[Libwebsockets] max_http_header_data

Roger Light roger at atchoo.org
Sat Jul 9 08:46:12 CEST 2016

Hi Andy,

Thanks for the explanation. I was indeed asking because a user has bumped
up against it.


On 9 Jul 2016 12:37 a.m., "Andy Green" <andy at warmcat.com> wrote:

> On July 9, 2016 5:33:05 AM GMT+08:00, Roger Light <roger at atchoo.org>
> wrote:
> >Hi,
> >
> >libwebsockets.h says:
> >
> >    short max_http_header_data;
> >    /**< CONTEXT: The max amount of header payload that can be handled
> >     * in an http request (unrecognized header payload is dropped) */
> >
> >It's not completely clear to me, does this mean the total header
> >payload data or the payload data for each individual header entry?
> It's the total content of all recognized headers
> https://github.com/warmcat/libwebsockets/blob/master/lib/lextable-strings.h
> for one http connection... they are all processed at once in an ah
> (allocated headers struct) and then made available in callbacks like
> ESTABLISHED and then destroyed afterwards.  Unrecognized header content is
> just dropped.
> Http headers have an intentional, standardized quirk that the same header
> appearing multiple times is defined to append to a single logical header,
> not be n instances of the header.  So to avoid header fragmentation
> attacks, lws apis for header access automatically combine originally
> fragmented headers and return them as one; to do that they need all the
> headers at once.
> It used to make sense to keep this number low by default, because every
> http connection would malloc an ah including this buffer, if a lot came at
> once it could blow up the memory usage unpredictably, briefly.  But the
> change to having an ah pool, where the user can control both the
> max_http_header_data (currently defaults to 1024) and the number of pool
> members (currently defaults to 16), means the default should probably be
> bigger now since it seems people are bumping into it.
> -Andy
> >Cheers,
> >
> >Roger
> >_______________________________________________
> >Libwebsockets mailing list
> >Libwebsockets at ml.libwebsockets.org
> >http://libwebsockets.org/mailman/listinfo/libwebsockets
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20160709/0058e92e/attachment-0001.html>

More information about the Libwebsockets mailing list