2

Couple questions about websockets protocol sending BINARY data:

  • Why is the payload masked? doesn't TCP guarantee data integrity?

  • What exactly is fragmentation? does it mean that, if I send a single frame of 1000 byte payload, the other end (due to intermediate proxies) may receive four separate frames of 200, 300, 270, and 230 bytes each (with only the final frame having the FIN bit set?)

Benito Ciaro
  • 1,718
  • 12
  • 25

1 Answers1

3

The payload sent from client to server (not server to client) is masked neither for reasons of data integrity nor authenticity, but to prevent rogue scripts from confusing (and potentially attacking) old intermediaries (Web proxies and the like).

Any WebSocket client that conforms to RFC6455 MUST mask client-to-server frames. Nevertheless, some libraries allow you to turn off masking for client, and turn off failing on non-masked client frames (e.g. AutobahnPython).

The latter can be useful to elimit the CPU overhead associated with masking. It may be acceptable when both endpoints are under your control and either the route between both are fully under your control (e.g. talking WebSocket over loopback or Unix domain sockets or LAN) or you are using TLS, and hence (in most situations) no intermediary will be able to look inside the traffic anyway.

Fragmentation works like this: a WebSocket message may be split into multiple WebSocket frames - and also coalesced any time not only by the sender, but also any intermedaries on the way to the receiver. And yes, only the last WebSocket frame of a sequence of frames for a given message will have the FIN bit set.

oberstet
  • 21,353
  • 10
  • 64
  • 97
  • Hi. I was wondering what causes the amount of websocket fragmentation, and if there's a way to set it? In localhost it seems to only fragment at 64kb while on aws it fragments every couple if kilobytes – Yakk Ov Dec 28 '22 at 00:59
  • The fragmentation is controlled from the sending side on a point-to-point websocket connection, and when your client connects to a server, websocket intermediates on the way count as "point-to-point" (fragmentation isn't endpoint to endpoint). I should add rgd the last aspect: if you use TLS 1.3 / secure websocket, then your TLS will be from your client to the server endpoint, and no intermediaries on the way can unwrap your TLS - and hence cannot refragment as well. – oberstet Jan 06 '23 at 08:46
  • Hi thanks. I'm just wondering why when I upload the NodeJS server on a standard ec2 instance in aws, the same code causes smaller fragments than when it's tested in localhost. Are there maybe environment variables that can control it? – Yakk Ov Jan 06 '23 at 17:05
  • NodeJS is just a run-time, so all depends on the code of your server – oberstet Jan 07 '23 at 01:20