There are three ways how the payload length of a websocket frame can be encoded, which depend on the length of the payload:
- 125 or less
- 126-65535
- 65536 +
Which way is used can be told by looking at the value of the 7 last bits of the 2nd byte (the first bit of the 2nd byte is the masking flag).
When it's below 126, it's the payload length. When it's 126, the payload length is in the following two bytes. When it's 127, the payload length is in the following 8 bytes.
So the algorithm you have to follow to interpret a websocket frame is:
- read the 1st byte ("
byte0
") to get the fin flag and the opcode - read the 2nd byte ("
byte1
") - when
byte1
is greater than 127, subtract 127 frombyte1
and setmasked
totrue
- when
byte1
is now 126, read the next two bytes and convert it to ashort
. This is thepayload_length
. - when
byte1
is 127, read the next eight bytes and convert it to along
. This is thepayload_length
. - when
byte1
is something else, thepayload_length
is equal to the value ofbyte1
- when
masked
is true, read the next 4 byte. This is themasking_key
. - read the number of bytes you have in the
payload_length
to get the payload. - when
masked
is true, apply themasking_key
to the payload.
There is no hash-code in a websocket frame, you must have mixed something up. The integrity of a websocket frame is ensured by the TCP layer beneath it.
For more information about the Websocket protocol, refer to the RFC 6455.