Websocket 基础入门
same-orgins:浏览器同源策略的安全模型
持久化协议
双向双工 多路复用, 同时发信息
http只能由客户端发起,一个request对应一个response
http每次通信需要发起连接,或者keepalived只能服用连接
http 头信息繁重
单一的TCP连接,采用全双工通信 vs 单向传送,需要多条连接
对代理,防火墙和路由透明: 基于http协议结构,使用相同80 443端口
连接建立后,信息传输无头部信息,减少网络带宽消耗、cookie和身份验证
无安全开销
通过ping/pong帧保持链路激活
服务器可以推消息。
websocket本质上是一个TCP连接
建立连接:发送http请求(upgrade:websocket升级),TCP三次握手,建立连接。
请求:
GET / HTTP/1.1 Host: Upgrade: websocket Connection: Upgrade Sec-Websocket-Key: BASE-64编码(randomly selected 16-byte value) Origin: cross-origin check Sec-Websocket-Protocal: chat,superchat //客户端希望使用的协议,one or more comma-separated subprotocol the client wishes to speak, ordered by preference Sec-Websocket-Version: 13(must be)
回复: HTTP/1.1 101 Switching Protocals //协议转换 Upgrade: websocket Connection: Upgrade Sec-Websocket-Accept: BASE-64编码(SHA-1加密(Sec-Websocket-Key==GUID(Globally Unique Identifier)("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"))) Sec-Websocket-protocal: chat
传送数据:文本、二进制、控制帧等
handshake and then data transfer
基于TCP的独立协议;
由http server解析握手连接(Upgrade request) 80 443
ws-URI = "ws:" "//" host [ ":" port ] path [ "?" query ] wss-URI = "wss:" "//" host [ ":" port ] path [ "?" query ]
host = <host, defined in [RFC3986], Section 3.2.2> port = <port, defined in [RFC3986], Section 3.2.3> path = <path-abempty, defined in [RFC3986], Section 3.3> query = <query, defined in [RFC3986], Section 3.4>
if the client is a web browser, it supplies /origin/.
数据传输:一连串的帧(frames)
二进制:
协议:
|Opcode | Meaning | Reference | -+--------+-------------------------------------+-----------| | 0 | Continuation Frame | RFC 6455 | -+--------+-------------------------------------+-----------| | 1 | Text Frame | RFC 6455 | -+--------+-------------------------------------+-----------| | 2 | Binary Frame | RFC 6455 | -+--------+-------------------------------------+-----------| | 8 | Connection Close Frame | RFC 6455 | -+--------+-------------------------------------+-----------| | 9 | Ping Frame | RFC 6455 | -+--------+-------------------------------------+-----------| | 10 | Pong Frame | RFC 6455 | -+--------+-------------------------------------+-----------|
fin:标识消息的最后一部分 opcode:消息体说明
- %x0 denotes a continuation frame
- %x1 denotes a text frame
- %x2 denotes a binary frame
- %x3-7 are reserved for further non-control frames
- %x8 denotes a connection close
- %x9 denotes a ping
- %xA denotes a pong
-
%xB-F are reserved for further control frames
mask: 1 masked,0 unmasked
当为1时,mask-key赋值,用于服务器端 unmask payload data
客户端发送到服务端的数据都必须mask
payload length:7 bits, 7+16 bits, or 7+64 bits
7 bits:0-125 payload length
7+16 bits:16-bit unsigned integer are the payload length
7+64 bits:64-bit unsigned integer (the most significant bit MUST be 0) are the payload length
The payload length is the length of the "Extension data" + the length of the "Application data".
masking-key:0 | 4 bytes, chosen at random by the client,不影响payload data的数据长度
payload data:Extension data + Application data
数据分片:fragmentation:
main purpose:允许在不缓存完整消息的情况下发送未知大小的消息。使用数据分片,服务器或者中间媒介可以选择一个合适大小的缓存,来缓存及发送fragment
sub:multiplexing,多路分发,
Control frames MAY be injected in the middle of a fragmented message. Control frames themselves MUST NOT be fragmented.
delivered in the order send by the sender
不同消息不允许交叉存取分片
基本传输结构:
A fragmented message consists of a single frame with the FIN bit clear and an opcode other than 0, followed by zero or more frames with the FIN bit clear and the opcode set to 0, and terminated by a single frame with the FIN bit set and an pcode of 0.
control frames:
0x8 (Close), 0x9 (Ping), 0xA (Pong), 0xB-0xF reserved
communicate state with websocket
can be interjected in the middle of a fragmented message: 减少因为大体量消息控制帧的延迟
payload length < 125
must not be fragmented
连接断开 close frame:
客户端发送close frame
客户端等待服务端断开连接,
当服务端收到close frame, 会等待消息发送完毕再返回close frame
服务端立即断开tcp连接,
客户端可以在任何时刻关闭连接。
ping frame: opcode---0x9 serve as a keepalive or as means to verify remote endpoint
pong frame:opcode---0xA
必须包含对应ping的 Application data
回复最近的 ping frame
可能的服务器端单向主动的pong frame,不需要回复。
data frame:
opcode---0x1:text data encoded as UTF-8
opcode---0x2:binary
websocket 可以使用任何http使用的安全验证方式。
websocket机密性和完整性通过使用 websocket protocal over tls 即 wss
底层网络协议,
倾向于使浏览器成为一个与操作系统相仿的应用程序平台。
低级网络API无法处理源安全模型。
实时通讯;支持二进制和字符串传输。
SPDY:扩充了Http,通过压缩http首部标识和多路复用,工作管道等手段改进http请求性能。改进网页性能。http的修改形式,修改了许多http非本质问题,
Websocket API是完全事件驱动的,自动发送数据和通知。遵循异步编程模式。监听事件。open message error close。String Blob ArrayBuffer var blob = new Blob("blob data"); ws.send(blob); var array = new Unit8Array([2,3,4,5,6]); ws.send(array.buffer);
readyState
websocket send()时立即生效的,但是浏览器对于发送的数据会进行缓存;使用bufferedAmount检查已经进入队列但是尚未发送到服务器的字节数,不包括协议帧组或者操作系统,网络硬件所进行的缓存。
关闭前检查bufferedAmount是否有为发送数据。
传输层协议。
websocket pingpong机制,保持连接存活。
更多建议: