreq
txresp
} -start

varnish v1 -cliok "param.set feature +http2"
varnish v1 -cliok "param.set debug +syncvsl"
varnish v1 -cliok "param.set h2_rapid_reset_limit 3"

varnish v1 -vcl+backend {
import vtc;

sub vcl_recv {
vtc.barrier_sync("${b1_sock}");
}

} -start

client c1 {
stream 0 {
rxgoaway
expect goaway.err == ENHANCE_YOUR_CALM
} -start

stream 1 {
txreq
txrst
} -run
stream 3 {
txreq
txrst
} -run
stream 5 {
txreq
txrst
} -run
stream 7 {
txreq
txrst
} -run

barrier b1 sync
stream 0 -wait
} -run

28 changes: 28 additions & 0 deletions include/tbl/params.h
Original file line number Diff line number Diff line change
Expand Up @@ -1257,6 +1257,34 @@ PARAM_SIMPLE(
"HTTP2 maximum size of an uncompressed header list."
)

PARAM_SIMPLE(
/* name */ h2_rapid_reset_limit,
/* typ */ uint,
/* min */ "0",
/* max */ NULL,
/* def */ "0",
/* units */ NULL,
/* descr */
"HTTP2 RST Allowance.\n"
"Specifies the maximum number of allowed stream resets issued by\n"
"a client over a time period before the connection is closed.\n"
"Setting this parameter to 0 disables the limit.",
/* flags */ EXPERIMENTAL,
)

PARAM_SIMPLE(
/* name */ h2_rapid_reset_period,
/* typ */ timeout,
/* min */ "1.000",
/* max */ NULL,
/* def */ "60.000",
/* units */ "seconds",
/* descr */
"HTTP2 sliding window duration for h2_rapid_reset_limit.",
/* flags */ EXPERIMENTAL|WIZARD,
)


/*--------------------------------------------------------------------
* Memory pool parameters
*/
Expand Down

0 comments on commit cafeb6c

Please sign in to comment.