1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

2414 commits

Author SHA1 Message Date
Andy Green
48366de1d1 unix plat: add minimal wsi fd map option
An lws context usually contains a processwide fd -> wsi lookup table.

This allows any possible fd returned by a *nix type OS to be immediately
converted to a wsi just by indexing an array of struct lws * the size of
the highest possible fd, as found by ulimit -n or similar.

This works modestly for Linux type systems where the default ulimit -n for
a process is 1024, it means a 4KB or 8KB lookup table for 32-bit or
64-bit systems.

However in the case your lws usage is much simpler, like one outgoing
client connection and no serving, this represents increasing waste.  It's
made much worse if the system has a much larger default ulimit -n, eg 1M,
the table is occupying 4MB or 8MB, of which you will only use one.

Even so, because lws can't be sure the OS won't return a socket fd at any
number up to (ulimit -n - 1), it has to allocate the whole lookup table
at the moment.

This patch looks to see if the context creation info is setting
info->fd_limit_per_thread... if it leaves it at the default 0, then
everything is as it was before this patch.  However if finds that
(info->fd_limit_per_thread * actual_number_of_service_threads) where
the default number of service threads is 1, is less than the fd limit
set by ulimit -n, lws switches to a slower lookup table scheme, which
only allocates the requested number of slots.  Lookups happen then by
iterating the table and comparing rather than indexing the array
directly, which is obviously somewhat of a performance hit.

However in the case where you know lws will only have a very few wsi
maximum, this method can very usefully trade off speed to be able to
avoid the allocation sized by ulimit -n.

minimal examples for client that can make use of this are also modified
by this patch to use the smaller context allocations.
2019-05-18 12:10:19 +01:00
Andy Green
752e19391d no h2: fix unused var warning
https://github.com/warmcat/libwebsockets/issues/1579
2019-05-17 01:24:52 +01:00
Andy Green
173943a405 h2: align h1 upgrade to work same as alpn upgrade
https://github.com/warmcat/libwebsockets/issues/1571

Although the code exists for non-tls h1 upgrade to h2, it hasn't been looked
after since all expected uses for h2 are going to be via h2 / alpn.

This patch aligns its upgrade actions with alpn upgrade path so it works OK
via

$ curl --http2 http://localhost:7681/ -v -w "\n"

ie, without tls.  Operation via tls is unaffected.

To use the non-tls upgrade path, you have to be listening without tls, ie with the
test server without -s.  If you're listening in a way that requires tls, this
can't be used to bypass that (or, eg, client certs) in itself, since you have to be
able to talk to it in h1 in the first place to attempt the upgrade to h2.

The common h2 path has some code to dropping the ah unconditionally it looks
like after the first service... this is too aggressive since the first thing
coming on the upgrade path is WINDOW_UPDATE.  It looks wrong anyway, transaction /
stream completion will drop the ah and should be enough.
2019-05-12 08:01:50 +01:00
Andy Green
832fdae7fd mbedtls: correct memory cert usage
https://github.com/warmcat/libwebsockets/issues/1569
2019-05-11 08:07:27 +01:00
Andy Green
d06b7231cb uv: solve contradiction with WITHOUT_SERVER 2019-05-09 07:28:36 +01:00
Andy Green
f89aa401cc generic-sessions update
Generic sessions has been overdue some love to align it with
the progress in the rest of lws.

1) Strict Content Security Policy
2) http2 compatibility
3) fixes and additions for use in a separate process via unix domain socket
4) work on ws and http proxying in lws
5) add minimal example
2019-05-06 10:24:51 +01:00
Andy Green
7ca8b77f2c pmd: split ebufs to track in and out 2019-05-06 07:31:32 +01:00
Andy Green
8d473ad78c smtp: make abstract 2019-05-04 08:28:31 +01:00
Andy Green
ae6346db64 ws: connection parse: check just the resolved token
Add strncasecmp to correctly restrict the check to just the
tokenizer token extent
2019-05-04 08:28:29 +01:00
Andy Green
8f06b6fbad lejp: allow up to 20 digit decimal numbers
https://github.com/warmcat/libwebsockets/issues/1559
2019-05-02 09:28:45 +01:00
Andy Green
0405c0c878 lejp: make sure child object close is not mistaken for parent 2019-05-02 09:28:38 +01:00
Andy Green
80135635bb permissions: adapt drop permissions plat function to do uid and gid lookup separately 2019-05-02 09:28:25 +01:00
Andy Green
9e347e66ce plugins: remove requirement for libuv on unix 2019-05-02 09:28:16 +01:00
Andy Green
c13ad5b648 rx flow: use dll2 2019-04-21 19:35:18 +01:00
Andy Green
bb0e7d986d rx flow: handle partial flow buffer consumption
https://github.com/warmcat/libwebsockets/issues/1550

