Re: [jetty-users] Continuation Frame

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Continuation Frame

From: Simone Bordet <sbordet@xxxxxxxxxxx>
Date: Mon, 12 Oct 2015 18:28:51 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi,

On Sun, Oct 11, 2015 at 10:15 AM, Muhui Jiang <jiangmuhui@xxxxxxxxx> wrote:
> Hi
>
> As Jetty doesn't support sending CONTINUATION frames explicitly from the
> API. I am going to develop it by myself to support my research.
>
> I reviewed your implementations on how to sending priority frame and ping
> frame. It seems that we can do this by adding an interface in Session, and
> implement it in Http2Session by using control(stream, callback, frame);
>
> I also find that there is no continuation frame in the package
> org.eclipse.jetty.http2.frames. Does that mean I also need to write a
> construct method of continuation frame.
>
> Hope you can give me some hint or suggestions. Thank you so much.

You can easily generate many Continuation frames by configuring the
Generator to have a maxHeaderBlockFragment of only 1 byte:

```
ByteBufferPool byteBufferPool = new MappedByteBufferPool();
Generator generator = new Generator(byteBufferPool, 4096, 1);
ByteBufferPool.Lease lease = new ByteBufferPool.Lease(byteBufferPool);

HttpFields fields = new HttpFields();
fields.put("foo", "<long_string_1>");
fields.put("bar", "<long_string_2>");
// add more fields if necessary
MetaData.Request request = new MetaData.Request("GET", new
HttpURI("http://localhost/path";), HttpVersion.HTTP_2, fields);
HeadersFrame headers = new HeadersFrame(request, null, true);
generator.control(lease, headers);

List<ByteBuffer> buffers = lease.getByteBuffers();
```

The more fields you add, the more Continuation frames you will have. I
could easily generate 1900 frames with just 2 fields with very long
strings.

You don't have an API, but you can easily generate thousands of
Continuation frames in this way, and then you can write them to the
server with the timing you want to generate the DoS attack.

Continuation frames being the aberration that they are, I don't think
we will provide any API for them apart minimal support for parsing and
generating them.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.

Follow-Ups:
- Re: [jetty-users] Continuation Frame
  - From: Muhui Jiang

References:
- [jetty-users] Continuation Frame
  - From: Muhui Jiang
- Re: [jetty-users] Continuation Frame
  - From: Simone Bordet
- Re: [jetty-users] Continuation Frame
  - From: Muhui Jiang
- Re: [jetty-users] Continuation Frame
  - From: Simone Bordet
- Re: [jetty-users] Continuation Frame
  - From: Muhui Jiang
- Re: [jetty-users] Continuation Frame
  - From: Muhui Jiang

Prev by Date: Re: [jetty-users] How to influence the "preferred cip
Next by Date: Re: [jetty-users] How to influence the "preferred cip
Previous by thread: Re: [jetty-users] Continuation Frame
Next by thread: Re: [jetty-users] Continuation Frame
Index(es):
- Date
- Thread

Breadcrumbs