Issue 835623003: Add a delay when unlocking WebSocket endpoints.

Issue 835623003: Add a delay when unlocking WebSocket endpoints. (Closed)

Created:
5 years, 11 months ago by Adam Rice

Modified:
5 years, 11 months ago

Reviewers:
tyoshino (SeeGerritForStatus), mmenke

CC:
cbentzel+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Add a delay when unlocking WebSocket endpoints. The synchronous nature of endpoint unlocks for WebSocket throttling permits denial-of-service attacks. Make it asynchronous, and add a small delay to make attack timing harder. BUG=442756 TEST=net_unittests, layout tests Committed: https://crrev.com/bafe0f29a763c8325690cbdc42c29fc54d487d4f Cr-Commit-Position: refs/heads/master@{#312774}

Patch Set 1 #

Patch Set 2 : Small fixes. #

Patch Set 3 : Nit-pick fixes. #

Total comments: 2

Patch Set 4 : Add a "Scoped" prefix to WebSocketEndpointZeroUnlockDela #

Total comments: 7

Patch Set 5 : Document WebSocketEndpointLockManager #

Created: 5 years, 11 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+223 lines, -30 lines)			Patch
M	net/socket/socket_test_util.h	View	1 2 3	2 chunks	+13 lines, -0 lines	0 comments	Download
M	net/socket/socket_test_util.cc	View	1 2 3 4	2 chunks	+16 lines, -0 lines	0 comments	Download
M	net/socket/websocket_endpoint_lock_manager.h	View	1 2 3 4	5 chunks	+43 lines, -8 lines	0 comments	Download
M	net/socket/websocket_endpoint_lock_manager.cc	View	1 2	4 chunks	+49 lines, -11 lines	0 comments	Download
M	net/socket/websocket_endpoint_lock_manager_unittest.cc	View	1 2 3	10 chunks	+73 lines, -0 lines	0 comments	Download
M	net/socket/websocket_transport_client_socket_pool_unittest.cc	View	1 2 3	14 chunks	+22 lines, -11 lines	0 comments	Download
M	net/websockets/websocket_stream_test.cc	View	1 2 3	2 chunks	+7 lines, -0 lines	0 comments	Download

Messages

Total messages: 18 (3 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

tyoshino (SeeGerritForStatus)

lgtm https://codereview.chromium.org/835623003/diff/40001/net/socket/socket_test_util.h File net/socket/socket_test_util.h (right): https://codereview.chromium.org/835623003/diff/40001/net/socket/socket_test_util.h#newcode1325 net/socket/socket_test_util.h:1325: class WebSocketEndpointZeroUnlockDelay { [optional] add a prefix "Scoped"?

5 years, 11 months ago (2015-01-20 07:22:07 UTC) #4

Adam Rice

https://codereview.chromium.org/835623003/diff/40001/net/socket/socket_test_util.h File net/socket/socket_test_util.h (right): https://codereview.chromium.org/835623003/diff/40001/net/socket/socket_test_util.h#newcode1325 net/socket/socket_test_util.h:1325: class WebSocketEndpointZeroUnlockDelay { On 2015/01/20 07:22:07, tyoshino wrote: > ...

5 years, 11 months ago (2015-01-20 07:33:54 UTC) #5

mmenke

https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_util.cc File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_util.cc#newcode1997 net/socket/socket_test_util.cc:1997: old_delay_); Suggest adding protection against having two of these ...

5 years, 11 months ago (2015-01-20 15:50:53 UTC) #9

mmenke

https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_endpoint_lock_manager.h File net/socket/websocket_endpoint_lock_manager.h (right): https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_endpoint_lock_manager.h#newcode33 net/socket/websocket_endpoint_lock_manager.h:33: static WebSocketEndpointLockManager* GetInstance(); On 2015/01/20 15:50:53, mmenke wrote: > ...

5 years, 11 months ago (2015-01-20 17:46:21 UTC) #10

Adam Rice

https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_util.cc File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_util.cc#newcode1997 net/socket/socket_test_util.cc:1997: old_delay_); On 2015/01/20 15:50:53, mmenke wrote: > Suggest adding ...

5 years, 11 months ago (2015-01-21 08:54:02 UTC) #11

https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_u...
File net/socket/socket_test_util.cc (right):

https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_u...
net/socket/socket_test_util.cc:1997: old_delay_);
On 2015/01/20 15:50:53, mmenke wrote:
> Suggest adding protection against having two of these at once (Or two of these
> whose lifetimes aren't nested).
> 
> Maybe CHECK/DCHECK/EXPECT that the returned value is base::TimeDelta()?

