1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

29 commits

Author SHA1 Message Date
Andy Green
5f4ced47d8 sequencer: disable by default 2020-09-29 17:06:10 +01:00
Andy Green
c6c7ab2b44 event libs: default to building as dynamically loaded plugins
Event lib support as it has been isn't scaling well, at the low level
libevent and libev headers have a namespace conflict so they can't
both be built into the same image, and at the distro level, binding
all the event libs to libwebsockets.so makes a bloaty situation for
packaging, lws will drag in all the event libs every time.

This patch implements the plan discussed here

https://github.com/warmcat/libwebsockets/issues/1980

and refactors the event lib support so they are built into isolated
plugins and bound at runtime according to what the application says
it wants to use.  The event lib plugins can be packaged individually
so that only the needed sets of support are installed (perhaps none
of them if the user code is OK with the default poll() loop).  And
dependent user code can mark the specific event loop plugin package
as required so pieces are added as needed.

The eventlib-foreign example is also refactored to build the selected
lib support isolated.

A readme is added detailing the changes and how to use them.

https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.event-libs.md
2020-08-31 16:51:37 +01:00
Andy Green
e8cbfea22d lws_smd: take care about build with disabled 2020-08-16 05:35:56 +01:00
Andy Green
44608abce6 sspc: fix intree build for sspc examples and increase post example body
Correct a comment about payload layout and add detailed comments about
dsh handling at proxy.

Increase the post size so it shows up fragmentation issues at the proxy.
2020-08-13 16:48:16 +01:00
Andy Green
dd3bae8c71 ss: multipart without processing
Change the default to not process multipart mime at SS layer.

If it's desired, then set "http_multipart_ss_in" true in the policy on the streamtype.

To test, use lws-minimal-secure-streams-avs, which uses SS processing as it is.

To check it without the processing, change #if 1 to #if 0 around the policy for
"http_multipart_ss_in" in both places in avs.c, and also enable the hexdump in ss_avs_metadata_rx()
also in avs.c, and observe the multipart framing is passed through unchanged.
2020-08-11 11:07:13 +01:00
Andy Green
03af613c13 sspc: minimal examples: improve PROXY_API detection to work outside tree 2020-08-10 15:04:10 +01:00
Andy Green
a71cbe785e sspc: http POST: synthesize CONNECTED to provoke client body write 2020-08-10 15:04:10 +01:00
Andy Green
1b4bf38d5e sspc: add request_tx length variant
Add in the missing request_tx length variant, serialization and proxy
handling for it
2020-08-10 15:04:10 +01:00
Andy Green
5be8ff27d5 ss-server-raw
Add an example and some small changes for secure streams
serving raw data over a listening tcp socket
2020-07-28 09:21:45 +01:00
Andy Green
7eb36102a9 ss: server: h1, h2, ws basic support
Add initial support for defining servers using Secure Streams
policy and api semantics.

Serving h1, h2 and ws should be functional, the new minimal
example shows a combined http + SS server with an incrementing
ws message shown in the browser over tls, in around 200 lines
of user code.

NOP out anything to do with plugins, they're not currently used.

Update the docs correspondingly.
2020-07-27 12:05:24 +01:00
Andy Green
625bade63e ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.

However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.

This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.

If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.

Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection.  The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time.  It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.

NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-21 12:43:32 +01:00
Andy Green
f902873634 ss: add timeout 2020-07-07 11:28:28 +01:00
Andy Green
8eca7e17f2 lws_smd: system message distribution
- Add low level system message distibution framework
 - Add support for local Secure Streams to participate using _lws_smd streamtype
 - Add apit test and minimal example
 - Add SS proxy support for _lws_smd

See minimal-secure-streams-smd README.md
2020-06-27 07:57:22 +01:00
Andy Green
30f3606b0e context: option to disable system state management 2020-06-27 07:57:22 +01:00
Andy Green
34de22b648 cmake: cleanups 2020-06-18 08:53:09 +01:00
Andy Green
b324f0e43b cmake: provide LIBWEBSOCKETS_DEP_LIBS in CONFIG 2020-06-16 19:45:35 +01:00
Andy Green
698eda63d7 ss: formalize user cb retcodes
It's not safe to destroy objects inside a callback from a parent that
still has references to the object.

Formalize what the user code can indicate by its return code from the
callback functions and provide the implementations at the parents.

 - LWSSSSRET_OK:            no action, OK
 - LWSSSSRET_DISCONNECT_ME: disconnect the underlying connection
 - LWSSSSRET_DESTROY_ME:    destroy the ss object
 - LWSSSSRET_TX_DONT_SEND:  for tx, give up the tx opportunity since nothing to send
2020-06-02 08:37:10 +01:00
Andy Green
286cf4357a sul: multiple timer domains
Adapt the pt sul owner list to be an array, and define two different lists,
one that acts like before and is the default for existing users, and another
that has the ability to cooperate with systemwide suspend to restrict the
interval spent suspended so that it will wake in time for the earliest
thing on this wake-suspend sul list.

