Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deflate: Fix no_context_takeover parameter handling and implement context_takeover. #107

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

keesverruijt
Copy link

I ran into issue #49 as well.

Analysis

The existing code did not implement context takeover, so it should always send client_no_context_takeover and server_no_context_takeover in the Sec-WebSocket-Extensions header, but it didn't.

Further investigation showed that my use-case (lots of small messages) would really benefit from context takeover, increasing the compression ratio up to ten fold.

Fix

  • Keep the decoder and encoder objects alive, and allow context takeover by default.
  • Add an option to disable either client or server context takeover in memory constrained situations.
  • Reset the decoder and encoder when no_context_takeover is active.

Implement context_takeover by keeping session level deflator and inflator.
@alula
Copy link

alula commented Sep 6, 2024

I ran into similar issue and just submitted a PR without seeing that someone outran me :)

I have one request though, could you add max decompressed payload size (to limit potential decompression bomb attacks) parameter like my PR does?

@keesverruijt
Copy link
Author

Hi @alula , I reviewed your PR and I will update mine with your improvements.

@keesverruijt
Copy link
Author

keesverruijt commented Sep 6, 2024

I think we can still improve the handling by returning better errors to the client, but this will do for now (it's no worse than it was.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants