minor frame handler improvements

[schlawg]

• exempt heartbeat (null) pings from rate limiting. budgeting for endpoints shouldn't have to accommodate these.
• close connections when rate limits are exceeded or payload cannot be processed, releasing resources immediately and giving TCP FINs to clients.

[schlawg]

I requested review due to the effect that rate limit exemption for pings will have on the endpoint budgets. I could adjust them all downwards by 10-15, but someone more familiar with the ovh infrastructure will know better.

Rate limit exemption for pings is desired (at least temporarily) to determine whether smaller ping intervals (but still north of 1 second) can mitigate connection losses when aggressive connection management policies are applied that we can't control.

It is critical to understand that any reduction in ping interval will be performed on a case by case basis, I am not proposing to reduce this value in the general case.

I think it's OK because I suspect heartbeat pings are more effort and less reward than other methods of DDoS attacks.

[niklasf]

lgtm. ClientOut.Ping(None) will do only trivial in-memory updates, so only marginally more work than parsing the ws frame in the first place.

[schlawg]

Do you think the rate limits should be tightened a bit now or are they still OK?

[niklasf]

I think it's easier and safer to keep as is. Attackers wouldn't have had to spend budget on these, so it's not a regression. It would be an opportunity for hardening, but we don't really need it (at this time).