Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Continuation Frame
Hi,

Simone, Thanks for your detailed suggestions.
So in your code, you mean 

List<ByteBuffer> buffers = lease.getByteBuffers();

the list is the whole Continuation frames?
But how can I write the continuation frame to the server periodically. I tried to use 

session.newStream(headers,

new Promise.Adapter<>(), new Stream.Listener.Adapter() {}

this way to send the headers but the result is that I can get the whole headersframe immediately.

HeadersFrame@70c986c9#1{end=false}css/infocard.css

DataFrame@73ea34d0#1{length:2800,end=true}css/infocard.css 

My question is how to write the buffer(Continuation frame) into the server periodically then the server can not get my whole headers frame in a short time. Many thanks.

Best Regards
Muhui Jiang


2015-10-13 0:28 GMT+08:00 Simone Bordet <sbordet@xxxxxxxxxxx>:
Hi,

On Sun, Oct 11, 2015 at 10:15 AM, Muhui Jiang <jiangmuhui@xxxxxxxxx> wrote:
> Hi
>
> As Jetty doesn't support sending CONTINUATION frames explicitly from the
> API. I am going to develop it by myself to support my research.
>
> I reviewed your implementations on how to sending priority frame and ping
> frame. It seems that we can do this by adding an interface in Session, and
> implement it in Http2Session by using control(stream, callback, frame);
>
> I also find that there is no continuation frame in the package
> org.eclipse.jetty.http2.frames. Does that mean I also need to write a
> construct method of continuation frame.
>
> Hope you can give me some hint or suggestions. Thank you so much.

You can easily generate many Continuation frames by configuring the
Generator to have a maxHeaderBlockFragment of only 1 byte:

```
ByteBufferPool byteBufferPool = new MappedByteBufferPool();
Generator generator = new Generator(byteBufferPool, 4096, 1);
ByteBufferPool.Lease lease = new ByteBufferPool.Lease(byteBufferPool);

HttpFields fields = new HttpFields();
fields.put("foo", "<long_string_1>");
fields.put("bar", "<long_string_2>");
// add more fields if necessary
MetaData.Request request = new MetaData.Request("GET", new
HttpURI("http://localhost/path"), HttpVersion.HTTP_2, fields);
HeadersFrame headers = new HeadersFrame(request, null, true);
generator.control(lease, headers);

List<ByteBuffer> buffers = lease.getByteBuffers();
```

The more fields you add, the more Continuation frames you will have. I
could easily generate 1900 frames with just 2 fields with very long
strings.

You don't have an API, but you can easily generate thousands of
Continuation frames in this way, and then you can write them to the
server with the timing you want to generate the DoS attack.

Continuation frames being the aberration that they are, I don't think
we will provide any API for them apart minimal support for parsing and
generating them.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top