[lwip-users] http on lwip

[hajot]

Hi there

I use lwip for an embedded application. In recent field tests we encountered 
problems probably with proxies and firewalls.Sorry if this problem is a little 
bit off topic. But I hope that some professionals with experience on web 
applications on embedded systems could help me or direct my to another 
appropriate discussion group.

The problem:

- We use a proprietary terminal protocol that we tunnel in TCP frames for our 
remote maintenance. The embedded application and the server application in our 
facility use proprietary TCP ports outside the range of well known ports.

- Most of our worldwide fieldtest didn't show any problem but one in Poland. 
The TCP connection could not be established. A short investigation on google 
gave me posts from other discussion group that one should better make an 
application work over http, cause european ISP often block ports or even make 
protocol inspection and reject unknown services due to policy restrictions.

- I plan to tunnel the terminal protocol in http POST and GET commands or in 
http responses.

The http tunneling idea:
Im not sure about the details and the mechanisms behind possible protocol 
inspections. But to be absolutely sure that nothing gets blocked I have the 
plan that the TCP connection initiator (our embedded system) always issues GET 
or POST requestst:

- For the initial http request the embedded system will request a dummy website 
hosted on a server in our infrastructure.


GET /helpline HTTP/1.1
Host: www.hostname.com
Cache-Control: no-cache


- The server will then embed a terminal command in a http response. A terminal 
command is most often a two letter abbreviation of a command. E.g. le means 
"list eventlog". A http response with this command could look like this:


HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain

le



- The embedded system will respond with an eventlog containing the last 3500 
errors that occured on the system. Because of the huge amount of data,  (see 
Content-Length: 210000) the payload will be tunneled with a http POST request:


POST /helpline HTTP/1.1
Host: www.hostname.com
Content-Type: multipart/form-data; name="eventlog", 
boundary=0f107778f4d9713c7f1bc70eb206ba67
Content-Length: 210000

--0f107778f4d9713c7f1bc70eb206ba67
Content-Disposition : form-data; name="eventlog"; filename="eventlog"
Content-Type: text/plain

**Event: 3500:  002  17:21:45  01.07   Mains overvolt.  00128
                                                         ¦
                                                         ¦
  Event: 0001:  100   13:38:20  30.04   Rem usr logout  00001--
0f107778f4d9713c7f1bc70eb206ba67--



The questions:

- Could some experts confirm the mentioned problems with blocked ports and 
unknown protocols ?

- Are there any concerns considering proxies and inspection techniques this 
approach could miss ?

- A possible contractor would do the server implementation for us. He mentioned 
that there are ready to use products and codes for http tunneling/detunneling. 
I am looking for something similar in c open-source I could use on the embedded 
side. Does somebody knows/hosts/maintains a similar project?

- What are the requirements for a multipart boundary (0f1077....) in the 
example above. Has it to be a random number changing with each POST request. Or 
can I put always the same number for a simple and primitive implementation?

Kind regards
Hans-Joerg (George)