Indlela entsha yokugebenga inqoba inkinga “ye-network jitter”, engathinta impumelelo yokuhlaselwa kwesiteshi eseceleni
Indlela entsha ethuthukiswe abacwaningi baseNyuvesi yaseLeuven (eBelgium) naseNew York University e-Abu Dhabi ibonise ukuthi abahlaseli bangasebenzisa izici zezivumelwano zenethiwekhi ukuze baveze ulwazi oluyimfihlo.
Le nqubo ebizwa ngokuthi , ekhonjiswe engqungqutheleni ye-Usenix yalo nyaka, isebenzisa indlela izivumelwano zenethiwekhi ezisingatha ngayo izicelo ngesikhathi esisodwa ukuze kubhekwane nenye yezinkinga zokuhlaselwa kwesiteshi eseceleni okunesikhathi esikude.
Izinkinga ngokuhlaselwa kwesikhathi esikude
Ekuhlaselweni okusekelwe esikhathini, abahlaseli bakala umehluko ngesikhathi sokusetshenziswa semiyalo ehlukene ngomzamo wokudlula ukuvikelwa kokubethela futhi bathole idatha kulwazi olubucayi, olufana nokhiye bokubethela, ukuxhumana okuyimfihlo, nokuziphatha komsebenzisi wokusefa.
Kodwa ukuze kusetshenziswe ngempumelelo ukuhlasela okusekelwe esikhathini, umhlaseli udinga ulwazi olunembile lwesikhathi esithatha isicelo esingaphansi kokuhlaselwa ukucubungula isicelo.
Lokhu kuba yinkinga uma uhlasela amasistimu akude njengamaseva ewebhu, ngoba ukubambezeleka kwenethiwekhi (jitter) kubangela izikhathi zokuphendula eziguquguqukayo, okwenza kube nzima ukubala izikhathi zokucubungula.
Ekuhlaselweni kwesikhathi esikude, abahlaseli ngokuvamile bathumela umyalo ngamunye izikhathi eziningi futhi benze ukuhlaziya kwezibalo zezikhathi zokuphendula ukuze banciphise umthelela we-jitter yenethiwekhi. Kodwa le ndlela iwusizo kuphela ngezinga elithile.
"Uma umehluko wesikhathi umncane, kudingeka imibuzo eminingi, futhi ngesikhathi esithile ukubala kungenzeki," kusho uTom Van Goethem, umcwaningi wezokuphepha kwedatha kanye nombhali oholayo wephepha mayelana nohlobo olusha lokuhlasela, uyasitshela.
Ukuhlasela kwesikhathi "okungapheli".
Indlela eyakhiwe u-Goethem kanye nozakwabo yenza ukuhlasela okukude ngesikhathi esinesikhathi esinganaki umthelela we-jitter yenethiwekhi.
Isimiso sokuhlasela kwesikhathi esingapheli silula: udinga ukwenza isiqiniseko sokuthi izicelo zifinyelela kuseva ngesikhathi esifanayo, kunokuba zidluliselwe ngokulandelana.
I-Concurrency iqinisekisa ukuthi zonke izicelo zingaphansi kwezimo zenethiwekhi ezifanayo nokuthi ukucubungula kwazo akuthintwa indlela ephakathi komhlaseli neseva. Uhlelo okutholwa ngalo izimpendulo luzonikeza umhlaseli lonke ulwazi oludingekayo ukuze aqhathanise izikhathi zokubulawa.
“Inzuzo enkulu yokuhlaselwa okungapheli ukuthi kunembe kakhulu, ngakho imibuzo embalwa edingekayo. Lokhu kuvumela umhlaseli ukuthi abone umehluko ngesikhathi sokubulawa kuze kufike ku-100 ns,” kusho uVan Goethem.
Ubuncane bomehluko wesikhathi abacwaningi ababubona ekuhlaselweni kwesikhathi se-inthanethi kwendabuko bekungama-microseconds ayi-10, okuphindwe izikhathi eziyi-100 kunokuhlasela kwesicelo ngasikhathi sinye.
