1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

3779 commits

Author SHA1 Message Date
William Yu
98f63c6c8d freertos: explicitly include semphr.h
Although it's already included in lws esp-idf freertos case, in some
other freertos environments it's necessary to explicitly include
the semaphore header.
2020-08-12 05:54:27 +01:00
Andy Green
dd3bae8c71 ss: multipart without processing
Change the default to not process multipart mime at SS layer.

If it's desired, then set "http_multipart_ss_in" true in the policy on the streamtype.

To test, use lws-minimal-secure-streams-avs, which uses SS processing as it is.

To check it without the processing, change #if 1 to #if 0 around the policy for
"http_multipart_ss_in" in both places in avs.c, and also enable the hexdump in ss_avs_metadata_rx()
also in avs.c, and observe the multipart framing is passed through unchanged.
2020-08-11 11:07:13 +01:00
Andy Green
fff9ca6ee4 sspc: client: restrict forwarded bulk data to 2048 2020-08-10 15:04:10 +01:00
Andy Green
8669f6bf61 sspc: client: if not writing, make sure not to write 2020-08-10 15:04:10 +01:00
Jed Lu
793ba842fa ss: http: synthesize CONNECTED for PUT as well as POST 2020-08-10 15:04:10 +01:00
Andy Green
629c8138b1 sai: freebsd 2020-08-10 15:04:10 +01:00
Andy Green
4cd381f933 cmake: tls: wolfssl
PARENT_SCOPE needs adjusting in a few places for wolfssl to work, and
we need a second level export of USE_WOLFSSL through lib/CMakeLists.txt

Add noi/f32 Sai build for WOLFSSL + MINIMAL_EXAMPLES
2020-08-10 15:04:10 +01:00
Andy Green
2edd83dac1 freebsd: sai build adaptations 2020-08-10 15:04:10 +01:00
Mike Owens
e3b34d3e08 Subject: Fixes to build on FreeBSD and Illumos 2020-08-10 15:04:10 +01:00
Andy Green
1f0cd18dd6 ss: server: check more carefully if built but not used on a wsi 2020-08-10 15:04:10 +01:00
Andy Green
74c7060c62 sspc: increase client packet size to 8192
This is only used on Linux-class devices
2020-08-10 15:04:10 +01:00
Andy Green
0f218eebbd sspc: deal with huge metadata 2020-08-10 15:04:10 +01:00
Andy Green
15e6ac25a4 sspc: make sure NUL on metadata name 2020-08-10 15:04:10 +01:00
Andy Green
6eb793bbef sspc: temp ignore txcr to support h1
We want to manage the proxy txcr, but at the moment the proxy doesn't pass
back information about if it's actually h1 or h2 it found across the internet.

Temporarily defeat txcr wait so we can support h1 until that's improved.
2020-08-10 15:04:10 +01:00
Andy Green
a71cbe785e sspc: http POST: synthesize CONNECTED to provoke client body write 2020-08-10 15:04:10 +01:00
Andy Green
d1d5cf2947 sspc: improve client async close flow 2020-08-10 15:04:10 +01:00
Andy Green
1b4bf38d5e sspc: add request_tx length variant
Add in the missing request_tx length variant, serialization and proxy
handling for it
2020-08-10 15:04:10 +01:00
Andy Green
3899a416a9 sspc: segregate client and proxy states properly 2020-08-10 15:04:10 +01:00
Andy Green
a6a9f22556 sspc: LWSSSPC: track onward request status 2020-08-10 15:04:10 +01:00
Andy Green
9a7ce85001 h2: defend against no NUL possible in log 2020-08-10 15:04:10 +01:00
Andy Green
924bd78085 clean: reduce log verbosity in various places 2020-08-10 15:04:10 +01:00
Andy Green
3b6b0b7810 ss: policy: flag to allow respecting redirects 2020-08-10 15:04:10 +01:00
Andy Green
a424623dc6 docs: add README-debugging.md and provide example points for decrypted traffic handling
Some general debugging advice but also really clarify the official way of how to dump
what is going out and coming in directly from the tls tunnel, so you can see the
actual data unencrypted.
2020-07-30 16:23:59 +01:00
Andy Green
140c1ede53 eventfd: use eventfd_read to check existence since its what we use 2020-07-29 20:36:19 +01:00
Andy Green
ddcbb6fa80 lws_interface_to_sa: confirm getifaddrs worked
We don't actually check that it provided results... return diags and
that the interface is usable if it didn't.

Also explicitly check ifa_name for being NULL, since it seems some
platforms can do that even with an ifa_addr (thanks to Jed)
2020-07-29 11:14:37 +01:00
Andy Green
5be8ff27d5 ss-server-raw
Add an example and some small changes for secure streams
serving raw data over a listening tcp socket
2020-07-28 09:21:45 +01:00
Andy Green
7eb36102a9 ss: server: h1, h2, ws basic support
Add initial support for defining servers using Secure Streams
policy and api semantics.

Serving h1, h2 and ws should be functional, the new minimal
example shows a combined http + SS server with an incrementing
ws message shown in the browser over tls, in around 200 lines
of user code.

NOP out anything to do with plugins, they're not currently used.

Update the docs correspondingly.
2020-07-27 12:05:24 +01:00
Andy Green
007a570962 lws_ss_change_handlers: allow dynamic handler change
You may use separate rx or tx handlers to neatly isolate different
rx or tx state handling, for example if the connection enters some
mode where you may send a variety of possibly large things, it can
be advantageous to have different code handling each of the
different things.

This allows you to change the rx, tx and / or state handlers to
different ones suitable for the user protocol state, if it's helpful.

