WebRTC DataChannel flow/control/back-pressure

4
votes

The RTCDataChannel API does not provide any kind of flow/control or back-pressure, does this mean, that a sender could, theoretically, crash the browser of the receiver ? In my opinion the browser, (Chrome, Firefox, etc. all use SCTP under the hood), reads from the SCTP connection and schedules to run the js-callback consuming the packet. If the event queue cannot not keep up with the sender, the browser basically reads continuously packets while storing the packets in a buffer, which grows indefinitely. So when you connect two browsers, the sender can actually always overwhelm the other one, because there is no barrier like TCP receive windows or something similar.

This applies to the websocket api as well.

Do I just miss something or are these API just broken ? If I'm right, this would be a severe security issue when talking to unauthenticated browsers (in a torrent scenario for instance).

1
javascriptwebsocketwebrtcflow-controlbackpressure
I would ASSUME that the underlying code in the browser would take this into account but you know what happens when you make an assumption...Benjamin Trent
FYI: the other way round makes also problems. If you try to send data, you can send as fast as possible. The data is buffered internally. But at some point you will run out of memory because the network cannot keep up with the buffered data. WebRTC offers the bufferedamount info, but this means you have to poll on this variable to keep the buffer size within a high and low watermark. Crazy... This seems just broken (or at least not fully thought through)Kr0e

1 Answers

3
votes

The webrtc data channel used to be based on UDP. During that time there was artificial throttling imposed by the browser in order to prevent network flooding. This was the case until chrome v32, I believe.

Nowadays the data channel is based on SCTP which has build-in flow control (FC) and there is no browser throttling any more (thank God). The parameters that control FC are not exposed through the API but that doesn't mean there is no FC.

I am not familiar with the implementation of webrtc in Chrome/FF but I don't think you can crash the browser with a simple flood attack. The "producer is faster than the consumer" is a pretty old problem.

That said, I have been working with the data channel, for more than an year now and have seen my browser crash almost on a daily basis, so there are probably many bugs in the webrtc implementation. Hopefully they won't pose any threat to security.

Sending big chunks of data useing webrtc data channel is not a particularly pleasant experience. The API doesn't offer a "channel is ready for write" callback or anything of the sort, so, yes!, you have to poll the bufferedamount value and try to keep it inside an optimal window. To add insult to injury bufferedamount used to be broken under Windows versions of Chrome, it was always 0. But I think they fixed this in chrome v37 or around that time.

IMHO the webrtc API is not very well thought through but it does the job and honestly I cannot think of any js API that is well thought through.