Kufezwa kanjani ukufana?
"Siqinisekisa ngesikhathi esisodwa ngokubeka zombili izicelo ephaketheni elilodwa lenethiwekhi," kuchaza uVan Goethem. "Ezinhlelweni, ukusetshenziswa kuncike kakhulu kuphrothokholi yenethiwekhi."
Ukuthumela izicelo ngesikhathi esisodwa, abacwaningi basebenzisa amandla ezivumelwano zenethiwekhi ezihlukene.
Isibonelo, i-HTTP/2, esiba indinganiso ye-de facto ngokushesha kumaseva ewebhu, isekela "ukuphindaphinda kwesicelo," isici esivumela iklayenti ukuthi lithumele izicelo eziningi ngokuhambisana ngoxhumo olulodwa lwe-TCP.
"Endabeni ye-HTTP/2, sidinga nje ukwenza isiqiniseko sokuthi zombili izicelo zifakwe ephaketheni elifanayo (isibonelo, ngokubhala zombili kusokhethi ngesikhathi esisodwa)." Nokho, le nqubo inobuqili bayo. Isibonelo, kumanethiwekhi amaningi okulethwa kokuqukethwe njenge-Cloudflare, ehlinzeka ngokuqukethwe kuwebhu enkulu, ukuxhumana phakathi kwamaseva asemaphethelweni kanye nesayithi kwenziwa kusetshenziswa iphrothokholi ye-HTTP/1.1, engasekeli ukuphindaphinda kwesicelo.
Nakuba lokhu kunciphisa ukuphumelela kokuhlasela okungenasikhathi, kusanembe kakhulu kunokuhlasela kwesikhathi esikude ngoba kuqeda i-jitter phakathi komhlaseli neseva ye-CDN enqenqemeni.
Kumaphrothokholi angakusekeli ukuphindaphinda kwesicelo, abahlaseli bangasebenzisa iphrothokholi yenethiwekhi emaphakathi ehlanganisa izicelo.
Abacwaningi babonise ukuthi ukuhlasela kwesikhathi esingapheli kusebenza kanjani kunethiwekhi ye-Tor. Kulokhu, umhlaseli uhlanganisa izicelo eziningi kuseli ye-Tor, iphakethe elibethelwe elidluliswa phakathi kwamanodi enethiwekhi ye-Tor kumaphakethe e-TCP eyodwa.
"Ngenxa yokuthi i-Tor chain yezinsizakalo zika-anyanisi iya yonke indlela eya kuseva, singaqinisekisa ukuthi izicelo zifika ngesikhathi esifanayo," kusho uVan Goethem.
Ukuhlaselwa okungapheli ekusebenzeni
Ephepheni labo, abacwaningi bafunde ukuhlaselwa okungapheli ezimweni ezintathu ezahlukene.
ngesikhathi ukuhlasela kwesikhathi esiqondile umhlaseli uxhuma ngqo kuseva bese ezama ukuvuza ulwazi oluyimfihlo oluhlobene nohlelo lokusebenza.
"Ngenxa yokuthi izinhlelo zokusebenza eziningi zewebhu azinaki ukuthi ukuhlaselwa kwesikhathi kungase kusebenze kakhulu futhi kunembile, sikholelwa ukuthi amawebhusayithi amaningi asengozini yokuhlaselwa okunjalo," kusho uVan Goeten.
ngesikhathi ukuhlaselwa kwesikhathi esiphambanayo Umhlaseli wenza izicelo kwamanye amawebhusayithi esipheqululini somuntu ohlukunyeziwe futhi wenza ukuqagela ngokuqukethwe kolwazi olubucayi ngokubheka ukulandelana kwezimpendulo.
