1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Commit graph

86 commits

Author SHA1 Message Date
stropee
ea00ad2076 http: pipeline: enable for more methods
Signed-off-by: stropee <simon@sirocha.fr>
2024-11-03 07:58:59 +00:00
leleliu008
f69835e09c Subject: [PATCH] AI_V4MAPPED macro is missing on some platforms, e.g. OpenBSD, NetBSD, etc. 2024-08-29 14:49:37 +01:00
payne.ye
ec76f8178d smp: extend client to work with tsi
and take care of zombie sul previously left on connect failure path
2024-04-12 06:15:12 +01:00
Ilya Smelykh
fdfde2ce0b http: auth digest 2023-12-08 10:25:50 +00:00
johnnychen
9f44863e07 tls: fix ssl connection error in raw connection 2023-11-23 09:45:12 +00:00
Vladimir
8ab44ae28b client: win32: sul for client connection status polling
https://github.com/warmcat/libwebsockets/pull/2715
https://github.com/warmcat/libwebsockets/pull/2722
2022-09-18 06:16:14 +01:00
Jaume
2445793d15 windows: client connect: use sockaddr size 2022-06-14 07:40:58 +01:00
Felipe Gasper
76a5a9e2f2 client: connect report actual socket error to user callback rather than EINPROGRESS
https://github.com/warmcat/libwebsockets/pull/2452
2022-04-10 06:56:12 +01:00
apcui
730c954b42 windows: avoid NULL addr on connect check
https://github.com/warmcat/libwebsockets/issues/2596
2022-04-10 06:56:12 +01:00
Andy Green
6352fee219 sort-dns: fix scope comparison
https://github.com/warmcat/libwebsockets/issues/2537
2022-01-16 10:48:16 +00:00
Sylvian Saunier
38a39a3710 client: support socket source port setting 2022-01-16 10:48:16 +00:00
Andy Green
7e841130e0 coverity fixes 2022-01-16 10:48:11 +00:00
Andy Green
d3783f0c71 client: connect: confirm we have a protocol
Coverity gets antsy that we were checking wsi->a.protocol for NULL earlier
then start using it... explicitly bail if it's NULL before we start using
it.
2021-11-08 13:44:45 +00:00
Andy Green
3f4800b88f log: cherrypick common errno to be strings
Pick some common errno constants for the platform and provide strings for
them.  Replace numeric errno logging with the new api for client.

Replace any usage of strerror() in network code with the new api.  For
constrained devices, this should give a small saving on .rodata.

Leave some usages in daemonize.c and unix plat where the size isn't going
to matter.
2021-10-29 20:10:52 +01:00
Andy Green
c2ac541f43 client: connect3: show what we are trying to connect to
Make it visible what we are currently attempting to connect to as a numeric
ipv4/ipv6 address.
2021-10-29 15:41:52 +01:00
Andy Green
9127bcde7f client: connect_check fail just log once 2021-10-19 06:32:19 +01:00
Andy Green
a3592cbe4f adns: api-test: add synthetic result parsing
Add some exports so the api test can inject results into the parser for
live queries, suppressing asking the server but otherwise following the
flow.

Provide two new suspect responses for injection and parsing in ctest.

Add a --cos option to minimal-http-client to force a close after the
connection has started the async dns.
2021-10-18 09:58:16 +01:00
Felipe Gasper
80b0c59ad6 client: fix nxdomain CCE 2021-10-15 14:11:41 +01:00
Andy Green
f5edf9d75a remove: lws_sequencer
lws_sequencer and lws_abstract were both false starts trying to do the
functionality of secure streams.

Since Secure Streams does a better job for both and there are no known
out-of-tree users of them, let's remove them and focus on Secure Streams.
2021-10-12 07:33:15 +01:00
Andy Green
2cfa260e62 sspc: refactor to allow different transports
This is a NOP for existing usecases.

At the moment the only implemented transport for serialized SS is wsi, it's
typically used with Unix Domain Sockets, but it also works over tcp the
same.

It generalizes the interface between serialized chunks and the
transport, separately for client and proxy.  The wsi transport is migrated
to use the new transport ops structs.

