Skip to content

Websocket compression 7285 v3 #13018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Websocket compression 7285 v3 #13018

wants to merge 4 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7285

Describe changes:

  • better handle websocket decompression
    • handle single-frame decompression
    • use max window bits of 15, and keep the context of decompression
    • handle HTTP1 Header Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits=15, especially the max_window_bits=15 for the decompressor

SV_BRANCH=OISF/suricata-verify#2387

#12930 rebased and more detailed commit history

I am not sure we need and want the last commit (too much complexity for some small optimization)

@catenacyber
websocket: decompress single pdu message
e01f661 
Ticket: 7285

Previously, only messages over multiple PDUs could get decompressed
@catenacyber
rust: use flate2 with C zlib
9780f3f 
move flate2.rs to a backend supporting the setting
of window_bits, which is not the case for miniz-oxide.

This will allow WebSocket to use Sec-WebSocket-Extensions
which can set a non-default window_bits
@catenacyber catenacyber requested review from jasonish, victorjulien and a team as code owners April 14, 2025 19:53
@catenacyber catenacyber force-pushed the websocket-compression-7285-v3 branch from 226f339 to 8716c4e Compare April 14, 2025 20:02
@catenacyber catenacyber mentioned this pull request Apr 14, 2025
Closed
@suricata-qa
Copy link

WARNING:
ERROR: buid failure for build_asan QA build

field baseline test %
build_asan

Pipeline 25689

@catenacyber catenacyber marked this pull request as draft April 14, 2025 20:05
@catenacyber
websocket: use max window bits of 15
91b0213 
Ticket: 7285

As this is the default for websocket, which is bigger than the
defaut for zlib usage

Also limit the decompressed content to the max-payload-size
configuration parameter also used for non-compressed content.

And also use a stateful decoder to store/remember the compression
state to be able to decompress later messages.
@catenacyber
websocket: handle Sec-WebSocket-Extensions
b953162 
Optimization to avoid consuming too much memory for decompression
@catenacyber catenacyber force-pushed the websocket-compression-7285-v3 branch from 8716c4e to b953162 Compare April 14, 2025 20:13
@suricata-qa
Copy link

WARNING:
ERROR: buid failure for build_asan QA build

field baseline test %
build_asan

Pipeline 25690

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 25691

@catenacyber catenacyber mentioned this pull request Apr 15, 2025
Closed
@catenacyber
Copy link
Contributor Author

Clean in #13022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa