Open samuel-hunter opened 2 years ago
I'm poking around in the source code, trying to find a place where the program can catch when the socket disconnects and can emit a :close
event with code 1006
(connection abnormally closed). Here is what I found:
:close
event is emitted with the abnormal error code 1006
is defined in the method send (server)
. Instead of catching this immediately, a typical server might only register the socket is closed after sending a periodic ping frame, or sends a message to the client. If a server elects not to send ping frames, and is in a state that is only listening for the client, it may never emit a :close
event at all.:error
handlers close the connection in response, then the websocket changes to the :closing
ready-state, and the method send :around (server)
will bypass the method above, preventing any mechanism from sensing a closed connection.Both of these footguns should be solved by calling (close-connection ws 1006 "websocket connection closed")
after the detecting the socket is closed by peer.
ha....can you find solution? when close connection, server not call close or error handler in woo server :-<
I've not found a solution unfortunately, so I've put my server dev work on hold until it's solved
I had this happen when I was testing the ws through the terminal with websocat
and closing the connection there. It gave this error:
Error while processing connection: Condition USOCKET:CONNECTION-ABORTED-ERROR was signalled.
So websocket-driver is not reacting on this event from usocket.
I can see this as a problem when a client's connection drops and a close frame does not reach the server.
Reproduced on SBCL 2.2.5 on Debian, with websocket-driver v0.2.0, Clack v2.0.0, and Woo v0.12.0.
If a wss server socket closes without writing a close frame, I'd assume it would emit either an
:error
event, or a:close
event, but it does neither.I can reproduce the error by modifying the
*echo-server*
in the README:Client-side, I can reproduce it with
netcat
, with frames only, or webcat, with some content:Server-side results:
(No mention of a Close Event or Error Event)
Similar results with webcat
Server-side results:
As an aside, the server socket is indeed registered as closed once the client quits:
Unless I am mistaken, I expect that I need to only handle
:close
and:error
if I want to clean up state following a closed client connection (for example, wrapping up a multiplayer game session after one player leaves). If there is no easy way to detect when this happens, this could lead into a footgun into adding a DOS vulnerability, where the attacker would rapid-fire requests before closing them, tricking the server into remembering state for connections that are no longer open.Please let me know if I am mistaken about this. Thank you!