Bug 1013007: re-enable STUN throttling in mid-beta and later r=bwc a=lmandel
authorRandell Jesup <rjesup@jesup.org>
Mon, 11 Aug 2014 20:41:58 -0400
changeset 208296 b42bbb72b7a8
parent 208293 8bf5700cb82e
child 208299 791e4db4574b
push id3809
push userrjesup@wgate.com
push date2014-08-12 00:42 +0000
treeherdermozilla-beta@b42bbb72b7a8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbwc, lmandel
bugs1013007
milestone32.0
Bug 1013007: re-enable STUN throttling in mid-beta and later r=bwc a=lmandel
media/mtransport/nr_socket_prsock.cpp
--- a/media/mtransport/nr_socket_prsock.cpp
+++ b/media/mtransport/nr_socket_prsock.cpp
@@ -512,50 +512,55 @@ int NrSocket::sendto(const void *msg, si
 
   if(fd_==nullptr)
     ABORT(R_EOD);
 
   if (nr_is_stun_request_message((UCHAR*)msg, len)) {
     // Global rate limiting for stun requests, to mitigate the ice hammer DoS
     // (see http://tools.ietf.org/html/draft-thomson-mmusic-ice-webrtc)
 
-    // Tolerate rate of 8k/sec, for one second.
-    static SimpleTokenBucket burst(8192*1, 8192);
+    // Tolerate rate of 16k/sec, for one second.
+    static SimpleTokenBucket burst(16384*1, 16384);
     // Tolerate rate of 3.6k/sec over twenty seconds.
     static SimpleTokenBucket sustained(3686*20, 3686);
 
     // Check number of tokens in each bucket.
     if (burst.getTokens(UINT32_MAX) < len) {
       r_log(LOG_GENERIC, LOG_ERR,
                  "Short term global rate limit for STUN requests exceeded.");
+#ifdef MOZILLA_INTERNAL_API
+      nr_socket_short_term_violation_time = TimeStamp::Now();
+#endif
+
+// Bug 1013007
+#if !EARLY_BETA_OR_EARLIER
+      ABORT(R_WOULDBLOCK);
+#else
       MOZ_ASSERT(false,
                  "Short term global rate limit for STUN requests exceeded. Go "
                  "bug bcampen@mozilla.com if you weren't intentionally "
                  "spamming ICE candidates, or don't know what that means.");
-#ifdef MOZILLA_INTERNAL_API
-      nr_socket_short_term_violation_time = TimeStamp::Now();
 #endif
-      // TODO(bcampen@mozilla.com): Bug 1013007 Once we have better data on
-      // normal usage, re-enable this.
-      // ABORT(R_WOULDBLOCK);
     }
 
     if (sustained.getTokens(UINT32_MAX) < len) {
       r_log(LOG_GENERIC, LOG_ERR,
                  "Long term global rate limit for STUN requests exceeded.");
+#ifdef MOZILLA_INTERNAL_API
+      nr_socket_long_term_violation_time = TimeStamp::Now();
+#endif
+// Bug 1013007
+#if !EARLY_BETA_OR_EARLIER
+      ABORT(R_WOULDBLOCK);
+#else
       MOZ_ASSERT(false,
                  "Long term global rate limit for STUN requests exceeded. Go "
                  "bug bcampen@mozilla.com if you weren't intentionally "
                  "spamming ICE candidates, or don't know what that means.");
-#ifdef MOZILLA_INTERNAL_API
-      nr_socket_long_term_violation_time = TimeStamp::Now();
 #endif
-      // TODO(bcampen@mozilla.com): Bug 1013007 Once we have better data on
-      // normal usage, re-enable this.
-      // ABORT(R_WOULDBLOCK);
     }
 
     // Take len tokens from both buckets.
     // (not threadsafe, but no problem since this is only called from STS)
     burst.getTokens(len);
     sustained.getTokens(len);
   }