See also: protocol, authentication, encryption and multicast DNS
| Type | Bind option | Availability | Information |
|---|---|---|---|
TCP |
bind-tcp |
All | |
| QUIC | bind-quic |
All | |
| SSL | bind-ssl |
All | |
| SSH | bind-ssh |
All | |
WebSocket |
bind-ws |
All | |
Secure WebSocket |
bind-wss |
All | |
RFB |
bind-rfb |
desktop and shadow servers only | Allows VNC clients to connect |
unix domain socket |
bind |
Posix | Local connections or via SSH |
named-pipe |
bind |
MS Windows | #1150 |
vsock |
bind-vsock |
Linux | host - guest virtual machines connections - see #983 |
TCP sockets can also be upgraded transparently to (Secure) WebSocket, SSL, SSH and RFB, so a single TCP port can support 6 different protocols automatically.
Unencrypted modes like plain-TCP and plain-WebSocket can also be secured with AES.
All the sockets that can be accessed via a network connection (all but vsock and named-pipe) will usually be published via multicast DNS. On Posix, unix-domain-sockets are exposed as SSH as we assume that a local SSH server is always available.
By default, local unix domain sockets (--bind=auto which is the default) also create abstract sockets, use --bind=noabstract if needed.
See also: Security Considerations
TCP Upgrade to WebSocket
xpra seamless --start=xterm --bind-tcp=0.0.0.0:10000xpra attach ws://localhost:10000/The same address (10000 here) can also be opened in a browser to use the HTML5 client:
xdg-open http://localhost:10000/SSH with password file
echo -n thepassword > password.txt
xpra seamless --start=xterm --bind-ssh=0.0.0.0:10000,auth=file,filename=password.txtxpra attach ssh://localhost:10000/The client will prompt for the password, as found in the password.txt file and not the regular shell account password.
Xpra will try to detect your network adapter and connection characteristics,
and it should adapt to changing network capacity and performance.
However, it may not always get it right,
and you may need to turn off bandwidth detection (bandwidth-detection option) and / or
specify your own bandwidth constraints. (bandwidth-limit option).
The performance of each session will be affected by the network link speed, in particular bufferbloat is known to cause severe performance degradations as xpra is quite sensitive to network jitter and latency, try to eliminate bufferbloat in your network. This is now a solvable problem See A little bump in the wire that makes your Internet faster, bufferbloat faq.
QUIC should offer the lowest latency, though it may need some tuning.
For Linux systems, Queueing in the Linux Network Stack is recommended reading for a deeper understanding.
You can see how much bandwidth is used and how good the picture latency is using the "Graphs" tab of the "Session Info" dialog found in Xpra's own menu:
More network information is available elsewhere in the "Session Info" dialog or via the "xpra info" command.
Tunnels and VPNs can and often do mangle traffic, causing extra latency and
generally making it more difficult to identify issues.
When investigating connection or latency issues, prefer direct connections that bypass any proxy, VPN, firewall, tunnel, etc
Then only re-add these potential bottlenecks if the direct connection exhibits the same behaviour.
Also prefer plain TCP connections over their WebSocket / SSL / QUIC counterparts - comparing different connection types can also provide useful data points.
Always ensure that there are no major warnings in the server log or client output, these may already point to the root cause (ie: GPU contention, encoding or decoding errors, etc).
Running xpra info | grep latency does capture some important measurements, these differ from network testing tools like ping
because the samples are captured from the application itself, as it is experienced by the software,
and after traversing all the operating system and library layers that sit between the wire and the software.
Comparing these values with the more crude values obtained from ping, tcpping or nmap can already expose significant sources of latency because the application is much more sensitive to system load and memory bandwidth than raw wire data.
xpra info is normally used against a server when no address is specified,
but it can also be used to collect data directly from a client process.
The client does send some of this data to the server, but more of it is accessible by connecting directly to the client.
From the output of xpra info:
connection.client.ping_latencythis is the application ping latency as experienced by the client when it pings the serverconnection.server.ping_latencythis is the application ping latency as experienced by the server when it pings the clientdamage.frame-total-latencythe average total time it takes for a screen update to be displayed on the client (to the backbuffer only - not including vblank or any compositor buffering)damage.client-latencythe average frame time without decoding or displaying itdamage.in_latencythe average delay between receiving screen update notifications from an application and actually processing them
As for the suffixes:
avg: averagecur: currentmin: minimum value seenmax: maximum value seen90p: 90 percentile
- latency swings are more damaging than more stable high latency values - the xpra engine will try to adjust, but this may take time and things can quickly get worse before it does
- packet loss (ie: wifi connections) can have a dramatic effect on all types of connection except QUIC, this is not directly exposed to the application which makes it hard to adapt
- some applications have problematic behaviour that may require more fine-tuning: screen update storms, unnecessarily high refresh rate, unused alpha channel, etc
- if the
ping_latencyis much higher on the server, this usually indicates an overloaded server
- quantum state: collecting data with
xpra infodoes interfere somewhat with the process being queried, as it creates some extra contention for resources, which can affect the behaviour of the application or the data collected or both - try to capture the data when the problem occurs, not before or after - this may require using scripting or a second pair of hands
- generally, there are few telltale values - only problematic combinations or changes