Version 32 (modified by 4 years ago) (diff) | ,
---|
Network Connection
See also:
- Authentication: how to secure network connections
- Multicast DNS: by default, xpra publishes session on the network using mdns
- Data Flow: an overview of the data that flows over the network connection
- Packet Encoding: the encoding of the data exchanged over the connection
- Network Protocol: the actual packet format
- network tracker ticket: #1590
Types of connections
Xpra supports many different types of connections:
- unix domain socket connections using the
bind
option. From the same machine only, or via SSH (see below). When starting a server, unix domain sockets are usually created automatically for it by default - named-pipes: MS Windows only (#1150)
- VSOCK using the
bind-vsock
option, for host - guest virtual machines connections, see #983 - TCP connections using the "
bind-tcp
" option - UDP connections using the "
bind-udp
" option - SSL connections using the "
bind-ssl
" option, or TCP sockets upgraded with thessl=on
option. - websocket connections using the "
bind-ws
option, or TCP sockets upgraded with thehtml=on
option - secure websocket connections using the "
bind-wss
option, or TCP / websocket connections upgraded - SSH connections: this type of connection uses a SSH as transport to connect to the unix domain socket. (forwarded using the hidden xpra sub-command "_proxy").
Notes:
- each bind option can be secured with authentication modules, in which case you probably want to enable encryption too to prevent some MITM attacks.
- the
bind-XXX
option may be specified more than once to bind to multiple locations, ie: multiple ports or IP addresses (IPv6
is supported).
Examples
Socket Type | Server Start Command Line Arguments | Client Command Line Argument | Optional Server Authentication Option |
---|---|---|---|
unix | --bind=/path/to/socket | socket:/path/to/socket | auth=module |
named-pipes | n/a | named-pipe:name | auth=module |
vsock | --bind-vsock=auto:1234 | vsock:host:1234 | vsock-auth=module |
TCP | --bind-tcp=0.0.0.0:2345 | tcp:127.0.0.1:2345 | tcp-auth=module |
SSL | --bind-ssl=0.0.0.0:443 --ssl-cert=cert.pem | ssl:127.0.0.1:443 | ssl-auth=module |
Websocket | --bind-ws=0.0.0.0:8080 | ws:127.0.0.1:8080 | ws-auth=module |
Secure Websocket | --bind-wss=0.0.0.0:8080 --ssl-cert=cert.pem | wss:127.0.0.1:8080 | wss-auth=module |
UDP | --bind-udp=0.0.0.0:10000 | udp:127.0.0.1:10000 | udp-auth=module |
SSH | n/a | ssh:HOST | auth=module (usually redundant) |
The server arguments can be used with any server ("xpra start", "xpra shadow", "xpra upgrade", ..) and likewise the client arguments can be used with any client ("xpra attach", "xpra info", "xpra version", etc).
Beware that some protocols are platform specific (unix vs named-pipes).
The named-pipes and unix domain sockets currently available can be listed using the command "xpra list
".
If an wiki/Authentication module is used, the client may be prompted for a password(s) when attempting to connect.
General Network Information
The performance of xpra may well be limited by your network connection speed, and will be affected by any bufferbloat.
You can see how much bandwidth is used and how good the picture latency is using the "Graphs" tab of the "Session Info" dialog found in Xpra's system tray menu:
More network information is available in the "Session Info" dialog or via the "xpra info" command:
$ xpra info | egrep -i "network|latency" (..) client.latency.50p=3 client.latency.80p=3 client.latency.90p=3 client.latency.absmin=1 (..)
Investigating network performance and bottlenecks in detail is beyond the scope of this document.
For Linux systems, Queueing in the Linux Network Stack is recommended reading.
Xpra is very sensitive to network jitter and latency, try to Eliminate Bufferbloat in your Network.
Attachments (1)
-
session-info-graphs.png (44.4 KB) - added by 9 years ago.
graphs shown on session info dialog
Download all attachments as: .zip