It will then be possible to "bring your own transport", so long as it is
reliable, and in-order, both for proxy and client / sspc.

We also adapt minimal-secure-streams-binance to build the -client variant
via SS proxy as well.

LWS_ONLY_SSPC is added so libwebsockets can be produced with just sspc
client support even for tiny targets.

A new embedded minimal example for rpi pico is also provided that
demonstrates using Serialized SS over a UART to an SS proxy, to implement
the SS Binance example on the pico, even though it has no networking itself.
2021-10-08 09:48:41 +01:00
Andy Green
d447f8f1db client: connect: prefer default vh if none given
Giving NULL vh for the client connection is basically "don't care"....
prefer the "default" vh in that case
2021-10-05 07:40:17 +01:00
Andy Green
19ba1998fa tls: evolve handshake serialization into simultaneous_ssl_handshake_restriction
This patch adapts the recent change about serializing the number of
simultaneous tls handshakes allowed to 1, so you can set the number in the
context creation info, and the accounting for it is handled by counters
same as the overally tls restriction.

The name of the context info var to control it changes to simultaneous_ssl_handshake_restriction
which is now a count, the default 0 means no limit.

The count rejects tls connection attempts when the tls borrow is attempted,
and separately hands back the hs borrow from the tls borrow when the
connection attempt fails or succeeds.
2021-10-05 07:40:17 +01:00
Yucong Sun
ed8865e2b2 asyncdns: provide correct length with CCE 2021-10-05 07:10:10 +01:00
Andy Green
d069098683 conmon: async-dns: off-by-one 2021-10-05 07:09:55 +01:00
Andy Green
770dc7bc85 client: connections: add detailed dynamic CCE info
Let's improve the details returned in CLIENT_CONNECTION_ERROR in string so
we can get more clues about the problem.  Create dynamic strings that
classify at what step the error happened, and add dynamic info like the
errno.
2021-08-19 05:31:15 +01:00
Andy Green
37f3244076 conmon: add dns and protocol_specific
This adds an indication of dns disposition to the conmon results,
and for http, if it gets that far a protocol-specific indication
of http response code.
2021-08-19 05:31:04 +01:00
Bing Zhao
74799161b1 tls: fix inbalanced tls restrict borrow/return calls
lws_tls_restrict_borrow() returns error when tls restriction limit is
reached. However lws_ssl_close() still calls lws_tls_restrict_return()
to decrease simultaneous_ssl. Thus LWS accepts more than allowed ssl
links, making simultaneous_ssl_restriction useless.

Fix it by tracking lws_tls_restrict_borrow() return value and only
calling lws_tls_restrict_return() if lws_tls_restrict_borrow() is
successful.
2021-07-08 06:22:47 +01:00
Andy Green
ee510154a0 fi: wsi: fault to fake peer hangup after a delay range
Example usage, client

$ valgrind ./bin/lws-minimal-secure-streams-stress-client -c 4 --budget 40

proxy

$ valgrind ./lws-minimal-secure-streams-proxy --fault-injection "ss=mintest/wsi/timedclose(20%),ss=mintest/wsi/timedclose_ms(0..100)"
2021-07-04 10:29:54 +01:00
Andy Green
fabe78d222 Wextra
Add -Wextra (with -Wno-unused-parameter) to unix builds in addition to
-Wall -Werror.

This can successfully build everything in Sai without warnings / errors.
2021-07-04 10:29:54 +01:00
Andy Green
5432e8ae7b sspc: add concurrency stress
Add a way to perform sspc tests with increased concurrency and sequential
tests
2021-07-04 10:29:52 +01:00
Andy Green
a7edd16399 logs: more internal conversion to log_cx 2021-07-01 05:20:53 +01:00
Andy Green
5d8cf03221 logs: log contexts 2021-07-01 05:20:53 +01:00
Andy Green
8e76634ed3 logs: introduce log_cx 2021-07-01 05:20:53 +01:00
Andy Green
66afeaa5bc dns: handle EAI_NONAME as fatal
This causes the blocking dns lookup to treat EAI_NONAME as immediately
fatal, this is usually caused by an assertive NXDOMAIN from the DNS server
or similar.

Not being able to reach the server should continue to retry.