rx flow control needs to handle the situation that it is draining from
a previous rx flow control period, and the user code reasserts rx flow
control partway through that.

The accounting for the used rx then boils down to only trimming the
rxflow buflist we were "replaying" to consume however much we managed
to deliver of that this time before the rx flow control came again.

"Normal" rx consumption is wrong in this case, since we accounted for
it entirely in the rxflow cache buflist.

The patch recognizes this situation, does the accounting in the cache
buflist, and then lies to the caller that there was no rx consumption
to be accounted for at his level.
2019-04-21 19:35:18 +01:00
Andy Green
359aeb1093 client http rx: check correct binding state 2019-04-20 09:28:15 +01:00
pavelxdd
575b96e32e http: refactor and fixes in lws_get_mimetype
- prioritize user-defined mimetypes over predefined server mimetypes.
- fix accessing memory out of string bounds.
- prefer case-insensitive comparison for extension matching.
- other minor fixes and improvements.
2019-04-09 16:21:55 +01:00
Andy Green
6d45e6c5b1 spa: add info args and stride
This is aimed at allowing a stride to optionally be
given for the parameter name array... this will allow
use of lws_struct metadata as the parameter name
array.


Also introduce the option to put all allocations in
an lwsac instead of via lws_mallocs.
2019-04-06 07:34:36 +08:00
Andy Green
8a6cf749e8 post: only report BODY_COMPLETION once 2019-04-06 06:16:20 +08:00
Andy Green
38fb0e31da lws_struct
lws_struct JSON + sqlite3 serializer and deserializer


See READMEs/README.lws_struct.md
2019-04-06 06:08:47 +08:00
kzhdev
0850231a09 ws: client: if server sends no subprotocol prefer any existing protocol 2019-04-06 05:52:23 +08:00
kzhdev
c40394f968 openssl: client: handle no tcr 2019-04-06 05:52:23 +08:00
Andy Green
af817c6532 cgi: fix h2 timeouts 2019-04-06 05:52:23 +08:00
pavelxdd
0bfb172a9e http: basic auth: fix delay on Firefox
Firefox sends HTTP requests with "Connection: keep-alive" header.
When LWS responds with 401 and WWW-Authenticate header, Firefox
doesn't show an authentication dialog until connection is closed.
Adding "Content-Length: 0" solves the problem.
2019-04-03 17:00:15 +08:00
Andy Green
ede747f1bc openssl: client: check wsi from openssl private data
v2.4 was patched to check NULL wsi in the verify callback,
nobody has reported it on later versions, but might as well
check it too.
2019-04-03 08:06:14 +08:00
Kieran
a92cf6533f windows: fix build on VS2017 WIN10 2019-04-02 07:52:39 +08:00
Andy Green
fd1f4e4de7 lwsac_use_zero 2019-03-29 05:03:01 +08:00
Andy Green
49d78fd0de ws proxy: also proxy ACCEPT_LANGUAGE 2019-03-26 14:54:50 +08:00
Andy Green
1062370f07 unix skt: allow control over skt user:group
If you're providing a unix socket service that will be proxied / served by another
process on the same machine, the unix fd permissions on the listening unix socket fd
have to be managed so only something running under the server credentials
can open the listening unix socket.
2019-03-26 14:54:49 +08:00
Andy Green
ce1f395ead context: add info members to drop privileges using user and group name strings
Up until now if you wanted to drop privs, a numeric uid and gid had to be
given in info to control post-init permissions... this adds info.username
and info.groupname where you can do the same using user and group names.

The internal plat helper lws_plat_drop_app_privileges() is updated to directly use
context instead of info both ways it can be called, and to be able to return fatal
errors.

