Cleanup ======= This bug report has the status "Incomplete" since more than 30 days and it looks like that there are no open reviews for it. To keep the bug list sane, I close this bug with "won't fix". This does not mean that it is not a valid bug report, it's more to acknowledge that no progress can be expected here anymore. You are still free to push a new patch for this bug. If you could reproduce it on the current master code or on a maintained stable branch, please switch it to "Confirmed".
** Changed in: nova Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1227575 Title: DoS style attack on noVNC server can lead to service interruption or disruption Status in OpenStack Compute (nova): Won't Fix Status in OpenStack Security Notes: Fix Released Bug description: There is no limiting on the number of VNC sessions that can be created for a single user's VNC token. Any attempt to create multiple (say hundreds or thousands) of websocket connections to the VNC server results in many connection timeouts. Due to these connection timeout error, other users trying to access their VM's VNC console cannot do so. A sample script that tries to create 100,000 connections to Nova noVNC proxy, shows timeout errors Script: http://paste.openstack.org/show/47254/ Script output.... connections get timed out after a while ------------------- .... .. Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... Received 'RFB 003.008 ' Creating Connection Receiving... timed out Creating Connection Receiving... timed out Creating Connection Receiving... timed out Creating Connection Receiving... timed out Creating Connection Receiving... timed out -------------------- Impact: 1. Many of the sessions timeout. Any attempt to open other sessions also intermittently fail. This can cause serious problems to users already having a running VNC session or trying to create new sessions. 2. The overall performance and response times of other nova services running on the novnc host, using tcp protocol also gets affected after the connection timeout errors. For example: Before running the sumulate thousands of connections program: $ time nova get-vnc-console c1b093a3-f53b-4282-b89c-e68f0fa1b6e5 novnc +-------+---------------------------------------------------------------------------------+ | Type | Url | +-------+---------------------------------------------------------------------------------+ | novnc | http://10.2.3.102:6080/vnc_auto.html?token=e776dd33-422f-4b56-9f98-e317410d0212 | +-------+---------------------------------------------------------------------------------+ real 0m0.751s user 0m0.376s sys 0m0.084s rohit@precise-dev-102:~/tools/websocket-client-0.7.0$ After running the program, the response time is quite high: $ time nova get-vnc-console c1b093a3-f53b-4282-b89c-e68f0fa1b6e5 novnc +-------+---------------------------------------------------------------------------------+ | Type | Url | +-------+---------------------------------------------------------------------------------+ | novnc | http://10.2.3.102:6080/vnc_auto.html?token=6865d675-d852-478b-b1ee-457b092f11b9 | +-------+---------------------------------------------------------------------------------+ real 3m9.231s user 0m0.424s sys 0m0.108s Possible solutions: 1. Allow just 1 session per instance, and raise a new exception, say, VNCSessionAlreadyExists to reject multiple connections for the same token, and return an error code to the user. 2. Make the number of sessions allowed per instance configurable, limited by some count of sessions. However, both of these solutions may need to override and modify the do_proxy() method of websockify's WebSocketProxy class, which can lead to maintenance issues. Another possible solution would be to implement some kind of callback function in websockify, to which we can pass the token for reconnection. This would first need contribution to the websockify project code, and then update Nova. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1227575/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp