W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2010

[whatwg] WebSockets: UDP

From: Philip Taylor <excors+whatwg@gmail.com>
Date: Wed, 2 Jun 2010 18:48:05 +0100
Message-ID: <AANLkTimPvtS9hE-frSVQq8dWBEG9-fvCfnTsOVCbVXQt@mail.gmail.com>
On Tue, Jun 1, 2010 at 9:02 PM, Erik M?ller <emoller at opera.com> wrote:
> On Tue, 01 Jun 2010 21:14:33 +0200, Philip Taylor <excors+whatwg at gmail.com>
> wrote:
>
>> More feedback is certainly good, though I think the libraries I
>> mentioned (DirectPlay/OpenTNL/RakNet/ENet (there's probably more)) are
>> useful as an indicator of common real needs (as opposed to edge-case
>> or merely perceived needs) - they've been used by quite a few games
>> and they seem to have largely converged on a core set of features, so
>> that's better than just guessing.
>>
>> I guess many commercial games write their own instead of reusing
>> third-party libraries, and I guess they often reimplement very similar
>> concepts to these, but it would be good to have more reliable
>> information about that.
>>
>
> I was hoping to be able to avoid looking at what the interfaces of a high vs
> low level option would look like this early on in the discussions, but
> perhaps we need to do just that; look at Torque, RakNet etc and find a least
> common denominator and see what the reactions would be to such an interface.

I'm trying to think of them mainly as indirect examples of use cases,
rather than as direct examples of interfaces. Under the assumption
that most games either use a library like these or implement a
comparable one themselves, and that the library designs are driven by
the game requirements, if a feature is supported by most of the
libraries then it's probably needed by many games; and if a feature is
unsupported in many of the libraries then it's probably unnecessary
for most games. (Also an assumption: games running in web browsers
will have similar needs to native games (though lagging many years
behind state-of-the-art); and we only ought to aim to support the
needs of most games, not all games.)

So they seem to suggest things like:
- many games need a combination of reliable and unreliable-ordered and
unreliable-unordered messages.
- many games need to send large messages (so the libraries do
automatic fragmentation).
- many games need to efficiently send tiny messages (so the libraries
do automatic aggregation).
- many games need some kind of security (I have no idea exactly what,
or how much is still relevant when the client is JavaScript and
trivial to tamper with).
- many games need to prioritise certain messages when bandwidth is limited.
- most games don't need low-level control over individual datagrams
and precise packet loss feedback, they're okay with the socket details
being abstracted away.
- ... probably lots more (and/or less); I'm not very familiar with the
details of the libraries so this is unlikely to be an accurate list,
but I think it may be a useful way to analyse the requirements.

(The solution suggested in your initial post
(socket.send(data_smaller_than_mtu) going over UDP) seems to be one
extreme, which combines with higher-level JS libraries to satisfy
these needs. I think I initially suggested the other extreme of
encoding all the features into the browser API. I guess the best
tradeoff depends largely on what non-game use cases exist that should
be satisfied by the same solution.)

> So, what would the minimal set of limitations be to make a "UDP WebSocket"
> browser-safe?
>
> -No listen sockets
> -No multicast
> -Reliable handshake with origin info
> -Automatic keep-alives
> -Reliable close handshake
> -Socket is bound to one address for the duration of its lifetime
> -Sockets open sequentially (like current DOS protection in WebSockets)
> -Cap on number of open sockets per server and total per user agent

Perhaps also:
- Cap or dynamic limit on bandwidth (you don't want a single web page
flooding the user's network connection and starving all the TCP
connections)
- Protection against session hijacking
- Protection against an attacker initiating a legitimate socket with a
user and then redirecting it (with some kind of IP (un)hijacking) to a
service behind the user's firewall (which isn't a problem when using
TCP since the service will ignore packets when it hasn't done the TCP
handshake; but UDP services might respond to a single packet from the
middle of a websocket stream, so every single packet will have to be
careful not to be misinterpreted dangerously by unsuspecting
services).

-- 
Philip Taylor
excors at gmail.com
Received on Wednesday, 2 June 2010 10:48:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:24 UTC