All failures to lookup non-0 or -1 uid or gid names from uid, or to look up
uid or gid from username or groupnames given, get an err message and fatal exit.
2019-03-26 14:54:49 +08:00
Andy Green
53c932e05d lws_hex_to_byte_array
Convert ascii hex into byte array
2019-03-23 12:41:29 +08:00
Andy Green
ff71e3cc0d close: after DROP_PROTOCOL no longer report traffic to callback
x
2019-03-23 08:02:53 +08:00
Andy Green
5c3a2be00d http proxy: proxy Authorization header
Sai notifications are signed using Authorization: and "sai" auth type.

After the auth type, the format is, eg, "sha256=<hash>" .
2019-03-22 18:52:08 +08:00
Andy Green
588cf0b8db lws_spa: add CLOSE callback
This should ease the situation where there was creation done in the
callback for LWS_UFS_OPEN
2019-03-22 16:55:51 +08:00
Andy Green
da3d8cb593 http proxy: support POST 2019-03-22 11:25:22 +08:00
Andy Green
f7860b6ac6 spa: allow instantiation with no parse array
If you just want a "file" in multipart, don't care about the length or
anything else, then you don't need any params tables and associated
allocations.
2019-03-22 11:23:06 +08:00
Andy Green
62c5a784e3 alpn: handle ALLOW_NON_SSL_ON_SSL_PORT 2019-03-22 05:30:22 +08:00
Andy Green
303c78a5dd hrtimer: insert must handle head tail pointers 2019-03-21 18:53:59 +08:00
Andy Green
d5d2bbc4db hrtimer: remove from correct dll before resetting 2019-03-21 13:41:36 +08:00
Andy Green
d1d313b4bf ws proxy: also proxy h1 ws to h1 and h2
lws has been able to proxy h2 or h1 inbound connections to an
h1 onward connection for a while now.  It's simple to use just
build with LWS_WITH_HTTP_PROXY and make a mount where the origin
is the onward connection details.  Unix sockets can also be
used as the onward connection.

This patch extends the support to be able to also do the same for
inbound h2 or h1 ws upgrades to an h1 ws onward connection as well.

This allows you to offer completely different services in a
common URL space, including ones that connect back by ws / wss.
2019-03-21 10:26:47 +08:00
Andy Green
668a3f440f minimal-http-server-eventlib-smp 2019-03-21 10:26:42 +08:00
Andy Green
13ae9927a3 lws_dll[2]_foreach_safe: add user cb param
The callback flow is a bit more disruptive than doing the iteration
directly in your function.  This helps by passing a user void *
into the callback set as an lws_dll[2]_foreach_safe() arg.
2019-03-21 10:24:58 +08:00
Andy Green
b227d10187 nossl recv: always respond to 0 length read as shutdown 2019-03-21 10:24:58 +08:00
Andy Green
462847bb6f lws_dll: remove lws_dll_lws and deprecate lws_dll_remove 2019-03-21 06:19:31 +08:00
Andy Green
ce5b9a3ad4 lws_dll: teach it to track tail as well as head 2019-03-21 06:19:30 +08:00
Andy Green
8dd3383368 lws_dll_foreach_safe 2019-03-21 06:19:30 +08:00
Andy Green
30eb3e94ab openssl: gencrypto: aes gcm AAD: use EncryptUpdate or DecryptUpdate to set AAD
Until 1.1.1b OpenSSL didn't mind we were setting AAD for AES GCM
using EVP_EncryptUpdate() for both encrypt and decrypt... but now
it noticed and the bug is fixed.
2019-03-21 06:18:32 +08:00
Andy Green
45f2c9f9f8 openssl3: handle EC_POINT_get_affine_coordinates api change 2019-03-20 21:00:29 +08:00
Andy Green
555c34b044 openssl: reuse client SSL_CTX where possible
If you have multiple vhosts with client contexts enabled, under
OpenSSL each one brings in the system cert bundle.

On libwebsockets.org, there are many vhosts and the waste adds up
to about 9MB of heap.

This patch makes a sha256 from the client context configuration, and
if a suitable client context already exists on another vhost, bumps
a refcount and reuses the client context.

In the case client contexts are configured differently, a new one
is created (and is available for reuse as well).
2019-03-18 06:54:38 +08:00
Andy Green
59a2a787ee openssl: try to reduce memory usage 2019-03-16 10:17:28 +08:00