Scribd
Upload
27K views

WebSockets: The Real-Time Web, Delivered

A technical overview of the latest draft (Draft-09) of the WebSockets protocol and how we got to where we are today.

Uploaded by

Brian McKelvey
Copyright
© Attribution ShareAlike (BY-SA)
Available Formats
Download as PDF or read online on Scribd
27K views

WebSockets: The Real-Time Web, Delivered

A technical overview of the latest draft (Draft-09) of the WebSockets protocol and how we got to where we are today.

Uploaded by

Brian McKelvey
Copyright
© Attribution ShareAlike (BY-SA)
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 24

WebSockets

The Real-Time Web, Delivered


July 23, 2011

Brian McKelvey Co-Founder - Worlize Inc. twitter - @theturtle32 www.worlize.com

Monday, July 25, 11

Whiteboard Demo
Get

FireFox 7 Alpha

http://www.mozilla.com/refox/channel/

Monday, July 25, 11

The Problem
No

ofcially supported way to do real-time communications in the browser.

Monday, July 25, 11

Hacks, Hacks, Hacks


Polling Long-polling IFrame

Streaming HTMLFile (MSIE) XHR-Multipart (Firefox)

Monday, July 25, 11

Diagram from http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ajax.devguide.help/docs/PureAjax_pubsub_clients.html

Monday, July 25, 11

Diagram from http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ajax.devguide.help/docs/PureAjax_pubsub_clients.html

Monday, July 25, 11

The Solution: WebSockets


Maintains Eliminates

a persistent bi-directional communications channel the need for hacks

Monday, July 25, 11

Why not TCP Sockets?

API Simplicity TCP is a stream-oriented protocol We want a message-oriented protocol Security Scan a Local Network DDOS Attack

Monday, July 25, 11

WebSocket Drafts
Started at WhatWG WhatWG Draft-75 (old browsers) WhatWG Draft-76 (Chrome, Safari) Moved to IETF HyBi - HyperText Bi-directional Working Group Draft-00 (Same as WhatWG Draft-76) Draft-07 (FireFox 6 beta) Draft-09 (FireFox 7 alpha)

Monday, July 25, 11

The Details: Handshake

Built on HTTP Traverse existing proxies/intermediaries Co-exist on same port with HTTP/HTTPS

server

Monday, July 25, 11

The Details: Handshake


Client Request
GET /chat HTTP/1.1 Connection: Upgrade Upgrade: websocket Sec-WebSocket-Version: 8 Sec-WebSocket-Key: reaiKXo+d4Hkqt45PNTlNg== Sec-WebSocket-Origin: http://piglet.worlize.com:8080 Sec-WebSocket-Protocol: superchat, boringchat Sec-WebSocket-Extensions: deate-stream

Monday, July 25, 11

The Details: Handshake


Server Response
HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: Iy0M3juCftp2uqk8/9fVWt4VfoI= Sec-WebSocket-Protocol: superchat Sec-WebSocket-Extensions: deate-stream

Monday, July 25, 11

The Details: Handshake


Security

handling via Sec-WebSocket-Origin Sec-WebSocket-Key Validation Prevent cross-protocol attacks Fail early if a dumb intermediary provides a cached response. Sec- headers prevent XHR from being used to contact a WebSocket server
Cross-Origin

Monday, July 25, 11

The Details: Masking


Most

contentious issue in the HyBi Working Group. All client-to-server messages are masked. Why is this necessary? Prevent cache-poisoning attacks Prevent talking to overly permissive servers Concern over this issue caused some browser vendors to pull support for WebSockets draft-76.

Monday, July 25, 11

The Details: Masking


How

does it work? Randomly generated four-byte mask key per frame Applied using XOR to frame payload compression efciency for client-to-server messages

Reduces

Monday, July 25, 11

The Details: Framing


framing protocol facilitates message oriented API 2 to 10 bytes for frame header Contains ags, opcode, and payload length Payload length is a variable length eld.
Simple

Monday, July 25, 11

The Details: Framing


Data

frame types: Binary Message UTF-8 Text Message Continuation (fragmentation)

Control Ping Pong Close

frame types:

Monday, July 25, 11

The Details: Framing


Fragmentation Allows In

control frames in the middle of a long message

coordination with a future extension can facilitate multiplexing.

Monday, July 25, 11

Basic Frame Header


Frames less than 126 bytes
1 F I N 2 R S V 1 3 R S V 2 4 R S V 3 Byte 1 5 6 7 8 9 M S K 10 11 12 13 14 15 16

OPCODE

7-BIT LENGTH

Byte 2

Monday, July 25, 11

Medium Frame Header


>= 126 bytes && < 65535 bytes
1 F I N 2 R S V 1 3 R S V 2 4 R S V 3 Byte 1 5 6 7 8 9 M S K 10 11 12 13 14 15 16

OPCODE

Static Value "126" Indicating 16-bit length

Byte 2

16-BIT LENGTH (BIG-ENDIAN UNSIGNED SHORT)

Byte 3

Byte 4

Monday, July 25, 11

Long Frame Header


> 65535 bytes
1 F I N 2 R S V 1 3 R S V 2 4 R S V 3 Byte 1 5 6 7 8 9 M S K 10 11 12 13 14 15 16

OPCODE

Static Value "127" Indicating 63-bit length

Byte 2

63-BIT LENGTH (BIG-ENDIAN UNSIGNED)

63-BIT LENGTH (Continued)

63-BIT LENGTH (Continued)

63-BIT LENGTH (Continued)

Monday, July 25, 11

Server Implementations
Node.JS: WebSocket-Node https://github.com/Worlize/WebSocket-Node ANSI C: libwebsockets http://git.warmcat.com/cgi-bin/cgit/libwebsockets/ Java:

Jetty

http://webtide.intalio.com/2011/04/getting-started-with-websockets/

Monday, July 25, 11

Client Implementations
Node.JS: WebSocket-Node https://github.com/Worlize/WebSocket-Node ActionScript 3: AS3WebSocket https://github.com/Worlize/AS3WebSocket ANSI C: libwebsockets http://git.warmcat.com/cgi-bin/cgit/libwebsockets/

Monday, July 25, 11

Demo
Shared Whiteboard Example
Available

in the examples folder of: https://github.com/Worlize/WebSocket-Node

Requires FireFox 7 Alpha!

Monday, July 25, 11

You might also like