Clean the api a bit and add lws_sul_cancel() that only needs the sul as the
argument.

Add a flag for client creation info to indicate that this client connection
is important enough that, eg, validity checking it to detect silently dead
connections should go on the wake-suspend sul list.  That flag is exposed in
secure streams policy so it can be added to a streamtype with
"swake_validity": true

Deprecate out the old vhost timer stuff that predates sul.  Add a flag
LWS_WITH_DEPRECATED_THINGS in cmake so users can get it back temporarily
before it will be removed in a v4.2.

Adapt all remaining in-tree users of it to use explicit suls.
2020-06-02 08:37:10 +01:00
Andy Green
b3131fdfdd cmakelist: Augean Stables refactor
Establish a new distributed CMake architecture with CMake code related to
a source directory moving to be in the subdir in its own CMakeLists.txt.
In particular, there's now one in ./lib which calls through to ones
further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc.

This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction,
and it's much easier to maintain sub-CMakeLists.txt that are in the same
directory as the sources they manage, and conceal all the details that that
level.

Child CMakelists.txt become responsible for:

 - include_directories() definition (this is not supported by CMake
   directly, it passes it back up via PARENT_SCOPE vars in helper
   macros)

 - Addition child CMakeLists.txt inclusion, for example toplevel ->
   role -> role subdir

 - Source file addition to the build

 - Dependent library path resolution... this is now a private thing
   in the child CMakeLists.txt, it just passes back any adaptations
   to include_directories() and the LIB_LIST without filling the
   parent namespace with the details
2020-05-27 08:40:12 +01:00
Andy Green
63c8a23776 lws_spawn: windows
Move the unix spawn.c from lib/misc through to lib/plat/unix, and
add an implementation for windows in lib/plat/windows
2020-04-13 19:29:09 +01:00
Andy Green
954fcf2bc3 windows: clean LWS_WITH_MINIMAL_EXAMPLES warnings
Fix pthreads detection in the minimal examples and add it where needed.
Fix unistd.h include to be conditional on not WIN32

With this, -DLWS_WITH_MINIMAL_EXAMPLES=1 is happy and warning-free
on windows.
2020-04-07 10:09:51 +01:00
Andy Green
66d1f34846 ss: avs test: disable rate limiting
Rate limiting does not work correctly with AVS server, the last
block of rx data is not coming.  Disable it for now so the
returned data comes as rapidly as the server can send and the
client receive.
2020-04-06 14:21:52 +01:00
Andy Green
4cc7f4ed02 ss: add static policy as a build option
In some cases devices may be too constrained to handle JSON policies but still
want to use SS apis and methodology.

This introduces an off-by-default cmake option LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY,
if enabled the JSON parsing part is excluded and it's assumed the user code
provides its policy as hardcoded policy structs.
2020-03-26 06:48:34 +00:00
Andy Green
2cd8f599eb ss: allow url style endpoint addresses
The endpoint field in streamtype policy may continue to just be the
hostname, like "warmcat.com".

But it's also possible now to be a url-formatted string, like, eg,
"https://warmcat.com:444/mailman/listinfo"

If so (ie, if it contains a : ) then the decoded elements may override
if tls is enabled, the endpoint address, the port, and the url path.

No ABI change.
2020-03-15 06:19:38 +00:00
Andy Green
65a3d40d74 ss: support metadata string expansion in endpoint string
This lets you set metadata symbols exposed by the streamtype policy
into the endpoint address.

No ABI change
2020-03-14 17:04:43 +00:00
Andy Green
704eaa5e63 ss: allow streamtype policy overlays
Make the policy load apis public with an extra argument that says if you want the
JSON to overlay on an existing policy rather than replace it.

Teach the stream type parser stuff to realize it already has an entry for the
stream type and to modify that rather than create a second one, allowing overlays
to modify stream types.

Add --force-portal and --force-no-internet flags to minimal-secure-streams and
use the new policy overlay stuff to force the policy for captive portal detection
to feel that there is one or that there's no internet.
2020-03-14 17:04:43 +00:00
Andy Green
a60cb84c9e captive portal
Implement Captive Portal detection support in lws, with the actual
detection happening in platform code hooked up by lws_system_ops_t.

Add an implementation using Secure Streams as well, if the policy
defines captive_portal_detect streamtype, a SS using that streamtype
is used to probe if it's behind a captive portal.
2020-03-11 12:44:01 +00:00
Andy Green
5b9fe01863 build: release mode compile fixes 2020-03-10 06:45:24 +00:00
Andy Green
28ce32af64 client: secure streams
Secure Streams is an optional layer on top of lws that separates policy
like endpoint selection and tls cert validation into a device JSON
policy document.

Code that wants to open a client connection just specifies a streamtype name,
and no longer deals with details like the endpoint, the protocol (!) or anything
else other than payloads and optionally generic metadata; the JSON policy
contains all the details for each streamtype.  h1, h2, ws and mqtt client
connections are supported.

Logical secure streams outlive any particular connection and supports "nailed-up"
connectivity regardless of underlying connection stability.
2020-03-04 12:17:49 +00:00