From: "Daniel P. Berrange" <berrange@redhat.com>
To: Brandon Carpenter <brandon.carpenter@cypherpath.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v2 6/6] io: Reply to ping frames
Date: Mon, 11 Sep 2017 18:10:15 +0100 [thread overview]
Message-ID: <20170911171015.GU21444@redhat.com> (raw)
In-Reply-To: <1505149415.1214.1@smtp.gmail.com>
On Mon, Sep 11, 2017 at 10:03:35AM -0700, Brandon Carpenter wrote:
> On Mon, Sep 11, 2017 at 1:50 AM, Daniel P. Berrange <berrange@redhat.com>
> wrote:
> > I'm concerned that there is no rate limiting here though, so if a large
> > number of PINGs are sent, and writing of the reply blocks for some
> > reason, encoutput will grow without bounds.
>
> That is a good point. How about something like this to fix it?
>
> diff --git a/include/io/channel-websock.h b/include/io/channel-websock.h
> index 7c896557c5..c5a8c3e96c 100644
> --- a/include/io/channel-websock.h
> +++ b/include/io/channel-websock.h
> @@ -66,6 +66,7 @@ struct QIOChannelWebsock {
> Error *io_err;
> gboolean io_eof;
> uint8_t opcode;
> + uint8_t prev_opcode;
> };
>
> /**
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index 175f17ce6b..a9315c01fb 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -549,6 +549,7 @@ static int
> qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
> payload_len = header->b1 & QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN;
>
> /* Save or restore opcode. */
> + ioc->prev_opcode = ioc->opcode;
> if (opcode) {
> ioc->opcode = opcode;
> } else {
> @@ -658,9 +659,14 @@ static int
> qio_channel_websock_decode_payload(QIOChannelWebsock *ioc,
> buffer_append(&ioc->rawinput, ioc->encinput.buffer,
> payload_len);
> }
> } else if (ioc->opcode == QIO_CHANNEL_WEBSOCK_OPCODE_PING) {
> - /* ping frames produce an immediate pong reply */
> - qio_channel_websock_encode_buffer(ioc,
> - QIO_CHANNEL_WEBSOCK_OPCODE_PONG, &ioc->encinput);
> + /* Ping frames produce an immediate pong reply, unless one
> + * is already queued, in which case they are coalesced
> + * to avoid unbounded buffer growth.
> + */
> + if (!ioc->encoutput.offset || ioc->prev_opcode !=
> QIO_CHANNEL_WEBSOCK_OPCODE_PING) {
> + qio_channel_websock_encode_buffer(ioc,
> + QIO_CHANNEL_WEBSOCK_OPCODE_PONG, &ioc->encinput);
> + }
It feels like this is still dangerous - the client simply has to
interleave each "ping" with a 1 byte binary frame to get around
this limit. We need to make sure we have an absolute cap on the
output buffer size.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2017-09-11 17:10 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-24 18:15 [Qemu-devel] [PATCH] io: Always remove an old channel watch before adding a new one Brandon Carpenter
2017-07-24 18:42 ` [Qemu-devel] [PATCH] io: Improve websocket support by becoming more RFC compliant Brandon Carpenter
2017-07-25 8:38 ` Daniel P. Berrange
2017-07-25 15:59 ` Brandon Carpenter
2017-09-08 17:37 ` [Qemu-devel] [PATCH v2 0/6] Update websocket code to more fully support the RFC Brandon Carpenter
2017-09-08 18:01 ` Eric Blake
2017-09-08 18:11 ` Brandon Carpenter
2017-09-08 18:15 ` Eric Blake
2017-09-08 17:37 ` [Qemu-devel] [PATCH v2 1/6] io: Always remove an old channel watch before adding a new one Brandon Carpenter
2017-09-08 17:37 ` [Qemu-devel] [PATCH v2 2/6] io: Small updates in preparation for websocket changes Brandon Carpenter
2017-09-08 17:37 ` [Qemu-devel] [PATCH v2 3/6] io: Add support for fragmented websocket binary frames Brandon Carpenter
2017-09-08 17:37 ` [Qemu-devel] [PATCH v2 4/6] io: Allow empty websocket payload Brandon Carpenter
2017-09-08 17:38 ` [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG frames Brandon Carpenter
2017-09-11 8:38 ` Daniel P. Berrange
2017-09-11 9:04 ` Daniel P. Berrange
2017-09-08 17:38 ` [Qemu-devel] [PATCH v2 6/6] io: Reply to ping frames Brandon Carpenter
2017-09-11 8:50 ` Daniel P. Berrange
2017-09-11 17:03 ` Brandon Carpenter
2017-09-11 17:10 ` Daniel P. Berrange [this message]
2017-09-11 19:04 ` Brandon Carpenter
2017-09-12 8:57 ` Daniel P. Berrange
2017-09-11 17:37 ` Daniel P. Berrange
2017-09-11 17:43 ` Brandon Carpenter
2017-09-12 9:01 ` Daniel P. Berrange
2017-09-12 15:29 ` Brandon Carpenter
2017-07-24 21:22 ` [Qemu-devel] [PATCH] io: Always remove an old channel watch before adding a new one Paolo Bonzini
2017-07-25 8:36 ` Daniel P. Berrange
2017-09-08 16:18 ` Brandon Carpenter
2017-09-08 16:22 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170911171015.GU21444@redhat.com \
--to=berrange@redhat.com \
--cc=brandon.carpenter@cypherpath.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.