ip4: limit max number of fragment queues and add timeouts

iefserge · iefserge · commit 8048564853e6 · 2015-10-18T18:22:27.000+03:00
diff --git a/js/core/net/interfaces.js b/js/core/net/interfaces.js
@@ -33,3 +33,7 @@ exports.getByName = function(intfName) {
 
   return null;
 };
+
+exports.forEach = function(fn) {
+  intfs.forEach(fn);
+};
diff --git a/js/core/net/ip4-fragments.js b/js/core/net/ip4-fragments.js
@@ -16,6 +16,9 @@
 
 var ip4header = require('./ip4-header');
 var ip4receive = require('./ip4-receive');
+var timeNow = require('../../utils').timeNow;
+var FRAGMENT_QUEUE_MAX_AGE_MS = 30000;
+var FRAGMENT_QUEUE_MAX_COUNT = 100;
 
 function fragmentHash(srcIP, destIP, protocolId, packetId) {
   return srcIP.toInteger() + '-' + destIP.toInteger() + '-' + (packetId + (protocolId << 16));
@@ -38,10 +41,16 @@ exports.addFragment = function(intf, u8, headerOffset, fragmentOffset, isMoreFra
   var firstFragment = false;
   var fragmentQueue = intf.fragments.get(hash);
   if (!fragmentQueue) {
+    if (intf.fragments.size >= FRAGMENT_QUEUE_MAX_COUNT) {
+      // too many fragment queues
+      return;
+    }
+
     firstFragment = true;
     fragmentQueue = {
       receivedLength: 0,
       totalLength: 0,
+      createdAt: timeNow(),
       fragments: []
     };
   }
@@ -162,3 +171,20 @@ exports.addFragment = function(intf, u8, headerOffset, fragmentOffset, isMoreFra
     return;
   }
 };
+
+/**
+ * Timer tick
+ *
+ * @param {Interface} intf Network interface
+ */
+exports.tick = function(intf) {
+  var time = timeNow();
+
+  for (var pair of intf.fragments) {
+    var hash = pair[0];
+    var fragmentQueue = pair[1];
+    if (fragmentQueue.createdAt + FRAGMENT_QUEUE_MAX_AGE_MS <= time) {
+      dropFragmentQueue(intf, hash);
+    }
+  }
+};
diff --git a/js/core/net/ip4.js b/js/core/net/ip4.js
@@ -17,6 +17,12 @@ var IP4Address = require('./ip4-address');
 var ip4header = require('./ip4-header');
 var ip4fragments = require('./ip4-fragments');
 var ip4receive = require('./ip4-receive');
+var timers = require('../timers');
+var interfaces = require('./interfaces');
+
+timers.scheduleTask5s(function() {
+  interfaces.forEach(ip4fragments.tick);
+});
 
 function handleReceive(intf, u8, headerOffset) {
   var headerLength = ip4header.getHeaderLength(u8, headerOffset);
diff --git a/js/core/timers.js b/js/core/timers.js
@@ -0,0 +1,36 @@
+// Copyright 2015 runtime.js project authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+var tasks5s = [];
+
+setInterval(function() {
+  if (tasks5s.length === 0) {
+    return;
+  }
+
+  for (var i = 0, l = tasks5s.length; i < l; ++i) {
+    tasks5s[i]();
+  }
+}, 5000);
+
+/**
+ * Schedule task to run every 5 seconds
+ *
+ * @param {function} fn Function to run
+ */
+exports.scheduleTask5s = function(fn) {
+  tasks5s.push(fn);
+};
diff --git a/js/test/unit/net/ip4.js b/js/test/unit/net/ip4.js
@@ -16,6 +16,7 @@
 
 var test = require('tape');
 var runtime = require('../../..');
+var ip4fragments = require('../../../core/net/ip4-fragments');
 var interfaceMock = require('../lib/interface-mock');
 var packetBuilder = require('../lib/packet-builder');
 
@@ -200,3 +201,41 @@ test('receive ip4 fragmented too big', function(t) {
   ipFragmentsTest(t, 'max-size + 1', 65535 - 8 + 1, slices, [0, 1], true);
   t.end();
 });
+
+test('too many fragment queues and timeouts', function(t) {
+  t.timeoutAfter(1000);
+  var intf = interfaceMock();
+  var originalNow = performance.now;
+
+  performance.now = function() {
+    return 100;
+  };
+
+  for (var i = 0; i < 150; ++i) {
+    var fragments = packetBuilder.createFragmentedIP4({
+      srcPort: 999,
+      destPort: 65432,
+      srcIP: '33.44.55.' + String(i)
+    }, 64 + 8 /* 8 bytes udp header */, [{ offset: 0, len: 8 }]);
+    intf.receive(fragments[0]);
+  }
+
+  t.equal(intf.fragments.size, 100);
+
+  performance.now = function() {
+    return 20100;
+  };
+
+  ip4fragments.tick(intf);
+  t.equal(intf.fragments.size, 100);
+
+  performance.now = function() {
+    return 30100;
+  };
+
+  ip4fragments.tick(intf);
+  t.equal(intf.fragments.size, 0);
+
+  performance.now = originalNow;
+  t.end();
+});