Abahlaseli basebenzise lolu hlelo ukuze basebenzise ubungozi kuhlelo lwe-HackerOne bug bounty baphinde bakhipha ulwazi olufana namagama angukhiye asetshenziswa emibikweni eyimfihlo yobungozi obungakakopishwa.
“Bengibheka amacala okuke kwabhalwa ngawo ukuhlaselwa kwesikhathi kodwa kwangathathwa njengokusebenza. I-HackerOne bug isivele ibikiwe okungenani izikhathi ezintathu (ama-ID wesiphazamisi: , и ), kodwa ayizange iqedwe ngoba ukuhlasela kwakubhekwa njengokungasebenziseki. Ngakho ngidale iphrojekthi elula yocwaningo lwangaphakathi ngokuhlaselwa kwesikhathi esingaphelelwa isikhathi.
Bekungakalungiswa kahle ngaleso sikhathi njengoba siqhubeka nokuthola imininingwane yokuhlasela, kodwa bekusenemba impela (ngikwazile ukuthola imiphumela enembe kakhulu ekuxhumekeni kwami kwe-WiFi yasekhaya).
Abacwaningi nabo bazama Ukuhlaselwa okungapheli kwephrothokholi ye-WPA3 WiFi.
Omunye wababhali ababambisene nalesi sihloko, uMati Vanhof, wayethole ngaphambilini . Kodwa isikhathi besifushane kakhulu ukuthi singasetshenziswa kumadivayisi asezingeni eliphezulu noma asikwazanga ukusetshenziswa ngokumelene namaseva.
"Sisebenzisa uhlobo olusha lokuhlasela okungapheli, sibonise ukuthi empeleni kungenzeka ukusebenzisa ukuxhawula ukugunyazwa (EAP-pwd) ngokumelene namaseva, ngisho nalawo asebenzisa i-hardware enamandla," kuchaza uVan Goethem.
Isikhathi esiphelele
Ephepheni labo, abacwaningi banikeze izincomo zokuvikela amaseva ekuhlaselweni okungapheli, njengokukhawulela ukubulawa kube isikhathi esingaguquki kanye nokwengeza ukubambezeleka okungahleliwe. Ucwaningo olwengeziwe luyadingeka ukuze kusetshenziswe ukuzivikela okungokoqobo ngokumelene nokuhlaselwa kwesikhathi okuqondile okunomthelela omncane ekusebenzeni kwenethiwekhi.
"Sikholelwa ukuthi le ndawo yocwaningo isesigabeni sokuqala sokuthuthuka futhi idinga ucwaningo olunzulu," kusho uVan Goethem.
Ucwaningo lwangomuso lungahlola amanye amasu abahlaseli abangawasebenzisa ukuze benze ukuhlasela okusekelwe ngesikhathi esisodwa, ezinye izivumelwano nezingqimba zenethiwekhi ezimaphakathi ezingahlaselwa, futhi zihlole ubungozi bamawebhusayithi adumile avumela ucwaningo olunjalo ngaphansi kwemigomo yohlelo. ukucinga iziphazamisi .
Igama elithi "elingapheli" likhethiwe "ngoba asizange sisebenzise noma yiluphi ulwazi lwesikhathi (oluphelele) kulokhu kuhlasela," kuchaza uVan Goethem.
"Ngaphezu kwalokho, zingabhekwa 'njengezingapheli isikhathi' ngoba ukuhlaselwa kwesikhathi (okukude) sekusetshenziswe isikhathi eside, futhi, uma sibheka ucwaningo lwethu, isimo sizoba sibi kakhulu."
Umbhalo ogcwele wombiko ovela ku-Usenix utholakala .
Emalungelo Wokukhangisa
ngokuvikelwa ekuhlaselweni kwe-DDoS kanye nehardware yakamuva. Konke lokhu kumayelana nathi amaseva amaqhawe. Ubukhulu bokucushwa - 128 CPU cores, 512 GB RAM, 4000 GB NVMe.
Source: www.habr.com