With upcoming SS Server support, this has another use when SS
indicates that the underlying protocol upgraded, eg, http -> ws,
you may want to change the handlers for the different sort of
payloads expected after that, according to your user protocol.
2020-07-27 12:05:21 +01:00
Andy Green
648e25e9a8 ss: ws: observe TEXT and BINARY from policy when sending SS ws 2020-07-27 12:05:12 +01:00
Andy Green
80ecbb754d coverity: COV294450 and COV294451 2020-07-27 11:16:49 +01:00
Andy Green
625bade63e ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.

However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.

This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.

If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.

Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection.  The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time.  It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.

NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-21 12:43:32 +01:00
Andy Green
9e6cefcfad lws_netdev: fix rssi averaging 2020-07-21 08:16:01 +01:00
Andy Green
08bc9bf410 ss: http: handle rx DESTROY_ME 2020-07-21 07:57:15 +01:00
Andy Green
3310d228cf context: focus context init logging
Tighten up the logging at info and have a build summary and version info
at notice level like this

[2020/07/19 07:01:07:5563] N: LWS: 4.0.99-v4.0.0-232-gd602af468, loglevel 1031
[2020/07/19 07:01:07:5567] N: NET IPv6-absent H1 H2 WS MQTT SS-JSON-POL SSPROX ASYNC_DNS
2020-07-20 06:28:55 +01:00
Andy Green
1a93e73402 fakewsi: replace with smaller substructure
Currently we always reserve a fakewsi per pt so events that don't have a related actual
wsi, like vhost-protocol-init or vhost cert init via protocol callback can make callbacks
that look reasonable to user protocol handler code expecting a valid wsi every time.

This patch splits out stuff that user callbacks often unconditionally expect to be in
a wsi, like context pointer, vhost pointer etc into a substructure, which is composed
into struct lws at the top of it.  Internal references (struct lws is opaque, so there
are only internal references) are all updated to go via the substructre, the compiler
should make that a NOP.

Helpers are added when fakewsi is used and referenced.

If not PLAT_FREERTOS, we continue to provide a full fakewsi in the pt as before,
although the helpers improve consistency by zeroing down the substructure.  There is
a huge amount of user code out there over the last 10 years that did not always have
the minimal examples to follow, some of it does some unexpected things.

If it is PLAT_FREERTOS, that is a newer thing in lws and users have the benefit of
being able to follow the minimal examples' approach.  For PLAT_FREERTOS we don't
reserve the fakewsi in the pt any more, saving around 800 bytes.  The helpers then
create a struct lws_a (the substructure) on the stack, zero it down (but it is only
like 4 pointers) and prepare it with whatever we know like the context.

Then we cast it to a struct lws * and use it in the user protocol handler call.
In this case, the remainder of the struct lws is undefined.  However the amount of
old protocol handlers that might touch things outside of the substructure in
PLAT_FREERTOS is very limited compared to legacy lws user code and the saving is
significant on constrained devices.

User handlers should not be touching everything in a wsi every time anyway, there
are several cases where there is no valid wsi to do the call with.  Dereference of
things outside the substructure should only happen when the callback reason shows
there is a valid wsi bound to the activity (as in all the minimal examples).
2020-07-20 06:28:52 +01:00
Andy Green
3e5cf1b3d7 context: snip some things for PLAT_FREERTOS
There are a few context members that we don't need if the
platform is freertos, we can make a little saving.
2020-07-20 06:28:52 +01:00
Andy Green
da7ef0468b cgi: add spawn reap callback 2020-07-20 06:28:52 +01:00
Andy Green
6ae43ee06e lws_wsi_close: add helper 2020-07-20 06:28:52 +01:00
Sergey Radionov
fbadad7f52 glibc: fixed GSources destroy with non-default main context 2020-07-20 06:27:40 +01:00
sergey radionov
dba03e4037 cmake: pkgconfig: typo fixed 2020-07-20 06:27:16 +01:00
Andy Green
30c68d029d cmake: pkgconfig: make sure to list platform libs
https://github.com/warmcat/libwebsockets/issues/1975
2020-07-18 07:00:57 +01:00
Andy Green
6625b70fb5 ss: allow larger paths
128 isn't enough for the case the urlpath holds larger urlargs
2020-07-17 20:45:46 +01:00
Andy Green
a59035d821 spawn: only apply deathsig on child 2020-07-17 13:52:13 +01:00
Andy Green
1c3b7a2653 cgi: also use explicit env setting for OSX
...if no execvpe...
2020-07-17 13:49:14 +01:00
Andy Green
886e93265a struct-lejp: handle no path match
For some patterns of JSON we return to parse at the outermost level and
meet a situation path_match is 0.  In some places we're looking at things
from perspective of path_match - 1... that does not seem to cause trouble on
x86_64 but can on aarch64, which is how it got noticed.

This logically protects those accesses by checking !!path_match.
2020-07-15 16:18:00 +01:00
Andy Green
30761e760a sul: LWS_WITH_SUL_DEBUGGING 2020-07-15 16:18:00 +01:00
Andy Green
f63b10d725 ss: auth: update LWA plugin to use state return enums 2020-07-15 16:18:00 +01:00
Andy Green
006eeaa6a0 ws: correctly handle ESTABLISHED rejecting connection
https://github.com/warmcat/libwebsockets/issues/1973
2020-07-15 16:18:00 +01:00
Andy Green
f21226ca3e mqtt: remove fcntl.h
These aren't needed and can make trouble in lwip case
2020-07-15 16:18:00 +01:00
Jed Lu
677d79cc08 ss: rideshare: fix length can be wrong 2020-07-15 16:18:00 +01:00