Friday, January 6, 2012

Obscure packetization bug in Verizon cellular HTTP proxy 'Harmony'! Does your app fail on VZW cell but work on wifi?

Wow this is a fucking bug and a half;

(On iPhone, but applies to everything)
Verizon currently appears to proxy any HTTP request over any port regardless of whether you asked for it. It adds

"X-Via: Harmony proxy"

to show how much it 'helped'. Thanks, if I wanted a proxy I'd ask for one.

It does it even on non-port 80!! FFS!
It appears that anything that says HTTP/1.1 after opening a socket on any port is fair game for fuckwittery.

And, wonderfully, Harmony Proxy has a packet reassembly bug!

The client app was (inadvertently) writing the HTTP request split into two TCP packets;
The first packet was only 22 bytes long, containing the URL
The second packet was 500 or so bytes and was the rest of the header continuing from " HTTP/1.1\r\n...etc"

Hence the very first line of the HTTP req was split into two TCP packets. This is obviously rather unusual.
The proxy freaks out at this, throws away all the HTTP headers, and just generally screws the request up (although it does send it)..

So, when using socket .send() , make sure you've buffered at least the first few lines of your headers in one go.

if your stuff works over wifi, other cell networks, but not VZW, and you're using HTTP...
watch out for this. It's a bug in their proxy.

4 comments:

Bill Mitchell said...

What you described matches a symptom that we were seeing over here - that has stumped us for a long time.

Note that not all Verizon proxies are created equal -- our sales rep found that things worked in SOME regions, but not in others.

Dr.Tune said...

It took me about 3hrs to figure out but I had a "lightbulb" moment when looking at the packets from the phone in wireshark; we had a reliably working and non-working request so it was just a matter of time to find.

I think our case (of always fragmenting the first packet) is quite unusual; most people won't hit this bug I expect.
Anyway, ya, it was my bug of the week.

Dr.Tune said...

My mind was blown by VZ proxying all ports; I didn't experiment too much but it appears if you open any socket and say "HTTP" then you get messed with. Meh.

Anonymous said...

Please note that I have a T-Mobile hotspot and it does the same thing. Not only does it open and mess with the connection, it is horrible at what it does with it. For instance, I work on websites. We have 6 production servers and a test server. The test server is where new scripts get tested. So, an entry in my hosts file should allow me to use the test server, rather than whatever the DNS returns. But even though my packet is destined for the test server, the hotspot intercepts the url and finds it necessary to do a DNS lookup on the url. It then connects to one of our 6 production servers and makes the request. It doesn't care what the destination IP is, it picks one itself. It's very frustrating. The only way around it that I've found is to use a VPN. Also, to spare wireless bandwidth, it takes all images and recodes them. For instance, it takes png images it retrieved from the server, compresses them to jpg on some infra T-Mobila has set up and then the hotspot turns it back into a png. Png, of course, is lossless. And the jpg settings they use are probably about 60% quality. Very blurry. It sucks when looking at charts and such.
But, having this hotspot has tought me that even though you think your app may be connected to your server and can talk back-and-forth in whatever manner you want, undisturbed, this is not always the case. Weird proxies may sit in between, not only snooping, but heavily altering the conversation.
It would be nice if these settings were allowed to be changed, but no, T-Mobile gives us no access. It's thoroughly amazing that this modern technology sets us back 2 decades in compatibility.
Anyway, they've lost this customer. As soon as I can find a better way to get internet, I'm gone.