Re: [hybi] New port and Tunneling?
Willy Tarreau <w@1wt.eu> Mon, 16 August 2010 05:18 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA3B23A687B for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 22:18:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.525
X-Spam-Level:
X-Spam-Status: No, score=-2.525 tagged_above=-999 required=5 tests=[AWL=-1.082, BAYES_00=-2.599, HELO_IS_SMALL6=0.556, J_CHICKENPOX_71=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovUmD+D68Tm0 for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 22:18:03 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 0DEFD3A6824 for <hybi@ietf.org>; Sun, 15 Aug 2010 22:18:01 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o7G5IVxA030913; Mon, 16 Aug 2010 07:18:31 +0200
Date: Mon, 16 Aug 2010 07:18:31 +0200
From: Willy Tarreau <w@1wt.eu>
To: Greg Wilkins <gregw@webtide.com>
Message-ID: <20100816051831.GN27614@1wt.eu>
References: <a8358c0239c686dfd4753b55c6c34385.squirrel@sm.webmail.pair.com> <20100815221922.GJ27614@1wt.eu> <b13c89a75303a5d97edcb78926b385be.squirrel@sm.webmail.pair.com> <20100815234010.GM27614@1wt.eu> <52530df7491f03990cbfffd3eb49bcb6.squirrel@sm.webmail.pair.com> <AANLkTi==qsBWRDhxten+fV91bYiBhJ_vhSoqPNpsp3Pb@mail.gmail.com> <28d4e6c08e65e43899d59478e332a8aa.squirrel@sm.webmail.pair.com> <AANLkTikCKFCCWue5xqGhNssUSCuf_uEQyuCoW9GGH2N5@mail.gmail.com> <f5eacee9dece3b4feb6ebcd017bd5977.squirrel@sm.webmail.pair.com> <AANLkTikMY0CHSqvQU9uRHiDrmotQDP1dtWwkiLAOYr=9@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTikMY0CHSqvQU9uRHiDrmotQDP1dtWwkiLAOYr=9@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] New port and Tunneling?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2010 05:18:14 -0000
Hi Greg, On Mon, Aug 16, 2010 at 01:09:22PM +1000, Greg Wilkins wrote: > Shelby, > > > The concerns I've mostly seen discussed is for an intermediary to pass > the handshakes, but then not forward arbitrary data. > > However,I guess it is possible for a really stupid proxy to inject > "HTTP headers" or similar into a websocket stream and corrupt data, > specially if the data looked like a HTTP message. Perhaps that is > an argument for a simple checksum in the framing mechanism (previously > suggested and rejected because we are not trying to fix problems with > TCP/IP - but this is a different use-case). What could very well happen in fact is that an intermediary does not know that "101" requires all the chain to switch to tunnel mode, and that it then considers the first data from the client as a second request. It will send return "HTTP/1.1 400 Bad Request" in the response, which does not look like a WS frame at all. That's why I was advocating (and Jamie too) for the use of "Connection: close" in the request headers. At least the intermediaries will know that they must close after the first request is done. That will also improve fast fail on incompatible components, because we won't have to wait for sending data. But I'm not worried for the rest. Having random headers inserted in the 101 response is not a problem at all. And I don't see why any data could get corrupted at all. At worst we could imagine that some IDS/IPS will sometimes believe they see a known bad signature and reset the connection as they sometimes do on HTTPS traffic, but there are many other reasons for connection that we have to deal with. Regards, Willy
- [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Greg Wilkins
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Vladimir Katardjiev
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Vladimir Katardjiev
- Re: [hybi] New port and Tunneling? Willy Tarreau
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Adam Barth
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Adam Barth
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Dave Cridland
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Salvatore Loreto
- Re: [hybi] New port and Tunneling? Shelby Moore
- Re: [hybi] New port and Tunneling? Shelby Moore