1

I am implementing a WebSocket service using netty 3.4.

I need to limit the frame size to avoid DoS attacks with very very long frames. I want the connection to be dropped after 32KB of data, even if the frame was not finished yet and it was not passed to my Handler.

Is there any way to do that?

mspanc
  • 550
  • 5
  • 15

1 Answers1

2

Given the code as it stands at the moment, doesn't look like it at the moment.

You will have to extend WebSocket08FrameDecoder and change the code in toFrameLength().

If I get a chance, I'll put in a pull request for the next release.

Veebs
  • 2,390
  • 13
  • 10
  • thank you for pointing that code. But it seems that better solution is to embed the test right after the line framePayloadBytesRead += rbytes; in decode() and test if framePayloadBytesRead is not larger than limit. That would prevent from accumulating data in the memory right after the TCP packet was read. – mspanc Apr 22 '12 at 18:43
  • Thanks Edekzkrainykredek, you are spot on. – Veebs Apr 24 '12 at 23:46