HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.
- This works the same with both OpenSSL and mbedTLS.
- POST is now wired up and works (also for file upload).
- CGI is wired up and works.
- Redirect is adapted and works
- lwsws works.
- URI urldecode, sanitation and argument parsing wired up for :path
valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)
h2spec reports:
$ h2spec -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"
Incorporates:
- "https://github.com/warmcat/libwebsockets/pull/1039
Fixes issue with -Werror=unused-variable flag
- 2c843a1395
ssl: fix infinite loop on client cert verification failure
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"
Caused and fixes Coverity 184887 - 184892
For some targets like ESP32, the ah pool is mainly sitting idle wasting memory.
For HTTP/2, if the client sends a series of pipelined headers on different SIDs
that exist simultaneously, there is no way to stall the headers to wait for an
ah, because we must read the stream for stuff like WINDOW_UPDATE on the other
streams.
In both these cases having the ability to free unused ah completely and allocate
more dynamically if there is memory is useful, so this patch makes the ah pool
an initially-empty linked list that allocates on demand up to the "max pool
size" limit from the context info. When nobody wants an ah, it is freed (if
someone was waiting for it, it is directly reused).
For ESP32 it means no large, permanent alloc when lws starts and dynamic alloc
according to how many streams the client opens, which can be controlled by
SETTINGS.
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.
This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.
The affected public CMake options are
LWS_USE_BORINGSSL -> LWS_WITH_BORINGSSL
LWS_USE_CYASSL -> LWS_WITH_CYASSL
LWS_USE_WOLFSSL -> LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS -> LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB -> LWS_WITH_BUNDLED_ZLIB
Introduces an optional, settable restriction on the number of
simultaneous wsi connections and ah that a single peer IP can
obtain.
The default is disabled for build, and if enabled, unlimited.
However when enabled at CMake, setting info.ip_limit_ah and / or
info.ip_limit_wsi at context creation time will enforce the limits.
Connections past the info.ip_limit_wsi limit are dropped, and
connections needing an ah are forced to stay in the ah waiting list
even when ah are available, while the peer is at the number of
ah in info.ip_limit_ah.
This a) directly discovers cgi stdout POLLUP and b) modulates rx flow control on CGI STDOUT
according to the outgoing writeable service. When the outgoing writeable service finally sees
0 read() waiting for it even though it was signalled for POLLIN, it knows it is a POLLHUP.
Critically when it sees POLLHUP like that, it leaves the rx flow control defeating any
further stdout POLLIN signalling while the rest of the CGI lifecycle completes, eliminating
busywaiting during the CGI.
Until now we took the approach if just writing the close notification
broke something, we didn't care because we were closing the connection
anyway.
But with lws_meta, breaking stuff in the parent connection would be a
sticky problem outliving the closing child connection.
So this adds a new wsi state LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION
and makes the send go via the writable callback mechanism.
Adds a new api lws_vhost_destroy(struct lws_vhost *) which allows dynamic removal of vhosts.
The external api calls two parts of internal helpers that get reused for context destroy.
The second part is called deferred by 5s... this is to ensure that event library objects
composed into structs owned by the vhost all have a chance to complete their close
asynchronously. That should happen immediately, but it requires us to return to the
event loop first.
The vhost being removed is deleted from the context vhost list by the first part, and does
not block further removals or creation during the delay for the deferred freeing of the
vhost memory.
Part 1:
- if the vhost owned a listen socket needed by other vhosts listening on same iface + port, the listen
socket is first handed off to another vhost so it stays alive
- all wsi still open on the vhost are forcibly closed (including any listen socket still attached)
- inform all active protocols on the vhost they should destroy themselves
- remove vhost from context vhost list (can no longer be found by incoming connections)
- add to a "being destroyed" context list and schedule the second part to be called in 5s
Part 2:
- remove us from the being destroyed list
- free all allocations owned by the vhost
- zero down the vhost and free the vhost itself
In libwebsockets-test-server, you can send it a SIGUSR1 to have it toggle the creation and destruction of
a second vhost on port + 1.
Introduce helpers to force to detachable state and to test the ah is
in a detachable state.
Require not only the ah rx buffer is all used, but that the
wsi has completed a full set of headers.
1) This makes lwsws run a parent process with the original permissions.
But this process is only able to respond to SIGHUP, it doesn't do anything
else.
2) You can send this parent process a SIGHUP now to cause it to
- close listening sockets in existing lwsws processes
- mark those processes as to exit when the number of active connections
on the falls to zero
- spawn a fresh child process from scratch, using latest configuration
file content, latest plugins, etc. It can now reopen listening sockets
if it chooses to, or open different listen ports or whatever.
Notes:
1) lws_context_destroy() has been split into two pieces... the reason for
the split is the first part closes the per-vhost protocols, but since
they may have created libuv objects in the per-vhost protocol storage,
these cannot be freed until after the loop has been run.
That's the purpose of the second part of the context destruction,
lws_context_destroy2().
For compatibility, if you are not using libuv, the first part calls the
second part. However if you are using libuv, you must now call the
second part from your own main.c after the first part.
Via Dosvald
lws_service_tsi() which has been around a while actually just
calls through to lws_plat_service_tsi(), meaning there is no
need to expose both apis.
Rename the internal lws_plat_service_tsi() to _lws_plat_service_tsi()
and replace the api export with a #define to lws_service_tsi for
compatibility's sake.
