tempesta icon indicating copy to clipboard operation
tempesta copied to clipboard

Published 20 hours ago verified publisher icon tempesta-tech

fix(1346): fix control frames flood

Open kingluo opened this issue 1 year ago • 4 comments

part of #1346

kingluo avatar Apr 24 '24 10:04 kingluo

I think that it is better to implement new counter in frang and check max count of control frames as we do for all other limits in frang.

EvgeniiMekhanik avatar May 03 '24 15:05 EvgeniiMekhanik

I think that it is better to implement new counter in frang and check max count of control frames as we do for all other limits in frang.

Maybe global configuration is better than frang? Just like "http_max_header_list_size", it should apply to all HTTP/2 connections regardless of virtual host, and it is not a request response related parameter.

kingluo avatar May 06 '24 08:05 kingluo

I think that it is better to implement new counter in frang and check max count of control frames as we do for all other limits in frang.

I don't see much sense to move it to frang. 1. There is no appropriate frang handler. 2. We don't need history. 3. We have http_max_header_list_size that is not belong to frang as well.

const-t avatar May 09 '24 13:05 const-t

I think that it is better to implement new counter in frang and check max count of control frames as we do for all other limits in frang.

I don't see much sense to move it to frang. 1. There is no appropriate frang handler. 2. We don't need history. 3. We have http_max_header_list_size that is not belong to frang as well.

However also there is one disadvantage of using it outside the frang, we can't configure ip_block for ping flooding. And this could be the deciding factor for moving it to frang.

const-t avatar May 10 '24 11:05 const-t