roger at atchoo.org
Sat Jul 9 08:46:12 CEST 2016
Thanks for the explanation. I was indeed asking because a user has bumped
up against it.
On 9 Jul 2016 12:37 a.m., "Andy Green" <andy at warmcat.com> wrote:
> On July 9, 2016 5:33:05 AM GMT+08:00, Roger Light <roger at atchoo.org>
> >libwebsockets.h says:
> > short max_http_header_data;
> > /**< CONTEXT: The max amount of header payload that can be handled
> > * in an http request (unrecognized header payload is dropped) */
> >It's not completely clear to me, does this mean the total header
> >payload data or the payload data for each individual header entry?
> It's the total content of all recognized headers
> for one http connection... they are all processed at once in an ah
> (allocated headers struct) and then made available in callbacks like
> ESTABLISHED and then destroyed afterwards. Unrecognized header content is
> just dropped.
> Http headers have an intentional, standardized quirk that the same header
> appearing multiple times is defined to append to a single logical header,
> not be n instances of the header. So to avoid header fragmentation
> attacks, lws apis for header access automatically combine originally
> fragmented headers and return them as one; to do that they need all the
> headers at once.
> It used to make sense to keep this number low by default, because every
> http connection would malloc an ah including this buffer, if a lot came at
> once it could blow up the memory usage unpredictably, briefly. But the
> change to having an ah pool, where the user can control both the
> max_http_header_data (currently defaults to 1024) and the number of pool
> members (currently defaults to 16), means the default should probably be
> bigger now since it seems people are bumping into it.
> >Libwebsockets mailing list
> >Libwebsockets at ml.libwebsockets.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Libwebsockets