From af0e284b967d0ecff1abcdce6558ed4635e3e757 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 18 Sep 2019 20:28:12 +0300 Subject: HTTP/2: traffic-based flood detection. With this patch, all traffic over an HTTP/2 connection is counted in the h2c->total_bytes field, and payload traffic is counted in the h2c->payload_bytes field. As long as total traffic is many times larger than payload traffic, we consider this to be a flood. --- src/http/v2/ngx_http_v2.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/http/v2/ngx_http_v2.h') diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h index 69d55d1cb..59ddf54e2 100644 --- a/src/http/v2/ngx_http_v2.h +++ b/src/http/v2/ngx_http_v2.h @@ -119,6 +119,9 @@ struct ngx_http_v2_connection_s { ngx_connection_t *connection; ngx_http_connection_t *http_connection; + off_t total_bytes; + off_t payload_bytes; + ngx_uint_t processing; ngx_uint_t frames; ngx_uint_t idle; -- cgit