incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Lown <a.lo...@gmail.com>
Subject Re: Proxy issues
Date Tue, 25 Sep 2012 09:09:48 GMT
What does http://websocketstest.com report? (Just link the report id)
On 25 Sep 2012 10:07, "Ben Hegarty" <hegsie@gmail.com> wrote:

> hmm I don't ever get an open connection in firefox, this doesn't seem to be
> a problem other pages, i.e. gmail with GTalk works fine, facebook and all
> the messaging there works fine too.  The only time I've ever seen the
> authentication I got with wave is when I've had facebook open too long and
> I think http requests get out of sync, generally this means I have to
> restart firefox and everything starts working fine again.
>
> https://docs.google.com/open?id=0B5FF_Ld8SzsNN2JXSVIwdzM2Q3M
> https://docs.google.com/open?id=0B5FF_Ld8SzsNOV95TF9IeXZ2VGc
>
> Basically I can't open wave from behind a proxy in any configuration, I'm
> not sure this should be the standard behaviour, esp when most sites seem to
> be fine, are there any sites I could provide the wireshark trace for that
> we could use as a comparison?
>
> Regards
> hegsie
>
> On Tue, Sep 25, 2012 at 9:43 AM, Ali Lown <ali@lown.me.uk> wrote:
>
> > The firefox logs do show the attempts to authenticate (which is more
> > than Chrome tries) at (say) #193,#194,#203,#204,#205,#213 which is a
> > succesful login (I assume to open the connection for the page, since
> > it is followed by #214 (TLSv1 Client Hello).
> >
> > The Websocket attempts (I think) look like #1841,#1842,#1850,#1851
> > which are failing for some reason.
> >
> > However, it isn't a problem with Wave, rather a potential bug in
> > Chrome (since it doesn't even attempt to authenticate) and an
> > overly-restrictive (for no good reason) corporate firewall (Might I
> > suggest a VPN, or SSH tunnel to somewhere less restrictive).
> >
> > Ali
> >
> > (Interestingly, does GTalk work since it gets a 502 for attempting to
> > use a non-standard SSL'd port. You also seem to have some problematic
> > bit of software attempting to connect to https://uk.bp.com which fails
> > since the DNS records are invalid).
> >
> > On 25 September 2012 09:27, Ben Hegarty <hegsie@gmail.com> wrote:
> > > ok hopefuly this one is cleaner for firefox, though I have to add that
> > > firefox keeps asking for my credentials and no matter how many times I
> > > enter them it just keeps returning asking for them again... then after
> a
> > > while I just get a turbulence detected...
> > >
> > > https://docs.google.com/open?id=0B5FF_Ld8SzsNUDVlN0RyQjU2Vkk
> > >
> > > hegsie
> > >
> > > On Tue, Sep 25, 2012 at 9:19 AM, Ali Lown <ali@lown.me.uk> wrote:
> > >
> > >> In the chrome logs (original: #144, new: #344), in the firefox logs
> > >> #274 show a 407 response to the attempt to CONNECT to
> > >> wave.eezysys.co.uk:443.
> > >>
> > >> I would expect to possibly see a 407 once, at which stage the browser
> > >> should then re-attempt the connection with the proxy credentials (as
> > >> described here[1], but I see no attempts to authenticate.
> > >>
> > >> Does the actual page load in this situation? Do other secure sites
> load?
> > >>
> > >> Ali
> > >>
> > >> [1]:
> > >>
> >
> http://tmgblog.richardhicks.com/2011/08/29/access-to-the-web-proxy-filter-on-forefront-tmg-2010-is-denied/
> > >>
> > >> On 25 September 2012 09:05, Ben Hegarty <hegsie@gmail.com> wrote:
> > >> > Hey Ali,
> > >> > Was looking over the chrome capture and I'm not sure that the one
> > below
> > >> is
> > >> > very clean so I performed it again...
> > >> >
> > >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNWG5rd0d0UnZVQU0
> > >> >
> > >> > Regards
> > >> > hegsie
> > >> >
> > >> > On Tue, Sep 25, 2012 at 8:53 AM, Ben Hegarty <hegsie@gmail.com>
> > wrote:
> > >> >
> > >> >> Hey Ali,
> > >> >> I've tested this again with firefox to no avail...
> > >> >>
> > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNaGFVV2NabEd0RFU
> > >> >>
> > >> >> and with chrome...
> > >> >>
> > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNdmw5aThEZXF1U0k
> > >> >>
> > >> >> Regards
> > >> >> hegsie
> > >> >>
> > >> >>
> > >> >> On Mon, Sep 24, 2012 at 9:19 PM, Ben Hegarty <hegsie@gmail.com>
> > wrote:
> > >> >>
> > >> >>> Ok, will do when I'm back behind the firewall tomorrow, I'll
let
> you
> > >> know
> > >> >>> how it goes.
> > >> >>> Cheers
> > >> >>>
> > >> >>>
> > >> >>> On Monday, September 24, 2012, Ali Lown wrote:
> > >> >>>
> > >> >>>> If you would like to test it again now/tomorrow?
> > >> >>>>
> > >> >>>> It took a few hours longer than I expected because I had
to stop
> > and
> > >> >>>> write a patch for Wave (and have dinner, and everything
else) to
> > make
> > >> >>>> it work.
> > >> >>>>
> > >> >>>> This should have all traffic going over port 443, so if
you check
> > in
> > >> >>>> Wireshark all you should see is some TLS traffic to
> 71.19.144.245.
> > >> >>>>
> > >> >>>> Ali
> > >> >>>>
> > >> >>>> On 24 September 2012 17:18, Ben Hegarty <hegsie@gmail.com>
> wrote:
> > >> >>>> > Whenever you get a chance to do that I'll be happy
to retest :)
> > >> >>>> > Thanks again
> > >> >>>> >
> > >> >>>> > On Mon, Sep 24, 2012 at 5:14 PM, Ali Lown <ali@lown.me.uk>
> > wrote:
> > >> >>>> >
> > >> >>>> >> Yes, packet #46 because I try to make you connect
over 9898.
> > >> >>>> >> (This is because I have the configuration mis-setup,
but
> didn't
> > >> want
> > >> >>>> >> to reboot the wave server to fix it).
> > >> >>>> >>
> > >> >>>> >> I can move it so that websockets goes over 443,
then I will
> let
> > you
> > >> >>>> >> try again. (At which time it should work fine).
> > >> >>>> >>
> > >> >>>> >> On 24 September 2012 17:09, Ben Hegarty <hegsie@gmail.com>
> > wrote:
> > >> >>>> >> >
> https://docs.google.com/open?id=0B5FF_Ld8SzsNMnlmZkZWZWtEQ28
> > >> >>>> >> >
> > >> >>>> >> > Looks like you're right there Ali I'm seeing
port not
> allowed
> > in
> > >> >>>> the http
> > >> >>>> >> > packets
> > >> >>>> >> > Cheers
> > >> >>>> >> >
> > >> >>>> >> > On Mon, Sep 24, 2012 at 5:03 PM, Ali Lown
<ali@lown.me.uk>
> > >> wrote:
> > >> >>>> >> >
> > >> >>>> >> >> Yes.
> > >> >>>> >> >>
> > >> >>>> >> >> On 24 September 2012 17:01, Ben Hegarty
<hegsie@gmail.com>
> > >> wrote:
> > >> >>>> >> >> > Sure I can try there too, is it
still set with the same
> > dets?
> > >> >>>> >> >> > Regards
> > >> >>>> >> >> >
> > >> >>>> >> >> >
> > >> >>>> >> >> > On Mon, Sep 24, 2012 at 4:59 PM,
Ali Lown <
> ali@lown.me.uk>
> > >> >>>> wrote:
> > >> >>>> >> >> >
> > >> >>>> >> >> >> Extracting the data as raw
bytes from the first
> Websocket
> > >> >>>> response
> > >> >>>> >> >> >> packet (#95) gives us the following
HTML page
> (attached).
> > >> >>>> >> >> >>
> > >> >>>> >> >> >> So, it is _definitely_ an issue
with your proxy server
> not
> > >> >>>> >> >> >> understanding the Websockets.
> > >> >>>> >> >> >>
> > >> >>>> >> >> >> For more information on exactly
how they work, a good
> > article
> > >> >>>> would
> > >> >>>> >> >> >> be: http://lucumr.pocoo.org/2012/9/24/websockets-101/
> > >> >>>> >> >> >> "The protocol went through
many iterations and basically
> > had
> > >> to
> > >> >>>> be
> > >> >>>> >> >> >> changed multiple times because
of unforeseen security
> > >> problems
> > >> >>>> that
> > >> >>>> >> >> >> came up with misbehaving proxies."
seems to sum-up the
> > >> problem.
> > >> >>>> >> >> >>
> > >> >>>> >> >> >> Ali
> > >> >>>> >> >> >>
> > >> >>>> >> >> >> NB: When you tried on my server
(
> > https://wave.eezysys.co.uk
> > >> ),
> > >> >>>> I am
> > >> >>>> >> >> >> less certain as to why it failed
there given all the
> > traffic
> > >> is
> > >> >>>> >> >> >> encrypted. (Unless your company
proxy is terminating my
> > SSL
> > >> >>>> >> >> >> connection, performing DPI
on the now-decrypted data,
> and
> > >> then
> > >> >>>> >> >> >> re-encrypting it before presenting
it to you)
> > >> >>>> >> >> >> Could you do a wireshark capture
for that server as
> well?
> > >> >>>> >> >> >> Actually, it might be because
my server still tries to
> > use a
> > >> >>>> >> >> >> non-standard port for the websockets,
and it is quite
> > likely
> > >> >>>> you have
> > >> >>>> >> >> >> most outgoing ports blocked.
> > >> >>>> >> >> >>
> > >> >>>> >> >> >> On 24 September 2012 16:42,
Ben Hegarty <
> hegsie@gmail.com
> > >
> > >> >>>> wrote:
> > >> >>>> >> >> >> > Hey Ali,
> > >> >>>> >> >> >> > Basically I get 'A turbulance'
after logging in and
> > never
> > >> go
> > >> >>>> online
> > >> >>>> >> >> and
> > >> >>>> >> >> >> no
> > >> >>>> >> >> >> > wave data is saved down,
you just see 'Unsaved all the
> > >> time'..
> > >> >>>> >> >> >> > I've uploaded the wireshark
trace to the following
> > >> location :)
> > >> >>>> >> >> >> >
> > >> >>>> >> >> >> >
> > >> https://docs.google.com/open?id=0B5FF_Ld8SzsNMm5oOGJXajlOV00
> > >> >>>> >> >> >> >
> > >> >>>> >> >> >> > HTH
> > >> >>>> >> >> >> >
> > >> >>>>
> > >> >>>
> > >> >>>
> > >> >>> --
> > >> >>> Mobile Phone: +447767-322-122
> > >> >>> Work Phone: +4420 79485612
> > >> >>>
> > >> >>>
> > >> >>
> > >> >>
> > >> >> --
> > >> >> Mobile Phone: +447767-322-122
> > >> >> Work Phone: +4420 79485612
> > >> >>
> > >> >>
> > >> >
> > >> >
> > >> > --
> > >> > Mobile Phone: +447767-322-122
> > >> > Work Phone: +4420 79485612
> > >>
> > >
> > >
> > >
> > > --
> > > Mobile Phone: +447767-322-122
> > > Work Phone: +4420 79485612
> >
>
>
>
> --
> Mobile Phone: +447767-322-122
> Work Phone: +4420 79485612
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message