[{"id":1766129,"web_url":"http://patchwork.ozlabs.org/comment/1766129/","msgid":"<20170911083846.GD21444@redhat.com>","list_archive_url":null,"date":"2017-09-11T08:38:46","subject":"Re: [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG\n\tframes","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/people/2694/","name":"Daniel P. Berrangé","email":"berrange@redhat.com"},"content":"On Fri, Sep 08, 2017 at 10:38:00AM -0700, Brandon Carpenter wrote:\n> Keep pings and gratuitous pongs generated by web browsers from killing\n> websocket connections.\n> \n> Signed-off-by: Brandon Carpenter \n> ---\n> io/channel-websock.c | 21 +++++++++++++++++----\n> 1 file changed, 17 insertions(+), 4 deletions(-)\n> \n> diff --git a/io/channel-websock.c b/io/channel-websock.c\n> index 3183aeff77..50387050d5 100644\n> --- a/io/channel-websock.c\n> +++ b/io/channel-websock.c\n> @@ -86,6 +86,7 @@\n> #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_OPCODE 0x0f\n> #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_HAS_MASK 0x80\n> #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN 0x7f\n> +#define QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK 0x8\n> \n> typedef struct QIOChannelWebsockHeader QIOChannelWebsockHeader;\n> \n> @@ -565,8 +566,11 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,\n> return -1;\n> }\n> } else {\n> - if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {\n> - error_setg(errp, \"only binary websocket frames are supported\");\n> + if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME &&\n> + opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING &&\n> + opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) {\n\nWhy would we need to ignore PONG ? A client should only send a PONG in\nresponse to a PING that we send, and we never send PINGs. So if we\nreceived a PONG that would be a serious error by the client, which should\ncause us to close the connection IMHO>\n\n\nRegards,\nDaniel","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xrLvM0CN8z9s83\n\tfor ;\n\tMon, 11 Sep 2017 18:39:25 +1000 (AEST)","from localhost ([::1]:56146 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1drKFX-0006hu-1P\n\tfor incoming@patchwork.ozlabs.org; Mon, 11 Sep 2017 04:39:23 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:60198)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1drKF5-0006hb-Vy\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 04:39:00 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1drKF1-0001fC-PS\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 04:38:56 -0400","from mx1.redhat.com ([209.132.183.28]:35316)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1drKF1-0001eU-IO\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 04:38:51 -0400","from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 83C38B98E2;\n\tMon, 11 Sep 2017 08:38:49 +0000 (UTC)","from redhat.com (unknown [10.33.36.58])\n\tby smtp.corp.redhat.com (Postfix) with ESMTPS id BCE9363645;\n\tMon, 11 Sep 2017 08:38:48 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 83C38B98E2","Date":"Mon, 11 Sep 2017 09:38:46 +0100","From":"\"Daniel P. Berrange\" ","To":"Brandon Carpenter ","Message-ID":"<20170911083846.GD21444@redhat.com>","References":"<20170724184217.21381-1-brandon.carpenter@cypherpath.com>\n\t<20170908173801.15205-6-brandon.carpenter@cypherpath.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20170908173801.15205-6-brandon.carpenter@cypherpath.com>","User-Agent":"Mutt/1.8.3 (2017-05-23)","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.15","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.28]);\n\tMon, 11 Sep 2017 08:38:49 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"Re: [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG\n\tframes","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Reply-To":"\"Daniel P. Berrange\" ","Cc":"qemu-devel@nongnu.org","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"}},{"id":1766145,"web_url":"http://patchwork.ozlabs.org/comment/1766145/","msgid":"<20170911090440.GF21444@redhat.com>","list_archive_url":null,"date":"2017-09-11T09:04:40","subject":"Re: [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG\n\tframes","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/people/2694/","name":"Daniel P. Berrangé","email":"berrange@redhat.com"},"content":"On Mon, Sep 11, 2017 at 09:38:46AM +0100, Daniel P. Berrange wrote:\n> On Fri, Sep 08, 2017 at 10:38:00AM -0700, Brandon Carpenter wrote:\n> > Keep pings and gratuitous pongs generated by web browsers from killing\n> > websocket connections.\n> > \n> > Signed-off-by: Brandon Carpenter \n> > ---\n> > io/channel-websock.c | 21 +++++++++++++++++----\n> > 1 file changed, 17 insertions(+), 4 deletions(-)\n> > \n> > diff --git a/io/channel-websock.c b/io/channel-websock.c\n> > index 3183aeff77..50387050d5 100644\n> > --- a/io/channel-websock.c\n> > +++ b/io/channel-websock.c\n> > @@ -86,6 +86,7 @@\n> > #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_OPCODE 0x0f\n> > #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_HAS_MASK 0x80\n> > #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN 0x7f\n> > +#define QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK 0x8\n> > \n> > typedef struct QIOChannelWebsockHeader QIOChannelWebsockHeader;\n> > \n> > @@ -565,8 +566,11 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,\n> > return -1;\n> > }\n> > } else {\n> > - if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {\n> > - error_setg(errp, \"only binary websocket frames are supported\");\n> > + if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME &&\n> > + opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING &&\n> > + opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) {\n> \n> Why would we need to ignore PONG ? A client should only send a PONG in\n> response to a PING that we send, and we never send PINGs. So if we\n> received a PONG that would be a serious error by the client, which should\n> cause us to close the connection IMHO>\n\nNever mind, I've just seen that the RFC allows clients to send an\nunsolicited PONG\n\n\nRegards,\nDaniel","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx10.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xrMTS1SpWz9s7G\n\tfor ;\n\tMon, 11 Sep 2017 19:05:28 +1000 (AEST)","from localhost ([::1]:56233 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1drKeh-00057g-By\n\tfor incoming@patchwork.ozlabs.org; Mon, 11 Sep 2017 05:05:23 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:38216)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1drKeA-00057V-Ro\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 05:04:51 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1drKe5-0008VR-62\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 05:04:50 -0400","from mx1.redhat.com ([209.132.183.28]:41554)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1drKe4-0008Uy-Vj\n\tfor qemu-devel@nongnu.org; Mon, 11 Sep 2017 05:04:45 -0400","from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id F0ACBED17B;\n\tMon, 11 Sep 2017 09:04:43 +0000 (UTC)","from redhat.com (unknown [10.33.36.58])\n\tby smtp.corp.redhat.com (Postfix) with ESMTPS id 43C6763658;\n\tMon, 11 Sep 2017 09:04:43 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com F0ACBED17B","Date":"Mon, 11 Sep 2017 10:04:40 +0100","From":"\"Daniel P. Berrange\" ","To":"Brandon Carpenter ","Message-ID":"<20170911090440.GF21444@redhat.com>","References":"<20170724184217.21381-1-brandon.carpenter@cypherpath.com>\n\t<20170908173801.15205-6-brandon.carpenter@cypherpath.com>\n\t<20170911083846.GD21444@redhat.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20170911083846.GD21444@redhat.com>","User-Agent":"Mutt/1.8.3 (2017-05-23)","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.15","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.39]);\n\tMon, 11 Sep 2017 09:04:44 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"Re: [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG\n\tframes","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Reply-To":"\"Daniel P. Berrange\" ","Cc":"qemu-devel@nongnu.org","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"}}]