W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2011

[whatwg] MTU Size PeerConnection send method (was RE: PeerConnection feedback)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Fri, 29 Apr 2011 08:29:03 +0200
Message-ID: <4DBA5AAF.9050901@alvestrand.no>
On 04/28/11 20:55, Stefan H?kansson LK wrote:
>>> Wouldn't it be possible to abstract this away for the web developer? I.e. the send method should, like for WebSockets, not have a max size. Instead the sending UA would be responsible for chopping up (the receiving UA for re-assembling) the message into packets not larger than the minimum path MTU. Depending on the UA (and how integrated with the IP stack of the device it is) different levels of implementation sophistication could be used (e.g. max 576 byte, or select 576/1280 depending on IP version, or even using MTU path discovery to find out max size).
>> Yes, we could reimplement UDP's defragmentation mechanism at the higher level.
>> There are a few things to keep in mind if you do that (for instance, there's a well known resource exhaustion attack where an attacker sends you the first part of UDP packets and never sends you the rest of it, until you run out of reassembly buffers, and of course the chance of losing a packet goes up significantly when all the fragments need to make it in order to achieve correct reassembly).
> The attacker in this case would be a (hacked) browser as the web developer can do no such thing. Of course larger data chunks increases the risk of not getting it over. This may be problematic: how can you explain this to the web developer in an understandable way?
>
The attacker can be anyone who is able to convince your web browser to 
make a PeerConnection to a machine they control. The attacker isn't 
limited to running web browsers that obey protocol.

The defense is well known - you simply limit the number of reassembly 
buffers, and throw away packets that haven't been reassembled for a 
while when you run out of buffers to reassemble them in. And the defense 
can be implemented wholly within the browser - no need to explain it to 
a web developer.

It's just one example of things one has to think about when implementing 
this kind of thing.
>
>
Received on Thursday, 28 April 2011 23:29:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:03 GMT