Re: [hybi] Doubt about cliente-to-server masking

Andy Green <andy@warmcat.com> Fri, 28 January 2011 11:57 UTC

Return-Path: <andy.warmcat.com@googlemail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A34873A67F6 for <hybi@core3.amsl.com>; Fri, 28 Jan 2011 03:57:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.408
X-Spam-Level:
X-Spam-Status: No, score=-3.408 tagged_above=-999 required=5 tests=[AWL=-0.109, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SeRUOenZxI1 for <hybi@core3.amsl.com>; Fri, 28 Jan 2011 03:57:11 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 532F03A67C0 for <hybi@ietf.org>; Fri, 28 Jan 2011 03:57:11 -0800 (PST)
Received: by wyf23 with SMTP id 23so3212470wyf.31 for <hybi@ietf.org>; Fri, 28 Jan 2011 04:00:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:reply-to:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Yx3V8N9MkW3jE1/nhtclqlNU3GQNFrGMbLXTCirt1/4=; b=YLQlJhoGzO+1SpaXeysHj5luGtHnF+NZg8MZ27xeIzkNH+rBnriV3VqPOxqhvMOfz4 Ut5G9A+G9+QlmfvgP/Sd4gtXhma8YqHLrAzkTigxOw+cKdMTJHTcWhFA8hjOlXR8ZGrx RTkaHBelHgkX6EaUgbjOyr8O92hv/Ui96SQDE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:reply-to:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=MtoOLG/jgNHE3dRoNoVjyCQ4X03L2bhknZsSO2dpk5zavyaqICyTR8FuX44Jc5pUvJ nSBVPjRJuc5O5TKkixyJp9DA04xWUtTVtqRSMa20PGO4tKhozaSq7shbWmrBSGYC3Y0w Xmhy2DFAIfRzqydI9/DPvx5Igs05jg+VPIRs4=
Received: by 10.227.154.74 with SMTP id n10mr2528061wbw.116.1296216016640; Fri, 28 Jan 2011 04:00:16 -0800 (PST)
Received: from [10.8.0.6] (s15404224.onlinehome-server.info [87.106.134.80]) by mx.google.com with ESMTPS id o6sm976506wbo.15.2011.01.28.04.00.15 (version=SSLv3 cipher=RC4-MD5); Fri, 28 Jan 2011 04:00:15 -0800 (PST)
Sender: Andy Green <andy.warmcat.com@googlemail.com>
Message-ID: <4D42AFCE.6010204@warmcat.com>
Date: Fri, 28 Jan 2011 12:00:14 +0000
From: Andy Green <andy@warmcat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101217 Fedora/3.1.7-0.39.b3pre.fc15 Thunderbird/3.1.7
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <AANLkTi=k-yW+XCpg=VeQi=sPYgNsXj6wD=HuE=AZ83UY@mail.gmail.com>
In-Reply-To: <AANLkTi=k-yW+XCpg=VeQi=sPYgNsXj6wD=HuE=AZ83UY@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Doubt about cliente-to-server masking
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: andy@warmcat.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2011 11:57:12 -0000

On 01/28/11 11:54, Somebody in the thread at some point said:

Hi -

> After the WS handshake, the server starts receiving bytes and it must
> un-mask them. How can know the server when an entire frame has been
> received? Maybe the server must wait until it has enough bytes in
> order to un-mask the "Payload len" and "Extended payload length"? This
> is, the masked-data has the same length than the clear frame, so after
> un-masking those frame fields related to frame length the server
> already knows how many bytes it must read in order to get the entire
> frame. Am I right?

Not sure if I get your issue... the masking nonce comes in the clear as 
the first 4 bytes of the packet.

So you can start unmasking immediately at the fifth byte onwards, which 
is the first header byte.  libwebsockets has a bytewise state machine to 
parse this traffic and that works out well.

> Isn't it becoming a "bit" complex? Just wondering.

Simplicity stopped being the goal when the browser vendors disabled 
websockets by default.  Now the goal is keeping the effort to have 
websockets at all alive by piling in whatever the browser vendors that 
disabled it want to see included, whether it is useful or not ie, "masking".

-Andy