Re: [hybi] #4: handshake does not work properly with HTTP reverse proxy.
Jamie Lokier <jamie@shareable.org> Mon, 26 July 2010 21:26 UTC
Return-Path: <jamie@shareable.org>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19A483A69BF for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 14:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.455
X-Spam-Level:
X-Spam-Status: No, score=-2.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11r0sLAUffIy for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 14:26:18 -0700 (PDT)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id 110503A6839 for <hybi@ietf.org>; Mon, 26 Jul 2010 14:26:18 -0700 (PDT)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1OdVBu-0003kg-O6; Mon, 26 Jul 2010 22:26:30 +0100
Date: Mon, 26 Jul 2010 22:26:30 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Willy Tarreau <w@1wt.eu>
Message-ID: <20100726212630.GB23142@shareable.org>
References: <068.da8db0c773647cb0ed73d576f39e93ee@tools.ietf.org> <20100717023749.GA2426@shareable.org> <AANLkTil36SNqlpqq2zNMVSgsA_27kqnuioi0qFTKQR1m@mail.gmail.com> <20100721223010.GB14589@shareable.org> <20100721223947.GD6475@1wt.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20100721223947.GD6475@1wt.eu>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: hybi@ietf.org, hybi issue tracker <trac@tools.ietf.org>
Subject: Re: [hybi] #4: handshake does not work properly with HTTP reverse proxy.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 21:26:19 -0000
Willy Tarreau wrote: > On Wed, Jul 21, 2010 at 11:30:10PM +0100, Jamie Lokier wrote: > > Greg Wilkins wrote: > > > More importantly, the best way to test if a connection will support > > > websocket packets, is to just send websocket packets. Sending 8/16 > > > random bytes immediately after the HTTP handshake may succeed for a > > > huge variety of implementation reasons that still do not mean that > > > websocket packets will succeed. More importantly, to detect the > > > non-success of sending of the 8/16 random bytes will still involve the > > > same timeout handling that would be required to check the transmission > > > of websocket packets. > > > > The argument against just sending WebSocket packets is that some > > WebSocket packets may be valid HTTP and therefore more likely to be > > misinterpreted or be used as another attack vector, or simply fail to > > fail fast. > > Indeed, but even the first 8 random bytes can currently be used as a > valid HTTP request or beginning of such, as some servers still accept > HTTP/0.9 requests after a keep-alive request, and basically anything > terminated with a line feed may constitude an HTTP/0.9 request. According to RFC1945, a HTTP/0.9 request begins with "GET ". > So in fact, relying on the server's 101 response to the Upgrade request > is the most reliable thing to do, as it translates the server's intent > to switch and to respect the negociated protocol. > > Someone suggested that regularly sending keep-alives in the connection > would be nice. I second this, especially with long-lived connections > that will regularly get dropped on firewalls after too long idleness. > This would also make it possible to ensure that the connection is OK. Many people have suggested it. I see three basic purposes for keepalives: - To tell the application at one end that it is up to date with state from the other end, with a certain amount of slack (the keepalive interval). For example, a site intending to show live auction prices might display "information may be out of date" if it hasn't had a confirmation in the last 20 seconds. - To keep the connection open with numerous types of proxy, router, firewall etc. - To tell the server not to close the connection. Servers must close connections after a timeout to avoid running out of resources. Each of these has different timing requirements. With WebSocket it's possible for an application to perform all the necessary keepalives. Strictly speaking, there is no need for them in WebSocket itself. However there are potential benefits to generic assistance. Applications might not make efficient choices for the network context; it will be impossible for aggregators to combine keepalives to reduce traffic because they cannot interfere with unlabelled application messages, and some applications might (annoying to some users) choose intervals which are too large for some networks, or too small for others, and which drain power excessively and continuously. That said, those are difficult to solve at any level, and it's not immediately clear that WebSocket implementations would do a particularly good job either. -- Jamie
- [hybi] #4: handshake does not work properly with … hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Mike Belshe
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] WebSocket -76 is incompatible with HTT… Ian Hickson
- Re: [hybi] WebSocket -76 is incompatible with HTT… Willy Tarreau
- Re: [hybi] WebSocket -76 is incompatible with HTT… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… John Tamplin
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] thewebsocketprotocol #4 (new): handsha… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker