diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c index 6311bfe6d85..3367435b860 100644 --- a/bin/varnishd/http2/cache_http2_proto.c +++ b/bin/varnishd/http2/cache_http2_proto.c @@ -341,6 +341,11 @@ h2_rx_rst_stream(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2) return (0); now = VTIM_real(); + CHECK_OBJ_NOTNULL(r2->req, REQ_MAGIC); + AN(r2->req->t_first); + if (now - r2->req->t_first > cache_param->h2_rapid_reset) + return (0); + d = now - h2->last_rst; h2->rst_budget += cache_param->h2_rapid_reset_limit * d / cache_param->h2_rapid_reset_period; diff --git a/include/tbl/params.h b/include/tbl/params.h index 58500038649..1055aa8bb86 100644 --- a/include/tbl/params.h +++ b/include/tbl/params.h @@ -1257,6 +1257,20 @@ PARAM_SIMPLE( "HTTP2 maximum size of an uncompressed header list." ) +PARAM_SIMPLE( + /* name */ h2_rapid_reset, + /* typ */ timeout, + /* min */ "0.000", + /* max */ NULL, + /* def */ "1.000", + /* units */ "seconds", + /* descr */ + "The upper threshold for how rapid an http/2 RST has to come for " + "it to be treated as suspect and subjected to the rate limits " + "specified by h2_rapid_reset_limit and h2_rapid_reset_period.", + /* flags */ EXPERIMENTAL, +) + PARAM_SIMPLE( /* name */ h2_rapid_reset_limit, /* typ */ uint, @@ -1284,7 +1298,6 @@ PARAM_SIMPLE( /* flags */ EXPERIMENTAL|WIZARD, ) - /*-------------------------------------------------------------------- * Memory pool parameters */