It's legal and does something important, if the upgrade fails and stays in http,
it describes how the connection should be handled after sending the error code.
But most ws servers can't cope with it...
https://github.com/warmcat/libwebsockets/issues/1625
"dead bodies" that were sent but not processed by lws as server
will clog up and destroy transaction tracking if repeated POSTs
with keepalive are sent to nonexistant paths.
This patch introduces a DISCARD_BODY state that follows BODY
except the payload is not signalled to the protocol callback.
Calling transaction_completed() with pending body makes lws
enter DISCARD_BODY and retry transaction completed only after
the pending body is exhausted.
When creating a vhost and the port is already bound to another process
this flag would allow the user code to choose to have the
lws_create_vhost function to fail and return a null pointer.
An lws context usually contains a processwide fd -> wsi lookup table.
This allows any possible fd returned by a *nix type OS to be immediately
converted to a wsi just by indexing an array of struct lws * the size of
the highest possible fd, as found by ulimit -n or similar.
This works modestly for Linux type systems where the default ulimit -n for
a process is 1024, it means a 4KB or 8KB lookup table for 32-bit or
64-bit systems.
However in the case your lws usage is much simpler, like one outgoing
client connection and no serving, this represents increasing waste. It's
made much worse if the system has a much larger default ulimit -n, eg 1M,
the table is occupying 4MB or 8MB, of which you will only use one.
Even so, because lws can't be sure the OS won't return a socket fd at any
number up to (ulimit -n - 1), it has to allocate the whole lookup table
at the moment.
This patch looks to see if the context creation info is setting
info->fd_limit_per_thread... if it leaves it at the default 0, then
everything is as it was before this patch. However if finds that
(info->fd_limit_per_thread * actual_number_of_service_threads) where
the default number of service threads is 1, is less than the fd limit
set by ulimit -n, lws switches to a slower lookup table scheme, which
only allocates the requested number of slots. Lookups happen then by
iterating the table and comparing rather than indexing the array
directly, which is obviously somewhat of a performance hit.
However in the case where you know lws will only have a very few wsi
maximum, this method can very usefully trade off speed to be able to
avoid the allocation sized by ulimit -n.
minimal examples for client that can make use of this are also modified
by this patch to use the smaller context allocations.
https://github.com/warmcat/libwebsockets/issues/1571
Although the code exists for non-tls h1 upgrade to h2, it hasn't been looked
after since all expected uses for h2 are going to be via h2 / alpn.
This patch aligns its upgrade actions with alpn upgrade path so it works OK
via
$ curl --http2 http://localhost:7681/ -v -w "\n"
ie, without tls. Operation via tls is unaffected.
To use the non-tls upgrade path, you have to be listening without tls, ie with the
test server without -s. If you're listening in a way that requires tls, this
can't be used to bypass that (or, eg, client certs) in itself, since you have to be
able to talk to it in h1 in the first place to attempt the upgrade to h2.
The common h2 path has some code to dropping the ah unconditionally it looks
like after the first service... this is too aggressive since the first thing
coming on the upgrade path is WINDOW_UPDATE. It looks wrong anyway, transaction /
stream completion will drop the ah and should be enough.
Generic sessions has been overdue some love to align it with
the progress in the rest of lws.
1) Strict Content Security Policy
2) http2 compatibility
3) fixes and additions for use in a separate process via unix domain socket
4) work on ws and http proxying in lws
5) add minimal example
https://github.com/warmcat/libwebsockets/issues/1550
rx flow control needs to handle the situation that it is draining from
a previous rx flow control period, and the user code reasserts rx flow
control partway through that.
The accounting for the used rx then boils down to only trimming the
rxflow buflist we were "replaying" to consume however much we managed
to deliver of that this time before the rx flow control came again.
"Normal" rx consumption is wrong in this case, since we accounted for
it entirely in the rxflow cache buflist.
The patch recognizes this situation, does the accounting in the cache
buflist, and then lies to the caller that there was no rx consumption
to be accounted for at his level.
- prioritize user-defined mimetypes over predefined server mimetypes.
- fix accessing memory out of string bounds.
- prefer case-insensitive comparison for extension matching.
- other minor fixes and improvements.
This is aimed at allowing a stride to optionally be
given for the parameter name array... this will allow
use of lws_struct metadata as the parameter name
array.
Also introduce the option to put all allocations in
an lwsac instead of via lws_mallocs.
Firefox sends HTTP requests with "Connection: keep-alive" header.
When LWS responds with 401 and WWW-Authenticate header, Firefox
doesn't show an authentication dialog until connection is closed.
Adding "Content-Length: 0" solves the problem.
If you're providing a unix socket service that will be proxied / served by another
process on the same machine, the unix fd permissions on the listening unix socket fd
have to be managed so only something running under the server credentials
can open the listening unix socket.
Up until now if you wanted to drop privs, a numeric uid and gid had to be
given in info to control post-init permissions... this adds info.username
and info.groupname where you can do the same using user and group names.
The internal plat helper lws_plat_drop_app_privileges() is updated to directly use
context instead of info both ways it can be called, and to be able to return fatal
errors.
All failures to lookup non-0 or -1 uid or gid names from uid, or to look up
uid or gid from username or groupnames given, get an err message and fatal exit.
