Skip to main content

H2FloodConfig

sozu_lib::protocol::mux

Struct H2FloodConfig 

Source 
pub struct H2FloodConfig {
    pub max_rst_stream_per_window: u32,
    pub max_ping_per_window: u32,
    pub max_settings_per_window: u32,
    pub max_empty_data_per_window: u32,
    pub max_window_update_stream0_per_window: u32,
    pub max_continuation_frames: u32,
    pub max_glitch_count: u32,
    pub max_rst_stream_lifetime: u64,
    pub max_rst_stream_abusive_lifetime: u64,
    pub max_rst_stream_emitted_lifetime: u64,
    pub max_header_list_size: u32,
    pub max_header_table_size: u32,
}
Expand description

Configurable thresholds for H2 flood detection.

All values have safe defaults matching the compile-time constants. When configured via listener config, None values fall back to these defaults.

Fields§

§max_rst_stream_per_window: u32

Maximum RST_STREAM frames per second window (CVE-2023-44487, CVE-2019-9514)

§max_ping_per_window: u32

Maximum PING frames per second window (CVE-2019-9512)

§max_settings_per_window: u32

Maximum SETTINGS frames per second window (CVE-2019-9515)

§max_empty_data_per_window: u32

Maximum empty DATA frames per second window (CVE-2019-9518)

§max_window_update_stream0_per_window: u32

Maximum connection-level (stream 0) WINDOW_UPDATE frames per sliding window. Caps the CPU cost of a peer sending a flood of non-zero stream-0 WINDOW_UPDATEs — each is individually legal so the generic glitch counter does not trip, yet millions per connection still burn server CPU parsing and updating the flow window.

§max_continuation_frames: u32

Maximum CONTINUATION frames per header block (CVE-2024-27316)

§max_glitch_count: u32

Maximum accumulated protocol anomalies before ENHANCE_YOUR_CALM

§max_rst_stream_lifetime: u64

Absolute lifetime cap on RST_STREAM frames received on a single connection (CVE-2023-44487). Never decays — provides a ceiling the per-window counter cannot.

§max_rst_stream_abusive_lifetime: u64

Lifetime cap on “abusive” (pre-response-start) RST_STREAM frames — the Rapid Reset signature (CVE-2023-44487).

§max_rst_stream_emitted_lifetime: u64

Absolute lifetime cap on server-emitted RST_STREAM frames for this connection (CVE-2025-8671 “MadeYouReset”). Only non-NoError resets count — graceful cancels are exempt.

§max_header_list_size: u32

Maximum accumulated HPACK-decoded header list size per request (SETTINGS_MAX_HEADER_LIST_SIZE, RFC 9113 §6.5.2).

§max_header_table_size: u32

Maximum HPACK dynamic table size (SETTINGS_HEADER_TABLE_SIZE) accepted from the peer. Caps the value the peer advertises in SETTINGS frames to prevent unbounded HPACK encoder memory growth.

Implementations§

Source§

impl H2FloodConfig

Source

pub fn new( max_rst_stream_per_window: u32, max_ping_per_window: u32, max_settings_per_window: u32, max_empty_data_per_window: u32, max_window_update_stream0_per_window: u32, max_continuation_frames: u32, max_glitch_count: u32, max_rst_stream_lifetime: u64, max_rst_stream_abusive_lifetime: u64, max_rst_stream_emitted_lifetime: u64, max_header_list_size: u32, max_header_table_size: u32, ) -> Self

Create a validated config, clamping all thresholds to at least 1. Zero thresholds would cause immediate flood detection on any frame.

Trait Implementations§

Source§

impl Clone for H2FloodConfig

Source§

fn clone(&self) -> H2FloodConfig

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for H2FloodConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for H2FloodConfig

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl PartialEq for H2FloodConfig

Source§

fn eq(&self, other: &H2FloodConfig) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for H2FloodConfig

Source§

impl Eq for H2FloodConfig

Source§

impl StructuralPartialEq for H2FloodConfig

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Reset for T
where T: Default + Clone,

Source§

fn reset(&mut self)

Source§

impl<T> Reset for T
where T: Default + Clone,

Source§

fn reset(&mut self)

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more