In order to make the problem visible, it reports the situation using
CLIENT_CONNECTION_ERROR, even though it is still inside the outer client
creation call.
2021-06-28 08:52:20 +01:00
Andy Green
d5475807b0 tls restriction: check before doing bio 2021-06-26 14:59:50 +01:00
Andy Green
c0680fa2b6 connect: fix cli_hostname leak breaking staggered h1 pipeline 2021-06-26 13:03:13 +01:00
Andy Green
cf2dbdc6a0 vhost: create multiple listen sockets per AF
On some platforms AF_INET and AF_INET6 must be listened for on separate
sockets.  Adapt the vhost server creation code to use the new support for
multiple listen sockets per vhost to create up to two listen sockets for
AF_INET and AF_INET6.

It refactors how the decision about the AF is made and propagated so
there's only one place for it.
2021-06-22 16:25:50 +01:00
Andy Green
8c122cd8bd redirect: make sure we start with / on path 2021-06-22 15:55:36 +01:00
Andy Green
272dba8307 http: redo redirects to follow close flow
Until now although we can follow redirects, and they can promote the
protocol from h1->h2, we couldn't handle h2 wsi reuse since there are many
states in the wsi affected by being h2.

This wipes the related states in lws_wsi_reset() and follows the generic
wsi close flow before deviating into the redirect really close to the end,
ensuring we cleaned out evidence of our previous life properly.

h2->h2 redirects work properly after this.

The max number of redirects is increased from 3 -> 4 since this was seen in
the wild with www and then geographic-based redirects.
2021-06-22 15:55:29 +01:00
Andy Green
2f9bb7a30a tls: JIT Trust
Add support for dynamically determining the CAs needed to validate server
certificates.  This allows you to avoid instantiating > 120 X.509 trusted
CA certs and have them take up heap the whole time.

Works for both openssl and mbedtls.

See READMEs/README.jit-trust.md for the documentation

You likely want the next patch for http redirect enhancements as well.
2021-06-22 15:55:29 +01:00
Mykola Stryebkov
8886cc263f win32: client: just do WIN32 check 2021-06-20 07:51:28 +01:00
DUOLabs333
d815c39c0c cygwin: include in unix type socket init 2021-06-07 08:17:52 +01:00
Andy Green
9c6e2ffb65 smp: fix client tsi detection 2021-05-12 09:06:11 +01:00
Jed Lu
6595d3da72 cpd: remove scheduled recheck on dns fail 2021-05-06 17:11:27 +01:00
Andy Green
7d8f742594 smp: more lock assertions 2021-04-05 10:55:04 +01:00
Andy Green
b582dd49fb client: add CONNECTING protocol cb 2021-04-05 10:55:04 +01:00
Andy Green
d291c02a23 ss: sspc: add conmon performance telemetry
This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure
Streams, it works the same with direct onward connections or via the proxy.

You can mark streamtypes with a "perf": true policy attribute... this
causes the onward connections on those streamtypes to collect information
about the connection performance, and the unsorted DNS results.

Streams with that policy attribute receive extra data in their rx callback,
with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the
performance of the onward connection taken from CONMON data, in a JSON
representation.  Streams without the "perf" attribute set never receive
this extra rx.

The received JSON is based on the CONMON struct info and looks like

{"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]}

A new minimal example minimal-secure-streams-perf is added that collects
this data on an HTTP GET from warmcat.com, and is built with a -client
version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates
via the ss proxy and produces the same result at the client.
2021-04-05 10:55:04 +01:00
Andy Green
51490ae6e6 Fault injection
add lws_xos: xoshiro256 PRNG
2021-04-05 10:55:04 +01:00
Andy Green
e2f42387b7 route: assert if route table becomes full 2021-04-02 16:50:49 +01:00
Andy Green
06509e287d lws_conmon: connection monitoring and stats generation
This provides a build option LWS_WITH_CONMON that lets user code recover
detailed connection stats on client connections with the LCCSCF_CONMON
flag.

In addition to latencies for dns, socket connection, tls and first protocol
response where possible, it also provides the user code an unfiltered list
of DNS responses that the client received, and the peer it actually
succeded to connect to.
2021-03-17 07:31:49 +00:00