Done.

https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
File net/socket/websocket_endpoint_lock_manager.h (right):

https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
net/socket/websocket_endpoint_lock_manager.h:23: class NET_EXPORT_PRIVATE
WebSocketEndpointLockManager {
On 2015/01/20 15:50:53, mmenke wrote:
> Mind adding some class level documentation?  I've never heard of this class
> before.

Wow. Not only did I fail to document it here, I only mentioned it in passing in
the design doc.

I put in a comment of what it does. I'm not sure whether the implementation is
sufficiently interesting to justify adding notes about how it works.

https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
net/socket/websocket_endpoint_lock_manager.h:33: static
WebSocketEndpointLockManager* GetInstance();
On 2015/01/20 15:50:53, mmenke wrote:
> Unrelated to this CL, but should this really be a singleton?  Seems weird to
be
> leaking that information between profiles - don't see leaking that from
> incognito as a big issue, but seems a little weird.
> 
> Also creates an implicit requirement that all URLRequestContexts that use
> WebSockets live on a single thread, or random crashes may ensue.

Originally I didn't know what its lifetime should be or how to access it from
net/websockets. Now I'm pretty sure it belongs in HttpNetworkSession and can be
accessed via the URLRequestContext.

I have filed http://crbug.com/450518 to fix this.

mmenke

Thanks for making the changes! LGTM, deferring to tyoshino on the correctness of the code. ...

5 years, 11 months ago (2015-01-21 15:20:34 UTC) #12

Thanks for making the changes!  LGTM, deferring to tyoshino on the correctness
of the code.

On 2015/01/21 08:54:02, Adam Rice wrote:
>
https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_u...
> File net/socket/socket_test_util.cc (right):
> 
>
https://codereview.chromium.org/835623003/diff/60001/net/socket/socket_test_u...
> net/socket/socket_test_util.cc:1997: old_delay_);
> On 2015/01/20 15:50:53, mmenke wrote:
> > Suggest adding protection against having two of these at once (Or two of
these
> > whose lifetimes aren't nested).
> > 
> > Maybe CHECK/DCHECK/EXPECT that the returned value is base::TimeDelta()?
> 
> Done.
> 
>
https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
> File net/socket/websocket_endpoint_lock_manager.h (right):
> 
>
https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
> net/socket/websocket_endpoint_lock_manager.h:23: class NET_EXPORT_PRIVATE
> WebSocketEndpointLockManager {
> On 2015/01/20 15:50:53, mmenke wrote:
> > Mind adding some class level documentation?  I've never heard of this class
> > before.
> 
> Wow. Not only did I fail to document it here, I only mentioned it in passing
in
> the design doc.
> 
> I put in a comment of what it does. I'm not sure whether the implementation is
> sufficiently interesting to justify adding notes about how it works.
> 
>
https://codereview.chromium.org/835623003/diff/60001/net/socket/websocket_end...
> net/socket/websocket_endpoint_lock_manager.h:33: static
> WebSocketEndpointLockManager* GetInstance();
> On 2015/01/20 15:50:53, mmenke wrote:
> > Unrelated to this CL, but should this really be a singleton?  Seems weird to
> be
> > leaking that information between profiles - don't see leaking that from
> > incognito as a big issue, but seems a little weird.
> > 
> > Also creates an implicit requirement that all URLRequestContexts that use
> > WebSockets live on a single thread, or random crashes may ensue.
> 
> Originally I didn't know what its lifetime should be or how to access it from
> net/websockets. Now I'm pretty sure it belongs in HttpNetworkSession and can
be
> accessed via the URLRequestContext.
> 
> I have filed http://crbug.com/450518 to fix this.

tyoshino (SeeGerritForStatus)

On 2015/01/22 02:02:19, Adam Rice wrote: > tyoshino, can you take a quick look at ...

5 years, 11 months ago (2015-01-22 12:57:44 UTC) #14

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/835623003/80001

5 years, 11 months ago (2015-01-23 03:13:36 UTC) #16

commit-bot: I haz the power

5 years, 11 months ago (2015-01-23 05:32:45 UTC) #18

Message was sent while issue was closed.

Patchset 5 (id:??) landed as
https://crrev.com/bafe0f29a763c8325690cbdc42c29fc54d487d4f
Cr-Commit-Position: refs/heads/master@{#312774}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages