WebSocket permessage-deflate compression (RFC 7692) (#853)#1308
Merged
Conversation
Adds opt-in per-message DEFLATE compression for WebSocket connections, negotiated during the handshake. Enable with `compress=true` on the client `open(...)`, the server `listen!(...)`, or `upgrade(...)`; it is negotiated per connection and transparently falls back to uncompressed frames if either side declines. Implementation (src/http_websocket_pmce.jl): - Raw DEFLATE via thin Zlib_jll bindings (negative windowBits), driving Z_SYNC_FLUSH with the 0x00 0x00 0xff 0xff trailer strip/append trick (RFC 7692 §7.2). The CodecZlib transcode API cannot express sync-flush or context takeover, so we go to zlib directly. Adds Zlib_jll as a dep. - Per-connection context-takeover or no_context_takeover, negotiated window bits, the empty-message 0x00 rule (§7.2.3.6), and a decompression-bomb guard bounded by `maxframesize`. - Full Sec-WebSocket-Extensions negotiation: client offer, server accept (declining unknown params / unsupported 8-bit windows), client validation of the server response. Codec integration: RSV1 is accepted only when negotiated and only on the first frame of a data message; the decoder defers UTF-8 validation for compressed text (validated after the whole message is inflated). Outgoing data messages are compressed as one frame; control frames are never compressed. Tests: 45 codec/negotiation/end-to-end cases (no docker needed). Autobahn with compression enabled: 271 cases, zero failures, all 24 permessage-deflate cases (12.*/13.*) OK and core cases 1-11 unaffected. Existing WS suites unchanged: codec 122, client 20, server 35, integration 42. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1308 +/- ##
==========================================
- Coverage 87.16% 87.14% -0.03%
==========================================
Files 28 29 +1
Lines 11042 11273 +231
==========================================
+ Hits 9625 9824 +199
- Misses 1417 1449 +32 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #853.
Adds opt-in WebSocket per-message compression via the permessage-deflate extension (RFC 7692), negotiated during the handshake. Modeled on Go's gorilla/coder permessage-deflate semantics.
compress=trueis accepted on the clientopen(...), the serverlisten!(...), andupgrade(...). It is opt-in on both ends, negotiated per connection, and transparently falls back to uncompressed frames if either side declines.Implementation
New
src/http_websocket_pmce.jl:Zlib_jllccall bindings (negative windowBits), drivingZ_SYNC_FLUSHwith the00 00 ff fftrailer strip/append trick (RFC 7692 §7.2). CodecZlib'stranscodeAPI can express neither sync-flush nor context takeover, so we go to zlib directly. AddsZlib_jllas a dependency (already transitively present via CodecZlib).no_context_takeover, negotiated window bits, the empty-message0x00rule (§7.2.3.6), and a decompression-bomb guard bounded bymaxframesize.Sec-WebSocket-Extensionsnegotiation: client offer, server accept (declining unknown params and unsupported 8-bit windows), and client validation of the server's response (failing the connection on a malformed or unoffered extension).Codec integration (post-#1304 codec): RSV1 is accepted only when negotiated and only on the first frame of a data message; the decoder defers UTF-8 validation for compressed text (validated after the whole message is inflated, since compressed bytes aren't valid UTF-8). Outgoing data messages compress to a single frame; control frames are never compressed.
Validation
http_websocket_pmce_tests.jl): compress/decompress round-trips (single, context-takeover, no-takeover, empty, unicode, binary), the bomb guard, full negotiation (offer/accept/decline/window-bits/unknown-param), and end-to-end echo with both fallback paths — no docker required.🤖 Generated with Claude Code